devise 0.9.2 → 1.0.0

data/lib/devise/orm/active_record.rb

@@ -20,7 +20,7 @@ module Devise
     #
     module ActiveRecord
       # Required ORM hook. Just yield the given block in ActiveRecord.
-      def self.included_modules_hook(klass, modules)
+      def self.included_modules_hook(klass)
         yield
       end
 
@@ -36,5 +36,6 @@ end
 
 if defined?(ActiveRecord)
   ActiveRecord::Base.extend Devise::Models
+  ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord
   ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord
-end
+end

data/lib/devise/orm/data_mapper.rb

@@ -11,13 +11,13 @@ module Devise
         end
       end
 
-      def self.included_modules_hook(klass, modules)
+      def self.included_modules_hook(klass)
         klass.send :extend,  self
         klass.send :include, InstanceMethods
 
         yield
 
-        modules.each do |mod|
+        klass.devise_modules.each do |mod|
           klass.send(mod) if klass.respond_to?(mod)
         end
       end
@@ -80,4 +80,4 @@ module Devise
   end
 end
 
-DataMapper::Model.send(:include, Devise::Models)
+DataMapper::Model.send(:include, Devise::Models)

data/lib/devise/orm/mongo_mapper.rb

@@ -11,12 +11,12 @@ module Devise
         end
       end
 
-      def self.included_modules_hook(klass, modules)
+      def self.included_modules_hook(klass)
         klass.send :extend,  self
         klass.send :include, InstanceMethods
         yield
 
-        modules.each do |mod|
+        klass.devise_modules.each do |mod|
           klass.send(mod) if klass.respond_to?(mod)
         end
       end
@@ -47,4 +47,4 @@ module Devise
 end
 
 MongoMapper::Document::ClassMethods.send(:include, Devise::Models)
-MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)
+MongoMapper::EmbeddedDocument::ClassMethods.send(:include, Devise::Models)

data/lib/devise/rails/routes.rb

@@ -88,8 +88,8 @@ module ActionController::Routing
           route_options = mapping.route_options.merge(:path_prefix => mapping.raw_path, :name_prefix => "#{mapping.name}_")
 
           with_options(route_options) do |routes|
-            mapping.for.each do |strategy|
-              send(strategy, routes, mapping) if self.respond_to?(strategy, true)
+            mapping.for.each do |mod|
+              send(mod, routes, mapping) if self.respond_to?(mod, true)
             end
           end
         end
@@ -105,10 +105,6 @@ module ActionController::Routing
           end
         end
 
-        def recoverable(routes, mapping)
-          routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
-        end
-
         def confirmable(routes, mapping)
           routes.resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation]
         end
@@ -117,6 +113,13 @@ module ActionController::Routing
           routes.resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock]
         end
 
+        def recoverable(routes, mapping)
+          routes.resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password]
+        end
+
+        def registerable(routes, mapping)
+          routes.resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.raw_path[1..-1], :path_prefix => nil, :path_names => { :new => mapping.path_names[:sign_up] }
+        end
     end
   end
 end

data/lib/devise/strategies/authenticatable.rb

@@ -6,7 +6,7 @@ module Devise
     # Redirects to sign_in page if it's not authenticated
     class Authenticatable < Base
       def valid?
-        super && params[scope] && params[scope][:password].present?
+        valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
       end
 
       # Authenticate a user based on email and password params, returning to warden
@@ -19,6 +19,16 @@ module Devise
           fail!(:invalid)
         end
       end
+
+      protected
+
+        def valid_controller?
+          params[:controller] == 'sessions'
+        end
+
+        def valid_params?
+          params[scope] && params[scope][:password].present?
+        end
     end
   end
 end

data/lib/devise/strategies/base.rb

@@ -2,22 +2,14 @@ module Devise
   module Strategies
     # Base strategy for Devise. Responsible for verifying correct scope and mapping.
     class Base < ::Warden::Strategies::Base
-      # Validate strategy. By default will raise an error if no scope or an
-      # invalid mapping is found.
-      def valid?
-        raise "Could not find mapping for #{scope}" unless mapping
-        mapping.for.include?(klass_type)
-      end
-
       # Checks if a valid scope was given for devise and find mapping based on
       # this scope.
       def mapping
-        Devise.mappings[scope]
-      end
-
-      # Store this class type.
-      def klass_type
-        @klass_type ||= self.class.name.split("::").last.underscore.to_sym
+        @mapping ||= begin
+          mapping = Devise.mappings[scope]
+          raise "Could not find mapping for #{scope}" unless mapping
+          mapping
+        end
       end
     end
   end

data/lib/devise/strategies/http_authenticatable.rb

@@ -0,0 +1,49 @@
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    # Sign in an user using HTTP authentication.
+    class HttpAuthenticatable < Base
+      def valid?
+        http_authentication? && mapping.to.respond_to?(:authenticate_with_http)
+      end
+
+      def authenticate!
+        username, password = username_and_password
+
+        if resource = mapping.to.authenticate_with_http(username, password)
+          success!(resource)
+        else
+          custom!([401, custom_headers, ["HTTP Basic: Access denied.\n"]])
+        end
+      end
+
+    private
+
+      def username_and_password
+        decode_credentials(request).split(/:/, 2)
+      end
+
+      def http_authentication
+        request.env['HTTP_AUTHORIZATION']   ||
+        request.env['X-HTTP_AUTHORIZATION'] ||
+        request.env['X_HTTP_AUTHORIZATION'] ||
+        request.env['REDIRECT_X_HTTP_AUTHORIZATION']
+      end
+      alias :http_authentication? :http_authentication
+
+      def decode_credentials(request)
+        ActiveSupport::Base64.decode64(http_authentication.split(' ', 2).last || '')
+      end
+
+      def custom_headers
+        {
+          "Content-Type" => "text/plain",
+          "WWW-Authenticate" => %(Basic realm="#{Devise.http_authentication_realm.gsub(/"/, "")}")
+        }
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:http_authenticatable, Devise::Strategies::HttpAuthenticatable)

data/lib/devise/strategies/rememberable.rb

@@ -10,7 +10,7 @@ module Devise
 
       # A valid strategy for rememberable needs a remember token in the cookies.
       def valid?
-        super && remember_me_cookie.present?
+        remember_me_cookie.present? && mapping.to.respond_to?(:serialize_from_cookie)
       end
 
       # To authenticate a user we deserialize the cookie and attempt finding

data/lib/devise/strategies/token_authenticatable.rb

@@ -6,7 +6,7 @@ module Devise
     # Redirects to sign_in page if it's not authenticated.
     class TokenAuthenticatable < Base
       def valid?
-        super && authentication_token(scope).present?
+        mapping.to.respond_to?(:authenticate_with_token) && authentication_token(scope).present?
       end
 
       # Authenticate a user based on authenticatable token params, returning to warden
@@ -20,17 +20,16 @@ module Devise
         end
       end
 
-      private
+    private
 
-        # Detect authentication token in params: scoped or not.
-        def authentication_token(scope)
-          if params[scope]
-            params[scope][mapping.to.token_authentication_key]
-          else
-            params[mapping.to.token_authentication_key]
-          end
+      # Detect authentication token in params: scoped or not.
+      def authentication_token(scope)
+        if params[scope]
+          params[scope][mapping.to.token_authentication_key]
+        else
+          params[mapping.to.token_authentication_key]
         end
-
+      end
     end
   end
 end

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.9.2".freeze
+  VERSION = "1.0.0".freeze
 end

data/test/devise_test.rb

@@ -25,7 +25,7 @@ class DeviseTest < ActiveSupport::TestCase
     Devise.configure_warden(config)
 
     assert_equal Devise::FailureApp, config.failure_app
-    assert_equal [:rememberable, :token_authenticatable, :authenticatable], config.default_strategies
+    assert_equal [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable], config.default_strategies
     assert_equal :user, config.default_scope
     assert config.silence_missing_strategies?
   end

data/test/integration/authenticatable_test.rb

@@ -1,8 +1,7 @@
 require 'test/test_helper'
 
-class AuthenticationTest < ActionController::IntegrationTest
-
-  test 'home should be accessible without signed in' do
+class AuthenticationSanityTest < ActionController::IntegrationTest
+  test 'home should be accessible without sign in' do
     visit '/'
     assert_response :success
     assert_template 'home/index'
@@ -76,14 +75,47 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_contain 'Welcome Admin'
   end
 
-  test 'sign in as user should not authenticate if not using proper authentication keys' do
+  test 'authenticated admin should not be able to sign as admin again' do
+    sign_in_as_admin
+    get new_admin_session_path
+
+    assert_response :redirect
+    assert_redirected_to admin_root_path
+    assert warden.authenticated?(:admin)
+  end
+
+  test 'authenticated admin should be able to sign out' do
+    sign_in_as_admin
+    assert warden.authenticated?(:admin)
+
+    get destroy_admin_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get root_path
+    assert_contain 'Signed out successfully'
+    assert_not warden.authenticated?(:admin)
+  end
+
+  test 'unauthenticated admin does not set message on sign out' do
+    get destroy_admin_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+
+    get root_path
+    assert_not_contain 'Signed out successfully'
+  end
+end
+
+class AuthenticationTest < ActionController::IntegrationTest
+  test 'sign in should not authenticate if not using proper authentication keys' do
     swap Devise, :authentication_keys => [:username] do
       sign_in_as_user
       assert_not warden.authenticated?(:user)
     end
   end
 
-  test 'admin signing in with invalid email should return to sign in form with error message' do
+  test 'sign in with invalid email should return to sign in form with error message' do
     sign_in_as_admin do
       fill_in 'email', :with => 'wrongemail@test.com'
     end
@@ -92,7 +124,7 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:admin)
   end
 
-  test 'admin signing in with invalid pasword should return to sign in form with error message' do
+  test 'sign in with invalid pasword should return to sign in form with error message' do
     sign_in_as_admin do
       fill_in 'password', :with => 'abcdef'
     end
@@ -113,37 +145,6 @@ class AuthenticationTest < ActionController::IntegrationTest
     end
   end
 
-  test 'authenticated admin should not be able to sign as admin again' do
-    sign_in_as_admin
-    get new_admin_session_path
-
-    assert_response :redirect
-    assert_redirected_to admin_root_path
-    assert warden.authenticated?(:admin)
-  end
-
-  test 'authenticated admin should be able to sign out' do
-    sign_in_as_admin
-    assert warden.authenticated?(:admin)
-
-    get destroy_admin_session_path
-    assert_response :redirect
-    assert_redirected_to root_path
-
-    get root_path
-    assert_contain 'Signed out successfully'
-    assert_not warden.authenticated?(:admin)
-  end
-
-  test 'unauthenticated admin does not set message on sign out' do
-    get destroy_admin_session_path
-    assert_response :redirect
-    assert_redirected_to root_path
-
-    get root_path
-    assert_not_contain 'Signed out successfully'
-  end
-
   test 'redirect from warden shows sign in or sign up message' do
     get admins_path
 
@@ -194,20 +195,21 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_equal "/admin_area/home", @request.path
   end
 
-  test 'allows session to be set by a given scope' do
+  test 'destroyed account is signed out' do
     sign_in_as_user
     visit 'users/index'
-    assert_equal "Cart", @controller.user_session[:cart]
-  end
 
-  test 'destroyed account is logged out' do
-    sign_in_as_user
-    visit 'users/index'
     User.destroy_all
     visit 'users/index'
     assert_redirected_to '/users/sign_in?unauthenticated=true'
   end
 
+  test 'allows session to be set by a given scope' do
+    sign_in_as_user
+    visit 'users/index'
+    assert_equal "Cart", @controller.user_session[:cart]
+  end
+
   test 'renders the scoped view if turned on and view is available' do
     swap Devise, :scoped_views => true do
       assert_raise Webrat::NotFoundError do
@@ -217,6 +219,20 @@ class AuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  test 'renders the scoped view if turned on in an specific controller' do
+    begin
+      SessionsController.scoped_views = true
+      assert_raise Webrat::NotFoundError do
+        sign_in_as_user
+      end
+
+      assert_match /Special user view/, response.body
+      assert !PasswordsController.scoped_views
+    ensure
+      SessionsController.send :remove_instance_variable, :@scoped_views
+    end
+  end
+
   test 'does not render the scoped view if turned off' do
     swap Devise, :scoped_views => false do
       assert_nothing_raised do

data/test/integration/http_authenticatable_test.rb

@@ -0,0 +1,44 @@
+require 'test/test_helper'
+
+class HttpAuthenticationTest < ActionController::IntegrationTest
+
+  test 'sign in should authenticate with http' do
+    sign_in_as_new_user_with_http
+    assert_response :success
+    assert_template 'users/index'
+    assert_contain 'Welcome'
+    assert warden.authenticated?(:user)
+  end
+
+  test 'returns a custom response with www-authenticate header on failures' do
+    sign_in_as_new_user_with_http("unknown")
+    assert_equal 401, status
+    assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
+  end
+
+  test 'returns a custom response with www-authenticate and chosen realm' do
+    swap Devise, :http_authentication_realm => "MyApp" do
+      sign_in_as_new_user_with_http("unknown")
+      assert_equal 401, status
+      assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"]
+    end
+  end
+
+  test 'sign in should authenticate with http even with specific authentication keys' do
+    swap Devise, :authentication_keys => [:username] do
+      sign_in_as_new_user_with_http "usertest"
+      assert_response :success
+      assert_template 'users/index'
+      assert_contain 'Welcome'
+      assert warden.authenticated?(:user)
+    end
+  end
+
+  private
+
+    def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
+      user = create_user
+      get users_path, {}, :authorization => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
+      user
+    end
+end