devise 1.2.rc → 1.2.rc2

data/lib/devise/omniauth/url_helpers.rb

@@ -7,7 +7,11 @@ module Devise
         class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
           def #{mapping.name}_omniauth_authorize_path(provider, params = {})
             if Devise.omniauth_configs[provider.to_sym]
-              "/#{mapping.path}/auth/\#{provider}\#{'?'+params.to_param if params.present?}"
+              script_name = request.env["SCRIPT_NAME"]
+
+              path = "\#{script_name}/#{mapping.path}/auth/\#{provider}\".squeeze("/")
+              path << '?' + params.to_param if params.present?
+              path
             else
               raise ArgumentError, "Could not find omniauth provider \#{provider.inspect}"
             end
@@ -26,4 +30,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise/rails.rb

@@ -41,8 +41,9 @@ module Devise
         # Nothing to say
       else
         puts "[DEVISE] You are using #{Devise.encryptor} as encryptor. From version 1.2, " <<
-          "you need to explicitly add `devise :encryptable, :encryptor => #{Devise.encryptor.to_sym}` " <<
-          "to your models and comment the current value in the config/initializers/devise.rb"
+          "you need to explicitly add `devise :encryptable, :encryptor => :#{Devise.encryptor}` " <<
+          "to your models and comment the current value in the config/initializers/devise.rb. " <<
+          "You must also add t.encryptable to your existing migrations."
       end
     end
   end

data/lib/devise/rails/warden_compat.rb

@@ -47,6 +47,10 @@ unless Devise.rack_session?
     alias_method :regular_writer, :[]= unless method_defined?(:regular_writer)
     alias_method :regular_update, :update unless method_defined?(:regular_update)
 
+    def [](key)
+      super(convert_key(key))
+    end
+
     def []=(key, value)
       regular_writer(convert_key(key), value)
     end
@@ -91,6 +95,7 @@ unless Devise.rack_session?
     def symbolize_keys; to_hash.symbolize_keys end
 
     def to_options!; self end
+    def to_hash; Hash.new.update(self) end
 
     protected
 

data/lib/devise/schema.rb

@@ -3,7 +3,7 @@ module Devise
   # and overwrite the apply_schema method.
   module Schema
 
-    # Creates email, encrypted_password and password_salt.
+    # Creates email when enabled (on by default), encrypted_password and password_salt.
     #
     # == Options
     # * :null - When true, allow columns to be null.
@@ -15,8 +15,9 @@ module Devise
     def database_authenticatable(options={})
       null    = options[:null] || false
       default = options.key?(:default) ? options[:default] : ("" if null == false)
+      include_email =  !self.respond_to?(:authentication_keys) || self.authentication_keys.include?(:email)
 
-      apply_devise_schema :email,              String, :null => null, :default => default
+      apply_devise_schema :email,              String, :null => null, :default => default if include_email
       apply_devise_schema :encrypted_password, String, :null => null, :default => default, :limit => 128
     end
 

data/lib/devise/strategies/authenticatable.rb

@@ -19,13 +19,27 @@ module Devise
         result = resource && resource.valid_for_authentication?(&block)
 
         case result
-        when Symbol, String
+        when String, Symbol
           fail!(result)
+          false
+        when TrueClass
+          decorate(resource)
+          true
         else
           result
         end
       end
 
+      # Get values from params and set in the resource.
+      def decorate(resource)
+        resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
+      end
+
+      # Should this resource be marked to be remembered?
+      def remember_me?
+        valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
+      end
+
       # Check if this is strategy is valid for http authentication by:
       #
       #   * Validating if the model allows params authentication;

data/lib/devise/strategies/database_authenticatable.rb

@@ -10,7 +10,7 @@ module Devise
         if validate(resource){ resource.valid_password?(password) }
           resource.after_database_authentication
           success!(resource)
-        else
+        elsif !halted?
           fail(:invalid)
         end
       end

data/lib/devise/strategies/rememberable.rb

@@ -20,7 +20,7 @@ module Devise
 
         if validate(resource)
           success!(resource)
-        else
+        elsif !halted?
           cookies.delete(remember_key)
           pass
         end
@@ -28,6 +28,11 @@ module Devise
 
     private
 
+      def decorate(resource)
+        super
+        resource.extend_remember_period = mapping.to.extend_remember_period if resource.respond_to?(:extend_remember_period=)
+      end
+
       def remember_me?
         true
       end
@@ -36,10 +41,6 @@ module Devise
         "remember_#{scope}_token"
       end
 
-      def extend_remember_period?
-        mapping.to.extend_remember_period
-      end
-
       # Accessor for remember cookie
       def remember_cookie
         @remember_cookie ||= cookies.signed[remember_key]

data/lib/devise/strategies/token_authenticatable.rb

@@ -20,7 +20,7 @@ module Devise
         if validate(resource)
           resource.after_token_authentication
           success!(resource)
-        else
+        elsif !halted?
           fail(:invalid_token)
         end
       end

data/lib/devise/test_helpers.rb

@@ -1,7 +1,7 @@
 module Devise
   # Devise::TestHelpers provides a facility to test controllers in isolation
   # when using ActionController::TestCase allowing you to quickly sign_in or
-  # sign_out an user. Do not use Devise::TestHelpers in integration tests.
+  # sign_out a user. Do not use Devise::TestHelpers in integration tests.
   #
   # Notice you should not test Warden specific behavior (like Warden callbacks)
   # using Devise::TestHelpers since it is a stub of the actual behavior. Such
@@ -44,9 +44,9 @@ module Devise
           env = @controller.request.env
           env["PATH_INFO"] = "/#{result[:action]}"
           env["warden.options"] = result
-          Warden::Manager._before_failure.each{ |hook| hook.call(env, result) }
+          Warden::Manager._run_callbacks(:before_failure, env, result)
 
-          status, headers, body = Devise::FailureApp.call(env).to_a
+          status, headers, body = Devise.warden_config[:failure_app].call(env).to_a
           @controller.send :render, :status => status, :text => body,
             :content_type => headers["Content-Type"], :location => headers["Location"]
 

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.2.rc".freeze
+  VERSION = "1.2.rc2".freeze
 end

data/lib/generators/active_record/devise_generator.rb

@@ -10,7 +10,7 @@ module ActiveRecord
       source_root File.expand_path("../templates", __FILE__)
 
       def generate_model
-        invoke "active_record:model", [name], :migration => false unless model_exists?
+        invoke "active_record:model", [name], :migration => false unless model_exists? && behavior == :invoke
       end
 
       def copy_devise_migration
@@ -18,7 +18,7 @@ module ActiveRecord
       end
 
       def inject_devise_content
-        inject_into_class model_path, class_name, model_contents + <<-CONTENT
+        inject_into_class(model_path, class_name, model_contents + <<CONTENT) if model_exists?
   # Setup accessible (or protected) attributes for your model
   attr_accessible :email, :password, :password_confirmation, :remember_me
 CONTENT

data/lib/generators/active_record/templates/migration.rb

@@ -22,6 +22,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
     add_index :<%= table_name %>, :reset_password_token, :unique => true
     # add_index :<%= table_name %>, :confirmation_token,   :unique => true
     # add_index :<%= table_name %>, :unlock_token,         :unique => true
+    # add_index :<%= table_name %>, :authentication_token, :unique => true
   end
 
   def self.down

data/lib/generators/devise/devise_generator.rb

@@ -10,7 +10,9 @@ module Devise
       hook_for :orm
 
       def add_devise_routes
-        route "devise_for :#{table_name}"
+        devise_route  = "devise_for :#{plural_name}"
+        devise_route += %Q(, :class_name => "#{class_name}") if class_name.include?("::")
+        route devise_route
       end
     end
   end

data/lib/generators/devise/orm_helpers.rb

@@ -12,8 +12,7 @@ CONTENT
       end
 
       def model_exists?
-        return @model_exists if instance_variable_defined?(:@model_exists)
-        @model_exists = File.exists?(File.join(destination_root, model_path))
+        File.exists?(File.join(destination_root, model_path))
       end
 
       def model_path

data/lib/generators/devise/views_generator.rb

@@ -1,3 +1,5 @@
+require 'tmpdir'
+
 module Devise
   module Generators
     class ViewsGenerator < Rails::Generators::Base
@@ -8,56 +10,17 @@ module Devise
                        :desc => "The scope to copy views to"
 
       class_option :template_engine, :type => :string, :aliases => "-t",
-                                     :desc => "Template engine for the views. Available options are 'erb' and 'haml'."
+                                     :desc => "Template engine for the views. Available options are 'erb', 'haml' and 'slim'."
 
       def copy_views
-        case options[:template_engine].to_s
-        when "haml"
-          verify_haml_existence
-          verify_haml_version
-          create_and_copy_haml_views
+        template = options[:template_engine].to_s
+        case template
+        when "haml", "slim"
+          warn "#{template} templates have been removed from Devise gem"
         else
           directory "devise", "app/views/#{scope || :devise}"
         end
       end
-
-    protected
-
-      def verify_haml_existence
-        begin
-          require 'haml'
-        rescue LoadError
-          say "HAML is not installed, or it is not specified in your Gemfile."
-          exit
-        end
-      end
-
-      def verify_haml_version
-        unless Haml.version[:major] == 2 and Haml.version[:minor] >= 3 or Haml.version[:major] >= 3
-          say "To generate HAML templates, you need to install HAML 2.3 or above."
-          exit
-        end
-      end
-
-      def create_and_copy_haml_views
-        require 'tmpdir'
-        html_root = "#{self.class.source_root}/devise"
-
-        Dir.mktmpdir("devise-haml.") do |haml_root|
-          Dir["#{html_root}/**/*"].each do |path|
-            relative_path = path.sub(html_root, "")
-            source_path   = (haml_root + relative_path).sub(/erb$/, "haml")
-
-            if File.directory?(path)
-              FileUtils.mkdir_p(source_path)
-            else
-              `html2haml -r #{path} #{source_path}`
-            end
-          end
-
-          directory haml_root, "app/views/#{scope || :devise}"
-        end
-      end
     end
   end
-end
+end

data/lib/generators/mongoid/devise_generator.rb

@@ -6,11 +6,11 @@ module Mongoid
       include Devise::Generators::OrmHelpers
 
       def generate_model
-        invoke "mongoid:model", [name] unless model_exists?
+        invoke "mongoid:model", [name] unless model_exists? && behavior == :invoke
       end
 
       def inject_devise_content
-        inject_into_file model_path, model_contents, :after => "include Mongoid::Document\n"
+        inject_into_file model_path, model_contents, :after => "include Mongoid::Document\n" if model_exists?
       end
     end
   end

data/lib/generators/templates/devise.rb

@@ -34,7 +34,7 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  # config.case_insensitive_keys = [ :email ]
+  config.case_insensitive_keys = [ :email ]
 
   # Tell if authentication through request.params is enabled. True by default.
   # config.params_authenticatable = true
@@ -53,6 +53,9 @@ Devise.setup do |config|
   # using other encryptors, it sets how many times you want the password re-encrypted.
   config.stretches = 10
 
+  # Setup a pepper to generate the encrypted password.
+  # config.pepper = <%= ActiveSupport::SecureRandom.hex(64).inspect %>
+
   # ==> Configuration for :confirmable
   # The time you want to give your user to confirm his account. During this time
   # he will be able to access your application without confirming. Default is 0.days
@@ -62,6 +65,9 @@ Devise.setup do |config|
   # (ie 2 days).
   # config.confirm_within = 2.days
 
+  # Defines which key will be used when confirming an account
+  # config.confirmation_keys = [ :email ]
+
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
@@ -81,7 +87,7 @@ Devise.setup do |config|
   # config.password_length = 6..20
 
   # Regex to use to validate the email address
-  # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
+  # config.email_regexp = /\A([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})\z/i
 
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
@@ -94,6 +100,9 @@ Devise.setup do |config|
   # :none            = No lock strategy. You should handle locking by yourself.
   # config.lock_strategy = :failed_attempts
 
+  # Defines which key will be used when locking and unlocking an account
+  # config.unlock_keys = [ :email ]
+
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
   # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
@@ -108,6 +117,11 @@ Devise.setup do |config|
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
   # config.unlock_in = 1.hour
 
+  # ==> Configuration for :recoverable
+  #
+  # Defines which key will be used when recovering the password for an account
+  # config.reset_password_keys = [ :email ]
+
   # ==> Configuration for :encryptable
   # Allow you to use another encryption algorithm besides bcrypt (default). You can use
   # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
@@ -116,9 +130,6 @@ Devise.setup do |config|
   # REST_AUTH_SITE_KEY to pepper)
   # config.encryptor = :sha512
 
-  # Setup a pepper to generate the encrypted password.
-  # config.pepper = <%= ActiveSupport::SecureRandom.hex(64).inspect %>
-
   # ==> Configuration for :token_authenticatable
   # Defines name of the authentication token params key
   # config.token_authentication_key = :auth_token
@@ -150,8 +161,9 @@ Devise.setup do |config|
   # If you have any extra navigational formats, like :iphone or :mobile, you
   # should add them to the navigational formats lists.
   #
-  # The :"*/*" format below is required to match Internet Explorer requests.
-  # config.navigational_formats = [:"*/*", :html]
+  # The :"*/*" and "*/*" formats below is required to match Internet
+  # Explorer requests.
+  # config.navigational_formats = [:"*/*", "*/*", :html]
 
   # The default HTTP method used to sign out a resource. Default is :get.
   # config.sign_out_via = :get

data/test/controllers/helpers_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 require 'ostruct'
 
-class ControllerAuthenticableTest < ActionController::TestCase
+class ControllerAuthenticatableTest < ActionController::TestCase
   tests ApplicationController
 
   def setup
@@ -13,16 +13,16 @@ class ControllerAuthenticableTest < ActionController::TestCase
     assert_equal @mock_warden, @controller.warden
   end
 
-  test 'proxy signed_in? to authenticated' do
+  test 'proxy signed_in?(scope) to authenticate?' do
     @mock_warden.expects(:authenticate?).with(:scope => :my_scope)
     @controller.signed_in?(:my_scope)
   end
 
-  test 'proxy anybody_signed_in? to signed_in?' do
+  test 'proxy signed_in?(nil) to authenticate?' do
     Devise.mappings.keys.each do |scope| # :user, :admin, :manager
-      @controller.expects(:signed_in?).with(scope)
+      @mock_warden.expects(:authenticate?).with(:scope => scope)
     end
-    @controller.anybody_signed_in?
+    @controller.signed_in?
   end
 
   test 'proxy current_user to authenticate with user scope' do
@@ -90,16 +90,32 @@ class ControllerAuthenticableTest < ActionController::TestCase
 
   test 'sign in proxy to set_user on warden' do
     user = User.new
+    @mock_warden.expects(:user).returns(nil)
     @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
     @controller.sign_in(:user, user)
   end
 
   test 'sign in accepts a resource as argument' do
     user = User.new
+    @mock_warden.expects(:user).returns(nil)
     @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
     @controller.sign_in(user)
   end
 
+  test 'does not sign in again if the user is already in' do
+    user = User.new
+    @mock_warden.expects(:user).returns(user)
+    @mock_warden.expects(:set_user).never
+    @controller.sign_in(user)
+  end
+
+  test 'sign in again when the user is already in only if force is given' do
+    user = User.new
+    @mock_warden.expects(:user).returns(user)
+    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @controller.sign_in(user, :force => true)
+  end
+
   test 'sign in accepts bypass as option' do
     user = User.new
     @mock_warden.expects(:session_serializer).returns(serializer = mock())
@@ -120,11 +136,13 @@ class ControllerAuthenticableTest < ActionController::TestCase
   end
 
   test 'sign out without args proxy to sign out all scopes' do
+    @mock_warden.expects(:user).times(Devise.mappings.size)
     @mock_warden.expects(:logout).with().returns(true)
     @controller.sign_out
   end
 
   test 'sign out everybody proxy to logout on warden' do
+    @mock_warden.expects(:user).times(Devise.mappings.size)
     @mock_warden.expects(:logout).with().returns(true)
     @controller.sign_out_all_scopes
   end
@@ -185,6 +203,17 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.sign_in_and_redirect(admin)
   end
 
+  test 'redirect_location returns the stored location if set' do
+    user = User.new
+    @controller.session[:"user_return_to"] = "/foo.bar"
+    assert_equal '/foo.bar', @controller.redirect_location('user', user)
+  end
+
+  test 'redirect_location returns the after sign in path by default' do
+    user = User.new
+    assert_equal @controller.after_sign_in_path_for(:user), @controller.redirect_location('user', user)
+  end
+
   test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
     swap Devise, :sign_out_all_scopes => false do
       @mock_warden.expects(:user).with(:admin).returns(true)
@@ -197,6 +226,7 @@ class ControllerAuthenticableTest < ActionController::TestCase
 
   test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
     swap Devise, :sign_out_all_scopes => true do
+      @mock_warden.expects(:user).times(Devise.mappings.size)
       @mock_warden.expects(:logout).with().returns(true)
       @controller.expects(:redirect_to).with(admin_root_path)
       @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"