devise 4.1.1 → 5.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (255) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +68 -111
  3. data/MIT-LICENSE +2 -1
  4. data/README.md +315 -98
  5. data/app/controllers/devise/confirmations_controller.rb +3 -0
  6. data/app/controllers/devise/omniauth_callbacks_controller.rb +7 -5
  7. data/app/controllers/devise/passwords_controller.rb +10 -2
  8. data/app/controllers/devise/registrations_controller.rb +42 -20
  9. data/app/controllers/devise/sessions_controller.rb +9 -7
  10. data/app/controllers/devise/unlocks_controller.rb +3 -0
  11. data/app/controllers/devise_controller.rb +19 -3
  12. data/app/helpers/devise_helper.rb +3 -23
  13. data/app/mailers/devise/mailer.rb +10 -4
  14. data/app/views/devise/confirmations/new.html.erb +3 -3
  15. data/app/views/devise/mailer/email_changed.html.erb +7 -0
  16. data/app/views/devise/passwords/edit.html.erb +6 -6
  17. data/app/views/devise/passwords/new.html.erb +4 -4
  18. data/app/views/devise/registrations/edit.html.erb +13 -10
  19. data/app/views/devise/registrations/new.html.erb +9 -9
  20. data/app/views/devise/sessions/new.html.erb +8 -8
  21. data/app/views/devise/shared/_error_messages.html.erb +15 -0
  22. data/app/views/devise/shared/_links.html.erb +13 -13
  23. data/app/views/devise/unlocks/new.html.erb +3 -3
  24. data/config/locales/en.yml +5 -2
  25. data/lib/devise/controllers/helpers.rb +24 -9
  26. data/lib/devise/controllers/rememberable.rb +3 -1
  27. data/lib/devise/controllers/responder.rb +35 -0
  28. data/lib/devise/controllers/scoped_views.rb +2 -0
  29. data/lib/devise/controllers/sign_in_out.rb +31 -21
  30. data/lib/devise/controllers/store_location.rb +25 -7
  31. data/lib/devise/controllers/url_helpers.rb +3 -1
  32. data/lib/devise/delegator.rb +2 -0
  33. data/lib/devise/encryptor.rb +2 -0
  34. data/lib/devise/failure_app.rb +71 -38
  35. data/lib/devise/hooks/activatable.rb +3 -1
  36. data/lib/devise/hooks/csrf_cleaner.rb +8 -1
  37. data/lib/devise/hooks/forgetable.rb +2 -0
  38. data/lib/devise/hooks/lockable.rb +4 -2
  39. data/lib/devise/hooks/proxy.rb +3 -1
  40. data/lib/devise/hooks/rememberable.rb +2 -0
  41. data/lib/devise/hooks/timeoutable.rb +5 -3
  42. data/lib/devise/hooks/trackable.rb +2 -0
  43. data/lib/devise/mailers/helpers.rb +15 -18
  44. data/lib/devise/mapping.rb +4 -2
  45. data/lib/devise/models/authenticatable.rb +58 -44
  46. data/lib/devise/models/confirmable.rb +52 -14
  47. data/lib/devise/models/database_authenticatable.rb +52 -20
  48. data/lib/devise/models/lockable.rb +19 -5
  49. data/lib/devise/models/omniauthable.rb +4 -2
  50. data/lib/devise/models/recoverable.rb +22 -21
  51. data/lib/devise/models/registerable.rb +4 -0
  52. data/lib/devise/models/rememberable.rb +6 -4
  53. data/lib/devise/models/timeoutable.rb +3 -1
  54. data/lib/devise/models/trackable.rb +15 -1
  55. data/lib/devise/models/validatable.rb +10 -6
  56. data/lib/devise/models.rb +4 -1
  57. data/lib/devise/modules.rb +2 -0
  58. data/lib/devise/omniauth/config.rb +2 -0
  59. data/lib/devise/omniauth/url_helpers.rb +2 -51
  60. data/lib/devise/omniauth.rb +4 -5
  61. data/lib/devise/orm/active_record.rb +5 -1
  62. data/lib/devise/orm/mongoid.rb +6 -2
  63. data/lib/devise/orm.rb +80 -0
  64. data/lib/devise/parameter_filter.rb +4 -0
  65. data/lib/devise/parameter_sanitizer.rb +16 -58
  66. data/lib/devise/rails/routes.rb +12 -11
  67. data/lib/devise/rails/warden_compat.rb +2 -0
  68. data/lib/devise/rails.rb +16 -6
  69. data/lib/devise/strategies/authenticatable.rb +3 -1
  70. data/lib/devise/strategies/base.rb +2 -0
  71. data/lib/devise/strategies/database_authenticatable.rb +8 -1
  72. data/lib/devise/strategies/rememberable.rb +2 -0
  73. data/lib/devise/test/controller_helpers.rb +156 -0
  74. data/lib/devise/test/integration_helpers.rb +63 -0
  75. data/lib/devise/time_inflector.rb +2 -0
  76. data/lib/devise/token_generator.rb +2 -0
  77. data/lib/devise/version.rb +3 -1
  78. data/lib/devise.rb +69 -28
  79. data/lib/generators/active_record/devise_generator.rb +38 -16
  80. data/lib/generators/active_record/templates/migration.rb +3 -1
  81. data/lib/generators/active_record/templates/migration_existing.rb +2 -0
  82. data/lib/generators/devise/controllers_generator.rb +4 -2
  83. data/lib/generators/devise/devise_generator.rb +5 -3
  84. data/lib/generators/devise/install_generator.rb +3 -5
  85. data/lib/generators/devise/orm_helpers.rb +5 -3
  86. data/lib/generators/devise/views_generator.rb +8 -9
  87. data/lib/generators/mongoid/devise_generator.rb +7 -5
  88. data/lib/generators/templates/README +9 -8
  89. data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
  90. data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +3 -1
  91. data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
  92. data/lib/generators/templates/controllers/registrations_controller.rb +4 -2
  93. data/lib/generators/templates/controllers/sessions_controller.rb +3 -1
  94. data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
  95. data/lib/generators/templates/devise.rb +59 -11
  96. data/lib/generators/templates/markerb/email_changed.markerb +7 -0
  97. data/lib/generators/templates/markerb/password_change.markerb +2 -2
  98. data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +5 -1
  99. data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +10 -2
  100. data/lib/generators/templates/simple_form_for/passwords/new.html.erb +5 -2
  101. data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +12 -4
  102. data/lib/generators/templates/simple_form_for/registrations/new.html.erb +11 -3
  103. data/lib/generators/templates/simple_form_for/sessions/new.html.erb +7 -2
  104. data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +4 -1
  105. metadata +23 -302
  106. data/.gitignore +0 -10
  107. data/.travis.yml +0 -44
  108. data/.yardopts +0 -9
  109. data/CODE_OF_CONDUCT.md +0 -22
  110. data/CONTRIBUTING.md +0 -16
  111. data/Gemfile +0 -30
  112. data/Gemfile.lock +0 -182
  113. data/Rakefile +0 -36
  114. data/bin/test +0 -13
  115. data/devise.gemspec +0 -26
  116. data/devise.png +0 -0
  117. data/gemfiles/Gemfile.rails-4.1-stable +0 -30
  118. data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -170
  119. data/gemfiles/Gemfile.rails-4.2-stable +0 -30
  120. data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -192
  121. data/gemfiles/Gemfile.rails-5.0-beta +0 -37
  122. data/gemfiles/Gemfile.rails-5.0-beta.lock +0 -199
  123. data/lib/devise/test_helpers.rb +0 -137
  124. data/test/controllers/custom_registrations_controller_test.rb +0 -40
  125. data/test/controllers/custom_strategy_test.rb +0 -64
  126. data/test/controllers/helper_methods_test.rb +0 -22
  127. data/test/controllers/helpers_test.rb +0 -316
  128. data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -51
  129. data/test/controllers/internal_helpers_test.rb +0 -127
  130. data/test/controllers/load_hooks_controller_test.rb +0 -19
  131. data/test/controllers/passwords_controller_test.rb +0 -32
  132. data/test/controllers/sessions_controller_test.rb +0 -106
  133. data/test/controllers/url_helpers_test.rb +0 -65
  134. data/test/delegator_test.rb +0 -19
  135. data/test/devise_test.rb +0 -107
  136. data/test/failure_app_test.rb +0 -320
  137. data/test/generators/active_record_generator_test.rb +0 -83
  138. data/test/generators/controllers_generator_test.rb +0 -48
  139. data/test/generators/devise_generator_test.rb +0 -39
  140. data/test/generators/install_generator_test.rb +0 -24
  141. data/test/generators/mongoid_generator_test.rb +0 -23
  142. data/test/generators/views_generator_test.rb +0 -103
  143. data/test/helpers/devise_helper_test.rb +0 -49
  144. data/test/integration/authenticatable_test.rb +0 -698
  145. data/test/integration/confirmable_test.rb +0 -324
  146. data/test/integration/database_authenticatable_test.rb +0 -95
  147. data/test/integration/http_authenticatable_test.rb +0 -106
  148. data/test/integration/lockable_test.rb +0 -240
  149. data/test/integration/omniauthable_test.rb +0 -135
  150. data/test/integration/recoverable_test.rb +0 -347
  151. data/test/integration/registerable_test.rb +0 -357
  152. data/test/integration/rememberable_test.rb +0 -211
  153. data/test/integration/timeoutable_test.rb +0 -184
  154. data/test/integration/trackable_test.rb +0 -92
  155. data/test/mailers/confirmation_instructions_test.rb +0 -115
  156. data/test/mailers/reset_password_instructions_test.rb +0 -96
  157. data/test/mailers/unlock_instructions_test.rb +0 -91
  158. data/test/mapping_test.rb +0 -134
  159. data/test/models/authenticatable_test.rb +0 -23
  160. data/test/models/confirmable_test.rb +0 -511
  161. data/test/models/database_authenticatable_test.rb +0 -269
  162. data/test/models/lockable_test.rb +0 -350
  163. data/test/models/omniauthable_test.rb +0 -7
  164. data/test/models/recoverable_test.rb +0 -251
  165. data/test/models/registerable_test.rb +0 -7
  166. data/test/models/rememberable_test.rb +0 -169
  167. data/test/models/serializable_test.rb +0 -49
  168. data/test/models/timeoutable_test.rb +0 -51
  169. data/test/models/trackable_test.rb +0 -41
  170. data/test/models/validatable_test.rb +0 -119
  171. data/test/models_test.rb +0 -153
  172. data/test/omniauth/config_test.rb +0 -57
  173. data/test/omniauth/url_helpers_test.rb +0 -51
  174. data/test/orm/active_record.rb +0 -17
  175. data/test/orm/mongoid.rb +0 -13
  176. data/test/parameter_sanitizer_test.rb +0 -131
  177. data/test/rails_app/Rakefile +0 -6
  178. data/test/rails_app/app/active_record/admin.rb +0 -6
  179. data/test/rails_app/app/active_record/shim.rb +0 -2
  180. data/test/rails_app/app/active_record/user.rb +0 -7
  181. data/test/rails_app/app/active_record/user_on_engine.rb +0 -7
  182. data/test/rails_app/app/active_record/user_on_main_app.rb +0 -7
  183. data/test/rails_app/app/active_record/user_without_email.rb +0 -8
  184. data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
  185. data/test/rails_app/app/controllers/admins_controller.rb +0 -6
  186. data/test/rails_app/app/controllers/application_controller.rb +0 -11
  187. data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -30
  188. data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -31
  189. data/test/rails_app/app/controllers/home_controller.rb +0 -29
  190. data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
  191. data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
  192. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
  193. data/test/rails_app/app/controllers/users_controller.rb +0 -31
  194. data/test/rails_app/app/helpers/application_helper.rb +0 -3
  195. data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -3
  196. data/test/rails_app/app/mailers/users/mailer.rb +0 -3
  197. data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -4
  198. data/test/rails_app/app/mongoid/admin.rb +0 -29
  199. data/test/rails_app/app/mongoid/shim.rb +0 -23
  200. data/test/rails_app/app/mongoid/user.rb +0 -39
  201. data/test/rails_app/app/mongoid/user_on_engine.rb +0 -39
  202. data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -39
  203. data/test/rails_app/app/mongoid/user_without_email.rb +0 -33
  204. data/test/rails_app/app/views/admins/index.html.erb +0 -1
  205. data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
  206. data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
  207. data/test/rails_app/app/views/home/index.html.erb +0 -1
  208. data/test/rails_app/app/views/home/join.html.erb +0 -1
  209. data/test/rails_app/app/views/home/private.html.erb +0 -1
  210. data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
  211. data/test/rails_app/app/views/layouts/application.html.erb +0 -24
  212. data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
  213. data/test/rails_app/app/views/users/index.html.erb +0 -1
  214. data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
  215. data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
  216. data/test/rails_app/bin/bundle +0 -3
  217. data/test/rails_app/bin/rails +0 -4
  218. data/test/rails_app/bin/rake +0 -4
  219. data/test/rails_app/config/application.rb +0 -44
  220. data/test/rails_app/config/boot.rb +0 -14
  221. data/test/rails_app/config/database.yml +0 -18
  222. data/test/rails_app/config/environment.rb +0 -5
  223. data/test/rails_app/config/environments/development.rb +0 -30
  224. data/test/rails_app/config/environments/production.rb +0 -84
  225. data/test/rails_app/config/environments/test.rb +0 -46
  226. data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
  227. data/test/rails_app/config/initializers/devise.rb +0 -180
  228. data/test/rails_app/config/initializers/inflections.rb +0 -2
  229. data/test/rails_app/config/initializers/secret_token.rb +0 -3
  230. data/test/rails_app/config/initializers/session_store.rb +0 -1
  231. data/test/rails_app/config/routes.rb +0 -126
  232. data/test/rails_app/config.ru +0 -4
  233. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -71
  234. data/test/rails_app/db/schema.rb +0 -55
  235. data/test/rails_app/lib/shared_admin.rb +0 -17
  236. data/test/rails_app/lib/shared_user.rb +0 -30
  237. data/test/rails_app/lib/shared_user_without_email.rb +0 -26
  238. data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -13
  239. data/test/rails_app/public/404.html +0 -26
  240. data/test/rails_app/public/422.html +0 -26
  241. data/test/rails_app/public/500.html +0 -26
  242. data/test/rails_app/public/favicon.ico +0 -0
  243. data/test/rails_test.rb +0 -9
  244. data/test/routes_test.rb +0 -279
  245. data/test/support/action_controller/record_identifier.rb +0 -10
  246. data/test/support/assertions.rb +0 -39
  247. data/test/support/helpers.rb +0 -77
  248. data/test/support/http_method_compatibility.rb +0 -51
  249. data/test/support/integration.rb +0 -92
  250. data/test/support/locale/en.yml +0 -8
  251. data/test/support/mongoid.yml +0 -6
  252. data/test/support/webrat/integrations/rails.rb +0 -33
  253. data/test/test_helper.rb +0 -34
  254. data/test/test_helpers_test.rb +0 -178
  255. data/test/test_models.rb +0 -33
data/README.md CHANGED
@@ -1,11 +1,4 @@
1
- ![Devise Logo](https://raw.github.com/plataformatec/devise/master/devise.png)
2
-
3
- By [Plataformatec](http://plataformatec.com.br/).
4
-
5
- [![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise)
6
- [![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise)
7
-
8
- This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).
1
+ ![Devise Logo](https://raw.github.com/heartcombo/devise/main/devise.png)
9
2
 
10
3
  Devise is a flexible authentication solution for Rails based on Warden. It:
11
4
 
@@ -16,16 +9,55 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
16
9
 
17
10
  It's composed of 10 modules:
18
11
 
19
- * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
20
- * [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support.
21
- * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
22
- * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
23
- * [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
24
- * [Rememberable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
25
- * [Trackable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
26
- * [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time.
27
- * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
28
- * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
12
+ * [Database Authenticatable](https://www.rubydoc.info/gems/devise/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
13
+ * [Omniauthable](https://www.rubydoc.info/gems/devise/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support.
14
+ * [Confirmable](https://www.rubydoc.info/gems/devise/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
15
+ * [Recoverable](https://www.rubydoc.info/gems/devise/Devise/Models/Recoverable): resets the user password and sends reset instructions.
16
+ * [Registerable](https://www.rubydoc.info/gems/devise/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
17
+ * [Rememberable](https://www.rubydoc.info/gems/devise/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
18
+ * [Trackable](https://www.rubydoc.info/gems/devise/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
19
+ * [Timeoutable](https://www.rubydoc.info/gems/devise/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time.
20
+ * [Validatable](https://www.rubydoc.info/gems/devise/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
21
+ * [Lockable](https://www.rubydoc.info/gems/devise/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
22
+
23
+ ## Table of Contents
24
+
25
+ <!-- TOC depthFrom:1 depthTo:6 withLinks:1 orderedList:0 -->
26
+
27
+ - [Information](#information)
28
+ - [The Devise wiki](#the-devise-wiki)
29
+ - [Bug reports](#bug-reports)
30
+ - [StackOverflow and Mailing List](#stackoverflow-and-mailing-list)
31
+ - [RDocs](#rdocs)
32
+ - [Example applications](#example-applications)
33
+ - [Extensions](#extensions)
34
+ - [Supported Ruby / Rails versions](#supported-ruby--rails-versions)
35
+ - [Contributing](#contributing)
36
+ - [Starting with Rails?](#starting-with-rails)
37
+ - [Getting started](#getting-started)
38
+ - [Controller filters and helpers](#controller-filters-and-helpers)
39
+ - [Configuring Models](#configuring-models)
40
+ - [Strong Parameters](#strong-parameters)
41
+ - [Configuring views](#configuring-views)
42
+ - [Configuring controllers](#configuring-controllers)
43
+ - [Configuring routes](#configuring-routes)
44
+ - [I18n](#i18n)
45
+ - [Test helpers](#test-helpers)
46
+ - [Controller tests](#controller-tests)
47
+ - [Integration tests](#integration-tests)
48
+ - [OmniAuth](#omniauth)
49
+ - [Configuring multiple models](#configuring-multiple-models)
50
+ - [Active Job Integration](#active-job-integration)
51
+ - [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs)
52
+ - [Other ORMs](#other-orms)
53
+ - [Rails API mode](#rails-api-mode)
54
+ - [Additional information](#additional-information)
55
+ - [Warden](#warden)
56
+ - [License](#license)
57
+
58
+ <!-- /TOC -->
59
+
60
+
29
61
 
30
62
  ## Information
31
63
 
@@ -33,27 +65,32 @@ It's composed of 10 modules:
33
65
 
34
66
  The Devise Wiki has lots of additional information about Devise including many "how-to" articles and answers to the most frequently asked questions. Please browse the Wiki after finishing this README:
35
67
 
36
- https://github.com/plataformatec/devise/wiki
68
+ https://github.com/heartcombo/devise/wiki
37
69
 
38
70
  ### Bug reports
39
71
 
40
72
  If you discover a problem with Devise, we would like to know about it. However, we ask that you please review these guidelines before submitting a bug report:
41
73
 
42
- https://github.com/plataformatec/devise/wiki/Bug-reports
74
+ https://github.com/heartcombo/devise/wiki/Bug-reports
75
+
76
+ If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to heartcombo.oss@gmail.com.
77
+
78
+ ### StackOverflow and Mailing List
43
79
 
44
- If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br.
80
+ If you have any questions, comments, or concerns, please use StackOverflow instead of the GitHub issue tracker:
45
81
 
46
- ### Mailing list
82
+ https://stackoverflow.com/questions/tagged/devise
47
83
 
48
- If you have any questions, comments, or concerns, please use the Google Group instead of the GitHub issue tracker:
84
+ The deprecated mailing lists can still be read on:
49
85
 
50
86
  https://groups.google.com/group/plataformatec-devise
87
+ https://groups.google.com/group/heartcombo
51
88
 
52
89
  ### RDocs
53
90
 
54
91
  You can view the Devise documentation in RDoc format here:
55
92
 
56
- http://rubydoc.info/github/plataformatec/devise/master/frames
93
+ https://rubydoc.info/github/heartcombo/devise/main/frames
57
94
 
58
95
  If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation.
59
96
 
@@ -61,65 +98,121 @@ If you need to use Devise with previous versions of Rails, you can always run "g
61
98
 
62
99
  There are a few example applications available on GitHub that demonstrate various features of Devise with different versions of Rails. You can view them here:
63
100
 
64
- https://github.com/plataformatec/devise/wiki/Example-Applications
101
+ https://github.com/heartcombo/devise/wiki/Example-Applications
65
102
 
66
103
  ### Extensions
67
104
 
68
105
  Our community has created a number of extensions that add functionality above and beyond what is included with Devise. You can view a list of available extensions and add your own here:
69
106
 
70
- https://github.com/plataformatec/devise/wiki/Extensions
107
+ https://github.com/heartcombo/devise/wiki/Extensions
108
+
109
+ ### Supported Ruby / Rails versions
110
+
111
+ We intend to maintain support for all Ruby / Rails versions that haven't reached end-of-life.
112
+
113
+ For more information about specific versions please check [Ruby](https://www.ruby-lang.org/en/downloads/branches/)
114
+ and [Rails](https://guides.rubyonrails.org/maintenance_policy.html) maintenance policies, and our test matrix.
71
115
 
72
116
  ### Contributing
73
117
 
74
118
  We hope that you will consider contributing to Devise. Please read this short overview for some information about how to get started:
75
119
 
76
- https://github.com/plataformatec/devise/wiki/Contributing
120
+ https://github.com/heartcombo/devise/wiki/Contributing
121
+
122
+ You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run `bundle install` and `bin/test`.
123
+ Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`.
77
124
 
78
- You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run "bundle install" and "rake". For the tests to pass, you will need to have a MongoDB server (version 2.0 or newer) running on your system.
125
+ #### DEVISE_ORM
126
+ Since Devise supports both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM.
127
+ The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`:
128
+ ```
129
+ DEVISE_ORM=mongoid bin/test
130
+
131
+ ==> Devise.orm = :mongoid
132
+ ```
133
+ When running the tests for Mongoid, you will need to have a MongoDB server (version 2.0 or newer) running on your system.
134
+
135
+ Please note that the command output will show the variable value being used.
136
+
137
+ #### BUNDLE_GEMFILE
138
+ We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory).
139
+ Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable.
140
+ For example, if the tests broke using Ruby 3.4 and Rails 8.0, you can do the following:
141
+ ```bash
142
+ chruby 3.4.0 # or rbenv shell 3.4.0, or rvm use 3.4.0, etc.
143
+ BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bundle install
144
+ BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bin/test
145
+ ```
146
+
147
+ You can also combine both of them if the tests broke for Mongoid:
148
+ ```bash
149
+ BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bundle install
150
+ BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 DEVISE_ORM=mongoid bin/test
151
+ ```
152
+
153
+ ### Running tests
154
+ Devise uses [minitest](https://github.com/seattlerb/minitest) as test framework.
155
+
156
+ * Running all tests:
157
+ ```bash
158
+ bin/test
159
+ ```
160
+
161
+ * Running tests for an specific file:
162
+ ```bash
163
+ bin/test test/models/trackable_test.rb
164
+ ```
165
+
166
+ * Running a specific test given a line number or a regex:
167
+ ```bash
168
+ bin/test test/models/trackable_test.rb:16
169
+ bin/test test/models/trackable_test.rb -n '/update.*record/'
170
+ ```
79
171
 
80
172
  ## Starting with Rails?
81
173
 
82
- If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started:
174
+ If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Here's a few resources that should help you get started:
83
175
 
84
176
  * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users
85
- * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch
86
- * Codecademy's Ruby on Rails: Authentication and Authorization: http://www.codecademy.com/en/learn/rails-auth
177
+ * Ryan Bates' Railscasts: http://railscasts.com/episodes/250-authentication-from-scratch and http://railscasts.com/episodes/250-authentication-from-scratch-revised
178
+ * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth
87
179
 
88
180
  Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley:
89
181
 
90
182
  ## Getting started
91
183
 
92
- Devise 4.0 works with Rails 4.2 onwards. You can add it to your Gemfile with:
184
+ Devise 5 works with Rails 7 onwards. Run:
93
185
 
94
- ```ruby
95
- gem 'devise'
186
+ ```sh
187
+ bundle add devise
96
188
  ```
97
189
 
98
- Run the bundle command to install it.
99
-
100
- After you install Devise and add it to your Gemfile, you need to run the generator:
190
+ Next, you need to run the generator:
101
191
 
102
192
  ```console
103
193
  rails generate devise:install
104
194
  ```
105
195
 
106
- The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator:
196
+ At this point, a number of instructions will appear in the console. Among these instructions, you'll need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
107
197
 
108
- ```console
109
- rails generate devise MODEL
198
+ ```ruby
199
+ config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
110
200
  ```
111
201
 
112
- Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
202
+ The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator.
113
203
 
114
- Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
115
204
 
116
- Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
205
+ In the following command you will replace `MODEL` with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
117
206
 
118
- ```ruby
119
- config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
207
+ ```console
208
+ rails generate devise MODEL
120
209
  ```
121
210
 
122
- You should restart your application after changing Devise's configuration options. Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined.
211
+ Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration.
212
+
213
+ Then run `rails db:migrate`
214
+
215
+ You should restart your application after changing Devise's configuration options (this includes stopping spring). Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined.
123
216
 
124
217
  ### Controller filters and helpers
125
218
 
@@ -154,7 +247,7 @@ user_session
154
247
  After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect to. For instance, when using a `:user` resource, the `user_root_path` will be used if it exists; otherwise, the default `root_path` will be used. This means that you need to set the root inside your routes:
155
248
 
156
249
  ```ruby
157
- root to: "home#index"
250
+ root to: 'home#index'
158
251
  ```
159
252
 
160
253
  You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks.
@@ -176,16 +269,16 @@ member_session
176
269
  The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with:
177
270
 
178
271
  ```ruby
179
- devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20
272
+ devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 13
180
273
  ```
181
274
 
182
275
  Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. This file is usually located at `/config/initializers/devise.rb`.
183
276
 
184
277
  ### Strong Parameters
185
278
 
186
- ![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204)
279
+ The Parameter Sanitizer API has changed for Devise 4 :warning:
187
280
 
188
- *For previous Devise versions see https://github.com/plataformatec/devise/tree/3-stable#strong-parameters*
281
+ *For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters*
189
282
 
190
283
  When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
191
284
 
@@ -195,7 +288,7 @@ There are just three actions in Devise that allow any set of parameters to be pa
195
288
  * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
196
289
  * `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password`
197
290
 
198
- In case you want to permit additional parameters (the lazy way™), you can do so using a simple before filter in your `ApplicationController`:
291
+ In case you want to permit additional parameters (the lazy way™), you can do so using a simple before action in your `ApplicationController`:
199
292
 
200
293
  ```ruby
201
294
  class ApplicationController < ActionController::Base
@@ -209,7 +302,21 @@ class ApplicationController < ActionController::Base
209
302
  end
210
303
  ```
211
304
 
212
- The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
305
+ The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types:
306
+
307
+ ```ruby
308
+ class ApplicationController < ActionController::Base
309
+ before_action :configure_permitted_parameters, if: :devise_controller?
310
+
311
+ protected
312
+
313
+ def configure_permitted_parameters
314
+ devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, address_attributes: [:country, :state, :city, :area, :postal_code]])
315
+ end
316
+ end
317
+ ```
318
+
319
+ Devise allows you to completely change Devise defaults or invoke custom behavior by passing a block:
213
320
 
214
321
  To permit simple scalar values for username and email, use this
215
322
 
@@ -282,7 +389,7 @@ rails generate devise:views users
282
389
  ```
283
390
 
284
391
  If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module,
285
- you can pass a list of modules to the generator with the `-v` flag.
392
+ you can pass a list of views to the generator with the `-v` flag.
286
393
 
287
394
  ```console
288
395
  rails generate devise:views -v registrations confirmations
@@ -310,14 +417,15 @@ If the customization at the views level is not enough, you can customize each co
310
417
  ...
311
418
  end
312
419
  ```
420
+ Use the `-c` flag to specify one or more controllers, for example: `rails generate devise:controllers users -c sessions`
313
421
 
314
422
  2. Tell the router to use this controller:
315
423
 
316
424
  ```ruby
317
- devise_for :users, controllers: { sessions: "users/sessions" }
425
+ devise_for :users, controllers: { sessions: 'users/sessions' }
318
426
  ```
319
427
 
320
- 3. Copy the views from `devise/sessions` to `users/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`.
428
+ 3. Recommended but not required: copy (or move) the views from `devise/sessions` to `users/sessions`. Rails will continue using the views from `devise/sessions` due to inheritance if you skip this step, but having the views matching the controller(s) keeps things consistent.
321
429
 
322
430
  4. Finally, change or extend the desired controller actions.
323
431
 
@@ -331,7 +439,7 @@ If the customization at the views level is not enough, you can customize each co
331
439
  end
332
440
  ```
333
441
 
334
- Or you can simply add new behaviour to it:
442
+ Or you can simply add new behavior to it:
335
443
 
336
444
  ```ruby
337
445
  class Users::SessionsController < Devise::SessionsController
@@ -352,21 +460,58 @@ Remember that Devise uses flash messages to let users know if sign in was succes
352
460
  Devise also ships with default routes. If you need to customize them, you should probably be able to do it through the devise_for method. It accepts several options like :class_name, :path_prefix and so on, including the possibility to change path names for I18n:
353
461
 
354
462
  ```ruby
355
- devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
463
+ devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
356
464
  ```
357
465
 
358
- Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details.
466
+ Be sure to check `devise_for` [documentation](https://www.rubydoc.info/gems/devise/ActionDispatch/Routing/Mapper#devise_for-instance_method) for details.
359
467
 
360
468
  If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router:
361
469
 
362
470
  ```ruby
363
471
  devise_scope :user do
364
- get "sign_in", to: "devise/sessions#new"
472
+ get 'sign_in', to: 'devise/sessions#new'
365
473
  end
366
474
  ```
367
475
 
368
476
  This way, you tell Devise to use the scope `:user` when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router.
369
477
 
478
+ Please note: You will still need to add `devise_for` in your routes in order to use helper methods such as `current_user`.
479
+
480
+ ```ruby
481
+ devise_for :users, skip: :all
482
+ ```
483
+
484
+ ### Hotwire/Turbo
485
+
486
+ Devise integrates with Hotwire/Turbo by treating such requests as navigational, and configuring certain responses for errors and redirects to match the expected behavior. New apps are generated with the following response configuration by default, and existing apps may opt-in by adding the config to their Devise initializers:
487
+
488
+ ```ruby
489
+ Devise.setup do |config|
490
+ # ...
491
+ # When using Devise with Hotwire/Turbo, the http status for error responses
492
+ # and some redirects must match the following. The default in Devise for existing
493
+ # apps is `200 OK` and `302 Found` respectively, but new apps are generated with
494
+ # these new defaults that match Hotwire/Turbo behavior.
495
+ # Note: These might become the new default in future versions of Devise.
496
+ config.responder.error_status = :unprocessable_content # for Rack 3.1 or higher
497
+ # config.responder.error_status = :unprocessable_entity # for Rack 3.0 or lower
498
+ config.responder.redirect_status = :see_other
499
+ end
500
+ ```
501
+
502
+ **Important**: these custom responses require the `responders` gem version to be `3.1.0` or higher, please make sure you update it if you're going to use this configuration. Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more info.
503
+
504
+ _Note_: the above statuses configuration may become the default for Devise in a future release.
505
+
506
+ There are a couple other changes you might need to make in your app to work with Hotwire/Turbo, if you're migrating from rails-ujs:
507
+
508
+ * The `data-confirm` option that adds a confirmation modal to buttons/forms before submission needs to change to `data-turbo-confirm`, so that Turbo handles those appropriately.
509
+ * The `data-method` option that sets the request method for link submissions needs to change to `data-turbo-method`. This is not necessary for `button_to` or `form`s since Turbo can handle those.
510
+
511
+ If you're setting up Devise to sign out via `:delete`, and you're using links (instead of buttons wrapped in a form) to sign out with the `method: :delete` option, they will need to be updated as described above. (Devise does not provide sign out links/buttons in its shared views.)
512
+
513
+ Make sure to inspect your views looking for those, and change appropriately.
514
+
370
515
  ### I18n
371
516
 
372
517
  Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file:
@@ -405,55 +550,113 @@ en:
405
550
 
406
551
  Take a look at our locale file to check all available messages. You may also be interested in one of the many translations that are available on our wiki:
407
552
 
408
- https://github.com/plataformatec/devise/wiki/I18n
553
+ https://github.com/heartcombo/devise/wiki/I18n
409
554
 
410
555
  Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController.
411
556
 
412
557
  ### Test helpers
413
558
 
414
- Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of `ActiveSupport::TestCase` which is the default class inside of `test/test_helper.rb`):
559
+ Devise includes some test helpers for controller and integration tests.
560
+ In order to use them, you need to include the respective module in your test
561
+ cases/specs.
562
+
563
+ ### Controller tests
564
+
565
+ Controller tests require that you include `Devise::Test::IntegrationHelpers` on
566
+ your test case or its parent `ActionController::TestCase` superclass.
567
+ For Rails versions prior to 5, include `Devise::Test::ControllerHelpers` instead, since the superclass
568
+ for controller tests was changed to ActionDispatch::IntegrationTest
569
+ (for more details, see the [Integration tests](#integration-tests) section).
415
570
 
416
571
  ```ruby
417
- class ActionController::TestCase
418
- include Devise::TestHelpers
572
+ class PostsControllerTest < ActionController::TestCase
573
+ include Devise::Test::IntegrationHelpers # Rails >= 5
419
574
  end
420
575
  ```
421
576
 
422
- If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb` (or `spec/rails_helper.rb` if you are using rspec-rails):
577
+ ```ruby
578
+ class PostsControllerTest < ActionController::TestCase
579
+ include Devise::Test::ControllerHelpers # Rails < 5
580
+ end
581
+ ```
582
+
583
+ If you're using RSpec, you can put the following inside a file named
584
+ `spec/support/devise.rb` or in your `spec/spec_helper.rb` (or
585
+ `spec/rails_helper.rb` if you are using `rspec-rails`):
423
586
 
424
587
  ```ruby
425
588
  RSpec.configure do |config|
426
- config.include Devise::TestHelpers, type: :controller
427
- config.include Devise::TestHelpers, type: :view
589
+ config.include Devise::Test::ControllerHelpers, type: :controller
590
+ config.include Devise::Test::ControllerHelpers, type: :view
428
591
  end
429
592
  ```
430
593
 
431
594
  Just be sure that this inclusion is made *after* the `require 'rspec/rails'` directive.
432
595
 
433
- Now you are ready to use the `sign_in` and `sign_out` methods. Such methods have the same signature as in controllers:
596
+ Now you are ready to use the `sign_in` and `sign_out` methods on your controller
597
+ tests:
434
598
 
435
599
  ```ruby
436
- sign_in :user, @user # sign_in(scope, resource)
437
- sign_in @user # sign_in(resource)
600
+ sign_in @user
601
+ sign_in @user, scope: :admin
602
+ ```
603
+
604
+ If you are testing Devise internal controllers or a controller that inherits
605
+ from Devise's, you need to tell Devise which mapping should be used before a
606
+ request. This is necessary because Devise gets this information from the router,
607
+ but since controller tests do not pass through the router, it needs to be stated
608
+ explicitly. For example, if you are testing the user scope, simply use:
438
609
 
439
- sign_out :user # sign_out(scope)
440
- sign_out @user # sign_out(resource)
610
+ ```ruby
611
+ test 'GET new' do
612
+ # Mimic the router behavior of setting the Devise scope through the env.
613
+ @request.env['devise.mapping'] = Devise.mappings[:user]
614
+
615
+ # Use the sign_in helper to sign in a fixture `User` record.
616
+ sign_in users(:alice)
617
+
618
+ get :new
619
+
620
+ # assert something
621
+ end
441
622
  ```
442
623
 
443
- There are two things that are important to keep in mind:
624
+ ### Integration tests
444
625
 
445
- 1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. It is undesirable even to include `Devise::TestHelpers` during integration tests. Instead, fill in the form or explicitly set the user in session;
626
+ Integration test helpers are available by including the
627
+ `Devise::Test::IntegrationHelpers` module.
446
628
 
447
- 2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use:
629
+ ```ruby
630
+ class PostsTests < ActionDispatch::IntegrationTest
631
+ include Devise::Test::IntegrationHelpers
632
+ end
633
+ ```
448
634
 
449
- ```ruby
450
- @request.env["devise.mapping"] = Devise.mappings[:user]
451
- get :new
452
- ```
635
+ Now you can use the following `sign_in` and `sign_out` methods in your integration
636
+ tests:
637
+
638
+ ```ruby
639
+ sign_in users(:bob)
640
+ sign_in users(:bob), scope: :admin
641
+
642
+ sign_out :user
643
+ ```
644
+
645
+ RSpec users can include the `IntegrationHelpers` module on their `:feature` specs.
646
+
647
+ ```ruby
648
+ RSpec.configure do |config|
649
+ config.include Devise::Test::IntegrationHelpers, type: :feature
650
+ end
651
+ ```
652
+
653
+ Unlike controller tests, integration tests do not need to supply the
654
+ `devise.mapping` `env` value, as the mapping can be inferred by the routes that
655
+ are executed in your tests.
453
656
 
454
- You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki:
657
+ You can read more about testing your Rails controllers with RSpec in the wiki:
455
658
 
456
- * https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-3-and-4-%28and-RSpec%29
659
+ * https://github.com/heartcombo/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec)
457
660
 
458
661
  ### OmniAuth
459
662
 
@@ -465,7 +668,7 @@ config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
465
668
 
466
669
  You can read more about OmniAuth support in the wiki:
467
670
 
468
- * https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
671
+ * https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview
469
672
 
470
673
  ### Configuring multiple models
471
674
 
@@ -498,9 +701,9 @@ Alternatively, you can simply run the Devise generator.
498
701
 
499
702
  Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend that you use a role-based approach, by either providing a role column or using a dedicated gem for authorization.
500
703
 
501
- ### ActiveJob Integration
704
+ ### Active Job Integration
502
705
 
503
- If you are using Rails 4.2 and ActiveJob to deliver ActionMailer messages in the
706
+ If you are using Active Job to deliver Action Mailer messages in the
504
707
  background through a queuing back-end, you can send Devise emails through your
505
708
  existing queue by overriding the `send_devise_notification` method in your model.
506
709
 
@@ -512,12 +715,12 @@ end
512
715
 
513
716
  ### Password reset tokens and Rails logs
514
717
 
515
- If you enable the [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files:
718
+ If you enable the [Recoverable](https://www.rubydoc.info/gems/devise/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files:
516
719
 
517
720
  1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked.
518
721
  2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked.
519
722
 
520
- Rails sets the production logger level to DEBUG by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`:
723
+ Rails sets the production logger level to INFO by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`:
521
724
 
522
725
  ```ruby
523
726
  config.log_level = :warn
@@ -528,32 +731,46 @@ config.log_level = :warn
528
731
 
529
732
  Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simply require it in the initializer file.
530
733
 
531
- ## Additional information
734
+ ### Rails API Mode
735
+
736
+ Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). Devise is _somewhat_ able to handle applications that are built in this mode without additional modifications in the sense that it should not raise exceptions and the like. But some issues may still arise during `development`/`testing`, as we still don't know the full extent of this compatibility. (For more information, see [issue #4947](https://github.com/heartcombo/devise/issues/4947/))
532
737
 
533
- ### Heroku
738
+ #### Supported Authentication Strategies
739
+ API-only applications don't support browser-based authentication via cookies, which is devise's default. Yet, devise can still provide authentication out of the box in those cases with the `http_authenticatable` strategy, which uses HTTP Basic Auth and authenticates the user on each request. (For more info, see this wiki article for [How To: Use HTTP Basic Authentication](https://github.com/heartcombo/devise/wiki/How-To:-Use-HTTP-Basic-Authentication))
534
740
 
535
- Using Devise on Heroku with Ruby on Rails 3.2 requires setting:
741
+ The devise default for HTTP Auth is disabled, so it will need to be enabled in the devise initializer for the database strategy:
536
742
 
537
743
  ```ruby
538
- config.assets.initialize_on_precompile = false
744
+ config.http_authenticatable = [:database]
539
745
  ```
540
746
 
541
- Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html
747
+ This restriction does not limit you from implementing custom warden strategies, either in your application or via gem-based extensions for devise.
748
+ A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/heartcombo/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](https://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/).
542
749
 
543
- ### Warden
750
+ #### Testing
751
+ API Mode changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb:
544
752
 
545
- Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here:
753
+ ```ruby
754
+ Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Cookies
755
+ Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Session::CookieStore
756
+ ```
757
+
758
+ For a deeper understanding of this, review [this issue](https://github.com/heartcombo/devise/issues/4696).
759
+
760
+ Additionally be mindful that without views supported, some email-based flows from Confirmable, Recoverable and Lockable are not supported directly at this time.
546
761
 
547
- https://github.com/hassox/warden
762
+ ## Additional information
548
763
 
549
- ### Contributors
764
+ ### Warden
550
765
 
551
- We have a long list of valued contributors. Check them all at:
766
+ Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here:
552
767
 
553
- https://github.com/plataformatec/devise/graphs/contributors
768
+ https://github.com/wardencommunity/warden
554
769
 
555
770
  ## License
556
771
 
557
- MIT License. Copyright 2009-2016 Plataformatec. http://plataformatec.com.br
772
+ MIT License.
773
+ Copyright 2020-CURRENT Rafael França, Carlos Antonio da Silva.
774
+ Copyright 2009-2019 Plataformatec.
558
775
 
559
- You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo.
776
+ The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/).