RubyGems - devise - Versions diffs - 4.3.0 → 4.4.2 - Mend

devise 4.3.0 → 4.4.2

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (217) hide show

checksums.yaml +5 -5
data/.travis.yml +15 -5
data/CHANGELOG.md +41 -0
data/Gemfile +2 -3
data/Gemfile.lock +3 -4
data/ISSUE_TEMPLATE.md +19 -0
data/README.md +97 -4
data/Rakefile +1 -0
data/app/controllers/devise/confirmations_controller.rb +2 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +3 -1
data/app/controllers/devise/passwords_controller.rb +2 -0
data/app/controllers/devise/registrations_controller.rb +5 -3
data/app/controllers/devise/sessions_controller.rb +3 -1
data/app/controllers/devise/unlocks_controller.rb +2 -0
data/app/controllers/devise_controller.rb +2 -0
data/app/helpers/devise_helper.rb +2 -0
data/app/mailers/devise/mailer.rb +2 -0
data/app/views/devise/confirmations/new.html.erb +1 -1
data/app/views/devise/passwords/new.html.erb +1 -1
data/app/views/devise/registrations/edit.html.erb +1 -1
data/app/views/devise/registrations/new.html.erb +1 -1
data/app/views/devise/sessions/new.html.erb +1 -1
data/app/views/devise/unlocks/new.html.erb +1 -1
data/devise.gemspec +3 -1
data/gemfiles/Gemfile.rails-4.1-stable +3 -1
data/gemfiles/Gemfile.rails-4.1-stable.lock +4 -4
data/gemfiles/Gemfile.rails-4.2-stable +3 -1
data/gemfiles/Gemfile.rails-4.2-stable.lock +4 -4
data/gemfiles/Gemfile.rails-5.0-stable +2 -3
data/gemfiles/Gemfile.rails-5.0-stable.lock +3 -4
data/gemfiles/Gemfile.rails-5.2-rc1 +26 -0
data/gemfiles/Gemfile.rails-5.2-rc1.lock +201 -0
data/guides/bug_report_templates/integration_test.rb +2 -0
data/lib/devise/controllers/helpers.rb +2 -0
data/lib/devise/controllers/rememberable.rb +2 -0
data/lib/devise/controllers/scoped_views.rb +2 -0
data/lib/devise/controllers/sign_in_out.rb +6 -1
data/lib/devise/controllers/store_location.rb +24 -6
data/lib/devise/controllers/url_helpers.rb +2 -0
data/lib/devise/delegator.rb +2 -0
data/lib/devise/encryptor.rb +2 -0
data/lib/devise/failure_app.rb +2 -0
data/lib/devise/hooks/activatable.rb +2 -0
data/lib/devise/hooks/csrf_cleaner.rb +2 -0
data/lib/devise/hooks/forgetable.rb +2 -0
data/lib/devise/hooks/lockable.rb +2 -0
data/lib/devise/hooks/proxy.rb +2 -0
data/lib/devise/hooks/rememberable.rb +2 -0
data/lib/devise/hooks/timeoutable.rb +2 -0
data/lib/devise/hooks/trackable.rb +2 -0
data/lib/devise/mailers/helpers.rb +2 -0
data/lib/devise/mapping.rb +2 -0
data/lib/devise/models/authenticatable.rb +4 -2
data/lib/devise/models/confirmable.rb +3 -1
data/lib/devise/models/database_authenticatable.rb +3 -1
data/lib/devise/models/lockable.rb +8 -2
data/lib/devise/models/omniauthable.rb +2 -0
data/lib/devise/models/recoverable.rb +2 -0
data/lib/devise/models/registerable.rb +2 -0
data/lib/devise/models/rememberable.rb +3 -1
data/lib/devise/models/timeoutable.rb +2 -0
data/lib/devise/models/trackable.rb +7 -0
data/lib/devise/models/validatable.rb +3 -1
data/lib/devise/models.rb +2 -0
data/lib/devise/modules.rb +2 -0
data/lib/devise/omniauth/config.rb +2 -0
data/lib/devise/omniauth/url_helpers.rb +2 -0
data/lib/devise/omniauth.rb +2 -0
data/lib/devise/orm/active_record.rb +2 -0
data/lib/devise/orm/mongoid.rb +2 -0
data/lib/devise/parameter_filter.rb +2 -0
data/lib/devise/parameter_sanitizer.rb +2 -0
data/lib/devise/rails/routes.rb +2 -0
data/lib/devise/rails/warden_compat.rb +2 -0
data/lib/devise/rails.rb +5 -1
data/lib/devise/strategies/authenticatable.rb +2 -0
data/lib/devise/strategies/base.rb +2 -0
data/lib/devise/strategies/database_authenticatable.rb +2 -0
data/lib/devise/strategies/rememberable.rb +2 -0
data/lib/devise/test/controller_helpers.rb +3 -0
data/lib/devise/test/integration_helpers.rb +2 -0
data/lib/devise/test_helpers.rb +2 -0
data/lib/devise/time_inflector.rb +2 -0
data/lib/devise/token_generator.rb +2 -0
data/lib/devise/version.rb +3 -1
data/lib/devise.rb +3 -1
data/lib/generators/active_record/devise_generator.rb +15 -2
data/lib/generators/active_record/templates/migration.rb +3 -1
data/lib/generators/active_record/templates/migration_existing.rb +2 -0
data/lib/generators/devise/controllers_generator.rb +2 -0
data/lib/generators/devise/devise_generator.rb +4 -2
data/lib/generators/devise/install_generator.rb +2 -0
data/lib/generators/devise/orm_helpers.rb +7 -1
data/lib/generators/devise/views_generator.rb +7 -8
data/lib/generators/mongoid/devise_generator.rb +2 -0
data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +2 -0
data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
data/lib/generators/templates/controllers/registrations_controller.rb +2 -0
data/lib/generators/templates/controllers/sessions_controller.rb +2 -0
data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
data/lib/generators/templates/devise.rb +6 -0
data/test/controllers/custom_registrations_controller_test.rb +2 -0
data/test/controllers/custom_strategy_test.rb +2 -0
data/test/controllers/helper_methods_test.rb +2 -0
data/test/controllers/helpers_test.rb +2 -0
data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -0
data/test/controllers/internal_helpers_test.rb +2 -0
data/test/controllers/load_hooks_controller_test.rb +2 -0
data/test/controllers/passwords_controller_test.rb +2 -0
data/test/controllers/sessions_controller_test.rb +2 -0
data/test/controllers/url_helpers_test.rb +2 -0
data/test/delegator_test.rb +2 -0
data/test/devise_test.rb +2 -0
data/test/failure_app_test.rb +2 -0
data/test/generators/active_record_generator_test.rb +47 -0
data/test/generators/controllers_generator_test.rb +2 -0
data/test/generators/devise_generator_test.rb +2 -0
data/test/generators/install_generator_test.rb +2 -0
data/test/generators/mongoid_generator_test.rb +2 -0
data/test/generators/views_generator_test.rb +2 -0
data/test/helpers/devise_helper_test.rb +2 -0
data/test/integration/authenticatable_test.rb +9 -1
data/test/integration/confirmable_test.rb +2 -0
data/test/integration/database_authenticatable_test.rb +2 -0
data/test/integration/http_authenticatable_test.rb +8 -0
data/test/integration/lockable_test.rb +5 -3
data/test/integration/mounted_engine_test.rb +2 -0
data/test/integration/omniauthable_test.rb +13 -0
data/test/integration/recoverable_test.rb +2 -0
data/test/integration/registerable_test.rb +2 -0
data/test/integration/rememberable_test.rb +3 -1
data/test/integration/timeoutable_test.rb +2 -0
data/test/integration/trackable_test.rb +7 -0
data/test/mailers/confirmation_instructions_test.rb +2 -0
data/test/mailers/email_changed_test.rb +2 -0
data/test/mailers/mailer_test.rb +2 -0
data/test/mailers/reset_password_instructions_test.rb +2 -0
data/test/mailers/unlock_instructions_test.rb +2 -0
data/test/mapping_test.rb +2 -0
data/test/models/authenticatable_test.rb +2 -0
data/test/models/confirmable_test.rb +13 -0
data/test/models/database_authenticatable_test.rb +2 -0
data/test/models/lockable_test.rb +2 -0
data/test/models/omniauthable_test.rb +2 -0
data/test/models/recoverable_test.rb +2 -0
data/test/models/registerable_test.rb +2 -0
data/test/models/rememberable_test.rb +2 -0
data/test/models/serializable_test.rb +6 -0
data/test/models/timeoutable_test.rb +2 -0
data/test/models/trackable_test.rb +21 -0
data/test/models/validatable_test.rb +4 -2
data/test/models_test.rb +2 -0
data/test/omniauth/config_test.rb +2 -0
data/test/omniauth/url_helpers_test.rb +2 -0
data/test/orm/active_record.rb +8 -1
data/test/orm/mongoid.rb +3 -1
data/test/parameter_sanitizer_test.rb +2 -0
data/test/rails_app/app/active_record/admin.rb +2 -0
data/test/rails_app/app/active_record/shim.rb +2 -0
data/test/rails_app/app/active_record/user.rb +13 -0
data/test/rails_app/app/active_record/user_on_engine.rb +2 -0
data/test/rails_app/app/active_record/user_on_main_app.rb +2 -0
data/test/rails_app/app/active_record/user_with_validations.rb +12 -0
data/test/rails_app/app/active_record/user_without_email.rb +2 -0
data/test/rails_app/app/controllers/admins/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/admins_controller.rb +2 -0
data/test/rails_app/app/controllers/application_controller.rb +2 -0
data/test/rails_app/app/controllers/application_with_fake_engine.rb +2 -0
data/test/rails_app/app/controllers/custom/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/home_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +2 -0
data/test/rails_app/app/controllers/users_controller.rb +2 -0
data/test/rails_app/app/helpers/application_helper.rb +2 -0
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +2 -0
data/test/rails_app/app/mailers/users/mailer.rb +2 -0
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +2 -0
data/test/rails_app/app/mongoid/admin.rb +2 -0
data/test/rails_app/app/mongoid/shim.rb +2 -0
data/test/rails_app/app/mongoid/user.rb +11 -0
data/test/rails_app/app/mongoid/user_on_engine.rb +2 -0
data/test/rails_app/app/mongoid/user_on_main_app.rb +2 -0
data/test/rails_app/app/mongoid/user_with_validations.rb +37 -0
data/test/rails_app/app/mongoid/user_without_email.rb +2 -0
data/test/rails_app/config/application.rb +6 -2
data/test/rails_app/config/boot.rb +8 -1
data/test/rails_app/config/environment.rb +2 -0
data/test/rails_app/config/environments/development.rb +2 -0
data/test/rails_app/config/environments/production.rb +2 -0
data/test/rails_app/config/environments/test.rb +2 -0
data/test/rails_app/config/initializers/backtrace_silencers.rb +2 -0
data/test/rails_app/config/initializers/devise.rb +2 -0
data/test/rails_app/config/initializers/inflections.rb +2 -0
data/test/rails_app/config/initializers/secret_token.rb +2 -0
data/test/rails_app/config/initializers/session_store.rb +2 -0
data/test/rails_app/config/routes.rb +2 -0
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +2 -0
data/test/rails_app/db/schema.rb +2 -0
data/test/rails_app/lib/shared_admin.rb +2 -0
data/test/rails_app/lib/shared_user.rb +2 -0
data/test/rails_app/lib/shared_user_without_email.rb +2 -0
data/test/rails_app/lib/shared_user_without_omniauth.rb +2 -0
data/test/rails_test.rb +2 -0
data/test/routes_test.rb +2 -0
data/test/support/action_controller/record_identifier.rb +2 -0
data/test/support/assertions.rb +2 -0
data/test/support/helpers.rb +6 -0
data/test/support/http_method_compatibility.rb +2 -0
data/test/support/integration.rb +3 -0
data/test/support/webrat/integrations/rails.rb +2 -0
data/test/test/controller_helpers_test.rb +8 -1
data/test/test/integration_helpers_test.rb +2 -0
data/test/test_helper.rb +2 -0
data/test/test_models.rb +2 -0
metadata +12 -5

data/gemfiles/Gemfile.rails-5.2-rc1.lock ADDED Viewed

@@ -0,0 +1,201 @@
+GIT
+  remote: git://github.com/rails/activemodel-serializers-xml.git
+  revision: 356edf4dfc38fb1fbfee90c87856e4fe5b73c5e1
+  specs:
+    activemodel-serializers-xml (1.0.2)
+      activemodel (> 5.x)
+      activesupport (> 5.x)
+      builder (~> 3.1)
+PATH
+  remote: ..
+  specs:
+    devise (4.4.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 5.2)
+      responders
+      warden (~> 1.2.3)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.2.0.rc1)
+      actionpack (= 5.2.0.rc1)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.0.rc1)
+      actionpack (= 5.2.0.rc1)
+      actionview (= 5.2.0.rc1)
+      activejob (= 5.2.0.rc1)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.2.0.rc1)
+      actionview (= 5.2.0.rc1)
+      activesupport (= 5.2.0.rc1)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.0.rc1)
+      activesupport (= 5.2.0.rc1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.2.0.rc1)
+      activesupport (= 5.2.0.rc1)
+      globalid (>= 0.3.6)
+    activemodel (5.2.0.rc1)
+      activesupport (= 5.2.0.rc1)
+    activerecord (5.2.0.rc1)
+      activemodel (= 5.2.0.rc1)
+      activesupport (= 5.2.0.rc1)
+      arel (>= 9.0)
+    activestorage (5.2.0.rc1)
+      actionpack (= 5.2.0.rc1)
+      activerecord (= 5.2.0.rc1)
+      marcel (~> 0.3.1)
+    activesupport (5.2.0.rc1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (9.0.0)
+    bcrypt (3.1.11)
+    builder (3.2.3)
+    concurrent-ruby (1.0.5)
+    crass (1.0.3)
+    erubi (1.7.0)
+    faraday (0.12.2)
+      multipart-post (>= 1.2, < 3)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
+    hashie (3.5.7)
+    i18n (0.9.3)
+      concurrent-ruby (~> 1.0)
+    jwt (1.5.6)
+    loofah (2.1.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.1)
+      mimemagic (~> 0.3.2)
+    metaclass (0.0.4)
+    method_source (0.9.0)
+    mimemagic (0.3.2)
+    mini_mime (1.0.0)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    mocha (1.3.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.13.1)
+    multi_xml (0.6.0)
+    multipart-post (2.0.0)
+    nio4r (2.2.0)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
+    oauth2 (1.4.0)
+      faraday (>= 0.8, < 0.13)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.8.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-facebook (4.0.0)
+      omniauth-oauth2 (~> 1.2)
+    omniauth-oauth2 (1.5.0)
+      oauth2 (~> 1.1)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    orm_adapter (0.5.0)
+    rack (2.0.4)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.8.2)
+      rack (>= 1.0, < 3)
+    rails (5.2.0.rc1)
+      actioncable (= 5.2.0.rc1)
+      actionmailer (= 5.2.0.rc1)
+      actionpack (= 5.2.0.rc1)
+      actionview (= 5.2.0.rc1)
+      activejob (= 5.2.0.rc1)
+      activemodel (= 5.2.0.rc1)
+      activerecord (= 5.2.0.rc1)
+      activestorage (= 5.2.0.rc1)
+      activesupport (= 5.2.0.rc1)
+      bundler (>= 1.3.0)
+      railties (= 5.2.0.rc1)
+      sprockets-rails (>= 2.0.0)
+    rails-controller-testing (1.0.2)
+      actionpack (~> 5.x, >= 5.0.1)
+      actionview (~> 5.x, >= 5.0.1)
+      activesupport (~> 5.x)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.3)
+      loofah (~> 2.0)
+    railties (5.2.0.rc1)
+      actionpack (= 5.2.0.rc1)
+      activesupport (= 5.2.0.rc1)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (12.3.0)
+    rdoc (6.0.1)
+    responders (2.4.0)
+      actionpack (>= 4.2.0, < 5.3)
+      railties (>= 4.2.0, < 5.3)
+    ruby-openid (2.7.0)
+    sprockets (3.7.1)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.13)
+    test_after_commit (1.1.0)
+      activerecord (>= 3.2)
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    warden (1.2.7)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+    websocket-driver (0.7.0)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.3)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  activemodel-serializers-xml!
+  devise!
+  mocha (~> 1.1)
+  omniauth
+  omniauth-facebook
+  omniauth-oauth2
+  omniauth-openid
+  rails (~> 5.2.0.rc1)
+  rails-controller-testing
+  rdoc
+  responders (~> 2.1)
+  sqlite3
+  test_after_commit
+  webrat (= 0.7.3)
+BUNDLED WITH
+   1.16.0

data/guides/bug_report_templates/integration_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 begin
   require 'bundler/inline'
 rescue LoadError => e

data/lib/devise/controllers/helpers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Controllers
     # Those helpers are convenience methods added to ApplicationController.

data/lib/devise/controllers/rememberable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Controllers
     # A module that may be optionally included in a controller in order

data/lib/devise/controllers/scoped_views.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Controllers
     module ScopedViews

data/lib/devise/controllers/sign_in_out.rb CHANGED Viewed

@@ -1,10 +1,15 @@
+# frozen_string_literal: true
 module Devise
   module Controllers
     # Provide sign in and sign out functionality.
     # Included by default in all controllers.
     module SignInOut
       # Return true if the given scope is signed in session. If no scope given, return
-      # true if any scope is signed in. Does not run authentication hooks.
+      # true if any scope is signed in. This will run authentication hooks, which may
+      # cause exceptions to be thrown from this method; if you simply want to check
+      # if a scope has already previously been authenticated without running
+      # authentication hooks, you can directly call `warden.authenticated?(scope: scope)`
       def signed_in?(scope=nil)
         [scope || Devise.mappings.keys].flatten.any? do |_scope|
           warden.authenticate?(scope: _scope)

data/lib/devise/controllers/store_location.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "uri"
 module Devise
@@ -33,12 +35,9 @@ module Devise
       #
       def store_location_for(resource_or_scope, location)
         session_key = stored_location_key_for(resource_or_scope)
-        uri = parse_uri(location)
-        if uri
-          path = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?')
-          path = [path, uri.fragment].compact.join('#')
-          session[session_key] = path
-        end
+        path = extract_path_from_location(location)
+        session[session_key] = path if path
       end
       private
@@ -53,6 +52,25 @@ module Devise
         scope = Devise::Mapping.find_scope!(resource_or_scope)
         "#{scope}_return_to"
       end
+      def extract_path_from_location(location)
+        uri = parse_uri(location)
+        if uri
+          path = remove_domain_from_uri(uri)
+          path = add_fragment_back_to_path(uri, path)
+          path
+        end
+      end
+      def remove_domain_from_uri(uri)
+        [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?')
+      end
+      def add_fragment_back_to_path(uri, path)
+        [path, uri.fragment].compact.join('#')
+      end
     end
   end
 end

data/lib/devise/controllers/url_helpers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Controllers
     # Create url helpers to be used with resource/scope configuration. Acts as

data/lib/devise/delegator.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   # Checks the scope in the given environment and returns the associated failure app.
   class Delegator

data/lib/devise/encryptor.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'bcrypt'
 module Devise

data/lib/devise/failure_app.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "action_controller/metal"
 module Devise

data/lib/devise/hooks/activatable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Deny user access whenever their account is not active yet.
 # We need this as hook to validate the user activity on each request
 # and in case the user is using other strategies beside Devise ones.

data/lib/devise/hooks/csrf_cleaner.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 Warden::Manager.after_authentication do |record, warden, options|
   clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) ||
     warden.winning_strategy.clean_up_csrf?

data/lib/devise/hooks/forgetable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Before logout hook to forget the user in the given scope, if it responds
 # to forget_me! Also clear remember token to ensure the user won't be
 # remembered again. Notice that we forget the user unless the record is not persisted.

data/lib/devise/hooks/lockable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # After each sign in, if resource responds to failed_attempts, sets it to 0
 # This is only triggered when the user is explicitly set (with set_user)
 Warden::Manager.after_set_user except: :fetch do |record, warden, options|

data/lib/devise/hooks/proxy.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Hooks
     # A small warden proxy so we can remember, forget and

data/lib/devise/hooks/rememberable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 Warden::Manager.after_set_user except: :fetch do |record, warden, options|
   scope = options[:scope]
   if record.respond_to?(:remember_me) && options[:store] != false &&

data/lib/devise/hooks/timeoutable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Each time a record is set we check whether its session has already timed out
 # or not, based on last request time. If so, the record is logged out and
 # redirected to the sign in page. Also, each time the request comes and the

data/lib/devise/hooks/trackable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # After each sign in, update sign in time, sign in count and sign in IP.
 # This is only triggered when the user is explicitly set (with set_user)
 # and on authentication. Retrieving the user from session (:fetch) does

data/lib/devise/mailers/helpers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Mailers
     module Helpers

data/lib/devise/mapping.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   # Responsible for handling devise mappings and routes configuration. Each
   # resource configured by devise_for in routes is actually creating a mapping

data/lib/devise/models/authenticatable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'active_model/version'
 require 'devise/hooks/activatable'
 require 'devise/hooks/csrf_cleaner'
@@ -102,7 +104,7 @@ module Devise
       # and passing a new list of attributes you want to exempt. All attributes
       # given to :except will simply add names to exempt to Devise internal list.
       def serializable_hash(options = nil)
-        options ||= {}
+        options = options.try(:dup) || {}
         options[:except] = Array(options[:except])
         if options[:force_except]
@@ -256,7 +258,7 @@ module Devise
         #   end
         #
         # Finally, notice that Devise also queries for users in other scenarios
-        # besides authentication, for example when retrieving an user to send
+        # besides authentication, for example when retrieving a user to send
         # an e-mail for password reset. In such cases, find_for_authentication
         # is not called.
         def find_for_authentication(tainted_conditions)

data/lib/devise/models/confirmable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Models
     # Confirmable is responsible to verify if an account is already confirmed to
@@ -46,7 +48,7 @@ module Devise
       included do
         before_create :generate_confirmation_token, if: :confirmation_required?
         after_create :skip_reconfirmation_in_callback!, if: :send_confirmation_notification?
-        if respond_to?(:after_commit) # ActiveRecord
+        if defined?(ActiveRecord) && self < ActiveRecord::Base # ActiveRecord
           after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification?
           after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required?
         else # Mongoid

data/lib/devise/models/database_authenticatable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/strategies/database_authenticatable'
 module Devise
@@ -10,7 +12,7 @@ module Devise
     # DatabaseAuthenticatable adds the following options to devise_for:
     #
     #   * +pepper+: a random string used to provide a more secure hash. Use
-    #     `rake secret` to generate new keys.
+    #     `rails secret` to generate new keys.
     #
     #   * +stretches+: the cost given to bcrypt.
     #

data/lib/devise/models/lockable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "devise/hooks/lockable"
 module Devise
@@ -99,8 +101,7 @@ module Devise
         if super && !access_locked?
           true
         else
-          self.failed_attempts ||= 0
-          self.failed_attempts += 1
+          increment_failed_attempts
           if attempts_exceeded?
             lock_access! unless access_locked?
           else
@@ -109,6 +110,11 @@ module Devise
           false
         end
       end
+      def increment_failed_attempts
+        self.failed_attempts ||= 0
+        self.failed_attempts += 1
+      end
       def unauthenticated_message
         # If set to paranoid mode, do not show the locked message because it

data/lib/devise/models/omniauthable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/omniauth'
 module Devise

data/lib/devise/models/recoverable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Models

data/lib/devise/models/registerable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Models
     # Registerable is responsible for everything related to registering a new

data/lib/devise/models/rememberable.rb CHANGED Viewed

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
 require 'devise/strategies/rememberable'
 require 'devise/hooks/rememberable'
 require 'devise/hooks/forgetable'
 module Devise
   module Models
-    # Rememberable manages generating and clearing token for remember the user
+    # Rememberable manages generating and clearing token for remembering the user
     # from a saved cookie. Rememberable also has utility methods for dealing
     # with serializing the user into the cookie and back from the cookie, trying
     # to lookup the record based on the saved information.

data/lib/devise/models/timeoutable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/hooks/timeoutable'
 module Devise

data/lib/devise/models/trackable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/hooks/trackable'
 module Devise
@@ -29,6 +31,11 @@ module Devise
       end
       def update_tracked_fields!(request)
+        # We have to check if the user is already persisted before running
+        # `save` here because invalid users can be saved if we don't.
+        # See https://github.com/plataformatec/devise/issues/4673 for more details.
+        return if new_record?
         update_tracked_fields(request)
         save(validate: false)
       end

data/lib/devise/models/validatable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Models
     # Validatable creates all needed validations for a user email and password.
@@ -10,7 +12,7 @@ module Devise
     # Validatable adds the following options to devise_for:
     #
     #   * +email_regexp+: the regular expression used to validate e-mails;
-    #   * +password_length+: a range expressing password length. Defaults to 8..72.
+    #   * +password_length+: a range expressing password length. Defaults to 6..128.
     #
     module Validatable
       # All validations used by this module.

data/lib/devise/models.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Models
     class MissingAttribute < StandardError

data/lib/devise/modules.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'active_support/core_ext/object/with_options'
 Devise.with_options model: true do |d|

data/lib/devise/omniauth/config.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module OmniAuth
     class StrategyNotFound < NameError

data/lib/devise/omniauth/url_helpers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module OmniAuth
     module UrlHelpers

data/lib/devise/omniauth.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 begin
   require "omniauth"
   require "omniauth/version"

data/lib/devise/orm/active_record.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'orm_adapter/adapters/active_record'
 ActiveSupport.on_load(:active_record) do

data/lib/devise/orm/mongoid.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 ActiveSupport.on_load(:mongoid) do
   require 'orm_adapter/adapters/mongoid'

data/lib/devise/parameter_filter.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   class ParameterFilter
     def initialize(case_insensitive_keys, strip_whitespace_keys)

data/lib/devise/parameter_sanitizer.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   # The +ParameterSanitizer+ deals with permitting specific parameters values
   # for each +Devise+ scope in the application.

data/lib/devise/rails/routes.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "active_support/core_ext/object/try"
 require "active_support/core_ext/hash/slice"

data/lib/devise/rails/warden_compat.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Warden::Mixins::Common
   def request
     @request ||= ActionDispatch::Request.new(env)

data/lib/devise/rails.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/rails/routes'
 require 'devise/rails/warden_compat'
@@ -32,7 +34,9 @@ module Devise
     end
     initializer "devise.secret_key" do |app|
-      if app.respond_to?(:secrets)
+      if app.respond_to?(:credentials)
+        Devise.secret_key ||= app.credentials.secret_key_base
+      elsif app.respond_to?(:secrets)
         Devise.secret_key ||= app.secrets.secret_key_base
       elsif app.config.respond_to?(:secret_key_base)
         Devise.secret_key ||= app.config.secret_key_base

data/lib/devise/strategies/authenticatable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/strategies/base'
 module Devise

data/lib/devise/strategies/base.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Strategies
     # Base strategy for Devise. Responsible for verifying correct scope and mapping.