devise 2.0.4 → 2.0.5

data/CHANGELOG.rdoc

@@ -1,6 +1,9 @@
-== 2.0.4
+== 2.0.5
+
+* bug fix
+  * Require string conversion for all values
 
-Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
+== 2.0.4
 
 * bug fix
   * Fix a regression that caused Warden to be initialized too late

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (2.0.2)
+    devise (2.0.4)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
       railties (~> 3.1)
@@ -87,7 +87,7 @@ GEM
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
-    orm_adapter (0.0.6)
+    orm_adapter (0.0.7)
     polyglot (0.3.3)
     rack (1.4.1)
     rack-cache (1.1)

data/lib/devise/models/authenticatable.rb

@@ -154,17 +154,20 @@ module Devise
         # namedscope to filter records while authenticating.
         # Example:
         #
-        #   def self.find_for_authentication(conditions={})
-        #     conditions[:active] = true
-        #     super
+        #   def self.find_for_authentication(tainted_conditions)
+        #     find_first_by_auth_conditions(tainted_conditions, active: true)
         #   end
         #
-        def find_for_authentication(conditions)
-          find_first_by_auth_conditions(conditions)
+        # Finally, notice that Devise also queries for users in other scenarios
+        # besides authentication, for example when retrieving an user to send
+        # an e-mail for password reset. In such cases, find_for_authentication
+        # is not called.
+        def find_for_authentication(tainted_conditions)
+          find_first_by_auth_conditions(tainted_conditions)
         end
 
-        def find_first_by_auth_conditions(conditions)
-          to_adapter.find_first devise_param_filter.filter(conditions)
+        def find_first_by_auth_conditions(tainted_conditions, opts={})
+          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
         end
 
         # Find an initialize a record setting an error if it can't be found.
@@ -210,4 +213,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise/param_filter.rb

@@ -33,9 +33,8 @@ module Devise
 
     private
 
-    # Determine which values should be transformed to string or passed as-is to the query builder underneath
     def param_requires_string_conversion?(value)
-      [Fixnum, TrueClass, FalseClass, Regexp].none? {|clz| value.is_a? clz }
+      true
     end
   end
 end

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "2.0.4".freeze
+  VERSION = "2.0.5".freeze
 end

data/test/models/authenticatable_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class AuthenticatableTest < ActiveSupport::TestCase
+  test 'find_first_by_auth_conditions allows custom filtering parameters' do
+    user = User.create!(email: "example@example.com", password: "123456")
+    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
+    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id + 1), nil
+  end
+end

data/test/models/database_authenticatable_test.rb

@@ -23,15 +23,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test "param filter should not convert booleans and integer to strings" do
-    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
+    conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
     conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
-  end
-
-  test "param filter should not convert regular expressions to strings" do
-    conditions = { "regexp" => /expression/ }
-    conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { "regexp" => /expression/ }, conditions)
+    assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
   end
 
   test 'should respond to password and password confirmation' do

metadata

@@ -1,8 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: devise
 version: !ruby/object:Gem::Version
-  version: 2.0.4
   prerelease: 
+  version: 2.0.5
 platform: ruby
 authors:
 - José Valim
@@ -10,52 +10,72 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-17 00:00:00.000000000 Z
+date: 2013-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: warden
-  requirement: &2156392360 !ruby/object:Gem::Requirement
-    none: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.1.1
+    none: false
+  name: warden
   type: :runtime
   prerelease: false
-  version_requirements: *2156392360
-- !ruby/object:Gem::Dependency
-  name: orm_adapter
-  requirement: &2156391100 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.1
     none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.0.3
+    none: false
+  name: orm_adapter
   type: :runtime
   prerelease: false
-  version_requirements: *2156391100
-- !ruby/object:Gem::Dependency
-  name: bcrypt-ruby
-  requirement: &2156389800 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.3
     none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
+    none: false
+  name: bcrypt-ruby
   type: :runtime
   prerelease: false
-  version_requirements: *2156389800
-- !ruby/object:Gem::Dependency
-  name: railties
-  requirement: &2156387120 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
     none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
+    none: false
+  name: railties
   type: :runtime
   prerelease: false
-  version_requirements: *2156387120
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    none: false
 description: Flexible authentication solution for Rails with Warden
 email: contact@plataformatec.com.br
 executables: []
@@ -198,6 +218,7 @@ files:
 - test/mailers/reset_password_instructions_test.rb
 - test/mailers/unlock_instructions_test.rb
 - test/mapping_test.rb
+- test/models/authenticatable_test.rb
 - test/models/confirmable_test.rb
 - test/models/database_authenticatable_test.rb
 - test/models/encryptable_test.rb
@@ -279,20 +300,20 @@ rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
+required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+  none: false
 requirements: []
 rubyforge_project: devise
-rubygems_version: 1.8.15
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Flexible authentication solution for Rails with Warden
@@ -328,6 +349,7 @@ test_files:
 - test/mailers/reset_password_instructions_test.rb
 - test/mailers/unlock_instructions_test.rb
 - test/mapping_test.rb
+- test/models/authenticatable_test.rb
 - test/models/confirmable_test.rb
 - test/models/database_authenticatable_test.rb
 - test/models/encryptable_test.rb