RubyGems - devise - Versions diffs - 1.1.rc2 → 1.1.0 - Mend

devise 1.1.rc2 → 1.1.0

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (77) hide show

data/CHANGELOG.rdoc +22 -2
data/Gemfile +7 -13
data/Gemfile.lock +118 -0
data/README.rdoc +15 -13
data/app/controllers/devise/unlocks_controller.rb +0 -7
data/app/mailers/devise/mailer.rb +7 -4
data/app/views/devise/confirmations/new.html.erb +1 -1
data/app/views/devise/passwords/new.html.erb +1 -1
data/app/views/devise/unlocks/new.html.erb +1 -1
data/lib/devise.rb +27 -9
data/lib/devise/controllers/helpers.rb +19 -5
data/lib/devise/controllers/internal_helpers.rb +2 -8
data/lib/devise/encryptors/base.rb +1 -1
data/lib/devise/encryptors/bcrypt.rb +2 -2
data/lib/devise/failure_app.rb +6 -2
data/lib/devise/hooks/rememberable.rb +9 -1
data/lib/devise/mapping.rb +15 -50
data/lib/devise/models/authenticatable.rb +8 -0
data/lib/devise/models/confirmable.rb +10 -6
data/lib/devise/models/database_authenticatable.rb +9 -1
data/lib/devise/models/recoverable.rb +6 -1
data/lib/devise/models/rememberable.rb +36 -7
data/lib/devise/models/token_authenticatable.rb +5 -5
data/lib/devise/models/validatable.rb +1 -1
data/lib/devise/path_checker.rb +7 -2
data/lib/devise/rails.rb +6 -1
data/lib/devise/rails/routes.rb +137 -50
data/lib/devise/rails/warden_compat.rb +16 -2
data/lib/devise/strategies/authenticatable.rb +12 -0
data/lib/devise/strategies/base.rb +0 -18
data/lib/devise/strategies/rememberable.rb +9 -1
data/lib/devise/test_helpers.rb +2 -0
data/lib/devise/version.rb +1 -1
data/lib/generators/active_record/devise_generator.rb +28 -0
data/lib/generators/{devise/devise → active_record}/templates/migration.rb +4 -0
data/lib/generators/devise/devise_generator.rb +17 -0
data/lib/generators/devise/{install/install_generator.rb → install_generator.rb} +1 -1
data/lib/generators/devise/orm_helpers.rb +23 -0
data/lib/generators/devise/{install/templates → templates}/README +0 -0
data/lib/generators/devise/{install/templates → templates}/devise.rb +20 -13
data/lib/generators/devise/{views/views_generator.rb → views_generator.rb} +2 -2
data/lib/generators/mongoid/devise_generator.rb +17 -0
data/test/controllers/helpers_test.rb +9 -0
data/test/controllers/internal_helpers_test.rb +7 -16
data/test/controllers/url_helpers_test.rb +11 -0
data/test/encryptors_test.rb +1 -1
data/test/failure_app_test.rb +18 -5
data/test/integration/authenticatable_test.rb +76 -11
data/test/integration/confirmable_test.rb +16 -9
data/test/integration/lockable_test.rb +11 -13
data/test/integration/registerable_test.rb +4 -4
data/test/integration/rememberable_test.rb +54 -1
data/test/mapping_test.rb +10 -45
data/test/models/confirmable_test.rb +1 -1
data/test/models/rememberable_test.rb +108 -0
data/test/models/validatable_test.rb +2 -4
data/test/models_test.rb +4 -4
data/test/rails_app/app/active_record/admin.rb +1 -1
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/users_controller.rb +5 -1
data/test/rails_app/app/mongoid/admin.rb +1 -1
data/test/rails_app/config/application.rb +2 -2
data/test/rails_app/config/environments/test.rb +2 -0
data/test/rails_app/config/initializers/devise.rb +95 -34
data/test/rails_app/config/routes.rb +32 -14
data/test/routes_test.rb +34 -2
data/test/support/integration.rb +22 -6
data/test/test_helpers_test.rb +16 -2
metadata +24 -27
data/lib/devise/orm/data_mapper.rb +0 -97
data/lib/generators/devise/devise/devise_generator.rb +0 -86
data/lib/generators/devise_generator.rb +0 -2
data/test/orm/data_mapper.rb +0 -10
data/test/rails_app/app/data_mapper/admin.rb +0 -12
data/test/rails_app/app/data_mapper/shim.rb +0 -2
data/test/rails_app/app/data_mapper/user.rb +0 -23

data/test/integration/authenticatable_test.rb CHANGED

@@ -1,6 +1,15 @@
 require 'test_helper'
 class AuthenticationSanityTest < ActionController::IntegrationTest
+  def setup
+    Devise.sign_out_all_scopes = false
+  end
+  def teardown
+    Devise.sign_out_all_scopes = false
+  end
   test 'home should be accessible without sign in' do
     visit '/'
     assert_response :success
@@ -29,7 +38,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
     assert warden.authenticated?(:admin)
   end
-  test 'sign out as user should not touch admin authentication' do
+  test 'sign out as user should not touch admin authentication if sign_out_all_scopes is false' do
     sign_in_as_user
     sign_in_as_admin
@@ -38,7 +47,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
     assert warden.authenticated?(:admin)
   end
-  test 'sign out as admin should not touch user authentication' do
+  test 'sign out as admin should not touch user authentication if sign_out_all_scopes is false' do
     sign_in_as_user
     sign_in_as_admin
@@ -47,6 +56,26 @@ class AuthenticationSanityTest < ActionController::IntegrationTest
     assert warden.authenticated?(:user)
   end
+  test 'sign out as user should also sign out admin if sign_out_all_scopes is true' do
+    Devise.sign_out_all_scopes = true
+    sign_in_as_user
+    sign_in_as_admin
+    get destroy_user_session_path
+    assert_not warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+  test 'sign out as admin should also sign out user if sign_out_all_scopes is true' do
+    Devise.sign_out_all_scopes = true
+    sign_in_as_user
+    sign_in_as_admin
+    get destroy_admin_session_path
+    assert_not warden.authenticated?(:admin)
+    assert_not warden.authenticated?(:user)
+  end
   test 'not signed in as admin should not be able to access admins actions' do
     get admins_path
@@ -160,7 +189,7 @@ class AuthenticationRedirectTest < ActionController::IntegrationTest
     follow_redirect!
     sign_in_as_user :visit => false
-    assert_template 'users/index'
+    assert_current_url '/users'
     assert_nil session[:"user_return_to"]
   end
@@ -176,7 +205,7 @@ class AuthenticationRedirectTest < ActionController::IntegrationTest
     follow_redirect!
     sign_in_as_user :visit => false
-    assert_template 'users/index'
+    assert_current_url '/users'
     assert_nil session[:"user_return_to"]
   end
@@ -202,7 +231,7 @@ class AuthenticationSessionTest < ActionController::IntegrationTest
     assert_redirected_to new_user_session_path
   end
-  test 'allows session to be set by a given scope' do
+  test 'allows session to be set for a given scope' do
     sign_in_as_user
     get '/users'
     assert_equal "Cart", @controller.user_session[:cart]
@@ -249,12 +278,16 @@ class AuthenticationWithScopesTest < ActionController::IntegrationTest
     end
   end
-  test 'uses the mapping from the default scope if specified' do
-    swap Devise, :use_default_scope => true do
-      get '/sign_in'
-      assert_response :ok
-      assert_contain 'Sign in'
-    end
+  test 'uses the mapping from router' do
+    sign_in_as_user :visit => "/as/sign_in"
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
+  end
+  test 'uses the mapping from nested devise_for call' do
+    sign_in_as_user :visit => "/devise_for/sign_in"
+    assert warden.authenticated?(:user)
+    assert_not warden.authenticated?(:admin)
   end
 end
@@ -276,4 +309,36 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
       get '/sign_in'
     end
   end
+  test 'sign in with script name' do
+    assert_nothing_raised do
+      get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
+      fill_in "email", "user@test.com"
+    end
+  end
+  test 'registration in xml format' do
+    assert_nothing_raised do
+      post user_registration_path(:format => 'xml', :user => {:email => "test@example.com", :password => "invalid"} )
+    end
+  end
+  test 'does not explode when invalid user class is stored in session' do
+    klass = User
+    paths = ActiveSupport::Dependencies.autoload_paths.dup
+    begin
+      sign_in_as_user
+      assert warden.authenticated?(:user)
+      Object.send :remove_const, :User
+      ActiveSupport::Dependencies.autoload_paths.clear
+      visit "/users"
+      assert_not warden.authenticated?(:user)
+    ensure
+      Object.const_set(:User, klass)
+      ActiveSupport::Dependencies.autoload_paths.replace(paths)
+    end
+  end
 end

data/test/integration/confirmable_test.rb CHANGED

@@ -16,16 +16,13 @@ class ConfirmationTest < ActionController::IntegrationTest
     fill_in 'email', :with => user.email
     click_button 'Resend confirmation instructions'
-    assert_template 'sessions/new'
+    assert_current_url '/users/sign_in'
     assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
     assert_equal 1, ActionMailer::Base.deliveries.size
   end
   test 'user with invalid confirmation token should not be able to confirm an account' do
     visit_user_confirmation_with_token('invalid_confirmation')
-    assert_response :success
-    assert_template 'confirmations/new'
     assert_have_selector '#error_explanation'
     assert_contain /Confirmation token(.*)invalid/
   end
@@ -33,26 +30,36 @@ class ConfirmationTest < ActionController::IntegrationTest
   test 'user with valid confirmation token should be able to confirm an account' do
     user = create_user(:confirm => false)
     assert_not user.confirmed?
     visit_user_confirmation_with_token(user.confirmation_token)
-    assert_template 'home/index'
     assert_contain 'Your account was successfully confirmed.'
+    assert_current_url '/'
     assert user.reload.confirmed?
   end
-  test 'user already confirmed user should not be able to confirm the account again' do
+  test 'already confirmed user should not be able to confirm the account again' do
     user = create_user(:confirm => false)
     user.confirmed_at = Time.now
     user.save
     visit_user_confirmation_with_token(user.confirmation_token)
-    assert_template 'confirmations/new'
     assert_have_selector '#error_explanation'
     assert_contain 'already confirmed'
   end
+  test 'already confirmed user should not be able to confirm the account again neither request confirmation' do
+    user = create_user(:confirm => false)
+    user.confirmed_at = Time.now
+    user.save
+    visit_user_confirmation_with_token(user.confirmation_token)
+    assert_contain 'already confirmed'
+    fill_in 'email', :with => user.email
+    click_button 'Resend confirmation instructions'
+    assert_contain 'already confirmed'
+  end
   test 'sign in user automatically after confirming it\'s email' do
     user = create_user(:confirm => false)
     visit_user_confirmation_with_token(user.confirmation_token)

data/test/integration/lockable_test.rb CHANGED

@@ -37,27 +37,25 @@ class LockTest < ActionController::IntegrationTest
   end
   test 'unlocked pages should not be available if email strategy is disabled' do
-    visit "/users/sign_in"
-    click_link "Didn't receive unlock instructions?"
-    swap Devise, :unlock_strategy => :time do
-      visit "/users/sign_in"
+    visit "/admins/sign_in"
-      assert_raise Webrat::NotFoundError do
-        click_link "Didn't receive unlock instructions?"
-      end
+    assert_raise Webrat::NotFoundError do
+      click_link "Didn't receive unlock instructions?"
+    end
-      assert_raise AbstractController::ActionNotFound do
-        visit new_user_unlock_path
-      end
+    assert_raise NameError do
+      visit new_admin_unlock_path
     end
+    visit "/admins/unlock/new"
+    assert_response :not_found
   end
   test 'user with invalid unlock token should not be able to unlock an account' do
     visit_user_unlock_with_token('invalid_token')
     assert_response :success
-    assert_template 'unlocks/new'
+    assert_current_url '/users/unlock?unlock_token=invalid_token'
     assert_have_selector '#error_explanation'
     assert_contain /Unlock token(.*)invalid/
   end
@@ -68,7 +66,7 @@ class LockTest < ActionController::IntegrationTest
     visit_user_unlock_with_token(user.unlock_token)
-    assert_template 'home/index'
+    assert_current_url '/'
     assert_contain 'Your account was successfully unlocked.'
     assert_not user.reload.access_locked?

data/test/integration/registerable_test.rb CHANGED

@@ -65,8 +65,8 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => '123456'
     click_button 'Sign up'
-    assert_template 'registrations/new'
-    assert_contain 'Email has already been taken'
+    assert_current_url '/users'
+    assert_contain(/Email .* already .* taken/)
     assert_not warden.authenticated?(:user)
   end
@@ -92,7 +92,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'current password', :with => '123456'
     click_button 'Update'
-    assert_template 'home/index'
+    assert_current_url '/'
     assert_contain 'You updated your account successfully.'
     assert_equal "user.new@email.com", User.first.email
@@ -122,7 +122,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'current password', :with => '123456'
     click_button 'Update'
-    assert_template 'home/index'
+    assert_current_url '/'
     assert_contain 'You updated your account successfully.'
     assert User.first.valid_password?('pas123')

data/test/integration/rememberable_test.rb CHANGED

@@ -3,7 +3,6 @@ require 'test_helper'
 class RememberMeTest < ActionController::IntegrationTest
   def create_user_and_remember(add_to_token='')
-    Devise.remember_for = 1
     user = create_user
     user.remember_me!
     raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token }
@@ -17,6 +16,16 @@ class RememberMeTest < ActionController::IntegrationTest
     request.cookie_jar['raw_cookie']
   end
+  def signed_cookie(key)
+    controller.send(:cookies).signed[key]
+  end
+  def cookie_expires(key)
+    cookie = response.headers["Set-Cookie"].split("\n").grep(/^#{key}/).first
+    cookie.split(";").map(&:strip).grep(/^expires=/)
+    Time.parse($')
+  end
   test 'do not remember the user if he has not checked remember me option' do
     user = sign_in_as_user
     assert_nil request.cookies["remember_user_cookie"]
@@ -47,6 +56,50 @@ class RememberMeTest < ActionController::IntegrationTest
     assert warden.user(:user) == user
   end
+  test 'does not extend remember period through sign in' do
+    swap Devise, :extend_remember_period => true, :remember_for => 1.year do
+      user = create_user
+      user.remember_me!
+      user.remember_created_at = old = 10.days.ago
+      user.save
+      sign_in_as_user :remember_me => true
+      user.reload
+      assert warden.user(:user) == user
+      assert_equal old.to_i, user.remember_created_at.to_i
+    end
+  end
+  test 'if both extend_remember_period and remember_across_browsers are true, sends the same token with a new expire date' do
+    swap Devise, :remember_across_browsers => true, :extend_remember_period => true, :remember_for => 1.year do
+      user  = create_user_and_remember
+      token = user.remember_token
+      user.remember_created_at = old = 10.minutes.ago
+      user.save!
+      get users_path
+      assert (cookie_expires("remember_user_token") - 1.year) > (old + 5.minutes)
+      assert_equal token, signed_cookie("remember_user_token").last
+    end
+  end
+  test 'if both extend_remember_period and remember_across_browsers are false, sends a new token with old expire date' do
+    swap Devise, :remember_across_browsers => false, :extend_remember_period => false, :remember_for => 1.year do
+      user  = create_user_and_remember
+      token = user.remember_token
+      user.remember_created_at = old = 10.minutes.ago
+      user.save!
+      get users_path
+      assert (cookie_expires("remember_user_token") - 1.year) < (old + 5.minutes)
+      assert_not_equal token, signed_cookie("remember_user_token").last
+    end
+  end
   test 'do not remember other scopes' do
     user = create_user_and_remember
     get root_path

data/test/mapping_test.rb CHANGED

@@ -1,6 +1,12 @@
 require 'test_helper'
+class FakeRequest < Struct.new(:path_info, :params)
+end
 class MappingTest < ActiveSupport::TestCase
+  def fake_request(path, params={})
+    FakeRequest.new(path, params)
+  end
   test 'store options' do
     mapping = Devise.mappings[:user]
@@ -8,27 +14,15 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal User.devise_modules, mapping.modules
     assert_equal :users,              mapping.plural
     assert_equal :user,               mapping.singular
-    assert_equal :users,              mapping.path
+    assert_equal "users",             mapping.path
   end
   test 'allows path to be given' do
-    assert_equal :admin_area, Devise.mappings[:admin].path
+    assert_equal "admin_area", Devise.mappings[:admin].path
   end
   test 'allows custom singular to be given' do
-    assert_equal :accounts, Devise.mappings[:manager].path
-  end
-  test 'allows a controller depending on the mapping' do
-    allowed = Devise.mappings[:user].allowed_controllers
-    assert allowed.include?("devise/sessions")
-    assert allowed.include?("devise/confirmations")
-    assert allowed.include?("devise/passwords")
-    allowed = Devise.mappings[:admin].allowed_controllers
-    assert allowed.include?("sessions")
-    assert_not allowed.include?("devise/confirmations")
-    assert_not allowed.include?("devise/unlocks")
+    assert_equal "accounts", Devise.mappings[:manager].path
   end
   test 'has strategies depending on the model declaration' do
@@ -36,15 +30,6 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal [:database_authenticatable], Devise.mappings[:admin].strategies
   end
-  test 'find mapping by path' do
-    assert_nil   Devise::Mapping.find_by_path("/foo/bar")
-    assert_equal Devise.mappings[:user], Devise::Mapping.find_by_path("/users/session")
-  end
-  test 'find mapping by customized path' do
-    assert_equal Devise.mappings[:admin], Devise::Mapping.find_by_path("/admin_area/session")
-  end
   test 'find scope for a given object' do
     assert_equal :user, Devise::Mapping.find_scope!(User)
     assert_equal :user, Devise::Mapping.find_scope!(:user)
@@ -82,26 +67,6 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal 'unblock',      mapping.path_names[:unlock]
   end
-  test 'has an empty path as default path prefix' do
-    mapping = Devise.mappings[:user]
-    assert_equal '/', mapping.path_prefix
-  end
-  test 'allow path prefix to be configured' do
-    mapping = Devise.mappings[:manager]
-    assert_equal '/:locale/', mapping.path_prefix
-  end
-  test 'retrieve as from the proper position' do
-    assert_equal 1, Devise.mappings[:user].segment_position
-    assert_equal 2, Devise.mappings[:manager].segment_position
-  end
-  test 'path is returned with path prefix and as' do
-    assert_equal '/users', Devise.mappings[:user].full_path
-    assert_equal '/:locale/accounts', Devise.mappings[:manager].full_path
-  end
   test 'magic predicates' do
     mapping = Devise.mappings[:user]
     assert mapping.authenticatable?
@@ -113,8 +78,8 @@ class MappingTest < ActiveSupport::TestCase
     mapping = Devise.mappings[:admin]
     assert mapping.authenticatable?
     assert mapping.recoverable?
+    assert mapping.lockable?
     assert_not mapping.confirmable?
-    assert_not mapping.lockable?
     assert_not mapping.rememberable?
   end
 end