devise 1.1.pre4 → 1.1.rc0

data/lib/devise/models/lockable.rb

@@ -13,41 +13,41 @@ module Devise
     # Configuration:
     #
     #   maximum_attempts: how many attempts should be accepted before blocking the user.
-    #   unlock_strategy: unlock the user account by :time, :email or :both.
+    #   lock_strategy: lock the user account by :failed_attempts or :none.
+    #   unlock_strategy: unlock the user account by :time, :email, :both or :none.
     #   unlock_in: the time you want to lock the user after to lock happens. Only
     #              available when unlock_strategy is :time or :both.
     #
     module Lockable
-      extend ActiveSupport::Concern
+      extend  ActiveSupport::Concern
       include Devise::Models::Activatable
 
+      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class"
+
       # Lock an user setting it's locked_at to actual time.
-      def lock
+      def lock_access!
         self.locked_at = Time.now
+
         if unlock_strategy_enabled?(:email)
           generate_unlock_token
           send_unlock_instructions
         end
-      end
 
-      # Lock an user also saving the record.
-      def lock!
-        lock
         save(:validate => false)
       end
 
       # Unlock an user by cleaning locket_at and failed_attempts.
-      def unlock!
-        if_locked do
+      def unlock_access!
+        if_access_locked do
           self.locked_at = nil
-          self.failed_attempts = 0
-          self.unlock_token = nil
+          self.failed_attempts = 0 if respond_to?(:failed_attempts=)
+          self.unlock_token = nil  if respond_to?(:unlock_token=)
           save(:validate => false)
         end
       end
 
       # Verifies whether a user is locked or not.
-      def locked?
+      def access_locked?
         locked_at && !lock_expired?
       end
 
@@ -57,49 +57,54 @@ module Devise
       end
 
       # Resend the unlock instructions if the user is locked.
-      def resend_unlock!
-        if_locked do
-          generate_unlock_token unless unlock_token.present?
-          save(:validate => false)
-          send_unlock_instructions
-        end
+      def resend_unlock_token
+        if_access_locked { send_unlock_instructions }
       end
 
       # Overwrites active? from Devise::Models::Activatable for locking purposes
       # by verifying whether an user is active to sign in or not based on locked?
       def active?
-        super && !locked?
+        super && !access_locked?
       end
 
       # Overwrites invalid_message from Devise::Models::Authenticatable to define
       # the correct reason for blocking the sign in.
       def inactive_message
-        if locked?
-          :locked
-        else
-          super
-        end
+        access_locked? ? :locked : super
       end
 
       # Overwrites valid_for_authentication? from Devise::Models::Authenticatable
       # for verifying whether an user is allowed to sign in or not. If the user
       # is locked, it should never be allowed.
-      def valid_for_authentication?(attributes)
+      def valid_for_authentication?
+        return :locked if access_locked?
+        return super   unless persisted?
+        return super   unless lock_strategy_enabled?(:failed_attempts)
+
         if result = super
           self.failed_attempts = 0
         else
           self.failed_attempts += 1
-          lock if failed_attempts > self.class.maximum_attempts
+
+          if attempts_exceeded?
+            lock_access!
+            return :locked
+          end
         end
+
         save(:validate => false) if changed?
         result
       end
 
       protected
 
+        def attempts_exceeded?
+          self.failed_attempts > self.class.maximum_attempts
+        end
+
         # Generates unlock token
         def generate_unlock_token
-          self.unlock_token = Devise.friendly_token
+          self.unlock_token = self.class.unlock_token
         end
 
         # Tells if the lock is expired if :time unlock strategy is active
@@ -113,8 +118,8 @@ module Devise
 
         # Checks whether the record is locked or not, yielding to the block
         # if it's locked, otherwise adds an error to email.
-        def if_locked
-          if locked?
+        def if_access_locked
+          if access_locked?
             yield
           else
             self.errors.add(:email, :not_locked)
@@ -122,11 +127,6 @@ module Devise
           end
         end
 
-        # Is the unlock enabled for the given unlock strategy?
-        def unlock_strategy_enabled?(strategy)
-          [:both, strategy].include?(self.class.unlock_strategy)
-        end
-
       module ClassMethods
         # Attempt to find a user by it's email. If a record is found, send new
         # unlock instructions to it. If not user is found, returns a new user
@@ -134,7 +134,7 @@ module Devise
         # Options must contain the user email
         def send_unlock_instructions(attributes={})
          lockable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
-         lockable.resend_unlock! unless lockable.new_record?
+         lockable.resend_unlock_token if lockable.persisted?
          lockable
         end
 
@@ -142,13 +142,27 @@ module Devise
         # If no user is found, returns a new user with an error.
         # If the user is not locked, creates an error for the user
         # Options must have the unlock_token
-        def unlock!(attributes={})
-          lockable = find_or_initialize_with_error_by(:unlock_token, attributes[:unlock_token])
-          lockable.unlock! unless lockable.new_record?
+        def unlock_access_by_token(unlock_token)
+          lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token)
+          lockable.unlock_access! if lockable.persisted?
           lockable
         end
 
-        Devise::Models.config(self, :maximum_attempts, :unlock_strategy, :unlock_in)
+        # Is the unlock enabled for the given unlock strategy?
+        def unlock_strategy_enabled?(strategy)
+          [:both, strategy].include?(self.unlock_strategy)
+        end
+
+        # Is the lock enabled for the given lock strategy?
+        def lock_strategy_enabled?(strategy)
+          self.lock_strategy == strategy
+        end
+
+        def unlock_token
+          Devise.friendly_token
+        end
+
+        Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in)
       end
     end
   end

data/lib/devise/models/recoverable.rb

@@ -56,7 +56,7 @@ module Devise
         # Attributes must contain the user email
         def send_reset_password_instructions(attributes={})
           recoverable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
-          recoverable.send_reset_password_instructions unless recoverable.new_record?
+          recoverable.send_reset_password_instructions if recoverable.persisted?
           recoverable
         end
 
@@ -65,9 +65,9 @@ module Devise
         # try saving the record. If not user is found, returns a new user
         # containing an error in reset_password_token attribute.
         # Attributes must contain reset_password_token, password and confirmation
-        def reset_password!(attributes={})
+        def reset_password_by_token(attributes={})
           recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token])
-          recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) unless recoverable.new_record?
+          recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) if recoverable.persisted?
           recoverable
         end
       end

data/lib/devise/models/rememberable.rb

@@ -54,11 +54,6 @@ module Devise
         end
       end
 
-      # Checks whether the incoming token matches or not with the record token.
-      def valid_remember_token?(token)
-        remember_token && !remember_expired? && remember_token == token
-      end
-
       # Remember token should be expired if expiration time not overpass now.
       def remember_expired?
         remember_expires_at <= Time.now.utc
@@ -72,14 +67,14 @@ module Devise
       module ClassMethods
         # Create the cookie key using the record id and remember_token
         def serialize_into_cookie(record)
-          "#{record.id}::#{record.remember_token}"
+          [record.id, record.remember_token]
         end
 
         # Recreate the user based on the stored cookie
-        def serialize_from_cookie(cookie)
-          record_id, record_token = cookie.split('::')
-          record = find(:first, :conditions => { :id => record_id }) if record_id
-          record if record.try(:valid_remember_token?, record_token)
+        def serialize_from_cookie(id, remember_token)
+          conditions = { :id => id, :remember_token => remember_token }
+          record = find(:first, :conditions => conditions)
+          record if record && !record.remember_expired?
         end
 
         Devise::Models.config(self, :remember_for)

data/lib/devise/models/token_authenticatable.rb

@@ -18,7 +18,8 @@ module Devise
     #    User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB')  # returns true/false
     #
     module TokenAuthenticatable
-      extend ActiveSupport::Concern
+      extend  ActiveSupport::Concern
+      include Devise::Models::Authenticatable
 
       included do
         before_save :ensure_authentication_token
@@ -45,43 +46,35 @@ module Devise
         self.reset_authentication_token! if self.authentication_token.blank?
       end
 
-      # Verifies whether an +incoming_authentication_token+ (i.e. from single access URL)
-      # is the user authentication token.
-      def valid_authentication_token?(incoming_auth_token)
-        incoming_auth_token.present? && incoming_auth_token == self.authentication_token
-      end
-
       module ClassMethods
         ::Devise::Models.config(self, :token_authentication_key)
 
         # Authenticate a user based on authentication token.
         def authenticate_with_token(attributes)
           token = attributes[self.token_authentication_key]
-          resource = self.find_for_token_authentication(token)
-          resource if resource.try(:valid_authentication_token?, token)
+          self.find_for_token_authentication(token)
         end
 
         def authentication_token
           ::Devise.friendly_token
         end
 
-        protected
-
-          # Find first record based on conditions given (ie by the sign in form).
-          # Overwrite to add customized conditions, create a join, or maybe use a
-          # namedscope to filter records while authenticating.
-          #
-          # == Example:
-          #
-          #   def self.find_for_token_authentication(token, conditions = {})
-          #     conditions = {:active => true}
-          #     self.find_by_authentication_token(token, :conditions => conditions)
-          #   end
-          #
-          def find_for_token_authentication(token)
-            self.find(:first, :conditions => { :authentication_token => token})
-          end
+      protected
 
+        # Find first record based on conditions given (ie by the sign in form).
+        # Overwrite to add customized conditions, create a join, or maybe use a
+        # namedscope to filter records while authenticating.
+        #
+        # == Example:
+        #
+        #   def self.find_for_token_authentication(token, conditions = {})
+        #     conditions = {:active => true}
+        #     super
+        #   end
+        #
+        def find_for_token_authentication(token)
+          self.find(:first, :conditions => { :authentication_token => token})
+        end
       end
     end
   end

data/lib/devise/models/validatable.rb

@@ -11,17 +11,18 @@ module Devise
                       :validates_confirmation_of, :validates_length_of ].freeze
 
       def self.included(base)
+        base.extend ClassMethods
         assert_validations_api!(base)
 
         base.class_eval do
           validates_presence_of   :email
           validates_uniqueness_of :email, :scope => authentication_keys[1..-1], :allow_blank => true
-          validates_format_of     :email, :with  => EMAIL_REGEX, :allow_blank => true
+          validates_format_of     :email, :with  => email_regexp, :allow_blank => true
 
           with_options :if => :password_required? do |v|
             v.validates_presence_of     :password
             v.validates_confirmation_of :password
-            v.validates_length_of       :password, :within => 6..20, :allow_blank => true
+            v.validates_length_of       :password, :within => password_length, :allow_blank => true
           end
         end
       end
@@ -35,14 +36,18 @@ module Devise
         end
       end
 
-      protected
+    protected
 
-        # Checks whether a password is needed or not. For validations only.
-        # Passwords are always required if it's a new record, or if the password
-        # or confirmation are being set somewhere.
-        def password_required?
-          new_record? || !password.nil? || !password_confirmation.nil?
-        end
+      # Checks whether a password is needed or not. For validations only.
+      # Passwords are always required if it's a new record, or if the password
+      # or confirmation are being set somewhere.
+      def password_required?
+        !persisted? || !password.nil? || !password_confirmation.nil?
+      end
+
+      module ClassMethods
+        Devise::Models.config(self, :email_regexp, :password_length)
+      end
     end
   end
 end

data/lib/devise/modules.rb

@@ -2,10 +2,9 @@ require 'active_support/core_ext/object/with_options'
 
 Devise.with_options :model => true do |d|
   # Strategies first
-  d.with_options :strategy => true do |s|
-    s.add_module :authenticatable,       :controller => :sessions, :flash => :invalid,       :route => :session
-    s.add_module :http_authenticatable
-    s.add_module :token_authenticatable, :controller => :sessions, :flash => :invalid_token, :route => :session
+  d.with_options :strategy => true do |s|      
+    s.add_module :database_authenticatable, :controller => :sessions, :route => :session
+    s.add_module :token_authenticatable,    :controller => :sessions, :route => :session
     s.add_module :rememberable
   end
 
@@ -15,10 +14,10 @@ Devise.with_options :model => true do |d|
   d.add_module :validatable
 
   # The ones which can sign out after
-  d.add_module :activatable,                                 :flash => :inactive
-  d.add_module :confirmable,  :controller => :confirmations, :flash => :unconfirmed, :route => :confirmation
-  d.add_module :lockable,     :controller => :unlocks,       :flash => :locked,      :route => :unlock
-  d.add_module :timeoutable,                                 :flash => :timeout
+  d.add_module :activatable
+  d.add_module :confirmable,  :controller => :confirmations, :route => :confirmation
+  d.add_module :lockable,     :controller => :unlocks,       :route => :unlock
+  d.add_module :timeoutable
 
   # Stats for last, so we make sure the user is really signed in
   d.add_module :trackable

data/lib/devise/orm/active_record.rb

@@ -3,7 +3,7 @@ module Devise
     # This module contains some helpers and handle schema (migrations):
     #
     #   create_table :accounts do |t|
-    #     t.authenticatable
+    #     t.database_authenticatable
     #     t.confirmable
     #     t.recoverable
     #     t.rememberable

data/lib/devise/orm/data_mapper.rb

@@ -24,9 +24,10 @@ module Devise
         def apply_schema(name, type, options={})
           SCHEMA_OPTIONS.each do |old_key, new_key|
             next unless options.key?(old_key)
-            options[new_key] = !options.delete(old_key)
+            options[new_key] = options.delete(old_key)
           end
 
+          options.delete(:default) if options[:default].nil?
           property name, type, options
         end
       end
@@ -37,18 +38,22 @@ module Devise
         module ClassMethods
           # Hooks for confirmable
           def before_create(*args)
-            wrap_hook(:before, *args)
+            wrap_hook(:before, :create, *args)
           end
 
           def after_create(*args)
-            wrap_hook(:after, *args)
+            wrap_hook(:after, :create, *args)
+          end
+          
+          def before_save(*args)
+            wrap_hook(:before, :save, *args)
           end
 
-          def wrap_hook(action, *args)
+          def wrap_hook(action, method, *args)
             options = args.extract_options!
 
             args.each do |callback|
-              send action, :create, callback
+              send action, method, callback
               class_eval <<-METHOD, __FILE__, __LINE__ + 1
                 def #{callback}
                   super if #{options[:if] || true}
@@ -67,6 +72,10 @@ module Devise
             end
           end
         end
+        
+        def changed?
+          dirty?
+        end
 
         def save(options=nil)
           if options.is_a?(Hash) && options[:validate] == false
@@ -75,12 +84,16 @@ module Devise
             super()
           end
         end
+        
+        def update_attributes(*args)
+          update(*args)
+        end
       end
     end
   end
 end
 
 DataMapper::Model.class_eval do
-  extend  Devise::ORM::DataMapper::Hook
   include Devise::Models
-end
+  include Devise::Orm::DataMapper::Hook
+end