devise 4.1.1 → 4.2.0

data/README.md

@@ -89,7 +89,7 @@ Once you have solidified your understanding of Rails and authentication mechanis
 
 ## Getting started
 
-Devise 4.0 works with Rails 4.2 onwards. You can add it to your Gemfile with:
+Devise 4.0 works with Rails 4.1 onwards. You can add it to your Gemfile with:
 
 ```ruby
 gem 'devise'
@@ -97,28 +97,31 @@ gem 'devise'
 
 Run the bundle command to install it.
 
-After you install Devise and add it to your Gemfile, you need to run the generator:
+Next, you need to run the generator:
 
 ```console
-rails generate devise:install
+$ rails generate devise:install
 ```
 
-The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator:
+At this point, a number of instructions will appear in the console. Among these instructions, you'll need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
 
-```console
-rails generate devise MODEL
+```ruby
+config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 ```
 
-Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
+The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator.
 
-Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
 
-Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
+In the following command you will replace `MODEL` with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
 
-```ruby
-config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
+```console
+$ rails generate devise MODEL
 ```
 
+Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. 
+
+Then run `rake db:migrate`
+
 You should restart your application after changing Devise's configuration options. Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined.
 
 ### Controller filters and helpers
@@ -154,7 +157,7 @@ user_session
 After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect to. For instance, when using a `:user` resource, the `user_root_path` will be used if it exists; otherwise, the default `root_path` will be used. This means that you need to set the root inside your routes:
 
 ```ruby
-root to: "home#index"
+root to: 'home#index'
 ```
 
 You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks.
@@ -270,7 +273,7 @@ We built Devise to help you quickly develop an application that uses authenticat
 Since Devise is an engine, all its views are packaged inside the gem. These views will help you get started, but after some time you may want to change them. If this is the case, you just need to invoke the following generator, and it will copy all views to your application:
 
 ```console
-rails generate devise:views
+$ rails generate devise:views
 ```
 
 If you have more than one Devise model in your application (such as `User` and `Admin`), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set `config.scoped_views = true` inside the `config/initializers/devise.rb` file.
@@ -278,14 +281,14 @@ If you have more than one Devise model in your application (such as `User` and `
 After doing so, you will be able to have views based on the role like `users/sessions/new` and `admins/sessions/new`. If no view is found within the scope, Devise will use the default view at `devise/sessions/new`. You can also use the generator to generate scoped views:
 
 ```console
-rails generate devise:views users
+$ rails generate devise:views users
 ```
 
 If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module,
 you can pass a list of modules to the generator with the `-v` flag.
 
 ```console
-rails generate devise:views -v registrations confirmations
+$ rails generate devise:views -v registrations confirmations
 ```
 
 ### Configuring controllers
@@ -295,7 +298,7 @@ If the customization at the views level is not enough, you can customize each co
 1. Create your custom controllers using the generator which requires a scope:
 
     ```console
-    rails generate devise:controllers [scope]
+    $ rails generate devise:controllers [scope]
     ```
 
     If you specify `users` as the scope, controllers will be created in `app/controllers/users/`.
@@ -314,7 +317,7 @@ If the customization at the views level is not enough, you can customize each co
 2. Tell the router to use this controller:
 
     ```ruby
-    devise_for :users, controllers: { sessions: "users/sessions" }
+    devise_for :users, controllers: { sessions: 'users/sessions' }
     ```
 
 3. Copy the views from `devise/sessions` to `users/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`.
@@ -352,7 +355,7 @@ Remember that Devise uses flash messages to let users know if sign in was succes
 Devise also ships with default routes. If you need to customize them, you should probably be able to do it through the devise_for method. It accepts several options like :class_name, :path_prefix and so on, including the possibility to change path names for I18n:
 
 ```ruby
-devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
+devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
 ```
 
 Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details.
@@ -361,7 +364,7 @@ If you have the need for more deep customization, for instance to also allow "/s
 
 ```ruby
 devise_scope :user do
-  get "sign_in", to: "devise/sessions#new"
+  get 'sign_in', to: 'devise/sessions#new'
 end
 ```
 
@@ -411,45 +414,94 @@ Caution: Devise Controllers inherit from ApplicationController. If your app uses
 
 ### Test helpers
 
-Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of `ActiveSupport::TestCase` which is the default class inside of `test/test_helper.rb`):
+Devise includes some test helpers for controller and integration tests.
+In order to use them, you need to include the respective module in your test
+cases/specs.
+
+### Controller tests
+
+Controller tests require that you include `Devise::Test::ControllerHelpers` on
+your test case or its parent `ActionController::TestCase` superclass.
 
 ```ruby
-class ActionController::TestCase
-  include Devise::TestHelpers
+class PostsControllerTest < ActionController::TestCase
+  include Devise::Test::ControllerHelpers
 end
 ```
 
-If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb` (or `spec/rails_helper.rb` if you are using rspec-rails):
+If you're using RSpec, you can put the following inside a file named
+`spec/support/devise.rb` or in your `spec/spec_helper.rb` (or
+`spec/rails_helper.rb` if you are using `rspec-rails`):
 
 ```ruby
 RSpec.configure do |config|
-  config.include Devise::TestHelpers, type: :controller
-  config.include Devise::TestHelpers, type: :view
+  config.include Devise::Test::ControllerHelpers, type: :controller
+  config.include Devise::Test::ControllerHelpers, type: :view
 end
 ```
 
 Just be sure that this inclusion is made *after* the `require 'rspec/rails'` directive.
 
-Now you are ready to use the `sign_in` and `sign_out` methods. Such methods have the same signature as in controllers:
+Now you are ready to use the `sign_in` and `sign_out` methods on your controller
+tests:
+
+```ruby
+sign_in @user
+sign_in @user, scope: admin
+```
+
+If you are testing Devise internal controllers or a controller that inherits
+from Devise's, you need to tell Devise which mapping should be used before a
+request. This is necessary because Devise gets this information from the router,
+but since controller tests do not pass through the router, it needs to be stated
+explicitly. For example, if you are testing the user scope, simply use:
 
 ```ruby
-sign_in :user, @user   # sign_in(scope, resource)
-sign_in @user          # sign_in(resource)
+test 'GET new' do
+  # Mimic the router behavior of setting the Devise scope through the env.
+  @request.env['devise.mapping'] = Devise.mappings[:user]
+
+  # Use the sign_in helper to sign in a fixture `User` record.
+  sign_in users(:alice)
 
-sign_out :user         # sign_out(scope)
-sign_out @user         # sign_out(resource)
+  get :new
+
+  # assert something
+end
 ```
 
-There are two things that are important to keep in mind:
+### Integration tests
 
-1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. It is undesirable even to include `Devise::TestHelpers` during integration tests. Instead, fill in the form or explicitly set the user in session;
+Integration test helpers are available by including the
+`Devise::Test::IntegrationHelpers` module.
 
-2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use:
+```ruby
+class PostsTests < ActionDispatch::IntegrationTest
+  include Devise::Test::IntegrationHelpers
+end
+```
 
-    ```ruby
-    @request.env["devise.mapping"] = Devise.mappings[:user]
-    get :new
-    ```
+Now you can use the following `sign_in` and `sign_out` methods in your integration
+tests:
+
+```ruby
+sign_in users(:bob)
+sign_in users(:bob), scope: :admin
+
+sign_out :user
+```
+
+RSpec users can include the `IntegrationHelpers` module on their `:feature` specs.
+
+```ruby
+RSpec.configure do |config|
+  config.include Devise::Test::IntegrationHelpers, type: :feature
+end
+```
+
+Unlike controller tests, integration tests do not need to supply the
+`devise.mapping` `env` value, as the mapping can be inferred by the routes that
+are executed in your tests.
 
 You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki:
 

data/app/controllers/devise/omniauth_callbacks_controller.rb

@@ -13,14 +13,14 @@ class Devise::OmniauthCallbacksController < DeviseController
   protected
 
   def failed_strategy
-    request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : env["omniauth.error.strategy"]
+    request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : request.env["omniauth.error.strategy"]
   end
 
   def failure_message
-    exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : env["omniauth.error"]
+    exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : request.env["omniauth.error"]
     error   = exception.error_reason if exception.respond_to?(:error_reason)
     error ||= exception.error        if exception.respond_to?(:error)
-    error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : env["omniauth.error.type"]).to_s
+    error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : request.env["omniauth.error.type"]).to_s
     error.to_s.humanize if error
   end
 

data/app/controllers/devise/registrations_controller.rb

@@ -1,13 +1,13 @@
 class Devise::RegistrationsController < DeviseController
   prepend_before_action :require_no_authentication, only: [:new, :create, :cancel]
   prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy]
+  prepend_before_action :set_minimum_password_length, only: [:new, :edit]
 
   # GET /resource/sign_up
   def new
     build_resource({})
-    set_minimum_password_length
     yield resource if block_given?
-    respond_with self.resource
+    respond_with resource
   end
 
   # POST /resource
@@ -53,7 +53,7 @@ class Devise::RegistrationsController < DeviseController
           :update_needs_confirmation : :updated
         set_flash_message :notice, flash_key
       end
-      sign_in resource_name, resource, bypass: true
+      bypass_sign_in resource, scope: resource_name
       respond_with resource, location: after_update_path_for(resource)
     else
       clean_up_passwords resource

data/app/views/devise/registrations/edit.html.erb

@@ -15,6 +15,10 @@
   <div class="field">
     <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
     <%= f.password_field :password, autocomplete: "off" %>
+    <% if @minimum_password_length %>
+      <br />
+      <em><%= @minimum_password_length %> characters minimum</em>
+    <% end %>
   </div>
 
   <div class="field">

data/gemfiles/Gemfile.rails-4.1-stable

@@ -3,13 +3,13 @@ source "https://rubygems.org"
 gemspec path: ".."
 
 gem "rails", github: "rails/rails", branch: "4-1-stable"
-gem "omniauth", "~> 1.3"
-gem "omniauth-oauth2", "~> 1.4"
+gem "omniauth"
+gem "omniauth-oauth2"
 gem "rdoc"
 
 group :test do
   gem "omniauth-facebook"
-  gem "omniauth-openid", "~> 1.0.1"
+  gem "omniauth-openid"
   gem "webrat", "0.7.3", require: false
   gem "mocha", "~> 1.1", require: false
   gem 'test_after_commit', require: false
@@ -26,5 +26,5 @@ platforms :ruby do
 end
 
 group :mongoid do
-  gem "mongoid", "~> 4.0.0"
+  gem "mongoid", "~> 4.0"
 end

data/gemfiles/Gemfile.rails-4.1-stable.lock

@@ -1,6 +1,6 @@
 GIT
   remote: git://github.com/rails/rails.git
-  revision: 41b4d81b4fd14cbf43060c223bea0f461256d099
+  revision: 9f5cbe613c8a80282970c73b0f00095788d54e34
   branch: 4-1-stable
   specs:
     actionmailer (4.1.15)
@@ -48,7 +48,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (4.0.1)
+    devise (4.2.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 5.1)
@@ -62,21 +62,23 @@ GEM
     bcrypt (3.1.11)
     bson (3.2.6)
     builder (3.2.2)
-    concurrent-ruby (1.0.1)
+    concurrent-ruby (1.0.2)
     connection_pool (2.2.0)
     erubis (2.7.0)
     faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    hashie (3.4.3)
+    hashie (3.4.4)
     i18n (0.7.0)
     json (1.8.3)
-    jwt (1.5.1)
-    mail (2.6.3)
-      mime-types (>= 1.16, < 3)
+    jwt (1.5.4)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
     metaclass (0.0.4)
-    mime-types (2.99.1)
-    mini_portile2 (2.0.0)
-    minitest (5.8.4)
+    mime-types (3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0521)
+    mini_portile2 (2.1.0)
+    minitest (5.9.0)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
     mongoid (4.0.2)
@@ -88,14 +90,15 @@ GEM
       bson (~> 3.0)
       connection_pool (~> 2.0)
       optionable (~> 0.2.0)
-    multi_json (1.11.2)
+    multi_json (1.12.1)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    nokogiri (1.6.7.2)
-      mini_portile2 (~> 2.0.0.rc2)
-    oauth2 (1.1.0)
+    nokogiri (1.6.8)
+      mini_portile2 (~> 2.1.0)
+      pkg-config (~> 1.1.7)
+    oauth2 (1.2.0)
       faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0, < 1.5.2)
+      jwt (~> 1.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
@@ -113,19 +116,20 @@ GEM
     optionable (0.2.0)
     origin (2.2.0)
     orm_adapter (0.5.0)
+    pkg-config (1.1.7)
     rack (1.5.5)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rake (11.0.1)
+    rake (11.2.2)
     rdoc (4.2.2)
       json (~> 1.4)
     responders (1.1.2)
       railties (>= 3.2, < 4.2)
     ruby-openid (2.7.0)
-    sprockets (3.5.2)
+    sprockets (3.6.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (2.3.3)
@@ -133,7 +137,7 @@ GEM
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
     sqlite3 (1.3.11)
-    test_after_commit (1.0.0)
+    test_after_commit (1.1.0)
       activerecord (>= 3.2)
     thor (0.19.1)
     thread_safe (0.3.5)
@@ -155,11 +159,11 @@ DEPENDENCIES
   devise!
   jruby-openssl
   mocha (~> 1.1)
-  mongoid (~> 4.0.0)
-  omniauth (~> 1.3)
+  mongoid (~> 4.0)
+  omniauth
   omniauth-facebook
-  omniauth-oauth2 (~> 1.4)
-  omniauth-openid (~> 1.0.1)
+  omniauth-oauth2
+  omniauth-openid
   rails!
   rdoc
   sqlite3
@@ -167,4 +171,4 @@ DEPENDENCIES
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.11.2
+   1.12.5

data/gemfiles/Gemfile.rails-4.2-stable

@@ -3,13 +3,13 @@ source "https://rubygems.org"
 gemspec path: ".."
 
 gem "rails", github: "rails/rails", branch: "4-2-stable"
-gem "omniauth", "~> 1.3"
-gem "omniauth-oauth2", "~> 1.4"
+gem "omniauth"
+gem "omniauth-oauth2"
 gem "rdoc"
 
 group :test do
   gem "omniauth-facebook"
-  gem "omniauth-openid", "~> 1.0.1"
+  gem "omniauth-openid"
   gem "webrat", "0.7.3", require: false
   gem "mocha", "~> 1.1", require: false
   gem 'test_after_commit', require: false
@@ -26,5 +26,5 @@ platforms :ruby do
 end
 
 group :mongoid do
-  gem "mongoid", "~> 4.0.0"
+  gem "mongoid", "~> 4.0"
 end