devise 3.5.2 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +14 -15
  3. data/CHANGELOG.md +57 -1125
  4. data/CODE_OF_CONDUCT.md +22 -0
  5. data/CONTRIBUTING.md +2 -0
  6. data/Gemfile +3 -3
  7. data/Gemfile.lock +80 -80
  8. data/MIT-LICENSE +1 -1
  9. data/README.md +27 -18
  10. data/app/controllers/devise/confirmations_controller.rb +1 -1
  11. data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
  12. data/app/controllers/devise/passwords_controller.rb +5 -4
  13. data/app/controllers/devise/registrations_controller.rb +5 -5
  14. data/app/controllers/devise/sessions_controller.rb +7 -7
  15. data/app/controllers/devise/unlocks_controller.rb +2 -2
  16. data/app/controllers/devise_controller.rb +20 -9
  17. data/app/mailers/devise/mailer.rb +4 -0
  18. data/app/views/devise/confirmations/new.html.erb +1 -1
  19. data/app/views/devise/mailer/password_change.html.erb +3 -0
  20. data/app/views/devise/shared/_links.html.erb +1 -1
  21. data/bin/test +13 -0
  22. data/config/locales/en.yml +2 -0
  23. data/devise.gemspec +2 -3
  24. data/gemfiles/Gemfile.rails-4.1-stable +4 -4
  25. data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
  26. data/gemfiles/Gemfile.rails-4.2-stable +4 -4
  27. data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
  28. data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
  29. data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
  30. data/lib/devise/controllers/helpers.rb +20 -24
  31. data/lib/devise/controllers/rememberable.rb +8 -1
  32. data/lib/devise/encryptor.rb +4 -4
  33. data/lib/devise/failure_app.rb +33 -12
  34. data/lib/devise/hooks/timeoutable.rb +5 -3
  35. data/lib/devise/mailers/helpers.rb +1 -1
  36. data/lib/devise/models/authenticatable.rb +5 -1
  37. data/lib/devise/models/confirmable.rb +6 -6
  38. data/lib/devise/models/database_authenticatable.rb +20 -7
  39. data/lib/devise/models/lockable.rb +1 -1
  40. data/lib/devise/models/recoverable.rb +3 -7
  41. data/lib/devise/models/rememberable.rb +38 -24
  42. data/lib/devise/models/timeoutable.rb +0 -6
  43. data/lib/devise/models.rb +1 -1
  44. data/lib/devise/omniauth/url_helpers.rb +62 -4
  45. data/lib/devise/parameter_sanitizer.rb +176 -61
  46. data/lib/devise/rails/routes.rb +54 -31
  47. data/lib/devise/rails/warden_compat.rb +1 -10
  48. data/lib/devise/rails.rb +1 -10
  49. data/lib/devise/strategies/authenticatable.rb +1 -1
  50. data/lib/devise/strategies/database_authenticatable.rb +3 -3
  51. data/lib/devise/strategies/rememberable.rb +3 -6
  52. data/lib/devise/test_helpers.rb +10 -5
  53. data/lib/devise/token_generator.rb +1 -41
  54. data/lib/devise/version.rb +1 -1
  55. data/lib/devise.rb +115 -20
  56. data/lib/generators/active_record/devise_generator.rb +11 -5
  57. data/lib/generators/active_record/templates/migration.rb +2 -2
  58. data/lib/generators/active_record/templates/migration_existing.rb +2 -2
  59. data/lib/generators/devise/install_generator.rb +15 -0
  60. data/lib/generators/devise/orm_helpers.rb +1 -18
  61. data/lib/generators/devise/views_generator.rb +14 -3
  62. data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
  63. data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
  64. data/lib/generators/templates/devise.rb +19 -17
  65. data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
  66. data/lib/generators/templates/markerb/password_change.markerb +3 -0
  67. data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
  68. data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
  69. data/test/controllers/custom_registrations_controller_test.rb +5 -5
  70. data/test/controllers/custom_strategy_test.rb +7 -5
  71. data/test/controllers/helper_methods_test.rb +22 -0
  72. data/test/controllers/helpers_test.rb +1 -1
  73. data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
  74. data/test/controllers/internal_helpers_test.rb +8 -10
  75. data/test/controllers/load_hooks_controller_test.rb +1 -1
  76. data/test/controllers/passwords_controller_test.rb +4 -3
  77. data/test/controllers/sessions_controller_test.rb +21 -18
  78. data/test/controllers/url_helpers_test.rb +1 -1
  79. data/test/devise_test.rb +27 -0
  80. data/test/failure_app_test.rb +37 -15
  81. data/test/generators/active_record_generator_test.rb +0 -26
  82. data/test/generators/install_generator_test.rb +14 -3
  83. data/test/generators/views_generator_test.rb +7 -0
  84. data/test/helpers/devise_helper_test.rb +1 -1
  85. data/test/integration/authenticatable_test.rb +18 -18
  86. data/test/integration/confirmable_test.rb +5 -5
  87. data/test/integration/database_authenticatable_test.rb +1 -1
  88. data/test/integration/http_authenticatable_test.rb +4 -5
  89. data/test/integration/lockable_test.rb +4 -3
  90. data/test/integration/omniauthable_test.rb +12 -10
  91. data/test/integration/recoverable_test.rb +10 -10
  92. data/test/integration/registerable_test.rb +9 -11
  93. data/test/integration/rememberable_test.rb +42 -7
  94. data/test/integration/timeoutable_test.rb +16 -4
  95. data/test/integration/trackable_test.rb +1 -1
  96. data/test/mailers/confirmation_instructions_test.rb +6 -6
  97. data/test/mailers/reset_password_instructions_test.rb +5 -5
  98. data/test/mailers/unlock_instructions_test.rb +5 -5
  99. data/test/models/confirmable_test.rb +25 -1
  100. data/test/models/database_authenticatable_test.rb +26 -6
  101. data/test/models/lockable_test.rb +1 -1
  102. data/test/models/recoverable_test.rb +23 -0
  103. data/test/models/rememberable_test.rb +48 -95
  104. data/test/models/validatable_test.rb +2 -10
  105. data/test/models_test.rb +15 -6
  106. data/test/omniauth/url_helpers_test.rb +4 -7
  107. data/test/orm/active_record.rb +6 -1
  108. data/test/parameter_sanitizer_test.rb +103 -53
  109. data/test/rails_app/app/active_record/user.rb +1 -0
  110. data/test/rails_app/app/active_record/user_without_email.rb +8 -0
  111. data/test/rails_app/app/controllers/admins_controller.rb +1 -1
  112. data/test/rails_app/app/controllers/application_controller.rb +2 -2
  113. data/test/rails_app/app/controllers/home_controller.rb +5 -1
  114. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
  115. data/test/rails_app/app/controllers/users_controller.rb +5 -5
  116. data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
  117. data/test/rails_app/config/application.rb +1 -1
  118. data/test/rails_app/config/boot.rb +4 -4
  119. data/test/rails_app/config/environments/test.rb +6 -1
  120. data/test/rails_app/config/initializers/devise.rb +1 -1
  121. data/test/rails_app/config/initializers/secret_token.rb +1 -6
  122. data/test/rails_app/config/routes.rb +5 -0
  123. data/test/rails_app/lib/shared_user_without_email.rb +26 -0
  124. data/test/routes_test.rb +28 -13
  125. data/test/support/helpers.rb +4 -0
  126. data/test/support/http_method_compatibility.rb +51 -0
  127. data/test/support/webrat/integrations/rails.rb +9 -0
  128. data/test/test_helpers_test.rb +5 -5
  129. data/test/test_models.rb +1 -1
  130. metadata +41 -45
  131. data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
  132. data/gemfiles/Gemfile.rails-4.0-stable +0 -29
  133. data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
  134. data/script/cached-bundle +0 -49
  135. data/script/s3-put +0 -71
@@ -1,12 +1,19 @@
1
1
  source "https://rubygems.org"
2
2
 
3
- gemspec path: '..'
3
+ gemspec path: ".."
4
4
 
5
- gem "rails", github: 'rails/rails', branch: '3-2-stable'
6
- gem "omniauth", "~> 1.2.0"
7
- gem "omniauth-oauth2", "~> 1.1.0"
5
+ gem "rails", "5.0.0.beta3"
6
+ gem "omniauth", " ~>1.3"
7
+ gem "oauth2"
8
+ gem "omniauth-oauth2", ">= 1.2.0", "< 1.5.0"
8
9
  gem "rdoc"
9
10
 
11
+ gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
12
+
13
+ gem "rails-controller-testing"
14
+
15
+ gem "responders", "~> 2.1.1"
16
+
10
17
  group :test do
11
18
  gem "omniauth-facebook"
12
19
  gem "omniauth-openid", "~> 1.0.1"
@@ -24,6 +31,7 @@ platforms :ruby do
24
31
  gem "sqlite3"
25
32
  end
26
33
 
27
- group :mongoid do
28
- gem "mongoid", "~> 3.0"
29
- end
34
+ # TODO:
35
+ # group :mongoid do
36
+ # gem "mongoid", "~> 4.0.0"
37
+ # end
@@ -0,0 +1,199 @@
1
+ GIT
2
+ remote: git://github.com/rails/activemodel-serializers-xml.git
3
+ revision: f380ea5ddefcb9a37f4fbc47606ed6fbecdb2b2a
4
+ specs:
5
+ activemodel-serializers-xml (1.0.0)
6
+ activemodel (> 5.x)
7
+ activerecord (> 5.x)
8
+ activesupport (> 5.x)
9
+ builder (~> 3.1)
10
+
11
+ PATH
12
+ remote: ..
13
+ specs:
14
+ devise (4.0.0.rc2)
15
+ bcrypt (~> 3.0)
16
+ orm_adapter (~> 0.1)
17
+ railties (>= 4.1.0, < 5.1)
18
+ responders
19
+ warden (~> 1.2.3)
20
+
21
+ GEM
22
+ remote: https://rubygems.org/
23
+ specs:
24
+ actioncable (5.0.0.beta3)
25
+ actionpack (= 5.0.0.beta3)
26
+ nio4r (~> 1.2)
27
+ websocket-driver (~> 0.6.1)
28
+ actionmailer (5.0.0.beta3)
29
+ actionpack (= 5.0.0.beta3)
30
+ actionview (= 5.0.0.beta3)
31
+ activejob (= 5.0.0.beta3)
32
+ mail (~> 2.5, >= 2.5.4)
33
+ rails-dom-testing (~> 1.0, >= 1.0.5)
34
+ actionpack (5.0.0.beta3)
35
+ actionview (= 5.0.0.beta3)
36
+ activesupport (= 5.0.0.beta3)
37
+ rack (~> 2.x)
38
+ rack-test (~> 0.6.3)
39
+ rails-dom-testing (~> 1.0, >= 1.0.5)
40
+ rails-html-sanitizer (~> 1.0, >= 1.0.2)
41
+ actionview (5.0.0.beta3)
42
+ activesupport (= 5.0.0.beta3)
43
+ builder (~> 3.1)
44
+ erubis (~> 2.7.0)
45
+ rails-dom-testing (~> 1.0, >= 1.0.5)
46
+ rails-html-sanitizer (~> 1.0, >= 1.0.2)
47
+ activejob (5.0.0.beta3)
48
+ activesupport (= 5.0.0.beta3)
49
+ globalid (>= 0.3.6)
50
+ activemodel (5.0.0.beta3)
51
+ activesupport (= 5.0.0.beta3)
52
+ activerecord (5.0.0.beta3)
53
+ activemodel (= 5.0.0.beta3)
54
+ activesupport (= 5.0.0.beta3)
55
+ arel (~> 7.0)
56
+ activesupport (5.0.0.beta3)
57
+ concurrent-ruby (~> 1.0)
58
+ i18n (~> 0.7)
59
+ minitest (~> 5.1)
60
+ tzinfo (~> 1.1)
61
+ arel (7.0.0)
62
+ bcrypt (3.1.11)
63
+ builder (3.2.2)
64
+ concurrent-ruby (1.0.1)
65
+ erubis (2.7.0)
66
+ faraday (0.9.2)
67
+ multipart-post (>= 1.2, < 3)
68
+ globalid (0.3.6)
69
+ activesupport (>= 4.1.0)
70
+ hashie (3.4.3)
71
+ i18n (0.7.0)
72
+ json (1.8.3)
73
+ jwt (1.5.1)
74
+ loofah (2.0.3)
75
+ nokogiri (>= 1.5.9)
76
+ mail (2.6.4)
77
+ mime-types (>= 1.16, < 4)
78
+ metaclass (0.0.4)
79
+ method_source (0.8.2)
80
+ mime-types (3.0)
81
+ mime-types-data (~> 3.2015)
82
+ mime-types-data (3.2016.0221)
83
+ mini_portile2 (2.0.0)
84
+ minitest (5.8.4)
85
+ mocha (1.1.0)
86
+ metaclass (~> 0.0.1)
87
+ multi_json (1.11.2)
88
+ multi_xml (0.5.5)
89
+ multipart-post (2.0.0)
90
+ nio4r (1.2.1)
91
+ nokogiri (1.6.7.2)
92
+ mini_portile2 (~> 2.0.0.rc2)
93
+ oauth2 (1.1.0)
94
+ faraday (>= 0.8, < 0.10)
95
+ jwt (~> 1.0, < 1.5.2)
96
+ multi_json (~> 1.3)
97
+ multi_xml (~> 0.5)
98
+ rack (>= 1.2, < 3)
99
+ omniauth (1.3.1)
100
+ hashie (>= 1.2, < 4)
101
+ rack (>= 1.0, < 3)
102
+ omniauth-facebook (3.0.0)
103
+ omniauth-oauth2 (~> 1.2)
104
+ omniauth-oauth2 (1.4.0)
105
+ oauth2 (~> 1.0)
106
+ omniauth (~> 1.2)
107
+ omniauth-openid (1.0.1)
108
+ omniauth (~> 1.0)
109
+ rack-openid (~> 1.3.1)
110
+ orm_adapter (0.5.0)
111
+ rack (2.0.0.alpha)
112
+ json
113
+ rack-openid (1.3.1)
114
+ rack (>= 1.1.0)
115
+ ruby-openid (>= 2.1.8)
116
+ rack-test (0.6.3)
117
+ rack (>= 1.0)
118
+ rails (5.0.0.beta3)
119
+ actioncable (= 5.0.0.beta3)
120
+ actionmailer (= 5.0.0.beta3)
121
+ actionpack (= 5.0.0.beta3)
122
+ actionview (= 5.0.0.beta3)
123
+ activejob (= 5.0.0.beta3)
124
+ activemodel (= 5.0.0.beta3)
125
+ activerecord (= 5.0.0.beta3)
126
+ activesupport (= 5.0.0.beta3)
127
+ bundler (>= 1.3.0, < 2.0)
128
+ railties (= 5.0.0.beta3)
129
+ sprockets-rails (>= 2.0.0)
130
+ rails-controller-testing (0.1.1)
131
+ actionpack (~> 5.x)
132
+ actionview (~> 5.x)
133
+ activesupport (~> 5.x)
134
+ rails-deprecated_sanitizer (1.0.3)
135
+ activesupport (>= 4.2.0.alpha)
136
+ rails-dom-testing (1.0.7)
137
+ activesupport (>= 4.2.0.beta, < 5.0)
138
+ nokogiri (~> 1.6.0)
139
+ rails-deprecated_sanitizer (>= 1.0.1)
140
+ rails-html-sanitizer (1.0.3)
141
+ loofah (~> 2.0)
142
+ railties (5.0.0.beta3)
143
+ actionpack (= 5.0.0.beta3)
144
+ activesupport (= 5.0.0.beta3)
145
+ method_source
146
+ rake (>= 0.8.7)
147
+ thor (>= 0.18.1, < 2.0)
148
+ rake (11.1.2)
149
+ rdoc (4.2.2)
150
+ json (~> 1.4)
151
+ responders (2.1.2)
152
+ railties (>= 4.2.0, < 5.1)
153
+ ruby-openid (2.7.0)
154
+ sprockets (3.6.0)
155
+ concurrent-ruby (~> 1.0)
156
+ rack (> 1, < 3)
157
+ sprockets-rails (3.0.4)
158
+ actionpack (>= 4.0)
159
+ activesupport (>= 4.0)
160
+ sprockets (>= 3.0.0)
161
+ sqlite3 (1.3.11)
162
+ thor (0.19.1)
163
+ thread_safe (0.3.5)
164
+ tzinfo (1.2.2)
165
+ thread_safe (~> 0.1)
166
+ warden (1.2.6)
167
+ rack (>= 1.0)
168
+ webrat (0.7.3)
169
+ nokogiri (>= 1.2.0)
170
+ rack (>= 1.0)
171
+ rack-test (>= 0.5.3)
172
+ websocket-driver (0.6.3)
173
+ websocket-extensions (>= 0.1.0)
174
+ websocket-extensions (0.1.2)
175
+
176
+ PLATFORMS
177
+ ruby
178
+
179
+ DEPENDENCIES
180
+ activemodel-serializers-xml!
181
+ activerecord-jdbc-adapter
182
+ activerecord-jdbcsqlite3-adapter
183
+ devise!
184
+ jruby-openssl
185
+ mocha (~> 1.1)
186
+ oauth2
187
+ omniauth (~> 1.3)
188
+ omniauth-facebook
189
+ omniauth-oauth2 (>= 1.2.0, < 1.5.0)
190
+ omniauth-openid (~> 1.0.1)
191
+ rails (= 5.0.0.beta3)
192
+ rails-controller-testing
193
+ rdoc
194
+ responders (~> 2.1.1)
195
+ sqlite3
196
+ webrat (= 0.7.3)
197
+
198
+ BUNDLED WITH
199
+ 1.11.2
@@ -7,7 +7,9 @@ module Devise
7
7
  include Devise::Controllers::StoreLocation
8
8
 
9
9
  included do
10
- helper_method :warden, :signed_in?, :devise_controller?
10
+ if respond_to?(:helper_method)
11
+ helper_method :warden, :signed_in?, :devise_controller?
12
+ end
11
13
  end
12
14
 
13
15
  module ClassMethods
@@ -28,8 +30,8 @@ module Devise
28
30
  # current_bloggers # Currently signed in user and admin
29
31
  #
30
32
  # Use:
31
- # before_filter :authenticate_blogger! # Redirects unless either a user or an admin are authenticated
32
- # before_filter ->{ authenticate_blogger! :admin } # Redirects to the admin login page
33
+ # before_action :authenticate_blogger! # Redirects unless either a user or an admin are authenticated
34
+ # before_action ->{ authenticate_blogger! :admin } # Redirects to the admin login page
33
35
  # current_blogger :user # Preferably returns a User if one is signed in
34
36
  #
35
37
  def devise_group(group_name, opts={})
@@ -69,7 +71,9 @@ module Devise
69
71
  end.compact
70
72
  end
71
73
 
72
- helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
74
+ if respond_to?(:helper_method)
75
+ helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
76
+ end
73
77
  METHODS
74
78
  end
75
79
 
@@ -80,7 +84,7 @@ module Devise
80
84
  end
81
85
 
82
86
  # Define authentication filters and accessor helpers based on mappings.
83
- # These filters should be used inside the controllers as before_filters,
87
+ # These filters should be used inside the controllers as before_actions,
84
88
  # so you can control the scope of the user who should be signed in to
85
89
  # access that specific controller/action.
86
90
  # Example:
@@ -100,8 +104,8 @@ module Devise
100
104
  # admin_session # Session data available only to the admin scope
101
105
  #
102
106
  # Use:
103
- # before_filter :authenticate_user! # Tell devise to use :user map
104
- # before_filter :authenticate_admin! # Tell devise to use :admin map
107
+ # before_action :authenticate_user! # Tell devise to use :user map
108
+ # before_action :authenticate_admin! # Tell devise to use :admin map
105
109
  #
106
110
  def self.define_helpers(mapping) #:nodoc:
107
111
  mapping = mapping.name
@@ -126,7 +130,9 @@ module Devise
126
130
  METHODS
127
131
 
128
132
  ActiveSupport.on_load(:action_controller) do
129
- helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
133
+ if respond_to?(:helper_method)
134
+ helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
135
+ end
130
136
  end
131
137
  end
132
138
 
@@ -139,20 +145,16 @@ module Devise
139
145
  # the controllers defined inside devise. Useful if you want to apply a before
140
146
  # filter to all controllers, except the ones in devise:
141
147
  #
142
- # before_filter :my_filter, unless: :devise_controller?
148
+ # before_action :my_filter, unless: :devise_controller?
143
149
  def devise_controller?
144
150
  is_a?(::DeviseController)
145
151
  end
146
152
 
147
- # Setup a param sanitizer to filter parameters using strong_parameters. See
153
+ # Set up a param sanitizer to filter parameters using strong_parameters. See
148
154
  # lib/devise/parameter_sanitizer.rb for more info. Override this
149
155
  # method in your application controller to use your own parameter sanitizer.
150
156
  def devise_parameter_sanitizer
151
- @devise_parameter_sanitizer ||= if defined?(ActionController::StrongParameters)
152
- Devise::ParameterSanitizer.new(resource_class, resource_name, params)
153
- else
154
- Devise::BaseSanitizer.new(resource_class, resource_name, params)
155
- end
157
+ @devise_parameter_sanitizer ||= Devise::ParameterSanitizer.new(resource_class, resource_name, params)
156
158
  end
157
159
 
158
160
  # Tell warden that params authentication is allowed for that specific page.
@@ -190,10 +192,10 @@ module Devise
190
192
  # root path. For a user scope, you can define the default url in
191
193
  # the following way:
192
194
  #
193
- # map.user_root '/users', controller: 'users' # creates user_root_path
195
+ # get '/users' => 'users#index', as: :user_root # creates user_root_path
194
196
  #
195
- # map.namespace :user do |user|
196
- # user.root controller: 'users' # creates user_root_path
197
+ # namespace :user do
198
+ # root 'users#index' # creates user_root_path
197
199
  # end
198
200
  #
199
201
  # If the resource root path is not defined, root_path is used. However,
@@ -269,12 +271,6 @@ module Devise
269
271
 
270
272
  private
271
273
 
272
- def expire_session_data_after_sign_in!
273
- ActiveSupport::Deprecation.warn "expire_session_data_after_sign_in! is deprecated " \
274
- "in favor of expire_data_after_sign_in!"
275
- expire_data_after_sign_in!
276
- end
277
-
278
274
  def expire_data_after_sign_out!
279
275
  Devise.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) }
280
276
  super
@@ -9,11 +9,18 @@ module Devise
9
9
  Rails.configuration.session_options.slice(:path, :domain, :secure)
10
10
  end
11
11
 
12
+ def remember_me_is_active?(resource)
13
+ return false unless resource.respond_to?(:remember_me)
14
+ scope = Devise::Mapping.find_scope!(resource)
15
+ _, token, generated_at = cookies.signed[remember_key(resource, scope)]
16
+ resource.remember_me?(token, generated_at)
17
+ end
18
+
12
19
  # Remembers the given resource by setting up a cookie
13
20
  def remember_me(resource)
14
21
  return if env["devise.skip_storage"]
15
22
  scope = Devise::Mapping.find_scope!(resource)
16
- resource.remember_me!(resource.extend_remember_period)
23
+ resource.remember_me!
17
24
  cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
18
25
  end
19
26
 
@@ -9,14 +9,14 @@ module Devise
9
9
  ::BCrypt::Password.create(password, cost: klass.stretches).to_s
10
10
  end
11
11
 
12
- def self.compare(klass, encrypted_password, password)
13
- return false if encrypted_password.blank?
14
- bcrypt = ::BCrypt::Password.new(encrypted_password)
12
+ def self.compare(klass, hashed_password, password)
13
+ return false if hashed_password.blank?
14
+ bcrypt = ::BCrypt::Password.new(hashed_password)
15
15
  if klass.pepper.present?
16
16
  password = "#{password}#{klass.pepper}"
17
17
  end
18
18
  password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
19
- Devise.secure_compare(password, encrypted_password)
19
+ Devise.secure_compare(password, hashed_password)
20
20
  end
21
21
  end
22
22
  end
@@ -6,7 +6,6 @@ module Devise
6
6
  # page based on current scope and mapping. If no scope is given, redirect
7
7
  # to the default_url.
8
8
  class FailureApp < ActionController::Metal
9
- include ActionController::RackDelegation
10
9
  include ActionController::UrlFor
11
10
  include ActionController::Redirecting
12
11
 
@@ -22,9 +21,12 @@ module Devise
22
21
  @respond.call(env)
23
22
  end
24
23
 
24
+ # Try retrieving the URL options from the parent controller (usually
25
+ # ApplicationController). Instance methods are not supported at the moment,
26
+ # so only the class-level attribute is used.
25
27
  def self.default_url_options(*args)
26
- if defined?(ApplicationController)
27
- ApplicationController.default_url_options(*args)
28
+ if defined?(Devise.parent_controller.constantize)
29
+ Devise.parent_controller.constantize.try(:default_url_options) || {}
28
30
  else
29
31
  {}
30
32
  end
@@ -48,9 +50,29 @@ module Devise
48
50
  end
49
51
 
50
52
  def recall
51
- env["PATH_INFO"] = attempted_path
53
+ config = Rails.application.config
54
+
55
+ header_info = if config.try(:relative_url_root)
56
+ base_path = Pathname.new(config.relative_url_root)
57
+ full_path = Pathname.new(attempted_path)
58
+
59
+ { "SCRIPT_NAME" => config.relative_url_root,
60
+ "PATH_INFO" => '/' + full_path.relative_path_from(base_path).to_s }
61
+ else
62
+ { "PATH_INFO" => attempted_path }
63
+ end
64
+
65
+ header_info.each do | var, value|
66
+ if request.respond_to?(:set_header)
67
+ request.set_header(var, value)
68
+ else
69
+ env[var] = value
70
+ end
71
+ end
72
+
52
73
  flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
53
- self.response = recall_app(warden_options[:recall]).call(env)
74
+ # self.response = recall_app(warden_options[:recall]).call(env)
75
+ self.response = recall_app(warden_options[:recall]).call(request.env)
54
76
  end
55
77
 
56
78
  def redirect
@@ -118,11 +140,10 @@ module Devise
118
140
 
119
141
  config = Rails.application.config
120
142
 
121
- # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset
122
- if (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2)
123
- opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root))
124
- else
125
- if config.respond_to?(:relative_url_root) && config.relative_url_root.present?
143
+ if config.respond_to?(:relative_url_root)
144
+ # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset
145
+ rails_4_2 = (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2)
146
+ if config.relative_url_root.present? || rails_4_2
126
147
  opts[:script_name] = config.relative_url_root
127
148
  end
128
149
  end
@@ -185,11 +206,11 @@ module Devise
185
206
  end
186
207
 
187
208
  def warden
188
- env['warden']
209
+ request.respond_to?(:get_header) ? request.get_header("warden") : env["warden"]
189
210
  end
190
211
 
191
212
  def warden_options
192
- env['warden.options']
213
+ request.respond_to?(:get_header) ? request.get_header("warden.options") : env["warden.options"]
193
214
  end
194
215
 
195
216
  def warden_message
@@ -7,7 +7,8 @@ Warden::Manager.after_set_user do |record, warden, options|
7
7
  scope = options[:scope]
8
8
  env = warden.request.env
9
9
 
10
- if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
10
+ if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) &&
11
+ options[:store] != false && !env['devise.skip_timeoutable']
11
12
  last_request_at = warden.session(scope)['last_request_at']
12
13
 
13
14
  if last_request_at.is_a? Integer
@@ -18,9 +19,10 @@ Warden::Manager.after_set_user do |record, warden, options|
18
19
 
19
20
  proxy = Devise::Hooks::Proxy.new(warden)
20
21
 
21
- if record.timedout?(last_request_at) && !env['devise.skip_timeout']
22
+ if record.timedout?(last_request_at) &&
23
+ !env['devise.skip_timeout'] &&
24
+ !proxy.remember_me_is_active?(record)
22
25
  Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)
23
-
24
26
  throw :warden, scope: scope, message: :timeout
25
27
  end
26
28
 
@@ -64,7 +64,7 @@ module Devise
64
64
  template_path
65
65
  end
66
66
 
67
- # Setup a subject doing an I18n lookup. At first, it attempts to set a subject
67
+ # Set up a subject doing an I18n lookup. At first, it attempts to set a subject
68
68
  # based on the current mapping:
69
69
  #
70
70
  # en:
@@ -253,7 +253,11 @@ module Devise
253
253
 
254
254
  # Find or initialize a record with group of attributes based on a list of required attributes.
255
255
  def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
256
- attributes = attributes.slice(*required_attributes).with_indifferent_access
256
+ attributes = if attributes.respond_to? :permit
257
+ attributes.slice(*required_attributes).permit!.to_h.with_indifferent_access
258
+ else
259
+ attributes.with_indifferent_access.slice(*required_attributes)
260
+ end
257
261
  attributes.delete_if { |key, value| value.blank? }
258
262
 
259
263
  if attributes.size == required_attributes.size
@@ -24,7 +24,7 @@ module Devise
24
24
  # By default allow_unconfirmed_access_for is zero, it means users always have to confirm to sign in.
25
25
  # * +reconfirmable+: requires any email changes to be confirmed (exactly the same way as
26
26
  # initial account confirmation) to be applied. Requires additional unconfirmed_email
27
- # db field to be setup (t.reconfirmable in migrations). Until confirmed new email is
27
+ # db field to be set up (t.reconfirmable in migrations). Until confirmed, new email is
28
28
  # stored in unconfirmed email column, and copied to email column on successful
29
29
  # confirmation.
30
30
  # * +confirm_within+: the time before a sent confirmation token becomes invalid.
@@ -40,7 +40,6 @@ module Devise
40
40
  #
41
41
  module Confirmable
42
42
  extend ActiveSupport::Concern
43
- include ActionView::Helpers::DateHelper
44
43
 
45
44
  included do
46
45
  before_create :generate_confirmation_token, if: :confirmation_required?
@@ -76,7 +75,7 @@ module Devise
76
75
 
77
76
  self.confirmed_at = Time.now.utc
78
77
 
79
- saved = if self.class.reconfirmable && unconfirmed_email.present?
78
+ saved = if pending_reconfirmation?
80
79
  skip_reconfirmation!
81
80
  self.email = unconfirmed_email
82
81
  self.unconfirmed_email = nil
@@ -180,7 +179,7 @@ module Devise
180
179
  # Checks if the confirmation for the user is within the limit time.
181
180
  # We do this by calculating if the difference between today and the
182
181
  # confirmation sent date does not exceed the confirm in time configured.
183
- # Confirm_within is a model configuration, must always be an integer value.
182
+ # allow_unconfirmed_access_for is a model configuration, must always be an integer value.
184
183
  #
185
184
  # Example:
186
185
  #
@@ -216,7 +215,7 @@ module Devise
216
215
  # confirmation_period_expired? # will always return false
217
216
  #
218
217
  def confirmation_period_expired?
219
- self.class.confirm_within && (Time.now > self.confirmation_sent_at + self.class.confirm_within)
218
+ self.class.confirm_within && self.confirmation_sent_at && (Time.now > self.confirmation_sent_at + self.class.confirm_within)
220
219
  end
221
220
 
222
221
  # Checks whether the record requires any confirmation.
@@ -254,7 +253,7 @@ module Devise
254
253
  end
255
254
 
256
255
  def postpone_email_change?
257
- postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present?
256
+ postpone = self.class.reconfirmable && email_changed? && email_was.present? && !@bypass_confirmation_postpone && self.email.present?
258
257
  @bypass_confirmation_postpone = false
259
258
  postpone
260
259
  end
@@ -315,6 +314,7 @@ module Devise
315
314
 
316
315
  # Find a record for confirmation by unconfirmed email field
317
316
  def find_by_unconfirmed_email_with_errors(attributes = {})
317
+ attributes = attributes.slice(*confirmation_keys).permit!.to_h if attributes.respond_to? :permit
318
318
  unconfirmed_required_attributes = confirmation_keys.map { |k| k == :email ? :unconfirmed_email : k }
319
319
  unconfirmed_attributes = attributes.symbolize_keys
320
320
  unconfirmed_attributes[:unconfirmed_email] = unconfirmed_attributes.delete(:email)
@@ -7,12 +7,12 @@ module Devise
7
7
  end
8
8
 
9
9
  module Models
10
- # Authenticatable Module, responsible for encrypting password and validating
11
- # authenticity of a user while signing in.
10
+ # Authenticatable Module, responsible for hashing the password and
11
+ # validating the authenticity of a user while signing in.
12
12
  #
13
13
  # == Options
14
14
  #
15
- # DatabaseAuthenticable adds the following options to devise_for:
15
+ # DatabaseAuthenticatable adds the following options to devise_for:
16
16
  #
17
17
  # * +pepper+: a random string used to provide a more secure hash. Use
18
18
  # `rake secret` to generate new keys.
@@ -27,6 +27,8 @@ module Devise
27
27
  extend ActiveSupport::Concern
28
28
 
29
29
  included do
30
+ after_update :send_password_change_notification, if: :send_password_change_notification?
31
+
30
32
  attr_reader :password, :current_password
31
33
  attr_accessor :password_confirmation
32
34
  end
@@ -35,8 +37,11 @@ module Devise
35
37
  [:encrypted_password] + klass.authentication_keys
36
38
  end
37
39
 
38
- # Generates password encryption based on the given value.
40
+ # Generates a hashed password based on the given value.
41
+ # For legacy reasons, we use `encrypted_password` to store
42
+ # the hashed password.
39
43
  def password=(new_password)
44
+ attribute_will_change! 'password'
40
45
  @password = new_password
41
46
  self.encrypted_password = password_digest(@password) if @password.present?
42
47
  end
@@ -133,19 +138,27 @@ module Devise
133
138
  encrypted_password[0,29] if encrypted_password
134
139
  end
135
140
 
141
+ def send_password_change_notification
142
+ send_devise_notification(:password_change)
143
+ end
144
+
136
145
  protected
137
146
 
138
- # Digests the password using bcrypt. Custom encryption should override
147
+ # Hashes the password using bcrypt. Custom hash functions should override
139
148
  # this method to apply their own algorithm.
140
149
  #
141
150
  # See https://github.com/plataformatec/devise-encryptable for examples
142
- # of other encryption engines.
151
+ # of other hashing engines.
143
152
  def password_digest(password)
144
153
  Devise::Encryptor.digest(self.class, password)
145
154
  end
146
155
 
156
+ def send_password_change_notification?
157
+ self.class.send_password_change_notification && encrypted_password_changed?
158
+ end
159
+
147
160
  module ClassMethods
148
- Devise::Models.config(self, :pepper, :stretches)
161
+ Devise::Models.config(self, :pepper, :stretches, :send_password_change_notification)
149
162
 
150
163
  # We assume this method already gets the sanitized values from the
151
164
  # DatabaseAuthenticatable strategy. If you are using this method on
@@ -7,7 +7,7 @@ module Devise
7
7
  # blocked: email and time. The former will send an email to the user when
8
8
  # the lock happens, containing a link to unlock its account. The second
9
9
  # will unlock the user automatically after some configured time (ie 2.hours).
10
- # It's also possible to setup lockable to use both email and time strategies.
10
+ # It's also possible to set up lockable to use both email and time strategies.
11
11
  #
12
12
  # == Options
13
13
  #