devise 0.8.2 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +21 -2
- data/README.rdoc +40 -54
- data/Rakefile +1 -1
- data/TODO +1 -3
- data/app/controllers/confirmations_controller.rb +9 -20
- data/app/controllers/passwords_controller.rb +9 -20
- data/app/controllers/sessions_controller.rb +9 -9
- data/app/controllers/unlocks_controller.rb +22 -0
- data/app/models/devise_mailer.rb +6 -1
- data/app/views/confirmations/new.html.erb +1 -5
- data/app/views/devise_mailer/unlock_instructions.html.erb +7 -0
- data/app/views/passwords/edit.html.erb +1 -5
- data/app/views/passwords/new.html.erb +1 -5
- data/app/views/sessions/new.html.erb +1 -7
- data/app/views/shared/_devise_links.erb +15 -0
- data/app/views/unlocks/new.html.erb +12 -0
- data/generators/devise/templates/migration.rb +2 -0
- data/generators/devise/templates/model.rb +4 -1
- data/generators/devise_install/templates/devise.rb +20 -10
- data/lib/devise.rb +62 -18
- data/lib/devise/controllers/common.rb +24 -0
- data/lib/devise/controllers/helpers.rb +160 -80
- data/lib/devise/controllers/internal_helpers.rb +120 -0
- data/lib/devise/controllers/url_helpers.rb +2 -10
- data/lib/devise/encryptors/bcrypt.rb +2 -2
- data/lib/devise/hooks/activatable.rb +1 -4
- data/lib/devise/hooks/rememberable.rb +30 -0
- data/lib/devise/hooks/timeoutable.rb +4 -2
- data/lib/devise/locales/en.yml +9 -2
- data/lib/devise/mapping.rb +15 -11
- data/lib/devise/models.rb +16 -35
- data/lib/devise/models/activatable.rb +1 -1
- data/lib/devise/models/authenticatable.rb +1 -9
- data/lib/devise/models/confirmable.rb +6 -2
- data/lib/devise/models/lockable.rb +142 -0
- data/lib/devise/models/rememberable.rb +19 -2
- data/lib/devise/models/timeoutable.rb +1 -2
- data/lib/devise/orm/active_record.rb +2 -0
- data/lib/devise/orm/data_mapper.rb +1 -1
- data/lib/devise/orm/mongo_mapper.rb +12 -1
- data/lib/devise/rails/routes.rb +5 -1
- data/lib/devise/rails/warden_compat.rb +13 -13
- data/lib/devise/schema.rb +7 -0
- data/lib/devise/strategies/authenticatable.rb +1 -3
- data/lib/devise/strategies/base.rb +1 -1
- data/lib/devise/strategies/rememberable.rb +37 -0
- data/lib/devise/test_helpers.rb +1 -1
- data/lib/devise/version.rb +1 -1
- data/test/controllers/helpers_test.rb +155 -33
- data/test/controllers/internal_helpers_test.rb +55 -0
- data/test/devise_test.rb +24 -3
- data/test/encryptors_test.rb +3 -1
- data/test/integration/lockable_test.rb +83 -0
- data/test/integration/rememberable_test.rb +1 -1
- data/test/mailers/unlock_instructions_test.rb +62 -0
- data/test/models/authenticatable_test.rb +0 -23
- data/test/models/lockable_test.rb +202 -0
- data/test/models/timeoutable_test.rb +7 -7
- data/test/models/validatable_test.rb +2 -2
- data/test/models_test.rb +9 -76
- data/test/orm/active_record.rb +1 -0
- data/test/orm/mongo_mapper.rb +0 -1
- data/test/rails_app/app/active_record/admin.rb +1 -1
- data/test/rails_app/app/active_record/user.rb +2 -1
- data/test/rails_app/app/mongo_mapper/admin.rb +1 -1
- data/test/rails_app/app/mongo_mapper/user.rb +2 -1
- data/test/rails_app/config/initializers/devise.rb +13 -10
- data/test/rails_app/config/routes.rb +5 -3
- data/test/routes_test.rb +5 -0
- data/test/support/integration_tests_helper.rb +1 -0
- metadata +16 -12
- data/lib/devise/controllers/filters.rb +0 -186
- data/lib/devise/models/cookie_serializer.rb +0 -21
- data/lib/devise/models/session_serializer.rb +0 -19
- data/lib/devise/serializers/base.rb +0 -23
- data/lib/devise/serializers/cookie.rb +0 -43
- data/lib/devise/serializers/session.rb +0 -22
- data/test/controllers/filters_test.rb +0 -177
- data/test/rails_app/app/active_record/account.rb +0 -7
- data/test/rails_app/app/mongo_mapper/account.rb +0 -9
@@ -1,21 +0,0 @@
|
|
1
|
-
require 'devise/serializers/cookie'
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Models
|
5
|
-
module CookieSerializer
|
6
|
-
# Create the cookie key using the record id and remember_token
|
7
|
-
def serialize_into_cookie(record)
|
8
|
-
"#{record.id}::#{record.remember_token}"
|
9
|
-
end
|
10
|
-
|
11
|
-
# Recreate the user based on the stored cookie
|
12
|
-
def serialize_from_cookie(cookie)
|
13
|
-
record_id, record_token = cookie.split('::')
|
14
|
-
record = find(:first, :conditions => { :id => record_id }) if record_id
|
15
|
-
record if record.try(:valid_remember_token?, record_token)
|
16
|
-
end
|
17
|
-
|
18
|
-
Devise::Models.config(self, :remember_for)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
@@ -1,19 +0,0 @@
|
|
1
|
-
require 'devise/serializers/session'
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Models
|
5
|
-
module SessionSerializer
|
6
|
-
# Hook to serialize user into session. Overwrite if you want.
|
7
|
-
def serialize_into_session(record)
|
8
|
-
[record.class, record.id]
|
9
|
-
end
|
10
|
-
|
11
|
-
# Hook to serialize user from session. Overwrite if you want.
|
12
|
-
def serialize_from_session(keys)
|
13
|
-
klass, id = keys
|
14
|
-
raise "#{self} cannot serialize from #{klass} session since it's not one of its ancestors" unless klass <= self
|
15
|
-
klass.find(:first, :conditions => { :id => id })
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
require 'devise/strategies/base'
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Serializers
|
5
|
-
module Base
|
6
|
-
include Devise::Strategies::Base
|
7
|
-
attr_reader :scope
|
8
|
-
|
9
|
-
def serialize(record)
|
10
|
-
record.class.send(:"serialize_into_#{klass_type}", record)
|
11
|
-
end
|
12
|
-
|
13
|
-
def deserialize(keys)
|
14
|
-
mapping.to.send(:"serialize_from_#{klass_type}", keys)
|
15
|
-
end
|
16
|
-
|
17
|
-
def fetch(scope)
|
18
|
-
@scope = scope
|
19
|
-
super
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,43 +0,0 @@
|
|
1
|
-
require 'devise/serializers/base'
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Serializers
|
5
|
-
# This is a cookie serializer which stores the information if a :remember_me
|
6
|
-
# is sent in the params and if the model responds to remember_me! as well.
|
7
|
-
# As in Session serializer, the invoked methods are:
|
8
|
-
#
|
9
|
-
# User.serialize_into_cookie(@user)
|
10
|
-
# User.serialize_from_cookie(*args)
|
11
|
-
#
|
12
|
-
# An implementation for such methods can be found at Devise::Models::Rememberable.
|
13
|
-
#
|
14
|
-
# Differently from session, this approach is based in a token which is stored in
|
15
|
-
# the database. So if you want to sign out all clients at once, you just need to
|
16
|
-
# clean up the token column.
|
17
|
-
#
|
18
|
-
class Cookie < Warden::Serializers::Cookie
|
19
|
-
include Devise::Serializers::Base
|
20
|
-
|
21
|
-
def store(record, scope)
|
22
|
-
remember_me = params[scope].try(:fetch, :remember_me, nil)
|
23
|
-
if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!)
|
24
|
-
record.remember_me!
|
25
|
-
super
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
def default_options(record)
|
30
|
-
super.merge!(:expires => record.remember_expires_at)
|
31
|
-
end
|
32
|
-
|
33
|
-
def delete(scope, record=nil)
|
34
|
-
if record && record.respond_to?(:forget_me!)
|
35
|
-
record.forget_me!
|
36
|
-
super
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
Warden::Serializers.add(:cookie, Devise::Serializers::Cookie)
|
@@ -1,22 +0,0 @@
|
|
1
|
-
require 'devise/serializers/base'
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Serializers
|
5
|
-
# This serializer stores sign in information in th client session. It just
|
6
|
-
# extends Warden own serializer to move all the serialization logic to a
|
7
|
-
# class. For example, if a @user resource is given, it will call the following
|
8
|
-
# two methods to serialize and deserialize a record:
|
9
|
-
#
|
10
|
-
# User.serialize_into_session(@user)
|
11
|
-
# User.serialize_from_session(*args)
|
12
|
-
#
|
13
|
-
# This can be used any strategy and the default implementation is available
|
14
|
-
# at Devise::Models::SessionSerializer.
|
15
|
-
#
|
16
|
-
class Session < Warden::Serializers::Session
|
17
|
-
include Devise::Serializers::Base
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
Warden::Serializers.add(:session, Devise::Serializers::Session)
|
@@ -1,177 +0,0 @@
|
|
1
|
-
require 'test/test_helper'
|
2
|
-
require 'ostruct'
|
3
|
-
|
4
|
-
class MockController < ApplicationController
|
5
|
-
attr_accessor :env
|
6
|
-
|
7
|
-
def request
|
8
|
-
self
|
9
|
-
end
|
10
|
-
|
11
|
-
def path
|
12
|
-
''
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
class ControllerAuthenticableTest < ActionController::TestCase
|
17
|
-
tests MockController
|
18
|
-
|
19
|
-
def setup
|
20
|
-
@controller = MockController.new
|
21
|
-
@mock_warden = OpenStruct.new
|
22
|
-
@controller.env = { 'warden' => @mock_warden }
|
23
|
-
@controller.session = {}
|
24
|
-
end
|
25
|
-
|
26
|
-
test 'setup warden' do
|
27
|
-
assert_not_nil @controller.warden
|
28
|
-
end
|
29
|
-
|
30
|
-
test 'provide access to warden instance' do
|
31
|
-
assert_equal @controller.warden, @controller.env['warden']
|
32
|
-
end
|
33
|
-
|
34
|
-
test 'run authenticate? with scope on warden' do
|
35
|
-
@mock_warden.expects(:authenticated?).with(:my_scope)
|
36
|
-
@controller.signed_in?(:my_scope)
|
37
|
-
end
|
38
|
-
|
39
|
-
test 'proxy signed_in? to authenticated' do
|
40
|
-
@mock_warden.expects(:authenticated?).with(:my_scope)
|
41
|
-
@controller.signed_in?(:my_scope)
|
42
|
-
end
|
43
|
-
|
44
|
-
test 'run user with scope on warden' do
|
45
|
-
@mock_warden.expects(:user).with(:admin).returns(true)
|
46
|
-
@controller.current_admin
|
47
|
-
|
48
|
-
@mock_warden.expects(:user).with(:user).returns(true)
|
49
|
-
@controller.current_user
|
50
|
-
end
|
51
|
-
|
52
|
-
test 'proxy user_authenticate! to authenticate with user scope' do
|
53
|
-
@mock_warden.expects(:authenticate!).with(:scope => :user)
|
54
|
-
@controller.authenticate_user!
|
55
|
-
end
|
56
|
-
|
57
|
-
test 'proxy admin_authenticate! to authenticate with admin scope' do
|
58
|
-
@mock_warden.expects(:authenticate!).with(:scope => :admin)
|
59
|
-
@controller.authenticate_admin!
|
60
|
-
end
|
61
|
-
|
62
|
-
test 'proxy user_authenticated? to authenticate with user scope' do
|
63
|
-
@mock_warden.expects(:authenticated?).with(:user)
|
64
|
-
@controller.user_signed_in?
|
65
|
-
end
|
66
|
-
|
67
|
-
test 'proxy admin_authenticated? to authenticate with admin scope' do
|
68
|
-
@mock_warden.expects(:authenticated?).with(:admin)
|
69
|
-
@controller.admin_signed_in?
|
70
|
-
end
|
71
|
-
|
72
|
-
test 'proxy user_session to session scope in warden' do
|
73
|
-
@mock_warden.expects(:session).with(:user).returns({})
|
74
|
-
@controller.user_session
|
75
|
-
end
|
76
|
-
|
77
|
-
test 'proxy admin_session to session scope in warden' do
|
78
|
-
@mock_warden.expects(:session).with(:admin).returns({})
|
79
|
-
@controller.admin_session
|
80
|
-
end
|
81
|
-
|
82
|
-
test 'sign in proxy to set_user on warden' do
|
83
|
-
user = User.new
|
84
|
-
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
|
85
|
-
@controller.sign_in(:user, user)
|
86
|
-
end
|
87
|
-
|
88
|
-
test 'sign in accepts a resource as argument' do
|
89
|
-
user = User.new
|
90
|
-
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
|
91
|
-
@controller.sign_in(user)
|
92
|
-
end
|
93
|
-
|
94
|
-
test 'sign out proxy to logout on warden' do
|
95
|
-
@mock_warden.expects(:user).with(:user).returns(true)
|
96
|
-
@mock_warden.expects(:logout).with(:user).returns(true)
|
97
|
-
@controller.sign_out(:user)
|
98
|
-
end
|
99
|
-
|
100
|
-
test 'sign out accepts a resource as argument' do
|
101
|
-
@mock_warden.expects(:user).with(:user).returns(true)
|
102
|
-
@mock_warden.expects(:logout).with(:user).returns(true)
|
103
|
-
@controller.sign_out(User.new)
|
104
|
-
end
|
105
|
-
|
106
|
-
test 'stored location for returns the location for a given scope' do
|
107
|
-
assert_nil @controller.stored_location_for(:user)
|
108
|
-
@controller.session[:"user.return_to"] = "/foo.bar"
|
109
|
-
assert_equal "/foo.bar", @controller.stored_location_for(:user)
|
110
|
-
end
|
111
|
-
|
112
|
-
test 'stored location for accepts a resource as argument' do
|
113
|
-
assert_nil @controller.stored_location_for(:user)
|
114
|
-
@controller.session[:"user.return_to"] = "/foo.bar"
|
115
|
-
assert_equal "/foo.bar", @controller.stored_location_for(User.new)
|
116
|
-
end
|
117
|
-
|
118
|
-
test 'stored location cleans information after reading' do
|
119
|
-
@controller.session[:"user.return_to"] = "/foo.bar"
|
120
|
-
assert_equal "/foo.bar", @controller.stored_location_for(:user)
|
121
|
-
assert_nil @controller.session[:"user.return_to"]
|
122
|
-
end
|
123
|
-
|
124
|
-
test 'after sign in path defaults to root path if none by was specified for the given scope' do
|
125
|
-
assert_equal root_path, @controller.after_sign_in_path_for(:user)
|
126
|
-
end
|
127
|
-
|
128
|
-
test 'after sign in path defaults to the scoped root path' do
|
129
|
-
assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
|
130
|
-
end
|
131
|
-
|
132
|
-
test 'after sign out path defaults to the root path' do
|
133
|
-
assert_equal root_path, @controller.after_sign_out_path_for(:admin)
|
134
|
-
assert_equal root_path, @controller.after_sign_out_path_for(:user)
|
135
|
-
end
|
136
|
-
|
137
|
-
test 'sign in and redirect uses the stored location' do
|
138
|
-
user = User.new
|
139
|
-
@controller.session[:"user.return_to"] = "/foo.bar"
|
140
|
-
@mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
|
141
|
-
@controller.expects(:redirect_to).with("/foo.bar")
|
142
|
-
@controller.sign_in_and_redirect(user)
|
143
|
-
end
|
144
|
-
|
145
|
-
test 'sign in and redirect uses the configured after sign in path' do
|
146
|
-
admin = Admin.new
|
147
|
-
@mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
|
148
|
-
@controller.expects(:redirect_to).with(admin_root_path)
|
149
|
-
@controller.sign_in_and_redirect(admin)
|
150
|
-
end
|
151
|
-
|
152
|
-
test 'only redirect if just a symbol is given' do
|
153
|
-
@controller.expects(:redirect_to).with(admin_root_path)
|
154
|
-
@controller.sign_in_and_redirect(:admin)
|
155
|
-
end
|
156
|
-
|
157
|
-
test 'sign out and redirect uses the configured after sign out path' do
|
158
|
-
@mock_warden.expects(:user).with(:admin).returns(true)
|
159
|
-
@mock_warden.expects(:logout).with(:admin).returns(true)
|
160
|
-
@controller.expects(:redirect_to).with(admin_root_path)
|
161
|
-
@controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
|
162
|
-
@controller.sign_out_and_redirect(:admin)
|
163
|
-
end
|
164
|
-
|
165
|
-
test 'is not a devise controller' do
|
166
|
-
assert_not @controller.devise_controller?
|
167
|
-
end
|
168
|
-
|
169
|
-
test 'default url options are retrieved from devise' do
|
170
|
-
begin
|
171
|
-
Devise.default_url_options {{ :locale => I18n.locale }}
|
172
|
-
assert_equal({ :locale => :en }, @controller.send(:default_url_options))
|
173
|
-
ensure
|
174
|
-
Devise.default_url_options {{ }}
|
175
|
-
end
|
176
|
-
end
|
177
|
-
end
|