RubyGems - devise - Versions diffs - 4.1.1 → 4.8.0 - Mend

devise 4.1.1 → 4.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +224 -4
data/MIT-LICENSE +2 -1
data/README.md +275 -90
data/app/controllers/devise/confirmations_controller.rb +2 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +7 -5
data/app/controllers/devise/passwords_controller.rb +3 -0
data/app/controllers/devise/registrations_controller.rb +34 -13
data/app/controllers/devise/sessions_controller.rb +3 -1
data/app/controllers/devise/unlocks_controller.rb +2 -0
data/app/controllers/devise_controller.rb +5 -3
data/app/helpers/devise_helper.rb +23 -18
data/app/mailers/devise/mailer.rb +10 -4
data/app/views/devise/confirmations/new.html.erb +2 -2
data/app/views/devise/mailer/email_changed.html.erb +7 -0
data/app/views/devise/passwords/edit.html.erb +3 -3
data/app/views/devise/passwords/new.html.erb +2 -2
data/app/views/devise/registrations/edit.html.erb +9 -5
data/app/views/devise/registrations/new.html.erb +4 -4
data/app/views/devise/sessions/new.html.erb +4 -4
data/app/views/devise/shared/_error_messages.html.erb +15 -0
data/app/views/devise/shared/_links.html.erb +8 -8
data/app/views/devise/unlocks/new.html.erb +2 -2
data/config/locales/en.yml +5 -2
data/lib/devise.rb +39 -17
data/lib/devise/controllers/helpers.rb +22 -9
data/lib/devise/controllers/rememberable.rb +3 -1
data/lib/devise/controllers/scoped_views.rb +2 -0
data/lib/devise/controllers/sign_in_out.rb +39 -14
data/lib/devise/controllers/store_location.rb +25 -7
data/lib/devise/controllers/url_helpers.rb +3 -1
data/lib/devise/delegator.rb +2 -0
data/lib/devise/encryptor.rb +2 -0
data/lib/devise/failure_app.rb +63 -33
data/lib/devise/hooks/activatable.rb +2 -0
data/lib/devise/hooks/csrf_cleaner.rb +2 -0
data/lib/devise/hooks/forgetable.rb +2 -0
data/lib/devise/hooks/lockable.rb +4 -2
data/lib/devise/hooks/proxy.rb +3 -1
data/lib/devise/hooks/rememberable.rb +2 -0
data/lib/devise/hooks/timeoutable.rb +4 -2
data/lib/devise/hooks/trackable.rb +2 -0
data/lib/devise/mailers/helpers.rb +6 -3
data/lib/devise/mapping.rb +3 -1
data/lib/devise/models.rb +3 -1
data/lib/devise/models/authenticatable.rb +63 -37
data/lib/devise/models/confirmable.rb +79 -22
data/lib/devise/models/database_authenticatable.rb +86 -17
data/lib/devise/models/lockable.rb +17 -3
data/lib/devise/models/omniauthable.rb +2 -0
data/lib/devise/models/recoverable.rb +32 -20
data/lib/devise/models/registerable.rb +4 -0
data/lib/devise/models/rememberable.rb +5 -3
data/lib/devise/models/timeoutable.rb +2 -0
data/lib/devise/models/trackable.rb +15 -1
data/lib/devise/models/validatable.rb +10 -3
data/lib/devise/modules.rb +2 -0
data/lib/devise/omniauth.rb +4 -5
data/lib/devise/omniauth/config.rb +2 -0
data/lib/devise/omniauth/url_helpers.rb +2 -51
data/lib/devise/orm/active_record.rb +5 -1
data/lib/devise/orm/mongoid.rb +6 -2
data/lib/devise/parameter_filter.rb +4 -0
data/lib/devise/parameter_sanitizer.rb +15 -56
data/lib/devise/rails.rb +6 -6
data/lib/devise/rails/deprecated_constant_accessor.rb +39 -0
data/lib/devise/rails/routes.rb +9 -7
data/lib/devise/rails/warden_compat.rb +2 -0
data/lib/devise/secret_key_finder.rb +27 -0
data/lib/devise/strategies/authenticatable.rb +3 -1
data/lib/devise/strategies/base.rb +2 -0
data/lib/devise/strategies/database_authenticatable.rb +8 -1
data/lib/devise/strategies/rememberable.rb +2 -0
data/lib/devise/test/controller_helpers.rb +167 -0
data/lib/devise/test/integration_helpers.rb +63 -0
data/lib/devise/test_helpers.rb +7 -129
data/lib/devise/time_inflector.rb +2 -0
data/lib/devise/token_generator.rb +2 -0
data/lib/devise/version.rb +3 -1
data/lib/generators/active_record/devise_generator.rb +40 -12
data/lib/generators/active_record/templates/migration.rb +3 -1
data/lib/generators/active_record/templates/migration_existing.rb +2 -0
data/lib/generators/devise/controllers_generator.rb +3 -1
data/lib/generators/devise/devise_generator.rb +5 -3
data/lib/generators/devise/install_generator.rb +3 -5
data/lib/generators/devise/orm_helpers.rb +9 -3
data/lib/generators/devise/views_generator.rb +8 -9
data/lib/generators/mongoid/devise_generator.rb +7 -5
data/lib/generators/templates/README +9 -8
data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +3 -1
data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
data/lib/generators/templates/controllers/registrations_controller.rb +4 -2
data/lib/generators/templates/controllers/sessions_controller.rb +3 -1
data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
data/lib/generators/templates/devise.rb +49 -6
data/lib/generators/templates/markerb/email_changed.markerb +7 -0
data/lib/generators/templates/markerb/password_change.markerb +2 -2
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +5 -1
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +10 -2
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +4 -1
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +11 -3
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +11 -3
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +7 -2
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +4 -1
metadata +16 -297
data/.gitignore +0 -10
data/.travis.yml +0 -44
data/.yardopts +0 -9
data/CODE_OF_CONDUCT.md +0 -22
data/CONTRIBUTING.md +0 -16
data/Gemfile +0 -30
data/Gemfile.lock +0 -182
data/Rakefile +0 -36
data/bin/test +0 -13
data/devise.gemspec +0 -26
data/devise.png +0 -0
data/gemfiles/Gemfile.rails-4.1-stable +0 -30
data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -170
data/gemfiles/Gemfile.rails-4.2-stable +0 -30
data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -192
data/gemfiles/Gemfile.rails-5.0-beta +0 -37
data/gemfiles/Gemfile.rails-5.0-beta.lock +0 -199
data/test/controllers/custom_registrations_controller_test.rb +0 -40
data/test/controllers/custom_strategy_test.rb +0 -64
data/test/controllers/helper_methods_test.rb +0 -22
data/test/controllers/helpers_test.rb +0 -316
data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -51
data/test/controllers/internal_helpers_test.rb +0 -127
data/test/controllers/load_hooks_controller_test.rb +0 -19
data/test/controllers/passwords_controller_test.rb +0 -32
data/test/controllers/sessions_controller_test.rb +0 -106
data/test/controllers/url_helpers_test.rb +0 -65
data/test/delegator_test.rb +0 -19
data/test/devise_test.rb +0 -107
data/test/failure_app_test.rb +0 -320
data/test/generators/active_record_generator_test.rb +0 -83
data/test/generators/controllers_generator_test.rb +0 -48
data/test/generators/devise_generator_test.rb +0 -39
data/test/generators/install_generator_test.rb +0 -24
data/test/generators/mongoid_generator_test.rb +0 -23
data/test/generators/views_generator_test.rb +0 -103
data/test/helpers/devise_helper_test.rb +0 -49
data/test/integration/authenticatable_test.rb +0 -698
data/test/integration/confirmable_test.rb +0 -324
data/test/integration/database_authenticatable_test.rb +0 -95
data/test/integration/http_authenticatable_test.rb +0 -106
data/test/integration/lockable_test.rb +0 -240
data/test/integration/omniauthable_test.rb +0 -135
data/test/integration/recoverable_test.rb +0 -347
data/test/integration/registerable_test.rb +0 -357
data/test/integration/rememberable_test.rb +0 -211
data/test/integration/timeoutable_test.rb +0 -184
data/test/integration/trackable_test.rb +0 -92
data/test/mailers/confirmation_instructions_test.rb +0 -115
data/test/mailers/reset_password_instructions_test.rb +0 -96
data/test/mailers/unlock_instructions_test.rb +0 -91
data/test/mapping_test.rb +0 -134
data/test/models/authenticatable_test.rb +0 -23
data/test/models/confirmable_test.rb +0 -511
data/test/models/database_authenticatable_test.rb +0 -269
data/test/models/lockable_test.rb +0 -350
data/test/models/omniauthable_test.rb +0 -7
data/test/models/recoverable_test.rb +0 -251
data/test/models/registerable_test.rb +0 -7
data/test/models/rememberable_test.rb +0 -169
data/test/models/serializable_test.rb +0 -49
data/test/models/timeoutable_test.rb +0 -51
data/test/models/trackable_test.rb +0 -41
data/test/models/validatable_test.rb +0 -119
data/test/models_test.rb +0 -153
data/test/omniauth/config_test.rb +0 -57
data/test/omniauth/url_helpers_test.rb +0 -51
data/test/orm/active_record.rb +0 -17
data/test/orm/mongoid.rb +0 -13
data/test/parameter_sanitizer_test.rb +0 -131
data/test/rails_app/Rakefile +0 -6
data/test/rails_app/app/active_record/admin.rb +0 -6
data/test/rails_app/app/active_record/shim.rb +0 -2
data/test/rails_app/app/active_record/user.rb +0 -7
data/test/rails_app/app/active_record/user_on_engine.rb +0 -7
data/test/rails_app/app/active_record/user_on_main_app.rb +0 -7
data/test/rails_app/app/active_record/user_without_email.rb +0 -8
data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
data/test/rails_app/app/controllers/admins_controller.rb +0 -6
data/test/rails_app/app/controllers/application_controller.rb +0 -11
data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -30
data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -31
data/test/rails_app/app/controllers/home_controller.rb +0 -29
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
data/test/rails_app/app/controllers/users_controller.rb +0 -31
data/test/rails_app/app/helpers/application_helper.rb +0 -3
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -3
data/test/rails_app/app/mailers/users/mailer.rb +0 -3
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -4
data/test/rails_app/app/mongoid/admin.rb +0 -29
data/test/rails_app/app/mongoid/shim.rb +0 -23
data/test/rails_app/app/mongoid/user.rb +0 -39
data/test/rails_app/app/mongoid/user_on_engine.rb +0 -39
data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -39
data/test/rails_app/app/mongoid/user_without_email.rb +0 -33
data/test/rails_app/app/views/admins/index.html.erb +0 -1
data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
data/test/rails_app/app/views/home/index.html.erb +0 -1
data/test/rails_app/app/views/home/join.html.erb +0 -1
data/test/rails_app/app/views/home/private.html.erb +0 -1
data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
data/test/rails_app/app/views/layouts/application.html.erb +0 -24
data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
data/test/rails_app/app/views/users/index.html.erb +0 -1
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
data/test/rails_app/bin/bundle +0 -3
data/test/rails_app/bin/rails +0 -4
data/test/rails_app/bin/rake +0 -4
data/test/rails_app/config.ru +0 -4
data/test/rails_app/config/application.rb +0 -44
data/test/rails_app/config/boot.rb +0 -14
data/test/rails_app/config/database.yml +0 -18
data/test/rails_app/config/environment.rb +0 -5
data/test/rails_app/config/environments/development.rb +0 -30
data/test/rails_app/config/environments/production.rb +0 -84
data/test/rails_app/config/environments/test.rb +0 -46
data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
data/test/rails_app/config/initializers/devise.rb +0 -180
data/test/rails_app/config/initializers/inflections.rb +0 -2
data/test/rails_app/config/initializers/secret_token.rb +0 -3
data/test/rails_app/config/initializers/session_store.rb +0 -1
data/test/rails_app/config/routes.rb +0 -126
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
data/test/rails_app/db/schema.rb +0 -55
data/test/rails_app/lib/shared_admin.rb +0 -17
data/test/rails_app/lib/shared_user.rb +0 -30
data/test/rails_app/lib/shared_user_without_email.rb +0 -26
data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -13
data/test/rails_app/public/404.html +0 -26
data/test/rails_app/public/422.html +0 -26
data/test/rails_app/public/500.html +0 -26
data/test/rails_app/public/favicon.ico +0 -0
data/test/rails_test.rb +0 -9
data/test/routes_test.rb +0 -279
data/test/support/action_controller/record_identifier.rb +0 -10
data/test/support/assertions.rb +0 -39
data/test/support/helpers.rb +0 -77
data/test/support/http_method_compatibility.rb +0 -51
data/test/support/integration.rb +0 -92
data/test/support/locale/en.yml +0 -8
data/test/support/mongoid.yml +0 -6
data/test/support/webrat/integrations/rails.rb +0 -33
data/test/test_helper.rb +0 -34
data/test/test_helpers_test.rb +0 -178
data/test/test_models.rb +0 -33

data/lib/devise/models/registerable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Models
     # Registerable is responsible for everything related to registering a new
@@ -19,6 +21,8 @@ module Devise
         def new_with_session(params, session)
           new(params)
         end
+        Devise::Models.config(self, :sign_in_after_change_password)
       end
     end
   end

data/lib/devise/models/rememberable.rb CHANGED Viewed

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
 require 'devise/strategies/rememberable'
 require 'devise/hooks/rememberable'
 require 'devise/hooks/forgetable'
 module Devise
   module Models
-    # Rememberable manages generating and clearing token for remember the user
+    # Rememberable manages generating and clearing token for remembering the user
     # from a saved cookie. Rememberable also has utility methods for dealing
     # with serializing the user into the cookie and back from the cookie, trying
     # to lookup the record based on the saved information.
@@ -74,7 +76,7 @@ module Devise
         elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt.presence)
           salt
         else
-          raise "authenticable_salt returned nil for the #{self.class.name} model. " \
+          raise "authenticatable_salt returned nil for the #{self.class.name} model. " \
             "In order to use rememberable, you must ensure a password is always set " \
             "or have a remember_token column in your model or implement your own " \
             "rememberable_value in the model with custom logic."
@@ -100,7 +102,7 @@ module Devise
       def remember_me?(token, generated_at)
         # TODO: Normalize the JSON type coercion along with the Timeoutable hook
-        # in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
+        # in a single place https://github.com/heartcombo/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
         if generated_at.is_a?(String)
           generated_at = time_from_json(generated_at)
         end

data/lib/devise/models/timeoutable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/hooks/timeoutable'
 module Devise

data/lib/devise/models/trackable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/hooks/trackable'
 module Devise
@@ -20,7 +22,7 @@ module Devise
         self.last_sign_in_at     = old_current || new_current
         self.current_sign_in_at  = new_current
-        old_current, new_current = self.current_sign_in_ip, request.remote_ip
+        old_current, new_current = self.current_sign_in_ip, extract_ip_from(request)
         self.last_sign_in_ip     = old_current || new_current
         self.current_sign_in_ip  = new_current
@@ -29,9 +31,21 @@ module Devise
       end
       def update_tracked_fields!(request)
+        # We have to check if the user is already persisted before running
+        # `save` here because invalid users can be saved if we don't.
+        # See https://github.com/heartcombo/devise/issues/4673 for more details.
+        return if new_record?
         update_tracked_fields(request)
         save(validate: false)
       end
+      protected
+      def extract_ip_from(request)
+        request.remote_ip
+      end
     end
   end
 end

data/lib/devise/models/validatable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Models
     # Validatable creates all needed validations for a user email and password.
@@ -10,7 +12,7 @@ module Devise
     # Validatable adds the following options to devise_for:
     #
     #   * +email_regexp+: the regular expression used to validate e-mails;
-    #   * +password_length+: a range expressing password length. Defaults to 8..72.
+    #   * +password_length+: a range expressing password length. Defaults to 6..128.
     #
     module Validatable
       # All validations used by this module.
@@ -27,8 +29,13 @@ module Devise
         base.class_eval do
           validates_presence_of   :email, if: :email_required?
-          validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
-          validates_format_of     :email, with: email_regexp, allow_blank: true, if: :email_changed?
+          if Devise.activerecord51?
+            validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email?
+            validates_format_of     :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email?
+          else
+            validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
+            validates_format_of     :email, with: email_regexp, allow_blank: true, if: :email_changed?
+          end
           validates_presence_of     :password, if: :password_required?
           validates_confirmation_of :password, if: :password_required?

data/lib/devise/modules.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'active_support/core_ext/object/with_options'
 Devise.with_options model: true do |d|

data/lib/devise/omniauth.rb CHANGED Viewed

@@ -1,15 +1,14 @@
+# frozen_string_literal: true
 begin
+  gem "omniauth", ">= 1.0.0"
   require "omniauth"
-  require "omniauth/version"
 rescue LoadError
   warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
   raise
 end
-unless OmniAuth::VERSION =~ /^1\./
-  raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
-end
 # Clean up the default path_prefix. It will be automatically set by Devise.
 OmniAuth.config.path_prefix = nil

data/lib/devise/omniauth/config.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module OmniAuth
     class StrategyNotFound < NameError

data/lib/devise/omniauth/url_helpers.rb CHANGED Viewed

@@ -1,57 +1,8 @@
+# frozen_string_literal: true
 module Devise
   module OmniAuth
     module UrlHelpers
-      def self.define_helpers(mapping)
-        return unless mapping.omniauthable?
-        mapping = mapping.name
-        class_eval do
-          define_method("#{mapping}_omniauth_authorize_path") do |provider, *args|
-            ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
-            [Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2.
-            Please use #{mapping}_#{provider}_omniauth_authorize_path instead.
-            DEPRECATION
-            send("#{mapping}_#{provider}_omniauth_authorize_path", *args)
-          end
-          define_method("#{mapping}_omniauth_authorize_url") do |provider, *args|
-            ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
-            [Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2.
-            Please use #{mapping}_#{provider}_omniauth_authorize_url instead.
-            DEPRECATION
-            send("#{mapping}_#{provider}_omniauth_authorize_url", *args)
-          end
-          define_method("#{mapping}_omniauth_callback_path") do |provider, *args|
-            ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
-            [Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2.
-            Please use #{mapping}_#{provider}_omniauth_callback_path instead.
-            DEPRECATION
-            send("#{mapping}_#{provider}_omniauth_callback_path", *args)
-          end
-          define_method("#{mapping}_omniauth_callback_url") do |provider, *args|
-            ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
-            [Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2.
-            Please use #{mapping}_#{provider}_omniauth_callback_url instead.
-            DEPRECATION
-            send("#{mapping}_#{provider}_omniauth_callback_url", *args)
-          end
-        end
-        ActiveSupport.on_load(:action_controller) do
-          if respond_to?(:helper_method)
-            helper_method "#{mapping}_omniauth_authorize_path", "#{mapping}_omniauth_authorize_url"
-            helper_method "#{mapping}_omniauth_callback_path", "#{mapping}_omniauth_callback_url"
-          end
-        end
-      end
       def omniauth_authorize_path(resource_or_scope, provider, *args)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
         _devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_path", *args)

data/lib/devise/orm/active_record.rb CHANGED Viewed

@@ -1,3 +1,7 @@
+# frozen_string_literal: true
 require 'orm_adapter/adapters/active_record'
-ActiveRecord::Base.extend Devise::Models
+ActiveSupport.on_load(:active_record) do
+  extend Devise::Models
+end

data/lib/devise/orm/mongoid.rb CHANGED Viewed

@@ -1,3 +1,7 @@
-require 'orm_adapter/adapters/mongoid'
+# frozen_string_literal: true
-Mongoid::Document::ClassMethods.send :include, Devise::Models
+ActiveSupport.on_load(:mongoid) do
+  require 'orm_adapter/adapters/mongoid'
+  Mongoid::Document::ClassMethods.send :include, Devise::Models
+end

data/lib/devise/parameter_filter.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   class ParameterFilter
     def initialize(case_insensitive_keys, strip_whitespace_keys)
@@ -16,6 +18,8 @@ module Devise
     def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys)
       condition_keys.each do |k|
+        next unless conditions.key?(k)
         value = conditions[k]
         conditions[k] = value.send(method) if value.respond_to?(method)
       end

data/lib/devise/parameter_sanitizer.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   # The +ParameterSanitizer+ deals with permitting specific parameters values
   # for each +Devise+ scope in the application.
@@ -68,12 +70,6 @@ module Devise
     def sanitize(action)
       permissions = @permitted[action]
-      # DEPRECATED: Remove this branch on Devise 4.2.
-      if respond_to?(action, true)
-        deprecate_instance_method_sanitization(action)
-        return cast_to_hash send(action)
-      end
       if permissions.respond_to?(:call)
         cast_to_hash permissions.call(default_params)
       elsif permissions.present?
@@ -127,17 +123,6 @@ module Devise
       end
     end
-    # DEPRECATED: Remove this method on Devise 4.2.
-    def for(action, &block) # :nodoc:
-      if block_given?
-        deprecate_for_with_block(action)
-        permit(action, &block)
-      else
-        deprecate_for_without_block(action)
-        @permitted[action] or unknown_action!(action)
-      end
-    end
     private
     # Cast a sanitized +ActionController::Parameters+ to a +HashWithIndifferentAccess+
@@ -150,7 +135,19 @@ module Devise
     end
     def default_params
-      @params.fetch(@resource_name, {})
+      if hashable_resource_params?
+        @params.fetch(@resource_name)
+      else
+        empty_params
+      end
+    end
+    def hashable_resource_params?
+      @params[@resource_name].respond_to?(:permit)
+    end
+    def empty_params
+      ActionController::Parameters.new({})
     end
     def permit_keys(parameters, keys)
@@ -172,43 +169,5 @@ module Devise
           devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3])
       MESSAGE
     end
-    def deprecate_for_with_block(action)
-      ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
-        [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2.
-        Please use the `permit` method:
-          devise_parameter_sanitizer.permit(:#{action}) do |user|
-            # Your block here.
-          end
-      MESSAGE
-    end
-    def deprecate_for_without_block(action)
-      ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
-        [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2.
-        Please use the `permit` method to add or remove any key:
-          To add any new key, use the `keys` keyword argument:
-          devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3])
-          To remove any existing key, use the `except` keyword argument:
-          devise_parameter_sanitizer.permit(:#{action}, except: [:email])
-      MESSAGE
-    end
-    def deprecate_instance_method_sanitization(action)
-      ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
-        [Devise] Parameter sanitization through a "#{self.class.name}##{action}" method is deprecated and it will be removed from Devise 4.2.
-        Please use the `permit` method on your sanitizer `initialize` method.
-          class #{self.class.name} < Devise::ParameterSanitizer
-            def initialize(*)
-              super
-              permit(:#{action}, keys: [:param1, :param2, :param3])
-            end
-          end
-      MESSAGE
-    end
   end
 end

data/lib/devise/rails.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/rails/routes'
 require 'devise/rails/warden_compat'
@@ -11,7 +13,9 @@ module Devise
     end
     # Force routes to be loaded if we are doing any eager load.
-    config.before_eager_load { |app| app.reload_routes! }
+    config.before_eager_load do |app|
+      app.reload_routes! if Devise.reload_routes
+    end
     initializer "devise.url_helpers" do
       Devise.include_helpers(Devise::Controllers)
@@ -30,11 +34,7 @@ module Devise
     end
     initializer "devise.secret_key" do |app|
-      if app.respond_to?(:secrets)
-        Devise.secret_key ||= app.secrets.secret_key_base
-      elsif app.config.respond_to?(:secret_key_base)
-        Devise.secret_key ||= app.config.secret_key_base
-      end
+      Devise.secret_key ||= Devise::SecretKeyFinder.new(app).find
       Devise.token_generator ||=
         if secret_key = Devise.secret_key

data/lib/devise/rails/deprecated_constant_accessor.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+begin
+  require 'active_support/deprecation/constant_accessor'
+  module Devise
+    DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc:
+  end
+rescue LoadError
+  # Copy of constant deprecation module from Rails / Active Support version 6, so we can use it
+  # with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater.
+  module Devise
+    module DeprecatedConstantAccessor #:nodoc:
+      def self.included(base)
+        require "active_support/inflector/methods"
+        extension = Module.new do
+          def const_missing(missing_const_name)
+            if class_variable_defined?(:@@_deprecated_constants)
+              if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s])
+                replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations)
+                return ActiveSupport::Inflector.constantize(replacement[:new].to_s)
+              end
+            end
+            super
+          end
+          def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance)
+            class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
+            class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
+          end
+        end
+        base.singleton_class.prepend extension
+      end
+    end
+  end
+end

data/lib/devise/rails/routes.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "active_support/core_ext/object/try"
 require "active_support/core_ext/hash/slice"
@@ -133,10 +135,10 @@ module ActionDispatch::Routing
     #  * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given
     #    are also allowed as parameter.
     #
-    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :delete),
     #    if you wish to restrict this to accept only :post or :delete requests you should do:
     #
-    #      devise_for :users, sign_out_via: [:post, :delete]
+    #      devise_for :users, sign_out_via: [:get, :post]
     #
     #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
     #
@@ -285,7 +287,7 @@ module ActionDispatch::Routing
     #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
-    def authenticate(scope=nil, block=nil)
+    def authenticate(scope = nil, block = nil)
       constraints_for(:authenticate!, scope, block) do
         yield
       end
@@ -309,7 +311,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'landing#show'
     #
-    def authenticated(scope=nil, block=nil)
+    def authenticated(scope = nil, block = nil)
       constraints_for(:authenticate?, scope, block) do
         yield
       end
@@ -326,7 +328,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'dashboard#show'
     #
-    def unauthenticated(scope=nil)
+    def unauthenticated(scope = nil)
       constraint = lambda do |request|
         not request.env["warden"].authenticate? scope: scope
       end
@@ -338,7 +340,7 @@ module ActionDispatch::Routing
     # Sets the devise scope to be used in the controller. If you have custom routes,
     # you are required to call this method (also aliased as :as) in order to specify
-    # to which controller it is targetted.
+    # to which controller it is targeted.
     #
     #   as :user do
     #     get "sign_in", to: "devise/sessions#new"
@@ -472,7 +474,7 @@ ERROR
         @scope = current_scope
       end
-      def constraints_for(method_to_apply, scope=nil, block=nil)
+      def constraints_for(method_to_apply, scope = nil, block = nil)
         constraint = lambda do |request|
           request.env['warden'].send(method_to_apply, scope: scope) &&
             (block.nil? || block.call(request.env["warden"].user(scope)))