devise 1.4.2 → 1.4.3

data/.gitignore

@@ -7,4 +7,6 @@ coverage/*
 rdoc/*
 pkg
 log
-test/tmp/*
+test/tmp/*
+Gemfile.lock
+

data/.travis.yml

@@ -3,5 +3,6 @@ rvm:
   - 1.8.7
   - 1.9.2
   - ree
-  - jruby
-  - rubinius
+  - rbx
+  - rbx-2.0
+  - jruby

data/CHANGELOG.rdoc

@@ -1,7 +1,22 @@
+== 1.4.3
+
+* enhancements
+  * Improve Rails 3.1 compatibility
+  * Use serialize_into_session and serialize_from_session in Warden serialize to improve extensibility
+
+* bug fix
+  * Generator properly generates a change_table migration if a model already exists
+  * Properly deprecate setup_mail
+  * Fix encoding issues with email regexp
+  * Only generate helpers for the used mappings
+  * Wrap :action constraints in the proper hash
+
+* deprecations
+  * Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation
+
 == 1.4.2
 
 * bug fix
-  * Improve Rails 3.1 compatibility
   * Provide a more robust behavior to serializers and add :force_except option
 
 == 1.4.1

data/Gemfile

@@ -2,10 +2,12 @@ source "http://rubygems.org"
 
 gemspec
 
-gem "rails", "~> 3.0.7"
+gem "rails", "~> 3.1.0.rc8"
 gem "oa-oauth", '~> 0.2.0', :require => "omniauth/oauth"
 gem "oa-openid", '~> 0.2.0', :require => "omniauth/openid"
 
+gem "rdoc"
+
 group :test do
   gem "webrat", "0.7.2", :require => false
   gem "mocha", :require => false
@@ -26,7 +28,7 @@ platforms :ruby do
 
   group :mongoid do
     gem "mongo", "~> 1.3.0"
-    gem "mongoid", "2.0.1"
+    gem "mongoid", "~> 2.0"
     gem "bson_ext", "~> 1.3.0"
   end
 end

data/README.rdoc

@@ -7,7 +7,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 * Allows you to have multiple roles (or models/scopes) signed in at the same time;
 * Is based on a modularity concept: use just what you really need.
 
-It's composed of 12 modules:
+It's comprised of 12 modules:
 
 * Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
 * Token Authenticatable: signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
@@ -97,7 +97,7 @@ If you are building your first Rails application, we recommend you to *not* use
 * Michael Hartl's online book: http://railstutorial.org/chapters/modeling-and-viewing-users-two#top
 * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch
 
-Once you have solidified you understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
+Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
 
 == Getting started
 

data/Rakefile

@@ -1,7 +1,7 @@
 # encoding: UTF-8
 
 require 'rake/testtask'
-require 'rake/rdoctask'
+require 'rdoc/task'
 
 desc 'Default: run tests for all ORMs.'
 task :default => :test

data/app/controllers/devise/confirmations_controller.rb

@@ -26,7 +26,7 @@ class Devise::ConfirmationsController < ApplicationController
     if resource.errors.empty?
       set_flash_message(:notice, :confirmed) if is_navigational_format?
       sign_in(resource_name, resource)
-      respond_with_navigational(resource){ redirect_to redirect_location(resource_name, resource) }
+      respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
     else
       respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render_with_scope :new }
     end
@@ -38,4 +38,10 @@ class Devise::ConfirmationsController < ApplicationController
     def after_resending_confirmation_instructions_path_for(resource_name)
       new_session_path(resource_name)
     end
+
+    # The path used after confirmation.
+    def after_confirmation_path_for(resource_name, resource)
+      redirect_location(resource_name, resource)
+    end
+
 end

data/app/controllers/devise/registrations_controller.rb

@@ -19,7 +19,7 @@ class Devise::RegistrationsController < ApplicationController
         sign_in(resource_name, resource)
         respond_with resource, :location => redirect_location(resource_name, resource)
       else
-        set_flash_message :notice, :inactive_signed_up, :reason => resource.inactive_message.to_s if is_navigational_format?
+        set_flash_message :notice, :inactive_signed_up, :reason => inactive_reason(resource) if is_navigational_format?
         expire_session_data_after_sign_in!
         respond_with resource, :location => after_inactive_sign_up_path_for(resource)
       end
@@ -84,10 +84,16 @@ class Devise::RegistrationsController < ApplicationController
     end
 
     # Overwrite redirect_for_sign_in so it takes uses after_sign_up_path_for.
-    def redirect_location(scope, resource) #:nodoc:
+    def redirect_location(scope, resource)
       stored_location_for(scope) || after_sign_up_path_for(resource)
     end
 
+    # Returns the inactive reason translated.
+    def inactive_reason(resource)
+      reason = resource.inactive_message.to_s
+      I18n.t("devise.registrations.reasons.#{reason}", :default => reason)
+    end
+
     # The path used after sign up for inactive accounts. You need to overwrite
     # this method in your own RegistrationsController.
     def after_inactive_sign_up_path_for(resource)

data/app/controllers/devise/sessions_controller.rb

@@ -38,8 +38,10 @@ class Devise::SessionsController < ApplicationController
   protected
 
   def stub_options(resource)
-    array = resource_class.authentication_keys.dup
-    array << :password if resource.respond_to?(:password)
-    { :methods => array, :only => [:password] }
+    methods = resource_class.authentication_keys.dup
+    methods = methods.keys if methods.is_a?(Hash)
+    methods << :password if resource.respond_to?(:password)
+    { :methods => methods, :only => [:password] }
   end
-end
+end
+

data/app/views/devise/confirmations/new.html.erb

@@ -3,10 +3,10 @@
 <%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %><br />
-  <%= f.email_field :email %></p>
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
 
-  <p><%= f.submit "Resend confirmation instructions" %></p>
+  <div><%= f.submit "Resend confirmation instructions" %></div>
 <% end %>
 
 <%= render :partial => "devise/shared/links" %>

data/app/views/devise/passwords/edit.html.erb

@@ -4,13 +4,13 @@
   <%= devise_error_messages! %>
   <%= f.hidden_field :reset_password_token %>
 
-  <p><%= f.label :password, "New password" %><br />
-  <%= f.password_field :password %></p>
+  <div><%= f.label :password, "New password" %><br />
+  <%= f.password_field :password %></div>
 
-  <p><%= f.label :password_confirmation, "Confirm new password" %><br />
-  <%= f.password_field :password_confirmation %></p>
+  <div><%= f.label :password_confirmation, "Confirm new password" %><br />
+  <%= f.password_field :password_confirmation %></div>
 
-  <p><%= f.submit "Change my password" %></p>
+  <div><%= f.submit "Change my password" %></div>
 <% end %>
 
 <%= render :partial => "devise/shared/links" %>

data/app/views/devise/passwords/new.html.erb

@@ -3,10 +3,10 @@
 <%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %><br />
-  <%= f.email_field :email %></p>
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
 
-  <p><%= f.submit "Send me reset password instructions" %></p>
+  <div><%= f.submit "Send me reset password instructions" %></div>
 <% end %>
 
 <%= render :partial => "devise/shared/links" %>

data/app/views/devise/registrations/edit.html.erb

@@ -3,19 +3,19 @@
 <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %><br />
-  <%= f.email_field :email %></p>
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
 
-  <p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
-  <%= f.password_field :password %></p>
+  <div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+  <%= f.password_field :password %></div>
 
-  <p><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></p>
+  <div><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></div>
 
-  <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
-  <%= f.password_field :current_password %></p>
+  <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+  <%= f.password_field :current_password %></div>
 
-  <p><%= f.submit "Update" %></p>
+  <div><%= f.submit "Update" %></div>
 <% end %>
 
 <h3>Cancel my account</h3>

data/app/views/devise/registrations/new.html.erb

@@ -3,16 +3,16 @@
 <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %><br />
-  <%= f.email_field :email %></p>
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
 
-  <p><%= f.label :password %><br />
-  <%= f.password_field :password %></p>
+  <div><%= f.label :password %><br />
+  <%= f.password_field :password %></div>
 
-  <p><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></p>
+  <div><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></div>
 
-  <p><%= f.submit "Sign up" %></p>
+  <div><%= f.submit "Sign up" %></div>
 <% end %>
 
 <%= render :partial => "devise/shared/links" %>

data/app/views/devise/sessions/new.html.erb

@@ -1,17 +1,17 @@
 <h2>Sign in</h2>
 
 <%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
-  <p><%= f.label :email %><br />
-  <%= f.email_field :email %></p>
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
 
-  <p><%= f.label :password %><br />
-  <%= f.password_field :password %></p>
+  <div><%= f.label :password %><br />
+  <%= f.password_field :password %></div>
 
   <% if devise_mapping.rememberable? -%>
-    <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
+    <div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
   <% end -%>
 
-  <p><%= f.submit "Sign in" %></p>
+  <div><%= f.submit "Sign in" %></div>
 <% end %>
 
 <%= render :partial => "devise/shared/links" %>

data/app/views/devise/unlocks/new.html.erb

@@ -3,10 +3,10 @@
 <%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= devise_error_messages! %>
 
-  <p><%= f.label :email %><br />
-  <%= f.email_field :email %></p>
+  <div><%= f.label :email %><br />
+  <%= f.email_field :email %></div>
 
-  <p><%= f.submit "Resend unlock instructions" %></p>
+  <div><%= f.submit "Resend unlock instructions" %></div>
 <% end %>
 
 <%= render :partial => "devise/shared/links" %>

data/config/locales/en.yml

@@ -37,6 +37,10 @@ en:
       inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
+      reasons:
+        inactive: 'inactive'
+        unconfirmed: 'unconfirmed'
+        locked: 'locked'
     unlocks:
       send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
       unlocked: 'Your account was successfully unlocked. You are now signed in.'

data/devise.gemspec

@@ -21,5 +21,5 @@ Gem::Specification.new do |s|
 
   s.add_dependency("warden", "~> 1.0.3")
   s.add_dependency("orm_adapter", "~> 0.0.3")
-  s.add_dependency("bcrypt-ruby", "~> 2.1.2")
+  s.add_dependency("bcrypt-ruby", "~> 3.0")
 end

data/lib/devise.rb

@@ -11,7 +11,6 @@ module Devise
   autoload :PathChecker, 'devise/path_checker'
   autoload :Schema, 'devise/schema'
   autoload :TestHelpers, 'devise/test_helpers'
-  autoload :Email, 'devise/email'
 
   module Controllers
     autoload :Helpers, 'devise/controllers/helpers'
@@ -105,11 +104,11 @@ module Devise
   mattr_accessor :http_authentication_realm
   @@http_authentication_realm = "Application"
 
-  # Email regex used to validate email formats. Based on RFC 822 and
-  # retrieved from Sixarm email validation gem
-  # (https://github.com/SixArm/sixarm_ruby_email_address_validation).
+  # Email regex used to validate email formats. It simply asserts that
+  # an one (and only one) @ exists in the given string. This is mainly
+  # to give user feedback and not to assert the e-mail validity.
   mattr_accessor :email_regexp
-  @@email_regexp = Devise::Email::EXACT_PATTERN
+  @@email_regexp = /\A[^@]+@([^@\.]+\.)+[^@\.]+\z/
 
   # Range validation for password length
   mattr_accessor :password_length
@@ -398,6 +397,12 @@ module Devise
     Rails::VERSION::STRING[0,3] != "3.0"
   end
 
+  # Renegeres url helpers considering Devise.mapping
+  def self.regenerate_helpers!
+    Devise::Controllers::UrlHelpers.remove_helpers!
+    Devise::Controllers::UrlHelpers.generate_helpers!
+  end
+
   # A method used internally to setup warden manager from the Rails initialize
   # block.
   def self.configure_warden! #:nodoc:
@@ -417,7 +422,7 @@ module Devise
 
   # Generate a friendly string randomically to be used as token.
   def self.friendly_token
-    SecureRandom.base64(15).tr('+/=', 'xyz')
+    SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz')
   end
 
   # constant-time comparison algorithm to prevent timing attacks

data/lib/devise/controllers/helpers.rb

@@ -106,6 +106,7 @@ module Devise
           warden.session_serializer.store(resource, scope)
         elsif warden.user(scope) == resource && !options.delete(:force)
           # Do nothing. User already signed in and we are not forcing it.
+          true
         else
           warden.set_user(resource, options.merge!(:scope => scope))
         end

data/lib/devise/controllers/url_helpers.rb

@@ -18,22 +18,31 @@ module Devise
     #
     # Those helpers are added to your ApplicationController.
     module UrlHelpers
+      def self.remove_helpers!
+        self.instance_methods.map(&:to_s).grep(/_(url|path)$/).each do |method|
+          remove_method method
+        end
+      end
 
-      Devise::URL_HELPERS.each do |module_name, actions|
-        [:path, :url].each do |path_or_url|
-          actions.each do |action|
-            action = action ? "#{action}_" : ""
+      def self.generate_helpers!
+        mappings = Devise.mappings.values.map(&:used_routes).flatten.uniq
+        routes = Devise::URL_HELPERS.slice(*mappings)
 
-            class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
-              def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
-                scope = Devise::Mapping.find_scope!(resource_or_scope)
-                send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
-              end
-            URL_HELPERS
+        routes.each do |module_name, actions|
+          [:path, :url].each do |path_or_url|
+            actions.each do |action|
+              action = action ? "#{action}_" : ""
+
+              class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+                def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
+                  scope = Devise::Mapping.find_scope!(resource_or_scope)
+                  send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
+                end
+              URL_HELPERS
+            end
           end
         end
       end
-
     end
   end
 end

data/lib/devise/hooks/timeoutable.rb

@@ -1,7 +1,7 @@
 # Each time a record is set we check whether its session has already timed out
 # or not, based on last request time. If so, the record is logged out and
 # redirected to the sign in page. Also, each time the request comes and the
-# record is set, we set the last request time inside it's scoped session to
+# record is set, we set the last request time inside its scoped session to
 # verify timeout in the following request.
 Warden::Manager.after_set_user do |record, warden, options|
   scope = options[:scope]

data/lib/devise/mailers/helpers.rb

@@ -10,6 +10,11 @@ module Devise
 
       protected
 
+      def setup_mail(*args)
+        ActiveSupport::Deprecation.warn "setup_mail is deprecated, please use devise_mail instead", caller
+        devise_mail(*args)
+      end
+
       # Configure default email options
       def devise_mail(record, action)
         initialize_from_record(record)
@@ -45,7 +50,9 @@ module Devise
       end
 
       def mailer_sender(mapping)
-        if Devise.mailer_sender.is_a?(Proc)
+        if default_params[:from].present?
+          default_params[:from]
+        elsif Devise.mailer_sender.is_a?(Proc)
           Devise.mailer_sender.call(mapping.name)
         else
           Devise.mailer_sender
@@ -81,4 +88,4 @@ module Devise
       end
     end
   end
-end
+end