devise 4.7.3 → 4.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +49 -0
- data/MIT-LICENSE +1 -1
- data/README.md +48 -21
- data/app/controllers/devise/confirmations_controller.rb +1 -0
- data/app/controllers/devise/registrations_controller.rb +1 -1
- data/app/controllers/devise/sessions_controller.rb +1 -1
- data/app/controllers/devise/unlocks_controller.rb +1 -0
- data/app/controllers/devise_controller.rb +1 -0
- data/app/views/devise/registrations/edit.html.erb +1 -1
- data/app/views/devise/shared/_error_messages.html.erb +1 -1
- data/app/views/devise/shared/_links.html.erb +1 -1
- data/config/locales/en.yml +1 -1
- data/lib/devise/controllers/responder.rb +35 -0
- data/lib/devise/controllers/sign_in_out.rb +3 -1
- data/lib/devise/failure_app.rb +4 -2
- data/lib/devise/hooks/csrf_cleaner.rb +6 -1
- data/lib/devise/hooks/lockable.rb +2 -5
- data/lib/devise/models/authenticatable.rb +7 -3
- data/lib/devise/models/database_authenticatable.rb +2 -2
- data/lib/devise/models/lockable.rb +10 -2
- data/lib/devise/models/omniauthable.rb +2 -2
- data/lib/devise/models/recoverable.rb +1 -1
- data/lib/devise/models/rememberable.rb +1 -1
- data/lib/devise/models/timeoutable.rb +1 -1
- data/lib/devise/models/validatable.rb +1 -1
- data/lib/devise/omniauth.rb +2 -5
- data/lib/devise/rails/deprecated_constant_accessor.rb +39 -0
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +21 -3
- data/lib/generators/active_record/devise_generator.rb +17 -2
- data/lib/generators/templates/devise.rb +10 -8
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +1 -1
- metadata +18 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c54e76c5bfbf23d58daa91bd3e60678a2030b5c7feefab3962853fd594bcd058
|
4
|
+
data.tar.gz: c8ce7e4481ab51ff7a2590ee886f66ae918e5677284d3990b5ce2776c356793f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0ed7bba03dc2a9eeb7fa4e1a50023a23613e570be7e48a362bf9e017e191c060da75a9b0bbeab8aed80c76ea830f63dc66bb2e4ee72de4ed6b2a0f35a4d52291
|
7
|
+
data.tar.gz: f2a73bbbb78c00022906f244170c3ab88a8a8c695fc60c60d721f528bc48c87c92a23057b14d2c48713f1fe4b39a58a2598efcd3da96b0f828b69fb75f90d45b
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,52 @@
|
|
1
|
+
### Unreleased
|
2
|
+
|
3
|
+
|
4
|
+
### 4.9.0 - 2023-02-17
|
5
|
+
|
6
|
+
* enhancements
|
7
|
+
* Add support for Ruby 3.1/3.2.
|
8
|
+
* Add support for Hotwire + Turbo, default in Rails 7+.
|
9
|
+
* Devise uses the latest `responders` version (v3.1.0 or higher), which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` respectively, to match the behavior expected by Hotwire/Turbo:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
# config/initializers/devise.rb
|
13
|
+
Devise.setup do |config|
|
14
|
+
# ...
|
15
|
+
config.responder.error_status = :unprocessable_entity
|
16
|
+
config.responder.redirect_status = :see_other
|
17
|
+
# ...
|
18
|
+
end
|
19
|
+
```
|
20
|
+
|
21
|
+
These configs are already generated by default with new apps, and existing apps may opt-in as described above. Trying to set these with an older version of `responders` will issue a warning and have no effect, so please upgrade the `responders` version if you're upgrading Devise for this integration. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board.
|
22
|
+
* If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with `config.responder = MyApplicationResponder`, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the `responders` readme for more info on that.
|
23
|
+
* If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary.
|
24
|
+
* `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it.
|
25
|
+
* OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails-ujs to work. Since rails-ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails-ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled.
|
26
|
+
* The "Cancel my account" button was changed to include the `data-turbo-confirm` option, so that it works with both rails-ujs and Turbo by default.
|
27
|
+
* Devise does not provide "sign out" links/buttons in its shared views, but if you're using `sign_out_via` with `:delete` (the default), and are using links with `method: :delete`, those need to be updated with `data: { turbo_method: :delete }` instead for Turbo.
|
28
|
+
* Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more detailed information.
|
29
|
+
|
30
|
+
### 4.8.1 - 2021-12-16
|
31
|
+
|
32
|
+
* enhancements
|
33
|
+
* Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet.
|
34
|
+
|
35
|
+
### 4.8.0 - 2021-04-29
|
36
|
+
|
37
|
+
* enhancements
|
38
|
+
* Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements.
|
39
|
+
- Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.)
|
40
|
+
- As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info.
|
41
|
+
* Introduce `Lockable#reset_failed_attempts!` model method to reset failed attempts counter to 0 after the user signs in.
|
42
|
+
- This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with `Trackable#update_tracked_fields!`.
|
43
|
+
* Add support for Ruby 3.
|
44
|
+
* Add support for Rails 6.1.
|
45
|
+
* Move CI to GitHub Actions.
|
46
|
+
|
47
|
+
* deprecations
|
48
|
+
* `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin)
|
49
|
+
|
1
50
|
### 4.7.3 - 2020-09-20
|
2
51
|
|
3
52
|
* bug fixes
|
data/MIT-LICENSE
CHANGED
data/README.md
CHANGED
@@ -1,7 +1,4 @@
|
|
1
|
-
![Devise Logo](https://raw.github.com/heartcombo/devise/
|
2
|
-
|
3
|
-
[![Build Status](https://api.travis-ci.org/heartcombo/devise.svg?branch=master)](http://travis-ci.org/heartcombo/devise)
|
4
|
-
[![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise)
|
1
|
+
![Devise Logo](https://raw.github.com/heartcombo/devise/main/devise.png)
|
5
2
|
|
6
3
|
Devise is a flexible authentication solution for Rails based on Warden. It:
|
7
4
|
|
@@ -12,16 +9,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
|
|
12
9
|
|
13
10
|
It's composed of 10 modules:
|
14
11
|
|
15
|
-
* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/
|
16
|
-
* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/
|
17
|
-
* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/
|
18
|
-
* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/
|
19
|
-
* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/
|
20
|
-
* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/
|
21
|
-
* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/
|
22
|
-
* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/
|
23
|
-
* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/
|
24
|
-
* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/
|
12
|
+
* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
|
13
|
+
* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support.
|
14
|
+
* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
|
15
|
+
* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable): resets the user password and sends reset instructions.
|
16
|
+
* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
|
17
|
+
* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
|
18
|
+
* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
|
19
|
+
* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time.
|
20
|
+
* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
|
21
|
+
* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
|
25
22
|
|
26
23
|
## Table of Contents
|
27
24
|
|
@@ -92,7 +89,7 @@ https://groups.google.com/group/plataformatec-devise
|
|
92
89
|
|
93
90
|
You can view the Devise documentation in RDoc format here:
|
94
91
|
|
95
|
-
http://rubydoc.info/github/heartcombo/devise/
|
92
|
+
http://rubydoc.info/github/heartcombo/devise/main/frames
|
96
93
|
|
97
94
|
If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation.
|
98
95
|
|
@@ -118,7 +115,7 @@ You will usually want to write tests for your changes. To run the test suite, g
|
|
118
115
|
Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`.
|
119
116
|
|
120
117
|
### DEVISE_ORM
|
121
|
-
Since Devise
|
118
|
+
Since Devise supports both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM.
|
122
119
|
The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`:
|
123
120
|
```
|
124
121
|
DEVISE_ORM=mongoid bin/test
|
@@ -131,7 +128,7 @@ Please note that the command output will show the variable value being used.
|
|
131
128
|
|
132
129
|
### BUNDLE_GEMFILE
|
133
130
|
We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory).
|
134
|
-
Inside the [gemfiles](https://github.com/heartcombo/devise/tree/
|
131
|
+
Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable.
|
135
132
|
For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following:
|
136
133
|
```bash
|
137
134
|
rbenv shell 2.4.2 # or rvm use 2.4.2
|
@@ -459,7 +456,7 @@ Devise also ships with default routes. If you need to customize them, you should
|
|
459
456
|
devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
|
460
457
|
```
|
461
458
|
|
462
|
-
Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/
|
459
|
+
Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/main/ActionDispatch/Routing/Mapper%3Adevise_for) for details.
|
463
460
|
|
464
461
|
If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router:
|
465
462
|
|
@@ -477,6 +474,36 @@ Please note: You will still need to add `devise_for` in your routes in order to
|
|
477
474
|
devise_for :users, skip: :all
|
478
475
|
```
|
479
476
|
|
477
|
+
### Hotwire/Turbo
|
478
|
+
|
479
|
+
Devise integrates with Hotwire/Turbo by treating such requests as navigational, and configuring certain responses for errors and redirects to match the expected behavior. New apps are generated with the following response configuration by default, and existing apps may opt-in by adding the config to their Devise initializers:
|
480
|
+
|
481
|
+
```ruby
|
482
|
+
Devise.setup do |config|
|
483
|
+
# ...
|
484
|
+
# When using Devise with Hotwire/Turbo, the http status for error responses
|
485
|
+
# and some redirects must match the following. The default in Devise for existing
|
486
|
+
# apps is `200 OK` and `302 Found respectively`, but new apps are generated with
|
487
|
+
# these new defaults that match Hotwire/Turbo behavior.
|
488
|
+
# Note: These might become the new default in future versions of Devise.
|
489
|
+
config.responder.error_status = :unprocessable_entity
|
490
|
+
config.responder.redirect_status = :see_other
|
491
|
+
end
|
492
|
+
```
|
493
|
+
|
494
|
+
**Important**: these custom responses require the `responders` gem version to be `3.1.0` or higher, please make sure you update it if you're going to use this configuration. Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more info.
|
495
|
+
|
496
|
+
_Note_: the above statuses configuration may become the default for Devise in a future release.
|
497
|
+
|
498
|
+
There are a couple other changes you might need to make in your app to work with Hotwire/Turbo, if you're migrating from rails-ujs:
|
499
|
+
|
500
|
+
* The `data-confirm` option that adds a confirmation modal to buttons/forms before submission needs to change to `data-turbo-confirm`, so that Turbo handles those appropriately.
|
501
|
+
* The `data-method` option that sets the request method for link submissions needs to change to `data-turbo-method`. This is not necessary for `button_to` or `form`s since Turbo can handle those.
|
502
|
+
|
503
|
+
If you're setting up Devise to sign out via `:delete`, and you're using links (instead of buttons wrapped in a form) to sign out with the `method: :delete` option, they will need to be updated as described above. (Devise does not provide sign out links/buttons in its shared views.)
|
504
|
+
|
505
|
+
Make sure to inspect your views looking for those, and change appropriately.
|
506
|
+
|
480
507
|
### I18n
|
481
508
|
|
482
509
|
Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file:
|
@@ -680,12 +707,12 @@ end
|
|
680
707
|
|
681
708
|
### Password reset tokens and Rails logs
|
682
709
|
|
683
|
-
If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/
|
710
|
+
If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files:
|
684
711
|
|
685
712
|
1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked.
|
686
713
|
2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked.
|
687
714
|
|
688
|
-
Rails sets the production logger level to
|
715
|
+
Rails sets the production logger level to INFO by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`:
|
689
716
|
|
690
717
|
```ruby
|
691
718
|
config.log_level = :warn
|
@@ -740,6 +767,6 @@ https://github.com/heartcombo/devise/graphs/contributors
|
|
740
767
|
|
741
768
|
## License
|
742
769
|
|
743
|
-
MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
|
770
|
+
MIT License. Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
|
744
771
|
|
745
772
|
The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/).
|
@@ -27,6 +27,7 @@ class Devise::ConfirmationsController < DeviseController
|
|
27
27
|
set_flash_message!(:notice, :confirmed)
|
28
28
|
respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
|
29
29
|
else
|
30
|
+
# TODO: use `error_status` when the default changes to `:unprocessable_entity`.
|
30
31
|
respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
|
31
32
|
end
|
32
33
|
end
|
@@ -67,7 +67,7 @@ class Devise::RegistrationsController < DeviseController
|
|
67
67
|
Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
|
68
68
|
set_flash_message! :notice, :destroyed
|
69
69
|
yield resource if block_given?
|
70
|
-
respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
|
70
|
+
respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status }
|
71
71
|
end
|
72
72
|
|
73
73
|
# GET /resource/cancel
|
@@ -77,7 +77,7 @@ class Devise::SessionsController < DeviseController
|
|
77
77
|
# support returning empty response on GET request
|
78
78
|
respond_to do |format|
|
79
79
|
format.all { head :no_content }
|
80
|
-
format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) }
|
80
|
+
format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status }
|
81
81
|
end
|
82
82
|
end
|
83
83
|
end
|
@@ -29,6 +29,7 @@ class Devise::UnlocksController < DeviseController
|
|
29
29
|
set_flash_message! :notice, :unlocked
|
30
30
|
respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
|
31
31
|
else
|
32
|
+
# TODO: use `error_status` when the default changes to `:unprocessable_entity`.
|
32
33
|
respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
|
33
34
|
end
|
34
35
|
end
|
@@ -15,6 +15,7 @@ class DeviseController < Devise.parent_controller.constantize
|
|
15
15
|
end
|
16
16
|
|
17
17
|
prepend_before_action :assert_is_devise_resource!
|
18
|
+
self.responder = Devise.responder
|
18
19
|
respond_to :html if mimes_for_respond_to.empty?
|
19
20
|
|
20
21
|
# Override prefixes to consider the scoped view.
|
@@ -38,6 +38,6 @@
|
|
38
38
|
|
39
39
|
<h3>Cancel my account</h3>
|
40
40
|
|
41
|
-
<
|
41
|
+
<div>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %></div>
|
42
42
|
|
43
43
|
<%= link_to "Back", :back %>
|
@@ -20,6 +20,6 @@
|
|
20
20
|
|
21
21
|
<%- if devise_mapping.omniauthable? %>
|
22
22
|
<%- resource_class.omniauth_providers.each do |provider| %>
|
23
|
-
<%=
|
23
|
+
<%= button_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), data: { turbo: false } %><br />
|
24
24
|
<% end %>
|
25
25
|
<% end %>
|
data/config/locales/en.yml
CHANGED
@@ -44,7 +44,7 @@ en:
|
|
44
44
|
signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
|
45
45
|
update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address."
|
46
46
|
updated: "Your account has been updated successfully."
|
47
|
-
updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again"
|
47
|
+
updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again."
|
48
48
|
sessions:
|
49
49
|
signed_in: "Signed in successfully."
|
50
50
|
signed_out: "Signed out successfully."
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Devise
|
4
|
+
module Controllers
|
5
|
+
# Custom Responder to configure default statuses that only apply to Devise,
|
6
|
+
# and allow to integrate more easily with Hotwire/Turbo.
|
7
|
+
class Responder < ActionController::Responder
|
8
|
+
if respond_to?(:error_status=) && respond_to?(:redirect_status=)
|
9
|
+
self.error_status = :ok
|
10
|
+
self.redirect_status = :found
|
11
|
+
else
|
12
|
+
# TODO: remove this support for older Rails versions, which aren't supported by Turbo
|
13
|
+
# and/or responders. It won't allow configuring a custom response, but it allows Devise
|
14
|
+
# to use these methods and defaults across the implementation more easily.
|
15
|
+
def self.error_status
|
16
|
+
:ok
|
17
|
+
end
|
18
|
+
|
19
|
+
def self.redirect_status
|
20
|
+
:found
|
21
|
+
end
|
22
|
+
|
23
|
+
def self.error_status=(*)
|
24
|
+
warn "[DEVISE] Setting the error status on the Devise responder has no effect with this " \
|
25
|
+
"version of `responders`, please make sure you're using a newer version. Check the changelog for more info."
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.redirect_status=(*)
|
29
|
+
warn "[DEVISE] Setting the redirect status on the Devise responder has no effect with this " \
|
30
|
+
"version of `responders`, please make sure you're using a newer version. Check the changelog for more info."
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -21,7 +21,7 @@ module Devise
|
|
21
21
|
# to the set_user method in warden.
|
22
22
|
# If you are using a custom warden strategy and the timeoutable module, you have to
|
23
23
|
# set `env["devise.skip_timeout"] = true` in the request to use this method, like we do
|
24
|
-
# in the sessions controller: https://github.com/heartcombo/devise/blob/
|
24
|
+
# in the sessions controller: https://github.com/heartcombo/devise/blob/main/app/controllers/devise/sessions_controller.rb#L7
|
25
25
|
#
|
26
26
|
# Examples:
|
27
27
|
#
|
@@ -106,10 +106,12 @@ module Devise
|
|
106
106
|
private
|
107
107
|
|
108
108
|
def expire_data_after_sign_in!
|
109
|
+
# TODO: remove once Rails 5.2+ and forward are only supported.
|
109
110
|
# session.keys will return an empty array if the session is not yet loaded.
|
110
111
|
# This is a bug in both Rack and Rails.
|
111
112
|
# A call to #empty? forces the session to be loaded.
|
112
113
|
session.empty?
|
114
|
+
|
113
115
|
session.keys.grep(/^devise\./).each { |k| session.delete(k) }
|
114
116
|
end
|
115
117
|
|
data/lib/devise/failure_app.rb
CHANGED
@@ -71,7 +71,9 @@ module Devise
|
|
71
71
|
end
|
72
72
|
|
73
73
|
flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
|
74
|
-
self.response = recall_app(warden_options[:recall]).call(request.env)
|
74
|
+
self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response|
|
75
|
+
response[0] = Rack::Utils.status_code(Devise.responder.error_status)
|
76
|
+
}
|
75
77
|
end
|
76
78
|
|
77
79
|
def redirect
|
@@ -167,7 +169,7 @@ module Devise
|
|
167
169
|
end
|
168
170
|
|
169
171
|
def skip_format?
|
170
|
-
%w(html */*).include? request_format.to_s
|
172
|
+
%w(html */* turbo_stream).include? request_format.to_s
|
171
173
|
end
|
172
174
|
|
173
175
|
# Choose whether we should respond in an HTTP authentication fashion,
|
@@ -4,6 +4,11 @@ Warden::Manager.after_authentication do |record, warden, options|
|
|
4
4
|
clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) ||
|
5
5
|
warden.winning_strategy.clean_up_csrf?
|
6
6
|
if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy
|
7
|
-
warden.request.
|
7
|
+
if warden.request.respond_to?(:reset_csrf_token)
|
8
|
+
# Rails 7.1+
|
9
|
+
warden.request.reset_csrf_token
|
10
|
+
else
|
11
|
+
warden.request.session.try(:delete, :_csrf_token)
|
12
|
+
end
|
8
13
|
end
|
9
14
|
end
|
@@ -3,10 +3,7 @@
|
|
3
3
|
# After each sign in, if resource responds to failed_attempts, sets it to 0
|
4
4
|
# This is only triggered when the user is explicitly set (with set_user)
|
5
5
|
Warden::Manager.after_set_user except: :fetch do |record, warden, options|
|
6
|
-
if record.respond_to?(:
|
7
|
-
|
8
|
-
record.failed_attempts = 0
|
9
|
-
record.save(validate: false)
|
10
|
-
end
|
6
|
+
if record.respond_to?(:reset_failed_attempts!) && warden.authenticated?(options[:scope])
|
7
|
+
record.reset_failed_attempts!
|
11
8
|
end
|
12
9
|
end
|
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require 'devise/hooks/activatable'
|
4
4
|
require 'devise/hooks/csrf_cleaner'
|
5
|
+
require 'devise/rails/deprecated_constant_accessor'
|
5
6
|
|
6
7
|
module Devise
|
7
8
|
module Models
|
@@ -9,7 +10,7 @@ module Devise
|
|
9
10
|
#
|
10
11
|
# == Options
|
11
12
|
#
|
12
|
-
# Authenticatable adds the following options to
|
13
|
+
# Authenticatable adds the following options to +devise+:
|
13
14
|
#
|
14
15
|
# * +authentication_keys+: parameters used for authentication. By default [:email].
|
15
16
|
#
|
@@ -55,11 +56,14 @@ module Devise
|
|
55
56
|
module Authenticatable
|
56
57
|
extend ActiveSupport::Concern
|
57
58
|
|
58
|
-
|
59
|
+
UNSAFE_ATTRIBUTES_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at,
|
59
60
|
:remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip,
|
60
61
|
:last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at,
|
61
62
|
:remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at]
|
62
63
|
|
64
|
+
include Devise::DeprecatedConstantAccessor
|
65
|
+
deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION"
|
66
|
+
|
63
67
|
included do
|
64
68
|
class_attribute :devise_modules, instance_writer: false
|
65
69
|
self.devise_modules ||= []
|
@@ -109,7 +113,7 @@ module Devise
|
|
109
113
|
if options[:force_except]
|
110
114
|
options[:except].concat Array(options[:force_except])
|
111
115
|
else
|
112
|
-
options[:except].concat
|
116
|
+
options[:except].concat UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
|
113
117
|
end
|
114
118
|
|
115
119
|
super(options)
|
@@ -13,7 +13,7 @@ module Devise
|
|
13
13
|
#
|
14
14
|
# == Options
|
15
15
|
#
|
16
|
-
# DatabaseAuthenticatable adds the following options to
|
16
|
+
# DatabaseAuthenticatable adds the following options to +devise+:
|
17
17
|
#
|
18
18
|
# * +pepper+: a random string used to provide a more secure hash. Use
|
19
19
|
# `rails secret` to generate new keys.
|
@@ -42,7 +42,7 @@ module Devise
|
|
42
42
|
def initialize(*args, &block)
|
43
43
|
@skip_email_changed_notification = false
|
44
44
|
@skip_password_change_notification = false
|
45
|
-
super
|
45
|
+
super
|
46
46
|
end
|
47
47
|
|
48
48
|
# Skips sending the email changed notification after_update
|
@@ -18,7 +18,7 @@ module Devise
|
|
18
18
|
# * +maximum_attempts+: how many attempts should be accepted before blocking the user.
|
19
19
|
# * +lock_strategy+: lock the user account by :failed_attempts or :none.
|
20
20
|
# * +unlock_strategy+: unlock the user account by :time, :email, :both or :none.
|
21
|
-
# * +unlock_in+: the time you want to
|
21
|
+
# * +unlock_in+: the time you want to unlock the user after lock happens. Only available when unlock_strategy is :time or :both.
|
22
22
|
# * +unlock_keys+: the keys you want to use when locking and unlocking an account
|
23
23
|
#
|
24
24
|
module Lockable
|
@@ -57,6 +57,14 @@ module Devise
|
|
57
57
|
save(validate: false)
|
58
58
|
end
|
59
59
|
|
60
|
+
# Resets failed attempts counter to 0.
|
61
|
+
def reset_failed_attempts!
|
62
|
+
if respond_to?(:failed_attempts) && !failed_attempts.to_i.zero?
|
63
|
+
self.failed_attempts = 0
|
64
|
+
save(validate: false)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
60
68
|
# Verifies whether a user is locked or not.
|
61
69
|
def access_locked?
|
62
70
|
!!locked_at && !lock_expired?
|
@@ -110,7 +118,7 @@ module Devise
|
|
110
118
|
false
|
111
119
|
end
|
112
120
|
end
|
113
|
-
|
121
|
+
|
114
122
|
def increment_failed_attempts
|
115
123
|
self.class.increment_counter(:failed_attempts, id)
|
116
124
|
reload
|
@@ -8,11 +8,11 @@ module Devise
|
|
8
8
|
#
|
9
9
|
# == Options
|
10
10
|
#
|
11
|
-
# Oauthable adds the following options to
|
11
|
+
# Oauthable adds the following options to +devise+:
|
12
12
|
#
|
13
13
|
# * +omniauth_providers+: Which providers are available to this model. It expects an array:
|
14
14
|
#
|
15
|
-
#
|
15
|
+
# devise :database_authenticatable, :omniauthable, omniauth_providers: [:twitter]
|
16
16
|
#
|
17
17
|
module Omniauthable
|
18
18
|
extend ActiveSupport::Concern
|
@@ -7,7 +7,7 @@ module Devise
|
|
7
7
|
#
|
8
8
|
# ==Options
|
9
9
|
#
|
10
|
-
# Recoverable adds the following options to
|
10
|
+
# Recoverable adds the following options to +devise+:
|
11
11
|
#
|
12
12
|
# * +reset_password_keys+: the keys you want to use when recovering the password for an account
|
13
13
|
# * +reset_password_within+: the time period within which the password must be reset or the token expires.
|
@@ -15,7 +15,7 @@ module Devise
|
|
15
15
|
#
|
16
16
|
# == Options
|
17
17
|
#
|
18
|
-
# Rememberable adds the following options
|
18
|
+
# Rememberable adds the following options to +devise+:
|
19
19
|
#
|
20
20
|
# * +remember_for+: the time you want the user will be remembered without
|
21
21
|
# asking for credentials. After this time the user will be blocked and
|
@@ -9,7 +9,7 @@ module Devise
|
|
9
9
|
#
|
10
10
|
# == Options
|
11
11
|
#
|
12
|
-
# Validatable adds the following options to
|
12
|
+
# Validatable adds the following options to +devise+:
|
13
13
|
#
|
14
14
|
# * +email_regexp+: the regular expression used to validate e-mails;
|
15
15
|
# * +password_length+: a range expressing password length. Defaults to 6..128.
|
data/lib/devise/omniauth.rb
CHANGED
@@ -1,17 +1,14 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
begin
|
4
|
+
gem "omniauth", ">= 1.0.0"
|
5
|
+
|
4
6
|
require "omniauth"
|
5
|
-
require "omniauth/version"
|
6
7
|
rescue LoadError
|
7
8
|
warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
|
8
9
|
raise
|
9
10
|
end
|
10
11
|
|
11
|
-
unless OmniAuth::VERSION =~ /^1\./
|
12
|
-
raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
|
13
|
-
end
|
14
|
-
|
15
12
|
# Clean up the default path_prefix. It will be automatically set by Devise.
|
16
13
|
OmniAuth.config.path_prefix = nil
|
17
14
|
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
begin
|
4
|
+
require 'active_support/deprecation/constant_accessor'
|
5
|
+
|
6
|
+
module Devise
|
7
|
+
DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc:
|
8
|
+
end
|
9
|
+
rescue LoadError
|
10
|
+
|
11
|
+
# Copy of constant deprecation module from Rails / Active Support version 6, so we can use it
|
12
|
+
# with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater.
|
13
|
+
module Devise
|
14
|
+
module DeprecatedConstantAccessor #:nodoc:
|
15
|
+
def self.included(base)
|
16
|
+
require "active_support/inflector/methods"
|
17
|
+
|
18
|
+
extension = Module.new do
|
19
|
+
def const_missing(missing_const_name)
|
20
|
+
if class_variable_defined?(:@@_deprecated_constants)
|
21
|
+
if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s])
|
22
|
+
replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations)
|
23
|
+
return ActiveSupport::Inflector.constantize(replacement[:new].to_s)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
super
|
27
|
+
end
|
28
|
+
|
29
|
+
def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance)
|
30
|
+
class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
|
31
|
+
class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
|
32
|
+
end
|
33
|
+
end
|
34
|
+
base.singleton_class.prepend extension
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
data/lib/devise/version.rb
CHANGED
data/lib/devise.rb
CHANGED
@@ -23,6 +23,7 @@ module Devise
|
|
23
23
|
module Controllers
|
24
24
|
autoload :Helpers, 'devise/controllers/helpers'
|
25
25
|
autoload :Rememberable, 'devise/controllers/rememberable'
|
26
|
+
autoload :Responder, 'devise/controllers/responder'
|
26
27
|
autoload :ScopedViews, 'devise/controllers/scoped_views'
|
27
28
|
autoload :SignInOut, 'devise/controllers/sign_in_out'
|
28
29
|
autoload :StoreLocation, 'devise/controllers/store_location'
|
@@ -217,7 +218,16 @@ module Devise
|
|
217
218
|
|
218
219
|
# Which formats should be treated as navigational.
|
219
220
|
mattr_accessor :navigational_formats
|
220
|
-
@@navigational_formats = ["*/*", :html]
|
221
|
+
@@navigational_formats = ["*/*", :html, :turbo_stream]
|
222
|
+
|
223
|
+
# The default responder used by Devise, used to customize status codes with:
|
224
|
+
#
|
225
|
+
# `config.responder.error_status`
|
226
|
+
# `config.responder.redirect_status`
|
227
|
+
#
|
228
|
+
# Can be replaced by a custom application responder.
|
229
|
+
mattr_accessor :responder
|
230
|
+
@@responder = Devise::Controllers::Responder
|
221
231
|
|
222
232
|
# When set to true, signing out a user signs out all other scopes.
|
223
233
|
mattr_accessor :sign_out_all_scopes
|
@@ -313,12 +323,20 @@ module Devise
|
|
313
323
|
end
|
314
324
|
|
315
325
|
def get
|
316
|
-
|
326
|
+
# TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
|
327
|
+
if ActiveSupport::Dependencies.respond_to?(:constantize)
|
328
|
+
ActiveSupport::Dependencies.constantize(@name)
|
329
|
+
else
|
330
|
+
@name.constantize
|
331
|
+
end
|
317
332
|
end
|
318
333
|
end
|
319
334
|
|
320
335
|
def self.ref(arg)
|
321
|
-
|
336
|
+
# TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
|
337
|
+
if ActiveSupport::Dependencies.respond_to?(:reference)
|
338
|
+
ActiveSupport::Dependencies.reference(arg)
|
339
|
+
end
|
322
340
|
Getter.new(arg)
|
323
341
|
end
|
324
342
|
|
@@ -86,9 +86,24 @@ RUBY
|
|
86
86
|
Rails::VERSION::MAJOR >= 5
|
87
87
|
end
|
88
88
|
|
89
|
+
def rails61_and_up?
|
90
|
+
Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1)
|
91
|
+
end
|
92
|
+
|
89
93
|
def postgresql?
|
90
|
-
|
91
|
-
|
94
|
+
ar_config && ar_config['adapter'] == 'postgresql'
|
95
|
+
end
|
96
|
+
|
97
|
+
def ar_config
|
98
|
+
if ActiveRecord::Base.configurations.respond_to?(:configs_for)
|
99
|
+
if rails61_and_up?
|
100
|
+
ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: "primary").configuration_hash
|
101
|
+
else
|
102
|
+
ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, spec_name: "primary").config
|
103
|
+
end
|
104
|
+
else
|
105
|
+
ActiveRecord::Base.configurations[Rails.env]
|
106
|
+
end
|
92
107
|
end
|
93
108
|
|
94
109
|
def migration_version
|
@@ -256,14 +256,14 @@ Devise.setup do |config|
|
|
256
256
|
|
257
257
|
# ==> Navigation configuration
|
258
258
|
# Lists the formats that should be treated as navigational. Formats like
|
259
|
-
# :html
|
259
|
+
# :html should redirect to the sign in page when the user does not have
|
260
260
|
# access, but formats like :xml or :json, should return 401.
|
261
261
|
#
|
262
262
|
# If you have any extra navigational formats, like :iphone or :mobile, you
|
263
263
|
# should add them to the navigational formats lists.
|
264
264
|
#
|
265
265
|
# The "*/*" below is required to match Internet Explorer requests.
|
266
|
-
# config.navigational_formats = ['*/*', :html]
|
266
|
+
# config.navigational_formats = ['*/*', :html, :turbo_stream]
|
267
267
|
|
268
268
|
# The default HTTP method used to sign out a resource. Default is :delete.
|
269
269
|
config.sign_out_via = :delete
|
@@ -296,12 +296,14 @@ Devise.setup do |config|
|
|
296
296
|
# so you need to do it manually. For the users scope, it would be:
|
297
297
|
# config.omniauth_path_prefix = '/my_engine/users/auth'
|
298
298
|
|
299
|
-
# ==>
|
300
|
-
#
|
301
|
-
#
|
302
|
-
#
|
303
|
-
#
|
304
|
-
#
|
299
|
+
# ==> Hotwire/Turbo configuration
|
300
|
+
# When using Devise with Hotwire/Turbo, the http status for error responses
|
301
|
+
# and some redirects must match the following. The default in Devise for existing
|
302
|
+
# apps is `200 OK` and `302 Found respectively`, but new apps are generated with
|
303
|
+
# these new defaults that match Hotwire/Turbo behavior.
|
304
|
+
# Note: These might become the new default in future versions of Devise.
|
305
|
+
config.responder.error_status = :unprocessable_entity
|
306
|
+
config.responder.redirect_status = :see_other
|
305
307
|
|
306
308
|
# ==> Configuration for :registerable
|
307
309
|
|
@@ -30,6 +30,6 @@
|
|
30
30
|
|
31
31
|
<h3>Cancel my account</h3>
|
32
32
|
|
33
|
-
<
|
33
|
+
<div>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %></div>
|
34
34
|
|
35
35
|
<%= link_to "Back", :back %>
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- José Valim
|
8
8
|
- Carlos Antônio
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2023-02-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: warden
|
@@ -117,6 +117,7 @@ files:
|
|
117
117
|
- lib/devise.rb
|
118
118
|
- lib/devise/controllers/helpers.rb
|
119
119
|
- lib/devise/controllers/rememberable.rb
|
120
|
+
- lib/devise/controllers/responder.rb
|
120
121
|
- lib/devise/controllers/scoped_views.rb
|
121
122
|
- lib/devise/controllers/sign_in_out.rb
|
122
123
|
- lib/devise/controllers/store_location.rb
|
@@ -155,6 +156,7 @@ files:
|
|
155
156
|
- lib/devise/parameter_filter.rb
|
156
157
|
- lib/devise/parameter_sanitizer.rb
|
157
158
|
- lib/devise/rails.rb
|
159
|
+
- lib/devise/rails/deprecated_constant_accessor.rb
|
158
160
|
- lib/devise/rails/routes.rb
|
159
161
|
- lib/devise/rails/warden_compat.rb
|
160
162
|
- lib/devise/secret_key_finder.rb
|
@@ -201,8 +203,17 @@ files:
|
|
201
203
|
homepage: https://github.com/heartcombo/devise
|
202
204
|
licenses:
|
203
205
|
- MIT
|
204
|
-
metadata:
|
205
|
-
|
206
|
+
metadata:
|
207
|
+
homepage_uri: https://github.com/heartcombo/devise
|
208
|
+
documentation_uri: https://rubydoc.info/github/heartcombo/devise
|
209
|
+
changelog_uri: https://github.com/heartcombo/devise/blob/main/CHANGELOG.md
|
210
|
+
source_code_uri: https://github.com/heartcombo/devise
|
211
|
+
bug_tracker_uri: https://github.com/heartcombo/devise/issues
|
212
|
+
wiki_uri: https://github.com/heartcombo/devise/wiki
|
213
|
+
post_install_message: "\n[DEVISE] Please review the [changelog] and [upgrade guide]
|
214
|
+
for more info on Hotwire / Turbo integration.\n\n [changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md\n
|
215
|
+
\ [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D\n
|
216
|
+
\ "
|
206
217
|
rdoc_options: []
|
207
218
|
require_paths:
|
208
219
|
- lib
|
@@ -217,8 +228,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
217
228
|
- !ruby/object:Gem::Version
|
218
229
|
version: '0'
|
219
230
|
requirements: []
|
220
|
-
rubygems_version: 3.
|
221
|
-
signing_key:
|
231
|
+
rubygems_version: 3.4.5
|
232
|
+
signing_key:
|
222
233
|
specification_version: 4
|
223
234
|
summary: Flexible authentication solution for Rails with Warden
|
224
235
|
test_files: []
|