devise 3.0.4 → 3.1.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/{CHANGELOG.rdoc → CHANGELOG.md} +41 -30
- data/Gemfile.lock +14 -13
- data/README.md +12 -11
- data/app/controllers/devise/confirmations_controller.rb +6 -2
- data/app/controllers/devise/registrations_controller.rb +2 -2
- data/app/controllers/devise/sessions_controller.rb +1 -1
- data/app/mailers/devise/mailer.rb +6 -3
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/shared/_links.erb +2 -2
- data/config/locales/en.yml +2 -2
- data/devise.gemspec +1 -0
- data/gemfiles/Gemfile.rails-3.2.x.lock +45 -42
- data/lib/devise.rb +20 -13
- data/lib/devise/controllers/helpers.rb +1 -0
- data/lib/devise/hooks/rememberable.rb +2 -1
- data/lib/devise/mailers/helpers.rb +0 -6
- data/lib/devise/models.rb +8 -12
- data/lib/devise/models/authenticatable.rb +8 -16
- data/lib/devise/models/confirmable.rb +27 -37
- data/lib/devise/models/lockable.rb +15 -17
- data/lib/devise/models/recoverable.rb +21 -27
- data/lib/devise/models/token_authenticatable.rb +4 -1
- data/lib/devise/parameter_sanitizer.rb +49 -19
- data/lib/devise/rails.rb +7 -11
- data/lib/devise/rails/routes.rb +12 -9
- data/lib/devise/rails/warden_compat.rb +1 -0
- data/lib/devise/strategies/authenticatable.rb +0 -12
- data/lib/devise/strategies/database_authenticatable.rb +3 -6
- data/lib/devise/token_generator.rb +70 -0
- data/lib/devise/version.rb +1 -1
- data/lib/generators/templates/devise.rb +14 -8
- data/test/controllers/passwords_controller_test.rb +3 -4
- data/test/failure_app_test.rb +1 -1
- data/test/integration/confirmable_test.rb +16 -41
- data/test/integration/lockable_test.rb +11 -14
- data/test/integration/recoverable_test.rb +23 -15
- data/test/mailers/confirmation_instructions_test.rb +6 -2
- data/test/mailers/reset_password_instructions_test.rb +6 -2
- data/test/mailers/unlock_instructions_test.rb +6 -2
- data/test/models/confirmable_test.rb +20 -30
- data/test/models/lockable_test.rb +15 -5
- data/test/models/recoverable_test.rb +20 -48
- data/test/models_test.rb +0 -19
- data/test/parameter_sanitizer_test.rb +23 -9
- data/test/rails_app/config/initializers/devise.rb +3 -0
- data/test/rails_app/lib/shared_admin.rb +3 -0
- data/test/rails_app/lib/shared_user.rb +4 -0
- data/test/support/helpers.rb +0 -21
- metadata +23 -7
- data/app/views/devise/_links.erb +0 -3
data/test/models_test.rb
CHANGED
|
@@ -141,23 +141,4 @@ class CheckFieldsTest < ActiveSupport::TestCase
|
|
|
141
141
|
Devise::Models.check_fields!(Magician)
|
|
142
142
|
end
|
|
143
143
|
end
|
|
144
|
-
|
|
145
|
-
test "doesn't raise a NoMethodError exception when the module doesn't have a required_field(klass) class method" do
|
|
146
|
-
driver = Class.new do
|
|
147
|
-
extend Devise::Models
|
|
148
|
-
|
|
149
|
-
def self.before_validation(instance)
|
|
150
|
-
end
|
|
151
|
-
|
|
152
|
-
attr_accessor :encrypted_password, :email
|
|
153
|
-
|
|
154
|
-
devise :database_authenticatable
|
|
155
|
-
end
|
|
156
|
-
|
|
157
|
-
swap_module_method_existence Devise::Models::DatabaseAuthenticatable, :required_fields do
|
|
158
|
-
assert_deprecated do
|
|
159
|
-
Devise::Models.check_fields!(driver)
|
|
160
|
-
end
|
|
161
|
-
end
|
|
162
|
-
end
|
|
163
144
|
end
|
|
@@ -2,12 +2,13 @@ require 'test_helper'
|
|
|
2
2
|
require 'devise/parameter_sanitizer'
|
|
3
3
|
|
|
4
4
|
class BaseSanitizerTest < ActiveSupport::TestCase
|
|
5
|
-
def sanitizer
|
|
6
|
-
Devise::BaseSanitizer.new(User, :user,
|
|
5
|
+
def sanitizer(params)
|
|
6
|
+
Devise::BaseSanitizer.new(User, :user, params)
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
test 'returns chosen params' do
|
|
10
|
-
|
|
10
|
+
sanitizer = sanitizer(user: { "email" => "jose" })
|
|
11
|
+
assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_in))
|
|
11
12
|
end
|
|
12
13
|
end
|
|
13
14
|
|
|
@@ -22,36 +23,49 @@ if defined?(ActionController::StrongParameters)
|
|
|
22
23
|
|
|
23
24
|
test 'filters some parameters on sign in by default' do
|
|
24
25
|
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
|
|
25
|
-
assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.
|
|
26
|
+
assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.sanitize(:sign_in))
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
test 'handles auth keys as a hash' do
|
|
29
30
|
swap Devise, :authentication_keys => {:email => true} do
|
|
30
31
|
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
|
|
31
|
-
assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.
|
|
32
|
+
assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
|
|
32
33
|
end
|
|
33
34
|
end
|
|
34
35
|
|
|
35
36
|
test 'filters some parameters on sign up by default' do
|
|
36
37
|
sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
|
|
37
|
-
assert_equal({ "email" => "jose" }, sanitizer.
|
|
38
|
+
assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_up))
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
test 'filters some parameters on account update by default' do
|
|
41
42
|
sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
|
|
42
|
-
assert_equal({ "email" => "jose" }, sanitizer.
|
|
43
|
+
assert_equal({ "email" => "jose" }, sanitizer.sanitize(:account_update))
|
|
43
44
|
end
|
|
44
45
|
|
|
45
46
|
test 'allows custom hooks' do
|
|
46
47
|
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
|
|
47
48
|
sanitizer.for(:sign_in) { |user| user.permit(:email, :password) }
|
|
48
|
-
assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.
|
|
49
|
+
assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
test 'adding multiple permitted parameters' do
|
|
53
|
+
sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1", "role" => "valid" })
|
|
54
|
+
sanitizer.for(:sign_in).concat([:username, :role])
|
|
55
|
+
assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitizer.sanitize(:sign_in))
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
test 'removing multiple default parameters' do
|
|
59
|
+
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
|
|
60
|
+
sanitizer.for(:sign_in).delete(:email)
|
|
61
|
+
sanitizer.for(:sign_in).delete(:password)
|
|
62
|
+
assert_equal({ "remember_me" => "1" }, sanitizer.sanitize(:sign_in))
|
|
49
63
|
end
|
|
50
64
|
|
|
51
65
|
test 'raises on unknown hooks' do
|
|
52
66
|
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
|
|
53
67
|
assert_raise NotImplementedError do
|
|
54
|
-
sanitizer.
|
|
68
|
+
sanitizer.sanitize(:unknown)
|
|
55
69
|
end
|
|
56
70
|
end
|
|
57
71
|
end
|
|
@@ -4,6 +4,9 @@ require "omniauth-openid"
|
|
|
4
4
|
# Use this hook to configure devise mailer, warden hooks and so forth. The first
|
|
5
5
|
# four configuration values can also be set straight in your models.
|
|
6
6
|
Devise.setup do |config|
|
|
7
|
+
config.secret_key = "d9eb5171c59a4c817f68b0de27b8c1e340c2341b52cdbc60d3083d4e8958532" \
|
|
8
|
+
"18dcc5f589cafde048faec956b61f864b9b5513ff9ce29bf9e5d58b0f234f8e3b"
|
|
9
|
+
|
|
7
10
|
# ==> Mailer Configuration
|
|
8
11
|
# Configure the e-mail address which will be shown in Devise::Mailer,
|
|
9
12
|
# note that it will be overwritten if you use your own mailer class with default "from" parameter.
|
data/test/support/helpers.rb
CHANGED
|
@@ -67,25 +67,4 @@ class ActiveSupport::TestCase
|
|
|
67
67
|
end
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
|
-
|
|
71
|
-
def swap_module_method_existence(klass, method)
|
|
72
|
-
klass.module_eval %Q[
|
|
73
|
-
class << self
|
|
74
|
-
alias #{method}_referenced #{method}
|
|
75
|
-
undef #{method}
|
|
76
|
-
end
|
|
77
|
-
]
|
|
78
|
-
|
|
79
|
-
begin
|
|
80
|
-
yield if block_given?
|
|
81
|
-
ensure
|
|
82
|
-
|
|
83
|
-
klass.module_eval %Q[
|
|
84
|
-
class << self
|
|
85
|
-
alias #{method} #{method}_referenced
|
|
86
|
-
undef #{method}_referenced
|
|
87
|
-
end
|
|
88
|
-
]
|
|
89
|
-
end
|
|
90
|
-
end
|
|
91
70
|
end
|
metadata
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
5
|
-
prerelease:
|
|
4
|
+
version: 3.1.0.rc2
|
|
5
|
+
prerelease: 6
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- José Valim
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2013-
|
|
13
|
+
date: 2013-08-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: warden
|
|
@@ -60,6 +60,22 @@ dependencies:
|
|
|
60
60
|
- - ~>
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
62
|
version: '3.0'
|
|
63
|
+
- !ruby/object:Gem::Dependency
|
|
64
|
+
name: thread_safe
|
|
65
|
+
requirement: !ruby/object:Gem::Requirement
|
|
66
|
+
none: false
|
|
67
|
+
requirements:
|
|
68
|
+
- - ~>
|
|
69
|
+
- !ruby/object:Gem::Version
|
|
70
|
+
version: '0.1'
|
|
71
|
+
type: :runtime
|
|
72
|
+
prerelease: false
|
|
73
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
74
|
+
none: false
|
|
75
|
+
requirements:
|
|
76
|
+
- - ~>
|
|
77
|
+
- !ruby/object:Gem::Version
|
|
78
|
+
version: '0.1'
|
|
63
79
|
- !ruby/object:Gem::Dependency
|
|
64
80
|
name: railties
|
|
65
81
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -91,7 +107,7 @@ files:
|
|
|
91
107
|
- .gitignore
|
|
92
108
|
- .travis.yml
|
|
93
109
|
- .yardopts
|
|
94
|
-
- CHANGELOG.
|
|
110
|
+
- CHANGELOG.md
|
|
95
111
|
- CONTRIBUTING.md
|
|
96
112
|
- Gemfile
|
|
97
113
|
- Gemfile.lock
|
|
@@ -107,7 +123,6 @@ files:
|
|
|
107
123
|
- app/controllers/devise_controller.rb
|
|
108
124
|
- app/helpers/devise_helper.rb
|
|
109
125
|
- app/mailers/devise/mailer.rb
|
|
110
|
-
- app/views/devise/_links.erb
|
|
111
126
|
- app/views/devise/confirmations/new.html.erb
|
|
112
127
|
- app/views/devise/mailer/confirmation_instructions.html.erb
|
|
113
128
|
- app/views/devise/mailer/reset_password_instructions.html.erb
|
|
@@ -171,6 +186,7 @@ files:
|
|
|
171
186
|
- lib/devise/strategies/token_authenticatable.rb
|
|
172
187
|
- lib/devise/test_helpers.rb
|
|
173
188
|
- lib/devise/time_inflector.rb
|
|
189
|
+
- lib/devise/token_generator.rb
|
|
174
190
|
- lib/devise/version.rb
|
|
175
191
|
- lib/generators/active_record/devise_generator.rb
|
|
176
192
|
- lib/generators/active_record/templates/migration.rb
|
|
@@ -321,9 +337,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
321
337
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
322
338
|
none: false
|
|
323
339
|
requirements:
|
|
324
|
-
- - ! '
|
|
340
|
+
- - ! '>'
|
|
325
341
|
- !ruby/object:Gem::Version
|
|
326
|
-
version:
|
|
342
|
+
version: 1.3.1
|
|
327
343
|
requirements: []
|
|
328
344
|
rubyforge_project: devise
|
|
329
345
|
rubygems_version: 1.8.23
|
data/app/views/devise/_links.erb
DELETED