Release v1.4.9

CHANGELOG.rdoc

@@ -1,3 +1,21 @@
+== 1.4.9
+
+* bug fix
+  * url helpers were not being set under some circumstances
+
+== 1.4.8
+
+* enhancements
+  * Add docs for assets pipeline and Heroku
+
+* bug fix
+  * confirmation_url was not being set under some circumstances
+
+== 1.4.7
+
+* bug fix
+  * Fix backward incompatible change from 1.4.6 for those using custom controllers
+
 == 1.4.6
 
 * enhancements

app/controllers/devise/sessions_controller.rb

@@ -1,6 +1,6 @@
 class Devise::SessionsController < ApplicationController
   prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
-  before_filter :allow_params_authentication!, :only => :create
+  prepend_before_filter :allow_params_authentication!, :only => :create
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/sign_in

lib/devise/controllers/url_helpers.rb

@@ -24,17 +24,20 @@ module Devise
         end
       end
 
-      def self.generate_helpers!
-        mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
-        routes = Devise::URL_HELPERS.slice(*mappings)
+      def self.generate_helpers!(routes=nil)
+        routes ||= begin
+          mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
+          Devise::URL_HELPERS.slice(*mappings)
+        end
 
         routes.each do |module_name, actions|
           [:path, :url].each do |path_or_url|
             actions.each do |action|
               action = action ? "#{action}_" : ""
+              method = "#{action}#{module_name}_#{path_or_url}"
 
               class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
-                def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
+                def #{method}(resource_or_scope, *args)
                   scope = Devise::Mapping.find_scope!(resource_or_scope)
                   send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
                 end
@@ -43,6 +46,8 @@ module Devise
           end
         end
       end
+
+      generate_helpers!(Devise::URL_HELPERS)
     end
   end
 end

lib/devise/rails/routes.rb

@@ -182,7 +182,6 @@ module ActionDispatch::Routing
       options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
       options[:constraints]   = (@scope[:constraints] || {}).merge(options[:constraints] || {})
       options[:defaults]      = (@scope[:defaults] || {}).merge(options[:defaults] || {})
-
       @scope[:options]        = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
 
       resources.map!(&:to_sym)

lib/devise/strategies/authenticatable.rb

@@ -85,7 +85,17 @@ module Devise
 
       # By default, a request is valid  if the controller is allowed and the VERB is POST.
       def valid_request?
-        env["devise.allow_params_authentication"]
+        if env["devise.allow_params_authentication"]
+          true
+        elsif request.post? && mapping.controllers[:sessions] == params[:controller]
+          ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
+            "In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
+            "\n\n  prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
+            "This will ensure your controller can authenticate from params for the create action.", caller
+          true
+        else
+          false
+        end
       end
 
       # If the request is valid, finally check if params_auth_hash returns a hash.

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.4.6".freeze
+  VERSION = "1.4.9".freeze
 end

lib/generators/templates/README

@@ -22,4 +22,11 @@ Some setup you must do manually if you haven't yet:
        <p class="notice"><%= notice %></p>
        <p class="alert"><%= alert %></p>
 
+  4. If you are deploying Rails 3.1 on Heroku, you may want to set:
+
+       config.assets.initialize_on_precompile = false
+
+     On config/application.rb forcing your application to not access the DB
+     or load models when precompiling your assets.
+
 ===============================================================================

lib/generators/templates/devise.rb

@@ -72,12 +72,11 @@ Devise.setup do |config|
   # config.pepper = <%= SecureRandom.hex(64).inspect %>
 
   # ==> Configuration for :confirmable
-  # The time you want to give your user to confirm his account. During this time
-  # he will be able to access your application without confirming. Default is 0.days
-  # When confirm_within is zero, the user won't be able to sign in without confirming.
-  # You can use this to let your user access some features of your application
-  # without confirming the account, but blocking it after a certain period
-  # (ie 2 days).
+  # A period that the user is allowed to access the website even without
+  # confirming his account. For instance, if set to 2.days, the user will be
+  # able to access the website for two days without confirming his account,
+  # access will be blocked just in the third day. Default is 0.days, meaning
+  # the user cannot access the website without confirming his account.
   # config.confirm_within = 2.days
 
   # Defines which key will be used when confirming an account