devise 1.0.6 → 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +9 -0
- data/README.rdoc +8 -8
- data/app/controllers/registrations_controller.rb +0 -1
- data/app/controllers/sessions_controller.rb +1 -5
- data/generators/devise/templates/model.rb +2 -2
- data/generators/devise_install/templates/README +6 -1
- data/lib/devise/controllers/helpers.rb +1 -1
- data/lib/devise/locales/en.yml +1 -1
- data/lib/devise/models/database_authenticatable.rb +4 -2
- data/lib/devise/version.rb +1 -1
- data/test/integration/registerable_test.rb +16 -2
- metadata +3 -3
data/CHANGELOG.rdoc
CHANGED
data/README.rdoc
CHANGED
|
@@ -9,7 +9,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
|
|
|
9
9
|
|
|
10
10
|
Right now it's composed of 12 modules:
|
|
11
11
|
|
|
12
|
-
* Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
|
|
12
|
+
* Database Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
|
|
13
13
|
* Token Authenticatable: validates authenticity of a user while signing in using an authentication token (also known as "single access token").
|
|
14
14
|
* HttpAuthenticatable: sign in users using basic HTTP authentication.
|
|
15
15
|
* Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
|
|
@@ -36,7 +36,7 @@ Install warden gem if you don't have it installed:
|
|
|
36
36
|
|
|
37
37
|
Install devise gem:
|
|
38
38
|
|
|
39
|
-
sudo gem install devise --version=1.0.
|
|
39
|
+
sudo gem install devise --version=1.0.6
|
|
40
40
|
|
|
41
41
|
Configure warden and devise gems inside your app:
|
|
42
42
|
|
|
@@ -64,13 +64,13 @@ Devise must be set up within the model (or models) you want to use, and devise r
|
|
|
64
64
|
We're assuming here you want a User model with some modules, as outlined below:
|
|
65
65
|
|
|
66
66
|
class User < ActiveRecord::Base
|
|
67
|
-
devise :
|
|
67
|
+
devise :database_authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
After you choose which modules to use, you need to setup your migrations. Luckily, devise has some helpers to save you from this boring work:
|
|
71
71
|
|
|
72
72
|
create_table :users do |t|
|
|
73
|
-
t.
|
|
73
|
+
t.database_authenticatable
|
|
74
74
|
t.confirmable
|
|
75
75
|
t.recoverable
|
|
76
76
|
t.rememberable
|
|
@@ -128,13 +128,13 @@ Devise let's you setup as many roles as you want, so let's say you already have
|
|
|
128
128
|
|
|
129
129
|
# Create a migration with the required fields
|
|
130
130
|
create_table :admins do |t|
|
|
131
|
-
t.
|
|
131
|
+
t.database_authenticatable
|
|
132
132
|
t.lockable
|
|
133
133
|
t.trackable
|
|
134
134
|
end
|
|
135
135
|
|
|
136
136
|
# Inside your Admin model
|
|
137
|
-
devise :
|
|
137
|
+
devise :database_authenticatable, :trackable, :timeoutable, :lockable
|
|
138
138
|
|
|
139
139
|
# Inside your routes
|
|
140
140
|
map.devise_for :admin
|
|
@@ -161,9 +161,9 @@ A model configured with all devise modules and attr_accessible for default field
|
|
|
161
161
|
|
|
162
162
|
== Model configuration
|
|
163
163
|
|
|
164
|
-
The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in
|
|
164
|
+
The devise method in your models also accept some options to configure its modules. For example, you can chose which encryptor to use in database_authenticatable:
|
|
165
165
|
|
|
166
|
-
devise :
|
|
166
|
+
devise :database_authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
|
|
167
167
|
|
|
168
168
|
Besides :encryptor, you can provide :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and others. All those are describer in the initializer created when you invoke the devise_install generator describer above.
|
|
169
169
|
|
|
@@ -4,7 +4,7 @@ class SessionsController < ApplicationController
|
|
|
4
4
|
|
|
5
5
|
# GET /resource/sign_in
|
|
6
6
|
def new
|
|
7
|
-
unless
|
|
7
|
+
unless flash[:notice].present?
|
|
8
8
|
Devise::FLASH_MESSAGES.each do |message|
|
|
9
9
|
set_now_flash_message :alert, message if params.try(:[], message) == "true"
|
|
10
10
|
end
|
|
@@ -36,10 +36,6 @@ class SessionsController < ApplicationController
|
|
|
36
36
|
|
|
37
37
|
protected
|
|
38
38
|
|
|
39
|
-
def resource_just_signed_up?
|
|
40
|
-
flash[:"#{resource_name}_signed_up"]
|
|
41
|
-
end
|
|
42
|
-
|
|
43
39
|
def clean_up_passwords(object)
|
|
44
40
|
object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
|
|
45
41
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class <%= class_name %> < ActiveRecord::Base
|
|
2
2
|
# Include default devise modules. Others available are:
|
|
3
|
-
# :http_authenticatable, :token_authenticatable, :lockable, :timeoutable and :activatable
|
|
4
|
-
devise :registerable, :authenticatable, :
|
|
3
|
+
# :http_authenticatable, :token_authenticatable, :confirmable, :lockable, :timeoutable and :activatable
|
|
4
|
+
devise :registerable, :authenticatable, :recoverable,
|
|
5
5
|
:rememberable, :trackable, :validatable
|
|
6
6
|
|
|
7
7
|
# Setup accessible (or protected) attributes for your model
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
|
|
2
1
|
===============================================================================
|
|
3
2
|
|
|
4
3
|
Some setup you must do manually if you haven't yet:
|
|
@@ -15,4 +14,10 @@ Some setup you must do manually if you haven't yet:
|
|
|
15
14
|
|
|
16
15
|
map.root :controller => 'home'
|
|
17
16
|
|
|
17
|
+
3. Ensure you have a default layout in app/views/layouts and it shows
|
|
18
|
+
flash messages. For example:
|
|
19
|
+
|
|
20
|
+
<p class="notice"><%= flash[:notice] %></p>
|
|
21
|
+
<p class="alert"><%= flash[:alert] %></p>
|
|
22
|
+
|
|
18
23
|
===============================================================================
|
|
@@ -6,7 +6,7 @@ module Devise
|
|
|
6
6
|
def self.included(base)
|
|
7
7
|
base.class_eval do
|
|
8
8
|
helper_method :warden, :signed_in?, :devise_controller?,
|
|
9
|
-
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
|
|
9
|
+
*Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?", :"#{m}_session"] }.flatten
|
|
10
10
|
|
|
11
11
|
# Use devise default_url_options. We have to declare it here to overwrite
|
|
12
12
|
# default definitions.
|
data/lib/devise/locales/en.yml
CHANGED
|
@@ -21,7 +21,7 @@ en:
|
|
|
21
21
|
confirmed: 'Your account was successfully confirmed. You are now signed in.'
|
|
22
22
|
registrations:
|
|
23
23
|
link: 'Sign up'
|
|
24
|
-
signed_up: 'You have signed up successfully.'
|
|
24
|
+
signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
|
|
25
25
|
updated: 'You updated your account successfully.'
|
|
26
26
|
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
|
|
27
27
|
unlocks:
|
|
@@ -74,8 +74,10 @@ module Devise
|
|
|
74
74
|
def update_with_password(params={})
|
|
75
75
|
current_password = params.delete(:current_password)
|
|
76
76
|
|
|
77
|
-
|
|
78
|
-
|
|
77
|
+
if params[:password].blank?
|
|
78
|
+
params.delete(:password)
|
|
79
|
+
params.delete(:password_confirmation) if params[:password_confirmation].blank?
|
|
80
|
+
end
|
|
79
81
|
|
|
80
82
|
result = if valid_password?(current_password)
|
|
81
83
|
update_attributes(params)
|
data/lib/devise/version.rb
CHANGED
|
@@ -28,8 +28,7 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
|
28
28
|
fill_in 'password confirmation', :with => 'new_user123'
|
|
29
29
|
click_button 'Sign up'
|
|
30
30
|
|
|
31
|
-
assert_equal
|
|
32
|
-
assert_equal "You have signed up successfully.", @controller.send(:flash)[:notice]
|
|
31
|
+
assert_equal "You have signed up successfully. If enabled, a confirmation was sent to your e-mail.", @controller.send(:flash)[:notice]
|
|
33
32
|
|
|
34
33
|
# For some reason flash is not being set correctly, so instead of getting the
|
|
35
34
|
# "signed_up" message we get the unconfirmed one. Seems to be an issue with
|
|
@@ -38,6 +37,8 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
|
38
37
|
# assert_contain 'You have signed up successfully.'
|
|
39
38
|
# assert_not_contain 'confirm your account'
|
|
40
39
|
|
|
40
|
+
follow_redirect!
|
|
41
|
+
assert_contain 'Sign in'
|
|
41
42
|
assert_not warden.authenticated?(:user)
|
|
42
43
|
|
|
43
44
|
user = User.last
|
|
@@ -118,6 +119,19 @@ class RegistrationTest < ActionController::IntegrationTest
|
|
|
118
119
|
assert User.first.valid_password?('pas123')
|
|
119
120
|
end
|
|
120
121
|
|
|
122
|
+
test 'a signed in user should not be able to edit his password with invalid confirmation' do
|
|
123
|
+
sign_in_as_user
|
|
124
|
+
get edit_user_registration_path
|
|
125
|
+
|
|
126
|
+
fill_in 'password', :with => 'pas123'
|
|
127
|
+
fill_in 'password confirmation', :with => ''
|
|
128
|
+
fill_in 'current password', :with => '123456'
|
|
129
|
+
click_button 'Update'
|
|
130
|
+
|
|
131
|
+
assert_contain "Password doesn't match confirmation"
|
|
132
|
+
assert_not User.first.valid_password?('pas123')
|
|
133
|
+
end
|
|
134
|
+
|
|
121
135
|
test 'a signed in user should be able to cancel his account' do
|
|
122
136
|
sign_in_as_user
|
|
123
137
|
visit edit_user_registration_path
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 1
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
9
|
-
version: 1.0.
|
|
8
|
+
- 7
|
|
9
|
+
version: 1.0.7
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- "Jos\xC3\xA9 Valim"
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2010-
|
|
18
|
+
date: 2010-05-03 00:00:00 +02:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|