devise 3.5.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +14 -15
- data/CHANGELOG.md +57 -1125
- data/CODE_OF_CONDUCT.md +22 -0
- data/CONTRIBUTING.md +2 -0
- data/Gemfile +3 -3
- data/Gemfile.lock +80 -80
- data/MIT-LICENSE +1 -1
- data/README.md +27 -18
- data/app/controllers/devise/confirmations_controller.rb +1 -1
- data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -4
- data/app/controllers/devise/passwords_controller.rb +5 -4
- data/app/controllers/devise/registrations_controller.rb +5 -5
- data/app/controllers/devise/sessions_controller.rb +7 -7
- data/app/controllers/devise/unlocks_controller.rb +2 -2
- data/app/controllers/devise_controller.rb +20 -9
- data/app/mailers/devise/mailer.rb +4 -0
- data/app/views/devise/confirmations/new.html.erb +1 -1
- data/app/views/devise/mailer/password_change.html.erb +3 -0
- data/app/views/devise/shared/_links.html.erb +1 -1
- data/bin/test +13 -0
- data/config/locales/en.yml +2 -0
- data/devise.gemspec +2 -3
- data/gemfiles/Gemfile.rails-4.1-stable +4 -4
- data/gemfiles/Gemfile.rails-4.1-stable.lock +69 -71
- data/gemfiles/Gemfile.rails-4.2-stable +4 -4
- data/gemfiles/Gemfile.rails-4.2-stable.lock +81 -83
- data/gemfiles/{Gemfile.rails-3.2-stable → Gemfile.rails-5.0-beta} +15 -7
- data/gemfiles/Gemfile.rails-5.0-beta.lock +199 -0
- data/lib/devise/controllers/helpers.rb +20 -24
- data/lib/devise/controllers/rememberable.rb +8 -1
- data/lib/devise/encryptor.rb +4 -4
- data/lib/devise/failure_app.rb +33 -12
- data/lib/devise/hooks/timeoutable.rb +5 -3
- data/lib/devise/mailers/helpers.rb +1 -1
- data/lib/devise/models/authenticatable.rb +5 -1
- data/lib/devise/models/confirmable.rb +6 -6
- data/lib/devise/models/database_authenticatable.rb +20 -7
- data/lib/devise/models/lockable.rb +1 -1
- data/lib/devise/models/recoverable.rb +3 -7
- data/lib/devise/models/rememberable.rb +38 -24
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/models.rb +1 -1
- data/lib/devise/omniauth/url_helpers.rb +62 -4
- data/lib/devise/parameter_sanitizer.rb +176 -61
- data/lib/devise/rails/routes.rb +54 -31
- data/lib/devise/rails/warden_compat.rb +1 -10
- data/lib/devise/rails.rb +1 -10
- data/lib/devise/strategies/authenticatable.rb +1 -1
- data/lib/devise/strategies/database_authenticatable.rb +3 -3
- data/lib/devise/strategies/rememberable.rb +3 -6
- data/lib/devise/test_helpers.rb +10 -5
- data/lib/devise/token_generator.rb +1 -41
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +115 -20
- data/lib/generators/active_record/devise_generator.rb +11 -5
- data/lib/generators/active_record/templates/migration.rb +2 -2
- data/lib/generators/active_record/templates/migration_existing.rb +2 -2
- data/lib/generators/devise/install_generator.rb +15 -0
- data/lib/generators/devise/orm_helpers.rb +1 -18
- data/lib/generators/devise/views_generator.rb +14 -3
- data/lib/generators/templates/controllers/registrations_controller.rb +4 -4
- data/lib/generators/templates/controllers/sessions_controller.rb +2 -2
- data/lib/generators/templates/devise.rb +19 -17
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/password_change.markerb +3 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
- data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
- data/test/controllers/custom_registrations_controller_test.rb +5 -5
- data/test/controllers/custom_strategy_test.rb +7 -5
- data/test/controllers/helper_methods_test.rb +22 -0
- data/test/controllers/helpers_test.rb +1 -1
- data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -2
- data/test/controllers/internal_helpers_test.rb +8 -10
- data/test/controllers/load_hooks_controller_test.rb +1 -1
- data/test/controllers/passwords_controller_test.rb +4 -3
- data/test/controllers/sessions_controller_test.rb +21 -18
- data/test/controllers/url_helpers_test.rb +1 -1
- data/test/devise_test.rb +27 -0
- data/test/failure_app_test.rb +37 -15
- data/test/generators/active_record_generator_test.rb +0 -26
- data/test/generators/install_generator_test.rb +14 -3
- data/test/generators/views_generator_test.rb +7 -0
- data/test/helpers/devise_helper_test.rb +1 -1
- data/test/integration/authenticatable_test.rb +18 -18
- data/test/integration/confirmable_test.rb +5 -5
- data/test/integration/database_authenticatable_test.rb +1 -1
- data/test/integration/http_authenticatable_test.rb +4 -5
- data/test/integration/lockable_test.rb +4 -3
- data/test/integration/omniauthable_test.rb +12 -10
- data/test/integration/recoverable_test.rb +10 -10
- data/test/integration/registerable_test.rb +9 -11
- data/test/integration/rememberable_test.rb +42 -7
- data/test/integration/timeoutable_test.rb +16 -4
- data/test/integration/trackable_test.rb +1 -1
- data/test/mailers/confirmation_instructions_test.rb +6 -6
- data/test/mailers/reset_password_instructions_test.rb +5 -5
- data/test/mailers/unlock_instructions_test.rb +5 -5
- data/test/models/confirmable_test.rb +25 -1
- data/test/models/database_authenticatable_test.rb +26 -6
- data/test/models/lockable_test.rb +1 -1
- data/test/models/recoverable_test.rb +23 -0
- data/test/models/rememberable_test.rb +48 -95
- data/test/models/validatable_test.rb +2 -10
- data/test/models_test.rb +15 -6
- data/test/omniauth/url_helpers_test.rb +4 -7
- data/test/orm/active_record.rb +6 -1
- data/test/parameter_sanitizer_test.rb +103 -53
- data/test/rails_app/app/active_record/user.rb +1 -0
- data/test/rails_app/app/active_record/user_without_email.rb +8 -0
- data/test/rails_app/app/controllers/admins_controller.rb +1 -1
- data/test/rails_app/app/controllers/application_controller.rb +2 -2
- data/test/rails_app/app/controllers/home_controller.rb +5 -1
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -2
- data/test/rails_app/app/controllers/users_controller.rb +5 -5
- data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
- data/test/rails_app/config/application.rb +1 -1
- data/test/rails_app/config/boot.rb +4 -4
- data/test/rails_app/config/environments/test.rb +6 -1
- data/test/rails_app/config/initializers/devise.rb +1 -1
- data/test/rails_app/config/initializers/secret_token.rb +1 -6
- data/test/rails_app/config/routes.rb +5 -0
- data/test/rails_app/lib/shared_user_without_email.rb +26 -0
- data/test/routes_test.rb +28 -13
- data/test/support/helpers.rb +4 -0
- data/test/support/http_method_compatibility.rb +51 -0
- data/test/support/webrat/integrations/rails.rb +9 -0
- data/test/test_helpers_test.rb +5 -5
- data/test/test_models.rb +1 -1
- metadata +41 -45
- data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
- data/gemfiles/Gemfile.rails-4.0-stable +0 -29
- data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
- data/script/cached-bundle +0 -49
- data/script/s3-put +0 -71
|
@@ -3,17 +3,8 @@ module Warden::Mixins::Common
|
|
|
3
3
|
@request ||= ActionDispatch::Request.new(env)
|
|
4
4
|
end
|
|
5
5
|
|
|
6
|
-
# Deprecate: Remove this check once we move to Rails 4 only.
|
|
7
|
-
NULL_STORE =
|
|
8
|
-
defined?(ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash) ?
|
|
9
|
-
ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash : nil
|
|
10
|
-
|
|
11
6
|
def reset_session!
|
|
12
|
-
|
|
13
|
-
# This is a bug that needs to be fixed in Rails.
|
|
14
|
-
unless NULL_STORE && request.session.is_a?(NULL_STORE)
|
|
15
|
-
request.reset_session
|
|
16
|
-
end
|
|
7
|
+
request.reset_session
|
|
17
8
|
end
|
|
18
9
|
|
|
19
10
|
def cookies
|
data/lib/devise/rails.rb
CHANGED
|
@@ -39,18 +39,9 @@ module Devise
|
|
|
39
39
|
Devise.token_generator ||=
|
|
40
40
|
if secret_key = Devise.secret_key
|
|
41
41
|
Devise::TokenGenerator.new(
|
|
42
|
-
|
|
42
|
+
ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key))
|
|
43
43
|
)
|
|
44
44
|
end
|
|
45
45
|
end
|
|
46
|
-
|
|
47
|
-
initializer "devise.fix_routes_proxy_missing_respond_to_bug" do
|
|
48
|
-
# Deprecate: Remove once we move to Rails 4 only.
|
|
49
|
-
ActionDispatch::Routing::RoutesProxy.class_eval do
|
|
50
|
-
def respond_to?(method, include_private = false)
|
|
51
|
-
super || routes.url_helpers.respond_to?(method)
|
|
52
|
-
end
|
|
53
|
-
end
|
|
54
|
-
end
|
|
55
46
|
end
|
|
56
47
|
end
|
|
@@ -27,7 +27,7 @@ module Devise
|
|
|
27
27
|
|
|
28
28
|
# Receives a resource and check if it is valid by calling valid_for_authentication?
|
|
29
29
|
# An optional block that will be triggered while validating can be optionally
|
|
30
|
-
# given as parameter. Check Devise::Models::
|
|
30
|
+
# given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
|
|
31
31
|
# for more information.
|
|
32
32
|
#
|
|
33
33
|
# In case the resource can't be validated, it will fail with the given
|
|
@@ -6,15 +6,15 @@ module Devise
|
|
|
6
6
|
class DatabaseAuthenticatable < Authenticatable
|
|
7
7
|
def authenticate!
|
|
8
8
|
resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
|
|
9
|
-
|
|
9
|
+
hashed = false
|
|
10
10
|
|
|
11
|
-
if validate(resource){
|
|
11
|
+
if validate(resource){ hashed = true; resource.valid_password?(password) }
|
|
12
12
|
remember_me(resource)
|
|
13
13
|
resource.after_database_authentication
|
|
14
14
|
success!(resource)
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
mapping.to.new.password = password if !
|
|
17
|
+
mapping.to.new.password = password if !hashed && Devise.paranoid
|
|
18
18
|
fail(:not_found_in_database) unless resource
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -25,8 +25,7 @@ module Devise
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
if validate(resource)
|
|
28
|
-
remember_me(resource)
|
|
29
|
-
extend_remember_me_period(resource)
|
|
28
|
+
remember_me(resource) if extend_remember_me?(resource)
|
|
30
29
|
resource.after_remembered
|
|
31
30
|
success!(resource)
|
|
32
31
|
end
|
|
@@ -43,10 +42,8 @@ module Devise
|
|
|
43
42
|
|
|
44
43
|
private
|
|
45
44
|
|
|
46
|
-
def
|
|
47
|
-
|
|
48
|
-
resource.extend_remember_period = mapping.to.extend_remember_period
|
|
49
|
-
end
|
|
45
|
+
def extend_remember_me?(resource)
|
|
46
|
+
resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
|
|
50
47
|
end
|
|
51
48
|
|
|
52
49
|
def remember_me?
|
data/lib/devise/test_helpers.rb
CHANGED
|
@@ -16,10 +16,13 @@ module Devise
|
|
|
16
16
|
# Override process to consider warden.
|
|
17
17
|
def process(*)
|
|
18
18
|
# Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts
|
|
19
|
-
_catch_warden { super } || @response
|
|
19
|
+
_catch_warden { super } # || @response # _catch_warden will setup the @response object
|
|
20
|
+
|
|
21
|
+
# process needs to return the ActionDispath::TestResponse object
|
|
22
|
+
@response
|
|
20
23
|
end
|
|
21
24
|
|
|
22
|
-
# We need to
|
|
25
|
+
# We need to set up the environment variables and the response in the controller.
|
|
23
26
|
def setup_controller_for_warden #:nodoc:
|
|
24
27
|
@request.env['action_controller.instance'] = @controller
|
|
25
28
|
end
|
|
@@ -109,8 +112,9 @@ module Devise
|
|
|
109
112
|
|
|
110
113
|
status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
|
|
111
114
|
@controller.response.headers.merge!(headers)
|
|
112
|
-
|
|
113
|
-
|
|
115
|
+
r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] }
|
|
116
|
+
r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body
|
|
117
|
+
@controller.send :render, r_opts
|
|
114
118
|
nil # causes process return @response
|
|
115
119
|
end
|
|
116
120
|
|
|
@@ -122,7 +126,8 @@ module Devise
|
|
|
122
126
|
# ensure the controller response is set to our response.
|
|
123
127
|
@controller.response ||= @response
|
|
124
128
|
@response.status = ret.first
|
|
125
|
-
@response.headers
|
|
129
|
+
@response.headers.clear
|
|
130
|
+
ret.second.each { |k,v| @response[k] = v }
|
|
126
131
|
@response.body = ret.third
|
|
127
132
|
end
|
|
128
133
|
|
|
@@ -1,11 +1,8 @@
|
|
|
1
|
-
# Deprecate: Copied verbatim from Rails source, remove once we move to Rails 4 only.
|
|
2
|
-
require 'thread_safe'
|
|
3
1
|
require 'openssl'
|
|
4
|
-
require 'securerandom'
|
|
5
2
|
|
|
6
3
|
module Devise
|
|
7
4
|
class TokenGenerator
|
|
8
|
-
def initialize(key_generator, digest="SHA256")
|
|
5
|
+
def initialize(key_generator, digest = "SHA256")
|
|
9
6
|
@key_generator = key_generator
|
|
10
7
|
@digest = digest
|
|
11
8
|
end
|
|
@@ -30,41 +27,4 @@ module Devise
|
|
|
30
27
|
@key_generator.generate_key("Devise #{column}")
|
|
31
28
|
end
|
|
32
29
|
end
|
|
33
|
-
|
|
34
|
-
# KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2
|
|
35
|
-
# It can be used to derive a number of keys for various purposes from a given secret.
|
|
36
|
-
# This lets Rails applications have a single secure secret, but avoid reusing that
|
|
37
|
-
# key in multiple incompatible contexts.
|
|
38
|
-
class KeyGenerator
|
|
39
|
-
def initialize(secret, options = {})
|
|
40
|
-
@secret = secret
|
|
41
|
-
# The default iterations are higher than required for our key derivation uses
|
|
42
|
-
# on the off chance someone uses this for password storage
|
|
43
|
-
@iterations = options[:iterations] || 2**16
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
# Returns a derived key suitable for use. The default key_size is chosen
|
|
47
|
-
# to be compatible with the default settings of ActiveSupport::MessageVerifier.
|
|
48
|
-
# i.e. OpenSSL::Digest::SHA1#block_length
|
|
49
|
-
def generate_key(salt, key_size=64)
|
|
50
|
-
OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
|
|
51
|
-
end
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
# CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid
|
|
55
|
-
# re-executing the key generation process when it's called using the same salt and
|
|
56
|
-
# key_size
|
|
57
|
-
class CachingKeyGenerator
|
|
58
|
-
def initialize(key_generator)
|
|
59
|
-
@key_generator = key_generator
|
|
60
|
-
@cache_keys = ThreadSafe::Cache.new
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
# Returns a derived key suitable for use. The default key_size is chosen
|
|
64
|
-
# to be compatible with the default settings of ActiveSupport::MessageVerifier.
|
|
65
|
-
# i.e. OpenSSL::Digest::SHA1#block_length
|
|
66
|
-
def generate_key(salt, key_size=64)
|
|
67
|
-
@cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size)
|
|
68
|
-
end
|
|
69
|
-
end
|
|
70
30
|
end
|
data/lib/devise/version.rb
CHANGED
data/lib/devise.rb
CHANGED
|
@@ -12,19 +12,18 @@ module Devise
|
|
|
12
12
|
autoload :FailureApp, 'devise/failure_app'
|
|
13
13
|
autoload :OmniAuth, 'devise/omniauth'
|
|
14
14
|
autoload :ParameterFilter, 'devise/parameter_filter'
|
|
15
|
-
autoload :BaseSanitizer, 'devise/parameter_sanitizer'
|
|
16
15
|
autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
|
|
17
16
|
autoload :TestHelpers, 'devise/test_helpers'
|
|
18
17
|
autoload :TimeInflector, 'devise/time_inflector'
|
|
19
18
|
autoload :TokenGenerator, 'devise/token_generator'
|
|
20
19
|
|
|
21
20
|
module Controllers
|
|
22
|
-
autoload :Helpers,
|
|
23
|
-
autoload :Rememberable,
|
|
24
|
-
autoload :ScopedViews,
|
|
25
|
-
autoload :SignInOut,
|
|
26
|
-
autoload :StoreLocation,
|
|
27
|
-
autoload :UrlHelpers,
|
|
21
|
+
autoload :Helpers, 'devise/controllers/helpers'
|
|
22
|
+
autoload :Rememberable, 'devise/controllers/rememberable'
|
|
23
|
+
autoload :ScopedViews, 'devise/controllers/scoped_views'
|
|
24
|
+
autoload :SignInOut, 'devise/controllers/sign_in_out'
|
|
25
|
+
autoload :StoreLocation, 'devise/controllers/store_location'
|
|
26
|
+
autoload :UrlHelpers, 'devise/controllers/url_helpers'
|
|
28
27
|
end
|
|
29
28
|
|
|
30
29
|
module Hooks
|
|
@@ -36,7 +35,7 @@ module Devise
|
|
|
36
35
|
end
|
|
37
36
|
|
|
38
37
|
module Strategies
|
|
39
|
-
autoload :Base,
|
|
38
|
+
autoload :Base, 'devise/strategies/base'
|
|
40
39
|
autoload :Authenticatable, 'devise/strategies/authenticatable'
|
|
41
40
|
end
|
|
42
41
|
|
|
@@ -54,6 +53,12 @@ module Devise
|
|
|
54
53
|
# True values used to check params
|
|
55
54
|
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
|
|
56
55
|
|
|
56
|
+
# Track the configs that user explicit changed the default value. It is
|
|
57
|
+
# helpfull to not warn users about default values changing when they willing
|
|
58
|
+
# changed.
|
|
59
|
+
mattr_accessor :app_set_configs
|
|
60
|
+
@@app_set_configs = Set.new
|
|
61
|
+
|
|
57
62
|
# Secret key used by the key generator
|
|
58
63
|
mattr_accessor :secret_key
|
|
59
64
|
@@secret_key = nil
|
|
@@ -62,9 +67,9 @@ module Devise
|
|
|
62
67
|
mattr_accessor :rememberable_options
|
|
63
68
|
@@rememberable_options = {}
|
|
64
69
|
|
|
65
|
-
# The number of times to
|
|
70
|
+
# The number of times to hash the password.
|
|
66
71
|
mattr_accessor :stretches
|
|
67
|
-
@@stretches =
|
|
72
|
+
@@stretches = 11
|
|
68
73
|
|
|
69
74
|
# The default key used when authenticating over http auth.
|
|
70
75
|
mattr_accessor :http_authentication_key
|
|
@@ -83,9 +88,20 @@ module Devise
|
|
|
83
88
|
@@case_insensitive_keys = [:email]
|
|
84
89
|
|
|
85
90
|
# Keys that should have whitespace stripped.
|
|
86
|
-
|
|
91
|
+
# TODO: 4.1 Do: @@strip_whitespace_keys = [:email]
|
|
92
|
+
mattr_reader :strip_whitespace_keys
|
|
87
93
|
@@strip_whitespace_keys = []
|
|
88
94
|
|
|
95
|
+
def self.strip_whitespace_keys=(strip_whitespace_keys)
|
|
96
|
+
app_set_configs << :strip_whitespace_keys
|
|
97
|
+
@@strip_whitespace_keys = strip_whitespace_keys
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def strip_whitespace_keys=(strip_whitespace_keys)
|
|
101
|
+
app_set_configs << :strip_whitespace_keys
|
|
102
|
+
@@strip_whitespace_keys = strip_whitespace_keys
|
|
103
|
+
end
|
|
104
|
+
|
|
89
105
|
# If http authentication is enabled by default.
|
|
90
106
|
mattr_accessor :http_authenticatable
|
|
91
107
|
@@http_authenticatable = false
|
|
@@ -105,9 +121,20 @@ module Devise
|
|
|
105
121
|
# Email regex used to validate email formats. It simply asserts that
|
|
106
122
|
# an one (and only one) @ exists in the given string. This is mainly
|
|
107
123
|
# to give user feedback and not to assert the e-mail validity.
|
|
108
|
-
|
|
124
|
+
# TODO: 4.1 Do: @@email_regexp = [/\A[^@\s]+@[^@\s]+\z/]
|
|
125
|
+
mattr_reader :email_regexp
|
|
109
126
|
@@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/
|
|
110
127
|
|
|
128
|
+
def self.email_regexp=(email_regexp)
|
|
129
|
+
app_set_configs << :email_regexp
|
|
130
|
+
@@email_regexp = email_regexp
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
def email_regexp=(email_regexp)
|
|
134
|
+
app_set_configs << :email_regexp
|
|
135
|
+
@@email_regexp = email_regexp
|
|
136
|
+
end
|
|
137
|
+
|
|
111
138
|
# Range validation for password length
|
|
112
139
|
mattr_accessor :password_length
|
|
113
140
|
@@password_length = 6..128
|
|
@@ -139,17 +166,32 @@ module Devise
|
|
|
139
166
|
|
|
140
167
|
# Defines if email should be reconfirmable.
|
|
141
168
|
# False by default for backwards compatibility.
|
|
142
|
-
|
|
169
|
+
# TODO: 4.1 Do: @@reconfirmable = true
|
|
170
|
+
mattr_reader :reconfirmable
|
|
143
171
|
@@reconfirmable = false
|
|
144
172
|
|
|
173
|
+
def self.reconfirmable=(reconfirmable)
|
|
174
|
+
app_set_configs << :reconfirmable
|
|
175
|
+
@@reconfirmable = reconfirmable
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
def reconfirmable=(reconfirmable)
|
|
179
|
+
app_set_configs << :reconfirmable
|
|
180
|
+
@@reconfirmable = reconfirmable
|
|
181
|
+
end
|
|
182
|
+
|
|
145
183
|
# Time interval to timeout the user session without activity.
|
|
146
184
|
mattr_accessor :timeout_in
|
|
147
185
|
@@timeout_in = 30.minutes
|
|
148
186
|
|
|
149
|
-
# Used to
|
|
187
|
+
# Used to hash the password. Please generate one with rake secret.
|
|
150
188
|
mattr_accessor :pepper
|
|
151
189
|
@@pepper = nil
|
|
152
190
|
|
|
191
|
+
# Used to enable sending notification to user when their password is changed
|
|
192
|
+
mattr_accessor :send_password_change_notification
|
|
193
|
+
@@send_password_change_notification = false
|
|
194
|
+
|
|
153
195
|
# Scoped views. Since it relies on fallbacks to render default views, it's
|
|
154
196
|
# turned off by default.
|
|
155
197
|
mattr_accessor :scoped_views
|
|
@@ -198,9 +240,20 @@ module Devise
|
|
|
198
240
|
@@mailer_sender = nil
|
|
199
241
|
|
|
200
242
|
# Skip session storage for the following strategies
|
|
201
|
-
|
|
243
|
+
# TODO: 4.1 Do: @@skip_session_storage = [:http_auth]
|
|
244
|
+
mattr_reader :skip_session_storage
|
|
202
245
|
@@skip_session_storage = []
|
|
203
246
|
|
|
247
|
+
def self.skip_session_storage=(skip_session_storage)
|
|
248
|
+
app_set_configs << :skip_session_storage
|
|
249
|
+
@@skip_session_storage = skip_session_storage
|
|
250
|
+
end
|
|
251
|
+
|
|
252
|
+
def skip_session_storage=(skip_session_storage)
|
|
253
|
+
app_set_configs << :skip_session_storage
|
|
254
|
+
@@skip_session_storage = skip_session_storage
|
|
255
|
+
end
|
|
256
|
+
|
|
204
257
|
# Which formats should be treated as navigational.
|
|
205
258
|
mattr_accessor :navigational_formats
|
|
206
259
|
@@navigational_formats = ["*/*", :html]
|
|
@@ -210,9 +263,20 @@ module Devise
|
|
|
210
263
|
@@sign_out_all_scopes = true
|
|
211
264
|
|
|
212
265
|
# The default method used while signing out
|
|
213
|
-
|
|
266
|
+
# TODO: 4.1 Do: @@sign_out_via = :delete
|
|
267
|
+
mattr_reader :sign_out_via
|
|
214
268
|
@@sign_out_via = :get
|
|
215
269
|
|
|
270
|
+
def self.sign_out_via=(sign_out_via)
|
|
271
|
+
app_set_configs << :sign_out_via
|
|
272
|
+
@@sign_out_via = sign_out_via
|
|
273
|
+
end
|
|
274
|
+
|
|
275
|
+
def sign_out_via=(sign_out_via)
|
|
276
|
+
app_set_configs << :sign_out_via
|
|
277
|
+
@@sign_out_via = sign_out_via
|
|
278
|
+
end
|
|
279
|
+
|
|
216
280
|
# The parent controller all Devise controllers inherits from.
|
|
217
281
|
# Defaults to ApplicationController. This should be set early
|
|
218
282
|
# in the initialization process and should be set to a string.
|
|
@@ -272,10 +336,36 @@ module Devise
|
|
|
272
336
|
mattr_accessor :token_generator
|
|
273
337
|
@@token_generator = nil
|
|
274
338
|
|
|
275
|
-
# Default way to
|
|
339
|
+
# Default way to set up Devise. Run rails generate devise_install to create
|
|
276
340
|
# a fresh initializer with all configuration values.
|
|
277
341
|
def self.setup
|
|
278
342
|
yield self
|
|
343
|
+
|
|
344
|
+
warn_default_config_changed(:email_regexp, '/\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/', '/\A[^@\s]+@[^@\s]+\z/')
|
|
345
|
+
warn_default_config_changed(:reconfirmable, 'false', 'true')
|
|
346
|
+
warn_default_config_changed(:sign_out_via, ':get', ':delete')
|
|
347
|
+
warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]')
|
|
348
|
+
warn_default_config_changed(:strip_whitespace_keys, '[]', '[:email]')
|
|
349
|
+
end
|
|
350
|
+
|
|
351
|
+
def self.warn_default_config_changed(config, current_default, new_default)
|
|
352
|
+
unless app_set_configs.include?(config)
|
|
353
|
+
warn = <<-MESSAGE.strip_heredoc
|
|
354
|
+
[Devise] config.#{config} will have a new default on Devise 4.1
|
|
355
|
+
To keep the current behavior please set in your config/initializers/devise.rb the following:
|
|
356
|
+
|
|
357
|
+
Devise.setup do |config|
|
|
358
|
+
config.#{config} = #{current_default}
|
|
359
|
+
end
|
|
360
|
+
|
|
361
|
+
If you want to use the new default:
|
|
362
|
+
|
|
363
|
+
Devise.setup do |config|
|
|
364
|
+
config.#{config} = #{new_default}
|
|
365
|
+
end
|
|
366
|
+
MESSAGE
|
|
367
|
+
ActiveSupport::Deprecation.warn(warn)
|
|
368
|
+
end
|
|
279
369
|
end
|
|
280
370
|
|
|
281
371
|
class Getter
|
|
@@ -325,7 +415,12 @@ module Devise
|
|
|
325
415
|
mapping
|
|
326
416
|
end
|
|
327
417
|
|
|
328
|
-
#
|
|
418
|
+
# Register available devise modules. For the standard modules that Devise provides, this method is
|
|
419
|
+
# called from lib/devise/modules.rb. Third-party modules need to be added explicitly using this method.
|
|
420
|
+
#
|
|
421
|
+
# Note that adding a module using this method does not cause it to be used in the authentication
|
|
422
|
+
# process. That requires that the module be listed in the arguments passed to the 'devise' method
|
|
423
|
+
# in the model class definition.
|
|
329
424
|
#
|
|
330
425
|
# == Options:
|
|
331
426
|
#
|
|
@@ -433,8 +528,8 @@ module Devise
|
|
|
433
528
|
Devise::Controllers::UrlHelpers.generate_helpers!
|
|
434
529
|
end
|
|
435
530
|
|
|
436
|
-
# A method used internally to setup warden manager
|
|
437
|
-
#
|
|
531
|
+
# A method used internally to complete the setup of warden manager after routes are loaded.
|
|
532
|
+
# See lib/devise/rails/routes.rb - ActionDispatch::Routing::RouteSet#finalize_with_devise!
|
|
438
533
|
def self.configure_warden! #:nodoc:
|
|
439
534
|
@@warden_configured ||= begin
|
|
440
535
|
warden_config.failure_app = Devise::Delegator.new
|
|
@@ -11,9 +11,9 @@ module ActiveRecord
|
|
|
11
11
|
|
|
12
12
|
def copy_devise_migration
|
|
13
13
|
if (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?(table_name))
|
|
14
|
-
migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb"
|
|
14
|
+
migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb", migration_version: migration_version
|
|
15
15
|
else
|
|
16
|
-
migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb"
|
|
16
|
+
migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb", migration_version: migration_version
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
19
|
|
|
@@ -75,17 +75,23 @@ RUBY
|
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
def inet?
|
|
78
|
-
|
|
78
|
+
postgresql?
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
def
|
|
82
|
-
Rails.version.start_with? '
|
|
81
|
+
def rails5?
|
|
82
|
+
Rails.version.start_with? '5'
|
|
83
83
|
end
|
|
84
84
|
|
|
85
85
|
def postgresql?
|
|
86
86
|
config = ActiveRecord::Base.configurations[Rails.env]
|
|
87
87
|
config && config['adapter'] == 'postgresql'
|
|
88
88
|
end
|
|
89
|
+
|
|
90
|
+
def migration_version
|
|
91
|
+
if rails5?
|
|
92
|
+
"[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
|
|
93
|
+
end
|
|
94
|
+
end
|
|
89
95
|
end
|
|
90
96
|
end
|
|
91
97
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
|
|
1
|
+
class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
|
|
2
2
|
def change
|
|
3
|
-
create_table
|
|
3
|
+
create_table :<%= table_name %> do |t|
|
|
4
4
|
<%= migration_data -%>
|
|
5
5
|
|
|
6
6
|
<% attributes.each do |attribute| -%>
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
|
|
1
|
+
class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
|
|
2
2
|
def self.up
|
|
3
|
-
change_table
|
|
3
|
+
change_table :<%= table_name %> do |t|
|
|
4
4
|
<%= migration_data -%>
|
|
5
5
|
|
|
6
6
|
<% attributes.each do |attribute| -%>
|
|
@@ -3,6 +3,8 @@ require 'securerandom'
|
|
|
3
3
|
|
|
4
4
|
module Devise
|
|
5
5
|
module Generators
|
|
6
|
+
MissingORMError = Class.new(Thor::Error)
|
|
7
|
+
|
|
6
8
|
class InstallGenerator < Rails::Generators::Base
|
|
7
9
|
source_root File.expand_path("../../templates", __FILE__)
|
|
8
10
|
|
|
@@ -10,6 +12,19 @@ module Devise
|
|
|
10
12
|
class_option :orm
|
|
11
13
|
|
|
12
14
|
def copy_initializer
|
|
15
|
+
unless options[:orm]
|
|
16
|
+
raise MissingORMError, <<-ERROR.strip_heredoc
|
|
17
|
+
An ORM must be set to install Devise in your application.
|
|
18
|
+
|
|
19
|
+
Be sure to have an ORM like Active Record or Mongoid loaded in your
|
|
20
|
+
app or configure your own at `config/application.rb`.
|
|
21
|
+
|
|
22
|
+
config.generators do |g|
|
|
23
|
+
g.orm :your_orm_gem
|
|
24
|
+
end
|
|
25
|
+
ERROR
|
|
26
|
+
end
|
|
27
|
+
|
|
13
28
|
template "devise.rb", "config/initializers/devise.rb"
|
|
14
29
|
end
|
|
15
30
|
|
|
@@ -8,31 +8,14 @@ module Devise
|
|
|
8
8
|
devise :database_authenticatable, :registerable,
|
|
9
9
|
:recoverable, :rememberable, :trackable, :validatable
|
|
10
10
|
|
|
11
|
-
CONTENT
|
|
12
|
-
buffer += <<-CONTENT if needs_attr_accessible?
|
|
13
|
-
# Setup accessible (or protected) attributes for your model
|
|
14
|
-
attr_accessible :email, :password, :password_confirmation, :remember_me
|
|
15
|
-
|
|
16
11
|
CONTENT
|
|
17
12
|
buffer
|
|
18
13
|
end
|
|
19
14
|
|
|
20
|
-
def needs_attr_accessible?
|
|
21
|
-
rails_3? && !strong_parameters_enabled?
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def rails_3?
|
|
25
|
-
Rails::VERSION::MAJOR == 3
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
def strong_parameters_enabled?
|
|
29
|
-
defined?(ActionController::StrongParameters)
|
|
30
|
-
end
|
|
31
|
-
|
|
32
15
|
private
|
|
33
16
|
|
|
34
17
|
def model_exists?
|
|
35
|
-
File.
|
|
18
|
+
File.exist?(File.join(destination_root, model_path))
|
|
36
19
|
end
|
|
37
20
|
|
|
38
21
|
def migration_exists?(table_name)
|
|
@@ -47,7 +47,7 @@ module Devise
|
|
|
47
47
|
def view_directory(name, _target_path = nil)
|
|
48
48
|
directory name.to_s, _target_path || "#{target_path}/#{name}" do |content|
|
|
49
49
|
if scope
|
|
50
|
-
content.gsub "devise/shared/links", "#{
|
|
50
|
+
content.gsub "devise/shared/links", "#{plural_scope}/shared/links"
|
|
51
51
|
else
|
|
52
52
|
content
|
|
53
53
|
end
|
|
@@ -55,7 +55,11 @@ module Devise
|
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
def target_path
|
|
58
|
-
@target_path ||= "app/views/#{
|
|
58
|
+
@target_path ||= "app/views/#{plural_scope || :devise}"
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def plural_scope
|
|
62
|
+
@plural_scope ||= scope.presence && scope.underscore.pluralize
|
|
59
63
|
end
|
|
60
64
|
end
|
|
61
65
|
|
|
@@ -83,6 +87,13 @@ module Devise
|
|
|
83
87
|
source_root File.expand_path("../../templates/simple_form_for", __FILE__)
|
|
84
88
|
desc "Copies simple form enabled views to your application."
|
|
85
89
|
hide!
|
|
90
|
+
|
|
91
|
+
def copy_views
|
|
92
|
+
if options[:views]
|
|
93
|
+
options[:views].delete('mailer')
|
|
94
|
+
end
|
|
95
|
+
super
|
|
96
|
+
end
|
|
86
97
|
end
|
|
87
98
|
|
|
88
99
|
class ErbGenerator < Rails::Generators::Base #:nodoc:
|
|
@@ -111,7 +122,7 @@ module Devise
|
|
|
111
122
|
end
|
|
112
123
|
|
|
113
124
|
def target_path
|
|
114
|
-
"app/views/#{
|
|
125
|
+
"app/views/#{plural_scope || :devise}/mailer"
|
|
115
126
|
end
|
|
116
127
|
end
|
|
117
128
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
|
|
2
|
-
#
|
|
3
|
-
#
|
|
2
|
+
# before_action :configure_sign_up_params, only: [:create]
|
|
3
|
+
# before_action :configure_account_update_params, only: [:update]
|
|
4
4
|
|
|
5
5
|
# GET /resource/sign_up
|
|
6
6
|
# def new
|
|
@@ -40,12 +40,12 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl
|
|
|
40
40
|
|
|
41
41
|
# If you have extra params to permit, append them to the sanitizer.
|
|
42
42
|
# def configure_sign_up_params
|
|
43
|
-
# devise_parameter_sanitizer.
|
|
43
|
+
# devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
|
|
44
44
|
# end
|
|
45
45
|
|
|
46
46
|
# If you have extra params to permit, append them to the sanitizer.
|
|
47
47
|
# def configure_account_update_params
|
|
48
|
-
# devise_parameter_sanitizer.
|
|
48
|
+
# devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
|
|
49
49
|
# end
|
|
50
50
|
|
|
51
51
|
# The path used after sign up.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
class <%= @scope_prefix %>SessionsController < Devise::SessionsController
|
|
2
|
-
#
|
|
2
|
+
# before_action :configure_sign_in_params, only: [:create]
|
|
3
3
|
|
|
4
4
|
# GET /resource/sign_in
|
|
5
5
|
# def new
|
|
@@ -20,6 +20,6 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController
|
|
|
20
20
|
|
|
21
21
|
# If you have extra params to permit, append them to the sanitizer.
|
|
22
22
|
# def configure_sign_in_params
|
|
23
|
-
# devise_parameter_sanitizer.
|
|
23
|
+
# devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
|
|
24
24
|
# end
|
|
25
25
|
end
|