Release 1.2.1.

CHANGELOG.rdoc

@@ -1,3 +1,15 @@
+== 1.2.1
+
+* enhancements
+  * better upgrade steps
+
+== 1.2.0
+
+* bug fix
+  * Properly ignore path prefix on omniauthable
+  * Faster uniqueness queries
+  * Rename active? to active_for_authentication? to avoid conflicts
+
 == 1.2.rc2
 
 * enhancements

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (1.2.rc)
+    devise (1.2.0)
       bcrypt-ruby (~> 2.1.2)
       orm_adapter (~> 0.0.3)
       warden (~> 1.0.3)

README.rdoc

@@ -212,14 +212,6 @@ Since Devise is an engine, all its views are packaged inside the gem. These view
 
   rails generate devise:views
 
-Devise currently supports generating views for the following template engines (use the `-e` flag for the devise:views generator):
-
-* Erb
-* Haml (http://github.com/nex3/haml)
-* Slim (http://github.com/stonean/slim)
-
-Note: If you are generating Haml or Slim templates, you will need to have a few dependencies such as `ruby_parser` (for Haml), `hpricot` (for both Haml and Slim) and `haml2slim` (for Slim) installed.
-
 If you have more than one role in your application (such as "User" and "Admin"), you will notice that Devise uses the same views for all roles. Fortunately, Devise offers an easy way to customize views. All you need to do is set "config.scoped_views = true" inside "config/initializers/devise.rb".
 
 After doing so, you will be able to have views based on the role like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will use the default view at "devise/sessions/new". You can also use the generator to generate scoped views:

TODO

@@ -1,4 +0,0 @@
-* Move integration tests to Capybara
-* Better ORM integration
-* Add support to automatically refresh the access token for OAuth
-* Add test to generators using the new Rails::Generators::TestCase

app/controllers/devise/registrations_controller.rb

@@ -14,7 +14,7 @@ class Devise::RegistrationsController < ApplicationController
     build_resource
 
     if resource.save
-      if resource.active?
+      if resource.active_for_authentication?
         set_flash_message :notice, :signed_up
         sign_in_and_redirect(resource_name, resource)
       else

lib/devise.rb

@@ -70,9 +70,9 @@ module Devise
   @@request_keys = []
 
   # Keys that should be case-insensitive.
-  # Empty by default for backwards compatibility.
+  # False by default for backwards compatibility.
   mattr_accessor :case_insensitive_keys
-  @@case_insensitive_keys = []
+  @@case_insensitive_keys = false
 
   # If http authentication is enabled by default.
   mattr_accessor :http_authenticatable
@@ -226,6 +226,14 @@ module Devise
     yield self
   end
 
+  def self.ref(arg)
+    if defined?(ActiveSupport::Dependencies::ClassCache)
+      ActiveSupport::Dependencies::Reference.store(arg)
+    else
+      ActiveSupport::Dependencies.ref(arg)
+    end
+  end
+
   def self.omniauth_providers
     omniauth_configs.keys
   end
@@ -238,12 +246,16 @@ module Devise
 
   # Get the mailer class from the mailer reference object.
   def self.mailer
-    @@mailer_ref.get
+    if defined?(ActiveSupport::Dependencies::ClassCache)
+      @@mailer_ref.get "Devise::Mailer"
+    else
+      @@mailer_ref.get
+    end
   end
 
   # Set the mailer reference object to access the mailer.
   def self.mailer=(class_name)
-    @@mailer_ref = ActiveSupport::Dependencies.ref(class_name)
+    @@mailer_ref = ref(class_name)
   end
   self.mailer = "Devise::Mailer"
 

lib/devise/hooks/activatable.rb

@@ -1,9 +1,9 @@
 # Deny user access whenever his account is not active yet. All strategies that inherits from
-# Devise::Strategies::Authenticatable and uses the validate already check if the user is active?
+# Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication?
 # before actively signing him in. However, we need this as hook to validate the user activity
 # in each request and in case the user is using other strategies beside Devise ones.
 Warden::Manager.after_set_user do |record, warden, options|
-  if record && record.respond_to?(:active?) && !record.active?
+  if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication?
     scope = options[:scope]
     warden.logout(scope)
     throw :warden, :scope => scope, :message => record.inactive_message

lib/devise/mapping.rb

@@ -50,7 +50,7 @@ module Devise
       @singular = (options[:singular] || @scoped_path.tr('/', '_').singularize).to_sym
 
       @class_name = (options[:class_name] || name.to_s.classify).to_s
-      @ref = ActiveSupport::Dependencies.ref(@class_name)
+      @ref = Devise.ref(@class_name)
 
       @path = (options[:path] || name).to_s
       @path_prefix = options[:path_prefix]
@@ -73,7 +73,11 @@ module Devise
 
     # Gives the class the mapping points to.
     def to
-      @ref.get
+      if defined?(ActiveSupport::Dependencies::ClassCache)
+        @ref.get @class_name
+      else
+        @ref.get
+      end
     end
 
     def strategies

lib/devise/models/authenticatable.rb

@@ -24,19 +24,19 @@ module Devise
     #   * +params_authenticatable+: if this model allows authentication through request params. By default true.
     #     It also accepts an array specifying the strategies that should allow params authentication.
     #
-    # == Active?
+    # == active_for_authentication?
     #
     # Before authenticating a user and in each request, Devise checks if your model is active by
-    # calling model.active?. This method is overwriten by other devise modules. For instance,
-    # :confirmable overwrites .active? to only return true if your model was confirmed.
+    # calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance,
+    # :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.
     #
     # You overwrite this method yourself, but if you do, don't forget to call super:
     #
-    #   def active?
+    #   def active_for_authentication?
     #     super && special_condition_is_valid?
     #   end
     #
-    # Whenever active? returns false, Devise asks the reason why your model is inactive using
+    # Whenever active_for_authentication? returns false, Devise asks the reason why your model is inactive using
     # the inactive_message method. You can overwrite it as well:
     #
     #   def inactive_message
@@ -55,10 +55,10 @@ module Devise
       # find_for_authentication are the methods used in a Warden::Strategy to check
       # if a model should be signed in or not.
       #
-      # However, you should not overwrite this method, you should overwrite active? and
-      # inactive_message instead.
+      # However, you should not overwrite this method, you should overwrite active_for_authentication?
+      # and inactive_message instead.
       def valid_for_authentication?
-        if active?
+        if active_for_authentication?
           block_given? ? yield : true
         else
           inactive_message
@@ -66,7 +66,19 @@ module Devise
       end
 
       def active?
-        true
+        ActiveSupport::Deprecation.warn "[DEVISE] active? is deprecated, please use active_for_authentication? instead.", caller
+        active_for_authentication?
+      end
+
+      def active_for_authentication?
+        my_methods = self.class.instance_methods(false)
+        if my_methods.include?("active?") || my_methods.include?(:active?)
+          ActiveSupport::Deprecation.warn "[DEVISE] Overriding active? is deprecated to avoid conflicts. " \
+            "Please use active_for_authentication? instead.", caller
+          active?
+        else
+          true
+        end
       end
 
       def inactive_message
@@ -101,7 +113,7 @@ module Devise
         #
         def find_for_authentication(conditions)
           filter_auth_params(conditions)
-          case_insensitive_keys.each { |k| conditions[k].try(:downcase!) }
+          (case_insensitive_keys || []).each { |k| conditions[k].try(:downcase!) }
           to_adapter.find_first(conditions)
         end
 
@@ -112,7 +124,7 @@ module Devise
 
         # Find an initialize a group of attributes based on a list of required attributes.
         def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
-          case_insensitive_keys.each { |k| attributes[k].try(:downcase!) }
+          (case_insensitive_keys || []).each { |k| attributes[k].try(:downcase!) }
           
           attributes = attributes.slice(*required_attributes)
           attributes.delete_if { |key, value| value.blank? }
@@ -140,7 +152,7 @@ module Devise
         def filter_auth_params(conditions)
           conditions.each do |k, v|
             conditions[k] = v.to_s
-          end
+          end if conditions.is_a?(Hash)
         end
 
         # Generate a token by looping and ensuring does not already exist.

lib/devise/models/confirmable.rb

@@ -55,11 +55,11 @@ module Devise
         unless_confirmed { send_confirmation_instructions }
       end
 
-      # Overwrites active? from Devise::Models::Activatable for confirmation
+      # Overwrites active_for_authentication? for confirmation
       # by verifying whether a user is active to sign in or not. If the user
       # is already confirmed, it should never be blocked. Otherwise we need to
       # calculate if the confirm time has not expired for this user.
-      def active?
+      def active_for_authentication?
         super && (!confirmation_required? || confirmed? || confirmation_period_valid?)
       end
 

lib/devise/models/database_authenticatable.rb

@@ -78,7 +78,7 @@ module Devise
 
       # Downcase case-insensitive keys
       def downcase_keys
-        self.class.case_insensitive_keys.each { |k| self[k].try(:downcase!) }
+        (self.class.case_insensitive_keys || []).each { |k| self[k].try(:downcase!) }
       end
 
       # Digests the password using bcrypt.

lib/devise/models/lockable.rb

@@ -57,9 +57,9 @@ module Devise
         if_access_locked { send_unlock_instructions }
       end
 
-      # Overwrites active? from Devise::Models::Activatable for locking purposes
+      # Overwrites active_for_authentication? from Devise::Models::Activatable for locking purposes
       # by verifying whether a user is active to sign in or not based on locked?
-      def active?
+      def active_for_authentication?
         super && !access_locked?
       end
 

lib/devise/models/validatable.rb

@@ -24,7 +24,7 @@ module Devise
         base.class_eval do
           validates_presence_of   :email, :if => :email_required?
           validates_uniqueness_of :email, :scope => authentication_keys[1..-1],
-            :case_sensitive => case_insensitive_keys.exclude?(:email), :allow_blank => true
+            :case_sensitive => (case_insensitive_keys != false), :allow_blank => true
           validates_format_of     :email, :with  => email_regexp, :allow_blank => true
 
           with_options :if => :password_required? do |v|

lib/devise/omniauth/config.rb

@@ -13,18 +13,6 @@ module Devise
       def strategy_class
         ::OmniAuth::Strategies.const_get("#{::OmniAuth::Utils.camelize(@provider.to_s)}")
       end
-
-      def check_if_allow_stubs!
-        raise "OmniAuth strategy for #{@provider} does not allow stubs, only OAuth2 ones do." unless allow_stubs?
-      end
-
-      def allow_stubs?
-        defined?(::OmniAuth::Strategies::OAuth2) && strategy.is_a?(::OmniAuth::Strategies::OAuth2)
-      end
-
-      def build_connection(&block)
-        strategy.client.connection.build(&block)
-      end
     end
   end
 end     

lib/devise/omniauth/test_helpers.rb

@@ -1,31 +0,0 @@
-module Devise
-  module OmniAuth
-    module TestHelpers
-      DEPRECATION_MESSAGE = "Faraday changed the way mocks work in a way incompatible to Devise. Luckily, Omniauth now supports a new test mode, please use it in your tests instead: https://github.com/intridea/omniauth/wiki/Integration-Testing"
-
-      DeprecationError = Class.new(StandardError)
-
-      def self.stub!(*args)
-        raise DeprecationError, DEPRECATION_MESSAGE
-      end
-
-      def self.reset_stubs!(*args)
-        raise DeprecationError, DEPRECATION_MESSAGE
-      end
-
-      def self.test_mode!
-        warn DEPRECATION_MESSAGE
-      end
-
-      def self.short_circuit_authorizers!
-        ::OmniAuth.config.test_mode = true
-        warn DEPRECATION_MESSAGE
-      end
-
-      def self.unshort_circuit_authorizers!
-        ::OmniAuth.config.test_mode = false
-        warn DEPRECATION_MESSAGE
-      end
-    end
-  end
-end

lib/devise/rails.rb

@@ -17,6 +17,14 @@ module Devise
       Devise.include_helpers(Devise::Controllers)
     end
 
+    initializer "devise.navigationals" do
+      formats = Devise.navigational_formats
+      if formats.include?(:"*/*") && formats.exclude?("*/*")
+        puts "[DEVISE] We see the symbol :\"*/*\" in the navigational formats in your initializer " \
+          "but not the string \"*/*\". Due to changes in latest Rails, please include the latter."
+      end
+    end
+
     initializer "devise.omniauth" do |app|
       Devise.omniauth_configs.each do |provider, config|
         app.middleware.use config.strategy_class, *config.args do |strategy|
@@ -32,18 +40,20 @@ module Devise
     initializer "devise.encryptor_check" do
       case Devise.encryptor
       when :bcrypt
-        puts "[DEVISE] From version 1.2, there is no need to set your encryptor to bcrypt " <<
-          "since encryptors are only enabled if you include :encryptable in your models. " << 
-          "With this change, we can integrate better with bcrypt and get rid of the " <<
-          "password_salt column (since bcrypt stores the salt with password). " <<
-          "Please comment config.encryptor in your initializer to get rid of this warning."
+        puts "[DEVISE] From version 1.2, there is no need to set your encryptor to bcrypt " \
+          "since encryptors are only enabled if you include :encryptable in your models. " \
+          "To update your app, please:\n\n" \
+          "1) Remove config.encryptor from your initializer;\n" \
+          "2) Add t.encryptable to your old migrations;\n" \
+          "3) [Optional] Remove password_salt in a new recent migration. Bcrypt does not require it anymore.\n"
       when nil
         # Nothing to say
       else
-        puts "[DEVISE] You are using #{Devise.encryptor} as encryptor. From version 1.2, " <<
-          "you need to explicitly add `devise :encryptable, :encryptor => :#{Devise.encryptor}` " <<
-          "to your models and comment the current value in the config/initializers/devise.rb. " <<
-          "You must also add t.encryptable to your existing migrations."
+        puts "[DEVISE] You are using #{Devise.encryptor} as encryptor. From version 1.2, " \
+          "you need to explicitly add encryptable as dependency. To update your app, please:\n\n" \
+          "1) Remove config.encryptor from your initializer;\n" \
+          "2) Add t.encryptable to your old migrations;\n" \
+          "3) Add `devise :encryptable, :encryptor => :#{Devise.encryptor}` to your models.\n"
       end
     end
   end

lib/devise/rails/routes.rb

@@ -263,7 +263,8 @@ module ActionDispatch::Routing
       end
 
       def devise_omniauth_callback(mapping, controllers) #:nodoc:
-        path_prefix = "/#{mapping.path}/auth"
+        path, @scope[:path] = @scope[:path], nil
+        path_prefix = "/#{mapping.path}/auth".squeeze("/")
 
         if ::OmniAuth.config.path_prefix && ::OmniAuth.config.path_prefix != path_prefix
           warn "[DEVISE] You can only add :omniauthable behavior to one model."
@@ -271,8 +272,10 @@ module ActionDispatch::Routing
           ::OmniAuth.config.path_prefix = path_prefix
         end
 
-        match "/auth/:action/callback", :action => Regexp.union(mapping.to.omniauth_providers.map(&:to_s)),
+        match "#{path_prefix}/:action/callback", :action => Regexp.union(mapping.to.omniauth_providers.map(&:to_s)),
           :to => controllers[:omniauth_callbacks], :as => :omniauth_callback
+      ensure
+        @scope[:path] = path
       end
 
       def with_devise_exclusive_scope(new_path, new_as) #:nodoc:

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.2.rc2".freeze
+  VERSION = "1.2.1".freeze
 end

test/integration/omniauthable_test.rb

@@ -119,24 +119,20 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
     assert_equal '/q/users/auth/facebook', current_url
   end
 
-  # The following two tests are commented because OmniAuth's test
-  # support is not yet able to support failure scenarios.
-  #
-  # test "handles callback error parameter according to the specification" do
-  #   visit "/users/auth/facebook/callback?error=access_denied"
-  #   assert_current_url "/users/sign_in"
-  #   assert_contain 'Could not authorize you from Facebook because "Access denied".'
-  # end
+  test "handles callback error parameter according to the specification" do
+    OmniAuth.config.mock_auth[:facebook] = :access_denied
+    visit "/users/auth/facebook/callback?error=access_denied"
+    assert_current_url "/users/sign_in"
+    assert_contain 'Could not authorize you from Facebook because "Access denied".'
+  end
 
-  # test "handles other exceptions from omniauth" do
-  #   Devise::OmniAuth.stub!(:facebook) do |b|
-  #     b.post('/oauth/access_token') { [401, {}, {}.to_json] }
-  #   end
+  test "handles other exceptions from omniauth" do
+    OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
 
-  #   visit "/users/sign_in"
-  #   click_link "Sign in with facebook"
+    visit "/users/sign_in"
+    click_link "Sign in with facebook"
 
-  #   assert_current_url "/users/sign_in"
-  #   assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
-  # end
+    assert_current_url "/users/sign_in"
+    assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
+  end
 end

test/models/confirmable_test.rb

@@ -167,10 +167,10 @@ class ConfirmableTest < ActiveSupport::TestCase
     swap Devise, :confirm_within => 1.day do
       user = new_user
       user.confirmation_sent_at = 2.days.ago
-      assert_not user.active?
+      assert_not user.active_for_authentication?
 
       Devise.confirm_within = 3.days
-      assert user.active?
+      assert user.active_for_authentication?
     end
   end
 
@@ -180,35 +180,35 @@ class ConfirmableTest < ActiveSupport::TestCase
       user = create_user
 
       user.confirmation_sent_at = 4.days.ago
-      assert user.active?
+      assert user.active_for_authentication?
 
       user.confirmation_sent_at = 5.days.ago
-      assert_not user.active?
+      assert_not user.active_for_authentication?
     end
   end
 
   test 'should be active when already confirmed' do
     user = create_user
     assert_not user.confirmed?
-    assert_not user.active?
+    assert_not user.active_for_authentication?
 
     user.confirm!
     assert user.confirmed?
-    assert user.active?
+    assert user.active_for_authentication?
   end
 
   test 'should not be active when confirm in is zero' do
     Devise.confirm_within = 0.days
     user = create_user
     user.confirmation_sent_at = Date.today
-    assert_not user.active?
+    assert_not user.active_for_authentication?
   end
 
   test 'should not be active without confirmation' do
     user = create_user
     user.confirmation_sent_at = nil
     user.save
-    assert_not user.reload.active?
+    assert_not user.reload.active_for_authentication?
   end
 
   test 'should be active without confirmation when confirmation is not required' do
@@ -216,7 +216,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user.instance_eval { def confirmation_required?; false end }
     user.confirmation_sent_at = nil
     user.save
-    assert user.reload.active?
+    assert user.reload.active_for_authentication?
   end
 
   test 'should find a user to send email instructions for the user confirm it\'s email by authentication_keys' do

test/models/lockable_test.rb

@@ -47,12 +47,12 @@ class LockableTest < ActiveSupport::TestCase
     assert user.access_locked?
   end
 
-  test "active? should be the opposite of locked?" do
+  test "active_for_authentication? should be the opposite of locked?" do
     user = create_user
     user.confirm!
-    assert user.active?
+    assert user.active_for_authentication?
     user.lock_access!
-    assert_not user.active?
+    assert_not user.active_for_authentication?
   end
 
   test "should unlock a user by cleaning locked_at, falied_attempts and unlock_token" do

test/omniauth/test_helpers_test.rb

@@ -1,25 +0,0 @@
-require 'test_helper'
-
-class OmniAuthTestHelpersTest < ActiveSupport::TestCase
-  test "Assert that stub! raises deprecation error" do
-    assert_raises Devise::OmniAuth::TestHelpers::DeprecationError do
-      Devise::OmniAuth::TestHelpers.stub!
-    end
-  end
-
-  test "Assert that reset_stubs! raises deprecation error" do
-    assert_raises Devise::OmniAuth::TestHelpers::DeprecationError do
-      Devise::OmniAuth::TestHelpers.reset_stubs!
-    end
-  end
-
-  test "Assert that short_circuit_authorizers! warns about deprecation" do
-    Devise::OmniAuth::TestHelpers.short_circuit_authorizers!
-    assert ::OmniAuth.config.test_mode
-  end
-
-  test "Assert that unshort_circuit_authorizers! warns about deprecation" do
-    Devise::OmniAuth::TestHelpers.unshort_circuit_authorizers!
-    assert ! ::OmniAuth.config.test_mode
-  end
-end

test/test_helpers_test.rb

@@ -19,7 +19,7 @@ class TestHelpersTest < ActionController::TestCase
   test "redirects if attempting to access a page with an unconfirmed account" do
     swap Devise, :confirm_within => 0 do
       user = create_user
-      assert !user.active?
+      assert !user.active_for_authentication?
 
       sign_in user
       get :index
@@ -30,7 +30,7 @@ class TestHelpersTest < ActionController::TestCase
   test "returns nil if accessing current_user with an unconfirmed account" do
     swap Devise, :confirm_within => 0 do
       user = create_user
-      assert !user.active?
+      assert !user.active_for_authentication?
 
       sign_in user
       get :accept, :id => user