devise 4.9.0 → 4.9.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/README.md +3 -3
- data/app/controllers/devise/passwords_controller.rb +2 -2
- data/lib/devise/failure_app.rb +3 -1
- data/lib/devise/models/confirmable.rb +16 -37
- data/lib/devise/models/database_authenticatable.rb +7 -26
- data/lib/devise/models/recoverable.rb +5 -16
- data/lib/devise/models/validatable.rb +3 -8
- data/lib/devise/models.rb +1 -0
- data/lib/devise/orm.rb +71 -0
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +9 -4
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7640b97ddd188a63e29076d8d94b0a4ebaecc23aad53b8e608b4b1d029818570
|
4
|
+
data.tar.gz: 7e8b512895f0fd73e307bebe494ea3d7d0bd9ecd562b917016b1f7f56d483d2c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b7cd4534d2abb7ba16353d4f41ea63ed0334eccf68c1357dc37c68b51ad90f1a9cb8544e8f90c2249b2067bdfd0b6c19d245562a1eecef2291ea8705143878ec
|
7
|
+
data.tar.gz: f9bc9ea3a1dfdf86ab79dc47839c79b07fd5613dddfb40022fa508729dded4971dd30055f6f8b901c6a9182513414750825064db278d7865ae7a4576513c08f7
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,18 @@
|
|
1
1
|
### Unreleased
|
2
2
|
|
3
|
+
* deprecations
|
4
|
+
* Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it.
|
5
|
+
|
6
|
+
### 4.9.1 - 2023-03-31
|
7
|
+
|
8
|
+
* enhancements
|
9
|
+
* Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr)
|
10
|
+
* Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575)
|
11
|
+
* Improve support for Devise in apps with Active Record and Mongoid ORMs loaded, so it does not incorrectly uses new Active Record dirty tracking APIs with a Mongoid Devise model. [#5576](https://github.com/heartcombo/devise/pull/5576)
|
12
|
+
|
13
|
+
* bug fixes
|
14
|
+
* Failure app will respond with configured `redirect_status` instead of `error_status` if the recall app returns a redirect status (300..399) [#5573](https://github.com/heartcombo/devise/pull/5573)
|
15
|
+
* Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier)
|
3
16
|
|
4
17
|
### 4.9.0 - 2023-02-17
|
5
18
|
|
data/README.md
CHANGED
@@ -382,7 +382,7 @@ $ rails generate devise:views users
|
|
382
382
|
```
|
383
383
|
|
384
384
|
If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module,
|
385
|
-
you can pass a list of
|
385
|
+
you can pass a list of views to the generator with the `-v` flag.
|
386
386
|
|
387
387
|
```console
|
388
388
|
$ rails generate devise:views -v registrations confirmations
|
@@ -410,7 +410,7 @@ If the customization at the views level is not enough, you can customize each co
|
|
410
410
|
...
|
411
411
|
end
|
412
412
|
```
|
413
|
-
|
413
|
+
Use the `-c` flag to specify one or more controllers, for example: `rails generate devise:controllers users -c sessions`)
|
414
414
|
|
415
415
|
2. Tell the router to use this controller:
|
416
416
|
|
@@ -418,7 +418,7 @@ If the customization at the views level is not enough, you can customize each co
|
|
418
418
|
devise_for :users, controllers: { sessions: 'users/sessions' }
|
419
419
|
```
|
420
420
|
|
421
|
-
3.
|
421
|
+
3. Recommended but not required: copy (or move) the views from `devise/sessions` to `users/sessions`. Rails will continue using the views from `devise/sessions` due to inheritance if you skip this step, but having the views matching the controller(s) keeps things consistent.
|
422
422
|
|
423
423
|
4. Finally, change or extend the desired controller actions.
|
424
424
|
|
@@ -36,7 +36,7 @@ class Devise::PasswordsController < DeviseController
|
|
36
36
|
|
37
37
|
if resource.errors.empty?
|
38
38
|
resource.unlock_access! if unlockable?(resource)
|
39
|
-
if
|
39
|
+
if resource_class.sign_in_after_reset_password
|
40
40
|
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
41
41
|
set_flash_message!(:notice, flash_message)
|
42
42
|
resource.after_database_authentication
|
@@ -53,7 +53,7 @@ class Devise::PasswordsController < DeviseController
|
|
53
53
|
|
54
54
|
protected
|
55
55
|
def after_resetting_password_path_for(resource)
|
56
|
-
|
56
|
+
resource_class.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name)
|
57
57
|
end
|
58
58
|
|
59
59
|
# The path used after sending reset password instructions
|
data/lib/devise/failure_app.rb
CHANGED
@@ -72,7 +72,9 @@ module Devise
|
|
72
72
|
|
73
73
|
flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
|
74
74
|
self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response|
|
75
|
-
response[0] = Rack::Utils.status_code(
|
75
|
+
response[0] = Rack::Utils.status_code(
|
76
|
+
response[0].in?(300..399) ? Devise.responder.redirect_status : Devise.responder.error_status
|
77
|
+
)
|
76
78
|
}
|
77
79
|
end
|
78
80
|
|
@@ -48,7 +48,7 @@ module Devise
|
|
48
48
|
included do
|
49
49
|
before_create :generate_confirmation_token, if: :confirmation_required?
|
50
50
|
after_create :skip_reconfirmation_in_callback!, if: :send_confirmation_notification?
|
51
|
-
if
|
51
|
+
if Devise::Orm.active_record?(self) # ActiveRecord
|
52
52
|
after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification?
|
53
53
|
after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required?
|
54
54
|
else # Mongoid
|
@@ -258,44 +258,23 @@ module Devise
|
|
258
258
|
generate_confirmation_token && save(validate: false)
|
259
259
|
end
|
260
260
|
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
end
|
269
|
-
else
|
270
|
-
def postpone_email_change_until_confirmation_and_regenerate_confirmation_token
|
271
|
-
@reconfirmation_required = true
|
272
|
-
self.unconfirmed_email = self.email
|
273
|
-
self.email = self.email_was
|
274
|
-
self.confirmation_token = nil
|
275
|
-
generate_confirmation_token
|
276
|
-
end
|
261
|
+
|
262
|
+
def postpone_email_change_until_confirmation_and_regenerate_confirmation_token
|
263
|
+
@reconfirmation_required = true
|
264
|
+
self.unconfirmed_email = self.email
|
265
|
+
self.email = self.devise_email_in_database
|
266
|
+
self.confirmation_token = nil
|
267
|
+
generate_confirmation_token
|
277
268
|
end
|
278
269
|
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
postpone
|
288
|
-
end
|
289
|
-
else
|
290
|
-
def postpone_email_change?
|
291
|
-
postpone = self.class.reconfirmable &&
|
292
|
-
email_changed? &&
|
293
|
-
!@bypass_confirmation_postpone &&
|
294
|
-
self.email.present? &&
|
295
|
-
(!@skip_reconfirmation_in_callback || !self.email_was.nil?)
|
296
|
-
@bypass_confirmation_postpone = false
|
297
|
-
postpone
|
298
|
-
end
|
270
|
+
def postpone_email_change?
|
271
|
+
postpone = self.class.reconfirmable &&
|
272
|
+
devise_will_save_change_to_email? &&
|
273
|
+
!@bypass_confirmation_postpone &&
|
274
|
+
self.email.present? &&
|
275
|
+
(!@skip_reconfirmation_in_callback || !self.devise_email_in_database.nil?)
|
276
|
+
@bypass_confirmation_postpone = false
|
277
|
+
postpone
|
299
278
|
end
|
300
279
|
|
301
280
|
def reconfirmation_required?
|
@@ -177,16 +177,9 @@ module Devise
|
|
177
177
|
encrypted_password[0,29] if encrypted_password
|
178
178
|
end
|
179
179
|
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
send_devise_notification(:email_changed, to: email_before_last_save)
|
184
|
-
end
|
185
|
-
else
|
186
|
-
# Send notification to user when email changes.
|
187
|
-
def send_email_changed_notification
|
188
|
-
send_devise_notification(:email_changed, to: email_was)
|
189
|
-
end
|
180
|
+
# Send notification to user when email changes.
|
181
|
+
def send_email_changed_notification
|
182
|
+
send_devise_notification(:email_changed, to: devise_email_before_last_save)
|
190
183
|
end
|
191
184
|
|
192
185
|
# Send notification to user when password changes.
|
@@ -205,24 +198,12 @@ module Devise
|
|
205
198
|
Devise::Encryptor.digest(self.class, password)
|
206
199
|
end
|
207
200
|
|
208
|
-
|
209
|
-
|
210
|
-
self.class.send_email_changed_notification && saved_change_to_email? && !@skip_email_changed_notification
|
211
|
-
end
|
212
|
-
else
|
213
|
-
def send_email_changed_notification?
|
214
|
-
self.class.send_email_changed_notification && email_changed? && !@skip_email_changed_notification
|
215
|
-
end
|
201
|
+
def send_email_changed_notification?
|
202
|
+
self.class.send_email_changed_notification && devise_saved_change_to_email? && !@skip_email_changed_notification
|
216
203
|
end
|
217
204
|
|
218
|
-
|
219
|
-
|
220
|
-
self.class.send_password_change_notification && saved_change_to_encrypted_password? && !@skip_password_change_notification
|
221
|
-
end
|
222
|
-
else
|
223
|
-
def send_password_change_notification?
|
224
|
-
self.class.send_password_change_notification && encrypted_password_changed? && !@skip_password_change_notification
|
225
|
-
end
|
205
|
+
def send_password_change_notification?
|
206
|
+
self.class.send_password_change_notification && devise_saved_change_to_encrypted_password? && !@skip_password_change_notification
|
226
207
|
end
|
227
208
|
|
228
209
|
module ClassMethods
|
@@ -99,24 +99,13 @@ module Devise
|
|
99
99
|
send_devise_notification(:reset_password_instructions, token, {})
|
100
100
|
end
|
101
101
|
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?")
|
107
|
-
end
|
108
|
-
|
109
|
-
authentication_keys_changed || encrypted_password_changed
|
102
|
+
def clear_reset_password_token?
|
103
|
+
encrypted_password_changed = devise_respond_to_and_will_save_change_to_attribute?(:encrypted_password)
|
104
|
+
authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
|
105
|
+
devise_respond_to_and_will_save_change_to_attribute?(attribute)
|
110
106
|
end
|
111
|
-
else
|
112
|
-
def clear_reset_password_token?
|
113
|
-
encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed?
|
114
|
-
authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
|
115
|
-
respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
|
116
|
-
end
|
117
107
|
|
118
|
-
|
119
|
-
end
|
108
|
+
authentication_keys_changed || encrypted_password_changed
|
120
109
|
end
|
121
110
|
|
122
111
|
module ClassMethods
|
@@ -29,13 +29,8 @@ module Devise
|
|
29
29
|
|
30
30
|
base.class_eval do
|
31
31
|
validates_presence_of :email, if: :email_required?
|
32
|
-
if
|
33
|
-
|
34
|
-
validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email?
|
35
|
-
else
|
36
|
-
validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
|
37
|
-
validates_format_of :email, with: email_regexp, allow_blank: true, if: :email_changed?
|
38
|
-
end
|
32
|
+
validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :devise_will_save_change_to_email?
|
33
|
+
validates_format_of :email, with: email_regexp, allow_blank: true, if: :devise_will_save_change_to_email?
|
39
34
|
|
40
35
|
validates_presence_of :password, if: :password_required?
|
41
36
|
validates_confirmation_of :password, if: :password_required?
|
@@ -47,7 +42,7 @@ module Devise
|
|
47
42
|
unavailable_validations = VALIDATIONS.select { |v| !base.respond_to?(v) }
|
48
43
|
|
49
44
|
unless unavailable_validations.empty?
|
50
|
-
raise "Could not use :validatable module since #{base} does not respond "
|
45
|
+
raise "Could not use :validatable module since #{base} does not respond " \
|
51
46
|
"to the following methods: #{unavailable_validations.to_sentence}."
|
52
47
|
end
|
53
48
|
end
|
data/lib/devise/models.rb
CHANGED
data/lib/devise/orm.rb
ADDED
@@ -0,0 +1,71 @@
|
|
1
|
+
module Devise
|
2
|
+
module Orm # :nodoc:
|
3
|
+
def self.active_record?(model)
|
4
|
+
defined?(ActiveRecord) && model < ActiveRecord::Base
|
5
|
+
end
|
6
|
+
|
7
|
+
def self.active_record_51?(model)
|
8
|
+
active_record?(model) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.included(model)
|
12
|
+
if Devise::Orm.active_record_51?(model)
|
13
|
+
model.include DirtyTrackingNewMethods
|
14
|
+
else
|
15
|
+
model.include DirtyTrackingOldMethods
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
module DirtyTrackingNewMethods
|
20
|
+
def devise_email_before_last_save
|
21
|
+
email_before_last_save
|
22
|
+
end
|
23
|
+
|
24
|
+
def devise_email_in_database
|
25
|
+
email_in_database
|
26
|
+
end
|
27
|
+
|
28
|
+
def devise_saved_change_to_email?
|
29
|
+
saved_change_to_email?
|
30
|
+
end
|
31
|
+
|
32
|
+
def devise_saved_change_to_encrypted_password?
|
33
|
+
saved_change_to_encrypted_password?
|
34
|
+
end
|
35
|
+
|
36
|
+
def devise_will_save_change_to_email?
|
37
|
+
will_save_change_to_email?
|
38
|
+
end
|
39
|
+
|
40
|
+
def devise_respond_to_and_will_save_change_to_attribute?(attribute)
|
41
|
+
respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?")
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
module DirtyTrackingOldMethods
|
46
|
+
def devise_email_before_last_save
|
47
|
+
email_was
|
48
|
+
end
|
49
|
+
|
50
|
+
def devise_email_in_database
|
51
|
+
email_was
|
52
|
+
end
|
53
|
+
|
54
|
+
def devise_saved_change_to_email?
|
55
|
+
email_changed?
|
56
|
+
end
|
57
|
+
|
58
|
+
def devise_saved_change_to_encrypted_password?
|
59
|
+
encrypted_password_changed?
|
60
|
+
end
|
61
|
+
|
62
|
+
def devise_will_save_change_to_email?
|
63
|
+
email_changed?
|
64
|
+
end
|
65
|
+
|
66
|
+
def devise_respond_to_and_will_save_change_to_attribute?(attribute)
|
67
|
+
respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
data/lib/devise/version.rb
CHANGED
data/lib/devise.rb
CHANGED
@@ -13,6 +13,7 @@ module Devise
|
|
13
13
|
autoload :Encryptor, 'devise/encryptor'
|
14
14
|
autoload :FailureApp, 'devise/failure_app'
|
15
15
|
autoload :OmniAuth, 'devise/omniauth'
|
16
|
+
autoload :Orm, 'devise/orm'
|
16
17
|
autoload :ParameterFilter, 'devise/parameter_filter'
|
17
18
|
autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
|
18
19
|
autoload :TestHelpers, 'devise/test_helpers'
|
@@ -307,10 +308,6 @@ module Devise
|
|
307
308
|
mattr_accessor :sign_in_after_change_password
|
308
309
|
@@sign_in_after_change_password = true
|
309
310
|
|
310
|
-
def self.activerecord51? # :nodoc:
|
311
|
-
defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
|
312
|
-
end
|
313
|
-
|
314
311
|
# Default way to set up Devise. Run rails generate devise_install to create
|
315
312
|
# a fresh initializer with all configuration values.
|
316
313
|
def self.setup
|
@@ -523,6 +520,14 @@ module Devise
|
|
523
520
|
b.each_byte { |byte| res |= byte ^ l.shift }
|
524
521
|
res == 0
|
525
522
|
end
|
523
|
+
|
524
|
+
def self.activerecord51? # :nodoc:
|
525
|
+
ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
|
526
|
+
[Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version.
|
527
|
+
It is a non-public method that's no longer used internally, but that other libraries have been relying on.
|
528
|
+
DEPRECATION
|
529
|
+
defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
|
530
|
+
end
|
526
531
|
end
|
527
532
|
|
528
533
|
require 'warden'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.9.
|
4
|
+
version: 4.9.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- José Valim
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2023-
|
12
|
+
date: 2023-04-03 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: warden
|
@@ -151,6 +151,7 @@ files:
|
|
151
151
|
- lib/devise/omniauth.rb
|
152
152
|
- lib/devise/omniauth/config.rb
|
153
153
|
- lib/devise/omniauth/url_helpers.rb
|
154
|
+
- lib/devise/orm.rb
|
154
155
|
- lib/devise/orm/active_record.rb
|
155
156
|
- lib/devise/orm/mongoid.rb
|
156
157
|
- lib/devise/parameter_filter.rb
|
@@ -228,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
228
229
|
- !ruby/object:Gem::Version
|
229
230
|
version: '0'
|
230
231
|
requirements: []
|
231
|
-
rubygems_version: 3.
|
232
|
+
rubygems_version: 3.0.3.1
|
232
233
|
signing_key:
|
233
234
|
specification_version: 4
|
234
235
|
summary: Flexible authentication solution for Rails with Warden
|