devise 4.6.1 → 4.6.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: f693d109d7ae197a0762ce5a617e7dfb817bce99
4
- data.tar.gz: c0ccbced157b26334a1554cd260d8a9b1272f041
2
+ SHA256:
3
+ metadata.gz: 2a3a0aa612778a5a148ace7270243452ffab13eb324584de33ca40243621d5d9
4
+ data.tar.gz: c3169895ddf9cb13b168fdff43ef4242104cb04bc7215225a118af451ce2e71d
5
5
  SHA512:
6
- metadata.gz: 3c3cb793832eb8707aed1ba0449404f0319dad08525b5ecdf763c2e7aa7f036d2c7a8400ad2a3ee98d41ea84c708529ee657027102e4ba13c2a5ff00c14ff86c
7
- data.tar.gz: 4bddd25f366745d698cc9a6a1f6e29da1f5d8a7b63af3f956a817ff69d06e5f59df9e3fb48d7f194e42dde7eb4851e2d7ec91c414d11ccc6180b9a2c152c1963
6
+ metadata.gz: e386828f44f3082947d1dcd52905ab2d73d6f697d37603023b231a68e7221d1d9a9af3aea4ee2b8344e9cdb3bc6f29137773692e6fc105e1b3c8d1573a7ea7a4
7
+ data.tar.gz: 0b087697d505307cfc41723f741e658812b17ac1fc4675e99bef7eab73fcf68143ea9226683a8c3cc0564cb1b61fdf28baa727a5bc2d492491a3e71e4a128ca2
@@ -1,5 +1,10 @@
1
1
  ### Unreleased
2
2
 
3
+ ### 4.6.2 - 2019-03-26
4
+
5
+ * bug fixes
6
+ * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/plataformatec/devise/issues/5033#issuecomment-476386275 (by @mracos)
7
+
3
8
  ### 4.6.1 - 2019-02-11
4
9
 
5
10
  * bug fixes
data/README.md CHANGED
@@ -56,6 +56,7 @@ It's composed of 10 modules:
56
56
  - [ActiveJob Integration](#activejob-integration)
57
57
  - [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs)
58
58
  - [Other ORMs](#other-orms)
59
+ - [Rails API mode](#rails-api-mode)
59
60
  - [Additional information](#additional-information)
60
61
  - [Heroku](#heroku)
61
62
  - [Warden](#warden)
@@ -619,7 +620,7 @@ are executed in your tests.
619
620
 
620
621
  You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki:
621
622
 
622
- * https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-3-and-4-%28and-RSpec%29
623
+ * https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec)
623
624
 
624
625
  ### OmniAuth
625
626
 
@@ -694,6 +695,17 @@ config.log_level = :warn
694
695
 
695
696
  Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simply require it in the initializer file.
696
697
 
698
+ ### Rails API Mode
699
+
700
+ Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). One of the side effects is that it changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb:
701
+
702
+ ```ruby
703
+ Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Cookies
704
+ Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Session::CookieStore
705
+ ```
706
+
707
+ For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696).
708
+
697
709
  ## Additional information
698
710
 
699
711
  ### Heroku
@@ -60,7 +60,7 @@ module Devise
60
60
  # the hashed password.
61
61
  def password=(new_password)
62
62
  @password = new_password
63
- self.encrypted_password = password_digest(@password)
63
+ self.encrypted_password = password_digest(@password) if @password.present?
64
64
  end
65
65
 
66
66
  # Verifies whether a password (ie from sign in) is the user password.
@@ -70,7 +70,7 @@ module Devise
70
70
 
71
71
  # Set password and password confirmation to nil
72
72
  def clean_up_passwords
73
- @password = @password_confirmation = nil
73
+ self.password = self.password_confirmation = nil
74
74
  end
75
75
 
76
76
  # Update record attributes when :current_password matches, otherwise
@@ -198,7 +198,6 @@ module Devise
198
198
  # See https://github.com/plataformatec/devise-encryptable for examples
199
199
  # of other hashing engines.
200
200
  def password_digest(password)
201
- return if password.blank?
202
201
  Devise::Encryptor.digest(self.class, password)
203
202
  end
204
203
 
@@ -28,7 +28,7 @@ module Devise
28
28
  private
29
29
 
30
30
  # Receives a resource and check if it is valid by calling valid_for_authentication?
31
- # An optional block that will be triggered while validating can be optionally
31
+ # A block that will be triggered while validating can be optionally
32
32
  # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
33
33
  # for more information.
34
34
  #
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Devise
4
- VERSION = "4.6.1".freeze
4
+ VERSION = "4.6.2".freeze
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.6.1
4
+ version: 4.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - José Valim
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2019-02-11 00:00:00.000000000 Z
12
+ date: 2019-03-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: warden
@@ -224,7 +224,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
224
224
  version: '0'
225
225
  requirements: []
226
226
  rubyforge_project:
227
- rubygems_version: 2.6.13
227
+ rubygems_version: 2.7.6
228
228
  signing_key:
229
229
  specification_version: 4
230
230
  summary: Flexible authentication solution for Rails with Warden