Bump version.

Refactor.
fix for issues #999 : HTTP_ACCEPT=*/* should redirect to the default location
2026-01-13 00:38:08 -05:00 · 2011-04-29 14:13:35 +02:00 · 2011-04-29 14:12:29 +02:00 · 2011-04-29 14:12:22 +02:00 · 2011-04-21 19:19:35 +02:00 · 2011-04-21 19:18:40 +02:00
7 changed files with 24 additions and 4 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,3 +1,13 @@
+== 1.3.4
+
+* bug fix
+  * Do not add formats if html or "*/*"
+
+== 1.3.3
+
+* bug fix
+  * Explicitly mark the token as expired if so
+
 == 1.3.2

 * bug fix
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -3,6 +3,7 @@
 en:
  errors:
    messages:
+      expired: "has expired, please request a new one"
      not_found: "not found"
      already_confirmed: "was already confirmed, please try signing in"
      not_locked: "was not locked"
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -65,13 +65,17 @@ module Devise
    end

    def redirect_url
-      if request_format == :html
+      if skip_format?
        send(:"new_#{scope}_session_path")
      else
        send(:"new_#{scope}_session_path", :format => request_format)
      end
    end

+    def skip_format?
+      %w(html */*).include? request_format.to_s
+    end
+
    # Choose whether we should respond in a http authentication fashion,
    # including 401 and optional headers.
    #
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@@ -116,7 +116,7 @@ module Devise
            if recoverable.reset_password_period_valid?
              recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) 
            else
-              recoverable.errors.add(:reset_password_token, :invalid)
+              recoverable.errors.add(:reset_password_token, :expired)
            end
          end
          recoverable
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.3.2".freeze
+  VERSION = "1.3.4".freeze
 end
--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@@ -39,6 +39,11 @@ class FailureTest < ActiveSupport::TestCase
      assert_equal 'http://test.host/users/sign_in', @response.second['Location']
    end

+    test 'return to the default redirect location for wildcard requests' do
+      call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*'
+      assert_equal 'http://test.host/users/sign_in', @response.second['Location']
+    end
+
    test 'uses the proxy failure message as symbol' do
      call_failure('warden' => OpenStruct.new(:message => :test))
      assert_equal 'test', @request.flash[:alert]
--- a/test/models/recoverable_test.rb
+++ b/test/models/recoverable_test.rb
@@ -192,7 +192,7 @@ class RecoverableTest < ActiveSupport::TestCase

      assert user.valid_password?(old_password)
      assert_not user.valid_password?('new_password')
-      assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join
+      assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join
    end
  end
Author	SHA1	Message	Date
José Valim	9f763d082a	Bump version.	2011-04-29 14:13:35 +02:00
José Valim	c62915e2bd	Refactor.	2011-04-29 14:12:29 +02:00
Emanuel Carnevale	6153a52e2d	fix for issues #999 : HTTP_ACCEPT=/ should redirect to the default location	2011-04-29 14:12:22 +02:00
José Valim	39b59142ea	Update CHANGELOG.	2011-04-21 19:19:35 +02:00
José Valim	624fb566fb	Mark the token as expired, because invalid gives no clue of what to do next.	2011-04-21 19:18:40 +02:00