devise 1.4.5 → 1.4.7

data/.travis.yml

@@ -5,4 +5,8 @@ rvm:
   - ree
   - rbx
   - rbx-2.0
-  - jruby
+  - jruby
+notifications:
+  recipients:
+    - jose.valim@plataformatec.com.br
+    - carlos@plataformatec.com.br

data/CHANGELOG.rdoc

@@ -1,3 +1,16 @@
+== 1.4.7
+
+* bug fix
+  * Fix backward incompatible change from 1.4.6 for those using custom controllers
+
+== 1.4.6
+
+* enhancements
+  * Allow devise_for :skip => :all
+  * Allow options to be passed to authenticate_user!
+  * Allow --skip-routes to devise generator
+  * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller
+
 == 1.4.5
 
 * bug fix

data/app/controllers/devise/registrations_controller.rb

@@ -114,7 +114,7 @@ class Devise::RegistrationsController < ApplicationController
 
     # Authenticates the current scope and gets the current resource from the session.
     def authenticate_scope!
-      send(:"authenticate_#{resource_name}!", true)
+      send(:"authenticate_#{resource_name}!", :force => true)
       self.resource = send(:"current_#{resource_name}")
     end
 end

data/app/controllers/devise/sessions_controller.rb

@@ -1,5 +1,6 @@
 class Devise::SessionsController < ApplicationController
   prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
+  prepend_before_filter :allow_params_authentication!, :only => :create
   include Devise::Controllers::InternalHelpers
 
   # GET /resource/sign_in

data/lib/devise/controllers/helpers.rb

@@ -36,8 +36,14 @@ module Devise
         mapping = mapping.name
 
         class_eval <<-METHODS, __FILE__, __LINE__ + 1
-          def authenticate_#{mapping}!(force = false)
-            warden.authenticate!(:scope => :#{mapping}) if !devise_controller? || force
+          def authenticate_#{mapping}!(opts={})
+            if !opts.is_a?(Hash)
+              opts = { :force => opts }
+              ActiveSupport::Deprecation.warn "Passing a boolean to authenticate_#{mapping}! " \
+                "is deprecated, please use :force => \#{opts[:force]} instead", caller
+            end
+            opts[:scope] = :#{mapping}
+            warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
           end
 
           def #{mapping}_signed_in?
@@ -72,6 +78,11 @@ module Devise
         false
       end
 
+      # Tell warden that params authentication is allowed for that specific page.
+      def allow_params_authentication!
+        request.env["devise.allow_params_authentication"] = true
+      end
+
       # Return true if the given scope is signed in session. If no scope given, return
       # true if any scope is signed in. Does not run authentication hooks.
       def signed_in?(scope=nil)

data/lib/devise/mapping.rb

@@ -78,6 +78,8 @@ module Devise
 
       if options.has_key?(:only)
         @used_routes = self.routes & Array(options[:only]).map(&singularizer)
+      elsif options[:skip] == :all
+        @used_routes = []
       else
         @used_routes = self.routes - Array(options[:skip]).map(&singularizer)
       end

data/lib/devise/models/trackable.rb

@@ -5,7 +5,7 @@ module Devise
     # Track information about your user sign in. It tracks the following columns:
     #
     # * sign_in_count      - Increased every time a sign in is made (by form, openid, oauth)
-    # * current_sign_in_at - A tiemstamp updated when the user signs in
+    # * current_sign_in_at - A timestamp updated when the user signs in
     # * last_sign_in_at    - Holds the timestamp of the previous sign in
     # * current_sign_in_ip - The remote ip updated when the user sign in
     # * last_sign_in_ip    - Holds the remote ip of the previous sign in

data/lib/devise/rails/routes.rb

@@ -182,7 +182,6 @@ module ActionDispatch::Routing
       options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
       options[:constraints]   = (@scope[:constraints] || {}).merge(options[:constraints] || {})
       options[:defaults]      = (@scope[:defaults] || {}).merge(options[:defaults] || {})
-
       @scope[:options]        = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
 
       resources.map!(&:to_sym)

data/lib/devise/strategies/authenticatable.rb

@@ -85,17 +85,17 @@ module Devise
 
       # By default, a request is valid  if the controller is allowed and the VERB is POST.
       def valid_request?
-        valid_controller? && valid_verb?
-      end
-
-      # Check if the controller is the one registered for authentication.
-      def valid_controller?
-        mapping.controllers[:sessions] == params[:controller]
-      end
-
-      # Check if it was a POST request.
-      def valid_verb?
-        request.post?
+        if env["devise.allow_params_authentication"]
+          true
+        elsif request.post? && mapping.controllers[:sessions] == params[:controller]
+          ActiveSupport::Deprecation.warn "It seems that you are using a custom SessionsController. " \
+            "In order for it to work from Devise 1.4.6 forward, you need to add the following:" \
+            "\n\n  prepend_before_filter :allow_params_authentication!, :only => :create\n\n" \
+            "This will ensure your controller can authenticate from params for the create action.", caller
+          true
+        else
+          false
+        end
       end
 
       # If the request is valid, finally check if params_auth_hash returns a hash.

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.4.5".freeze
+  VERSION = "1.4.7".freeze
 end

data/lib/generators/devise/devise_generator.rb

@@ -9,9 +9,12 @@ module Devise
 
       hook_for :orm
 
+      class_option :routes, :desc => "Generate routes", :type => :boolean, :default => true
+
       def add_devise_routes
         devise_route  = "devise_for :#{plural_name}"
-        devise_route += %Q(, :class_name => "#{class_name}") if class_name.include?("::")
+        devise_route << %Q(, :class_name => "#{class_name}") if class_name.include?("::")
+        devise_route << %Q(, :skip => :all) unless options.routes?
         route devise_route
       end
     end

data/lib/generators/templates/devise.rb

@@ -72,12 +72,11 @@ Devise.setup do |config|
   # config.pepper = <%= SecureRandom.hex(64).inspect %>
 
   # ==> Configuration for :confirmable
-  # The time you want to give your user to confirm his account. During this time
-  # he will be able to access your application without confirming. Default is 0.days
-  # When confirm_within is zero, the user won't be able to sign in without confirming.
-  # You can use this to let your user access some features of your application
-  # without confirming the account, but blocking it after a certain period
-  # (ie 2 days).
+  # A period that the user is allowed to access the website even without
+  # confirming his account. For instance, if set to 2.days, the user will be
+  # able to access the website for two days without confirming his account,
+  # access will be blocked just in the third day. Default is 0.days, meaning
+  # the user cannot access the website without confirming his account.
   # config.confirm_within = 2.days
 
   # Defines which key will be used when confirming an account

data/test/controllers/helpers_test.rb

@@ -45,6 +45,11 @@ class ControllerAuthenticatableTest < ActionController::TestCase
     @controller.authenticate_user!
   end
 
+  test 'proxy authenticate_user! options to authenticate with user scope' do
+    @mock_warden.expects(:authenticate!).with(:scope => :user, :recall => "foo")
+    @controller.authenticate_user!(:recall => "foo")
+  end
+
   test 'proxy authenticate_admin! to authenticate with admin scope' do
     @mock_warden.expects(:authenticate!).with(:scope => :admin)
     @controller.authenticate_admin!

data/test/generators/devise_generator_test.rb

@@ -22,6 +22,12 @@ class DeviseGeneratorTest < Rails::Generators::TestCase
     assert_file "config/routes.rb", match
   end
 
+  test "route generation with skip routes" do
+    run_generator %w(monster name:string --skip-routes)
+    match = /devise_for :monsters, :skip => :all/
+    assert_file "config/routes.rb", match
+  end
+
   def copy_routes
     routes = File.expand_path("../../rails_app/config/routes.rb", __FILE__)
     destination = File.join(destination_root, "config")

data/test/mapping_test.rb

@@ -31,6 +31,10 @@ class MappingTest < ActiveSupport::TestCase
     assert_equal "admin_area", Devise.mappings[:admin].path
   end
 
+  test 'allows to skip all routes' do
+    assert_equal [], Devise.mappings[:skip_admin].used_routes
+  end
+
   test 'sign_out_via defaults to :get' do
     assert_equal :get, Devise.mappings[:user].sign_out_via
   end

data/test/rails_app/config/routes.rb

@@ -50,6 +50,8 @@ Rails.application.routes.draw do
   constraints(:host => /192\.168\.1\.\d\d\d/) do
     devise_for :homebase_admin, :class_name => "Admin", :path => "homebase"
   end
+
+  devise_for :skip_admin, :class_name => "Admin", :skip => :all
   
   # Routes for format=false testing
   devise_for :htmlonly_admin, :class_name => "Admin", :skip => [:confirmations, :unlocks], :path => "htmlonly_admin", :format => false, :skip_helpers => [:confirmations, :unlocks]

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise
 version: !ruby/object:Gem::Version 
-  hash: 13
+  hash: 9
   prerelease: 
   segments: 
   - 1
   - 4
-  - 5
-  version: 1.4.5
+  - 7
+  version: 1.4.7
 platform: ruby
 authors: 
 - "Jos\xC3\xA9 Valim"
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-09-08 00:00:00 +02:00
+date: 2011-09-22 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency