devise 3.0.0 → 4.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +351 -0
- data/MIT-LICENSE +2 -1
- data/README.md +422 -130
- data/app/controllers/devise/confirmations_controller.rb +17 -6
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +23 -8
- data/app/controllers/devise/registrations_controller.rb +70 -28
- data/app/controllers/devise/sessions_controller.rb +49 -17
- data/app/controllers/devise/unlocks_controller.rb +11 -4
- data/app/controllers/devise_controller.rb +74 -34
- data/app/helpers/devise_helper.rb +23 -18
- data/app/mailers/devise/mailer.rb +25 -10
- data/app/views/devise/confirmations/new.html.erb +9 -5
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +16 -7
- data/app/views/devise/passwords/new.html.erb +9 -5
- data/app/views/devise/registrations/edit.html.erb +29 -15
- data/app/views/devise/registrations/new.html.erb +20 -9
- data/app/views/devise/sessions/new.html.erb +19 -10
- data/app/views/devise/shared/_error_messages.html.erb +15 -0
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +10 -10
- data/app/views/devise/unlocks/new.html.erb +9 -5
- data/config/locales/en.yml +26 -20
- data/lib/devise/controllers/helpers.rb +122 -125
- data/lib/devise/controllers/rememberable.rb +14 -14
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +121 -0
- data/lib/devise/controllers/store_location.rb +76 -0
- data/lib/devise/controllers/url_helpers.rb +10 -8
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +132 -42
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +9 -0
- data/lib/devise/hooks/forgetable.rb +3 -1
- data/lib/devise/hooks/lockable.rb +5 -3
- data/lib/devise/hooks/proxy.rb +23 -0
- data/lib/devise/hooks/rememberable.rb +7 -4
- data/lib/devise/hooks/timeoutable.rb +18 -8
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -18
- data/lib/devise/mapping.rb +9 -3
- data/lib/devise/models/authenticatable.rb +102 -80
- data/lib/devise/models/confirmable.rb +154 -72
- data/lib/devise/models/database_authenticatable.rb +125 -25
- data/lib/devise/models/lockable.rb +50 -29
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +72 -50
- data/lib/devise/models/registerable.rb +4 -0
- data/lib/devise/models/rememberable.rb +65 -32
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +20 -4
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/models.rb +6 -13
- data/lib/devise/modules.rb +12 -11
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/omniauth.rb +4 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +4 -0
- data/lib/devise/parameter_sanitizer.rb +144 -34
- data/lib/devise/rails/deprecated_constant_accessor.rb +39 -0
- data/lib/devise/rails/routes.rb +191 -127
- data/lib/devise/rails/warden_compat.rb +2 -1
- data/lib/devise/rails.rb +13 -20
- data/lib/devise/secret_key_finder.rb +27 -0
- data/lib/devise/strategies/authenticatable.rb +21 -22
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +15 -4
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +167 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -123
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +32 -0
- data/lib/devise/version.rb +3 -1
- data/lib/devise.rb +124 -78
- data/lib/generators/active_record/devise_generator.rb +64 -15
- data/lib/generators/active_record/templates/migration.rb +9 -8
- data/lib/generators/active_record/templates/migration_existing.rb +9 -8
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +10 -6
- data/lib/generators/devise/install_generator.rb +19 -1
- data/lib/generators/devise/orm_helpers.rb +17 -9
- data/lib/generators/devise/views_generator.rb +51 -28
- data/lib/generators/mongoid/devise_generator.rb +24 -24
- data/lib/generators/templates/README +13 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +118 -53
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +6 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +12 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +5 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +14 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +12 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +11 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +5 -2
- metadata +73 -294
- data/.gitignore +0 -10
- data/.travis.yml +0 -20
- data/.yardopts +0 -9
- data/CHANGELOG.rdoc +0 -941
- data/CONTRIBUTING.md +0 -14
- data/Gemfile +0 -31
- data/Gemfile.lock +0 -159
- data/Rakefile +0 -35
- data/app/views/devise/_links.erb +0 -3
- data/devise.gemspec +0 -26
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -156
- data/lib/devise/models/token_authenticatable.rb +0 -89
- data/lib/devise/strategies/token_authenticatable.rb +0 -91
- data/test/controllers/custom_strategy_test.rb +0 -62
- data/test/controllers/helpers_test.rb +0 -253
- data/test/controllers/internal_helpers_test.rb +0 -120
- data/test/controllers/passwords_controller_test.rb +0 -32
- data/test/controllers/sessions_controller_test.rb +0 -99
- data/test/controllers/url_helpers_test.rb +0 -59
- data/test/delegator_test.rb +0 -19
- data/test/devise_test.rb +0 -83
- data/test/failure_app_test.rb +0 -221
- data/test/generators/active_record_generator_test.rb +0 -73
- data/test/generators/devise_generator_test.rb +0 -39
- data/test/generators/install_generator_test.rb +0 -13
- data/test/generators/mongoid_generator_test.rb +0 -23
- data/test/generators/views_generator_test.rb +0 -67
- data/test/helpers/devise_helper_test.rb +0 -51
- data/test/integration/authenticatable_test.rb +0 -699
- data/test/integration/confirmable_test.rb +0 -299
- data/test/integration/database_authenticatable_test.rb +0 -84
- data/test/integration/http_authenticatable_test.rb +0 -115
- data/test/integration/lockable_test.rb +0 -242
- data/test/integration/omniauthable_test.rb +0 -133
- data/test/integration/recoverable_test.rb +0 -335
- data/test/integration/registerable_test.rb +0 -349
- data/test/integration/rememberable_test.rb +0 -165
- data/test/integration/timeoutable_test.rb +0 -150
- data/test/integration/token_authenticatable_test.rb +0 -205
- data/test/integration/trackable_test.rb +0 -92
- data/test/mailers/confirmation_instructions_test.rb +0 -111
- data/test/mailers/reset_password_instructions_test.rb +0 -92
- data/test/mailers/unlock_instructions_test.rb +0 -87
- data/test/mapping_test.rb +0 -127
- data/test/models/authenticatable_test.rb +0 -13
- data/test/models/confirmable_test.rb +0 -452
- data/test/models/database_authenticatable_test.rb +0 -226
- data/test/models/lockable_test.rb +0 -282
- data/test/models/omniauthable_test.rb +0 -7
- data/test/models/recoverable_test.rb +0 -222
- data/test/models/registerable_test.rb +0 -7
- data/test/models/rememberable_test.rb +0 -175
- data/test/models/serializable_test.rb +0 -49
- data/test/models/timeoutable_test.rb +0 -46
- data/test/models/token_authenticatable_test.rb +0 -55
- data/test/models/trackable_test.rb +0 -13
- data/test/models/validatable_test.rb +0 -127
- data/test/models_test.rb +0 -163
- data/test/omniauth/config_test.rb +0 -57
- data/test/omniauth/url_helpers_test.rb +0 -54
- data/test/orm/active_record.rb +0 -10
- data/test/orm/mongoid.rb +0 -13
- data/test/parameter_sanitizer_test.rb +0 -58
- data/test/rails_app/Rakefile +0 -6
- data/test/rails_app/app/active_record/admin.rb +0 -6
- data/test/rails_app/app/active_record/shim.rb +0 -2
- data/test/rails_app/app/active_record/user.rb +0 -6
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
- data/test/rails_app/app/controllers/admins_controller.rb +0 -11
- data/test/rails_app/app/controllers/application_controller.rb +0 -9
- data/test/rails_app/app/controllers/home_controller.rb +0 -25
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
- data/test/rails_app/app/controllers/users_controller.rb +0 -31
- data/test/rails_app/app/helpers/application_helper.rb +0 -3
- data/test/rails_app/app/mailers/users/mailer.rb +0 -12
- data/test/rails_app/app/mongoid/admin.rb +0 -29
- data/test/rails_app/app/mongoid/shim.rb +0 -23
- data/test/rails_app/app/mongoid/user.rb +0 -42
- data/test/rails_app/app/views/admins/index.html.erb +0 -1
- data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/home/index.html.erb +0 -1
- data/test/rails_app/app/views/home/join.html.erb +0 -1
- data/test/rails_app/app/views/home/private.html.erb +0 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/layouts/application.html.erb +0 -24
- data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
- data/test/rails_app/app/views/users/index.html.erb +0 -1
- data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
- data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
- data/test/rails_app/bin/bundle +0 -3
- data/test/rails_app/bin/rails +0 -4
- data/test/rails_app/bin/rake +0 -4
- data/test/rails_app/config/application.rb +0 -40
- data/test/rails_app/config/boot.rb +0 -8
- data/test/rails_app/config/database.yml +0 -18
- data/test/rails_app/config/environment.rb +0 -5
- data/test/rails_app/config/environments/development.rb +0 -34
- data/test/rails_app/config/environments/production.rb +0 -84
- data/test/rails_app/config/environments/test.rb +0 -36
- data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
- data/test/rails_app/config/initializers/devise.rb +0 -178
- data/test/rails_app/config/initializers/inflections.rb +0 -2
- data/test/rails_app/config/initializers/secret_token.rb +0 -8
- data/test/rails_app/config/initializers/session_store.rb +0 -1
- data/test/rails_app/config/routes.rb +0 -104
- data/test/rails_app/config.ru +0 -4
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -74
- data/test/rails_app/db/schema.rb +0 -52
- data/test/rails_app/lib/shared_admin.rb +0 -14
- data/test/rails_app/lib/shared_user.rb +0 -25
- data/test/rails_app/public/404.html +0 -26
- data/test/rails_app/public/422.html +0 -26
- data/test/rails_app/public/500.html +0 -26
- data/test/rails_app/public/favicon.ico +0 -0
- data/test/routes_test.rb +0 -250
- data/test/support/assertions.rb +0 -40
- data/test/support/helpers.rb +0 -91
- data/test/support/integration.rb +0 -92
- data/test/support/locale/en.yml +0 -4
- data/test/support/webrat/integrations/rails.rb +0 -24
- data/test/test_helper.rb +0 -34
- data/test/test_helpers_test.rb +0 -151
- data/test/test_models.rb +0 -26
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
module Models
|
|
3
5
|
# Validatable creates all needed validations for a user email and password.
|
|
@@ -10,12 +12,12 @@ module Devise
|
|
|
10
12
|
# Validatable adds the following options to devise_for:
|
|
11
13
|
#
|
|
12
14
|
# * +email_regexp+: the regular expression used to validate e-mails;
|
|
13
|
-
# * +password_length+: a range expressing password length. Defaults to
|
|
15
|
+
# * +password_length+: a range expressing password length. Defaults to 6..128.
|
|
14
16
|
#
|
|
15
17
|
module Validatable
|
|
16
18
|
# All validations used by this module.
|
|
17
|
-
VALIDATIONS = [
|
|
18
|
-
|
|
19
|
+
VALIDATIONS = [:validates_presence_of, :validates_uniqueness_of, :validates_format_of,
|
|
20
|
+
:validates_confirmation_of, :validates_length_of].freeze
|
|
19
21
|
|
|
20
22
|
def self.required_fields(klass)
|
|
21
23
|
[]
|
|
@@ -26,13 +28,18 @@ module Devise
|
|
|
26
28
|
assert_validations_api!(base)
|
|
27
29
|
|
|
28
30
|
base.class_eval do
|
|
29
|
-
validates_presence_of :email, :
|
|
30
|
-
|
|
31
|
-
|
|
31
|
+
validates_presence_of :email, if: :email_required?
|
|
32
|
+
if Devise.activerecord51?
|
|
33
|
+
validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email?
|
|
34
|
+
validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email?
|
|
35
|
+
else
|
|
36
|
+
validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
|
|
37
|
+
validates_format_of :email, with: email_regexp, allow_blank: true, if: :email_changed?
|
|
38
|
+
end
|
|
32
39
|
|
|
33
|
-
validates_presence_of :password, :
|
|
34
|
-
validates_confirmation_of :password, :
|
|
35
|
-
validates_length_of :password, :
|
|
40
|
+
validates_presence_of :password, if: :password_required?
|
|
41
|
+
validates_confirmation_of :password, if: :password_required?
|
|
42
|
+
validates_length_of :password, within: password_length, allow_blank: true
|
|
36
43
|
end
|
|
37
44
|
end
|
|
38
45
|
|
data/lib/devise/models.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
module Models
|
|
3
5
|
class MissingAttribute < StandardError
|
|
@@ -12,7 +14,7 @@ module Devise
|
|
|
12
14
|
|
|
13
15
|
# Creates configuration values for Devise and for the given module.
|
|
14
16
|
#
|
|
15
|
-
# Devise::Models.config(Devise::
|
|
17
|
+
# Devise::Models.config(Devise::Models::DatabaseAuthenticatable, :stretches)
|
|
16
18
|
#
|
|
17
19
|
# The line above creates:
|
|
18
20
|
#
|
|
@@ -56,14 +58,8 @@ module Devise
|
|
|
56
58
|
klass.devise_modules.each do |mod|
|
|
57
59
|
constant = const_get(mod.to_s.classify)
|
|
58
60
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
failed_attributes << field unless instance.respond_to?(field)
|
|
62
|
-
end
|
|
63
|
-
else
|
|
64
|
-
ActiveSupport::Deprecation.warn "The module #{mod} doesn't implement self.required_fields(klass). " \
|
|
65
|
-
"Devise uses required_fields to warn developers of any missing fields in their models. " \
|
|
66
|
-
"Please implement #{mod}.required_fields(klass) that returns an array of symbols with the required fields."
|
|
61
|
+
constant.required_fields(klass).each do |field|
|
|
62
|
+
failed_attributes << field unless instance.respond_to?(field)
|
|
67
63
|
end
|
|
68
64
|
end
|
|
69
65
|
|
|
@@ -89,11 +85,8 @@ module Devise
|
|
|
89
85
|
|
|
90
86
|
devise_modules_hook! do
|
|
91
87
|
include Devise::Models::Authenticatable
|
|
92
|
-
selected_modules.each do |m|
|
|
93
|
-
if m == :encryptable && !(defined?(Devise::Models::Encryptable))
|
|
94
|
-
warn "[DEVISE] You're trying to include :encryptable in your model but it is not bundled with the Devise gem anymore. Please add `devise-encryptable` to your Gemfile to proceed.\n"
|
|
95
|
-
end
|
|
96
88
|
|
|
89
|
+
selected_modules.each do |m|
|
|
97
90
|
mod = Devise::Models.const_get(m.to_s.classify)
|
|
98
91
|
|
|
99
92
|
if mod.const_defined?("ClassMethods")
|
data/lib/devise/modules.rb
CHANGED
|
@@ -1,29 +1,30 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'active_support/core_ext/object/with_options'
|
|
2
4
|
|
|
3
|
-
Devise.with_options :
|
|
5
|
+
Devise.with_options model: true do |d|
|
|
4
6
|
# Strategies first
|
|
5
|
-
d.with_options :
|
|
7
|
+
d.with_options strategy: true do |s|
|
|
6
8
|
routes = [nil, :new, :destroy]
|
|
7
|
-
s.add_module :database_authenticatable, :
|
|
8
|
-
s.add_module :
|
|
9
|
-
s.add_module :rememberable, :no_input => true
|
|
9
|
+
s.add_module :database_authenticatable, controller: :sessions, route: { session: routes }
|
|
10
|
+
s.add_module :rememberable, no_input: true
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
# Other authentications
|
|
13
|
-
d.add_module :omniauthable, :
|
|
14
|
+
d.add_module :omniauthable, controller: :omniauth_callbacks, route: :omniauth_callback
|
|
14
15
|
|
|
15
16
|
# Misc after
|
|
16
17
|
routes = [nil, :new, :edit]
|
|
17
|
-
d.add_module :recoverable, :
|
|
18
|
-
d.add_module :registerable, :
|
|
18
|
+
d.add_module :recoverable, controller: :passwords, route: { password: routes }
|
|
19
|
+
d.add_module :registerable, controller: :registrations, route: { registration: (routes << :cancel) }
|
|
19
20
|
d.add_module :validatable
|
|
20
21
|
|
|
21
22
|
# The ones which can sign out after
|
|
22
23
|
routes = [nil, :new]
|
|
23
|
-
d.add_module :confirmable, :
|
|
24
|
-
d.add_module :lockable, :
|
|
24
|
+
d.add_module :confirmable, controller: :confirmations, route: { confirmation: routes }
|
|
25
|
+
d.add_module :lockable, controller: :unlocks, route: { unlock: routes }
|
|
25
26
|
d.add_module :timeoutable
|
|
26
27
|
|
|
27
28
|
# Stats for last, so we make sure the user is really signed in
|
|
28
29
|
d.add_module :trackable
|
|
29
|
-
end
|
|
30
|
+
end
|
|
@@ -1,17 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
module OmniAuth
|
|
3
5
|
module UrlHelpers
|
|
4
|
-
def
|
|
6
|
+
def omniauth_authorize_path(resource_or_scope, provider, *args)
|
|
7
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
8
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_path", *args)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def omniauth_authorize_url(resource_or_scope, provider, *args)
|
|
12
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
13
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_url", *args)
|
|
5
14
|
end
|
|
6
15
|
|
|
7
|
-
def
|
|
16
|
+
def omniauth_callback_path(resource_or_scope, provider, *args)
|
|
8
17
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
9
|
-
send("#{scope}
|
|
18
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_callback_path", *args)
|
|
10
19
|
end
|
|
11
20
|
|
|
12
|
-
def
|
|
21
|
+
def omniauth_callback_url(resource_or_scope, provider, *args)
|
|
13
22
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
14
|
-
send("#{scope}
|
|
23
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_callback_url", *args)
|
|
15
24
|
end
|
|
16
25
|
end
|
|
17
26
|
end
|
data/lib/devise/omniauth.rb
CHANGED
|
@@ -1,15 +1,14 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
begin
|
|
4
|
+
gem "omniauth", ">= 1.0.0"
|
|
5
|
+
|
|
2
6
|
require "omniauth"
|
|
3
|
-
require "omniauth/version"
|
|
4
7
|
rescue LoadError
|
|
5
8
|
warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
|
|
6
9
|
raise
|
|
7
10
|
end
|
|
8
11
|
|
|
9
|
-
unless OmniAuth::VERSION =~ /^1\./
|
|
10
|
-
raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
|
|
11
|
-
end
|
|
12
|
-
|
|
13
12
|
# Clean up the default path_prefix. It will be automatically set by Devise.
|
|
14
13
|
OmniAuth.config.path_prefix = nil
|
|
15
14
|
|
data/lib/devise/orm/mongoid.rb
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
ActiveSupport.on_load(:mongoid) do
|
|
4
|
+
require 'orm_adapter/adapters/mongoid'
|
|
5
|
+
|
|
6
|
+
Mongoid::Document::ClassMethods.send :include, Devise::Models
|
|
7
|
+
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
class ParameterFilter
|
|
3
5
|
def initialize(case_insensitive_keys, strip_whitespace_keys)
|
|
@@ -16,6 +18,8 @@ module Devise
|
|
|
16
18
|
|
|
17
19
|
def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys)
|
|
18
20
|
condition_keys.each do |k|
|
|
21
|
+
next unless conditions.key?(k)
|
|
22
|
+
|
|
19
23
|
value = conditions[k]
|
|
20
24
|
conditions[k] = value.send(method) if value.respond_to?(method)
|
|
21
25
|
end
|
|
@@ -1,63 +1,173 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
|
-
|
|
3
|
-
|
|
4
|
+
# The +ParameterSanitizer+ deals with permitting specific parameters values
|
|
5
|
+
# for each +Devise+ scope in the application.
|
|
6
|
+
#
|
|
7
|
+
# The sanitizer knows about Devise default parameters (like +password+ and
|
|
8
|
+
# +password_confirmation+ for the `RegistrationsController`), and you can
|
|
9
|
+
# extend or change the permitted parameters list on your controllers.
|
|
10
|
+
#
|
|
11
|
+
# === Permitting new parameters
|
|
12
|
+
#
|
|
13
|
+
# You can add new parameters to the permitted list using the +permit+ method
|
|
14
|
+
# in a +before_action+ method, for instance.
|
|
15
|
+
#
|
|
16
|
+
# class ApplicationController < ActionController::Base
|
|
17
|
+
# before_action :configure_permitted_parameters, if: :devise_controller?
|
|
18
|
+
#
|
|
19
|
+
# protected
|
|
20
|
+
#
|
|
21
|
+
# def configure_permitted_parameters
|
|
22
|
+
# # Permit the `subscribe_newsletter` parameter along with the other
|
|
23
|
+
# # sign up parameters.
|
|
24
|
+
# devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
|
|
25
|
+
# end
|
|
26
|
+
# end
|
|
27
|
+
#
|
|
28
|
+
# Using a block yields an +ActionController::Parameters+ object so you can
|
|
29
|
+
# permit nested parameters and have more control over how the parameters are
|
|
30
|
+
# permitted in your controller.
|
|
31
|
+
#
|
|
32
|
+
# def configure_permitted_parameters
|
|
33
|
+
# devise_parameter_sanitizer.permit(:sign_up) do |user|
|
|
34
|
+
# user.permit(newsletter_preferences: [])
|
|
35
|
+
# end
|
|
36
|
+
# end
|
|
37
|
+
class ParameterSanitizer
|
|
38
|
+
DEFAULT_PERMITTED_ATTRIBUTES = {
|
|
39
|
+
sign_in: [:password, :remember_me],
|
|
40
|
+
sign_up: [:password, :password_confirmation],
|
|
41
|
+
account_update: [:password, :password_confirmation, :current_password]
|
|
42
|
+
}
|
|
4
43
|
|
|
5
44
|
def initialize(resource_class, resource_name, params)
|
|
6
|
-
@
|
|
7
|
-
@resource_name = resource_name
|
|
45
|
+
@auth_keys = extract_auth_keys(resource_class)
|
|
8
46
|
@params = params
|
|
9
|
-
@
|
|
47
|
+
@resource_name = resource_name
|
|
48
|
+
@permitted = {}
|
|
49
|
+
|
|
50
|
+
DEFAULT_PERMITTED_ATTRIBUTES.each_pair do |action, keys|
|
|
51
|
+
permit(action, keys: keys)
|
|
52
|
+
end
|
|
10
53
|
end
|
|
11
54
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
55
|
+
# Sanitize the parameters for a specific +action+.
|
|
56
|
+
#
|
|
57
|
+
# === Arguments
|
|
58
|
+
#
|
|
59
|
+
# * +action+ - A +Symbol+ with the action that the controller is
|
|
60
|
+
# performing, like +sign_up+, +sign_in+, etc.
|
|
61
|
+
#
|
|
62
|
+
# === Examples
|
|
63
|
+
#
|
|
64
|
+
# # Inside the `RegistrationsController#create` action.
|
|
65
|
+
# resource = build_resource(devise_parameter_sanitizer.sanitize(:sign_up))
|
|
66
|
+
# resource.save
|
|
67
|
+
#
|
|
68
|
+
# Returns an +ActiveSupport::HashWithIndifferentAccess+ with the permitted
|
|
69
|
+
# attributes.
|
|
70
|
+
def sanitize(action)
|
|
71
|
+
permissions = @permitted[action]
|
|
72
|
+
|
|
73
|
+
if permissions.respond_to?(:call)
|
|
74
|
+
cast_to_hash permissions.call(default_params)
|
|
75
|
+
elsif permissions.present?
|
|
76
|
+
cast_to_hash permit_keys(default_params, permissions)
|
|
15
77
|
else
|
|
16
|
-
|
|
17
|
-
block ? block.call(default_params) : fallback_for(kind)
|
|
78
|
+
unknown_action!(action)
|
|
18
79
|
end
|
|
19
80
|
end
|
|
20
81
|
|
|
21
|
-
|
|
82
|
+
# Add or remove new parameters to the permitted list of an +action+.
|
|
83
|
+
#
|
|
84
|
+
# === Arguments
|
|
85
|
+
#
|
|
86
|
+
# * +action+ - A +Symbol+ with the action that the controller is
|
|
87
|
+
# performing, like +sign_up+, +sign_in+, etc.
|
|
88
|
+
# * +keys:+ - An +Array+ of keys that also should be permitted.
|
|
89
|
+
# * +except:+ - An +Array+ of keys that shouldn't be permitted.
|
|
90
|
+
# * +block+ - A block that should be used to permit the action
|
|
91
|
+
# parameters instead of the +Array+ based approach. The block will be
|
|
92
|
+
# called with an +ActionController::Parameters+ instance.
|
|
93
|
+
#
|
|
94
|
+
# === Examples
|
|
95
|
+
#
|
|
96
|
+
# # Adding new parameters to be permitted in the `sign_up` action.
|
|
97
|
+
# devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
|
|
98
|
+
#
|
|
99
|
+
# # Removing the `password` parameter from the `account_update` action.
|
|
100
|
+
# devise_parameter_sanitizer.permit(:account_update, except: [:password])
|
|
101
|
+
#
|
|
102
|
+
# # Using the block form to completely override how we permit the
|
|
103
|
+
# # parameters for the `sign_up` action.
|
|
104
|
+
# devise_parameter_sanitizer.permit(:sign_up) do |user|
|
|
105
|
+
# user.permit(:email, :password, :password_confirmation)
|
|
106
|
+
# end
|
|
107
|
+
#
|
|
108
|
+
#
|
|
109
|
+
# Returns nothing.
|
|
110
|
+
def permit(action, keys: nil, except: nil, &block)
|
|
111
|
+
if block_given?
|
|
112
|
+
@permitted[action] = block
|
|
113
|
+
end
|
|
22
114
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
115
|
+
if keys.present?
|
|
116
|
+
@permitted[action] ||= @auth_keys.dup
|
|
117
|
+
@permitted[action].concat(keys)
|
|
118
|
+
end
|
|
26
119
|
|
|
27
|
-
|
|
28
|
-
|
|
120
|
+
if except.present?
|
|
121
|
+
@permitted[action] ||= @auth_keys.dup
|
|
122
|
+
@permitted[action] = @permitted[action] - except
|
|
123
|
+
end
|
|
29
124
|
end
|
|
30
|
-
end
|
|
31
125
|
|
|
32
|
-
class ParameterSanitizer < BaseSanitizer
|
|
33
126
|
private
|
|
34
127
|
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
128
|
+
# Cast a sanitized +ActionController::Parameters+ to a +HashWithIndifferentAccess+
|
|
129
|
+
# that can be used elsewhere.
|
|
130
|
+
#
|
|
131
|
+
# Returns an +ActiveSupport::HashWithIndifferentAccess+.
|
|
132
|
+
def cast_to_hash(params)
|
|
133
|
+
# TODO: Remove the `with_indifferent_access` method call when we only support Rails 5+.
|
|
134
|
+
params && params.to_h.with_indifferent_access
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
def default_params
|
|
138
|
+
if hashable_resource_params?
|
|
139
|
+
@params.fetch(@resource_name)
|
|
38
140
|
else
|
|
39
|
-
|
|
141
|
+
empty_params
|
|
40
142
|
end
|
|
41
143
|
end
|
|
42
144
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
# here allows us to construct a new user without sensitive information if
|
|
46
|
-
# authentication fails.
|
|
47
|
-
def sign_in
|
|
48
|
-
default_params.permit(*auth_keys + [:password, :remember_me])
|
|
145
|
+
def hashable_resource_params?
|
|
146
|
+
@params[@resource_name].respond_to?(:permit)
|
|
49
147
|
end
|
|
50
148
|
|
|
51
|
-
def
|
|
52
|
-
|
|
149
|
+
def empty_params
|
|
150
|
+
ActionController::Parameters.new({})
|
|
53
151
|
end
|
|
54
152
|
|
|
55
|
-
def
|
|
56
|
-
|
|
153
|
+
def permit_keys(parameters, keys)
|
|
154
|
+
parameters.permit(*keys)
|
|
57
155
|
end
|
|
58
156
|
|
|
59
|
-
def
|
|
60
|
-
|
|
157
|
+
def extract_auth_keys(klass)
|
|
158
|
+
auth_keys = klass.authentication_keys
|
|
159
|
+
|
|
160
|
+
auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
def unknown_action!(action)
|
|
164
|
+
raise NotImplementedError, <<-MESSAGE.strip_heredoc
|
|
165
|
+
"Devise doesn't know how to sanitize parameters for '#{action}'".
|
|
166
|
+
If you want to define a new set of parameters to be sanitized use the
|
|
167
|
+
`permit` method first:
|
|
168
|
+
|
|
169
|
+
devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3])
|
|
170
|
+
MESSAGE
|
|
61
171
|
end
|
|
62
172
|
end
|
|
63
173
|
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
begin
|
|
4
|
+
require 'active_support/deprecation/constant_accessor'
|
|
5
|
+
|
|
6
|
+
module Devise
|
|
7
|
+
DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc:
|
|
8
|
+
end
|
|
9
|
+
rescue LoadError
|
|
10
|
+
|
|
11
|
+
# Copy of constant deprecation module from Rails / Active Support version 6, so we can use it
|
|
12
|
+
# with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater.
|
|
13
|
+
module Devise
|
|
14
|
+
module DeprecatedConstantAccessor #:nodoc:
|
|
15
|
+
def self.included(base)
|
|
16
|
+
require "active_support/inflector/methods"
|
|
17
|
+
|
|
18
|
+
extension = Module.new do
|
|
19
|
+
def const_missing(missing_const_name)
|
|
20
|
+
if class_variable_defined?(:@@_deprecated_constants)
|
|
21
|
+
if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s])
|
|
22
|
+
replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations)
|
|
23
|
+
return ActiveSupport::Inflector.constantize(replacement[:new].to_s)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
super
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance)
|
|
30
|
+
class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
|
|
31
|
+
class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
base.singleton_class.prepend extension
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|