devise 3.5.1 → 4.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +281 -1066
- data/MIT-LICENSE +2 -1
- data/README.md +292 -97
- data/app/controllers/devise/confirmations_controller.rb +3 -1
- data/app/controllers/devise/omniauth_callbacks_controller.rb +8 -6
- data/app/controllers/devise/passwords_controller.rb +10 -7
- data/app/controllers/devise/registrations_controller.rb +39 -18
- data/app/controllers/devise/sessions_controller.rb +9 -7
- data/app/controllers/devise/unlocks_controller.rb +4 -2
- data/app/controllers/devise_controller.rb +25 -12
- data/app/helpers/devise_helper.rb +23 -18
- data/app/mailers/devise/mailer.rb +13 -3
- data/app/views/devise/confirmations/new.html.erb +2 -2
- data/app/views/devise/mailer/email_changed.html.erb +7 -0
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/passwords/edit.html.erb +5 -5
- data/app/views/devise/passwords/new.html.erb +2 -2
- data/app/views/devise/registrations/edit.html.erb +9 -5
- data/app/views/devise/registrations/new.html.erb +4 -4
- data/app/views/devise/sessions/new.html.erb +4 -4
- data/app/views/devise/shared/_error_messages.html.erb +15 -0
- data/app/views/devise/shared/_links.html.erb +8 -8
- data/app/views/devise/unlocks/new.html.erb +2 -2
- data/config/locales/en.yml +7 -2
- data/lib/devise/controllers/helpers.rb +42 -33
- data/lib/devise/controllers/rememberable.rb +11 -2
- data/lib/devise/controllers/scoped_views.rb +2 -0
- data/lib/devise/controllers/sign_in_out.rb +40 -21
- data/lib/devise/controllers/store_location.rb +25 -7
- data/lib/devise/controllers/url_helpers.rb +3 -1
- data/lib/devise/delegator.rb +2 -0
- data/lib/devise/encryptor.rb +6 -4
- data/lib/devise/failure_app.rb +84 -28
- data/lib/devise/hooks/activatable.rb +2 -0
- data/lib/devise/hooks/csrf_cleaner.rb +2 -0
- data/lib/devise/hooks/forgetable.rb +2 -0
- data/lib/devise/hooks/lockable.rb +4 -2
- data/lib/devise/hooks/proxy.rb +3 -1
- data/lib/devise/hooks/rememberable.rb +2 -0
- data/lib/devise/hooks/timeoutable.rb +7 -7
- data/lib/devise/hooks/trackable.rb +2 -0
- data/lib/devise/mailers/helpers.rb +7 -4
- data/lib/devise/mapping.rb +3 -1
- data/lib/devise/models/authenticatable.rb +63 -33
- data/lib/devise/models/confirmable.rb +108 -35
- data/lib/devise/models/database_authenticatable.rb +102 -22
- data/lib/devise/models/lockable.rb +24 -6
- data/lib/devise/models/omniauthable.rb +2 -0
- data/lib/devise/models/recoverable.rb +34 -26
- data/lib/devise/models/registerable.rb +4 -0
- data/lib/devise/models/rememberable.rb +42 -26
- data/lib/devise/models/timeoutable.rb +2 -6
- data/lib/devise/models/trackable.rb +15 -1
- data/lib/devise/models/validatable.rb +10 -3
- data/lib/devise/models.rb +3 -1
- data/lib/devise/modules.rb +2 -0
- data/lib/devise/omniauth/config.rb +2 -0
- data/lib/devise/omniauth/url_helpers.rb +14 -5
- data/lib/devise/omniauth.rb +4 -5
- data/lib/devise/orm/active_record.rb +5 -1
- data/lib/devise/orm/mongoid.rb +6 -2
- data/lib/devise/parameter_filter.rb +4 -0
- data/lib/devise/parameter_sanitizer.rb +139 -65
- data/lib/devise/rails/deprecated_constant_accessor.rb +39 -0
- data/lib/devise/rails/routes.rb +71 -51
- data/lib/devise/rails/warden_compat.rb +3 -10
- data/lib/devise/rails.rb +7 -16
- data/lib/devise/secret_key_finder.rb +27 -0
- data/lib/devise/strategies/authenticatable.rb +5 -3
- data/lib/devise/strategies/base.rb +2 -0
- data/lib/devise/strategies/database_authenticatable.rb +11 -4
- data/lib/devise/strategies/rememberable.rb +5 -6
- data/lib/devise/test/controller_helpers.rb +167 -0
- data/lib/devise/test/integration_helpers.rb +63 -0
- data/lib/devise/test_helpers.rb +7 -124
- data/lib/devise/time_inflector.rb +2 -0
- data/lib/devise/token_generator.rb +3 -41
- data/lib/devise/version.rb +3 -1
- data/lib/devise.rb +69 -46
- data/lib/generators/active_record/devise_generator.rb +46 -12
- data/lib/generators/active_record/templates/migration.rb +4 -2
- data/lib/generators/active_record/templates/migration_existing.rb +4 -2
- data/lib/generators/devise/controllers_generator.rb +3 -1
- data/lib/generators/devise/devise_generator.rb +5 -3
- data/lib/generators/devise/install_generator.rb +18 -5
- data/lib/generators/devise/orm_helpers.rb +10 -21
- data/lib/generators/devise/views_generator.rb +21 -11
- data/lib/generators/mongoid/devise_generator.rb +7 -5
- data/lib/generators/templates/README +9 -8
- data/lib/generators/templates/controllers/README +1 -1
- data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
- data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +3 -1
- data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
- data/lib/generators/templates/controllers/registrations_controller.rb +6 -4
- data/lib/generators/templates/controllers/sessions_controller.rb +4 -2
- data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
- data/lib/generators/templates/devise.rb +65 -23
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/email_changed.markerb +7 -0
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +5 -1
- data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +10 -2
- data/lib/generators/templates/simple_form_for/passwords/new.html.erb +4 -1
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +11 -3
- data/lib/generators/templates/simple_form_for/registrations/new.html.erb +11 -3
- data/lib/generators/templates/simple_form_for/sessions/new.html.erb +7 -2
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +4 -1
- metadata +21 -306
- data/.gitignore +0 -10
- data/.travis.yml +0 -45
- data/.yardopts +0 -9
- data/CONTRIBUTING.md +0 -14
- data/Gemfile +0 -29
- data/Gemfile.lock +0 -191
- data/Rakefile +0 -36
- data/devise.gemspec +0 -29
- data/devise.png +0 -0
- data/gemfiles/Gemfile.rails-3.2-stable +0 -29
- data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
- data/gemfiles/Gemfile.rails-4.0-stable +0 -29
- data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
- data/gemfiles/Gemfile.rails-4.1-stable +0 -29
- data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -169
- data/gemfiles/Gemfile.rails-4.2-stable +0 -29
- data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -191
- data/script/cached-bundle +0 -49
- data/script/s3-put +0 -71
- data/test/controllers/custom_registrations_controller_test.rb +0 -40
- data/test/controllers/custom_strategy_test.rb +0 -62
- data/test/controllers/helpers_test.rb +0 -316
- data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -51
- data/test/controllers/internal_helpers_test.rb +0 -129
- data/test/controllers/load_hooks_controller_test.rb +0 -19
- data/test/controllers/passwords_controller_test.rb +0 -31
- data/test/controllers/sessions_controller_test.rb +0 -103
- data/test/controllers/url_helpers_test.rb +0 -65
- data/test/delegator_test.rb +0 -19
- data/test/devise_test.rb +0 -107
- data/test/failure_app_test.rb +0 -298
- data/test/generators/active_record_generator_test.rb +0 -109
- data/test/generators/controllers_generator_test.rb +0 -48
- data/test/generators/devise_generator_test.rb +0 -39
- data/test/generators/install_generator_test.rb +0 -13
- data/test/generators/mongoid_generator_test.rb +0 -23
- data/test/generators/views_generator_test.rb +0 -96
- data/test/helpers/devise_helper_test.rb +0 -49
- data/test/integration/authenticatable_test.rb +0 -729
- data/test/integration/confirmable_test.rb +0 -324
- data/test/integration/database_authenticatable_test.rb +0 -95
- data/test/integration/http_authenticatable_test.rb +0 -105
- data/test/integration/lockable_test.rb +0 -239
- data/test/integration/omniauthable_test.rb +0 -133
- data/test/integration/recoverable_test.rb +0 -347
- data/test/integration/registerable_test.rb +0 -359
- data/test/integration/rememberable_test.rb +0 -176
- data/test/integration/timeoutable_test.rb +0 -189
- data/test/integration/trackable_test.rb +0 -92
- data/test/mailers/confirmation_instructions_test.rb +0 -115
- data/test/mailers/reset_password_instructions_test.rb +0 -96
- data/test/mailers/unlock_instructions_test.rb +0 -91
- data/test/mapping_test.rb +0 -134
- data/test/models/authenticatable_test.rb +0 -23
- data/test/models/confirmable_test.rb +0 -468
- data/test/models/database_authenticatable_test.rb +0 -249
- data/test/models/lockable_test.rb +0 -328
- data/test/models/omniauthable_test.rb +0 -7
- data/test/models/recoverable_test.rb +0 -228
- data/test/models/registerable_test.rb +0 -7
- data/test/models/rememberable_test.rb +0 -204
- data/test/models/serializable_test.rb +0 -49
- data/test/models/timeoutable_test.rb +0 -51
- data/test/models/trackable_test.rb +0 -41
- data/test/models/validatable_test.rb +0 -127
- data/test/models_test.rb +0 -144
- data/test/omniauth/config_test.rb +0 -57
- data/test/omniauth/url_helpers_test.rb +0 -54
- data/test/orm/active_record.rb +0 -10
- data/test/orm/mongoid.rb +0 -13
- data/test/parameter_sanitizer_test.rb +0 -81
- data/test/rails_app/Rakefile +0 -6
- data/test/rails_app/app/active_record/admin.rb +0 -6
- data/test/rails_app/app/active_record/shim.rb +0 -2
- data/test/rails_app/app/active_record/user.rb +0 -6
- data/test/rails_app/app/active_record/user_on_engine.rb +0 -7
- data/test/rails_app/app/active_record/user_on_main_app.rb +0 -7
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
- data/test/rails_app/app/controllers/admins_controller.rb +0 -11
- data/test/rails_app/app/controllers/application_controller.rb +0 -12
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -30
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -31
- data/test/rails_app/app/controllers/home_controller.rb +0 -25
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
- data/test/rails_app/app/controllers/users_controller.rb +0 -31
- data/test/rails_app/app/helpers/application_helper.rb +0 -3
- data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -3
- data/test/rails_app/app/mailers/users/mailer.rb +0 -3
- data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -4
- data/test/rails_app/app/mongoid/admin.rb +0 -29
- data/test/rails_app/app/mongoid/shim.rb +0 -23
- data/test/rails_app/app/mongoid/user.rb +0 -39
- data/test/rails_app/app/mongoid/user_on_engine.rb +0 -39
- data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -39
- data/test/rails_app/app/views/admins/index.html.erb +0 -1
- data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
- data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/home/index.html.erb +0 -1
- data/test/rails_app/app/views/home/join.html.erb +0 -1
- data/test/rails_app/app/views/home/private.html.erb +0 -1
- data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
- data/test/rails_app/app/views/layouts/application.html.erb +0 -24
- data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
- data/test/rails_app/app/views/users/index.html.erb +0 -1
- data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
- data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
- data/test/rails_app/bin/bundle +0 -3
- data/test/rails_app/bin/rails +0 -4
- data/test/rails_app/bin/rake +0 -4
- data/test/rails_app/config/application.rb +0 -40
- data/test/rails_app/config/boot.rb +0 -14
- data/test/rails_app/config/database.yml +0 -18
- data/test/rails_app/config/environment.rb +0 -5
- data/test/rails_app/config/environments/development.rb +0 -30
- data/test/rails_app/config/environments/production.rb +0 -84
- data/test/rails_app/config/environments/test.rb +0 -41
- data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
- data/test/rails_app/config/initializers/devise.rb +0 -180
- data/test/rails_app/config/initializers/inflections.rb +0 -2
- data/test/rails_app/config/initializers/secret_token.rb +0 -8
- data/test/rails_app/config/initializers/session_store.rb +0 -1
- data/test/rails_app/config/routes.rb +0 -122
- data/test/rails_app/config.ru +0 -4
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
- data/test/rails_app/db/schema.rb +0 -55
- data/test/rails_app/lib/shared_admin.rb +0 -17
- data/test/rails_app/lib/shared_user.rb +0 -29
- data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -13
- data/test/rails_app/public/404.html +0 -26
- data/test/rails_app/public/422.html +0 -26
- data/test/rails_app/public/500.html +0 -26
- data/test/rails_app/public/favicon.ico +0 -0
- data/test/rails_test.rb +0 -9
- data/test/routes_test.rb +0 -264
- data/test/support/action_controller/record_identifier.rb +0 -10
- data/test/support/assertions.rb +0 -39
- data/test/support/helpers.rb +0 -73
- data/test/support/integration.rb +0 -92
- data/test/support/locale/en.yml +0 -8
- data/test/support/mongoid.yml +0 -6
- data/test/support/webrat/integrations/rails.rb +0 -24
- data/test/test_helper.rb +0 -34
- data/test/test_helpers_test.rb +0 -178
- data/test/test_models.rb +0 -33
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
module Models
|
|
3
5
|
# Registerable is responsible for everything related to registering a new
|
|
@@ -19,6 +21,8 @@ module Devise
|
|
|
19
21
|
def new_with_session(params, session)
|
|
20
22
|
new(params)
|
|
21
23
|
end
|
|
24
|
+
|
|
25
|
+
Devise::Models.config(self, :sign_in_after_change_password)
|
|
22
26
|
end
|
|
23
27
|
end
|
|
24
28
|
end
|
|
@@ -1,10 +1,12 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'devise/strategies/rememberable'
|
|
2
4
|
require 'devise/hooks/rememberable'
|
|
3
5
|
require 'devise/hooks/forgetable'
|
|
4
6
|
|
|
5
7
|
module Devise
|
|
6
8
|
module Models
|
|
7
|
-
# Rememberable manages generating and clearing token for
|
|
9
|
+
# Rememberable manages generating and clearing token for remembering the user
|
|
8
10
|
# from a saved cookie. Rememberable also has utility methods for dealing
|
|
9
11
|
# with serializing the user into the cookie and back from the cookie, trying
|
|
10
12
|
# to lookup the record based on the saved information.
|
|
@@ -39,17 +41,15 @@ module Devise
|
|
|
39
41
|
module Rememberable
|
|
40
42
|
extend ActiveSupport::Concern
|
|
41
43
|
|
|
42
|
-
attr_accessor :remember_me
|
|
44
|
+
attr_accessor :remember_me
|
|
43
45
|
|
|
44
46
|
def self.required_fields(klass)
|
|
45
47
|
[:remember_created_at]
|
|
46
48
|
end
|
|
47
49
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
self.remember_token = self.class.remember_token if generate_remember_token?
|
|
52
|
-
self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
|
|
50
|
+
def remember_me!
|
|
51
|
+
self.remember_token ||= self.class.remember_token if respond_to?(:remember_token)
|
|
52
|
+
self.remember_created_at ||= Time.now.utc
|
|
53
53
|
save(validate: false) if self.changed?
|
|
54
54
|
end
|
|
55
55
|
|
|
@@ -57,19 +57,17 @@ module Devise
|
|
|
57
57
|
# it exists), and save the record without validations.
|
|
58
58
|
def forget_me!
|
|
59
59
|
return unless persisted?
|
|
60
|
-
self.remember_token = nil if respond_to?(:remember_token
|
|
60
|
+
self.remember_token = nil if respond_to?(:remember_token)
|
|
61
61
|
self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
|
|
62
62
|
save(validate: false)
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
|
|
65
|
+
def remember_expires_at
|
|
66
|
+
self.class.remember_for.from_now
|
|
68
67
|
end
|
|
69
68
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
remember_created_at + self.class.remember_for
|
|
69
|
+
def extend_remember_period
|
|
70
|
+
self.class.extend_remember_period
|
|
73
71
|
end
|
|
74
72
|
|
|
75
73
|
def rememberable_value
|
|
@@ -78,7 +76,7 @@ module Devise
|
|
|
78
76
|
elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt.presence)
|
|
79
77
|
salt
|
|
80
78
|
else
|
|
81
|
-
raise "
|
|
79
|
+
raise "authenticatable_salt returned nil for the #{self.class.name} model. " \
|
|
82
80
|
"In order to use rememberable, you must ensure a password is always set " \
|
|
83
81
|
"or have a remember_token column in your model or implement your own " \
|
|
84
82
|
"rememberable_value in the model with custom logic."
|
|
@@ -102,29 +100,47 @@ module Devise
|
|
|
102
100
|
def after_remembered
|
|
103
101
|
end
|
|
104
102
|
|
|
105
|
-
|
|
103
|
+
def remember_me?(token, generated_at)
|
|
104
|
+
# TODO: Normalize the JSON type coercion along with the Timeoutable hook
|
|
105
|
+
# in a single place https://github.com/heartcombo/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
|
|
106
|
+
if generated_at.is_a?(String)
|
|
107
|
+
generated_at = time_from_json(generated_at)
|
|
108
|
+
end
|
|
106
109
|
|
|
107
|
-
|
|
108
|
-
|
|
110
|
+
# The token is only valid if:
|
|
111
|
+
# 1. we have a date
|
|
112
|
+
# 2. the current time does not pass the expiry period
|
|
113
|
+
# 3. the record has a remember_created_at date
|
|
114
|
+
# 4. the token date is bigger than the remember_created_at
|
|
115
|
+
# 5. the token matches
|
|
116
|
+
generated_at.is_a?(Time) &&
|
|
117
|
+
(self.class.remember_for.ago < generated_at) &&
|
|
118
|
+
(generated_at > (remember_created_at || Time.now).utc) &&
|
|
119
|
+
Devise.secure_compare(rememberable_value, token)
|
|
109
120
|
end
|
|
110
121
|
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
def
|
|
114
|
-
|
|
122
|
+
private
|
|
123
|
+
|
|
124
|
+
def time_from_json(value)
|
|
125
|
+
if value =~ /\A\d+\.\d+\Z/
|
|
126
|
+
Time.at(value.to_f)
|
|
127
|
+
else
|
|
128
|
+
Time.parse(value) rescue nil
|
|
129
|
+
end
|
|
115
130
|
end
|
|
116
131
|
|
|
117
132
|
module ClassMethods
|
|
118
133
|
# Create the cookie key using the record id and remember_token
|
|
119
134
|
def serialize_into_cookie(record)
|
|
120
|
-
[record.to_key, record.rememberable_value]
|
|
135
|
+
[record.to_key, record.rememberable_value, Time.now.utc.to_f.to_s]
|
|
121
136
|
end
|
|
122
137
|
|
|
123
138
|
# Recreate the user based on the stored cookie
|
|
124
|
-
def serialize_from_cookie(
|
|
139
|
+
def serialize_from_cookie(*args)
|
|
140
|
+
id, token, generated_at = *args
|
|
141
|
+
|
|
125
142
|
record = to_adapter.get(id)
|
|
126
|
-
record if record &&
|
|
127
|
-
Devise.secure_compare(record.rememberable_value, remember_token)
|
|
143
|
+
record if record && record.remember_me?(token, generated_at)
|
|
128
144
|
end
|
|
129
145
|
|
|
130
146
|
# Generate a token checking if one does not already exist in the database.
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'devise/hooks/timeoutable'
|
|
2
4
|
|
|
3
5
|
module Devise
|
|
@@ -26,7 +28,6 @@ module Devise
|
|
|
26
28
|
|
|
27
29
|
# Checks whether the user session has expired based on configured time.
|
|
28
30
|
def timedout?(last_access)
|
|
29
|
-
return false if remember_exists_and_not_expired?
|
|
30
31
|
!timeout_in.nil? && last_access && last_access <= timeout_in.ago
|
|
31
32
|
end
|
|
32
33
|
|
|
@@ -36,11 +37,6 @@ module Devise
|
|
|
36
37
|
|
|
37
38
|
private
|
|
38
39
|
|
|
39
|
-
def remember_exists_and_not_expired?
|
|
40
|
-
return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?)
|
|
41
|
-
remember_created_at && !remember_expired?
|
|
42
|
-
end
|
|
43
|
-
|
|
44
40
|
module ClassMethods
|
|
45
41
|
Devise::Models.config(self, :timeout_in)
|
|
46
42
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'devise/hooks/trackable'
|
|
2
4
|
|
|
3
5
|
module Devise
|
|
@@ -20,7 +22,7 @@ module Devise
|
|
|
20
22
|
self.last_sign_in_at = old_current || new_current
|
|
21
23
|
self.current_sign_in_at = new_current
|
|
22
24
|
|
|
23
|
-
old_current, new_current = self.current_sign_in_ip, request
|
|
25
|
+
old_current, new_current = self.current_sign_in_ip, extract_ip_from(request)
|
|
24
26
|
self.last_sign_in_ip = old_current || new_current
|
|
25
27
|
self.current_sign_in_ip = new_current
|
|
26
28
|
|
|
@@ -29,9 +31,21 @@ module Devise
|
|
|
29
31
|
end
|
|
30
32
|
|
|
31
33
|
def update_tracked_fields!(request)
|
|
34
|
+
# We have to check if the user is already persisted before running
|
|
35
|
+
# `save` here because invalid users can be saved if we don't.
|
|
36
|
+
# See https://github.com/heartcombo/devise/issues/4673 for more details.
|
|
37
|
+
return if new_record?
|
|
38
|
+
|
|
32
39
|
update_tracked_fields(request)
|
|
33
40
|
save(validate: false)
|
|
34
41
|
end
|
|
42
|
+
|
|
43
|
+
protected
|
|
44
|
+
|
|
45
|
+
def extract_ip_from(request)
|
|
46
|
+
request.remote_ip
|
|
47
|
+
end
|
|
48
|
+
|
|
35
49
|
end
|
|
36
50
|
end
|
|
37
51
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
module Models
|
|
3
5
|
# Validatable creates all needed validations for a user email and password.
|
|
@@ -10,7 +12,7 @@ module Devise
|
|
|
10
12
|
# Validatable adds the following options to devise_for:
|
|
11
13
|
#
|
|
12
14
|
# * +email_regexp+: the regular expression used to validate e-mails;
|
|
13
|
-
# * +password_length+: a range expressing password length. Defaults to
|
|
15
|
+
# * +password_length+: a range expressing password length. Defaults to 6..128.
|
|
14
16
|
#
|
|
15
17
|
module Validatable
|
|
16
18
|
# All validations used by this module.
|
|
@@ -27,8 +29,13 @@ module Devise
|
|
|
27
29
|
|
|
28
30
|
base.class_eval do
|
|
29
31
|
validates_presence_of :email, if: :email_required?
|
|
30
|
-
|
|
31
|
-
|
|
32
|
+
if Devise.activerecord51?
|
|
33
|
+
validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email?
|
|
34
|
+
validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email?
|
|
35
|
+
else
|
|
36
|
+
validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
|
|
37
|
+
validates_format_of :email, with: email_regexp, allow_blank: true, if: :email_changed?
|
|
38
|
+
end
|
|
32
39
|
|
|
33
40
|
validates_presence_of :password, if: :password_required?
|
|
34
41
|
validates_confirmation_of :password, if: :password_required?
|
data/lib/devise/models.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
module Models
|
|
3
5
|
class MissingAttribute < StandardError
|
|
@@ -12,7 +14,7 @@ module Devise
|
|
|
12
14
|
|
|
13
15
|
# Creates configuration values for Devise and for the given module.
|
|
14
16
|
#
|
|
15
|
-
# Devise::Models.config(Devise::
|
|
17
|
+
# Devise::Models.config(Devise::Models::DatabaseAuthenticatable, :stretches)
|
|
16
18
|
#
|
|
17
19
|
# The line above creates:
|
|
18
20
|
#
|
data/lib/devise/modules.rb
CHANGED
|
@@ -1,17 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
module OmniAuth
|
|
3
5
|
module UrlHelpers
|
|
4
|
-
def
|
|
6
|
+
def omniauth_authorize_path(resource_or_scope, provider, *args)
|
|
7
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
8
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_path", *args)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def omniauth_authorize_url(resource_or_scope, provider, *args)
|
|
12
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
13
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_url", *args)
|
|
5
14
|
end
|
|
6
15
|
|
|
7
|
-
def
|
|
16
|
+
def omniauth_callback_path(resource_or_scope, provider, *args)
|
|
8
17
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
9
|
-
_devise_route_context.send("#{scope}
|
|
18
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_callback_path", *args)
|
|
10
19
|
end
|
|
11
20
|
|
|
12
|
-
def
|
|
21
|
+
def omniauth_callback_url(resource_or_scope, provider, *args)
|
|
13
22
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
|
14
|
-
_devise_route_context.send("#{scope}
|
|
23
|
+
_devise_route_context.send("#{scope}_#{provider}_omniauth_callback_url", *args)
|
|
15
24
|
end
|
|
16
25
|
end
|
|
17
26
|
end
|
data/lib/devise/omniauth.rb
CHANGED
|
@@ -1,15 +1,14 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
begin
|
|
4
|
+
gem "omniauth", ">= 1.0.0"
|
|
5
|
+
|
|
2
6
|
require "omniauth"
|
|
3
|
-
require "omniauth/version"
|
|
4
7
|
rescue LoadError
|
|
5
8
|
warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
|
|
6
9
|
raise
|
|
7
10
|
end
|
|
8
11
|
|
|
9
|
-
unless OmniAuth::VERSION =~ /^1\./
|
|
10
|
-
raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
|
|
11
|
-
end
|
|
12
|
-
|
|
13
12
|
# Clean up the default path_prefix. It will be automatically set by Devise.
|
|
14
13
|
OmniAuth.config.path_prefix = nil
|
|
15
14
|
|
data/lib/devise/orm/mongoid.rb
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
ActiveSupport.on_load(:mongoid) do
|
|
4
|
+
require 'orm_adapter/adapters/mongoid'
|
|
5
|
+
|
|
6
|
+
Mongoid::Document::ClassMethods.send :include, Devise::Models
|
|
7
|
+
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
4
|
class ParameterFilter
|
|
3
5
|
def initialize(case_insensitive_keys, strip_whitespace_keys)
|
|
@@ -16,6 +18,8 @@ module Devise
|
|
|
16
18
|
|
|
17
19
|
def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys)
|
|
18
20
|
condition_keys.each do |k|
|
|
21
|
+
next unless conditions.key?(k)
|
|
22
|
+
|
|
19
23
|
value = conditions[k]
|
|
20
24
|
conditions[k] = value.send(method) if value.respond_to?(method)
|
|
21
25
|
end
|
|
@@ -1,99 +1,173 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Devise
|
|
2
|
-
|
|
3
|
-
|
|
4
|
+
# The +ParameterSanitizer+ deals with permitting specific parameters values
|
|
5
|
+
# for each +Devise+ scope in the application.
|
|
6
|
+
#
|
|
7
|
+
# The sanitizer knows about Devise default parameters (like +password+ and
|
|
8
|
+
# +password_confirmation+ for the `RegistrationsController`), and you can
|
|
9
|
+
# extend or change the permitted parameters list on your controllers.
|
|
10
|
+
#
|
|
11
|
+
# === Permitting new parameters
|
|
12
|
+
#
|
|
13
|
+
# You can add new parameters to the permitted list using the +permit+ method
|
|
14
|
+
# in a +before_action+ method, for instance.
|
|
15
|
+
#
|
|
16
|
+
# class ApplicationController < ActionController::Base
|
|
17
|
+
# before_action :configure_permitted_parameters, if: :devise_controller?
|
|
18
|
+
#
|
|
19
|
+
# protected
|
|
20
|
+
#
|
|
21
|
+
# def configure_permitted_parameters
|
|
22
|
+
# # Permit the `subscribe_newsletter` parameter along with the other
|
|
23
|
+
# # sign up parameters.
|
|
24
|
+
# devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
|
|
25
|
+
# end
|
|
26
|
+
# end
|
|
27
|
+
#
|
|
28
|
+
# Using a block yields an +ActionController::Parameters+ object so you can
|
|
29
|
+
# permit nested parameters and have more control over how the parameters are
|
|
30
|
+
# permitted in your controller.
|
|
31
|
+
#
|
|
32
|
+
# def configure_permitted_parameters
|
|
33
|
+
# devise_parameter_sanitizer.permit(:sign_up) do |user|
|
|
34
|
+
# user.permit(newsletter_preferences: [])
|
|
35
|
+
# end
|
|
36
|
+
# end
|
|
37
|
+
class ParameterSanitizer
|
|
38
|
+
DEFAULT_PERMITTED_ATTRIBUTES = {
|
|
39
|
+
sign_in: [:password, :remember_me],
|
|
40
|
+
sign_up: [:password, :password_confirmation],
|
|
41
|
+
account_update: [:password, :password_confirmation, :current_password]
|
|
42
|
+
}
|
|
4
43
|
|
|
5
44
|
def initialize(resource_class, resource_name, params)
|
|
6
|
-
@
|
|
7
|
-
@resource_name = resource_name
|
|
45
|
+
@auth_keys = extract_auth_keys(resource_class)
|
|
8
46
|
@params = params
|
|
9
|
-
@
|
|
10
|
-
|
|
47
|
+
@resource_name = resource_name
|
|
48
|
+
@permitted = {}
|
|
11
49
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
@blocks[kind] = block
|
|
15
|
-
else
|
|
16
|
-
default_for(kind)
|
|
50
|
+
DEFAULT_PERMITTED_ATTRIBUTES.each_pair do |action, keys|
|
|
51
|
+
permit(action, keys: keys)
|
|
17
52
|
end
|
|
18
53
|
end
|
|
19
54
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
55
|
+
# Sanitize the parameters for a specific +action+.
|
|
56
|
+
#
|
|
57
|
+
# === Arguments
|
|
58
|
+
#
|
|
59
|
+
# * +action+ - A +Symbol+ with the action that the controller is
|
|
60
|
+
# performing, like +sign_up+, +sign_in+, etc.
|
|
61
|
+
#
|
|
62
|
+
# === Examples
|
|
63
|
+
#
|
|
64
|
+
# # Inside the `RegistrationsController#create` action.
|
|
65
|
+
# resource = build_resource(devise_parameter_sanitizer.sanitize(:sign_up))
|
|
66
|
+
# resource.save
|
|
67
|
+
#
|
|
68
|
+
# Returns an +ActiveSupport::HashWithIndifferentAccess+ with the permitted
|
|
69
|
+
# attributes.
|
|
70
|
+
def sanitize(action)
|
|
71
|
+
permissions = @permitted[action]
|
|
72
|
+
|
|
73
|
+
if permissions.respond_to?(:call)
|
|
74
|
+
cast_to_hash permissions.call(default_params)
|
|
75
|
+
elsif permissions.present?
|
|
76
|
+
cast_to_hash permit_keys(default_params, permissions)
|
|
23
77
|
else
|
|
24
|
-
|
|
78
|
+
unknown_action!(action)
|
|
25
79
|
end
|
|
26
80
|
end
|
|
27
81
|
|
|
28
|
-
|
|
82
|
+
# Add or remove new parameters to the permitted list of an +action+.
|
|
83
|
+
#
|
|
84
|
+
# === Arguments
|
|
85
|
+
#
|
|
86
|
+
# * +action+ - A +Symbol+ with the action that the controller is
|
|
87
|
+
# performing, like +sign_up+, +sign_in+, etc.
|
|
88
|
+
# * +keys:+ - An +Array+ of keys that also should be permitted.
|
|
89
|
+
# * +except:+ - An +Array+ of keys that shouldn't be permitted.
|
|
90
|
+
# * +block+ - A block that should be used to permit the action
|
|
91
|
+
# parameters instead of the +Array+ based approach. The block will be
|
|
92
|
+
# called with an +ActionController::Parameters+ instance.
|
|
93
|
+
#
|
|
94
|
+
# === Examples
|
|
95
|
+
#
|
|
96
|
+
# # Adding new parameters to be permitted in the `sign_up` action.
|
|
97
|
+
# devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
|
|
98
|
+
#
|
|
99
|
+
# # Removing the `password` parameter from the `account_update` action.
|
|
100
|
+
# devise_parameter_sanitizer.permit(:account_update, except: [:password])
|
|
101
|
+
#
|
|
102
|
+
# # Using the block form to completely override how we permit the
|
|
103
|
+
# # parameters for the `sign_up` action.
|
|
104
|
+
# devise_parameter_sanitizer.permit(:sign_up) do |user|
|
|
105
|
+
# user.permit(:email, :password, :password_confirmation)
|
|
106
|
+
# end
|
|
107
|
+
#
|
|
108
|
+
#
|
|
109
|
+
# Returns nothing.
|
|
110
|
+
def permit(action, keys: nil, except: nil, &block)
|
|
111
|
+
if block_given?
|
|
112
|
+
@permitted[action] = block
|
|
113
|
+
end
|
|
29
114
|
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
115
|
+
if keys.present?
|
|
116
|
+
@permitted[action] ||= @auth_keys.dup
|
|
117
|
+
@permitted[action].concat(keys)
|
|
118
|
+
end
|
|
33
119
|
|
|
34
|
-
|
|
35
|
-
|
|
120
|
+
if except.present?
|
|
121
|
+
@permitted[action] ||= @auth_keys.dup
|
|
122
|
+
@permitted[action] = @permitted[action] - except
|
|
123
|
+
end
|
|
36
124
|
end
|
|
37
125
|
|
|
38
|
-
|
|
39
|
-
params.fetch(resource_name, {})
|
|
40
|
-
end
|
|
41
|
-
end
|
|
126
|
+
private
|
|
42
127
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
128
|
+
# Cast a sanitized +ActionController::Parameters+ to a +HashWithIndifferentAccess+
|
|
129
|
+
# that can be used elsewhere.
|
|
130
|
+
#
|
|
131
|
+
# Returns an +ActiveSupport::HashWithIndifferentAccess+.
|
|
132
|
+
def cast_to_hash(params)
|
|
133
|
+
# TODO: Remove the `with_indifferent_access` method call when we only support Rails 5+.
|
|
134
|
+
params && params.to_h.with_indifferent_access
|
|
47
135
|
end
|
|
48
136
|
|
|
49
|
-
def
|
|
50
|
-
|
|
137
|
+
def default_params
|
|
138
|
+
if hashable_resource_params?
|
|
139
|
+
@params.fetch(@resource_name)
|
|
140
|
+
else
|
|
141
|
+
empty_params
|
|
142
|
+
end
|
|
51
143
|
end
|
|
52
144
|
|
|
53
|
-
def
|
|
54
|
-
|
|
145
|
+
def hashable_resource_params?
|
|
146
|
+
@params[@resource_name].respond_to?(:permit)
|
|
55
147
|
end
|
|
56
148
|
|
|
57
|
-
def
|
|
58
|
-
|
|
149
|
+
def empty_params
|
|
150
|
+
ActionController::Parameters.new({})
|
|
59
151
|
end
|
|
60
152
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
# TODO: We do need to flatten so it works with strong_parameters
|
|
64
|
-
# gem. We should drop it once we move to Rails 4 only support.
|
|
65
|
-
def permit(keys)
|
|
66
|
-
default_params.permit(*Array(keys))
|
|
153
|
+
def permit_keys(parameters, keys)
|
|
154
|
+
parameters.permit(*keys)
|
|
67
155
|
end
|
|
68
156
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
def default_for(kind)
|
|
72
|
-
@permitted[kind] || raise("No sanitizer provided for #{kind}")
|
|
73
|
-
end
|
|
157
|
+
def extract_auth_keys(klass)
|
|
158
|
+
auth_keys = klass.authentication_keys
|
|
74
159
|
|
|
75
|
-
|
|
76
|
-
if respond_to?(kind, true)
|
|
77
|
-
send(kind)
|
|
78
|
-
else
|
|
79
|
-
raise NotImplementedError, "Devise doesn't know how to sanitize parameters for #{kind}"
|
|
80
|
-
end
|
|
160
|
+
auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys
|
|
81
161
|
end
|
|
82
162
|
|
|
83
|
-
def
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
auth_keys + [:password, :password_confirmation]
|
|
89
|
-
when :account_update
|
|
90
|
-
auth_keys + [:password, :password_confirmation, :current_password]
|
|
91
|
-
end
|
|
92
|
-
end
|
|
163
|
+
def unknown_action!(action)
|
|
164
|
+
raise NotImplementedError, <<-MESSAGE.strip_heredoc
|
|
165
|
+
"Devise doesn't know how to sanitize parameters for '#{action}'".
|
|
166
|
+
If you want to define a new set of parameters to be sanitized use the
|
|
167
|
+
`permit` method first:
|
|
93
168
|
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
@resource_class.authentication_keys.keys : @resource_class.authentication_keys
|
|
169
|
+
devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3])
|
|
170
|
+
MESSAGE
|
|
97
171
|
end
|
|
98
172
|
end
|
|
99
173
|
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
begin
|
|
4
|
+
require 'active_support/deprecation/constant_accessor'
|
|
5
|
+
|
|
6
|
+
module Devise
|
|
7
|
+
DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc:
|
|
8
|
+
end
|
|
9
|
+
rescue LoadError
|
|
10
|
+
|
|
11
|
+
# Copy of constant deprecation module from Rails / Active Support version 6, so we can use it
|
|
12
|
+
# with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater.
|
|
13
|
+
module Devise
|
|
14
|
+
module DeprecatedConstantAccessor #:nodoc:
|
|
15
|
+
def self.included(base)
|
|
16
|
+
require "active_support/inflector/methods"
|
|
17
|
+
|
|
18
|
+
extension = Module.new do
|
|
19
|
+
def const_missing(missing_const_name)
|
|
20
|
+
if class_variable_defined?(:@@_deprecated_constants)
|
|
21
|
+
if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s])
|
|
22
|
+
replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations)
|
|
23
|
+
return ActiveSupport::Inflector.constantize(replacement[:new].to_s)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
super
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance)
|
|
30
|
+
class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
|
|
31
|
+
class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
base.singleton_class.prepend extension
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|