devise 1.1.2 → 1.1.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise might be problematic. Click here for more details.

@@ -1,3 +1,14 @@
1
+ == 1.1.3
2
+
3
+ * bugfix
4
+ * Add reply-to to e-mail headers by default
5
+ * Updated the views generator to respect the rails :template_engine option (by github.com/fredwu)
6
+ * Check the type of HTTP Authentication before using Basic headers
7
+ * Avoid invalid_salt errors by checking salt presence (by github.com/thibaudgg)
8
+ * Forget user deletes the right cookie before logout, not remembering the user anymore (by github.com/emtrane)
9
+ * Fix for failed first-ever logins on PostgreSQL where column default is nil (by github.com/bensie)
10
+ * :default options is now honored in migrations
11
+
1
12
  == 1.1.2
2
13
 
3
14
  * bugfix
data/Gemfile CHANGED
@@ -1,6 +1,6 @@
1
1
  source "http://rubygems.org"
2
2
 
3
- gem "rails", "3.0.0.rc2"
3
+ gem "rails", "3.0.0"
4
4
  gem "warden", "0.10.7"
5
5
  gem "sqlite3-ruby"
6
6
  gem "webrat", "0.7.0"
@@ -13,12 +13,12 @@ GEM
13
13
  remote: http://rubygems.org/
14
14
  specs:
15
15
  abstract (1.0.0)
16
- actionmailer (3.0.0.rc2)
17
- actionpack (= 3.0.0.rc2)
16
+ actionmailer (3.0.0)
17
+ actionpack (= 3.0.0)
18
18
  mail (~> 2.2.5)
19
- actionpack (3.0.0.rc2)
20
- activemodel (= 3.0.0.rc2)
21
- activesupport (= 3.0.0.rc2)
19
+ actionpack (3.0.0)
20
+ activemodel (= 3.0.0)
21
+ activesupport (= 3.0.0)
22
22
  builder (~> 2.1.2)
23
23
  erubis (~> 2.6.6)
24
24
  i18n (~> 0.4.1)
@@ -26,24 +26,24 @@ GEM
26
26
  rack-mount (~> 0.6.12)
27
27
  rack-test (~> 0.5.4)
28
28
  tzinfo (~> 0.3.23)
29
- activemodel (3.0.0.rc2)
30
- activesupport (= 3.0.0.rc2)
29
+ activemodel (3.0.0)
30
+ activesupport (= 3.0.0)
31
31
  builder (~> 2.1.2)
32
32
  i18n (~> 0.4.1)
33
- activerecord (3.0.0.rc2)
34
- activemodel (= 3.0.0.rc2)
35
- activesupport (= 3.0.0.rc2)
36
- arel (~> 1.0.0.rc1)
33
+ activerecord (3.0.0)
34
+ activemodel (= 3.0.0)
35
+ activesupport (= 3.0.0)
36
+ arel (~> 1.0.0)
37
37
  tzinfo (~> 0.3.23)
38
- activeresource (3.0.0.rc2)
39
- activemodel (= 3.0.0.rc2)
40
- activesupport (= 3.0.0.rc2)
41
- activesupport (3.0.0.rc2)
42
- arel (1.0.0.rc1)
43
- activesupport (>= 3.0.0.beta)
38
+ activeresource (3.0.0)
39
+ activemodel (= 3.0.0)
40
+ activesupport (= 3.0.0)
41
+ activesupport (3.0.0)
42
+ arel (1.0.1)
43
+ activesupport (~> 3.0.0)
44
44
  bcrypt-ruby (2.1.2)
45
45
  bson (1.0.4)
46
- bson_ext (1.0.4)
46
+ bson_ext (1.0.7)
47
47
  builder (2.1.2)
48
48
  columnize (0.3.1)
49
49
  erubis (2.6.6)
@@ -66,18 +66,18 @@ GEM
66
66
  rack (>= 1.0.0)
67
67
  rack-test (0.5.4)
68
68
  rack (>= 1.0)
69
- rails (3.0.0.rc2)
70
- actionmailer (= 3.0.0.rc2)
71
- actionpack (= 3.0.0.rc2)
72
- activerecord (= 3.0.0.rc2)
73
- activeresource (= 3.0.0.rc2)
74
- activesupport (= 3.0.0.rc2)
75
- bundler (>= 1.0.0.rc.6)
76
- railties (= 3.0.0.rc2)
77
- railties (3.0.0.rc2)
78
- actionpack (= 3.0.0.rc2)
79
- activesupport (= 3.0.0.rc2)
80
- rake (>= 0.8.3)
69
+ rails (3.0.0)
70
+ actionmailer (= 3.0.0)
71
+ actionpack (= 3.0.0)
72
+ activerecord (= 3.0.0)
73
+ activeresource (= 3.0.0)
74
+ activesupport (= 3.0.0)
75
+ bundler (~> 1.0.0)
76
+ railties (= 3.0.0)
77
+ railties (3.0.0)
78
+ actionpack (= 3.0.0)
79
+ activesupport (= 3.0.0)
80
+ rake (>= 0.8.4)
81
81
  thor (~> 0.14.0)
82
82
  rake (0.8.7)
83
83
  ruby-debug (0.10.3)
@@ -107,7 +107,7 @@ DEPENDENCIES
107
107
  mocha
108
108
  mongo
109
109
  mongoid!
110
- rails (= 3.0.0.rc2)
110
+ rails (= 3.0.0)
111
111
  ruby-debug (>= 0.10.3)
112
112
  sqlite3-ruby
113
113
  warden (= 0.10.7)
@@ -5,7 +5,7 @@
5
5
  Warden::Manager.before_logout do |record, warden, options|
6
6
  if record.respond_to?(:forget_me!)
7
7
  record.forget_me! unless record.frozen?
8
- options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
9
- warden.cookies.delete("remember_#{options[:scope]}_token", options)
8
+ cookie_options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
9
+ warden.cookies.delete("remember_#{options[:scope]}_token", cookie_options)
10
10
  end
11
11
  end
@@ -82,7 +82,9 @@ module Devise
82
82
 
83
83
  # Digests the password using the configured encryptor.
84
84
  def password_digest(password)
85
- self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
85
+ if self.password_salt.present?
86
+ self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
87
+ end
86
88
  end
87
89
 
88
90
  module ClassMethods
@@ -81,6 +81,8 @@ module Devise
81
81
  when TrueClass
82
82
  self.failed_attempts = 0
83
83
  when FalseClass
84
+ # PostgreSQL uses nil as the default value for integer columns set to 0
85
+ self.failed_attempts ||= 0
84
86
  self.failed_attempts += 1
85
87
  if attempts_exceeded?
86
88
  lock_access!
@@ -19,7 +19,7 @@ module Devise
19
19
  # encrypter password field in 128 characters.
20
20
  def database_authenticatable(options={})
21
21
  null = options[:null] || false
22
- default = options[:default] || ""
22
+ default = options.key?(:default) ? options[:default] : ("" if null == false)
23
23
 
24
24
  if options.delete(:encryptor)
25
25
  ActiveSupport::Deprecation.warn ":encryptor as option is deprecated, simply remove it."
@@ -96,8 +96,8 @@ module Devise
96
96
 
97
97
  # Helper to decode credentials from HTTP.
98
98
  def decode_credentials
99
- username_and_password = request.authorization.split(' ', 2).last || ''
100
- ActiveSupport::Base64.decode64(username_and_password).split(/:/, 2)
99
+ return [] unless request.authorization && request.authorization =~ /^Basic (.*)/
100
+ ActiveSupport::Base64.decode64($1).split(/:/, 2)
101
101
  end
102
102
 
103
103
  # Sets the authentication hash and the password from params_auth_hash or http_auth_hash.
@@ -1,3 +1,3 @@
1
1
  module Devise
2
- VERSION = "1.1.2".freeze
2
+ VERSION = "1.1.3".freeze
3
3
  end
@@ -7,7 +7,7 @@ module Devise
7
7
  argument :scope, :required => false, :default => nil,
8
8
  :desc => "The scope to copy views to"
9
9
 
10
- class_option :template_engine, :type => :string, :aliases => "-t", :default => "erb",
10
+ class_option :template_engine, :type => :string, :aliases => "-t",
11
11
  :desc => "Template engine for the views. Available options are 'erb' and 'haml'."
12
12
 
13
13
  def copy_views
@@ -60,26 +60,36 @@ class ControllerAuthenticableTest < ActionController::TestCase
60
60
  @controller.anybody_signed_in?
61
61
  end
62
62
 
63
+ test 'proxy current_user to authenticate with user scope' do
64
+ @mock_warden.expects(:authenticate).with(:scope => :user)
65
+ @controller.current_user
66
+ end
67
+
63
68
  test 'proxy current_admin to authenticate with admin scope' do
64
69
  @mock_warden.expects(:authenticate).with(:scope => :admin)
65
70
  @controller.current_admin
66
71
  end
67
72
 
68
- test 'proxy current_user to authenticate with user scope' do
69
- @mock_warden.expects(:authenticate).with(:scope => :user)
70
- @controller.current_user
73
+ test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
74
+ @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
75
+ @controller.current_publisher_account
71
76
  end
72
77
 
73
- test 'proxy user_authenticate! to authenticate with user scope' do
78
+ test 'proxy authenticate_user! to authenticate with user scope' do
74
79
  @mock_warden.expects(:authenticate!).with(:scope => :user)
75
80
  @controller.authenticate_user!
76
81
  end
77
82
 
78
- test 'proxy admin_authenticate! to authenticate with admin scope' do
83
+ test 'proxy authenticate_admin! to authenticate with admin scope' do
79
84
  @mock_warden.expects(:authenticate!).with(:scope => :admin)
80
85
  @controller.authenticate_admin!
81
86
  end
82
87
 
88
+ test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
89
+ @mock_warden.expects(:authenticate!).with(:scope => :publisher_account)
90
+ @controller.authenticate_publisher_account!
91
+ end
92
+
83
93
  test 'proxy user_signed_in? to authenticate? with user scope' do
84
94
  @mock_warden.expects(:authenticate?).with(:scope => :user)
85
95
  @controller.user_signed_in?
@@ -90,6 +100,11 @@ class ControllerAuthenticableTest < ActionController::TestCase
90
100
  @controller.admin_signed_in?
91
101
  end
92
102
 
103
+ test 'proxy publisher_account_signed_in? to authenticate? with namespaced publisher account scope' do
104
+ @mock_warden.expects(:authenticate?).with(:scope => :publisher_account)
105
+ @controller.publisher_account_signed_in?
106
+ end
107
+
93
108
  test 'proxy user_session to session scope in warden' do
94
109
  @mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
95
110
  @mock_warden.expects(:session).with(:user).returns({})
@@ -102,6 +117,12 @@ class ControllerAuthenticableTest < ActionController::TestCase
102
117
  @controller.admin_session
103
118
  end
104
119
 
120
+ test 'proxy publisher_account_session from namespaced scope to session scope in warden' do
121
+ @mock_warden.expects(:authenticate).with(:scope => :publisher_account).returns(true)
122
+ @mock_warden.expects(:session).with(:publisher_account).returns({})
123
+ @controller.publisher_account_session
124
+ end
125
+
105
126
  test 'sign in proxy to set_user on warden' do
106
127
  user = User.new
107
128
  @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
@@ -313,7 +313,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
313
313
  test 'sign in with script name' do
314
314
  assert_nothing_raised do
315
315
  get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
316
- fill_in "email", "user@test.com"
316
+ fill_in "email", :with => "user@test.com"
317
317
  end
318
318
  end
319
319
 
@@ -39,6 +39,14 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
39
39
  end
40
40
  end
41
41
 
42
+ test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
43
+ swap Devise, :http_authenticatable => true do
44
+ add_oauth2_header
45
+ assert_equal 401, status
46
+ assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
47
+ end
48
+ end
49
+
42
50
  private
43
51
 
44
52
  def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
@@ -46,4 +54,11 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
46
54
  get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
47
55
  user
48
56
  end
57
+
58
+ # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
59
+ def add_oauth2_header
60
+ user = create_user
61
+ get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{ActiveSupport::Base64.encode64("#{user.email}:123456")}"
62
+ end
63
+
49
64
  end
@@ -66,7 +66,7 @@ class RegistrationTest < ActionController::IntegrationTest
66
66
  click_button 'Sign up'
67
67
 
68
68
  assert_current_url '/users'
69
- assert_contain(/Email .* already .* taken/)
69
+ assert_contain(/Email .* already.*taken/)
70
70
 
71
71
  assert_not warden.authenticated?(:user)
72
72
  end
@@ -131,6 +131,7 @@ class RememberMeTest < ActionController::IntegrationTest
131
131
  get destroy_user_session_path
132
132
  assert_not warden.authenticated?(:user)
133
133
  assert_nil user.reload.remember_token
134
+ assert_nil warden.cookies['remember_user_token']
134
135
  end
135
136
 
136
137
  test 'do not remember the user anymore after forget' do
@@ -140,5 +141,6 @@ class RememberMeTest < ActionController::IntegrationTest
140
141
  get destroy_user_session_path
141
142
  get users_path
142
143
  assert_not warden.authenticated?(:user)
144
+ assert_nil warden.cookies['remember_user_token']
143
145
  end
144
146
  end
@@ -98,6 +98,13 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
98
98
  assert_not user.valid_password?('654321')
99
99
  end
100
100
 
101
+ test 'should not validate password when salt is nil' do
102
+ admin = create_admin
103
+ admin.password_salt = nil
104
+ admin.save
105
+ assert_not admin.valid_password?('123456')
106
+ end
107
+
101
108
  test 'should respond to current password' do
102
109
  assert new_user.respond_to?(:current_password)
103
110
  end
@@ -37,6 +37,12 @@ class ActiveSupport::TestCase
37
37
  User.create!(valid_attributes(attributes))
38
38
  end
39
39
 
40
+ def create_admin(attributes={})
41
+ valid_attributes = valid_attributes(attributes)
42
+ valid_attributes.delete(:username)
43
+ Admin.create!(valid_attributes)
44
+ end
45
+
40
46
  # Execute the block setting the given values and restoring old values after
41
47
  # the block is executed.
42
48
  def swap(object, new_values)
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise
3
3
  version: !ruby/object:Gem::Version
4
- hash: 23
4
+ hash: 21
5
5
  prerelease: false
6
6
  segments:
7
7
  - 1
8
8
  - 1
9
- - 2
10
- version: 1.1.2
9
+ - 3
10
+ version: 1.1.3
11
11
  platform: ruby
12
12
  authors:
13
13
  - "Jos\xC3\xA9 Valim"
@@ -16,7 +16,7 @@ autorequire:
16
16
  bindir: bin
17
17
  cert_chain: []
18
18
 
19
- date: 2010-08-25 00:00:00 -03:00
19
+ date: 2010-09-24 00:00:00 +02:00
20
20
  default_executable:
21
21
  dependencies:
22
22
  - !ruby/object:Gem::Dependency