devise 3.5.10 → 4.0.0.rc1

data/Gemfile

@@ -6,7 +6,6 @@ gem "rails", "4.2.2"
 gem "omniauth", "~> 1.2.0"
 gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
-gem "mime-types", "~> 2.99"
 
 group :test do
   gem "omniauth-facebook"

data/Gemfile.lock

@@ -1,12 +1,11 @@
 PATH
   remote: .
   specs:
-    devise (3.5.10)
+    devise (4.0.0.rc1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0, < 5.1)
       responders
-      thread_safe (~> 0.1)
       warden (~> 1.2.3)
 
 GEM
@@ -48,10 +47,10 @@ GEM
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     arel (6.0.3)
-    bcrypt (3.1.11)
+    bcrypt (3.1.10)
     bson (3.2.6)
     builder (3.2.2)
-    concurrent-ruby (1.0.1)
+    concurrent-ruby (1.0.0)
     connection_pool (2.2.0)
     erubis (2.7.0)
     faraday (0.9.2)
@@ -61,13 +60,13 @@ GEM
     hashie (3.4.3)
     i18n (0.7.0)
     json (1.8.3)
-    jwt (1.5.4)
+    jwt (1.5.2)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
-    mail (2.6.4)
-      mime-types (>= 1.16, < 4)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
     metaclass (0.0.4)
-    mime-types (2.99.1)
+    mime-types (2.99)
     mini_portile2 (2.0.0)
     minitest (5.8.4)
     mocha (1.1.0)
@@ -81,7 +80,7 @@ GEM
       bson (~> 3.0)
       connection_pool (~> 2.0)
       optionable (~> 0.2.0)
-    multi_json (1.11.3)
+    multi_json (1.11.2)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
     nokogiri (1.6.7.2)
@@ -138,16 +137,15 @@ GEM
       activesupport (= 4.2.2)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (11.1.2)
-    rdoc (4.2.2)
-      json (~> 1.4)
-    responders (2.2.0)
+    rake (10.5.0)
+    rdoc (4.2.1)
+    responders (2.1.1)
       railties (>= 4.2.0, < 5.1)
     ruby-openid (2.7.0)
-    sprockets (3.6.0)
+    sprockets (3.5.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.0.4)
+    sprockets-rails (3.0.0)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -171,7 +169,6 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
-  mime-types (~> 2.99)
   mocha (~> 1.1)
   mongoid (~> 4.0)
   omniauth (~> 1.2.0)
@@ -184,4 +181,4 @@ DEPENDENCIES
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.12.3
+   1.11.2

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2009-2015 Plataformatec. http://plataformatec.com.br
+Copyright 2009-2016 Plataformatec. http://plataformatec.com.br
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -92,7 +92,7 @@ Once you have solidified your understanding of Rails and authentication mechanis
 
 ## Getting started
 
-Devise 3.0 works with Rails 3.2 onwards. You can add it to your Gemfile with:
+Devise 4.0 works with Rails 4.2 onwards. You can add it to your Gemfile with:
 
 ```ruby
 gem 'devise'
@@ -184,6 +184,10 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`,
 
 ### Strong Parameters
 
+![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204)
+
+*For previous Devise versions see https://github.com/plataformatec/devise/tree/3-stable#strong-parameters*
+
 When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
 
 There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are:
@@ -201,7 +205,7 @@ class ApplicationController < ActionController::Base
   protected
 
   def configure_permitted_parameters
-    devise_parameter_sanitizer.for(:sign_up) << :username
+    devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
   end
 end
 ```
@@ -212,7 +216,9 @@ To permit simple scalar values for username and email, use this
 
 ```ruby
 def configure_permitted_parameters
-  devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) }
+  devise_parameter_sanitizer.permit(:sign_in) do |user_params|
+    user_params.permit(:username, :email)
+  end
 end
 ```
 
@@ -220,7 +226,9 @@ If you have some checkboxes that express the roles a user may take on registrati
 
 ```ruby
 def configure_permitted_parameters
-  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation) }
+  devise_parameter_sanitizer.permit(:sign_up) do |user_params|
+    user_params.permit({ roles: [] }, :email, :password, :password_confirmation)
+  end
 end
 ```
 For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see
@@ -231,8 +239,9 @@ If you have multiple Devise models, you may want to set up a different parameter
 
 ```ruby
 class User::ParameterSanitizer < Devise::ParameterSanitizer
-  def sign_in
-    default_params.permit(:username, :email)
+  def initialize(*)
+    super
+    permit(:sign_up, keys: [:username, :email])
   end
 end
 ```
@@ -347,7 +356,7 @@ Devise also ships with default routes. If you need to customize them, you should
 devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
 ```
 
-Be sure to check `devise_for` documentation for details.
+Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details.
 
 If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router:
 
@@ -416,6 +425,7 @@ If you're using RSpec, you can put the following inside a file named `spec/suppo
 ```ruby
 RSpec.configure do |config|
   config.include Devise::TestHelpers, type: :controller
+  config.include Devise::TestHelpers, type: :view
 end
 ```
 
@@ -433,7 +443,7 @@ sign_out @user         # sign_out(resource)
 
 There are two things that are important to keep in mind:
 
-1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
+1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. It is undesirable even to include `Devise::TestHelpers` during integration tests. Instead, fill in the form or explicitly set the user in session;
 
 2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use:
 
@@ -477,7 +487,7 @@ devise :database_authenticatable, :timeoutable
 devise_for :admins
 
 # Inside your protected controller
-before_filter :authenticate_admin!
+before_action :authenticate_admin!
 
 # Inside your controllers and views
 admin_signed_in?
@@ -545,6 +555,6 @@ https://github.com/plataformatec/devise/graphs/contributors
 
 ## License
 
-MIT License. Copyright 2009-2015 Plataformatec. http://plataformatec.com.br
+MIT License. Copyright 2009-2016 Plataformatec. http://plataformatec.com.br
 
 You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo.

data/app/controllers/devise/omniauth_callbacks_controller.rb

@@ -1,5 +1,5 @@
 class Devise::OmniauthCallbacksController < DeviseController
-  prepend_before_filter { request.env["devise.skip_timeout"] = true }
+  prepend_before_action { request.env["devise.skip_timeout"] = true }
 
   def passthru
     render status: 404, text: "Not found. Authentication passthru."
@@ -13,14 +13,14 @@ class Devise::OmniauthCallbacksController < DeviseController
   protected
 
   def failed_strategy
-    env["omniauth.error.strategy"]
+    request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : env["omniauth.error.strategy"]
   end
 
   def failure_message
-    exception = env["omniauth.error"]
+    exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : env["omniauth.error"]
     error   = exception.error_reason if exception.respond_to?(:error_reason)
     error ||= exception.error        if exception.respond_to?(:error)
-    error ||= env["omniauth.error.type"].to_s
+    error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : env["omniauth.error.type"]).to_s
     error.to_s.humanize if error
   end
 

data/app/controllers/devise/passwords_controller.rb

@@ -1,7 +1,7 @@
 class Devise::PasswordsController < DeviseController
-  prepend_before_filter :require_no_authentication
+  prepend_before_action :require_no_authentication
   # Render the #edit only if coming from a reset password email link
-  append_before_filter :assert_reset_token_passed, only: :edit
+  append_before_action :assert_reset_token_passed, only: :edit
 
   # GET /resource/password/new
   def new

data/app/controllers/devise/registrations_controller.rb

@@ -1,6 +1,6 @@
 class Devise::RegistrationsController < DeviseController
-  prepend_before_filter :require_no_authentication, only: [:new, :create, :cancel]
-  prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy]
+  prepend_before_action :require_no_authentication, only: [:new, :create, :cancel]
+  prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy]
 
   # GET /resource/sign_up
   def new

data/app/controllers/devise/sessions_controller.rb

@@ -1,8 +1,8 @@
 class Devise::SessionsController < DeviseController
-  prepend_before_filter :require_no_authentication, only: [:new, :create]
-  prepend_before_filter :allow_params_authentication!, only: :create
-  prepend_before_filter :verify_signed_out_user, only: :destroy
-  prepend_before_filter only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
+  prepend_before_action :require_no_authentication, only: [:new, :create]
+  prepend_before_action :allow_params_authentication!, only: :create
+  prepend_before_action :verify_signed_out_user, only: :destroy
+  prepend_before_action only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
 
   # GET /resource/sign_in
   def new

data/app/controllers/devise/unlocks_controller.rb

@@ -1,5 +1,5 @@
 class Devise::UnlocksController < DeviseController
-  prepend_before_filter :require_no_authentication
+  prepend_before_action :require_no_authentication
 
   # GET /resource/unlock/new
   def new

data/app/controllers/devise_controller.rb

@@ -2,13 +2,17 @@
 class DeviseController < Devise.parent_controller.constantize
   include Devise::Controllers::ScopedViews
 
-  helper DeviseHelper
+  if respond_to?(:helper)
+    helper DeviseHelper
+  end
 
-  helpers = %w(resource scope_name resource_name signed_in_resource
-               resource_class resource_params devise_mapping)
-  helper_method(*helpers)
+  if respond_to?(:helper_method)
+    helpers = %w(resource scope_name resource_name signed_in_resource
+                 resource_class resource_params devise_mapping)
+    helper_method(*helpers)
+  end
 
-  prepend_before_filter :assert_is_devise_resource!
+  prepend_before_action :assert_is_devise_resource!
   respond_to :html if mimes_for_respond_to.empty?
 
   # Override prefixes to consider the scoped view.
@@ -89,10 +93,10 @@ MESSAGE
     instance_variable_set(:"@#{resource_name}", new_resource)
   end
 
-  # Helper for use in before_filters where no authentication is required.
+  # Helper for use in before_actions where no authentication is required.
   #
   # Example:
-  #   before_filter :require_no_authentication, only: :new
+  #   before_action :require_no_authentication, only: :new
   def require_no_authentication
     assert_is_devise_resource!
     return unless is_navigational_format?

data/devise.gemspec

@@ -16,12 +16,11 @@ Gem::Specification.new do |s|
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- test/*`.split("\n")
   s.require_paths = ["lib"]
-  s.required_ruby_version = '>= 1.9.3'
+  s.required_ruby_version = '>= 2.1.0'
 
   s.add_dependency("warden", "~> 1.2.3")
   s.add_dependency("orm_adapter", "~> 0.1")
   s.add_dependency("bcrypt", "~> 3.0")
-  s.add_dependency("thread_safe", "~> 0.1")
-  s.add_dependency("railties", ">= 3.2.6", "< 5")
+  s.add_dependency("railties", ">= 4.1.0", "< 5.1")
   s.add_dependency("responders")
 end

data/gemfiles/Gemfile.rails-4.1-stable

@@ -6,7 +6,6 @@ gem "rails", github: 'rails/rails', branch: '4-1-stable'
 gem "omniauth", "~> 1.2.0"
 gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
-gem "mime-types", "~> 2.99"
 
 group :test do
   gem "omniauth-facebook"

data/gemfiles/Gemfile.rails-4.1-stable.lock

@@ -1,69 +1,68 @@
 GIT
   remote: git://github.com/rails/rails.git
-  revision: 41b4d81b4fd14cbf43060c223bea0f461256d099
+  revision: e8eda76893479a29ace8d85cf4e4cfc67cd6fd4b
   branch: 4-1-stable
   specs:
-    actionmailer (4.1.15)
-      actionpack (= 4.1.15)
-      actionview (= 4.1.15)
+    actionmailer (4.1.14.1)
+      actionpack (= 4.1.14.1)
+      actionview (= 4.1.14.1)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.1.15)
-      actionview (= 4.1.15)
-      activesupport (= 4.1.15)
+    actionpack (4.1.14.1)
+      actionview (= 4.1.14.1)
+      activesupport (= 4.1.14.1)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    actionview (4.1.15)
-      activesupport (= 4.1.15)
+    actionview (4.1.14.1)
+      activesupport (= 4.1.14.1)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.15)
-      activesupport (= 4.1.15)
+    activemodel (4.1.14.1)
+      activesupport (= 4.1.14.1)
       builder (~> 3.1)
-    activerecord (4.1.15)
-      activemodel (= 4.1.15)
-      activesupport (= 4.1.15)
+    activerecord (4.1.14.1)
+      activemodel (= 4.1.14.1)
+      activesupport (= 4.1.14.1)
       arel (~> 5.0.0)
-    activesupport (4.1.15)
+    activesupport (4.1.14.1)
       i18n (~> 0.6, >= 0.6.9)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.1)
       tzinfo (~> 1.1)
-    rails (4.1.15)
-      actionmailer (= 4.1.15)
-      actionpack (= 4.1.15)
-      actionview (= 4.1.15)
-      activemodel (= 4.1.15)
-      activerecord (= 4.1.15)
-      activesupport (= 4.1.15)
+    rails (4.1.14.1)
+      actionmailer (= 4.1.14.1)
+      actionpack (= 4.1.14.1)
+      actionview (= 4.1.14.1)
+      activemodel (= 4.1.14.1)
+      activerecord (= 4.1.14.1)
+      activesupport (= 4.1.14.1)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.15)
+      railties (= 4.1.14.1)
       sprockets-rails (~> 2.0)
-    railties (4.1.15)
-      actionpack (= 4.1.15)
-      activesupport (= 4.1.15)
+    railties (4.1.14.1)
+      actionpack (= 4.1.14.1)
+      activesupport (= 4.1.14.1)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
 
 PATH
   remote: ..
   specs:
-    devise (3.5.8)
+    devise (4.0.0.rc1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0, < 5.1)
       responders
-      thread_safe (~> 0.1)
       warden (~> 1.2.3)
 
 GEM
   remote: https://rubygems.org/
   specs:
     arel (5.0.1.20140414130214)
-    bcrypt (3.1.11)
+    bcrypt (3.1.10)
     bson (3.2.6)
     builder (3.2.2)
-    concurrent-ruby (1.0.1)
+    concurrent-ruby (1.0.0)
     connection_pool (2.2.0)
     erubis (2.7.0)
     faraday (0.9.2)
@@ -71,11 +70,11 @@ GEM
     hashie (3.4.3)
     i18n (0.7.0)
     json (1.8.3)
-    jwt (1.5.4)
-    mail (2.6.4)
-      mime-types (>= 1.16, < 4)
+    jwt (1.5.2)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
     metaclass (0.0.4)
-    mime-types (2.99.1)
+    mime-types (2.99)
     mini_portile2 (2.0.0)
     minitest (5.8.4)
     mocha (1.1.0)
@@ -89,7 +88,7 @@ GEM
       bson (~> 3.0)
       connection_pool (~> 2.0)
       optionable (~> 0.2.0)
-    multi_json (1.11.3)
+    multi_json (1.11.2)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
     nokogiri (1.6.7.2)
@@ -122,13 +121,12 @@ GEM
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rake (11.1.2)
-    rdoc (4.2.2)
-      json (~> 1.4)
+    rake (10.5.0)
+    rdoc (4.2.1)
     responders (1.1.2)
       railties (>= 3.2, < 4.2)
     ruby-openid (2.7.0)
-    sprockets (3.6.0)
+    sprockets (3.5.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (2.3.3)
@@ -155,7 +153,6 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
-  mime-types (~> 2.99)
   mocha (~> 1.1)
   mongoid (~> 4.0.0)
   omniauth (~> 1.2.0)