RubyGems - devise - Versions diffs - 3.5.2 → 4.7.1 - Mend

devise 3.5.2 → 4.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +259 -1086
data/MIT-LICENSE +1 -1
data/README.md +254 -67
data/app/controllers/devise/confirmations_controller.rb +3 -1
data/app/controllers/devise/omniauth_callbacks_controller.rb +8 -6
data/app/controllers/devise/passwords_controller.rb +8 -4
data/app/controllers/devise/registrations_controller.rb +39 -18
data/app/controllers/devise/sessions_controller.rb +9 -7
data/app/controllers/devise/unlocks_controller.rb +4 -2
data/app/controllers/devise_controller.rb +23 -10
data/app/helpers/devise_helper.rb +12 -19
data/app/mailers/devise/mailer.rb +10 -0
data/app/views/devise/confirmations/new.html.erb +2 -2
data/app/views/devise/mailer/email_changed.html.erb +7 -0
data/app/views/devise/mailer/password_change.html.erb +3 -0
data/app/views/devise/passwords/edit.html.erb +3 -3
data/app/views/devise/passwords/new.html.erb +2 -2
data/app/views/devise/registrations/edit.html.erb +9 -5
data/app/views/devise/registrations/new.html.erb +4 -4
data/app/views/devise/sessions/new.html.erb +4 -4
data/app/views/devise/shared/_error_messages.html.erb +15 -0
data/app/views/devise/shared/_links.html.erb +8 -8
data/app/views/devise/unlocks/new.html.erb +2 -2
data/config/locales/en.yml +6 -1
data/lib/devise/controllers/helpers.rb +35 -26
data/lib/devise/controllers/rememberable.rb +11 -2
data/lib/devise/controllers/scoped_views.rb +2 -0
data/lib/devise/controllers/sign_in_out.rb +34 -11
data/lib/devise/controllers/store_location.rb +25 -7
data/lib/devise/controllers/url_helpers.rb +2 -0
data/lib/devise/delegator.rb +2 -0
data/lib/devise/encryptor.rb +6 -4
data/lib/devise/failure_app.rb +84 -32
data/lib/devise/hooks/activatable.rb +2 -0
data/lib/devise/hooks/csrf_cleaner.rb +2 -0
data/lib/devise/hooks/forgetable.rb +2 -0
data/lib/devise/hooks/lockable.rb +6 -1
data/lib/devise/hooks/proxy.rb +3 -1
data/lib/devise/hooks/rememberable.rb +2 -0
data/lib/devise/hooks/timeoutable.rb +7 -3
data/lib/devise/hooks/trackable.rb +2 -0
data/lib/devise/mailers/helpers.rb +7 -4
data/lib/devise/mapping.rb +2 -0
data/lib/devise/models/authenticatable.rb +51 -26
data/lib/devise/models/confirmable.rb +89 -27
data/lib/devise/models/database_authenticatable.rb +97 -20
data/lib/devise/models/lockable.rb +15 -5
data/lib/devise/models/omniauthable.rb +2 -0
data/lib/devise/models/recoverable.rb +32 -24
data/lib/devise/models/registerable.rb +4 -0
data/lib/devise/models/rememberable.rb +42 -26
data/lib/devise/models/timeoutable.rb +2 -6
data/lib/devise/models/trackable.rb +15 -1
data/lib/devise/models/validatable.rb +10 -3
data/lib/devise/models.rb +3 -1
data/lib/devise/modules.rb +2 -0
data/lib/devise/omniauth/config.rb +2 -0
data/lib/devise/omniauth/url_helpers.rb +14 -5
data/lib/devise/omniauth.rb +2 -0
data/lib/devise/orm/active_record.rb +5 -1
data/lib/devise/orm/mongoid.rb +6 -2
data/lib/devise/parameter_filter.rb +4 -0
data/lib/devise/parameter_sanitizer.rb +139 -65
data/lib/devise/rails/routes.rb +59 -34
data/lib/devise/rails/warden_compat.rb +3 -10
data/lib/devise/rails.rb +7 -16
data/lib/devise/secret_key_finder.rb +27 -0
data/lib/devise/strategies/authenticatable.rb +4 -2
data/lib/devise/strategies/base.rb +2 -0
data/lib/devise/strategies/database_authenticatable.rb +11 -4
data/lib/devise/strategies/rememberable.rb +5 -6
data/lib/devise/test/controller_helpers.rb +165 -0
data/lib/devise/test/integration_helpers.rb +63 -0
data/lib/devise/test_helpers.rb +7 -124
data/lib/devise/time_inflector.rb +2 -0
data/lib/devise/token_generator.rb +3 -41
data/lib/devise/version.rb +3 -1
data/lib/devise.rb +72 -42
data/lib/generators/active_record/devise_generator.rb +29 -10
data/lib/generators/active_record/templates/migration.rb +4 -2
data/lib/generators/active_record/templates/migration_existing.rb +4 -2
data/lib/generators/devise/controllers_generator.rb +3 -1
data/lib/generators/devise/devise_generator.rb +4 -2
data/lib/generators/devise/install_generator.rb +17 -0
data/lib/generators/devise/orm_helpers.rb +10 -21
data/lib/generators/devise/views_generator.rb +21 -11
data/lib/generators/mongoid/devise_generator.rb +7 -5
data/lib/generators/templates/README +1 -8
data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +2 -0
data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
data/lib/generators/templates/controllers/registrations_controller.rb +6 -4
data/lib/generators/templates/controllers/sessions_controller.rb +4 -2
data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
data/lib/generators/templates/devise.rb +52 -19
data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
data/lib/generators/templates/markerb/email_changed.markerb +7 -0
data/lib/generators/templates/markerb/password_change.markerb +3 -0
data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +5 -1
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +10 -2
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +4 -1
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +11 -3
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +11 -3
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +7 -2
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +4 -1
metadata +27 -313
data/.gitignore +0 -10
data/.travis.yml +0 -45
data/.yardopts +0 -9
data/CONTRIBUTING.md +0 -14
data/Gemfile +0 -29
data/Gemfile.lock +0 -183
data/Rakefile +0 -36
data/devise.gemspec +0 -27
data/devise.png +0 -0
data/gemfiles/Gemfile.rails-3.2-stable +0 -29
data/gemfiles/Gemfile.rails-3.2-stable.lock +0 -169
data/gemfiles/Gemfile.rails-4.0-stable +0 -29
data/gemfiles/Gemfile.rails-4.0-stable.lock +0 -163
data/gemfiles/Gemfile.rails-4.1-stable +0 -29
data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -169
data/gemfiles/Gemfile.rails-4.2-stable +0 -29
data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -191
data/script/cached-bundle +0 -49
data/script/s3-put +0 -71
data/test/controllers/custom_registrations_controller_test.rb +0 -40
data/test/controllers/custom_strategy_test.rb +0 -62
data/test/controllers/helpers_test.rb +0 -316
data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -51
data/test/controllers/internal_helpers_test.rb +0 -129
data/test/controllers/load_hooks_controller_test.rb +0 -19
data/test/controllers/passwords_controller_test.rb +0 -31
data/test/controllers/sessions_controller_test.rb +0 -103
data/test/controllers/url_helpers_test.rb +0 -65
data/test/delegator_test.rb +0 -19
data/test/devise_test.rb +0 -107
data/test/failure_app_test.rb +0 -298
data/test/generators/active_record_generator_test.rb +0 -109
data/test/generators/controllers_generator_test.rb +0 -48
data/test/generators/devise_generator_test.rb +0 -39
data/test/generators/install_generator_test.rb +0 -13
data/test/generators/mongoid_generator_test.rb +0 -23
data/test/generators/views_generator_test.rb +0 -96
data/test/helpers/devise_helper_test.rb +0 -49
data/test/integration/authenticatable_test.rb +0 -729
data/test/integration/confirmable_test.rb +0 -324
data/test/integration/database_authenticatable_test.rb +0 -95
data/test/integration/http_authenticatable_test.rb +0 -105
data/test/integration/lockable_test.rb +0 -239
data/test/integration/omniauthable_test.rb +0 -133
data/test/integration/recoverable_test.rb +0 -347
data/test/integration/registerable_test.rb +0 -359
data/test/integration/rememberable_test.rb +0 -176
data/test/integration/timeoutable_test.rb +0 -172
data/test/integration/trackable_test.rb +0 -92
data/test/mailers/confirmation_instructions_test.rb +0 -115
data/test/mailers/reset_password_instructions_test.rb +0 -96
data/test/mailers/unlock_instructions_test.rb +0 -91
data/test/mapping_test.rb +0 -134
data/test/models/authenticatable_test.rb +0 -23
data/test/models/confirmable_test.rb +0 -479
data/test/models/database_authenticatable_test.rb +0 -249
data/test/models/lockable_test.rb +0 -328
data/test/models/omniauthable_test.rb +0 -7
data/test/models/recoverable_test.rb +0 -228
data/test/models/registerable_test.rb +0 -7
data/test/models/rememberable_test.rb +0 -204
data/test/models/serializable_test.rb +0 -49
data/test/models/timeoutable_test.rb +0 -51
data/test/models/trackable_test.rb +0 -41
data/test/models/validatable_test.rb +0 -127
data/test/models_test.rb +0 -144
data/test/omniauth/config_test.rb +0 -57
data/test/omniauth/url_helpers_test.rb +0 -54
data/test/orm/active_record.rb +0 -10
data/test/orm/mongoid.rb +0 -13
data/test/parameter_sanitizer_test.rb +0 -81
data/test/rails_app/Rakefile +0 -6
data/test/rails_app/app/active_record/admin.rb +0 -6
data/test/rails_app/app/active_record/shim.rb +0 -2
data/test/rails_app/app/active_record/user.rb +0 -6
data/test/rails_app/app/active_record/user_on_engine.rb +0 -7
data/test/rails_app/app/active_record/user_on_main_app.rb +0 -7
data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
data/test/rails_app/app/controllers/admins_controller.rb +0 -6
data/test/rails_app/app/controllers/application_controller.rb +0 -12
data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -30
data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -31
data/test/rails_app/app/controllers/home_controller.rb +0 -25
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
data/test/rails_app/app/controllers/users_controller.rb +0 -31
data/test/rails_app/app/helpers/application_helper.rb +0 -3
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -3
data/test/rails_app/app/mailers/users/mailer.rb +0 -3
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -4
data/test/rails_app/app/mongoid/admin.rb +0 -29
data/test/rails_app/app/mongoid/shim.rb +0 -23
data/test/rails_app/app/mongoid/user.rb +0 -39
data/test/rails_app/app/mongoid/user_on_engine.rb +0 -39
data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -39
data/test/rails_app/app/views/admins/index.html.erb +0 -1
data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
data/test/rails_app/app/views/home/index.html.erb +0 -1
data/test/rails_app/app/views/home/join.html.erb +0 -1
data/test/rails_app/app/views/home/private.html.erb +0 -1
data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
data/test/rails_app/app/views/layouts/application.html.erb +0 -24
data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
data/test/rails_app/app/views/users/index.html.erb +0 -1
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
data/test/rails_app/bin/bundle +0 -3
data/test/rails_app/bin/rails +0 -4
data/test/rails_app/bin/rake +0 -4
data/test/rails_app/config/application.rb +0 -40
data/test/rails_app/config/boot.rb +0 -14
data/test/rails_app/config/database.yml +0 -18
data/test/rails_app/config/environment.rb +0 -5
data/test/rails_app/config/environments/development.rb +0 -30
data/test/rails_app/config/environments/production.rb +0 -84
data/test/rails_app/config/environments/test.rb +0 -41
data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
data/test/rails_app/config/initializers/devise.rb +0 -180
data/test/rails_app/config/initializers/inflections.rb +0 -2
data/test/rails_app/config/initializers/secret_token.rb +0 -8
data/test/rails_app/config/initializers/session_store.rb +0 -1
data/test/rails_app/config/routes.rb +0 -120
data/test/rails_app/config.ru +0 -4
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
data/test/rails_app/db/schema.rb +0 -55
data/test/rails_app/lib/shared_admin.rb +0 -17
data/test/rails_app/lib/shared_user.rb +0 -29
data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -13
data/test/rails_app/public/404.html +0 -26
data/test/rails_app/public/422.html +0 -26
data/test/rails_app/public/500.html +0 -26
data/test/rails_app/public/favicon.ico +0 -0
data/test/rails_test.rb +0 -9
data/test/routes_test.rb +0 -264
data/test/support/action_controller/record_identifier.rb +0 -10
data/test/support/assertions.rb +0 -39
data/test/support/helpers.rb +0 -73
data/test/support/integration.rb +0 -92
data/test/support/locale/en.yml +0 -8
data/test/support/mongoid.yml +0 -6
data/test/support/webrat/integrations/rails.rb +0 -24
data/test/test_helper.rb +0 -34
data/test/test_helpers_test.rb +0 -178
data/test/test_models.rb +0 -33

data/lib/devise/test/controller_helpers.rb ADDED Viewed

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+module Devise
+  module Test
+    # `Devise::Test::ControllerHelpers` provides a facility to test controllers
+    # in isolation when using `ActionController::TestCase` allowing you to
+    # quickly sign_in or sign_out a user. Do not use
+    # `Devise::Test::ControllerHelpers` in integration tests.
+    #
+    # Examples
+    #
+    #  class PostsTest < ActionController::TestCase
+    #    include Devise::Test::ControllerHelpers
+    #
+    #    test 'authenticated users can GET index' do
+    #      sign_in users(:bob)
+    #
+    #      get :index
+    #      assert_response :success
+    #    end
+    #  end
+    #
+    # Important: you should not test Warden specific behavior (like callbacks)
+    # using `Devise::Test::ControllerHelpers` since it is a stub of the actual
+    # behavior. Such callbacks should be tested in your integration suite instead.
+    module ControllerHelpers
+      extend ActiveSupport::Concern
+      included do
+        setup :setup_controller_for_warden, :warden
+      end
+      # Override process to consider warden.
+      def process(*)
+        _catch_warden { super }
+        @response
+      end
+      # We need to set up the environment variables and the response in the controller.
+      def setup_controller_for_warden #:nodoc:
+        @request.env['action_controller.instance'] = @controller
+      end
+      # Quick access to Warden::Proxy.
+      def warden #:nodoc:
+        @request.env['warden'] ||= begin
+          manager = Warden::Manager.new(nil) do |config|
+            config.merge! Devise.warden_config
+          end
+          Warden::Proxy.new(@request.env, manager)
+        end
+      end
+      # sign_in a given resource by storing its keys in the session.
+      # This method bypass any warden authentication callback.
+      #
+      # * +resource+ - The resource that should be authenticated
+      # * +scope+    - An optional +Symbol+ with the scope where the resource
+      #                should be signed in with.
+      # Examples:
+      #
+      # sign_in users(:alice)
+      # sign_in users(:alice), scope: :admin
+      def sign_in(resource, deprecated = nil, scope: nil)
+        if deprecated.present?
+          scope = resource
+          resource = deprecated
+          ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+            [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise.
+            Please use sign_in(resource, scope: :#{scope}) instead.
+          DEPRECATION
+        end
+        scope ||= Devise::Mapping.find_scope!(resource)
+        warden.instance_variable_get(:@users).delete(scope)
+        warden.session_serializer.store(resource, scope)
+      end
+      # Sign out a given resource or scope by calling logout on Warden.
+      # This method bypass any warden logout callback.
+      #
+      # Examples:
+      #
+      #   sign_out :user     # sign_out(scope)
+      #   sign_out @user     # sign_out(resource)
+      #
+      def sign_out(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        @controller.instance_variable_set(:"@current_#{scope}", nil)
+        user = warden.instance_variable_get(:@users).delete(scope)
+        warden.session_serializer.delete(scope, user)
+      end
+      protected
+      # Catch warden continuations and handle like the middleware would.
+      # Returns nil when interrupted, otherwise the normal result of the block.
+      def _catch_warden(&block)
+        result = catch(:warden, &block)
+        env = @controller.request.env
+        result ||= {}
+        # Set the response. In production, the rack result is returned
+        # from Warden::Manager#call, which the following is modelled on.
+        case result
+        when Array
+          if result.first == 401 && intercept_401?(env) # does this happen during testing?
+            _process_unauthenticated(env)
+          else
+            result
+          end
+        when Hash
+          _process_unauthenticated(env, result)
+        else
+          result
+        end
+      end
+      def _process_unauthenticated(env, options = {})
+        options[:action] ||= :unauthenticated
+        proxy = request.env['warden']
+        result = options[:result] || proxy.result
+        ret = case result
+        when :redirect
+          body = proxy.message || "You are being redirected to #{proxy.headers['Location']}"
+          [proxy.status, proxy.headers, [body]]
+        when :custom
+          proxy.custom_response
+        else
+          request.env["PATH_INFO"] = "/#{options[:action]}"
+          request.env["warden.options"] = options
+          Warden::Manager._run_callbacks(:before_failure, env, options)
+          status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
+          @controller.response.headers.merge!(headers)
+          @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5
+          @controller.status = status
+          @controller.response.body = response.body
+          nil # causes process return @response
+        end
+        # ensure that the controller response is set up. In production, this is
+        # not necessary since warden returns the results to rack. However, at
+        # testing time, we want the response to be available to the testing
+        # framework to verify what would be returned to rack.
+        if ret.is_a?(Array)
+          status, headers, body = *ret
+          # ensure the controller response is set to our response.
+          @controller.response ||= @response
+          @response.status = status
+          @response.headers.merge!(headers)
+          @response.body = body
+        end
+        ret
+      end
+    end
+  end
+end

data/lib/devise/test/integration_helpers.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+module Devise
+  # Devise::Test::IntegrationHelpers is a helper module for facilitating
+  # authentication on Rails integration tests to bypass the required steps for
+  # signin in or signin out a record.
+  #
+  # Examples
+  #
+  #  class PostsTest < ActionDispatch::IntegrationTest
+  #    include Devise::Test::IntegrationHelpers
+  #
+  #    test 'authenticated users can see posts' do
+  #      sign_in users(:bob)
+  #
+  #      get '/posts'
+  #      assert_response :success
+  #    end
+  #  end
+  module Test
+    module IntegrationHelpers
+      def self.included(base)
+        base.class_eval do
+          include Warden::Test::Helpers
+          setup :setup_integration_for_devise
+          teardown :teardown_integration_for_devise
+        end
+      end
+      # Signs in a specific resource, mimicking a successfull sign in
+      # operation through +Devise::SessionsController#create+.
+      #
+      # * +resource+ - The resource that should be authenticated
+      # * +scope+    - An optional +Symbol+ with the scope where the resource
+      #                should be signed in with.
+      def sign_in(resource, scope: nil)
+        scope ||= Devise::Mapping.find_scope!(resource)
+        login_as(resource, scope: scope)
+      end
+      # Signs out a specific scope from the session.
+      #
+      # * +resource_or_scope+ - The resource or scope that should be signed out.
+      def sign_out(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        logout scope
+      end
+      protected
+      def setup_integration_for_devise
+        Warden.test_mode!
+      end
+      def teardown_integration_for_devise
+        Warden.test_reset!
+      end
+    end
+  end
+end

data/lib/devise/test_helpers.rb CHANGED Viewed

@@ -1,132 +1,15 @@
+# frozen_string_literal: true
 module Devise
-  # Devise::TestHelpers provides a facility to test controllers in isolation
-  # when using ActionController::TestCase allowing you to quickly sign_in or
-  # sign_out a user. Do not use Devise::TestHelpers in integration tests.
-  #
-  # Notice you should not test Warden specific behavior (like Warden callbacks)
-  # using Devise::TestHelpers since it is a stub of the actual behavior. Such
-  # callbacks should be tested in your integration suite instead.
   module TestHelpers
     def self.included(base)
       base.class_eval do
-        setup :setup_controller_for_warden, :warden if respond_to?(:setup)
-      end
-    end
-    # Override process to consider warden.
-    def process(*)
-      # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts
-      _catch_warden { super } || @response
-    end
-    # We need to setup the environment variables and the response in the controller.
-    def setup_controller_for_warden #:nodoc:
-      @request.env['action_controller.instance'] = @controller
-    end
-    # Quick access to Warden::Proxy.
-    def warden #:nodoc:
-      @request.env['warden'] ||= begin
-        manager = Warden::Manager.new(nil) do |config|
-          config.merge! Devise.warden_config
-        end
-        Warden::Proxy.new(@request.env, manager)
+        ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+          [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise.
+          For controller tests, please include `Devise::Test::ControllerHelpers` instead.
+        DEPRECATION
+        include Devise::Test::ControllerHelpers
       end
     end
-    # sign_in a given resource by storing its keys in the session.
-    # This method bypass any warden authentication callback.
-    #
-    # Examples:
-    #
-    #   sign_in :user, @user   # sign_in(scope, resource)
-    #   sign_in @user          # sign_in(resource)
-    #
-    def sign_in(resource_or_scope, resource=nil)
-      scope    ||= Devise::Mapping.find_scope!(resource_or_scope)
-      resource ||= resource_or_scope
-      warden.instance_variable_get(:@users).delete(scope)
-      warden.session_serializer.store(resource, scope)
-    end
-    # Sign out a given resource or scope by calling logout on Warden.
-    # This method bypass any warden logout callback.
-    #
-    # Examples:
-    #
-    #   sign_out :user     # sign_out(scope)
-    #   sign_out @user     # sign_out(resource)
-    #
-    def sign_out(resource_or_scope)
-      scope = Devise::Mapping.find_scope!(resource_or_scope)
-      @controller.instance_variable_set(:"@current_#{scope}", nil)
-      user = warden.instance_variable_get(:@users).delete(scope)
-      warden.session_serializer.delete(scope, user)
-    end
-    protected
-    # Catch warden continuations and handle like the middleware would.
-    # Returns nil when interrupted, otherwise the normal result of the block.
-    def _catch_warden(&block)
-      result = catch(:warden, &block)
-      env = @controller.request.env
-      result ||= {}
-      # Set the response. In production, the rack result is returned
-      # from Warden::Manager#call, which the following is modelled on.
-      case result
-      when Array
-        if result.first == 401 && intercept_401?(env) # does this happen during testing?
-          _process_unauthenticated(env)
-        else
-          result
-        end
-      when Hash
-        _process_unauthenticated(env, result)
-      else
-        result
-      end
-    end
-    def _process_unauthenticated(env, options = {})
-      options[:action] ||= :unauthenticated
-      proxy = env['warden']
-      result = options[:result] || proxy.result
-      ret = case result
-      when :redirect
-        body = proxy.message || "You are being redirected to #{proxy.headers['Location']}"
-        [proxy.status, proxy.headers, [body]]
-      when :custom
-        proxy.custom_response
-      else
-        env["PATH_INFO"] = "/#{options[:action]}"
-        env["warden.options"] = options
-        Warden::Manager._run_callbacks(:before_failure, env, options)
-        status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
-        @controller.response.headers.merge!(headers)
-        @controller.send :render, status: status, text: response.body,
-          content_type: headers["Content-Type"], location: headers["Location"]
-        nil # causes process return @response
-      end
-      # ensure that the controller response is set up. In production, this is
-      # not necessary since warden returns the results to rack. However, at
-      # testing time, we want the response to be available to the testing
-      # framework to verify what would be returned to rack.
-      if ret.is_a?(Array)
-        # ensure the controller response is set to our response.
-        @controller.response ||= @response
-        @response.status = ret.first
-        @response.headers = ret.second
-        @response.body = ret.third
-      end
-      ret
-    end
   end
 end

data/lib/devise/time_inflector.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "active_support/core_ext/module/delegation"
 module Devise

data/lib/devise/token_generator.rb CHANGED Viewed

@@ -1,11 +1,10 @@
-# Deprecate: Copied verbatim from Rails source, remove once we move to Rails 4 only.
-require 'thread_safe'
+# frozen_string_literal: true
 require 'openssl'
-require 'securerandom'
 module Devise
   class TokenGenerator
-    def initialize(key_generator, digest="SHA256")
+    def initialize(key_generator, digest = "SHA256")
       @key_generator = key_generator
       @digest = digest
     end
@@ -30,41 +29,4 @@ module Devise
       @key_generator.generate_key("Devise #{column}")
     end
   end
-  # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2
-  # It can be used to derive a number of keys for various purposes from a given secret.
-  # This lets Rails applications have a single secure secret, but avoid reusing that
-  # key in multiple incompatible contexts.
-  class KeyGenerator
-    def initialize(secret, options = {})
-      @secret = secret
-      # The default iterations are higher than required for our key derivation uses
-      # on the off chance someone uses this for password storage
-      @iterations = options[:iterations] || 2**16
-    end
-    # Returns a derived key suitable for use.  The default key_size is chosen
-    # to be compatible with the default settings of ActiveSupport::MessageVerifier.
-    # i.e. OpenSSL::Digest::SHA1#block_length
-    def generate_key(salt, key_size=64)
-      OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
-    end
-  end
-  # CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid
-  # re-executing the key generation process when it's called using the same salt and
-  # key_size
-  class CachingKeyGenerator
-    def initialize(key_generator)
-      @key_generator = key_generator
-      @cache_keys = ThreadSafe::Cache.new
-    end
-    # Returns a derived key suitable for use.  The default key_size is chosen
-    # to be compatible with the default settings of ActiveSupport::MessageVerifier.
-    # i.e. OpenSSL::Digest::SHA1#block_length
-    def generate_key(salt, key_size=64)
-      @cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size)
-    end
-  end
 end

data/lib/devise/version.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
-  VERSION = "3.5.2".freeze
+  VERSION = "4.7.1".freeze
 end

data/lib/devise.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails'
 require 'active_support/core_ext/numeric/time'
 require 'active_support/dependencies'
@@ -12,19 +14,19 @@ module Devise
   autoload :FailureApp,         'devise/failure_app'
   autoload :OmniAuth,           'devise/omniauth'
   autoload :ParameterFilter,    'devise/parameter_filter'
-  autoload :BaseSanitizer,      'devise/parameter_sanitizer'
   autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
   autoload :TestHelpers,        'devise/test_helpers'
   autoload :TimeInflector,      'devise/time_inflector'
   autoload :TokenGenerator,     'devise/token_generator'
+  autoload :SecretKeyFinder,    'devise/secret_key_finder'
   module Controllers
-    autoload :Helpers, 'devise/controllers/helpers'
-    autoload :Rememberable, 'devise/controllers/rememberable'
-    autoload :ScopedViews, 'devise/controllers/scoped_views'
-    autoload :SignInOut, 'devise/controllers/sign_in_out'
-    autoload :StoreLocation, 'devise/controllers/store_location'
-    autoload :UrlHelpers, 'devise/controllers/url_helpers'
+    autoload :Helpers,        'devise/controllers/helpers'
+    autoload :Rememberable,   'devise/controllers/rememberable'
+    autoload :ScopedViews,    'devise/controllers/scoped_views'
+    autoload :SignInOut,      'devise/controllers/sign_in_out'
+    autoload :StoreLocation,  'devise/controllers/store_location'
+    autoload :UrlHelpers,     'devise/controllers/url_helpers'
   end
   module Hooks
@@ -36,17 +38,22 @@ module Devise
   end
   module Strategies
-    autoload :Base, 'devise/strategies/base'
+    autoload :Base,            'devise/strategies/base'
     autoload :Authenticatable, 'devise/strategies/authenticatable'
   end
+  module Test
+    autoload :ControllerHelpers,  'devise/test/controller_helpers'
+    autoload :IntegrationHelpers, 'devise/test/integration_helpers'
+  end
   # Constants which holds devise configuration for extensions. Those should
   # not be modified by the "end user" (this is why they are constants).
   ALL         = []
-  CONTROLLERS = ActiveSupport::OrderedHash.new
-  ROUTES      = ActiveSupport::OrderedHash.new
-  STRATEGIES  = ActiveSupport::OrderedHash.new
-  URL_HELPERS = ActiveSupport::OrderedHash.new
+  CONTROLLERS = {}
+  ROUTES      = {}
+  STRATEGIES  = {}
+  URL_HELPERS = {}
   # Strategies that do not require user input.
   NO_INPUT = []
@@ -62,9 +69,9 @@ module Devise
   mattr_accessor :rememberable_options
   @@rememberable_options = {}
-  # The number of times to encrypt password.
+  # The number of times to hash the password.
   mattr_accessor :stretches
-  @@stretches = 10
+  @@stretches = 11
   # The default key used when authenticating over http auth.
   mattr_accessor :http_authentication_key
@@ -84,7 +91,7 @@ module Devise
   # Keys that should have whitespace stripped.
   mattr_accessor :strip_whitespace_keys
-  @@strip_whitespace_keys = []
+  @@strip_whitespace_keys = [:email]
   # If http authentication is enabled by default.
   mattr_accessor :http_authenticatable
@@ -102,11 +109,11 @@ module Devise
   mattr_accessor :http_authentication_realm
   @@http_authentication_realm = "Application"
-  # Email regex used to validate email formats. It simply asserts that
-  # an one (and only one) @ exists in the given string. This is mainly
-  # to give user feedback and not to assert the e-mail validity.
+  # Email regex used to validate email formats. It asserts that there are no
+  # @ symbols or whitespaces in either the localpart or the domain, and that
+  # there is a single @ symbol separating the localpart and the domain.
   mattr_accessor :email_regexp
-  @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/
+  @@email_regexp = /\A[^@\s]+@[^@\s]+\z/
   # Range validation for password length
   mattr_accessor :password_length
@@ -138,18 +145,25 @@ module Devise
   @@confirmation_keys = [:email]
   # Defines if email should be reconfirmable.
-  # False by default for backwards compatibility.
   mattr_accessor :reconfirmable
-  @@reconfirmable = false
+  @@reconfirmable = true
   # Time interval to timeout the user session without activity.
   mattr_accessor :timeout_in
   @@timeout_in = 30.minutes
-  # Used to encrypt password. Please generate one with rake secret.
+  # Used to hash the password. Please generate one with rails secret.
   mattr_accessor :pepper
   @@pepper = nil
+  # Used to send notification to the original user email when their email is changed.
+  mattr_accessor :send_email_changed_notification
+  @@send_email_changed_notification = false
+  # Used to enable sending notification to user when their password is changed.
+  mattr_accessor :send_password_change_notification
+  @@send_password_change_notification = false
   # Scoped views. Since it relies on fallbacks to render default views, it's
   # turned off by default.
   mattr_accessor :scoped_views
@@ -199,7 +213,7 @@ module Devise
   # Skip session storage for the following strategies
   mattr_accessor :skip_session_storage
-  @@skip_session_storage = []
+  @@skip_session_storage = [:http_auth]
   # Which formats should be treated as navigational.
   mattr_accessor :navigational_formats
@@ -211,7 +225,7 @@ module Devise
   # The default method used while signing out
   mattr_accessor :sign_out_via
-  @@sign_out_via = :get
+  @@sign_out_via = :delete
   # The parent controller all Devise controllers inherits from.
   # Defaults to ApplicationController. This should be set early
@@ -240,15 +254,22 @@ module Devise
   mattr_accessor :clean_up_csrf_token_on_authentication
   @@clean_up_csrf_token_on_authentication = true
+  # When false, Devise will not attempt to reload routes on eager load.
+  # This can reduce the time taken to boot the app but if your application
+  # requires the Devise mappings to be loaded during boot time the application
+  # won't boot properly.
+  mattr_accessor :reload_routes
+  @@reload_routes = true
   # PRIVATE CONFIGURATION
   # Store scopes mappings.
   mattr_reader :mappings
-  @@mappings = ActiveSupport::OrderedHash.new
+  @@mappings = {}
   # OmniAuth configurations.
   mattr_reader :omniauth_configs
-  @@omniauth_configs = ActiveSupport::OrderedHash.new
+  @@omniauth_configs = {}
   # Define a set of modules that are called when a mapping is added.
   mattr_reader :helpers
@@ -272,14 +293,26 @@ module Devise
   mattr_accessor :token_generator
   @@token_generator = nil
-  # Default way to setup Devise. Run rails generate devise_install to create
+  # When set to false, changing a password does not automatically sign in a user
+  mattr_accessor :sign_in_after_change_password
+  @@sign_in_after_change_password = true
+  def self.rails51? # :nodoc:
+    Rails.gem_version >= Gem::Version.new("5.1.x")
+  end
+  def self.activerecord51? # :nodoc:
+    defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
+  end
+  # Default way to set up Devise. Run rails generate devise_install to create
   # a fresh initializer with all configuration values.
   def self.setup
     yield self
   end
   class Getter
-    def initialize name
+    def initialize(name)
       @name = name
     end
@@ -289,12 +322,8 @@ module Devise
   end
   def self.ref(arg)
-    if defined?(ActiveSupport::Dependencies::ClassCache)
-      ActiveSupport::Dependencies::reference(arg)
-      Getter.new(arg)
-    else
-      ActiveSupport::Dependencies.ref(arg)
-    end
+    ActiveSupport::Dependencies.reference(arg)
+    Getter.new(arg)
   end
   def self.available_router_name
@@ -325,7 +354,12 @@ module Devise
     mapping
   end
-  # Make Devise aware of an 3rd party Devise-module (like invitable). For convenience.
+  # Register available devise modules. For the standard modules that Devise provides, this method is
+  # called from lib/devise/modules.rb. Third-party modules need to be added explicitly using this method.
+  #
+  # Note that adding a module using this method does not cause it to be used in the authentication
+  # process. That requires that the module be listed in the arguments passed to the 'devise' method
+  # in the model class definition.
   #
   # == Options:
   #
@@ -410,7 +444,6 @@ module Devise
   #   config.omniauth :github, APP_ID, APP_SECRET
   #
   def self.omniauth(provider, *args)
-    @@helpers << Devise::OmniAuth::UrlHelpers
     config = Devise::OmniAuth::Config.new(provider, args)
     @@omniauth_configs[config.strategy_name.to_sym] = config
   end
@@ -433,8 +466,8 @@ module Devise
     Devise::Controllers::UrlHelpers.generate_helpers!
   end
-  # A method used internally to setup warden manager from the Rails initialize
-  # block.
+  # A method used internally to complete the setup of warden manager after routes are loaded.
+  # See lib/devise/rails/routes.rb - ActionDispatch::Routing::RouteSet#finalize_with_devise!
   def self.configure_warden! #:nodoc:
     @@warden_configured ||= begin
       warden_config.failure_app   = Devise::Delegator.new
@@ -448,10 +481,7 @@ module Devise
           mapping.to.serialize_into_session(record)
         end
-        warden_config.serialize_from_session(mapping.name) do |key|
-          # Previous versions contained an additional entry at the beginning of
-          # key with the record's class name.
-          args = key[-2, 2]
+        warden_config.serialize_from_session(mapping.name) do |args|
           mapping.to.serialize_from_session(*args)
         end
       end