devise 2.2.0.rc → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +6 -4
- data/MIT-LICENSE +1 -1
- data/README.md +1 -1
- data/app/controllers/devise/sessions_controller.rb +1 -3
- data/app/mailers/devise/mailer.rb +6 -6
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/lib/devise/mailers/helpers.rb +8 -5
- data/lib/devise/models/authenticatable.rb +2 -6
- data/lib/devise/models/confirmable.rb +3 -9
- data/lib/devise/version.rb +1 -1
- data/test/integration/authenticatable_test.rb +19 -0
- metadata +5 -5
data/CHANGELOG.rdoc
CHANGED
|
@@ -1,13 +1,15 @@
|
|
|
1
|
-
== 2.2.0
|
|
1
|
+
== 2.2.0
|
|
2
2
|
|
|
3
|
-
*
|
|
3
|
+
* backwards incompatible changes
|
|
4
|
+
* `headers_for` is deprecated, customize the mailer directly instead
|
|
5
|
+
* All mailer methods now expect a second argument with delivery options
|
|
4
6
|
* Default minimum password length is now 8 (by @carlosgaldino)
|
|
5
|
-
* Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (@gabetax)
|
|
7
|
+
* Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (by @gabetax)
|
|
6
8
|
* DeviseController responds only to HTML requests by default (call `DeviseController.respond_to` or `ApplicationController.respond_to` to add new formats)
|
|
7
9
|
* Support Mongoid 3 onwards (by @durran)
|
|
8
|
-
* Fix unlockable which could leak account existence on paranoid mode (by @latortuga)
|
|
9
10
|
|
|
10
11
|
* enhancements
|
|
12
|
+
* Fix unlockable which could leak account existence on paranoid mode (by @latortuga)
|
|
11
13
|
* Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt)
|
|
12
14
|
* Flash messages in controller now respects `resource_name` (by @latortuga)
|
|
13
15
|
* Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast)
|
data/MIT-LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -27,10 +27,8 @@ class Devise::SessionsController < DeviseController
|
|
|
27
27
|
# We actually need to hardcode this as Rails default responder doesn't
|
|
28
28
|
# support returning empty response on GET request
|
|
29
29
|
respond_to do |format|
|
|
30
|
+
format.all { head :no_content }
|
|
30
31
|
format.any(*navigational_formats) { redirect_to redirect_path }
|
|
31
|
-
format.all do
|
|
32
|
-
head :no_content
|
|
33
|
-
end
|
|
34
32
|
end
|
|
35
33
|
end
|
|
36
34
|
|
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
class Devise::Mailer < ::ActionMailer::Base
|
|
2
2
|
include Devise::Mailers::Helpers
|
|
3
3
|
|
|
4
|
-
def confirmation_instructions(record)
|
|
5
|
-
devise_mail(record, :confirmation_instructions)
|
|
4
|
+
def confirmation_instructions(record, opts={})
|
|
5
|
+
devise_mail(record, :confirmation_instructions, opts)
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
-
def reset_password_instructions(record)
|
|
9
|
-
devise_mail(record, :reset_password_instructions)
|
|
8
|
+
def reset_password_instructions(record, opts={})
|
|
9
|
+
devise_mail(record, :reset_password_instructions, opts)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def unlock_instructions(record)
|
|
13
|
-
devise_mail(record, :unlock_instructions)
|
|
12
|
+
def unlock_instructions(record, opts={})
|
|
13
|
+
devise_mail(record, :unlock_instructions, opts)
|
|
14
14
|
end
|
|
15
15
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
<p>Hello <%= @resource.email %>!</p>
|
|
2
2
|
|
|
3
|
-
<p>Someone has requested a link to change your password
|
|
3
|
+
<p>Someone has requested a link to change your password. You can do this through the link below.</p>
|
|
4
4
|
|
|
5
5
|
<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
|
|
6
6
|
|
|
@@ -11,9 +11,9 @@ module Devise
|
|
|
11
11
|
protected
|
|
12
12
|
|
|
13
13
|
# Configure default email options
|
|
14
|
-
def devise_mail(record, action)
|
|
14
|
+
def devise_mail(record, action, opts={})
|
|
15
15
|
initialize_from_record(record)
|
|
16
|
-
mail headers_for(action)
|
|
16
|
+
mail headers_for(action, opts)
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def initialize_from_record(record)
|
|
@@ -25,16 +25,19 @@ module Devise
|
|
|
25
25
|
@devise_mapping ||= Devise.mappings[scope_name]
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
def headers_for(action)
|
|
28
|
+
def headers_for(action, opts)
|
|
29
29
|
headers = {
|
|
30
30
|
:subject => translate(devise_mapping, action),
|
|
31
31
|
:to => resource.email,
|
|
32
32
|
:from => mailer_sender(devise_mapping),
|
|
33
33
|
:reply_to => mailer_reply_to(devise_mapping),
|
|
34
|
-
:template_path => template_paths
|
|
35
|
-
|
|
34
|
+
:template_path => template_paths,
|
|
35
|
+
:template_name => action
|
|
36
|
+
}.merge(opts)
|
|
36
37
|
|
|
37
38
|
if resource.respond_to?(:headers_for)
|
|
39
|
+
ActiveSupport::Deprecation.warn "Calling headers_for in the model is no longer supported. " <<
|
|
40
|
+
"Please customize your mailer instead."
|
|
38
41
|
headers.merge!(resource.headers_for(action))
|
|
39
42
|
end
|
|
40
43
|
|
|
@@ -93,10 +93,6 @@ module Devise
|
|
|
93
93
|
def authenticatable_salt
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
-
def headers_for(name)
|
|
97
|
-
{}
|
|
98
|
-
end
|
|
99
|
-
|
|
100
96
|
array = %w(serializable_hash)
|
|
101
97
|
# to_xml does not call serializable_hash on 3.1
|
|
102
98
|
array << "to_xml" if Rails::VERSION::STRING[0,3] == "3.1"
|
|
@@ -159,8 +155,8 @@ module Devise
|
|
|
159
155
|
# end
|
|
160
156
|
# end
|
|
161
157
|
#
|
|
162
|
-
def send_devise_notification(notification)
|
|
163
|
-
devise_mailer.send(notification, self).deliver
|
|
158
|
+
def send_devise_notification(notification, opts={})
|
|
159
|
+
devise_mailer.send(notification, self, opts).deliver
|
|
164
160
|
end
|
|
165
161
|
|
|
166
162
|
def downcase_keys
|
|
@@ -87,7 +87,9 @@ module Devise
|
|
|
87
87
|
@reconfirmation_required = false
|
|
88
88
|
|
|
89
89
|
generate_confirmation_token! if self.confirmation_token.blank?
|
|
90
|
-
|
|
90
|
+
|
|
91
|
+
opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { }
|
|
92
|
+
send_devise_notification(:confirmation_instructions, opts)
|
|
91
93
|
end
|
|
92
94
|
|
|
93
95
|
# Resend confirmation token. This method does not need to generate a new token.
|
|
@@ -123,14 +125,6 @@ module Devise
|
|
|
123
125
|
@bypass_postpone = true
|
|
124
126
|
end
|
|
125
127
|
|
|
126
|
-
def headers_for(action)
|
|
127
|
-
headers = super
|
|
128
|
-
if action == :confirmation_instructions && pending_reconfirmation?
|
|
129
|
-
headers[:to] = unconfirmed_email
|
|
130
|
-
end
|
|
131
|
-
headers
|
|
132
|
-
end
|
|
133
|
-
|
|
134
128
|
protected
|
|
135
129
|
|
|
136
130
|
# A callback method used to deliver confirmation
|
data/lib/devise/version.rb
CHANGED
|
@@ -517,6 +517,25 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
|
|
|
517
517
|
assert_response :no_content
|
|
518
518
|
assert_not warden.authenticated?(:user)
|
|
519
519
|
end
|
|
520
|
+
|
|
521
|
+
test 'sign out with non-navigational format via XHR does not redirect' do
|
|
522
|
+
swap Devise, :navigational_formats => ['*/*', :html] do
|
|
523
|
+
sign_in_as_user
|
|
524
|
+
xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
|
|
525
|
+
assert_response :no_content
|
|
526
|
+
assert_not warden.authenticated?(:user)
|
|
527
|
+
end
|
|
528
|
+
end
|
|
529
|
+
|
|
530
|
+
# Belt and braces ... Perhaps this test is not necessary?
|
|
531
|
+
test 'sign out with navigational format via XHR does redirect' do
|
|
532
|
+
swap Devise, :navigational_formats => ['*/*', :html] do
|
|
533
|
+
sign_in_as_user
|
|
534
|
+
xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" }
|
|
535
|
+
assert_response :redirect
|
|
536
|
+
assert_not warden.authenticated?(:user)
|
|
537
|
+
end
|
|
538
|
+
end
|
|
520
539
|
end
|
|
521
540
|
|
|
522
541
|
class AuthenticationKeysTest < ActionController::IntegrationTest
|
metadata
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
prerelease:
|
|
5
|
-
version: 2.2.0
|
|
4
|
+
prerelease:
|
|
5
|
+
version: 2.2.0
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- José Valim
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2013-01-08 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -303,9 +303,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
303
303
|
none: false
|
|
304
304
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
305
305
|
requirements:
|
|
306
|
-
- - ! '
|
|
306
|
+
- - ! '>='
|
|
307
307
|
- !ruby/object:Gem::Version
|
|
308
|
-
version:
|
|
308
|
+
version: '0'
|
|
309
309
|
none: false
|
|
310
310
|
requirements: []
|
|
311
311
|
rubyforge_project: devise
|