devise 0.9.2 → 1.0.0

data/CHANGELOG.rdoc

@@ -1,3 +1,14 @@
+== 1.0.0
+
+* deprecation
+  * :old_password in update_with_password is deprecated, use :current_password instead
+
+* enhancements
+  * Added Registerable
+  * Added Http Basic Authentication support
+  * Allow scoped_views to be customized per controller/mailer class
+  * [#99] Allow authenticatable to used in change_table statements
+
 == 0.9.2
 
 * bug fix

data/README.rdoc

@@ -7,11 +7,12 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 * Allows you to have multiple roles (or models/scopes) signed in at the same time;
 * Is based on a modularity concept: use just what you really need.
 
-Right now it's composed of nine modules:
+Right now it's composed of ten modules:
 
 * Authenticatable: responsible for encrypting password and validating authenticity of a user while signing in.
 * Confirmable: responsible for verifying whether an account is already confirmed to sign in, and to send emails with confirmation instructions.
 * Recoverable: takes care of reseting the user password and send reset instructions.
+* Registerable: handles signing up users through a registration process.
 * Rememberable: manages generating and clearing token for remember the user from a saved cookie.
 * Trackable: tracks sign in count, timestamps and ip.
 * Validatable: creates all needed validations for email and password. It's totally optional, so you're able to to customize validations by yourself.
@@ -170,7 +171,7 @@ Since devise is an engine, it has all default views inside the gem. They are goo
 
   ruby script/generate devise_views
 
-By default Devise will use the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb". 
+By default Devise will use the same views for all roles you have. But what if you need so different views to each of them? Devise also has an easy way to accomplish it: just setup config.scoped_views to true inside "config/initializers/devise.rb".
 
 After doing so you will be able to have views based on the scope like 'sessions/users/new' and 'sessions/admin/new'. If no view is found within the scope, Devise will fallback to the default view.
 

data/TODO

@@ -1,4 +1,3 @@
 * Make test run with DataMapper
 * Add Registerable support
-* Add http authentication support
 * Extract Activatable tests from Confirmable

data/app/controllers/confirmations_controller.rb

@@ -1,6 +1,23 @@
 class ConfirmationsController < ApplicationController
   include Devise::Controllers::InternalHelpers
-  include Devise::Controllers::Common
+
+  # GET /resource/confirmation/new
+  def new
+    build_resource
+    render_with_scope :new
+  end
+
+  # POST /resource/confirmation
+  def create
+    self.resource = resource_class.send_confirmation_instructions(params[resource_name])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :send_instructions
+      redirect_to new_session_path(resource_name)
+    else
+      render_with_scope :new
+    end
+  end
 
   # GET /resource/confirmation?confirmation_token=abcdef
   def show
@@ -13,10 +30,4 @@ class ConfirmationsController < ApplicationController
       render_with_scope :new
     end
   end
-
-  protected
-
-    def send_instructions_with
-      :send_confirmation_instructions
-    end
 end

data/app/controllers/passwords_controller.rb

@@ -1,9 +1,26 @@
 class PasswordsController < ApplicationController
   include Devise::Controllers::InternalHelpers
-  include Devise::Controllers::Common
 
   before_filter :require_no_authentication
 
+  # GET /resource/password/new
+  def new
+    build_resource
+    render_with_scope :new
+  end
+
+  # POST /resource/password
+  def create
+    self.resource = resource_class.send_reset_password_instructions(params[resource_name])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :send_instructions
+      redirect_to new_session_path(resource_name)
+    else
+      render_with_scope :new
+    end
+  end
+
   # GET /resource/password/edit?reset_password_token=abcdef
   def edit
     self.resource = resource_class.new
@@ -22,10 +39,4 @@ class PasswordsController < ApplicationController
       render_with_scope :edit
     end
   end
-
-  protected
-
-    def send_instructions_with
-      :send_reset_password_instructions
-    end
 end

data/app/controllers/registrations_controller.rb

@@ -0,0 +1,55 @@
+class RegistrationsController < ApplicationController
+  include Devise::Controllers::InternalHelpers
+
+  before_filter :require_no_authentication, :only => [ :new, :create ]
+  before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
+
+  # GET /resource/sign_in
+  def new
+    build_resource
+    render_with_scope :new
+  end
+
+  # POST /resource/sign_up
+  def create
+    build_resource
+
+    if resource.save
+      flash[:"#{resource_name}_signed_up"] = true
+      set_flash_message :notice, :signed_up
+      sign_in_and_redirect(resource_name, resource)
+    else
+      render_with_scope :new
+    end
+  end
+
+  # GET /resource/edit
+  def edit
+    render_with_scope :edit
+  end
+
+  # PUT /resource
+  def update
+    if self.resource.update_with_password(params[resource_name])
+      set_flash_message :notice, :updated
+      redirect_to after_sign_in_path_for(self.resource)
+    else
+      render_with_scope :edit
+    end
+  end
+
+  # DELETE /resource
+  def destroy
+    self.resource.destroy
+    set_flash_message :notice, :destroyed
+    sign_out_and_redirect(self.resource)
+  end
+
+  protected
+
+    # Authenticates the current scope and dup the resource
+    def authenticate_scope!
+      send(:"authenticate_#{resource_name}!")
+      self.resource = send(:"current_#{resource_name}").dup
+    end
+end

data/app/controllers/sessions_controller.rb

@@ -1,15 +1,18 @@
 class SessionsController < ApplicationController
   include Devise::Controllers::InternalHelpers
-  include Devise::Controllers::Common
 
   before_filter :require_no_authentication, :only => [ :new, :create ]
 
   # GET /resource/sign_in
   def new
-    Devise::FLASH_MESSAGES.each do |message|
-      set_now_flash_message :alert, message if params.try(:[], message) == "true"
+    unless resource_just_signed_up?
+      Devise::FLASH_MESSAGES.each do |message|
+        set_now_flash_message :alert, message if params.try(:[], message) == "true"
+      end
     end
-    super
+
+    build_resource
+    render_with_scope :new
   end
 
   # POST /resource/sign_in
@@ -19,7 +22,7 @@ class SessionsController < ApplicationController
       sign_in_and_redirect(resource_name, resource, true)
     else
       set_now_flash_message :alert, (warden.message || :invalid)
-      build_resource
+      clean_up_passwords(build_resource)
       render_with_scope :new
     end
   end
@@ -30,4 +33,13 @@ class SessionsController < ApplicationController
     sign_out_and_redirect(resource_name)
   end
 
+  protected
+
+  def resource_just_signed_up?
+    flash[:"#{resource_name}_signed_up"]
+  end
+
+  def clean_up_passwords(object)
+    object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
+  end
 end

data/app/controllers/unlocks_controller.rb

@@ -1,6 +1,23 @@
 class UnlocksController < ApplicationController
   include Devise::Controllers::InternalHelpers
-  include Devise::Controllers::Common
+
+  # GET /resource/unlock/new
+  def new
+    build_resource
+    render_with_scope :new
+  end
+
+  # POST /resource/unlock
+  def create
+    self.resource = resource_class.send_unlock_instructions(params[resource_name])
+
+    if resource.errors.empty?
+      set_flash_message :notice, :send_instructions
+      redirect_to new_session_path(resource_name)
+    else
+      render_with_scope :new
+    end
+  end
 
   # GET /resource/unlock?unlock_token=abcdef
   def show
@@ -13,10 +30,4 @@ class UnlocksController < ApplicationController
       render_with_scope :new
     end
   end
-
-  protected
-
-    def send_instructions_with
-      :send_unlock_instructions
-    end
 end

data/app/models/devise_mailer.rb

@@ -1,4 +1,5 @@
 class DeviseMailer < ::ActionMailer::Base
+  extend Devise::Controllers::InternalHelpers::ScopedViews
 
   # Deliver confirmation instructions when the user is created or its email is
   # updated, and also when confirmation is manually requested
@@ -31,7 +32,7 @@ class DeviseMailer < ::ActionMailer::Base
     end
 
     def render_with_scope(key, mapping, assigns)
-      if Devise.scoped_views
+      if self.class.scoped_views
         begin
           render :file => "devise_mailer/#{mapping.as}/#{key}", :body => assigns
         rescue ActionView::MissingTemplate
@@ -45,7 +46,7 @@ class DeviseMailer < ::ActionMailer::Base
     def mailer_sender(mapping)
       if Devise.mailer_sender.is_a?(Proc)
         block_args = mapping.name if Devise.mailer_sender.arity > 0
-        Devise.mailer_sender.call(*block_args)
+        Devise.mailer_sender.call(block_args)
       else
         Devise.mailer_sender
       end

data/app/views/registrations/edit.html.erb

@@ -0,0 +1,25 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<% form_for resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put } do |f| -%>
+  <%= f.error_messages %>
+
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
+
+  <p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
+  <p><%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation %></p>
+  <p><%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i></p>
+  <p><%= f.password_field :current_password %></p>
+
+  <p><%= f.submit "Update" %></p>
+<% end -%>
+
+<h3>Cancel my account</h3>
+
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
+
+<%= render :partial => "shared/devise_links" %>

data/app/views/registrations/new.html.erb

@@ -0,0 +1,17 @@
+<h2>Sign up</h2>
+
+<% form_for resource_name, resource, :url => registration_path(resource_name) do |f| -%>
+  <%= f.error_messages %>
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
+
+  <p><%= f.label :password %></p>
+  <p><%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation %></p>
+  <p><%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.submit "Sign up" %></p>
+<% end -%>
+
+<%= render :partial => "shared/devise_links" %>

data/app/views/sessions/new.html.erb

@@ -1,19 +1,17 @@
 <h2>Sign in</h2>
 
-<%- if devise_mapping.authenticatable? %>
-  <% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
-    <p><%= f.label :email %></p>
-    <p><%= f.text_field :email %></p>
+<% form_for resource_name, resource, :url => session_path(resource_name) do |f| -%>
+  <p><%= f.label :email %></p>
+  <p><%= f.text_field :email %></p>
 
-    <p><%= f.label :password %></p>
-    <p><%= f.password_field :password %></p>
+  <p><%= f.label :password %></p>
+  <p><%= f.password_field :password %></p>
 
-    <% if devise_mapping.rememberable? -%>
-      <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
-    <% end -%>
-
-    <p><%= f.submit "Sign in" %></p>
+  <% if devise_mapping.rememberable? -%>
+    <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
   <% end -%>
-<% end%>
+
+  <p><%= f.submit "Sign in" %></p>
+<% end -%>
 
 <%= render :partial => "shared/devise_links" %>

data/app/views/shared/_devise_links.erb

@@ -2,6 +2,10 @@
   <%= link_to t('devise.sessions.link'), new_session_path(resource_name) %><br />
 <% end -%>
 
+<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+  <%= link_to t('devise.registrations.link'), new_registration_path(resource_name) %><br />
+<% end -%>
+
 <%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
   <%= link_to t('devise.passwords.link'), new_password_path(resource_name) %><br />
 <% end -%>
@@ -12,4 +16,4 @@
 
 <%- if devise_mapping.lockable? && controller_name != 'unlocks' %>
   <%= link_to t('devise.unlocks.link'), new_unlock_path(resource_name) %><br />
-<% end -%>
+<% end -%>

data/generators/devise_install/templates/devise.rb

@@ -26,6 +26,9 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # config.authentication_keys = [ :email ]
 
+  # The realm used in Http Basic Authentication
+  # config.http_authentication_realm = "Application"
+
   # ==> Configuration for :confirmable
   # The time you want give to your user to confirm his account. During this time
   # he will be able to access your application without confirming. Default is nil.
@@ -93,7 +96,6 @@ Devise.setup do |config|
 
   # Configure default_url_options if you are using dynamic segments in :path_prefix
   # for devise_for.
-  #
   # config.default_url_options do
   #   { :locale => I18n.locale }
   # end

data/lib/devise.rb

@@ -4,7 +4,6 @@ module Devise
   autoload :TestHelpers, 'devise/test_helpers'
 
   module Controllers
-    autoload :Common, 'devise/controllers/common'
     autoload :Helpers, 'devise/controllers/helpers'
     autoload :InternalHelpers, 'devise/controllers/internal_helpers'
     autoload :UrlHelpers, 'devise/controllers/url_helpers'
@@ -32,7 +31,7 @@ module Devise
   ALL.push :authenticatable, :token_authenticatable, :rememberable
 
   # Misc after
-  ALL.push :recoverable, :validatable
+  ALL.push :recoverable, :registerable, :validatable
 
   # The ones which can sign out after
   ALL.push :activatable, :confirmable, :lockable, :timeoutable
@@ -40,20 +39,24 @@ module Devise
   # Stats for last, so we make sure the user is really signed in
   ALL.push :trackable
 
-  # Maps controller names to devise modules
+  # Maps controller names to devise modules.
   CONTROLLERS = {
     :sessions => [:authenticatable, :token_authenticatable],
     :passwords => [:recoverable],
     :confirmations => [:confirmable],
+    :registrations => [:registerable],
     :unlocks => [:lockable]
   }
 
-  STRATEGIES  = [:rememberable, :token_authenticatable, :authenticatable]
+  # Routes for generating url helpers.
+  ROUTES = [:session, :password, :confirmation, :registration, :unlock]
+
+  STRATEGIES  = [:rememberable, :http_authenticatable, :token_authenticatable, :authenticatable]
 
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 
   # Maps the messages types that are used in flash message.
-  FLASH_MESSAGES = [ :unauthenticated, :unconfirmed, :invalid, :invalid_token, :timeout, :inactive, :locked ]
+  FLASH_MESSAGES = [:unauthenticated, :unconfirmed, :invalid, :invalid_token, :timeout, :inactive, :locked]
 
   # Declare encryptors length which are used in migrations.
   ENCRYPTORS_LENGTH = {
@@ -133,7 +136,7 @@ module Devise
 
   # Tell when to use the default scope, if one cannot be found from routes.
   mattr_accessor :use_default_scope
-  @@use_default_scope
+  @@use_default_scope = false
 
   # The default scope which is used by warden.
   mattr_accessor :default_scope
@@ -141,12 +144,16 @@ module Devise
 
   # Address which sends Devise e-mails.
   mattr_accessor :mailer_sender
-  @@mailer_sender
+  @@mailer_sender = nil
 
   # Authentication token params key name of choice. E.g. /users/sign_in?some_key=...
   mattr_accessor :token_authentication_key
   @@token_authentication_key = :auth_token
 
+  # The realm used in Http Basic Authentication
+  mattr_accessor :http_authentication_realm
+  @@http_authentication_realm = "Application"
+
   class << self
     # Default way to setup Devise. Run script/generate devise_install to create
     # a fresh initializer with all configuration values.
@@ -242,4 +249,4 @@ rescue
 end
 
 require 'devise/mapping'
-require 'devise/rails'
+require 'devise/rails'