devise 1.5.3 → 1.5.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
data/CHANGELOG.rdoc
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
== 1.5.4
|
|
2
|
+
|
|
3
|
+
* bug fix
|
|
4
|
+
* Require string conversion for all values
|
|
5
|
+
|
|
1
6
|
== 1.5.3
|
|
2
7
|
|
|
3
8
|
* bug fix
|
|
@@ -5,6 +10,8 @@
|
|
|
5
10
|
* Ensure passing :format => false to devise_for is not permanent
|
|
6
11
|
* Ensure path checker does not check invalid routes
|
|
7
12
|
|
|
13
|
+
* warden regression
|
|
14
|
+
* using warden 1.2.1 with Devise 1.5.3 introduces a regression for some types of functional tests (see github.com/plataformatec/devise/issues/1928). Can peg warden to 1.2.0 in your Gemfile to fix this.
|
|
8
15
|
== 1.5.2
|
|
9
16
|
|
|
10
17
|
* enhancements
|
|
@@ -106,17 +106,20 @@ module Devise
|
|
|
106
106
|
# namedscope to filter records while authenticating.
|
|
107
107
|
# Example:
|
|
108
108
|
#
|
|
109
|
-
# def self.find_for_authentication(
|
|
110
|
-
#
|
|
111
|
-
# super
|
|
109
|
+
# def self.find_for_authentication(tainted_conditions)
|
|
110
|
+
# find_first_by_auth_conditions(tainted_conditions, active: true)
|
|
112
111
|
# end
|
|
113
112
|
#
|
|
114
|
-
|
|
115
|
-
|
|
113
|
+
# Finally, notice that Devise also queries for users in other scenarios
|
|
114
|
+
# besides authentication, for example when retrieving an user to send
|
|
115
|
+
# an e-mail for password reset. In such cases, find_for_authentication
|
|
116
|
+
# is not called.
|
|
117
|
+
def find_for_authentication(tainted_conditions)
|
|
118
|
+
find_first_by_auth_conditions(tainted_conditions)
|
|
116
119
|
end
|
|
117
120
|
|
|
118
|
-
def find_first_by_auth_conditions(
|
|
119
|
-
to_adapter.find_first
|
|
121
|
+
def find_first_by_auth_conditions(tainted_conditions, opts={})
|
|
122
|
+
to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
|
|
120
123
|
end
|
|
121
124
|
|
|
122
125
|
# Find an initialize a record setting an error if it can't be found.
|
|
@@ -162,4 +165,4 @@ module Devise
|
|
|
162
165
|
end
|
|
163
166
|
end
|
|
164
167
|
end
|
|
165
|
-
end
|
|
168
|
+
end
|
data/lib/devise/param_filter.rb
CHANGED
|
@@ -33,9 +33,8 @@ module Devise
|
|
|
33
33
|
|
|
34
34
|
private
|
|
35
35
|
|
|
36
|
-
# Determine which values should be transformed to string or passed as-is to the query builder underneath
|
|
37
36
|
def param_requires_string_conversion?(value)
|
|
38
|
-
true
|
|
37
|
+
true
|
|
39
38
|
end
|
|
40
39
|
end
|
|
41
40
|
end
|
data/lib/devise/version.rb
CHANGED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
require 'test_helper'
|
|
2
|
+
|
|
3
|
+
class AuthenticatableTest < ActiveSupport::TestCase
|
|
4
|
+
test 'find_first_by_auth_conditions allows custom filtering parameters' do
|
|
5
|
+
user = User.create!(email: "example@example.com", password: "123456")
|
|
6
|
+
assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
|
|
7
|
+
assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id + 1), nil
|
|
8
|
+
end
|
|
9
|
+
end
|
|
@@ -11,7 +11,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
|
|
|
11
11
|
user.save!
|
|
12
12
|
assert_equal email.downcase, user.email
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
|
|
15
15
|
test 'should remove whitespace from strip whitespace keys when saving' do
|
|
16
16
|
# strip_whitespace_keys is set to :email by default.
|
|
17
17
|
email = ' foo@bar.com '
|
|
@@ -23,9 +23,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
test "param filter should not convert booleans and integer to strings" do
|
|
26
|
-
conditions = {
|
|
26
|
+
conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
|
|
27
27
|
conditions = Devise::ParamFilter.new([], []).filter(conditions)
|
|
28
|
-
assert_equal( {
|
|
28
|
+
assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
test 'should respond to password and password confirmation' do
|
|
@@ -86,14 +86,14 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
|
|
|
86
86
|
:password => 'pass321', :password_confirmation => 'pass321')
|
|
87
87
|
assert user.reload.valid_password?('pass321')
|
|
88
88
|
end
|
|
89
|
-
|
|
89
|
+
|
|
90
90
|
test 'should update password with valid current password and :as option' do
|
|
91
91
|
user = create_user
|
|
92
92
|
assert user.update_with_password(:current_password => '123456',
|
|
93
93
|
:password => 'pass321', :password_confirmation => 'pass321', :as => :admin)
|
|
94
94
|
assert user.reload.valid_password?('pass321')
|
|
95
95
|
end
|
|
96
|
-
|
|
96
|
+
|
|
97
97
|
test 'should add an error to current password when it is invalid' do
|
|
98
98
|
user = create_user
|
|
99
99
|
assert_not user.update_with_password(:current_password => 'other',
|
|
@@ -145,7 +145,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
|
|
|
145
145
|
user.update_without_password(:email => 'new@example.com')
|
|
146
146
|
assert_equal 'new@example.com', user.email
|
|
147
147
|
end
|
|
148
|
-
|
|
148
|
+
|
|
149
149
|
test 'should update the user without password with :as option' do
|
|
150
150
|
user = create_user
|
|
151
151
|
user.update_without_password(:email => 'new@example.com', :as => :admin)
|
metadata
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.5.3
|
|
5
4
|
prerelease:
|
|
5
|
+
version: 1.5.4
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- José Valim
|
|
@@ -10,41 +10,56 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2013-01-26 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
|
-
|
|
17
|
-
requirement: &2151820240 !ruby/object:Gem::Requirement
|
|
18
|
-
none: false
|
|
16
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
19
17
|
requirements:
|
|
20
18
|
- - ~>
|
|
21
19
|
- !ruby/object:Gem::Version
|
|
22
20
|
version: '1.1'
|
|
21
|
+
none: false
|
|
22
|
+
name: warden
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
25
|
+
requirement: !ruby/object:Gem::Requirement
|
|
26
|
+
requirements:
|
|
27
|
+
- - ~>
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '1.1'
|
|
29
30
|
none: false
|
|
31
|
+
- !ruby/object:Gem::Dependency
|
|
32
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
30
33
|
requirements:
|
|
31
34
|
- - ~>
|
|
32
35
|
- !ruby/object:Gem::Version
|
|
33
36
|
version: 0.0.3
|
|
37
|
+
none: false
|
|
38
|
+
name: orm_adapter
|
|
34
39
|
type: :runtime
|
|
35
40
|
prerelease: false
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
41
|
+
requirement: !ruby/object:Gem::Requirement
|
|
42
|
+
requirements:
|
|
43
|
+
- - ~>
|
|
44
|
+
- !ruby/object:Gem::Version
|
|
45
|
+
version: 0.0.3
|
|
40
46
|
none: false
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
41
49
|
requirements:
|
|
42
50
|
- - ~>
|
|
43
51
|
- !ruby/object:Gem::Version
|
|
44
52
|
version: '3.0'
|
|
53
|
+
none: false
|
|
54
|
+
name: bcrypt-ruby
|
|
45
55
|
type: :runtime
|
|
46
56
|
prerelease: false
|
|
47
|
-
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ~>
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '3.0'
|
|
62
|
+
none: false
|
|
48
63
|
description: Flexible authentication solution for Rails with Warden
|
|
49
64
|
email: contact@plataformatec.com.br
|
|
50
65
|
executables: []
|
|
@@ -186,6 +201,7 @@ files:
|
|
|
186
201
|
- test/mailers/reset_password_instructions_test.rb
|
|
187
202
|
- test/mailers/unlock_instructions_test.rb
|
|
188
203
|
- test/mapping_test.rb
|
|
204
|
+
- test/models/authenticatable_test.rb
|
|
189
205
|
- test/models/confirmable_test.rb
|
|
190
206
|
- test/models/database_authenticatable_test.rb
|
|
191
207
|
- test/models/encryptable_test.rb
|
|
@@ -269,20 +285,20 @@ rdoc_options: []
|
|
|
269
285
|
require_paths:
|
|
270
286
|
- lib
|
|
271
287
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
272
|
-
none: false
|
|
273
288
|
requirements:
|
|
274
289
|
- - ! '>='
|
|
275
290
|
- !ruby/object:Gem::Version
|
|
276
291
|
version: '0'
|
|
277
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
278
292
|
none: false
|
|
293
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
279
294
|
requirements:
|
|
280
295
|
- - ! '>='
|
|
281
296
|
- !ruby/object:Gem::Version
|
|
282
297
|
version: '0'
|
|
298
|
+
none: false
|
|
283
299
|
requirements: []
|
|
284
300
|
rubyforge_project: devise
|
|
285
|
-
rubygems_version: 1.8.
|
|
301
|
+
rubygems_version: 1.8.23
|
|
286
302
|
signing_key:
|
|
287
303
|
specification_version: 3
|
|
288
304
|
summary: Flexible authentication solution for Rails with Warden
|
|
@@ -318,6 +334,7 @@ test_files:
|
|
|
318
334
|
- test/mailers/reset_password_instructions_test.rb
|
|
319
335
|
- test/mailers/unlock_instructions_test.rb
|
|
320
336
|
- test/mapping_test.rb
|
|
337
|
+
- test/models/authenticatable_test.rb
|
|
321
338
|
- test/models/confirmable_test.rb
|
|
322
339
|
- test/models/database_authenticatable_test.rb
|
|
323
340
|
- test/models/encryptable_test.rb
|