Prepare for 1.4.6

Typo

.travis.yml

@@ -5,4 +5,8 @@ rvm:
   - ree
   - rbx
   - rbx-2.0
-  - jruby
+  - jruby
+notifications:
+  recipients:
+    - jose.valim@plataformatec.com.br
+    - carlos@plataformatec.com.br

CHANGELOG.rdoc

@@ -1,4 +1,12 @@
-== 1.4.5.dev
+== 1.4.6
+
+* enhancements
+  * Allow devise_for :skip => :all
+  * Allow options to be passed to authenticate_user!
+  * Allow --skip-routes to devise generator
+  * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller
+
+== 1.4.5
 
 * bug fix
   * Failure app tries the root path if a session one does not exist

app/controllers/devise/registrations_controller.rb

@@ -114,7 +114,7 @@ class Devise::RegistrationsController < ApplicationController
 
     # Authenticates the current scope and gets the current resource from the session.
     def authenticate_scope!
-      send(:"authenticate_#{resource_name}!", true)
+      send(:"authenticate_#{resource_name}!", :force => true)
       self.resource = send(:"current_#{resource_name}")
     end
 end

app/controllers/devise/sessions_controller.rb

@@ -1,5 +1,6 @@
 class Devise::SessionsController < ApplicationController
   prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+  before_filter :allow_params_authentication!, :only => :create
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/sign_in

lib/devise/controllers/helpers.rb

@@ -36,8 +36,14 @@ module Devise
         mapping = mapping.name
 
         class_eval <<-METHODS, __FILE__, __LINE__ + 1
-          def authenticate_#{mapping}!(force = false)
-            warden.authenticate!(:scope => :#{mapping}) if !devise_controller? || force
+          def authenticate_#{mapping}!(opts={})
+            if !opts.is_a?(Hash)
+              opts = { :force => opts }
+              ActiveSupport::Deprecation.warn "Passing a boolean to authenticate_#{mapping}! " \
+                "is deprecated, please use :force => \#{opts[:force]} instead", caller
+            end
+            opts[:scope] = :#{mapping}
+            warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
           end
 
           def #{mapping}_signed_in?
@@ -72,6 +78,11 @@ module Devise
         false
       end
 
+      # Tell warden that params authentication is allowed for that specific page.
+      def allow_params_authentication!
+        request.env["devise.allow_params_authentication"] = true
+      end
+
       # Return true if the given scope is signed in session. If no scope given, return
       # true if any scope is signed in. Does not run authentication hooks.
       def signed_in?(scope=nil)

lib/devise/mapping.rb

@@ -78,6 +78,8 @@ module Devise
 
       if options.has_key?(:only)
         @used_routes = self.routes & Array(options[:only]).map(&singularizer)
+      elsif options[:skip] == :all
+        @used_routes = []
       else
         @used_routes = self.routes - Array(options[:skip]).map(&singularizer)
       end

lib/devise/models/trackable.rb

@@ -5,7 +5,7 @@ module Devise
     # Track information about your user sign in. It tracks the following columns:
     #
     # * sign_in_count      - Increased every time a sign in is made (by form, openid, oauth)
-    # * current_sign_in_at - A tiemstamp updated when the user signs in
+    # * current_sign_in_at - A timestamp updated when the user signs in
     # * last_sign_in_at    - Holds the timestamp of the previous sign in
     # * current_sign_in_ip - The remote ip updated when the user sign in
     # * last_sign_in_ip    - Holds the remote ip of the previous sign in

lib/devise/strategies/authenticatable.rb

@@ -85,17 +85,7 @@ module Devise
 
       # By default, a request is valid  if the controller is allowed and the VERB is POST.
       def valid_request?
-        valid_controller? && valid_verb?
-      end
-
-      # Check if the controller is the one registered for authentication.
-      def valid_controller?
-        mapping.controllers[:sessions] == params[:controller]
-      end
-
-      # Check if it was a POST request.
-      def valid_verb?
-        request.post?
+        env["devise.allow_params_authentication"]
       end
 
       # If the request is valid, finally check if params_auth_hash returns a hash.

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.4.4".freeze
+  VERSION = "1.4.6".freeze
 end

lib/generators/devise/devise_generator.rb

@@ -9,9 +9,12 @@ module Devise
 
       hook_for :orm
 
+      class_option :routes, :desc => "Generate routes", :type => :boolean, :default => true
+
       def add_devise_routes
         devise_route  = "devise_for :#{plural_name}"
-        devise_route += %Q(, :class_name => "#{class_name}") if class_name.include?("::")
+        devise_route << %Q(, :class_name => "#{class_name}") if class_name.include?("::")
+        devise_route << %Q(, :skip => :all) unless options.routes?
         route devise_route
       end
     end

test/controllers/helpers_test.rb

@@ -45,6 +45,11 @@ class ControllerAuthenticatableTest < ActionController::TestCase
     @controller.authenticate_user!
   end
 
+  test 'proxy authenticate_user! options to authenticate with user scope' do
+    @mock_warden.expects(:authenticate!).with(:scope => :user, :recall => "foo")
+    @controller.authenticate_user!(:recall => "foo")
+  end
+
   test 'proxy authenticate_admin! to authenticate with admin scope' do
     @mock_warden.expects(:authenticate!).with(:scope => :admin)
     @controller.authenticate_admin!

test/generators/devise_generator_test.rb

@@ -22,6 +22,12 @@ class DeviseGeneratorTest < Rails::Generators::TestCase
     assert_file "config/routes.rb", match
   end
 
+  test "route generation with skip routes" do
+    run_generator %w(monster name:string --skip-routes)
+    match = /devise_for :monsters, :skip => :all/
+    assert_file "config/routes.rb", match
+  end
+
   def copy_routes
     routes = File.expand_path("../../rails_app/config/routes.rb", __FILE__)
     destination = File.join(destination_root, "config")

test/mapping_test.rb

@@ -31,6 +31,10 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal "admin_area", Devise.mappings[:admin].path
   end
 
+  test 'allows to skip all routes' do
+    assert_equal [], Devise.mappings[:skip_admin].used_routes
+  end
+
   test 'sign_out_via defaults to :get' do
     assert_equal :get, Devise.mappings[:user].sign_out_via
   end

test/rails_app/config/routes.rb

@@ -50,6 +50,8 @@ Rails.application.routes.draw do
   constraints(:host => /192\.168\.1\.\d\d\d/) do
     devise_for :homebase_admin, :class_name => "Admin", :path => "homebase"
   end
+
+  devise_for :skip_admin, :class_name => "Admin", :skip => :all
   
   # Routes for format=false testing
   devise_for :htmlonly_admin, :class_name => "Admin", :skip => [:confirmations, :unlocks], :path => "htmlonly_admin", :format => false, :skip_helpers => [:confirmations, :unlocks]