devise 1.1.rc1 → 1.1.rc2

data/lib/devise/hooks/timeoutable.rb

@@ -5,12 +5,16 @@
 # verify timeout in the following request.
 Warden::Manager.after_set_user do |record, warden, options|
   scope = options[:scope]
+
   if record && record.respond_to?(:timedout?) && warden.authenticated?(scope)
     last_request_at = warden.session(scope)['last_request_at']
 
     if record.timedout?(last_request_at)
-      warden.logout(scope)
-      throw :warden, :scope => scope, :message => :timeout
+      path_checker = Devise::PathChecker.new(warden.env, scope)
+      unless path_checker.signing_out?
+        warden.logout(scope)
+        throw :warden, :scope => scope, :message => :timeout
+      end
     end
 
     warden.session(scope)['last_request_at'] = Time.now.utc

data/lib/devise/mapping.rb

@@ -22,7 +22,7 @@ module Devise
   #   # is the modules included in the class
   #
   class Mapping #:nodoc:
-    attr_reader :singular, :plural, :path, :controllers, :path_names, :path_prefix
+    attr_reader :singular, :plural, :path, :controllers, :path_names, :path_prefix, :class_name
     alias :name :singular
 
     # Loop through all mappings looking for a map that matches with the requested
@@ -63,30 +63,29 @@ module Devise
 
       @plural   = name.to_sym
       @path     = (options.delete(:path) || name).to_sym
-      @klass    = (options.delete(:class_name) || name.to_s.classify).to_s
       @singular = (options.delete(:singular) || name.to_s.singularize).to_sym
 
+      @class_name = (options.delete(:class_name) || name.to_s.classify).to_s
+      @ref = ActiveSupport::Dependencies.ref(@class_name)
+
       @path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
 
       @controllers = Hash.new { |h,k| h[k] = "devise/#{k}" }
       @controllers.merge!(options.delete(:controllers) || {})
 
       @path_names  = Hash.new { |h,k| h[k] = k.to_s }
+      @path_names.merge!(:registration => "")
       @path_names.merge!(options.delete(:path_names) || {})
     end
 
     # Return modules for the mapping.
     def modules
-      @modules ||= to.devise_modules
+      @modules ||= to.respond_to?(:devise_modules) ? to.devise_modules : []
     end
 
     # Gives the class the mapping points to.
-    # Reload mapped class each time when cache_classes is false.
     def to
-      return @to if @to
-      klass = @klass.constantize
-      @to = klass if Rails.configuration.cache_classes
-      klass
+      @ref.get
     end
 
     def strategies

data/lib/devise/models.rb

@@ -1,17 +1,5 @@
 module Devise
   module Models
-    class << self
-      def hook(base)
-        base.class_eval do
-          class_attribute :devise_modules, :instance_writer => false
-          self.devise_modules ||= []
-        end
-      end
-
-      alias :included :hook
-      alias :extended :hook
-    end
-
     # Creates configuration values for Devise and for the given module.
     #
     #   Devise::Models.config(Devise::Authenticable, :stretches, 10)
@@ -86,28 +74,6 @@ module Devise
     def devise_modules_hook!
       yield
     end
-
-    # Find an initialize a record setting an error if it can't be found.
-    def find_or_initialize_with_error_by(attribute, value, error=:invalid)
-      if value.present?
-        conditions = { attribute => value }
-        record = find(:first, :conditions => conditions)
-      end
-
-      unless record
-        record = new
-
-        if value.present?
-          record.send(:"#{attribute}=", value)
-        else
-          error = :blank
-        end
-
-        record.errors.add(attribute, error)
-      end
-
-      record
-    end
   end
 end
 

data/lib/devise/models/authenticatable.rb

@@ -39,10 +39,16 @@ module Devise
     module Authenticatable
       extend ActiveSupport::Concern
 
-      # Check if the current object is valid for authentication. This method and find_for_authentication
-      # are the methods used in a Warden::Strategy to check if a model should be signed in or not.
+      included do
+        class_attribute :devise_modules, :instance_writer => false
+        self.devise_modules ||= []
+      end
+
+      # Check if the current object is valid for authentication. This method and
+      # find_for_authentication are the methods used in a Warden::Strategy to check
+      # if a model should be signed in or not.
       #
-      # However, you should not need to overwrite this method, you should overwrite active? and
+      # However, you should not overwrite this method, you should overwrite active? and
       # inactive_message instead.
       def valid_for_authentication?
         if active?
@@ -86,6 +92,26 @@ module Devise
         def find_for_authentication(conditions)
           find(:first, :conditions => conditions)
         end
+
+        # Find an initialize a record setting an error if it can't be found.
+        def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
+          if value.present?
+            conditions = { attribute => value }
+            record = find(:first, :conditions => conditions)
+          end
+
+          unless record
+            record = new
+            if value.present?
+              record.send(:"#{attribute}=", value)
+            else
+              error = :blank
+            end
+            record.errors.add(attribute, error)
+          end
+
+          record
+        end
       end
     end
   end

data/lib/devise/models/confirmable.rb

@@ -50,7 +50,8 @@ module Devise
 
       # Send confirmation instructions by email
       def send_confirmation_instructions
-        ::Devise::Mailer.confirmation_instructions(self).deliver
+        generate_confirmation_token if self.confirmation_token.nil?
+        ::Devise.mailer.confirmation_instructions(self).deliver
       end
 
       # Resend confirmation token. This method does not need to generate a new token.
@@ -63,7 +64,7 @@ module Devise
       # is already confirmed, it should never be blocked. Otherwise we need to
       # calculate if the confirm time has not expired for this user.
       def active?
-        super && (confirmed? || confirmation_period_valid?)
+        super && (!confirmation_required? || confirmed? || confirmation_period_valid?)
       end
 
       # The message to be shown if the account is inactive.

data/lib/devise/models/database_authenticatable.rb

@@ -58,8 +58,10 @@ module Devise
       def update_with_password(params={})
         current_password = params.delete(:current_password)
 
-        params.delete(:password)              if params[:password].blank?
-        params.delete(:password_confirmation) if params[:password_confirmation].blank?
+        if params[:password].blank?
+          params.delete(:password)
+          params.delete(:password_confirmation) if params[:password_confirmation].blank?
+        end
 
         result = if valid_password?(current_password)
           update_attributes(params)

data/lib/devise/models/lockable.rb

@@ -49,7 +49,7 @@ module Devise
 
       # Send unlock instructions by email
       def send_unlock_instructions
-        ::Devise::Mailer.unlock_instructions(self).deliver
+        ::Devise.mailer.unlock_instructions(self).deliver
       end
 
       # Resend the unlock instructions if the user is locked.

data/lib/devise/models/recoverable.rb

@@ -28,7 +28,7 @@ module Devise
       # Resets reset password token and send reset password instructions by email
       def send_reset_password_instructions
         generate_reset_password_token!
-        ::Devise::Mailer.reset_password_instructions(self).deliver
+        ::Devise.mailer.reset_password_instructions(self).deliver
       end
 
       protected

data/lib/devise/models/rememberable.rb

@@ -65,6 +65,14 @@ module Devise
         remember_created_at + self.class.remember_for
       end
 
+      def cookie_domain
+        self.class.cookie_domain
+      end
+
+      def cookie_domain?
+        self.class.cookie_domain != false
+      end
+
       module ClassMethods
         # Create the cookie key using the record id and remember_token
         def serialize_into_cookie(record)
@@ -78,7 +86,7 @@ module Devise
           record if record && !record.remember_expired?
         end
 
-        Devise::Models.config(self, :remember_for)
+        Devise::Models.config(self, :remember_for, :cookie_domain)
       end
     end
   end

data/lib/devise/orm/active_record.rb

@@ -23,7 +23,7 @@ module Devise
         include Devise::Schema
 
         # Tell how to apply schema methods.
-        def apply_schema(name, type, options={})
+        def apply_devise_schema(name, type, options={})
           column name, type.to_s.downcase.to_sym, options
         end
       end
@@ -31,8 +31,6 @@ module Devise
   end
 end
 
-if defined?(ActiveRecord)
-  ActiveRecord::Base.extend Devise::Models
-  ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord::Schema
-  ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord::Schema
-end
+ActiveRecord::Base.extend Devise::Models
+ActiveRecord::ConnectionAdapters::Table.send :include, Devise::Orm::ActiveRecord::Schema
+ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord::Schema

data/lib/devise/orm/data_mapper.rb

@@ -21,7 +21,7 @@ module Devise
 
         # Tell how to apply schema methods. This automatically maps :limit to
         # :length and :null to :required.
-        def apply_schema(name, type, options={})
+        def apply_devise_schema(name, type, options={})
           SCHEMA_OPTIONS.each do |old_key, new_key|
             next unless options.key?(old_key)
             options[new_key] = options.delete(old_key)
@@ -72,7 +72,7 @@ module Devise
             end
           end
         end
-        
+
         def changed?
           dirty?
         end
@@ -84,7 +84,7 @@ module Devise
             super()
           end
         end
-        
+
         def update_attributes(*args)
           update(*args)
         end
@@ -93,7 +93,5 @@ module Devise
   end
 end
 
-DataMapper::Model.class_eval do
-  include Devise::Models
-  include Devise::Orm::DataMapper::Hook
-end
+DataMapper::Model.append_extensions(Devise::Models)
+DataMapper::Model.append_extensions(Devise::Orm::DataMapper::Hook)

data/lib/devise/orm/mongoid.rb

@@ -4,32 +4,21 @@ module Devise
       module Hook
         def devise_modules_hook!
           extend Schema
-          include ::Mongoid::Timestamps
-          include Compatibility
           yield
           return unless Devise.apply_schema
           devise_modules.each { |m| send(m) if respond_to?(m, true) }
         end
       end
-      
+
       module Schema
         include Devise::Schema
 
         # Tell how to apply schema methods
-        def apply_schema(name, type, options={})
+        def apply_devise_schema(name, type, options={})
           type = Time if type == DateTime
           field name, { :type => type }.merge(options)
         end
       end
-      
-      module Compatibility
-        def save(validate = true)
-          if validate.is_a?(Hash) && validate.has_key?(:validate)
-            validate = validate[:validate]
-          end
-          super(validate)
-        end
-      end
     end
   end
 end

data/lib/devise/path_checker.rb

@@ -0,0 +1,13 @@
+module Devise
+  class PathChecker
+    include Rails.application.routes.url_helpers
+
+    def initialize(env, scope)
+      @env, @scope = env, scope
+    end
+
+    def signing_out?
+      @env["PATH_INFO"] == send("destroy_#{@scope}_session_path")
+    end
+  end
+end

data/lib/devise/rails.rb

@@ -1,35 +1,62 @@
 require 'devise/rails/routes'
 require 'devise/rails/warden_compat'
 
+# Include UrlHelpers in ActionController and ActionView as soon as they are loaded.
+ActiveSupport.on_load(:action_controller) { include Devise::Controllers::UrlHelpers }
+ActiveSupport.on_load(:action_view) { include Devise::Controllers::UrlHelpers }
+
 module Devise
   class Engine < ::Rails::Engine
     config.devise = Devise
 
-    initializer "devise.add_middleware" do |app|
-      app.config.middleware.use Warden::Manager do |config|
-        Devise.warden_config = config
-        config.failure_app   = Devise::FailureApp
-        config.default_scope = Devise.default_scope
-      end
+    config.app_middleware.use Warden::Manager do |config|
+      Devise.warden_config = config
     end
 
-    initializer "devise.add_url_helpers" do |app|
-      Devise::FailureApp.send :include, app.routes.url_helpers
-      ActionController::Base.send :include, Devise::Controllers::UrlHelpers
-      ActionView::Base.send :include, Devise::Controllers::UrlHelpers
-    end
+    # Force routes to be loaded if we are doing any eager load.
+    config.before_eager_load { |app| app.reload_routes! }
 
     config.after_initialize do
-      I18n.available_locales
-      flash = [:unauthenticated, :unconfirmed, :invalid, :invalid_token, :timeout, :inactive, :locked]
+      Devise.encryptor ||= begin
+        warn "[WARNING] config.encryptor is not set in your config/initializers/devise.rb. " \
+          "Devise will then set it to :bcrypt. If you were using the previous default " \
+          "encryptor, please add config.encryptor = :sha1 to your configuration file."
+        :bcrypt
+      end
+    end
+
+    unless Rails.env.production?
+      config.after_initialize do
+        actions = [:confirmation_instructions, :reset_password_instructions, :unlock_instructions]
+
+        translations = begin
+          I18n.t("devise.mailer", :raise => true).map { |k, v| k if v.is_a?(String) }.compact
+        rescue Exception => e # Do not care if something fails
+          []
+        end
+
+        keys = actions & translations
+
+        keys.each do |key|
+          ActiveSupport::Deprecation.warn "The I18n message 'devise.mailer.#{key}' is deprecated. " \
+            "Please use 'devise.mailer.#{key}.subject' instead."
+        end
+      end
+
+      config.after_initialize do
+        flash = [:unauthenticated, :unconfirmed, :invalid, :invalid_token, :timeout, :inactive, :locked]
+
+        translations = begin
+          I18n.t("devise.sessions", :raise => true).keys
+        rescue Exception => e # Do not care if something fails
+          []
+        end
 
-      I18n.backend.send(:translations).each do |locale, translations|
-        keys = flash & (translations[:devise][:sessions].keys) rescue []
+        keys = flash & translations
 
         if keys.any?
-          ActiveSupport::Deprecation.warn "The following I18n messages in 'devise.sessions' " <<
-            "for locale '#{locale}' are deprecated: #{keys.to_sentence}. Please move them to " <<
-            "'devise.failure' instead."
+          ActiveSupport::Deprecation.warn "The following I18n messages in 'devise.sessions' " \
+            "are deprecated: #{keys.to_sentence}. Please move them to 'devise.failure' instead."
         end
       end
     end

data/lib/devise/rails/routes.rb

@@ -89,12 +89,13 @@ module ActionDispatch::Routing
       resources.map!(&:to_sym)
 
       resources.each do |resource|
-        mapping = Devise.register(resource, options)
+        mapping = Devise.add_model(resource, options)
 
-        unless mapping.to.respond_to?(:devise)
-          raise "#{mapping.to.name} does not respond to 'devise' method. This usually means you haven't " <<
-            "loaded your ORM file or it's being loaded too late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " <<
-            "inside 'config/initializers/devise.rb' or before your application definition in 'config/application.rb'"
+        begin
+          raise_no_devise_method_error!(mapping.class_name) unless mapping.to.respond_to?(:devise)
+        rescue NoMethodError => e
+          raise unless e.message.include?("undefined method `devise'")
+          raise_no_devise_method_error!(mapping.class_name)
         end
 
         routes  = mapping.routes
@@ -106,6 +107,16 @@ module ActionDispatch::Routing
       end
     end
 
+    def authenticate(scope)
+      constraint = lambda do |request|
+        request.env["warden"].authenticate!(:scope => scope)
+      end
+
+      constraints(constraint) do
+        yield
+      end
+    end
+
     protected
 
       def devise_session(mapping, controllers)
@@ -136,9 +147,15 @@ module ActionDispatch::Routing
 
       def devise_registration(mapping, controllers)
         scope mapping.full_path[1..-1], :name_prefix => mapping.name do
-          resource :registration, :only => [:new, :create, :edit, :update, :destroy], :path => "",
+          resource :registration, :only => [:new, :create, :edit, :update, :destroy], :path => mapping.path_names[:registration],
                    :path_names => { :new => mapping.path_names[:sign_up] }, :controller => controllers[:registrations]
         end
       end
+
+      def raise_no_devise_method_error!(klass)
+        raise "#{klass} does not respond to 'devise' method. This usually means you haven't " <<
+          "loaded your ORM file or it's being loaded too late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " <<
+          "inside 'config/initializers/devise.rb' or before your application definition in 'config/application.rb'"
+      end
   end
-end
+end