devise 1.1.rc0 → 1.1.rc1

data/CHANGELOG.rdoc

@@ -1,4 +1,4 @@
-== 1.1.pre
+== 1.1.rc1
 
 * enhancements
   * Rails 3 compatibility.
@@ -17,11 +17,10 @@
   * TokenAuthenticatable now works with HTTP Basic Auth.
   * Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or none. Setting those values to :none means that you want to handle lock and unlocking by yourself.
   * No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3.
-  * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure.
+  * :activatable is included by default in your models.
 
 * bug fix
-  * Do not allow unlockable strategies based on time to access a controller.
-  * Do not send unlockable email several times.
+  * fix a bug with STI
 
 * deprecations
   * Rails 3 compatible only.
@@ -29,6 +28,14 @@
   * Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead.
   * Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options.
   * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure.
+  * :as and :scope in routes is deprecated. Use :path and :singular instead.
+
+== 1.0.6
+
+* bug fix
+  * Do not allow unlockable strategies based on time to access a controller.
+  * Do not send unlockable email several times.
+  * Allow controller to upstram custom! failures to Warden.
 
 == 1.0.5
 

data/Gemfile

@@ -1,7 +1,7 @@
 source "http://gemcutter.org"
 
 # Need to install Rails from source
-gem "rails", "3.0.0.beta2"
+gem "rails", "3.0.0.beta3"
 gem "warden", "0.10.3"
 gem "sqlite3-ruby", :require => "sqlite3"
 gem "webrat", "0.7"

data/README.rdoc

@@ -19,7 +19,6 @@ Right now it's composed of 11 modules:
 * Timeoutable: expires sessions that have no activity in a specified period of time.
 * Validatable: provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
 * Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
-* Activatable: use this module if you need to activate accounts by means other than confirmation.
 
 == Examples
 
@@ -32,11 +31,11 @@ Devise is based on Warden (http://github.com/hassox/warden), a Rack Authenticati
 
 == Installation
 
-Devise master branch now supports Rails 3 and is NOT backward compatible. If you are using Rails 3.0.0 beta gem, you need to install devise as a gem:
+Devise master branch now supports Rails 3 and is NOT backward compatible. You can use the latest Rails 3 beta gem with Devise latest gem:
 
-  sudo gem install devise --version=1.1.pre4
+  sudo gem install devise --version=1.1.rc1
 
-However, if you are using Rails edge, from the git repository, you also need to use Devise from the git repository. After you install Devise and add it to your gemfile, you need to run the generator:
+After you install Devise and add it to your Gemfile, you need to run the generator:
 
   rails generate devise_install
 
@@ -44,11 +43,15 @@ And you're ready to go. The generator will install an initializer which describe
 
   http://rdoc.info/projects/plataformatec/devise
 
+The documentation above is for Rails 3. If you want to consult the documentation for Rails 2.3, you need to start `gem server` in your own machine. Finally, another good resource for information, is the wiki:
+
+  http://wiki.github.com/plataformatec/devise
+
 == Rails 2.3
 
 If you want to use the Rails 2.3.x version, you should do:
 
-  sudo gem install devise --version=1.0.4
+  sudo gem install devise --version=1.0.6
 
 Or checkout from the v1.0 branch:
 
@@ -63,13 +66,13 @@ Devise must be set up within the model (or models) you want to use. Devise route
 We're assuming here you want a User model with some Devise modules, as outlined below:
 
   class User < ActiveRecord::Base
-    devise :authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
+    devise :database_authenticatable, :confirmable, :recoverable, :rememberable, :trackable, :validatable
   end
 
 After you choose which modules to use, you need to set up your migrations. Luckily, Devise has some helpers to save you from this boring work:
 
   create_table :users do |t|
-    t.authenticatable
+    t.database_authenticatable
     t.confirmable
     t.recoverable
     t.rememberable
@@ -127,13 +130,13 @@ Devise allows you to set up as many roles as you want. For example, you may have
 
   # Create a migration with the required fields
   create_table :admins do |t|
-    t.authenticatable
+    t.database_authenticatable
     t.lockable
     t.trackable
   end
 
   # Inside your Admin model
-  devise :authenticatable, :trackable, :timeoutable, :lockable
+  devise :database_authenticatable, :trackable, :timeoutable, :lockable
 
   # Inside your routes
   devise_for :admin
@@ -162,36 +165,38 @@ This will create a model named "Model" configured with default Devise modules an
 
 == Model configuration
 
-The devise method in your models also accepts some options to configure its modules. For example, you can choose which encryptor to use in authenticatable:
+The devise method in your models also accepts some options to configure its modules. For example, you can choose which encryptor to use in database_authenticatable:
 
-  devise :authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
+  devise :database_authenticatable, :confirmable, :recoverable, :encryptor => :bcrypt
 
 Besides :encryptor, you can define :pepper, :stretches, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the devise_install generator described above.
 
-== Configuring controllers and views
+== Configuring views
 
-We built Devise to help you quickly develop an application that uses authentication. We don't want to be in your way when you need to customize it.
+We built Devise to help you quickly develop an application that uses authentication. However, we don't want to be in your way when you need to customize it.
 
-Since Devise is an engine, all its default views are packaged inside the gem. The default views will get you started but you may want to customize them. Devise has a generator to copy the default views to your application. After they've been copied to your application, you can make changes as required:
+Since Devise is an engine, all its views are packaged inside the gem. These views will help you get started, but after sometime you may want to change them. If this is the case, you just need to invoke the following generator, and it will copy all views to your application:
 
   rails generate devise_views
 
-If you have more than one role in your application (such as "user" and "admin"), you will notice that Devise uses the same views for all roles. You may need different views for each role. Devise offers an easy way to customize views for each role. Just set config.scoped_views to "true" inside "config/initializers/devise.rb".
+However, if you have more than one role in your application (such as "User" and "Admin"), you will notice that Devise uses the same views for all roles. Fortunately, Devise offers an easy way to customize views. All you need to do is set "config.scoped_views = true" inside "config/initializers/devise.rb".
+
+After doing so, you will be able to have views based on the role like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will use the default view at "devise/sessions/new".
 
-After doing so you will be able to have views based on the scope like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will use the default view at "devise/sessions/new".
+== Configuring controllers
 
-Finally, if the customization at the views level is not enough, you can customize each controller by following these steps:
+If the customization at the views level is not enough, you can customize each controller by following these steps:
 
-  1) Create your custom controller, for example a Admins::SessionsController:
+1) Create your custom controller, for example a Admins::SessionsController:
 
     class Admins::SessionsController < Devise::SessionsController
     end
 
-  2) Tell the router to use this controller:
+2) Tell the router to use this controller:
 
-    devise_for :admins, :controllers => { :sessions = "admin/sessions" }
+    devise_for :admins, :controllers => { :sessions => "admin/sessions" }
 
-  3) And finally, since we changed the controller, it won't use the "devise/sessions" views, so remember to copy "devise/sessions" to "admin/sessions".
+3) And since we changed the controller, it won't use the "devise/sessions" views, so remember to copy "devise/sessions" to "admin/sessions".
 
 Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate.
 
@@ -285,7 +290,7 @@ http://groups.google.com/group/plataformatec-devise
 
 See the wiki for additional documentation and support.
 
-http://wiki.github.com/plataformatec/devise/
+http://wiki.github.com/plataformatec/devise
 
 == License
 

data/TODO

@@ -1,3 +1,2 @@
-* Extract Activatable tests from Confirmable
 * Move integration tests to Capybara
 * Better ORM integration

data/app/helpers/devise_helper.rb

@@ -0,0 +1,17 @@
+module DeviseHelper
+  def devise_error_messages!
+    return "" if resource.errors.empty?
+
+    messages = resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join
+    sentence = "#{pluralize(resource.errors.count, "error")} prohibited this #{resource_name} from being saved:"
+
+    html = <<-HTML
+    <div id="error_explanation">
+      <h2>#{sentence}</h2>
+      <ul>#{messages}</ul>
+    </div>
+    HTML
+
+    html.html_safe
+  end
+end

data/app/{models → mailers}/devise/mailer.rb

@@ -24,7 +24,7 @@ class Devise::Mailer < ::ActionMailer::Base
       @resource       = instance_variable_set("@#{@devise_mapping.name}", record)
 
       template_path = ["devise/mailer"]
-      template_path.unshift "#{@devise_mapping.as}/mailer" if self.class.scoped_views?
+      template_path.unshift "#{@devise_mapping.plural}/mailer" if self.class.scoped_views?
 
       headers = {
         :subject => translate(@devise_mapping, action),
@@ -37,6 +37,13 @@ class Devise::Mailer < ::ActionMailer::Base
       mail(headers)
     end
 
+    # Fix a bug in Rails 3 beta 3
+    def mail(*) #:nodoc:
+      super
+      @_message["template_path"] = nil
+      @_message
+    end
+
     def mailer_sender(mapping)
       if Devise.mailer_sender.is_a?(Proc)
         Devise.mailer_sender.call(mapping.name)

data/app/views/devise/confirmations/new.html.erb

@@ -1,7 +1,7 @@
 <h2>Resend confirmation instructions</h2>
 
-<%= form_for(resource_name, resource, :url => confirmation_path(resource_name)) do |f| %>
-  <%= f.error_messages %>
+<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name)) do |f| %>
+  <%= devise_error_messages! %>
 
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>

data/app/views/devise/passwords/edit.html.erb

@@ -1,7 +1,7 @@
 <h2>Change your password</h2>
 
-<%= form_for(resource_name, resource, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
-  <%= f.error_messages %>
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
   <%= f.hidden_field :reset_password_token %>
 
   <p><%= f.label :password %></p>

data/app/views/devise/passwords/new.html.erb

@@ -1,7 +1,7 @@
 <h2>Forgot your password?</h2>
 
-<%= form_for(resource_name, resource, :url => password_path(resource_name)) do |f| %>
-  <%= f.error_messages %>
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name)) do |f| %>
+  <%= devise_error_messages! %>
 
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>

data/app/views/devise/registrations/edit.html.erb

@@ -1,7 +1,7 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 
-<%= form_for(resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
-  <%= f.error_messages %>
+<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
 
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>

data/app/views/devise/registrations/new.html.erb

@@ -1,7 +1,8 @@
 <h2>Sign up</h2>
 
-<%= form_for(resource_name, resource, :url => registration_path(resource_name)) do |f| %>
-  <%= f.error_messages %>
+<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+  <%= devise_error_messages! %>
+
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>
 

data/app/views/devise/sessions/new.html.erb

@@ -1,6 +1,6 @@
 <h2>Sign in</h2>
 
-<%= form_for(resource_name, resource, :url => session_path(resource_name)) do |f| %>
+<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>
 

data/app/views/devise/shared/_links.erb

@@ -14,6 +14,6 @@
   <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
 <% end -%>
 
-<%- if devise_mapping.lockable? && controller_name != 'unlocks' %>
+<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
   <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
 <% end -%>

data/app/views/devise/unlocks/new.html.erb

@@ -1,7 +1,7 @@
 <h2>Resend unlock instructions</h2>
 
-<%= form_for(resource_name, resource, :url => unlock_path(resource_name)) do |f| %>
-  <%= f.error_messages %>
+<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name)) do |f| %>
+  <%= devise_error_messages! %>
 
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>

data/config/locales/en.yml

@@ -24,7 +24,7 @@ en:
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
-      signed_up: 'You have signed up successfully.'
+      signed_up: 'You have signed up successfully. If enabled, a confirmation was sent your e-mail.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:

data/lib/devise/controllers/internal_helpers.rb

@@ -9,6 +9,7 @@ module Devise
 
       included do
         unloadable
+        helper DeviseHelper
 
         helpers = %w(resource scope_name resource_name
                      resource_class devise_mapping devise_controller?)

data/lib/devise/controllers/scoped_views.rb

@@ -22,7 +22,7 @@ module Devise
 
         if self.class.scoped_views?
           begin
-            render :template => "#{devise_mapping.as}/#{controller_name}/#{action}"
+            render :template => "#{devise_mapping.plural}/#{controller_name}/#{action}"
           rescue ActionView::MissingTemplate
             render :template => "#{controller_path}/#{action}"
           end

data/lib/devise/hooks/activatable.rb

@@ -5,23 +5,4 @@ Warden::Manager.after_set_user do |record, warden, options|
     warden.logout(scope)
     throw :warden, :scope => scope, :message => record.inactive_message
   end
-end
-
-module Devise
-  module Hooks
-    # Overwrite Devise base strategy to only authenticate an user if it's active.
-    # If you have an strategy that does not use Devise::Strategy::Base, don't worry
-    # because the hook above will still avoid it to authenticate.
-    module Activatable
-      def success!(resource)
-        if resource.respond_to?(:active?) && !resource.active?
-          fail!(resource.inactive_message)
-        else
-          super
-        end
-      end
-    end
-  end
-end
-
-Devise::Strategies::Base.send :include, Devise::Hooks::Activatable
+end

data/lib/devise/hooks/forgetable.rb

@@ -0,0 +1,10 @@
+# Before logout hook to forget the user in the given scope, if it responds
+# to forget_me! Also clear remember token to ensure the user won't be
+# remembered again. Notice that we forget the user unless the record is frozen.
+# This avoids forgetting deleted users.
+Warden::Manager.before_logout do |record, warden, scope|
+  if record.respond_to?(:forget_me!)
+    record.forget_me! unless record.frozen?
+    warden.cookies.delete "remember_#{scope}_token"
+  end
+end

data/lib/devise/hooks/rememberable.rb

@@ -1,19 +1,9 @@
-# Before logout hook to forget the user in the given scope, if it responds
-# to forget_me! Also clear remember token to ensure the user won't be
-# remembered again. Notice that we forget the user unless the record is frozen.
-# This avoids forgetting deleted users.
-Warden::Manager.before_logout do |record, warden, scope|
-  if record.respond_to?(:forget_me!)
-    record.forget_me! unless record.frozen?
-    warden.cookies.delete "remember_#{scope}_token"
-  end
-end
-
 module Devise
   module Hooks
     # Overwrite success! in authentication strategies allowing users to be remembered.
-    # We choose to implement this as an strategy hook instead of a Devise hook to avoid users
-    # giving a remember_me access in strategies that should not create remember me tokens.
+    # We choose to implement this as an strategy hook instead of a warden hook to allow a specific
+    # strategy (like token authenticatable or facebook authenticatable) to turn off remember_me?
+    # cookies.
     module Rememberable #:nodoc:
       def success!(resource)
         super
@@ -29,7 +19,7 @@ module Devise
         end
       end
 
-      protected
+    protected
 
       def remember_me?
         valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])

data/lib/devise/mapping.rb

@@ -22,14 +22,15 @@ module Devise
   #   # is the modules included in the class
   #
   class Mapping #:nodoc:
-    attr_reader :name, :as, :controllers, :path_names, :path_prefix
+    attr_reader :singular, :plural, :path, :controllers, :path_names, :path_prefix
+    alias :name :singular
 
     # Loop through all mappings looking for a map that matches with the requested
     # path (ie /users/sign_in). If a path prefix is given, it's taken into account.
     def self.find_by_path(path)
       Devise.mappings.each_value do |mapping|
-        route = path.split("/")[mapping.as_position]
-        return mapping if route && mapping.as == route.to_sym
+        route = path.split("/")[mapping.segment_position]
+        return mapping if route && mapping.path == route.to_sym
       end
       nil
     end
@@ -50,9 +51,20 @@ module Devise
     end
 
     def initialize(name, options) #:nodoc:
-      @as    = (options.delete(:as) || name).to_sym
-      @klass = (options.delete(:class_name) || name.to_s.classify).to_s
-      @name  = (options.delete(:scope) || name.to_s.singularize).to_sym
+      if as = options.delete(:as)
+        ActiveSupport::Deprecation.warn ":as is deprecated, please use :path instead."
+        options[:path] ||= as
+      end
+
+      if scope = options.delete(:scope)
+        ActiveSupport::Deprecation.warn ":scope is deprecated, please use :singular instead."
+        options[:singular] ||= scope
+      end
+
+      @plural   = name.to_sym
+      @path     = (options.delete(:path) || name).to_sym
+      @klass    = (options.delete(:class_name) || name.to_s.classify).to_s
+      @singular = (options.delete(:singular) || name.to_s.singularize).to_sym
 
       @path_prefix = "/#{options.delete(:path_prefix)}/".squeeze("/")
 
@@ -96,13 +108,13 @@ module Devise
     end
 
     # Return in which position in the path prefix devise should find the as mapping.
-    def as_position
+    def segment_position
       self.path_prefix.count("/")
     end
 
     # Returns the raw path using path_prefix and as.
-    def path
-      path_prefix + as.to_s
+    def full_path
+      path_prefix + path.to_s
     end
 
     def authenticatable?