devise 2.0.0.rc → 2.0.0.rc2

data/lib/devise/rails/warden_compat.rb

@@ -34,87 +34,4 @@ class Warden::SessionSerializer
       end
     end
   end
-end
-
-unless Devise.rack_session?
-  # We cannot use Rails Indifferent Hash because it messes up the flash object.
-  class Devise::IndifferentHash < Hash
-    alias_method :regular_writer, :[]= unless method_defined?(:regular_writer)
-    alias_method :regular_update, :update unless method_defined?(:regular_update)
-
-    def [](key)
-      super(convert_key(key))
-    end
-
-    def []=(key, value)
-      regular_writer(convert_key(key), value)
-    end
-
-    alias_method :store, :[]=
-
-    def update(other_hash)
-      other_hash.each_pair { |key, value| regular_writer(convert_key(key), value) }
-      self
-    end
-
-    alias_method :merge!, :update
-
-    def key?(key)
-      super(convert_key(key))
-    end
-
-    alias_method :include?, :key?
-    alias_method :has_key?, :key?
-    alias_method :member?, :key?
-
-    def fetch(key, *extras)
-      super(convert_key(key), *extras)
-    end
-
-    def values_at(*indices)
-      indices.collect {|key| self[convert_key(key)]}
-    end
-
-    def merge(hash)
-      self.dup.update(hash)
-    end
-
-    def delete(key)
-      super(convert_key(key))
-    end
-
-    def stringify_keys!; self end
-    def stringify_keys; dup end
-
-    undef :symbolize_keys!
-    def symbolize_keys; to_hash.symbolize_keys end
-
-    def to_options!; self end
-    def to_hash; Hash.new.update(self) end
-
-    protected
-
-    def convert_key(key)
-      key.kind_of?(Symbol) ? key.to_s : key
-    end
-  end
-
-  class ActionDispatch::Request
-    def reset_session
-      session.destroy if session && session.respond_to?(:destroy)
-      self.session = {}
-      @env['action_dispatch.request.flash_hash'] = nil
-    end
-  end
-
-  Warden::Manager.after_set_user :event => [:set_user, :authentication] do |record, warden, options|
-    if options[:scope] && warden.authenticated?(options[:scope])
-      request, flash = warden.request, warden.env['action_dispatch.request.flash_hash']
-      backup = request.session.to_hash
-      backup.delete("session_id")
-      request.reset_session
-      warden.env['action_dispatch.request.flash_hash'] = flash
-      request.session = Devise::IndifferentHash.new.update(backup)
-    end
-  end
 end

data/lib/devise/strategies/authenticatable.rb

@@ -105,7 +105,7 @@ module Devise
       # Helper to decode credentials from HTTP.
       def decode_credentials
         return [] unless request.authorization && request.authorization =~ /^Basic (.*)/m
-        ActiveSupport::Base64.decode64($1).split(/:/, 2)
+        Base64.decode64($1).split(/:/, 2)
       end
 
       # Sets the authentication hash and the password from params_auth_hash or http_auth_hash.
@@ -156,4 +156,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "2.0.0.rc".freeze
+  VERSION = "2.0.0.rc2".freeze
 end

data/lib/generators/active_record/devise_generator.rb

@@ -62,7 +62,7 @@ CONTENT
       # t.string   :unlock_token # Only if unlock strategy is :email or :both
       # t.datetime :locked_at
 
-      # Token authenticatable
+      ## Token authenticatable
       # t.string :authentication_token
 RUBY
       end

data/lib/generators/active_record/templates/migration.rb

@@ -1,9 +1,5 @@
 class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
-<% if ::Rails::VERSION::MAJOR == 3 && ::Rails::VERSION::MINOR >= 1 -%>
   def change
-<% else -%>
-  def self.up
-<% end -%>
     create_table(:<%= table_name %>) do |t|
 <%= migration_data -%>
 
@@ -20,10 +16,4 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
     # add_index :<%= table_name %>, :unlock_token,         :unique => true
     # add_index :<%= table_name %>, :authentication_token, :unique => true
   end
-
-<% unless ::Rails::VERSION::MAJOR == 3 && ::Rails::VERSION::MINOR >= 1 -%>
-  def self.down
-    drop_table :<%= table_name %>
-  end
-<% end -%>
 end

data/lib/generators/devise/views_generator.rb

@@ -32,17 +32,6 @@ module Devise
       end
     end
 
-    class SharedViewsGenerator < Rails::Generators::Base #:nodoc:
-      include ViewPathTemplates
-      source_root File.expand_path("../../../../app/views/devise", __FILE__)
-      desc "Copies shared Devise views to your application."
-
-      # Override copy_views to just copy mailer and shared.
-      def copy_views
-        view_directory :shared
-      end
-    end
-
     class FormForGenerator < Rails::Generators::Base #:nodoc:
       include ViewPathTemplates
       source_root File.expand_path("../../../../app/views/devise", __FILE__)
@@ -80,12 +69,15 @@ module Devise
     end
 
     class ViewsGenerator < Rails::Generators::Base
+      include ViewPathTemplates
+
+      source_root File.expand_path("../../../../app/views/devise", __FILE__)
       desc "Copies Devise views to your application."
 
-      argument :scope, :required => false, :default => nil,
-                       :desc => "The scope to copy views to"
+      def copy_views
+        copy_file "_links.erb", "#{target_path}/_links.erb"
+      end
 
-      invoke SharedViewsGenerator
       hook_for :form_builder, :aliases => "-b",
                               :desc => "Form builder to be used",
                               :default => defined?(SimpleForm) ? "simple_form_for" : "form_for"

data/lib/generators/templates/devise.rb

@@ -46,9 +46,15 @@ Devise.setup do |config|
   config.strip_whitespace_keys = [ :email ]
 
   # Tell if authentication through request.params is enabled. True by default.
+  # It can be set to an array that will enable params authentication only for the
+  # given strategies, for example, `config.params_authenticatable = [:database]` will
+  # enable it only for database (email + password) authentication.
   # config.params_authenticatable = true
 
   # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # It can be set to an array that will enable http authentication only for the
+  # given strategies, for example, `config.http_authenticatable = [:token]` will
+  # enable it only for token authentication.
   # config.http_authenticatable = false
 
   # If http headers should be returned for AJAX requests. True by default.
@@ -64,6 +70,9 @@ Devise.setup do |config|
 
   # By default Devise will store the user in session. You can skip storage for
   # :http_auth and :token_auth by adding those symbols to the array below.
+  # Notice that if you are skipping storage for all authentication paths, you
+  # may want to disable generating routes to Devise's sessions controller by
+  # passing :skip => :sessions to `devise_for` in your config/routes.rb
   config.skip_session_storage = [:http_auth]
 
   # ==> Configuration for :database_authenticatable
@@ -192,9 +201,8 @@ Devise.setup do |config|
   # If you have any extra navigational formats, like :iphone or :mobile, you
   # should add them to the navigational formats lists.
   #
-  # The :"*/*" and "*/*" formats below is required to match Internet
-  # Explorer requests.
-  # config.navigational_formats = [:"*/*", "*/*", :html]
+  # The "*/*" below is required to match Internet Explorer requests.
+  # config.navigational_formats = ["*/*", :html]
 
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete

data/lib/generators/templates/simple_form_for/confirmations/new.html.erb

@@ -12,4 +12,4 @@
   </div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/lib/generators/templates/simple_form_for/passwords/edit.html.erb

@@ -16,4 +16,4 @@
   </div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/lib/generators/templates/simple_form_for/passwords/new.html.erb

@@ -12,4 +12,4 @@
   </div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/lib/generators/templates/simple_form_for/registrations/new.html.erb

@@ -14,4 +14,4 @@
   </div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/lib/generators/templates/simple_form_for/sessions/new.html.erb

@@ -12,4 +12,4 @@
   </div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/lib/generators/templates/simple_form_for/unlocks/new.html.erb

@@ -12,4 +12,4 @@
   </div>
 <% end %>
 
-<%= render :partial => "devise/shared/links" %>
+<%= render "links" %>

data/test/controllers/internal_helpers_test.rb

@@ -1,7 +1,6 @@
 require 'test_helper'
 
-class MyController < ApplicationController
-  include Devise::Controllers::InternalHelpers
+class MyController < DeviseController
 end
 
 class HelpersTest < ActionController::TestCase

data/test/failure_app_test.rb

@@ -3,7 +3,9 @@ require 'ostruct'
 
 class FailureTest < ActiveSupport::TestCase
   class RootFailureApp < Devise::FailureApp
-    undef_method :new_user_session_path
+    def fake_app
+      Object.new
+    end
   end
 
   def self.context(name, &block)
@@ -41,15 +43,17 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'return to the root path if no session path is available' do
-      call_failure :app => RootFailureApp
-      assert_equal 302, @response.first
-      assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
-      assert_equal 'http://test.host/', @response.second['Location']
+      swap Devise, :router_name => :fake_app do
+        call_failure :app => RootFailureApp
+        assert_equal 302, @response.first
+        assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+        assert_equal 'http://test.host/', @response.second['Location']
+      end
     end
 
     test 'uses the proxy failure message as symbol' do
-      call_failure('warden' => OpenStruct.new(:message => :test))
-      assert_equal 'test', @request.flash[:alert]
+      call_failure('warden' => OpenStruct.new(:message => :invalid))
+      assert_equal 'Invalid email or password.', @request.flash[:alert]
       assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
     end
 
@@ -73,14 +77,14 @@ class FailureTest < ActiveSupport::TestCase
 
     test 'works for any navigational format' do
       swap Devise, :navigational_formats => [:xml] do
-        call_failure('formats' => :xml)
+        call_failure('formats' => Mime::XML)
         assert_equal 302, @response.first
       end
     end
 
     test 'redirects the correct format if it is a non-html format request' do
       swap Devise, :navigational_formats => [:js] do
-        call_failure('formats' => :js)
+        call_failure('formats' => Mime::JS)
         assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"]
       end
     end
@@ -88,18 +92,18 @@ class FailureTest < ActiveSupport::TestCase
 
   context 'For HTTP request' do
     test 'return 401 status' do
-      call_failure('formats' => :xml)
+      call_failure('formats' => Mime::XML)
       assert_equal 401, @response.first
     end
 
     test 'return appropriate body for xml' do
-      call_failure('formats' => :xml)
+      call_failure('formats' => Mime::XML)
       result = %(<?xml version="1.0" encoding="UTF-8"?>\n<errors>\n  <error>You need to sign in or sign up before continuing.</error>\n</errors>\n)
       assert_equal result, @response.last.body
     end
 
     test 'return appropriate body for json' do
-      call_failure('formats' => :json)
+      call_failure('formats' => Mime::JSON)
       result = %({"error":"You need to sign in or sign up before continuing."})
       assert_equal result, @response.last.body
     end
@@ -110,26 +114,26 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'return WWW-authenticate headers if model allows' do
-      call_failure('formats' => :xml)
+      call_failure('formats' => Mime::XML)
       assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
     end
 
     test 'does not return WWW-authenticate headers if model does not allow' do
       swap Devise, :http_authenticatable => false do
-        call_failure('formats' => :xml)
+        call_failure('formats' => Mime::XML)
         assert_nil @response.second["WWW-Authenticate"]
       end
     end
 
     test 'works for any non navigational format' do
       swap Devise, :navigational_formats => [] do
-        call_failure('formats' => :html)
+        call_failure('formats' => Mime::HTML)
         assert_equal 401, @response.first
       end
     end
 
     test 'uses the failure message as response body' do
-      call_failure('formats' => :xml, 'warden' => OpenStruct.new(:message => :invalid))
+      call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(:message => :invalid))
       assert_match '<error>Invalid email or password.</error>', @response.third.body
     end
 
@@ -137,7 +141,7 @@ class FailureTest < ActiveSupport::TestCase
       context 'when http_authenticatable_on_xhr is false' do
         test 'dont return 401 with navigational formats' do
           swap Devise, :http_authenticatable_on_xhr => false do
-            call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+            call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 302, @response.first
             assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
           end
@@ -145,7 +149,7 @@ class FailureTest < ActiveSupport::TestCase
 
         test 'dont return 401 with non navigational formats' do
           swap Devise, :http_authenticatable_on_xhr => false do
-            call_failure('formats' => :json, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+            call_failure('formats' => Mime::JSON, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 302, @response.first
             assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"]
           end
@@ -155,14 +159,14 @@ class FailureTest < ActiveSupport::TestCase
       context 'when http_authenticatable_on_xhr is true' do
         test 'return 401' do
           swap Devise, :http_authenticatable_on_xhr => true do
-            call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+            call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 401, @response.first
           end
         end
 
         test 'skip WWW-Authenticate header' do
           swap Devise, :http_authenticatable_on_xhr => true do
-            call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
+            call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_nil @response.second['WWW-Authenticate']
           end
         end

data/test/generators/active_record_generator_test.rb

@@ -8,20 +8,10 @@ if DEVISE_ORM == :active_record
     destination File.expand_path("../../tmp", __FILE__)
     setup :prepare_destination
 
-    test "all files are properly created" do
-      with_rails_version :MAJOR => 3, :MINOR => 0 do
-        run_generator %w(monster)
-        assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
-        assert_migration "db/migrate/devise_create_monsters.rb", /def self\.up/
-      end
-    end
-
     test "all files are properly created with rails31 migration syntax" do
-      with_rails_version :MAJOR => 3, :MINOR => 1 do
-        run_generator %w(monster)
-        assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
-        assert_migration "db/migrate/devise_create_monsters.rb", /def change/
-      end
+      run_generator %w(monster)
+      assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
+      assert_migration "db/migrate/devise_create_monsters.rb", /def change/
     end
 
     test "update model migration when model exists" do

data/test/generators/views_generator_test.rb

@@ -46,7 +46,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
     assert_file "app/views/#{scope}/registrations/new.html.erb"
     assert_file "app/views/#{scope}/registrations/edit.html.erb"
     assert_file "app/views/#{scope}/sessions/new.html.erb"
-    assert_file "app/views/#{scope}/shared/_links.erb"
     assert_file "app/views/#{scope}/unlocks/new.html.erb"
+    assert_file "app/views/#{scope}/_links.erb"
   end
 end

data/test/integration/authenticatable_test.rb

@@ -407,7 +407,10 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
 
   test 'sign in stub in xml format' do
     get new_user_session_path(:format => 'xml')
-    assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>\n  <email></email>\n  <password nil=\"true\"></password>\n</user>\n", response.body
+    assert_match '<?xml version="1.0" encoding="UTF-8"?>', response.body
+    assert_match /<user>.*<\/user>/m, response.body
+    assert_match '<email></email>', response.body
+    assert_match '<password nil="true"></password>', response.body
   end
 
   test 'sign in stub in json format' do
@@ -432,12 +435,6 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
     assert_not warden.authenticated?(:admin)
   end
 
-  test 'uses the mapping from nested devise_for call' do
-    sign_in_as_user :visit => "/devise_for/sign_in"
-    assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
-  end
-
   test 'sign in with xml format returns xml response' do
     create_user
     post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '123456'}