devise 1.1.rc2 → 1.1.0

data/lib/devise/rails/warden_compat.rb

@@ -15,11 +15,25 @@ end
 
 class Warden::SessionSerializer
   def serialize(record)
-    [record.class, record.id]
+    [record.class.name, record.id]
   end
 
   def deserialize(keys)
     klass, id = keys
-    klass.find(:first, :conditions => { :id => id })
+
+    if klass.is_a?(Class)
+      raise "Devise changed how it stores objects in session. If you are seeing this message, " <<
+        "you can fix it by changing one character in your cookie secret, forcing all previous " <<
+        "cookies to expire, or cleaning up your database sessions if you are using a db store."
+    end
+
+    klass.constantize.find(:first, :conditions => { :id => id })
+  rescue NameError => e
+    if e.message =~ /uninitialized constant/
+      Rails.logger.debug "Trying to deserialize invalid class #{klass}"
+      nil
+    else
+      raise
+    end
   end
 end

data/lib/devise/strategies/authenticatable.rb

@@ -14,6 +14,18 @@ module Devise
 
     private
 
+      # Simply invokes valid_for_authentication? with the given block and deal with the result.
+      def validate(resource, &block)
+        result = resource && resource.valid_for_authentication?(&block)
+
+        case result
+        when Symbol, String
+          fail!(result)
+        else
+          result
+        end
+      end
+
       # Check if this is strategy is valid for http authentication by:
       #
       #   * Validating if the model allows params authentication;

data/lib/devise/strategies/base.rb

@@ -10,24 +10,6 @@ module Devise
           mapping
         end
       end
-
-    protected
-
-      def succeeded?
-        @result == :success
-      end
-
-      # Simply invokes valid_for_authentication? with the given block and deal with the result.
-      def validate(resource, &block)
-        result = resource && resource.valid_for_authentication?(&block)
-
-        case result
-        when Symbol, String
-          fail!(result)
-        else
-          result
-        end 
-      end
     end
   end
 end

data/lib/devise/strategies/rememberable.rb

@@ -6,7 +6,7 @@ module Devise
     # to verify whether there is a cookie with the remember token, and to
     # recreate the user from this cookie if it exists. Must be called *before*
     # authenticatable.
-    class Rememberable < Devise::Strategies::Base
+    class Rememberable < Authenticatable
       # A valid strategy for rememberable needs a remember token in the cookies.
       def valid?
         remember_cookie.present?
@@ -28,10 +28,18 @@ module Devise
 
     private
 
+      def remember_me?
+        true
+      end
+
       def remember_key
         "remember_#{scope}_token"
       end
 
+      def extend_remember_period?
+        mapping.to.extend_remember_period
+      end
+
       # Accessor for remember cookie
       def remember_cookie
         @remember_cookie ||= cookies.signed[remember_key]

data/lib/devise/test_helpers.rb

@@ -42,6 +42,8 @@ module Devise
           status, headers, body = Devise::FailureApp.call(env).to_a
           @controller.send :render, :status => status, :text => body,
             :content_type => headers["Content-Type"], :location => headers["Location"]
+
+          nil
         else
           result
         end

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.1.rc2".freeze
+  VERSION = "1.1.0".freeze
 end

data/lib/generators/active_record/devise_generator.rb

@@ -0,0 +1,28 @@
+require 'rails/generators/active_record'
+require 'generators/devise/orm_helpers'
+
+module ActiveRecord
+  module Generators
+    class DeviseGenerator < ActiveRecord::Generators::Base
+      argument :attributes, :type => :array, :default => [], :banner => "field:type field:type"
+
+      include Devise::Generators::OrmHelpers
+      source_root File.expand_path("../templates", __FILE__)
+
+      def generate_model
+        invoke "active_record:model", [name], :migration => false unless model_exists?
+      end
+
+      def copy_devise_migration
+        migration_template "migration.rb", "db/migrate/devise_create_#{table_name}"
+      end
+
+      def inject_devise_content
+        inject_into_class model_path, class_name, model_contents + <<-CONTENT
+  # Setup accessible (or protected) attributes for your model
+  attr_accessible :email, :password, :password_confirmation, :remember_me
+CONTENT
+      end
+    end
+  end
+end

data/lib/generators/{devise/devise → active_record}/templates/migration.rb

@@ -10,6 +10,10 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
       # t.lockable :lock_strategy => :<%= Devise.lock_strategy %>, :unlock_strategy => :<%= Devise.unlock_strategy %>
       # t.token_authenticatable
 
+<% for attribute in attributes -%>
+      t.<%= attribute.type %> :<%= attribute.name %>
+<% end -%>
+
       t.timestamps
     end
 

data/lib/generators/devise/devise_generator.rb

@@ -0,0 +1,17 @@
+module Devise
+  module Generators
+    class DeviseGenerator < Rails::Generators::NamedBase
+      namespace "devise"
+      source_root File.expand_path("../templates", __FILE__)
+
+      desc "Generates a model with the given NAME (if one does not exist) with devise " <<
+           "configuration plus a migration file and devise routes."
+
+      hook_for :orm
+
+      def add_devise_routes
+        route "devise_for :#{table_name}"
+      end
+    end
+  end
+end

data/lib/generators/devise/{install/install_generator.rb → install_generator.rb}

@@ -13,7 +13,7 @@ module Devise
       end
 
       def copy_locale
-        copy_file "../../../../../config/locales/en.yml", "config/locales/devise.en.yml"
+        copy_file "../../../../config/locales/en.yml", "config/locales/devise.en.yml"
       end
 
       def show_readme

data/lib/generators/devise/orm_helpers.rb

@@ -0,0 +1,23 @@
+module Devise
+  module Generators
+    module OrmHelpers
+      def model_contents
+<<-CONTENT
+  # Include default devise modules. Others available are:
+  # :token_authenticatable, :confirmable, :lockable and :timeoutable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable
+
+CONTENT
+      end
+
+      def model_exists?
+        File.exists?(File.join(destination_root, model_path))
+      end
+
+      def model_path
+        @model_path ||= File.join("app", "models", "#{file_path}.rb")
+      end
+    end
+  end
+end

data/lib/generators/devise/{install/templates → templates}/devise.rb

@@ -9,8 +9,9 @@ Devise.setup do |config|
   # config.mailer = "Devise::Mailer"
 
   # ==> ORM configuration
-  # Load and configure the ORM. Supports :active_record (default), :mongoid
-  # (bson_ext recommended) and :data_mapper (experimental).
+  # Load and configure the ORM. Supports :active_record (default) and
+  # :mongoid (bson_ext recommended) by default. Other ORMs may be
+  # available as additional gems.
   require 'devise/orm/<%= options[:orm] %>'
 
   # ==> Configuration for any authentication mechanism
@@ -27,6 +28,9 @@ Devise.setup do |config|
   # Tell if authentication through HTTP Basic Auth is enabled. True by default.
   # config.http_authenticatable = true
 
+  # Set this to true to use Basic Auth for AJAX requests.  True by default.
+  # config.http_authenticatable_on_xhr = true
+
   # The realm used in Http Basic Authentication
   # config.http_authentication_realm = "Application"
 
@@ -57,6 +61,12 @@ Devise.setup do |config|
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
 
+  # If true, a valid remember token can be re-used between multiple browsers.
+  # config.remember_across_browsers = true
+
+  # If true, extends the user's remember period when remembered via cookie.
+  # config.extend_remember_period = false
+
   # ==> Configuration for :validatable
   # Range for password length
   # config.password_length = 6..20
@@ -95,22 +105,19 @@ Devise.setup do |config|
 
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
-  # "sessions/users/new". It's turned off by default because it's slower if you
+  # "users/sessions/new". It's turned off by default because it's slower if you
   # are using only default views.
   # config.scoped_views = true
 
-  # By default, devise detects the role accessed based on the url. So whenever
-  # accessing "/users/sign_in", it knows you are accessing an User. This makes
-  # routes as "/sign_in" not possible, unless you tell Devise to use the default
-  # scope, setting true below.
-  # Note that devise does not generate default routes. You also have to
-  # specify them in config/routes.rb
-  # config.use_default_scope = true
-
-  # Configure the default scope used by Devise. By default it's the first devise
-  # role declared in your routes.
+  # Configure the default scope given to Warden. By default it's the first
+  # devise role declared in your routes.
   # config.default_scope = :user
 
+  # Configure sign_out behavior. 
+  # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
+  # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
+  # config.sign_out_all_scopes = false
+
   # ==> Navigation configuration
   # Lists the formats that should be treated as navigational. Formats like
   # :html, should redirect to the sign in page when the user does not have

data/lib/generators/devise/{views/views_generator.rb → views_generator.rb}

@@ -1,7 +1,7 @@
 module Devise
   module Generators
     class ViewsGenerator < Rails::Generators::Base
-      source_root File.expand_path("../../../../../app/views", __FILE__)
+      source_root File.expand_path("../../../../app/views", __FILE__)
       desc "Copies all Devise views to your application."
 
       argument :scope, :required => false, :default => nil,
@@ -11,7 +11,7 @@ module Devise
                                      :desc => "Template engine for the views. Available options are 'erb' and 'haml'."
 
       def copy_views
-        case options[:template_engine]
+        case options[:template_engine].to_s
         when "haml"
           verify_haml_existence
           verify_haml_version

data/lib/generators/mongoid/devise_generator.rb

@@ -0,0 +1,17 @@
+require 'generators/devise/orm_helpers'
+
+module Mongoid
+  module Generators
+    class DeviseGenerator < Rails::Generators::NamedBase
+      include Devise::Generators::OrmHelpers
+
+      def generate_model
+        invoke "mongoid:model", [name] unless model_exists?
+      end
+
+      def inject_devise_content
+        inject_into_file model_path, model_contents, :after => "include Mongoid::Document\n"
+      end
+    end
+  end
+end

data/test/controllers/helpers_test.rb

@@ -126,6 +126,15 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.sign_out(User.new)
   end
 
+  test 'sign out everybody proxy to logout on warden' do
+    Devise.mappings.keys.each { |scope|
+      @mock_warden.expects(:user).with(scope).returns(true)
+    }
+
+    @mock_warden.expects(:logout).with(*Devise.mappings.keys).returns(true)
+    @controller.sign_out_all_scopes
+  end
+
   test 'stored location for returns the location for a given scope' do
     assert_nil @controller.stored_location_for(:user)
     @controller.session[:"user_return_to"] = "/foo.bar"

data/test/controllers/internal_helpers_test.rb

@@ -10,37 +10,28 @@ class HelpersTest < ActionController::TestCase
   def setup
     @mock_warden = OpenStruct.new
     @controller.request.env['warden'] = @mock_warden
+    @controller.request.env['devise.mapping'] = Devise.mappings[:user]
   end
 
-  test 'get resource name from request path' do
-    @request.path = '/users/session'
+  test 'get resource name from env' do
     assert_equal :user, @controller.resource_name
   end
 
-  test 'get resource name from specific request path' do
-    @request.path = '/admin_area/session'
-    assert_equal :admin, @controller.resource_name
-  end
-
-  test 'get resource class from request path' do
-    @request.path = '/users/session'
+  test 'get resource class from env' do
     assert_equal User, @controller.resource_class
   end
 
-  test 'get resource instance variable from request path' do
-    @request.path = '/admin_area/session'
-    @controller.instance_variable_set(:@admin, admin = Admin.new)
+  test 'get resource instance variable from env' do
+    @controller.instance_variable_set(:@user, admin = Admin.new)
     assert_equal admin, @controller.resource
   end
 
-  test 'set resource instance variable from request path' do
-    @request.path = '/admin_area/session'
-
+  test 'set resource instance variable from env' do
     admin = @controller.send(:resource_class).new
     @controller.send(:resource=, admin)
 
     assert_equal admin, @controller.send(:resource)
-    assert_equal admin, @controller.instance_variable_get(:@admin)
+    assert_equal admin, @controller.instance_variable_get(:@user)
   end
 
   test 'resources methods are not controller actions' do

data/test/controllers/url_helpers_test.rb

@@ -44,4 +44,15 @@ class RoutesTest < ActionController::TestCase
     assert_path_and_url :confirmation
     assert_path_and_url :confirmation, :new
   end
+
+  test 'should alias unlock to mapped user unlock' do
+    assert_path_and_url :unlock
+    assert_path_and_url :unlock, :new
+  end
+
+  test 'should alias registration to mapped user registration' do
+    assert_path_and_url :registration
+    assert_path_and_url :registration, :new
+    assert_path_and_url :registration, :edit
+  end
 end

data/test/encryptors_test.rb

@@ -23,7 +23,7 @@ class Encryptors < ActiveSupport::TestCase
     test "should have length #{value} for #{key.inspect}" do
       swap Devise, :encryptor => key do
         encryptor = Devise::Encryptors.const_get(key.to_s.classify)
-        assert_equal value, encryptor.digest('a', 4, encryptor.salt, nil).size
+        assert_equal value, encryptor.digest('a', 4, encryptor.salt(4), nil).size
       end
     end
   end

data/test/failure_app_test.rb

@@ -77,6 +77,23 @@ class FailureTest < ActiveSupport::TestCase
       assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
     end
 
+    test 'dont return WWW-authenticate on ajax call if http_authenticatable_on_xhr false' do
+      swap Devise, :http_authenticatable_on_xhr => false do
+        call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+        assert_equal 302, @response.first
+        assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+        assert_nil @response.second['WWW-Authenticate']
+      end
+    end
+
+    test 'return WWW-authenticate on ajax call if http_authenticatable_on_xhr true' do
+      swap Devise, :http_authenticatable_on_xhr => true do
+        call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+        assert_equal 401, @response.first
+        assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
+      end
+    end
+    
     test 'uses the proxy failure message as response body' do
       call_failure('formats' => :xml, 'warden' => OpenStruct.new(:message => :invalid))
       assert_match '<error>Invalid email or password.</error>', @response.third.body
@@ -88,11 +105,6 @@ class FailureTest < ActiveSupport::TestCase
         assert_equal 401, @response.first
       end
     end
-
-    test 'works for xml http requests' do
-      call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
-      assert_equal 401, @response.first
-    end
   end
 
   context 'With recall' do
@@ -100,6 +112,7 @@ class FailureTest < ActiveSupport::TestCase
       env = {
         "action_dispatch.request.parameters" => { :controller => "devise/sessions" },
         "warden.options" => { :recall => "new", :attempted_path => "/users/sign_in" },
+        "devise.mapping" => Devise.mappings[:user],
         "warden" => stub_everything
       }
       call_failure(env)