devise 2.1.0.rc2 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/Gemfile.lock +1 -1
- data/README.md +11 -12
- data/app/controllers/devise/confirmations_controller.rb +1 -1
- data/app/controllers/devise/passwords_controller.rb +2 -2
- data/app/controllers/devise/registrations_controller.rb +2 -2
- data/app/controllers/devise/unlocks_controller.rb +1 -1
- data/app/controllers/devise_controller.rb +6 -2
- data/config/locales/en.yml +2 -2
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/devise_generator.rb +1 -1
- data/test/controllers/internal_helpers_test.rb +7 -0
- data/test/integration/confirmable_test.rb +2 -2
- data/test/integration/recoverable_test.rb +2 -2
- metadata +17 -14
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -17,18 +17,17 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
|
|
17
17
|
|
18
18
|
It's comprised of 12 modules:
|
19
19
|
|
20
|
-
* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
|
21
|
-
* Token Authenticatable: signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
|
22
|
-
* Omniauthable: adds Omniauth (github.com/intridea/omniauth) support;
|
23
|
-
* Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
|
24
|
-
* Recoverable: resets the user password and sends reset instructions.
|
25
|
-
* Registerable: handles signing up users through a registration process, also allowing them to edit and destroy their account.
|
26
|
-
* Rememberable: manages generating and clearing a token for remembering the user from a saved cookie.
|
27
|
-
* Trackable: tracks sign in count, timestamps and IP address.
|
28
|
-
* Timeoutable: expires sessions that have no activity in a specified period of time.
|
29
|
-
* Validatable: provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
|
30
|
-
* Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
|
31
|
-
* Encryptable: adds support of other authentication mechanisms besides the built-in Bcrypt (the default).
|
20
|
+
* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
|
21
|
+
* [Token Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable): signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
|
22
|
+
* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds Omniauth (github.com/intridea/omniauth) support;
|
23
|
+
* [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
|
24
|
+
* [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
|
25
|
+
* [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
|
26
|
+
* [Rememberable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie.
|
27
|
+
* [Trackable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address.
|
28
|
+
* [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have no activity in a specified period of time.
|
29
|
+
* [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
|
30
|
+
* [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
|
32
31
|
|
33
32
|
## Information
|
34
33
|
|
@@ -6,7 +6,7 @@ class Devise::ConfirmationsController < DeviseController
|
|
6
6
|
|
7
7
|
# POST /resource/confirmation
|
8
8
|
def create
|
9
|
-
self.resource = resource_class.send_confirmation_instructions(
|
9
|
+
self.resource = resource_class.send_confirmation_instructions(resource_params)
|
10
10
|
|
11
11
|
if successfully_sent?(resource)
|
12
12
|
respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
|
@@ -8,7 +8,7 @@ class Devise::PasswordsController < DeviseController
|
|
8
8
|
|
9
9
|
# POST /resource/password
|
10
10
|
def create
|
11
|
-
self.resource = resource_class.send_reset_password_instructions(
|
11
|
+
self.resource = resource_class.send_reset_password_instructions(resource_params)
|
12
12
|
|
13
13
|
if successfully_sent?(resource)
|
14
14
|
respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
|
@@ -25,7 +25,7 @@ class Devise::PasswordsController < DeviseController
|
|
25
25
|
|
26
26
|
# PUT /resource/password
|
27
27
|
def update
|
28
|
-
self.resource = resource_class.reset_password_by_token(
|
28
|
+
self.resource = resource_class.reset_password_by_token(resource_params)
|
29
29
|
|
30
30
|
if resource.errors.empty?
|
31
31
|
flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
|
@@ -39,7 +39,7 @@ class Devise::RegistrationsController < DeviseController
|
|
39
39
|
def update
|
40
40
|
self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
|
41
41
|
|
42
|
-
if resource.update_with_password(
|
42
|
+
if resource.update_with_password(resource_params)
|
43
43
|
if is_navigational_format?
|
44
44
|
if resource.respond_to?(:pending_reconfirmation?) && resource.pending_reconfirmation?
|
45
45
|
flash_key = :update_needs_confirmation
|
@@ -77,7 +77,7 @@ class Devise::RegistrationsController < DeviseController
|
|
77
77
|
# Build a devise resource passing in the session. Useful to move
|
78
78
|
# temporary session data to the newly created user.
|
79
79
|
def build_resource(hash=nil)
|
80
|
-
hash ||=
|
80
|
+
hash ||= resource_params || {}
|
81
81
|
self.resource = resource_class.new_with_session(hash, session)
|
82
82
|
end
|
83
83
|
|
@@ -8,7 +8,7 @@ class Devise::UnlocksController < DeviseController
|
|
8
8
|
|
9
9
|
# POST /resource/unlock
|
10
10
|
def create
|
11
|
-
self.resource = resource_class.send_unlock_instructions(
|
11
|
+
self.resource = resource_class.send_unlock_instructions(resource_params)
|
12
12
|
|
13
13
|
if successfully_sent?(resource)
|
14
14
|
respond_with({}, :location => after_sending_unlock_instructions_path_for(resource))
|
@@ -5,7 +5,7 @@ class DeviseController < Devise.parent_controller.constantize
|
|
5
5
|
helper DeviseHelper
|
6
6
|
|
7
7
|
helpers = %w(resource scope_name resource_name signed_in_resource
|
8
|
-
resource_class devise_mapping)
|
8
|
+
resource_class resource_params devise_mapping)
|
9
9
|
hide_action *helpers
|
10
10
|
helper_method *helpers
|
11
11
|
|
@@ -28,6 +28,10 @@ class DeviseController < Devise.parent_controller.constantize
|
|
28
28
|
devise_mapping.to
|
29
29
|
end
|
30
30
|
|
31
|
+
def resource_params
|
32
|
+
params[resource_name]
|
33
|
+
end
|
34
|
+
|
31
35
|
# Returns a signed in resource from session (if one exists)
|
32
36
|
def signed_in_resource
|
33
37
|
warden.authenticate(:scope => resource_name)
|
@@ -81,7 +85,7 @@ MESSAGE
|
|
81
85
|
# Build a devise resource.
|
82
86
|
# Assignment bypasses attribute protection when :unsafe option is passed
|
83
87
|
def build_resource(hash = nil, options = {})
|
84
|
-
hash ||=
|
88
|
+
hash ||= resource_params || {}
|
85
89
|
|
86
90
|
if options[:unsafe]
|
87
91
|
self.resource = resource_class.new.tap do |resource|
|
data/config/locales/en.yml
CHANGED
@@ -28,10 +28,10 @@ en:
|
|
28
28
|
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
|
29
29
|
updated: 'Your password was changed successfully. You are now signed in.'
|
30
30
|
updated_not_active: 'Your password was changed successfully.'
|
31
|
-
send_paranoid_instructions: "If your
|
31
|
+
send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
|
32
32
|
confirmations:
|
33
33
|
send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
|
34
|
-
send_paranoid_instructions: 'If your
|
34
|
+
send_paranoid_instructions: 'If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes.'
|
35
35
|
confirmed: 'Your account was successfully confirmed. You are now signed in.'
|
36
36
|
registrations:
|
37
37
|
signed_up: 'Welcome! You have signed up successfully.'
|
data/lib/devise/version.rb
CHANGED
@@ -30,7 +30,7 @@ CONTENT
|
|
30
30
|
class_path = class_name.to_s.split("::")
|
31
31
|
|
32
32
|
indent_depth = class_path.size - 1
|
33
|
-
content = content.split("\n").map { |line| " " * indent_depth + line } .join("\n")
|
33
|
+
content = content.split("\n").map { |line| " " * indent_depth + line } .join("\n") << "\n"
|
34
34
|
|
35
35
|
inject_into_class(model_path, class_path.last, content) if model_exists?
|
36
36
|
end
|
@@ -33,6 +33,13 @@ class HelpersTest < ActionController::TestCase
|
|
33
33
|
assert_equal user, @controller.instance_variable_get(:@user)
|
34
34
|
end
|
35
35
|
|
36
|
+
test 'get resource params from request params using resource name as key' do
|
37
|
+
user_params = {'name' => 'Shirley Templar'}
|
38
|
+
@controller.stubs(:params).returns(HashWithIndifferentAccess.new({'user' => user_params}))
|
39
|
+
|
40
|
+
assert_equal user_params, @controller.resource_params
|
41
|
+
end
|
42
|
+
|
36
43
|
test 'resources methods are not controller actions' do
|
37
44
|
assert @controller.class.action_methods.empty?
|
38
45
|
end
|
@@ -180,7 +180,7 @@ class ConfirmationTest < ActionController::IntegrationTest
|
|
180
180
|
fill_in 'email', :with => user.email
|
181
181
|
click_button 'Resend confirmation instructions'
|
182
182
|
|
183
|
-
assert_contain "If your
|
183
|
+
assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
|
184
184
|
assert_current_url "/users/sign_in"
|
185
185
|
end
|
186
186
|
end
|
@@ -196,7 +196,7 @@ class ConfirmationTest < ActionController::IntegrationTest
|
|
196
196
|
assert_not_contain "1 error prohibited this user from being saved:"
|
197
197
|
assert_not_contain "Email not found"
|
198
198
|
|
199
|
-
assert_contain "If your
|
199
|
+
assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
|
200
200
|
assert_current_url "/users/sign_in"
|
201
201
|
end
|
202
202
|
end
|
@@ -268,7 +268,7 @@ class PasswordTest < ActionController::IntegrationTest
|
|
268
268
|
|
269
269
|
assert_not_contain "1 error prohibited this user from being saved:"
|
270
270
|
assert_not_contain "Email not found"
|
271
|
-
assert_contain "If your
|
271
|
+
assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
|
272
272
|
assert_current_url "/users/sign_in"
|
273
273
|
end
|
274
274
|
end
|
@@ -280,7 +280,7 @@ class PasswordTest < ActionController::IntegrationTest
|
|
280
280
|
fill_in 'email', :with => user.email
|
281
281
|
click_button 'Send me reset password instructions'
|
282
282
|
|
283
|
-
assert_contain "If your
|
283
|
+
assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
|
284
284
|
assert_current_url "/users/sign_in"
|
285
285
|
end
|
286
286
|
end
|
metadata
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.0
|
5
|
-
prerelease:
|
4
|
+
version: 2.1.0
|
5
|
+
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- José Valim
|
@@ -10,11 +10,11 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2012-05-
|
13
|
+
date: 2012-05-15 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: warden
|
17
|
-
requirement: &
|
17
|
+
requirement: &70295029841060 !ruby/object:Gem::Requirement
|
18
18
|
none: false
|
19
19
|
requirements:
|
20
20
|
- - ~>
|
@@ -22,10 +22,10 @@ dependencies:
|
|
22
22
|
version: 1.1.1
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
|
-
version_requirements: *
|
25
|
+
version_requirements: *70295029841060
|
26
26
|
- !ruby/object:Gem::Dependency
|
27
27
|
name: orm_adapter
|
28
|
-
requirement: &
|
28
|
+
requirement: &70295029863720 !ruby/object:Gem::Requirement
|
29
29
|
none: false
|
30
30
|
requirements:
|
31
31
|
- - ~>
|
@@ -33,10 +33,10 @@ dependencies:
|
|
33
33
|
version: 0.0.7
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
|
-
version_requirements: *
|
36
|
+
version_requirements: *70295029863720
|
37
37
|
- !ruby/object:Gem::Dependency
|
38
38
|
name: bcrypt-ruby
|
39
|
-
requirement: &
|
39
|
+
requirement: &70295029862760 !ruby/object:Gem::Requirement
|
40
40
|
none: false
|
41
41
|
requirements:
|
42
42
|
- - ~>
|
@@ -44,10 +44,10 @@ dependencies:
|
|
44
44
|
version: '3.0'
|
45
45
|
type: :runtime
|
46
46
|
prerelease: false
|
47
|
-
version_requirements: *
|
47
|
+
version_requirements: *70295029862760
|
48
48
|
- !ruby/object:Gem::Dependency
|
49
49
|
name: railties
|
50
|
-
requirement: &
|
50
|
+
requirement: &70295029861220 !ruby/object:Gem::Requirement
|
51
51
|
none: false
|
52
52
|
requirements:
|
53
53
|
- - ~>
|
@@ -55,7 +55,7 @@ dependencies:
|
|
55
55
|
version: '3.1'
|
56
56
|
type: :runtime
|
57
57
|
prerelease: false
|
58
|
-
version_requirements: *
|
58
|
+
version_requirements: *70295029861220
|
59
59
|
description: Flexible authentication solution for Rails with Warden
|
60
60
|
email: contact@plataformatec.com.br
|
61
61
|
executables: []
|
@@ -281,13 +281,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
281
281
|
version: '0'
|
282
282
|
segments:
|
283
283
|
- 0
|
284
|
-
hash:
|
284
|
+
hash: 2729560930850104924
|
285
285
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
286
286
|
none: false
|
287
287
|
requirements:
|
288
|
-
- - ! '
|
288
|
+
- - ! '>='
|
289
289
|
- !ruby/object:Gem::Version
|
290
|
-
version:
|
290
|
+
version: '0'
|
291
|
+
segments:
|
292
|
+
- 0
|
293
|
+
hash: 2729560930850104924
|
291
294
|
requirements: []
|
292
295
|
rubyforge_project: devise
|
293
296
|
rubygems_version: 1.8.11
|