AtHeartEngineer/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-11 08:37:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: AtHeartEngineer:v4.7.3
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5
..
compare: AtHeartEngineer:5-rc
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5

16 Commits
v4.7.3 ... 5-rc

Author SHA1 Message Date
Marcos Ferreira
4be9389dcb Merge pull request #5032 from JanBussieck/pure-signed_in-method 
Use warden’s `authenticated?` for query methods to avoid side effects
 2019-09-19 14:32:41 -03:00
Jan Bussieck
2fde07b9be Fix test case descriptions, since we are testing proxying to 'authenticated?' 2019-09-19 17:18:02 +02:00
Jan Bussieck
70c5f4bfaf Use warden’s authenticated? for query methods to avoid side effects 
Previously checks whether a certain scope is signed in were performed using warden’s
`authenticate?` or `authenticate` methods which would run the strategies and sign in the
scope if valid params were given. We want to remove this side effect from query methods.
 2019-09-19 17:18:02 +02:00
Jeremy Wadsack
0a2e67878a When password reset token expires, redirect to new password path (#4837) 2019-09-19 10:22:30 -03:00
Leonardo Tegon
c381c916f3 Remove circular argument reference 
/Users/tegon/src/public/plataformatec/devise/app/controllers/devise/sessions_controller.rb:75: warning: circular argument reference - status
 2019-09-19 10:22:30 -03:00
Felipe Renan
9999072620 Update CHANGELOG.md [ci skip] 2019-09-19 10:22:30 -03:00
Marc Busqué
34238e9f18 Update trackable fields only in a database sign in 
References #4584 and waiting-for-dev/devise-jwt#23

* Bug
Users that use devise-jwt, will not have the correct behavior of trackable
feature. As a request for APIs always requires authentication since there
is no session in APIs world, Devise counts +1 on every request since it
contains authentication info.

It happens because Devise has a trackable hook that updates the trackable
info everytime that the user is signed in by Warden.

* Fix
We are moving update_trackable_fields! from trackable hook (which was removed)
to sign_in_out and database_authenticatable. This way, update_trackable_fields!
is going to run only when the user signed in by Devise (only one time).
 2019-09-19 10:22:29 -03:00
Felipe Renan
a1c493b009 Remove unnecessary checks for Rails 4 2019-09-19 10:22:29 -03:00
Felipe Renan
e7f9805fd4 Update CHANGELOG.md 2019-09-19 10:22:29 -03:00
Felipe Renan
8956d4caa1 Remove Ruby 2.2 and Ruby 2.1 support 2019-09-19 10:22:29 -03:00
Julius Graakjær Grantzau
b85911dee3 Downcase authentication keys and humanize error message (#4834) 2019-09-19 10:21:02 -03:00
Felipe Renan
2d1a961c1b Remove Rails 4 support 2019-09-19 10:20:59 -03:00
Adan Amarillas
195cbfb9e5 Modified sessions controller to return 401 for destroy action with no user signed in (#4878) 2019-09-19 10:06:14 -03:00
Leonardo Tegon
96a3153c23 Update CHANGELOG.md 2019-09-19 10:06:14 -03:00
Shriram
64238fc80e Make secure_compare handle empty strings comparison correctly 
Used Rails' secure_compare method inside the definition of secure_compare. This will handle the empty strings comparison and return true when both the parameters are blank strings.

Fixes #4441
 2019-09-19 10:06:14 -03:00
Siva Gollapalli
afaad713ff Added translations according to unlock strategy 2019-09-19 10:06:13 -03:00
113 changed files with 1084 additions and 1489 deletions
Expand all files Collapse all files

67
.travis.yml
View File

@@ -1,86 +1,36 @@
language: ruby
rvm:
- 2.1.10
- 2.2.10
- 2.3.8
- 2.4.10
- 2.5.8
- 2.6.6
- 2.7.1
- 2.4.5
- 2.5.3
- 2.6.0
- ruby-head
gemfile:
- Gemfile
- gemfiles/Gemfile.rails-6.0-stable
- gemfiles/Gemfile.rails-5.2-stable
- gemfiles/Gemfile.rails-5.1-stable
- gemfiles/Gemfile.rails-5.0-stable
- gemfiles/Gemfile.rails-4.2-stable
- gemfiles/Gemfile.rails-4.1-stable
matrix:
exclude:
- rvm: 2.1.10
gemfile: Gemfile
- rvm: 2.1.10
gemfile: gemfiles/Gemfile.rails-6.0-stable
- rvm: 2.1.10
gemfile: gemfiles/Gemfile.rails-5.2-stable
- rvm: 2.1.10
gemfile: gemfiles/Gemfile.rails-5.1-stable
- rvm: 2.1.10
gemfile: gemfiles/Gemfile.rails-5.0-stable
- rvm: 2.2.10
gemfile: Gemfile
- rvm: 2.2.10
gemfile: gemfiles/Gemfile.rails-6.0-stable
- rvm: 2.2.10
gemfile: gemfiles/Gemfile.rails-5.2-stable
- rvm: 2.3.8
gemfile: Gemfile
- rvm: 2.3.8
gemfile: gemfiles/Gemfile.rails-6.0-stable
- rvm: 2.4.10
gemfile: Gemfile
- rvm: 2.4.10
- rvm: 2.4.5
gemfile: gemfiles/Gemfile.rails-6.0-stable
- rvm: 2.4.10
gemfile: gemfiles/Gemfile.rails-4.1-stable
- rvm: 2.5.8
gemfile: gemfiles/Gemfile.rails-4.1-stable
- rvm: 2.6.6
gemfile: gemfiles/Gemfile.rails-4.1-stable
- rvm: 2.6.6
gemfile: gemfiles/Gemfile.rails-4.2-stable
- rvm: 2.7.1
gemfile: gemfiles/Gemfile.rails-4.1-stable
- rvm: 2.7.1
gemfile: gemfiles/Gemfile.rails-4.1-stable
- rvm: 2.7.1
gemfile: gemfiles/Gemfile.rails-4.2-stable
- rvm: 2.7.1
gemfile: gemfiles/Gemfile.rails-5.0-stable
- rvm: 2.7.1
gemfile: gemfiles/Gemfile.rails-5.1-stable
- rvm: 2.7.1
gemfile: gemfiles/Gemfile.rails-5.2-stable
- rvm: ruby-head
gemfile: gemfiles/Gemfile.rails-4.1-stable
- rvm: ruby-head
gemfile: gemfiles/Gemfile.rails-4.2-stable
- rvm: 2.5.3
- env: DEVISE_ORM=mongoid
gemfile: Gemfile
- env: DEVISE_ORM=mongoid
gemfile: gemfiles/Gemfile.rails-5.0-stable
- env: DEVISE_ORM=mongoid
gemfile: gemfiles/Gemfile.rails-5.1-stable
- env: DEVISE_ORM=mongoid
gemfile: gemfiles/Gemfile.rails-5.2-stable
- env: DEVISE_ORM=mongoid
gemfile: gemfiles/Gemfile.rails-6.0-stable
allow_failures:
- rvm: ruby-head
- gemfile: gemfiles/Gemfile.rails-6.0-stable
services:
- mongodb
@@ -92,10 +42,7 @@ env:
- DEVISE_ORM=active_record
- DEVISE_ORM=mongoid
before_install:
- gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
- gem install bundler -v '< 2'
- "rm ${BUNDLE_GEMFILE}.lock"
before_install: "rm ${BUNDLE_GEMFILE}.lock"
before_script: "bundle update"

29
CHANGELOG.md
View File

@@ -1,19 +1,16 @@
### 4.7.3 - 2020-09-20
* bug fixes
* Do not modify `:except` option given to `#serializable_hash`. (by @dpep)
* Fix thor deprecation when running the devise generator. (by @deivid-rodriguez)
* Fix hanging tests for streaming controllers using Devise. (by @afn)
### 4.7.2 - 2020-06-10
### 5.0.0-rc
* enhancements
* Increase default stretches to 12 (by @sergey-alekseev)
* Ruby 2.7 support (kwarg warnings removed)
* Suport multiple translations according to unlock strategy (by @sivagollapalli)
* Use `ActiveSupport::SecurityUtils.secure_compare` inside `Devise.secure_compare` (by @shrirambalakrishnan)
* Update trackable fields only in a database sign in (by @waiting-for-dev)
* bug fixes
* Generate scoped views with proper scoped errors partial (by @shobhitic)
* Allow to set scoped `already_authenticated` error messages (by @gurgelrenan)
* deprecations
* Remove Rails 4, Ruby 2.1 and Ruby 2.2 support (by @feliperenan)
### Unreleased
* enhancements
* Increase default stretches to 12 (by @sergey-alekseev)
### 4.7.1 - 2019-09-06
@@ -36,7 +33,7 @@
### 4.6.2 - 2019-03-26
* bug fixes
* Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/heartcombo/devise/issues/5033#issuecomment-476386275 (by @mracos)
* Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/plataformatec/devise/issues/5033#issuecomment-476386275 (by @mracos)
### 4.6.1 - 2019-02-11
@@ -83,7 +80,7 @@
* Add `autocomplete="new-password"` to new password fields (by @gssbzn)
* Add `autocomplete="current-password"` to current password fields (by @gssbzn)
* Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia)
* Update `simple_form` templates with changes from https://github.com/heartcombo/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/heartcombo/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn)
* Update `simple_form` templates with changes from https://github.com/plataformatec/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/plataformatec/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn)
* Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine)
* bug fixes
@@ -330,5 +327,5 @@ configured (by @joshpencheon)
You can check more examples and explanations on the [README section](README.md#strong-parameters)
and on the [ParameterSanitizer docs](lib/devise/parameter_sanitizer.rb).
Please check [3-stable](https://github.com/heartcombo/devise/blob/3-stable/CHANGELOG.md)
Please check [3-stable](https://github.com/plataformatec/devise/blob/3-stable/CHANGELOG.md)
for previous changes.

2
CODE_OF_CONDUCT.md
View File

@@ -17,6 +17,6 @@ Project maintainers have the right and responsibility to remove, edit, or reject
This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [heartcombo@googlegroups.com](heartcombo@googlegroups.com) or contacting one or more of the project maintainers.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [conduct@plataformatec.com.br](conduct@plataformatec.com.br) or contacting one or more of the project maintainers.
This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)

10
CONTRIBUTING.md
View File

@@ -8,7 +8,7 @@ expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md).
## Reporting Issues
Before reporting a new issue, please be sure that the issue wasn't already
reported or fixed by searching on GitHub through our [issues](https://github.com/heartcombo/devise/issues).
reported or fixed by searching on GitHub through our [issues](https://github.com/plataformatec/devise/issues).
When creating a new issue, be sure to include a **title and clear description**,
as much relevant information as possible, and either a test case example or
@@ -22,7 +22,7 @@ Please do not attempt to translate Devise built in views. The views are meant
to be a starting point for fresh apps and not production material - eventually
all applications will require custom views where you can write your own copy and
translate it if the application requires it . For historical references, please look into closed
[Issues/Pull Requests](https://github.com/heartcombo/devise/issues?q=i18n) regarding
[Issues/Pull Requests](https://github.com/plataformatec/devise/issues?q=i18n) regarding
internationalization.
Avoid opening new issues to ask questions in our issues tracker. Please go through
@@ -30,7 +30,7 @@ the project wiki, documentation and source code first, or try to ask your questi
on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise).
**If you find a security bug, do not report it through GitHub. Please send an
e-mail to [heartcombo@googlegroups.com](mailto:heartcombo@googlegroups.com)
e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br)
instead.**
## Sending Pull Requests
@@ -50,7 +50,7 @@ are beneficial to a wide range of use cases or it's an application specific chan
that might not be so valuable to other applications. Some changes can be introduced
as a new `devise-something` gem instead of belonging to the main codebase.
When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/heartcombo/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks
When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/plataformatec/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks
to the new setting.
We also welcome Pull Requests that improve our existing documentation (both our
@@ -66,7 +66,7 @@ you can do:
* Help ensure that existing issues follows the recommendations from the
_[Reporting Issues](#reporting-issues)_ section, providing feedback to the issue's
author on what might be missing.
* Review and update the existing content of our [Wiki](https://github.com/heartcombo/devise/wiki)
* Review and update the existing content of our [Wiki](https://github.com/plataformatec/devise/wiki)
with up to date instructions and code samples - the wiki was grown with several
different tutorials and references that we can't keep track of everything, so if
there is a page that showcases an integration or customization that you are

23
Gemfile
View File

@@ -4,16 +4,17 @@ source "https://rubygems.org"
gemspec
gem "rails", "~> 6.0.0"
gem "omniauth"
gem "rails", "~> 5.2"
gem "omniauth", "~> 1.3"
gem "oauth2"
gem "omniauth-oauth2"
gem "rdoc"
gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
gem "rails-controller-testing", github: "rails/rails-controller-testing"
gem "rails-controller-testing"
gem "responders", "~> 3.0"
gem "responders", "~> 2.4"
group :test do
gem "omniauth-facebook"
@@ -23,15 +24,15 @@ group :test do
gem "mocha", "~> 1.1", require: false
end
platforms :ruby do
gem "sqlite3", "~> 1.4"
platforms :jruby do
gem "activerecord-jdbc-adapter"
gem "activerecord-jdbcsqlite3-adapter"
gem "jruby-openssl"
end
# platforms :jruby do
# gem "activerecord-jdbc-adapter"
# gem "activerecord-jdbcsqlite3-adapter"
# gem "jruby-openssl"
# end
platforms :ruby do
gem "sqlite3", "~> 1.3.6"
end
# TODO:
# group :mongoid do

249
Gemfile.lock
View File

@@ -1,217 +1,202 @@
GIT
remote: https://github.com/rails/activemodel-serializers-xml.git
revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8
remote: git://github.com/rails/activemodel-serializers-xml.git
revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531
specs:
activemodel-serializers-xml (1.0.2)
activemodel (>= 5.0.0.a)
activesupport (>= 5.0.0.a)
activemodel-serializers-xml (1.0.1)
activemodel (> 5.x)
activesupport (> 5.x)
builder (~> 3.1)
GIT
remote: https://github.com/rails/rails-controller-testing.git
revision: 4b15c86e82ee380f2a7cc009e470368f7520560a
specs:
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
activesupport (>= 5.0.1.rc1)
PATH
remote: .
specs:
devise (4.7.3)
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
railties (>= 5.0)
responders
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
actioncable (6.0.3.3)
actionpack (= 6.0.3.3)
actioncable (5.2.0)
actionpack (= 5.2.0)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.0.3.3)
actionpack (= 6.0.3.3)
activejob (= 6.0.3.3)
activerecord (= 6.0.3.3)
activestorage (= 6.0.3.3)
activesupport (= 6.0.3.3)
mail (>= 2.7.1)
actionmailer (6.0.3.3)
actionpack (= 6.0.3.3)
actionview (= 6.0.3.3)
activejob (= 6.0.3.3)
actionmailer (5.2.0)
actionpack (= 5.2.0)
actionview (= 5.2.0)
activejob (= 5.2.0)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.0.3.3)
actionview (= 6.0.3.3)
activesupport (= 6.0.3.3)
rack (~> 2.0, >= 2.0.8)
actionpack (5.2.0)
actionview (= 5.2.0)
activesupport (= 5.2.0)
rack (~> 2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.0.3.3)
actionpack (= 6.0.3.3)
activerecord (= 6.0.3.3)
activestorage (= 6.0.3.3)
activesupport (= 6.0.3.3)
nokogiri (>= 1.8.5)
actionview (6.0.3.3)
activesupport (= 6.0.3.3)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.2.0)
activesupport (= 5.2.0)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
activejob (6.0.3.3)
activesupport (= 6.0.3.3)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.2.0)
activesupport (= 5.2.0)
globalid (>= 0.3.6)
activemodel (6.0.3.3)
activesupport (= 6.0.3.3)
activerecord (6.0.3.3)
activemodel (= 6.0.3.3)
activesupport (= 6.0.3.3)
activestorage (6.0.3.3)
actionpack (= 6.0.3.3)
activejob (= 6.0.3.3)
activerecord (= 6.0.3.3)
activemodel (5.2.0)
activesupport (= 5.2.0)
activerecord (5.2.0)
activemodel (= 5.2.0)
activesupport (= 5.2.0)
arel (>= 9.0)
activestorage (5.2.0)
actionpack (= 5.2.0)
activerecord (= 5.2.0)
marcel (~> 0.3.1)
activesupport (6.0.3.3)
activesupport (5.2.0)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
zeitwerk (~> 2.2, >= 2.2.2)
bcrypt (3.1.16)
builder (3.2.4)
concurrent-ruby (1.1.7)
crass (1.0.6)
erubi (1.9.0)
faraday (1.0.1)
arel (9.0.0)
bcrypt (3.1.13)
builder (3.2.3)
concurrent-ruby (1.0.5)
crass (1.0.4)
erubi (1.7.1)
faraday (0.11.0)
multipart-post (>= 1.2, < 3)
globalid (0.4.2)
globalid (0.4.1)
activesupport (>= 4.2.0)
hashie (4.1.0)
i18n (1.8.5)
hashie (3.5.7)
i18n (1.0.0)
concurrent-ruby (~> 1.0)
jwt (2.2.2)
loofah (2.7.0)
jwt (1.5.6)
loofah (2.2.2)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mail (2.7.0)
mini_mime (>= 0.1.1)
marcel (0.3.3)
marcel (0.3.2)
mimemagic (~> 0.3.2)
method_source (1.0.0)
mimemagic (0.3.5)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
minitest (5.14.2)
mocha (1.11.2)
multi_json (1.15.0)
metaclass (0.0.4)
method_source (0.9.0)
mimemagic (0.3.2)
mini_mime (1.0.0)
mini_portile2 (2.3.0)
minitest (5.11.3)
mocha (1.2.1)
metaclass (~> 0.0.1)
multi_json (1.12.1)
multi_xml (0.6.0)
multipart-post (2.1.1)
nio4r (2.5.4)
nokogiri (1.10.10)
mini_portile2 (~> 2.4.0)
oauth2 (1.4.4)
faraday (>= 0.8, < 2.0)
jwt (>= 1.0, < 3.0)
multipart-post (2.0.0)
nio4r (2.3.0)
nokogiri (1.8.2)
mini_portile2 (~> 2.3.0)
oauth2 (1.3.1)
faraday (>= 0.8, < 0.12)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.9.1)
hashie (>= 3.4.6)
omniauth (1.8.1)
hashie (>= 3.4.6, < 3.6.0)
rack (>= 1.6.2, < 3)
omniauth-facebook (7.0.0)
omniauth-facebook (4.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-oauth2 (1.7.0)
oauth2 (~> 1.4)
omniauth (~> 1.9)
omniauth-oauth2 (1.4.0)
oauth2 (~> 1.0)
omniauth (~> 1.2)
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
orm_adapter (0.5.0)
rack (2.2.3)
rack (2.0.4)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (1.1.0)
rack-test (1.0.0)
rack (>= 1.0, < 3)
rails (6.0.3.3)
actioncable (= 6.0.3.3)
actionmailbox (= 6.0.3.3)
actionmailer (= 6.0.3.3)
actionpack (= 6.0.3.3)
actiontext (= 6.0.3.3)
actionview (= 6.0.3.3)
activejob (= 6.0.3.3)
activemodel (= 6.0.3.3)
activerecord (= 6.0.3.3)
activestorage (= 6.0.3.3)
activesupport (= 6.0.3.3)
rails (5.2.0)
actioncable (= 5.2.0)
actionmailer (= 5.2.0)
actionpack (= 5.2.0)
actionview (= 5.2.0)
activejob (= 5.2.0)
activemodel (= 5.2.0)
activerecord (= 5.2.0)
activestorage (= 5.2.0)
activesupport (= 5.2.0)
bundler (>= 1.3.0)
railties (= 6.0.3.3)
railties (= 5.2.0)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.1)
actionpack (~> 5.x)
actionview (~> 5.x)
activesupport (~> 5.x)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (6.0.3.3)
actionpack (= 6.0.3.3)
activesupport (= 6.0.3.3)
rails-html-sanitizer (1.0.4)
loofah (~> 2.2, >= 2.2.2)
railties (5.2.0)
actionpack (= 5.2.0)
activesupport (= 5.2.0)
method_source
rake (>= 0.8.7)
thor (>= 0.20.3, < 2.0)
rake (13.0.1)
rdoc (6.2.1)
responders (3.0.1)
actionpack (>= 5.0)
railties (>= 5.0)
ruby-openid (2.9.2)
sprockets (4.0.2)
thor (>= 0.18.1, < 2.0)
rake (12.3.1)
rdoc (5.1.0)
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
ruby-openid (2.7.0)
sprockets (3.7.1)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.2)
sprockets-rails (3.2.1)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sqlite3 (1.4.2)
thor (1.0.1)
sqlite3 (1.3.13)
thor (0.20.0)
thread_safe (0.3.6)
timecop (0.9.1)
tzinfo (1.2.7)
timecop (0.8.1)
tzinfo (1.2.5)
thread_safe (~> 0.1)
warden (1.2.9)
rack (>= 2.0.9)
warden (1.2.7)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
rack (>= 1.0)
rack-test (>= 0.5.3)
websocket-driver (0.7.3)
websocket-driver (0.7.0)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
zeitwerk (2.4.0)
websocket-extensions (0.1.3)
PLATFORMS
ruby
DEPENDENCIES
activemodel-serializers-xml!
activerecord-jdbc-adapter
activerecord-jdbcsqlite3-adapter
devise!
jruby-openssl
mocha (~> 1.1)
omniauth
oauth2
omniauth (~> 1.3)
omniauth-facebook
omniauth-oauth2
omniauth-openid
rails (~> 6.0.0)
rails-controller-testing!
rails (~> 5.2)
rails-controller-testing
rdoc
responders (~> 3.0)
sqlite3 (~> 1.4)
responders (~> 2.4)
sqlite3 (~> 1.3.6)
timecop
webrat (= 0.7.3)

2
ISSUE_TEMPLATE.md
View File

@@ -2,7 +2,7 @@
- Do not use the issues tracker for help or support, try Stack Overflow.
- For bugs, do a quick search and make sure the bug has not yet been reported
- If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo@googlegroups.com instead.
- If you found a security bug, do not report it through GitHub. Please send an e-mail to opensource@plataformatec.com.br instead.
- Finally, be nice and have fun!
## Environment

3
MIT-LICENSE
View File

@@ -1,5 +1,4 @@
Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva.
Copyright 2009-2019 Plataformatec.
Copyright 2009-2019 Plataformatec. http://plataformatec.com.br
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the

140
README.md
View File

@@ -1,7 +1,11 @@
![Devise Logo](https://raw.github.com/heartcombo/devise/master/devise.png)
![Devise Logo](https://raw.github.com/plataformatec/devise/master/devise.png)
[![Build Status](https://api.travis-ci.org/heartcombo/devise.svg?branch=master)](http://travis-ci.org/heartcombo/devise)
[![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise)
By [Plataformatec](http://plataformatec.com.br/).
[![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise)
[![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise)
This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).
Devise is a flexible authentication solution for Rails based on Warden. It:
@@ -12,16 +16,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
It's composed of 10 modules:
* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support.
* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time.
* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
* [Database Authenticatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
* [Omniauthable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support.
* [Confirmable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
* [Recoverable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
* [Registerable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
* [Rememberable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
* [Trackable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
* [Timeoutable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time.
* [Validatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
* [Lockable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
## Table of Contents
@@ -54,6 +58,7 @@ It's composed of 10 modules:
- [Other ORMs](#other-orms)
- [Rails API mode](#rails-api-mode)
- [Additional information](#additional-information)
- [Heroku](#heroku)
- [Warden](#warden)
- [Contributors](#contributors)
- [License](#license)
@@ -68,15 +73,15 @@ It's composed of 10 modules:
The Devise Wiki has lots of additional information about Devise including many "how-to" articles and answers to the most frequently asked questions. Please browse the Wiki after finishing this README:
https://github.com/heartcombo/devise/wiki
https://github.com/plataformatec/devise/wiki
### Bug reports
If you discover a problem with Devise, we would like to know about it. However, we ask that you please review these guidelines before submitting a bug report:
https://github.com/heartcombo/devise/wiki/Bug-reports
https://github.com/plataformatec/devise/wiki/Bug-reports
If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to heartcombo@googlegroups.com.
If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br.
### StackOverflow and Mailing List
@@ -92,7 +97,7 @@ https://groups.google.com/group/plataformatec-devise
You can view the Devise documentation in RDoc format here:
http://rubydoc.info/github/heartcombo/devise/master/frames
http://rubydoc.info/github/plataformatec/devise/master/frames
If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation.
@@ -100,26 +105,26 @@ If you need to use Devise with previous versions of Rails, you can always run "g
There are a few example applications available on GitHub that demonstrate various features of Devise with different versions of Rails. You can view them here:
https://github.com/heartcombo/devise/wiki/Example-Applications
https://github.com/plataformatec/devise/wiki/Example-Applications
### Extensions
Our community has created a number of extensions that add functionality above and beyond what is included with Devise. You can view a list of available extensions and add your own here:
https://github.com/heartcombo/devise/wiki/Extensions
https://github.com/plataformatec/devise/wiki/Extensions
### Contributing
We hope that you will consider contributing to Devise. Please read this short overview for some information about how to get started:
https://github.com/heartcombo/devise/wiki/Contributing
https://github.com/plataformatec/devise/wiki/Contributing
You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run `bundle install` and `bin/test`.
Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`.
### DEVISE_ORM
Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM.
The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`:
The default value of `DEVISE_ORM` is `active_record`. To run the tests for mongoid, you can pass `mongoid`:
```
DEVISE_ORM=mongoid bin/test
@@ -131,18 +136,18 @@ Please note that the command output will show the variable value being used.
### BUNDLE_GEMFILE
We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory).
Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable.
For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following:
Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable.
For example, if the tests broke using Ruby 2.5.0 and Rails 5.0, you can do the following:
```bash
rbenv shell 2.4.2 # or rvm use 2.4.2
BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install
BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bin/test
rbenv shell 2.5.0 # or rvm use 2.5.0
BUNDLE_GEMFILE=gemfiles/Gemfile.rails-5.0-stable bundle install
BUNDLE_GEMFILE=gemfiles/Gemfile.rails-5.0-stable bin/test
```
You can also combine both of them if the tests broke for Mongoid:
```bash
BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install
BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable DEVISE_ORM=mongoid bin/test
BUNDLE_GEMFILE=gemfiles/Gemfile.rails-5.0-stable bundle install
BUNDLE_GEMFILE=gemfiles/Gemfile.rails-5.0-stable DEVISE_ORM=mongoid bin/test
```
### Running tests
@@ -165,17 +170,17 @@ bin/test test/models/trackable_test.rb:16
## Starting with Rails?
If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Here's a few resources that should help you get started:
If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started:
* Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users
* Ryan Bates' Railscasts: http://railscasts.com/episodes/250-authentication-from-scratch and http://railscasts.com/episodes/250-authentication-from-scratch-revised
* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch
* Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth
Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley:
## Getting started
Devise 4.0 works with Rails 4.1 onwards. Add the following line to your Gemfile:
Devise 5.0 works with Rails 5.0 onwards. Add the following line to your Gemfile:
```ruby
gem 'devise'
@@ -272,9 +277,9 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`,
### Strong Parameters
The Parameter Sanitizer API has changed for Devise 4 :warning:
![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204)
*For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters*
*For previous Devise versions see https://github.com/plataformatec/devise/tree/3-stable#strong-parameters*
When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
@@ -284,7 +289,7 @@ There are just three actions in Devise that allow any set of parameters to be pa
* `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
* `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password`
In case you want to permit additional parameters (the lazy way™), you can do so using a simple before action in your `ApplicationController`:
In case you want to permit additional parameters (the lazy way™), you can do so using a simple before filter in your `ApplicationController`:
```ruby
class ApplicationController < ActionController::Base
@@ -312,7 +317,7 @@ class ApplicationController < ActionController::Base
end
```
Devise allows you to completely change Devise defaults or invoke custom behavior by passing a block:
Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
To permit simple scalar values for username and email, use this
@@ -435,7 +440,7 @@ If the customization at the views level is not enough, you can customize each co
end
```
Or you can simply add new behavior to it:
Or you can simply add new behaviour to it:
```ruby
class Users::SessionsController < Devise::SessionsController
@@ -459,7 +464,7 @@ Devise also ships with default routes. If you need to customize them, you should
devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
```
Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details.
Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details.
If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router:
@@ -515,7 +520,7 @@ en:
Take a look at our locale file to check all available messages. You may also be interested in one of the many translations that are available on our wiki:
https://github.com/heartcombo/devise/wiki/I18n
https://github.com/plataformatec/devise/wiki/I18n
Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController.
@@ -527,21 +532,15 @@ cases/specs.
### Controller tests
Controller tests require that you include `Devise::Test::IntegrationHelpers` on
Controller tests require that you include `Devise::Test::ControllerHelpers` on
your test case or its parent `ActionController::TestCase` superclass.
For Rails versions prior to 5, include `Devise::Test::ControllerHelpers` instead, since the superclass
for controller tests was changed to ActionDispatch::IntegrationTest
For Rails 5, include `Devise::Test::IntegrationHelpers` instead, since the superclass
for controller tests has been changed to ActionDispatch::IntegrationTest
(for more details, see the [Integration tests](#integration-tests) section).
```ruby
class PostsControllerTest < ActionController::TestCase
include Devise::Test::IntegrationHelpers # Rails >= 5
end
```
```ruby
class PostsControllerTest < ActionController::TestCase
include Devise::Test::ControllerHelpers # Rails < 5
include Devise::Test::ControllerHelpers
end
```
@@ -621,7 +620,7 @@ are executed in your tests.
You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki:
* https://github.com/heartcombo/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec)
* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec)
### OmniAuth
@@ -633,7 +632,7 @@ config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
You can read more about OmniAuth support in the wiki:
* https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview
* https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
### Configuring multiple models
@@ -680,7 +679,7 @@ end
### Password reset tokens and Rails logs
If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files:
If you enable the [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files:
1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked.
2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked.
@@ -698,48 +697,41 @@ Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simpl
### Rails API Mode
Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). Devise is _somewhat_ able to handle applications that are built in this mode without additional modifications in the sense that it should not raise exceptions and the like. But some issues may still arise during `development`/`testing`, as we still don't know the full extent of this compatibility. (For more information, see [issue #4947](https://github.com/heartcombo/devise/issues/4947/))
#### Supported Authentication Strategies
API-only applications don't support browser-based authentication via cookies, which is devise's default. Yet, devise can still provide authentication out of the box in those cases with the `http_authenticatable` strategy, which uses HTTP Basic Auth and authenticates the user on each request. (For more info, see this wiki article for [How To: Use HTTP Basic Authentication](https://github.com/heartcombo/devise/wiki/How-To:-Use-HTTP-Basic-Authentication))
The devise default for HTTP Auth is disabled, so it will need to be enabled in the devise initializer for the database strategy:
```ruby
config.http_authenticatable = [:database]
```
This restriction does not limit you from implementing custom warden strategies, either in your application or via gem-based extensions for devise.
A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/heartcombo/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](http://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/).
#### Testing
API Mode changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb:
Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). One of the side effects is that it changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb:
```ruby
Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Cookies
Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Session::CookieStore
```
For a deeper understanding of this, review [this issue](https://github.com/heartcombo/devise/issues/4696).
Additionally be mindful that without views supported, some email-based flows from Confirmable, Recoverable and Lockable are not supported directly at this time.
For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696).
## Additional information
### Heroku
Using Devise on Heroku with Ruby on Rails 3.2 requires setting:
```ruby
config.assets.initialize_on_precompile = false
```
Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html
### Warden
Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here:
https://github.com/wardencommunity/warden
https://github.com/hassox/warden
### Contributors
We have a long list of valued contributors. Check them all at:
https://github.com/heartcombo/devise/graphs/contributors
https://github.com/plataformatec/devise/graphs/contributors
## License
MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
MIT License. Copyright 2009-2019 Plataformatec. http://plataformatec.com.br
The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/).
You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo.

12
app/controllers/devise/passwords_controller.rb
View File

@@ -47,7 +47,12 @@ class Devise::PasswordsController < DeviseController
respond_with resource, location: after_resetting_password_path_for(resource)
else
set_minimum_password_length
respond_with resource
if expired_token_error?(resource)
redirect_to new_password_path(resource_name), alert: t('devise.passwords.expired_token')
else
respond_with resource
end
end
end
@@ -80,4 +85,9 @@ class Devise::PasswordsController < DeviseController
def translation_scope
'devise.passwords'
end
private
def expired_token_error?(resource)
resource.errors.details[:reset_password_token].any? { |error| error[:error] == :expired }
end
end

8
app/controllers/devise/sessions_controller.rb
View File

@@ -28,7 +28,7 @@ class Devise::SessionsController < DeviseController
signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
set_flash_message! :notice, :signed_out if signed_out
yield if block_given?
respond_to_on_destroy
respond_to_on_destroy(status: :no_content)
end
protected
@@ -62,7 +62,7 @@ class Devise::SessionsController < DeviseController
if all_signed_out?
set_flash_message! :notice, :already_signed_out
respond_to_on_destroy
respond_to_on_destroy(status: :unauthorized)
end
end
@@ -72,11 +72,11 @@ class Devise::SessionsController < DeviseController
users.all?(&:blank?)
end
def respond_to_on_destroy
def respond_to_on_destroy(status:)
# We actually need to hardcode this as Rails default responder doesn't
# support returning empty response on GET request
respond_to do |format|
format.all { head :no_content }
format.all { head status }
format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) }
end
end

4
app/controllers/devise_controller.rb
View File

@@ -112,7 +112,7 @@ MESSAGE
end
if authenticated && resource = warden.user(resource_name)
set_flash_message(:alert, 'already_authenticated', scope: 'devise.failure')
flash[:alert] = I18n.t("devise.failure.already_authenticated")
redirect_to after_sign_in_path_for(resource)
end
end
@@ -184,7 +184,7 @@ MESSAGE
options[:default] = Array(options[:default]).unshift(kind.to_sym)
options[:resource_name] = resource_name
options = devise_i18n_options(options)
I18n.t("#{options[:resource_name]}.#{kind}", **options)
I18n.t("#{options[:resource_name]}.#{kind}", options)
end
# Controllers inheriting DeviseController are advised to override this

24
app/helpers/devise_helper.rb
View File

@@ -1,26 +1,14 @@
# frozen_string_literal: true
module DeviseHelper
# Retain this method for backwards compatibility, deprecated in favor of modifying the
# devise/shared/error_messages partial.
# Retain this method for backwards compatibility, deprecated in favour of modifying the
# devise/shared/error_messages partial
def devise_error_messages!
ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
[Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be
removed in the next major version.
Devise now uses a partial under "devise/shared/error_messages" to display
error messages by default, and make them easier to customize. Update your
views changing calls from:
<%= devise_error_messages! %>
to:
<%= render "devise/shared/error_messages", resource: resource %>
To start customizing how errors are displayed, you can copy the partial
from devise to your `app/views` folder. Alternatively, you can run
`rails g devise:views` which will copy all of them again to your app.
[Devise] `DeviseHelper.devise_error_messages!`
is deprecated and it will be removed in the next major version.
To customize the errors styles please run `rails g devise:views` and modify the
`devise/shared/error_messages` partial.
DEPRECATION
return "" if resource.errors.empty?

10
app/mailers/devise/mailer.rb
View File

@@ -4,26 +4,26 @@ if defined?(ActionMailer)
class Devise::Mailer < Devise.parent_mailer.constantize
include Devise::Mailers::Helpers
def confirmation_instructions(record, token, opts = {})
def confirmation_instructions(record, token, opts={})
@token = token
devise_mail(record, :confirmation_instructions, opts)
end
def reset_password_instructions(record, token, opts = {})
def reset_password_instructions(record, token, opts={})
@token = token
devise_mail(record, :reset_password_instructions, opts)
end
def unlock_instructions(record, token, opts = {})
def unlock_instructions(record, token, opts={})
@token = token
devise_mail(record, :unlock_instructions, opts)
end
def email_changed(record, opts = {})
def email_changed(record, opts={})
devise_mail(record, :email_changed, opts)
end
def password_change(record, opts = {})
def password_change(record, opts={})
devise_mail(record, :password_change, opts)
end
end

9
config/locales/en.yml
View File

@@ -1,4 +1,4 @@
# Additional translations at https://github.com/heartcombo/devise/wiki/I18n
# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
en:
devise:
@@ -10,7 +10,11 @@ en:
already_authenticated: "You are already signed in."
inactive: "Your account is not activated yet."
invalid: "Invalid %{authentication_keys} or password."
locked: "Your account is locked."
locked:
none: "Your account is locked."
email: "Your account is locked. An email has been sent with instructions on how to unlock your account."
time: "Your account is locked. Your account will become available after a certain amount of time."
both: "Your account is locked. An email has been sent with instructions on how to unlock your account, or wait a certain amount of time and try again."
last_attempt: "You have one more attempt before your account is locked."
not_found_in_database: "Invalid %{authentication_keys} or password."
timeout: "Your session expired. Please sign in again to continue."
@@ -36,6 +40,7 @@ en:
send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
updated: "Your password has been changed successfully. You are now signed in."
updated_not_active: "Your password has been changed successfully."
expired_token: "The password recovery link expired. Please request a new one."
registrations:
destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
signed_up: "Welcome! You have signed up successfully."

8
devise.gemspec
View File

@@ -10,18 +10,18 @@ Gem::Specification.new do |s|
s.platform = Gem::Platform::RUBY
s.licenses = ["MIT"]
s.summary = "Flexible authentication solution for Rails with Warden"
s.email = "heartcombo@googlegroups.com"
s.homepage = "https://github.com/heartcombo/devise"
s.email = "contact@plataformatec.com.br"
s.homepage = "https://github.com/plataformatec/devise"
s.description = "Flexible authentication solution for Rails with Warden"
s.authors = ['José Valim', 'Carlos Antônio']
s.files = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"]
s.require_paths = ["lib"]
s.required_ruby_version = '>= 2.1.0'
s.required_ruby_version = '>= 2.3.0'
s.add_dependency("warden", "~> 1.2.3")
s.add_dependency("orm_adapter", "~> 0.1")
s.add_dependency("bcrypt", "~> 3.0")
s.add_dependency("railties", ">= 4.1.0")
s.add_dependency("railties", ">= 5.0")
s.add_dependency("responders")
end

125
gemfiles/Gemfile.rails-4.1-stable.lock
View File

@@ -1,5 +1,5 @@
GIT
remote: https://github.com/rails/rails.git
remote: git://github.com/rails/rails.git
revision: 0cad778c2605a5204a05a9f1dbd3344e39f248d8
branch: 4-1-stable
specs:
@@ -7,6 +7,30 @@ GIT
actionpack (= 4.1.16)
actionview (= 4.1.16)
mail (~> 2.5, >= 2.5.4)
rails (4.1.16)
actionmailer (= 4.1.16)
actionpack (= 4.1.16)
actionview (= 4.1.16)
activemodel (= 4.1.16)
activerecord (= 4.1.16)
activesupport (= 4.1.16)
bundler (>= 1.3.0, < 2.0)
railties (= 4.1.16)
sprockets-rails (~> 2.0)
PATH
remote: ..
specs:
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
actionpack (4.1.16)
actionview (= 4.1.16)
activesupport (= 4.1.16)
@@ -29,55 +53,29 @@ GIT
minitest (~> 5.1)
thread_safe (~> 0.1)
tzinfo (~> 1.1)
rails (4.1.16)
actionmailer (= 4.1.16)
actionpack (= 4.1.16)
actionview (= 4.1.16)
activemodel (= 4.1.16)
activerecord (= 4.1.16)
activesupport (= 4.1.16)
bundler (>= 1.3.0, < 2.0)
railties (= 4.1.16)
sprockets-rails (~> 2.0)
railties (4.1.16)
actionpack (= 4.1.16)
activesupport (= 4.1.16)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
PATH
remote: ..
specs:
devise (4.7.3)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
arel (5.0.1.20140414130214)
bcrypt (3.1.13)
bson (3.2.7)
builder (3.2.4)
concurrent-ruby (1.1.6)
connection_pool (2.2.3)
bson (3.2.6)
builder (3.2.3)
concurrent-ruby (1.0.5)
connection_pool (2.2.1)
erubis (2.7.0)
faraday (1.0.1)
faraday (0.11.0)
multipart-post (>= 1.2, < 3)
hashie (3.6.0)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
hashie (3.5.5)
i18n (0.8.1)
json (1.8.6)
jwt (2.2.1)
mail (2.7.1)
mini_mime (>= 0.1.1)
mini_mime (1.0.2)
jwt (1.5.6)
mail (2.6.4)
mime-types (>= 1.16, < 4)
metaclass (0.0.4)
mime-types (3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2016.0521)
mini_portile2 (2.4.0)
minitest (5.14.1)
mocha (1.11.2)
minitest (5.10.1)
mocha (1.2.1)
metaclass (~> 0.0.1)
mongoid (4.0.2)
activemodel (~> 4.0)
moped (~> 2.0.0)
@@ -87,30 +85,30 @@ GEM
bson (~> 3.0)
connection_pool (~> 2.0)
optionable (~> 0.2.0)
multi_json (1.14.1)
multi_json (1.12.1)
multi_xml (0.6.0)
multipart-post (2.1.1)
multipart-post (2.0.0)
nokogiri (1.9.1)
mini_portile2 (~> 2.4.0)
oauth2 (1.4.4)
faraday (>= 0.8, < 2.0)
jwt (>= 1.0, < 3.0)
oauth2 (1.3.1)
faraday (>= 0.8, < 0.12)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.4.2)
hashie (>= 1.2, < 4)
rack (>= 1.0, < 3)
omniauth-facebook (6.0.0)
omniauth-facebook (4.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-oauth2 (1.5.0)
oauth2 (~> 1.1)
omniauth-oauth2 (1.4.0)
oauth2 (~> 1.0)
omniauth (~> 1.2)
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
optionable (0.2.0)
origin (2.3.1)
origin (2.3.0)
orm_adapter (0.5.0)
rack (1.5.5)
rack-openid (1.3.1)
@@ -118,12 +116,17 @@ GEM
ruby-openid (>= 2.1.8)
rack-test (0.6.3)
rack (>= 1.0)
rake (13.0.1)
railties (4.1.16)
actionpack (= 4.1.16)
activesupport (= 4.1.16)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (12.0.0)
rdoc (5.1.0)
responders (1.1.2)
railties (>= 3.2, < 4.2)
ruby-openid (2.9.2)
sprockets (3.7.2)
ruby-openid (2.7.0)
sprockets (3.7.1)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (2.3.3)
@@ -131,12 +134,12 @@ GEM
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
sqlite3 (1.3.13)
test_after_commit (1.2.2)
activerecord (>= 3.2, < 5.0)
thor (1.0.1)
test_after_commit (1.1.0)
activerecord (>= 3.2)
thor (0.19.4)
thread_safe (0.3.6)
timecop (0.9.1)
tzinfo (1.2.7)
timecop (0.8.1)
tzinfo (1.2.2)
thread_safe (~> 0.1)
warden (1.2.7)
rack (>= 1.0)

155
gemfiles/Gemfile.rails-4.2-stable.lock
View File

@@ -1,63 +1,63 @@
GIT
remote: https://github.com/rails/rails.git
revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997
remote: git://github.com/rails/rails.git
revision: dc3ae21802c316e1639239d28202db7aa7fb7cac
branch: 4-2-stable
specs:
actionmailer (4.2.11.3)
actionpack (= 4.2.11.3)
actionview (= 4.2.11.3)
activejob (= 4.2.11.3)
actionmailer (4.2.8)
actionpack (= 4.2.8)
actionview (= 4.2.8)
activejob (= 4.2.8)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.11.3)
actionview (= 4.2.11.3)
activesupport (= 4.2.11.3)
actionpack (4.2.8)
actionview (= 4.2.8)
activesupport (= 4.2.8)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (4.2.11.3)
activesupport (= 4.2.11.3)
actionview (4.2.8)
activesupport (= 4.2.8)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (4.2.11.3)
activesupport (= 4.2.11.3)
activejob (4.2.8)
activesupport (= 4.2.8)
globalid (>= 0.3.0)
activemodel (4.2.11.3)
activesupport (= 4.2.11.3)
activemodel (4.2.8)
activesupport (= 4.2.8)
builder (~> 3.1)
activerecord (4.2.11.3)
activemodel (= 4.2.11.3)
activesupport (= 4.2.11.3)
activerecord (4.2.8)
activemodel (= 4.2.8)
activesupport (= 4.2.8)
arel (~> 6.0)
activesupport (4.2.11.3)
activesupport (4.2.8)
i18n (~> 0.7)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
rails (4.2.11.3)
actionmailer (= 4.2.11.3)
actionpack (= 4.2.11.3)
actionview (= 4.2.11.3)
activejob (= 4.2.11.3)
activemodel (= 4.2.11.3)
activerecord (= 4.2.11.3)
activesupport (= 4.2.11.3)
rails (4.2.8)
actionmailer (= 4.2.8)
actionpack (= 4.2.8)
actionview (= 4.2.8)
activejob (= 4.2.8)
activemodel (= 4.2.8)
activerecord (= 4.2.8)
activesupport (= 4.2.8)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.11.3)
railties (= 4.2.8)
sprockets-rails
railties (4.2.11.3)
actionpack (= 4.2.11.3)
activesupport (= 4.2.11.3)
railties (4.2.8)
actionpack (= 4.2.8)
activesupport (= 4.2.8)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
PATH
remote: ..
specs:
devise (4.7.3)
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
@@ -69,29 +69,30 @@ GEM
specs:
arel (6.0.4)
bcrypt (3.1.13)
bson (3.2.7)
builder (3.2.4)
concurrent-ruby (1.1.6)
connection_pool (2.2.3)
crass (1.0.6)
bson (3.2.6)
builder (3.2.3)
concurrent-ruby (1.0.5)
connection_pool (2.2.1)
erubis (2.7.0)
faraday (1.0.1)
faraday (0.11.0)
multipart-post (>= 1.2, < 3)
globalid (0.4.2)
activesupport (>= 4.2.0)
hashie (4.1.0)
i18n (0.9.5)
concurrent-ruby (~> 1.0)
jwt (2.2.1)
loofah (2.5.0)
crass (~> 1.0.2)
globalid (0.3.7)
activesupport (>= 4.1.0)
hashie (3.5.5)
i18n (0.8.1)
jwt (1.5.6)
loofah (2.0.3)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
mini_mime (1.0.2)
mail (2.6.4)
mime-types (>= 1.16, < 4)
metaclass (0.0.4)
mime-types (3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2016.0521)
mini_portile2 (2.4.0)
minitest (5.14.1)
mocha (1.11.2)
minitest (5.10.1)
mocha (1.2.1)
metaclass (~> 0.0.1)
mongoid (4.0.2)
activemodel (~> 4.0)
moped (~> 2.0.0)
@@ -101,32 +102,32 @@ GEM
bson (~> 3.0)
connection_pool (~> 2.0)
optionable (~> 0.2.0)
multi_json (1.14.1)
multi_json (1.12.1)
multi_xml (0.6.0)
multipart-post (2.1.1)
multipart-post (2.0.0)
nokogiri (1.9.1)
mini_portile2 (~> 2.4.0)
oauth2 (1.4.4)
faraday (>= 0.8, < 2.0)
jwt (>= 1.0, < 3.0)
oauth2 (1.3.1)
faraday (>= 0.8, < 0.12)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.9.1)
hashie (>= 3.4.6)
omniauth (1.6.1)
hashie (>= 3.4.6, < 3.6.0)
rack (>= 1.6.2, < 3)
omniauth-facebook (6.0.0)
omniauth-facebook (4.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-oauth2 (1.6.0)
oauth2 (~> 1.1)
omniauth (~> 1.9)
omniauth-oauth2 (1.4.0)
oauth2 (~> 1.0)
omniauth (~> 1.2)
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
optionable (0.2.0)
origin (2.3.1)
origin (2.3.0)
orm_adapter (0.5.0)
rack (1.6.13)
rack (1.6.5)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
@@ -134,32 +135,32 @@ GEM
rack (>= 1.0)
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
rails-dom-testing (1.0.9)
activesupport (>= 4.2.0, < 5.0)
rails-dom-testing (1.0.8)
activesupport (>= 4.2.0.beta, < 5.0)
nokogiri (~> 1.6)
rails-deprecated_sanitizer (>= 1.0.1)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
rake (13.0.1)
rails-html-sanitizer (1.0.3)
loofah (~> 2.0)
rake (12.0.0)
rdoc (5.1.0)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
ruby-openid (2.9.2)
sprockets (4.0.1)
ruby-openid (2.7.0)
sprockets (3.7.1)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
sprockets-rails (3.2.0)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sqlite3 (1.3.13)
test_after_commit (1.2.2)
activerecord (>= 3.2, < 5.0)
thor (1.0.1)
test_after_commit (1.1.0)
activerecord (>= 3.2)
thor (0.19.4)
thread_safe (0.3.6)
timecop (0.9.1)
tzinfo (1.2.7)
timecop (0.8.1)
tzinfo (1.2.2)
thread_safe (~> 0.1)
warden (1.2.7)
rack (>= 1.0)

190
gemfiles/Gemfile.rails-5.0-stable.lock
View File

@@ -1,171 +1,172 @@
GIT
remote: https://github.com/rails/activemodel-serializers-xml.git
revision: 93689638c28525acc65afb638fce866826532641
remote: git://github.com/rails/activemodel-serializers-xml.git
revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531
specs:
activemodel-serializers-xml (1.0.2)
activemodel (>= 5.0.0.a)
activesupport (>= 5.0.0.a)
activemodel-serializers-xml (1.0.1)
activemodel (> 5.x)
activesupport (> 5.x)
builder (~> 3.1)
PATH
remote: ..
specs:
devise (4.7.3)
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
railties (>= 5.0)
responders
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
actioncable (5.0.7.2)
actionpack (= 5.0.7.2)
actioncable (5.0.2)
actionpack (= 5.0.2)
nio4r (>= 1.2, < 3.0)
websocket-driver (~> 0.6.1)
actionmailer (5.0.7.2)
actionpack (= 5.0.7.2)
actionview (= 5.0.7.2)
activejob (= 5.0.7.2)
actionmailer (5.0.2)
actionpack (= 5.0.2)
actionview (= 5.0.2)
activejob (= 5.0.2)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.0.7.2)
actionview (= 5.0.7.2)
activesupport (= 5.0.7.2)
actionpack (5.0.2)
actionview (= 5.0.2)
activesupport (= 5.0.2)
rack (~> 2.0)
rack-test (~> 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.0.7.2)
activesupport (= 5.0.7.2)
actionview (5.0.2)
activesupport (= 5.0.2)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.0.7.2)
activesupport (= 5.0.7.2)
activejob (5.0.2)
activesupport (= 5.0.2)
globalid (>= 0.3.6)
activemodel (5.0.7.2)
activesupport (= 5.0.7.2)
activerecord (5.0.7.2)
activemodel (= 5.0.7.2)
activesupport (= 5.0.7.2)
activemodel (5.0.2)
activesupport (= 5.0.2)
activerecord (5.0.2)
activemodel (= 5.0.2)
activesupport (= 5.0.2)
arel (~> 7.0)
activesupport (5.0.7.2)
activesupport (5.0.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
i18n (~> 0.7)
minitest (~> 5.1)
tzinfo (~> 1.1)
arel (7.1.4)
bcrypt (3.1.13)
builder (3.2.4)
concurrent-ruby (1.1.6)
crass (1.0.6)
builder (3.2.3)
concurrent-ruby (1.0.5)
erubis (2.7.0)
faraday (1.0.1)
faraday (0.11.0)
multipart-post (>= 1.2, < 3)
globalid (0.4.2)
globalid (0.4.0)
activesupport (>= 4.2.0)
hashie (4.1.0)
i18n (1.8.3)
concurrent-ruby (~> 1.0)
jwt (2.2.1)
loofah (2.5.0)
crass (~> 1.0.2)
hashie (3.5.5)
i18n (0.8.1)
jwt (1.5.6)
loofah (2.0.3)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
method_source (1.0.0)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
minitest (5.14.1)
mocha (1.11.2)
multi_json (1.14.1)
mail (2.6.5)
mime-types (>= 1.16, < 4)
metaclass (0.0.4)
method_source (0.8.2)
mime-types (3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2016.0521)
mini_portile2 (2.1.0)
minitest (5.10.1)
mocha (1.2.1)
metaclass (~> 0.0.1)
multi_json (1.12.1)
multi_xml (0.6.0)
multipart-post (2.1.1)
nio4r (2.5.2)
nokogiri (1.10.9)
mini_portile2 (~> 2.4.0)
oauth2 (1.4.4)
faraday (>= 0.8, < 2.0)
jwt (>= 1.0, < 3.0)
multipart-post (2.0.0)
nio4r (2.0.0)
nokogiri (1.7.2)
mini_portile2 (~> 2.1.0)
oauth2 (1.3.1)
faraday (>= 0.8, < 0.12)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.9.1)
hashie (>= 3.4.6)
omniauth (1.6.1)
hashie (>= 3.4.6, < 3.6.0)
rack (>= 1.6.2, < 3)
omniauth-facebook (6.0.0)
omniauth-facebook (4.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-oauth2 (1.6.0)
oauth2 (~> 1.1)
omniauth (~> 1.9)
omniauth-oauth2 (1.4.0)
oauth2 (~> 1.0)
omniauth (~> 1.2)
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
orm_adapter (0.5.0)
rack (2.2.2)
rack (2.0.2)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (0.6.3)
rack (>= 1.0)
rails (5.0.7.2)
actioncable (= 5.0.7.2)
actionmailer (= 5.0.7.2)
actionpack (= 5.0.7.2)
actionview (= 5.0.7.2)
activejob (= 5.0.7.2)
activemodel (= 5.0.7.2)
activerecord (= 5.0.7.2)
activesupport (= 5.0.7.2)
bundler (>= 1.3.0)
railties (= 5.0.7.2)
rails (5.0.2)
actioncable (= 5.0.2)
actionmailer (= 5.0.2)
actionpack (= 5.0.2)
actionview (= 5.0.2)
activejob (= 5.0.2)
activemodel (= 5.0.2)
activerecord (= 5.0.2)
activesupport (= 5.0.2)
bundler (>= 1.3.0, < 2.0)
railties (= 5.0.2)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.4)
actionpack (>= 5.0.1.x)
actionview (>= 5.0.1.x)
activesupport (>= 5.0.1.x)
rails-controller-testing (1.0.1)
actionpack (~> 5.x)
actionview (~> 5.x)
activesupport (~> 5.x)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (5.0.7.2)
actionpack (= 5.0.7.2)
activesupport (= 5.0.7.2)
rails-html-sanitizer (1.0.3)
loofah (~> 2.0)
railties (5.0.2)
actionpack (= 5.0.2)
activesupport (= 5.0.2)
method_source
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (13.0.1)
rdoc (6.2.1)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
ruby-openid (2.9.2)
sprockets (4.0.1)
rake (12.0.0)
rdoc (5.1.0)
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
ruby-openid (2.7.0)
sprockets (3.7.1)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
sprockets-rails (3.2.0)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sqlite3 (1.3.13)
thor (1.0.1)
thor (0.19.4)
thread_safe (0.3.6)
timecop (0.9.1)
tzinfo (1.2.7)
timecop (0.8.1)
tzinfo (1.2.3)
thread_safe (~> 0.1)
warden (1.2.8)
rack (>= 2.0.6)
warden (1.2.7)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
rack (>= 1.0)
rack-test (>= 0.5.3)
websocket-driver (0.6.5)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
websocket-extensions (0.1.2)
PLATFORMS
ruby
@@ -183,6 +184,7 @@ DEPENDENCIES
rdoc
responders (~> 2.1)
sqlite3 (~> 1.3.6)
test_after_commit
timecop
webrat (= 0.7.3)

26
gemfiles/Gemfile.rails-5.1-stable
View File

@@ -1,26 +0,0 @@
source "https://rubygems.org"
gemspec path: ".."
gem "rails", '~> 5.1.0'
gem "omniauth"
gem "omniauth-oauth2"
gem "rdoc"
gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
gem "rails-controller-testing"
gem "responders", "~> 2.1"
group :test do
gem "omniauth-facebook"
gem "omniauth-openid"
gem "timecop"
gem "webrat", "0.7.3", require: false
gem "mocha", "~> 1.1", require: false
end
platforms :ruby do
gem "sqlite3", "~> 1.3.6"
end

190
gemfiles/Gemfile.rails-5.1-stable.lock
View File

@@ -1,190 +0,0 @@
GIT
remote: https://github.com/rails/activemodel-serializers-xml.git
revision: 93689638c28525acc65afb638fce866826532641
specs:
activemodel-serializers-xml (1.0.2)
activemodel (>= 5.0.0.a)
activesupport (>= 5.0.0.a)
builder (~> 3.1)
PATH
remote: ..
specs:
devise (4.7.3)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
actioncable (5.1.7)
actionpack (= 5.1.7)
nio4r (~> 2.0)
websocket-driver (~> 0.6.1)
actionmailer (5.1.7)
actionpack (= 5.1.7)
actionview (= 5.1.7)
activejob (= 5.1.7)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.1.7)
actionview (= 5.1.7)
activesupport (= 5.1.7)
rack (~> 2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.1.7)
activesupport (= 5.1.7)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.1.7)
activesupport (= 5.1.7)
globalid (>= 0.3.6)
activemodel (5.1.7)
activesupport (= 5.1.7)
activerecord (5.1.7)
activemodel (= 5.1.7)
activesupport (= 5.1.7)
arel (~> 8.0)
activesupport (5.1.7)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
arel (8.0.0)
bcrypt (3.1.13)
builder (3.2.4)
concurrent-ruby (1.1.6)
crass (1.0.6)
erubi (1.9.0)
faraday (1.0.1)
multipart-post (>= 1.2, < 3)
globalid (0.4.2)
activesupport (>= 4.2.0)
hashie (4.1.0)
i18n (1.8.3)
concurrent-ruby (~> 1.0)
jwt (2.2.1)
loofah (2.5.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
method_source (1.0.0)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
minitest (5.14.1)
mocha (1.11.2)
multi_json (1.14.1)
multi_xml (0.6.0)
multipart-post (2.1.1)
nio4r (2.5.2)
nokogiri (1.10.9)
mini_portile2 (~> 2.4.0)
oauth2 (1.4.4)
faraday (>= 0.8, < 2.0)
jwt (>= 1.0, < 3.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.9.1)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
omniauth-facebook (6.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-oauth2 (1.6.0)
oauth2 (~> 1.1)
omniauth (~> 1.9)
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
orm_adapter (0.5.0)
rack (2.2.2)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (5.1.7)
actioncable (= 5.1.7)
actionmailer (= 5.1.7)
actionpack (= 5.1.7)
actionview (= 5.1.7)
activejob (= 5.1.7)
activemodel (= 5.1.7)
activerecord (= 5.1.7)
activesupport (= 5.1.7)
bundler (>= 1.3.0)
railties (= 5.1.7)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.4)
actionpack (>= 5.0.1.x)
actionview (>= 5.0.1.x)
activesupport (>= 5.0.1.x)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (5.1.7)
actionpack (= 5.1.7)
activesupport (= 5.1.7)
method_source
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rake (13.0.1)
rdoc (6.2.1)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
ruby-openid (2.9.2)
sprockets (4.0.1)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sqlite3 (1.3.13)
thor (1.0.1)
thread_safe (0.3.6)
timecop (0.9.1)
tzinfo (1.2.7)
thread_safe (~> 0.1)
warden (1.2.8)
rack (>= 2.0.6)
webrat (0.7.3)
nokogiri (>= 1.2.0)
rack (>= 1.0)
rack-test (>= 0.5.3)
websocket-driver (0.6.5)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
PLATFORMS
ruby
DEPENDENCIES
activemodel-serializers-xml!
devise!
mocha (~> 1.1)
omniauth
omniauth-facebook
omniauth-oauth2
omniauth-openid
rails (~> 5.1.0)
rails-controller-testing
rdoc
responders (~> 2.1)
sqlite3 (~> 1.3.6)
timecop
webrat (= 0.7.3)
BUNDLED WITH
1.17.3

2
gemfiles/Gemfile.rails-5.2-stable
View File

@@ -2,7 +2,7 @@ source "https://rubygems.org"
gemspec path: ".."
gem "rails", '~> 5.2.0'
gem "rails", '~> 5.2'
gem "omniauth"
gem "omniauth-oauth2"
gem "rdoc"

191
gemfiles/Gemfile.rails-5.2-stable.lock
View File

@@ -1,158 +1,160 @@
GIT
remote: https://github.com/rails/activemodel-serializers-xml.git
revision: 93689638c28525acc65afb638fce866826532641
remote: git://github.com/rails/activemodel-serializers-xml.git
revision: f744aeca2747ed3134e492249c4ee39b548efdf6
specs:
activemodel-serializers-xml (1.0.2)
activemodel (>= 5.0.0.a)
activesupport (>= 5.0.0.a)
activemodel (> 5.x)
activesupport (> 5.x)
builder (~> 3.1)
PATH
remote: ..
specs:
devise (4.7.3)
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
railties (>= 5.0)
responders
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
actioncable (5.2.4.3)
actionpack (= 5.2.4.3)
actioncable (5.2.1)
actionpack (= 5.2.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailer (5.2.4.3)
actionpack (= 5.2.4.3)
actionview (= 5.2.4.3)
activejob (= 5.2.4.3)
actionmailer (5.2.1)
actionpack (= 5.2.1)
actionview (= 5.2.1)
activejob (= 5.2.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.2.4.3)
actionview (= 5.2.4.3)
activesupport (= 5.2.4.3)
rack (~> 2.0, >= 2.0.8)
actionpack (5.2.1)
actionview (= 5.2.1)
activesupport (= 5.2.1)
rack (~> 2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.2.4.3)
activesupport (= 5.2.4.3)
actionview (5.2.1)
activesupport (= 5.2.1)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.2.4.3)
activesupport (= 5.2.4.3)
activejob (5.2.1)
activesupport (= 5.2.1)
globalid (>= 0.3.6)
activemodel (5.2.4.3)
activesupport (= 5.2.4.3)
activerecord (5.2.4.3)
activemodel (= 5.2.4.3)
activesupport (= 5.2.4.3)
activemodel (5.2.1)
activesupport (= 5.2.1)
activerecord (5.2.1)
activemodel (= 5.2.1)
activesupport (= 5.2.1)
arel (>= 9.0)
activestorage (5.2.4.3)
actionpack (= 5.2.4.3)
activerecord (= 5.2.4.3)
activestorage (5.2.1)
actionpack (= 5.2.1)
activerecord (= 5.2.1)
marcel (~> 0.3.1)
activesupport (5.2.4.3)
activesupport (5.2.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
arel (9.0.0)
bcrypt (3.1.13)
builder (3.2.4)
concurrent-ruby (1.1.6)
crass (1.0.6)
erubi (1.9.0)
faraday (1.0.1)
builder (3.2.3)
concurrent-ruby (1.0.5)
crass (1.0.4)
erubi (1.7.1)
faraday (0.12.2)
multipart-post (>= 1.2, < 3)
globalid (0.4.2)
globalid (0.4.1)
activesupport (>= 4.2.0)
hashie (4.1.0)
i18n (1.8.3)
hashie (3.5.7)
i18n (1.1.0)
concurrent-ruby (~> 1.0)
jwt (2.2.1)
loofah (2.5.0)
jwt (1.5.6)
loofah (2.2.2)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mail (2.7.0)
mini_mime (>= 0.1.1)
marcel (0.3.3)
mimemagic (~> 0.3.2)
method_source (1.0.0)
mimemagic (0.3.5)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
minitest (5.14.1)
mocha (1.11.2)
multi_json (1.14.1)
metaclass (0.0.4)
method_source (0.9.0)
mimemagic (0.3.2)
mini_mime (1.0.1)
mini_portile2 (2.3.0)
minitest (5.11.3)
mocha (1.7.0)
metaclass (~> 0.0.1)
multi_json (1.13.1)
multi_xml (0.6.0)
multipart-post (2.1.1)
nio4r (2.5.2)
nokogiri (1.10.9)
mini_portile2 (~> 2.4.0)
oauth2 (1.4.4)
faraday (>= 0.8, < 2.0)
jwt (>= 1.0, < 3.0)
multipart-post (2.0.0)
nio4r (2.3.1)
nokogiri (1.8.5)
mini_portile2 (~> 2.3.0)
oauth2 (1.4.0)
faraday (>= 0.8, < 0.13)
jwt (~> 1.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.9.1)
hashie (>= 3.4.6)
omniauth (1.8.1)
hashie (>= 3.4.6, < 3.6.0)
rack (>= 1.6.2, < 3)
omniauth-facebook (6.0.0)
omniauth-facebook (5.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-oauth2 (1.6.0)
omniauth-oauth2 (1.5.0)
oauth2 (~> 1.1)
omniauth (~> 1.9)
omniauth (~> 1.2)
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
orm_adapter (0.5.0)
rack (2.2.2)
rack (2.0.5)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (5.2.4.3)
actioncable (= 5.2.4.3)
actionmailer (= 5.2.4.3)
actionpack (= 5.2.4.3)
actionview (= 5.2.4.3)
activejob (= 5.2.4.3)
activemodel (= 5.2.4.3)
activerecord (= 5.2.4.3)
activestorage (= 5.2.4.3)
activesupport (= 5.2.4.3)
rails (5.2.1)
actioncable (= 5.2.1)
actionmailer (= 5.2.1)
actionpack (= 5.2.1)
actionview (= 5.2.1)
activejob (= 5.2.1)
activemodel (= 5.2.1)
activerecord (= 5.2.1)
activestorage (= 5.2.1)
activesupport (= 5.2.1)
bundler (>= 1.3.0)
railties (= 5.2.4.3)
railties (= 5.2.1)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.4)
actionpack (>= 5.0.1.x)
actionview (>= 5.0.1.x)
activesupport (>= 5.0.1.x)
rails-controller-testing (1.0.2)
actionpack (~> 5.x, >= 5.0.1)
actionview (~> 5.x, >= 5.0.1)
activesupport (~> 5.x)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (5.2.4.3)
actionpack (= 5.2.4.3)
activesupport (= 5.2.4.3)
rails-html-sanitizer (1.0.4)
loofah (~> 2.2, >= 2.2.2)
railties (5.2.1)
actionpack (= 5.2.1)
activesupport (= 5.2.1)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
rake (13.0.1)
rdoc (6.2.1)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
ruby-openid (2.9.2)
sprockets (4.0.1)
rake (12.3.1)
rdoc (6.0.4)
responders (2.4.0)
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
ruby-openid (2.7.0)
sprockets (3.7.2)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
@@ -160,20 +162,20 @@ GEM
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sqlite3 (1.3.13)
thor (1.0.1)
thor (0.20.0)
thread_safe (0.3.6)
timecop (0.9.1)
tzinfo (1.2.7)
tzinfo (1.2.5)
thread_safe (~> 0.1)
warden (1.2.8)
rack (>= 2.0.6)
warden (1.2.7)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
rack (>= 1.0)
rack-test (>= 0.5.3)
websocket-driver (0.7.2)
websocket-driver (0.7.0)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
websocket-extensions (0.1.3)
PLATFORMS
ruby
@@ -186,11 +188,12 @@ DEPENDENCIES
omniauth-facebook
omniauth-oauth2
omniauth-openid
rails (~> 5.2.0)
rails (~> 5.2)
rails-controller-testing
rdoc
responders (~> 2.1)
sqlite3 (~> 1.3.6)
test_after_commit
timecop
webrat (= 0.7.3)

3
gemfiles/Gemfile.rails-6.0-stable
View File

@@ -9,7 +9,7 @@ gem "rdoc"
gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
gem "rails-controller-testing", github: "rails/rails-controller-testing"
gem "rails-controller-testing"
gem "responders", "~> 3.0"
@@ -19,6 +19,7 @@ group :test do
gem "timecop"
gem "webrat", "0.7.3", require: false
gem "mocha", "~> 1.1", require: false
gem 'test_after_commit', require: false
end
platforms :ruby do

200
gemfiles/Gemfile.rails-6.0-stable.lock
View File

@@ -1,5 +1,5 @@
GIT
remote: https://github.com/rails/activemodel-serializers-xml.git
remote: git://github.com/rails/activemodel-serializers-xml.git
revision: 93689638c28525acc65afb638fce866826532641
specs:
activemodel-serializers-xml (1.0.2)
@@ -7,125 +7,118 @@ GIT
activesupport (>= 5.0.0.a)
builder (~> 3.1)
GIT
remote: https://github.com/rails/rails-controller-testing.git
revision: 4b15c86e82ee380f2a7cc009e470368f7520560a
specs:
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
activesupport (>= 5.0.1.rc1)
PATH
remote: ..
specs:
devise (4.7.3)
devise (4.7.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
railties (>= 5.0)
responders
warden (~> 1.2.3)
GEM
remote: https://rubygems.org/
specs:
actioncable (6.0.3.2)
actionpack (= 6.0.3.2)
actioncable (6.0.0)
actionpack (= 6.0.0)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.0.3.2)
actionpack (= 6.0.3.2)
activejob (= 6.0.3.2)
activerecord (= 6.0.3.2)
activestorage (= 6.0.3.2)
activesupport (= 6.0.3.2)
actionmailbox (6.0.0)
actionpack (= 6.0.0)
activejob (= 6.0.0)
activerecord (= 6.0.0)
activestorage (= 6.0.0)
activesupport (= 6.0.0)
mail (>= 2.7.1)
actionmailer (6.0.3.2)
actionpack (= 6.0.3.2)
actionview (= 6.0.3.2)
activejob (= 6.0.3.2)
actionmailer (6.0.0)
actionpack (= 6.0.0)
actionview (= 6.0.0)
activejob (= 6.0.0)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.0.3.2)
actionview (= 6.0.3.2)
activesupport (= 6.0.3.2)
rack (~> 2.0, >= 2.0.8)
actionpack (6.0.0)
actionview (= 6.0.0)
activesupport (= 6.0.0)
rack (~> 2.0)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.0.3.2)
actionpack (= 6.0.3.2)
activerecord (= 6.0.3.2)
activestorage (= 6.0.3.2)
activesupport (= 6.0.3.2)
actiontext (6.0.0)
actionpack (= 6.0.0)
activerecord (= 6.0.0)
activestorage (= 6.0.0)
activesupport (= 6.0.0)
nokogiri (>= 1.8.5)
actionview (6.0.3.2)
activesupport (= 6.0.3.2)
actionview (6.0.0)
activesupport (= 6.0.0)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
activejob (6.0.3.2)
activesupport (= 6.0.3.2)
activejob (6.0.0)
activesupport (= 6.0.0)
globalid (>= 0.3.6)
activemodel (6.0.3.2)
activesupport (= 6.0.3.2)
activerecord (6.0.3.2)
activemodel (= 6.0.3.2)
activesupport (= 6.0.3.2)
activestorage (6.0.3.2)
actionpack (= 6.0.3.2)
activejob (= 6.0.3.2)
activerecord (= 6.0.3.2)
activemodel (6.0.0)
activesupport (= 6.0.0)
activerecord (6.0.0)
activemodel (= 6.0.0)
activesupport (= 6.0.0)
activestorage (6.0.0)
actionpack (= 6.0.0)
activejob (= 6.0.0)
activerecord (= 6.0.0)
marcel (~> 0.3.1)
activesupport (6.0.3.2)
activesupport (6.0.0)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
zeitwerk (~> 2.2, >= 2.2.2)
bcrypt (3.1.15)
builder (3.2.4)
concurrent-ruby (1.1.7)
crass (1.0.6)
erubi (1.9.0)
faraday (1.0.1)
zeitwerk (~> 2.1, >= 2.1.8)
bcrypt (3.1.13)
builder (3.2.3)
concurrent-ruby (1.1.5)
crass (1.0.4)
erubi (1.8.0)
faraday (0.15.4)
multipart-post (>= 1.2, < 3)
globalid (0.4.2)
activesupport (>= 4.2.0)
hashie (4.1.0)
i18n (1.8.5)
hashie (3.6.0)
i18n (1.6.0)
concurrent-ruby (~> 1.0)
jwt (2.2.1)
loofah (2.6.0)
loofah (2.2.3)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (0.3.3)
mimemagic (~> 0.3.2)
method_source (1.0.0)
mimemagic (0.3.5)
metaclass (0.0.4)
method_source (0.9.2)
mimemagic (0.3.3)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
minitest (5.14.1)
mocha (1.11.2)
multi_json (1.15.0)
minitest (5.11.3)
mocha (1.9.0)
metaclass (~> 0.0.1)
multi_json (1.13.1)
multi_xml (0.6.0)
multipart-post (2.1.1)
nio4r (2.5.2)
nokogiri (1.10.10)
nio4r (2.4.0)
nokogiri (1.10.4)
mini_portile2 (~> 2.4.0)
oauth2 (1.4.4)
faraday (>= 0.8, < 2.0)
oauth2 (1.4.1)
faraday (>= 0.8, < 0.16.0)
jwt (>= 1.0, < 3.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
omniauth (1.9.1)
hashie (>= 3.4.6)
omniauth (1.9.0)
hashie (>= 3.4.6, < 3.7.0)
rack (>= 1.6.2, < 3)
omniauth-facebook (6.0.0)
omniauth-facebook (5.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-oauth2 (1.6.0)
oauth2 (~> 1.1)
@@ -134,56 +127,62 @@ GEM
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
orm_adapter (0.5.0)
rack (2.2.3)
rack (2.0.7)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (6.0.3.2)
actioncable (= 6.0.3.2)
actionmailbox (= 6.0.3.2)
actionmailer (= 6.0.3.2)
actionpack (= 6.0.3.2)
actiontext (= 6.0.3.2)
actionview (= 6.0.3.2)
activejob (= 6.0.3.2)
activemodel (= 6.0.3.2)
activerecord (= 6.0.3.2)
activestorage (= 6.0.3.2)
activesupport (= 6.0.3.2)
rails (6.0.0)
actioncable (= 6.0.0)
actionmailbox (= 6.0.0)
actionmailer (= 6.0.0)
actionpack (= 6.0.0)
actiontext (= 6.0.0)
actionview (= 6.0.0)
activejob (= 6.0.0)
activemodel (= 6.0.0)
activerecord (= 6.0.0)
activestorage (= 6.0.0)
activesupport (= 6.0.0)
bundler (>= 1.3.0)
railties (= 6.0.3.2)
railties (= 6.0.0)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.4)
actionpack (>= 5.0.1.x)
actionview (>= 5.0.1.x)
activesupport (>= 5.0.1.x)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.3.0)
loofah (~> 2.3)
railties (6.0.3.2)
actionpack (= 6.0.3.2)
activesupport (= 6.0.3.2)
rails-html-sanitizer (1.2.0)
loofah (~> 2.2, >= 2.2.2)
railties (6.0.0)
actionpack (= 6.0.0)
activesupport (= 6.0.0)
method_source
rake (>= 0.8.7)
thor (>= 0.20.3, < 2.0)
rake (13.0.1)
rdoc (6.2.1)
responders (3.0.1)
rake (12.3.3)
rdoc (6.1.1)
responders (3.0.0)
actionpack (>= 5.0)
railties (>= 5.0)
ruby-openid (2.9.2)
sprockets (4.0.2)
ruby-openid (2.7.0)
sprockets (3.7.2)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.1)
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
sqlite3 (1.4.2)
thor (1.0.1)
sqlite3 (1.4.1)
test_after_commit (1.1.0)
activerecord (>= 3.2)
thor (0.20.3)
thread_safe (0.3.6)
timecop (0.9.1)
tzinfo (1.2.7)
tzinfo (1.2.5)
thread_safe (~> 0.1)
warden (1.2.8)
rack (>= 2.0.6)
@@ -191,10 +190,10 @@ GEM
nokogiri (>= 1.2.0)
rack (>= 1.0)
rack-test (>= 0.5.3)
websocket-driver (0.7.3)
websocket-driver (0.7.1)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
zeitwerk (2.4.0)
websocket-extensions (0.1.4)
zeitwerk (2.1.9)
PLATFORMS
ruby
@@ -208,10 +207,11 @@ DEPENDENCIES
omniauth-oauth2
omniauth-openid
rails (~> 6.0.0)
rails-controller-testing!
rails-controller-testing
rdoc
responders (~> 3.0)
sqlite3 (~> 1.4)
test_after_commit
timecop
webrat (= 0.7.3)

12
lib/devise.rb
View File

@@ -297,6 +297,10 @@ module Devise
mattr_accessor :sign_in_after_change_password
@@sign_in_after_change_password = true
def self.rails51? # :nodoc:
Rails.gem_version >= Gem::Version.new("5.1.x")
end
def self.activerecord51? # :nodoc:
defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
end
@@ -498,12 +502,8 @@ module Devise
# constant-time comparison algorithm to prevent timing attacks
def self.secure_compare(a, b)
return false if a.blank? || b.blank? || a.bytesize != b.bytesize
l = a.unpack "C#{a.bytesize}"
res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
return false if a.nil? || b.nil?
ActiveSupport::SecurityUtils.secure_compare(a, b)
end
end

18
lib/devise/controllers/helpers.rb
View File

@@ -36,14 +36,14 @@ module Devise
# before_action ->{ authenticate_blogger! :admin } # Redirects to the admin login page
# current_blogger :user # Preferably returns a User if one is signed in
#
def devise_group(group_name, opts = {})
def devise_group(group_name, opts={})
mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
class_eval <<-METHODS, __FILE__, __LINE__ + 1
def authenticate_#{group_name}!(favorite = nil, opts = {})
def authenticate_#{group_name}!(favourite=nil, opts={})
unless #{group_name}_signed_in?
mappings = #{mappings}
mappings.unshift mappings.delete(favorite.to_sym) if favorite
mappings.unshift mappings.delete(favourite.to_sym) if favourite
mappings.each do |mapping|
opts[:scope] = mapping
warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
@@ -53,13 +53,13 @@ module Devise
def #{group_name}_signed_in?
#{mappings}.any? do |mapping|
warden.authenticate?(scope: mapping)
warden.authenticated?(scope: mapping)
end
end
def current_#{group_name}(favorite = nil)
def current_#{group_name}(favourite=nil)
mappings = #{mappings}
mappings.unshift mappings.delete(favorite.to_sym) if favorite
mappings.unshift mappings.delete(favourite.to_sym) if favourite
mappings.each do |mapping|
current = warden.authenticate(scope: mapping)
return current if current
@@ -113,13 +113,13 @@ module Devise
mapping = mapping.name
class_eval <<-METHODS, __FILE__, __LINE__ + 1
def authenticate_#{mapping}!(opts = {})
def authenticate_#{mapping}!(opts={})
opts[:scope] = :#{mapping}
warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
end
def #{mapping}_signed_in?
!!current_#{mapping}
!!(@current_#{mapping} || warden.authenticated?(scope: :#{mapping}))
end
def current_#{mapping}
@@ -252,7 +252,7 @@ module Devise
# Overwrite Rails' handle unverified request to sign out all scopes,
# clear run strategies and remove cached variables.
def handle_unverified_request
super # call the default behavior which resets/nullifies/raises
super # call the default behaviour which resets/nullifies/raises
request.env["devise.skip_storage"] = true
sign_out_all_scopes(false)
end

11
lib/devise/controllers/sign_in_out.rb
View File

@@ -10,9 +10,9 @@ module Devise
# cause exceptions to be thrown from this method; if you simply want to check
# if a scope has already previously been authenticated without running
# authentication hooks, you can directly call `warden.authenticated?(scope: scope)`
def signed_in?(scope = nil)
def signed_in?(scope=nil)
[scope || Devise.mappings.keys].flatten.any? do |_scope|
warden.authenticate?(scope: _scope)
warden.authenticated?(scope: _scope)
end
end
@@ -21,7 +21,7 @@ module Devise
# to the set_user method in warden.
# If you are using a custom warden strategy and the timeoutable module, you have to
# set `env["devise.skip_timeout"] = true` in the request to use this method, like we do
# in the sessions controller: https://github.com/heartcombo/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7
# in the sessions controller: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7
#
# Examples:
#
@@ -51,6 +51,7 @@ module Devise
true
else
warden.set_user(resource, options.merge!(scope: scope))
resource.update_tracked_fields!(warden.request) if resource.respond_to?(:update_tracked_fields!)
end
end
@@ -77,7 +78,7 @@ module Devise
# sign_out :user # sign_out(scope)
# sign_out @user # sign_out(resource)
#
def sign_out(resource_or_scope = nil)
def sign_out(resource_or_scope=nil)
return sign_out_all_scopes unless resource_or_scope
scope = Devise::Mapping.find_scope!(resource_or_scope)
user = warden.user(scope: scope, run_callbacks: false) # If there is no user
@@ -92,7 +93,7 @@ module Devise
# Sign out all active users or scopes. This helper is useful for signing out all roles
# in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
# and false if there was no user logged in on all scopes.
def sign_out_all_scopes(lock = true)
def sign_out_all_scopes(lock=true)
users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
warden.logout

2
lib/devise/controllers/url_helpers.rb
View File

@@ -34,7 +34,7 @@ module Devise
end
end
def self.generate_helpers!(routes = nil)
def self.generate_helpers!(routes=nil)
routes ||= begin
mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
Devise::URL_HELPERS.slice(*mappings)

10
lib/devise/failure_app.rb
View File

@@ -71,6 +71,7 @@ module Devise
end
flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
# self.response = recall_app(warden_options[:recall]).call(env)
self.response = recall_app(warden_options[:recall]).call(request.env)
end
@@ -102,11 +103,14 @@ module Devise
options[:scope] = "devise.failure"
options[:default] = [message]
auth_keys = scope_class.authentication_keys
keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) }
keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key).downcase }
options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector"))
options = i18n_options(options)
translated_message = I18n.t(:"#{scope}.#{message}", options)
I18n.t(:"#{scope}.#{message}", **options)
# only call `#humanize` when the message is `:invalid` to ensure the original format
# of other messages - like `:does_not_exist` - is kept.
message == :invalid ? translated_message.humanize : translated_message
else
message.to_s
end
@@ -151,7 +155,7 @@ module Devise
# We need to add the rootpath to `script_name` manually for applications that use a Rails
# version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines
# that use Devise. Remove it when the support of Rails 5.0 is dropped.
# that use Devise. Remove it when the support of Rails 5.0 is droped.
elsif root_path_defined?(context) && !rails_51_and_up?
rootpath = context.routes.url_helpers.root_path
opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1

4
lib/devise/hooks/timeoutable.rb
View File

@@ -21,8 +21,8 @@ Warden::Manager.after_set_user do |record, warden, options|
proxy = Devise::Hooks::Proxy.new(warden)
if !env['devise.skip_timeout'] &&
record.timedout?(last_request_at) &&
if record.timedout?(last_request_at) &&
!env['devise.skip_timeout'] &&
!proxy.remember_me_is_active?(record)
Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)
throw :warden, scope: scope, message: :timeout

11
lib/devise/hooks/trackable.rb
View File

@@ -1,11 +0,0 @@
# frozen_string_literal: true
# After each sign in, update sign in time, sign in count and sign in IP.
# This is only triggered when the user is explicitly set (with set_user)
# and on authentication. Retrieving the user from session (:fetch) does
# not trigger it.
Warden::Manager.after_set_user except: :fetch do |record, warden, options|
if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_trackable']
record.update_tracked_fields!(warden.request)
end
end

2
lib/devise/mapping.rb
View File

@@ -46,7 +46,7 @@ module Devise
raise "Could not find a valid mapping for #{obj.inspect}"
end
def self.find_by_path!(path, path_type = :fullpath)
def self.find_by_path!(path, path_type=:fullpath)
Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) }
raise "Could not find a valid mapping for path #{path.inspect}"
end

23
lib/devise/models/authenticatable.rb
View File

@@ -104,7 +104,7 @@ module Devise
# given to :except will simply add names to exempt to Devise internal list.
def serializable_hash(options = nil)
options = options.try(:dup) || {}
options[:except] = Array(options[:except]).dup
options[:except] = Array(options[:except])
if options[:force_except]
options[:except].concat Array(options[:force_except])
@@ -152,8 +152,7 @@ module Devise
# # If the record is new or changed then delay the
# # delivery until the after_commit callback otherwise
# # send now because after_commit will not be called.
# # For Rails < 6 use `changed?` instead of `saved_changes?`.
# if new_record? || saved_changes?
# if new_record? || changed?
# pending_devise_notifications << [notification, args]
# else
# render_and_send_devise_message(notification, *args)
@@ -183,11 +182,8 @@ module Devise
# # Deliver later with Active Job's `deliver_later`
# if message.respond_to?(:deliver_later)
# message.deliver_later
# # Remove once we move to Rails 4.2+ only, as `deliver` is deprecated.
# elsif message.respond_to?(:deliver_now)
# message.deliver_now
# else
# message.deliver
# message.deliver_now
# end
# end
#
@@ -195,12 +191,7 @@ module Devise
#
def send_devise_notification(notification, *args)
message = devise_mailer.send(notification, self, *args)
# Remove once we move to Rails 4.2+ only.
if message.respond_to?(:deliver_now)
message.deliver_now
else
message.deliver
end
message.deliver_now
end
def downcase_keys
@@ -272,17 +263,17 @@ module Devise
find_first_by_auth_conditions(tainted_conditions)
end
def find_first_by_auth_conditions(tainted_conditions, opts = {})
def find_first_by_auth_conditions(tainted_conditions, opts={})
to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts))
end
# Find or initialize a record setting an error if it can't be found.
def find_or_initialize_with_error_by(attribute, value, error = :invalid) #:nodoc:
def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
find_or_initialize_with_errors([attribute], { attribute => value }, error)
end
# Find or initialize a record with group of attributes based on a list of required attributes.
def find_or_initialize_with_errors(required_attributes, attributes, error = :invalid) #:nodoc:
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
attributes.try(:permit!)
attributes = attributes.to_h.with_indifferent_access
.slice(*required_attributes)

4
lib/devise/models/confirmable.rb
View File

@@ -76,7 +76,7 @@ module Devise
# Confirm a user by setting it's confirmed_at to actual time. If the user
# is already confirmed, add an error to email field. If the user is invalid
# add errors
def confirm(args = {})
def confirm(args={})
pending_any_confirmation do
if confirmation_period_expired?
self.errors.add(:email, :confirmation_period_expired,
@@ -334,7 +334,7 @@ module Devise
# confirmation instructions to it. If not, try searching for a user by unconfirmed_email
# field. If no user is found, returns a new user with an email not found error.
# Options must contain the user email
def send_confirmation_instructions(attributes = {})
def send_confirmation_instructions(attributes={})
confirmable = find_by_unconfirmed_email_with_errors(attributes) if reconfirmable
unless confirmable.try(:persisted?)
confirmable = find_or_initialize_with_errors(confirmation_keys, attributes, :not_found)

34
lib/devise/models/database_authenticatable.rb
View File

@@ -7,10 +7,6 @@ module Devise
# Authenticatable Module, responsible for hashing the password and
# validating the authenticity of a user while signing in.
#
# This module defines a `password=` method. This method will hash the argument
# and store it in the `encrypted_password` column, bypassing any pre-existing
# `password` column if it exists.
#
# == Options
#
# DatabaseAuthenticatable adds the following options to devise_for:
@@ -84,16 +80,7 @@ module Devise
# users to change relevant information like the e-mail without changing
# their password). In case the password field is rejected, the confirmation
# is also rejected as long as it is also blank.
def update_with_password(params, *options)
if options.present?
ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
[Devise] The second argument of `DatabaseAuthenticatable#update_with_password`
(`options`) is deprecated and it will be removed in the next major version.
It was added to support a feature deprecated in Rails 4, so you can safely remove it
from your code.
DEPRECATION
end
def update_with_password(params)
current_password = params.delete(:current_password)
if params[:password].blank?
@@ -102,9 +89,9 @@ module Devise
end
result = if valid_password?(current_password)
update(params, *options)
update(params)
else
assign_attributes(params, *options)
assign_attributes(params)
valid?
errors.add(:current_password, current_password.blank? ? :blank : :invalid)
false
@@ -126,20 +113,11 @@ module Devise
# super(params)
# end
#
def update_without_password(params, *options)
if options.present?
ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
[Devise] The second argument of `DatabaseAuthenticatable#update_without_password`
(`options`) is deprecated and it will be removed in the next major version.
It was added to support a feature deprecated in Rails 4, so you can safely remove it
from your code.
DEPRECATION
end
def update_without_password(params)
params.delete(:password)
params.delete(:password_confirmation)
result = update(params, *options)
result = update(params)
clean_up_passwords
result
end
@@ -199,7 +177,7 @@ module Devise
# Hashes the password using bcrypt. Custom hash functions should override
# this method to apply their own algorithm.
#
# See https://github.com/heartcombo/devise-encryptable for examples
# See https://github.com/plataformatec/devise-encryptable for examples
# of other hashing engines.
def password_digest(password)
Devise::Encryptor.digest(self.class, password)

12
lib/devise/models/lockable.rb
View File

@@ -122,7 +122,15 @@ module Devise
if Devise.paranoid
super
elsif access_locked? || (lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?)
:locked
if unlock_strategy_enabled?(:both)
'locked.both'.to_sym
elsif unlock_strategy_enabled?(:email)
'locked.email'.to_sym
elsif unlock_strategy_enabled?(:time)
'locked.time'.to_sym
else
'locked.none'.to_sym
end
elsif lock_strategy_enabled?(:failed_attempts) && last_attempt? && self.class.last_attempt_warning
:last_attempt
else
@@ -168,7 +176,7 @@ module Devise
# unlock instructions to it. If not user is found, returns a new user
# with an email not found error.
# Options must contain the user's unlock keys
def send_unlock_instructions(attributes = {})
def send_unlock_instructions(attributes={})
lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found)
lockable.resend_unlock_instructions if lockable.persisted?
lockable

4
lib/devise/models/recoverable.rb
View File

@@ -131,7 +131,7 @@ module Devise
# password instructions to it. If user is not found, returns a new user
# with an email not found error.
# Attributes must contain the user's email
def send_reset_password_instructions(attributes = {})
def send_reset_password_instructions(attributes={})
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
recoverable.send_reset_password_instructions if recoverable.persisted?
recoverable
@@ -142,7 +142,7 @@ module Devise
# try saving the record. If not user is found, returns a new user
# containing an error in reset_password_token attribute.
# Attributes must contain reset_password_token, password and confirmation
def reset_password_by_token(attributes = {})
def reset_password_by_token(attributes={})
original_token = attributes[:reset_password_token]
reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)

2
lib/devise/models/rememberable.rb
View File

@@ -102,7 +102,7 @@ module Devise
def remember_me?(token, generated_at)
# TODO: Normalize the JSON type coercion along with the Timeoutable hook
# in a single place https://github.com/heartcombo/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
# in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
if generated_at.is_a?(String)
generated_at = time_from_json(generated_at)
end

11
lib/devise/models/trackable.rb
View File

@@ -1,7 +1,5 @@
# frozen_string_literal: true
require 'devise/hooks/trackable'
module Devise
module Models
# Track information about your user sign in. It tracks the following columns:
@@ -33,9 +31,11 @@ module Devise
def update_tracked_fields!(request)
# We have to check if the user is already persisted before running
# `save` here because invalid users can be saved if we don't.
# See https://github.com/heartcombo/devise/issues/4673 for more details.
# See https://github.com/plataformatec/devise/issues/4673 for more details.
return if new_record?
return if skip_trackable_and_not_active_for_authentication?(request)
update_tracked_fields(request)
save(validate: false)
end
@@ -46,6 +46,11 @@ module Devise
request.remote_ip
end
private
def skip_trackable_and_not_active_for_authentication?(request)
request.env['devise.skip_trackable'] || !active_for_authentication?
end
end
end
end

3
lib/devise/parameter_sanitizer.rb
View File

@@ -130,8 +130,7 @@ module Devise
#
# Returns an +ActiveSupport::HashWithIndifferentAccess+.
def cast_to_hash(params)
# TODO: Remove the `with_indifferent_access` method call when we only support Rails 5+.
params && params.to_h.with_indifferent_access
params && params.to_h
end
def default_params

8
lib/devise/rails/routes.rb
View File

@@ -287,7 +287,7 @@ module ActionDispatch::Routing
# root to: "admin/dashboard#show", as: :user_root
# end
#
def authenticate(scope = nil, block = nil)
def authenticate(scope=nil, block=nil)
constraints_for(:authenticate!, scope, block) do
yield
end
@@ -311,7 +311,7 @@ module ActionDispatch::Routing
#
# root to: 'landing#show'
#
def authenticated(scope = nil, block = nil)
def authenticated(scope=nil, block=nil)
constraints_for(:authenticate?, scope, block) do
yield
end
@@ -328,7 +328,7 @@ module ActionDispatch::Routing
#
# root to: 'dashboard#show'
#
def unauthenticated(scope = nil)
def unauthenticated(scope=nil)
constraint = lambda do |request|
not request.env["warden"].authenticate? scope: scope
end
@@ -474,7 +474,7 @@ ERROR
@scope = current_scope
end
def constraints_for(method_to_apply, scope = nil, block = nil)
def constraints_for(method_to_apply, scope=nil, block=nil)
constraint = lambda do |request|
request.env['warden'].send(method_to_apply, scope: scope) &&
(block.nil? || block.call(request.env["warden"].user(scope)))

1
lib/devise/strategies/database_authenticatable.rb
View File

@@ -12,6 +12,7 @@ module Devise
if validate(resource){ hashed = true; resource.valid_password?(password) }
remember_me(resource)
resource.update_tracked_fields!(request) if resource.respond_to?(:update_tracked_fields!)
resource.after_database_authentication
success!(resource)
end

5
lib/devise/test/controller_helpers.rb
View File

@@ -37,8 +37,6 @@ module Devise
@response
end
ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true)
# We need to set up the environment variables and the response in the controller.
def setup_controller_for_warden #:nodoc:
@request.env['action_controller.instance'] = @controller
@@ -141,9 +139,8 @@ module Devise
status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
@controller.response.headers.merge!(headers)
@controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5
@controller.status = status
@controller.response_body = response.body
@controller.response.body = response.body
nil # causes process return @response
end

2
lib/devise/test/integration_helpers.rb
View File

@@ -28,7 +28,7 @@ module Devise
end
end
# Signs in a specific resource, mimicking a successful sign in
# Signs in a specific resource, mimicking a successfull sign in
# operation through +Devise::SessionsController#create+.
#
# * +resource+ - The resource that should be authenticated

2
lib/devise/version.rb
View File

@@ -1,5 +1,5 @@
# frozen_string_literal: true
module Devise
VERSION = "4.7.3".freeze
VERSION = "4.7.1".freeze
end

10
lib/generators/active_record/devise_generator.rb
View File

@@ -82,23 +82,17 @@ RUBY
postgresql?
end
def rails5_and_up?
Rails::VERSION::MAJOR >= 5
end
def postgresql?
config = ActiveRecord::Base.configurations[Rails.env]
config && config['adapter'] == 'postgresql'
end
def migration_version
if rails5_and_up?
"[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
end
"[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
end
def primary_key_type
primary_key_string if rails5_and_up?
primary_key_string
end
def primary_key_string

2
lib/generators/devise/devise_generator.rb
View File

@@ -13,7 +13,7 @@ module Devise
desc "Generates a model with the given NAME (if one does not exist) with devise " \
"configuration plus a migration file and devise routes."
hook_for :orm, required: true
hook_for :orm
class_option :routes, desc: "Generate routes", type: :boolean, default: true

2
lib/generators/devise/install_generator.rb
View File

@@ -11,7 +11,7 @@ module Devise
source_root File.expand_path("../../templates", __FILE__)
desc "Creates a Devise initializer and copy locale files to your application."
class_option :orm, required: true
class_option :orm
def copy_initializer
unless options[:orm]

2
lib/generators/devise/views_generator.rb
View File

@@ -42,7 +42,7 @@ module Devise
def view_directory(name, _target_path = nil)
directory name.to_s, _target_path || "#{target_path}/#{name}" do |content|
if scope
content.gsub("devise/shared", "#{plural_scope}/shared")
content.gsub("devise/shared/links", "#{plural_scope}/shared/links").gsub("devise/shared/error_messages", "#{plural_scope}/shared/error_messages")
else
content
end

10
lib/generators/templates/README
View File

@@ -1,6 +1,6 @@
===============================================================================
Depending on your application's configuration some manual setup may be required:
Some setup you must do manually if you haven't yet:
1. Ensure you have defined default url options in your environments files. Here
is an example of default_url_options appropriate for a development environment
@@ -10,14 +10,10 @@ Depending on your application's configuration some manual setup may be required:
In production, :host should be set to the actual host of your application.
* Required for all applications. *
2. Ensure you have defined root_url to *something* in your config/routes.rb.
For example:
root to: "home#index"
* Not required for API-only Applications *
3. Ensure you have flash messages in app/views/layouts/application.html.erb.
For example:
@@ -25,12 +21,8 @@ Depending on your application's configuration some manual setup may be required:
<p class="notice"><%= notice %></p>
<p class="alert"><%= alert %></p>
* Not required for API-only Applications *
4. You can copy Devise views (for customization) to your app by running:
rails g devise:views
* Not required *
===============================================================================

2
lib/generators/templates/controllers/omniauth_callbacks_controller.rb
View File

@@ -9,7 +9,7 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback
# end
# More info at:
# https://github.com/heartcombo/devise#omniauth
# https://github.com/plataformatec/devise#omniauth
# GET|POST /resource/auth/twitter
# def passthru

14
lib/generators/templates/devise.rb
View File

@@ -1,11 +1,5 @@
# frozen_string_literal: true
# Assuming you have not yet modified this file, each configuration option below
# is set to its default value. Note that some are commented out while others
# are not: uncommented lines are intended to protect your configuration from
# breaking changes in upgrades (i.e., in the event that future versions of
# Devise change the default values for those options).
#
# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
@@ -74,10 +68,7 @@ Devise.setup do |config|
# Tell if authentication through HTTP Auth is enabled. False by default.
# It can be set to an array that will enable http authentication only for the
# given strategies, for example, `config.http_authenticatable = [:database]` will
# enable it only for database authentication.
# For API-only applications to support authentication "out-of-the-box", you will likely want to
# enable this with :database unless you are using a custom strategy.
# The supported strategies are:
# enable it only for database authentication. The supported strategies are:
# :database = Support basic authentication with authentication key + password
# config.http_authenticatable = false
@@ -114,9 +105,6 @@ Devise.setup do |config|
# ==> Configuration for :database_authenticatable
# For bcrypt, this is the cost for hashing the password and defaults to 12. If
# using other algorithms, it sets how many times you want the password to be hashed.
# The number of stretches used for generating the hashed password are stored
# with the hashed password. This allows you to change the stretches without
# invalidating existing passwords.
#
# Limiting the stretches to just one in testing will increase the performance of
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use

10
test/controllers/custom_strategy_test.rb
View File

@@ -42,7 +42,9 @@ class CustomStrategyTest < Devise::ControllerTestCase
test "custom strategy can return its own status code" do
ret = get :new
# check the returned response
# check the returned rack array
# assert ret.is_a?(Array)
# assert_equal 400, ret.first
assert ret.is_a?(ActionDispatch::TestResponse)
# check the saved response as well. This is purely so that the response is available to the testing framework
@@ -53,10 +55,12 @@ class CustomStrategyTest < Devise::ControllerTestCase
test "custom strategy can return custom headers" do
ret = get :new
# check the returned response
# check the returned rack array
# assert ret.is_a?(Array)
# assert_equal ret.third['X-FOO'], 'BAR'
assert ret.is_a?(ActionDispatch::TestResponse)
# check the saved response headers as well.
assert_equal 'BAR', response.headers['X-FOO']
assert_equal response.headers['X-FOO'], 'BAR'
end
end

26
test/controllers/helpers_test.rb
View File

@@ -15,21 +15,21 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
assert_equal @mock_warden, @controller.warden
end
test 'proxy signed_in?(scope) to authenticate?' do
@mock_warden.expects(:authenticate?).with(scope: :my_scope)
test 'proxy signed_in?(scope) to authenticated?' do
@mock_warden.expects(:authenticated?).with(scope: :my_scope)
@controller.signed_in?(:my_scope)
end
test 'proxy signed_in?(nil) to authenticate?' do
test 'proxy signed_in?(nil) to authenticated?' do
Devise.mappings.keys.each do |scope| # :user, :admin, :manager
@mock_warden.expects(:authenticate?).with(scope: scope)
@mock_warden.expects(:authenticated?).with(scope: scope)
end
@controller.signed_in?
end
test 'proxy [group]_signed_in? to authenticate? with each scope' do
test 'proxy [group]_signed_in? to authenticated? with each scope' do
[:user, :admin].each do |scope|
@mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
@mock_warden.expects(:authenticated?).with(scope: scope).returns(false)
end
@controller.commenter_signed_in?
end
@@ -81,7 +81,7 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
test 'proxy authenticate_[group]! to authenticate!? with each scope' do
[:user, :admin].each do |scope|
@mock_warden.expects(:authenticate!).with(scope: scope)
@mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
@mock_warden.expects(:authenticated?).with(scope: scope).returns(false)
end
@controller.authenticate_commenter!
end
@@ -91,18 +91,18 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
@controller.authenticate_publisher_account!
end
test 'proxy user_signed_in? to authenticate with user scope' do
@mock_warden.expects(:authenticate).with(scope: :user).returns("user")
test 'proxy user_signed_in? to authenticated? with user scope' do
@mock_warden.expects(:authenticated?).with(scope: :user).returns("user")
assert @controller.user_signed_in?
end
test 'proxy admin_signed_in? to authenticatewith admin scope' do
@mock_warden.expects(:authenticate).with(scope: :admin)
test 'proxy admin_signed_in? to authenticated? with admin scope' do
@mock_warden.expects(:authenticated?).with(scope: :admin)
refute @controller.admin_signed_in?
end
test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do
@mock_warden.expects(:authenticate).with(scope: :publisher_account)
test 'proxy publisher_account_signed_in? to authenticated? with namespaced publisher account scope' do
@mock_warden.expects(:authenticated?).with(scope: :publisher_account)
@controller.publisher_account_signed_in?
end

2
test/controllers/internal_helpers_test.rb
View File

@@ -51,7 +51,7 @@ class HelpersTest < Devise::ControllerTestCase
end
test 'resources methods are not controller actions' do
assert_empty @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }
assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty?
end
test 'require no authentication tests current mapping' do

4
test/controllers/load_hooks_controller_test.rb
View File

@@ -16,6 +16,6 @@ class LoadHooksControllerTest < Devise::ControllerTestCase
end
test 'load hook called when controller is loaded' do
assert_includes DeviseController.instance_methods, :defined_by_load_hook
assert DeviseController.instance_methods.include? :defined_by_load_hook
end
end
end

6
test/controllers/passwords_controller_test.rb
View File

@@ -36,4 +36,10 @@ class PasswordsControllerTest < Devise::ControllerTestCase
User.any_instance.expects :after_database_authentication
put_update_with_params
end
test 'redirects to new_password_path when token has expired' do
@user.update(reset_password_sent_at: Time.now - 1.year)
put_update_with_params
assert_redirected_to new_user_password_path
end
end

13
test/controllers/sessions_controller_test.rb
View File

@@ -74,7 +74,7 @@ class SessionsControllerTest < Devise::ControllerTestCase
assert_template "devise/sessions/new"
end
test "#destroy doesn't set the flash if the requested format is not navigational" do
test "#destroy doesn't set the flash and returns 204 status if the requested format is not navigational" do
request.env["devise.mapping"] = Devise.mappings[:user]
user = create_user
user.confirm
@@ -88,6 +88,17 @@ class SessionsControllerTest < Devise::ControllerTestCase
assert_equal 204, @response.status
end
test "#destroy returns 401 status if user is not signed in and the requested format is not navigational" do
delete :destroy, format: 'json'
assert_equal 401, @response.status
end
test "#destroy returns 302 status if user is not signed in and the requested format is navigational" do
request.env["devise.mapping"] = Devise.mappings[:user]
delete :destroy
assert_equal 302, @response.status
end
if defined?(ActiveRecord) && ActiveRecord::Base.respond_to?(:mass_assignment_sanitizer)
test "#new doesn't raise mass-assignment exception even if sign-in key is attr_protected" do
request.env["devise.mapping"] = Devise.mappings[:user]

2
test/controllers/url_helpers_test.rb
View File

@@ -5,7 +5,7 @@ require 'test_helper'
class RoutesTest < Devise::ControllerTestCase
tests ApplicationController
def assert_path_and_url(name, prepend_path = nil)
def assert_path_and_url(name, prepend_path=nil)
@request.path = '/users/session'
prepend_path = "#{prepend_path}_" if prepend_path

5
test/devise_test.rb
View File

@@ -90,11 +90,14 @@ class DeviseTest < ActiveSupport::TestCase
[nil, ""].each do |empty|
refute Devise.secure_compare(empty, "something")
refute Devise.secure_compare("something", empty)
refute Devise.secure_compare(empty, empty)
end
refute Devise.secure_compare("size_1", "size_four")
end
test 'Devise.secure_compare should return true if strings are same' do
assert Devise.secure_compare('', '')
end
test 'Devise.email_regexp should match valid email addresses' do
valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua", "test@tt", "test@valid---domain.com"]
non_valid_emails = ["rex", "test user@example.com", "test_user@example server.com"]

40
test/failure_app_test.rb
View File

@@ -73,7 +73,7 @@ class FailureTest < ActiveSupport::TestCase
instance_eval(&block)
end
def call_failure(env_params = {})
def call_failure(env_params={})
env = {
'REQUEST_URI' => 'http://test.host/',
'HTTP_HOST' => 'test.host',
@@ -185,17 +185,27 @@ class FailureTest < ActiveSupport::TestCase
test 'uses the proxy failure message as symbol' do
call_failure('warden' => OpenStruct.new(message: :invalid))
assert_equal 'Invalid Email or password.', @request.flash[:alert]
assert_equal 'Invalid email or password.', @request.flash[:alert]
assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
end
test 'supports authentication_keys as a Hash for the flash message' do
swap Devise, authentication_keys: { email: true, login: true } do
call_failure('warden' => OpenStruct.new(message: :invalid))
assert_equal 'Invalid Email, Login or password.', @request.flash[:alert]
assert_equal 'Invalid email, login or password.', @request.flash[:alert]
end
end
test 'downcases authentication_keys for the flash message' do
call_failure('warden' => OpenStruct.new(message: :invalid))
assert_equal 'Invalid email or password.', @request.flash[:alert]
end
test 'humanizes the flash message' do
call_failure('warden' => OpenStruct.new(message: :invalid))
assert_equal @request.flash[:alert], @request.flash[:alert].humanize
end
test 'uses custom i18n options' do
call_failure('warden' => OpenStruct.new(message: :does_not_exist), app: FailureWithI18nOptions)
assert_equal 'User Steve does not exist', @request.flash[:alert]
@@ -278,7 +288,7 @@ class FailureTest < ActiveSupport::TestCase
test 'uses the failure message as response body' do
call_failure('formats' => Mime[:xml], 'warden' => OpenStruct.new(message: :invalid))
assert_match '<error>Invalid Email or password.</error>', @response.third.body
assert_match '<error>Invalid email or password.</error>', @response.third.body
end
context 'on ajax call' do
@@ -326,8 +336,8 @@ class FailureTest < ActiveSupport::TestCase
"warden" => stub_everything
}
call_failure(env)
assert_includes @response.third.body, '<h2>Log in</h2>'
assert_includes @response.third.body, 'Invalid Email or password.'
assert @response.third.body.include?('<h2>Log in</h2>')
assert @response.third.body.include?('Invalid email or password.')
end
test 'calls the original controller if not confirmed email' do
@@ -337,8 +347,8 @@ class FailureTest < ActiveSupport::TestCase
"warden" => stub_everything
}
call_failure(env)
assert_includes @response.third.body, '<h2>Log in</h2>'
assert_includes @response.third.body, 'You have to confirm your email address before continuing.'
assert @response.third.body.include?('<h2>Log in</h2>')
assert @response.third.body.include?('You have to confirm your email address before continuing.')
end
test 'calls the original controller if inactive account' do
@@ -348,8 +358,8 @@ class FailureTest < ActiveSupport::TestCase
"warden" => stub_everything
}
call_failure(env)
assert_includes @response.third.body, '<h2>Log in</h2>'
assert_includes @response.third.body, 'Your account is not activated yet.'
assert @response.third.body.include?('<h2>Log in</h2>')
assert @response.third.body.include?('Your account is not activated yet.')
end
if Rails.application.config.respond_to?(:relative_url_root)
@@ -361,10 +371,10 @@ class FailureTest < ActiveSupport::TestCase
"warden" => stub_everything
}
call_failure(env)
assert_includes @response.third.body, '<h2>Log in</h2>'
assert_includes @response.third.body, 'Invalid Email or password.'
assert_equal '/sample', @request.env["SCRIPT_NAME"]
assert_equal '/users/sign_in', @request.env["PATH_INFO"]
assert @response.third.body.include?('<h2>Log in</h2>')
assert @response.third.body.include?('Invalid email or password.')
assert_equal @request.env["SCRIPT_NAME"], '/sample'
assert_equal @request.env["PATH_INFO"], '/users/sign_in'
end
end
end
@@ -372,7 +382,7 @@ class FailureTest < ActiveSupport::TestCase
context "Lazy loading" do
test "loads" do
assert_equal "yes it does", Devise::FailureApp.new.lazy_loading_works?
assert_equal Devise::FailureApp.new.lazy_loading_works?, "yes it does"
end
end
context "Without Flash Support" do

7
test/generators/active_record_generator_test.rb
View File

@@ -48,7 +48,6 @@ if DEVISE_ORM == :active_record
run_generator %w(monster)
assert_file "app/models/monster.rb"
run_generator %w(monster)
if Rails.version >= '5.0.3'
assert_migration "db2/migrate/add_devise_to_monsters.rb"
else
@@ -84,11 +83,7 @@ if DEVISE_ORM == :active_record
test "add primary key type with rails 5 when specified in rails generator" do
run_generator ["monster", "--primary_key_type=uuid"]
if Devise::Test.rails5_and_up?
assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/
else
assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters do/
end
assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/
end
end

2
test/generators/views_generator_test.rb
View File

@@ -77,7 +77,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
assert_file "app/views/devise/mailer/reset_password_instructions.markerb"
end
def assert_files(scope = nil, options = {})
def assert_files(scope = nil, options={})
scope = "devise" if scope.nil?
mail_template_engine = options[:mail_template_engine] || "html.erb"

18
test/integration/authenticatable_test.rb
View File

@@ -321,15 +321,7 @@ class AuthenticationRedirectTest < Devise::IntegrationTest
test 'require_no_authentication should set the already_authenticated flash message' do
sign_in_as_user
visit new_user_session_path
assert_equal I18n.t("devise.failure.already_authenticated"), flash[:alert]
end
test 'require_no_authentication should set the already_authenticated flash message as admin' do
store_translations :en, devise: { failure: { admin: { already_authenticated: 'You are already signed in as admin.' } } } do
sign_in_as_admin
visit new_admin_session_path
assert_equal "You are already signed in as admin.", flash[:alert]
end
assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated")
end
end
@@ -496,7 +488,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
create_user
post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
assert_response :success
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
end
test 'sign in with xml format is idempotent' do
@@ -512,7 +504,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
assert_response :success
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
end
test 'sign out with html redirects' do
@@ -565,7 +557,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest
test 'missing authentication keys cause authentication to abort' do
swap Devise, authentication_keys: [:subdomain] do
sign_in_as_user
assert_contain "Invalid Subdomain or password."
assert_contain "Invalid subdomain or password."
refute warden.authenticated?(:user)
end
end
@@ -604,7 +596,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest
swap Devise, request_keys: [:subdomain] do
sign_in_as_user
assert_contain "Invalid Email or password."
assert_contain "Invalid email or password."
refute warden.authenticated?(:user)
end
end

14
test/integration/confirmable_test.rb
View File

@@ -142,7 +142,7 @@ class ConfirmationTest < Devise::IntegrationTest
fill_in 'password', with: 'invalid'
end
assert_contain 'Invalid Email or password'
assert_contain 'Invalid email or password'
refute warden.authenticated?(:user)
end
end
@@ -218,28 +218,28 @@ class ConfirmationTest < Devise::IntegrationTest
user = create_user(confirm: false)
post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } }
assert_response :success
assert_equal({}.to_xml, response.body)
assert_equal response.body, {}.to_xml
end
test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
create_user(confirm: false)
post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } }
assert_response :unprocessable_entity
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end
test 'confirm account with valid confirmation token in XML format should return valid response' do
user = create_user(confirm: false)
get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml')
assert_response :success
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
end
test 'confirm account with invalid confirmation token in XML format should return invalid response' do
create_user(confirm: false)
get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml')
assert_response :unprocessable_entity
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end
test 'request an account confirmation account with JSON, should return an empty JSON' do
@@ -247,7 +247,7 @@ class ConfirmationTest < Devise::IntegrationTest
post user_confirmation_path, params: { user: { email: user.email }, format: :json }
assert_response :success
assert_equal({}.to_json, response.body)
assert_equal response.body, {}.to_json
end
test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do
@@ -282,7 +282,7 @@ class ConfirmationTest < Devise::IntegrationTest
end
class ConfirmationOnChangeTest < Devise::IntegrationTest
def create_second_admin(options = {})
def create_second_admin(options={})
@admin = nil
create_admin(options)
end

8
test/integration/database_authenticatable_test.rb
View File

@@ -65,12 +65,12 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest
end
end
test 'sign in with invalid password should return to sign in form with error message' do
test 'sign in with invalid pasword should return to sign in form with error message' do
sign_in_as_admin do
fill_in 'password', with: 'abcdef'
end
assert_contain 'Invalid Email or password'
assert_contain 'Invalid email or password'
refute warden.authenticated?(:admin)
end
@@ -80,9 +80,9 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest
sign_in_as_user do
fill_in 'email', with: 'wrongemail@test.com'
end
assert_not_contain 'Not found in database'
assert_contain 'Invalid Email or password.'
assert_contain 'Invalid email or password.'
end
end
end

4
test/integration/http_authenticatable_test.rb
View File

@@ -52,7 +52,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
sign_in_as_new_user_with_http("unknown")
assert_equal 401, status
assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
assert_match "<error>Invalid Email or password.</error>", response.body
assert_match "<error>Invalid email or password.</error>", response.body
end
test 'returns a custom response with www-authenticate and chosen realm' do
@@ -99,7 +99,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
end
private
def sign_in_as_new_user_with_http(username = "user@test.com", password = "12345678")
def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
user = create_user
get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
user

18
test/integration/lockable_test.rb
View File

@@ -99,12 +99,12 @@ class LockTest < Devise::IntegrationTest
sign_in_as_user(password: "invalid")
assert_contain 'Your account is locked.'
assert_empty ActionMailer::Base.deliveries
assert ActionMailer::Base.deliveries.empty?
end
test 'error message is configurable by resource name' do
store_translations :en, devise: {
failure: {user: {locked: "You are locked!"}}
failure: {user: {locked: { both: "You are locked!" }}}
} do
user = create_user(locked: true)
@@ -118,7 +118,7 @@ class LockTest < Devise::IntegrationTest
test "user should not be able to sign in when locked" do
store_translations :en, devise: {
failure: {user: {locked: "You are locked!"}}
failure: {user: {locked: {both: "You are locked!"}}}
} do
user = create_user(locked: true)
@@ -136,7 +136,8 @@ class LockTest < Devise::IntegrationTest
post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
assert_response :success
assert_equal({}.to_xml, response.body)
assert_equal response.body, {}.to_xml
assert_equal 1, ActionMailer::Base.deliveries.size
end
@@ -146,7 +147,7 @@ class LockTest < Devise::IntegrationTest
post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
assert_response :unprocessable_entity
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert_equal 0, ActionMailer::Base.deliveries.size
end
@@ -156,20 +157,21 @@ class LockTest < Devise::IntegrationTest
assert user.access_locked?
get user_unlock_path(format: 'xml', unlock_token: raw)
assert_response :success
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
end
test 'user with invalid unlock token should not be able to unlock the account via XML request' do
get user_unlock_path(format: 'xml', unlock_token: 'invalid_token')
assert_response :unprocessable_entity
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end
test "when using json to ask a unlock request, should not return the user" do
user = create_user(locked: true)
post user_unlock_path(format: "json", user: {email: user.email})
assert_response :success
assert_equal({}.to_json, response.body)
assert_equal response.body, {}.to_json
end
test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do

38
test/integration/recoverable_test.rb
View File

@@ -21,7 +21,7 @@ class PasswordTest < Devise::IntegrationTest
click_button 'Send me reset password instructions'
end
def reset_password(options = {}, &block)
def reset_password(options={}, &block)
unless options[:visit] == false
visit edit_user_password_path(reset_password_token: options[:reset_password_token] || "abcdef")
assert_response :success
@@ -33,17 +33,6 @@ class PasswordTest < Devise::IntegrationTest
click_button 'Change my password'
end
test 'reset password should send to user record email and avoid case mapping collisions' do
create_user(email: 'user@github.com')
request_forgot_password do
fill_in 'email', with: 'user@gıthub.com'
end
mail = ActionMailer::Base.deliveries.last
assert_equal ['user@github.com'], mail.to
end
test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do
create_user(email: 'Foo@Bar.com')
@@ -163,6 +152,19 @@ class PasswordTest < Devise::IntegrationTest
refute user.reload.valid_password?('987654321')
end
test 'not authenticated user with expired reset password token should be redirected to new password path' do
user = create_user
request_forgot_password
user.update(reset_password_sent_at: Time.now - 1.year)
visit edit_user_password_path(reset_password_token: 'abcdef')
fill_in 'New password', with: '987654321'
fill_in 'Confirm new password', with: '987654321'
click_button 'Change my password'
assert_contain 'The password recovery link expired. Please request a new one.'
end
test 'not authenticated user with valid reset password token but invalid password should not be able to change their password' do
user = create_user
request_forgot_password
@@ -265,14 +267,14 @@ class PasswordTest < Devise::IntegrationTest
create_user
post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} }
assert_response :success
assert_equal({}.to_xml, response.body)
assert_equal response.body, { }.to_xml
end
test 'reset password request with invalid E-Mail in XML format should return valid response' do
create_user
post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} }
assert_response :unprocessable_entity
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end
test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
@@ -280,7 +282,7 @@ class PasswordTest < Devise::IntegrationTest
create_user
post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} }
assert_response :success
assert_equal({}.to_xml, response.body)
assert_equal response.body, { }.to_xml
end
end
@@ -300,7 +302,7 @@ class PasswordTest < Devise::IntegrationTest
request_forgot_password
put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} }
assert_response :unprocessable_entity
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end
test 'change password with invalid new password in XML format should return invalid response' do
@@ -308,7 +310,7 @@ class PasswordTest < Devise::IntegrationTest
request_forgot_password
put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} }
assert_response :unprocessable_entity
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end
test "when using json requests to ask a confirmable request, should not return the object" do
@@ -317,7 +319,7 @@ class PasswordTest < Devise::IntegrationTest
post user_password_path(format: :json), params: { user: { email: user.email } }
assert_response :success
assert_equal "{}", response.body
assert_equal response.body, "{}"
end
test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do

24
test/integration/registerable_test.rb
View File

@@ -20,7 +20,7 @@ class RegistrationTest < Devise::IntegrationTest
assert_current_url "/admin_area/home"
admin = Admin.to_adapter.find_first(order: [:id, :desc])
assert_equal 'new_user@test.com', admin.email
assert_equal admin.email, 'new_user@test.com'
end
test 'a guest admin should be able to sign in and be redirected to a custom location' do
@@ -69,7 +69,7 @@ class RegistrationTest < Devise::IntegrationTest
refute warden.authenticated?(:user)
user = User.to_adapter.find_first(order: [:id, :desc])
assert_equal 'new_user@test.com', user.email
assert_equal user.email, 'new_user@test.com'
refute user.confirmed?
end
@@ -254,7 +254,7 @@ class RegistrationTest < Devise::IntegrationTest
assert_contain "Password confirmation doesn't match Password"
refute User.to_adapter.find_first.valid_password?('pas123')
end
test 'a signed in user should see a warning about minimum password length' do
sign_in_as_user
get edit_user_registration_path
@@ -268,7 +268,7 @@ class RegistrationTest < Devise::IntegrationTest
click_button "Cancel my account"
assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon."
assert_empty User.to_adapter.find_all
assert User.to_adapter.find_all.empty?
end
test 'a user should be able to cancel sign up by deleting data in the session' do
@@ -300,46 +300,46 @@ class RegistrationTest < Devise::IntegrationTest
test 'an admin sign up with valid information in XML format should return valid response' do
post admin_registration_path(format: 'xml'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
assert_response :success
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
admin = Admin.to_adapter.find_first(order: [:id, :desc])
assert_equal 'new_user@test.com', admin.email
assert_equal admin.email, 'new_user@test.com'
end
test 'a user sign up with valid information in XML format should return valid response' do
post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
assert_response :success
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
user = User.to_adapter.find_first(order: [:id, :desc])
assert_equal 'new_user@test.com', user.email
assert_equal user.email, 'new_user@test.com'
end
test 'a user sign up with invalid information in XML format should return invalid response' do
post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } }
assert_response :unprocessable_entity
assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
end
test 'a user update information with valid data in XML format should return valid response' do
user = sign_in_as_user
put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } }
assert_response :success
assert_equal 'user.new@test.com', user.reload.email
assert_equal user.reload.email, 'user.new@test.com'
end
test 'a user update information with invalid data in XML format should return invalid response' do
user = sign_in_as_user
put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } }
assert_response :unprocessable_entity
assert_equal 'user@test.com', user.reload.email
assert_equal user.reload.email, 'user@test.com'
end
test 'a user cancel their account in XML format should return valid response' do
sign_in_as_user
delete user_registration_path(format: 'xml')
assert_response :success
assert_equal 0, User.to_adapter.find_all.size
assert_equal User.to_adapter.find_all.size, 0
end
end

6
test/integration/rememberable_test.rb
View File

@@ -3,7 +3,7 @@
require 'test_helper'
class RememberMeTest < Devise::IntegrationTest
def create_user_and_remember(add_to_token = '')
def create_user_and_remember(add_to_token='')
user = create_user
user.remember_me!
raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token }
@@ -14,10 +14,8 @@ class RememberMeTest < Devise::IntegrationTest
def generate_signed_cookie(raw_cookie)
request = if Devise::Test.rails51? || Devise::Test.rails52_and_up?
ActionController::TestRequest.create(Class.new) # needs a "controller class"
elsif Devise::Test.rails5?
ActionController::TestRequest.create
else
ActionController::TestRequest.new
ActionController::TestRequest.create
end
request.cookie_jar.signed['raw_cookie'] = raw_cookie
request.cookie_jar['raw_cookie']

2
test/integration/timeoutable_test.rb
View File

@@ -77,7 +77,7 @@ class SessionTimeoutTest < Devise::IntegrationTest
end
end
test 'time out user session after default limit time and redirect to latest get request' do
test 'time out user session after deault limit time and redirect to latest get request' do
user = sign_in_as_user
visit edit_form_user_path(user)

4
test/integration/trackable_test.rb
View File

@@ -44,7 +44,7 @@ class TrackableHooksTest < Devise::IntegrationTest
assert_equal "127.0.0.1", user.last_sign_in_ip
end
test "current and last sign in remote ip returns original ip behind a non transparent proxy" do
test "current remote ip returns original ip behind a non transparent proxy" do
user = create_user
arbitrary_ip = '200.121.1.69'
@@ -53,7 +53,6 @@ class TrackableHooksTest < Devise::IntegrationTest
end
user.reload
assert_equal arbitrary_ip, user.current_sign_in_ip
assert_equal arbitrary_ip, user.last_sign_in_ip
end
test "increase sign in count" do
@@ -96,5 +95,4 @@ class TrackableHooksTest < Devise::IntegrationTest
user.reload
assert_equal 1, user.sign_in_count
end
end

4
test/mailers/confirmation_instructions_test.rb
View File

@@ -31,7 +31,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
end
test 'content type should be set to html' do
assert_includes mail.content_type, 'text/html'
assert mail.content_type.include?('text/html')
end
test 'send confirmation instructions to the user email' do
@@ -88,7 +88,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
host, port = ActionMailer::Base.default_url_options.values_at :host, :port
if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/confirmation\?confirmation_token=([^"]+)">}
assert_equal user.confirmation_token, $1
assert_equal $1, user.confirmation_token
else
flunk "expected confirmation url regex to match"
end

2
test/mailers/email_changed_test.rb
View File

@@ -35,7 +35,7 @@ class EmailChangedTest < ActionMailer::TestCase
end
test 'content type should be set to html' do
assert_includes mail.content_type, 'text/html'
assert mail.content_type.include?('text/html')
end
test 'send email changed to the original user email' do

6
test/mailers/reset_password_instructions_test.rb
View File

@@ -29,12 +29,12 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
end
end
test 'email sent after resetting the user password' do
test 'email sent after reseting the user password' do
assert_not_nil mail
end
test 'content type should be set to html' do
assert_includes mail.content_type, 'text/html'
assert mail.content_type.include?('text/html')
end
test 'send confirmation instructions to the user email' do
@@ -84,7 +84,7 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
host, port = ActionMailer::Base.default_url_options.values_at :host, :port
if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/password/edit\?reset_password_token=([^"]+)">}
assert_equal user.reset_password_token, Devise.token_generator.digest(user.class, :reset_password_token, $1)
assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token
else
flunk "expected reset password url regex to match"
end

4
test/mailers/unlock_instructions_test.rb
View File

@@ -35,7 +35,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
end
test 'content type should be set to html' do
assert_includes mail.content_type, 'text/html'
assert mail.content_type.include?('text/html')
end
test 'send unlock instructions to the user email' do
@@ -85,7 +85,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
host, port = ActionMailer::Base.default_url_options.values_at :host, :port
if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/unlock\?unlock_token=([^"]+)">}
assert_equal user.unlock_token, Devise.token_generator.digest(user.class, :unlock_token, $1)
assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token
else
flunk "expected unlock url regex to match"
end

2
test/mapping_test.rb
View File

@@ -6,7 +6,7 @@ class FakeRequest < Struct.new(:path_info, :params)
end
class MappingTest < ActiveSupport::TestCase
def fake_request(path, params = {})
def fake_request(path, params={})
FakeRequest.new(path, params)
end

8
test/models/authenticatable_test.rb
View File

@@ -4,12 +4,12 @@ require 'test_helper'
class AuthenticatableTest < ActiveSupport::TestCase
test 'required_fields should be an empty array' do
assert_equal [], Devise::Models::Validatable.required_fields(User)
assert_equal Devise::Models::Validatable.required_fields(User), []
end
test 'find_first_by_auth_conditions allows custom filtering parameters' do
user = User.create!(email: "example@example.com", password: "1234567")
assert_equal user, User.find_first_by_auth_conditions({ email: "example@example.com" })
assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next)
end
@@ -18,14 +18,14 @@ class AuthenticatableTest < ActiveSupport::TestCase
# config.strip_whitespace_keys = [:email]
test 'find_or_initialize_with_errors uses parameter filter on find' do
user = User.create!(email: "example@example.com", password: "1234567")
assert_equal user, User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " })
assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }), user
end
# assumes default configuration of
# config.case_insensitive_keys = [:email]
# config.strip_whitespace_keys = [:email]
test 'find_or_initialize_with_errors uses parameter filter on initialize' do
assert_equal "example@example.com", User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email
assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email, "example@example.com"
end
test 'find_or_initialize_with_errors adds blank error' do

20
test/models/confirmable_test.rb
View File

@@ -28,7 +28,7 @@ class ConfirmableTest < ActiveSupport::TestCase
confirmation_tokens = []
3.times do
token = create_user.confirmation_token
refute_includes confirmation_tokens, token
assert !confirmation_tokens.include?(token)
confirmation_tokens << token
end
end
@@ -61,7 +61,7 @@ class ConfirmableTest < ActiveSupport::TestCase
user = create_user
raw = user.raw_confirmation_token
confirmed_user = User.confirm_by_token(raw)
assert_equal user, confirmed_user
assert_equal confirmed_user, user
assert user.reload.confirmed?
end
@@ -160,7 +160,7 @@ class ConfirmableTest < ActiveSupport::TestCase
test 'should find a user to send confirmation instructions' do
user = create_user
confirmation_user = User.send_confirmation_instructions(email: user.email)
assert_equal user, confirmation_user
assert_equal confirmation_user, user
end
test 'should return a new user if no email was found' do
@@ -305,7 +305,7 @@ class ConfirmableTest < ActiveSupport::TestCase
swap Devise, authentication_keys: [:username, :email] do
user = create_user
confirm_user = User.send_confirmation_instructions(email: user.email, username: user.username)
assert_equal user, confirm_user
assert_equal confirm_user, user
end
end
@@ -322,7 +322,7 @@ class ConfirmableTest < ActiveSupport::TestCase
user = create_user
user.update_attribute(:confirmation_sent_at, confirmation_sent_at)
confirmed_user = User.confirm_by_token(user.raw_confirmation_token)
assert_equal user, confirmed_user
assert_equal confirmed_user, user
user.reload.confirmed?
end
@@ -497,7 +497,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
assert admin.confirm
assert admin.update(email: 'new_test@example.com')
confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email)
assert_equal admin, confirmation_admin
assert_equal confirmation_admin, admin
end
test 'should return a new admin if no email or unconfirmed_email was found' do
@@ -520,20 +520,20 @@ class ReconfirmableTest < ActiveSupport::TestCase
end
test 'required_fields should contain the fields that Devise uses' do
assert_equal [
assert_equal Devise::Models::Confirmable.required_fields(User), [
:confirmation_token,
:confirmed_at,
:confirmation_sent_at
], Devise::Models::Confirmable.required_fields(User)
]
end
test 'required_fields should also contain unconfirmable when reconfirmable_email is true' do
assert_equal [
assert_equal Devise::Models::Confirmable.required_fields(Admin), [
:confirmation_token,
:confirmed_at,
:confirmation_sent_at,
:unconfirmed_email
], Devise::Models::Confirmable.required_fields(Admin)
]
end
test 'should not require reconfirmation after creating a record' do

10
test/models/database_authenticatable_test.rb
View File

@@ -108,7 +108,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
test 'should support custom hashing methods' do
user = UserWithCustomHashing.new(password: '654321')
assert_equal '123456', user.encrypted_password
assert_equal user.encrypted_password, '123456'
end
test 'allow authenticatable_salt to work even with nil hashed password' do
@@ -293,18 +293,18 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
end
test 'required_fields should be encryptable_password and the email field by default' do
assert_equal [
assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
:encrypted_password,
:email
], Devise::Models::DatabaseAuthenticatable.required_fields(User)
]
end
test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do
swap Devise, authentication_keys: [:login] do
assert_equal [
assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
:encrypted_password,
:login
], Devise::Models::DatabaseAuthenticatable.required_fields(User)
]
end
end
end

55
test/models/lockable_test.rb
View File

@@ -121,7 +121,7 @@ class LockableTest < ActiveSupport::TestCase
user = create_user
user.lock_access!
token = user.unlock_token
refute_includes unlock_tokens, token
assert !unlock_tokens.include?(token)
unlock_tokens << token
end
end
@@ -174,7 +174,7 @@ class LockableTest < ActiveSupport::TestCase
user = create_user
raw = user.send_unlock_instructions
locked_user = User.unlock_access_by_token(raw)
assert_equal user, locked_user
assert_equal locked_user, user
refute user.reload.access_locked?
end
@@ -194,7 +194,7 @@ class LockableTest < ActiveSupport::TestCase
user = create_user
user.lock_access!
unlock_user = User.send_unlock_instructions(email: user.email)
assert_equal user, unlock_user
assert_equal unlock_user, user
end
test 'should return a new user if no email was found' do
@@ -211,7 +211,7 @@ class LockableTest < ActiveSupport::TestCase
swap Devise, authentication_keys: [:username, :email] do
user = create_user
unlock_user = User.send_unlock_instructions(email: user.email, username: user.username)
assert_equal user, unlock_user
assert_equal unlock_user, user
end
end
@@ -270,11 +270,11 @@ class LockableTest < ActiveSupport::TestCase
test 'required_fields should contain the all the fields when all the strategies are enabled' do
swap Devise, unlock_strategy: :both do
swap Devise, lock_strategy: :failed_attempts do
assert_equal [
:failed_attempts,
:locked_at,
:unlock_token
], Devise::Models::Lockable.required_fields(User)
assert_equal Devise::Models::Lockable.required_fields(User), [
:failed_attempts,
:locked_at,
:unlock_token
]
end
end
end
@@ -282,10 +282,10 @@ class LockableTest < ActiveSupport::TestCase
test 'required_fields should contain only failed_attempts and locked_at when the strategies are time and failed_attempts are enabled' do
swap Devise, unlock_strategy: :time do
swap Devise, lock_strategy: :failed_attempts do
assert_equal [
:failed_attempts,
:locked_at
], Devise::Models::Lockable.required_fields(User)
assert_equal Devise::Models::Lockable.required_fields(User), [
:failed_attempts,
:locked_at
]
end
end
end
@@ -293,10 +293,10 @@ class LockableTest < ActiveSupport::TestCase
test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do
swap Devise, unlock_strategy: :email do
swap Devise, lock_strategy: :failed_attempts do
assert_equal [
:failed_attempts,
:unlock_token
], Devise::Models::Lockable.required_fields(User)
assert_equal Devise::Models::Lockable.required_fields(User), [
:failed_attempts,
:unlock_token
]
end
end
end
@@ -312,7 +312,7 @@ class LockableTest < ActiveSupport::TestCase
end
test 'should return last attempt message if user made next-to-last attempt of password entering' do
swap Devise, last_attempt_warning: true, lock_strategy: :failed_attempts do
swap Devise, last_attempt_warning: true, lock_strategy: :failed_attempts, unlock_strategy: :none do
user = create_user
user.failed_attempts = Devise.maximum_attempts - 2
assert_equal :invalid, user.unauthenticated_message
@@ -321,7 +321,7 @@ class LockableTest < ActiveSupport::TestCase
assert_equal :last_attempt, user.unauthenticated_message
user.failed_attempts = Devise.maximum_attempts
assert_equal :locked, user.unauthenticated_message
assert_equal :'locked.none', user.unauthenticated_message
end
end
@@ -336,7 +336,22 @@ class LockableTest < ActiveSupport::TestCase
test 'should return locked message if user was programatically locked' do
user = create_user
user.lock_access!
assert_equal :locked, user.unauthenticated_message
swap Devise, unlock_strategy: :none do
assert_equal :'locked.none', user.unauthenticated_message
end
swap Devise, unlock_strategy: :both do
assert_equal :'locked.both', user.unauthenticated_message
end
swap Devise, unlock_strategy: :email do
assert_equal :'locked.email', user.unauthenticated_message
end
swap Devise, unlock_strategy: :time do
assert_equal :'locked.time', user.unauthenticated_message
end
end
test 'unlock_strategy_enabled? should return true for both, email, and time strategies if :both is used' do

2
test/models/omniauthable_test.rb
View File

@@ -4,6 +4,6 @@ require 'test_helper'
class OmniauthableTest < ActiveSupport::TestCase
test 'required_fields should contain the fields that Devise uses' do
assert_equal [], Devise::Models::Omniauthable.required_fields(User)
assert_equal Devise::Models::Omniauthable.required_fields(User), []
end
end

18
test/models/recoverable_test.rb
View File

@@ -18,7 +18,7 @@ class RecoverableTest < ActiveSupport::TestCase
user = create_user
user.send_reset_password_instructions
token = user.reset_password_token
refute_includes reset_password_tokens, token
assert !reset_password_tokens.include?(token)
reset_password_tokens << token
end
end
@@ -34,7 +34,7 @@ class RecoverableTest < ActiveSupport::TestCase
assert create_user.reset_password('123456789', '123456789')
end
test 'should clear reset password token while resetting the password' do
test 'should clear reset password token while reseting the password' do
user = create_user
assert_nil user.reset_password_token
@@ -116,7 +116,7 @@ class RecoverableTest < ActiveSupport::TestCase
test 'should find a user to send instructions by email' do
user = create_user
reset_password_user = User.send_reset_password_instructions(email: user.email)
assert_equal user, reset_password_user
assert_equal reset_password_user, user
end
test 'should return a new record with errors if user was not found by e-mail' do
@@ -129,7 +129,7 @@ class RecoverableTest < ActiveSupport::TestCase
swap Devise, authentication_keys: [:username, :email] do
user = create_user
reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username)
assert_equal user, reset_password_user
assert_equal reset_password_user, user
end
end
@@ -161,7 +161,7 @@ class RecoverableTest < ActiveSupport::TestCase
raw = user.send_reset_password_instructions
reset_password_user = User.reset_password_by_token(reset_password_token: raw)
assert_equal user, reset_password_user
assert_equal reset_password_user, user
end
test 'should return a new record with errors if no reset_password_token is found' do
@@ -237,23 +237,23 @@ class RecoverableTest < ActiveSupport::TestCase
end
test 'required_fields should contain the fields that Devise uses' do
assert_equal [
assert_equal Devise::Models::Recoverable.required_fields(User), [
:reset_password_sent_at,
:reset_password_token
], Devise::Models::Recoverable.required_fields(User)
]
end
test 'should return a user based on the raw token' do
user = create_user
raw = user.send_reset_password_instructions
assert_equal user, User.with_reset_password_token(raw)
assert_equal User.with_reset_password_token(raw), user
end
test 'should return the same reset password token as generated' do
user = create_user
raw = user.send_reset_password_instructions
assert_equal user.reset_password_token, Devise.token_generator.digest(self.class, :reset_password_token, raw)
assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token
end
test 'should return nil if a user based on the raw token is not found' do

2
test/models/registerable_test.rb
View File

@@ -4,6 +4,6 @@ require 'test_helper'
class RegisterableTest < ActiveSupport::TestCase
test 'required_fields should contain the fields that Devise uses' do
assert_equal [], Devise::Models::Registerable.required_fields(User)
assert_equal Devise::Models::Registerable.required_fields(User), []
end
end

4
test/models/rememberable_test.rb
View File

@@ -177,8 +177,8 @@ class RememberableTest < ActiveSupport::TestCase
end
test 'should have the required_fields array' do
assert_equal [
assert_equal Devise::Models::Rememberable.required_fields(User), [
:remember_created_at
], Devise::Models::Rememberable.required_fields(User)
]
end
end

4
test/models/serializable_test.rb
View File

@@ -43,7 +43,7 @@ class SerializableTest < ActiveSupport::TestCase
end
test 'should accept frozen options' do
assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"]
assert_key "username", @user.as_json({only: :username}.freeze)["user"]
end
def assert_key(key, subject)
@@ -54,7 +54,7 @@ class SerializableTest < ActiveSupport::TestCase
assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}"
end
def from_json(options = nil)
def from_json(options=nil)
ActiveSupport::JSON.decode(@user.to_json(options))["user"]
end
end

2
test/models/timeoutable_test.rb
View File

@@ -43,7 +43,7 @@ class TimeoutableTest < ActiveSupport::TestCase
end
test 'required_fields should contain the fields that Devise uses' do
assert_equal [], Devise::Models::Timeoutable.required_fields(User)
assert_equal Devise::Models::Timeoutable.required_fields(User), []
end
test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do

37
test/models/trackable_test.rb
View File

@@ -4,13 +4,13 @@ require 'test_helper'
class TrackableTest < ActiveSupport::TestCase
test 'required_fields should contain the fields that Devise uses' do
assert_equal [
assert_equal Devise::Models::Trackable.required_fields(User), [
:current_sign_in_at,
:current_sign_in_ip,
:last_sign_in_at,
:last_sign_in_ip,
:sign_in_count
], Devise::Models::Trackable.required_fields(User)
]
end
test 'update_tracked_fields should only set attributes but not save the record' do
@@ -60,6 +60,39 @@ class TrackableTest < ActiveSupport::TestCase
assert_not user.update_tracked_fields!(request)
end
test "update_tracked_fields! runs when isn't a new record and the validations are ok" do
user = create_user
user.stubs(:active_for_authentication?).returns(true)
request = mock
request.stubs(:remote_ip).returns("127.0.0.1")
request.stubs(:env).returns('devise.skip_trackable' => nil)
assert user.update_tracked_fields!(request)
end
test "update_tracked_fields! should not run when skip trackable is turned on" do
user = create_user
user.stubs(:active_for_authentication?).returns(true)
request = mock
request.stubs(:remote_ip).returns("127.0.0.1")
request.stubs(:env).returns('devise.skip_trackable' => 1)
assert_not user.update_tracked_fields!(request)
end
test "update_tracked_fields! should not run when the user is not active for authentication" do
user = create_user
user.stubs(:active_for_authentication?).returns(false)
request = mock
request.stubs(:remote_ip).returns("127.0.0.1")
request.stubs(:env).returns('devise.skip_trackable' => nil)
assert_not user.update_tracked_fields!(request)
end
test 'extract_ip_from should be overridable' do
class UserWithOverride < User
protected

2
test/models/validatable_test.rb
View File

@@ -116,6 +116,6 @@ class ValidatableTest < ActiveSupport::TestCase
end
test 'required_fields should be an empty array' do
assert_equal [], Devise::Models::Validatable.required_fields(User)
assert_equal Devise::Models::Validatable.required_fields(User), []
end
end

2
test/omniauth/url_helpers_test.rb
View File

@@ -5,7 +5,7 @@ require 'test_helper'
class OmniAuthRoutesTest < ActionController::TestCase
tests ApplicationController
def assert_path(action, provider, with_param = true)
def assert_path(action, provider, with_param=true)
# Resource param
assert_equal @controller.send(action, :user, provider),
@controller.send("user_#{provider}_#{action}")

8
test/orm/active_record.rb
View File

@@ -14,13 +14,7 @@ else
end
class ActiveSupport::TestCase
if Devise::Test.rails5_and_up?
self.use_transactional_tests = true
else
# Let `after_commit` work with transactional fixtures, however this is not needed for Rails 5.
require 'test_after_commit'
self.use_transactional_fixtures = true
end
self.use_transactional_tests = true
self.use_instantiated_fixtures = false
end

2
test/rails_app/app/active_record/user.rb
View File

@@ -5,7 +5,7 @@ require 'shared_user'
class User < ActiveRecord::Base
include Shim
include SharedUser
include ActiveModel::Serializers::Xml if Devise::Test.rails5_and_up?
include ActiveModel::Serializers::Xml
validates :sign_in_count, presence: true

6
test/rails_app/app/controllers/home_controller.rb
View File

@@ -22,10 +22,6 @@ class HomeController < ApplicationController
end
def unauthenticated
if Devise::Test.rails5_and_up?
render body: "unauthenticated", status: :unauthorized
else
render text: "unauthenticated", status: :unauthorized
end
render body: "unauthenticated", status: :unauthorized
end
end

23
test/rails_app/app/controllers/streaming_controller.rb
View File

@@ -1,23 +0,0 @@
# frozen_string_literal: true
class StreamingController < ApplicationController
include ActionController::Live
before_action :authenticate_user!
def index
render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index'
end
# Work around https://github.com/heartcombo/devise/issues/2332, which affects
# tests in Rails 4.x (and affects production in Rails >= 5)
def process(name)
super(name)
rescue ArgumentError => e
if e.message == 'uncaught throw :warden'
throw :warden
else
raise e
end
end
end

2
test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb
View File

@@ -11,6 +11,6 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
user = User.to_adapter.find_first(email: 'user@test.com')
user.remember_me = true
sign_in user
render (Devise::Test.rails5_and_up? ? :body : :text) => ""
render body: ""
end
end

6
test/rails_app/app/controllers/users_controller.rb
View File

@@ -15,7 +15,7 @@ class UsersController < ApplicationController
end
def update_form
render (Devise::Test.rails5_and_up? ? :body : :text) => 'Update'
render body: 'Update'
end
def accept
@@ -23,11 +23,11 @@ class UsersController < ApplicationController
end
def exhibit
render (Devise::Test.rails5_and_up? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated"
render body: current_user ? "User is authenticated" : "User is not authenticated"
end
def expire
user_session['last_request_at'] = 31.minutes.ago.utc
render (Devise::Test.rails5_and_up? ? :body : :text) => 'User will be expired on next request'
render body: 'User will be expired on next request'
end
end

6
test/rails_app/config/application.rb
View File

@@ -33,12 +33,6 @@ module RailsApp
# config.assets.enabled = false
config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
rails_version = Gem::Version.new(Rails.version)
if DEVISE_ORM == :active_record &&
rails_version >= Gem::Version.new('4.2.0') &&
rails_version < Gem::Version.new('5.1.0')
config.active_record.raise_in_transactional_callbacks = true
end
# This was used to break devise in some situations
config.to_prepare do

9
test/rails_app/config/boot.rb
View File

@@ -7,7 +7,6 @@ end
module Devise
module Test
# Detection for minor differences between Rails versions in tests.
def self.rails6?
Rails.version.start_with? '6'
end
@@ -23,14 +22,6 @@ module Devise
def self.rails51?
Rails.version.start_with? '5.1'
end
def self.rails5_and_up?
Rails::VERSION::MAJOR >= 5
end
def self.rails5?
Rails.version.start_with? '5'
end
end
end

Some files were not shown because too many files have changed in this diff Show More