Bump to 1.1.pre3

Points MongoMapper dependency to use a fork on MongoMapper that supports Rails3.

.gitignore

@@ -5,3 +5,4 @@ coverage/*
 *.sqlite3
 rdoc/*
 pkg
+log

CHANGELOG.rdoc

@@ -1,32 +1,19 @@
-== 1.0.7
+== 1.1.pre
 
-* bug fix
-  * Ensure password confirmation is always required
+* enhancements
+  * Rails 3 compatibility.
+  * All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions".
+  * You can specify the controller in routes and have specific controllers for each role.
+  * Devise.orm is deprecated. This reduces the required API to hook your ORM with devise.
+  * Use metal for failure app.
+  * HTML e-mails now have proper formatting.
+  * Do not remove options from Datamapper and MongoMapper in find
 
 * deprecations
-  * authenticatable was deprecated and renamed to database_authenticatable
-  * confirmable is not included by default on generation
-
-== 1.0.6
-
-* bug fix
-  * Do not allow unlockable strategies based on time to access a controller.
-  * Do not send unlockable email several times.
-  * Allow controller to upstram custom! failures to Warden.
-
-== 1.0.5
-
-* bug fix
-  * Use prepend_before_filter in require_no_authentication.
-  * require_no_authentication on unlockable.
-  * Fix a bug when giving an association proxy to devise.
-  * Do not use lock! on lockable since it's part of ActiveRecord API.
-
-== 1.0.4
-
-* bug fix
-  * Fixed a bug when deleting an account with rememberable
-  * Fixed a bug with custom controllers
+  * Rails 3 compatible only.
+  * Scoped views are no longer "sessions/users/new". Now use "users/sessions/new".
+  * Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead.
+  * Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options.
 
 == 1.0.3
 
@@ -61,7 +48,6 @@
   * Added Http Basic Authentication support
   * Allow scoped_views to be customized per controller/mailer class
   * [#99] Allow authenticatable to used in change_table statements
-  * Add mailer_content_type configuration parameter (by github.com/glennr)
 
 == 0.9.2
 

Gemfile

@@ -0,0 +1,18 @@
+source "http://gemcutter.org"
+
+gem "rails", "3.0.0.beta"
+gem "warden", "0.9.4"
+gem "sqlite3-ruby", :require => "sqlite3"
+gem "webrat", "0.7"
+gem "mocha", :require => false
+gem "bcrypt-ruby", :require => "bcrypt"
+
+if RUBY_VERSION < '1.9'
+  gem "ruby-debug", ">= 0.10.3"
+end
+
+group :mongo_mapper do
+  gem "mongo",        "0.18.3"
+  gem "mongo_ext",    "0.18.3", :require => false
+  gem "mongo_mapper", :git => "git://github.com/merbjedi/mongomapper.git", :branch => "rails3"
+end

README.rdoc

@@ -9,7 +9,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 
 Right now it's composed of 12 modules:
 
-* Database Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
+* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
 * Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
 * HttpAuthenticatable: sign in users using basic HTTP authentication.
 * Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
@@ -30,30 +30,32 @@ Devise is based on Warden (http://github.com/hassox/warden), a Rack Authenticati
 
 == Installation
 
-Install warden gem if you don't have it installed:
+Devise master branch now supports Rails 3 and is NOT backward compatible. You can install it as:
 
-  sudo gem install warden
+  sudo gem install devise --version=1.1.pre
 
-Install devise gem:
+After installing them, you need configure warden and devise gems inside your gemfile:
 
-  sudo gem install devise --version=1.0.6
+  gem 'warden'
+  gem 'devise'
 
-Configure warden and devise gems inside your app:
+And run the generator:
 
-  config.gem 'warden'
-  config.gem 'devise'
+	rails generate devise_install
 
-Run the generator:
-
-	ruby script/generate devise_install
-
-And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and the documentation as well:
+And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and at the documentation as well:
 
   http://rdoc.info/projects/plataformatec/devise
 
-If you want to use Devise with bundler on Rails 2.3, you need to follow the instructions here:
+== Rails 2.3
 
-  http://github.com/carlhuda/bundler/issues/issue/83
+If you want to use the Rails 2.3.x version, you should do:
+
+  sudo gem install devise --version=1.0.1
+
+Or checkout from the v1.0 branch:
+
+  http://github.com/plataformatec/devise/tree/v1.0
 
 == Basic Usage
 
@@ -64,13 +66,13 @@ Devise must be set up within the model (or models) you want to use, and devise r
 We're assuming here you want a User model with some modules, as outlined below:
 
   class User < ActiveRecord::Base
-    devise :database_authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
+    devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
   end
 
 After you choose which modules to use, you need to setup your migrations. Luckily, devise has some helpers to save you from this boring work:
 
   create_table :users do |t|
-    t.database_authenticatable
+    t.authenticatable
     t.confirmable
     t.recoverable
     t.rememberable
@@ -82,13 +84,13 @@ Remember that Devise don't rely on _attr_accessible_ or _attr_protected_ inside
 
 The next setup after setting up your model is to configure your routes. You do this by opening up your config/routes.rb and adding:
 
-  map.devise_for :users
+  devise_for :users
 
 This is going to look inside you User model and create a set of needed routes (you can see them by running `rake routes`).
 
 There are also some options available for configuring your routes, as :class_name (to set the class for that route), :path_prefix, :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
 
-  map.devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
+  devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
 
 Be sure to check devise_for documentation for detailed description.
 
@@ -114,7 +116,7 @@ You have also access to the session for this scope:
 
 After signing in a user, confirming it's account or updating it's password, devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. This means that you need to set the root inside your routes:
 
-  map.root :controller => 'home'
+  root :to => "home"
 
 You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize better your redirect hooks.
 
@@ -128,16 +130,16 @@ Devise let's you setup as many roles as you want, so let's say you already have
 
   # Create a migration with the required fields
   create_table :admins do |t|
-    t.database_authenticatable
+    t.authenticatable
     t.lockable
     t.trackable
   end
 
   # Inside your Admin model
-  devise :database_authenticatable, :trackable, :timeoutable, :lockable
+  devise :authenticatable, :trackable, :timeoutable, :lockable
 
   # Inside your routes
-  map.devise_for :admin
+  devise_for :admin
 
   # Inside your protected controller
   before_filter :authenticate_admin!
@@ -151,33 +153,48 @@ Devise let's you setup as many roles as you want, so let's say you already have
 
 Devise comes with some generators to help you start:
 
-  ruby script/generate devise_install
+  rails generate devise_install
 
 This will generate an initializer, with a description of all configuration values. You can also generate models through:
 
-  ruby script/generate devise Model
+  rails generate devise Model
 
 A model configured with all devise modules and attr_accessible for default fields will be created. The generator will also create the migration and configure your routes for devise.
 
 == Model configuration
 
-The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in database_authenticatable:
+The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in authenticatable simply doing:
 
-  devise :database_authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
+  devise :authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
 
-Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are describer in the initializer created when you invoke the devise_install generator describer above.
+Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are described in the initializer created when you invoke the devise_install generator describer above.
 
-== Views
+== Configuring controllers and views
 
-Since devise is an engine, it has all default views inside the gem. They are good to get you started, but you will want to customize them at some point. And Devise has a generator to make copy them all to your application:
+One of Devise goals is to help you bootstrap your application with authentication really fast. Another goal is to not be in your way when you need to customize it.
 
-  ruby script/generate devise_views
+Since devise is an engine, it has all default views inside the gem. They are good to get you started, but you will want to customize them at some point. And Devise has a generator to copy them all to your application:
 
-By default Devise will use the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb".
+  rails generate devise_views
 
-After doing so you will be able to have views based on the scope like 'sessions/users/new' and 'sessions/admin/new'. If no view is found within the scope, Devise will fallback to the default view.
+If you have more than one role in your application, you will notice that Devise uses the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb".
 
-Devise uses flash messages to let users know if their login is successful or not. Devise expects your application to call 'flash[:notice]' and 'flash[:alert]' as appropriate.
+After doing so you will be able to have views based on the scope like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will fallback to the default view at "devise/sessions/new".
+
+Finally, if the customization at the views level is not enough, you can customize each controller by following these steps:
+
+  1) Create your custom controller, for example a Admins::SessionsController:
+
+    class Admins::SessionsController < Devise::SessionsController
+    end
+
+  2) Tell the router to use this controller:
+
+    devise_for :admins, :controllers => { :sessions = "admin/sessions" }
+
+  3) And finally, since we changed the controller, it won't use "devise/sessions" as views anymore, so remember to make a copy of "devise/sessions" to "admin/sessions".
+
+Remember that Devise uses flash messages to let users know if sign in wass successful or not. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate.
 
 == I18n
 
@@ -254,7 +271,8 @@ We have a long running list of contributors. Check them in the CHANGELOG or do `
 If you discover any bugs or want to drop a line, feel free to create an issue on
 GitHub or send an e-mail to the mailing list.
 
-http://github.com/plataformatec/devise/issues
-http://groups.google.com/group/plataformatec-devise
+http://github.com/plataformatec/devise/issues | 
+http://groups.google.com/group/plataformatec-devise | 
+http://wiki.github.com/plataformatec/devise/
 
 MIT License. Copyright 2009 Plataforma Tecnologia. http://blog.plataformatec.com.br

Rakefile

@@ -43,11 +43,12 @@ begin
     s.homepage = "http://github.com/plataformatec/devise"
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
-    s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "rails/init.rb"]
-    s.add_dependency("warden", "~> 0.10.3")
+    s.files =  FileList["[A-Z]*", "{app,config,lib}/**/*"]
+    s.extra_rdoc_files = FileList["[A-Z]*"] - %w(Gemfile Rakefile)
+    s.add_dependency("warden", "~> 0.9.4")
   end
 
   Jeweler::GemcutterTasks.new
 rescue LoadError
-  puts "Jeweler, or one of its dependencies, is not available. Install it with: gem install jeweler"
+  puts "Jeweler, or one of its dependencies, is not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
 end

app/controllers/devise/confirmations_controller.rb

@@ -1,4 +1,4 @@
-class ConfirmationsController < ApplicationController
+class Devise::ConfirmationsController < ApplicationController
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/confirmation/new
@@ -21,7 +21,7 @@ class ConfirmationsController < ApplicationController
 
   # GET /resource/confirmation?confirmation_token=abcdef
   def show
-    self.resource = resource_class.confirm_by_token(params[:confirmation_token])
+    self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
 
     if resource.errors.empty?
       set_flash_message :notice, :confirmed

app/controllers/devise/passwords_controller.rb

@@ -1,7 +1,8 @@
-class PasswordsController < ApplicationController
-  prepend_before_filter :require_no_authentication
+class Devise::PasswordsController < ApplicationController
   include Devise::Controllers::InternalHelpers
 
+  before_filter :require_no_authentication
+
   # GET /resource/password/new
   def new
     build_resource
@@ -29,7 +30,7 @@ class PasswordsController < ApplicationController
 
   # PUT /resource/password
   def update
-    self.resource = resource_class.reset_password_by_token(params[resource_name])
+    self.resource = resource_class.reset_password!(params[resource_name])
 
     if resource.errors.empty?
       set_flash_message :notice, :updated

app/controllers/devise/registrations_controller.rb

@@ -1,9 +1,10 @@
-class RegistrationsController < ApplicationController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
-  prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
+class Devise::RegistrationsController < ApplicationController
   include Devise::Controllers::InternalHelpers
 
-  # GET /resource/sign_in
+  before_filter :require_no_authentication, :only => [ :new, :create ]
+  before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
+
+  # GET /resource/sign_up
   def new
     build_resource
     render_with_scope :new
@@ -14,6 +15,7 @@ class RegistrationsController < ApplicationController
     build_resource
 
     if resource.save
+      flash[:"#{resource_name}_signed_up"] = true
       set_flash_message :notice, :signed_up
       sign_in_and_redirect(resource_name, resource)
     else
@@ -32,6 +34,8 @@ class RegistrationsController < ApplicationController
       set_flash_message :notice, :updated
       redirect_to after_sign_in_path_for(self.resource)
     else
+      build_resource
+      send(:"current_#{resource_name}").reload
       render_with_scope :edit
     end
   end
@@ -48,6 +52,6 @@ class RegistrationsController < ApplicationController
     # Authenticates the current scope and dup the resource
     def authenticate_scope!
       send(:"authenticate_#{resource_name}!")
-      self.resource = send(:"current_#{resource_name}").dup
+      self.resource = send(:"current_#{resource_name}")
     end
-end
+end

app/controllers/devise/sessions_controller.rb

@@ -1,10 +1,11 @@
-class SessionsController < ApplicationController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+class Devise::SessionsController < ApplicationController
   include Devise::Controllers::InternalHelpers
 
+  before_filter :require_no_authentication, :only => [ :new, :create ]
+
   # GET /resource/sign_in
   def new
-    unless flash[:notice].present?
+    unless resource_just_signed_up?
       Devise::FLASH_MESSAGES.each do |message|
         set_now_flash_message :alert, message if params.try(:[], message) == "true"
       end
@@ -19,8 +20,6 @@ class SessionsController < ApplicationController
     if resource = authenticate(resource_name)
       set_flash_message :notice, :signed_in
       sign_in_and_redirect(resource_name, resource, true)
-    elsif [:custom, :redirect].include?(warden.result)
-      throw :warden, :scope => resource_name
     else
       set_now_flash_message :alert, (warden.message || :invalid)
       clean_up_passwords(build_resource)
@@ -36,7 +35,11 @@ class SessionsController < ApplicationController
 
   protected
 
-    def clean_up_passwords(object)
-      object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
-    end
+  def resource_just_signed_up?
+    flash[:"#{resource_name}_signed_up"]
+  end
+
+  def clean_up_passwords(object)
+    object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
+  end
 end

app/controllers/devise/unlocks_controller.rb

@@ -1,6 +1,4 @@
-class UnlocksController < ApplicationController
-  prepend_before_filter :ensure_email_as_unlock_strategy
-  prepend_before_filter :require_no_authentication
+class Devise::UnlocksController < ApplicationController
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/unlock/new
@@ -23,7 +21,7 @@ class UnlocksController < ApplicationController
 
   # GET /resource/unlock?unlock_token=abcdef
   def show
-    self.resource = resource_class.unlock_access_by_token(params[:unlock_token])
+    self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
 
     if resource.errors.empty?
       set_flash_message :notice, :unlocked
@@ -32,10 +30,4 @@ class UnlocksController < ApplicationController
       render_with_scope :new
     end
   end
-
-  protected
-
-  def ensure_email_as_unlock_strategy
-    raise ActionController::UnknownAction unless resource_class.unlock_strategy_enabled?(:email)
-  end
 end

app/models/devise/mailer.rb

@@ -0,0 +1,55 @@
+class Devise::Mailer < ::ActionMailer::Base
+  include Devise::Controllers::ScopedViews
+
+  attr_reader :devise_mapping, :resource
+
+  def confirmation_instructions(record)
+    setup_mail(record, :confirmation_instructions)
+  end
+
+  def reset_password_instructions(record)
+    setup_mail(record, :reset_password_instructions)
+  end
+
+  def unlock_instructions(record)
+    setup_mail(record, :unlock_instructions)
+  end
+
+  private
+
+    # Configure default email options
+    def setup_mail(record, action)
+      @devise_mapping = Devise::Mapping.find_by_class(record.class)
+
+      raise "Invalid devise resource #{record}" unless @devise_mapping
+      @resource = instance_variable_set("@#{@devise_mapping.name}", record)
+
+      mail(:subject => translate(@devise_mapping, action),
+           :from => mailer_sender(@devise_mapping), :to => record.email) do |format|
+        format.html { render_with_scope(action, :controller => "mailer") }
+      end
+    end
+
+    def mailer_sender(mapping)
+      if Devise.mailer_sender.is_a?(Proc)
+        block_args = mapping.name if Devise.mailer_sender.arity > 0
+        Devise.mailer_sender.call(block_args)
+      else
+        Devise.mailer_sender
+      end
+    end
+
+    # Setup subject namespaced by model. It means you're able to setup your
+    # messages using specific resource scope, or provide a default one.
+    # Example (i18n locale file):
+    #
+    #   en:
+    #     devise:
+    #       mailer:
+    #         confirmation_instructions: '...'
+    #         user:
+    #           confirmation_instructions: '...'
+    def translate(mapping, key)
+      I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
+    end
+end

app/models/devise_mailer.rb

@@ -1,68 +0,0 @@
-class DeviseMailer < ::ActionMailer::Base
-  extend Devise::Controllers::InternalHelpers::ScopedViews
-
-  # Deliver confirmation instructions when the user is created or its email is
-  # updated, and also when confirmation is manually requested
-  def confirmation_instructions(record)
-    setup_mail(record, :confirmation_instructions)
-  end
-
-  # Deliver reset password instructions when manually requested
-  def reset_password_instructions(record)
-    setup_mail(record, :reset_password_instructions)
-  end
-
-  def unlock_instructions(record)
-    setup_mail(record, :unlock_instructions)
-  end
-
-  private
-
-    # Configure default email options
-    def setup_mail(record, key)
-      scope_name = Devise::Mapping.find_scope!(record)
-      mapping    = Devise.mappings[scope_name]
-
-      subject      translate(mapping, key)
-      from         mailer_sender(mapping)
-      recipients   record.email
-      sent_on      Time.now
-      content_type Devise.mailer_content_type
-      body         render_with_scope(key, mapping, mapping.name => record, :resource => record)
-    end
-
-    def render_with_scope(key, mapping, assigns)
-      if self.class.scoped_views
-        begin
-          render :file => "devise_mailer/#{mapping.as}/#{key}", :body => assigns
-        rescue ActionView::MissingTemplate
-          render :file => "devise_mailer/#{key}", :body => assigns
-        end
-      else
-        render :file => "devise_mailer/#{key}", :body => assigns
-      end
-    end
-
-    def mailer_sender(mapping)
-      if Devise.mailer_sender.is_a?(Proc)
-        block_args = mapping.name if Devise.mailer_sender.arity > 0
-        Devise.mailer_sender.call(block_args)
-      else
-        Devise.mailer_sender
-      end
-    end
-
-    # Setup subject namespaced by model. It means you're able to setup your
-    # messages using specific resource scope, or provide a default one.
-    # Example (i18n locale file):
-    #
-    #   en:
-    #     devise:
-    #       mailer:
-    #         confirmation_instructions: '...'
-    #         user:
-    #           confirmation_instructions: '...'
-    def translate(mapping, key)
-      I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
-    end
-end

app/views/devise/confirmations/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Resend confirmation instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise/passwords/edit.html.erb

@@ -13,4 +13,4 @@
   <p><%= f.submit "Change my password" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise/passwords/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Send me reset password instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise/registrations/edit.html.erb

@@ -22,4 +22,4 @@
 
 <p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
 
-<%= render :partial => "shared/devise_links" %>
+<%= link_to "Back", :back %>

app/views/devise/registrations/new.html.erb

@@ -14,4 +14,4 @@
   <p><%= f.submit "Sign up" %></p>
 <% end -%>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise/sessions/new.html.erb

@@ -14,4 +14,4 @@
   <p><%= f.submit "Sign in" %></p>
 <% end -%>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

app/views/devise/unlocks/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Resend unlock instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

config/locales/en.yml

@@ -1,4 +1,10 @@
 en:
+  errors:
+    messages:
+      not_found: "not found"
+      already_confirmed: "was already confirmed"
+      not_locked: "was not locked"
+
   devise:
     sessions:
       link: 'Sign in'
@@ -21,7 +27,7 @@ en:
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
       link: 'Sign up'
-      signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
+      signed_up: 'You have signed up successfully.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:

devise.gemspec

@@ -5,54 +5,48 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise}
-  s.version = "1.0.7"
+  s.version = "1.1.pre3"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
-  s.date = %q{2010-05-03}
+  s.date = %q{2010-02-24}
   s.description = %q{Flexible authentication solution for Rails with Warden}
   s.email = %q{contact@plataformatec.com.br}
   s.extra_rdoc_files = [
-    "README.rdoc",
+    "CHANGELOG.rdoc",
+     "MIT-LICENSE",
+     "README.rdoc",
      "TODO"
   ]
   s.files = [
     "CHANGELOG.rdoc",
+     "Gemfile",
      "MIT-LICENSE",
      "README.rdoc",
      "Rakefile",
      "TODO",
-     "app/controllers/confirmations_controller.rb",
-     "app/controllers/passwords_controller.rb",
-     "app/controllers/registrations_controller.rb",
-     "app/controllers/sessions_controller.rb",
-     "app/controllers/unlocks_controller.rb",
-     "app/models/devise_mailer.rb",
-     "app/views/confirmations/new.html.erb",
-     "app/views/devise_mailer/confirmation_instructions.html.erb",
-     "app/views/devise_mailer/reset_password_instructions.html.erb",
-     "app/views/devise_mailer/unlock_instructions.html.erb",
-     "app/views/passwords/edit.html.erb",
-     "app/views/passwords/new.html.erb",
-     "app/views/registrations/edit.html.erb",
-     "app/views/registrations/new.html.erb",
-     "app/views/sessions/new.html.erb",
-     "app/views/shared/_devise_links.erb",
-     "app/views/unlocks/new.html.erb",
-     "generators/devise/USAGE",
-     "generators/devise/devise_generator.rb",
-     "generators/devise/lib/route_devise.rb",
-     "generators/devise/templates/migration.rb",
-     "generators/devise/templates/model.rb",
-     "generators/devise_install/USAGE",
-     "generators/devise_install/devise_install_generator.rb",
-     "generators/devise_install/templates/README",
-     "generators/devise_install/templates/devise.rb",
-     "generators/devise_views/USAGE",
-     "generators/devise_views/devise_views_generator.rb",
+     "app/controllers/devise/confirmations_controller.rb",
+     "app/controllers/devise/passwords_controller.rb",
+     "app/controllers/devise/registrations_controller.rb",
+     "app/controllers/devise/sessions_controller.rb",
+     "app/controllers/devise/unlocks_controller.rb",
+     "app/models/devise/mailer.rb",
+     "app/views/devise/confirmations/new.html.erb",
+     "app/views/devise/mailer/confirmation_instructions.html.erb",
+     "app/views/devise/mailer/reset_password_instructions.html.erb",
+     "app/views/devise/mailer/unlock_instructions.html.erb",
+     "app/views/devise/passwords/edit.html.erb",
+     "app/views/devise/passwords/new.html.erb",
+     "app/views/devise/registrations/edit.html.erb",
+     "app/views/devise/registrations/new.html.erb",
+     "app/views/devise/sessions/new.html.erb",
+     "app/views/devise/shared/_links.erb",
+     "app/views/devise/unlocks/new.html.erb",
+     "config/locales/en.yml",
      "lib/devise.rb",
      "lib/devise/controllers/helpers.rb",
      "lib/devise/controllers/internal_helpers.rb",
+     "lib/devise/controllers/scoped_views.rb",
      "lib/devise/controllers/url_helpers.rb",
      "lib/devise/encryptors/authlogic_sha512.rb",
      "lib/devise/encryptors/base.rb",
@@ -66,12 +60,11 @@ Gem::Specification.new do |s|
      "lib/devise/hooks/rememberable.rb",
      "lib/devise/hooks/timeoutable.rb",
      "lib/devise/hooks/trackable.rb",
-     "lib/devise/locales/en.yml",
      "lib/devise/mapping.rb",
      "lib/devise/models.rb",
      "lib/devise/models/activatable.rb",
+     "lib/devise/models/authenticatable.rb",
      "lib/devise/models/confirmable.rb",
-     "lib/devise/models/database_authenticatable.rb",
      "lib/devise/models/http_authenticatable.rb",
      "lib/devise/models/lockable.rb",
      "lib/devise/models/recoverable.rb",
@@ -88,19 +81,24 @@ Gem::Specification.new do |s|
      "lib/devise/rails/routes.rb",
      "lib/devise/rails/warden_compat.rb",
      "lib/devise/schema.rb",
+     "lib/devise/strategies/authenticatable.rb",
      "lib/devise/strategies/base.rb",
-     "lib/devise/strategies/database_authenticatable.rb",
      "lib/devise/strategies/http_authenticatable.rb",
      "lib/devise/strategies/rememberable.rb",
      "lib/devise/strategies/token_authenticatable.rb",
      "lib/devise/test_helpers.rb",
      "lib/devise/version.rb",
-     "rails/init.rb"
+     "lib/generators/devise/devise_generator.rb",
+     "lib/generators/devise/templates/migration.rb",
+     "lib/generators/devise_install/devise_install_generator.rb",
+     "lib/generators/devise_install/templates/README",
+     "lib/generators/devise_install/templates/devise.rb",
+     "lib/generators/devise_views/devise_views_generator.rb"
   ]
   s.homepage = %q{http://github.com/plataformatec/devise}
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.6}
+  s.rubygems_version = %q{1.3.5}
   s.summary = %q{Flexible authentication solution for Rails with Warden}
   s.test_files = [
     "test/controllers/helpers_test.rb",
@@ -113,7 +111,6 @@ Gem::Specification.new do |s|
      "test/integration/confirmable_test.rb",
      "test/integration/http_authenticatable_test.rb",
      "test/integration/lockable_test.rb",
-     "test/integration/rack_middleware_test.rb",
      "test/integration/recoverable_test.rb",
      "test/integration/registerable_test.rb",
      "test/integration/rememberable_test.rb",
@@ -126,6 +123,7 @@ Gem::Specification.new do |s|
      "test/mapping_test.rb",
      "test/models/authenticatable_test.rb",
      "test/models/confirmable_test.rb",
+     "test/models/http_authenticatable_test.rb",
      "test/models/lockable_test.rb",
      "test/models/recoverable_test.rb",
      "test/models/rememberable_test.rb",
@@ -141,25 +139,29 @@ Gem::Specification.new do |s|
      "test/rails_app/app/controllers/admins_controller.rb",
      "test/rails_app/app/controllers/application_controller.rb",
      "test/rails_app/app/controllers/home_controller.rb",
+     "test/rails_app/app/controllers/sessions_controller.rb",
      "test/rails_app/app/controllers/users_controller.rb",
      "test/rails_app/app/helpers/application_helper.rb",
      "test/rails_app/app/mongo_mapper/admin.rb",
      "test/rails_app/app/mongo_mapper/user.rb",
+     "test/rails_app/config/application.rb",
      "test/rails_app/config/boot.rb",
      "test/rails_app/config/environment.rb",
      "test/rails_app/config/environments/development.rb",
      "test/rails_app/config/environments/production.rb",
      "test/rails_app/config/environments/test.rb",
+     "test/rails_app/config/initializers/backtrace_silencers.rb",
+     "test/rails_app/config/initializers/cookie_verification_secret.rb",
      "test/rails_app/config/initializers/devise.rb",
      "test/rails_app/config/initializers/inflections.rb",
-     "test/rails_app/config/initializers/new_rails_defaults.rb",
      "test/rails_app/config/initializers/session_store.rb",
      "test/rails_app/config/routes.rb",
      "test/routes_test.rb",
-     "test/support/assertions_helper.rb",
-     "test/support/integration_tests_helper.rb",
+     "test/support/assertions.rb",
+     "test/support/helpers.rb",
+     "test/support/integration.rb",
      "test/support/test_silencer.rb",
-     "test/support/tests_helper.rb",
+     "test/support/webrat/integrations/rails.rb",
      "test/test_helper.rb",
      "test/test_helpers_test.rb"
   ]
@@ -169,12 +171,12 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<warden>, ["~> 0.10.3"])
+      s.add_runtime_dependency(%q<warden>, ["~> 0.9.4"])
     else
-      s.add_dependency(%q<warden>, ["~> 0.10.3"])
+      s.add_dependency(%q<warden>, ["~> 0.9.4"])
     end
   else
-    s.add_dependency(%q<warden>, ["~> 0.10.3"])
+    s.add_dependency(%q<warden>, ["~> 0.9.4"])
   end
 end
 

generators/devise/USAGE

@@ -1,5 +0,0 @@
-To create a devise resource user:
-
-    script/generate devise User
-
-This will generate a model named User, a route map for devise called :users, and a migration file for table :users with all devise modules.

generators/devise/devise_generator.rb

@@ -1,15 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + "/lib/route_devise.rb")
-
-class DeviseGenerator < Rails::Generator::NamedBase
-
-  def manifest
-    record do |m|
-      m.directory(File.join('app', 'models', class_path))
-      m.template 'model.rb', File.join('app', 'models', "#{file_path}.rb")
-
-      m.migration_template 'migration.rb', 'db/migrate', :migration_file_name => "devise_create_#{table_name}"
-      m.route_devise table_name
-    end
-  end
-
-end

generators/devise/lib/route_devise.rb

@@ -1,32 +0,0 @@
-module Rails
-  module Generator
-    module Commands
-      class Create < Base
-
-        # Create devise route. Based on route_resources
-        def route_devise(*resources)
-          resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
-          sentinel = 'ActionController::Routing::Routes.draw do |map|'
-
-          logger.route "map.devise_for #{resource_list}"
-          unless options[:pretend]
-            gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
-              "#{match}\n  map.devise_for #{resource_list}\n"
-            end
-          end
-        end
-      end
-
-      class Destroy < RewindBase
-
-        # Destroy devise route. Based on route_resources
-        def route_devise(*resources)
-          resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
-          look_for = "\n  map.devise_for #{resource_list}\n"
-          logger.route "map.devise_for #{resource_list}"
-          gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
-        end
-      end
-    end
-  end
-end

generators/devise/templates/model.rb

@@ -1,9 +0,0 @@
-class <%= class_name %> < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :http_authenticatable, :token_authenticatable, :confirmable, :lockable, :timeoutable and :activatable
-  devise :registerable, :authenticatable, :recoverable,
-         :rememberable, :trackable, :validatable
-
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation
-end

generators/devise_install/USAGE

@@ -1,3 +0,0 @@
-To copy a Devise initializer to your Rails App, with some configuration values, just do:
-
-    script/generate devise_install

generators/devise_install/devise_install_generator.rb

@@ -1,15 +0,0 @@
-class DeviseInstallGenerator < Rails::Generator::Base
-
-  def manifest
-    record do |m|
-      m.directory "config/initializers"
-      m.template  "devise.rb", "config/initializers/devise.rb"
-
-      m.directory "config/locales"
-      m.file      "../../../lib/devise/locales/en.yml", "config/locales/devise.en.yml"
-
-      m.readme "README"
-    end
-  end
-
-end

generators/devise_views/USAGE

@@ -1,3 +0,0 @@
-To copy all session, password, confirmation and mailer views from devise to your app just run the following command:
-
-    script/generate devise_views

generators/devise_views/devise_views_generator.rb

@@ -1,21 +0,0 @@
-class DeviseViewsGenerator < Rails::Generator::Base
-
-  def initialize(*args)
-    super
-    @source_root = options[:source] || File.join(spec.path, '..', '..')
-  end
-
-  def manifest
-    record do |m|
-      m.directory "app/views"
-
-      Dir[File.join(@source_root, "app", "views", "**/*.erb")].each do |file|
-        file = file.gsub(@source_root, "")[1..-1]
-
-        m.directory  File.dirname(file)
-        m.file       file, file
-      end
-    end
-  end
-
-end

lib/devise.rb

@@ -7,6 +7,7 @@ module Devise
   module Controllers
     autoload :Helpers, 'devise/controllers/helpers'
     autoload :InternalHelpers, 'devise/controllers/internal_helpers'
+    autoload :ScopedViews, 'devise/controllers/scoped_views'
     autoload :UrlHelpers, 'devise/controllers/url_helpers'
   end
 
@@ -20,16 +21,10 @@ module Devise
     autoload :Sha1, 'devise/encryptors/sha1'
   end
 
-  module Orm
-    autoload :ActiveRecord, 'devise/orm/active_record'
-    autoload :DataMapper, 'devise/orm/data_mapper'
-    autoload :MongoMapper, 'devise/orm/mongo_mapper'
-  end
-
   ALL = []
 
   # Authentication ones first
-  ALL.push :database_authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
+  ALL.push :authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
 
   # Misc after
   ALL.push :recoverable, :registerable, :validatable
@@ -42,7 +37,7 @@ module Devise
 
   # Maps controller names to devise modules.
   CONTROLLERS = {
-    :sessions => [:database_authenticatable, :token_authenticatable],
+    :sessions => [:authenticatable, :token_authenticatable],
     :passwords => [:recoverable],
     :confirmations => [:confirmable],
     :registrations => [:registerable],
@@ -52,7 +47,7 @@ module Devise
   # Routes for generating url helpers.
   ROUTES = [:session, :password, :confirmation, :registration, :unlock]
 
-  STRATEGIES  = [:rememberable, :http_authenticatable, :token_authenticatable, :database_authenticatable]
+  STRATEGIES  = [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable]
 
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 
@@ -104,14 +99,6 @@ module Devise
   mattr_accessor :mappings
   @@mappings = ActiveSupport::OrderedHash.new
 
-  # Stores the chosen ORM.
-  mattr_accessor :orm
-  @@orm = :active_record
-
-  # TODO Remove
-  mattr_accessor :all
-  @@all = []
-
   # Tells if devise should apply the schema in ORMs where devise declaration
   # and schema belongs to the same class (as Datamapper and MongoMapper).
   mattr_accessor :apply_schema
@@ -147,10 +134,6 @@ module Devise
   mattr_accessor :mailer_sender
   @@mailer_sender = nil
 
-  # Content Type of Devise e-mails.
-  mattr_accessor :mailer_content_type
-  @@mailer_content_type = 'text/html'
-
   # Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
   mattr_accessor :token_authentication_key
   @@token_authentication_key = :auth_token
@@ -166,6 +149,18 @@ module Devise
       yield self
     end
 
+    # TODO Remove me on 1.1.0 final
+    def orm=(value)
+      ActiveSupport::Deprecation.warn "Devise.orm= and config.orm= are deprecated. " <<
+        "Just load \"devise/orm/\#{ORM_NAME}\" if Devise supports your ORM"
+    end
+
+    # TODO Remove me on 1.1.0 final
+    def default_url_options
+      ActiveSupport::Deprecation.warn "Devise.default_url_options and config.default_url_options are deprecated. " <<
+        "Just modify ApplicationController.default_url_options and Devise will automatically pick it up"
+    end
+
     # Sets warden configuration using a block that will be invoked on warden
     # initialization.
     #
@@ -181,11 +176,6 @@ module Devise
       @warden_config = block
     end
 
-    # Configure default url options to be used within Devise and ActionController.
-    def default_url_options(&block)
-      Devise::Mapping.metaclass.send :define_method, :default_url_options, &block
-    end
-
     # A method used internally to setup warden manager from the Rails initialize
     # block.
     def configure_warden(config) #:nodoc:
@@ -198,11 +188,6 @@ module Devise
       @warden_config.try :call, config
     end
 
-    # The class of the configured ORM
-    def orm_class
-      Devise::Orm.const_get(@@orm.to_s.camelize.to_sym)
-    end
-
     # Generate a friendly string randomically to be used as token.
     def friendly_token
       ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
@@ -218,9 +203,6 @@ module Devise
     #                   Default is +nil+ (i.e. +false+).
     #   +controller+  - Symbol representing a name of an exisiting or custom *controller* for this module.
     #                   Default is +nil+ (i.e. +false+).
-    #   +route+       - Symbol representing the name of a *route* related to this module which a set of
-    #                   route view helpers should be created for.
-    #                   Default is +nil+ (i.e. +false+).
     #
     # == Examples:
     #
@@ -229,7 +211,7 @@ module Devise
     #   Devise.add_module(:party_module, :model => 'party_module/model')
     #
     def add_module(module_name, options = {})
-      Devise::ALL << module_name        unless Devise::ALL.include?(module_name)
+      Devise::ALL.unshift module_name        unless Devise::ALL.include?(module_name)
       Devise::STRATEGIES.unshift module_name if options[:strategy] && !Devise::STRATEGIES.include?(module_name)
 
       if options[:controller]
@@ -238,10 +220,6 @@ module Devise
         Devise::CONTROLLERS[controller].unshift module_name unless Devise::CONTROLLERS[controller].include?(module_name)
       end
 
-      if options[:route]
-        Devise::ROUTES.unshift options[:route] unless Devise::ROUTES.include?(options[:route])
-      end
-
       if options[:model]
         Devise::Models.module_eval do
           autoload :"#{module_name.to_s.classify}", options[:model]

lib/devise/controllers/helpers.rb

@@ -2,18 +2,11 @@ module Devise
   module Controllers
     # Those helpers are convenience methods added to ApplicationController.
     module Helpers
+      extend ActiveSupport::Concern
 
-      def self.included(base)
-        base.class_eval do
-          helper_method :warden, :signed_in?, :devise_controller?,
-                        *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?", :"#{m}_session"] }.flatten
-
-          # Use devise default_url_options. We have to declare it here to overwrite
-          # default definitions.
-          def default_url_options(options=nil)
-            Devise::Mapping.default_url_options
-          end
-        end
+      included do
+        helper_method :warden, :signed_in?, :devise_controller?,
+                      *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
       end
 
       # The main accessor for the warden proxy instance

lib/devise/controllers/internal_helpers.rb

@@ -4,28 +4,18 @@ module Devise
     # included in ApplicationController since they all depend on the url being
     # accessed.
     module InternalHelpers #:nodoc:
+      extend ActiveSupport::Concern
+      include Devise::Controllers::ScopedViews
 
-      def self.included(base)
-        base.class_eval do
-          extend ScopedViews
-          unloadable
+      included do
+        helpers = [:resource, :scope_name, :resource_name,
+                  :resource_class, :devise_mapping, :devise_controller?]
 
-          helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
-          hide_action   :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
+        hide_action *helpers
+        helper_method *helpers
 
-          skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
-          prepend_before_filter :is_devise_resource?
-        end
-      end
-
-      module ScopedViews
-        def scoped_views
-          defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
-        end
-
-        def scoped_views=(value)
-          @scoped_views = value
-        end
+        before_filter :is_devise_resource?
+        skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
       end
 
       # Gets the actual resource stored in the instance variable
@@ -72,7 +62,7 @@ module Devise
 
       # Build a devise resource.
       def build_resource
-        self.resource ||= resource_class.new(params[resource_name] || {})
+        self.resource = resource_class.new(params[resource_name] || {})
       end
 
       # Helper for use in before_filters where no authentication is required.
@@ -108,22 +98,6 @@ module Devise
         set_flash_message(key, kind, true)
       end
 
-      # Render a view for the specified scope. Turned off by default.
-      # Accepts just :controller as option.
-      def render_with_scope(action, options={})
-        controller_name = options.delete(:controller) || self.controller_name
-
-        if self.class.scoped_views
-          begin
-            render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
-          rescue ActionView::MissingTemplate
-            render action, :controller => controller_name
-          end
-        else
-          render action, :controller => controller_name
-        end
-      end
-
     end
   end
 end

lib/devise/controllers/scoped_views.rb

@@ -0,0 +1,35 @@
+module Devise
+  module Controllers
+    module ScopedViews
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def scoped_views
+          defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
+        end
+
+        def scoped_views=(value)
+          @scoped_views = value
+        end
+      end
+
+    protected
+
+      # Render a view for the specified scope. Turned off by default.
+      # Accepts just :controller as option.
+      def render_with_scope(action, options={})
+        controller_name = options.delete(:controller) || self.controller_name
+
+        if self.class.scoped_views
+          begin
+            render :template => "#{devise_mapping.as}/#{controller_name}/#{action}"
+          rescue ActionView::MissingTemplate
+            render :template => "#{controller_path}/#{action}"
+          end
+        else
+          render :template => "#{controller_path}/#{action}"
+        end
+      end
+    end
+  end
+end

lib/devise/failure_app.rb

@@ -1,57 +1,54 @@
+require "action_controller/metal"
+
 module Devise
   # Failure application that will be called every time :warden is thrown from
   # any strategy or hook. Responsible for redirect the user to the sign in
   # page based on current scope and mapping. If no scope is given, redirect
   # to the default_url.
-  class FailureApp
-    attr_reader :env
-    include Warden::Mixins::Common
+  class FailureApp < ActionController::Metal
+    include ActionController::RackDelegation
+    include ActionController::UrlFor
+    include ActionController::Redirecting
 
-    cattr_accessor :default_url, :default_message, :instance_writer => false
-    @@default_message = :unauthenticated
+    mattr_accessor :default_message
+    self.default_message = :unauthenticated
 
     def self.call(env)
-      new(env).respond!
+      action(:respond).call(env)
     end
 
-    def initialize(env)
-      @env = env
+    def self.default_url_options(*args)
+      ApplicationController.default_url_options(*args)
     end
 
-    def respond!
-      options = @env['warden.options']
-      scope   = options[:scope]
-
-      redirect_path = if mapping = Devise.mappings[scope]
-        "#{mapping.parsed_path}/#{mapping.path_names[:sign_in]}"
-      else
-        "/#{default_url}"
-      end
-      query_string = query_string_for(options)
+    def respond
+      scope = warden_options[:scope]
       store_location!(scope)
-
-      headers = {}
-      headers["Location"] = redirect_path
-      headers["Location"] << "?" << query_string unless query_string.empty?
-      headers["Content-Type"] = 'text/plain'
-
-      [302, headers, ["You are being redirected to #{redirect_path}"]]
+      redirect_to send(:"new_#{scope}_session_path", query_string_params)
     end
 
+  protected
+
     # Build the proper query string based on the given message.
-    def query_string_for(options)
-      message = @env['warden'].try(:message) || options[:message] || default_message
+    def query_string_params
+      message = warden.try(:message) || warden_options[:message] || self.class.default_message
 
-      params = case message
-        when Symbol
-          { message => true }
-        when String
-          { :message => message }
-        else
-          {}
+      case message
+      when Symbol
+        { message => true }
+      when String
+        { :message => message }
+      else
+        {}
       end
+    end
 
-      Rack::Utils.build_query(params)
+    def warden
+      env['warden']
+    end
+
+    def warden_options
+      env['warden.options']
     end
 
     # Stores requested uri to redirect the user after signing in. We cannot use

lib/devise/hooks/rememberable.rb

@@ -22,11 +22,9 @@ end
 # Before logout hook to forget the user in the given scope, only if rememberable
 # is activated for this scope. Also clear remember token to ensure the user
 # won't be remembered again.
-# Notice that we forget the user if the record is frozen. This usually means the
-# user was just deleted.
 Warden::Manager.before_logout do |record, warden, scope|
   if record.respond_to?(:forget_me!)
-    record.forget_me! unless record.frozen?
+    record.forget_me!
     warden.response.delete_cookie "remember_#{scope}_token"
   end
 end

lib/devise/hooks/trackable.rb

@@ -13,6 +13,6 @@ Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
     record.sign_in_count ||= 0
     record.sign_in_count += 1
 
-    record.save(false)
+    record.save(:validate => false)
   end
 end

lib/devise/mapping.rb

@@ -22,7 +22,7 @@ module Devise
   #   # is the modules included in the class
   #
   class Mapping #:nodoc:
-    attr_reader :name, :as, :path_names, :path_prefix, :route_options
+    attr_reader :name, :as, :path_names, :path_prefix
 
     # Loop through all mappings looking for a map that matches with the requested
     # path (ie /users/sign_in). If a path prefix is given, it's taken into account.
@@ -34,24 +34,26 @@ module Devise
       nil
     end
 
+    # Find a mapping by a given class. It takes into account single table inheritance as well.
+    def self.find_by_class(klass)
+      Devise.mappings.each_value do |mapping|
+        return mapping if klass <= mapping.to
+      end
+      nil
+    end
+
     # Receives an object and find a scope for it. If a scope cannot be found,
     # raises an error. If a symbol is given, it's considered to be the scope.
     def self.find_scope!(duck)
       case duck
       when String, Symbol
-        return duck
-      when Class
-        Devise.mappings.each_value { |m| return m.name if duck <= m.to }
+        duck
       else
-        Devise.mappings.each_value { |m| return m.name if duck.is_a?(m.to) }
+        klass = duck.is_a?(Class) ? duck : duck.class
+        mapping = Devise::Mapping.find_by_class(klass)
+        raise "Could not find a valid mapping for #{duck}" unless mapping
+        mapping.name
       end
-
-      raise "Could not find a valid mapping for #{duck}"
-    end
-
-    # Default url options which can be used as prefix.
-    def self.default_url_options
-      {}
     end
 
     def initialize(name, options) #:nodoc:
@@ -59,10 +61,8 @@ module Devise
       @klass = (options.delete(:class_name) || name.to_s.classify).to_s
       @name  = (options.delete(:scope) || name.to_s.singularize).to_sym
 
-      @path_prefix   = "/#{options.delete(:path_prefix)}/".squeeze("/")
-      @route_options = options || {}
-
-      @path_names = Hash.new { |h,k| h[k] = k.to_s }
+      @path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
+      @path_names  = Hash.new { |h,k| h[k] = k.to_s }
       @path_names.merge!(options.delete(:path_names) || {})
     end
 
@@ -90,23 +90,10 @@ module Devise
     end
 
     # Returns the raw path using path_prefix and as.
-    def raw_path
+    def path
       path_prefix + as.to_s
     end
 
-    # Returns the parsed path taking into account the relative url root and raw path.
-    def parsed_path
-      returning (ActionController::Base.relative_url_root.to_s + raw_path) do |path|
-        self.class.default_url_options.each do |key, value|
-          path.gsub!(key.inspect, value.to_param)
-        end
-      end
-    end
-
-    def authenticatable?
-      @authenticatable ||= self.for.any? { |m| m.to_s =~ /authenticatable/ }
-    end
-
     # Create magic predicates for verifying what module is activated by this map.
     # Example:
     #

lib/devise/models.rb

@@ -1,7 +1,7 @@
 module Devise
   module Models
     autoload :Activatable, 'devise/models/activatable'
-    autoload :DatabaseAuthenticatable, 'devise/models/database_authenticatable'
+    autoload :Authenticatable, 'devise/models/authenticatable'
     autoload :Confirmable, 'devise/models/confirmable'
     autoload :Lockable, 'devise/models/lockable'
     autoload :Recoverable, 'devise/models/recoverable'
@@ -57,20 +57,12 @@ module Devise
     #
     def devise(*modules)
       raise "You need to give at least one Devise module" if modules.empty?
+
       options = modules.extract_options!
-
-      if modules.delete(:authenticatable)
-        ActiveSupport::Deprecation.warn ":authenticatable as module is deprecated. Please give :database_authenticatable instead.", caller
-        modules << :database_authenticatable
-      end
-
       @devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
 
-      Devise.orm_class.included_modules_hook(self) do
-        devise_modules.each do |m|
-          include Devise::Models.const_get(m.to_s.classify)
-        end
-
+      devise_modules_hook! do
+        devise_modules.each { |m| include Devise::Models.const_get(m.to_s.classify) }
         options.each { |key, value| send(:"#{key}=", value) }
       end
     end
@@ -81,6 +73,12 @@ module Devise
       @devise_modules ||= []
     end
 
+    # The hook which is called inside devise. So your ORM can include devise
+    # compatibility stuff.
+    def devise_modules_hook!
+      yield
+    end
+
     # Find an initialize a record setting an error if it can't be found.
     def find_or_initialize_with_error_by(attribute, value, error=:invalid)
       if value.present?
@@ -94,24 +92,13 @@ module Devise
         if value.present?
           record.send(:"#{attribute}=", value)
         else
-          error, skip_default = :blank, true
+          error = :blank
         end
 
-        add_error_on(record, attribute, error, !skip_default)
+        record.errors.add(attribute, error)
       end
 
       record
     end
-
-    # Wraps add error logic in a method that works for different frameworks.
-    def add_error_on(record, attribute, error, add_default=true)
-      options = add_default ? { :default => error.to_s.gsub("_", " ") } : {}
-
-      begin
-        record.errors.add(attribute, error, options)
-      rescue ArgumentError
-        record.errors.add(attribute, error.to_s.gsub("_", " "))
-      end
-    end
   end
 end

lib/devise/models/authenticatable.rb

@@ -1,4 +1,4 @@
-require 'devise/strategies/database_authenticatable'
+require 'devise/strategies/authenticatable'
 
 module Devise
   module Models
@@ -26,20 +26,12 @@ module Devise
     #    User.authenticate('email@test.com', 'password123')  # returns authenticated user or nil
     #    User.find(1).valid_password?('password123')         # returns true/false
     #
-    module DatabaseAuthenticatable
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
+    module Authenticatable
+      extend ActiveSupport::Concern
 
-          attr_reader :password, :current_password
-          attr_accessor :password_confirmation
-        end
-      end
-
-      # TODO Remove me in next release
-      def old_password
-        ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller
-        @old_password
+      included do
+        attr_reader :password, :current_password
+        attr_accessor :password_confirmation
       end
 
       # Regenerates password salt and encrypted password each time password is set,
@@ -58,6 +50,12 @@ module Devise
         password_digest(incoming_password) == self.encrypted_password
       end
 
+      # Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
+      # is the user authentication token.
+      def valid_authentication_token?(incoming_auth_token)
+        incoming_auth_token == self.authentication_token
+      end
+
       # Checks if a resource is valid upon authentication.
       def valid_for_authentication?(attributes)
         valid_password?(attributes[:password])
@@ -74,16 +72,13 @@ module Devise
       def update_with_password(params={})
         current_password = params.delete(:current_password)
 
-        if params[:password].blank?
-          params.delete(:password)
-          params.delete(:password_confirmation) if params[:password_confirmation].blank?
-        end
+        params.delete(:password)              if params[:password].blank?
+        params.delete(:password_confirmation) if params[:password_confirmation].blank?
 
         result = if valid_password?(current_password)
           update_attributes(params)
         else
-          message = current_password.blank? ? :blank : :invalid
-          self.class.add_error_on(self, :current_password, message, false)
+          self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
           self.attributes = params
           false
         end
@@ -94,13 +89,6 @@ module Devise
 
       protected
 
-        # Checks whether a password is needed or not. For validations only.
-        # Passwords are always required if it's a new record, or if the password
-        # or confirmation are being set somewhere.
-        def password_required?
-          new_record? || !password.nil? || !password_confirmation.nil?
-        end
-
         # Digests the password using the configured encryptor.
         def password_digest(password)
           self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)

lib/devise/models/confirmable.rb

@@ -29,15 +29,12 @@ module Devise
     #   User.find(1).send_confirmation_instructions # manually send instructions
     #   User.find(1).resend_confirmation! # generates a new token and resent it
     module Confirmable
+      extend ActiveSupport::Concern
       include Devise::Models::Activatable
 
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-
-          before_create :generate_confirmation_token, :if => :confirmation_required?
-          after_create  :send_confirmation_instructions, :if => :confirmation_required?
-        end
+      included do
+        before_create :generate_confirmation_token, :if => :confirmation_required?
+        after_create  :send_confirmation_instructions, :if => :confirmation_required?
       end
 
       # Confirm a user by setting it's confirmed_at to actual time. If the user
@@ -46,7 +43,7 @@ module Devise
         unless_confirmed do
           self.confirmation_token = nil
           self.confirmed_at = Time.now
-          save(false)
+          save(:validate => false)
         end
       end
 
@@ -57,12 +54,18 @@ module Devise
 
       # Send confirmation instructions by email
       def send_confirmation_instructions
-        ::DeviseMailer.deliver_confirmation_instructions(self)
+        ::Devise::Mailer.confirmation_instructions(self).deliver
       end
 
-      # Resend confirmation token. This method does not need to generate a new token.
-      def resend_confirmation_token
-        unless_confirmed { send_confirmation_instructions }
+      # Remove confirmation date and send confirmation instructions, to ensure
+      # after sending these instructions the user won't be able to sign in without
+      # confirming it's account
+      def resend_confirmation!
+        unless_confirmed do
+          generate_confirmation_token
+          save(:validate => false)
+          send_confirmation_instructions
+        end
       end
 
       # Overwrites active? from Devise::Models::Activatable for confirmation
@@ -75,7 +78,11 @@ module Devise
 
       # The message to be shown if the account is inactive.
       def inactive_message
-        !confirmed? ? :unconfirmed : super
+        if !confirmed?
+          :unconfirmed
+        else
+          super
+        end
       end
 
       # If you don't want confirmation to be sent on create, neither a code
@@ -121,7 +128,7 @@ module Devise
           unless confirmed?
             yield
           else
-            self.class.add_error_on(self, :email, :already_confirmed)
+            self.errors.add(:email, :already_confirmed)
             false
           end
         end
@@ -141,7 +148,7 @@ module Devise
         # Options must contain the user email
         def send_confirmation_instructions(attributes={})
           confirmable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
-          confirmable.resend_confirmation_token unless confirmable.new_record?
+          confirmable.resend_confirmation! unless confirmable.new_record?
           confirmable
         end
 
@@ -149,8 +156,8 @@ module Devise
         # If no user is found, returns a new user with an error.
         # If the user is already confirmed, create an error for the user
         # Options must have the confirmation_token
-        def confirm_by_token(confirmation_token)
-          confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token)
+        def confirm!(attributes={})
+          confirmable = find_or_initialize_with_error_by(:confirmation_token, attributes[:confirmation_token])        
           confirmable.confirm! unless confirmable.new_record?
           confirmable
         end

lib/devise/models/http_authenticatable.rb

@@ -6,9 +6,7 @@ module Devise
     # model class responds to authenticate and authentication_keys methods
     # (which for example are defined in authenticatable).
     module HttpAuthenticatable
-      def self.included(base)
-        base.extend ClassMethods
-      end
+      extend ActiveSupport::Concern
 
       module ClassMethods
         # Authenticate an user using http.

lib/devise/models/lockable.rb

@@ -18,62 +18,67 @@ module Devise
     #              available when unlock_strategy is :time or :both.
     #
     module Lockable
+      extend ActiveSupport::Concern
       include Devise::Models::Activatable
 
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-        end
-      end
-
       # Lock an user setting it's locked_at to actual time.
-      def lock_access!
-        return true if access_locked?
+      def lock
         self.locked_at = Time.now
-
-        if self.class.unlock_strategy_enabled?(:email)
+        if unlock_strategy_enabled?(:email)
           generate_unlock_token
           send_unlock_instructions
         end
+      end
 
-        save(false)
+      # Lock an user also saving the record.
+      def lock!
+        lock
+        save(:validate => false)
       end
 
       # Unlock an user by cleaning locket_at and failed_attempts.
-      def unlock_access!
-        if_access_locked do
+      def unlock!
+        if_locked do
           self.locked_at = nil
           self.failed_attempts = 0
           self.unlock_token = nil
-          save(false)
+          save(:validate => false)
         end
       end
 
       # Verifies whether a user is locked or not.
-      def access_locked?
+      def locked?
         locked_at && !lock_expired?
       end
 
       # Send unlock instructions by email
       def send_unlock_instructions
-        ::DeviseMailer.deliver_unlock_instructions(self)
+        ::Devise::Mailer.unlock_instructions(self).deliver
       end
 
       # Resend the unlock instructions if the user is locked.
-      def resend_unlock_token
-        if_access_locked { send_unlock_instructions }
+      def resend_unlock!
+        if_locked do
+          generate_unlock_token unless unlock_token.present?
+          save(:validate => false)
+          send_unlock_instructions
+        end
       end
 
       # Overwrites active? from Devise::Models::Activatable for locking purposes
       # by verifying whether an user is active to sign in or not based on locked?
       def active?
-        super && !access_locked?
+        super && !locked?
       end
 
       # Overwrites invalid_message from Devise::Models::Authenticatable to define
       # the correct reason for blocking the sign in.
       def inactive_message
-        access_locked? ? :locked : super
+        if locked?
+          :locked
+        else
+          super
+        end
       end
 
       # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
@@ -84,9 +89,9 @@ module Devise
           self.failed_attempts = 0
         else
           self.failed_attempts += 1
-          lock_access! if failed_attempts > self.class.maximum_attempts
+          lock if failed_attempts > self.class.maximum_attempts
         end
-        save(false) if changed?
+        save(:validate => false) if changed?
         result
       end
 
@@ -99,7 +104,7 @@ module Devise
 
         # Tells if the lock is expired if :time unlock strategy is active
         def lock_expired?
-          if self.class.unlock_strategy_enabled?(:time)
+          if unlock_strategy_enabled?(:time)
             locked_at && locked_at < self.class.unlock_in.ago
           else
             false
@@ -108,15 +113,20 @@ module Devise
 
         # Checks whether the record is locked or not, yielding to the block
         # if it's locked, otherwise adds an error to email.
-        def if_access_locked
-          if access_locked?
+        def if_locked
+          if locked?
             yield
           else
-            self.class.add_error_on(self, :email, :not_locked)
+            self.errors.add(:email, :not_locked)
             false
           end
         end
 
+        # Is the unlock enabled for the given unlock strategy?
+        def unlock_strategy_enabled?(strategy)
+          [:both, strategy].include?(self.class.unlock_strategy)
+        end
+
       module ClassMethods
         # Attempt to find a user by it's email. If a record is found, send new
         # unlock instructions to it. If not user is found, returns a new user
@@ -124,7 +134,7 @@ module Devise
         # Options must contain the user email
         def send_unlock_instructions(attributes={})
          lockable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
-         lockable.resend_unlock_token unless lockable.new_record?
+         lockable.resend_unlock! unless lockable.new_record?
          lockable
         end
 
@@ -132,17 +142,12 @@ module Devise
         # If no user is found, returns a new user with an error.
         # If the user is not locked, creates an error for the user
         # Options must have the unlock_token
-        def unlock_access_by_token(unlock_token)
-          lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token)
-          lockable.unlock_access! unless lockable.new_record?
+        def unlock!(attributes={})
+          lockable = find_or_initialize_with_error_by(:unlock_token, attributes[:unlock_token])
+          lockable.unlock! unless lockable.new_record?
           lockable
         end
 
-        # Is the unlock enabled for the given unlock strategy?
-        def unlock_strategy_enabled?(strategy)
-          [:both, strategy].include?(self.unlock_strategy)
-        end
-
         Devise::Models.config(self, :maximum_attempts, :unlock_strategy, :unlock_in)
       end
     end

lib/devise/models/recoverable.rb

@@ -14,11 +14,7 @@ module Devise
     #   # creates a new token and send it with instructions about how to reset the password
     #   User.find(1).send_reset_password_instructions
     module Recoverable
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-        end
-      end
+      extend ActiveSupport::Concern
 
       # Update password saving the record and clearing token. Returns true if
       # the passwords are valid and the record was saved, false otherwise.
@@ -32,7 +28,7 @@ module Devise
       # Resets reset password token and send reset password instructions by email
       def send_reset_password_instructions
         generate_reset_password_token!
-        ::DeviseMailer.deliver_reset_password_instructions(self)
+        ::Devise::Mailer.reset_password_instructions(self).deliver
       end
 
       protected
@@ -45,7 +41,7 @@ module Devise
         # Resets the reset password token with and save the record without
         # validating
         def generate_reset_password_token!
-          generate_reset_password_token && save(false)
+          generate_reset_password_token && save(:validate => false)
         end
 
         # Removes reset_password token
@@ -69,7 +65,7 @@ module Devise
         # try saving the record. If not user is found, returns a new user
         # containing an error in reset_password_token attribute.
         # Attributes must contain reset_password_token, password and confirmation
-        def reset_password_by_token(attributes={})
+        def reset_password!(attributes={})
           recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token])
           recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) unless recoverable.new_record?
           recoverable

lib/devise/models/rememberable.rb

@@ -30,21 +30,18 @@ module Devise
     #   # lookup the user based on the incoming cookie information
     #   User.serialize_from_cookie(cookie_string)
     module Rememberable
+      extend ActiveSupport::Concern
 
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-
-          # Remember me option available in after_authentication hook.
-          attr_accessor :remember_me
-        end
+      included do
+        # Remember me option available in after_authentication hook.
+        attr_accessor :remember_me
       end
 
       # Generate a new remember token and save the record without validations.
       def remember_me!
         self.remember_token = Devise.friendly_token
         self.remember_created_at = Time.now.utc
-        save(false)
+        save(:validate => false)
       end
 
       # Removes the remember token only if it exists, and save the record
@@ -53,7 +50,7 @@ module Devise
         if remember_token
           self.remember_token = nil
           self.remember_created_at = nil
-          save(false)
+          save(:validate => false)
         end
       end
 

lib/devise/models/timeoutable.rb

@@ -11,9 +11,7 @@ module Devise
     #
     #   timeout_in: the time you want to timeout the user session without activity.
     module Timeoutable
-      def self.included(base)
-        base.extend ClassMethods
-      end
+      extend ActiveSupport::Concern
 
       # Checks whether the user session has expired based on configured time.
       def timedout?(last_access)

lib/devise/models/token_authenticatable.rb

@@ -18,11 +18,10 @@ module Devise
     #    User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB')  # returns true/false
     #
     module TokenAuthenticatable
-      def self.included(base)
-        base.class_eval do
-          extend ClassMethods
-          before_save :ensure_authentication_token
-        end
+      extend ActiveSupport::Concern
+
+      included do
+        before_save :ensure_authentication_token
       end
 
       # Generate new authentication token (a.k.a. "single access token").

lib/devise/models/validatable.rb

@@ -34,6 +34,15 @@ module Devise
                 "to the following methods: #{unavailable_validations.to_sentence}."
         end
       end
+
+      protected
+
+        # Checks whether a password is needed or not. For validations only.
+        # Passwords are always required if it's a new record, or if the password
+        # or confirmation are being set somewhere.
+        def password_required?
+          new_record? || !password.nil? || !password_confirmation.nil?
+        end
     end
   end
 end

lib/devise/orm/active_record.rb

@@ -19,16 +19,13 @@ module Devise
     #   add_index "accounts", ["reset_password_token"], :name => "reset_password_token", :unique => true
     #
     module ActiveRecord
-      # Required ORM hook. Just yield the given block in ActiveRecord.
-      def self.included_modules_hook(klass)
-        yield
-      end
+      module Schema
+        include Devise::Schema
 
-      include Devise::Schema
-
-      # Tell how to apply schema methods.
-      def apply_schema(name, type, options={})
-        column name, type.to_s.downcase.to_sym, options
+        # Tell how to apply schema methods.
+        def apply_schema(name, type, options={})
+          column name, type.to_s.downcase.to_sym, options
+        end
       end
     end
   end
@@ -36,6 +33,6 @@ end
 
 if defined?(ActiveRecord)
   ActiveRecord::Base.extend Devise::Models
-  ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord
-  ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord
+  ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord::Schema
+  ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord::Schema
 end

lib/devise/orm/data_mapper.rb

@@ -1,83 +1,86 @@
 module Devise
   module Orm
     module DataMapper
-      module InstanceMethods
-        def save(flag=nil)
-          if flag == false
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          include Compatibility
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+
+      module Schema
+        include Devise::Schema
+
+        SCHEMA_OPTIONS = {
+          :null  => :required,
+          :limit => :length
+        }
+
+        # Tell how to apply schema methods. This automatically maps :limit to
+        # :length and :null to :required.
+        def apply_schema(name, type, options={})
+          SCHEMA_OPTIONS.each do |old_key, new_key|
+            next unless options.key?(old_key)
+            options[new_key] = !options.delete(old_key)
+          end
+
+          property name, type, options
+        end
+      end
+
+      module Compatibility
+        extend ActiveSupport::Concern
+
+        module ClassMethods
+          # Hooks for confirmable
+          def before_create(*args)
+            wrap_hook(:before, *args)
+          end
+
+          def after_create(*args)
+            wrap_hook(:after, *args)
+          end
+
+          def wrap_hook(action, *args)
+            options = args.extract_options!
+
+            args.each do |callback|
+              send action, :create, callback
+              class_eval <<-METHOD, __FILE__, __LINE__ + 1
+                def #{callback}
+                  super if #{options[:if] || true}
+                end
+              METHOD
+            end
+          end
+
+          # Add ActiveRecord like finder
+          def find(*args)
+            case args.first
+            when :first, :all
+              send(args.shift, *args)
+            else
+              get(*args)
+            end
+          end
+        end
+
+        def save(options=nil)
+          if options.is_a?(Hash) && options[:validate] == false
             save!
           else
             super()
           end
         end
       end
-
-      def self.included_modules_hook(klass)
-        klass.send :extend,  self
-        klass.send :include, InstanceMethods
-
-        yield
-
-        klass.devise_modules.each do |mod|
-          klass.send(mod) if klass.respond_to?(mod)
-        end
-      end
-
-      include Devise::Schema
-
-      SCHEMA_OPTIONS = {
-        :null  => :nullable,
-        :limit => :length
-      }
-
-      # Hooks for confirmable
-      def before_create(*args)
-        wrap_hook(:before, *args)
-      end
-
-      def after_create(*args)
-        wrap_hook(:after, *args)
-      end
-
-      def wrap_hook(action, *args)
-        options = args.extract_options!
-
-        args.each do |callback|
-          send action, :create, callback
-          class_eval <<-METHOD, __FILE__, __LINE__ + 1
-            def #{callback}
-              super if #{options[:if] || true}
-            end
-          METHOD
-        end
-      end
-
-      # Add ActiveRecord like finder
-      def find(*args)
-        options = args.extract_options!
-        case args.first
-          when :first
-            first(options)
-          when :all
-            all(options)
-          else
-            get(*args)
-        end
-      end
-
-      # Tell how to apply schema methods. This automatically maps :limit to
-      # :length and :null to :nullable.
-      def apply_schema(name, type, options={})
-        return unless Devise.apply_schema
-
-        SCHEMA_OPTIONS.each do |old_key, new_key|
-          next unless options.key?(old_key)
-          options[new_key] = options.delete(old_key)
-        end
-
-        property name, type, options
-      end
     end
   end
 end
 
-DataMapper::Model.send(:include, Devise::Models)
+DataMapper::Model.class_eval do
+  extend  Devise::ORM::DataMapper::Hook
+  include Devise::Models
+end

lib/devise/orm/mongo_mapper.rb

@@ -1,47 +1,49 @@
 module Devise
   module Orm
     module MongoMapper
-      module InstanceMethods
-        def save(options={})
-          if options == false
-            super(:validate => false)
-          else
-            super
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          include Compatibility
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods. This automatically converts DateTime
+        # to Time, since MongoMapper does not recognize the former.
+        def apply_schema(name, type, options={})
+          type = Time if type == DateTime
+          key name, type, options
+        end
+      end
+
+      module Compatibility
+        extend ActiveSupport::Concern
+
+        module ClassMethods
+          def find(*args)
+            case args.first
+            when :first, :all
+              send(args.shift, *args)
+            else
+              super
+            end
           end
         end
       end
 
-      def self.included_modules_hook(klass)
-        klass.send :extend,  self
-        klass.send :include, InstanceMethods
-        yield
-
-        klass.devise_modules.each do |mod|
-          klass.send(mod) if klass.respond_to?(mod)
-        end
-      end
-      
-      def find(*args)
-        case args.first
-        when :first, :all
-          send(args.shift, *args)
-        else
-          super
-        end
-      end
-      
-      include Devise::Schema
-
-      # Tell how to apply schema methods. This automatically converts DateTime
-      # to Time, since MongoMapper does not recognize the former.
-      def apply_schema(name, type, options={})
-        return unless Devise.apply_schema
-        type = Time if type == DateTime
-        key name, type, options
-      end
     end
   end
 end
 
-MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
-MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
+[MongoMapper::Document, MongoMapper::EmbeddedDocument].each do |mod|
+  mod::ClassMethods.class_eval do
+    include Devise::Models
+    include Devise::Orm::MongoMapper::Hook
+  end
+end

lib/devise/rails.rb

@@ -1,14 +1,12 @@
 require 'devise/rails/routes'
 require 'devise/rails/warden_compat'
 
-Rails.configuration.after_initialize do
-  require "devise/orm/#{Devise.orm}"
+module Devise
+  class Engine < ::Rails::Engine
+    engine_name :devise
 
-  # Adds Warden Manager to Rails middleware stack, configuring default devise
-  # strategy and also the failure app.
-  Rails.configuration.middleware.use Warden::Manager do |config|
-    Devise.configure_warden(config)
+    config.middleware.use Warden::Manager do |config|
+      Devise.configure_warden(config)
+    end
   end
-
-  I18n.load_path.unshift File.expand_path(File.join(File.dirname(__FILE__), 'locales', 'en.yml'))
-end
+end

lib/devise/rails/routes.rb

@@ -1,11 +1,9 @@
-module ActionController::Routing
+module ActionDispatch::Routing
   class RouteSet #:nodoc:
-
     # Ensure Devise modules are included only after loading routes, because we
-    # need devise_for mappings already declared to create magic filters and
-    # helpers.
-    def load_routes_with_devise!
-      load_routes_without_devise!
+    # need devise_for mappings already declared to create filters and helpers.
+    def finalize_with_devise!
+      finalize_without_devise!
       return if Devise.mappings.empty?
 
       ActionController::Base.send :include, Devise::Controllers::Helpers
@@ -13,113 +11,130 @@ module ActionController::Routing
 
       ActionView::Base.send :include, Devise::Controllers::UrlHelpers
     end
-    alias_method_chain :load_routes!, :devise
+    alias_method_chain :finalize!, :devise
+  end
 
-    class Mapper #:doc:
-      # Includes devise_for method for routes. This method is responsible to
-      # generate all needed routes for devise, based on what modules you have
-      # defined in your model.
-      # Examples: Let's say you have an User model configured to use
-      # authenticatable, confirmable and recoverable modules. After creating this
-      # inside your routes:
-      #
-      #   map.devise_for :users
-      #
-      # this method is going to look inside your User model and create the
-      # needed routes:
-      #
-      #  # Session routes for Authenticatable (default)
-      #       new_user_session GET  /users/sign_in                    {:controller=>"sessions", :action=>"new"}
-      #           user_session POST /users/sign_in                    {:controller=>"sessions", :action=>"create"}
-      #   destroy_user_session GET  /users/sign_out                   {:controller=>"sessions", :action=>"destroy"}
-      #
-      #  # Password routes for Recoverable, if User model has :recoverable configured
-      #      new_user_password GET  /users/password/new(.:format)     {:controller=>"passwords", :action=>"new"}
-      #     edit_user_password GET  /users/password/edit(.:format)    {:controller=>"passwords", :action=>"edit"}
-      #          user_password PUT  /users/password(.:format)         {:controller=>"passwords", :action=>"update"}
-      #                        POST /users/password(.:format)         {:controller=>"passwords", :action=>"create"}
-      #
-      #  # Confirmation routes for Confirmable, if User model has :confirmable configured
-      #  new_user_confirmation GET  /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
-      #      user_confirmation GET  /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"show"}
-      #                        POST /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"create"}
-      #
-      # You can configure your routes with some options:
-      #
-      #  * :class_name => setup a different class to be looked up by devise, if it cannot be correctly find by the route name.
-      #
-      #    map.devise_for :users, :class_name => 'Account'
-      #
-      #  * :as => allows you to setup path name that will be used, as rails routes does. The following route configuration would setup your route as /accounts instead of /users:
-      #
-      #    map.devise_for :users, :as => 'accounts'
-      #
-      #  * :scope => setup the scope name. This is used as the instance variable name in controller, as the name in routes and the scope given to warden. Defaults to the singular of the given name:
-      #
-      #    map.devise_for :users, :scope => :account
-      #
-      #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :password and :confirmation.
-      #
-      #    map.devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
-      #
-      #  * :path_prefix => the path prefix to be used in all routes.
-      #
-      #    map.devise_for :users, :path_prefix => "/:locale"
-      #
-      #  Any other options will be passed to route definition. If you need conditions for your routes, just map:
-      #
-      #    map.devise_for :users, :conditions => { :subdomain => /.+/ }
-      #
-      #  If you are using a dynamic prefix, like :locale above, you need to configure default_url_options through Devise. You can do that in config/initializers/devise.rb or setting a Devise.default_url_options:
-      #
-      #    Devise.default_url_options do
-      #      { :locale => I18n.locale }
-      #    end
-      #
-      def devise_for(*resources)
-        options = resources.extract_options!
+  class Mapper
+    # Includes devise_for method for routes. This method is responsible to
+    # generate all needed routes for devise, based on what modules you have
+    # defined in your model.
+    # Examples: Let's say you have an User model configured to use
+    # authenticatable, confirmable and recoverable modules. After creating this
+    # inside your routes:
+    #
+    #   devise_for :users
+    #
+    # this method is going to look inside your User model and create the
+    # needed routes:
+    #
+    #  # Session routes for Authenticatable (default)
+    #       new_user_session GET  /users/sign_in                    {:controller=>"sessions", :action=>"new"}
+    #           user_session POST /users/sign_in                    {:controller=>"sessions", :action=>"create"}
+    #   destroy_user_session GET  /users/sign_out                   {:controller=>"sessions", :action=>"destroy"}
+    #
+    #  # Password routes for Recoverable, if User model has :recoverable configured
+    #      new_user_password GET  /users/password/new(.:format)     {:controller=>"passwords", :action=>"new"}
+    #     edit_user_password GET  /users/password/edit(.:format)    {:controller=>"passwords", :action=>"edit"}
+    #          user_password PUT  /users/password(.:format)         {:controller=>"passwords", :action=>"update"}
+    #                        POST /users/password(.:format)         {:controller=>"passwords", :action=>"create"}
+    #
+    #  # Confirmation routes for Confirmable, if User model has :confirmable configured
+    #  new_user_confirmation GET  /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
+    #      user_confirmation GET  /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"show"}
+    #                        POST /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"create"}
+    #
+    # You can configure your routes with some options:
+    #
+    #  * :class_name => setup a different class to be looked up by devise,
+    #                   if it cannot be correctly find by the route name.
+    #
+    #    devise_for :users, :class_name => 'Account'
+    #
+    #  * :as => allows you to setup path name that will be used, as rails routes does.
+    #           The following route configuration would setup your route as /accounts instead of /users:
+    #
+    #    devise_for :users, :as => 'accounts'
+    #
+    #  * :scope => setup the scope name. This is used as the instance variable name in controller,
+    #              as the name in routes and the scope given to warden. Defaults to the singular of the given name:
+    #
+    #    devise_for :users, :scope => :account
+    #
+    #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
+    #                   :password, :confirmation, :unlock.
+    #
+    #    devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
+    #
+    #  * :path_prefix => the path prefix to be used in all routes.
+    #
+    #    devise_for :users, :path_prefix => "/:locale"
+    #
+    #  If you are using a dynamic prefix, like :locale above, you need to configure default_url_options in your ApplicationController
+    #  class level, so Devise can pick it:
+    #
+    #    class ApplicationController < ActionController::Base
+    #      def self.default_url_options
+    #        { :locale => I18n.locale }
+    #      end
+    #    end
+    #
+    #  * :controllers => the controller which should be used. All routes by default points to Devise controllers.
+    #    However, if you want them to point to custom controller, you should do:
+    #
+    #    devise_for :users, :controllers => { :sessions => "users/sessions" }
+    #
+    def devise_for(*resources)
+      options = resources.extract_options!
+      resources.map!(&:to_sym)
 
-        resources.map!(&:to_sym)
-        resources.each do |resource|
-          mapping = Devise::Mapping.new(resource, options.dup)
-          Devise.default_scope ||= mapping.name
-          Devise.mappings[mapping.name] = mapping
+      controllers = Hash.new { |h,k| h[k] = "devise/#{k}" }
+      controllers.merge!(options.delete(:controllers) || {})
 
-          route_options = mapping.route_options.merge(:path_prefix => mapping.raw_path, :name_prefix => "#{mapping.name}_")
+      resources.each do |resource|
+        mapping = Devise::Mapping.new(resource, options.dup)
 
-          with_options(route_options) do |routes|
-            mapping.for.each do |mod|
-              send(mod, routes, mapping) if self.respond_to?(mod, true)
-            end
-          end
+        Devise.default_scope ||= mapping.name
+        Devise.mappings[mapping.name] = mapping
+
+        mapping.for.each do |mod|
+          send(mod, mapping, controllers) if self.respond_to?(mod, true)
+        end
+      end
+    end
+
+    protected
+
+      def authenticatable(mapping, controllers)
+        scope mapping.path do
+          get  mapping.path_names[:sign_in],  :to => "#{controllers[:sessions]}#new",     :as => :"new_#{mapping.name}_session"
+          post mapping.path_names[:sign_in],  :to => "#{controllers[:sessions]}#create",  :as => :"#{mapping.name}_session"
+          get  mapping.path_names[:sign_out], :to => "#{controllers[:sessions]}#destroy", :as => :"destroy_#{mapping.name}_session"
+        end
+      end
+ 
+      def recoverable(mapping, controllers)
+        scope mapping.path, :name_prefix => mapping.name do
+          resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password], :controller => controllers[:passwords]
+        end
+      end
+ 
+      def confirmable(mapping, controllers)
+        scope mapping.path, :name_prefix => mapping.name do
+          resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
+        end
+      end
+ 
+      def lockable(mapping, controllers)
+        scope mapping.path, :name_prefix => mapping.name do
+          resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock], :controller => controllers[:unlocks]
         end
       end
 
-      protected
-
-        def database_authenticatable(routes, mapping)
-          routes.with_options(:controller => 'sessions', :name_prefix => nil) do |session|
-            session.send(:"new_#{mapping.name}_session",     mapping.path_names[:sign_in],  :action => 'new',     :conditions => { :method => :get })
-            session.send(:"#{mapping.name}_session",         mapping.path_names[:sign_in],  :action => 'create',  :conditions => { :method => :post })
-            session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], :action => 'destroy', :conditions => { :method => :get })
-          end
+      def registerable(mapping, controllers)
+        scope :name_prefix => mapping.name do
+          resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.path[1..-1],
+                   :path_names => { :new => mapping.path_names[:sign_up] }, :controller => controllers[:registrations]
         end
-
-        def confirmable(routes, mapping)
-          routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
-        end
-
-        def lockable(routes, mapping)
-          routes.resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock]
-        end
-
-        def recoverable(routes, mapping)
-          routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
-        end
-
-        def registerable(routes, mapping)
-          routes.resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.raw_path[1..-1], :path_prefix => nil, :path_names => { :new => mapping.path_names[:sign_up] }
-        end
-    end
+      end
   end
-end
+end

lib/devise/rails/warden_compat.rb

@@ -1,6 +1,6 @@
 module Warden::Mixins::Common
   def request
-    @request ||= env['action_controller.rescue.request']
+    @request ||= ActionDispatch::Request.new(env)
   end
 
   def reset_session!
@@ -9,7 +9,7 @@ module Warden::Mixins::Common
   end
 
   def response
-    @response ||= env['action_controller.rescue.response']
+    @response ||= env['action_controller.instance'].response
   end
 end
 

lib/devise/schema.rb

@@ -3,55 +3,47 @@ module Devise
   # and overwrite the apply_schema method.
   module Schema
 
-    def authenticatable(*args)
-      ActiveSupport::Deprecation.warn "t.authenticatable in migrations is deprecated. Please use t.database_authenticatable instead.", caller
-      database_authenticatable(*args)
-    end
-
     # Creates email, encrypted_password and password_salt.
     #
     # == Options
     # * :null - When true, allow columns to be null.
-    def database_authenticatable(options={})
-      null    = options[:null] || false
-      default = options[:default] || ""
+    # * :encryptor - The encryptor going to be used, necessary for setting the proper encrypter password length.
+    def authenticatable(options={})
+      null       = options[:null] || false
+      encryptor  = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
 
-      if options.delete(:encryptor)
-        ActiveSupport::Deprecation.warn ":encryptor as option is deprecated, simply remove it."
-      end
-
-      apply_schema :email,              String, :null => null, :default => default
-      apply_schema :encrypted_password, String, :null => null, :default => default, :limit => 128
-      apply_schema :password_salt,      String, :null => null, :default => default
+      apply_schema :email,              String, :null => null
+      apply_schema :encrypted_password, String, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
+      apply_schema :password_salt,      String, :null => null
     end
 
     # Creates authentication_token.
     def token_authenticatable
-      apply_schema :authentication_token, String
+      apply_schema :authentication_token, String, :limit => 20
     end
 
     # Creates confirmation_token, confirmed_at and confirmation_sent_at.
     def confirmable
-      apply_schema :confirmation_token,   String
+      apply_schema :confirmation_token,   String, :limit => 20
       apply_schema :confirmed_at,         DateTime
       apply_schema :confirmation_sent_at, DateTime
     end
 
     # Creates reset_password_token.
     def recoverable
-      apply_schema :reset_password_token, String
+      apply_schema :reset_password_token, String, :limit => 20
     end
 
     # Creates remember_token and remember_created_at.
     def rememberable
-      apply_schema :remember_token,      String
+      apply_schema :remember_token,      String, :limit => 20
       apply_schema :remember_created_at, DateTime
     end
 
     # Creates sign_in_count, current_sign_in_at, last_sign_in_at,
     # current_sign_in_ip, last_sign_in_ip.
     def trackable
-      apply_schema :sign_in_count,      Integer, :default => 0
+      apply_schema :sign_in_count,      Integer
       apply_schema :current_sign_in_at, DateTime
       apply_schema :last_sign_in_at,    DateTime
       apply_schema :current_sign_in_ip, String
@@ -61,7 +53,7 @@ module Devise
     # Creates failed_attempts, unlock_token and locked_at
     def lockable
       apply_schema :failed_attempts, Integer, :default => 0
-      apply_schema :unlock_token,    String
+      apply_schema :unlock_token,    String, :limit => 20
       apply_schema :locked_at,       DateTime
     end
 

lib/devise/strategies/authenticatable.rb

@@ -4,7 +4,7 @@ module Devise
   module Strategies
     # Default strategy for signing in a user, based on his email and password.
     # Redirects to sign_in page if it's not authenticated
-    class DatabaseAuthenticatable < Base
+    class Authenticatable < Base
       def valid?
         valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
       end
@@ -16,7 +16,7 @@ module Devise
         if resource = mapping.to.authenticate(params[scope])
           success!(resource)
         else
-          fail(:invalid)
+          fail!(:invalid)
         end
       end
 
@@ -33,4 +33,4 @@ module Devise
   end
 end
 
-Warden::Strategies.add(:database_authenticatable, Devise::Strategies::DatabaseAuthenticatable)
+Warden::Strategies.add(:authenticatable, Devise::Strategies::Authenticatable)

lib/devise/strategies/http_authenticatable.rb

@@ -5,7 +5,7 @@ module Devise
     # Sign in an user using HTTP authentication.
     class HttpAuthenticatable < Base
       def valid?
-        http_authentication? && mapping.to.respond_to?(:authenticate_with_http)
+        request.authorization && mapping.to.respond_to?(:authenticate_with_http)
       end
 
       def authenticate!
@@ -24,34 +24,22 @@ module Devise
         decode_credentials(request).split(/:/, 2)
       end
 
+      def decode_credentials(request)
+        ActiveSupport::Base64.decode64(request.authorization.split(' ', 2).last || '')
+      end
+
       def response_body
         body   = "HTTP Basic: Access denied."
-        method = :"to_#{request_format.to_sym}"
+        method = :"to_#{request.format.to_sym}"
         {}.respond_to?(method) ? { :error => body }.send(method) : body
       end
 
-      def http_authentication
-        request.env['HTTP_AUTHORIZATION']   ||
-        request.env['X-HTTP_AUTHORIZATION'] ||
-        request.env['X_HTTP_AUTHORIZATION'] ||
-        request.env['REDIRECT_X_HTTP_AUTHORIZATION']
-      end
-      alias :http_authentication? :http_authentication
-
-      def decode_credentials(request)
-        ActiveSupport::Base64.decode64(http_authentication.split(' ', 2).last || '')
-      end
-
       def custom_headers
         {
-          "Content-Type" => request_format.to_s,
+          "Content-Type" => request.format.to_s,
           "WWW-Authenticate" => %(Basic realm="#{Devise.http_authentication_realm.gsub(/"/, "")}")
         }
       end
-
-      def request_format
-        @request_format ||= Mime::Type.lookup_by_extension(request.template_format.to_s)
-      end
     end
   end
 end

lib/devise/test_helpers.rb

@@ -24,10 +24,6 @@ module Devise
         catch_with_redirect { super }
       end
 
-      def user(*args)
-        catch_with_redirect { super }
-      end
-
       def catch_with_redirect(&block)
         result = catch(:warden, &block)
 
@@ -49,10 +45,7 @@ module Devise
 
     # We need to setup the environment variables and the response in the controller.
     def setup_controller_for_warden #:nodoc:
-      @request.env['action_controller.rescue.request']  = @request
-      @request.env['action_controller.rescue.response'] = @response
-      @request.env['rack.session'] = session
-      @controller.response = @response
+      @request.env['action_controller.instance'] = @controller
     end
 
     # Quick access to Warden::Proxy.

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.0.7".freeze
+  VERSION = "1.1.pre3".freeze
 end

lib/generators/devise/devise_generator.rb

@@ -0,0 +1,57 @@
+require 'rails/generators/migration'
+
+class DeviseGenerator < Rails::Generators::NamedBase
+  include Rails::Generators::Migration
+
+  desc "Generates a model with the given NAME (if one does not exist) with devise " <<
+       "configuration plus a migration file and devise routes."
+
+  def self.source_root
+    @_devise_source_root ||= File.expand_path("../templates", __FILE__)
+  end
+
+  def self.orm_has_migration?
+    Rails::Generators.options[:rails][:orm] == :active_record
+  end
+
+  def self.next_migration_number(path)
+    Time.now.utc.strftime("%Y%m%d%H%M%S")
+  end
+
+  class_option :migration, :type => :boolean, :default => orm_has_migration?
+
+  def invoke_orm_model
+    if File.exists?(File.join(destination_root, model_path))
+      say "* Model already exists. Adding Devise behavior."
+    else
+      invoke "model", [name], :migration => false
+    end
+  end
+
+  def inject_devise_config_into_model
+    inject_into_class model_path, class_name, <<-CONTENT
+  # Include default devise modules. Others available are:
+  # :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
+  devise :registerable, :authenticatable, :confirmable, :recoverable,
+         :rememberable, :trackable, :validatable
+
+  # Setup accessible (or protected) attributes for your model
+  attr_accessible :email, :password, :password_confirmation
+CONTENT
+  end
+
+  def copy_migration_template
+    return unless options.migration?
+    migration_template "migration.rb", "db/migrate/devise_create_#{table_name}"
+  end
+
+  def add_devise_routes
+    route "devise_for :#{table_name}"
+  end
+
+  protected
+
+    def model_path
+      @model_path ||= File.join("app", "models", "#{file_path}.rb")
+    end
+end

lib/generators/devise/templates/migration.rb

@@ -1,7 +1,7 @@
 class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
   def self.up
     create_table(:<%= table_name %>) do |t|
-      t.database_authenticatable :null => false
+      t.authenticatable :encryptor => :sha1, :null => false
       t.confirmable
       t.recoverable
       t.rememberable

lib/generators/devise_install/devise_install_generator.rb

@@ -0,0 +1,25 @@
+class DeviseInstallGenerator < Rails::Generators::Base
+  desc "Creates a Devise initializer and copy locale files to your application."
+
+  def self.source_root
+    @_devise_source_root ||= File.expand_path("../templates", __FILE__)
+  end
+
+  def copy_initializer
+    template "devise.rb", "config/initializers/devise.rb"
+  end
+
+  def copy_locale
+    copy_file "../../../../config/locales/en.yml", "config/locales/devise.en.yml"    
+  end
+
+  def show_readme
+    readme "README"
+  end
+
+  protected
+  
+  def readme(path)
+    say File.read(File.expand_path(path, self.class.source_root))
+  end
+end

lib/generators/devise_install/templates/README

@@ -1,3 +1,4 @@
+
 ===============================================================================
 
 Some setup you must do manually if you haven't yet:
@@ -10,14 +11,9 @@ Some setup you must do manually if you haven't yet:
      This is a required Rails configuration. In production is must be the
      actual host of your application
 
-  2. Ensure you have defined root_url to *something* in your config/routes.rb:
+  2. Ensure you have defined root_url to *something* in your config/routes.rb.
+     For example:
 
-       map.root :controller => 'home'
-
- 3. Ensure you have a default layout in app/views/layouts and it shows
-     flash messages. For example:
-
-       <p class="notice"><%= flash[:notice] %></p>
-       <p class="alert"><%= flash[:alert] %></p>
+       root :to => "home#index"
 
 ===============================================================================

lib/generators/devise_install/templates/devise.rb

@@ -3,9 +3,6 @@
 Devise.setup do |config|
   # Configure the e-mail address which will be shown in DeviseMailer.
   config.mailer_sender = "please-change-me@config-initializers-devise.com"
-  
-  # Configure the content type of DeviseMailer mails (defaults to text/html")
-  # config.mailer_content_type = "text/plain"
 
   # ==> Configuration for :authenticatable
   # Invoke `rake secret` and use the printed value to setup a pepper to generate
@@ -66,8 +63,7 @@ Devise.setup do |config|
   # ==> General configuration
   # Load and configure the ORM. Supports :active_record (default), :mongo_mapper
   # (requires mongo_ext installed) and :data_mapper (experimental).
-  # require 'devise/orm/mongo_mapper'
-  # config.orm = :mongo_mapper
+  require 'devise/orm/active_record'
 
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
   # "sessions/users/new". It's turned off by default because it's slower if you
@@ -96,10 +92,4 @@ Devise.setup do |config|
   #   end
   #   manager.default_strategies.unshift :twitter_oauth
   # end
-
-  # Configure default_url_options if you are using dynamic segments in :path_prefix
-  # for devise_for.
-  # config.default_url_options do
-  #   { :locale => I18n.locale }
-  # end
 end

lib/generators/devise_views/devise_views_generator.rb

@@ -0,0 +1,15 @@
+class DeviseViewsGenerator < Rails::Generators::Base
+  desc "Copies all Devise views to your application."
+
+  def self.source_root
+    @_devise_source_root ||= File.expand_path("../../../../app/views", __FILE__)
+  end
+
+  def copy_views
+    directory "devise"
+  end
+
+  def say_restart_server
+    say "Views copied. Please restart your server."
+  end
+end

rails/init.rb

@@ -1,2 +0,0 @@
-# We need to load devise here to ensure routes extensions are loaded.
-require 'devise'

test/controllers/helpers_test.rb

@@ -11,16 +11,29 @@ class MockController < ApplicationController
   def path
     ''
   end
+
+  def index
+  end
+
+  def host_with_port
+    "test.host:3000"
+  end
+
+  def protocol
+    "http"
+  end
+
+  def symbolized_path_parameters
+    {}
+  end
 end
 
 class ControllerAuthenticableTest < ActionController::TestCase
   tests MockController
 
   def setup
-    @controller = MockController.new
     @mock_warden = OpenStruct.new
     @controller.env = { 'warden' => @mock_warden }
-    @controller.session = {}
   end
 
   test 'setup warden' do
@@ -165,13 +178,4 @@ class ControllerAuthenticableTest < ActionController::TestCase
   test 'is not a devise controller' do
     assert_not @controller.devise_controller?
   end
-
-  test 'default url options are retrieved from devise' do
-    begin
-      Devise.default_url_options {{ :locale => I18n.locale }}
-      assert_equal({ :locale => :en }, @controller.send(:default_url_options))
-    ensure
-      Devise.default_url_options {{ }}
-    end
-  end
 end

test/devise_test.rb

@@ -25,7 +25,7 @@ class DeviseTest < ActiveSupport::TestCase
     Devise.configure_warden(config)
 
     assert_equal Devise::FailureApp, config.failure_app
-    assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :database_authenticatable], config.default_strategies
+    assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable], config.default_strategies
     assert_equal :user, config.default_scope
     assert config.silence_missing_strategies?
   end
@@ -63,11 +63,6 @@ class DeviseTest < ActiveSupport::TestCase
     Devise::ALL.delete(:kivi)
     Devise::CONTROLLERS.delete(:fruits)
 
-    assert_nothing_raised(Exception) { Devise.add_module(:carrot, :route => :vegetable) }
-    assert_equal 1, Devise::ROUTES.select { |v| v == :vegetable }.size
-    Devise::ALL.delete(:carrot)
-    Devise::ROUTES.delete(:vegetable)
-
     assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
     assert defined?(Devise::Models::AuthenticatableAgain)
   end

test/encryptors_test.rb

@@ -1,7 +1,4 @@
-gem 'bcrypt-ruby'
-
 class Encryptors < ActiveSupport::TestCase
-
   test 'should match a password created by authlogic' do
     authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
     encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')

test/failure_app_test.rb

@@ -4,7 +4,13 @@ require 'ostruct'
 class FailureTest < ActiveSupport::TestCase
 
   def call_failure(env_params={})
-    env = {'warden.options' => { :scope => :user }}.merge!(env_params)
+    env = {
+      'warden.options' => { :scope => :user },
+      'REQUEST_URI' => 'http://test.host/',
+      'HTTP_HOST' => 'test.host',
+      'REQUEST_METHOD' => 'GET',
+      'rack.session' => {}
+    }.merge!(env_params)
     Devise::FailureApp.call(env)
   end
 
@@ -13,32 +19,28 @@ class FailureTest < ActiveSupport::TestCase
   end
 
   test 'return to the default redirect location' do
-    assert_equal '/users/sign_in?unauthenticated=true', call_failure.second['Location']
+    assert_equal 'http://test.host/users/sign_in?unauthenticated=true', call_failure.second['Location']
   end
 
   test 'uses the proxy failure message' do
     warden = OpenStruct.new(:message => :test)
     location = call_failure('warden' => warden).second['Location']
-    assert_equal '/users/sign_in?test=true', location
+    assert_equal 'http://test.host/users/sign_in?test=true', location
   end
 
   test 'uses the given message' do
     warden = OpenStruct.new(:message => 'Hello world')
     location = call_failure('warden' => warden).second['Location']
-    assert_equal '/users/sign_in?message=Hello+world', location
+    assert_equal 'http://test.host/users/sign_in?message=Hello+world', location
   end
 
-  test 'setup default url' do
-    Devise::FailureApp.default_url = 'test/sign_in'
-    location = call_failure('warden.options' => { :scope => nil }).second['Location']
-    assert_equal '/test/sign_in?unauthenticated=true', location
-  end
-
-  test 'set content type to default text/plain' do
-    assert_equal 'text/plain', call_failure.second['Content-Type']
+  test 'set content type to default text/html' do
+    assert_equal 'text/html; charset=utf-8', call_failure.second['Content-Type']
   end
 
   test 'setup a default message' do
-    assert_equal ['You are being redirected to /users/sign_in?unauthenticated=true'], call_failure.last
+    assert_match /You are being/, call_failure.last.body
+    assert_match /redirected/, call_failure.last.body
+    assert_match /\?unauthenticated=true/, call_failure.last.body
   end
 end

test/integration/authenticatable_test.rb

@@ -134,9 +134,7 @@ class AuthenticationTest < ActionController::IntegrationTest
   end
 
   test 'error message is configurable by resource name' do
-    store_translations :en, :devise => {
-      :sessions => { :admin => { :invalid => "Invalid credentials" } }
-    } do
+    store_translations :en, :devise => { :sessions => { :admin => { :invalid => "Invalid credentials" } } } do
       sign_in_as_admin do
         fill_in 'password', :with => 'abcdef'
       end
@@ -197,19 +195,20 @@ class AuthenticationTest < ActionController::IntegrationTest
 
   test 'destroyed account is signed out' do
     sign_in_as_user
-    visit 'users/index'
+    get '/users'
 
     User.destroy_all
-    visit 'users/index'
+    get '/users'
     assert_redirected_to '/users/sign_in?unauthenticated=true'
   end
 
   test 'allows session to be set by a given scope' do
     sign_in_as_user
-    visit 'users/index'
+    get '/users'
     assert_equal "Cart", @controller.user_session[:cart]
   end
 
+  # Scoped views
   test 'renders the scoped view if turned on and view is available' do
     swap Devise, :scoped_views => true do
       assert_raise Webrat::NotFoundError do
@@ -221,15 +220,15 @@ class AuthenticationTest < ActionController::IntegrationTest
 
   test 'renders the scoped view if turned on in an specific controller' do
     begin
-      SessionsController.scoped_views = true
+      Devise::SessionsController.scoped_views = true
       assert_raise Webrat::NotFoundError do
         sign_in_as_user
       end
 
       assert_match /Special user view/, response.body
-      assert !PasswordsController.scoped_views
+      assert !Devise::PasswordsController.scoped_views
     ensure
-      SessionsController.send :remove_instance_variable, :@scoped_views
+      Devise::SessionsController.send :remove_instance_variable, :@scoped_views
     end
   end
 
@@ -249,23 +248,33 @@ class AuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  # Default scope
+  test 'uses the mapping from the default scope if specified' do
+    swap Devise, :use_default_scope => true do
+      get '/sign_in'
+      assert_response :ok
+      assert_contain 'Sign in'
+    end
+  end
+
+  # Custom controller
+  test 'uses the custom controller with the custom controller view' do
+    get '/admin_area/sign_in'
+    assert_contain 'Sign in'
+    assert_contain 'Welcome to "sessions" controller!'
+    assert_contain 'Welcome to "sessions/new" view!'
+  end
+
+  # Access
   test 'render 404 on roles without permission' do
-    get 'admin_area/password/new'
+    get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true
     assert_response :not_found
     assert_not_contain 'Send me reset password instructions'
   end
 
   test 'render 404 on roles without mapping' do
-    get 'sign_in'
+    get '/sign_in', {}, "action_dispatch.show_exceptions" => true
     assert_response :not_found
     assert_not_contain 'Sign in'
   end
-
-  test 'uses the mapping from the default scope if specified' do
-    swap Devise, :use_default_scope => true do
-      get 'sign_in'
-      assert_response :ok
-      assert_contain 'Sign in'
-    end
-  end
 end

test/integration/http_authenticatable_test.rb

@@ -20,8 +20,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
     sign_in_as_new_user_with_http("unknown", "123456", :xml)
     assert_equal 401, status
     assert_equal "application/xml", headers["Content-Type"]
-    # Cannot assert this due to a bug between integration tests and rack on 2.3
-    # assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
+    assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
   end
 
   test 'returns a custom response with www-authenticate and chosen realm' do
@@ -46,7 +45,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
 
     def sign_in_as_new_user_with_http(username="user@test.com", password="123456", format=:html)
       user = create_user
-      get users_path(:format => format), {}, :authorization => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
+      get users_path(:format => format), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
       user
     end
 end

test/integration/lockable_test.rb

@@ -36,16 +36,6 @@ class LockTest < ActionController::IntegrationTest
     assert_equal 0, ActionMailer::Base.deliveries.size
   end
 
-  test 'unlocked pages should not be available if email strategy is disabled' do
-    visit new_user_unlock_path
-    assert_response :success
-
-    swap Devise, :unlock_strategy => :time do
-      visit new_user_unlock_path
-      assert_response :not_found
-    end
-  end
-
   test 'user with invalid unlock token should not be able to unlock an account' do
     visit_user_unlock_with_token('invalid_token')
 
@@ -57,19 +47,20 @@ class LockTest < ActionController::IntegrationTest
 
   test "locked user should be able to unlock account" do
     user = create_user(:locked => true)
-    assert user.access_locked?
+    assert user.locked?
 
     visit_user_unlock_with_token(user.unlock_token)
 
     assert_template 'home/index'
     assert_contain 'Your account was successfully unlocked.'
 
-    assert_not user.reload.access_locked?
+    assert_not user.reload.locked?
   end
 
   test "sign in user automatically after unlocking it's account" do
     user = create_user(:locked => true)
     visit_user_unlock_with_token(user.unlock_token)
+
     assert warden.authenticated?(:user)
   end
 
@@ -80,16 +71,6 @@ class LockTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:user)
   end
 
-  test "user should not send a new e-mail if already locked" do
-    user = create_user(:locked => true)
-    user.update_attribute(:failed_attempts, User.maximum_attempts + 1)
-    ActionMailer::Base.deliveries.clear
-
-    sign_in_as_user(:password => "invalid")
-    assert_contain 'Invalid email or password.'
-    assert ActionMailer::Base.deliveries.empty?
-  end
-
   test 'error message is configurable by resource name' do
     store_translations :en, :devise => {
       :sessions => { :admin => { :locked => "You are locked!" } }

test/integration/rack_middleware_test.rb

@@ -1,47 +0,0 @@
-require "test/test_helper"
-require "rack/test"
-
-class RackMiddlewareTest < Test::Unit::TestCase
-  include Rack::Test::Methods
-
-  def app
-    ActionController::Dispatcher.new
-  end
-
-  def warden
-    last_request.env['warden']
-  end
-
-  def with_custom_strategy
-    get '/'
-
-    Warden::Strategies.add(:custom_test) do
-      def valid?
-        true
-      end
-
-      def authenticate!
-        custom! [599, {
-            "X-Custom-Response" => "Custom response test",
-            "Content-type" => "text/plain"
-          }, "Custom response test"]
-      end
-    end
-
-    #ActionController::Dispatcher.middleware.use CustomStrategyInterceptor
-    default_strategies = warden.manager.config.default_strategies
-    warden.manager.config.default_strategies :custom_test
-    yield
-    warden.manager.config.default_strategies default_strategies
-  end
-
-  def test_custom_strategy_response
-    with_custom_strategy do
-      post('/users/sign_in')
-
-      assert_equal 599, last_response.status
-      assert_equal "Custom response test", last_response.body
-      assert_equal "Custom response test", last_response.headers["X-Custom-Response"]
-    end
-  end
-end

test/integration/recoverable_test.rb

@@ -134,7 +134,7 @@ class PasswordTest < ActionController::IntegrationTest
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token
 
-    assert_redirected_to new_user_session_path(:unconfirmed => true)
+    assert_current_path new_user_session_path(:unconfirmed => true)
     assert !warden.authenticated?(:user)
   end
 

test/integration/registerable_test.rb

@@ -3,7 +3,7 @@ require 'test/test_helper'
 class RegistrationTest < ActionController::IntegrationTest
 
   test 'a guest admin should be able to sign in successfully' do
-    visit new_admin_session_path
+    get new_admin_session_path
     click_link 'Sign up'
 
     assert_template 'registrations/new'
@@ -16,38 +16,31 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_contain 'You have signed up successfully.'
     assert warden.authenticated?(:admin)
 
-    admin = Admin.last
+    admin = Admin.last :order => "id"
     assert_equal admin.email, 'new_user@test.com'
   end
 
   test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
-    visit new_user_registration_path
+    get new_user_registration_path
 
     fill_in 'email', :with => 'new_user@test.com'
     fill_in 'password', :with => 'new_user123'
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_equal "You have signed up successfully. If enabled, a confirmation was sent to your e-mail.", @controller.send(:flash)[:notice]
-
-    # For some reason flash is not being set correctly, so instead of getting the
-    # "signed_up" message we get the unconfirmed one. Seems to be an issue with
-    # the internal redirect by the hook and the tests.
-    # follow_redirect!
-    # assert_contain 'You have signed up successfully.'
-    # assert_not_contain 'confirm your account'
-
-    follow_redirect!
+    assert_contain 'You have signed up successfully.'
     assert_contain 'Sign in'
+    assert_not_contain 'Confirm your account'
+
     assert_not warden.authenticated?(:user)
 
-    user = User.last
+    user = User.last :order => "id"
     assert_equal user.email, 'new_user@test.com'
     assert_not user.confirmed?
   end
 
   test 'a guest user cannot sign up with invalid information' do
-    visit new_user_registration_path
+    get new_user_registration_path
 
     fill_in 'email', :with => 'invalid_email'
     fill_in 'password', :with => 'new_user123'
@@ -65,7 +58,7 @@ class RegistrationTest < ActionController::IntegrationTest
 
   test 'a guest should not sign up with email/password that already exists' do
     user = create_user
-    visit new_user_registration_path
+    get new_user_registration_path
 
     fill_in 'email', :with => 'user@test.com'
     fill_in 'password', :with => '123456'
@@ -79,20 +72,19 @@ class RegistrationTest < ActionController::IntegrationTest
   end
 
   test 'a guest should not be able to change account' do
-    visit edit_user_registration_path
-    follow_redirect!
-    assert_template 'sessions/new'
+    get edit_user_registration_path
+    assert_redirected_to new_user_session_path(:unauthenticated => true)
   end
 
   test 'a signed in user should not be able to access sign up' do
     sign_in_as_user
-    visit new_user_registration_path
-    assert_template 'home/index'
+    get new_user_registration_path
+    assert_redirected_to root_path
   end
 
   test 'a signed in user should be able to edit his account' do
     sign_in_as_user
-    visit edit_user_registration_path
+    get edit_user_registration_path
 
     fill_in 'email', :with => 'user.new@email.com'
     fill_in 'current password', :with => '123456'
@@ -104,9 +96,25 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_equal "user.new@email.com", User.first.email
   end
 
+  test 'a signed in user should not change his current user with invalid password' do
+    sign_in_as_user
+    get edit_user_registration_path
+
+    fill_in 'email', :with => 'user.new@email.com'
+    fill_in 'current password', :with => 'invalid'
+    click_button 'Update'
+
+    assert_template 'registrations/edit'
+    assert_contain 'user@test.com'
+    assert_have_selector 'form input[value="user.new@email.com"]'
+
+    assert_equal "user@test.com", User.first.email
+  end
+
+
   test 'a signed in user should be able to edit his password' do
     sign_in_as_user
-    visit edit_user_registration_path
+    get edit_user_registration_path
 
     fill_in 'password', :with => 'pas123'
     fill_in 'password confirmation', :with => 'pas123'
@@ -119,24 +127,11 @@ class RegistrationTest < ActionController::IntegrationTest
     assert User.first.valid_password?('pas123')
   end
 
-  test 'a signed in user should not be able to edit his password with invalid confirmation' do
-    sign_in_as_user
-    get edit_user_registration_path
-  
-    fill_in 'password', :with => 'pas123'
-    fill_in 'password confirmation', :with => ''
-    fill_in 'current password', :with => '123456'
-    click_button 'Update'
-  
-    assert_contain "Password doesn't match confirmation"
-    assert_not User.first.valid_password?('pas123')
-  end
-
   test 'a signed in user should be able to cancel his account' do
     sign_in_as_user
-    visit edit_user_registration_path
+    get edit_user_registration_path
 
-    click_link "Cancel my account"
+    click_link "Cancel my account", :method => :delete
     assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
 
     assert User.all.empty?

test/integration/rememberable_test.rb

@@ -39,16 +39,17 @@ class RememberMeTest < ActionController::IntegrationTest
   test 'do not remember with invalid token' do
     user = create_user_and_remember('add')
     get users_path
-    assert_response :success
     assert_not warden.authenticated?(:user)
+    assert_redirected_to new_user_session_path(:unauthenticated => true)
   end
 
   test 'do not remember with token expired' do
     user = create_user_and_remember
-    Devise.remember_for = 0
-    get users_path
-    assert_response :success
-    assert_not warden.authenticated?(:user)
+    swap Devise, :remember_for => 0 do
+      get users_path
+      assert_not warden.authenticated?(:user)
+      assert_redirected_to new_user_session_path(:unauthenticated => true)
+    end
   end
 
   test 'forget the user before sign out' do

test/integration/token_authenticatable_test.rb

@@ -16,8 +16,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
   test 'signing in with valid authentication token - but improper authentication token key - return to sign in form with error message' do
     swap Devise, :token_authentication_key => :donald_duck_token do
       sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
-      assert_redirected_to new_user_session_path(:unauthenticated => true)
-      follow_redirect!
+      assert_current_path new_user_session_path(:unauthenticated => true)
 
       assert_contain 'You need to sign in or sign up before continuing'
       assert_contain 'Sign in'
@@ -28,8 +27,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
   test 'signing in with invalid authentication token should return to sign in form with error message' do
     store_translations :en, :devise => {:sessions => {:invalid_token => 'LOL, that was not a single character correct.'}} do
       sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
-      assert_redirected_to new_user_session_path(:invalid_token => true)
-      follow_redirect!
+      assert_current_path new_user_session_path(:invalid_token => true)
 
       assert_response :success
       assert_contain 'LOL, that was not a single character correct.'

test/integration/trackable_test.rb

@@ -39,7 +39,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
 
   test "increase sign in count" do
     user = create_user
-    assert_equal 0, user.sign_in_count
+    assert_nil user.sign_in_count
 
     sign_in_as_user
     user.reload

test/mailers/confirmation_instructions_test.rb

@@ -59,22 +59,16 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
 
   test 'renders a scoped if scoped_views is set to true' do
     swap Devise, :scoped_views => true do
-      assert_equal user.email, mail.body
-    end
-  end
-
-  test 'content type should be set to plain when manually configured' do
-    swap Devise, :mailer_content_type => "text/plain" do
-      assert_equal "text/plain", mail.content_type
+      assert_equal user.email, mail.body.decoded
     end
   end
 
   test 'renders a scoped if scoped_views is set in the mailer class' do
     begin
-      DeviseMailer.scoped_views = true
-      assert_equal user.email, mail.body
+      Devise::Mailer.scoped_views = true
+      assert_equal user.email, mail.body.decoded
     ensure
-      DeviseMailer.send :remove_instance_variable, :@scoped_views
+      Devise::Mailer.send :remove_instance_variable, :@scoped_views
     end
   end
 

test/mailers/unlock_instructions_test.rb

@@ -10,7 +10,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   def user
     @user ||= begin
       user = create_user
-      user.lock_access!
+      user.lock!
       user
     end
   end

test/mapping_test.rb

@@ -4,7 +4,6 @@ class MappingTest < ActiveSupport::TestCase
 
   test 'store options' do
     mapping = Devise.mappings[:user]
-
     assert_equal User,                mapping.to
     assert_equal User.devise_modules, mapping.for
     assert_equal :users,              mapping.as
@@ -39,17 +38,22 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal Devise.mappings[:admin], Devise::Mapping.find_by_path("/admin_area/session")
   end
 
+  test 'find mapping by class' do
+    assert_nil Devise::Mapping.find_by_class(String)
+    assert_equal Devise.mappings[:user], Devise::Mapping.find_by_class(User)
+  end
+
+  test 'find mapping by class works with single table inheritance' do
+    klass = Class.new(User)
+    assert_equal Devise.mappings[:user], Devise::Mapping.find_by_class(klass)
+  end
+
   test 'find scope for a given object' do
     assert_equal :user, Devise::Mapping.find_scope!(User)
     assert_equal :user, Devise::Mapping.find_scope!(:user)
     assert_equal :user, Devise::Mapping.find_scope!(User.new)
   end
 
-  test 'find scope works with single table inheritance' do
-    assert_equal :user, Devise::Mapping.find_scope!(Class.new(User))
-    assert_equal :user, Devise::Mapping.find_scope!(Class.new(User).new)
-  end
-
   test 'find scope raises an error if cannot be found' do
     assert_raise RuntimeError do
       Devise::Mapping.find_scope!(String)
@@ -62,7 +66,7 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal 'sign_out',     mapping.path_names[:sign_out]
     assert_equal 'password',     mapping.path_names[:password]
     assert_equal 'confirmation', mapping.path_names[:confirmation]
-    assert_equal 'sign_up', mapping.path_names[:sign_up]
+    assert_equal 'sign_up',      mapping.path_names[:sign_up]
     assert_equal 'unlock',       mapping.path_names[:unlock]
   end
 
@@ -91,45 +95,9 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal 2, Devise.mappings[:manager].as_position
   end
 
-  test 'raw path is returned' do
-    assert_equal '/users', Devise.mappings[:user].raw_path
-    assert_equal '/:locale/accounts', Devise.mappings[:manager].raw_path
-  end
-
-  test 'raw path ignores the relative_url_root' do
-    swap ActionController::Base, :relative_url_root => "/abc" do
-      assert_equal '/users', Devise.mappings[:user].raw_path
-    end
-  end
-
-  test 'parsed path is returned' do
-    begin
-      Devise.default_url_options {{ :locale => I18n.locale }}
-      assert_equal '/users', Devise.mappings[:user].parsed_path
-      assert_equal '/en/accounts', Devise.mappings[:manager].parsed_path
-    ensure
-      Devise.default_url_options {{ }}
-    end
-  end
-
-  test 'parsed path adds in the relative_url_root' do
-    swap ActionController::Base, :relative_url_root => '/abc' do
-      assert_equal '/abc/users', Devise.mappings[:user].parsed_path
-    end
-  end
-
-  test 'parsed path deals with a nil relative_url_root' do
-    swap ActionController::Base, :relative_url_root => nil do
-      assert_equal '/users', Devise.mappings[:user].raw_path
-    end
-  end
-
-  test 'should have default route options' do
-    assert_equal({}, Devise.mappings[:user].route_options)
-  end
-
-  test 'should allow passing route options to devise routes' do
-    assert_equal({ :requirements => { :extra => 'value' } }, Devise.mappings[:manager].route_options)
+  test 'path is returned with path prefix and as' do
+    assert_equal '/users', Devise.mappings[:user].path
+    assert_equal '/:locale/accounts', Devise.mappings[:manager].path
   end
 
   test 'magic predicates' do
@@ -138,6 +106,7 @@ class MappingTest < ActiveSupport::TestCase
     assert mapping.confirmable?
     assert mapping.recoverable?
     assert mapping.rememberable?
+    assert mapping.registerable?
 
     mapping = Devise.mappings[:admin]
     assert mapping.authenticatable?

test/models/authenticatable_test.rb

@@ -100,7 +100,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
 
   test 'should authenticate a valid user with email and password and return it' do
     user = create_user
-    User.any_instance.stubs(:confirmed?).returns(true)
+    user.confirm!
     authenticated_user = User.authenticate(:email => user.email, :password => user.password)
     assert_equal authenticated_user, user
   end
@@ -146,7 +146,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
     assert_not user.update_with_password(:current_password => 'other',
       :password => 'pass321', :password_confirmation => 'pass321')
     assert user.reload.valid_password?('123456')
-    assert_match /invalid/, user.errors[:current_password]
+    assert_match "is invalid", user.errors[:current_password].join
   end
 
   test 'should add an error to current password when it is blank' do
@@ -154,7 +154,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
     assert_not user.update_with_password(:password => 'pass321',
       :password_confirmation => 'pass321')
     assert user.reload.valid_password?('123456')
-    assert_match /blank/, user.errors[:current_password]
+    assert_match "can't be blank", user.errors[:current_password].join
   end
 
   test 'should ignore password and its confirmation if they are blank' do

test/models/confirmable_test.rb

@@ -11,6 +11,15 @@ class ConfirmableTest < ActiveSupport::TestCase
     assert_not_nil create_user.confirmation_token
   end
 
+  test 'should regenerate confirmation token each time' do
+    user = create_user
+    3.times do
+      token = user.confirmation_token
+      user.resend_confirmation!
+      assert_not_equal token, user.confirmation_token
+    end
+  end
+
   test 'should never generate the same confirmation token for different users' do
     confirmation_tokens = []
     3.times do
@@ -45,38 +54,38 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should not confirm a user already confirmed' do
     user = create_user
     assert user.confirm!
-    assert_nil user.errors[:email]
+    assert_blank user.errors[:email]
 
     assert_not user.confirm!
-    assert_match /already confirmed/, user.errors[:email]
+    assert_equal "was already confirmed", user.errors[:email].join
   end
 
   test 'should find and confirm an user automatically' do
     user = create_user
-    confirmed_user = User.confirm_by_token(user.confirmation_token)
+    confirmed_user = User.confirm!(:confirmation_token => user.confirmation_token)
     assert_equal confirmed_user, user
     assert user.reload.confirmed?
   end
 
   test 'should return a new record with errors when a invalid token is given' do
-    confirmed_user = User.confirm_by_token('invalid_confirmation_token')
+    confirmed_user = User.confirm!(:confirmation_token => 'invalid_confirmation_token')
     assert confirmed_user.new_record?
-    assert_match /invalid/, confirmed_user.errors[:confirmation_token]
+    assert_equal "is invalid", confirmed_user.errors[:confirmation_token].join
   end
 
   test 'should return a new record with errors when a blank token is given' do
-    confirmed_user = User.confirm_by_token('')
+    confirmed_user = User.confirm!(:confirmation_token => '')
     assert confirmed_user.new_record?
-    assert_match /blank/, confirmed_user.errors[:confirmation_token]
+    assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join
   end
 
   test 'should generate errors for a user email if user is already confirmed' do
     user = create_user
     user.confirmed_at = Time.now
     user.save
-    confirmed_user = User.confirm_by_token(user.confirmation_token)
+    confirmed_user = User.confirm!(:confirmation_token => user.confirmation_token)
     assert confirmed_user.confirmed?
-    assert confirmed_user.errors[:email]
+    assert_equal "was already confirmed", confirmed_user.errors[:email].join
   end
 
   test 'should authenticate a confirmed user' do
@@ -125,7 +134,14 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should add error to new user email if no email was found' do
     confirmation_user = User.send_confirmation_instructions(:email => "invalid@email.com")
     assert confirmation_user.errors[:email]
-    assert_equal 'not found', confirmation_user.errors[:email]
+    assert_equal "not found", confirmation_user.errors[:email].join
+  end
+
+  test 'should generate a confirmation token before send the confirmation instructions email' do
+    user = create_user
+    token = user.confirmation_token
+    confirmation_user = User.send_confirmation_instructions(:email => user.email)
+    assert_not_equal token, user.reload.confirmation_token
   end
 
   test 'should send email instructions for the user confirm it\'s email' do
@@ -157,9 +173,9 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should not be able to send instructions if the user is already confirmed' do
     user = create_user
     user.confirm!
-    assert_not user.resend_confirmation_token
+    assert_not user.resend_confirmation!
     assert user.confirmed?
-    assert_equal 'already confirmed', user.errors[:email]
+    assert_equal 'was already confirmed', user.errors[:email].join
   end
 
   test 'confirm time should fallback to devise confirm in default configuration' do
@@ -200,7 +216,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     Devise.confirm_within = 0.days
     user = create_user
     user.confirmation_sent_at = Date.today
-    assert_not user.reload.active?
+    assert_not user.active?
   end
 
   test 'should not be active without confirmation' do

test/models/http_authenticatable_test.rb

@@ -0,0 +1,19 @@
+require 'test/test_helper'
+
+class HttpAuthenticatableTest < ActiveSupport::TestCase
+  test 'should authenticate a valid user with email and password and return it' do
+    user = create_user
+    user.confirm!
+
+    authenticated_user = User.authenticate_with_http(user.email, user.password)
+    assert_equal authenticated_user, user
+  end
+
+  test 'should return nil when authenticating an invalid user by email' do
+    user = create_user
+    user.confirm!
+
+    authenticated_user = User.authenticate_with_http('another.email@email.com', user.password)
+    assert_nil authenticated_user
+  end
+end

test/models/lockable_test.rb

@@ -9,6 +9,7 @@ class LockableTest < ActiveSupport::TestCase
   test "should increment failed attempts on unsuccessful authentication" do
     user = create_user
     assert_equal 0, user.failed_attempts
+
     authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword")
     assert_equal 1, user.reload.failed_attempts
   end
@@ -17,14 +18,14 @@ class LockableTest < ActiveSupport::TestCase
     user = create_user
     attempts = Devise.maximum_attempts + 1
     attempts.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
-    assert user.reload.access_locked?
+    assert user.reload.locked?
   end
 
   test "should respect maximum attempts configuration" do
     user = create_user
     swap Devise, :maximum_attempts => 2 do
       3.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
-      assert user.reload.access_locked?
+      assert user.reload.locked?
     end
   end
 
@@ -36,50 +37,41 @@ class LockableTest < ActiveSupport::TestCase
     assert_equal 0, user.reload.failed_attempts
   end
 
-  test "should verify whether a user is locked or not" do
+  test "should verify wheter a user is locked or not" do
     user = create_user
-    assert_not user.access_locked?
-    user.lock_access!
-    assert user.access_locked?
+    assert_not user.locked?
+    user.lock!
+    assert user.locked?
   end
 
   test "active? should be the opposite of locked?" do
     user = create_user
     user.confirm!
     assert user.active?
-    user.lock_access!
+    user.lock!
     assert_not user.active?
   end
 
   test "should unlock an user by cleaning locked_at, falied_attempts and unlock_token" do
     user = create_user
-    user.lock_access!
+    user.lock!
     assert_not_nil user.reload.locked_at
     assert_not_nil user.reload.unlock_token
 
-    user.unlock_access!
+    user.unlock!
     assert_nil user.reload.locked_at
     assert_nil user.reload.unlock_token
     assert 0, user.reload.failed_attempts
   end
 
-  test "should not lock a locked account" do
-    user = create_user
-    user.lock_access!
-    assert_no_difference "ActionMailer::Base.deliveries.size" do
-      user.lock_access!
-    end
-  end
-
   test 'should not unlock an unlocked user' do
     user = create_user
-
-    assert_not user.unlock_access!
-    assert_match /not locked/, user.errors[:email]
+    assert_not user.unlock!
+    assert_match "was not locked", user.errors[:email].join
   end
 
   test "new user should not be locked and should have zero failed_attempts" do
-    assert_not new_user.access_locked?
+    assert_not new_user.locked?
     assert_equal 0, create_user.failed_attempts
   end
 
@@ -87,10 +79,10 @@ class LockableTest < ActiveSupport::TestCase
     swap Devise, :unlock_in => 3.hours do
       user = new_user
       user.locked_at = 2.hours.ago
-      assert user.access_locked?
+      assert user.locked?
 
       Devise.unlock_in = 1.hour
-      assert_not user.access_locked?
+      assert_not user.locked?
     end
   end
 
@@ -98,22 +90,32 @@ class LockableTest < ActiveSupport::TestCase
     swap Devise, :unlock_strategy => :email do
       user = new_user
       user.locked_at = 2.hours.ago
-      assert user.access_locked?
+      assert user.locked?
     end
   end
 
   test "should set unlock_token when locking" do
     user = create_user
     assert_nil user.unlock_token
-    user.lock_access!
+    user.lock!
     assert_not_nil user.unlock_token
   end
 
+  test 'should not regenerate unlock token if it already exists' do
+    user = create_user
+    user.lock!
+    3.times do
+      token = user.unlock_token
+      user.resend_unlock!
+      assert_equal token, user.unlock_token
+    end
+  end
+
   test "should never generate the same unlock token for different users" do
     unlock_tokens = []
     3.times do
       user = create_user
-      user.lock_access!
+      user.lock!
       token = user.unlock_token
       assert !unlock_tokens.include?(token)
       unlock_tokens << token
@@ -123,7 +125,7 @@ class LockableTest < ActiveSupport::TestCase
   test "should not generate unlock_token when :email is not an unlock strategy" do
     swap Devise, :unlock_strategy => :time do
       user = create_user
-      user.lock_access!
+      user.lock!
       assert_nil user.unlock_token
     end
   end
@@ -132,7 +134,7 @@ class LockableTest < ActiveSupport::TestCase
     swap Devise, :unlock_strategy => :email do
       user = create_user
       assert_email_sent do
-        user.lock_access!
+        user.lock!
       end
     end
   end
@@ -141,42 +143,42 @@ class LockableTest < ActiveSupport::TestCase
     swap Devise, :unlock_strategy => :time do
       user = create_user
       assert_email_not_sent do
-        user.lock_access!
+        user.lock!
       end
     end
   end
 
   test 'should find and unlock an user automatically' do
     user = create_user
-    user.lock_access!
-    locked_user = User.unlock_access_by_token(user.unlock_token)
+    user.lock!
+    locked_user = User.unlock!(:unlock_token => user.unlock_token)
     assert_equal locked_user, user
-    assert_not user.reload.access_locked?
+    assert_not user.reload.locked?
   end
 
   test 'should return a new record with errors when a invalid token is given' do
-    locked_user = User.unlock_access_by_token('invalid_token')
+    locked_user = User.unlock!(:unlock_token => 'invalid_token')
     assert locked_user.new_record?
-    assert_match /invalid/, locked_user.errors[:unlock_token]
+    assert_equal "is invalid", locked_user.errors[:unlock_token].join
   end
 
   test 'should return a new record with errors when a blank token is given' do
-    locked_user = User.unlock_access_by_token('')
+    locked_user = User.unlock!(:unlock_token => '')
     assert locked_user.new_record?
-    assert_match /blank/, locked_user.errors[:unlock_token]
+    assert_equal "can't be blank", locked_user.errors[:unlock_token].join
   end
 
   test 'should authenticate a unlocked user' do
     user = create_user
-    user.lock_access!
-    user.unlock_access!
+    user.lock!
+    user.unlock!
     authenticated_user = User.authenticate(:email => user.email, :password => user.password)
     assert_equal authenticated_user, user
   end
 
   test 'should find a user to send unlock instructions' do
     user = create_user
-    user.lock_access!
+    user.lock!
     unlock_user = User.send_unlock_instructions(:email => user.email)
     assert_equal unlock_user, user
   end
@@ -188,15 +190,14 @@ class LockableTest < ActiveSupport::TestCase
 
   test 'should add error to new user email if no email was found' do
     unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
-    assert unlock_user.errors[:email]
-    assert_equal 'not found', unlock_user.errors[:email]
+    assert_equal 'not found', unlock_user.errors[:email].join
   end
 
   test 'should not be able to send instructions if the user is not locked' do
     user = create_user
-    assert_not user.resend_unlock_token
-    assert_not user.access_locked?
-    assert_equal 'not locked', user.errors[:email]
+    assert_not user.resend_unlock!
+    assert_not user.locked?
+    assert_equal 'was not locked', user.errors[:email].join
   end
 
 end

test/models/recoverable_test.rb

@@ -83,7 +83,7 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should return a new record with errors if user was not found by e-mail' do
     reset_password_user = User.send_reset_password_instructions(:email => "invalid@email.com")
     assert reset_password_user.new_record?
-    assert_match /not found/, reset_password_user.errors[:email]
+    assert_equal "not found", reset_password_user.errors[:email].join
   end
 
   test 'should reset reset_password_token before send the reset instructions email' do
@@ -104,20 +104,20 @@ class RecoverableTest < ActiveSupport::TestCase
     user = create_user
     user.send :generate_reset_password_token!
 
-    reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token)
+    reset_password_user = User.reset_password!(:reset_password_token => user.reset_password_token)
     assert_equal reset_password_user, user
   end
 
   test 'should a new record with errors if no reset_password_token is found' do
-    reset_password_user = User.reset_password_by_token(:reset_password_token => 'invalid_token')
+    reset_password_user = User.reset_password!(:reset_password_token => 'invalid_token')
     assert reset_password_user.new_record?
-    assert_match /invalid/, reset_password_user.errors[:reset_password_token]
+    assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
   end
 
   test 'should a new record with errors if reset_password_token is blank' do
-    reset_password_user = User.reset_password_by_token(:reset_password_token => '')
+    reset_password_user = User.reset_password!(:reset_password_token => '')
     assert reset_password_user.new_record?
-    assert_match /blank/, reset_password_user.errors[:reset_password_token]
+    assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join
   end
 
   test 'should reset successfully user password given the new password and confirmation' do
@@ -125,7 +125,7 @@ class RecoverableTest < ActiveSupport::TestCase
     old_password = user.password
     user.send :generate_reset_password_token!
 
-    reset_password_user = User.reset_password_by_token(
+    reset_password_user = User.reset_password!(
       :reset_password_token => user.reset_password_token,
       :password => 'new_password',
       :password_confirmation => 'new_password'

test/models/rememberable_test.rb

@@ -1,11 +1,6 @@
 require 'test/test_helper'
 
 class RememberableTest < ActiveSupport::TestCase
-
-  def setup
-    Devise.remember_for = 1
-  end
-
   test 'should respond to remember_me attribute' do
     user = new_user
     assert user.respond_to?(:remember_me)
@@ -54,11 +49,13 @@ class RememberableTest < ActiveSupport::TestCase
   end
 
   test 'valid remember token should also verify if remember is not expired' do
-    user = create_user
-    user.remember_me!
-    user.remember_created_at = 3.days.ago
-    user.save
-    assert_not user.valid_remember_token?(user.remember_token)
+    swap Devise, :remember_for => 1.day do
+      user = create_user
+      user.remember_me!
+      user.remember_created_at = 3.days.ago
+      user.save
+      assert_not user.valid_remember_token?(user.remember_token)
+    end
   end
 
   test 'serialize into cookie' do

test/models/validatable_test.rb

@@ -7,31 +7,30 @@ class ValidatableTest < ActiveSupport::TestCase
     user = new_user(:email => nil)
     assert user.invalid?
     assert user.errors[:email]
-    assert_equal 'can\'t be blank', user.errors[:email]
+    assert_equal 'can\'t be blank', user.errors[:email].join
   end
 
   test 'should require uniqueness of email, allowing blank' do
     existing_user = create_user
+
     user = new_user(:email => '')
     assert user.invalid?
-    assert_not_equal 'has already been taken', user.errors[:email]
+    assert_not_equal 'has already been taken', user.errors[:email].join
+
     user.email = existing_user.email
     assert user.invalid?
-    assert user.errors[:email]
-    assert_equal 1, [*user.errors[:email]].size
-    assert_equal 'has already been taken', user.errors[:email]
+    assert_equal 'has already been taken', user.errors[:email].join
   end
 
   test 'should require correct email format, allowing blank' do
     user = new_user(:email => '')
     assert user.invalid?
-    assert_not_equal 'is invalid', user.errors[:email]
+    assert_not_equal 'is invalid', user.errors[:email].join
+
     %w(invalid_email_format email@invalid invalid$character@mail.com other@not 123).each do |email|
       user.email = email
       assert user.invalid?, 'should be invalid with email ' << email
-      assert user.errors[:email]
-      assert_equal 1, [*user.errors[:email]].size
-      assert_equal 'is invalid', user.errors[:email]
+      assert_equal 'is invalid', user.errors[:email].join
     end
   end
 
@@ -39,63 +38,59 @@ class ValidatableTest < ActiveSupport::TestCase
     %w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test).each do |email|
       user = new_user(:email => email)
       assert user.valid?, 'should be valid with email ' << email
-      assert_nil user.errors[:email]
+      assert_blank user.errors[:email]
     end
   end
 
   test 'should require password to be set when creating a new record' do
     user = new_user(:password => '', :password_confirmation => '')
     assert user.invalid?
-    assert user.errors[:password]
-    assert_equal 'can\'t be blank', user.errors[:password]
+    assert_equal 'can\'t be blank', user.errors[:password].join
   end
 
   test 'should require confirmation to be set when creating a new record' do
     user = new_user(:password => 'new_password', :password_confirmation => 'blabla')
     assert user.invalid?
-    assert user.errors[:password]
-    assert_equal 'doesn\'t match confirmation', user.errors[:password]
+    assert_equal 'doesn\'t match confirmation', user.errors[:password].join
   end
 
   test 'should require password when updating/reseting password' do
     user = create_user
+
     user.password = ''
     user.password_confirmation = ''
+
     assert user.invalid?
-    assert user.errors[:password]
-    assert_equal 'can\'t be blank', user.errors[:password]
+    assert_equal 'can\'t be blank', user.errors[:password].join
   end
 
   test 'should require confirmation when updating/reseting password' do
     user = create_user
     user.password_confirmation = 'another_password'
     assert user.invalid?
-    assert user.errors[:password]
-    assert_equal 'doesn\'t match confirmation', user.errors[:password]
+    assert_equal 'doesn\'t match confirmation', user.errors[:password].join
   end
 
   test 'should require a password with minimum of 6 characters' do
     user = new_user(:password => '12345', :password_confirmation => '12345')
     assert user.invalid?
-    assert user.errors[:password]
-    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password]
+    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
   end
 
   test 'should require a password with maximum of 20 characters long' do
     user = new_user(:password => 'x'*21, :password_confirmation => 'x'*21)
     assert user.invalid?
-    assert user.errors[:password]
-    assert_equal 'is too long (maximum is 20 characters)', user.errors[:password]
+    assert_equal 'is too long (maximum is 20 characters)', user.errors[:password].join
   end
 
   test 'should not require password length when it\'s not changed' do
     user = create_user.reload
     user.password = user.password_confirmation = nil
     assert user.valid?
+  
     user.password_confirmation = 'confirmation'
     assert user.invalid?
-    assert user.errors[:password]
-    assert_not user.errors[:password].to_a.include?('is too short (minimum is 6 characters)')
+    assert_not (user.errors[:password].join =~ /is too long/)
   end
 
   test 'shuold not be included in objects with invalid API' do

test/models_test.rb

@@ -23,21 +23,7 @@ class ActiveRecordTest < ActiveSupport::TestCase
   end
 
   test 'add modules cherry pick' do
-    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable
-  end
-
-  test 'order of module inclusion' do
-    correct_module_order   = [:database_authenticatable, :registerable, :timeoutable]
-    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable]
-
-    assert_include_modules Admin, *incorrect_module_order
-
-    # get module constants from symbol list
-    module_constants = correct_module_order.collect { |mod| Devise::Models::const_get(mod.to_s.classify) }
-
-    # confirm that they adhere to the order in ALL
-    # get included modules, filter out the noise, and reverse the order
-    assert_equal module_constants, (Admin.included_modules & module_constants).reverse
+    assert_include_modules Admin, :authenticatable, :registerable, :timeoutable
   end
 
   test 'set a default value for stretches' do

test/orm/active_record.rb

@@ -1,9 +1,8 @@
-require File.join(File.dirname(__FILE__), '..', 'rails_app', 'config', 'environment')
-require 'test_help'
+require File.expand_path('../../rails_app/config/environment', __FILE__)
+require 'rails/test_help'
 
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
-ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
 
 ActiveRecord::Schema.define(:version => 1) do
   [:users, :admins, :accounts].each do |table|

test/orm/mongo_mapper.rb

@@ -1,16 +1,8 @@
-require 'mongo_mapper'
 MongoMapper.database = "devise-test-suite"
 MongoMapper.connection = Mongo::Connection.new('127.0.0.1', 27017)
 
-require File.join(File.dirname(__FILE__), '..', 'rails_app', 'config', 'environment')
-require 'test_help'
-
-module MongoMapper::Document
-  # TODO This should not be required
-  def invalid?
-    !valid?
-  end
-end
+require File.expand_path('../../rails_app/config/environment', __FILE__)
+require 'rails/test_help'
 
 class ActiveSupport::TestCase
   setup do

test/rails_app/Rakefile

@@ -1,10 +1,10 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require(File.join(File.dirname(__FILE__), 'config', 'boot'))
+require File.expand_path('../config/application', __FILE__)
 
 require 'rake'
 require 'rake/testtask'
 require 'rake/rdoctask'
 
-require 'tasks/rails'
+Rails::Application.load_tasks

test/rails_app/app/controllers/application_controller.rb

@@ -2,11 +2,5 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
-  helper :all # include all helpers, all the time
-  protect_from_forgery # See ActionController::RequestForgeryProtection for details
-
-  # Scrub sensitive parameters from your log
-  filter_parameter_logging :password
-
-  before_filter :current_user
+  protect_from_forgery
 end

test/rails_app/app/controllers/sessions_controller.rb

@@ -0,0 +1,6 @@
+class SessionsController < Devise::SessionsController
+  def new
+    flash[:notice] = "Welcome to #{controller_path.inspect} controller!"
+    super
+  end
+end

test/rails_app/app/controllers/users_controller.rb

@@ -9,8 +9,4 @@ class UsersController < ApplicationController
     user_session['last_request_at'] = 31.minutes.ago.utc
     render :text => 'User will be expired on next request'
   end
-
-  def show
-    render :text => current_user.id.to_s
-  end
 end

test/rails_app/app/mongo_mapper/admin.rb

@@ -1,13 +1,10 @@
 class Admin
   include MongoMapper::Document
-  devise :authenticatable, :registerable, :timeoutable
+  include MongoMapper::Plugins::Callbacks
+
+  devise :authenticatable, :timeoutable, :registerable
 
   def self.find_for_authentication(conditions)
-    last(:conditions => conditions)
-  end
-
-  def self.last(options={})
-    options.merge!(:order => 'email')
-    super options
+    last(:conditions => conditions, :order => "email")
   end
 end