devise 1.1.rc0 → 1.1.rc1

data/lib/devise/strategies/authenticatable.rb

@@ -14,18 +14,6 @@ module Devise
 
     private
 
-      # Simply invokes valid_for_authentication? with the given block and deal with the result.
-      def validate(resource, &block)
-        result = resource && resource.valid_for_authentication?(&block)
-
-        case result
-        when Symbol, String
-          fail!(result)
-        else
-          result
-        end 
-      end
-
       # Check if this is strategy is valid for http authentication.
       def valid_for_http_auth?
         http_authenticatable? && request.authorization && with_authentication_hash(http_auth_hash)

data/lib/devise/strategies/base.rb

@@ -11,9 +11,23 @@ module Devise
         end
       end
 
+    protected
+
       def succeeded?
         @result == :success
       end
+
+      # Simply invokes valid_for_authentication? with the given block and deal with the result.
+      def validate(resource, &block)
+        result = resource && resource.valid_for_authentication?(&block)
+
+        case result
+        when Symbol, String
+          fail!(result)
+        else
+          result
+        end 
+      end
     end
   end
 end

data/lib/devise/strategies/database_authenticatable.rb

@@ -8,6 +8,7 @@ module Devise
         resource = mapping.to.find_for_database_authentication(authentication_hash)
 
         if validate(resource){ resource.valid_password?(password) }
+          resource.after_database_authentication
           success!(resource)
         else
           fail(:invalid)

data/lib/devise/strategies/rememberable.rb

@@ -16,7 +16,9 @@ module Devise
       # the record in the database. If the attempt fails, we pass to another
       # strategy handle the authentication.
       def authenticate!
-        if resource = mapping.to.serialize_from_cookie(*remember_cookie)
+        resource = mapping.to.serialize_from_cookie(*remember_cookie)
+
+        if validate(resource)
           success!(resource)
         else
           cookies.delete(remember_key)

data/lib/devise/strategies/token_authenticatable.rb

@@ -11,7 +11,10 @@ module Devise
     # you can pass anything and it will simply be ignored.
     class TokenAuthenticatable < Authenticatable
       def authenticate!
-        if resource = mapping.to.authenticate_with_token(authentication_hash)
+        resource = mapping.to.find_for_token_authentication(authentication_hash)
+
+        if validate(resource)
+          resource.after_token_authentication
           success!(resource)
         else
           fail(:invalid_token)

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.1.rc0".freeze
+  VERSION = "1.1.rc1".freeze
 end

data/lib/generators/devise/devise_generator.rb

@@ -37,7 +37,7 @@ class DeviseGenerator < Rails::Generators::NamedBase
   def inject_devise_config_into_model
     inject_into_class model_path, class_name, <<-CONTENT
   # Include default devise modules. Others available are:
-  # :token_authenticatable, :lockable, :timeoutable and :activatable
+  # :token_authenticatable, :lockable and :timeoutable
   devise :database_authenticatable, :registerable, :confirmable,
          :recoverable, :rememberable, :trackable, :validatable
 

data/lib/generators/devise/templates/migration.rb

@@ -6,7 +6,9 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
       t.recoverable
       t.rememberable
       t.trackable
+
       # t.lockable :lock_strategy => :<%= Devise.lock_strategy %>, :unlock_strategy => :<%= Devise.unlock_strategy %>
+      # t.token_authenticatable
 
       t.timestamps
     end

data/lib/generators/devise_install/templates/README

@@ -16,4 +16,10 @@ Some setup you must do manually if you haven't yet:
 
        root :to => "home#index"
 
+  3. Ensure you have flash messages in app/views/layouts/application.html.erb.
+     For example:
+
+       <p class="notice"><%= notice %></p>
+       <p class="alert"><%= alert %></p>
+
 ===============================================================================

data/lib/generators/devise_views/devise_views_generator.rb

@@ -18,7 +18,7 @@ class DeviseViewsGenerator < Rails::Generators::Base
       verify_haml_version
       create_and_copy_haml_views
     else
-      directory "devise", "app/views/devise/#{scope}"
+      directory "devise", "app/views/#{scope || 'devise'}"
     end
   end
   
@@ -56,7 +56,7 @@ class DeviseViewsGenerator < Rails::Generators::Base
         end
       end
 
-      directory haml_root, "app/views/devise/#{scope}"
+      directory haml_root, "app/views/#{scope || 'devise'}"
     end
   end
 end

data/test/integration/confirmable_test.rb

@@ -26,7 +26,7 @@ class ConfirmationTest < ActionController::IntegrationTest
 
     assert_response :success
     assert_template 'confirmations/new'
-    assert_have_selector '#errorExplanation'
+    assert_have_selector '#error_explanation'
     assert_contain /Confirmation token(.*)invalid/
   end
 
@@ -49,7 +49,7 @@ class ConfirmationTest < ActionController::IntegrationTest
     visit_user_confirmation_with_token(user.confirmation_token)
 
     assert_template 'confirmations/new'
-    assert_have_selector '#errorExplanation'
+    assert_have_selector '#error_explanation'
     assert_contain 'already confirmed'
   end
 

data/test/integration/database_authenticatable_test.rb

@@ -284,15 +284,15 @@ class AuthenticationTest < ActionController::IntegrationTest
   end
 
   # Access
-  test 'render 404 on roles without permission' do
-    get '/admin_area/password/new', {}, "action_dispatch.show_exceptions" => true
-    assert_response :not_found
-    assert_not_contain 'Send me reset password instructions'
+  test 'render 404 on roles without routes' do
+    assert_raise ActionController::RoutingError do
+      get '/admin_area/password/new'
+    end
   end
 
   test 'render 404 on roles without mapping' do
-    get '/sign_in', {}, "action_dispatch.show_exceptions" => true
-    assert_response :not_found
-    assert_not_contain 'Sign in'
+    assert_raise AbstractController::ActionNotFound do
+      get '/sign_in'
+    end
   end
 end

data/test/integration/lockable_test.rb

@@ -37,8 +37,16 @@ class LockTest < ActionController::IntegrationTest
   end
 
   test 'unlocked pages should not be available if email strategy is disabled' do
-    visit new_user_unlock_path
+    visit "/users/sign_in"
+    click_link "Didn't receive unlock instructions?"
+
     swap Devise, :unlock_strategy => :time do
+      visit "/users/sign_in"
+
+      assert_raise Webrat::NotFoundError do
+        click_link "Didn't receive unlock instructions?"
+      end
+
       assert_raise AbstractController::ActionNotFound do
         visit new_user_unlock_path
       end
@@ -50,7 +58,7 @@ class LockTest < ActionController::IntegrationTest
 
     assert_response :success
     assert_template 'unlocks/new'
-    assert_have_selector '#errorExplanation'
+    assert_have_selector '#error_explanation'
     assert_contain /Unlock token(.*)invalid/
   end
 

data/test/integration/recoverable_test.rb

@@ -77,7 +77,7 @@ class PasswordTest < ActionController::IntegrationTest
 
     assert_response :success
     assert_template 'passwords/edit'
-    assert_have_selector '#errorExplanation'
+    assert_have_selector '#error_explanation'
     assert_contain /Reset password token(.*)invalid/
     assert_not user.reload.valid_password?('987654321')
   end
@@ -91,7 +91,7 @@ class PasswordTest < ActionController::IntegrationTest
 
     assert_response :success
     assert_template 'passwords/edit'
-    assert_have_selector '#errorExplanation'
+    assert_have_selector '#error_explanation'
     assert_contain 'Password doesn\'t match confirmation'
     assert_not user.reload.valid_password?('987654321')
   end
@@ -113,7 +113,7 @@ class PasswordTest < ActionController::IntegrationTest
       fill_in 'Password confirmation', :with => 'other_password'
     end
     assert_response :success
-    assert_have_selector '#errorExplanation'
+    assert_have_selector '#error_explanation'
     assert_not user.reload.valid_password?('987654321')
 
     reset_password :reset_password_token => user.reload.reset_password_token, :visit => false

data/test/integration/registerable_test.rb

@@ -48,7 +48,7 @@ class RegistrationTest < ActionController::IntegrationTest
     click_button 'Sign up'
 
     assert_template 'registrations/new'
-    assert_have_selector '#errorExplanation'
+    assert_have_selector '#error_explanation'
     assert_contain "Email is invalid"
     assert_contain "Password doesn't match confirmation"
     assert_nil User.first

data/test/integration/rememberable_test.rb

@@ -12,7 +12,7 @@ class RememberMeTest < ActionController::IntegrationTest
   end
 
   def generate_signed_cookie(raw_cookie)
-    request = ActionDispatch::Request.new({})
+    request = ActionDispatch::TestRequest.new
     request.cookie_jar.signed['raw_cookie'] = raw_cookie
     request.cookie_jar['raw_cookie']
   end

data/test/mapping_test.rb

@@ -6,15 +6,17 @@ class MappingTest < ActiveSupport::TestCase
     mapping = Devise.mappings[:user]
     assert_equal User,                mapping.to
     assert_equal User.devise_modules, mapping.modules
-    assert_equal :users,              mapping.as
+    assert_equal :users,              mapping.plural
+    assert_equal :user,               mapping.singular
+    assert_equal :users,              mapping.path
   end
 
-  test 'allows as to be given' do
-    assert_equal :admin_area, Devise.mappings[:admin].as
+  test 'allows path to be given' do
+    assert_equal :admin_area, Devise.mappings[:admin].path
   end
 
-  test 'allows custom scope to be given' do
-    assert_equal :accounts, Devise.mappings[:manager].as
+  test 'allows custom singular to be given' do
+    assert_equal :accounts, Devise.mappings[:manager].path
   end
 
   test 'allows a controller depending on the mapping' do
@@ -91,13 +93,13 @@ class MappingTest < ActiveSupport::TestCase
   end
 
   test 'retrieve as from the proper position' do
-    assert_equal 1, Devise.mappings[:user].as_position
-    assert_equal 2, Devise.mappings[:manager].as_position
+    assert_equal 1, Devise.mappings[:user].segment_position
+    assert_equal 2, Devise.mappings[:manager].segment_position
   end
 
   test 'path is returned with path prefix and as' do
-    assert_equal '/users', Devise.mappings[:user].path
-    assert_equal '/:locale/accounts', Devise.mappings[:manager].path
+    assert_equal '/users', Devise.mappings[:user].full_path
+    assert_equal '/:locale/accounts', Devise.mappings[:manager].full_path
   end
 
   test 'magic predicates' do

data/test/models/lockable_test.rb

@@ -7,6 +7,7 @@ class LockableTest < ActiveSupport::TestCase
 
   test "should respect maximum attempts configuration" do
     user = create_user
+    user.confirm!
     swap Devise, :maximum_attempts => 2 do
       3.times { user.valid_for_authentication?{ false } }
       assert user.reload.access_locked?
@@ -15,6 +16,7 @@ class LockableTest < ActiveSupport::TestCase
 
   test "should clear failed_attempts on successfull validation" do
     user = create_user
+    user.confirm!
     user.valid_for_authentication?{ false }
     assert_equal 1, user.reload.failed_attempts
     user.valid_for_authentication?{ true }
@@ -23,6 +25,7 @@ class LockableTest < ActiveSupport::TestCase
 
   test "should not touch failed_attempts if lock_strategy is none" do
     user = create_user
+    user.confirm!
     swap Devise, :lock_strategy => :none, :maximum_attempts => 2 do
       3.times { user.valid_for_authentication?{ false } }
       assert !user.access_locked?

data/test/models/token_authenticatable_test.rb

@@ -2,13 +2,6 @@ require 'test_helper'
 
 class TokenAuthenticatableTest < ActiveSupport::TestCase
 
-  test 'should generate friendly authentication token on create' do
-    User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
-    user = create_user
-    assert_present user.authentication_token
-    assert_equal VALID_AUTHENTICATION_TOKEN, user.authentication_token
-  end
-
   test 'should reset authentication token' do
     user = new_user
     user.reset_authentication_token
@@ -26,18 +19,18 @@ class TokenAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test 'should authenticate a valid user with authentication token and return it' do
-    User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
     user = create_user
+    user.ensure_authentication_token!
     user.confirm!
-    authenticated_user = User.authenticate_with_token(:auth_token => user.authentication_token)
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token)
     assert_equal authenticated_user, user
   end
 
   test 'should return nil when authenticating an invalid user by authentication token' do
-    User.expects(:authentication_token).returns(VALID_AUTHENTICATION_TOKEN)
     user = create_user
+    user.ensure_authentication_token!
     user.confirm!
-    authenticated_user = User.authenticate_with_token(:auth_token => user.authentication_token.reverse)
+    authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse)
     assert_nil authenticated_user
   end
 

data/test/models_test.rb

@@ -1,11 +1,14 @@
 require 'test_helper'
 
 class Configurable < User
-  devise :authenticatable, :confirmable, :rememberable, :timeoutable, :lockable,
+  devise :database_authenticatable, :confirmable, :rememberable, :timeoutable, :lockable,
          :stretches => 15, :pepper => 'abcdef', :confirm_within => 5.days,
          :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days
 end
 
+class Inheritable < Admin
+end
+
 class ActiveRecordTest < ActiveSupport::TestCase
   def include_module?(klass, mod)
     klass.devise_modules.include?(mod) &&
@@ -22,10 +25,14 @@ class ActiveRecordTest < ActiveSupport::TestCase
     end
   end
 
-  test 'add modules cherry pick' do
+  test 'can cherry pick modules' do
     assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable
   end
 
+  test 'chosen modules are inheritable' do
+    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable
+  end
+
   test 'order of module inclusion' do
     correct_module_order   = [:database_authenticatable, :recoverable, :registerable, :timeoutable]
     incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable]

data/test/rails_app/app/active_record/admin.rb

@@ -1,3 +1,3 @@
 class Admin < ActiveRecord::Base
-  devise :authenticatable, :registerable, :timeoutable, :recoverable
+  devise :database_authenticatable, :registerable, :timeoutable, :recoverable
 end

data/test/rails_app/app/active_record/user.rb

@@ -1,5 +1,5 @@
 class User < ActiveRecord::Base
-  devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
+  devise :database_authenticatable, :confirmable, :lockable, :recoverable,
          :registerable, :rememberable, :timeoutable, :token_authenticatable,
          :trackable, :validatable
 

data/test/rails_app/app/data_mapper/admin.rb

@@ -4,10 +4,9 @@ class Admin
   property :id,   Serial
   property :username, String
   
-  devise :authenticatable, :registerable, :timeoutable, :recoverable
+  devise :database_authenticatable, :registerable, :timeoutable, :recoverable
   
   def self.create!(*args)
     create(*args)
   end
-  
 end

data/test/rails_app/app/data_mapper/user.rb

@@ -4,7 +4,7 @@ class User
   property :id, Serial
   property :username, String
   
-  devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
+  devise :database_authenticatable, :confirmable, :lockable, :recoverable,
          :registerable, :rememberable, :timeoutable, :token_authenticatable,
          :trackable, :validatable
 

data/test/rails_app/app/mongoid/admin.rb

@@ -1,7 +1,7 @@
 class Admin
   include Mongoid::Document
 
-  devise :authenticatable, :timeoutable, :registerable, :recoverable
+  devise :database_authenticatable, :timeoutable, :registerable, :recoverable
   
   def self.last(options={})
     options.delete(:order) if options[:order] == "id"

data/test/rails_app/app/mongoid/user.rb

@@ -3,7 +3,7 @@ class User
 
   field :created_at, :type => DateTime
 
-  devise :authenticatable, :http_authenticatable, :confirmable, :lockable, :recoverable,
+  devise :database_authenticatable, :confirmable, :lockable, :recoverable,
          :registerable, :rememberable, :timeoutable, :token_authenticatable,
          :trackable, :validatable