cloudfoundry-devise 1.5.2

data/lib/devise/models/trackable.rb

@@ -0,0 +1,30 @@
+require 'devise/hooks/trackable'
+
+module Devise
+  module Models
+    # Track information about your user sign in. It tracks the following columns:
+    #
+    # * sign_in_count      - Increased every time a sign in is made (by form, openid, oauth)
+    # * current_sign_in_at - A timestamp updated when the user signs in
+    # * last_sign_in_at    - Holds the timestamp of the previous sign in
+    # * current_sign_in_ip - The remote ip updated when the user sign in
+    # * last_sign_in_ip    - Holds the remote ip of the previous sign in
+    #
+    module Trackable
+      def update_tracked_fields!(request)
+        old_current, new_current = self.current_sign_in_at, Time.now.utc
+        self.last_sign_in_at     = old_current || new_current
+        self.current_sign_in_at  = new_current
+
+        old_current, new_current = self.current_sign_in_ip, request.ip
+        self.last_sign_in_ip     = old_current || new_current
+        self.current_sign_in_ip  = new_current
+
+        self.sign_in_count ||= 0
+        self.sign_in_count += 1
+
+        save(:validate => false)
+      end
+    end
+  end
+end

data/lib/devise/models/validatable.rb

@@ -0,0 +1,62 @@
+module Devise
+  module Models
+    # Validatable creates all needed validations for a user email and password.
+    # It's optional, given you may want to create the validations by yourself.
+    # Automatically validate if the email is present, unique and its format is
+    # valid. Also tests presence of password, confirmation and length.
+    #
+    # == Options
+    #
+    # Validatable adds the following options to devise_for:
+    #
+    #   * +email_regexp+: the regular expression used to validate e-mails;
+    #   * +password_length+: a range expressing password length. Defaults to 6..128.
+    #
+    module Validatable
+      # All validations used by this module.
+      VALIDATIONS = [ :validates_presence_of, :validates_uniqueness_of, :validates_format_of,
+                      :validates_confirmation_of, :validates_length_of ].freeze
+
+      def self.included(base)
+        base.extend ClassMethods
+        assert_validations_api!(base)
+
+        base.class_eval do
+          validates_presence_of   :email, :if => :email_required?
+          validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed?
+          validates_format_of     :email, :with  => email_regexp, :allow_blank => true, :if => :email_changed?
+
+          validates_presence_of     :password, :if => :password_required?
+          validates_confirmation_of :password, :if => :password_required?
+          validates_length_of       :password, :within => password_length, :allow_blank => true
+        end
+      end
+
+      def self.assert_validations_api!(base) #:nodoc:
+        unavailable_validations = VALIDATIONS.select { |v| !base.respond_to?(v) }
+
+        unless unavailable_validations.empty?
+          raise "Could not use :validatable module since #{base} does not respond " <<
+                "to the following methods: #{unavailable_validations.to_sentence}."
+        end
+      end
+
+    protected
+
+      # Checks whether a password is needed or not. For validations only.
+      # Passwords are always required if it's a new record, or if the password
+      # or confirmation are being set somewhere.
+      def password_required?
+        !persisted? || !password.nil? || !password_confirmation.nil?
+      end
+
+      def email_required?
+        true
+      end
+
+      module ClassMethods
+        Devise::Models.config(self, :email_regexp, :password_length)
+      end
+    end
+  end
+end

data/lib/devise/modules.rb

@@ -0,0 +1,30 @@
+require 'active_support/core_ext/object/with_options'
+
+Devise.with_options :model => true do |d|
+  # Strategies first
+  d.with_options :strategy => true do |s|
+    routes = [nil, :new, :destroy]
+    s.add_module :database_authenticatable, :controller => :sessions, :route => { :session => routes }
+    s.add_module :token_authenticatable
+    s.add_module :rememberable
+  end
+
+  # Other authentications
+  d.add_module :encryptable
+  d.add_module :omniauthable, :controller => :omniauth_callbacks,  :route => :omniauth_callback
+
+  # Misc after
+  routes = [nil, :new, :edit]
+  d.add_module :recoverable,  :controller => :passwords,     :route => { :password => routes }
+  d.add_module :registerable, :controller => :registrations, :route => { :registration => (routes << :cancel) }
+  d.add_module :validatable
+
+  # The ones which can sign out after
+  routes = [nil, :new]
+  d.add_module :confirmable,  :controller => :confirmations, :route => { :confirmation => routes }
+  d.add_module :lockable,     :controller => :unlocks,       :route => { :unlock => routes }
+  d.add_module :timeoutable
+
+  # Stats for last, so we make sure the user is really signed in
+  d.add_module :trackable
+end

data/lib/devise/omniauth.rb

@@ -0,0 +1,28 @@
+begin
+  require "omniauth"
+  require "omniauth/version"
+rescue LoadError => e
+  warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
+  raise
+end
+
+unless OmniAuth::VERSION =~ /^1\./
+  raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
+end
+
+# Clean up the default path_prefix. It will be automatically set by Devise.
+OmniAuth.config.path_prefix = nil
+
+OmniAuth.config.on_failure = Proc.new do |env|
+  env['devise.mapping'] = Devise::Mapping.find_by_path!(env['PATH_INFO'], :path)
+  controller_name  = ActiveSupport::Inflector.camelize(env['devise.mapping'].controllers[:omniauth_callbacks])
+  controller_klass = ActiveSupport::Inflector.constantize("#{controller_name}Controller")
+  controller_klass.action(:failure).call(env)
+end
+
+module Devise
+  module OmniAuth
+    autoload :Config,      "devise/omniauth/config"
+    autoload :UrlHelpers,  "devise/omniauth/url_helpers"
+  end
+end

data/lib/devise/omniauth/config.rb

@@ -0,0 +1,45 @@
+module Devise
+  module OmniAuth
+    class StrategyNotFound < NameError
+      def initialize(strategy)
+        @strategy = strategy
+        super("Could not find a strategy with name `#{strategy}'. " \
+          "Please ensure it is required or explicitly set it using the :strategy_class option.")
+      end
+    end
+
+    class Config
+      attr_accessor :strategy
+      attr_reader :args, :options, :provider, :strategy_name
+
+      def initialize(provider, args)
+        @provider       = provider
+        @args           = args
+        @options        = @args.last.is_a?(Hash) ? @args.last : {}
+        @strategy       = nil
+        @strategy_name  = options[:name] || @provider
+        @strategy_class = options.delete(:strategy_class)
+      end
+
+      def strategy_class
+        @strategy_class ||= find_strategy || autoload_strategy
+      end
+
+      def find_strategy
+        ::OmniAuth.strategies.find do |strategy_class|
+          strategy_class.to_s =~ /#{::OmniAuth::Utils.camelize(strategy_name)}$/ ||
+            strategy_class.default_options[:name] == strategy_name
+        end
+      end
+
+      def autoload_strategy
+        name = ::OmniAuth::Utils.camelize(provider.to_s)
+        if ::OmniAuth::Strategies.const_defined?(name)
+          ::OmniAuth::Strategies.const_get(name)
+        else
+          raise StrategyNotFound, name
+        end
+      end
+    end
+  end
+end

data/lib/devise/omniauth/url_helpers.rb

@@ -0,0 +1,33 @@
+module Devise
+  module OmniAuth
+    module UrlHelpers
+      def self.define_helpers(mapping)
+        return unless mapping.omniauthable?
+
+        class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+          def #{mapping.name}_omniauth_authorize_path(provider, params = {})
+            if Devise.omniauth_configs[provider.to_sym]
+              script_name = request.env["SCRIPT_NAME"]
+
+              path = "\#{script_name}/#{mapping.path}/auth/\#{provider}\".squeeze("/")
+              path << '?' + params.to_param if params.present?
+              path
+            else
+              raise ArgumentError, "Could not find omniauth provider \#{provider.inspect}"
+            end
+          end
+        URL_HELPERS
+      end
+
+      def omniauth_authorize_path(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        send("#{scope}_omniauth_authorize_path", *args)
+      end
+
+      def omniauth_callback_path(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        send("#{scope}_omniauth_callback_path", *args)
+      end
+    end
+  end
+end

data/lib/devise/orm/active_record.rb

@@ -0,0 +1,44 @@
+require 'orm_adapter/adapters/active_record'
+
+module Devise
+  module Orm
+    # This module contains some helpers and handle schema (migrations):
+    #
+    #   create_table :accounts do |t|
+    #     t.database_authenticatable
+    #     t.confirmable
+    #     t.recoverable
+    #     t.rememberable
+    #     t.trackable
+    #     t.lockable
+    #     t.timestamps
+    #   end
+    #
+    # However this method does not add indexes. If you need them, here is the declaration:
+    #
+    #   add_index "accounts", ["email"],                :name => "email",                :unique => true
+    #   add_index "accounts", ["confirmation_token"],   :name => "confirmation_token",   :unique => true
+    #   add_index "accounts", ["reset_password_token"], :name => "reset_password_token", :unique => true
+    #
+    module ActiveRecord
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods.
+        def apply_devise_schema(name, type, options={})
+          @__devise_warning_raised ||= begin
+            ActiveSupport::Deprecation.warn "You are using t.database_authenticatable and others in your migration " \
+              "and this feature is deprecated. Please simply use Rails helpers instead as mentioned here: " \
+              "https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0-migration-schema-style"
+            true
+          end
+          column name, type.to_s.downcase.to_sym, options
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.extend Devise::Models
+ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord::Schema
+ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord::Schema

data/lib/devise/orm/mongoid.rb

@@ -0,0 +1,31 @@
+require 'orm_adapter/adapters/mongoid'
+
+module Devise
+  module Orm
+    module Mongoid
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods
+        def apply_devise_schema(name, type, options={})
+          type = Time if type == DateTime
+          field name, { :type => type }.merge!(options)
+        end
+      end
+    end
+  end
+end
+
+Mongoid::Document::ClassMethods.class_eval do
+  include Devise::Models
+  include Devise::Orm::Mongoid::Hook
+end

data/lib/devise/param_filter.rb

@@ -0,0 +1,41 @@
+module Devise
+  class ParamFilter
+    def initialize(case_insensitive_keys, strip_whitespace_keys)
+      @case_insensitive_keys = case_insensitive_keys || []
+      @strip_whitespace_keys = strip_whitespace_keys || []
+    end
+
+    def filter(conditions)
+      conditions = stringify_params(conditions.dup)
+
+      @case_insensitive_keys.each do |k|
+        value = conditions[k]
+        next unless value.respond_to?(:downcase)
+        conditions[k] = value.downcase
+      end
+
+      @strip_whitespace_keys.each do |k|
+        value = conditions[k]
+        next unless value.respond_to?(:strip)
+        conditions[k] = value.strip
+      end
+
+      conditions
+    end
+
+    # Force keys to be string to avoid injection on mongoid related database.
+    def stringify_params(conditions)
+      return conditions unless conditions.is_a?(Hash)
+      conditions.each do |k, v|
+        conditions[k] = v.to_s if param_requires_string_conversion?(v)
+      end
+    end
+
+    private
+
+    # Determine which values should be transformed to string or passed as-is to the query builder underneath
+    def param_requires_string_conversion?(value)
+      true unless value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Fixnum)
+    end
+  end
+end

data/lib/devise/path_checker.rb

@@ -0,0 +1,18 @@
+module Devise
+  class PathChecker
+    include Rails.application.routes.url_helpers
+
+    def self.default_url_options(*args)
+      ApplicationController.default_url_options(*args)
+    end
+
+    def initialize(env, scope)
+      @current_path = "/#{env["SCRIPT_NAME"]}/#{env["PATH_INFO"]}".squeeze("/")
+      @scope = scope
+    end
+
+    def signing_out?
+      @current_path == send("destroy_#{@scope}_session_path")
+    end
+  end
+end

data/lib/devise/rails.rb

@@ -0,0 +1,73 @@
+require 'devise/rails/routes'
+require 'devise/rails/warden_compat'
+
+module Devise
+  class Engine < ::Rails::Engine
+    config.devise = Devise
+
+    # Initialize Warden and copy its configurations.
+    config.app_middleware.use Warden::Manager do |config|
+      Devise.warden_config = config
+    end
+
+    # Force routes to be loaded if we are doing any eager load.
+    config.before_eager_load { |app| app.reload_routes! }
+
+    initializer "devise.url_helpers" do
+      Devise.include_helpers(Devise::Controllers)
+    end
+
+    initializer "devise.omniauth" do |app|
+      Devise.omniauth_configs.each do |provider, config|
+        app.middleware.use config.strategy_class, *config.args do |strategy|
+          config.strategy = strategy
+        end
+      end
+
+      if Devise.omniauth_configs.any?
+        Devise.include_helpers(Devise::OmniAuth)
+      end
+    end
+
+    initializer "devise.mongoid_version_warning" do
+      if defined?(Mongoid)
+        require 'mongoid/version'
+        if Mongoid::VERSION.to_f < 2.1
+          puts "\n[DEVISE] Please note that Mongoid versions prior to 2.1 handle dirty model " \
+            "object attributes in such a way that the Devise `validatable` module will not apply " \
+            "its usual uniqueness and format validations for the email field. It is recommended " \
+            "that you upgrade to Mongoid 2.1+ for this and other fixes, but if for some reason you " \
+            "are unable to do so, you should add these validations manually.\n"
+        end
+      end
+    end
+
+    initializer "devise.deprecations" do
+      if Devise.case_insensitive_keys == false
+        puts "\n[DEVISE] Devise.case_insensitive_keys is false and is no longer " \
+          "supported. If you want to continue running on this mode, please ensure " \
+          "you are not using validatable in your models and set this value to an empty array."
+      end
+
+      if Devise.apply_schema && defined?(Mongoid)
+        puts "\n[DEVISE] Devise.apply_schema is true. This means Devise was " \
+          "automatically configuring your DB. This no longer happens. You should " \
+          "set Devise.apply_schema to false and manually set the fields used by Devise as shown here: " \
+          "https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0-migration-schema-style"
+      end
+
+      # TODO: Deprecate the true value of this option as well
+      if Devise.use_salt_as_remember_token == false
+        puts "\n[DEVISE] Devise.use_salt_as_remember_token is false and is no longer " \
+          "supported. Devise will use part of salt as remember token and the remember " \
+          "token column can be removed from your models."
+      end
+
+      if Devise.reset_password_within.nil?
+        puts "\n[DEVISE] Devise.reset_password_within is nil. Please set this value to " \
+          "an interval (for example, 6.hours) and add a reset_password_sent_at field to " \
+          "your Devise models (if they don't have one already)."
+      end
+    end
+  end
+end