devise 2.2.3 → 2.2.4

data/gemfiles/Gemfile.rails-3.1.x.lock

@@ -1,21 +1,21 @@
 PATH
   remote: ..
   specs:
-    devise (2.2.0)
+    devise (2.2.4)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (~> 3.1)
       warden (~> 1.2.1)
 
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
-    actionmailer (3.1.10)
-      actionpack (= 3.1.10)
-      mail (~> 2.3.3)
-    actionpack (3.1.10)
-      activemodel (= 3.1.10)
-      activesupport (= 3.1.10)
+    actionmailer (3.1.12)
+      actionpack (= 3.1.12)
+      mail (~> 2.4.4)
+    actionpack (3.1.12)
+      activemodel (= 3.1.12)
+      activesupport (= 3.1.12)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       i18n (~> 0.6)
@@ -24,54 +24,54 @@ GEM
       rack-mount (~> 0.8.2)
       rack-test (~> 0.6.1)
       sprockets (~> 2.0.4)
-    activemodel (3.1.10)
-      activesupport (= 3.1.10)
+    activemodel (3.1.12)
+      activesupport (= 3.1.12)
       builder (~> 3.0.0)
       i18n (~> 0.6)
-    activerecord (3.1.10)
-      activemodel (= 3.1.10)
-      activesupport (= 3.1.10)
+    activerecord (3.1.12)
+      activemodel (= 3.1.12)
+      activesupport (= 3.1.12)
       arel (~> 2.2.3)
       tzinfo (~> 0.3.29)
-    activeresource (3.1.10)
-      activemodel (= 3.1.10)
-      activesupport (= 3.1.10)
-    activesupport (3.1.10)
-      multi_json (>= 1.0, < 1.3)
+    activeresource (3.1.12)
+      activemodel (= 3.1.12)
+      activesupport (= 3.1.12)
+    activesupport (3.1.12)
+      multi_json (~> 1.0)
     arel (2.2.3)
     bcrypt-ruby (3.0.1)
     builder (3.0.4)
     columnize (0.3.6)
     erubis (2.7.0)
-    faraday (0.8.4)
+    faraday (0.8.7)
       multipart-post (~> 1.1)
     hashie (1.2.0)
-    hike (1.2.1)
+    hike (1.2.2)
     httpauth (0.2.0)
-    i18n (0.6.1)
-    json (1.7.6)
-    jwt (0.1.5)
-      multi_json (>= 1.0)
+    i18n (0.6.4)
+    json (1.7.7)
+    jwt (0.1.8)
+      multi_json (>= 1.5)
     linecache (0.46)
       rbx-require-relative (> 0.0.4)
-    mail (2.3.3)
+    mail (2.4.4)
       i18n (>= 0.4.0)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     metaclass (0.0.1)
-    mime-types (1.19)
-    mocha (0.10.0)
+    mime-types (1.23)
+    mocha (0.13.3)
       metaclass (~> 0.0.1)
-    mongoid (3.0.16)
+    mongoid (3.0.23)
       activemodel (~> 3.1)
-      moped (~> 1.1)
+      moped (~> 1.2)
       origin (~> 1.0)
       tzinfo (~> 0.3.22)
-    moped (1.3.2)
-    multi_json (1.2.0)
-    multipart-post (1.1.5)
-    nokogiri (1.5.6)
-    oauth2 (0.8.0)
+    moped (1.4.5)
+    multi_json (1.7.3)
+    multipart-post (1.2.0)
+    nokogiri (1.5.9)
+    oauth2 (0.8.1)
       faraday (~> 0.8)
       httpauth (~> 0.1)
       jwt (~> 0.1.4)
@@ -88,10 +88,10 @@ GEM
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
-    origin (1.0.11)
+    origin (1.1.0)
     orm_adapter (0.4.0)
     polyglot (0.3.3)
-    rack (1.3.8)
+    rack (1.3.10)
     rack-cache (1.2)
       rack (>= 0.4)
     rack-mount (0.8.3)
@@ -99,49 +99,49 @@ GEM
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
-    rack-ssl (1.3.2)
+    rack-ssl (1.3.3)
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.1.10)
-      actionmailer (= 3.1.10)
-      actionpack (= 3.1.10)
-      activerecord (= 3.1.10)
-      activeresource (= 3.1.10)
-      activesupport (= 3.1.10)
+    rails (3.1.12)
+      actionmailer (= 3.1.12)
+      actionpack (= 3.1.12)
+      activerecord (= 3.1.12)
+      activeresource (= 3.1.12)
+      activesupport (= 3.1.12)
       bundler (~> 1.0)
-      railties (= 3.1.10)
-    railties (3.1.10)
-      actionpack (= 3.1.10)
-      activesupport (= 3.1.10)
+      railties (= 3.1.12)
+    railties (3.1.12)
+      actionpack (= 3.1.12)
+      activesupport (= 3.1.12)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (~> 0.14.6)
-    rake (10.0.3)
+    rake (10.0.4)
     rbx-require-relative (0.0.9)
-    rdoc (3.12)
+    rdoc (3.12.2)
       json (~> 1.4)
     ruby-debug (0.10.4)
       columnize (>= 0.1)
       ruby-debug-base (~> 0.10.4.0)
     ruby-debug-base (0.10.4)
       linecache (>= 0.3)
-    ruby-openid (2.2.2)
+    ruby-openid (2.2.3)
     sprockets (2.0.4)
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.6)
+    sqlite3 (1.3.7)
     thor (0.14.6)
-    tilt (1.3.3)
+    tilt (1.4.0)
     treetop (1.4.12)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.35)
+    tzinfo (0.3.37)
     warden (1.2.1)
       rack (>= 1.0)
-    webrat (0.7.2)
+    webrat (0.7.3)
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
@@ -154,7 +154,7 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
-  mocha (= 0.10.0)
+  mocha (~> 0.13.1)
   mongoid (~> 3.0)
   omniauth (~> 1.0.0)
   omniauth-facebook
@@ -164,4 +164,4 @@ DEPENDENCIES
   rdoc
   ruby-debug (>= 0.10.3)
   sqlite3
-  webrat (= 0.7.2)
+  webrat (= 0.7.3)

data/lib/devise.rb

@@ -51,6 +51,10 @@ module Devise
   mattr_accessor :stretches
   @@stretches = 10
 
+  # The default key used when authenticating over http auth.
+  mattr_accessor :http_authentication_key
+  @@http_authentication_key = nil
+
   # Keys used when authenticating a user.
   mattr_accessor :authentication_keys
   @@authentication_keys = [ :email ]
@@ -102,6 +106,7 @@ module Devise
   @@extend_remember_period = false
 
   # Time interval you can access your account before confirming your account.
+  # nil - allows unconfirmed access for unlimited time
   mattr_accessor :allow_unconfirmed_access_for
   @@allow_unconfirmed_access_for = 0.days
 
@@ -310,7 +315,7 @@ module Devise
   # == Options:
   #
   #   +model+      - String representing the load path to a custom *model* for this module (to autoload.)
-  #   +controller+ - Symbol representing the name of an exisiting or custom *controller* for this module.
+  #   +controller+ - Symbol representing the name of an existing or custom *controller* for this module.
   #   +route+      - Symbol representing the named *route* helper for this module.
   #   +strategy+   - Symbol representing if this module got a custom *strategy*.
   #
@@ -420,6 +425,17 @@ module Devise
 
       Devise.mappings.each_value do |mapping|
         warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
+
+        warden_config.serialize_into_session(mapping.name) do |record|
+          mapping.to.serialize_into_session(record)
+        end
+
+        warden_config.serialize_from_session(mapping.name) do |key|
+          # Previous versions contained an additional entry at the beginning of
+          # key with the record's class name.
+          args = key[-2, 2]
+          mapping.to.serialize_from_session(*args)
+        end
       end
 
       @@warden_config_block.try :call, Devise.warden_config
@@ -427,7 +443,7 @@ module Devise
     end
   end
 
-  # Generate a friendly string randomically to be used as token.
+  # Generate a friendly string randomly to be used as token.
   def self.friendly_token
     SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
   end

data/lib/devise/mailers/helpers.rb

@@ -54,8 +54,9 @@ module Devise
       end
 
       def mailer_sender(mapping, sender = :from)
-        if default_params[sender].present?
-          default_params[sender]
+        default_sender = default_params[sender]
+        if default_sender.present?
+          default_sender.respond_to?(:to_proc) ? instance_eval(&default_sender) : default_sender
         elsif Devise.mailer_sender.is_a?(Proc)
           Devise.mailer_sender.call(mapping.name)
         else
@@ -64,12 +65,12 @@ module Devise
       end
 
       def template_paths
-        template_path = [self.class.mailer_name]
+        template_path = _prefixes.dup
         template_path.unshift "#{@devise_mapping.scoped_path}/mailer" if self.class.scoped_views?
         template_path
       end
 
-      # Setup a subject doing an I18n lookup. At first, it attemps to set a subject
+      # Setup a subject doing an I18n lookup. At first, it attempts to set a subject
       # based on the current mapping:
       #
       #   en:

data/lib/devise/models/authenticatable.rb

@@ -10,12 +10,15 @@ module Devise
     #
     #   * +authentication_keys+: parameters used for authentication. By default [:email].
     #
+    #   * +http_authentication_key+: map the username passed via HTTP Auth to this parameter. Defaults to
+    #     the first element in +authentication_keys+.
+    #
     #   * +request_keys+: parameters from the request object used for authentication.
     #     By specifying a symbol (which should be a request method), it will automatically be
     #     passed to find_for_authentication method and considered in your model lookup.
     #
     #     For instance, if you set :request_keys to [:subdomain], :subdomain will be considered
-    #     as key on authentication. This can also be a hash where the value is a boolean expliciting
+    #     as key on authentication. This can also be a hash where the value is a boolean specifying
     #     if the value is required or not.
     #
     #   * +http_authenticatable+: if this model allows http authentication. By default true.
@@ -32,7 +35,7 @@ module Devise
     # == active_for_authentication?
     #
     # After authenticating a user and in each request, Devise checks if your model is active by
-    # calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance,
+    # calling model.active_for_authentication?. This method is overwritten by other devise modules. For instance,
     # :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed.
     #
     # You overwrite this method yourself, but if you do, don't forget to call super:
@@ -140,14 +143,26 @@ module Devise
       #
       #       protected
       #
-      #       def send_devise_notification(notification)
-      #         pending_notifications << notification
+      #       def send_devise_notification(notification, opts = {})
+      #         # if the record is new or changed then delay the
+      #         # delivery until the after_commit callback otherwise
+      #         # send now because after_commit will not be called.
+      #         if new_record? || changed?
+      #           pending_notifications << [notification, opts]
+      #         else
+      #           devise_mailer.send(notification, self, opts).deliver
+      #         end
       #       end
       #
       #       def send_pending_notifications
-      #         pending_notifications.each do |n|
-      #           devise_mailer.send(n, self).deliver
+      #         pending_notifications.each do |n, opts|
+      #           devise_mailer.send(n, self, opts).deliver
       #         end
+      #
+      #         # Empty the pending notifications array because the
+      #         # after_commit hook can be called multiple times which
+      #         # could cause multiple emails to be sent.
+      #         pending_notifications.clear
       #       end
       #
       #       def pending_notifications
@@ -182,7 +197,8 @@ module Devise
 
       module ClassMethods
         Devise::Models.config(self, :authentication_keys, :request_keys, :strip_whitespace_keys,
-          :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage)
+          :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage,
+          :http_authentication_key)
 
         def serialize_into_session(record)
           [record.to_key, record.authenticatable_salt]
@@ -215,7 +231,7 @@ module Devise
         # Example:
         #
         #   def self.find_for_authentication(tainted_conditions)
-        #     find_first_by_auth_conditions(tainted_conditions, active: true)
+        #     find_first_by_auth_conditions(tainted_conditions, :active => true)
         #   end
         #
         # Finally, notice that Devise also queries for users in other scenarios

data/lib/devise/models/confirmable.rb

@@ -34,11 +34,18 @@ module Devise
 
       included do
         before_create :generate_confirmation_token, :if => :confirmation_required?
-        after_create  :send_on_create_confirmation_instructions, :if => :confirmation_required?
+        after_create  :send_on_create_confirmation_instructions, :if => :send_confirmation_notification?
         before_update :postpone_email_change_until_confirmation, :if => :postpone_email_change?
         after_update  :send_confirmation_instructions, :if => :reconfirmation_required?
       end
 
+      def initialize(*args, &block)
+        @bypass_postpone = false
+        @reconfirmation_required = false
+        @skip_confirmation_notification = false
+        super
+      end
+
       def self.required_fields(klass)
         required_methods = [:confirmation_token, :confirmed_at, :confirmation_sent_at]
         required_methods << :unconfirmed_email if klass.reconfirmable
@@ -119,6 +126,12 @@ module Devise
         self.confirmed_at = Time.now.utc
       end
 
+      # Skips sending the confirmation notification email after_create. Unlike
+      # #skip_confirmation!, record still requires confirmation.
+      def skip_confirmation_notification!
+        @skip_confirmation_notification = true
+      end
+
       # If you don't want reconfirmation to be sent, neither a code
       # to be generated, call skip_reconfirmation!
       def skip_reconfirmation!
@@ -158,8 +171,11 @@ module Devise
         #   # allow_unconfirmed_access_for = 0.days
         #   confirmation_period_valid?   # will always return false
         #
+        #   # allow_unconfirmed_access_for = nil
+        #   confirmation_period_valid?   # will always return true
+        #
         def confirmation_period_valid?
-          confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago
+          self.class.allow_unconfirmed_access_for.nil? || (confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago)
         end
 
         # Checks if the user confirmation happens before the token becomes invalid
@@ -212,7 +228,7 @@ module Devise
 
         def postpone_email_change?
           postpone = self.class.reconfirmable && email_changed? && !@bypass_postpone
-          @bypass_postpone = nil
+          @bypass_postpone = false
           postpone
         end
 
@@ -220,6 +236,10 @@ module Devise
           self.class.reconfirmable && @reconfirmation_required
         end
 
+        def send_confirmation_notification?
+          confirmation_required? && !@skip_confirmation_notification
+        end
+
       module ClassMethods
         # Attempt to find a user by its email. If a record is found, send new
         # confirmation instructions to it. If not, try searching for a user by unconfirmed_email

data/lib/devise/models/database_authenticatable.rb

@@ -95,6 +95,21 @@ module Devise
         result
       end
 
+      # Destroy record when :current_password matches, otherwise returns
+      # error on :current_password. It also automatically rejects 
+      # :current_password if it is blank.
+      def destroy_with_password(current_password)
+        result = if valid_password?(current_password)
+          destroy
+        else
+          self.valid?
+          self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
+          false
+        end
+
+        result
+      end
+
       def after_database_authentication
       end
 

data/lib/devise/models/omniauthable.rb

@@ -8,7 +8,7 @@ module Devise
     #
     # Oauthable adds the following options to devise_for:
     #
-    #   * +omniauth_providers+: Which providers are avaialble to this model. It expects an array:
+    #   * +omniauth_providers+: Which providers are available to this model. It expects an array:
     #
     #       devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter]
     #
@@ -24,4 +24,4 @@ module Devise
       end
     end
   end
-end
+end