devise 3.5.6 → 3.5.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 170cbeb51f7e3662d509a920d0dd572ab30f1d8d
-  data.tar.gz: 4b7d78a8f00a0de1dd1b76c89f6614196a8bcdaa
+  metadata.gz: cdd92a945c0610afa574e7ae8c2db8b6791b6fbf
+  data.tar.gz: 01f1cc5980cd635da0d87c42224e0e20e3bbd714
 SHA512:
-  metadata.gz: 28952c389b36c41b41230825f0d24fba90b01a7cb7f9a944e047293338a46f9210e30d456a1e3e3959b813276953ee174887bf1b5511072515be3acd1c65d683
-  data.tar.gz: 869c90b6a083ea0e8b60385bc1e1ecbf90469dac0468506b39ca2c96f6545532e3b58ac3310d01bf497c9ec5e8eb66ea7a7ff4715b5c46747edfecf7c332728f
+  metadata.gz: b3283d703d49ecabec08f82da2e19ddd7998cc551f7505bd87a72a9b32111eb093d1185446ae880fe2ad5ca6720d450de2bf954fcb6fb94eda8ef3efc2723da6
+  data.tar.gz: 6fb78ddd82071e22c7d2686a9a92f950fedc3f6b57b2fd2edadd048a878840d496a633be2f5aca9256657cce04e342993b147d3c5fac96f5ddbf18ed623b405f

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+### Unreleased
+
+### 3.5.7 - 2016-04-18
+
+* bug fixes
+  * Fix the `extend_remember_period` configuration. When set to `false` it does
+    not update the cookie expiration anymore.(by @ulissesalmeida)
+
 ### 3.5.6 - 2016-01-02
 
 * bug fixes

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (3.5.6)
+    devise (3.5.7)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -48,7 +48,7 @@ GEM
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     arel (6.0.0)
-    bcrypt (3.1.10)
+    bcrypt (3.1.11)
     bson (3.1.2)
     builder (3.2.2)
     connection_pool (2.2.0)
@@ -139,7 +139,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rake (10.4.2)
     rdoc (4.2.0)
-    responders (2.1.1)
+    responders (2.1.2)
       railties (>= 4.2.0, < 5.1)
     ruby-openid (2.7.0)
     sprockets (3.2.0)

data/lib/devise.rb

@@ -116,7 +116,6 @@ module Devise
   mattr_accessor :remember_for
   @@remember_for = 2.weeks
 
-  # TODO: extend_remember_period is no longer used
   # If true, extends the user's remember period when remembered via cookie.
   mattr_accessor :extend_remember_period
   @@extend_remember_period = false

data/lib/devise/models/rememberable.rb

@@ -39,7 +39,7 @@ module Devise
     module Rememberable
       extend ActiveSupport::Concern
 
-      attr_accessor :remember_me, :extend_remember_period
+      attr_accessor :remember_me
 
       def self.required_fields(klass)
         [:remember_created_at]
@@ -71,6 +71,10 @@ module Devise
         self.class.remember_for.from_now
       end
 
+      def extend_remember_period
+        self.class.extend_remember_period
+      end
+
       def rememberable_value
         if respond_to?(:remember_token)
           remember_token
@@ -152,9 +156,6 @@ module Devise
           end
         end
 
-        private
-
-        # TODO: extend_remember_period is no longer used
         Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out)
       end
     end

data/lib/devise/strategies/rememberable.rb

@@ -25,8 +25,7 @@ module Devise
         end
 
         if validate(resource)
-          remember_me(resource)
-          extend_remember_me_period(resource)
+          remember_me(resource) if extend_remember_me?(resource)
           resource.after_remembered
           success!(resource)
         end
@@ -43,10 +42,8 @@ module Devise
 
     private
 
-      def extend_remember_me_period(resource)
-        if resource.respond_to?(:extend_remember_period=)
-          resource.extend_remember_period = mapping.to.extend_remember_period
-        end
+      def extend_remember_me?(resource)
+        resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
       end
 
       def remember_me?

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.5.6".freeze
+  VERSION = "3.5.7".freeze
 end

data/test/integration/rememberable_test.rb

@@ -92,7 +92,6 @@ class RememberMeTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert warden.authenticated?(:user)
     assert warden.user(:user) == user
-    assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
   end
 
   test 'remember the user before sign up and redirect them to their home' do
@@ -118,6 +117,40 @@ class RememberMeTest < ActionDispatch::IntegrationTest
     end
   end
 
+  test 'extends remember period when extend remember period config is true' do
+    swap Devise, extend_remember_period: true, remember_for: 1.year do
+      user = create_user_and_remember
+      old_remember_token = nil
+
+      travel_to 1.day.ago do
+        get root_path
+        old_remember_token = request.cookies['remember_user_token']
+      end
+
+      get root_path
+      current_remember_token = request.cookies['remember_user_token']
+
+      refute_equal old_remember_token, current_remember_token
+    end
+  end
+
+  test 'does not extend remember period when extend period config is false' do
+    swap Devise, extend_remember_period: false, remember_for: 1.year do
+      user = create_user_and_remember
+      old_remember_token = nil
+
+      travel_to 1.day.ago do
+        get root_path
+        old_remember_token = request.cookies['remember_user_token']
+      end
+
+      get root_path
+      current_remember_token = request.cookies['remember_user_token']
+
+      assert_equal old_remember_token, current_remember_token
+    end
+  end
+
   test 'do not remember other scopes' do
     create_user_and_remember
     get root_path

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise
 version: !ruby/object:Gem::Version
-  version: 3.5.6
+  version: 3.5.7
 platform: ruby
 authors:
 - José Valim
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-01 00:00:00.000000000 Z
+date: 2016-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: warden