devise 3.5.3 → 3.5.10
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +37 -1
- data/Gemfile +1 -0
- data/Gemfile.lock +39 -35
- data/gemfiles/Gemfile.rails-3.2-stable.lock +44 -44
- data/gemfiles/Gemfile.rails-4.0-stable +1 -0
- data/gemfiles/Gemfile.rails-4.0-stable.lock +34 -34
- data/gemfiles/Gemfile.rails-4.1-stable +1 -0
- data/gemfiles/Gemfile.rails-4.1-stable.lock +58 -59
- data/gemfiles/Gemfile.rails-4.2-stable +1 -0
- data/gemfiles/Gemfile.rails-4.2-stable.lock +76 -77
- data/lib/devise/controllers/rememberable.rb +8 -1
- data/lib/devise/hooks/timeoutable.rb +3 -2
- data/lib/devise/models/confirmable.rb +2 -1
- data/lib/devise/models/lockable.rb +5 -1
- data/lib/devise/models/recoverable.rb +1 -1
- data/lib/devise/models/rememberable.rb +42 -21
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/strategies/rememberable.rb +3 -6
- data/lib/devise/version.rb +1 -1
- data/test/integration/rememberable_test.rb +41 -3
- data/test/integration/timeoutable_test.rb +1 -1
- data/test/models/confirmable_test.rb +23 -1
- data/test/models/lockable_test.rb +22 -0
- data/test/models/rememberable_test.rb +60 -95
- data/test/time_helpers.rb +137 -0
- metadata +5 -3
@@ -1,54 +1,54 @@
|
|
1
1
|
GIT
|
2
2
|
remote: git://github.com/rails/rails.git
|
3
|
-
revision:
|
3
|
+
revision: 41b4d81b4fd14cbf43060c223bea0f461256d099
|
4
4
|
branch: 4-1-stable
|
5
5
|
specs:
|
6
|
-
actionmailer (4.1.
|
7
|
-
actionpack (= 4.1.
|
8
|
-
actionview (= 4.1.
|
6
|
+
actionmailer (4.1.15)
|
7
|
+
actionpack (= 4.1.15)
|
8
|
+
actionview (= 4.1.15)
|
9
9
|
mail (~> 2.5, >= 2.5.4)
|
10
|
-
actionpack (4.1.
|
11
|
-
actionview (= 4.1.
|
12
|
-
activesupport (= 4.1.
|
10
|
+
actionpack (4.1.15)
|
11
|
+
actionview (= 4.1.15)
|
12
|
+
activesupport (= 4.1.15)
|
13
13
|
rack (~> 1.5.2)
|
14
14
|
rack-test (~> 0.6.2)
|
15
|
-
actionview (4.1.
|
16
|
-
activesupport (= 4.1.
|
15
|
+
actionview (4.1.15)
|
16
|
+
activesupport (= 4.1.15)
|
17
17
|
builder (~> 3.1)
|
18
18
|
erubis (~> 2.7.0)
|
19
|
-
activemodel (4.1.
|
20
|
-
activesupport (= 4.1.
|
19
|
+
activemodel (4.1.15)
|
20
|
+
activesupport (= 4.1.15)
|
21
21
|
builder (~> 3.1)
|
22
|
-
activerecord (4.1.
|
23
|
-
activemodel (= 4.1.
|
24
|
-
activesupport (= 4.1.
|
22
|
+
activerecord (4.1.15)
|
23
|
+
activemodel (= 4.1.15)
|
24
|
+
activesupport (= 4.1.15)
|
25
25
|
arel (~> 5.0.0)
|
26
|
-
activesupport (4.1.
|
26
|
+
activesupport (4.1.15)
|
27
27
|
i18n (~> 0.6, >= 0.6.9)
|
28
28
|
json (~> 1.7, >= 1.7.7)
|
29
29
|
minitest (~> 5.1)
|
30
30
|
thread_safe (~> 0.1)
|
31
31
|
tzinfo (~> 1.1)
|
32
|
-
rails (4.1.
|
33
|
-
actionmailer (= 4.1.
|
34
|
-
actionpack (= 4.1.
|
35
|
-
actionview (= 4.1.
|
36
|
-
activemodel (= 4.1.
|
37
|
-
activerecord (= 4.1.
|
38
|
-
activesupport (= 4.1.
|
32
|
+
rails (4.1.15)
|
33
|
+
actionmailer (= 4.1.15)
|
34
|
+
actionpack (= 4.1.15)
|
35
|
+
actionview (= 4.1.15)
|
36
|
+
activemodel (= 4.1.15)
|
37
|
+
activerecord (= 4.1.15)
|
38
|
+
activesupport (= 4.1.15)
|
39
39
|
bundler (>= 1.3.0, < 2.0)
|
40
|
-
railties (= 4.1.
|
40
|
+
railties (= 4.1.15)
|
41
41
|
sprockets-rails (~> 2.0)
|
42
|
-
railties (4.1.
|
43
|
-
actionpack (= 4.1.
|
44
|
-
activesupport (= 4.1.
|
42
|
+
railties (4.1.15)
|
43
|
+
actionpack (= 4.1.15)
|
44
|
+
activesupport (= 4.1.15)
|
45
45
|
rake (>= 0.8.7)
|
46
46
|
thor (>= 0.18.1, < 2.0)
|
47
47
|
|
48
48
|
PATH
|
49
49
|
remote: ..
|
50
50
|
specs:
|
51
|
-
devise (3.5.
|
51
|
+
devise (3.5.8)
|
52
52
|
bcrypt (~> 3.0)
|
53
53
|
orm_adapter (~> 0.1)
|
54
54
|
railties (>= 3.2.6, < 5)
|
@@ -60,24 +60,24 @@ GEM
|
|
60
60
|
remote: https://rubygems.org/
|
61
61
|
specs:
|
62
62
|
arel (5.0.1.20140414130214)
|
63
|
-
bcrypt (3.1.
|
64
|
-
bson (2.
|
63
|
+
bcrypt (3.1.11)
|
64
|
+
bson (3.2.6)
|
65
65
|
builder (3.2.2)
|
66
|
-
|
66
|
+
concurrent-ruby (1.0.1)
|
67
|
+
connection_pool (2.2.0)
|
67
68
|
erubis (2.7.0)
|
68
|
-
faraday (0.9.
|
69
|
+
faraday (0.9.2)
|
69
70
|
multipart-post (>= 1.2, < 3)
|
70
|
-
hashie (3.4.
|
71
|
-
hike (1.2.3)
|
71
|
+
hashie (3.4.3)
|
72
72
|
i18n (0.7.0)
|
73
|
-
json (1.8.
|
74
|
-
jwt (1.4
|
75
|
-
mail (2.6.
|
76
|
-
mime-types (>= 1.16, <
|
73
|
+
json (1.8.3)
|
74
|
+
jwt (1.5.4)
|
75
|
+
mail (2.6.4)
|
76
|
+
mime-types (>= 1.16, < 4)
|
77
77
|
metaclass (0.0.4)
|
78
|
-
mime-types (2.
|
79
|
-
|
80
|
-
minitest (5.
|
78
|
+
mime-types (2.99.1)
|
79
|
+
mini_portile2 (2.0.0)
|
80
|
+
minitest (5.8.4)
|
81
81
|
mocha (1.1.0)
|
82
82
|
metaclass (~> 0.0.1)
|
83
83
|
mongoid (4.0.2)
|
@@ -85,15 +85,15 @@ GEM
|
|
85
85
|
moped (~> 2.0.0)
|
86
86
|
origin (~> 2.1)
|
87
87
|
tzinfo (>= 0.3.37)
|
88
|
-
moped (2.0.
|
89
|
-
bson (~>
|
88
|
+
moped (2.0.7)
|
89
|
+
bson (~> 3.0)
|
90
90
|
connection_pool (~> 2.0)
|
91
91
|
optionable (~> 0.2.0)
|
92
|
-
multi_json (1.11.
|
92
|
+
multi_json (1.11.3)
|
93
93
|
multi_xml (0.5.5)
|
94
94
|
multipart-post (2.0.0)
|
95
|
-
nokogiri (1.6.
|
96
|
-
|
95
|
+
nokogiri (1.6.7.2)
|
96
|
+
mini_portile2 (~> 2.0.0.rc2)
|
97
97
|
oauth2 (0.9.4)
|
98
98
|
faraday (>= 0.8, < 0.10)
|
99
99
|
jwt (~> 1.0)
|
@@ -114,35 +114,33 @@ GEM
|
|
114
114
|
omniauth (~> 1.0)
|
115
115
|
rack-openid (~> 1.3.1)
|
116
116
|
optionable (0.2.0)
|
117
|
-
origin (2.
|
117
|
+
origin (2.2.0)
|
118
118
|
orm_adapter (0.5.0)
|
119
|
-
rack (1.5.
|
119
|
+
rack (1.5.5)
|
120
120
|
rack-openid (1.3.1)
|
121
121
|
rack (>= 1.1.0)
|
122
122
|
ruby-openid (>= 2.1.8)
|
123
123
|
rack-test (0.6.3)
|
124
124
|
rack (>= 1.0)
|
125
|
-
rake (
|
126
|
-
rdoc (4.2.
|
125
|
+
rake (11.1.2)
|
126
|
+
rdoc (4.2.2)
|
127
|
+
json (~> 1.4)
|
127
128
|
responders (1.1.2)
|
128
129
|
railties (>= 3.2, < 4.2)
|
129
130
|
ruby-openid (2.7.0)
|
130
|
-
sprockets (
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
tilt (~> 1.1, != 1.3.0)
|
135
|
-
sprockets-rails (2.2.4)
|
131
|
+
sprockets (3.6.0)
|
132
|
+
concurrent-ruby (~> 1.0)
|
133
|
+
rack (> 1, < 3)
|
134
|
+
sprockets-rails (2.3.3)
|
136
135
|
actionpack (>= 3.0)
|
137
136
|
activesupport (>= 3.0)
|
138
137
|
sprockets (>= 2.8, < 4.0)
|
139
|
-
sqlite3 (1.3.
|
138
|
+
sqlite3 (1.3.11)
|
140
139
|
thor (0.19.1)
|
141
140
|
thread_safe (0.3.5)
|
142
|
-
tilt (1.4.1)
|
143
141
|
tzinfo (1.2.2)
|
144
142
|
thread_safe (~> 0.1)
|
145
|
-
warden (1.2.
|
143
|
+
warden (1.2.6)
|
146
144
|
rack (>= 1.0)
|
147
145
|
webrat (0.7.3)
|
148
146
|
nokogiri (>= 1.2.0)
|
@@ -157,6 +155,7 @@ DEPENDENCIES
|
|
157
155
|
activerecord-jdbcsqlite3-adapter
|
158
156
|
devise!
|
159
157
|
jruby-openssl
|
158
|
+
mime-types (~> 2.99)
|
160
159
|
mocha (~> 1.1)
|
161
160
|
mongoid (~> 4.0.0)
|
162
161
|
omniauth (~> 1.2.0)
|
@@ -169,4 +168,4 @@ DEPENDENCIES
|
|
169
168
|
webrat (= 0.7.3)
|
170
169
|
|
171
170
|
BUNDLED WITH
|
172
|
-
1.
|
171
|
+
1.11.2
|
@@ -1,64 +1,64 @@
|
|
1
1
|
GIT
|
2
2
|
remote: git://github.com/rails/rails.git
|
3
|
-
revision:
|
3
|
+
revision: 2a1b655bb7db42ed0dbadab5bb129a8515e86a40
|
4
4
|
branch: 4-2-stable
|
5
5
|
specs:
|
6
|
-
actionmailer (4.2.
|
7
|
-
actionpack (= 4.2.
|
8
|
-
actionview (= 4.2.
|
9
|
-
activejob (= 4.2.
|
6
|
+
actionmailer (4.2.6)
|
7
|
+
actionpack (= 4.2.6)
|
8
|
+
actionview (= 4.2.6)
|
9
|
+
activejob (= 4.2.6)
|
10
10
|
mail (~> 2.5, >= 2.5.4)
|
11
11
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
12
|
-
actionpack (4.2.
|
13
|
-
actionview (= 4.2.
|
14
|
-
activesupport (= 4.2.
|
12
|
+
actionpack (4.2.6)
|
13
|
+
actionview (= 4.2.6)
|
14
|
+
activesupport (= 4.2.6)
|
15
15
|
rack (~> 1.6)
|
16
16
|
rack-test (~> 0.6.2)
|
17
17
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
18
18
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
19
|
-
actionview (4.2.
|
20
|
-
activesupport (= 4.2.
|
19
|
+
actionview (4.2.6)
|
20
|
+
activesupport (= 4.2.6)
|
21
21
|
builder (~> 3.1)
|
22
22
|
erubis (~> 2.7.0)
|
23
23
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
24
24
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
25
|
-
activejob (4.2.
|
26
|
-
activesupport (= 4.2.
|
25
|
+
activejob (4.2.6)
|
26
|
+
activesupport (= 4.2.6)
|
27
27
|
globalid (>= 0.3.0)
|
28
|
-
activemodel (4.2.
|
29
|
-
activesupport (= 4.2.
|
28
|
+
activemodel (4.2.6)
|
29
|
+
activesupport (= 4.2.6)
|
30
30
|
builder (~> 3.1)
|
31
|
-
activerecord (4.2.
|
32
|
-
activemodel (= 4.2.
|
33
|
-
activesupport (= 4.2.
|
31
|
+
activerecord (4.2.6)
|
32
|
+
activemodel (= 4.2.6)
|
33
|
+
activesupport (= 4.2.6)
|
34
34
|
arel (~> 6.0)
|
35
|
-
activesupport (4.2.
|
35
|
+
activesupport (4.2.6)
|
36
36
|
i18n (~> 0.7)
|
37
37
|
json (~> 1.7, >= 1.7.7)
|
38
38
|
minitest (~> 5.1)
|
39
39
|
thread_safe (~> 0.3, >= 0.3.4)
|
40
40
|
tzinfo (~> 1.1)
|
41
|
-
rails (4.2.
|
42
|
-
actionmailer (= 4.2.
|
43
|
-
actionpack (= 4.2.
|
44
|
-
actionview (= 4.2.
|
45
|
-
activejob (= 4.2.
|
46
|
-
activemodel (= 4.2.
|
47
|
-
activerecord (= 4.2.
|
48
|
-
activesupport (= 4.2.
|
41
|
+
rails (4.2.6)
|
42
|
+
actionmailer (= 4.2.6)
|
43
|
+
actionpack (= 4.2.6)
|
44
|
+
actionview (= 4.2.6)
|
45
|
+
activejob (= 4.2.6)
|
46
|
+
activemodel (= 4.2.6)
|
47
|
+
activerecord (= 4.2.6)
|
48
|
+
activesupport (= 4.2.6)
|
49
49
|
bundler (>= 1.3.0, < 2.0)
|
50
|
-
railties (= 4.2.
|
50
|
+
railties (= 4.2.6)
|
51
51
|
sprockets-rails
|
52
|
-
railties (4.2.
|
53
|
-
actionpack (= 4.2.
|
54
|
-
activesupport (= 4.2.
|
52
|
+
railties (4.2.6)
|
53
|
+
actionpack (= 4.2.6)
|
54
|
+
activesupport (= 4.2.6)
|
55
55
|
rake (>= 0.8.7)
|
56
56
|
thor (>= 0.18.1, < 2.0)
|
57
57
|
|
58
58
|
PATH
|
59
59
|
remote: ..
|
60
60
|
specs:
|
61
|
-
devise (3.5.
|
61
|
+
devise (3.5.8)
|
62
62
|
bcrypt (~> 3.0)
|
63
63
|
orm_adapter (~> 0.1)
|
64
64
|
railties (>= 3.2.6, < 5)
|
@@ -69,29 +69,29 @@ PATH
|
|
69
69
|
GEM
|
70
70
|
remote: https://rubygems.org/
|
71
71
|
specs:
|
72
|
-
arel (6.0.
|
73
|
-
bcrypt (3.1.
|
74
|
-
bson (2.
|
72
|
+
arel (6.0.3)
|
73
|
+
bcrypt (3.1.11)
|
74
|
+
bson (3.2.6)
|
75
75
|
builder (3.2.2)
|
76
|
-
|
76
|
+
concurrent-ruby (1.0.1)
|
77
|
+
connection_pool (2.2.0)
|
77
78
|
erubis (2.7.0)
|
78
|
-
faraday (0.9.
|
79
|
+
faraday (0.9.2)
|
79
80
|
multipart-post (>= 1.2, < 3)
|
80
|
-
globalid (0.3.
|
81
|
+
globalid (0.3.6)
|
81
82
|
activesupport (>= 4.1.0)
|
82
|
-
hashie (3.4.
|
83
|
-
hike (1.2.3)
|
83
|
+
hashie (3.4.3)
|
84
84
|
i18n (0.7.0)
|
85
|
-
json (1.8.
|
86
|
-
jwt (1.
|
87
|
-
loofah (2.0.
|
85
|
+
json (1.8.3)
|
86
|
+
jwt (1.5.1)
|
87
|
+
loofah (2.0.3)
|
88
88
|
nokogiri (>= 1.5.9)
|
89
|
-
mail (2.6.
|
90
|
-
mime-types (>= 1.16, <
|
89
|
+
mail (2.6.4)
|
90
|
+
mime-types (>= 1.16, < 4)
|
91
91
|
metaclass (0.0.4)
|
92
|
-
mime-types (2.
|
93
|
-
|
94
|
-
minitest (5.
|
92
|
+
mime-types (2.99.1)
|
93
|
+
mini_portile2 (2.0.0)
|
94
|
+
minitest (5.8.4)
|
95
95
|
mocha (1.1.0)
|
96
96
|
metaclass (~> 0.0.1)
|
97
97
|
mongoid (4.0.2)
|
@@ -99,25 +99,25 @@ GEM
|
|
99
99
|
moped (~> 2.0.0)
|
100
100
|
origin (~> 2.1)
|
101
101
|
tzinfo (>= 0.3.37)
|
102
|
-
moped (2.0.
|
103
|
-
bson (~>
|
102
|
+
moped (2.0.7)
|
103
|
+
bson (~> 3.0)
|
104
104
|
connection_pool (~> 2.0)
|
105
105
|
optionable (~> 0.2.0)
|
106
|
-
multi_json (1.11.
|
106
|
+
multi_json (1.11.3)
|
107
107
|
multi_xml (0.5.5)
|
108
108
|
multipart-post (2.0.0)
|
109
|
-
nokogiri (1.6.
|
110
|
-
|
111
|
-
oauth2 (1.
|
109
|
+
nokogiri (1.6.7.2)
|
110
|
+
mini_portile2 (~> 2.0.0.rc2)
|
111
|
+
oauth2 (1.1.0)
|
112
112
|
faraday (>= 0.8, < 0.10)
|
113
|
-
jwt (~> 1.0)
|
113
|
+
jwt (~> 1.0, < 1.5.2)
|
114
114
|
multi_json (~> 1.3)
|
115
115
|
multi_xml (~> 0.5)
|
116
|
-
rack (
|
116
|
+
rack (>= 1.2, < 3)
|
117
117
|
omniauth (1.2.2)
|
118
118
|
hashie (>= 1.2, < 4)
|
119
119
|
rack (~> 1.0)
|
120
|
-
omniauth-facebook (
|
120
|
+
omniauth-facebook (3.0.0)
|
121
121
|
omniauth-oauth2 (~> 1.2)
|
122
122
|
omniauth-oauth2 (1.2.0)
|
123
123
|
faraday (>= 0.8, < 0.10)
|
@@ -128,9 +128,9 @@ GEM
|
|
128
128
|
omniauth (~> 1.0)
|
129
129
|
rack-openid (~> 1.3.1)
|
130
130
|
optionable (0.2.0)
|
131
|
-
origin (2.
|
131
|
+
origin (2.2.0)
|
132
132
|
orm_adapter (0.5.0)
|
133
|
-
rack (1.6.
|
133
|
+
rack (1.6.4)
|
134
134
|
rack-openid (1.3.1)
|
135
135
|
rack (>= 1.1.0)
|
136
136
|
ruby-openid (>= 2.1.8)
|
@@ -138,33 +138,31 @@ GEM
|
|
138
138
|
rack (>= 1.0)
|
139
139
|
rails-deprecated_sanitizer (1.0.3)
|
140
140
|
activesupport (>= 4.2.0.alpha)
|
141
|
-
rails-dom-testing (1.0.
|
141
|
+
rails-dom-testing (1.0.7)
|
142
142
|
activesupport (>= 4.2.0.beta, < 5.0)
|
143
143
|
nokogiri (~> 1.6.0)
|
144
144
|
rails-deprecated_sanitizer (>= 1.0.1)
|
145
|
-
rails-html-sanitizer (1.0.
|
145
|
+
rails-html-sanitizer (1.0.3)
|
146
146
|
loofah (~> 2.0)
|
147
|
-
rake (
|
148
|
-
rdoc (4.2.
|
149
|
-
|
150
|
-
|
147
|
+
rake (11.1.2)
|
148
|
+
rdoc (4.2.2)
|
149
|
+
json (~> 1.4)
|
150
|
+
responders (2.1.2)
|
151
|
+
railties (>= 4.2.0, < 5.1)
|
151
152
|
ruby-openid (2.7.0)
|
152
|
-
sprockets (
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
sprockets (>= 2.8, < 4.0)
|
161
|
-
sqlite3 (1.3.10)
|
153
|
+
sprockets (3.6.0)
|
154
|
+
concurrent-ruby (~> 1.0)
|
155
|
+
rack (> 1, < 3)
|
156
|
+
sprockets-rails (3.0.4)
|
157
|
+
actionpack (>= 4.0)
|
158
|
+
activesupport (>= 4.0)
|
159
|
+
sprockets (>= 3.0.0)
|
160
|
+
sqlite3 (1.3.11)
|
162
161
|
thor (0.19.1)
|
163
162
|
thread_safe (0.3.5)
|
164
|
-
tilt (1.4.1)
|
165
163
|
tzinfo (1.2.2)
|
166
164
|
thread_safe (~> 0.1)
|
167
|
-
warden (1.2.
|
165
|
+
warden (1.2.6)
|
168
166
|
rack (>= 1.0)
|
169
167
|
webrat (0.7.3)
|
170
168
|
nokogiri (>= 1.2.0)
|
@@ -179,6 +177,7 @@ DEPENDENCIES
|
|
179
177
|
activerecord-jdbcsqlite3-adapter
|
180
178
|
devise!
|
181
179
|
jruby-openssl
|
180
|
+
mime-types (~> 2.99)
|
182
181
|
mocha (~> 1.1)
|
183
182
|
mongoid (~> 4.0.0)
|
184
183
|
omniauth (~> 1.2.2)
|
@@ -191,4 +190,4 @@ DEPENDENCIES
|
|
191
190
|
webrat (= 0.7.3)
|
192
191
|
|
193
192
|
BUNDLED WITH
|
194
|
-
1.
|
193
|
+
1.11.2
|
@@ -9,11 +9,18 @@ module Devise
|
|
9
9
|
Rails.configuration.session_options.slice(:path, :domain, :secure)
|
10
10
|
end
|
11
11
|
|
12
|
+
def remember_me_is_active?(resource)
|
13
|
+
return false unless resource.respond_to?(:remember_me)
|
14
|
+
scope = Devise::Mapping.find_scope!(resource)
|
15
|
+
_, token, generated_at = cookies.signed[remember_key(resource, scope)]
|
16
|
+
resource.remember_me?(token, generated_at)
|
17
|
+
end
|
18
|
+
|
12
19
|
# Remembers the given resource by setting up a cookie
|
13
20
|
def remember_me(resource)
|
14
21
|
return if env["devise.skip_storage"]
|
15
22
|
scope = Devise::Mapping.find_scope!(resource)
|
16
|
-
resource.remember_me!
|
23
|
+
resource.remember_me!
|
17
24
|
cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
|
18
25
|
end
|
19
26
|
|
@@ -19,9 +19,10 @@ Warden::Manager.after_set_user do |record, warden, options|
|
|
19
19
|
|
20
20
|
proxy = Devise::Hooks::Proxy.new(warden)
|
21
21
|
|
22
|
-
if record.timedout?(last_request_at) &&
|
22
|
+
if record.timedout?(last_request_at) &&
|
23
|
+
!env['devise.skip_timeout'] &&
|
24
|
+
!proxy.remember_me_is_active?(record)
|
23
25
|
Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)
|
24
|
-
|
25
26
|
throw :warden, scope: scope, message: :timeout
|
26
27
|
end
|
27
28
|
|
@@ -170,6 +170,7 @@ module Devise
|
|
170
170
|
# in models to map to a nice sign up e-mail.
|
171
171
|
def send_on_create_confirmation_instructions
|
172
172
|
send_confirmation_instructions
|
173
|
+
skip_reconfirmation!
|
173
174
|
end
|
174
175
|
|
175
176
|
# Callback to overwrite if confirmation is required or not.
|
@@ -260,7 +261,7 @@ module Devise
|
|
260
261
|
end
|
261
262
|
|
262
263
|
def reconfirmation_required?
|
263
|
-
self.class.reconfirmable && @reconfirmation_required && self.email.present?
|
264
|
+
self.class.reconfirmable && @reconfirmation_required && (self.email.present? || self.unconfirmed_email.present?)
|
264
265
|
end
|
265
266
|
|
266
267
|
def send_confirmation_notification?
|
@@ -155,6 +155,9 @@ module Devise
|
|
155
155
|
end
|
156
156
|
|
157
157
|
module ClassMethods
|
158
|
+
# List of strategies that are enabled/supported if :both is used.
|
159
|
+
BOTH_STRATEGIES = [:time, :email]
|
160
|
+
|
158
161
|
# Attempt to find a user by its unlock keys. If a record is found, send new
|
159
162
|
# unlock instructions to it. If not user is found, returns a new user
|
160
163
|
# with an email not found error.
|
@@ -181,7 +184,8 @@ module Devise
|
|
181
184
|
|
182
185
|
# Is the unlock enabled for the given unlock strategy?
|
183
186
|
def unlock_strategy_enabled?(strategy)
|
184
|
-
|
187
|
+
self.unlock_strategy == strategy ||
|
188
|
+
(self.unlock_strategy == :both && BOTH_STRATEGIES.include?(strategy))
|
185
189
|
end
|
186
190
|
|
187
191
|
# Is the lock enabled for the given lock strategy?
|
@@ -83,7 +83,7 @@ module Devise
|
|
83
83
|
# reset_password_period_valid? # will always return false
|
84
84
|
#
|
85
85
|
def reset_password_period_valid?
|
86
|
-
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
|
86
|
+
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago.utc
|
87
87
|
end
|
88
88
|
|
89
89
|
protected
|
@@ -39,17 +39,17 @@ module Devise
|
|
39
39
|
module Rememberable
|
40
40
|
extend ActiveSupport::Concern
|
41
41
|
|
42
|
-
attr_accessor :remember_me
|
42
|
+
attr_accessor :remember_me
|
43
43
|
|
44
44
|
def self.required_fields(klass)
|
45
45
|
[:remember_created_at]
|
46
46
|
end
|
47
47
|
|
48
|
-
#
|
49
|
-
#
|
50
|
-
def remember_me!(
|
51
|
-
self.remember_token
|
52
|
-
self.remember_created_at
|
48
|
+
# TODO: We were used to receive a extend period argument but we no longer do.
|
49
|
+
# Remove this for Devise 4.0.
|
50
|
+
def remember_me!(*)
|
51
|
+
self.remember_token ||= self.class.remember_token if respond_to?(:remember_token)
|
52
|
+
self.remember_created_at ||= Time.now.utc
|
53
53
|
save(validate: false) if self.changed?
|
54
54
|
end
|
55
55
|
|
@@ -57,19 +57,22 @@ module Devise
|
|
57
57
|
# it exists), and save the record without validations.
|
58
58
|
def forget_me!
|
59
59
|
return unless persisted?
|
60
|
-
self.remember_token = nil if respond_to?(:remember_token
|
60
|
+
self.remember_token = nil if respond_to?(:remember_token)
|
61
61
|
self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
|
62
62
|
save(validate: false)
|
63
63
|
end
|
64
64
|
|
65
65
|
# Remember token should be expired if expiration time not overpass now.
|
66
66
|
def remember_expired?
|
67
|
-
remember_created_at.nil?
|
67
|
+
remember_created_at.nil?
|
68
68
|
end
|
69
69
|
|
70
|
-
# Remember token expires at created time + remember_for configuration
|
71
70
|
def remember_expires_at
|
72
|
-
|
71
|
+
self.class.remember_for.from_now
|
72
|
+
end
|
73
|
+
|
74
|
+
def extend_remember_period
|
75
|
+
self.class.extend_remember_period
|
73
76
|
end
|
74
77
|
|
75
78
|
def rememberable_value
|
@@ -102,29 +105,47 @@ module Devise
|
|
102
105
|
def after_remembered
|
103
106
|
end
|
104
107
|
|
105
|
-
|
108
|
+
def remember_me?(token, generated_at)
|
109
|
+
# TODO: Normalize the JSON type coercion along with the Timeoutable hook
|
110
|
+
# in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
|
111
|
+
if generated_at.is_a?(String)
|
112
|
+
generated_at = time_from_json(generated_at)
|
113
|
+
end
|
106
114
|
|
107
|
-
|
108
|
-
|
115
|
+
# The token is only valid if:
|
116
|
+
# 1. we have a date
|
117
|
+
# 2. the current time does not pass the expiry period
|
118
|
+
# 3. the record has a remember_created_at date
|
119
|
+
# 4. the token date is bigger than the remember_created_at
|
120
|
+
# 5. the token matches
|
121
|
+
generated_at.is_a?(Time) &&
|
122
|
+
(self.class.remember_for.ago < generated_at) &&
|
123
|
+
(generated_at > (remember_created_at || Time.now).utc) &&
|
124
|
+
Devise.secure_compare(rememberable_value, token)
|
109
125
|
end
|
110
126
|
|
111
|
-
|
112
|
-
|
113
|
-
def
|
114
|
-
|
127
|
+
private
|
128
|
+
|
129
|
+
def time_from_json(value)
|
130
|
+
if value =~ /\A\d+\.\d+\Z/
|
131
|
+
Time.at(value.to_f)
|
132
|
+
else
|
133
|
+
Time.parse(value) rescue nil
|
134
|
+
end
|
115
135
|
end
|
116
136
|
|
117
137
|
module ClassMethods
|
118
138
|
# Create the cookie key using the record id and remember_token
|
119
139
|
def serialize_into_cookie(record)
|
120
|
-
[record.to_key, record.rememberable_value]
|
140
|
+
[record.to_key, record.rememberable_value, Time.now.utc.to_f.to_s]
|
121
141
|
end
|
122
142
|
|
123
143
|
# Recreate the user based on the stored cookie
|
124
|
-
def serialize_from_cookie(
|
144
|
+
def serialize_from_cookie(*args)
|
145
|
+
id, token, generated_at = *args
|
146
|
+
|
125
147
|
record = to_adapter.get(id)
|
126
|
-
record if record &&
|
127
|
-
Devise.secure_compare(record.rememberable_value, remember_token)
|
148
|
+
record if record && record.remember_me?(token, generated_at)
|
128
149
|
end
|
129
150
|
|
130
151
|
# Generate a token checking if one does not already exist in the database.
|
@@ -26,7 +26,6 @@ module Devise
|
|
26
26
|
|
27
27
|
# Checks whether the user session has expired based on configured time.
|
28
28
|
def timedout?(last_access)
|
29
|
-
return false if remember_exists_and_not_expired?
|
30
29
|
!timeout_in.nil? && last_access && last_access <= timeout_in.ago
|
31
30
|
end
|
32
31
|
|
@@ -36,11 +35,6 @@ module Devise
|
|
36
35
|
|
37
36
|
private
|
38
37
|
|
39
|
-
def remember_exists_and_not_expired?
|
40
|
-
return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?)
|
41
|
-
remember_created_at && !remember_expired?
|
42
|
-
end
|
43
|
-
|
44
38
|
module ClassMethods
|
45
39
|
Devise::Models.config(self, :timeout_in)
|
46
40
|
end
|