Release v1.4.5

2026-01-11 08:37:56 -05:00 · 2011-09-08 23:54:01 +02:00
18 changed files with 29 additions and 103 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,8 +5,4 @@ rvm:
  - ree
  - rbx
  - rbx-2.0
-  - jruby
-notifications:
-  recipients:
-    - jose.valim@plataformatec.com.br
-    - carlos@plataformatec.com.br
+  - jruby
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,29 +1,3 @@
-== 1.4.9
-
-* bug fix
-  * url helpers were not being set under some circumstances
-
-== 1.4.8
-
-* enhancements
-  * Add docs for assets pipeline and Heroku
-
-* bug fix
-  * confirmation_url was not being set under some circumstances
-
-== 1.4.7
-
-* bug fix
-  * Fix backward incompatible change from 1.4.6 for those using custom controllers
-
-== 1.4.6
-
-* enhancements
-  * Allow devise_for :skip => :all
-  * Allow options to be passed to authenticate_user!
-  * Allow --skip-routes to devise generator
-  * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller
-
 == 1.4.5

 * bug fix
--- a/app/controllers/devise/registrations_controller.rb
+++ b/app/controllers/devise/registrations_controller.rb
@@ -114,7 +114,7 @@ class Devise::RegistrationsController < ApplicationController

    # Authenticates the current scope and gets the current resource from the session.
    def authenticate_scope!
-      send(:"authenticate_#{resource_name}!", :force => true)
+      send(:"authenticate_#{resource_name}!", true)
      self.resource = send(:"current_#{resource_name}")
    end
 end
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@@ -1,6 +1,5 @@
 class Devise::SessionsController < ApplicationController
  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
-  prepend_before_filter :allow_params_authentication!, :only => :create
  include Devise::Controllers::InternalHelpers

  # GET /resource/sign_in
--- a/lib/devise/controllers/helpers.rb
+++ b/lib/devise/controllers/helpers.rb
@@ -36,14 +36,8 @@ module Devise
        mapping = mapping.name

        class_eval <<-METHODS, __FILE__, __LINE__ + 1
-          def authenticate_#{mapping}!(opts={})
-            if !opts.is_a?(Hash)
-              opts = { :force => opts }
-              ActiveSupport::Deprecation.warn "Passing a boolean to authenticate_#{mapping}! " \
-                "is deprecated, please use :force => \#{opts[:force]} instead", caller
-            end
-            opts[:scope] = :#{mapping}
-            warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
+          def authenticate_#{mapping}!(force = false)
+            warden.authenticate!(:scope => :#{mapping}) if !devise_controller? || force
          end

          def #{mapping}_signed_in?
@@ -78,11 +72,6 @@ module Devise
        false
      end

-      # Tell warden that params authentication is allowed for that specific page.
-      def allow_params_authentication!
-        request.env["devise.allow_params_authentication"] = true
-      end
-
      # Return true if the given scope is signed in session. If no scope given, return
      # true if any scope is signed in. Does not run authentication hooks.
      def signed_in?(scope=nil)
--- a/lib/devise/controllers/url_helpers.rb
+++ b/lib/devise/controllers/url_helpers.rb
@@ -24,20 +24,17 @@ module Devise
        end
      end

-      def self.generate_helpers!(routes=nil)
-        routes ||= begin
-          mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
-          Devise::URL_HELPERS.slice(*mappings)
-        end
+      def self.generate_helpers!
+        mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
+        routes = Devise::URL_HELPERS.slice(*mappings)

        routes.each do |module_name, actions|
          [:path, :url].each do |path_or_url|
            actions.each do |action|
              action = action ? "#{action}_" : ""
-              method = "#{action}#{module_name}_#{path_or_url}"

              class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
-                def #{method}(resource_or_scope, *args)
+                def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
                  scope = Devise::Mapping.find_scope!(resource_or_scope)
                  send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
                end
@@ -46,8 +43,6 @@ module Devise
          end
        end
      end
-
-      generate_helpers!(Devise::URL_HELPERS)
    end
  end
 end
--- a/lib/devise/mapping.rb
+++ b/lib/devise/mapping.rb
@@ -78,8 +78,6 @@ module Devise

      if options.has_key?(:only)
        @used_routes = self.routes & Array(options[:only]).map(&singularizer)
-      elsif options[:skip] == :all
-        @used_routes = []
      else
        @used_routes = self.routes - Array(options[:skip]).map(&singularizer)
      end
--- a/lib/devise/models/trackable.rb
+++ b/lib/devise/models/trackable.rb
@@ -5,7 +5,7 @@ module Devise
    # Track information about your user sign in. It tracks the following columns:
    #
    # * sign_in_count      - Increased every time a sign in is made (by form, openid, oauth)
-    # * current_sign_in_at - A timestamp updated when the user signs in
+    # * current_sign_in_at - A tiemstamp updated when the user signs in
    # * last_sign_in_at    - Holds the timestamp of the previous sign in
    # * current_sign_in_ip - The remote ip updated when the user sign in
    # * last_sign_in_ip    - Holds the remote ip of the previous sign in
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -182,6 +182,7 @@ module ActionDispatch::Routing
      options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
      options[:constraints]   = (@scope[:constraints] || {}).merge(options[:constraints] || {})
      options[:defaults]      = (@scope[:defaults] || {}).merge(options[:defaults] || {})
+
      @scope[:options]        = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false

      resources.map!(&:to_sym)
--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@@ -85,17 +85,17 @@ module Devise

      # By default, a request is valid  if the controller is allowed and the VERB is POST.
      def valid_request?
-        if env["devise.allow_params_authentication"]
-          true
-        elsif request.post? && mapping.controllers[:sessions] == params[:controller]
-          ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
-            "In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
-            "\n\n  prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
-            "This will ensure your controller can authenticate from params for the create action.", caller
-          true
-        else
-          false
-        end
+        valid_controller? && valid_verb?
+      end
+
+      # Check if the controller is the one registered for authentication.
+      def valid_controller?
+        mapping.controllers[:sessions] == params[:controller]
+      end
+
+      # Check if it was a POST request.
+      def valid_verb?
+        request.post?
      end

      # If the request is valid, finally check if params_auth_hash returns a hash.
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.4.9".freeze
+  VERSION = "1.4.5".freeze
 end
--- a/lib/generators/devise/devise_generator.rb
+++ b/lib/generators/devise/devise_generator.rb
@@ -9,12 +9,9 @@ module Devise

      hook_for :orm

-      class_option :routes, :desc => "Generate routes", :type => :boolean, :default => true
-
      def add_devise_routes
        devise_route  = "devise_for :#{plural_name}"
-        devise_route << %Q(, :class_name => "#{class_name}") if class_name.include?("::")
-        devise_route << %Q(, :skip => :all) unless options.routes?
+        devise_route += %Q(, :class_name => "#{class_name}") if class_name.include?("::")
        route devise_route
      end
    end
--- a/lib/generators/templates/README
+++ b/lib/generators/templates/README
@@ -22,11 +22,4 @@ Some setup you must do manually if you haven't yet:
       <p class="notice"><%= notice %></p>
       <p class="alert"><%= alert %></p>

-  4. If you are deploying Rails 3.1 on Heroku, you may want to set:
-
-       config.assets.initialize_on_precompile = false
-
-     On config/application.rb forcing your application to not access the DB
-     or load models when precompiling your assets.
-
 ===============================================================================
--- a/lib/generators/templates/devise.rb
+++ b/lib/generators/templates/devise.rb
@@ -72,11 +72,12 @@ Devise.setup do |config|
  # config.pepper = <%= SecureRandom.hex(64).inspect %>

  # ==> Configuration for :confirmable
-  # A period that the user is allowed to access the website even without
-  # confirming his account. For instance, if set to 2.days, the user will be
-  # able to access the website for two days without confirming his account,
-  # access will be blocked just in the third day. Default is 0.days, meaning
-  # the user cannot access the website without confirming his account.
+  # The time you want to give your user to confirm his account. During this time
+  # he will be able to access your application without confirming. Default is 0.days
+  # When confirm_within is zero, the user won't be able to sign in without confirming.
+  # You can use this to let your user access some features of your application
+  # without confirming the account, but blocking it after a certain period
+  # (ie 2 days).
  # config.confirm_within = 2.days

  # Defines which key will be used when confirming an account
--- a/test/controllers/helpers_test.rb
+++ b/test/controllers/helpers_test.rb
@@ -45,11 +45,6 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    @controller.authenticate_user!
  end

-  test 'proxy authenticate_user! options to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user, :recall => "foo")
-    @controller.authenticate_user!(:recall => "foo")
-  end
-
  test 'proxy authenticate_admin! to authenticate with admin scope' do
    @mock_warden.expects(:authenticate!).with(:scope => :admin)
    @controller.authenticate_admin!
--- a/test/generators/devise_generator_test.rb
+++ b/test/generators/devise_generator_test.rb
@@ -22,12 +22,6 @@ class DeviseGeneratorTest < Rails::Generators::TestCase
    assert_file "config/routes.rb", match
  end

-  test "route generation with skip routes" do
-    run_generator %w(monster name:string --skip-routes)
-    match = /devise_for :monsters, :skip => :all/
-    assert_file "config/routes.rb", match
-  end
-
  def copy_routes
    routes = File.expand_path("../../rails_app/config/routes.rb", __FILE__)
    destination = File.join(destination_root, "config")
--- a/test/mapping_test.rb
+++ b/test/mapping_test.rb
@@ -31,10 +31,6 @@ class MappingTest < ActiveSupport::TestCase
    assert_equal "admin_area", Devise.mappings[:admin].path
  end

-  test 'allows to skip all routes' do
-    assert_equal [], Devise.mappings[:skip_admin].used_routes
-  end
-
  test 'sign_out_via defaults to :get' do
    assert_equal :get, Devise.mappings[:user].sign_out_via
  end
--- a/test/rails_app/config/routes.rb
+++ b/test/rails_app/config/routes.rb
@@ -50,8 +50,6 @@ Rails.application.routes.draw do
  constraints(:host => /192\.168\.1\.\d\d\d/) do
    devise_for :homebase_admin, :class_name => "Admin", :path => "homebase"
  end
-
-  devise_for :skip_admin, :class_name => "Admin", :skip => :all
  
  # Routes for format=false testing
  devise_for :htmlonly_admin, :class_name => "Admin", :skip => [:confirmations, :unlocks], :path => "htmlonly_admin", :format => false, :skip_helpers => [:confirmations, :unlocks]