devise 3.5.2 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +14 -15
  3. data/CHANGELOG.md +57 -1125
  4. data/CODE_OF_CONDUCT.md +22 -0
  5. data/CONTRIBUTING.md +2 -0
  6. data/Gemfile +3 -3
  7. data/Gemfile.lock +80 -80
  8. data/MIT-LICENSE +1 -1
  9. data/README.md +27 -18
  10. data/app/controllers/devise/confirmations_controller.rb +1 -1
  11. data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
  12. data/app/controllers/devise/passwords_controller.rb +5 -4
  13. data/app/controllers/devise/registrations_controller.rb +5 -5
  14. data/app/controllers/devise/sessions_controller.rb +7 -7
  15. data/app/controllers/devise/unlocks_controller.rb +2 -2
  16. data/app/controllers/devise_controller.rb +20 -9
  17. data/app/mailers/devise/mailer.rb +4 -0
  18. data/app/views/devise/confirmations/new.html.erb +1 -1
  19. data/app/views/devise/mailer/password_change.html.erb +3 -0
  20. data/app/views/devise/shared/_links.html.erb +1 -1
  21. data/bin/test +13 -0
  22. data/config/locales/en.yml +2 -0
  23. data/devise.gemspec +2 -3
  24. data/gemfiles/Gemfile.rails-4.1-stable +4 -4
  25. data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
  26. data/gemfiles/Gemfile.rails-4.2-stable +4 -4
  27. data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
  28. data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
  29. data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
  30. data/lib/devise/controllers/helpers.rb +20 -24
  31. data/lib/devise/controllers/rememberable.rb +8 -1
  32. data/lib/devise/encryptor.rb +4 -4
  33. data/lib/devise/failure_app.rb +33 -12
  34. data/lib/devise/hooks/timeoutable.rb +5 -3
  35. data/lib/devise/mailers/helpers.rb +1 -1
  36. data/lib/devise/models/authenticatable.rb +5 -1
  37. data/lib/devise/models/confirmable.rb +6 -6
  38. data/lib/devise/models/database_authenticatable.rb +20 -7
  39. data/lib/devise/models/lockable.rb +1 -1
  40. data/lib/devise/models/recoverable.rb +3 -7
  41. data/lib/devise/models/rememberable.rb +38 -24
  42. data/lib/devise/models/timeoutable.rb +0 -6
  43. data/lib/devise/models.rb +1 -1
  44. data/lib/devise/omniauth/url_helpers.rb +62 -4
  45. data/lib/devise/parameter_sanitizer.rb +176 -61
  46. data/lib/devise/rails/routes.rb +54 -31
  47. data/lib/devise/rails/warden_compat.rb +1 -10
  48. data/lib/devise/rails.rb +1 -10
  49. data/lib/devise/strategies/authenticatable.rb +1 -1
  50. data/lib/devise/strategies/database_authenticatable.rb +3 -3
  51. data/lib/devise/strategies/rememberable.rb +3 -6
  52. data/lib/devise/test_helpers.rb +10 -5
  53. data/lib/devise/token_generator.rb +1 -41
  54. data/lib/devise/version.rb +1 -1
  55. data/lib/devise.rb +115 -20
  56. data/lib/generators/active_record/devise_generator.rb +11 -5
  57. data/lib/generators/active_record/templates/migration.rb +2 -2
  58. data/lib/generators/active_record/templates/migration_existing.rb +2 -2
  59. data/lib/generators/devise/install_generator.rb +15 -0
  60. data/lib/generators/devise/orm_helpers.rb +1 -18
  61. data/lib/generators/devise/views_generator.rb +14 -3
  62. data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
  63. data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
  64. data/lib/generators/templates/devise.rb +19 -17
  65. data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
  66. data/lib/generators/templates/markerb/password_change.markerb +3 -0
  67. data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
  68. data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
  69. data/test/controllers/custom_registrations_controller_test.rb +5 -5
  70. data/test/controllers/custom_strategy_test.rb +7 -5
  71. data/test/controllers/helper_methods_test.rb +22 -0
  72. data/test/controllers/helpers_test.rb +1 -1
  73. data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
  74. data/test/controllers/internal_helpers_test.rb +8 -10
  75. data/test/controllers/load_hooks_controller_test.rb +1 -1
  76. data/test/controllers/passwords_controller_test.rb +4 -3
  77. data/test/controllers/sessions_controller_test.rb +21 -18
  78. data/test/controllers/url_helpers_test.rb +1 -1
  79. data/test/devise_test.rb +27 -0
  80. data/test/failure_app_test.rb +37 -15
  81. data/test/generators/active_record_generator_test.rb +0 -26
  82. data/test/generators/install_generator_test.rb +14 -3
  83. data/test/generators/views_generator_test.rb +7 -0
  84. data/test/helpers/devise_helper_test.rb +1 -1
  85. data/test/integration/authenticatable_test.rb +18 -18
  86. data/test/integration/confirmable_test.rb +5 -5
  87. data/test/integration/database_authenticatable_test.rb +1 -1
  88. data/test/integration/http_authenticatable_test.rb +4 -5
  89. data/test/integration/lockable_test.rb +4 -3
  90. data/test/integration/omniauthable_test.rb +12 -10
  91. data/test/integration/recoverable_test.rb +10 -10
  92. data/test/integration/registerable_test.rb +9 -11
  93. data/test/integration/rememberable_test.rb +42 -7
  94. data/test/integration/timeoutable_test.rb +16 -4
  95. data/test/integration/trackable_test.rb +1 -1
  96. data/test/mailers/confirmation_instructions_test.rb +6 -6
  97. data/test/mailers/reset_password_instructions_test.rb +5 -5
  98. data/test/mailers/unlock_instructions_test.rb +5 -5
  99. data/test/models/confirmable_test.rb +25 -1
  100. data/test/models/database_authenticatable_test.rb +26 -6
  101. data/test/models/lockable_test.rb +1 -1
  102. data/test/models/recoverable_test.rb +23 -0
  103. data/test/models/rememberable_test.rb +48 -95
  104. data/test/models/validatable_test.rb +2 -10
  105. data/test/models_test.rb +15 -6
  106. data/test/omniauth/url_helpers_test.rb +4 -7
  107. data/test/orm/active_record.rb +6 -1
  108. data/test/parameter_sanitizer_test.rb +103 -53
  109. data/test/rails_app/app/active_record/user.rb +1 -0
  110. data/test/rails_app/app/active_record/user_without_email.rb +8 -0
  111. data/test/rails_app/app/controllers/admins_controller.rb +1 -1
  112. data/test/rails_app/app/controllers/application_controller.rb +2 -2
  113. data/test/rails_app/app/controllers/home_controller.rb +5 -1
  114. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
  115. data/test/rails_app/app/controllers/users_controller.rb +5 -5
  116. data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
  117. data/test/rails_app/config/application.rb +1 -1
  118. data/test/rails_app/config/boot.rb +4 -4
  119. data/test/rails_app/config/environments/test.rb +6 -1
  120. data/test/rails_app/config/initializers/devise.rb +1 -1
  121. data/test/rails_app/config/initializers/secret_token.rb +1 -6
  122. data/test/rails_app/config/routes.rb +5 -0
  123. data/test/rails_app/lib/shared_user_without_email.rb +26 -0
  124. data/test/routes_test.rb +28 -13
  125. data/test/support/helpers.rb +4 -0
  126. data/test/support/http_method_compatibility.rb +51 -0
  127. data/test/support/webrat/integrations/rails.rb +9 -0
  128. data/test/test_helpers_test.rb +5 -5
  129. data/test/test_models.rb +1 -1
  130. metadata +41 -45
  131. data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
  132. data/gemfiles/Gemfile.rails-4.0-stable +0 -29
  133. data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
  134. data/script/cached-bundle +0 -49
  135. data/script/s3-put +0 -71
@@ -3,17 +3,8 @@ module Warden::Mixins::Common
3
3
  @request ||= ActionDispatch::Request.new(env)
4
4
  end
5
5
 
6
- # Deprecate: Remove this check once we move to Rails 4 only.
7
- NULL_STORE =
8
- defined?(ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash) ?
9
- ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash : nil
10
-
11
6
  def reset_session!
12
- # Calling reset_session on NULL_STORE causes it fail.
13
- # This is a bug that needs to be fixed in Rails.
14
- unless NULL_STORE && request.session.is_a?(NULL_STORE)
15
- request.reset_session
16
- end
7
+ request.reset_session
17
8
  end
18
9
 
19
10
  def cookies
data/lib/devise/rails.rb CHANGED
@@ -39,18 +39,9 @@ module Devise
39
39
  Devise.token_generator ||=
40
40
  if secret_key = Devise.secret_key
41
41
  Devise::TokenGenerator.new(
42
- Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key))
42
+ ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key))
43
43
  )
44
44
  end
45
45
  end
46
-
47
- initializer "devise.fix_routes_proxy_missing_respond_to_bug" do
48
- # Deprecate: Remove once we move to Rails 4 only.
49
- ActionDispatch::Routing::RoutesProxy.class_eval do
50
- def respond_to?(method, include_private = false)
51
- super || routes.url_helpers.respond_to?(method)
52
- end
53
- end
54
- end
55
46
  end
56
47
  end
@@ -27,7 +27,7 @@ module Devise
27
27
 
28
28
  # Receives a resource and check if it is valid by calling valid_for_authentication?
29
29
  # An optional block that will be triggered while validating can be optionally
30
- # given as parameter. Check Devise::Models::Authenticable.valid_for_authentication?
30
+ # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
31
31
  # for more information.
32
32
  #
33
33
  # In case the resource can't be validated, it will fail with the given
@@ -6,15 +6,15 @@ module Devise
6
6
  class DatabaseAuthenticatable < Authenticatable
7
7
  def authenticate!
8
8
  resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
9
- encrypted = false
9
+ hashed = false
10
10
 
11
- if validate(resource){ encrypted = true; resource.valid_password?(password) }
11
+ if validate(resource){ hashed = true; resource.valid_password?(password) }
12
12
  remember_me(resource)
13
13
  resource.after_database_authentication
14
14
  success!(resource)
15
15
  end
16
16
 
17
- mapping.to.new.password = password if !encrypted && Devise.paranoid
17
+ mapping.to.new.password = password if !hashed && Devise.paranoid
18
18
  fail(:not_found_in_database) unless resource
19
19
  end
20
20
  end
@@ -25,8 +25,7 @@ module Devise
25
25
  end
26
26
 
27
27
  if validate(resource)
28
- remember_me(resource)
29
- extend_remember_me_period(resource)
28
+ remember_me(resource) if extend_remember_me?(resource)
30
29
  resource.after_remembered
31
30
  success!(resource)
32
31
  end
@@ -43,10 +42,8 @@ module Devise
43
42
 
44
43
  private
45
44
 
46
- def extend_remember_me_period(resource)
47
- if resource.respond_to?(:extend_remember_period=)
48
- resource.extend_remember_period = mapping.to.extend_remember_period
49
- end
45
+ def extend_remember_me?(resource)
46
+ resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
50
47
  end
51
48
 
52
49
  def remember_me?
@@ -16,10 +16,13 @@ module Devise
16
16
  # Override process to consider warden.
17
17
  def process(*)
18
18
  # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts
19
- _catch_warden { super } || @response
19
+ _catch_warden { super } # || @response # _catch_warden will setup the @response object
20
+
21
+ # process needs to return the ActionDispath::TestResponse object
22
+ @response
20
23
  end
21
24
 
22
- # We need to setup the environment variables and the response in the controller.
25
+ # We need to set up the environment variables and the response in the controller.
23
26
  def setup_controller_for_warden #:nodoc:
24
27
  @request.env['action_controller.instance'] = @controller
25
28
  end
@@ -109,8 +112,9 @@ module Devise
109
112
 
110
113
  status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
111
114
  @controller.response.headers.merge!(headers)
112
- @controller.send :render, status: status, text: response.body,
113
- content_type: headers["Content-Type"], location: headers["Location"]
115
+ r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] }
116
+ r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body
117
+ @controller.send :render, r_opts
114
118
  nil # causes process return @response
115
119
  end
116
120
 
@@ -122,7 +126,8 @@ module Devise
122
126
  # ensure the controller response is set to our response.
123
127
  @controller.response ||= @response
124
128
  @response.status = ret.first
125
- @response.headers = ret.second
129
+ @response.headers.clear
130
+ ret.second.each { |k,v| @response[k] = v }
126
131
  @response.body = ret.third
127
132
  end
128
133
 
@@ -1,11 +1,8 @@
1
- # Deprecate: Copied verbatim from Rails source, remove once we move to Rails 4 only.
2
- require 'thread_safe'
3
1
  require 'openssl'
4
- require 'securerandom'
5
2
 
6
3
  module Devise
7
4
  class TokenGenerator
8
- def initialize(key_generator, digest="SHA256")
5
+ def initialize(key_generator, digest = "SHA256")
9
6
  @key_generator = key_generator
10
7
  @digest = digest
11
8
  end
@@ -30,41 +27,4 @@ module Devise
30
27
  @key_generator.generate_key("Devise #{column}")
31
28
  end
32
29
  end
33
-
34
- # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2
35
- # It can be used to derive a number of keys for various purposes from a given secret.
36
- # This lets Rails applications have a single secure secret, but avoid reusing that
37
- # key in multiple incompatible contexts.
38
- class KeyGenerator
39
- def initialize(secret, options = {})
40
- @secret = secret
41
- # The default iterations are higher than required for our key derivation uses
42
- # on the off chance someone uses this for password storage
43
- @iterations = options[:iterations] || 2**16
44
- end
45
-
46
- # Returns a derived key suitable for use. The default key_size is chosen
47
- # to be compatible with the default settings of ActiveSupport::MessageVerifier.
48
- # i.e. OpenSSL::Digest::SHA1#block_length
49
- def generate_key(salt, key_size=64)
50
- OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
51
- end
52
- end
53
-
54
- # CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid
55
- # re-executing the key generation process when it's called using the same salt and
56
- # key_size
57
- class CachingKeyGenerator
58
- def initialize(key_generator)
59
- @key_generator = key_generator
60
- @cache_keys = ThreadSafe::Cache.new
61
- end
62
-
63
- # Returns a derived key suitable for use. The default key_size is chosen
64
- # to be compatible with the default settings of ActiveSupport::MessageVerifier.
65
- # i.e. OpenSSL::Digest::SHA1#block_length
66
- def generate_key(salt, key_size=64)
67
- @cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size)
68
- end
69
- end
70
30
  end
@@ -1,3 +1,3 @@
1
1
  module Devise
2
- VERSION = "3.5.2".freeze
2
+ VERSION = "4.0.0".freeze
3
3
  end
data/lib/devise.rb CHANGED
@@ -12,19 +12,18 @@ module Devise
12
12
  autoload :FailureApp, 'devise/failure_app'
13
13
  autoload :OmniAuth, 'devise/omniauth'
14
14
  autoload :ParameterFilter, 'devise/parameter_filter'
15
- autoload :BaseSanitizer, 'devise/parameter_sanitizer'
16
15
  autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
17
16
  autoload :TestHelpers, 'devise/test_helpers'
18
17
  autoload :TimeInflector, 'devise/time_inflector'
19
18
  autoload :TokenGenerator, 'devise/token_generator'
20
19
 
21
20
  module Controllers
22
- autoload :Helpers, 'devise/controllers/helpers'
23
- autoload :Rememberable, 'devise/controllers/rememberable'
24
- autoload :ScopedViews, 'devise/controllers/scoped_views'
25
- autoload :SignInOut, 'devise/controllers/sign_in_out'
26
- autoload :StoreLocation, 'devise/controllers/store_location'
27
- autoload :UrlHelpers, 'devise/controllers/url_helpers'
21
+ autoload :Helpers, 'devise/controllers/helpers'
22
+ autoload :Rememberable, 'devise/controllers/rememberable'
23
+ autoload :ScopedViews, 'devise/controllers/scoped_views'
24
+ autoload :SignInOut, 'devise/controllers/sign_in_out'
25
+ autoload :StoreLocation, 'devise/controllers/store_location'
26
+ autoload :UrlHelpers, 'devise/controllers/url_helpers'
28
27
  end
29
28
 
30
29
  module Hooks
@@ -36,7 +35,7 @@ module Devise
36
35
  end
37
36
 
38
37
  module Strategies
39
- autoload :Base, 'devise/strategies/base'
38
+ autoload :Base, 'devise/strategies/base'
40
39
  autoload :Authenticatable, 'devise/strategies/authenticatable'
41
40
  end
42
41
 
@@ -54,6 +53,12 @@ module Devise
54
53
  # True values used to check params
55
54
  TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
56
55
 
56
+ # Track the configs that user explicit changed the default value. It is
57
+ # helpfull to not warn users about default values changing when they willing
58
+ # changed.
59
+ mattr_accessor :app_set_configs
60
+ @@app_set_configs = Set.new
61
+
57
62
  # Secret key used by the key generator
58
63
  mattr_accessor :secret_key
59
64
  @@secret_key = nil
@@ -62,9 +67,9 @@ module Devise
62
67
  mattr_accessor :rememberable_options
63
68
  @@rememberable_options = {}
64
69
 
65
- # The number of times to encrypt password.
70
+ # The number of times to hash the password.
66
71
  mattr_accessor :stretches
67
- @@stretches = 10
72
+ @@stretches = 11
68
73
 
69
74
  # The default key used when authenticating over http auth.
70
75
  mattr_accessor :http_authentication_key
@@ -83,9 +88,20 @@ module Devise
83
88
  @@case_insensitive_keys = [:email]
84
89
 
85
90
  # Keys that should have whitespace stripped.
86
- mattr_accessor :strip_whitespace_keys
91
+ # TODO: 4.1 Do: @@strip_whitespace_keys = [:email]
92
+ mattr_reader :strip_whitespace_keys
87
93
  @@strip_whitespace_keys = []
88
94
 
95
+ def self.strip_whitespace_keys=(strip_whitespace_keys)
96
+ app_set_configs << :strip_whitespace_keys
97
+ @@strip_whitespace_keys = strip_whitespace_keys
98
+ end
99
+
100
+ def strip_whitespace_keys=(strip_whitespace_keys)
101
+ app_set_configs << :strip_whitespace_keys
102
+ @@strip_whitespace_keys = strip_whitespace_keys
103
+ end
104
+
89
105
  # If http authentication is enabled by default.
90
106
  mattr_accessor :http_authenticatable
91
107
  @@http_authenticatable = false
@@ -105,9 +121,20 @@ module Devise
105
121
  # Email regex used to validate email formats. It simply asserts that
106
122
  # an one (and only one) @ exists in the given string. This is mainly
107
123
  # to give user feedback and not to assert the e-mail validity.
108
- mattr_accessor :email_regexp
124
+ # TODO: 4.1 Do: @@email_regexp = [/\A[^@\s]+@[^@\s]+\z/]
125
+ mattr_reader :email_regexp
109
126
  @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/
110
127
 
128
+ def self.email_regexp=(email_regexp)
129
+ app_set_configs << :email_regexp
130
+ @@email_regexp = email_regexp
131
+ end
132
+
133
+ def email_regexp=(email_regexp)
134
+ app_set_configs << :email_regexp
135
+ @@email_regexp = email_regexp
136
+ end
137
+
111
138
  # Range validation for password length
112
139
  mattr_accessor :password_length
113
140
  @@password_length = 6..128
@@ -139,17 +166,32 @@ module Devise
139
166
 
140
167
  # Defines if email should be reconfirmable.
141
168
  # False by default for backwards compatibility.
142
- mattr_accessor :reconfirmable
169
+ # TODO: 4.1 Do: @@reconfirmable = true
170
+ mattr_reader :reconfirmable
143
171
  @@reconfirmable = false
144
172
 
173
+ def self.reconfirmable=(reconfirmable)
174
+ app_set_configs << :reconfirmable
175
+ @@reconfirmable = reconfirmable
176
+ end
177
+
178
+ def reconfirmable=(reconfirmable)
179
+ app_set_configs << :reconfirmable
180
+ @@reconfirmable = reconfirmable
181
+ end
182
+
145
183
  # Time interval to timeout the user session without activity.
146
184
  mattr_accessor :timeout_in
147
185
  @@timeout_in = 30.minutes
148
186
 
149
- # Used to encrypt password. Please generate one with rake secret.
187
+ # Used to hash the password. Please generate one with rake secret.
150
188
  mattr_accessor :pepper
151
189
  @@pepper = nil
152
190
 
191
+ # Used to enable sending notification to user when their password is changed
192
+ mattr_accessor :send_password_change_notification
193
+ @@send_password_change_notification = false
194
+
153
195
  # Scoped views. Since it relies on fallbacks to render default views, it's
154
196
  # turned off by default.
155
197
  mattr_accessor :scoped_views
@@ -198,9 +240,20 @@ module Devise
198
240
  @@mailer_sender = nil
199
241
 
200
242
  # Skip session storage for the following strategies
201
- mattr_accessor :skip_session_storage
243
+ # TODO: 4.1 Do: @@skip_session_storage = [:http_auth]
244
+ mattr_reader :skip_session_storage
202
245
  @@skip_session_storage = []
203
246
 
247
+ def self.skip_session_storage=(skip_session_storage)
248
+ app_set_configs << :skip_session_storage
249
+ @@skip_session_storage = skip_session_storage
250
+ end
251
+
252
+ def skip_session_storage=(skip_session_storage)
253
+ app_set_configs << :skip_session_storage
254
+ @@skip_session_storage = skip_session_storage
255
+ end
256
+
204
257
  # Which formats should be treated as navigational.
205
258
  mattr_accessor :navigational_formats
206
259
  @@navigational_formats = ["*/*", :html]
@@ -210,9 +263,20 @@ module Devise
210
263
  @@sign_out_all_scopes = true
211
264
 
212
265
  # The default method used while signing out
213
- mattr_accessor :sign_out_via
266
+ # TODO: 4.1 Do: @@sign_out_via = :delete
267
+ mattr_reader :sign_out_via
214
268
  @@sign_out_via = :get
215
269
 
270
+ def self.sign_out_via=(sign_out_via)
271
+ app_set_configs << :sign_out_via
272
+ @@sign_out_via = sign_out_via
273
+ end
274
+
275
+ def sign_out_via=(sign_out_via)
276
+ app_set_configs << :sign_out_via
277
+ @@sign_out_via = sign_out_via
278
+ end
279
+
216
280
  # The parent controller all Devise controllers inherits from.
217
281
  # Defaults to ApplicationController. This should be set early
218
282
  # in the initialization process and should be set to a string.
@@ -272,10 +336,36 @@ module Devise
272
336
  mattr_accessor :token_generator
273
337
  @@token_generator = nil
274
338
 
275
- # Default way to setup Devise. Run rails generate devise_install to create
339
+ # Default way to set up Devise. Run rails generate devise_install to create
276
340
  # a fresh initializer with all configuration values.
277
341
  def self.setup
278
342
  yield self
343
+
344
+ warn_default_config_changed(:email_regexp, '/\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/', '/\A[^@\s]+@[^@\s]+\z/')
345
+ warn_default_config_changed(:reconfirmable, 'false', 'true')
346
+ warn_default_config_changed(:sign_out_via, ':get', ':delete')
347
+ warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]')
348
+ warn_default_config_changed(:strip_whitespace_keys, '[]', '[:email]')
349
+ end
350
+
351
+ def self.warn_default_config_changed(config, current_default, new_default)
352
+ unless app_set_configs.include?(config)
353
+ warn = <<-MESSAGE.strip_heredoc
354
+ [Devise] config.#{config} will have a new default on Devise 4.1
355
+ To keep the current behavior please set in your config/initializers/devise.rb the following:
356
+
357
+ Devise.setup do |config|
358
+ config.#{config} = #{current_default}
359
+ end
360
+
361
+ If you want to use the new default:
362
+
363
+ Devise.setup do |config|
364
+ config.#{config} = #{new_default}
365
+ end
366
+ MESSAGE
367
+ ActiveSupport::Deprecation.warn(warn)
368
+ end
279
369
  end
280
370
 
281
371
  class Getter
@@ -325,7 +415,12 @@ module Devise
325
415
  mapping
326
416
  end
327
417
 
328
- # Make Devise aware of an 3rd party Devise-module (like invitable). For convenience.
418
+ # Register available devise modules. For the standard modules that Devise provides, this method is
419
+ # called from lib/devise/modules.rb. Third-party modules need to be added explicitly using this method.
420
+ #
421
+ # Note that adding a module using this method does not cause it to be used in the authentication
422
+ # process. That requires that the module be listed in the arguments passed to the 'devise' method
423
+ # in the model class definition.
329
424
  #
330
425
  # == Options:
331
426
  #
@@ -433,8 +528,8 @@ module Devise
433
528
  Devise::Controllers::UrlHelpers.generate_helpers!
434
529
  end
435
530
 
436
- # A method used internally to setup warden manager from the Rails initialize
437
- # block.
531
+ # A method used internally to complete the setup of warden manager after routes are loaded.
532
+ # See lib/devise/rails/routes.rb - ActionDispatch::Routing::RouteSet#finalize_with_devise!
438
533
  def self.configure_warden! #:nodoc:
439
534
  @@warden_configured ||= begin
440
535
  warden_config.failure_app = Devise::Delegator.new
@@ -11,9 +11,9 @@ module ActiveRecord
11
11
 
12
12
  def copy_devise_migration
13
13
  if (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?(table_name))
14
- migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb"
14
+ migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb", migration_version: migration_version
15
15
  else
16
- migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb"
16
+ migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb", migration_version: migration_version
17
17
  end
18
18
  end
19
19
 
@@ -75,17 +75,23 @@ RUBY
75
75
  end
76
76
 
77
77
  def inet?
78
- rails4? && postgresql?
78
+ postgresql?
79
79
  end
80
80
 
81
- def rails4?
82
- Rails.version.start_with? '4'
81
+ def rails5?
82
+ Rails.version.start_with? '5'
83
83
  end
84
84
 
85
85
  def postgresql?
86
86
  config = ActiveRecord::Base.configurations[Rails.env]
87
87
  config && config['adapter'] == 'postgresql'
88
88
  end
89
+
90
+ def migration_version
91
+ if rails5?
92
+ "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
93
+ end
94
+ end
89
95
  end
90
96
  end
91
97
  end
@@ -1,6 +1,6 @@
1
- class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
1
+ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
2
2
  def change
3
- create_table(:<%= table_name %>) do |t|
3
+ create_table :<%= table_name %> do |t|
4
4
  <%= migration_data -%>
5
5
 
6
6
  <% attributes.each do |attribute| -%>
@@ -1,6 +1,6 @@
1
- class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
1
+ class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
2
2
  def self.up
3
- change_table(:<%= table_name %>) do |t|
3
+ change_table :<%= table_name %> do |t|
4
4
  <%= migration_data -%>
5
5
 
6
6
  <% attributes.each do |attribute| -%>
@@ -3,6 +3,8 @@ require 'securerandom'
3
3
 
4
4
  module Devise
5
5
  module Generators
6
+ MissingORMError = Class.new(Thor::Error)
7
+
6
8
  class InstallGenerator < Rails::Generators::Base
7
9
  source_root File.expand_path("../../templates", __FILE__)
8
10
 
@@ -10,6 +12,19 @@ module Devise
10
12
  class_option :orm
11
13
 
12
14
  def copy_initializer
15
+ unless options[:orm]
16
+ raise MissingORMError, <<-ERROR.strip_heredoc
17
+ An ORM must be set to install Devise in your application.
18
+
19
+ Be sure to have an ORM like Active Record or Mongoid loaded in your
20
+ app or configure your own at `config/application.rb`.
21
+
22
+ config.generators do |g|
23
+ g.orm :your_orm_gem
24
+ end
25
+ ERROR
26
+ end
27
+
13
28
  template "devise.rb", "config/initializers/devise.rb"
14
29
  end
15
30
 
@@ -8,31 +8,14 @@ module Devise
8
8
  devise :database_authenticatable, :registerable,
9
9
  :recoverable, :rememberable, :trackable, :validatable
10
10
 
11
- CONTENT
12
- buffer += <<-CONTENT if needs_attr_accessible?
13
- # Setup accessible (or protected) attributes for your model
14
- attr_accessible :email, :password, :password_confirmation, :remember_me
15
-
16
11
  CONTENT
17
12
  buffer
18
13
  end
19
14
 
20
- def needs_attr_accessible?
21
- rails_3? && !strong_parameters_enabled?
22
- end
23
-
24
- def rails_3?
25
- Rails::VERSION::MAJOR == 3
26
- end
27
-
28
- def strong_parameters_enabled?
29
- defined?(ActionController::StrongParameters)
30
- end
31
-
32
15
  private
33
16
 
34
17
  def model_exists?
35
- File.exists?(File.join(destination_root, model_path))
18
+ File.exist?(File.join(destination_root, model_path))
36
19
  end
37
20
 
38
21
  def migration_exists?(table_name)
@@ -47,7 +47,7 @@ module Devise
47
47
  def view_directory(name, _target_path = nil)
48
48
  directory name.to_s, _target_path || "#{target_path}/#{name}" do |content|
49
49
  if scope
50
- content.gsub "devise/shared/links", "#{scope}/shared/links"
50
+ content.gsub "devise/shared/links", "#{plural_scope}/shared/links"
51
51
  else
52
52
  content
53
53
  end
@@ -55,7 +55,11 @@ module Devise
55
55
  end
56
56
 
57
57
  def target_path
58
- @target_path ||= "app/views/#{scope || :devise}"
58
+ @target_path ||= "app/views/#{plural_scope || :devise}"
59
+ end
60
+
61
+ def plural_scope
62
+ @plural_scope ||= scope.presence && scope.underscore.pluralize
59
63
  end
60
64
  end
61
65
 
@@ -83,6 +87,13 @@ module Devise
83
87
  source_root File.expand_path("../../templates/simple_form_for", __FILE__)
84
88
  desc "Copies simple form enabled views to your application."
85
89
  hide!
90
+
91
+ def copy_views
92
+ if options[:views]
93
+ options[:views].delete('mailer')
94
+ end
95
+ super
96
+ end
86
97
  end
87
98
 
88
99
  class ErbGenerator < Rails::Generators::Base #:nodoc:
@@ -111,7 +122,7 @@ module Devise
111
122
  end
112
123
 
113
124
  def target_path
114
- "app/views/#{scope || :devise}/mailer"
125
+ "app/views/#{plural_scope || :devise}/mailer"
115
126
  end
116
127
  end
117
128
 
@@ -1,6 +1,6 @@
1
1
  class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
2
- # before_filter :configure_sign_up_params, only: [:create]
3
- # before_filter :configure_account_update_params, only: [:update]
2
+ # before_action :configure_sign_up_params, only: [:create]
3
+ # before_action :configure_account_update_params, only: [:update]
4
4
 
5
5
  # GET /resource/sign_up
6
6
  # def new
@@ -40,12 +40,12 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl
40
40
 
41
41
  # If you have extra params to permit, append them to the sanitizer.
42
42
  # def configure_sign_up_params
43
- # devise_parameter_sanitizer.for(:sign_up) << :attribute
43
+ # devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
44
44
  # end
45
45
 
46
46
  # If you have extra params to permit, append them to the sanitizer.
47
47
  # def configure_account_update_params
48
- # devise_parameter_sanitizer.for(:account_update) << :attribute
48
+ # devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
49
49
  # end
50
50
 
51
51
  # The path used after sign up.
@@ -1,5 +1,5 @@
1
1
  class <%= @scope_prefix %>SessionsController < Devise::SessionsController
2
- # before_filter :configure_sign_in_params, only: [:create]
2
+ # before_action :configure_sign_in_params, only: [:create]
3
3
 
4
4
  # GET /resource/sign_in
5
5
  # def new
@@ -20,6 +20,6 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController
20
20
 
21
21
  # If you have extra params to permit, append them to the sanitizer.
22
22
  # def configure_sign_in_params
23
- # devise_parameter_sanitizer.for(:sign_in) << :attribute
23
+ # devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
24
24
  # end
25
25
  end