Release v2.2.0

Or as @rafaelfranca says: Happy New Year 🎆

CHANGELOG.rdoc

@@ -1,13 +1,15 @@
-== 2.2.0.rc
+== 2.2.0
 
-* important changes
+* backwards incompatible changes
+  * `headers_for` is deprecated, customize the mailer directly instead
+  * All mailer methods now expect a second argument with delivery options
   * Default minimum password length is now 8 (by @carlosgaldino)
-  * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (@gabetax)
+  * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (by @gabetax)
   * DeviseController responds only to HTML requests by default (call `DeviseController.respond_to` or `ApplicationController.respond_to` to add new formats)
   * Support Mongoid 3 onwards (by @durran)
-  * Fix unlockable which could leak account existence on paranoid mode (by @latortuga)
 
 * enhancements
+  * Fix unlockable which could leak account existence on paranoid mode (by @latortuga)
   * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt)
   * Flash messages in controller now respects `resource_name` (by @latortuga)
   * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast)

MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2009-2012 Plataformatec. http://plataformatec.com.br
+Copyright 2009-2013 Plataformatec. http://plataformatec.com.br
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

README.md

@@ -393,4 +393,4 @@ https://github.com/plataformatec/devise/contributors
 
 ## License
 
-MIT License. Copyright 2012 Plataformatec. http://plataformatec.com.br
+MIT License. Copyright 2009-2013 Plataformatec. http://plataformatec.com.br

app/controllers/devise/sessions_controller.rb

@@ -27,10 +27,8 @@ class Devise::SessionsController < DeviseController
     # We actually need to hardcode this as Rails default responder doesn't
     # support returning empty response on GET request
     respond_to do |format|
+      format.all { head :no_content }
       format.any(*navigational_formats) { redirect_to redirect_path }
-      format.all do
-        head :no_content
-      end
     end
   end
 

app/mailers/devise/mailer.rb

@@ -1,15 +1,15 @@
 class Devise::Mailer < ::ActionMailer::Base
   include Devise::Mailers::Helpers
 
-  def confirmation_instructions(record)
-    devise_mail(record, :confirmation_instructions)
+  def confirmation_instructions(record, opts={})
+    devise_mail(record, :confirmation_instructions, opts)
   end
 
-  def reset_password_instructions(record)
-    devise_mail(record, :reset_password_instructions)
+  def reset_password_instructions(record, opts={})
+    devise_mail(record, :reset_password_instructions, opts)
   end
 
-  def unlock_instructions(record)
-    devise_mail(record, :unlock_instructions)
+  def unlock_instructions(record, opts={})
+    devise_mail(record, :unlock_instructions, opts)
   end
 end

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -1,6 +1,6 @@
 <p>Hello <%= @resource.email %>!</p>
 
-<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
 
 <p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
 

lib/devise/mailers/helpers.rb

@@ -11,9 +11,9 @@ module Devise
       protected
 
       # Configure default email options
-      def devise_mail(record, action)
+      def devise_mail(record, action, opts={})
         initialize_from_record(record)
-        mail headers_for(action)
+        mail headers_for(action, opts)
       end
 
       def initialize_from_record(record)
@@ -25,16 +25,19 @@ module Devise
         @devise_mapping ||= Devise.mappings[scope_name]
       end
 
-      def headers_for(action)
+      def headers_for(action, opts)
         headers = {
           :subject       => translate(devise_mapping, action),
           :to            => resource.email,
           :from          => mailer_sender(devise_mapping),
           :reply_to      => mailer_reply_to(devise_mapping),
-          :template_path => template_paths
-        }
+          :template_path => template_paths,
+          :template_name => action
+        }.merge(opts)
 
         if resource.respond_to?(:headers_for)
+          ActiveSupport::Deprecation.warn "Calling headers_for in the model is no longer supported. " <<
+            "Please customize your mailer instead."
           headers.merge!(resource.headers_for(action))
         end
 

lib/devise/models/authenticatable.rb

@@ -93,10 +93,6 @@ module Devise
       def authenticatable_salt
       end
 
-      def headers_for(name)
-        {}
-      end
-
       array = %w(serializable_hash)
       # to_xml does not call serializable_hash on 3.1
       array << "to_xml" if Rails::VERSION::STRING[0,3] == "3.1"
@@ -159,8 +155,8 @@ module Devise
       #       end
       #     end
       #
-      def send_devise_notification(notification)
-        devise_mailer.send(notification, self).deliver
+      def send_devise_notification(notification, opts={})
+        devise_mailer.send(notification, self, opts).deliver
       end
 
       def downcase_keys

lib/devise/models/confirmable.rb

@@ -87,7 +87,9 @@ module Devise
         @reconfirmation_required = false
 
         generate_confirmation_token! if self.confirmation_token.blank?
-        send_devise_notification(:confirmation_instructions)
+
+        opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { }
+        send_devise_notification(:confirmation_instructions, opts)
       end
 
       # Resend confirmation token. This method does not need to generate a new token.
@@ -123,14 +125,6 @@ module Devise
         @bypass_postpone = true
       end
 
-      def headers_for(action)
-        headers = super
-        if action == :confirmation_instructions && pending_reconfirmation?
-          headers[:to] = unconfirmed_email
-        end
-        headers
-      end
-
       protected
 
         # A callback method used to deliver confirmation

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "2.2.0.rc".freeze
+  VERSION = "2.2.0".freeze
 end

test/integration/authenticatable_test.rb

@@ -517,6 +517,25 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
     assert_response :no_content
     assert_not warden.authenticated?(:user)
   end
+
+  test 'sign out with non-navigational format via XHR does not redirect' do
+    swap Devise, :navigational_formats => ['*/*', :html] do 
+      sign_in_as_user
+      xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
+      assert_response :no_content
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
+  # Belt and braces ... Perhaps this test is not necessary?
+  test 'sign out with navigational format via XHR does redirect' do
+    swap Devise, :navigational_formats => ['*/*', :html] do 
+      sign_in_as_user
+      xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" }
+      assert_response :redirect
+      assert_not warden.authenticated?(:user)
+    end
+  end
 end
 
 class AuthenticationKeysTest < ActionController::IntegrationTest