RubyGems - devise - Versions diffs - 4.3.0 → 4.9.2 - Mend

devise 4.3.0 → 4.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +205 -2
data/MIT-LICENSE +2 -1
data/README.md +214 -57
data/app/controllers/devise/confirmations_controller.rb +3 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +3 -1
data/app/controllers/devise/passwords_controller.rb +5 -2
data/app/controllers/devise/registrations_controller.rb +32 -12
data/app/controllers/devise/sessions_controller.rb +4 -2
data/app/controllers/devise/unlocks_controller.rb +3 -0
data/app/controllers/devise_controller.rb +6 -3
data/app/helpers/devise_helper.rb +23 -18
data/app/mailers/devise/mailer.rb +7 -5
data/app/views/devise/confirmations/new.html.erb +2 -2
data/app/views/devise/passwords/edit.html.erb +3 -3
data/app/views/devise/passwords/new.html.erb +2 -2
data/app/views/devise/registrations/edit.html.erb +6 -6
data/app/views/devise/registrations/new.html.erb +4 -4
data/app/views/devise/sessions/new.html.erb +4 -4
data/app/views/devise/shared/_error_messages.html.erb +15 -0
data/app/views/devise/shared/_links.html.erb +8 -8
data/app/views/devise/unlocks/new.html.erb +2 -2
data/config/locales/en.yml +3 -2
data/lib/devise/controllers/helpers.rb +10 -8
data/lib/devise/controllers/rememberable.rb +2 -0
data/lib/devise/controllers/responder.rb +35 -0
data/lib/devise/controllers/scoped_views.rb +2 -0
data/lib/devise/controllers/sign_in_out.rb +14 -4
data/lib/devise/controllers/store_location.rb +24 -6
data/lib/devise/controllers/url_helpers.rb +3 -1
data/lib/devise/delegator.rb +2 -0
data/lib/devise/encryptor.rb +2 -0
data/lib/devise/failure_app.rb +33 -7
data/lib/devise/hooks/activatable.rb +2 -0
data/lib/devise/hooks/csrf_cleaner.rb +8 -1
data/lib/devise/hooks/forgetable.rb +2 -0
data/lib/devise/hooks/lockable.rb +4 -5
data/lib/devise/hooks/proxy.rb +2 -0
data/lib/devise/hooks/rememberable.rb +2 -0
data/lib/devise/hooks/timeoutable.rb +4 -2
data/lib/devise/hooks/trackable.rb +2 -0
data/lib/devise/mailers/helpers.rb +2 -0
data/lib/devise/mapping.rb +3 -1
data/lib/devise/models/authenticatable.rb +55 -50
data/lib/devise/models/confirmable.rb +36 -40
data/lib/devise/models/database_authenticatable.rb +57 -36
data/lib/devise/models/lockable.rb +18 -4
data/lib/devise/models/omniauthable.rb +4 -2
data/lib/devise/models/recoverable.rb +10 -19
data/lib/devise/models/registerable.rb +4 -0
data/lib/devise/models/rememberable.rb +5 -3
data/lib/devise/models/timeoutable.rb +3 -1
data/lib/devise/models/trackable.rb +15 -1
data/lib/devise/models/validatable.rb +7 -10
data/lib/devise/models.rb +3 -0
data/lib/devise/modules.rb +2 -0
data/lib/devise/omniauth/config.rb +2 -0
data/lib/devise/omniauth/url_helpers.rb +2 -0
data/lib/devise/omniauth.rb +4 -5
data/lib/devise/orm/active_record.rb +2 -0
data/lib/devise/orm/mongoid.rb +2 -0
data/lib/devise/orm.rb +71 -0
data/lib/devise/parameter_filter.rb +4 -0
data/lib/devise/parameter_sanitizer.rb +15 -1
data/lib/devise/rails/deprecated_constant_accessor.rb +39 -0
data/lib/devise/rails/routes.rb +8 -6
data/lib/devise/rails/warden_compat.rb +2 -0
data/lib/devise/rails.rb +3 -5
data/lib/devise/secret_key_finder.rb +27 -0
data/lib/devise/strategies/authenticatable.rb +3 -1
data/lib/devise/strategies/base.rb +2 -0
data/lib/devise/strategies/database_authenticatable.rb +8 -1
data/lib/devise/strategies/rememberable.rb +2 -0
data/lib/devise/test/controller_helpers.rb +6 -1
data/lib/devise/test/integration_helpers.rb +3 -1
data/lib/devise/test_helpers.rb +2 -0
data/lib/devise/time_inflector.rb +2 -0
data/lib/devise/token_generator.rb +2 -0
data/lib/devise/version.rb +3 -1
data/lib/devise.rb +38 -12
data/lib/generators/active_record/devise_generator.rb +40 -12
data/lib/generators/active_record/templates/migration.rb +3 -1
data/lib/generators/active_record/templates/migration_existing.rb +2 -0
data/lib/generators/devise/controllers_generator.rb +3 -1
data/lib/generators/devise/devise_generator.rb +5 -3
data/lib/generators/devise/install_generator.rb +3 -5
data/lib/generators/devise/orm_helpers.rb +9 -3
data/lib/generators/devise/views_generator.rb +8 -9
data/lib/generators/mongoid/devise_generator.rb +7 -5
data/lib/generators/templates/README +9 -1
data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +3 -1
data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
data/lib/generators/templates/controllers/registrations_controller.rb +2 -0
data/lib/generators/templates/controllers/sessions_controller.rb +2 -0
data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
data/lib/generators/templates/devise.rb +43 -7
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +5 -1
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +10 -2
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +4 -1
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +12 -4
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +11 -3
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +7 -2
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +4 -1
metadata +24 -307
data/.gitignore +0 -10
data/.travis.yml +0 -58
data/.yardopts +0 -9
data/CODE_OF_CONDUCT.md +0 -22
data/CONTRIBUTING.md +0 -79
data/Gemfile +0 -40
data/Gemfile.lock +0 -194
data/Rakefile +0 -36
data/bin/test +0 -13
data/devise.gemspec +0 -26
data/devise.png +0 -0
data/gemfiles/Gemfile.rails-4.1-stable +0 -30
data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -171
data/gemfiles/Gemfile.rails-4.2-stable +0 -30
data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -192
data/gemfiles/Gemfile.rails-5.0-stable +0 -34
data/gemfiles/Gemfile.rails-5.0-stable.lock +0 -193
data/guides/bug_report_templates/integration_test.rb +0 -104
data/test/controllers/custom_registrations_controller_test.rb +0 -40
data/test/controllers/custom_strategy_test.rb +0 -64
data/test/controllers/helper_methods_test.rb +0 -22
data/test/controllers/helpers_test.rb +0 -316
data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -51
data/test/controllers/internal_helpers_test.rb +0 -127
data/test/controllers/load_hooks_controller_test.rb +0 -19
data/test/controllers/passwords_controller_test.rb +0 -32
data/test/controllers/sessions_controller_test.rb +0 -106
data/test/controllers/url_helpers_test.rb +0 -65
data/test/delegator_test.rb +0 -19
data/test/devise_test.rb +0 -107
data/test/failure_app_test.rb +0 -338
data/test/generators/active_record_generator_test.rb +0 -83
data/test/generators/controllers_generator_test.rb +0 -48
data/test/generators/devise_generator_test.rb +0 -39
data/test/generators/install_generator_test.rb +0 -24
data/test/generators/mongoid_generator_test.rb +0 -23
data/test/generators/views_generator_test.rb +0 -103
data/test/helpers/devise_helper_test.rb +0 -49
data/test/integration/authenticatable_test.rb +0 -698
data/test/integration/confirmable_test.rb +0 -324
data/test/integration/database_authenticatable_test.rb +0 -95
data/test/integration/http_authenticatable_test.rb +0 -106
data/test/integration/lockable_test.rb +0 -240
data/test/integration/mounted_engine_test.rb +0 -36
data/test/integration/omniauthable_test.rb +0 -135
data/test/integration/recoverable_test.rb +0 -347
data/test/integration/registerable_test.rb +0 -363
data/test/integration/rememberable_test.rb +0 -217
data/test/integration/timeoutable_test.rb +0 -184
data/test/integration/trackable_test.rb +0 -92
data/test/mailers/confirmation_instructions_test.rb +0 -115
data/test/mailers/email_changed_test.rb +0 -130
data/test/mailers/mailer_test.rb +0 -18
data/test/mailers/reset_password_instructions_test.rb +0 -96
data/test/mailers/unlock_instructions_test.rb +0 -91
data/test/mapping_test.rb +0 -134
data/test/models/authenticatable_test.rb +0 -23
data/test/models/confirmable_test.rb +0 -536
data/test/models/database_authenticatable_test.rb +0 -281
data/test/models/lockable_test.rb +0 -350
data/test/models/omniauthable_test.rb +0 -7
data/test/models/recoverable_test.rb +0 -261
data/test/models/registerable_test.rb +0 -7
data/test/models/rememberable_test.rb +0 -182
data/test/models/serializable_test.rb +0 -54
data/test/models/timeoutable_test.rb +0 -51
data/test/models/trackable_test.rb +0 -41
data/test/models/validatable_test.rb +0 -119
data/test/models_test.rb +0 -153
data/test/omniauth/config_test.rb +0 -59
data/test/omniauth/url_helpers_test.rb +0 -51
data/test/orm/active_record.rb +0 -17
data/test/orm/mongoid.rb +0 -13
data/test/parameter_sanitizer_test.rb +0 -75
data/test/rails_app/Rakefile +0 -6
data/test/rails_app/app/active_record/admin.rb +0 -6
data/test/rails_app/app/active_record/shim.rb +0 -2
data/test/rails_app/app/active_record/user.rb +0 -7
data/test/rails_app/app/active_record/user_on_engine.rb +0 -7
data/test/rails_app/app/active_record/user_on_main_app.rb +0 -7
data/test/rails_app/app/active_record/user_without_email.rb +0 -8
data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -6
data/test/rails_app/app/controllers/admins_controller.rb +0 -6
data/test/rails_app/app/controllers/application_controller.rb +0 -11
data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -30
data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -31
data/test/rails_app/app/controllers/home_controller.rb +0 -29
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -2
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -2
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -14
data/test/rails_app/app/controllers/users_controller.rb +0 -31
data/test/rails_app/app/helpers/application_helper.rb +0 -3
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -3
data/test/rails_app/app/mailers/users/mailer.rb +0 -3
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -4
data/test/rails_app/app/mongoid/admin.rb +0 -29
data/test/rails_app/app/mongoid/shim.rb +0 -23
data/test/rails_app/app/mongoid/user.rb +0 -39
data/test/rails_app/app/mongoid/user_on_engine.rb +0 -39
data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -39
data/test/rails_app/app/mongoid/user_without_email.rb +0 -33
data/test/rails_app/app/views/admins/index.html.erb +0 -1
data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
data/test/rails_app/app/views/home/index.html.erb +0 -1
data/test/rails_app/app/views/home/join.html.erb +0 -1
data/test/rails_app/app/views/home/private.html.erb +0 -1
data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
data/test/rails_app/app/views/layouts/application.html.erb +0 -24
data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
data/test/rails_app/app/views/users/index.html.erb +0 -1
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
data/test/rails_app/bin/bundle +0 -3
data/test/rails_app/bin/rails +0 -4
data/test/rails_app/bin/rake +0 -4
data/test/rails_app/config/application.rb +0 -44
data/test/rails_app/config/boot.rb +0 -20
data/test/rails_app/config/database.yml +0 -18
data/test/rails_app/config/environment.rb +0 -5
data/test/rails_app/config/environments/development.rb +0 -30
data/test/rails_app/config/environments/production.rb +0 -86
data/test/rails_app/config/environments/test.rb +0 -45
data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -7
data/test/rails_app/config/initializers/devise.rb +0 -180
data/test/rails_app/config/initializers/inflections.rb +0 -2
data/test/rails_app/config/initializers/secret_token.rb +0 -3
data/test/rails_app/config/initializers/session_store.rb +0 -1
data/test/rails_app/config/routes.rb +0 -126
data/test/rails_app/config.ru +0 -4
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -75
data/test/rails_app/db/schema.rb +0 -55
data/test/rails_app/lib/shared_admin.rb +0 -21
data/test/rails_app/lib/shared_user.rb +0 -30
data/test/rails_app/lib/shared_user_without_email.rb +0 -26
data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -13
data/test/rails_app/public/404.html +0 -26
data/test/rails_app/public/422.html +0 -26
data/test/rails_app/public/500.html +0 -26
data/test/rails_app/public/favicon.ico +0 -0
data/test/rails_test.rb +0 -9
data/test/routes_test.rb +0 -279
data/test/support/action_controller/record_identifier.rb +0 -10
data/test/support/assertions.rb +0 -28
data/test/support/helpers.rb +0 -77
data/test/support/http_method_compatibility.rb +0 -51
data/test/support/integration.rb +0 -92
data/test/support/locale/en.yml +0 -8
data/test/support/mongoid.yml +0 -6
data/test/support/webrat/integrations/rails.rb +0 -33
data/test/test/controller_helpers_test.rb +0 -186
data/test/test/integration_helpers_test.rb +0 -32
data/test/test_helper.rb +0 -34
data/test/test_models.rb +0 -33

data/lib/devise/rails/routes.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "active_support/core_ext/object/try"
 require "active_support/core_ext/hash/slice"
@@ -133,10 +135,10 @@ module ActionDispatch::Routing
     #  * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given
     #    are also allowed as parameter.
     #
-    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :delete),
     #    if you wish to restrict this to accept only :post or :delete requests you should do:
     #
-    #      devise_for :users, sign_out_via: [:post, :delete]
+    #      devise_for :users, sign_out_via: [:get, :post]
     #
     #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
     #
@@ -285,7 +287,7 @@ module ActionDispatch::Routing
     #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
-    def authenticate(scope=nil, block=nil)
+    def authenticate(scope = nil, block = nil)
       constraints_for(:authenticate!, scope, block) do
         yield
       end
@@ -309,7 +311,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'landing#show'
     #
-    def authenticated(scope=nil, block=nil)
+    def authenticated(scope = nil, block = nil)
       constraints_for(:authenticate?, scope, block) do
         yield
       end
@@ -326,7 +328,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'dashboard#show'
     #
-    def unauthenticated(scope=nil)
+    def unauthenticated(scope = nil)
       constraint = lambda do |request|
         not request.env["warden"].authenticate? scope: scope
       end
@@ -472,7 +474,7 @@ ERROR
         @scope = current_scope
       end
-      def constraints_for(method_to_apply, scope=nil, block=nil)
+      def constraints_for(method_to_apply, scope = nil, block = nil)
         constraint = lambda do |request|
           request.env['warden'].send(method_to_apply, scope: scope) &&
             (block.nil? || block.call(request.env["warden"].user(scope)))

data/lib/devise/rails/warden_compat.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Warden::Mixins::Common
   def request
     @request ||= ActionDispatch::Request.new(env)

data/lib/devise/rails.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/rails/routes'
 require 'devise/rails/warden_compat'
@@ -32,11 +34,7 @@ module Devise
     end
     initializer "devise.secret_key" do |app|
-      if app.respond_to?(:secrets)
-        Devise.secret_key ||= app.secrets.secret_key_base
-      elsif app.config.respond_to?(:secret_key_base)
-        Devise.secret_key ||= app.config.secret_key_base
-      end
+      Devise.secret_key ||= Devise::SecretKeyFinder.new(app).find
       Devise.token_generator ||=
         if secret_key = Devise.secret_key

data/lib/devise/secret_key_finder.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+module Devise
+  class SecretKeyFinder
+    def initialize(application)
+      @application = application
+    end
+    def find
+      if @application.respond_to?(:credentials) && key_exists?(@application.credentials)
+        @application.credentials.secret_key_base
+      elsif @application.respond_to?(:secrets) && key_exists?(@application.secrets)
+        @application.secrets.secret_key_base
+      elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config)
+        @application.config.secret_key_base
+      elsif @application.respond_to?(:secret_key_base) && key_exists?(@application)
+        @application.secret_key_base
+      end
+    end
+    private
+    def key_exists?(object)
+      object.secret_key_base.present?
+    end
+  end
+end

data/lib/devise/strategies/authenticatable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/strategies/base'
 module Devise
@@ -26,7 +28,7 @@ module Devise
     private
       # Receives a resource and check if it is valid by calling valid_for_authentication?
-      # An optional block that will be triggered while validating can be optionally
+      # A block that will be triggered while validating can be optionally
       # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
       # for more information.
       #

data/lib/devise/strategies/base.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Strategies
     # Base strategy for Devise. Responsible for verifying correct scope and mapping.

data/lib/devise/strategies/database_authenticatable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/strategies/authenticatable'
 module Devise
@@ -14,8 +16,13 @@ module Devise
           success!(resource)
         end
+        # In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key.
+        # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't
+        # exist in the database if the password hashing algorithm is not called.
         mapping.to.new.password = password if !hashed && Devise.paranoid
-        fail(:not_found_in_database) unless resource
+        unless resource
+          Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database)
+        end
       end
     end
   end

data/lib/devise/strategies/rememberable.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'devise/strategies/authenticatable'
 module Devise

data/lib/devise/test/controller_helpers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module Test
     # `Devise::Test::ControllerHelpers` provides a facility to test controllers
@@ -35,6 +37,8 @@ module Devise
         @response
       end
+      ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true)
       # We need to set up the environment variables and the response in the controller.
       def setup_controller_for_warden #:nodoc:
         @request.env['action_controller.instance'] = @controller
@@ -137,8 +141,9 @@ module Devise
           status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
           @controller.response.headers.merge!(headers)
+          @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5
           @controller.status = status
-          @controller.response.body = response.body
+          @controller.response_body = response.body
           nil # causes process return @response
         end

data/lib/devise/test/integration_helpers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   # Devise::Test::IntegrationHelpers is a helper module for facilitating
   # authentication on Rails integration tests to bypass the required steps for
@@ -26,7 +28,7 @@ module Devise
         end
       end
-      # Signs in a specific resource, mimicking a successfull sign in
+      # Signs in a specific resource, mimicking a successful sign in
       # operation through +Devise::SessionsController#create+.
       #
       # * +resource+ - The resource that should be authenticated

data/lib/devise/test_helpers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
   module TestHelpers
     def self.included(base)

data/lib/devise/time_inflector.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "active_support/core_ext/module/delegation"
 module Devise

data/lib/devise/token_generator.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'openssl'
 module Devise

data/lib/devise/version.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Devise
-  VERSION = "4.3.0".freeze
+  VERSION = "4.9.2".freeze
 end

data/lib/devise.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails'
 require 'active_support/core_ext/numeric/time'
 require 'active_support/dependencies'
@@ -11,15 +13,18 @@ module Devise
   autoload :Encryptor,          'devise/encryptor'
   autoload :FailureApp,         'devise/failure_app'
   autoload :OmniAuth,           'devise/omniauth'
+  autoload :Orm,                'devise/orm'
   autoload :ParameterFilter,    'devise/parameter_filter'
   autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
   autoload :TestHelpers,        'devise/test_helpers'
   autoload :TimeInflector,      'devise/time_inflector'
   autoload :TokenGenerator,     'devise/token_generator'
+  autoload :SecretKeyFinder,    'devise/secret_key_finder'
   module Controllers
     autoload :Helpers,        'devise/controllers/helpers'
     autoload :Rememberable,   'devise/controllers/rememberable'
+    autoload :Responder,      'devise/controllers/responder'
     autoload :ScopedViews,    'devise/controllers/scoped_views'
     autoload :SignInOut,      'devise/controllers/sign_in_out'
     autoload :StoreLocation,  'devise/controllers/store_location'
@@ -68,7 +73,7 @@ module Devise
   # The number of times to hash the password.
   mattr_accessor :stretches
-  @@stretches = 11
+  @@stretches = 12
   # The default key used when authenticating over http auth.
   mattr_accessor :http_authentication_key
@@ -149,7 +154,7 @@ module Devise
   mattr_accessor :timeout_in
   @@timeout_in = 30.minutes
-  # Used to hash the password. Please generate one with rake secret.
+  # Used to hash the password. Please generate one with rails secret.
   mattr_accessor :pepper
   @@pepper = nil
@@ -214,7 +219,16 @@ module Devise
   # Which formats should be treated as navigational.
   mattr_accessor :navigational_formats
-  @@navigational_formats = ["*/*", :html]
+  @@navigational_formats = ["*/*", :html, :turbo_stream]
+  # The default responder used by Devise, used to customize status codes with:
+  #
+  #   `config.responder.error_status`
+  #   `config.responder.redirect_status`
+  #
+  # Can be replaced by a custom application responder.
+  mattr_accessor :responder
+  @@responder = Devise::Controllers::Responder
   # When set to true, signing out a user signs out all other scopes.
   mattr_accessor :sign_out_all_scopes
@@ -290,13 +304,9 @@ module Devise
   mattr_accessor :token_generator
   @@token_generator = nil
-  def self.rails51? # :nodoc:
-    Rails.gem_version >= Gem::Version.new("5.1.x")
-  end
-  def self.activerecord51? # :nodoc:
-    defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
-  end
+  # When set to false, changing a password does not automatically sign in a user
+  mattr_accessor :sign_in_after_change_password
+  @@sign_in_after_change_password = true
   # Default way to set up Devise. Run rails generate devise_install to create
   # a fresh initializer with all configuration values.
@@ -310,12 +320,20 @@ module Devise
     end
     def get
-      ActiveSupport::Dependencies.constantize(@name)
+      # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
+      if ActiveSupport::Dependencies.respond_to?(:constantize)
+        ActiveSupport::Dependencies.constantize(@name)
+      else
+        @name.constantize
+      end
     end
   end
   def self.ref(arg)
-    ActiveSupport::Dependencies.reference(arg)
+    # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
+    if ActiveSupport::Dependencies.respond_to?(:reference)
+      ActiveSupport::Dependencies.reference(arg)
+    end
     Getter.new(arg)
   end
@@ -502,6 +520,14 @@ module Devise
     b.each_byte { |byte| res |= byte ^ l.shift }
     res == 0
   end
+  def self.activerecord51? # :nodoc:
+    ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+      [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version.
+      It is a non-public method that's no longer used internally, but that other libraries have been relying on.
+    DEPRECATION
+    defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
+  end
 end
 require 'warden'

data/lib/generators/active_record/devise_generator.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails/generators/active_record'
 require 'generators/devise/orm_helpers'
@@ -6,14 +8,16 @@ module ActiveRecord
     class DeviseGenerator < ActiveRecord::Generators::Base
       argument :attributes, type: :array, default: [], banner: "field:type field:type"
+      class_option :primary_key_type, type: :string, desc: "The type for primary key"
       include Devise::Generators::OrmHelpers
       source_root File.expand_path("../templates", __FILE__)
       def copy_devise_migration
         if (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?(table_name))
-          migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb", migration_version: migration_version
+          migration_template "migration_existing.rb", "#{migration_path}/add_devise_to_#{table_name}.rb", migration_version: migration_version
         else
-          migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb", migration_version: migration_version
+          migration_template "migration.rb", "#{migration_path}/devise_create_#{table_name}.rb", migration_version: migration_version
         end
       end
@@ -50,11 +54,11 @@ module ActiveRecord
       t.datetime :remember_created_at
       ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.#{ip_column} :current_sign_in_ip
-      t.#{ip_column} :last_sign_in_ip
+      # t.integer  :sign_in_count, default: 0, null: false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.#{ip_column} :current_sign_in_ip
+      # t.#{ip_column} :last_sign_in_ip
       ## Confirmable
       # t.string   :confirmation_token
@@ -78,20 +82,44 @@ RUBY
         postgresql?
       end
-      def rails5?
-        Rails.version.start_with? '5'
+      def rails5_and_up?
+        Rails::VERSION::MAJOR >= 5
+      end
+      def rails61_and_up?
+        Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1)
       end
       def postgresql?
-        config = ActiveRecord::Base.configurations[Rails.env]
-        config && config['adapter'] == 'postgresql'
+        ar_config && ar_config['adapter'] == 'postgresql'
+      end
+      def ar_config
+        if ActiveRecord::Base.configurations.respond_to?(:configs_for)
+          if rails61_and_up?
+            ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: "primary").configuration_hash
+          else
+            ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, spec_name: "primary").config
+          end
+        else
+          ActiveRecord::Base.configurations[Rails.env]
+        end
       end
      def migration_version
-       if rails5?
+       if rails5_and_up?
          "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
        end
      end
+     def primary_key_type
+       primary_key_string if rails5_and_up?
+     end
+     def primary_key_string
+       key_string = options[:primary_key_type]
+       ", id: :#{key_string}" if key_string
+     end
     end
   end
 end

data/lib/generators/active_record/templates/migration.rb CHANGED Viewed

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
 class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
   def change
-    create_table :<%= table_name %> do |t|
+    create_table :<%= table_name %><%= primary_key_type %> do |t|
 <%= migration_data -%>
 <% attributes.each do |attribute| -%>

data/lib/generators/active_record/templates/migration_existing.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
   def self.up
     change_table :<%= table_name %> do |t|

data/lib/generators/devise/controllers_generator.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 module Devise
@@ -16,7 +18,7 @@ module Devise
         This will create a controller class at app/controllers/users/sessions_controller.rb like this:
-          class Users::ConfirmationsController < Devise::ConfirmationsController
+          class Users::SessionsController < Devise::SessionsController
             content...
           end
       DESC

data/lib/generators/devise/devise_generator.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails/generators/named_base'
 module Devise
@@ -8,15 +10,15 @@ module Devise
       namespace "devise"
       source_root File.expand_path("../templates", __FILE__)
-      desc "Generates a model with the given NAME (if one does not exist) with devise " <<
+      desc "Generates a model with the given NAME (if one does not exist) with devise " \
            "configuration plus a migration file and devise routes."
-      hook_for :orm
+      hook_for :orm, required: true
       class_option :routes, desc: "Generate routes", type: :boolean, default: true
       def add_devise_routes
-        devise_route  = "devise_for :#{plural_name}"
+        devise_route  = "devise_for :#{plural_name}".dup
         devise_route << %Q(, class_name: "#{class_name}") if class_name.include?("::")
         devise_route << %Q(, skip: :all) unless options.routes?
         route devise_route

data/lib/generators/devise/install_generator.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 require 'securerandom'
@@ -9,7 +11,7 @@ module Devise
       source_root File.expand_path("../../templates", __FILE__)
       desc "Creates a Devise initializer and copy locale files to your application."
-      class_option :orm
+      class_option :orm, required: true
       def copy_initializer
         unless options[:orm]
@@ -35,10 +37,6 @@ module Devise
       def show_readme
         readme "README" if behavior == :invoke
       end
-      def rails_4?
-        Rails::VERSION::MAJOR == 4
-      end
     end
   end
 end

data/lib/generators/devise/orm_helpers.rb CHANGED Viewed

@@ -1,12 +1,14 @@
+# frozen_string_literal: true
 module Devise
   module Generators
     module OrmHelpers
       def model_contents
         buffer = <<-CONTENT
   # Include default devise modules. Others available are:
-  # :confirmable, :lockable, :timeoutable and :omniauthable
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
   devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable
+         :recoverable, :rememberable, :validatable
 CONTENT
         buffer
@@ -23,7 +25,11 @@ CONTENT
       end
       def migration_path
-        @migration_path ||= File.join("db", "migrate")
+        if Rails.version >= '5.0.3'
+          db_migrate_path
+        else
+          @migration_path ||= File.join("db", "migrate")
+        end
       end
       def model_path

data/lib/generators/devise/views_generator.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 module Devise
@@ -21,13 +23,6 @@ module Devise
         public_task :copy_views
       end
-      # TODO: Add this to Rails itself
-      module ClassMethods
-        def hide!
-          Rails::Generators.hide_namespace self.namespace
-        end
-      end
       def copy_views
         if options[:views]
           options[:views].each do |directory|
@@ -47,7 +42,7 @@ module Devise
       def view_directory(name, _target_path = nil)
         directory name.to_s, _target_path || "#{target_path}/#{name}" do |content|
           if scope
-            content.gsub "devise/shared/links", "#{plural_scope}/shared/links"
+            content.gsub("devise/shared", "#{plural_scope}/shared")
           else
             content
           end
@@ -139,7 +134,11 @@ module Devise
                               default: defined?(SimpleForm) ? "simple_form_for" : "form_for"
       hook_for :markerb,  desc: "Generate markerb instead of erb mail views",
-                          default: defined?(Markerb) ? :markerb : :erb,
+                          default: defined?(Markerb),
+                          type: :boolean
+      hook_for :erb,      desc: "Generate erb mail views",
+                          default: !defined?(Markerb),
                           type: :boolean
     end
   end

data/lib/generators/mongoid/devise_generator.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails/generators/named_base'
 require 'generators/devise/orm_helpers'
@@ -32,11 +34,11 @@ module Mongoid
   field :remember_created_at, type: Time
   ## Trackable
-  field :sign_in_count,      type: Integer, default: 0
-  field :current_sign_in_at, type: Time
-  field :last_sign_in_at,    type: Time
-  field :current_sign_in_ip, type: String
-  field :last_sign_in_ip,    type: String
+  # field :sign_in_count,      type: Integer, default: 0
+  # field :current_sign_in_at, type: Time
+  # field :last_sign_in_at,    type: Time
+  # field :current_sign_in_ip, type: String
+  # field :last_sign_in_ip,    type: String
   ## Confirmable
   # field :confirmation_token,   type: String

data/lib/generators/templates/README CHANGED Viewed

@@ -1,6 +1,6 @@
 ===============================================================================
-Some setup you must do manually if you haven't yet:
+Depending on your application's configuration some manual setup may be required:
   1. Ensure you have defined default url options in your environments files. Here
      is an example of default_url_options appropriate for a development environment
@@ -10,10 +10,14 @@ Some setup you must do manually if you haven't yet:
      In production, :host should be set to the actual host of your application.
+     * Required for all applications. *
   2. Ensure you have defined root_url to *something* in your config/routes.rb.
      For example:
        root to: "home#index"
+     * Not required for API-only Applications *
   3. Ensure you have flash messages in app/views/layouts/application.html.erb.
      For example:
@@ -21,8 +25,12 @@ Some setup you must do manually if you haven't yet:
        <p class="notice"><%= notice %></p>
        <p class="alert"><%= alert %></p>
+     * Not required for API-only Applications *
   4. You can copy Devise views (for customization) to your app by running:
        rails g devise:views
+     * Not required *
 ===============================================================================

data/lib/generators/templates/controllers/confirmations_controller.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController
   # GET /resource/confirmation/new
   # def new