devise 0.5.6 → 0.6.0

data/CHANGELOG.rdoc

@@ -1,3 +1,14 @@
+== 0.6.0
+
+* deprecations
+  * :authenticatable is not included by default anymore
+
+* enhancements
+  * Added DataMapper support
+  * Remove store_location from authenticatable strategy and add it to failure app
+  * Allow a strategy to be placed after authenticatable
+  * [#45] Do not rely attribute? methods, since they are not added on Datamapper
+
 == 0.5.6
 
 * enhancements

data/README.rdoc

@@ -74,7 +74,7 @@ This line adds devise authenticatable automatically for you inside your User cla
 
 You could also include the other devise modules as below:
 
-  # Same as using only devise, authenticatable is activated by default
+  # Include only authenticatable stuff
   devise :authenticatable
 
   # Include authenticatable + confirmable
@@ -150,7 +150,7 @@ Devise let's you setup as many roles as you want, so let's say you already have
   end
 
   # Inside your Admin model
-  devise :validatable
+  devise :authenticatable, :validatable
 
   # Inside your routes
   map.devise_for :admin

data/TODO

@@ -1,3 +1,5 @@
+* Create update_with_password
+* Make test run with different ORMs
 * Devise::Timeoutable
 * Use request_ip in session cookies
 * Devise::BruteForceProtection

data/generators/devise_install/templates/devise.rb

@@ -37,7 +37,7 @@ Devise.setup do |config|
   # Configure the e-mail address which will be shown in DeviseMailer.
   # config.mailer_sender = "foo.bar@yourapp.com"
 
-  # Configure the ORM. Supports :active_record and :mongo_mapper
+  # Configure the ORM. Supports :active_record, :data_mapper and :mongo_mapper.
   # config.orm = :active_record
 
   # Turn scoped views on. Before rendering "sessions/new", it will first check for

data/lib/devise.rb

@@ -46,15 +46,8 @@ module Devise
   @@confirm_within = 0.days
 
   # Used to define the password encryption algorithm.
-  def self.encryptor=(value)
-    @@encryptor = if value.is_a?(Symbol)
-      ::Devise::Encryptors.const_get(value.to_s.classify)
-    else
-      value
-    end
-  end
-  mattr_reader :encryptor
-  @@encryptor = ::Devise::Encryptors::Sha1
+  mattr_accessor :encryptor
+  @@encryptor = :sha1
 
   # Store scopes mappings.
   mattr_accessor :mappings

data/lib/devise/failure_app.rb

@@ -1,31 +1,34 @@
 module Devise
-  module FailureApp
-    mattr_accessor :default_url
+  # Failure application that will be called every time :warden is thrown from
+  # any strategy or hook. Responsible for redirect the user to the sign in
+  # page based on current scope and mapping. If no scope is given, redirect
+  # to the default_url.
+  class FailureApp
+    attr_reader :env
+    include Warden::Mixins::Common
+
+    cattr_accessor :default_url, :default_message, :instance_writer => false
+    @@default_message = :unauthenticated
 
-    # Failure application that will be called every time :warden is thrown from
-    # any strategy or hook. Responsible for redirect the user to the sign in
-    # page based on current scope and mapping. If no scope is given, redirect
-    # to the default_url.
     def self.call(env)
-      options = env['warden.options']
-      scope   = options[:scope]
-      message = env['warden'].try(:message) || options[:message]
+      new(env).respond!
+    end
 
-      params  = case message
-        when Symbol
-          { message => true }
-        when String
-          { :message => message }
-        else
-          {}
-      end
+    def initialize(env)
+      @env = env
+    end
+
+    def respond!
+      options = @env['warden.options']
+      scope   = options[:scope]
 
       redirect_path = if mapping = Devise.mappings[scope]
         "#{mapping.parsed_path}/#{mapping.path_names[:sign_in]}"
       else
         "/#{default_url}"
       end
-      query_string = Rack::Utils.build_query(params)
+      query_string = query_string_for(options)
+      store_location!(scope)
 
       headers = {}
       headers["Location"] = redirect_path
@@ -34,5 +37,29 @@ module Devise
 
       [302, headers, ["You are being redirected to #{redirect_path}"]]
     end
+
+    # Build the proper query string based on the given message.
+    def query_string_for(options)
+      message = @env['warden'].try(:message) || options[:message] || default_message
+
+      params = case message
+        when Symbol
+          { message => true }
+        when String
+          { :message => message }
+        else
+          {}
+      end
+
+      Rack::Utils.build_query(params)
+    end
+
+    # Stores requested uri to redirect the user after signing in. We cannot use
+    # scoped session provided by warden here, since the user is not authenticated
+    # yet, but we still need to store the uri based on scope, so different scopes
+    # would never use the same uri to redirect.
+    def store_location!(scope)
+      session[:"#{scope}.return_to"] ||= request.request_uri if request && request.get?
+    end
   end
 end

data/lib/devise/models.rb

@@ -19,12 +19,6 @@ module Devise
     def self.config(mod, *accessors) #:nodoc:
       accessors.each do |accessor|
         mod.class_eval <<-METHOD, __FILE__, __LINE__
-          def #{accessor}
-            self.class.#{accessor}
-          end
-        METHOD
-
-        mod.const_get(:ClassMethods).class_eval <<-METHOD, __FILE__, __LINE__
           def #{accessor}
             if defined?(@#{accessor})
               @#{accessor}
@@ -56,47 +50,45 @@ module Devise
     #
     # Examples:
     #
-    #   # include only authenticatable module (default)
-    #   devise
+    #   # include only authenticatable module
+    #   devise :authenticatable
     #
     #   # include authenticatable + confirmable modules
-    #   devise :confirmable
+    #   devise :authenticatable, :confirmable
     #
     #   # include authenticatable + recoverable modules
-    #   devise :recoverable
-    #
-    #   # include authenticatable + rememberable modules
-    #   devise :rememberable
+    #   devise :authenticatable, :recoverable
     #
-    #   # include authenticatable + validatable modules
-    #   devise :validatable
+    #   # include authenticatable + rememberable + validatable modules
+    #   devise :authenticatable, :rememberable, :validatable
     #
-    #   # include authenticatable + confirmable + recoverable + rememberable + validatable
-    #   devise :confirmable, :recoverable, :rememberable, :validatable
-    #
-    #   # shortcut to include all modules (same as above)
+    #   # shortcut to include all available modules
     #   devise :all
     #
     #   # include all except recoverable
     #   devise :all, :except => :recoverable
     #
     def devise(*modules)
-      options  = modules.extract_options!
+      # TODO Add this check in future versions
+      # raise "You need to give at least one Devise module" if modules.empty?
 
+      options  = modules.extract_options!
       modules  = Devise.all if modules.include?(:all)
       modules -= Array(options.delete(:except))
-      modules  = [:authenticatable] | modules
 
-      modules.each do |m|
-        devise_modules << m.to_sym
-        include Devise::Models.const_get(m.to_s.classify)
+      if !modules.include?(:authenticatable)
+        modules  = [:authenticatable] | modules
+        ActiveSupport::Deprecation.warn ":authenticatable won't be included by default in devise in future versions, please add it", caller[0,10]
       end
 
-      # Convert new keys to methods which overwrites Devise defaults
-      options.each { |key, value| send(:"#{key}=", value) }
+      Devise.orm_class.included_modules_hook(self, modules) do
+        modules.each do |m|
+          devise_modules << m.to_sym
+          include Devise::Models.const_get(m.to_s.classify)
+        end
 
-      # Call specific hooks for each ORM
-      Devise.orm_class.included_modules_hook(self, devise_modules)
+        options.each { |key, value| send(:"#{key}=", value) }
+      end
     end
 
     # Stores all modules included inside the model, so we are able to verify

data/lib/devise/models/authenticatable.rb

@@ -54,9 +54,9 @@ module Devise
 
       protected
 
-        # Digests the password using the configured encryptor
+        # Digests the password using the configured encryptor.
         def password_digest(password)
-          encryptor.digest(password, stretches, password_salt, pepper)
+          self.class.encryptor_class.digest(password, self.class.stretches, password_salt, self.class.pepper)
         end
 
       module ClassMethods
@@ -87,11 +87,10 @@ module Devise
         # Attempt to find a user by it's email. If not user is found, returns a
         # new user with an email not found error.
         def find_or_initialize_with_error_by_email(email)
-          perishable = find_or_initialize_by_email(email)
-          if perishable.new_record?
-            perishable.errors.add(:email, :not_found, :default => 'not found')
-          end
-          perishable
+          attributes = { :email => email }
+          record = find(:first, :conditions => attributes) || new(attributes)
+          record.errors.add(:email, :not_found, :default => 'not found') if record.new_record?
+          record
         end
 
         # Hook to serialize user into session. Overwrite if you want.
@@ -103,11 +102,16 @@ module Devise
         def serialize_from_session(keys)
           klass, id = keys
           raise "#{self} cannot serialize from #{klass} session since it's not its ancestors" unless klass <= self
-          klass.find_by_id(id)
+          klass.find(:first, :conditions => { :id => id })
+        end
+
+        # Returns the class for the configured encryptor.
+        def encryptor_class
+          @encryptor_class ||= ::Devise::Encryptors.const_get(encryptor.to_s.classify)
         end
-      end
 
-      Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
+        Devise::Models.config(self, :pepper, :stretches, :encryptor, :authentication_keys)
+      end
     end
   end
 end

data/lib/devise/models/confirmable.rb

@@ -51,7 +51,7 @@ module Devise
 
       # Verifies whether a user is confirmed or not
       def confirmed?
-        !new_record? && confirmed_at?
+        !new_record? && !confirmed_at.nil?
       end
 
       # Send confirmation instructions by email
@@ -100,8 +100,8 @@ module Devise
         #   confirmation_period_valid?   # will always return false
         #
         def confirmation_period_valid?
-          confirmation_sent_at? &&
-            (Time.now.utc - confirmation_sent_at.utc) < confirm_within
+          confirmation_sent_at &&
+            ((Time.now.utc - confirmation_sent_at.utc) < self.class.confirm_within)
         end
 
         # Checks whether the record is confirmed or not, yielding to the block
@@ -124,7 +124,6 @@ module Devise
         end
 
       module ClassMethods
-
         # Attempt to find a user by it's email. If a record is found, send new
         # confirmation instructions to it. If not user is found, returns a new user
         # with an email not found error.
@@ -148,9 +147,9 @@ module Devise
           end
           confirmable
         end
-      end
 
-      Devise::Models.config(self, :confirm_within)
+        Devise::Models.config(self, :confirm_within)
+      end
     end
   end
 end

data/lib/devise/models/recoverable.rb

@@ -57,7 +57,6 @@ module Devise
         end
 
       module ClassMethods
-
         # Attempt to find a user by it's email. If a record is found, send new
         # password instructions to it. If not user is found, returns a new user
         # with an email not found error.

data/lib/devise/models/rememberable.rb

@@ -51,7 +51,7 @@ module Devise
       # Removes the remember token only if it exists, and save the record
       # without validations.
       def forget_me!
-        if remember_token?
+        if remember_token
           self.remember_token = nil
           self.remember_created_at = nil
           save(false)
@@ -60,7 +60,7 @@ module Devise
 
       # Checks whether the incoming token matches or not with the record token.
       def valid_remember_token?(token)
-        remember_token? && !remember_expired? && remember_token == token
+        remember_token && !remember_expired? && remember_token == token
       end
 
       # Remember token should be expired if expiration time not overpass now.
@@ -70,11 +70,10 @@ module Devise
 
       # Remember token expires at created time + remember_for configuration
       def remember_expires_at
-        remember_created_at + remember_for
+        remember_created_at + self.class.remember_for
       end
 
       module ClassMethods
-
         # Create the cookie key using the record id and remember_token
         def serialize_into_cookie(rememberable)
           "#{rememberable.id}::#{rememberable.remember_token}"
@@ -86,9 +85,9 @@ module Devise
           rememberable = find_by_id(rememberable_id) if rememberable_id
           rememberable if rememberable.try(:valid_remember_token?, remember_token)
         end
-      end
 
-      Devise::Models.config(self, :remember_for)
+        Devise::Models.config(self, :remember_for)
+      end
     end
   end
 end

data/lib/devise/orm/active_record.rb

@@ -17,8 +17,9 @@ module Devise
     #   add_index "accounts", ["reset_password_token"], :name => "reset_password_token", :unique => true
     #
     module ActiveRecord
-      # Required ORM hook. By default, do nothing on ActiveRecord.
+      # Required ORM hook. Just yield the given block in ActiveRecord.
       def self.included_modules_hook(klass, modules)
+        yield
       end
 
       include Devise::Schema
@@ -34,4 +35,4 @@ end
 if defined?(ActiveRecord)
   ActiveRecord::Base.extend Devise::Models
   ActiveRecord::ConnectionAdapters::TableDefinition.send :include, Devise::Orm::ActiveRecord
-end
+end

data/lib/devise/orm/data_mapper.rb

@@ -0,0 +1,63 @@
+module Devise
+  module Orm
+    module DataMapper
+      def self.included_modules_hook(klass, modules)
+        klass.send :extend, self
+        yield
+
+        # DataMapper validations have a completely different API
+        if modules.include?(:validatable) && !klass.respond_to?(:validates_presence_of)
+          raise ":validatable is not supported in DataMapper, please craft your validations by hand"
+        end
+
+        modules.each do |mod|
+          klass.send(mod) if klass.respond_to?(mod)
+        end
+      end
+
+      include Devise::Schema
+
+      SCHEMA_OPTIONS = {
+        :null  => :nullable,
+        :limit => :length
+      }
+
+      # Hooks for confirmable
+      def before_create(*args)
+        before :create, *args
+      end
+
+      def after_create(*args)
+        after :create, *args
+      end
+
+      # Add ActiveRecord like finder
+      def find(*args)
+        options = args.extract_options!
+        case args.first
+          when :first
+            first(options.merge(options.delete(:conditions)))
+          when :all
+            all(options.merge(options.delete(:conditions)))
+          else
+            get(*args)
+        end
+      end
+
+      # Tell how to apply schema methods. This automatically maps :limit to
+      # :length and :null to :nullable.
+      def apply_schema(name, type, options={})
+        return unless Devise.apply_schema
+
+        SCHEMA_OPTIONS.each do |old_key, new_key|
+          next unless options.key?(old_key)
+          options[new_key] = options.delete(old_key)
+        end
+
+        property name, type, options
+      end
+    end
+  end
+end
+
+DataMapper::Model.send(:include, Devise::Models)

data/lib/devise/orm/mongo_mapper.rb

@@ -1,12 +1,12 @@
 module Devise
   module Orm
     module MongoMapper
-      # Include attributes modules and set the proper ones.
       def self.included_modules_hook(klass, modules)
         klass.send :extend, self
+        yield
 
         modules.each do |mod|
-          klass.send(mod)
+          klass.send(mod) if klass.respond_to?(mod)
         end
       end
 

data/lib/devise/schema.rb

@@ -42,7 +42,7 @@ module Devise
     end
 
     # Overwrite with specific modification to create your own schema.
-    def apply_schema(name, tupe, options={})
+    def apply_schema(name, type, options={})
       raise NotImplementedError
     end
   end

data/lib/devise/serializers/base.rb

@@ -12,21 +12,8 @@ module Devise
         mapping.to.send(:"serialize_from_#{serialization_type}", keys)
       end
 
-      def store(user, scope)
-        @scope = scope
-        return unless valid?
-        super
-      end
-
       def fetch(scope)
         @scope = scope
-        return unless valid?
-        super
-      end
-
-      def delete(scope, user=nil)
-        @scope = scope
-        return unless valid?
         super
       end
 
@@ -38,4 +25,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise/serializers/rememberable.rb

@@ -10,17 +10,19 @@ module Devise
           super
         end
       end
-      
+
       def default_options(record)
         super.merge!(:expires => record.remember_expires_at)
       end
 
       def delete(scope, record=nil)
-        record.forget_me! if record && record.respond_to?(:forget_me!)
-        super
+        if record && record.respond_to?(:forget_me!)
+          record.forget_me!
+          super
+        end
       end
     end
   end
 end
 
-Warden::Serializers.add(:rememberable, Devise::Serializers::Rememberable)
+Warden::Serializers.add(:rememberable, Devise::Serializers::Rememberable)

data/lib/devise/strategies/authenticatable.rb

@@ -5,40 +5,20 @@ module Devise
     class Authenticatable < Warden::Strategies::Base
       include Devise::Strategies::Base
 
+      def valid?
+        super && params[scope] && params[scope][:password].present?
+      end
+
       # Authenticate a user based on email and password params, returning to warden
       # success and the authenticated user if everything is okay. Otherwise redirect
       # to sign in page.
-      #
-      # Please notice the semantic difference between calling fail! and throw :warden.
-      # The first does not perform any action when calling authenticate, just
-      # when authenticate! is invoked. The second always perform the action.
       def authenticate!
-        if valid_attributes?
-          if resource = mapping.to.authenticate(params[scope])
-            success!(resource)
-          else
-            fail!(:invalid)
-          end
+        if resource = mapping.to.authenticate(params[scope])
+          success!(resource)
         else
-          store_location
-          fail!(:unauthenticated)
+          fail!(:invalid)
         end
       end
-
-      private
-
-        # Check if params and password are given. Others are checked inside authenticate.
-        def valid_attributes?
-          params[scope] && params[scope][:password].present?
-        end
-
-        # Stores requested uri to redirect the user after signing in. We cannot use
-        # scoped session provided by warden here, since the user is not authenticated
-        # yet, but we still need to store the uri based on scope, so different scopes
-        # would never use the same uri to redirect.
-        def store_location
-          session[:"#{mapping.name}.return_to"] ||= request.request_uri if request.get?
-        end
     end
   end
 end

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.5.6".freeze
+  VERSION = "0.6.0".freeze
 end

data/test/encryptors_test.rb

@@ -21,8 +21,8 @@ class Encryptors < ActiveSupport::TestCase
   Devise::ENCRYPTORS_LENGTH.each do |key, value|
     test "should have length #{value} for #{key.inspect}" do
       swap Devise, :encryptor => key do
-        assert_equal value, Devise.encryptor.digest('a', 2, 'b', 'c').size
+        assert_equal value, Devise::Encryptors.const_get(key.to_s.classify).digest('a', 2, 'b', 'c').size
       end
     end
   end
-end
+end

data/test/failure_app_test.rb

@@ -12,8 +12,8 @@ class FailureTest < ActiveSupport::TestCase
     assert_equal 302, call_failure.first
   end
 
-  test 'return redirect location based on mapping with params' do
-    assert_equal '/users/sign_in', call_failure.second['Location']
+  test 'return to the default redirect location' do
+    assert_equal '/users/sign_in?unauthenticated=true', call_failure.second['Location']
   end
 
   test 'uses the proxy failure message' do
@@ -27,6 +27,6 @@ class FailureTest < ActiveSupport::TestCase
   end
 
   test 'setup a default message' do
-    assert_equal ['You are being redirected to /users/sign_in'], call_failure.last
+    assert_equal ['You are being redirected to /users/sign_in?unauthenticated=true'], call_failure.last
   end
 end

data/test/models/authenticatable_test.rb

@@ -3,7 +3,7 @@ require 'digest/sha1'
 
 class AuthenticatableTest < ActiveSupport::TestCase
 
-  def encrypt_password(user, pepper=User.pepper, stretches=User.stretches, encryptor = ::Devise::Encryptors::Sha1)
+  def encrypt_password(user, pepper=User.pepper, stretches=User.stretches, encryptor=::Devise::Encryptors::Sha1)
     encryptor.digest('123456', stretches, user.password_salt, pepper)
   end
 
@@ -82,24 +82,23 @@ class AuthenticatableTest < ActiveSupport::TestCase
   end
 
   test 'should fallback to devise stretches default configuring' do
-    begin
-      default_stretches = Devise.stretches
-      Devise.stretches = 1
+    swap Devise, :stretches => 1 do
       user = new_user
       assert_equal encrypt_password(user, nil, 1), user.encrypted_password
       assert_not_equal encrypt_password(user, nil, 2), user.encrypted_password
-    ensure
-      Devise.stretches = default_stretches
     end
   end
 
   test 'should respect encryptor configuration' do
-    begin
-      Devise.encryptor = ::Devise::Encryptors::Sha512
-      user = create_user
-      assert_equal user.encrypted_password, encrypt_password(user, User.pepper, User.stretches, ::Devise::Encryptors::Sha512)
-    ensure
-      Devise.encryptor = ::Devise::Encryptors::Sha1
+    User.instance_variable_set(:@encryptor_class, nil)
+
+    swap Devise, :encryptor => :sha512 do
+      begin
+        user = create_user
+        assert_equal user.encrypted_password, encrypt_password(user, User.pepper, User.stretches, ::Devise::Encryptors::Sha512)
+      ensure
+        User.instance_variable_set(:@encryptor_class, nil)
+      end
     end
   end
 

data/test/models_test.rb

@@ -1,23 +1,23 @@
 require 'test/test_helper'
 
 class Authenticable < User
-  devise
+  devise :authenticatable
 end
 
 class Confirmable < User
-  devise :confirmable
+  devise :authenticatable, :confirmable
 end
 
 class Recoverable < User
-  devise :recoverable
+  devise :authenticatable, :recoverable
 end
 
 class Rememberable < User
-  devise :rememberable
+  devise :authenticatable, :rememberable
 end
 
 class Validatable < User
-  devise :validatable
+  devise :authenticatable, :validatable
 end
 
 class Devisable < User
@@ -36,7 +36,6 @@ class Configurable < User
 end
 
 class ActiveRecordTest < ActiveSupport::TestCase
-
   def include_module?(klass, mod)
     klass.devise_modules.include?(mod) &&
     klass.included_modules.include?(Devise::Models::const_get(mod.to_s.classify))
@@ -90,19 +89,19 @@ class ActiveRecordTest < ActiveSupport::TestCase
   end
 
   test 'set a default value for stretches' do
-    assert_equal 15, Configurable.new.stretches
+    assert_equal 15, Configurable.stretches
   end
 
   test 'set a default value for pepper' do
-    assert_equal 'abcdef', Configurable.new.pepper
+    assert_equal 'abcdef', Configurable.pepper
   end
 
   test 'set a default value for confirm_within' do
-    assert_equal 5.days, Configurable.new.confirm_within
+    assert_equal 5.days, Configurable.confirm_within
   end
 
   test 'set a default value for remember_for' do
-    assert_equal 7.days, Configurable.new.remember_for
+    assert_equal 7.days, Configurable.remember_for
   end
 
   test 'set null fields on migrations' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: devise
 version: !ruby/object:Gem::Version 
-  version: 0.5.6
+  version: 0.6.0
 platform: ruby
 authors: 
 - "Jos\xC3\xA9 Valim"
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-11-21 00:00:00 -02:00
+date: 2009-11-22 00:00:00 -02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -79,6 +79,7 @@ files:
 - lib/devise/models/rememberable.rb
 - lib/devise/models/validatable.rb
 - lib/devise/orm/active_record.rb
+- lib/devise/orm/data_mapper.rb
 - lib/devise/orm/mongo_mapper.rb
 - lib/devise/rails.rb
 - lib/devise/rails/routes.rb