devise 3.2.4 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.gitignore +0 -1
- data/.travis.yml +33 -17
- data/CHANGELOG.md +57 -1033
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +5 -5
- data/Gemfile.lock +138 -115
- data/MIT-LICENSE +1 -1
- data/README.md +124 -65
- data/Rakefile +2 -1
- data/app/controllers/devise/confirmations_controller.rb +7 -3
- data/app/controllers/devise/omniauth_callbacks_controller.rb +8 -4
- data/app/controllers/devise/passwords_controller.rb +16 -6
- data/app/controllers/devise/registrations_controller.rb +22 -10
- data/app/controllers/devise/sessions_controller.rb +42 -14
- data/app/controllers/devise/unlocks_controller.rb +5 -2
- data/app/controllers/devise_controller.rb +63 -29
- data/app/mailers/devise/mailer.rb +4 -0
- data/app/views/devise/confirmations/new.html.erb +7 -3
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/passwords/edit.html.erb +14 -5
- data/app/views/devise/passwords/new.html.erb +7 -3
- data/app/views/devise/registrations/edit.html.erb +19 -9
- data/app/views/devise/registrations/new.html.erb +18 -7
- data/app/views/devise/sessions/new.html.erb +16 -7
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +2 -2
- data/app/views/devise/unlocks/new.html.erb +7 -3
- data/bin/test +13 -0
- data/config/locales/en.yml +19 -16
- data/devise.gemspec +3 -4
- data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-4.1-stable} +6 -6
- data/gemfiles/Gemfile.rails-4.1-stable.lock +167 -0
- data/gemfiles/{Gemfile.rails-head → Gemfile.rails-4.2-stable} +6 -6
- data/gemfiles/Gemfile.rails-4.2-stable.lock +189 -0
- data/gemfiles/Gemfile.rails-5.0-beta +37 -0
- data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
- data/lib/devise/controllers/helpers.rb +94 -27
- data/lib/devise/controllers/rememberable.rb +9 -2
- data/lib/devise/controllers/sign_in_out.rb +2 -9
- data/lib/devise/controllers/store_location.rb +11 -3
- data/lib/devise/controllers/url_helpers.rb +7 -7
- data/lib/devise/encryptor.rb +22 -0
- data/lib/devise/failure_app.rb +72 -23
- data/lib/devise/hooks/activatable.rb +3 -4
- data/lib/devise/hooks/csrf_cleaner.rb +3 -1
- data/lib/devise/hooks/timeoutable.rb +13 -8
- data/lib/devise/mailers/helpers.rb +1 -1
- data/lib/devise/mapping.rb +6 -2
- data/lib/devise/models/authenticatable.rb +32 -28
- data/lib/devise/models/confirmable.rb +55 -22
- data/lib/devise/models/database_authenticatable.rb +32 -19
- data/lib/devise/models/lockable.rb +5 -5
- data/lib/devise/models/recoverable.rb +44 -20
- data/lib/devise/models/rememberable.rb +54 -27
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/models/trackable.rb +5 -3
- data/lib/devise/models/validatable.rb +3 -3
- data/lib/devise/models.rb +1 -1
- data/lib/devise/omniauth/url_helpers.rb +62 -4
- data/lib/devise/parameter_sanitizer.rb +176 -61
- data/lib/devise/rails/routes.rb +76 -59
- data/lib/devise/rails/warden_compat.rb +1 -10
- data/lib/devise/rails.rb +2 -11
- data/lib/devise/strategies/authenticatable.rb +15 -6
- data/lib/devise/strategies/database_authenticatable.rb +5 -4
- data/lib/devise/strategies/rememberable.rb +13 -3
- data/lib/devise/test_helpers.rb +12 -7
- data/lib/devise/token_generator.rb +1 -41
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +150 -58
- data/lib/generators/active_record/devise_generator.rb +28 -4
- data/lib/generators/active_record/templates/migration.rb +3 -3
- data/lib/generators/active_record/templates/migration_existing.rb +3 -3
- data/lib/generators/devise/controllers_generator.rb +44 -0
- data/lib/generators/devise/install_generator.rb +15 -0
- data/lib/generators/devise/orm_helpers.rb +1 -18
- data/lib/generators/devise/views_generator.rb +14 -3
- data/lib/generators/templates/README +1 -1
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +28 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +28 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +32 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +60 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +25 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +28 -0
- data/lib/generators/templates/devise.rb +36 -28
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +2 -2
- data/test/controllers/custom_registrations_controller_test.rb +40 -0
- data/test/controllers/custom_strategy_test.rb +7 -5
- data/test/controllers/helper_methods_test.rb +22 -0
- data/test/controllers/helpers_test.rb +41 -1
- data/test/controllers/inherited_controller_i18n_messages_test.rb +51 -0
- data/test/controllers/internal_helpers_test.rb +19 -15
- data/test/controllers/load_hooks_controller_test.rb +19 -0
- data/test/controllers/passwords_controller_test.rb +5 -4
- data/test/controllers/sessions_controller_test.rb +24 -21
- data/test/controllers/url_helpers_test.rb +7 -1
- data/test/devise_test.rb +48 -8
- data/test/failure_app_test.rb +107 -19
- data/test/generators/active_record_generator_test.rb +6 -26
- data/test/generators/controllers_generator_test.rb +48 -0
- data/test/generators/install_generator_test.rb +14 -3
- data/test/generators/views_generator_test.rb +8 -1
- data/test/helpers/devise_helper_test.rb +10 -12
- data/test/integration/authenticatable_test.rb +37 -21
- data/test/integration/confirmable_test.rb +54 -14
- data/test/integration/database_authenticatable_test.rb +12 -1
- data/test/integration/http_authenticatable_test.rb +4 -5
- data/test/integration/lockable_test.rb +10 -9
- data/test/integration/omniauthable_test.rb +13 -11
- data/test/integration/recoverable_test.rb +28 -15
- data/test/integration/registerable_test.rb +41 -33
- data/test/integration/rememberable_test.rb +51 -7
- data/test/integration/timeoutable_test.rb +23 -22
- data/test/integration/trackable_test.rb +3 -3
- data/test/mailers/confirmation_instructions_test.rb +10 -10
- data/test/mailers/reset_password_instructions_test.rb +8 -8
- data/test/mailers/unlock_instructions_test.rb +8 -8
- data/test/mapping_test.rb +7 -0
- data/test/models/authenticatable_test.rb +11 -1
- data/test/models/confirmable_test.rb +91 -42
- data/test/models/database_authenticatable_test.rb +26 -6
- data/test/models/lockable_test.rb +29 -17
- data/test/models/recoverable_test.rb +74 -7
- data/test/models/rememberable_test.rb +68 -94
- data/test/models/trackable_test.rb +28 -0
- data/test/models/validatable_test.rb +9 -17
- data/test/models_test.rb +15 -6
- data/test/omniauth/url_helpers_test.rb +4 -7
- data/test/orm/active_record.rb +6 -1
- data/test/parameter_sanitizer_test.rb +103 -53
- data/test/rails_app/app/active_record/user.rb +1 -0
- data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins_controller.rb +1 -6
- data/test/rails_app/app/controllers/application_controller.rb +5 -2
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +31 -0
- data/test/rails_app/app/controllers/home_controller.rb +5 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +3 -3
- data/test/rails_app/app/controllers/users_controller.rb +6 -6
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +3 -0
- data/test/rails_app/app/mailers/users/mailer.rb +0 -9
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +4 -0
- data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/config/application.rb +3 -3
- data/test/rails_app/config/boot.rb +4 -4
- data/test/rails_app/config/environments/production.rb +6 -2
- data/test/rails_app/config/environments/test.rb +13 -3
- data/test/rails_app/config/initializers/devise.rb +15 -16
- data/test/rails_app/config/initializers/secret_token.rb +1 -6
- data/test/rails_app/config/routes.rb +23 -3
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +2 -2
- data/test/rails_app/lib/shared_user.rb +1 -1
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
- data/test/rails_test.rb +9 -0
- data/test/routes_test.rb +33 -16
- data/test/support/assertions.rb +2 -3
- data/test/support/helpers.rb +13 -6
- data/test/support/http_method_compatibility.rb +51 -0
- data/test/support/integration.rb +4 -4
- data/test/support/webrat/integrations/rails.rb +9 -0
- data/test/test_helper.rb +7 -0
- data/test/test_helpers_test.rb +43 -38
- data/test/test_models.rb +3 -3
- metadata +77 -23
- data/gemfiles/Gemfile.rails-4.0-stable +0 -29
@@ -3,6 +3,8 @@ require 'securerandom'
|
|
3
3
|
|
4
4
|
module Devise
|
5
5
|
module Generators
|
6
|
+
MissingORMError = Class.new(Thor::Error)
|
7
|
+
|
6
8
|
class InstallGenerator < Rails::Generators::Base
|
7
9
|
source_root File.expand_path("../../templates", __FILE__)
|
8
10
|
|
@@ -10,6 +12,19 @@ module Devise
|
|
10
12
|
class_option :orm
|
11
13
|
|
12
14
|
def copy_initializer
|
15
|
+
unless options[:orm]
|
16
|
+
raise MissingORMError, <<-ERROR.strip_heredoc
|
17
|
+
An ORM must be set to install Devise in your application.
|
18
|
+
|
19
|
+
Be sure to have an ORM like Active Record or Mongoid loaded in your
|
20
|
+
app or configure your own at `config/application.rb`.
|
21
|
+
|
22
|
+
config.generators do |g|
|
23
|
+
g.orm :your_orm_gem
|
24
|
+
end
|
25
|
+
ERROR
|
26
|
+
end
|
27
|
+
|
13
28
|
template "devise.rb", "config/initializers/devise.rb"
|
14
29
|
end
|
15
30
|
|
@@ -8,31 +8,14 @@ module Devise
|
|
8
8
|
devise :database_authenticatable, :registerable,
|
9
9
|
:recoverable, :rememberable, :trackable, :validatable
|
10
10
|
|
11
|
-
CONTENT
|
12
|
-
buffer += <<-CONTENT if needs_attr_accessible?
|
13
|
-
# Setup accessible (or protected) attributes for your model
|
14
|
-
attr_accessible :email, :password, :password_confirmation, :remember_me
|
15
|
-
|
16
11
|
CONTENT
|
17
12
|
buffer
|
18
13
|
end
|
19
14
|
|
20
|
-
def needs_attr_accessible?
|
21
|
-
rails_3? && !strong_parameters_enabled?
|
22
|
-
end
|
23
|
-
|
24
|
-
def rails_3?
|
25
|
-
Rails::VERSION::MAJOR == 3
|
26
|
-
end
|
27
|
-
|
28
|
-
def strong_parameters_enabled?
|
29
|
-
defined?(ActionController::StrongParameters)
|
30
|
-
end
|
31
|
-
|
32
15
|
private
|
33
16
|
|
34
17
|
def model_exists?
|
35
|
-
File.
|
18
|
+
File.exist?(File.join(destination_root, model_path))
|
36
19
|
end
|
37
20
|
|
38
21
|
def migration_exists?(table_name)
|
@@ -47,7 +47,7 @@ module Devise
|
|
47
47
|
def view_directory(name, _target_path = nil)
|
48
48
|
directory name.to_s, _target_path || "#{target_path}/#{name}" do |content|
|
49
49
|
if scope
|
50
|
-
content.gsub "devise/shared/links", "#{
|
50
|
+
content.gsub "devise/shared/links", "#{plural_scope}/shared/links"
|
51
51
|
else
|
52
52
|
content
|
53
53
|
end
|
@@ -55,7 +55,11 @@ module Devise
|
|
55
55
|
end
|
56
56
|
|
57
57
|
def target_path
|
58
|
-
@target_path ||= "app/views/#{
|
58
|
+
@target_path ||= "app/views/#{plural_scope || :devise}"
|
59
|
+
end
|
60
|
+
|
61
|
+
def plural_scope
|
62
|
+
@plural_scope ||= scope.presence && scope.underscore.pluralize
|
59
63
|
end
|
60
64
|
end
|
61
65
|
|
@@ -83,6 +87,13 @@ module Devise
|
|
83
87
|
source_root File.expand_path("../../templates/simple_form_for", __FILE__)
|
84
88
|
desc "Copies simple form enabled views to your application."
|
85
89
|
hide!
|
90
|
+
|
91
|
+
def copy_views
|
92
|
+
if options[:views]
|
93
|
+
options[:views].delete('mailer')
|
94
|
+
end
|
95
|
+
super
|
96
|
+
end
|
86
97
|
end
|
87
98
|
|
88
99
|
class ErbGenerator < Rails::Generators::Base #:nodoc:
|
@@ -111,7 +122,7 @@ module Devise
|
|
111
122
|
end
|
112
123
|
|
113
124
|
def target_path
|
114
|
-
"app/views/#{
|
125
|
+
"app/views/#{plural_scope || :devise}/mailer"
|
115
126
|
end
|
116
127
|
end
|
117
128
|
|
@@ -6,7 +6,7 @@ Some setup you must do manually if you haven't yet:
|
|
6
6
|
is an example of default_url_options appropriate for a development environment
|
7
7
|
in config/environments/development.rb:
|
8
8
|
|
9
|
-
config.action_mailer.default_url_options = { host: 'localhost:3000
|
9
|
+
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
|
10
10
|
|
11
11
|
In production, :host should be set to the actual host of your application.
|
12
12
|
|
@@ -0,0 +1,14 @@
|
|
1
|
+
===============================================================================
|
2
|
+
|
3
|
+
Some setup you must do manually if you haven't yet:
|
4
|
+
|
5
|
+
Ensure you have overridden routes for generated controllers in your routes.rb.
|
6
|
+
For example:
|
7
|
+
|
8
|
+
Rails.application.routes.draw do
|
9
|
+
devise_for :users, controllers: {
|
10
|
+
sessions: 'users/sessions'
|
11
|
+
}
|
12
|
+
end
|
13
|
+
|
14
|
+
===============================================================================
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController
|
2
|
+
# GET /resource/confirmation/new
|
3
|
+
# def new
|
4
|
+
# super
|
5
|
+
# end
|
6
|
+
|
7
|
+
# POST /resource/confirmation
|
8
|
+
# def create
|
9
|
+
# super
|
10
|
+
# end
|
11
|
+
|
12
|
+
# GET /resource/confirmation?confirmation_token=abcdef
|
13
|
+
# def show
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# protected
|
18
|
+
|
19
|
+
# The path used after resending confirmation instructions.
|
20
|
+
# def after_resending_confirmation_instructions_path_for(resource_name)
|
21
|
+
# super(resource_name)
|
22
|
+
# end
|
23
|
+
|
24
|
+
# The path used after confirmation.
|
25
|
+
# def after_confirmation_path_for(resource_name, resource)
|
26
|
+
# super(resource_name, resource)
|
27
|
+
# end
|
28
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
2
|
+
# You should configure your model like this:
|
3
|
+
# devise :omniauthable, omniauth_providers: [:twitter]
|
4
|
+
|
5
|
+
# You should also create an action method in this controller like this:
|
6
|
+
# def twitter
|
7
|
+
# end
|
8
|
+
|
9
|
+
# More info at:
|
10
|
+
# https://github.com/plataformatec/devise#omniauth
|
11
|
+
|
12
|
+
# GET|POST /resource/auth/twitter
|
13
|
+
# def passthru
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# GET|POST /users/auth/twitter/callback
|
18
|
+
# def failure
|
19
|
+
# super
|
20
|
+
# end
|
21
|
+
|
22
|
+
# protected
|
23
|
+
|
24
|
+
# The path used when OmniAuth fails
|
25
|
+
# def after_omniauth_failure_path_for(scope)
|
26
|
+
# super(scope)
|
27
|
+
# end
|
28
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController
|
2
|
+
# GET /resource/password/new
|
3
|
+
# def new
|
4
|
+
# super
|
5
|
+
# end
|
6
|
+
|
7
|
+
# POST /resource/password
|
8
|
+
# def create
|
9
|
+
# super
|
10
|
+
# end
|
11
|
+
|
12
|
+
# GET /resource/password/edit?reset_password_token=abcdef
|
13
|
+
# def edit
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# PUT /resource/password
|
18
|
+
# def update
|
19
|
+
# super
|
20
|
+
# end
|
21
|
+
|
22
|
+
# protected
|
23
|
+
|
24
|
+
# def after_resetting_password_path_for(resource)
|
25
|
+
# super(resource)
|
26
|
+
# end
|
27
|
+
|
28
|
+
# The path used after sending reset password instructions
|
29
|
+
# def after_sending_reset_password_instructions_path_for(resource_name)
|
30
|
+
# super(resource_name)
|
31
|
+
# end
|
32
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
|
2
|
+
# before_action :configure_sign_up_params, only: [:create]
|
3
|
+
# before_action :configure_account_update_params, only: [:update]
|
4
|
+
|
5
|
+
# GET /resource/sign_up
|
6
|
+
# def new
|
7
|
+
# super
|
8
|
+
# end
|
9
|
+
|
10
|
+
# POST /resource
|
11
|
+
# def create
|
12
|
+
# super
|
13
|
+
# end
|
14
|
+
|
15
|
+
# GET /resource/edit
|
16
|
+
# def edit
|
17
|
+
# super
|
18
|
+
# end
|
19
|
+
|
20
|
+
# PUT /resource
|
21
|
+
# def update
|
22
|
+
# super
|
23
|
+
# end
|
24
|
+
|
25
|
+
# DELETE /resource
|
26
|
+
# def destroy
|
27
|
+
# super
|
28
|
+
# end
|
29
|
+
|
30
|
+
# GET /resource/cancel
|
31
|
+
# Forces the session data which is usually expired after sign
|
32
|
+
# in to be expired now. This is useful if the user wants to
|
33
|
+
# cancel oauth signing in/up in the middle of the process,
|
34
|
+
# removing all OAuth session data.
|
35
|
+
# def cancel
|
36
|
+
# super
|
37
|
+
# end
|
38
|
+
|
39
|
+
# protected
|
40
|
+
|
41
|
+
# If you have extra params to permit, append them to the sanitizer.
|
42
|
+
# def configure_sign_up_params
|
43
|
+
# devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
|
44
|
+
# end
|
45
|
+
|
46
|
+
# If you have extra params to permit, append them to the sanitizer.
|
47
|
+
# def configure_account_update_params
|
48
|
+
# devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
|
49
|
+
# end
|
50
|
+
|
51
|
+
# The path used after sign up.
|
52
|
+
# def after_sign_up_path_for(resource)
|
53
|
+
# super(resource)
|
54
|
+
# end
|
55
|
+
|
56
|
+
# The path used after sign up for inactive accounts.
|
57
|
+
# def after_inactive_sign_up_path_for(resource)
|
58
|
+
# super(resource)
|
59
|
+
# end
|
60
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
class <%= @scope_prefix %>SessionsController < Devise::SessionsController
|
2
|
+
# before_action :configure_sign_in_params, only: [:create]
|
3
|
+
|
4
|
+
# GET /resource/sign_in
|
5
|
+
# def new
|
6
|
+
# super
|
7
|
+
# end
|
8
|
+
|
9
|
+
# POST /resource/sign_in
|
10
|
+
# def create
|
11
|
+
# super
|
12
|
+
# end
|
13
|
+
|
14
|
+
# DELETE /resource/sign_out
|
15
|
+
# def destroy
|
16
|
+
# super
|
17
|
+
# end
|
18
|
+
|
19
|
+
# protected
|
20
|
+
|
21
|
+
# If you have extra params to permit, append them to the sanitizer.
|
22
|
+
# def configure_sign_in_params
|
23
|
+
# devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
|
24
|
+
# end
|
25
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController
|
2
|
+
# GET /resource/unlock/new
|
3
|
+
# def new
|
4
|
+
# super
|
5
|
+
# end
|
6
|
+
|
7
|
+
# POST /resource/unlock
|
8
|
+
# def create
|
9
|
+
# super
|
10
|
+
# end
|
11
|
+
|
12
|
+
# GET /resource/unlock?unlock_token=abcdef
|
13
|
+
# def show
|
14
|
+
# super
|
15
|
+
# end
|
16
|
+
|
17
|
+
# protected
|
18
|
+
|
19
|
+
# The path used after sending unlock password instructions
|
20
|
+
# def after_sending_unlock_instructions_path_for(resource)
|
21
|
+
# super(resource)
|
22
|
+
# end
|
23
|
+
|
24
|
+
# The path used after unlocking the resource
|
25
|
+
# def after_unlock_path_for(resource)
|
26
|
+
# super(resource)
|
27
|
+
# end
|
28
|
+
end
|
@@ -4,11 +4,9 @@ Devise.setup do |config|
|
|
4
4
|
# The secret key used by Devise. Devise uses this key to generate
|
5
5
|
# random tokens. Changing this key will render invalid all existing
|
6
6
|
# confirmation, reset password and unlock tokens in the database.
|
7
|
-
|
7
|
+
# Devise will use the `secret_key_base` as its `secret_key`
|
8
|
+
# by default. You can change it below and use your own secret key.
|
8
9
|
# config.secret_key = '<%= SecureRandom.hex(64) %>'
|
9
|
-
<% else -%>
|
10
|
-
config.secret_key = '<%= SecureRandom.hex(64) %>'
|
11
|
-
<% end -%>
|
12
10
|
|
13
11
|
# ==> Mailer Configuration
|
14
12
|
# Configure the e-mail address which will be shown in Devise::Mailer,
|
@@ -19,6 +17,9 @@ Devise.setup do |config|
|
|
19
17
|
# Configure the class responsible to send e-mails.
|
20
18
|
# config.mailer = 'Devise::Mailer'
|
21
19
|
|
20
|
+
# Configure the parent class responsible to send e-mails.
|
21
|
+
# config.parent_mailer = 'ActionMailer::Base'
|
22
|
+
|
22
23
|
# ==> ORM configuration
|
23
24
|
# Load and configure the ORM. Supports :active_record (default) and
|
24
25
|
# :mongoid (bson_ext recommended) by default. Other ORMs may be
|
@@ -33,7 +34,7 @@ Devise.setup do |config|
|
|
33
34
|
# session. If you need permissions, you should implement that in a before filter.
|
34
35
|
# You can also supply a hash where the value is a boolean determining whether
|
35
36
|
# or not authentication should be aborted when the value is not present.
|
36
|
-
# config.authentication_keys = [
|
37
|
+
# config.authentication_keys = [:email]
|
37
38
|
|
38
39
|
# Configure parameters from the request object used for authentication. Each entry
|
39
40
|
# given should be a request method and it will automatically be passed to the
|
@@ -45,12 +46,12 @@ Devise.setup do |config|
|
|
45
46
|
# Configure which authentication keys should be case-insensitive.
|
46
47
|
# These keys will be downcased upon creating or modifying a user and when used
|
47
48
|
# to authenticate or find a user. Default is :email.
|
48
|
-
config.case_insensitive_keys = [
|
49
|
+
config.case_insensitive_keys = [:email]
|
49
50
|
|
50
51
|
# Configure which authentication keys should have whitespace stripped.
|
51
52
|
# These keys will have whitespace before and after removed upon creating or
|
52
53
|
# modifying a user and when used to authenticate or find a user. Default is :email.
|
53
|
-
config.strip_whitespace_keys = [
|
54
|
+
config.strip_whitespace_keys = [:email]
|
54
55
|
|
55
56
|
# Tell if authentication through request.params is enabled. True by default.
|
56
57
|
# It can be set to an array that will enable params authentication only for the
|
@@ -65,7 +66,7 @@ Devise.setup do |config|
|
|
65
66
|
# :database = Support basic authentication with authentication key + password
|
66
67
|
# config.http_authenticatable = false
|
67
68
|
|
68
|
-
# If
|
69
|
+
# If 401 status code should be returned for AJAX requests. True by default.
|
69
70
|
# config.http_authenticatable_on_xhr = true
|
70
71
|
|
71
72
|
# The realm used in Http Basic Authentication. 'Application' by default.
|
@@ -90,19 +91,22 @@ Devise.setup do |config|
|
|
90
91
|
# config.clean_up_csrf_token_on_authentication = true
|
91
92
|
|
92
93
|
# ==> Configuration for :database_authenticatable
|
93
|
-
# For bcrypt, this is the cost for hashing the password and defaults to
|
94
|
-
# using other
|
94
|
+
# For bcrypt, this is the cost for hashing the password and defaults to 11. If
|
95
|
+
# using other algorithms, it sets how many times you want the password to be hashed.
|
95
96
|
#
|
96
97
|
# Limiting the stretches to just one in testing will increase the performance of
|
97
98
|
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
|
98
99
|
# a value less than 10 in other environments. Note that, for bcrypt (the default
|
99
|
-
#
|
100
|
+
# algorithm), the cost increases exponentially with the number of stretches (e.g.
|
100
101
|
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
|
101
|
-
config.stretches = Rails.env.test? ? 1 :
|
102
|
+
config.stretches = Rails.env.test? ? 1 : 11
|
102
103
|
|
103
|
-
#
|
104
|
+
# Set up a pepper to generate the hashed password.
|
104
105
|
# config.pepper = '<%= SecureRandom.hex(64) %>'
|
105
106
|
|
107
|
+
# Send a notification email when the user's password is changed
|
108
|
+
# config.send_password_change_notification = false
|
109
|
+
|
106
110
|
# ==> Configuration for :confirmable
|
107
111
|
# A period that the user is allowed to access the website even without
|
108
112
|
# confirming their account. For instance, if set to 2.days, the user will be
|
@@ -126,12 +130,15 @@ Devise.setup do |config|
|
|
126
130
|
config.reconfirmable = true
|
127
131
|
|
128
132
|
# Defines which key will be used when confirming an account
|
129
|
-
# config.confirmation_keys = [
|
133
|
+
# config.confirmation_keys = [:email]
|
130
134
|
|
131
135
|
# ==> Configuration for :rememberable
|
132
136
|
# The time the user will be remembered without asking for credentials again.
|
133
137
|
# config.remember_for = 2.weeks
|
134
138
|
|
139
|
+
# Invalidates all the remember me tokens when the user signs out.
|
140
|
+
config.expire_all_remember_me_on_sign_out = true
|
141
|
+
|
135
142
|
# If true, extends the user's remember period when remembered via cookie.
|
136
143
|
# config.extend_remember_period = false
|
137
144
|
|
@@ -141,21 +148,18 @@ Devise.setup do |config|
|
|
141
148
|
|
142
149
|
# ==> Configuration for :validatable
|
143
150
|
# Range for password length.
|
144
|
-
config.password_length =
|
151
|
+
config.password_length = 6..128
|
145
152
|
|
146
153
|
# Email regex used to validate email formats. It simply asserts that
|
147
154
|
# one (and only one) @ exists in the given string. This is mainly
|
148
155
|
# to give user feedback and not to assert the e-mail validity.
|
149
|
-
|
156
|
+
config.email_regexp = /\A[^@]+@[^@]+\z/
|
150
157
|
|
151
158
|
# ==> Configuration for :timeoutable
|
152
159
|
# The time you want to timeout the user session without activity. After this
|
153
160
|
# time the user will be asked for credentials again. Default is 30 minutes.
|
154
161
|
# config.timeout_in = 30.minutes
|
155
162
|
|
156
|
-
# If true, expires auth token on session timeout.
|
157
|
-
# config.expire_auth_token_on_timeout = false
|
158
|
-
|
159
163
|
# ==> Configuration for :lockable
|
160
164
|
# Defines which strategy will be used to lock an account.
|
161
165
|
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
@@ -163,7 +167,7 @@ Devise.setup do |config|
|
|
163
167
|
# config.lock_strategy = :failed_attempts
|
164
168
|
|
165
169
|
# Defines which key will be used when locking and unlocking an account
|
166
|
-
# config.unlock_keys = [
|
170
|
+
# config.unlock_keys = [:email]
|
167
171
|
|
168
172
|
# Defines which strategy will be used to unlock an account.
|
169
173
|
# :email = Sends an unlock link to the user email
|
@@ -180,24 +184,28 @@ Devise.setup do |config|
|
|
180
184
|
# config.unlock_in = 1.hour
|
181
185
|
|
182
186
|
# Warn on the last attempt before the account is locked.
|
183
|
-
# config.last_attempt_warning =
|
187
|
+
# config.last_attempt_warning = true
|
184
188
|
|
185
189
|
# ==> Configuration for :recoverable
|
186
190
|
#
|
187
191
|
# Defines which key will be used when recovering the password for an account
|
188
|
-
# config.reset_password_keys = [
|
192
|
+
# config.reset_password_keys = [:email]
|
189
193
|
|
190
194
|
# Time interval you can reset your password with a reset password key.
|
191
195
|
# Don't put a too small interval or your users won't have the time to
|
192
196
|
# change their passwords.
|
193
197
|
config.reset_password_within = 6.hours
|
194
198
|
|
199
|
+
# When set to false, does not sign a user in automatically after their password is
|
200
|
+
# reset. Defaults to true, so a user is signed in automatically after a reset.
|
201
|
+
# config.sign_in_after_reset_password = true
|
202
|
+
|
195
203
|
# ==> Configuration for :encryptable
|
196
|
-
# Allow you to use another encryption algorithm besides bcrypt (default).
|
197
|
-
# :sha1, :sha512 or
|
198
|
-
# :authlogic_sha512 (then you should set stretches above to 20
|
199
|
-
# and :restful_authentication_sha1 (then you should set
|
200
|
-
# REST_AUTH_SITE_KEY to pepper).
|
204
|
+
# Allow you to use another hashing or encryption algorithm besides bcrypt (default).
|
205
|
+
# You can use :sha1, :sha512 or algorithms from others authentication tools as
|
206
|
+
# :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
|
207
|
+
# for default behavior) and :restful_authentication_sha1 (then you should set
|
208
|
+
# stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
|
201
209
|
#
|
202
210
|
# Require the `devise-encryptable` gem when using anything other than bcrypt
|
203
211
|
# config.encryptor = :sha512
|
@@ -254,7 +262,7 @@ Devise.setup do |config|
|
|
254
262
|
# The router that invoked `devise_for`, in the example above, would be:
|
255
263
|
# config.router_name = :my_engine
|
256
264
|
#
|
257
|
-
# When using
|
265
|
+
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
|
258
266
|
# so you need to do it manually. For the users scope, it would be:
|
259
267
|
# config.omniauth_path_prefix = '/my_engine/users/auth'
|
260
268
|
end
|
@@ -2,7 +2,7 @@ Hello <%= @resource.email %>!
|
|
2
2
|
|
3
3
|
Someone has requested a link to change your password, and you can do this through the link below.
|
4
4
|
|
5
|
-
|
5
|
+
[Change my password](<%= edit_password_url(@resource, reset_password_token: @token) %>)
|
6
6
|
|
7
7
|
If you didn't request this, please ignore this email.
|
8
8
|
Your password won't change until you access the link above and create a new one.
|
@@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in
|
|
4
4
|
|
5
5
|
Click the link below to unlock your account:
|
6
6
|
|
7
|
-
|
7
|
+
[Unlock my account](<%= unlock_url(@resource, unlock_token: @token) %>)
|
@@ -7,7 +7,7 @@
|
|
7
7
|
<%= f.full_error :reset_password_token %>
|
8
8
|
|
9
9
|
<div class="form-inputs">
|
10
|
-
<%= f.input :password, label: "New password", required: true, autofocus: true %>
|
10
|
+
<%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %>
|
11
11
|
<%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
|
12
12
|
</div>
|
13
13
|
|
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
<div class="form-inputs">
|
7
7
|
<%= f.input :email, required: true, autofocus: true %>
|
8
|
-
<%= f.input :password, required: true %>
|
8
|
+
<%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %>
|
9
9
|
<%= f.input :password_confirmation, required: true %>
|
10
10
|
</div>
|
11
11
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
<h2>
|
1
|
+
<h2>Log in</h2>
|
2
2
|
|
3
3
|
<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
|
4
4
|
<div class="form-inputs">
|
@@ -8,7 +8,7 @@
|
|
8
8
|
</div>
|
9
9
|
|
10
10
|
<div class="form-actions">
|
11
|
-
<%= f.button :submit, "
|
11
|
+
<%= f.button :submit, "Log in" %>
|
12
12
|
</div>
|
13
13
|
<% end %>
|
14
14
|
|
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class CustomRegistrationsControllerTest < Devise::ControllerTestCase
|
4
|
+
tests Custom::RegistrationsController
|
5
|
+
|
6
|
+
include Devise::TestHelpers
|
7
|
+
|
8
|
+
setup do
|
9
|
+
request.env["devise.mapping"] = Devise.mappings[:user]
|
10
|
+
@password = 'password'
|
11
|
+
@user = create_user(password: @password, password_confirmation: @password).tap(&:confirm)
|
12
|
+
end
|
13
|
+
|
14
|
+
test "yield resource to block on create success" do
|
15
|
+
post :create, params: { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
|
16
|
+
assert @controller.create_block_called?, "create failed to yield resource to provided block"
|
17
|
+
end
|
18
|
+
|
19
|
+
test "yield resource to block on create failure" do
|
20
|
+
post :create, params: { user: { } }
|
21
|
+
assert @controller.create_block_called?, "create failed to yield resource to provided block"
|
22
|
+
end
|
23
|
+
|
24
|
+
test "yield resource to block on update success" do
|
25
|
+
sign_in @user
|
26
|
+
put :update, params: { user: { current_password: @password } }
|
27
|
+
assert @controller.update_block_called?, "update failed to yield resource to provided block"
|
28
|
+
end
|
29
|
+
|
30
|
+
test "yield resource to block on update failure" do
|
31
|
+
sign_in @user
|
32
|
+
put :update, params: { user: { } }
|
33
|
+
assert @controller.update_block_called?, "update failed to yield resource to provided block"
|
34
|
+
end
|
35
|
+
|
36
|
+
test "yield resource to block on new" do
|
37
|
+
get :new
|
38
|
+
assert @controller.new_block_called?, "new failed to yield resource to provided block"
|
39
|
+
end
|
40
|
+
end
|
@@ -24,7 +24,7 @@ class CustomStrategy < Warden::Strategies::Base
|
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
-
class CustomStrategyTest <
|
27
|
+
class CustomStrategyTest < Devise::ControllerTestCase
|
28
28
|
tests CustomStrategyController
|
29
29
|
|
30
30
|
include Devise::TestHelpers
|
@@ -41,8 +41,9 @@ class CustomStrategyTest < ActionController::TestCase
|
|
41
41
|
ret = get :new
|
42
42
|
|
43
43
|
# check the returned rack array
|
44
|
-
assert ret.is_a?(Array)
|
45
|
-
assert_equal 400, ret.first
|
44
|
+
# assert ret.is_a?(Array)
|
45
|
+
# assert_equal 400, ret.first
|
46
|
+
assert ret.is_a?(ActionDispatch::TestResponse)
|
46
47
|
|
47
48
|
# check the saved response as well. This is purely so that the response is available to the testing framework
|
48
49
|
# for verification. In production, the above array would be delivered directly to Rack.
|
@@ -53,8 +54,9 @@ class CustomStrategyTest < ActionController::TestCase
|
|
53
54
|
ret = get :new
|
54
55
|
|
55
56
|
# check the returned rack array
|
56
|
-
assert ret.is_a?(Array)
|
57
|
-
assert_equal ret.third['X-FOO'], 'BAR'
|
57
|
+
# assert ret.is_a?(Array)
|
58
|
+
# assert_equal ret.third['X-FOO'], 'BAR'
|
59
|
+
assert ret.is_a?(ActionDispatch::TestResponse)
|
58
60
|
|
59
61
|
# check the saved response headers as well.
|
60
62
|
assert_equal response.headers['X-FOO'], 'BAR'
|