cloudfoundry-devise 1.5.2

data/lib/devise/hooks/timeoutable.rb

@@ -0,0 +1,24 @@
+# Each time a record is set we check whether its session has already timed out
+# or not, based on last request time. If so, the record is logged out and
+# redirected to the sign in page. Also, each time the request comes and the
+# record is set, we set the last request time inside its scoped session to
+# verify timeout in the following request.
+Warden::Manager.after_set_user do |record, warden, options|
+  scope = options[:scope]
+
+  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
+    last_request_at = warden.session(scope)['last_request_at']
+
+    if record.timedout?(last_request_at)
+      path_checker = Devise::PathChecker.new(warden.env, scope)
+      unless path_checker.signing_out?
+        warden.logout(scope)
+        throw :warden, :scope => scope, :message => :timeout
+      end
+    end
+
+    unless warden.request.env['devise.skip_trackable']
+      warden.session(scope)['last_request_at'] = Time.now.utc
+    end
+  end
+end

data/lib/devise/hooks/trackable.rb

@@ -0,0 +1,9 @@
+# After each sign in, update sign in time, sign in count and sign in IP.
+# This is only triggered when the user is explicitly set (with set_user)
+# and on authentication. Retrieving the user from session (:fetch) does
+# not trigger it.
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_trackable']
+    record.update_tracked_fields!(warden.request)
+  end
+end

data/lib/devise/mailers/helpers.rb

@@ -0,0 +1,86 @@
+module Devise
+  module Mailers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        include Devise::Controllers::ScopedViews
+        attr_reader :scope_name, :resource
+      end
+
+      protected
+
+      # Configure default email options
+      def devise_mail(record, action)
+        initialize_from_record(record)
+        mail headers_for(action)
+      end
+
+      def initialize_from_record(record)
+        @scope_name = Devise::Mapping.find_scope!(record)
+        @resource   = instance_variable_set("@#{devise_mapping.name}", record)
+      end
+
+      def devise_mapping
+        @devise_mapping ||= Devise.mappings[scope_name]
+      end
+
+      def headers_for(action)
+        headers = {
+          :subject       => translate(devise_mapping, action),
+          :from          => mailer_sender(devise_mapping),
+          :to            => resource.email,
+          :template_path => template_paths
+        }
+
+        if resource.respond_to?(:headers_for)
+          headers.merge!(resource.headers_for(action))
+        end
+
+        unless headers.key?(:reply_to)
+          headers[:reply_to] = headers[:from]
+        end
+
+        headers
+      end
+
+      def mailer_sender(mapping)
+        if default_params[:from].present?
+          default_params[:from]
+        elsif Devise.mailer_sender.is_a?(Proc)
+          Devise.mailer_sender.call(mapping.name)
+        else
+          Devise.mailer_sender
+        end
+      end
+
+      def template_paths
+        template_path = [self.class.mailer_name]
+        template_path.unshift "#{@devise_mapping.scoped_path}/mailer" if self.class.scoped_views?
+        template_path
+      end
+
+      # Setup a subject doing an I18n lookup. At first, it attemps to set a subject
+      # based on the current mapping:
+      #
+      #   en:
+      #     devise:
+      #       mailer:
+      #         confirmation_instructions:
+      #           user_subject: '...'
+      #
+      # If one does not exist, it fallbacks to ActionMailer default:
+      #
+      #   en:
+      #     devise:
+      #       mailer:
+      #         confirmation_instructions:
+      #           subject: '...'
+      #
+      def translate(mapping, key)
+        I18n.t(:"#{mapping.name}_subject", :scope => [:devise, :mailer, key],
+          :default => [:subject, key.to_s.humanize])
+      end
+    end
+  end
+end

data/lib/devise/mapping.rb

@@ -0,0 +1,175 @@
+module Devise
+  # Responsible for handling devise mappings and routes configuration. Each
+  # resource configured by devise_for in routes is actually creating a mapping
+  # object. You can refer to devise_for in routes for usage options.
+  #
+  # The required value in devise_for is actually not used internally, but it's
+  # inflected to find all other values.
+  #
+  #   map.devise_for :users
+  #   mapping = Devise.mappings[:user]
+  #
+  #   mapping.name #=> :user
+  #   # is the scope used in controllers and warden, given in the route as :singular.
+  #
+  #   mapping.as   #=> "users"
+  #   # how the mapping should be search in the path, given in the route as :as.
+  #
+  #   mapping.to   #=> User
+  #   # is the class to be loaded from routes, given in the route as :class_name.
+  #
+  #   mapping.modules  #=> [:authenticatable]
+  #   # is the modules included in the class
+  #
+  class Mapping #:nodoc:
+    attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers,
+                :constraints, :defaults, :failure_app
+
+    alias :name :singular
+
+    # Receives an object and find a scope for it. If a scope cannot be found,
+    # raises an error. If a symbol is given, it's considered to be the scope.
+    def self.find_scope!(duck)
+      case duck
+      when String, Symbol
+        return duck
+      when Class
+        Devise.mappings.each_value { |m| return m.name if duck <= m.to }
+      else
+        Devise.mappings.each_value { |m| return m.name if duck.is_a?(m.to) }
+      end
+
+      raise "Could not find a valid mapping for #{duck.inspect}"
+    end
+
+    def self.find_by_path!(path, path_type=:fullpath)
+      Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) }
+      raise "Could not find a valid mapping for path #{path.inspect}"
+    end
+
+    def initialize(name, options) #:nodoc:
+      @scoped_path = options[:as] ? "#{options[:as]}/#{name}" : name.to_s
+      @singular = (options[:singular] || @scoped_path.tr('/', '_').singularize).to_sym
+
+      @class_name = (options[:class_name] || name.to_s.classify).to_s
+      @klass = Devise.ref(@class_name)
+
+      @path = (options[:path] || name).to_s
+      @path_prefix = options[:path_prefix]
+
+      @sign_out_via = options[:sign_out_via] || Devise.sign_out_via
+      @format = options[:format]
+
+      default_failure_app(options)
+      default_controllers(options)
+      default_path_names(options)
+      default_constraints(options)
+      default_defaults(options)
+      default_used_route(options)
+      default_used_helpers(options)
+    end
+
+    # Return modules for the mapping.
+    def modules
+      @modules ||= to.respond_to?(:devise_modules) ? to.devise_modules : []
+    end
+
+    # Gives the class the mapping points to.
+    def to
+      @klass.get
+    end
+
+    def strategies
+      @strategies ||= STRATEGIES.values_at(*self.modules).compact.uniq.reverse
+    end
+
+    def no_input_strategies
+      self.strategies & Devise::NO_INPUT
+    end
+
+    def routes
+      @routes ||= ROUTES.values_at(*self.modules).compact.uniq
+    end
+
+    def authenticatable?
+      @authenticatable ||= self.modules.any? { |m| m.to_s =~ /authenticatable/ }
+    end
+
+    def fullpath
+      "/#{@path_prefix}/#{@path}".squeeze("/")
+    end
+
+    # Create magic predicates for verifying what module is activated by this map.
+    # Example:
+    #
+    #   def confirmable?
+    #     self.modules.include?(:confirmable)
+    #   end
+    #
+    def self.add_module(m)
+      class_eval <<-METHOD, __FILE__, __LINE__ + 1
+        def #{m}?
+          self.modules.include?(:#{m})
+        end
+      METHOD
+    end
+
+    private
+
+    def default_failure_app(options)
+      @failure_app = options[:failure_app] || Devise::FailureApp
+      if @failure_app.is_a?(String)
+        ref = Devise.ref(@failure_app)
+        @failure_app = lambda { |env| ref.get.call(env) }
+      end
+    end
+
+    def default_controllers(options)
+      mod = options[:module] || "devise"
+      @controllers = Hash.new { |h,k| h[k] = "#{mod}/#{k}" }
+      @controllers.merge!(options[:controllers]) if options[:controllers]
+      @controllers.each { |k,v| @controllers[k] = v.to_s }
+    end
+
+    def default_path_names(options)
+      @path_names = Hash.new { |h,k| h[k] = k.to_s }
+      @path_names[:registration] = ""
+      @path_names.merge!(options[:path_names]) if options[:path_names]
+    end
+
+    def default_constraints(options)
+      @constraints = Hash.new
+      @constraints.merge!(options[:constraints]) if options[:constraints]
+    end
+
+    def default_defaults(options)
+      @defaults = Hash.new
+      @defaults.merge!(options[:defaults]) if options[:defaults]
+    end
+
+    def default_used_route(options)
+      singularizer = lambda { |s| s.to_s.singularize.to_sym }
+
+      if options.has_key?(:only)
+        @used_routes = self.routes & Array(options[:only]).map(&singularizer)
+      elsif options[:skip] == :all
+        @used_routes = []
+      else
+        @used_routes = self.routes - Array(options[:skip]).map(&singularizer)
+      end
+    end
+
+    def default_used_helpers(options)
+      singularizer = lambda { |s| s.to_s.singularize.to_sym }
+
+      if options[:skip_helpers] == true
+        @used_helpers = @used_routes
+      elsif skip = options[:skip_helpers]
+        @used_helpers = self.routes - Array(skip).map(&singularizer)
+      else
+        @used_helpers = self.routes
+      end
+    end
+  end
+end

data/lib/devise/models.rb

@@ -0,0 +1,91 @@
+module Devise
+  module Models
+    # Creates configuration values for Devise and for the given module.
+    #
+    #   Devise::Models.config(Devise::Authenticatable, :stretches, 10)
+    #
+    # The line above creates:
+    #
+    #   1) An accessor called Devise.stretches, which value is used by default;
+    #
+    #   2) Some class methods for your model Model.stretches and Model.stretches=
+    #      which have higher priority than Devise.stretches;
+    #
+    #   3) And an instance method stretches.
+    #
+    # To add the class methods you need to have a module ClassMethods defined
+    # inside the given class.
+    #
+    def self.config(mod, *accessors) #:nodoc:
+      (class << mod; self; end).send :attr_accessor, :available_configs
+      mod.available_configs = accessors
+
+      accessors.each do |accessor|
+        mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
+          def #{accessor}
+            if defined?(@#{accessor})
+              @#{accessor}
+            elsif superclass.respond_to?(:#{accessor})
+              superclass.#{accessor}
+            else
+              Devise.#{accessor}
+            end
+          end
+
+          def #{accessor}=(value)
+            @#{accessor} = value
+          end
+        METHOD
+      end
+    end
+
+    # Include the chosen devise modules in your model:
+    #
+    #   devise :database_authenticatable, :confirmable, :recoverable
+    #
+    # You can also give any of the devise configuration values in form of a hash,
+    # with specific values for this model. Please check your Devise initializer
+    # for a complete description on those values.
+    #
+    def devise(*modules)
+      include Devise::Models::Authenticatable
+      options = modules.extract_options!.dup
+
+      selected_modules = modules.map(&:to_sym).uniq.sort_by do |s|
+        Devise::ALL.index(s) || -1  # follow Devise::ALL order
+      end
+
+      devise_modules_hook! do
+        selected_modules.each do |m|
+          mod = Devise::Models.const_get(m.to_s.classify)
+
+          if mod.const_defined?("ClassMethods")
+            class_mod = mod.const_get("ClassMethods")
+            extend class_mod
+
+            if class_mod.respond_to?(:available_configs)
+              available_configs = class_mod.available_configs
+              available_configs.each do |config|
+                next unless options.key?(config)                
+                send(:"#{config}=", options.delete(config))
+              end
+            end
+          end
+
+          include mod
+        end
+
+        self.devise_modules |= selected_modules
+        options.each { |key, value| send(:"#{key}=", value) }
+      end
+    end
+
+    # The hook which is called inside devise. So your ORM can include devise
+    # compatibility stuff.
+    def devise_modules_hook!
+      yield
+    end
+  end
+end
+
+require 'devise/models/authenticatable'

data/lib/devise/models/authenticatable.rb

@@ -0,0 +1,181 @@
+require 'devise/hooks/activatable'
+require 'devise/models/serializable'
+
+module Devise
+  module Models
+    # Authenticatable module. Holds common settings for authentication.
+    #
+    # == Options
+    #
+    # Authenticatable adds the following options to devise_for:
+    #
+    #   * +authentication_keys+: parameters used for authentication. By default [:email].
+    #
+    #   * +request_keys+: parameters from the request object used for authentication.
+    #     By specifying a symbol (which should be a request method), it will automatically be
+    #     passed to find_for_authentication method and considered in your model lookup.
+    #
+    #     For instance, if you set :request_keys to [:subdomain], :subdomain will be considered
+    #     as key on authentication. This can also be a hash where the value is a boolean expliciting
+    #     if the value is required or not.
+    #
+    #   * +http_authenticatable+: if this model allows http authentication. By default true.
+    #     It also accepts an array specifying the strategies that should allow http.
+    #
+    #   * +params_authenticatable+: if this model allows authentication through request params. By default true.
+    #     It also accepts an array specifying the strategies that should allow params authentication.
+    #
+    # == active_for_authentication?
+    #
+    # After authenticating a user and in each request, Devise checks if your model is active by
+    # calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance,
+    # :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.
+    #
+    # You overwrite this method yourself, but if you do, don't forget to call super:
+    #
+    #   def active_for_authentication?
+    #     super && special_condition_is_valid?
+    #   end
+    #
+    # Whenever active_for_authentication? returns false, Devise asks the reason why your model is inactive using
+    # the inactive_message method. You can overwrite it as well:
+    #
+    #   def inactive_message
+    #     special_condition_is_valid? ? super : :special_condition_is_not_valid
+    #   end
+    #
+    module Authenticatable
+      extend ActiveSupport::Concern
+
+      include Devise::Models::Serializable
+
+      included do
+        class_attribute :devise_modules, :instance_writer => false
+        self.devise_modules ||= []
+
+        before_validation :downcase_keys
+        before_validation :strip_whitespace
+      end
+
+      # Check if the current object is valid for authentication. This method and
+      # find_for_authentication are the methods used in a Warden::Strategy to check
+      # if a model should be signed in or not.
+      #
+      # However, you should not overwrite this method, you should overwrite active_for_authentication?
+      # and inactive_message instead.
+      def valid_for_authentication?
+        block_given? ? yield : true
+      end
+
+      def active_for_authentication?
+        true
+      end
+
+      def inactive_message
+        :inactive
+      end
+
+      def authenticatable_salt
+      end
+
+      def devise_mailer
+        Devise.mailer
+      end
+
+      def headers_for(name)
+        {}
+      end
+
+      def downcase_keys
+        (self.class.case_insensitive_keys || []).each { |k| self[k].try(:downcase!) }
+      end
+
+      def strip_whitespace
+        (self.class.strip_whitespace_keys || []).each { |k| self[k].try(:strip!) }
+      end
+
+      module ClassMethods
+        Devise::Models.config(self, :authentication_keys, :request_keys, :strip_whitespace_keys,
+          :case_insensitive_keys, :http_authenticatable, :params_authenticatable)
+
+        def serialize_into_session(record)
+          [record.to_key, record.authenticatable_salt]
+        end
+
+        def serialize_from_session(key, salt)
+          record = to_adapter.get(key)
+          record if record && record.authenticatable_salt == salt
+        end
+
+        def params_authenticatable?(strategy)
+          params_authenticatable.is_a?(Array) ?
+            params_authenticatable.include?(strategy) : params_authenticatable
+        end
+
+        def http_authenticatable?(strategy)
+          http_authenticatable.is_a?(Array) ?
+            http_authenticatable.include?(strategy) : http_authenticatable
+        end
+
+        # Find first record based on conditions given (ie by the sign in form).
+        # Overwrite to add customized conditions, create a join, or maybe use a
+        # namedscope to filter records while authenticating.
+        # Example:
+        #
+        #   def self.find_for_authentication(conditions={})
+        #     conditions[:active] = true
+        #     super
+        #   end
+        #
+        def find_for_authentication(conditions)
+          find_first_by_auth_conditions(conditions)
+        end
+
+        def find_first_by_auth_conditions(conditions)
+          to_adapter.find_first devise_param_filter.filter(conditions)
+        end
+
+        # Find an initialize a record setting an error if it can't be found.
+        def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
+          find_or_initialize_with_errors([attribute], { attribute => value }, error)
+        end
+
+        # Find an initialize a group of attributes based on a list of required attributes.
+        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
+          attributes = attributes.slice(*required_attributes)
+          attributes.delete_if { |key, value| value.blank? }
+
+          if attributes.size == required_attributes.size
+            record = find_first_by_auth_conditions(attributes)
+          end
+
+          unless record
+            record = new
+
+            required_attributes.each do |key|
+              value = attributes[key]
+              record.send("#{key}=", value)
+              record.errors.add(key, value.present? ? error : :blank)
+            end
+          end
+
+          record
+        end
+
+        protected
+
+        def devise_param_filter
+          @devise_param_filter ||= Devise::ParamFilter.new(case_insensitive_keys, strip_whitespace_keys)
+        end
+
+        # Generate a token by looping and ensuring does not already exist.
+        def generate_token(column)
+          loop do
+            token = Devise.friendly_token
+            break token unless to_adapter.find_first({ column => token })
+          end
+        end
+      end
+    end
+  end
+end