devise 0.7.3 → 0.7.4

data/CHANGELOG.rdoc

@@ -1,3 +1,7 @@
+* enhancements
+  * Extract Activatable from Confirmable
+  * Decouple Serializers from Devise modules
+
 == 0.7.3
 
 * bug fix

data/README.rdoc

@@ -13,6 +13,7 @@ Right now it's composed of seven mainly modules:
 * Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
 * Recoverable: takes care of reseting the user password and send reset instructions.
 * Rememberable: manages generating and clearing token for remember the user from a saved cookie.
+* Activatable: if you need to activate accounts by other means, which are not through confirmation, use this module.
 * Timeoutable: expires sessions without activity in a certain period of time.
 * Trackable: tracks sign in count, timestamps and ip.
 * Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.

data/Rakefile

@@ -5,10 +5,18 @@ require 'rake/testtask'
 require 'rake/rdoctask'
 require File.join(File.dirname(__FILE__), 'lib', 'devise', 'version')
 
-desc 'Default: run unit tests.'
-task :default => :test
+desc 'Default: run tests for all ORMs.'
+task :default => :pre_commit
 
-desc 'Test Devise.'
+desc 'Run Devise tests for all ORMs.'
+task :pre_commit do
+  Dir[File.join(File.dirname(__FILE__), 'test', 'orm', '*.rb')].each do |file|
+    orm = File.basename(file).split(".").first
+    system "rake test DEVISE_ORM=#{orm}"
+  end
+end
+
+desc 'Run Devise unit tests.'
 Rake::TestTask.new(:test) do |t|
   t.libs << 'lib'
   t.libs << 'test'

data/TODO

@@ -1,3 +1,6 @@
-* Make test run with different ORMs
-* Add registerable support
-* Add http authentication support
+* Make test run with DataMapper (ActiveRecord, MongoMapper)
+* Add Registerable support
+* Add http authentication support
+* Extract SessionSerializer tests from Authenticatable
+* Extract CookieSerializer tests from Authenticatable
+* Extract Activatable tests from Confirmable

data/generators/devise_install/templates/devise.rb

@@ -1,10 +1,14 @@
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
-  # Configure the frameworks used by default. You should always set this value
-  # because if Devise add a new strategy, it won't be added to your application
+  # Configure Devise modules used by default. You should always set this value
+  # because if Devise adds a new strategy, it won't be added to your application
   # by default, unless you configure it here.
-  config.all = <%= Devise::ALL.inspect %>
+  #
+  # Remember that Devise includes other modules on its own (like :activatable
+  # and :timeoutable) which are not included here and also plugins. So be sure
+  # to check the docs for a complete set.
+  config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
 
   # Invoke `rake secret` and use the printed value to setup a pepper to generate
   # the encrypted password. By default no pepper is used.

data/lib/devise.rb

@@ -24,7 +24,7 @@ module Devise
     autoload :MongoMapper, 'devise/orm/mongo_mapper'
   end
 
-  ALL = [:authenticatable, :confirmable, :recoverable, :rememberable,
+  ALL = [:authenticatable, :activatable, :confirmable, :recoverable, :rememberable,
          :timeoutable, :trackable, :validatable]
 
   # Maps controller names to devise modules
@@ -35,12 +35,11 @@ module Devise
   }
 
   STRATEGIES  = [:authenticatable]
-  SERIALIZERS = [:authenticatable, :rememberable]
+  SERIALIZERS = [:session, :cookie]
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 
-  # Maps the messages types that are used in flash message. This array is not
-  # frozen, so you can add messages from your own strategies.
-  FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :timeout ]
+  # Maps the messages types that are used in flash message.
+  FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :timeout, :inactive ]
 
   # Declare encryptors length which are used in migrations.
   ENCRYPTORS_LENGTH = {
@@ -51,6 +50,9 @@ module Devise
     :authlogic_sha512 => 128
   }
 
+  # Email regex used to validate email formats. Retrieved from authlogic.
+  EMAIL_REGEX = /\A[\w\.%\+\-]+@(?:[A-Z0-9\-]+\.)+(?:[A-Z]{2,4}|museum|travel)\z/i
+
   # Used to encrypt password. Please generate one with rake secret.
   mattr_accessor :pepper
   @@pepper = nil
@@ -166,6 +168,9 @@ rescue
   require 'warden'
 end
 
-# Set the default_scope to nil, so it's overwritten when the first route is declared.
+# Clear some Warden default configuration which will be overwritten
+Warden::Strategies.clear!
+Warden::Serializers.clear!
 Warden::Manager.default_scope = nil
-require 'devise/rails'
+
+require 'devise/rails'

data/lib/devise/controllers/helpers.rb

@@ -99,7 +99,7 @@ module Devise
       # Render a view for the specified scope. Turned off by default.
       # Accepts just :controller as option.
       def render_with_scope(action, options={})
-        controller_name = options.delete(:controller) || self.controller_name
+        controller_name = options.delete(:controller) || self.controller_name
         if Devise.scoped_views
           begin
             render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"

data/lib/devise/hooks/{confirmable.rb → activatable.rb}

@@ -6,12 +6,13 @@ Warden::Manager.after_set_user do |record, warden, options|
   if record && record.respond_to?(:active?) && !record.active?
     scope = options[:scope]
     warden.logout(scope)
+
+    # If winning strategy was set, this is being called after authenticate and
+    # there is no need to force a redirect.
     if warden.winning_strategy
-      # If winning strategy was set, this is being called after authenticate and
-      # there is no need to force a redirect.
-      warden.winning_strategy.fail!(:unconfirmed)
+      warden.winning_strategy.fail!(record.inactive_message)
     else
-      throw :warden, :scope => scope, :message => :unconfirmed
+      throw :warden, :scope => scope, :message => record.inactive_message
     end
   end
 end

data/lib/devise/locales/en.yml

@@ -7,6 +7,7 @@ en:
       unconfirmed: 'You have to confirm your account before continuing.'
       invalid: 'Invalid email or password.'
       timeout: 'Your session expired, please sign in again to continue.'
+      inactive: 'Your account was not activated yet.'
     passwords:
       send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
       updated: 'Your password was changed successfully. You are now signed in.'
@@ -17,3 +18,4 @@ en:
       confirmation_instructions: 'Confirmation instructions'
       reset_password_instructions: 'Reset password instructions'
 
+

data/lib/devise/models.rb

@@ -1,10 +1,11 @@
 module Devise
   module Models
+    autoload :Activatable, 'devise/models/activatable'
     autoload :Authenticatable, 'devise/models/authenticatable' 
     autoload :Confirmable, 'devise/models/confirmable' 
     autoload :Recoverable, 'devise/models/recoverable' 
     autoload :Rememberable, 'devise/models/rememberable'
-    autoload :SessionSerializer, 'devise/models/authenticatable'
+    autoload :SessionSerializer, 'devise/models/session_serializer'
     autoload :Timeoutable, 'devise/models/timeoutable' 
     autoload :Trackable, 'devise/models/trackable' 
     autoload :Validatable, 'devise/models/validatable' 
@@ -81,9 +82,9 @@ module Devise
       raise "You need to give at least one Devise module" if modules.empty?
 
       options  = modules.extract_options!
-      modules  = Devise.all if modules.include?(:all)
+      modules += Devise.all if modules.delete(:all)
       modules -= Array(options.delete(:except))
-      modules  = Devise::ALL & modules
+      modules  = Devise::ALL & modules.uniq
 
       Devise.orm_class.included_modules_hook(self, modules) do
         modules.each do |m|
@@ -101,7 +102,7 @@ module Devise
       @devise_modules ||= []
     end
 
-    # Find an initialize a record setting an error if it can't be found
+    # Find an initialize a record setting an error if it can't be found.
     def find_or_initialize_with_error_by(attribute, value, error=:invalid)
       if value.present?
         conditions = { attribute => value }
@@ -113,13 +114,25 @@ module Devise
 
         if value.present?
           record.send(:"#{attribute}=", value)
-          record.errors.add(attribute, error, :default => error.to_s.gsub("_", " "))
         else
-          record.errors.add(attribute, :blank)
+          error, skip_default = :blank, true
         end
+
+        add_error_on(record, attribute, error, !skip_default)
       end
 
       record
     end
+
+    # Wraps add error logic in a method that works for different frameworks.
+    def add_error_on(record, attribute, error, add_default=true)
+      options = add_default ? { :default => error.to_s.gsub("_", " ") } : {}
+
+      begin
+        record.errors.add(attribute, error, options)
+      rescue ArgumentError
+        record.errors.add(attribute, error.to_s.gsub("_", " "))
+      end
+    end
   end
-end
+end

data/lib/devise/models/activatable.rb

@@ -0,0 +1,16 @@
+require 'devise/hooks/activatable'
+
+module Devise
+  module Models
+    # This module implements the default API required in activatable hook. 
+    module Activatable
+      def active?
+        raise NotImplementedError
+      end
+
+      def inactive_message
+        :inactive
+      end
+    end
+  end
+end

data/lib/devise/models/authenticatable.rb

@@ -1,22 +1,8 @@
 require 'devise/strategies/authenticatable'
-require 'devise/serializers/authenticatable'
+require 'devise/models/session_serializer'
 
 module Devise
   module Models
-    module SessionSerializer
-      # Hook to serialize user into session. Overwrite if you want.
-      def serialize_into_session(record)
-        [record.class, record.id]
-      end
-
-      # Hook to serialize user from session. Overwrite if you want.
-      def serialize_from_session(keys)
-        klass, id = keys
-        raise "#{self} cannot serialize from #{klass} session since it's not its ancestors" unless klass <= self
-        klass.find(:first, :conditions => { :id => id })
-      end
-    end
-
     # Authenticable Module, responsible for encrypting password and validating
     # authenticity of a user while signing in.
     #
@@ -67,13 +53,18 @@ module Devise
         password_digest(incoming_password) == encrypted_password
       end
 
+      # Checks if a resource is valid upon authentication.
+      def valid_for_authentication?(attributes)
+        valid_password?(attributes[:password])
+      end
+
       # Update record attributes when :old_password matches, otherwise returns
       # error on :old_password.
       def update_with_password(params={})
         if valid_password?(params[:old_password])
           update_attributes(params)
         else
-          errors.add(:old_password, :invalid)
+          self.class.add_error_on(self, :old_password, :invalid, false)
           false
         end
       end
@@ -93,7 +84,13 @@ module Devise
           return unless authentication_keys.all? { |k| attributes[k].present? }
           conditions = attributes.slice(*authentication_keys)
           resource = find_for_authentication(conditions)
-          valid_for_authentication(resource, attributes) if resource
+          if respond_to?(:valid_for_authentication)
+            ActiveSupport::Deprecation.warn "valid_for_authentication class method is deprecated. " <<
+              "Use valid_for_authentication? in the instance instead."
+            valid_for_authentication(resource, attributes)
+          elsif resource.try(:valid_for_authentication?, attributes)
+            resource
+          end
         end
 
         # Returns the class for the configured encryptor.
@@ -117,11 +114,6 @@ module Devise
           find(:first, :conditions => conditions)
         end
 
-        # Contains the logic used in authentication. Overwritten by other devise modules.
-        def valid_for_authentication(resource, attributes)
-          resource if resource.valid_password?(attributes[:password])
-        end
-
         Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
       end
     end

data/lib/devise/models/confirmable.rb

@@ -1,4 +1,4 @@
-require 'devise/hooks/confirmable'
+require 'devise/models/activatable'
 
 module Devise
   module Models
@@ -29,6 +29,7 @@ module Devise
     #   User.find(1).send_confirmation_instructions # manually send instructions
     #   User.find(1).resend_confirmation! # generates a new token and resent it
     module Confirmable
+      include Devise::Models::Activatable
 
       def self.included(base)
         base.class_eval do
@@ -70,14 +71,19 @@ module Devise
         end
       end
 
-      # Verify whether a user is active to sign in or not. If the user is
-      # already confirmed, it should never be blocked. Otherwise we need to
-      # calculate if the confirm time has not expired for this user, in other
-      # words, if the confirmation is still valid.
+      # Overwrites active? from Devise::Models::Activatable for confirmation
+      # by verifying whether an user is active to sign in or not. If the user
+      # is already confirmed, it should never be blocked. Otherwise we need to
+      # calculate if the confirm time has not expired for this user.
       def active?
         confirmed? || confirmation_period_valid?
       end
 
+      # The message to be shown if the account is inactive.
+      def inactive_message
+        :unconfirmed
+      end
+
       # If you don't want confirmation to be sent on create, neither a code
       # to be generated, call skip_confirmation!
       def skip_confirmation!
@@ -121,7 +127,7 @@ module Devise
           unless confirmed?
             yield
           else
-            errors.add(:email, :already_confirmed, :default => 'already confirmed')
+            self.class.add_error_on(self, :email, :already_confirmed)
             false
           end
         end

data/lib/devise/models/cookie_serializer.rb

@@ -0,0 +1,21 @@
+require 'devise/serializers/cookie'
+
+module Devise
+  module Models
+    module CookieSerializer
+      # Create the cookie key using the record id and remember_token
+      def serialize_into_cookie(record)
+        "#{record.id}::#{record.remember_token}"
+      end
+
+      # Recreate the user based on the stored cookie
+      def serialize_from_cookie(cookie)
+        record_id, record_token = cookie.split('::')
+        record = find(:first, :conditions => { :id => record_id }) if record_id
+        record if record.try(:valid_remember_token?, record_token)
+      end
+
+      Devise::Models.config(self, :remember_for)
+    end
+  end
+end

data/lib/devise/models/rememberable.rb

@@ -1,9 +1,7 @@
-require 'digest/sha1'
-require 'devise/serializers/rememberable'
+require 'devise/models/cookie_serializer'
 
 module Devise
   module Models
-
     # Rememberable manages generating and clearing token for remember the user
     # from a saved cookie. Rememberable also has utility methods for dealing
     # with serializing the user into the cookie and back from the cookie, trying
@@ -34,7 +32,7 @@ module Devise
 
       def self.included(base)
         base.class_eval do
-          extend ClassMethods
+          extend CookieSerializer
 
           # Remember me option available in after_authentication hook.
           attr_accessor :remember_me
@@ -72,22 +70,6 @@ module Devise
       def remember_expires_at
         remember_created_at + self.class.remember_for
       end
-
-      module ClassMethods
-        # Create the cookie key using the record id and remember_token
-        def serialize_into_cookie(rememberable)
-          "#{rememberable.id}::#{rememberable.remember_token}"
-        end
-
-        # Recreate the user based on the stored cookie
-        def serialize_from_cookie(cookie)
-          rememberable_id, remember_token = cookie.split('::')
-          rememberable = find(:first, :conditions => { :id => rememberable_id }) if rememberable_id
-          rememberable if rememberable.try(:valid_remember_token?, remember_token)
-        end
-
-        Devise::Models.config(self, :remember_for)
-      end
     end
   end
 end

data/lib/devise/models/session_serializer.rb

@@ -0,0 +1,19 @@
+require 'devise/serializers/session'
+
+module Devise
+  module Models
+    module SessionSerializer
+      # Hook to serialize user into session. Overwrite if you want.
+      def serialize_into_session(record)
+        [record.class, record.id]
+      end
+
+      # Hook to serialize user from session. Overwrite if you want.
+      def serialize_from_session(keys)
+        klass, id = keys
+        raise "#{self} cannot serialize from #{klass} session since it's not one of its ancestors" unless klass <= self
+        klass.find(:first, :conditions => { :id => id })
+      end
+    end
+  end
+end

data/lib/devise/models/validatable.rb

@@ -6,10 +6,6 @@ module Devise
     # Automatically validate if the email is present, unique and it's format is
     # valid. Also tests presence of password, confirmation and length
     module Validatable
-
-      # Email regex used to validate email formats. Retrieved from authlogic.
-      EMAIL_REGEX = /\A[\w\.%\+\-]+@(?:[A-Z0-9\-]+\.)+(?:[A-Z]{2,4}|museum|travel)\z/i
-
       # All validations used by this module.
       VALIDATIONS = [ :validates_presence_of, :validates_uniqueness_of, :validates_format_of,
                       :validates_confirmation_of, :validates_length_of ].freeze