devise 2.1.2 → 3.5.10

data/app/views/devise/_links.erb

@@ -1,3 +0,0 @@
-<% ActiveSupport::Deprecation.warn "Rendering partials devise/_links.erb is deprecated" \
-  "please use devise/shared/_links.erb instead."%>
-<%= render "shared/links" %>

data/gemfiles/Gemfile.rails-3.1.x

@@ -1,35 +0,0 @@
-source "http://rubygems.org"
-
-gem "devise", :path => ".."
-
-gem "rails", "~> 3.1.0"
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
-gem "rdoc"
-
-group :test do
-  gem "omniauth-facebook"
-  gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.2", :require => false
-  gem "mocha", :require => false
-
-  platforms :mri_18 do
-    gem "ruby-debug", ">= 0.10.3"
-  end
-end
-
-platforms :jruby do
-  gem "activerecord-jdbc-adapter"
-  gem "activerecord-jdbcsqlite3-adapter"
-  gem "jruby-openssl"
-end
-
-platforms :ruby do
-  gem "sqlite3"
-
-  group :mongoid do
-    gem "mongo", "~> 1.3.0"
-    gem "mongoid", "~> 2.0"
-    gem "bson_ext", "~> 1.3.0"
-  end
-end

data/gemfiles/Gemfile.rails-3.1.x.lock

@@ -1,167 +0,0 @@
-PATH
-  remote: ..
-  specs:
-    devise (2.1.0.rc2)
-      bcrypt-ruby (~> 3.0)
-      orm_adapter (~> 0.0.7)
-      railties (~> 3.1)
-      warden (~> 1.1.1)
-
-GEM
-  remote: http://rubygems.org/
-  specs:
-    actionmailer (3.1.4)
-      actionpack (= 3.1.4)
-      mail (~> 2.3.0)
-    actionpack (3.1.4)
-      activemodel (= 3.1.4)
-      activesupport (= 3.1.4)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      i18n (~> 0.6)
-      rack (~> 1.3.6)
-      rack-cache (~> 1.1)
-      rack-mount (~> 0.8.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.0.3)
-    activemodel (3.1.4)
-      activesupport (= 3.1.4)
-      builder (~> 3.0.0)
-      i18n (~> 0.6)
-    activerecord (3.1.4)
-      activemodel (= 3.1.4)
-      activesupport (= 3.1.4)
-      arel (~> 2.2.3)
-      tzinfo (~> 0.3.29)
-    activeresource (3.1.4)
-      activemodel (= 3.1.4)
-      activesupport (= 3.1.4)
-    activesupport (3.1.4)
-      multi_json (~> 1.0)
-    addressable (2.2.7)
-    arel (2.2.3)
-    bcrypt-ruby (3.0.1)
-    bson (1.5.2)
-    bson_ext (1.3.1)
-    builder (3.0.0)
-    columnize (0.3.6)
-    erubis (2.7.0)
-    faraday (0.7.6)
-      addressable (~> 2.2)
-      multipart-post (~> 1.1)
-      rack (~> 1.1)
-    hashie (1.2.0)
-    hike (1.2.1)
-    i18n (0.6.0)
-    json (1.7.0)
-    linecache (0.46)
-      rbx-require-relative (> 0.0.4)
-    mail (2.3.3)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    metaclass (0.0.1)
-    mime-types (1.18)
-    mocha (0.10.4)
-      metaclass (~> 0.0.1)
-    mongo (1.3.1)
-      bson (>= 1.3.1)
-    mongoid (2.4.4)
-      activemodel (~> 3.1)
-      mongo (~> 1.3)
-      tzinfo (~> 0.3.22)
-    multi_json (1.3.4)
-    multipart-post (1.1.5)
-    nokogiri (1.5.0)
-    oauth2 (0.5.2)
-      faraday (~> 0.7)
-      multi_json (~> 1.0)
-    omniauth (1.0.2)
-      hashie (~> 1.2)
-      rack
-    omniauth-facebook (1.2.0)
-      omniauth-oauth2 (~> 1.0.0)
-    omniauth-oauth2 (1.0.0)
-      oauth2 (~> 0.5.0)
-      omniauth (~> 1.0)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    orm_adapter (0.0.7)
-    polyglot (0.3.3)
-    rack (1.3.6)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-mount (0.8.3)
-      rack (>= 1.0.0)
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-ssl (1.3.2)
-      rack
-    rack-test (0.6.1)
-      rack (>= 1.0)
-    rails (3.1.4)
-      actionmailer (= 3.1.4)
-      actionpack (= 3.1.4)
-      activerecord (= 3.1.4)
-      activeresource (= 3.1.4)
-      activesupport (= 3.1.4)
-      bundler (~> 1.0)
-      railties (= 3.1.4)
-    railties (3.1.4)
-      actionpack (= 3.1.4)
-      activesupport (= 3.1.4)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (~> 0.14.6)
-    rake (0.9.2.2)
-    rbx-require-relative (0.0.5)
-    rdoc (3.12)
-      json (~> 1.4)
-    ruby-debug (0.10.4)
-      columnize (>= 0.1)
-      ruby-debug-base (~> 0.10.4.0)
-    ruby-debug-base (0.10.4)
-      linecache (>= 0.3)
-    ruby-openid (2.1.8)
-    sprockets (2.0.4)
-      hike (~> 1.2)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.5)
-    thor (0.14.6)
-    tilt (1.3.3)
-    treetop (1.4.10)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.33)
-    warden (1.1.1)
-      rack (>= 1.0)
-    webrat (0.7.2)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activerecord-jdbc-adapter
-  activerecord-jdbcsqlite3-adapter
-  bson_ext (~> 1.3.0)
-  devise!
-  jruby-openssl
-  mocha
-  mongo (~> 1.3.0)
-  mongoid (~> 2.0)
-  omniauth (~> 1.0.0)
-  omniauth-facebook
-  omniauth-oauth2 (~> 1.0.0)
-  omniauth-openid (~> 1.0.1)
-  rails (~> 3.1.0)
-  rdoc
-  ruby-debug (>= 0.10.3)
-  sqlite3
-  webrat (= 0.7.2)

data/lib/devise/models/token_authenticatable.rb

@@ -1,77 +0,0 @@
-require 'devise/strategies/token_authenticatable'
-
-module Devise
-  module Models
-    # The TokenAuthenticatable module is responsible for generating an authentication token and
-    # validating the authenticity of the same while signing in.
-    #
-    # This module only provides a few helpers to help you manage the token, but it is up to you
-    # to choose how to use it. For example, if you want to have a new token every time the user
-    # saves his account, you can do the following:
-    #
-    #   before_save :reset_authentication_token
-    #
-    # On the other hand, if you want to generate token unless one exists, you should use instead:
-    #
-    #   before_save :ensure_authentication_token
-    #
-    # If you want to delete the token after it is used, you can do so in the
-    # after_token_authentication callback.
-    #
-    # == Options
-    #
-    # TokenAuthenticatable adds the following options to devise_for:
-    #
-    #   * +token_authentication_key+: Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...
-    #
-    module TokenAuthenticatable
-      extend ActiveSupport::Concern
-
-      def self.required_fields(klass)
-        [:authentication_token]
-      end
-
-      # Generate new authentication token (a.k.a. "single access token").
-      def reset_authentication_token
-        self.authentication_token = self.class.authentication_token
-      end
-
-      # Generate new authentication token and save the record.
-      def reset_authentication_token!
-        reset_authentication_token
-        save(:validate => false)
-      end
-
-      # Generate authentication token unless already exists.
-      def ensure_authentication_token
-        reset_authentication_token if authentication_token.blank?
-      end
-
-      # Generate authentication token unless already exists and save the record.
-      def ensure_authentication_token!
-        reset_authentication_token! if authentication_token.blank?
-      end
-
-      # Hook called after token authentication.
-      def after_token_authentication
-      end
-
-      def expire_auth_token_on_timeout
-        self.class.expire_auth_token_on_timeout
-      end
-
-      module ClassMethods
-        def find_for_token_authentication(conditions)
-          find_for_authentication(:authentication_token => conditions[token_authentication_key])
-        end
-
-        # Generate a token checking if one does not already exist in the database.
-        def authentication_token
-          generate_token(:authentication_token)
-        end
-
-        Devise::Models.config(self, :token_authentication_key, :expire_auth_token_on_timeout)
-      end
-    end
-  end
-end

data/lib/devise/strategies/token_authenticatable.rb

@@ -1,56 +0,0 @@
-require 'devise/strategies/base'
-
-module Devise
-  module Strategies
-    # Strategy for signing in a user, based on a authenticatable token. This works for both params
-    # and http. For the former, all you need to do is to pass the params in the URL:
-    #
-    #   http://myapp.example.com/?user_token=SECRET
-    #
-    # For HTTP, you can pass the token as username and blank password. Since some clients may require
-    # a password, you can pass "X" as password and it will simply be ignored.
-    class TokenAuthenticatable < Authenticatable
-      def store?
-        super && !mapping.to.skip_session_storage.include?(:token_auth)
-      end
-
-      def authenticate!
-        resource = mapping.to.find_for_token_authentication(authentication_hash)
-        return fail(:invalid_token) unless resource
-
-        if validate(resource)
-          resource.after_token_authentication
-          success!(resource)
-        end
-      end
-
-    private
-
-      # Token Authenticatable can be authenticated with params in any controller and any verb.
-      def valid_params_request?
-        true
-      end
-
-      # Do not use remember_me behavior with token.
-      def remember_me?
-        false
-      end
-
-      # Try both scoped and non scoped keys.
-      def params_auth_hash
-        if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first)
-          params[scope]
-        else
-          params
-        end
-      end
-
-      # Overwrite authentication keys to use token_authentication_key.
-      def authentication_keys
-        @authentication_keys ||= [mapping.to.token_authentication_key]
-      end
-    end
-  end
-end
-
-Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable)

data/test/indifferent_hash.rb

@@ -1,33 +0,0 @@
-require 'test_helper'
-
-class IndifferentHashTest < ActiveSupport::TestCase
-  setup do
-    @hash = Devise::IndifferentHash.new
-  end
-
-  test "it overwrites getter and setter" do
-    @hash[:foo] = "bar"
-    assert_equal "bar", @hash["foo"]
-    assert_equal "bar", @hash[:foo]
-
-    @hash["foo"] = "baz"
-    assert_equal "baz", @hash["foo"]
-    assert_equal "baz", @hash[:foo]
-  end
-
-  test "it overwrites update" do
-    @hash.update :foo => "bar"
-    assert_equal "bar", @hash["foo"]
-    assert_equal "bar", @hash[:foo]
-
-    @hash.update "foo" => "baz"
-    assert_equal "baz", @hash["foo"]
-    assert_equal "baz", @hash[:foo]
-  end
-
-  test "it returns a Hash on to_hash" do
-    @hash[:foo] = "bar"
-    assert_equal Hash["foo", "bar"], @hash.to_hash
-    assert_kind_of Hash, @hash.to_hash
-  end
-end if defined?(Devise::IndifferentHash)

data/test/integration/token_authenticatable_test.rb

@@ -1,161 +0,0 @@
-require 'test_helper'
-
-class TokenAuthenticationTest < ActionController::IntegrationTest
-
-  test 'authenticate with valid authentication token key and value through params' do
-    swap Devise, :token_authentication_key => :secret_token do
-      sign_in_as_new_user_with_token
-
-      assert_response :success
-      assert_current_url "/users?secret_token=#{VALID_AUTHENTICATION_TOKEN}"
-      assert_contain 'Welcome'
-      assert warden.authenticated?(:user)
-    end
-  end
-
-  test 'authenticate with valid authentication token key and value through params, when params with the same key as scope exist' do
-    swap Devise, :token_authentication_key => :secret_token do
-      user = create_user_with_authentication_token
-      post exhibit_user_path(user), Devise.token_authentication_key => user.authentication_token, :user => { :some => "data" }
-
-      assert_response :success
-      assert_contain 'User is authenticated'
-      assert warden.authenticated?(:user)
-    end
-  end
-
-  test 'authenticate with valid authentication token key but does not store if stateless' do
-    swap Devise, :token_authentication_key => :secret_token, :skip_session_storage => [:token_auth] do
-      sign_in_as_new_user_with_token
-      assert warden.authenticated?(:user)
-
-      get users_path
-      assert_redirected_to new_user_session_path
-      assert_not warden.authenticated?(:user)
-    end
-  end
-
-  test 'authenticate with valid authentication token key and value through http' do
-    swap Devise, :token_authentication_key => :secret_token do
-      sign_in_as_new_user_with_token(:http_auth => true)
-
-      assert_response :success
-      assert_match '<email>user@test.com</email>', response.body
-      assert warden.authenticated?(:user)
-    end
-  end
-
-  test 'does authenticate with valid authentication token key and value through params if not configured' do
-    swap Devise, :token_authentication_key => :secret_token, :params_authenticatable => [:database] do
-      sign_in_as_new_user_with_token
-
-      assert_contain 'You need to sign in or sign up before continuing'
-      assert_contain 'Sign in'
-      assert_not warden.authenticated?(:user)
-    end
-  end
-
-  test 'does authenticate with valid authentication token key and value through http if not configured' do
-    swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:database] do
-      sign_in_as_new_user_with_token(:http_auth => true)
-
-      assert_response 401
-      assert_contain 'Invalid email or password.'
-      assert_not warden.authenticated?(:user)
-    end
-  end
-
-  test 'does not authenticate with improper authentication token key' do
-    swap Devise, :token_authentication_key => :donald_duck_token do
-      sign_in_as_new_user_with_token(:auth_token_key => :secret_token)
-      assert_equal new_user_session_path, @request.path
-
-      assert_contain 'You need to sign in or sign up before continuing'
-      assert_contain 'Sign in'
-      assert_not warden.authenticated?(:user)
-    end
-  end
-
-  test 'does not authenticate with improper authentication token value' do
-    store_translations :en, :devise => {:failure => {:invalid_token => 'LOL, that was not a single character correct.'}} do
-      sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***')
-      assert_equal new_user_session_path, @request.path
-
-      assert_contain 'LOL, that was not a single character correct.'
-      assert_contain 'Sign in'
-      assert_not warden.authenticated?(:user)
-    end
-  end
-
-  test 'authenticate with valid authentication token key and do not store if stateless and timeoutable are enabled' do
-    swap Devise, :token_authentication_key => :secret_token, :skip_session_storage => [:token_auth], :timeout_in => (0.1).second do
-      user = sign_in_as_new_user_with_token
-      assert warden.authenticated?(:user)
-
-      # Expiring does not work because we are setting the session value when accessing it
-      sleep 0.3
-
-      get_users_path_as_existing_user(user)
-      assert warden.authenticated?(:user)
-    end
-  end
-
-  test 'should reset token and not authenticate when expire_auth_token_on_timeout is set to true, timeoutable is enabled and we have a timed out session' do
-    swap Devise, :token_authentication_key => :secret_token, :expire_auth_token_on_timeout => true, :timeout_in => (-1).minute do
-      user = sign_in_as_new_user_with_token
-      assert warden.authenticated?(:user)
-      token = user.authentication_token
-
-      get_users_path_as_existing_user(user)
-      assert_not warden.authenticated?(:user)
-      user.reload
-      assert_not_equal token, user.authentication_token
-    end
-  end
-
-  test 'should not be subject to injection' do
-    swap Devise, :token_authentication_key => :secret_token do
-      user1 = create_user_with_authentication_token()
-
-      # Clean up user cache
-      @user = nil
-
-      user2 = create_user_with_authentication_token(:email => "another@test.com")
-      user2.update_attribute(:authentication_token, "ANOTHERTOKEN")
-
-      assert_not_equal user1, user2
-      visit users_path(Devise.token_authentication_key.to_s + '[$ne]' => user1.authentication_token)
-      assert_nil warden.user(:user)
-    end
-  end
-
-  private
-
-    def sign_in_as_new_user_with_token(options = {})
-      user = options.delete(:user) || create_user_with_authentication_token(options)
-
-      options[:auth_token_key] ||= Devise.token_authentication_key
-      options[:auth_token]     ||= user.authentication_token
-
-      if options[:http_auth]
-        header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
-        get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
-      else
-        visit users_path(options[:auth_token_key].to_sym => options[:auth_token])
-      end
-
-      user
-    end
-
-    def create_user_with_authentication_token(options={})
-      user = create_user(options)
-      user.authentication_token = VALID_AUTHENTICATION_TOKEN
-      user.save
-      user
-    end
-
-    def get_users_path_as_existing_user(user)
-      sign_in_as_new_user_with_token(:user => user)
-    end
-
-end