devise 1.4.3 → 1.4.5

data/CHANGELOG.rdoc

@@ -1,3 +1,16 @@
+== 1.4.5
+
+* bug fix
+  * Failure app tries the root path if a session one does not exist
+  * No need to finalize Devise helpers all the time (by github.com/bradleypriest)
+  * Reset password shows proper message if user is not active
+  * `clean_up_passwords` sets the accessors to nil to skip validations
+
+== 1.4.4
+
+* bug fix
+  * Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually
+
 == 1.4.3
 
 * enhancements

data/Gemfile

@@ -2,7 +2,7 @@ source "http://rubygems.org"
 
 gemspec
 
-gem "rails", "~> 3.1.0.rc8"
+gem "rails", "~> 3.1.0"
 gem "oa-oauth", '~> 0.2.0', :require => "omniauth/oauth"
 gem "oa-openid", '~> 0.2.0', :require => "omniauth/openid"
 
@@ -14,7 +14,9 @@ group :test do
 end
 
 platforms :jruby do
+  gem 'activerecord-jdbc-adapter', :git => 'https://github.com/nicksieger/activerecord-jdbc-adapter.git'
   gem 'activerecord-jdbcsqlite3-adapter'
+  gem 'jruby-openssl'
 end
 
 platforms :mri_18 do

data/app/controllers/devise/passwords_controller.rb

@@ -32,7 +32,8 @@ class Devise::PasswordsController < ApplicationController
     self.resource = resource_class.reset_password_by_token(params[resource_name])
 
     if resource.errors.empty?
-      set_flash_message(:notice, :updated) if is_navigational_format?
+      flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
+      set_flash_message(:notice, flash_message) if is_navigational_format?
       sign_in(resource_name, resource)
       respond_with resource, :location => redirect_location(resource_name, resource)
     else

data/config/locales/en.yml

@@ -27,6 +27,7 @@ en:
     passwords:
       send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
       updated: 'Your password was changed successfully. You are now signed in.'
+      updated_not_active: 'Your password was changed successfully.'
       send_paranoid_instructions: "If your e-mail exists on our database, you will receive a password recovery link on your e-mail"
     confirmations:
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'

data/lib/devise.rb

@@ -397,7 +397,7 @@ module Devise
     Rails::VERSION::STRING[0,3] != "3.0"
   end
 
-  # Renegeres url helpers considering Devise.mapping
+  # Regenerates url helpers considering Devise.mapping
   def self.regenerate_helpers!
     Devise::Controllers::UrlHelpers.remove_helpers!
     Devise::Controllers::UrlHelpers.generate_helpers!

data/lib/devise/controllers/url_helpers.rb

@@ -25,7 +25,7 @@ module Devise
       end
 
       def self.generate_helpers!
-        mappings = Devise.mappings.values.map(&:used_routes).flatten.uniq
+        mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
         routes = Devise::URL_HELPERS.slice(*mappings)
 
         routes.each do |module_name, actions|

data/lib/devise/failure_app.rb

@@ -65,10 +65,14 @@ module Devise
     end
 
     def redirect_url
-      if skip_format?
-        send(:"new_#{scope}_session_path")
+      opts  = {}
+      route = :"new_#{scope}_session_path"
+      opts[:format] = request_format unless skip_format?
+
+      if respond_to?(route)
+        send(route, opts)
       else
-        send(:"new_#{scope}_session_path", :format => request_format)
+        root_path(opts)
       end
     end
 

data/lib/devise/mapping.rb

@@ -23,7 +23,7 @@ module Devise
   #
   class Mapping #:nodoc:
     attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
-                :class_name, :sign_out_via, :format, :used_routes
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers
     alias :name :singular
 
     # Receives an object and find a scope for it. If a scope cannot be found,
@@ -74,11 +74,21 @@ module Devise
       @sign_out_via = options[:sign_out_via] || Devise.sign_out_via
       @format = options[:format]
 
-      @used_routes = self.routes
+      singularizer = lambda { |s| s.to_s.singularize.to_sym }
+
       if options.has_key?(:only)
-        @used_routes = Array(options.delete(:only)).map { |s| s.to_s.singularize.to_sym } & @used_routes
+        @used_routes = self.routes & Array(options[:only]).map(&singularizer)
+      else
+        @used_routes = self.routes - Array(options[:skip]).map(&singularizer)
+      end
+
+      if options[:skip_helpers] == true
+        @used_helpers = @used_routes
+      elsif skip = options[:skip_helpers]
+        @used_helpers = self.routes - Array(skip).map(&singularizer)
+      else
+        @used_helpers = self.routes
       end
-      @used_routes -= Array(options.delete(:skip)).map { |s| s.to_s.singularize.to_sym }
     end
 
     # Return modules for the mapping.

data/lib/devise/models/database_authenticatable.rb

@@ -45,7 +45,7 @@ module Devise
 
       # Set password and password confirmation to nil
       def clean_up_passwords
-        self.password = self.password_confirmation = ""
+        self.password = self.password_confirmation = nil
       end
 
       # Update record attributes when :current_password matches, otherwise returns

data/lib/devise/rails/routes.rb

@@ -4,8 +4,12 @@ module ActionDispatch::Routing
     # need devise_for mappings already declared to create filters and helpers.
     def finalize_with_devise!
       finalize_without_devise!
-      Devise.configure_warden!
-      Devise.regenerate_helpers!
+
+      @devise_finalized ||= begin
+        Devise.configure_warden!
+        Devise.regenerate_helpers!
+        true
+      end
     end
     alias_method_chain :finalize!, :devise
   end
@@ -104,6 +108,14 @@ module ActionDispatch::Routing
     #
     #      devise_for :users, :only => :sessions
     #
+    #  * :skip_helpers => skip generating Devise url helpers like new_session_path(@user).
+    #    This is useful to avoid conflicts with previous routes and is false by default.
+    #    It accepts true as option, meaning it will skip all the helpers for the controllers
+    #    given in :skip but it also accepts specific helpers to be skipped:
+    #
+    #      devise_for :users, :skip => [:registrations, :confirmations], :skip_helpers => true
+    #      devise_for :users, :skip_helpers => [:registrations, :confirmations]
+    #
     #  * :format => include "(.:format)" in the generated routes? true by default, set to false to disable:
     #
     #      devise_for :users, :format => false
@@ -161,6 +173,7 @@ module ActionDispatch::Routing
     #     end
     #
     def devise_for(*resources)
+      @devise_finalized = false
       options = resources.extract_options!
 
       options[:as]          ||= @scope[:as]     if @scope[:as].present?

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.4.3".freeze
+  VERSION = "1.4.5".freeze
 end

data/test/failure_app_test.rb

@@ -2,6 +2,10 @@ require 'test_helper'
 require 'ostruct'
 
 class FailureTest < ActiveSupport::TestCase
+  class RootFailureApp < Devise::FailureApp
+    undef_method :new_user_session_path
+  end
+
   def self.context(name, &block)
     instance_eval(&block)
   end
@@ -18,32 +22,31 @@ class FailureTest < ActiveSupport::TestCase
       'warden' => OpenStruct.new(:message => nil)
     }.merge!(env_params)
 
-    @response = Devise::FailureApp.call(env).to_a
+    @response = (env.delete(:app) || Devise::FailureApp).call(env).to_a
     @request  = ActionDispatch::Request.new(env)
   end
 
   context 'When redirecting' do
-    test 'return 302 status' do
-      call_failure
-      assert_equal 302, @response.first
-    end
-
-    test 'return 302 status for wildcard requests' do
-      call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*'
-      assert_equal 302, @response.first
-    end
-
     test 'return to the default redirect location' do
       call_failure
+      assert_equal 302, @response.first
       assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
       assert_equal 'http://test.host/users/sign_in', @response.second['Location']
     end
 
     test 'return to the default redirect location for wildcard requests' do
       call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*'
+      assert_equal 302, @response.first
       assert_equal 'http://test.host/users/sign_in', @response.second['Location']
     end
 
+    test 'return to the root path if no session path is available' do
+      call_failure :app => RootFailureApp
+      assert_equal 302, @response.first
+      assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+      assert_equal 'http://test.host/', @response.second['Location']
+    end
+
     test 'uses the proxy failure message as symbol' do
       call_failure('warden' => OpenStruct.new(:message => :test))
       assert_equal 'test', @request.flash[:alert]
@@ -74,7 +77,7 @@ class FailureTest < ActiveSupport::TestCase
         assert_equal 302, @response.first
       end
     end
-    
+
     test 'redirects the correct format if it is a non-html format request' do
       swap Devise, :navigational_formats => [:js] do
         call_failure('formats' => :js)
@@ -178,7 +181,7 @@ class FailureTest < ActiveSupport::TestCase
       assert @response.third.body.include?('<h2>Sign in</h2>')
       assert @response.third.body.include?('Invalid email or password.')
     end
-    
+
     test 'calls the original controller if not confirmed email' do
       env = {
         "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :unconfirmed },
@@ -187,9 +190,9 @@ class FailureTest < ActiveSupport::TestCase
       }
       call_failure(env)
       assert @response.third.body.include?('<h2>Sign in</h2>')
-      assert @response.third.body.include?('You have to confirm your account before continuing.')     
+      assert @response.third.body.include?('You have to confirm your account before continuing.')
     end
-    
+
     test 'calls the original controller if inactive account' do
       env = {
         "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :inactive },
@@ -198,7 +201,7 @@ class FailureTest < ActiveSupport::TestCase
       }
       call_failure(env)
       assert @response.third.body.include?('<h2>Sign in</h2>')
-      assert @response.third.body.include?('Your account was not activated yet.')     
+      assert @response.third.body.include?('Your account was not activated yet.')
     end
   end
 end

data/test/integration/authenticatable_test.rb

@@ -401,14 +401,14 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
 
   test 'sign in stub in xml format' do
     get new_user_session_path(:format => 'xml')
-    assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>\n  <email></email>\n  <password></password>\n</user>\n", response.body
+    assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>\n  <email></email>\n  <password nil=\"true\"></password>\n</user>\n", response.body
   end
 
   test 'sign in stub in json format' do
     get new_user_session_path(:format => 'json')
     assert_match '{"user":{', response.body
     assert_match '"email":""', response.body
-    assert_match '"password":""', response.body
+    assert_match '"password":null', response.body
   end
 
   test 'sign in stub in json with non attribute key' do
@@ -416,7 +416,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
       get new_user_session_path(:format => 'json')
       assert_match '{"user":{', response.body
       assert_match '"other_key":null', response.body
-      assert_match '"password":""', response.body
+      assert_match '"password":null', response.body
     end
   end
 

data/test/integration/recoverable_test.rb

@@ -147,7 +147,7 @@ class PasswordTest < ActionController::IntegrationTest
     reset_password :reset_password_token => user.reload.reset_password_token
 
     assert_current_url '/'
-    assert_contain 'Your password was changed successfully.'
+    assert_contain 'Your password was changed successfully. You are now signed in.'
     assert user.reload.valid_password?('987654321')
   end
 
@@ -179,6 +179,8 @@ class PasswordTest < ActionController::IntegrationTest
     request_forgot_password
     reset_password :reset_password_token => user.reload.reset_password_token
 
+    assert_contain 'Your password was changed successfully.'
+    assert_not_contain 'You are now signed in.'
     assert_equal new_user_session_path, @request.path
     assert !warden.authenticated?(:user)
   end

data/test/rails_app/config/boot.rb

@@ -2,12 +2,7 @@ unless defined?(DEVISE_ORM)
   DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym
 end
 
-begin
-  require File.expand_path("../../../../.bundle/environment", __FILE__)
-rescue LoadError
-  require 'rubygems'
-  require 'bundler'
-  Bundler.setup :default, :test, DEVISE_ORM
-end
+require 'rubygems'
+require 'bundler/setup'
 
-$:.unshift File.expand_path('../../../../lib', __FILE__)
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/test/rails_app/config/routes.rb

@@ -52,8 +52,8 @@ Rails.application.routes.draw do
   end
   
   # Routes for format=false testing
-  devise_for :htmlonly_admin, :class_name => "Admin", :skip => [:confirmations, :unlocks], :path => "htmlonly_admin", :format => false
-  devise_for :htmlonly_users, :class_name => "User", :only => [:confirmations, :unlocks], :path => "htmlonly_users", :format => false
+  devise_for :htmlonly_admin, :class_name => "Admin", :skip => [:confirmations, :unlocks], :path => "htmlonly_admin", :format => false, :skip_helpers => [:confirmations, :unlocks]
+  devise_for :htmlonly_users, :class_name => "User", :only => [:confirmations, :unlocks], :path => "htmlonly_users", :format => false, :skip_helpers => true
   
   # Other routes for routing_test.rb
   devise_for :reader, :class_name => "User", :only => :passwords

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise
 version: !ruby/object:Gem::Version 
-  hash: 1
+  hash: 13
   prerelease: 
   segments: 
   - 1
   - 4
-  - 3
-  version: 1.4.3
+  - 5
+  version: 1.4.5
 platform: ruby
 authors: 
 - "Jos\xC3\xA9 Valim"
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-08-30 00:00:00 +02:00
+date: 2011-09-08 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency