devise 3.2.4 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.gitignore +0 -1
- data/.travis.yml +33 -17
- data/CHANGELOG.md +57 -1033
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +5 -5
- data/Gemfile.lock +138 -115
- data/MIT-LICENSE +1 -1
- data/README.md +124 -65
- data/Rakefile +2 -1
- data/app/controllers/devise/confirmations_controller.rb +7 -3
- data/app/controllers/devise/omniauth_callbacks_controller.rb +8 -4
- data/app/controllers/devise/passwords_controller.rb +16 -6
- data/app/controllers/devise/registrations_controller.rb +22 -10
- data/app/controllers/devise/sessions_controller.rb +42 -14
- data/app/controllers/devise/unlocks_controller.rb +5 -2
- data/app/controllers/devise_controller.rb +63 -29
- data/app/mailers/devise/mailer.rb +4 -0
- data/app/views/devise/confirmations/new.html.erb +7 -3
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/passwords/edit.html.erb +14 -5
- data/app/views/devise/passwords/new.html.erb +7 -3
- data/app/views/devise/registrations/edit.html.erb +19 -9
- data/app/views/devise/registrations/new.html.erb +18 -7
- data/app/views/devise/sessions/new.html.erb +16 -7
- data/app/views/devise/shared/{_links.erb → _links.html.erb} +2 -2
- data/app/views/devise/unlocks/new.html.erb +7 -3
- data/bin/test +13 -0
- data/config/locales/en.yml +19 -16
- data/devise.gemspec +3 -4
- data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-4.1-stable} +6 -6
- data/gemfiles/Gemfile.rails-4.1-stable.lock +167 -0
- data/gemfiles/{Gemfile.rails-head → Gemfile.rails-4.2-stable} +6 -6
- data/gemfiles/Gemfile.rails-4.2-stable.lock +189 -0
- data/gemfiles/Gemfile.rails-5.0-beta +37 -0
- data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
- data/lib/devise/controllers/helpers.rb +94 -27
- data/lib/devise/controllers/rememberable.rb +9 -2
- data/lib/devise/controllers/sign_in_out.rb +2 -9
- data/lib/devise/controllers/store_location.rb +11 -3
- data/lib/devise/controllers/url_helpers.rb +7 -7
- data/lib/devise/encryptor.rb +22 -0
- data/lib/devise/failure_app.rb +72 -23
- data/lib/devise/hooks/activatable.rb +3 -4
- data/lib/devise/hooks/csrf_cleaner.rb +3 -1
- data/lib/devise/hooks/timeoutable.rb +13 -8
- data/lib/devise/mailers/helpers.rb +1 -1
- data/lib/devise/mapping.rb +6 -2
- data/lib/devise/models/authenticatable.rb +32 -28
- data/lib/devise/models/confirmable.rb +55 -22
- data/lib/devise/models/database_authenticatable.rb +32 -19
- data/lib/devise/models/lockable.rb +5 -5
- data/lib/devise/models/recoverable.rb +44 -20
- data/lib/devise/models/rememberable.rb +54 -27
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/models/trackable.rb +5 -3
- data/lib/devise/models/validatable.rb +3 -3
- data/lib/devise/models.rb +1 -1
- data/lib/devise/omniauth/url_helpers.rb +62 -4
- data/lib/devise/parameter_sanitizer.rb +176 -61
- data/lib/devise/rails/routes.rb +76 -59
- data/lib/devise/rails/warden_compat.rb +1 -10
- data/lib/devise/rails.rb +2 -11
- data/lib/devise/strategies/authenticatable.rb +15 -6
- data/lib/devise/strategies/database_authenticatable.rb +5 -4
- data/lib/devise/strategies/rememberable.rb +13 -3
- data/lib/devise/test_helpers.rb +12 -7
- data/lib/devise/token_generator.rb +1 -41
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +150 -58
- data/lib/generators/active_record/devise_generator.rb +28 -4
- data/lib/generators/active_record/templates/migration.rb +3 -3
- data/lib/generators/active_record/templates/migration_existing.rb +3 -3
- data/lib/generators/devise/controllers_generator.rb +44 -0
- data/lib/generators/devise/install_generator.rb +15 -0
- data/lib/generators/devise/orm_helpers.rb +1 -18
- data/lib/generators/devise/views_generator.rb +14 -3
- data/lib/generators/templates/README +1 -1
- data/lib/generators/templates/controllers/README +14 -0
- data/lib/generators/templates/controllers/confirmations_controller.rb +28 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +28 -0
- data/lib/generators/templates/controllers/passwords_controller.rb +32 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +60 -0
- data/lib/generators/templates/controllers/sessions_controller.rb +25 -0
- data/lib/generators/templates/controllers/unlocks_controller.rb +28 -0
- data/lib/generators/templates/devise.rb +36 -28
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +1 -1
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +2 -2
- data/test/controllers/custom_registrations_controller_test.rb +40 -0
- data/test/controllers/custom_strategy_test.rb +7 -5
- data/test/controllers/helper_methods_test.rb +22 -0
- data/test/controllers/helpers_test.rb +41 -1
- data/test/controllers/inherited_controller_i18n_messages_test.rb +51 -0
- data/test/controllers/internal_helpers_test.rb +19 -15
- data/test/controllers/load_hooks_controller_test.rb +19 -0
- data/test/controllers/passwords_controller_test.rb +5 -4
- data/test/controllers/sessions_controller_test.rb +24 -21
- data/test/controllers/url_helpers_test.rb +7 -1
- data/test/devise_test.rb +48 -8
- data/test/failure_app_test.rb +107 -19
- data/test/generators/active_record_generator_test.rb +6 -26
- data/test/generators/controllers_generator_test.rb +48 -0
- data/test/generators/install_generator_test.rb +14 -3
- data/test/generators/views_generator_test.rb +8 -1
- data/test/helpers/devise_helper_test.rb +10 -12
- data/test/integration/authenticatable_test.rb +37 -21
- data/test/integration/confirmable_test.rb +54 -14
- data/test/integration/database_authenticatable_test.rb +12 -1
- data/test/integration/http_authenticatable_test.rb +4 -5
- data/test/integration/lockable_test.rb +10 -9
- data/test/integration/omniauthable_test.rb +13 -11
- data/test/integration/recoverable_test.rb +28 -15
- data/test/integration/registerable_test.rb +41 -33
- data/test/integration/rememberable_test.rb +51 -7
- data/test/integration/timeoutable_test.rb +23 -22
- data/test/integration/trackable_test.rb +3 -3
- data/test/mailers/confirmation_instructions_test.rb +10 -10
- data/test/mailers/reset_password_instructions_test.rb +8 -8
- data/test/mailers/unlock_instructions_test.rb +8 -8
- data/test/mapping_test.rb +7 -0
- data/test/models/authenticatable_test.rb +11 -1
- data/test/models/confirmable_test.rb +91 -42
- data/test/models/database_authenticatable_test.rb +26 -6
- data/test/models/lockable_test.rb +29 -17
- data/test/models/recoverable_test.rb +74 -7
- data/test/models/rememberable_test.rb +68 -94
- data/test/models/trackable_test.rb +28 -0
- data/test/models/validatable_test.rb +9 -17
- data/test/models_test.rb +15 -6
- data/test/omniauth/url_helpers_test.rb +4 -7
- data/test/orm/active_record.rb +6 -1
- data/test/parameter_sanitizer_test.rb +103 -53
- data/test/rails_app/app/active_record/user.rb +1 -0
- data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins_controller.rb +1 -6
- data/test/rails_app/app/controllers/application_controller.rb +5 -2
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +31 -0
- data/test/rails_app/app/controllers/home_controller.rb +5 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +3 -3
- data/test/rails_app/app/controllers/users_controller.rb +6 -6
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +3 -0
- data/test/rails_app/app/mailers/users/mailer.rb +0 -9
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +4 -0
- data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/config/application.rb +3 -3
- data/test/rails_app/config/boot.rb +4 -4
- data/test/rails_app/config/environments/production.rb +6 -2
- data/test/rails_app/config/environments/test.rb +13 -3
- data/test/rails_app/config/initializers/devise.rb +15 -16
- data/test/rails_app/config/initializers/secret_token.rb +1 -6
- data/test/rails_app/config/routes.rb +23 -3
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +2 -2
- data/test/rails_app/lib/shared_user.rb +1 -1
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
- data/test/rails_test.rb +9 -0
- data/test/routes_test.rb +33 -16
- data/test/support/assertions.rb +2 -3
- data/test/support/helpers.rb +13 -6
- data/test/support/http_method_compatibility.rb +51 -0
- data/test/support/integration.rb +4 -4
- data/test/support/webrat/integrations/rails.rb +9 -0
- data/test/test_helper.rb +7 -0
- data/test/test_helpers_test.rb +43 -38
- data/test/test_models.rb +3 -3
- metadata +77 -23
- data/gemfiles/Gemfile.rails-4.0-stable +0 -29
|
@@ -7,7 +7,7 @@ module Devise
|
|
|
7
7
|
# blocked: email and time. The former will send an email to the user when
|
|
8
8
|
# the lock happens, containing a link to unlock its account. The second
|
|
9
9
|
# will unlock the user automatically after some configured time (ie 2.hours).
|
|
10
|
-
# It's also possible to
|
|
10
|
+
# It's also possible to set up lockable to use both email and time strategies.
|
|
11
11
|
#
|
|
12
12
|
# == Options
|
|
13
13
|
#
|
|
@@ -115,10 +115,10 @@ module Devise
|
|
|
115
115
|
# leaks the existence of an account.
|
|
116
116
|
if Devise.paranoid
|
|
117
117
|
super
|
|
118
|
-
elsif lock_strategy_enabled?(:failed_attempts) &&
|
|
119
|
-
:last_attempt
|
|
120
|
-
elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
|
|
118
|
+
elsif access_locked? || (lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?)
|
|
121
119
|
:locked
|
|
120
|
+
elsif lock_strategy_enabled?(:failed_attempts) && last_attempt? && self.class.last_attempt_warning
|
|
121
|
+
:last_attempt
|
|
122
122
|
else
|
|
123
123
|
super
|
|
124
124
|
end
|
|
@@ -189,7 +189,7 @@ module Devise
|
|
|
189
189
|
self.lock_strategy == strategy
|
|
190
190
|
end
|
|
191
191
|
|
|
192
|
-
Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys)
|
|
192
|
+
Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys, :last_attempt_warning)
|
|
193
193
|
end
|
|
194
194
|
end
|
|
195
195
|
end
|
|
@@ -8,15 +8,13 @@ module Devise
|
|
|
8
8
|
# Recoverable adds the following options to devise_for:
|
|
9
9
|
#
|
|
10
10
|
# * +reset_password_keys+: the keys you want to use when recovering the password for an account
|
|
11
|
+
# * +reset_password_within+: the time period within which the password must be reset or the token expires.
|
|
12
|
+
# * +sign_in_after_reset_password+: whether or not to sign in the user automatically after a password reset.
|
|
11
13
|
#
|
|
12
14
|
# == Examples
|
|
13
15
|
#
|
|
14
16
|
# # resets the user password and save the record, true if valid passwords are given, otherwise false
|
|
15
|
-
# User.find(1).reset_password
|
|
16
|
-
#
|
|
17
|
-
# # only resets the user password, without saving the record
|
|
18
|
-
# user = User.find(1)
|
|
19
|
-
# user.reset_password('password123', 'password123')
|
|
17
|
+
# User.find(1).reset_password('password123', 'password123')
|
|
20
18
|
#
|
|
21
19
|
# # creates a new token and send it with instructions about how to reset the password
|
|
22
20
|
# User.find(1).send_reset_password_instructions
|
|
@@ -28,31 +26,40 @@ module Devise
|
|
|
28
26
|
[:reset_password_sent_at, :reset_password_token]
|
|
29
27
|
end
|
|
30
28
|
|
|
29
|
+
included do
|
|
30
|
+
before_update do
|
|
31
|
+
if (respond_to?(:email_changed?) && email_changed?) || encrypted_password_changed?
|
|
32
|
+
clear_reset_password_token
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
31
37
|
# Update password saving the record and clearing token. Returns true if
|
|
32
38
|
# the passwords are valid and the record was saved, false otherwise.
|
|
33
|
-
def reset_password
|
|
39
|
+
def reset_password(new_password, new_password_confirmation)
|
|
34
40
|
self.password = new_password
|
|
35
41
|
self.password_confirmation = new_password_confirmation
|
|
36
42
|
|
|
37
|
-
if valid?
|
|
38
|
-
|
|
43
|
+
if respond_to?(:after_password_reset) && valid?
|
|
44
|
+
ActiveSupport::Deprecation.warn "after_password_reset is deprecated"
|
|
39
45
|
after_password_reset
|
|
40
46
|
end
|
|
41
47
|
|
|
42
48
|
save
|
|
43
49
|
end
|
|
44
50
|
|
|
51
|
+
def reset_password!(new_password, new_password_confirmation)
|
|
52
|
+
ActiveSupport::Deprecation.warn "reset_password! is deprecated in favor of reset_password"
|
|
53
|
+
reset_password(new_password, new_password_confirmation)
|
|
54
|
+
end
|
|
55
|
+
|
|
45
56
|
# Resets reset password token and send reset password instructions by email.
|
|
46
57
|
# Returns the token sent in the e-mail.
|
|
47
58
|
def send_reset_password_instructions
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
self.reset_password_token = enc
|
|
51
|
-
self.reset_password_sent_at = Time.now.utc
|
|
52
|
-
self.save(validate: false)
|
|
59
|
+
token = set_reset_password_token
|
|
60
|
+
send_reset_password_instructions_notification(token)
|
|
53
61
|
|
|
54
|
-
|
|
55
|
-
raw
|
|
62
|
+
token
|
|
56
63
|
end
|
|
57
64
|
|
|
58
65
|
# Checks if the reset password token sent is within the limit time.
|
|
@@ -76,7 +83,7 @@ module Devise
|
|
|
76
83
|
# reset_password_period_valid? # will always return false
|
|
77
84
|
#
|
|
78
85
|
def reset_password_period_valid?
|
|
79
|
-
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
|
|
86
|
+
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago.utc
|
|
80
87
|
end
|
|
81
88
|
|
|
82
89
|
protected
|
|
@@ -87,10 +94,27 @@ module Devise
|
|
|
87
94
|
self.reset_password_sent_at = nil
|
|
88
95
|
end
|
|
89
96
|
|
|
90
|
-
def
|
|
97
|
+
def set_reset_password_token
|
|
98
|
+
raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
|
|
99
|
+
|
|
100
|
+
self.reset_password_token = enc
|
|
101
|
+
self.reset_password_sent_at = Time.now.utc
|
|
102
|
+
self.save(validate: false)
|
|
103
|
+
raw
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
def send_reset_password_instructions_notification(token)
|
|
107
|
+
send_devise_notification(:reset_password_instructions, token, {})
|
|
91
108
|
end
|
|
92
109
|
|
|
93
110
|
module ClassMethods
|
|
111
|
+
# Attempt to find a user by password reset token. If a user is found, return it
|
|
112
|
+
# If a user is not found, return nil
|
|
113
|
+
def with_reset_password_token(token)
|
|
114
|
+
reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token)
|
|
115
|
+
to_adapter.find_first(reset_password_token: reset_password_token)
|
|
116
|
+
end
|
|
117
|
+
|
|
94
118
|
# Attempt to find a user by its email. If a record is found, send new
|
|
95
119
|
# password instructions to it. If user is not found, returns a new user
|
|
96
120
|
# with an email not found error.
|
|
@@ -114,17 +138,17 @@ module Devise
|
|
|
114
138
|
|
|
115
139
|
if recoverable.persisted?
|
|
116
140
|
if recoverable.reset_password_period_valid?
|
|
117
|
-
recoverable.reset_password
|
|
141
|
+
recoverable.reset_password(attributes[:password], attributes[:password_confirmation])
|
|
118
142
|
else
|
|
119
143
|
recoverable.errors.add(:reset_password_token, :expired)
|
|
120
144
|
end
|
|
121
145
|
end
|
|
122
146
|
|
|
123
|
-
recoverable.reset_password_token = original_token
|
|
147
|
+
recoverable.reset_password_token = original_token if recoverable.reset_password_token.present?
|
|
124
148
|
recoverable
|
|
125
149
|
end
|
|
126
150
|
|
|
127
|
-
Devise::Models.config(self, :reset_password_keys, :reset_password_within)
|
|
151
|
+
Devise::Models.config(self, :reset_password_keys, :reset_password_within, :sign_in_after_reset_password)
|
|
128
152
|
end
|
|
129
153
|
end
|
|
130
154
|
end
|
|
@@ -39,17 +39,15 @@ module Devise
|
|
|
39
39
|
module Rememberable
|
|
40
40
|
extend ActiveSupport::Concern
|
|
41
41
|
|
|
42
|
-
attr_accessor :remember_me
|
|
42
|
+
attr_accessor :remember_me
|
|
43
43
|
|
|
44
44
|
def self.required_fields(klass)
|
|
45
45
|
[:remember_created_at]
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
self.remember_token = self.class.remember_token if generate_remember_token?
|
|
52
|
-
self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
|
|
48
|
+
def remember_me!
|
|
49
|
+
self.remember_token = self.class.remember_token if respond_to?(:remember_token)
|
|
50
|
+
self.remember_created_at ||= Time.now.utc
|
|
53
51
|
save(validate: false) if self.changed?
|
|
54
52
|
end
|
|
55
53
|
|
|
@@ -57,25 +55,23 @@ module Devise
|
|
|
57
55
|
# it exists), and save the record without validations.
|
|
58
56
|
def forget_me!
|
|
59
57
|
return unless persisted?
|
|
60
|
-
self.remember_token = nil if respond_to?(:remember_token
|
|
61
|
-
self.remember_created_at = nil
|
|
58
|
+
self.remember_token = nil if respond_to?(:remember_token)
|
|
59
|
+
self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
|
|
62
60
|
save(validate: false)
|
|
63
61
|
end
|
|
64
62
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
|
|
63
|
+
def remember_expires_at
|
|
64
|
+
self.class.remember_for.from_now
|
|
68
65
|
end
|
|
69
66
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
remember_created_at + self.class.remember_for
|
|
67
|
+
def extend_remember_period
|
|
68
|
+
self.class.extend_remember_period
|
|
73
69
|
end
|
|
74
70
|
|
|
75
71
|
def rememberable_value
|
|
76
72
|
if respond_to?(:remember_token)
|
|
77
73
|
remember_token
|
|
78
|
-
elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt)
|
|
74
|
+
elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt.presence)
|
|
79
75
|
salt
|
|
80
76
|
else
|
|
81
77
|
raise "authenticable_salt returned nil for the #{self.class.name} model. " \
|
|
@@ -89,29 +85,60 @@ module Devise
|
|
|
89
85
|
self.class.rememberable_options
|
|
90
86
|
end
|
|
91
87
|
|
|
92
|
-
|
|
88
|
+
# A callback initiated after successfully being remembered. This can be
|
|
89
|
+
# used to insert your own logic that is only run after the user is
|
|
90
|
+
# remembered.
|
|
91
|
+
#
|
|
92
|
+
# Example:
|
|
93
|
+
#
|
|
94
|
+
# def after_remembered
|
|
95
|
+
# self.update_attribute(:invite_code, nil)
|
|
96
|
+
# end
|
|
97
|
+
#
|
|
98
|
+
def after_remembered
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def remember_me?(token, generated_at)
|
|
102
|
+
# TODO: Normalize the JSON type coercion along with the Timeoutable hook
|
|
103
|
+
# in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
|
|
104
|
+
if generated_at.is_a?(String)
|
|
105
|
+
generated_at = time_from_json(generated_at)
|
|
106
|
+
end
|
|
93
107
|
|
|
94
|
-
|
|
95
|
-
|
|
108
|
+
# The token is only valid if:
|
|
109
|
+
# 1. we have a date
|
|
110
|
+
# 2. the current time does not pass the expiry period
|
|
111
|
+
# 3. the record has a remember_created_at date
|
|
112
|
+
# 4. the token date is bigger than the remember_created_at
|
|
113
|
+
# 5. the token matches
|
|
114
|
+
generated_at.is_a?(Time) &&
|
|
115
|
+
(self.class.remember_for.ago < generated_at) &&
|
|
116
|
+
(generated_at > (remember_created_at || Time.now).utc) &&
|
|
117
|
+
Devise.secure_compare(rememberable_value, token)
|
|
96
118
|
end
|
|
97
119
|
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
def
|
|
101
|
-
|
|
120
|
+
private
|
|
121
|
+
|
|
122
|
+
def time_from_json(value)
|
|
123
|
+
if value =~ /\A\d+\.\d+\Z/
|
|
124
|
+
Time.at(value.to_f)
|
|
125
|
+
else
|
|
126
|
+
Time.parse(value) rescue nil
|
|
127
|
+
end
|
|
102
128
|
end
|
|
103
129
|
|
|
104
130
|
module ClassMethods
|
|
105
131
|
# Create the cookie key using the record id and remember_token
|
|
106
132
|
def serialize_into_cookie(record)
|
|
107
|
-
[record.to_key, record.rememberable_value]
|
|
133
|
+
[record.to_key, record.rememberable_value, Time.now.utc.to_f.to_s]
|
|
108
134
|
end
|
|
109
135
|
|
|
110
136
|
# Recreate the user based on the stored cookie
|
|
111
|
-
def serialize_from_cookie(
|
|
137
|
+
def serialize_from_cookie(*args)
|
|
138
|
+
id, token, generated_at = *args
|
|
139
|
+
|
|
112
140
|
record = to_adapter.get(id)
|
|
113
|
-
record if record &&
|
|
114
|
-
Devise.secure_compare(record.rememberable_value, remember_token)
|
|
141
|
+
record if record && record.remember_me?(token, generated_at)
|
|
115
142
|
end
|
|
116
143
|
|
|
117
144
|
# Generate a token checking if one does not already exist in the database.
|
|
@@ -122,7 +149,7 @@ module Devise
|
|
|
122
149
|
end
|
|
123
150
|
end
|
|
124
151
|
|
|
125
|
-
Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options)
|
|
152
|
+
Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out)
|
|
126
153
|
end
|
|
127
154
|
end
|
|
128
155
|
end
|
|
@@ -26,7 +26,6 @@ module Devise
|
|
|
26
26
|
|
|
27
27
|
# Checks whether the user session has expired based on configured time.
|
|
28
28
|
def timedout?(last_access)
|
|
29
|
-
return false if remember_exists_and_not_expired?
|
|
30
29
|
!timeout_in.nil? && last_access && last_access <= timeout_in.ago
|
|
31
30
|
end
|
|
32
31
|
|
|
@@ -36,11 +35,6 @@ module Devise
|
|
|
36
35
|
|
|
37
36
|
private
|
|
38
37
|
|
|
39
|
-
def remember_exists_and_not_expired?
|
|
40
|
-
return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?)
|
|
41
|
-
remember_created_at && !remember_expired?
|
|
42
|
-
end
|
|
43
|
-
|
|
44
38
|
module ClassMethods
|
|
45
39
|
Devise::Models.config(self, :timeout_in)
|
|
46
40
|
end
|
|
@@ -15,7 +15,7 @@ module Devise
|
|
|
15
15
|
[:current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count]
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def update_tracked_fields
|
|
18
|
+
def update_tracked_fields(request)
|
|
19
19
|
old_current, new_current = self.current_sign_in_at, Time.now.utc
|
|
20
20
|
self.last_sign_in_at = old_current || new_current
|
|
21
21
|
self.current_sign_in_at = new_current
|
|
@@ -26,9 +26,11 @@ module Devise
|
|
|
26
26
|
|
|
27
27
|
self.sign_in_count ||= 0
|
|
28
28
|
self.sign_in_count += 1
|
|
29
|
+
end
|
|
29
30
|
|
|
30
|
-
|
|
31
|
-
|
|
31
|
+
def update_tracked_fields!(request)
|
|
32
|
+
update_tracked_fields(request)
|
|
33
|
+
save(validate: false)
|
|
32
34
|
end
|
|
33
35
|
end
|
|
34
36
|
end
|
|
@@ -10,12 +10,12 @@ module Devise
|
|
|
10
10
|
# Validatable adds the following options to devise_for:
|
|
11
11
|
#
|
|
12
12
|
# * +email_regexp+: the regular expression used to validate e-mails;
|
|
13
|
-
# * +password_length+: a range expressing password length. Defaults to 8..
|
|
13
|
+
# * +password_length+: a range expressing password length. Defaults to 8..72.
|
|
14
14
|
#
|
|
15
15
|
module Validatable
|
|
16
16
|
# All validations used by this module.
|
|
17
|
-
VALIDATIONS = [
|
|
18
|
-
|
|
17
|
+
VALIDATIONS = [:validates_presence_of, :validates_uniqueness_of, :validates_format_of,
|
|
18
|
+
:validates_confirmation_of, :validates_length_of].freeze
|
|
19
19
|
|
|
20
20
|
def self.required_fields(klass)
|
|
21
21
|
[]
|
data/lib/devise/models.rb
CHANGED
|
@@ -12,7 +12,7 @@ module Devise
|
|
|
12
12
|
|
|
13
13
|
# Creates configuration values for Devise and for the given module.
|
|
14
14
|
#
|
|
15
|
-
# Devise::Models.config(Devise::
|
|
15
|
+
# Devise::Models.config(Devise::DatabaseAuthenticatable, :stretches)
|
|
16
16
|
#
|
|
17
17
|
# The line above creates:
|
|
18
18
|
#
|
|
@@ -2,16 +2,74 @@ module Devise
|
|
|
2
2
|
module OmniAuth
|
|
3
3
|
module UrlHelpers
|
|
4
4
|
def self.define_helpers(mapping)
|
|
5
|
+
return unless mapping.omniauthable?
|
|
6
|
+
|
|
7
|
+
mapping = mapping.name
|
|
8
|
+
|
|
9
|
+
class_eval do
|
|
10
|
+
define_method("#{mapping}_omniauth_authorize_path") do |provider, *args|
|
|
11
|
+
ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
|
|
12
|
+
[Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
|
|
13
|
+
|
|
14
|
+
Please use #{mapping}_#{provider}_omniauth_authorize_path instead.
|
|
15
|
+
DEPRECATION
|
|
16
|
+
send("#{mapping}_#{provider}_omniauth_authorize_path", *args)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
define_method("#{mapping}_omniauth_authorize_url") do |provider, *args|
|
|
20
|
+
ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
|
|
21
|
+
[Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
|
|
22
|
+
|
|
23
|
+
Please use #{mapping}_#{provider}_omniauth_authorize_url instead.
|
|
24
|
+
DEPRECATION
|
|
25
|
+
send("#{mapping}_#{provider}_omniauth_authorize_url", *args)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
define_method("#{mapping}_omniauth_callback_path") do |provider, *args|
|
|
29
|
+
ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
|
|
30
|
+
[Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
|
|
31
|
+
|
|
32
|
+
Please use #{mapping}_#{provider}_omniauth_callback_path instead.
|
|
33
|
+
DEPRECATION
|
|
34
|
+
send("#{mapping}_#{provider}_omniauth_callback_path", *args)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
define_method("#{mapping}_omniauth_callback_url") do |provider, *args|
|
|
38
|
+
ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
|
|
39
|
+
[Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
|
|
40
|
+
|
|
41
|
+
Please use #{mapping}_#{provider}_omniauth_callback_url instead.
|
|
42
|
+
DEPRECATION
|
|
43
|
+
send("#{mapping}_#{provider}_omniauth_callback_url", *args)
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
ActiveSupport.on_load(:action_controller) do
|
|
48
|
+
if respond_to?(:helper_method)
|
|
49
|
+
helper_method "#{mapping}_omniauth_authorize_path", "#{mapping}_omniauth_authorize_url"
|
|
50
|
+
helper_method "#{mapping}_omniauth_callback_path", "#{mapping}_omniauth_callback_url"
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def omniauth_authorize_path(resource_or_scope, provider, *args)
|
|
56
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
57
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_path", *args)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def omniauth_authorize_url(resource_or_scope, provider, *args)
|
|
61
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
62
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_url", *args)
|
|
5
63
|
end
|
|
6
64
|
|
|
7
|
-
def
|
|
65
|
+
def omniauth_callback_path(resource_or_scope, provider, *args)
|
|
8
66
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
9
|
-
_devise_route_context.send("#{scope}
|
|
67
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_callback_path", *args)
|
|
10
68
|
end
|
|
11
69
|
|
|
12
|
-
def
|
|
70
|
+
def omniauth_callback_url(resource_or_scope, provider, *args)
|
|
13
71
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
14
|
-
_devise_route_context.send("#{scope}
|
|
72
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_callback_url", *args)
|
|
15
73
|
end
|
|
16
74
|
end
|
|
17
75
|
end
|