RubyGems - devise - Versions diffs - 3.4.1 → 3.5.1 - Mend

devise 3.4.1 → 3.5.1

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (84) hide show

checksums.yaml +4 -4
data/.travis.yml +26 -16
data/CHANGELOG.md +131 -104
data/Gemfile +1 -1
data/Gemfile.lock +84 -85
data/MIT-LICENSE +1 -1
data/README.md +52 -32
data/Rakefile +2 -1
data/app/controllers/devise/confirmations_controller.rb +4 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -0
data/app/controllers/devise/passwords_controller.rb +14 -4
data/app/controllers/devise/registrations_controller.rb +10 -11
data/app/controllers/devise/sessions_controller.rb +7 -2
data/app/controllers/devise/unlocks_controller.rb +3 -0
data/app/controllers/devise_controller.rb +34 -18
data/app/views/devise/confirmations/new.html.erb +1 -1
data/app/views/devise/passwords/edit.html.erb +3 -0
data/app/views/devise/registrations/new.html.erb +1 -1
data/gemfiles/Gemfile.rails-3.2-stable.lock +43 -43
data/gemfiles/Gemfile.rails-4.0-stable.lock +45 -47
data/gemfiles/Gemfile.rails-4.1-stable.lock +52 -53
data/gemfiles/Gemfile.rails-4.2-stable +29 -0
data/gemfiles/Gemfile.rails-4.2-stable.lock +191 -0
data/lib/devise.rb +23 -28
data/lib/devise/controllers/rememberable.rb +1 -1
data/lib/devise/controllers/sign_in_out.rb +1 -1
data/lib/devise/controllers/store_location.rb +3 -1
data/lib/devise/controllers/url_helpers.rb +7 -9
data/lib/devise/encryptor.rb +22 -0
data/lib/devise/failure_app.rb +26 -10
data/lib/devise/mapping.rb +1 -0
data/lib/devise/models/authenticatable.rb +20 -26
data/lib/devise/models/confirmable.rb +29 -7
data/lib/devise/models/database_authenticatable.rb +6 -9
data/lib/devise/models/recoverable.rb +22 -10
data/lib/devise/models/rememberable.rb +16 -3
data/lib/devise/models/trackable.rb +1 -2
data/lib/devise/models/validatable.rb +3 -3
data/lib/devise/rails.rb +1 -1
data/lib/devise/rails/routes.rb +3 -3
data/lib/devise/strategies/authenticatable.rb +5 -2
data/lib/devise/strategies/database_authenticatable.rb +1 -1
data/lib/devise/strategies/rememberable.rb +10 -0
data/lib/devise/test_helpers.rb +2 -2
data/lib/devise/version.rb +1 -1
data/lib/generators/active_record/templates/migration.rb +1 -1
data/lib/generators/active_record/templates/migration_existing.rb +1 -1
data/lib/generators/templates/controllers/README +1 -1
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +1 -1
data/lib/generators/templates/controllers/registrations_controller.rb +2 -2
data/lib/generators/templates/controllers/sessions_controller.rb +1 -1
data/lib/generators/templates/devise.rb +14 -8
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +1 -1
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +1 -1
data/test/controllers/custom_registrations_controller_test.rb +6 -1
data/test/controllers/helpers_test.rb +5 -0
data/test/controllers/inherited_controller_i18n_messages_test.rb +51 -0
data/test/controllers/internal_helpers_test.rb +4 -4
data/test/controllers/load_hooks_controller_test.rb +19 -0
data/test/controllers/passwords_controller_test.rb +1 -1
data/test/controllers/sessions_controller_test.rb +3 -3
data/test/devise_test.rb +2 -2
data/test/failure_app_test.rb +23 -0
data/test/integration/database_authenticatable_test.rb +11 -0
data/test/integration/omniauthable_test.rb +1 -1
data/test/integration/recoverable_test.rb +13 -0
data/test/integration/rememberable_test.rb +9 -0
data/test/mapping_test.rb +6 -0
data/test/models/confirmable_test.rb +47 -34
data/test/models/lockable_test.rb +6 -6
data/test/models/recoverable_test.rb +39 -7
data/test/models/rememberable_test.rb +8 -2
data/test/models/validatable_test.rb +5 -5
data/test/rails_app/app/controllers/custom/registrations_controller.rb +10 -0
data/test/rails_app/config/application.rb +1 -1
data/test/rails_app/config/environments/production.rb +6 -2
data/test/rails_app/config/environments/test.rb +7 -2
data/test/rails_app/config/initializers/devise.rb +12 -15
data/test/rails_app/lib/shared_user.rb +1 -1
data/test/rails_test.rb +9 -0
data/test/support/integration.rb +2 -2
data/test/test_helpers_test.rb +22 -7
data/test/test_models.rb +2 -2
metadata +11 -2

data/test/models/recoverable_test.rb CHANGED

@@ -23,13 +23,13 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should reset password and password confirmation from params' do
     user = create_user
-    user.reset_password!('123456789', '987654321')
+    user.reset_password('123456789', '987654321')
     assert_equal '123456789', user.password
     assert_equal '987654321', user.password_confirmation
   end
   test 'should reset password and save the record' do
-    assert create_user.reset_password!('123456789', '123456789')
+    assert create_user.reset_password('123456789', '123456789')
   end
   test 'should clear reset password token while reseting the password' do
@@ -38,7 +38,30 @@ class RecoverableTest < ActiveSupport::TestCase
     user.send_reset_password_instructions
     assert_present user.reset_password_token
-    assert user.reset_password!('123456789', '123456789')
+    assert user.reset_password('123456789', '123456789')
+    assert_nil user.reset_password_token
+  end
+  test 'should clear reset password token if changing password' do
+    user = create_user
+    assert_nil user.reset_password_token
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.password = "123456678"
+    user.password_confirmation = "123456678"
+    user.save!
+    assert_nil user.reset_password_token
+  end
+  test 'should clear reset password token if changing email' do
+    user = create_user
+    assert_nil user.reset_password_token
+    user.send_reset_password_instructions
+    assert_present user.reset_password_token
+    user.email = "another@example.com"
+    user.save!
     assert_nil user.reset_password_token
   end
@@ -46,14 +69,14 @@ class RecoverableTest < ActiveSupport::TestCase
     user = create_user
     user.send_reset_password_instructions
     assert_present user.reset_password_token
-    assert_not user.reset_password!('123456789', '987654321')
+    assert_not user.reset_password('123456789', '987654321')
     assert_present user.reset_password_token
   end
   test 'should not reset password with invalid data' do
     user = create_user
     user.stubs(:valid?).returns(false)
-    assert_not user.reset_password!('123456789', '987654321')
+    assert_not user.reset_password('123456789', '987654321')
   end
   test 'should reset reset password token and send instructions by email' do
@@ -135,6 +158,7 @@ class RecoverableTest < ActiveSupport::TestCase
     reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '')
     assert_not reset_password_user.errors.empty?
     assert_match "can't be blank", reset_password_user.errors[:password].join
+    assert_equal raw, reset_password_user.reset_password_token
   end
   test 'should reset successfully user password given the new password and confirmation' do
@@ -142,15 +166,17 @@ class RecoverableTest < ActiveSupport::TestCase
     old_password = user.password
     raw  = user.send_reset_password_instructions
-    User.reset_password_by_token(
+    reset_password_user = User.reset_password_by_token(
       reset_password_token: raw,
       password: 'new_password',
       password_confirmation: 'new_password'
     )
-    user.reload
+    assert_nil reset_password_user.reset_password_token
+    user.reload
     assert_not user.valid_password?(old_password)
     assert user.valid_password?('new_password')
+    assert_nil user.reset_password_token
   end
   test 'should not reset password after reset_password_within time' do
@@ -189,6 +215,12 @@ class RecoverableTest < ActiveSupport::TestCase
     assert_equal User.with_reset_password_token(raw), user
   end
+  test 'should return the same reset password token as generated' do
+    user = create_user
+    raw  = user.send_reset_password_instructions
+    assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token
+  end
   test 'should return nil if a user based on the raw token is not found' do
     assert_equal User.with_reset_password_token('random-token'), nil
   end

data/test/models/rememberable_test.rb CHANGED

@@ -42,9 +42,15 @@ class RememberableTest < ActiveSupport::TestCase
     assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
   end
-  test 'raises a RuntimeError if authenticatable_salt is nil' do
+  test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
     user = User.new
-    user.encrypted_password = nil
+    def user.authenticable_salt; nil; end
+    assert_raise RuntimeError do
+      user.rememberable_value
+    end
+    user = User.new
+    def user.authenticable_salt; ""; end
     assert_raise RuntimeError do
       user.rememberable_value
     end

data/test/models/validatable_test.rb CHANGED

@@ -92,10 +92,10 @@ class ValidatableTest < ActiveSupport::TestCase
     assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join
   end
-  test 'should require a password with maximum of 128 characters long' do
-    user = new_user(password: 'x'*129, password_confirmation: 'x'*129)
+  test 'should require a password with maximum of 72 characters long' do
+    user = new_user(password: 'x'*73, password_confirmation: 'x'*73)
     assert user.invalid?
-    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+    assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
   end
   test 'should not require password length when it\'s not changed' do
@@ -109,10 +109,10 @@ class ValidatableTest < ActiveSupport::TestCase
   end
   test 'should complain about length even if password is not required' do
-    user = new_user(password: 'x'*129, password_confirmation: 'x'*129)
+    user = new_user(password: 'x'*73, password_confirmation: 'x'*73)
     user.stubs(:password_required?).returns(false)
     assert user.invalid?
-    assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join
+    assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join
   end
   test 'should not be included in objects with invalid API' do

data/test/rails_app/app/controllers/custom/registrations_controller.rb CHANGED

@@ -1,4 +1,10 @@
 class Custom::RegistrationsController < Devise::RegistrationsController
+  def new
+    super do |resource|
+      @new_block_called = true
+    end
+  end
   def create
     super do |resource|
       @create_block_called = true
@@ -18,4 +24,8 @@ class Custom::RegistrationsController < Devise::RegistrationsController
   def update_block_called?
     @update_block_called == true
   end
+  def new_block_called?
+    @new_block_called == true
+  end
 end

data/test/rails_app/config/application.rb CHANGED

@@ -17,7 +17,7 @@ module RailsApp
   class Application < Rails::Application
     # Add additional load paths for your own custom dirs
     config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) }
-    config.autoload_paths += [ "#{config.root}/app/#{DEVISE_ORM}" ]
+    config.autoload_paths += ["#{config.root}/app/#{DEVISE_ORM}"]
     # Configure generators values. Many other options are available, be sure to check the documentation.
     # config.generators do |g|

data/test/rails_app/config/environments/production.rb CHANGED

@@ -20,7 +20,11 @@ RailsApp::Application.configure do
   # config.action_dispatch.rack_cache = true
   # Disable Rails's static asset server (Apache or nginx will already do this).
-  config.serve_static_assets = false
+  if Rails.version >= "4.2.0"
+    config.serve_static_files = false
+  else
+    config.serve_static_assets = false
+  end
   # Compress JavaScripts and CSS.
   config.assets.js_compressor  = :uglifier
@@ -46,7 +50,7 @@ RailsApp::Application.configure do
   config.log_level = :info
   # Prepend all log lines with the following tags.
-  # config.log_tags = [ :subdomain, :uuid ]
+  # config.log_tags = [:subdomain, :uuid]
   # Use a different logger for distributed setups.
   # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)

data/test/rails_app/config/environments/test.rb CHANGED

@@ -12,8 +12,13 @@ RailsApp::Application.configure do
   # preloads Rails for running tests, you may have to set it to true.
   config.eager_load = false
-  # Configure static asset server for tests with Cache-Control for performance.
-  config.serve_static_assets = true
+  # Disable serving static files from the `/public` folder by default since
+  # Apache or NGINX already handles this.
+  if Rails.version >= "4.2.0"
+    config.serve_static_files = true
+  else
+    config.serve_static_assets = true
+  end
   config.static_cache_control = "public, max-age=3600"
   # Show full error reports and disable caching.

data/test/rails_app/config/initializers/devise.rb CHANGED

@@ -31,7 +31,7 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # You can also supply hash where the value is a boolean expliciting if authentication
   # should be aborted or not if the value is not present. By default is empty.
-  # config.authentication_keys = [ :email ]
+  # config.authentication_keys = [:email]
   # Configure parameters from the request object used for authentication. Each entry
   # given should be a request method and it will automatically be passed to
@@ -43,12 +43,12 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [ :email ]
+  config.case_insensitive_keys = [:email]
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
   # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [ :email ]
+  config.strip_whitespace_keys = [:email]
   # Tell if authentication through request.params is enabled. True by default.
   # config.params_authenticatable = true
@@ -77,21 +77,18 @@ Devise.setup do |config|
   # config.allow_unconfirmed_access_for = 2.days
   # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [ :email ]
+  # config.confirmation_keys = [:email]
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
-  # If true, a valid remember token can be re-used between multiple browsers.
-  # config.remember_across_browsers = true
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
   # ==> Configuration for :validatable
-  # Range for password length. Default is 8..128.
-  # config.password_length = 8..128
+  # Range for password length. Default is 8..72.
+  # config.password_length = 8..72
   # Regex to use to validate the email address
   # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
@@ -108,7 +105,7 @@ Devise.setup do |config|
   # config.lock_strategy = :failed_attempts
   # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [ :email ]
+  # config.unlock_keys = [:email]
   # Defines which strategy will be used to unlock an account.
   # :email = Sends an unlock link to the user email
@@ -127,20 +124,20 @@ Devise.setup do |config|
   # ==> Configuration for :recoverable
   #
   # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [ :email ]
+  # config.reset_password_keys = [:email]
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
   config.reset_password_within = 2.hours
+  # When set to false, does not sign a user in automatically after their password is
+  # reset. Defaults to true, so a user is signed in automatically after a reset.
+  # config.sign_in_after_reset_password = true
   # Setup a pepper to generate the encrypted password.
   config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
-  # ==> Configuration for :token_authenticatable
-  # Defines name of the authentication token params key
-  # config.token_authentication_key = :auth_token
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
   # "users/sessions/new". It's turned off by default because it's slower if you

data/test/rails_app/lib/shared_user.rb CHANGED

@@ -4,7 +4,7 @@ module SharedUser
   included do
     devise :database_authenticatable, :confirmable, :lockable, :recoverable,
            :registerable, :rememberable, :timeoutable,
-           :trackable, :validatable, :omniauthable, password_length: 7..128
+           :trackable, :validatable, :omniauthable, password_length: 7..72
     attr_accessor :other_key

data/test/rails_test.rb ADDED

@@ -0,0 +1,9 @@
+require 'test_helper'
+class RailsTest < ActiveSupport::TestCase
+  test 'correct initializer position' do
+    initializer = Devise::Engine.initializers.detect { |i| i.name == 'devise.omniauth' }
+    assert_equal :load_config_initializers, initializer.after
+    assert_equal :build_middleware_stack, initializer.before
+  end
+end

data/test/support/integration.rb CHANGED

@@ -15,7 +15,7 @@ class ActionDispatch::IntegrationTest
         created_at: Time.now.utc
       )
       user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at]
-      user.confirm! unless options[:confirm] == false
+      user.confirm unless options[:confirm] == false
       user.lock_access! if options[:locked] == true
       user
     end
@@ -28,7 +28,7 @@ class ActionDispatch::IntegrationTest
         password: '123456', password_confirmation: '123456',
         active: options[:active]
       )
-      admin.confirm! unless options[:confirm] == false
+      admin.confirm unless options[:confirm] == false
       admin
     end
   end

data/test/test_helpers_test.rb CHANGED

@@ -34,7 +34,7 @@ class TestHelpersTest < ActionController::TestCase
   test "does not redirect with valid user" do
     user = create_user
-    user.confirm!
+    user.confirm
     sign_in user
     get :index
@@ -46,7 +46,7 @@ class TestHelpersTest < ActionController::TestCase
     assert_response :redirect
     user = create_user
-    user.confirm!
+    user.confirm
     sign_in user
     get :index
@@ -55,7 +55,7 @@ class TestHelpersTest < ActionController::TestCase
   test "redirects if valid user signed out" do
     user = create_user
-    user.confirm!
+    user.confirm
     sign_in user
     get :index
@@ -105,7 +105,7 @@ class TestHelpersTest < ActionController::TestCase
       end
       user = create_user
-      user.confirm!
+      user.confirm
       sign_in user
     ensure
       Warden::Manager._after_set_user.pop
@@ -118,7 +118,7 @@ class TestHelpersTest < ActionController::TestCase
         flunk "callback was called while it should not"
       end
       user = create_user
-      user.confirm!
+      user.confirm
       sign_in user
       sign_out user
@@ -146,7 +146,7 @@ class TestHelpersTest < ActionController::TestCase
   test "allows to sign in with different users" do
     first_user = create_user
-    first_user.confirm!
+    first_user.confirm
     sign_in first_user
     get :index
@@ -154,10 +154,25 @@ class TestHelpersTest < ActionController::TestCase
     sign_out first_user
     second_user = create_user
-    second_user.confirm!
+    second_user.confirm
     sign_in second_user
     get :index
     assert_match /User ##{second_user.id}/, @response.body
   end
+  test "creates a new warden proxy if the request object has changed" do
+    old_warden_proxy = warden
+    @request = ActionController::TestRequest.new
+    new_warden_proxy = warden
+    assert_not_equal old_warden_proxy, new_warden_proxy
+  end
+  test "doesn't create a new warden proxy if the request object hasn't changed" do
+    old_warden_proxy = warden
+    new_warden_proxy = warden
+    assert_equal old_warden_proxy, new_warden_proxy
+  end
 end

data/test/test_models.rb CHANGED

@@ -20,8 +20,8 @@ class UserWithCustomEncryption < User
 end
 class UserWithVirtualAttributes < User
-  devise case_insensitive_keys: [ :email, :email_confirmation ]
-  validates :email, presence: true, confirmation: {on: :create}
+  devise case_insensitive_keys: [:email, :email_confirmation]
+  validates :email, presence: true, confirmation: { on: :create }
 end
 class Several < Admin

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise
 version: !ruby/object:Gem::Version
-  version: 3.4.1
+  version: 3.5.1
 platform: ruby
 authors:
 - José Valim
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-10-29 00:00:00.000000000 Z
+date: 2015-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: warden
@@ -146,6 +146,8 @@ files:
 - gemfiles/Gemfile.rails-4.0-stable.lock
 - gemfiles/Gemfile.rails-4.1-stable
 - gemfiles/Gemfile.rails-4.1-stable.lock
+- gemfiles/Gemfile.rails-4.2-stable
+- gemfiles/Gemfile.rails-4.2-stable.lock
 - lib/devise.rb
 - lib/devise/controllers/helpers.rb
 - lib/devise/controllers/rememberable.rb
@@ -154,6 +156,7 @@ files:
 - lib/devise/controllers/store_location.rb
 - lib/devise/controllers/url_helpers.rb
 - lib/devise/delegator.rb
+- lib/devise/encryptor.rb
 - lib/devise/failure_app.rb
 - lib/devise/hooks/activatable.rb
 - lib/devise/hooks/csrf_cleaner.rb
@@ -229,7 +232,9 @@ files:
 - test/controllers/custom_registrations_controller_test.rb
 - test/controllers/custom_strategy_test.rb
 - test/controllers/helpers_test.rb
+- test/controllers/inherited_controller_i18n_messages_test.rb
 - test/controllers/internal_helpers_test.rb
+- test/controllers/load_hooks_controller_test.rb
 - test/controllers/passwords_controller_test.rb
 - test/controllers/sessions_controller_test.rb
 - test/controllers/url_helpers_test.rb
@@ -339,6 +344,7 @@ files:
 - test/rails_app/public/422.html
 - test/rails_app/public/500.html
 - test/rails_app/public/favicon.ico
+- test/rails_test.rb
 - test/routes_test.rb
 - test/support/action_controller/record_identifier.rb
 - test/support/assertions.rb
@@ -378,7 +384,9 @@ test_files:
 - test/controllers/custom_registrations_controller_test.rb
 - test/controllers/custom_strategy_test.rb
 - test/controllers/helpers_test.rb
+- test/controllers/inherited_controller_i18n_messages_test.rb
 - test/controllers/internal_helpers_test.rb
+- test/controllers/load_hooks_controller_test.rb
 - test/controllers/passwords_controller_test.rb
 - test/controllers/sessions_controller_test.rb
 - test/controllers/url_helpers_test.rb
@@ -488,6 +496,7 @@ test_files:
 - test/rails_app/public/422.html
 - test/rails_app/public/500.html
 - test/rails_app/public/favicon.ico
+- test/rails_test.rb
 - test/routes_test.rb
 - test/support/action_controller/record_identifier.rb
 - test/support/assertions.rb