devise 1.0.11 → 1.1.pre

data/app/controllers/{unlocks_controller.rb → devise/unlocks_controller.rb}

@@ -1,6 +1,4 @@
-class UnlocksController < ApplicationController
-  prepend_before_filter :ensure_email_as_unlock_strategy
-  prepend_before_filter :require_no_authentication
+class Devise::UnlocksController < ApplicationController
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/unlock/new
@@ -23,7 +21,7 @@ class UnlocksController < ApplicationController
 
   # GET /resource/unlock?unlock_token=abcdef
   def show
-    self.resource = resource_class.unlock_access_by_token(params[:unlock_token])
+    self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
 
     if resource.errors.empty?
       set_flash_message :notice, :unlocked
@@ -32,10 +30,4 @@ class UnlocksController < ApplicationController
       render_with_scope :new
     end
   end
-
-  protected
-
-  def ensure_email_as_unlock_strategy
-    raise ActionController::UnknownAction unless resource_class.unlock_strategy_enabled?(:email)
-  end
 end

data/app/models/devise/mailer.rb

@@ -0,0 +1,55 @@
+class Devise::Mailer < ::ActionMailer::Base
+  include Devise::Controllers::ScopedViews
+
+  attr_reader :devise_mapping, :resource
+
+  def confirmation_instructions(record)
+    setup_mail(record, :confirmation_instructions)
+  end
+
+  def reset_password_instructions(record)
+    setup_mail(record, :reset_password_instructions)
+  end
+
+  def unlock_instructions(record)
+    setup_mail(record, :unlock_instructions)
+  end
+
+  private
+
+    # Configure default email options
+    def setup_mail(record, action)
+      @devise_mapping = Devise::Mapping.find_by_class(record.class)
+
+      raise "Invalid devise resource #{record}" unless @devise_mapping
+      @resource = instance_variable_set("@#{@devise_mapping.name}", record)
+
+      mail(:subject => translate(@devise_mapping, action),
+           :from => mailer_sender(@devise_mapping), :to => record.email) do |format|
+        format.html { render_with_scope(action, :controller => "mailer") }
+      end
+    end
+
+    def mailer_sender(mapping)
+      if Devise.mailer_sender.is_a?(Proc)
+        block_args = mapping.name if Devise.mailer_sender.arity > 0
+        Devise.mailer_sender.call(block_args)
+      else
+        Devise.mailer_sender
+      end
+    end
+
+    # Setup subject namespaced by model. It means you're able to setup your
+    # messages using specific resource scope, or provide a default one.
+    # Example (i18n locale file):
+    #
+    #   en:
+    #     devise:
+    #       mailer:
+    #         confirmation_instructions: '...'
+    #         user:
+    #           confirmation_instructions: '...'
+    def translate(mapping, key)
+      I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :mailer], :default => key)
+    end
+end

data/app/views/{confirmations → devise/confirmations}/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Resend confirmation instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+Welcome <%= @resource.email %>!
+
+You can confirm your account through the link below:
+
+<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>

data/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+Hello <%= @resource.email %>!
+
+Someone has requested a link to change your password, and you can do this through the link below.
+
+<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>
+
+If you didn't request this, please ignore this email.
+Your password won't change until you access the link above and create a new one.

data/app/views/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+Hello <%= @resource.email %>!
+
+Your account has been locked due to an excessive amount of unsuccessful sign in attempts.
+
+Click the link below to unlock your account:
+
+<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %>

data/app/views/{passwords → devise/passwords}/edit.html.erb

@@ -13,4 +13,4 @@
   <p><%= f.submit "Change my password" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/{passwords → devise/passwords}/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Send me reset password instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/{registrations → devise/registrations}/edit.html.erb

@@ -22,4 +22,4 @@
 
 <p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
 
-<%= render :partial => "shared/devise_links" %>
+<%= link_to "Back", :back %>

data/app/views/{registrations → devise/registrations}/new.html.erb

@@ -14,4 +14,4 @@
   <p><%= f.submit "Sign up" %></p>
 <% end -%>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/{sessions → devise/sessions}/new.html.erb

@@ -14,4 +14,4 @@
   <p><%= f.submit "Sign in" %></p>
 <% end -%>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/{unlocks → devise/unlocks}/new.html.erb

@@ -9,4 +9,4 @@
   <p><%= f.submit "Resend unlock instructions" %></p>
 <% end %>
 
-<%= render :partial => "shared/devise_links" %>
+<%= render :partial => "devise/shared/links" %>

data/{lib/devise → config}/locales/en.yml

@@ -1,4 +1,10 @@
 en:
+  errors:
+    messages:
+      not_found: "not found"
+      already_confirmed: "was already confirmed"
+      not_locked: "was not locked"
+
   devise:
     sessions:
       link: 'Sign in'
@@ -21,7 +27,7 @@ en:
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
       link: 'Sign up'
-      signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
+      signed_up: 'You have signed up successfully.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:

data/lib/devise.rb

@@ -7,6 +7,7 @@ module Devise
   module Controllers
     autoload :Helpers, 'devise/controllers/helpers'
     autoload :InternalHelpers, 'devise/controllers/internal_helpers'
+    autoload :ScopedViews, 'devise/controllers/scoped_views'
     autoload :UrlHelpers, 'devise/controllers/url_helpers'
   end
 
@@ -29,7 +30,7 @@ module Devise
   ALL = []
 
   # Authentication ones first
-  ALL.push :database_authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
+  ALL.push :authenticatable, :http_authenticatable, :token_authenticatable, :rememberable
 
   # Misc after
   ALL.push :recoverable, :registerable, :validatable
@@ -42,7 +43,7 @@ module Devise
 
   # Maps controller names to devise modules.
   CONTROLLERS = {
-    :sessions => [:database_authenticatable, :token_authenticatable],
+    :sessions => [:authenticatable, :token_authenticatable],
     :passwords => [:recoverable],
     :confirmations => [:confirmable],
     :registrations => [:registerable],
@@ -52,7 +53,7 @@ module Devise
   # Routes for generating url helpers.
   ROUTES = [:session, :password, :confirmation, :registration, :unlock]
 
-  STRATEGIES  = [:rememberable, :http_authenticatable, :token_authenticatable, :database_authenticatable]
+  STRATEGIES  = [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable]
 
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 
@@ -147,10 +148,6 @@ module Devise
   mattr_accessor :mailer_sender
   @@mailer_sender = nil
 
-  # Content Type of Devise e-mails.
-  mattr_accessor :mailer_content_type
-  @@mailer_content_type = 'text/html'
-
   # Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
   mattr_accessor :token_authentication_key
   @@token_authentication_key = :auth_token
@@ -183,9 +180,7 @@ module Devise
 
     # Configure default url options to be used within Devise and ActionController.
     def default_url_options(&block)
-      who = Devise::Mapping.respond_to?(:singleton_class) ?
-        Devise::Mapping.singleton_class : Devise::Mapping.metaclass
-      who.send :define_method, :default_url_options, &block
+      Devise::Mapping.metaclass.send :define_method, :default_url_options, &block
     end
 
     # A method used internally to setup warden manager from the Rails initialize
@@ -210,17 +205,6 @@ module Devise
       ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
     end
 
-    # constant-time comparison algorithm to prevent timing attacks
-    def secure_compare(a, b)
-      return false unless a.present? && b.present?
-      return false unless a.bytesize == b.bytesize
-      l = a.unpack "C#{a.bytesize}"
-
-      res = 0
-      b.each_byte { |byte| res |= byte ^ l.shift }
-      res == 0
-    end
-
     # Make Devise aware of an 3rd party Devise-module. For convenience.
     #
     # == Options:
@@ -231,9 +215,6 @@ module Devise
     #                   Default is +nil+ (i.e. +false+).
     #   +controller+  - Symbol representing a name of an exisiting or custom *controller* for this module.
     #                   Default is +nil+ (i.e. +false+).
-    #   +route+       - Symbol representing the name of a *route* related to this module which a set of
-    #                   route view helpers should be created for.
-    #                   Default is +nil+ (i.e. +false+).
     #
     # == Examples:
     #
@@ -242,7 +223,7 @@ module Devise
     #   Devise.add_module(:party_module, :model => 'party_module/model')
     #
     def add_module(module_name, options = {})
-      Devise::ALL << module_name        unless Devise::ALL.include?(module_name)
+      Devise::ALL.unshift module_name        unless Devise::ALL.include?(module_name)
       Devise::STRATEGIES.unshift module_name if options[:strategy] && !Devise::STRATEGIES.include?(module_name)
 
       if options[:controller]
@@ -251,10 +232,6 @@ module Devise
         Devise::CONTROLLERS[controller].unshift module_name unless Devise::CONTROLLERS[controller].include?(module_name)
       end
 
-      if options[:route]
-        Devise::ROUTES.unshift options[:route] unless Devise::ROUTES.include?(options[:route])
-      end
-
       if options[:model]
         Devise::Models.module_eval do
           autoload :"#{module_name.to_s.classify}", options[:model]

data/lib/devise/controllers/helpers.rb

@@ -2,17 +2,16 @@ module Devise
   module Controllers
     # Those helpers are convenience methods added to ApplicationController.
     module Helpers
+      extend ActiveSupport::Concern
 
-      def self.included(base)
-        base.class_eval do
-          helper_method :warden, :signed_in?, :devise_controller?, :anybody_signed_in?,
-                        *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?", :"#{m}_session"] }.flatten
+      included do
+        helper_method :warden, :signed_in?, :devise_controller?,
+                      *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
 
-          # Use devise default_url_options. We have to declare it here to overwrite
-          # default definitions.
-          def default_url_options(options=nil)
-            Devise::Mapping.default_url_options
-          end
+        # Use devise default_url_options. We have to declare it here to overwrite
+        # default definitions.
+        def default_url_options(options=nil)
+          Devise::Mapping.default_url_options
         end
       end
 
@@ -48,12 +47,6 @@ module Devise
         warden.authenticate?(:scope => scope)
       end
 
-      # Check if the any scope is signed in session, without running
-      # authentication hooks.
-      def anybody_signed_in?
-        Devise.mappings.keys.any? { |scope| signed_in?(scope) }
-      end
-
       # Sign in an user that already was authenticated. This helper is useful for logging
       # users in after sign up.
       #
@@ -66,7 +59,6 @@ module Devise
         scope      = Devise::Mapping.find_scope!(resource_or_scope)
         resource ||= resource_or_scope
         warden.set_user(resource, :scope => scope)
-        @_session = request.session # Recalculate session
       end
 
       # Sign out a given user or scope. This helper is useful for signing out an user
@@ -93,8 +85,7 @@ module Devise
       #
       def stored_location_for(resource_or_scope)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        key = "#{scope}.return_to"
-        session.delete(key) || session.delete(key.to_sym)
+        session.delete(:"#{scope}.return_to")
       end
 
       # The default url to be used after signing in. This is used by all Devise
@@ -107,13 +98,13 @@ module Devise
       #
       #   map.user_root '/users', :controller => 'users' # creates user_root_path
       #
-      #   map.namespace :user do |user|
-      #     user.root :controller => 'users' # creates user_root_path
+      #   map.resources :users do |users|
+      #     users.root # creates user_root_path
       #   end
       #
       #
-      # If the resource root path is not defined, root_path is used. However,
-      # if this default is not enough, you can customize it, for example:
+      # If none of these are defined, root_path is used. However, if this default
+      # is not enough, you can customize it, for example:
       #
       #   def after_sign_in_path_for(resource)
       #     if resource.is_a?(User) && resource.can_publish?
@@ -125,7 +116,7 @@ module Devise
       #
       def after_sign_in_path_for(resource_or_scope)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        home_path = "#{scope}_root_path"
+        home_path = :"#{scope}_root_path"
         respond_to?(home_path, true) ? send(home_path) : root_path
       end
 
@@ -147,11 +138,7 @@ module Devise
       def sign_in_and_redirect(resource_or_scope, resource=nil, skip=false)
         scope      = Devise::Mapping.find_scope!(resource_or_scope)
         resource ||= resource_or_scope
-        if skip
-          @_session = request.session # Recalculate session
-        else
-          sign_in(scope, resource)
-        end
+        sign_in(scope, resource) unless skip
         redirect_to stored_location_for(scope) || after_sign_in_path_for(resource)
       end
 
@@ -163,20 +150,6 @@ module Devise
         redirect_to after_sign_out_path_for(scope)
       end
 
-      # Sign out all active users or scopes. This helper is useful for signing out all roles
-      # in one click. This signs out ALL scopes in warden.
-      def sign_out_all_scopes
-        Devise.mappings.keys.each { |s| warden.user(s) }
-        warden.raw_session.inspect
-        warden.logout
-      end
-
-      # Override Rails' handle unverified request to sign out all scopes.
-      def handle_unverified_request
-        sign_out_all_scopes
-        super # call the default behaviour which resets the session
-      end
-
       # Define authentication filters and accessor helpers based on mappings.
       # These filters should be used inside the controllers as before_filters,
       # so you can control the scope of the user who should be signed in to
@@ -193,7 +166,7 @@ module Devise
       #     user_signed_in?     # Checks whether there is an user signed in or not
       #     admin_signed_in?    # Checks whether there is an admin signed in or not
       #     current_user        # Current signed in user
-      #     current_admin       # Current signed in admin
+      #     current_admin       # Currend signed in admin
       #     user_session        # Session data available only to the user scope
       #     admin_session       # Session data available only to the admin scope
       #

data/lib/devise/controllers/internal_helpers.rb

@@ -4,28 +4,18 @@ module Devise
     # included in ApplicationController since they all depend on the url being
     # accessed.
     module InternalHelpers #:nodoc:
+      extend ActiveSupport::Concern
+      include Devise::Controllers::ScopedViews
 
-      def self.included(base)
-        base.class_eval do
-          extend ScopedViews
-          unloadable
+      included do
+        helpers = [:resource, :scope_name, :resource_name,
+                  :resource_class, :devise_mapping, :devise_controller?]
 
-          helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
-          hide_action   :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
+        hide_action *helpers
+        helper_method *helpers
 
-          skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
-          prepend_before_filter :is_devise_resource?
-        end
-      end
-
-      module ScopedViews
-        def scoped_views
-          defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
-        end
-
-        def scoped_views=(value)
-          @scoped_views = value
-        end
+        before_filter :is_devise_resource?
+        skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
       end
 
       # Gets the actual resource stored in the instance variable
@@ -72,7 +62,7 @@ module Devise
 
       # Build a devise resource.
       def build_resource
-        self.resource ||= resource_class.new(params[resource_name] || {})
+        self.resource = resource_class.new(params[resource_name] || {})
       end
 
       # Helper for use in before_filters where no authentication is required.
@@ -108,22 +98,6 @@ module Devise
         set_flash_message(key, kind, true)
       end
 
-      # Render a view for the specified scope. Turned off by default.
-      # Accepts just :controller as option.
-      def render_with_scope(action, options={})
-        controller_name = options.delete(:controller) || self.controller_name
-
-        if self.class.scoped_views
-          begin
-            render :template => "#{controller_name}/#{devise_mapping.as}/#{action}"
-          rescue ActionView::MissingTemplate
-            render action, :controller => controller_name
-          end
-        else
-          render action, :controller => controller_name
-        end
-      end
-
     end
   end
 end