devise 0.9.2 → 1.0.0

data/lib/devise/controllers/helpers.rb

@@ -176,7 +176,7 @@ module Devise
       #     before_filter :authenticate_admin! # Tell devise to use :admin map
       #
       Devise.mappings.each_key do |mapping|
-        class_eval <<-METHODS, __FILE__, __LINE__
+        class_eval <<-METHODS, __FILE__, __LINE__ + 1
           def authenticate_#{mapping}!
             warden.authenticate!(:scope => :#{mapping})
           end

data/lib/devise/controllers/internal_helpers.rb

@@ -7,6 +7,7 @@ module Devise
 
       def self.included(base)
         base.class_eval do
+          extend ScopedViews
           unloadable
 
           helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
@@ -17,6 +18,16 @@ module Devise
         end
       end
 
+      module ScopedViews
+        def scoped_views
+          defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
+        end
+
+        def scoped_views=(value)
+          @scoped_views = value
+        end
+      end
+
       # Gets the actual resource stored in the instance variable
       def resource
         instance_variable_get(:"@#{resource_name}")
@@ -59,12 +70,9 @@ module Devise
         instance_variable_set(:"@#{resource_name}", new_resource)
       end
 
-      # Build a devise resource without setting password and password confirmation fields.
+      # Build a devise resource.
       def build_resource
-        self.resource ||= begin
-          attributes = params[resource_name].try(:except, :password, :password_confirmation)
-          resource_class.new(attributes || {})
-        end
+        self.resource ||= resource_class.new(params[resource_name] || {})
       end
 
       # Helper for use in before_filters where no authentication is required.
@@ -104,7 +112,8 @@ module Devise
       # Accepts just :controller as option.
       def render_with_scope(action, options={})
         controller_name = options.delete(:controller) || self.controller_name
-        if Devise.scoped_views
+
+        if self.class.scoped_views
           begin
             render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
           rescue ActionView::MissingTemplate

data/lib/devise/controllers/url_helpers.rb

@@ -19,17 +19,17 @@ module Devise
     # Those helpers are added to your ApplicationController.
     module UrlHelpers
 
-      [:session, :password, :confirmation, :unlock].each do |module_name|
+      Devise::ROUTES.each do |module_name|
         [:path, :url].each do |path_or_url|
           actions = [ nil, :new_ ]
-          actions << :edit_    if module_name == :password
-          actions << :destroy_ if module_name == :session
+          actions << :edit_    if [:password, :registration].include?(module_name)
+          actions << :destroy_ if [:session].include?(module_name)
 
           actions.each do |action|
-            class_eval <<-URL_HELPERS
-              def #{action}#{module_name}_#{path_or_url}(resource, *args)
-                resource = Devise::Mapping.find_scope!(resource)
-                send("#{action}\#{resource}_#{module_name}_#{path_or_url}", *args)
+            class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+              def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
+                scope = Devise::Mapping.find_scope!(resource_or_scope)
+                send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
               end
             URL_HELPERS
           end

data/lib/devise/locales/en.yml

@@ -19,6 +19,11 @@ en:
       link: "Didn't receive confirmation instructions?"
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
+    registrations:
+      link: 'Sign up'
+      signed_up: 'You have signed up successfully.'
+      updated: 'You updated your account successfully.'
+      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:
       link: "Didn't receive unlock instructions?"
       send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
@@ -27,3 +32,4 @@ en:
       confirmation_instructions: 'Confirmation instructions'
       reset_password_instructions: 'Reset password instructions'
       unlock_instructions: 'Unlock Instructions'
+

data/lib/devise/mapping.rb

@@ -36,7 +36,10 @@ module Devise
 
     # Find a mapping by a given class. It takes into account single table inheritance as well.
     def self.find_by_class(klass)
-      Devise.mappings.values.find { |m| return m if klass <= m.to }
+      Devise.mappings.each_value do |mapping|
+        return mapping if klass <= mapping.to
+      end
+      nil
     end
 
     # Receives an object and find a scope for it. If a scope cannot be found,
@@ -62,11 +65,12 @@ module Devise
       @as    = (options.delete(:as) || name).to_sym
       @klass = (options.delete(:class_name) || name.to_s.classify).to_s
       @name  = (options.delete(:scope) || name.to_s.singularize).to_sym
-      @path_names = options.delete(:path_names) || {}
-      @path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
+
+      @path_prefix   = "/#{options.delete(:path_prefix)}/".squeeze("/")
       @route_options = options || {}
 
-      setup_path_names
+      @path_names = Hash.new { |h,k| h[k] = k.to_s }
+      @path_names.merge!(options.delete(:path_names) || {})
     end
 
     # Return modules for the mapping.
@@ -115,7 +119,7 @@ module Devise
     #
     def self.register(*modules)
       modules.each do |m|
-        class_eval <<-METHOD, __FILE__, __LINE__
+        class_eval <<-METHOD, __FILE__, __LINE__ + 1
           def #{m}?
             self.for.include?(:#{m})
           end
@@ -123,15 +127,5 @@ module Devise
       end
     end
     Devise::Mapping.register *ALL
-
-    private
-
-      # Configure default path names, allowing the user overwrite defaults by
-      # passing a hash in :path_names.
-      def setup_path_names
-        [:sign_in, :sign_out, :password, :confirmation].each do |path_name|
-          @path_names[path_name] ||= path_name.to_s
-        end
-      end
   end
 end

data/lib/devise/models.rb

@@ -6,6 +6,7 @@ module Devise
     autoload :Lockable, 'devise/models/lockable'
     autoload :Recoverable, 'devise/models/recoverable'
     autoload :Rememberable, 'devise/models/rememberable'
+    autoload :Registerable, 'devise/models/registerable'
     autoload :Timeoutable, 'devise/models/timeoutable'
     autoload :Trackable, 'devise/models/trackable'
     autoload :Validatable, 'devise/models/validatable'
@@ -28,7 +29,7 @@ module Devise
     #
     def self.config(mod, *accessors) #:nodoc:
       accessors.each do |accessor|
-        mod.class_eval <<-METHOD, __FILE__, __LINE__
+        mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
           def #{accessor}
             if defined?(@#{accessor})
               @#{accessor}
@@ -50,26 +51,18 @@ module Devise
     #
     #   devise :authenticatable, :confirmable, :recoverable
     #
-    # You can also give the following configuration values in a hash: :pepper,
-    # :stretches, :confirm_within and :remember_for. Please check your Devise
-    # initialiazer for a complete description on those values.
+    # You can also give any of the devise configuration values in form of a hash,
+    # with specific values for this model. Please check your Devise initializer
+    # for a complete description on those values.
     #
     def devise(*modules)
       raise "You need to give at least one Devise module" if modules.empty?
       options  = modules.extract_options!
 
-      # TODO Remove me
-      if modules.delete(:all)
-        ActiveSupport::Deprecation.warn "devise :all is deprecated. List your modules instead", caller
-        modules += Devise.all
-      end
-
-      modules -= Array(options.delete(:except))
-      modules  = Devise::ALL & modules.uniq
+      @devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
 
-      Devise.orm_class.included_modules_hook(self, modules) do
-        modules.each do |m|
-          devise_modules << m.to_sym
+      Devise.orm_class.included_modules_hook(self) do
+        devise_modules.each do |m|
           include Devise::Models.const_get(m.to_s.classify)
         end
 
@@ -116,4 +109,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise/models/authenticatable.rb

@@ -1,4 +1,5 @@
 require 'devise/strategies/authenticatable'
+require 'devise/strategies/http_authenticatable'
 
 module Devise
   module Models
@@ -31,11 +32,17 @@ module Devise
         base.class_eval do
           extend ClassMethods
 
-          attr_reader :password, :old_password
+          attr_reader :password, :current_password
           attr_accessor :password_confirmation
         end
       end
 
+      # TODO Remove me in next release
+      def old_password
+        ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller
+        @old_password
+      end
+
       # Regenerates password salt and encrypted password each time password is set,
       # and then trigger any "after_changed_password"-callbacks.
       def password=(new_password)
@@ -63,15 +70,35 @@ module Devise
         valid_password?(attributes[:password])
       end
 
-      # Update record attributes when :old_password matches, otherwise returns
-      # error on :old_password.
+      # Set password and password confirmation to nil
+      def clean_up_passwords
+        self.password = self.password_confirmation = nil
+      end
+
+      # Update record attributes when :current_password matches, otherwise returns
+      # error on :current_password. It also automatically rejects :password and
+      # :password_confirmation if they are blank.
       def update_with_password(params={})
-        if valid_password?(params[:old_password])
+        # TODO Remove me in next release
+        if params[:old_password].present?
+          params[:current_password] ||= params[:old_password]
+          ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller
+        end
+
+        params.delete(:password) if params[:password].blank?
+        params.delete(:password_confirmation) if params[:password_confirmation].blank?
+
+        result = if valid_password?(params[:current_password])
           update_attributes(params)
         else
-          self.class.add_error_on(self, :old_password, :invalid, false)
+          message = params[:current_password].blank? ? :blank : :invalid
+          self.class.add_error_on(self, :current_password, message, false)
+          self.attributes = params
           false
         end
+
+        clean_up_passwords unless result
+        result
       end
 
       protected
@@ -82,12 +109,10 @@ module Devise
         end
 
       module ClassMethods
-
         Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
 
         # Authenticate a user based on configured attribute keys. Returns the
-        # authenticated user if it's valid or nil. Attributes are by default
-        # :email and :password, but the latter is always required.
+        # authenticated user if it's valid or nil.
         def authenticate(attributes={})
           return unless authentication_keys.all? { |k| attributes[k].present? }
           conditions = attributes.slice(*authentication_keys)
@@ -95,6 +120,11 @@ module Devise
           resource if resource.try(:valid_for_authentication?, attributes)
         end
 
+        # Authenticate an user using http.
+        def authenticate_with_http(username, password)
+          authenticate(authentication_keys.first => username, :password => password)
+        end
+
         # Returns the class for the configured encryptor.
         def encryptor_class
           @encryptor_class ||= ::Devise::Encryptors.const_get(encryptor.to_s.classify)

data/lib/devise/models/lockable.rb

@@ -3,9 +3,22 @@ require 'devise/models/activatable'
 module Devise
   module Models
 
+    # Handles blocking a user access after a certain number of attempts.
+    # Lockable accepts two different strategies to unlock a user after it's
+    # blocked: email and time. The former will send an email to the user when
+    # the lock happens, containing a link to unlock it's account. The second
+    # will unlock the user automatically after some configured time (ie 2.hours).
+    # It's also possible to setup lockable to use both email and time strategies.
+    #
+    # Configuration:
+    #
+    #   maximum_attempts: how many attempts should be accepted before blocking the user.
+    #   unlock_strategy: unlock the user account by :time, :email or :both.
+    #   unlock_in: the time you want to lock the user after to lock happens. Only
+    #              available when unlock_strategy is :time or :both.
+    #
     module Lockable
       include Devise::Models::Activatable
-      include Devise::Models::Authenticatable
 
       def self.included(base)
         base.class_eval do
@@ -16,19 +29,19 @@ module Devise
       # Lock an user setting it's locked_at to actual time.
       def lock
         self.locked_at = Time.now
-        if [:both, :email].include?(self.class.unlock_strategy)
+        if unlock_strategy_enabled?(:email)
           generate_unlock_token
-          self.send_unlock_instructions
+          send_unlock_instructions
         end
       end
 
-      # calls lock and save the model
+      # Lock an user also saving the record.
       def lock!
-        self.lock
+        lock
         save(false)
       end
 
-      # Unlock an user by cleaning locket_at and failed_attempts
+      # Unlock an user by cleaning locket_at and failed_attempts.
       def unlock!
         if_locked do
           self.locked_at = nil
@@ -38,9 +51,9 @@ module Devise
         end
       end
 
-      # Verifies whether a user is locked or not
+      # Verifies whether a user is locked or not.
       def locked?
-        self.locked_at && !lock_expired?
+        locked_at && !lock_expired?
       end
 
       # Send unlock instructions by email
@@ -48,10 +61,10 @@ module Devise
         ::DeviseMailer.deliver_unlock_instructions(self)
       end
 
-      # Resend the unlock instructions if the user is locked
+      # Resend the unlock instructions if the user is locked.
       def resend_unlock!
         if_locked do
-          generate_unlock_token unless self.unlock_token.present?
+          generate_unlock_token unless unlock_token.present?
           save(false)
           send_unlock_instructions
         end
@@ -63,6 +76,16 @@ module Devise
         super && !locked?
       end
 
+      # Overwrites invalid_message from Devise::Models::Authenticatable to define
+      # the correct reason for blocking the sign in.
+      def inactive_message
+        if locked?
+          :locked
+        else
+          super
+        end
+      end
+
       # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
       # for verifying whether an user is allowed to sign in or not. If the user
       # is locked, it should never be allowed.
@@ -71,22 +94,12 @@ module Devise
           self.failed_attempts = 0
         else
           self.failed_attempts += 1
-          self.lock if self.failed_attempts > self.class.maximum_attempts
+          lock if failed_attempts > self.class.maximum_attempts
         end
         save(false) if changed?
         result
       end
 
-      # Overwrites invalid_message from Devise::Models::Authenticatable to define
-      # the correct reason for blocking the sign in.
-      def inactive_message
-        if locked?
-          :locked
-        else
-          super
-        end
-      end
-
       protected
 
         # Generates unlock token
@@ -96,8 +109,8 @@ module Devise
 
         # Tells if the lock is expired if :time unlock strategy is active
         def lock_expired?
-          if [:both, :time].include?(self.class.unlock_strategy)
-            self.locked_at && self.locked_at < self.class.unlock_in.ago
+          if unlock_strategy_enabled?(:time)
+            locked_at && locked_at < self.class.unlock_in.ago
           else
             false
           end
@@ -114,6 +127,11 @@ module Devise
           end
         end
 
+        # Is the unlock enabled for the given unlock strategy?
+        def unlock_strategy_enabled?(strategy)
+          [:both, strategy].include?(self.class.unlock_strategy)
+        end
+
       module ClassMethods
         # Attempt to find a user by it's email. If a record is found, send new
         # unlock instructions to it. If not user is found, returns a new user
@@ -139,4 +157,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise/models/registerable.rb

@@ -0,0 +1,8 @@
+module Devise
+  module Models
+    # Registerable is responsible for everything related to registering a new
+    # resource (ie user sign up).
+    module Registerable
+    end
+  end
+end

data/lib/devise/models/timeoutable.rb

@@ -9,7 +9,7 @@ module Devise
     #
     # Configuration:
     #
-    #   timeout: the time you want to timeout the user session without activity.
+    #   timeout_in: the time you want to timeout the user session without activity.
     module Timeoutable
       def self.included(base)
         base.extend ClassMethods