devise 4.7.2 → 4.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/README.md +5 -6
- data/app/helpers/devise_helper.rb +18 -6
- data/app/mailers/devise/mailer.rb +5 -5
- data/lib/devise/controllers/helpers.rb +7 -7
- data/lib/devise/controllers/sign_in_out.rb +3 -3
- data/lib/devise/controllers/url_helpers.rb +1 -1
- data/lib/devise/failure_app.rb +0 -1
- data/lib/devise/mapping.rb +1 -1
- data/lib/devise/models/authenticatable.rb +4 -4
- data/lib/devise/models/confirmable.rb +2 -2
- data/lib/devise/models/lockable.rb +1 -1
- data/lib/devise/models/recoverable.rb +2 -2
- data/lib/devise/rails/routes.rb +4 -4
- data/lib/devise/test/controller_helpers.rb +1 -1
- data/lib/devise/version.rb +1 -1
- data/lib/generators/devise/devise_generator.rb +1 -1
- data/lib/generators/devise/install_generator.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '056338b76007de25ec62deff781ba493d0d063184f70373d31406faf1fc8a219'
|
4
|
+
data.tar.gz: 43919f99b2b775b213bf40d5849138339b99462700e58ce5e4a843ab5a63c22f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b21e1c4b5658dc2077d4eeb4fa70fa25c108bcdbe03b1b1f587d1a8f5c49a2c3b0fa299dc5a45af8b743ba8d8dc968bab768587df12350d41beeb163f6d80af3
|
7
|
+
data.tar.gz: c12702819c331ce7739ee30a34cdf550d85db4edbe90ad1c3adffe51c910a27f969938dc098940637c49acc31da0195cc351b56558bf4c2be69961f3071a23c6
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,11 @@
|
|
1
|
-
### 4.7.
|
1
|
+
### 4.7.3 - 2020-09-20
|
2
|
+
|
3
|
+
* bug fixes
|
4
|
+
* Do not modify `:except` option given to `#serializable_hash`. (by @dpep)
|
5
|
+
* Fix thor deprecation when running the devise generator. (by @deivid-rodriguez)
|
6
|
+
* Fix hanging tests for streaming controllers using Devise. (by @afn)
|
7
|
+
|
8
|
+
### 4.7.2 - 2020-06-10
|
2
9
|
|
3
10
|
* enhancements
|
4
11
|
* Increase default stretches to 12 (by @sergey-alekseev)
|
data/README.md
CHANGED
@@ -54,7 +54,6 @@ It's composed of 10 modules:
|
|
54
54
|
- [Other ORMs](#other-orms)
|
55
55
|
- [Rails API mode](#rails-api-mode)
|
56
56
|
- [Additional information](#additional-information)
|
57
|
-
- [Heroku](#heroku)
|
58
57
|
- [Warden](#warden)
|
59
58
|
- [Contributors](#contributors)
|
60
59
|
- [License](#license)
|
@@ -120,7 +119,7 @@ Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid
|
|
120
119
|
|
121
120
|
### DEVISE_ORM
|
122
121
|
Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM.
|
123
|
-
The default value of `DEVISE_ORM` is `active_record`. To run the tests for
|
122
|
+
The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`:
|
124
123
|
```
|
125
124
|
DEVISE_ORM=mongoid bin/test
|
126
125
|
|
@@ -273,7 +272,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`,
|
|
273
272
|
|
274
273
|
### Strong Parameters
|
275
274
|
|
276
|
-
|
275
|
+
The Parameter Sanitizer API has changed for Devise 4 :warning:
|
277
276
|
|
278
277
|
*For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters*
|
279
278
|
|
@@ -313,7 +312,7 @@ class ApplicationController < ActionController::Base
|
|
313
312
|
end
|
314
313
|
```
|
315
314
|
|
316
|
-
Devise allows you to completely change Devise defaults or invoke custom
|
315
|
+
Devise allows you to completely change Devise defaults or invoke custom behavior by passing a block:
|
317
316
|
|
318
317
|
To permit simple scalar values for username and email, use this
|
319
318
|
|
@@ -436,7 +435,7 @@ If the customization at the views level is not enough, you can customize each co
|
|
436
435
|
end
|
437
436
|
```
|
438
437
|
|
439
|
-
Or you can simply add new
|
438
|
+
Or you can simply add new behavior to it:
|
440
439
|
|
441
440
|
```ruby
|
442
441
|
class Users::SessionsController < Devise::SessionsController
|
@@ -741,6 +740,6 @@ https://github.com/heartcombo/devise/graphs/contributors
|
|
741
740
|
|
742
741
|
## License
|
743
742
|
|
744
|
-
MIT License. Copyright 2020 Rafael França,
|
743
|
+
MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
|
745
744
|
|
746
745
|
The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/).
|
@@ -1,14 +1,26 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module DeviseHelper
|
4
|
-
# Retain this method for backwards compatibility, deprecated in
|
5
|
-
# devise/shared/error_messages partial
|
4
|
+
# Retain this method for backwards compatibility, deprecated in favor of modifying the
|
5
|
+
# devise/shared/error_messages partial.
|
6
6
|
def devise_error_messages!
|
7
7
|
ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
|
8
|
-
[Devise] `DeviseHelper
|
9
|
-
|
10
|
-
|
11
|
-
|
8
|
+
[Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be
|
9
|
+
removed in the next major version.
|
10
|
+
|
11
|
+
Devise now uses a partial under "devise/shared/error_messages" to display
|
12
|
+
error messages by default, and make them easier to customize. Update your
|
13
|
+
views changing calls from:
|
14
|
+
|
15
|
+
<%= devise_error_messages! %>
|
16
|
+
|
17
|
+
to:
|
18
|
+
|
19
|
+
<%= render "devise/shared/error_messages", resource: resource %>
|
20
|
+
|
21
|
+
To start customizing how errors are displayed, you can copy the partial
|
22
|
+
from devise to your `app/views` folder. Alternatively, you can run
|
23
|
+
`rails g devise:views` which will copy all of them again to your app.
|
12
24
|
DEPRECATION
|
13
25
|
|
14
26
|
return "" if resource.errors.empty?
|
@@ -4,26 +4,26 @@ if defined?(ActionMailer)
|
|
4
4
|
class Devise::Mailer < Devise.parent_mailer.constantize
|
5
5
|
include Devise::Mailers::Helpers
|
6
6
|
|
7
|
-
def confirmation_instructions(record, token, opts={})
|
7
|
+
def confirmation_instructions(record, token, opts = {})
|
8
8
|
@token = token
|
9
9
|
devise_mail(record, :confirmation_instructions, opts)
|
10
10
|
end
|
11
11
|
|
12
|
-
def reset_password_instructions(record, token, opts={})
|
12
|
+
def reset_password_instructions(record, token, opts = {})
|
13
13
|
@token = token
|
14
14
|
devise_mail(record, :reset_password_instructions, opts)
|
15
15
|
end
|
16
16
|
|
17
|
-
def unlock_instructions(record, token, opts={})
|
17
|
+
def unlock_instructions(record, token, opts = {})
|
18
18
|
@token = token
|
19
19
|
devise_mail(record, :unlock_instructions, opts)
|
20
20
|
end
|
21
21
|
|
22
|
-
def email_changed(record, opts={})
|
22
|
+
def email_changed(record, opts = {})
|
23
23
|
devise_mail(record, :email_changed, opts)
|
24
24
|
end
|
25
25
|
|
26
|
-
def password_change(record, opts={})
|
26
|
+
def password_change(record, opts = {})
|
27
27
|
devise_mail(record, :password_change, opts)
|
28
28
|
end
|
29
29
|
end
|
@@ -36,14 +36,14 @@ module Devise
|
|
36
36
|
# before_action ->{ authenticate_blogger! :admin } # Redirects to the admin login page
|
37
37
|
# current_blogger :user # Preferably returns a User if one is signed in
|
38
38
|
#
|
39
|
-
def devise_group(group_name, opts={})
|
39
|
+
def devise_group(group_name, opts = {})
|
40
40
|
mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
|
41
41
|
|
42
42
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
43
|
-
def authenticate_#{group_name}!(
|
43
|
+
def authenticate_#{group_name}!(favorite = nil, opts = {})
|
44
44
|
unless #{group_name}_signed_in?
|
45
45
|
mappings = #{mappings}
|
46
|
-
mappings.unshift mappings.delete(
|
46
|
+
mappings.unshift mappings.delete(favorite.to_sym) if favorite
|
47
47
|
mappings.each do |mapping|
|
48
48
|
opts[:scope] = mapping
|
49
49
|
warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
|
@@ -57,9 +57,9 @@ module Devise
|
|
57
57
|
end
|
58
58
|
end
|
59
59
|
|
60
|
-
def current_#{group_name}(
|
60
|
+
def current_#{group_name}(favorite = nil)
|
61
61
|
mappings = #{mappings}
|
62
|
-
mappings.unshift mappings.delete(
|
62
|
+
mappings.unshift mappings.delete(favorite.to_sym) if favorite
|
63
63
|
mappings.each do |mapping|
|
64
64
|
current = warden.authenticate(scope: mapping)
|
65
65
|
return current if current
|
@@ -113,7 +113,7 @@ module Devise
|
|
113
113
|
mapping = mapping.name
|
114
114
|
|
115
115
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
116
|
-
def authenticate_#{mapping}!(opts={})
|
116
|
+
def authenticate_#{mapping}!(opts = {})
|
117
117
|
opts[:scope] = :#{mapping}
|
118
118
|
warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
|
119
119
|
end
|
@@ -252,7 +252,7 @@ module Devise
|
|
252
252
|
# Overwrite Rails' handle unverified request to sign out all scopes,
|
253
253
|
# clear run strategies and remove cached variables.
|
254
254
|
def handle_unverified_request
|
255
|
-
super # call the default
|
255
|
+
super # call the default behavior which resets/nullifies/raises
|
256
256
|
request.env["devise.skip_storage"] = true
|
257
257
|
sign_out_all_scopes(false)
|
258
258
|
end
|
@@ -10,7 +10,7 @@ module Devise
|
|
10
10
|
# cause exceptions to be thrown from this method; if you simply want to check
|
11
11
|
# if a scope has already previously been authenticated without running
|
12
12
|
# authentication hooks, you can directly call `warden.authenticated?(scope: scope)`
|
13
|
-
def signed_in?(scope=nil)
|
13
|
+
def signed_in?(scope = nil)
|
14
14
|
[scope || Devise.mappings.keys].flatten.any? do |_scope|
|
15
15
|
warden.authenticate?(scope: _scope)
|
16
16
|
end
|
@@ -77,7 +77,7 @@ module Devise
|
|
77
77
|
# sign_out :user # sign_out(scope)
|
78
78
|
# sign_out @user # sign_out(resource)
|
79
79
|
#
|
80
|
-
def sign_out(resource_or_scope=nil)
|
80
|
+
def sign_out(resource_or_scope = nil)
|
81
81
|
return sign_out_all_scopes unless resource_or_scope
|
82
82
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
83
83
|
user = warden.user(scope: scope, run_callbacks: false) # If there is no user
|
@@ -92,7 +92,7 @@ module Devise
|
|
92
92
|
# Sign out all active users or scopes. This helper is useful for signing out all roles
|
93
93
|
# in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
|
94
94
|
# and false if there was no user logged in on all scopes.
|
95
|
-
def sign_out_all_scopes(lock=true)
|
95
|
+
def sign_out_all_scopes(lock = true)
|
96
96
|
users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
|
97
97
|
|
98
98
|
warden.logout
|
data/lib/devise/failure_app.rb
CHANGED
data/lib/devise/mapping.rb
CHANGED
@@ -46,7 +46,7 @@ module Devise
|
|
46
46
|
raise "Could not find a valid mapping for #{obj.inspect}"
|
47
47
|
end
|
48
48
|
|
49
|
-
def self.find_by_path!(path, path_type
|
49
|
+
def self.find_by_path!(path, path_type = :fullpath)
|
50
50
|
Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) }
|
51
51
|
raise "Could not find a valid mapping for path #{path.inspect}"
|
52
52
|
end
|
@@ -104,7 +104,7 @@ module Devise
|
|
104
104
|
# given to :except will simply add names to exempt to Devise internal list.
|
105
105
|
def serializable_hash(options = nil)
|
106
106
|
options = options.try(:dup) || {}
|
107
|
-
options[:except] = Array(options[:except])
|
107
|
+
options[:except] = Array(options[:except]).dup
|
108
108
|
|
109
109
|
if options[:force_except]
|
110
110
|
options[:except].concat Array(options[:force_except])
|
@@ -272,17 +272,17 @@ module Devise
|
|
272
272
|
find_first_by_auth_conditions(tainted_conditions)
|
273
273
|
end
|
274
274
|
|
275
|
-
def find_first_by_auth_conditions(tainted_conditions, opts={})
|
275
|
+
def find_first_by_auth_conditions(tainted_conditions, opts = {})
|
276
276
|
to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts))
|
277
277
|
end
|
278
278
|
|
279
279
|
# Find or initialize a record setting an error if it can't be found.
|
280
|
-
def find_or_initialize_with_error_by(attribute, value, error
|
280
|
+
def find_or_initialize_with_error_by(attribute, value, error = :invalid) #:nodoc:
|
281
281
|
find_or_initialize_with_errors([attribute], { attribute => value }, error)
|
282
282
|
end
|
283
283
|
|
284
284
|
# Find or initialize a record with group of attributes based on a list of required attributes.
|
285
|
-
def find_or_initialize_with_errors(required_attributes, attributes, error
|
285
|
+
def find_or_initialize_with_errors(required_attributes, attributes, error = :invalid) #:nodoc:
|
286
286
|
attributes.try(:permit!)
|
287
287
|
attributes = attributes.to_h.with_indifferent_access
|
288
288
|
.slice(*required_attributes)
|
@@ -76,7 +76,7 @@ module Devise
|
|
76
76
|
# Confirm a user by setting it's confirmed_at to actual time. If the user
|
77
77
|
# is already confirmed, add an error to email field. If the user is invalid
|
78
78
|
# add errors
|
79
|
-
def confirm(args={})
|
79
|
+
def confirm(args = {})
|
80
80
|
pending_any_confirmation do
|
81
81
|
if confirmation_period_expired?
|
82
82
|
self.errors.add(:email, :confirmation_period_expired,
|
@@ -334,7 +334,7 @@ module Devise
|
|
334
334
|
# confirmation instructions to it. If not, try searching for a user by unconfirmed_email
|
335
335
|
# field. If no user is found, returns a new user with an email not found error.
|
336
336
|
# Options must contain the user email
|
337
|
-
def send_confirmation_instructions(attributes={})
|
337
|
+
def send_confirmation_instructions(attributes = {})
|
338
338
|
confirmable = find_by_unconfirmed_email_with_errors(attributes) if reconfirmable
|
339
339
|
unless confirmable.try(:persisted?)
|
340
340
|
confirmable = find_or_initialize_with_errors(confirmation_keys, attributes, :not_found)
|
@@ -168,7 +168,7 @@ module Devise
|
|
168
168
|
# unlock instructions to it. If not user is found, returns a new user
|
169
169
|
# with an email not found error.
|
170
170
|
# Options must contain the user's unlock keys
|
171
|
-
def send_unlock_instructions(attributes={})
|
171
|
+
def send_unlock_instructions(attributes = {})
|
172
172
|
lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found)
|
173
173
|
lockable.resend_unlock_instructions if lockable.persisted?
|
174
174
|
lockable
|
@@ -131,7 +131,7 @@ module Devise
|
|
131
131
|
# password instructions to it. If user is not found, returns a new user
|
132
132
|
# with an email not found error.
|
133
133
|
# Attributes must contain the user's email
|
134
|
-
def send_reset_password_instructions(attributes={})
|
134
|
+
def send_reset_password_instructions(attributes = {})
|
135
135
|
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
|
136
136
|
recoverable.send_reset_password_instructions if recoverable.persisted?
|
137
137
|
recoverable
|
@@ -142,7 +142,7 @@ module Devise
|
|
142
142
|
# try saving the record. If not user is found, returns a new user
|
143
143
|
# containing an error in reset_password_token attribute.
|
144
144
|
# Attributes must contain reset_password_token, password and confirmation
|
145
|
-
def reset_password_by_token(attributes={})
|
145
|
+
def reset_password_by_token(attributes = {})
|
146
146
|
original_token = attributes[:reset_password_token]
|
147
147
|
reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
|
148
148
|
|
data/lib/devise/rails/routes.rb
CHANGED
@@ -287,7 +287,7 @@ module ActionDispatch::Routing
|
|
287
287
|
# root to: "admin/dashboard#show", as: :user_root
|
288
288
|
# end
|
289
289
|
#
|
290
|
-
def authenticate(scope=nil, block=nil)
|
290
|
+
def authenticate(scope = nil, block = nil)
|
291
291
|
constraints_for(:authenticate!, scope, block) do
|
292
292
|
yield
|
293
293
|
end
|
@@ -311,7 +311,7 @@ module ActionDispatch::Routing
|
|
311
311
|
#
|
312
312
|
# root to: 'landing#show'
|
313
313
|
#
|
314
|
-
def authenticated(scope=nil, block=nil)
|
314
|
+
def authenticated(scope = nil, block = nil)
|
315
315
|
constraints_for(:authenticate?, scope, block) do
|
316
316
|
yield
|
317
317
|
end
|
@@ -328,7 +328,7 @@ module ActionDispatch::Routing
|
|
328
328
|
#
|
329
329
|
# root to: 'dashboard#show'
|
330
330
|
#
|
331
|
-
def unauthenticated(scope=nil)
|
331
|
+
def unauthenticated(scope = nil)
|
332
332
|
constraint = lambda do |request|
|
333
333
|
not request.env["warden"].authenticate? scope: scope
|
334
334
|
end
|
@@ -474,7 +474,7 @@ ERROR
|
|
474
474
|
@scope = current_scope
|
475
475
|
end
|
476
476
|
|
477
|
-
def constraints_for(method_to_apply, scope=nil, block=nil)
|
477
|
+
def constraints_for(method_to_apply, scope = nil, block = nil)
|
478
478
|
constraint = lambda do |request|
|
479
479
|
request.env['warden'].send(method_to_apply, scope: scope) &&
|
480
480
|
(block.nil? || block.call(request.env["warden"].user(scope)))
|
@@ -143,7 +143,7 @@ module Devise
|
|
143
143
|
@controller.response.headers.merge!(headers)
|
144
144
|
@controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5
|
145
145
|
@controller.status = status
|
146
|
-
@controller.
|
146
|
+
@controller.response_body = response.body
|
147
147
|
nil # causes process return @response
|
148
148
|
end
|
149
149
|
|
data/lib/devise/version.rb
CHANGED
@@ -13,7 +13,7 @@ module Devise
|
|
13
13
|
desc "Generates a model with the given NAME (if one does not exist) with devise " \
|
14
14
|
"configuration plus a migration file and devise routes."
|
15
15
|
|
16
|
-
hook_for :orm,
|
16
|
+
hook_for :orm, required: true
|
17
17
|
|
18
18
|
class_option :routes, desc: "Generate routes", type: :boolean, default: true
|
19
19
|
|
@@ -11,7 +11,7 @@ module Devise
|
|
11
11
|
source_root File.expand_path("../../templates", __FILE__)
|
12
12
|
|
13
13
|
desc "Creates a Devise initializer and copy locale files to your application."
|
14
|
-
class_option :orm
|
14
|
+
class_option :orm, required: true
|
15
15
|
|
16
16
|
def copy_initializer
|
17
17
|
unless options[:orm]
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.7.
|
4
|
+
version: 4.7.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- José Valim
|
8
8
|
- Carlos Antônio
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-09-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: warden
|
@@ -202,7 +202,7 @@ homepage: https://github.com/heartcombo/devise
|
|
202
202
|
licenses:
|
203
203
|
- MIT
|
204
204
|
metadata: {}
|
205
|
-
post_install_message:
|
205
|
+
post_install_message:
|
206
206
|
rdoc_options: []
|
207
207
|
require_paths:
|
208
208
|
- lib
|
@@ -218,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
218
218
|
version: '0'
|
219
219
|
requirements: []
|
220
220
|
rubygems_version: 3.0.3
|
221
|
-
signing_key:
|
221
|
+
signing_key:
|
222
222
|
specification_version: 4
|
223
223
|
summary: Flexible authentication solution for Rails with Warden
|
224
224
|
test_files: []
|