RubyGems - devise - Versions diffs - 1.1.rc2 → 1.1.0 - Mend

devise 1.1.rc2 → 1.1.0

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (77) hide show

data/CHANGELOG.rdoc +22 -2
data/Gemfile +7 -13
data/Gemfile.lock +118 -0
data/README.rdoc +15 -13
data/app/controllers/devise/unlocks_controller.rb +0 -7
data/app/mailers/devise/mailer.rb +7 -4
data/app/views/devise/confirmations/new.html.erb +1 -1
data/app/views/devise/passwords/new.html.erb +1 -1
data/app/views/devise/unlocks/new.html.erb +1 -1
data/lib/devise.rb +27 -9
data/lib/devise/controllers/helpers.rb +19 -5
data/lib/devise/controllers/internal_helpers.rb +2 -8
data/lib/devise/encryptors/base.rb +1 -1
data/lib/devise/encryptors/bcrypt.rb +2 -2
data/lib/devise/failure_app.rb +6 -2
data/lib/devise/hooks/rememberable.rb +9 -1
data/lib/devise/mapping.rb +15 -50
data/lib/devise/models/authenticatable.rb +8 -0
data/lib/devise/models/confirmable.rb +10 -6
data/lib/devise/models/database_authenticatable.rb +9 -1
data/lib/devise/models/recoverable.rb +6 -1
data/lib/devise/models/rememberable.rb +36 -7
data/lib/devise/models/token_authenticatable.rb +5 -5
data/lib/devise/models/validatable.rb +1 -1
data/lib/devise/path_checker.rb +7 -2
data/lib/devise/rails.rb +6 -1
data/lib/devise/rails/routes.rb +137 -50
data/lib/devise/rails/warden_compat.rb +16 -2
data/lib/devise/strategies/authenticatable.rb +12 -0
data/lib/devise/strategies/base.rb +0 -18
data/lib/devise/strategies/rememberable.rb +9 -1
data/lib/devise/test_helpers.rb +2 -0
data/lib/devise/version.rb +1 -1
data/lib/generators/active_record/devise_generator.rb +28 -0
data/lib/generators/{devise/devise → active_record}/templates/migration.rb +4 -0
data/lib/generators/devise/devise_generator.rb +17 -0
data/lib/generators/devise/{install/install_generator.rb → install_generator.rb} +1 -1
data/lib/generators/devise/orm_helpers.rb +23 -0
data/lib/generators/devise/{install/templates → templates}/README +0 -0
data/lib/generators/devise/{install/templates → templates}/devise.rb +20 -13
data/lib/generators/devise/{views/views_generator.rb → views_generator.rb} +2 -2
data/lib/generators/mongoid/devise_generator.rb +17 -0
data/test/controllers/helpers_test.rb +9 -0
data/test/controllers/internal_helpers_test.rb +7 -16
data/test/controllers/url_helpers_test.rb +11 -0
data/test/encryptors_test.rb +1 -1
data/test/failure_app_test.rb +18 -5
data/test/integration/authenticatable_test.rb +76 -11
data/test/integration/confirmable_test.rb +16 -9
data/test/integration/lockable_test.rb +11 -13
data/test/integration/registerable_test.rb +4 -4
data/test/integration/rememberable_test.rb +54 -1
data/test/mapping_test.rb +10 -45
data/test/models/confirmable_test.rb +1 -1
data/test/models/rememberable_test.rb +108 -0
data/test/models/validatable_test.rb +2 -4
data/test/models_test.rb +4 -4
data/test/rails_app/app/active_record/admin.rb +1 -1
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/users_controller.rb +5 -1
data/test/rails_app/app/mongoid/admin.rb +1 -1
data/test/rails_app/config/application.rb +2 -2
data/test/rails_app/config/environments/test.rb +2 -0
data/test/rails_app/config/initializers/devise.rb +95 -34
data/test/rails_app/config/routes.rb +32 -14
data/test/routes_test.rb +34 -2
data/test/support/integration.rb +22 -6
data/test/test_helpers_test.rb +16 -2
metadata +24 -27
data/lib/devise/orm/data_mapper.rb +0 -97
data/lib/generators/devise/devise/devise_generator.rb +0 -86
data/lib/generators/devise_generator.rb +0 -2
data/test/orm/data_mapper.rb +0 -10
data/test/rails_app/app/data_mapper/admin.rb +0 -12
data/test/rails_app/app/data_mapper/shim.rb +0 -2
data/test/rails_app/app/data_mapper/user.rb +0 -23

data/test/models/confirmable_test.rb CHANGED

@@ -133,7 +133,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user.instance_eval { def confirmation_required?; false end }
     user.save
     user.send_confirmation_instructions
-    assert_not_nil user.confirmation_token
+    assert_not_nil user.reload.confirmation_token
   end
   test 'should not resend email instructions if the user change his email' do

data/test/models/rememberable_test.rb CHANGED

@@ -107,4 +107,112 @@ class RememberableTest < ActiveSupport::TestCase
       assert_not user.remember_expired?
     end
   end
+  test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do
+    swap Devise, :remember_for => 5.minutes do
+      user = create_user
+      user.remember_me!(false)
+      assert user.remember_created_at
+      user.remember_created_at = old = 10.minutes.ago
+      user.save
+      user.remember_me!(false)
+      assert_not_equal old.to_i, user.remember_created_at.to_i
+    end
+  end
+  test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do
+    swap Devise, :remember_for => 1.year do
+      user = create_user
+      user.remember_me!(false)
+      assert user.remember_created_at
+      user.remember_created_at = old = 10.minutes.ago.utc
+      user.save
+      user.remember_me!(false)
+      assert_equal old.to_i, user.remember_created_at.to_i
+    end
+  end
+  test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do
+    swap Devise, :remember_for => 1.year do
+      user = create_user
+      user.remember_me!(true)
+      assert user.remember_created_at
+      user.remember_created_at = old = 10.minutes.ago
+      user.save
+      user.remember_me!(true)
+      assert_not_equal old, user.remember_created_at
+    end
+  end
+  test 'if remember_across_browsers is true, remember_me! should create a new token if no token exists' do
+    swap Devise, :remember_across_browsers => true, :remember_for => 1.year do
+      user = create_user
+      assert_equal nil, user.remember_token
+      user.remember_me!
+      assert_not_equal nil, user.remember_token
+    end
+  end
+  test 'if remember_across_browsers is true, remember_me! should create a new token if a token exists but has expired' do
+    swap Devise, :remember_across_browsers => true, :remember_for => 1.day do
+      user = create_user
+      user.remember_me!
+      user.remember_created_at = 2.days.ago
+      user.save
+      token = user.remember_token
+      user.remember_me!
+      assert_not_equal token, user.remember_token
+    end
+  end
+  test 'if remember_across_browsers is true, remember_me! should not create a new token if a token exists and has not expired' do
+    swap Devise, :remember_across_browsers => true, :remember_for => 2.days do
+      user = create_user
+      user.remember_me!
+      user.remember_created_at = 1.day.ago
+      user.save
+      token = user.remember_token
+      user.remember_me!
+      assert_equal token, user.remember_token
+    end
+  end
+  test 'if remember_across_browsers is false, remember_me! should create a new token if no token exists' do
+    swap Devise, :remember_across_browsers => false do
+      user = create_user
+      assert_equal nil, user.remember_token
+      user.remember_me!
+      assert_not_equal nil, user.remember_token
+    end
+  end
+  test 'if remember_across_browsers is false, remember_me! should create a new token if a token exists but has expired' do
+    swap Devise, :remember_across_browsers => false, :remember_for => 1.day do
+      user = create_user
+      user.remember_me!
+      user.remember_created_at = 2.days.ago
+      user.save
+      token = user.remember_token
+      user.remember_me!
+      assert_not_equal token, user.remember_token
+    end
+  end
+  test 'if remember_across_browsers is false, remember_me! should create a new token if a token exists and has not expired' do
+    swap Devise, :remember_across_browsers => false, :remember_for => 2.days do
+      user = create_user
+      user.remember_me!
+      user.remember_created_at = 1.day.ago
+      user.save
+      token = user.remember_token
+      user.remember_me!
+      assert_not_equal token, user.remember_token
+    end
+  end
 end

data/test/models/validatable_test.rb CHANGED

@@ -1,8 +1,6 @@
 require 'test_helper'
 class ValidatableTest < ActiveSupport::TestCase
-  extend Devise::TestSilencer if [:mongoid, :data_mapper].include?(DEVISE_ORM)
   test 'should require email to be set' do
     user = new_user(:email => nil)
     assert user.invalid?
@@ -15,11 +13,11 @@ class ValidatableTest < ActiveSupport::TestCase
     user = new_user(:email => '')
     assert user.invalid?
-    assert_not_equal 'has already been taken', user.errors[:email].join
+    assert_no_match(/taken/, user.errors[:email].join)
     user.email = existing_user.email
     assert user.invalid?
-    assert_equal 'has already been taken', user.errors[:email].join
+    assert_match(/taken/, user.errors[:email].join)
   end
   test 'should require correct email format, allowing blank' do

data/test/models_test.rb CHANGED

@@ -26,16 +26,16 @@ class ActiveRecordTest < ActiveSupport::TestCase
   end
   test 'can cherry pick modules' do
-    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable
+    assert_include_modules Admin, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable
   end
   test 'chosen modules are inheritable' do
-    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable
+    assert_include_modules Inheritable, :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable
   end
   test 'order of module inclusion' do
-    correct_module_order   = [:database_authenticatable, :recoverable, :registerable, :timeoutable]
-    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable]
+    correct_module_order   = [:database_authenticatable, :recoverable, :registerable, :lockable, :timeoutable]
+    incorrect_module_order = [:database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable]
     assert_include_modules Admin, *incorrect_module_order

data/test/rails_app/app/active_record/admin.rb CHANGED

@@ -1,3 +1,3 @@
 class Admin < ActiveRecord::Base
-  devise :database_authenticatable, :registerable, :timeoutable, :recoverable
+  devise :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :unlock_strategy => :time
 end

data/test/rails_app/app/controllers/publisher/registrations_controller.rb ADDED

	@@ -0,0 +1,2 @@
1	+ class Publisher::RegistrationsController < ApplicationController
2	+ end

data/test/rails_app/app/controllers/publisher/sessions_controller.rb ADDED

	@@ -0,0 +1,2 @@
1	+ class Publisher::SessionsController < ApplicationController
2	+ end

data/test/rails_app/app/controllers/users_controller.rb CHANGED

@@ -1,5 +1,5 @@
 class UsersController < ApplicationController
-  before_filter :authenticate_user!
+  before_filter :authenticate_user!, :except => :accept
   respond_to :html, :xml
   def index
@@ -7,6 +7,10 @@ class UsersController < ApplicationController
     respond_with(current_user)
   end
+  def accept
+    @current_user = current_user
+  end
   def expire
     user_session['last_request_at'] = 31.minutes.ago.utc
     render :text => 'User will be expired on next request'

data/test/rails_app/app/mongoid/admin.rb CHANGED

@@ -2,5 +2,5 @@ class Admin
   include Mongoid::Document
   include Shim
-  devise :database_authenticatable, :timeoutable, :registerable, :recoverable
+  devise :database_authenticatable, :timeoutable, :registerable, :recoverable, :lockable, :unlock_strategy => :time
 end

data/test/rails_app/config/application.rb CHANGED

@@ -17,8 +17,8 @@ require "devise"
 module RailsApp
   class Application < Rails::Application
     # Add additional load paths for your own custom dirs
-    config.load_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers views).include?($1) }
-    config.load_paths += [ "#{config.root}/app/#{DEVISE_ORM}" ]
+    config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers views).include?($1) }
+    config.autoload_paths += [ "#{config.root}/app/#{DEVISE_ORM}" ]
     # Configure generators values. Many other options are available, be sure to check the documentation.
     # config.generators do |g|

data/test/rails_app/config/environments/test.rb CHANGED

@@ -28,4 +28,6 @@ RailsApp::Application.configure do
   # config.active_record.schema_format = :sql
   config.action_dispatch.show_exceptions = false
+  config.active_support.deprecation = :stderr
 end

data/test/rails_app/config/initializers/devise.rb CHANGED

@@ -1,20 +1,20 @@
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
-  # Invoke `rake secret` and use the printed value to setup a pepper to generate
-  # the encrypted password. By default no pepper is used.
-  # config.pepper = "rake secret output"
+  # ==> Mailer Configuration
+  # Configure the e-mail address which will be shown in DeviseMailer.
+  config.mailer_sender = "please-change-me@config-initializers-devise.com"
-  # Configure how many times you want the password re-encrypted. Default is 10.
-  # config.stretches = 10
+  # Configure the class responsible to send e-mails.
+  # config.mailer = "Devise::Mailer"
-  # Define which will be the encryption algorithm. Supported algorithms are :sha1
-  # (default) and :sha512. Devise also supports encryptors from others authentication
-  # frameworks as :clearance_sha1, :authlogic_sha512 (then you should set stretches
-  # above to 20 for default behavior) and :restful_authentication_sha1 (then you
-  # should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
-  # config.encryptor = :sha1
+  # ==> ORM configuration
+  # Load and configure the ORM. Supports :active_record (default) and
+  # :mongoid (bson_ext recommended) by default. Other ORMs may be
+  # available as additional gems.
+  require "devise/orm/#{DEVISE_ORM}"
+  # ==> Configuration for any authentication mechanism
   # Configure which keys are used when authenticating an user. By default is
   # just :email. You can configure it to use [:username, :subdomain], so for
   # authenticating an user, both parameters are required. Remember that those
@@ -22,40 +22,108 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # config.authentication_keys = [ :email ]
-  # The time you want give to your user to confirm his account. During this time
+  # Tell if authentication through request.params is enabled. True by default.
+  # config.params_authenticatable = true
+  # Tell if authentication through HTTP Basic Auth is enabled. True by default.
+  # config.http_authenticatable = true
+  # The realm used in Http Basic Authentication
+  # config.http_authentication_realm = "Application"
+  # ==> Configuration for :database_authenticatable
+  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+  # using other encryptors, it sets how many times you want the password re-encrypted.
+  config.stretches = 10
+  # Define which will be the encryption algorithm. Devise also supports encryptors
+  # from others authentication tools as :clearance_sha1, :authlogic_sha512 (then
+  # you should set stretches above to 20 for default behavior) and :restful_authentication_sha1
+  # (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
+  config.encryptor = :bcrypt
+  # Setup a pepper to generate the encrypted password.
+  config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
+  # ==> Configuration for :confirmable
+  # The time you want to give your user to confirm his account. During this time
   # he will be able to access your application without confirming. Default is nil.
+  # When confirm_within is zero, the user won't be able to sign in without confirming.
+  # You can use this to let your user access some features of your application
+  # without confirming the account, but blocking it after a certain period
+  # (ie 2 days).
   # config.confirm_within = 2.days
+  # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
-  # The time you want to timeout the user session without activity. After this
-  # time the user will be asked for credentials again.
-  # config.timeout_in = 10.minutes
+  # If true, a valid remember token can be re-used between multiple browsers.
+  # config.remember_across_browsers = true
-  # Configure the e-mail address which will be shown in DeviseMailer.
-  config.mailer_sender = "please-change-me-omg@yourapp.com"
+  # If true, extends the user's remember period when remembered via cookie.
+  # config.extend_remember_period = false
-  # Load and configure the ORM. Supports :active_record, :data_mapper and :mongoid.
-  require "devise/orm/#{DEVISE_ORM}"
+  # ==> Configuration for :validatable
+  # Range for password length
+  # config.password_length = 6..20
-  # Turn scoped views on. Before rendering "sessions/new", it will first check for
-  # "sessions/users/new". It's turned off by default because it's slower if you
-  # are using only default views.
-  # config.scoped_views = true
+  # Regex to use to validate the email address
+  # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
-  # Number of authentication tries before locking an account.
-  # config.maximum_attempts = 20
+  # ==> Configuration for :timeoutable
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again.
+  # config.timeout_in = 10.minutes
+  # ==> Configuration for :lockable
+  # Defines which strategy will be used to lock an account.
+  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+  # :none            = No lock strategy. You should handle locking by yourself.
+  # config.lock_strategy = :failed_attempts
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
   # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
-  # :both  = enables both strategies
+  # :both  = Enables both strategies
+  # :none  = No unlock strategy. You should handle unlocking by yourself.
   # config.unlock_strategy = :both
+  # Number of authentication tries before locking an account if lock_strategy
+  # is failed attempts.
+  # config.maximum_attempts = 20
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
   # config.unlock_in = 1.hour
+  # ==> Configuration for :token_authenticatable
+  # Defines name of the authentication token params key
+  # config.token_authentication_key = :auth_token
+  # ==> Scopes configuration
+  # Turn scoped views on. Before rendering "sessions/new", it will first check for
+  # "users/sessions/new". It's turned off by default because it's slower if you
+  # are using only default views.
+  # config.scoped_views = true
+  # Configure the default scope given to Warden. By default it's the first
+  # devise role declared in your routes.
+  # config.default_scope = :user
+  # Configure sign_out behavior.
+  # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
+  # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
+  # config.sign_out_all_scopes = false
+  # ==> Navigation configuration
+  # Lists the formats that should be treated as navigational. Formats like
+  # :html, should redirect to the sign in page when the user does not have
+  # access, but formats like :xml or :json, should return 401.
+  # If you have any extra navigational formats, like :iphone or :mobile, you
+  # should add them to the navigational formats lists. Default is [:html]
+  # config.navigational_formats = [:html, :iphone]
+  # ==> Warden configuration
   # If you want to use other strategies, that are not (yet) supported by Devise,
   # you can configure them inside the config.warden block. The example below
   # allows you to setup OAuth, using http://github.com/roman/warden_oauth
@@ -66,13 +134,6 @@ Devise.setup do |config|
   #     twitter.consumer_key  = <YOUR CONSUMER KEY>
   #     twitter.options :site => 'http://twitter.com'
   #   end
-  #   manager.default_strategies.unshift :twitter_oauth
-  # end
-  # Configure default_url_options if you are using dynamic segments in :path_prefix
-  # for devise_for.
-  #
-  # config.default_url_options do
-  #   { :locale => I18n.locale }
+  #   manager.default_strategies(:scope => :user).unshift :twitter_oauth
   # end
 end

data/test/rails_app/config/routes.rb CHANGED

@@ -1,29 +1,47 @@
-Rails::Application.routes.draw do
+Rails.application.routes.draw do
+  # Resources for testing
   resources :users, :only => [:index] do
     get :expire, :on => :member
+    get :accept, :on => :member
   end
   resources :admins, :only => [:index]
-  devise_for :users
-  devise_for :admin, :path => "admin_area", :controllers => { :sessions => "sessions" }, :skip => :passwords
-  devise_for :accounts, :singular => "manager", :path_prefix => ":locale",
-    :class_name => "User", :path_names => {
-      :sign_in => "login", :sign_out => "logout",
-      :password => "secret", :confirmation => "verification",
-      :unlock => "unblock", :sign_up => "register",
-      :registration => "management"
-    }
+  # Users scope
+  devise_for :users do
+    match "/devise_for/sign_in", :to => "devise/sessions#new"
+  end
+  as :user do
+    match "/as/sign_in", :to => "devise/sessions#new"
+  end
-  match "/admin_area/home", :to => "admins#index", :as => :admin_root
   match "/sign_in", :to => "devise/sessions#new"
-  # Dummy route for new admin pasword
-  match "/anywhere", :to => "foo#bar", :as => :new_admin_password
+  # Admin scope
+  devise_for :admin, :path => "admin_area", :controllers => { :sessions => "sessions" }, :skip => :passwords
-  root :to => "home#index"
+  match "/admin_area/home", :to => "admins#index", :as => :admin_root
+  match "/anywhere", :to => "foo#bar", :as => :new_admin_password
   authenticate(:admin) do
     match "/private", :to => "home#private", :as => :private
   end
+  # Other routes for routing_test.rb
+  namespace :publisher, :path_names => { :sign_in => "i_don_care", :sign_out => "get_out" } do
+    devise_for :accounts, :class_name => "User", :path_names => { :sign_in => "get_in" }
+  end
+  scope ":locale" do
+    devise_for :accounts, :singular => "manager", :class_name => "User",
+      :path_names => {
+        :sign_in => "login", :sign_out => "logout",
+        :password => "secret", :confirmation => "verification",
+        :unlock => "unblock", :sign_up => "register",
+        :registration => "management"
+      }
+  end
+  root :to => "home#index"
 end