devise 3.5.2 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +14 -15
  3. data/CHANGELOG.md +57 -1125
  4. data/CODE_OF_CONDUCT.md +22 -0
  5. data/CONTRIBUTING.md +2 -0
  6. data/Gemfile +3 -3
  7. data/Gemfile.lock +80 -80
  8. data/MIT-LICENSE +1 -1
  9. data/README.md +27 -18
  10. data/app/controllers/devise/confirmations_controller.rb +1 -1
  11. data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
  12. data/app/controllers/devise/passwords_controller.rb +5 -4
  13. data/app/controllers/devise/registrations_controller.rb +5 -5
  14. data/app/controllers/devise/sessions_controller.rb +7 -7
  15. data/app/controllers/devise/unlocks_controller.rb +2 -2
  16. data/app/controllers/devise_controller.rb +20 -9
  17. data/app/mailers/devise/mailer.rb +4 -0
  18. data/app/views/devise/confirmations/new.html.erb +1 -1
  19. data/app/views/devise/mailer/password_change.html.erb +3 -0
  20. data/app/views/devise/shared/_links.html.erb +1 -1
  21. data/bin/test +13 -0
  22. data/config/locales/en.yml +2 -0
  23. data/devise.gemspec +2 -3
  24. data/gemfiles/Gemfile.rails-4.1-stable +4 -4
  25. data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
  26. data/gemfiles/Gemfile.rails-4.2-stable +4 -4
  27. data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
  28. data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
  29. data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
  30. data/lib/devise/controllers/helpers.rb +20 -24
  31. data/lib/devise/controllers/rememberable.rb +8 -1
  32. data/lib/devise/encryptor.rb +4 -4
  33. data/lib/devise/failure_app.rb +33 -12
  34. data/lib/devise/hooks/timeoutable.rb +5 -3
  35. data/lib/devise/mailers/helpers.rb +1 -1
  36. data/lib/devise/models/authenticatable.rb +5 -1
  37. data/lib/devise/models/confirmable.rb +6 -6
  38. data/lib/devise/models/database_authenticatable.rb +20 -7
  39. data/lib/devise/models/lockable.rb +1 -1
  40. data/lib/devise/models/recoverable.rb +3 -7
  41. data/lib/devise/models/rememberable.rb +38 -24
  42. data/lib/devise/models/timeoutable.rb +0 -6
  43. data/lib/devise/models.rb +1 -1
  44. data/lib/devise/omniauth/url_helpers.rb +62 -4
  45. data/lib/devise/parameter_sanitizer.rb +176 -61
  46. data/lib/devise/rails/routes.rb +54 -31
  47. data/lib/devise/rails/warden_compat.rb +1 -10
  48. data/lib/devise/rails.rb +1 -10
  49. data/lib/devise/strategies/authenticatable.rb +1 -1
  50. data/lib/devise/strategies/database_authenticatable.rb +3 -3
  51. data/lib/devise/strategies/rememberable.rb +3 -6
  52. data/lib/devise/test_helpers.rb +10 -5
  53. data/lib/devise/token_generator.rb +1 -41
  54. data/lib/devise/version.rb +1 -1
  55. data/lib/devise.rb +115 -20
  56. data/lib/generators/active_record/devise_generator.rb +11 -5
  57. data/lib/generators/active_record/templates/migration.rb +2 -2
  58. data/lib/generators/active_record/templates/migration_existing.rb +2 -2
  59. data/lib/generators/devise/install_generator.rb +15 -0
  60. data/lib/generators/devise/orm_helpers.rb +1 -18
  61. data/lib/generators/devise/views_generator.rb +14 -3
  62. data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
  63. data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
  64. data/lib/generators/templates/devise.rb +19 -17
  65. data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
  66. data/lib/generators/templates/markerb/password_change.markerb +3 -0
  67. data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
  68. data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
  69. data/test/controllers/custom_registrations_controller_test.rb +5 -5
  70. data/test/controllers/custom_strategy_test.rb +7 -5
  71. data/test/controllers/helper_methods_test.rb +22 -0
  72. data/test/controllers/helpers_test.rb +1 -1
  73. data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
  74. data/test/controllers/internal_helpers_test.rb +8 -10
  75. data/test/controllers/load_hooks_controller_test.rb +1 -1
  76. data/test/controllers/passwords_controller_test.rb +4 -3
  77. data/test/controllers/sessions_controller_test.rb +21 -18
  78. data/test/controllers/url_helpers_test.rb +1 -1
  79. data/test/devise_test.rb +27 -0
  80. data/test/failure_app_test.rb +37 -15
  81. data/test/generators/active_record_generator_test.rb +0 -26
  82. data/test/generators/install_generator_test.rb +14 -3
  83. data/test/generators/views_generator_test.rb +7 -0
  84. data/test/helpers/devise_helper_test.rb +1 -1
  85. data/test/integration/authenticatable_test.rb +18 -18
  86. data/test/integration/confirmable_test.rb +5 -5
  87. data/test/integration/database_authenticatable_test.rb +1 -1
  88. data/test/integration/http_authenticatable_test.rb +4 -5
  89. data/test/integration/lockable_test.rb +4 -3
  90. data/test/integration/omniauthable_test.rb +12 -10
  91. data/test/integration/recoverable_test.rb +10 -10
  92. data/test/integration/registerable_test.rb +9 -11
  93. data/test/integration/rememberable_test.rb +42 -7
  94. data/test/integration/timeoutable_test.rb +16 -4
  95. data/test/integration/trackable_test.rb +1 -1
  96. data/test/mailers/confirmation_instructions_test.rb +6 -6
  97. data/test/mailers/reset_password_instructions_test.rb +5 -5
  98. data/test/mailers/unlock_instructions_test.rb +5 -5
  99. data/test/models/confirmable_test.rb +25 -1
  100. data/test/models/database_authenticatable_test.rb +26 -6
  101. data/test/models/lockable_test.rb +1 -1
  102. data/test/models/recoverable_test.rb +23 -0
  103. data/test/models/rememberable_test.rb +48 -95
  104. data/test/models/validatable_test.rb +2 -10
  105. data/test/models_test.rb +15 -6
  106. data/test/omniauth/url_helpers_test.rb +4 -7
  107. data/test/orm/active_record.rb +6 -1
  108. data/test/parameter_sanitizer_test.rb +103 -53
  109. data/test/rails_app/app/active_record/user.rb +1 -0
  110. data/test/rails_app/app/active_record/user_without_email.rb +8 -0
  111. data/test/rails_app/app/controllers/admins_controller.rb +1 -1
  112. data/test/rails_app/app/controllers/application_controller.rb +2 -2
  113. data/test/rails_app/app/controllers/home_controller.rb +5 -1
  114. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
  115. data/test/rails_app/app/controllers/users_controller.rb +5 -5
  116. data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
  117. data/test/rails_app/config/application.rb +1 -1
  118. data/test/rails_app/config/boot.rb +4 -4
  119. data/test/rails_app/config/environments/test.rb +6 -1
  120. data/test/rails_app/config/initializers/devise.rb +1 -1
  121. data/test/rails_app/config/initializers/secret_token.rb +1 -6
  122. data/test/rails_app/config/routes.rb +5 -0
  123. data/test/rails_app/lib/shared_user_without_email.rb +26 -0
  124. data/test/routes_test.rb +28 -13
  125. data/test/support/helpers.rb +4 -0
  126. data/test/support/http_method_compatibility.rb +51 -0
  127. data/test/support/webrat/integrations/rails.rb +9 -0
  128. data/test/test_helpers_test.rb +5 -5
  129. data/test/test_models.rb +1 -1
  130. metadata +41 -45
  131. data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
  132. data/gemfiles/Gemfile.rails-4.0-stable +0 -29
  133. data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
  134. data/script/cached-bundle +0 -49
  135. data/script/s3-put +0 -71
@@ -0,0 +1,22 @@
1
+ # Contributor Code of Conduct
2
+
3
+ As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
4
+
5
+ We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
6
+
7
+ Examples of unacceptable behavior by participants include:
8
+
9
+ * The use of sexualized language or imagery
10
+ * Personal attacks
11
+ * Trolling or insulting/derogatory comments
12
+ * Public or private harassment
13
+ * Publishing other's private information, such as physical or electronic addresses, without explicit permission
14
+ * Other unethical or unprofessional conduct.
15
+
16
+ Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team.
17
+
18
+ This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
19
+
20
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [conduct@plataformatec.com.br](conduct@plataformatec.com.br) or contacting one or more of the project maintainers.
21
+
22
+ This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
data/CONTRIBUTING.md CHANGED
@@ -8,6 +8,8 @@
8
8
 
9
9
  4) When reporting an issue, include Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace.
10
10
 
11
+ 5) Notice that all of your interactions in the project are expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md)
12
+
11
13
  That's it! The more information you give, the easier it becomes for us to track it down and fix it.
12
14
  Ideally, you should provide an application that reproduces the error or a test case to Devise's suite.
13
15
 
data/Gemfile CHANGED
@@ -2,9 +2,9 @@ source "https://rubygems.org"
2
2
 
3
3
  gemspec
4
4
 
5
- gem "rails", "4.2.2"
6
- gem "omniauth", "~> 1.2.0"
7
- gem "omniauth-oauth2", "~> 1.1.0"
5
+ gem "rails", "~> 4.2.6"
6
+ gem "omniauth", "~> 1.3"
7
+ gem "omniauth-oauth2", "~> 1.4"
8
8
  gem "rdoc"
9
9
 
10
10
  group :test do
data/Gemfile.lock CHANGED
@@ -1,74 +1,74 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- devise (3.5.2)
4
+ devise (4.0.0)
5
5
  bcrypt (~> 3.0)
6
6
  orm_adapter (~> 0.1)
7
- railties (>= 3.2.6, < 5)
7
+ railties (>= 4.1.0, < 5.1)
8
8
  responders
9
- thread_safe (~> 0.1)
10
9
  warden (~> 1.2.3)
11
10
 
12
11
  GEM
13
12
  remote: https://rubygems.org/
14
13
  specs:
15
- actionmailer (4.2.2)
16
- actionpack (= 4.2.2)
17
- actionview (= 4.2.2)
18
- activejob (= 4.2.2)
14
+ actionmailer (4.2.6)
15
+ actionpack (= 4.2.6)
16
+ actionview (= 4.2.6)
17
+ activejob (= 4.2.6)
19
18
  mail (~> 2.5, >= 2.5.4)
20
19
  rails-dom-testing (~> 1.0, >= 1.0.5)
21
- actionpack (4.2.2)
22
- actionview (= 4.2.2)
23
- activesupport (= 4.2.2)
20
+ actionpack (4.2.6)
21
+ actionview (= 4.2.6)
22
+ activesupport (= 4.2.6)
24
23
  rack (~> 1.6)
25
24
  rack-test (~> 0.6.2)
26
25
  rails-dom-testing (~> 1.0, >= 1.0.5)
27
- rails-html-sanitizer (~> 1.0, >= 1.0.1)
28
- actionview (4.2.2)
29
- activesupport (= 4.2.2)
26
+ rails-html-sanitizer (~> 1.0, >= 1.0.2)
27
+ actionview (4.2.6)
28
+ activesupport (= 4.2.6)
30
29
  builder (~> 3.1)
31
30
  erubis (~> 2.7.0)
32
31
  rails-dom-testing (~> 1.0, >= 1.0.5)
33
- rails-html-sanitizer (~> 1.0, >= 1.0.1)
34
- activejob (4.2.2)
35
- activesupport (= 4.2.2)
32
+ rails-html-sanitizer (~> 1.0, >= 1.0.2)
33
+ activejob (4.2.6)
34
+ activesupport (= 4.2.6)
36
35
  globalid (>= 0.3.0)
37
- activemodel (4.2.2)
38
- activesupport (= 4.2.2)
36
+ activemodel (4.2.6)
37
+ activesupport (= 4.2.6)
39
38
  builder (~> 3.1)
40
- activerecord (4.2.2)
41
- activemodel (= 4.2.2)
42
- activesupport (= 4.2.2)
39
+ activerecord (4.2.6)
40
+ activemodel (= 4.2.6)
41
+ activesupport (= 4.2.6)
43
42
  arel (~> 6.0)
44
- activesupport (4.2.2)
43
+ activesupport (4.2.6)
45
44
  i18n (~> 0.7)
46
45
  json (~> 1.7, >= 1.7.7)
47
46
  minitest (~> 5.1)
48
47
  thread_safe (~> 0.3, >= 0.3.4)
49
48
  tzinfo (~> 1.1)
50
- arel (6.0.0)
51
- bcrypt (3.1.10)
52
- bson (3.1.2)
49
+ arel (6.0.3)
50
+ bcrypt (3.1.11)
51
+ bson (3.2.6)
53
52
  builder (3.2.2)
53
+ concurrent-ruby (1.0.1)
54
54
  connection_pool (2.2.0)
55
55
  erubis (2.7.0)
56
- faraday (0.9.1)
56
+ faraday (0.9.2)
57
57
  multipart-post (>= 1.2, < 3)
58
- globalid (0.3.5)
58
+ globalid (0.3.6)
59
59
  activesupport (>= 4.1.0)
60
- hashie (3.4.0)
60
+ hashie (3.4.3)
61
61
  i18n (0.7.0)
62
62
  json (1.8.3)
63
- jwt (1.4.1)
64
- loofah (2.0.2)
63
+ jwt (1.5.1)
64
+ loofah (2.0.3)
65
65
  nokogiri (>= 1.5.9)
66
66
  mail (2.6.3)
67
67
  mime-types (>= 1.16, < 3)
68
68
  metaclass (0.0.4)
69
- mime-types (2.6.1)
70
- mini_portile (0.6.2)
71
- minitest (5.7.0)
69
+ mime-types (2.99.1)
70
+ mini_portile2 (2.0.0)
71
+ minitest (5.8.4)
72
72
  mocha (1.1.0)
73
73
  metaclass (~> 0.0.1)
74
74
  mongoid (4.0.2)
@@ -76,84 +76,84 @@ GEM
76
76
  moped (~> 2.0.0)
77
77
  origin (~> 2.1)
78
78
  tzinfo (>= 0.3.37)
79
- moped (2.0.6)
79
+ moped (2.0.7)
80
80
  bson (~> 3.0)
81
81
  connection_pool (~> 2.0)
82
82
  optionable (~> 0.2.0)
83
- multi_json (1.11.1)
83
+ multi_json (1.11.2)
84
84
  multi_xml (0.5.5)
85
85
  multipart-post (2.0.0)
86
- nokogiri (1.6.6.2)
87
- mini_portile (~> 0.6.0)
88
- oauth2 (0.9.4)
86
+ nokogiri (1.6.7.2)
87
+ mini_portile2 (~> 2.0.0.rc2)
88
+ oauth2 (1.1.0)
89
89
  faraday (>= 0.8, < 0.10)
90
- jwt (~> 1.0)
90
+ jwt (~> 1.0, < 1.5.2)
91
91
  multi_json (~> 1.3)
92
92
  multi_xml (~> 0.5)
93
- rack (~> 1.2)
94
- omniauth (1.2.2)
93
+ rack (>= 1.2, < 3)
94
+ omniauth (1.3.1)
95
95
  hashie (>= 1.2, < 4)
96
- rack (~> 1.0)
97
- omniauth-facebook (1.6.0)
98
- omniauth-oauth2 (~> 1.1)
99
- omniauth-oauth2 (1.1.2)
100
- faraday (>= 0.8, < 0.10)
101
- multi_json (~> 1.3)
102
- oauth2 (~> 0.9.3)
96
+ rack (>= 1.0, < 3)
97
+ omniauth-facebook (3.0.0)
98
+ omniauth-oauth2 (~> 1.2)
99
+ omniauth-oauth2 (1.4.0)
100
+ oauth2 (~> 1.0)
103
101
  omniauth (~> 1.2)
104
102
  omniauth-openid (1.0.1)
105
103
  omniauth (~> 1.0)
106
104
  rack-openid (~> 1.3.1)
107
105
  optionable (0.2.0)
108
- origin (2.1.1)
106
+ origin (2.2.0)
109
107
  orm_adapter (0.5.0)
110
- rack (1.6.2)
108
+ rack (1.6.4)
111
109
  rack-openid (1.3.1)
112
110
  rack (>= 1.1.0)
113
111
  ruby-openid (>= 2.1.8)
114
112
  rack-test (0.6.3)
115
113
  rack (>= 1.0)
116
- rails (4.2.2)
117
- actionmailer (= 4.2.2)
118
- actionpack (= 4.2.2)
119
- actionview (= 4.2.2)
120
- activejob (= 4.2.2)
121
- activemodel (= 4.2.2)
122
- activerecord (= 4.2.2)
123
- activesupport (= 4.2.2)
114
+ rails (4.2.6)
115
+ actionmailer (= 4.2.6)
116
+ actionpack (= 4.2.6)
117
+ actionview (= 4.2.6)
118
+ activejob (= 4.2.6)
119
+ activemodel (= 4.2.6)
120
+ activerecord (= 4.2.6)
121
+ activesupport (= 4.2.6)
124
122
  bundler (>= 1.3.0, < 2.0)
125
- railties (= 4.2.2)
123
+ railties (= 4.2.6)
126
124
  sprockets-rails
127
125
  rails-deprecated_sanitizer (1.0.3)
128
126
  activesupport (>= 4.2.0.alpha)
129
- rails-dom-testing (1.0.6)
127
+ rails-dom-testing (1.0.7)
130
128
  activesupport (>= 4.2.0.beta, < 5.0)
131
129
  nokogiri (~> 1.6.0)
132
130
  rails-deprecated_sanitizer (>= 1.0.1)
133
- rails-html-sanitizer (1.0.2)
131
+ rails-html-sanitizer (1.0.3)
134
132
  loofah (~> 2.0)
135
- railties (4.2.2)
136
- actionpack (= 4.2.2)
137
- activesupport (= 4.2.2)
133
+ railties (4.2.6)
134
+ actionpack (= 4.2.6)
135
+ activesupport (= 4.2.6)
138
136
  rake (>= 0.8.7)
139
137
  thor (>= 0.18.1, < 2.0)
140
- rake (10.4.2)
141
- rdoc (4.2.0)
142
- responders (2.1.0)
143
- railties (>= 4.2.0, < 5)
138
+ rake (11.0.1)
139
+ rdoc (4.2.2)
140
+ json (~> 1.4)
141
+ responders (2.1.2)
142
+ railties (>= 4.2.0, < 5.1)
144
143
  ruby-openid (2.7.0)
145
- sprockets (3.2.0)
146
- rack (~> 1.0)
147
- sprockets-rails (2.3.1)
148
- actionpack (>= 3.0)
149
- activesupport (>= 3.0)
150
- sprockets (>= 2.8, < 4.0)
151
- sqlite3 (1.3.10)
144
+ sprockets (3.5.2)
145
+ concurrent-ruby (~> 1.0)
146
+ rack (> 1, < 3)
147
+ sprockets-rails (3.0.4)
148
+ actionpack (>= 4.0)
149
+ activesupport (>= 4.0)
150
+ sprockets (>= 3.0.0)
151
+ sqlite3 (1.3.11)
152
152
  thor (0.19.1)
153
153
  thread_safe (0.3.5)
154
154
  tzinfo (1.2.2)
155
155
  thread_safe (~> 0.1)
156
- warden (1.2.3)
156
+ warden (1.2.6)
157
157
  rack (>= 1.0)
158
158
  webrat (0.7.3)
159
159
  nokogiri (>= 1.2.0)
@@ -170,14 +170,14 @@ DEPENDENCIES
170
170
  jruby-openssl
171
171
  mocha (~> 1.1)
172
172
  mongoid (~> 4.0)
173
- omniauth (~> 1.2.0)
173
+ omniauth (~> 1.3)
174
174
  omniauth-facebook
175
- omniauth-oauth2 (~> 1.1.0)
175
+ omniauth-oauth2 (~> 1.4)
176
176
  omniauth-openid (~> 1.0.1)
177
- rails (= 4.2.2)
177
+ rails (~> 4.2.6)
178
178
  rdoc
179
179
  sqlite3
180
180
  webrat (= 0.7.3)
181
181
 
182
182
  BUNDLED WITH
183
- 1.10.6
183
+ 1.11.2
data/MIT-LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Copyright 2009-2015 Plataformatec. http://plataformatec.com.br
1
+ Copyright 2009-2016 Plataformatec. http://plataformatec.com.br
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining
4
4
  a copy of this software and associated documentation files (the
data/README.md CHANGED
@@ -4,7 +4,6 @@ By [Plataformatec](http://plataformatec.com.br/).
4
4
 
5
5
  [![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise)
6
6
  [![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise)
7
- [![Security](https://hakiri.io/github/plataformatec/devise/master.svg)](https://hakiri.io/github/plataformatec/devise/master)
8
7
 
9
8
  This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).
10
9
 
@@ -17,7 +16,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
17
16
 
18
17
  It's composed of 10 modules:
19
18
 
20
- * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
19
+ * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
21
20
  * [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support.
22
21
  * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
23
22
  * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
@@ -28,8 +27,6 @@ It's composed of 10 modules:
28
27
  * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
29
28
  * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
30
29
 
31
- Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress.
32
-
33
30
  ## Information
34
31
 
35
32
  ### The Devise wiki
@@ -92,7 +89,7 @@ Once you have solidified your understanding of Rails and authentication mechanis
92
89
 
93
90
  ## Getting started
94
91
 
95
- Devise 3.0 works with Rails 3.2 onwards. You can add it to your Gemfile with:
92
+ Devise 4.0 works with Rails 4.2 onwards. You can add it to your Gemfile with:
96
93
 
97
94
  ```ruby
98
95
  gem 'devise'
@@ -112,7 +109,7 @@ The generator will install an initializer which describes ALL of Devise's config
112
109
  rails generate devise MODEL
113
110
  ```
114
111
 
115
- Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
112
+ Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
116
113
 
117
114
  Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
118
115
 
@@ -132,6 +129,8 @@ Devise will create some helpers to use inside your controllers and views. To set
132
129
  before_action :authenticate_user!
133
130
  ```
134
131
 
132
+ For Rails 5, note that `protect_from_forgery` is no longer prepended to the `before_action` chain, so if you have set `authenticate_user` before `protect_from_forgery`, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use `protect_from_forgery prepend: true`.
133
+
135
134
  If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below.
136
135
 
137
136
  To verify if a user is signed in, use the following helper:
@@ -174,7 +173,7 @@ member_session
174
173
 
175
174
  ### Configuring Models
176
175
 
177
- The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the encryption algorithm with:
176
+ The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with:
178
177
 
179
178
  ```ruby
180
179
  devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20
@@ -184,9 +183,13 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`,
184
183
 
185
184
  ### Strong Parameters
186
185
 
186
+ ![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204)
187
+
188
+ *For previous Devise versions see https://github.com/plataformatec/devise/tree/3-stable#strong-parameters*
189
+
187
190
  When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
188
191
 
189
- There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are:
192
+ There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and default permitted parameters are:
190
193
 
191
194
  * `sign_in` (`Devise::SessionsController#create`) - Permits only the authentication keys (like `email`)
192
195
  * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
@@ -201,7 +204,7 @@ class ApplicationController < ActionController::Base
201
204
  protected
202
205
 
203
206
  def configure_permitted_parameters
204
- devise_parameter_sanitizer.for(:sign_up) << :username
207
+ devise_parameter_sanitizer.permit(:sign_up, keys: [:username])
205
208
  end
206
209
  end
207
210
  ```
@@ -212,7 +215,9 @@ To permit simple scalar values for username and email, use this
212
215
 
213
216
  ```ruby
214
217
  def configure_permitted_parameters
215
- devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) }
218
+ devise_parameter_sanitizer.permit(:sign_in) do |user_params|
219
+ user_params.permit(:username, :email)
220
+ end
216
221
  end
217
222
  ```
218
223
 
@@ -220,7 +225,9 @@ If you have some checkboxes that express the roles a user may take on registrati
220
225
 
221
226
  ```ruby
222
227
  def configure_permitted_parameters
223
- devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation) }
228
+ devise_parameter_sanitizer.permit(:sign_up) do |user_params|
229
+ user_params.permit({ roles: [] }, :email, :password, :password_confirmation)
230
+ end
224
231
  end
225
232
  ```
226
233
  For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see
@@ -231,8 +238,9 @@ If you have multiple Devise models, you may want to set up a different parameter
231
238
 
232
239
  ```ruby
233
240
  class User::ParameterSanitizer < Devise::ParameterSanitizer
234
- def sign_in
235
- default_params.permit(:username, :email)
241
+ def initialize(*)
242
+ super
243
+ permit(:sign_up, keys: [:username, :email])
236
244
  end
237
245
  end
238
246
  ```
@@ -347,7 +355,7 @@ Devise also ships with default routes. If you need to customize them, you should
347
355
  devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
348
356
  ```
349
357
 
350
- Be sure to check `devise_for` documentation for details.
358
+ Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details.
351
359
 
352
360
  If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router:
353
361
 
@@ -403,7 +411,7 @@ Caution: Devise Controllers inherit from ApplicationController. If your app uses
403
411
 
404
412
  ### Test helpers
405
413
 
406
- Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
414
+ Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of `ActiveSupport::TestCase` which is the default class inside of `test/test_helper.rb`):
407
415
 
408
416
  ```ruby
409
417
  class ActionController::TestCase
@@ -416,6 +424,7 @@ If you're using RSpec, you can put the following inside a file named `spec/suppo
416
424
  ```ruby
417
425
  RSpec.configure do |config|
418
426
  config.include Devise::TestHelpers, type: :controller
427
+ config.include Devise::TestHelpers, type: :view
419
428
  end
420
429
  ```
421
430
 
@@ -433,7 +442,7 @@ sign_out @user # sign_out(resource)
433
442
 
434
443
  There are two things that are important to keep in mind:
435
444
 
436
- 1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
445
+ 1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. It is undesirable even to include `Devise::TestHelpers` during integration tests. Instead, fill in the form or explicitly set the user in session;
437
446
 
438
447
  2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use:
439
448
 
@@ -477,7 +486,7 @@ devise :database_authenticatable, :timeoutable
477
486
  devise_for :admins
478
487
 
479
488
  # Inside your protected controller
480
- before_filter :authenticate_admin!
489
+ before_action :authenticate_admin!
481
490
 
482
491
  # Inside your controllers and views
483
492
  admin_signed_in?
@@ -545,6 +554,6 @@ https://github.com/plataformatec/devise/graphs/contributors
545
554
 
546
555
  ## License
547
556
 
548
- MIT License. Copyright 2009-2015 Plataformatec. http://plataformatec.com.br
557
+ MIT License. Copyright 2009-2016 Plataformatec. http://plataformatec.com.br
549
558
 
550
559
  You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo.
@@ -22,7 +22,7 @@ class Devise::ConfirmationsController < DeviseController
22
22
  yield resource if block_given?
23
23
 
24
24
  if resource.errors.empty?
25
- set_flash_message(:notice, :confirmed) if is_flashing_format?
25
+ set_flash_message!(:notice, :confirmed)
26
26
  respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
27
27
  else
28
28
  respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
@@ -1,5 +1,5 @@
1
1
  class Devise::OmniauthCallbacksController < DeviseController
2
- prepend_before_filter { request.env["devise.skip_timeout"] = true }
2
+ prepend_before_action { request.env["devise.skip_timeout"] = true }
3
3
 
4
4
  def passthru
5
5
  render status: 404, text: "Not found. Authentication passthru."
@@ -13,14 +13,14 @@ class Devise::OmniauthCallbacksController < DeviseController
13
13
  protected
14
14
 
15
15
  def failed_strategy
16
- env["omniauth.error.strategy"]
16
+ request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : env["omniauth.error.strategy"]
17
17
  end
18
18
 
19
19
  def failure_message
20
- exception = env["omniauth.error"]
20
+ exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : env["omniauth.error"]
21
21
  error = exception.error_reason if exception.respond_to?(:error_reason)
22
22
  error ||= exception.error if exception.respond_to?(:error)
23
- error ||= env["omniauth.error.type"].to_s
23
+ error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : env["omniauth.error.type"]).to_s
24
24
  error.to_s.humanize if error
25
25
  end
26
26
 
@@ -1,7 +1,7 @@
1
1
  class Devise::PasswordsController < DeviseController
2
- prepend_before_filter :require_no_authentication
2
+ prepend_before_action :require_no_authentication
3
3
  # Render the #edit only if coming from a reset password email link
4
- append_before_filter :assert_reset_token_passed, only: :edit
4
+ append_before_action :assert_reset_token_passed, only: :edit
5
5
 
6
6
  # GET /resource/password/new
7
7
  def new
@@ -36,13 +36,14 @@ class Devise::PasswordsController < DeviseController
36
36
  resource.unlock_access! if unlockable?(resource)
37
37
  if Devise.sign_in_after_reset_password
38
38
  flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
39
- set_flash_message(:notice, flash_message) if is_flashing_format?
39
+ set_flash_message!(:notice, flash_message)
40
40
  sign_in(resource_name, resource)
41
41
  else
42
- set_flash_message(:notice, :updated_not_active) if is_flashing_format?
42
+ set_flash_message!(:notice, :updated_not_active)
43
43
  end
44
44
  respond_with resource, location: after_resetting_password_path_for(resource)
45
45
  else
46
+ set_minimum_password_length
46
47
  respond_with resource
47
48
  end
48
49
  end
@@ -1,6 +1,6 @@
1
1
  class Devise::RegistrationsController < DeviseController
2
- prepend_before_filter :require_no_authentication, only: [:new, :create, :cancel]
3
- prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy]
2
+ prepend_before_action :require_no_authentication, only: [:new, :create, :cancel]
3
+ prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy]
4
4
 
5
5
  # GET /resource/sign_up
6
6
  def new
@@ -18,11 +18,11 @@ class Devise::RegistrationsController < DeviseController
18
18
  yield resource if block_given?
19
19
  if resource.persisted?
20
20
  if resource.active_for_authentication?
21
- set_flash_message :notice, :signed_up if is_flashing_format?
21
+ set_flash_message! :notice, :signed_up
22
22
  sign_up(resource_name, resource)
23
23
  respond_with resource, location: after_sign_up_path_for(resource)
24
24
  else
25
- set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
25
+ set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}"
26
26
  expire_data_after_sign_in!
27
27
  respond_with resource, location: after_inactive_sign_up_path_for(resource)
28
28
  end
@@ -65,7 +65,7 @@ class Devise::RegistrationsController < DeviseController
65
65
  def destroy
66
66
  resource.destroy
67
67
  Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
68
- set_flash_message :notice, :destroyed if is_flashing_format?
68
+ set_flash_message! :notice, :destroyed
69
69
  yield resource if block_given?
70
70
  respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
71
71
  end
@@ -1,8 +1,8 @@
1
1
  class Devise::SessionsController < DeviseController
2
- prepend_before_filter :require_no_authentication, only: [:new, :create]
3
- prepend_before_filter :allow_params_authentication!, only: :create
4
- prepend_before_filter :verify_signed_out_user, only: :destroy
5
- prepend_before_filter only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
2
+ prepend_before_action :require_no_authentication, only: [:new, :create]
3
+ prepend_before_action :allow_params_authentication!, only: :create
4
+ prepend_before_action :verify_signed_out_user, only: :destroy
5
+ prepend_before_action only: [:create, :destroy] { request.env["devise.skip_timeout"] = true }
6
6
 
7
7
  # GET /resource/sign_in
8
8
  def new
@@ -15,7 +15,7 @@ class Devise::SessionsController < DeviseController
15
15
  # POST /resource/sign_in
16
16
  def create
17
17
  self.resource = warden.authenticate!(auth_options)
18
- set_flash_message(:notice, :signed_in) if is_flashing_format?
18
+ set_flash_message!(:notice, :signed_in)
19
19
  sign_in(resource_name, resource)
20
20
  yield resource if block_given?
21
21
  respond_with resource, location: after_sign_in_path_for(resource)
@@ -24,7 +24,7 @@ class Devise::SessionsController < DeviseController
24
24
  # DELETE /resource/sign_out
25
25
  def destroy
26
26
  signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
27
- set_flash_message :notice, :signed_out if signed_out && is_flashing_format?
27
+ set_flash_message! :notice, :signed_out if signed_out
28
28
  yield if block_given?
29
29
  respond_to_on_destroy
30
30
  end
@@ -58,7 +58,7 @@ class Devise::SessionsController < DeviseController
58
58
  # to the after_sign_out path.
59
59
  def verify_signed_out_user
60
60
  if all_signed_out?
61
- set_flash_message :notice, :already_signed_out if is_flashing_format?
61
+ set_flash_message! :notice, :already_signed_out
62
62
 
63
63
  respond_to_on_destroy
64
64
  end
@@ -1,5 +1,5 @@
1
1
  class Devise::UnlocksController < DeviseController
2
- prepend_before_filter :require_no_authentication
2
+ prepend_before_action :require_no_authentication
3
3
 
4
4
  # GET /resource/unlock/new
5
5
  def new
@@ -24,7 +24,7 @@ class Devise::UnlocksController < DeviseController
24
24
  yield resource if block_given?
25
25
 
26
26
  if resource.errors.empty?
27
- set_flash_message :notice, :unlocked if is_flashing_format?
27
+ set_flash_message! :notice, :unlocked
28
28
  respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
29
29
  else
30
30
  respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }