devise 4.7.1 → 4.9.3

data/lib/devise/models/omniauthable.rb

@@ -8,11 +8,11 @@ module Devise
     #
     # == Options
     #
-    # Oauthable adds the following options to devise_for:
+    # Oauthable adds the following options to +devise+:
     #
     #   * +omniauth_providers+: Which providers are available to this model. It expects an array:
     #
-    #       devise_for :database_authenticatable, :omniauthable, omniauth_providers: [:twitter]
+    #       devise :database_authenticatable, :omniauthable, omniauth_providers: [:twitter]
     #
     module Omniauthable
       extend ActiveSupport::Concern

data/lib/devise/models/recoverable.rb

@@ -7,7 +7,7 @@ module Devise
     #
     # ==Options
     #
-    # Recoverable adds the following options to devise_for:
+    # Recoverable adds the following options to +devise+:
     #
     #   * +reset_password_keys+: the keys you want to use when recovering the password for an account
     #   * +reset_password_within+: the time period within which the password must be reset or the token expires.
@@ -99,24 +99,13 @@ module Devise
           send_devise_notification(:reset_password_instructions, token, {})
         end
 
-        if Devise.activerecord51?
-          def clear_reset_password_token?
-            encrypted_password_changed = respond_to?(:will_save_change_to_encrypted_password?) && will_save_change_to_encrypted_password?
-            authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
-              respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?")
-            end
-
-            authentication_keys_changed || encrypted_password_changed
+        def clear_reset_password_token?
+          encrypted_password_changed = devise_respond_to_and_will_save_change_to_attribute?(:encrypted_password)
+          authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
+            devise_respond_to_and_will_save_change_to_attribute?(attribute)
           end
-        else
-          def clear_reset_password_token?
-            encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed?
-            authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
-              respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
-            end
 
-            authentication_keys_changed || encrypted_password_changed
-          end
+          authentication_keys_changed || encrypted_password_changed
         end
 
       module ClassMethods
@@ -131,7 +120,7 @@ module Devise
         # password instructions to it. If user is not found, returns a new user
         # with an email not found error.
         # Attributes must contain the user's email
-        def send_reset_password_instructions(attributes={})
+        def send_reset_password_instructions(attributes = {})
           recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
           recoverable.send_reset_password_instructions if recoverable.persisted?
           recoverable
@@ -142,7 +131,7 @@ module Devise
         # try saving the record. If not user is found, returns a new user
         # containing an error in reset_password_token attribute.
         # Attributes must contain reset_password_token, password and confirmation
-        def reset_password_by_token(attributes={})
+        def reset_password_by_token(attributes = {})
           original_token       = attributes[:reset_password_token]
           reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
 

data/lib/devise/models/rememberable.rb

@@ -15,7 +15,7 @@ module Devise
     #
     # == Options
     #
-    # Rememberable adds the following options in devise_for:
+    # Rememberable adds the following options to +devise+:
     #
     #   * +remember_for+: the time you want the user will be remembered without
     #     asking for credentials. After this time the user will be blocked and
@@ -102,7 +102,7 @@ module Devise
 
       def remember_me?(token, generated_at)
         # TODO: Normalize the JSON type coercion along with the Timeoutable hook
-        # in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
+        # in a single place https://github.com/heartcombo/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
         if generated_at.is_a?(String)
           generated_at = time_from_json(generated_at)
         end

data/lib/devise/models/timeoutable.rb

@@ -11,7 +11,7 @@ module Devise
     #
     # == Options
     #
-    # Timeoutable adds the following options to devise_for:
+    # Timeoutable adds the following options to +devise+:
     #
     #   * +timeout_in+: the interval to timeout the user session without activity.
     #

data/lib/devise/models/trackable.rb

@@ -33,7 +33,7 @@ module Devise
       def update_tracked_fields!(request)
         # We have to check if the user is already persisted before running
         # `save` here because invalid users can be saved if we don't.
-        # See https://github.com/plataformatec/devise/issues/4673 for more details.
+        # See https://github.com/heartcombo/devise/issues/4673 for more details.
         return if new_record?
 
         update_tracked_fields(request)

data/lib/devise/models/validatable.rb

@@ -9,7 +9,7 @@ module Devise
     #
     # == Options
     #
-    # Validatable adds the following options to devise_for:
+    # Validatable adds the following options to +devise+:
     #
     #   * +email_regexp+: the regular expression used to validate e-mails;
     #   * +password_length+: a range expressing password length. Defaults to 6..128.
@@ -29,13 +29,8 @@ module Devise
 
         base.class_eval do
           validates_presence_of   :email, if: :email_required?
-          if Devise.activerecord51?
-            validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email?
-            validates_format_of     :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email?
-          else
-            validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
-            validates_format_of     :email, with: email_regexp, allow_blank: true, if: :email_changed?
-          end
+          validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :devise_will_save_change_to_email?
+          validates_format_of     :email, with: email_regexp, allow_blank: true, if: :devise_will_save_change_to_email?
 
           validates_presence_of     :password, if: :password_required?
           validates_confirmation_of :password, if: :password_required?
@@ -47,7 +42,7 @@ module Devise
         unavailable_validations = VALIDATIONS.select { |v| !base.respond_to?(v) }
 
         unless unavailable_validations.empty?
-          raise "Could not use :validatable module since #{base} does not respond " <<
+          raise "Could not use :validatable module since #{base} does not respond " \
                 "to the following methods: #{unavailable_validations.to_sentence}."
         end
       end

data/lib/devise/models.rb

@@ -84,6 +84,7 @@ module Devise
       end
 
       devise_modules_hook! do
+        include Devise::Orm
         include Devise::Models::Authenticatable
 
         selected_modules.each do |m|

data/lib/devise/omniauth.rb

@@ -1,17 +1,14 @@
 # frozen_string_literal: true
 
 begin
+  gem "omniauth", ">= 1.0.0"
+
   require "omniauth"
-  require "omniauth/version"
 rescue LoadError
   warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
   raise
 end
 
-unless OmniAuth::VERSION =~ /^1\./
-  raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
-end
-
 # Clean up the default path_prefix. It will be automatically set by Devise.
 OmniAuth.config.path_prefix = nil
 

data/lib/devise/orm.rb

@@ -0,0 +1,71 @@
+module Devise
+  module Orm # :nodoc:
+    def self.active_record?(model)
+      defined?(ActiveRecord) && model < ActiveRecord::Base
+    end
+
+    def self.active_record_51?(model)
+      active_record?(model) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
+    end
+
+    def self.included(model)
+      if Devise::Orm.active_record_51?(model)
+        model.include DirtyTrackingNewMethods
+      else
+        model.include DirtyTrackingOldMethods
+      end
+    end
+
+    module DirtyTrackingNewMethods
+      def devise_email_before_last_save
+        email_before_last_save
+      end
+
+      def devise_email_in_database
+        email_in_database
+      end
+
+      def devise_saved_change_to_email?
+        saved_change_to_email?
+      end
+
+      def devise_saved_change_to_encrypted_password?
+        saved_change_to_encrypted_password?
+      end
+
+      def devise_will_save_change_to_email?
+        will_save_change_to_email?
+      end
+
+      def devise_respond_to_and_will_save_change_to_attribute?(attribute)
+        respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?")
+      end
+    end
+
+    module DirtyTrackingOldMethods
+      def devise_email_before_last_save
+        email_was
+      end
+
+      def devise_email_in_database
+        email_was
+      end
+
+      def devise_saved_change_to_email?
+        email_changed?
+      end
+
+      def devise_saved_change_to_encrypted_password?
+        encrypted_password_changed?
+      end
+
+      def devise_will_save_change_to_email?
+        email_changed?
+      end
+
+      def devise_respond_to_and_will_save_change_to_attribute?(attribute)
+        respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
+      end
+    end
+  end
+end

data/lib/devise/rails/deprecated_constant_accessor.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+begin
+  require 'active_support/deprecation/constant_accessor'
+
+  module Devise
+    DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc:
+  end
+rescue LoadError
+
+  # Copy of constant deprecation module from Rails / Active Support version 6, so we can use it
+  # with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater.
+  module Devise
+    module DeprecatedConstantAccessor #:nodoc:
+      def self.included(base)
+        require "active_support/inflector/methods"
+
+        extension = Module.new do
+          def const_missing(missing_const_name)
+            if class_variable_defined?(:@@_deprecated_constants)
+              if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s])
+                replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations)
+                return ActiveSupport::Inflector.constantize(replacement[:new].to_s)
+              end
+            end
+            super
+          end
+
+          def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator)
+            class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
+            class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
+          end
+        end
+        base.singleton_class.prepend extension
+      end
+    end
+  end
+
+end

data/lib/devise/rails/routes.rb

@@ -287,7 +287,7 @@ module ActionDispatch::Routing
     #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
-    def authenticate(scope=nil, block=nil)
+    def authenticate(scope = nil, block = nil)
       constraints_for(:authenticate!, scope, block) do
         yield
       end
@@ -311,7 +311,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'landing#show'
     #
-    def authenticated(scope=nil, block=nil)
+    def authenticated(scope = nil, block = nil)
       constraints_for(:authenticate?, scope, block) do
         yield
       end
@@ -328,7 +328,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'dashboard#show'
     #
-    def unauthenticated(scope=nil)
+    def unauthenticated(scope = nil)
       constraint = lambda do |request|
         not request.env["warden"].authenticate? scope: scope
       end
@@ -474,7 +474,7 @@ ERROR
         @scope = current_scope
       end
 
-      def constraints_for(method_to_apply, scope=nil, block=nil)
+      def constraints_for(method_to_apply, scope = nil, block = nil)
         constraint = lambda do |request|
           request.env['warden'].send(method_to_apply, scope: scope) &&
             (block.nil? || block.call(request.env["warden"].user(scope)))

data/lib/devise/rails.rb

@@ -17,6 +17,10 @@ module Devise
       app.reload_routes! if Devise.reload_routes
     end
 
+    initializer "devise.deprecator" do |app|
+      app.deprecators[:devise] = Devise.deprecator if app.respond_to?(:deprecators)
+    end
+
     initializer "devise.url_helpers" do
       Devise.include_helpers(Devise::Controllers)
     end

data/lib/devise/test/controller_helpers.rb

@@ -37,6 +37,8 @@ module Devise
         @response
       end
 
+      ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true)
+
       # We need to set up the environment variables and the response in the controller.
       def setup_controller_for_warden #:nodoc:
         @request.env['action_controller.instance'] = @controller
@@ -67,7 +69,7 @@ module Devise
           scope = resource
           resource = deprecated
 
-          ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+          Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
             [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise.
             Please use sign_in(resource, scope: :#{scope}) instead.
           DEPRECATION
@@ -141,7 +143,7 @@ module Devise
           @controller.response.headers.merge!(headers)
           @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5
           @controller.status = status
-          @controller.response.body = response.body
+          @controller.response_body = response.body
           nil # causes process return @response
         end
 

data/lib/devise/test/integration_helpers.rb

@@ -28,7 +28,7 @@ module Devise
         end
       end
 
-      # Signs in a specific resource, mimicking a successfull sign in
+      # Signs in a specific resource, mimicking a successful sign in
       # operation through +Devise::SessionsController#create+.
       #
       # * +resource+ - The resource that should be authenticated

data/lib/devise/test_helpers.rb

@@ -4,7 +4,7 @@ module Devise
   module TestHelpers
     def self.included(base)
       base.class_eval do
-        ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+        Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
           [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise.
           For controller tests, please include `Devise::Test::ControllerHelpers` instead.
         DEPRECATION

data/lib/devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Devise
-  VERSION = "4.7.1".freeze
+  VERSION = "4.9.3".freeze
 end

data/lib/devise.rb

@@ -13,6 +13,7 @@ module Devise
   autoload :Encryptor,          'devise/encryptor'
   autoload :FailureApp,         'devise/failure_app'
   autoload :OmniAuth,           'devise/omniauth'
+  autoload :Orm,                'devise/orm'
   autoload :ParameterFilter,    'devise/parameter_filter'
   autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
   autoload :TestHelpers,        'devise/test_helpers'
@@ -23,6 +24,7 @@ module Devise
   module Controllers
     autoload :Helpers,        'devise/controllers/helpers'
     autoload :Rememberable,   'devise/controllers/rememberable'
+    autoload :Responder,      'devise/controllers/responder'
     autoload :ScopedViews,    'devise/controllers/scoped_views'
     autoload :SignInOut,      'devise/controllers/sign_in_out'
     autoload :StoreLocation,  'devise/controllers/store_location'
@@ -71,7 +73,7 @@ module Devise
 
   # The number of times to hash the password.
   mattr_accessor :stretches
-  @@stretches = 11
+  @@stretches = 12
 
   # The default key used when authenticating over http auth.
   mattr_accessor :http_authentication_key
@@ -217,7 +219,16 @@ module Devise
 
   # Which formats should be treated as navigational.
   mattr_accessor :navigational_formats
-  @@navigational_formats = ["*/*", :html]
+  @@navigational_formats = ["*/*", :html, :turbo_stream]
+
+  # The default responder used by Devise, used to customize status codes with:
+  #
+  #   `config.responder.error_status`
+  #   `config.responder.redirect_status`
+  #
+  # Can be replaced by a custom application responder.
+  mattr_accessor :responder
+  @@responder = Devise::Controllers::Responder
 
   # When set to true, signing out a user signs out all other scopes.
   mattr_accessor :sign_out_all_scopes
@@ -297,14 +308,6 @@ module Devise
   mattr_accessor :sign_in_after_change_password
   @@sign_in_after_change_password = true
 
-  def self.rails51? # :nodoc:
-    Rails.gem_version >= Gem::Version.new("5.1.x")
-  end
-
-  def self.activerecord51? # :nodoc:
-    defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
-  end
-
   # Default way to set up Devise. Run rails generate devise_install to create
   # a fresh initializer with all configuration values.
   def self.setup
@@ -317,12 +320,20 @@ module Devise
     end
 
     def get
-      ActiveSupport::Dependencies.constantize(@name)
+      # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
+      if ActiveSupport::Dependencies.respond_to?(:constantize)
+        ActiveSupport::Dependencies.constantize(@name)
+      else
+        @name.constantize
+      end
     end
   end
 
   def self.ref(arg)
-    ActiveSupport::Dependencies.reference(arg)
+    # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
+    if ActiveSupport::Dependencies.respond_to?(:reference)
+      ActiveSupport::Dependencies.reference(arg)
+    end
     Getter.new(arg)
   end
 
@@ -509,6 +520,18 @@ module Devise
     b.each_byte { |byte| res |= byte ^ l.shift }
     res == 0
   end
+
+  def self.deprecator
+    @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise")
+  end
+
+  def self.activerecord51? # :nodoc:
+    deprecator.warn <<-DEPRECATION.strip_heredoc
+      [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version.
+      It is a non-public method that's no longer used internally, but that other libraries have been relying on.
+    DEPRECATION
+    defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
+  end
 end
 
 require 'warden'

data/lib/generators/active_record/devise_generator.rb

@@ -86,9 +86,24 @@ RUBY
         Rails::VERSION::MAJOR >= 5
       end
 
+      def rails61_and_up?
+        Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1)
+      end
+
       def postgresql?
-        config = ActiveRecord::Base.configurations[Rails.env]
-        config && config['adapter'] == 'postgresql'
+        ar_config && ar_config['adapter'] == 'postgresql'
+      end
+
+      def ar_config
+        if ActiveRecord::Base.configurations.respond_to?(:configs_for)
+          if rails61_and_up?
+            ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: "primary").configuration_hash
+          else
+            ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, spec_name: "primary").config
+          end
+        else
+          ActiveRecord::Base.configurations[Rails.env]
+        end
       end
 
      def migration_version

data/lib/generators/devise/devise_generator.rb

@@ -13,7 +13,7 @@ module Devise
       desc "Generates a model with the given NAME (if one does not exist) with devise " \
            "configuration plus a migration file and devise routes."
 
-      hook_for :orm
+      hook_for :orm, required: true
 
       class_option :routes, desc: "Generate routes", type: :boolean, default: true
 

data/lib/generators/devise/install_generator.rb

@@ -11,7 +11,7 @@ module Devise
       source_root File.expand_path("../../templates", __FILE__)
 
       desc "Creates a Devise initializer and copy locale files to your application."
-      class_option :orm
+      class_option :orm, required: true
 
       def copy_initializer
         unless options[:orm]
@@ -37,10 +37,6 @@ module Devise
       def show_readme
         readme "README" if behavior == :invoke
       end
-
-      def rails_4?
-        Rails::VERSION::MAJOR == 4
-      end
     end
   end
 end

data/lib/generators/devise/views_generator.rb

@@ -42,7 +42,7 @@ module Devise
       def view_directory(name, _target_path = nil)
         directory name.to_s, _target_path || "#{target_path}/#{name}" do |content|
           if scope
-            content.gsub "devise/shared/links", "#{plural_scope}/shared/links"
+            content.gsub("devise/shared", "#{plural_scope}/shared")
           else
             content
           end

data/lib/generators/templates/README

@@ -1,6 +1,6 @@
 ===============================================================================
 
-Some setup you must do manually if you haven't yet:
+Depending on your application's configuration some manual setup may be required:
 
   1. Ensure you have defined default url options in your environments files. Here
      is an example of default_url_options appropriate for a development environment
@@ -10,10 +10,14 @@ Some setup you must do manually if you haven't yet:
 
      In production, :host should be set to the actual host of your application.
 
+     * Required for all applications. *
+
   2. Ensure you have defined root_url to *something* in your config/routes.rb.
      For example:
 
        root to: "home#index"
+     
+     * Not required for API-only Applications *
 
   3. Ensure you have flash messages in app/views/layouts/application.html.erb.
      For example:
@@ -21,8 +25,12 @@ Some setup you must do manually if you haven't yet:
        <p class="notice"><%= notice %></p>
        <p class="alert"><%= alert %></p>
 
+     * Not required for API-only Applications *
+
   4. You can copy Devise views (for customization) to your app by running:
 
        rails g devise:views
+       
+     * Not required *
 
 ===============================================================================

data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb

@@ -9,7 +9,7 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback
   # end
 
   # More info at:
-  # https://github.com/plataformatec/devise#omniauth
+  # https://github.com/heartcombo/devise#omniauth
 
   # GET|POST /resource/auth/twitter
   # def passthru