Release v1.4.8.

Update docs and CHANGELOG.
Try to fix the misterious case where some url helpers are not defined.
2026-01-11 08:37:56 -05:00 · 2011-10-10 14:44:07 +02:00 · 2011-10-10 14:43:52 +02:00 · 2011-10-09 17:14:37 +02:00
72 changed files with 319 additions and 727 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,8 +5,8 @@ rvm:
  - ree
  - rbx
  - rbx-2.0
+  - jruby
 notifications:
  recipients:
    - jose.valim@plataformatec.com.br
    - carlos@plataformatec.com.br
-    - rodrigo.flores@plataformatec.com.br
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,29 +1,3 @@
-== 1.5.0
-
-* enhancements
-  * Timeoutable also skips tracking if skip_trackable is given
-  * devise_for now accepts :failure_app as an option
-  * Models can select the proper mailer via devise_mailer method (by github.com/locomotivecms)
-  * Migration generator now uses the change method (by github.com/nashby)
-  * Support to markerb templates on the mailer generator (by github.com/sbounmy)
-  * Support for Omniauth 1.0 (older versions are no longer supported) (by github.com/TamiasSibiricus)
-
-* bug fix
-  * Allow idempotent API requests
-  * Fix bug where logs did not show 401 as status code
-  * Change paranoid settings to behave as success instead of as failure
-  * Fix bug where activation messages were shown first than the credentials error message
-  * Instance variables are expired after sign out
-
-* deprecation
-  * redirect_location is deprecated, please use after_sign_in_path_for
-  * after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it
-
-== 1.4.9
-
-* bug fix
-  * url helpers were not being set under some circumstances
-
 == 1.4.8

 * enhancements
--- a/8
+++ b/8
@@ -3,20 +3,18 @@ source "http://rubygems.org"
 gemspec

 gem "rails", "~> 3.1.0"
-gem 'omniauth', '~> 1.0.0'
-gem 'omniauth-oauth2', '~> 1.0.0'
+gem "oa-oauth", '~> 0.2.0', :require => "omniauth/oauth"
+gem "oa-openid", '~> 0.2.0', :require => "omniauth/openid"

 gem "rdoc"

 group :test do
-  gem 'omniauth-facebook'
-  gem 'omniauth-openid', '~> 1.0.1'
  gem "webrat", "0.7.2", :require => false
  gem "mocha", :require => false
 end

 platforms :jruby do
-  gem 'activerecord-jdbc-adapter'
+  gem 'activerecord-jdbc-adapter', :git => 'https://github.com/nicksieger/activerecord-jdbc-adapter.git'
  gem 'activerecord-jdbcsqlite3-adapter'
  gem 'jruby-openssl'
 end
--- a/README.rdoc
+++ b/README.rdoc
@@ -1,7 +1,5 @@
 == Devise

-{<img src="https://secure.travis-ci.org/plataformatec/devise.png" />}[http://travis-ci.org/plataformatec/devise]
-
 Devise is a flexible authentication solution for Rails based on Warden. It:

 * Is Rack based;
@@ -30,13 +28,13 @@ It's comprised of 12 modules:

 The Devise Wiki has lots of additional information about Devise including many "how-to" articles and answers to the most frequently asked questions. Please browse the Wiki after finishing this README:

-https://wiki.github.com/plataformatec/devise
+http://wiki.github.com/plataformatec/devise

 === Bug reports

 If you discover a problem with Devise, we would like to know about it. However, we ask that you please review these guidelines before submitting a bug report:

-https://github.com/plataformatec/devise/wiki/Bug-reports
+http://github.com/plataformatec/devise/wiki/Bug-reports

 If you found a security bug, do *NOT* use the GitHub issue tracker. Send email or a private GitHub message to the maintainers listed at the bottom of the README.

@@ -44,7 +42,7 @@ If you found a security bug, do *NOT* use the GitHub issue tracker. Send email o

 If you have any questions, comments, or concerns, please use the Google Group instead of the GitHub issue tracker:

-https://groups.google.com/group/plataformatec-devise
+http://groups.google.com/group/plataformatec-devise

 === RDocs

@@ -58,19 +56,19 @@ If you need to use Devise with Rails 2.3, you can always run `gem server` from t

 There are a few example applications available on GitHub that demonstrate various features of Devise with different versions of Rails. You can view them here:

-https://github.com/plataformatec/devise/wiki/Example-Applications
+http://github.com/plataformatec/devise/wiki/Example-Applications

 === Extensions

 Our community has created a number of extensions that add functionality above and beyond what is included with Devise. You can view a list of available extensions and add your own here:

-https://github.com/plataformatec/devise/wiki/Extensions
+http://github.com/plataformatec/devise/wiki/Extensions

 === Contributing

 We hope that you will consider contributing to Devise. Please read this short overview for some information about how to get started:

-https://github.com/plataformatec/devise/wiki/Contributing
+http://github.com/plataformatec/devise/wiki/Contributing

 You will usually want to write tests for your changes.  To run the test suite, `cd` into Devise's top-level directory and run `bundle install` and `rake`.  For the tests to pass, you will need to have a MongoDB server (version 1.6 or newer) running on your system.

@@ -291,7 +289,7 @@ The Devise mailer uses a similar pattern to create subject messages:

 Take a look at our locale file to check all available messages. You may also be interested in one of the many translations that are available on our wiki:

-https://github.com/plataformatec/devise/wiki/I18n
+http://github.com/plataformatec/devise/wiki/I18n

 === Test helpers

@@ -315,7 +313,7 @@ If you're using RSpec and want the helpers automatically included within all +de
    config.include Devise::TestHelpers, :type => :controller
  end

-Do not use such helpers for integration tests such as Cucumber or Webrat. Instead, fill in the form or explicitly set the user in session. For more tips, check the wiki (https://wiki.github.com/plataformatec/devise).
+Do not use such helpers for integration tests such as Cucumber or Webrat. Instead, fill in the form or explicitly set the user in session. For more tips, check the wiki (http://wiki.github.com/plataformatec/devise).

 === Omniauth

@@ -331,35 +329,25 @@ Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you jus

 Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of these strategies, you need set the desired encryptor in the encryptor initializer config option and add :encryptable to your model. You might also need to rename your encrypted password and salt columns to match Devise's fields (encrypted_password and password_salt).

-== Troubleshooting
-
-=== Heroku
-
-Using devise on Heroku with Ruby on Rails 3.1 requires setting:
-
-  config.assets.initialize_on_precompile = false
-
-Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html
-
 == Additional information

 === Warden

 Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here:

-https://github.com/hassox/warden
+http://github.com/hassox/warden

 === Contributors

 We have a long list of valued contributors. Check them all at:

-https://github.com/plataformatec/devise/contributors
+http://github.com/plataformatec/devise/contributors

 === Maintainers

-* José Valim (https://github.com/josevalim)
-* Carlos Antônio da Silva (https://github.com/carlosantoniodasilva)
+* José Valim (http://github.com/josevalim)
+* Carlos Antônio da Silva (http://github.com/carlosantoniodasilva)

 == License

-MIT License. Copyright 2011 Plataforma Tecnologia. http://blog.plataformatec.com.br
+MIT License. Copyright 2010 Plataforma Tecnologia. http://blog.plataformatec.com.br
--- a/app/controllers/devise/confirmations_controller.rb
+++ b/app/controllers/devise/confirmations_controller.rb
@@ -11,7 +11,8 @@ class Devise::ConfirmationsController < ApplicationController
  def create
    self.resource = resource_class.send_confirmation_instructions(params[resource_name])

-    if successfully_sent?(resource)
+    if successful_and_sane?(resource)
+      set_flash_message(:notice, :send_instructions) if is_navigational_format?
      respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
    else
      respond_with_navigational(resource){ render_with_scope :new }
@@ -40,7 +41,7 @@ class Devise::ConfirmationsController < ApplicationController

    # The path used after confirmation.
    def after_confirmation_path_for(resource_name, resource)
-      after_sign_in_path_for(resource)
+      redirect_location(resource_name, resource)
    end

 end
--- a/app/controllers/devise/passwords_controller.rb
+++ b/app/controllers/devise/passwords_controller.rb
@@ -12,7 +12,8 @@ class Devise::PasswordsController < ApplicationController
  def create
    self.resource = resource_class.send_reset_password_instructions(params[resource_name])

-    if successfully_sent?(resource)
+    if successful_and_sane?(resource)
+      set_flash_message(:notice, :send_instructions) if is_navigational_format?
      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
    else
      respond_with_navigational(resource){ render_with_scope :new }
@@ -34,7 +35,7 @@ class Devise::PasswordsController < ApplicationController
      flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
      set_flash_message(:notice, flash_message) if is_navigational_format?
      sign_in(resource_name, resource)
-      respond_with resource, :location => after_sign_in_path_for(resource)
+      respond_with resource, :location => redirect_location(resource_name, resource)
    else
      respond_with_navigational(resource){ render_with_scope :edit }
    end
--- a/app/controllers/devise/registrations_controller.rb
+++ b/app/controllers/devise/registrations_controller.rb
@@ -17,7 +17,7 @@ class Devise::RegistrationsController < ApplicationController
      if resource.active_for_authentication?
        set_flash_message :notice, :signed_up if is_navigational_format?
        sign_in(resource_name, resource)
-        respond_with resource, :location => after_sign_up_path_for(resource)
+        respond_with resource, :location => redirect_location(resource_name, resource)
      else
        set_flash_message :notice, :inactive_signed_up, :reason => inactive_reason(resource) if is_navigational_format?
        expire_session_data_after_sign_in!
@@ -83,6 +83,11 @@ class Devise::RegistrationsController < ApplicationController
      after_sign_in_path_for(resource)
    end

+    # Overwrite redirect_for_sign_in so it takes uses after_sign_up_path_for.
+    def redirect_location(scope, resource)
+      stored_location_for(scope) || after_sign_up_path_for(resource)
+    end
+
    # Returns the inactive reason translated.
    def inactive_reason(resource)
      reason = resource.inactive_message.to_s
@@ -98,7 +103,13 @@ class Devise::RegistrationsController < ApplicationController
    # The default url to be used after updating a resource. You need to overwrite
    # this method in your own RegistrationsController.
    def after_update_path_for(resource)
-      signed_in_root_path(resource)
+      if defined?(super)
+        ActiveSupport::Deprecation.warn "Defining after_update_path_for in ApplicationController " <<
+          "is deprecated. Please add a RegistrationsController to your application and define it there."
+        super
+      else
+        after_sign_in_path_for(resource)
+      end
    end

    # Authenticates the current scope and gets the current resource from the session.
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@@ -15,10 +15,10 @@ class Devise::SessionsController < ApplicationController
    resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
    set_flash_message(:notice, :signed_in) if is_navigational_format?
    sign_in(resource_name, resource)
-    respond_with resource, :location => after_sign_in_path_for(resource)
+    respond_with resource, :location => redirect_location(resource_name, resource)
  end

-  # DELETE /resource/sign_out
+  # GET /resource/sign_out
  def destroy
    signed_in = signed_in?(resource_name)
    Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
--- a/app/controllers/devise/unlocks_controller.rb
+++ b/app/controllers/devise/unlocks_controller.rb
@@ -12,7 +12,8 @@ class Devise::UnlocksController < ApplicationController
  def create
    self.resource = resource_class.send_unlock_instructions(params[resource_name])

-    if successfully_sent?(resource)
+    if successful_and_sane?(resource)
+      set_flash_message :notice, :send_instructions if is_navigational_format?
      respond_with({}, :location => new_session_path(resource_name))
    else
      respond_with_navigational(resource){ render_with_scope :new }
@@ -26,7 +27,7 @@ class Devise::UnlocksController < ApplicationController
    if resource.errors.empty?
      set_flash_message :notice, :unlocked if is_navigational_format?
      sign_in(resource_name, resource)
-      respond_with_navigational(resource){ redirect_to after_sign_in_path_for(resource) }
+      respond_with_navigational(resource){ redirect_to redirect_location(resource_name, resource) }
    else
      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render_with_scope :new }
    end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1,4 +1,4 @@
-# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
+# Additional translations at http://github.com/plataformatec/devise/wiki/I18n

 en:
  errors:
--- a/devise.gemspec
+++ b/devise.gemspec
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
  s.require_paths = ["lib"]

-  s.add_dependency("warden", "~> 1.1")
+  s.add_dependency("warden", "~> 1.0.3")
  s.add_dependency("orm_adapter", "~> 0.0.3")
  s.add_dependency("bcrypt-ruby", "~> 3.0")
 end
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -6,12 +6,10 @@ require 'set'
 require 'securerandom'

 module Devise
-  autoload :Delegator,   'devise/delegator'
-  autoload :FailureApp,  'devise/failure_app'
-  autoload :OmniAuth,    'devise/omniauth'
-  autoload :ParamFilter, 'devise/param_filter'
+  autoload :FailureApp, 'devise/failure_app'
+  autoload :OmniAuth, 'devise/omniauth'
  autoload :PathChecker, 'devise/path_checker'
-  autoload :Schema,      'devise/schema'
+  autoload :Schema, 'devise/schema'
  autoload :TestHelpers, 'devise/test_helpers'

  module Controllers
@@ -384,13 +382,10 @@ module Devise

  # Include helpers in the given scope to AC and AV.
  def self.include_helpers(scope)
+    Rails.application.routes.url_helpers.send :include, scope::UrlHelpers
+
    ActiveSupport.on_load(:action_controller) do
      include scope::Helpers if defined?(scope::Helpers)
-      include scope::UrlHelpers
-    end
-
-    ActiveSupport.on_load(:action_view) do
-      include scope::UrlHelpers
    end
  end

@@ -409,7 +404,7 @@ module Devise
  # block.
  def self.configure_warden! #:nodoc:
    @@warden_configured ||= begin
-      warden_config.failure_app   = Devise::Delegator.new
+      warden_config.failure_app   = Devise::FailureApp
      warden_config.default_scope = Devise.default_scope
      warden_config.intercept_401 = false

--- a/lib/devise/controllers/helpers.rb
+++ b/lib/devise/controllers/helpers.rb
@@ -8,13 +8,6 @@ module Devise
        helper_method :warden, :signed_in?, :devise_controller?
      end

-      module ClassMethods
-        def log_process_action(payload)
-          payload[:status] ||= 401 unless payload[:exception]
-          super
-        end
-      end
-
      # Define authentication filters and accessor helpers based on mappings.
      # These filters should be used inside the controllers as before_filters,
      # so you can control the scope of the user who should be signed in to
@@ -44,6 +37,11 @@ module Devise

        class_eval <<-METHODS, __FILE__, __LINE__ + 1
          def authenticate_#{mapping}!(opts={})
+            if !opts.is_a?(Hash)
+              opts = { :force => opts }
+              ActiveSupport::Deprecation.warn "Passing a boolean to authenticate_#{mapping}! " \
+                "is deprecated, please use :force => \#{opts[:force]} instead", caller
+            end
            opts[:scope] = :#{mapping}
            warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
          end
@@ -88,7 +86,7 @@ module Devise
      # Return true if the given scope is signed in session. If no scope given, return
      # true if any scope is signed in. Does not run authentication hooks.
      def signed_in?(scope=nil)
-        [ scope || Devise.mappings.keys ].flatten.any? do |scope|
+        [ scope || Devise.mappings.keys ].flatten.any? do |scope| 
          warden.authenticate?(:scope => scope)
        end
      end
@@ -107,7 +105,7 @@ module Devise
      #   sign_in @user                             # sign_in(resource)
      #   sign_in @user, :event => :authentication  # sign_in(resource, options)
      #   sign_in @user, :bypass => true            # sign_in(resource, options)
-      #
+      # 
      def sign_in(resource_or_scope, *args)
        options  = args.extract_options!
        scope    = Devise::Mapping.find_scope!(resource_or_scope)
@@ -139,7 +137,6 @@ module Devise
        warden.user(scope) # Without loading user here, before_logout hook is not called
        warden.raw_session.inspect # Without this inspect here. The session does not clear.
        warden.logout(scope)
-        instance_variable_set(:"@current_#{scope}", nil)
      end

      # Sign out all active users or scopes. This helper is useful for signing out all roles
@@ -148,7 +145,6 @@ module Devise
        Devise.mappings.keys.each { |s| warden.user(s) }
        warden.raw_session.inspect
        warden.logout
-        expire_devise_cached_variables!
      end

      # Returns and delete the url stored in the session for the given scope. Useful
@@ -163,21 +159,12 @@ module Devise
        session.delete("#{scope}_return_to")
      end

-      # The scope root url to be used when he's signed in. By default, it first
-      # tries to find a resource_root_path, otherwise it uses the root_path.
-      def signed_in_root_path(resource_or_scope)
-        scope = Devise::Mapping.find_scope!(resource_or_scope)
-        home_path = "#{scope}_root_path"
-        respond_to?(home_path, true) ? send(home_path) : root_path
-      end
-
      # The default url to be used after signing in. This is used by all Devise
      # controllers and you can overwrite it in your ApplicationController to
      # provide a custom hook for a custom resource.
      #
-      # By default, it first tries to find a valid resource_return_to key in the
-      # session, then it fallbacks to resource_root_path, otherwise it uses the
-      # root path. For a user scope, you can define the default url in
+      # By default, it first tries to find a resource_root_path, otherwise it
+      # uses the root path. For a user scope, you can define the default url in
      # the following way:
      #
      #   map.user_root '/users', :controller => 'users' # creates user_root_path
@@ -186,20 +173,22 @@ module Devise
      #     user.root :controller => 'users' # creates user_root_path
      #   end
      #
+      #
      # If the resource root path is not defined, root_path is used. However,
      # if this default is not enough, you can customize it, for example:
      #
      #   def after_sign_in_path_for(resource)
-      #     stored_location_for(resource) ||
-      #       if resource.is_a?(User) && resource.can_publish?
-      #         publisher_url
-      #       else
-      #         signed_in_root_path(resource)
-      #       end
+      #     if resource.is_a?(User) && resource.can_publish?
+      #       publisher_url
+      #     else
+      #       super
+      #     end
      #   end
      #
      def after_sign_in_path_for(resource_or_scope)
-        stored_location_for(resource_or_scope) || signed_in_root_path(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        home_path = "#{scope}_root_path"
+        respond_to?(home_path, true) ? send(home_path) : root_path
      end

      # Method used by sessions controller to sign out a user. You can overwrite
@@ -220,16 +209,11 @@ module Devise
        scope    = Devise::Mapping.find_scope!(resource_or_scope)
        resource = args.last || resource_or_scope
        sign_in(scope, resource, options)
-        redirect_to after_sign_in_path_for(resource)
+        redirect_to redirect_location(scope, resource)
      end

      def redirect_location(scope, resource) #:nodoc:
-        ActiveSupport::Deprecation.warn "redirect_location in Devise is deprecated. Please use after_sign_in_path_for instead.", caller
-        after_sign_in_path_for(resource)
-      end
-
-      def expire_session_data_after_sign_in!
-        session.keys.grep(/^devise\./).each { |k| session.delete(k) }
+        stored_location_for(scope) || after_sign_in_path_for(resource)
      end

      # Sign out a user and tries to redirect to the url specified by
@@ -240,19 +224,19 @@ module Devise
        redirect_to after_sign_out_path_for(scope)
      end

+      # A hook called to expire session data after sign up/in. All keys
+      # stored under "devise." namespace are removed after sign in.
+      def expire_session_data_after_sign_in!
+        session.keys.grep(/^devise\./).each { |k| session.delete(k) }
+      end
+
      # Overwrite Rails' handle unverified request to sign out all scopes,
      # clear run strategies and remove cached variables.
      def handle_unverified_request
        sign_out_all_scopes
        warden.clear_strategies_cache!
-        expire_devise_cached_variables!
-        super # call the default behaviour which resets the session
-      end
-
-      private
-
-      def expire_devise_cached_variables!
        Devise.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) }
+        super # call the default behaviour which resets the session
      end
    end
  end
--- a/lib/devise/controllers/internal_helpers.rb
+++ b/lib/devise/controllers/internal_helpers.rb
@@ -91,7 +91,6 @@ MESSAGE
      # Example:
      #   before_filter :require_no_authentication, :only => :new
      def require_no_authentication
-        return unless is_navigational_format?
        no_input = devise_mapping.no_input_strategies
        args = no_input.dup.push :scope => resource_name
        if no_input.present? && warden.authenticate?(*args)
@@ -101,20 +100,15 @@ MESSAGE
        end
      end

-      # Helper for use after calling send_*_instructions methods on a resource.
-      # If we are in paranoid mode, we always act as if the resource was valid
-      # and instructions were sent.
-      def successfully_sent?(resource)
-        notice = if Devise.paranoid
+      # Helper for use to validate if an resource is errorless. If we are on paranoid mode, we always should assume it is
+      # and return false.
+      def successful_and_sane?(resource)
+        if Devise.paranoid
+          set_flash_message :notice, :send_paranoid_instructions if is_navigational_format?
          resource.errors.clear
-          :send_paranoid_instructions
-        elsif resource.errors.empty?
-          :send_instructions
-        end
-
-        if notice
-          set_flash_message :notice, notice if is_navigational_format?
-          true
+          false
+        else
+          resource.errors.empty?
        end
      end

--- a/lib/devise/controllers/url_helpers.rb
+++ b/lib/devise/controllers/url_helpers.rb
@@ -41,6 +41,7 @@ module Devise
                  scope = Devise::Mapping.find_scope!(resource_or_scope)
                  send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
                end
+                protected :#{method}
              URL_HELPERS
            end
          end
--- a/lib/devise/delegator.rb
+++ b/lib/devise/delegator.rb
@@ -1,16 +0,0 @@
-module Devise
-  # Checks the scope in the given environment and returns the associated failure app.
-  class Delegator
-    def call(env)
-      failure_app(env).call(env)
-    end
-
-    def failure_app(env)
-      app = env["warden.options"] &&
-        (scope = env["warden.options"][:scope]) &&
-        Devise.mappings[scope].failure_app
-
-      app || Devise::FailureApp
-    end
-  end
-end
--- a/lib/devise/encryptors/authlogic_sha512.rb
+++ b/lib/devise/encryptors/authlogic_sha512.rb
@@ -7,7 +7,7 @@ module Devise
    # Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to simulate
    #  the default behavior.
    class AuthlogicSha512 < Base
-      # Generates a default password digest based on salt, pepper and the
+      # Gererates a default password digest based on salt, pepper and the
      # incoming password.
      def self.digest(password, stretches, salt, pepper)
        digest = [password, salt].flatten.join('')
--- a/lib/devise/encryptors/clearance_sha1.rb
+++ b/lib/devise/encryptors/clearance_sha1.rb
@@ -7,7 +7,7 @@ module Devise
    # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
    # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
    class ClearanceSha1 < Base
-      # Generates a default password digest based on salt, pepper and the
+      # Gererates a default password digest based on salt, pepper and the
      # incoming password.
      def self.digest(password, stretches, salt, pepper)
        Digest::SHA1.hexdigest("--#{salt}--#{password}--")
--- a/lib/devise/encryptors/restful_authentication_sha1.rb
+++ b/lib/devise/encryptors/restful_authentication_sha1.rb
@@ -9,7 +9,7 @@ module Devise
    # the initializer to simulate the default behavior.
    class RestfulAuthenticationSha1 < Base

-      # Generates a default password digest based on salt, pepper and the
+      # Gererates a default password digest based on salt, pepper and the
      # incoming password.
      def self.digest(password, stretches, salt, pepper)
        digest = pepper
--- a/lib/devise/encryptors/sha1.rb
+++ b/lib/devise/encryptors/sha1.rb
@@ -5,7 +5,7 @@ module Devise
    # = Sha1
    # Uses the Sha1 hash algorithm to encrypt passwords.
    class Sha1 < Base
-      # Generates a default password digest based on stretches, salt, pepper and the
+      # Gererates a default password digest based on stretches, salt, pepper and the
      # incoming password.
      def self.digest(password, stretches, salt, pepper)
        digest = pepper
--- a/lib/devise/encryptors/sha512.rb
+++ b/lib/devise/encryptors/sha512.rb
@@ -5,7 +5,7 @@ module Devise
    # = Sha512
    # Uses the Sha512 hash algorithm to encrypt passwords.
    class Sha512 < Base
-      # Generates a default password digest based on salt, pepper and the
+      # Gererates a default password digest based on salt, pepper and the
      # incoming password.
      def self.digest(password, stretches, salt, pepper)
        digest = pepper
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -15,8 +15,7 @@ module Devise
    delegate :flash, :to => :request

    def self.call(env)
-      @respond ||= action(:respond)
-      @respond.call(env)
+      action(:respond).call(env)
    end

    def self.default_url_options(*args)
--- a/lib/devise/hooks/timeoutable.rb
+++ b/lib/devise/hooks/timeoutable.rb
@@ -17,8 +17,6 @@ Warden::Manager.after_set_user do |record, warden, options|
      end
    end

-    unless warden.request.env['devise.skip_trackable']
-      warden.session(scope)['last_request_at'] = Time.now.utc
-    end
+    warden.session(scope)['last_request_at'] = Time.now.utc
  end
 end
--- a/lib/devise/mailers/helpers.rb
+++ b/lib/devise/mailers/helpers.rb
@@ -10,6 +10,11 @@ module Devise

      protected

+      def setup_mail(*args)
+        ActiveSupport::Deprecation.warn "setup_mail is deprecated, please use devise_mail instead", caller
+        devise_mail(*args)
+      end
+
      # Configure default email options
      def devise_mail(record, action)
        initialize_from_record(record)
--- a/lib/devise/mapping.rb
+++ b/lib/devise/mapping.rb
@@ -23,9 +23,7 @@ module Devise
  #
  class Mapping #:nodoc:
    attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
-                :class_name, :sign_out_via, :format, :used_routes, :used_helpers,
-                :constraints, :defaults, :failure_app
-
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers
    alias :name :singular

    # Receives an object and find a scope for it. If a scope cannot be found,
@@ -53,21 +51,46 @@ module Devise
      @singular = (options[:singular] || @scoped_path.tr('/', '_').singularize).to_sym

      @class_name = (options[:class_name] || name.to_s.classify).to_s
-      @klass = Devise.ref(@class_name)
+      @ref = Devise.ref(@class_name)

      @path = (options[:path] || name).to_s
      @path_prefix = options[:path_prefix]

+      mod = options[:module] || "devise"
+      @controllers = Hash.new { |h,k| h[k] = "#{mod}/#{k}" }
+      @controllers.merge!(options[:controllers] || {})
+      @controllers.each { |k,v| @controllers[k] = v.to_s }
+
+      @path_names = Hash.new { |h,k| h[k] = k.to_s }
+      @path_names.merge!(:registration => "")
+      @path_names.merge!(options[:path_names] || {})
+      
+      @constraints = Hash.new { |h,k| h[k] = k.to_s }
+      @constraints.merge!(options[:constraints] || {})
+
+      @defaults = Hash.new { |h,k| h[k] = k.to_s }
+      @defaults.merge!(options[:defaults] || {})
+
      @sign_out_via = options[:sign_out_via] || Devise.sign_out_via
      @format = options[:format]

-      default_failure_app(options)
-      default_controllers(options)
-      default_path_names(options)
-      default_constraints(options)
-      default_defaults(options)
-      default_used_route(options)
-      default_used_helpers(options)
+      singularizer = lambda { |s| s.to_s.singularize.to_sym }
+
+      if options.has_key?(:only)
+        @used_routes = self.routes & Array(options[:only]).map(&singularizer)
+      elsif options[:skip] == :all
+        @used_routes = []
+      else
+        @used_routes = self.routes - Array(options[:skip]).map(&singularizer)
+      end
+
+      if options[:skip_helpers] == true
+        @used_helpers = @used_routes
+      elsif skip = options[:skip_helpers]
+        @used_helpers = self.routes - Array(skip).map(&singularizer)
+      else
+        @used_helpers = self.routes
+      end
    end

    # Return modules for the mapping.
@@ -77,7 +100,7 @@ module Devise

    # Gives the class the mapping points to.
    def to
-      @klass.get
+      @ref.get
    end

    def strategies
@@ -99,7 +122,15 @@ module Devise
    def fullpath
      "/#{@path_prefix}/#{@path}".squeeze("/")
    end
-
+    
+    def constraints
+      @constraints
+    end
+    
+    def defaults
+      @defaults
+    end
+    
    # Create magic predicates for verifying what module is activated by this map.
    # Example:
    #
@@ -114,62 +145,5 @@ module Devise
        end
      METHOD
    end
-
-    private
-
-    def default_failure_app(options)
-      @failure_app = options[:failure_app] || Devise::FailureApp
-      if @failure_app.is_a?(String)
-        ref = Devise.ref(@failure_app)
-        @failure_app = lambda { |env| ref.get.call(env) }
-      end
-    end
-
-    def default_controllers(options)
-      mod = options[:module] || "devise"
-      @controllers = Hash.new { |h,k| h[k] = "#{mod}/#{k}" }
-      @controllers.merge!(options[:controllers]) if options[:controllers]
-      @controllers.each { |k,v| @controllers[k] = v.to_s }
-    end
-
-    def default_path_names(options)
-      @path_names = Hash.new { |h,k| h[k] = k.to_s }
-      @path_names[:registration] = ""
-      @path_names.merge!(options[:path_names]) if options[:path_names]
-    end
-
-    def default_constraints(options)
-      @constraints = Hash.new
-      @constraints.merge!(options[:constraints]) if options[:constraints]
-    end
-
-    def default_defaults(options)
-      @defaults = Hash.new
-      @defaults.merge!(options[:defaults]) if options[:defaults]
-    end
-
-    def default_used_route(options)
-      singularizer = lambda { |s| s.to_s.singularize.to_sym }
-
-      if options.has_key?(:only)
-        @used_routes = self.routes & Array(options[:only]).map(&singularizer)
-      elsif options[:skip] == :all
-        @used_routes = []
-      else
-        @used_routes = self.routes - Array(options[:skip]).map(&singularizer)
-      end
-    end
-
-    def default_used_helpers(options)
-      singularizer = lambda { |s| s.to_s.singularize.to_sym }
-
-      if options[:skip_helpers] == true
-        @used_helpers = @used_routes
-      elsif skip = options[:skip_helpers]
-        @used_helpers = self.routes - Array(skip).map(&singularizer)
-      else
-        @used_helpers = self.routes
-      end
-    end
  end
 end
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@@ -27,7 +27,7 @@ module Devise
    #
    # == active_for_authentication?
    #
-    # After authenticating a user and in each request, Devise checks if your model is active by
+    # Before authenticating a user and in each request, Devise checks if your model is active by
    # calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance,
    # :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.
    #
@@ -61,7 +61,11 @@ module Devise
      # However, you should not overwrite this method, you should overwrite active_for_authentication?
      # and inactive_message instead.
      def valid_for_authentication?
-        block_given? ? yield : true
+        if active_for_authentication?
+          block_given? ? yield : true
+        else
+          inactive_message
+        end
      end

      def active_for_authentication?
@@ -75,10 +79,6 @@ module Devise
      def authenticatable_salt
      end

-      def devise_mailer
-        Devise.mailer
-      end
-
      module ClassMethods
        Devise::Models.config(self, :authentication_keys, :request_keys, :strip_whitespace_keys, :case_insensitive_keys, :http_authenticatable, :params_authenticatable)

@@ -112,11 +112,10 @@ module Devise
        #   end
        #
        def find_for_authentication(conditions)
-          find_first_by_auth_conditions(conditions)
-        end
-
-        def find_first_by_auth_conditions(conditions)
-          to_adapter.find_first devise_param_filter.filter(conditions)
+          conditions = filter_auth_params(conditions.dup)
+          (case_insensitive_keys || []).each { |k| conditions[k].try(:downcase!) }
+          (strip_whitespace_keys || []).each { |k| conditions[k].try(:strip!) }
+          to_adapter.find_first(conditions)
        end

        # Find an initialize a record setting an error if it can't be found.
@@ -126,11 +125,14 @@ module Devise

        # Find an initialize a group of attributes based on a list of required attributes.
        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
+          (case_insensitive_keys || []).each { |k| attributes[k].try(:downcase!) }
+          (strip_whitespace_keys || []).each { |k| attributes[k].try(:strip!) }
+
          attributes = attributes.slice(*required_attributes)
          attributes.delete_if { |key, value| value.blank? }

          if attributes.size == required_attributes.size
-            record = find_first_by_auth_conditions(attributes)
+            record = to_adapter.find_first(filter_auth_params(attributes))
          end

          unless record
@@ -148,8 +150,16 @@ module Devise

        protected

-        def devise_param_filter
-          @devise_param_filter ||= Devise::ParamFilter.new(case_insensitive_keys, strip_whitespace_keys)
+        # Force keys to be string to avoid injection on mongoid related database.
+        def filter_auth_params(conditions)
+          conditions.each do |k, v|
+            conditions[k] = v.to_s if auth_param_requires_string_conversion?(v)
+          end if conditions.is_a?(Hash)
+        end
+        
+        # Determine which values should be transformed to string or passed as-is to the query builder underneath
+        def auth_param_requires_string_conversion?(value)
+          true unless value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Fixnum)
        end

        # Generate a token by looping and ensuring does not already exist.
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -34,7 +34,7 @@ module Devise
      def confirm!
        unless_confirmed do
          self.confirmation_token = nil
-          self.confirmed_at = Time.now.utc
+          self.confirmed_at = Time.now
          save(:validate => false)
        end
      end
@@ -47,7 +47,7 @@ module Devise
      # Send confirmation instructions by email
      def send_confirmation_instructions
        generate_confirmation_token! if self.confirmation_token.nil?
-        self.devise_mailer.confirmation_instructions(self).deliver
+        ::Devise.mailer.confirmation_instructions(self).deliver
      end

      # Resend confirmation token. This method does not need to generate a new token.
@@ -71,7 +71,7 @@ module Devise
      # If you don't want confirmation to be sent on create, neither a code
      # to be generated, call skip_confirmation!
      def skip_confirmation!
-        self.confirmed_at = Time.now.utc
+        self.confirmed_at = Time.now
      end

      protected
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -73,17 +73,7 @@ module Devise
      end

      # Updates record attributes without asking for the current password.
-      # Never allows to change the current password. If you are using this
-      # method, you should probably override this method to protect other
-      # attributes you would not like to be updated without a password.
-      #
-      # Example:
-      #
-      #   def update_without_password(params={})
-      #     params.delete(:email)
-      #     super(params)
-      #   end
-      #
+      # Never allows to change the current password
      def update_without_password(params={})
        params.delete(:password)
        params.delete(:password_confirmation)
--- a/lib/devise/models/lockable.rb
+++ b/lib/devise/models/lockable.rb
@@ -24,7 +24,7 @@ module Devise

      # Lock a user setting its locked_at to actual time.
      def lock_access!
-        self.locked_at = Time.now.utc
+        self.locked_at = Time.now

        if unlock_strategy_enabled?(:email)
          generate_unlock_token
@@ -49,7 +49,7 @@ module Devise

      # Send unlock instructions by email
      def send_unlock_instructions
-        self.devise_mailer.unlock_instructions(self).deliver
+        ::Devise.mailer.unlock_instructions(self).deliver
      end

      # Resend the unlock instructions if the user is locked.
@@ -79,21 +79,25 @@ module Devise
        # if the user can login or not (wrong password, etc)
        unlock_access! if lock_expired?

-        if super
+        case (result = super)
+        when Symbol
+          return result
+        when TrueClass
          self.failed_attempts = 0
          save(:validate => false)
-          true
-        else
+        when FalseClass
+          # PostgreSQL uses nil as the default value for integer columns set to 0
          self.failed_attempts ||= 0
          self.failed_attempts += 1
          if attempts_exceeded?
-            lock_access! unless access_locked?
+            lock_access!
            return :locked
          else
            save(:validate => false)
          end
-          false
        end
+
+        result
      end

      protected
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@@ -40,7 +40,7 @@ module Devise
      # Resets reset password token and send reset password instructions by email
      def send_reset_password_instructions
        generate_reset_password_token! if should_generate_token?
-        self.devise_mailer.reset_password_instructions(self).deliver
+        ::Devise.mailer.reset_password_instructions(self).deliver
      end

      # Checks if the reset password token sent is within the limit time.
@@ -64,7 +64,7 @@ module Devise
      #   reset_password_period_valid?   # will always return false
      #
      def reset_password_period_valid?
-        return true unless respond_to?(:reset_password_sent_at)
+        return true unless respond_to?(:reset_password_sent_at) 
        reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
      end

@@ -121,7 +121,7 @@ module Devise
          recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token])
          if recoverable.persisted?
            if recoverable.reset_password_period_valid?
-              recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])
+              recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) 
            else
              recoverable.errors.add(:reset_password_token, :expired)
            end
--- a/lib/devise/models/trackable.rb
+++ b/lib/devise/models/trackable.rb
@@ -12,11 +12,11 @@ module Devise
    #
    module Trackable
      def update_tracked_fields!(request)
-        old_current, new_current = self.current_sign_in_at, Time.now.utc
+        old_current, new_current = self.current_sign_in_at, Time.now
        self.last_sign_in_at     = old_current || new_current
        self.current_sign_in_at  = new_current

-        old_current, new_current = self.current_sign_in_ip, request.ip
+        old_current, new_current = self.current_sign_in_ip, request.remote_ip
        self.last_sign_in_ip     = old_current || new_current
        self.current_sign_in_ip  = new_current

--- a/lib/devise/omniauth.rb
+++ b/lib/devise/omniauth.rb
@@ -1,13 +1,12 @@
 begin
-  require "omniauth"
-  require 'omniauth/version'
+  require "omniauth/core"
 rescue LoadError => e
-  warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
+  warn "Could not load 'omniauth/core'. Please ensure you have the oa-core gem installed and listed in your Gemfile."
  raise
 end

-unless OmniAuth::VERSION =~ /^1\./
-  raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
+unless OmniAuth.config.respond_to? :test_mode
+  raise "You are using an old OmniAuth version, please ensure you have 0.2.0.beta version or later installed."
 end

 # Clean up the default path_prefix. It will be automatically set by Devise.
--- a/lib/devise/omniauth/config.rb
+++ b/lib/devise/omniauth/config.rb
@@ -2,45 +2,23 @@ module Devise
  module OmniAuth
    class Config
      attr_accessor :strategy
-      attr_reader :args, :options, :provider
+      attr_reader :args

      def initialize(provider, args)
        @provider = provider
        @args     = args
        @strategy = nil
-        @options = @args.last.is_a?(Hash) ? @args.last : {}
      end

      # open_id strategy can have configurable name
      def strategy_name
-        options[:name] || @provider
+        options = @args.last.is_a?(Hash) && @args.last
+        options && options[:name] ? options[:name] : @provider
      end

      def strategy_class
-        find_strategy || require_strategy
-      end
-
-      def find_strategy
-        ::OmniAuth.strategies.find do |strategy_class|
-          strategy_class.to_s =~ /#{::OmniAuth::Utils.camelize(strategy_name)}$/ ||
-            strategy_class.default_options[:name] == strategy_name
-        end
-      end
-
-      def require_strategy
-        if [:facebook, :github, :twitter].include?(provider.to_sym)
-          require "omniauth/strategies/#{provider}"
-        elsif options[:require]
-          require options[:require]
-        else
-          require "omniauth-#{provider}"
-        end
-        find_strategy || autoload_strategy
-      end
-
-      def autoload_strategy
-        ::OmniAuth::Strategies.const_get(::OmniAuth::Utils.camelize(provider.to_s))
+        ::OmniAuth::Strategies.const_get("#{::OmniAuth::Utils.camelize(@provider.to_s)}")
      end
    end
  end
-end     
+end     
--- a/lib/devise/omniauth/url_helpers.rb
+++ b/lib/devise/omniauth/url_helpers.rb
@@ -3,9 +3,10 @@ module Devise
    module UrlHelpers
      def self.define_helpers(mapping)
        return unless mapping.omniauthable?
+        method = "#{mapping.name}_omniauth_authorize_path"

        class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
-          def #{mapping.name}_omniauth_authorize_path(provider, params = {})
+          def #{method}(provider, params = {})
            if Devise.omniauth_configs[provider.to_sym]
              script_name = request.env["SCRIPT_NAME"]

@@ -16,9 +17,12 @@ module Devise
              raise ArgumentError, "Could not find omniauth provider \#{provider.inspect}"
            end
          end
+          protected :#{method}
        URL_HELPERS
      end

+      protected
+
      def omniauth_authorize_path(resource_or_scope, *args)
        scope = Devise::Mapping.find_scope!(resource_or_scope)
        send("#{scope}_omniauth_authorize_path", *args)
--- a/lib/devise/param_filter.rb
+++ b/lib/devise/param_filter.rb
@@ -1,41 +0,0 @@
-module Devise
-  class ParamFilter
-    def initialize(case_insensitive_keys, strip_whitespace_keys)
-      @case_insensitive_keys = case_insensitive_keys || []
-      @strip_whitespace_keys = strip_whitespace_keys || []
-    end
-
-    def filter(conditions)
-      conditions = stringify_params(conditions.dup)
-
-      @case_insensitive_keys.each do |k|
-        value = conditions[k]
-        next unless value.respond_to?(:downcase)
-        conditions[k] = value.downcase
-      end
-
-      @strip_whitespace_keys.each do |k|
-        value = conditions[k]
-        next unless value.respond_to?(:strip)
-        conditions[k] = value.strip
-      end
-
-      conditions
-    end
-
-    # Force keys to be string to avoid injection on mongoid related database.
-    def stringify_params(conditions)
-      return conditions unless conditions.is_a?(Hash)
-      conditions.each do |k, v|
-        conditions[k] = v.to_s if param_requires_string_conversion?(v)
-      end
-    end
-
-    private
-
-    # Determine which values should be transformed to string or passed as-is to the query builder underneath
-    def param_requires_string_conversion?(value)
-      true unless value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Fixnum)
-    end
-  end
-end
--- a/lib/devise/rails.rb
+++ b/lib/devise/rails.rb
@@ -17,6 +17,17 @@ module Devise
      Devise.include_helpers(Devise::Controllers)
    end

+    initializer "devise.auth_keys" do
+      if Devise.authentication_keys.size > 1
+        puts "[DEVISE] You are configuring Devise to use more than one authentication key. " \
+          "In previous versions, we automatically added #{Devise.authentication_keys[1..-1].inspect} " \
+          "as scope to your e-mail validation, but this was changed now. If you were relying in such " \
+          "behavior, you should remove :validatable from your models and add the validations manually. " \
+          "To get rid of this warning, you can comment config.authentication_keys in your initializer " \
+          "and pass the current values as key to the devise call in your model."
+      end
+    end
+
    initializer "devise.omniauth" do |app|
      Devise.omniauth_configs.each do |provider, config|
        app.middleware.use config.strategy_class, *config.args do |strategy|
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -49,23 +49,23 @@ module ActionDispatch::Routing
    #
    # You can configure your routes with some options:
    #
-    #  * :class_name => setup a different class to be looked up by devise, if it cannot be
-    #    properly found by the route name.
+    #  * :class_name => setup a different class to be looked up by devise,
+    #                   if it cannot be correctly find by the route name.
    #
    #      devise_for :users, :class_name => 'Account'
    #
    #  * :path => allows you to setup path name that will be used, as rails routes does.
-    #    The following route configuration would setup your route as /accounts instead of /users:
+    #             The following route configuration would setup your route as /accounts instead of /users:
    #
    #      devise_for :users, :path => 'accounts'
    #
-    #  * :singular => setup the singular name for the given resource. This is used as the instance variable
-    #    name in controller, as the name in routes and the scope given to warden.
+    #  * :singular => setup the singular name for the given resource. This is used as the instance variable name in
+    #                 controller, as the name in routes and the scope given to warden.
    #
    #      devise_for :users, :singular => :user
    #
    #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
-    #    :password, :confirmation, :unlock.
+    #                   :password, :confirmation, :unlock.
    #
    #      devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
    #
@@ -74,9 +74,6 @@ module ActionDispatch::Routing
    #
    #      devise_for :users, :controllers => { :sessions => "users/sessions" }
    #
-    #  * :failure_app => a rack app which is invoked whenever there is a failure. Strings representing a given
-    #    are also allowed as parameter.
-    #
    #  * :sign_out_via => the HTTP method(s) accepted for the :sign_out action (default: :get),
    #    if you wish to restrict this to accept only :post or :delete requests you should do:
    #
@@ -357,7 +354,7 @@ module ActionDispatch::Routing
        path_prefix = "/#{mapping.path}/auth".squeeze("/")

        if ::OmniAuth.config.path_prefix && ::OmniAuth.config.path_prefix != path_prefix
-          raise "You can only add :omniauthable behavior to one Devise model"
+          warn "[DEVISE] You can only add :omniauthable behavior to one model."
        else
          ::OmniAuth.config.path_prefix = path_prefix
        end
--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@@ -85,7 +85,17 @@ module Devise

      # By default, a request is valid  if the controller is allowed and the VERB is POST.
      def valid_request?
-        !!env["devise.allow_params_authentication"]
+        if env["devise.allow_params_authentication"]
+          true
+        elsif request.post? && mapping.controllers[:sessions] == params[:controller]
+          ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
+            "In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
+            "\n\n  prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
+            "This will ensure your controller can authenticate from params for the create action.", caller
+          true
+        else
+          false
+        end
      end

      # If the request is valid, finally check if params_auth_hash returns a hash.
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.5.0".freeze
+  VERSION = "1.4.8".freeze
 end
--- a/lib/generators/active_record/templates/migration.rb
+++ b/lib/generators/active_record/templates/migration.rb
@@ -1,9 +1,5 @@
 class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
-<% if ::Rails::VERSION::MAJOR == 3 && ::Rails::VERSION::MINOR >= 1 -%>
-  def change
-<% else -%>
  def self.up
-<% end  -%>
    create_table(:<%= table_name %>) do |t|
      t.database_authenticatable :null => false
      t.recoverable
@@ -15,7 +11,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
      # t.lockable :lock_strategy => :<%= Devise.lock_strategy %>, :unlock_strategy => :<%= Devise.unlock_strategy %>
      # t.token_authenticatable

-<% attributes.each  do |attribute| -%>
+<% for  attribute in attributes -%>
      t.<%= attribute.type %> :<%= attribute.name %>
 <% end -%>

@@ -29,9 +25,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
    # add_index :<%= table_name %>, :authentication_token, :unique => true
  end

-<% unless  ::Rails::VERSION::MAJOR == 3 && ::Rails::VERSION::MINOR >= 1 -%>
  def self.down
    drop_table :<%= table_name %>
  end
-<% end  -%>
 end
--- a/lib/generators/active_record/templates/migration_existing.rb
+++ b/lib/generators/active_record/templates/migration_existing.rb
@@ -5,13 +5,13 @@ class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
      t.recoverable
      t.rememberable
      t.trackable
-
+    
      # t.encryptable
      # t.confirmable
      # t.lockable :lock_strategy => :<%= Devise.lock_strategy %>, :unlock_strategy => :<%= Devise.unlock_strategy %>
      # t.token_authenticatable

-<% attributes.each  do |attribute| -%>
+<% for  attribute in attributes -%>
      t.<%= attribute.type %> :<%= attribute.name %>
 <% end -%>

@@ -29,6 +29,6 @@ class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
  def self.down
    # By default, we don't want to make any assumption about how to roll back a migration when your
    # model already existed. Please edit below which fields you would like to remove in this migration.
-    raise ActiveRecord::IrreversibleMigration
+    raise ActiveRecord::IrreversibleMigration   
  end
 end
--- a/lib/generators/devise/views_generator.rb
+++ b/lib/generators/devise/views_generator.rb
@@ -23,8 +23,8 @@ module Devise

      protected

-      def view_directory(name, _target_path = nil)
-        directory name.to_s, _target_path || "#{target_path}/#{name}"
+      def view_directory(name)
+        directory name.to_s, "#{target_path}/#{name}"
      end

      def target_path
@@ -39,6 +39,7 @@ module Devise

      # Override copy_views to just copy mailer and shared.
      def copy_views
+        view_directory :mailer
        view_directory :shared
      end
    end
@@ -55,30 +56,6 @@ module Devise
      desc "Copies simple form enabled views to your application."
    end

-    class ErbGenerator < Rails::Generators::Base #:nodoc:
-      include ViewPathTemplates
-      source_root File.expand_path("../../../../app/views/devise", __FILE__)
-      desc "Copies Devise mail erb views to your application."
-
-      def copy_views
-        view_directory :mailer
-      end
-    end
-
-    class MarkerbGenerator < Rails::Generators::Base #:nodoc:
-      include ViewPathTemplates
-      source_root File.expand_path("../../templates", __FILE__)
-      desc "Copies Devise mail markerb views to your application."
-
-      def copy_views
-        view_directory :markerb, target_path
-      end
-
-      def target_path
-        "app/views/#{scope || :devise}/mailer"
-      end
-    end
-
    class ViewsGenerator < Rails::Generators::Base
      desc "Copies Devise views to your application."

@@ -86,13 +63,10 @@ module Devise
                       :desc => "The scope to copy views to"

      invoke SharedViewsGenerator
+
      hook_for :form_builder, :aliases => "-b",
                              :desc => "Form builder to be used",
                              :default => defined?(SimpleForm) ? "simple_form_for" : "form_for"
-
-      hook_for :markerb,  :desc => "Generate markerb instead of erb mail views",
-                          :default => defined?(Markerb) ? :markerb : :erb,
-                          :type => :boolean
    end
  end
 end
--- a/lib/generators/templates/devise.rb
+++ b/lib/generators/templates/devise.rb
@@ -203,6 +203,7 @@ Devise.setup do |config|
  # change the failure app, you can configure them inside the config.warden block.
  #
  # config.warden do |manager|
+  #   manager.failure_app   = AnotherApp
  #   manager.intercept_401 = false
  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
  # end
--- a/lib/generators/templates/markerb/confirmation_instructions.markerb
+++ b/lib/generators/templates/markerb/confirmation_instructions.markerb
@@ -1,5 +0,0 @@
-Welcome <%= @resource.email %>!
-
-You can confirm your account through the link below:
-
-<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>
--- a/lib/generators/templates/markerb/reset_password_instructions.markerb
+++ b/lib/generators/templates/markerb/reset_password_instructions.markerb
@@ -1,8 +0,0 @@
-Hello <%= @resource.email %>!
-
-Someone has requested a link to change your password, and you can do this through the link below.
-
-<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>
-
-If you didn't request this, please ignore this email.
-Your password won't change until you access the link above and create a new one.
--- a/lib/generators/templates/markerb/unlock_instructions.markerb
+++ b/lib/generators/templates/markerb/unlock_instructions.markerb
@@ -1,7 +0,0 @@
-Hello <%= @resource.email %>!
-
-Your account has been locked due to an excessive amount of unsuccessful sign in attempts.
-
-Click the link below to unlock your account:
-
-<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %>
--- a/test/controllers/helpers_test.rb
+++ b/test/controllers/helpers_test.rb
@@ -128,26 +128,6 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    @controller.sign_in(user, :bypass => true)
  end

-  test 'sign out clears up any signed in user from all scopes' do
-    user = User.new
-    @mock_warden.expects(:user).times(Devise.mappings.size)
-    @mock_warden.expects(:logout).with().returns(true)
-    @controller.instance_variable_set(:@current_user, user)
-    @controller.instance_variable_set(:@current_admin, user)
-    @controller.sign_out
-    assert_equal nil, @controller.instance_variable_get(:@current_user)
-    assert_equal nil, @controller.instance_variable_get(:@current_admin)
-  end
-
-  test 'sign out clears up any signed in user by scope' do
-    user = User.new
-    @mock_warden.expects(:user).with(:user).returns(user)
-    @mock_warden.expects(:logout).with(:user).returns(true)
-    @controller.instance_variable_set(:@current_user, user)
-    @controller.sign_out(:user)
-    assert_equal nil, @controller.instance_variable_get(:@current_user)
-  end
-  
  test 'sign out proxy to logout on warden' do
    @mock_warden.expects(:user).with(:user).returns(true)
    @mock_warden.expects(:logout).with(:user).returns(true)
@@ -228,6 +208,17 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    @controller.sign_in_and_redirect(admin)
  end

+  test 'redirect_location returns the stored location if set' do
+    user = User.new
+    @controller.session[:"user_return_to"] = "/foo.bar"
+    assert_equal '/foo.bar', @controller.redirect_location('user', user)
+  end
+
+  test 'redirect_location returns the after sign in path by default' do
+    user = User.new
+    assert_equal @controller.after_sign_in_path_for(:user), @controller.redirect_location('user', user)
+  end
+
  test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
    swap Devise, :sign_out_all_scopes => false do
      @mock_warden.expects(:user).with(:admin).returns(true)
--- a/test/controllers/internal_helpers_test.rb
+++ b/test/controllers/internal_helpers_test.rb
@@ -35,7 +35,7 @@ class HelpersTest < ActionController::TestCase
  end

  test 'resources methods are not controller actions' do
-    assert @controller.class.action_methods.empty?
+    assert @controller.class.action_methods.empty?, "Expected empty, got #{@controller.class.action_methods.inspect}"
  end

  test 'require no authentication tests current mapping' do
--- a/test/devise_test.rb
+++ b/test/devise_test.rb
@@ -25,7 +25,7 @@ class DeviseTest < ActiveSupport::TestCase
  end

  test 'stores warden configuration' do
-    assert_kind_of Devise::Delegator, Devise.warden_config.failure_app
+    assert_equal Devise::FailureApp, Devise.warden_config.failure_app
    assert_equal :user, Devise.warden_config.default_scope
  end

--- a/test/generators/active_record_generator_test.rb
+++ b/test/generators/active_record_generator_test.rb
@@ -7,30 +7,20 @@ if DEVISE_ORM == :active_record
    tests ActiveRecord::Generators::DeviseGenerator
    destination File.expand_path("../../tmp", __FILE__)
    setup :prepare_destination
-
+  
    test "all files are properly created" do
-      with_rails_version :MAJOR => 3, :MINOR => 0 do
-        run_generator %w(monster)
-        assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
-        assert_migration "db/migrate/devise_create_monsters.rb", /def self\.up/
-      end
+      run_generator %w(monster)
+      assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
+      assert_migration "db/migrate/devise_create_monsters.rb"
    end
-
-    test "all files are properly created with rails31 migration syntax" do
-      with_rails_version :MAJOR => 3, :MINOR => 1 do
-        run_generator %w(monster)
-        assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
-        assert_migration "db/migrate/devise_create_monsters.rb", /def change/
-      end
-    end
-
+    
    test "update model migration when model exists" do
      run_generator %w(monster)
      assert_file "app/models/monster.rb"
      run_generator %w(monster)
      assert_migration "db/migrate/add_devise_to_monsters.rb"
    end
-
+  
    test "all files are properly deleted" do
      run_generator %w(monster)
      run_generator %w(monster)
--- a/test/generators/views_generator_test.rb
+++ b/test/generators/views_generator_test.rb
@@ -28,19 +28,12 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
    assert_file "app/views/users/confirmations/new.html.erb", /simple_form_for/
  end

-  test "Assert views with markerb" do
-    run_generator %w(--markerb)
-    assert_files nil, :mail_template_engine => "markerb"
-  end
-
-  def assert_files(scope = nil, options={})
+  def assert_files(scope = nil, template_engine = nil)
    scope = "devise" if scope.nil?
-    mail_template_engine = options[:mail_template_engine] || "html.erb"
-
    assert_file "app/views/#{scope}/confirmations/new.html.erb"
-    assert_file "app/views/#{scope}/mailer/confirmation_instructions.#{mail_template_engine}"
-    assert_file "app/views/#{scope}/mailer/reset_password_instructions.#{mail_template_engine}"
-    assert_file "app/views/#{scope}/mailer/unlock_instructions.#{mail_template_engine}"
+    assert_file "app/views/#{scope}/mailer/confirmation_instructions.html.erb"
+    assert_file "app/views/#{scope}/mailer/reset_password_instructions.html.erb"
+    assert_file "app/views/#{scope}/mailer/unlock_instructions.html.erb"
    assert_file "app/views/#{scope}/passwords/edit.html.erb"
    assert_file "app/views/#{scope}/passwords/new.html.erb"
    assert_file "app/views/#{scope}/registrations/new.html.erb"
--- a/test/integration/authenticatable_test.rb
+++ b/test/integration/authenticatable_test.rb
@@ -131,7 +131,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
    end
  end

-  test 'signed in user should not see unauthenticated page' do
+  test 'signed in user should not see join page' do
    sign_in_as_user
    assert warden.authenticated?(:user)
    assert_not warden.authenticated?(:admin)
@@ -141,7 +141,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
    end
  end

-  test 'not signed in users should see unautheticated page' do
+  test 'not signed in should see join page' do
    get join_path

    assert_response :success
@@ -200,12 +200,6 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
    get root_path
    assert_not_contain 'Signed out successfully'
  end
-
-  test 'scope uses custom failure app' do
-    put "/en/accounts/management"
-    assert_equal "Oops, not found", response.body
-    assert_equal 404, response.status
-  end
 end

 class AuthenticationRedirectTest < ActionController::IntegrationTest
@@ -318,7 +312,7 @@ class AuthenticationSessionTest < ActionController::IntegrationTest
  end
 end

-class AuthenticationWithScopedViewsTest < ActionController::IntegrationTest
+class AuthenticationWithScopesTest < ActionController::IntegrationTest
  test 'renders the scoped view if turned on and view is available' do
    swap Devise, :scoped_views => true do
      assert_raise Webrat::NotFoundError do
@@ -445,22 +439,6 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
  end

-  test 'sign in with xml format is idempotent' do
-    get new_user_session_path(:format => 'xml')
-    assert_response :success
-
-    create_user
-    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
-    assert_response :success
-
-    get new_user_session_path(:format => 'xml')
-    assert_response :success
-
-    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}
-    assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
-  end
-
  test 'sign out with xml format returns ok response' do
    sign_in_as_user
    get destroy_user_session_path(:format => 'xml')
--- a/test/integration/confirmable_test.rb
+++ b/test/integration/confirmable_test.rb
@@ -6,7 +6,7 @@ class ConfirmationTest < ActionController::IntegrationTest
    visit user_confirmation_path(:confirmation_token => confirmation_token)
  end

-  def resend_confirmation
+  test 'user should be able to request a new confirmation' do
    user = create_user(:confirm => false)
    ActionMailer::Base.deliveries.clear

@@ -15,23 +15,10 @@ class ConfirmationTest < ActionController::IntegrationTest

    fill_in 'email', :with => user.email
    click_button 'Resend confirmation instructions'
-  end
-
-  test 'user should be able to request a new confirmation' do
-    resend_confirmation

    assert_current_url '/users/sign_in'
    assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
    assert_equal 1, ActionMailer::Base.deliveries.size
-    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
-  end
-
-  test 'user should receive a confirmation from a custom mailer' do
-    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
-
-    resend_confirmation
-
-    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
  end

  test 'user with invalid confirmation token should not be able to confirm an account' do
@@ -106,17 +93,6 @@ class ConfirmationTest < ActionController::IntegrationTest
    end
  end

-  test 'not confirmed user should not see confirmation message if invalid credentials are given' do
-    swap Devise, :confirm_within => 0.days do
-      sign_in_as_user(:confirm => false) do
-        fill_in 'password', :with => 'invalid'
-      end
-
-      assert_contain 'Invalid email or password'
-      assert_not warden.authenticated?(:user)
-    end
-  end
-
  test 'not confirmed user but configured with some days to confirm should be able to sign in' do
    swap Devise, :confirm_within => 1.day do
      sign_in_as_user(:confirm => false)
@@ -181,7 +157,7 @@ class ConfirmationTest < ActionController::IntegrationTest
      click_button 'Resend confirmation instructions'

      assert_contain "If your e-mail exists on our database, you will receive an email with instructions about how to confirm your account in a few minutes."
-      assert_current_url "/users/sign_in"
+      assert_current_url "/users/confirmation"
    end
  end

@@ -197,7 +173,7 @@ class ConfirmationTest < ActionController::IntegrationTest
      assert_not_contain "Email not found"

      assert_contain "If your e-mail exists on our database, you will receive an email with instructions about how to confirm your account in a few minutes."
-      assert_current_url "/users/sign_in"
+      assert_current_url "/users/confirmation"
    end
  end
 end
--- a/test/integration/lockable_test.rb
+++ b/test/integration/lockable_test.rb
@@ -6,7 +6,7 @@ class LockTest < ActionController::IntegrationTest
    visit user_unlock_path(:unlock_token => unlock_token)
  end

-  def send_unlock_request
+  test 'user should be able to request a new unlock token' do
    user = create_user(:locked => true)
    ActionMailer::Base.deliveries.clear

@@ -15,23 +15,10 @@ class LockTest < ActionController::IntegrationTest

    fill_in 'email', :with => user.email
    click_button 'Resend unlock instructions'
-  end
-
-  test 'user should be able to request a new unlock token' do
-    send_unlock_request

    assert_template 'sessions/new'
    assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
    assert_equal 1, ActionMailer::Base.deliveries.size
-    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
-  end
-
-  test 'user should receive the instructions from a custom mailer' do
-    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
-
-    send_unlock_request
-
-    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
  end

  test 'unlocked user should not be able to request a unlock token' do
@@ -172,7 +159,8 @@ class LockTest < ActionController::IntegrationTest
      fill_in 'email', :with => user.email
      click_button 'Resend unlock instructions'

-      assert_current_url "/users/sign_in"
+      assert_current_url "/users/unlock"
+
      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
    end
  end
@@ -187,7 +175,8 @@ class LockTest < ActionController::IntegrationTest
      fill_in 'email', :with => user.email
      click_button 'Resend unlock instructions'

-      assert_current_url "/users/sign_in"
+      assert_current_url "/users/unlock"
+
      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
    end
  end
@@ -202,7 +191,7 @@ class LockTest < ActionController::IntegrationTest

      assert_not_contain "1 error prohibited this user from being saved:"
      assert_not_contain "Email not found"
-      assert_current_url "/users/sign_in"
+      assert_current_url "/users/unlock"

      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."

--- a/test/integration/omniauthable_test.rb
+++ b/test/integration/omniauthable_test.rb
@@ -1,6 +1,5 @@
 require 'test_helper'

-
 class OmniauthableIntegrationTest < ActionController::IntegrationTest
  FACEBOOK_INFO = {
    "id" => '12345',
@@ -13,6 +12,14 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest

  setup do
    OmniAuth.config.test_mode = true
+    stub_facebook!
+  end
+
+  teardown do
+    OmniAuth.config.test_mode = false
+  end
+
+  def stub_facebook!
    OmniAuth.config.mock_auth[:facebook] = {
      "uid" => '12345',
      "provider" => 'facebook',
@@ -22,10 +29,6 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
    }
  end

-  teardown do
-    OmniAuth.config.test_mode = false
-  end
-
  def stub_action!(name)
    Users::OmniauthCallbacksController.class_eval do
      alias_method :__old_facebook, :facebook
@@ -125,7 +128,7 @@ class OmniauthableIntegrationTest < ActionController::IntegrationTest
    OmniAuth.config.mock_auth[:facebook] = :invalid_credentials

    visit "/users/sign_in"
-    click_link "Sign in with Facebook"
+    click_link "Sign in with facebook"

    assert_current_url "/users/sign_in"
    assert_contain 'Could not authorize you from Facebook because "Invalid credentials".'
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@@ -38,16 +38,6 @@ class PasswordTest < ActionController::IntegrationTest
    assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.'
  end

-  test 'reset password with email should send an email from a custom mailer' do
-    create_user(:email => 'Foo@Bar.com')
-
-    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
-    request_forgot_password do
-      fill_in 'email', :with => 'foo@bar.com'
-    end
-    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.last.from
-  end
-
  test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do
    swap Devise, :case_insensitive_keys => [] do
      create_user(:email => 'Foo@Bar.com')
@@ -218,15 +208,6 @@ class PasswordTest < ActionController::IntegrationTest
    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
  end

-  test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
-    swap Devise, :paranoid => true do
-      create_user
-      post user_password_path(:format => 'xml'), :user => {:email => "invalid@test.com"}
-      assert_response :success
-      assert_equal response.body, { }.to_xml
-    end
-  end
-
  test 'change password with valid parameters in XML format should return valid response' do
    user = create_user
    request_forgot_password
@@ -269,7 +250,7 @@ class PasswordTest < ActionController::IntegrationTest
      assert_not_contain "1 error prohibited this user from being saved:"
      assert_not_contain "Email not found"
      assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
-      assert_current_url "/users/sign_in"
+      assert_current_url "/users/password"
    end
  end

@@ -281,7 +262,7 @@ class PasswordTest < ActionController::IntegrationTest
      click_button 'Send me reset password instructions'

      assert_contain "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
-      assert_current_url "/users/sign_in"
+      assert_current_url "/users/password"
    end
  end
 end
--- a/test/integration/registerable_test.rb
+++ b/test/integration/registerable_test.rb
@@ -36,19 +36,13 @@ class RegistrationTest < ActionController::IntegrationTest
    assert_current_url "/?custom=1"
  end

-  def user_sign_up
-    ActionMailer::Base.deliveries.clear
-
+  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
    get new_user_registration_path

    fill_in 'email', :with => 'new_user@test.com'
    fill_in 'password', :with => 'new_user123'
    fill_in 'password confirmation', :with => 'new_user123'
    click_button 'Sign up'
-  end
-
-  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
-    user_sign_up

    assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
    assert_not_contain 'You have to confirm your account before continuing'
@@ -61,17 +55,6 @@ class RegistrationTest < ActionController::IntegrationTest
    assert_not user.confirmed?
  end

-  test 'a guest user should receive the confirmation instructions from the default mailer' do
-    user_sign_up
-    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
-  end
-
-  test 'a guest user should receive the confirmation instructions from a custom mailer' do
-    User.any_instance.stubs(:devise_mailer).returns(Users::Mailer)
-    user_sign_up
-    assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from
-  end
-
  test 'a guest user should be blocked by confirmation and redirected to a custom path' do
    Devise::RegistrationsController.any_instance.stubs(:after_inactive_sign_up_path_for).returns("/?custom=1")
    get new_user_registration_path
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@@ -16,15 +16,6 @@ class SessionTimeoutTest < ActionController::IntegrationTest
    assert_not_equal old_last_request, last_request_at
  end

-  test 'set last request at in user session after each request is skipped if tracking is disabled' do
-    sign_in_as_user
-    old_last_request = last_request_at
-    assert_not_nil last_request_at
-
-    get users_path, {}, 'devise.skip_trackable' => true
-    assert_equal old_last_request, last_request_at
-  end
-
  test 'not time out user session before default limit time' do
    sign_in_as_user
    assert_response :success
--- a/test/integration/trackable_test.rb
+++ b/test/integration/trackable_test.rb
@@ -36,17 +36,6 @@ class TrackableHooksTest < ActionController::IntegrationTest
    assert_equal "127.0.0.1", user.current_sign_in_ip
    assert_equal "127.0.0.1", user.last_sign_in_ip
  end
-  
-  test "current remote ip returns original ip behind a non transparent proxy" do
-    user = create_user
-    
-    arbitrary_ip = '192.168.1.69'
-    sign_in_as_user do
-      header 'HTTP_X_FORWARDED_FOR', arbitrary_ip
-    end
-    user.reload
-    assert_equal arbitrary_ip, user.current_sign_in_ip
-  end

  test "increase sign in count" do
    user = create_user
--- a/test/mailers/confirmation_instructions_test.rb
+++ b/test/mailers/confirmation_instructions_test.rb
@@ -8,11 +8,6 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
    Devise.mailer_sender = 'test@example.com'
  end

-  def teardown
-    Devise.mailer = 'Devise::Mailer'
-    Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
-  end
-
  def user
    @user ||= create_user
  end
--- a/test/mailers/reset_password_instructions_test.rb
+++ b/test/mailers/reset_password_instructions_test.rb
@@ -8,11 +8,6 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
    Devise.mailer_sender = 'test@example.com'
  end

-  def teardown
-    Devise.mailer = 'Devise::Mailer'
-    Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
-  end
-
  def user
    @user ||= begin
      user = create_user
--- a/test/mailers/unlock_instructions_test.rb
+++ b/test/mailers/unlock_instructions_test.rb
@@ -8,11 +8,6 @@ class UnlockInstructionsTest < ActionMailer::TestCase
    Devise.mailer_sender = 'test@example.com'
  end

-  def teardown
-    Devise.mailer = 'Devise::Mailer'
-    Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
-  end
-
  def user
    @user ||= begin
      user = create_user
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@@ -22,9 +22,26 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
    assert_equal email.strip, user.email
  end

-  test "param filter should not convert booleans and integer to strings" do
+  test 'find_for_authentication and filter_auth_params should not modify the conditions hash' do
+    FilterAuthUser = Class.new(User) do
+      def self.filter_auth_params(conditions)
+        if conditions.is_a?(Hash) && login = conditions.delete('login')
+          key = login.include?('@') ? :email : :username
+          conditions[key] = login
+        end
+        super(conditions)
+      end
+    end
+
+    conditions = { 'login' => 'foo@bar.com' }
+    FilterAuthUser.find_for_authentication(conditions)
+
+    assert_equal({ 'login' => 'foo@bar.com' }, conditions)
+  end
+  
+  test "filter_auth_params should not convert booleans and integer to strings" do
    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
-    conditions = Devise::ParamFilter.new([], []).filter(conditions)
+    conditions = User.__send__(:filter_auth_params, conditions)
    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
  end

--- a/test/omniauth/config_test.rb
+++ b/test/omniauth/config_test.rb
@@ -1,56 +0,0 @@
-require 'test_helper'
-
-class OmniAuthConfigTest < ActiveSupport::TestCase
-  setup do
-    $: << File.dirname(__FILE__)
-  end
-
-  test 'strategy_name returns provider if no options given' do
-    config = Devise::OmniAuth::Config.new :facebook, [{}]
-    assert_equal :facebook, config.strategy_name
-  end
-
-  test 'strategy_name returns provider if no name option are given' do
-    config = Devise::OmniAuth::Config.new :facebook, [{ :other => :option }]
-    assert_equal :facebook, config.strategy_name
-  end
-
-  test 'returns name option when have a name' do
-    config = Devise::OmniAuth::Config.new :facebook, [{ :name => :github }]
-    assert_equal :github, config.strategy_name
-  end
-
-  test "finds contrib strategies" do
-    config = Devise::OmniAuth::Config.new :facebook, [{}]
-    assert_equal OmniAuth::Strategies::Facebook, config.strategy_class
-  end
-
-  test "finds the strategy in OmniAuth's list by name" do
-    NamedTestStrategy = Class.new
-    NamedTestStrategy.send :include, OmniAuth::Strategy
-    NamedTestStrategy.option :name, :the_one
-
-    config = Devise::OmniAuth::Config.new :the_one, [{}]
-    assert_equal NamedTestStrategy, config.strategy_class
-  end
-
-  test "finds the strategy in OmniAuth's list by class name" do
-    UnNamedTestStrategy = Class.new
-    UnNamedTestStrategy.send :include, OmniAuth::Strategy
-
-    config = Devise::OmniAuth::Config.new :un_named_test_strategy, [{}]
-    assert_equal UnNamedTestStrategy, config.strategy_class
-  end
-
-  test 'attempts to load an as-yet not loaded plugin' do
-    config = Devise::OmniAuth::Config.new :my_strategy, [{}]
-    config_class = config.strategy_class
-    assert_equal MyStrategy, config_class
-  end
-
-  test 'allows the user to define a custom require path' do
-    config = Devise::OmniAuth::Config.new :my_other_strategy, [{:require => 'my_other_strategy'}]
-    config_class = config.strategy_class
-    assert_equal MyOtherStrategy, config_class
-  end
-end
--- a/test/omniauth/my_other_strategy.rb
+++ b/test/omniauth/my_other_strategy.rb
@@ -1,5 +0,0 @@
-require 'omniauth'
-
-class MyOtherStrategy
-  include OmniAuth::Strategy
-end
--- a/test/omniauth/omniauth-my_strategy.rb
+++ b/test/omniauth/omniauth-my_strategy.rb
@@ -1,5 +0,0 @@
-require 'omniauth'
-
-class MyStrategy
-  include OmniAuth::Strategy
-end
--- a/test/omniauth/url_helpers_test.rb
+++ b/test/omniauth/url_helpers_test.rb
@@ -28,31 +28,31 @@ class OmniAuthRoutesTest < ActionController::TestCase
  end

  test 'should generate authorization path' do
-    assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook)
+    assert_match "/users/auth/facebook", @controller.send(:omniauth_authorize_path, :user, :facebook)

    assert_raise ArgumentError do
-      @controller.omniauth_authorize_path(:user, :github)
+      @controller.send :omniauth_authorize_path, :user, :github
    end
  end

  test 'should generate authorization path for named open_id omniauth' do
-    assert_match "/users/auth/google", @controller.omniauth_authorize_path(:user, :google)
+    assert_match "/users/auth/google", @controller.send(:omniauth_authorize_path, :user, :google)
  end

  test 'should generate authorization path with params' do
-    assert_match "/users/auth/openid?openid_url=http%3A%2F%2Fyahoo.com",
-                  @controller.omniauth_authorize_path(:user, :openid, :openid_url => "http://yahoo.com")
+    assert_match "/users/auth/open_id?openid_url=http%3A%2F%2Fyahoo.com",
+                  @controller.send(:omniauth_authorize_path, :user, :open_id, :openid_url => "http://yahoo.com")
  end

  test 'should not add a "?" if no param was sent' do
-    assert_equal "/users/auth/openid",
-                  @controller.omniauth_authorize_path(:user, :openid)
+    assert_equal "/users/auth/open_id",
+                  @controller.send(:omniauth_authorize_path, :user, :open_id)
  end

  test 'should set script name in the path if present' do
    @request.env['SCRIPT_NAME'] = '/q'

    assert_equal "/q/users/auth/facebook",
-                 @controller.omniauth_authorize_path(:user, :facebook)
+                 @controller.send(:omniauth_authorize_path, :user, :facebook)
  end
 end
--- a/test/rails_app/config/environments/development.rb
+++ b/test/rails_app/config/environments/development.rb
@@ -11,6 +11,7 @@ RailsApp::Application.configure do

  # Show full error reports and disable caching
  config.consider_all_requests_local       = true
+  config.action_view.debug_rjs             = true
  config.action_controller.perform_caching = false

  # Don't care if the mailer can't send
--- a/test/rails_app/config/initializers/devise.rb
+++ b/test/rails_app/config/initializers/devise.rb
@@ -177,8 +177,8 @@ Devise.setup do |config|

  # ==> OmniAuth
  config.omniauth :facebook, 'APP_ID', 'APP_SECRET', :scope => 'email,offline_access'
-  config.omniauth :openid
-  config.omniauth :openid, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
+  config.omniauth :open_id
+  config.omniauth :open_id, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'

  # ==> Warden configuration
  # If you want to use other strategies, that are not supported by Devise, or
--- a/test/rails_app/config/routes.rb
+++ b/test/rails_app/config/routes.rb
@@ -46,17 +46,17 @@ Rails.application.routes.draw do

  # Routes for constraints testing
  devise_for :headquarters_admin, :class_name => "Admin", :path => "headquarters", :constraints => {:host => /192\.168\.1\.\d\d\d/}
-
+  
  constraints(:host => /192\.168\.1\.\d\d\d/) do
    devise_for :homebase_admin, :class_name => "Admin", :path => "homebase"
  end

  devise_for :skip_admin, :class_name => "Admin", :skip => :all
-
+  
  # Routes for format=false testing
  devise_for :htmlonly_admin, :class_name => "Admin", :skip => [:confirmations, :unlocks], :path => "htmlonly_admin", :format => false, :skip_helpers => [:confirmations, :unlocks]
  devise_for :htmlonly_users, :class_name => "User", :only => [:confirmations, :unlocks], :path => "htmlonly_users", :format => false, :skip_helpers => true
-
+  
  # Other routes for routing_test.rb
  devise_for :reader, :class_name => "User", :only => :passwords

@@ -71,7 +71,7 @@ Rails.application.routes.draw do
        :password => "secret", :confirmation => "verification",
        :unlock => "unblock", :sign_up => "register",
        :registration => "management", :cancel => "giveup"
-      }, :failure_app => lambda { |env| [404, {"Content-Type" => "text/plain"}, ["Oops, not found"]] }
+      }
  end

  namespace :sign_out_via, :module => "devise" do
--- a/test/rails_app/lib/shared_admin.rb
+++ b/test/rails_app/lib/shared_admin.rb
@@ -6,5 +6,4 @@ module SharedAdmin
           :timeoutable, :recoverable, :rememberable, :lockable,
           :unlock_strategy => :time
  end
-
 end
--- a/test/support/helpers.rb
+++ b/test/support/helpers.rb
@@ -51,37 +51,10 @@ class ActiveSupport::TestCase
      old_values[key] = object.send key
      object.send :"#{key}=", value
    end
-    clear_cached_variables(new_values)
    yield
  ensure
-    clear_cached_variables(new_values)
    old_values.each do |key, value|
      object.send :"#{key}=", value
    end
  end
-
-  def clear_cached_variables(options)
-    if options.key?(:case_insensitive_keys) || options.key?(:strip_whitespace_keys)
-      Devise.mappings.each do |_, mapping|
-        mapping.to.instance_variable_set(:@devise_param_filter, nil)
-      end
-    end
-  end
-
-  def with_rails_version(constants)
-    saved_constants = {}
-
-    constants.each do |constant, val|
-      saved_constants[constant] = ::Rails::VERSION.const_get constant
-      Kernel::silence_warnings { ::Rails::VERSION.const_set(constant, val) }
-    end
-
-    begin
-      yield
-    ensure
-      constants.each do |constant, val|
-        Kernel::silence_warnings { ::Rails::VERSION.const_set(constant, saved_constants[constant]) }
-      end
-    end
-  end
 end
Author	SHA1	Message	Date
José Valim	c698e44d10	Release v1.4.8.	2011-10-10 14:44:07 +02:00
José Valim	3e1b142392	Update docs and CHANGELOG.	2011-10-10 14:43:52 +02:00
José Valim	49807cf0b7	Try to fix the misterious case where some url helpers are not defined.	2011-10-09 17:14:37 +02:00