devise 2.2.2 → 2.2.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +5 -0
- data/Gemfile.lock +1 -1
- data/app/mailers/devise/mailer.rb +1 -1
- data/config/locales/en.yml +48 -49
- data/lib/devise.rb +7 -1
- data/lib/devise/controllers/rememberable.rb +7 -3
- data/lib/devise/models/authenticatable.rb +6 -7
- data/lib/devise/param_filter.rb +1 -2
- data/lib/devise/strategies/rememberable.rb +2 -2
- data/lib/devise/version.rb +1 -1
- data/test/integration/rememberable_test.rb +7 -0
- data/test/models/authenticatable_test.rb +7 -1
- data/test/models/database_authenticatable_test.rb +2 -8
- metadata +2 -2
data/CHANGELOG.rdoc
CHANGED
data/Gemfile.lock
CHANGED
data/config/locales/en.yml
CHANGED
@@ -1,60 +1,59 @@
|
|
1
1
|
# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
|
2
2
|
|
3
3
|
en:
|
4
|
+
devise:
|
5
|
+
confirmations:
|
6
|
+
confirmed: "Your account was successfully confirmed. You are now signed in."
|
7
|
+
send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
|
8
|
+
send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
|
9
|
+
failure:
|
10
|
+
already_authenticated: "You are already signed in."
|
11
|
+
inactive: "Your account was not activated yet."
|
12
|
+
invalid: "Invalid email or password."
|
13
|
+
invalid_token: "Invalid authentication token."
|
14
|
+
locked: "Your account is locked."
|
15
|
+
not_found_in_database: "Invalid email or password."
|
16
|
+
timeout: "Your session expired, please sign in again to continue."
|
17
|
+
unauthenticated: "You need to sign in or sign up before continuing."
|
18
|
+
unconfirmed: "You have to confirm your account before continuing."
|
19
|
+
mailer:
|
20
|
+
confirmation_instructions:
|
21
|
+
subject: "Confirmation instructions"
|
22
|
+
reset_password_instructions:
|
23
|
+
subject: "Reset password instructions"
|
24
|
+
unlock_instructions:
|
25
|
+
subject: "Unlock Instructions"
|
26
|
+
omniauth_callbacks:
|
27
|
+
failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
|
28
|
+
success: "Successfully authenticated from %{kind} account."
|
29
|
+
passwords:
|
30
|
+
no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
|
31
|
+
send_instructions: "You will receive an email with instructions about how to reset your password in a few minutes."
|
32
|
+
send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
|
33
|
+
updated: "Your password was changed successfully. You are now signed in."
|
34
|
+
updated_not_active: "Your password was changed successfully."
|
35
|
+
registrations:
|
36
|
+
destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon."
|
37
|
+
signed_up: "Welcome! You have signed up successfully."
|
38
|
+
signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
|
39
|
+
signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
|
40
|
+
signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account."
|
41
|
+
update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
|
42
|
+
updated: "You updated your account successfully."
|
43
|
+
sessions:
|
44
|
+
signed_in: "Signed in successfully."
|
45
|
+
signed_out: "Signed out successfully."
|
46
|
+
unlocks:
|
47
|
+
send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes."
|
48
|
+
send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
|
49
|
+
unlocked: "Your account has been unlocked successfully. Please sign in to continue."
|
4
50
|
errors:
|
5
51
|
messages:
|
52
|
+
already_confirmed: "was already confirmed, please try signing in"
|
53
|
+
confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
|
6
54
|
expired: "has expired, please request a new one"
|
7
55
|
not_found: "not found"
|
8
|
-
already_confirmed: "was already confirmed, please try signing in"
|
9
56
|
not_locked: "was not locked"
|
10
57
|
not_saved:
|
11
58
|
one: "1 error prohibited this %{resource} from being saved:"
|
12
59
|
other: "%{count} errors prohibited this %{resource} from being saved:"
|
13
|
-
confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one"
|
14
|
-
|
15
|
-
devise:
|
16
|
-
failure:
|
17
|
-
already_authenticated: 'You are already signed in.'
|
18
|
-
unauthenticated: 'You need to sign in or sign up before continuing.'
|
19
|
-
unconfirmed: 'You have to confirm your account before continuing.'
|
20
|
-
locked: 'Your account is locked.'
|
21
|
-
not_found_in_database: 'Invalid email or password.'
|
22
|
-
invalid: 'Invalid email or password.'
|
23
|
-
invalid_token: 'Invalid authentication token.'
|
24
|
-
timeout: 'Your session expired, please sign in again to continue.'
|
25
|
-
inactive: 'Your account was not activated yet.'
|
26
|
-
sessions:
|
27
|
-
signed_in: 'Signed in successfully.'
|
28
|
-
signed_out: 'Signed out successfully.'
|
29
|
-
passwords:
|
30
|
-
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
|
31
|
-
updated: 'Your password was changed successfully. You are now signed in.'
|
32
|
-
updated_not_active: 'Your password was changed successfully.'
|
33
|
-
send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
|
34
|
-
no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
|
35
|
-
confirmations:
|
36
|
-
send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
|
37
|
-
send_paranoid_instructions: 'If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes.'
|
38
|
-
confirmed: 'Your account was successfully confirmed. You are now signed in.'
|
39
|
-
registrations:
|
40
|
-
signed_up: 'Welcome! You have signed up successfully.'
|
41
|
-
signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
|
42
|
-
signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
|
43
|
-
signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
|
44
|
-
updated: 'You updated your account successfully.'
|
45
|
-
update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
|
46
|
-
destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
|
47
|
-
unlocks:
|
48
|
-
send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
|
49
|
-
unlocked: 'Your account has been unlocked successfully. Please sign in to continue.'
|
50
|
-
send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.'
|
51
|
-
omniauth_callbacks:
|
52
|
-
success: 'Successfully authenticated from %{kind} account.'
|
53
|
-
failure: 'Could not authenticate you from %{kind} because "%{reason}".'
|
54
|
-
mailer:
|
55
|
-
confirmation_instructions:
|
56
|
-
subject: 'Confirmation instructions'
|
57
|
-
reset_password_instructions:
|
58
|
-
subject: 'Reset password instructions'
|
59
|
-
unlock_instructions:
|
60
|
-
subject: 'Unlock Instructions'
|
data/lib/devise.rb
CHANGED
@@ -43,7 +43,7 @@ module Devise
|
|
43
43
|
# True values used to check params
|
44
44
|
TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
|
45
45
|
|
46
|
-
# Custom domain for cookies. Not set by default
|
46
|
+
# Custom domain or key for cookies. Not set by default
|
47
47
|
mattr_accessor :rememberable_options
|
48
48
|
@@rememberable_options = {}
|
49
49
|
|
@@ -199,6 +199,12 @@ module Devise
|
|
199
199
|
mattr_accessor :parent_controller
|
200
200
|
@@parent_controller = "ApplicationController"
|
201
201
|
|
202
|
+
# The parent mailer all Devise mailers inherit from.
|
203
|
+
# Defaults to ActionMailer::Base. This should be set early
|
204
|
+
# in the initialization process and should be set to a string.
|
205
|
+
mattr_accessor :parent_mailer
|
206
|
+
@@parent_mailer = "ActionMailer::Base"
|
207
|
+
|
202
208
|
# The router Devise should use to generate routes. Defaults
|
203
209
|
# to :main_app. Should be overriden by engines in order
|
204
210
|
# to provide custom routes.
|
@@ -23,14 +23,14 @@ module Devise
|
|
23
23
|
def remember_me(resource)
|
24
24
|
scope = Devise::Mapping.find_scope!(resource)
|
25
25
|
resource.remember_me!(resource.extend_remember_period)
|
26
|
-
cookies.signed[
|
26
|
+
cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
|
27
27
|
end
|
28
28
|
|
29
29
|
# Forgets the given resource by deleting a cookie
|
30
30
|
def forget_me(resource)
|
31
31
|
scope = Devise::Mapping.find_scope!(resource)
|
32
32
|
resource.forget_me!
|
33
|
-
cookies.delete(
|
33
|
+
cookies.delete(remember_key(resource, scope), forget_cookie_values(resource))
|
34
34
|
end
|
35
35
|
|
36
36
|
protected
|
@@ -47,6 +47,10 @@ module Devise
|
|
47
47
|
:expires => resource.remember_expires_at
|
48
48
|
)
|
49
49
|
end
|
50
|
+
|
51
|
+
def remember_key(resource, scope)
|
52
|
+
resource.rememberable_options.fetch(:key, "remember_#{scope}_token")
|
53
|
+
end
|
50
54
|
end
|
51
55
|
end
|
52
|
-
end
|
56
|
+
end
|
@@ -214,21 +214,20 @@ module Devise
|
|
214
214
|
# namedscope to filter records while authenticating.
|
215
215
|
# Example:
|
216
216
|
#
|
217
|
-
# def self.find_for_authentication(
|
218
|
-
#
|
219
|
-
# super
|
217
|
+
# def self.find_for_authentication(tainted_conditions)
|
218
|
+
# find_first_by_auth_conditions(tainted_conditions, active: true)
|
220
219
|
# end
|
221
220
|
#
|
222
221
|
# Finally, notice that Devise also queries for users in other scenarios
|
223
222
|
# besides authentication, for example when retrieving an user to send
|
224
223
|
# an e-mail for password reset. In such cases, find_for_authentication
|
225
224
|
# is not called.
|
226
|
-
def find_for_authentication(
|
227
|
-
find_first_by_auth_conditions(
|
225
|
+
def find_for_authentication(tainted_conditions)
|
226
|
+
find_first_by_auth_conditions(tainted_conditions)
|
228
227
|
end
|
229
228
|
|
230
|
-
def find_first_by_auth_conditions(
|
231
|
-
to_adapter.find_first
|
229
|
+
def find_first_by_auth_conditions(tainted_conditions, opts={})
|
230
|
+
to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
|
232
231
|
end
|
233
232
|
|
234
233
|
# Find an initialize a record setting an error if it can't be found.
|
data/lib/devise/param_filter.rb
CHANGED
@@ -33,9 +33,8 @@ module Devise
|
|
33
33
|
|
34
34
|
private
|
35
35
|
|
36
|
-
# Determine which values should be transformed to string or passed as-is to the query builder underneath
|
37
36
|
def param_requires_string_conversion?(value)
|
38
|
-
|
37
|
+
true
|
39
38
|
end
|
40
39
|
end
|
41
40
|
end
|
@@ -41,7 +41,7 @@ module Devise
|
|
41
41
|
end
|
42
42
|
|
43
43
|
def remember_key
|
44
|
-
"remember_#{scope}_token"
|
44
|
+
mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
|
45
45
|
end
|
46
46
|
|
47
47
|
def remember_cookie
|
@@ -52,4 +52,4 @@ module Devise
|
|
52
52
|
end
|
53
53
|
end
|
54
54
|
|
55
|
-
Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)
|
55
|
+
Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)
|
data/lib/devise/version.rb
CHANGED
@@ -57,6 +57,13 @@ class RememberMeTest < ActionController::IntegrationTest
|
|
57
57
|
end
|
58
58
|
end
|
59
59
|
|
60
|
+
test 'generate remember token with a custom key' do
|
61
|
+
swap Devise, :rememberable_options => { :key => "v1lat_token" } do
|
62
|
+
user = sign_in_as_user :remember_me => true
|
63
|
+
assert request.cookies["v1lat_token"]
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
60
67
|
test 'generate remember token after sign in setting session options' do
|
61
68
|
begin
|
62
69
|
Rails.configuration.session_options[:domain] = "omg.somewhere.com"
|
@@ -4,4 +4,10 @@ class AuthenticatableTest < ActiveSupport::TestCase
|
|
4
4
|
test 'required_fields should be an empty array' do
|
5
5
|
assert_equal Devise::Models::Validatable.required_fields(User), []
|
6
6
|
end
|
7
|
-
|
7
|
+
|
8
|
+
test 'find_first_by_auth_conditions allows custom filtering parameters' do
|
9
|
+
user = User.create!(email: "example@example.com", password: "123456")
|
10
|
+
assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
|
11
|
+
assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id + 1), nil
|
12
|
+
end
|
13
|
+
end
|
@@ -47,15 +47,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
|
|
47
47
|
end
|
48
48
|
|
49
49
|
test "param filter should not convert booleans and integer to strings" do
|
50
|
-
conditions = {
|
50
|
+
conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
|
51
51
|
conditions = Devise::ParamFilter.new([], []).filter(conditions)
|
52
|
-
assert_equal( {
|
53
|
-
end
|
54
|
-
|
55
|
-
test "param filter should not convert regular expressions to strings" do
|
56
|
-
conditions = { "regexp" => /expression/ }
|
57
|
-
conditions = Devise::ParamFilter.new([], []).filter(conditions)
|
58
|
-
assert_equal( { "regexp" => /expression/ }, conditions)
|
52
|
+
assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
|
59
53
|
end
|
60
54
|
|
61
55
|
test 'should respond to password and password confirmation' do
|
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 2.2.
|
5
|
+
version: 2.2.3
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- José Valim
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-01-
|
13
|
+
date: 2013-01-26 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
version_requirements: !ruby/object:Gem::Requirement
|