Bump version.

Refactor.
fix for issues #999 : HTTP_ACCEPT=*/* should redirect to the default location
2026-01-09 23:58:06 -05:00 · 2011-04-29 14:13:35 +02:00 · 2011-04-29 14:12:29 +02:00 · 2011-04-29 14:12:22 +02:00 · 2011-04-21 19:19:35 +02:00 · 2011-04-21 19:18:40 +02:00
8 changed files with 40 additions and 7 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,3 +1,18 @@
+== 1.3.4
+
+* bug fix
+  * Do not add formats if html or "*/*"
+
+== 1.3.3
+
+* bug fix
+  * Explicitly mark the token as expired if so
+
+== 1.3.2
+
+* bug fix
+  * Fix another regression related to reset_password_sent_at (by github.com/alexdreher)
+
 == 1.3.1

 * enhancements
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    devise (1.3.0)
+    devise (1.3.1)
      bcrypt-ruby (~> 2.1.2)
      orm_adapter (~> 0.0.3)
      warden (~> 1.0.3)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -3,6 +3,7 @@
 en:
  errors:
    messages:
+      expired: "has expired, please request a new one"
      not_found: "not found"
      already_confirmed: "was already confirmed, please try signing in"
      not_locked: "was not locked"
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -65,13 +65,17 @@ module Devise
    end

    def redirect_url
-      if request_format == :html
+      if skip_format?
        send(:"new_#{scope}_session_path")
      else
        send(:"new_#{scope}_session_path", :format => request_format)
      end
    end

+    def skip_format?
+      %w(html */*).include? request_format.to_s
+    end
+
    # Choose whether we should respond in a http authentication fashion,
    # including 401 and optional headers.
    #
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@@ -42,6 +42,7 @@ module Devise
      # Checks if the reset password token sent is within the limit time.
      # We do this by calculating if the difference between today and the
      # sending date does not exceed the confirm in time configured.
+      # Returns true if the ressource is not responding to reset_password_sent_at at all.
      # reset_password_within is a model configuration, must always be an integer value.
      #
      # Example:
@@ -59,8 +60,8 @@ module Devise
      #   reset_password_period_valid?   # will always return false
      #
      def reset_password_period_valid?
-        respond_to?(:reset_password_sent_at) && reset_password_sent_at &&
-          reset_password_sent_at.utc >= self.class.reset_password_within.ago
+        return true unless respond_to?(:reset_password_sent_at) 
+        reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
      end

      protected
@@ -115,7 +116,7 @@ module Devise
            if recoverable.reset_password_period_valid?
              recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) 
            else
-              recoverable.errors.add(:reset_password_token, :invalid)
+              recoverable.errors.add(:reset_password_token, :expired)
            end
          end
          recoverable
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.3.1".freeze
+  VERSION = "1.3.4".freeze
 end
--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@@ -39,6 +39,11 @@ class FailureTest < ActiveSupport::TestCase
      assert_equal 'http://test.host/users/sign_in', @response.second['Location']
    end

+    test 'return to the default redirect location for wildcard requests' do
+      call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*'
+      assert_equal 'http://test.host/users/sign_in', @response.second['Location']
+    end
+
    test 'uses the proxy failure message as symbol' do
      call_failure('warden' => OpenStruct.new(:message => :test))
      assert_equal 'test', @request.flash[:alert]
--- a/test/models/recoverable_test.rb
+++ b/test/models/recoverable_test.rb
@@ -192,7 +192,7 @@ class RecoverableTest < ActiveSupport::TestCase

      assert user.valid_password?(old_password)
      assert_not user.valid_password?('new_password')
-      assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
+      assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join
    end
  end

@@ -204,4 +204,11 @@ class RecoverableTest < ActiveSupport::TestCase
    user.reload
    assert_not_nil user.reset_password_token
  end
+
+  test 'should have valid period if does not respond to reset_password_sent_at' do
+    user = create_user
+    user.stubs(:respond_to?).with(:reset_password_sent_at).returns(false)
+    assert user.reset_password_period_valid?
+  end
+
 end
Author	SHA1	Message	Date
José Valim	9f763d082a	Bump version.	2011-04-29 14:13:35 +02:00
José Valim	c62915e2bd	Refactor.	2011-04-29 14:12:29 +02:00
Emanuel Carnevale	6153a52e2d	fix for issues #999 : HTTP_ACCEPT=/ should redirect to the default location	2011-04-29 14:12:22 +02:00
José Valim	39b59142ea	Update CHANGELOG.	2011-04-21 19:19:35 +02:00
José Valim	624fb566fb	Mark the token as expired, because invalid gives no clue of what to do next.	2011-04-21 19:18:40 +02:00
José Valim	76edb49c9d	Release 1.3.2.	2011-04-21 13:59:40 +02:00
José Valim	b7d86ac014	Add tests to previous commit. Conflicts: Gemfile.lock	2011-04-21 13:57:09 +02:00
Alexander Dreher	7097189de1	Fixes error on missing reset_password_sent_at column. If the column is not present, you are unabled to reset your password.	2011-04-21 13:56:29 +02:00
José Valim	c4e451b896	Merge branch 'master' into v1.3 Conflicts: test/integration/authenticatable_test.rb	2011-04-19 10:41:17 +02:00
José Valim	fd6ba32812	to_json does not guarantee the order.	2011-04-18 13:03:22 +02:00