Release v2.2.3

sorted locale file

CHANGELOG.rdoc

@@ -1,3 +1,13 @@
+== 2.2.3
+
+* bug fix
+  * Require string conversion for all values
+
+== 2.2.2
+
+* bug fix
+  * Fix bug when checking for reconfirmable in templates
+
 == 2.2.1
 
 * bug fix

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (2.2.1)
+    devise (2.2.2)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (~> 3.1)

app/mailers/devise/mailer.rb

@@ -1,4 +1,4 @@
-class Devise::Mailer < ::ActionMailer::Base
+class Devise::Mailer < Devise.parent_mailer.constantize
   include Devise::Mailers::Helpers
 
   def confirmation_instructions(record, opts={})

app/views/devise/registrations/edit.html.erb

@@ -6,7 +6,7 @@
   <div><%= f.label :email %><br />
   <%= f.email_field :email, :autofocus => true %></div>
 
-  <% if resource.class.reconfirmable && resource.unconfirmed_email.present? %>
+  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
     <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
   <% end %>
 
@@ -24,6 +24,6 @@
 
 <h3>Cancel my account</h3>
 
-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.</p>
+<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.</p>
 
 <%= link_to "Back", :back %>

config/locales/en.yml

@@ -1,60 +1,59 @@
 # Additional translations at https://github.com/plataformatec/devise/wiki/I18n
 
 en:
+  devise:
+    confirmations:
+      confirmed: "Your account was successfully confirmed. You are now signed in."
+      send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+    failure:
+      already_authenticated: "You are already signed in."
+      inactive: "Your account was not activated yet."
+      invalid: "Invalid email or password."
+      invalid_token: "Invalid authentication token."
+      locked: "Your account is locked."
+      not_found_in_database: "Invalid email or password."
+      timeout: "Your session expired, please sign in again to continue."
+      unauthenticated: "You need to sign in or sign up before continuing."
+      unconfirmed: "You have to confirm your account before continuing."
+    mailer:
+      confirmation_instructions:
+        subject: "Confirmation instructions"
+      reset_password_instructions:
+        subject: "Reset password instructions"
+      unlock_instructions:
+        subject: "Unlock Instructions"
+    omniauth_callbacks:
+      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
+      success: "Successfully authenticated from %{kind} account."
+    passwords:
+      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
+      send_instructions: "You will receive an email with instructions about how to reset your password in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
+      updated: "Your password was changed successfully. You are now signed in."
+      updated_not_active: "Your password was changed successfully."
+    registrations:
+      destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon."
+      signed_up: "Welcome! You have signed up successfully."
+      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
+      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
+      updated: "You updated your account successfully."
+    sessions:
+      signed_in: "Signed in successfully."
+      signed_out: "Signed out successfully."
+    unlocks:
+      send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
   errors:
     messages:
+      already_confirmed: "was already confirmed, please try signing in"
+      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
       expired: "has expired, please request a new one"
       not_found: "not found"
-      already_confirmed: "was already confirmed, please try signing in"
       not_locked: "was not locked"
       not_saved:
         one: "1 error prohibited this %{resource} from being saved:"
         other: "%{count} errors prohibited this %{resource} from being saved:"
-      confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
-
-  devise:
-    failure:
-      already_authenticated: 'You are already signed in.'
-      unauthenticated: 'You need to sign in or sign up before continuing.'
-      unconfirmed: 'You have to confirm your account before continuing.'
-      locked: 'Your account is locked.'
-      not_found_in_database: 'Invalid email or password.'
-      invalid: 'Invalid email or password.'
-      invalid_token: 'Invalid authentication token.'
-      timeout: 'Your session expired, please sign in again to continue.'
-      inactive: 'Your account was not activated yet.'
-    sessions:
-      signed_in: 'Signed in successfully.'
-      signed_out: 'Signed out successfully.'
-    passwords:
-      send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
-      updated: 'Your password was changed successfully. You are now signed in.'
-      updated_not_active: 'Your password was changed successfully.'
-      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
-      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
-    confirmations:
-      send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
-      send_paranoid_instructions: 'If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes.'
-      confirmed: 'Your account was successfully confirmed. You are now signed in.'
-    registrations:
-      signed_up: 'Welcome! You have signed up successfully.'
-      signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
-      signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
-      signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
-      updated: 'You updated your account successfully.'
-      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
-      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
-    unlocks:
-      send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
-      unlocked: 'Your account has been unlocked successfully. Please sign in to continue.'
-      send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.'
-    omniauth_callbacks:
-      success: 'Successfully authenticated from %{kind} account.'
-      failure: 'Could not authenticate you from %{kind} because "%{reason}".'
-    mailer:
-      confirmation_instructions:
-        subject: 'Confirmation instructions'
-      reset_password_instructions:
-        subject: 'Reset password instructions'
-      unlock_instructions:
-        subject: 'Unlock Instructions'

lib/devise.rb

@@ -43,7 +43,7 @@ module Devise
   # True values used to check params
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 
-  # Custom domain for cookies. Not set by default
+  # Custom domain or key for cookies. Not set by default
   mattr_accessor :rememberable_options
   @@rememberable_options = {}
 
@@ -199,6 +199,12 @@ module Devise
   mattr_accessor :parent_controller
   @@parent_controller = "ApplicationController"
 
+  # The parent mailer all Devise mailers inherit from.
+  # Defaults to ActionMailer::Base. This should be set early
+  # in the initialization process and should be set to a string.
+  mattr_accessor :parent_mailer
+  @@parent_mailer = "ActionMailer::Base"
+
   # The router Devise should use to generate routes. Defaults
   # to :main_app. Should be overriden by engines in order
   # to provide custom routes.

lib/devise/controllers/rememberable.rb

@@ -23,14 +23,14 @@ module Devise
       def remember_me(resource)
         scope = Devise::Mapping.find_scope!(resource)
         resource.remember_me!(resource.extend_remember_period)
-        cookies.signed["remember_#{scope}_token"] = remember_cookie_values(resource)
+        cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
       end
 
       # Forgets the given resource by deleting a cookie
       def forget_me(resource)
         scope = Devise::Mapping.find_scope!(resource)
         resource.forget_me!
-        cookies.delete("remember_#{scope}_token", forget_cookie_values(resource))
+        cookies.delete(remember_key(resource, scope), forget_cookie_values(resource))
       end
 
       protected
@@ -47,6 +47,10 @@ module Devise
           :expires => resource.remember_expires_at
         )
       end
+
+      def remember_key(resource, scope)
+        resource.rememberable_options.fetch(:key, "remember_#{scope}_token")
+      end
     end
   end
-end
+end

lib/devise/models/authenticatable.rb

@@ -214,21 +214,20 @@ module Devise
         # namedscope to filter records while authenticating.
         # Example:
         #
-        #   def self.find_for_authentication(conditions={})
-        #     conditions[:active] = true
-        #     super
+        #   def self.find_for_authentication(tainted_conditions)
+        #     find_first_by_auth_conditions(tainted_conditions, active: true)
         #   end
         #
         # Finally, notice that Devise also queries for users in other scenarios
         # besides authentication, for example when retrieving an user to send
         # an e-mail for password reset. In such cases, find_for_authentication
         # is not called.
-        def find_for_authentication(conditions)
-          find_first_by_auth_conditions(conditions)
+        def find_for_authentication(tainted_conditions)
+          find_first_by_auth_conditions(tainted_conditions)
         end
 
-        def find_first_by_auth_conditions(conditions)
-          to_adapter.find_first devise_param_filter.filter(conditions)
+        def find_first_by_auth_conditions(tainted_conditions, opts={})
+          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
         end
 
         # Find an initialize a record setting an error if it can't be found.

lib/devise/param_filter.rb

@@ -33,9 +33,8 @@ module Devise
 
     private
 
-    # Determine which values should be transformed to string or passed as-is to the query builder underneath
     def param_requires_string_conversion?(value)
-      [Fixnum, TrueClass, FalseClass, Regexp].none? {|clz| value.is_a? clz }
+      true
     end
   end
 end

lib/devise/strategies/rememberable.rb

@@ -41,7 +41,7 @@ module Devise
       end
 
       def remember_key
-        "remember_#{scope}_token"
+        mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
       end
 
       def remember_cookie
@@ -52,4 +52,4 @@ module Devise
   end
 end
 
-Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)
+Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "2.2.1".freeze
+  VERSION = "2.2.3".freeze
 end

lib/generators/templates/simple_form_for/registrations/edit.html.erb

@@ -6,7 +6,7 @@
   <div class="form-inputs">
     <%= f.input :email, :required => true, :autofocus => true %>
 
-    <% if resource.class.reconfirmable && resource.unconfirmed_email.present? %>
+    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
       <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
     <% end %>
 

test/integration/registerable_test.rb

@@ -214,7 +214,7 @@ class RegistrationTest < ActionController::IntegrationTest
     sign_in_as_user
     get edit_user_registration_path
 
-    click_link "Cancel my account", :method => :delete
+    click_button "Cancel my account"
     assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
 
     assert User.all.empty?
@@ -344,4 +344,4 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest
     assert_equal "admin.new@example.com", Admin.first.unconfirmed_email
     assert Admin.first.valid_password?('pas123')
   end
-end
+end

test/integration/rememberable_test.rb

@@ -57,6 +57,13 @@ class RememberMeTest < ActionController::IntegrationTest
     end
   end
 
+  test 'generate remember token with a custom key' do
+    swap Devise, :rememberable_options => { :key => "v1lat_token" } do
+      user = sign_in_as_user :remember_me => true
+      assert request.cookies["v1lat_token"]
+    end
+  end
+
   test 'generate remember token after sign in setting session options' do
     begin
       Rails.configuration.session_options[:domain] = "omg.somewhere.com"

test/models/authenticatable_test.rb

@@ -4,4 +4,10 @@ class AuthenticatableTest < ActiveSupport::TestCase
   test 'required_fields should be an empty array' do
     assert_equal Devise::Models::Validatable.required_fields(User), []
   end
-end
+
+  test 'find_first_by_auth_conditions allows custom filtering parameters' do
+    user = User.create!(email: "example@example.com", password: "123456")
+    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
+    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id + 1), nil
+  end
+end

test/models/database_authenticatable_test.rb

@@ -47,15 +47,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test "param filter should not convert booleans and integer to strings" do
-    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
+    conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
     conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
-  end
-
-  test "param filter should not convert regular expressions to strings" do
-    conditions = { "regexp" => /expression/ }
-    conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { "regexp" => /expression/ }, conditions)
+    assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
   end
 
   test 'should respond to password and password confirmation' do