devise 1.1.pre4 → 1.1.rc0

data/CHANGELOG.rdoc

@@ -3,17 +3,46 @@
 * enhancements
   * Rails 3 compatibility.
   * All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions".
-  * You can specify the controller in routes and have specific controllers for each role.
   * Devise.orm is deprecated. This reduces the required API to hook your ORM with devise.
   * Use metal for failure app.
   * HTML e-mails now have proper formatting.
-  * Do not remove options from Datamapper and MongoMapper in find
+  * Do not remove options from Datamapper and MongoMapper in find.
+  * Allow to give :skip and :controllers in routes.
+  * Move trackable logic to the model.
+  * E-mails now use any template available in the filesystem. Easy to create multipart e-mails.
+  * E-mails asks headers_for in the model to set the proper headers.
+  * Allow to specify haml in devise_views.
+  * Compatibility with Datamapper and Mongoid.
+  * Make config.devise available on config/application.rb.
+  * TokenAuthenticatable now works with HTTP Basic Auth.
+  * Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or none. Setting those values to :none means that you want to handle lock and unlocking by yourself.
+  * No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3.
+  * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure.
+
+* bug fix
+  * Do not allow unlockable strategies based on time to access a controller.
+  * Do not send unlockable email several times.
 
 * deprecations
   * Rails 3 compatible only.
   * Scoped views are no longer "sessions/users/new". Now use "users/sessions/new".
   * Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead.
   * Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options.
+  * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure.
+
+== 1.0.5
+
+* bug fix
+  * Use prepend_before_filter in require_no_authentication.
+  * require_no_authentication on unlockable.
+  * Fix a bug when giving an association proxy to devise.
+  * Do not use lock! on lockable since it's part of ActiveRecord API.
+
+== 1.0.4
+
+* bug fix
+  * Fixed a bug when deleting an account with rememberable
+  * Fixed a bug with custom controllers
 
 == 1.0.3
 

data/Gemfile

@@ -1,7 +1,8 @@
 source "http://gemcutter.org"
 
-gem "rails", "3.0.0.beta"
-gem "warden", "0.9.4"
+# Need to install Rails from source
+gem "rails", "3.0.0.beta2"
+gem "warden", "0.10.3"
 gem "sqlite3-ruby", :require => "sqlite3"
 gem "webrat", "0.7"
 gem "mocha", :require => false
@@ -11,8 +12,16 @@ if RUBY_VERSION < '1.9'
   gem "ruby-debug", ">= 0.10.3"
 end
 
-group :mongo_mapper do
-  gem "mongo",        "0.18.3"
-  gem "mongo_ext",    "0.18.3", :require => false
-  gem "mongo_mapper", :git => "git://github.com/merbjedi/mongomapper.git", :branch => "rails3"
+group :mongoid do
+  gem "mongo",        ">= 0.18.3"
+  gem "mongo_ext",    ">= 0.18.3", :require => false
+  gem "mongoid", :git => "git://github.com/durran/mongoid.git"
 end
+
+group :data_mapper do
+  gem "do_sqlite3", '>= 0.10.1'
+  gem "dm-core", :git => "git://github.com/datamapper/dm-core.git"
+  gem "dm-validations", :git => "git://github.com/datamapper/dm-more.git"
+  gem "dm-timestamps", :git => "git://github.com/datamapper/dm-more.git"
+  gem "dm-rails", :git => "git://github.com/datamapper/dm-rails.git"
+end

data/README.rdoc

@@ -7,11 +7,10 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 * Allows you to have multiple roles (or models/scopes) signed in at the same time;
 * Is based on a modularity concept: use just what you really need.
 
-Right now it's composed of 12 modules:
+Right now it's composed of 11 modules:
 
-* Authenticatable: encrypts a password and validates the authenticity of a user while signing in.
-* Token Authenticatable: validates the authenticity of a user while signing in using an authentication token (also known as "single access token").
-* HttpAuthenticatable: sign in users using basic HTTP authentication.
+* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
+* Token Authenticatable: signs in an user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
 * Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
 * Recoverable: resets the user password and sends reset instructions.
 * Registerable: handles signing up users through a registration process.
@@ -33,18 +32,13 @@ Devise is based on Warden (http://github.com/hassox/warden), a Rack Authenticati
 
 == Installation
 
-Devise master branch now supports Rails 3 and is NOT backward compatible. You can install it as:
+Devise master branch now supports Rails 3 and is NOT backward compatible. If you are using Rails 3.0.0 beta gem, you need to install devise as a gem:
 
-  sudo gem install devise --version=1.1.pre
+  sudo gem install devise --version=1.1.pre4
 
-After installing the Warden and Devise gems, you need to configure the gems inside your gemfile:
+However, if you are using Rails edge, from the git repository, you also need to use Devise from the git repository. After you install Devise and add it to your gemfile, you need to run the generator:
 
-  gem 'warden'
-  gem 'devise'
-
-And run the generator:
-
-	rails generate devise_install
+  rails generate devise_install
 
 And you're ready to go. The generator will install an initializer which describes ALL Devise's configuration options, so be sure to take a look at it and at the documentation as well:
 
@@ -54,7 +48,7 @@ And you're ready to go. The generator will install an initializer which describe
 
 If you want to use the Rails 2.3.x version, you should do:
 
-  sudo gem install devise --version=1.0.1
+  sudo gem install devise --version=1.0.4
 
 Or checkout from the v1.0 branch:
 
@@ -256,7 +250,7 @@ Devise implements encryption strategies for Clearance, Authlogic and Restful-Aut
 
 == Other ORMs
 
-Devise supports ActiveRecord (by default) and MongoMapper. We offer experimental Datamapper support (with the limitation that the Devise test suite does not run completely with Datamapper). To choose other ORM, you just need to configure it in the initializer file.
+Devise supports ActiveRecord (by default) and Mongoid. We offer experimental Datamapper support (with the limitation that the Devise test suite does not run completely with Datamapper). To choose other ORM, you just need to configure it in the initializer file.
 
 == TODO
 
@@ -271,12 +265,14 @@ Please refer to TODO file.
 
 We have a long list of valued contributors. See the CHANGELOG or do `git shortlog -s -n` in the cloned repository.
 
-== Related Applications
+== Devise extensions
 
 * http://github.com/scambra/devise_invitable adds support to Devise for sending invitations by email.
 
 * http://github.com/grimen/devise_facebook_connectable adds support for Facebook Connect authentication, and optionally fetching user info from Facebook in the same step.
 
+* http://github.com/joshk/devise_imapable adds support for imap based authentication, excellent for internal apps when an LDAP server isn't available.
+
 == Bugs and Feedback
 
 If you discover any bugs, please create an issue on GitHub.

data/Rakefile

@@ -37,7 +37,7 @@ begin
   require 'jeweler'
   Jeweler::Tasks.new do |s|
     s.name = "devise"
-    s.version = Devise::VERSION
+    s.version = Devise::VERSION.dup
     s.summary = "Flexible authentication solution for Rails with Warden"
     s.email = "contact@plataformatec.com.br"
     s.homepage = "http://github.com/plataformatec/devise"
@@ -45,7 +45,7 @@ begin
     s.authors = ['José Valim', 'Carlos Antônio']
     s.files =  FileList["[A-Z]*", "{app,config,lib}/**/*"]
     s.extra_rdoc_files = FileList["[A-Z]*"] - %w(Gemfile Rakefile)
-    s.add_dependency("warden", "~> 0.9.4")
+    s.add_dependency("warden", "~> 0.10.3")
   end
 
   Jeweler::GemcutterTasks.new

data/TODO

@@ -1,2 +1,3 @@
-* Make test run with DataMapper
 * Extract Activatable tests from Confirmable
+* Move integration tests to Capybara
+* Better ORM integration

data/app/controllers/devise/confirmations_controller.rb

@@ -21,7 +21,7 @@ class Devise::ConfirmationsController < ApplicationController
 
   # GET /resource/confirmation?confirmation_token=abcdef
   def show
-    self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
+    self.resource = resource_class.confirm_by_token(params[:confirmation_token])
 
     if resource.errors.empty?
       set_flash_message :notice, :confirmed

data/app/controllers/devise/passwords_controller.rb

@@ -1,8 +1,7 @@
 class Devise::PasswordsController < ApplicationController
+  prepend_before_filter :require_no_authentication
   include Devise::Controllers::InternalHelpers
 
-  before_filter :require_no_authentication
-
   # GET /resource/password/new
   def new
     build_resource
@@ -30,7 +29,7 @@ class Devise::PasswordsController < ApplicationController
 
   # PUT /resource/password
   def update
-    self.resource = resource_class.reset_password!(params[resource_name])
+    self.resource = resource_class.reset_password_by_token(params[resource_name])
 
     if resource.errors.empty?
       set_flash_message :notice, :updated

data/app/controllers/devise/registrations_controller.rb

@@ -1,12 +1,11 @@
 class Devise::RegistrationsController < ApplicationController
+  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+  prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
   include Devise::Controllers::InternalHelpers
 
-  before_filter :require_no_authentication, :only => [ :new, :create ]
-  before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
-
   # GET /resource/sign_up
   def new
-    build_resource
+    build_resource({})
     render_with_scope :new
   end
 
@@ -15,10 +14,10 @@ class Devise::RegistrationsController < ApplicationController
     build_resource
 
     if resource.save
-      flash[:"#{resource_name}_signed_up"] = true
       set_flash_message :notice, :signed_up
       sign_in_and_redirect(resource_name, resource)
     else
+      clean_up_passwords(resource)
       render_with_scope :new
     end
   end
@@ -34,6 +33,7 @@ class Devise::RegistrationsController < ApplicationController
       set_flash_message :notice, :updated
       redirect_to after_sign_in_path_for(self.resource)
     else
+      clean_up_passwords(resource)
       render_with_scope :edit
     end
   end

data/app/controllers/devise/sessions_controller.rb

@@ -1,30 +1,18 @@
 class Devise::SessionsController < ApplicationController
+  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
   include Devise::Controllers::InternalHelpers
 
-  before_filter :require_no_authentication, :only => [ :new, :create ]
-
   # GET /resource/sign_in
   def new
-    unless resource_just_signed_up?
-      Devise::FLASH_MESSAGES.each do |message|
-        set_now_flash_message :alert, message if params.try(:[], message) == "true"
-      end
-    end
-
-    build_resource
+    clean_up_passwords(build_resource)
     render_with_scope :new
   end
 
   # POST /resource/sign_in
   def create
-    if resource = authenticate(resource_name)
-      set_flash_message :notice, :signed_in
-      sign_in_and_redirect(resource_name, resource, true)
-    else
-      set_now_flash_message :alert, (warden.message || :invalid)
-      clean_up_passwords(build_resource)
-      render_with_scope :new
-    end
+    resource = warden.authenticate!(:scope => resource_name, :recall => "new")
+    set_flash_message :notice, :signed_in
+    sign_in_and_redirect(resource_name, resource)
   end
 
   # GET /resource/sign_out
@@ -32,14 +20,4 @@ class Devise::SessionsController < ApplicationController
     set_flash_message :notice, :signed_out if signed_in?(resource_name)
     sign_out_and_redirect(resource_name)
   end
-
-  protected
-
-  def resource_just_signed_up?
-    flash[:"#{resource_name}_signed_up"]
-  end
-
-  def clean_up_passwords(object)
-    object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
-  end
 end

data/app/controllers/devise/unlocks_controller.rb

@@ -1,4 +1,6 @@
 class Devise::UnlocksController < ApplicationController
+  prepend_before_filter :ensure_email_as_unlock_strategy
+  prepend_before_filter :require_no_authentication
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/unlock/new
@@ -21,7 +23,7 @@ class Devise::UnlocksController < ApplicationController
 
   # GET /resource/unlock?unlock_token=abcdef
   def show
-    self.resource = resource_class.unlock!(:unlock_token => params[:unlock_token])
+    self.resource = resource_class.unlock_access_by_token(params[:unlock_token])
 
     if resource.errors.empty?
       set_flash_message :notice, :unlocked
@@ -30,4 +32,10 @@ class Devise::UnlocksController < ApplicationController
       render_with_scope :new
     end
   end
+
+  protected
+
+  def ensure_email_as_unlock_strategy
+    raise ActionController::UnknownAction unless resource_class.unlock_strategy_enabled?(:email)
+  end
 end

data/app/models/devise/mailer.rb

@@ -19,21 +19,27 @@ class Devise::Mailer < ::ActionMailer::Base
 
     # Configure default email options
     def setup_mail(record, action)
-      @devise_mapping = Devise::Mapping.find_by_class(record.class)
-
-      raise "Invalid devise resource #{record}" unless @devise_mapping
-      @resource = instance_variable_set("@#{@devise_mapping.name}", record)
-
-      mail(:subject => translate(@devise_mapping, action),
-           :from => mailer_sender(@devise_mapping), :to => record.email) do |format|
-        format.html { render_with_scope(action, :controller => "mailer") }
-      end
+      @scope_name     = Devise::Mapping.find_scope!(record)
+      @devise_mapping = Devise.mappings[@scope_name]
+      @resource       = instance_variable_set("@#{@devise_mapping.name}", record)
+
+      template_path = ["devise/mailer"]
+      template_path.unshift "#{@devise_mapping.as}/mailer" if self.class.scoped_views?
+
+      headers = {
+        :subject => translate(@devise_mapping, action),
+        :from => mailer_sender(@devise_mapping),
+        :to => record.email,
+        :template_path => template_path
+      }
+
+      headers.merge!(record.headers_for(action)) if record.respond_to?(:headers_for)
+      mail(headers)
     end
 
     def mailer_sender(mapping)
       if Devise.mailer_sender.is_a?(Proc)
-        block_args = mapping.name if Devise.mailer_sender.arity > 0
-        Devise.mailer_sender.call(block_args)
+        Devise.mailer_sender.call(mapping.name)
       else
         Devise.mailer_sender
       end

data/app/views/devise/confirmations/new.html.erb

@@ -1,6 +1,6 @@
 <h2>Resend confirmation instructions</h2>
 
-<% form_for resource_name, resource, :url => confirmation_path(resource_name) do |f| %>
+<%= form_for(resource_name, resource, :url => confirmation_path(resource_name)) do |f| %>
   <%= f.error_messages %>
 
   <p><%= f.label :email %></p>

data/app/views/devise/passwords/edit.html.erb

@@ -1,6 +1,6 @@
 <h2>Change your password</h2>
 
-<% form_for resource_name, resource, :url => password_path(resource_name), :html => { :method => :put } do |f| %>
+<%= form_for(resource_name, resource, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
   <%= f.error_messages %>
   <%= f.hidden_field :reset_password_token %>
 

data/app/views/devise/passwords/new.html.erb

@@ -1,6 +1,6 @@
 <h2>Forgot your password?</h2>
 
-<% form_for resource_name, resource, :url => password_path(resource_name) do |f| %>
+<%= form_for(resource_name, resource, :url => password_path(resource_name)) do |f| %>
   <%= f.error_messages %>
 
   <p><%= f.label :email %></p>

data/app/views/devise/registrations/edit.html.erb

@@ -1,6 +1,6 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 
-<% form_for resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put } do |f| -%>
+<%= form_for(resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
   <%= f.error_messages %>
 
   <p><%= f.label :email %></p>
@@ -16,7 +16,7 @@
   <p><%= f.password_field :current_password %></p>
 
   <p><%= f.submit "Update" %></p>
-<% end -%>
+<% end %>
 
 <h3>Cancel my account</h3>
 

data/app/views/devise/registrations/new.html.erb

@@ -1,6 +1,6 @@
 <h2>Sign up</h2>
 
-<% form_for resource_name, resource, :url => registration_path(resource_name) do |f| -%>
+<%= form_for(resource_name, resource, :url => registration_path(resource_name)) do |f| %>
   <%= f.error_messages %>
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>
@@ -12,6 +12,6 @@
   <p><%= f.password_field :password_confirmation %></p>
 
   <p><%= f.submit "Sign up" %></p>
-<% end -%>
+<% end %>
 
 <%= render :partial => "devise/shared/links" %>

data/app/views/devise/sessions/new.html.erb

@@ -1,6 +1,6 @@
 <h2>Sign in</h2>
 
-<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
+<%= form_for(resource_name, resource, :url => session_path(resource_name)) do |f| %>
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>
 
@@ -12,6 +12,6 @@
   <% end -%>
 
   <p><%= f.submit "Sign in" %></p>
-<% end -%>
+<% end %>
 
 <%= render :partial => "devise/shared/links" %>

data/app/views/devise/shared/_links.erb

@@ -1,19 +1,19 @@
 <%- if controller_name != 'sessions' %>
-  <%= link_to t('devise.sessions.link'), new_session_path(resource_name) %><br />
+  <%= link_to "Sign in", new_session_path(resource_name) %><br />
 <% end -%>
 
 <%- if devise_mapping.registerable? && controller_name != 'registrations' %>
-  <%= link_to t('devise.registrations.link'), new_registration_path(resource_name) %><br />
+  <%= link_to "Sign up", new_registration_path(resource_name) %><br />
 <% end -%>
 
 <%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
-  <%= link_to t('devise.passwords.link'), new_password_path(resource_name) %><br />
+  <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
 <% end -%>
 
 <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
-  <%= link_to t('devise.confirmations.link'), new_confirmation_path(resource_name) %><br />
+  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
 <% end -%>
 
 <%- if devise_mapping.lockable? && controller_name != 'unlocks' %>
-  <%= link_to t('devise.unlocks.link'), new_unlock_path(resource_name) %><br />
+  <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
 <% end -%>