devise 1.1.rc0 → 1.1.rc1

data/lib/devise/models.rb

@@ -1,5 +1,17 @@
 module Devise
   module Models
+    class << self
+      def hook(base)
+        base.class_eval do
+          class_attribute :devise_modules, :instance_writer => false
+          self.devise_modules ||= []
+        end
+      end
+
+      alias :included :hook
+      alias :extended :hook
+    end
+
     # Creates configuration values for Devise and for the given module.
     #
     #   Devise::Models.config(Devise::Authenticable, :stretches, 10)
@@ -45,7 +57,7 @@ module Devise
     # for a complete description on those values.
     #
     def devise(*modules)
-      raise "You need to give at least one Devise module" if modules.empty?
+      include Devise::Models::Authenticatable
       options = modules.extract_options!
 
       if modules.delete(:authenticatable)
@@ -53,24 +65,22 @@ module Devise
         modules << :database_authenticatable
       end
 
+      if modules.delete(:activatable)
+        ActiveSupport::Deprecation.warn ":activatable as module is deprecated. It's included in your model by default.", caller
+      end
+
       if modules.delete(:http_authenticatable)
         ActiveSupport::Deprecation.warn ":http_authenticatable as module is deprecated and is on by default. Revert by setting :http_authenticatable => false.", caller
       end
 
-      @devise_modules = Devise::ALL & modules.map(&:to_sym).uniq
+      self.devise_modules += Devise::ALL & modules.map(&:to_sym).uniq
 
       devise_modules_hook! do
-        @devise_modules.each { |m| include Devise::Models.const_get(m.to_s.classify) }
+        devise_modules.each { |m| include Devise::Models.const_get(m.to_s.classify) }
         options.each { |key, value| send(:"#{key}=", value) }
       end
     end
 
-    # Stores all modules included inside the model, so we are able to verify
-    # which routes are needed.
-    def devise_modules
-      @devise_modules ||= []
-    end
-
     # The hook which is called inside devise. So your ORM can include devise
     # compatibility stuff.
     def devise_modules_hook!
@@ -100,3 +110,5 @@ module Devise
     end
   end
 end
+
+require 'devise/models/authenticatable'

data/lib/devise/models/authenticatable.rb

@@ -1,8 +1,10 @@
+require 'devise/hooks/activatable'
+
 module Devise
   module Models
     # Authenticable module. Holds common settings for authentication.
     #
-    # Configuration:
+    # == Configuration:
     #
     # You can overwrite configuration values by setting in globally in Devise,
     # using devise method or overwriting the respective instance method.
@@ -15,13 +17,47 @@ module Devise
     #   params_authenticatable: if this model allows authentication through request params. By default true.
     #   It also accepts an array specifying the strategies that should allow params authentication.
     #
+    # == Active?
+    #
+    # Before authenticating an user and in each request, Devise checks if your model is active by
+    # calling model.active?. This method is overwriten by other devise modules. For instance,
+    # :confirmable overwrites .active? to only return true if your model was confirmed.
+    #
+    # You overwrite this method yourself, but if you do, don't forget to call super:
+    #
+    #   def active?
+    #     super && special_condition_is_valid?
+    #   end
+    #
+    # Whenever active? returns false, Devise asks the reason why your model is inactive using
+    # the inactive_message method. You can overwrite it as well:
+    #
+    #   def inactive_message
+    #     special_condition_is_valid? ? super : :special_condition_is_not_valid
+    #   end
+    #
     module Authenticatable
       extend ActiveSupport::Concern
 
-      # Yields the given block. This method is overwritten by other modules to provide
-      # hooks around authentication.
+      # Check if the current object is valid for authentication. This method and find_for_authentication
+      # are the methods used in a Warden::Strategy to check if a model should be signed in or not.
+      #
+      # However, you should not need to overwrite this method, you should overwrite active? and
+      # inactive_message instead.
       def valid_for_authentication?
-        yield
+        if active?
+          block_given? ? yield : true
+        else
+          inactive_message
+        end
+      end
+
+      def active?
+        true
+      end
+
+      def inactive_message
+        :inactive
       end
 
       module ClassMethods

data/lib/devise/models/confirmable.rb

@@ -1,8 +1,5 @@
-require 'devise/models/activatable'
-
 module Devise
   module Models
-
     # Confirmable is responsible to verify if an account is already confirmed to
     # sign in, and to send emails with confirmation instructions.
     # Confirmation instructions are sent to the user email after creating a
@@ -30,7 +27,6 @@ module Devise
     #   User.find(1).resend_confirmation! # generates a new token and resent it
     module Confirmable
       extend ActiveSupport::Concern
-      include Devise::Models::Activatable
 
       included do
         before_create :generate_confirmation_token, :if => :confirmation_required?

data/lib/devise/models/database_authenticatable.rb

@@ -1,4 +1,3 @@
-require 'devise/models/authenticatable'
 require 'devise/strategies/database_authenticatable'
 
 module Devise
@@ -25,8 +24,7 @@ module Devise
     #    User.find(1).valid_password?('password123')         # returns true/false
     #
     module DatabaseAuthenticatable
-      extend  ActiveSupport::Concern
-      include Devise::Models::Authenticatable
+      extend ActiveSupport::Concern
 
       included do
         attr_reader :password, :current_password
@@ -75,6 +73,9 @@ module Devise
         result
       end
 
+      def after_database_authentication
+      end
+
     protected
 
       # Digests the password using the configured encryptor.
@@ -90,8 +91,8 @@ module Devise
           @encryptor_class ||= ::Devise::Encryptors.const_get(encryptor.to_s.classify)
         end
 
-        def find_for_database_authentication(*args)
-          find_for_authentication(*args)
+        def find_for_database_authentication(conditions)
+          find_for_authentication(conditions)
         end
       end
     end

data/lib/devise/models/lockable.rb

@@ -1,8 +1,5 @@
-require 'devise/models/activatable'
-
 module Devise
   module Models
-
     # Handles blocking a user access after a certain number of attempts.
     # Lockable accepts two different strategies to unlock a user after it's
     # blocked: email and time. The former will send an email to the user when
@@ -20,7 +17,6 @@ module Devise
     #
     module Lockable
       extend  ActiveSupport::Concern
-      include Devise::Models::Activatable
 
       delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class"
 
@@ -77,15 +73,15 @@ module Devise
       # for verifying whether an user is allowed to sign in or not. If the user
       # is locked, it should never be allowed.
       def valid_for_authentication?
-        return :locked if access_locked?
-        return super   unless persisted?
-        return super   unless lock_strategy_enabled?(:failed_attempts)
+        return super unless persisted? && lock_strategy_enabled?(:failed_attempts)
 
-        if result = super
+        case (result = super)
+        when Symbol
+          return result
+        when TrueClass
           self.failed_attempts = 0
-        else
+        when FalseClass
           self.failed_attempts += 1
-
           if attempts_exceeded?
             lock_access!
             return :locked

data/lib/devise/models/rememberable.rb

@@ -1,5 +1,6 @@
 require 'devise/strategies/rememberable'
 require 'devise/hooks/rememberable'
+require 'devise/hooks/forgetable'
 
 module Devise
   module Models

data/lib/devise/models/token_authenticatable.rb

@@ -2,8 +2,11 @@ require 'devise/strategies/token_authenticatable'
 
 module Devise
   module Models
-    # Token Authenticatable Module, responsible for generate authentication token and validating
-    # authenticity of a user while signing in using an authentication token (say follows an URL).
+    # The TokenAuthenticatable module is responsible for generating an authentication token and
+    # validating the authenticity of the same while signing in.
+    #
+    # This module only provides a few helpers to help you manage the token. Creating and resetting
+    # the token is your responsibility.
     #
     # == Configuration:
     #
@@ -12,18 +15,8 @@ module Devise
     #
     # +token_authentication_key+ - Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
     #
-    # == Examples:
-    #
-    #    User.authenticate_with_token(:auth_token => '123456789')           # returns authenticated user or nil
-    #    User.find(1).valid_authentication_token?('rI1t6PKQ8yP7VetgwdybB')  # returns true/false
-    #
     module TokenAuthenticatable
-      extend  ActiveSupport::Concern
-      include Devise::Models::Authenticatable
-
-      included do
-        before_save :ensure_authentication_token
-      end
+      extend ActiveSupport::Concern
 
       # Generate new authentication token (a.k.a. "single access token").
       def reset_authentication_token
@@ -33,7 +26,7 @@ module Devise
       # Generate new authentication token and save the record.
       def reset_authentication_token!
         reset_authentication_token
-        self.save
+        self.save(:validate => false)
       end
 
       # Generate authentication token unless already exists.
@@ -46,35 +39,21 @@ module Devise
         self.reset_authentication_token! if self.authentication_token.blank?
       end
 
+      # Hook called after token authentication.
+      def after_token_authentication
+      end
+
       module ClassMethods
         ::Devise::Models.config(self, :token_authentication_key)
 
-        # Authenticate a user based on authentication token.
-        def authenticate_with_token(attributes)
-          token = attributes[self.token_authentication_key]
-          self.find_for_token_authentication(token)
+        def find_for_token_authentication(conditions)
+          conditions[:authentication_token] ||= conditions.delete(token_authentication_key)
+          find_for_authentication(conditions)
         end
 
         def authentication_token
           ::Devise.friendly_token
         end
-
-      protected
-
-        # Find first record based on conditions given (ie by the sign in form).
-        # Overwrite to add customized conditions, create a join, or maybe use a
-        # namedscope to filter records while authenticating.
-        #
-        # == Example:
-        #
-        #   def self.find_for_token_authentication(token, conditions = {})
-        #     conditions = {:active => true}
-        #     super
-        #   end
-        #
-        def find_for_token_authentication(token)
-          self.find(:first, :conditions => { :authentication_token => token})
-        end
       end
     end
   end

data/lib/devise/modules.rb

@@ -14,7 +14,6 @@ Devise.with_options :model => true do |d|
   d.add_module :validatable
 
   # The ones which can sign out after
-  d.add_module :activatable
   d.add_module :confirmable,  :controller => :confirmations, :route => :confirmation
   d.add_module :lockable,     :controller => :unlocks,       :route => :unlock
   d.add_module :timeoutable

data/lib/devise/rails.rb

@@ -15,6 +15,8 @@ module Devise
 
     initializer "devise.add_url_helpers" do |app|
       Devise::FailureApp.send :include, app.routes.url_helpers
+      ActionController::Base.send :include, Devise::Controllers::UrlHelpers
+      ActionView::Base.send :include, Devise::Controllers::UrlHelpers
     end
 
     config.after_initialize do

data/lib/devise/rails/routes.rb

@@ -6,8 +6,6 @@ module ActionDispatch::Routing
       finalize_without_devise!
       Devise.configure_warden!
       ActionController::Base.send :include, Devise::Controllers::Helpers
-      ActionController::Base.send :include, Devise::Controllers::UrlHelpers
-      ActionView::Base.send :include, Devise::Controllers::UrlHelpers
     end
     alias_method_chain :finalize!, :devise
   end
@@ -16,13 +14,14 @@ module ActionDispatch::Routing
     # Includes devise_for method for routes. This method is responsible to
     # generate all needed routes for devise, based on what modules you have
     # defined in your model.
+    #
     # Examples: Let's say you have an User model configured to use
     # authenticatable, confirmable and recoverable modules. After creating this
     # inside your routes:
     #
     #   devise_for :users
     #
-    # this method is going to look inside your User model and create the
+    # This method is going to look inside your User model and create the
     # needed routes:
     #
     #  # Session routes for Authenticatable (default)
@@ -46,44 +45,44 @@ module ActionDispatch::Routing
     #  * :class_name => setup a different class to be looked up by devise,
     #                   if it cannot be correctly find by the route name.
     #
-    #    devise_for :users, :class_name => 'Account'
+    #      devise_for :users, :class_name => 'Account'
     #
-    #  * :as => allows you to setup path name that will be used, as rails routes does.
-    #           The following route configuration would setup your route as /accounts instead of /users:
+    #  * :path => allows you to setup path name that will be used, as rails routes does.
+    #             The following route configuration would setup your route as /accounts instead of /users:
     #
-    #    devise_for :users, :as => 'accounts'
+    #      devise_for :users, :path => 'accounts'
     #
-    #  * :scope => setup the scope name. This is used as the instance variable name in controller,
-    #              as the name in routes and the scope given to warden. Defaults to the singular of the given name:
+    #  * :singular => setup the singular name for the given resource. This is used as the instance variable name in
+    #                 controller, as the name in routes and the scope given to warden.
     #
-    #    devise_for :users, :scope => :account
+    #      devise_for :users, :singular => :user
     #
     #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
     #                   :password, :confirmation, :unlock.
     #
-    #    devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
+    #      devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
     #
     #  * :path_prefix => the path prefix to be used in all routes.
     #
-    #    devise_for :users, :path_prefix => "/:locale"
+    #      devise_for :users, :path_prefix => "/:locale"
     #
     #  If you are using a dynamic prefix, like :locale above, you need to configure default_url_options in your ApplicationController
     #  class level, so Devise can pick it:
     #
-    #    class ApplicationController < ActionController::Base
-    #      def self.default_url_options
-    #        { :locale => I18n.locale }
+    #      class ApplicationController < ActionController::Base
+    #        def self.default_url_options
+    #          { :locale => I18n.locale }
+    #        end
     #      end
-    #    end
     #
     #  * :controllers => the controller which should be used. All routes by default points to Devise controllers.
     #    However, if you want them to point to custom controller, you should do:
     #
-    #    devise_for :users, :controllers => { :sessions => "users/sessions" }
+    #      devise_for :users, :controllers => { :sessions => "users/sessions" }
     #
     #  * :skip => tell which controller you want to skip routes from being created:
     #
-    #    devise_for :users, :skip => :sessions
+    #      devise_for :users, :skip => :sessions
     #
     def devise_for(*resources)
       options = resources.extract_options!
@@ -110,7 +109,7 @@ module ActionDispatch::Routing
     protected
 
       def devise_session(mapping, controllers)
-        scope mapping.path do
+        scope mapping.full_path do
           get  mapping.path_names[:sign_in],  :to => "#{controllers[:sessions]}#new",     :as => :"new_#{mapping.name}_session"
           post mapping.path_names[:sign_in],  :to => "#{controllers[:sessions]}#create",  :as => :"#{mapping.name}_session"
           get  mapping.path_names[:sign_out], :to => "#{controllers[:sessions]}#destroy", :as => :"destroy_#{mapping.name}_session"
@@ -118,26 +117,26 @@ module ActionDispatch::Routing
       end
  
       def devise_password(mapping, controllers)
-        scope mapping.path, :name_prefix => mapping.name do
-          resource :password, :only => [:new, :create, :edit, :update], :as => mapping.path_names[:password], :controller => controllers[:passwords]
+        scope mapping.full_path, :name_prefix => mapping.name do
+          resource :password, :only => [:new, :create, :edit, :update], :path => mapping.path_names[:password], :controller => controllers[:passwords]
         end
       end
  
       def devise_confirmation(mapping, controllers)
-        scope mapping.path, :name_prefix => mapping.name do
-          resource :confirmation, :only => [:new, :create, :show], :as => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
+        scope mapping.full_path, :name_prefix => mapping.name do
+          resource :confirmation, :only => [:new, :create, :show], :path => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
         end
       end
  
       def devise_unlock(mapping, controllers)
-        scope mapping.path, :name_prefix => mapping.name do
-          resource :unlock, :only => [:new, :create, :show], :as => mapping.path_names[:unlock], :controller => controllers[:unlocks]
+        scope mapping.full_path, :name_prefix => mapping.name do
+          resource :unlock, :only => [:new, :create, :show], :path => mapping.path_names[:unlock], :controller => controllers[:unlocks]
         end
       end
 
       def devise_registration(mapping, controllers)
-        scope mapping.path[1..-1], :name_prefix => "#{mapping.name}_registration" do
-          resource :registration, :only => [:new, :create, :edit, :update, :destroy], :as => "",
+        scope mapping.full_path[1..-1], :name_prefix => mapping.name do
+          resource :registration, :only => [:new, :create, :edit, :update, :destroy], :path => "",
                    :path_names => { :new => mapping.path_names[:sign_up] }, :controller => controllers[:registrations]
         end
       end