devise 0.8.2 → 0.9.0

data/lib/devise/models/rememberable.rb

@@ -1,4 +1,5 @@
-require 'devise/models/cookie_serializer'
+require 'devise/strategies/rememberable'
+require 'devise/hooks/rememberable'
 
 module Devise
   module Models
@@ -32,7 +33,7 @@ module Devise
 
       def self.included(base)
         base.class_eval do
-          extend CookieSerializer
+          extend ClassMethods
 
           # Remember me option available in after_authentication hook.
           attr_accessor :remember_me
@@ -70,6 +71,22 @@ module Devise
       def remember_expires_at
         remember_created_at + self.class.remember_for
       end
+
+      module ClassMethods
+        # Create the cookie key using the record id and remember_token
+        def serialize_into_cookie(record)
+          "#{record.id}::#{record.remember_token}"
+        end
+
+        # Recreate the user based on the stored cookie
+        def serialize_from_cookie(cookie)
+          record_id, record_token = cookie.split('::')
+          record = find(:first, :conditions => { :id => record_id }) if record_id
+          record if record.try(:valid_remember_token?, record_token)
+        end
+
+        Devise::Models.config(self, :remember_for)
+      end
     end
   end
 end

data/lib/devise/models/timeoutable.rb

@@ -2,7 +2,6 @@ require 'devise/hooks/timeoutable'
 
 module Devise
   module Models
-
     # Timeoutable takes care of veryfing whether a user session has already
     # expired or not. When a session expires after the configured time, the user
     # will be asked for credentials again, it means, he/she will be redirected
@@ -17,7 +16,7 @@ module Devise
       end
 
       # Checks whether the user session has expired based on configured time.
-      def timeout?(last_access)
+      def timedout?(last_access)
         last_access && last_access <= self.class.timeout_in.ago
       end
 

data/lib/devise/orm/active_record.rb

@@ -7,6 +7,8 @@ module Devise
     #     t.confirmable
     #     t.recoverable
     #     t.rememberable
+    #     t.trackable
+    #     t.lockable
     #     t.timestamps
     #   end
     #

data/lib/devise/orm/data_mapper.rb

@@ -12,7 +12,7 @@ module Devise
       end
 
       def self.included_modules_hook(klass, modules)
-        klass.send :extend, self
+        klass.send :extend,  self
         klass.send :include, InstanceMethods
 
         yield

data/lib/devise/orm/mongo_mapper.rb

@@ -1,8 +1,19 @@
 module Devise
   module Orm
     module MongoMapper
+      module InstanceMethods
+        def save(options={})
+          if options == false
+            super(:validate => false)
+          else
+            super
+          end
+        end
+      end
+
       def self.included_modules_hook(klass, modules)
-        klass.send :extend, self
+        klass.send :extend,  self
+        klass.send :include, InstanceMethods
         yield
 
         modules.each do |mod|

data/lib/devise/rails/routes.rb

@@ -8,7 +8,7 @@ module ActionController::Routing
       load_routes_without_devise!
       return if Devise.mappings.empty?
 
-      ActionController::Base.send :include, Devise::Controllers::Filters
+      ActionController::Base.send :include, Devise::Controllers::Helpers
       ActionController::Base.send :include, Devise::Controllers::UrlHelpers
 
       ActionView::Base.send :include, Devise::Controllers::UrlHelpers
@@ -113,6 +113,10 @@ module ActionController::Routing
           routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
         end
 
+        def lockable(routes, mapping)
+          routes.resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock]
+        end
+
     end
   end
 end

data/lib/devise/rails/warden_compat.rb

@@ -1,12 +1,6 @@
-# Taken from RailsWarden, thanks to Hassox. http://github.com/hassox/rails_warden
 module Warden::Mixins::Common
   def request
-    return @request if @request
-    if env['action_controller.rescue.request']
-      @request = env['action_controller.rescue.request']
-    else
-      Rack::Request.new(env)
-    end
+    @request ||= env['action_controller.rescue.request']
   end
 
   def reset_session!
@@ -15,11 +9,17 @@ module Warden::Mixins::Common
   end
 
   def response
-    return @response if @response
-    if env['action_controller.rescue.response']
-      @response = env['action_controller.rescue.response']
-    else
-      Rack::Response.new(env)
-    end
+    @response ||= env['action_controller.rescue.response']
   end
 end
+
+class Warden::SessionSerializer
+  def serialize(record)
+    [record.class, record.id]
+  end
+
+  def deserialize(keys)
+    klass, id = keys
+    klass.find(:first, :conditions => { :id => id })
+  end
+end

data/lib/devise/schema.rb

@@ -45,6 +45,13 @@ module Devise
       apply_schema :last_sign_in_ip,    String
     end
 
+    # Creates failed_attempts, unlock_token and locked_at
+    def lockable
+      apply_schema :failed_attempts, Integer, :default => 0
+      apply_schema :unlock_token,    String, :limit => 20
+      apply_schema :locked_at,       DateTime
+    end
+
     # Overwrite with specific modification to create your own schema.
     def apply_schema(name, type, options={})
       raise NotImplementedError

data/lib/devise/strategies/authenticatable.rb

@@ -4,9 +4,7 @@ module Devise
   module Strategies
     # Default strategy for signing in a user, based on his email and password.
     # Redirects to sign_in page if it's not authenticated
-    class Authenticatable < Warden::Strategies::Base
-      include Devise::Strategies::Base
-
+    class Authenticatable < Base
       def valid?
         super && params[scope] && params[scope][:password].present?
       end

data/lib/devise/strategies/base.rb

@@ -1,7 +1,7 @@
 module Devise
   module Strategies
     # Base strategy for Devise. Responsible for verifying correct scope and mapping.
-    module Base
+    class Base < ::Warden::Strategies::Base
       # Validate strategy. By default will raise an error if no scope or an
       # invalid mapping is found.
       def valid?

data/lib/devise/strategies/rememberable.rb

@@ -0,0 +1,37 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    # Remember the user through the remember token. This strategy is responsible
+    # to verify whether there is a cookie with the remember token, and to
+    # recreate the user from this cookie if it exists.  Must be called *before*
+    # authenticatable.
+    class Rememberable < Devise::Strategies::Base
+
+      # A valid strategy for rememberable needs a remember token in the cookies.
+      def valid?
+        super && remember_me_cookie.present?
+      end
+
+      # To authenticate a user we deserialize the cookie and attempt finding
+      # the record in the database. If the attempt fails, we pass to another
+      # strategy handle the authentication.
+      def authenticate!
+        if resource = mapping.to.serialize_from_cookie(remember_me_cookie)
+          success!(resource)
+        else
+          pass
+        end
+      end
+
+    private
+
+      # Accessor for remember cookie
+      def remember_me_cookie
+        @remember_me_cookie ||= request.cookies["remember_#{mapping.name}_token"]
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)

data/lib/devise/test_helpers.rb

@@ -66,7 +66,7 @@ module Devise
     def sign_in(resource_or_scope, resource=nil)
       scope    ||= Devise::Mapping.find_scope!(resource_or_scope)
       resource ||= resource_or_scope
-      session["warden.user.#{scope}.key"] = resource.class.serialize_into_session(resource)
+      warden.session_serializer.store(resource, scope)
     end
 
     # Sign out a given resource or scope by calling logout on Warden.

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.8.2".freeze
+  VERSION = "0.9.0".freeze
 end

data/test/controllers/helpers_test.rb

@@ -1,55 +1,177 @@
 require 'test/test_helper'
+require 'ostruct'
 
-class MyController < ApplicationController
-  include Devise::Controllers::Helpers
+class MockController < ApplicationController
+  attr_accessor :env
+
+  def request
+    self
+  end
+
+  def path
+    ''
+  end
 end
 
-class HelpersTest < ActionController::TestCase
-  tests MyController
+class ControllerAuthenticableTest < ActionController::TestCase
+  tests MockController
+
+  def setup
+    @controller = MockController.new
+    @mock_warden = OpenStruct.new
+    @controller.env = { 'warden' => @mock_warden }
+    @controller.session = {}
+  end
+
+  test 'setup warden' do
+    assert_not_nil @controller.warden
+  end
+
+  test 'provide access to warden instance' do
+    assert_equal @controller.warden, @controller.env['warden']
+  end
+
+  test 'proxy signed_in? to authenticated' do
+    @mock_warden.expects(:authenticate?).with(:scope => :my_scope)
+    @controller.signed_in?(:my_scope)
+  end
+
+  test 'proxy current_admin to authenticate with admin scope' do
+    @mock_warden.expects(:authenticate).with(:scope => :admin)
+    @controller.current_admin
+  end
 
-  test 'get resource name from request path' do
-    @request.path = '/users/session'
-    assert_equal :user, @controller.resource_name
+  test 'proxy current_user to authenticate with user scope' do
+    @mock_warden.expects(:authenticate).with(:scope => :user)
+    @controller.current_user
   end
 
-  test 'get resource name from specific request path' do
-    @request.path = '/admin_area/session'
-    assert_equal :admin, @controller.resource_name
+  test 'proxy user_authenticate! to authenticate with user scope' do
+    @mock_warden.expects(:authenticate!).with(:scope => :user)
+    @controller.authenticate_user!
   end
 
-  test 'get resource class from request path' do
-    @request.path = '/users/session'
-    assert_equal User, @controller.resource_class
+  test 'proxy admin_authenticate! to authenticate with admin scope' do
+    @mock_warden.expects(:authenticate!).with(:scope => :admin)
+    @controller.authenticate_admin!
   end
 
-  test 'get resource instance variable from request path' do
-    @request.path = '/admin_area/session'
-    @controller.instance_variable_set(:@admin, admin = Admin.new)
-    assert_equal admin, @controller.resource
+  test 'proxy user_signed_in? to authenticate? with user scope' do
+    @mock_warden.expects(:authenticate?).with(:scope => :user)
+    @controller.user_signed_in?
   end
 
-  test 'set resource instance variable from request path' do
-    @request.path = '/admin_area/session'
+  test 'proxy admin_signed_in? to authenticate? with admin scope' do
+    @mock_warden.expects(:authenticate?).with(:scope => :admin)
+    @controller.admin_signed_in?
+  end
+
+  test 'proxy user_session to session scope in warden' do
+    @mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
+    @mock_warden.expects(:session).with(:user).returns({})
+    @controller.user_session
+  end
 
-    admin = @controller.send(:resource_class).new
-    @controller.send(:resource=, admin)
+  test 'proxy admin_session to session scope in warden' do
+    @mock_warden.expects(:authenticate).with(:scope => :admin).returns(true)
+    @mock_warden.expects(:session).with(:admin).returns({})
+    @controller.admin_session
+  end
+
+  test 'sign in proxy to set_user on warden' do
+    user = User.new
+    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @controller.sign_in(:user, user)
+  end
+
+  test 'sign in accepts a resource as argument' do
+    user = User.new
+    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @controller.sign_in(user)
+  end
 
-    assert_equal admin, @controller.send(:resource)
-    assert_equal admin, @controller.instance_variable_get(:@admin)
+  test 'sign out proxy to logout on warden' do
+    @mock_warden.expects(:user).with(:user).returns(true)
+    @mock_warden.expects(:logout).with(:user).returns(true)
+    @controller.sign_out(:user)
   end
 
-  test 'resources methods are not controller actions' do
-    assert @controller.class.action_methods.empty?
+  test 'sign out accepts a resource as argument' do
+    @mock_warden.expects(:user).with(:user).returns(true)
+    @mock_warden.expects(:logout).with(:user).returns(true)
+    @controller.sign_out(User.new)
   end
 
-  test 'require no authentication tests current mapping' do
-    @controller.expects(:resource_name).returns(:user).twice
-    @mock_warden.expects(:authenticated?).with(:user).returns(true)
-    @controller.expects(:redirect_to).with(root_path)
-    @controller.send :require_no_authentication
+  test 'stored location for returns the location for a given scope' do
+    assert_nil @controller.stored_location_for(:user)
+    @controller.session[:"user.return_to"] = "/foo.bar"
+    assert_equal "/foo.bar", @controller.stored_location_for(:user)
   end
-  
-  test 'is a devise controller' do
-    assert @controller.devise_controller?
+
+  test 'stored location for accepts a resource as argument' do
+    assert_nil @controller.stored_location_for(:user)
+    @controller.session[:"user.return_to"] = "/foo.bar"
+    assert_equal "/foo.bar", @controller.stored_location_for(User.new)
+  end
+
+  test 'stored location cleans information after reading' do
+    @controller.session[:"user.return_to"] = "/foo.bar"
+    assert_equal "/foo.bar", @controller.stored_location_for(:user)
+    assert_nil @controller.session[:"user.return_to"]
+  end
+
+  test 'after sign in path defaults to root path if none by was specified for the given scope' do
+    assert_equal root_path, @controller.after_sign_in_path_for(:user)
+  end
+
+  test 'after sign in path defaults to the scoped root path' do
+    assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
+  end
+
+  test 'after sign out path defaults to the root path' do
+    assert_equal root_path, @controller.after_sign_out_path_for(:admin)
+    assert_equal root_path, @controller.after_sign_out_path_for(:user)
+  end
+
+  test 'sign in and redirect uses the stored location' do
+    user = User.new
+    @controller.session[:"user.return_to"] = "/foo.bar"
+    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @controller.expects(:redirect_to).with("/foo.bar")
+    @controller.sign_in_and_redirect(user)
+  end
+
+  test 'sign in and redirect uses the configured after sign in path' do
+    admin = Admin.new
+    @mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
+    @controller.expects(:redirect_to).with(admin_root_path)
+    @controller.sign_in_and_redirect(admin)
+  end
+
+  test 'only redirect if skip is given' do
+    admin = Admin.new
+    @controller.expects(:redirect_to).with(admin_root_path)
+    @controller.sign_in_and_redirect(:admin, admin, true)
+  end
+
+  test 'sign out and redirect uses the configured after sign out path' do
+    @mock_warden.expects(:user).with(:admin).returns(true)
+    @mock_warden.expects(:logout).with(:admin).returns(true)
+    @controller.expects(:redirect_to).with(admin_root_path)
+    @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
+    @controller.sign_out_and_redirect(:admin)
+  end
+
+  test 'is not a devise controller' do
+    assert_not @controller.devise_controller?
+  end
+
+  test 'default url options are retrieved from devise' do
+    begin
+      Devise.default_url_options {{ :locale => I18n.locale }}
+      assert_equal({ :locale => :en }, @controller.send(:default_url_options))
+    ensure
+      Devise.default_url_options {{ }}
+    end
   end
 end