github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 01:08:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:v1.1.pre
Branches Tags
github:main github:update-rack-unprocessable_content github:ca-devise-locale-throw github:password-length-dynamic github:4-stable github:mf-issue-5140 github:mf-check-for-devise-parent-mailer github:5-rc github:3-stable github:let-unsafe-redirect github:test-mongoid github:drv-improve-reset-token github:lm-jruby github:4-0-stable github:4-1-stable github:gh-pages github:v3.2 github:v2.2 github:v3.0 github:v3.1 github:v2.0 github:v2.1 github:v1.5 github:v1.0 github:v1.4 github:v1.3 github:v1.2 github:v1.1
github:v5.0.0.rc github:v4.9.4 github:v4.9.3 github:v4.9.2 github:v4.9.1 github:v4.9.0 github:v4.8.1 github:v4.8.0 github:v4.7.3 github:v4.7.2 github:v4.7.1 github:v4.7.0 github:v4.6.2 github:v4.6.1 github:v4.6.0 github:v4.5.0 github:v4.4.3 github:v4.4.2 github:v4.4.1 github:v4.4.0 github:v4.3.0 github:v4.2.1 github:v4.2.0 github:v3.5.10 github:v4.0.3 github:v4.1.1 github:v4.1.0 github:v3.5.9 github:v4.0.2 github:v4.0.1 github:v3.5.8 github:v3.5.7 github:v4.0.0 github:v4.0.0.rc2 github:v4.0.0.rc1 github:v3.5.6 github:v3.5.5 github:v3.5.4 github:v3.5.3 github:v3.5.2 github:v3.5.1 github:v3.5.0 github:v3.4.1 github:v3.4.0 github:v3.3.0 github:v3.2.4 github:v3.2.3 github:v3.2.2 github:v3.2.1 github:v2.2.8 github:v3.0.4 github:v3.1.2 github:v3.2.0 github:v3.1.1 github:v3.1.0 github:v2.0.6 github:v2.1.4 github:v2.2.7 github:v3.0.3 github:v3.1.0.rc2 github:v3.1.0.rc github:v2.2.6 github:v3.0.2 github:v3.0.1 github:v2.2.5 github:v3.0.0 github:v3.0.0.rc github:v2.2.4 github:v2.2.3 github:v2.2.2 github:v2.2.1 github:v2.2.0 github:v2.2.0.rc github:v2.1.2 github:v2.1.1 github:v2.1.0 github:v2.1.0.rc2 github:v2.1.0.rc github:v2.0.4 github:v2.0.3 github:v2.0.2 github:v2.0.1 github:v2.0.0 github:v2.0.0.rc2 github:v2.0.0.rc github:v1.5.3 github:v1.5.2 github:v1.5.1 github:v1.5.0 github:v1.5.0.rc1 github:v1.5.0.rc github:v1.4.9 github:v1.4.8 github:v1.4.7 github:v1.4.6 github:v1.4.5 github:v1.4.4 github:v1.4.3 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.4 github:v1.3.3 github:v1.3.2 github:v1.3.1 github:v1.3.0 github:v1.2.1 github:v1.2.0 github:v1.1.9 github:v1.0.11 github:v1.1.8 github:v1.2.rc2 github:v1.1.7 github:v1.1.6 github:v1.1.5 github:v1.0.9 github:v1.1.4 github:v1.2.rc github:v1.1.3 github:v1.1.2 github:v1.1.1 github:v1.1.0 github:v1.1.rc2 github:v1.0.8 github:v1.0.7 github:v1.1.rc1 github:v1.0.6 github:v1.1.rc0 github:v1.0.5 github:v1.0.4 github:v1.1.pre4 github:v1.1.pre3 github:v1.0.3 github:v1.1.pre2 github:v1.0.2 github:v1.1.pre github:v1.0.1 github:v1.0.0 github:v0.9.2 github:v0.9.1 github:v0.9.0 github:v0.8.2 github:v0.8.1 github:v0.8.0 github:v0.7.5
..
compare: github:v1.0
Branches Tags
github:main github:update-rack-unprocessable_content github:ca-devise-locale-throw github:password-length-dynamic github:4-stable github:mf-issue-5140 github:mf-check-for-devise-parent-mailer github:5-rc github:3-stable github:let-unsafe-redirect github:test-mongoid github:drv-improve-reset-token github:lm-jruby github:4-0-stable github:4-1-stable github:gh-pages github:v3.2 github:v2.2 github:v3.0 github:v3.1 github:v2.0 github:v2.1 github:v1.5 github:v1.0 github:v1.4 github:v1.3 github:v1.2 github:v1.1
github:v5.0.0.rc github:v4.9.4 github:v4.9.3 github:v4.9.2 github:v4.9.1 github:v4.9.0 github:v4.8.1 github:v4.8.0 github:v4.7.3 github:v4.7.2 github:v4.7.1 github:v4.7.0 github:v4.6.2 github:v4.6.1 github:v4.6.0 github:v4.5.0 github:v4.4.3 github:v4.4.2 github:v4.4.1 github:v4.4.0 github:v4.3.0 github:v4.2.1 github:v4.2.0 github:v3.5.10 github:v4.0.3 github:v4.1.1 github:v4.1.0 github:v3.5.9 github:v4.0.2 github:v4.0.1 github:v3.5.8 github:v3.5.7 github:v4.0.0 github:v4.0.0.rc2 github:v4.0.0.rc1 github:v3.5.6 github:v3.5.5 github:v3.5.4 github:v3.5.3 github:v3.5.2 github:v3.5.1 github:v3.5.0 github:v3.4.1 github:v3.4.0 github:v3.3.0 github:v3.2.4 github:v3.2.3 github:v3.2.2 github:v3.2.1 github:v2.2.8 github:v3.0.4 github:v3.1.2 github:v3.2.0 github:v3.1.1 github:v3.1.0 github:v2.0.6 github:v2.1.4 github:v2.2.7 github:v3.0.3 github:v3.1.0.rc2 github:v3.1.0.rc github:v2.2.6 github:v3.0.2 github:v3.0.1 github:v2.2.5 github:v3.0.0 github:v3.0.0.rc github:v2.2.4 github:v2.2.3 github:v2.2.2 github:v2.2.1 github:v2.2.0 github:v2.2.0.rc github:v2.1.2 github:v2.1.1 github:v2.1.0 github:v2.1.0.rc2 github:v2.1.0.rc github:v2.0.4 github:v2.0.3 github:v2.0.2 github:v2.0.1 github:v2.0.0 github:v2.0.0.rc2 github:v2.0.0.rc github:v1.5.3 github:v1.5.2 github:v1.5.1 github:v1.5.0 github:v1.5.0.rc1 github:v1.5.0.rc github:v1.4.9 github:v1.4.8 github:v1.4.7 github:v1.4.6 github:v1.4.5 github:v1.4.4 github:v1.4.3 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.4 github:v1.3.3 github:v1.3.2 github:v1.3.1 github:v1.3.0 github:v1.2.1 github:v1.2.0 github:v1.1.9 github:v1.0.11 github:v1.1.8 github:v1.2.rc2 github:v1.1.7 github:v1.1.6 github:v1.1.5 github:v1.0.9 github:v1.1.4 github:v1.2.rc github:v1.1.3 github:v1.1.2 github:v1.1.1 github:v1.1.0 github:v1.1.rc2 github:v1.0.8 github:v1.0.7 github:v1.1.rc1 github:v1.0.6 github:v1.1.rc0 github:v1.0.5 github:v1.0.4 github:v1.1.pre4 github:v1.1.pre3 github:v1.0.3 github:v1.1.pre2 github:v1.0.2 github:v1.1.pre github:v1.0.1 github:v1.0.0 github:v0.9.2 github:v0.9.1 github:v0.9.0 github:v0.8.2 github:v0.8.1 github:v0.8.0 github:v0.7.5

95 Commits
v1.1.pre ... v1.0

Author SHA1 Message Date
José Valim
f2cd983b4f Merge pull request #1750 from 0x000000/v1.0 
Added ability to override redirect_to path after sending reset password ...
 2012-03-29 09:38:09 -07:00
Alexander Rudenko
873d8dcf8a Skip the tests for PasswordsController#after_sending_reset_password_instructions_path_for hook 2012-03-29 19:31:21 +03:00
Alexander Rudenko
ddec656738 Added ability to override redirect_to path after sending reset password instructions 2012-03-29 19:02:14 +03:00
José Valim
efc42d7662 Merge pull request #1142 from rosenfeld/v1.0 
V1.0
 2011-06-16 02:03:36 -07:00
Rodrigo Rosenfeld Rosas
d39f94e330 Add cookie_options Devise config for Rememberable strategy 2011-06-15 23:04:39 -03:00
José Valim
15fd736f07 Release v1.0.11 2011-03-11 21:44:59 +01:00
Carlos Antonio da Silva
5eb4c39eb8 Squeeze break lines from cookies to avoid duplicated break lines 
Some Rails integration tests were failing with duplicated break lines in cookies.
 2011-03-09 17:50:33 -03:00
Carlos Antonio da Silva
646072cd1f Make sure xhr requests do not store urls for redirect 2011-03-09 17:30:20 -03:00
Carlos Antonio da Silva
56b82c4d2b Update README with new devise version to install 2011-03-01 16:30:53 -03:00
José Valim
5df4eb3969 Release 1.0.10. 2011-02-15 20:21:22 +01:00
José Valim
eb2385ad17 Use secure compare. 2011-02-15 20:17:15 +01:00
José Valim
9b0b505159 Implement handle unverified scope. 2011-02-15 20:01:17 +01:00
Eric Cohen
de22a30834 Added configuration of authentication_keys to http authenticatable model module. 
Closes #799.
 2011-01-22 00:05:26 +08:00
Carlos Antonio da Silva
3a7abb1c6f Fix RegistrationsController routes comments, closes #751 2011-01-02 20:17:10 -02:00
brainopia
d90ef8595a Browsers are more demanding than tests it seems :) 2010-12-23 02:27:09 +08:00
brainopia
ef7de69119 Fix before_logout hook for rememberable module 2010-12-22 05:08:23 +08:00
José Valim
15596f84e8 Update version in README. 2010-11-30 11:56:34 -08:00
José Valim
7abe80e079 Update gemspec with 1.0.9 release. 2010-11-26 13:25:19 +01:00
Carlos Antonio da Silva
cf3e5c5d85 Fix deprecation warning in Rails 2.3.10 2010-11-26 08:42:01 -02:00
José Valim
ef5cb5c34b Work around a bug in Rails 2.3.10 where reset session cause Rack::Lint tests to fail. 2010-11-26 11:31:38 +01:00
José Valim
09e815fa1c Prepare for 1.0.9. 2010-11-21 00:24:31 +01:00
José Valim
f72d7d85c7 Avoid session fixation attacks 2010-11-21 00:23:44 +01:00
José Valim
994e62a533 Fix metaclass deprecation 2010-11-21 00:02:29 +01:00
Carlos Antonio da Silva
18284d9ba3 Remove "returning" deprecation warning 2010-09-21 21:12:05 -03:00
Vinicius Baggio
9321db99a0 Fixing typo in documentation 2010-09-09 08:50:53 -03:00
Eike Bernhardt
d9d9cf99e5 It's just 'save(false)' in Rails 2.3.x 2010-09-09 19:47:14 +08:00
Eike Bernhardt
a3a142eb04 Save confirmation token to the database, if one does not exist but was requested, closes #377 2010-09-09 19:47:14 +08:00
Hugo Baraúna
e4e6fb77bb Updates installation steps in the README 2010-08-22 17:33:35 -07:00
Martin Rehfeld
0638a68704 use :sign_out_via to control the method(s) for the destroy_*_session_path route 2010-08-14 11:06:31 +08:00
Martin Rehfeld
a49f03e2f9 provide :sign_out_via option for Devise::Mapping 2010-08-14 11:06:31 +08:00
José Valim
9b9924c9e5 Dup version! 2010-08-02 04:41:47 -07:00
José Valim
7bfdd8e45e Email should be case insensitive, closes #372 2010-07-15 21:13:37 +02:00
Carlos Antonio da Silva
0a3181f42b Fix docs about after_sign_in_path_for and routes 2010-07-13 22:21:57 -03:00
Carlos Antonio da Silva
cb990f2d28 Get rid of some deprecation warnings and update Changelog 2010-07-07 00:10:28 -03:00
Carlos Antonio da Silva
fdb0cf11bb Refactor redirect path to its own method in Devise failure, allow overriding in custom failure apps 2010-07-06 23:59:44 -03:00
Carlos Antonio da Silva
49db713b8f Adding a small note about security and issues 2010-07-05 14:27:54 -03:00
José Valim
1741a79114 Release Devise 1.0.8 with a few fixes and latest mongomapper support. 2010-06-23 12:20:50 +02:00
Iván Valdés (@ivanvc)
a41025e421 Fixed MongoMapper adapter in order to get it working with versions >= 0.8.0 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-23 11:18:14 +02:00
Luke Cunningham
73e5d848c1 updated Document and EmbeddedDocument hooks to fix issue with MongoMapper v0.8 2010-06-17 18:48:24 +08:00
Maxim Filatov
ca512267c5 anybody_signed_in? added to helper methods 2010-06-12 19:22:59 +08:00
SSDany
55a47128bf anybody_signed_in? helper 2010-06-12 19:22:58 +08:00
Mike Breen
0609a5e192 :authenticatable as module is deprecated so the model generator should use :database_authenticatable 2010-05-26 03:42:44 +08:00
Paul Rosania
201cfa9824 Automatically create the confirmation_token when email is sent for optionally confirmable models 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-05-16 14:55:50 +02:00
Paul Rosania
d853c376d4 Mark confirmable roles as active when confirmation_required? is false 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-05-16 14:55:49 +02:00
José Valim
18f6e06963 Update README. 2010-05-03 13:59:21 +02:00
José Valim
c38b2f69d0 Release devise 1.0.7 with small fixes. 2010-05-03 13:56:25 +02:00
José Valim
c29b6ca4ea Confirmable is not default anymore. This provides a better bootstrap experience. 2010-05-03 00:10:21 +02:00
Ryan Booker
e666fae249 Fix grammar in notice, closes #229 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-04-25 09:57:05 +02:00
José Valim
ad730da580 Include model_session helpers in view, closes #227 2010-04-25 09:56:09 +02:00
José Valim
1a9092c61b Ensure password confirmation is always required, closes #228 2010-04-25 09:55:11 +02:00
José Valim
234af4b14a Help avoid common pitfalls. 2010-04-13 00:15:30 -07:00
José Valim
f69bc53f04 Authenticatable => DatabaseAuthenticatable. 2010-04-12 04:50:49 -07:00
José Valim
681f816074 Backport small updates done in master. 2010-04-11 08:05:21 +02:00
José Valim
6915e6226a Update instructions on README. 2010-04-04 04:41:56 -07:00
José Valim
1865298074 Release Devise 1.0.6. 2010-04-03 13:25:06 +02:00
José Valim
1e4394e361 Update generated migration. 2010-04-02 20:37:54 +02:00
postmodern
b033c8e938 Expend the length of the encrypted_password field to 128 to allow storing BCrypt or SHA512 passwords. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-04-02 20:36:32 +02:00
José Valim
f7d134ba9d Tidy up previous commit. 2010-04-02 20:29:42 +02:00
Nat Budin
0bc15286b4 Pass back the custom response, if the winning strategy uses the custom\! method 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-04-02 20:28:26 +02:00
José Valim
b425c701e0 Update warden dependency. 2010-04-01 19:27:04 +02:00
José Valim
c18d8e50d3 Backport database_authenticatable change,. 2010-04-01 12:16:43 +02:00
José Valim
52f729e74f Bug fixes on unlockable. 2010-03-28 23:14:36 +02:00
José Valim
bb026205cb Do not force halt on authenticatable. This allows other strategies (like devise_imapable or even devise_facebook_connectable) to hook into sessions controller as well. 
Those strategies should follow the same convention, allowing them to be cascated.
 2010-03-28 14:57:32 +02:00
Josh Kalderimis
e80b46b68f removed duplicated method 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-03-28 07:26:22 +02:00
José Valim
ce3926fea4 Bump tiny. 2010-03-26 13:04:05 +01:00
José Valim
e2793fc69e sign_in_count shoud default to zero. 2010-03-26 12:57:36 +01:00
Carlos Antonio da Silva
867e896bc8 Merge branch 'v1.0' of github.com:plataformatec/devise into v1.0 2010-03-26 08:45:49 -03:00
José Valim
053c6f1a3a Move password_required? to authenticatable. This allow you to reuse it when building your own validations. 2010-03-26 12:19:15 +01:00
Carlos Antonio da Silva
a73fead23e Merge branch 'v1.0' of github.com:plataformatec/devise into v1.0 2010-03-26 08:19:10 -03:00
Carlos Antonio da Silva
42eb89b909 Use prepend_before_filter in require_no_authentication. 
We need to be sure require_no_authentication runs before other user filters that may call some Devise helper (ie current_xxx).
 2010-03-26 08:14:58 -03:00
José Valim
913444059c Allow devise to work with association proxies. 2010-03-26 10:26:38 +01:00
Josh Kalderimis
b305b7f357 changed add_module to add modules to the bottom of ALL, also added test to confirm order in ALL is being adhered to 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-03-26 09:32:25 +01:00
José Valim
06d43525d6 Require no authentication on unlockable. 2010-03-25 16:28:36 -03:00
Josh Kalderimis
6d08646ddc added routes option to add_module so route view helpers are created 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-03-25 09:05:13 +01:00
José Valim
1bee9fbef9 Clean up lockable and class methods API. 2010-03-10 16:18:28 +01:00
José Valim
5a4b797265 Remove deprecated behavior. 2010-03-04 08:20:51 +01:00
José Valim
d36e1012f8 Release 1.0.4 with a couple bug fixes. 2010-03-03 12:24:29 +01:00
Lucas de Castro
5d187ff278 Fixing session controllers when within namespaces 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-03-03 12:16:24 +01:00
Cyril Mougel
a0220243c3 fix spec failed with mongo_mapper DEVISE_ORM 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-25 08:44:08 +01:00
José Valim
4c10f86e74 Do not forget frozen records. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-25 08:35:07 +01:00
Lucas Uyezu
cf66e935a9 SQLite requries a default value when the column is NOT NULL 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-25 08:34:47 +01:00
José Valim
fbe485f3df Update warden which fixes a security issue. 2010-02-23 19:52:53 +01:00
José Valim
545462e964 Bump to 1.0.3. 2010-02-23 15:45:07 +01:00
José Valim
42df192df8 Do not remove options from MongoMapper find. 2010-02-23 15:41:52 +01:00
Andre Arko
7f451ed9cc Add rails/init.rb to the gemspec 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-19 18:06:38 +01:00
Daniel Jagszent
27fe3023ae renamed init.rb -> rails/init.rb. So that rails can find and initalize the GemPlugin even without a config.gem "devise" line in environment.rb (for using with bundler) 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-19 17:10:03 +01:00
Paul Campbell
41d416a18e add paragraphs to html emails 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-19 10:18:00 +01:00
José Valim
c36cd84c31 Returns the proper response body based on the rquest for 401. 2010-02-18 19:52:37 +01:00
José Valim
fd96335d05 Autoload Devise::Models. 2010-02-18 07:22:26 +01:00
José Valim
23568bda82 Bump to 1.0.2. 2010-02-17 21:30:54 +01:00
José Valim
ee7f5270fc Uses the same content type as request on http authenticatable 401 responses 2010-02-17 21:25:31 +01:00
José Valim
f294700723 Update test files. 2010-02-17 21:15:11 +01:00
Glenn Roberts
c86ce298dc add content type test, update config doc 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-17 21:13:27 +01:00
Glenn Roberts
b0ff0d46dd add content_type config parameter 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-17 21:13:16 +01:00
José Valim
187ef5c452 Update README. 2010-02-17 13:56:00 +01:00
144 changed files with 1981 additions and 1409 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -5,4 +5,3 @@ coverage/*
*.sqlite3
rdoc/*
pkg
log

78
CHANGELOG.rdoc
View File

@@ -1,13 +1,78 @@
== 1.1.pre
== 1.0.11
* bug fix
* Make sure xhr requests do not store urls for redirect
* Squeeze break lines from cookies to avoid duplicated break lines
== 1.0.10
* bug fix
* Use secure compare when comparing passwords
* Improve email regexp
* Implement handle_unverified_request for Rails 2.3.11
== 1.0.9
* enhancements
* Rails 3 compatibility.
* All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions".
* You can specify the controller in routes and have specific controllers for each role.
* Extracted redirect path from Devise failure app to a new method, allowing override in custom failure apps
* Added sign_out_via
* bug fix
* Email is now case insensitive
* Avoid session fixation attacks
== 1.0.8
* enhancements
* Support for latest MongoMapper
* Added anybody_signed_in? helper (by github.com/SSDany)
* bug fix
* confirmation_required? is properly honored on active? calls. (by github.com/paulrosania)
== 1.0.7
* bug fix
* Ensure password confirmation is always required
* deprecations
* Rails 3 compatible only.
* Scoped views are no longer "sessions/users/new". Now use "users/sessions/new".
* authenticatable was deprecated and renamed to database_authenticatable
* confirmable is not included by default on generation
== 1.0.6
* bug fix
* Do not allow unlockable strategies based on time to access a controller.
* Do not send unlockable email several times.
* Allow controller to upstram custom! failures to Warden.
== 1.0.5
* bug fix
* Use prepend_before_filter in require_no_authentication.
* require_no_authentication on unlockable.
* Fix a bug when giving an association proxy to devise.
* Do not use lock! on lockable since it's part of ActiveRecord API.
== 1.0.4
* bug fix
* Fixed a bug when deleting an account with rememberable
* Fixed a bug with custom controllers
== 1.0.3
* enhancements
* HTML e-mails now have proper formatting
* Do not remove MongoMapper options in find
== 1.0.2
* enhancements
* Allows you set mailer content type (by github.com/glennr)
* bug fix
* Uses the same content type as request on http authenticatable 401 responses
== 1.0.1
@@ -28,6 +93,7 @@
* Added Http Basic Authentication support
* Allow scoped_views to be customized per controller/mailer class
* [#99] Allow authenticatable to used in change_table statements
* Add mailer_content_type configuration parameter (by github.com/glennr)
== 0.9.2

18
Gemfile
View File

@@ -1,18 +0,0 @@
source "http://gemcutter.org"
gem "rails", "3.0.0.beta"
gem "warden", "0.9.3"
gem "sqlite3-ruby", :require => "sqlite3"
gem "webrat", "0.7"
gem "mocha", :require => false
gem "bcrypt-ruby", :require => "bcrypt"
if RUBY_VERSION < '1.9'
gem "ruby-debug", ">= 0.10.3"
end
group :mongo_mapper do
gem "mongo", "0.18.3"
gem "mongo_ext", "0.18.3", :require => false
gem "mongo_mapper", "0.7.0"
end

99
README.rdoc
View File

@@ -9,7 +9,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
Right now it's composed of 12 modules:
* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
* Database Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
* Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
* HttpAuthenticatable: sign in users using basic HTTP authentication.
* Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
@@ -30,32 +30,30 @@ Devise is based on Warden (http://github.com/hassox/warden), a Rack Authenticati
== Installation
Devise master branch now supports Rails 3 and is NOT backward compatible. You can install it as:
Install warden gem if you don't have it installed:
sudo gem install devise --version=1.1.pre
gem install warden
After installing them, you need configure warden and devise gems inside your gemfile:
Install devise gem:
gem 'warden'
gem 'devise'
gem install devise --version=1.0.10
And run the generator:
Configure warden and devise gems inside your app:
rails generate devise_install
config.gem 'warden'
config.gem 'devise'
And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and at the documentation as well:
Run the generator:
ruby script/generate devise_install
And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and the documentation as well:
http://rdoc.info/projects/plataformatec/devise
== Rails 2.3
If you want to use Devise with bundler on Rails 2.3, you need to follow the instructions here:
If you want to use the Rails 2.3.x version, you should do:
sudo gem install devise --version=1.0.1
Or checkout from the v1.0 branch:
http://github.com/plataformatec/devise/tree/v1.0
http://github.com/carlhuda/bundler/issues/issue/83
== Basic Usage
@@ -66,13 +64,13 @@ Devise must be set up within the model (or models) you want to use, and devise r
We're assuming here you want a User model with some modules, as outlined below:
class User < ActiveRecord::Base
devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
devise :database_authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
end
After you choose which modules to use, you need to setup your migrations. Luckily, devise has some helpers to save you from this boring work:
create_table :users do |t|
t.authenticatable
t.database_authenticatable
t.confirmable
t.recoverable
t.rememberable
@@ -84,13 +82,13 @@ Remember that Devise don't rely on _attr_accessible_ or _attr_protected_ inside
The next setup after setting up your model is to configure your routes. You do this by opening up your config/routes.rb and adding:
devise_for :users
map.devise_for :users
This is going to look inside you User model and create a set of needed routes (you can see them by running `rake routes`).
There are also some options available for configuring your routes, as :class_name (to set the class for that route), :path_prefix, :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
map.devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock' }
Be sure to check devise_for documentation for detailed description.
@@ -116,7 +114,7 @@ You have also access to the session for this scope:
After signing in a user, confirming it's account or updating it's password, devise will look for a scoped root path to redirect. Example: For a :user resource, it will use user_root_path if it exists, otherwise default root_path will be used. This means that you need to set the root inside your routes:
root :to => "home"
map.root :controller => 'home'
You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize better your redirect hooks.
@@ -130,16 +128,16 @@ Devise let's you setup as many roles as you want, so let's say you already have
# Create a migration with the required fields
create_table :admins do |t|
t.authenticatable
t.database_authenticatable
t.lockable
t.trackable
end
# Inside your Admin model
devise :authenticatable, :trackable, :timeoutable, :lockable
devise :database_authenticatable, :trackable, :timeoutable, :lockable
# Inside your routes
devise_for :admin
map.devise_for :admin
# Inside your protected controller
before_filter :authenticate_admin!
@@ -153,48 +151,33 @@ Devise let's you setup as many roles as you want, so let's say you already have
Devise comes with some generators to help you start:
rails generate devise_install
ruby script/generate devise_install
This will generate an initializer, with a description of all configuration values. You can also generate models through:
rails generate devise Model
ruby script/generate devise Model
A model configured with all devise modules and attr_accessible for default fields will be created. The generator will also create the migration and configure your routes for devise.
== Model configuration
The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in authenticatable simply doing:
The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in database_authenticatable:
devise :authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
devise :database_authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are described in the initializer created when you invoke the devise_install generator describer above.
Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are describer in the initializer created when you invoke the devise_install generator describer above.
== Configuring controllers and views
== Views
One of Devise goals is to help you bootstrap your application with authentication really fast. Another goal is to not be in your way when you need to customize it.
Since devise is an engine, it has all default views inside the gem. They are good to get you started, but you will want to customize them at some point. And Devise has a generator to make copy them all to your application:
Since devise is an engine, it has all default views inside the gem. They are good to get you started, but you will want to customize them at some point. And Devise has a generator to copy them all to your application:
ruby script/generate devise_views
rails generate devise_views
By default Devise will use the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb".
If you have more than one role in your application, you will notice that Devise uses the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb".
After doing so you will be able to have views based on the scope like 'sessions/users/new' and 'sessions/admin/new'. If no view is found within the scope, Devise will fallback to the default view.
After doing so you will be able to have views based on the scope like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will fallback to the default view at "devise/sessions/new".
Finally, if the customization at the views level is not enough, you can customize each controller by following these steps:
1) Create your custom controller, for example a Admins::SessionsController:
class Admins::SessionsController < Devise::SessionsController
end
2) Tell the router to use this controller:
devise_for :admins, :controllers => { :sessions = "admin/sessions" }
3) And finally, since we changed the controller, it won't use "devise/sessions" as views anymore, so remember to make a copy of "devise/sessions" to "admin/sessions".
Remember that Devise uses flash messages to let users know if sign in wass successful or not. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate.
Devise uses flash messages to let users know if their login is successful or not. Devise expects your application to call 'flash[:notice]' and 'flash[:alert]' as appropriate.
== I18n
@@ -257,6 +240,16 @@ Devise supports both ActiveRecord (default) and MongoMapper, and has experimenta
Please refer to TODO file.
== Security
Needless to say, security is extremely important to Devise. If you find yourself in a possible security issue with Devise, please go through the following steps, trying to reproduce the bug:
1) Look at the source code a bit to find out whether your assumptions are correct;
2) If possible, provide a way to reproduce the bug: a small app on Github or a step-by-step to reproduce;
3) E-mail us or send a Github private message instead of using the normal issues;
Being able to reproduce the bug is the first step to fix it. Thanks for your understanding.
== Maintainers
* José Valim (http://github.com/josevalim)
@@ -264,7 +257,9 @@ Please refer to TODO file.
== Contributors
We have a long running list of contributors. Check them in the CHANGELOG or do `git shortlog -s -n` in the cloned repository.
We have a long running list of contributors. Check them all here:
http://github.com/plataformatec/devise/contributors
== Bugs and Feedback

9
Rakefile
View File

@@ -37,18 +37,17 @@ begin
require 'jeweler'
Jeweler::Tasks.new do |s|
s.name = "devise"
s.version = Devise::VERSION
s.version = Devise::VERSION.dup
s.summary = "Flexible authentication solution for Rails with Warden"
s.email = "contact@plataformatec.com.br"
s.homepage = "http://github.com/plataformatec/devise"
s.description = "Flexible authentication solution for Rails with Warden"
s.authors = ['José Valim', 'Carlos Antônio']
s.files = FileList["[A-Z]*", "{app,config,lib}/**/*"]
s.extra_rdoc_files = FileList["[A-Z]*"] - %w(Gemfile Rakefile)
s.add_dependency("warden", "~> 0.9.3")
s.files = FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "rails/init.rb"]
s.add_dependency("warden", "~> 0.10.3")
end
Jeweler::GemcutterTasks.new
rescue LoadError
puts "Jeweler, or one of its dependencies, is not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
puts "Jeweler, or one of its dependencies, is not available. Install it with: gem install jeweler"
end

4
app/controllers/devise/confirmations_controller.rb → app/controllers/confirmations_controller.rb
View File

@@ -1,4 +1,4 @@
class Devise::ConfirmationsController < ApplicationController
class ConfirmationsController < ApplicationController
include Devise::Controllers::InternalHelpers
# GET /resource/confirmation/new
@@ -21,7 +21,7 @@ class Devise::ConfirmationsController < ApplicationController
# GET /resource/confirmation?confirmation_token=abcdef
def show
self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
self.resource = resource_class.confirm_by_token(params[:confirmation_token])
if resource.errors.empty?
set_flash_message :notice, :confirmed

15
app/controllers/devise/passwords_controller.rb → app/controllers/passwords_controller.rb
View File

@@ -1,8 +1,7 @@
class Devise::PasswordsController < ApplicationController
class PasswordsController < ApplicationController
prepend_before_filter :require_no_authentication
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication
# GET /resource/password/new
def new
build_resource
@@ -15,7 +14,7 @@ class Devise::PasswordsController < ApplicationController
if resource.errors.empty?
set_flash_message :notice, :send_instructions
redirect_to new_session_path(resource_name)
redirect_to after_sending_reset_password_instructions_path_for(resource_name)
else
render_with_scope :new
end
@@ -30,7 +29,7 @@ class Devise::PasswordsController < ApplicationController
# PUT /resource/password
def update
self.resource = resource_class.reset_password!(params[resource_name])
self.resource = resource_class.reset_password_by_token(params[resource_name])
if resource.errors.empty?
set_flash_message :notice, :updated
@@ -39,4 +38,10 @@ class Devise::PasswordsController < ApplicationController
render_with_scope :edit
end
end
protected
def after_sending_reset_password_instructions_path_for(resource_name)
new_session_path(resource_name)
end
end

18
app/controllers/devise/registrations_controller.rb → app/controllers/registrations_controller.rb
View File

@@ -1,21 +1,19 @@
class Devise::RegistrationsController < ApplicationController
class RegistrationsController < ApplicationController
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication, :only => [ :new, :create ]
before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
# GET /resource/sign_in
# GET /resource/sign_up
def new
build_resource
render_with_scope :new
end
# POST /resource/sign_up
# POST /resource
def create
build_resource
if resource.save
flash[:"#{resource_name}_signed_up"] = true
set_flash_message :notice, :signed_up
sign_in_and_redirect(resource_name, resource)
else
@@ -34,8 +32,6 @@ class Devise::RegistrationsController < ApplicationController
set_flash_message :notice, :updated
redirect_to after_sign_in_path_for(self.resource)
else
build_resource
send(:"current_#{resource_name}").reload
render_with_scope :edit
end
end
@@ -52,6 +48,6 @@ class Devise::RegistrationsController < ApplicationController
# Authenticates the current scope and dup the resource
def authenticate_scope!
send(:"authenticate_#{resource_name}!")
self.resource = send(:"current_#{resource_name}")
self.resource = send(:"current_#{resource_name}").dup
end
end
end

19
app/controllers/devise/sessions_controller.rb → app/controllers/sessions_controller.rb
View File

@@ -1,11 +1,10 @@
class Devise::SessionsController < ApplicationController
class SessionsController < ApplicationController
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
include Devise::Controllers::InternalHelpers
before_filter :require_no_authentication, :only => [ :new, :create ]
# GET /resource/sign_in
def new
unless resource_just_signed_up?
unless flash[:notice].present?
Devise::FLASH_MESSAGES.each do |message|
set_now_flash_message :alert, message if params.try(:[], message) == "true"
end
@@ -20,6 +19,8 @@ class Devise::SessionsController < ApplicationController
if resource = authenticate(resource_name)
set_flash_message :notice, :signed_in
sign_in_and_redirect(resource_name, resource, true)
elsif [:custom, :redirect].include?(warden.result)
throw :warden, :scope => resource_name
else
set_now_flash_message :alert, (warden.message || :invalid)
clean_up_passwords(build_resource)
@@ -35,11 +36,7 @@ class Devise::SessionsController < ApplicationController
protected
def resource_just_signed_up?
flash[:"#{resource_name}_signed_up"]
end
def clean_up_passwords(object)
object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
end
def clean_up_passwords(object)
object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
end
end

12
app/controllers/devise/unlocks_controller.rb → app/controllers/unlocks_controller.rb
View File

@@ -1,4 +1,6 @@
class Devise::UnlocksController < ApplicationController
class UnlocksController < ApplicationController
prepend_before_filter :ensure_email_as_unlock_strategy
prepend_before_filter :require_no_authentication
include Devise::Controllers::InternalHelpers
# GET /resource/unlock/new
@@ -21,7 +23,7 @@ class Devise::UnlocksController < ApplicationController
# GET /resource/unlock?unlock_token=abcdef
def show
self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
self.resource = resource_class.unlock_access_by_token(params[:unlock_token])
if resource.errors.empty?
set_flash_message :notice, :unlocked
@@ -30,4 +32,10 @@ class Devise::UnlocksController < ApplicationController
render_with_scope :new
end
end
protected
def ensure_email_as_unlock_strategy
raise ActionController::UnknownAction unless resource_class.unlock_strategy_enabled?(:email)
end
end

55
app/models/devise/mailer.rb
View File

@@ -1,55 +0,0 @@
class Devise::Mailer < ::ActionMailer::Base
include Devise::Controllers::ScopedViews
attr_reader :devise_mapping, :resource
def confirmation_instructions(record)
setup_mail(record, :confirmation_instructions)
end
def reset_password_instructions(record)
setup_mail(record, :reset_password_instructions)
end
def unlock_instructions(record)
setup_mail(record, :unlock_instructions)
end
private
# Configure default email options
def setup_mail(record, action)
@devise_mapping = Devise::Mapping.find_by_class(record.class)
raise "Invalid devise resource #{record}" unless @devise_mapping
@resource = instance_variable_set("@#{@devise_mapping.name}", record)
mail(:subject => translate(@devise_mapping, action),
:from => mailer_sender(@devise_mapping), :to => record.email) do |format|
format.html { render_with_scope(action, :controller => "mailer") }
end
end
def mailer_sender(mapping)
if Devise.mailer_sender.is_a?(Proc)
block_args = mapping.name if Devise.mailer_sender.arity > 0
Devise.mailer_sender.call(block_args)
else
Devise.mailer_sender
end
end
# Setup subject namespaced by model. It means you're able to setup your
# messages using specific resource scope, or provide a default one.
# Example (i18n locale file):
#
# en:
# devise:
# mailer:
# confirmation_instructions: '...'
# user:
# confirmation_instructions: '...'
def translate(mapping, key)
I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
end
end

68
app/models/devise_mailer.rb Normal file
View File

@@ -0,0 +1,68 @@
class DeviseMailer < ::ActionMailer::Base
extend Devise::Controllers::InternalHelpers::ScopedViews
# Deliver confirmation instructions when the user is created or its email is
# updated, and also when confirmation is manually requested
def confirmation_instructions(record)
setup_mail(record, :confirmation_instructions)
end
# Deliver reset password instructions when manually requested
def reset_password_instructions(record)
setup_mail(record, :reset_password_instructions)
end
def unlock_instructions(record)
setup_mail(record, :unlock_instructions)
end
private
# Configure default email options
def setup_mail(record, key)
scope_name = Devise::Mapping.find_scope!(record)
mapping = Devise.mappings[scope_name]
subject translate(mapping, key)
from mailer_sender(mapping)
recipients record.email
sent_on Time.now
content_type Devise.mailer_content_type
body render_with_scope(key, mapping, mapping.name => record, :resource => record)
end
def render_with_scope(key, mapping, assigns)
if self.class.scoped_views
begin
render :file => "devise_mailer/#{mapping.as}/#{key}", :body => assigns
rescue ActionView::MissingTemplate
render :file => "devise_mailer/#{key}", :body => assigns
end
else
render :file => "devise_mailer/#{key}", :body => assigns
end
end
def mailer_sender(mapping)
if Devise.mailer_sender.is_a?(Proc)
block_args = mapping.name if Devise.mailer_sender.arity > 0
Devise.mailer_sender.call(block_args)
else
Devise.mailer_sender
end
end
# Setup subject namespaced by model. It means you're able to setup your
# messages using specific resource scope, or provide a default one.
# Example (i18n locale file):
#
# en:
# devise:
# mailer:
# confirmation_instructions: '...'
# user:
# confirmation_instructions: '...'
def translate(mapping, key)
I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
end
end

2
app/views/devise/confirmations/new.html.erb → app/views/confirmations/new.html.erb
View File

@@ -9,4 +9,4 @@
<p><%= f.submit "Resend confirmation instructions" %></p>
<% end %>
<%= render :partial => "devise/shared/links" %>
<%= render :partial => "shared/devise_links" %>

5
app/views/devise/mailer/confirmation_instructions.html.erb
View File

@@ -1,5 +0,0 @@
Welcome <%= @resource.email %>!
You can confirm your account through the link below:
<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>

8
app/views/devise/mailer/reset_password_instructions.html.erb
View File

@@ -1,8 +0,0 @@
Hello <%= @resource.email %>!
Someone has requested a link to change your password, and you can do this through the link below.
<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>
If you didn't request this, please ignore this email.
Your password won't change until you access the link above and create a new one.

7
app/views/devise/mailer/unlock_instructions.html.erb
View File

@@ -1,7 +0,0 @@
Hello <%= @resource.email %>!
Your account has been locked due to an excessive amount of unsuccessful sign in attempts.
Click the link below to unlock your account:
<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %>

5
app/views/devise_mailer/confirmation_instructions.html.erb Normal file
View File

@@ -0,0 +1,5 @@
<p>Welcome <%= @resource.email %>!</p>
<p>You can confirm your account through the link below:</p>
<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>

8
app/views/devise_mailer/reset_password_instructions.html.erb Normal file
View File

@@ -0,0 +1,8 @@
<p>Hello <%= @resource.email %>!</p>
<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
<p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p>

7
app/views/devise_mailer/unlock_instructions.html.erb Normal file
View File

@@ -0,0 +1,7 @@
<p>Hello <%= @resource.email %>!</p>
<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
<p>Click the link below to unlock your account:</p>
<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>

2
app/views/devise/passwords/edit.html.erb → app/views/passwords/edit.html.erb
View File

@@ -13,4 +13,4 @@
<p><%= f.submit "Change my password" %></p>
<% end %>
<%= render :partial => "devise/shared/links" %>
<%= render :partial => "shared/devise_links" %>

2
app/views/devise/passwords/new.html.erb → app/views/passwords/new.html.erb
View File

@@ -9,4 +9,4 @@
<p><%= f.submit "Send me reset password instructions" %></p>
<% end %>
<%= render :partial => "devise/shared/links" %>
<%= render :partial => "shared/devise_links" %>

2
app/views/devise/registrations/edit.html.erb → app/views/registrations/edit.html.erb
View File

@@ -22,4 +22,4 @@
<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
<%= link_to "Back", :back %>
<%= render :partial => "shared/devise_links" %>

2
app/views/devise/registrations/new.html.erb → app/views/registrations/new.html.erb
View File

@@ -14,4 +14,4 @@
<p><%= f.submit "Sign up" %></p>
<% end -%>
<%= render :partial => "devise/shared/links" %>
<%= render :partial => "shared/devise_links" %>

2
app/views/devise/sessions/new.html.erb → app/views/sessions/new.html.erb
View File

@@ -14,4 +14,4 @@
<p><%= f.submit "Sign in" %></p>
<% end -%>
<%= render :partial => "devise/shared/links" %>
<%= render :partial => "shared/devise_links" %>

0
app/views/devise/shared/_links.erb → app/views/shared/_devise_links.erb
View File

2
app/views/devise/unlocks/new.html.erb → app/views/unlocks/new.html.erb
View File

@@ -9,4 +9,4 @@
<p><%= f.submit "Resend unlock instructions" %></p>
<% end %>
<%= render :partial => "devise/shared/links" %>
<%= render :partial => "shared/devise_links" %>

298
devise.gemspec
View File

@@ -1,182 +1,178 @@
# Generated by jeweler
# DO NOT EDIT THIS FILE DIRECTLY
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
# -*- encoding: utf-8 -*-
Gem::Specification.new do |s|
s.name = %q{devise}
s.version = "1.1.pre"
s.version = "1.0.11"
s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
s.date = %q{2010-02-17}
s.date = %q{2011-03-11}
s.description = %q{Flexible authentication solution for Rails with Warden}
s.email = %q{contact@plataformatec.com.br}
s.extra_rdoc_files = [
"CHANGELOG.rdoc",
"MIT-LICENSE",
"README.rdoc",
"TODO"
"README.rdoc",
"TODO"
]
s.files = [
"CHANGELOG.rdoc",
"Gemfile",
"MIT-LICENSE",
"README.rdoc",
"Rakefile",
"TODO",
"app/controllers/devise/confirmations_controller.rb",
"app/controllers/devise/passwords_controller.rb",
"app/controllers/devise/registrations_controller.rb",
"app/controllers/devise/sessions_controller.rb",
"app/controllers/devise/unlocks_controller.rb",
"app/models/devise/mailer.rb",
"app/views/devise/confirmations/new.html.erb",
"app/views/devise/mailer/confirmation_instructions.html.erb",
"app/views/devise/mailer/reset_password_instructions.html.erb",
"app/views/devise/mailer/unlock_instructions.html.erb",
"app/views/devise/passwords/edit.html.erb",
"app/views/devise/passwords/new.html.erb",
"app/views/devise/registrations/edit.html.erb",
"app/views/devise/registrations/new.html.erb",
"app/views/devise/sessions/new.html.erb",
"app/views/devise/shared/_links.erb",
"app/views/devise/unlocks/new.html.erb",
"config/locales/en.yml",
"lib/devise.rb",
"lib/devise/controllers/helpers.rb",
"lib/devise/controllers/internal_helpers.rb",
"lib/devise/controllers/scoped_views.rb",
"lib/devise/controllers/url_helpers.rb",
"lib/devise/encryptors/authlogic_sha512.rb",
"lib/devise/encryptors/base.rb",
"lib/devise/encryptors/bcrypt.rb",
"lib/devise/encryptors/clearance_sha1.rb",
"lib/devise/encryptors/restful_authentication_sha1.rb",
"lib/devise/encryptors/sha1.rb",
"lib/devise/encryptors/sha512.rb",
"lib/devise/failure_app.rb",
"lib/devise/hooks/activatable.rb",
"lib/devise/hooks/rememberable.rb",
"lib/devise/hooks/timeoutable.rb",
"lib/devise/hooks/trackable.rb",
"lib/devise/mapping.rb",
"lib/devise/models.rb",
"lib/devise/models/activatable.rb",
"lib/devise/models/authenticatable.rb",
"lib/devise/models/confirmable.rb",
"lib/devise/models/http_authenticatable.rb",
"lib/devise/models/lockable.rb",
"lib/devise/models/recoverable.rb",
"lib/devise/models/registerable.rb",
"lib/devise/models/rememberable.rb",
"lib/devise/models/timeoutable.rb",
"lib/devise/models/token_authenticatable.rb",
"lib/devise/models/trackable.rb",
"lib/devise/models/validatable.rb",
"lib/devise/orm/active_record.rb",
"lib/devise/orm/data_mapper.rb",
"lib/devise/orm/mongo_mapper.rb",
"lib/devise/rails.rb",
"lib/devise/rails/routes.rb",
"lib/devise/rails/warden_compat.rb",
"lib/devise/schema.rb",
"lib/devise/strategies/authenticatable.rb",
"lib/devise/strategies/base.rb",
"lib/devise/strategies/http_authenticatable.rb",
"lib/devise/strategies/rememberable.rb",
"lib/devise/strategies/token_authenticatable.rb",
"lib/devise/test_helpers.rb",
"lib/devise/version.rb",
"lib/generators/devise/devise_generator.rb",
"lib/generators/devise/templates/migration.rb",
"lib/generators/devise_install/devise_install_generator.rb",
"lib/generators/devise_install/templates/README",
"lib/generators/devise_install/templates/devise.rb",
"lib/generators/devise_views/devise_views_generator.rb"
"MIT-LICENSE",
"README.rdoc",
"Rakefile",
"TODO",
"app/controllers/confirmations_controller.rb",
"app/controllers/passwords_controller.rb",
"app/controllers/registrations_controller.rb",
"app/controllers/sessions_controller.rb",
"app/controllers/unlocks_controller.rb",
"app/models/devise_mailer.rb",
"app/views/confirmations/new.html.erb",
"app/views/devise_mailer/confirmation_instructions.html.erb",
"app/views/devise_mailer/reset_password_instructions.html.erb",
"app/views/devise_mailer/unlock_instructions.html.erb",
"app/views/passwords/edit.html.erb",
"app/views/passwords/new.html.erb",
"app/views/registrations/edit.html.erb",
"app/views/registrations/new.html.erb",
"app/views/sessions/new.html.erb",
"app/views/shared/_devise_links.erb",
"app/views/unlocks/new.html.erb",
"generators/devise/USAGE",
"generators/devise/devise_generator.rb",
"generators/devise/lib/route_devise.rb",
"generators/devise/templates/migration.rb",
"generators/devise/templates/model.rb",
"generators/devise_install/USAGE",
"generators/devise_install/devise_install_generator.rb",
"generators/devise_install/templates/README",
"generators/devise_install/templates/devise.rb",
"generators/devise_views/USAGE",
"generators/devise_views/devise_views_generator.rb",
"lib/devise.rb",
"lib/devise/controllers/helpers.rb",
"lib/devise/controllers/internal_helpers.rb",
"lib/devise/controllers/url_helpers.rb",
"lib/devise/encryptors/authlogic_sha512.rb",
"lib/devise/encryptors/base.rb",
"lib/devise/encryptors/bcrypt.rb",
"lib/devise/encryptors/clearance_sha1.rb",
"lib/devise/encryptors/restful_authentication_sha1.rb",
"lib/devise/encryptors/sha1.rb",
"lib/devise/encryptors/sha512.rb",
"lib/devise/failure_app.rb",
"lib/devise/hooks/activatable.rb",
"lib/devise/hooks/rememberable.rb",
"lib/devise/hooks/timeoutable.rb",
"lib/devise/hooks/trackable.rb",
"lib/devise/locales/en.yml",
"lib/devise/mapping.rb",
"lib/devise/models.rb",
"lib/devise/models/activatable.rb",
"lib/devise/models/confirmable.rb",
"lib/devise/models/database_authenticatable.rb",
"lib/devise/models/http_authenticatable.rb",
"lib/devise/models/lockable.rb",
"lib/devise/models/recoverable.rb",
"lib/devise/models/registerable.rb",
"lib/devise/models/rememberable.rb",
"lib/devise/models/timeoutable.rb",
"lib/devise/models/token_authenticatable.rb",
"lib/devise/models/trackable.rb",
"lib/devise/models/validatable.rb",
"lib/devise/orm/active_record.rb",
"lib/devise/orm/data_mapper.rb",
"lib/devise/orm/mongo_mapper.rb",
"lib/devise/rails.rb",
"lib/devise/rails/routes.rb",
"lib/devise/rails/warden_compat.rb",
"lib/devise/schema.rb",
"lib/devise/strategies/base.rb",
"lib/devise/strategies/database_authenticatable.rb",
"lib/devise/strategies/http_authenticatable.rb",
"lib/devise/strategies/rememberable.rb",
"lib/devise/strategies/token_authenticatable.rb",
"lib/devise/test_helpers.rb",
"lib/devise/version.rb",
"rails/init.rb"
]
s.homepage = %q{http://github.com/plataformatec/devise}
s.rdoc_options = ["--charset=UTF-8"]
s.require_paths = ["lib"]
s.rubygems_version = %q{1.3.5}
s.rubygems_version = %q{1.5.3}
s.summary = %q{Flexible authentication solution for Rails with Warden}
s.test_files = [
"test/controllers/helpers_test.rb",
"test/controllers/internal_helpers_test.rb",
"test/controllers/url_helpers_test.rb",
"test/devise_test.rb",
"test/encryptors_test.rb",
"test/failure_app_test.rb",
"test/integration/authenticatable_test.rb",
"test/integration/confirmable_test.rb",
"test/integration/http_authenticatable_test.rb",
"test/integration/lockable_test.rb",
"test/integration/recoverable_test.rb",
"test/integration/registerable_test.rb",
"test/integration/rememberable_test.rb",
"test/integration/timeoutable_test.rb",
"test/integration/token_authenticatable_test.rb",
"test/integration/trackable_test.rb",
"test/mailers/confirmation_instructions_test.rb",
"test/mailers/reset_password_instructions_test.rb",
"test/mailers/unlock_instructions_test.rb",
"test/mapping_test.rb",
"test/models/authenticatable_test.rb",
"test/models/confirmable_test.rb",
"test/models/http_authenticatable_test.rb",
"test/models/lockable_test.rb",
"test/models/recoverable_test.rb",
"test/models/rememberable_test.rb",
"test/models/timeoutable_test.rb",
"test/models/token_authenticatable_test.rb",
"test/models/trackable_test.rb",
"test/models/validatable_test.rb",
"test/models_test.rb",
"test/orm/active_record.rb",
"test/orm/mongo_mapper.rb",
"test/rails_app/app/active_record/admin.rb",
"test/rails_app/app/active_record/user.rb",
"test/rails_app/app/controllers/admins_controller.rb",
"test/rails_app/app/controllers/application_controller.rb",
"test/rails_app/app/controllers/home_controller.rb",
"test/rails_app/app/controllers/sessions_controller.rb",
"test/rails_app/app/controllers/users_controller.rb",
"test/rails_app/app/helpers/application_helper.rb",
"test/rails_app/app/mongo_mapper/admin.rb",
"test/rails_app/app/mongo_mapper/user.rb",
"test/rails_app/config/application.rb",
"test/rails_app/config/boot.rb",
"test/rails_app/config/environment.rb",
"test/rails_app/config/environments/development.rb",
"test/rails_app/config/environments/production.rb",
"test/rails_app/config/environments/test.rb",
"test/rails_app/config/initializers/backtrace_silencers.rb",
"test/rails_app/config/initializers/cookie_verification_secret.rb",
"test/rails_app/config/initializers/devise.rb",
"test/rails_app/config/initializers/inflections.rb",
"test/rails_app/config/initializers/session_store.rb",
"test/rails_app/config/routes.rb",
"test/routes_test.rb",
"test/support/assertions.rb",
"test/support/helpers.rb",
"test/support/integration.rb",
"test/support/test_silencer.rb",
"test/support/webrat/integrations/rails.rb",
"test/test_helper.rb",
"test/test_helpers_test.rb"
"test/controllers/internal_helpers_test.rb",
"test/controllers/url_helpers_test.rb",
"test/devise_test.rb",
"test/encryptors_test.rb",
"test/failure_app_test.rb",
"test/integration/authenticatable_test.rb",
"test/integration/confirmable_test.rb",
"test/integration/http_authenticatable_test.rb",
"test/integration/lockable_test.rb",
"test/integration/rack_middleware_test.rb",
"test/integration/recoverable_test.rb",
"test/integration/registerable_test.rb",
"test/integration/rememberable_test.rb",
"test/integration/timeoutable_test.rb",
"test/integration/token_authenticatable_test.rb",
"test/integration/trackable_test.rb",
"test/mailers/confirmation_instructions_test.rb",
"test/mailers/reset_password_instructions_test.rb",
"test/mailers/unlock_instructions_test.rb",
"test/mapping_test.rb",
"test/models/authenticatable_test.rb",
"test/models/confirmable_test.rb",
"test/models/lockable_test.rb",
"test/models/recoverable_test.rb",
"test/models/rememberable_test.rb",
"test/models/timeoutable_test.rb",
"test/models/token_authenticatable_test.rb",
"test/models/trackable_test.rb",
"test/models/validatable_test.rb",
"test/models_test.rb",
"test/orm/active_record.rb",
"test/orm/mongo_mapper.rb",
"test/rails_app/app/active_record/admin.rb",
"test/rails_app/app/active_record/user.rb",
"test/rails_app/app/controllers/admins_controller.rb",
"test/rails_app/app/controllers/application_controller.rb",
"test/rails_app/app/controllers/home_controller.rb",
"test/rails_app/app/controllers/users_controller.rb",
"test/rails_app/app/helpers/application_helper.rb",
"test/rails_app/app/mongo_mapper/admin.rb",
"test/rails_app/app/mongo_mapper/user.rb",
"test/rails_app/config/boot.rb",
"test/rails_app/config/environment.rb",
"test/rails_app/config/environments/development.rb",
"test/rails_app/config/environments/production.rb",
"test/rails_app/config/environments/test.rb",
"test/rails_app/config/initializers/devise.rb",
"test/rails_app/config/initializers/inflections.rb",
"test/rails_app/config/initializers/new_rails_defaults.rb",
"test/rails_app/config/initializers/session_store.rb",
"test/rails_app/config/routes.rb",
"test/routes_test.rb",
"test/support/assertions_helper.rb",
"test/support/integration_tests_helper.rb",
"test/support/test_silencer.rb",
"test/support/tests_helper.rb",
"test/test_helper.rb",
"test/test_helpers_test.rb"
]
if s.respond_to? :specification_version then
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
s.specification_version = 3
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
s.add_runtime_dependency(%q<warden>, ["~> 0.9.3"])
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
s.add_runtime_dependency(%q<warden>, ["~> 0.10.3"])
else
s.add_dependency(%q<warden>, ["~> 0.9.3"])
s.add_dependency(%q<warden>, ["~> 0.10.3"])
end
else
s.add_dependency(%q<warden>, ["~> 0.9.3"])
s.add_dependency(%q<warden>, ["~> 0.10.3"])
end
end

5
generators/devise/USAGE Normal file
View File

@@ -0,0 +1,5 @@
To create a devise resource user:
script/generate devise User
This will generate a model named User, a route map for devise called :users, and a migration file for table :users with all devise modules.

15
generators/devise/devise_generator.rb Normal file
View File

@@ -0,0 +1,15 @@
require File.expand_path(File.dirname(__FILE__) + "/lib/route_devise.rb")
class DeviseGenerator < Rails::Generator::NamedBase
def manifest
record do |m|
m.directory(File.join('app', 'models', class_path))
m.template 'model.rb', File.join('app', 'models', "#{file_path}.rb")
m.migration_template 'migration.rb', 'db/migrate', :migration_file_name => "devise_create_#{table_name}"
m.route_devise table_name
end
end
end

32
generators/devise/lib/route_devise.rb Normal file
View File

@@ -0,0 +1,32 @@
module Rails
module Generator
module Commands
class Create < Base
# Create devise route. Based on route_resources
def route_devise(*resources)
resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
sentinel = 'ActionController::Routing::Routes.draw do |map|'
logger.route "map.devise_for #{resource_list}"
unless options[:pretend]
gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
"#{match}\n map.devise_for #{resource_list}\n"
end
end
end
end
class Destroy < RewindBase
# Destroy devise route. Based on route_resources
def route_devise(*resources)
resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
look_for = "\n map.devise_for #{resource_list}\n"
logger.route "map.devise_for #{resource_list}"
gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
end
end
end
end
end

2
lib/generators/devise/templates/migration.rb → generators/devise/templates/migration.rb
View File

@@ -1,7 +1,7 @@
class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
def self.up
create_table(:<%= table_name %>) do |t|
t.authenticatable :encryptor => :sha1, :null => false
t.database_authenticatable :null => false
t.confirmable
t.recoverable
t.rememberable

9
generators/devise/templates/model.rb Normal file
View File

@@ -0,0 +1,9 @@
class <%= class_name %> < ActiveRecord::Base
# Include default devise modules. Others available are:
# :http_authenticatable, :token_authenticatable, :confirmable, :lockable, :timeoutable and :activatable
devise :registerable, :database_authenticatable, :recoverable,
:rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation
end

3
generators/devise_install/USAGE Normal file
View File

@@ -0,0 +1,3 @@
To copy a Devise initializer to your Rails App, with some configuration values, just do:
script/generate devise_install

15
generators/devise_install/devise_install_generator.rb Normal file
View File

@@ -0,0 +1,15 @@
class DeviseInstallGenerator < Rails::Generator::Base
def manifest
record do |m|
m.directory "config/initializers"
m.template "devise.rb", "config/initializers/devise.rb"
m.directory "config/locales"
m.file "../../../lib/devise/locales/en.yml", "config/locales/devise.en.yml"
m.readme "README"
end
end
end

7
lib/generators/devise_install/templates/README → generators/devise_install/templates/README
View File

@@ -1,4 +1,3 @@
===============================================================================
Some setup you must do manually if you haven't yet:
@@ -15,4 +14,10 @@ Some setup you must do manually if you haven't yet:
map.root :controller => 'home'
3. Ensure you have a default layout in app/views/layouts and it shows
flash messages. For example:
<p class="notice"><%= flash[:notice] %></p>
<p class="alert"><%= flash[:alert] %></p>
===============================================================================

3
lib/generators/devise_install/templates/devise.rb → generators/devise_install/templates/devise.rb
View File

@@ -3,6 +3,9 @@
Devise.setup do |config|
# Configure the e-mail address which will be shown in DeviseMailer.
config.mailer_sender = "please-change-me@config-initializers-devise.com"
# Configure the content type of DeviseMailer mails (defaults to text/html")
# config.mailer_content_type = "text/plain"
# ==> Configuration for :authenticatable
# Invoke `rake secret` and use the printed value to setup a pepper to generate

3
generators/devise_views/USAGE Normal file
View File

@@ -0,0 +1,3 @@
To copy all session, password, confirmation and mailer views from devise to your app just run the following command:
script/generate devise_views

21
generators/devise_views/devise_views_generator.rb Normal file
View File

@@ -0,0 +1,21 @@
class DeviseViewsGenerator < Rails::Generator::Base
def initialize(*args)
super
@source_root = options[:source] || File.join(spec.path, '..', '..')
end
def manifest
record do |m|
m.directory "app/views"
Dir[File.join(@source_root, "app", "views", "**/*.erb")].each do |file|
file = file.gsub(@source_root, "")[1..-1]
m.directory File.dirname(file)
m.file file, file
end
end
end
end

40
lib/devise.rb
View File

@@ -1,12 +1,12 @@
module Devise
autoload :FailureApp, 'devise/failure_app'
autoload :Models, 'devise/models'
autoload :Schema, 'devise/schema'
autoload :TestHelpers, 'devise/test_helpers'
module Controllers
autoload :Helpers, 'devise/controllers/helpers'
autoload :InternalHelpers, 'devise/controllers/internal_helpers'
autoload :ScopedViews, 'devise/controllers/scoped_views'
autoload :UrlHelpers, 'devise/controllers/url_helpers'
end
@@ -29,7 +29,7 @@ module Devise
ALL = []
# Authentication ones first
ALL.push :authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
ALL.push :database_authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
# Misc after
ALL.push :recoverable, :registerable, :validatable
@@ -42,7 +42,7 @@ module Devise
# Maps controller names to devise modules.
CONTROLLERS = {
:sessions => [:authenticatable, :token_authenticatable],
:sessions => [:database_authenticatable, :token_authenticatable],
:passwords => [:recoverable],
:confirmations => [:confirmable],
:registrations => [:registerable],
@@ -52,7 +52,7 @@ module Devise
# Routes for generating url helpers.
ROUTES = [:session, :password, :confirmation, :registration, :unlock]
STRATEGIES = [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable]
STRATEGIES = [:rememberable, :http_authenticatable, :token_authenticatable, :database_authenticatable]
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
@@ -72,6 +72,10 @@ module Devise
# Email regex used to validate email formats. Adapted from authlogic.
EMAIL_REGEX = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
# Custom domain for cookies. Not set by default
mattr_accessor :cookie_options
@@cookie_options = {}
# Used to encrypt password. Please generate one with rake secret.
mattr_accessor :pepper
@@pepper = nil
@@ -147,6 +151,10 @@ module Devise
mattr_accessor :mailer_sender
@@mailer_sender = nil
# Content Type of Devise e-mails.
mattr_accessor :mailer_content_type
@@mailer_content_type = 'text/html'
# Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
mattr_accessor :token_authentication_key
@@token_authentication_key = :auth_token
@@ -179,7 +187,9 @@ module Devise
# Configure default url options to be used within Devise and ActionController.
def default_url_options(&block)
Devise::Mapping.metaclass.send :define_method, :default_url_options, &block
who = Devise::Mapping.respond_to?(:singleton_class) ?
Devise::Mapping.singleton_class : Devise::Mapping.metaclass
who.send :define_method, :default_url_options, &block
end
# A method used internally to setup warden manager from the Rails initialize
@@ -204,6 +214,17 @@ module Devise
ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
end
# constant-time comparison algorithm to prevent timing attacks
def secure_compare(a, b)
return false unless a.present? && b.present?
return false unless a.bytesize == b.bytesize
l = a.unpack "C#{a.bytesize}"
res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
end
# Make Devise aware of an 3rd party Devise-module. For convenience.
#
# == Options:
@@ -214,6 +235,9 @@ module Devise
# Default is +nil+ (i.e. +false+).
# +controller+ - Symbol representing a name of an exisiting or custom *controller* for this module.
# Default is +nil+ (i.e. +false+).
# +route+ - Symbol representing the name of a *route* related to this module which a set of
# route view helpers should be created for.
# Default is +nil+ (i.e. +false+).
#
# == Examples:
#
@@ -222,7 +246,7 @@ module Devise
# Devise.add_module(:party_module, :model => 'party_module/model')
#
def add_module(module_name, options = {})
Devise::ALL.unshift module_name unless Devise::ALL.include?(module_name)
Devise::ALL << module_name unless Devise::ALL.include?(module_name)
Devise::STRATEGIES.unshift module_name if options[:strategy] && !Devise::STRATEGIES.include?(module_name)
if options[:controller]
@@ -231,6 +255,10 @@ module Devise
Devise::CONTROLLERS[controller].unshift module_name unless Devise::CONTROLLERS[controller].include?(module_name)
end
if options[:route]
Devise::ROUTES.unshift options[:route] unless Devise::ROUTES.include?(options[:route])
end
if options[:model]
Devise::Models.module_eval do
autoload :"#{module_name.to_s.classify}", options[:model]

59
lib/devise/controllers/helpers.rb
View File

@@ -2,16 +2,17 @@ module Devise
module Controllers
# Those helpers are convenience methods added to ApplicationController.
module Helpers
extend ActiveSupport::Concern
included do
helper_method :warden, :signed_in?, :devise_controller?,
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
def self.included(base)
base.class_eval do
helper_method :warden, :signed_in?, :devise_controller?, :anybody_signed_in?,
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?", :"#{m}_session"] }.flatten
# Use devise default_url_options. We have to declare it here to overwrite
# default definitions.
def default_url_options(options=nil)
Devise::Mapping.default_url_options
# Use devise default_url_options. We have to declare it here to overwrite
# default definitions.
def default_url_options(options=nil)
Devise::Mapping.default_url_options
end
end
end
@@ -47,6 +48,12 @@ module Devise
warden.authenticate?(:scope => scope)
end
# Check if the any scope is signed in session, without running
# authentication hooks.
def anybody_signed_in?
Devise.mappings.keys.any? { |scope| signed_in?(scope) }
end
# Sign in an user that already was authenticated. This helper is useful for logging
# users in after sign up.
#
@@ -59,6 +66,7 @@ module Devise
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
warden.set_user(resource, :scope => scope)
@_session = request.session # Recalculate session
end
# Sign out a given user or scope. This helper is useful for signing out an user
@@ -85,7 +93,8 @@ module Devise
#
def stored_location_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
session.delete(:"#{scope}.return_to")
key = "#{scope}.return_to"
session.delete(key) || session.delete(key.to_sym)
end
# The default url to be used after signing in. This is used by all Devise
@@ -98,13 +107,13 @@ module Devise
#
# map.user_root '/users', :controller => 'users' # creates user_root_path
#
# map.resources :users do |users|
# users.root # creates user_root_path
# map.namespace :user do |user|
# user.root :controller => 'users' # creates user_root_path
# end
#
#
# If none of these are defined, root_path is used. However, if this default
# is not enough, you can customize it, for example:
# If the resource root path is not defined, root_path is used. However,
# if this default is not enough, you can customize it, for example:
#
# def after_sign_in_path_for(resource)
# if resource.is_a?(User) && resource.can_publish?
@@ -116,7 +125,7 @@ module Devise
#
def after_sign_in_path_for(resource_or_scope)
scope = Devise::Mapping.find_scope!(resource_or_scope)
home_path = :"#{scope}_root_path"
home_path = "#{scope}_root_path"
respond_to?(home_path, true) ? send(home_path) : root_path
end
@@ -138,7 +147,11 @@ module Devise
def sign_in_and_redirect(resource_or_scope, resource=nil, skip=false)
scope = Devise::Mapping.find_scope!(resource_or_scope)
resource ||= resource_or_scope
sign_in(scope, resource) unless skip
if skip
@_session = request.session # Recalculate session
else
sign_in(scope, resource)
end
redirect_to stored_location_for(scope) || after_sign_in_path_for(resource)
end
@@ -150,6 +163,20 @@ module Devise
redirect_to after_sign_out_path_for(scope)
end
# Sign out all active users or scopes. This helper is useful for signing out all roles
# in one click. This signs out ALL scopes in warden.
def sign_out_all_scopes
Devise.mappings.keys.each { |s| warden.user(s) }
warden.raw_session.inspect
warden.logout
end
# Override Rails' handle unverified request to sign out all scopes.
def handle_unverified_request
sign_out_all_scopes
super # call the default behaviour which resets the session
end
# Define authentication filters and accessor helpers based on mappings.
# These filters should be used inside the controllers as before_filters,
# so you can control the scope of the user who should be signed in to
@@ -166,7 +193,7 @@ module Devise
# user_signed_in? # Checks whether there is an user signed in or not
# admin_signed_in? # Checks whether there is an admin signed in or not
# current_user # Current signed in user
# current_admin # Currend signed in admin
# current_admin # Current signed in admin
# user_session # Session data available only to the user scope
# admin_session # Session data available only to the admin scope
#

46
lib/devise/controllers/internal_helpers.rb
View File

@@ -4,18 +4,28 @@ module Devise
# included in ApplicationController since they all depend on the url being
# accessed.
module InternalHelpers #:nodoc:
extend ActiveSupport::Concern
include Devise::Controllers::ScopedViews
included do
helpers = [:resource, :scope_name, :resource_name,
:resource_class, :devise_mapping, :devise_controller?]
def self.included(base)
base.class_eval do
extend ScopedViews
unloadable
hide_action *helpers
helper_method *helpers
helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
hide_action :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
before_filter :is_devise_resource?
skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
prepend_before_filter :is_devise_resource?
end
end
module ScopedViews
def scoped_views
defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
end
def scoped_views=(value)
@scoped_views = value
end
end
# Gets the actual resource stored in the instance variable
@@ -62,7 +72,7 @@ module Devise
# Build a devise resource.
def build_resource
self.resource = resource_class.new(params[resource_name] || {})
self.resource ||= resource_class.new(params[resource_name] || {})
end
# Helper for use in before_filters where no authentication is required.
@@ -98,6 +108,22 @@ module Devise
set_flash_message(key, kind, true)
end
# Render a view for the specified scope. Turned off by default.
# Accepts just :controller as option.
def render_with_scope(action, options={})
controller_name = options.delete(:controller) || self.controller_name
if self.class.scoped_views
begin
render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
rescue ActionView::MissingTemplate
render action, :controller => controller_name
end
else
render action, :controller => controller_name
end
end
end
end
end

35
lib/devise/controllers/scoped_views.rb
View File

@@ -1,35 +0,0 @@
module Devise
module Controllers
module ScopedViews
extend ActiveSupport::Concern
module ClassMethods
def scoped_views
defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
end
def scoped_views=(value)
@scoped_views = value
end
end
protected
# Render a view for the specified scope. Turned off by default.
# Accepts just :controller as option.
def render_with_scope(action, options={})
controller_name = options.delete(:controller) || self.controller_name
if self.class.scoped_views
begin
render :template => "#{devise_mapping.as}/#{controller_name}/#{action}"
rescue ActionView::MissingTemplate
render :template => "#{controller_path}/#{action}"
end
else
render :template => "#{controller_path}/#{action}"
end
end
end
end
end

21
lib/devise/failure_app.rb
View File

@@ -22,12 +22,8 @@ module Devise
options = @env['warden.options']
scope = options[:scope]
redirect_path = if mapping = Devise.mappings[scope]
"#{mapping.parsed_path}/#{mapping.path_names[:sign_in]}"
else
"/#{default_url}"
end
query_string = query_string_for(options)
redirect_path = redirect_path_for(scope)
query_string = query_string_for(options)
store_location!(scope)
headers = {}
@@ -54,12 +50,23 @@ module Devise
Rack::Utils.build_query(params)
end
# Build the path based on current scope.
def redirect_path_for(scope)
if mapping = Devise.mappings[scope]
"#{mapping.parsed_path}/#{mapping.path_names[:sign_in]}"
else
"/#{default_url}"
end
end
# Stores requested uri to redirect the user after signing in. We cannot use
# scoped session provided by warden here, since the user is not authenticated
# yet, but we still need to store the uri based on scope, so different scopes
# would never use the same uri to redirect.
def store_location!(scope)
session[:"#{scope}.return_to"] = request.request_uri if request && request.get?
if request && request.get? && !request.xhr?
session[:"#{scope}.return_to"] = request.request_uri
end
end
end
end

17
lib/devise/hooks/rememberable.rb
View File

@@ -11,20 +11,25 @@ Warden::Manager.prepend_after_authentication do |record, warden, options|
warden.authenticated?(scope) && record.respond_to?(:remember_me!)
record.remember_me!
warden.response.set_cookie "remember_#{scope}_token", {
cookie_options = {
:value => record.class.serialize_into_cookie(record),
:expires => record.remember_expires_at,
:path => "/"
}
}.merge record.cookie_options
warden.response.set_cookie "remember_#{scope}_token", cookie_options
end
end
# Before logout hook to forget the user in the given scope, only if rememberable
# is activated for this scope. Also clear remember token to ensure the user
# won't be remembered again.
Warden::Manager.before_logout do |record, warden, scope|
# Notice that we forget the user if the record is frozen. This usually means the
# user was just deleted.
Warden::Manager.before_logout do |record, warden, options|
scope = options[:scope]
if record.respond_to?(:forget_me!)
record.forget_me!
warden.response.delete_cookie "remember_#{scope}_token"
record.forget_me! unless record.frozen?
warden.response.delete_cookie "remember_#{scope}_token", :path => "/"
end
end
end

2
lib/devise/hooks/trackable.rb
View File

@@ -13,6 +13,6 @@ Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
record.sign_in_count ||= 0
record.sign_in_count += 1
record.save(:validate => false)
record.save(false)
end
end

8
config/locales/en.yml → lib/devise/locales/en.yml
View File

@@ -1,10 +1,4 @@
en:
errors:
messages:
not_found: "not found"
already_confirmed: "was already confirmed"
not_locked: "was not locked"
devise:
sessions:
link: 'Sign in'
@@ -27,7 +21,7 @@ en:
confirmed: 'Your account was successfully confirmed. You are now signed in.'
registrations:
link: 'Sign up'
signed_up: 'You have signed up successfully.'
signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
updated: 'You updated your account successfully.'
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
unlocks:

35
lib/devise/mapping.rb
View File

@@ -22,7 +22,7 @@ module Devise
# # is the modules included in the class
#
class Mapping #:nodoc:
attr_reader :name, :as, :path_names, :path_prefix
attr_reader :name, :as, :path_names, :path_prefix, :route_options, :sign_out_via
# Loop through all mappings looking for a map that matches with the requested
# path (ie /users/sign_in). If a path prefix is given, it's taken into account.
@@ -34,26 +34,19 @@ module Devise
nil
end
# Find a mapping by a given class. It takes into account single table inheritance as well.
def self.find_by_class(klass)
Devise.mappings.each_value do |mapping|
return mapping if klass <= mapping.to
end
nil
end
# Receives an object and find a scope for it. If a scope cannot be found,
# raises an error. If a symbol is given, it's considered to be the scope.
def self.find_scope!(duck)
case duck
when String, Symbol
duck
return duck
when Class
Devise.mappings.each_value { |m| return m.name if duck <= m.to }
else
klass = duck.is_a?(Class) ? duck : duck.class
mapping = Devise::Mapping.find_by_class(klass)
raise "Could not find a valid mapping for #{duck}" unless mapping
mapping.name
Devise.mappings.each_value { |m| return m.name if duck.is_a?(m.to) }
end
raise "Could not find a valid mapping for #{duck}"
end
# Default url options which can be used as prefix.
@@ -66,9 +59,13 @@ module Devise
@klass = (options.delete(:class_name) || name.to_s.classify).to_s
@name = (options.delete(:scope) || name.to_s.singularize).to_sym
@path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
@path_names = Hash.new { |h,k| h[k] = k.to_s }
@path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
@route_options = options || {}
@path_names = Hash.new { |h,k| h[k] = k.to_s }
@path_names.merge!(options.delete(:path_names) || {})
@sign_out_via = (options.delete(:sign_out_via) || :get)
end
# Return modules for the mapping.
@@ -101,13 +98,17 @@ module Devise
# Returns the parsed path taking into account the relative url root and raw path.
def parsed_path
returning (ActionController::Base.relative_url_root.to_s + raw_path) do |path|
(ActionController::Base.relative_url_root.to_s + raw_path).tap do |path|
self.class.default_url_options.each do |key, value|
path.gsub!(key.inspect, value.to_param)
end
end
end
def authenticatable?
@authenticatable ||= self.for.any? { |m| m.to_s =~ /authenticatable/ }
end
# Create magic predicates for verifying what module is activated by this map.
# Example:
#

24
lib/devise/models.rb
View File

@@ -1,7 +1,7 @@
module Devise
module Models
autoload :Activatable, 'devise/models/activatable'
autoload :Authenticatable, 'devise/models/authenticatable'
autoload :DatabaseAuthenticatable, 'devise/models/database_authenticatable'
autoload :Confirmable, 'devise/models/confirmable'
autoload :Lockable, 'devise/models/lockable'
autoload :Recoverable, 'devise/models/recoverable'
@@ -57,7 +57,12 @@ module Devise
#
def devise(*modules)
raise "You need to give at least one Devise module" if modules.empty?
options = modules.extract_options!
options = modules.extract_options!
if modules.delete(:authenticatable)
ActiveSupport::Deprecation.warn ":authenticatable as module is deprecated. Please give :database_authenticatable instead.", caller
modules << :database_authenticatable
end
@devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
@@ -89,13 +94,24 @@ module Devise
if value.present?
record.send(:"#{attribute}=", value)
else
error = :blank
error, skip_default = :blank, true
end
record.errors.add(attribute, error)
add_error_on(record, attribute, error, !skip_default)
end
record
end
# Wraps add error logic in a method that works for different frameworks.
def add_error_on(record, attribute, error, add_default=true)
options = add_default ? { :default => error.to_s.gsub("_", " ") } : {}
begin
record.errors.add(attribute, error, options)
rescue ArgumentError
record.errors.add(attribute, error.to_s.gsub("_", " "))
end
end
end
end

48
lib/devise/models/confirmable.rb
View File

@@ -29,12 +29,15 @@ module Devise
# User.find(1).send_confirmation_instructions # manually send instructions
# User.find(1).resend_confirmation! # generates a new token and resent it
module Confirmable
extend ActiveSupport::Concern
include Devise::Models::Activatable
included do
before_create :generate_confirmation_token, :if => :confirmation_required?
after_create :send_confirmation_instructions, :if => :confirmation_required?
def self.included(base)
base.class_eval do
extend ClassMethods
before_create :generate_confirmation_token, :if => :confirmation_required?
after_create :send_confirmation_instructions, :if => :confirmation_required?
end
end
# Confirm a user by setting it's confirmed_at to actual time. If the user
@@ -43,7 +46,7 @@ module Devise
unless_confirmed do
self.confirmation_token = nil
self.confirmed_at = Time.now
save(:validate => false)
save(false)
end
end
@@ -54,18 +57,13 @@ module Devise
# Send confirmation instructions by email
def send_confirmation_instructions
::Devise::Mailer.confirmation_instructions(self).deliver
generate_confirmation_token! if self.confirmation_token.nil?
::DeviseMailer.deliver_confirmation_instructions(self)
end
# Remove confirmation date and send confirmation instructions, to ensure
# after sending these instructions the user won't be able to sign in without
# confirming it's account
def resend_confirmation!
unless_confirmed do
generate_confirmation_token
save(:validate => false)
send_confirmation_instructions
end
# Resend confirmation token. This method does not need to generate a new token.
def resend_confirmation_token
unless_confirmed { send_confirmation_instructions }
end
# Overwrites active? from Devise::Models::Activatable for confirmation
@@ -73,16 +71,12 @@ module Devise
# is already confirmed, it should never be blocked. Otherwise we need to
# calculate if the confirm time has not expired for this user.
def active?
super && (confirmed? || confirmation_period_valid?)
super && (!confirmation_required? || confirmed? || confirmation_period_valid?)
end
# The message to be shown if the account is inactive.
def inactive_message
if !confirmed?
:unconfirmed
else
super
end
!confirmed? ? :unconfirmed : super
end
# If you don't want confirmation to be sent on create, neither a code
@@ -128,7 +122,7 @@ module Devise
unless confirmed?
yield
else
self.errors.add(:email, :already_confirmed)
self.class.add_error_on(self, :email, :already_confirmed)
false
end
end
@@ -141,6 +135,10 @@ module Devise
self.confirmation_sent_at = Time.now.utc
end
def generate_confirmation_token!
generate_confirmation_token && save(false)
end
module ClassMethods
# Attempt to find a user by it's email. If a record is found, send new
# confirmation instructions to it. If not user is found, returns a new user
@@ -148,7 +146,7 @@ module Devise
# Options must contain the user email
def send_confirmation_instructions(attributes={})
confirmable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
confirmable.resend_confirmation! unless confirmable.new_record?
confirmable.resend_confirmation_token unless confirmable.new_record?
confirmable
end
@@ -156,8 +154,8 @@ module Devise
# If no user is found, returns a new user with an error.
# If the user is already confirmed, create an error for the user
# Options must have the confirmation_token
def confirm!(attributes={})
confirmable = find_or_initialize_with_error_by(:confirmation_token, attributes[:confirmation_token])
def confirm_by_token(confirmation_token)
confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token)
confirmable.confirm! unless confirmable.new_record?
confirmable
end

44
lib/devise/models/authenticatable.rb → lib/devise/models/database_authenticatable.rb
View File

@@ -1,4 +1,4 @@
require 'devise/strategies/authenticatable'
require 'devise/strategies/database_authenticatable'
module Devise
module Models
@@ -26,12 +26,20 @@ module Devise
# User.authenticate('email@test.com', 'password123') # returns authenticated user or nil
# User.find(1).valid_password?('password123') # returns true/false
#
module Authenticatable
extend ActiveSupport::Concern
module DatabaseAuthenticatable
def self.included(base)
base.class_eval do
extend ClassMethods
included do
attr_reader :password, :current_password
attr_accessor :password_confirmation
attr_reader :password, :current_password
attr_accessor :password_confirmation
end
end
# TODO Remove me in next release
def old_password
ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller
@old_password
end
# Regenerates password salt and encrypted password each time password is set,
@@ -47,13 +55,7 @@ module Devise
# Verifies whether an incoming_password (ie from sign in) is the user password.
def valid_password?(incoming_password)
password_digest(incoming_password) == self.encrypted_password
end
# Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
# is the user authentication token.
def valid_authentication_token?(incoming_auth_token)
incoming_auth_token == self.authentication_token
Devise.secure_compare(password_digest(incoming_password), self.encrypted_password)
end
# Checks if a resource is valid upon authentication.
@@ -72,13 +74,16 @@ module Devise
def update_with_password(params={})
current_password = params.delete(:current_password)
params.delete(:password) if params[:password].blank?
params.delete(:password_confirmation) if params[:password_confirmation].blank?
if params[:password].blank?
params.delete(:password)
params.delete(:password_confirmation) if params[:password_confirmation].blank?
end
result = if valid_password?(current_password)
update_attributes(params)
else
self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
message = current_password.blank? ? :blank : :invalid
self.class.add_error_on(self, :current_password, message, false)
self.attributes = params
false
end
@@ -89,6 +94,13 @@ module Devise
protected
# Checks whether a password is needed or not. For validations only.
# Passwords are always required if it's a new record, or if the password
# or confirmation are being set somewhere.
def password_required?
new_record? || !password.nil? || !password_confirmation.nil?
end
# Digests the password using the configured encryptor.
def password_digest(password)
self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)

10
lib/devise/models/http_authenticatable.rb
View File

@@ -3,12 +3,16 @@ require 'devise/strategies/http_authenticatable'
module Devise
module Models
# Adds HttpAuthenticatable behavior to your model. It expects that your
# model class responds to authenticate and authentication_keys methods
# (which for example are defined in authenticatable).
# model class responds to authenticate method
# (which for example is defined in authenticatable).
module HttpAuthenticatable
extend ActiveSupport::Concern
def self.included(base)
base.extend ClassMethods
end
module ClassMethods
Devise::Models.config(self, :authentication_keys)
# Authenticate an user using http.
def authenticate_with_http(username, password)
authenticate(authentication_keys.first => username, :password => password)

81
lib/devise/models/lockable.rb
View File

@@ -18,67 +18,62 @@ module Devise
# available when unlock_strategy is :time or :both.
#
module Lockable
extend ActiveSupport::Concern
include Devise::Models::Activatable
# Lock an user setting it's locked_at to actual time.
def lock
self.locked_at = Time.now
if unlock_strategy_enabled?(:email)
generate_unlock_token
send_unlock_instructions
def self.included(base)
base.class_eval do
extend ClassMethods
end
end
# Lock an user also saving the record.
def lock!
lock
save(:validate => false)
# Lock an user setting it's locked_at to actual time.
def lock_access!
return true if access_locked?
self.locked_at = Time.now
if self.class.unlock_strategy_enabled?(:email)
generate_unlock_token
send_unlock_instructions
end
save(false)
end
# Unlock an user by cleaning locket_at and failed_attempts.
def unlock!
if_locked do
def unlock_access!
if_access_locked do
self.locked_at = nil
self.failed_attempts = 0
self.unlock_token = nil
save(:validate => false)
save(false)
end
end
# Verifies whether a user is locked or not.
def locked?
def access_locked?
locked_at && !lock_expired?
end
# Send unlock instructions by email
def send_unlock_instructions
::Devise::Mailer.unlock_instructions(self).deliver
::DeviseMailer.deliver_unlock_instructions(self)
end
# Resend the unlock instructions if the user is locked.
def resend_unlock!
if_locked do
generate_unlock_token unless unlock_token.present?
save(:validate => false)
send_unlock_instructions
end
def resend_unlock_token
if_access_locked { send_unlock_instructions }
end
# Overwrites active? from Devise::Models::Activatable for locking purposes
# by verifying whether an user is active to sign in or not based on locked?
def active?
super && !locked?
super && !access_locked?
end
# Overwrites invalid_message from Devise::Models::Authenticatable to define
# the correct reason for blocking the sign in.
def inactive_message
if locked?
:locked
else
super
end
access_locked? ? :locked : super
end
# Overwrites valid_for_authentication? from Devise::Models::Authenticatable
@@ -89,9 +84,9 @@ module Devise
self.failed_attempts = 0
else
self.failed_attempts += 1
lock if failed_attempts > self.class.maximum_attempts
lock_access! if failed_attempts > self.class.maximum_attempts
end
save(:validate => false) if changed?
save(false) if changed?
result
end
@@ -104,7 +99,7 @@ module Devise
# Tells if the lock is expired if :time unlock strategy is active
def lock_expired?
if unlock_strategy_enabled?(:time)
if self.class.unlock_strategy_enabled?(:time)
locked_at && locked_at < self.class.unlock_in.ago
else
false
@@ -113,20 +108,15 @@ module Devise
# Checks whether the record is locked or not, yielding to the block
# if it's locked, otherwise adds an error to email.
def if_locked
if locked?
def if_access_locked
if access_locked?
yield
else
self.errors.add(:email, :not_locked)
self.class.add_error_on(self, :email, :not_locked)
false
end
end
# Is the unlock enabled for the given unlock strategy?
def unlock_strategy_enabled?(strategy)
[:both, strategy].include?(self.class.unlock_strategy)
end
module ClassMethods
# Attempt to find a user by it's email. If a record is found, send new
# unlock instructions to it. If not user is found, returns a new user
@@ -134,7 +124,7 @@ module Devise
# Options must contain the user email
def send_unlock_instructions(attributes={})
lockable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
lockable.resend_unlock! unless lockable.new_record?
lockable.resend_unlock_token unless lockable.new_record?
lockable
end
@@ -142,12 +132,17 @@ module Devise
# If no user is found, returns a new user with an error.
# If the user is not locked, creates an error for the user
# Options must have the unlock_token
def unlock!(attributes={})
lockable = find_or_initialize_with_error_by(:unlock_token, attributes[:unlock_token])
lockable.unlock! unless lockable.new_record?
def unlock_access_by_token(unlock_token)
lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token)
lockable.unlock_access! unless lockable.new_record?
lockable
end
# Is the unlock enabled for the given unlock strategy?
def unlock_strategy_enabled?(strategy)
[:both, strategy].include?(self.unlock_strategy)
end
Devise::Models.config(self, :maximum_attempts, :unlock_strategy, :unlock_in)
end
end

12
lib/devise/models/recoverable.rb
View File

@@ -14,7 +14,11 @@ module Devise
# # creates a new token and send it with instructions about how to reset the password
# User.find(1).send_reset_password_instructions
module Recoverable
extend ActiveSupport::Concern
def self.included(base)
base.class_eval do
extend ClassMethods
end
end
# Update password saving the record and clearing token. Returns true if
# the passwords are valid and the record was saved, false otherwise.
@@ -28,7 +32,7 @@ module Devise
# Resets reset password token and send reset password instructions by email
def send_reset_password_instructions
generate_reset_password_token!
::Devise::Mailer.reset_password_instructions(self).deliver
::DeviseMailer.deliver_reset_password_instructions(self)
end
protected
@@ -41,7 +45,7 @@ module Devise
# Resets the reset password token with and save the record without
# validating
def generate_reset_password_token!
generate_reset_password_token && save(:validate => false)
generate_reset_password_token && save(false)
end
# Removes reset_password token
@@ -65,7 +69,7 @@ module Devise
# try saving the record. If not user is found, returns a new user
# containing an error in reset_password_token attribute.
# Attributes must contain reset_password_token, password and confirmation
def reset_password!(attributes={})
def reset_password_by_token(attributes={})
recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token])
recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) unless recoverable.new_record?
recoverable

24
lib/devise/models/rememberable.rb
View File

@@ -19,6 +19,9 @@ module Devise
# time for the cookie created to remember the user.
# By default remember_for is 2.weeks.
#
# cookie_options: configuration options passed to the created cookie.
#
#
# Examples:
#
# User.find(1).remember_me! # regenerating the token
@@ -30,18 +33,21 @@ module Devise
# # lookup the user based on the incoming cookie information
# User.serialize_from_cookie(cookie_string)
module Rememberable
extend ActiveSupport::Concern
included do
# Remember me option available in after_authentication hook.
attr_accessor :remember_me
def self.included(base)
base.class_eval do
extend ClassMethods
# Remember me option available in after_authentication hook.
attr_accessor :remember_me
end
end
# Generate a new remember token and save the record without validations.
def remember_me!
self.remember_token = Devise.friendly_token
self.remember_created_at = Time.now.utc
save(:validate => false)
save(false)
end
# Removes the remember token only if it exists, and save the record
@@ -50,7 +56,7 @@ module Devise
if remember_token
self.remember_token = nil
self.remember_created_at = nil
save(:validate => false)
save(false)
end
end
@@ -69,6 +75,10 @@ module Devise
remember_created_at + self.class.remember_for
end
def cookie_options
self.class.cookie_options
end
module ClassMethods
# Create the cookie key using the record id and remember_token
def serialize_into_cookie(record)
@@ -82,7 +92,7 @@ module Devise
record if record.try(:valid_remember_token?, record_token)
end
Devise::Models.config(self, :remember_for)
Devise::Models.config(self, :remember_for, :cookie_options)
end
end
end

4
lib/devise/models/timeoutable.rb
View File

@@ -11,7 +11,9 @@ module Devise
#
# timeout_in: the time you want to timeout the user session without activity.
module Timeoutable
extend ActiveSupport::Concern
def self.included(base)
base.extend ClassMethods
end
# Checks whether the user session has expired based on configured time.
def timedout?(last_access)

9
lib/devise/models/token_authenticatable.rb
View File

@@ -18,10 +18,11 @@ module Devise
# User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB') # returns true/false
#
module TokenAuthenticatable
extend ActiveSupport::Concern
included do
before_save :ensure_authentication_token
def self.included(base)
base.class_eval do
extend ClassMethods
before_save :ensure_authentication_token
end
end
# Generate new authentication token (a.k.a. "single access token").

11
lib/devise/models/validatable.rb
View File

@@ -15,7 +15,7 @@ module Devise
base.class_eval do
validates_presence_of :email
validates_uniqueness_of :email, :scope => authentication_keys[1..-1], :allow_blank => true
validates_uniqueness_of :email, :scope => authentication_keys[1..-1], :case_sensitive => false, :allow_blank => true
validates_format_of :email, :with => EMAIL_REGEX, :allow_blank => true
with_options :if => :password_required? do |v|
@@ -34,15 +34,6 @@ module Devise
"to the following methods: #{unavailable_validations.to_sentence}."
end
end
protected
# Checks whether a password is needed or not. For validations only.
# Passwords are always required if it's a new record, or if the password
# or confirmation are being set somewhere.
def password_required?
new_record? || !password.nil? || !password_confirmation.nil?
end
end
end
end

33
lib/devise/orm/mongo_mapper.rb
View File

@@ -1,8 +1,19 @@
module Devise
module Orm
module MongoMapper
module InstanceMethods
def save(options={})
if options == false
super(:validate => false)
else
super
end
end
end
def self.included_modules_hook(klass)
klass.send :extend, self
klass.send :extend, self
klass.send :include, InstanceMethods
yield
klass.devise_modules.each do |mod|
@@ -11,14 +22,11 @@ module Devise
end
def find(*args)
options = args.extract_options!
case args.first
when :first
first(options)
when :all
all(options)
else
super
when :first, :all
send(args.shift, *args)
else
super
end
end
@@ -35,5 +43,10 @@ module Devise
end
end
MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
if MongoMapper::Version >= "0.8.0"
MongoMapper::Plugins::Document::ClassMethods.send(:include, Devise::Models)
MongoMapper::Plugins::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
else
MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
end

20
lib/devise/rails.rb
View File

@@ -1,16 +1,14 @@
require 'devise/rails/routes'
require 'devise/rails/warden_compat'
module Devise
class Engine < ::Rails::Engine
engine_name :devise
Rails.configuration.after_initialize do
require "devise/orm/#{Devise.orm}"
config.middleware.use Warden::Manager do |config|
Devise.configure_warden(config)
end
config.after_initialize do
require "devise/orm/#{Devise.orm}"
end
# Adds Warden Manager to Rails middleware stack, configuring default devise
# strategy and also the failure app.
Rails.configuration.middleware.use Warden::Manager do |config|
Devise.configure_warden(config)
end
end
I18n.load_path.unshift File.expand_path(File.join(File.dirname(__FILE__), 'locales', 'en.yml'))
end

234
lib/devise/rails/routes.rb
View File

@@ -1,10 +1,11 @@
module ActionDispatch::Routing
module ActionController::Routing
class RouteSet #:nodoc:
# Ensure Devise modules are included only after loading routes, because we
# need devise_for mappings already declared to create magic filters and
# helpers.
def finalize_with_devise!
finalize_without_devise!
def load_routes_with_devise!
load_routes_without_devise!
return if Devise.mappings.empty?
ActionController::Base.send :include, Devise::Controllers::Helpers
@@ -12,128 +13,121 @@ module ActionDispatch::Routing
ActionView::Base.send :include, Devise::Controllers::UrlHelpers
end
alias_method_chain :finalize!, :devise
end
alias_method_chain :load_routes!, :devise
class Mapper
# Includes devise_for method for routes. This method is responsible to
# generate all needed routes for devise, based on what modules you have
# defined in your model.
# Examples: Let's say you have an User model configured to use
# authenticatable, confirmable and recoverable modules. After creating this
# inside your routes:
#
# devise_for :users
#
# this method is going to look inside your User model and create the
# needed routes:
#
# # Session routes for Authenticatable (default)
# new_user_session GET /users/sign_in {:controller=>"sessions", :action=>"new"}
# user_session POST /users/sign_in {:controller=>"sessions", :action=>"create"}
# destroy_user_session GET /users/sign_out {:controller=>"sessions", :action=>"destroy"}
#
# # Password routes for Recoverable, if User model has :recoverable configured
# new_user_password GET /users/password/new(.:format) {:controller=>"passwords", :action=>"new"}
# edit_user_password GET /users/password/edit(.:format) {:controller=>"passwords", :action=>"edit"}
# user_password PUT /users/password(.:format) {:controller=>"passwords", :action=>"update"}
# POST /users/password(.:format) {:controller=>"passwords", :action=>"create"}
#
# # Confirmation routes for Confirmable, if User model has :confirmable configured
# new_user_confirmation GET /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
# user_confirmation GET /users/confirmation(.:format) {:controller=>"confirmations", :action=>"show"}
# POST /users/confirmation(.:format) {:controller=>"confirmations", :action=>"create"}
#
# You can configure your routes with some options:
#
# * :class_name => setup a different class to be looked up by devise,
# if it cannot be correctly find by the route name.
#
# devise_for :users, :class_name => 'Account'
#
# * :as => allows you to setup path name that will be used, as rails routes does.
# The following route configuration would setup your route as /accounts instead of /users:
#
# devise_for :users, :as => 'accounts'
#
# * :scope => setup the scope name. This is used as the instance variable name in controller,
# as the name in routes and the scope given to warden. Defaults to the singular of the given name:
#
# devise_for :users, :scope => :account
#
# * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
# :password, :confirmation, :unlock.
#
# devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
#
# * :path_prefix => the path prefix to be used in all routes.
#
# devise_for :users, :path_prefix => "/:locale"
#
# If you are using a dynamic prefix, like :locale above, you need to configure default_url_options through Devise.
# You can do that in config/initializers/devise.rb or setting a Devise.default_url_options:
#
# Devise.default_url_options do
# { :locale => I18n.locale }
# end
#
# * :controllers => the controller which should be used. All routes by default points to Devise controllers.
# However, if you want them to point to custom controller, you should do:
#
# devise_for :users, :controllers => { :sessions => "users/sessions" }
#
def devise_for(*resources)
options = resources.extract_options!
resources.map!(&:to_sym)
class Mapper #:doc:
# Includes devise_for method for routes. This method is responsible to
# generate all needed routes for devise, based on what modules you have
# defined in your model.
# Examples: Let's say you have an User model configured to use
# authenticatable, confirmable and recoverable modules. After creating this
# inside your routes:
#
# map.devise_for :users
#
# this method is going to look inside your User model and create the
# needed routes:
#
# # Session routes for Authenticatable (default)
# new_user_session GET /users/sign_in {:controller=>"sessions", :action=>"new"}
# user_session POST /users/sign_in {:controller=>"sessions", :action=>"create"}
# destroy_user_session GET /users/sign_out {:controller=>"sessions", :action=>"destroy"}
#
# # Password routes for Recoverable, if User model has :recoverable configured
# new_user_password GET /users/password/new(.:format) {:controller=>"passwords", :action=>"new"}
# edit_user_password GET /users/password/edit(.:format) {:controller=>"passwords", :action=>"edit"}
# user_password PUT /users/password(.:format) {:controller=>"passwords", :action=>"update"}
# POST /users/password(.:format) {:controller=>"passwords", :action=>"create"}
#
# # Confirmation routes for Confirmable, if User model has :confirmable configured
# new_user_confirmation GET /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
# user_confirmation GET /users/confirmation(.:format) {:controller=>"confirmations", :action=>"show"}
# POST /users/confirmation(.:format) {:controller=>"confirmations", :action=>"create"}
#
# You can configure your routes with some options:
#
# * :class_name => setup a different class to be looked up by devise, if it cannot be correctly find by the route name.
#
# map.devise_for :users, :class_name => 'Account'
#
# * :as => allows you to setup path name that will be used, as rails routes does. The following route configuration would setup your route as /accounts instead of /users:
#
# map.devise_for :users, :as => 'accounts'
#
# * :scope => setup the scope name. This is used as the instance variable name in controller, as the name in routes and the scope given to warden. Defaults to the singular of the given name:
#
# map.devise_for :users, :scope => :account
#
# * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :password and :confirmation.
#
# map.devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
#
# * :path_prefix => the path prefix to be used in all routes.
#
# map.devise_for :users, :path_prefix => "/:locale"
#
# * :sign_out_via => restirct the HTTP method(s) accepted for the :sign_out action (default: :get), possible values are :post, :get, :put, :delete and :any, e.g. if you wish to restrict this to accept only :delete requests you should do:
#
# map.devise_for :users, :sign_out_via => :delete
#
# You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
#
# Any other options will be passed to route definition. If you need conditions for your routes, just map:
#
# map.devise_for :users, :conditions => { :subdomain => /.+/ }
#
# If you are using a dynamic prefix, like :locale above, you need to configure default_url_options through Devise. You can do that in config/initializers/devise.rb or setting a Devise.default_url_options:
#
# Devise.default_url_options do
# { :locale => I18n.locale }
# end
#
def devise_for(*resources)
options = resources.extract_options!
controllers = Hash.new { |h,k| h[k] = "devise/#{k}" }
controllers.merge!(options.delete(:controllers) || {})
resources.map!(&:to_sym)
resources.each do |resource|
mapping = Devise::Mapping.new(resource, options.dup)
Devise.default_scope ||= mapping.name
Devise.mappings[mapping.name] = mapping
resources.each do |resource|
mapping = Devise::Mapping.new(resource, options.dup)
route_options = mapping.route_options.merge(:path_prefix => mapping.raw_path, :name_prefix => "#{mapping.name}_")
Devise.default_scope ||= mapping.name
Devise.mappings[mapping.name] = mapping
mapping.for.each do |mod|
send(mod, mapping, controllers) if self.respond_to?(mod, true)
with_options(route_options) do |routes|
mapping.for.each do |mod|
send(mod, routes, mapping) if self.respond_to?(mod, true)
end
end
end
end
protected
def database_authenticatable(routes, mapping)
routes.with_options(:controller => 'sessions', :name_prefix => nil) do |session|
session.send(:"new_#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'new', :conditions => { :method => :get })
session.send(:"#{mapping.name}_session", mapping.path_names[:sign_in], :action => 'create', :conditions => { :method => :post })
destroy_options = { :action => 'destroy' }
destroy_options.merge! :conditions => { :method => mapping.sign_out_via } unless mapping.sign_out_via == :any
session.send(:"destroy_#{mapping.name}_session", mapping.path_names[:sign_out], destroy_options)
end
end
def confirmable(routes, mapping)
routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
end
def lockable(routes, mapping)
routes.resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock]
end
def recoverable(routes, mapping)
routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
end
def registerable(routes, mapping)
routes.resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.raw_path[1..-1], :path_prefix => nil, :path_names => { :new => mapping.path_names[:sign_up] }
end
end
protected
def authenticatable(mapping, controllers)
scope mapping.raw_path do
get mapping.path_names[:sign_in], :to => "#{controllers[:sessions]}#new", :as => :"new_#{mapping.name}_session"
post mapping.path_names[:sign_in], :to => "#{controllers[:sessions]}#create", :as => :"#{mapping.name}_session"
get mapping.path_names[:sign_out], :to => "#{controllers[:sessions]}#destroy", :as => :"destroy_#{mapping.name}_session"
end
end
def recoverable(mapping, controllers)
scope mapping.raw_path, :name_prefix => mapping.name do
resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password], :controller => controllers[:passwords]
end
end
def confirmable(mapping, controllers)
scope mapping.raw_path, :name_prefix => mapping.name do
resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
end
end
def lockable(mapping, controllers)
scope mapping.raw_path, :name_prefix => mapping.name do
resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock], :controller => controllers[:unlocks]
end
end
def registerable(mapping, controllers)
scope :name_prefix => mapping.name do
resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.raw_path[1..-1],
:path_names => { :new => mapping.path_names[:sign_up] }, :controller => controllers[:registrations]
end
end
end
end
end

44
lib/devise/rails/warden_compat.rb
View File

@@ -1,6 +1,6 @@
module Warden::Mixins::Common
def request
@request ||= ActionDispatch::Request.new(env)
@request ||= env['action_controller.rescue.request']
end
def reset_session!
@@ -9,7 +9,7 @@ module Warden::Mixins::Common
end
def response
@response ||= env['action_controller.instance'].response
@response ||= env['action_controller.rescue.response']
end
end
@@ -22,4 +22,42 @@ class Warden::SessionSerializer
klass, id = keys
klass.find(:first, :conditions => { :id => id })
end
end
end
class ActionController::Request
def reset_session
session.destroy if session && session.respond_to?(:destroy)
self.session = {}
end
end
# Solve a bug in Rails where Set-Cookie is returning an array.
class Devise::CookieSanitizer
SET_COOKIE = "Set-Cookie".freeze
def initialize(app)
@app = app
end
def call(env)
response = @app.call(env)
headers = response[1]
cookies = headers[SET_COOKIE]
if cookies.respond_to?(:join)
headers[SET_COOKIE] = cookies.join("\n").squeeze("\n")
end
response
end
end
Rails.configuration.middleware.insert_after ActionController::Failsafe, Devise::CookieSanitizer
Warden::Manager.after_set_user :event => [:set_user, :authentication] do |record, warden, options|
if options[:scope] && warden.authenticated?(options[:scope])
request = warden.request
backup = request.session.to_hash
backup.delete(:session_id)
request.reset_session
request.session.update(backup)
end
end

34
lib/devise/schema.rb
View File

@@ -3,47 +3,55 @@ module Devise
# and overwrite the apply_schema method.
module Schema
def authenticatable(*args)
ActiveSupport::Deprecation.warn "t.authenticatable in migrations is deprecated. Please use t.database_authenticatable instead.", caller
database_authenticatable(*args)
end
# Creates email, encrypted_password and password_salt.
#
# == Options
# * :null - When true, allow columns to be null.
# * :encryptor - The encryptor going to be used, necessary for setting the proper encrypter password length.
def authenticatable(options={})
null = options[:null] || false
encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
def database_authenticatable(options={})
null = options[:null] || false
default = options[:default] || ""
apply_schema :email, String, :null => null
apply_schema :encrypted_password, String, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
apply_schema :password_salt, String, :null => null
if options.delete(:encryptor)
ActiveSupport::Deprecation.warn ":encryptor as option is deprecated, simply remove it."
end
apply_schema :email, String, :null => null, :default => default
apply_schema :encrypted_password, String, :null => null, :default => default, :limit => 128
apply_schema :password_salt, String, :null => null, :default => default
end
# Creates authentication_token.
def token_authenticatable
apply_schema :authentication_token, String, :limit => 20
apply_schema :authentication_token, String
end
# Creates confirmation_token, confirmed_at and confirmation_sent_at.
def confirmable
apply_schema :confirmation_token, String, :limit => 20
apply_schema :confirmation_token, String
apply_schema :confirmed_at, DateTime
apply_schema :confirmation_sent_at, DateTime
end
# Creates reset_password_token.
def recoverable
apply_schema :reset_password_token, String, :limit => 20
apply_schema :reset_password_token, String
end
# Creates remember_token and remember_created_at.
def rememberable
apply_schema :remember_token, String, :limit => 20
apply_schema :remember_token, String
apply_schema :remember_created_at, DateTime
end
# Creates sign_in_count, current_sign_in_at, last_sign_in_at,
# current_sign_in_ip, last_sign_in_ip.
def trackable
apply_schema :sign_in_count, Integer
apply_schema :sign_in_count, Integer, :default => 0
apply_schema :current_sign_in_at, DateTime
apply_schema :last_sign_in_at, DateTime
apply_schema :current_sign_in_ip, String
@@ -53,7 +61,7 @@ module Devise
# Creates failed_attempts, unlock_token and locked_at
def lockable
apply_schema :failed_attempts, Integer, :default => 0
apply_schema :unlock_token, String, :limit => 20
apply_schema :unlock_token, String
apply_schema :locked_at, DateTime
end

6
lib/devise/strategies/authenticatable.rb → lib/devise/strategies/database_authenticatable.rb
View File

@@ -4,7 +4,7 @@ module Devise
module Strategies
# Default strategy for signing in a user, based on his email and password.
# Redirects to sign_in page if it's not authenticated
class Authenticatable < Base
class DatabaseAuthenticatable < Base
def valid?
valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
end
@@ -16,7 +16,7 @@ module Devise
if resource = mapping.to.authenticate(params[scope])
success!(resource)
else
fail!(:invalid)
fail(:invalid)
end
end
@@ -33,4 +33,4 @@ module Devise
end
end
Warden::Strategies.add(:authenticatable, Devise::Strategies::Authenticatable)
Warden::Strategies.add(:database_authenticatable, Devise::Strategies::DatabaseAuthenticatable)

26
lib/devise/strategies/http_authenticatable.rb
View File

@@ -5,7 +5,7 @@ module Devise
# Sign in an user using HTTP authentication.
class HttpAuthenticatable < Base
def valid?
request.authorization && mapping.to.respond_to?(:authenticate_with_http)
http_authentication? && mapping.to.respond_to?(:authenticate_with_http)
end
def authenticate!
@@ -14,7 +14,7 @@ module Devise
if resource = mapping.to.authenticate_with_http(username, password)
success!(resource)
else
custom!([401, custom_headers, ["HTTP Basic: Access denied.\n"]])
custom!([401, custom_headers, [response_body]])
end
end
@@ -24,16 +24,34 @@ module Devise
decode_credentials(request).split(/:/, 2)
end
def response_body
body = "HTTP Basic: Access denied."
method = :"to_#{request_format.to_sym}"
{}.respond_to?(method) ? { :error => body }.send(method) : body
end
def http_authentication
request.env['HTTP_AUTHORIZATION'] ||
request.env['X-HTTP_AUTHORIZATION'] ||
request.env['X_HTTP_AUTHORIZATION'] ||
request.env['REDIRECT_X_HTTP_AUTHORIZATION']
end
alias :http_authentication? :http_authentication
def decode_credentials(request)
ActiveSupport::Base64.decode64(request.authorization.split(' ', 2).last || '')
ActiveSupport::Base64.decode64(http_authentication.split(' ', 2).last || '')
end
def custom_headers
{
"Content-Type" => "text/plain",
"Content-Type" => request_format.to_s,
"WWW-Authenticate" => %(Basic realm="#{Devise.http_authentication_realm.gsub(/"/, "")}")
}
end
def request_format
@request_format ||= Mime::Type.lookup_by_extension(request.template_format.to_s)
end
end
end
end

9
lib/devise/test_helpers.rb
View File

@@ -24,6 +24,10 @@ module Devise
catch_with_redirect { super }
end
def user(*args)
catch_with_redirect { super }
end
def catch_with_redirect(&block)
result = catch(:warden, &block)
@@ -45,7 +49,10 @@ module Devise
# We need to setup the environment variables and the response in the controller.
def setup_controller_for_warden #:nodoc:
@request.env['action_controller.instance'] = @controller
@request.env['action_controller.rescue.request'] = @request
@request.env['action_controller.rescue.response'] = @response
@request.env['rack.session'] = session
@controller.response = @response
end
# Quick access to Warden::Proxy.

2
lib/devise/version.rb
View File

@@ -1,3 +1,3 @@
module Devise
VERSION = "1.1.pre".freeze
VERSION = "1.0.11".freeze
end

57
lib/generators/devise/devise_generator.rb
View File

@@ -1,57 +0,0 @@
require 'rails/generators/migration'
class DeviseGenerator < Rails::Generators::NamedBase
include Rails::Generators::Migration
desc "Generates a model with the given NAME (if one does not exist) with devise " <<
"configuration plus a migration file and devise routes."
def self.source_root
@_devise_source_root ||= File.expand_path("../templates", __FILE__)
end
def self.orm_has_migration?
Rails::Generators.options[:rails][:orm] == :active_record
end
def self.next_migration_number(path)
Time.now.utc.strftime("%Y%m%d%H%M%S")
end
class_option :migration, :type => :boolean, :default => orm_has_migration?
def invoke_orm_model
if File.exists?(File.join(destination_root, model_path))
say "* Model already exists. Adding Devise behavior."
else
invoke "model", [name], :migration => false
end
end
def inject_devise_config_into_model
inject_into_class model_path, class_name, <<-CONTENT
# Include default devise modules. Others available are:
# :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
devise :registerable, :authenticatable, :confirmable, :recoverable,
:rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation
CONTENT
end
def copy_migration_template
return unless options.migration?
migration_template "migration.rb", "db/migrate/devise_create_#{table_name}"
end
def add_devise_routes
route "devise_for :#{table_name}"
end
protected
def model_path
@model_path ||= File.join("app", "models", "#{file_path}.rb")
end
end

25
lib/generators/devise_install/devise_install_generator.rb
View File

@@ -1,25 +0,0 @@
class DeviseInstallGenerator < Rails::Generators::Base
desc "Creates a Devise initializer and copy locale files to your application."
def self.source_root
@_devise_source_root ||= File.expand_path("../templates", __FILE__)
end
def copy_initializer
template "devise.rb", "config/initializers/devise.rb"
end
def copy_locale
copy_file "../../../../config/locales/en.yml", "config/locales/devise.en.yml"
end
def show_readme
readme "README"
end
protected
def readme(path)
say File.read(File.expand_path(path, self.class.source_root))
end
end

11
lib/generators/devise_views/devise_views_generator.rb
View File

@@ -1,11 +0,0 @@
class DeviseViewsGenerator < Rails::Generators::Base
desc "Copies all Devise views to your application."
def self.source_root
@_devise_source_root ||= File.expand_path("../../../../app/views", __FILE__)
end
def copy_views
directory "devise"
end
end

2
rails/init.rb Normal file
View File

@@ -0,0 +1,2 @@
# We need to load devise here to ensure routes extensions are loaded.
require 'devise'

24
test/controllers/helpers_test.rb
View File

@@ -11,29 +11,16 @@ class MockController < ApplicationController
def path
''
end
def index
end
def host_with_port
"test.host:3000"
end
def protocol
"http"
end
def symbolized_path_parameters
{}
end
end
class ControllerAuthenticableTest < ActionController::TestCase
tests MockController
def setup
@controller = MockController.new
@mock_warden = OpenStruct.new
@controller.env = { 'warden' => @mock_warden }
@controller.session = {}
end
test 'setup warden' do
@@ -49,6 +36,13 @@ class ControllerAuthenticableTest < ActionController::TestCase
@controller.signed_in?(:my_scope)
end
test 'proxy anybody_signed_in? to signed_in?' do
Devise.mappings.keys.each { |scope| # :user, :admin, :manager
@controller.expects(:signed_in?).with(scope)
}
@controller.anybody_signed_in?
end
test 'proxy current_admin to authenticate with admin scope' do
@mock_warden.expects(:authenticate).with(:scope => :admin)
@controller.current_admin

7
test/devise_test.rb
View File

@@ -25,7 +25,7 @@ class DeviseTest < ActiveSupport::TestCase
Devise.configure_warden(config)
assert_equal Devise::FailureApp, config.failure_app
assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable], config.default_strategies
assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :database_authenticatable], config.default_strategies
assert_equal :user, config.default_scope
assert config.silence_missing_strategies?
end
@@ -63,6 +63,11 @@ class DeviseTest < ActiveSupport::TestCase
Devise::ALL.delete(:kivi)
Devise::CONTROLLERS.delete(:fruits)
assert_nothing_raised(Exception) { Devise.add_module(:carrot, :route => :vegetable) }
assert_equal 1, Devise::ROUTES.select { |v| v == :vegetable }.size
Devise::ALL.delete(:carrot)
Devise::ROUTES.delete(:vegetable)
assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
assert defined?(Devise::Models::AuthenticatableAgain)
end

3
test/encryptors_test.rb
View File

@@ -1,4 +1,7 @@
gem 'bcrypt-ruby'
class Encryptors < ActiveSupport::TestCase
test 'should match a password created by authlogic' do
authlogic = "b623c3bc9c775b0eb8edb218a382453396fec4146422853e66ecc4b6bc32d7162ee42074dcb5f180a770dc38b5df15812f09bbf497a4a1b95fe5e7d2b8eb7eb4"
encryptor = Devise::Encryptors::AuthlogicSha512.digest('123mudar', 20, 'usZK_z_EAaF61Gwkw-ed', '')

7
test/failure_app_test.rb
View File

@@ -4,12 +4,7 @@ require 'ostruct'
class FailureTest < ActiveSupport::TestCase
def call_failure(env_params={})
env = {
'warden.options' => { :scope => :user },
'REQUEST_URI' => 'http://test.host/',
'REQUEST_METHOD' => 'GET',
'rack.session' => {}
}.merge!(env_params)
env = {'warden.options' => { :scope => :user }}.merge!(env_params)
Devise::FailureApp.call(env)
end

116
test/integration/authenticatable_test.rb
View File

@@ -134,7 +134,9 @@ class AuthenticationTest < ActionController::IntegrationTest
end
test 'error message is configurable by resource name' do
store_translations :en, :devise => { :sessions => { :admin => { :invalid => "Invalid credentials" } } } do
store_translations :en, :devise => {
:sessions => { :admin => { :invalid => "Invalid credentials" } }
} do
sign_in_as_admin do
fill_in 'password', :with => 'abcdef'
end
@@ -188,6 +190,14 @@ class AuthenticationTest < ActionController::IntegrationTest
assert_nil session[:"user.return_to"]
end
test 'xml http requests does not store urls for redirect' do
xhr :get, users_path
assert_nil session[:"user.return_to"]
sign_in_as_user
assert_template 'home/index'
end
test 'redirect to configured home path for a given scope after sign in' do
sign_in_as_admin
assert_equal "/admin_area/home", @request.path
@@ -195,20 +205,30 @@ class AuthenticationTest < ActionController::IntegrationTest
test 'destroyed account is signed out' do
sign_in_as_user
get '/users'
visit 'users/index'
User.destroy_all
get '/users'
visit 'users/index'
assert_redirected_to '/users/sign_in?unauthenticated=true'
end
test 'allows session to be set by a given scope' do
sign_in_as_user
get '/users'
visit 'users/index'
assert_equal "Cart", @controller.user_session[:cart]
end
# Scoped views
test 'session id is changed on sign in' do
get '/users'
session_id = request.session[:session_id]
get '/users'
assert_equal session_id, request.session[:session_id]
sign_in_as_user
assert_not_equal session_id, request.session[:session_id]
end
test 'renders the scoped view if turned on and view is available' do
swap Devise, :scoped_views => true do
assert_raise Webrat::NotFoundError do
@@ -220,15 +240,15 @@ class AuthenticationTest < ActionController::IntegrationTest
test 'renders the scoped view if turned on in an specific controller' do
begin
Devise::SessionsController.scoped_views = true
SessionsController.scoped_views = true
assert_raise Webrat::NotFoundError do
sign_in_as_user
end
assert_match /Special user view/, response.body
assert !Devise::PasswordsController.scoped_views
assert !PasswordsController.scoped_views
ensure
Devise::SessionsController.send :remove_instance_variable, :@scoped_views
SessionsController.send :remove_instance_variable, :@scoped_views
end
end
@@ -248,33 +268,73 @@ class AuthenticationTest < ActionController::IntegrationTest
end
end
# Default scope
test 'uses the mapping from the default scope if specified' do
swap Devise, :use_default_scope => true do
get '/sign_in'
assert_response :ok
assert_contain 'Sign in'
end
end
# Custom controller
test 'uses the custom controller with the custom controller view' do
get '/admin_area/sign_in'
assert_contain 'Sign in'
assert_contain 'Welcome to "sessions" controller!'
assert_contain 'Welcome to "sessions/new" view!'
end
# Access
test 'render 404 on roles without permission' do
get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true
get 'admin_area/password/new'
assert_response :not_found
assert_not_contain 'Send me reset password instructions'
end
test 'render 404 on roles without mapping' do
get '/sign_in', {}, "action_dispatch.show_exceptions" => true
get 'sign_in'
assert_response :not_found
assert_not_contain 'Sign in'
end
test 'uses the mapping from the default scope if specified' do
swap Devise, :use_default_scope => true do
get 'sign_in'
assert_response :ok
assert_contain 'Sign in'
end
end
end
class AuthenticationSignOutViaTest < ActionController::IntegrationTest
def sign_in!(scope)
visit send("new_#{scope}_session_path")
sign_in_as_user(:visit => false)
assert warden.authenticated?(scope)
end
test 'allow sign out via delete when sign_out_via provides only delete' do
sign_in!(:sign_out_via_delete)
delete destroy_sign_out_via_delete_session_path
assert_not warden.authenticated?(:sign_out_via_delete)
end
test 'do not allow sign out via get when sign_out_via provides only delete' do
sign_in!(:sign_out_via_delete)
get destroy_sign_out_via_delete_session_path
assert warden.authenticated?(:sign_out_via_delete)
end
test 'allow sign out via post when sign_out_via provides only post' do
sign_in!(:sign_out_via_post)
post destroy_sign_out_via_post_session_path
assert_not warden.authenticated?(:sign_out_via_post)
end
test 'do not allow sign out via get when sign_out_via provides only post' do
sign_in!(:sign_out_via_post)
get destroy_sign_out_via_delete_session_path
assert warden.authenticated?(:sign_out_via_post)
end
test 'allow sign out via delete when sign_out_via provides any method' do
sign_in!(:sign_out_via_anymethod)
delete destroy_sign_out_via_anymethod_session_path
assert_not warden.authenticated?(:sign_out_via_anymethod)
end
test 'allow sign out via post when sign_out_via provides any method' do
sign_in!(:sign_out_via_anymethod)
post destroy_sign_out_via_anymethod_session_path
assert_not warden.authenticated?(:sign_out_via_anymethod)
end
test 'allow sign out via get when sign_out_via provides any method' do
sign_in!(:sign_out_via_anymethod)
get destroy_sign_out_via_anymethod_session_path
assert_not warden.authenticated?(:sign_out_via_anymethod)
end
end

12
test/integration/http_authenticatable_test.rb
View File

@@ -16,6 +16,14 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
end
test 'uses the request format as response content type' do
sign_in_as_new_user_with_http("unknown", "123456", :xml)
assert_equal 401, status
assert_equal "application/xml", headers["Content-Type"]
# Cannot assert this due to a bug between integration tests and rack on 2.3
# assert response.body.include?("<error>HTTP Basic: Access denied.</error>")
end
test 'returns a custom response with www-authenticate and chosen realm' do
swap Devise, :http_authentication_realm => "MyApp" do
sign_in_as_new_user_with_http("unknown")
@@ -36,9 +44,9 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
private
def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
def sign_in_as_new_user_with_http(username="user@test.com", password="123456", format=:html)
user = create_user
get users_path, {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
get users_path(:format => format), {}, :authorization => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
user
end
end

25
test/integration/lockable_test.rb
View File

@@ -36,6 +36,16 @@ class LockTest < ActionController::IntegrationTest
assert_equal 0, ActionMailer::Base.deliveries.size
end
test 'unlocked pages should not be available if email strategy is disabled' do
visit new_user_unlock_path
assert_response :success
swap Devise, :unlock_strategy => :time do
visit new_user_unlock_path
assert_response :not_found
end
end
test 'user with invalid unlock token should not be able to unlock an account' do
visit_user_unlock_with_token('invalid_token')
@@ -47,20 +57,19 @@ class LockTest < ActionController::IntegrationTest
test "locked user should be able to unlock account" do
user = create_user(:locked => true)
assert user.locked?
assert user.access_locked?
visit_user_unlock_with_token(user.unlock_token)
assert_template 'home/index'
assert_contain 'Your account was successfully unlocked.'
assert_not user.reload.locked?
assert_not user.reload.access_locked?
end
test "sign in user automatically after unlocking it's account" do
user = create_user(:locked => true)
visit_user_unlock_with_token(user.unlock_token)
assert warden.authenticated?(:user)
end
@@ -71,6 +80,16 @@ class LockTest < ActionController::IntegrationTest
assert_not warden.authenticated?(:user)
end
test "user should not send a new e-mail if already locked" do
user = create_user(:locked => true)
user.update_attribute(:failed_attempts, User.maximum_attempts + 1)
ActionMailer::Base.deliveries.clear
sign_in_as_user(:password => "invalid")
assert_contain 'Invalid email or password.'
assert ActionMailer::Base.deliveries.empty?
end
test 'error message is configurable by resource name' do
store_translations :en, :devise => {
:sessions => { :admin => { :locked => "You are locked!" } }

47
test/integration/rack_middleware_test.rb Normal file
View File

@@ -0,0 +1,47 @@
require "test/test_helper"
require "rack/test"
class RackMiddlewareTest < Test::Unit::TestCase
include Rack::Test::Methods
def app
ActionController::Dispatcher.new
end
def warden
last_request.env['warden']
end
def with_custom_strategy
get '/'
Warden::Strategies.add(:custom_test) do
def valid?
true
end
def authenticate!
custom! [599, {
"X-Custom-Response" => "Custom response test",
"Content-type" => "text/plain"
}, "Custom response test"]
end
end
#ActionController::Dispatcher.middleware.use CustomStrategyInterceptor
default_strategies = warden.manager.config.default_strategies
warden.manager.config.default_strategies :custom_test
yield
warden.manager.config.default_strategies default_strategies
end
def test_custom_strategy_response
with_custom_strategy do
post('/users/sign_in')
assert_equal 599, last_response.status
assert_equal "Custom response test", last_response.body
assert_equal "Custom response test", last_response.headers["X-Custom-Response"]
end
end
end

2
test/integration/recoverable_test.rb
View File

@@ -134,7 +134,7 @@ class PasswordTest < ActionController::IntegrationTest
request_forgot_password
reset_password :reset_password_token => user.reload.reset_password_token
assert_current_path new_user_session_path(:unconfirmed => true)
assert_redirected_to new_user_session_path(:unconfirmed => true)
assert !warden.authenticated?(:user)
end

67
test/integration/registerable_test.rb
View File

@@ -3,7 +3,7 @@ require 'test/test_helper'
class RegistrationTest < ActionController::IntegrationTest
test 'a guest admin should be able to sign in successfully' do
get new_admin_session_path
visit new_admin_session_path
click_link 'Sign up'
assert_template 'registrations/new'
@@ -21,17 +21,24 @@ class RegistrationTest < ActionController::IntegrationTest
end
test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
get new_user_registration_path
visit new_user_registration_path
fill_in 'email', :with => 'new_user@test.com'
fill_in 'password', :with => 'new_user123'
fill_in 'password confirmation', :with => 'new_user123'
click_button 'Sign up'
assert_contain 'You have signed up successfully.'
assert_contain 'Sign in'
assert_not_contain 'Confirm your account'
assert_equal "You have signed up successfully. If enabled, a confirmation was sent to your e-mail.", @controller.send(:flash)[:notice]
# For some reason flash is not being set correctly, so instead of getting the
# "signed_up" message we get the unconfirmed one. Seems to be an issue with
# the internal redirect by the hook and the tests.
# follow_redirect!
# assert_contain 'You have signed up successfully.'
# assert_not_contain 'confirm your account'
follow_redirect!
assert_contain 'Sign in'
assert_not warden.authenticated?(:user)
user = User.last
@@ -40,7 +47,7 @@ class RegistrationTest < ActionController::IntegrationTest
end
test 'a guest user cannot sign up with invalid information' do
get new_user_registration_path
visit new_user_registration_path
fill_in 'email', :with => 'invalid_email'
fill_in 'password', :with => 'new_user123'
@@ -58,7 +65,7 @@ class RegistrationTest < ActionController::IntegrationTest
test 'a guest should not sign up with email/password that already exists' do
user = create_user
get new_user_registration_path
visit new_user_registration_path
fill_in 'email', :with => 'user@test.com'
fill_in 'password', :with => '123456'
@@ -72,19 +79,20 @@ class RegistrationTest < ActionController::IntegrationTest
end
test 'a guest should not be able to change account' do
get edit_user_registration_path
assert_redirected_to new_user_session_path(:unauthenticated => true)
visit edit_user_registration_path
follow_redirect!
assert_template 'sessions/new'
end
test 'a signed in user should not be able to access sign up' do
sign_in_as_user
get new_user_registration_path
assert_redirected_to root_path
visit new_user_registration_path
assert_template 'home/index'
end
test 'a signed in user should be able to edit his account' do
sign_in_as_user
get edit_user_registration_path
visit edit_user_registration_path
fill_in 'email', :with => 'user.new@email.com'
fill_in 'current password', :with => '123456'
@@ -96,25 +104,9 @@ class RegistrationTest < ActionController::IntegrationTest
assert_equal "user.new@email.com", User.first.email
end
test 'a signed in user should not change his current user with invalid password' do
sign_in_as_user
get edit_user_registration_path
fill_in 'email', :with => 'user.new@email.com'
fill_in 'current password', :with => 'invalid'
click_button 'Update'
assert_template 'registrations/edit'
assert_contain 'user@test.com'
assert_have_selector 'form input[value="user.new@email.com"]'
assert_equal "user@test.com", User.first.email
end
test 'a signed in user should be able to edit his password' do
sign_in_as_user
get edit_user_registration_path
visit edit_user_registration_path
fill_in 'password', :with => 'pas123'
fill_in 'password confirmation', :with => 'pas123'
@@ -127,11 +119,24 @@ class RegistrationTest < ActionController::IntegrationTest
assert User.first.valid_password?('pas123')
end
test 'a signed in user should be able to cancel his account' do
test 'a signed in user should not be able to edit his password with invalid confirmation' do
sign_in_as_user
get edit_user_registration_path
fill_in 'password', :with => 'pas123'
fill_in 'password confirmation', :with => ''
fill_in 'current password', :with => '123456'
click_button 'Update'
assert_contain "Password doesn't match confirmation"
assert_not User.first.valid_password?('pas123')
end
click_link "Cancel my account", :method => :delete
test 'a signed in user should be able to cancel his account' do
sign_in_as_user
visit edit_user_registration_path
click_link "Cancel my account"
assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
assert User.all.empty?

37
test/integration/rememberable_test.rb
View File

@@ -20,6 +20,13 @@ class RememberMeTest < ActionController::IntegrationTest
assert_not_nil user.reload.remember_token
end
test 'cookie_options should be applied to cookies' do
swap Devise, :cookie_options => { :value => 'dont-do-that' } do
user = sign_in_as_user :remember_me => true
assert_equal 'dont-do-that', cookies['remember_user_token']
end
end
test 'remember the user before sign in' do
user = create_user_and_remember
get users_path
@@ -28,20 +35,27 @@ class RememberMeTest < ActionController::IntegrationTest
assert warden.user(:user) == user
end
test 'does not remember other scopes' do
user = create_user_and_remember
get root_path
assert_response :success
assert warden.authenticated?(:user)
assert_not warden.authenticated?(:admin)
end
test 'do not remember with invalid token' do
user = create_user_and_remember('add')
get users_path
assert_response :success
assert_not warden.authenticated?(:user)
assert_redirected_to new_user_session_path(:unauthenticated => true)
end
test 'do not remember with token expired' do
user = create_user_and_remember
swap Devise, :remember_for => 0 do
get users_path
assert_not warden.authenticated?(:user)
assert_redirected_to new_user_session_path(:unauthenticated => true)
end
Devise.remember_for = 0
get users_path
assert_response :success
assert_not warden.authenticated?(:user)
end
test 'forget the user before sign out' do
@@ -60,5 +74,16 @@ class RememberMeTest < ActionController::IntegrationTest
get destroy_user_session_path
get users_path
assert_not warden.authenticated?(:user)
assert_equal cookies['remember_user_token'], ''
end
test 'cookies are destroyed on unverified requests' do
swap HomeController, :allow_forgery_protection => true do
user = create_user_and_remember
get users_path
assert warden.authenticated?(:user)
post root_path, :authenticity_token => 'INVALID'
assert_not warden.authenticated?(:user)
end
end
end

6
test/integration/token_authenticatable_test.rb
View File

@@ -16,7 +16,8 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
test 'signing in with valid authentication token - but improper authentication token key - return to sign in form with error message' do
swap Devise, :token_authentication_key => :donald_duck_token do
sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
assert_current_path new_user_session_path(:unauthenticated => true)
assert_redirected_to new_user_session_path(:unauthenticated => true)
follow_redirect!
assert_contain 'You need to sign in or sign up before continuing'
assert_contain 'Sign in'
@@ -27,7 +28,8 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
test 'signing in with invalid authentication token should return to sign in form with error message' do
store_translations :en, :devise => {:sessions => {:invalid_token => 'LOL, that was not a single character correct.'}} do
sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
assert_current_path new_user_session_path(:invalid_token => true)
assert_redirected_to new_user_session_path(:invalid_token => true)
follow_redirect!
assert_response :success
assert_contain 'LOL, that was not a single character correct.'

2
test/integration/trackable_test.rb
View File

@@ -39,7 +39,7 @@ class TrackableHooksTest < ActionController::IntegrationTest
test "increase sign in count" do
user = create_user
assert_nil user.sign_in_count
assert_equal 0, user.sign_in_count
sign_in_as_user
user.reload

14
test/mailers/confirmation_instructions_test.rb
View File

@@ -59,16 +59,22 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
test 'renders a scoped if scoped_views is set to true' do
swap Devise, :scoped_views => true do
assert_equal user.email, mail.body.decoded
assert_equal user.email, mail.body
end
end
test 'content type should be set to plain when manually configured' do
swap Devise, :mailer_content_type => "text/plain" do
assert_equal "text/plain", mail.content_type
end
end
test 'renders a scoped if scoped_views is set in the mailer class' do
begin
Devise::Mailer.scoped_views = true
assert_equal user.email, mail.body.decoded
DeviseMailer.scoped_views = true
assert_equal user.email, mail.body
ensure
Devise::Mailer.send :remove_instance_variable, :@scoped_views
DeviseMailer.send :remove_instance_variable, :@scoped_views
end
end

2
test/mailers/unlock_instructions_test.rb
View File

@@ -10,7 +10,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
def user
@user ||= begin
user = create_user
user.lock!
user.lock_access!
user
end
end

36
test/mapping_test.rb
View File

@@ -39,22 +39,17 @@ class MappingTest < ActiveSupport::TestCase
assert_equal Devise.mappings[:admin], Devise::Mapping.find_by_path("/admin_area/session")
end
test 'find mapping by class' do
assert_nil Devise::Mapping.find_by_class(String)
assert_equal Devise.mappings[:user], Devise::Mapping.find_by_class(User)
end
test 'find mapping by class works with single table inheritance' do
klass = Class.new(User)
assert_equal Devise.mappings[:user], Devise::Mapping.find_by_class(klass)
end
test 'find scope for a given object' do
assert_equal :user, Devise::Mapping.find_scope!(User)
assert_equal :user, Devise::Mapping.find_scope!(:user)
assert_equal :user, Devise::Mapping.find_scope!(User.new)
end
test 'find scope works with single table inheritance' do
assert_equal :user, Devise::Mapping.find_scope!(Class.new(User))
assert_equal :user, Devise::Mapping.find_scope!(Class.new(User).new)
end
test 'find scope raises an error if cannot be found' do
assert_raise RuntimeError do
Devise::Mapping.find_scope!(String)
@@ -67,7 +62,7 @@ class MappingTest < ActiveSupport::TestCase
assert_equal 'sign_out', mapping.path_names[:sign_out]
assert_equal 'password', mapping.path_names[:password]
assert_equal 'confirmation', mapping.path_names[:confirmation]
assert_equal 'sign_up', mapping.path_names[:sign_up]
assert_equal 'sign_up', mapping.path_names[:sign_up]
assert_equal 'unlock', mapping.path_names[:unlock]
end
@@ -129,13 +124,30 @@ class MappingTest < ActiveSupport::TestCase
end
end
test 'should have default route options' do
assert_equal({}, Devise.mappings[:user].route_options)
end
test 'should allow passing route options to devise routes' do
assert_equal({ :requirements => { :extra => 'value' } }, Devise.mappings[:manager].route_options)
end
test 'sign_out_via defaults to :get' do
assert_equal :get, Devise.mappings[:user].sign_out_via
end
test 'allows custom sign_out_via to be given' do
assert_equal :delete, Devise.mappings[:sign_out_via_delete].sign_out_via
assert_equal :post, Devise.mappings[:sign_out_via_post].sign_out_via
assert_equal :any, Devise.mappings[:sign_out_via_anymethod].sign_out_via
end
test 'magic predicates' do
mapping = Devise.mappings[:user]
assert mapping.authenticatable?
assert mapping.confirmable?
assert mapping.recoverable?
assert mapping.rememberable?
assert mapping.registerable?
mapping = Devise.mappings[:admin]
assert mapping.authenticatable?

6
test/models/authenticatable_test.rb
View File

@@ -100,7 +100,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
test 'should authenticate a valid user with email and password and return it' do
user = create_user
user.confirm!
User.any_instance.stubs(:confirmed?).returns(true)
authenticated_user = User.authenticate(:email => user.email, :password => user.password)
assert_equal authenticated_user, user
end
@@ -146,7 +146,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
assert_not user.update_with_password(:current_password => 'other',
:password => 'pass321', :password_confirmation => 'pass321')
assert user.reload.valid_password?('123456')
assert_match "is invalid", user.errors[:current_password].join
assert_match /invalid/, user.errors[:current_password]
end
test 'should add an error to current password when it is blank' do
@@ -154,7 +154,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
assert_not user.update_with_password(:password => 'pass321',
:password_confirmation => 'pass321')
assert user.reload.valid_password?('123456')
assert_match "can't be blank", user.errors[:current_password].join
assert_match /blank/, user.errors[:current_password]
end
test 'should ignore password and its confirmation if they are blank' do

58
test/models/confirmable_test.rb
View File

@@ -11,15 +11,6 @@ class ConfirmableTest < ActiveSupport::TestCase
assert_not_nil create_user.confirmation_token
end
test 'should regenerate confirmation token each time' do
user = create_user
3.times do
token = user.confirmation_token
user.resend_confirmation!
assert_not_equal token, user.confirmation_token
end
end
test 'should never generate the same confirmation token for different users' do
confirmation_tokens = []
3.times do
@@ -54,38 +45,38 @@ class ConfirmableTest < ActiveSupport::TestCase
test 'should not confirm a user already confirmed' do
user = create_user
assert user.confirm!
assert_blank user.errors[:email]
assert_nil user.errors[:email]
assert_not user.confirm!
assert_equal "was already confirmed", user.errors[:email].join
assert_match /already confirmed/, user.errors[:email]
end
test 'should find and confirm an user automatically' do
user = create_user
confirmed_user = User.confirm!(:confirmation_token => user.confirmation_token)
confirmed_user = User.confirm_by_token(user.confirmation_token)
assert_equal confirmed_user, user
assert user.reload.confirmed?
end
test 'should return a new record with errors when a invalid token is given' do
confirmed_user = User.confirm!(:confirmation_token => 'invalid_confirmation_token')
confirmed_user = User.confirm_by_token('invalid_confirmation_token')
assert confirmed_user.new_record?
assert_equal "is invalid", confirmed_user.errors[:confirmation_token].join
assert_match /invalid/, confirmed_user.errors[:confirmation_token]
end
test 'should return a new record with errors when a blank token is given' do
confirmed_user = User.confirm!(:confirmation_token => '')
confirmed_user = User.confirm_by_token('')
assert confirmed_user.new_record?
assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join
assert_match /blank/, confirmed_user.errors[:confirmation_token]
end
test 'should generate errors for a user email if user is already confirmed' do
user = create_user
user.confirmed_at = Time.now
user.save
confirmed_user = User.confirm!(:confirmation_token => user.confirmation_token)
confirmed_user = User.confirm_by_token(user.confirmation_token)
assert confirmed_user.confirmed?
assert_equal "was already confirmed", confirmed_user.errors[:email].join
assert confirmed_user.errors[:email]
end
test 'should authenticate a confirmed user' do
@@ -134,14 +125,7 @@ class ConfirmableTest < ActiveSupport::TestCase
test 'should add error to new user email if no email was found' do
confirmation_user = User.send_confirmation_instructions(:email => "invalid@email.com")
assert confirmation_user.errors[:email]
assert_equal "not found", confirmation_user.errors[:email].join
end
test 'should generate a confirmation token before send the confirmation instructions email' do
user = create_user
token = user.confirmation_token
confirmation_user = User.send_confirmation_instructions(:email => user.email)
assert_not_equal token, user.reload.confirmation_token
assert_equal 'not found', confirmation_user.errors[:email]
end
test 'should send email instructions for the user confirm it\'s email' do
@@ -150,6 +134,14 @@ class ConfirmableTest < ActiveSupport::TestCase
User.send_confirmation_instructions(:email => user.email)
end
end
test 'should always have confirmation token when email is sent' do
user = new_user
user.instance_eval { def confirmation_required?; false end }
user.save
user.send_confirmation_instructions
assert_not_nil user.reload.confirmation_token
end
test 'should not resend email instructions if the user change his email' do
user = create_user
@@ -173,9 +165,9 @@ class ConfirmableTest < ActiveSupport::TestCase
test 'should not be able to send instructions if the user is already confirmed' do
user = create_user
user.confirm!
assert_not user.resend_confirmation!
assert_not user.resend_confirmation_token
assert user.confirmed?
assert_equal 'was already confirmed', user.errors[:email].join
assert_equal 'already confirmed', user.errors[:email]
end
test 'confirm time should fallback to devise confirm in default configuration' do
@@ -216,7 +208,7 @@ class ConfirmableTest < ActiveSupport::TestCase
Devise.confirm_within = 0.days
user = create_user
user.confirmation_sent_at = Date.today
assert_not user.active?
assert_not user.reload.active?
end
test 'should not be active without confirmation' do
@@ -225,4 +217,12 @@ class ConfirmableTest < ActiveSupport::TestCase
user.save
assert_not user.reload.active?
end
test 'should be active without confirmation when confirmation is not required' do
user = create_user
user.instance_eval { def confirmation_required?; false end }
user.confirmation_sent_at = nil
user.save
assert user.reload.active?
end
end

19
test/models/http_authenticatable_test.rb
View File

@@ -1,19 +0,0 @@
require 'test/test_helper'
class HttpAuthenticatableTest < ActiveSupport::TestCase
test 'should authenticate a valid user with email and password and return it' do
user = create_user
user.confirm!
authenticated_user = User.authenticate_with_http(user.email, user.password)
assert_equal authenticated_user, user
end
test 'should return nil when authenticating an invalid user by email' do
user = create_user
user.confirm!
authenticated_user = User.authenticate_with_http('another.email@email.com', user.password)
assert_nil authenticated_user
end
end

89
test/models/lockable_test.rb
View File

@@ -9,7 +9,6 @@ class LockableTest < ActiveSupport::TestCase
test "should increment failed attempts on unsuccessful authentication" do
user = create_user
assert_equal 0, user.failed_attempts
authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword")
assert_equal 1, user.reload.failed_attempts
end
@@ -18,14 +17,14 @@ class LockableTest < ActiveSupport::TestCase
user = create_user
attempts = Devise.maximum_attempts + 1
attempts.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
assert user.reload.locked?
assert user.reload.access_locked?
end
test "should respect maximum attempts configuration" do
user = create_user
swap Devise, :maximum_attempts => 2 do
3.times { authenticated_user = User.authenticate(:email => user.email, :password => "anotherpassword") }
assert user.reload.locked?
assert user.reload.access_locked?
end
end
@@ -37,41 +36,50 @@ class LockableTest < ActiveSupport::TestCase
assert_equal 0, user.reload.failed_attempts
end
test "should verify wheter a user is locked or not" do
test "should verify whether a user is locked or not" do
user = create_user
assert_not user.locked?
user.lock!
assert user.locked?
assert_not user.access_locked?
user.lock_access!
assert user.access_locked?
end
test "active? should be the opposite of locked?" do
user = create_user
user.confirm!
assert user.active?
user.lock!
user.lock_access!
assert_not user.active?
end
test "should unlock an user by cleaning locked_at, falied_attempts and unlock_token" do
user = create_user
user.lock!
user.lock_access!
assert_not_nil user.reload.locked_at
assert_not_nil user.reload.unlock_token
user.unlock!
user.unlock_access!
assert_nil user.reload.locked_at
assert_nil user.reload.unlock_token
assert 0, user.reload.failed_attempts
end
test "should not lock a locked account" do
user = create_user
user.lock_access!
assert_no_difference "ActionMailer::Base.deliveries.size" do
user.lock_access!
end
end
test 'should not unlock an unlocked user' do
user = create_user
assert_not user.unlock!
assert_match "was not locked", user.errors[:email].join
assert_not user.unlock_access!
assert_match /not locked/, user.errors[:email]
end
test "new user should not be locked and should have zero failed_attempts" do
assert_not new_user.locked?
assert_not new_user.access_locked?
assert_equal 0, create_user.failed_attempts
end
@@ -79,10 +87,10 @@ class LockableTest < ActiveSupport::TestCase
swap Devise, :unlock_in => 3.hours do
user = new_user
user.locked_at = 2.hours.ago
assert user.locked?
assert user.access_locked?
Devise.unlock_in = 1.hour
assert_not user.locked?
assert_not user.access_locked?
end
end
@@ -90,32 +98,22 @@ class LockableTest < ActiveSupport::TestCase
swap Devise, :unlock_strategy => :email do
user = new_user
user.locked_at = 2.hours.ago
assert user.locked?
assert user.access_locked?
end
end
test "should set unlock_token when locking" do
user = create_user
assert_nil user.unlock_token
user.lock!
user.lock_access!
assert_not_nil user.unlock_token
end
test 'should not regenerate unlock token if it already exists' do
user = create_user
user.lock!
3.times do
token = user.unlock_token
user.resend_unlock!
assert_equal token, user.unlock_token
end
end
test "should never generate the same unlock token for different users" do
unlock_tokens = []
3.times do
user = create_user
user.lock!
user.lock_access!
token = user.unlock_token
assert !unlock_tokens.include?(token)
unlock_tokens << token
@@ -125,7 +123,7 @@ class LockableTest < ActiveSupport::TestCase
test "should not generate unlock_token when :email is not an unlock strategy" do
swap Devise, :unlock_strategy => :time do
user = create_user
user.lock!
user.lock_access!
assert_nil user.unlock_token
end
end
@@ -134,7 +132,7 @@ class LockableTest < ActiveSupport::TestCase
swap Devise, :unlock_strategy => :email do
user = create_user
assert_email_sent do
user.lock!
user.lock_access!
end
end
end
@@ -143,42 +141,42 @@ class LockableTest < ActiveSupport::TestCase
swap Devise, :unlock_strategy => :time do
user = create_user
assert_email_not_sent do
user.lock!
user.lock_access!
end
end
end
test 'should find and unlock an user automatically' do
user = create_user
user.lock!
locked_user = User.unlock!(:unlock_token => user.unlock_token)
user.lock_access!
locked_user = User.unlock_access_by_token(user.unlock_token)
assert_equal locked_user, user
assert_not user.reload.locked?
assert_not user.reload.access_locked?
end
test 'should return a new record with errors when a invalid token is given' do
locked_user = User.unlock!(:unlock_token => 'invalid_token')
locked_user = User.unlock_access_by_token('invalid_token')
assert locked_user.new_record?
assert_equal "is invalid", locked_user.errors[:unlock_token].join
assert_match /invalid/, locked_user.errors[:unlock_token]
end
test 'should return a new record with errors when a blank token is given' do
locked_user = User.unlock!(:unlock_token => '')
locked_user = User.unlock_access_by_token('')
assert locked_user.new_record?
assert_equal "can't be blank", locked_user.errors[:unlock_token].join
assert_match /blank/, locked_user.errors[:unlock_token]
end
test 'should authenticate a unlocked user' do
user = create_user
user.lock!
user.unlock!
user.lock_access!
user.unlock_access!
authenticated_user = User.authenticate(:email => user.email, :password => user.password)
assert_equal authenticated_user, user
end
test 'should find a user to send unlock instructions' do
user = create_user
user.lock!
user.lock_access!
unlock_user = User.send_unlock_instructions(:email => user.email)
assert_equal unlock_user, user
end
@@ -190,14 +188,15 @@ class LockableTest < ActiveSupport::TestCase
test 'should add error to new user email if no email was found' do
unlock_user = User.send_unlock_instructions(:email => "invalid@email.com")
assert_equal 'not found', unlock_user.errors[:email].join
assert unlock_user.errors[:email]
assert_equal 'not found', unlock_user.errors[:email]
end
test 'should not be able to send instructions if the user is not locked' do
user = create_user
assert_not user.resend_unlock!
assert_not user.locked?
assert_equal 'was not locked', user.errors[:email].join
assert_not user.resend_unlock_token
assert_not user.access_locked?
assert_equal 'not locked', user.errors[:email]
end
end

14
test/models/recoverable_test.rb
View File

@@ -83,7 +83,7 @@ class RecoverableTest < ActiveSupport::TestCase
test 'should return a new record with errors if user was not found by e-mail' do
reset_password_user = User.send_reset_password_instructions(:email => "invalid@email.com")
assert reset_password_user.new_record?
assert_equal "not found", reset_password_user.errors[:email].join
assert_match /not found/, reset_password_user.errors[:email]
end
test 'should reset reset_password_token before send the reset instructions email' do
@@ -104,20 +104,20 @@ class RecoverableTest < ActiveSupport::TestCase
user = create_user
user.send :generate_reset_password_token!
reset_password_user = User.reset_password!(:reset_password_token => user.reset_password_token)
reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token)
assert_equal reset_password_user, user
end
test 'should a new record with errors if no reset_password_token is found' do
reset_password_user = User.reset_password!(:reset_password_token => 'invalid_token')
reset_password_user = User.reset_password_by_token(:reset_password_token => 'invalid_token')
assert reset_password_user.new_record?
assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
assert_match /invalid/, reset_password_user.errors[:reset_password_token]
end
test 'should a new record with errors if reset_password_token is blank' do
reset_password_user = User.reset_password!(:reset_password_token => '')
reset_password_user = User.reset_password_by_token(:reset_password_token => '')
assert reset_password_user.new_record?
assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join
assert_match /blank/, reset_password_user.errors[:reset_password_token]
end
test 'should reset successfully user password given the new password and confirmation' do
@@ -125,7 +125,7 @@ class RecoverableTest < ActiveSupport::TestCase
old_password = user.password
user.send :generate_reset_password_token!
reset_password_user = User.reset_password!(
reset_password_user = User.reset_password_by_token(
:reset_password_token => user.reset_password_token,
:password => 'new_password',
:password_confirmation => 'new_password'

17
test/models/rememberable_test.rb
View File

@@ -1,6 +1,11 @@
require 'test/test_helper'
class RememberableTest < ActiveSupport::TestCase
def setup
Devise.remember_for = 1
end
test 'should respond to remember_me attribute' do
user = new_user
assert user.respond_to?(:remember_me)
@@ -49,13 +54,11 @@ class RememberableTest < ActiveSupport::TestCase
end
test 'valid remember token should also verify if remember is not expired' do
swap Devise, :remember_for => 1.day do
user = create_user
user.remember_me!
user.remember_created_at = 3.days.ago
user.save
assert_not user.valid_remember_token?(user.remember_token)
end
user = create_user
user.remember_me!
user.remember_created_at = 3.days.ago
user.save
assert_not user.valid_remember_token?(user.remember_token)
end
test 'serialize into cookie' do

43
test/models/validatable_test.rb
View File

@@ -7,30 +7,31 @@ class ValidatableTest < ActiveSupport::TestCase
user = new_user(:email => nil)
assert user.invalid?
assert user.errors[:email]
assert_equal 'can\'t be blank', user.errors[:email].join
assert_equal 'can\'t be blank', user.errors[:email]
end
test 'should require uniqueness of email, allowing blank' do
existing_user = create_user
user = new_user(:email => '')
assert user.invalid?
assert_not_equal 'has already been taken', user.errors[:email].join
assert_not_equal 'has already been taken', user.errors[:email]
user.email = existing_user.email
assert user.invalid?
assert_equal 'has already been taken', user.errors[:email].join
assert user.errors[:email]
assert_equal 1, [*user.errors[:email]].size
assert_equal 'has already been taken', user.errors[:email]
end
test 'should require correct email format, allowing blank' do
user = new_user(:email => '')
assert user.invalid?
assert_not_equal 'is invalid', user.errors[:email].join
assert_not_equal 'is invalid', user.errors[:email]
%w(invalid_email_format email@invalid invalid$character@mail.com other@not 123).each do |email|
user.email = email
assert user.invalid?, 'should be invalid with email ' << email
assert_equal 'is invalid', user.errors[:email].join
assert user.errors[:email]
assert_equal 1, [*user.errors[:email]].size
assert_equal 'is invalid', user.errors[:email]
end
end
@@ -38,59 +39,63 @@ class ValidatableTest < ActiveSupport::TestCase
%w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test).each do |email|
user = new_user(:email => email)
assert user.valid?, 'should be valid with email ' << email
assert_blank user.errors[:email]
assert_nil user.errors[:email]
end
end
test 'should require password to be set when creating a new record' do
user = new_user(:password => '', :password_confirmation => '')
assert user.invalid?
assert_equal 'can\'t be blank', user.errors[:password].join
assert user.errors[:password]
assert_equal 'can\'t be blank', user.errors[:password]
end
test 'should require confirmation to be set when creating a new record' do
user = new_user(:password => 'new_password', :password_confirmation => 'blabla')
assert user.invalid?
assert_equal 'doesn\'t match confirmation', user.errors[:password].join
assert user.errors[:password]
assert_equal 'doesn\'t match confirmation', user.errors[:password]
end
test 'should require password when updating/reseting password' do
user = create_user
user.password = ''
user.password_confirmation = ''
assert user.invalid?
assert_equal 'can\'t be blank', user.errors[:password].join
assert user.errors[:password]
assert_equal 'can\'t be blank', user.errors[:password]
end
test 'should require confirmation when updating/reseting password' do
user = create_user
user.password_confirmation = 'another_password'
assert user.invalid?
assert_equal 'doesn\'t match confirmation', user.errors[:password].join
assert user.errors[:password]
assert_equal 'doesn\'t match confirmation', user.errors[:password]
end
test 'should require a password with minimum of 6 characters' do
user = new_user(:password => '12345', :password_confirmation => '12345')
assert user.invalid?
assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
assert user.errors[:password]
assert_equal 'is too short (minimum is 6 characters)', user.errors[:password]
end
test 'should require a password with maximum of 20 characters long' do
user = new_user(:password => 'x'*21, :password_confirmation => 'x'*21)
assert user.invalid?
assert_equal 'is too long (maximum is 20 characters)', user.errors[:password].join
assert user.errors[:password]
assert_equal 'is too long (maximum is 20 characters)', user.errors[:password]
end
test 'should not require password length when it\'s not changed' do
user = create_user.reload
user.password = user.password_confirmation = nil
assert user.valid?
user.password_confirmation = 'confirmation'
assert user.invalid?
assert_not (user.errors[:password].join =~ /is too long/)
assert user.errors[:password]
assert_not user.errors[:password].to_a.include?('is too short (minimum is 6 characters)')
end
test 'shuold not be included in objects with invalid API' do

18
test/models_test.rb
View File

@@ -1,7 +1,7 @@
require 'test/test_helper'
class Configurable < User
devise :authenticatable, :confirmable, :rememberable, :timeoutable, :lockable,
devise :database_authenticatable, :confirmable, :rememberable, :timeoutable, :lockable,
:stretches => 15, :pepper => 'abcdef', :confirm_within => 5.days,
:remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
end
@@ -23,7 +23,21 @@ class ActiveRecordTest < ActiveSupport::TestCase
end
test 'add modules cherry pick' do
assert_include_modules Admin, :authenticatable, :registerable, :timeoutable
assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable
end
test 'order of module inclusion' do
correct_module_order = [:database_authenticatable, :registerable, :timeoutable]
incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable]
assert_include_modules Admin, *incorrect_module_order
# get module constants from symbol list
module_constants = correct_module_order.collect { |mod| Devise::Models::const_get(mod.to_s.classify) }
# confirm that they adhere to the order in ALL
# get included modules, filter out the noise, and reverse the order
assert_equal module_constants, (Admin.included_modules & module_constants).reverse
end
test 'set a default value for stretches' do

7
test/orm/active_record.rb
View File

@@ -1,13 +1,14 @@
require File.expand_path('../../rails_app/config/environment', __FILE__)
require 'rails/test_help'
require File.join(File.dirname(__FILE__), '..', 'rails_app', 'config', 'environment')
require 'test_help'
ActiveRecord::Migration.verbose = false
ActiveRecord::Base.logger = Logger.new(nil)
ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
ActiveRecord::Schema.define(:version => 1) do
[:users, :admins, :accounts].each do |table|
create_table table do |t|
t.authenticatable :null => table == :admins
t.database_authenticatable :null => table == :admins
if table != :admin
t.string :username

12
test/orm/mongo_mapper.rb
View File

@@ -1,8 +1,16 @@
require 'mongo_mapper'
MongoMapper.database = "devise-test-suite"
MongoMapper.connection = Mongo::Connection.new('127.0.0.1', 27017)
require File.expand_path('../../rails_app/config/environment', __FILE__)
require 'rails/test_help'
require File.join(File.dirname(__FILE__), '..', 'rails_app', 'config', 'environment')
require 'test_help'
module MongoMapper::Document
# TODO This should not be required
def invalid?
!valid?
end
end
class ActiveSupport::TestCase
setup do

4
test/rails_app/Rakefile
View File

@@ -1,10 +1,10 @@
# Add your own tasks in files placed in lib/tasks ending in .rake,
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
require File.expand_path('../config/application', __FILE__)
require(File.join(File.dirname(__FILE__), 'config', 'boot'))
require 'rake'
require 'rake/testtask'
require 'rake/rdoctask'
Rails::Application.load_tasks
require 'tasks/rails'

2
test/rails_app/app/active_record/admin.rb
View File

@@ -1,5 +1,5 @@
class Admin < ActiveRecord::Base
devise :authenticatable, :registerable, :timeoutable
devise :database_authenticatable, :registerable, :timeoutable
def self.find_for_authentication(conditions)
last(:conditions => conditions)

6
test/rails_app/app/active_record/user.rb
View File

@@ -1,7 +1,7 @@
class User < ActiveRecord::Base
devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
:registerable, :rememberable, :timeoutable, :token_authenticatable,
:trackable, :validatable
devise :database_authenticatable, :http_authenticatable, :confirmable,
:lockable, :recoverable, :registerable, :rememberable, :timeoutable,
:token_authenticatable, :trackable, :validatable
attr_accessible :username, :email, :password, :password_confirmation
end

8
test/rails_app/app/controllers/application_controller.rb
View File

@@ -2,5 +2,11 @@
# Likewise, all the methods added will be available for all controllers.
class ApplicationController < ActionController::Base
protect_from_forgery
helper :all # include all helpers, all the time
protect_from_forgery # See ActionController::RequestForgeryProtection for details
# Scrub sensitive parameters from your log
filter_parameter_logging :password
before_filter :current_user
end

Some files were not shown because too many files have changed in this diff Show More