devise 3.2.1 → 4.4.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.travis.yml +58 -10
- data/CHANGELOG.md +199 -979
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +73 -8
- data/Gemfile +19 -11
- data/Gemfile.lock +152 -119
- data/ISSUE_TEMPLATE.md +19 -0
- data/MIT-LICENSE +1 -1
- data/README.md +347 -93
- data/Rakefile +4 -2
- data/app/controllers/devise/confirmations_controller.rb +11 -5
- data/app/controllers/devise/omniauth_callbacks_controller.rb +12 -6
- data/app/controllers/devise/passwords_controller.rb +20 -8
- data/app/controllers/devise/registrations_controller.rb +34 -19
- data/app/controllers/devise/sessions_controller.rb +47 -17
- data/app/controllers/devise/unlocks_controller.rb +9 -4
- data/app/controllers/devise_controller.rb +67 -31
- data/app/helpers/devise_helper.rb +4 -2
- data/app/mailers/devise/mailer.rb +10 -0
- data/app/views/devise/confirmations/new.html.erb +8 -4
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/mailer/unlock_instructions.html.erb +1 -1
- data/app/views/devise/passwords/edit.html.erb +15 -6
- data/app/views/devise/passwords/new.html.erb +8 -4
- data/app/views/devise/registrations/edit.html.erb +28 -14
- data/app/views/devise/registrations/new.html.erb +19 -8
- data/app/views/devise/sessions/new.html.erb +17 -8
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +2 -2
- data/app/views/devise/unlocks/new.html.erb +8 -4
- data/bin/test +13 -0
- data/config/locales/en.yml +22 -17
- data/devise.gemspec +7 -6
- data/gemfiles/Gemfile.rails-4.1-stable +32 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
- data/gemfiles/Gemfile.rails-4.2-stable +32 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.0-stable +33 -0
- data/gemfiles/Gemfile.rails-5.0-stable.lock +192 -0
- data/gemfiles/Gemfile.rails-5.2-rc1 +26 -0
- data/gemfiles/Gemfile.rails-5.2-rc1.lock +201 -0
- data/guides/bug_report_templates/integration_test.rb +106 -0
- data/lib/devise.rb +107 -84
- data/lib/devise/controllers/helpers.rb +111 -31
- data/lib/devise/controllers/rememberable.rb +15 -6
- data/lib/devise/controllers/scoped_views.rb +3 -1
- data/lib/devise/controllers/sign_in_out.rb +39 -26
- data/lib/devise/controllers/store_location.rb +31 -2
- data/lib/devise/controllers/url_helpers.rb +9 -7
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +24 -0
- data/lib/devise/failure_app.rb +98 -39
- data/lib/devise/hooks/activatable.rb +7 -6
- data/lib/devise/hooks/csrf_cleaner.rb +5 -1
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +7 -2
- data/lib/devise/hooks/proxy.rb +4 -2
- data/lib/devise/hooks/rememberable.rb +4 -2
- data/lib/devise/hooks/timeoutable.rb +16 -9
- data/lib/devise/hooks/trackable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +15 -12
- data/lib/devise/mapping.rb +8 -2
- data/lib/devise/models.rb +3 -1
- data/lib/devise/models/authenticatable.rb +63 -36
- data/lib/devise/models/confirmable.rb +121 -41
- data/lib/devise/models/database_authenticatable.rb +66 -23
- data/lib/devise/models/lockable.rb +30 -17
- data/lib/devise/models/omniauthable.rb +3 -1
- data/lib/devise/models/recoverable.rb +62 -26
- data/lib/devise/models/registerable.rb +2 -0
- data/lib/devise/models/rememberable.rb +62 -33
- data/lib/devise/models/timeoutable.rb +4 -8
- data/lib/devise/models/trackable.rb +12 -3
- data/lib/devise/models/validatable.rb +16 -9
- data/lib/devise/modules.rb +12 -10
- data/lib/devise/omniauth.rb +2 -0
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +2 -0
- data/lib/devise/parameter_sanitizer.rb +131 -69
- data/lib/devise/rails.rb +10 -13
- data/lib/devise/rails/routes.rb +147 -116
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/secret_key_finder.rb +25 -0
- data/lib/devise/strategies/authenticatable.rb +20 -9
- data/lib/devise/strategies/base.rb +3 -1
- data/lib/devise/strategies/database_authenticatable.rb +8 -5
- data/lib/devise/strategies/rememberable.rb +15 -3
- data/lib/devise/test/controller_helpers.rb +165 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +4 -2
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/generators/active_record/devise_generator.rb +47 -10
- data/lib/generators/active_record/templates/migration.rb +9 -7
- data/lib/generators/active_record/templates/migration_existing.rb +9 -7
- data/lib/generators/devise/controllers_generator.rb +46 -0
- data/lib/generators/devise/devise_generator.rb +9 -5
- data/lib/generators/devise/install_generator.rb +22 -0
- data/lib/generators/devise/orm_helpers.rb +8 -19
- data/lib/generators/devise/views_generator.rb +51 -28
- data/lib/generators/mongoid/devise_generator.rb +22 -19
- data/lib/generators/templates/README +5 -12
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +34 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +62 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +27 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
- data/lib/generators/templates/devise.rb +64 -35
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +2 -2
- data/test/controllers/custom_registrations_controller_test.rb +42 -0
- data/test/controllers/custom_strategy_test.rb +10 -6
- data/test/controllers/helper_methods_test.rb +24 -0
- data/test/controllers/helpers_test.rb +88 -40
- data/test/controllers/inherited_controller_i18n_messages_test.rb +53 -0
- data/test/controllers/internal_helpers_test.rb +31 -22
- data/test/controllers/load_hooks_controller_test.rb +21 -0
- data/test/controllers/passwords_controller_test.rb +8 -5
- data/test/controllers/sessions_controller_test.rb +42 -33
- data/test/controllers/url_helpers_test.rb +13 -5
- data/test/delegator_test.rb +3 -1
- data/test/devise_test.rb +34 -19
- data/test/failure_app_test.rb +150 -42
- data/test/generators/active_record_generator_test.rb +58 -31
- data/test/generators/controllers_generator_test.rb +50 -0
- data/test/generators/devise_generator_test.rb +4 -2
- data/test/generators/install_generator_test.rb +16 -3
- data/test/generators/mongoid_generator_test.rb +5 -3
- data/test/generators/views_generator_test.rb +40 -2
- data/test/helpers/devise_helper_test.rb +20 -20
- data/test/integration/authenticatable_test.rb +134 -141
- data/test/integration/confirmable_test.rb +109 -67
- data/test/integration/database_authenticatable_test.rb +36 -23
- data/test/integration/http_authenticatable_test.rb +29 -20
- data/test/integration/lockable_test.rb +52 -49
- data/test/integration/mounted_engine_test.rb +38 -0
- data/test/integration/omniauthable_test.rb +30 -15
- data/test/integration/recoverable_test.rb +76 -61
- data/test/integration/registerable_test.rb +107 -91
- data/test/integration/rememberable_test.rb +82 -30
- data/test/integration/timeoutable_test.rb +48 -40
- data/test/integration/trackable_test.rb +15 -8
- data/test/mailers/confirmation_instructions_test.rb +16 -14
- data/test/mailers/email_changed_test.rb +132 -0
- data/test/mailers/mailer_test.rb +20 -0
- data/test/mailers/reset_password_instructions_test.rb +13 -11
- data/test/mailers/unlock_instructions_test.rb +12 -10
- data/test/mapping_test.rb +15 -6
- data/test/models/authenticatable_test.rb +15 -3
- data/test/models/confirmable_test.rb +190 -95
- data/test/models/database_authenticatable_test.rb +75 -41
- data/test/models/lockable_test.rb +115 -61
- data/test/models/omniauthable_test.rb +3 -1
- data/test/models/recoverable_test.rb +116 -37
- data/test/models/registerable_test.rb +3 -1
- data/test/models/rememberable_test.rb +95 -94
- data/test/models/serializable_test.rb +19 -8
- data/test/models/timeoutable_test.rb +10 -8
- data/test/models/trackable_test.rb +50 -1
- data/test/models/validatable_test.rb +24 -30
- data/test/models_test.rb +19 -8
- data/test/omniauth/config_test.rb +15 -11
- data/test/omniauth/url_helpers_test.rb +8 -9
- data/test/orm/active_record.rb +16 -2
- data/test/orm/mongoid.rb +4 -2
- data/test/parameter_sanitizer_test.rb +53 -57
- data/test/rails_app/app/active_record/admin.rb +2 -0
- data/test/rails_app/app/active_record/shim.rb +3 -1
- data/test/rails_app/app/active_record/user.rb +14 -0
- data/test/rails_app/app/active_record/user_on_engine.rb +9 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +9 -0
- data/test/rails_app/app/active_record/user_with_validations.rb +12 -0
- data/test/rails_app/app/active_record/user_without_email.rb +10 -0
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/admins_controller.rb +3 -6
- data/test/rails_app/app/controllers/application_controller.rb +7 -3
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +32 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +33 -0
- data/test/rails_app/app/controllers/home_controller.rb +7 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +3 -1
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +3 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +7 -5
- data/test/rails_app/app/controllers/users_controller.rb +8 -6
- data/test/rails_app/app/helpers/application_helper.rb +2 -0
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +5 -0
- data/test/rails_app/app/mailers/users/mailer.rb +3 -10
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +6 -0
- data/test/rails_app/app/mongoid/admin.rb +13 -11
- data/test/rails_app/app/mongoid/shim.rb +4 -2
- data/test/rails_app/app/mongoid/user.rb +30 -19
- data/test/rails_app/app/mongoid/user_on_engine.rb +41 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +41 -0
- data/test/rails_app/app/mongoid/user_with_validations.rb +37 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +35 -0
- data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/home/index.html.erb +1 -1
- data/test/rails_app/app/views/home/join.html.erb +1 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
- data/test/rails_app/app/views/layouts/application.html.erb +1 -1
- data/test/rails_app/config/application.rb +13 -5
- data/test/rails_app/config/boot.rb +17 -4
- data/test/rails_app/config/environment.rb +2 -0
- data/test/rails_app/config/environments/development.rb +2 -0
- data/test/rails_app/config/environments/production.rb +10 -2
- data/test/rails_app/config/environments/test.rb +14 -3
- data/test/rails_app/config/initializers/backtrace_silencers.rb +2 -0
- data/test/rails_app/config/initializers/devise.rb +22 -21
- data/test/rails_app/config/initializers/inflections.rb +2 -0
- data/test/rails_app/config/initializers/secret_token.rb +3 -6
- data/test/rails_app/config/initializers/session_store.rb +2 -0
- data/test/rails_app/config/routes.rb +67 -43
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +16 -10
- data/test/rails_app/db/schema.rb +2 -0
- data/test/rails_app/lib/shared_admin.rb +10 -4
- data/test/rails_app/lib/shared_user.rb +4 -1
- data/test/rails_app/lib/shared_user_without_email.rb +28 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +15 -0
- data/test/rails_test.rb +11 -0
- data/test/routes_test.rb +92 -61
- data/test/secret_key_finder_test.rb +97 -0
- data/test/support/action_controller/record_identifier.rb +12 -0
- data/test/support/assertions.rb +4 -14
- data/test/support/helpers.rb +23 -10
- data/test/support/http_method_compatibility.rb +53 -0
- data/test/support/integration.rb +19 -16
- data/test/support/mongoid.yml +6 -0
- data/test/support/webrat/integrations/rails.rb +11 -0
- data/test/{test_helpers_test.rb → test/controller_helpers_test.rb} +60 -40
- data/test/test/integration_helpers_test.rb +34 -0
- data/test/test_helper.rb +9 -0
- data/test/test_models.rb +8 -6
- metadata +123 -53
- data/gemfiles/Gemfile.rails-3.2.x +0 -31
- data/gemfiles/Gemfile.rails-3.2.x.lock +0 -159
@@ -1,3 +1,6 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'rails/generators/named_base'
|
1
4
|
require 'generators/devise/orm_helpers'
|
2
5
|
|
3
6
|
module Mongoid
|
@@ -10,43 +13,43 @@ module Mongoid
|
|
10
13
|
end
|
11
14
|
|
12
15
|
def inject_field_types
|
13
|
-
inject_into_file model_path, migration_data, :
|
16
|
+
inject_into_file model_path, migration_data, after: "include Mongoid::Document\n" if model_exists?
|
14
17
|
end
|
15
18
|
|
16
19
|
def inject_devise_content
|
17
|
-
inject_into_file model_path, model_contents, :
|
20
|
+
inject_into_file model_path, model_contents, after: "include Mongoid::Document\n" if model_exists?
|
18
21
|
end
|
19
22
|
|
20
23
|
def migration_data
|
21
24
|
<<RUBY
|
22
25
|
## Database authenticatable
|
23
|
-
field :email, :
|
24
|
-
field :encrypted_password, :
|
26
|
+
field :email, type: String, default: ""
|
27
|
+
field :encrypted_password, type: String, default: ""
|
25
28
|
|
26
29
|
## Recoverable
|
27
|
-
field :reset_password_token, :
|
28
|
-
field :reset_password_sent_at, :
|
30
|
+
field :reset_password_token, type: String
|
31
|
+
field :reset_password_sent_at, type: Time
|
29
32
|
|
30
33
|
## Rememberable
|
31
|
-
field :remember_created_at, :
|
34
|
+
field :remember_created_at, type: Time
|
32
35
|
|
33
36
|
## Trackable
|
34
|
-
field :sign_in_count, :
|
35
|
-
field :current_sign_in_at, :
|
36
|
-
field :last_sign_in_at, :
|
37
|
-
field :current_sign_in_ip, :
|
38
|
-
field :last_sign_in_ip, :
|
37
|
+
field :sign_in_count, type: Integer, default: 0
|
38
|
+
field :current_sign_in_at, type: Time
|
39
|
+
field :last_sign_in_at, type: Time
|
40
|
+
field :current_sign_in_ip, type: String
|
41
|
+
field :last_sign_in_ip, type: String
|
39
42
|
|
40
43
|
## Confirmable
|
41
|
-
# field :confirmation_token, :
|
42
|
-
# field :confirmed_at, :
|
43
|
-
# field :confirmation_sent_at, :
|
44
|
-
# field :unconfirmed_email, :
|
44
|
+
# field :confirmation_token, type: String
|
45
|
+
# field :confirmed_at, type: Time
|
46
|
+
# field :confirmation_sent_at, type: Time
|
47
|
+
# field :unconfirmed_email, type: String # Only if using reconfirmable
|
45
48
|
|
46
49
|
## Lockable
|
47
|
-
# field :failed_attempts, :
|
48
|
-
# field :unlock_token, :
|
49
|
-
# field :locked_at, :
|
50
|
+
# field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
|
51
|
+
# field :unlock_token, type: String # Only if unlock strategy is :email or :both
|
52
|
+
# field :locked_at, type: Time
|
50
53
|
RUBY
|
51
54
|
end
|
52
55
|
end
|
@@ -2,18 +2,18 @@
|
|
2
2
|
|
3
3
|
Some setup you must do manually if you haven't yet:
|
4
4
|
|
5
|
-
1. Ensure you have defined default url options in your environments files. Here
|
6
|
-
is an example of default_url_options appropriate for a development environment
|
5
|
+
1. Ensure you have defined default url options in your environments files. Here
|
6
|
+
is an example of default_url_options appropriate for a development environment
|
7
7
|
in config/environments/development.rb:
|
8
8
|
|
9
|
-
config.action_mailer.default_url_options = { :
|
9
|
+
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
|
10
10
|
|
11
11
|
In production, :host should be set to the actual host of your application.
|
12
12
|
|
13
13
|
2. Ensure you have defined root_url to *something* in your config/routes.rb.
|
14
14
|
For example:
|
15
15
|
|
16
|
-
root :
|
16
|
+
root to: "home#index"
|
17
17
|
|
18
18
|
3. Ensure you have flash messages in app/views/layouts/application.html.erb.
|
19
19
|
For example:
|
@@ -21,14 +21,7 @@ Some setup you must do manually if you haven't yet:
|
|
21
21
|
<p class="notice"><%= notice %></p>
|
22
22
|
<p class="alert"><%= alert %></p>
|
23
23
|
|
24
|
-
4.
|
25
|
-
|
26
|
-
config.assets.initialize_on_precompile = false
|
27
|
-
|
28
|
-
On config/application.rb forcing your application to not access the DB
|
29
|
-
or load models when precompiling your assets.
|
30
|
-
|
31
|
-
5. You can copy Devise views (for customization) to your app by running:
|
24
|
+
4. You can copy Devise views (for customization) to your app by running:
|
32
25
|
|
33
26
|
rails g devise:views
|
34
27
|
|
@@ -0,0 +1,14 @@
|
|
1
|
+
===============================================================================
|
2
|
+
|
3
|
+
Some setup you must do manually if you haven't yet:
|
4
|
+
|
5
|
+
Ensure you have overridden routes for generated controllers in your routes.rb.
|
6
|
+
For example:
|
7
|
+
|
8
|
+
Rails.application.routes.draw do
|
9
|
+
devise_for :users, controllers: {
|
10
|
+
sessions: 'users/sessions'
|
11
|
+
}
|
12
|
+
end
|
13
|
+
|
14
|
+
===============================================================================
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController
|
4
|
+
# GET /resource/confirmation/new
|
5
|
+
# def new
|
6
|
+
# super
|
7
|
+
# end
|
8
|
+
|
9
|
+
# POST /resource/confirmation
|
10
|
+
# def create
|
11
|
+
# super
|
12
|
+
# end
|
13
|
+
|
14
|
+
# GET /resource/confirmation?confirmation_token=abcdef
|
15
|
+
# def show
|
16
|
+
# super
|
17
|
+
# end
|
18
|
+
|
19
|
+
# protected
|
20
|
+
|
21
|
+
# The path used after resending confirmation instructions.
|
22
|
+
# def after_resending_confirmation_instructions_path_for(resource_name)
|
23
|
+
# super(resource_name)
|
24
|
+
# end
|
25
|
+
|
26
|
+
# The path used after confirmation.
|
27
|
+
# def after_confirmation_path_for(resource_name, resource)
|
28
|
+
# super(resource_name, resource)
|
29
|
+
# end
|
30
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
4
|
+
# You should configure your model like this:
|
5
|
+
# devise :omniauthable, omniauth_providers: [:twitter]
|
6
|
+
|
7
|
+
# You should also create an action method in this controller like this:
|
8
|
+
# def twitter
|
9
|
+
# end
|
10
|
+
|
11
|
+
# More info at:
|
12
|
+
# https://github.com/plataformatec/devise#omniauth
|
13
|
+
|
14
|
+
# GET|POST /resource/auth/twitter
|
15
|
+
# def passthru
|
16
|
+
# super
|
17
|
+
# end
|
18
|
+
|
19
|
+
# GET|POST /users/auth/twitter/callback
|
20
|
+
# def failure
|
21
|
+
# super
|
22
|
+
# end
|
23
|
+
|
24
|
+
# protected
|
25
|
+
|
26
|
+
# The path used when OmniAuth fails
|
27
|
+
# def after_omniauth_failure_path_for(scope)
|
28
|
+
# super(scope)
|
29
|
+
# end
|
30
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController
|
4
|
+
# GET /resource/password/new
|
5
|
+
# def new
|
6
|
+
# super
|
7
|
+
# end
|
8
|
+
|
9
|
+
# POST /resource/password
|
10
|
+
# def create
|
11
|
+
# super
|
12
|
+
# end
|
13
|
+
|
14
|
+
# GET /resource/password/edit?reset_password_token=abcdef
|
15
|
+
# def edit
|
16
|
+
# super
|
17
|
+
# end
|
18
|
+
|
19
|
+
# PUT /resource/password
|
20
|
+
# def update
|
21
|
+
# super
|
22
|
+
# end
|
23
|
+
|
24
|
+
# protected
|
25
|
+
|
26
|
+
# def after_resetting_password_path_for(resource)
|
27
|
+
# super(resource)
|
28
|
+
# end
|
29
|
+
|
30
|
+
# The path used after sending reset password instructions
|
31
|
+
# def after_sending_reset_password_instructions_path_for(resource_name)
|
32
|
+
# super(resource_name)
|
33
|
+
# end
|
34
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
|
4
|
+
# before_action :configure_sign_up_params, only: [:create]
|
5
|
+
# before_action :configure_account_update_params, only: [:update]
|
6
|
+
|
7
|
+
# GET /resource/sign_up
|
8
|
+
# def new
|
9
|
+
# super
|
10
|
+
# end
|
11
|
+
|
12
|
+
# POST /resource
|
13
|
+
# def create
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# GET /resource/edit
|
18
|
+
# def edit
|
19
|
+
# super
|
20
|
+
# end
|
21
|
+
|
22
|
+
# PUT /resource
|
23
|
+
# def update
|
24
|
+
# super
|
25
|
+
# end
|
26
|
+
|
27
|
+
# DELETE /resource
|
28
|
+
# def destroy
|
29
|
+
# super
|
30
|
+
# end
|
31
|
+
|
32
|
+
# GET /resource/cancel
|
33
|
+
# Forces the session data which is usually expired after sign
|
34
|
+
# in to be expired now. This is useful if the user wants to
|
35
|
+
# cancel oauth signing in/up in the middle of the process,
|
36
|
+
# removing all OAuth session data.
|
37
|
+
# def cancel
|
38
|
+
# super
|
39
|
+
# end
|
40
|
+
|
41
|
+
# protected
|
42
|
+
|
43
|
+
# If you have extra params to permit, append them to the sanitizer.
|
44
|
+
# def configure_sign_up_params
|
45
|
+
# devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
|
46
|
+
# end
|
47
|
+
|
48
|
+
# If you have extra params to permit, append them to the sanitizer.
|
49
|
+
# def configure_account_update_params
|
50
|
+
# devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
|
51
|
+
# end
|
52
|
+
|
53
|
+
# The path used after sign up.
|
54
|
+
# def after_sign_up_path_for(resource)
|
55
|
+
# super(resource)
|
56
|
+
# end
|
57
|
+
|
58
|
+
# The path used after sign up for inactive accounts.
|
59
|
+
# def after_inactive_sign_up_path_for(resource)
|
60
|
+
# super(resource)
|
61
|
+
# end
|
62
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= @scope_prefix %>SessionsController < Devise::SessionsController
|
4
|
+
# before_action :configure_sign_in_params, only: [:create]
|
5
|
+
|
6
|
+
# GET /resource/sign_in
|
7
|
+
# def new
|
8
|
+
# super
|
9
|
+
# end
|
10
|
+
|
11
|
+
# POST /resource/sign_in
|
12
|
+
# def create
|
13
|
+
# super
|
14
|
+
# end
|
15
|
+
|
16
|
+
# DELETE /resource/sign_out
|
17
|
+
# def destroy
|
18
|
+
# super
|
19
|
+
# end
|
20
|
+
|
21
|
+
# protected
|
22
|
+
|
23
|
+
# If you have extra params to permit, append them to the sanitizer.
|
24
|
+
# def configure_sign_in_params
|
25
|
+
# devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
|
26
|
+
# end
|
27
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController
|
4
|
+
# GET /resource/unlock/new
|
5
|
+
# def new
|
6
|
+
# super
|
7
|
+
# end
|
8
|
+
|
9
|
+
# POST /resource/unlock
|
10
|
+
# def create
|
11
|
+
# super
|
12
|
+
# end
|
13
|
+
|
14
|
+
# GET /resource/unlock?unlock_token=abcdef
|
15
|
+
# def show
|
16
|
+
# super
|
17
|
+
# end
|
18
|
+
|
19
|
+
# protected
|
20
|
+
|
21
|
+
# The path used after sending unlock password instructions
|
22
|
+
# def after_sending_unlock_instructions_path_for(resource)
|
23
|
+
# super(resource)
|
24
|
+
# end
|
25
|
+
|
26
|
+
# The path used after unlocking the resource
|
27
|
+
# def after_unlock_path_for(resource)
|
28
|
+
# super(resource)
|
29
|
+
# end
|
30
|
+
end
|
@@ -1,10 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# Use this hook to configure devise mailer, warden hooks and so forth.
|
2
4
|
# Many of these configuration options can be set straight in your model.
|
3
5
|
Devise.setup do |config|
|
4
6
|
# The secret key used by Devise. Devise uses this key to generate
|
5
7
|
# random tokens. Changing this key will render invalid all existing
|
6
8
|
# confirmation, reset password and unlock tokens in the database.
|
7
|
-
|
9
|
+
# Devise will use the `secret_key_base` as its `secret_key`
|
10
|
+
# by default. You can change it below and use your own secret key.
|
11
|
+
# config.secret_key = '<%= SecureRandom.hex(64) %>'
|
12
|
+
|
13
|
+
# ==> Controller configuration
|
14
|
+
# Configure the parent class to the devise controllers.
|
15
|
+
# config.parent_controller = 'DeviseController'
|
8
16
|
|
9
17
|
# ==> Mailer Configuration
|
10
18
|
# Configure the e-mail address which will be shown in Devise::Mailer,
|
@@ -15,6 +23,9 @@ Devise.setup do |config|
|
|
15
23
|
# Configure the class responsible to send e-mails.
|
16
24
|
# config.mailer = 'Devise::Mailer'
|
17
25
|
|
26
|
+
# Configure the parent class responsible to send e-mails.
|
27
|
+
# config.parent_mailer = 'ActionMailer::Base'
|
28
|
+
|
18
29
|
# ==> ORM configuration
|
19
30
|
# Load and configure the ORM. Supports :active_record (default) and
|
20
31
|
# :mongoid (bson_ext recommended) by default. Other ORMs may be
|
@@ -29,7 +40,7 @@ Devise.setup do |config|
|
|
29
40
|
# session. If you need permissions, you should implement that in a before filter.
|
30
41
|
# You can also supply a hash where the value is a boolean determining whether
|
31
42
|
# or not authentication should be aborted when the value is not present.
|
32
|
-
# config.authentication_keys = [
|
43
|
+
# config.authentication_keys = [:email]
|
33
44
|
|
34
45
|
# Configure parameters from the request object used for authentication. Each entry
|
35
46
|
# given should be a request method and it will automatically be passed to the
|
@@ -41,12 +52,12 @@ Devise.setup do |config|
|
|
41
52
|
# Configure which authentication keys should be case-insensitive.
|
42
53
|
# These keys will be downcased upon creating or modifying a user and when used
|
43
54
|
# to authenticate or find a user. Default is :email.
|
44
|
-
config.case_insensitive_keys = [
|
55
|
+
config.case_insensitive_keys = [:email]
|
45
56
|
|
46
57
|
# Configure which authentication keys should have whitespace stripped.
|
47
58
|
# These keys will have whitespace before and after removed upon creating or
|
48
59
|
# modifying a user and when used to authenticate or find a user. Default is :email.
|
49
|
-
config.strip_whitespace_keys = [
|
60
|
+
config.strip_whitespace_keys = [:email]
|
50
61
|
|
51
62
|
# Tell if authentication through request.params is enabled. True by default.
|
52
63
|
# It can be set to an array that will enable params authentication only for the
|
@@ -61,7 +72,7 @@ Devise.setup do |config|
|
|
61
72
|
# :database = Support basic authentication with authentication key + password
|
62
73
|
# config.http_authenticatable = false
|
63
74
|
|
64
|
-
# If
|
75
|
+
# If 401 status code should be returned for AJAX requests. True by default.
|
65
76
|
# config.http_authenticatable_on_xhr = true
|
66
77
|
|
67
78
|
# The realm used in Http Basic Authentication. 'Application' by default.
|
@@ -76,7 +87,7 @@ Devise.setup do |config|
|
|
76
87
|
# particular strategies by setting this option.
|
77
88
|
# Notice that if you are skipping storage for all authentication paths, you
|
78
89
|
# may want to disable generating routes to Devise's sessions controller by
|
79
|
-
# passing :
|
90
|
+
# passing skip: :sessions to `devise_for` in your config/routes.rb
|
80
91
|
config.skip_session_storage = [:http_auth]
|
81
92
|
|
82
93
|
# By default, Devise cleans up the CSRF token on authentication to
|
@@ -85,24 +96,38 @@ Devise.setup do |config|
|
|
85
96
|
# from the server. You can disable this option at your own risk.
|
86
97
|
# config.clean_up_csrf_token_on_authentication = true
|
87
98
|
|
99
|
+
# When false, Devise will not attempt to reload routes on eager load.
|
100
|
+
# This can reduce the time taken to boot the app but if your application
|
101
|
+
# requires the Devise mappings to be loaded during boot time the application
|
102
|
+
# won't boot properly.
|
103
|
+
# config.reload_routes = true
|
104
|
+
|
88
105
|
# ==> Configuration for :database_authenticatable
|
89
|
-
# For bcrypt, this is the cost for hashing the password and defaults to
|
90
|
-
# using other
|
106
|
+
# For bcrypt, this is the cost for hashing the password and defaults to 11. If
|
107
|
+
# using other algorithms, it sets how many times you want the password to be hashed.
|
91
108
|
#
|
92
109
|
# Limiting the stretches to just one in testing will increase the performance of
|
93
110
|
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
|
94
|
-
# a value less than 10 in other environments.
|
95
|
-
|
111
|
+
# a value less than 10 in other environments. Note that, for bcrypt (the default
|
112
|
+
# algorithm), the cost increases exponentially with the number of stretches (e.g.
|
113
|
+
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
|
114
|
+
config.stretches = Rails.env.test? ? 1 : 11
|
96
115
|
|
97
|
-
#
|
116
|
+
# Set up a pepper to generate the hashed password.
|
98
117
|
# config.pepper = '<%= SecureRandom.hex(64) %>'
|
99
118
|
|
119
|
+
# Send a notification to the original email when the user's email is changed.
|
120
|
+
# config.send_email_changed_notification = false
|
121
|
+
|
122
|
+
# Send a notification email when the user's password is changed.
|
123
|
+
# config.send_password_change_notification = false
|
124
|
+
|
100
125
|
# ==> Configuration for :confirmable
|
101
126
|
# A period that the user is allowed to access the website even without
|
102
|
-
# confirming
|
103
|
-
# able to access the website for two days without confirming
|
127
|
+
# confirming their account. For instance, if set to 2.days, the user will be
|
128
|
+
# able to access the website for two days without confirming their account,
|
104
129
|
# access will be blocked just in the third day. Default is 0.days, meaning
|
105
|
-
# the user cannot access the website without confirming
|
130
|
+
# the user cannot access the website without confirming their account.
|
106
131
|
# config.allow_unconfirmed_access_for = 2.days
|
107
132
|
|
108
133
|
# A period that the user is allowed to confirm their account before their
|
@@ -115,41 +140,41 @@ Devise.setup do |config|
|
|
115
140
|
|
116
141
|
# If true, requires any email changes to be confirmed (exactly the same way as
|
117
142
|
# initial account confirmation) to be applied. Requires additional unconfirmed_email
|
118
|
-
# db field (see migrations). Until confirmed new email is stored in
|
119
|
-
#
|
143
|
+
# db field (see migrations). Until confirmed, new email is stored in
|
144
|
+
# unconfirmed_email column, and copied to email column on successful confirmation.
|
120
145
|
config.reconfirmable = true
|
121
146
|
|
122
147
|
# Defines which key will be used when confirming an account
|
123
|
-
# config.confirmation_keys = [
|
148
|
+
# config.confirmation_keys = [:email]
|
124
149
|
|
125
150
|
# ==> Configuration for :rememberable
|
126
151
|
# The time the user will be remembered without asking for credentials again.
|
127
152
|
# config.remember_for = 2.weeks
|
128
153
|
|
154
|
+
# Invalidates all the remember me tokens when the user signs out.
|
155
|
+
config.expire_all_remember_me_on_sign_out = true
|
156
|
+
|
129
157
|
# If true, extends the user's remember period when remembered via cookie.
|
130
158
|
# config.extend_remember_period = false
|
131
159
|
|
132
160
|
# Options to be passed to the created cookie. For instance, you can set
|
133
|
-
# :
|
161
|
+
# secure: true in order to force SSL only cookies.
|
134
162
|
# config.rememberable_options = {}
|
135
163
|
|
136
164
|
# ==> Configuration for :validatable
|
137
|
-
# Range for password length.
|
138
|
-
config.password_length =
|
165
|
+
# Range for password length.
|
166
|
+
config.password_length = 6..128
|
139
167
|
|
140
168
|
# Email regex used to validate email formats. It simply asserts that
|
141
169
|
# one (and only one) @ exists in the given string. This is mainly
|
142
170
|
# to give user feedback and not to assert the e-mail validity.
|
143
|
-
|
171
|
+
config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
|
144
172
|
|
145
173
|
# ==> Configuration for :timeoutable
|
146
174
|
# The time you want to timeout the user session without activity. After this
|
147
175
|
# time the user will be asked for credentials again. Default is 30 minutes.
|
148
176
|
# config.timeout_in = 30.minutes
|
149
177
|
|
150
|
-
# If true, expires auth token on session timeout.
|
151
|
-
# config.expire_auth_token_on_timeout = false
|
152
|
-
|
153
178
|
# ==> Configuration for :lockable
|
154
179
|
# Defines which strategy will be used to lock an account.
|
155
180
|
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
@@ -157,7 +182,7 @@ Devise.setup do |config|
|
|
157
182
|
# config.lock_strategy = :failed_attempts
|
158
183
|
|
159
184
|
# Defines which key will be used when locking and unlocking an account
|
160
|
-
# config.unlock_keys = [
|
185
|
+
# config.unlock_keys = [:email]
|
161
186
|
|
162
187
|
# Defines which strategy will be used to unlock an account.
|
163
188
|
# :email = Sends an unlock link to the user email
|
@@ -174,24 +199,28 @@ Devise.setup do |config|
|
|
174
199
|
# config.unlock_in = 1.hour
|
175
200
|
|
176
201
|
# Warn on the last attempt before the account is locked.
|
177
|
-
# config.last_attempt_warning =
|
202
|
+
# config.last_attempt_warning = true
|
178
203
|
|
179
204
|
# ==> Configuration for :recoverable
|
180
205
|
#
|
181
206
|
# Defines which key will be used when recovering the password for an account
|
182
|
-
# config.reset_password_keys = [
|
207
|
+
# config.reset_password_keys = [:email]
|
183
208
|
|
184
209
|
# Time interval you can reset your password with a reset password key.
|
185
210
|
# Don't put a too small interval or your users won't have the time to
|
186
211
|
# change their passwords.
|
187
212
|
config.reset_password_within = 6.hours
|
188
213
|
|
214
|
+
# When set to false, does not sign a user in automatically after their password is
|
215
|
+
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
216
|
+
# config.sign_in_after_reset_password = true
|
217
|
+
|
189
218
|
# ==> Configuration for :encryptable
|
190
|
-
# Allow you to use another encryption algorithm besides bcrypt (default).
|
191
|
-
# :sha1, :sha512 or
|
192
|
-
# :authlogic_sha512 (then you should set stretches above to 20
|
193
|
-
# and :restful_authentication_sha1 (then you should set
|
194
|
-
# REST_AUTH_SITE_KEY to pepper).
|
219
|
+
# Allow you to use another hashing or encryption algorithm besides bcrypt (default).
|
220
|
+
# You can use :sha1, :sha512 or algorithms from others authentication tools as
|
221
|
+
# :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
|
222
|
+
# for default behavior) and :restful_authentication_sha1 (then you should set
|
223
|
+
# stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
|
195
224
|
#
|
196
225
|
# Require the `devise-encryptable` gem when using anything other than bcrypt
|
197
226
|
# config.encryptor = :sha512
|
@@ -227,7 +256,7 @@ Devise.setup do |config|
|
|
227
256
|
# ==> OmniAuth
|
228
257
|
# Add a new OmniAuth provider. Check the wiki for more information on setting
|
229
258
|
# up on your models and hooks.
|
230
|
-
# config.omniauth :github, 'APP_ID', 'APP_SECRET', :
|
259
|
+
# config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
|
231
260
|
|
232
261
|
# ==> Warden configuration
|
233
262
|
# If you want to use other strategies, that are not supported by Devise, or
|
@@ -235,7 +264,7 @@ Devise.setup do |config|
|
|
235
264
|
#
|
236
265
|
# config.warden do |manager|
|
237
266
|
# manager.intercept_401 = false
|
238
|
-
# manager.default_strategies(:
|
267
|
+
# manager.default_strategies(scope: :user).unshift :some_external_strategy
|
239
268
|
# end
|
240
269
|
|
241
270
|
# ==> Mountable engine configurations
|
@@ -248,7 +277,7 @@ Devise.setup do |config|
|
|
248
277
|
# The router that invoked `devise_for`, in the example above, would be:
|
249
278
|
# config.router_name = :my_engine
|
250
279
|
#
|
251
|
-
# When using
|
280
|
+
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
|
252
281
|
# so you need to do it manually. For the users scope, it would be:
|
253
282
|
# config.omniauth_path_prefix = '/my_engine/users/auth'
|
254
283
|
end
|