devise 3.3.0 → 3.4.0

data/lib/generators/templates/controllers/README

@@ -0,0 +1,14 @@
+===============================================================================
+
+Some setup you must do manually if you haven't yet:
+
+  Ensure you have overridden routes for generated controllers in your route.rb.
+  For example:
+
+    Rails.application.routes.draw do
+      devise_for :users, controllers: {
+        sessions: 'sessions'
+      }
+    end
+
+===============================================================================

data/lib/generators/templates/controllers/confirmations_controller.rb

@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController
+  # GET /resource/confirmation/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/confirmation
+  # def create
+  #   super
+  # end
+
+  # GET /resource/confirmation?confirmation_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after resending confirmation instructions.
+  # def after_resending_confirmation_instructions_path_for(resource_name)
+  #   super(resource_name)
+  # end
+
+  # The path used after confirmation.
+  # def after_confirmation_path_for(resource_name, resource)
+  #   super(resource_name, resource)
+  # end
+end

data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb

@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  # You should configure your model like this:
+  # devise :omniauthable, omniauth_providers: [:twitter]
+
+  # You should also create an action method in this controller like this:
+  # def twitter
+  # end
+
+  # More info at:
+  # https://github.com/plataformatec/devise#omniauth
+
+  # GET|POST /resource/auth/twitter
+  # def passthru
+  #   super
+  # end
+
+  # GET|POST /users/auth/twitter/callback
+  # def failure
+  #   super
+  # end
+
+  # protected
+
+  # The path used when omniauth fails
+  # def after_omniauth_failure_path_for(scope)
+  #   super(scope)
+  # end
+end

data/lib/generators/templates/controllers/passwords_controller.rb

@@ -0,0 +1,32 @@
+class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController
+  # GET /resource/password/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/password
+  # def create
+  #   super
+  # end
+
+  # GET /resource/password/edit?reset_password_token=abcdef
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource/password
+  # def update
+  #   super
+  # end
+
+  # protected
+
+  # def after_resetting_password_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sending reset password instructions
+  # def after_sending_reset_password_instructions_path_for(resource_name)
+  #   super(resource_name)
+  # end
+end

data/lib/generators/templates/controllers/registrations_controller.rb

@@ -0,0 +1,60 @@
+class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
+# before_filter :configure_sign_up_params, only: [:create]
+# before_filter :configure_account_update_params, only: [:update]
+
+  # GET /resource/sign_up
+  # def new
+  #   super
+  # end
+
+  # POST /resource
+  # def create
+  #   super
+  # end
+
+  # GET /resource/edit
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource
+  # def update
+  #   super
+  # end
+
+  # DELETE /resource
+  # def destroy
+  #   super
+  # end
+
+  # GET /resource/cancel
+  # Forces the session data which is usually expired after sign
+  # in to be expired now. This is useful if the user wants to
+  # cancel oauth signing in/up in the middle of the process,
+  # removing all OAuth session data.
+  # def cancel
+  #   super
+  # end
+
+  # protected
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_sign_up_params
+  #   devise_parameter_sanitizer.for(:sign_up) << :attribute
+  # end
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_account_update_params
+  #   devise_parameter_sanitizer.for(:account_update) << :attribute
+  # end
+
+  # The path used after sign up.
+  # def after_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sign up for inactive accounts.
+  # def after_inactive_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+end

data/lib/generators/templates/controllers/sessions_controller.rb

@@ -0,0 +1,25 @@
+class <%= @scope_prefix %>SessionsController < Devise::SessionsController
+# before_filter :configure_sign_in_params, only: [:create]
+
+  # GET /resource/sign_in
+  # def new
+  #   super
+  # end
+
+  # POST /resource/sign_in
+  # def create
+  #   super
+  # end
+
+  # DELETE /resource/sign_out
+  # def destroy
+  #   super
+  # end
+
+  # protected
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_sign_in_params
+  #   devise_parameter_sanitizer.for(:sign_in) << :attribute
+  # end
+end

data/lib/generators/templates/controllers/unlocks_controller.rb

@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController
+  # GET /resource/unlock/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/unlock
+  # def create
+  #   super
+  # end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after sending unlock password instructions
+  # def after_sending_unlock_instructions_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after unlocking the resource
+  # def after_unlock_path_for(resource)
+  #   super(resource)
+  # end
+end

data/lib/generators/templates/devise.rb

@@ -65,7 +65,7 @@ Devise.setup do |config|
   # :database      = Support basic authentication with authentication key + password
   # config.http_authenticatable = false
 
-  # If http headers should be returned for AJAX requests. True by default.
+  # If 401 status code should be returned for AJAX requests. True by default.
   # config.http_authenticatable_on_xhr = true
 
   # The realm used in Http Basic Authentication. 'Application' by default.
@@ -183,7 +183,7 @@ Devise.setup do |config|
   # config.unlock_in = 1.hour
 
   # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = false
+  # config.last_attempt_warning = true
 
   # ==> Configuration for :recoverable
   #

data/lib/generators/templates/simple_form_for/registrations/new.html.erb

@@ -5,7 +5,7 @@
 
   <div class="form-inputs">
     <%= f.input :email, required: true, autofocus: true %>
-    <%= f.input :password, required: true %>
+    <%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %>
     <%= f.input :password_confirmation, required: true %>
   </div>
 

data/lib/generators/templates/simple_form_for/sessions/new.html.erb

@@ -1,4 +1,4 @@
-<h2>Sign in</h2>
+<h2>Log in</h2>
 
 <%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
   <div class="form-inputs">
@@ -8,7 +8,7 @@
   </div>
 
   <div class="form-actions">
-    <%= f.button :submit, "Sign in" %>
+    <%= f.button :submit, "Log in" %>
   </div>
 <% end %>
 

data/test/controllers/url_helpers_test.rb

@@ -13,6 +13,12 @@ class RoutesTest < ActionController::TestCase
     assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user),
                  send(:"#{prepend_path}user_#{name}_url")
 
+    # With string
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", "user"),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", "user"),
+                 send(:"#{prepend_path}user_#{name}_url")
+
     # Default url params
     assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, param: 123),
                  send(:"#{prepend_path}user_#{name}_path", param: 123)

data/test/generators/controllers_generator_test.rb

@@ -0,0 +1,48 @@
+require "test_helper"
+
+class ControllersGeneratorTest < Rails::Generators::TestCase
+  tests Devise::Generators::ControllersGenerator
+  destination File.expand_path("../../tmp", __FILE__)
+  setup :prepare_destination
+
+  test "Assert no controllers are created with no params" do
+    capture(:stderr) { run_generator }
+    assert_no_file "app/controllers/sessions_controller.rb"
+    assert_no_file "app/controllers/registrations_controller.rb"
+    assert_no_file "app/controllers/confirmations_controller.rb"
+    assert_no_file "app/controllers/passwords_controller.rb"
+    assert_no_file "app/controllers/unlocks_controller.rb"
+    assert_no_file "app/controllers/omniauth_callbacks_controller.rb"
+  end
+
+  test "Assert all controllers are properly created with scope param" do
+    run_generator %w(users)
+    assert_class_names 'users'
+
+    run_generator %w(admins)
+    assert_class_names 'admins'
+  end
+
+  test "Assert specified controllers with scope" do
+    run_generator %w(users -c sessions)
+    assert_file "app/controllers/users/sessions_controller.rb"
+    assert_no_file "app/controllers/users/registrations_controller.rb"
+    assert_no_file "app/controllers/users/confirmations_controller.rb"
+    assert_no_file "app/controllers/users/passwords_controller.rb"
+    assert_no_file "app/controllers/users/unlocks_controller.rb"
+    assert_no_file "app/controllers/users/omniauth_callbacks_controller.rb"
+  end
+
+  private
+
+    def assert_class_names(scope, options = {})
+      base_dir = "app/controllers#{scope.blank? ? '' : ('/' + scope)}"
+      scope_prefix = scope.blank? ? '' : (scope.camelize + '::')
+      controllers = options[:controllers] ||
+        %w(confirmations passwords registrations sessions unlocks omniauth_callbacks)
+
+      controllers.each do |c|
+        assert_file "#{base_dir}/#{c}_controller.rb", /#{scope_prefix + c.camelize}/
+      end
+    end
+end

data/test/generators/views_generator_test.rb

@@ -78,7 +78,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
     assert_file "app/views/#{scope}/registrations/new.html.erb"
     assert_file "app/views/#{scope}/registrations/edit.html.erb"
     assert_file "app/views/#{scope}/sessions/new.html.erb"
-    assert_file "app/views/#{scope}/shared/_links.erb"
+    assert_file "app/views/#{scope}/shared/_links.html.erb"
     assert_file "app/views/#{scope}/unlocks/new.html.erb"
   end
 

data/test/helpers/devise_helper_test.rb

@@ -2,25 +2,22 @@ require 'test_helper'
 
 class DeviseHelperTest < ActionDispatch::IntegrationTest
   setup do
-    model_labels = { models: { user: "utilisateur" } }
-    # TODO: Remove this hack that fixes the I18n performance safeguards that
-    # breaks the custom locale.
-    I18n.available_locales += [:fr]
-    I18n.backend.store_translations :fr,
-    {
+    model_labels = { models: { user: "the user" } }
+    translations = {
       errors: { messages: { not_saved: {
-        one: "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.",
-        other: "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs."
+        one: "Can't save %{resource} because of 1 error",
+        other: "Can't save %{resource} because of %{count} errors",
       } } },
       activerecord: model_labels,
       mongoid: model_labels
     }
 
-    I18n.locale = 'fr'
+    I18n.available_locales
+    I18n.backend.store_translations(:en, translations)
   end
 
   teardown do
-    I18n.locale = 'en'
+    I18n.reload!
   end
 
   test 'test errors.messages.not_saved with single error from i18n' do
@@ -31,7 +28,7 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest
     click_button 'Sign up'
 
     assert_have_selector '#error_explanation'
-    assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 1 erreur"
+    assert_contain "Can't save the user because of 1 error"
   end
 
   test 'test errors.messages.not_saved with multiple errors from i18n' do
@@ -47,6 +44,6 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest
     click_button 'Sign up'
 
     assert_have_selector '#error_explanation'
-    assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 2 erreurs"
+    assert_contain "Can't save the user because of 2 errors"
   end
 end

data/test/integration/authenticatable_test.rb

@@ -580,7 +580,7 @@ class AuthenticationKeysTest < ActionDispatch::IntegrationTest
   test 'missing authentication keys cause authentication to abort' do
     swap Devise, authentication_keys: [:subdomain] do
       sign_in_as_user
-      assert_contain "Invalid email or password."
+      assert_contain "Invalid subdomain or password."
       assert_not warden.authenticated?(:user)
     end
   end

data/test/integration/http_authenticatable_test.rb

@@ -42,7 +42,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest
     sign_in_as_new_user_with_http("unknown")
     assert_equal 401, status
     assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
-    assert_match "<error>Invalid email address or password.</error>", response.body
+    assert_match "<error>Invalid email or password.</error>", response.body
   end
 
   test 'returns a custom response with www-authenticate and chosen realm' do

data/test/mapping_test.rb

@@ -62,6 +62,7 @@ class MappingTest < ActiveSupport::TestCase
   test 'find scope for a given object' do
     assert_equal :user, Devise::Mapping.find_scope!(User)
     assert_equal :user, Devise::Mapping.find_scope!(:user)
+    assert_equal :user, Devise::Mapping.find_scope!("user")
     assert_equal :user, Devise::Mapping.find_scope!(User.new)
   end
 

data/test/models/authenticatable_test.rb

@@ -10,4 +10,14 @@ class AuthenticatableTest < ActiveSupport::TestCase
     assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
     assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next)
   end
+
+  if defined?(ActionController::Parameters)
+    test 'does not passes an ActionController::Parameters to find_first_by_auth_conditions through find_or_initialize_with_errors' do
+      user = create_user(email: 'example@example.com')
+      attributes = ActionController::Parameters.new(email: 'example@example.com')
+
+      User.expects(:find_first_by_auth_conditions).with('email' => 'example@example.com').returns(user)
+      User.find_or_initialize_with_errors([:email], attributes)
+    end
+  end
 end

data/test/models/confirmable_test.rb

@@ -224,10 +224,11 @@ class ConfirmableTest < ActiveSupport::TestCase
   end
 
   test 'should be active when we set allow_unconfirmed_access_for to nil' do
-    Devise.allow_unconfirmed_access_for = nil
-    user = create_user
-    user.confirmation_sent_at = Date.today
-    assert user.active_for_authentication?
+    swap Devise, allow_unconfirmed_access_for: nil do
+      user = create_user
+      user.confirmation_sent_at = Date.today
+      assert user.active_for_authentication?
+    end
   end
 
   test 'should not be active without confirmation' do