Use the Ruby 1.8 hash syntax.

Yes we still support Ruby 1.8 😢

Conflicts:
	Gemfile.lock

CHANGELOG.rdoc

@@ -1,3 +1,17 @@
+== 1.5.4
+
+* bug fix
+  * Require string conversion for all values
+
+== 1.5.3
+
+* bug fix
+  * Ensure delegator converts scope to symbol (by github.com/dmitriy-kiriyenko)
+  * Ensure passing :format => false to devise_for is not permanent
+  * Ensure path checker does not check invalid routes
+
+* warden regression
+  * using warden 1.2.1 with Devise 1.5.3 introduces a regression for some types of functional tests (see github.com/plataformatec/devise/issues/1928).  Can peg warden to 1.2.0 in your Gemfile to fix this.
 == 1.5.2
 
 * enhancements

Gemfile

@@ -11,7 +11,7 @@ group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
   gem "webrat", "0.7.2", :require => false
-  gem "mocha", :require => false
+  gem "mocha", "~> 0.10.0", :require => false
 
   platforms :mri_18 do
     gem "ruby-debug", ">= 0.10.3"

lib/devise/delegator.rb

@@ -8,9 +8,9 @@ module Devise
     def failure_app(env)
       app = env["warden.options"] &&
         (scope = env["warden.options"][:scope]) &&
-        Devise.mappings[scope].failure_app
+        Devise.mappings[scope.to_sym].failure_app
 
       app || Devise::FailureApp
     end
   end
-end
+end

lib/devise/mapping.rb

@@ -23,8 +23,7 @@ module Devise
   #
   class Mapping #:nodoc:
     attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
-                :class_name, :sign_out_via, :format, :used_routes, :used_helpers,
-                :constraints, :defaults, :failure_app
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers, :failure_app
 
     alias :name :singular
 
@@ -64,8 +63,6 @@ module Devise
       default_failure_app(options)
       default_controllers(options)
       default_path_names(options)
-      default_constraints(options)
-      default_defaults(options)
       default_used_route(options)
       default_used_helpers(options)
     end

lib/devise/models/authenticatable.rb

@@ -106,17 +106,20 @@ module Devise
         # namedscope to filter records while authenticating.
         # Example:
         #
-        #   def self.find_for_authentication(conditions={})
-        #     conditions[:active] = true
-        #     super
+        #   def self.find_for_authentication(tainted_conditions)
+        #     find_first_by_auth_conditions(tainted_conditions, :active => true)
         #   end
         #
-        def find_for_authentication(conditions)
-          find_first_by_auth_conditions(conditions)
+        # Finally, notice that Devise also queries for users in other scenarios
+        # besides authentication, for example when retrieving an user to send
+        # an e-mail for password reset. In such cases, find_for_authentication
+        # is not called.
+        def find_for_authentication(tainted_conditions)
+          find_first_by_auth_conditions(tainted_conditions)
         end
 
-        def find_first_by_auth_conditions(conditions)
-          to_adapter.find_first devise_param_filter.filter(conditions)
+        def find_first_by_auth_conditions(tainted_conditions, opts={})
+          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
         end
 
         # Find an initialize a record setting an error if it can't be found.
@@ -162,4 +165,4 @@ module Devise
       end
     end
   end
-end
+end

lib/devise/param_filter.rb

@@ -33,9 +33,8 @@ module Devise
 
     private
 
-    # Determine which values should be transformed to string or passed as-is to the query builder underneath
     def param_requires_string_conversion?(value)
-      true unless value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Fixnum)
+      true
     end
   end
 end

lib/devise/path_checker.rb

@@ -12,7 +12,8 @@ module Devise
     end
 
     def signing_out?
-      @current_path == send("destroy_#{@scope}_session_path")
+      route = "destroy_#{@scope}_session_path"
+      respond_to?(route) && @current_path == send(route)
     end
   end
 end

lib/devise/rails/routes.rb

@@ -185,7 +185,7 @@ module ActionDispatch::Routing
       options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
       options[:constraints]   = (@scope[:constraints] || {}).merge(options[:constraints] || {})
       options[:defaults]      = (@scope[:defaults] || {}).merge(options[:defaults] || {})
-      @scope[:options]        = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
+      options[:options]       = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
 
       resources.map!(&:to_sym)
 
@@ -208,7 +208,7 @@ module ActionDispatch::Routing
 
         devise_scope mapping.name do
           yield if block_given?
-          with_devise_exclusive_scope mapping.fullpath, mapping.name, mapping.constraints, mapping.defaults do
+          with_devise_exclusive_scope mapping.fullpath, mapping.name, options do
             routes.each { |mod| send("devise_#{mod}", mapping, mapping.controllers) }
           end
         end
@@ -368,12 +368,15 @@ module ActionDispatch::Routing
         @scope[:path] = path
       end
 
-      def with_devise_exclusive_scope(new_path, new_as, new_constraints, new_defaults) #:nodoc:
-        old_as, old_path, old_module, old_constraints, old_defaults = @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults]
-        @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults] = new_as, new_path, nil, new_constraints, new_defaults
+      def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc:
+        old_as, old_path, old_module, old_constraints, old_defaults, old_options = 
+          *@scope.values_at(:as, :path, :module, :constraints, :defaults, :options)
+        @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults], @scope[:options] =
+          new_as, new_path, nil, *options.values_at(:constraints, :defaults, :options)
         yield
       ensure
-        @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults] = old_as, old_path, old_module, old_constraints, old_defaults
+        @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults], @scope[:options] = 
+          old_as, old_path, old_module, old_constraints, old_defaults, old_options
       end
 
       def raise_no_devise_method_error!(klass) #:nodoc:

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.5.2".freeze
+  VERSION = "1.5.4".freeze
 end

test/delegator_test.rb

@@ -0,0 +1,19 @@
+require 'test_helper'
+
+class DelegatorTest < ActiveSupport::TestCase
+  def delegator
+    Devise::Delegator.new
+  end
+
+  test 'failure_app returns default failure app if no warden options in env' do
+    assert_equal Devise::FailureApp, delegator.failure_app({})
+  end
+
+  test 'failure_app returns default failure app if no scope in warden options' do
+    assert_equal Devise::FailureApp, delegator.failure_app({"warden.options" => {}})
+  end
+
+  test 'failure_app returns associated failure app by scope in the given environment' do
+    assert_kind_of Proc, delegator.failure_app({"warden.options" => {:scope => "manager"}})
+  end
+end

test/integration/authenticatable_test.rb

@@ -407,7 +407,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
 
   test 'sign in stub in xml format' do
     get new_user_session_path(:format => 'xml')
-    assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>\n  <email></email>\n  <password nil=\"true\"></password>\n</user>\n", response.body
+    assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>\n  <email></email>\n  <password nil=\"true\"/>\n</user>\n", response.body
   end
 
   test 'sign in stub in json format' do

test/models/authenticatable_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class AuthenticatableTest < ActiveSupport::TestCase
+  test 'find_first_by_auth_conditions allows custom filtering parameters' do
+    user = User.create!(:email => "example@example.com", :password => "123456")
+    assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user
+    assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id + 1), nil
+  end
+end

test/models/database_authenticatable_test.rb

@@ -11,7 +11,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     user.save!
     assert_equal email.downcase, user.email
   end
-  
+
   test 'should remove whitespace from strip whitespace keys when saving' do
     # strip_whitespace_keys is set to :email by default.
     email = ' foo@bar.com '
@@ -23,9 +23,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test "param filter should not convert booleans and integer to strings" do
-    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
+    conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
     conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
+    assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
   end
 
   test 'should respond to password and password confirmation' do
@@ -86,14 +86,14 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
       :password => 'pass321', :password_confirmation => 'pass321')
     assert user.reload.valid_password?('pass321')
   end
-  
+
   test 'should update password with valid current password and :as option' do
     user = create_user
     assert user.update_with_password(:current_password => '123456',
       :password => 'pass321', :password_confirmation => 'pass321', :as => :admin)
     assert user.reload.valid_password?('pass321')
   end
-  
+
   test 'should add an error to current password when it is invalid' do
     user = create_user
     assert_not user.update_with_password(:current_password => 'other',
@@ -145,7 +145,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     user.update_without_password(:email => 'new@example.com')
     assert_equal 'new@example.com', user.email
   end
-  
+
   test 'should update the user without password with :as option' do
     user = create_user
     user.update_without_password(:email => 'new@example.com', :as => :admin)

test/path_checker_test.rb

@@ -0,0 +1,21 @@
+require 'test_helper'
+
+class PathCheckerTest < ActiveSupport::TestCase
+  test 'check if sign out path matches' do
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_out"}, :user)
+    assert path_checker.signing_out?
+
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_in"}, :user)
+    assert_not path_checker.signing_out?
+  end
+
+  test 'considers script name' do
+    path_checker = Devise::PathChecker.new({"SCRIPT_NAME" => "/users", "PATH_INFO" => "/sign_out"}, :user)
+    assert path_checker.signing_out?
+  end
+
+  test 'ignores invalid routes' do
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_in"}, :omg)
+    assert_not path_checker.signing_out?
+  end
+end

test/routes_test.rb

@@ -225,6 +225,10 @@ class CustomizedRoutingTest < ActionController::TestCase
       assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock.xml', :method => :get})
     end
   end
+
+  test 'map with format false is not permanent' do
+    assert_equal "/set.xml", @routes.url_helpers.set_path(:xml)
+  end
 end
 
 class ScopedRoutingTest < ActionController::TestCase