From e79201aef86e048ed38e2181675458bc3b9da2a1 Mon Sep 17 00:00:00 2001
From: Lucas Mazza <lucas.mazza@plataformatec.com.br>
Date: Tue, 3 May 2016 18:18:56 -0300
Subject: [PATCH] Remove deprecated `ParameterSanitizer` API.

---
 lib/devise/parameter_sanitizer.rb | 55 ------------------------------
 test/parameter_sanitizer_test.rb  | 56 -------------------------------
 2 files changed, 111 deletions(-)

diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb
index fc08d3c9..0f6faee6 100644
--- a/lib/devise/parameter_sanitizer.rb
+++ b/lib/devise/parameter_sanitizer.rb
@@ -68,12 +68,6 @@ module Devise
     def sanitize(action)
       permissions = @permitted[action]
 
-      # DEPRECATED: Remove this branch on Devise 4.2.
-      if respond_to?(action, true)
-        deprecate_instance_method_sanitization(action)
-        return cast_to_hash send(action)
-      end
-
       if permissions.respond_to?(:call)
         cast_to_hash permissions.call(default_params)
       elsif permissions.present?
@@ -127,17 +121,6 @@ module Devise
       end
     end
 
-    # DEPRECATED: Remove this method on Devise 4.2.
-    def for(action, &block) # :nodoc:
-      if block_given?
-        deprecate_for_with_block(action)
-        permit(action, &block)
-      else
-        deprecate_for_without_block(action)
-        @permitted[action] or unknown_action!(action)
-      end
-    end
-
     private
 
     # Cast a sanitized +ActionController::Parameters+ to a +HashWithIndifferentAccess+
@@ -172,43 +155,5 @@ module Devise
           devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3])
       MESSAGE
     end
-
-    def deprecate_for_with_block(action)
-      ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
-        [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2.
-        Please use the `permit` method:
-
-          devise_parameter_sanitizer.permit(:#{action}) do |user|
-            # Your block here.
-          end
-      MESSAGE
-    end
-
-    def deprecate_for_without_block(action)
-      ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
-        [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2.
-        Please use the `permit` method to add or remove any key:
-
-          To add any new key, use the `keys` keyword argument:
-          devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3])
-
-          To remove any existing key, use the `except` keyword argument:
-          devise_parameter_sanitizer.permit(:#{action}, except: [:email])
-      MESSAGE
-    end
-
-    def deprecate_instance_method_sanitization(action)
-      ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
-        [Devise] Parameter sanitization through a "#{self.class.name}##{action}" method is deprecated and it will be removed from Devise 4.2.
-        Please use the `permit` method on your sanitizer `initialize` method.
-
-          class #{self.class.name} < Devise::ParameterSanitizer
-            def initialize(*)
-              super
-              permit(:#{action}, keys: [:param1, :param2, :param3])
-            end
-          end
-      MESSAGE
-    end
   end
 end
diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb
index b40bf6a7..a1f38426 100644
--- a/test/parameter_sanitizer_test.rb
+++ b/test/parameter_sanitizer_test.rb
@@ -73,59 +73,3 @@ class ParameterSanitizerTest < ActiveSupport::TestCase
     assert_equal({ 'username' => 'jose' }, sanitized)
   end
 end
-
-class DeprecatedParameterSanitizerAPITest < ActiveSupport::TestCase
-  class CustomSanitizer < Devise::ParameterSanitizer
-    def sign_in
-      default_params.permit(:username)
-    end
-  end
-
-  def sanitizer(params)
-    params = ActionController::Parameters.new(params)
-    Devise::ParameterSanitizer.new(User, :user, params)
-  end
-
-  test 'overriding instance methods have precedence over the default sanitized attributes' do
-    assert_deprecated do
-      params =  ActionController::Parameters.new(user: { "username" => "jose", "name" => "Jose" })
-      sanitizer = CustomSanitizer.new(User, :user, params)
-
-      sanitized = sanitizer.sanitize(:sign_in)
-
-      assert_equal({ "username" => "jose" }, sanitized)
-    end
-  end
-
-  test 'adding new parameters by mutating the Array' do
-    assert_deprecated do
-      sanitizer = sanitizer('user' => { 'username' => 'jose' })
-      sanitizer.for(:sign_in) << :username
-      sanitized = sanitizer.sanitize(:sign_in)
-
-      assert_equal({ 'username' => 'jose' }, sanitized)
-    end
-  end
-
-   test 'adding new parameters with a block' do
-     assert_deprecated do
-       sanitizer = sanitizer('user' => { 'username' => 'jose' })
-       sanitizer.for(:sign_in) { |user| user.permit(:username) }
-
-       sanitized = sanitizer.sanitize(:sign_in)
-
-       assert_equal({ 'username' => 'jose' }, sanitized)
-     end
-   end
-
-  test 'removing multiple default parameters' do
-    assert_deprecated do
-      sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid', 'remember_me' => '1' })
-      sanitizer.for(:sign_in).delete(:email)
-      sanitizer.for(:sign_in).delete(:password)
-      sanitized = sanitizer.sanitize(:sign_in)
-
-      assert_equal({ 'remember_me' => '1' }, sanitized)
-    end
-  end
-end