devise 1.2.rc → 1.2.rc2

data/.gitignore

@@ -0,0 +1,10 @@
+**/*/log/*
+**/*/tmp/*
+*~
+coverage/*
+*.sqlite3
+.bundle
+rdoc/*
+pkg
+log
+test/tmp/*

data/.travis.yml

@@ -0,0 +1 @@
+script: "rake test"

data/CHANGELOG.rdoc

@@ -1,3 +1,33 @@
+== 1.2.rc2
+
+* enhancements
+  * Make friendly_token 20 chars long
+  * Use secure_compare
+
+* bug fix
+  * Fix an issue causing infinite redirects in production
+  * rails g destroy works properly with devise generators (by github.com/andmej)
+  * before_failure callbacks should work on test helpers (by github.com/twinge)
+  * rememberable cookie now is httponly by default (by github.com/JamesFerguson)
+  * Add missing confirmation_keys (by github.com/JohnPlummer)
+  * Ensure after_* hooks are called on RegistrationsController
+  * When using database_authenticatable Devise will now only create an email field when appropriate (if using default authentication_keys or custom authentication_keys with email included)
+  * Ensure stateless token does not trigger timeout (by github.com/pixelauthority)
+  * Implement handle_unverified_request for Rails 3.0.4 compatibility and improve FailureApp reliance on symbols
+  * Consider namespaces while generating routes
+  * Custom failure apps no longer ignored in test mode (by github.com/jaghion)
+  * Do not depend on ActiveModel::Dirty
+  * Manual sign_in now triggers remember token
+  * Be sure to halt strategies on failures
+  * Consider SCRIPT_NAME on Omniauth paths
+  * Reset failed attempts when lock is expired
+  * Ensure there is no Mongoid injection
+
+* deprecations
+  * Deprecated anybody_signed_in? in favor of signed_in? (by github.com/gavinhughes)
+  * Removed --haml and --slim view templates
+  * Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode
+
 == 1.2.rc
 
 * deprecations
@@ -30,12 +60,26 @@
 * bugfix
   * after_sign_in_path_for always receives a resource
   * Do not execute Warden::Callbacks on Devise::TestHelpers (by github.com/sgronblo)
-  * Password recovery and account unlocking takes into account authentication keys (by github.com/RStankov)
+  * Allow password recovery and account unlocking to change used keys (by github.com/RStankov)
   * FailureApp now properly handles nil request.format
   * Fix a bug causing FailureApp to return with HTTP Auth Headers for IE7
   * Ensure namespaces has proper scoped views
   * Ensure Devise does not set empty flash messages (by github.com/sxross)
 
+== 1.1.6
+
+* Use a more secure e-mail regexp
+* Implement Rails 3.0.4 handle unverified request
+* Use secure_compare to compare passwords
+
+== 1.1.5
+
+* bugfix
+  * Ensure to convert keys on indifferent hash
+
+* defaults
+  * Set config.http_authenticatable to false to avoid confusion
+
 == 1.1.4
 
 * bugfix

data/Gemfile

@@ -0,0 +1,29 @@
+source "http://rubygems.org"
+
+gemspec
+
+gem "rails", "~> 3.0.4"
+gem "oa-oauth", '~> 0.2.0', :require => "omniauth/oauth"
+gem "oa-openid", '~> 0.2.0', :require => "omniauth/openid"
+
+group :test do
+  gem "webrat", "0.7.2", :require => false
+  gem "mocha", :require => false
+end
+
+platforms :jruby do
+  gem 'activerecord-jdbcsqlite3-adapter'
+end
+
+platforms :ruby do
+  group :test do
+    gem "sqlite3-ruby"
+    gem "ruby-debug", ">= 0.10.3" if RUBY_VERSION < '1.9'
+  end
+
+  group :mongoid do
+    gem "mongo", "1.1.2"
+    gem "mongoid", "2.0.0.beta.20"
+    gem "bson_ext", "1.2.1"
+  end
+end

data/Gemfile.lock

@@ -0,0 +1,158 @@
+PATH
+  remote: .
+  specs:
+    devise (1.2.rc)
+      bcrypt-ruby (~> 2.1.2)
+      orm_adapter (~> 0.0.3)
+      warden (~> 1.0.3)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    abstract (1.0.0)
+    actionmailer (3.0.4)
+      actionpack (= 3.0.4)
+      mail (~> 2.2.15)
+    actionpack (3.0.4)
+      activemodel (= 3.0.4)
+      activesupport (= 3.0.4)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.4)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.13)
+      rack-test (~> 0.5.7)
+      tzinfo (~> 0.3.23)
+    activemodel (3.0.4)
+      activesupport (= 3.0.4)
+      builder (~> 2.1.2)
+      i18n (~> 0.4)
+    activerecord (3.0.4)
+      activemodel (= 3.0.4)
+      activesupport (= 3.0.4)
+      arel (~> 2.0.2)
+      tzinfo (~> 0.3.23)
+    activerecord-jdbc-adapter (1.1.1)
+    activerecord-jdbcsqlite3-adapter (1.1.1)
+      activerecord-jdbc-adapter (= 1.1.1)
+      jdbc-sqlite3 (~> 3.6.0)
+    activeresource (3.0.4)
+      activemodel (= 3.0.4)
+      activesupport (= 3.0.4)
+    activesupport (3.0.4)
+    addressable (2.2.4)
+    arel (2.0.8)
+    bcrypt-ruby (2.1.4)
+    bson (1.2.1)
+    bson_ext (1.2.1)
+    builder (2.1.2)
+    columnize (0.3.2)
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
+    faraday (0.5.7)
+      addressable (~> 2.2.4)
+      multipart-post (~> 1.1.0)
+      rack (>= 1.1.0, < 2)
+    i18n (0.5.0)
+    jdbc-sqlite3 (3.6.14.2.056-java)
+    linecache (0.43)
+    mail (2.2.15)
+      activesupport (>= 2.3.6)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.16)
+    mocha (0.9.12)
+    mongo (1.1.2)
+      bson (>= 1.1.1)
+    mongoid (2.0.0.beta.20)
+      activemodel (~> 3.0)
+      mongo (~> 1.1)
+      tzinfo (~> 0.3.22)
+      will_paginate (~> 3.0.pre)
+    multi_json (0.0.5)
+    multipart-post (1.1.0)
+    nokogiri (1.4.4)
+    nokogiri (1.4.4-java)
+      weakling (>= 0.0.3)
+    oa-core (0.2.0)
+      rack (~> 1.1)
+    oa-oauth (0.2.0)
+      multi_json (~> 0.0.2)
+      nokogiri (~> 1.4.2)
+      oa-core (= 0.2.0)
+      oauth (~> 0.4.0)
+      oauth2 (~> 0.1.1)
+    oa-openid (0.2.0)
+      oa-core (= 0.2.0)
+      rack-openid (~> 1.2.0)
+      ruby-openid-apps-discovery
+    oauth (0.4.4)
+    oauth2 (0.1.1)
+      faraday (~> 0.5.0)
+      multi_json (~> 0.0.4)
+    orm_adapter (0.0.4)
+    polyglot (0.3.1)
+    rack (1.2.1)
+    rack-mount (0.6.13)
+      rack (>= 1.0.0)
+    rack-openid (1.2.0)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.5.7)
+      rack (>= 1.0)
+    rails (3.0.4)
+      actionmailer (= 3.0.4)
+      actionpack (= 3.0.4)
+      activerecord (= 3.0.4)
+      activeresource (= 3.0.4)
+      activesupport (= 3.0.4)
+      bundler (~> 1.0)
+      railties (= 3.0.4)
+    railties (3.0.4)
+      actionpack (= 3.0.4)
+      activesupport (= 3.0.4)
+      rake (>= 0.8.7)
+      thor (~> 0.14.4)
+    rake (0.8.7)
+    ruby-debug (0.10.4)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.4.0)
+    ruby-debug-base (0.10.4)
+      linecache (>= 0.3)
+    ruby-openid (2.1.8)
+    ruby-openid-apps-discovery (1.2.0)
+      ruby-openid (>= 2.1.7)
+    sqlite3 (1.3.3)
+    sqlite3-ruby (1.3.3)
+      sqlite3 (>= 1.3.3)
+    thor (0.14.6)
+    treetop (1.4.9)
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.24)
+    warden (1.0.3)
+      rack (>= 1.0.0)
+    weakling (0.0.4-java)
+    webrat (0.7.2)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+    will_paginate (3.0.pre2)
+
+PLATFORMS
+  java
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbcsqlite3-adapter
+  bson_ext (= 1.2.1)
+  devise!
+  mocha
+  mongo (= 1.1.2)
+  mongoid (= 2.0.0.beta.20)
+  oa-oauth (~> 0.2.0)
+  oa-openid (~> 0.2.0)
+  rails (~> 3.0.4)
+  ruby-debug (>= 0.10.3)
+  sqlite3-ruby
+  webrat (= 0.7.2)

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2009 Plataforma Tecnologia. http://blog.plataformatec.com.br
+Copyright 2009-2011 Plataforma Tecnologia. http://blog.plataformatec.com.br
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.rdoc

@@ -9,7 +9,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 
 It's composed of 12 modules:
 
-* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
+* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
 * Token Authenticatable: signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
 * Omniauthable: adds Omniauth (github.com/intridea/omniauth) support;
 * Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
@@ -20,11 +20,11 @@ It's composed of 12 modules:
 * Timeoutable: expires sessions that have no activity in a specified period of time.
 * Validatable: provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
 * Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
-* Encryptable: allows support of other authentication mechanisms besides Bcrypt (the default).
+* Encryptable: adds support of other authentication mechanisms besides the built-in Bcrypt (the default).
 
 == Information
 
-=== The Devise Wiki
+=== The Devise wiki
 
 The Devise Wiki has lots of additional information about Devise including many "how-to" articles and answers to the most frequently asked questions. Please browse the Wiki after finishing this README:
 
@@ -36,11 +36,11 @@ If you discover a problem with Devise, we would like to know about it. However,
 
 http://github.com/plataformatec/devise/wiki/Bug-reports
 
-If you found a security bug, do *NOT* use the GitHub Issue tracker. Send private GitHub message or email to the maintainers listed in the bottom of the README.
+If you found a security bug, do *NOT* use the GitHub issue tracker. Send email or a private GitHub message to the maintainers listed at the bottom of the README.
 
-=== Google Group
+=== Mailing list
 
-If you have any questions, comments, or concerns please use the Google Group instead of the GitHub Issues tracker:
+If you have any questions, comments, or concerns, please use the Google Group instead of the GitHub issue tracker:
 
 http://groups.google.com/group/plataformatec-devise
 
@@ -52,7 +52,7 @@ http://rubydoc.info/github/plataformatec/devise/master/frames
 
 If you need to use Devise with Rails 2.3, you can always run `gem server` from the command line after you install the gem to access the old documentation.
 
-=== Example Applications
+=== Example applications
 
 There are a few example applications available on GitHub that demonstrate various features of Devise with different versions of Rails. You can view them here:
 
@@ -70,6 +70,8 @@ We hope that you will consider contributing to Devise. Please read this short ov
 
 http://github.com/plataformatec/devise/wiki/Contributing
 
+You will usually want to write tests for your changes.  To run the test suite, `cd` into Devise's top-level directory and run `bundle install` and `rake`.  For the tests to pass, you will need to have a MongoDB server (version 1.6 or newer) running on your system.
+
 == Installation
 
 You can use the latest Rails 3 gem with the latest Devise gem:
@@ -88,6 +90,15 @@ Replace MODEL by the class name you want to add devise, like User, Admin, etc. T
 
 Support for Rails 2.3.x can be found by installing Devise 1.0.x from the v1.0 branch.
 
+== Starting with Rails?
+
+If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources:
+
+* Michael Hartl's online book: http://railstutorial.org/chapters/modeling-and-viewing-users-two#top
+* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch
+
+Once you have solidified you understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
+
 == Getting started
 
 This is a walkthrough with all steps you need to setup a devise resource, including model, migration, route files, and optional configuration.
@@ -201,7 +212,13 @@ Since Devise is an engine, all its views are packaged inside the gem. These view
 
   rails generate devise:views
 
-If you are using HAML, you will need hpricot installed to convert Devise views to HAML.
+Devise currently supports generating views for the following template engines (use the `-e` flag for the devise:views generator):
+
+* Erb
+* Haml (http://github.com/nex3/haml)
+* Slim (http://github.com/stonean/slim)
+
+Note: If you are generating Haml or Slim templates, you will need to have a few dependencies such as `ruby_parser` (for Haml), `hpricot` (for both Haml and Slim) and `haml2slim` (for Slim) installed.
 
 If you have more than one role in your application (such as "User" and "Admin"), you will notice that Devise uses the same views for all roles. Fortunately, Devise offers an easy way to customize views. All you need to do is set "config.scoped_views = true" inside "config/initializers/devise.rb".
 

data/Rakefile

@@ -0,0 +1,34 @@
+# encoding: UTF-8
+
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run tests for all ORMs.'
+task :default => :pre_commit
+
+desc 'Run Devise tests for all ORMs.'
+task :pre_commit do
+  Dir[File.join(File.dirname(__FILE__), 'test', 'orm', '*.rb')].each do |file|
+    orm = File.basename(file).split(".").first
+    # "Some day, my son, rake's inner wisdom will reveal itself.  Until then,
+    # take this `system` -- may its brute force protect you well."
+    exit 1 unless system "rake test DEVISE_ORM=#{orm}"
+  end
+end
+
+desc 'Run Devise unit tests.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for Devise.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Devise'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/TODO

@@ -0,0 +1,4 @@
+* Move integration tests to Capybara
+* Better ORM integration
+* Add support to automatically refresh the access token for OAuth
+* Add test to generators using the new Rails::Generators::TestCase

data/app/controllers/devise/omniauth_callbacks_controller.rb

@@ -9,18 +9,18 @@ class Devise::OmniauthCallbacksController < ApplicationController
   protected
 
   def failed_strategy
-    env["omniauth.failed_strategy"]
+    env["omniauth.error.strategy"]
   end
 
   def failure_message
     exception = env["omniauth.error"]
     error   = exception.error_reason if exception.respond_to?(:error_reason)
     error ||= exception.error        if exception.respond_to?(:error)
-    error ||= env["omniauth.failure_key"]
+    error ||= env["omniauth.error.type"].to_s
     error.to_s.humanize if error
   end
 
   def after_omniauth_failure_path_for(scope)
     new_session_path(scope)
   end
-end
+end

data/app/controllers/devise/registrations_controller.rb

@@ -9,7 +9,7 @@ class Devise::RegistrationsController < ApplicationController
     render_with_scope :new
   end
 
-  # POST /resource/sign_up
+  # POST /resource
   def create
     build_resource
 
@@ -78,8 +78,8 @@ class Devise::RegistrationsController < ApplicationController
     end
 
     # Overwrite redirect_for_sign_in so it takes uses after_sign_up_path_for.
-    def redirect_for_sign_in(scope, resource) #:nodoc:
-      redirect_to stored_location_for(scope) || after_sign_up_path_for(resource)
+    def redirect_location(scope, resource) #:nodoc:
+      stored_location_for(scope) || after_sign_up_path_for(resource)
     end
 
     # The path used after sign up for inactive accounts. You need to overwrite
@@ -104,7 +104,7 @@ class Devise::RegistrationsController < ApplicationController
     # We need to use a copy because we don't want actions like update changing
     # the current user in place.
     def authenticate_scope!
-      send(:"authenticate_#{resource_name}!")
+      send(:"authenticate_#{resource_name}!", true)
       self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
     end
 end