devise-jdguyot 1.2.rc

data/lib/devise/models.rb

@@ -0,0 +1,68 @@
+module Devise
+  module Models
+    # Creates configuration values for Devise and for the given module.
+    #
+    #   Devise::Models.config(Devise::Authenticatable, :stretches, 10)
+    #
+    # The line above creates:
+    #
+    #   1) An accessor called Devise.stretches, which value is used by default;
+    #
+    #   2) Some class methods for your model Model.stretches and Model.stretches=
+    #      which have higher priority than Devise.stretches;
+    #
+    #   3) And an instance method stretches.
+    #
+    # To add the class methods you need to have a module ClassMethods defined
+    # inside the given class.
+    #
+    def self.config(mod, *accessors) #:nodoc:
+      accessors.each do |accessor|
+        mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
+          def #{accessor}
+            if defined?(@#{accessor})
+              @#{accessor}
+            elsif superclass.respond_to?(:#{accessor})
+              superclass.#{accessor}
+            else
+              Devise.#{accessor}
+            end
+          end
+
+          def #{accessor}=(value)
+            @#{accessor} = value
+          end
+        METHOD
+      end
+    end
+
+    # Include the chosen devise modules in your model:
+    #
+    #   devise :database_authenticatable, :confirmable, :recoverable
+    #
+    # You can also give any of the devise configuration values in form of a hash,
+    # with specific values for this model. Please check your Devise initializer
+    # for a complete description on those values.
+    #
+    def devise(*modules)
+      include Devise::Models::Authenticatable
+      options = modules.extract_options!
+      self.devise_modules += modules.map(&:to_sym).uniq.sort_by { |s|
+        Devise::ALL.index(s) || -1  # follow Devise::ALL order
+      }
+
+      devise_modules_hook! do
+        devise_modules.each { |m| include Devise::Models.const_get(m.to_s.classify) }
+        options.each { |key, value| send(:"#{key}=", value) }
+      end
+    end
+
+    # The hook which is called inside devise. So your ORM can include devise
+    # compatibility stuff.
+    def devise_modules_hook!
+      yield
+    end
+  end
+end
+
+require 'devise/models/authenticatable'

data/lib/devise/modules.rb

@@ -0,0 +1,30 @@
+require 'active_support/core_ext/object/with_options'
+
+Devise.with_options :model => true do |d|
+  # Strategies first
+  d.with_options :strategy => true do |s|
+    routes = [nil, :new, :destroy]
+    s.add_module :database_authenticatable, :controller => :sessions, :route => { :session => routes }
+    s.add_module :token_authenticatable,    :controller => :sessions, :route => { :session => routes }
+    s.add_module :rememberable
+  end
+
+  # Other authentications
+  d.add_module :encryptable
+  d.add_module :omniauthable, :controller => :omniauth_callbacks,  :route => :omniauth_callback
+
+  # Misc after
+  routes = [nil, :new, :edit]
+  d.add_module :recoverable,  :controller => :passwords,     :route => { :password => routes }
+  d.add_module :registerable, :controller => :registrations, :route => { :registration => (routes << :cancel) }
+  d.add_module :validatable
+
+  # The ones which can sign out after
+  routes = [nil, :new]
+  d.add_module :confirmable,  :controller => :confirmations, :route => { :confirmation => routes }
+  d.add_module :lockable,     :controller => :unlocks,       :route => { :unlock => routes }
+  d.add_module :timeoutable
+
+  # Stats for last, so we make sure the user is really signed in
+  d.add_module :trackable
+end

data/lib/devise/omniauth/config.rb

@@ -0,0 +1,30 @@
+module Devise
+  module OmniAuth
+    class Config
+      attr_accessor :strategy
+      attr_reader :args
+
+      def initialize(provider, args)
+        @provider = provider
+        @args     = args
+        @strategy = nil
+      end
+
+      def strategy_class
+        ::OmniAuth::Strategies.const_get("#{::OmniAuth::Utils.camelize(@provider.to_s)}")
+      end
+
+      def check_if_allow_stubs!
+        raise "OmniAuth strategy for #{@provider} does not allow stubs, only OAuth2 ones do." unless allow_stubs?
+      end
+
+      def allow_stubs?
+        defined?(::OmniAuth::Strategies::OAuth2) && strategy.is_a?(::OmniAuth::Strategies::OAuth2)
+      end
+
+      def build_connection(&block)
+        strategy.client.connection.build(&block)
+      end
+    end
+  end
+end     

data/lib/devise/omniauth/test_helpers.rb

@@ -0,0 +1,57 @@
+module Devise
+  module OmniAuth
+    module TestHelpers
+      def self.test_mode!
+        Faraday.default_adapter = :test if defined?(Faraday)
+        ActiveSupport.on_load(:action_controller) { include Devise::OmniAuth::TestHelpers }
+        ActiveSupport.on_load(:action_view) { include Devise::OmniAuth::TestHelpers }
+      end
+
+      def self.stub!(provider, stubs=nil, &block)
+        raise "You either need to pass stubs as a block or as a parameter" unless block_given? || stubs
+
+        config = Devise.omniauth_configs[provider]
+        raise "Could not find configuration for #{provider.to_s} omniauth provider" unless config
+
+        config.check_if_allow_stubs!
+        stubs ||= Faraday::Adapter::Test::Stubs.new(&block)
+
+        config.build_connection do |b|
+          b.adapter :test, stubs
+        end
+      end
+
+      def self.reset_stubs!(*providers)
+        target = providers.any? ? Devise.omniauth_configs.slice(*providers) : Devise.omniauth_configs
+        target.each_value do |config|
+          next unless config.allow_stubs?
+          config.build_connection { |b| b.adapter Faraday.default_adapter }
+        end
+      end
+
+      def self.short_circuit_authorizers!
+        module_eval <<-ALIASES, __FILE__, __LINE__ + 1
+          def omniauth_authorize_path(*args)
+            omniauth_callback_path(*args)
+          end
+        ALIASES
+
+        Devise.mappings.each_value do |m|
+          next unless m.omniauthable?
+
+          module_eval <<-ALIASES, __FILE__, __LINE__ + 1
+            def #{m.name}_omniauth_authorize_path(provider, params = {})
+              #{m.name}_omniauth_callback_path(provider, params)
+            end
+          ALIASES
+        end
+      end
+
+      def self.unshort_circuit_authorizers!
+        module_eval do
+          instance_methods.each { |m| remove_method(m) }
+        end
+      end
+    end
+  end
+end

data/lib/devise/omniauth/url_helpers.rb

@@ -0,0 +1,29 @@
+module Devise
+  module OmniAuth
+    module UrlHelpers
+      def self.define_helpers(mapping)
+        return unless mapping.omniauthable?
+
+        class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+          def #{mapping.name}_omniauth_authorize_path(provider, params = {})
+            if Devise.omniauth_configs[provider.to_sym]
+              "/#{mapping.path}/auth/\#{provider}\#{'?'+params.to_param if params.present?}"
+            else
+              raise ArgumentError, "Could not find omniauth provider \#{provider.inspect}"
+            end
+          end
+        URL_HELPERS
+      end
+
+      def omniauth_authorize_path(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        send("#{scope}_omniauth_authorize_path", *args)
+      end
+
+      def omniauth_callback_path(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        send("#{scope}_omniauth_callback_path", *args)
+      end
+    end
+  end
+end

data/lib/devise/omniauth.rb

@@ -0,0 +1,47 @@
+begin
+  require "omniauth/core"
+rescue LoadError => e
+  warn "Could not load 'omniauth/core'. Please ensure you have the oa-core gem installed and listed in your Gemfile."
+  raise
+end
+
+module OmniAuth
+  # TODO HAXES Backport to OmniAuth
+  module Strategy #:nodoc:
+    def initialize(app, name, *args)
+      @app = app
+      @name = name.to_sym
+      @options = args.last.is_a?(Hash) ? args.pop : {}
+      yield self if block_given?
+    end
+
+    def fail!(message_key, exception = nil)
+      self.env['omniauth.error'] = exception
+      self.env['omniauth.failure_key'] = message_key
+      self.env['omniauth.failed_strategy'] = self
+      OmniAuth.config.on_failure.call(self.env, message_key.to_sym)
+    end
+  end
+end
+
+# Clean up the default path_prefix. It will be automatically set by Devise.
+OmniAuth.config.path_prefix = nil
+
+OmniAuth.config.on_failure = Proc.new do |env, key|
+  env['devise.mapping'] = Devise::Mapping.find_by_path!(env['PATH_INFO'], :path)
+  controller_klass = "#{env['devise.mapping'].controllers[:omniauth_callbacks].camelize}Controller"
+  controller_klass.constantize.action(:failure).call(env)
+end
+
+module Devise
+  module OmniAuth
+    autoload :Config,      "devise/omniauth/config"
+    autoload :UrlHelpers,  "devise/omniauth/url_helpers"
+    autoload :TestHelpers, "devise/omniauth/test_helpers"
+
+    class << self
+      delegate :short_circuit_authorizers!, :unshort_circuit_authorizers!,
+        :test_mode!, :stub!, :reset_stubs!, :to => "Devise::OmniAuth::TestHelpers"
+    end
+  end
+end

data/lib/devise/orm/active_record.rb

@@ -0,0 +1,38 @@
+require 'orm_adapter/adapters/active_record'
+
+module Devise
+  module Orm
+    # This module contains some helpers and handle schema (migrations):
+    #
+    #   create_table :accounts do |t|
+    #     t.database_authenticatable
+    #     t.confirmable
+    #     t.recoverable
+    #     t.rememberable
+    #     t.trackable
+    #     t.lockable
+    #     t.timestamps
+    #   end
+    #
+    # However this method does not add indexes. If you need them, here is the declaration:
+    #
+    #   add_index "accounts", ["email"],                :name => "email",                :unique => true
+    #   add_index "accounts", ["confirmation_token"],   :name => "confirmation_token",   :unique => true
+    #   add_index "accounts", ["reset_password_token"], :name => "reset_password_token", :unique => true
+    #
+    module ActiveRecord
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods.
+        def apply_devise_schema(name, type, options={})
+          column name, type.to_s.downcase.to_sym, options
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.extend Devise::Models
+ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord::Schema
+ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord::Schema

data/lib/devise/orm/mongoid.rb

@@ -0,0 +1,31 @@
+require 'orm_adapter/adapters/mongoid'
+
+module Devise
+  module Orm
+    module Mongoid
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods
+        def apply_devise_schema(name, type, options={})
+          type = Time if type == DateTime
+          field name, { :type => type }.merge!(options)
+        end
+      end
+    end
+  end
+end
+
+Mongoid::Document::ClassMethods.class_eval do
+  include Devise::Models
+  include Devise::Orm::Mongoid::Hook
+end

data/lib/devise/path_checker.rb

@@ -0,0 +1,18 @@
+module Devise
+  class PathChecker
+    include Rails.application.routes.url_helpers
+
+    def self.default_url_options(*args)
+      ApplicationController.default_url_options(*args)
+    end
+
+    def initialize(env, scope)
+      @current_path = "/#{env["SCRIPT_NAME"]}/#{env["PATH_INFO"]}".squeeze("/")
+      @scope = scope
+    end
+
+    def signing_out?
+      @current_path == send("destroy_#{@scope}_session_path")
+    end
+  end
+end

data/lib/devise/rails/routes.rb

@@ -0,0 +1,292 @@
+module ActionDispatch::Routing
+  class RouteSet #:nodoc:
+    # Ensure Devise modules are included only after loading routes, because we
+    # need devise_for mappings already declared to create filters and helpers.
+    def finalize_with_devise!
+      finalize_without_devise!
+      Devise.configure_warden!
+    end
+    alias_method_chain :finalize!, :devise
+  end
+
+  class Mapper
+    # Includes devise_for method for routes. This method is responsible to
+    # generate all needed routes for devise, based on what modules you have
+    # defined in your model.
+    #
+    # ==== Examples
+    #
+    # Let's say you have an User model configured to use authenticatable,
+    # confirmable and recoverable modules. After creating this inside your routes:
+    #
+    #   devise_for :users
+    #
+    # This method is going to look inside your User model and create the
+    # needed routes:
+    #
+    #  # Session routes for Authenticatable (default)
+    #       new_user_session GET  /users/sign_in                    {:controller=>"devise/sessions", :action=>"new"}
+    #           user_session POST /users/sign_in                    {:controller=>"devise/sessions", :action=>"create"}
+    #   destroy_user_session GET  /users/sign_out                   {:controller=>"devise/sessions", :action=>"destroy"}
+    #
+    #  # Password routes for Recoverable, if User model has :recoverable configured
+    #      new_user_password GET  /users/password/new(.:format)     {:controller=>"devise/passwords", :action=>"new"}
+    #     edit_user_password GET  /users/password/edit(.:format)    {:controller=>"devise/passwords", :action=>"edit"}
+    #          user_password PUT  /users/password(.:format)         {:controller=>"devise/passwords", :action=>"update"}
+    #                        POST /users/password(.:format)         {:controller=>"devise/passwords", :action=>"create"}
+    #
+    #  # Confirmation routes for Confirmable, if User model has :confirmable configured
+    #  new_user_confirmation GET  /users/confirmation/new(.:format) {:controller=>"devise/confirmations", :action=>"new"}
+    #      user_confirmation GET  /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"show"}
+    #                        POST /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"create"}
+    #
+    # ==== Options
+    #
+    # You can configure your routes with some options:
+    #
+    #  * :class_name => setup a different class to be looked up by devise,
+    #                   if it cannot be correctly find by the route name.
+    #
+    #      devise_for :users, :class_name => 'Account'
+    #
+    #  * :path => allows you to setup path name that will be used, as rails routes does.
+    #             The following route configuration would setup your route as /accounts instead of /users:
+    #
+    #      devise_for :users, :path => 'accounts'
+    #
+    #  * :singular => setup the singular name for the given resource. This is used as the instance variable name in
+    #                 controller, as the name in routes and the scope given to warden.
+    #
+    #      devise_for :users, :singular => :user
+    #
+    #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
+    #                   :password, :confirmation, :unlock.
+    #
+    #      devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
+    #
+    #  * :controllers => the controller which should be used. All routes by default points to Devise controllers.
+    #    However, if you want them to point to custom controller, you should do:
+    #
+    #      devise_for :users, :controllers => { :sessions => "users/sessions" }
+    #
+    #  * :sign_out_via => the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #    if you wish to restrict this to accept only :post or :delete requests you should do:
+    #
+    #      devise_for :users, :sign_out_via => [ :post, :delete ]
+    #
+    #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
+    #
+    #  * :module => the namespace to find controlers. By default, devise will access devise/sessions,
+    #    devise/registrations and so on. If you want to namespace all at once, use module:
+    #
+    #      devise_for :users, :module => "users"
+    #
+    #    Notice that whenever you use namespace in the router DSL, it automatically sets the module.
+    #    So the following setup:
+    #
+    #      namespace :publisher
+    #        devise_for :account
+    #      end
+    #
+    #    Will use publisher/sessions controller instead of devise/sessions controller. You can revert
+    #    this by providing the :module option to devise_for.
+    #
+    #    Also pay attention that when you use a namespace it will affect all the helpers and methods for controllers
+    #    and views. For example, using the above setup you'll end with following methods:
+    #    current_publisher_account, authenticate_publisher_account!, pusblisher_account_signed_in, etc.
+    #
+    #  * :skip => tell which controller you want to skip routes from being created:
+    #
+    #      devise_for :users, :skip => :sessions
+    #
+    # ==== Scoping
+    #
+    # Following Rails 3 routes DSL, you can nest devise_for calls inside a scope:
+    #
+    #   scope "/my" do
+    #     devise_for :users
+    #   end
+    #
+    # However, since Devise uses the request path to retrieve the current user, it has one caveats.
+    # If you are using a dynamic segment, as below:
+    #
+    #   scope ":locale" do
+    #     devise_for :users
+    #   end
+    #
+    # You are required to configure default_url_options in your ApplicationController class level, so
+    # Devise can pick it:
+    #
+    #   class ApplicationController < ActionController::Base
+    #     def self.default_url_options
+    #       { :locale => I18n.locale }
+    #     end
+    #   end
+    #
+    # ==== Adding custom actions to override controllers
+    # 
+    # You can pass a block to devise_for that will add any routes defined in the block to Devise's 
+    # list of known actions.  This is important if you add a custom action to a controller that 
+    # overrides an out of the box Devise controller.
+    # For example:
+    #
+    #    class RegistrationsController < Devise::RegistrationsController
+    #      def update
+    #         # do something different here
+    #      end
+    #
+    #      def deactivate
+    #        # not a standard action
+    #        # deactivate code here
+    #      end
+    #    end
+    #
+    # In order to get Devise to recognize the deactivate action, your devise_for entry should look like this,
+    #
+    #     devise_for :owners, :controllers => { :registrations => "registrations" } do
+    #       post "deactivate", :to => "registrations#deactivate", :as => "deactivate_registration"
+    #     end
+    #
+    def devise_for(*resources)
+      options = resources.extract_options!
+
+      options[:as]          ||= @scope[:as]     if @scope[:as].present?
+      options[:module]      ||= @scope[:module] if @scope[:module].present?
+      options[:path_prefix] ||= @scope[:path]   if @scope[:path].present?
+      options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
+
+      resources.map!(&:to_sym)
+
+      resources.each do |resource|
+        mapping = Devise.add_mapping(resource, options)
+
+        begin
+          raise_no_devise_method_error!(mapping.class_name) unless mapping.to.respond_to?(:devise)
+        rescue NameError => e
+          raise unless mapping.class_name == resource.to_s.classify
+          warn "[WARNING] You provided devise_for #{resource.inspect} but there is " <<
+            "no model #{mapping.class_name} defined in your application"
+          next
+        rescue NoMethodError => e
+          raise unless e.message.include?("undefined method `devise'")
+          raise_no_devise_method_error!(mapping.class_name)
+        end
+
+        routes  = mapping.routes
+        routes -= Array(options.delete(:skip)).map { |s| s.to_s.singularize.to_sym }
+
+        devise_scope mapping.name do
+          yield if block_given?
+          with_devise_exclusive_scope mapping.fullpath, mapping.name do
+            routes.each { |mod| send("devise_#{mod}", mapping, mapping.controllers) }
+          end
+        end
+      end
+    end
+
+    # Allow you to add authentication request from the router:
+    #
+    #   authenticate(:user) do
+    #     resources :post
+    #   end
+    #
+    def authenticate(scope)
+      constraint = lambda do |request|
+        request.env["warden"].authenticate!(:scope => scope)
+      end
+
+      constraints(constraint) do
+        yield
+      end
+    end
+
+    # Sets the devise scope to be used in the controller. If you have custom routes,
+    # you are required to call this method (also aliased as :as) in order to specify
+    # to which controller it is targetted.
+    #
+    #   as :user do
+    #     get "sign_in", :to => "devise/sessions#new"
+    #   end
+    #
+    # Notice you cannot have two scopes mapping to the same URL. And remember, if
+    # you try to access a devise controller without specifying a scope, it will
+    # raise ActionNotFound error.
+    def devise_scope(scope)
+      constraint = lambda do |request|
+        request.env["devise.mapping"] = Devise.mappings[scope]
+        true
+      end
+
+      constraints(constraint) do
+        yield
+      end
+    end
+    alias :as :devise_scope
+
+    protected
+
+      def devise_session(mapping, controllers) #:nodoc:
+        resource :session, :only => [], :controller => controllers[:sessions], :path => "" do
+          get   :new,     :path => mapping.path_names[:sign_in],  :as => "new"
+          post  :create,  :path => mapping.path_names[:sign_in]
+          match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => mapping.sign_out_via
+        end
+      end
+
+      def devise_password(mapping, controllers) #:nodoc:
+        resource :password, :only => [:new, :create, :edit, :update],
+          :path => mapping.path_names[:password], :controller => controllers[:passwords]
+      end
+
+      def devise_confirmation(mapping, controllers) #:nodoc:
+        resource :confirmation, :only => [:new, :create, :show],
+          :path => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
+      end
+
+      def devise_unlock(mapping, controllers) #:nodoc:
+        if mapping.to.unlock_strategy_enabled?(:email)
+          resource :unlock, :only => [:new, :create, :show],
+            :path => mapping.path_names[:unlock], :controller => controllers[:unlocks]
+        end
+      end
+
+      def devise_registration(mapping, controllers) #:nodoc:
+        path_names = {
+          :new => mapping.path_names[:sign_up],
+          :cancel => mapping.path_names[:cancel]
+        }
+
+        resource :registration, :except => :show, :path => mapping.path_names[:registration],
+                 :path_names => path_names, :controller => controllers[:registrations] do
+          get :cancel
+        end
+      end
+
+      def devise_omniauth_callback(mapping, controllers) #:nodoc:
+        path_prefix = "/#{mapping.path}/auth"
+
+        if ::OmniAuth.config.path_prefix && ::OmniAuth.config.path_prefix != path_prefix
+          warn "[DEVISE] You can only add :omniauthable behavior to one model."
+        else
+          ::OmniAuth.config.path_prefix = path_prefix
+        end
+
+        match "/auth/:action/callback", :action => Regexp.union(mapping.to.omniauth_providers.map(&:to_s)),
+          :to => controllers[:omniauth_callbacks], :as => :omniauth_callback
+      end
+
+      def with_devise_exclusive_scope(new_path, new_as) #:nodoc:
+        old_as, old_path, old_module = @scope[:as], @scope[:path], @scope[:module]
+        @scope[:as], @scope[:path], @scope[:module] = new_as, new_path, nil
+        yield
+      ensure
+        @scope[:as], @scope[:path], @scope[:module] = old_as, old_path, old_module
+      end
+
+      def raise_no_devise_method_error!(klass) #:nodoc:
+        raise "#{klass} does not respond to 'devise' method. This usually means you haven't " <<
+          "loaded your ORM file or it's being loaded too late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " <<
+          "inside 'config/initializers/devise.rb' or before your application definition in 'config/application.rb'"
+      end
+  end
+end