devise 0.5.3 → 0.5.4

data/CHANGELOG.rdoc

@@ -1,3 +1,15 @@
+== 0.5.4
+
+* deprecations
+  * Deprecate :singular in devise_for and use :scope instead
+
+* enhancements
+  * [#37] Create after_sign_in_path_for and after_sign_out_path_for hooks to be
+    overwriten in ApplicationController
+  * Create sign_in_and_redirect and sign_out_and_redirect helpers
+  * Warden::Manager.default_scope is automatically configured to the first given scope
+  * Allow overwriting find for authentication method
+
 == 0.5.3
 
 * bug fix
@@ -48,7 +60,7 @@
   * skip_before_filter added in Devise controllers
   * Use home_or_root_path on require_no_authentication as well
   * Added devise_controller?, useful to select or reject filters in ApplicationController
-  * Allow :path_prefix to be given to devise_for 
+  * Allow :path_prefix to be given to devise_for
   * Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported)
 
 == 0.4.1

data/README.rdoc

@@ -103,33 +103,15 @@ The next step after setting up your model is to configure your routes for devise
 
   map.devise_for :users
 
-This is going to look inside you User model and create the needed routes:
+This is going to look inside you User model and create a set of needed routes (you can see them by running `rake routes`).
 
-  # Session routes for Authenticatable (default)
-       new_user_session GET  /users/sign_in                    {:controller=>"sessions", :action=>"new"}
-           user_session POST /users/sign_in                    {:controller=>"sessions", :action=>"create"}
-   destroy_user_session GET  /users/sign_out                   {:controller=>"sessions", :action=>"destroy"}
-
-  # Password routes for Recoverable, if User model has :recoverable configured
-      new_user_password GET  /users/password/new(.:format)     {:controller=>"passwords", :action=>"new"}
-     edit_user_password GET  /users/password/edit(.:format)    {:controller=>"passwords", :action=>"edit"}
-          user_password PUT  /users/password(.:format)         {:controller=>"passwords", :action=>"update"}
-                        POST /users/password(.:format)         {:controller=>"passwords", :action=>"create"}
-
-  # Confirmation routes for Confirmable, if User model has :confirmable configured
-  new_user_confirmation GET  /users/confirmation/new(.:format) {:controller=>"confirmations", :action=>"new"}
-      user_confirmation GET  /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"show"}
-                        POST /users/confirmation(.:format)     {:controller=>"confirmations", :action=>"create"}
-
-You can run the routes rake task to verify what routes are being created by devise.
-
-There are also some options available for configuring your routes, as :class_name (to set the class for that route), :as and :path_names, where the last two have the same meaning as in routes. The available :path_names are:
+There are also some options available for configuring your routes, as :class_name (to set the class for that route), :as and :path_names, where the last two have the same meaning as in common routes. The available :path_names are:
 
   map.devise_for :users, :as => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' }
 
 Be sure to check devise_for documentation for detailed description.
 
-== Controller filters
+== Controller filters and helpers
 
 Devise is gonna create some helpers to use inside your controllers and views. To setup a controller that needs user authentication, just add this before_filter:
 
@@ -151,7 +133,9 @@ After signing in a user, confirming it's account or updating it's password, devi
 
   map.root :controller => 'home'
 
-You also need to setup default url options for the mailer, if you are using confirmable or recoverable. Here's is the configuration for development:
+You can also overwrite after_sign_in_path_for and after_sign_out_path_for to customize better your redirect hooks.
+
+Finally, if you are using confirmable or recoverable, you also need to setup default url options for the mailer. Here's is the configuration for development:
 
   DeviseMailer.sender = "no-reply@yourapp.com"
   config.action_mailer.default_url_options = { :host => 'localhost:3000' }

data/Rakefile

@@ -36,7 +36,7 @@ begin
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
     s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
-    s.add_dependency("warden", "~> 0.6.1")
+    s.add_dependency("warden", "~> 0.6.3")
   end
 
   Jeweler::GemcutterTasks.new

data/app/controllers/confirmations_controller.rb

@@ -23,9 +23,8 @@ class ConfirmationsController < ApplicationController
     self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
 
     if resource.errors.empty?
-      sign_in(resource_name, resource)
       set_flash_message :success, :confirmed
-      redirect_to home_or_root_path
+      sign_in_and_redirect(resource_name, resource)
     else
       render :new
     end

data/app/controllers/passwords_controller.rb

@@ -31,9 +31,8 @@ class PasswordsController < ApplicationController
     self.resource = resource_class.reset_password!(params[resource_name])
 
     if resource.errors.empty?
-      sign_in(resource_name, resource)
       set_flash_message :success, :updated
-      redirect_to home_or_root_path
+      sign_in_and_redirect(resource_name, resource)
     else
       render :edit
     end

data/app/controllers/sessions_controller.rb

@@ -15,7 +15,7 @@ class SessionsController < ApplicationController
   def create
     if authenticate(resource_name)
       set_flash_message :success, :signed_in
-      redirect_back_or_to home_or_root_path
+      sign_in_and_redirect(resource_name)
     else
       set_now_flash_message :failure, warden.message || :invalid
       build_resource
@@ -26,8 +26,7 @@ class SessionsController < ApplicationController
   # GET /resource/sign_out
   def destroy
     set_flash_message :success, :signed_out if signed_in?(resource_name)
-    sign_out(resource_name)
-    redirect_to root_path
+    sign_out_and_redirect(resource_name)
   end
 
 end

data/lib/devise.rb

@@ -138,6 +138,9 @@ rescue
   require 'warden'
 end
 
+# Set the default_scope to nil, so it's overwritten when the first route is declared.
+Warden::Manager.default_scope = nil
+
 require 'devise/strategies/base'
 require 'devise/serializers/base'
 

data/lib/devise/controllers/filters.rb

@@ -90,6 +90,53 @@ module Devise
         session.delete(:"#{scope}.return_to")
       end
 
+      # The default url to be used after signing in. This is used by all Devise
+      # controllers and you can overwrite it in your ApplicationController to
+      # provide a custom hook for a custom resource.
+      #
+      # By default, it first tries to find a resource_root_path, otherwise it
+      # uses the root path. For a user scope, you can define the default url in
+      # the following way:
+      #
+      #   map.user_root '/users', :controller => 'users' # creates user_root_path
+      #
+      #   map.resources :users do |users|
+      #     users.root # creates user_root_path
+      #   end
+      #
+      # If none of these are defined, root_path is used.
+      def after_sign_in_path_for(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        home_path = :"#{scope}_root_path"
+        respond_to?(home_path, true) ? send(home_path) : root_path
+      end
+
+      # The default to be used after signing out. This is used by all Devise
+      # controllers and you can overwrite it in your ApplicationController to
+      # provide a custom hook for a custom resource.
+      #
+      # By default is the root_path.
+      def after_sign_out_path_for(resource_or_scope)
+        root_path
+      end
+
+      # Sign in an user and tries to redirect first to the stored location and
+      # then to the url specified by after_sign_in_path_for.
+      #
+      # If just a symbol is given, consider that the user was already signed in
+      # through other means and just perform the redirection.
+      def sign_in_and_redirect(*args)
+        sign_in(*args) unless args.one? && args.first.is_a?(Symbol)
+        redirect_to stored_location_for(args.first) || after_sign_in_path_for(args.first)
+      end
+
+      # Sign out an user and tries to redirect to the url specified by
+      # after_sign_out_path_for.
+      def sign_out_and_redirect(resource_or_scope)
+        sign_out(resource_or_scope)
+        redirect_to after_sign_out_path_for(resource_or_scope)
+      end
+
       # Define authentication filters and accessor helpers based on mappings.
       # These filters should be used inside the controllers as before_filters,
       # so you can control the scope of the user who should be signed in to

data/lib/devise/controllers/helpers.rb

@@ -9,8 +9,8 @@ module Devise
         base.class_eval do
           unloadable
 
-          helper_method :resource, :resource_name, :resource_class, :devise_mapping, :devise_controller?
-          hide_action   :resource, :resource_name, :resource_class, :devise_mapping, :devise_controller?
+          helper_method :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
+          hide_action   :resource, :scope_name, :resource_name, :resource_class, :devise_mapping, :devise_controller?
 
           skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
           before_filter :is_devise_resource?
@@ -26,6 +26,7 @@ module Devise
       def resource_name
         devise_mapping.name
       end
+      alias :scope_name :resource_name
 
       # Proxy to devise map class
       def resource_class
@@ -44,27 +45,6 @@ module Devise
 
     protected
 
-      # Redirects to stored uri before signing in or the default path and clear
-      # return to.
-      def redirect_back_or_to(default)
-        redirect_to(stored_location_for(resource_name) || default)
-      end
-
-      # Checks for the existence of the resource root path. If it exists,
-      # returns it, otherwise returns the default root_path.
-      # Used after authenticating a user, confirming it's account or updating
-      # it's password, so we are able to redirect to scoped root paths.
-      # Examples (for a user scope):
-      #   map.user_root '/users', :controller => 'users' # creates user_root_path
-      #
-      #   map.namespace :users do |users|
-      #     users.root # creates user_root_path
-      #   end
-      def home_or_root_path
-        home_path = :"#{resource_name}_root_path"
-        respond_to?(home_path, true) ? send(home_path) : root_path
-      end
-
       # Checks whether it's a devise mapped resource or not.
       def is_devise_resource? #:nodoc:
         raise ActionController::UnknownAction unless devise_mapping && devise_mapping.allows?(controller_name)
@@ -88,7 +68,7 @@ module Devise
       # Example:
       #   before_filter :require_no_authentication, :only => :new
       def require_no_authentication
-        redirect_to home_or_root_path if warden.authenticated?(resource_name)
+        redirect_to after_sign_in_path_for(resource_name) if warden.authenticated?(resource_name)
       end
 
       # Sets the flash message with :key, using I18n. By default you are able

data/lib/devise/mapping.rb

@@ -60,7 +60,7 @@ module Devise
     def initialize(name, options) #:nodoc:
       @as    = (options.delete(:as) || name).to_sym
       @klass = (options.delete(:class_name) || name.to_s.classify).to_s
-      @name  = (options.delete(:singular) || name.to_s.singularize).to_sym
+      @name  = (options.delete(:scope) || name.to_s.singularize).to_sym
       @path_names  = options.delete(:path_names) || {}
       @path_prefix = options.delete(:path_prefix) || ""
       @path_prefix << "/" unless @path_prefix[-1] == ?/

data/lib/devise/models/authenticatable.rb

@@ -60,16 +60,30 @@ module Devise
         end
 
       module ClassMethods
-        # Authenticate a user based on email and password. Returns the
-        # authenticated user if it's valid or nil.
-        # Attributes are :email and :password
+        # Authenticate a user based on configured attribute keys. Returns the
+        # authenticated user if it's valid or nil. Attributes are by default
+        # :email and :password, the latter is always required.
         def authenticate(attributes={})
           return unless authentication_keys.all? { |k| attributes[k].present? }
           conditions = attributes.slice(*authentication_keys)
-          authenticatable = find(:first, :conditions => conditions)
+          authenticatable = find_for_authentication(conditions)
           authenticatable if authenticatable.try(:valid_password?, attributes[:password])
         end
 
+        # Find first record based on conditions given (ie by the sign in form).
+        # Overwrite to add customized conditions, create a join, or maybe use a
+        # namedscope to filter records while authenticating.
+        # Example:
+        #
+        #   def self.find_for_authentication(conditions={})
+        #     conditions[:active] = true
+        #     find(:first, :conditions => conditions)
+        #   end
+        #
+        def find_for_authentication(conditions)
+          find(:first, :conditions => conditions)
+        end
+
         # Attempt to find a user by it's email. If not user is found, returns a
         # new user with an email not found error.
         def find_or_initialize_with_error_by_email(email)
@@ -88,7 +102,7 @@ module Devise
         # Hook to serialize user from session. Overwrite if you want.
         def serialize_from_session(keys)
           klass, id = keys
-          raise "#{self} cannot serialize from #{klass} session since it's not its ancestors" unless klass <= self 
+          raise "#{self} cannot serialize from #{klass} session since it's not its ancestors" unless klass <= self
           klass.find_by_id(id)
         end
       end

data/lib/devise/rails/routes.rb

@@ -52,9 +52,9 @@ module ActionController::Routing
       #
       #    map.devise_for :users, :as => 'accounts'
       #
-      #  * :singular => setup the name used to create named routes. By default, for a :users key, it is going to be the singularized version, :user. To configure a named route like account_session_path instead of user_session_path just do:
+      #  * :scope => setup the scope name. This is used as the instance variable name in controller, as the name in routes and the scope given to warden. Defaults to the singular of the given name:
       #
-      #    map.devise_for :users, :singular => :account
+      #    map.devise_for :users, :scope => :account
       #
       #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :password and :confirmation.
       #
@@ -77,9 +77,15 @@ module ActionController::Routing
       def devise_for(*resources)
         options = resources.extract_options!
 
+        if singular = options.delete(:singular)
+          ActiveSupport::Deprecation.warn ":singular is deprecated in devise_for, use :scope instead."
+          options[:scope] = singular
+        end
+
         resources.map!(&:to_sym)
         resources.each do |resource|
           mapping = Devise::Mapping.new(resource, options.dup)
+          Warden::Manager.default_scope ||= mapping.name
           Devise.mappings[mapping.name] = mapping
 
           route_options = mapping.route_options.merge(:path_prefix => mapping.raw_path, :name_prefix => "#{mapping.name}_")

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.5.3".freeze
+  VERSION = "0.5.4".freeze
 end

data/test/controllers/filters_test.rb

@@ -121,6 +121,42 @@ class ControllerAuthenticableTest < ActionController::TestCase
     assert_nil @controller.session[:"user.return_to"]
   end
 
+  test 'after sign in path defaults to root path if none by was specified for the given scope' do
+    assert_equal root_path, @controller.after_sign_in_path_for(:user)
+  end
+
+  test 'after sign in path defaults to the scoped root path' do
+    assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
+  end
+
+  test 'after sign out path defaults to the root path' do
+    assert_equal root_path, @controller.after_sign_out_path_for(:admin)
+    assert_equal root_path, @controller.after_sign_out_path_for(:user)
+  end
+
+  test 'sign in and redirect uses the stored location' do
+    user = User.new
+    @controller.session[:"user.return_to"] = "/foo.bar"
+    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @controller.expects(:redirect_to).with("/foo.bar")
+    @controller.sign_in_and_redirect(user)
+  end
+
+  test 'sign in and redirect uses the configured after sign in path' do
+    admin = Admin.new
+    @mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
+    @controller.expects(:redirect_to).with(admin_root_path)
+    @controller.sign_in_and_redirect(admin)
+  end
+
+  test 'sign out and redirect uses the configured after sign out path' do
+    @mock_warden.expects(:user).with(:admin).returns(true)
+    @mock_warden.expects(:logout).with(:admin).returns(true)
+    @controller.expects(:redirect_to).with(admin_root_path)
+    @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
+    @controller.sign_out_and_redirect(:admin)
+  end
+
   test 'is not a devise controller' do
     assert_not @controller.devise_controller?
   end

data/test/devise_test.rb

@@ -66,6 +66,10 @@ class DeviseTest < ActiveSupport::TestCase
     assert manager.silence_missing_strategies
   end
 
+  test 'warden default scope is set' do
+    assert_equal :user, Warden::Manager.default_scope
+  end
+
   test 'warden manager user configuration through a block' do
     begin
       @executed = false

data/test/models/authenticatable_test.rb

@@ -92,9 +92,9 @@ class AuthenticatableTest < ActiveSupport::TestCase
       Devise.stretches = default_stretches
     end
   end
-  
+
   test 'should respect encryptor configuration' do
-    begin 
+    begin
       Devise.encryptor = ::Devise::Encryptors::Sha512
       user = create_user
       assert_equal user.encrypted_password, encrypt_password(user, User.pepper, User.stretches, ::Devise::Encryptors::Sha512)
@@ -136,6 +136,16 @@ class AuthenticatableTest < ActiveSupport::TestCase
     end
   end
 
+  test 'should allow overwriting find for authentication conditions' do
+    admin = Admin.create!(valid_attributes)
+    assert_not_nil Admin.authenticate(:email => admin.email, :password => admin.password)
+  end
+
+  test 'should never authenticate an account' do
+    account = Account.create!(valid_attributes)
+    assert_nil Account.authenticate(:email => account.email, :password => account.password)
+  end
+
   test 'should serialize user into session' do
     user = create_user
     assert_equal [User, user.id], User.serialize_into_session(user)

data/test/rails_app/app/models/account.rb

@@ -1,3 +1,7 @@
 class Account < ActiveRecord::Base
   devise :all
+
+  def self.find_for_authentication(conditions)
+    nil
+  end
 end

data/test/rails_app/app/models/admin.rb

@@ -1,3 +1,7 @@
 class Admin < ActiveRecord::Base
   devise :all, :except => [:recoverable, :confirmable, :rememberable, :validatable]
+
+  def self.find_for_authentication(conditions)
+    last(:conditions => conditions)
+  end
 end

data/test/rails_app/config/routes.rb

@@ -4,7 +4,7 @@ ActionController::Routing::Routes.draw do |map|
   map.devise_for :account, :path_names => {
     :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification'
   }
-  map.devise_for :organizers, :singular => 'manager',
+  map.devise_for :organizers, :scope => 'manager',
                               :path_prefix => '/:locale',
                               :requirements => { :extra => 'value' }
 

data/test/test_helper.rb

@@ -15,12 +15,12 @@ ActiveRecord::Base.logger = Logger.new(nil)
 ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
 
 ActiveRecord::Schema.define(:version => 1) do
-  [:users, :admins].each do |table|
+  [:users, :admins, :accounts].each do |table|
     create_table table do |t|
       t.authenticatable :null => table == :admins
-      t.string :username if table == :users
 
-      if table == :users
+      if table != :admin
+        t.string :username
         t.confirmable
         t.recoverable
         t.rememberable

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: devise
 version: !ruby/object:Gem::Version 
-  version: 0.5.3
+  version: 0.5.4
 platform: ruby
 authors: 
 - "Jos\xC3\xA9 Valim"
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-11-18 00:00:00 -02:00
+date: 2009-11-19 00:00:00 -02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -21,7 +21,7 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 0.6.1
+        version: 0.6.3
     version: 
 description: Flexible authentication solution for Rails with Warden
 email: contact@plataformatec.com.br
@@ -120,45 +120,45 @@ signing_key:
 specification_version: 3
 summary: Flexible authentication solution for Rails with Warden
 test_files: 
-- test/rails_app/config/boot.rb
-- test/rails_app/config/routes.rb
-- test/rails_app/config/environments/development.rb
-- test/rails_app/config/environments/production.rb
-- test/rails_app/config/environments/test.rb
-- test/rails_app/config/environment.rb
-- test/rails_app/config/initializers/session_store.rb
-- test/rails_app/config/initializers/new_rails_defaults.rb
-- test/rails_app/app/controllers/users_controller.rb
-- test/rails_app/app/controllers/application_controller.rb
-- test/rails_app/app/controllers/admins_controller.rb
-- test/rails_app/app/controllers/home_controller.rb
-- test/rails_app/app/helpers/application_helper.rb
-- test/rails_app/app/models/admin.rb
-- test/rails_app/app/models/organizer.rb
-- test/rails_app/app/models/account.rb
-- test/rails_app/app/models/user.rb
-- test/controllers/url_helpers_test.rb
-- test/controllers/helpers_test.rb
 - test/controllers/filters_test.rb
-- test/models_test.rb
-- test/integration/authenticatable_test.rb
-- test/integration/rememberable_test.rb
-- test/integration/recoverable_test.rb
-- test/integration/confirmable_test.rb
-- test/mailers/confirmation_instructions_test.rb
-- test/mailers/reset_password_instructions_test.rb
-- test/models/authenticatable_test.rb
-- test/models/rememberable_test.rb
-- test/models/recoverable_test.rb
+- test/controllers/helpers_test.rb
+- test/controllers/url_helpers_test.rb
 - test/models/validatable_test.rb
+- test/models/rememberable_test.rb
 - test/models/confirmable_test.rb
+- test/models/recoverable_test.rb
+- test/models/authenticatable_test.rb
+- test/integration/rememberable_test.rb
+- test/integration/confirmable_test.rb
+- test/integration/recoverable_test.rb
+- test/integration/authenticatable_test.rb
+- test/test_helper.rb
+- test/test_helpers_test.rb
 - test/encryptors_test.rb
+- test/mailers/reset_password_instructions_test.rb
+- test/mailers/confirmation_instructions_test.rb
+- test/routes_test.rb
+- test/devise_test.rb
+- test/failure_app_test.rb
+- test/rails_app/app/controllers/admins_controller.rb
+- test/rails_app/app/controllers/home_controller.rb
+- test/rails_app/app/controllers/users_controller.rb
+- test/rails_app/app/controllers/application_controller.rb
+- test/rails_app/app/models/account.rb
+- test/rails_app/app/models/user.rb
+- test/rails_app/app/models/admin.rb
+- test/rails_app/app/models/organizer.rb
+- test/rails_app/app/helpers/application_helper.rb
+- test/rails_app/config/boot.rb
+- test/rails_app/config/environments/production.rb
+- test/rails_app/config/environments/development.rb
+- test/rails_app/config/environments/test.rb
+- test/rails_app/config/initializers/new_rails_defaults.rb
+- test/rails_app/config/initializers/session_store.rb
+- test/rails_app/config/routes.rb
+- test/rails_app/config/environment.rb
+- test/mapping_test.rb
 - test/support/model_tests_helper.rb
 - test/support/assertions_helper.rb
 - test/support/integration_tests_helper.rb
-- test/failure_app_test.rb
-- test/devise_test.rb
-- test/routes_test.rb
-- test/test_helper.rb
-- test/test_helpers_test.rb
-- test/mapping_test.rb
+- test/models_test.rb