AtHeartEngineer/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-10 16:18:04 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: AtHeartEngineer:v3.4.1
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5
...
compare: AtHeartEngineer:v3.5.1
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5

160 Commits
v3.4.1 ... v3.5.1

Author SHA1 Message Date
José Valim
42c1ad3c78 Release v3.5.1 2015-05-26 15:10:29 +02:00
José Valim
e641b4b7b9 Also reset password token on email change 2015-05-26 15:09:07 +02:00
José Valim
fe49e625e8 Do not accept empty authentication_salt too 2015-05-26 15:04:27 +02:00
José Valim
31901bc862 Clear up reset password token whenever encrypted password changes 2015-05-26 15:00:12 +02:00
José Valim
b14995167b Do not mark _prefixes as protected 2015-05-26 09:53:38 +02:00
José Valim
4c137c4806 Release v3.5.0 2015-05-23 22:44:49 +02:00
José Valim
e5c3462a62 Merge pull request #3539 from rubyengineer/formatting 
Formatting
 2015-05-23 22:23:52 +02:00
José Valim
7952f1336d Merge pull request #3541 from cipater/fix-failureapp 
Use router_name from scope if available
 2015-05-23 22:23:40 +02:00
José Valim
55ef8004e6 Merge pull request #3542 from lboix/patch-1 
Adding link to wiki + include clarification
 2015-05-23 22:23:09 +02:00
José Valim
4b41dab11b Merge pull request #3601 from Angelmmiguel/master 
Allow the user to set the length of friendly token
 2015-05-23 22:15:48 +02:00
José Valim
1f3638aaa5 Do not clean up CSRF on rememberable 2015-05-23 22:13:59 +02:00
Angel M de Miguel
db63df7a8f Calculate real characters based on SecureRandom.urlsafe_base64 method 2015-05-21 14:41:34 +02:00
Angel M de Miguel
b89537936b Allow the user to set the length of friendly token 2015-05-21 13:46:31 +02:00
José Valim
ac4a89a511 Merge pull request #3597 from glittershark/define-method-not-class-eval 
Use `define_method`, not `class_eval`, for url_helpers
 2015-05-12 22:06:59 +02:00
Griffin Smith
741df732dc Use define_method, not class_eval, for url_helpers 
I'm not hugely familiar with ruby internals vis a vis sclass semantics,
but this *probably* serves as a workaround for the MRI thread-safety
bug mentioned in #3505.
Beyond that, and even if this doesn't fix the thread-safety issue, per
[this blog post][1], `define_method` is recommended over `class_eval`
for performance (and, fwiw, readability) reasons anyway.

[1]: http://tenderlovemaking.com/2013/03/03/dynamic_method_definitions.html
 2015-05-12 15:05:31 -04:00
Carlos Antonio da Silva
d701ed764f Fix wrong comment about http validation method [ci skip] 2015-05-12 14:34:56 -03:00
José Valim
369a5011f8 Merge pull request #3596 from jsanders/confusing-comments-in-generated-controllers 
Change comments on registration and session controller configure methods
 2015-05-11 20:57:22 +02:00
James Sanders
35de859e28 Change comments on registration and session controller configure methods 2015-05-11 12:12:10 -06:00
José Valim
280c247b2f Merge pull request #3594 from bonobos/feature/split-out-encryptor 
Split out BCrypt hashing to make it reusable
 2015-05-07 12:26:04 +02:00
Magnus von Koeller
a8769933d1 Split out BCrypt hashing to make it reusable 
This logic is generic and reusable -- hash a secret; and take an
unhashed secret and compare it to a hashed secret. This breaks this out
to make it reusable in other places. Specifically, we use this in our
own token auth at Bonobos that we plan to split out as a Devise
extension. This will make that possible without copy & pasting this
code.
 2015-05-06 12:11:09 -07:00
José Valim
74679bf3bc Merge pull request #3592 from adacosta/document/confirmable-columns 
Add confirmable column documentation
 2015-05-06 09:42:59 +02:00
Alan Da Costa
26492b3c50 Add confirmable column documentation 2015-05-05 16:04:15 -07:00
José Valim
a29fee1644 Merge pull request #3575 from alex88/failure_flashes 
Conditionally use flashes in failure_app
 2015-04-21 19:50:43 +02:00
Alessandro Tagliapietra
eac6c743fd Conditionally use flashes in failure_app 
Fixes #3574
 2015-04-21 16:27:44 +02:00
José Valim
bc38b044a4 Merge pull request #3573 from kroky/master 
improve error message when using omniauth callbacks under a dynamic segment
 2015-04-21 12:46:31 +02:00
Victor Emanouilov
85d75702ed improve error message when using omniauth callbacks under a dynamic segment 2015-04-21 13:02:28 +03:00
José Valim
7ca70a47ce Merge pull request #3570 from nviennot/no_more_bang 
Removes the bang in confirm! and reset_password!
 2015-04-21 10:30:44 +02:00
Nicolas Viennot
c22e7133b6 Removes the bang in confirm! and reset_password! 
Closes #3412 and #3570.
 2015-04-19 11:47:44 -04:00
Carlos Antonio da Silva
2f0002a449 Simplify serializable_hash implementation 
Now that Rails 3.1 is not supported anymore, we don't need to implement
to_xml, since it does the right thing by calling serializable_hash.

This removes the class_eval need that existed to simplify the
implementation of both to_xml and serializable_hash.
 2015-03-31 14:11:13 -03:00
cipater
15d3fc497c Use router_name from scope if available 
Devise.available_router_name currently returns either
Devise.router_name or :main_app. As such, any redirecting is done
within either of those contexts. Which leads to undesirable redirects
for scopes that reside in an isolate_namespace mounted engine.

This commit makes it possible for FailureApp’s redirect behavior to be
performed in the context of the router_name given to devise_for.

Test case added to cover undesirable behavior. Without change to
lib/devise/failure_app.rb, test case throws exception.
 2015-03-30 16:18:05 -07:00
Lucien Boix
e5400bc709 Adding link to wiki + include clarification 
Like discussed at the bottom of this ticket : https://github.com/plataformatec/devise/issues/1029
 2015-03-29 19:05:24 -04:00
pythogorian
7c309f9b91 Formatting 2015-03-26 23:47:20 +01:00
Carlos Antonio da Silva
79c6f47ad3 Bundle update 2015-03-24 09:00:38 -03:00
José Valim
885597025a Merge pull request #3520 from ianks/valid_password 
Valid password
 2015-03-17 22:54:40 +01:00
Ian Ker-Seymer
8743ce6cf8 Clearly comment on the functionality of valid_password? 2015-03-17 15:21:59 -06:00
Ian Ker-Seymer
70ab38839f Use password.present? in DatabaseAuthenticatable strategy 
In order to be more clear about the expectations of for authenticating, we use
`password.present?` so there is no confusion about the role of the `valid_password?`
method.

More info: https://github.com/plataformatec/devise/issues/3519
 2015-03-17 15:19:23 -06:00
Vasiliy Ermolovich
9aa72db365 Remove extra space. 
[ci skip]
 2015-03-15 02:09:46 +03:00
Carlos Antonio da Silva
18b6064d74 Merge branch 'ca-rm-spaces' 
Closes #3480.
 2015-03-13 14:00:07 -03:00
Carlos Antonio da Silva
868d3d82a0 Do a final pass removing spaces around square brackets 
Keep plataformatec guidelines and review tools happy.
Related to #3480.
 2015-03-13 13:59:19 -03:00
Kosmas Chatzimichalis
1ab2d51308 removed spaces inside square brackets 2015-03-13 13:59:19 -03:00
Carlos Antonio da Silva
d1d5996b6b Remove deprecated methods related to token authentication 
These methods have no effect since Devise 3.2.0, released in Nov 2013.
 2015-03-13 13:54:32 -03:00
José Valim
ef28bf2814 Merge pull request #3504 from scottjacobsen/devise_scope_override 
Allow objects to specify their devise scope
 2015-03-04 09:27:07 +01:00
Scott Jacobsen
4837bb0a4e Allow objects to specify their devise scope. 
Introspecting the scope of an object can make it difficult to use
wrapper patterns. See issue plataformatec/devise#3307 for an example.

Allow objects to specify their scope explicitly by implementing
`devise_scope`.
 2015-03-03 22:37:25 -07:00
Carlos Antonio da Silva
b02cd547e2 Merge pull request #3503 from arnvald/remove-redundant-condition 
Remove redundant `remember_created_at.nil?`
 2015-03-03 13:42:31 -03:00
Grzegorz Witek
8d5c2c4fd9 Remove redundant remember_created_at.nil? 
`remember_expired?` already calls this method
 2015-03-03 23:51:10 +08:00
José Valim
0a0b4e00ea Merge pull request #3502 from davetron5000/remove-hide-action 
remove use of hide_action in favor of protected
 2015-03-01 21:48:57 +01:00
Dave Copeland
e1b9dc860f remove use of hide_action in favor of protected 
Rails 5 will [not have `hide_action` any longer](https://github.com/rails/rails/pull/18371/files), as the Rails convention is to not expose private or protected methods as actions, thus obviating the need for `hide_action`.

Presumably, there is code inheriting from `DeviseController` that is
calling these helpers, so they cannot be private, so protected seems to
be the only way to get Devise working with Rails 5.
 2015-03-01 15:05:20 -05:00
Lauro Caetano
5802a57c76 Merge pull request #3478 from killthekitten/patch-1 
Update message after rails g devise:controllers
 2015-03-01 16:03:14 -03:00
Lucas Mazza
f038c36161 Use SVG badges in the README. 2015-02-27 14:16:54 -03:00
Rafael Mendonça França
4bb457ff6d Merge pull request #3493 from betesh/master 
allow Devise::Models::Authenticatable to be loaded before Rails
 2015-02-25 11:46:37 -03:00
Isaac Betesh
ac79f1e114 allow Devise::Models::Authenticatable to be loaded before Rails 2015-02-24 16:29:06 -05:00
José Valim
61ec44b76e Rollback mongoid fix as 4.0.2 will be out soon 2015-02-19 12:13:57 +01:00
Nikolay Shebanov
5e12508b96 Update message after rails g devise:controllers 2015-02-16 19:46:01 +03:00
José Valim
737ae3632a Merge pull request #3473 from georgemillo/test-yield 
adding test for RegistrationsController#new yielding the resource
 2015-02-14 18:49:59 +01:00
George Millo
a6a1524146 adding test for RegistrationsController#new yielding the resource 2015-02-14 15:37:21 +01:00
José Valim
2992b411a2 Update authenticatable.rb 2015-02-14 11:02:13 +01:00
José Valim
d2658c6e35 Merge pull request #2882 from hauleth/fix-mongoid-10068 
Devise + Mongoid store wrong data in session
 2015-02-14 11:00:48 +01:00
José Valim
893a0222ef Update new.html.erb 2015-02-14 10:59:01 +01:00
José Valim
fbb7a21abc Merge pull request #3468 from redbar0n/patch-2 
Fix potential security leak in email reconfirmation flow
 2015-02-14 10:58:25 +01:00
redbar0n
ee8c13435f Fix potential security leak in email reconfirmation flow 
Ref. bug/issue: https://github.com/plataformatec/devise/issues/3457
 2015-02-13 21:43:06 +01:00
José Valim
c19f1f27ce Merge pull request #3467 from borski/feature/recoverable_autologin_option 
Added an option to not automatically sign in a user after a password res...
 2015-02-13 13:32:35 +01:00
Michael Borohovski
f0992e4a96 Added an option to not automatically sign in a user after a password reset. This is useful for cases where additional strategies might be needed (such as two-factor authentication, e.g.), or generally if it is considered a security risk to automatically log in a user after a password is reset. 2015-02-13 02:29:11 -08:00
José Valim
baef67cee7 Merge pull request #3452 from jaume-prat/master 
workaround for mountable Engines with Rails 4.2
 2015-02-13 09:50:30 +01:00
José Valim
00dc3932c6 Merge pull request #3465 from mattbrictson/logging-leaks-readme 
Add warning about logged tokens to the README
 2015-02-13 09:20:59 +01:00
Matt Brictson
7acc7a6659 Add warning about logged tokens to the README 2015-02-12 16:05:58 -08:00
José Valim
fea2b95c5f Merge pull request #3463 from LunarLogic/master 
Extracted route to separate method to be able to override in child class
 2015-02-12 13:13:26 +01:00
Ania Slimak
8461234483 Extracted route to separate method to be able to override in child class 2015-02-12 13:07:57 +01:00
Jaume Prat
af8d38e45b do not set :script_name option with nil 2015-02-05 14:33:09 +01:00
Lucas Mazza
a2e0e9c187 Merge pull request #3449 from gaganawhad/patch-1 
Add comments re: secret_key on Rails 4+ apps
 2015-02-04 19:39:48 -02:00
Gagan Awhad
90f1d4d37a Add helpful comments re: 'secret_key' in devise initializer template 
Adding a couple comments that explain that Devise will use
'secret_key_base' on Rails 4+ applications as its 'secret_key' by default.
 2015-02-04 14:48:25 -06:00
Lucas Mazza
51c621ef51 Merge pull request #3447 from nitis-intelligence/warning/rails5 
removing deprecation warning from rails 5
 2015-02-03 19:03:37 -02:00
Luciano Sousa
9177bd70cf removing optional commas 2015-02-02 23:02:52 -03:00
Luciano Sousa
252a57d9b3 removing deprecation warning from rails 5 2015-02-02 22:54:46 -03:00
Lucas Mazza
394d69d958 Merge pull request #3407 from rosenfeld/inherited-controllers-translations 
Use Devise translations when inheriting from core controllers
 2015-01-26 20:03:11 -02:00
José Valim
65700b22ba Merge pull request #3440 from davestevens/pepper-password 
Only add pepper if needed
 2015-01-26 19:46:32 +01:00
Dave Stevens
8d48bcd594 Only add pepper if needed 
Due to bug in Ruby 2.2.0; The bug has been acknowledged and fixed in trunk.

When password comes in FormEncoded the result of `gsub` breaks when
peppered with `nil`.
This only adds pepper if defined on the model and works around this
bug.

See: 622f3f14b6
 2015-01-26 18:06:11 +00:00
José Valim
6dd4444582 Merge pull request #3432 from ronalchn/remember.used.tokens 
Keep used confirmation tokens for more user friendly error message (issue #3429)
 2015-01-19 13:04:30 +01:00
Ronald Chan
3f95ac8fec Keep used confirmation tokens for more user friendly error message (fixes #3429) 2015-01-19 22:30:13 +13:00
José Valim
c9fb1ebbfe Merge pull request #3428 from erdostom/master 
updating copyrights to 2015
 2015-01-18 22:38:29 +01:00
Tamas Erdos
bf2b37a39c updating copyrights to 2015 2015-01-18 16:21:59 -05:00
José Valim
8d3e0fddd3 Merge pull request #3425 from kbullaughey/master 
get rid of config.serve_static_assets deprecation warning from production.rb
 2015-01-16 21:31:38 +01:00
Kevin Bullaughey
1118762ce7 apply the same change to production.rb that was put into test.rb to get rid of the depracation warning related to the config.serve_static_assets -> config.serve_static_files in Rails 4.2.0 2015-01-16 15:29:08 -05:00
Rodrigo Rosenfeld Rosas
7e5d0ac736 Add tests for translation scope being preserved when inheriting a controller 
issue #3367
 2015-01-12 17:28:02 -02:00
Rodrigo Rosenfeld Rosas
c2fb80d4d9 Use Devise translations when inheriting from core controllers 
closes #3367
 2015-01-12 17:24:17 -02:00
José Valim
5eb9f18743 Merge pull request #3414 from georgemillo/patch-1 
Remove unnecessary local variable from RegistrationsController
 2015-01-11 16:35:48 +01:00
George Millo
5bb479052c Remove local variable from RegistrationsController 2015-01-11 15:10:44 +00:00
José Valim
8523801459 Merge pull request #3411 from nviennot/master 
Revert "Better error message in case a trackable module can't be saved."
 2015-01-10 16:18:30 +01:00
Nicolas Viennot
620478cc5f Revert "Better error message in case a trackable module can't be saved." 
This reverts commit 43d0715238.

save() returns false only when validations failed. In this case, validations are
not performed. Therefore save() may never return a falsy value.
If save() fails, the appropriate exception is raised.

With certain ORMs, such as NoBrainer, save() never returns true/false, but
always raise an exception. This commit lift the incompatiblity.
 2015-01-10 09:38:43 -05:00
José Valim
710efe557d Merge pull request #3405 from Dinuz/master 
Update find_message to accept scope
 2015-01-07 23:39:00 +01:00
Massimiliano
6c5323c574 Update devise_controller.rb 2015-01-07 14:46:02 -05:00
Massimiliano
c92ef26b94 Update find_message to accept scope 
This should still keep the devise lookup in the case that a customed scope is not passed as option, but if instead the custom scope is passed, then the find_message method will use it.

This is kind of useful, if i don't want overwrite the devise locale, and use different locale files, but keeping still the fallback of my devise locale.
 2015-01-06 21:06:09 -05:00
Carlos Antonio da Silva
d6972ab264 Tidy up 
* Fix test class name
* No need for line breaks
 2015-01-06 14:23:06 -02:00
José Valim
5dc0f8dab9 Merge pull request #3404 from vimutter/rails-initializers-order 
Added devise.omniauth initializer explicit position requirements.
 2015-01-06 17:15:39 +01:00
Mark Guk
b223ddeb35 Added devise.omniauth initializer explicit position requirements. 
It is obvious that this initializer should be executed before Rails build_middleware_stack as Omniauth is build on middleware.
Also it is obvious that we need that initializer to be executed after all config/initializers/* files (that is where devise.rb usually is).
 2015-01-06 18:05:38 +03:00
José Valim
1094ba65aa Merge pull request #3400 from eugeneius/test_helper_memoize_warden_per_request 
Allow warden proxy to change with request in tests
 2015-01-05 09:27:21 +01:00
Eugene Kenny
8d9dd50e4a Allow warden proxy to change with request in tests 
The warden method in the Devise::TestHelpers module adds a Warden proxy
object to the request environment hash under the 'warden' key. Including
this module in your test case registers that method as a callback, which
runs before every test:
https://github.com/plataformatec/devise/blob/v3.4.1/lib/devise/test_helpers.rb#L12

The request object itself is created in a callback added by Rails:
https://github.com/rails/rails/blob/v4.2.0/actionpack/lib/action_controller/test_case.rb#L687

So before each test runs, the Rails callback creates the request object,
and then the Devise callback adds a Warden proxy object to it.

I was using the rspec-retry gem (https://github.com/y310/rspec-retry),
and noticed that my controller specs would always fail whenever they
were retried with this error:

NoMethodError: undefined method `authenticate!' for nil:NilClass

When rspec-retry re-runs a failed test, it runs the setup callbacks
again. The Rails callback creates a new request object, but because of
the memoization that was here before, the Devise callback wouldn't add a
Warden proxy to it, which was causing the error.

With this change, the Warden setup code will still only run once as long
as the request object stays the same, but if it changes a new Warden
proxy will be added to the new request object.
 2015-01-05 00:34:54 +00:00
José Valim
7946f681a9 Merge pull request #3394 from JuanitoFatas/patch/fix-warning 
Suppress test.rb configuration warning for Rails 4.2.
 2014-12-31 09:52:21 +01:00
Juanito Fatas
b2a66732cf Suppress test.rb config warning for Rails 4.2. 2014-12-31 11:35:18 +08:00
Carlos Antonio da Silva
71861ab0bf Merge pull request #3389 from JuanitoFatas/patch/travis-ruby-2-2 
Test against Ruby 2.2 on Travis.
 2014-12-29 09:00:36 -02:00
Juanito Fatas
bb05314c8f Test against Ruby 2.2 on Travis. 
* Add 4.2 stable to matrix.
* Exclude test against Ruby 2.2 for Rails 3.2.
 2014-12-29 01:03:07 +08:00
Carlos Antonio da Silva
bebf0ecbbe Simplify the logic to display the minimum password length hint 
There's no real need to pass 2 variables to the view to figure that out,
we can simply display the message relying on whether or not the
`@minimum_password_length` variable is present.
 2014-12-27 11:22:40 -02:00
Carlos Antonio da Silva
5c5200b5d9 Update dependencies with the released 4.2.0 2014-12-27 11:15:08 -02:00
José Valim
5badce5e8e Merge pull request #3372 from Katee/show-min-password-length-on-edit-password 
Show minimum password length on edit password
 2014-12-17 21:18:48 +01:00
Katee
d0a30d485d Moves minimum_password_length to DeviseController. 2014-12-16 16:14:32 -05:00
Lucas Mazza
2c8e242000 Use Rails 4.2.0.rc3. 2014-12-16 11:03:26 -02:00
Katee
5e12b158d1 Fixes accidentally removed autofocus. 2014-12-15 20:05:46 -05:00
Katee
607bf70674 Shows min password length on edit password view. 2014-12-15 19:52:58 -05:00
José Valim
bf30ddddc0 Merge pull request #3369 from prathamesh-sonpatki/devise-fixes 
Fix description of find_or_initialize_with_error methods
 2014-12-12 08:21:55 +01:00
Prathamesh Sonpatki
13c2d4e807 Fix description of find_or_initialize_with_error methods 
[ci skip]
 2014-12-12 09:26:17 +05:30
José Valim
a9d90503e9 Merge pull request #3318 from BrentWheeldon/bugfix/clear-reset-token 
Only set token back if password reset fails.
 2014-12-02 11:12:12 +01:00
José Valim
c4dfd465d1 Merge pull request #3353 from psgs/readme-update 
Improve README.md flow
 2014-12-02 11:06:38 +01:00
psgs
0522b1eb46 Improve README.md flow 
Improve the way in which the README.md file flows when read.
 2014-12-02 11:41:11 +10:00
Brent Wheeldon
cb89e4435c Only set token back if password reset fails. 
This prevents the digested version of the token being saved when a reset
is successful.
 2014-12-01 17:58:18 -05:00
Lucas Mazza
6fb466eb1e Use Rails 4.2.0.rc1 2014-12-01 10:18:00 -02:00
Vasiliy Ermolovich
9e93b9d700 Merge pull request #3351 from gajon/master 
Trivial doc text correction in authenticatable.rb
 2014-12-01 10:36:43 +03:00
Jorge Gajon
640dd97149 Trivial doc text correction in authenticatable.rb 2014-11-30 22:56:44 -06:00
José Valim
681094663b Merge pull request #3342 from rubyrider/test_reset_password_token_should_match 
ensuse generated token for reset password token is valid
 2014-11-25 15:04:31 +01:00
Irfan Ahmed
0e218d8a01 ensuse digested token for reset password token is valid 2014-11-25 18:32:58 +06:00
Rafael Mendonça França
16005ebcfe Merge pull request #3333 from rosenfeld/master 
Remove old references to removed remember_across_browsers option
 2014-11-21 19:25:46 -02:00
Rodrigo Rosenfeld Rosas
ae00e0bb20 Remove old references to removed remember_across_browsers option 2014-11-21 17:33:58 -02:00
José Valim
d3d9fba201 Merge pull request #3328 from stephenbaldwin/master 
Ability to load modules in specific order
 2014-11-20 22:39:43 +01:00
Rafael Mendonça França
bb24d18869 Merge pull request #3325 from joshk/patch-2 
Use the new build env on Travis
 2014-11-20 19:16:20 -02:00
Stephen Baldwin
06e0f8adca Update devise.rb 2014-11-20 16:01:21 -05:00
Stephen Baldwin
a9e87f067a Ability to load modules in specific order 
Allow modules to be inserted at set positions
 2014-11-20 15:16:46 -05:00
José Valim
840ecb63a2 Merge pull request #3324 from timscott/patch-1 
Option to validate upon #confirm!
 2014-11-20 10:18:44 +01:00
Tim Scott
e9bf72be6a Use args hash instead of named parameters for confirm! 2014-11-19 18:38:58 -06:00
Tim Scott
3b882dadac Made ensure valid a named param for confirm!, and added a test. 2014-11-19 16:48:35 -06:00
Josh Kalderimis
3015ac458d use built in travis caching 
make sure bundle update is run so that the latest gems are used
 2014-11-19 17:08:07 -05:00
Josh Kalderimis
4599b57798 remove the relevant Gemfile.lock 2014-11-19 14:54:31 -05:00
Josh Kalderimis
cf53131ed6 there is no rails-head Gemfile 2014-11-19 14:51:42 -05:00
Josh Kalderimis
04561542b1 Use the new build env on Travis 
- use the new build env on Travis (sudo: false) (docs coming soon)
  faster vms, more cpu, more ram, faster vm boot time
- remove the custom caching for now as the new setup has a far better network
- add rails-head to the gemfile list as it wasn't there

caching is generally not recommended for libs like Devise as you want to test against the latest gem versions. Caching will use the min requirements available on the system instead of retrieving the latest.

On that note, it is also recommended to remove the Gemfile.lock from the repo. For now I have just 'rm'd it before 'bundle install'
 2014-11-19 13:49:55 -05:00
Tim Scott
4ba84eeb27 Option to validate upon #confirm! 
Allow to ensure valid upon confirming.
We might want to consider confirmation status in validations. For example, maybe we want to require certain fields upon confirmation, but not at registration.
 2014-11-19 12:29:08 -06:00
Lucas Mazza
c54e9863a6 Update Gemfiles. 2014-11-19 15:43:47 -02:00
Lucas Mazza
adc031b214 Update CHANGELOG [ci skip] 2014-11-19 14:26:44 -02:00
José Valim
a76dfd6552 Merge pull request #3319 from lleger/lleger-fix-password-length 
Update password length validation to 72 characters max
 2014-11-19 10:25:27 +01:00
José Valim
0efd9244bf Merge pull request #3320 from deivid-rodriguez/yield_the_resource_in_registrations_controller_new_action 
Yield the resource in RegistrationsController#new
 2014-11-19 10:24:44 +01:00
David Rodríguez
1bbcc54026 Yield the resource in RegistrationsController#new 2014-11-19 09:32:51 +01:00
Logan Leger
c7cc91cb65 Update password length validation to 72 characters max 
BCrypt has a limit of 72 characters for the password. Anything beyond 72
characters is truncated. This commit updates the validation to limit
passwords to less than 72 characters, keeping within the limitation.
 2014-11-18 23:10:01 -06:00
José Valim
e54326c19c Merge pull request #3314 from djpowers/update_omniauth_casing 
Update casing of 'OmniAuth' to match that of official OmniAuth documentation
 2014-11-14 20:56:30 +01:00
Dave Powers
63ae9701b4 Update casing of 'OmniAuth' to match that of official OmniAuth documentation 2014-11-14 14:45:09 -05:00
Carlos Antonio da Silva
c47ab5e6cf Merge pull request #3310 from djpowers/patch-1 
Fix link to Michael Hartl's Rails Tutorial
 2014-11-14 08:18:04 -02:00
Dave Powers
9e083c9689 Fix link to Michael Hartl's Rails Tutorial 
Update link to go to authentication chapter of latest edition (3rd) of online book
 2014-11-13 23:08:42 -05:00
Lucas Mazza
12b5439f84 Merge pull request #3308 from mtarnovan/master 
Yield the resource in SessionsController#new
 2014-11-12 11:23:07 -02:00
José Valim
c7a135d6ba Merge pull request #3303 from BM5k/callbacks 
add Rememerable#after_remembered callback
 2014-11-09 10:01:26 -02:00
BM5k
8c3c6ac10f add docs to other callbacks 2014-11-08 16:51:08 -07:00
BM5k
b5713a8ddf add Rememerable#after_remembered callback 2014-11-08 16:39:24 -07:00
BM5k
6f88df3453 add test for after_database_authentication 2014-11-08 16:00:07 -07:00
José Valim
910868785c Merge pull request #3295 from jbourassa/stored_location_fragment 
Include URI's fragment in `store_location_for`
 2014-11-05 20:06:28 -02:00
José Valim
13e1a8fd8c Merge pull request #3296 from adelevie/fix_comment_typo 
Fix small typo in devise_authenticatable.rb
 2014-11-05 20:06:04 -02:00
Jimmy Bourassa
5dedd8c4cf Add fragment support for store_location_for 2014-11-05 16:52:40 -05:00
Alan deLevie
09f433691a Fix small typo in devise_authenticatable.rb 2014-11-05 16:51:29 -05:00
Mihai Târnovan
3902e0702c Yield the resource in SessionsController#new 2014-11-05 15:47:10 +02:00
Lucas Mazza
d67388ad98 Merge pull request #3290 from olivierlacan/patch-1 
Add release dates to each version in CHANGELOG
 2014-11-03 11:02:37 -02:00
Olivier Lacan
2a5ae0200d Add release dates to each version in CHANGELOG 
As I've described [here](http://keepachangelog.com), it's quite useful to associate release version numbers with dates to get situated in a change log. 

Hope you find this useful.

PS: While doing this I did notice that a release marked as yanked in the CHANGELOG was not showing up as yanked on RubyGems, hence #3289.
 2014-11-03 13:52:03 +01:00
Lucas Mazza
13e07b4b61 Merge pull request #3279 from Sinbadsoft/activesurppot_load_hooks 
Add ActiveSupport load hook for DeviseController
 2014-11-03 10:07:07 -02:00
Chaker Nakhli
e46a21be16 remove dynamically added method to DeviseController by active support load hook test 2014-10-29 16:14:38 +01:00
Chaker Nakhli
8a7796aea9 Add ActiveSupport load hook for DeviseController 2014-10-28 13:41:55 +01:00
Łukasz Niemier
4064155312 Small refactoring 2014-03-15 16:13:57 +01:00
Łukasz Niemier
2c5126dc42 Temporary, and ugly hack. But works now 2014-02-23 21:19:53 +01:00
Łukasz Niemier
a05548110f Should fix #2882 2014-02-23 20:43:16 +01:00
82 changed files with 1294 additions and 653 deletions
Expand all files Collapse all files

42
.travis.yml
View File

@@ -1,31 +1,41 @@
language: ruby
script: "bundle exec rake test"
install: script/cached-bundle install --deployment --path vendor/bundle
rvm:
- 1.9.3
- 2.0.0
- 2.1.2
env:
matrix:
- DEVISE_ORM=mongoid
- DEVISE_ORM=active_record
global:
# AMAZON_S3_BUCKET
- secure: "qkeYGn2mpgsgU5tKS9GWvFp/utUF/9O8++Shch24DMnq8OB01TrV5QQ2Elj7sSjMWqw2Pbe56nUCA9eOWXhPglGyIq2AI9E0umsEGZxdRlqqobpiMWs5wl8KZ0cFD1rZm6CwfL8atmcNfTt5TnvsaQ2l/k3TerOT2e66R/Mibk8="
# AMAZON_ACCESS_KEY_ID
- secure: "rTYGUFH9SPN0L7QtdE6Liyy/1z7nGKxqDF9LMRsmNsIfsqxoTPKZ8bCctQ4ksuk9svynGQsLfsda5pA+YvuALzjdWmGcID6ENgOGvoFnhZO5LuJ5f6t0k8gFpV9oBquQgDWzhzrcPYvCUrUYg3GSlHjFSXdPdht3SoYn7PiDaNs="
# AMAZON_SECRET_ACCESS_KEY
- secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI="
- 2.1
- 2.2
gemfile:
- gemfiles/Gemfile.rails-4.2-stable
- gemfiles/Gemfile.rails-4.1-stable
- gemfiles/Gemfile.rails-4.0-stable
- gemfiles/Gemfile.rails-3.2-stable
- Gemfile
matrix:
allow_failures:
- gemfile: gemfiles/Gemfile.rails-head
exclude:
- rvm: 2.2
gemfile: gemfiles/Gemfile.rails-3.2-stable
services:
- mongodb
sudo: false
cache: bundler
env:
matrix:
- DEVISE_ORM=mongoid
- DEVISE_ORM=active_record
before_install: "rm ${BUNDLE_GEMFILE}.lock"
before_script: "bundle update"
script: "bundle exec rake test"
notifications:
email: false
campfire:

235
CHANGELOG.md
View File

@@ -1,6 +1,33 @@
### Unreleased
### 3.5.1 - 2015-05-24
### 3.4.1
Note: 3.5.0 has been yanked due to a regression
* security improvements
* Clean up reset password token whenever e-mail or password changes. thanks to George Deglin & Dennis Charles Hackethal for reporting this bug
* Ensure empty `authenticable_salt` cannot be used as remember token. This bug can only affect users who manually implement their own `authenticable_salt` and allow empty values as salt
* enhancements
* The hint about minimum password length required both `@validatable` and `@minimum_password_length` variables on the views, it now uses only the latter. If you have generated the views relying on the `@validatable` variable, replace it with `@minimum_password_length`.
* Added an ActiveSupport load hook for `:devise_controller`. (by @nakhli)
* Location fragments are now preserved between requests. (by @jbourassa)
* Added an `after_remembered` callback for the Rememerable module. (by @BM5k)
* `RegistrationsController#new` and `SessionsController#new` now yields the
current resource. (by @mtarnovan, @deivid-rodriguez)
* Password length validation is now limited to 72 characters for newer apps. (by @lleger)
* Controllers inheriting from any Devise core controller will now use appropriate translations. The i18n scope can be overridden in `translation_scope`.
* Allow the user to set the length of friendly token. (by @Angelmmiguel)
* bug fixes
* Use router_name from scope if one is available to support isolated engines. (by @cipater)
* Do not clean up CSRF on rememberable.
* Only use flash if it has been configured in failure app. (by @alex88)
* deprecations
* `confirm!` has been deprecated in favor of `confirm`.
* `reset_password!` has been deprecated in favor of `reset_password`.
* `Devise.bcrypt` has been deprecated in favor of `Devise::Encryptor.digest`".
### 3.4.1 - 2014-10-29
* enhancements
* Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns)
@@ -10,7 +37,7 @@
* Fixed an regression with translation of flash messages for when the `authentication_keys`
config is a Hash. (by @lucasmazza)
### 3.4.0
### 3.4.0 - 2014-10-03
* enhancements
* Support added for Rails 4.2. Devise now depends on the `responders` gem due
@@ -31,7 +58,7 @@
message for your users. To keep the current behavior, this flag is now `true`
by default. (by @lucasmazza)
### 3.3.0
### 3.3.0 - 2014-08-13
* enhancements
* Support multiple warden configuration blocks on devise configuration. (by @rossta)
@@ -55,13 +82,13 @@
* Ensure registration controller block yields happen on failure in addition to success (by @dpehrson)
* Only valid paths will be stored for redirections (by @parallel588)
### 3.2.4
### 3.2.4 - 2014-03-17
* enhancements
* `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
* View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline)
### 3.2.3
### 3.2.3 - 2014-02-20
* enhancements
* Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`.
@@ -70,14 +97,14 @@
* bug fix
* Migrations will be properly generated when using rails 4.1.0.
### 3.2.2
### 3.2.2 - 2013-11-25
* bug fix
* Ensure timeoutable works when `sign_out_all_scopes` is false (by @louman)
* Keep the query string when storing location (by @csexton)
* Require rails generator base class in devise generators
### 3.2.1
### 3.2.1 - 2013-11-13
Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode
@@ -89,7 +116,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumerati
* Bring `password_digest` back to fix compatibility with `devise-encryptable`
* Avoid e-mail enumeration on sign in when in paranoid mode
### 3.2.0
### 3.2.0 - 2013-11-06
* enhancements
* Previously deprecated token authenticatable and insecure lookups have been removed
@@ -108,13 +135,13 @@ Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumerati
* deprecations
* `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!`
### 3.1.1
### 3.1.1 - 2013-10-01
* bug fix
* Improve default message which asked users to sign in even when they were already signed (by @gregates)
* Improve error message for when the config.secret_key is missing
### 3.1.0
### 3.1.0 - 2013-09-05
Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/
@@ -137,12 +164,12 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-w
* Do not compare directly against confirmation, unlock and reset password tokens
* Skip storage for cookies on unverified requests
### 3.0.2
### 3.0.2 - 2013-08-09
* bug fix
* Skip storage for cookies on unverified requests
### 3.0.1
### 3.0.1 - 2013-08-02
Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/
@@ -153,7 +180,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
* When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne)
* Clean up CSRF token after authentication (by @homakov). Notice this change will clean up the CSRF Token after authentication (sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server.
### 3.0.0
### 3.0.0 - 2013-07-14
* enhancements
* Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino)
@@ -163,7 +190,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
* bug fix
* Errors on unlock are now properly reflected on the first `unlock_keys`
### 2.2.4
### 2.2.4 - 2013-05-07
* enhancements
* Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3)
@@ -182,25 +209,25 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
* backwards incompatible changes
* Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606
### 2.2.3
### 2.2.3 - 2013-01-26
Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
* bug fix
* Require string conversion for all values
### 2.2.2
### 2.2.2 - 2013-01-15
* bug fix
* Fix bug when checking for reconfirmable in templates
### 2.2.1
### 2.2.1 - 2013-01-11
* bug fix
* Fix regression with case_insensitive_keys
* Fix regression when password is blank when it is invalid
### 2.2.0
### 2.2.0 - 2013-01-08
* backwards incompatible changes
* `headers_for` is deprecated, customize the mailer directly instead
@@ -231,17 +258,17 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
* `update_with_password` doesn't change encrypted password when it is invalid (by @nashby)
* Properly handle namespaced models on Active Record generator (by @nashby)
### 2.1.4
### 2.1.4 - 2013-08-18
* bugfix
* Do not confirm account after reset password
### 2.1.3
### 2.1.3 - 2013-01-26
* bugfix
* Require string conversion for all values
### 2.1.2
### 2.1.2 - 2012-06-19
* enhancements
* Handle backwards incompatibility between Rails 3.2.6 and Thor 0.15.x
@@ -249,7 +276,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
* bug fix
* Fix regression on strategy validation on previous release
### 2.1.1 (yanked)
### 2.1.1 - 2012-06-15 (yanked)
* enhancements
* `sign_out_all_scopes` now locks warden and does not allow new logins in the same action
@@ -266,7 +293,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
* deprecations
* Strategy#validate() no longer validates nil resources
### 2.1.0
### 2.1.0 - 2012-05-15
* enhancements
* Add `check_fields!(model_class)` method on Devise::Models to check if the model includes the fields that Devise uses
@@ -293,7 +320,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
* Return `head :no_content` in SessionsController now that most JS libraries handle it (by @julianvargasalvarez)
* Reverted moving devise/shared/_links.erb to devise/_links.erb
### 2.0.4
### 2.0.4 - 2012-02-17
Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
@@ -301,7 +328,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Fix when :host is used with devise_for (by @mreinsch)
* Fix a regression that caused Warden to be initialized too late
### 2.0.3 (yanked)
### 2.0.3 - 2012-06-16 (yanked)
* bug fix
* Ensure warning is not shown by mistake on apps with mounted engines
@@ -309,7 +336,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Ensure serializable_hash does not depend on accessible attributes
* Ensure that timeout callback does not run on sign out action
### 2.0.2
### 2.0.2 - 2012-02-14
* enhancements
* Add devise_i18n_options to customize I18n message
@@ -321,7 +348,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Show a warning in case someone gives a pluralized name to devise generator
* Fix test behavior for rspec subject requests (by @sj26)
### 2.0.1
### 2.0.1 - 2012-02-09
* enhancements
* Improved error messages on deprecation warnings
@@ -330,7 +357,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* Removed tmp and log files from gem
### 2.0.0
### 2.0.0 - 2012-01-26
* enhancements
* Add support for e-mail reconfirmation on change (by @Mandaryn and @heimidal)
@@ -356,14 +383,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Deprecated support to devise.registrations.reasons and devise.registrations.inactive_signed_up in favor of devise.registrations.signed_up_but_*
* Protected method render_with_scope was removed.
### 1.5.3
### 1.5.3 - 2011-12-19
* bug fix
* Ensure delegator converts scope to symbol (by @dmitriy-kiriyenko)
* Ensure passing :format => false to devise_for is not permanent
* Ensure path checker does not check invalid routes
### 1.5.2
### 1.5.2 - 2011-11-30
* enhancements
* Add support for Rails 3.1 new mass assignment conventions (by @kirs)
@@ -372,12 +399,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* OmniAuth error message now shows the proper option (:strategy_class instead of :klass)
### 1.5.1
### 1.5.1 - 2011-11-22
* bug fix
* Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise.
### 1.5.0
### 1.5.0 - 2011-11-13
* enhancements
* Timeoutable also skips tracking if skip_trackable is given
@@ -398,12 +425,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* redirect_location is deprecated, please use after_sign_in_path_for
* after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it
### 1.4.9
### 1.4.9 - 2011-10-19
* bug fix
* url helpers were not being set under some circumstances
### 1.4.8
### 1.4.8 - 2011-10-09
* enhancements
* Add docs for assets pipeline and Heroku
@@ -411,12 +438,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* confirmation_url was not being set under some circumstances
### 1.4.7
### 1.4.7 - 2011-09-21
* bug fix
* Fix backward incompatible change from 1.4.6 for those using custom controllers
### 1.4.6 (yanked)
### 1.4.6 - 2011-09-19 (yanked)
* enhancements
* Allow devise_for :skip => :all
@@ -424,7 +451,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Allow --skip-routes to devise generator
* Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller
### 1.4.5
### 1.4.5 - 2011-09-07
* bug fix
* Failure app tries the root path if a session one does not exist
@@ -432,12 +459,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Reset password shows proper message if user is not active
* `clean_up_passwords` sets the accessors to nil to skip validations
### 1.4.4
### 1.4.4 - 2011-08-30
* bug fix
* Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually
### 1.4.3
### 1.4.3 - 2011-08-29
* enhancements
* Improve Rails 3.1 compatibility
@@ -453,12 +480,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* deprecations
* Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation
### 1.4.2
### 1.4.2 - 2011-06-30
* bug fix
* Provide a more robust behavior to serializers and add :force_except option
### 1.4.1
### 1.4.1 - 2011-06-29
* enhancements
* Add :defaults and :format support on router
@@ -469,7 +496,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Ensure to_xml is properly white listened
* Ensure handle_unverified_request clean up any cached signed-in user
### 1.4.0
### 1.4.0 - 2011-06-23
* enhancements
* Added authenticated and unauthenticated to the router to route the used based on their status (by @sj26)
@@ -487,22 +514,22 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Devise now honors routes constraints (by @macmartine)
* Do not return the user resource when requesting instructions (by @rodrigoflores)
### 1.3.4
### 1.3.4 - 2011-04-28
* bug fix
* Do not add formats if html or "*/*"
### 1.3.3
### 1.3.3 - 2011-04-20
* bug fix
* Explicitly mark the token as expired if so
### 1.3.2
### 1.3.2 - 2011-04-20
* bug fix
* Fix another regression related to reset_password_sent_at (by @alexdreher)
### 1.3.1
### 1.3.1 - 2011-04-18
* enhancements
* Improve failure_app responses (by @indirect)
@@ -511,7 +538,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* Fix a regression that occurred if reset_password_sent_at is not present (by @stevehodgkiss)
### 1.3.0
### 1.3.0 - 2011-04-15
* enhancements
* All controllers can now handle different mime types than html using Responders (by @sikachu)
@@ -531,19 +558,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* backward incompatible changes
* authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior.
### 1.2.1
### 1.2.1 - 2011-03-27
* enhancements
* Improve update path messages
### 1.2.0
### 1.2.0 - 2011-03-24
* bug fix
* Properly ignore path prefix on omniauthable
* Faster uniqueness queries
* Rename active? to active_for_authentication? to avoid conflicts
### 1.2.rc2
### 1.2.rc2 - 2011-03-10
* enhancements
* Make friendly_token 20 chars long
@@ -573,7 +600,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Removed --haml and --slim view templates
* Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode
### 1.2.rc
### 1.2.rc - 2010-10-25
* deprecations
* cookie_domain is deprecated in favor of cookie_options
@@ -611,13 +638,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Ensure namespaces has proper scoped views
* Ensure Devise does not set empty flash messages (by @sxross)
### 1.1.6
### 1.1.6 - 2011-02-14
* Use a more secure e-mail regexp
* Implement Rails 3.0.4 handle unverified request
* Use secure_compare to compare passwords
### 1.1.5
### 1.1.5 - 2010-11-26
* bugfix
* Ensure to convert keys on indifferent hash
@@ -625,12 +652,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* defaults
* Set config.http_authenticatable to false to avoid confusion
### 1.1.4
### 1.1.4 - 2010-11-25
* bugfix
* Avoid session fixation attacks
### 1.1.3
### 1.1.3 - 2010-09-23
* bugfix
* Add reply-to to e-mail headers by default
@@ -641,17 +668,17 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Fix for failed first-ever logins on PostgreSQL where column default is nil (by @bensie)
* :default options is now honored in migrations
### 1.1.2
### 1.1.2 - 2010-08-25
* bugfix
* Compatibility with latest Rails routes schema
### 1.1.1
### 1.1.1 - 2010-07-26
* bugfix
* Fix a small bug where generated locale file was empty on devise:install
### 1.1.0
### 1.1.0 - 2010-07-25
* enhancements
* Rememberable module allows user to be remembered across browsers and is enabled by default (by @trevorturk)
@@ -671,7 +698,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* deprecations
* use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead
### 1.1.rc2
### 1.1.rc2 - 2010-06-22
* enhancements
* Allow to set cookie domain for the remember token. (by @mantas)
@@ -689,7 +716,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject
* Generators now use Rails 3 syntax (devise:install) instead of devise_install
### 1.1.rc1
### 1.1.rc1 - 2010-04-14
* enhancements
* Rails 3 compatibility
@@ -721,7 +748,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure
* :as and :scope in routes is deprecated. Use :path and :singular instead
### 1.0.8
### 1.0.8 - 2010-06-22
* enhancements
* Support for latest MongoMapper
@@ -730,7 +757,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* confirmation_required? is properly honored on active? calls. (by @paulrosania)
### 1.0.7
### 1.0.7 - 2010-05-02
* bug fix
* Ensure password confirmation is always required
@@ -739,14 +766,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* authenticatable was deprecated and renamed to database_authenticatable
* confirmable is not included by default on generation
### 1.0.6
### 1.0.6 - 2010-04-02
* bug fix
* Do not allow unlockable strategies based on time to access a controller.
* Do not send unlockable email several times.
* Allow controller to upstram custom! failures to Warden.
### 1.0.5
### 1.0.5 - 2010-03-25
* bug fix
* Use prepend_before_filter in require_no_authentication.
@@ -754,19 +781,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Fix a bug when giving an association proxy to devise.
* Do not use lock! on lockable since it's part of ActiveRecord API.
### 1.0.4
### 1.0.4 - 2010-03-02
* bug fix
* Fixed a bug when deleting an account with rememberable
* Fixed a bug with custom controllers
### 1.0.3
### 1.0.3 - 2010-02-22
* enhancements
* HTML e-mails now have proper formatting
* Do not remove MongoMapper options in find
### 1.0.2
### 1.0.2 - 2010-02-17
* enhancements
* Allows you set mailer content type (by @glennr)
@@ -774,7 +801,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* Uses the same content type as request on http authenticatable 401 responses
### 1.0.1
### 1.0.1 - 2010-02-16
* enhancements
* HttpAuthenticatable is not added by default automatically.
@@ -783,7 +810,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* Fixed encryptors autoload
### 1.0.0
### 1.0.0 - 2010-02-08
* deprecation
* :old_password in update_with_password is deprecated, use :current_password instead
@@ -794,7 +821,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Allow scoped_views to be customized per controller/mailer class
* Allow authenticatable to used in change_table statements
### 0.9.2
### 0.9.2 - 2010-02-04
* bug fix
* Ensure inactive user cannot sign in
@@ -804,13 +831,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Added gemspec to repo
* Added token authenticatable (by @grimen)
### 0.9.1
### 0.9.1 - 2010-01-24
* bug fix
* Allow bigger salt size (by @jgeiger)
* Fix relative url root
### 0.9.0
### 0.9.0 - 2010-01-20
* deprecation
* devise :all is deprecated
@@ -827,7 +854,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Accept path prefix not starting with slash
* url helpers should rely on find_scope!
### 0.8.2
### 0.8.2 - 2010-01-12
* enhancements
* Allow Devise.mailer_sender to be a proc (by @grimen)
@@ -835,7 +862,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* Fix bug with passenger, update is required to anyone deploying on passenger (by @dvdpalm)
### 0.8.1
### 0.8.1 - 2010-01-07
* enhancements
* Move salt to encryptors
@@ -845,7 +872,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* Bcrypt generator was not being loaded neither setting the proper salt
### 0.8.0
### 0.8.0 - 2010-01-06
* enhancements
* Warden 0.8.0 compatibility
@@ -859,19 +886,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* deprecation
* Removed DeviseMailer.sender
### 0.7.5
### 0.7.5 - 2010-01-01
* enhancements
* Set a default value for mailer to avoid find_template issues
* Add models configuration to MongoMapper::EmbeddedDocument as well
### 0.7.4
### 0.7.4 - 2009-12-21
* enhancements
* Extract Activatable from Confirmable
* Decouple Serializers from Devise modules
### 0.7.3
### 0.7.3 - 2009-12-15
* bug fix
* Give scope to the proper model validation
@@ -881,7 +908,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Added update_with_password for authenticatable
* Allow render_with_scope to accept :controller option
### 0.7.2
### 0.7.2 - 2009-12-14
* deprecation
* Renamed reset_confirmation! to resend_confirmation!
@@ -891,12 +918,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Fixed render_with_scope to work with all controllers
* Allow sign in with two different users in Devise::TestHelpers
### 0.7.1
### 0.7.1 - 2009-12-09
* enhancements
* Small enhancements for other plugins compatibility (by @grimen)
### 0.7.0
### 0.7.0 - 2009-12-08
* deprecations
* :authenticatable is not included by default anymore
@@ -905,25 +932,25 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Improve loading process
* Extract SessionSerializer from Authenticatable
### 0.6.3
### 0.6.3 - 2009-12-02
* bug fix
* Added trackable to migrations
* Allow inflections to work
### 0.6.2
### 0.6.2 - 2009-11-25
* enhancements
* More DataMapper compatibility
* Devise::Trackable - track sign in count, timestamps and ips
### 0.6.1
### 0.6.1 - 2009-11-24
* enhancements
* Devise::Timeoutable - timeout sessions without activity
* DataMapper now accepts conditions
### 0.6.0
### 0.6.0 - 2009-11-22
* deprecations
* :authenticatable is still included by default, but yields a deprecation warning
@@ -934,19 +961,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Allow a strategy to be placed after authenticatable
* Do not rely attribute? methods, since they are not added on Datamapper
### 0.5.6
### 0.5.6 - 2009-11-21
* enhancements
* Do not send nil to build (DataMapper compatibility)
* Allow to have scoped views
### 0.5.5
### 0.5.5 - 2009-11-20
* enhancements
* Allow overwriting find for authentication method
* Remove Ruby 1.8.7 dependency
### 0.5.4
### 0.5.4 - 2009-11-19
* deprecations
* Deprecate :singular in devise_for and use :scope instead
@@ -957,7 +984,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Create sign_in_and_redirect and sign_out_and_redirect helpers
* Warden::Manager.default_scope is automatically configured to the first given scope
### 0.5.3
### 0.5.3 - 2009-11-18
* bug fix
* MongoMapper now converts DateTime to Time
@@ -969,20 +996,20 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper
in cases you don't want it be handlded automatically
### 0.5.2
### 0.5.2 - 2009-11-17
* enhancements
* Improved sign_in and sign_out helpers to accepts resources
* Added stored_location_for as a helper
* Added test helpers
### 0.5.1
### 0.5.1 - 2009-11-15
* enhancements
* Added serializers based on Warden ones
* Allow authentication keys to be set
### 0.5.0
### 0.5.0 - 2009-11-13
* bug fix
* Fixed a bug where remember me module was not working properly
@@ -992,13 +1019,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by @mhfs)
* Added support for MongoMapper (by @shingara)
### 0.4.3
### 0.4.3 - 2009-11-10
* bug fix
* Authentication just fails if user cannot be serialized from session, without raising errors;
* Default configuration values should not overwrite user values;
### 0.4.2
### 0.4.2 - 2009-11-06
* deprecations
* Renamed mail_sender to mailer_sender
@@ -1010,12 +1037,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Allow :path_prefix to be given to devise_for
* Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported)
### 0.4.1
### 0.4.1 - 2009-11-04
* bug fix
* Ensure options can be set even if models were not loaded
### 0.4.0
### 0.4.0 - 2009-11-03
* deprecations
* Notifier is deprecated, use DeviseMailer instead. Remember to rename
@@ -1028,7 +1055,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Allow Warden::Manager to be configured through Devise
* Created a generator which creates an initializer
### 0.3.0
### 0.3.0 - 2009-10-30
* bug fix
* Allow yml messages to be configured by not using engine locales
@@ -1038,7 +1065,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Do not send confirmation messages when user changes their e-mail
* Renamed authenticable to authenticatable and added deprecation warnings
### 0.2.3
### 0.2.3 - 2009-10-29
* enhancements
* Ensure fail! works inside strategies
@@ -1048,12 +1075,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* Do not redirect on invalid authenticate
* Allow model configuration to be set to nil
### 0.2.2
### 0.2.2 - 2009-10-28
* bug fix
* Fix a bug when using customized resources
### 0.2.1
### 0.2.1 - 2009-10-27
* refactor
* Clean devise_views generator to use devise existing views
@@ -1065,7 +1092,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fix
* Fix a bug with Mongrel and Ruby 1.8.6
### 0.2.0
### 0.2.0 - 2009-10-24
* enhancements
* Allow option :null => true in authenticable migration
@@ -1080,12 +1107,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
* bug fixes
* Fixed requiring devise strategies
### 0.1.1
### 0.1.1 - 2009-10-21
* bug fixes
* Fixed requiring devise mapping
### 0.1.0
### 0.1.0 - 2009-10-21
* Devise::Authenticable
* Devise::Confirmable

2
Gemfile
View File

@@ -2,7 +2,7 @@ source "https://rubygems.org"
gemspec
gem "rails", "4.2.0.beta2"
gem "rails", "4.2.1"
gem "omniauth", "~> 1.2.0"
gem "omniauth-oauth2", "~> 1.1.0"
gem "rdoc"

169
Gemfile.lock
View File

@@ -1,6 +1,17 @@
PATH
remote: .
specs:
devise (3.5.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
responders
thread_safe (~> 0.1)
warden (~> 1.2.3)
GIT
remote: git://github.com/mongoid/mongoid.git
revision: 5ba2e1fb4cb8189c9890e29c19cf4e16c25e4bc5
revision: a4365d7ecfa8221bfcf36a4e7ce7993142fc5940
branch: master
specs:
mongoid (4.0.0)
@@ -9,89 +20,78 @@ GIT
origin (~> 2.1)
tzinfo (>= 0.3.37)
PATH
remote: .
specs:
devise (3.4.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
responders
thread_safe (~> 0.1)
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
actionmailer (4.2.0.beta2)
actionpack (= 4.2.0.beta2)
actionview (= 4.2.0.beta2)
activejob (= 4.2.0.beta2)
actionmailer (4.2.1)
actionpack (= 4.2.1)
actionview (= 4.2.1)
activejob (= 4.2.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.3)
actionpack (4.2.0.beta2)
actionview (= 4.2.0.beta2)
activesupport (= 4.2.0.beta2)
rack (~> 1.6.0.beta)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.1)
actionview (= 4.2.1)
activesupport (= 4.2.1)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.3)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.1)
actionview (4.2.0.beta2)
activesupport (= 4.2.0.beta2)
actionview (4.2.1)
activesupport (= 4.2.1)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.3)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.1)
activejob (4.2.0.beta2)
activesupport (= 4.2.0.beta2)
activejob (4.2.1)
activesupport (= 4.2.1)
globalid (>= 0.3.0)
activemodel (4.2.0.beta2)
activesupport (= 4.2.0.beta2)
activemodel (4.2.1)
activesupport (= 4.2.1)
builder (~> 3.1)
activerecord (4.2.0.beta2)
activemodel (= 4.2.0.beta2)
activesupport (= 4.2.0.beta2)
arel (>= 6.0.0.beta1, < 6.1)
activesupport (4.2.0.beta2)
i18n (>= 0.7.0.beta1, < 0.8)
activerecord (4.2.1)
activemodel (= 4.2.1)
activesupport (= 4.2.1)
arel (~> 6.0)
activesupport (4.2.1)
i18n (~> 0.7)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
thread_safe (~> 0.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
arel (6.0.0.beta1)
bcrypt (3.1.7)
arel (6.0.0)
bcrypt (3.1.10)
bson (2.3.0)
builder (3.2.2)
connection_pool (2.0.0)
connection_pool (2.1.3)
erubis (2.7.0)
faraday (0.9.0)
faraday (0.9.1)
multipart-post (>= 1.2, < 3)
globalid (0.3.0)
globalid (0.3.3)
activesupport (>= 4.1.0)
hashie (3.2.0)
hashie (3.4.0)
hike (1.2.3)
i18n (0.7.0.beta1)
json (1.8.1)
jwt (1.0.0)
i18n (0.7.0)
json (1.8.2)
jwt (1.4.1)
loofah (2.0.1)
nokogiri (>= 1.5.9)
mail (2.6.1)
mail (2.6.3)
mime-types (>= 1.16, < 3)
metaclass (0.0.4)
mime-types (2.3)
mini_portile (0.6.0)
minitest (5.4.2)
mime-types (2.4.3)
mini_portile (0.6.2)
minitest (5.5.1)
mocha (1.1.0)
metaclass (~> 0.0.1)
moped (2.0.0)
moped (2.0.4)
bson (~> 2.2)
connection_pool (~> 2.0)
optionable (~> 0.2.0)
multi_json (1.10.1)
multi_json (1.11.0)
multi_xml (0.5.5)
multipart-post (2.0.0)
nokogiri (1.6.3.1)
mini_portile (= 0.6.0)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
oauth2 (0.9.4)
faraday (>= 0.8, < 0.10)
jwt (~> 1.0)
@@ -114,54 +114,53 @@ GEM
optionable (0.2.0)
origin (2.1.1)
orm_adapter (0.5.0)
rack (1.6.0.beta)
rack (1.6.0)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (0.6.2)
rack-test (0.6.3)
rack (>= 1.0)
rails (4.2.0.beta2)
actionmailer (= 4.2.0.beta2)
actionpack (= 4.2.0.beta2)
actionview (= 4.2.0.beta2)
activejob (= 4.2.0.beta2)
activemodel (= 4.2.0.beta2)
activerecord (= 4.2.0.beta2)
activesupport (= 4.2.0.beta2)
rails (4.2.1)
actionmailer (= 4.2.1)
actionpack (= 4.2.1)
actionview (= 4.2.1)
activejob (= 4.2.1)
activemodel (= 4.2.1)
activerecord (= 4.2.1)
activesupport (= 4.2.1)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.0.beta2)
sprockets-rails (~> 3.0.0.beta1)
railties (= 4.2.1)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (1.0.3)
activesupport
rails-dom-testing (1.0.6)
activesupport (>= 4.2.0.beta, < 5.0)
nokogiri (~> 1.6.0)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.1)
rails-html-sanitizer (1.0.2)
loofah (~> 2.0)
railties (4.2.0.beta2)
actionpack (= 4.2.0.beta2)
activesupport (= 4.2.0.beta2)
railties (4.2.1)
actionpack (= 4.2.1)
activesupport (= 4.2.1)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (10.3.2)
rdoc (4.1.1)
json (~> 1.4)
responders (2.0.0)
railties (>= 4.2.0.alpha, < 5)
ruby-openid (2.5.0)
sprockets (2.12.2)
rake (10.4.2)
rdoc (4.2.0)
responders (2.1.0)
railties (>= 4.2.0, < 5)
ruby-openid (2.7.0)
sprockets (2.12.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (3.0.0.beta1)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (~> 2.8)
sqlite3 (1.3.9)
sprockets-rails (2.2.4)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
sqlite3 (1.3.10)
thor (0.19.1)
thread_safe (0.3.4)
thread_safe (0.3.5)
tilt (1.4.1)
tzinfo (1.2.2)
thread_safe (~> 0.1)
@@ -186,7 +185,7 @@ DEPENDENCIES
omniauth-facebook
omniauth-oauth2 (~> 1.1.0)
omniauth-openid (~> 1.0.1)
rails (= 4.2.0.beta2)
rails (= 4.2.1)
rdoc
sqlite3
webrat (= 0.7.3)

2
MIT-LICENSE
View File

@@ -1,4 +1,4 @@
Copyright 2009-2014 Plataformatec. http://plataformatec.com.br
Copyright 2009-2015 Plataformatec. http://plataformatec.com.br
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the

84
README.md
View File

@@ -2,8 +2,8 @@
By [Plataformatec](http://plataformatec.com.br/).
[![Build Status](https://api.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise)
[![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise)
[![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise)
[![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise)
[![Security](https://hakiri.io/github/plataformatec/devise/master.svg)](https://hakiri.io/github/plataformatec/devise/master)
This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).
@@ -13,18 +13,18 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
* Is Rack based;
* Is a complete MVC solution based on Rails engines;
* Allows you to have multiple models signed in at the same time;
* Is based on a modularity concept: use just what you really need.
* Is based on a modularity concept: use only what you really need.
It's composed of 10 modules:
* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds Omniauth (https://github.com/intridea/omniauth) support.
* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support.
* [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
* [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
* [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
* [Rememberable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
* [Trackable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
* [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have no activity in a specified period of time.
* [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time.
* [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
* [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
@@ -44,7 +44,7 @@ If you discover a problem with Devise, we would like to know about it. However,
https://github.com/plataformatec/devise/wiki/Bug-reports
If you found a security bug, do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br.
If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br.
### Mailing list
@@ -82,12 +82,12 @@ You will usually want to write tests for your changes. To run the test suite, g
## Starting with Rails?
If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources:
If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today we have two resources that should help you get started:
* Michael Hartl's online book: http://www.railstutorial.org/book/demo_app#sec-modeling_demo_users
* Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users
* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch
Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley:
## Getting started
@@ -105,7 +105,7 @@ After you install Devise and add it to your Gemfile, you need to run the generat
rails generate devise:install
```
The generator will install an initializer which describes ALL Devise's configuration options and you MUST take a look at it. When you are done, you are ready to add Devise to any of your models using the generator:
The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator:
```console
rails generate devise MODEL
@@ -121,7 +121,7 @@ Next, you need to set up the default URL options for the Devise mailer in each e
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
```
You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined.
You should restart your application after changing Devise's configuration options. Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined.
### Controller filters and helpers
@@ -151,7 +151,7 @@ You can access the session for this scope:
user_session
```
After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. For instance, for a `:user` resource, the `user_root_path` will be used if it exists, otherwise the default `root_path` will be used. This means that you need to set the root inside your routes:
After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect to. For instance, when using a `:user` resource, the `user_root_path` will be used if it exists; otherwise, the default `root_path` will be used. This means that you need to set the root inside your routes:
```ruby
root to: "home#index"
@@ -179,7 +179,7 @@ The Devise method in your models also accepts some options to configure its modu
devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20
```
Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above.
Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. This file is usually located at `/config/initializers/devise.rb`.
### Strong Parameters
@@ -191,7 +191,7 @@ There are just three actions in Devise that allows any set of parameters to be p
* `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
* `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password`
In case you want to permit additional parameters (the lazy way™) you can do with a simple before filter in your `ApplicationController`:
In case you want to permit additional parameters (the lazy way™), you can do so using a simple before filter in your `ApplicationController`:
```ruby
class ApplicationController < ActionController::Base
@@ -215,7 +215,7 @@ def configure_permitted_parameters
end
```
If you have some checkboxes that express the roles a user may take on registration, the browser will send those selected checkboxes as an array. An array is not one of Strong Parameters permitted scalars, so we need to configure Devise thusly:
If you have some checkboxes that express the roles a user may take on registration, the browser will send those selected checkboxes as an array. An array is not one of Strong Parameters' permitted scalars, so we need to configure Devise in the following way:
```ruby
def configure_permitted_parameters
@@ -226,7 +226,7 @@ For the list of permitted scalars, and how to declare permitted keys in nested h
https://github.com/rails/strong_parameters#nested-parameters
If you have multiple Devise models, you may want to set up different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic:
If you have multiple Devise models, you may want to set up a different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and adding your own logic:
```ruby
class User::ParameterSanitizer < Devise::ParameterSanitizer
@@ -272,7 +272,7 @@ After doing so, you will be able to have views based on the role like `users/ses
rails generate devise:views users
```
If you want to generate only a few set of views, like the ones for the `registrable` and `confirmable` module,
If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module,
you can pass a list of modules to the generator with the `-v` flag.
```console
@@ -336,7 +336,7 @@ If the customization at the views level is not enough, you can customize each co
This is useful for triggering background jobs or logging events during certain actions.
Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `flash[:notice]` and `flash[:alert]` as appropriate. Do not print the entire flash hash, print only specific keys. In some circumstances, Devise adds a `:timedout` key to the flash hash, which is not meant for display. Remove this key from the hash if you intend to print the entire hash.
Remember that Devise uses flash messages to let users know if sign in was successful or unsuccessful. Devise expects your application to call `flash[:notice]` and `flash[:alert]` as appropriate. Do not print the entire flash hash, print only specific keys. In some circumstances, Devise adds a `:timedout` key to the flash hash, which is not meant for display. Remove this key from the hash if you intend to print the entire hash.
### Configuring routes
@@ -356,11 +356,11 @@ devise_scope :user do
end
```
This way you tell Devise to use the scope `:user` when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router.
This way, you tell Devise to use the scope `:user` when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router.
### I18n
Devise uses flash messages with I18n with the flash keys :notice and :alert. To customize your app, you can set up your locale file:
Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file:
```yaml
en:
@@ -398,7 +398,7 @@ Take a look at our locale file to check all available messages. You may also be
https://github.com/plataformatec/devise/wiki/I18n
Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController
Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController.
### Test helpers
@@ -418,6 +418,8 @@ RSpec.configure do |config|
end
```
Just be sure that this inclusion is made *after* the `require 'rspec/rails'` directive.
Now you are ready to use the `sign_in` and `sign_out` methods. Such methods have the same signature as in controllers:
```ruby
@@ -432,22 +434,26 @@ There are two things that are important to keep in mind:
1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use:
```ruby
@request.env["devise.mapping"] = Devise.mappings[:user]
get :new
```
### Omniauth
You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki:
Devise comes with Omniauth support out of the box to authenticate with other providers. To use it, just specify your omniauth configuration in `config/initializers/devise.rb`:
* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-3-and-4-%28and-RSpec%29
### OmniAuth
Devise comes with OmniAuth support out of the box to authenticate with other providers. To use it, simply specify your OmniAuth configuration in `config/initializers/devise.rb`:
```ruby
config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
```
You can read more about Omniauth support in the wiki:
You can read more about OmniAuth support in the wiki:
* https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
@@ -460,7 +466,7 @@ Devise allows you to set up as many Devise models as you want. If you want to ha
create_table :admins do |t|
t.string :email
t.string :encrypted_password
t.timestamps
t.timestamps null: false
end
# Inside your Admin model
@@ -480,12 +486,12 @@ admin_session
Alternatively, you can simply run the Devise generator.
Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using a dedicated gem for authorization.
Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend that you use a role-based approach, by either providing a role column or using a dedicated gem for authorization.
### ActiveJob Integration
If you are using Rails 4.2 and ActiveJob to deliver ActionMailer messages in the
background through a queueing backend, you can send Devise emails through your
background through a queuing back-end, you can send Devise emails through your
existing queue by overriding the `send_devise_notification` method in your model.
```ruby
@@ -494,15 +500,29 @@ def send_devise_notification(notification, *args)
end
```
### Password reset tokens and Rails logs
If you enable the [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files:
1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked.
2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked.
Rails sets the production logger level to DEBUG by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`:
```ruby
config.log_level = :warn
```
### Other ORMs
Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file.
Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simply require it in the initializer file.
## Additional information
### Heroku
Using Devise on Heroku with Ruby on Rails 3.1 requires setting:
Using Devise on Heroku with Ruby on Rails 3.2 requires setting:
```ruby
config.assets.initialize_on_precompile = false
@@ -524,6 +544,6 @@ https://github.com/plataformatec/devise/graphs/contributors
## License
MIT License. Copyright 2009-2014 Plataformatec. http://plataformatec.com.br
MIT License. Copyright 2009-2015 Plataformatec. http://plataformatec.com.br
You are not granted rights or licenses to the trademarks of the Plataformatec, including without limitation the Devise name or logo.
You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo.

3
Rakefile
View File

@@ -1,5 +1,6 @@
# encoding: UTF-8
require "bundler/gem_tasks"
require 'bundler/gem_tasks'
require 'rake/testtask'
require 'rdoc/task'

4
app/controllers/devise/confirmations_controller.rb
View File

@@ -44,4 +44,8 @@ class Devise::ConfirmationsController < DeviseController
new_session_path(resource_name)
end
end
def translation_scope
'devise.confirmations'
end
end

4
app/controllers/devise/omniauth_callbacks_controller.rb
View File

@@ -27,4 +27,8 @@ class Devise::OmniauthCallbacksController < DeviseController
def after_omniauth_failure_path_for(scope)
new_session_path(scope)
end
def translation_scope
'devise.omniauth_callbacks'
end
end

18
app/controllers/devise/passwords_controller.rb
View File

@@ -23,6 +23,7 @@ class Devise::PasswordsController < DeviseController
# GET /resource/password/edit?reset_password_token=abcdef
def edit
self.resource = resource_class.new
set_minimum_password_length
resource.reset_password_token = params[:reset_password_token]
end
@@ -33,10 +34,15 @@ class Devise::PasswordsController < DeviseController
if resource.errors.empty?
resource.unlock_access! if unlockable?(resource)
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
set_flash_message(:notice, flash_message) if is_flashing_format?
sign_in(resource_name, resource)
respond_with resource, location: after_resetting_password_path_for(resource)
if Devise.sign_in_after_reset_password
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
set_flash_message(:notice, flash_message) if is_flashing_format?
sign_in(resource_name, resource)
respond_with resource, location: after_resetting_password_path_for(resource)
else
set_flash_message(:notice, :updated_not_active) if is_flashing_format?
respond_with resource, location: new_session_path(resource_name)
end
else
respond_with resource
end
@@ -67,4 +73,8 @@ class Devise::PasswordsController < DeviseController
resource.respond_to?(:unlock_strategy_enabled?) &&
resource.unlock_strategy_enabled?(:email)
end
def translation_scope
'devise.passwords'
end
end

21
app/controllers/devise/registrations_controller.rb
View File

@@ -1,14 +1,12 @@
class Devise::RegistrationsController < DeviseController
prepend_before_filter :require_no_authentication, only: [ :new, :create, :cancel ]
prepend_before_filter :require_no_authentication, only: [:new, :create, :cancel]
prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy]
# GET /resource/sign_up
def new
build_resource({})
@validatable = devise_mapping.validatable?
if @validatable
@minimum_password_length = resource_class.password_length.min
end
set_minimum_password_length
yield resource if block_given?
respond_with self.resource
end
@@ -16,9 +14,9 @@ class Devise::RegistrationsController < DeviseController
def create
build_resource(sign_up_params)
resource_saved = resource.save
resource.save
yield resource if block_given?
if resource_saved
if resource.persisted?
if resource.active_for_authentication?
set_flash_message :notice, :signed_up if is_flashing_format?
sign_up(resource_name, resource)
@@ -30,10 +28,7 @@ class Devise::RegistrationsController < DeviseController
end
else
clean_up_passwords resource
@validatable = devise_mapping.validatable?
if @validatable
@minimum_password_length = resource_class.password_length.min
end
set_minimum_password_length
respond_with resource
end
end
@@ -145,4 +140,8 @@ class Devise::RegistrationsController < DeviseController
def account_update_params
devise_parameter_sanitizer.sanitize(:account_update)
end
def translation_scope
'devise.registrations'
end
end

9
app/controllers/devise/sessions_controller.rb
View File

@@ -1,13 +1,14 @@
class Devise::SessionsController < DeviseController
prepend_before_filter :require_no_authentication, only: [ :new, :create ]
prepend_before_filter :require_no_authentication, only: [:new, :create]
prepend_before_filter :allow_params_authentication!, only: :create
prepend_before_filter :verify_signed_out_user, only: :destroy
prepend_before_filter only: [ :create, :destroy ] { request.env["devise.skip_timeout"] = true }
prepend_before_filter only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
# GET /resource/sign_in
def new
self.resource = resource_class.new(sign_in_params)
clean_up_passwords(resource)
yield resource if block_given?
respond_with(resource, serialize_options(resource))
end
@@ -45,6 +46,10 @@ class Devise::SessionsController < DeviseController
{ scope: resource_name, recall: "#{controller_path}#new" }
end
def translation_scope
'devise.sessions'
end
private
# Check if there is no signed in user before doing the sign out.

3
app/controllers/devise/unlocks_controller.rb
View File

@@ -43,4 +43,7 @@ class Devise::UnlocksController < DeviseController
new_session_path(resource) if is_navigational_format?
end
def translation_scope
'devise.unlocks'
end
end

52
app/controllers/devise_controller.rb
View File

@@ -6,12 +6,28 @@ class DeviseController < Devise.parent_controller.constantize
helpers = %w(resource scope_name resource_name signed_in_resource
resource_class resource_params devise_mapping)
hide_action(*helpers)
helper_method(*helpers)
prepend_before_filter :assert_is_devise_resource!
respond_to :html if mimes_for_respond_to.empty?
# Override prefixes to consider the scoped view.
# Notice we need to check for the request due to a bug in
# Action Controller tests that forces _prefixes to be
# loaded before even having a request object.
#
# This method should be public as it is is in ActionPack
# itself. Changing its visibility may break other gems.
def _prefixes #:nodoc:
@_prefixes ||= if self.class.scoped_views? && request && devise_mapping
["#{devise_mapping.scoped_path}/#{controller_name}"] + super
else
super
end
end
protected
# Gets the actual resource stored in the instance variable
def resource
instance_variable_get(:"@#{resource_name}")
@@ -38,22 +54,6 @@ class DeviseController < Devise.parent_controller.constantize
@devise_mapping ||= request.env["devise.mapping"]
end
# Override prefixes to consider the scoped view.
# Notice we need to check for the request due to a bug in
# Action Controller tests that forces _prefixes to be
# loaded before even having a request object.
def _prefixes #:nodoc:
@_prefixes ||= if self.class.scoped_views? && request && devise_mapping
["#{devise_mapping.scoped_path}/#{controller_name}"] + super
else
super
end
end
hide_action :_prefixes
protected
# Checks whether it's a devise mapped resource or not.
def assert_is_devise_resource! #:nodoc:
unknown_action! <<-MESSAGE unless devise_mapping
@@ -154,19 +154,33 @@ MESSAGE
end
end
# Sets minimum password length to show to user
def set_minimum_password_length
if devise_mapping.validatable?
@minimum_password_length = resource_class.password_length.min
end
end
def devise_i18n_options(options)
options
end
# Get message for given
def find_message(kind, options = {})
options[:scope] = "devise.#{controller_name}"
options[:scope] ||= translation_scope
options[:default] = Array(options[:default]).unshift(kind.to_sym)
options[:resource_name] = resource_name
options = devise_i18n_options(options)
I18n.t("#{options[:resource_name]}.#{kind}", options)
end
# Controllers inheriting DeviseController are advised to override this
# method so that other controllers inheriting from them would use
# existing translations.
def translation_scope
"devise.#{controller_name}"
end
def clean_up_passwords(object)
object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
end
@@ -180,4 +194,6 @@ MESSAGE
def resource_params
params.fetch(resource_name, {})
end
ActiveSupport.run_load_hooks(:devise_controller, self)
end

2
app/views/devise/confirmations/new.html.erb
View File

@@ -5,7 +5,7 @@
<div class="field">
<%= f.label :email %><br />
<%= f.email_field :email, autofocus: true %>
<%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
</div>
<div class="actions">

3
app/views/devise/passwords/edit.html.erb
View File

@@ -6,6 +6,9 @@
<div class="field">
<%= f.label :password, "New password" %><br />
<% if @minimum_password_length %>
<em>(<%= @minimum_password_length %> characters minimum)</em>
<% end %><br />
<%= f.password_field :password, autofocus: true, autocomplete: "off" %>
</div>

2
app/views/devise/registrations/new.html.erb
View File

@@ -10,7 +10,7 @@
<div class="field">
<%= f.label :password %>
<% if @validatable %>
<% if @minimum_password_length %>
<em>(<%= @minimum_password_length %> characters minimum)</em>
<% end %><br />
<%= f.password_field :password, autocomplete: "off" %>

86
gemfiles/Gemfile.rails-3.2-stable.lock
View File

@@ -1,14 +1,14 @@
GIT
remote: git://github.com/rails/rails.git
revision: 11fd052aa815ae0255ea5b2463e88138fb3fec61
revision: b344986bc3d94ca7821fc5e0eef1874882ac6cbb
branch: 3-2-stable
specs:
actionmailer (3.2.19)
actionpack (= 3.2.19)
actionmailer (3.2.21)
actionpack (= 3.2.21)
mail (~> 2.5.4)
actionpack (3.2.19)
activemodel (= 3.2.19)
activesupport (= 3.2.19)
actionpack (3.2.21)
activemodel (= 3.2.21)
activesupport (= 3.2.21)
builder (~> 3.0.0)
erubis (~> 2.7.0)
journey (~> 1.0.4)
@@ -16,31 +16,31 @@ GIT
rack-cache (~> 1.2)
rack-test (~> 0.6.1)
sprockets (~> 2.2.1)
activemodel (3.2.19)
activesupport (= 3.2.19)
activemodel (3.2.21)
activesupport (= 3.2.21)
builder (~> 3.0.0)
activerecord (3.2.19)
activemodel (= 3.2.19)
activesupport (= 3.2.19)
activerecord (3.2.21)
activemodel (= 3.2.21)
activesupport (= 3.2.21)
arel (~> 3.0.2)
tzinfo (~> 0.3.29)
activeresource (3.2.19)
activemodel (= 3.2.19)
activesupport (= 3.2.19)
activesupport (3.2.19)
activeresource (3.2.21)
activemodel (= 3.2.21)
activesupport (= 3.2.21)
activesupport (3.2.21)
i18n (~> 0.6, >= 0.6.4)
multi_json (~> 1.0)
rails (3.2.19)
actionmailer (= 3.2.19)
actionpack (= 3.2.19)
activerecord (= 3.2.19)
activeresource (= 3.2.19)
activesupport (= 3.2.19)
rails (3.2.21)
actionmailer (= 3.2.21)
actionpack (= 3.2.21)
activerecord (= 3.2.21)
activeresource (= 3.2.21)
activesupport (= 3.2.21)
bundler (~> 1.0)
railties (= 3.2.19)
railties (3.2.19)
actionpack (= 3.2.19)
activesupport (= 3.2.19)
railties (= 3.2.21)
railties (3.2.21)
actionpack (= 3.2.21)
activesupport (= 3.2.21)
rack-ssl (~> 1.3.2)
rake (>= 0.8.7)
rdoc (~> 3.4)
@@ -61,23 +61,23 @@ GEM
remote: https://rubygems.org/
specs:
arel (3.0.3)
bcrypt (3.1.7)
bcrypt (3.1.10)
builder (3.0.4)
erubis (2.7.0)
faraday (0.9.0)
faraday (0.9.1)
multipart-post (>= 1.2, < 3)
hashie (3.2.0)
hashie (3.4.0)
hike (1.2.3)
i18n (0.6.11)
i18n (0.7.0)
journey (1.0.4)
json (1.8.1)
jwt (1.0.0)
json (1.8.2)
jwt (1.4.1)
mail (2.5.4)
mime-types (~> 1.16)
treetop (~> 1.4.8)
metaclass (0.0.4)
mime-types (1.25.1)
mini_portile (0.6.0)
mini_portile (0.6.2)
mocha (1.1.0)
metaclass (~> 0.0.1)
mongoid (3.1.6)
@@ -86,11 +86,11 @@ GEM
origin (~> 1.0)
tzinfo (~> 0.3.29)
moped (1.5.2)
multi_json (1.10.1)
multi_json (1.11.0)
multi_xml (0.5.5)
multipart-post (2.0.0)
nokogiri (1.6.3.1)
mini_portile (= 0.6.0)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
oauth2 (0.9.4)
faraday (>= 0.8, < 0.10)
jwt (~> 1.0)
@@ -121,27 +121,27 @@ GEM
ruby-openid (>= 2.1.8)
rack-ssl (1.3.4)
rack
rack-test (0.6.2)
rack-test (0.6.3)
rack (>= 1.0)
rake (10.3.2)
rake (10.4.2)
rdoc (3.12.2)
json (~> 1.4)
responders (1.1.1)
responders (1.1.2)
railties (>= 3.2, < 4.2)
ruby-openid (2.5.0)
sprockets (2.2.2)
ruby-openid (2.7.0)
sprockets (2.2.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sqlite3 (1.3.9)
sqlite3 (1.3.10)
thor (0.19.1)
thread_safe (0.3.4)
thread_safe (0.3.5)
tilt (1.4.1)
treetop (1.4.15)
polyglot
polyglot (>= 0.3.1)
tzinfo (0.3.41)
tzinfo (0.3.43)
warden (1.2.3)
rack (>= 1.0)
webrat (0.7.3)

92
gemfiles/Gemfile.rails-4.0-stable.lock
View File

@@ -1,42 +1,42 @@
GIT
remote: git://github.com/rails/rails.git
revision: 2d8886e05104316273a0f95dfbcd171d3b12678b
revision: 7ec9c9635bf4d57009135ed11e89d8bf32306d73
branch: 4-0-stable
specs:
actionmailer (4.0.9)
actionpack (= 4.0.9)
actionmailer (4.0.13)
actionpack (= 4.0.13)
mail (~> 2.5, >= 2.5.4)
actionpack (4.0.9)
activesupport (= 4.0.9)
actionpack (4.0.13)
activesupport (= 4.0.13)
builder (~> 3.1.0)
erubis (~> 2.7.0)
rack (~> 1.5.2)
rack-test (~> 0.6.2)
activemodel (4.0.9)
activesupport (= 4.0.9)
activemodel (4.0.13)
activesupport (= 4.0.13)
builder (~> 3.1.0)
activerecord (4.0.9)
activemodel (= 4.0.9)
activerecord (4.0.13)
activemodel (= 4.0.13)
activerecord-deprecated_finders (~> 1.0.2)
activesupport (= 4.0.9)
activesupport (= 4.0.13)
arel (~> 4.0.0)
activesupport (4.0.9)
activesupport (4.0.13)
i18n (~> 0.6, >= 0.6.9)
minitest (~> 4.2)
multi_json (~> 1.3)
thread_safe (~> 0.1)
tzinfo (~> 0.3.37)
rails (4.0.9)
actionmailer (= 4.0.9)
actionpack (= 4.0.9)
activerecord (= 4.0.9)
activesupport (= 4.0.9)
rails (4.0.13)
actionmailer (= 4.0.13)
actionpack (= 4.0.13)
activerecord (= 4.0.13)
activesupport (= 4.0.13)
bundler (>= 1.3.0, < 2.0)
railties (= 4.0.9)
railties (= 4.0.13)
sprockets-rails (~> 2.0)
railties (4.0.9)
actionpack (= 4.0.9)
activesupport (= 4.0.9)
railties (4.0.13)
actionpack (= 4.0.13)
activesupport (= 4.0.13)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
@@ -56,40 +56,39 @@ GEM
specs:
activerecord-deprecated_finders (1.0.3)
arel (4.0.2)
bcrypt (3.1.7)
bcrypt (3.1.10)
bson (2.3.0)
builder (3.1.4)
connection_pool (2.0.0)
connection_pool (2.1.3)
erubis (2.7.0)
faraday (0.9.0)
faraday (0.9.1)
multipart-post (>= 1.2, < 3)
hashie (3.2.0)
hashie (3.4.0)
hike (1.2.3)
i18n (0.6.11)
json (1.8.1)
jwt (1.0.0)
mail (2.6.1)
i18n (0.7.0)
jwt (1.4.1)
mail (2.6.3)
mime-types (>= 1.16, < 3)
metaclass (0.0.4)
mime-types (2.3)
mini_portile (0.6.0)
mime-types (2.4.3)
mini_portile (0.6.2)
minitest (4.7.5)
mocha (1.1.0)
metaclass (~> 0.0.1)
mongoid (4.0.0)
mongoid (4.0.2)
activemodel (~> 4.0)
moped (~> 2.0.0)
origin (~> 2.1)
tzinfo (>= 0.3.37)
moped (2.0.0)
moped (2.0.4)
bson (~> 2.2)
connection_pool (~> 2.0)
optionable (~> 0.2.0)
multi_json (1.10.1)
multi_json (1.11.0)
multi_xml (0.5.5)
multipart-post (2.0.0)
nokogiri (1.6.3.1)
mini_portile (= 0.6.0)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
oauth2 (0.9.4)
faraday (>= 0.8, < 0.10)
jwt (~> 1.0)
@@ -116,28 +115,27 @@ GEM
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (0.6.2)
rack-test (0.6.3)
rack (>= 1.0)
rake (10.3.2)
rdoc (4.1.1)
json (~> 1.4)
responders (1.1.1)
rake (10.4.2)
rdoc (4.2.0)
responders (1.1.2)
railties (>= 3.2, < 4.2)
ruby-openid (2.5.0)
sprockets (2.12.1)
ruby-openid (2.7.0)
sprockets (2.12.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.1.3)
sprockets-rails (2.2.4)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (~> 2.8)
sqlite3 (1.3.9)
sprockets (>= 2.8, < 4.0)
sqlite3 (1.3.10)
thor (0.19.1)
thread_safe (0.3.4)
thread_safe (0.3.5)
tilt (1.4.1)
tzinfo (0.3.41)
tzinfo (0.3.43)
warden (1.2.3)
rack (>= 1.0)
webrat (0.7.3)

105
gemfiles/Gemfile.rails-4.1-stable.lock
View File

@@ -1,47 +1,47 @@
GIT
remote: git://github.com/rails/rails.git
revision: 90b70cd453e6b88b2ad484861ad9913f70bd15c9
revision: bf32ec7b8611e6b4c7e9398f7d297a1f0221e9b9
branch: 4-1-stable
specs:
actionmailer (4.1.5)
actionpack (= 4.1.5)
actionview (= 4.1.5)
actionmailer (4.1.10)
actionpack (= 4.1.10)
actionview (= 4.1.10)
mail (~> 2.5, >= 2.5.4)
actionpack (4.1.5)
actionview (= 4.1.5)
activesupport (= 4.1.5)
actionpack (4.1.10)
actionview (= 4.1.10)
activesupport (= 4.1.10)
rack (~> 1.5.2)
rack-test (~> 0.6.2)
actionview (4.1.5)
activesupport (= 4.1.5)
actionview (4.1.10)
activesupport (= 4.1.10)
builder (~> 3.1)
erubis (~> 2.7.0)
activemodel (4.1.5)
activesupport (= 4.1.5)
activemodel (4.1.10)
activesupport (= 4.1.10)
builder (~> 3.1)
activerecord (4.1.5)
activemodel (= 4.1.5)
activesupport (= 4.1.5)
activerecord (4.1.10)
activemodel (= 4.1.10)
activesupport (= 4.1.10)
arel (~> 5.0.0)
activesupport (4.1.5)
activesupport (4.1.10)
i18n (~> 0.6, >= 0.6.9)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
thread_safe (~> 0.1)
tzinfo (~> 1.1)
rails (4.1.5)
actionmailer (= 4.1.5)
actionpack (= 4.1.5)
actionview (= 4.1.5)
activemodel (= 4.1.5)
activerecord (= 4.1.5)
activesupport (= 4.1.5)
rails (4.1.10)
actionmailer (= 4.1.10)
actionpack (= 4.1.10)
actionview (= 4.1.10)
activemodel (= 4.1.10)
activerecord (= 4.1.10)
activesupport (= 4.1.10)
bundler (>= 1.3.0, < 2.0)
railties (= 4.1.5)
railties (= 4.1.10)
sprockets-rails (~> 2.0)
railties (4.1.5)
actionpack (= 4.1.5)
activesupport (= 4.1.5)
railties (4.1.10)
actionpack (= 4.1.10)
activesupport (= 4.1.10)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
@@ -60,40 +60,40 @@ GEM
remote: https://rubygems.org/
specs:
arel (5.0.1.20140414130214)
bcrypt (3.1.7)
bcrypt (3.1.10)
bson (2.3.0)
builder (3.2.2)
connection_pool (2.0.0)
connection_pool (2.1.3)
erubis (2.7.0)
faraday (0.9.0)
faraday (0.9.1)
multipart-post (>= 1.2, < 3)
hashie (3.2.0)
hashie (3.4.0)
hike (1.2.3)
i18n (0.6.11)
json (1.8.1)
jwt (1.0.0)
mail (2.6.1)
i18n (0.7.0)
json (1.8.2)
jwt (1.4.1)
mail (2.6.3)
mime-types (>= 1.16, < 3)
metaclass (0.0.4)
mime-types (2.3)
mini_portile (0.6.0)
minitest (5.4.0)
mime-types (2.4.3)
mini_portile (0.6.2)
minitest (5.5.1)
mocha (1.1.0)
metaclass (~> 0.0.1)
mongoid (4.0.0)
mongoid (4.0.2)
activemodel (~> 4.0)
moped (~> 2.0.0)
origin (~> 2.1)
tzinfo (>= 0.3.37)
moped (2.0.0)
moped (2.0.4)
bson (~> 2.2)
connection_pool (~> 2.0)
optionable (~> 0.2.0)
multi_json (1.10.1)
multi_json (1.11.0)
multi_xml (0.5.5)
multipart-post (2.0.0)
nokogiri (1.6.3.1)
mini_portile (= 0.6.0)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
oauth2 (0.9.4)
faraday (>= 0.8, < 0.10)
jwt (~> 1.0)
@@ -120,26 +120,25 @@ GEM
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (0.6.2)
rack-test (0.6.3)
rack (>= 1.0)
rake (10.3.2)
rdoc (4.1.1)
json (~> 1.4)
responders (1.1.1)
rake (10.4.2)
rdoc (4.2.0)
responders (1.1.2)
railties (>= 3.2, < 4.2)
ruby-openid (2.5.0)
sprockets (2.12.1)
ruby-openid (2.7.0)
sprockets (2.12.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.1.3)
sprockets-rails (2.2.4)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (~> 2.8)
sqlite3 (1.3.9)
sprockets (>= 2.8, < 4.0)
sqlite3 (1.3.10)
thor (0.19.1)
thread_safe (0.3.4)
thread_safe (0.3.5)
tilt (1.4.1)
tzinfo (1.2.2)
thread_safe (~> 0.1)

29
gemfiles/Gemfile.rails-4.2-stable Normal file
View File

@@ -0,0 +1,29 @@
source "https://rubygems.org"
gemspec path: '..'
gem "rails", github: 'rails/rails', branch: '4-2-stable'
gem "omniauth", "~> 1.2.2"
gem "omniauth-oauth2", "~> 1.2.0"
gem "rdoc"
group :test do
gem "omniauth-facebook"
gem "omniauth-openid", "~> 1.0.1"
gem "webrat", "0.7.3", require: false
gem "mocha", "~> 1.1", require: false
end
platforms :jruby do
gem "activerecord-jdbc-adapter"
gem "activerecord-jdbcsqlite3-adapter"
gem "jruby-openssl"
end
platforms :ruby do
gem "sqlite3"
end
group :mongoid do
gem "mongoid", "~> 4.0.0"
end

191
gemfiles/Gemfile.rails-4.2-stable.lock Normal file
View File

@@ -0,0 +1,191 @@
GIT
remote: git://github.com/rails/rails.git
revision: f12ff8ddab7b199707ec36d72bd72f206f142c8b
branch: 4-2-stable
specs:
actionmailer (4.2.1)
actionpack (= 4.2.1)
actionview (= 4.2.1)
activejob (= 4.2.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.1)
actionview (= 4.2.1)
activesupport (= 4.2.1)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.1)
activesupport (= 4.2.1)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
activejob (4.2.1)
activesupport (= 4.2.1)
globalid (>= 0.3.0)
activemodel (4.2.1)
activesupport (= 4.2.1)
builder (~> 3.1)
activerecord (4.2.1)
activemodel (= 4.2.1)
activesupport (= 4.2.1)
arel (~> 6.0)
activesupport (4.2.1)
i18n (~> 0.7)
json (~> 1.7, >= 1.7.7)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
rails (4.2.1)
actionmailer (= 4.2.1)
actionpack (= 4.2.1)
actionview (= 4.2.1)
activejob (= 4.2.1)
activemodel (= 4.2.1)
activerecord (= 4.2.1)
activesupport (= 4.2.1)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.1)
sprockets-rails
railties (4.2.1)
actionpack (= 4.2.1)
activesupport (= 4.2.1)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
PATH
remote: ..
specs:
devise (3.4.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
responders
thread_safe (~> 0.1)
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
arel (6.0.0)
bcrypt (3.1.10)
bson (2.3.0)
builder (3.2.2)
connection_pool (2.1.3)
erubis (2.7.0)
faraday (0.9.1)
multipart-post (>= 1.2, < 3)
globalid (0.3.3)
activesupport (>= 4.1.0)
hashie (3.4.0)
hike (1.2.3)
i18n (0.7.0)
json (1.8.2)
jwt (1.4.1)
loofah (2.0.1)
nokogiri (>= 1.5.9)
mail (2.6.3)
mime-types (>= 1.16, < 3)
metaclass (0.0.4)
mime-types (2.4.3)
mini_portile (0.6.2)
minitest (5.5.1)
mocha (1.1.0)
metaclass (~> 0.0.1)
mongoid (4.0.2)
activemodel (~> 4.0)
moped (~> 2.0.0)
origin (~> 2.1)
tzinfo (>= 0.3.37)
moped (2.0.4)
bson (~> 2.2)
connection_pool (~> 2.0)
optionable (~> 0.2.0)
multi_json (1.11.0)
multi_xml (0.5.5)
multipart-post (2.0.0)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
oauth2 (1.0.0)
faraday (>= 0.8, < 0.10)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (~> 1.2)
omniauth (1.2.2)
hashie (>= 1.2, < 4)
rack (~> 1.0)
omniauth-facebook (2.0.1)
omniauth-oauth2 (~> 1.2)
omniauth-oauth2 (1.2.0)
faraday (>= 0.8, < 0.10)
multi_json (~> 1.3)
oauth2 (~> 1.0)
omniauth (~> 1.2)
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
optionable (0.2.0)
origin (2.1.1)
orm_adapter (0.5.0)
rack (1.6.0)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (0.6.3)
rack (>= 1.0)
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (1.0.6)
activesupport (>= 4.2.0.beta, < 5.0)
nokogiri (~> 1.6.0)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.0.2)
loofah (~> 2.0)
rake (10.4.2)
rdoc (4.2.0)
responders (2.1.0)
railties (>= 4.2.0, < 5)
ruby-openid (2.7.0)
sprockets (2.12.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.2.4)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
sqlite3 (1.3.10)
thor (0.19.1)
thread_safe (0.3.5)
tilt (1.4.1)
tzinfo (1.2.2)
thread_safe (~> 0.1)
warden (1.2.3)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
rack (>= 1.0)
rack-test (>= 0.5.3)
PLATFORMS
ruby
DEPENDENCIES
activerecord-jdbc-adapter
activerecord-jdbcsqlite3-adapter
devise!
jruby-openssl
mocha (~> 1.1)
mongoid (~> 4.0.0)
omniauth (~> 1.2.2)
omniauth-facebook
omniauth-oauth2 (~> 1.2.0)
omniauth-openid (~> 1.0.1)
rails!
rdoc
sqlite3
webrat (= 0.7.3)

51
lib/devise.rb
View File

@@ -57,22 +57,6 @@ module Devise
mattr_accessor :secret_key
@@secret_key = nil
[ :allow_insecure_token_lookup,
:allow_insecure_sign_in_after_confirmation,
:token_authentication_key ].each do |method|
class_eval <<-RUBY
def self.#{method}
ActiveSupport::Deprecation.warn "Devise.#{method} is deprecated " \
"and has no effect"
end
def self.#{method}=(val)
ActiveSupport::Deprecation.warn "Devise.#{method}= is deprecated " \
"and has no effect"
end
RUBY
end
# Custom domain or key for cookies. Not set by default
mattr_accessor :rememberable_options
@@rememberable_options = {}
@@ -87,7 +71,7 @@ module Devise
# Keys used when authenticating a user.
mattr_accessor :authentication_keys
@@authentication_keys = [ :email ]
@@authentication_keys = [:email]
# Request keys used when authenticating a user.
mattr_accessor :request_keys
@@ -95,7 +79,7 @@ module Devise
# Keys that should be case-insensitive.
mattr_accessor :case_insensitive_keys
@@case_insensitive_keys = [ :email ]
@@case_insensitive_keys = [:email]
# Keys that should have whitespace stripped.
mattr_accessor :strip_whitespace_keys
@@ -150,7 +134,7 @@ module Devise
# Defines which key will be used when confirming an account.
mattr_accessor :confirmation_keys
@@confirmation_keys = [ :email ]
@@confirmation_keys = [:email]
# Defines if email should be reconfirmable.
# False by default for backwards compatibility.
@@ -181,7 +165,7 @@ module Devise
# Defines which key will be used when locking and unlocking an account
mattr_accessor :unlock_keys
@@unlock_keys = [ :email ]
@@unlock_keys = [:email]
# Defines which strategy can be used to unlock an account.
# Values: :email, :time, :both
@@ -198,12 +182,16 @@ module Devise
# Defines which key will be used when recovering the password for an account
mattr_accessor :reset_password_keys
@@reset_password_keys = [ :email ]
@@reset_password_keys = [:email]
# Time interval you can reset your password with a reset password key
mattr_accessor :reset_password_within
@@reset_password_within = 6.hours
# When set to false, resetting a password does not automatically sign in a user
mattr_accessor :sign_in_after_reset_password
@@sign_in_after_reset_password = true
# The default scope which is used by warden.
mattr_accessor :default_scope
@@default_scope = nil
@@ -246,7 +234,7 @@ module Devise
mattr_accessor :router_name
@@router_name = nil
# Set the omniauth path prefix so it can be overridden when
# Set the OmniAuth path prefix so it can be overridden when
# Devise is used in a mountable engine
mattr_accessor :omniauth_path_prefix
@@omniauth_path_prefix = nil
@@ -261,7 +249,7 @@ module Devise
mattr_reader :mappings
@@mappings = ActiveSupport::OrderedHash.new
# Omniauth configurations.
# OmniAuth configurations.
mattr_reader :omniauth_configs
@@omniauth_configs = ActiveSupport::OrderedHash.new
@@ -348,6 +336,7 @@ module Devise
# +controller+ - Symbol representing the name of an existing or custom *controller* for this module.
# +route+ - Symbol representing the named *route* helper for this module.
# +strategy+ - Symbol representing if this module got a custom *strategy*.
# +insert_at+ - Integer representing the order in which this module's model will be included
#
# All values, except :model, accept also a boolean and will have the same name as the given module
# name.
@@ -357,10 +346,12 @@ module Devise
# Devise.add_module(:party_module)
# Devise.add_module(:party_module, strategy: true, controller: :sessions)
# Devise.add_module(:party_module, model: 'party_module/model')
# Devise.add_module(:party_module, insert_at: 0)
#
def self.add_module(module_name, options = {})
ALL << module_name
options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input)
options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input, :insert_at)
ALL.insert (options[:insert_at] || -1), module_name
if strategy = options[:strategy]
strategy = (strategy == true ? module_name : strategy)
@@ -417,7 +408,7 @@ module Devise
@@warden_config_blocks << block
end
# Specify an omniauth provider.
# Specify an OmniAuth provider.
#
# config.omniauth :github, APP_ID, APP_SECRET
#
@@ -474,8 +465,12 @@ module Devise
end
# Generate a friendly string randomly to be used as token.
def self.friendly_token
SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz')
# By default, length is 20 characters.
def self.friendly_token(length = 20)
# To calculate real characters, we must perform this operation.
# See SecureRandom.urlsafe_base64
rlength = (length * 3) / 4
SecureRandom.urlsafe_base64(rlength).tr('lIO0', 'sxyz')
end
# constant-time comparison algorithm to prevent timing attacks

2
lib/devise/controllers/rememberable.rb
View File

@@ -2,7 +2,7 @@ module Devise
module Controllers
# A module that may be optionally included in a controller in order
# to provide remember me behavior. Useful when signing in is done
# through a callback, like in Omniauth.
# through a callback, like in OmniAuth.
module Rememberable
# Return default cookie values retrieved from session options.
def self.cookie_values

2
lib/devise/controllers/sign_in_out.rb
View File

@@ -6,7 +6,7 @@ module Devise
# Return true if the given scope is signed in session. If no scope given, return
# true if any scope is signed in. Does not run authentication hooks.
def signed_in?(scope=nil)
[ scope || Devise.mappings.keys ].flatten.any? do |_scope|
[scope || Devise.mappings.keys].flatten.any? do |_scope|
warden.authenticate?(scope: _scope)
end
end

4
lib/devise/controllers/store_location.rb
View File

@@ -35,7 +35,9 @@ module Devise
session_key = stored_location_key_for(resource_or_scope)
uri = parse_uri(location)
if uri
session[session_key] = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?')
path = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?')
path = [path, uri.fragment].compact.join('#')
session[session_key] = path
end
end

16
lib/devise/controllers/url_helpers.rb
View File

@@ -42,16 +42,14 @@ module Devise
[:path, :url].each do |path_or_url|
actions.each do |action|
action = action ? "#{action}_" : ""
method = "#{action}#{module_name}_#{path_or_url}"
method = :"#{action}#{module_name}_#{path_or_url}"
class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
def #{method}(resource_or_scope, *args)
scope = Devise::Mapping.find_scope!(resource_or_scope)
router_name = Devise.mappings[scope].router_name
context = router_name ? send(router_name) : _devise_route_context
context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
end
URL_HELPERS
define_method method do |resource_or_scope, *args|
scope = Devise::Mapping.find_scope!(resource_or_scope)
router_name = Devise.mappings[scope].router_name
context = router_name ? send(router_name) : _devise_route_context
context.send("#{action}#{scope}_#{module_name}_#{path_or_url}", *args)
end
end
end
end

22
lib/devise/encryptor.rb Normal file
View File

@@ -0,0 +1,22 @@
require 'bcrypt'
module Devise
module Encryptor
def self.digest(klass, password)
if klass.pepper.present?
password = "#{password}#{klass.pepper}"
end
::BCrypt::Password.create(password, cost: klass.stretches).to_s
end
def self.compare(klass, encrypted_password, password)
return false if encrypted_password.blank?
bcrypt = ::BCrypt::Password.new(encrypted_password)
if klass.pepper.present?
password = "#{password}#{klass.pepper}"
end
password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
Devise.secure_compare(password, encrypted_password)
end
end
end

36
lib/devise/failure_app.rb
View File

@@ -49,17 +49,19 @@ module Devise
def recall
env["PATH_INFO"] = attempted_path
flash.now[:alert] = i18n_message(:invalid)
flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
self.response = recall_app(warden_options[:recall]).call(env)
end
def redirect
store_location!
if flash[:timedout] && flash[:alert]
flash.keep(:timedout)
flash.keep(:alert)
else
flash[:alert] = i18n_message
if is_flashing_format?
if flash[:timedout] && flash[:alert]
flash.keep(:timedout)
flash.keep(:alert)
else
flash[:alert] = i18n_message
end
end
redirect_to redirect_url
end
@@ -91,7 +93,7 @@ module Devise
def redirect_url
if warden_message == :timeout
flash[:timedout] = true
flash[:timedout] = true if is_flashing_format?
path = if request.get?
attempted_path
@@ -105,15 +107,23 @@ module Devise
end
end
def route(scope)
:"new_#{scope}_session_url"
end
def scope_url
opts = {}
route = :"new_#{scope}_session_url"
route = route(scope)
opts[:format] = request_format unless skip_format?
config = Rails.application.config
opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root))
context = send(Devise.available_router_name)
if config.respond_to?(:relative_url_root) && config.relative_url_root.present?
opts[:script_name] = config.relative_url_root
end
router_name = Devise.mappings[scope].router_name || Devise.available_router_name
context = send(router_name)
if context.respond_to?(route)
context.send(route, opts)
@@ -205,6 +215,12 @@ module Devise
Devise.navigational_formats.include?(request_format)
end
# Check if flash messages should be emitted. Default is to do it on
# navigational formats
def is_flashing_format?
is_navigational_format?
end
def request_format
@request_format ||= request.format.try(:ref)
end

1
lib/devise/mapping.rb
View File

@@ -31,6 +31,7 @@ module Devise
# Receives an object and find a scope for it. If a scope cannot be found,
# raises an error. If a symbol is given, it's considered to be the scope.
def self.find_scope!(obj)
obj = obj.devise_scope if obj.respond_to?(:devise_scope)
case obj
when String, Symbol
return obj.to_sym

42
lib/devise/models/authenticatable.rb
View File

@@ -1,3 +1,4 @@
require 'active_model/version'
require 'devise/hooks/activatable'
require 'devise/hooks/csrf_cleaner'
@@ -37,7 +38,7 @@ module Devise
# calling model.active_for_authentication?. This method is overwritten by other devise modules. For instance,
# :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.
#
# You overwrite this method yourself, but if you do, don't forget to call super:
# You can overwrite this method yourself, but if you do, don't forget to call super:
#
# def active_for_authentication?
# super && special_condition_is_valid?
@@ -95,29 +96,22 @@ module Devise
def authenticatable_salt
end
array = %w(serializable_hash)
# to_xml does not call serializable_hash on 3.1
array << "to_xml" if Rails::VERSION::STRING[0,3] == "3.1"
# Redefine serializable_hash in models for more secure defaults.
# By default, it removes from the serializable model all attributes that
# are *not* accessible. You can remove this default by using :force_except
# and passing a new list of attributes you want to exempt. All attributes
# given to :except will simply add names to exempt to Devise internal list.
def serializable_hash(options = nil)
options ||= {}
options[:except] = Array(options[:except])
array.each do |method|
class_eval <<-RUBY, __FILE__, __LINE__
# Redefine to_xml and serializable_hash in models for more secure defaults.
# By default, it removes from the serializable model all attributes that
# are *not* accessible. You can remove this default by using :force_except
# and passing a new list of attributes you want to exempt. All attributes
# given to :except will simply add names to exempt to Devise internal list.
def #{method}(options=nil)
options ||= {}
options[:except] = Array(options[:except])
if options[:force_except]
options[:except].concat Array(options[:force_except])
else
options[:except].concat BLACKLIST_FOR_SERIALIZATION
end
if options[:force_except]
options[:except].concat Array(options[:force_except])
else
options[:except].concat BLACKLIST_FOR_SERIALIZATION
end
super(options)
end
RUBY
super(options)
end
protected
@@ -252,12 +246,12 @@ module Devise
to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts))
end
# Find an initialize a record setting an error if it can't be found.
# Find or initialize a record setting an error if it can't be found.
def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
find_or_initialize_with_errors([attribute], { attribute => value }, error)
end
# Find an initialize a group of attributes based on a list of required attributes.
# Find or initialize a record with group of attributes based on a list of required attributes.
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
attributes = attributes.slice(*required_attributes).with_indifferent_access
attributes.delete_if { |key, value| value.blank? }

36
lib/devise/models/confirmable.rb
View File

@@ -5,6 +5,14 @@ module Devise
# Confirmation instructions are sent to the user email after creating a
# record and when manually requested by a new confirmation instruction request.
#
# Confirmable tracks the following columns:
#
# * confirmation_token - An OpenSSL::HMAC.hexdigest of @raw_confirmation_token
# * confirmed_at - A timestamp when the user clicked the confirmation link
# * confirmation_sent_at - A timestamp when the confirmation_token was generated (not sent)
# * unconfirmed_email - An email address copied from the email attr. After confirmation
# this value is copied to the email attr then cleared
#
# == Options
#
# Confirmable adds the following options to +devise+:
@@ -24,7 +32,7 @@ module Devise
#
# == Examples
#
# User.find(1).confirm! # returns true unless it's already confirmed
# User.find(1).confirm # returns true unless it's already confirmed
# User.find(1).confirmed? # true/false
# User.find(1).send_confirmation_instructions # manually send instructions
#
@@ -56,7 +64,7 @@ module Devise
# Confirm a user by setting it's confirmed_at to actual time. If the user
# is already confirmed, add an error to email field. If the user is invalid
# add errors
def confirm!
def confirm(args={})
pending_any_confirmation do
if confirmation_period_expired?
self.errors.add(:email, :confirmation_period_expired,
@@ -64,7 +72,6 @@ module Devise
return false
end
self.confirmation_token = nil
self.confirmed_at = Time.now.utc
saved = if self.class.reconfirmable && unconfirmed_email.present?
@@ -75,7 +82,7 @@ module Devise
# We need to validate in such cases to enforce e-mail uniqueness
save(validate: true)
else
save(validate: false)
save(validate: args[:ensure_valid] == true)
end
after_confirmation if saved
@@ -83,6 +90,11 @@ module Devise
end
end
def confirm!(args={})
ActiveSupport::Deprecation.warn "confirm! is deprecated in favor of confirm"
confirm(args)
end
# Verifies whether a user is confirmed or not
def confirmed?
!!confirmed_at
@@ -202,7 +214,7 @@ module Devise
# confirmation_period_expired? # will always return false
#
def confirmation_period_expired?
self.class.confirm_within && (Time.now > self.confirmation_sent_at + self.class.confirm_within )
self.class.confirm_within && (Time.now > self.confirmation_sent_at + self.class.confirm_within)
end
# Checks whether the record requires any confirmation.
@@ -216,7 +228,7 @@ module Devise
end
# Generates a new random token for confirmation, and stores
# the time this token is being generated
# the time this token is being generated in confirmation_sent_at
def generate_confirmation_token
raw, enc = Devise.token_generator.generate(self.class, :confirmation_token)
@raw_confirmation_token = raw
@@ -249,6 +261,16 @@ module Devise
confirmation_required? && !@skip_confirmation_notification && self.email.present?
end
# A callback initiated after successfully confirming. This can be
# used to insert your own logic that is only run after the user successfully
# confirms.
#
# Example:
#
# def after_confirmation
# self.update_attribute(:invite_code, nil)
# end
#
def after_confirmation
end
@@ -275,7 +297,7 @@ module Devise
confirmation_token = Devise.token_generator.digest(self, :confirmation_token, confirmation_token)
confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token)
confirmable.confirm! if confirmable.persisted?
confirmable.confirm if confirmable.persisted?
confirmable.confirmation_token = original_token
confirmable
end

15
lib/devise/models/database_authenticatable.rb
View File

@@ -1,10 +1,10 @@
require 'devise/strategies/database_authenticatable'
require 'bcrypt'
require 'devise/encryptor'
module Devise
# Digests the password using bcrypt.
def self.bcrypt(klass, password)
::BCrypt::Password.create("#{password}#{klass.pepper}", cost: klass.stretches).to_s
ActiveSupport::Deprecation.warn "Devise.bcrypt is deprecated; use Devise::Encryptor.digest instead"
Devise::Encryptor.digest(klass, password)
end
module Models
@@ -42,12 +42,9 @@ module Devise
self.encrypted_password = password_digest(@password) if @password.present?
end
# Verifies whether an password (ie from sign in) is the user password.
# Verifies whether a password (ie from sign in) is the user password.
def valid_password?(password)
return false if encrypted_password.blank?
bcrypt = ::BCrypt::Password.new(encrypted_password)
password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
Devise.secure_compare(password, encrypted_password)
Devise::Encryptor.compare(self.class, encrypted_password, password)
end
# Set password and password confirmation to nil
@@ -145,7 +142,7 @@ module Devise
# See https://github.com/plataformatec/devise-encryptable for examples
# of other encryption engines.
def password_digest(password)
Devise.bcrypt(self.class, password)
Devise::Encryptor.digest(self.class, password)
end
module ClassMethods

32
lib/devise/models/recoverable.rb
View File

@@ -8,11 +8,13 @@ module Devise
# Recoverable adds the following options to devise_for:
#
# * +reset_password_keys+: the keys you want to use when recovering the password for an account
# * +reset_password_within+: the time period within which the password must be reset or the token expires.
# * +sign_in_after_reset_password+: whether or not to sign in the user automatically after a password reset.
#
# == Examples
#
# # resets the user password and save the record, true if valid passwords are given, otherwise false
# User.find(1).reset_password!('password123', 'password123')
# User.find(1).reset_password('password123', 'password123')
#
# # only resets the user password, without saving the record
# user = User.find(1)
@@ -28,20 +30,33 @@ module Devise
[:reset_password_sent_at, :reset_password_token]
end
included do
before_save do
if email_changed? || encrypted_password_changed?
clear_reset_password_token
end
end
end
# Update password saving the record and clearing token. Returns true if
# the passwords are valid and the record was saved, false otherwise.
def reset_password!(new_password, new_password_confirmation)
def reset_password(new_password, new_password_confirmation)
self.password = new_password
self.password_confirmation = new_password_confirmation
if valid?
clear_reset_password_token
if respond_to?(:after_password_reset) && valid?
ActiveSupport::Deprecation.warn "after_password_reset is deprecated"
after_password_reset
end
save
end
def reset_password!(new_password, new_password_confirmation)
ActiveSupport::Deprecation.warn "reset_password! is deprecated in favor of reset_password"
reset_password(new_password, new_password_confirmation)
end
# Resets reset password token and send reset password instructions by email.
# Returns the token sent in the e-mail.
def send_reset_password_instructions
@@ -83,9 +98,6 @@ module Devise
self.reset_password_sent_at = nil
end
def after_password_reset
end
def set_reset_password_token
raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
@@ -130,17 +142,17 @@ module Devise
if recoverable.persisted?
if recoverable.reset_password_period_valid?
recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])
recoverable.reset_password(attributes[:password], attributes[:password_confirmation])
else
recoverable.errors.add(:reset_password_token, :expired)
end
end
recoverable.reset_password_token = original_token
recoverable.reset_password_token = original_token if recoverable.reset_password_token.present?
recoverable
end
Devise::Models.config(self, :reset_password_keys, :reset_password_within)
Devise::Models.config(self, :reset_password_keys, :reset_password_within, :sign_in_after_reset_password)
end
end
end

19
lib/devise/models/rememberable.rb
View File

@@ -46,7 +46,7 @@ module Devise
end
# Generate a new remember token and save the record without validations
# unless remember_across_browsers is true and the user already has a valid token.
# if remember expired (token is no longer valid) or extend_remember_period is true
def remember_me!(extend_period=false)
self.remember_token = self.class.remember_token if generate_remember_token?
self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
@@ -75,7 +75,7 @@ module Devise
def rememberable_value
if respond_to?(:remember_token)
remember_token
elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt)
elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt.presence)
salt
else
raise "authenticable_salt returned nil for the #{self.class.name} model. " \
@@ -89,6 +89,19 @@ module Devise
self.class.rememberable_options
end
# A callback initiated after successfully being remembered. This can be
# used to insert your own logic that is only run after the user is
# remembered.
#
# Example:
#
# def after_remembered
# self.update_attribute(:invite_code, nil)
# end
#
def after_remembered
end
protected
def generate_remember_token? #:nodoc:
@@ -98,7 +111,7 @@ module Devise
# Generate a timestamp if extend_remember_period is true, if no remember_token
# exists, or if an existing remember token has expired.
def generate_remember_timestamp?(extend_period) #:nodoc:
extend_period || remember_created_at.nil? || remember_expired?
extend_period || remember_expired?
end
module ClassMethods

3
lib/devise/models/trackable.rb
View File

@@ -30,8 +30,7 @@ module Devise
def update_tracked_fields!(request)
update_tracked_fields(request)
save(validate: false) or raise "Devise trackable could not save #{inspect}." \
"Please make sure a model using trackable can be saved at sign in."
save(validate: false)
end
end
end

6
lib/devise/models/validatable.rb
View File

@@ -10,12 +10,12 @@ module Devise
# Validatable adds the following options to devise_for:
#
# * +email_regexp+: the regular expression used to validate e-mails;
# * +password_length+: a range expressing password length. Defaults to 8..128.
# * +password_length+: a range expressing password length. Defaults to 8..72.
#
module Validatable
# All validations used by this module.
VALIDATIONS = [ :validates_presence_of, :validates_uniqueness_of, :validates_format_of,
:validates_confirmation_of, :validates_length_of ].freeze
VALIDATIONS = [:validates_presence_of, :validates_uniqueness_of, :validates_format_of,
:validates_confirmation_of, :validates_length_of].freeze
def self.required_fields(klass)
[]

2
lib/devise/rails.rb
View File

@@ -17,7 +17,7 @@ module Devise
Devise.include_helpers(Devise::Controllers)
end
initializer "devise.omniauth" do |app|
initializer "devise.omniauth", after: :load_config_initializers, before: :build_middleware_stack do |app|
Devise.omniauth_configs.each do |provider, config|
app.middleware.use config.strategy_class, *config.args do |strategy|
config.strategy = strategy

6
lib/devise/rails/routes.rb
View File

@@ -119,7 +119,7 @@ module ActionDispatch::Routing
# * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get),
# if you wish to restrict this to accept only :post or :delete requests you should do:
#
# devise_for :users, sign_out_via: [ :post, :delete ]
# devise_for :users, sign_out_via: [:post, :delete]
#
# You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
#
@@ -402,7 +402,7 @@ module ActionDispatch::Routing
def devise_omniauth_callback(mapping, controllers) #:nodoc:
if mapping.fullpath =~ /:[a-zA-Z_]/
raise <<-ERROR
Devise does not support scoping omniauth callbacks under a dynamic segment
Devise does not support scoping OmniAuth callbacks under a dynamic segment
and you have set #{mapping.fullpath.inspect}. You can work around by passing
`skip: :omniauth_callbacks` and manually defining the routes. Here is an example:
@@ -414,7 +414,7 @@ and you have set #{mapping.fullpath.inspect}. You can work around by passing
match "/users/auth/:action/callback",
constraints: { action: /google|facebook/ },
to: "devise/omniauth_callbacks",
to: "devise/omniauth_callbacks#:action",
as: :omniauth_callback,
via: [:get, :post]
ERROR

7
lib/devise/strategies/authenticatable.rb
View File

@@ -57,7 +57,7 @@ module Devise
# Check if this is a valid strategy for http authentication by:
#
# * Validating if the model allows params authentication;
# * Validating if the model allows http authentication;
# * If any of the authorization headers were sent;
# * If all authentication keys are present;
#
@@ -108,7 +108,10 @@ module Devise
params_auth_hash.is_a?(Hash)
end
# Check if password is present.
# Note: unlike `Model.valid_password?`, this method does not actually
# ensure that the password in the params matches the password stored in
# the database. It only checks if the password is *present*. Do not rely
# on this method for validating that a given password is correct.
def valid_password?
password.present?
end

2
lib/devise/strategies/database_authenticatable.rb
View File

@@ -5,7 +5,7 @@ module Devise
# Default strategy for signing in a user, based on their email and password in the database.
class DatabaseAuthenticatable < Authenticatable
def authenticate!
resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
encrypted = false
if validate(resource){ encrypted = true; resource.valid_password?(password) }

10
lib/devise/strategies/rememberable.rb
View File

@@ -27,10 +27,20 @@ module Devise
if validate(resource)
remember_me(resource)
extend_remember_me_period(resource)
resource.after_remembered
success!(resource)
end
end
# No need to clean up the CSRF when using rememberable.
# In fact, cleaning it up here would be a bug because
# rememberable is triggered on GET requests which means
# we would render a page on first access with all csrf
# tokens expired.
def clean_up_csrf?
false
end
private
def extend_remember_me_period(resource)

4
lib/devise/test_helpers.rb
View File

@@ -26,11 +26,11 @@ module Devise
# Quick access to Warden::Proxy.
def warden #:nodoc:
@warden ||= begin
@request.env['warden'] ||= begin
manager = Warden::Manager.new(nil) do |config|
config.merge! Devise.warden_config
end
@request.env['warden'] = Warden::Proxy.new(@request.env, manager)
Warden::Proxy.new(@request.env, manager)
end
end

2
lib/devise/version.rb
View File

@@ -1,3 +1,3 @@
module Devise
VERSION = "3.4.1".freeze
VERSION = "3.5.1".freeze
end

2
lib/generators/active_record/templates/migration.rb
View File

@@ -7,7 +7,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
t.<%= attribute.type %> :<%= attribute.name %>
<% end -%>
t.timestamps
t.timestamps null: false
end
add_index :<%= table_name %>, :email, unique: true

2
lib/generators/active_record/templates/migration_existing.rb
View File

@@ -8,7 +8,7 @@ class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
<% end -%>
# Uncomment below if timestamps were not included in your original model.
# t.timestamps
# t.timestamps null: false
end
add_index :<%= table_name %>, :email, unique: true

2
lib/generators/templates/controllers/README
View File

@@ -7,7 +7,7 @@ Some setup you must do manually if you haven't yet:
Rails.application.routes.draw do
devise_for :users, controllers: {
sessions: 'sessions'
sessions: 'users/sessions'
}
end

2
lib/generators/templates/controllers/omniauth_callbacks_controller.rb
View File

@@ -21,7 +21,7 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback
# protected
# The path used when omniauth fails
# The path used when OmniAuth fails
# def after_omniauth_failure_path_for(scope)
# super(scope)
# end

4
lib/generators/templates/controllers/registrations_controller.rb
View File

@@ -38,12 +38,12 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl
# protected
# You can put the params you want to permit in the empty array.
# If you have extra params to permit, append them to the sanitizer.
# def configure_sign_up_params
# devise_parameter_sanitizer.for(:sign_up) << :attribute
# end
# You can put the params you want to permit in the empty array.
# If you have extra params to permit, append them to the sanitizer.
# def configure_account_update_params
# devise_parameter_sanitizer.for(:account_update) << :attribute
# end

2
lib/generators/templates/controllers/sessions_controller.rb
View File

@@ -18,7 +18,7 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController
# protected
# You can put the params you want to permit in the empty array.
# If you have extra params to permit, append them to the sanitizer.
# def configure_sign_in_params
# devise_parameter_sanitizer.for(:sign_in) << :attribute
# end

22
lib/generators/templates/devise.rb
View File

@@ -4,6 +4,8 @@ Devise.setup do |config|
# The secret key used by Devise. Devise uses this key to generate
# random tokens. Changing this key will render invalid all existing
# confirmation, reset password and unlock tokens in the database.
# Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
# by default. You can change it below and use your own secret key.
<% if rails_4? -%>
# config.secret_key = '<%= SecureRandom.hex(64) %>'
<% else -%>
@@ -33,7 +35,7 @@ Devise.setup do |config|
# session. If you need permissions, you should implement that in a before filter.
# You can also supply a hash where the value is a boolean determining whether
# or not authentication should be aborted when the value is not present.
# config.authentication_keys = [ :email ]
# config.authentication_keys = [:email]
# Configure parameters from the request object used for authentication. Each entry
# given should be a request method and it will automatically be passed to the
@@ -45,12 +47,12 @@ Devise.setup do |config|
# Configure which authentication keys should be case-insensitive.
# These keys will be downcased upon creating or modifying a user and when used
# to authenticate or find a user. Default is :email.
config.case_insensitive_keys = [ :email ]
config.case_insensitive_keys = [:email]
# Configure which authentication keys should have whitespace stripped.
# These keys will have whitespace before and after removed upon creating or
# modifying a user and when used to authenticate or find a user. Default is :email.
config.strip_whitespace_keys = [ :email ]
config.strip_whitespace_keys = [:email]
# Tell if authentication through request.params is enabled. True by default.
# It can be set to an array that will enable params authentication only for the
@@ -126,7 +128,7 @@ Devise.setup do |config|
config.reconfirmable = true
# Defines which key will be used when confirming an account
# config.confirmation_keys = [ :email ]
# config.confirmation_keys = [:email]
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
@@ -144,7 +146,7 @@ Devise.setup do |config|
# ==> Configuration for :validatable
# Range for password length.
config.password_length = 8..128
config.password_length = 8..72
# Email regex used to validate email formats. It simply asserts that
# one (and only one) @ exists in the given string. This is mainly
@@ -166,7 +168,7 @@ Devise.setup do |config|
# config.lock_strategy = :failed_attempts
# Defines which key will be used when locking and unlocking an account
# config.unlock_keys = [ :email ]
# config.unlock_keys = [:email]
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
@@ -188,13 +190,17 @@ Devise.setup do |config|
# ==> Configuration for :recoverable
#
# Defines which key will be used when recovering the password for an account
# config.reset_password_keys = [ :email ]
# config.reset_password_keys = [:email]
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 6.hours
# When set to false, does not sign a user in automatically after their password is
# reset. Defaults to true, so a user is signed in automatically after a reset.
# config.sign_in_after_reset_password = true
# ==> Configuration for :encryptable
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
@@ -257,7 +263,7 @@ Devise.setup do |config|
# The router that invoked `devise_for`, in the example above, would be:
# config.router_name = :my_engine
#
# When using omniauth, Devise cannot automatically set Omniauth path,
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
# so you need to do it manually. For the users scope, it would be:
# config.omniauth_path_prefix = '/my_engine/users/auth'
end

2
lib/generators/templates/simple_form_for/passwords/edit.html.erb
View File

@@ -7,7 +7,7 @@
<%= f.full_error :reset_password_token %>
<div class="form-inputs">
<%= f.input :password, label: "New password", required: true, autofocus: true %>
<%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %>
<%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
</div>

2
lib/generators/templates/simple_form_for/registrations/new.html.erb
View File

@@ -5,7 +5,7 @@
<div class="form-inputs">
<%= f.input :email, required: true, autofocus: true %>
<%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %>
<%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %>
<%= f.input :password_confirmation, required: true %>
</div>

7
test/controllers/custom_registrations_controller_test.rb
View File

@@ -8,7 +8,7 @@ class CustomRegistrationsControllerTest < ActionController::TestCase
setup do
request.env["devise.mapping"] = Devise.mappings[:user]
@password = 'password'
@user = create_user(password: @password, password_confirmation: @password).tap(&:confirm!)
@user = create_user(password: @password, password_confirmation: @password).tap(&:confirm)
end
test "yield resource to block on create success" do
@@ -32,4 +32,9 @@ class CustomRegistrationsControllerTest < ActionController::TestCase
put :update, { user: { } }
assert @controller.update_block_called?, "update failed to yield resource to provided block"
end
test "yield resource to block on new" do
get :new
assert @controller.new_block_called?, "new failed to yield resource to provided block"
end
end

5
test/controllers/helpers_test.rb
View File

@@ -245,6 +245,11 @@ class ControllerAuthenticatableTest < ActionController::TestCase
assert_equal "/foo?bar=baz", @controller.stored_location_for(:user)
end
test 'store location for stores fragments' do
@controller.store_location_for(:user, "/foo#bar")
assert_equal "/foo#bar", @controller.stored_location_for(:user)
end
test 'after sign in path defaults to root path if none by was specified for the given scope' do
assert_equal root_path, @controller.after_sign_in_path_for(:user)
end

51
test/controllers/inherited_controller_i18n_messages_test.rb Normal file
View File

@@ -0,0 +1,51 @@
require 'test_helper'
class SessionsInheritedController < Devise::SessionsController
def test_i18n_scope
set_flash_message(:notice, :signed_in)
end
end
class AnotherInheritedController < SessionsInheritedController
protected
def translation_scope
'another'
end
end
class InheritedControllerTest < ActionController::TestCase
tests SessionsInheritedController
def setup
@mock_warden = OpenStruct.new
@controller.request.env['warden'] = @mock_warden
@controller.request.env['devise.mapping'] = Devise.mappings[:user]
end
test 'I18n scope is inherited from Devise::Sessions' do
I18n.expects(:t).with do |message, options|
message == 'user.signed_in' &&
options[:scope] == 'devise.sessions'
end
@controller.test_i18n_scope
end
end
class AnotherInheritedControllerTest < ActionController::TestCase
tests AnotherInheritedController
def setup
@mock_warden = OpenStruct.new
@controller.request.env['warden'] = @mock_warden
@controller.request.env['devise.mapping'] = Devise.mappings[:user]
end
test 'I18n scope is overridden' do
I18n.expects(:t).with do |message, options|
message == 'user.signed_in' &&
options[:scope] == 'another'
end
@controller.test_i18n_scope
end
end

8
test/controllers/internal_helpers_test.rb
View File

@@ -13,16 +13,16 @@ class HelpersTest < ActionController::TestCase
end
test 'get resource name from env' do
assert_equal :user, @controller.resource_name
assert_equal :user, @controller.send(:resource_name)
end
test 'get resource class from env' do
assert_equal User, @controller.resource_class
assert_equal User, @controller.send(:resource_class)
end
test 'get resource instance variable from env' do
@controller.instance_variable_set(:@user, user = User.new)
assert_equal user, @controller.resource
assert_equal user, @controller.send(:resource)
end
test 'set resource instance variable from env' do
@@ -80,7 +80,7 @@ class HelpersTest < ActionController::TestCase
test 'signed in resource returns signed in resource for current scope' do
@mock_warden.expects(:authenticate).with(scope: :user).returns(User.new)
assert_kind_of User, @controller.signed_in_resource
assert_kind_of User, @controller.send(:signed_in_resource)
end
test 'is a devise controller' do

19
test/controllers/load_hooks_controller_test.rb Normal file
View File

@@ -0,0 +1,19 @@
require 'test_helper'
class LoadHooksControllerTest < ActionController::TestCase
setup do
ActiveSupport.on_load(:devise_controller) do
define_method :defined_by_load_hook do
puts 'I am defined dynamically by activesupport load hook'
end
end
end
teardown do
DeviseController.class_eval { undef :defined_by_load_hook }
end
test 'load hook called when controller is loaded' do
assert DeviseController.instance_methods.include? :defined_by_load_hook
end
end

2
test/controllers/passwords_controller_test.rb
View File

@@ -6,7 +6,7 @@ class PasswordsControllerTest < ActionController::TestCase
setup do
request.env["devise.mapping"] = Devise.mappings[:user]
@user = create_user.tap(&:confirm!)
@user = create_user.tap(&:confirm)
@raw = @user.send_reset_password_instructions
end

6
test/controllers/sessions_controller_test.rb
View File

@@ -36,7 +36,7 @@ class SessionsControllerTest < ActionController::TestCase
request.session["user_return_to"] = 'foo.bar'
user = create_user
user.confirm!
user.confirm
post :create, user: {
email: user.email,
password: user.password
@@ -50,7 +50,7 @@ class SessionsControllerTest < ActionController::TestCase
request.session["user_return_to"] = 'foo.bar'
user = create_user
user.confirm!
user.confirm
post :create, format: 'json', user: {
email: user.email,
password: user.password
@@ -72,7 +72,7 @@ class SessionsControllerTest < ActionController::TestCase
test "#destroy doesn't set the flash if the requested format is not navigational" do
request.env["devise.mapping"] = Devise.mappings[:user]
user = create_user
user.confirm!
user.confirm
post :create, format: 'json', user: {
email: user.email,
password: user.password

4
test/devise_test.rb
View File

@@ -14,11 +14,11 @@ class DeviseTest < ActiveSupport::TestCase
test 'bcrypt on the class' do
password = "super secret"
klass = Struct.new(:pepper, :stretches).new("blahblah", 2)
hash = Devise.bcrypt(klass, password)
hash = Devise::Encryptor.digest(klass, password)
assert_equal ::BCrypt::Password.create(hash), hash
klass = Struct.new(:pepper, :stretches).new("bla", 2)
hash = Devise.bcrypt(klass, password)
hash = Devise::Encryptor.digest(klass, password)
assert_not_equal ::BCrypt::Password.new(hash), hash
end

23
test/failure_app_test.rb
View File

@@ -26,6 +26,22 @@ class FailureTest < ActiveSupport::TestCase
end
end
class FakeEngineApp < Devise::FailureApp
class FakeEngine
def new_user_on_engine_session_url _
'/user_on_engines/sign_in'
end
end
def main_app
raise 'main_app router called instead of fake_engine'
end
def fake_engine
@fake_engine ||= FakeEngine.new
end
end
def self.context(name, &block)
instance_eval(&block)
end
@@ -85,6 +101,13 @@ class FailureTest < ActiveSupport::TestCase
end
end
test 'returns to the default redirect location considering the router for supplied scope' do
call_failure app: FakeEngineApp, 'warden.options' => { scope: :user_on_engine }
assert_equal 302, @response.first
assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
assert_equal 'http://test.host/user_on_engines/sign_in', @response.second['Location']
end
if Rails.application.config.respond_to?(:relative_url_root)
test 'returns to the default redirect location considering the relative url root' do
swap Rails.application.config, relative_url_root: "/sample" do

11
test/integration/database_authenticatable_test.rb
View File

@@ -81,4 +81,15 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest
assert_contain 'Invalid credentials'
end
end
test 'valid sign in calls after_database_authentication callback' do
user = create_user(email: ' foo@bar.com ')
User.expects(:find_for_database_authentication).returns user
user.expects :after_database_authentication
sign_in_as_user do
fill_in 'email', with: 'foo@bar.com'
end
end
end

2
test/integration/omniauthable_test.rb
View File

@@ -121,7 +121,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest
assert_contain 'Could not authenticate you from Facebook because "Access denied".'
end
test "handles other exceptions from omniauth" do
test "handles other exceptions from OmniAuth" do
OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
visit "/users/sign_in"

13
test/integration/recoverable_test.rb
View File

@@ -197,6 +197,19 @@ class PasswordTest < ActionDispatch::IntegrationTest
assert warden.authenticated?(:user)
end
test 'does not sign in user automatically after changing its password if config.sign_in_after_reset_password is false' do
swap Devise, sign_in_after_reset_password: false do
create_user
request_forgot_password
reset_password
assert_contain 'Your password has been changed successfully.'
assert_not_contain 'You are now signed in.'
assert_equal new_user_session_path, @request.path
assert !warden.authenticated?(:user)
end
end
test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
[:none, :time].each do |strategy|
swap Devise, unlock_strategy: strategy do

9
test/integration/rememberable_test.rb
View File

@@ -164,4 +164,13 @@ class RememberMeTest < ActionDispatch::IntegrationTest
get users_path
assert_not warden.authenticated?(:user)
end
test 'valid sign in calls after_remembered callback' do
user = create_user_and_remember
User.expects(:serialize_from_cookie).returns user
user.expects :after_remembered
get new_user_registration_path
end
end

6
test/mapping_test.rb
View File

@@ -71,6 +71,12 @@ class MappingTest < ActiveSupport::TestCase
assert_equal :user, Devise::Mapping.find_scope!(Class.new(User).new)
end
test 'find scope uses devise_scope' do
user = User.new
def user.devise_scope; :special_scope; end
assert_equal :special_scope, Devise::Mapping.find_scope!(user)
end
test 'find scope raises an error if cannot be found' do
assert_raise RuntimeError do
Devise::Mapping.find_scope!(String)

81
test/models/confirmable_test.rb
View File

@@ -23,31 +23,24 @@ class ConfirmableTest < ActiveSupport::TestCase
test 'should confirm a user by updating confirmed at' do
user = create_user
assert_nil user.confirmed_at
assert user.confirm!
assert user.confirm
assert_not_nil user.confirmed_at
end
test 'should clear confirmation token while confirming a user' do
user = create_user
assert_present user.confirmation_token
user.confirm!
assert_nil user.confirmation_token
end
test 'should verify whether a user is confirmed or not' do
assert_not new_user.confirmed?
user = create_user
assert_not user.confirmed?
user.confirm!
user.confirm
assert user.confirmed?
end
test 'should not confirm a user already confirmed' do
user = create_user
assert user.confirm!
assert user.confirm
assert_blank user.errors[:email]
assert_not user.confirm!
assert_not user.confirm
assert_equal "was already confirmed, please try signing in", user.errors[:email].join
end
@@ -80,6 +73,16 @@ class ConfirmableTest < ActiveSupport::TestCase
assert_equal "was already confirmed, please try signing in", confirmed_user.errors[:email].join
end
test 'should show error when a token has already been used' do
user = create_user
raw = user.raw_confirmation_token
User.confirm_by_token(raw)
assert user.reload.confirmed?
confirmed_user = User.confirm_by_token(raw)
assert_equal "was already confirmed, please try signing in", confirmed_user.errors[:email].join
end
test 'should send confirmation instructions by email' do
assert_email_sent "mynewuser@example.com" do
create_user email: "mynewuser@example.com"
@@ -165,18 +168,19 @@ class ConfirmableTest < ActiveSupport::TestCase
test 'should not reset confirmation status or token when updating email' do
user = create_user
user.confirm!
original_token = user.confirmation_token
user.confirm
user.email = 'new_test@example.com'
user.save!
user.reload
assert user.confirmed?
assert_nil user.confirmation_token
assert_equal original_token, user.confirmation_token
end
test 'should not be able to send instructions if the user is already confirmed' do
user = create_user
user.confirm!
user.confirm
assert_not user.resend_confirmation_instructions
assert user.confirmed?
assert_equal 'was already confirmed, please try signing in', user.errors[:email].join
@@ -211,7 +215,7 @@ class ConfirmableTest < ActiveSupport::TestCase
assert_not user.confirmed?
assert_not user.active_for_authentication?
user.confirm!
user.confirm
assert user.confirmed?
assert user.active_for_authentication?
end
@@ -301,43 +305,52 @@ class ConfirmableTest < ActiveSupport::TestCase
self.username = self.username.to_s + 'updated'
end
old = user.username
assert user.confirm!
assert user.confirm
assert_not_equal user.username, old
end
test 'should not call after_confirmation if not confirmed' do
user = create_user
assert user.confirm!
assert user.confirm
user.define_singleton_method :after_confirmation do
self.username = self.username.to_s + 'updated'
end
old = user.username
assert_not user.confirm!
assert_not user.confirm
assert_equal user.username, old
end
test 'should always perform validations upon confirm when ensure valid true' do
admin = create_admin
admin.stubs(:valid?).returns(false)
assert_not admin.confirm(ensure_valid: true)
end
end
class ReconfirmableTest < ActiveSupport::TestCase
test 'should not worry about validations on confirm even with reconfirmable' do
admin = create_admin
admin.reset_password_token = "a"
assert admin.confirm!
assert admin.confirm
end
test 'should generate confirmation token after changing email' do
admin = create_admin
assert admin.confirm!
assert_nil admin.confirmation_token
assert admin.confirm
residual_token = admin.confirmation_token
assert admin.update_attributes(email: 'new_test@example.com')
assert_not_nil admin.confirmation_token
assert_not_equal residual_token, admin.confirmation_token
end
test 'should not generate confirmation token if skipping reconfirmation after changing email' do
test 'should not regenerate confirmation token or require reconfirmation if skipping reconfirmation after changing email' do
admin = create_admin
assert admin.confirm!
original_token = admin.confirmation_token
assert admin.confirm
admin.skip_reconfirmation!
assert admin.update_attributes(email: 'new_test@example.com')
assert_nil admin.confirmation_token
assert admin.confirmed?
assert_not admin.pending_reconfirmation?
assert_equal original_token, admin.confirmation_token
end
test 'should skip sending reconfirmation email when email is changed and skip_confirmation_notification! is invoked' do
@@ -351,7 +364,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
test 'should regenerate confirmation token after changing email' do
admin = create_admin
assert admin.confirm!
assert admin.confirm
assert admin.update_attributes(email: 'old_test@example.com')
token = admin.confirmation_token
assert admin.update_attributes(email: 'new_test@example.com')
@@ -360,7 +373,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
test 'should send confirmation instructions by email after changing email' do
admin = create_admin
assert admin.confirm!
assert admin.confirm
assert_email_sent "new_test@example.com" do
assert admin.update_attributes(email: 'new_test@example.com')
end
@@ -369,7 +382,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
test 'should not send confirmation by email after changing password' do
admin = create_admin
assert admin.confirm!
assert admin.confirm
assert_email_not_sent do
assert admin.update_attributes(password: 'newpass', password_confirmation: 'newpass')
end
@@ -377,7 +390,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
test 'should not send confirmation by email after changing to a blank email' do
admin = create_admin
assert admin.confirm!
assert admin.confirm
assert_email_not_sent do
admin.email = ''
admin.save(validate: false)
@@ -386,23 +399,23 @@ class ReconfirmableTest < ActiveSupport::TestCase
test 'should stay confirmed when email is changed' do
admin = create_admin
assert admin.confirm!
assert admin.confirm
assert admin.update_attributes(email: 'new_test@example.com')
assert admin.confirmed?
end
test 'should update email only when it is confirmed' do
admin = create_admin
assert admin.confirm!
assert admin.confirm
assert admin.update_attributes(email: 'new_test@example.com')
assert_not_equal 'new_test@example.com', admin.email
assert admin.confirm!
assert admin.confirm
assert_equal 'new_test@example.com', admin.email
end
test 'should not allow admin to get past confirmation email by resubmitting their new address' do
admin = create_admin
assert admin.confirm!
assert admin.confirm
assert admin.update_attributes(email: 'new_test@example.com')
assert_not_equal 'new_test@example.com', admin.email
assert admin.update_attributes(email: 'new_test@example.com')
@@ -411,7 +424,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
test 'should find a admin by send confirmation instructions with unconfirmed_email' do
admin = create_admin
assert admin.confirm!
assert admin.confirm
assert admin.update_attributes(email: 'new_test@example.com')
confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email)
assert_equal confirmation_admin, admin

12
test/models/lockable_test.rb
View File

@@ -7,7 +7,7 @@ class LockableTest < ActiveSupport::TestCase
test "should respect maximum attempts configuration" do
user = create_user
user.confirm!
user.confirm
swap Devise, maximum_attempts: 2 do
2.times { user.valid_for_authentication?{ false } }
assert user.reload.access_locked?
@@ -16,7 +16,7 @@ class LockableTest < ActiveSupport::TestCase
test "should increment failed_attempts on successfull validation if the user is already locked" do
user = create_user
user.confirm!
user.confirm
swap Devise, maximum_attempts: 2 do
2.times { user.valid_for_authentication?{ false } }
@@ -29,7 +29,7 @@ class LockableTest < ActiveSupport::TestCase
test "should not touch failed_attempts if lock_strategy is none" do
user = create_user
user.confirm!
user.confirm
swap Devise, lock_strategy: :none, maximum_attempts: 2 do
3.times { user.valid_for_authentication?{ false } }
assert !user.access_locked?
@@ -53,7 +53,7 @@ class LockableTest < ActiveSupport::TestCase
test "active_for_authentication? should be the opposite of locked?" do
user = create_user
user.confirm!
user.confirm
assert user.active_for_authentication?
user.lock_access!
assert_not user.active_for_authentication?
@@ -230,7 +230,7 @@ class LockableTest < ActiveSupport::TestCase
test 'should unlock account if lock has expired and increase attempts on failure' do
swap Devise, unlock_in: 1.minute do
user = create_user
user.confirm!
user.confirm
user.failed_attempts = 2
user.locked_at = 2.minutes.ago
@@ -243,7 +243,7 @@ class LockableTest < ActiveSupport::TestCase
test 'should unlock account if lock has expired on success' do
swap Devise, unlock_in: 1.minute do
user = create_user
user.confirm!
user.confirm
user.failed_attempts = 2
user.locked_at = 2.minutes.ago

46
test/models/recoverable_test.rb
View File

@@ -23,13 +23,13 @@ class RecoverableTest < ActiveSupport::TestCase
test 'should reset password and password confirmation from params' do
user = create_user
user.reset_password!('123456789', '987654321')
user.reset_password('123456789', '987654321')
assert_equal '123456789', user.password
assert_equal '987654321', user.password_confirmation
end
test 'should reset password and save the record' do
assert create_user.reset_password!('123456789', '123456789')
assert create_user.reset_password('123456789', '123456789')
end
test 'should clear reset password token while reseting the password' do
@@ -38,7 +38,30 @@ class RecoverableTest < ActiveSupport::TestCase
user.send_reset_password_instructions
assert_present user.reset_password_token
assert user.reset_password!('123456789', '123456789')
assert user.reset_password('123456789', '123456789')
assert_nil user.reset_password_token
end
test 'should clear reset password token if changing password' do
user = create_user
assert_nil user.reset_password_token
user.send_reset_password_instructions
assert_present user.reset_password_token
user.password = "123456678"
user.password_confirmation = "123456678"
user.save!
assert_nil user.reset_password_token
end
test 'should clear reset password token if changing email' do
user = create_user
assert_nil user.reset_password_token
user.send_reset_password_instructions
assert_present user.reset_password_token
user.email = "another@example.com"
user.save!
assert_nil user.reset_password_token
end
@@ -46,14 +69,14 @@ class RecoverableTest < ActiveSupport::TestCase
user = create_user
user.send_reset_password_instructions
assert_present user.reset_password_token
assert_not user.reset_password!('123456789', '987654321')
assert_not user.reset_password('123456789', '987654321')
assert_present user.reset_password_token
end
test 'should not reset password with invalid data' do
user = create_user
user.stubs(:valid?).returns(false)
assert_not user.reset_password!('123456789', '987654321')
assert_not user.reset_password('123456789', '987654321')
end
test 'should reset reset password token and send instructions by email' do
@@ -135,6 +158,7 @@ class RecoverableTest < ActiveSupport::TestCase
reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '')
assert_not reset_password_user.errors.empty?
assert_match "can't be blank", reset_password_user.errors[:password].join
assert_equal raw, reset_password_user.reset_password_token
end
test 'should reset successfully user password given the new password and confirmation' do
@@ -142,15 +166,17 @@ class RecoverableTest < ActiveSupport::TestCase
old_password = user.password
raw = user.send_reset_password_instructions
User.reset_password_by_token(
reset_password_user = User.reset_password_by_token(
reset_password_token: raw,
password: 'new_password',
password_confirmation: 'new_password'
)
user.reload
assert_nil reset_password_user.reset_password_token
user.reload
assert_not user.valid_password?(old_password)
assert user.valid_password?('new_password')
assert_nil user.reset_password_token
end
test 'should not reset password after reset_password_within time' do
@@ -189,6 +215,12 @@ class RecoverableTest < ActiveSupport::TestCase
assert_equal User.with_reset_password_token(raw), user
end
test 'should return the same reset password token as generated' do
user = create_user
raw = user.send_reset_password_instructions
assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token
end
test 'should return nil if a user based on the raw token is not found' do
assert_equal User.with_reset_password_token('random-token'), nil
end

10
test/models/rememberable_test.rb
View File

@@ -42,9 +42,15 @@ class RememberableTest < ActiveSupport::TestCase
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
end
test 'raises a RuntimeError if authenticatable_salt is nil' do
test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
user = User.new
user.encrypted_password = nil
def user.authenticable_salt; nil; end
assert_raise RuntimeError do
user.rememberable_value
end
user = User.new
def user.authenticable_salt; ""; end
assert_raise RuntimeError do
user.rememberable_value
end

10
test/models/validatable_test.rb
View File

@@ -92,10 +92,10 @@ class ValidatableTest < ActiveSupport::TestCase
assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join
end
test 'should require a password with maximum of 128 characters long' do
user = new_user(password: 'x'*129, password_confirmation: 'x'*129)
test 'should require a password with maximum of 72 characters long' do
user = new_user(password: 'x'*73, password_confirmation: 'x'*73)
assert user.invalid?
assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
end
test 'should not require password length when it\'s not changed' do
@@ -109,10 +109,10 @@ class ValidatableTest < ActiveSupport::TestCase
end
test 'should complain about length even if password is not required' do
user = new_user(password: 'x'*129, password_confirmation: 'x'*129)
user = new_user(password: 'x'*73, password_confirmation: 'x'*73)
user.stubs(:password_required?).returns(false)
assert user.invalid?
assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
end
test 'should not be included in objects with invalid API' do

10
test/rails_app/app/controllers/custom/registrations_controller.rb
View File

@@ -1,4 +1,10 @@
class Custom::RegistrationsController < Devise::RegistrationsController
def new
super do |resource|
@new_block_called = true
end
end
def create
super do |resource|
@create_block_called = true
@@ -18,4 +24,8 @@ class Custom::RegistrationsController < Devise::RegistrationsController
def update_block_called?
@update_block_called == true
end
def new_block_called?
@new_block_called == true
end
end

2
test/rails_app/config/application.rb
View File

@@ -17,7 +17,7 @@ module RailsApp
class Application < Rails::Application
# Add additional load paths for your own custom dirs
config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) }
config.autoload_paths += [ "#{config.root}/app/#{DEVISE_ORM}" ]
config.autoload_paths += ["#{config.root}/app/#{DEVISE_ORM}"]
# Configure generators values. Many other options are available, be sure to check the documentation.
# config.generators do |g|

8
test/rails_app/config/environments/production.rb
View File

@@ -20,7 +20,11 @@ RailsApp::Application.configure do
# config.action_dispatch.rack_cache = true
# Disable Rails's static asset server (Apache or nginx will already do this).
config.serve_static_assets = false
if Rails.version >= "4.2.0"
config.serve_static_files = false
else
config.serve_static_assets = false
end
# Compress JavaScripts and CSS.
config.assets.js_compressor = :uglifier
@@ -46,7 +50,7 @@ RailsApp::Application.configure do
config.log_level = :info
# Prepend all log lines with the following tags.
# config.log_tags = [ :subdomain, :uuid ]
# config.log_tags = [:subdomain, :uuid]
# Use a different logger for distributed setups.
# config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)

9
test/rails_app/config/environments/test.rb
View File

@@ -12,8 +12,13 @@ RailsApp::Application.configure do
# preloads Rails for running tests, you may have to set it to true.
config.eager_load = false
# Configure static asset server for tests with Cache-Control for performance.
config.serve_static_assets = true
# Disable serving static files from the `/public` folder by default since
# Apache or NGINX already handles this.
if Rails.version >= "4.2.0"
config.serve_static_files = true
else
config.serve_static_assets = true
end
config.static_cache_control = "public, max-age=3600"
# Show full error reports and disable caching.

27
test/rails_app/config/initializers/devise.rb
View File

@@ -31,7 +31,7 @@ Devise.setup do |config|
# session. If you need permissions, you should implement that in a before filter.
# You can also supply hash where the value is a boolean expliciting if authentication
# should be aborted or not if the value is not present. By default is empty.
# config.authentication_keys = [ :email ]
# config.authentication_keys = [:email]
# Configure parameters from the request object used for authentication. Each entry
# given should be a request method and it will automatically be passed to
@@ -43,12 +43,12 @@ Devise.setup do |config|
# Configure which authentication keys should be case-insensitive.
# These keys will be downcased upon creating or modifying a user and when used
# to authenticate or find a user. Default is :email.
config.case_insensitive_keys = [ :email ]
config.case_insensitive_keys = [:email]
# Configure which authentication keys should have whitespace stripped.
# These keys will have whitespace before and after removed upon creating or
# modifying a user and when used to authenticate or find a user. Default is :email.
config.strip_whitespace_keys = [ :email ]
config.strip_whitespace_keys = [:email]
# Tell if authentication through request.params is enabled. True by default.
# config.params_authenticatable = true
@@ -77,21 +77,18 @@ Devise.setup do |config|
# config.allow_unconfirmed_access_for = 2.days
# Defines which key will be used when confirming an account
# config.confirmation_keys = [ :email ]
# config.confirmation_keys = [:email]
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
# config.remember_for = 2.weeks
# If true, a valid remember token can be re-used between multiple browsers.
# config.remember_across_browsers = true
# If true, extends the user's remember period when remembered via cookie.
# config.extend_remember_period = false
# ==> Configuration for :validatable
# Range for password length. Default is 8..128.
# config.password_length = 8..128
# Range for password length. Default is 8..72.
# config.password_length = 8..72
# Regex to use to validate the email address
# config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
@@ -108,7 +105,7 @@ Devise.setup do |config|
# config.lock_strategy = :failed_attempts
# Defines which key will be used when locking and unlocking an account
# config.unlock_keys = [ :email ]
# config.unlock_keys = [:email]
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
@@ -127,20 +124,20 @@ Devise.setup do |config|
# ==> Configuration for :recoverable
#
# Defines which key will be used when recovering the password for an account
# config.reset_password_keys = [ :email ]
# config.reset_password_keys = [:email]
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 2.hours
# When set to false, does not sign a user in automatically after their password is
# reset. Defaults to true, so a user is signed in automatically after a reset.
# config.sign_in_after_reset_password = true
# Setup a pepper to generate the encrypted password.
config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
# config.token_authentication_key = :auth_token
# ==> Scopes configuration
# Turn scoped views on. Before rendering "sessions/new", it will first check for
# "users/sessions/new". It's turned off by default because it's slower if you

2
test/rails_app/lib/shared_user.rb
View File

@@ -4,7 +4,7 @@ module SharedUser
included do
devise :database_authenticatable, :confirmable, :lockable, :recoverable,
:registerable, :rememberable, :timeoutable,
:trackable, :validatable, :omniauthable, password_length: 7..128
:trackable, :validatable, :omniauthable, password_length: 7..72
attr_accessor :other_key

9
test/rails_test.rb Normal file
View File

@@ -0,0 +1,9 @@
require 'test_helper'
class RailsTest < ActiveSupport::TestCase
test 'correct initializer position' do
initializer = Devise::Engine.initializers.detect { |i| i.name == 'devise.omniauth' }
assert_equal :load_config_initializers, initializer.after
assert_equal :build_middleware_stack, initializer.before
end
end

4
test/support/integration.rb
View File

@@ -15,7 +15,7 @@ class ActionDispatch::IntegrationTest
created_at: Time.now.utc
)
user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at]
user.confirm! unless options[:confirm] == false
user.confirm unless options[:confirm] == false
user.lock_access! if options[:locked] == true
user
end
@@ -28,7 +28,7 @@ class ActionDispatch::IntegrationTest
password: '123456', password_confirmation: '123456',
active: options[:active]
)
admin.confirm! unless options[:confirm] == false
admin.confirm unless options[:confirm] == false
admin
end
end

29
test/test_helpers_test.rb
View File

@@ -34,7 +34,7 @@ class TestHelpersTest < ActionController::TestCase
test "does not redirect with valid user" do
user = create_user
user.confirm!
user.confirm
sign_in user
get :index
@@ -46,7 +46,7 @@ class TestHelpersTest < ActionController::TestCase
assert_response :redirect
user = create_user
user.confirm!
user.confirm
sign_in user
get :index
@@ -55,7 +55,7 @@ class TestHelpersTest < ActionController::TestCase
test "redirects if valid user signed out" do
user = create_user
user.confirm!
user.confirm
sign_in user
get :index
@@ -105,7 +105,7 @@ class TestHelpersTest < ActionController::TestCase
end
user = create_user
user.confirm!
user.confirm
sign_in user
ensure
Warden::Manager._after_set_user.pop
@@ -118,7 +118,7 @@ class TestHelpersTest < ActionController::TestCase
flunk "callback was called while it should not"
end
user = create_user
user.confirm!
user.confirm
sign_in user
sign_out user
@@ -146,7 +146,7 @@ class TestHelpersTest < ActionController::TestCase
test "allows to sign in with different users" do
first_user = create_user
first_user.confirm!
first_user.confirm
sign_in first_user
get :index
@@ -154,10 +154,25 @@ class TestHelpersTest < ActionController::TestCase
sign_out first_user
second_user = create_user
second_user.confirm!
second_user.confirm
sign_in second_user
get :index
assert_match /User ##{second_user.id}/, @response.body
end
test "creates a new warden proxy if the request object has changed" do
old_warden_proxy = warden
@request = ActionController::TestRequest.new
new_warden_proxy = warden
assert_not_equal old_warden_proxy, new_warden_proxy
end
test "doesn't create a new warden proxy if the request object hasn't changed" do
old_warden_proxy = warden
new_warden_proxy = warden
assert_equal old_warden_proxy, new_warden_proxy
end
end

4
test/test_models.rb
View File

@@ -20,8 +20,8 @@ class UserWithCustomEncryption < User
end
class UserWithVirtualAttributes < User
devise case_insensitive_keys: [ :email, :email_confirmation ]
validates :email, presence: true, confirmation: {on: :create}
devise case_insensitive_keys: [:email, :email_confirmation]
validates :email, presence: true, confirmation: { on: :create }
end
class Several < Admin