devise 2.0.6 → 2.1.0.rc

data/.travis.yml

@@ -1,5 +1,4 @@
 script: "bundle exec rake test"
-before_install: gem update --system
 rvm:
   - 1.8.7
   - 1.9.2

data/CHANGELOG.rdoc

@@ -1,16 +1,22 @@
-== 2.0.6
+== 2.1.0.dev
 
-* bug fix
-  * Do not confirm account after reset password
-
-== 2.0.5
+* enhancements
+  * Add check_fields! method on Devise::Models to check if the model includes the fields that Devise uses
+  * Add `skip_reconfirmation!` to skip reconfirmation
 
 * bug fix
-  * Require string conversion for all values
+  * Ensure after sign in hook is not called without a resource
+  * Fix a term: now on Omniauth related flash messages, we say that we're authenticating from an omniauth provider instead of authorizing
+
+* deprecation
+  * All devise modules should have a required_fields(klass) module method to help gathering missing attributes
 
 == 2.0.4
 
+Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
+
 * bug fix
+  * Fix when :host is used with devise_for  (by @mreinsch)
   * Fix a regression that caused Warden to be initialized too late
 
 == 2.0.3 (yanked)

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (2.0.6)
+    devise (2.0.4)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
       railties (~> 3.1)
@@ -39,7 +39,7 @@ GEM
       multi_json (~> 1.0)
     addressable (2.2.6)
     arel (3.0.0)
-    bcrypt-ruby (3.1.1)
+    bcrypt-ruby (3.0.1)
     bson (1.5.1)
     bson_ext (1.3.1)
     builder (3.0.0)
@@ -87,7 +87,7 @@ GEM
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
-    orm_adapter (0.0.7)
+    orm_adapter (0.0.6)
     polyglot (0.3.3)
     rack (1.4.1)
     rack-cache (1.1)

data/README.md

@@ -1,4 +1,4 @@
-*IMPORTANT:* Devise 2.0.0 is out. If you are upgrading, please read: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
+*IMPORTANT:* Devise 2.0 is out. If you are upgrading, please read: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
 
 ## Devise
 
@@ -109,6 +109,8 @@ rails generate devise MODEL
 
 Replace MODEL by the class name used for the applications users, it's frequently 'User' but could also be 'Admin'. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run "rake db:migrate" as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to Devise controller.
 
+Note that you should re-start your app here if you've already started it. Otherwise you'll run into strange errors like users being unable to login and the route helpers being undefined.
+
 ### Controller filters and helpers
 
 Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_filter:
@@ -135,13 +137,13 @@ You can access the session for this scope:
 user_session
 ```
 
-After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use +user_root_path+ if it exists, otherwise default +root_path+ will be used. This means that you need to set the root inside your routes:
+After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use `user_root_path` if it exists, otherwise default `root_path` will be used. This means that you need to set the root inside your routes:
 
 ```ruby
 root :to => "home#index"
 ```
 
-You can also overwrite +after_sign_in_path_for+ and +after_sign_out_path_for+ to customize your redirect hooks.
+You can also overwrite `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks.
 
 Finally, you need to set up default url options for the mailer in each environment. Here is the configuration for "config/environments/development.rb":
 
@@ -247,9 +249,9 @@ Devise also ships with default routes. If you need to customize them, you should
 devise_for :users, :path => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock', :registration => 'register', :sign_up => 'cmon_let_me_in' }
 ```
 
-Be sure to check +devise_for+ documentation for details.
+Be sure to check `devise_for` documentation for details.
 
-If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is to create your routes normally and wrap them in a +devise_scope+ block in the router:
+If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is to create your routes normally and wrap them in a `devise_scope` block in the router:
 
 ```ruby
 devise_scope :user do
@@ -257,15 +259,7 @@ devise_scope :user do
 end
 ```
 
-This way you tell devise to use the scope :user when "/sign_in" is accessed. Notice +devise_scope+ is also aliased as +as+ and you can also give a block to +devise_for+, resulting in the same behavior:
-
-```ruby
-devise_for :users do
-  get "sign_in", :to => "devise/sessions#new"
-end
-```
-
-Feel free to choose the one you prefer!
+This way you tell devise to use the scope :user when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router.
 
 ### I18n
 
@@ -327,7 +321,7 @@ class ActionController::TestCase
 end
 ```
 
-If you're using RSpec and want the helpers automatically included within all +describe+ blocks, add a file called spec/support/devise.rb with the following contents:
+If you're using RSpec and want the helpers automatically included within all `describe` blocks, add a file called spec/support/devise.rb with the following contents:
 
 ```ruby
 RSpec.configure do |config|

data/app/controllers/devise_controller.rb

@@ -89,8 +89,7 @@ MESSAGE
       warden.authenticated?(resource_name)
     end
 
-    if authenticated
-      resource = warden.user(resource_name)
+    if authenticated && resource = warden.user(resource_name)
       flash[:alert] = I18n.t("devise.failure.already_authenticated")
       redirect_to after_sign_in_path_for(resource)
     end
@@ -162,4 +161,4 @@ MESSAGE
       super
     end
   end
-end
+end

data/app/views/devise/_links.erb

@@ -1,25 +1,3 @@
-<%- if controller_name != 'sessions' %>
-  <%= link_to "Sign in", new_session_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
-  <%= link_to "Sign up", new_registration_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
-  <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
-  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
-  <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.omniauthable? %>
-  <%- resource_class.omniauth_providers.each do |provider| %>
-    <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
-  <% end -%>
-<% end -%>
+<% ActiveSupport::Deprecation.warn "Rendering partials devise/_links.erb is deprecated" \
+  "please use devise/shared/_links.erb instead."%>
+<%= render "shared/links" %>

data/app/views/devise/confirmations/new.html.erb

@@ -9,4 +9,4 @@
   <div><%= f.submit "Resend confirmation instructions" %></div>
 <% end %>
 
-<%= render "links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/passwords/edit.html.erb

@@ -13,4 +13,4 @@
   <div><%= f.submit "Change my password" %></div>
 <% end %>
 
-<%= render "links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/passwords/new.html.erb

@@ -9,4 +9,4 @@
   <div><%= f.submit "Send me reset password instructions" %></div>
 <% end %>
 
-<%= render "links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/registrations/new.html.erb

@@ -15,4 +15,4 @@
   <div><%= f.submit "Sign up" %></div>
 <% end %>
 
-<%= render "links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/sessions/new.html.erb

@@ -14,4 +14,4 @@
   <div><%= f.submit "Sign in" %></div>
 <% end %>
 
-<%= render "links" %>
+<%= render :partial => "devise/shared/links" %>

data/app/views/devise/shared/_links.erb

@@ -1,3 +1,25 @@
-<% ActiveSupport::Deprecation.warn "Rendering partials devise/shared/_links.erb is deprecated" \
-  "please use devise/_links.erb instead." %>
-<%= render "links" %>
+<%- if controller_name != 'sessions' %>
+  <%= link_to "Sign in", new_session_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+  <%= link_to "Sign up", new_registration_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
+  <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
+  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
+  <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.omniauthable? %>
+  <%- resource_class.omniauth_providers.each do |provider| %>
+    <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
+  <% end -%>
+<% end -%>

data/app/views/devise/unlocks/new.html.erb

@@ -9,4 +9,4 @@
   <div><%= f.submit "Resend unlock instructions" %></div>
 <% end %>
 
-<%= render "links" %>
+<%= render :partial => "devise/shared/links" %>

data/config/locales/en.yml

@@ -46,8 +46,8 @@ en:
       unlocked: 'Your account has been unlocked successfully. Please sign in to continue.'
       send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.'
     omniauth_callbacks:
-      success: 'Successfully authorized from %{kind} account.'
-      failure: 'Could not authorize you from %{kind} because "%{reason}".'
+      success: 'Successfully authenticated from %{kind} account.'
+      failure: 'Could not authenticate you from %{kind} because "%{reason}".'
     mailer:
       confirmation_instructions:
         subject: 'Confirmation instructions'

data/gemfiles/Gemfile.rails-3.1.x.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    devise (2.0.6)
+    devise (2.0.2)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.0.3)
       railties (~> 3.1)
@@ -40,7 +40,7 @@ GEM
       multi_json (~> 1.0)
     addressable (2.2.7)
     arel (2.2.1)
-    bcrypt-ruby (3.1.1)
+    bcrypt-ruby (3.0.1)
     bson (1.5.2)
     bson_ext (1.3.1)
     builder (3.0.0)
@@ -87,7 +87,7 @@ GEM
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
-    orm_adapter (0.0.7)
+    orm_adapter (0.0.6)
     polyglot (0.3.3)
     rack (1.3.6)
     rack-cache (1.1)

data/lib/devise.rb

@@ -23,6 +23,7 @@ module Devise
   module Encryptors
     autoload :Base, 'devise/encryptors/base'
     autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
+    autoload :BCrypt, 'devise/encryptors/bcrypt'
     autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
     autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
     autoload :Sha512, 'devise/encryptors/sha512'

data/lib/devise/controllers/helpers.rb

@@ -208,7 +208,7 @@ module Devise
       #       if resource.is_a?(User) && resource.can_publish?
       #         publisher_url
       #       else
-      #         signed_in_root_path(resource)
+      #         super
       #       end
       #   end
       #

data/lib/devise/encryptors/base.rb

@@ -15,6 +15,10 @@ module Devise
       def self.salt(stretches)
         Devise.friendly_token[0,20]
       end
+
+      def self.compare(encrypted_password, password, stretches, salt, pepper)
+        Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
+      end
     end
   end
-end
+end

data/lib/devise/encryptors/bcrypt.rb

@@ -0,0 +1,14 @@
+module Devise
+  module Encryptors
+    class BCrypt < Base
+      def self.digest(password, stretches, salt, pepper)
+        ::BCrypt::Engine.hash_secret("#{password}#{pepper}",salt, stretches)
+      end
+
+      def self.compare(encrypted_password, password, stretches, salt, pepper)
+        salt = ::BCrypt::Password.new(encrypted_password).salt
+        Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
+      end
+    end
+  end
+end

data/lib/devise/failure_app.rb

@@ -88,6 +88,7 @@ module Devise
       opts  = {}
       route = :"new_#{scope}_session_path"
       opts[:format] = request_format unless skip_format?
+      opts[:script_name] = nil
 
       context = send(Devise.available_router_name)
 

data/lib/devise/models.rb

@@ -1,5 +1,15 @@
 module Devise
   module Models
+    class MissingAttribute < StandardError
+      def initialize(attributes)
+        @attributes = attributes
+      end
+
+      def message
+        "The following attribute(s) is (are) missing on your model: #{@attributes.join(", ")}"
+      end
+    end
+
     # Creates configuration values for Devise and for the given module.
     #
     #   Devise::Models.config(Devise::Authenticatable, :stretches, 10)
@@ -39,6 +49,26 @@ module Devise
       end
     end
 
+    def self.check_fields!(klass)
+      failed_attributes = []
+
+      klass.devise_modules.each do |mod|
+        instance = klass.new
+
+        if const_get(mod.to_s.classify).respond_to?(:required_fields)
+          const_get(mod.to_s.classify).required_fields(klass).each do |field|
+            failed_attributes << field unless instance.respond_to?(field)
+          end
+        else
+          ActiveSupport::Deprecation.warn "The module #{mod} doesn't implement self.required_fields(klass). Devise uses required_fields to warn developers of any missing fields in their models. Please implement #{mod}.required_fields(klass) that returns an array of symbols with the required fields."
+        end
+      end
+
+      if failed_attributes.any?
+        fail Devise::Models::MissingAttribute.new(failed_attributes)
+      end
+    end
+
     # Include the chosen devise modules in your model:
     #
     #   devise :database_authenticatable, :confirmable, :recoverable
@@ -66,7 +96,7 @@ module Devise
             if class_mod.respond_to?(:available_configs)
               available_configs = class_mod.available_configs
               available_configs.each do |config|
-                next unless options.key?(config)                
+                next unless options.key?(config)
                 send(:"#{config}=", options.delete(config))
               end
             end
@@ -88,4 +118,4 @@ module Devise
   end
 end
 
-require 'devise/models/authenticatable'
+require 'devise/models/authenticatable'

data/lib/devise/models/authenticatable.rb

@@ -64,6 +64,10 @@ module Devise
         before_validation :strip_whitespace
       end
 
+      def self.required_fields(klass)
+        []
+      end
+
       # Check if the current object is valid for authentication. This method and
       # find_for_authentication are the methods used in a Warden::Strategy to check
       # if a model should be signed in or not.
@@ -74,6 +78,10 @@ module Devise
         block_given? ? yield : true
       end
 
+      def unauthenticated_message
+        :invalid
+      end
+
       def active_for_authentication?
         true
       end
@@ -154,20 +162,17 @@ module Devise
         # namedscope to filter records while authenticating.
         # Example:
         #
-        #   def self.find_for_authentication(tainted_conditions)
-        #     find_first_by_auth_conditions(tainted_conditions, :active => true)
+        #   def self.find_for_authentication(conditions={})
+        #     conditions[:active] = true
+        #     super
         #   end
         #
-        # Finally, notice that Devise also queries for users in other scenarios
-        # besides authentication, for example when retrieving an user to send
-        # an e-mail for password reset. In such cases, find_for_authentication
-        # is not called.
-        def find_for_authentication(tainted_conditions)
-          find_first_by_auth_conditions(tainted_conditions)
+        def find_for_authentication(conditions)
+          find_first_by_auth_conditions(conditions)
         end
 
-        def find_first_by_auth_conditions(tainted_conditions, opts={})
-          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
+        def find_first_by_auth_conditions(conditions)
+          to_adapter.find_first devise_param_filter.filter(conditions)
         end
 
         # Find an initialize a record setting an error if it can't be found.