RubyGems - devise - Versions diffs - 4.6.0 → 4.7.0 - Mend

devise 4.6.0 → 4.7.0

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (15) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +22 -0
data/README.md +15 -3
data/app/views/devise/passwords/edit.html.erb +1 -1
data/lib/devise/failure_app.rb +4 -10
data/lib/devise/models/authenticatable.rb +0 -1
data/lib/devise/models/database_authenticatable.rb +2 -3
data/lib/devise/models/validatable.rb +1 -1
data/lib/devise/rails/routes.rb +2 -2
data/lib/devise/strategies/authenticatable.rb +1 -1
data/lib/devise/version.rb +1 -1
data/lib/devise.rb +0 -0
data/lib/generators/templates/devise.rb +0 -0
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -1
metadata +2 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f89e0e322bb87fda7dfb21c558c38138065368ba
-  data.tar.gz: 88f2a5d3e8aeddaf2dd1a9dc6f6a366cf4b3a3ef
+  metadata.gz: 99f73a79ce1b893707bf43346c57fb609226ffdc
+  data.tar.gz: 0ab35ec0e647610f96a0a1357b93686237c3a419
 SHA512:
-  metadata.gz: 40734474103c3aabd38dfae149a0f38d690d30ac2aa465510869616338a2968ab9f5a128f3263ca34009fb98b7bbb3b4bcd344119532bb56f459d23b3e6d326c
-  data.tar.gz: 80a1ef0816372c91f91ad27389b1abbe21c80d76ade44f9afce5ef1221b21b195466b1fe74a8a78bc20e70772eeacda06f7b7d06a208355fbf0f858ad3de33e7
+  metadata.gz: 385e26f7d0dcf2baed0879a24a445d0758682c5ff42b6b89fda4233b130b40f1eb64bb4fa0a860d4615d4966995504827cd384067b8544feab48958861c9d6be
+  data.tar.gz: 3696165b16b2f312d83a67036c4cb930e5ebd3be42103b6d60f5fb09504d3ff40e1d804758faf5a2606beb497ddfb8f62d4b293aa4648d458925deecf7cdd2b9

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,27 @@
 ### Unreleased
+### 4.7.0 - 2019-08-19
+* enhancements
+  * Support Rails 6.0
+  * Update CI to rails 6.0.0.beta3 (by @tunnes)
+  * refactor method name to be more consistent (by @saiqulhaq)
+  * Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed)
+* bug fixes
+  * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl)
+  * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk)
+### 4.6.2 - 2019-03-26
+* bug fixes
+  * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/plataformatec/devise/issues/5033#issuecomment-476386275 (by @mracos)
+### 4.6.1 - 2019-02-11
+* bug fixes
+  * Check if `root_path` is defined with `#respond_to?` instead of `#present` (by @tegon)
 ### 4.6.0 - 2019-02-07
 * enhancements

data/README.md CHANGED Viewed

@@ -56,6 +56,7 @@ It's composed of 10 modules:
 	- [ActiveJob Integration](#activejob-integration)
 	- [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs)
 	- [Other ORMs](#other-orms)
+	- [Rails API mode](#rails-api-mode)
 - [Additional information](#additional-information)
 	- [Heroku](#heroku)
 	- [Warden](#warden)
@@ -173,7 +174,7 @@ If you are building your first Rails application, we recommend you *do not* use
 * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users
 * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch
-* Codecademy's Ruby on Rails: Authentication and Authorization: http://www.codecademy.com/en/learn/rails-auth
+* Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth
 Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley:
@@ -619,7 +620,7 @@ are executed in your tests.
 You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki:
-* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-3-and-4-%28and-RSpec%29
+* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec)
 ### OmniAuth
@@ -694,6 +695,17 @@ config.log_level = :warn
 Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simply require it in the initializer file.
+### Rails API Mode
+Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). One of the side effects is that it changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb:
+```ruby
+Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Cookies
+Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Session::CookieStore
+```
+For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696).
 ## Additional information
 ### Heroku
@@ -720,6 +732,6 @@ https://github.com/plataformatec/devise/graphs/contributors
 ## License
-MIT License. Copyright 2009-2018 Plataformatec. http://plataformatec.com.br
+MIT License. Copyright 2009-2019 Plataformatec. http://plataformatec.com.br
 You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo.

data/app/views/devise/passwords/edit.html.erb CHANGED Viewed

@@ -14,7 +14,7 @@
   <div class="field">
     <%= f.label :password_confirmation, "Confirm new password" %><br />
-    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+    <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
   </div>
   <div class="actions">

data/lib/devise/failure_app.rb CHANGED Viewed

@@ -153,7 +153,7 @@ module Devise
       # We need to add the rootpath to `script_name` manually for applications that use a Rails
       # version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines
       # that use Devise. Remove it when the support of Rails 5.0 is droped.
-      elsif root_path_defined?(context) && rails_5_and_down?
+      elsif root_path_defined?(context) && !rails_51_and_up?
         rootpath = context.routes.url_helpers.root_path
         opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1
       end
@@ -275,17 +275,11 @@ module Devise
     private
     def root_path_defined?(context)
-      defined?(context.routes) && context.routes.url_helpers.root_path.present?
+      defined?(context.routes) && context.routes.url_helpers.respond_to?(:root_path)
     end
-    def rails_5_and_down?
-      return false if rails_5_up?
-      Rails::VERSION::MAJOR >= 4
-    end
-    def rails_5_up?
-      Rails::VERSION::MAJOR >= 5 && Rails::VERSION::MINOR > 0
+    def rails_51_and_up?
+      Rails.gem_version >= Gem::Version.new("5.1")
     end
   end
 end

data/lib/devise/models/authenticatable.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-require 'active_model/version'
 require 'devise/hooks/activatable'
 require 'devise/hooks/csrf_cleaner'

data/lib/devise/models/database_authenticatable.rb CHANGED Viewed

@@ -60,7 +60,7 @@ module Devise
       # the hashed password.
       def password=(new_password)
         @password = new_password
-        self.encrypted_password = password_digest(@password)
+        self.encrypted_password = password_digest(@password) if @password.present?
       end
       # Verifies whether a password (ie from sign in) is the user password.
@@ -70,7 +70,7 @@ module Devise
       # Set password and password confirmation to nil
       def clean_up_passwords
-        @password = @password_confirmation = nil
+        self.password = self.password_confirmation = nil
       end
       # Update record attributes when :current_password matches, otherwise
@@ -198,7 +198,6 @@ module Devise
       # See https://github.com/plataformatec/devise-encryptable for examples
       # of other hashing engines.
       def password_digest(password)
-        return if password.blank?
         Devise::Encryptor.digest(self.class, password)
       end

data/lib/devise/models/validatable.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module Devise
         base.class_eval do
           validates_presence_of   :email, if: :email_required?
           if Devise.activerecord51?
-            validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email?
+            validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email?
             validates_format_of     :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email?
           else
             validates_uniqueness_of :email, allow_blank: true, if: :email_changed?

data/lib/devise/rails/routes.rb CHANGED Viewed

@@ -135,10 +135,10 @@ module ActionDispatch::Routing
     #  * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given
     #    are also allowed as parameter.
     #
-    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :delete),
     #    if you wish to restrict this to accept only :post or :delete requests you should do:
     #
-    #      devise_for :users, sign_out_via: [:post, :delete]
+    #      devise_for :users, sign_out_via: [:get, :post]
     #
     #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
     #

data/lib/devise/strategies/authenticatable.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Devise
     private
       # Receives a resource and check if it is valid by calling valid_for_authentication?
-      # An optional block that will be triggered while validating can be optionally
+      # A block that will be triggered while validating can be optionally
       # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
       # for more information.
       #

data/lib/devise/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Devise
-  VERSION = "4.6.0".freeze
+  VERSION = "4.7.0".freeze
 end

data/lib/devise.rb CHANGED Viewed

File without changes

data/lib/generators/templates/devise.rb CHANGED Viewed

File without changes

data/lib/generators/templates/simple_form_for/passwords/edit.html.erb CHANGED Viewed

@@ -13,7 +13,10 @@
                 autofocus: true,
                 hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length),
                 input_html: { autocomplete: "new-password" } %>
-    <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
+    <%= f.input :password_confirmation,
+                label: "Confirm your new password",
+                required: true,
+                input_html: { autocomplete: "new-password" } %>
   </div>
   <div class="form-actions">

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise
 version: !ruby/object:Gem::Version
-  version: 4.6.0
+  version: 4.7.0
 platform: ruby
 authors:
 - José Valim
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-02-07 00:00:00.000000000 Z
+date: 2019-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: warden
@@ -60,9 +60,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 4.1.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -70,9 +67,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 4.1.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: responders
   requirement: !ruby/object:Gem::Requirement