devise 3.5.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +14 -15
- data/CHANGELOG.md +57 -1125
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +3 -3
- data/Gemfile.lock +80 -80
- data/MIT-LICENSE +1 -1
- data/README.md +27 -18
- data/app/controllers/devise/confirmations_controller.rb +1 -1
- data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
- data/app/controllers/devise/passwords_controller.rb +5 -4
- data/app/controllers/devise/registrations_controller.rb +5 -5
- data/app/controllers/devise/sessions_controller.rb +7 -7
- data/app/controllers/devise/unlocks_controller.rb +2 -2
- data/app/controllers/devise_controller.rb +20 -9
- data/app/mailers/devise/mailer.rb +4 -0
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/shared/_links.html.erb +1 -1
- data/bin/test +13 -0
- data/config/locales/en.yml +2 -0
- data/devise.gemspec +2 -3
- data/gemfiles/Gemfile.rails-4.1-stable +4 -4
- data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
- data/gemfiles/Gemfile.rails-4.2-stable +4 -4
- data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
- data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
- data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
- data/lib/devise/controllers/helpers.rb +20 -24
- data/lib/devise/controllers/rememberable.rb +8 -1
- data/lib/devise/encryptor.rb +4 -4
- data/lib/devise/failure_app.rb +33 -12
- data/lib/devise/hooks/timeoutable.rb +5 -3
- data/lib/devise/mailers/helpers.rb +1 -1
- data/lib/devise/models/authenticatable.rb +5 -1
- data/lib/devise/models/confirmable.rb +6 -6
- data/lib/devise/models/database_authenticatable.rb +20 -7
- data/lib/devise/models/lockable.rb +1 -1
- data/lib/devise/models/recoverable.rb +3 -7
- data/lib/devise/models/rememberable.rb +38 -24
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/models.rb +1 -1
- data/lib/devise/omniauth/url_helpers.rb +62 -4
- data/lib/devise/parameter_sanitizer.rb +176 -61
- data/lib/devise/rails/routes.rb +54 -31
- data/lib/devise/rails/warden_compat.rb +1 -10
- data/lib/devise/rails.rb +1 -10
- data/lib/devise/strategies/authenticatable.rb +1 -1
- data/lib/devise/strategies/database_authenticatable.rb +3 -3
- data/lib/devise/strategies/rememberable.rb +3 -6
- data/lib/devise/test_helpers.rb +10 -5
- data/lib/devise/token_generator.rb +1 -41
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +115 -20
- data/lib/generators/active_record/devise_generator.rb +11 -5
- data/lib/generators/active_record/templates/migration.rb +2 -2
- data/lib/generators/active_record/templates/migration_existing.rb +2 -2
- data/lib/generators/devise/install_generator.rb +15 -0
- data/lib/generators/devise/orm_helpers.rb +1 -18
- data/lib/generators/devise/views_generator.rb +14 -3
- data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
- data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
- data/lib/generators/templates/devise.rb +19 -17
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/test/controllers/custom_registrations_controller_test.rb +5 -5
- data/test/controllers/custom_strategy_test.rb +7 -5
- data/test/controllers/helper_methods_test.rb +22 -0
- data/test/controllers/helpers_test.rb +1 -1
- data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
- data/test/controllers/internal_helpers_test.rb +8 -10
- data/test/controllers/load_hooks_controller_test.rb +1 -1
- data/test/controllers/passwords_controller_test.rb +4 -3
- data/test/controllers/sessions_controller_test.rb +21 -18
- data/test/controllers/url_helpers_test.rb +1 -1
- data/test/devise_test.rb +27 -0
- data/test/failure_app_test.rb +37 -15
- data/test/generators/active_record_generator_test.rb +0 -26
- data/test/generators/install_generator_test.rb +14 -3
- data/test/generators/views_generator_test.rb +7 -0
- data/test/helpers/devise_helper_test.rb +1 -1
- data/test/integration/authenticatable_test.rb +18 -18
- data/test/integration/confirmable_test.rb +5 -5
- data/test/integration/database_authenticatable_test.rb +1 -1
- data/test/integration/http_authenticatable_test.rb +4 -5
- data/test/integration/lockable_test.rb +4 -3
- data/test/integration/omniauthable_test.rb +12 -10
- data/test/integration/recoverable_test.rb +10 -10
- data/test/integration/registerable_test.rb +9 -11
- data/test/integration/rememberable_test.rb +42 -7
- data/test/integration/timeoutable_test.rb +16 -4
- data/test/integration/trackable_test.rb +1 -1
- data/test/mailers/confirmation_instructions_test.rb +6 -6
- data/test/mailers/reset_password_instructions_test.rb +5 -5
- data/test/mailers/unlock_instructions_test.rb +5 -5
- data/test/models/confirmable_test.rb +25 -1
- data/test/models/database_authenticatable_test.rb +26 -6
- data/test/models/lockable_test.rb +1 -1
- data/test/models/recoverable_test.rb +23 -0
- data/test/models/rememberable_test.rb +48 -95
- data/test/models/validatable_test.rb +2 -10
- data/test/models_test.rb +15 -6
- data/test/omniauth/url_helpers_test.rb +4 -7
- data/test/orm/active_record.rb +6 -1
- data/test/parameter_sanitizer_test.rb +103 -53
- data/test/rails_app/app/active_record/user.rb +1 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins_controller.rb +1 -1
- data/test/rails_app/app/controllers/application_controller.rb +2 -2
- data/test/rails_app/app/controllers/home_controller.rb +5 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
- data/test/rails_app/app/controllers/users_controller.rb +5 -5
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/config/application.rb +1 -1
- data/test/rails_app/config/boot.rb +4 -4
- data/test/rails_app/config/environments/test.rb +6 -1
- data/test/rails_app/config/initializers/devise.rb +1 -1
- data/test/rails_app/config/initializers/secret_token.rb +1 -6
- data/test/rails_app/config/routes.rb +5 -0
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/routes_test.rb +28 -13
- data/test/support/helpers.rb +4 -0
- data/test/support/http_method_compatibility.rb +51 -0
- data/test/support/webrat/integrations/rails.rb +9 -0
- data/test/test_helpers_test.rb +5 -5
- data/test/test_models.rb +1 -1
- metadata +41 -45
- data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
- data/gemfiles/Gemfile.rails-4.0-stable +0 -29
- data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
- data/script/cached-bundle +0 -49
- data/script/s3-put +0 -71
data/CODE_OF_CONDUCT.md
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Contributor Code of Conduct
|
|
2
|
+
|
|
3
|
+
As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
|
|
4
|
+
|
|
5
|
+
We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
|
|
6
|
+
|
|
7
|
+
Examples of unacceptable behavior by participants include:
|
|
8
|
+
|
|
9
|
+
* The use of sexualized language or imagery
|
|
10
|
+
* Personal attacks
|
|
11
|
+
* Trolling or insulting/derogatory comments
|
|
12
|
+
* Public or private harassment
|
|
13
|
+
* Publishing other's private information, such as physical or electronic addresses, without explicit permission
|
|
14
|
+
* Other unethical or unprofessional conduct.
|
|
15
|
+
|
|
16
|
+
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team.
|
|
17
|
+
|
|
18
|
+
This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
|
|
19
|
+
|
|
20
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [conduct@plataformatec.com.br](conduct@plataformatec.com.br) or contacting one or more of the project maintainers.
|
|
21
|
+
|
|
22
|
+
This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
|
data/CONTRIBUTING.md
CHANGED
|
@@ -8,6 +8,8 @@
|
|
|
8
8
|
|
|
9
9
|
4) When reporting an issue, include Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace.
|
|
10
10
|
|
|
11
|
+
5) Notice that all of your interactions in the project are expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md)
|
|
12
|
+
|
|
11
13
|
That's it! The more information you give, the easier it becomes for us to track it down and fix it.
|
|
12
14
|
Ideally, you should provide an application that reproduces the error or a test case to Devise's suite.
|
|
13
15
|
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,74 +1,74 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
devise (
|
|
4
|
+
devise (4.0.0)
|
|
5
5
|
bcrypt (~> 3.0)
|
|
6
6
|
orm_adapter (~> 0.1)
|
|
7
|
-
railties (>=
|
|
7
|
+
railties (>= 4.1.0, < 5.1)
|
|
8
8
|
responders
|
|
9
|
-
thread_safe (~> 0.1)
|
|
10
9
|
warden (~> 1.2.3)
|
|
11
10
|
|
|
12
11
|
GEM
|
|
13
12
|
remote: https://rubygems.org/
|
|
14
13
|
specs:
|
|
15
|
-
actionmailer (4.2.
|
|
16
|
-
actionpack (= 4.2.
|
|
17
|
-
actionview (= 4.2.
|
|
18
|
-
activejob (= 4.2.
|
|
14
|
+
actionmailer (4.2.6)
|
|
15
|
+
actionpack (= 4.2.6)
|
|
16
|
+
actionview (= 4.2.6)
|
|
17
|
+
activejob (= 4.2.6)
|
|
19
18
|
mail (~> 2.5, >= 2.5.4)
|
|
20
19
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
|
21
|
-
actionpack (4.2.
|
|
22
|
-
actionview (= 4.2.
|
|
23
|
-
activesupport (= 4.2.
|
|
20
|
+
actionpack (4.2.6)
|
|
21
|
+
actionview (= 4.2.6)
|
|
22
|
+
activesupport (= 4.2.6)
|
|
24
23
|
rack (~> 1.6)
|
|
25
24
|
rack-test (~> 0.6.2)
|
|
26
25
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
|
27
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.
|
|
28
|
-
actionview (4.2.
|
|
29
|
-
activesupport (= 4.2.
|
|
26
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
|
27
|
+
actionview (4.2.6)
|
|
28
|
+
activesupport (= 4.2.6)
|
|
30
29
|
builder (~> 3.1)
|
|
31
30
|
erubis (~> 2.7.0)
|
|
32
31
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
|
33
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.
|
|
34
|
-
activejob (4.2.
|
|
35
|
-
activesupport (= 4.2.
|
|
32
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
|
33
|
+
activejob (4.2.6)
|
|
34
|
+
activesupport (= 4.2.6)
|
|
36
35
|
globalid (>= 0.3.0)
|
|
37
|
-
activemodel (4.2.
|
|
38
|
-
activesupport (= 4.2.
|
|
36
|
+
activemodel (4.2.6)
|
|
37
|
+
activesupport (= 4.2.6)
|
|
39
38
|
builder (~> 3.1)
|
|
40
|
-
activerecord (4.2.
|
|
41
|
-
activemodel (= 4.2.
|
|
42
|
-
activesupport (= 4.2.
|
|
39
|
+
activerecord (4.2.6)
|
|
40
|
+
activemodel (= 4.2.6)
|
|
41
|
+
activesupport (= 4.2.6)
|
|
43
42
|
arel (~> 6.0)
|
|
44
|
-
activesupport (4.2.
|
|
43
|
+
activesupport (4.2.6)
|
|
45
44
|
i18n (~> 0.7)
|
|
46
45
|
json (~> 1.7, >= 1.7.7)
|
|
47
46
|
minitest (~> 5.1)
|
|
48
47
|
thread_safe (~> 0.3, >= 0.3.4)
|
|
49
48
|
tzinfo (~> 1.1)
|
|
50
|
-
arel (6.0.
|
|
51
|
-
bcrypt (3.1.
|
|
52
|
-
bson (3.
|
|
49
|
+
arel (6.0.3)
|
|
50
|
+
bcrypt (3.1.11)
|
|
51
|
+
bson (3.2.6)
|
|
53
52
|
builder (3.2.2)
|
|
53
|
+
concurrent-ruby (1.0.1)
|
|
54
54
|
connection_pool (2.2.0)
|
|
55
55
|
erubis (2.7.0)
|
|
56
|
-
faraday (0.9.
|
|
56
|
+
faraday (0.9.2)
|
|
57
57
|
multipart-post (>= 1.2, < 3)
|
|
58
|
-
globalid (0.3.
|
|
58
|
+
globalid (0.3.6)
|
|
59
59
|
activesupport (>= 4.1.0)
|
|
60
|
-
hashie (3.4.
|
|
60
|
+
hashie (3.4.3)
|
|
61
61
|
i18n (0.7.0)
|
|
62
62
|
json (1.8.3)
|
|
63
|
-
jwt (1.
|
|
64
|
-
loofah (2.0.
|
|
63
|
+
jwt (1.5.1)
|
|
64
|
+
loofah (2.0.3)
|
|
65
65
|
nokogiri (>= 1.5.9)
|
|
66
66
|
mail (2.6.3)
|
|
67
67
|
mime-types (>= 1.16, < 3)
|
|
68
68
|
metaclass (0.0.4)
|
|
69
|
-
mime-types (2.
|
|
70
|
-
|
|
71
|
-
minitest (5.
|
|
69
|
+
mime-types (2.99.1)
|
|
70
|
+
mini_portile2 (2.0.0)
|
|
71
|
+
minitest (5.8.4)
|
|
72
72
|
mocha (1.1.0)
|
|
73
73
|
metaclass (~> 0.0.1)
|
|
74
74
|
mongoid (4.0.2)
|
|
@@ -76,84 +76,84 @@ GEM
|
|
|
76
76
|
moped (~> 2.0.0)
|
|
77
77
|
origin (~> 2.1)
|
|
78
78
|
tzinfo (>= 0.3.37)
|
|
79
|
-
moped (2.0.
|
|
79
|
+
moped (2.0.7)
|
|
80
80
|
bson (~> 3.0)
|
|
81
81
|
connection_pool (~> 2.0)
|
|
82
82
|
optionable (~> 0.2.0)
|
|
83
|
-
multi_json (1.11.
|
|
83
|
+
multi_json (1.11.2)
|
|
84
84
|
multi_xml (0.5.5)
|
|
85
85
|
multipart-post (2.0.0)
|
|
86
|
-
nokogiri (1.6.
|
|
87
|
-
|
|
88
|
-
oauth2 (
|
|
86
|
+
nokogiri (1.6.7.2)
|
|
87
|
+
mini_portile2 (~> 2.0.0.rc2)
|
|
88
|
+
oauth2 (1.1.0)
|
|
89
89
|
faraday (>= 0.8, < 0.10)
|
|
90
|
-
jwt (~> 1.0)
|
|
90
|
+
jwt (~> 1.0, < 1.5.2)
|
|
91
91
|
multi_json (~> 1.3)
|
|
92
92
|
multi_xml (~> 0.5)
|
|
93
|
-
rack (
|
|
94
|
-
omniauth (1.
|
|
93
|
+
rack (>= 1.2, < 3)
|
|
94
|
+
omniauth (1.3.1)
|
|
95
95
|
hashie (>= 1.2, < 4)
|
|
96
|
-
rack (
|
|
97
|
-
omniauth-facebook (
|
|
98
|
-
omniauth-oauth2 (~> 1.
|
|
99
|
-
omniauth-oauth2 (1.
|
|
100
|
-
|
|
101
|
-
multi_json (~> 1.3)
|
|
102
|
-
oauth2 (~> 0.9.3)
|
|
96
|
+
rack (>= 1.0, < 3)
|
|
97
|
+
omniauth-facebook (3.0.0)
|
|
98
|
+
omniauth-oauth2 (~> 1.2)
|
|
99
|
+
omniauth-oauth2 (1.4.0)
|
|
100
|
+
oauth2 (~> 1.0)
|
|
103
101
|
omniauth (~> 1.2)
|
|
104
102
|
omniauth-openid (1.0.1)
|
|
105
103
|
omniauth (~> 1.0)
|
|
106
104
|
rack-openid (~> 1.3.1)
|
|
107
105
|
optionable (0.2.0)
|
|
108
|
-
origin (2.
|
|
106
|
+
origin (2.2.0)
|
|
109
107
|
orm_adapter (0.5.0)
|
|
110
|
-
rack (1.6.
|
|
108
|
+
rack (1.6.4)
|
|
111
109
|
rack-openid (1.3.1)
|
|
112
110
|
rack (>= 1.1.0)
|
|
113
111
|
ruby-openid (>= 2.1.8)
|
|
114
112
|
rack-test (0.6.3)
|
|
115
113
|
rack (>= 1.0)
|
|
116
|
-
rails (4.2.
|
|
117
|
-
actionmailer (= 4.2.
|
|
118
|
-
actionpack (= 4.2.
|
|
119
|
-
actionview (= 4.2.
|
|
120
|
-
activejob (= 4.2.
|
|
121
|
-
activemodel (= 4.2.
|
|
122
|
-
activerecord (= 4.2.
|
|
123
|
-
activesupport (= 4.2.
|
|
114
|
+
rails (4.2.6)
|
|
115
|
+
actionmailer (= 4.2.6)
|
|
116
|
+
actionpack (= 4.2.6)
|
|
117
|
+
actionview (= 4.2.6)
|
|
118
|
+
activejob (= 4.2.6)
|
|
119
|
+
activemodel (= 4.2.6)
|
|
120
|
+
activerecord (= 4.2.6)
|
|
121
|
+
activesupport (= 4.2.6)
|
|
124
122
|
bundler (>= 1.3.0, < 2.0)
|
|
125
|
-
railties (= 4.2.
|
|
123
|
+
railties (= 4.2.6)
|
|
126
124
|
sprockets-rails
|
|
127
125
|
rails-deprecated_sanitizer (1.0.3)
|
|
128
126
|
activesupport (>= 4.2.0.alpha)
|
|
129
|
-
rails-dom-testing (1.0.
|
|
127
|
+
rails-dom-testing (1.0.7)
|
|
130
128
|
activesupport (>= 4.2.0.beta, < 5.0)
|
|
131
129
|
nokogiri (~> 1.6.0)
|
|
132
130
|
rails-deprecated_sanitizer (>= 1.0.1)
|
|
133
|
-
rails-html-sanitizer (1.0.
|
|
131
|
+
rails-html-sanitizer (1.0.3)
|
|
134
132
|
loofah (~> 2.0)
|
|
135
|
-
railties (4.2.
|
|
136
|
-
actionpack (= 4.2.
|
|
137
|
-
activesupport (= 4.2.
|
|
133
|
+
railties (4.2.6)
|
|
134
|
+
actionpack (= 4.2.6)
|
|
135
|
+
activesupport (= 4.2.6)
|
|
138
136
|
rake (>= 0.8.7)
|
|
139
137
|
thor (>= 0.18.1, < 2.0)
|
|
140
|
-
rake (
|
|
141
|
-
rdoc (4.2.
|
|
142
|
-
|
|
143
|
-
|
|
138
|
+
rake (11.0.1)
|
|
139
|
+
rdoc (4.2.2)
|
|
140
|
+
json (~> 1.4)
|
|
141
|
+
responders (2.1.2)
|
|
142
|
+
railties (>= 4.2.0, < 5.1)
|
|
144
143
|
ruby-openid (2.7.0)
|
|
145
|
-
sprockets (3.2
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
144
|
+
sprockets (3.5.2)
|
|
145
|
+
concurrent-ruby (~> 1.0)
|
|
146
|
+
rack (> 1, < 3)
|
|
147
|
+
sprockets-rails (3.0.4)
|
|
148
|
+
actionpack (>= 4.0)
|
|
149
|
+
activesupport (>= 4.0)
|
|
150
|
+
sprockets (>= 3.0.0)
|
|
151
|
+
sqlite3 (1.3.11)
|
|
152
152
|
thor (0.19.1)
|
|
153
153
|
thread_safe (0.3.5)
|
|
154
154
|
tzinfo (1.2.2)
|
|
155
155
|
thread_safe (~> 0.1)
|
|
156
|
-
warden (1.2.
|
|
156
|
+
warden (1.2.6)
|
|
157
157
|
rack (>= 1.0)
|
|
158
158
|
webrat (0.7.3)
|
|
159
159
|
nokogiri (>= 1.2.0)
|
|
@@ -170,14 +170,14 @@ DEPENDENCIES
|
|
|
170
170
|
jruby-openssl
|
|
171
171
|
mocha (~> 1.1)
|
|
172
172
|
mongoid (~> 4.0)
|
|
173
|
-
omniauth (~> 1.
|
|
173
|
+
omniauth (~> 1.3)
|
|
174
174
|
omniauth-facebook
|
|
175
|
-
omniauth-oauth2 (~> 1.
|
|
175
|
+
omniauth-oauth2 (~> 1.4)
|
|
176
176
|
omniauth-openid (~> 1.0.1)
|
|
177
|
-
rails (
|
|
177
|
+
rails (~> 4.2.6)
|
|
178
178
|
rdoc
|
|
179
179
|
sqlite3
|
|
180
180
|
webrat (= 0.7.3)
|
|
181
181
|
|
|
182
182
|
BUNDLED WITH
|
|
183
|
-
1.
|
|
183
|
+
1.11.2
|
data/MIT-LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -4,7 +4,6 @@ By [Plataformatec](http://plataformatec.com.br/).
|
|
|
4
4
|
|
|
5
5
|
[](http://travis-ci.org/plataformatec/devise)
|
|
6
6
|
[](https://codeclimate.com/github/plataformatec/devise)
|
|
7
|
-
[](https://hakiri.io/github/plataformatec/devise/master)
|
|
8
7
|
|
|
9
8
|
This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).
|
|
10
9
|
|
|
@@ -17,7 +16,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
|
|
|
17
16
|
|
|
18
17
|
It's composed of 10 modules:
|
|
19
18
|
|
|
20
|
-
* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable):
|
|
19
|
+
* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
|
|
21
20
|
* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support.
|
|
22
21
|
* [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
|
|
23
22
|
* [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
|
|
@@ -28,8 +27,6 @@ It's composed of 10 modules:
|
|
|
28
27
|
* [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
|
|
29
28
|
* [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
|
|
30
29
|
|
|
31
|
-
Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress.
|
|
32
|
-
|
|
33
30
|
## Information
|
|
34
31
|
|
|
35
32
|
### The Devise wiki
|
|
@@ -92,7 +89,7 @@ Once you have solidified your understanding of Rails and authentication mechanis
|
|
|
92
89
|
|
|
93
90
|
## Getting started
|
|
94
91
|
|
|
95
|
-
Devise
|
|
92
|
+
Devise 4.0 works with Rails 4.2 onwards. You can add it to your Gemfile with:
|
|
96
93
|
|
|
97
94
|
```ruby
|
|
98
95
|
gem 'devise'
|
|
@@ -112,7 +109,7 @@ The generator will install an initializer which describes ALL of Devise's config
|
|
|
112
109
|
rails generate devise MODEL
|
|
113
110
|
```
|
|
114
111
|
|
|
115
|
-
Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
|
|
112
|
+
Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
|
|
116
113
|
|
|
117
114
|
Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
|
|
118
115
|
|
|
@@ -132,6 +129,8 @@ Devise will create some helpers to use inside your controllers and views. To set
|
|
|
132
129
|
before_action :authenticate_user!
|
|
133
130
|
```
|
|
134
131
|
|
|
132
|
+
For Rails 5, note that `protect_from_forgery` is no longer prepended to the `before_action` chain, so if you have set `authenticate_user` before `protect_from_forgery`, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use `protect_from_forgery prepend: true`.
|
|
133
|
+
|
|
135
134
|
If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below.
|
|
136
135
|
|
|
137
136
|
To verify if a user is signed in, use the following helper:
|
|
@@ -174,7 +173,7 @@ member_session
|
|
|
174
173
|
|
|
175
174
|
### Configuring Models
|
|
176
175
|
|
|
177
|
-
The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the
|
|
176
|
+
The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with:
|
|
178
177
|
|
|
179
178
|
```ruby
|
|
180
179
|
devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20
|
|
@@ -184,9 +183,13 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`,
|
|
|
184
183
|
|
|
185
184
|
### Strong Parameters
|
|
186
185
|
|
|
186
|
+

|
|
187
|
+
|
|
188
|
+
*For previous Devise versions see https://github.com/plataformatec/devise/tree/3-stable#strong-parameters*
|
|
189
|
+
|
|
187
190
|
When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
|
|
188
191
|
|
|
189
|
-
There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and
|
|
192
|
+
There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and default permitted parameters are:
|
|
190
193
|
|
|
191
194
|
* `sign_in` (`Devise::SessionsController#create`) - Permits only the authentication keys (like `email`)
|
|
192
195
|
* `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
|
|
@@ -201,7 +204,7 @@ class ApplicationController < ActionController::Base
|
|
|
201
204
|
protected
|
|
202
205
|
|
|
203
206
|
def configure_permitted_parameters
|
|
204
|
-
devise_parameter_sanitizer.
|
|
207
|
+
devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
|
|
205
208
|
end
|
|
206
209
|
end
|
|
207
210
|
```
|
|
@@ -212,7 +215,9 @@ To permit simple scalar values for username and email, use this
|
|
|
212
215
|
|
|
213
216
|
```ruby
|
|
214
217
|
def configure_permitted_parameters
|
|
215
|
-
devise_parameter_sanitizer.
|
|
218
|
+
devise_parameter_sanitizer.permit(:sign_in) do |user_params|
|
|
219
|
+
user_params.permit(:username, :email)
|
|
220
|
+
end
|
|
216
221
|
end
|
|
217
222
|
```
|
|
218
223
|
|
|
@@ -220,7 +225,9 @@ If you have some checkboxes that express the roles a user may take on registrati
|
|
|
220
225
|
|
|
221
226
|
```ruby
|
|
222
227
|
def configure_permitted_parameters
|
|
223
|
-
devise_parameter_sanitizer.
|
|
228
|
+
devise_parameter_sanitizer.permit(:sign_up) do |user_params|
|
|
229
|
+
user_params.permit({ roles: [] }, :email, :password, :password_confirmation)
|
|
230
|
+
end
|
|
224
231
|
end
|
|
225
232
|
```
|
|
226
233
|
For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see
|
|
@@ -231,8 +238,9 @@ If you have multiple Devise models, you may want to set up a different parameter
|
|
|
231
238
|
|
|
232
239
|
```ruby
|
|
233
240
|
class User::ParameterSanitizer < Devise::ParameterSanitizer
|
|
234
|
-
def
|
|
235
|
-
|
|
241
|
+
def initialize(*)
|
|
242
|
+
super
|
|
243
|
+
permit(:sign_up, keys: [:username, :email])
|
|
236
244
|
end
|
|
237
245
|
end
|
|
238
246
|
```
|
|
@@ -347,7 +355,7 @@ Devise also ships with default routes. If you need to customize them, you should
|
|
|
347
355
|
devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
|
|
348
356
|
```
|
|
349
357
|
|
|
350
|
-
Be sure to check `devise_for` documentation for details.
|
|
358
|
+
Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details.
|
|
351
359
|
|
|
352
360
|
If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router:
|
|
353
361
|
|
|
@@ -403,7 +411,7 @@ Caution: Devise Controllers inherit from ApplicationController. If your app uses
|
|
|
403
411
|
|
|
404
412
|
### Test helpers
|
|
405
413
|
|
|
406
|
-
Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
|
|
414
|
+
Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of `ActiveSupport::TestCase` which is the default class inside of `test/test_helper.rb`):
|
|
407
415
|
|
|
408
416
|
```ruby
|
|
409
417
|
class ActionController::TestCase
|
|
@@ -416,6 +424,7 @@ If you're using RSpec, you can put the following inside a file named `spec/suppo
|
|
|
416
424
|
```ruby
|
|
417
425
|
RSpec.configure do |config|
|
|
418
426
|
config.include Devise::TestHelpers, type: :controller
|
|
427
|
+
config.include Devise::TestHelpers, type: :view
|
|
419
428
|
end
|
|
420
429
|
```
|
|
421
430
|
|
|
@@ -433,7 +442,7 @@ sign_out @user # sign_out(resource)
|
|
|
433
442
|
|
|
434
443
|
There are two things that are important to keep in mind:
|
|
435
444
|
|
|
436
|
-
1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
|
|
445
|
+
1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. It is undesirable even to include `Devise::TestHelpers` during integration tests. Instead, fill in the form or explicitly set the user in session;
|
|
437
446
|
|
|
438
447
|
2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use:
|
|
439
448
|
|
|
@@ -477,7 +486,7 @@ devise :database_authenticatable, :timeoutable
|
|
|
477
486
|
devise_for :admins
|
|
478
487
|
|
|
479
488
|
# Inside your protected controller
|
|
480
|
-
|
|
489
|
+
before_action :authenticate_admin!
|
|
481
490
|
|
|
482
491
|
# Inside your controllers and views
|
|
483
492
|
admin_signed_in?
|
|
@@ -545,6 +554,6 @@ https://github.com/plataformatec/devise/graphs/contributors
|
|
|
545
554
|
|
|
546
555
|
## License
|
|
547
556
|
|
|
548
|
-
MIT License. Copyright 2009-
|
|
557
|
+
MIT License. Copyright 2009-2016 Plataformatec. http://plataformatec.com.br
|
|
549
558
|
|
|
550
559
|
You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo.
|
|
@@ -22,7 +22,7 @@ class Devise::ConfirmationsController < DeviseController
|
|
|
22
22
|
yield resource if block_given?
|
|
23
23
|
|
|
24
24
|
if resource.errors.empty?
|
|
25
|
-
set_flash_message(:notice, :confirmed)
|
|
25
|
+
set_flash_message!(:notice, :confirmed)
|
|
26
26
|
respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
|
|
27
27
|
else
|
|
28
28
|
respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
class Devise::OmniauthCallbacksController < DeviseController
|
|
2
|
-
|
|
2
|
+
prepend_before_action { request.env["devise.skip_timeout"] = true }
|
|
3
3
|
|
|
4
4
|
def passthru
|
|
5
5
|
render status: 404, text: "Not found. Authentication passthru."
|
|
@@ -13,14 +13,14 @@ class Devise::OmniauthCallbacksController < DeviseController
|
|
|
13
13
|
protected
|
|
14
14
|
|
|
15
15
|
def failed_strategy
|
|
16
|
-
env["omniauth.error.strategy"]
|
|
16
|
+
request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : env["omniauth.error.strategy"]
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def failure_message
|
|
20
|
-
exception = env["omniauth.error"]
|
|
20
|
+
exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : env["omniauth.error"]
|
|
21
21
|
error = exception.error_reason if exception.respond_to?(:error_reason)
|
|
22
22
|
error ||= exception.error if exception.respond_to?(:error)
|
|
23
|
-
error ||= env["omniauth.error.type"].to_s
|
|
23
|
+
error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : env["omniauth.error.type"]).to_s
|
|
24
24
|
error.to_s.humanize if error
|
|
25
25
|
end
|
|
26
26
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class Devise::PasswordsController < DeviseController
|
|
2
|
-
|
|
2
|
+
prepend_before_action :require_no_authentication
|
|
3
3
|
# Render the #edit only if coming from a reset password email link
|
|
4
|
-
|
|
4
|
+
append_before_action :assert_reset_token_passed, only: :edit
|
|
5
5
|
|
|
6
6
|
# GET /resource/password/new
|
|
7
7
|
def new
|
|
@@ -36,13 +36,14 @@ class Devise::PasswordsController < DeviseController
|
|
|
36
36
|
resource.unlock_access! if unlockable?(resource)
|
|
37
37
|
if Devise.sign_in_after_reset_password
|
|
38
38
|
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
|
39
|
-
set_flash_message(:notice, flash_message)
|
|
39
|
+
set_flash_message!(:notice, flash_message)
|
|
40
40
|
sign_in(resource_name, resource)
|
|
41
41
|
else
|
|
42
|
-
set_flash_message(:notice, :updated_not_active)
|
|
42
|
+
set_flash_message!(:notice, :updated_not_active)
|
|
43
43
|
end
|
|
44
44
|
respond_with resource, location: after_resetting_password_path_for(resource)
|
|
45
45
|
else
|
|
46
|
+
set_minimum_password_length
|
|
46
47
|
respond_with resource
|
|
47
48
|
end
|
|
48
49
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class Devise::RegistrationsController < DeviseController
|
|
2
|
-
|
|
3
|
-
|
|
2
|
+
prepend_before_action :require_no_authentication, only: [:new, :create, :cancel]
|
|
3
|
+
prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy]
|
|
4
4
|
|
|
5
5
|
# GET /resource/sign_up
|
|
6
6
|
def new
|
|
@@ -18,11 +18,11 @@ class Devise::RegistrationsController < DeviseController
|
|
|
18
18
|
yield resource if block_given?
|
|
19
19
|
if resource.persisted?
|
|
20
20
|
if resource.active_for_authentication?
|
|
21
|
-
set_flash_message :notice, :signed_up
|
|
21
|
+
set_flash_message! :notice, :signed_up
|
|
22
22
|
sign_up(resource_name, resource)
|
|
23
23
|
respond_with resource, location: after_sign_up_path_for(resource)
|
|
24
24
|
else
|
|
25
|
-
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}"
|
|
25
|
+
set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}"
|
|
26
26
|
expire_data_after_sign_in!
|
|
27
27
|
respond_with resource, location: after_inactive_sign_up_path_for(resource)
|
|
28
28
|
end
|
|
@@ -65,7 +65,7 @@ class Devise::RegistrationsController < DeviseController
|
|
|
65
65
|
def destroy
|
|
66
66
|
resource.destroy
|
|
67
67
|
Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
|
|
68
|
-
set_flash_message :notice, :destroyed
|
|
68
|
+
set_flash_message! :notice, :destroyed
|
|
69
69
|
yield resource if block_given?
|
|
70
70
|
respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
|
|
71
71
|
end
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
class Devise::SessionsController < DeviseController
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
2
|
+
prepend_before_action :require_no_authentication, only: [:new, :create]
|
|
3
|
+
prepend_before_action :allow_params_authentication!, only: :create
|
|
4
|
+
prepend_before_action :verify_signed_out_user, only: :destroy
|
|
5
|
+
prepend_before_action only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
|
|
6
6
|
|
|
7
7
|
# GET /resource/sign_in
|
|
8
8
|
def new
|
|
@@ -15,7 +15,7 @@ class Devise::SessionsController < DeviseController
|
|
|
15
15
|
# POST /resource/sign_in
|
|
16
16
|
def create
|
|
17
17
|
self.resource = warden.authenticate!(auth_options)
|
|
18
|
-
set_flash_message(:notice, :signed_in)
|
|
18
|
+
set_flash_message!(:notice, :signed_in)
|
|
19
19
|
sign_in(resource_name, resource)
|
|
20
20
|
yield resource if block_given?
|
|
21
21
|
respond_with resource, location: after_sign_in_path_for(resource)
|
|
@@ -24,7 +24,7 @@ class Devise::SessionsController < DeviseController
|
|
|
24
24
|
# DELETE /resource/sign_out
|
|
25
25
|
def destroy
|
|
26
26
|
signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
|
|
27
|
-
set_flash_message :notice, :signed_out if signed_out
|
|
27
|
+
set_flash_message! :notice, :signed_out if signed_out
|
|
28
28
|
yield if block_given?
|
|
29
29
|
respond_to_on_destroy
|
|
30
30
|
end
|
|
@@ -58,7 +58,7 @@ class Devise::SessionsController < DeviseController
|
|
|
58
58
|
# to the after_sign_out path.
|
|
59
59
|
def verify_signed_out_user
|
|
60
60
|
if all_signed_out?
|
|
61
|
-
set_flash_message :notice, :already_signed_out
|
|
61
|
+
set_flash_message! :notice, :already_signed_out
|
|
62
62
|
|
|
63
63
|
respond_to_on_destroy
|
|
64
64
|
end
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
class Devise::UnlocksController < DeviseController
|
|
2
|
-
|
|
2
|
+
prepend_before_action :require_no_authentication
|
|
3
3
|
|
|
4
4
|
# GET /resource/unlock/new
|
|
5
5
|
def new
|
|
@@ -24,7 +24,7 @@ class Devise::UnlocksController < DeviseController
|
|
|
24
24
|
yield resource if block_given?
|
|
25
25
|
|
|
26
26
|
if resource.errors.empty?
|
|
27
|
-
set_flash_message :notice, :unlocked
|
|
27
|
+
set_flash_message! :notice, :unlocked
|
|
28
28
|
respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
|
|
29
29
|
else
|
|
30
30
|
respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
|