devise 3.2.0 → 3.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7a79724cdbd2d14aed052324284f0c46ccc73105
+  data.tar.gz: fb827a2e7cf992d9172084057d3299a67223fc90
+SHA512:
+  metadata.gz: 4a0e69c16b5ec178882c8fea6a5a722342d59b5af1277c2fad6117f90a16f9eaafa7a36c7b20e3ec3154755071fb08a1788ec727b7de7bb460665a6dbde48e65
+  data.tar.gz: b2f16d7a9954c35675098a37659485266f221f84c861906155290ccb8d514f0056ecf312f86b57e85a670b03c152884bafef019f25f2fdd47c8ce2a1fce2a5cf

data/.travis.yml

@@ -1,14 +1,29 @@
 language: ruby
 script: "bundle exec rake test"
+install: script/cached-bundle install --deployment --path vendor/bundle
 rvm:
   - 1.9.3
   - 2.0.0
+  - 2.1.2
 env:
-  - DEVISE_ORM=mongoid
-  - DEVISE_ORM=active_record
+  matrix:
+    - DEVISE_ORM=mongoid
+    - DEVISE_ORM=active_record
+  global:
+    # AMAZON_S3_BUCKET
+    - secure: "qkeYGn2mpgsgU5tKS9GWvFp/utUF/9O8++Shch24DMnq8OB01TrV5QQ2Elj7sSjMWqw2Pbe56nUCA9eOWXhPglGyIq2AI9E0umsEGZxdRlqqobpiMWs5wl8KZ0cFD1rZm6CwfL8atmcNfTt5TnvsaQ2l/k3TerOT2e66R/Mibk8="
+    # AMAZON_ACCESS_KEY_ID
+    - secure: "rTYGUFH9SPN0L7QtdE6Liyy/1z7nGKxqDF9LMRsmNsIfsqxoTPKZ8bCctQ4ksuk9svynGQsLfsda5pA+YvuALzjdWmGcID6ENgOGvoFnhZO5LuJ5f6t0k8gFpV9oBquQgDWzhzrcPYvCUrUYg3GSlHjFSXdPdht3SoYn7PiDaNs="
+    # AMAZON_SECRET_ACCESS_KEY
+    - secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI="
 gemfile:
-  - gemfiles/Gemfile.rails-3.2.x
+  - gemfiles/Gemfile.rails-head
+  - gemfiles/Gemfile.rails-4.0-stable
+  - gemfiles/Gemfile.rails-3.2-stable
   - Gemfile
+matrix:
+  allow_failures:
+    - gemfile: gemfiles/Gemfile.rails-head
 services:
   - mongodb
 notifications:

data/CHANGELOG.md

@@ -1,10 +1,73 @@
+### Unreleased
+
+* enhancements
+* bug fixes
+
+### 3.3.0
+
+* enhancements
+  * Support multiple warden configuration blocks on devise configuration. (by @rossta)
+  * Previously, when a user signed out, all remember me tokens for all sessions/browsers would be
+    invalidated, and this behavior could not be changed. This behavior is now configurable via
+    `expire_all_remember_me_on_sign_out`. The default continues to be true. (by @laurocaetano)
+  * Default email messages was updated with grammar fixes, check the diff on
+    #2906 for the updated copy (by @p-originate)
+  * Allow a resource to be found based on its encrypted password token (by @karlentwistle)
+  * Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz)
+  * The default views now use `Log in` instead of `Sign in` and have a hint about the minimum password length if
+    the current scope is using the `validatable` module (by @alexsoble)
+
+* bug fix
+  * Check if there is a signed in user before executing the `SessionsController#destroy`.
+  * `SessionsController#destroy` no longer yields the `resource` to receiving block,
+    since the resource isn't loaded in the action. If you need access to the current
+    resource when overring the action use the scope helper (like `current_user`) before
+    calling `super`
+  * Serialize the `last_request_at` entry as an Integer
+  * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson)
+  * Only valid paths will be stored for redirections (by @parallel588)
+
+### 3.2.4
+
+* enhancements
+  * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
+  * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline)
+
+### 3.2.3
+
+* enhancements
+  * Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`.
+    You can change this and use your own secret by changing the `devise.rb` initializer.
+
+* bug fix
+  * Migrations will be properly generated when using rails 4.1.0.
+
+### 3.2.2
+
+* bug fix
+  * Ensure timeoutable works when `sign_out_all_scopes` is false (by @louman)
+  * Keep the query string when storing location (by @csexton)
+  * Require rails generator base class in devise generators
+
+### 3.2.1
+
+Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode
+
+* enhancements
+  * Add `store_location_for` helper and ensure it is safe (by @matthewrudy and @homakov)
+  * Add `yield` around resource methods in Devise controllers (by @edelpero)
+
+* bug fix
+  * Bring `password_digest` back to fix compatibility with `devise-encryptable`
+  * Avoid e-mail enumeration on sign in when in paranoid mode
+
 ### 3.2.0
 
 * enhancements
   * Previously deprecated token authenticatable and insecure lookups have been removed
   * Add a class method so you can encrypt passwords from fixtures (by @tenderlove)
   * Send custom message when user enters invalid password and it has only one attempt
-  to enter correct password before his account will be locked (by @Lightpower)
+  to enter correct password before their account will be locked (by @Lightpower)
   * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery)
   * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev)
 
@@ -72,9 +135,6 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
 * bug fix
   * Errors on unlock are now properly reflected on the first `unlock_keys`
 
-* backwards incompatible changes
-  * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606
-
 ### 2.2.4
 
 * enhancements
@@ -91,6 +151,9 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
   * Fix inheriting mailer templates from `Devise::Mailer`
   * Fix a bug when procs are used as default mailer in Devise (by @tomasv)
 
+* backwards incompatible changes
+  * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606
+
 ### 2.2.3
 
 Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
@@ -140,6 +203,16 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
   * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby)
   * Properly handle namespaced models on Active Record generator (by @nashby)
 
+### 2.1.4
+
+* bugfix
+  * Do not confirm account after reset password
+
+### 2.1.3
+
+* bugfix
+  * Require string conversion for all values
+
 ### 2.1.2
 
 * enhancements
@@ -371,7 +444,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
 ### 1.4.0
 
 * enhancements
-  * Added authenticated and unauthenticated to the router to route the used based on his status (by @sj26)
+  * Added authenticated and unauthenticated to the router to route the used based on their status (by @sj26)
   * Improve e-mail regexp (by @rodrigoflores)
   * Add strip_whitespace_keys and default to e-mail (by @swrobel)
   * Do not run format and uniqueness validations on e-mail if it hasn't changed (by @Thibaut)
@@ -380,7 +453,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
 
 * bug fix
   * password_required? should not affect length validation
-  * User cannot access sign up and similar pages if he is already signed in through a cookie or token
+  * User cannot access sign up and similar pages if they are already signed in through a cookie or token
   * Do not convert booleans to strings on finders (by @xavier)
   * Run validations even if current_password fails (by @crx)
   * Devise now honors routes constraints (by @macmartine)
@@ -488,10 +561,10 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
   * Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by @rymai)
   * Extracted encryptors into :encryptable for better bcrypt support
   * :rememberable is now able to use salt as token if no remember_token is provided
-  * Store the salt in session and expire the session if the user changes his password
+  * Store the salt in session and expire the session if the user changes their password
   * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
   * cookie_options uses session_options values by default
-  * Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message
+  * Sign up now checks if the user is active or not and redirect them accordingly, setting the inactive_signed_up message
   * Use ActiveModel#to_key instead of #id
   * sign_out_all_scopes now destroys the whole session
   * Added case_insensitive_keys that automatically downcases the given keys, by default downcases only e-mail (by @adahl)
@@ -934,7 +1007,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
 
 * deprecations
   * Renamed confirm_in to confirm_within
-  * Do not send confirmation messages when user changes his e-mail
+  * Do not send confirmation messages when user changes their e-mail
   * Renamed authenticable to authenticatable and added deprecation warnings
 
 ### 0.2.3

data/CONTRIBUTING.md

@@ -1,8 +1,8 @@
 ### Please read before contributing
 
-1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). 
+1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise).
 
-2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [developers@plataformatec.com.br](mailto:developers@plataformatec.com.br) instead.
+2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) instead.
 
 3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed.
 

data/Gemfile

@@ -2,16 +2,16 @@ source "https://rubygems.org"
 
 gemspec
 
-gem "rails", "~> 4.0.0"
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "rails", "~> 4.1.0"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
 
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end
 
 platforms :jruby do
@@ -24,8 +24,6 @@ platforms :ruby do
   gem "sqlite3"
 end
 
-platforms :mri_19, :mri_20 do
-  group :mongoid do
-    gem "mongoid", github: "mongoid/mongoid", branch: "master"
-  end
+group :mongoid do
+  gem "mongoid", "~> 4.0.0"
 end

data/Gemfile.lock

@@ -1,19 +1,8 @@
-GIT
-  remote: git://github.com/mongoid/mongoid.git
-  revision: 346a79a7d01aa194de80e649916239a18d38ce13
-  branch: master
-  specs:
-    mongoid (4.0.0)
-      activemodel (~> 4.0.0)
-      moped (~> 1.5)
-      origin (~> 1.0)
-      tzinfo (~> 0.3.22)
-
 PATH
   remote: .
   specs:
-    devise (3.2.0)
-      bcrypt-ruby (~> 3.0)
+    devise (3.3.0)
+      bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
       thread_safe (~> 0.1)
@@ -22,117 +11,134 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.0.0)
-      actionpack (= 4.0.0)
-      mail (~> 2.5.3)
-    actionpack (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
+    actionmailer (4.1.4)
+      actionpack (= 4.1.4)
+      actionview (= 4.1.4)
+      mail (~> 2.5.4)
+    actionpack (4.1.4)
+      actionview (= 4.1.4)
+      activesupport (= 4.1.4)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    activemodel (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-    activerecord (4.0.0)
-      activemodel (= 4.0.0)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.0)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.0)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
+    actionview (4.1.4)
+      activesupport (= 4.1.4)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.4)
+      activesupport (= 4.1.4)
+      builder (~> 3.1)
+    activerecord (4.1.4)
+      activemodel (= 4.1.4)
+      activesupport (= 4.1.4)
+      arel (~> 5.0.0)
+    activesupport (4.1.4)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
       thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    arel (4.0.0)
-    atomic (1.1.12)
-    bcrypt-ruby (3.1.2)
-    builder (3.1.4)
+      tzinfo (~> 1.1)
+    arel (5.0.1.20140414130214)
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.2.2)
+    connection_pool (2.0.0)
     erubis (2.7.0)
-    faraday (0.8.8)
-      multipart-post (~> 1.2.0)
-    hashie (1.2.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
     hike (1.2.3)
-    httpauth (0.2.0)
-    i18n (0.6.5)
-    json (1.8.0)
-    jwt (0.1.8)
-      multi_json (>= 1.5)
+    i18n (0.6.11)
+    json (1.8.1)
+    jwt (1.0.0)
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    metaclass (0.0.1)
-    mime-types (1.23)
-    minitest (4.7.5)
-    mocha (0.13.3)
+    metaclass (0.0.4)
+    mime-types (1.25.1)
+    mini_portile (0.6.0)
+    minitest (5.4.0)
+    mocha (1.1.0)
       metaclass (~> 0.0.1)
-    moped (1.5.1)
-    multi_json (1.7.9)
-    multipart-post (1.2.0)
-    nokogiri (1.5.9)
-    oauth2 (0.8.1)
-      faraday (~> 0.8)
-      httpauth (~> 0.1)
-      jwt (~> 0.1.4)
-      multi_json (~> 1.0)
+    mongoid (4.0.0)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
       rack (~> 1.2)
-    omniauth (1.0.3)
-      hashie (~> 1.2)
-      rack
-    omniauth-facebook (1.4.0)
-      omniauth-oauth2 (~> 1.0.2)
-    omniauth-oauth2 (1.0.3)
-      oauth2 (~> 0.8.0)
-      omniauth (~> 1.0)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
-    origin (1.1.0)
-    orm_adapter (0.4.0)
-    polyglot (0.3.3)
+    optionable (0.2.0)
+    origin (2.1.1)
+    orm_adapter (0.5.0)
+    polyglot (0.3.5)
     rack (1.5.2)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (4.0.0)
-      actionmailer (= 4.0.0)
-      actionpack (= 4.0.0)
-      activerecord (= 4.0.0)
-      activesupport (= 4.0.0)
+    rails (4.1.4)
+      actionmailer (= 4.1.4)
+      actionpack (= 4.1.4)
+      actionview (= 4.1.4)
+      activemodel (= 4.1.4)
+      activerecord (= 4.1.4)
+      activesupport (= 4.1.4)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.0)
-      sprockets-rails (~> 2.0.0)
-    railties (4.0.0)
-      actionpack (= 4.0.0)
-      activesupport (= 4.0.0)
+      railties (= 4.1.4)
+      sprockets-rails (~> 2.0)
+    railties (4.1.4)
+      actionpack (= 4.1.4)
+      activesupport (= 4.1.4)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.1.0)
-    rdoc (4.0.1)
+    rake (10.3.2)
+    rdoc (4.1.1)
       json (~> 1.4)
-    ruby-openid (2.2.3)
-    sprockets (2.10.0)
+    ruby-openid (2.5.0)
+    sprockets (2.12.1)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.0)
+    sprockets-rails (2.1.3)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (~> 2.8)
-    sqlite3 (1.3.7)
-    thor (0.18.1)
-    thread_safe (0.1.2)
-      atomic
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
     tilt (1.4.1)
-    treetop (1.4.14)
+    treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.37)
+    tzinfo (1.2.1)
+      thread_safe (~> 0.1)
     warden (1.2.3)
       rack (>= 1.0)
     webrat (0.7.3)
@@ -148,13 +154,13 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
-  mocha (~> 0.13.1)
-  mongoid!
-  omniauth (~> 1.0.0)
+  mocha (~> 1.1)
+  mongoid (~> 4.0.0)
+  omniauth (~> 1.2.0)
   omniauth-facebook
-  omniauth-oauth2 (~> 1.0.0)
+  omniauth-oauth2 (~> 1.1.0)
   omniauth-openid (~> 1.0.1)
-  rails (~> 4.0.0)
+  rails (~> 4.1.0)
   rdoc
   sqlite3
   webrat (= 0.7.3)

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2009-2013 Plataformatec. http://plataformatec.com.br
+Copyright 2009-2014 Plataformatec. http://plataformatec.com.br
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the