RubyGems - devise - Versions diffs - 2.1.2 → 2.1.3 - Mend

devise 2.1.2 → 2.1.3

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (7) hide show

data/CHANGELOG.rdoc +5 -0
data/lib/devise/models/authenticatable.rb +6 -7
data/lib/devise/param_filter.rb +1 -2
data/lib/devise/version.rb +1 -1
data/test/models/authenticatable_test.rb +7 -1
data/test/models/database_authenticatable_test.rb +3 -9
metadata +41 -22

data/CHANGELOG.rdoc CHANGED

@@ -1,3 +1,8 @@
+== 2.1.3
+* bug fix
+  * Require string conversion for all values
 == 2.1.2
 * Enhancements

data/lib/devise/models/authenticatable.rb CHANGED

@@ -205,21 +205,20 @@ module Devise
         # namedscope to filter records while authenticating.
         # Example:
         #
-        #   def self.find_for_authentication(conditions={})
-        #     conditions[:active] = true
-        #     super
+        #   def self.find_for_authentication(tainted_conditions)
+        #     find_first_by_auth_conditions(tainted_conditions, active: true)
         #   end
         #
         # Finally, notice that Devise also queries for users in other scenarios
         # besides authentication, for example when retrieving an user to send
         # an e-mail for password reset. In such cases, find_for_authentication
         # is not called.
-        def find_for_authentication(conditions)
-          find_first_by_auth_conditions(conditions)
+        def find_for_authentication(tainted_conditions)
+          find_first_by_auth_conditions(tainted_conditions)
         end
-        def find_first_by_auth_conditions(conditions)
-          to_adapter.find_first devise_param_filter.filter(conditions)
+        def find_first_by_auth_conditions(tainted_conditions, opts={})
+          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
         end
         # Find an initialize a record setting an error if it can't be found.

data/lib/devise/param_filter.rb CHANGED

@@ -33,9 +33,8 @@ module Devise
     private
-    # Determine which values should be transformed to string or passed as-is to the query builder underneath
     def param_requires_string_conversion?(value)
-      [Fixnum, TrueClass, FalseClass, Regexp].none? {|clz| value.is_a? clz }
+      true
     end
   end
 end

data/lib/devise/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "2.1.2".freeze
+  VERSION = "2.1.3".freeze
 end

data/test/models/authenticatable_test.rb CHANGED

@@ -4,4 +4,10 @@ class AuthenticatableTest < ActiveSupport::TestCase
   test 'required_fields should be an empty array' do
     assert_equal Devise::Models::Validatable.required_fields(User), []
   end
-end
+  test 'find_first_by_auth_conditions allows custom filtering parameters' do
+    user = User.create!(email: "example@example.com", password: "123456")
+    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
+    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id + 1), nil
+  end
+end

data/test/models/database_authenticatable_test.rb CHANGED

@@ -23,15 +23,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
   test "param filter should not convert booleans and integer to strings" do
-    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
+    conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
     conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
-  end
-  test "param filter should not convert regular expressions to strings" do
-    conditions = { "regexp" => /expression/ }
-    conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { "regexp" => /expression/ }, conditions)
+    assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
   end
   test 'should respond to password and password confirmation' do
@@ -186,4 +180,4 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
       ]
     end
   end
-end
+end

metadata CHANGED

@@ -1,8 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: devise
 version: !ruby/object:Gem::Version
-  version: 2.1.2
   prerelease:
+  version: 2.1.3
 platform: ruby
 authors:
 - José Valim
@@ -10,52 +10,72 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-06-19 00:00:00.000000000 Z
+date: 2013-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: warden
-  requirement: &2157810840 !ruby/object:Gem::Requirement
-    none: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.2.1
+    none: false
+  name: warden
   type: :runtime
   prerelease: false
-  version_requirements: *2157810840
-- !ruby/object:Gem::Dependency
-  name: orm_adapter
-  requirement: &2157810340 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.1
     none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.1'
+    none: false
+  name: orm_adapter
   type: :runtime
   prerelease: false
-  version_requirements: *2157810340
-- !ruby/object:Gem::Dependency
-  name: bcrypt-ruby
-  requirement: &2157809880 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
     none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
+    none: false
+  name: bcrypt-ruby
   type: :runtime
   prerelease: false
-  version_requirements: *2157809880
-- !ruby/object:Gem::Dependency
-  name: railties
-  requirement: &2157809420 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
     none: false
+- !ruby/object:Gem::Dependency
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
+    none: false
+  name: railties
   type: :runtime
   prerelease: false
-  version_requirements: *2157809420
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    none: false
 description: Flexible authentication solution for Rails with Warden
 email: contact@plataformatec.com.br
 executables: []
@@ -274,20 +294,20 @@ rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
+required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+  none: false
 requirements: []
 rubyforge_project: devise
-rubygems_version: 1.8.15
+rubygems_version: 1.8.23
 signing_key:
 specification_version: 3
 summary: Flexible authentication solution for Rails with Warden
@@ -399,4 +419,3 @@ test_files:
 - test/support/webrat/integrations/rails.rb
 - test/test_helper.rb
 - test/test_helpers_test.rb
-has_rdoc: