devise 1.1.rc1 → 1.1.rc2

data/app/views/devise/confirmations/new.html.erb

@@ -3,8 +3,8 @@
 <%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name)) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %></p>
-  <p><%= f.text_field :email %></p>
+  <p><%= f.label :email %><br />
+  <%= f.text_field :email %></p>
 
   <p><%= f.submit "Resend confirmation instructions" %></p>
 <% end %>

data/app/views/devise/passwords/edit.html.erb

@@ -4,11 +4,11 @@
   <%= devise_error_messages! %>
   <%= f.hidden_field :reset_password_token %>
 
-  <p><%= f.label :password %></p>
-  <p><%= f.password_field :password %></p>
+  <p><%= f.label :password %><br />
+  <%= f.password_field :password %></p>
 
-  <p><%= f.label :password_confirmation %></p>
-  <p><%= f.password_field :password_confirmation %></p>
+  <p><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></p>
 
   <p><%= f.submit "Change my password" %></p>
 <% end %>

data/app/views/devise/passwords/new.html.erb

@@ -3,8 +3,8 @@
 <%= form_for(resource, :as => resource_name, :url => password_path(resource_name)) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %></p>
-  <p><%= f.text_field :email %></p>
+  <p><%= f.label :email %><br />
+  <%= f.text_field :email %></p>
 
   <p><%= f.submit "Send me reset password instructions" %></p>
 <% end %>

data/app/views/devise/registrations/edit.html.erb

@@ -3,17 +3,17 @@
 <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %></p>
-  <p><%= f.text_field :email %></p>
+  <p><%= f.label :email %><br />
+  <%= f.text_field :email %></p>
 
-  <p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
-  <p><%= f.password_field :password %></p>
+  <p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+  <%= f.password_field :password %></p>
 
-  <p><%= f.label :password_confirmation %></p>
-  <p><%= f.password_field :password_confirmation %></p>
+  <p><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></p>
 
-  <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i></p>
-  <p><%= f.password_field :current_password %></p>
+  <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+  <%= f.password_field :current_password %></p>
 
   <p><%= f.submit "Update" %></p>
 <% end %>

data/app/views/devise/registrations/new.html.erb

@@ -3,14 +3,14 @@
 <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %></p>
-  <p><%= f.text_field :email %></p>
+  <p><%= f.label :email %><br />
+  <%= f.text_field :email %></p>
 
-  <p><%= f.label :password %></p>
-  <p><%= f.password_field :password %></p>
+  <p><%= f.label :password %><br />
+  <%= f.password_field :password %></p>
 
-  <p><%= f.label :password_confirmation %></p>
-  <p><%= f.password_field :password_confirmation %></p>
+  <p><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></p>
 
   <p><%= f.submit "Sign up" %></p>
 <% end %>

data/app/views/devise/sessions/new.html.erb

@@ -1,11 +1,11 @@
 <h2>Sign in</h2>
 
 <%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
-  <p><%= f.label :email %></p>
-  <p><%= f.text_field :email %></p>
+  <p><%= f.label :email %><br />
+  <%= f.text_field :email %></p>
 
-  <p><%= f.label :password %></p>
-  <p><%= f.password_field :password %></p>
+  <p><%= f.label :password %><br />
+  <%= f.password_field :password %></p>
 
   <% if devise_mapping.rememberable? -%>
     <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>

data/app/views/devise/unlocks/new.html.erb

@@ -3,8 +3,8 @@
 <%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name)) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %></p>
-  <p><%= f.text_field :email %></p>
+  <p><%= f.label :email %><br />
+  <%= f.text_field :email %></p>
 
   <p><%= f.submit "Resend unlock instructions" %></p>
 <% end %>

data/config/locales/en.yml

@@ -24,13 +24,16 @@ en:
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
-      signed_up: 'You have signed up successfully. If enabled, a confirmation was sent your e-mail.'
+      signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:
       send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
       unlocked: 'Your account was successfully unlocked. You are now signed in.'
     mailer:
-      confirmation_instructions: 'Confirmation instructions'
-      reset_password_instructions: 'Reset password instructions'
-      unlock_instructions: 'Unlock Instructions'
+      confirmation_instructions:
+        subject: 'Confirmation instructions'
+      reset_password_instructions:
+        subject: 'Reset password instructions'
+      unlock_instructions:
+        subject: 'Unlock Instructions'

data/lib/devise.rb

@@ -1,7 +1,9 @@
 require 'active_support/core_ext/numeric/time'
+require 'active_support/dependencies'
 
 module Devise
   autoload :FailureApp, 'devise/failure_app'
+  autoload :PathChecker, 'devise/path_checker'
   autoload :Schema, 'devise/schema'
   autoload :TestHelpers, 'devise/test_helpers'
 
@@ -47,6 +49,10 @@ module Devise
     :bcrypt => 60
   }
 
+  # Custom domain for cookies. Not set by default
+  mattr_accessor :cookie_domain
+  @@cookie_domain = false
+
   # Used to encrypt password. Please generate one with rake secret.
   mattr_accessor :pepper
   @@pepper = nil
@@ -93,7 +99,7 @@ module Devise
 
   # Used to define the password encryption algorithm.
   mattr_accessor :encryptor
-  @@encryptor = :sha1
+  @@encryptor = nil
 
   # Store scopes mappings.
   mattr_accessor :mappings
@@ -143,6 +149,9 @@ module Devise
   mattr_accessor :token_authentication_key
   @@token_authentication_key = :auth_token
 
+  mattr_accessor :navigational_formats
+  @@navigational_formats = [:html]
+
   # Private methods to interface with Warden.
   mattr_accessor :warden_config
   @@warden_config = nil
@@ -154,16 +163,24 @@ module Devise
     yield self
   end
 
+  # Get the mailer class from the mailer reference object.
+  def self.mailer
+    @@mailer_ref.get
+  end
+
+  # Set the mailer reference object to access the mailer.
+  def self.mailer=(class_name)
+    @@mailer_ref = ActiveSupport::Dependencies.ref(class_name)
+  end
+  self.mailer = "Devise::Mailer"
+
   # Register a model in Devise. You can call this manually if you don't want
   # to use devise routes. Check devise_for in routes to know which options
   # are available.
-  def self.register(resource, options)
+  def self.add_model(resource, options)
     mapping = Devise::Mapping.new(resource, options)
     self.mappings[mapping.name] = mapping
     self.default_scope ||= mapping.name
-
-    warden_config.default_scope ||= mapping.name
-    warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
     mapping
   end
 
@@ -233,7 +250,17 @@ module Devise
   # A method used internally to setup warden manager from the Rails initialize
   # block.
   def self.configure_warden! #:nodoc:
-    @@warden_config_block.try :call, Devise.warden_config
+    @@warden_configured ||= begin
+      warden_config.failure_app   = Devise::FailureApp
+      warden_config.default_scope = Devise.default_scope
+
+      Devise.mappings.each_value do |mapping|
+        warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
+      end
+
+      @@warden_config_block.try :call, Devise.warden_config
+      true
+    end
   end
 
   # Generate a friendly string randomically to be used as token.

data/lib/devise/controllers/helpers.rb

@@ -5,8 +5,8 @@ module Devise
       extend ActiveSupport::Concern
 
       included do
-        helper_method :warden, :signed_in?, :devise_controller?,
-                      *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?"] }.flatten
+        helper_method :warden, :signed_in?, :devise_controller?, :anybody_signed_in?,
+                      *Devise.mappings.keys.map { |m| [:"current_#{m}", :"#{m}_signed_in?", :"#{m}_session"] }.flatten
       end
 
       # The main accessor for the warden proxy instance
@@ -29,6 +29,12 @@ module Devise
         warden.authenticate?(:scope => scope)
       end
 
+      # Check if the any scope is signed in session, without running
+      # authentication hooks.
+      def anybody_signed_in?
+        Devise.mappings.keys.any? { |scope| signed_in?(scope) }
+      end
+
       # Sign in an user that already was authenticated. This helper is useful for logging
       # users in after sign up.
       #
@@ -102,6 +108,36 @@ module Devise
         respond_to?(home_path, true) ? send(home_path) : root_path
       end
 
+      # The default url to be used after updating a resource. This is used by all Devise
+      # controllers and you can overwrite it in your ApplicationController to
+      # provide a custom hook for a custom resource.
+      #
+      # By default, it first tries to find a resource_root_path, otherwise it
+      # uses the root path. For a user scope, you can define the default url in
+      # the following way:
+      #
+      #   map.user_root '/users', :controller => 'users' # creates user_root_path
+      #
+      #   map.resources :users do |users|
+      #     users.root # creates user_root_path
+      #   end
+      #
+      #
+      # If none of these are defined, root_path is used. However, if this default
+      # is not enough, you can customize it, for example:
+      #
+      #   def after_update_path_for(resource)
+      #     if resource.is_a?(User) && resource.can_publish?
+      #       publisher_url
+      #     else
+      #       super
+      #     end
+      #   end
+      #
+      def after_update_path_for(resource_or_scope)
+        after_sign_in_path_for(resource_or_scope)
+      end
+
       # Method used by sessions controller to sign out an user. You can overwrite
       # it in your ApplicationController to provide a custom hook for a custom
       # scope. Notice that differently from +after_sign_in_path_for+ this method

data/lib/devise/encryptors/authlogic_sha512.rb

@@ -7,7 +7,6 @@ module Devise
     # Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to silumate
     #  the default behavior.
     class AuthlogicSha512 < Base
-      
       # Gererates a default password digest based on salt, pepper and the
       # incoming password.
       def self.digest(password, stretches, salt, pepper)
@@ -15,7 +14,6 @@ module Devise
         stretches.times { digest = Digest::SHA512.hexdigest(digest) }
         digest
       end
-
     end
   end
 end

data/lib/devise/encryptors/bcrypt.rb

@@ -5,7 +5,6 @@ module Devise
     # = BCrypt
     # Uses the BCrypt hash algorithm to encrypt passwords.
     class Bcrypt < Base
-
       # Gererates a default password digest based on stretches, salt, pepper and the
       # incoming password. We don't strech it ourselves since BCrypt does so internally.
       def self.digest(password, stretches, salt, pepper)
@@ -15,7 +14,6 @@ module Devise
       def self.salt
         ::BCrypt::Engine.generate_salt
       end
-
     end
   end
 end

data/lib/devise/encryptors/clearance_sha1.rb

@@ -7,13 +7,11 @@ module Devise
     # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
     # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
     class ClearanceSha1 < Base
-      
       # Gererates a default password digest based on salt, pepper and the
       # incoming password.
       def self.digest(password, stretches, salt, pepper)
         Digest::SHA1.hexdigest("--#{salt}--#{password}--")
       end
-
     end
   end
 end

data/lib/devise/encryptors/sha1.rb

@@ -5,7 +5,6 @@ module Devise
     # = Sha1
     # Uses the Sha1 hash algorithm to encrypt passwords.
     class Sha1 < Base
-      
       # Gererates a default password digest based on stretches, salt, pepper and the
       # incoming password.
       def self.digest(password, stretches, salt, pepper)
@@ -14,14 +13,13 @@ module Devise
         digest
       end
 
-      private
+    private
 
-        # Generate a SHA1 digest joining args. Generated token is something like
-        #   --arg1--arg2--arg3--argN--
-        def self.secure_digest(*tokens)
-          ::Digest::SHA1.hexdigest('--' << tokens.flatten.join('--') << '--')
-        end        
-      
+      # Generate a SHA1 digest joining args. Generated token is something like
+      #   --arg1--arg2--arg3--argN--
+      def self.secure_digest(*tokens)
+        ::Digest::SHA1.hexdigest('--' << tokens.flatten.join('--') << '--')
+      end
     end
   end
 end

data/lib/devise/encryptors/sha512.rb

@@ -5,7 +5,6 @@ module Devise
     # = Sha512
     # Uses the Sha512 hash algorithm to encrypt passwords.
     class Sha512 < Base
-      
       # Gererates a default password digest based on salt, pepper and the
       # incoming password.
       def self.digest(password, stretches, salt, pepper)
@@ -14,14 +13,13 @@ module Devise
         digest
       end
 
-      private
+    private
 
-        # Generate a Sha512 digest joining args. Generated token is something like
-        #   --arg1--arg2--arg3--argN--
-        def self.secure_digest(*tokens)
-          ::Digest::SHA512.hexdigest('--' << tokens.flatten.join('--') << '--')
-        end        
-      
+      # Generate a Sha512 digest joining args. Generated token is something like
+      #   --arg1--arg2--arg3--argN--
+      def self.secure_digest(*tokens)
+        ::Digest::SHA512.hexdigest('--' << tokens.flatten.join('--') << '--')
+      end
     end
   end
 end

data/lib/devise/failure_app.rb

@@ -9,6 +9,7 @@ module Devise
     include ActionController::RackDelegation
     include ActionController::UrlFor
     include ActionController::Redirecting
+    include Rails.application.routes.url_helpers
 
     delegate :flash, :to => :request
 
@@ -63,7 +64,7 @@ module Devise
     end
 
     def http_auth?
-      request.authorization
+      !Devise.navigational_formats.include?(request.format.to_sym) || request.xhr?
     end
 
     def http_auth_body
@@ -96,7 +97,7 @@ module Devise
     # yet, but we still need to store the uri based on scope, so different scopes
     # would never use the same uri to redirect.
     def store_location!
-      session[:"#{scope}_return_to"] = attempted_path if request && request.get?
+      session[:"#{scope}_return_to"] = attempted_path if request.get? && !http_auth?
     end
   end
 end

data/lib/devise/hooks/activatable.rb

@@ -1,4 +1,7 @@
-# Deny user access whenever his account is not active yet.
+# Deny user access whenever his account is not active yet. All strategies that inherits from
+# Devise::Strategies::Authenticatable and uses the validate already check if the user is active?
+# before actively signing him in. However, we need this as hook to validate the user activity
+# in each request and in case the user is using other strategies beside Devise ones.
 Warden::Manager.after_set_user do |record, warden, options|
   if record && record.respond_to?(:active?) && !record.active?
     scope = options[:scope]

data/lib/devise/hooks/forgetable.rb

@@ -2,9 +2,10 @@
 # to forget_me! Also clear remember token to ensure the user won't be
 # remembered again. Notice that we forget the user unless the record is frozen.
 # This avoids forgetting deleted users.
-Warden::Manager.before_logout do |record, warden, scope|
+Warden::Manager.before_logout do |record, warden, options|
   if record.respond_to?(:forget_me!)
     record.forget_me! unless record.frozen?
-    warden.cookies.delete "remember_#{scope}_token"
+    options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
+    warden.cookies.delete("remember_#{options[:scope]}_token", options)
   end
-end
+end

data/lib/devise/hooks/rememberable.rb

@@ -11,11 +11,14 @@ module Devise
         if succeeded? && resource.respond_to?(:remember_me!) && remember_me?
           resource.remember_me!
 
-          cookies.signed["remember_#{scope}_token"] = {
+          configuration = {
             :value => resource.class.serialize_into_cookie(resource),
             :expires => resource.remember_expires_at,
             :path => "/"
           }
+
+          configuration[:domain] = resource.cookie_domain if resource.cookie_domain?
+          cookies.signed["remember_#{scope}_token"] = configuration
         end
       end
 
@@ -28,4 +31,5 @@ module Devise
   end
 end
 
-Devise::Strategies::Authenticatable.send :include, Devise::Hooks::Rememberable
+Devise::Strategies::Authenticatable.send :include, Devise::Hooks::Rememberable
+