devise 3.5.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +14 -15
- data/CHANGELOG.md +57 -1125
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +3 -3
- data/Gemfile.lock +80 -80
- data/MIT-LICENSE +1 -1
- data/README.md +27 -18
- data/app/controllers/devise/confirmations_controller.rb +1 -1
- data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
- data/app/controllers/devise/passwords_controller.rb +5 -4
- data/app/controllers/devise/registrations_controller.rb +5 -5
- data/app/controllers/devise/sessions_controller.rb +7 -7
- data/app/controllers/devise/unlocks_controller.rb +2 -2
- data/app/controllers/devise_controller.rb +20 -9
- data/app/mailers/devise/mailer.rb +4 -0
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/shared/_links.html.erb +1 -1
- data/bin/test +13 -0
- data/config/locales/en.yml +2 -0
- data/devise.gemspec +2 -3
- data/gemfiles/Gemfile.rails-4.1-stable +4 -4
- data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
- data/gemfiles/Gemfile.rails-4.2-stable +4 -4
- data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
- data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
- data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
- data/lib/devise/controllers/helpers.rb +20 -24
- data/lib/devise/controllers/rememberable.rb +8 -1
- data/lib/devise/encryptor.rb +4 -4
- data/lib/devise/failure_app.rb +33 -12
- data/lib/devise/hooks/timeoutable.rb +5 -3
- data/lib/devise/mailers/helpers.rb +1 -1
- data/lib/devise/models/authenticatable.rb +5 -1
- data/lib/devise/models/confirmable.rb +6 -6
- data/lib/devise/models/database_authenticatable.rb +20 -7
- data/lib/devise/models/lockable.rb +1 -1
- data/lib/devise/models/recoverable.rb +3 -7
- data/lib/devise/models/rememberable.rb +38 -24
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/models.rb +1 -1
- data/lib/devise/omniauth/url_helpers.rb +62 -4
- data/lib/devise/parameter_sanitizer.rb +176 -61
- data/lib/devise/rails/routes.rb +54 -31
- data/lib/devise/rails/warden_compat.rb +1 -10
- data/lib/devise/rails.rb +1 -10
- data/lib/devise/strategies/authenticatable.rb +1 -1
- data/lib/devise/strategies/database_authenticatable.rb +3 -3
- data/lib/devise/strategies/rememberable.rb +3 -6
- data/lib/devise/test_helpers.rb +10 -5
- data/lib/devise/token_generator.rb +1 -41
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +115 -20
- data/lib/generators/active_record/devise_generator.rb +11 -5
- data/lib/generators/active_record/templates/migration.rb +2 -2
- data/lib/generators/active_record/templates/migration_existing.rb +2 -2
- data/lib/generators/devise/install_generator.rb +15 -0
- data/lib/generators/devise/orm_helpers.rb +1 -18
- data/lib/generators/devise/views_generator.rb +14 -3
- data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
- data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
- data/lib/generators/templates/devise.rb +19 -17
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/test/controllers/custom_registrations_controller_test.rb +5 -5
- data/test/controllers/custom_strategy_test.rb +7 -5
- data/test/controllers/helper_methods_test.rb +22 -0
- data/test/controllers/helpers_test.rb +1 -1
- data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
- data/test/controllers/internal_helpers_test.rb +8 -10
- data/test/controllers/load_hooks_controller_test.rb +1 -1
- data/test/controllers/passwords_controller_test.rb +4 -3
- data/test/controllers/sessions_controller_test.rb +21 -18
- data/test/controllers/url_helpers_test.rb +1 -1
- data/test/devise_test.rb +27 -0
- data/test/failure_app_test.rb +37 -15
- data/test/generators/active_record_generator_test.rb +0 -26
- data/test/generators/install_generator_test.rb +14 -3
- data/test/generators/views_generator_test.rb +7 -0
- data/test/helpers/devise_helper_test.rb +1 -1
- data/test/integration/authenticatable_test.rb +18 -18
- data/test/integration/confirmable_test.rb +5 -5
- data/test/integration/database_authenticatable_test.rb +1 -1
- data/test/integration/http_authenticatable_test.rb +4 -5
- data/test/integration/lockable_test.rb +4 -3
- data/test/integration/omniauthable_test.rb +12 -10
- data/test/integration/recoverable_test.rb +10 -10
- data/test/integration/registerable_test.rb +9 -11
- data/test/integration/rememberable_test.rb +42 -7
- data/test/integration/timeoutable_test.rb +16 -4
- data/test/integration/trackable_test.rb +1 -1
- data/test/mailers/confirmation_instructions_test.rb +6 -6
- data/test/mailers/reset_password_instructions_test.rb +5 -5
- data/test/mailers/unlock_instructions_test.rb +5 -5
- data/test/models/confirmable_test.rb +25 -1
- data/test/models/database_authenticatable_test.rb +26 -6
- data/test/models/lockable_test.rb +1 -1
- data/test/models/recoverable_test.rb +23 -0
- data/test/models/rememberable_test.rb +48 -95
- data/test/models/validatable_test.rb +2 -10
- data/test/models_test.rb +15 -6
- data/test/omniauth/url_helpers_test.rb +4 -7
- data/test/orm/active_record.rb +6 -1
- data/test/parameter_sanitizer_test.rb +103 -53
- data/test/rails_app/app/active_record/user.rb +1 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins_controller.rb +1 -1
- data/test/rails_app/app/controllers/application_controller.rb +2 -2
- data/test/rails_app/app/controllers/home_controller.rb +5 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
- data/test/rails_app/app/controllers/users_controller.rb +5 -5
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/config/application.rb +1 -1
- data/test/rails_app/config/boot.rb +4 -4
- data/test/rails_app/config/environments/test.rb +6 -1
- data/test/rails_app/config/initializers/devise.rb +1 -1
- data/test/rails_app/config/initializers/secret_token.rb +1 -6
- data/test/rails_app/config/routes.rb +5 -0
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/routes_test.rb +28 -13
- data/test/support/helpers.rb +4 -0
- data/test/support/http_method_compatibility.rb +51 -0
- data/test/support/webrat/integrations/rails.rb +9 -0
- data/test/test_helpers_test.rb +5 -5
- data/test/test_models.rb +1 -1
- metadata +41 -45
- data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
- data/gemfiles/Gemfile.rails-4.0-stable +0 -29
- data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
- data/script/cached-bundle +0 -49
- data/script/s3-put +0 -71
|
@@ -1,12 +1,19 @@
|
|
|
1
1
|
source "https://rubygems.org"
|
|
2
2
|
|
|
3
|
-
gemspec path:
|
|
3
|
+
gemspec path: ".."
|
|
4
4
|
|
|
5
|
-
gem "rails",
|
|
6
|
-
gem "omniauth", "~>
|
|
7
|
-
gem "
|
|
5
|
+
gem "rails", "5.0.0.beta3"
|
|
6
|
+
gem "omniauth", " ~>1.3"
|
|
7
|
+
gem "oauth2"
|
|
8
|
+
gem "omniauth-oauth2", ">= 1.2.0", "< 1.5.0"
|
|
8
9
|
gem "rdoc"
|
|
9
10
|
|
|
11
|
+
gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
|
|
12
|
+
|
|
13
|
+
gem "rails-controller-testing"
|
|
14
|
+
|
|
15
|
+
gem "responders", "~> 2.1.1"
|
|
16
|
+
|
|
10
17
|
group :test do
|
|
11
18
|
gem "omniauth-facebook"
|
|
12
19
|
gem "omniauth-openid", "~> 1.0.1"
|
|
@@ -24,6 +31,7 @@ platforms :ruby do
|
|
|
24
31
|
gem "sqlite3"
|
|
25
32
|
end
|
|
26
33
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
34
|
+
# TODO:
|
|
35
|
+
# group :mongoid do
|
|
36
|
+
# gem "mongoid", "~> 4.0.0"
|
|
37
|
+
# end
|
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
GIT
|
|
2
|
+
remote: git://github.com/rails/activemodel-serializers-xml.git
|
|
3
|
+
revision: f380ea5ddefcb9a37f4fbc47606ed6fbecdb2b2a
|
|
4
|
+
specs:
|
|
5
|
+
activemodel-serializers-xml (1.0.0)
|
|
6
|
+
activemodel (> 5.x)
|
|
7
|
+
activerecord (> 5.x)
|
|
8
|
+
activesupport (> 5.x)
|
|
9
|
+
builder (~> 3.1)
|
|
10
|
+
|
|
11
|
+
PATH
|
|
12
|
+
remote: ..
|
|
13
|
+
specs:
|
|
14
|
+
devise (4.0.0.rc2)
|
|
15
|
+
bcrypt (~> 3.0)
|
|
16
|
+
orm_adapter (~> 0.1)
|
|
17
|
+
railties (>= 4.1.0, < 5.1)
|
|
18
|
+
responders
|
|
19
|
+
warden (~> 1.2.3)
|
|
20
|
+
|
|
21
|
+
GEM
|
|
22
|
+
remote: https://rubygems.org/
|
|
23
|
+
specs:
|
|
24
|
+
actioncable (5.0.0.beta3)
|
|
25
|
+
actionpack (= 5.0.0.beta3)
|
|
26
|
+
nio4r (~> 1.2)
|
|
27
|
+
websocket-driver (~> 0.6.1)
|
|
28
|
+
actionmailer (5.0.0.beta3)
|
|
29
|
+
actionpack (= 5.0.0.beta3)
|
|
30
|
+
actionview (= 5.0.0.beta3)
|
|
31
|
+
activejob (= 5.0.0.beta3)
|
|
32
|
+
mail (~> 2.5, >= 2.5.4)
|
|
33
|
+
rails-dom-testing (~> 1.0, >= 1.0.5)
|
|
34
|
+
actionpack (5.0.0.beta3)
|
|
35
|
+
actionview (= 5.0.0.beta3)
|
|
36
|
+
activesupport (= 5.0.0.beta3)
|
|
37
|
+
rack (~> 2.x)
|
|
38
|
+
rack-test (~> 0.6.3)
|
|
39
|
+
rails-dom-testing (~> 1.0, >= 1.0.5)
|
|
40
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
|
41
|
+
actionview (5.0.0.beta3)
|
|
42
|
+
activesupport (= 5.0.0.beta3)
|
|
43
|
+
builder (~> 3.1)
|
|
44
|
+
erubis (~> 2.7.0)
|
|
45
|
+
rails-dom-testing (~> 1.0, >= 1.0.5)
|
|
46
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
|
47
|
+
activejob (5.0.0.beta3)
|
|
48
|
+
activesupport (= 5.0.0.beta3)
|
|
49
|
+
globalid (>= 0.3.6)
|
|
50
|
+
activemodel (5.0.0.beta3)
|
|
51
|
+
activesupport (= 5.0.0.beta3)
|
|
52
|
+
activerecord (5.0.0.beta3)
|
|
53
|
+
activemodel (= 5.0.0.beta3)
|
|
54
|
+
activesupport (= 5.0.0.beta3)
|
|
55
|
+
arel (~> 7.0)
|
|
56
|
+
activesupport (5.0.0.beta3)
|
|
57
|
+
concurrent-ruby (~> 1.0)
|
|
58
|
+
i18n (~> 0.7)
|
|
59
|
+
minitest (~> 5.1)
|
|
60
|
+
tzinfo (~> 1.1)
|
|
61
|
+
arel (7.0.0)
|
|
62
|
+
bcrypt (3.1.11)
|
|
63
|
+
builder (3.2.2)
|
|
64
|
+
concurrent-ruby (1.0.1)
|
|
65
|
+
erubis (2.7.0)
|
|
66
|
+
faraday (0.9.2)
|
|
67
|
+
multipart-post (>= 1.2, < 3)
|
|
68
|
+
globalid (0.3.6)
|
|
69
|
+
activesupport (>= 4.1.0)
|
|
70
|
+
hashie (3.4.3)
|
|
71
|
+
i18n (0.7.0)
|
|
72
|
+
json (1.8.3)
|
|
73
|
+
jwt (1.5.1)
|
|
74
|
+
loofah (2.0.3)
|
|
75
|
+
nokogiri (>= 1.5.9)
|
|
76
|
+
mail (2.6.4)
|
|
77
|
+
mime-types (>= 1.16, < 4)
|
|
78
|
+
metaclass (0.0.4)
|
|
79
|
+
method_source (0.8.2)
|
|
80
|
+
mime-types (3.0)
|
|
81
|
+
mime-types-data (~> 3.2015)
|
|
82
|
+
mime-types-data (3.2016.0221)
|
|
83
|
+
mini_portile2 (2.0.0)
|
|
84
|
+
minitest (5.8.4)
|
|
85
|
+
mocha (1.1.0)
|
|
86
|
+
metaclass (~> 0.0.1)
|
|
87
|
+
multi_json (1.11.2)
|
|
88
|
+
multi_xml (0.5.5)
|
|
89
|
+
multipart-post (2.0.0)
|
|
90
|
+
nio4r (1.2.1)
|
|
91
|
+
nokogiri (1.6.7.2)
|
|
92
|
+
mini_portile2 (~> 2.0.0.rc2)
|
|
93
|
+
oauth2 (1.1.0)
|
|
94
|
+
faraday (>= 0.8, < 0.10)
|
|
95
|
+
jwt (~> 1.0, < 1.5.2)
|
|
96
|
+
multi_json (~> 1.3)
|
|
97
|
+
multi_xml (~> 0.5)
|
|
98
|
+
rack (>= 1.2, < 3)
|
|
99
|
+
omniauth (1.3.1)
|
|
100
|
+
hashie (>= 1.2, < 4)
|
|
101
|
+
rack (>= 1.0, < 3)
|
|
102
|
+
omniauth-facebook (3.0.0)
|
|
103
|
+
omniauth-oauth2 (~> 1.2)
|
|
104
|
+
omniauth-oauth2 (1.4.0)
|
|
105
|
+
oauth2 (~> 1.0)
|
|
106
|
+
omniauth (~> 1.2)
|
|
107
|
+
omniauth-openid (1.0.1)
|
|
108
|
+
omniauth (~> 1.0)
|
|
109
|
+
rack-openid (~> 1.3.1)
|
|
110
|
+
orm_adapter (0.5.0)
|
|
111
|
+
rack (2.0.0.alpha)
|
|
112
|
+
json
|
|
113
|
+
rack-openid (1.3.1)
|
|
114
|
+
rack (>= 1.1.0)
|
|
115
|
+
ruby-openid (>= 2.1.8)
|
|
116
|
+
rack-test (0.6.3)
|
|
117
|
+
rack (>= 1.0)
|
|
118
|
+
rails (5.0.0.beta3)
|
|
119
|
+
actioncable (= 5.0.0.beta3)
|
|
120
|
+
actionmailer (= 5.0.0.beta3)
|
|
121
|
+
actionpack (= 5.0.0.beta3)
|
|
122
|
+
actionview (= 5.0.0.beta3)
|
|
123
|
+
activejob (= 5.0.0.beta3)
|
|
124
|
+
activemodel (= 5.0.0.beta3)
|
|
125
|
+
activerecord (= 5.0.0.beta3)
|
|
126
|
+
activesupport (= 5.0.0.beta3)
|
|
127
|
+
bundler (>= 1.3.0, < 2.0)
|
|
128
|
+
railties (= 5.0.0.beta3)
|
|
129
|
+
sprockets-rails (>= 2.0.0)
|
|
130
|
+
rails-controller-testing (0.1.1)
|
|
131
|
+
actionpack (~> 5.x)
|
|
132
|
+
actionview (~> 5.x)
|
|
133
|
+
activesupport (~> 5.x)
|
|
134
|
+
rails-deprecated_sanitizer (1.0.3)
|
|
135
|
+
activesupport (>= 4.2.0.alpha)
|
|
136
|
+
rails-dom-testing (1.0.7)
|
|
137
|
+
activesupport (>= 4.2.0.beta, < 5.0)
|
|
138
|
+
nokogiri (~> 1.6.0)
|
|
139
|
+
rails-deprecated_sanitizer (>= 1.0.1)
|
|
140
|
+
rails-html-sanitizer (1.0.3)
|
|
141
|
+
loofah (~> 2.0)
|
|
142
|
+
railties (5.0.0.beta3)
|
|
143
|
+
actionpack (= 5.0.0.beta3)
|
|
144
|
+
activesupport (= 5.0.0.beta3)
|
|
145
|
+
method_source
|
|
146
|
+
rake (>= 0.8.7)
|
|
147
|
+
thor (>= 0.18.1, < 2.0)
|
|
148
|
+
rake (11.1.2)
|
|
149
|
+
rdoc (4.2.2)
|
|
150
|
+
json (~> 1.4)
|
|
151
|
+
responders (2.1.2)
|
|
152
|
+
railties (>= 4.2.0, < 5.1)
|
|
153
|
+
ruby-openid (2.7.0)
|
|
154
|
+
sprockets (3.6.0)
|
|
155
|
+
concurrent-ruby (~> 1.0)
|
|
156
|
+
rack (> 1, < 3)
|
|
157
|
+
sprockets-rails (3.0.4)
|
|
158
|
+
actionpack (>= 4.0)
|
|
159
|
+
activesupport (>= 4.0)
|
|
160
|
+
sprockets (>= 3.0.0)
|
|
161
|
+
sqlite3 (1.3.11)
|
|
162
|
+
thor (0.19.1)
|
|
163
|
+
thread_safe (0.3.5)
|
|
164
|
+
tzinfo (1.2.2)
|
|
165
|
+
thread_safe (~> 0.1)
|
|
166
|
+
warden (1.2.6)
|
|
167
|
+
rack (>= 1.0)
|
|
168
|
+
webrat (0.7.3)
|
|
169
|
+
nokogiri (>= 1.2.0)
|
|
170
|
+
rack (>= 1.0)
|
|
171
|
+
rack-test (>= 0.5.3)
|
|
172
|
+
websocket-driver (0.6.3)
|
|
173
|
+
websocket-extensions (>= 0.1.0)
|
|
174
|
+
websocket-extensions (0.1.2)
|
|
175
|
+
|
|
176
|
+
PLATFORMS
|
|
177
|
+
ruby
|
|
178
|
+
|
|
179
|
+
DEPENDENCIES
|
|
180
|
+
activemodel-serializers-xml!
|
|
181
|
+
activerecord-jdbc-adapter
|
|
182
|
+
activerecord-jdbcsqlite3-adapter
|
|
183
|
+
devise!
|
|
184
|
+
jruby-openssl
|
|
185
|
+
mocha (~> 1.1)
|
|
186
|
+
oauth2
|
|
187
|
+
omniauth (~> 1.3)
|
|
188
|
+
omniauth-facebook
|
|
189
|
+
omniauth-oauth2 (>= 1.2.0, < 1.5.0)
|
|
190
|
+
omniauth-openid (~> 1.0.1)
|
|
191
|
+
rails (= 5.0.0.beta3)
|
|
192
|
+
rails-controller-testing
|
|
193
|
+
rdoc
|
|
194
|
+
responders (~> 2.1.1)
|
|
195
|
+
sqlite3
|
|
196
|
+
webrat (= 0.7.3)
|
|
197
|
+
|
|
198
|
+
BUNDLED WITH
|
|
199
|
+
1.11.2
|
|
@@ -7,7 +7,9 @@ module Devise
|
|
|
7
7
|
include Devise::Controllers::StoreLocation
|
|
8
8
|
|
|
9
9
|
included do
|
|
10
|
-
|
|
10
|
+
if respond_to?(:helper_method)
|
|
11
|
+
helper_method :warden, :signed_in?, :devise_controller?
|
|
12
|
+
end
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
module ClassMethods
|
|
@@ -28,8 +30,8 @@ module Devise
|
|
|
28
30
|
# current_bloggers # Currently signed in user and admin
|
|
29
31
|
#
|
|
30
32
|
# Use:
|
|
31
|
-
#
|
|
32
|
-
#
|
|
33
|
+
# before_action :authenticate_blogger! # Redirects unless either a user or an admin are authenticated
|
|
34
|
+
# before_action ->{ authenticate_blogger! :admin } # Redirects to the admin login page
|
|
33
35
|
# current_blogger :user # Preferably returns a User if one is signed in
|
|
34
36
|
#
|
|
35
37
|
def devise_group(group_name, opts={})
|
|
@@ -69,7 +71,9 @@ module Devise
|
|
|
69
71
|
end.compact
|
|
70
72
|
end
|
|
71
73
|
|
|
72
|
-
|
|
74
|
+
if respond_to?(:helper_method)
|
|
75
|
+
helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
|
|
76
|
+
end
|
|
73
77
|
METHODS
|
|
74
78
|
end
|
|
75
79
|
|
|
@@ -80,7 +84,7 @@ module Devise
|
|
|
80
84
|
end
|
|
81
85
|
|
|
82
86
|
# Define authentication filters and accessor helpers based on mappings.
|
|
83
|
-
# These filters should be used inside the controllers as
|
|
87
|
+
# These filters should be used inside the controllers as before_actions,
|
|
84
88
|
# so you can control the scope of the user who should be signed in to
|
|
85
89
|
# access that specific controller/action.
|
|
86
90
|
# Example:
|
|
@@ -100,8 +104,8 @@ module Devise
|
|
|
100
104
|
# admin_session # Session data available only to the admin scope
|
|
101
105
|
#
|
|
102
106
|
# Use:
|
|
103
|
-
#
|
|
104
|
-
#
|
|
107
|
+
# before_action :authenticate_user! # Tell devise to use :user map
|
|
108
|
+
# before_action :authenticate_admin! # Tell devise to use :admin map
|
|
105
109
|
#
|
|
106
110
|
def self.define_helpers(mapping) #:nodoc:
|
|
107
111
|
mapping = mapping.name
|
|
@@ -126,7 +130,9 @@ module Devise
|
|
|
126
130
|
METHODS
|
|
127
131
|
|
|
128
132
|
ActiveSupport.on_load(:action_controller) do
|
|
129
|
-
|
|
133
|
+
if respond_to?(:helper_method)
|
|
134
|
+
helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
|
|
135
|
+
end
|
|
130
136
|
end
|
|
131
137
|
end
|
|
132
138
|
|
|
@@ -139,20 +145,16 @@ module Devise
|
|
|
139
145
|
# the controllers defined inside devise. Useful if you want to apply a before
|
|
140
146
|
# filter to all controllers, except the ones in devise:
|
|
141
147
|
#
|
|
142
|
-
#
|
|
148
|
+
# before_action :my_filter, unless: :devise_controller?
|
|
143
149
|
def devise_controller?
|
|
144
150
|
is_a?(::DeviseController)
|
|
145
151
|
end
|
|
146
152
|
|
|
147
|
-
#
|
|
153
|
+
# Set up a param sanitizer to filter parameters using strong_parameters. See
|
|
148
154
|
# lib/devise/parameter_sanitizer.rb for more info. Override this
|
|
149
155
|
# method in your application controller to use your own parameter sanitizer.
|
|
150
156
|
def devise_parameter_sanitizer
|
|
151
|
-
@devise_parameter_sanitizer ||=
|
|
152
|
-
Devise::ParameterSanitizer.new(resource_class, resource_name, params)
|
|
153
|
-
else
|
|
154
|
-
Devise::BaseSanitizer.new(resource_class, resource_name, params)
|
|
155
|
-
end
|
|
157
|
+
@devise_parameter_sanitizer ||= Devise::ParameterSanitizer.new(resource_class, resource_name, params)
|
|
156
158
|
end
|
|
157
159
|
|
|
158
160
|
# Tell warden that params authentication is allowed for that specific page.
|
|
@@ -190,10 +192,10 @@ module Devise
|
|
|
190
192
|
# root path. For a user scope, you can define the default url in
|
|
191
193
|
# the following way:
|
|
192
194
|
#
|
|
193
|
-
#
|
|
195
|
+
# get '/users' => 'users#index', as: :user_root # creates user_root_path
|
|
194
196
|
#
|
|
195
|
-
#
|
|
196
|
-
#
|
|
197
|
+
# namespace :user do
|
|
198
|
+
# root 'users#index' # creates user_root_path
|
|
197
199
|
# end
|
|
198
200
|
#
|
|
199
201
|
# If the resource root path is not defined, root_path is used. However,
|
|
@@ -269,12 +271,6 @@ module Devise
|
|
|
269
271
|
|
|
270
272
|
private
|
|
271
273
|
|
|
272
|
-
def expire_session_data_after_sign_in!
|
|
273
|
-
ActiveSupport::Deprecation.warn "expire_session_data_after_sign_in! is deprecated " \
|
|
274
|
-
"in favor of expire_data_after_sign_in!"
|
|
275
|
-
expire_data_after_sign_in!
|
|
276
|
-
end
|
|
277
|
-
|
|
278
274
|
def expire_data_after_sign_out!
|
|
279
275
|
Devise.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) }
|
|
280
276
|
super
|
|
@@ -9,11 +9,18 @@ module Devise
|
|
|
9
9
|
Rails.configuration.session_options.slice(:path, :domain, :secure)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
+
def remember_me_is_active?(resource)
|
|
13
|
+
return false unless resource.respond_to?(:remember_me)
|
|
14
|
+
scope = Devise::Mapping.find_scope!(resource)
|
|
15
|
+
_, token, generated_at = cookies.signed[remember_key(resource, scope)]
|
|
16
|
+
resource.remember_me?(token, generated_at)
|
|
17
|
+
end
|
|
18
|
+
|
|
12
19
|
# Remembers the given resource by setting up a cookie
|
|
13
20
|
def remember_me(resource)
|
|
14
21
|
return if env["devise.skip_storage"]
|
|
15
22
|
scope = Devise::Mapping.find_scope!(resource)
|
|
16
|
-
resource.remember_me!
|
|
23
|
+
resource.remember_me!
|
|
17
24
|
cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
|
|
18
25
|
end
|
|
19
26
|
|
data/lib/devise/encryptor.rb
CHANGED
|
@@ -9,14 +9,14 @@ module Devise
|
|
|
9
9
|
::BCrypt::Password.create(password, cost: klass.stretches).to_s
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def self.compare(klass,
|
|
13
|
-
return false if
|
|
14
|
-
bcrypt = ::BCrypt::Password.new(
|
|
12
|
+
def self.compare(klass, hashed_password, password)
|
|
13
|
+
return false if hashed_password.blank?
|
|
14
|
+
bcrypt = ::BCrypt::Password.new(hashed_password)
|
|
15
15
|
if klass.pepper.present?
|
|
16
16
|
password = "#{password}#{klass.pepper}"
|
|
17
17
|
end
|
|
18
18
|
password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
|
|
19
|
-
Devise.secure_compare(password,
|
|
19
|
+
Devise.secure_compare(password, hashed_password)
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
end
|
data/lib/devise/failure_app.rb
CHANGED
|
@@ -6,7 +6,6 @@ module Devise
|
|
|
6
6
|
# page based on current scope and mapping. If no scope is given, redirect
|
|
7
7
|
# to the default_url.
|
|
8
8
|
class FailureApp < ActionController::Metal
|
|
9
|
-
include ActionController::RackDelegation
|
|
10
9
|
include ActionController::UrlFor
|
|
11
10
|
include ActionController::Redirecting
|
|
12
11
|
|
|
@@ -22,9 +21,12 @@ module Devise
|
|
|
22
21
|
@respond.call(env)
|
|
23
22
|
end
|
|
24
23
|
|
|
24
|
+
# Try retrieving the URL options from the parent controller (usually
|
|
25
|
+
# ApplicationController). Instance methods are not supported at the moment,
|
|
26
|
+
# so only the class-level attribute is used.
|
|
25
27
|
def self.default_url_options(*args)
|
|
26
|
-
if defined?(
|
|
27
|
-
|
|
28
|
+
if defined?(Devise.parent_controller.constantize)
|
|
29
|
+
Devise.parent_controller.constantize.try(:default_url_options) || {}
|
|
28
30
|
else
|
|
29
31
|
{}
|
|
30
32
|
end
|
|
@@ -48,9 +50,29 @@ module Devise
|
|
|
48
50
|
end
|
|
49
51
|
|
|
50
52
|
def recall
|
|
51
|
-
|
|
53
|
+
config = Rails.application.config
|
|
54
|
+
|
|
55
|
+
header_info = if config.try(:relative_url_root)
|
|
56
|
+
base_path = Pathname.new(config.relative_url_root)
|
|
57
|
+
full_path = Pathname.new(attempted_path)
|
|
58
|
+
|
|
59
|
+
{ "SCRIPT_NAME" => config.relative_url_root,
|
|
60
|
+
"PATH_INFO" => '/' + full_path.relative_path_from(base_path).to_s }
|
|
61
|
+
else
|
|
62
|
+
{ "PATH_INFO" => attempted_path }
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
header_info.each do | var, value|
|
|
66
|
+
if request.respond_to?(:set_header)
|
|
67
|
+
request.set_header(var, value)
|
|
68
|
+
else
|
|
69
|
+
env[var] = value
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
52
73
|
flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
|
|
53
|
-
self.response = recall_app(warden_options[:recall]).call(env)
|
|
74
|
+
# self.response = recall_app(warden_options[:recall]).call(env)
|
|
75
|
+
self.response = recall_app(warden_options[:recall]).call(request.env)
|
|
54
76
|
end
|
|
55
77
|
|
|
56
78
|
def redirect
|
|
@@ -118,11 +140,10 @@ module Devise
|
|
|
118
140
|
|
|
119
141
|
config = Rails.application.config
|
|
120
142
|
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
if config.respond_to?(:relative_url_root) && config.relative_url_root.present?
|
|
143
|
+
if config.respond_to?(:relative_url_root)
|
|
144
|
+
# Rails 4.2 goes into an infinite loop if opts[:script_name] is unset
|
|
145
|
+
rails_4_2 = (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2)
|
|
146
|
+
if config.relative_url_root.present? || rails_4_2
|
|
126
147
|
opts[:script_name] = config.relative_url_root
|
|
127
148
|
end
|
|
128
149
|
end
|
|
@@ -185,11 +206,11 @@ module Devise
|
|
|
185
206
|
end
|
|
186
207
|
|
|
187
208
|
def warden
|
|
188
|
-
env[
|
|
209
|
+
request.respond_to?(:get_header) ? request.get_header("warden") : env["warden"]
|
|
189
210
|
end
|
|
190
211
|
|
|
191
212
|
def warden_options
|
|
192
|
-
env[
|
|
213
|
+
request.respond_to?(:get_header) ? request.get_header("warden.options") : env["warden.options"]
|
|
193
214
|
end
|
|
194
215
|
|
|
195
216
|
def warden_message
|
|
@@ -7,7 +7,8 @@ Warden::Manager.after_set_user do |record, warden, options|
|
|
|
7
7
|
scope = options[:scope]
|
|
8
8
|
env = warden.request.env
|
|
9
9
|
|
|
10
|
-
if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) &&
|
|
10
|
+
if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) &&
|
|
11
|
+
options[:store] != false && !env['devise.skip_timeoutable']
|
|
11
12
|
last_request_at = warden.session(scope)['last_request_at']
|
|
12
13
|
|
|
13
14
|
if last_request_at.is_a? Integer
|
|
@@ -18,9 +19,10 @@ Warden::Manager.after_set_user do |record, warden, options|
|
|
|
18
19
|
|
|
19
20
|
proxy = Devise::Hooks::Proxy.new(warden)
|
|
20
21
|
|
|
21
|
-
if record.timedout?(last_request_at) &&
|
|
22
|
+
if record.timedout?(last_request_at) &&
|
|
23
|
+
!env['devise.skip_timeout'] &&
|
|
24
|
+
!proxy.remember_me_is_active?(record)
|
|
22
25
|
Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)
|
|
23
|
-
|
|
24
26
|
throw :warden, scope: scope, message: :timeout
|
|
25
27
|
end
|
|
26
28
|
|
|
@@ -253,7 +253,11 @@ module Devise
|
|
|
253
253
|
|
|
254
254
|
# Find or initialize a record with group of attributes based on a list of required attributes.
|
|
255
255
|
def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
|
|
256
|
-
attributes = attributes.
|
|
256
|
+
attributes = if attributes.respond_to? :permit
|
|
257
|
+
attributes.slice(*required_attributes).permit!.to_h.with_indifferent_access
|
|
258
|
+
else
|
|
259
|
+
attributes.with_indifferent_access.slice(*required_attributes)
|
|
260
|
+
end
|
|
257
261
|
attributes.delete_if { |key, value| value.blank? }
|
|
258
262
|
|
|
259
263
|
if attributes.size == required_attributes.size
|
|
@@ -24,7 +24,7 @@ module Devise
|
|
|
24
24
|
# By default allow_unconfirmed_access_for is zero, it means users always have to confirm to sign in.
|
|
25
25
|
# * +reconfirmable+: requires any email changes to be confirmed (exactly the same way as
|
|
26
26
|
# initial account confirmation) to be applied. Requires additional unconfirmed_email
|
|
27
|
-
# db field to be
|
|
27
|
+
# db field to be set up (t.reconfirmable in migrations). Until confirmed, new email is
|
|
28
28
|
# stored in unconfirmed email column, and copied to email column on successful
|
|
29
29
|
# confirmation.
|
|
30
30
|
# * +confirm_within+: the time before a sent confirmation token becomes invalid.
|
|
@@ -40,7 +40,6 @@ module Devise
|
|
|
40
40
|
#
|
|
41
41
|
module Confirmable
|
|
42
42
|
extend ActiveSupport::Concern
|
|
43
|
-
include ActionView::Helpers::DateHelper
|
|
44
43
|
|
|
45
44
|
included do
|
|
46
45
|
before_create :generate_confirmation_token, if: :confirmation_required?
|
|
@@ -76,7 +75,7 @@ module Devise
|
|
|
76
75
|
|
|
77
76
|
self.confirmed_at = Time.now.utc
|
|
78
77
|
|
|
79
|
-
saved = if
|
|
78
|
+
saved = if pending_reconfirmation?
|
|
80
79
|
skip_reconfirmation!
|
|
81
80
|
self.email = unconfirmed_email
|
|
82
81
|
self.unconfirmed_email = nil
|
|
@@ -180,7 +179,7 @@ module Devise
|
|
|
180
179
|
# Checks if the confirmation for the user is within the limit time.
|
|
181
180
|
# We do this by calculating if the difference between today and the
|
|
182
181
|
# confirmation sent date does not exceed the confirm in time configured.
|
|
183
|
-
#
|
|
182
|
+
# allow_unconfirmed_access_for is a model configuration, must always be an integer value.
|
|
184
183
|
#
|
|
185
184
|
# Example:
|
|
186
185
|
#
|
|
@@ -216,7 +215,7 @@ module Devise
|
|
|
216
215
|
# confirmation_period_expired? # will always return false
|
|
217
216
|
#
|
|
218
217
|
def confirmation_period_expired?
|
|
219
|
-
self.class.confirm_within && (Time.now > self.confirmation_sent_at + self.class.confirm_within)
|
|
218
|
+
self.class.confirm_within && self.confirmation_sent_at && (Time.now > self.confirmation_sent_at + self.class.confirm_within)
|
|
220
219
|
end
|
|
221
220
|
|
|
222
221
|
# Checks whether the record requires any confirmation.
|
|
@@ -254,7 +253,7 @@ module Devise
|
|
|
254
253
|
end
|
|
255
254
|
|
|
256
255
|
def postpone_email_change?
|
|
257
|
-
postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present?
|
|
256
|
+
postpone = self.class.reconfirmable && email_changed? && email_was.present? && !@bypass_confirmation_postpone && self.email.present?
|
|
258
257
|
@bypass_confirmation_postpone = false
|
|
259
258
|
postpone
|
|
260
259
|
end
|
|
@@ -315,6 +314,7 @@ module Devise
|
|
|
315
314
|
|
|
316
315
|
# Find a record for confirmation by unconfirmed email field
|
|
317
316
|
def find_by_unconfirmed_email_with_errors(attributes = {})
|
|
317
|
+
attributes = attributes.slice(*confirmation_keys).permit!.to_h if attributes.respond_to? :permit
|
|
318
318
|
unconfirmed_required_attributes = confirmation_keys.map { |k| k == :email ? :unconfirmed_email : k }
|
|
319
319
|
unconfirmed_attributes = attributes.symbolize_keys
|
|
320
320
|
unconfirmed_attributes[:unconfirmed_email] = unconfirmed_attributes.delete(:email)
|
|
@@ -7,12 +7,12 @@ module Devise
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
module Models
|
|
10
|
-
# Authenticatable Module, responsible for
|
|
11
|
-
# authenticity of a user while signing in.
|
|
10
|
+
# Authenticatable Module, responsible for hashing the password and
|
|
11
|
+
# validating the authenticity of a user while signing in.
|
|
12
12
|
#
|
|
13
13
|
# == Options
|
|
14
14
|
#
|
|
15
|
-
#
|
|
15
|
+
# DatabaseAuthenticatable adds the following options to devise_for:
|
|
16
16
|
#
|
|
17
17
|
# * +pepper+: a random string used to provide a more secure hash. Use
|
|
18
18
|
# `rake secret` to generate new keys.
|
|
@@ -27,6 +27,8 @@ module Devise
|
|
|
27
27
|
extend ActiveSupport::Concern
|
|
28
28
|
|
|
29
29
|
included do
|
|
30
|
+
after_update :send_password_change_notification, if: :send_password_change_notification?
|
|
31
|
+
|
|
30
32
|
attr_reader :password, :current_password
|
|
31
33
|
attr_accessor :password_confirmation
|
|
32
34
|
end
|
|
@@ -35,8 +37,11 @@ module Devise
|
|
|
35
37
|
[:encrypted_password] + klass.authentication_keys
|
|
36
38
|
end
|
|
37
39
|
|
|
38
|
-
# Generates password
|
|
40
|
+
# Generates a hashed password based on the given value.
|
|
41
|
+
# For legacy reasons, we use `encrypted_password` to store
|
|
42
|
+
# the hashed password.
|
|
39
43
|
def password=(new_password)
|
|
44
|
+
attribute_will_change! 'password'
|
|
40
45
|
@password = new_password
|
|
41
46
|
self.encrypted_password = password_digest(@password) if @password.present?
|
|
42
47
|
end
|
|
@@ -133,19 +138,27 @@ module Devise
|
|
|
133
138
|
encrypted_password[0,29] if encrypted_password
|
|
134
139
|
end
|
|
135
140
|
|
|
141
|
+
def send_password_change_notification
|
|
142
|
+
send_devise_notification(:password_change)
|
|
143
|
+
end
|
|
144
|
+
|
|
136
145
|
protected
|
|
137
146
|
|
|
138
|
-
#
|
|
147
|
+
# Hashes the password using bcrypt. Custom hash functions should override
|
|
139
148
|
# this method to apply their own algorithm.
|
|
140
149
|
#
|
|
141
150
|
# See https://github.com/plataformatec/devise-encryptable for examples
|
|
142
|
-
# of other
|
|
151
|
+
# of other hashing engines.
|
|
143
152
|
def password_digest(password)
|
|
144
153
|
Devise::Encryptor.digest(self.class, password)
|
|
145
154
|
end
|
|
146
155
|
|
|
156
|
+
def send_password_change_notification?
|
|
157
|
+
self.class.send_password_change_notification && encrypted_password_changed?
|
|
158
|
+
end
|
|
159
|
+
|
|
147
160
|
module ClassMethods
|
|
148
|
-
Devise::Models.config(self, :pepper, :stretches)
|
|
161
|
+
Devise::Models.config(self, :pepper, :stretches, :send_password_change_notification)
|
|
149
162
|
|
|
150
163
|
# We assume this method already gets the sanitized values from the
|
|
151
164
|
# DatabaseAuthenticatable strategy. If you are using this method on
|
|
@@ -7,7 +7,7 @@ module Devise
|
|
|
7
7
|
# blocked: email and time. The former will send an email to the user when
|
|
8
8
|
# the lock happens, containing a link to unlock its account. The second
|
|
9
9
|
# will unlock the user automatically after some configured time (ie 2.hours).
|
|
10
|
-
# It's also possible to
|
|
10
|
+
# It's also possible to set up lockable to use both email and time strategies.
|
|
11
11
|
#
|
|
12
12
|
# == Options
|
|
13
13
|
#
|