devise 2.0.0.rc → 2.0.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +94 -74
- data/README.rdoc +2 -2
- data/app/controllers/devise/confirmations_controller.rb +3 -6
- data/app/controllers/devise/omniauth_callbacks_controller.rb +1 -3
- data/app/controllers/devise/passwords_controller.rb +3 -6
- data/app/controllers/devise/registrations_controller.rb +34 -41
- data/app/controllers/devise/sessions_controller.rb +2 -3
- data/app/controllers/devise/unlocks_controller.rb +3 -5
- data/app/controllers/devise_controller.rb +169 -0
- data/app/views/devise/_links.erb +25 -0
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +1 -1
- data/app/views/devise/passwords/new.html.erb +1 -1
- data/app/views/devise/registrations/new.html.erb +1 -1
- data/app/views/devise/sessions/new.html.erb +1 -1
- data/app/views/devise/shared/_links.erb +3 -25
- data/app/views/devise/unlocks/new.html.erb +1 -1
- data/config/locales/en.yml +4 -6
- data/lib/devise.rb +15 -11
- data/lib/devise/controllers/helpers.rb +8 -2
- data/lib/devise/controllers/scoped_views.rb +0 -16
- data/lib/devise/controllers/url_helpers.rb +16 -2
- data/lib/devise/failure_app.rb +43 -8
- data/lib/devise/models.rb +1 -1
- data/lib/devise/models/confirmable.rb +12 -9
- data/lib/devise/models/lockable.rb +1 -1
- data/lib/devise/models/serializable.rb +5 -2
- data/lib/devise/modules.rb +2 -2
- data/lib/devise/param_filter.rb +1 -1
- data/lib/devise/path_checker.rb +5 -1
- data/lib/devise/rails.rb +21 -0
- data/lib/devise/rails/routes.rb +16 -10
- data/lib/devise/rails/warden_compat.rb +0 -83
- data/lib/devise/strategies/authenticatable.rb +2 -2
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/devise_generator.rb +1 -1
- data/lib/generators/active_record/templates/migration.rb +0 -10
- data/lib/generators/devise/views_generator.rb +6 -14
- data/lib/generators/templates/devise.rb +11 -3
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +1 -1
- data/test/controllers/internal_helpers_test.rb +1 -2
- data/test/failure_app_test.rb +24 -20
- data/test/generators/active_record_generator_test.rb +3 -13
- data/test/generators/views_generator_test.rb +1 -1
- data/test/integration/authenticatable_test.rb +4 -7
- data/test/integration/http_authenticatable_test.rb +4 -4
- data/test/integration/lockable_test.rb +24 -12
- data/test/integration/registerable_test.rb +1 -1
- data/test/integration/timeoutable_test.rb +18 -4
- data/test/integration/token_authenticatable_test.rb +3 -3
- data/test/integration/trackable_test.rb +5 -5
- data/test/models/confirmable_test.rb +15 -0
- data/test/models/database_authenticatable_test.rb +6 -0
- data/test/models/lockable_test.rb +13 -0
- data/test/rails_app/app/mongoid/user.rb +1 -1
- data/test/rails_app/config/routes.rb +3 -5
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +1 -1
- data/test/rails_app/lib/shared_admin.rb +1 -0
- data/test/rails_app/log/development.log +13 -0
- data/test/rails_app/log/test.log +290988 -0
- data/test/support/helpers.rb +0 -17
- metadata +105 -57
- data/.gitignore +0 -10
- data/.travis.yml +0 -13
- data/Gemfile +0 -35
- data/Gemfile.lock +0 -168
- data/Rakefile +0 -34
- data/devise.gemspec +0 -25
- data/lib/devise/controllers/internal_helpers.rb +0 -161
- data/lib/devise/controllers/shared_helpers.rb +0 -26
@@ -1,12 +1,11 @@
|
|
1
|
-
class Devise::RegistrationsController <
|
1
|
+
class Devise::RegistrationsController < DeviseController
|
2
2
|
prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]
|
3
3
|
prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
|
4
|
-
include Devise::Controllers::InternalHelpers
|
5
4
|
|
6
5
|
# GET /resource/sign_up
|
7
6
|
def new
|
8
7
|
resource = build_resource({})
|
9
|
-
|
8
|
+
respond_with resource
|
10
9
|
end
|
11
10
|
|
12
11
|
# POST /resource
|
@@ -19,19 +18,19 @@ class Devise::RegistrationsController < ApplicationController
|
|
19
18
|
sign_in(resource_name, resource)
|
20
19
|
respond_with resource, :location => after_sign_up_path_for(resource)
|
21
20
|
else
|
22
|
-
set_flash_message :notice, :
|
21
|
+
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format?
|
23
22
|
expire_session_data_after_sign_in!
|
24
23
|
respond_with resource, :location => after_inactive_sign_up_path_for(resource)
|
25
24
|
end
|
26
25
|
else
|
27
|
-
clean_up_passwords
|
28
|
-
|
26
|
+
clean_up_passwords resource
|
27
|
+
respond_with resource
|
29
28
|
end
|
30
29
|
end
|
31
30
|
|
32
31
|
# GET /resource/edit
|
33
32
|
def edit
|
34
|
-
|
33
|
+
render :edit
|
35
34
|
end
|
36
35
|
|
37
36
|
# PUT /resource
|
@@ -50,8 +49,8 @@ class Devise::RegistrationsController < ApplicationController
|
|
50
49
|
sign_in resource_name, resource, :bypass => true
|
51
50
|
respond_with resource, :location => after_update_path_for(resource)
|
52
51
|
else
|
53
|
-
clean_up_passwords
|
54
|
-
|
52
|
+
clean_up_passwords resource
|
53
|
+
respond_with resource
|
55
54
|
end
|
56
55
|
end
|
57
56
|
|
@@ -75,40 +74,34 @@ class Devise::RegistrationsController < ApplicationController
|
|
75
74
|
|
76
75
|
protected
|
77
76
|
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
# The path used after sign up. You need to overwrite this method
|
86
|
-
# in your own RegistrationsController.
|
87
|
-
def after_sign_up_path_for(resource)
|
88
|
-
after_sign_in_path_for(resource)
|
89
|
-
end
|
77
|
+
# Build a devise resource passing in the session. Useful to move
|
78
|
+
# temporary session data to the newly created user.
|
79
|
+
def build_resource(hash=nil)
|
80
|
+
hash ||= params[resource_name] || {}
|
81
|
+
self.resource = resource_class.new_with_session(hash, session)
|
82
|
+
end
|
90
83
|
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
84
|
+
# The path used after sign up. You need to overwrite this method
|
85
|
+
# in your own RegistrationsController.
|
86
|
+
def after_sign_up_path_for(resource)
|
87
|
+
after_sign_in_path_for(resource)
|
88
|
+
end
|
96
89
|
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
90
|
+
# The path used after sign up for inactive accounts. You need to overwrite
|
91
|
+
# this method in your own RegistrationsController.
|
92
|
+
def after_inactive_sign_up_path_for(resource)
|
93
|
+
respond_to?(:root_path) ? root_path : "/"
|
94
|
+
end
|
102
95
|
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
96
|
+
# The default url to be used after updating a resource. You need to overwrite
|
97
|
+
# this method in your own RegistrationsController.
|
98
|
+
def after_update_path_for(resource)
|
99
|
+
signed_in_root_path(resource)
|
100
|
+
end
|
108
101
|
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
102
|
+
# Authenticates the current scope and gets the current resource from the session.
|
103
|
+
def authenticate_scope!
|
104
|
+
send(:"authenticate_#{resource_name}!", :force => true)
|
105
|
+
self.resource = send(:"current_#{resource_name}")
|
106
|
+
end
|
114
107
|
end
|
@@ -1,13 +1,12 @@
|
|
1
|
-
class Devise::SessionsController <
|
1
|
+
class Devise::SessionsController < DeviseController
|
2
2
|
prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
|
3
3
|
prepend_before_filter :allow_params_authentication!, :only => :create
|
4
|
-
include Devise::Controllers::InternalHelpers
|
5
4
|
|
6
5
|
# GET /resource/sign_in
|
7
6
|
def new
|
8
7
|
resource = build_resource
|
9
8
|
clean_up_passwords(resource)
|
10
|
-
|
9
|
+
respond_with(resource, stub_options(resource))
|
11
10
|
end
|
12
11
|
|
13
12
|
# POST /resource/sign_in
|
@@ -1,11 +1,9 @@
|
|
1
|
-
class Devise::UnlocksController <
|
1
|
+
class Devise::UnlocksController < DeviseController
|
2
2
|
prepend_before_filter :require_no_authentication
|
3
|
-
include Devise::Controllers::InternalHelpers
|
4
3
|
|
5
4
|
# GET /resource/unlock/new
|
6
5
|
def new
|
7
6
|
build_resource({})
|
8
|
-
render_with_scope :new
|
9
7
|
end
|
10
8
|
|
11
9
|
# POST /resource/unlock
|
@@ -15,7 +13,7 @@ class Devise::UnlocksController < ApplicationController
|
|
15
13
|
if successfully_sent?(resource)
|
16
14
|
respond_with({}, :location => new_session_path(resource_name))
|
17
15
|
else
|
18
|
-
|
16
|
+
respond_with(resource)
|
19
17
|
end
|
20
18
|
end
|
21
19
|
|
@@ -27,7 +25,7 @@ class Devise::UnlocksController < ApplicationController
|
|
27
25
|
set_flash_message :notice, :unlocked if is_navigational_format?
|
28
26
|
respond_with_navigational(resource){ redirect_to new_session_path(resource) }
|
29
27
|
else
|
30
|
-
respond_with_navigational(resource.errors, :status => :unprocessable_entity){
|
28
|
+
respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new }
|
31
29
|
end
|
32
30
|
end
|
33
31
|
end
|
@@ -0,0 +1,169 @@
|
|
1
|
+
# All Devise controllers are inherited from here.
|
2
|
+
class DeviseController < Devise.parent_controller.constantize
|
3
|
+
include Devise::Controllers::ScopedViews
|
4
|
+
|
5
|
+
helper DeviseHelper
|
6
|
+
|
7
|
+
helpers = %w(resource scope_name resource_name signed_in_resource
|
8
|
+
resource_class devise_mapping devise_controller?)
|
9
|
+
hide_action *helpers
|
10
|
+
helper_method *helpers
|
11
|
+
|
12
|
+
prepend_before_filter :assert_is_devise_resource!
|
13
|
+
respond_to *Mime::SET.map(&:to_sym) if mimes_for_respond_to.empty?
|
14
|
+
|
15
|
+
# Gets the actual resource stored in the instance variable
|
16
|
+
def resource
|
17
|
+
instance_variable_get(:"@#{resource_name}")
|
18
|
+
end
|
19
|
+
|
20
|
+
# Proxy to devise map name
|
21
|
+
def resource_name
|
22
|
+
devise_mapping.name
|
23
|
+
end
|
24
|
+
alias :scope_name :resource_name
|
25
|
+
|
26
|
+
# Proxy to devise map class
|
27
|
+
def resource_class
|
28
|
+
devise_mapping.to
|
29
|
+
end
|
30
|
+
|
31
|
+
# Returns a signed in resource from session (if one exists)
|
32
|
+
def signed_in_resource
|
33
|
+
warden.authenticate(:scope => resource_name)
|
34
|
+
end
|
35
|
+
|
36
|
+
# Attempt to find the mapped route for devise based on request path
|
37
|
+
def devise_mapping
|
38
|
+
@devise_mapping ||= request.env["devise.mapping"]
|
39
|
+
end
|
40
|
+
|
41
|
+
# Overwrites devise_controller? to return true
|
42
|
+
def devise_controller?
|
43
|
+
true
|
44
|
+
end
|
45
|
+
|
46
|
+
protected
|
47
|
+
|
48
|
+
# Checks whether it's a devise mapped resource or not.
|
49
|
+
def assert_is_devise_resource! #:nodoc:
|
50
|
+
unknown_action! <<-MESSAGE unless devise_mapping
|
51
|
+
Could not find devise mapping for path #{request.fullpath.inspect}.
|
52
|
+
Maybe you forgot to wrap your route inside the scope block? For example:
|
53
|
+
|
54
|
+
devise_scope :user do
|
55
|
+
match "/some/route" => "some_devise_controller"
|
56
|
+
end
|
57
|
+
MESSAGE
|
58
|
+
end
|
59
|
+
|
60
|
+
# Returns real navigational formats which are supported by Rails
|
61
|
+
def navigational_formats
|
62
|
+
@navigational_formats ||= Devise.navigational_formats.select { |format| Mime::EXTENSION_LOOKUP[format.to_s] }
|
63
|
+
end
|
64
|
+
|
65
|
+
def unknown_action!(msg)
|
66
|
+
logger.debug "[Devise] #{msg}" if logger
|
67
|
+
raise AbstractController::ActionNotFound, msg
|
68
|
+
end
|
69
|
+
|
70
|
+
# Sets the resource creating an instance variable
|
71
|
+
def resource=(new_resource)
|
72
|
+
instance_variable_set(:"@#{resource_name}", new_resource)
|
73
|
+
end
|
74
|
+
|
75
|
+
# Build a devise resource.
|
76
|
+
def build_resource(hash=nil)
|
77
|
+
hash ||= params[resource_name] || {}
|
78
|
+
self.resource = resource_class.new(hash)
|
79
|
+
end
|
80
|
+
|
81
|
+
# Helper for use in before_filters where no authentication is required.
|
82
|
+
#
|
83
|
+
# Example:
|
84
|
+
# before_filter :require_no_authentication, :only => :new
|
85
|
+
def require_no_authentication
|
86
|
+
assert_is_devise_resource!
|
87
|
+
return unless is_navigational_format?
|
88
|
+
no_input = devise_mapping.no_input_strategies
|
89
|
+
|
90
|
+
authenticated = if no_input.present?
|
91
|
+
args = no_input.dup.push :scope => resource_name
|
92
|
+
warden.authenticate?(*args)
|
93
|
+
else
|
94
|
+
warden.authenticated?(resource_name)
|
95
|
+
end
|
96
|
+
|
97
|
+
if authenticated
|
98
|
+
resource = warden.user(resource_name)
|
99
|
+
flash[:alert] = I18n.t("devise.failure.already_authenticated")
|
100
|
+
redirect_to after_sign_in_path_for(resource)
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
# Helper for use after calling send_*_instructions methods on a resource.
|
105
|
+
# If we are in paranoid mode, we always act as if the resource was valid
|
106
|
+
# and instructions were sent.
|
107
|
+
def successfully_sent?(resource)
|
108
|
+
notice = if Devise.paranoid
|
109
|
+
resource.errors.clear
|
110
|
+
:send_paranoid_instructions
|
111
|
+
elsif resource.errors.empty?
|
112
|
+
:send_instructions
|
113
|
+
end
|
114
|
+
|
115
|
+
if notice
|
116
|
+
set_flash_message :notice, notice if is_navigational_format?
|
117
|
+
true
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
# Sets the flash message with :key, using I18n. By default you are able
|
122
|
+
# to setup your messages using specific resource scope, and if no one is
|
123
|
+
# found we look to default scope.
|
124
|
+
# Example (i18n locale file):
|
125
|
+
#
|
126
|
+
# en:
|
127
|
+
# devise:
|
128
|
+
# passwords:
|
129
|
+
# #default_scope_messages - only if resource_scope is not found
|
130
|
+
# user:
|
131
|
+
# #resource_scope_messages
|
132
|
+
#
|
133
|
+
# Please refer to README or en.yml locale file to check what messages are
|
134
|
+
# available.
|
135
|
+
def set_flash_message(key, kind, options={})
|
136
|
+
options[:scope] = "devise.#{controller_name}"
|
137
|
+
options[:default] = Array(options[:default]).unshift(kind.to_sym)
|
138
|
+
options[:resource_name] = resource_name
|
139
|
+
message = I18n.t("#{resource_name}.#{kind}", options)
|
140
|
+
flash[key] = message if message.present?
|
141
|
+
end
|
142
|
+
|
143
|
+
def clean_up_passwords(object)
|
144
|
+
object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
|
145
|
+
end
|
146
|
+
|
147
|
+
def respond_with_navigational(*args, &block)
|
148
|
+
respond_with(*args) do |format|
|
149
|
+
format.any(*navigational_formats, &block)
|
150
|
+
end
|
151
|
+
end
|
152
|
+
|
153
|
+
def request_format
|
154
|
+
@request_format ||= request.format.try(:ref)
|
155
|
+
end
|
156
|
+
|
157
|
+
def is_navigational_format?
|
158
|
+
Devise.navigational_formats.include?(request.format.try(:ref))
|
159
|
+
end
|
160
|
+
|
161
|
+
# Override prefixes to consider the scoped view.
|
162
|
+
def _prefixes #:nodoc:
|
163
|
+
@_prefixes ||= if self.class.scoped_views?
|
164
|
+
super.unshift("#{devise_mapping.scoped_path}/#{controller_name}")
|
165
|
+
else
|
166
|
+
super
|
167
|
+
end
|
168
|
+
end
|
169
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
<%- if controller_name != 'sessions' %>
|
2
|
+
<%= link_to "Sign in", new_session_path(resource_name) %><br />
|
3
|
+
<% end -%>
|
4
|
+
|
5
|
+
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
|
6
|
+
<%= link_to "Sign up", new_registration_path(resource_name) %><br />
|
7
|
+
<% end -%>
|
8
|
+
|
9
|
+
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
|
10
|
+
<%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
|
11
|
+
<% end -%>
|
12
|
+
|
13
|
+
<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
|
14
|
+
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
|
15
|
+
<% end -%>
|
16
|
+
|
17
|
+
<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
|
18
|
+
<%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
|
19
|
+
<% end -%>
|
20
|
+
|
21
|
+
<%- if devise_mapping.omniauthable? %>
|
22
|
+
<%- resource_class.omniauth_providers.each do |provider| %>
|
23
|
+
<%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
|
24
|
+
<% end -%>
|
25
|
+
<% end -%>
|
@@ -1,25 +1,3 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
|
6
|
-
<%= link_to "Sign up", new_registration_path(resource_name) %><br />
|
7
|
-
<% end -%>
|
8
|
-
|
9
|
-
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
|
10
|
-
<%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
|
11
|
-
<% end -%>
|
12
|
-
|
13
|
-
<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
|
14
|
-
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
|
15
|
-
<% end -%>
|
16
|
-
|
17
|
-
<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
|
18
|
-
<%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
|
19
|
-
<% end -%>
|
20
|
-
|
21
|
-
<%- if devise_mapping.omniauthable? %>
|
22
|
-
<%- resource_class.omniauth_providers.each do |provider| %>
|
23
|
-
<%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
|
24
|
-
<% end -%>
|
25
|
-
<% end -%>
|
1
|
+
<% ActiveSupport::Deprecation.warn "Rendering partials devise/shared/_links.erb is deprecated" \
|
2
|
+
"please use devise/_links.erb instead." %>
|
3
|
+
<%= render "links" %>
|
data/config/locales/en.yml
CHANGED
@@ -35,17 +35,15 @@ en:
|
|
35
35
|
confirmed: 'Your account was successfully confirmed. You are now signed in.'
|
36
36
|
registrations:
|
37
37
|
signed_up: 'Welcome! You have signed up successfully.'
|
38
|
-
|
38
|
+
signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
|
39
|
+
signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
|
40
|
+
signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
|
39
41
|
updated: 'You updated your account successfully.'
|
40
42
|
update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
|
41
43
|
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
|
42
|
-
reasons:
|
43
|
-
inactive: 'inactive'
|
44
|
-
unconfirmed: 'unconfirmed'
|
45
|
-
locked: 'locked'
|
46
44
|
unlocks:
|
47
45
|
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
|
48
|
-
unlocked: 'Your account
|
46
|
+
unlocked: 'Your account has been unlocked successfully. Please sign in to continue.'
|
49
47
|
send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.'
|
50
48
|
omniauth_callbacks:
|
51
49
|
success: 'Successfully authorized from %{kind} account.'
|