RubyGems - devise - Versions diffs - 3.2.4 → 3.3.0 - Mend

devise 3.2.4 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

checksums.yaml +4 -4
data/.gitignore +0 -1
data/.travis.yml +12 -5
data/CHANGELOG.md +28 -1
data/Gemfile +5 -5
data/Gemfile.lock +98 -92
data/README.md +22 -16
data/app/controllers/devise/confirmations_controller.rb +1 -1
data/app/controllers/devise/registrations_controller.rb +18 -5
data/app/controllers/devise/sessions_controller.rb +32 -9
data/app/controllers/devise_controller.rb +3 -3
data/app/views/devise/registrations/new.html.erb +1 -1
data/app/views/devise/sessions/new.html.erb +2 -2
data/app/views/devise/shared/_links.erb +1 -1
data/config/locales/en.yml +16 -15
data/gemfiles/Gemfile.rails-3.2-stable +3 -3
data/gemfiles/Gemfile.rails-3.2-stable.lock +166 -0
data/gemfiles/Gemfile.rails-4.0-stable +4 -4
data/gemfiles/Gemfile.rails-4.0-stable.lock +162 -0
data/gemfiles/Gemfile.rails-head +7 -4
data/gemfiles/Gemfile.rails-head.lock +190 -0
data/lib/devise.rb +8 -4
data/lib/devise/controllers/helpers.rb +77 -6
data/lib/devise/controllers/sign_in_out.rb +0 -1
data/lib/devise/controllers/store_location.rb +8 -2
data/lib/devise/controllers/url_helpers.rb +3 -1
data/lib/devise/failure_app.rb +6 -6
data/lib/devise/hooks/activatable.rb +3 -4
data/lib/devise/hooks/csrf_cleaner.rb +3 -1
data/lib/devise/hooks/timeoutable.rb +8 -1
data/lib/devise/mapping.rb +4 -1
data/lib/devise/models/confirmable.rb +3 -3
data/lib/devise/models/database_authenticatable.rb +7 -3
data/lib/devise/models/lockable.rb +2 -2
data/lib/devise/models/recoverable.rb +23 -7
data/lib/devise/models/rememberable.rb +2 -2
data/lib/devise/models/trackable.rb +4 -1
data/lib/devise/rails/routes.rb +8 -6
data/lib/devise/strategies/authenticatable.rb +7 -0
data/lib/devise/version.rb +1 -1
data/lib/generators/active_record/devise_generator.rb +19 -2
data/lib/generators/templates/README +1 -1
data/lib/generators/templates/devise.rb +3 -0
data/script/cached-bundle +49 -0
data/script/s3-put +71 -0
data/test/controllers/custom_registrations_controller_test.rb +35 -0
data/test/controllers/helpers_test.rb +35 -0
data/test/controllers/internal_helpers_test.rb +1 -1
data/test/controllers/passwords_controller_test.rb +1 -1
data/test/devise_test.rb +18 -5
data/test/failure_app_test.rb +40 -4
data/test/generators/active_record_generator_test.rb +6 -0
data/test/helpers/devise_helper_test.rb +3 -2
data/test/integration/authenticatable_test.rb +19 -3
data/test/integration/confirmable_test.rb +49 -9
data/test/integration/http_authenticatable_test.rb +1 -1
data/test/integration/lockable_test.rb +6 -6
data/test/integration/recoverable_test.rb +5 -5
data/test/integration/registerable_test.rb +32 -22
data/test/integration/timeoutable_test.rb +8 -2
data/test/integration/trackable_test.rb +2 -2
data/test/mailers/confirmation_instructions_test.rb +3 -3
data/test/mailers/reset_password_instructions_test.rb +3 -3
data/test/mailers/unlock_instructions_test.rb +3 -3
data/test/models/authenticatable_test.rb +1 -1
data/test/models/lockable_test.rb +6 -0
data/test/models/recoverable_test.rb +12 -0
data/test/models/rememberable_test.rb +21 -6
data/test/models/trackable_test.rb +28 -0
data/test/models/validatable_test.rb +2 -2
data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
data/test/rails_app/app/controllers/application_controller.rb +3 -0
data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
data/test/rails_app/app/controllers/custom/registrations_controller.rb +21 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +1 -1
data/test/rails_app/app/controllers/users_controller.rb +1 -1
data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
data/test/rails_app/config/application.rb +1 -1
data/test/rails_app/config/initializers/devise.rb +2 -0
data/test/rails_app/config/routes.rb +17 -0
data/test/rails_app/lib/shared_user.rb +1 -1
data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
data/test/routes_test.rb +5 -3
data/test/support/assertions.rb +2 -3
data/test/support/integration.rb +2 -2
data/test/test_helper.rb +2 -0
data/test/test_helpers_test.rb +22 -32
metadata +23 -2

data/test/integration/http_authenticatable_test.rb CHANGED

@@ -42,7 +42,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
     sign_in_as_new_user_with_http("unknown")
     assert_equal 401, status
     assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
-    assert_match "<error>Invalid email or password.</error>", response.body
+    assert_match "<error>Invalid email address or password.</error>", response.body
   end
   test 'returns a custom response with www-authenticate and chosen realm' do

data/test/integration/lockable_test.rb CHANGED

@@ -22,7 +22,7 @@ class LockTest < ActionDispatch::IntegrationTest
     send_unlock_request
     assert_template 'sessions/new'
-    assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
+    assert_contain 'You will receive an email with instructions for how to unlock your account in a few minutes'
     mail = ActionMailer::Base.deliveries.last
     assert_equal 1, ActionMailer::Base.deliveries.size
@@ -182,7 +182,7 @@ class LockTest < ActionDispatch::IntegrationTest
       click_button 'Resend unlock instructions'
       assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
     end
   end
@@ -197,7 +197,7 @@ class LockTest < ActionDispatch::IntegrationTest
       click_button 'Resend unlock instructions'
       assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
     end
   end
@@ -213,7 +213,7 @@ class LockTest < ActionDispatch::IntegrationTest
       assert_not_contain "Email not found"
       assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
     end
   end
@@ -225,11 +225,11 @@ class LockTest < ActionDispatch::IntegrationTest
       visit new_user_session_path
       fill_in 'email', with: user.email
       fill_in 'password', with: "abadpassword"
-      click_button 'Sign in'
+      click_button 'Log in'
       fill_in 'email', with: user.email
       fill_in 'password', with: "abadpassword"
-      click_button 'Sign in'
+      click_button 'Log in'
       assert_current_url "/users/sign_in"
       assert_not_contain "locked"

data/test/integration/recoverable_test.rb CHANGED

@@ -171,7 +171,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
     reset_password
     assert_current_url '/'
-    assert_contain 'Your password was changed successfully. You are now signed in.'
+    assert_contain 'Your password has been changed successfully. You are now signed in.'
     assert user.reload.valid_password?('987654321')
   end
@@ -185,7 +185,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
     assert_not user.reload.valid_password?('987654321')
     reset_password visit: false
-    assert_contain 'Your password was changed successfully.'
+    assert_contain 'Your password has been changed successfully.'
     assert user.reload.valid_password?('987654321')
   end
@@ -204,7 +204,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
         request_forgot_password
         reset_password
-        assert_contain 'Your password was changed successfully.'
+        assert_contain 'Your password has been changed successfully.'
         assert_not_contain 'You are now signed in.'
         assert_equal new_user_session_path, @request.path
         assert !warden.authenticated?(:user)
@@ -218,7 +218,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
       request_forgot_password
       reset_password
-      assert_contain 'Your password was changed successfully.'
+      assert_contain 'Your password has been changed successfully.'
       assert !user.reload.access_locked?
       assert warden.authenticated?(:user)
     end
@@ -230,7 +230,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
       request_forgot_password
       reset_password
-      assert_contain 'Your password was changed successfully.'
+      assert_contain 'Your password has been changed successfully.'
       assert !user.reload.access_locked?
       assert warden.authenticated?(:user)
     end

data/test/integration/registerable_test.rb CHANGED

@@ -17,7 +17,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert warden.authenticated?(:admin)
     assert_current_url "/admin_area/home"
-    admin = Admin.order(:id).last
+    admin = Admin.to_adapter.find_first(order: [:id, :desc])
     assert_equal admin.email, 'new_user@test.com'
   end
@@ -36,6 +36,11 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_current_url "/?custom=1"
   end
+  test 'a guest admin should not see a warning about minimum password length' do
+    get new_admin_session_path
+    assert_not_contain 'characters minimum'
+  end
   def user_sign_up
     ActionMailer::Base.deliveries.clear
@@ -47,16 +52,21 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     click_button 'Sign up'
   end
+  test 'a guest user should see a warning about minimum password length' do
+    get new_user_registration_path
+    assert_contain '7 characters minimum'
+  end
   test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
     user_sign_up
-    assert_contain 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
+    assert_contain 'A message with a confirmation link has been sent to your email address. Please follow the link to activate your account.'
     assert_not_contain 'You have to confirm your account before continuing'
     assert_current_url "/"
     assert_not warden.authenticated?(:user)
-    user = User.order(:id).last
+    user = User.to_adapter.find_first(order: [:id, :desc])
     assert_equal user.email, 'new_user@test.com'
     assert_not user.confirmed?
   end
@@ -103,7 +113,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_contain Devise.rails4? ?
       "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
     assert_contain "2 errors prohibited"
-    assert_nil User.first
+    assert_nil User.to_adapter.find_first
     assert_not warden.authenticated?(:user)
   end
@@ -149,9 +159,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     click_button 'Update'
     assert_current_url '/'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
-    assert_equal "user.new@example.com", User.first.email
+    assert_equal "user.new@example.com", User.to_adapter.find_first.email
   end
   test 'a signed in user should still be able to use the website after changing their password' do
@@ -163,7 +173,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     fill_in 'current password', with: '12345678'
     click_button 'Update'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
     get users_path
     assert warden.authenticated?(:user)
   end
@@ -180,7 +190,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_contain 'user@test.com'
     assert_have_selector 'form input[value="user.new@example.com"]'
-    assert_equal "user@test.com", User.first.email
+    assert_equal "user@test.com", User.to_adapter.find_first.email
   end
   test 'a signed in user should be able to edit their password' do
@@ -193,9 +203,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     click_button 'Update'
     assert_current_url '/'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
-    assert User.first.valid_password?('pass1234')
+    assert User.to_adapter.find_first.valid_password?('pass1234')
   end
   test 'a signed in user should not be able to edit their password with invalid confirmation' do
@@ -209,7 +219,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_contain Devise.rails4? ?
       "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
-    assert_not User.first.valid_password?('pas123')
+    assert_not User.to_adapter.find_first.valid_password?('pas123')
   end
   test 'a signed in user should be able to cancel their account' do
@@ -217,9 +227,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     get edit_user_registration_path
     click_button "Cancel my account"
-    assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
+    assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon."
-    assert User.all.empty?
+    assert User.to_adapter.find_all.empty?
   end
   test 'a user should be able to cancel sign up by deleting data in the session' do
@@ -253,7 +263,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
-    admin = Admin.order(:id).last
+    admin = Admin.to_adapter.find_first(order: [:id, :desc])
     assert_equal admin.email, 'new_user@test.com'
   end
@@ -262,7 +272,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
-    user = User.order(:id).last
+    user = User.to_adapter.find_first(order: [:id, :desc])
     assert_equal user.email, 'new_user@test.com'
   end
@@ -290,7 +300,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     sign_in_as_user
     delete user_registration_path(format: 'xml')
     assert_response :success
-    assert_equal User.count, 0
+    assert_equal User.to_adapter.find_all.size, 0
   end
 end
@@ -305,7 +315,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
     assert_current_url '/admin_area/home'
     assert_contain 'but we need to verify your new email address'
-    assert_equal 'admin.new@example.com', Admin.first.unconfirmed_email
+    assert_equal 'admin.new@example.com', Admin.to_adapter.find_first.unconfirmed_email
     get edit_admin_registration_path
     assert_contain 'Currently waiting confirmation for: admin.new@example.com'
@@ -321,9 +331,9 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
     click_button 'Update'
     assert_current_url '/admin_area/home'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
-    assert Admin.first.valid_password?('pas123')
+    assert Admin.to_adapter.find_first.valid_password?('pas123')
   end
   test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do
@@ -341,9 +351,9 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
     click_button 'Update'
     assert_current_url '/admin_area/home'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
-    assert_equal "admin.new@example.com", Admin.first.unconfirmed_email
-    assert Admin.first.valid_password?('pas123')
+    assert_equal "admin.new@example.com", Admin.to_adapter.find_first.unconfirmed_email
+    assert Admin.to_adapter.find_first.valid_password?('pas123')
   end
 end

data/test/integration/timeoutable_test.rb CHANGED

@@ -8,12 +8,11 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
   test 'set last request at in user session after each request' do
     sign_in_as_user
-    old_last_request = last_request_at
     assert_not_nil last_request_at
+    @controller.user_session.delete('last_request_at')
     get users_path
     assert_not_nil last_request_at
-    assert_not_equal old_last_request, last_request_at
   end
   test 'set last request at in user session after each request is skipped if tracking is disabled' do
@@ -180,4 +179,11 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert warden.authenticated?(:user)
   end
+  test 'does not crashes when the last_request_at is a String' do
+    user = sign_in_as_user
+    get edit_form_user_path(user, last_request_at: Time.now.utc.to_s)
+    get users_path
+  end
 end

data/test/integration/trackable_test.rb CHANGED

@@ -10,8 +10,8 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest
     sign_in_as_user
     user.reload
-    assert_kind_of Time, user.current_sign_in_at
-    assert_kind_of Time, user.last_sign_in_at
+    assert user.current_sign_in_at.acts_like?(:time)
+    assert user.last_sign_in_at.acts_like?(:time)
     assert_equal user.current_sign_in_at, user.last_sign_in_at
     assert user.current_sign_in_at >= user.created_at

data/test/mailers/confirmation_instructions_test.rb CHANGED

@@ -53,7 +53,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   test 'custom mailer renders parent mailer template' do
     Devise.mailer = 'Users::Mailer'
-    assert_not_blank mail.body.encoded
+    assert_present mail.body.encoded
   end
   test 'setup reply to as copy from sender' do
@@ -83,9 +83,9 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   end
   test 'body should have link to confirm the account' do
-    host = ActionMailer::Base.default_url_options[:host]
+    host, port = ActionMailer::Base.default_url_options.values_at :host, :port
-    if mail.body.encoded =~ %r{<a href=\"http://#{host}/users/confirmation\?confirmation_token=([^"]+)">}
+    if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/confirmation\?confirmation_token=([^"]+)">}
       assert_equal Devise.token_generator.digest(user.class, :confirmation_token, $1), user.confirmation_token
     else
       flunk "expected confirmation url regex to match"

data/test/mailers/reset_password_instructions_test.rb CHANGED

@@ -55,7 +55,7 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
   test 'custom mailer renders parent mailer template' do
     Devise.mailer = 'Users::Mailer'
-    assert_not_blank mail.body.encoded
+    assert_present mail.body.encoded
   end
   test 'setup reply to as copy from sender' do
@@ -79,9 +79,9 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
   end
   test 'body should have link to confirm the account' do
-    host = ActionMailer::Base.default_url_options[:host]
+    host, port = ActionMailer::Base.default_url_options.values_at :host, :port
-    if mail.body.encoded =~ %r{<a href=\"http://#{host}/users/password/edit\?reset_password_token=([^"]+)">}
+    if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/password/edit\?reset_password_token=([^"]+)">}
       assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token
     else
       flunk "expected reset password url regex to match"

data/test/mailers/unlock_instructions_test.rb CHANGED

@@ -56,7 +56,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   test 'custom mailer renders parent mailer template' do
     Devise.mailer = 'Users::Mailer'
-    assert_not_blank mail.body.encoded
+    assert_present mail.body.encoded
   end
   test 'setup reply to as copy from sender' do
@@ -80,9 +80,9 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   end
   test 'body should have link to unlock the account' do
-    host = ActionMailer::Base.default_url_options[:host]
+    host, port = ActionMailer::Base.default_url_options.values_at :host, :port
-    if mail.body.encoded =~ %r{<a href=\"http://#{host}/users/unlock\?unlock_token=([^"]+)">}
+    if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/unlock\?unlock_token=([^"]+)">}
       assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token
     else
       flunk "expected unlock url regex to match"

data/test/models/authenticatable_test.rb CHANGED

@@ -6,7 +6,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
   end
   test 'find_first_by_auth_conditions allows custom filtering parameters' do
-    user = User.create!(email: "example@example.com", password: "123456")
+    user = User.create!(email: "example@example.com", password: "1234567")
     assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
     assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next)
   end

data/test/models/lockable_test.rb CHANGED

@@ -313,4 +313,10 @@ class LockableTest < ActiveSupport::TestCase
       end
     end
   end
+  test 'should return locked message if user was programatically locked' do
+    user = create_user
+    user.lock_access!
+    assert_equal :locked, user.unauthenticated_message
+  end
 end

data/test/models/recoverable_test.rb CHANGED

@@ -181,4 +181,16 @@ class RecoverableTest < ActiveSupport::TestCase
       :reset_password_token
     ]
   end
+  test 'should return a user based on the raw token' do
+    user = create_user
+    raw  = user.send_reset_password_instructions
+    assert_equal User.with_reset_password_token(raw), user
+  end
+  test 'should return nil if a user based on the raw token is not found' do
+    assert_equal User.with_reset_password_token('random-token'), nil
+  end
 end

data/test/models/rememberable_test.rb CHANGED

@@ -55,12 +55,27 @@ class RememberableTest < ActiveSupport::TestCase
     assert resource_class.new.respond_to?(:remember_me=)
   end
-  test 'forget_me should clear remember_created_at' do
-    resource = create_resource
-    resource.remember_me!
-    assert_not resource.remember_created_at.nil?
-    resource.forget_me!
-    assert resource.remember_created_at.nil?
+  test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do
+    swap Devise, expire_all_remember_me_on_sign_out: true do
+      resource = create_resource
+      resource.remember_me!
+      assert_not_nil resource.remember_created_at
+      resource.forget_me!
+      assert_nil resource.remember_created_at
+    end
+  end
+  test 'forget_me should not clear remember_created_at if expire_all_remember_me_on_sign_out is false' do
+    swap Devise, expire_all_remember_me_on_sign_out: false do
+      resource = create_resource
+      resource.remember_me!
+      assert_not_nil resource.remember_created_at
+      resource.forget_me!
+      assert_not_nil resource.remember_created_at
+    end
   end
   test 'forget_me should not try to update resource if it has been destroyed' do