devise 1.1.2 → 1.1.3

data/CHANGELOG.rdoc

@@ -1,3 +1,14 @@
+== 1.1.3
+
+* bugfix
+  * Add reply-to to e-mail headers by default
+  * Updated the views generator to respect the rails :template_engine option (by github.com/fredwu)
+  * Check the type of HTTP Authentication before using Basic headers
+  * Avoid invalid_salt errors by checking salt presence (by github.com/thibaudgg)
+  * Forget user deletes the right cookie before logout, not remembering the user anymore (by github.com/emtrane)
+  * Fix for failed first-ever logins on PostgreSQL where column default is nil (by github.com/bensie)
+  * :default options is now honored in migrations
+
 == 1.1.2
 
 * bugfix

data/Gemfile

@@ -1,6 +1,6 @@
 source "http://rubygems.org"
 
-gem "rails", "3.0.0.rc2"
+gem "rails", "3.0.0"
 gem "warden", "0.10.7"
 gem "sqlite3-ruby"
 gem "webrat", "0.7.0"

data/Gemfile.lock

@@ -13,12 +13,12 @@ GEM
   remote: http://rubygems.org/
   specs:
     abstract (1.0.0)
-    actionmailer (3.0.0.rc2)
-      actionpack (= 3.0.0.rc2)
+    actionmailer (3.0.0)
+      actionpack (= 3.0.0)
       mail (~> 2.2.5)
-    actionpack (3.0.0.rc2)
-      activemodel (= 3.0.0.rc2)
-      activesupport (= 3.0.0.rc2)
+    actionpack (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
       builder (~> 2.1.2)
       erubis (~> 2.6.6)
       i18n (~> 0.4.1)
@@ -26,24 +26,24 @@ GEM
       rack-mount (~> 0.6.12)
       rack-test (~> 0.5.4)
       tzinfo (~> 0.3.23)
-    activemodel (3.0.0.rc2)
-      activesupport (= 3.0.0.rc2)
+    activemodel (3.0.0)
+      activesupport (= 3.0.0)
       builder (~> 2.1.2)
       i18n (~> 0.4.1)
-    activerecord (3.0.0.rc2)
-      activemodel (= 3.0.0.rc2)
-      activesupport (= 3.0.0.rc2)
-      arel (~> 1.0.0.rc1)
+    activerecord (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+      arel (~> 1.0.0)
       tzinfo (~> 0.3.23)
-    activeresource (3.0.0.rc2)
-      activemodel (= 3.0.0.rc2)
-      activesupport (= 3.0.0.rc2)
-    activesupport (3.0.0.rc2)
-    arel (1.0.0.rc1)
-      activesupport (>= 3.0.0.beta)
+    activeresource (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+    activesupport (3.0.0)
+    arel (1.0.1)
+      activesupport (~> 3.0.0)
     bcrypt-ruby (2.1.2)
     bson (1.0.4)
-    bson_ext (1.0.4)
+    bson_ext (1.0.7)
     builder (2.1.2)
     columnize (0.3.1)
     erubis (2.6.6)
@@ -66,18 +66,18 @@ GEM
       rack (>= 1.0.0)
     rack-test (0.5.4)
       rack (>= 1.0)
-    rails (3.0.0.rc2)
-      actionmailer (= 3.0.0.rc2)
-      actionpack (= 3.0.0.rc2)
-      activerecord (= 3.0.0.rc2)
-      activeresource (= 3.0.0.rc2)
-      activesupport (= 3.0.0.rc2)
-      bundler (>= 1.0.0.rc.6)
-      railties (= 3.0.0.rc2)
-    railties (3.0.0.rc2)
-      actionpack (= 3.0.0.rc2)
-      activesupport (= 3.0.0.rc2)
-      rake (>= 0.8.3)
+    rails (3.0.0)
+      actionmailer (= 3.0.0)
+      actionpack (= 3.0.0)
+      activerecord (= 3.0.0)
+      activeresource (= 3.0.0)
+      activesupport (= 3.0.0)
+      bundler (~> 1.0.0)
+      railties (= 3.0.0)
+    railties (3.0.0)
+      actionpack (= 3.0.0)
+      activesupport (= 3.0.0)
+      rake (>= 0.8.4)
       thor (~> 0.14.0)
     rake (0.8.7)
     ruby-debug (0.10.3)
@@ -107,7 +107,7 @@ DEPENDENCIES
   mocha
   mongo
   mongoid!
-  rails (= 3.0.0.rc2)
+  rails (= 3.0.0)
   ruby-debug (>= 0.10.3)
   sqlite3-ruby
   warden (= 0.10.7)

data/lib/devise/hooks/forgetable.rb

@@ -5,7 +5,7 @@
 Warden::Manager.before_logout do |record, warden, options|
   if record.respond_to?(:forget_me!)
     record.forget_me! unless record.frozen?
-    options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
-    warden.cookies.delete("remember_#{options[:scope]}_token", options)
+    cookie_options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
+    warden.cookies.delete("remember_#{options[:scope]}_token", cookie_options)
   end
 end

data/lib/devise/models/database_authenticatable.rb

@@ -82,7 +82,9 @@ module Devise
 
       # Digests the password using the configured encryptor.
       def password_digest(password)
-        self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
+        if self.password_salt.present?
+          self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper)
+        end
       end
 
       module ClassMethods

data/lib/devise/models/lockable.rb

@@ -81,6 +81,8 @@ module Devise
         when TrueClass
           self.failed_attempts = 0
         when FalseClass
+          # PostgreSQL uses nil as the default value for integer columns set to 0
+          self.failed_attempts ||= 0
           self.failed_attempts += 1
           if attempts_exceeded?
             lock_access!

data/lib/devise/schema.rb

@@ -19,7 +19,7 @@ module Devise
     # encrypter password field in 128 characters.
     def database_authenticatable(options={})
       null    = options[:null] || false
-      default = options[:default] || ""
+      default = options.key?(:default) ? options[:default] : ("" if null == false)
 
       if options.delete(:encryptor)
         ActiveSupport::Deprecation.warn ":encryptor as option is deprecated, simply remove it."

data/lib/devise/strategies/authenticatable.rb

@@ -96,8 +96,8 @@ module Devise
 
       # Helper to decode credentials from HTTP.
       def decode_credentials
-        username_and_password = request.authorization.split(' ', 2).last || ''
-        ActiveSupport::Base64.decode64(username_and_password).split(/:/, 2)
+        return [] unless request.authorization && request.authorization =~ /^Basic (.*)/
+        ActiveSupport::Base64.decode64($1).split(/:/, 2)
       end
 
       # Sets the authentication hash and the password from params_auth_hash or http_auth_hash.

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.1.2".freeze
+  VERSION = "1.1.3".freeze
 end

data/lib/generators/devise/views_generator.rb

@@ -7,7 +7,7 @@ module Devise
       argument :scope, :required => false, :default => nil,
                        :desc => "The scope to copy views to"
 
-      class_option :template_engine, :type => :string, :aliases => "-t", :default => "erb",
+      class_option :template_engine, :type => :string, :aliases => "-t",
                                      :desc => "Template engine for the views. Available options are 'erb' and 'haml'."
 
       def copy_views

data/test/controllers/helpers_test.rb

@@ -60,26 +60,36 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.anybody_signed_in?
   end
 
+  test 'proxy current_user to authenticate with user scope' do
+    @mock_warden.expects(:authenticate).with(:scope => :user)
+    @controller.current_user
+  end
+
   test 'proxy current_admin to authenticate with admin scope' do
     @mock_warden.expects(:authenticate).with(:scope => :admin)
     @controller.current_admin
   end
 
-  test 'proxy current_user to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user)
-    @controller.current_user
+  test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
+    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
+    @controller.current_publisher_account
   end
 
-  test 'proxy user_authenticate! to authenticate with user scope' do
+  test 'proxy authenticate_user! to authenticate with user scope' do
     @mock_warden.expects(:authenticate!).with(:scope => :user)
     @controller.authenticate_user!
   end
 
-  test 'proxy admin_authenticate! to authenticate with admin scope' do
+  test 'proxy authenticate_admin! to authenticate with admin scope' do
     @mock_warden.expects(:authenticate!).with(:scope => :admin)
     @controller.authenticate_admin!
   end
 
+  test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
+    @mock_warden.expects(:authenticate!).with(:scope => :publisher_account)
+    @controller.authenticate_publisher_account!
+  end
+
   test 'proxy user_signed_in? to authenticate? with user scope' do
     @mock_warden.expects(:authenticate?).with(:scope => :user)
     @controller.user_signed_in?
@@ -90,6 +100,11 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.admin_signed_in?
   end
 
+  test 'proxy publisher_account_signed_in? to authenticate? with namespaced publisher account scope' do
+    @mock_warden.expects(:authenticate?).with(:scope => :publisher_account)
+    @controller.publisher_account_signed_in?
+  end
+
   test 'proxy user_session to session scope in warden' do
     @mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
     @mock_warden.expects(:session).with(:user).returns({})
@@ -102,6 +117,12 @@ class ControllerAuthenticableTest < ActionController::TestCase
     @controller.admin_session
   end
 
+  test 'proxy publisher_account_session from namespaced scope to session scope in warden' do
+    @mock_warden.expects(:authenticate).with(:scope => :publisher_account).returns(true)
+    @mock_warden.expects(:session).with(:publisher_account).returns({})
+    @controller.publisher_account_session
+  end
+
   test 'sign in proxy to set_user on warden' do
     user = User.new
     @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)

data/test/integration/authenticatable_test.rb

@@ -313,7 +313,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
   test 'sign in with script name' do
     assert_nothing_raised do
       get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
-      fill_in "email", "user@test.com"
+      fill_in "email", :with => "user@test.com"
     end
   end
 

data/test/integration/http_authenticatable_test.rb

@@ -39,6 +39,14 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
     end
   end
 
+  test 'test request with oauth2 header doesnt get mistaken for basic authentication' do
+    swap Devise, :http_authenticatable => true do
+      add_oauth2_header
+      assert_equal 401, status
+      assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"]
+    end
+  end
+
   private
 
     def sign_in_as_new_user_with_http(username="user@test.com", password="123456")
@@ -46,4 +54,11 @@ class HttpAuthenticationTest < ActionController::IntegrationTest
       get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
       user
     end
+    
+    # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
+    def add_oauth2_header
+      user = create_user
+      get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{ActiveSupport::Base64.encode64("#{user.email}:123456")}"
+    end
+
 end

data/test/integration/registerable_test.rb

@@ -66,7 +66,7 @@ class RegistrationTest < ActionController::IntegrationTest
     click_button 'Sign up'
 
     assert_current_url '/users'
-    assert_contain(/Email .* already .* taken/)
+    assert_contain(/Email .* already.*taken/)
 
     assert_not warden.authenticated?(:user)
   end

data/test/integration/rememberable_test.rb

@@ -131,6 +131,7 @@ class RememberMeTest < ActionController::IntegrationTest
     get destroy_user_session_path
     assert_not warden.authenticated?(:user)
     assert_nil user.reload.remember_token
+    assert_nil warden.cookies['remember_user_token']
   end
 
   test 'do not remember the user anymore after forget' do
@@ -140,5 +141,6 @@ class RememberMeTest < ActionController::IntegrationTest
     get destroy_user_session_path
     get users_path
     assert_not warden.authenticated?(:user)
+    assert_nil warden.cookies['remember_user_token']
   end
 end

data/test/models/database_authenticatable_test.rb

@@ -98,6 +98,13 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert_not user.valid_password?('654321')
   end
 
+  test 'should not validate password when salt is nil' do
+    admin = create_admin
+    admin.password_salt = nil
+    admin.save
+    assert_not admin.valid_password?('123456')
+  end
+
   test 'should respond to current password' do
     assert new_user.respond_to?(:current_password)
   end

data/test/support/helpers.rb

@@ -37,6 +37,12 @@ class ActiveSupport::TestCase
     User.create!(valid_attributes(attributes))
   end
 
+  def create_admin(attributes={})
+    valid_attributes = valid_attributes(attributes)
+    valid_attributes.delete(:username)
+    Admin.create!(valid_attributes)
+  end
+
   # Execute the block setting the given values and restoring old values after
   # the block is executed.
   def swap(object, new_values)

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise
 version: !ruby/object:Gem::Version 
-  hash: 23
+  hash: 21
   prerelease: false
   segments: 
   - 1
   - 1
-  - 2
-  version: 1.1.2
+  - 3
+  version: 1.1.3
 platform: ruby
 authors: 
 - "Jos\xC3\xA9 Valim"
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-25 00:00:00 -03:00
+date: 2010-09-24 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency