cloudfoundry-devise 1.5.2

data/app/controllers/devise/confirmations_controller.rb

@@ -0,0 +1,46 @@
+class Devise::ConfirmationsController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+
+  # GET /resource/confirmation/new
+  def new
+    build_resource({})
+    render_with_scope :new
+  end
+
+  # POST /resource/confirmation
+  def create
+    self.resource = resource_class.send_confirmation_instructions(params[resource_name])
+
+    if successfully_sent?(resource)
+      respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
+    else
+      respond_with_navigational(resource){ render_with_scope :new }
+    end
+  end
+
+  # GET /resource/confirmation?confirmation_token=abcdef
+  def show
+    self.resource = resource_class.confirm_by_token(params[:confirmation_token])
+
+    if resource.errors.empty?
+      set_flash_message(:notice, :confirmed) if is_navigational_format?
+      sign_in(resource_name, resource)
+      respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
+    else
+      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render_with_scope :new }
+    end
+  end
+
+  protected
+
+    # The path used after resending confirmation instructions.
+    def after_resending_confirmation_instructions_path_for(resource_name)
+      new_session_path(resource_name)
+    end
+
+    # The path used after confirmation.
+    def after_confirmation_path_for(resource_name, resource)
+      after_sign_in_path_for(resource)
+    end
+
+end

data/app/controllers/devise/omniauth_callbacks_controller.rb

@@ -0,0 +1,26 @@
+class Devise::OmniauthCallbacksController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+
+  def failure
+    set_flash_message :alert, :failure, :kind => failed_strategy.name.to_s.humanize, :reason => failure_message
+    redirect_to after_omniauth_failure_path_for(resource_name)
+  end
+
+  protected
+
+  def failed_strategy
+    env["omniauth.error.strategy"]
+  end
+
+  def failure_message
+    exception = env["omniauth.error"]
+    error   = exception.error_reason if exception.respond_to?(:error_reason)
+    error ||= exception.error        if exception.respond_to?(:error)
+    error ||= env["omniauth.error.type"].to_s
+    error.to_s.humanize if error
+  end
+
+  def after_omniauth_failure_path_for(scope)
+    new_session_path(scope)
+  end
+end

data/app/controllers/devise/passwords_controller.rb

@@ -0,0 +1,50 @@
+class Devise::PasswordsController < ApplicationController
+  prepend_before_filter :require_no_authentication
+  include Devise::Controllers::InternalHelpers
+
+  # GET /resource/password/new
+  def new
+    build_resource({})
+    render_with_scope :new
+  end
+
+  # POST /resource/password
+  def create
+    self.resource = resource_class.send_reset_password_instructions(params[resource_name])
+
+    if successfully_sent?(resource)
+      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
+    else
+      respond_with_navigational(resource){ render_with_scope :new }
+    end
+  end
+
+  # GET /resource/password/edit?reset_password_token=abcdef
+  def edit
+    self.resource = resource_class.new
+    resource.reset_password_token = params[:reset_password_token]
+    render_with_scope :edit
+  end
+
+  # PUT /resource/password
+  def update
+    self.resource = resource_class.reset_password_by_token(params[resource_name])
+
+    if resource.errors.empty?
+      flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
+      set_flash_message(:notice, flash_message) if is_navigational_format?
+      sign_in(resource_name, resource)
+      respond_with resource, :location => after_sign_in_path_for(resource)
+    else
+      respond_with_navigational(resource){ render_with_scope :edit }
+    end
+  end
+
+  protected
+
+    # The path used after sending reset password instructions
+    def after_sending_reset_password_instructions_path_for(resource_name)
+      new_session_path(resource_name)
+    end
+
+end

data/app/controllers/devise/registrations_controller.rb

@@ -0,0 +1,114 @@
+class Devise::RegistrationsController < ApplicationController
+  prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]
+  prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
+  include Devise::Controllers::InternalHelpers
+
+  # GET /resource/sign_up
+  def new
+    resource = build_resource({})
+    respond_with_navigational(resource){ render_with_scope :new }
+  end
+
+  # POST /resource
+  def create
+    build_resource
+
+    if resource.save
+      if resource.active_for_authentication?
+        set_flash_message :notice, :signed_up if is_navigational_format?
+        sign_in(resource_name, resource)
+        respond_with resource, :location => after_sign_up_path_for(resource)
+      else
+        set_flash_message :notice, :inactive_signed_up, :reason => inactive_reason(resource) if is_navigational_format?
+        expire_session_data_after_sign_in!
+        respond_with resource, :location => after_inactive_sign_up_path_for(resource)
+      end
+    else
+      clean_up_passwords(resource)
+      respond_with_navigational(resource) { render_with_scope :new }
+    end
+  end
+
+  # GET /resource/edit
+  def edit
+    render_with_scope :edit
+  end
+
+  # PUT /resource
+  # We need to use a copy of the resource because we don't want to change
+  # the current user in place.
+  def update
+    self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
+
+    if resource.update_with_password(params[resource_name])
+      if is_navigational_format?
+        if resource.respond_to?(:pending_reconfirmation?) && resource.pending_reconfirmation?
+          flash_key = :update_needs_confirmation
+        end
+        set_flash_message :notice, flash_key || :updated
+      end
+      sign_in resource_name, resource, :bypass => true
+      respond_with resource, :location => after_update_path_for(resource)
+    else
+      clean_up_passwords(resource)
+      respond_with_navigational(resource){ render_with_scope :edit }
+    end
+  end
+
+  # DELETE /resource
+  def destroy
+    resource.destroy
+    Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
+    set_flash_message :notice, :destroyed if is_navigational_format?
+    respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
+  end
+
+  # GET /resource/cancel
+  # Forces the session data which is usually expired after sign
+  # in to be expired now. This is useful if the user wants to
+  # cancel oauth signing in/up in the middle of the process,
+  # removing all OAuth session data.
+  def cancel
+    expire_session_data_after_sign_in!
+    redirect_to new_registration_path(resource_name)
+  end
+
+  protected
+
+    # Build a devise resource passing in the session. Useful to move
+    # temporary session data to the newly created user.
+    def build_resource(hash=nil)
+      hash ||= params[resource_name] || {}
+      self.resource = resource_class.new_with_session(hash, session)
+    end
+
+    # The path used after sign up. You need to overwrite this method
+    # in your own RegistrationsController.
+    def after_sign_up_path_for(resource)
+      after_sign_in_path_for(resource)
+    end
+
+    # Returns the inactive reason translated.
+    def inactive_reason(resource)
+      reason = resource.inactive_message.to_s
+      I18n.t("devise.registrations.reasons.#{reason}", :default => reason)
+    end
+
+    # The path used after sign up for inactive accounts. You need to overwrite
+    # this method in your own RegistrationsController.
+    def after_inactive_sign_up_path_for(resource)
+      root_path
+    end
+
+    # The default url to be used after updating a resource. You need to overwrite
+    # this method in your own RegistrationsController.
+    def after_update_path_for(resource)
+      signed_in_root_path(resource)
+    end
+
+    # Authenticates the current scope and gets the current resource from the session.
+    def authenticate_scope!
+      send(:"authenticate_#{resource_name}!", :force => true)
+      self.resource = send(:"current_#{resource_name}")
+    end
+end

data/app/controllers/devise/sessions_controller.rb

@@ -0,0 +1,49 @@
+class Devise::SessionsController < ApplicationController
+  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+  prepend_before_filter :allow_params_authentication!, :only => :create
+  include Devise::Controllers::InternalHelpers
+
+  # GET /resource/sign_in
+  def new
+    resource = build_resource
+    clean_up_passwords(resource)
+    respond_with_navigational(resource, stub_options(resource)){ render_with_scope :new }
+  end
+
+  # POST /resource/sign_in
+  def create
+    resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
+    set_flash_message(:notice, :signed_in) if is_navigational_format?
+    sign_in(resource_name, resource)
+    respond_with resource, :location => after_sign_in_path_for(resource)
+  end
+
+  # DELETE /resource/sign_out
+  def destroy
+    signed_in = signed_in?(resource_name)
+    redirect_path = after_sign_out_path_for(resource_name)
+    Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
+    set_flash_message :notice, :signed_out if signed_in
+
+    # We actually need to hardcode this as Rails default responder doesn't
+    # support returning empty response on GET request
+    respond_to do |format|
+      format.any(*navigational_formats) { redirect_to redirect_path }
+      format.all do
+        method = "to_#{request_format}"
+        text = {}.respond_to?(method) ? {}.send(method) : ""
+        render :text => text, :status => :ok
+      end
+    end
+  end
+
+  protected
+
+  def stub_options(resource)
+    methods = resource_class.authentication_keys.dup
+    methods = methods.keys if methods.is_a?(Hash)
+    methods << :password if resource.respond_to?(:password)
+    { :methods => methods, :only => [:password] }
+  end
+end
+

data/app/controllers/devise/unlocks_controller.rb

@@ -0,0 +1,34 @@
+class Devise::UnlocksController < ApplicationController
+  prepend_before_filter :require_no_authentication
+  include Devise::Controllers::InternalHelpers
+
+  # GET /resource/unlock/new
+  def new
+    build_resource({})
+    render_with_scope :new
+  end
+
+  # POST /resource/unlock
+  def create
+    self.resource = resource_class.send_unlock_instructions(params[resource_name])
+
+    if successfully_sent?(resource)
+      respond_with({}, :location => new_session_path(resource_name))
+    else
+      respond_with_navigational(resource){ render_with_scope :new }
+    end
+  end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  def show
+    self.resource = resource_class.unlock_access_by_token(params[:unlock_token])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :unlocked if is_navigational_format?
+      sign_in(resource_name, resource)
+      respond_with_navigational(resource){ redirect_to after_sign_in_path_for(resource) }
+    else
+      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render_with_scope :new }
+    end
+  end
+end

data/app/helpers/devise_helper.rb

@@ -0,0 +1,25 @@
+module DeviseHelper
+  # A simple way to show error messages for the current devise resource. If you need
+  # to customize this method, you can either overwrite it in your application helpers or
+  # copy the views to your application.
+  #
+  # This method is intended to stay simple and it is unlikely that we are going to change
+  # it to add more behavior or options.
+  def devise_error_messages!
+    return "" if resource.errors.empty?
+
+    messages = resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join
+    sentence = I18n.t("errors.messages.not_saved",
+                      :count => resource.errors.count,
+                      :resource => resource.class.model_name.human.downcase)
+
+    html = <<-HTML
+    <div id="error_explanation">
+      <h2>#{sentence}</h2>
+      <ul>#{messages}</ul>
+    </div>
+    HTML
+
+    html.html_safe
+  end
+end

data/app/mailers/devise/mailer.rb

@@ -0,0 +1,15 @@
+class Devise::Mailer < ::ActionMailer::Base
+  include Devise::Mailers::Helpers
+
+  def confirmation_instructions(record)
+    devise_mail(record, :confirmation_instructions)
+  end
+
+  def reset_password_instructions(record)
+    devise_mail(record, :reset_password_instructions)
+  end
+
+  def unlock_instructions(record)
+    devise_mail(record, :unlock_instructions)
+  end
+end

data/app/views/devise/confirmations/new.html.erb

@@ -0,0 +1,12 @@
+<h2>Resend confirmation instructions</h2>
+
+<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
+
+  <div><%= f.submit "Resend confirmation instructions" %></div>
+<% end %>
+
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p>Welcome <%= @resource.email %>!</p>
+
+<p>You can confirm your account email through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>

data/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

data/app/views/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>

data/app/views/devise/passwords/edit.html.erb

@@ -0,0 +1,16 @@
+<h2>Change your password</h2>
+
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
+  <%= f.hidden_field :reset_password_token %>
+
+  <div><%= f.label :password, "New password" %><br />
+  <%= f.password_field :password %></div>
+
+  <div><%= f.label :password_confirmation, "Confirm new password" %><br />
+  <%= f.password_field :password_confirmation %></div>
+
+  <div><%= f.submit "Change my password" %></div>
+<% end %>
+
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/passwords/new.html.erb

@@ -0,0 +1,12 @@
+<h2>Forgot your password?</h2>
+
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
+
+  <div><%= f.submit "Send me reset password instructions" %></div>
+<% end %>
+
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/registrations/edit.html.erb

@@ -0,0 +1,25 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
+
+  <div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+  <%= f.password_field :password %></div>
+
+  <div><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></div>
+
+  <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+  <%= f.password_field :current_password %></div>
+
+  <div><%= f.submit "Update" %></div>
+<% end %>
+
+<h3>Cancel my account</h3>
+
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
+
+<%= link_to "Back", :back %>