RubyGems - devise - Versions diffs - 3.5.1 → 4.7.1 - Mend

devise 3.5.1 → 4.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (256) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +259 -1076
data/MIT-LICENSE +1 -1
data/README.md +256 -68
data/app/controllers/devise/confirmations_controller.rb +3 -1
data/app/controllers/devise/omniauth_callbacks_controller.rb +8 -6
data/app/controllers/devise/passwords_controller.rb +10 -7
data/app/controllers/devise/registrations_controller.rb +39 -18
data/app/controllers/devise/sessions_controller.rb +9 -7
data/app/controllers/devise/unlocks_controller.rb +4 -2
data/app/controllers/devise_controller.rb +23 -10
data/app/helpers/devise_helper.rb +12 -19
data/app/mailers/devise/mailer.rb +10 -0
data/app/views/devise/confirmations/new.html.erb +2 -2
data/app/views/devise/mailer/email_changed.html.erb +7 -0
data/app/views/devise/mailer/password_change.html.erb +3 -0
data/app/views/devise/passwords/edit.html.erb +5 -5
data/app/views/devise/passwords/new.html.erb +2 -2
data/app/views/devise/registrations/edit.html.erb +9 -5
data/app/views/devise/registrations/new.html.erb +4 -4
data/app/views/devise/sessions/new.html.erb +4 -4
data/app/views/devise/shared/_error_messages.html.erb +15 -0
data/app/views/devise/shared/_links.html.erb +8 -8
data/app/views/devise/unlocks/new.html.erb +2 -2
data/config/locales/en.yml +6 -1
data/lib/devise/controllers/helpers.rb +35 -26
data/lib/devise/controllers/rememberable.rb +11 -2
data/lib/devise/controllers/scoped_views.rb +2 -0
data/lib/devise/controllers/sign_in_out.rb +35 -18
data/lib/devise/controllers/store_location.rb +25 -7
data/lib/devise/controllers/url_helpers.rb +2 -0
data/lib/devise/delegator.rb +2 -0
data/lib/devise/encryptor.rb +6 -4
data/lib/devise/failure_app.rb +84 -27
data/lib/devise/hooks/activatable.rb +2 -0
data/lib/devise/hooks/csrf_cleaner.rb +2 -0
data/lib/devise/hooks/forgetable.rb +2 -0
data/lib/devise/hooks/lockable.rb +6 -1
data/lib/devise/hooks/proxy.rb +3 -1
data/lib/devise/hooks/rememberable.rb +2 -0
data/lib/devise/hooks/timeoutable.rb +7 -7
data/lib/devise/hooks/trackable.rb +2 -0
data/lib/devise/mailers/helpers.rb +7 -4
data/lib/devise/mapping.rb +2 -0
data/lib/devise/models/authenticatable.rb +51 -26
data/lib/devise/models/confirmable.rb +106 -33
data/lib/devise/models/database_authenticatable.rb +97 -21
data/lib/devise/models/lockable.rb +15 -5
data/lib/devise/models/omniauthable.rb +2 -0
data/lib/devise/models/recoverable.rb +32 -24
data/lib/devise/models/registerable.rb +4 -0
data/lib/devise/models/rememberable.rb +42 -26
data/lib/devise/models/timeoutable.rb +2 -6
data/lib/devise/models/trackable.rb +15 -1
data/lib/devise/models/validatable.rb +10 -3
data/lib/devise/models.rb +3 -1
data/lib/devise/modules.rb +2 -0
data/lib/devise/omniauth/config.rb +2 -0
data/lib/devise/omniauth/url_helpers.rb +14 -5
data/lib/devise/omniauth.rb +2 -0
data/lib/devise/orm/active_record.rb +5 -1
data/lib/devise/orm/mongoid.rb +6 -2
data/lib/devise/parameter_filter.rb +4 -0
data/lib/devise/parameter_sanitizer.rb +139 -65
data/lib/devise/rails/routes.rb +67 -47
data/lib/devise/rails/warden_compat.rb +3 -10
data/lib/devise/rails.rb +7 -16
data/lib/devise/secret_key_finder.rb +27 -0
data/lib/devise/strategies/authenticatable.rb +5 -3
data/lib/devise/strategies/base.rb +2 -0
data/lib/devise/strategies/database_authenticatable.rb +11 -4
data/lib/devise/strategies/rememberable.rb +5 -6
data/lib/devise/test/controller_helpers.rb +165 -0
data/lib/devise/test/integration_helpers.rb +63 -0
data/lib/devise/test_helpers.rb +7 -124
data/lib/devise/time_inflector.rb +2 -0
data/lib/devise/token_generator.rb +3 -41
data/lib/devise/version.rb +3 -1
data/lib/devise.rb +73 -46
data/lib/generators/active_record/devise_generator.rb +29 -10
data/lib/generators/active_record/templates/migration.rb +4 -2
data/lib/generators/active_record/templates/migration_existing.rb +4 -2
data/lib/generators/devise/controllers_generator.rb +3 -1
data/lib/generators/devise/devise_generator.rb +4 -2
data/lib/generators/devise/install_generator.rb +17 -0
data/lib/generators/devise/orm_helpers.rb +10 -21
data/lib/generators/devise/views_generator.rb +21 -11
data/lib/generators/mongoid/devise_generator.rb +7 -5
data/lib/generators/templates/README +1 -8
data/lib/generators/templates/controllers/README +1 -1
data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +2 -0
data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
data/lib/generators/templates/controllers/registrations_controller.rb +6 -4
data/lib/generators/templates/controllers/sessions_controller.rb +4 -2
data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
data/lib/generators/templates/devise.rb +52 -22
data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
data/lib/generators/templates/markerb/email_changed.markerb +7 -0
data/lib/generators/templates/markerb/password_change.markerb +3 -0
data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +5 -1
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +10 -2
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +4 -1
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +11 -3
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +11 -3
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +7 -2
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +4 -1
metadata +15 -301
data/.gitignore +0 -10
data/.travis.yml +0 -45
data/.yardopts +0 -9
data/CONTRIBUTING.md +0 -14
data/Gemfile +0 -29
data/Gemfile.lock +0 -191
data/Rakefile +0 -36
data/devise.gemspec +0 -29
data/devise.png +0 -0
data/gemfiles/Gemfile.rails-3.2-stable +0 -29
data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
data/gemfiles/Gemfile.rails-4.0-stable +0 -29
data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
data/gemfiles/Gemfile.rails-4.1-stable +0 -29
data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -169
data/gemfiles/Gemfile.rails-4.2-stable +0 -29
data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -191
data/script/cached-bundle +0 -49
data/script/s3-put +0 -71
data/test/controllers/custom_registrations_controller_test.rb +0 -40
data/test/controllers/custom_strategy_test.rb +0 -62
data/test/controllers/helpers_test.rb +0 -316
data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -51
data/test/controllers/internal_helpers_test.rb +0 -129
data/test/controllers/load_hooks_controller_test.rb +0 -19
data/test/controllers/passwords_controller_test.rb +0 -31
data/test/controllers/sessions_controller_test.rb +0 -103
data/test/controllers/url_helpers_test.rb +0 -65
data/test/delegator_test.rb +0 -19
data/test/devise_test.rb +0 -107
data/test/failure_app_test.rb +0 -298
data/test/generators/active_record_generator_test.rb +0 -109
data/test/generators/controllers_generator_test.rb +0 -48
data/test/generators/devise_generator_test.rb +0 -39
data/test/generators/install_generator_test.rb +0 -13
data/test/generators/mongoid_generator_test.rb +0 -23
data/test/generators/views_generator_test.rb +0 -96
data/test/helpers/devise_helper_test.rb +0 -49
data/test/integration/authenticatable_test.rb +0 -729
data/test/integration/confirmable_test.rb +0 -324
data/test/integration/database_authenticatable_test.rb +0 -95
data/test/integration/http_authenticatable_test.rb +0 -105
data/test/integration/lockable_test.rb +0 -239
data/test/integration/omniauthable_test.rb +0 -133
data/test/integration/recoverable_test.rb +0 -347
data/test/integration/registerable_test.rb +0 -359
data/test/integration/rememberable_test.rb +0 -176
data/test/integration/timeoutable_test.rb +0 -189
data/test/integration/trackable_test.rb +0 -92
data/test/mailers/confirmation_instructions_test.rb +0 -115
data/test/mailers/reset_password_instructions_test.rb +0 -96
data/test/mailers/unlock_instructions_test.rb +0 -91
data/test/mapping_test.rb +0 -134
data/test/models/authenticatable_test.rb +0 -23
data/test/models/confirmable_test.rb +0 -468
data/test/models/database_authenticatable_test.rb +0 -249
data/test/models/lockable_test.rb +0 -328
data/test/models/omniauthable_test.rb +0 -7
data/test/models/recoverable_test.rb +0 -228
data/test/models/registerable_test.rb +0 -7
data/test/models/rememberable_test.rb +0 -204
data/test/models/serializable_test.rb +0 -49
data/test/models/timeoutable_test.rb +0 -51
data/test/models/trackable_test.rb +0 -41
data/test/models/validatable_test.rb +0 -127
data/test/models_test.rb +0 -144
data/test/omniauth/config_test.rb +0 -57
data/test/omniauth/url_helpers_test.rb +0 -54
data/test/orm/active_record.rb +0 -10
data/test/orm/mongoid.rb +0 -13
data/test/parameter_sanitizer_test.rb +0 -81
data/test/rails_app/Rakefile +0 -6
data/test/rails_app/app/active_record/admin.rb +0 -6
data/test/rails_app/app/active_record/shim.rb +0 -2
data/test/rails_app/app/active_record/user.rb +0 -6
data/test/rails_app/app/active_record/user_on_engine.rb +0 -7
data/test/rails_app/app/active_record/user_on_main_app.rb +0 -7
data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
data/test/rails_app/app/controllers/admins_controller.rb +0 -11
data/test/rails_app/app/controllers/application_controller.rb +0 -12
data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -30
data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -31
data/test/rails_app/app/controllers/home_controller.rb +0 -25
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
data/test/rails_app/app/controllers/users_controller.rb +0 -31
data/test/rails_app/app/helpers/application_helper.rb +0 -3
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -3
data/test/rails_app/app/mailers/users/mailer.rb +0 -3
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -4
data/test/rails_app/app/mongoid/admin.rb +0 -29
data/test/rails_app/app/mongoid/shim.rb +0 -23
data/test/rails_app/app/mongoid/user.rb +0 -39
data/test/rails_app/app/mongoid/user_on_engine.rb +0 -39
data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -39
data/test/rails_app/app/views/admins/index.html.erb +0 -1
data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
data/test/rails_app/app/views/home/index.html.erb +0 -1
data/test/rails_app/app/views/home/join.html.erb +0 -1
data/test/rails_app/app/views/home/private.html.erb +0 -1
data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
data/test/rails_app/app/views/layouts/application.html.erb +0 -24
data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
data/test/rails_app/app/views/users/index.html.erb +0 -1
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
data/test/rails_app/bin/bundle +0 -3
data/test/rails_app/bin/rails +0 -4
data/test/rails_app/bin/rake +0 -4
data/test/rails_app/config/application.rb +0 -40
data/test/rails_app/config/boot.rb +0 -14
data/test/rails_app/config/database.yml +0 -18
data/test/rails_app/config/environment.rb +0 -5
data/test/rails_app/config/environments/development.rb +0 -30
data/test/rails_app/config/environments/production.rb +0 -84
data/test/rails_app/config/environments/test.rb +0 -41
data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
data/test/rails_app/config/initializers/devise.rb +0 -180
data/test/rails_app/config/initializers/inflections.rb +0 -2
data/test/rails_app/config/initializers/secret_token.rb +0 -8
data/test/rails_app/config/initializers/session_store.rb +0 -1
data/test/rails_app/config/routes.rb +0 -122
data/test/rails_app/config.ru +0 -4
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
data/test/rails_app/db/schema.rb +0 -55
data/test/rails_app/lib/shared_admin.rb +0 -17
data/test/rails_app/lib/shared_user.rb +0 -29
data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -13
data/test/rails_app/public/404.html +0 -26
data/test/rails_app/public/422.html +0 -26
data/test/rails_app/public/500.html +0 -26
data/test/rails_app/public/favicon.ico +0 -0
data/test/rails_test.rb +0 -9
data/test/routes_test.rb +0 -264
data/test/support/action_controller/record_identifier.rb +0 -10
data/test/support/assertions.rb +0 -39
data/test/support/helpers.rb +0 -73
data/test/support/integration.rb +0 -92
data/test/support/locale/en.yml +0 -8
data/test/support/mongoid.yml +0 -6
data/test/support/webrat/integrations/rails.rb +0 -24
data/test/test_helper.rb +0 -34
data/test/test_helpers_test.rb +0 -178
data/test/test_models.rb +0 -33

data/app/controllers/devise/registrations_controller.rb CHANGED Viewed

@@ -1,13 +1,15 @@
+# frozen_string_literal: true
 class Devise::RegistrationsController < DeviseController
-  prepend_before_filter :require_no_authentication, only: [:new, :create, :cancel]
-  prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy]
+  prepend_before_action :require_no_authentication, only: [:new, :create, :cancel]
+  prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy]
+  prepend_before_action :set_minimum_password_length, only: [:new, :edit]
   # GET /resource/sign_up
   def new
-    build_resource({})
-    set_minimum_password_length
+    build_resource
     yield resource if block_given?
-    respond_with self.resource
+    respond_with resource
   end
   # POST /resource
@@ -18,11 +20,11 @@ class Devise::RegistrationsController < DeviseController
     yield resource if block_given?
     if resource.persisted?
       if resource.active_for_authentication?
-        set_flash_message :notice, :signed_up if is_flashing_format?
+        set_flash_message! :notice, :signed_up
         sign_up(resource_name, resource)
         respond_with resource, location: after_sign_up_path_for(resource)
       else
-        set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
+        set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}"
         expire_data_after_sign_in!
         respond_with resource, location: after_inactive_sign_up_path_for(resource)
       end
@@ -48,15 +50,13 @@ class Devise::RegistrationsController < DeviseController
     resource_updated = update_resource(resource, account_update_params)
     yield resource if block_given?
     if resource_updated
-      if is_flashing_format?
-        flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
-          :update_needs_confirmation : :updated
-        set_flash_message :notice, flash_key
-      end
-      sign_in resource_name, resource, bypass: true
+      set_flash_message_for_update(resource, prev_unconfirmed_email)
+      bypass_sign_in resource, scope: resource_name if sign_in_after_change_password?
       respond_with resource, location: after_update_path_for(resource)
     else
       clean_up_passwords resource
+      set_minimum_password_length
       respond_with resource
     end
   end
@@ -65,7 +65,7 @@ class Devise::RegistrationsController < DeviseController
   def destroy
     resource.destroy
     Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
-    set_flash_message :notice, :destroyed if is_flashing_format?
+    set_flash_message! :notice, :destroyed
     yield resource if block_given?
     respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
   end
@@ -96,8 +96,8 @@ class Devise::RegistrationsController < DeviseController
   # Build a devise resource passing in the session. Useful to move
   # temporary session data to the newly created user.
-  def build_resource(hash=nil)
-    self.resource = resource_class.new_with_session(hash || {}, session)
+  def build_resource(hash = {})
+    self.resource = resource_class.new_with_session(hash, session)
   end
   # Signs in a user on sign up. You can overwrite this method in your own
@@ -109,7 +109,7 @@ class Devise::RegistrationsController < DeviseController
   # The path used after sign up. You need to overwrite this method
   # in your own RegistrationsController.
   def after_sign_up_path_for(resource)
-    after_sign_in_path_for(resource)
+    after_sign_in_path_for(resource) if is_navigational_format?
   end
   # The path used after sign up for inactive accounts. You need to overwrite
@@ -124,7 +124,7 @@ class Devise::RegistrationsController < DeviseController
   # The default url to be used after updating a resource. You need to overwrite
   # this method in your own RegistrationsController.
   def after_update_path_for(resource)
-    signed_in_root_path(resource)
+    sign_in_after_change_password? ? signed_in_root_path(resource) : new_session_path(resource_name)
   end
   # Authenticates the current scope and gets the current resource from the session.
@@ -144,4 +144,25 @@ class Devise::RegistrationsController < DeviseController
   def translation_scope
     'devise.registrations'
   end
+  private
+  def set_flash_message_for_update(resource, prev_unconfirmed_email)
+    return unless is_flashing_format?
+    flash_key = if update_needs_confirmation?(resource, prev_unconfirmed_email)
+                  :update_needs_confirmation
+                elsif sign_in_after_change_password?
+                  :updated
+                else
+                  :updated_but_not_signed_in
+                end
+    set_flash_message :notice, flash_key
+  end
+  def sign_in_after_change_password?
+    return true if account_update_params[:password].blank?
+    Devise.sign_in_after_change_password
+  end
 end

data/app/controllers/devise/sessions_controller.rb CHANGED Viewed

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
 class Devise::SessionsController < DeviseController
-  prepend_before_filter :require_no_authentication, only: [:new, :create]
-  prepend_before_filter :allow_params_authentication!, only: :create
-  prepend_before_filter :verify_signed_out_user, only: :destroy
-  prepend_before_filter only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
+  prepend_before_action :require_no_authentication, only: [:new, :create]
+  prepend_before_action :allow_params_authentication!, only: :create
+  prepend_before_action :verify_signed_out_user, only: :destroy
+  prepend_before_action(only: [:create, :destroy]) { request.env["devise.skip_timeout"] = true }
   # GET /resource/sign_in
   def new
@@ -15,7 +17,7 @@ class Devise::SessionsController < DeviseController
   # POST /resource/sign_in
   def create
     self.resource = warden.authenticate!(auth_options)
-    set_flash_message(:notice, :signed_in) if is_flashing_format?
+    set_flash_message!(:notice, :signed_in)
     sign_in(resource_name, resource)
     yield resource if block_given?
     respond_with resource, location: after_sign_in_path_for(resource)
@@ -24,7 +26,7 @@ class Devise::SessionsController < DeviseController
   # DELETE /resource/sign_out
   def destroy
     signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
-    set_flash_message :notice, :signed_out if signed_out && is_flashing_format?
+    set_flash_message! :notice, :signed_out if signed_out
     yield if block_given?
     respond_to_on_destroy
   end
@@ -58,7 +60,7 @@ class Devise::SessionsController < DeviseController
   # to the after_sign_out path.
   def verify_signed_out_user
     if all_signed_out?
-      set_flash_message :notice, :already_signed_out if is_flashing_format?
+      set_flash_message! :notice, :already_signed_out
       respond_to_on_destroy
     end

data/app/controllers/devise/unlocks_controller.rb CHANGED Viewed

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
 class Devise::UnlocksController < DeviseController
-  prepend_before_filter :require_no_authentication
+  prepend_before_action :require_no_authentication
   # GET /resource/unlock/new
   def new
@@ -24,7 +26,7 @@ class Devise::UnlocksController < DeviseController
     yield resource if block_given?
     if resource.errors.empty?
-      set_flash_message :notice, :unlocked if is_flashing_format?
+      set_flash_message! :notice, :unlocked
       respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
     else
       respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }

data/app/controllers/devise_controller.rb CHANGED Viewed

@@ -1,14 +1,20 @@
+# frozen_string_literal: true
 # All Devise controllers are inherited from here.
 class DeviseController < Devise.parent_controller.constantize
   include Devise::Controllers::ScopedViews
-  helper DeviseHelper
+  if respond_to?(:helper)
+    helper DeviseHelper
+  end
-  helpers = %w(resource scope_name resource_name signed_in_resource
-               resource_class resource_params devise_mapping)
-  helper_method(*helpers)
+  if respond_to?(:helper_method)
+    helpers = %w(resource scope_name resource_name signed_in_resource
+                 resource_class resource_params devise_mapping)
+    helper_method(*helpers)
+  end
-  prepend_before_filter :assert_is_devise_resource!
+  prepend_before_action :assert_is_devise_resource!
   respond_to :html if mimes_for_respond_to.empty?
   # Override prefixes to consider the scoped view.
@@ -16,7 +22,7 @@ class DeviseController < Devise.parent_controller.constantize
   # Action Controller tests that forces _prefixes to be
   # loaded before even having a request object.
   #
-  # This method should be public as it is is in ActionPack
+  # This method should be public as it is in ActionPack
   # itself. Changing its visibility may break other gems.
   def _prefixes #:nodoc:
     @_prefixes ||= if self.class.scoped_views? && request && devise_mapping
@@ -89,10 +95,10 @@ MESSAGE
     instance_variable_set(:"@#{resource_name}", new_resource)
   end
-  # Helper for use in before_filters where no authentication is required.
+  # Helper for use in before_actions where no authentication is required.
   #
   # Example:
-  #   before_filter :require_no_authentication, only: :new
+  #   before_action :require_no_authentication, only: :new
   def require_no_authentication
     assert_is_devise_resource!
     return unless is_navigational_format?
@@ -123,13 +129,13 @@ MESSAGE
     end
     if notice
-      set_flash_message :notice, notice if is_flashing_format?
+      set_flash_message! :notice, notice
       true
     end
   end
   # Sets the flash message with :key, using I18n. By default you are able
-  # to setup your messages using specific resource scope, and if no message is
+  # to set up your messages using specific resource scope, and if no message is
   # found we look to the default scope. Set the "now" options key to a true
   # value to populate the flash.now hash in lieu of the default flash hash (so
   # the flash message will be available to the current action instead of the
@@ -154,6 +160,13 @@ MESSAGE
     end
   end
+  # Sets flash message if is_flashing_format? equals true
+  def set_flash_message!(key, kind, options = {})
+    if is_flashing_format?
+      set_flash_message(key, kind, options)
+    end
+  end
   # Sets minimum password length to show to user
   def set_minimum_password_length
     if devise_mapping.validatable?

data/app/helpers/devise_helper.rb CHANGED Viewed

@@ -1,25 +1,18 @@
+# frozen_string_literal: true
 module DeviseHelper
-  # A simple way to show error messages for the current devise resource. If you need
-  # to customize this method, you can either overwrite it in your application helpers or
-  # copy the views to your application.
-  #
-  # This method is intended to stay simple and it is unlikely that we are going to change
-  # it to add more behavior or options.
+  # Retain this method for backwards compatibility, deprecated in favour of modifying the
+  # devise/shared/error_messages partial
   def devise_error_messages!
-    return "" if resource.errors.empty?
+    ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+      [Devise] `DeviseHelper.devise_error_messages!`
+      is deprecated and it will be removed in the next major version.
+      To customize the errors styles please run `rails g devise:views` and modify the
+      `devise/shared/error_messages` partial.
+    DEPRECATION
-    messages = resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join
-    sentence = I18n.t("errors.messages.not_saved",
-                      count: resource.errors.count,
-                      resource: resource.class.model_name.human.downcase)
-    html = <<-HTML
-    <div id="error_explanation">
-      <h2>#{sentence}</h2>
-      <ul>#{messages}</ul>
-    </div>
-    HTML
+    return "" if resource.errors.empty?
-    html.html_safe
+    render "devise/shared/error_messages", resource: resource
   end
 end

data/app/mailers/devise/mailer.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 if defined?(ActionMailer)
   class Devise::Mailer < Devise.parent_mailer.constantize
     include Devise::Mailers::Helpers
@@ -16,5 +18,13 @@ if defined?(ActionMailer)
       @token = token
       devise_mail(record, :unlock_instructions, opts)
     end
+    def email_changed(record, opts={})
+      devise_mail(record, :email_changed, opts)
+    end
+    def password_change(record, opts={})
+      devise_mail(record, :password_change, opts)
+    end
   end
 end

data/app/views/devise/confirmations/new.html.erb CHANGED Viewed

@@ -1,11 +1,11 @@
 <h2>Resend confirmation instructions</h2>
 <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
-  <%= devise_error_messages! %>
+  <%= render "devise/shared/error_messages", resource: resource %>
   <div class="field">
     <%= f.label :email %><br />
-    <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
+    <%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
   </div>
   <div class="actions">

data/app/views/devise/mailer/email_changed.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<p>Hello <%= @email %>!</p>
+<% if @resource.try(:unconfirmed_email?) %>
+  <p>We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.</p>
+<% else %>
+  <p>We're contacting you to notify you that your email has been changed to <%= @resource.email %>.</p>
+<% end %>

data/app/views/devise/mailer/password_change.html.erb ADDED Viewed

@@ -0,0 +1,3 @@
+<p>Hello <%= @resource.email %>!</p>
+<p>We're contacting you to notify you that your password has been changed.</p>

data/app/views/devise/passwords/edit.html.erb CHANGED Viewed

@@ -1,20 +1,20 @@
 <h2>Change your password</h2>
 <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
-  <%= devise_error_messages! %>
+  <%= render "devise/shared/error_messages", resource: resource %>
   <%= f.hidden_field :reset_password_token %>
   <div class="field">
     <%= f.label :password, "New password" %><br />
     <% if @minimum_password_length %>
-    <em>(<%= @minimum_password_length %> characters minimum)</em>
-    <% end %><br />
-    <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
+      <em>(<%= @minimum_password_length %> characters minimum)</em><br />
+    <% end %>
+    <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>
   </div>
   <div class="field">
     <%= f.label :password_confirmation, "Confirm new password" %><br />
-    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
   </div>
   <div class="actions">

data/app/views/devise/passwords/new.html.erb CHANGED Viewed

@@ -1,11 +1,11 @@
 <h2>Forgot your password?</h2>
 <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
-  <%= devise_error_messages! %>
+  <%= render "devise/shared/error_messages", resource: resource %>
   <div class="field">
     <%= f.label :email %><br />
-    <%= f.email_field :email, autofocus: true %>
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
   </div>
   <div class="actions">

data/app/views/devise/registrations/edit.html.erb CHANGED Viewed

@@ -1,11 +1,11 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
-  <%= devise_error_messages! %>
+  <%= render "devise/shared/error_messages", resource: resource %>
   <div class="field">
     <%= f.label :email %><br />
-    <%= f.email_field :email, autofocus: true %>
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
   </div>
   <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
@@ -14,17 +14,21 @@
   <div class="field">
     <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
-    <%= f.password_field :password, autocomplete: "off" %>
+    <%= f.password_field :password, autocomplete: "new-password" %>
+    <% if @minimum_password_length %>
+      <br />
+      <em><%= @minimum_password_length %> characters minimum</em>
+    <% end %>
   </div>
   <div class="field">
     <%= f.label :password_confirmation %><br />
-    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
   </div>
   <div class="field">
     <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
-    <%= f.password_field :current_password, autocomplete: "off" %>
+    <%= f.password_field :current_password, autocomplete: "current-password" %>
   </div>
   <div class="actions">

data/app/views/devise/registrations/new.html.erb CHANGED Viewed

@@ -1,11 +1,11 @@
 <h2>Sign up</h2>
 <%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
-  <%= devise_error_messages! %>
+  <%= render "devise/shared/error_messages", resource: resource %>
   <div class="field">
     <%= f.label :email %><br />
-    <%= f.email_field :email, autofocus: true %>
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
   </div>
   <div class="field">
@@ -13,12 +13,12 @@
     <% if @minimum_password_length %>
     <em>(<%= @minimum_password_length %> characters minimum)</em>
     <% end %><br />
-    <%= f.password_field :password, autocomplete: "off" %>
+    <%= f.password_field :password, autocomplete: "new-password" %>
   </div>
   <div class="field">
     <%= f.label :password_confirmation %><br />
-    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
   </div>
   <div class="actions">

data/app/views/devise/sessions/new.html.erb CHANGED Viewed

@@ -3,20 +3,20 @@
 <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
   <div class="field">
     <%= f.label :email %><br />
-    <%= f.email_field :email, autofocus: true %>
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
   </div>
   <div class="field">
     <%= f.label :password %><br />
-    <%= f.password_field :password, autocomplete: "off" %>
+    <%= f.password_field :password, autocomplete: "current-password" %>
   </div>
-  <% if devise_mapping.rememberable? -%>
+  <% if devise_mapping.rememberable? %>
     <div class="field">
       <%= f.check_box :remember_me %>
       <%= f.label :remember_me %>
     </div>
-  <% end -%>
+  <% end %>
   <div class="actions">
     <%= f.submit "Log in" %>

data/app/views/devise/shared/_error_messages.html.erb ADDED Viewed

@@ -0,0 +1,15 @@
+<% if resource.errors.any? %>
+  <div id="error_explanation">
+    <h2>
+      <%= I18n.t("errors.messages.not_saved",
+                 count: resource.errors.count,
+                 resource: resource.class.model_name.human.downcase)
+       %>
+    </h2>
+    <ul>
+      <% resource.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+    </ul>
+  </div>
+<% end %>

data/app/views/devise/shared/_links.html.erb CHANGED Viewed

@@ -1,25 +1,25 @@
 <%- if controller_name != 'sessions' %>
   <%= link_to "Log in", new_session_path(resource_name) %><br />
-<% end -%>
+<% end %>
 <%- if devise_mapping.registerable? && controller_name != 'registrations' %>
   <%= link_to "Sign up", new_registration_path(resource_name) %><br />
-<% end -%>
+<% end %>
 <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
   <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
-<% end -%>
+<% end %>
 <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
   <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
-<% end -%>
+<% end %>
 <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
   <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
-<% end -%>
+<% end %>
 <%- if devise_mapping.omniauthable? %>
   <%- resource_class.omniauth_providers.each do |provider| %>
-    <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
-  <% end -%>
-<% end -%>
+    <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %><br />
+  <% end %>
+<% end %>

data/app/views/devise/unlocks/new.html.erb CHANGED Viewed

@@ -1,11 +1,11 @@
 <h2>Resend unlock instructions</h2>
 <%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
-  <%= devise_error_messages! %>
+  <%= render "devise/shared/error_messages", resource: resource %>
   <div class="field">
     <%= f.label :email %><br />
-    <%= f.email_field :email, autofocus: true %>
+    <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
   </div>
   <div class="actions">

data/config/locales/en.yml CHANGED Viewed

@@ -23,6 +23,10 @@ en:
         subject: "Reset password instructions"
       unlock_instructions:
         subject: "Unlock instructions"
+      email_changed:
+        subject: "Email Changed"
+      password_change:
+        subject: "Password Changed"
     omniauth_callbacks:
       failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
       success: "Successfully authenticated from %{kind} account."
@@ -38,8 +42,9 @@ en:
       signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
       signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
       signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
-      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address."
       updated: "Your account has been updated successfully."
+      updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again"
     sessions:
       signed_in: "Signed in successfully."
       signed_out: "Signed out successfully."