devise 4.4.3 → 4.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 554c50f7db4c13beb0b2eb9ee1dbdd863aef2e7647de61d7070adac0b60fd1c7
-  data.tar.gz: 7624cffe7f3383660d08bca3c10b4f0c3ce2d5696b1f52cfe2e8b2b023c79fed
+  metadata.gz: 4dc3a8679abb65b4043adcff5725822be38a9bfd7e686ac8c75b72ea2a705d12
+  data.tar.gz: de207546fe24041c7986acbe23ad9f672ff1086a71ed8e6b749b6c3e648097ab
 SHA512:
-  metadata.gz: fa0cacb024cecbfb7a031f0dd5b5e8cf2ea518ecbd89b3f2d3994614bf8d859548984b4675f4cd1be1f73b17c0a07214e9d62e08e4d7362450664b27083bc1a4
-  data.tar.gz: e249d22cc464e7b04b53e990ff0c6e15b3c48a1bb7e8d9ef0a10722b867649840b7b5d48b30f234e9963400b773608b31c3732aeb5665287cea940d568bb5abe
+  metadata.gz: fc02654fdc90c761e56a0aac94eebcadf605c92bfaf57821c305dd73f76ac7670a3da408ee757dba5726b25911c391d28df940cd76e098b4b8e370785d9749f5
+  data.tar.gz: 28f0415a206541711baa0b0d23e718e13d12e22f712eae84309ddf2f9b76feace59ffbc6fdacd70f48e4bcb8c574492d076105154a4ab4f47f9be3e33e58d69b

data/.travis.yml

@@ -2,10 +2,10 @@ language: ruby
 
 rvm:
   - 2.1.10
-  - 2.2.8
-  - 2.3.5
-  - 2.4.2
-  - 2.5.0
+  - 2.2.10
+  - 2.3.7
+  - 2.4.4
+  - 2.5.1
   - ruby-head
 
 gemfile:
@@ -21,16 +21,16 @@ matrix:
       gemfile: Gemfile
     - rvm: 2.1.10
       gemfile: gemfiles/Gemfile.rails-5.2-rc1
-    - rvm: 2.5.0
+    - rvm: 2.1.10
+      gemfile: gemfiles/Gemfile.rails-5.0-stable
+    - rvm: 2.2.10
+      gemfile: gemfiles/Gemfile.rails-5.2-rc1
+    - rvm: 2.4.4
       gemfile: gemfiles/Gemfile.rails-4.1-stable
-    - rvm: 2.4.2
+    - rvm: 2.5.1
       gemfile: gemfiles/Gemfile.rails-4.1-stable
     - rvm: ruby-head
       gemfile: gemfiles/Gemfile.rails-4.1-stable
-    - rvm: 2.1.10
-      gemfile: gemfiles/Gemfile.rails-5.0-stable
-    - rvm: 2.1.10
-      gemfile: Gemfile
     - env: DEVISE_ORM=mongoid
       gemfile: Gemfile
     - env: DEVISE_ORM=mongoid
@@ -52,8 +52,9 @@ env:
     - DEVISE_ORM=mongoid
 
 before_install:
-  - "rm ${BUNDLE_GEMFILE}.lock"
   - gem update --system
+  - gem install bundler
+  - "rm ${BUNDLE_GEMFILE}.lock"
 
 before_script: "bundle update"
 

data/CHANGELOG.md

@@ -1,5 +1,27 @@
 ### Unreleased
 
+### 4.5.0 - 2018-08-15
+
+* enhancements
+  * Use `before_action` instead of `before_filter` (by @edenthecat)
+  *  Allow people to extend devise failure app, through invoking `ActiveSupport.run_load_hooks` once `Devise::FailureApp` is loaded (by @wnm)
+  * Use `update` instead of `update_attributes` (by @koic)
+  * Split IP resolution from `update_tracked_fields` (by @mckramer)
+  * upgrade dependencies for rails and responders (by @lancecarlson)
+  * Add `autocomplete="new-password"` to new password fields (by @gssbzn)
+  * Add `autocomplete="current-password"` to current password fields (by @gssbzn)
+  * Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia)
+  * Update `simple_form` templates with changes from https://github.com/plataformatec/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/plataformatec/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn)
+  * Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine)
+
+* bug fixes
+  * Use same string on failed login regardless of whether account exists when in paranoid mode (by @TonyMK9068)
+  * Fix error when params is not a hash inside `Devise::ParameterSanitizer` (by @b0nn1e)
+  * Look for `secret_key_base` inside `Rails.application` (by @gencer)
+  * Ensure `Devise::ParameterFilter` does not add missing keys when called with a hash that has a `default` / `default_proc`
+configured (by @joshpencheon)
+  * Adds `is_navigational_format?` check to `after_sign_up_path_for` to keep consistency (by @iorme1)
+
 ### 4.4.3 - 2018-03-17
 
 * bug fixes
@@ -44,7 +66,7 @@
   * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster)
   * Do not modify options for `#serializable_hash`. (by @guigs)
   * Email confirmations were being sent on sign in/sign out for application using `mongoid` and `mongoid-paperclip` gems. This is because previously we were checking if a model is from Active Record by checking if the method `after_commit` was defined - since `mongoid` doesn' have one - but `mongoid-paperclip` gem does define one, which cause this issue. (by @fjg)
- 
+
 ### 4.3.0 - 2017-05-14
 
 * Enhancements

data/Gemfile

@@ -4,7 +4,7 @@ source "https://rubygems.org"
 
 gemspec
 
-gem "rails", "~> 5.1"
+gem "rails", "~> 5.2"
 gem "omniauth", "~> 1.3"
 gem "oauth2"
 gem "omniauth-oauth2"
@@ -14,7 +14,7 @@ gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
 
 gem "rails-controller-testing"
 
-gem "responders", "~> 2.1"
+gem "responders", "~> 2.4"
 
 group :test do
   gem "omniauth-facebook"

data/Gemfile.lock

@@ -10,7 +10,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise (4.4.3)
+    devise (4.5.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 6.0)
@@ -20,81 +20,89 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.1.0)
-      actionpack (= 5.1.0)
+    actioncable (5.2.0)
+      actionpack (= 5.2.0)
       nio4r (~> 2.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.1.0)
-      actionpack (= 5.1.0)
-      actionview (= 5.1.0)
-      activejob (= 5.1.0)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.0)
+      actionpack (= 5.2.0)
+      actionview (= 5.2.0)
+      activejob (= 5.2.0)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.1.0)
-      actionview (= 5.1.0)
-      activesupport (= 5.1.0)
+    actionpack (5.2.0)
+      actionview (= 5.2.0)
+      activesupport (= 5.2.0)
       rack (~> 2.0)
-      rack-test (~> 0.6.3)
+      rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.1.0)
-      activesupport (= 5.1.0)
+    actionview (5.2.0)
+      activesupport (= 5.2.0)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.1.0)
-      activesupport (= 5.1.0)
+    activejob (5.2.0)
+      activesupport (= 5.2.0)
       globalid (>= 0.3.6)
-    activemodel (5.1.0)
-      activesupport (= 5.1.0)
-    activerecord (5.1.0)
-      activemodel (= 5.1.0)
-      activesupport (= 5.1.0)
-      arel (~> 8.0)
-    activesupport (5.1.0)
+    activemodel (5.2.0)
+      activesupport (= 5.2.0)
+    activerecord (5.2.0)
+      activemodel (= 5.2.0)
+      activesupport (= 5.2.0)
+      arel (>= 9.0)
+    activestorage (5.2.0)
+      actionpack (= 5.2.0)
+      activerecord (= 5.2.0)
+      marcel (~> 0.3.1)
+    activesupport (5.2.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    arel (8.0.0)
-    bcrypt (3.1.11)
+    arel (9.0.0)
+    bcrypt (3.1.12)
     builder (3.2.3)
     concurrent-ruby (1.0.5)
-    erubi (1.6.0)
+    crass (1.0.4)
+    erubi (1.7.1)
     faraday (0.11.0)
       multipart-post (>= 1.2, < 3)
-    globalid (0.4.0)
+    globalid (0.4.1)
       activesupport (>= 4.2.0)
-    hashie (3.5.5)
-    i18n (0.8.1)
+    hashie (3.5.7)
+    i18n (1.0.0)
+      concurrent-ruby (~> 1.0)
     jwt (1.5.6)
-    loofah (2.0.3)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.6.5)
-      mime-types (>= 1.16, < 4)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.2)
+      mimemagic (~> 0.3.2)
     metaclass (0.0.4)
-    method_source (0.8.2)
-    mime-types (3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_portile2 (2.1.0)
-    minitest (5.10.1)
+    method_source (0.9.0)
+    mimemagic (0.3.2)
+    mini_mime (1.0.0)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
     mocha (1.2.1)
       metaclass (~> 0.0.1)
     multi_json (1.12.1)
     multi_xml (0.6.0)
     multipart-post (2.0.0)
-    nio4r (2.0.0)
-    nokogiri (1.7.1)
-      mini_portile2 (~> 2.1.0)
+    nio4r (2.3.0)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
     oauth2 (1.3.1)
       faraday (>= 0.8, < 0.12)
       jwt (~> 1.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (1.6.1)
+    omniauth (1.8.1)
       hashie (>= 3.4.6, < 3.6.0)
       rack (>= 1.6.2, < 3)
     omniauth-facebook (4.0.0)
@@ -106,40 +114,41 @@ GEM
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     orm_adapter (0.5.0)
-    rack (2.0.1)
+    rack (2.0.4)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (5.1.0)
-      actioncable (= 5.1.0)
-      actionmailer (= 5.1.0)
-      actionpack (= 5.1.0)
-      actionview (= 5.1.0)
-      activejob (= 5.1.0)
-      activemodel (= 5.1.0)
-      activerecord (= 5.1.0)
-      activesupport (= 5.1.0)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 5.1.0)
+    rack-test (1.0.0)
+      rack (>= 1.0, < 3)
+    rails (5.2.0)
+      actioncable (= 5.2.0)
+      actionmailer (= 5.2.0)
+      actionpack (= 5.2.0)
+      actionview (= 5.2.0)
+      activejob (= 5.2.0)
+      activemodel (= 5.2.0)
+      activerecord (= 5.2.0)
+      activestorage (= 5.2.0)
+      activesupport (= 5.2.0)
+      bundler (>= 1.3.0)
+      railties (= 5.2.0)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.1)
       actionpack (~> 5.x)
       actionview (~> 5.x)
       activesupport (~> 5.x)
-    rails-dom-testing (2.0.2)
-      activesupport (>= 4.2.0, < 6.0)
-      nokogiri (~> 1.6)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    railties (5.1.0)
-      actionpack (= 5.1.0)
-      activesupport (= 5.1.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    railties (5.2.0)
+      actionpack (= 5.2.0)
+      activesupport (= 5.2.0)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (12.0.0)
+    rake (12.3.1)
     rdoc (5.1.0)
     responders (2.4.0)
       actionpack (>= 4.2.0, < 5.3)
@@ -148,14 +157,14 @@ GEM
     sprockets (3.7.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.0)
+    sprockets-rails (3.2.1)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.3.13)
-    thor (0.19.4)
+    thor (0.20.0)
     thread_safe (0.3.6)
-    tzinfo (1.2.3)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
     warden (1.2.7)
       rack (>= 1.0)
@@ -163,9 +172,9 @@ GEM
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
-    websocket-driver (0.6.5)
+    websocket-driver (0.7.0)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.2)
+    websocket-extensions (0.1.3)
 
 PLATFORMS
   ruby
@@ -182,10 +191,10 @@ DEPENDENCIES
   omniauth-facebook
   omniauth-oauth2
   omniauth-openid
-  rails (~> 5.1)
+  rails (~> 5.2)
   rails-controller-testing
   rdoc
-  responders (~> 2.1)
+  responders (~> 2.4)
   sqlite3
   webrat (= 0.7.3)
 

data/README.md

@@ -16,16 +16,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 
 It's composed of 10 modules:
 
-* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
-* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support.
-* [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
-* [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
-* [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
-* [Rememberable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
-* [Trackable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
-* [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time.
-* [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
-* [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
+* [Database Authenticatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
+* [Omniauthable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support.
+* [Confirmable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
+* [Recoverable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
+* [Registerable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
+* [Rememberable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
+* [Trackable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
+* [Timeoutable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time.
+* [Validatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
+* [Lockable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
 ## Table of Contents
 
@@ -53,11 +53,6 @@ It's composed of 10 modules:
 	- [Integration tests](#integration-tests)
 	- [OmniAuth](#omniauth)
 	- [Configuring multiple models](#configuring-multiple-models)
-- [Create a migration with the required fields](#create-a-migration-with-the-required-fields)
-- [Inside your Admin model](#inside-your-admin-model)
-- [Inside your routes](#inside-your-routes)
-- [Inside your protected controller](#inside-your-protected-controller)
-- [Inside your controllers and views](#inside-your-controllers-and-views)
 	- [ActiveJob Integration](#activejob-integration)
 	- [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs)
 	- [Other ORMs](#other-orms)
@@ -140,7 +135,7 @@ Please note that the command output will show the variable value being used.
 
 ### BUNDLE_GEMFILE
 We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory).
-Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite brakes on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable.
+Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable.
 For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following:
 ```bash
 rbenv shell 2.4.2 # or rvm use 2.4.2
@@ -166,7 +161,7 @@ Once you have solidified your understanding of Rails and authentication mechanis
 
 ## Getting started
 
-Devise 4.0 works with Rails 4.1 onwards. You can add it to your Gemfile with:
+Devise 4.0 works with Rails 4.1 onwards. Add the following line to your Gemfile:
 
 ```ruby
 gem 'devise'
@@ -195,7 +190,7 @@ In the following command you will replace `MODEL` with the class name used for t
 $ rails generate devise MODEL
 ```
 
-Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. 
+Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration.
 
 Then run `rails db:migrate`
 
@@ -404,6 +399,7 @@ If the customization at the views level is not enough, you can customize each co
       ...
     end
     ```
+    (Use the -c flag to specify a controller, for example: `rails generate devise:controllers users -c=sessions`)
 
 2. Tell the router to use this controller:
 
@@ -519,6 +515,9 @@ cases/specs.
 
 Controller tests require that you include `Devise::Test::ControllerHelpers` on
 your test case or its parent `ActionController::TestCase` superclass.
+For Rails 5, include `Devise::Test::IntegrationHelpers` instead, since the superclass
+for controller tests has been changed to ActionDispatch::IntegrationTest
+(for more details, see the [Integration tests](#integration-tests) section).
 
 ```ruby
 class PostsControllerTest < ActionController::TestCase

data/app/controllers/devise/registrations_controller.rb

@@ -112,7 +112,7 @@ class Devise::RegistrationsController < DeviseController
   # The path used after sign up. You need to overwrite this method
   # in your own RegistrationsController.
   def after_sign_up_path_for(resource)
-    after_sign_in_path_for(resource)
+    after_sign_in_path_for(resource) if is_navigational_format?
   end
 
   # The path used after sign up for inactive accounts. You need to overwrite