devise 3.5.2 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +14 -15
  3. data/CHANGELOG.md +57 -1125
  4. data/CODE_OF_CONDUCT.md +22 -0
  5. data/CONTRIBUTING.md +2 -0
  6. data/Gemfile +3 -3
  7. data/Gemfile.lock +80 -80
  8. data/MIT-LICENSE +1 -1
  9. data/README.md +27 -18
  10. data/app/controllers/devise/confirmations_controller.rb +1 -1
  11. data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
  12. data/app/controllers/devise/passwords_controller.rb +5 -4
  13. data/app/controllers/devise/registrations_controller.rb +5 -5
  14. data/app/controllers/devise/sessions_controller.rb +7 -7
  15. data/app/controllers/devise/unlocks_controller.rb +2 -2
  16. data/app/controllers/devise_controller.rb +20 -9
  17. data/app/mailers/devise/mailer.rb +4 -0
  18. data/app/views/devise/confirmations/new.html.erb +1 -1
  19. data/app/views/devise/mailer/password_change.html.erb +3 -0
  20. data/app/views/devise/shared/_links.html.erb +1 -1
  21. data/bin/test +13 -0
  22. data/config/locales/en.yml +2 -0
  23. data/devise.gemspec +2 -3
  24. data/gemfiles/Gemfile.rails-4.1-stable +4 -4
  25. data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
  26. data/gemfiles/Gemfile.rails-4.2-stable +4 -4
  27. data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
  28. data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
  29. data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
  30. data/lib/devise/controllers/helpers.rb +20 -24
  31. data/lib/devise/controllers/rememberable.rb +8 -1
  32. data/lib/devise/encryptor.rb +4 -4
  33. data/lib/devise/failure_app.rb +33 -12
  34. data/lib/devise/hooks/timeoutable.rb +5 -3
  35. data/lib/devise/mailers/helpers.rb +1 -1
  36. data/lib/devise/models/authenticatable.rb +5 -1
  37. data/lib/devise/models/confirmable.rb +6 -6
  38. data/lib/devise/models/database_authenticatable.rb +20 -7
  39. data/lib/devise/models/lockable.rb +1 -1
  40. data/lib/devise/models/recoverable.rb +3 -7
  41. data/lib/devise/models/rememberable.rb +38 -24
  42. data/lib/devise/models/timeoutable.rb +0 -6
  43. data/lib/devise/models.rb +1 -1
  44. data/lib/devise/omniauth/url_helpers.rb +62 -4
  45. data/lib/devise/parameter_sanitizer.rb +176 -61
  46. data/lib/devise/rails/routes.rb +54 -31
  47. data/lib/devise/rails/warden_compat.rb +1 -10
  48. data/lib/devise/rails.rb +1 -10
  49. data/lib/devise/strategies/authenticatable.rb +1 -1
  50. data/lib/devise/strategies/database_authenticatable.rb +3 -3
  51. data/lib/devise/strategies/rememberable.rb +3 -6
  52. data/lib/devise/test_helpers.rb +10 -5
  53. data/lib/devise/token_generator.rb +1 -41
  54. data/lib/devise/version.rb +1 -1
  55. data/lib/devise.rb +115 -20
  56. data/lib/generators/active_record/devise_generator.rb +11 -5
  57. data/lib/generators/active_record/templates/migration.rb +2 -2
  58. data/lib/generators/active_record/templates/migration_existing.rb +2 -2
  59. data/lib/generators/devise/install_generator.rb +15 -0
  60. data/lib/generators/devise/orm_helpers.rb +1 -18
  61. data/lib/generators/devise/views_generator.rb +14 -3
  62. data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
  63. data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
  64. data/lib/generators/templates/devise.rb +19 -17
  65. data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
  66. data/lib/generators/templates/markerb/password_change.markerb +3 -0
  67. data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
  68. data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
  69. data/test/controllers/custom_registrations_controller_test.rb +5 -5
  70. data/test/controllers/custom_strategy_test.rb +7 -5
  71. data/test/controllers/helper_methods_test.rb +22 -0
  72. data/test/controllers/helpers_test.rb +1 -1
  73. data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
  74. data/test/controllers/internal_helpers_test.rb +8 -10
  75. data/test/controllers/load_hooks_controller_test.rb +1 -1
  76. data/test/controllers/passwords_controller_test.rb +4 -3
  77. data/test/controllers/sessions_controller_test.rb +21 -18
  78. data/test/controllers/url_helpers_test.rb +1 -1
  79. data/test/devise_test.rb +27 -0
  80. data/test/failure_app_test.rb +37 -15
  81. data/test/generators/active_record_generator_test.rb +0 -26
  82. data/test/generators/install_generator_test.rb +14 -3
  83. data/test/generators/views_generator_test.rb +7 -0
  84. data/test/helpers/devise_helper_test.rb +1 -1
  85. data/test/integration/authenticatable_test.rb +18 -18
  86. data/test/integration/confirmable_test.rb +5 -5
  87. data/test/integration/database_authenticatable_test.rb +1 -1
  88. data/test/integration/http_authenticatable_test.rb +4 -5
  89. data/test/integration/lockable_test.rb +4 -3
  90. data/test/integration/omniauthable_test.rb +12 -10
  91. data/test/integration/recoverable_test.rb +10 -10
  92. data/test/integration/registerable_test.rb +9 -11
  93. data/test/integration/rememberable_test.rb +42 -7
  94. data/test/integration/timeoutable_test.rb +16 -4
  95. data/test/integration/trackable_test.rb +1 -1
  96. data/test/mailers/confirmation_instructions_test.rb +6 -6
  97. data/test/mailers/reset_password_instructions_test.rb +5 -5
  98. data/test/mailers/unlock_instructions_test.rb +5 -5
  99. data/test/models/confirmable_test.rb +25 -1
  100. data/test/models/database_authenticatable_test.rb +26 -6
  101. data/test/models/lockable_test.rb +1 -1
  102. data/test/models/recoverable_test.rb +23 -0
  103. data/test/models/rememberable_test.rb +48 -95
  104. data/test/models/validatable_test.rb +2 -10
  105. data/test/models_test.rb +15 -6
  106. data/test/omniauth/url_helpers_test.rb +4 -7
  107. data/test/orm/active_record.rb +6 -1
  108. data/test/parameter_sanitizer_test.rb +103 -53
  109. data/test/rails_app/app/active_record/user.rb +1 -0
  110. data/test/rails_app/app/active_record/user_without_email.rb +8 -0
  111. data/test/rails_app/app/controllers/admins_controller.rb +1 -1
  112. data/test/rails_app/app/controllers/application_controller.rb +2 -2
  113. data/test/rails_app/app/controllers/home_controller.rb +5 -1
  114. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
  115. data/test/rails_app/app/controllers/users_controller.rb +5 -5
  116. data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
  117. data/test/rails_app/config/application.rb +1 -1
  118. data/test/rails_app/config/boot.rb +4 -4
  119. data/test/rails_app/config/environments/test.rb +6 -1
  120. data/test/rails_app/config/initializers/devise.rb +1 -1
  121. data/test/rails_app/config/initializers/secret_token.rb +1 -6
  122. data/test/rails_app/config/routes.rb +5 -0
  123. data/test/rails_app/lib/shared_user_without_email.rb +26 -0
  124. data/test/routes_test.rb +28 -13
  125. data/test/support/helpers.rb +4 -0
  126. data/test/support/http_method_compatibility.rb +51 -0
  127. data/test/support/webrat/integrations/rails.rb +9 -0
  128. data/test/test_helpers_test.rb +5 -5
  129. data/test/test_models.rb +1 -1
  130. metadata +41 -45
  131. data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
  132. data/gemfiles/Gemfile.rails-4.0-stable +0 -29
  133. data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
  134. data/script/cached-bundle +0 -49
  135. data/script/s3-put +0 -71
@@ -1,81 +1,131 @@
1
1
  require 'test_helper'
2
2
  require 'devise/parameter_sanitizer'
3
3
 
4
- class BaseSanitizerTest < ActiveSupport::TestCase
4
+ class ParameterSanitizerTest < ActiveSupport::TestCase
5
5
  def sanitizer(params)
6
- Devise::BaseSanitizer.new(User, :user, params)
6
+ params = ActionController::Parameters.new(params)
7
+ Devise::ParameterSanitizer.new(User, :user, params)
7
8
  end
8
9
 
9
- test 'returns chosen params' do
10
- sanitizer = sanitizer(user: { "email" => "jose" })
11
- assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_in))
10
+ test 'permits the default parameters for sign in' do
11
+ sanitizer = sanitizer('user' => { 'email' => 'jose' })
12
+ sanitized = sanitizer.sanitize(:sign_in)
13
+
14
+ assert_equal({ 'email' => 'jose' }, sanitized)
12
15
  end
13
- end
14
16
 
15
- if defined?(ActionController::StrongParameters)
16
- require 'active_model/forbidden_attributes_protection'
17
+ test 'permits the default parameters for sign up' do
18
+ sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' })
19
+ sanitized = sanitizer.sanitize(:sign_up)
17
20
 
18
- class ParameterSanitizerTest < ActiveSupport::TestCase
19
- def sanitizer(params)
20
- params = ActionController::Parameters.new(params)
21
- Devise::ParameterSanitizer.new(User, :user, params)
22
- end
21
+ assert_equal({ 'email' => 'jose' }, sanitized)
22
+ end
23
23
 
24
- test 'filters some parameters on sign in by default' do
25
- sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
26
- assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.sanitize(:sign_in))
27
- end
24
+ test 'permits the default parameters for account update' do
25
+ sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' })
26
+ sanitized = sanitizer.sanitize(:account_update)
28
27
 
29
- test 'handles auth keys as a hash' do
30
- swap Devise, authentication_keys: {email: true} do
31
- sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
32
- assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
33
- end
34
- end
28
+ assert_equal({ 'email' => 'jose' }, sanitized)
29
+ end
35
30
 
36
- test 'filters some parameters on sign up by default' do
37
- sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
38
- assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_up))
39
- end
31
+ test 'permits news parameters for an existing action' do
32
+ sanitizer = sanitizer('user' => { 'username' => 'jose' })
33
+ sanitizer.permit(:sign_in, keys: [:username])
34
+ sanitized = sanitizer.sanitize(:sign_in)
35
+
36
+ assert_equal({ 'username' => 'jose' }, sanitized)
37
+ end
40
38
 
41
- test 'filters some parameters on account update by default' do
42
- sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
43
- assert_equal({ "email" => "jose" }, sanitizer.sanitize(:account_update))
39
+ test 'permits news parameters for an existing action with a block' do
40
+ sanitizer = sanitizer('user' => { 'username' => 'jose' })
41
+ sanitizer.permit(:sign_in) do |user|
42
+ user.permit(:username)
44
43
  end
45
44
 
46
- test 'allows custom hooks' do
47
- sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
48
- sanitizer.for(:sign_in) { |user| user.permit(:email, :password) }
49
- assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in))
45
+ sanitized = sanitizer.sanitize(:sign_in)
46
+
47
+ assert_equal({ 'username' => 'jose' }, sanitized)
48
+ end
49
+
50
+ test 'permit parameters for new actions' do
51
+ sanitizer = sanitizer('user' => { 'email' => 'jose@omglol', 'name' => 'Jose' })
52
+ sanitizer.permit(:invite_user, keys: [:email, :name])
53
+
54
+ sanitized = sanitizer.sanitize(:invite_user)
55
+
56
+ assert_equal({ 'email' => 'jose@omglol', 'name' => 'Jose' }, sanitized)
57
+ end
58
+
59
+ test 'fails when we do not have any permitted parameters for the action' do
60
+ sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid' })
61
+
62
+ assert_raise NotImplementedError do
63
+ sanitizer.sanitize(:unknown)
50
64
  end
65
+ end
66
+
67
+ test 'removes permitted parameters' do
68
+ sanitizer = sanitizer('user' => { 'email' => 'jose@omglol', 'username' => 'jose' })
51
69
 
52
- test 'adding multiple permitted parameters' do
53
- sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1", "role" => "valid" })
54
- sanitizer.for(:sign_in).concat([:username, :role])
55
- assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitizer.sanitize(:sign_in))
70
+ sanitizer.permit(:sign_in, keys: [:username], except: [:email])
71
+ sanitized = sanitizer.sanitize(:sign_in)
72
+
73
+ assert_equal({ 'username' => 'jose' }, sanitized)
74
+ end
75
+ end
76
+
77
+ class DeprecatedParameterSanitizerAPITest < ActiveSupport::TestCase
78
+ class CustomSanitizer < Devise::ParameterSanitizer
79
+ def sign_in
80
+ default_params.permit(:username)
56
81
  end
82
+ end
57
83
 
58
- test 'removing multiple default parameters' do
59
- sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" })
60
- sanitizer.for(:sign_in).delete(:email)
61
- sanitizer.for(:sign_in).delete(:password)
62
- assert_equal({ "remember_me" => "1" }, sanitizer.sanitize(:sign_in))
84
+ def sanitizer(params)
85
+ params = ActionController::Parameters.new(params)
86
+ Devise::ParameterSanitizer.new(User, :user, params)
87
+ end
88
+
89
+ test 'overriding instance methods have precedence over the default sanitized attributes' do
90
+ assert_deprecated do
91
+ params = ActionController::Parameters.new(user: { "username" => "jose", "name" => "Jose" })
92
+ sanitizer = CustomSanitizer.new(User, :user, params)
93
+
94
+ sanitized = sanitizer.sanitize(:sign_in)
95
+
96
+ assert_equal({ "username" => "jose" }, sanitized)
63
97
  end
98
+ end
64
99
 
65
- test 'raises on unknown hooks' do
66
- sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
67
- assert_raise NotImplementedError do
68
- sanitizer.sanitize(:unknown)
69
- end
100
+ test 'adding new parameters by mutating the Array' do
101
+ assert_deprecated do
102
+ sanitizer = sanitizer('user' => { 'username' => 'jose' })
103
+ sanitizer.for(:sign_in) << :username
104
+ sanitized = sanitizer.sanitize(:sign_in)
105
+
106
+ assert_equal({ 'username' => 'jose' }, sanitized)
70
107
  end
108
+ end
71
109
 
72
- test 'passes parameters to filter as arguments to sanitizer' do
73
- params = {user: stub}
74
- sanitizer = Devise::ParameterSanitizer.new(User, :user, params)
110
+ test 'adding new parameters with a block' do
111
+ assert_deprecated do
112
+ sanitizer = sanitizer('user' => { 'username' => 'jose' })
113
+ sanitizer.for(:sign_in) { |user| user.permit(:username) }
75
114
 
76
- params[:user].expects(:permit).with(kind_of(Symbol), kind_of(Symbol), kind_of(Symbol))
115
+ sanitized = sanitizer.sanitize(:sign_in)
116
+
117
+ assert_equal({ 'username' => 'jose' }, sanitized)
118
+ end
119
+ end
120
+
121
+ test 'removing multiple default parameters' do
122
+ assert_deprecated do
123
+ sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid', 'remember_me' => '1' })
124
+ sanitizer.for(:sign_in).delete(:email)
125
+ sanitizer.for(:sign_in).delete(:password)
126
+ sanitized = sanitizer.sanitize(:sign_in)
77
127
 
78
- sanitizer.sanitize(:sign_in)
128
+ assert_equal({ 'remember_me' => '1' }, sanitized)
79
129
  end
80
130
  end
81
131
  end
@@ -3,4 +3,5 @@ require 'shared_user'
3
3
  class User < ActiveRecord::Base
4
4
  include Shim
5
5
  include SharedUser
6
+ include ActiveModel::Serializers::Xml if Devise.rails5?
6
7
  end
@@ -0,0 +1,8 @@
1
+ require "shared_user_without_email"
2
+
3
+ class UserWithoutEmail < ActiveRecord::Base
4
+ self.table_name = 'users'
5
+ include Shim
6
+ include SharedUserWithoutEmail
7
+ end
8
+
@@ -1,5 +1,5 @@
1
1
  class AdminsController < ApplicationController
2
- before_filter :authenticate_admin!
2
+ before_action :authenticate_admin!
3
3
 
4
4
  def index
5
5
  end
@@ -3,8 +3,8 @@
3
3
 
4
4
  class ApplicationController < ActionController::Base
5
5
  protect_from_forgery
6
- before_filter :current_user, unless: :devise_controller?
7
- before_filter :authenticate_user!, if: :devise_controller?
6
+ before_action :current_user, unless: :devise_controller?
7
+ before_action :authenticate_user!, if: :devise_controller?
8
8
  respond_to *Mime::SET.map(&:to_sym)
9
9
 
10
10
  devise_group :commenter, contains: [:user, :admin]
@@ -20,6 +20,10 @@ class HomeController < ApplicationController
20
20
  end
21
21
 
22
22
  def unauthenticated
23
- render text: "unauthenticated", status: :unauthorized
23
+ if Devise.rails5?
24
+ render body: "unauthenticated", status: :unauthorized
25
+ else
26
+ render text: "unauthenticated", status: :unauthorized
27
+ end
24
28
  end
25
29
  end
@@ -1,6 +1,6 @@
1
1
  class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
2
2
  def facebook
3
- data = env["omniauth.auth"]
3
+ data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : env["omniauth.auth"]
4
4
  session["devise.facebook_data"] = data["extra"]["user_hash"]
5
5
  render json: data
6
6
  end
@@ -9,6 +9,6 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
9
9
  user = User.to_adapter.find_first(email: 'user@test.com')
10
10
  user.remember_me = true
11
11
  sign_in user
12
- render text: ""
12
+ render (Devise.rails5? ? :body : :text) => ""
13
13
  end
14
14
  end
@@ -1,6 +1,6 @@
1
1
  class UsersController < ApplicationController
2
- prepend_before_filter :current_user, only: :exhibit
3
- before_filter :authenticate_user!, except: [:accept, :exhibit]
2
+ prepend_before_action :current_user, only: :exhibit
3
+ before_action :authenticate_user!, except: [:accept, :exhibit]
4
4
  respond_to :html, :xml
5
5
 
6
6
  def index
@@ -13,7 +13,7 @@ class UsersController < ApplicationController
13
13
  end
14
14
 
15
15
  def update_form
16
- render text: 'Update'
16
+ render (Devise.rails5? ? :body : :text) => 'Update'
17
17
  end
18
18
 
19
19
  def accept
@@ -21,11 +21,11 @@ class UsersController < ApplicationController
21
21
  end
22
22
 
23
23
  def exhibit
24
- render text: current_user ? "User is authenticated" : "User is not authenticated"
24
+ render (Devise.rails5? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated"
25
25
  end
26
26
 
27
27
  def expire
28
28
  user_session['last_request_at'] = 31.minutes.ago.utc
29
- render text: 'User will be expired on next request'
29
+ render (Devise.rails5? ? :body : :text) => 'User will be expired on next request'
30
30
  end
31
31
  end
@@ -0,0 +1,33 @@
1
+ require "shared_user_without_email"
2
+
3
+ class UserWithoutEmail
4
+ include Mongoid::Document
5
+ include Shim
6
+ include SharedUserWithoutEmail
7
+
8
+ field :username, type: String
9
+ field :facebook_token, type: String
10
+
11
+ ## Database authenticatable
12
+ field :email, type: String, default: ""
13
+ field :encrypted_password, type: String, default: ""
14
+
15
+ ## Recoverable
16
+ field :reset_password_token, type: String
17
+ field :reset_password_sent_at, type: Time
18
+
19
+ ## Rememberable
20
+ field :remember_created_at, type: Time
21
+
22
+ ## Trackable
23
+ field :sign_in_count, type: Integer, default: 0
24
+ field :current_sign_in_at, type: Time
25
+ field :last_sign_in_at, type: Time
26
+ field :current_sign_in_ip, type: String
27
+ field :last_sign_in_ip, type: String
28
+
29
+ ## Lockable
30
+ field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
31
+ field :unlock_token, type: String # Only if unlock strategy is :email or :both
32
+ field :locked_at, type: Time
33
+ end
@@ -28,7 +28,7 @@ module RailsApp
28
28
 
29
29
  # Configure sensitive parameters which will be filtered from the log file.
30
30
  config.filter_parameters << :password
31
- config.assets.enabled = false
31
+ # config.assets.enabled = false
32
32
 
33
33
  config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
34
34
 
@@ -3,12 +3,12 @@ unless defined?(DEVISE_ORM)
3
3
  end
4
4
 
5
5
  module Devise
6
- # Detection for minor differences between Rails 3.2 and 4 in tests.
7
- def self.rails4?
8
- Rails.version.start_with? '4'
6
+ # Detection for minor differences between Rails 4 and 5 in tests.
7
+ def self.rails5?
8
+ Rails.version.start_with? '5'
9
9
  end
10
10
  end
11
11
 
12
12
  # Set up gems listed in the Gemfile.
13
13
  ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
14
- require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
14
+ require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
@@ -19,7 +19,12 @@ RailsApp::Application.configure do
19
19
  else
20
20
  config.serve_static_assets = true
21
21
  end
22
- config.static_cache_control = "public, max-age=3600"
22
+
23
+ if Rails.version >= "5.0.0"
24
+ config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'}
25
+ else
26
+ config.static_cache_control = "public, max-age=3600"
27
+ end
23
28
 
24
29
  # Show full error reports and disable caching.
25
30
  config.consider_all_requests_local = true
@@ -135,7 +135,7 @@ Devise.setup do |config|
135
135
  # reset. Defaults to true, so a user is signed in automatically after a reset.
136
136
  # config.sign_in_after_reset_password = true
137
137
 
138
- # Setup a pepper to generate the encrypted password.
138
+ # Set up a pepper to generate the encrypted password.
139
139
  config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
140
140
 
141
141
  # ==> Scopes configuration
@@ -1,8 +1,3 @@
1
1
  config = Rails.application.config
2
2
 
3
- if Devise.rails4?
4
- config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10'
5
- else
6
- config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571'
7
- config.session_store :cookie_store, key: "_my_app"
8
- end
3
+ config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10'
@@ -28,6 +28,11 @@ Rails.application.routes.draw do
28
28
  router_name: :fake_engine,
29
29
  module: :devise
30
30
 
31
+ devise_for :user_without_email,
32
+ class_name: 'UserWithoutEmail',
33
+ router_name: :main_app,
34
+ module: :devise
35
+
31
36
  as :user do
32
37
  get "/as/sign_in", to: "devise/sessions#new"
33
38
  end
@@ -0,0 +1,26 @@
1
+ module SharedUserWithoutEmail
2
+ extend ActiveSupport::Concern
3
+
4
+ included do
5
+ # NOTE: This is missing :validatable and :confirmable, as they both require
6
+ # an email field at the moment. It is also missing :omniauthable because that
7
+ # adds unnecessary complexity to the setup
8
+ devise :database_authenticatable, :lockable, :recoverable,
9
+ :registerable, :rememberable, :timeoutable,
10
+ :trackable
11
+ end
12
+
13
+ # This test stub is a bit rubbish because it's tied very closely to the
14
+ # implementation where we care about this one case. However, completely
15
+ # removing the email field breaks "recoverable" tests completely, so we are
16
+ # just taking the approach here that "email" is something that is a not an
17
+ # ActiveRecord field.
18
+ def email_changed?
19
+ raise NoMethodError
20
+ end
21
+
22
+ def respond_to?(method_name, include_all=false)
23
+ return false if method_name.to_sym == :email_changed?
24
+ super(method_name, include_all)
25
+ end
26
+ end
data/test/routes_test.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- ExpectedRoutingError = Devise.rails4? ? MiniTest::Assertion : ActionController::RoutingError
3
+ ExpectedRoutingError = MiniTest::Assertion
4
4
 
5
5
  class DefaultRoutingTest < ActionController::TestCase
6
6
  test 'map new user session' do
@@ -96,12 +96,12 @@ class DefaultRoutingTest < ActionController::TestCase
96
96
  test 'map omniauth callbacks' do
97
97
  assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :get})
98
98
  assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :post})
99
- assert_named_route "/users/auth/facebook/callback", :user_omniauth_callback_path, :facebook
99
+ assert_named_route "/users/auth/facebook/callback", :user_facebook_omniauth_callback_path
100
100
 
101
101
  # named open_id
102
102
  assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :get})
103
103
  assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :post})
104
- assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google
104
+ assert_named_route "/users/auth/google/callback", :user_google_omniauth_callback_path
105
105
 
106
106
  assert_raise ExpectedRoutingError do
107
107
  assert_recognizes({controller: 'ysers/omniauth_callbacks', action: 'twitter'}, {path: 'users/auth/twitter/callback', method: :get})
@@ -202,37 +202,52 @@ class CustomizedRoutingTest < ActionController::TestCase
202
202
  end
203
203
 
204
204
  test 'map with format false for sessions' do
205
- assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in', method: :get})
205
+ expected_params = {controller: 'devise/sessions', action: 'new'}
206
+ expected_params[:format] = false if Devise.rails5?
207
+
208
+ assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get})
206
209
  assert_raise ExpectedRoutingError do
207
- assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in.xml', method: :get})
210
+ assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in.xml', method: :get})
208
211
  end
209
212
  end
210
213
 
211
214
  test 'map with format false for passwords' do
212
- assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: '/htmlonly_admin/password', method: :post})
215
+ expected_params = {controller: 'devise/passwords', action: 'create'}
216
+ expected_params[:format] = false if Devise.rails5?
217
+
218
+ assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post})
213
219
  assert_raise ExpectedRoutingError do
214
- assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: '/htmlonly_admin/password.xml', method: :post})
220
+ assert_recognizes(expected_params, {path: '/htmlonly_admin/password.xml', method: :post})
215
221
  end
216
222
  end
217
223
 
218
224
  test 'map with format false for registrations' do
219
- assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: '/htmlonly_admin/sign_up', method: :get})
225
+ expected_params = {controller: 'devise/registrations', action: 'new'}
226
+ expected_params[:format] = false if Devise.rails5?
227
+
228
+ assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get})
220
229
  assert_raise ExpectedRoutingError do
221
- assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: '/htmlonly_admin/sign_up.xml', method: :get})
230
+ assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up.xml', method: :get})
222
231
  end
223
232
  end
224
233
 
225
234
  test 'map with format false for confirmations' do
226
- assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: '/htmlonly_users/confirmation', method: :get})
235
+ expected_params = {controller: 'devise/confirmations', action: 'show'}
236
+ expected_params[:format] = false if Devise.rails5?
237
+
238
+ assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get})
227
239
  assert_raise ExpectedRoutingError do
228
- assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: '/htmlonly_users/confirmation.xml', method: :get})
240
+ assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation.xml', method: :get})
229
241
  end
230
242
  end
231
243
 
232
244
  test 'map with format false for unlocks' do
233
- assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: '/htmlonly_users/unlock', method: :get})
245
+ expected_params = {controller: 'devise/unlocks', action: 'show'}
246
+ expected_params[:format] = false if Devise.rails5?
247
+
248
+ assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get})
234
249
  assert_raise ExpectedRoutingError do
235
- assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: '/htmlonly_users/unlock.xml', method: :get})
250
+ assert_recognizes(expected_params, {path: '/htmlonly_users/unlock.xml', method: :get})
236
251
  end
237
252
  end
238
253
 
@@ -46,6 +46,10 @@ class ActiveSupport::TestCase
46
46
  Admin.create!(valid_attributes)
47
47
  end
48
48
 
49
+ def create_user_without_email(attributes={})
50
+ UserWithoutEmail.create!(valid_attributes(attributes))
51
+ end
52
+
49
53
  # Execute the block setting the given values and restoring old values after
50
54
  # the block is executed.
51
55
  def swap(object, new_values)
@@ -0,0 +1,51 @@
1
+ module Devise
2
+ class IntegrationTest < ActionDispatch::IntegrationTest
3
+ # %w( get post patch put head delete xml_http_request
4
+ # xhr get_via_redirect post_via_redirect
5
+ # ).each do |method|
6
+ %w( get post put ).each do |method|
7
+ if Rails.version >= '5.0.0'
8
+ define_method(method) do |url, options={}|
9
+ if options.empty?
10
+ super url
11
+ else
12
+ super url, options
13
+ end
14
+ end
15
+ else
16
+ define_method(method) do |url, options={}|
17
+ if options[:xhr]==true
18
+ xml_http_request __method__, url, options[:params] || {}, options[:headers]
19
+ else
20
+ super url, options[:params] || {}, options[:headers]
21
+ end
22
+ end
23
+ end
24
+ end
25
+ end
26
+
27
+ class ControllerTestCase < ActionController::TestCase
28
+ # %w( get post patch put head delete xml_http_request
29
+ # xhr get_via_redirect post_via_redirect
30
+ # ).each do |method|
31
+ %w( get post put ).each do |method|
32
+ if Rails.version >= '5.0.0'
33
+ define_method(method) do |action, options={}|
34
+ if options.empty?
35
+ super action
36
+ else
37
+ super action, options
38
+ end
39
+ end
40
+ else
41
+ define_method(method) do |action, options={}|
42
+ if options[:xhr]==true
43
+ xml_http_request __method__, action, options[:params] || {}, options[:headers]
44
+ else
45
+ super action, options[:params] || {}, options[:headers]
46
+ end
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
@@ -14,6 +14,15 @@ module Webrat
14
14
  ::Rails.logger
15
15
  end
16
16
  end
17
+
18
+ class RailsAdapter
19
+ protected
20
+
21
+ def do_request(http_method, url, data, headers)
22
+ update_protocol(url)
23
+ integration_session.send(http_method, normalize_url(url), params: data, headers: headers)
24
+ end
25
+ end
17
26
  end
18
27
 
19
28
  module ActionDispatch #:nodoc:
@@ -1,6 +1,6 @@
1
1
  require 'test_helper'
2
2
 
3
- class TestHelpersTest < ActionController::TestCase
3
+ class TestHelpersTest < Devise::ControllerTestCase
4
4
  tests UsersController
5
5
  include Devise::TestHelpers
6
6
 
@@ -27,7 +27,7 @@ class TestHelpersTest < ActionController::TestCase
27
27
  assert !user.active_for_authentication?
28
28
 
29
29
  sign_in user
30
- get :accept, id: user
30
+ get :accept, params: { id: user }
31
31
  assert_nil assigns(:current_user)
32
32
  end
33
33
  end
@@ -68,13 +68,13 @@ class TestHelpersTest < ActionController::TestCase
68
68
  test "respects custom failure app" do
69
69
  custom_failure_app = Class.new(Devise::FailureApp) do
70
70
  def redirect
71
- self.status = 306
71
+ self.status = 300
72
72
  end
73
73
  end
74
74
 
75
75
  swap Devise.warden_config, failure_app: custom_failure_app do
76
76
  get :index
77
- assert_response 306
77
+ assert_response 300
78
78
  end
79
79
  end
80
80
 
@@ -163,7 +163,7 @@ class TestHelpersTest < ActionController::TestCase
163
163
 
164
164
  test "creates a new warden proxy if the request object has changed" do
165
165
  old_warden_proxy = warden
166
- @request = ActionController::TestRequest.new
166
+ @request = Devise.rails5? ? ActionController::TestRequest.create : ActionController::TestRequest.new
167
167
  new_warden_proxy = warden
168
168
 
169
169
  assert_not_equal old_warden_proxy, new_warden_proxy
data/test/test_models.rb CHANGED
@@ -12,7 +12,7 @@ class UserWithValidation < User
12
12
  validates_presence_of :username
13
13
  end
14
14
 
15
- class UserWithCustomEncryption < User
15
+ class UserWithCustomHashing < User
16
16
  protected
17
17
  def password_digest(password)
18
18
  password.reverse