devise 0.5.0 → 0.5.1

data/CHANGELOG.rdoc

@@ -1,3 +1,13 @@
+* enhancements
+  * [#28] Improved sign_in and sign_out helpers to accepts resources
+  * [#28] Added stored_location_for as a helper
+
+== 0.5.1
+
+* enhancements
+	* Added serializers based on Warden ones
+	* Allow authentication keys to be set
+
 == 0.5.0
 
 * bug fix
@@ -11,7 +21,7 @@
 == 0.4.3
 
 * bug fix
-  * [#29] Authentication fail if user cannot be serialized from session;
+  * [#29] Authentication just fails if user cannot be serialized from session, without raising errors;
   * Default configuration values should not overwrite user values;
 
 == 0.4.2

data/README.rdoc

@@ -46,7 +46,7 @@ And you're ready to go.
 
 This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration. You can also check out the *Generators* section below to help you start.
 
-Devise must be setted up within the model (or models) you want to use, and devise routes must be created inside your routes.rb file.
+Devise must be set up within the model (or models) you want to use, and devise routes must be created inside your routes.rb file.
 
 We're assuming here you want a User model. First of all you have to setup a migration with the following fields:
 
@@ -93,7 +93,7 @@ Note that validations aren't added by default, so you're able to customize it. I
 
 == Model configuration
 
-In addition to :except, you can provide :pepper, :stretches, :confirm_within and :remember_for as options to devise method.
+In addition to :except, you can provide :pepper, :stretches, :encryptor, :authentication_keys, :confirm_within and :remember_for as options to devise method.
 
 All those options are described in "config/initializers/devise.rb", which is generated when you invoke `ruby script/generate devise_install` in your application root.
 

data/Rakefile

@@ -36,7 +36,7 @@ begin
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
     s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
-    s.add_dependency("warden", "~> 0.5.2")
+    s.add_dependency("warden", "~> 0.6.0")
   end
 
   Jeweler::GemcutterTasks.new

data/TODO

@@ -1,4 +1,3 @@
-* Allow authentication keys to be configured, so things like username and subdomain can be used
 * Devise::Timeoutable
 * Devise::TestHelper
 * Use request_ip in session cookies

data/generators/devise_install/templates/devise.rb

@@ -15,6 +15,13 @@ Devise.setup do |config|
   # should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
   # config.encryptor = :sha1
 
+  # Configure which keys are used when authenticating an user. By default is
+  # just :email. You can configure it to use [:username, :subdomain], so for
+  # authenticating an user, both parameters are required. Remember that those
+  # parameters are used only when authenticating and not when retrieving from
+  # session. If you need permissions, you should implement that in a before filter.
+  # config.authentication_keys = [ :email ]
+
   # The time you want give to your user to confirm his account. During this time
   # he will be able to access your application without confirming. Default is nil.
   # config.confirm_within = 2.days

data/lib/devise.rb

@@ -9,6 +9,7 @@ module Devise
   }.freeze
 
   STRATEGIES  = [:authenticatable].freeze
+  SERIALIZERS = [:authenticatable, :rememberable].freeze
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'].freeze
 
   # Maps the messages types that comes from warden to a flash type.
@@ -35,6 +36,10 @@ module Devise
   mattr_accessor :stretches
   @@stretches = 10
 
+  # Keys used when authenticating an user.
+  mattr_accessor :authentication_keys
+  @@authentication_keys = [ :email ]
+
   # Time interval where the remember me token is valid.
   mattr_accessor :remember_for
   @@remember_for = 2.weeks
@@ -104,8 +109,10 @@ module Devise
     # block.
     def configure_warden_manager(manager) #:nodoc:
       manager.default_strategies *Devise::STRATEGIES
+      manager.default_serializers *Devise::SERIALIZERS
       manager.failure_app = Devise::Failure
       manager.silence_missing_strategies!
+      manager.silence_missing_serializers!
 
       # If the user provided a warden hook, call it now.
       @warden_config.try :call, manager
@@ -118,5 +125,14 @@ module Devise
   end
 end
 
-require 'devise/warden'
+begin
+  require 'warden'
+rescue
+  gem 'warden'
+  require 'warden'
+end
+
+require 'devise/strategies/base'
+require 'devise/serializers/base'
+
 require 'devise/rails'

data/lib/devise/controllers/filters.rb

@@ -49,17 +49,45 @@ module Devise
         warden.authenticated?(scope)
       end
 
-      # Set the warden user with the scope, signing in the resource automatically,
-      # without running hooks.
-      def sign_in(scope, resource)
+      # Sign in an user that already was authenticated. This helper is useful for logging
+      # users in after sign up.
+      #
+      # Examples:
+      #
+      #   sign_in :user, @user # sign_in(scope, resource)
+      #   sign_in @user        # sign_in(resource)
+      #
+      def sign_in(resource_or_scope, resource=nil)
+        scope    ||= find_devise_scope(resource_or_scope)
+        resource ||= resource_or_scope
         warden.set_user(resource, :scope => scope)
       end
 
-      # Sign out based on scope.
-      def sign_out(scope, *args)
+      # Sign out a given user or scope. This helper is useful for signing out an user
+      # after deleting accounts.
+      #
+      # Examples:
+      #
+      #   sign_out :user     # sign_out(scope)
+      #   sign_out @user     # sign_out(resource)
+      #
+      def sign_out(resource_or_scope)
+        scope = find_devise_scope(resource_or_scope)
         warden.user(scope) # Without loading user here, before_logout hook is not called
         warden.raw_session.inspect # Without this inspect here. The session does not clear.
-        warden.logout(scope, *args)
+        warden.logout(scope)
+      end
+
+      # Returns and delete the url stored in the session for the given scope. Useful
+      # for giving redirect backs after sign up:
+      #
+      # Example:
+      #
+      #   redirect_to stored_location_for(:user) || root_path
+      #
+      def stored_location_for(resource_or_scope)
+        scope = find_devise_scope(resource_or_scope)
+        session.delete(:"#{scope}.return_to")
       end
 
       # Define authentication filters and accessor helpers based on mappings.
@@ -106,6 +134,16 @@ module Devise
         METHODS
       end
 
+      protected
+
+      def find_devise_scope(resource_or_scope)
+        if resource_or_scope.is_a?(Symbol)
+          resource_or_scope
+        else
+          Devise::Mapping.find_by_class!(resource_or_scope.class).name
+        end
+      end
+
     end
   end
 end

data/lib/devise/controllers/helpers.rb

@@ -45,18 +45,7 @@ module Devise
       # Redirects to stored uri before signing in or the default path and clear
       # return to.
       def redirect_back_or_to(default)
-        redirect_to(return_to || default)
-        clear_return_to
-      end
-
-      # Access to scoped stored uri
-      def return_to
-        session[:"#{resource_name}.return_to"]
-      end
-
-      # Clear scoped stored uri
-      def clear_return_to
-        session[:"#{resource_name}.return_to"] = nil
+        redirect_to(stored_location_for(resource_name) || default)
       end
 
       # Checks for the existence of the resource root path. If it exists,

data/lib/devise/mapping.rb

@@ -34,6 +34,18 @@ module Devise
       nil
     end
 
+    # Find a mapping by a given class. It takes into account single table inheritance as well.
+    def self.find_by_class(klass)
+      Devise.mappings.values.find { |m| return m if klass <= m.to }
+    end
+
+    # Find by class but raising an error in case it can't be found.
+    def self.find_by_class!(klass)
+      mapping = find_by_class(klass)
+      raise "Could not find a valid mapping for #{klass}" unless mapping
+      mapping
+    end
+
     # Default url options which can be used as prefix.
     def self.default_url_options
       {}

data/lib/devise/models.rb

@@ -16,28 +16,30 @@ module Devise
     # To add the class methods you need to have a module ClassMethods defined
     # inside the given class.
     #
-    def self.config(mod, accessor) #:nodoc:
-      mod.class_eval <<-METHOD, __FILE__, __LINE__
-        def #{accessor}
-          self.class.#{accessor}
-        end
-      METHOD
+    def self.config(mod, *accessors) #:nodoc:
+      accessors.each do |accessor|
+        mod.class_eval <<-METHOD, __FILE__, __LINE__
+          def #{accessor}
+            self.class.#{accessor}
+          end
+        METHOD
 
-      mod.const_get(:ClassMethods).class_eval <<-METHOD, __FILE__, __LINE__
-        def #{accessor}
-          if defined?(@#{accessor})
-            @#{accessor}
-          elsif superclass.respond_to?(:#{accessor})
-            superclass.#{accessor}
-          else
-            Devise.#{accessor}
+        mod.const_get(:ClassMethods).class_eval <<-METHOD, __FILE__, __LINE__
+          def #{accessor}
+            if defined?(@#{accessor})
+              @#{accessor}
+            elsif superclass.respond_to?(:#{accessor})
+              superclass.#{accessor}
+            else
+              Devise.#{accessor}
+            end
           end
-        end
 
-        def #{accessor}=(value)
-          @#{accessor} = value
-        end
-      METHOD
+          def #{accessor}=(value)
+            @#{accessor} = value
+          end
+        METHOD
+      end
     end
 
     # Shortcut method for including all devise modules inside your model.

data/lib/devise/models/authenticatable.rb

@@ -1,4 +1,5 @@
 require 'devise/strategies/authenticatable'
+require 'devise/serializers/authenticatable'
 
 module Devise
   module Models
@@ -18,6 +19,10 @@ module Devise
     #
     #   stretches: defines how many times the password will be encrypted.
     #
+    #   encryptor: the encryptor going to be used. By default :sha1.
+    #
+    #   authentication_keys: parameters used for authentication. By default [:email]
+    #
     # Examples:
     #
     #    User.authenticate('email@test.com', 'password123')  # returns authenticated user or nil
@@ -64,7 +69,9 @@ module Devise
         # authenticated user if it's valid or nil.
         # Attributes are :email and :password
         def authenticate(attributes={})
-          authenticatable = find_by_email(attributes[:email])
+          return unless authentication_keys.all? { |k| attributes[k].present? }
+          conditions = attributes.slice(*authentication_keys)
+          authenticatable = find(:first, :conditions => conditions)
           authenticatable if authenticatable.try(:valid_password?, attributes[:password])
         end
 
@@ -77,11 +84,21 @@ module Devise
           end
           perishable
         end
+
+        # Hook to serialize user into session. Overwrite if you want.
+        def serialize_into_session(record)
+          [record.class, record.id]
+        end
+
+        # Hook to serialize user from session. Overwrite if you want.
+        def serialize_from_session(keys)
+          klass, id = keys
+          raise "#{self} cannot serialize from #{klass} session since it's not its ancestors" unless klass <= self 
+          klass.find_by_id(id)
+        end
       end
 
-      Devise::Models.config(self, :pepper)
-      Devise::Models.config(self, :stretches)
-      Devise::Models.config(self, :encryptor)
+      Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
     end
   end
 end

data/lib/devise/models/rememberable.rb

@@ -1,6 +1,5 @@
 require 'digest/sha1'
-require 'devise/hooks/rememberable'
-require 'devise/middlewares/rememberable'
+require 'devise/serializers/rememberable'
 
 module Devise
   module Models

data/lib/devise/models/validatable.rb

@@ -12,14 +12,18 @@ module Devise
 
       def self.included(base)
         base.class_eval do
+          attribute = authentication_keys.first
 
-          validates_presence_of     :email
-          validates_uniqueness_of   :email, :allow_blank => true
-          validates_format_of       :email, :with => EMAIL_REGEX, :allow_blank => true
+          validates_presence_of   attribute
+          validates_uniqueness_of attribute, :allow_blank => true
+          validates_format_of     attribute, :with => EMAIL_REGEX, :allow_blank => true,
+                                              :scope => authentication_keys[1..-1]
 
-          validates_presence_of     :password, :if => :password_required?
-          validates_confirmation_of :password, :if => :password_required?
-          validates_length_of       :password, :within => 6..20, :allow_blank => true, :if => :password_required?
+          with_options :if => :password_required? do |v|
+            v.validates_presence_of     :password
+            v.validates_confirmation_of :password
+            v.validates_length_of       :password, :within => 6..20, :allow_blank => true
+          end
         end
       end
 

data/lib/devise/rails.rb

@@ -10,8 +10,5 @@ Rails.configuration.after_initialize do
     Devise.configure_warden_manager(manager)
   end
 
-  # If using a rememberable module, include the middleware that log users.
-  Rails.configuration.middleware.use Devise::Middlewares::Rememberable
-
   I18n.load_path.unshift File.expand_path(File.join(File.dirname(__FILE__), 'locales', 'en.yml'))
 end

data/lib/devise/rails/warden_compat.rb

@@ -9,10 +9,6 @@ module Warden::Mixins::Common
     end
   end
 
-  def raw_session
-    request.session
-  end
-
   def reset_session!
     raw_session.inspect # why do I have to inspect it to get it to clear?
     raw_session.clear

data/lib/devise/serializers/authenticatable.rb

@@ -0,0 +1,9 @@
+module Devise
+  module Serializers
+    class Authenticatable < Warden::Serializers::Session
+      include Devise::Serializers::Base
+    end
+  end
+end
+
+Warden::Serializers.add(:authenticatable, Devise::Serializers::Authenticatable)

data/lib/devise/serializers/base.rb

@@ -0,0 +1,41 @@
+module Devise
+  module Serializers
+    module Base
+      include Devise::Strategies::Base
+      attr_reader :scope
+
+      def serialize(record)
+        record.class.send(:"serialize_into_#{serialization_type}", record)
+      end
+
+      def deserialize(keys)
+        mapping.to.send(:"serialize_from_#{serialization_type}", keys)
+      end
+
+      def store(user, scope)
+        @scope = scope
+        return unless valid?
+        super
+      end
+
+      def fetch(scope)
+        @scope = scope
+        return unless valid?
+        super
+      end
+
+      def delete(scope, user=nil)
+        @scope = scope
+        return unless valid?
+        super
+      end
+
+      def serialization_type
+        @serialization_type ||= begin
+          warden = self.class.ancestors.find{ |k| k < Warden::Serializers::Base && k != self.class }
+          warden.name.split("::").last.underscore
+        end
+      end
+    end
+  end
+end

data/lib/devise/serializers/rememberable.rb

@@ -0,0 +1,26 @@
+module Devise
+  module Serializers
+    class Rememberable < Warden::Serializers::Cookie
+      include Devise::Serializers::Base
+
+      def store(record, scope)
+        remember_me = params[scope].try(:fetch, :remember_me, nil)
+        if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!)
+          record.remember_me!
+          super
+        end
+      end
+      
+      def default_options(record)
+        super.merge!(:expires => record.remember_expires_at)
+      end
+
+      def delete(scope, record=nil)
+        record.forget_me! if record && record.respond_to?(:forget_me!)
+        super
+      end
+    end
+  end
+end
+
+Warden::Serializers.add(:rememberable, Devise::Serializers::Rememberable)

data/lib/devise/strategies/authenticatable.rb

@@ -2,7 +2,8 @@ module Devise
   module Strategies
     # Default strategy for signing in a user, based on his email and password.
     # Redirects to sign_in page if it's not authenticated
-    class Authenticatable < Devise::Strategies::Base
+    class Authenticatable < Warden::Strategies::Base
+      include Devise::Strategies::Base
 
       # Authenticate a user based on email and password params, returning to warden
       # success and the authenticated user if everything is okay. Otherwise redirect
@@ -12,7 +13,7 @@ module Devise
       # The first does not perform any action when calling authenticate, just
       # when authenticate! is invoked. The second always perform the action.
       def authenticate!
-        if valid_attributes? && resource = mapping.to.authenticate(attributes)
+        if valid_attributes? && resource = mapping.to.authenticate(params[scope])
           success!(resource)
         else
           store_location
@@ -22,14 +23,9 @@ module Devise
 
       private
 
-        # Find the attributes for the current mapping.
-        def attributes
-          @attributes ||= params[scope]
-        end
-
-        # Check for the right keys.
+        # Check if params and password are given. Others are checked inside authenticate.
         def valid_attributes?
-          attributes && attributes[:email].present? && attributes[:password].present?
+          params[scope] && params[scope][:password].present?
         end
 
         # Stores requested uri to redirect the user after signing in. We cannot use

data/lib/devise/strategies/base.rb

@@ -1,23 +1,22 @@
 module Devise
   module Strategies
-    # Base strategy for Devise. Responsible for verifying correct scope and
-    # mapping.
-    class Base < Warden::Strategies::Base
-
+    # Base strategy for Devise. Responsible for verifying correct scope and mapping.
+    module Base
       # Validate strategy. By default will raise an error if no scope or an
       # invalid mapping is found.
       def valid?
-        mapping.for.include?(self.class.name.split("::").last.underscore.to_sym)
+        mapping.for.include?(klass_type)
       end
 
       # Checks if a valid scope was given for devise and find mapping based on
       # this scope.
       def mapping
-        @mapping ||= begin
-          raise "You need to give a scope for Devise authentication" unless scope
-          raise "You need to give a valid Devise mapping"            unless mapping = Devise.mappings[scope]
-          mapping
-        end
+        Devise.mappings[scope]
+      end
+
+      # Store this class type.
+      def klass_type
+        @klass_type ||= self.class.name.split("::").last.underscore.to_sym
       end
     end
   end

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.5.0".freeze
+  VERSION = "0.5.1".freeze
 end

data/test/controllers/filters_test.rb

@@ -14,11 +14,13 @@ class MockController < ApplicationController
 end
 
 class ControllerAuthenticableTest < ActionController::TestCase
+  tests MockController
 
   def setup
     @controller = MockController.new
     @mock_warden = OpenStruct.new
     @controller.env = { 'warden' => @mock_warden }
+    @controller.session = {}
   end
 
   test 'setup warden' do
@@ -47,12 +49,6 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.current_user
   end
 
-  test 'proxy logout to warden' do
-    @mock_warden.expects(:user).with(:user).returns(true)
-    @mock_warden.expects(:logout).with(:user).returns(true)
-    @controller.sign_out(:user)
-  end
-
   test 'proxy user_authenticate! to authenticate with user scope' do
     @mock_warden.expects(:authenticate!).with(:scope => :user)
     @controller.authenticate_user!
@@ -83,11 +79,48 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.admin_session
   end
 
-  test 'sign in automatically proxy to set user on warden' do
-    @mock_warden.expects(:set_user).with(user = mock, :scope => :user).returns(true)
+  test 'sign in proxy to set_user on warden' do
+    user = User.new
+    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
     @controller.sign_in(:user, user)
   end
 
+  test 'sign in accepts a resource as argument' do
+    user = User.new
+    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @controller.sign_in(user)
+  end
+
+  test 'sign out proxy to logout on warden' do
+    @mock_warden.expects(:user).with(:user).returns(true)
+    @mock_warden.expects(:logout).with(:user).returns(true)
+    @controller.sign_out(:user)
+  end
+
+  test 'sign out accepts a resource as argument' do
+    @mock_warden.expects(:user).with(:user).returns(true)
+    @mock_warden.expects(:logout).with(:user).returns(true)
+    @controller.sign_out(User.new)
+  end
+
+  test 'stored location for returns the location for a given scope' do
+    assert_nil @controller.stored_location_for(:user)
+    @controller.session[:"user.return_to"] = "/foo.bar"
+    assert_equal "/foo.bar", @controller.stored_location_for(:user)
+  end
+
+  test 'stored location for accepts a resource as argument' do
+    assert_nil @controller.stored_location_for(:user)
+    @controller.session[:"user.return_to"] = "/foo.bar"
+    assert_equal "/foo.bar", @controller.stored_location_for(User.new)
+  end
+
+  test 'stored location cleans information after reading' do
+    @controller.session[:"user.return_to"] = "/foo.bar"
+    assert_equal "/foo.bar", @controller.stored_location_for(:user)
+    assert_nil @controller.session[:"user.return_to"]
+  end
+
   test 'is not a devise controller' do
     assert_not @controller.devise_controller?
   end

data/test/devise_test.rb

@@ -15,6 +15,10 @@ class DeviseTest < ActiveSupport::TestCase
       @silence_missing_strategies = true
     end
 
+    def silence_missing_serializers!
+      @silence_missing_serializers = true
+    end
+
     def default_strategies(*args)
       if args.empty?
         @default_strategies
@@ -22,6 +26,14 @@ class DeviseTest < ActiveSupport::TestCase
         @default_strategies = args
       end
     end
+
+    def default_serializers(*args)
+      if args.empty?
+        @default_serializers
+      else
+        @default_serializers = args
+      end
+    end
   end
 
   test 'DeviseMailer.sender can be configured through Devise' do

data/test/integration/authenticatable_test.rb

@@ -76,6 +76,13 @@ class AuthenticationTest < ActionController::IntegrationTest
     assert_contain 'Welcome Admin'
   end
 
+  test 'sign in as user should not authenticate if not using proper authentication keys' do
+    swap Devise, :authentication_keys => [:username] do
+      sign_in_as_user
+      assert_not warden.authenticated?(:user)
+    end
+  end
+
   test 'admin signing in with invalid email should return to sign in form with error message' do
     sign_in_as_admin do
       fill_in 'email', :with => 'wrongemail@test.com'

data/test/integration/rememberable_test.rb

@@ -6,7 +6,7 @@ class RememberMeTest < ActionController::IntegrationTest
     Devise.remember_for = 1
     user = create_user
     user.remember_me!
-    cookies['remember_user_token'] = User.serialize_into_cookie(user) + add_to_token
+    cookies['warden.user.user.key'] = User.serialize_into_cookie(user) + add_to_token
     user
   end
 

data/test/mapping_test.rb

@@ -30,15 +30,31 @@ class MappingTest < ActiveSupport::TestCase
     assert_not mapping.allows?(:passwords)
   end
 
-  test 'return mapping by path' do
+  test 'find mapping by path' do
     assert_nil   Devise::Mapping.find_by_path("/foo/bar")
     assert_equal Devise.mappings[:user], Devise::Mapping.find_by_path("/users/session")
   end
 
-  test 'return mapping by customized path' do
+  test 'find mapping by customized path' do
     assert_equal Devise.mappings[:admin], Devise::Mapping.find_by_path("/admin_area/session")
   end
 
+  test 'find mapping by class' do
+    assert_nil Devise::Mapping.find_by_class(String)
+    assert_equal Devise.mappings[:user], Devise::Mapping.find_by_class(User)
+  end
+
+  test 'find mapping by class works with single table inheritance' do
+    klass = Class.new(User)
+    assert_equal Devise.mappings[:user], Devise::Mapping.find_by_class(klass)
+  end
+
+  test 'find mapping raises an error for invalid class' do
+    assert_raise RuntimeError do
+      Devise::Mapping.find_by_class!(String)
+    end
+  end
+
   test 'return default path names' do
     mapping = Devise.mappings[:user]
     assert_equal 'sign_in', mapping.path_names[:sign_in]

data/test/models/authenticatable_test.rb

@@ -127,4 +127,35 @@ class AuthenticatableTest < ActiveSupport::TestCase
     authenticated_user = User.authenticate(:email => user.email, :password => 'another_password')
     assert_nil authenticated_user
   end
+
+  test 'should use authentication keys to retrieve users' do
+    swap Devise, :authentication_keys => [:username] do
+      user = create_user(:username => "josevalim")
+      assert_nil User.authenticate(:email => user.email, :password => user.password)
+      assert_not_nil User.authenticate(:username => user.username, :password => user.password)
+    end
+  end
+
+  test 'should serialize user into session' do
+    user = create_user
+    assert_equal [User, user.id], User.serialize_into_session(user)
+  end
+
+  test 'should serialize user from session' do
+    user = create_user
+    assert_equal user.id, User.serialize_from_session([User, user.id]).id
+  end
+
+  test 'should not serialize another klass from session' do
+    user = create_user
+    assert_raise RuntimeError, /ancestors/ do
+      User.serialize_from_session([Admin, user.id])
+    end
+  end
+
+  test 'should serialize another klass from session' do
+    user = create_user
+    klass = Class.new(User)
+    assert_equal user.id, User.serialize_from_session([klass, user.id]).id
+  end
 end

data/test/test_helper.rb

@@ -18,6 +18,7 @@ ActiveRecord::Schema.define(:version => 1) do
   [:users, :admins].each do |table|
     create_table table do |t|
       t.authenticatable :null => table == :admins
+      t.string :username if table == :users
 
       if table == :users
         t.confirmable

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: devise
 version: !ruby/object:Gem::Version 
-  version: 0.5.0
+  version: 0.5.1
 platform: ruby
 authors: 
 - "Jos\xC3\xA9 Valim"
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-11-13 00:00:00 -02:00
+date: 2009-11-15 00:00:00 -02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -21,7 +21,7 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 0.5.2
+        version: 0.6.0
     version: 
 description: Flexible authentication solution for Rails with Warden
 email: contact@plataformatec.com.br
@@ -70,10 +70,8 @@ files:
 - lib/devise/encryptors/sha512.rb
 - lib/devise/failure.rb
 - lib/devise/hooks/confirmable.rb
-- lib/devise/hooks/rememberable.rb
 - lib/devise/locales/en.yml
 - lib/devise/mapping.rb
-- lib/devise/middlewares/rememberable.rb
 - lib/devise/models.rb
 - lib/devise/models/authenticatable.rb
 - lib/devise/models/confirmable.rb
@@ -86,10 +84,12 @@ files:
 - lib/devise/rails/routes.rb
 - lib/devise/rails/warden_compat.rb
 - lib/devise/schema.rb
+- lib/devise/serializers/authenticatable.rb
+- lib/devise/serializers/base.rb
+- lib/devise/serializers/rememberable.rb
 - lib/devise/strategies/authenticatable.rb
 - lib/devise/strategies/base.rb
 - lib/devise/version.rb
-- lib/devise/warden.rb
 has_rdoc: true
 homepage: http://github.com/plataformatec/devise
 licenses: []

data/lib/devise/hooks/rememberable.rb

@@ -1,29 +0,0 @@
-# After authenticate hook to verify if the user in the given scope asked to be
-# remembered while he does not sign out. Generates a new remember token for
-# that specific user and adds a cookie with this user info to sign in this user
-# automatically without asking for credentials. Refer to rememberable strategy
-# for more info.
-Warden::Manager.after_authentication do |record, warden, options|
-  scope = options[:scope]
-  remember_me = warden.params[scope].try(:fetch, :remember_me, nil)
-
-  if Devise::TRUE_VALUES.include?(remember_me) && record.respond_to?(:remember_me!)
-    record.remember_me!
-
-    warden.response.set_cookie "remember_#{scope}_token", {
-      :value => record.class.serialize_into_cookie(record),
-      :expires => record.remember_expires_at,
-      :path => "/"
-    }
-  end
-end
-
-# Before logout hook to forget the user in the given scope, only if rememberable
-# is activated for this scope. Also clear remember token to ensure the user
-# won't be remembered again.
-Warden::Manager.before_logout do |record, warden, scope|
-  if record.respond_to?(:forget_me!)
-    record.forget_me!
-    warden.response.delete_cookie "remember_#{scope}_token"
-  end
-end

data/lib/devise/middlewares/rememberable.rb

@@ -1,35 +0,0 @@
-module Devise
-  module Middlewares
-    class Rememberable
-      def initialize(app)
-        @app = app
-      end
-
-      def call(env)
-        auth = env['warden']
-        scopes = select_cookies(auth.request)
-        scopes.each do |scope, token|
-          mapping = Devise.mappings[scope]
-          next unless mapping && mapping.for.include?(:rememberable)
-          user = mapping.to.serialize_from_cookie(token)
-          auth.set_user(user, :scope => scope) if user
-        end
-
-        @app.call(env)
-      end
-
-      protected
-
-        def select_cookies(request)
-          scopes = {}
-          matching = /remember_(#{Devise.mappings.keys.join("|")})_token/
-          request.cookies.each do |key, value|
-            if key.to_s =~ matching
-              scopes[$1.to_sym] = value
-            end
-          end
-          scopes
-        end
-    end
-  end
-end

data/lib/devise/warden.rb

@@ -1,20 +0,0 @@
-begin
-  require 'warden'
-rescue
-  gem 'warden'
-  require 'warden'
-end
-
-# Session Serialization in. This block determines how the user will be stored
-# in the session. If you're using a complex object like an ActiveRecord model,
-# it is not a good idea to store the complete object. An ID is sufficient.
-Warden::Manager.serialize_into_session{ |user| [user.class, user.id] }
-
-# Session Serialization out. This block gets the user out of the session.
-# It should be the reverse of serializing the object into the session
-Warden::Manager.serialize_from_session do |klass, id|
-  klass.find_by_id(id)
-end
-
-# Setup devise strategies for Warden
-require 'devise/strategies/base'