devise 4.9.2 → 4.9.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -1
- data/MIT-LICENSE +1 -1
- data/README.md +3 -3
- data/app/controllers/devise/sessions_controller.rb +1 -1
- data/app/controllers/devise_controller.rb +13 -0
- data/app/helpers/devise_helper.rb +1 -1
- data/lib/devise/controllers/helpers.rb +2 -0
- data/lib/devise/controllers/sign_in_out.rb +1 -1
- data/lib/devise/failure_app.rb +10 -1
- data/lib/devise/models/authenticatable.rb +1 -1
- data/lib/devise/models/database_authenticatable.rb +2 -2
- data/lib/devise/rails/deprecated_constant_accessor.rb +1 -1
- data/lib/devise/rails.rb +4 -0
- data/lib/devise/test/controller_helpers.rb +1 -1
- data/lib/devise/test_helpers.rb +1 -1
- data/lib/devise/version.rb +1 -1
- data/lib/devise.rb +5 -1
- data/lib/generators/templates/devise.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5ee56c70aa194195a4ce7ee729124c9701fa62a1ca71a0b74fa1d45f7b452c8e
|
|
4
|
+
data.tar.gz: f6d6fbd0a844de35d7a27ebb52eadc8da5440436cd8b037e917be40e8379b670
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d29b37afe41e4751cdbdc259c3cb7f0926bfde20949054e652677175dec119bfa49054b829103ce382ddb9655f2a51ba9f75576a2ce112bf9e179cf6f617e228
|
|
7
|
+
data.tar.gz: 5bd002f04b9296993f48af6e312fe94a5a0ea80cacaf3226ba78317a3a100fcdd3060c70b6592398fb8206dd98a12aa6ed906ffb29ed589b144fb1f59c923fc9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,18 @@
|
|
|
1
|
-
###
|
|
1
|
+
### 4.9.4 - 2024-04-10
|
|
2
|
+
|
|
3
|
+
* enhancements
|
|
4
|
+
* Add support for Ruby 3.3. (no changes needed)
|
|
5
|
+
|
|
6
|
+
* bug fixes
|
|
7
|
+
* Respect locale set by controller in failure app. Devise will carry over the current I18n.locale option when triggering authentication, and will wrap the failure app call with it. [#5567](https://github.com/heartcombo/devise/pull/5567)
|
|
8
|
+
|
|
9
|
+
### 4.9.3 - 2023-10-11
|
|
10
|
+
|
|
11
|
+
* enhancements
|
|
12
|
+
* Add support for Rails 7.1.
|
|
13
|
+
* Add `Devise.deprecator` to integrate with new application deprecators in Rails 7.1. (@soartec-lab, @etiennebarrie)
|
|
14
|
+
|
|
15
|
+
### 4.9.2 - 2023-04-03
|
|
2
16
|
|
|
3
17
|
* deprecations
|
|
4
18
|
* Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it.
|
data/MIT-LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -46,7 +46,7 @@ It's composed of 10 modules:
|
|
|
46
46
|
- [Integration tests](#integration-tests)
|
|
47
47
|
- [OmniAuth](#omniauth)
|
|
48
48
|
- [Configuring multiple models](#configuring-multiple-models)
|
|
49
|
-
- [
|
|
49
|
+
- [Active Job Integration](#active-job-integration)
|
|
50
50
|
- [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs)
|
|
51
51
|
- [Other ORMs](#other-orms)
|
|
52
52
|
- [Rails API mode](#rails-api-mode)
|
|
@@ -483,7 +483,7 @@ Devise.setup do |config|
|
|
|
483
483
|
# ...
|
|
484
484
|
# When using Devise with Hotwire/Turbo, the http status for error responses
|
|
485
485
|
# and some redirects must match the following. The default in Devise for existing
|
|
486
|
-
# apps is `200 OK` and `302 Found respectively
|
|
486
|
+
# apps is `200 OK` and `302 Found` respectively, but new apps are generated with
|
|
487
487
|
# these new defaults that match Hotwire/Turbo behavior.
|
|
488
488
|
# Note: These might become the new default in future versions of Devise.
|
|
489
489
|
config.responder.error_status = :unprocessable_entity
|
|
@@ -767,6 +767,6 @@ https://github.com/heartcombo/devise/graphs/contributors
|
|
|
767
767
|
|
|
768
768
|
## License
|
|
769
769
|
|
|
770
|
-
MIT License. Copyright 2020-
|
|
770
|
+
MIT License. Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
|
|
771
771
|
|
|
772
772
|
The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/).
|
|
@@ -45,7 +45,7 @@ class Devise::SessionsController < DeviseController
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def auth_options
|
|
48
|
-
{ scope: resource_name, recall: "#{controller_path}#new" }
|
|
48
|
+
{ scope: resource_name, recall: "#{controller_path}#new", locale: I18n.locale }
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def translation_scope
|
|
@@ -33,6 +33,19 @@ class DeviseController < Devise.parent_controller.constantize
|
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
# Override internal methods to exclude `_prefixes` from action methods since
|
|
37
|
+
# we override it above.
|
|
38
|
+
#
|
|
39
|
+
# There was an intentional change in Rails 7.1 that will allow it to become
|
|
40
|
+
# an action method because it's a public method of a non-abstract controller,
|
|
41
|
+
# but we also can't make this abstract because it can affect potential actions
|
|
42
|
+
# defined in the parent controller, so instead we ensure `_prefixes` is going
|
|
43
|
+
# to be considered internal. (and thus, won't become an action method.)
|
|
44
|
+
# Ref: https://github.com/rails/rails/pull/48699
|
|
45
|
+
def self.internal_methods #:nodoc:
|
|
46
|
+
super << :_prefixes
|
|
47
|
+
end
|
|
48
|
+
|
|
36
49
|
protected
|
|
37
50
|
|
|
38
51
|
# Gets the actual resource stored in the instance variable
|
|
@@ -4,7 +4,7 @@ module DeviseHelper
|
|
|
4
4
|
# Retain this method for backwards compatibility, deprecated in favor of modifying the
|
|
5
5
|
# devise/shared/error_messages partial.
|
|
6
6
|
def devise_error_messages!
|
|
7
|
-
|
|
7
|
+
Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
|
|
8
8
|
[Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be
|
|
9
9
|
removed in the next major version.
|
|
10
10
|
|
|
@@ -46,6 +46,7 @@ module Devise
|
|
|
46
46
|
mappings.unshift mappings.delete(favorite.to_sym) if favorite
|
|
47
47
|
mappings.each do |mapping|
|
|
48
48
|
opts[:scope] = mapping
|
|
49
|
+
opts[:locale] = I18n.locale
|
|
49
50
|
warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
|
|
50
51
|
end
|
|
51
52
|
end
|
|
@@ -115,6 +116,7 @@ module Devise
|
|
|
115
116
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
|
116
117
|
def authenticate_#{mapping}!(opts = {})
|
|
117
118
|
opts[:scope] = :#{mapping}
|
|
119
|
+
opts[:locale] = I18n.locale
|
|
118
120
|
warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
|
|
119
121
|
end
|
|
120
122
|
|
|
@@ -38,7 +38,7 @@ module Devise
|
|
|
38
38
|
expire_data_after_sign_in!
|
|
39
39
|
|
|
40
40
|
if options[:bypass]
|
|
41
|
-
|
|
41
|
+
Devise.deprecator.warn(<<-DEPRECATION.strip_heredoc, caller)
|
|
42
42
|
[Devise] bypass option is deprecated and it will be removed in future version of Devise.
|
|
43
43
|
Please use bypass_sign_in method instead.
|
|
44
44
|
Example:
|
data/lib/devise/failure_app.rb
CHANGED
|
@@ -18,6 +18,11 @@ module Devise
|
|
|
18
18
|
|
|
19
19
|
delegate :flash, to: :request
|
|
20
20
|
|
|
21
|
+
include AbstractController::Callbacks
|
|
22
|
+
around_action do |failure_app, action|
|
|
23
|
+
I18n.with_locale(failure_app.i18n_locale, &action)
|
|
24
|
+
end
|
|
25
|
+
|
|
21
26
|
def self.call(env)
|
|
22
27
|
@respond ||= action(:respond)
|
|
23
28
|
@respond.call(env)
|
|
@@ -107,7 +112,7 @@ module Devise
|
|
|
107
112
|
options[:default] = [message]
|
|
108
113
|
auth_keys = scope_class.authentication_keys
|
|
109
114
|
keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) }
|
|
110
|
-
options[:authentication_keys] = keys.join(I18n.
|
|
115
|
+
options[:authentication_keys] = keys.join(I18n.t(:"support.array.words_connector"))
|
|
111
116
|
options = i18n_options(options)
|
|
112
117
|
|
|
113
118
|
I18n.t(:"#{scope}.#{message}", **options)
|
|
@@ -116,6 +121,10 @@ module Devise
|
|
|
116
121
|
end
|
|
117
122
|
end
|
|
118
123
|
|
|
124
|
+
def i18n_locale
|
|
125
|
+
warden_options[:locale]
|
|
126
|
+
end
|
|
127
|
+
|
|
119
128
|
def redirect_url
|
|
120
129
|
if warden_message == :timeout
|
|
121
130
|
flash[:timedout] = true if is_flashing_format?
|
|
@@ -62,7 +62,7 @@ module Devise
|
|
|
62
62
|
:remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at]
|
|
63
63
|
|
|
64
64
|
include Devise::DeprecatedConstantAccessor
|
|
65
|
-
deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION"
|
|
65
|
+
deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", deprecator: Devise.deprecator
|
|
66
66
|
|
|
67
67
|
included do
|
|
68
68
|
class_attribute :devise_modules, instance_writer: false
|
|
@@ -86,7 +86,7 @@ module Devise
|
|
|
86
86
|
# is also rejected as long as it is also blank.
|
|
87
87
|
def update_with_password(params, *options)
|
|
88
88
|
if options.present?
|
|
89
|
-
|
|
89
|
+
Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
|
|
90
90
|
[Devise] The second argument of `DatabaseAuthenticatable#update_with_password`
|
|
91
91
|
(`options`) is deprecated and it will be removed in the next major version.
|
|
92
92
|
It was added to support a feature deprecated in Rails 4, so you can safely remove it
|
|
@@ -128,7 +128,7 @@ module Devise
|
|
|
128
128
|
#
|
|
129
129
|
def update_without_password(params, *options)
|
|
130
130
|
if options.present?
|
|
131
|
-
|
|
131
|
+
Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
|
|
132
132
|
[Devise] The second argument of `DatabaseAuthenticatable#update_without_password`
|
|
133
133
|
(`options`) is deprecated and it will be removed in the next major version.
|
|
134
134
|
It was added to support a feature deprecated in Rails 4, so you can safely remove it
|
|
@@ -26,7 +26,7 @@ rescue LoadError
|
|
|
26
26
|
super
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
def deprecate_constant(const_name, new_constant, message: nil, deprecator:
|
|
29
|
+
def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator)
|
|
30
30
|
class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
|
|
31
31
|
class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
|
|
32
32
|
end
|
data/lib/devise/rails.rb
CHANGED
|
@@ -17,6 +17,10 @@ module Devise
|
|
|
17
17
|
app.reload_routes! if Devise.reload_routes
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
+
initializer "devise.deprecator" do |app|
|
|
21
|
+
app.deprecators[:devise] = Devise.deprecator if app.respond_to?(:deprecators)
|
|
22
|
+
end
|
|
23
|
+
|
|
20
24
|
initializer "devise.url_helpers" do
|
|
21
25
|
Devise.include_helpers(Devise::Controllers)
|
|
22
26
|
end
|
|
@@ -69,7 +69,7 @@ module Devise
|
|
|
69
69
|
scope = resource
|
|
70
70
|
resource = deprecated
|
|
71
71
|
|
|
72
|
-
|
|
72
|
+
Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
|
|
73
73
|
[Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise.
|
|
74
74
|
Please use sign_in(resource, scope: :#{scope}) instead.
|
|
75
75
|
DEPRECATION
|
data/lib/devise/test_helpers.rb
CHANGED
|
@@ -4,7 +4,7 @@ module Devise
|
|
|
4
4
|
module TestHelpers
|
|
5
5
|
def self.included(base)
|
|
6
6
|
base.class_eval do
|
|
7
|
-
|
|
7
|
+
Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
|
|
8
8
|
[Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise.
|
|
9
9
|
For controller tests, please include `Devise::Test::ControllerHelpers` instead.
|
|
10
10
|
DEPRECATION
|
data/lib/devise/version.rb
CHANGED
data/lib/devise.rb
CHANGED
|
@@ -521,8 +521,12 @@ module Devise
|
|
|
521
521
|
res == 0
|
|
522
522
|
end
|
|
523
523
|
|
|
524
|
+
def self.deprecator
|
|
525
|
+
@deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise")
|
|
526
|
+
end
|
|
527
|
+
|
|
524
528
|
def self.activerecord51? # :nodoc:
|
|
525
|
-
|
|
529
|
+
deprecator.warn <<-DEPRECATION.strip_heredoc
|
|
526
530
|
[Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version.
|
|
527
531
|
It is a non-public method that's no longer used internally, but that other libraries have been relying on.
|
|
528
532
|
DEPRECATION
|
|
@@ -299,7 +299,7 @@ Devise.setup do |config|
|
|
|
299
299
|
# ==> Hotwire/Turbo configuration
|
|
300
300
|
# When using Devise with Hotwire/Turbo, the http status for error responses
|
|
301
301
|
# and some redirects must match the following. The default in Devise for existing
|
|
302
|
-
# apps is `200 OK` and `302 Found respectively
|
|
302
|
+
# apps is `200 OK` and `302 Found` respectively, but new apps are generated with
|
|
303
303
|
# these new defaults that match Hotwire/Turbo behavior.
|
|
304
304
|
# Note: These might become the new default in future versions of Devise.
|
|
305
305
|
config.responder.error_status = :unprocessable_entity
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.9.
|
|
4
|
+
version: 4.9.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- José Valim
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-04-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: warden
|
|
@@ -229,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
229
229
|
- !ruby/object:Gem::Version
|
|
230
230
|
version: '0'
|
|
231
231
|
requirements: []
|
|
232
|
-
rubygems_version: 3.
|
|
232
|
+
rubygems_version: 3.5.3
|
|
233
233
|
signing_key:
|
|
234
234
|
specification_version: 4
|
|
235
235
|
summary: Flexible authentication solution for Rails with Warden
|