devise 4.6.1 → 4.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: f693d109d7ae197a0762ce5a617e7dfb817bce99
-  data.tar.gz: c0ccbced157b26334a1554cd260d8a9b1272f041
+SHA256:
+  metadata.gz: 2a3a0aa612778a5a148ace7270243452ffab13eb324584de33ca40243621d5d9
+  data.tar.gz: c3169895ddf9cb13b168fdff43ef4242104cb04bc7215225a118af451ce2e71d
 SHA512:
-  metadata.gz: 3c3cb793832eb8707aed1ba0449404f0319dad08525b5ecdf763c2e7aa7f036d2c7a8400ad2a3ee98d41ea84c708529ee657027102e4ba13c2a5ff00c14ff86c
-  data.tar.gz: 4bddd25f366745d698cc9a6a1f6e29da1f5d8a7b63af3f956a817ff69d06e5f59df9e3fb48d7f194e42dde7eb4851e2d7ec91c414d11ccc6180b9a2c152c1963
+  metadata.gz: e386828f44f3082947d1dcd52905ab2d73d6f697d37603023b231a68e7221d1d9a9af3aea4ee2b8344e9cdb3bc6f29137773692e6fc105e1b3c8d1573a7ea7a4
+  data.tar.gz: 0b087697d505307cfc41723f741e658812b17ac1fc4675e99bef7eab73fcf68143ea9226683a8c3cc0564cb1b61fdf28baa727a5bc2d492491a3e71e4a128ca2

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 ### Unreleased
 
+### 4.6.2 - 2019-03-26
+
+* bug fixes
+  * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/plataformatec/devise/issues/5033#issuecomment-476386275 (by @mracos)
+
 ### 4.6.1 - 2019-02-11
 
 * bug fixes

data/README.md

@@ -56,6 +56,7 @@ It's composed of 10 modules:
 	- [ActiveJob Integration](#activejob-integration)
 	- [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs)
 	- [Other ORMs](#other-orms)
+	- [Rails API mode](#rails-api-mode)
 - [Additional information](#additional-information)
 	- [Heroku](#heroku)
 	- [Warden](#warden)
@@ -619,7 +620,7 @@ are executed in your tests.
 
 You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki:
 
-* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-3-and-4-%28and-RSpec%29
+* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec)
 
 ### OmniAuth
 
@@ -694,6 +695,17 @@ config.log_level = :warn
 
 Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simply require it in the initializer file.
 
+### Rails API Mode
+
+Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). One of the side effects is that it changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb:
+
+```ruby
+Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Cookies
+Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Session::CookieStore
+```
+
+For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696).
+
 ## Additional information
 
 ### Heroku

data/lib/devise/models/database_authenticatable.rb

@@ -60,7 +60,7 @@ module Devise
       # the hashed password.
       def password=(new_password)
         @password = new_password
-        self.encrypted_password = password_digest(@password) 
+        self.encrypted_password = password_digest(@password) if @password.present?
       end
 
       # Verifies whether a password (ie from sign in) is the user password.
@@ -70,7 +70,7 @@ module Devise
 
       # Set password and password confirmation to nil
       def clean_up_passwords
-        @password = @password_confirmation = nil
+        self.password = self.password_confirmation = nil
       end
 
       # Update record attributes when :current_password matches, otherwise
@@ -198,7 +198,6 @@ module Devise
       # See https://github.com/plataformatec/devise-encryptable for examples
       # of other hashing engines.
       def password_digest(password)
-        return if password.blank?
         Devise::Encryptor.digest(self.class, password)
       end
 

data/lib/devise/strategies/authenticatable.rb

@@ -28,7 +28,7 @@ module Devise
     private
 
       # Receives a resource and check if it is valid by calling valid_for_authentication?
-      # An optional block that will be triggered while validating can be optionally
+      # A block that will be triggered while validating can be optionally
       # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
       # for more information.
       #

data/lib/devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Devise
-  VERSION = "4.6.1".freeze
+  VERSION = "4.6.2".freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise
 version: !ruby/object:Gem::Version
-  version: 4.6.1
+  version: 4.6.2
 platform: ruby
 authors:
 - José Valim
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-11 00:00:00.000000000 Z
+date: 2019-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: warden
@@ -224,7 +224,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Flexible authentication solution for Rails with Warden