devise-edge 1.2.rc

data/lib/devise/oauth/test_helpers.rb

@@ -0,0 +1,29 @@
+module Devise
+  module Oauth
+    module TestHelpers #:nodoc:
+      def self.short_circuit_authorizers!
+        module_eval <<-ALIASES, __FILE__, __LINE__ + 1
+          def oauth_authorize_url(scope, provider)
+            oauth_callback_path(scope, provider, :code => "12345")
+          end
+        ALIASES
+
+        Devise.mappings.each_value do |m|
+          next unless m.oauthable?
+
+          module_eval <<-ALIASES, __FILE__, __LINE__ + 1
+            def #{m.name}_oauth_authorize_url(provider)
+              #{m.name}_oauth_callback_path(provider, :code => "12345")
+            end
+          ALIASES
+        end
+      end
+
+      def self.unshort_circuit_authorizers!
+        module_eval do
+          instance_methods.each { |m| remove_method(m) }
+        end
+      end
+    end
+  end
+end

data/lib/devise/oauth/url_helpers.rb

@@ -0,0 +1,35 @@
+module Devise
+  module Oauth
+    module UrlHelpers
+      def self.define_helpers(mapping)
+        return unless mapping.oauthable?
+
+        class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+          def #{mapping.name}_oauth_authorize_url(provider, options={})
+            if config = Devise.oauth_configs[provider.to_sym]
+              options[:redirect_uri] ||= #{mapping.name}_oauth_callback_url(provider.to_s)
+              config.authorize_url(options)
+            else
+              raise ArgumentError, "Could not find oauth provider \#{provider.inspect}"
+            end
+          end
+        URL_HELPERS
+      end
+
+      def oauth_authorize_url(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        send("#{scope}_oauth_authorize_url", *args)
+      end
+
+      def oauth_callback_url(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        send("#{scope}_oauth_callback_url", *args)
+      end
+
+      def oauth_callback_path(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        send("#{scope}_oauth_callback_path", *args)
+      end
+    end
+  end
+end

data/lib/devise/orm/active_record.rb

@@ -0,0 +1,36 @@
+module Devise
+  module Orm
+    # This module contains some helpers and handle schema (migrations):
+    #
+    #   create_table :accounts do |t|
+    #     t.database_authenticatable
+    #     t.confirmable
+    #     t.recoverable
+    #     t.rememberable
+    #     t.trackable
+    #     t.lockable
+    #     t.timestamps
+    #   end
+    #
+    # However this method does not add indexes. If you need them, here is the declaration:
+    #
+    #   add_index "accounts", ["email"],                :name => "email",                :unique => true
+    #   add_index "accounts", ["confirmation_token"],   :name => "confirmation_token",   :unique => true
+    #   add_index "accounts", ["reset_password_token"], :name => "reset_password_token", :unique => true
+    #
+    module ActiveRecord
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods.
+        def apply_devise_schema(name, type, options={})
+          column name, type.to_s.downcase.to_sym, options
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.extend Devise::Models
+ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord::Schema
+ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord::Schema

data/lib/devise/orm/mongo_mapper.rb

@@ -0,0 +1,46 @@
+module Devise
+  module Orm
+    module MongoMapper
+      
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          include Compatibility
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+      
+      module Schema
+        include Devise::Schema
+        def apply_devise_schema(name, type, options={})
+          type = Time if type == DateTime
+          key name, type, options
+        end
+      end
+      
+      module Compatibility
+       extend ActiveSupport::Concern
+         module ClassMethods
+           
+          def find(*args)
+            case args.first
+            when :first, :all
+              send(args.shift, *args)
+            else
+              super
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+[MongoMapper::Plugins::Document, MongoMapper::Plugins::EmbeddedDocument].each do |mod|
+  mod::ClassMethods.class_eval do
+    include Devise::Models
+    include Devise::Orm::MongoMapper::Hook
+  end
+end

data/lib/devise/orm/mongoid.rb

@@ -0,0 +1,29 @@
+module Devise
+  module Orm
+    module Mongoid
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods
+        def apply_devise_schema(name, type, options={})
+          type = Time if type == DateTime
+          field name, { :type => type }.merge!(options)
+        end
+      end
+    end
+  end
+end
+
+Mongoid::Document::ClassMethods.class_eval do
+  include Devise::Models
+  include Devise::Orm::Mongoid::Hook
+end

data/lib/devise/path_checker.rb

@@ -0,0 +1,18 @@
+module Devise
+  class PathChecker
+    include Rails.application.routes.url_helpers
+
+    def self.default_url_options(*args)
+      ApplicationController.default_url_options(*args)
+    end
+
+    def initialize(env, scope)
+      @current_path = "/#{env["SCRIPT_NAME"]}/#{env["PATH_INFO"]}".squeeze("/")
+      @scope = scope
+    end
+
+    def signing_out?
+      @current_path == send("destroy_#{@scope}_session_path")
+    end
+  end
+end

data/lib/devise/rails.rb

@@ -0,0 +1,67 @@
+require 'devise/rails/routes'
+require 'devise/rails/warden_compat'
+
+module Devise
+  class Engine < ::Rails::Engine
+    config.devise = Devise
+
+    # Skip eager load of controllers because it is handled by Devise
+    # to avoid loading unused controllers.
+    config.paths.app.controllers.autoload!
+    config.paths.app.controllers.skip_eager_load!
+
+    # Initialize Warden and copy its configurations.
+    config.app_middleware.use Warden::Manager do |config|
+      Devise.warden_config = config
+    end
+
+    # Force routes to be loaded if we are doing any eager load.
+    config.before_eager_load { |app| app.reload_routes! }
+
+    initializer "devise.add_filters" do |app|
+      app.config.filter_parameters += [:password, :password_confirmation]
+      app.config.filter_parameters.uniq
+    end
+
+    initializer "devise.url_helpers" do
+      Devise.include_helpers(Devise::Controllers)
+    end
+
+    initializer "devise.oauth_url_helpers" do
+      if Devise.oauth_providers.any?
+        Devise.include_helpers(Devise::Oauth)
+      end
+    end
+
+    initializer "devise.encryptor_check" do
+      case Devise.encryptor
+      when :bcrypt
+        puts "[DEVISE] From version 1.2, there is no need to set your encryptor to bcrypt " <<
+          "since encryptors are only enabled if you include :encryptable in your models. " << 
+          "With this change, we can integrate better with bcrypt and get rid of the " <<
+          "password_salt column (since bcrypt stores the salt with password). " <<
+          "Please comment config.encryptor in your initializer to get rid of this warning."
+      when nil
+        # Nothing to say
+      else
+        puts "[DEVISE] You are using #{Devise.encryptor} as encryptor. From version 1.2, " <<
+          "you need to explicitly add :encryptable to your models in order for this " <<
+          "configuration value to work."
+      end
+    end
+
+    # Check all available mappings and only load related controllers.
+    def eager_load!
+      mappings    = Devise.mappings.values.map(&:modules).flatten.uniq
+      controllers = Devise::CONTROLLERS.values_at(*mappings)
+      path        = paths.app.controllers.to_a.first
+      matcher     = /\A#{Regexp.escape(path)}\/(.*)\.rb\Z/
+
+      Dir.glob("#{path}/devise/{#{controllers.join(',')}}_controller.rb").sort.each do |file|
+        require_dependency file.sub(matcher, '\1')
+      end
+
+      super
+    end
+  end
+end

data/lib/devise/rails/routes.rb

@@ -0,0 +1,260 @@
+module ActionDispatch::Routing
+  class RouteSet #:nodoc:
+    # Ensure Devise modules are included only after loading routes, because we
+    # need devise_for mappings already declared to create filters and helpers.
+    def finalize_with_devise!
+      finalize_without_devise!
+      Devise.configure_warden!
+    end
+    alias_method_chain :finalize!, :devise
+  end
+
+  class Mapper
+    # Includes devise_for method for routes. This method is responsible to
+    # generate all needed routes for devise, based on what modules you have
+    # defined in your model.
+    #
+    # ==== Examples
+    #
+    # Let's say you have an User model configured to use authenticatable,
+    # confirmable and recoverable modules. After creating this inside your routes:
+    #
+    #   devise_for :users
+    #
+    # This method is going to look inside your User model and create the
+    # needed routes:
+    #
+    #  # Session routes for Authenticatable (default)
+    #       new_user_session GET  /users/sign_in                    {:controller=>"devise/sessions", :action=>"new"}
+    #           user_session POST /users/sign_in                    {:controller=>"devise/sessions", :action=>"create"}
+    #   destroy_user_session GET  /users/sign_out                   {:controller=>"devise/sessions", :action=>"destroy"}
+    #
+    #  # Password routes for Recoverable, if User model has :recoverable configured
+    #      new_user_password GET  /users/password/new(.:format)     {:controller=>"devise/passwords", :action=>"new"}
+    #     edit_user_password GET  /users/password/edit(.:format)    {:controller=>"devise/passwords", :action=>"edit"}
+    #          user_password PUT  /users/password(.:format)         {:controller=>"devise/passwords", :action=>"update"}
+    #                        POST /users/password(.:format)         {:controller=>"devise/passwords", :action=>"create"}
+    #
+    #  # Confirmation routes for Confirmable, if User model has :confirmable configured
+    #  new_user_confirmation GET  /users/confirmation/new(.:format) {:controller=>"devise/confirmations", :action=>"new"}
+    #      user_confirmation GET  /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"show"}
+    #                        POST /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"create"}
+    #
+    # ==== Options
+    #
+    # You can configure your routes with some options:
+    #
+    #  * :class_name => setup a different class to be looked up by devise,
+    #                   if it cannot be correctly find by the route name.
+    #
+    #      devise_for :users, :class_name => 'Account'
+    #
+    #  * :path => allows you to setup path name that will be used, as rails routes does.
+    #             The following route configuration would setup your route as /accounts instead of /users:
+    #
+    #      devise_for :users, :path => 'accounts'
+    #
+    #  * :singular => setup the singular name for the given resource. This is used as the instance variable name in
+    #                 controller, as the name in routes and the scope given to warden.
+    #
+    #      devise_for :users, :singular => :user
+    #
+    #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
+    #                   :password, :confirmation, :unlock.
+    #
+    #      devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
+    #
+    #  * :controllers => the controller which should be used. All routes by default points to Devise controllers.
+    #    However, if you want them to point to custom controller, you should do:
+    #
+    #      devise_for :users, :controllers => { :sessions => "users/sessions" }
+    #
+    #  * :sign_out_via => the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #    if you wish to restrict this to accept only :post or :delete requests you should do:
+    #
+    #      devise_for :users, :sign_out_via => [ :post, :delete ]
+    #
+    #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
+    #
+    #  * :module => the namespace to find controlers. By default, devise will access devise/sessions,
+    #    devise/registrations and so on. If you want to namespace all at once, use module:
+    #
+    #      devise_for :users, :module => "users"
+    #
+    #    Notice that whenever you use namespace in the router DSL, it automatically sets the module.
+    #    So the following setup:
+    #
+    #      namespace :publisher
+    #        devise_for :account
+    #      end
+    #
+    #    Will use publisher/sessions controller instead of devise/sessions controller. You can revert
+    #    this by providing the :module option to devise_for.
+    #
+    #    Also pay attention that when you use a namespace it will affect all the helpers and methods for controllers
+    #    and views. For example, using the above setup you'll end with following methods:
+    #    current_publisher_account, authenticate_publisher_account!, pusblisher_account_signed_in, etc.
+    #
+    #  * :skip => tell which controller you want to skip routes from being created:
+    #
+    #      devise_for :users, :skip => :sessions
+    #
+    # ==== Scoping
+    #
+    # Following Rails 3 routes DSL, you can nest devise_for calls inside a scope:
+    #
+    #   scope "/my" do
+    #     devise_for :users
+    #   end
+    #
+    # However, since Devise uses the request path to retrieve the current user, it has one caveats.
+    # If you are using a dynamic segment, as below:
+    #
+    #   scope ":locale" do
+    #     devise_for :users
+    #   end
+    #
+    # You are required to configure default_url_options in your ApplicationController class level, so
+    # Devise can pick it:
+    #
+    #   class ApplicationController < ActionController::Base
+    #     def self.default_url_options
+    #       { :locale => I18n.locale }
+    #     end
+    #   end
+    #
+    def devise_for(*resources)
+      options = resources.extract_options!
+
+      options[:as]          ||= @scope[:as]     if @scope[:as].present?
+      options[:module]      ||= @scope[:module] if @scope[:module].present?
+      options[:path_prefix] ||= @scope[:path]   if @scope[:path].present?
+      options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
+
+      resources.map!(&:to_sym)
+
+      resources.each do |resource|
+        mapping = Devise.add_mapping(resource, options)
+
+        begin
+          raise_no_devise_method_error!(mapping.class_name) unless mapping.to.respond_to?(:devise)
+        rescue NameError => e
+          raise unless mapping.class_name == resource.to_s.classify
+          warn "[WARNING] You provided devise_for #{resource.inspect} but there is " <<
+            "no model #{mapping.class_name} defined in your application"
+          next
+        rescue NoMethodError => e
+          raise unless e.message.include?("undefined method `devise'")
+          raise_no_devise_method_error!(mapping.class_name)
+        end
+
+        routes  = mapping.routes
+        routes -= Array(options.delete(:skip)).map { |s| s.to_s.singularize.to_sym }
+
+        devise_scope mapping.name do
+          yield if block_given?
+          with_devise_exclusive_scope mapping.fullpath, mapping.name do
+            routes.each { |mod| send(:"devise_#{mod}", mapping, mapping.controllers) }
+          end
+        end
+      end
+    end
+
+    # Allow you to add authentication request from the router:
+    #
+    #   authenticate(:user) do
+    #     resources :post
+    #   end
+    #
+    def authenticate(scope)
+      constraint = lambda do |request|
+        request.env["warden"].authenticate!(:scope => scope)
+      end
+
+      constraints(constraint) do
+        yield
+      end
+    end
+
+    # Sets the devise scope to be used in the controller. If you have custom routes,
+    # you are required to call this method (also aliased as :as) in order to specify
+    # to which controller it is targetted.
+    #
+    #   as :user do
+    #     get "sign_in", :to => "devise/sessions#new"
+    #   end
+    #
+    # Notice you cannot have two scopes mapping to the same URL. And remember, if
+    # you try to access a devise controller without specifying a scope, it will
+    # raise ActionNotFound error.
+    def devise_scope(scope)
+      constraint = lambda do |request|
+        request.env["devise.mapping"] = Devise.mappings[scope]
+        true
+      end
+
+      constraints(constraint) do
+        yield
+      end
+    end
+    alias :as :devise_scope
+
+    protected
+
+      def devise_session(mapping, controllers) #:nodoc:
+        resource :session, :only => [], :controller => controllers[:sessions], :path => "" do
+          get   :new,     :path => mapping.path_names[:sign_in],  :as => "new"
+          post  :create,  :path => mapping.path_names[:sign_in]
+          match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => mapping.sign_out_via
+        end
+      end
+
+      def devise_password(mapping, controllers) #:nodoc:
+        resource :password, :only => [:new, :create, :edit, :update],
+          :path => mapping.path_names[:password], :controller => controllers[:passwords]
+      end
+
+      def devise_confirmation(mapping, controllers) #:nodoc:
+        resource :confirmation, :only => [:new, :create, :show],
+          :path => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
+      end
+
+      def devise_unlock(mapping, controllers) #:nodoc:
+        if mapping.to.unlock_strategy_enabled?(:email)
+          resource :unlock, :only => [:new, :create, :show],
+            :path => mapping.path_names[:unlock], :controller => controllers[:unlocks]
+        end
+      end
+
+      def devise_registration(mapping, controllers) #:nodoc:
+        path_names = {
+          :new => mapping.path_names[:sign_up],
+          :cancel => mapping.path_names[:cancel]
+        }
+
+        resource :registration, :except => :show, :path => mapping.path_names[:registration],
+                 :path_names => path_names, :controller => controllers[:registrations] do
+          get :cancel
+        end
+      end
+
+      def devise_oauth_callback(mapping, controllers) #:nodoc:
+        get "/oauth/:action/callback", :action => Regexp.union(mapping.to.oauth_providers.map(&:to_s)),
+          :to => controllers[:oauth_callbacks], :as => :oauth_callback
+      end
+
+      def with_devise_exclusive_scope(new_path, new_as) #:nodoc:
+        old_as, old_path, old_module = @scope[:as], @scope[:path], @scope[:module]
+        @scope[:as], @scope[:path], @scope[:module] = new_as, new_path, nil
+        yield
+      ensure
+        @scope[:as], @scope[:path], @scope[:module] = old_as, old_path, old_module
+      end
+
+      def raise_no_devise_method_error!(klass) #:nodoc:
+        raise "#{klass} does not respond to 'devise' method. This usually means you haven't " <<
+          "loaded your ORM file or it's being loaded too late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " <<
+          "inside 'config/initializers/devise.rb' or before your application definition in 'config/application.rb'"
+      end
+  end
+end