RubyGems - devise - Versions diffs - 1.1.rc1 → 1.1.rc2 - Mend

devise 1.1.rc1 → 1.1.rc2

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (93) hide show

data/CHANGELOG.rdoc +63 -27
data/Gemfile +15 -13
data/README.rdoc +63 -51
data/Rakefile +3 -2
data/TODO +1 -0
data/app/controllers/devise/registrations_controller.rb +1 -1
data/app/mailers/devise/mailer.rb +43 -43
data/app/views/devise/confirmations/new.html.erb +2 -2
data/app/views/devise/passwords/edit.html.erb +4 -4
data/app/views/devise/passwords/new.html.erb +2 -2
data/app/views/devise/registrations/edit.html.erb +8 -8
data/app/views/devise/registrations/new.html.erb +6 -6
data/app/views/devise/sessions/new.html.erb +4 -4
data/app/views/devise/unlocks/new.html.erb +2 -2
data/config/locales/en.yml +7 -4
data/lib/devise.rb +33 -6
data/lib/devise/controllers/helpers.rb +38 -2
data/lib/devise/encryptors/authlogic_sha512.rb +0 -2
data/lib/devise/encryptors/bcrypt.rb +0 -2
data/lib/devise/encryptors/clearance_sha1.rb +0 -2
data/lib/devise/encryptors/sha1.rb +6 -8
data/lib/devise/encryptors/sha512.rb +6 -8
data/lib/devise/failure_app.rb +3 -2
data/lib/devise/hooks/activatable.rb +4 -1
data/lib/devise/hooks/forgetable.rb +4 -3
data/lib/devise/hooks/rememberable.rb +6 -2
data/lib/devise/hooks/timeoutable.rb +6 -2
data/lib/devise/mapping.rb +7 -8
data/lib/devise/models.rb +0 -34
data/lib/devise/models/authenticatable.rb +29 -3
data/lib/devise/models/confirmable.rb +3 -2
data/lib/devise/models/database_authenticatable.rb +4 -2
data/lib/devise/models/lockable.rb +1 -1
data/lib/devise/models/recoverable.rb +1 -1
data/lib/devise/models/rememberable.rb +9 -1
data/lib/devise/orm/active_record.rb +4 -6
data/lib/devise/orm/data_mapper.rb +5 -7
data/lib/devise/orm/mongoid.rb +2 -13
data/lib/devise/path_checker.rb +13 -0
data/lib/devise/rails.rb +45 -18
data/lib/devise/rails/routes.rb +24 -7
data/lib/devise/schema.rb +23 -19
data/lib/devise/strategies/authenticatable.rb +20 -4
data/lib/devise/strategies/database_authenticatable.rb +1 -1
data/lib/devise/strategies/token_authenticatable.rb +2 -2
data/lib/devise/test_helpers.rb +2 -1
data/lib/devise/version.rb +1 -1
data/lib/generators/devise/devise/devise_generator.rb +86 -0
data/lib/generators/devise/{templates → devise/templates}/migration.rb +2 -2
data/lib/generators/devise/install/install_generator.rb +24 -0
data/lib/generators/{devise_install → devise/install}/templates/README +1 -1
data/lib/generators/{devise_install → devise/install}/templates/devise.rb +37 -18
data/lib/generators/devise/views/views_generator.rb +63 -0
data/lib/generators/devise_generator.rb +2 -0
data/lib/generators/devise_install_generator.rb +4 -0
data/lib/generators/devise_views_generator.rb +4 -0
data/test/controllers/helpers_test.rb +15 -0
data/test/devise_test.rb +1 -0
data/test/failure_app_test.rb +25 -10
data/test/integration/authenticatable_test.rb +279 -0
data/test/integration/database_authenticatable_test.rb +2 -262
data/test/integration/http_authenticatable_test.rb +7 -9
data/test/integration/registerable_test.rb +14 -2
data/test/integration/rememberable_test.rb +15 -3
data/test/integration/timeoutable_test.rb +12 -0
data/test/integration/token_authenticatable_test.rb +2 -3
data/test/mailers/confirmation_instructions_test.rb +2 -2
data/test/mailers/reset_password_instructions_test.rb +2 -2
data/test/mailers/unlock_instructions_test.rb +3 -3
data/test/models/confirmable_test.rb +16 -0
data/test/models/database_authenticatable_test.rb +20 -20
data/test/models/lockable_test.rb +1 -1
data/test/models/rememberable_test.rb +4 -4
data/test/orm/data_mapper.rb +9 -0
data/test/rails_app/app/active_record/shim.rb +2 -0
data/test/rails_app/app/controllers/application_controller.rb +1 -0
data/test/rails_app/app/controllers/home_controller.rb +3 -0
data/test/rails_app/app/controllers/users_controller.rb +2 -0
data/test/rails_app/app/data_mapper/shim.rb +2 -0
data/test/rails_app/app/data_mapper/user.rb +4 -5
data/test/rails_app/app/mongoid/admin.rb +1 -10
data/test/rails_app/app/mongoid/shim.rb +16 -0
data/test/rails_app/app/mongoid/user.rb +1 -12
data/test/rails_app/config/application.rb +2 -0
data/test/rails_app/config/initializers/devise.rb +2 -2
data/test/rails_app/config/routes.rb +6 -1
data/test/routes_test.rb +2 -2
data/test/test_helper.rb +0 -4
data/test/test_helpers_test.rb +1 -0
metadata +113 -12
data/lib/generators/devise/devise_generator.rb +0 -67
data/lib/generators/devise_install/devise_install_generator.rb +0 -25
data/lib/generators/devise_views/devise_views_generator.rb +0 -62

data/test/integration/http_authenticatable_test.rb CHANGED

@@ -5,8 +5,7 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
   test 'sign in should authenticate with http' do
     sign_in_as_new_user_with_http
     assert_response :success
-    assert_template 'users/index'
-    assert_contain 'Welcome'
+    assert_match '<email>user@test.com</email>', response.body
     assert warden.authenticated?(:user)
   end
@@ -17,10 +16,10 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
   end
   test 'uses the request format as response content type' do
-    sign_in_as_new_user_with_http("unknown", "123456", :xml)
+    sign_in_as_new_user_with_http("unknown")
     assert_equal 401, status
     assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
-    assert response.body.include?("<error>Invalid email or password.</error>")
+    assert_match "<error>Invalid email or password.</error>", response.body
   end
   test 'returns a custom response with www-authenticate and chosen realm' do
@@ -33,19 +32,18 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
   test 'sign in should authenticate with http even with specific authentication keys' do
     swap Devise, :authentication_keys => [:username] do
-      sign_in_as_new_user_with_http "usertest"
+      sign_in_as_new_user_with_http("usertest")
       assert_response :success
-      assert_template 'users/index'
-      assert_contain 'Welcome'
+      assert_match '<email>user@test.com</email>', response.body
       assert warden.authenticated?(:user)
     end
   end
   private
-    def sign_in_as_new_user_with_http(username="user@test.com", password="123456", format=:html)
+    def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
       user = create_user
-      get users_path(:format => format), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
+      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
       user
     end
 end

data/test/integration/registerable_test.rb CHANGED

@@ -113,7 +113,6 @@ class RegistrationTest < ActionController::IntegrationTest
     assert_equal "user@test.com", User.first.email
   end
   test 'a signed in user should be able to edit his password' do
     sign_in_as_user
     get edit_user_registration_path
@@ -129,6 +128,19 @@ class RegistrationTest < ActionController::IntegrationTest
     assert User.first.valid_password?('pas123')
   end
+  test 'a signed in user should not be able to edit his password with invalid confirmation' do
+    sign_in_as_user
+    get edit_user_registration_path
+    fill_in 'password', :with => 'pas123'
+    fill_in 'password confirmation', :with => ''
+    fill_in 'current password', :with => '123456'
+    click_button 'Update'
+    assert_contain "Password doesn't match confirmation"
+    assert_not User.first.valid_password?('pas123')
+  end
   test 'a signed in user should be able to cancel his account' do
     sign_in_as_user
     get edit_user_registration_path
@@ -138,4 +150,4 @@ class RegistrationTest < ActionController::IntegrationTest
     assert User.all.empty?
   end
-end
+end

data/test/integration/rememberable_test.rb CHANGED

@@ -19,12 +19,24 @@ class RememberMeTest < ActionController::IntegrationTest
   test 'do not remember the user if he has not checked remember me option' do
     user = sign_in_as_user
+    assert_nil request.cookies["remember_user_cookie"]
     assert_nil user.reload.remember_token
   end
   test 'generate remember token after sign in' do
     user = sign_in_as_user :remember_me => true
-    assert_not_nil user.reload.remember_token
+    assert request.cookies["remember_user_token"]
+    assert user.reload.remember_token
+  end
+  test 'generate remember token after sign in setting cookie domain' do
+    # We test this by asserting the cookie is not sent after the redirect
+    # since we changed the domain. This is the only difference with the
+    # previous test.
+    swap User, :cookie_domain => "omg.somewhere.com" do
+      user = sign_in_as_user :remember_me => true
+      assert_nil request.cookies["remember_user_token"]
+    end
   end
   test 'remember the user before sign in' do
@@ -35,7 +47,7 @@ class RememberMeTest < ActionController::IntegrationTest
     assert warden.user(:user) == user
   end
-  test 'does not remember other scopes' do
+  test 'do not remember other scopes' do
     user = create_user_and_remember
     get root_path
     assert_response :success
@@ -50,7 +62,7 @@ class RememberMeTest < ActionController::IntegrationTest
     assert_redirected_to new_user_session_path
   end
-  test 'do not remember with token expired' do
+  test 'do not remember with expired token' do
     user = create_user_and_remember
     swap Devise, :remember_for => 0 do
       get users_path

data/test/integration/timeoutable_test.rb CHANGED

@@ -36,6 +36,18 @@ class SessionTimeoutTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:user)
   end
+  test 'time out is not triggered on sign out' do
+    user = sign_in_as_user
+    get expire_user_path(user)
+    get destroy_user_session_path
+    assert_response :redirect
+    assert_redirected_to root_path
+    follow_redirect!
+    assert_contain 'Signed out successfully'
+  end
   test 'user configured timeout limit' do
     swap Devise, :timeout_in => 8.minutes do
       user = sign_in_as_user

data/test/integration/token_authenticatable_test.rb CHANGED

@@ -18,8 +18,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
       sign_in_as_new_user_with_token(:http_auth => true)
       assert_response :success
-      assert_template 'users/index'
-      assert_contain 'Welcome'
+      assert_match '<email>user@test.com</email>', response.body
       assert warden.authenticated?(:user)
     end
   end
@@ -78,7 +77,7 @@ class TokenAuthenticationTest < ActionController::IntegrationTest
       if options[:http_auth]
         header = "Basic #{ActiveSupport::Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
-        get users_path, {}, "HTTP_AUTHORIZATION" => header
+        get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
       else
         visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
       end

data/test/mailers/confirmation_instructions_test.rb CHANGED

@@ -36,13 +36,13 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   end
   test 'setup subject from I18n' do
-    store_translations :en, :devise => { :mailer => { :confirmation_instructions => 'Account Confirmation' } } do
+    store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :subject => 'Account Confirmation' } } } do
       assert_equal 'Account Confirmation', mail.subject
     end
   end
   test 'subject namespaced by model' do
-    store_translations :en, :devise => { :mailer => { :user => { :confirmation_instructions => 'User Account Confirmation' } } } do
+    store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :user_subject => 'User Account Confirmation' } } } do
       assert_equal 'User Account Confirmation', mail.subject
     end
   end

data/test/mailers/reset_password_instructions_test.rb CHANGED

@@ -39,13 +39,13 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
   end
   test 'setup subject from I18n' do
-    store_translations :en, :devise => { :mailer => { :reset_password_instructions => 'Reset instructions' } } do
+    store_translations :en, :devise => { :mailer => { :reset_password_instructions => { :subject => 'Reset instructions' } } } do
       assert_equal 'Reset instructions', mail.subject
     end
   end
   test 'subject namespaced by model' do
-    store_translations :en, :devise => { :mailer => { :user => { :reset_password_instructions => 'User Reset Instructions' } } } do
+    store_translations :en, :devise => { :mailer => { :reset_password_instructions => { :user_subject => 'User Reset Instructions' } } } do
       assert_equal 'User Reset Instructions', mail.subject
     end
   end

data/test/mailers/unlock_instructions_test.rb CHANGED

@@ -39,13 +39,13 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   end
   test 'setup subject from I18n' do
-    store_translations :en, :devise => { :mailer => { :unlock_instructions => 'Unlock instructions' } } do
-      assert_equal 'Unlock instructions', mail.subject
+    store_translations :en, :devise => { :mailer => { :unlock_instructions =>  { :subject => 'Yo unlock instructions' } } } do
+      assert_equal 'Yo unlock instructions', mail.subject
     end
   end
   test 'subject namespaced by model' do
-    store_translations :en, :devise => { :mailer => { :user => { :unlock_instructions => 'User Unlock Instructions' } } } do
+    store_translations :en, :devise => { :mailer => { :unlock_instructions => { :user_subject => 'User Unlock Instructions' } } } do
       assert_equal 'User Unlock Instructions', mail.subject
     end
   end

data/test/models/confirmable_test.rb CHANGED

@@ -127,6 +127,14 @@ class ConfirmableTest < ActiveSupport::TestCase
       User.send_confirmation_instructions(:email => user.email)
     end
   end
+  test 'should always have confirmation token when email is sent' do
+    user = new_user
+    user.instance_eval { def confirmation_required?; false end }
+    user.save
+    user.send_confirmation_instructions
+    assert_not_nil user.confirmation_token
+  end
   test 'should not resend email instructions if the user change his email' do
     user = create_user
@@ -202,4 +210,12 @@ class ConfirmableTest < ActiveSupport::TestCase
     user.save
     assert_not user.reload.active?
   end
+  test 'should be active without confirmation when confirmation is not required' do
+    user = create_user
+    user.instance_eval { def confirmation_required?; false end }
+    user.confirmation_sent_at = nil
+    user.save
+    assert user.reload.active?
+  end
 end

data/test/models/database_authenticatable_test.rb CHANGED

@@ -3,10 +3,22 @@ require 'digest/sha1'
 class DatabaseAuthenticatableTest < ActiveSupport::TestCase
-  def encrypt_password(user, pepper=User.pepper, stretches=User.stretches, encryptor=::Devise::Encryptors::Sha1)
+  def encrypt_password(user, pepper=User.pepper, stretches=User.stretches, encryptor=User.encryptor_class)
     encryptor.digest('123456', stretches, user.password_salt, pepper)
   end
+  def swap_with_encryptor(klass, encryptor, options={})
+    klass.instance_variable_set(:@encryptor_class, nil)
+    swap klass, options.merge(:encryptor => encryptor) do
+      begin
+        yield
+      ensure
+        klass.instance_variable_set(:@encryptor_class, nil)
+      end
+    end
+  end
   test 'should respond to password and password confirmation' do
     user = new_user
     assert user.respond_to?(:password)
@@ -28,8 +40,10 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
   test 'should generate a base64 hash using SecureRandom for password salt' do
-    ActiveSupport::SecureRandom.expects(:base64).with(15).returns('friendly_token')
-    assert_equal 'friendly_token', new_user.password_salt
+    swap_with_encryptor User, :sha1 do
+      ActiveSupport::SecureRandom.expects(:base64).with(15).returns('friendly_token')
+      assert_equal 'friendly_token', new_user.password_salt
+    end
   end
   test 'should not generate salt if password is blank' do
@@ -71,24 +85,10 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     end
   end
-  test 'should fallback to devise stretches default configuration' do
-    swap Devise, :stretches => 1 do
-      user = new_user
-      assert_equal encrypt_password(user, nil, 1), user.encrypted_password
-      assert_not_equal encrypt_password(user, nil, 2), user.encrypted_password
-    end
-  end
   test 'should respect encryptor configuration' do
-    User.instance_variable_set(:@encryptor_class, nil)
-    swap Devise, :encryptor => :sha512 do
-      begin
-        user = create_user
-        assert_equal user.encrypted_password, encrypt_password(user, User.pepper, User.stretches, ::Devise::Encryptors::Sha512)
-      ensure
-        User.instance_variable_set(:@encryptor_class, nil)
-      end
+    swap_with_encryptor User, :sha512 do
+      user = create_user
+      assert_equal user.encrypted_password, encrypt_password(user, User.pepper, User.stretches, ::Devise::Encryptors::Sha512)
     end
   end

data/test/models/lockable_test.rb CHANGED

@@ -64,7 +64,7 @@ class LockableTest < ActiveSupport::TestCase
     user.unlock_access!
     assert_nil user.reload.locked_at
     assert_nil user.reload.unlock_token
-    assert 0, user.reload.failed_attempts
+    assert_equal 0, user.reload.failed_attempts
   end
   test 'should not unlock an unlocked user' do

data/test/models/rememberable_test.rb CHANGED

@@ -18,19 +18,19 @@ class RememberableTest < ActiveSupport::TestCase
   test 'forget_me should clear remember token and save the record without validating' do
     user = create_user
     user.remember_me!
-    assert user.remember_token?
+    assert_not user.remember_token.nil?
     user.expects(:valid?).never
     user.forget_me!
-    assert_not user.remember_token?
+    assert user.remember_token.nil?
     assert_not user.changed?
   end
   test 'forget_me should clear remember_created_at' do
     user = create_user
     user.remember_me!
-    assert user.remember_created_at?
+    assert_not user.remember_created_at.nil?
     user.forget_me!
-    assert_not user.remember_created_at?
+    assert user.remember_created_at.nil?
   end
   test 'forget should do nothing if no remember token exists' do

data/test/orm/data_mapper.rb CHANGED

@@ -1 +1,10 @@
+require 'rails/test_help'
 DataMapper.auto_migrate!
+class ActiveSupport::TestCase
+  setup do
+    User.all.destroy!
+    Admin.all.destroy!
+  end
+end

data/test/rails_app/app/active_record/shim.rb ADDED

	@@ -0,0 +1,2 @@
1	+ module Shim
2	+ end

data/test/rails_app/app/controllers/application_controller.rb CHANGED

@@ -5,4 +5,5 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
   before_filter :current_user
+  before_filter :authenticate_user!, :if => :devise_controller?
 end

data/test/rails_app/app/controllers/home_controller.rb CHANGED

@@ -1,4 +1,7 @@
 class HomeController < ApplicationController
   def index
   end
+  def private
+  end
 end

data/test/rails_app/app/controllers/users_controller.rb CHANGED

@@ -1,8 +1,10 @@
 class UsersController < ApplicationController
   before_filter :authenticate_user!
+  respond_to :html, :xml
   def index
     user_session[:cart] = "Cart"
+    respond_with(current_user)
   end
   def expire

data/test/rails_app/app/data_mapper/shim.rb ADDED

	@@ -0,0 +1,2 @@
1	+ module Shim
2	+ end

data/test/rails_app/app/data_mapper/user.rb CHANGED

@@ -1,6 +1,9 @@
 class User
   include DataMapper::Resource
+  extend  Devise::Orm::DataMapper::Schema
+  include Devise::Orm::DataMapper::Compatibility
   property :id, Serial
   property :username, String
@@ -10,10 +13,6 @@ class User
   timestamps :at
-  def save!(*args)
-    save
-  end
   def self.create!(*args)
     create(*args)
   end

data/test/rails_app/app/mongoid/admin.rb CHANGED

@@ -1,15 +1,6 @@
 class Admin
   include Mongoid::Document
+  include Shim
   devise :database_authenticatable, :timeoutable, :registerable, :recoverable
-  def self.last(options={})
-    options.delete(:order) if options[:order] == "id"
-    super options
-  end
-  # overwrite equality (because some devise tests use this for asserting model equality)
-  def ==(other)
-    other.is_a?(self.class) && _id == other._id
-  end
 end

data/test/rails_app/app/mongoid/shim.rb ADDED

@@ -0,0 +1,16 @@
+module Shim
+  extend ::ActiveSupport::Concern
+  include ::Mongoid::Timestamps
+  module ClassMethods
+    def last(options={})
+      options.delete(:order) if options[:order] == "id"
+      super(options)
+    end
+  end
+  # overwrite equality (because some devise tests use this for asserting model equality)
+  def ==(other)
+    other.is_a?(self.class) && _id == other._id
+  end
+end

data/test/rails_app/app/mongoid/user.rb CHANGED

@@ -1,21 +1,10 @@
 class User
   include Mongoid::Document
+  include Shim
   field :created_at, :type => DateTime
   devise :database_authenticatable, :confirmable, :lockable, :recoverable,
          :registerable, :rememberable, :timeoutable, :token_authenticatable,
          :trackable, :validatable
-  # attr_accessible :username, :email, :password, :password_confirmation
-  def self.last(options={})
-    options.delete(:order) if options[:order] == "id"
-    super options
-  end
-  # overwrite equality (because some devise tests use this for asserting model equality)
-  def ==(other)
-    other.is_a?(self.class) && _id == other._id
-  end
 end