devise 0.2.2 → 0.2.3

data/CHANGELOG.rdoc

@@ -1,3 +1,13 @@
+== 0.2.3
+
+* enhancements
+  * Ensure fail! works inside strategies
+  * [#12] Make unauthenticated message (when you haven't signed in) different from invalid message
+
+* bug fix
+  * Do not redirect on invalid authenticate
+  * Allow model configuration to be set to nil
+
 == 0.2.2
 
 * bug fix

data/README.rdoc

@@ -70,7 +70,7 @@ Now let's setup a User model adding the devise line to have your authentication
     devise
   end
 
-This line adds devise authenticable automatically for you inside your User class. Devise don't rely on _attr_accessible_ or _attr_protected_ inside it's modules, so be sure to setup what attributes are accessible or protected in your model.
+This line adds devise authenticable automatically for you inside your User class. Devise don't rely on _attr_accessible_ or _attr_protected_ inside its modules, so be sure to setup what attributes are accessible or protected in your model.
 
 You could also include the other devise modules as below:
 
@@ -107,6 +107,14 @@ In addition to :except, you can provide some options to devise call:
 
   devise :all, :stretches => 20
 
+* confirm_in: the time the user can access the site before being blocked because his account was not confirmed
+
+  devise :all, :confirm_in => 1.week
+
+* remember_for: the time to store the remember me cookie in the user
+
+  devise :all, :remember_for => 2.weeks
+
 The next step after setting up your model is to configure your routes for devise. You do this by opening up your config/routes.rb and adding:
 
   map.devise_for :users
@@ -168,9 +176,10 @@ After signing in a user, confirming it's account or updating it's password, devi
 
   map.root :controller => 'home'
 
-You also need to setup default url options for the mailer, if you are using confirmable or recoverable. It's a Rails required configuration, and you can do this inside your specific environments. Here is an example of development environment:
+You also need to setup default url options for the mailer, if you are using confirmable or recoverable. Here's is the configuration for development:
 
-  config.action_mailer.default_url_options = { :host => 'localhost:3000' }
+  Notifier.sender = "no-reply@yourapp.com"
+  ActionMailer::Base.default_url_options = { :host => 'localhost:3000' }
 
 Devise let's you setup as many roles as you want, so let's say you already have this User model and also want an Admin model with the same authentication stuff, but not confirmation or password recovery. Just follow the same steps:
 
@@ -209,14 +218,14 @@ This is gonna copy all session, password, confirmation and notifier views to you
 
 == I18n
 
-Devise check for flash messages using i18n, so you're able to customize them easily. For example, to change the sign in message you should setup your locale file this way:
+Devise uses flash messages with I18n with the flash keys :success and :failure. To customize your app, you can setup your locale file this way:
 
   en:
     devise:
       sessions:
         signed_in: 'Signed in successfully.'
 
-You can also create distinct messages based on the resource you've configured:
+You can also create distinct messages based on the resource you've configured using the singular name given in routes:
 
   en:
     devise:
@@ -226,7 +235,7 @@ You can also create distinct messages based on the resource you've configured:
         admin:
           signed_in: 'Hello admin!'
 
-Devise notifier uses the same pattern to create subject messages, but it is not able to know what scope you are, he just know the record (ie user instance) that was sent to it. So you need to customize messages based on the model class name (usually the same as the resource name, if you follow basic conventions):
+Devise notifier uses the same pattern to create subject messages:
 
   en:
     devise:

data/app/controllers/sessions_controller.rb

@@ -1,12 +1,19 @@
 class SessionsController < ApplicationController
   include Devise::Controllers::Helpers
 
+  # Maps the messages types that comes from warden to a flash type.
+  WARDEN_MESSAGES = {
+    :unauthenticated => :success,
+    :unconfirmed => :failure
+  }
+
   before_filter :require_no_authentication, :only => [ :new, :create ]
 
   # GET /resource/sign_in
   def new
-    unauthenticated! if params[:unauthenticated]
-    unconfirmed!     if params[:unconfirmed]
+    WARDEN_MESSAGES.each do |message, type|
+      set_now_flash_message type, message if params.key?(message)
+    end
     build_resource
   end
 
@@ -16,7 +23,7 @@ class SessionsController < ApplicationController
       set_flash_message :success, :signed_in
       redirect_back_or_to home_or_root_path
     else
-      unauthenticated!
+      set_now_flash_message :failure, :invalid
       build_resource
       render :new
     end
@@ -29,14 +36,4 @@ class SessionsController < ApplicationController
     redirect_to root_path
   end
 
-  protected
-
-    def unauthenticated!
-      set_now_flash_message :failure, :unauthenticated
-    end
-
-    def unconfirmed!
-      set_now_flash_message :failure, :unconfirmed
-    end
-
 end

data/app/models/notifier.rb

@@ -16,12 +16,15 @@ class Notifier < ::ActionMailer::Base
 
     # Configure default email options
     def setup_mail(record, key)
-      subject      translate(record, key)
+      mapping = Devise.mappings.values.find { |m| m.to == record.class }
+      raise "Invalid devise resource #{record}" unless mapping
+
+      subject      translate(mapping, key)
       from         self.class.sender
       recipients   record.email
       sent_on      Time.now
       content_type 'text/html'
-      body         underscore_name(record) => record, :resource => record
+      body         mapping.name => record, :resource => record
     end
 
     # Setup subject namespaced by model. It means you're able to setup your
@@ -35,13 +38,7 @@ class Notifier < ::ActionMailer::Base
     #         user:
     #           notifier:
     #             confirmation_instructions: '...'
-    def translate(record, key)
-      I18n.t(:"#{underscore_name(record)}.#{key}",
-             :scope => [:devise, :notifier],
-             :default => key)
-    end
-
-    def underscore_name(record)
-      @underscore_name ||= record.class.name.underscore.to_sym
+    def translate(mapping, key)
+      I18n.t(:"#{mapping.name}.#{key}", :scope => [:devise, :notifier], :default => key)
     end
 end

data/config/locales/en.yml

@@ -3,8 +3,9 @@ en:
     sessions:
       signed_in: 'Signed in successfully.'
       signed_out: 'Signed out successfully.'
-      unauthenticated: 'Invalid email or password.'
+      unauthenticated: 'You need to sign in or sign up before continuing.'
       unconfirmed: 'Your account was not confirmed and your confirmation period has expired.'
+      invalid: 'Invalid email or password.'
     passwords:
       send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
       updated: 'Your password was changed successfully. You are now signed in.'

data/lib/devise.rb

@@ -38,7 +38,9 @@ module Devise
 
     mod.const_get(:ClassMethods).class_eval <<-METHOD, __FILE__, __LINE__
       def #{accessor}
-        @#{accessor} || if superclass.respond_to?(:#{accessor})
+        if defined?(@#{accessor})
+          @#{accessor}
+        elsif superclass.respond_to?(:#{accessor})
           superclass.#{accessor}
         else
           Devise.#{accessor}

data/lib/devise/controllers/helpers.rb

@@ -78,9 +78,12 @@ module Devise
         instance_variable_set(:"@#{resource_name}", new_resource)
       end
 
-      # Build a devise resource
+      # Build a devise resource without setting password and password confirmation fields.
       def build_resource
-        self.resource = resource_class.new(params[resource_name])
+        self.resource ||= begin
+          attributes = params[resource_name].try(:except, :password, :password_confirmation)
+          resource_class.new(attributes)
+        end
       end
 
       # Helper for use in before_filters where no authentication is required.

data/lib/devise/failure.rb

@@ -8,8 +8,12 @@ module Devise
     # to the default_url.
     def self.call(env)
       options = env['warden.options']
-      params  = options[:params] || {}
       scope   = options[:scope]
+      params  = if env['warden'].try(:message)
+        { env['warden'].message => true }
+      else
+        options[:params]
+      end
 
       redirect_path = if mapping = Devise.mappings[scope]
         "/#{mapping.as}/#{mapping.path_names[:sign_in]}"
@@ -19,7 +23,7 @@ module Devise
 
       headers = {}
       headers["Location"] = redirect_path
-      headers["Location"] << "?" << Rack::Utils.build_query(params) unless params.empty?
+      headers["Location"] << "?" << Rack::Utils.build_query(params) if params
       headers["Content-Type"] = 'text/plain'
 
       message = options[:message] || "You are being redirected to #{redirect_path}"

data/lib/devise/strategies/authenticable.rb

@@ -7,12 +7,16 @@ module Devise
       # Authenticate a user based on email and password params, returning to warden
       # success and the authenticated user if everything is okay. Otherwise redirect
       # to sign in page.
+      #
+      # Please notice the semantic difference between calling fail! and throw :warden.
+      # The first does not perform any action when calling authenticate, just
+      # when authenticate! is invoked. The second always perform the action.
       def authenticate!
         if valid_attributes? && resource = mapping.to.authenticate(attributes)
           success!(resource)
         else
           store_location
-          throw :warden, :scope => scope, :params => { :unauthenticated => true }
+          fail!(:unauthenticated)
         end
       end
 

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.2.2".freeze
+  VERSION = "0.2.3".freeze
 end

data/test/integration/authenticable_test.rb

@@ -81,8 +81,6 @@ class AuthenticationTest < ActionController::IntegrationTest
       fill_in 'email', :with => 'wrongemail@test.com'
     end
 
-    assert_redirected_to new_admin_session_path(:unauthenticated => true)
-    follow_redirect!
     assert_contain 'Invalid email or password'
     assert_not warden.authenticated?(:admin)
   end
@@ -92,8 +90,6 @@ class AuthenticationTest < ActionController::IntegrationTest
       fill_in 'password', :with => 'abcdef'
     end
 
-    assert_redirected_to new_admin_session_path(:unauthenticated => true)
-    follow_redirect!
     assert_contain 'Invalid email or password'
     assert_not warden.authenticated?(:admin)
   end
@@ -101,13 +97,12 @@ class AuthenticationTest < ActionController::IntegrationTest
   test 'error message is configurable by resource name' do
     begin
       I18n.backend.store_translations(:en, :devise => { :sessions =>
-        { :admin => { :unauthenticated => "Invalid credentials" } } })
+        { :admin => { :invalid => "Invalid credentials" } } })
 
       sign_in_as_admin do
         fill_in 'password', :with => 'abcdef'
       end
 
-      follow_redirect!
       assert_contain 'Invalid credentials'
     ensure
       I18n.reload!
@@ -145,14 +140,14 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_not_contain 'Signed out successfully'
   end
 
-  test 'redirect from warden shows error message' do
+  test 'redirect from warden shows sign in or sign up message' do
     get admins_path
 
     warden_path = new_admin_session_path(:unauthenticated => true)
     assert_redirected_to warden_path
 
     get warden_path
-    assert_contain 'Invalid email or password.'
+    assert_contain 'You need to sign in or sign up before continuing.'
   end
 
   test 'render 404 on roles without permission' do

data/test/test_helper.rb

@@ -13,6 +13,7 @@ ActionMailer::Base.default_url_options[:host] = 'test.com'
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
 ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+
 ActiveRecord::Schema.define(:version => 1) do
   [:users, :admins].each do |table|
     create_table table do |t|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: devise
 version: !ruby/object:Gem::Version 
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors: 
 - "Jos\xC3\xA9 Valim"
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-10-28 00:00:00 -02:00
+date: 2009-10-29 00:00:00 -02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency