Release a new Devise version with several bug fixes.

Signed-off-by: José Valim <jose.valim@gmail.com>

CHANGELOG.rdoc

@@ -1,3 +1,24 @@
+== 1.1.3
+
+* bugfix
+  * Add reply-to to e-mail headers by default
+  * Updated the views generator to respect the rails :template_engine option (by github.com/fredwu)
+  * Check the type of HTTP Authentication before using Basic headers
+  * Avoid invalid_salt errors by checking salt presence (by github.com/thibaudgg)
+  * Forget user deletes the right cookie before logout, not remembering the user anymore (by github.com/emtrane)
+  * Fix for failed first-ever logins on PostgreSQL where column default is nil (by github.com/bensie)
+  * :default options is now honored in migrations
+
+== 1.1.2
+
+* bugfix
+  * Compatibility with latest Rails routes schema
+
+== 1.1.1
+
+* bugfix
+  * Fix a small bug where generated locale file was empty on devise:install
+
 == 1.1.0
 
 * enhancements

Gemfile

@@ -1,11 +1,6 @@
 source "http://rubygems.org"
 
-if File.exist? File.expand_path('../../rails', __FILE__)
-  gem "rails", :path => "../rails"
-else
-  gem "rails", :git => "git://github.com/rails/rails.git"
-end
-
+gem "rails", "3.0.0"
 gem "warden", "0.10.7"
 gem "sqlite3-ruby"
 gem "webrat", "0.7.0"
@@ -18,6 +13,6 @@ end
 
 group :mongoid do
   gem "mongo"
-  gem "mongoid", :git => "git://github.com/durran/mongoid.git"
+  gem "mongoid", :git => "git://github.com/mongoid/mongoid.git"
   gem "bson_ext"
 end

Gemfile.lock

@@ -1,66 +1,49 @@
 GIT
-  remote: git://github.com/durran/mongoid.git
-  revision: a5abe21
+  remote: git://github.com/mongoid/mongoid.git
+  revision: f38e3ef
   specs:
-    mongoid (2.0.0.beta9)
-      activemodel (~> 3.0.0.beta)
-      bson (~> 1.0.3)
-      mongo (~> 1.0.3)
+    mongoid (2.0.0.beta.16)
+      activemodel (~> 3.0.0)
+      bson (= 1.0.4)
+      mongo (= 1.0.7)
       tzinfo (~> 0.3.22)
       will_paginate (~> 3.0.pre)
 
-PATH
-  remote: /Users/jose/Work/github/rails
-  specs:
-    actionmailer (3.0.0.beta4)
-      actionpack (= 3.0.0.beta4)
-      mail (~> 2.2.5)
-    actionpack (3.0.0.beta4)
-      activemodel (= 3.0.0.beta4)
-      activesupport (= 3.0.0.beta4)
-      builder (~> 2.1.2)
-      erubis (~> 2.6.6)
-      i18n (~> 0.4.1)
-      rack (~> 1.2.1)
-      rack-mount (~> 0.6.9)
-      rack-test (~> 0.5.4)
-      tzinfo (~> 0.3.22)
-    activemodel (3.0.0.beta4)
-      activesupport (= 3.0.0.beta4)
-      builder (~> 2.1.2)
-      i18n (~> 0.4.1)
-    activerecord (3.0.0.beta4)
-      activemodel (= 3.0.0.beta4)
-      activesupport (= 3.0.0.beta4)
-      arel (~> 0.4.0)
-      tzinfo (~> 0.3.22)
-    activeresource (3.0.0.beta4)
-      activemodel (= 3.0.0.beta4)
-      activesupport (= 3.0.0.beta4)
-    activesupport (3.0.0.beta4)
-    rails (3.0.0.beta4)
-      actionmailer (= 3.0.0.beta4)
-      actionpack (= 3.0.0.beta4)
-      activerecord (= 3.0.0.beta4)
-      activeresource (= 3.0.0.beta4)
-      activesupport (= 3.0.0.beta4)
-      bundler (>= 1.0.0.beta.10)
-      railties (= 3.0.0.beta4)
-    railties (3.0.0.beta4)
-      actionpack (= 3.0.0.beta4)
-      activesupport (= 3.0.0.beta4)
-      rake (>= 0.8.3)
-      thor (~> 0.14.0)
-
 GEM
   remote: http://rubygems.org/
   specs:
     abstract (1.0.0)
-    arel (0.4.0)
-      activesupport (>= 3.0.0.beta)
+    actionmailer (3.0.0)
+      actionpack (= 3.0.0)
+      mail (~> 2.2.5)
+    actionpack (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.4.1)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.12)
+      rack-test (~> 0.5.4)
+      tzinfo (~> 0.3.23)
+    activemodel (3.0.0)
+      activesupport (= 3.0.0)
+      builder (~> 2.1.2)
+      i18n (~> 0.4.1)
+    activerecord (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+      arel (~> 1.0.0)
+      tzinfo (~> 0.3.23)
+    activeresource (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+    activesupport (3.0.0)
+    arel (1.0.1)
+      activesupport (~> 3.0.0)
     bcrypt-ruby (2.1.2)
     bson (1.0.4)
-    bson_ext (1.0.4)
+    bson_ext (1.0.7)
     builder (2.1.2)
     columnize (0.3.1)
     erubis (2.6.6)
@@ -74,15 +57,28 @@ GEM
     mime-types (1.16)
     mocha (0.9.8)
       rake
-    mongo (1.0.5)
+    mongo (1.0.7)
       bson (>= 1.0.4)
-    nokogiri (1.4.2)
+    nokogiri (1.4.3.1)
     polyglot (0.3.1)
     rack (1.2.1)
-    rack-mount (0.6.9)
+    rack-mount (0.6.12)
       rack (>= 1.0.0)
     rack-test (0.5.4)
       rack (>= 1.0)
+    rails (3.0.0)
+      actionmailer (= 3.0.0)
+      actionpack (= 3.0.0)
+      activerecord (= 3.0.0)
+      activeresource (= 3.0.0)
+      activesupport (= 3.0.0)
+      bundler (~> 1.0.0)
+      railties (= 3.0.0)
+    railties (3.0.0)
+      actionpack (= 3.0.0)
+      activesupport (= 3.0.0)
+      rake (>= 0.8.4)
+      thor (~> 0.14.0)
     rake (0.8.7)
     ruby-debug (0.10.3)
       columnize (>= 0.1)
@@ -93,14 +89,14 @@ GEM
     thor (0.14.0)
     treetop (1.4.8)
       polyglot (>= 0.3.1)
-    tzinfo (0.3.22)
+    tzinfo (0.3.23)
     warden (0.10.7)
       rack (>= 1.0.0)
     webrat (0.7.0)
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
-    will_paginate (3.0.pre)
+    will_paginate (3.0.pre2)
 
 PLATFORMS
   ruby
@@ -111,7 +107,7 @@ DEPENDENCIES
   mocha
   mongo
   mongoid!
-  rails!
+  rails (= 3.0.0)
   ruby-debug (>= 0.10.3)
   sqlite3-ruby
   warden (= 0.10.7)

devise.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise}
-  s.version = "1.1.0"
+  s.version = "1.1.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
-  s.date = %q{2010-07-26}
+  s.date = %q{2010-09-24}
   s.description = %q{Flexible authentication solution for Rails with Warden}
   s.email = %q{contact@plataformatec.com.br}
   s.extra_rdoc_files = [
@@ -97,12 +97,12 @@ Gem::Specification.new do |s|
      "lib/generators/devise/devise_generator.rb",
      "lib/generators/devise/install_generator.rb",
      "lib/generators/devise/orm_helpers.rb",
-     "lib/generators/devise/templates/README",
-     "lib/generators/devise/templates/devise.rb",
      "lib/generators/devise/views_generator.rb",
      "lib/generators/devise_install_generator.rb",
      "lib/generators/devise_views_generator.rb",
-     "lib/generators/mongoid/devise_generator.rb"
+     "lib/generators/mongoid/devise_generator.rb",
+     "lib/generators/templates/README",
+     "lib/generators/templates/devise.rb"
   ]
   s.homepage = %q{http://github.com/plataformatec/devise}
   s.rdoc_options = ["--charset=UTF-8"]

lib/devise/hooks/forgetable.rb

@@ -5,7 +5,7 @@
 Warden::Manager.before_logout do |record, warden, options|
   if record.respond_to?(:forget_me!)
     record.forget_me! unless record.frozen?
-    options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
-    warden.cookies.delete("remember_#{options[:scope]}_token", options)
+    cookie_options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
+    warden.cookies.delete("remember_#{options[:scope]}_token", cookie_options)
   end
 end

lib/devise/models/database_authenticatable.rb

@@ -82,7 +82,9 @@ module Devise
 
       # Digests the password using the configured encryptor.
       def password_digest(password)
-        self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
+        if self.password_salt.present?
+          self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
+        end
       end
 
       module ClassMethods

lib/devise/models/lockable.rb

@@ -81,6 +81,8 @@ module Devise
         when TrueClass
           self.failed_attempts = 0
         when FalseClass
+          # PostgreSQL uses nil as the default value for integer columns set to 0
+          self.failed_attempts ||= 0
           self.failed_attempts += 1
           if attempts_exceeded?
             lock_access!

lib/devise/rails/routes.rb

@@ -202,10 +202,10 @@ module ActionDispatch::Routing
     protected
 
       def devise_session(mapping, controllers) #:nodoc:
-        scope :controller => controllers[:sessions], :as => :session do
-          get  :new,     :path => mapping.path_names[:sign_in]
-          post :create,  :path => mapping.path_names[:sign_in], :as => ""
-          get  :destroy, :path => mapping.path_names[:sign_out]
+        resource :session, :only => [], :controller => controllers[:sessions], :path => "" do
+          get  :new,     :path => mapping.path_names[:sign_in],  :as => "new"
+          post :create,  :path => mapping.path_names[:sign_in]
+          get  :destroy, :path => mapping.path_names[:sign_out], :as => "destroy"
         end
       end
  

lib/devise/schema.rb

@@ -19,7 +19,7 @@ module Devise
     # encrypter password field in 128 characters.
     def database_authenticatable(options={})
       null    = options[:null] || false
-      default = options[:default] || ""
+      default = options.key?(:default) ? options[:default] : ("" if null == false)
 
       if options.delete(:encryptor)
         ActiveSupport::Deprecation.warn ":encryptor as option is deprecated, simply remove it."

lib/devise/strategies/authenticatable.rb

@@ -96,8 +96,8 @@ module Devise
 
       # Helper to decode credentials from HTTP.
       def decode_credentials
-        username_and_password = request.authorization.split(' ', 2).last || ''
-        ActiveSupport::Base64.decode64(username_and_password).split(/:/, 2)
+        return [] unless request.authorization && request.authorization =~ /^Basic (.*)/
+        ActiveSupport::Base64.decode64($1).split(/:/, 2)
       end
 
       # Sets the authentication hash and the password from params_auth_hash or http_auth_hash.

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.1.0".freeze
+  VERSION = "1.1.3".freeze
 end

lib/generators/devise/install_generator.rb

@@ -3,7 +3,7 @@ require 'active_support/secure_random'
 module Devise
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      source_root File.expand_path("../templates", __FILE__)
+      source_root File.expand_path("../../templates", __FILE__)
 
       desc "Creates a Devise initializer and copy locale files to your application."
       class_option :orm
@@ -13,11 +13,11 @@ module Devise
       end
 
       def copy_locale
-        copy_file "../../../../config/locales/en.yml", "config/locales/devise.en.yml"
+        copy_file "../../../config/locales/en.yml", "config/locales/devise.en.yml"
       end
 
       def show_readme
-        readme "README"
+        readme "README" if behavior == :invoke
       end
     end
   end

lib/generators/devise/views_generator.rb

@@ -7,7 +7,7 @@ module Devise
       argument :scope, :required => false, :default => nil,
                        :desc => "The scope to copy views to"
 
-      class_option :template_engine, :type => :string, :aliases => "-t", :default => "erb",
+      class_option :template_engine, :type => :string, :aliases => "-t",
                                      :desc => "Template engine for the views. Available options are 'erb' and 'haml'."
 
       def copy_views

test/controllers/helpers_test.rb

@@ -60,26 +60,36 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.anybody_signed_in?
   end
 
-  test 'proxy current_admin to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
-    @controller.current_admin
-  end
-
   test 'proxy current_user to authenticate with user scope' do
     @mock_warden.expects(:authenticate).with(:scope => :user)
     @controller.current_user
   end
 
-  test 'proxy user_authenticate! to authenticate with user scope' do
+  test 'proxy current_admin to authenticate with admin scope' do
+    @mock_warden.expects(:authenticate).with(:scope => :admin)
+    @controller.current_admin
+  end
+
+  test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
+    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
+    @controller.current_publisher_account
+  end
+
+  test 'proxy authenticate_user! to authenticate with user scope' do
     @mock_warden.expects(:authenticate!).with(:scope => :user)
     @controller.authenticate_user!
   end
 
-  test 'proxy admin_authenticate! to authenticate with admin scope' do
+  test 'proxy authenticate_admin! to authenticate with admin scope' do
     @mock_warden.expects(:authenticate!).with(:scope => :admin)
     @controller.authenticate_admin!
   end
 
+  test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
+    @mock_warden.expects(:authenticate!).with(:scope => :publisher_account)
+    @controller.authenticate_publisher_account!
+  end
+
   test 'proxy user_signed_in? to authenticate? with user scope' do
     @mock_warden.expects(:authenticate?).with(:scope => :user)
     @controller.user_signed_in?
@@ -90,6 +100,11 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.admin_signed_in?
   end
 
+  test 'proxy publisher_account_signed_in? to authenticate? with namespaced publisher account scope' do
+    @mock_warden.expects(:authenticate?).with(:scope => :publisher_account)
+    @controller.publisher_account_signed_in?
+  end
+
   test 'proxy user_session to session scope in warden' do
     @mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
     @mock_warden.expects(:session).with(:user).returns({})
@@ -102,6 +117,12 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.admin_session
   end
 
+  test 'proxy publisher_account_session from namespaced scope to session scope in warden' do
+    @mock_warden.expects(:authenticate).with(:scope => :publisher_account).returns(true)
+    @mock_warden.expects(:session).with(:publisher_account).returns({})
+    @controller.publisher_account_session
+  end
+
   test 'sign in proxy to set_user on warden' do
     user = User.new
     @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)

test/integration/authenticatable_test.rb

@@ -313,7 +313,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
   test 'sign in with script name' do
     assert_nothing_raised do
       get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
-      fill_in "email", "user@test.com"
+      fill_in "email", :with => "user@test.com"
     end
   end
 

test/integration/http_authenticatable_test.rb

@@ -39,6 +39,14 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
+    swap Devise, :http_authenticatable => true do
+      add_oauth2_header
+      assert_equal 401, status
+      assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
+    end
+  end
+
   private
 
     def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
@@ -46,4 +54,11 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
       get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
       user
     end
+    
+    # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
+    def add_oauth2_header
+      user = create_user
+      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{ActiveSupport::Base64.encode64("#{user.email}:123456")}"
+    end
+
 end

test/integration/registerable_test.rb

@@ -66,7 +66,7 @@ class RegistrationTest < ActionController::IntegrationTest
     click_button 'Sign up'
 
     assert_current_url '/users'
-    assert_contain(/Email .* already .* taken/)
+    assert_contain(/Email .* already.*taken/)
 
     assert_not warden.authenticated?(:user)
   end

test/integration/rememberable_test.rb

@@ -131,6 +131,7 @@ class RememberMeTest < ActionController::IntegrationTest
     get destroy_user_session_path
     assert_not warden.authenticated?(:user)
     assert_nil user.reload.remember_token
+    assert_nil warden.cookies['remember_user_token']
   end
 
   test 'do not remember the user anymore after forget' do
@@ -140,5 +141,6 @@ class RememberMeTest < ActionController::IntegrationTest
     get destroy_user_session_path
     get users_path
     assert_not warden.authenticated?(:user)
+    assert_nil warden.cookies['remember_user_token']
   end
 end

test/models/database_authenticatable_test.rb

@@ -98,6 +98,13 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert_not user.valid_password?('654321')
   end
 
+  test 'should not validate password when salt is nil' do
+    admin = create_admin
+    admin.password_salt = nil
+    admin.save
+    assert_not admin.valid_password?('123456')
+  end
+
   test 'should respond to current password' do
     assert new_user.respond_to?(:current_password)
   end

test/support/helpers.rb

@@ -37,6 +37,12 @@ class ActiveSupport::TestCase
     User.create!(valid_attributes(attributes))
   end
 
+  def create_admin(attributes={})
+    valid_attributes = valid_attributes(attributes)
+    valid_attributes.delete(:username)
+    Admin.create!(valid_attributes)
+  end
+
   # Execute the block setting the given values and restoring old values after
   # the block is executed.
   def swap(object, new_values)