devise 1.4.9 → 1.5.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/.travis.yml +1 -1
- data/CHANGELOG.rdoc +21 -0
- data/Gemfile +5 -3
- data/README.rdoc +25 -13
- data/app/controllers/devise/confirmations_controller.rb +2 -3
- data/app/controllers/devise/passwords_controller.rb +2 -3
- data/app/controllers/devise/registrations_controller.rb +2 -13
- data/app/controllers/devise/sessions_controller.rb +2 -2
- data/app/controllers/devise/unlocks_controller.rb +2 -3
- data/config/locales/en.yml +1 -1
- data/devise.gemspec +1 -1
- data/lib/devise.rb +6 -4
- data/lib/devise/controllers/helpers.rb +43 -27
- data/lib/devise/controllers/internal_helpers.rb +14 -8
- data/lib/devise/delegator.rb +16 -0
- data/lib/devise/encryptors/authlogic_sha512.rb +1 -1
- data/lib/devise/encryptors/clearance_sha1.rb +1 -1
- data/lib/devise/encryptors/restful_authentication_sha1.rb +1 -1
- data/lib/devise/encryptors/sha1.rb +1 -1
- data/lib/devise/encryptors/sha512.rb +1 -1
- data/lib/devise/failure_app.rb +2 -1
- data/lib/devise/hooks/timeoutable.rb +3 -1
- data/lib/devise/mailers/helpers.rb +0 -5
- data/lib/devise/mapping.rb +70 -44
- data/lib/devise/models/authenticatable.rb +14 -24
- data/lib/devise/models/confirmable.rb +3 -3
- data/lib/devise/models/database_authenticatable.rb +11 -1
- data/lib/devise/models/lockable.rb +7 -11
- data/lib/devise/models/recoverable.rb +3 -3
- data/lib/devise/models/trackable.rb +2 -2
- data/lib/devise/omniauth.rb +5 -4
- data/lib/devise/omniauth/config.rb +27 -5
- data/lib/devise/param_filter.rb +41 -0
- data/lib/devise/rails.rb +0 -11
- data/lib/devise/rails/routes.rb +10 -7
- data/lib/devise/strategies/authenticatable.rb +1 -11
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/templates/migration.rb +7 -1
- data/lib/generators/active_record/templates/migration_existing.rb +3 -3
- data/lib/generators/devise/views_generator.rb +30 -4
- data/lib/generators/templates/devise.rb +0 -1
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
- data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
- data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
- data/test/controllers/helpers_test.rb +20 -11
- data/test/devise_test.rb +1 -1
- data/test/generators/active_record_generator_test.rb +16 -6
- data/test/generators/views_generator_test.rb +11 -4
- data/test/integration/authenticatable_test.rb +25 -3
- data/test/integration/confirmable_test.rb +27 -3
- data/test/integration/lockable_test.rb +17 -6
- data/test/integration/omniauthable_test.rb +6 -9
- data/test/integration/recoverable_test.rb +21 -2
- data/test/integration/registerable_test.rb +18 -1
- data/test/integration/timeoutable_test.rb +9 -0
- data/test/integration/trackable_test.rb +11 -0
- data/test/mailers/confirmation_instructions_test.rb +5 -0
- data/test/mailers/reset_password_instructions_test.rb +5 -0
- data/test/mailers/unlock_instructions_test.rb +5 -0
- data/test/models/database_authenticatable_test.rb +2 -19
- data/test/omniauth/config_test.rb +56 -0
- data/test/omniauth/my_other_strategy.rb +5 -0
- data/test/omniauth/omniauth-my_strategy.rb +5 -0
- data/test/omniauth/url_helpers_test.rb +4 -4
- data/test/rails_app/config/environments/development.rb +0 -1
- data/test/rails_app/config/initializers/devise.rb +2 -2
- data/test/rails_app/config/routes.rb +4 -4
- data/test/rails_app/lib/shared_admin.rb +1 -0
- data/test/support/helpers.rb +27 -0
- metadata +54 -77
data/.travis.yml
CHANGED
data/CHANGELOG.rdoc
CHANGED
@@ -1,3 +1,24 @@
|
|
1
|
+
== 1.5.0.rc
|
2
|
+
|
3
|
+
* enhancements
|
4
|
+
* Timeoutable also skips tracking if skip_trackable is given
|
5
|
+
* devise_for now accepts :failure_app as an option
|
6
|
+
* Models can select the proper mailer via devise_mailer method (by github.com/locomotivecms)
|
7
|
+
* Migration generator now uses the change method (by github.com/nashby)
|
8
|
+
* Support to markerb templates on the mailer generator (by github.com/sbounmy)
|
9
|
+
* Support for Omniauth 1.0 (older versions are no longer supported) (by github.com/TamiasSibiricus)
|
10
|
+
|
11
|
+
* bug fix
|
12
|
+
* Allow idempotent API requests
|
13
|
+
* Fix bug where logs did not show 401 as status code
|
14
|
+
* Change paranoid settings to behave as success instead of as failure
|
15
|
+
* Fix bug where activation messages were shown first than the credentials error message
|
16
|
+
* Instance variables are expired after sign out
|
17
|
+
|
18
|
+
* deprecation
|
19
|
+
* redirect_location is deprecated, please use after_sign_in_path_for
|
20
|
+
* after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it
|
21
|
+
|
1
22
|
== 1.4.9
|
2
23
|
|
3
24
|
* bug fix
|
data/Gemfile
CHANGED
@@ -3,18 +3,20 @@ source "http://rubygems.org"
|
|
3
3
|
gemspec
|
4
4
|
|
5
5
|
gem "rails", "~> 3.1.0"
|
6
|
-
gem
|
7
|
-
gem
|
6
|
+
gem 'omniauth', '~> 1.0.0'
|
7
|
+
gem 'omniauth-oauth2', '~> 1.0.0'
|
8
8
|
|
9
9
|
gem "rdoc"
|
10
10
|
|
11
11
|
group :test do
|
12
|
+
gem 'omniauth-facebook'
|
13
|
+
gem 'omniauth-openid', '~> 1.0.1'
|
12
14
|
gem "webrat", "0.7.2", :require => false
|
13
15
|
gem "mocha", :require => false
|
14
16
|
end
|
15
17
|
|
16
18
|
platforms :jruby do
|
17
|
-
gem 'activerecord-jdbc-adapter'
|
19
|
+
gem 'activerecord-jdbc-adapter'
|
18
20
|
gem 'activerecord-jdbcsqlite3-adapter'
|
19
21
|
gem 'jruby-openssl'
|
20
22
|
end
|
data/README.rdoc
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
== Devise
|
2
2
|
|
3
|
+
{<img src="https://secure.travis-ci.org/plataformatec/devise.png" />}[http://travis-ci.org/plataformatec/devise]
|
4
|
+
|
3
5
|
Devise is a flexible authentication solution for Rails based on Warden. It:
|
4
6
|
|
5
7
|
* Is Rack based;
|
@@ -28,13 +30,13 @@ It's comprised of 12 modules:
|
|
28
30
|
|
29
31
|
The Devise Wiki has lots of additional information about Devise including many "how-to" articles and answers to the most frequently asked questions. Please browse the Wiki after finishing this README:
|
30
32
|
|
31
|
-
|
33
|
+
https://wiki.github.com/plataformatec/devise
|
32
34
|
|
33
35
|
=== Bug reports
|
34
36
|
|
35
37
|
If you discover a problem with Devise, we would like to know about it. However, we ask that you please review these guidelines before submitting a bug report:
|
36
38
|
|
37
|
-
|
39
|
+
https://github.com/plataformatec/devise/wiki/Bug-reports
|
38
40
|
|
39
41
|
If you found a security bug, do *NOT* use the GitHub issue tracker. Send email or a private GitHub message to the maintainers listed at the bottom of the README.
|
40
42
|
|
@@ -42,7 +44,7 @@ If you found a security bug, do *NOT* use the GitHub issue tracker. Send email o
|
|
42
44
|
|
43
45
|
If you have any questions, comments, or concerns, please use the Google Group instead of the GitHub issue tracker:
|
44
46
|
|
45
|
-
|
47
|
+
https://groups.google.com/group/plataformatec-devise
|
46
48
|
|
47
49
|
=== RDocs
|
48
50
|
|
@@ -56,19 +58,19 @@ If you need to use Devise with Rails 2.3, you can always run `gem server` from t
|
|
56
58
|
|
57
59
|
There are a few example applications available on GitHub that demonstrate various features of Devise with different versions of Rails. You can view them here:
|
58
60
|
|
59
|
-
|
61
|
+
https://github.com/plataformatec/devise/wiki/Example-Applications
|
60
62
|
|
61
63
|
=== Extensions
|
62
64
|
|
63
65
|
Our community has created a number of extensions that add functionality above and beyond what is included with Devise. You can view a list of available extensions and add your own here:
|
64
66
|
|
65
|
-
|
67
|
+
https://github.com/plataformatec/devise/wiki/Extensions
|
66
68
|
|
67
69
|
=== Contributing
|
68
70
|
|
69
71
|
We hope that you will consider contributing to Devise. Please read this short overview for some information about how to get started:
|
70
72
|
|
71
|
-
|
73
|
+
https://github.com/plataformatec/devise/wiki/Contributing
|
72
74
|
|
73
75
|
You will usually want to write tests for your changes. To run the test suite, `cd` into Devise's top-level directory and run `bundle install` and `rake`. For the tests to pass, you will need to have a MongoDB server (version 1.6 or newer) running on your system.
|
74
76
|
|
@@ -289,7 +291,7 @@ The Devise mailer uses a similar pattern to create subject messages:
|
|
289
291
|
|
290
292
|
Take a look at our locale file to check all available messages. You may also be interested in one of the many translations that are available on our wiki:
|
291
293
|
|
292
|
-
|
294
|
+
https://github.com/plataformatec/devise/wiki/I18n
|
293
295
|
|
294
296
|
=== Test helpers
|
295
297
|
|
@@ -313,7 +315,7 @@ If you're using RSpec and want the helpers automatically included within all +de
|
|
313
315
|
config.include Devise::TestHelpers, :type => :controller
|
314
316
|
end
|
315
317
|
|
316
|
-
Do not use such helpers for integration tests such as Cucumber or Webrat. Instead, fill in the form or explicitly set the user in session. For more tips, check the wiki (
|
318
|
+
Do not use such helpers for integration tests such as Cucumber or Webrat. Instead, fill in the form or explicitly set the user in session. For more tips, check the wiki (https://wiki.github.com/plataformatec/devise).
|
317
319
|
|
318
320
|
=== Omniauth
|
319
321
|
|
@@ -329,25 +331,35 @@ Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you jus
|
|
329
331
|
|
330
332
|
Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of these strategies, you need set the desired encryptor in the encryptor initializer config option and add :encryptable to your model. You might also need to rename your encrypted password and salt columns to match Devise's fields (encrypted_password and password_salt).
|
331
333
|
|
334
|
+
== Troubleshooting
|
335
|
+
|
336
|
+
=== Heroku
|
337
|
+
|
338
|
+
Using devise on Heroku with Ruby on Rails 3.1 requires setting:
|
339
|
+
|
340
|
+
config.assets.initialize_on_precompile = false
|
341
|
+
|
342
|
+
Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html
|
343
|
+
|
332
344
|
== Additional information
|
333
345
|
|
334
346
|
=== Warden
|
335
347
|
|
336
348
|
Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here:
|
337
349
|
|
338
|
-
|
350
|
+
https://github.com/hassox/warden
|
339
351
|
|
340
352
|
=== Contributors
|
341
353
|
|
342
354
|
We have a long list of valued contributors. Check them all at:
|
343
355
|
|
344
|
-
|
356
|
+
https://github.com/plataformatec/devise/contributors
|
345
357
|
|
346
358
|
=== Maintainers
|
347
359
|
|
348
|
-
* José Valim (
|
349
|
-
* Carlos Antônio da Silva (
|
360
|
+
* José Valim (https://github.com/josevalim)
|
361
|
+
* Carlos Antônio da Silva (https://github.com/carlosantoniodasilva)
|
350
362
|
|
351
363
|
== License
|
352
364
|
|
353
|
-
MIT License. Copyright
|
365
|
+
MIT License. Copyright 2011 Plataforma Tecnologia. http://blog.plataformatec.com.br
|
@@ -11,8 +11,7 @@ class Devise::ConfirmationsController < ApplicationController
|
|
11
11
|
def create
|
12
12
|
self.resource = resource_class.send_confirmation_instructions(params[resource_name])
|
13
13
|
|
14
|
-
if
|
15
|
-
set_flash_message(:notice, :send_instructions) if is_navigational_format?
|
14
|
+
if successfully_sent?(resource)
|
16
15
|
respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
|
17
16
|
else
|
18
17
|
respond_with_navigational(resource){ render_with_scope :new }
|
@@ -41,7 +40,7 @@ class Devise::ConfirmationsController < ApplicationController
|
|
41
40
|
|
42
41
|
# The path used after confirmation.
|
43
42
|
def after_confirmation_path_for(resource_name, resource)
|
44
|
-
|
43
|
+
after_sign_in_path_for(resource)
|
45
44
|
end
|
46
45
|
|
47
46
|
end
|
@@ -12,8 +12,7 @@ class Devise::PasswordsController < ApplicationController
|
|
12
12
|
def create
|
13
13
|
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
|
14
14
|
|
15
|
-
if
|
16
|
-
set_flash_message(:notice, :send_instructions) if is_navigational_format?
|
15
|
+
if successfully_sent?(resource)
|
17
16
|
respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
|
18
17
|
else
|
19
18
|
respond_with_navigational(resource){ render_with_scope :new }
|
@@ -35,7 +34,7 @@ class Devise::PasswordsController < ApplicationController
|
|
35
34
|
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
36
35
|
set_flash_message(:notice, flash_message) if is_navigational_format?
|
37
36
|
sign_in(resource_name, resource)
|
38
|
-
respond_with resource, :location =>
|
37
|
+
respond_with resource, :location => after_sign_in_path_for(resource)
|
39
38
|
else
|
40
39
|
respond_with_navigational(resource){ render_with_scope :edit }
|
41
40
|
end
|
@@ -17,7 +17,7 @@ class Devise::RegistrationsController < ApplicationController
|
|
17
17
|
if resource.active_for_authentication?
|
18
18
|
set_flash_message :notice, :signed_up if is_navigational_format?
|
19
19
|
sign_in(resource_name, resource)
|
20
|
-
respond_with resource, :location =>
|
20
|
+
respond_with resource, :location => after_sign_up_path_for(resource)
|
21
21
|
else
|
22
22
|
set_flash_message :notice, :inactive_signed_up, :reason => inactive_reason(resource) if is_navigational_format?
|
23
23
|
expire_session_data_after_sign_in!
|
@@ -83,11 +83,6 @@ class Devise::RegistrationsController < ApplicationController
|
|
83
83
|
after_sign_in_path_for(resource)
|
84
84
|
end
|
85
85
|
|
86
|
-
# Overwrite redirect_for_sign_in so it takes uses after_sign_up_path_for.
|
87
|
-
def redirect_location(scope, resource)
|
88
|
-
stored_location_for(scope) || after_sign_up_path_for(resource)
|
89
|
-
end
|
90
|
-
|
91
86
|
# Returns the inactive reason translated.
|
92
87
|
def inactive_reason(resource)
|
93
88
|
reason = resource.inactive_message.to_s
|
@@ -103,13 +98,7 @@ class Devise::RegistrationsController < ApplicationController
|
|
103
98
|
# The default url to be used after updating a resource. You need to overwrite
|
104
99
|
# this method in your own RegistrationsController.
|
105
100
|
def after_update_path_for(resource)
|
106
|
-
|
107
|
-
ActiveSupport::Deprecation.warn "Defining after_update_path_for in ApplicationController " <<
|
108
|
-
"is deprecated. Please add a RegistrationsController to your application and define it there."
|
109
|
-
super
|
110
|
-
else
|
111
|
-
after_sign_in_path_for(resource)
|
112
|
-
end
|
101
|
+
signed_in_root_path(resource)
|
113
102
|
end
|
114
103
|
|
115
104
|
# Authenticates the current scope and gets the current resource from the session.
|
@@ -15,10 +15,10 @@ class Devise::SessionsController < ApplicationController
|
|
15
15
|
resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
|
16
16
|
set_flash_message(:notice, :signed_in) if is_navigational_format?
|
17
17
|
sign_in(resource_name, resource)
|
18
|
-
respond_with resource, :location =>
|
18
|
+
respond_with resource, :location => after_sign_in_path_for(resource)
|
19
19
|
end
|
20
20
|
|
21
|
-
#
|
21
|
+
# DELETE /resource/sign_out
|
22
22
|
def destroy
|
23
23
|
signed_in = signed_in?(resource_name)
|
24
24
|
Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
|
@@ -12,8 +12,7 @@ class Devise::UnlocksController < ApplicationController
|
|
12
12
|
def create
|
13
13
|
self.resource = resource_class.send_unlock_instructions(params[resource_name])
|
14
14
|
|
15
|
-
if
|
16
|
-
set_flash_message :notice, :send_instructions if is_navigational_format?
|
15
|
+
if successfully_sent?(resource)
|
17
16
|
respond_with({}, :location => new_session_path(resource_name))
|
18
17
|
else
|
19
18
|
respond_with_navigational(resource){ render_with_scope :new }
|
@@ -27,7 +26,7 @@ class Devise::UnlocksController < ApplicationController
|
|
27
26
|
if resource.errors.empty?
|
28
27
|
set_flash_message :notice, :unlocked if is_navigational_format?
|
29
28
|
sign_in(resource_name, resource)
|
30
|
-
respond_with_navigational(resource){ redirect_to
|
29
|
+
respond_with_navigational(resource){ redirect_to after_sign_in_path_for(resource) }
|
31
30
|
else
|
32
31
|
respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render_with_scope :new }
|
33
32
|
end
|
data/config/locales/en.yml
CHANGED
data/devise.gemspec
CHANGED
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
|
|
19
19
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
20
20
|
s.require_paths = ["lib"]
|
21
21
|
|
22
|
-
s.add_dependency("warden", "~> 1.
|
22
|
+
s.add_dependency("warden", "~> 1.1")
|
23
23
|
s.add_dependency("orm_adapter", "~> 0.0.3")
|
24
24
|
s.add_dependency("bcrypt-ruby", "~> 3.0")
|
25
25
|
end
|
data/lib/devise.rb
CHANGED
@@ -6,10 +6,12 @@ require 'set'
|
|
6
6
|
require 'securerandom'
|
7
7
|
|
8
8
|
module Devise
|
9
|
-
autoload :
|
10
|
-
autoload :
|
9
|
+
autoload :Delegator, 'devise/delegator'
|
10
|
+
autoload :FailureApp, 'devise/failure_app'
|
11
|
+
autoload :OmniAuth, 'devise/omniauth'
|
12
|
+
autoload :ParamFilter, 'devise/param_filter'
|
11
13
|
autoload :PathChecker, 'devise/path_checker'
|
12
|
-
autoload :Schema,
|
14
|
+
autoload :Schema, 'devise/schema'
|
13
15
|
autoload :TestHelpers, 'devise/test_helpers'
|
14
16
|
|
15
17
|
module Controllers
|
@@ -407,7 +409,7 @@ module Devise
|
|
407
409
|
# block.
|
408
410
|
def self.configure_warden! #:nodoc:
|
409
411
|
@@warden_configured ||= begin
|
410
|
-
warden_config.failure_app = Devise::
|
412
|
+
warden_config.failure_app = Devise::Delegator.new
|
411
413
|
warden_config.default_scope = Devise.default_scope
|
412
414
|
warden_config.intercept_401 = false
|
413
415
|
|
@@ -8,6 +8,13 @@ module Devise
|
|
8
8
|
helper_method :warden, :signed_in?, :devise_controller?
|
9
9
|
end
|
10
10
|
|
11
|
+
module ClassMethods
|
12
|
+
def log_process_action(payload)
|
13
|
+
payload[:status] ||= 401 unless payload[:exception]
|
14
|
+
super
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
11
18
|
# Define authentication filters and accessor helpers based on mappings.
|
12
19
|
# These filters should be used inside the controllers as before_filters,
|
13
20
|
# so you can control the scope of the user who should be signed in to
|
@@ -37,11 +44,6 @@ module Devise
|
|
37
44
|
|
38
45
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
39
46
|
def authenticate_#{mapping}!(opts={})
|
40
|
-
if !opts.is_a?(Hash)
|
41
|
-
opts = { :force => opts }
|
42
|
-
ActiveSupport::Deprecation.warn "Passing a boolean to authenticate_#{mapping}! " \
|
43
|
-
"is deprecated, please use :force => \#{opts[:force]} instead", caller
|
44
|
-
end
|
45
47
|
opts[:scope] = :#{mapping}
|
46
48
|
warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
|
47
49
|
end
|
@@ -86,7 +88,7 @@ module Devise
|
|
86
88
|
# Return true if the given scope is signed in session. If no scope given, return
|
87
89
|
# true if any scope is signed in. Does not run authentication hooks.
|
88
90
|
def signed_in?(scope=nil)
|
89
|
-
[ scope || Devise.mappings.keys ].flatten.any? do |scope|
|
91
|
+
[ scope || Devise.mappings.keys ].flatten.any? do |scope|
|
90
92
|
warden.authenticate?(:scope => scope)
|
91
93
|
end
|
92
94
|
end
|
@@ -105,7 +107,7 @@ module Devise
|
|
105
107
|
# sign_in @user # sign_in(resource)
|
106
108
|
# sign_in @user, :event => :authentication # sign_in(resource, options)
|
107
109
|
# sign_in @user, :bypass => true # sign_in(resource, options)
|
108
|
-
#
|
110
|
+
#
|
109
111
|
def sign_in(resource_or_scope, *args)
|
110
112
|
options = args.extract_options!
|
111
113
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
@@ -137,6 +139,7 @@ module Devise
|
|
137
139
|
warden.user(scope) # Without loading user here, before_logout hook is not called
|
138
140
|
warden.raw_session.inspect # Without this inspect here. The session does not clear.
|
139
141
|
warden.logout(scope)
|
142
|
+
instance_variable_set(:"@current_#{scope}", nil)
|
140
143
|
end
|
141
144
|
|
142
145
|
# Sign out all active users or scopes. This helper is useful for signing out all roles
|
@@ -145,6 +148,7 @@ module Devise
|
|
145
148
|
Devise.mappings.keys.each { |s| warden.user(s) }
|
146
149
|
warden.raw_session.inspect
|
147
150
|
warden.logout
|
151
|
+
expire_devise_cached_variables!
|
148
152
|
end
|
149
153
|
|
150
154
|
# Returns and delete the url stored in the session for the given scope. Useful
|
@@ -159,12 +163,21 @@ module Devise
|
|
159
163
|
session.delete("#{scope}_return_to")
|
160
164
|
end
|
161
165
|
|
166
|
+
# The scope root url to be used when he's signed in. By default, it first
|
167
|
+
# tries to find a resource_root_path, otherwise it uses the root_path.
|
168
|
+
def signed_in_root_path(resource_or_scope)
|
169
|
+
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
170
|
+
home_path = "#{scope}_root_path"
|
171
|
+
respond_to?(home_path, true) ? send(home_path) : root_path
|
172
|
+
end
|
173
|
+
|
162
174
|
# The default url to be used after signing in. This is used by all Devise
|
163
175
|
# controllers and you can overwrite it in your ApplicationController to
|
164
176
|
# provide a custom hook for a custom resource.
|
165
177
|
#
|
166
|
-
# By default, it first tries to find a
|
167
|
-
#
|
178
|
+
# By default, it first tries to find a valid resource_return_to key in the
|
179
|
+
# session, then it fallbacks to resource_root_path, otherwise it uses the
|
180
|
+
# root path. For a user scope, you can define the default url in
|
168
181
|
# the following way:
|
169
182
|
#
|
170
183
|
# map.user_root '/users', :controller => 'users' # creates user_root_path
|
@@ -173,22 +186,20 @@ module Devise
|
|
173
186
|
# user.root :controller => 'users' # creates user_root_path
|
174
187
|
# end
|
175
188
|
#
|
176
|
-
#
|
177
189
|
# If the resource root path is not defined, root_path is used. However,
|
178
190
|
# if this default is not enough, you can customize it, for example:
|
179
191
|
#
|
180
192
|
# def after_sign_in_path_for(resource)
|
181
|
-
#
|
182
|
-
#
|
183
|
-
#
|
184
|
-
#
|
185
|
-
#
|
193
|
+
# stored_location_for(resource) ||
|
194
|
+
# if resource.is_a?(User) && resource.can_publish?
|
195
|
+
# publisher_url
|
196
|
+
# else
|
197
|
+
# signed_in_root_path(resource)
|
198
|
+
# end
|
186
199
|
# end
|
187
200
|
#
|
188
201
|
def after_sign_in_path_for(resource_or_scope)
|
189
|
-
|
190
|
-
home_path = "#{scope}_root_path"
|
191
|
-
respond_to?(home_path, true) ? send(home_path) : root_path
|
202
|
+
stored_location_for(resource_or_scope) || signed_in_root_path(resource_or_scope)
|
192
203
|
end
|
193
204
|
|
194
205
|
# Method used by sessions controller to sign out a user. You can overwrite
|
@@ -209,11 +220,16 @@ module Devise
|
|
209
220
|
scope = Devise::Mapping.find_scope!(resource_or_scope)
|
210
221
|
resource = args.last || resource_or_scope
|
211
222
|
sign_in(scope, resource, options)
|
212
|
-
redirect_to
|
223
|
+
redirect_to after_sign_in_path_for(resource)
|
213
224
|
end
|
214
225
|
|
215
226
|
def redirect_location(scope, resource) #:nodoc:
|
216
|
-
|
227
|
+
ActiveSupport::Deprecation.warn "redirect_location in Devise is deprecated. Please use after_sign_in_path_for instead.", caller
|
228
|
+
after_sign_in_path_for(resource)
|
229
|
+
end
|
230
|
+
|
231
|
+
def expire_session_data_after_sign_in!
|
232
|
+
session.keys.grep(/^devise\./).each { |k| session.delete(k) }
|
217
233
|
end
|
218
234
|
|
219
235
|
# Sign out a user and tries to redirect to the url specified by
|
@@ -224,20 +240,20 @@ module Devise
|
|
224
240
|
redirect_to after_sign_out_path_for(scope)
|
225
241
|
end
|
226
242
|
|
227
|
-
# A hook called to expire session data after sign up/in. All keys
|
228
|
-
# stored under "devise." namespace are removed after sign in.
|
229
|
-
def expire_session_data_after_sign_in!
|
230
|
-
session.keys.grep(/^devise\./).each { |k| session.delete(k) }
|
231
|
-
end
|
232
|
-
|
233
243
|
# Overwrite Rails' handle unverified request to sign out all scopes,
|
234
244
|
# clear run strategies and remove cached variables.
|
235
245
|
def handle_unverified_request
|
236
246
|
sign_out_all_scopes
|
237
247
|
warden.clear_strategies_cache!
|
238
|
-
|
248
|
+
expire_devise_cached_variables!
|
239
249
|
super # call the default behaviour which resets the session
|
240
250
|
end
|
251
|
+
|
252
|
+
private
|
253
|
+
|
254
|
+
def expire_devise_cached_variables!
|
255
|
+
Devise.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) }
|
256
|
+
end
|
241
257
|
end
|
242
258
|
end
|
243
259
|
end
|