devise 0.1.1 → 0.2.0

data/CHANGELOG.rdoc

@@ -0,0 +1,42 @@
+== (development)
+
+* enhancements
+  * [#4] Allow option :null => true in authenticable migration
+  * [#3] Remove attr_accessible calls from devise modules
+  * Customizable time frame for rememberable with :remember_for config
+  * Customizable time frame for confirmable with :confirm_in config
+  * Generators for creating a resource and copy views
+
+* optimize
+  * Do not load hooks or strategies if they are not used
+
+* bug fixes
+  * [#2] Fixed requiring devise strategies
+
+== 0.1.1
+
+* bug fixes
+  * [#1] Fixed requiring devise mapping
+
+== 0.1.0
+
+* Devise::Authenticable
+* Devise::Confirmable
+* Devise::Recoverable
+* Devise::Validatable
+* Devise::Migratable
+* Devise::Rememberable
+
+* SessionsController
+* PasswordsController
+* ConfirmationsController
+
+* Create an example app
+* devise :all, :except => :rememberable
+* Use sign_in and sign_out in SessionsController
+
+* Mailer subjects namespaced by model
+* Allow stretches and pepper per model
+
+* Store session[:return_to] in session
+* Sign user in automatically after confirming or changing it's password

data/README.rdoc

@@ -27,7 +27,7 @@ All gems are on gemcutter, so you need to add gemcutter to your sources if you h
 
   sudo gem sources -a http://gemcutter.org/
 
-Install warden gem if you don't have it installed (requires 0.5.0 or higher):
+Install warden gem if you don't have it installed (requires 0.5.1 or higher):
 
   sudo gem install warden
 
@@ -44,6 +44,8 @@ And you're ready to go.
 
 == Basic Usage
 
+This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You can also check out the *Generators* section below to help you start.
+
 Devise must be setted up within the model (or models) you want to use, and devise routes must be created inside your routes.rb file.
 
 We're assuming here you want a User model. First of all you have to setup a migration with the following fields:
@@ -68,7 +70,9 @@ Now let's setup a User model adding the devise line to have your authentication
     devise
   end
 
-This line adds devise authenticable automatically for you inside your User class. You could also include the other modules as below:
+This line adds devise authenticable automatically for you inside your User class. Devise don't rely on _attr_accessible_ or _attr_protected_ inside it's modules, so be sure to setup what attributes are accessible or protected in your model.
+
+You could also include the other devise modules as below:
 
   # Same as using only devise, authenticable is activated by default
   devise :authenticable
@@ -166,7 +170,7 @@ After signing in a user, confirming it's account or updating it's password, devi
 
 You also need to setup default url options for the mailer, if you are using confirmable or recoverable. It's a Rails required configuration, and you can do this inside your specific environments. Here is an example of development environment:
 
-  config.action_mailer.default_url_options = {:host => 'localhost:3000'}
+  config.action_mailer.default_url_options = { :host => 'localhost:3000' }
 
 Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with the same authentication stuff, but not confirmation or password recovery. Just follow the same steps:
 
@@ -189,6 +193,20 @@ Devise let's you setup as many roles as you want, so let's say you already have
   current_admin
   admin_session
 
+== Generators
+
+Devise comes with some generators to help you start:
+
+  script/generate devise Model
+
+Will generate a model, configured with all devise modules, and add attr_accessible for default fields, so you can setup more accessible attributes later. The generator will also create the migration and configure your route for devise.
+
+You can also copy devise views to your application, being able to modify them based on your needs. To do it so, run the following command:
+
+  script/generate devise_views
+
+This is gonna copy all session, password, confirmation and notifier views to your app/views folder.
+
 == I18n
 
 Devise check for flash messages using i18n, so you're able to customize them easily. For example, to change the sign in message you should setup your locale file this way:
@@ -226,6 +244,10 @@ Please refer to TODO file.
 
 == Bugs and Feedback
 
-If you discover any bugs or want to drop a line, feel free to create an issue.
+If you discover any bugs or want to drop a line, feel free to create an issue on
+GitHub or send an e-mail to the mailing list.
+
+http://github.com/plataformatec/devise/issues
+http://groups.google.com/group/plataformatec-devise
 
 MIT License. Copyright 2009 Plataforma Tecnologia. http://blog.plataformatec.com.br

data/Rakefile

@@ -35,8 +35,8 @@ begin
     s.homepage = "http://github.com/plataformatec/devise"
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
-    s.files =  FileList["[A-Z]*", "{app,config,lib}/**/*", "init.rb"]
-    s.add_dependency("warden", "~> 0.5.0")
+    s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
+    s.add_dependency("warden", "~> 0.5.1")
   end
 
   Jeweler::GemcutterTasks.new

data/TODO

@@ -1,37 +1,8 @@
-* Add customizable time frame for remember me
-* Add customizable time frame for confirmation and filters
-
-* Create generators
+* Devise::Timeoutable
+* Devise::TestHelper
 * Use request_ip in session cookies
-* Session timeout
-
 * Devise::BruteForceProtection
 * Devise::MagicColumns
+* Improve Generators to pass modules as arguments
+* Different cryptography providers
 * Devise::Invitable
-
-== Done
-
-* Devise::Authenticable
-* Devise::Confirmable
-* Devise::Recoverable
-* Devise::Validatable
-* Devise::Migratable
-* SessionsController
-* PasswordsController
-* ConfirmationsController
-* Create an example app
-* devise :authenticable, :confirmable, :recoverable for ActiveRecord
-* Allow multiple models per controller
-* Add mappings
-* Use sign_in and sign_out in SessionsController
-* Use path_names in routes
-* Store session[:return_to] in session
-* Clear perishable_token in :confirmable and :recoverable
-* Remove perishable token and create attributes for confirmation_token and reset_password_token
-* Add confirmation_sent_at for confirmable
-* Add confirmable filters
-* Sign user in automatically after confirming or changing it's password
-
-* Add remember me
-* Mailer subjects namespaced by model
-* Allow stretches and pepper per model

data/app/controllers/sessions_controller.rb

@@ -5,6 +5,7 @@ class SessionsController < ApplicationController
   # GET /resource/sign_in
   def new
     unauthenticated! if params[:unauthenticated]
+    unconfirmed!     if params[:unconfirmed]
   end
 
   # POST /resource/sign_in
@@ -28,8 +29,11 @@ class SessionsController < ApplicationController
   protected
 
     def unauthenticated!
-      flash.now[:failure] = I18n.t(:"#{resource_name}.unauthenticated",
-                                   :scope => [:devise, :sessions], :default => :unauthenticated)
+      set_now_flash_message :failure, :unauthenticated
+    end
+
+    def unconfirmed!
+      set_now_flash_message :failure, :unconfirmed
     end
 
 end

data/config/locales/en.yml

@@ -4,6 +4,7 @@ en:
       signed_in: 'Signed in successfully.'
       signed_out: 'Signed out successfully.'
       unauthenticated: 'Invalid email or password.'
+      unconfirmed: 'Your account was not confirmed and your confirmation period has expired.'
     passwords:
       send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
       updated: 'Your password was changed successfully. You are now signed in.'

data/generators/devise/USAGE

@@ -0,0 +1,5 @@
+To create a devise resource user:
+
+    script/generate devise User
+
+This will generate a model named User, a route map for devise called :users, and a migration file for table :users with all devise modules.

data/generators/devise/devise_generator.rb

@@ -0,0 +1,25 @@
+require File.expand_path(File.dirname(__FILE__) + "/lib/route_devise.rb")
+
+class DeviseGenerator < Rails::Generator::NamedBase
+
+  def manifest
+    record do |m|
+      # Check for class naming collisions.
+      m.class_collisions(class_name)
+
+      # Model
+      m.directory(File.join('app', 'models', class_path))
+      m.template 'model.rb', File.join('app', 'models', "#{file_path}.rb")
+
+      # Migration
+      m.migration_template 'migration.rb', 'db/migrate', :migration_file_name => "devise_create_#{table_name}"
+
+      # Routing
+      m.route_devise table_name
+
+      # Readme
+      m.readme "README"
+    end
+  end
+
+end

data/generators/devise/lib/route_devise.rb

@@ -0,0 +1,32 @@
+module Rails
+  module Generator
+    module Commands
+      class Create < Base
+
+        # Create devise route. Based on route_resources
+        def route_devise(*resources)
+          resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
+          sentinel = 'ActionController::Routing::Routes.draw do |map|'
+
+          logger.route "map.devise_for #{resource_list}"
+          unless options[:pretend]
+            gsub_file 'config/routes.rb', /(#{Regexp.escape(sentinel)})/mi do |match|
+              "#{match}\n  map.devise_for #{resource_list}\n"
+            end
+          end
+        end
+      end
+
+      class Destroy < RewindBase
+
+        # Destroy devise route. Based on route_resources
+        def route_devise(*resources)
+          resource_list = resources.map { |r| r.to_sym.inspect }.join(', ')
+          look_for = "\n  map.devise_for #{resource_list}\n"
+          logger.route "map.devise_for #{resource_list}"
+          gsub_file 'config/routes.rb', /(#{look_for})/mi, ''
+        end
+      end
+    end
+  end
+end

data/generators/devise/templates/README

@@ -0,0 +1,21 @@
+
+================================================================================
+
+Some setup you must do manually if you haven't yet:
+
+1. Setup defaut url options for your specific environment. Here is an example of development environment:
+
+    config.action_mailer.default_url_options = { :host => 'localhost:3000' }
+
+It's a Rails required configuration.
+In production it must be the actual host your application is deployed to.
+
+2. Setup default sender for mails.In config/environment.rb:
+
+    Notifier.sender = "test@example.com"
+
+3. Ensure you have defined root_url to *something* in your config/routes.rb:
+
+    map.root :controller => 'home'
+
+================================================================================

data/generators/devise/templates/migration.rb

@@ -0,0 +1,20 @@
+class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
+  def self.up
+    create_table(:<%= table_name %>) do |t|
+      t.authenticable
+      t.confirmable
+      t.recoverable
+      t.rememberable
+
+      t.timestamps
+    end
+
+    add_index :<%= table_name %>, :email,                :unique => true
+    add_index :<%= table_name %>, :confirmation_token,   :unique => true
+    add_index :<%= table_name %>, :reset_password_token, :unique => true
+  end
+
+  def self.down
+    drop_table :<%= table_name %>
+  end
+end

data/generators/devise/templates/model.rb

@@ -0,0 +1,5 @@
+class <%= class_name %> < ActiveRecord::Base
+  devise :all
+  # Setup accessible (or protected) attributes for your model
+  attr_accessible :email, :password, :password_confirmation
+end

data/generators/devise_views/USAGE

@@ -0,0 +1,3 @@
+To copy all session, password and confirmation views from devise to your app just run the following command:
+
+    script/generate devise_views

data/generators/devise_views/devise_views_generator.rb

@@ -0,0 +1,24 @@
+class DeviseViewsGenerator < Rails::Generator::Base
+
+  def manifest
+    record do |m|
+      views_directory = File.join('app', 'views')
+      m.directory views_directory
+
+      {
+        :sessions => [:new],
+        :passwords => [:new, :edit],
+        :confirmations => [:new],
+        :notifier => [:confirmation_instructions, :reset_password_instructions]
+      }.each do |dir, templates|
+        m.directory File.join(views_directory, dir.to_s)
+
+        templates.each do |template|
+          template_path = "#{dir}/#{template}.html.erb"
+          m.file "#{template_path}", "#{views_directory}/#{template_path}"
+        end
+      end
+    end
+  end
+
+end

data/generators/devise_views/templates/confirmations/new.html.erb

@@ -0,0 +1,16 @@
+<h2>Resend confirmation instructions</h2>
+
+<% form_for resource_name, :url => confirmation_path(resource_name) do |f| %>
+  <%= f.error_messages %>
+
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
+
+  <p><%= f.submit "Resend confirmation instructions" %></p>
+<% end %>
+
+<%= link_to "Sign in", new_session_path(resource_name) %><br />
+
+<%- if devise_mapping.recoverable? %>
+  <%= link_to "Forgot password?", new_password_path(resource_name) %><br />
+<% end -%>

data/generators/devise_views/templates/notifier/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+Welcome <%= @resource.email %>!
+
+You can confirm your account through the link below:
+
+<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>

data/generators/devise_views/templates/notifier/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+Hello <%= @resource.email %>!
+
+Someone has requested a link to change your password, and you can do this through the link below.
+
+<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>
+
+If you didn't request this, please ignore this email.
+Your password won't change until you access the link above and create a new one.

data/generators/devise_views/templates/passwords/edit.html.erb

@@ -0,0 +1,20 @@
+<h2>Change your password</h2>
+
+<% form_for resource_name, :url => password_path(resource_name), :html => { :method => :put } do |f| %>
+  <%= f.error_messages %>
+  <%= f.hidden_field :reset_password_token %>
+
+  <p><%= f.label :password %></p>
+  <p><%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation %></p>
+  <p><%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.submit "Change my password" %></p>
+<% end %>
+
+<%= link_to "Sign in", new_session_path(resource_name) %><br />
+
+<%- if devise_mapping.confirmable? %>
+  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+<% end -%>

data/generators/devise_views/templates/passwords/new.html.erb

@@ -0,0 +1,16 @@
+<h2>Forgot your password?</h2>
+
+<% form_for resource_name, :url => password_path(resource_name) do |f| %>
+  <%= f.error_messages %>
+
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
+
+  <p><%= f.submit "Send me reset password instructions" %></p>
+<% end %>
+
+<%= link_to "Sign in", new_session_path(resource_name) %><br />
+
+<%- if devise_mapping.confirmable? %>
+  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+<% end -%>

data/generators/devise_views/templates/sessions/new.html.erb

@@ -0,0 +1,23 @@
+<h2>Sign in</h2>
+
+<% form_for resource_name, :url => session_path(resource_name) do |f| -%>
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
+
+  <p><%= f.label :password %></p>
+  <p><%= f.password_field :password %></p>
+
+  <% if devise_mapping.rememberable? -%>
+    <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
+  <% end -%>
+
+  <p><%= f.submit "Sign in" %></p>
+<% end -%>
+
+<%- if devise_mapping.recoverable? %>
+  <%= link_to "Forgot password?", new_password_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.confirmable? %>
+  <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+<% end -%>

data/lib/devise.rb

@@ -10,22 +10,43 @@ module Devise
 
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'].freeze
 
-  MODEL_CONFIG = []
-
-  def self.model_config(klass, accessor, default=nil)
-    # Create Devise accessor
+  # Creates configuration values for Devise and for the given module.
+  #
+  #   Devise.model_config(Devise::Authenticable, :stretches, 10)
+  #
+  # The line above creates:
+  #
+  #   1) An accessor called Devise.stretches, which value is used by default;
+  #
+  #   2) Some class methods for your model Model.stretches and Model.stretches=
+  #      which have higher priority than Devise.stretches;
+  #
+  #   3) And an instance method stretches.
+  #
+  # To add the class methods you need to have a module ClassMethods defined
+  # inside the given class.
+  #
+  def self.model_config(mod, accessor, default=nil) #:nodoc:
     mattr_accessor accessor
-
-    # Set default value
     send(:"#{accessor}=", default)
 
-    # Store configuration method
-    MODEL_CONFIG << accessor
+    mod.class_eval <<-METHOD, __FILE__, __LINE__
+      def #{accessor}
+        self.class.#{accessor}
+      end
+    METHOD
 
-    # Set default value
-    klass.class_eval <<-METHOD
+    mod.const_get(:ClassMethods).class_eval <<-METHOD, __FILE__, __LINE__
       def #{accessor}
-        Devise.#{accessor}
+        @#{accessor} || if superclass.respond_to?(:#{accessor})
+          superclass.#{accessor}
+        else
+          Devise.#{accessor}
+        end
+      end
+
+      def #{accessor}=(value)
+        @#{accessor} = value
       end
     METHOD
   end
@@ -35,9 +56,10 @@ end
 #
 #   1) Include Devise::ActiveRecord and Devise::Migrations
 #   2) Load and config warden
-#   3) Add routes extensions
-#   4) Load routes definitions
-#   5) Include filters and helpers in controllers and views
+#   3) Load devise mapping structure
+#   4) Add routes extensions
+#   5) Load routes definitions
+#   6) Include filters and helpers in controllers and views
 #
 Rails.configuration.after_initialize do
   ActiveRecord::Base.extend Devise::ActiveRecord