devise 1.1.pre4 → 1.1.rc0

data/lib/devise/orm/mongoid.rb

@@ -0,0 +1,40 @@
+module Devise
+  module Orm
+    module Mongoid
+      module Hook
+        def devise_modules_hook!
+          extend Schema
+          include ::Mongoid::Timestamps
+          include Compatibility
+          yield
+          return unless Devise.apply_schema
+          devise_modules.each { |m| send(m) if respond_to?(m, true) }
+        end
+      end
+      
+      module Schema
+        include Devise::Schema
+
+        # Tell how to apply schema methods
+        def apply_schema(name, type, options={})
+          type = Time if type == DateTime
+          field name, { :type => type }.merge(options)
+        end
+      end
+      
+      module Compatibility
+        def save(validate = true)
+          if validate.is_a?(Hash) && validate.has_key?(:validate)
+            validate = validate[:validate]
+          end
+          super(validate)
+        end
+      end
+    end
+  end
+end
+
+Mongoid::Document::ClassMethods.class_eval do
+  include Devise::Models
+  include Devise::Orm::Mongoid::Hook
+end

data/lib/devise/rails.rb

@@ -3,10 +3,33 @@ require 'devise/rails/warden_compat'
 
 module Devise
   class Engine < ::Rails::Engine
-    engine_name :devise
+    config.devise = Devise
 
-    config.middleware.use Warden::Manager do |config|
-      Devise.configure_warden(config)
+    initializer "devise.add_middleware" do |app|
+      app.config.middleware.use Warden::Manager do |config|
+        Devise.warden_config = config
+        config.failure_app   = Devise::FailureApp
+        config.default_scope = Devise.default_scope
+      end
+    end
+
+    initializer "devise.add_url_helpers" do |app|
+      Devise::FailureApp.send :include, app.routes.url_helpers
+    end
+
+    config.after_initialize do
+      I18n.available_locales
+      flash = [:unauthenticated, :unconfirmed, :invalid, :invalid_token, :timeout, :inactive, :locked]
+
+      I18n.backend.send(:translations).each do |locale, translations|
+        keys = flash & (translations[:devise][:sessions].keys) rescue []
+
+        if keys.any?
+          ActiveSupport::Deprecation.warn "The following I18n messages in 'devise.sessions' " <<
+            "for locale '#{locale}' are deprecated: #{keys.to_sentence}. Please move them to " <<
+            "'devise.failure' instead."
+        end
+      end
     end
   end
 end

data/lib/devise/rails/routes.rb

@@ -4,11 +4,9 @@ module ActionDispatch::Routing
     # need devise_for mappings already declared to create filters and helpers.
     def finalize_with_devise!
       finalize_without_devise!
-      return if Devise.mappings.empty?
-
+      Devise.configure_warden!
       ActionController::Base.send :include, Devise::Controllers::Helpers
       ActionController::Base.send :include, Devise::Controllers::UrlHelpers
-
       ActionView::Base.send :include, Devise::Controllers::UrlHelpers
     end
     alias_method_chain :finalize!, :devise
@@ -83,31 +81,35 @@ module ActionDispatch::Routing
     #
     #    devise_for :users, :controllers => { :sessions => "users/sessions" }
     #
+    #  * :skip => tell which controller you want to skip routes from being created:
+    #
+    #    devise_for :users, :skip => :sessions
+    #
     def devise_for(*resources)
       options = resources.extract_options!
       resources.map!(&:to_sym)
 
       resources.each do |resource|
-        mapping = Devise::Mapping.new(resource, options)
+        mapping = Devise.register(resource, options)
 
         unless mapping.to.respond_to?(:devise)
           raise "#{mapping.to.name} does not respond to 'devise' method. This usually means you haven't " <<
-            "loaded your ORM file or it's being loaded to late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " <<
+            "loaded your ORM file or it's being loaded too late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " <<
             "inside 'config/initializers/devise.rb' or before your application definition in 'config/application.rb'"
         end
 
-        Devise.default_scope ||= mapping.name
-        Devise.mappings[mapping.name] = mapping
+        routes  = mapping.routes
+        routes -= Array(options.delete(:skip)).map { |s| s.to_s.singularize.to_sym }
 
-        mapping.modules.each do |mod|
-          send(mod, mapping, mapping.controllers) if self.respond_to?(mod, true)
+        routes.each do |mod|
+          send(:"devise_#{mod}", mapping, mapping.controllers)
         end
       end
     end
 
     protected
 
-      def authenticatable(mapping, controllers)
+      def devise_session(mapping, controllers)
         scope mapping.path do
           get  mapping.path_names[:sign_in],  :to => "#{controllers[:sessions]}#new",     :as => :"new_#{mapping.name}_session"
           post mapping.path_names[:sign_in],  :to => "#{controllers[:sessions]}#create",  :as => :"#{mapping.name}_session"
@@ -115,27 +117,27 @@ module ActionDispatch::Routing
         end
       end
  
-      def recoverable(mapping, controllers)
+      def devise_password(mapping, controllers)
         scope mapping.path, :name_prefix => mapping.name do
           resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password], :controller => controllers[:passwords]
         end
       end
  
-      def confirmable(mapping, controllers)
+      def devise_confirmation(mapping, controllers)
         scope mapping.path, :name_prefix => mapping.name do
           resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
         end
       end
  
-      def lockable(mapping, controllers)
+      def devise_unlock(mapping, controllers)
         scope mapping.path, :name_prefix => mapping.name do
           resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock], :controller => controllers[:unlocks]
         end
       end
 
-      def registerable(mapping, controllers)
-        scope :name_prefix => mapping.name do
-          resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => mapping.path[1..-1],
+      def devise_registration(mapping, controllers)
+        scope mapping.path[1..-1], :name_prefix => "#{mapping.name}_registration" do
+          resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => "",
                    :path_names => { :new => mapping.path_names[:sign_up] }, :controller => controllers[:registrations]
         end
       end

data/lib/devise/rails/warden_compat.rb

@@ -8,8 +8,8 @@ module Warden::Mixins::Common
     raw_session.clear
   end
 
-  def response
-    @response ||= env['action_controller.instance'].response
+  def cookies
+    request.cookie_jar
   end
 end
 

data/lib/devise/schema.rb

@@ -3,59 +3,86 @@ module Devise
   # and overwrite the apply_schema method.
   module Schema
 
+    def authenticatable(*args)
+      ActiveSupport::Deprecation.warn "t.authenticatable in migrations is deprecated. Please use t.database_authenticatable instead.", caller
+      database_authenticatable(*args)
+    end
+
     # Creates email, encrypted_password and password_salt.
     #
     # == Options
     # * :null - When true, allow columns to be null.
-    # * :encryptor - The encryptor going to be used, necessary for setting the proper encrypter password length.
-    def authenticatable(options={})
-      null      = options[:null] || false
-      default   = options[:default]
-      encryptor = options[:encryptor] || (respond_to?(:encryptor) ? self.encryptor : :sha1)
+    # * :default - Should be set to "" when :null is false.
+    def database_authenticatable(options={})
+      null    = options[:null] || false
+      default = options[:default] || ""
+
+      if options.delete(:encryptor)
+        ActiveSupport::Deprecation.warn ":encryptor as option is deprecated, simply remove it."
+      end
 
       apply_schema :email,              String, :null => null, :default => default
-      apply_schema :encrypted_password, String, :null => null, :default => default, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
+      apply_schema :encrypted_password, String, :null => null, :default => default, :limit => 128
       apply_schema :password_salt,      String, :null => null, :default => default
-    end
+    end      
 
     # Creates authentication_token.
-    def token_authenticatable
-      apply_schema :authentication_token, String, :limit => 20
+    def token_authenticatable(options={})
+      apply_schema :authentication_token, String
     end
 
     # Creates confirmation_token, confirmed_at and confirmation_sent_at.
     def confirmable
-      apply_schema :confirmation_token,   String, :limit => 20
+      apply_schema :confirmation_token,   String
       apply_schema :confirmed_at,         DateTime
       apply_schema :confirmation_sent_at, DateTime
     end
 
     # Creates reset_password_token.
     def recoverable
-      apply_schema :reset_password_token, String, :limit => 20
+      apply_schema :reset_password_token, String
     end
 
     # Creates remember_token and remember_created_at.
     def rememberable
-      apply_schema :remember_token,      String, :limit => 20
+      apply_schema :remember_token,      String
       apply_schema :remember_created_at, DateTime
     end
 
     # Creates sign_in_count, current_sign_in_at, last_sign_in_at,
     # current_sign_in_ip, last_sign_in_ip.
     def trackable
-      apply_schema :sign_in_count,      Integer
+      apply_schema :sign_in_count,      Integer, :default => 0
       apply_schema :current_sign_in_at, DateTime
       apply_schema :last_sign_in_at,    DateTime
       apply_schema :current_sign_in_ip, String
       apply_schema :last_sign_in_ip,    String
     end
 
-    # Creates failed_attempts, unlock_token and locked_at
-    def lockable
-      apply_schema :failed_attempts, Integer, :default => 0
-      apply_schema :unlock_token,    String, :limit => 20
-      apply_schema :locked_at,       DateTime
+    # Creates failed_attempts, unlock_token and locked_at depending on the options given.
+    #
+    # == Options
+    # * :unlock_strategy - The strategy used for unlock. Can be :time, :email, :both (default), :none.
+    #   If :email or :both, creates a unlock_token field.
+    # * :lock_strategy - The strategy used for locking. Can be :failed_attempts (default) or :none.
+    def lockable(options={})
+      unlock_strategy   = options[:unlock_strategy]
+      unlock_strategy ||= self.unlock_strategy if respond_to?(:unlock_strategy)
+      unlock_strategy ||= :both
+
+      lock_strategy   = options[:lock_strategy]
+      lock_strategy ||= self.lock_strategy if respond_to?(:lock_strategy)
+      lock_strategy ||= :failed_attempts
+
+      if lock_strategy == :failed_attempts
+        apply_schema :failed_attempts, Integer, :default => 0
+      end
+
+      if [:both, :email].include?(unlock_strategy)
+        apply_schema :unlock_token, String
+      end
+
+      apply_schema :locked_at, DateTime
     end
 
     # Overwrite with specific modification to create your own schema.

data/lib/devise/strategies/authenticatable.rb

@@ -2,35 +2,106 @@ require 'devise/strategies/base'
 
 module Devise
   module Strategies
-    # Default strategy for signing in a user, based on his email and password.
-    # Redirects to sign_in page if it's not authenticated
+    # This strategy should be used as basis for authentication strategies. It retrieves
+    # parameters both from params or from http authorization headers. See database_authenticatable
+    # for an example.
     class Authenticatable < Base
+      attr_accessor :authentication_hash, :password
+
       def valid?
-        valid_controller? && valid_params? && mapping.to.respond_to?(:authenticate)
+        valid_for_http_auth? || valid_for_params_auth?
       end
 
-      # Authenticate a user based on email and password params, returning to warden
-      # success and the authenticated user if everything is okay. Otherwise redirect
-      # to sign in page.
-      def authenticate!
-        if resource = mapping.to.authenticate(params[scope])
-          success!(resource)
+    private
+
+      # Simply invokes valid_for_authentication? with the given block and deal with the result.
+      def validate(resource, &block)
+        result = resource && resource.valid_for_authentication?(&block)
+
+        case result
+        when Symbol, String
+          fail!(result)
         else
-          fail!(:invalid)
-        end
+          result
+        end 
+      end
+
+      # Check if this is strategy is valid for http authentication.
+      def valid_for_http_auth?
+        http_authenticatable? && request.authorization && with_authentication_hash(http_auth_hash)
+      end
+
+      # Check if this is strategy is valid for params authentication.
+      def valid_for_params_auth?
+        params_authenticatable? && valid_request? &&
+          valid_params? && with_authentication_hash(params_auth_hash)
+      end
+
+      # Check if the model accepts this strategy as http authenticatable.
+      def http_authenticatable?
+        mapping.to.http_authenticatable?(authenticatable_name)
+      end
+
+      # Check if the model accepts this strategy as params authenticatable.
+      def params_authenticatable?
+        mapping.to.params_authenticatable?(authenticatable_name)
+      end
+
+      # Extract the appropriate subhash for authentication from params.
+      def params_auth_hash
+         params[scope]
+       end
+
+      # Extract a hash with attributes:values from the http params.
+      def http_auth_hash
+        keys = [authentication_keys.first, :password]
+        Hash[*keys.zip(decode_credentials).flatten]
       end
 
-      protected
+      # By default, a request is valid  if the controller is allowed and the VERB is POST.
+      def valid_request?
+        valid_controller? && valid_verb?
+      end
+
+      # Check if the controller is valid for params authentication.
+      def valid_controller?
+        mapping.controllers[:sessions] == params[:controller]
+      end
+
+      # Check if the params_auth_hash is valid for params authentication.
+      def valid_verb?
+        request.post?
+      end
+
+      # If the request is valid, finally check if params_auth_hash returns a hash.
+      def valid_params?
+        params_auth_hash.is_a?(Hash)
+      end
 
-        def valid_controller?
-          mapping.controllers[:sessions] == params[:controller]
-        end
+      # Helper to decode credentials from HTTP.
+      def decode_credentials
+        username_and_password = request.authorization.split(' ', 2).last || ''
+        ActiveSupport::Base64.decode64(username_and_password).split(/:/, 2)
+      end
+
+      # Sets the authentication hash and the password from params_auth_hash or http_auth_hash.
+      def with_authentication_hash(hash)
+        self.authentication_hash = hash.slice(*authentication_keys)
+        self.password = hash[:password]
+        authentication_keys.all?{ |k| authentication_hash[k].present? }
+      end
 
-        def valid_params?
-          params[scope] && params[scope][:password].present?
-        end
+      # Holds the authentication keys.
+      def authentication_keys
+        @authentication_keys ||= mapping.to.authentication_keys
+      end
+
+      # Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable
+      # becomes simply :database.
+      def authenticatable_name
+        @authenticatable_name ||=
+          self.class.name.split("::").last.underscore.sub("_authenticatable", "").to_sym
+      end
     end
   end
-end
-
-Warden::Strategies.add(:authenticatable, Devise::Strategies::Authenticatable)
+end

data/lib/devise/strategies/base.rb

@@ -2,8 +2,7 @@ module Devise
   module Strategies
     # Base strategy for Devise. Responsible for verifying correct scope and mapping.
     class Base < ::Warden::Strategies::Base
-      # Checks if a valid scope was given for devise and find mapping based on
-      # this scope.
+      # Checks if a valid scope was given for devise and find mapping based on this scope.
       def mapping
         @mapping ||= begin
           mapping = Devise.mappings[scope]
@@ -11,6 +10,10 @@ module Devise
           mapping
         end
       end
+
+      def succeeded?
+        @result == :success
+      end
     end
   end
-end
+end

data/lib/devise/strategies/database_authenticatable.rb

@@ -0,0 +1,20 @@
+require 'devise/strategies/authenticatable'
+
+module Devise
+  module Strategies
+    # Default strategy for signing in a user, based on his email and password in the database.
+    class DatabaseAuthenticatable < Authenticatable
+      def authenticate!
+        resource = mapping.to.find_for_database_authentication(authentication_hash)
+
+        if validate(resource){ resource.valid_password?(password) }
+          success!(resource)
+        else
+          fail(:invalid)
+        end
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:database_authenticatable, Devise::Strategies::DatabaseAuthenticatable)