devise 2.1.0 → 2.1.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (60) hide show
  1. data/CHANGELOG.rdoc +34 -17
  2. data/Gemfile +1 -1
  3. data/Gemfile.lock +45 -45
  4. data/README.md +23 -18
  5. data/Rakefile +1 -1
  6. data/app/controllers/devise/omniauth_callbacks_controller.rb +6 -0
  7. data/app/controllers/devise/passwords_controller.rb +9 -0
  8. data/app/controllers/devise/sessions_controller.rb +1 -0
  9. data/app/controllers/devise_controller.rb +16 -5
  10. data/app/views/devise/confirmations/new.html.erb +1 -1
  11. data/app/views/devise/passwords/edit.html.erb +1 -1
  12. data/app/views/devise/passwords/new.html.erb +1 -1
  13. data/app/views/devise/registrations/edit.html.erb +1 -1
  14. data/app/views/devise/registrations/new.html.erb +1 -1
  15. data/app/views/devise/sessions/new.html.erb +1 -1
  16. data/app/views/devise/unlocks/new.html.erb +1 -1
  17. data/config/locales/en.yml +1 -0
  18. data/devise.gemspec +2 -2
  19. data/lib/devise.rb +5 -1
  20. data/lib/devise/controllers/helpers.rb +11 -8
  21. data/lib/devise/hooks/timeoutable.rb +6 -3
  22. data/lib/devise/models.rb +5 -4
  23. data/lib/devise/models/authenticatable.rb +49 -12
  24. data/lib/devise/models/confirmable.rb +2 -2
  25. data/lib/devise/models/database_authenticatable.rb +1 -1
  26. data/lib/devise/models/lockable.rb +8 -4
  27. data/lib/devise/models/recoverable.rb +1 -1
  28. data/lib/devise/omniauth.rb +1 -1
  29. data/lib/devise/omniauth/url_helpers.rb +0 -15
  30. data/lib/devise/rails/routes.rb +59 -25
  31. data/lib/devise/strategies/authenticatable.rb +16 -5
  32. data/lib/devise/strategies/base.rb +5 -0
  33. data/lib/devise/strategies/database_authenticatable.rb +1 -2
  34. data/lib/devise/strategies/rememberable.rb +5 -3
  35. data/lib/devise/strategies/token_authenticatable.rb +1 -2
  36. data/lib/devise/version.rb +1 -1
  37. data/lib/generators/devise/views_generator.rb +6 -0
  38. data/lib/generators/mongoid/devise_generator.rb +5 -2
  39. data/lib/generators/templates/devise.rb +20 -4
  40. data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +3 -3
  41. data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +3 -3
  42. data/lib/generators/templates/simple_form_for/passwords/new.html.erb +3 -3
  43. data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +3 -3
  44. data/lib/generators/templates/simple_form_for/registrations/new.html.erb +3 -3
  45. data/lib/generators/templates/simple_form_for/sessions/new.html.erb +3 -3
  46. data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +3 -3
  47. data/test/controllers/helpers_test.rb +6 -7
  48. data/test/controllers/sessions_controller_test.rb +22 -15
  49. data/test/integration/authenticatable_test.rb +109 -63
  50. data/test/integration/recoverable_test.rb +6 -0
  51. data/test/integration/timeoutable_test.rb +28 -2
  52. data/test/models/recoverable_test.rb +3 -3
  53. data/test/models_test.rb +3 -3
  54. data/test/omniauth/url_helpers_test.rb +1 -8
  55. data/test/rails_app/app/controllers/admins_controller.rb +5 -0
  56. data/test/rails_app/config/routes.rb +11 -1
  57. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +3 -0
  58. data/test/support/assertions.rb +6 -8
  59. data/test/support/integration.rb +2 -1
  60. metadata +14 -19
data/test/integration/recoverable_test.rb CHANGED
@@ -126,6 +126,12 @@ class PasswordTest < ActionController::IntegrationTest
126
126
  assert warden.authenticated?(:user)
127
127
  end
128
128
 
129
+ test 'not authenticated user without a reset password token should not be able to visit the page' do
130
+ get edit_user_password_path
131
+ assert_response :redirect
132
+ assert_redirected_to "/users/sign_in"
133
+ end
134
+
129
135
  test 'not authenticated user with invalid reset password token should not be able to change his password' do
130
136
  user = create_user
131
137
  reset_password :reset_password_token => 'invalid_reset_password'
data/test/integration/timeoutable_test.rb CHANGED
@@ -25,7 +25,7 @@ class SessionTimeoutTest < ActionController::IntegrationTest
25
25
  assert_equal old_last_request, last_request_at
26
26
  end
27
27
 
28
- test 'not time out user session before default limit time' do
28
+ test 'does not time out user session before default limit time' do
29
29
  sign_in_as_user
30
30
  assert_response :success
31
31
  assert warden.authenticated?(:user)
@@ -53,10 +53,36 @@ class SessionTimeoutTest < ActionController::IntegrationTest
53
53
 
54
54
  assert_response :redirect
55
55
  assert_redirected_to root_path
56
+ follow_redirect!
57
+ assert_contain 'Signed out successfully'
58
+ end
59
+
60
+ test 'time out is not triggered on sign in' do
61
+ user = sign_in_as_user
62
+ get expire_user_path(user)
63
+
64
+ post "/users/sign_in", :email => user.email, :password => "123456"
56
65
 
66
+ assert_response :redirect
57
67
  follow_redirect!
68
+ assert_contain 'You are signed in'
69
+ end
58
70
 
59
- assert_contain 'Signed out successfully'
71
+ test 'admin does not explode on time out' do
72
+ admin = sign_in_as_admin
73
+ get expire_admin_path(admin)
74
+
75
+ Admin.send :define_method, :reset_authentication_token! do
76
+ nil
77
+ end
78
+
79
+ begin
80
+ get admins_path
81
+ assert_redirected_to admins_path
82
+ assert_not warden.authenticated?(:admin)
83
+ ensure
84
+ Admin.send(:remove_method, :reset_authentication_token!)
85
+ end
60
86
  end
61
87
 
62
88
  test 'user configured timeout limit' do
data/test/models/recoverable_test.rb CHANGED
@@ -97,7 +97,7 @@ class RecoverableTest < ActiveSupport::TestCase
97
97
  test 'should reset reset_password_token before send the reset instructions email' do
98
98
  user = create_user
99
99
  token = user.reset_password_token
100
- reset_password_user = User.send_reset_password_instructions(:email => user.email)
100
+ User.send_reset_password_instructions(:email => user.email)
101
101
  assert_not_equal token, user.reload.reset_password_token
102
102
  end
103
103
 
@@ -142,7 +142,7 @@ class RecoverableTest < ActiveSupport::TestCase
142
142
  old_password = user.password
143
143
  user.send :generate_reset_password_token!
144
144
 
145
- reset_password_user = User.reset_password_by_token(
145
+ User.reset_password_by_token(
146
146
  :reset_password_token => user.reset_password_token,
147
147
  :password => 'new_password',
148
148
  :password_confirmation => 'new_password'
@@ -202,4 +202,4 @@ class RecoverableTest < ActiveSupport::TestCase
202
202
  :reset_password_token
203
203
  ]
204
204
  end
205
- end
205
+ end
data/test/models_test.rb CHANGED
@@ -25,7 +25,7 @@ end
25
25
  class ActiveRecordTest < ActiveSupport::TestCase
26
26
  def include_module?(klass, mod)
27
27
  klass.devise_modules.include?(mod) &&
28
- klass.included_modules.include?(Devise::Models::const_get(mod.to_s.classify))
28
+ klass.included_modules.include?(Devise::Models::const_get(mod.to_s.classify))
29
29
  end
30
30
 
31
31
  def assert_include_modules(klass, *modules)
@@ -153,13 +153,13 @@ class CheckFieldsTest < ActiveSupport::TestCase
153
153
  devise :database_authenticatable
154
154
  end
155
155
 
156
- exception = assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: encrypted_password, email" do
156
+ assert_raise_with_message Devise::Models::MissingAttribute, "The following attribute(s) is (are) missing on your model: encrypted_password, email" do
157
157
  Devise::Models.check_fields!(Magician)
158
158
  end
159
159
  end
160
160
 
161
161
  test "doesn't raise a NoMethodError exception when the module doesn't have a required_field(klass) class method" do
162
- driver = Class.new do
162
+ driver = Class.new do
163
163
  extend Devise::Models
164
164
 
165
165
  def self.before_validation(instance)
data/test/omniauth/url_helpers_test.rb CHANGED
@@ -30,7 +30,7 @@ class OmniAuthRoutesTest < ActionController::TestCase
30
30
  test 'should generate authorization path' do
31
31
  assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook)
32
32
 
33
- assert_raise ArgumentError do
33
+ assert_raise ActionController::RoutingError do
34
34
  @controller.omniauth_authorize_path(:user, :github)
35
35
  end
36
36
  end
@@ -48,11 +48,4 @@ class OmniAuthRoutesTest < ActionController::TestCase
48
48
  assert_equal "/users/auth/openid",
49
49
  @controller.omniauth_authorize_path(:user, :openid)
50
50
  end
51
-
52
- test 'should set script name in the path if present' do
53
- @request.env['SCRIPT_NAME'] = '/q'
54
-
55
- assert_equal "/q/users/auth/facebook",
56
- @controller.omniauth_authorize_path(:user, :facebook)
57
- end
58
51
  end
data/test/rails_app/app/controllers/admins_controller.rb CHANGED
@@ -3,4 +3,9 @@ class AdminsController < ApplicationController
3
3
 
4
4
  def index
5
5
  end
6
+
7
+ def expire
8
+ admin_session['last_request_at'] = 31.minutes.ago.utc
9
+ render :text => 'Admin will be expired on next request'
10
+ end
6
11
  end
data/test/rails_app/config/routes.rb CHANGED
@@ -9,7 +9,9 @@ Rails.application.routes.draw do
9
9
  end
10
10
  end
11
11
 
12
- resources :admins, :only => [:index]
12
+ resources :admins, :only => [:index] do
13
+ get :expire, :on => :member
14
+ end
13
15
 
14
16
  # Users scope
15
17
  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
@@ -30,10 +32,18 @@ Rails.application.routes.draw do
30
32
  match "/private", :to => "home#private", :as => :private
31
33
  end
32
34
 
35
+ authenticate(:admin, lambda { |admin| admin.active? }) do
36
+ match "/private/active", :to => "home#private", :as => :private_active
37
+ end
38
+
33
39
  authenticated :admin do
34
40
  match "/dashboard", :to => "home#admin_dashboard"
35
41
  end
36
42
 
43
+ authenticated :admin, lambda { |admin| admin.active? } do
44
+ match "/dashboard/active", :to => "home#admin_dashboard"
45
+ end
46
+
37
47
  authenticated do
38
48
  match "/dashboard", :to => "home#user_dashboard"
39
49
  end
data/test/rails_app/db/migrate/20100401102949_create_tables.rb CHANGED
@@ -60,6 +60,9 @@ class CreateTables < ActiveRecord::Migration
60
60
  ## Lockable
61
61
  t.datetime :locked_at
62
62
 
63
+ ## Attribute for testing route blocks
64
+ t.boolean :active, :default => false
65
+
63
66
  t.timestamps
64
67
  end
65
68
  end
data/test/support/assertions.rb CHANGED
@@ -15,14 +15,14 @@ class ActiveSupport::TestCase
15
15
  alias :assert_present :assert_not_blank
16
16
 
17
17
  def assert_email_sent(address = nil, &block)
18
- assert_difference('ActionMailer::Base.deliveries.size') { yield }
18
+ assert_difference('ActionMailer::Base.deliveries.size', &block)
19
19
  if address.present?
20
20
  assert_equal address, ActionMailer::Base.deliveries.last['to'].to_s
21
21
  end
22
22
  end
23
23
 
24
24
  def assert_email_not_sent(&block)
25
- assert_no_difference('ActionMailer::Base.deliveries.size') { yield }
25
+ assert_no_difference('ActionMailer::Base.deliveries.size', &block)
26
26
  end
27
27
 
28
28
  def assert_same_content(result, expected)
@@ -32,11 +32,9 @@ class ActiveSupport::TestCase
32
32
  end
33
33
  end
34
34
 
35
- def assert_raise_with_message(exception_klass, message)
36
- exception = assert_raise exception_klass do
37
- yield
38
- end
39
-
40
- assert_equal exception.message, message, "The expected message was #{message} but your exception throwed #{exception.message}"
35
+ def assert_raise_with_message(exception_klass, message, &block)
36
+ exception = assert_raise exception_klass, &block
37
+ assert_equal exception.message, message,
38
+ "The expected message was #{message} but your exception throwed #{exception.message}"
41
39
  end
42
40
  end
data/test/support/integration.rb CHANGED
@@ -24,7 +24,8 @@ class ActionDispatch::IntegrationTest
24
24
  @admin ||= begin
25
25
  admin = Admin.create!(
26
26
  :email => options[:email] || 'admin@test.com',
27
- :password => '123456', :password_confirmation => '123456'
27
+ :password => '123456', :password_confirmation => '123456',
28
+ :active => options[:active]
28
29
  )
29
30
  admin.confirm! unless options[:confirm] == false
30
31
  admin
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.1.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,33 +10,33 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-05-15 00:00:00.000000000 Z
13
+ date: 2012-06-19 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: warden
17
- requirement: &70295029841060 !ruby/object:Gem::Requirement
17
+ requirement: &2157810840 !ruby/object:Gem::Requirement
18
18
  none: false
19
19
  requirements:
20
20
  - - ~>
21
21
  - !ruby/object:Gem::Version
22
- version: 1.1.1
22
+ version: 1.2.1
23
23
  type: :runtime
24
24
  prerelease: false
25
- version_requirements: *70295029841060
25
+ version_requirements: *2157810840
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: orm_adapter
28
- requirement: &70295029863720 !ruby/object:Gem::Requirement
28
+ requirement: &2157810340 !ruby/object:Gem::Requirement
29
29
  none: false
30
30
  requirements:
31
31
  - - ~>
32
32
  - !ruby/object:Gem::Version
33
- version: 0.0.7
33
+ version: '0.1'
34
34
  type: :runtime
35
35
  prerelease: false
36
- version_requirements: *70295029863720
36
+ version_requirements: *2157810340
37
37
  - !ruby/object:Gem::Dependency
38
38
  name: bcrypt-ruby
39
- requirement: &70295029862760 !ruby/object:Gem::Requirement
39
+ requirement: &2157809880 !ruby/object:Gem::Requirement
40
40
  none: false
41
41
  requirements:
42
42
  - - ~>
@@ -44,10 +44,10 @@ dependencies:
44
44
  version: '3.0'
45
45
  type: :runtime
46
46
  prerelease: false
47
- version_requirements: *70295029862760
47
+ version_requirements: *2157809880
48
48
  - !ruby/object:Gem::Dependency
49
49
  name: railties
50
- requirement: &70295029861220 !ruby/object:Gem::Requirement
50
+ requirement: &2157809420 !ruby/object:Gem::Requirement
51
51
  none: false
52
52
  requirements:
53
53
  - - ~>
@@ -55,7 +55,7 @@ dependencies:
55
55
  version: '3.1'
56
56
  type: :runtime
57
57
  prerelease: false
58
- version_requirements: *70295029861220
58
+ version_requirements: *2157809420
59
59
  description: Flexible authentication solution for Rails with Warden
60
60
  email: contact@plataformatec.com.br
61
61
  executables: []
@@ -279,21 +279,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
279
279
  - - ! '>='
280
280
  - !ruby/object:Gem::Version
281
281
  version: '0'
282
- segments:
283
- - 0
284
- hash: 2729560930850104924
285
282
  required_rubygems_version: !ruby/object:Gem::Requirement
286
283
  none: false
287
284
  requirements:
288
285
  - - ! '>='
289
286
  - !ruby/object:Gem::Version
290
287
  version: '0'
291
- segments:
292
- - 0
293
- hash: 2729560930850104924
294
288
  requirements: []
295
289
  rubyforge_project: devise
296
- rubygems_version: 1.8.11
290
+ rubygems_version: 1.8.15
297
291
  signing_key:
298
292
  specification_version: 3
299
293
  summary: Flexible authentication solution for Rails with Warden
@@ -405,3 +399,4 @@ test_files:
405
399
  - test/support/webrat/integrations/rails.rb
406
400
  - test/test_helper.rb
407
401
  - test/test_helpers_test.rb
402
+ has_rdoc: