devise 3.5.3 → 3.5.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -1
- data/Gemfile.lock +4 -4
- data/lib/devise.rb +1 -0
- data/lib/devise/controllers/rememberable.rb +1 -1
- data/lib/devise/models/confirmable.rb +1 -1
- data/lib/devise/models/recoverable.rb +1 -1
- data/lib/devise/models/rememberable.rb +26 -28
- data/lib/devise/models/timeoutable.rb +0 -6
- data/lib/devise/version.rb +1 -1
- data/test/integration/rememberable_test.rb +2 -2
- data/test/integration/timeoutable_test.rb +0 -10
- data/test/models/confirmable_test.rb +14 -0
- data/test/models/rememberable_test.rb +36 -95
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9fccc712f1172a24059ea6eecaac413826ee4649
|
|
4
|
+
data.tar.gz: 45c064fa92694a40afd07cdde2693de20e6107ba
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4b1abbe976486c5e9d4d3b9fb5cf0199c1d368e9a7fb9dbdbc83f0bf78f073e872144586ed2e0f0030759748be7323ed85ecf6388976c0405e7ae6fd99c5611b
|
|
7
|
+
data.tar.gz: f0eab35d48d39204adf29baf9bf5938bc85c8369ba27cacfe239051a6b8f15783f00f8cad2ceb443e2149c09fcc2754f464592ccee456f78a96ad1465b773f5f
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
devise (3.5.
|
|
4
|
+
devise (3.5.4)
|
|
5
5
|
bcrypt (~> 3.0)
|
|
6
6
|
orm_adapter (~> 0.1)
|
|
7
7
|
railties (>= 3.2.6, < 5)
|
|
@@ -139,8 +139,8 @@ GEM
|
|
|
139
139
|
thor (>= 0.18.1, < 2.0)
|
|
140
140
|
rake (10.4.2)
|
|
141
141
|
rdoc (4.2.0)
|
|
142
|
-
responders (2.1.
|
|
143
|
-
railties (>= 4.2.0, < 5)
|
|
142
|
+
responders (2.1.1)
|
|
143
|
+
railties (>= 4.2.0, < 5.1)
|
|
144
144
|
ruby-openid (2.7.0)
|
|
145
145
|
sprockets (3.2.0)
|
|
146
146
|
rack (~> 1.0)
|
|
@@ -180,4 +180,4 @@ DEPENDENCIES
|
|
|
180
180
|
webrat (= 0.7.3)
|
|
181
181
|
|
|
182
182
|
BUNDLED WITH
|
|
183
|
-
1.
|
|
183
|
+
1.11.2
|
data/lib/devise.rb
CHANGED
|
@@ -116,6 +116,7 @@ module Devise
|
|
|
116
116
|
mattr_accessor :remember_for
|
|
117
117
|
@@remember_for = 2.weeks
|
|
118
118
|
|
|
119
|
+
# TODO: extend_remember_period is no longer used
|
|
119
120
|
# If true, extends the user's remember period when remembered via cookie.
|
|
120
121
|
mattr_accessor :extend_remember_period
|
|
121
122
|
@@extend_remember_period = false
|
|
@@ -13,7 +13,7 @@ module Devise
|
|
|
13
13
|
def remember_me(resource)
|
|
14
14
|
return if env["devise.skip_storage"]
|
|
15
15
|
scope = Devise::Mapping.find_scope!(resource)
|
|
16
|
-
resource.remember_me!
|
|
16
|
+
resource.remember_me!
|
|
17
17
|
cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
|
|
18
18
|
end
|
|
19
19
|
|
|
@@ -254,7 +254,7 @@ module Devise
|
|
|
254
254
|
end
|
|
255
255
|
|
|
256
256
|
def postpone_email_change?
|
|
257
|
-
postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present?
|
|
257
|
+
postpone = self.class.reconfirmable && email_changed? && email_was.present? && !@bypass_confirmation_postpone && self.email.present?
|
|
258
258
|
@bypass_confirmation_postpone = false
|
|
259
259
|
postpone
|
|
260
260
|
end
|
|
@@ -83,7 +83,7 @@ module Devise
|
|
|
83
83
|
# reset_password_period_valid? # will always return false
|
|
84
84
|
#
|
|
85
85
|
def reset_password_period_valid?
|
|
86
|
-
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
|
|
86
|
+
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago.utc
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
protected
|
|
@@ -45,11 +45,11 @@ module Devise
|
|
|
45
45
|
[:remember_created_at]
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
-
#
|
|
49
|
-
#
|
|
50
|
-
def remember_me!(
|
|
51
|
-
self.remember_token = self.class.remember_token if
|
|
52
|
-
self.remember_created_at
|
|
48
|
+
# TODO: We were used to receive a extend period argument but we no longer do.
|
|
49
|
+
# Remove this for Devise 4.0.
|
|
50
|
+
def remember_me!(*)
|
|
51
|
+
self.remember_token = self.class.remember_token if respond_to?(:remember_token)
|
|
52
|
+
self.remember_created_at ||= Time.now.utc
|
|
53
53
|
save(validate: false) if self.changed?
|
|
54
54
|
end
|
|
55
55
|
|
|
@@ -57,19 +57,13 @@ module Devise
|
|
|
57
57
|
# it exists), and save the record without validations.
|
|
58
58
|
def forget_me!
|
|
59
59
|
return unless persisted?
|
|
60
|
-
self.remember_token = nil if respond_to?(:remember_token
|
|
60
|
+
self.remember_token = nil if respond_to?(:remember_token)
|
|
61
61
|
self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
|
|
62
62
|
save(validate: false)
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
-
# Remember token should be expired if expiration time not overpass now.
|
|
66
|
-
def remember_expired?
|
|
67
|
-
remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
# Remember token expires at created time + remember_for configuration
|
|
71
65
|
def remember_expires_at
|
|
72
|
-
|
|
66
|
+
self.class.remember_for.from_now
|
|
73
67
|
end
|
|
74
68
|
|
|
75
69
|
def rememberable_value
|
|
@@ -104,27 +98,30 @@ module Devise
|
|
|
104
98
|
|
|
105
99
|
protected
|
|
106
100
|
|
|
107
|
-
def generate_remember_token? #:nodoc:
|
|
108
|
-
respond_to?(:remember_token) && remember_expired?
|
|
109
|
-
end
|
|
110
|
-
|
|
111
|
-
# Generate a timestamp if extend_remember_period is true, if no remember_token
|
|
112
|
-
# exists, or if an existing remember token has expired.
|
|
113
|
-
def generate_remember_timestamp?(extend_period) #:nodoc:
|
|
114
|
-
extend_period || remember_expired?
|
|
115
|
-
end
|
|
116
|
-
|
|
117
101
|
module ClassMethods
|
|
118
102
|
# Create the cookie key using the record id and remember_token
|
|
119
103
|
def serialize_into_cookie(record)
|
|
120
|
-
[record.to_key, record.rememberable_value]
|
|
104
|
+
[record.to_key, record.rememberable_value, Time.now.utc]
|
|
121
105
|
end
|
|
122
106
|
|
|
123
107
|
# Recreate the user based on the stored cookie
|
|
124
|
-
def serialize_from_cookie(
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
108
|
+
def serialize_from_cookie(*args)
|
|
109
|
+
id, token, generated_at = args
|
|
110
|
+
|
|
111
|
+
# The token is only valid if:
|
|
112
|
+
# 1. we have a date
|
|
113
|
+
# 2. the current time does not pass the expiry period
|
|
114
|
+
# 3. there is a record with the given id
|
|
115
|
+
# 4. the record has a remember_created_at date
|
|
116
|
+
# 5. the token date is bigger than the remember_created_at
|
|
117
|
+
# 6. the token matches
|
|
118
|
+
if generated_at &&
|
|
119
|
+
(self.remember_for.ago < generated_at) &&
|
|
120
|
+
(record = to_adapter.get(id)) &&
|
|
121
|
+
(generated_at > (record.remember_created_at || Time.now).utc) &&
|
|
122
|
+
Devise.secure_compare(record.rememberable_value, token)
|
|
123
|
+
record
|
|
124
|
+
end
|
|
128
125
|
end
|
|
129
126
|
|
|
130
127
|
# Generate a token checking if one does not already exist in the database.
|
|
@@ -135,6 +132,7 @@ module Devise
|
|
|
135
132
|
end
|
|
136
133
|
end
|
|
137
134
|
|
|
135
|
+
# TODO: extend_remember_period is no longer used
|
|
138
136
|
Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out)
|
|
139
137
|
end
|
|
140
138
|
end
|
|
@@ -26,7 +26,6 @@ module Devise
|
|
|
26
26
|
|
|
27
27
|
# Checks whether the user session has expired based on configured time.
|
|
28
28
|
def timedout?(last_access)
|
|
29
|
-
return false if remember_exists_and_not_expired?
|
|
30
29
|
!timeout_in.nil? && last_access && last_access <= timeout_in.ago
|
|
31
30
|
end
|
|
32
31
|
|
|
@@ -36,11 +35,6 @@ module Devise
|
|
|
36
35
|
|
|
37
36
|
private
|
|
38
37
|
|
|
39
|
-
def remember_exists_and_not_expired?
|
|
40
|
-
return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?)
|
|
41
|
-
remember_created_at && !remember_expired?
|
|
42
|
-
end
|
|
43
|
-
|
|
44
38
|
module ClassMethods
|
|
45
39
|
Devise::Models.config(self, :timeout_in)
|
|
46
40
|
end
|
data/lib/devise/version.rb
CHANGED
|
@@ -4,7 +4,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
|
4
4
|
def create_user_and_remember(add_to_token='')
|
|
5
5
|
user = create_user
|
|
6
6
|
user.remember_me!
|
|
7
|
-
raw_cookie = User.serialize_into_cookie(user).tap { |a| a
|
|
7
|
+
raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token }
|
|
8
8
|
cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
|
|
9
9
|
user
|
|
10
10
|
end
|
|
@@ -135,7 +135,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
|
|
|
135
135
|
|
|
136
136
|
test 'do not remember with expired token' do
|
|
137
137
|
create_user_and_remember
|
|
138
|
-
swap Devise, remember_for: 0 do
|
|
138
|
+
swap Devise, remember_for: 0.days do
|
|
139
139
|
get users_path
|
|
140
140
|
assert_not warden.authenticated?(:user)
|
|
141
141
|
assert_redirected_to new_user_session_path
|
|
@@ -165,16 +165,6 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
|
|
|
165
165
|
end
|
|
166
166
|
end
|
|
167
167
|
|
|
168
|
-
test 'time out not triggered if remembered' do
|
|
169
|
-
user = sign_in_as_user remember_me: true
|
|
170
|
-
get expire_user_path(user)
|
|
171
|
-
assert_not_nil last_request_at
|
|
172
|
-
|
|
173
|
-
get users_path
|
|
174
|
-
assert_response :success
|
|
175
|
-
assert warden.authenticated?(:user)
|
|
176
|
-
end
|
|
177
|
-
|
|
178
168
|
test 'does not crashes when the last_request_at is a String' do
|
|
179
169
|
user = sign_in_as_user
|
|
180
170
|
|
|
@@ -486,4 +486,18 @@ class ReconfirmableTest < ActiveSupport::TestCase
|
|
|
486
486
|
:unconfirmed_email
|
|
487
487
|
]
|
|
488
488
|
end
|
|
489
|
+
|
|
490
|
+
test 'should not require reconfirmation after creating a record' do
|
|
491
|
+
user = create_admin
|
|
492
|
+
assert !user.pending_reconfirmation?
|
|
493
|
+
end
|
|
494
|
+
|
|
495
|
+
test 'should not require reconfirmation after creating a record with #save called in callback' do
|
|
496
|
+
class Admin::WithSaveInCallback < Admin
|
|
497
|
+
after_create :save
|
|
498
|
+
end
|
|
499
|
+
|
|
500
|
+
user = Admin::WithSaveInCallback.create(valid_attributes.except(:username))
|
|
501
|
+
assert !user.pending_reconfirmation?
|
|
502
|
+
end
|
|
489
503
|
end
|
|
@@ -13,6 +13,7 @@ class RememberableTest < ActiveSupport::TestCase
|
|
|
13
13
|
user = create_user
|
|
14
14
|
user.expects(:valid?).never
|
|
15
15
|
user.remember_me!
|
|
16
|
+
assert user.remember_created_at
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
test 'forget_me should not clear remember token if using salt' do
|
|
@@ -33,13 +34,45 @@ class RememberableTest < ActiveSupport::TestCase
|
|
|
33
34
|
test 'serialize into cookie' do
|
|
34
35
|
user = create_user
|
|
35
36
|
user.remember_me!
|
|
36
|
-
|
|
37
|
+
id, token, date = User.serialize_into_cookie(user)
|
|
38
|
+
assert_equal id, user.to_key
|
|
39
|
+
assert_equal token, user.authenticatable_salt
|
|
40
|
+
assert date.is_a?(Time)
|
|
37
41
|
end
|
|
38
42
|
|
|
39
43
|
test 'serialize from cookie' do
|
|
40
44
|
user = create_user
|
|
41
45
|
user.remember_me!
|
|
42
|
-
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
|
|
46
|
+
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
test 'serialize from cookie should return nil if no resource is found' do
|
|
50
|
+
assert_nil resource_class.serialize_from_cookie([0], "123", Time.now.utc)
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
test 'serialize from cookie should return nil if no timestamp' do
|
|
54
|
+
user = create_user
|
|
55
|
+
user.remember_me!
|
|
56
|
+
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
test 'serialize from cookie should return nil if timestamp is earlier than token creation' do
|
|
60
|
+
user = create_user
|
|
61
|
+
user.remember_me!
|
|
62
|
+
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 1.day.ago)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
test 'serialize from cookie should return nil if timestamp is older than remember_for' do
|
|
66
|
+
user = create_user
|
|
67
|
+
user.remember_created_at = 1.month.ago
|
|
68
|
+
user.remember_me!
|
|
69
|
+
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 3.weeks.ago)
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
test 'serialize from cookie me return nil if is a valid resource with invalid token' do
|
|
73
|
+
user = create_user
|
|
74
|
+
user.remember_me!
|
|
75
|
+
assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc)
|
|
43
76
|
end
|
|
44
77
|
|
|
45
78
|
test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
|
|
@@ -93,28 +126,7 @@ class RememberableTest < ActiveSupport::TestCase
|
|
|
93
126
|
resource.forget_me!
|
|
94
127
|
end
|
|
95
128
|
|
|
96
|
-
test 'remember
|
|
97
|
-
assert create_resource.remember_expired?
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
test 'serialize should return nil if no resource is found' do
|
|
101
|
-
assert_nil resource_class.serialize_from_cookie([0], "123")
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
test 'remember me return nil if is a valid resource with invalid token' do
|
|
105
|
-
resource = create_resource
|
|
106
|
-
assert_nil resource_class.serialize_from_cookie([resource.id], "123")
|
|
107
|
-
end
|
|
108
|
-
|
|
109
|
-
test 'remember for should fallback to devise remember for default configuration' do
|
|
110
|
-
swap Devise, remember_for: 1.day do
|
|
111
|
-
resource = create_resource
|
|
112
|
-
resource.remember_me!
|
|
113
|
-
assert_not resource.remember_expired?
|
|
114
|
-
end
|
|
115
|
-
end
|
|
116
|
-
|
|
117
|
-
test 'remember expires at should sum date of creation with remember for configuration' do
|
|
129
|
+
test 'remember expires at uses remember for configuration' do
|
|
118
130
|
swap Devise, remember_for: 3.days do
|
|
119
131
|
resource = create_resource
|
|
120
132
|
resource.remember_me!
|
|
@@ -125,77 +137,6 @@ class RememberableTest < ActiveSupport::TestCase
|
|
|
125
137
|
end
|
|
126
138
|
end
|
|
127
139
|
|
|
128
|
-
test 'remember should be expired if remember_for is zero' do
|
|
129
|
-
swap Devise, remember_for: 0.days do
|
|
130
|
-
Devise.remember_for = 0.days
|
|
131
|
-
resource = create_resource
|
|
132
|
-
resource.remember_me!
|
|
133
|
-
assert resource.remember_expired?
|
|
134
|
-
end
|
|
135
|
-
end
|
|
136
|
-
|
|
137
|
-
test 'remember should be expired if it was created before limit time' do
|
|
138
|
-
swap Devise, remember_for: 1.day do
|
|
139
|
-
resource = create_resource
|
|
140
|
-
resource.remember_me!
|
|
141
|
-
resource.remember_created_at = 2.days.ago
|
|
142
|
-
resource.save
|
|
143
|
-
assert resource.remember_expired?
|
|
144
|
-
end
|
|
145
|
-
end
|
|
146
|
-
|
|
147
|
-
test 'remember should not be expired if it was created within the limit time' do
|
|
148
|
-
swap Devise, remember_for: 30.days do
|
|
149
|
-
resource = create_resource
|
|
150
|
-
resource.remember_me!
|
|
151
|
-
resource.remember_created_at = (30.days.ago + 2.minutes)
|
|
152
|
-
resource.save
|
|
153
|
-
assert_not resource.remember_expired?
|
|
154
|
-
end
|
|
155
|
-
end
|
|
156
|
-
|
|
157
|
-
test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do
|
|
158
|
-
swap Devise, remember_for: 5.minutes do
|
|
159
|
-
resource = create_resource
|
|
160
|
-
resource.remember_me!(false)
|
|
161
|
-
assert resource.remember_created_at
|
|
162
|
-
|
|
163
|
-
resource.remember_created_at = old = 10.minutes.ago
|
|
164
|
-
resource.save
|
|
165
|
-
|
|
166
|
-
resource.remember_me!(false)
|
|
167
|
-
assert_not_equal old.to_i, resource.remember_created_at.to_i
|
|
168
|
-
end
|
|
169
|
-
end
|
|
170
|
-
|
|
171
|
-
test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do
|
|
172
|
-
swap Devise, remember_for: 1.year do
|
|
173
|
-
resource = create_resource
|
|
174
|
-
resource.remember_me!(false)
|
|
175
|
-
assert resource.remember_created_at
|
|
176
|
-
|
|
177
|
-
resource.remember_created_at = old = 10.minutes.ago.utc
|
|
178
|
-
resource.save
|
|
179
|
-
|
|
180
|
-
resource.remember_me!(false)
|
|
181
|
-
assert_equal old.to_i, resource.remember_created_at.to_i
|
|
182
|
-
end
|
|
183
|
-
end
|
|
184
|
-
|
|
185
|
-
test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do
|
|
186
|
-
swap Devise, remember_for: 1.year do
|
|
187
|
-
resource = create_resource
|
|
188
|
-
resource.remember_me!(true)
|
|
189
|
-
assert resource.remember_created_at
|
|
190
|
-
|
|
191
|
-
resource.remember_created_at = old = 10.minutes.ago
|
|
192
|
-
resource.save
|
|
193
|
-
|
|
194
|
-
resource.remember_me!(true)
|
|
195
|
-
assert_not_equal old, resource.remember_created_at
|
|
196
|
-
end
|
|
197
|
-
end
|
|
198
|
-
|
|
199
140
|
test 'should have the required_fields array' do
|
|
200
141
|
assert_same_content Devise::Models::Rememberable.required_fields(User), [
|
|
201
142
|
:remember_created_at
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.5.
|
|
4
|
+
version: 3.5.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- José Valim
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2016-01-18 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: warden
|