devise 2.0.0.rc → 2.0.0.rc2

data/app/controllers/devise/registrations_controller.rb

@@ -1,12 +1,11 @@
-class Devise::RegistrationsController < ApplicationController
+class Devise::RegistrationsController < DeviseController
   prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]
   prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
-  include Devise::Controllers::InternalHelpers
 
   # GET /resource/sign_up
   def new
     resource = build_resource({})
-    respond_with_navigational(resource){ render_with_scope :new }
+    respond_with resource
   end
 
   # POST /resource
@@ -19,19 +18,19 @@ class Devise::RegistrationsController < ApplicationController
         sign_in(resource_name, resource)
         respond_with resource, :location => after_sign_up_path_for(resource)
       else
-        set_flash_message :notice, :inactive_signed_up, :reason => inactive_reason(resource) if is_navigational_format?
+        set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
         expire_session_data_after_sign_in!
         respond_with resource, :location => after_inactive_sign_up_path_for(resource)
       end
     else
-      clean_up_passwords(resource)
-      respond_with_navigational(resource) { render_with_scope :new }
+      clean_up_passwords resource
+      respond_with resource
     end
   end
 
   # GET /resource/edit
   def edit
-    render_with_scope :edit
+    render :edit
   end
 
   # PUT /resource
@@ -50,8 +49,8 @@ class Devise::RegistrationsController < ApplicationController
       sign_in resource_name, resource, :bypass => true
       respond_with resource, :location => after_update_path_for(resource)
     else
-      clean_up_passwords(resource)
-      respond_with_navigational(resource){ render_with_scope :edit }
+      clean_up_passwords resource
+      respond_with resource
     end
   end
 
@@ -75,40 +74,34 @@ class Devise::RegistrationsController < ApplicationController
 
   protected
 
-    # Build a devise resource passing in the session. Useful to move
-    # temporary session data to the newly created user.
-    def build_resource(hash=nil)
-      hash ||= params[resource_name] || {}
-      self.resource = resource_class.new_with_session(hash, session)
-    end
-
-    # The path used after sign up. You need to overwrite this method
-    # in your own RegistrationsController.
-    def after_sign_up_path_for(resource)
-      after_sign_in_path_for(resource)
-    end
+  # Build a devise resource passing in the session. Useful to move
+  # temporary session data to the newly created user.
+  def build_resource(hash=nil)
+    hash ||= params[resource_name] || {}
+    self.resource = resource_class.new_with_session(hash, session)
+  end
 
-    # Returns the inactive reason translated.
-    def inactive_reason(resource)
-      reason = resource.inactive_message.to_s
-      I18n.t("devise.registrations.reasons.#{reason}", :default => reason)
-    end
+  # The path used after sign up. You need to overwrite this method
+  # in your own RegistrationsController.
+  def after_sign_up_path_for(resource)
+    after_sign_in_path_for(resource)
+  end
 
-    # The path used after sign up for inactive accounts. You need to overwrite
-    # this method in your own RegistrationsController.
-    def after_inactive_sign_up_path_for(resource)
-      root_path
-    end
+  # The path used after sign up for inactive accounts. You need to overwrite
+  # this method in your own RegistrationsController.
+  def after_inactive_sign_up_path_for(resource)
+    respond_to?(:root_path) ? root_path : "/"
+  end
 
-    # The default url to be used after updating a resource. You need to overwrite
-    # this method in your own RegistrationsController.
-    def after_update_path_for(resource)
-      signed_in_root_path(resource)
-    end
+  # The default url to be used after updating a resource. You need to overwrite
+  # this method in your own RegistrationsController.
+  def after_update_path_for(resource)
+    signed_in_root_path(resource)
+  end
 
-    # Authenticates the current scope and gets the current resource from the session.
-    def authenticate_scope!
-      send(:"authenticate_#{resource_name}!", :force => true)
-      self.resource = send(:"current_#{resource_name}")
-    end
+  # Authenticates the current scope and gets the current resource from the session.
+  def authenticate_scope!
+    send(:"authenticate_#{resource_name}!", :force => true)
+    self.resource = send(:"current_#{resource_name}")
+  end
 end

data/app/controllers/devise/sessions_controller.rb

@@ -1,13 +1,12 @@
-class Devise::SessionsController < ApplicationController
+class Devise::SessionsController < DeviseController
   prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
   prepend_before_filter :allow_params_authentication!, :only => :create
-  include Devise::Controllers::InternalHelpers
 
   # GET /resource/sign_in
   def new
     resource = build_resource
     clean_up_passwords(resource)
-    respond_with_navigational(resource, stub_options(resource)){ render_with_scope :new }
+    respond_with(resource, stub_options(resource))
   end
 
   # POST /resource/sign_in

data/app/controllers/devise/unlocks_controller.rb

@@ -1,11 +1,9 @@
-class Devise::UnlocksController < ApplicationController
+class Devise::UnlocksController < DeviseController
   prepend_before_filter :require_no_authentication
-  include Devise::Controllers::InternalHelpers
 
   # GET /resource/unlock/new
   def new
     build_resource({})
-    render_with_scope :new
   end
 
   # POST /resource/unlock
@@ -15,7 +13,7 @@ class Devise::UnlocksController < ApplicationController
     if successfully_sent?(resource)
       respond_with({}, :location => new_session_path(resource_name))
     else
-      respond_with_navigational(resource){ render_with_scope :new }
+      respond_with(resource)
     end
   end
 
@@ -27,7 +25,7 @@ class Devise::UnlocksController < ApplicationController
       set_flash_message :notice, :unlocked if is_navigational_format?
       respond_with_navigational(resource){ redirect_to new_session_path(resource) }
     else
-      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render_with_scope :new }
+      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new }
     end
   end
 end

data/app/controllers/devise_controller.rb

@@ -0,0 +1,169 @@
+# All Devise controllers are inherited from here.
+class DeviseController < Devise.parent_controller.constantize
+  include Devise::Controllers::ScopedViews
+
+  helper DeviseHelper
+
+  helpers = %w(resource scope_name resource_name signed_in_resource
+               resource_class devise_mapping devise_controller?)
+  hide_action *helpers
+  helper_method *helpers
+
+  prepend_before_filter :assert_is_devise_resource!
+  respond_to *Mime::SET.map(&:to_sym) if mimes_for_respond_to.empty?
+
+  # Gets the actual resource stored in the instance variable
+  def resource
+    instance_variable_get(:"@#{resource_name}")
+  end
+
+  # Proxy to devise map name
+  def resource_name
+    devise_mapping.name
+  end
+  alias :scope_name :resource_name
+
+  # Proxy to devise map class
+  def resource_class
+    devise_mapping.to
+  end
+
+  # Returns a signed in resource from session (if one exists)
+  def signed_in_resource
+    warden.authenticate(:scope => resource_name)
+  end
+
+  # Attempt to find the mapped route for devise based on request path
+  def devise_mapping
+    @devise_mapping ||= request.env["devise.mapping"]
+  end
+
+  # Overwrites devise_controller? to return true
+  def devise_controller?
+    true
+  end
+
+  protected
+
+  # Checks whether it's a devise mapped resource or not.
+  def assert_is_devise_resource! #:nodoc:
+    unknown_action! <<-MESSAGE unless devise_mapping
+Could not find devise mapping for path #{request.fullpath.inspect}.
+Maybe you forgot to wrap your route inside the scope block? For example:
+
+devise_scope :user do
+  match "/some/route" => "some_devise_controller"
+end
+MESSAGE
+  end
+
+  # Returns real navigational formats which are supported by Rails
+  def navigational_formats
+    @navigational_formats ||= Devise.navigational_formats.select { |format| Mime::EXTENSION_LOOKUP[format.to_s] }
+  end
+
+  def unknown_action!(msg)
+    logger.debug "[Devise] #{msg}" if logger
+    raise AbstractController::ActionNotFound, msg
+  end
+
+  # Sets the resource creating an instance variable
+  def resource=(new_resource)
+    instance_variable_set(:"@#{resource_name}", new_resource)
+  end
+
+  # Build a devise resource.
+  def build_resource(hash=nil)
+    hash ||= params[resource_name] || {}
+    self.resource = resource_class.new(hash)
+  end
+
+  # Helper for use in before_filters where no authentication is required.
+  #
+  # Example:
+  #   before_filter :require_no_authentication, :only => :new
+  def require_no_authentication
+    assert_is_devise_resource!
+    return unless is_navigational_format?
+    no_input = devise_mapping.no_input_strategies
+
+    authenticated = if no_input.present?
+      args = no_input.dup.push :scope => resource_name
+      warden.authenticate?(*args)
+    else
+      warden.authenticated?(resource_name)
+    end
+
+    if authenticated
+      resource = warden.user(resource_name)
+      flash[:alert] = I18n.t("devise.failure.already_authenticated")
+      redirect_to after_sign_in_path_for(resource)
+    end
+  end
+
+  # Helper for use after calling send_*_instructions methods on a resource.
+  # If we are in paranoid mode, we always act as if the resource was valid
+  # and instructions were sent.
+  def successfully_sent?(resource)
+    notice = if Devise.paranoid
+      resource.errors.clear
+      :send_paranoid_instructions
+    elsif resource.errors.empty?
+      :send_instructions
+    end
+
+    if notice
+      set_flash_message :notice, notice if is_navigational_format?
+      true
+    end
+  end
+
+  # Sets the flash message with :key, using I18n. By default you are able
+  # to setup your messages using specific resource scope, and if no one is
+  # found we look to default scope.
+  # Example (i18n locale file):
+  #
+  #   en:
+  #     devise:
+  #       passwords:
+  #         #default_scope_messages - only if resource_scope is not found
+  #         user:
+  #           #resource_scope_messages
+  #
+  # Please refer to README or en.yml locale file to check what messages are
+  # available.
+  def set_flash_message(key, kind, options={})
+    options[:scope] = "devise.#{controller_name}"
+    options[:default] = Array(options[:default]).unshift(kind.to_sym)
+    options[:resource_name] = resource_name
+    message = I18n.t("#{resource_name}.#{kind}", options)
+    flash[key] = message if message.present?
+  end
+
+  def clean_up_passwords(object)
+    object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
+  end
+
+  def respond_with_navigational(*args, &block)
+    respond_with(*args) do |format|
+      format.any(*navigational_formats, &block)
+    end
+  end
+
+  def request_format
+    @request_format ||= request.format.try(:ref)
+  end
+
+  def is_navigational_format?
+    Devise.navigational_formats.include?(request.format.try(:ref))
+  end
+
+  # Override prefixes to consider the scoped view.
+  def _prefixes #:nodoc:
+    @_prefixes ||= if self.class.scoped_views?
+      super.unshift("#{devise_mapping.scoped_path}/#{controller_name}")
+    else
+      super
+    end
+  end
+end

data/app/views/devise/_links.erb

@@ -0,0 +1,25 @@
+<%- if controller_name != 'sessions' %>
+  <%= link_to "Sign in", new_session_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+  <%= link_to "Sign up", new_registration_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
+  <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
+  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
+  <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.omniauthable? %>
+  <%- resource_class.omniauth_providers.each do |provider| %>
+    <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
+  <% end -%>
+<% end -%>

data/app/views/devise/confirmations/new.html.erb

@@ -9,4 +9,4 @@
   <div><%= f.submit "Resend confirmation instructions" %></div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/app/views/devise/passwords/edit.html.erb

@@ -13,4 +13,4 @@
   <div><%= f.submit "Change my password" %></div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/app/views/devise/passwords/new.html.erb

@@ -9,4 +9,4 @@
   <div><%= f.submit "Send me reset password instructions" %></div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/app/views/devise/registrations/new.html.erb

@@ -15,4 +15,4 @@
   <div><%= f.submit "Sign up" %></div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/app/views/devise/sessions/new.html.erb

@@ -14,4 +14,4 @@
   <div><%= f.submit "Sign in" %></div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/app/views/devise/shared/_links.erb

@@ -1,25 +1,3 @@
-<%- if controller_name != 'sessions' %>
-  <%= link_to "Sign in", new_session_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
-  <%= link_to "Sign up", new_registration_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
-  <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
-  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
-  <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.omniauthable? %>
-  <%- resource_class.omniauth_providers.each do |provider| %>
-    <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
-  <% end -%>
-<% end -%>
+<% ActiveSupport::Deprecation.warn "Rendering partials devise/shared/_links.erb is deprecated" \
+  "please use devise/_links.erb instead." %>
+<%= render "links" %>

data/app/views/devise/unlocks/new.html.erb

@@ -9,4 +9,4 @@
   <div><%= f.submit "Resend unlock instructions" %></div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/config/locales/en.yml

@@ -35,17 +35,15 @@ en:
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
       signed_up: 'Welcome! You have signed up successfully.'
-      inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
+      signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
+      signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
+      signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
       updated: 'You updated your account successfully.'
       update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
-      reasons:
-        inactive: 'inactive'
-        unconfirmed: 'unconfirmed'
-        locked: 'locked'
     unlocks:
       send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
-      unlocked: 'Your account was successfully unlocked. You are now signed in.'
+      unlocked: 'Your account has been unlocked successfully. Please sign in to continue.'
       send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.'
     omniauth_callbacks:
       success: 'Successfully authorized from %{kind} account.'