RubyGems - devise - Versions diffs - 3.5.10 → 4.0.0.rc1 - Mend

devise 3.5.10 → 4.0.0.rc1

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (96) hide show

checksums.yaml +4 -4
data/.travis.yml +9 -9
data/CHANGELOG.md +33 -1188
data/Gemfile +0 -1
data/Gemfile.lock +15 -18
data/MIT-LICENSE +1 -1
data/README.md +20 -10
data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
data/app/controllers/devise/passwords_controller.rb +2 -2
data/app/controllers/devise/registrations_controller.rb +2 -2
data/app/controllers/devise/sessions_controller.rb +4 -4
data/app/controllers/devise/unlocks_controller.rb +1 -1
data/app/controllers/devise_controller.rb +11 -7
data/devise.gemspec +2 -3
data/gemfiles/Gemfile.rails-4.1-stable +0 -1
data/gemfiles/Gemfile.rails-4.1-stable.lock +38 -41
data/gemfiles/Gemfile.rails-4.2-stable +0 -1
data/gemfiles/Gemfile.rails-4.2-stable.lock +47 -50
data/gemfiles/Gemfile.rails-5.0-beta +37 -0
data/gemfiles/Gemfile.rails-5.0-beta.lock +242 -0
data/lib/devise.rb +8 -8
data/lib/devise/controllers/helpers.rb +7 -11
data/lib/devise/failure_app.rb +17 -9
data/lib/devise/models/authenticatable.rb +5 -1
data/lib/devise/models/confirmable.rb +3 -4
data/lib/devise/models/database_authenticatable.rb +1 -0
data/lib/devise/models/lockable.rb +1 -5
data/lib/devise/models/rememberable.rb +5 -11
data/lib/devise/parameter_sanitizer.rb +176 -61
data/lib/devise/rails.rb +1 -10
data/lib/devise/rails/routes.rb +25 -14
data/lib/devise/rails/warden_compat.rb +1 -10
data/lib/devise/strategies/rememberable.rb +6 -3
data/lib/devise/test_helpers.rb +9 -4
data/lib/devise/token_generator.rb +1 -41
data/lib/devise/version.rb +1 -1
data/lib/generators/active_record/devise_generator.rb +3 -3
data/lib/generators/active_record/templates/migration.rb +1 -1
data/lib/generators/active_record/templates/migration_existing.rb +1 -1
data/lib/generators/devise/orm_helpers.rb +0 -17
data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
data/lib/generators/templates/devise.rb +4 -5
data/test/controllers/custom_registrations_controller_test.rb +5 -5
data/test/controllers/custom_strategy_test.rb +7 -5
data/test/controllers/helper_methods_test.rb +3 -2
data/test/controllers/helpers_test.rb +1 -1
data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
data/test/controllers/internal_helpers_test.rb +8 -10
data/test/controllers/load_hooks_controller_test.rb +1 -1
data/test/controllers/passwords_controller_test.rb +4 -3
data/test/controllers/sessions_controller_test.rb +21 -18
data/test/controllers/url_helpers_test.rb +1 -1
data/test/failure_app_test.rb +19 -14
data/test/generators/active_record_generator_test.rb +0 -26
data/test/helpers/devise_helper_test.rb +1 -1
data/test/integration/authenticatable_test.rb +18 -18
data/test/integration/confirmable_test.rb +5 -5
data/test/integration/database_authenticatable_test.rb +1 -1
data/test/integration/http_authenticatable_test.rb +4 -5
data/test/integration/lockable_test.rb +4 -3
data/test/integration/omniauthable_test.rb +1 -1
data/test/integration/recoverable_test.rb +10 -10
data/test/integration/registerable_test.rb +9 -11
data/test/integration/rememberable_test.rb +7 -43
data/test/integration/timeoutable_test.rb +4 -4
data/test/integration/trackable_test.rb +1 -1
data/test/models/confirmable_test.rb +5 -13
data/test/models/lockable_test.rb +0 -22
data/test/models/rememberable_test.rb +0 -12
data/test/models/validatable_test.rb +2 -10
data/test/omniauth/url_helpers_test.rb +1 -2
data/test/orm/active_record.rb +6 -1
data/test/parameter_sanitizer_test.rb +103 -53
data/test/rails_app/app/active_record/user.rb +3 -0
data/test/rails_app/app/controllers/admins_controller.rb +1 -1
data/test/rails_app/app/controllers/application_controller.rb +2 -2
data/test/rails_app/app/controllers/home_controller.rb +5 -1
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
data/test/rails_app/app/controllers/users_controller.rb +5 -5
data/test/rails_app/config/application.rb +1 -1
data/test/rails_app/config/boot.rb +3 -3
data/test/rails_app/config/environments/test.rb +6 -1
data/test/rails_app/config/initializers/secret_token.rb +1 -6
data/test/routes_test.rb +26 -11
data/test/support/http_method_compatibility.rb +51 -0
data/test/support/webrat/integrations/rails.rb +9 -0
data/test/test_helpers_test.rb +3 -3
metadata +13 -31
data/gemfiles/Gemfile.rails-3.2-stable +0 -29
data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -172
data/gemfiles/Gemfile.rails-4.0-stable +0 -30
data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -166
data/script/cached-bundle +0 -49
data/script/s3-put +0 -71
data/test/time_helpers.rb +0 -137

@@ -39,18 +39,9 @@ module Devise
       Devise.token_generator ||=
         if secret_key = Devise.secret_key
           Devise::TokenGenerator.new(
-            Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key))
+            ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key))
           )
         end
     end
-    initializer "devise.fix_routes_proxy_missing_respond_to_bug" do
-      # Deprecate: Remove once we move to Rails 4 only.
-      ActionDispatch::Routing::RoutesProxy.class_eval do
-        def respond_to?(method, include_private = false)
-          super || routes.url_helpers.respond_to?(method)
-        end
-      end
-    end
   end
 end

data/lib/devise/rails/routes.rb CHANGED

@@ -1,13 +1,10 @@
 require "active_support/core_ext/object/try"
 require "active_support/core_ext/hash/slice"
-module ActionDispatch::Routing
-  class RouteSet #:nodoc:
-    # Ensure Devise modules are included only after loading routes, because we
-    # need devise_for mappings already declared to create filters and helpers.
-    def finalize_with_devise!
-      result = finalize_without_devise!
+module Devise
+  module RouteSet
+    def finalize!
+      result = super
       @devise_finalized ||= begin
         if Devise.router_name.nil? && defined?(@devise_finalized) && self != Rails.application.try(:routes)
           warn "[DEVISE] We have detected that you are using devise_for inside engine routes. " \
@@ -21,10 +18,16 @@ module ActionDispatch::Routing
         Devise.regenerate_helpers!
         true
       end
       result
     end
-    alias_method_chain :finalize!, :devise
+  end
+end
+module ActionDispatch::Routing
+  class RouteSet #:nodoc:
+    # Ensure Devise modules are included only after loading routes, because we
+    # need devise_for mappings already declared to create filters and helpers.
+    prepend Devise::RouteSet
   end
   class Mapper
@@ -105,7 +108,7 @@ module ActionDispatch::Routing
     #      end
     #
     #      class ManagerController < ApplicationController
-    #        before_filter authenticate_manager!
+    #        before_action authenticate_manager!
     #
     #        def show
     #          @manager = current_manager
@@ -428,8 +431,12 @@ options to another `devise_for` call outside the scope. Here is an example:
     end
 ERROR
         end
-        path, @scope[:path] = @scope[:path], nil
+        current_scope = @scope.dup
+        if @scope.respond_to? :new
+          @scope = @scope.new path: nil
+        else
+          @scope[:path] = nil
+        end
         path_prefix = Devise.omniauth_path_prefix || "/#{mapping.fullpath}/auth".squeeze("/")
         set_omniauth_path_prefix!(path_prefix)
@@ -448,7 +455,7 @@ ERROR
           as: :omniauth_callback,
           via: [:get, :post]
       ensure
-        @scope[:path] = path
+        @scope = current_scope
       end
       def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc:
@@ -457,7 +464,11 @@ ERROR
         exclusive = { as: new_as, path: new_path, module: nil }
         exclusive.merge!(options.slice(:constraints, :defaults, :options))
-        exclusive.each_pair { |key, value| @scope[key] = value }
+        if @scope.respond_to? :new
+          @scope = @scope.new exclusive
+        else
+          exclusive.each_pair { |key, value| @scope[key] = value }
+        end
         yield
       ensure
         @scope = current_scope

data/lib/devise/rails/warden_compat.rb CHANGED

@@ -3,17 +3,8 @@ module Warden::Mixins::Common
     @request ||= ActionDispatch::Request.new(env)
   end
-  # Deprecate: Remove this check once we move to Rails 4 only.
-  NULL_STORE =
-    defined?(ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash) ?
-      ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash : nil
   def reset_session!
-    # Calling reset_session on NULL_STORE causes it fail.
-    # This is a bug that needs to be fixed in Rails.
-    unless NULL_STORE && request.session.is_a?(NULL_STORE)
-      request.reset_session
-    end
+    request.reset_session
   end
   def cookies

data/lib/devise/strategies/rememberable.rb CHANGED

@@ -25,7 +25,8 @@ module Devise
         end
         if validate(resource)
-          remember_me(resource) if extend_remember_me?(resource)
+          remember_me(resource)
+          extend_remember_me_period(resource)
           resource.after_remembered
           success!(resource)
         end
@@ -42,8 +43,10 @@ module Devise
     private
-      def extend_remember_me?(resource)
-        resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
+      def extend_remember_me_period(resource)
+        if resource.respond_to?(:extend_remember_period=)
+          resource.extend_remember_period = mapping.to.extend_remember_period
+        end
       end
       def remember_me?

data/lib/devise/test_helpers.rb CHANGED

@@ -16,7 +16,10 @@ module Devise
     # Override process to consider warden.
     def process(*)
       # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts
-      _catch_warden { super } || @response
+      _catch_warden { super } # || @response  # _catch_warden will setup the @response object
+      # process needs to return the ActionDispath::TestResponse object
+      @response
     end
     # We need to setup the environment variables and the response in the controller.
@@ -109,8 +112,9 @@ module Devise
         status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
         @controller.response.headers.merge!(headers)
-        @controller.send :render, status: status, text: response.body,
-          content_type: headers["Content-Type"], location: headers["Location"]
+        r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] }
+        r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body
+        @controller.send :render, r_opts
         nil # causes process return @response
       end
@@ -122,7 +126,8 @@ module Devise
         # ensure the controller response is set to our response.
         @controller.response ||= @response
         @response.status = ret.first
-        @response.headers = ret.second
+        @response.headers.clear
+        ret.second.each { |k,v| @response[k] = v }
         @response.body = ret.third
       end

data/lib/devise/token_generator.rb CHANGED

@@ -1,11 +1,8 @@
-# Deprecate: Copied verbatim from Rails source, remove once we move to Rails 4 only.
-require 'thread_safe'
 require 'openssl'
-require 'securerandom'
 module Devise
   class TokenGenerator
-    def initialize(key_generator, digest="SHA256")
+    def initialize(key_generator, digest = "SHA256")
       @key_generator = key_generator
       @digest = digest
     end
@@ -30,41 +27,4 @@ module Devise
       @key_generator.generate_key("Devise #{column}")
     end
   end
-  # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2
-  # It can be used to derive a number of keys for various purposes from a given secret.
-  # This lets Rails applications have a single secure secret, but avoid reusing that
-  # key in multiple incompatible contexts.
-  class KeyGenerator
-    def initialize(secret, options = {})
-      @secret = secret
-      # The default iterations are higher than required for our key derivation uses
-      # on the off chance someone uses this for password storage
-      @iterations = options[:iterations] || 2**16
-    end
-    # Returns a derived key suitable for use.  The default key_size is chosen
-    # to be compatible with the default settings of ActiveSupport::MessageVerifier.
-    # i.e. OpenSSL::Digest::SHA1#block_length
-    def generate_key(salt, key_size=64)
-      OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
-    end
-  end
-  # CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid
-  # re-executing the key generation process when it's called using the same salt and
-  # key_size
-  class CachingKeyGenerator
-    def initialize(key_generator)
-      @key_generator = key_generator
-      @cache_keys = ThreadSafe::Cache.new
-    end
-    # Returns a derived key suitable for use.  The default key_size is chosen
-    # to be compatible with the default settings of ActiveSupport::MessageVerifier.
-    # i.e. OpenSSL::Digest::SHA1#block_length
-    def generate_key(salt, key_size=64)
-      @cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size)
-    end
-  end
 end

data/lib/devise/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.5.10".freeze
+  VERSION = "4.0.0.rc1".freeze
 end

data/lib/generators/active_record/devise_generator.rb CHANGED

@@ -75,11 +75,11 @@ RUBY
       end
       def inet?
-        rails4? && postgresql?
+        postgresql?
       end
-      def rails4?
-        Rails.version.start_with? '4'
+      def rails5?
+        Rails.version.start_with? '5'
       end
       def postgresql?

data/lib/generators/active_record/templates/migration.rb CHANGED

@@ -1,6 +1,6 @@
 class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
   def change
-    create_table(:<%= table_name %>) do |t|
+    create_table :<%= table_name %> do |t|
 <%= migration_data -%>
 <% attributes.each do |attribute| -%>

data/lib/generators/active_record/templates/migration_existing.rb CHANGED

@@ -1,6 +1,6 @@
 class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
   def self.up
-    change_table(:<%= table_name %>) do |t|
+    change_table :<%= table_name %> do |t|
 <%= migration_data -%>
 <% attributes.each do |attribute| -%>

data/lib/generators/devise/orm_helpers.rb CHANGED

@@ -8,27 +8,10 @@ module Devise
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable
-CONTENT
-        buffer += <<-CONTENT if needs_attr_accessible?
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
 CONTENT
         buffer
       end
-      def needs_attr_accessible?
-        rails_3? && !strong_parameters_enabled?
-      end
-      def rails_3?
-        Rails::VERSION::MAJOR == 3
-      end
-      def strong_parameters_enabled?
-        defined?(ActionController::StrongParameters)
-      end
       private
       def model_exists?

data/lib/generators/templates/controllers/registrations_controller.rb CHANGED

@@ -1,6 +1,6 @@
 class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
-# before_filter :configure_sign_up_params, only: [:create]
-# before_filter :configure_account_update_params, only: [:update]
+# before_action :configure_sign_up_params, only: [:create]
+# before_action :configure_account_update_params, only: [:update]
   # GET /resource/sign_up
   # def new
@@ -40,12 +40,12 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl
   # If you have extra params to permit, append them to the sanitizer.
   # def configure_sign_up_params
-  #   devise_parameter_sanitizer.for(:sign_up) << :attribute
+  #   devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
   # end
   # If you have extra params to permit, append them to the sanitizer.
   # def configure_account_update_params
-  #   devise_parameter_sanitizer.for(:account_update) << :attribute
+  #   devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
   # end
   # The path used after sign up.

data/lib/generators/templates/controllers/sessions_controller.rb CHANGED

@@ -1,5 +1,5 @@
 class <%= @scope_prefix %>SessionsController < Devise::SessionsController
-# before_filter :configure_sign_in_params, only: [:create]
+# before_action :configure_sign_in_params, only: [:create]
   # GET /resource/sign_in
   # def new
@@ -20,6 +20,6 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController
   # If you have extra params to permit, append them to the sanitizer.
   # def configure_sign_in_params
-  #   devise_parameter_sanitizer.for(:sign_in) << :attribute
+  #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
   # end
 end

data/lib/generators/templates/devise.rb CHANGED

@@ -4,13 +4,9 @@ Devise.setup do |config|
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
   # confirmation, reset password and unlock tokens in the database.
-  # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`
+  # Devise will use the `secret_key_base` as its `secret_key`
   # by default. You can change it below and use your own secret key.
-<% if rails_4? -%>
   # config.secret_key = '<%= SecureRandom.hex(64) %>'
-<% else -%>
-  config.secret_key = '<%= SecureRandom.hex(64) %>'
-<% end -%>
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
@@ -21,6 +17,9 @@ Devise.setup do |config|
   # Configure the class responsible to send e-mails.
   # config.mailer = 'Devise::Mailer'
+  # Configure the parent class responsible to send e-mails.
+  # config.parent_mailer = 'ActionMailer::Base'
   # ==> ORM configuration
   # Load and configure the ORM. Supports :active_record (default) and
   # :mongoid (bson_ext recommended) by default. Other ORMs may be

data/test/controllers/custom_registrations_controller_test.rb CHANGED

@@ -1,6 +1,6 @@
 require 'test_helper'
-class CustomRegistrationsControllerTest < ActionController::TestCase
+class CustomRegistrationsControllerTest < Devise::ControllerTestCase
   tests Custom::RegistrationsController
   include Devise::TestHelpers
@@ -12,24 +12,24 @@ class CustomRegistrationsControllerTest < ActionController::TestCase
   end
   test "yield resource to block on create success" do
-    post :create, { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
+    post :create, params: { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
     assert @controller.create_block_called?, "create failed to yield resource to provided block"
   end
   test "yield resource to block on create failure" do
-    post :create, { user: { } }
+    post :create, params: { user: { } }
     assert @controller.create_block_called?, "create failed to yield resource to provided block"
   end
   test "yield resource to block on update success" do
     sign_in @user
-    put :update, { user: { current_password: @password } }
+    put :update, params: { user: { current_password: @password } }
     assert @controller.update_block_called?, "update failed to yield resource to provided block"
   end
   test "yield resource to block on update failure" do
     sign_in @user
-    put :update, { user: { } }
+    put :update, params: { user: { } }
     assert @controller.update_block_called?, "update failed to yield resource to provided block"
   end

data/test/controllers/custom_strategy_test.rb CHANGED

@@ -24,7 +24,7 @@ class CustomStrategy < Warden::Strategies::Base
   end
 end
-class CustomStrategyTest < ActionController::TestCase
+class CustomStrategyTest < Devise::ControllerTestCase
   tests CustomStrategyController
   include Devise::TestHelpers
@@ -41,8 +41,9 @@ class CustomStrategyTest < ActionController::TestCase
     ret = get :new
     # check the returned rack array
-    assert ret.is_a?(Array)
-    assert_equal 400, ret.first
+    # assert ret.is_a?(Array)
+    # assert_equal 400, ret.first
+    assert ret.is_a?(ActionDispatch::TestResponse)
     # check the saved response as well. This is purely so that the response is available to the testing framework
     # for verification. In production, the above array would be delivered directly to Rack.
@@ -53,8 +54,9 @@ class CustomStrategyTest < ActionController::TestCase
     ret = get :new
     # check the returned rack array
-    assert ret.is_a?(Array)
-    assert_equal ret.third['X-FOO'], 'BAR'
+    # assert ret.is_a?(Array)
+    # assert_equal ret.third['X-FOO'], 'BAR'
+    assert ret.is_a?(ActionDispatch::TestResponse)
     # check the saved response headers as well.
     assert_equal response.headers['X-FOO'], 'BAR'

data/test/controllers/helper_methods_test.rb CHANGED

@@ -4,14 +4,15 @@ class ApiController < ActionController::Metal
   include Devise::Controllers::Helpers
 end
-class HelperMethodsTest < ActionController::TestCase
+class HelperMethodsTest < Devise::ControllerTestCase
   tests ApiController
   test 'includes Devise::Controllers::Helpers' do
     assert_includes @controller.class.ancestors, Devise::Controllers::Helpers
   end
-  test 'does not respond_to helper_method' do
+  test 'does not respond_to helper or helper_method' do
+    refute_respond_to @controller.class, :helper
     refute_respond_to @controller.class, :helper_method
   end