devise-edge 1.2.rc

data/lib/devise/controllers/helpers.rb

@@ -0,0 +1,261 @@
+module Devise
+  module Controllers
+    # Those helpers are convenience methods added to ApplicationController.
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        helper_method :warden, :signed_in?, :devise_controller?, :anybody_signed_in?
+      end
+
+      # Define authentication filters and accessor helpers based on mappings.
+      # These filters should be used inside the controllers as before_filters,
+      # so you can control the scope of the user who should be signed in to
+      # access that specific controller/action.
+      # Example:
+      #
+      #   Roles:
+      #     User
+      #     Admin
+      #
+      #   Generated methods:
+      #     authenticate_user!  # Signs user in or redirect
+      #     authenticate_admin! # Signs admin in or redirect
+      #     user_signed_in?     # Checks whether there is an user signed in or not
+      #     admin_signed_in?    # Checks whether there is an admin signed in or not
+      #     current_user        # Current signed in user
+      #     current_admin       # Current signed in admin
+      #     user_session        # Session data available only to the user scope
+      #     admin_session       # Session data available only to the admin scope
+      #
+      #   Use:
+      #     before_filter :authenticate_user!  # Tell devise to use :user map
+      #     before_filter :authenticate_admin! # Tell devise to use :admin map
+      #
+      def self.define_helpers(mapping) #:nodoc:
+        mapping = mapping.name
+
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def authenticate_#{mapping}!
+            warden.authenticate!(:scope => :#{mapping})
+          end
+
+          def #{mapping}_signed_in?
+            !!current_#{mapping}
+          end
+
+          def current_#{mapping}
+            @current_#{mapping} ||= warden.authenticate(:scope => :#{mapping})
+          end
+
+          def #{mapping}_session
+            current_#{mapping} && warden.session(:#{mapping})
+          end
+        METHODS
+
+        ActiveSupport.on_load(:action_controller) do
+          helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
+        end
+      end
+
+      # The main accessor for the warden proxy instance
+      def warden
+        request.env['warden']
+      end
+
+      # Return true if it's a devise_controller. false to all controllers unless
+      # the controllers defined inside devise. Useful if you want to apply a before
+      # filter to all controller, except the ones in devise:
+      #
+      #   before_filter :my_filter, :unless => { |c| c.devise_controller? }
+      def devise_controller?
+        false
+      end
+
+      # Check if the given scope is signed in session, without running
+      # authentication hooks.
+      def signed_in?(scope)
+        warden.authenticate?(:scope => scope)
+      end
+
+      # Check if the any scope is signed in session, without running
+      # authentication hooks.
+      def anybody_signed_in?
+        Devise.mappings.keys.any? { |scope| signed_in?(scope) }
+      end
+
+      # Sign in an user that already was authenticated. This helper is useful for logging
+      # users in after sign up.
+      #
+      # All options given to sign_in is passed forward to the set_user method in warden.
+      # The only exception is the :bypass option, which bypass warden callbacks and stores
+      # the user straight in session. This option is useful in cases the user is already
+      # signed in, but we want to refresh the credentials in session.
+      #
+      # Examples:
+      #
+      #   sign_in :user, @user                      # sign_in(scope, resource)
+      #   sign_in @user                             # sign_in(resource)
+      #   sign_in @user, :event => :authentication  # sign_in(resource, options)
+      #   sign_in @user, :bypass => true            # sign_in(resource, options)
+      # 
+      def sign_in(resource_or_scope, *args)
+        options  = args.extract_options!
+        scope    = Devise::Mapping.find_scope!(resource_or_scope)
+        resource = args.last || resource_or_scope
+
+        if options[:bypass]
+          warden.session_serializer.store(resource, scope)
+        else
+          expire_session_data_after_sign_in!
+          warden.set_user(resource, options.merge!(:scope => scope))
+        end
+      end
+
+      # Sign out a given user or scope. This helper is useful for signing out an user
+      # after deleting accounts.
+      #
+      # Examples:
+      #
+      #   sign_out :user     # sign_out(scope)
+      #   sign_out @user     # sign_out(resource)
+      #
+      def sign_out(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        warden.user(scope) # Without loading user here, before_logout hook is not called
+        warden.raw_session.inspect # Without this inspect here. The session does not clear.
+        warden.logout(scope)
+      end
+
+      # Sign out all active users or scopes. This helper is useful for signing out all roles
+      # in one click.
+      def sign_out_all_scopes
+        # Not "warden.logout" since we need to sign_out only devise-defined scopes.
+        scopes = Devise.mappings.keys
+        scopes.each { |scope| warden.user(scope) }
+        warden.raw_session.inspect
+        warden.logout(*scopes)
+      end
+
+      # Returns and delete the url stored in the session for the given scope. Useful
+      # for giving redirect backs after sign up:
+      #
+      # Example:
+      #
+      #   redirect_to stored_location_for(:user) || root_path
+      #
+      def stored_location_for(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        session.delete(:"#{scope}_return_to")
+      end
+
+      # The default url to be used after signing in. This is used by all Devise
+      # controllers and you can overwrite it in your ApplicationController to
+      # provide a custom hook for a custom resource.
+      #
+      # By default, it first tries to find a resource_root_path, otherwise it
+      # uses the root path. For a user scope, you can define the default url in
+      # the following way:
+      #
+      #   map.user_root '/users', :controller => 'users' # creates user_root_path
+      #
+      #   map.namespace :user do |user|
+      #     user.root :controller => 'users' # creates user_root_path
+      #   end
+      #
+      #
+      # If the resource root path is not defined, root_path is used. However,
+      # if this default is not enough, you can customize it, for example:
+      #
+      #   def after_sign_in_path_for(resource)
+      #     if resource.is_a?(User) && resource.can_publish?
+      #       publisher_url
+      #     else
+      #       super
+      #     end
+      #   end
+      #
+      def after_sign_in_path_for(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        home_path = :"#{scope}_root_path"
+        respond_to?(home_path, true) ? send(home_path) : root_path
+      end
+
+      # The default url to be used after updating a resource. This is used by all Devise
+      # controllers and you can overwrite it in your ApplicationController to
+      # provide a custom hook for a custom resource.
+      #
+      # By default, it first tries to find a resource_root_path, otherwise it
+      # uses the root path. For a user scope, you can define the default url in
+      # the following way:
+      #
+      #   map.user_root '/users', :controller => 'users' # creates user_root_path
+      #
+      #   map.resources :users do |users|
+      #     users.root # creates user_root_path
+      #   end
+      #
+      #
+      # If none of these are defined, root_path is used. However, if this default
+      # is not enough, you can customize it, for example:
+      #
+      #   def after_update_path_for(resource)
+      #     if resource.is_a?(User) && resource.can_publish?
+      #       publisher_url
+      #     else
+      #       super
+      #     end
+      #   end
+      #
+      def after_update_path_for(resource_or_scope)
+        after_sign_in_path_for(resource_or_scope)
+      end
+
+      # Method used by sessions controller to sign out an user. You can overwrite
+      # it in your ApplicationController to provide a custom hook for a custom
+      # scope. Notice that differently from +after_sign_in_path_for+ this method
+      # receives a symbol with the scope, and not the resource.
+      #
+      # By default is the root_path.
+      def after_sign_out_path_for(resource_or_scope)
+        root_path
+      end
+
+      # Sign in an user and tries to redirect first to the stored location and
+      # then to the url specified by after_sign_in_path_for. It accepts the same
+      # parameters as the sign_in method.
+      def sign_in_and_redirect(resource_or_scope, *args)
+        options  = args.extract_options!
+        scope    = Devise::Mapping.find_scope!(resource_or_scope)
+        resource = args.last || resource_or_scope
+        sign_in(scope, resource, options) unless warden.user(scope) == resource
+        redirect_for_sign_in(scope, resource)
+      end
+
+      def redirect_for_sign_in(scope, resource) #:nodoc:
+        redirect_to stored_location_for(scope) || after_sign_in_path_for(resource)
+      end
+
+      # Sign out an user and tries to redirect to the url specified by
+      # after_sign_out_path_for.
+      def sign_out_and_redirect(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        if Devise.sign_out_all_scopes
+          sign_out_all_scopes
+        else
+          sign_out(scope)
+        end
+        redirect_for_sign_out(scope)
+      end
+
+      def redirect_for_sign_out(scope) #:nodoc:
+        redirect_to after_sign_out_path_for(scope)
+      end
+
+      # A hook called to expire session data after sign up/in. This is used
+      # by a few extensions, like oauth, to expire tokens stored in session.
+      def expire_session_data_after_sign_in!
+      end
+    end
+  end
+end

data/lib/devise/controllers/internal_helpers.rb

@@ -0,0 +1,113 @@
+module Devise
+  module Controllers
+    # Those helpers are used only inside Devise controllers and should not be
+    # included in ApplicationController since they all depend on the url being
+    # accessed.
+    module InternalHelpers #:nodoc:
+      extend ActiveSupport::Concern
+      include Devise::Controllers::ScopedViews
+
+      included do
+        helper DeviseHelper
+
+        helpers = %w(resource scope_name resource_name signed_in_resource
+                     resource_class devise_mapping devise_controller?)
+        hide_action *helpers
+        helper_method *helpers
+
+        prepend_before_filter :is_devise_resource?
+        skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
+      end
+
+      # Gets the actual resource stored in the instance variable
+      def resource
+        instance_variable_get(:"@#{resource_name}")
+      end
+
+      # Proxy to devise map name
+      def resource_name
+        devise_mapping.name
+      end
+      alias :scope_name :resource_name
+
+      # Proxy to devise map class
+      def resource_class
+        devise_mapping.to
+      end
+
+      # Returns a signed in resource from session (if one exists)
+      def signed_in_resource
+        warden.authenticate(:scope => resource_name)
+      end
+
+      # Attempt to find the mapped route for devise based on request path
+      def devise_mapping
+        @devise_mapping ||= request.env["devise.mapping"]
+      end
+
+      # Overwrites devise_controller? to return true
+      def devise_controller?
+        true
+      end
+
+    protected
+
+      # Checks whether it's a devise mapped resource or not.
+      def is_devise_resource? #:nodoc:
+        unknown_action!("Could not find devise mapping for #{request.fullpath}.") unless devise_mapping
+      end
+
+      def unknown_action!(msg)
+        logger.debug "[Devise] #{msg}" if logger
+        raise ActionController::UnknownAction, msg
+      end
+
+      # Sets the resource creating an instance variable
+      def resource=(new_resource)
+        instance_variable_set(:"@#{resource_name}", new_resource)
+      end
+
+      # Build a devise resource.
+      def build_resource(hash=nil)
+        hash ||= params[resource_name] || {}
+        self.resource = resource_class.new(hash)
+      end
+
+      # Helper for use in before_filters where no authentication is required.
+      #
+      # Example:
+      #   before_filter :require_no_authentication, :only => :new
+      def require_no_authentication
+        if warden.authenticated?(resource_name)
+          resource = warden.user(resource_name)
+          redirect_to after_sign_in_path_for(resource)
+        end
+      end
+
+      # Sets the flash message with :key, using I18n. By default you are able
+      # to setup your messages using specific resource scope, and if no one is
+      # found we look to default scope.
+      # Example (i18n locale file):
+      #
+      #   en:
+      #     devise:
+      #       passwords:
+      #         #default_scope_messages - only if resource_scope is not found
+      #         user:
+      #           #resource_scope_messages
+      #
+      # Please refer to README or en.yml locale file to check what messages are
+      # available.
+      def set_flash_message(key, kind, options={}) #:nodoc:
+        options[:scope] = "devise.#{controller_name}"
+        options[:default] = Array(options[:default]).unshift(kind.to_sym)
+        options[:resource_name] = resource_name
+        flash[key] = I18n.t("#{resource_name}.#{kind}", options)
+      end
+
+      def clean_up_passwords(object) #:nodoc:
+        object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
+      end
+    end
+  end
+end

data/lib/devise/controllers/scoped_views.rb

@@ -0,0 +1,33 @@
+module Devise
+  module Controllers
+    module ScopedViews
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def scoped_views?
+          defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
+        end
+
+        def scoped_views=(value)
+          @scoped_views = value
+        end
+      end
+
+    protected
+
+      # Render a view for the specified scope. Turned off by default.
+      # Accepts just :controller as option.
+      def render_with_scope(action, path=self.controller_path)
+        if self.class.scoped_views?
+          begin
+            render :template => "#{devise_mapping.plural}/#{path.split("/").last}/#{action}"
+          rescue ActionView::MissingTemplate
+            render :template => "#{path}/#{action}"
+          end
+        else
+          render :template => "#{path}/#{action}"
+        end
+      end
+    end
+  end
+end

data/lib/devise/controllers/url_helpers.rb

@@ -0,0 +1,39 @@
+module Devise
+  module Controllers
+    # Create url helpers to be used with resource/scope configuration. Acts as
+    # proxies to the generated routes created by devise.
+    # Resource param can be a string or symbol, a class, or an instance object.
+    # Example using a :user resource:
+    #
+    #   new_session_path(:user)      => new_user_session_path
+    #   session_path(:user)          => user_session_path
+    #   destroy_session_path(:user)  => destroy_user_session_path
+    #
+    #   new_password_path(:user)     => new_user_password_path
+    #   password_path(:user)         => user_password_path
+    #   edit_password_path(:user)    => edit_user_password_path
+    #
+    #   new_confirmation_path(:user) => new_user_confirmation_path
+    #   confirmation_path(:user)     => user_confirmation_path
+    #
+    # Those helpers are added to your ApplicationController.
+    module UrlHelpers
+
+      Devise::URL_HELPERS.each do |module_name, actions|
+        [:path, :url].each do |path_or_url|
+          actions.each do |action|
+            action = action ? "#{action}_" : ""
+
+            class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+              def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
+                scope = Devise::Mapping.find_scope!(resource_or_scope)
+                send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
+              end
+            URL_HELPERS
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/devise/encryptors/authlogic_sha512.rb

@@ -0,0 +1,19 @@
+require "digest/sha2"
+
+module Devise
+  module Encryptors
+    # = AuthlogicSha512
+    # Simulates Authlogic's default encryption mechanism.
+    # Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to silumate
+    #  the default behavior.
+    class AuthlogicSha512 < Base
+      # Gererates a default password digest based on salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = [password, salt].flatten.join('')
+        stretches.times { digest = Digest::SHA512.hexdigest(digest) }
+        digest
+      end
+    end
+  end
+end