devise 0.8.2 → 0.9.0

data/test/models/timeoutable_test.rb

@@ -3,26 +3,26 @@ require 'test/test_helper'
 class TimeoutableTest < ActiveSupport::TestCase
 
   test 'should be expired' do
-    assert new_user.timeout?(31.minutes.ago)
+    assert new_user.timedout?(31.minutes.ago)
   end
 
   test 'should not be expired' do
-    assert_not new_user.timeout?(29.minutes.ago)
+    assert_not new_user.timedout?(29.minutes.ago)
   end
 
   test 'should not be expired when params is nil' do
-    assert_not new_user.timeout?(nil)
+    assert_not new_user.timedout?(nil)
   end
 
   test 'fallback to Devise config option' do
     swap Devise, :timeout_in => 1.minute do
       user = new_user
-      assert user.timeout?(2.minutes.ago)
-      assert_not user.timeout?(30.seconds.ago)
+      assert user.timedout?(2.minutes.ago)
+      assert_not user.timedout?(30.seconds.ago)
 
       Devise.timeout_in = 5.minutes
-      assert_not user.timeout?(2.minutes.ago)
-      assert user.timeout?(6.minutes.ago)
+      assert_not user.timedout?(2.minutes.ago)
+      assert user.timedout?(6.minutes.ago)
     end
   end
 end

data/test/models/validatable_test.rb

@@ -18,7 +18,7 @@ class ValidatableTest < ActiveSupport::TestCase
     user.email = existing_user.email
     assert user.invalid?
     assert user.errors[:email]
-    assert_equal 1, user.errors[:email].to_a.size
+    assert_equal 1, [*user.errors[:email]].size
     assert_equal 'has already been taken', user.errors[:email]
   end
 
@@ -30,7 +30,7 @@ class ValidatableTest < ActiveSupport::TestCase
       user.email = email
       assert user.invalid?, 'should be invalid with email ' << email
       assert user.errors[:email]
-      assert_equal 1, user.errors[:email].to_a.size
+      assert_equal 1, [*user.errors[:email]].size
       assert_equal 'is invalid', user.errors[:email]
     end
   end

data/test/models_test.rb

@@ -1,47 +1,9 @@
 require 'test/test_helper'
 
-class Authenticatable < User
-  devise :authenticatable
-end
-
-class Confirmable < User
-  devise :authenticatable, :confirmable
-end
-
-class Recoverable < User
-  devise :authenticatable, :recoverable
-end
-
-class Rememberable < User
-  devise :authenticatable, :rememberable
-end
-
-class Trackable < User
-  devise :authenticatable, :trackable
-end
-
-class Timeoutable < User
-  devise :authenticatable, :timeoutable
-end
-
-class IsValidatable < User
-  devise :authenticatable, :validatable
-end
-
-class Devisable < User
-  devise :all
-end
-
-class Exceptable < User
-  devise :all, :except => [:recoverable, :rememberable, :validatable]
-end
-
 class Configurable < User
-  devise :all, :timeoutable, :stretches => 15,
-                             :pepper => 'abcdef',
-                             :confirm_within => 5.days,
-                             :remember_for => 7.days,
-                             :timeout_in => 15.minutes
+  devise :authenticatable, :confirmable, :rememberable, :timeoutable, :lockable,
+         :stretches => 15, :pepper => 'abcdef', :confirm_within => 5.days,
+         :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
 end
 
 class ActiveRecordTest < ActiveSupport::TestCase
@@ -60,41 +22,8 @@ class ActiveRecordTest < ActiveSupport::TestCase
     end
   end
 
-  test 'add authenticatable module only' do
-    assert_include_modules Authenticatable, :authenticatable
-  end
-
-  test 'add confirmable module only' do
-    assert_include_modules Confirmable, :authenticatable, :confirmable
-  end
-
-  test 'add recoverable module only' do
-    assert_include_modules Recoverable, :authenticatable, :recoverable
-  end
-
-  test 'add rememberable module only' do
-    assert_include_modules Rememberable, :authenticatable, :rememberable
-  end
-
-  test 'add trackable module only' do
-    assert_include_modules Trackable, :authenticatable, :trackable
-  end
-
-  test 'add timeoutable module only' do
-    assert_include_modules Timeoutable, :authenticatable, :timeoutable
-  end
-
-  test 'add validatable module only' do
-    assert_include_modules IsValidatable, :authenticatable, :validatable
-  end
-
-  test 'add all modules' do
-    assert_include_modules Devisable,
-      :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
-  end
-
-  test 'configure modules with except option' do
-    assert_include_modules Exceptable, :authenticatable, :confirmable, :trackable
+  test 'add modules cherry pick' do
+    assert_include_modules Admin, :authenticatable, :timeoutable
   end
 
   test 'set a default value for stretches' do
@@ -117,6 +46,10 @@ class ActiveRecordTest < ActiveSupport::TestCase
     assert_equal 15.minutes, Configurable.timeout_in
   end
 
+  test 'set a default value for unlock_in' do
+    assert_equal 10.days, Configurable.unlock_in
+  end
+
   test 'set null fields on migrations' do
     Admin.create!
   end

data/test/orm/active_record.rb

@@ -16,6 +16,7 @@ ActiveRecord::Schema.define(:version => 1) do
         t.recoverable
         t.rememberable
         t.trackable
+        t.lockable
       end
 
       t.timestamps

data/test/orm/mongo_mapper.rb

@@ -16,6 +16,5 @@ class ActiveSupport::TestCase
   setup do
     User.delete_all
     Admin.delete_all
-    Account.delete_all
   end
 end

data/test/rails_app/app/active_record/admin.rb

@@ -1,5 +1,5 @@
 class Admin < ActiveRecord::Base
-  devise :all, :timeoutable, :except => [:recoverable, :confirmable, :rememberable, :validatable, :trackable]
+  devise :authenticatable, :timeoutable
 
   def self.find_for_authentication(conditions)
     last(:conditions => conditions)

data/test/rails_app/app/active_record/user.rb

@@ -1,4 +1,5 @@
 class User < ActiveRecord::Base
-  devise :all, :timeoutable
+  devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable,
+         :validatable, :timeoutable, :lockable
   attr_accessible :username, :email, :password, :password_confirmation
 end

data/test/rails_app/app/mongo_mapper/admin.rb

@@ -1,7 +1,7 @@
 class Admin
   include MongoMapper::Document
 
-  devise :all, :timeoutable, :except => [:recoverable, :confirmable, :rememberable, :validatable, :trackable]
+  devise :authenticatable, :timeoutable
 
   def self.find_for_authentication(conditions)
     last(:conditions => conditions, :order => "email")

data/test/rails_app/app/mongo_mapper/user.rb

@@ -1,6 +1,7 @@
 class User
   include MongoMapper::Document
   key :created_at, DateTime
-  devise :all, :timeoutable
+  devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable,
+         :validatable, :timeoutable, :lockable
   # attr_accessible :username, :email, :password, :password_confirmation
 end

data/test/rails_app/config/initializers/devise.rb

@@ -1,15 +1,6 @@
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
-  # Configure Devise modules used by default. You should always set this value
-  # because if Devise adds a new strategy, it won't be added to your application
-  # by default, unless you configure it here.
-  #
-  # Remember that Devise includes other modules on its own (like :activatable
-  # and :timeoutable) which are not included here and also plugins. So be sure
-  # to check the docs for a complete set.
-  config.all = [:authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable]
-
   # Invoke `rake secret` and use the printed value to setup a pepper to generate
   # the encrypted password. By default no pepper is used.
   # config.pepper = "rake secret output"
@@ -43,7 +34,7 @@ Devise.setup do |config|
   # config.timeout_in = 10.minutes
 
   # Configure the e-mail address which will be shown in DeviseMailer.
-  # config.mailer_sender = "foo.bar@yourapp.com"
+  config.mailer_sender = "please-change-me-omg@yourapp.com"
 
   # Load and configure the ORM. Supports :active_record, :data_mapper and :mongo_mapper.
   require "devise/orm/#{DEVISE_ORM}"
@@ -54,6 +45,18 @@ Devise.setup do |config|
   # are using only default views.
   # config.scoped_views = true
 
+  # Number of authentication tries before locking an account.
+  # config.maximum_attempts = 20
+
+  # Defines which strategy will be used to unlock an account.
+  # :email = Sends an unlock link to the user email
+  # :time  = Reanables login after a certain ammount of time (see :unlock_in below)
+  # :both  = enables both strategies
+  # config.unlock_strategy = :both
+
+  # Time interval to unlock the account if :time is enabled as unlock_strategy.
+  # config.unlock_in = 1.hour
+
   # If you want to use other strategies, that are not (yet) supported by Devise,
   # you can configure them inside the config.warden block. The example below
   # allows you to setup OAuth, using http://github.com/roman/warden_oauth

data/test/rails_app/config/routes.rb

@@ -1,9 +1,11 @@
 ActionController::Routing::Routes.draw do |map|
   map.devise_for :users
   map.devise_for :admin, :as => 'admin_area'
-  map.devise_for :accounts, :path_names => {
-    :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification'
-  }, :scope => 'manager', :path_prefix => '/:locale', :requirements => { :extra => 'value' }
+  map.devise_for :accounts, :scope => 'manager', :path_prefix => ':locale',
+    :class_name => "User", :requirements => { :extra => 'value' }, :path_names => {
+      :sign_in => 'login', :sign_out => 'logout', :password => 'secret',
+      :confirmation => 'verification', :unlock => 'unblock'
+    }
 
   map.resources :users, :only => [:index], :member => { :expire => :get }
   map.resources :admins, :only => :index

data/test/routes_test.rb

@@ -67,4 +67,9 @@ class MapRoutingTest < ActionController::TestCase
   test 'map account with custom path name for confirmation' do
     assert_recognizes({:controller => 'confirmations', :action => 'new', :locale => 'en', :extra => 'value'}, '/en/accounts/verification/new')
   end
+
+  test 'map account with custom path name for unlock' do
+    assert_recognizes({:controller => 'unlocks', :action => 'new', :locale => 'en', :extra => 'value'}, '/en/accounts/unblock/new')
+  end
+
 end

data/test/support/integration_tests_helper.rb

@@ -10,6 +10,7 @@ class ActionController::IntegrationTest
         :email => 'user@test.com', :password => '123456', :password_confirmation => '123456', :created_at => Time.now.utc
       )
       user.confirm! unless options[:confirm] == false
+      user.lock! if options[:locked] == true
       user
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: devise
 version: !ruby/object:Gem::Version 
-  version: 0.8.2
+  version: 0.9.0
 platform: ruby
 authors: 
 - "Jos\xC3\xA9 Valim"
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-01-13 00:00:00 +01:00
+date: 2010-01-21 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -21,7 +21,7 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 0.8.1
+        version: 0.9.0
     version: 
 description: Flexible authentication solution for Rails with Warden
 email: contact@plataformatec.com.br
@@ -41,13 +41,17 @@ files:
 - app/controllers/confirmations_controller.rb
 - app/controllers/passwords_controller.rb
 - app/controllers/sessions_controller.rb
+- app/controllers/unlocks_controller.rb
 - app/models/devise_mailer.rb
 - app/views/confirmations/new.html.erb
 - app/views/devise_mailer/confirmation_instructions.html.erb
 - app/views/devise_mailer/reset_password_instructions.html.erb
+- app/views/devise_mailer/unlock_instructions.html.erb
 - app/views/passwords/edit.html.erb
 - app/views/passwords/new.html.erb
 - app/views/sessions/new.html.erb
+- app/views/shared/_devise_links.erb
+- app/views/unlocks/new.html.erb
 - generators/devise/USAGE
 - generators/devise/devise_generator.rb
 - generators/devise/lib/route_devise.rb
@@ -61,8 +65,9 @@ files:
 - generators/devise_views/devise_views_generator.rb
 - init.rb
 - lib/devise.rb
-- lib/devise/controllers/filters.rb
+- lib/devise/controllers/common.rb
 - lib/devise/controllers/helpers.rb
+- lib/devise/controllers/internal_helpers.rb
 - lib/devise/controllers/url_helpers.rb
 - lib/devise/encryptors/authlogic_sha512.rb
 - lib/devise/encryptors/base.rb
@@ -73,6 +78,7 @@ files:
 - lib/devise/encryptors/sha512.rb
 - lib/devise/failure_app.rb
 - lib/devise/hooks/activatable.rb
+- lib/devise/hooks/rememberable.rb
 - lib/devise/hooks/timeoutable.rb
 - lib/devise/hooks/trackable.rb
 - lib/devise/locales/en.yml
@@ -81,10 +87,9 @@ files:
 - lib/devise/models/activatable.rb
 - lib/devise/models/authenticatable.rb
 - lib/devise/models/confirmable.rb
-- lib/devise/models/cookie_serializer.rb
+- lib/devise/models/lockable.rb
 - lib/devise/models/recoverable.rb
 - lib/devise/models/rememberable.rb
-- lib/devise/models/session_serializer.rb
 - lib/devise/models/timeoutable.rb
 - lib/devise/models/trackable.rb
 - lib/devise/models/validatable.rb
@@ -95,11 +100,9 @@ files:
 - lib/devise/rails/routes.rb
 - lib/devise/rails/warden_compat.rb
 - lib/devise/schema.rb
-- lib/devise/serializers/base.rb
-- lib/devise/serializers/cookie.rb
-- lib/devise/serializers/session.rb
 - lib/devise/strategies/authenticatable.rb
 - lib/devise/strategies/base.rb
+- lib/devise/strategies/rememberable.rb
 - lib/devise/test_helpers.rb
 - lib/devise/version.rb
 has_rdoc: true
@@ -131,23 +134,26 @@ signing_key:
 specification_version: 3
 summary: Flexible authentication solution for Rails with Warden
 test_files: 
-- test/controllers/filters_test.rb
 - test/controllers/helpers_test.rb
+- test/controllers/internal_helpers_test.rb
 - test/controllers/url_helpers_test.rb
 - test/devise_test.rb
 - test/encryptors_test.rb
 - test/failure_app_test.rb
 - test/integration/authenticatable_test.rb
 - test/integration/confirmable_test.rb
+- test/integration/lockable_test.rb
 - test/integration/recoverable_test.rb
 - test/integration/rememberable_test.rb
 - test/integration/timeoutable_test.rb
 - test/integration/trackable_test.rb
 - test/mailers/confirmation_instructions_test.rb
 - test/mailers/reset_password_instructions_test.rb
+- test/mailers/unlock_instructions_test.rb
 - test/mapping_test.rb
 - test/models/authenticatable_test.rb
 - test/models/confirmable_test.rb
+- test/models/lockable_test.rb
 - test/models/recoverable_test.rb
 - test/models/rememberable_test.rb
 - test/models/timeoutable_test.rb
@@ -156,7 +162,6 @@ test_files:
 - test/models_test.rb
 - test/orm/active_record.rb
 - test/orm/mongo_mapper.rb
-- test/rails_app/app/active_record/account.rb
 - test/rails_app/app/active_record/admin.rb
 - test/rails_app/app/active_record/user.rb
 - test/rails_app/app/controllers/admins_controller.rb
@@ -164,7 +169,6 @@ test_files:
 - test/rails_app/app/controllers/home_controller.rb
 - test/rails_app/app/controllers/users_controller.rb
 - test/rails_app/app/helpers/application_helper.rb
-- test/rails_app/app/mongo_mapper/account.rb
 - test/rails_app/app/mongo_mapper/admin.rb
 - test/rails_app/app/mongo_mapper/user.rb
 - test/rails_app/config/boot.rb

data/lib/devise/controllers/filters.rb

@@ -1,186 +0,0 @@
-module Devise
-  module Controllers
-    # Those filters are convenience methods added to ApplicationController to
-    # deal with Warden.
-    module Filters
-
-      def self.included(base)
-        base.class_eval do
-          helper_method :warden, :signed_in?, :devise_controller?,
-                        *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
-
-          # Use devise default_url_options. We have to declare it here to overwrite
-          # default definitions.
-          def default_url_options(options=nil)
-            Devise::Mapping.default_url_options
-          end
-        end
-      end
-
-      # The main accessor for the warden proxy instance
-      def warden
-        request.env['warden']
-      end
-
-      # Return true if it's a devise_controller. false to all controllers unless
-      # the controllers defined inside devise. Useful if you want to apply a before
-      # filter to all controller, except the ones in devise:
-      #
-      #   before_filter :my_filter, :unless => { |c| c.devise_controller? }
-      def devise_controller?
-        false
-      end
-
-      # Attempts to authenticate the given scope by running authentication hooks,
-      # but does not redirect in case of failures.
-      def authenticate(scope)
-        warden.authenticate(:scope => scope)
-      end
-
-      # Attempts to authenticate the given scope by running authentication hooks,
-      # redirecting in case of failures.
-      def authenticate!(scope)
-        warden.authenticate!(:scope => scope)
-      end
-
-      # Check if the given scope is signed in session, without running
-      # authentication hooks.
-      def signed_in?(scope)
-        warden.authenticated?(scope)
-      end
-
-      # Sign in an user that already was authenticated. This helper is useful for logging
-      # users in after sign up.
-      #
-      # Examples:
-      #
-      #   sign_in :user, @user    # sign_in(scope, resource)
-      #   sign_in @user           # sign_in(resource)
-      #
-      def sign_in(resource_or_scope, resource=nil)
-        scope    ||= Devise::Mapping.find_scope!(resource_or_scope)
-        resource ||= resource_or_scope
-        warden.set_user(resource, :scope => scope)
-      end
-
-      # Sign out a given user or scope. This helper is useful for signing out an user
-      # after deleting accounts.
-      #
-      # Examples:
-      #
-      #   sign_out :user     # sign_out(scope)
-      #   sign_out @user     # sign_out(resource)
-      #
-      def sign_out(resource_or_scope)
-        scope = Devise::Mapping.find_scope!(resource_or_scope)
-        warden.user(scope) # Without loading user here, before_logout hook is not called
-        warden.raw_session.inspect # Without this inspect here. The session does not clear.
-        warden.logout(scope)
-      end
-
-      # Returns and delete the url stored in the session for the given scope. Useful
-      # for giving redirect backs after sign up:
-      #
-      # Example:
-      #
-      #   redirect_to stored_location_for(:user) || root_path
-      #
-      def stored_location_for(resource_or_scope)
-        scope = Devise::Mapping.find_scope!(resource_or_scope)
-        session.delete(:"#{scope}.return_to")
-      end
-
-      # The default url to be used after signing in. This is used by all Devise
-      # controllers and you can overwrite it in your ApplicationController to
-      # provide a custom hook for a custom resource.
-      #
-      # By default, it first tries to find a resource_root_path, otherwise it
-      # uses the root path. For a user scope, you can define the default url in
-      # the following way:
-      #
-      #   map.user_root '/users', :controller => 'users' # creates user_root_path
-      #
-      #   map.resources :users do |users|
-      #     users.root # creates user_root_path
-      #   end
-      #
-      # If none of these are defined, root_path is used.
-      def after_sign_in_path_for(resource_or_scope)
-        scope = Devise::Mapping.find_scope!(resource_or_scope)
-        home_path = :"#{scope}_root_path"
-        respond_to?(home_path, true) ? send(home_path) : root_path
-      end
-
-      # The default to be used after signing out. This is used by all Devise
-      # controllers and you can overwrite it in your ApplicationController to
-      # provide a custom hook for a custom resource.
-      #
-      # By default is the root_path.
-      def after_sign_out_path_for(resource_or_scope)
-        root_path
-      end
-
-      # Sign in an user and tries to redirect first to the stored location and
-      # then to the url specified by after_sign_in_path_for.
-      #
-      # If just a symbol is given, consider that the user was already signed in
-      # through other means and just perform the redirection.
-      def sign_in_and_redirect(*args)
-        sign_in(*args) unless args.size == 1 && args.first.is_a?(Symbol)
-        redirect_to stored_location_for(args.first) || after_sign_in_path_for(args.first)
-      end
-
-      # Sign out an user and tries to redirect to the url specified by
-      # after_sign_out_path_for.
-      def sign_out_and_redirect(resource_or_scope)
-        sign_out(resource_or_scope)
-        redirect_to after_sign_out_path_for(resource_or_scope)
-      end
-
-      # Define authentication filters and accessor helpers based on mappings.
-      # These filters should be used inside the controllers as before_filters,
-      # so you can control the scope of the user who should be signed in to
-      # access that specific controller/action.
-      # Example:
-      #
-      #   Maps:
-      #     User => :authenticatable
-      #     Admin => :authenticatable
-      #
-      #   Generated methods:
-      #     authenticate_user!  # Signs user in or redirect
-      #     authenticate_admin! # Signs admin in or redirect
-      #     user_signed_in?     # Checks whether there is an user signed in or not
-      #     admin_signed_in?    # Checks whether there is an admin signed in or not
-      #     current_user        # Current signed in user
-      #     current_admin       # Currend signed in admin
-      #     user_session        # Session data available only to the user scope
-      #     admin_session       # Session data available only to the admin scope
-      #
-      #   Use:
-      #     before_filter :authenticate_user!  # Tell devise to use :user map
-      #     before_filter :authenticate_admin! # Tell devise to use :admin map
-      #
-      Devise.mappings.each_key do |mapping|
-        class_eval <<-METHODS, __FILE__, __LINE__
-          def authenticate_#{mapping}!
-            warden.authenticate!(:scope => :#{mapping})
-          end
-
-          def #{mapping}_signed_in?
-            warden.authenticated?(:#{mapping})
-          end
-
-          def current_#{mapping}
-            @current_#{mapping} ||= warden.user(:#{mapping})
-          end
-
-          def #{mapping}_session
-            warden.session(:#{mapping})
-          end
-        METHODS
-      end
-
-    end
-  end
-end