RubyGems - af-devise - Versions diffs - 2.1.2 - Mend

af-devise 2.1.2

Files changed (207) hide show

data/.gitignore +10 -0
data/.travis.yml +15 -0
data/CHANGELOG.rdoc +885 -0
data/CONTRIBUTING.md +14 -0
data/Gemfile +29 -0
data/Gemfile.lock +155 -0
data/MIT-LICENSE +20 -0
data/README.md +394 -0
data/Rakefile +34 -0
data/app/controllers/devise/confirmations_controller.rb +43 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +30 -0
data/app/controllers/devise/passwords_controller.rb +65 -0
data/app/controllers/devise/registrations_controller.rb +119 -0
data/app/controllers/devise/sessions_controller.rb +50 -0
data/app/controllers/devise/unlocks_controller.rb +44 -0
data/app/controllers/devise_controller.rb +184 -0
data/app/helpers/devise_helper.rb +25 -0
data/app/mailers/devise/mailer.rb +15 -0
data/app/views/devise/_links.erb +3 -0
data/app/views/devise/confirmations/new.html.erb +12 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise/passwords/edit.html.erb +16 -0
data/app/views/devise/passwords/new.html.erb +12 -0
data/app/views/devise/registrations/edit.html.erb +25 -0
data/app/views/devise/registrations/new.html.erb +18 -0
data/app/views/devise/sessions/new.html.erb +17 -0
data/app/views/devise/shared/_links.erb +25 -0
data/app/views/devise/unlocks/new.html.erb +12 -0
data/config/locales/en.yml +59 -0
data/devise.gemspec +25 -0
data/gemfiles/Gemfile.rails-3.1.x +35 -0
data/gemfiles/Gemfile.rails-3.1.x.lock +167 -0
data/lib/devise.rb +444 -0
data/lib/devise/controllers/helpers.rb +285 -0
data/lib/devise/controllers/rememberable.rb +52 -0
data/lib/devise/controllers/scoped_views.rb +17 -0
data/lib/devise/controllers/url_helpers.rb +67 -0
data/lib/devise/delegator.rb +16 -0
data/lib/devise/failure_app.rb +187 -0
data/lib/devise/hooks/activatable.rb +11 -0
data/lib/devise/hooks/forgetable.rb +9 -0
data/lib/devise/hooks/lockable.rb +7 -0
data/lib/devise/hooks/rememberable.rb +6 -0
data/lib/devise/hooks/timeoutable.rb +25 -0
data/lib/devise/hooks/trackable.rb +9 -0
data/lib/devise/mailers/helpers.rb +91 -0
data/lib/devise/mapping.rb +172 -0
data/lib/devise/models.rb +128 -0
data/lib/devise/models/authenticatable.rb +268 -0
data/lib/devise/models/confirmable.rb +270 -0
data/lib/devise/models/database_authenticatable.rb +127 -0
data/lib/devise/models/lockable.rb +193 -0
data/lib/devise/models/omniauthable.rb +27 -0
data/lib/devise/models/recoverable.rb +140 -0
data/lib/devise/models/registerable.rb +25 -0
data/lib/devise/models/rememberable.rb +125 -0
data/lib/devise/models/timeoutable.rb +49 -0
data/lib/devise/models/token_authenticatable.rb +89 -0
data/lib/devise/models/trackable.rb +35 -0
data/lib/devise/models/validatable.rb +66 -0
data/lib/devise/modules.rb +29 -0
data/lib/devise/omniauth.rb +28 -0
data/lib/devise/omniauth/config.rb +45 -0
data/lib/devise/omniauth/url_helpers.rb +18 -0
data/lib/devise/orm/active_record.rb +3 -0
data/lib/devise/orm/mongoid.rb +3 -0
data/lib/devise/param_filter.rb +41 -0
data/lib/devise/rails.rb +54 -0
data/lib/devise/rails/routes.rb +446 -0
data/lib/devise/rails/warden_compat.rb +43 -0
data/lib/devise/strategies/authenticatable.rb +176 -0
data/lib/devise/strategies/base.rb +20 -0
data/lib/devise/strategies/database_authenticatable.rb +20 -0
data/lib/devise/strategies/rememberable.rb +55 -0
data/lib/devise/strategies/token_authenticatable.rb +56 -0
data/lib/devise/test_helpers.rb +131 -0
data/lib/devise/time_inflector.rb +14 -0
data/lib/devise/version.rb +3 -0
data/lib/generators/active_record/devise_generator.rb +79 -0
data/lib/generators/active_record/templates/migration.rb +19 -0
data/lib/generators/active_record/templates/migration_existing.rb +26 -0
data/lib/generators/devise/devise_generator.rb +24 -0
data/lib/generators/devise/install_generator.rb +24 -0
data/lib/generators/devise/orm_helpers.rb +32 -0
data/lib/generators/devise/views_generator.rb +116 -0
data/lib/generators/mongoid/devise_generator.rb +57 -0
data/lib/generators/templates/README +35 -0
data/lib/generators/templates/devise.rb +240 -0
data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +22 -0
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +15 -0
data/test/controllers/custom_strategy_test.rb +62 -0
data/test/controllers/helpers_test.rb +253 -0
data/test/controllers/internal_helpers_test.rb +110 -0
data/test/controllers/sessions_controller_test.rb +85 -0
data/test/controllers/url_helpers_test.rb +59 -0
data/test/delegator_test.rb +19 -0
data/test/devise_test.rb +72 -0
data/test/failure_app_test.rb +221 -0
data/test/generators/active_record_generator_test.rb +75 -0
data/test/generators/devise_generator_test.rb +39 -0
data/test/generators/install_generator_test.rb +13 -0
data/test/generators/mongoid_generator_test.rb +23 -0
data/test/generators/views_generator_test.rb +52 -0
data/test/helpers/devise_helper_test.rb +51 -0
data/test/integration/authenticatable_test.rb +633 -0
data/test/integration/confirmable_test.rb +298 -0
data/test/integration/database_authenticatable_test.rb +82 -0
data/test/integration/http_authenticatable_test.rb +97 -0
data/test/integration/lockable_test.rb +242 -0
data/test/integration/omniauthable_test.rb +133 -0
data/test/integration/recoverable_test.rb +334 -0
data/test/integration/registerable_test.rb +345 -0
data/test/integration/rememberable_test.rb +158 -0
data/test/integration/timeoutable_test.rb +140 -0
data/test/integration/token_authenticatable_test.rb +161 -0
data/test/integration/trackable_test.rb +92 -0
data/test/mailers/confirmation_instructions_test.rb +102 -0
data/test/mailers/reset_password_instructions_test.rb +83 -0
data/test/mailers/unlock_instructions_test.rb +77 -0
data/test/mapping_test.rb +127 -0
data/test/models/authenticatable_test.rb +7 -0
data/test/models/confirmable_test.rb +391 -0
data/test/models/database_authenticatable_test.rb +196 -0
data/test/models/lockable_test.rb +273 -0
data/test/models/omniauthable_test.rb +7 -0
data/test/models/recoverable_test.rb +205 -0
data/test/models/registerable_test.rb +7 -0
data/test/models/rememberable_test.rb +174 -0
data/test/models/serializable_test.rb +49 -0
data/test/models/timeoutable_test.rb +46 -0
data/test/models/token_authenticatable_test.rb +55 -0
data/test/models/trackable_test.rb +13 -0
data/test/models/validatable_test.rb +117 -0
data/test/models_test.rb +179 -0
data/test/omniauth/config_test.rb +57 -0
data/test/omniauth/url_helpers_test.rb +51 -0
data/test/orm/active_record.rb +9 -0
data/test/orm/mongoid.rb +13 -0
data/test/rails_app/Rakefile +10 -0
data/test/rails_app/app/active_record/admin.rb +6 -0
data/test/rails_app/app/active_record/shim.rb +2 -0
data/test/rails_app/app/active_record/user.rb +6 -0
data/test/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
data/test/rails_app/app/controllers/admins_controller.rb +11 -0
data/test/rails_app/app/controllers/application_controller.rb +8 -0
data/test/rails_app/app/controllers/home_controller.rb +25 -0
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +14 -0
data/test/rails_app/app/controllers/users_controller.rb +23 -0
data/test/rails_app/app/helpers/application_helper.rb +3 -0
data/test/rails_app/app/mailers/users/mailer.rb +8 -0
data/test/rails_app/app/mongoid/admin.rb +29 -0
data/test/rails_app/app/mongoid/shim.rb +24 -0
data/test/rails_app/app/mongoid/user.rb +42 -0
data/test/rails_app/app/views/admins/index.html.erb +1 -0
data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
data/test/rails_app/app/views/home/index.html.erb +1 -0
data/test/rails_app/app/views/home/join.html.erb +1 -0
data/test/rails_app/app/views/home/private.html.erb +1 -0
data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
data/test/rails_app/app/views/layouts/application.html.erb +24 -0
data/test/rails_app/app/views/users/index.html.erb +1 -0
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
data/test/rails_app/config.ru +4 -0
data/test/rails_app/config/application.rb +41 -0
data/test/rails_app/config/boot.rb +8 -0
data/test/rails_app/config/database.yml +18 -0
data/test/rails_app/config/environment.rb +5 -0
data/test/rails_app/config/environments/development.rb +18 -0
data/test/rails_app/config/environments/production.rb +33 -0
data/test/rails_app/config/environments/test.rb +33 -0
data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
data/test/rails_app/config/initializers/devise.rb +178 -0
data/test/rails_app/config/initializers/inflections.rb +2 -0
data/test/rails_app/config/initializers/secret_token.rb +2 -0
data/test/rails_app/config/routes.rb +100 -0
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +74 -0
data/test/rails_app/db/schema.rb +52 -0
data/test/rails_app/lib/shared_admin.rb +14 -0
data/test/rails_app/lib/shared_user.rb +26 -0
data/test/rails_app/public/404.html +26 -0
data/test/rails_app/public/422.html +26 -0
data/test/rails_app/public/500.html +26 -0
data/test/rails_app/public/favicon.ico +0 -0
data/test/rails_app/script/rails +10 -0
data/test/routes_test.rb +248 -0
data/test/support/assertions.rb +40 -0
data/test/support/helpers.rb +91 -0
data/test/support/integration.rb +92 -0
data/test/support/locale/en.yml +4 -0
data/test/support/webrat/integrations/rails.rb +24 -0
data/test/test_helper.rb +27 -0
data/test/test_helpers_test.rb +151 -0
metadata +421 -0

data/lib/devise/controllers/rememberable.rb ADDED

@@ -0,0 +1,52 @@
+module Devise
+  module Controllers
+    # A module that may be optionally included in a controller in order
+    # to provide remember me behavior.
+    module Rememberable
+      # Return default cookie values retrieved from session options.
+      def self.cookie_values
+        Rails.configuration.session_options.slice(:path, :domain, :secure)
+      end
+      # A small warden proxy so we can remember and forget uses from hooks.
+      class Proxy #:nodoc:
+        include Devise::Controllers::Rememberable
+        delegate :cookies, :env, :to => :@warden
+        def initialize(warden)
+          @warden = warden
+        end
+      end
+      # Remembers the given resource by setting up a cookie
+      def remember_me(resource)
+        scope = Devise::Mapping.find_scope!(resource)
+        resource.remember_me!(resource.extend_remember_period)
+        cookies.signed["remember_#{scope}_token"] = remember_cookie_values(resource)
+      end
+      # Forgets the given resource by deleting a cookie
+      def forget_me(resource)
+        scope = Devise::Mapping.find_scope!(resource)
+        resource.forget_me!
+        cookies.delete("remember_#{scope}_token", forget_cookie_values(resource))
+      end
+      protected
+      def forget_cookie_values(resource)
+        Devise::Controllers::Rememberable.cookie_values.merge!(resource.rememberable_options)
+      end
+      def remember_cookie_values(resource)
+        options = { :httponly => true }
+        options.merge!(forget_cookie_values(resource))
+        options.merge!(
+          :value => resource.class.serialize_into_cookie(resource),
+          :expires => resource.remember_expires_at
+        )
+      end
+    end
+  end
+end

data/lib/devise/controllers/scoped_views.rb ADDED

@@ -0,0 +1,17 @@
+module Devise
+  module Controllers
+    module ScopedViews
+      extend ActiveSupport::Concern
+      module ClassMethods
+        def scoped_views?
+          defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
+        end
+        def scoped_views=(value)
+          @scoped_views = value
+        end
+      end
+    end
+  end
+end

data/lib/devise/controllers/url_helpers.rb ADDED

@@ -0,0 +1,67 @@
+module Devise
+  module Controllers
+    # Create url helpers to be used with resource/scope configuration. Acts as
+    # proxies to the generated routes created by devise.
+    # Resource param can be a string or symbol, a class, or an instance object.
+    # Example using a :user resource:
+    #
+    #   new_session_path(:user)      => new_user_session_path
+    #   session_path(:user)          => user_session_path
+    #   destroy_session_path(:user)  => destroy_user_session_path
+    #
+    #   new_password_path(:user)     => new_user_password_path
+    #   password_path(:user)         => user_password_path
+    #   edit_password_path(:user)    => edit_user_password_path
+    #
+    #   new_confirmation_path(:user) => new_user_confirmation_path
+    #   confirmation_path(:user)     => user_confirmation_path
+    #
+    # Those helpers are included by default to ActionController::Base.
+    #
+    # In case you want to add such helpers to another class, you can do
+    # that as long as this new class includes both url_helpers and
+    # mounted_helpers. Example:
+    #
+    #     include Rails.application.routes.url_helpers
+    #     include Rails.application.routes.mounted_helpers
+    #
+    module UrlHelpers
+      def self.remove_helpers!
+        self.instance_methods.map(&:to_s).grep(/_(url|path)$/).each do |method|
+          remove_method method
+        end
+      end
+      def self.generate_helpers!(routes=nil)
+        routes ||= begin
+          mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
+          Devise::URL_HELPERS.slice(*mappings)
+        end
+        routes.each do |module_name, actions|
+          [:path, :url].each do |path_or_url|
+            actions.each do |action|
+              action = action ? "#{action}_" : ""
+              method = "#{action}#{module_name}_#{path_or_url}"
+              class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+                def #{method}(resource_or_scope, *args)
+                  scope = Devise::Mapping.find_scope!(resource_or_scope)
+                  _devise_route_context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
+                end
+              URL_HELPERS
+            end
+          end
+        end
+      end
+      generate_helpers!(Devise::URL_HELPERS)
+      private
+      def _devise_route_context
+        @_devise_route_context ||= send(Devise.available_router_name)
+      end
+    end
+  end
+end

data/lib/devise/delegator.rb ADDED

@@ -0,0 +1,16 @@
+module Devise
+  # Checks the scope in the given environment and returns the associated failure app.
+  class Delegator
+    def call(env)
+      failure_app(env).call(env)
+    end
+    def failure_app(env)
+      app = env["warden.options"] &&
+        (scope = env["warden.options"][:scope]) &&
+        Devise.mappings[scope.to_sym].failure_app
+      app || Devise::FailureApp
+    end
+  end
+end

data/lib/devise/failure_app.rb ADDED

@@ -0,0 +1,187 @@
+require "action_controller/metal"
+module Devise
+  # Failure application that will be called every time :warden is thrown from
+  # any strategy or hook. Responsible for redirect the user to the sign in
+  # page based on current scope and mapping. If no scope is given, redirect
+  # to the default_url.
+  class FailureApp < ActionController::Metal
+    include ActionController::RackDelegation
+    include ActionController::UrlFor
+    include ActionController::Redirecting
+    include Rails.application.routes.url_helpers
+    include Rails.application.routes.mounted_helpers
+    delegate :flash, :to => :request
+    def self.call(env)
+      @respond ||= action(:respond)
+      @respond.call(env)
+    end
+    def self.default_url_options(*args)
+      if defined?(ApplicationController)
+        ApplicationController.default_url_options(*args)
+      else
+        {}
+      end
+    end
+    def respond
+      if http_auth?
+        http_auth
+      elsif warden_options[:recall]
+        recall
+      else
+        redirect
+      end
+    end
+    def http_auth
+      self.status = 401
+      self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect}) if http_auth_header?
+      self.content_type = request.format.to_s
+      self.response_body = http_auth_body
+    end
+    def recall
+      env["PATH_INFO"]  = attempted_path
+      flash.now[:alert] = i18n_message(:invalid)
+      self.response = recall_app(warden_options[:recall]).call(env)
+    end
+    def redirect
+      store_location!
+      if flash[:timedout] && flash[:alert]
+        flash.keep(:timedout)
+        flash.keep(:alert)
+      else
+        flash[:alert] = i18n_message
+      end
+      redirect_to redirect_url
+    end
+  protected
+    def i18n_message(default = nil)
+      message = warden_message || default || :unauthenticated
+      if message.is_a?(Symbol)
+        I18n.t(:"#{scope}.#{message}", :resource_name => scope,
+               :scope => "devise.failure", :default => [message])
+      else
+        message.to_s
+      end
+    end
+    def redirect_url
+      if warden_message == :timeout
+        flash[:timedout] = true
+        attempted_path || scope_path
+      else
+        scope_path
+      end
+    end
+    def scope_path
+      opts  = {}
+      route = :"new_#{scope}_session_path"
+      opts[:format] = request_format unless skip_format?
+      config = Rails.application.config
+      opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root))
+      context = send(Devise.available_router_name)
+      if context.respond_to?(route)
+        context.send(route, opts)
+      elsif respond_to?(:root_path)
+        root_path(opts)
+      else
+        "/"
+      end
+    end
+    def skip_format?
+      %w(html */*).include? request_format.to_s
+    end
+    # Choose whether we should respond in a http authentication fashion,
+    # including 401 and optional headers.
+    #
+    # This method allows the user to explicitly disable http authentication
+    # on ajax requests in case they want to redirect on failures instead of
+    # handling the errors on their own. This is useful in case your ajax API
+    # is the same as your public API and uses a format like JSON (so you
+    # cannot mark JSON as a navigational format).
+    def http_auth?
+      if request.xhr?
+        Devise.http_authenticatable_on_xhr
+      else
+        !(request_format && is_navigational_format?)
+      end
+    end
+    # It does not make sense to send authenticate headers in ajax requests
+    # or if the user disabled them.
+    def http_auth_header?
+      Devise.mappings[scope].to.http_authenticatable && !request.xhr?
+    end
+    def http_auth_body
+      return i18n_message unless request_format
+      method = "to_#{request_format}"
+      if method == "to_xml"
+        { :error => i18n_message }.to_xml(:root => "errors")
+      elsif {}.respond_to?(method)
+        { :error => i18n_message }.send(method)
+      else
+        i18n_message
+      end
+    end
+    def recall_app(app)
+      controller, action = app.split("#")
+      controller_name  = ActiveSupport::Inflector.camelize(controller)
+      controller_klass = ActiveSupport::Inflector.constantize("#{controller_name}Controller")
+      controller_klass.action(action)
+    end
+    def warden
+      env['warden']
+    end
+    def warden_options
+      env['warden.options']
+    end
+    def warden_message
+      @message ||= warden.message || warden_options[:message]
+    end
+    def scope
+      @scope ||= warden_options[:scope] || Devise.default_scope
+    end
+    def attempted_path
+      warden_options[:attempted_path]
+    end
+    # Stores requested uri to redirect the user after signing in. We cannot use
+    # scoped session provided by warden here, since the user is not authenticated
+    # yet, but we still need to store the uri based on scope, so different scopes
+    # would never use the same uri to redirect.
+    def store_location!
+      session["#{scope}_return_to"] = attempted_path if request.get? && !http_auth?
+    end
+    def is_navigational_format?
+      Devise.navigational_formats.include?(request_format)
+    end
+    def request_format
+      @request_format ||= request.format.try(:ref)
+    end
+  end
+end

data/lib/devise/hooks/activatable.rb ADDED

@@ -0,0 +1,11 @@
+# Deny user access whenever his account is not active yet. All strategies that inherits from
+# Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication?
+# before actively signing him in. However, we need this as hook to validate the user activity
+# in each request and in case the user is using other strategies beside Devise ones.
+Warden::Manager.after_set_user do |record, warden, options|
+  if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication?
+    scope = options[:scope]
+    warden.logout(scope)
+    throw :warden, :scope => scope, :message => record.inactive_message
+  end
+end

data/lib/devise/hooks/forgetable.rb ADDED

@@ -0,0 +1,9 @@
+# Before logout hook to forget the user in the given scope, if it responds
+# to forget_me! Also clear remember token to ensure the user won't be
+# remembered again. Notice that we forget the user unless the record is not persisted.
+# This avoids forgetting deleted users.
+Warden::Manager.before_logout do |record, warden, options|
+  if record.respond_to?(:forget_me!)
+    Devise::Controllers::Rememberable::Proxy.new(warden).forget_me(record)
+  end
+end

data/lib/devise/hooks/lockable.rb ADDED

@@ -0,0 +1,7 @@
+# After each sign in, if resource responds to failed_attempts, sets it to 0
+# This is only triggered when the user is explicitly set (with set_user)
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
+    record.update_attribute(:failed_attempts, 0)
+  end
+end

data/lib/devise/hooks/rememberable.rb ADDED

@@ -0,0 +1,6 @@
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  scope = options[:scope]
+  if record.respond_to?(:remember_me) && record.remember_me && warden.authenticated?(scope)
+    Devise::Controllers::Rememberable::Proxy.new(warden).remember_me(record)
+  end
+end

data/lib/devise/hooks/timeoutable.rb ADDED

@@ -0,0 +1,25 @@
+# Each time a record is set we check whether its session has already timed out
+# or not, based on last request time. If so, the record is logged out and
+# redirected to the sign in page. Also, each time the request comes and the
+# record is set, we set the last request time inside its scoped session to
+# verify timeout in the following request.
+Warden::Manager.after_set_user do |record, warden, options|
+  scope = options[:scope]
+  env   = warden.request.env
+  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
+    last_request_at = warden.session(scope)['last_request_at']
+    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
+      warden.logout(scope)
+      if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
+        record.reset_authentication_token!
+      end
+      throw :warden, :scope => scope, :message => :timeout
+    end
+    unless env['devise.skip_trackable']
+      warden.session(scope)['last_request_at'] = Time.now.utc
+    end
+  end
+end

data/lib/devise/hooks/trackable.rb ADDED

@@ -0,0 +1,9 @@
+# After each sign in, update sign in time, sign in count and sign in IP.
+# This is only triggered when the user is explicitly set (with set_user)
+# and on authentication. Retrieving the user from session (:fetch) does
+# not trigger it.
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_trackable']
+    record.update_tracked_fields!(warden.request)
+  end
+end

data/lib/devise/mailers/helpers.rb ADDED

@@ -0,0 +1,91 @@
+module Devise
+  module Mailers
+    module Helpers
+      extend ActiveSupport::Concern
+      included do
+        include Devise::Controllers::ScopedViews
+        attr_reader :scope_name, :resource
+      end
+      protected
+      # Configure default email options
+      def devise_mail(record, action)
+        initialize_from_record(record)
+        mail headers_for(action)
+      end
+      def initialize_from_record(record)
+        @scope_name = Devise::Mapping.find_scope!(record)
+        @resource   = instance_variable_set("@#{devise_mapping.name}", record)
+      end
+      def devise_mapping
+        @devise_mapping ||= Devise.mappings[scope_name]
+      end
+      def headers_for(action)
+        headers = {
+          :subject       => translate(devise_mapping, action),
+          :to            => resource.email,
+          :from          => mailer_sender(devise_mapping),
+          :reply_to      => mailer_reply_to(devise_mapping),
+          :template_path => template_paths
+        }
+        if resource.respond_to?(:headers_for)
+          headers.merge!(resource.headers_for(action))
+        end
+        headers
+      end
+      def mailer_reply_to(mapping)
+        mailer_sender(mapping, :reply_to)
+      end
+      def mailer_from(mapping)
+        mailer_sender(mapping, :from)
+      end
+      def mailer_sender(mapping, sender = :from)
+        if default_params[sender].present?
+          default_params[sender]
+        elsif Devise.mailer_sender.is_a?(Proc)
+          Devise.mailer_sender.call(mapping.name)
+        else
+          Devise.mailer_sender
+        end
+      end
+      def template_paths
+        template_path = [self.class.mailer_name]
+        template_path.unshift "#{@devise_mapping.scoped_path}/mailer" if self.class.scoped_views?
+        template_path
+      end
+      # Setup a subject doing an I18n lookup. At first, it attemps to set a subject
+      # based on the current mapping:
+      #
+      #   en:
+      #     devise:
+      #       mailer:
+      #         confirmation_instructions:
+      #           user_subject: '...'
+      #
+      # If one does not exist, it fallbacks to ActionMailer default:
+      #
+      #   en:
+      #     devise:
+      #       mailer:
+      #         confirmation_instructions:
+      #           subject: '...'
+      #
+      def translate(mapping, key)
+        I18n.t(:"#{mapping.name}_subject", :scope => [:devise, :mailer, key],
+          :default => [:subject, key.to_s.humanize])
+      end
+    end
+  end
+end