RubyGems - devise - Versions diffs - 4.4.3 → 4.9.2 - Mend

devise 4.4.3 → 4.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (234) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -3
data/MIT-LICENSE +2 -1
data/README.md +128 -64
data/app/controllers/devise/confirmations_controller.rb +1 -0
data/app/controllers/devise/passwords_controller.rb +3 -2
data/app/controllers/devise/registrations_controller.rb +27 -9
data/app/controllers/devise/sessions_controller.rb +1 -1
data/app/controllers/devise/unlocks_controller.rb +1 -0
data/app/controllers/devise_controller.rb +4 -3
data/app/helpers/devise_helper.rb +21 -18
data/app/mailers/devise/mailer.rb +5 -5
data/app/views/devise/confirmations/new.html.erb +1 -1
data/app/views/devise/passwords/edit.html.erb +3 -3
data/app/views/devise/passwords/new.html.erb +1 -1
data/app/views/devise/registrations/edit.html.erb +5 -5
data/app/views/devise/registrations/new.html.erb +3 -3
data/app/views/devise/sessions/new.html.erb +3 -3
data/app/views/devise/shared/_error_messages.html.erb +15 -0
data/app/views/devise/shared/_links.html.erb +8 -8
data/app/views/devise/unlocks/new.html.erb +1 -1
data/config/locales/en.yml +3 -2
data/lib/devise/controllers/helpers.rb +8 -8
data/lib/devise/controllers/responder.rb +35 -0
data/lib/devise/controllers/sign_in_out.rb +8 -3
data/lib/devise/controllers/url_helpers.rb +1 -1
data/lib/devise/failure_app.rb +31 -7
data/lib/devise/hooks/csrf_cleaner.rb +6 -1
data/lib/devise/hooks/lockable.rb +2 -5
data/lib/devise/hooks/timeoutable.rb +2 -2
data/lib/devise/mapping.rb +1 -1
data/lib/devise/models/authenticatable.rb +51 -48
data/lib/devise/models/confirmable.rb +34 -40
data/lib/devise/models/database_authenticatable.rb +54 -35
data/lib/devise/models/lockable.rb +13 -5
data/lib/devise/models/omniauthable.rb +2 -2
data/lib/devise/models/recoverable.rb +8 -19
data/lib/devise/models/registerable.rb +2 -0
data/lib/devise/models/rememberable.rb +2 -2
data/lib/devise/models/timeoutable.rb +1 -1
data/lib/devise/models/trackable.rb +9 -2
data/lib/devise/models/validatable.rb +4 -9
data/lib/devise/models.rb +1 -0
data/lib/devise/omniauth.rb +2 -5
data/lib/devise/orm.rb +71 -0
data/lib/devise/parameter_filter.rb +2 -0
data/lib/devise/parameter_sanitizer.rb +13 -1
data/lib/devise/rails/deprecated_constant_accessor.rb +39 -0
data/lib/devise/rails/routes.rb +6 -6
data/lib/devise/secret_key_finder.rb +2 -0
data/lib/devise/strategies/authenticatable.rb +1 -1
data/lib/devise/strategies/database_authenticatable.rb +6 -1
data/lib/devise/test/controller_helpers.rb +4 -2
data/lib/devise/test/integration_helpers.rb +1 -1
data/lib/devise/version.rb +1 -1
data/lib/devise.rb +34 -11
data/lib/generators/active_record/devise_generator.rb +26 -11
data/lib/generators/devise/controllers_generator.rb +1 -1
data/lib/generators/devise/devise_generator.rb +1 -1
data/lib/generators/devise/install_generator.rb +1 -5
data/lib/generators/devise/orm_helpers.rb +2 -2
data/lib/generators/devise/views_generator.rb +1 -1
data/lib/generators/mongoid/devise_generator.rb +5 -5
data/lib/generators/templates/README +9 -1
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +1 -1
data/lib/generators/templates/devise.rb +38 -8
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +5 -1
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +10 -2
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +4 -1
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +12 -4
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +11 -3
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +7 -2
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +4 -1
metadata +23 -316
data/.gitignore +0 -10
data/.travis.yml +0 -68
data/.yardopts +0 -9
data/CODE_OF_CONDUCT.md +0 -22
data/CONTRIBUTING.md +0 -79
data/Gemfile +0 -39
data/Gemfile.lock +0 -193
data/ISSUE_TEMPLATE.md +0 -19
data/Rakefile +0 -37
data/bin/test +0 -13
data/devise.gemspec +0 -28
data/devise.png +0 -0
data/gemfiles/Gemfile.rails-4.1-stable +0 -32
data/gemfiles/Gemfile.rails-4.1-stable.lock +0 -171
data/gemfiles/Gemfile.rails-4.2-stable +0 -32
data/gemfiles/Gemfile.rails-4.2-stable.lock +0 -192
data/gemfiles/Gemfile.rails-5.0-stable +0 -33
data/gemfiles/Gemfile.rails-5.0-stable.lock +0 -192
data/gemfiles/Gemfile.rails-5.2-rc1 +0 -26
data/gemfiles/Gemfile.rails-5.2-rc1.lock +0 -201
data/guides/bug_report_templates/integration_test.rb +0 -106
data/test/controllers/custom_registrations_controller_test.rb +0 -42
data/test/controllers/custom_strategy_test.rb +0 -66
data/test/controllers/helper_methods_test.rb +0 -24
data/test/controllers/helpers_test.rb +0 -318
data/test/controllers/inherited_controller_i18n_messages_test.rb +0 -53
data/test/controllers/internal_helpers_test.rb +0 -129
data/test/controllers/load_hooks_controller_test.rb +0 -21
data/test/controllers/passwords_controller_test.rb +0 -34
data/test/controllers/sessions_controller_test.rb +0 -108
data/test/controllers/url_helpers_test.rb +0 -67
data/test/delegator_test.rb +0 -21
data/test/devise_test.rb +0 -109
data/test/failure_app_test.rb +0 -340
data/test/generators/active_record_generator_test.rb +0 -130
data/test/generators/controllers_generator_test.rb +0 -50
data/test/generators/devise_generator_test.rb +0 -41
data/test/generators/install_generator_test.rb +0 -26
data/test/generators/mongoid_generator_test.rb +0 -25
data/test/generators/views_generator_test.rb +0 -105
data/test/helpers/devise_helper_test.rb +0 -51
data/test/integration/authenticatable_test.rb +0 -706
data/test/integration/confirmable_test.rb +0 -326
data/test/integration/database_authenticatable_test.rb +0 -97
data/test/integration/http_authenticatable_test.rb +0 -114
data/test/integration/lockable_test.rb +0 -242
data/test/integration/mounted_engine_test.rb +0 -38
data/test/integration/omniauthable_test.rb +0 -148
data/test/integration/recoverable_test.rb +0 -349
data/test/integration/registerable_test.rb +0 -365
data/test/integration/rememberable_test.rb +0 -219
data/test/integration/timeoutable_test.rb +0 -186
data/test/integration/trackable_test.rb +0 -99
data/test/mailers/confirmation_instructions_test.rb +0 -117
data/test/mailers/email_changed_test.rb +0 -132
data/test/mailers/mailer_test.rb +0 -20
data/test/mailers/reset_password_instructions_test.rb +0 -98
data/test/mailers/unlock_instructions_test.rb +0 -93
data/test/mapping_test.rb +0 -136
data/test/models/authenticatable_test.rb +0 -25
data/test/models/confirmable_test.rb +0 -549
data/test/models/database_authenticatable_test.rb +0 -283
data/test/models/lockable_test.rb +0 -352
data/test/models/omniauthable_test.rb +0 -9
data/test/models/recoverable_test.rb +0 -263
data/test/models/registerable_test.rb +0 -9
data/test/models/rememberable_test.rb +0 -184
data/test/models/serializable_test.rb +0 -60
data/test/models/timeoutable_test.rb +0 -53
data/test/models/trackable_test.rb +0 -62
data/test/models/validatable_test.rb +0 -121
data/test/models_test.rb +0 -155
data/test/omniauth/config_test.rb +0 -61
data/test/omniauth/url_helpers_test.rb +0 -53
data/test/orm/active_record.rb +0 -24
data/test/orm/mongoid.rb +0 -15
data/test/parameter_sanitizer_test.rb +0 -77
data/test/rails_app/Rakefile +0 -6
data/test/rails_app/app/active_record/admin.rb +0 -8
data/test/rails_app/app/active_record/shim.rb +0 -4
data/test/rails_app/app/active_record/user.rb +0 -20
data/test/rails_app/app/active_record/user_on_engine.rb +0 -9
data/test/rails_app/app/active_record/user_on_main_app.rb +0 -9
data/test/rails_app/app/active_record/user_with_validations.rb +0 -12
data/test/rails_app/app/active_record/user_without_email.rb +0 -10
data/test/rails_app/app/controllers/admins/sessions_controller.rb +0 -8
data/test/rails_app/app/controllers/admins_controller.rb +0 -8
data/test/rails_app/app/controllers/application_controller.rb +0 -13
data/test/rails_app/app/controllers/application_with_fake_engine.rb +0 -32
data/test/rails_app/app/controllers/custom/registrations_controller.rb +0 -33
data/test/rails_app/app/controllers/home_controller.rb +0 -31
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +0 -4
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +0 -4
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +0 -16
data/test/rails_app/app/controllers/users_controller.rb +0 -33
data/test/rails_app/app/helpers/application_helper.rb +0 -5
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +0 -5
data/test/rails_app/app/mailers/users/mailer.rb +0 -5
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +0 -6
data/test/rails_app/app/mongoid/admin.rb +0 -31
data/test/rails_app/app/mongoid/shim.rb +0 -25
data/test/rails_app/app/mongoid/user.rb +0 -50
data/test/rails_app/app/mongoid/user_on_engine.rb +0 -41
data/test/rails_app/app/mongoid/user_on_main_app.rb +0 -41
data/test/rails_app/app/mongoid/user_with_validations.rb +0 -37
data/test/rails_app/app/mongoid/user_without_email.rb +0 -35
data/test/rails_app/app/views/admins/index.html.erb +0 -1
data/test/rails_app/app/views/admins/sessions/new.html.erb +0 -2
data/test/rails_app/app/views/home/admin_dashboard.html.erb +0 -1
data/test/rails_app/app/views/home/index.html.erb +0 -1
data/test/rails_app/app/views/home/join.html.erb +0 -1
data/test/rails_app/app/views/home/private.html.erb +0 -1
data/test/rails_app/app/views/home/user_dashboard.html.erb +0 -1
data/test/rails_app/app/views/layouts/application.html.erb +0 -24
data/test/rails_app/app/views/users/edit_form.html.erb +0 -1
data/test/rails_app/app/views/users/index.html.erb +0 -1
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +0 -1
data/test/rails_app/app/views/users/sessions/new.html.erb +0 -1
data/test/rails_app/bin/bundle +0 -3
data/test/rails_app/bin/rails +0 -4
data/test/rails_app/bin/rake +0 -4
data/test/rails_app/config/application.rb +0 -48
data/test/rails_app/config/boot.rb +0 -27
data/test/rails_app/config/database.yml +0 -18
data/test/rails_app/config/environment.rb +0 -7
data/test/rails_app/config/environments/development.rb +0 -32
data/test/rails_app/config/environments/production.rb +0 -88
data/test/rails_app/config/environments/test.rb +0 -47
data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -9
data/test/rails_app/config/initializers/devise.rb +0 -182
data/test/rails_app/config/initializers/inflections.rb +0 -4
data/test/rails_app/config/initializers/secret_token.rb +0 -5
data/test/rails_app/config/initializers/session_store.rb +0 -3
data/test/rails_app/config/routes.rb +0 -128
data/test/rails_app/config.ru +0 -4
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -77
data/test/rails_app/db/schema.rb +0 -57
data/test/rails_app/lib/shared_admin.rb +0 -23
data/test/rails_app/lib/shared_user.rb +0 -32
data/test/rails_app/lib/shared_user_without_email.rb +0 -28
data/test/rails_app/lib/shared_user_without_omniauth.rb +0 -15
data/test/rails_app/public/404.html +0 -26
data/test/rails_app/public/422.html +0 -26
data/test/rails_app/public/500.html +0 -26
data/test/rails_app/public/favicon.ico +0 -0
data/test/rails_test.rb +0 -11
data/test/routes_test.rb +0 -281
data/test/secret_key_finder_test.rb +0 -97
data/test/support/action_controller/record_identifier.rb +0 -12
data/test/support/assertions.rb +0 -30
data/test/support/helpers.rb +0 -83
data/test/support/http_method_compatibility.rb +0 -53
data/test/support/integration.rb +0 -95
data/test/support/locale/en.yml +0 -8
data/test/support/mongoid.yml +0 -6
data/test/support/webrat/integrations/rails.rb +0 -35
data/test/test/controller_helpers_test.rb +0 -193
data/test/test/integration_helpers_test.rb +0 -34
data/test/test_helper.rb +0 -36
data/test/test_models.rb +0 -35

data/lib/devise/models/recoverable.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Devise
     #
     # ==Options
     #
-    # Recoverable adds the following options to devise_for:
+    # Recoverable adds the following options to +devise+:
     #
     #   * +reset_password_keys+: the keys you want to use when recovering the password for an account
     #   * +reset_password_within+: the time period within which the password must be reset or the token expires.
@@ -99,24 +99,13 @@ module Devise
           send_devise_notification(:reset_password_instructions, token, {})
         end
-        if Devise.activerecord51?
-          def clear_reset_password_token?
-            encrypted_password_changed = respond_to?(:will_save_change_to_encrypted_password?) && will_save_change_to_encrypted_password?
-            authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
-              respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?")
-            end
-            authentication_keys_changed || encrypted_password_changed
+        def clear_reset_password_token?
+          encrypted_password_changed = devise_respond_to_and_will_save_change_to_attribute?(:encrypted_password)
+          authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
+            devise_respond_to_and_will_save_change_to_attribute?(attribute)
           end
-        else
-          def clear_reset_password_token?
-            encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed?
-            authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
-              respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
-            end
-            authentication_keys_changed || encrypted_password_changed
-          end
+          authentication_keys_changed || encrypted_password_changed
         end
       module ClassMethods
@@ -131,7 +120,7 @@ module Devise
         # password instructions to it. If user is not found, returns a new user
         # with an email not found error.
         # Attributes must contain the user's email
-        def send_reset_password_instructions(attributes={})
+        def send_reset_password_instructions(attributes = {})
           recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
           recoverable.send_reset_password_instructions if recoverable.persisted?
           recoverable
@@ -142,7 +131,7 @@ module Devise
         # try saving the record. If not user is found, returns a new user
         # containing an error in reset_password_token attribute.
         # Attributes must contain reset_password_token, password and confirmation
-        def reset_password_by_token(attributes={})
+        def reset_password_by_token(attributes = {})
           original_token       = attributes[:reset_password_token]
           reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)

data/lib/devise/models/registerable.rb CHANGED Viewed

@@ -21,6 +21,8 @@ module Devise
         def new_with_session(params, session)
           new(params)
         end
+        Devise::Models.config(self, :sign_in_after_change_password)
       end
     end
   end

data/lib/devise/models/rememberable.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Devise
     #
     # == Options
     #
-    # Rememberable adds the following options in devise_for:
+    # Rememberable adds the following options to +devise+:
     #
     #   * +remember_for+: the time you want the user will be remembered without
     #     asking for credentials. After this time the user will be blocked and
@@ -102,7 +102,7 @@ module Devise
       def remember_me?(token, generated_at)
         # TODO: Normalize the JSON type coercion along with the Timeoutable hook
-        # in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
+        # in a single place https://github.com/heartcombo/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
         if generated_at.is_a?(String)
           generated_at = time_from_json(generated_at)
         end

data/lib/devise/models/timeoutable.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Devise
     #
     # == Options
     #
-    # Timeoutable adds the following options to devise_for:
+    # Timeoutable adds the following options to +devise+:
     #
     #   * +timeout_in+: the interval to timeout the user session without activity.
     #

data/lib/devise/models/trackable.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module Devise
         self.last_sign_in_at     = old_current || new_current
         self.current_sign_in_at  = new_current
-        old_current, new_current = self.current_sign_in_ip, request.remote_ip
+        old_current, new_current = self.current_sign_in_ip, extract_ip_from(request)
         self.last_sign_in_ip     = old_current || new_current
         self.current_sign_in_ip  = new_current
@@ -33,12 +33,19 @@ module Devise
       def update_tracked_fields!(request)
         # We have to check if the user is already persisted before running
         # `save` here because invalid users can be saved if we don't.
-        # See https://github.com/plataformatec/devise/issues/4673 for more details.
+        # See https://github.com/heartcombo/devise/issues/4673 for more details.
         return if new_record?
         update_tracked_fields(request)
         save(validate: false)
       end
+      protected
+      def extract_ip_from(request)
+        request.remote_ip
+      end
     end
   end
 end

data/lib/devise/models/validatable.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module Devise
     #
     # == Options
     #
-    # Validatable adds the following options to devise_for:
+    # Validatable adds the following options to +devise+:
     #
     #   * +email_regexp+: the regular expression used to validate e-mails;
     #   * +password_length+: a range expressing password length. Defaults to 6..128.
@@ -29,13 +29,8 @@ module Devise
         base.class_eval do
           validates_presence_of   :email, if: :email_required?
-          if Devise.activerecord51?
-            validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email?
-            validates_format_of     :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email?
-          else
-            validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
-            validates_format_of     :email, with: email_regexp, allow_blank: true, if: :email_changed?
-          end
+          validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :devise_will_save_change_to_email?
+          validates_format_of     :email, with: email_regexp, allow_blank: true, if: :devise_will_save_change_to_email?
           validates_presence_of     :password, if: :password_required?
           validates_confirmation_of :password, if: :password_required?
@@ -47,7 +42,7 @@ module Devise
         unavailable_validations = VALIDATIONS.select { |v| !base.respond_to?(v) }
         unless unavailable_validations.empty?
-          raise "Could not use :validatable module since #{base} does not respond " <<
+          raise "Could not use :validatable module since #{base} does not respond " \
                 "to the following methods: #{unavailable_validations.to_sentence}."
         end
       end

data/lib/devise/models.rb CHANGED Viewed

@@ -84,6 +84,7 @@ module Devise
       end
       devise_modules_hook! do
+        include Devise::Orm
         include Devise::Models::Authenticatable
         selected_modules.each do |m|

data/lib/devise/omniauth.rb CHANGED Viewed

@@ -1,17 +1,14 @@
 # frozen_string_literal: true
 begin
+  gem "omniauth", ">= 1.0.0"
   require "omniauth"
-  require "omniauth/version"
 rescue LoadError
   warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
   raise
 end
-unless OmniAuth::VERSION =~ /^1\./
-  raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
-end
 # Clean up the default path_prefix. It will be automatically set by Devise.
 OmniAuth.config.path_prefix = nil

data/lib/devise/orm.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Devise
+  module Orm # :nodoc:
+    def self.active_record?(model)
+      defined?(ActiveRecord) && model < ActiveRecord::Base
+    end
+    def self.active_record_51?(model)
+      active_record?(model) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
+    end
+    def self.included(model)
+      if Devise::Orm.active_record_51?(model)
+        model.include DirtyTrackingNewMethods
+      else
+        model.include DirtyTrackingOldMethods
+      end
+    end
+    module DirtyTrackingNewMethods
+      def devise_email_before_last_save
+        email_before_last_save
+      end
+      def devise_email_in_database
+        email_in_database
+      end
+      def devise_saved_change_to_email?
+        saved_change_to_email?
+      end
+      def devise_saved_change_to_encrypted_password?
+        saved_change_to_encrypted_password?
+      end
+      def devise_will_save_change_to_email?
+        will_save_change_to_email?
+      end
+      def devise_respond_to_and_will_save_change_to_attribute?(attribute)
+        respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?")
+      end
+    end
+    module DirtyTrackingOldMethods
+      def devise_email_before_last_save
+        email_was
+      end
+      def devise_email_in_database
+        email_was
+      end
+      def devise_saved_change_to_email?
+        email_changed?
+      end
+      def devise_saved_change_to_encrypted_password?
+        encrypted_password_changed?
+      end
+      def devise_will_save_change_to_email?
+        email_changed?
+      end
+      def devise_respond_to_and_will_save_change_to_attribute?(attribute)
+        respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
+      end
+    end
+  end
+end

data/lib/devise/parameter_filter.rb CHANGED Viewed

@@ -18,6 +18,8 @@ module Devise
     def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys)
       condition_keys.each do |k|
+        next unless conditions.key?(k)
         value = conditions[k]
         conditions[k] = value.send(method) if value.respond_to?(method)
       end

data/lib/devise/parameter_sanitizer.rb CHANGED Viewed

@@ -135,7 +135,19 @@ module Devise
     end
     def default_params
-      @params.fetch(@resource_name, {})
+      if hashable_resource_params?
+        @params.fetch(@resource_name)
+      else
+        empty_params
+      end
+    end
+    def hashable_resource_params?
+      @params[@resource_name].respond_to?(:permit)
+    end
+    def empty_params
+      ActionController::Parameters.new({})
     end
     def permit_keys(parameters, keys)

data/lib/devise/rails/deprecated_constant_accessor.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+begin
+  require 'active_support/deprecation/constant_accessor'
+  module Devise
+    DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc:
+  end
+rescue LoadError
+  # Copy of constant deprecation module from Rails / Active Support version 6, so we can use it
+  # with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater.
+  module Devise
+    module DeprecatedConstantAccessor #:nodoc:
+      def self.included(base)
+        require "active_support/inflector/methods"
+        extension = Module.new do
+          def const_missing(missing_const_name)
+            if class_variable_defined?(:@@_deprecated_constants)
+              if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s])
+                replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations)
+                return ActiveSupport::Inflector.constantize(replacement[:new].to_s)
+              end
+            end
+            super
+          end
+          def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance)
+            class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
+            class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
+          end
+        end
+        base.singleton_class.prepend extension
+      end
+    end
+  end
+end

data/lib/devise/rails/routes.rb CHANGED Viewed

@@ -135,10 +135,10 @@ module ActionDispatch::Routing
     #  * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given
     #    are also allowed as parameter.
     #
-    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :delete),
     #    if you wish to restrict this to accept only :post or :delete requests you should do:
     #
-    #      devise_for :users, sign_out_via: [:post, :delete]
+    #      devise_for :users, sign_out_via: [:get, :post]
     #
     #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
     #
@@ -287,7 +287,7 @@ module ActionDispatch::Routing
     #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
-    def authenticate(scope=nil, block=nil)
+    def authenticate(scope = nil, block = nil)
       constraints_for(:authenticate!, scope, block) do
         yield
       end
@@ -311,7 +311,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'landing#show'
     #
-    def authenticated(scope=nil, block=nil)
+    def authenticated(scope = nil, block = nil)
       constraints_for(:authenticate?, scope, block) do
         yield
       end
@@ -328,7 +328,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'dashboard#show'
     #
-    def unauthenticated(scope=nil)
+    def unauthenticated(scope = nil)
       constraint = lambda do |request|
         not request.env["warden"].authenticate? scope: scope
       end
@@ -474,7 +474,7 @@ ERROR
         @scope = current_scope
       end
-      def constraints_for(method_to_apply, scope=nil, block=nil)
+      def constraints_for(method_to_apply, scope = nil, block = nil)
         constraint = lambda do |request|
           request.env['warden'].send(method_to_apply, scope: scope) &&
             (block.nil? || block.call(request.env["warden"].user(scope)))

data/lib/devise/secret_key_finder.rb CHANGED Viewed

@@ -13,6 +13,8 @@ module Devise
         @application.secrets.secret_key_base
       elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config)
         @application.config.secret_key_base
+      elsif @application.respond_to?(:secret_key_base) && key_exists?(@application)
+        @application.secret_key_base
       end
     end

data/lib/devise/strategies/authenticatable.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Devise
     private
       # Receives a resource and check if it is valid by calling valid_for_authentication?
-      # An optional block that will be triggered while validating can be optionally
+      # A block that will be triggered while validating can be optionally
       # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
       # for more information.
       #

data/lib/devise/strategies/database_authenticatable.rb CHANGED Viewed

@@ -16,8 +16,13 @@ module Devise
           success!(resource)
         end
+        # In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key.
+        # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't
+        # exist in the database if the password hashing algorithm is not called.
         mapping.to.new.password = password if !hashed && Devise.paranoid
-        fail(:not_found_in_database) unless resource
+        unless resource
+          Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database)
+        end
       end
     end
   end

data/lib/devise/test/controller_helpers.rb CHANGED Viewed

@@ -37,6 +37,8 @@ module Devise
         @response
       end
+      ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true)
       # We need to set up the environment variables and the response in the controller.
       def setup_controller_for_warden #:nodoc:
         @request.env['action_controller.instance'] = @controller
@@ -139,9 +141,9 @@ module Devise
           status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
           @controller.response.headers.merge!(headers)
-          @controller.response.content_type = headers["Content-Type"] unless Rails.version.start_with?('5')
+          @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5
           @controller.status = status
-          @controller.response.body = response.body
+          @controller.response_body = response.body
           nil # causes process return @response
         end

data/lib/devise/test/integration_helpers.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Devise
         end
       end
-      # Signs in a specific resource, mimicking a successfull sign in
+      # Signs in a specific resource, mimicking a successful sign in
       # operation through +Devise::SessionsController#create+.
       #
       # * +resource+ - The resource that should be authenticated

data/lib/devise/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Devise
-  VERSION = "4.4.3".freeze
+  VERSION = "4.9.2".freeze
 end

data/lib/devise.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module Devise
   autoload :Encryptor,          'devise/encryptor'
   autoload :FailureApp,         'devise/failure_app'
   autoload :OmniAuth,           'devise/omniauth'
+  autoload :Orm,                'devise/orm'
   autoload :ParameterFilter,    'devise/parameter_filter'
   autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
   autoload :TestHelpers,        'devise/test_helpers'
@@ -23,6 +24,7 @@ module Devise
   module Controllers
     autoload :Helpers,        'devise/controllers/helpers'
     autoload :Rememberable,   'devise/controllers/rememberable'
+    autoload :Responder,      'devise/controllers/responder'
     autoload :ScopedViews,    'devise/controllers/scoped_views'
     autoload :SignInOut,      'devise/controllers/sign_in_out'
     autoload :StoreLocation,  'devise/controllers/store_location'
@@ -71,7 +73,7 @@ module Devise
   # The number of times to hash the password.
   mattr_accessor :stretches
-  @@stretches = 11
+  @@stretches = 12
   # The default key used when authenticating over http auth.
   mattr_accessor :http_authentication_key
@@ -217,7 +219,16 @@ module Devise
   # Which formats should be treated as navigational.
   mattr_accessor :navigational_formats
-  @@navigational_formats = ["*/*", :html]
+  @@navigational_formats = ["*/*", :html, :turbo_stream]
+  # The default responder used by Devise, used to customize status codes with:
+  #
+  #   `config.responder.error_status`
+  #   `config.responder.redirect_status`
+  #
+  # Can be replaced by a custom application responder.
+  mattr_accessor :responder
+  @@responder = Devise::Controllers::Responder
   # When set to true, signing out a user signs out all other scopes.
   mattr_accessor :sign_out_all_scopes
@@ -293,13 +304,9 @@ module Devise
   mattr_accessor :token_generator
   @@token_generator = nil
-  def self.rails51? # :nodoc:
-    Rails.gem_version >= Gem::Version.new("5.1.x")
-  end
-  def self.activerecord51? # :nodoc:
-    defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
-  end
+  # When set to false, changing a password does not automatically sign in a user
+  mattr_accessor :sign_in_after_change_password
+  @@sign_in_after_change_password = true
   # Default way to set up Devise. Run rails generate devise_install to create
   # a fresh initializer with all configuration values.
@@ -313,12 +320,20 @@ module Devise
     end
     def get
-      ActiveSupport::Dependencies.constantize(@name)
+      # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
+      if ActiveSupport::Dependencies.respond_to?(:constantize)
+        ActiveSupport::Dependencies.constantize(@name)
+      else
+        @name.constantize
+      end
     end
   end
   def self.ref(arg)
-    ActiveSupport::Dependencies.reference(arg)
+    # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
+    if ActiveSupport::Dependencies.respond_to?(:reference)
+      ActiveSupport::Dependencies.reference(arg)
+    end
     Getter.new(arg)
   end
@@ -505,6 +520,14 @@ module Devise
     b.each_byte { |byte| res |= byte ^ l.shift }
     res == 0
   end
+  def self.activerecord51? # :nodoc:
+    ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+      [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version.
+      It is a non-public method that's no longer used internally, but that other libraries have been relying on.
+    DEPRECATION
+    defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
+  end
 end
 require 'warden'

data/lib/generators/active_record/devise_generator.rb CHANGED Viewed

@@ -54,11 +54,11 @@ module ActiveRecord
       t.datetime :remember_created_at
       ## Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.#{ip_column} :current_sign_in_ip
-      t.#{ip_column} :last_sign_in_ip
+      # t.integer  :sign_in_count, default: 0, null: false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.#{ip_column} :current_sign_in_ip
+      # t.#{ip_column} :last_sign_in_ip
       ## Confirmable
       # t.string   :confirmation_token
@@ -82,23 +82,38 @@ RUBY
         postgresql?
       end
-      def rails5?
-        Rails.version.start_with? '5'
+      def rails5_and_up?
+        Rails::VERSION::MAJOR >= 5
+      end
+      def rails61_and_up?
+        Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1)
       end
       def postgresql?
-        config = ActiveRecord::Base.configurations[Rails.env]
-        config && config['adapter'] == 'postgresql'
+        ar_config && ar_config['adapter'] == 'postgresql'
+      end
+      def ar_config
+        if ActiveRecord::Base.configurations.respond_to?(:configs_for)
+          if rails61_and_up?
+            ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: "primary").configuration_hash
+          else
+            ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, spec_name: "primary").config
+          end
+        else
+          ActiveRecord::Base.configurations[Rails.env]
+        end
       end
      def migration_version
-       if rails5?
+       if rails5_and_up?
          "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
        end
      end
      def primary_key_type
-       primary_key_string if rails5?
+       primary_key_string if rails5_and_up?
      end
      def primary_key_string

data/lib/generators/devise/controllers_generator.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Devise
         This will create a controller class at app/controllers/users/sessions_controller.rb like this:
-          class Users::ConfirmationsController < Devise::ConfirmationsController
+          class Users::SessionsController < Devise::SessionsController
             content...
           end
       DESC

data/lib/generators/devise/devise_generator.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Devise
       desc "Generates a model with the given NAME (if one does not exist) with devise " \
            "configuration plus a migration file and devise routes."
-      hook_for :orm
+      hook_for :orm, required: true
       class_option :routes, desc: "Generate routes", type: :boolean, default: true

data/lib/generators/devise/install_generator.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Devise
       source_root File.expand_path("../../templates", __FILE__)
       desc "Creates a Devise initializer and copy locale files to your application."
-      class_option :orm
+      class_option :orm, required: true
       def copy_initializer
         unless options[:orm]
@@ -37,10 +37,6 @@ module Devise
       def show_readme
         readme "README" if behavior == :invoke
       end
-      def rails_4?
-        Rails::VERSION::MAJOR == 4
-      end
     end
   end
 end