devise 3.0.0 → 3.1.0

data/test/models/lockable_test.rb

@@ -139,10 +139,20 @@ class LockableTest < ActiveSupport::TestCase
     end
   end
 
-  test 'should find and unlock a user automatically' do
+  test 'DEPRECATED: should find and unlock a user automatically' do
+    swap Devise, allow_insecure_token_lookup: true do
+      user = create_user
+      user.lock_access!
+      locked_user = User.unlock_access_by_token(user.unlock_token)
+      assert_equal locked_user, user
+      assert_not user.reload.access_locked?
+    end
+  end
+
+  test 'should find and unlock a user automatically based on raw token' do
     user = create_user
-    user.lock_access!
-    locked_user = User.unlock_access_by_token(user.unlock_token)
+    raw  = user.send_unlock_instructions
+    locked_user = User.unlock_access_by_token(raw)
     assert_equal locked_user, user
     assert_not user.reload.access_locked?
   end
@@ -195,7 +205,7 @@ class LockableTest < ActiveSupport::TestCase
 
   test 'should not be able to send instructions if the user is not locked' do
     user = create_user
-    assert_not user.resend_unlock_token
+    assert_not user.resend_unlock_instructions
     assert_not user.access_locked?
     assert_equal 'was not locked', user.errors[:email].join
   end
@@ -203,7 +213,7 @@ class LockableTest < ActiveSupport::TestCase
   test 'should not be able to send instructions if the user if not locked and have username as unlock key' do
     swap Devise, :unlock_keys => [:username] do
       user = create_user
-      assert_not user.resend_unlock_token
+      assert_not user.resend_unlock_instructions
       assert_not user.access_locked?
       assert_equal 'was not locked', user.errors[:username].join
     end

data/test/models/recoverable_test.rb

@@ -108,11 +108,21 @@ class RecoverableTest < ActiveSupport::TestCase
     end
   end
 
-  test 'should find a user to reset his password based on reset_password_token' do
+  test 'DEPRECATED: should find a user to reset his password based on reset_password_token' do
+    swap Devise, allow_insecure_token_lookup: true do
+      user = create_user
+      user.send_reset_password_instructions
+
+      reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token)
+      assert_equal reset_password_user, user
+    end
+  end
+
+  test 'should find a user to reset his password based on the raw token' do
     user = create_user
-    user.ensure_reset_password_token!
+    raw  = user.send_reset_password_instructions
 
-    reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token)
+    reset_password_user = User.reset_password_by_token(:reset_password_token => raw)
     assert_equal reset_password_user, user
   end
 
@@ -130,9 +140,9 @@ class RecoverableTest < ActiveSupport::TestCase
 
   test 'should return a new record with errors if password is blank' do
     user = create_user
-    user.ensure_reset_password_token!
+    raw  = user.send_reset_password_instructions
 
-    reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token, :password => '')
+    reset_password_user = User.reset_password_by_token(:reset_password_token => raw, :password => '')
     assert_not reset_password_user.errors.empty?
     assert_match "can't be blank", reset_password_user.errors[:password].join
   end
@@ -140,10 +150,10 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should reset successfully user password given the new password and confirmation' do
     user = create_user
     old_password = user.password
-    user.ensure_reset_password_token!
+    raw  = user.send_reset_password_instructions
 
     User.reset_password_by_token(
-      :reset_password_token => user.reset_password_token,
+      :reset_password_token => raw,
       :password => 'new_password',
       :password_confirmation => 'new_password'
     )
@@ -153,38 +163,17 @@ class RecoverableTest < ActiveSupport::TestCase
     assert user.valid_password?('new_password')
   end
 
-  test 'should not reset reset password token during reset_password_within time' do
-    swap Devise, :reset_password_within => 1.hour do
-      user = create_user
-      user.send_reset_password_instructions
-      3.times do
-        token = user.reset_password_token
-        user.send_reset_password_instructions
-        assert_equal token, user.reset_password_token
-      end
-    end
-  end
-
-  test 'should reset reset password token after reset_password_within time' do
-    swap Devise, :reset_password_within => 1.hour do
-      user = create_user
-      user.reset_password_sent_at = 2.days.ago
-      token = user.reset_password_token
-      user.send_reset_password_instructions
-      assert_not_equal token, user.reset_password_token
-    end
-  end
-
   test 'should not reset password after reset_password_within time' do
     swap Devise, :reset_password_within => 1.hour do
       user = create_user
+      raw  = user.send_reset_password_instructions
+
       old_password = user.password
-      user.ensure_reset_password_token!
       user.reset_password_sent_at = 2.days.ago
       user.save!
 
       reset_password_user = User.reset_password_by_token(
-        :reset_password_token => user.reset_password_token,
+        :reset_password_token => raw,
         :password => 'new_password',
         :password_confirmation => 'new_password'
       )
@@ -201,22 +190,5 @@ class RecoverableTest < ActiveSupport::TestCase
       :reset_password_sent_at,
       :reset_password_token
     ]
-  end
-  
-  test 'should generate a new token when a valid one does not exist' do
-    user = create_user
-    assert_nil user.reset_password_token
-    
-    user.ensure_reset_password_token!
-    assert_not_nil user.reset_password_token
-  end
-  
-  test 'should not generate a new token when a valid one exists' do
-    user = create_user
-    user.send :generate_reset_password_token!
-    assert_not_nil user.reset_password_token
-    old = user.reset_password_token
-    user.ensure_reset_password_token!
-    assert_equal user.reset_password_token, old
   end  
 end

data/test/models/rememberable_test.rb

@@ -22,6 +22,14 @@ class RememberableTest < ActiveSupport::TestCase
     user.forget_me!
   end
 
+  test 'can generate remember token' do
+    user = create_user
+    user.singleton_class.send(:attr_accessor, :remember_token)
+    User.to_adapter.expects(:find_first).returns(nil)
+    user.remember_me!
+    assert user.remember_token
+  end
+
   test 'serialize into cookie' do
     user = create_user
     user.remember_me!

data/test/models/timeoutable_test.rb

@@ -43,4 +43,9 @@ class TimeoutableTest < ActiveSupport::TestCase
   test 'required_fields should contain the fields that Devise uses' do
     assert_same_content Devise::Models::Timeoutable.required_fields(User), []
   end
+
+  test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do
+    user = create_admin(remember_created_at: Time.current)
+    assert user.timedout?(31.minutes.ago)
+  end
 end

data/test/models_test.rb

@@ -141,23 +141,4 @@ class CheckFieldsTest < ActiveSupport::TestCase
       Devise::Models.check_fields!(Magician)
     end
   end
-
-  test "doesn't raise a NoMethodError exception when the module doesn't have a required_field(klass) class method" do
-    driver = Class.new do
-      extend Devise::Models
-
-      def self.before_validation(instance)
-      end
-
-      attr_accessor :encrypted_password, :email
-
-      devise :database_authenticatable
-    end
-
-    swap_module_method_existence Devise::Models::DatabaseAuthenticatable, :required_fields do
-      assert_deprecated do
-        Devise::Models.check_fields!(driver)
-      end
-    end
-  end
 end

data/test/parameter_sanitizer_test.rb

@@ -2,12 +2,13 @@ require 'test_helper'
 require 'devise/parameter_sanitizer'
 
 class BaseSanitizerTest < ActiveSupport::TestCase
-  def sanitizer
-    Devise::BaseSanitizer.new(User, :user, { user: { "email" => "jose" } })
+  def sanitizer(params)
+    Devise::BaseSanitizer.new(User, :user, params)
   end
 
   test 'returns chosen params' do
-    assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in))
+    sanitizer = sanitizer(user: { "email" => "jose" })
+    assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_in))
   end
 end
 
@@ -22,36 +23,49 @@ if defined?(ActionController::StrongParameters)
 
     test 'filters some parameters on sign in by default' do
       sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
-      assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.for(:sign_in))
+      assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.sanitize(:sign_in))
     end
 
     test 'handles auth keys as a hash' do
       swap Devise, :authentication_keys => {:email => true} do
         sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
-        assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in))
+        assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
       end
     end
 
     test 'filters some parameters on sign up by default' do
       sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
-      assert_equal({ "email" => "jose" }, sanitizer.for(:sign_up))
+      assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_up))
     end
 
     test 'filters some parameters on account update by default' do
       sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
-      assert_equal({ "email" => "jose" }, sanitizer.for(:account_update))
+      assert_equal({ "email" => "jose" }, sanitizer.sanitize(:account_update))
     end
 
     test 'allows custom hooks' do
       sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
       sanitizer.for(:sign_in) { |user| user.permit(:email, :password) }
-      assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in))
+      assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
+    end
+
+    test 'adding multiple permitted parameters' do
+      sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1", "role" => "valid" })
+      sanitizer.for(:sign_in).concat([:username, :role])
+      assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitizer.sanitize(:sign_in))
+    end
+
+    test 'removing multiple default parameters' do
+      sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
+      sanitizer.for(:sign_in).delete(:email)
+      sanitizer.for(:sign_in).delete(:password)
+      assert_equal({ "remember_me" => "1" }, sanitizer.sanitize(:sign_in))
     end
 
     test 'raises on unknown hooks' do
       sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
       assert_raise NotImplementedError do
-        sanitizer.for(:unknown)
+        sanitizer.sanitize(:unknown)
       end
     end
   end

data/test/rails_app/config/initializers/devise.rb

@@ -4,6 +4,9 @@ require "omniauth-openid"
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
+  config.secret_key = "d9eb5171c59a4c817f68b0de27b8c1e340c2341b52cdbc60d3083d4e8958532" \
+                      "18dcc5f589cafde048faec956b61f864b9b5513ff9ce29bf9e5d58b0f234f8e3b"
+
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
   # note that it will be overwritten if you use your own mailer class with default "from" parameter.

data/test/rails_app/lib/shared_admin.rb

@@ -11,4 +11,7 @@ module SharedAdmin
     validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed?
   end
 
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
 end

data/test/rails_app/lib/shared_user.rb

@@ -12,6 +12,10 @@ module SharedUser
     extend ExtendMethods
   end
 
+  def raw_confirmation_token
+    @raw_confirmation_token
+  end
+
   module ExtendMethods
     def new_with_session(params, session)
       super.tap do |user|

data/test/support/helpers.rb

@@ -67,25 +67,4 @@ class ActiveSupport::TestCase
       end
     end
   end
-
-  def swap_module_method_existence(klass, method)
-    klass.module_eval %Q[
-      class << self
-        alias #{method}_referenced #{method}
-        undef #{method}
-      end
-    ]
-
-    begin
-      yield if block_given?
-    ensure
-
-      klass.module_eval %Q[
-        class << self
-          alias #{method} #{method}_referenced
-          undef #{method}_referenced
-        end
-      ]
-    end
-  end
 end

metadata

@@ -1,8 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: devise
 version: !ruby/object:Gem::Version
+  version: 3.1.0
   prerelease: 
-  version: 3.0.0
 platform: ruby
 authors:
 - José Valim
@@ -10,58 +10,76 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-14 00:00:00.000000000 Z
+date: 2013-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  version_requirements: !ruby/object:Gem::Requirement
+  name: warden
+  requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.2.3
-    none: false
-  name: warden
   type: :runtime
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.2.3
-    none: false
 - !ruby/object:Gem::Dependency
-  version_requirements: !ruby/object:Gem::Requirement
+  name: orm_adapter
+  requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.1'
-    none: false
-  name: orm_adapter
   type: :runtime
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.1'
-    none: false
 - !ruby/object:Gem::Dependency
-  version_requirements: !ruby/object:Gem::Requirement
+  name: bcrypt-ruby
+  requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
-    none: false
-  name: bcrypt-ruby
   type: :runtime
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
-    none: false
 - !ruby/object:Gem::Dependency
+  name: thread_safe
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -69,11 +87,10 @@ dependencies:
     - - <
       - !ruby/object:Gem::Version
         version: '5'
-    none: false
-  name: railties
   type: :runtime
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -81,7 +98,6 @@ dependencies:
     - - <
       - !ruby/object:Gem::Version
         version: '5'
-    none: false
 description: Flexible authentication solution for Rails with Warden
 email: contact@plataformatec.com.br
 executables: []
@@ -91,7 +107,7 @@ files:
 - .gitignore
 - .travis.yml
 - .yardopts
-- CHANGELOG.rdoc
+- CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
@@ -107,7 +123,6 @@ files:
 - app/controllers/devise_controller.rb
 - app/helpers/devise_helper.rb
 - app/mailers/devise/mailer.rb
-- app/views/devise/_links.erb
 - app/views/devise/confirmations/new.html.erb
 - app/views/devise/mailer/confirmation_instructions.html.erb
 - app/views/devise/mailer/reset_password_instructions.html.erb
@@ -132,6 +147,7 @@ files:
 - lib/devise/delegator.rb
 - lib/devise/failure_app.rb
 - lib/devise/hooks/activatable.rb
+- lib/devise/hooks/csrf_cleaner.rb
 - lib/devise/hooks/forgetable.rb
 - lib/devise/hooks/lockable.rb
 - lib/devise/hooks/rememberable.rb
@@ -170,6 +186,7 @@ files:
 - lib/devise/strategies/token_authenticatable.rb
 - lib/devise/test_helpers.rb
 - lib/devise/time_inflector.rb
+- lib/devise/token_generator.rb
 - lib/devise/version.rb
 - lib/generators/active_record/devise_generator.rb
 - lib/generators/active_record/templates/migration.rb
@@ -312,17 +329,17 @@ rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-  none: false
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-  none: false
 requirements: []
 rubyforge_project: devise
 rubygems_version: 1.8.23
@@ -443,4 +460,3 @@ test_files:
 - test/test_helper.rb
 - test/test_helpers_test.rb
 - test/test_models.rb
-has_rdoc: 

data/app/views/devise/_links.erb

@@ -1,3 +0,0 @@
-<% ActiveSupport::Deprecation.warn "Rendering partials devise/_links.erb is deprecated" \
-  "please use devise/shared/_links.erb instead."%>
-<%= render "shared/links" %>