devise 2.1.2 → 3.5.10
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.travis.yml +39 -10
- data/.yardopts +9 -0
- data/{CHANGELOG.rdoc → CHANGELOG.md} +445 -112
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +16 -0
- data/Gemfile +10 -15
- data/Gemfile.lock +151 -129
- data/MIT-LICENSE +1 -1
- data/README.md +256 -96
- data/Rakefile +4 -2
- data/app/controllers/devise/confirmations_controller.rb +15 -7
- data/app/controllers/devise/omniauth_callbacks_controller.rb +6 -2
- data/app/controllers/devise/passwords_controller.rb +33 -9
- data/app/controllers/devise/registrations_controller.rb +66 -26
- data/app/controllers/devise/sessions_controller.rb +52 -21
- data/app/controllers/devise/unlocks_controller.rb +11 -6
- data/app/controllers/devise_controller.rb +65 -58
- data/app/helpers/devise_helper.rb +2 -2
- data/app/mailers/devise/mailer.rb +19 -10
- data/app/views/devise/confirmations/new.html.erb +8 -4
- data/app/views/devise/mailer/confirmation_instructions.html.erb +2 -2
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +2 -2
- data/app/views/devise/mailer/unlock_instructions.html.erb +2 -2
- data/app/views/devise/passwords/edit.html.erb +15 -6
- data/app/views/devise/passwords/new.html.erb +8 -4
- data/app/views/devise/registrations/edit.html.erb +29 -15
- data/app/views/devise/registrations/new.html.erb +19 -8
- data/app/views/devise/sessions/new.html.erb +17 -8
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +4 -4
- data/app/views/devise/unlocks/new.html.erb +8 -4
- data/config/locales/en.yml +51 -47
- data/devise.gemspec +8 -6
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-3.2-stable +29 -0
- data/gemfiles/Gemfile.rails-3.2-stable.lock +172 -0
- data/gemfiles/Gemfile.rails-4.0-stable +30 -0
- data/gemfiles/Gemfile.rails-4.0-stable.lock +166 -0
- data/gemfiles/Gemfile.rails-4.1-stable +30 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
- data/gemfiles/Gemfile.rails-4.2-stable +30 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +193 -0
- data/lib/devise/controllers/helpers.rb +126 -108
- data/lib/devise/controllers/rememberable.rb +19 -17
- data/lib/devise/controllers/scoped_views.rb +1 -1
- data/lib/devise/controllers/sign_in_out.rb +96 -0
- data/lib/devise/controllers/store_location.rb +58 -0
- data/lib/devise/controllers/url_helpers.rb +7 -7
- data/lib/devise/encryptor.rb +22 -0
- data/lib/devise/failure_app.rb +85 -25
- data/lib/devise/hooks/activatable.rb +5 -6
- data/lib/devise/hooks/csrf_cleaner.rb +7 -0
- data/lib/devise/hooks/forgetable.rb +1 -1
- data/lib/devise/hooks/lockable.rb +2 -2
- data/lib/devise/hooks/proxy.rb +21 -0
- data/lib/devise/hooks/rememberable.rb +5 -4
- data/lib/devise/hooks/timeoutable.rb +16 -8
- data/lib/devise/hooks/trackable.rb +1 -1
- data/lib/devise/mailers/helpers.rb +27 -23
- data/lib/devise/mapping.rb +11 -7
- data/lib/devise/models/authenticatable.rb +82 -66
- data/lib/devise/models/confirmable.rb +142 -55
- data/lib/devise/models/database_authenticatable.rb +59 -15
- data/lib/devise/models/lockable.rb +41 -30
- data/lib/devise/models/omniauthable.rb +3 -3
- data/lib/devise/models/recoverable.rb +56 -41
- data/lib/devise/models/rememberable.rb +65 -27
- data/lib/devise/models/timeoutable.rb +2 -8
- data/lib/devise/models/trackable.rb +6 -4
- data/lib/devise/models/validatable.rb +9 -9
- data/lib/devise/models.rb +4 -13
- data/lib/devise/modules.rb +10 -11
- data/lib/devise/omniauth/url_helpers.rb +2 -2
- data/lib/devise/orm/active_record.rb +1 -1
- data/lib/devise/orm/mongoid.rb +1 -1
- data/lib/devise/{param_filter.rb → parameter_filter.rb} +10 -11
- data/lib/devise/parameter_sanitizer.rb +99 -0
- data/lib/devise/rails/routes.rb +173 -115
- data/lib/devise/rails/warden_compat.rb +10 -31
- data/lib/devise/rails.rb +14 -12
- data/lib/devise/strategies/authenticatable.rb +26 -26
- data/lib/devise/strategies/base.rb +1 -1
- data/lib/devise/strategies/database_authenticatable.rb +8 -4
- data/lib/devise/strategies/rememberable.rb +15 -5
- data/lib/devise/test_helpers.rb +7 -5
- data/lib/devise/time_inflector.rb +14 -0
- data/lib/devise/token_generator.rb +70 -0
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +110 -52
- data/lib/generators/active_record/devise_generator.rb +34 -18
- data/lib/generators/active_record/templates/migration.rb +5 -6
- data/lib/generators/active_record/templates/migration_existing.rb +5 -6
- data/lib/generators/devise/controllers_generator.rb +44 -0
- data/lib/generators/devise/devise_generator.rb +5 -3
- data/lib/generators/devise/install_generator.rb +5 -0
- data/lib/generators/devise/orm_helpers.rb +25 -6
- data/lib/generators/devise/views_generator.rb +52 -22
- data/lib/generators/mongoid/devise_generator.rb +21 -26
- data/lib/generators/templates/README +9 -5
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +28 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +28 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +32 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +60 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +25 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +28 -0
- data/lib/generators/templates/devise.rb +80 -43
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +2 -2
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +2 -2
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +3 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +11 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +3 -2
- data/script/cached-bundle +49 -0
- data/script/s3-put +71 -0
- data/test/controllers/custom_registrations_controller_test.rb +40 -0
- data/test/controllers/helper_methods_test.rb +21 -0
- data/test/controllers/helpers_test.rb +95 -32
- data/test/controllers/inherited_controller_i18n_messages_test.rb +51 -0
- data/test/controllers/internal_helpers_test.rb +39 -14
- data/test/controllers/load_hooks_controller_test.rb +19 -0
- data/test/controllers/passwords_controller_test.rb +31 -0
- data/test/controllers/sessions_controller_test.rb +66 -6
- data/test/controllers/url_helpers_test.rb +10 -4
- data/test/delegator_test.rb +1 -1
- data/test/devise_test.rb +45 -10
- data/test/failure_app_test.rb +121 -27
- data/test/generators/active_record_generator_test.rb +48 -8
- data/test/generators/controllers_generator_test.rb +48 -0
- data/test/generators/devise_generator_test.rb +2 -2
- data/test/generators/mongoid_generator_test.rb +3 -3
- data/test/generators/views_generator_test.rb +54 -3
- data/test/helpers/devise_helper_test.rb +18 -20
- data/test/integration/authenticatable_test.rb +161 -65
- data/test/integration/confirmable_test.rb +146 -77
- data/test/integration/database_authenticatable_test.rb +43 -30
- data/test/integration/http_authenticatable_test.rb +30 -22
- data/test/integration/lockable_test.rb +64 -49
- data/test/integration/omniauthable_test.rb +17 -15
- data/test/integration/recoverable_test.rb +111 -70
- data/test/integration/registerable_test.rb +114 -79
- data/test/integration/rememberable_test.rb +87 -31
- data/test/integration/timeoutable_test.rb +77 -33
- data/test/integration/trackable_test.rb +5 -5
- data/test/mailers/confirmation_instructions_test.rb +28 -8
- data/test/mailers/reset_password_instructions_test.rb +21 -8
- data/test/mailers/unlock_instructions_test.rb +20 -6
- data/test/mapping_test.rb +12 -5
- data/test/models/authenticatable_test.rb +17 -1
- data/test/models/confirmable_test.rb +216 -62
- data/test/models/database_authenticatable_test.rb +129 -49
- data/test/models/lockable_test.rb +132 -45
- data/test/models/recoverable_test.rb +100 -54
- data/test/models/rememberable_test.rb +89 -94
- data/test/models/serializable_test.rb +12 -11
- data/test/models/timeoutable_test.rb +6 -1
- data/test/models/trackable_test.rb +28 -0
- data/test/models/validatable_test.rb +31 -21
- data/test/models_test.rb +22 -48
- data/test/omniauth/config_test.rb +4 -4
- data/test/omniauth/url_helpers_test.rb +7 -4
- data/test/orm/active_record.rb +1 -0
- data/test/orm/mongoid.rb +2 -3
- data/test/parameter_sanitizer_test.rb +81 -0
- data/test/rails_app/Rakefile +0 -4
- data/test/rails_app/app/active_record/shim.rb +1 -1
- data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +1 -1
- data/test/rails_app/app/controllers/admins_controller.rb +0 -5
- data/test/rails_app/app/controllers/application_controller.rb +6 -2
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +31 -0
- data/test/rails_app/app/controllers/home_controller.rb +1 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +1 -1
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +1 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +4 -4
- data/test/rails_app/app/controllers/users_controller.rb +12 -4
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +3 -0
- data/test/rails_app/app/mailers/users/mailer.rb +1 -1
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +4 -0
- data/test/rails_app/app/mongoid/admin.rb +12 -10
- data/test/rails_app/app/mongoid/shim.rb +4 -5
- data/test/rails_app/app/mongoid/user.rb +19 -22
- data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/home/index.html.erb +1 -1
- data/test/rails_app/app/views/home/join.html.erb +1 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
- data/test/rails_app/bin/bundle +3 -0
- data/test/rails_app/bin/rails +4 -0
- data/test/rails_app/bin/rake +4 -0
- data/test/rails_app/config/application.rb +4 -5
- data/test/rails_app/config/boot.rb +9 -3
- data/test/rails_app/config/environment.rb +2 -2
- data/test/rails_app/config/environments/development.rb +19 -7
- data/test/rails_app/config/environments/production.rb +68 -17
- data/test/rails_app/config/environments/test.rb +24 -16
- data/test/rails_app/config/initializers/devise.rb +22 -20
- data/test/rails_app/config/initializers/secret_token.rb +8 -2
- data/test/rails_app/config/initializers/session_store.rb +1 -0
- data/test/rails_app/config/routes.rb +71 -46
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +9 -12
- data/test/rails_app/db/schema.rb +21 -18
- data/test/rails_app/lib/shared_admin.rb +7 -4
- data/test/rails_app/lib/shared_user.rb +6 -3
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
- data/test/rails_test.rb +9 -0
- data/test/routes_test.rb +94 -78
- data/test/support/action_controller/record_identifier.rb +10 -0
- data/test/support/assertions.rb +2 -3
- data/test/support/helpers.rb +18 -32
- data/test/support/integration.rb +17 -16
- data/test/support/locale/en.yml +4 -0
- data/test/support/mongoid.yml +6 -0
- data/test/test_helper.rb +8 -1
- data/test/test_helpers_test.rb +64 -20
- data/test/test_models.rb +33 -0
- data/test/time_helpers.rb +137 -0
- metadata +172 -51
- data/app/views/devise/_links.erb +0 -3
- data/gemfiles/Gemfile.rails-3.1.x +0 -35
- data/gemfiles/Gemfile.rails-3.1.x.lock +0 -167
- data/lib/devise/models/token_authenticatable.rb +0 -77
- data/lib/devise/strategies/token_authenticatable.rb +0 -56
- data/test/indifferent_hash.rb +0 -33
- data/test/integration/token_authenticatable_test.rb +0 -161
- data/test/models/token_authenticatable_test.rb +0 -55
- data/test/rails_app/script/rails +0 -10
@@ -2,18 +2,18 @@
|
|
2
2
|
|
3
3
|
Some setup you must do manually if you haven't yet:
|
4
4
|
|
5
|
-
1. Ensure you have defined default url options in your environments files. Here
|
6
|
-
is an example of default_url_options appropriate for a development environment
|
5
|
+
1. Ensure you have defined default url options in your environments files. Here
|
6
|
+
is an example of default_url_options appropriate for a development environment
|
7
7
|
in config/environments/development.rb:
|
8
8
|
|
9
|
-
config.action_mailer.default_url_options = { :
|
9
|
+
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
|
10
10
|
|
11
11
|
In production, :host should be set to the actual host of your application.
|
12
12
|
|
13
13
|
2. Ensure you have defined root_url to *something* in your config/routes.rb.
|
14
14
|
For example:
|
15
15
|
|
16
|
-
root :
|
16
|
+
root to: "home#index"
|
17
17
|
|
18
18
|
3. Ensure you have flash messages in app/views/layouts/application.html.erb.
|
19
19
|
For example:
|
@@ -21,11 +21,15 @@ Some setup you must do manually if you haven't yet:
|
|
21
21
|
<p class="notice"><%= notice %></p>
|
22
22
|
<p class="alert"><%= alert %></p>
|
23
23
|
|
24
|
-
4. If you are deploying Rails 3.
|
24
|
+
4. If you are deploying on Heroku with Rails 3.2 only, you may want to set:
|
25
25
|
|
26
26
|
config.assets.initialize_on_precompile = false
|
27
27
|
|
28
28
|
On config/application.rb forcing your application to not access the DB
|
29
29
|
or load models when precompiling your assets.
|
30
30
|
|
31
|
+
5. You can copy Devise views (for customization) to your app by running:
|
32
|
+
|
33
|
+
rails g devise:views
|
34
|
+
|
31
35
|
===============================================================================
|
@@ -0,0 +1,14 @@
|
|
1
|
+
===============================================================================
|
2
|
+
|
3
|
+
Some setup you must do manually if you haven't yet:
|
4
|
+
|
5
|
+
Ensure you have overridden routes for generated controllers in your routes.rb.
|
6
|
+
For example:
|
7
|
+
|
8
|
+
Rails.application.routes.draw do
|
9
|
+
devise_for :users, controllers: {
|
10
|
+
sessions: 'users/sessions'
|
11
|
+
}
|
12
|
+
end
|
13
|
+
|
14
|
+
===============================================================================
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController
|
2
|
+
# GET /resource/confirmation/new
|
3
|
+
# def new
|
4
|
+
# super
|
5
|
+
# end
|
6
|
+
|
7
|
+
# POST /resource/confirmation
|
8
|
+
# def create
|
9
|
+
# super
|
10
|
+
# end
|
11
|
+
|
12
|
+
# GET /resource/confirmation?confirmation_token=abcdef
|
13
|
+
# def show
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# protected
|
18
|
+
|
19
|
+
# The path used after resending confirmation instructions.
|
20
|
+
# def after_resending_confirmation_instructions_path_for(resource_name)
|
21
|
+
# super(resource_name)
|
22
|
+
# end
|
23
|
+
|
24
|
+
# The path used after confirmation.
|
25
|
+
# def after_confirmation_path_for(resource_name, resource)
|
26
|
+
# super(resource_name, resource)
|
27
|
+
# end
|
28
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
2
|
+
# You should configure your model like this:
|
3
|
+
# devise :omniauthable, omniauth_providers: [:twitter]
|
4
|
+
|
5
|
+
# You should also create an action method in this controller like this:
|
6
|
+
# def twitter
|
7
|
+
# end
|
8
|
+
|
9
|
+
# More info at:
|
10
|
+
# https://github.com/plataformatec/devise#omniauth
|
11
|
+
|
12
|
+
# GET|POST /resource/auth/twitter
|
13
|
+
# def passthru
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# GET|POST /users/auth/twitter/callback
|
18
|
+
# def failure
|
19
|
+
# super
|
20
|
+
# end
|
21
|
+
|
22
|
+
# protected
|
23
|
+
|
24
|
+
# The path used when OmniAuth fails
|
25
|
+
# def after_omniauth_failure_path_for(scope)
|
26
|
+
# super(scope)
|
27
|
+
# end
|
28
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController
|
2
|
+
# GET /resource/password/new
|
3
|
+
# def new
|
4
|
+
# super
|
5
|
+
# end
|
6
|
+
|
7
|
+
# POST /resource/password
|
8
|
+
# def create
|
9
|
+
# super
|
10
|
+
# end
|
11
|
+
|
12
|
+
# GET /resource/password/edit?reset_password_token=abcdef
|
13
|
+
# def edit
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# PUT /resource/password
|
18
|
+
# def update
|
19
|
+
# super
|
20
|
+
# end
|
21
|
+
|
22
|
+
# protected
|
23
|
+
|
24
|
+
# def after_resetting_password_path_for(resource)
|
25
|
+
# super(resource)
|
26
|
+
# end
|
27
|
+
|
28
|
+
# The path used after sending reset password instructions
|
29
|
+
# def after_sending_reset_password_instructions_path_for(resource_name)
|
30
|
+
# super(resource_name)
|
31
|
+
# end
|
32
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
|
2
|
+
# before_filter :configure_sign_up_params, only: [:create]
|
3
|
+
# before_filter :configure_account_update_params, only: [:update]
|
4
|
+
|
5
|
+
# GET /resource/sign_up
|
6
|
+
# def new
|
7
|
+
# super
|
8
|
+
# end
|
9
|
+
|
10
|
+
# POST /resource
|
11
|
+
# def create
|
12
|
+
# super
|
13
|
+
# end
|
14
|
+
|
15
|
+
# GET /resource/edit
|
16
|
+
# def edit
|
17
|
+
# super
|
18
|
+
# end
|
19
|
+
|
20
|
+
# PUT /resource
|
21
|
+
# def update
|
22
|
+
# super
|
23
|
+
# end
|
24
|
+
|
25
|
+
# DELETE /resource
|
26
|
+
# def destroy
|
27
|
+
# super
|
28
|
+
# end
|
29
|
+
|
30
|
+
# GET /resource/cancel
|
31
|
+
# Forces the session data which is usually expired after sign
|
32
|
+
# in to be expired now. This is useful if the user wants to
|
33
|
+
# cancel oauth signing in/up in the middle of the process,
|
34
|
+
# removing all OAuth session data.
|
35
|
+
# def cancel
|
36
|
+
# super
|
37
|
+
# end
|
38
|
+
|
39
|
+
# protected
|
40
|
+
|
41
|
+
# If you have extra params to permit, append them to the sanitizer.
|
42
|
+
# def configure_sign_up_params
|
43
|
+
# devise_parameter_sanitizer.for(:sign_up) << :attribute
|
44
|
+
# end
|
45
|
+
|
46
|
+
# If you have extra params to permit, append them to the sanitizer.
|
47
|
+
# def configure_account_update_params
|
48
|
+
# devise_parameter_sanitizer.for(:account_update) << :attribute
|
49
|
+
# end
|
50
|
+
|
51
|
+
# The path used after sign up.
|
52
|
+
# def after_sign_up_path_for(resource)
|
53
|
+
# super(resource)
|
54
|
+
# end
|
55
|
+
|
56
|
+
# The path used after sign up for inactive accounts.
|
57
|
+
# def after_inactive_sign_up_path_for(resource)
|
58
|
+
# super(resource)
|
59
|
+
# end
|
60
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
class <%= @scope_prefix %>SessionsController < Devise::SessionsController
|
2
|
+
# before_filter :configure_sign_in_params, only: [:create]
|
3
|
+
|
4
|
+
# GET /resource/sign_in
|
5
|
+
# def new
|
6
|
+
# super
|
7
|
+
# end
|
8
|
+
|
9
|
+
# POST /resource/sign_in
|
10
|
+
# def create
|
11
|
+
# super
|
12
|
+
# end
|
13
|
+
|
14
|
+
# DELETE /resource/sign_out
|
15
|
+
# def destroy
|
16
|
+
# super
|
17
|
+
# end
|
18
|
+
|
19
|
+
# protected
|
20
|
+
|
21
|
+
# If you have extra params to permit, append them to the sanitizer.
|
22
|
+
# def configure_sign_in_params
|
23
|
+
# devise_parameter_sanitizer.for(:sign_in) << :attribute
|
24
|
+
# end
|
25
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController
|
2
|
+
# GET /resource/unlock/new
|
3
|
+
# def new
|
4
|
+
# super
|
5
|
+
# end
|
6
|
+
|
7
|
+
# POST /resource/unlock
|
8
|
+
# def create
|
9
|
+
# super
|
10
|
+
# end
|
11
|
+
|
12
|
+
# GET /resource/unlock?unlock_token=abcdef
|
13
|
+
# def show
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# protected
|
18
|
+
|
19
|
+
# The path used after sending unlock password instructions
|
20
|
+
# def after_sending_unlock_instructions_path_for(resource)
|
21
|
+
# super(resource)
|
22
|
+
# end
|
23
|
+
|
24
|
+
# The path used after unlocking the resource
|
25
|
+
# def after_unlock_path_for(resource)
|
26
|
+
# super(resource)
|
27
|
+
# end
|
28
|
+
end
|
@@ -1,13 +1,25 @@
|
|
1
1
|
# Use this hook to configure devise mailer, warden hooks and so forth.
|
2
2
|
# Many of these configuration options can be set straight in your model.
|
3
3
|
Devise.setup do |config|
|
4
|
+
# The secret key used by Devise. Devise uses this key to generate
|
5
|
+
# random tokens. Changing this key will render invalid all existing
|
6
|
+
# confirmation, reset password and unlock tokens in the database.
|
7
|
+
# Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
|
8
|
+
# by default. You can change it below and use your own secret key.
|
9
|
+
<% if rails_4? -%>
|
10
|
+
# config.secret_key = '<%= SecureRandom.hex(64) %>'
|
11
|
+
<% else -%>
|
12
|
+
config.secret_key = '<%= SecureRandom.hex(64) %>'
|
13
|
+
<% end -%>
|
14
|
+
|
4
15
|
# ==> Mailer Configuration
|
5
16
|
# Configure the e-mail address which will be shown in Devise::Mailer,
|
6
|
-
# note that it will be overwritten if you use your own mailer class
|
7
|
-
|
17
|
+
# note that it will be overwritten if you use your own mailer class
|
18
|
+
# with default "from" parameter.
|
19
|
+
config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
|
8
20
|
|
9
21
|
# Configure the class responsible to send e-mails.
|
10
|
-
# config.mailer =
|
22
|
+
# config.mailer = 'Devise::Mailer'
|
11
23
|
|
12
24
|
# ==> ORM configuration
|
13
25
|
# Load and configure the ORM. Supports :active_record (default) and
|
@@ -23,7 +35,7 @@ Devise.setup do |config|
|
|
23
35
|
# session. If you need permissions, you should implement that in a before filter.
|
24
36
|
# You can also supply a hash where the value is a boolean determining whether
|
25
37
|
# or not authentication should be aborted when the value is not present.
|
26
|
-
# config.authentication_keys = [
|
38
|
+
# config.authentication_keys = [:email]
|
27
39
|
|
28
40
|
# Configure parameters from the request object used for authentication. Each entry
|
29
41
|
# given should be a request method and it will automatically be passed to the
|
@@ -35,12 +47,12 @@ Devise.setup do |config|
|
|
35
47
|
# Configure which authentication keys should be case-insensitive.
|
36
48
|
# These keys will be downcased upon creating or modifying a user and when used
|
37
49
|
# to authenticate or find a user. Default is :email.
|
38
|
-
config.case_insensitive_keys = [
|
50
|
+
config.case_insensitive_keys = [:email]
|
39
51
|
|
40
52
|
# Configure which authentication keys should have whitespace stripped.
|
41
53
|
# These keys will have whitespace before and after removed upon creating or
|
42
54
|
# modifying a user and when used to authenticate or find a user. Default is :email.
|
43
|
-
config.strip_whitespace_keys = [
|
55
|
+
config.strip_whitespace_keys = [:email]
|
44
56
|
|
45
57
|
# Tell if authentication through request.params is enabled. True by default.
|
46
58
|
# It can be set to an array that will enable params authentication only for the
|
@@ -48,17 +60,18 @@ Devise.setup do |config|
|
|
48
60
|
# enable it only for database (email + password) authentication.
|
49
61
|
# config.params_authenticatable = true
|
50
62
|
|
51
|
-
# Tell if authentication through HTTP
|
63
|
+
# Tell if authentication through HTTP Auth is enabled. False by default.
|
52
64
|
# It can be set to an array that will enable http authentication only for the
|
53
|
-
# given strategies, for example, `config.http_authenticatable = [:
|
54
|
-
# enable it only for
|
65
|
+
# given strategies, for example, `config.http_authenticatable = [:database]` will
|
66
|
+
# enable it only for database authentication. The supported strategies are:
|
67
|
+
# :database = Support basic authentication with authentication key + password
|
55
68
|
# config.http_authenticatable = false
|
56
69
|
|
57
|
-
# If
|
70
|
+
# If 401 status code should be returned for AJAX requests. True by default.
|
58
71
|
# config.http_authenticatable_on_xhr = true
|
59
72
|
|
60
|
-
# The realm used in Http Basic Authentication.
|
61
|
-
# config.http_authentication_realm =
|
73
|
+
# The realm used in Http Basic Authentication. 'Application' by default.
|
74
|
+
# config.http_authentication_realm = 'Application'
|
62
75
|
|
63
76
|
# It will change confirmation, password recovery and other workflows
|
64
77
|
# to behave the same regardless if the e-mail provided was right or wrong.
|
@@ -66,58 +79,80 @@ Devise.setup do |config|
|
|
66
79
|
# config.paranoid = true
|
67
80
|
|
68
81
|
# By default Devise will store the user in session. You can skip storage for
|
69
|
-
#
|
82
|
+
# particular strategies by setting this option.
|
70
83
|
# Notice that if you are skipping storage for all authentication paths, you
|
71
84
|
# may want to disable generating routes to Devise's sessions controller by
|
72
|
-
# passing :
|
85
|
+
# passing skip: :sessions to `devise_for` in your config/routes.rb
|
73
86
|
config.skip_session_storage = [:http_auth]
|
74
87
|
|
88
|
+
# By default, Devise cleans up the CSRF token on authentication to
|
89
|
+
# avoid CSRF token fixation attacks. This means that, when using AJAX
|
90
|
+
# requests for sign in and sign up, you need to get a new CSRF token
|
91
|
+
# from the server. You can disable this option at your own risk.
|
92
|
+
# config.clean_up_csrf_token_on_authentication = true
|
93
|
+
|
75
94
|
# ==> Configuration for :database_authenticatable
|
76
95
|
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
|
77
96
|
# using other encryptors, it sets how many times you want the password re-encrypted.
|
78
97
|
#
|
79
98
|
# Limiting the stretches to just one in testing will increase the performance of
|
80
99
|
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
|
81
|
-
# a value less than 10 in other environments.
|
100
|
+
# a value less than 10 in other environments. Note that, for bcrypt (the default
|
101
|
+
# encryptor), the cost increases exponentially with the number of stretches (e.g.
|
102
|
+
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
|
82
103
|
config.stretches = Rails.env.test? ? 1 : 10
|
83
104
|
|
84
105
|
# Setup a pepper to generate the encrypted password.
|
85
|
-
# config.pepper = <%= SecureRandom.hex(64)
|
106
|
+
# config.pepper = '<%= SecureRandom.hex(64) %>'
|
107
|
+
|
108
|
+
# Send a notification email when the user's password is changed
|
109
|
+
# config.send_password_change_notification = false
|
86
110
|
|
87
111
|
# ==> Configuration for :confirmable
|
88
112
|
# A period that the user is allowed to access the website even without
|
89
|
-
# confirming
|
90
|
-
# able to access the website for two days without confirming
|
113
|
+
# confirming their account. For instance, if set to 2.days, the user will be
|
114
|
+
# able to access the website for two days without confirming their account,
|
91
115
|
# access will be blocked just in the third day. Default is 0.days, meaning
|
92
|
-
# the user cannot access the website without confirming
|
116
|
+
# the user cannot access the website without confirming their account.
|
93
117
|
# config.allow_unconfirmed_access_for = 2.days
|
94
118
|
|
119
|
+
# A period that the user is allowed to confirm their account before their
|
120
|
+
# token becomes invalid. For example, if set to 3.days, the user can confirm
|
121
|
+
# their account within 3 days after the mail was sent, but on the fourth day
|
122
|
+
# their account can't be confirmed with the token any more.
|
123
|
+
# Default is nil, meaning there is no restriction on how long a user can take
|
124
|
+
# before confirming their account.
|
125
|
+
# config.confirm_within = 3.days
|
126
|
+
|
95
127
|
# If true, requires any email changes to be confirmed (exactly the same way as
|
96
128
|
# initial account confirmation) to be applied. Requires additional unconfirmed_email
|
97
|
-
# db field (see migrations). Until confirmed new email is stored in
|
98
|
-
#
|
129
|
+
# db field (see migrations). Until confirmed, new email is stored in
|
130
|
+
# unconfirmed_email column, and copied to email column on successful confirmation.
|
99
131
|
config.reconfirmable = true
|
100
132
|
|
101
133
|
# Defines which key will be used when confirming an account
|
102
|
-
# config.confirmation_keys = [
|
134
|
+
# config.confirmation_keys = [:email]
|
103
135
|
|
104
136
|
# ==> Configuration for :rememberable
|
105
137
|
# The time the user will be remembered without asking for credentials again.
|
106
138
|
# config.remember_for = 2.weeks
|
107
139
|
|
140
|
+
# Invalidates all the remember me tokens when the user signs out.
|
141
|
+
config.expire_all_remember_me_on_sign_out = true
|
142
|
+
|
108
143
|
# If true, extends the user's remember period when remembered via cookie.
|
109
144
|
# config.extend_remember_period = false
|
110
145
|
|
111
146
|
# Options to be passed to the created cookie. For instance, you can set
|
112
|
-
# :
|
147
|
+
# secure: true in order to force SSL only cookies.
|
113
148
|
# config.rememberable_options = {}
|
114
149
|
|
115
150
|
# ==> Configuration for :validatable
|
116
|
-
# Range for password length.
|
117
|
-
|
151
|
+
# Range for password length.
|
152
|
+
config.password_length = 8..72
|
118
153
|
|
119
154
|
# Email regex used to validate email formats. It simply asserts that
|
120
|
-
#
|
155
|
+
# one (and only one) @ exists in the given string. This is mainly
|
121
156
|
# to give user feedback and not to assert the e-mail validity.
|
122
157
|
# config.email_regexp = /\A[^@]+@[^@]+\z/
|
123
158
|
|
@@ -125,9 +160,6 @@ Devise.setup do |config|
|
|
125
160
|
# The time you want to timeout the user session without activity. After this
|
126
161
|
# time the user will be asked for credentials again. Default is 30 minutes.
|
127
162
|
# config.timeout_in = 30.minutes
|
128
|
-
|
129
|
-
# If true, expires auth token on session timeout.
|
130
|
-
# config.expire_auth_token_on_timeout = false
|
131
163
|
|
132
164
|
# ==> Configuration for :lockable
|
133
165
|
# Defines which strategy will be used to lock an account.
|
@@ -136,7 +168,7 @@ Devise.setup do |config|
|
|
136
168
|
# config.lock_strategy = :failed_attempts
|
137
169
|
|
138
170
|
# Defines which key will be used when locking and unlocking an account
|
139
|
-
# config.unlock_keys = [
|
171
|
+
# config.unlock_keys = [:email]
|
140
172
|
|
141
173
|
# Defines which strategy will be used to unlock an account.
|
142
174
|
# :email = Sends an unlock link to the user email
|
@@ -152,28 +184,33 @@ Devise.setup do |config|
|
|
152
184
|
# Time interval to unlock the account if :time is enabled as unlock_strategy.
|
153
185
|
# config.unlock_in = 1.hour
|
154
186
|
|
187
|
+
# Warn on the last attempt before the account is locked.
|
188
|
+
# config.last_attempt_warning = true
|
189
|
+
|
155
190
|
# ==> Configuration for :recoverable
|
156
191
|
#
|
157
192
|
# Defines which key will be used when recovering the password for an account
|
158
|
-
# config.reset_password_keys = [
|
193
|
+
# config.reset_password_keys = [:email]
|
159
194
|
|
160
195
|
# Time interval you can reset your password with a reset password key.
|
161
196
|
# Don't put a too small interval or your users won't have the time to
|
162
197
|
# change their passwords.
|
163
198
|
config.reset_password_within = 6.hours
|
164
199
|
|
200
|
+
# When set to false, does not sign a user in automatically after their password is
|
201
|
+
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
202
|
+
# config.sign_in_after_reset_password = true
|
203
|
+
|
165
204
|
# ==> Configuration for :encryptable
|
166
205
|
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
|
167
206
|
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
|
168
207
|
# :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
|
169
208
|
# and :restful_authentication_sha1 (then you should set stretches to 10, and copy
|
170
|
-
# REST_AUTH_SITE_KEY to pepper)
|
209
|
+
# REST_AUTH_SITE_KEY to pepper).
|
210
|
+
#
|
211
|
+
# Require the `devise-encryptable` gem when using anything other than bcrypt
|
171
212
|
# config.encryptor = :sha512
|
172
213
|
|
173
|
-
# ==> Configuration for :token_authenticatable
|
174
|
-
# Defines name of the authentication token params key
|
175
|
-
# config.token_authentication_key = :auth_token
|
176
|
-
|
177
214
|
# ==> Scopes configuration
|
178
215
|
# Turn scoped views on. Before rendering "sessions/new", it will first check for
|
179
216
|
# "users/sessions/new". It's turned off by default because it's slower if you
|
@@ -197,7 +234,7 @@ Devise.setup do |config|
|
|
197
234
|
# should add them to the navigational formats lists.
|
198
235
|
#
|
199
236
|
# The "*/*" below is required to match Internet Explorer requests.
|
200
|
-
# config.navigational_formats = [
|
237
|
+
# config.navigational_formats = ['*/*', :html]
|
201
238
|
|
202
239
|
# The default HTTP method used to sign out a resource. Default is :delete.
|
203
240
|
config.sign_out_via = :delete
|
@@ -205,7 +242,7 @@ Devise.setup do |config|
|
|
205
242
|
# ==> OmniAuth
|
206
243
|
# Add a new OmniAuth provider. Check the wiki for more information on setting
|
207
244
|
# up on your models and hooks.
|
208
|
-
# config.omniauth :github, 'APP_ID', 'APP_SECRET', :
|
245
|
+
# config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
|
209
246
|
|
210
247
|
# ==> Warden configuration
|
211
248
|
# If you want to use other strategies, that are not supported by Devise, or
|
@@ -213,7 +250,7 @@ Devise.setup do |config|
|
|
213
250
|
#
|
214
251
|
# config.warden do |manager|
|
215
252
|
# manager.intercept_401 = false
|
216
|
-
# manager.default_strategies(:
|
253
|
+
# manager.default_strategies(scope: :user).unshift :some_external_strategy
|
217
254
|
# end
|
218
255
|
|
219
256
|
# ==> Mountable engine configurations
|
@@ -221,12 +258,12 @@ Devise.setup do |config|
|
|
221
258
|
# is mountable, there are some extra configurations to be taken into account.
|
222
259
|
# The following options are available, assuming the engine is mounted as:
|
223
260
|
#
|
224
|
-
# mount MyEngine, at:
|
261
|
+
# mount MyEngine, at: '/my_engine'
|
225
262
|
#
|
226
263
|
# The router that invoked `devise_for`, in the example above, would be:
|
227
264
|
# config.router_name = :my_engine
|
228
265
|
#
|
229
|
-
# When using
|
266
|
+
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
|
230
267
|
# so you need to do it manually. For the users scope, it would be:
|
231
|
-
# config.omniauth_path_prefix =
|
232
|
-
end
|
268
|
+
# config.omniauth_path_prefix = '/my_engine/users/auth'
|
269
|
+
end
|