devise 3.2.4 → 3.3.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.gitignore +0 -1
- data/.travis.yml +12 -5
- data/CHANGELOG.md +28 -1
- data/Gemfile +5 -5
- data/Gemfile.lock +98 -92
- data/README.md +22 -16
- data/app/controllers/devise/confirmations_controller.rb +1 -1
- data/app/controllers/devise/registrations_controller.rb +18 -5
- data/app/controllers/devise/sessions_controller.rb +32 -9
- data/app/controllers/devise_controller.rb +3 -3
- data/app/views/devise/registrations/new.html.erb +1 -1
- data/app/views/devise/sessions/new.html.erb +2 -2
- data/app/views/devise/shared/_links.erb +1 -1
- data/config/locales/en.yml +16 -15
- data/gemfiles/Gemfile.rails-3.2-stable +3 -3
- data/gemfiles/Gemfile.rails-3.2-stable.lock +166 -0
- data/gemfiles/Gemfile.rails-4.0-stable +4 -4
- data/gemfiles/Gemfile.rails-4.0-stable.lock +162 -0
- data/gemfiles/Gemfile.rails-head +7 -4
- data/gemfiles/Gemfile.rails-head.lock +190 -0
- data/lib/devise.rb +8 -4
- data/lib/devise/controllers/helpers.rb +77 -6
- data/lib/devise/controllers/sign_in_out.rb +0 -1
- data/lib/devise/controllers/store_location.rb +8 -2
- data/lib/devise/controllers/url_helpers.rb +3 -1
- data/lib/devise/failure_app.rb +6 -6
- data/lib/devise/hooks/activatable.rb +3 -4
- data/lib/devise/hooks/csrf_cleaner.rb +3 -1
- data/lib/devise/hooks/timeoutable.rb +8 -1
- data/lib/devise/mapping.rb +4 -1
- data/lib/devise/models/confirmable.rb +3 -3
- data/lib/devise/models/database_authenticatable.rb +7 -3
- data/lib/devise/models/lockable.rb +2 -2
- data/lib/devise/models/recoverable.rb +23 -7
- data/lib/devise/models/rememberable.rb +2 -2
- data/lib/devise/models/trackable.rb +4 -1
- data/lib/devise/rails/routes.rb +8 -6
- data/lib/devise/strategies/authenticatable.rb +7 -0
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/devise_generator.rb +19 -2
- data/lib/generators/templates/README +1 -1
- data/lib/generators/templates/devise.rb +3 -0
- data/script/cached-bundle +49 -0
- data/script/s3-put +71 -0
- data/test/controllers/custom_registrations_controller_test.rb +35 -0
- data/test/controllers/helpers_test.rb +35 -0
- data/test/controllers/internal_helpers_test.rb +1 -1
- data/test/controllers/passwords_controller_test.rb +1 -1
- data/test/devise_test.rb +18 -5
- data/test/failure_app_test.rb +40 -4
- data/test/generators/active_record_generator_test.rb +6 -0
- data/test/helpers/devise_helper_test.rb +3 -2
- data/test/integration/authenticatable_test.rb +19 -3
- data/test/integration/confirmable_test.rb +49 -9
- data/test/integration/http_authenticatable_test.rb +1 -1
- data/test/integration/lockable_test.rb +6 -6
- data/test/integration/recoverable_test.rb +5 -5
- data/test/integration/registerable_test.rb +32 -22
- data/test/integration/timeoutable_test.rb +8 -2
- data/test/integration/trackable_test.rb +2 -2
- data/test/mailers/confirmation_instructions_test.rb +3 -3
- data/test/mailers/reset_password_instructions_test.rb +3 -3
- data/test/mailers/unlock_instructions_test.rb +3 -3
- data/test/models/authenticatable_test.rb +1 -1
- data/test/models/lockable_test.rb +6 -0
- data/test/models/recoverable_test.rb +12 -0
- data/test/models/rememberable_test.rb +21 -6
- data/test/models/trackable_test.rb +28 -0
- data/test/models/validatable_test.rb +2 -2
- data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
- data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
- data/test/rails_app/app/controllers/application_controller.rb +3 -0
- data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
- data/test/rails_app/app/controllers/custom/registrations_controller.rb +21 -0
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +1 -1
- data/test/rails_app/app/controllers/users_controller.rb +1 -1
- data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
- data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
- data/test/rails_app/config/application.rb +1 -1
- data/test/rails_app/config/initializers/devise.rb +2 -0
- data/test/rails_app/config/routes.rb +17 -0
- data/test/rails_app/lib/shared_user.rb +1 -1
- data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
- data/test/routes_test.rb +5 -3
- data/test/support/assertions.rb +2 -3
- data/test/support/integration.rb +2 -2
- data/test/test_helper.rb +2 -0
- data/test/test_helpers_test.rb +22 -32
- metadata +23 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7a79724cdbd2d14aed052324284f0c46ccc73105
|
4
|
+
data.tar.gz: fb827a2e7cf992d9172084057d3299a67223fc90
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4a0e69c16b5ec178882c8fea6a5a722342d59b5af1277c2fad6117f90a16f9eaafa7a36c7b20e3ec3154755071fb08a1788ec727b7de7bb460665a6dbde48e65
|
7
|
+
data.tar.gz: b2f16d7a9954c35675098a37659485266f221f84c861906155290ccb8d514f0056ecf312f86b57e85a670b03c152884bafef019f25f2fdd47c8ce2a1fce2a5cf
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
@@ -1,14 +1,21 @@
|
|
1
1
|
language: ruby
|
2
2
|
script: "bundle exec rake test"
|
3
|
-
|
4
|
-
- gem install bundler -v '>= 1.5.1'
|
3
|
+
install: script/cached-bundle install --deployment --path vendor/bundle
|
5
4
|
rvm:
|
6
5
|
- 1.9.3
|
7
6
|
- 2.0.0
|
8
|
-
- 2.1.
|
7
|
+
- 2.1.2
|
9
8
|
env:
|
10
|
-
|
11
|
-
|
9
|
+
matrix:
|
10
|
+
- DEVISE_ORM=mongoid
|
11
|
+
- DEVISE_ORM=active_record
|
12
|
+
global:
|
13
|
+
# AMAZON_S3_BUCKET
|
14
|
+
- secure: "qkeYGn2mpgsgU5tKS9GWvFp/utUF/9O8++Shch24DMnq8OB01TrV5QQ2Elj7sSjMWqw2Pbe56nUCA9eOWXhPglGyIq2AI9E0umsEGZxdRlqqobpiMWs5wl8KZ0cFD1rZm6CwfL8atmcNfTt5TnvsaQ2l/k3TerOT2e66R/Mibk8="
|
15
|
+
# AMAZON_ACCESS_KEY_ID
|
16
|
+
- secure: "rTYGUFH9SPN0L7QtdE6Liyy/1z7nGKxqDF9LMRsmNsIfsqxoTPKZ8bCctQ4ksuk9svynGQsLfsda5pA+YvuALzjdWmGcID6ENgOGvoFnhZO5LuJ5f6t0k8gFpV9oBquQgDWzhzrcPYvCUrUYg3GSlHjFSXdPdht3SoYn7PiDaNs="
|
17
|
+
# AMAZON_SECRET_ACCESS_KEY
|
18
|
+
- secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI="
|
12
19
|
gemfile:
|
13
20
|
- gemfiles/Gemfile.rails-head
|
14
21
|
- gemfiles/Gemfile.rails-4.0-stable
|
data/CHANGELOG.md
CHANGED
@@ -1,8 +1,35 @@
|
|
1
1
|
### Unreleased
|
2
2
|
|
3
|
+
* enhancements
|
4
|
+
* bug fixes
|
5
|
+
|
6
|
+
### 3.3.0
|
7
|
+
|
8
|
+
* enhancements
|
9
|
+
* Support multiple warden configuration blocks on devise configuration. (by @rossta)
|
10
|
+
* Previously, when a user signed out, all remember me tokens for all sessions/browsers would be
|
11
|
+
invalidated, and this behavior could not be changed. This behavior is now configurable via
|
12
|
+
`expire_all_remember_me_on_sign_out`. The default continues to be true. (by @laurocaetano)
|
13
|
+
* Default email messages was updated with grammar fixes, check the diff on
|
14
|
+
#2906 for the updated copy (by @p-originate)
|
15
|
+
* Allow a resource to be found based on its encrypted password token (by @karlentwistle)
|
16
|
+
* Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz)
|
17
|
+
* The default views now use `Log in` instead of `Sign in` and have a hint about the minimum password length if
|
18
|
+
the current scope is using the `validatable` module (by @alexsoble)
|
19
|
+
|
20
|
+
* bug fix
|
21
|
+
* Check if there is a signed in user before executing the `SessionsController#destroy`.
|
22
|
+
* `SessionsController#destroy` no longer yields the `resource` to receiving block,
|
23
|
+
since the resource isn't loaded in the action. If you need access to the current
|
24
|
+
resource when overring the action use the scope helper (like `current_user`) before
|
25
|
+
calling `super`
|
26
|
+
* Serialize the `last_request_at` entry as an Integer
|
27
|
+
* Ensure registration controller block yields happen on failure in addition to success (by @dpehrson)
|
28
|
+
* Only valid paths will be stored for redirections (by @parallel588)
|
29
|
+
|
3
30
|
### 3.2.4
|
4
31
|
|
5
|
-
*
|
32
|
+
* enhancements
|
6
33
|
* `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
|
7
34
|
* View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline)
|
8
35
|
|
data/Gemfile
CHANGED
@@ -2,16 +2,16 @@ source "https://rubygems.org"
|
|
2
2
|
|
3
3
|
gemspec
|
4
4
|
|
5
|
-
gem "rails", "~> 4.
|
6
|
-
gem "omniauth", "~> 1.
|
7
|
-
gem "omniauth-oauth2", "~> 1.
|
5
|
+
gem "rails", "~> 4.1.0"
|
6
|
+
gem "omniauth", "~> 1.2.0"
|
7
|
+
gem "omniauth-oauth2", "~> 1.1.0"
|
8
8
|
gem "rdoc"
|
9
9
|
|
10
10
|
group :test do
|
11
11
|
gem "omniauth-facebook"
|
12
12
|
gem "omniauth-openid", "~> 1.0.1"
|
13
13
|
gem "webrat", "0.7.3", require: false
|
14
|
-
gem "mocha", "~> 1.
|
14
|
+
gem "mocha", "~> 1.1", require: false
|
15
15
|
end
|
16
16
|
|
17
17
|
platforms :jruby do
|
@@ -25,5 +25,5 @@ platforms :ruby do
|
|
25
25
|
end
|
26
26
|
|
27
27
|
group :mongoid do
|
28
|
-
gem "mongoid",
|
28
|
+
gem "mongoid", "~> 4.0.0"
|
29
29
|
end
|
data/Gemfile.lock
CHANGED
@@ -1,18 +1,7 @@
|
|
1
|
-
GIT
|
2
|
-
remote: git://github.com/mongoid/mongoid.git
|
3
|
-
revision: 346a79a7d01aa194de80e649916239a18d38ce13
|
4
|
-
branch: master
|
5
|
-
specs:
|
6
|
-
mongoid (4.0.0)
|
7
|
-
activemodel (~> 4.0.0)
|
8
|
-
moped (~> 1.5)
|
9
|
-
origin (~> 1.0)
|
10
|
-
tzinfo (~> 0.3.22)
|
11
|
-
|
12
1
|
PATH
|
13
2
|
remote: .
|
14
3
|
specs:
|
15
|
-
devise (3.
|
4
|
+
devise (3.3.0)
|
16
5
|
bcrypt (~> 3.0)
|
17
6
|
orm_adapter (~> 0.1)
|
18
7
|
railties (>= 3.2.6, < 5)
|
@@ -22,117 +11,134 @@ PATH
|
|
22
11
|
GEM
|
23
12
|
remote: https://rubygems.org/
|
24
13
|
specs:
|
25
|
-
actionmailer (4.
|
26
|
-
actionpack (= 4.
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
14
|
+
actionmailer (4.1.4)
|
15
|
+
actionpack (= 4.1.4)
|
16
|
+
actionview (= 4.1.4)
|
17
|
+
mail (~> 2.5.4)
|
18
|
+
actionpack (4.1.4)
|
19
|
+
actionview (= 4.1.4)
|
20
|
+
activesupport (= 4.1.4)
|
32
21
|
rack (~> 1.5.2)
|
33
22
|
rack-test (~> 0.6.2)
|
34
|
-
|
35
|
-
activesupport (= 4.
|
36
|
-
builder (~> 3.1
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
23
|
+
actionview (4.1.4)
|
24
|
+
activesupport (= 4.1.4)
|
25
|
+
builder (~> 3.1)
|
26
|
+
erubis (~> 2.7.0)
|
27
|
+
activemodel (4.1.4)
|
28
|
+
activesupport (= 4.1.4)
|
29
|
+
builder (~> 3.1)
|
30
|
+
activerecord (4.1.4)
|
31
|
+
activemodel (= 4.1.4)
|
32
|
+
activesupport (= 4.1.4)
|
33
|
+
arel (~> 5.0.0)
|
34
|
+
activesupport (4.1.4)
|
35
|
+
i18n (~> 0.6, >= 0.6.9)
|
36
|
+
json (~> 1.7, >= 1.7.7)
|
37
|
+
minitest (~> 5.1)
|
47
38
|
thread_safe (~> 0.1)
|
48
|
-
tzinfo (~>
|
49
|
-
arel (
|
50
|
-
atomic (1.1.12)
|
39
|
+
tzinfo (~> 1.1)
|
40
|
+
arel (5.0.1.20140414130214)
|
51
41
|
bcrypt (3.1.7)
|
52
|
-
|
42
|
+
bson (2.3.0)
|
43
|
+
builder (3.2.2)
|
44
|
+
connection_pool (2.0.0)
|
53
45
|
erubis (2.7.0)
|
54
|
-
faraday (0.
|
55
|
-
multipart-post (
|
56
|
-
hashie (
|
46
|
+
faraday (0.9.0)
|
47
|
+
multipart-post (>= 1.2, < 3)
|
48
|
+
hashie (3.2.0)
|
57
49
|
hike (1.2.3)
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
jwt (0.1.8)
|
62
|
-
multi_json (>= 1.5)
|
50
|
+
i18n (0.6.11)
|
51
|
+
json (1.8.1)
|
52
|
+
jwt (1.0.0)
|
63
53
|
mail (2.5.4)
|
64
54
|
mime-types (~> 1.16)
|
65
55
|
treetop (~> 1.4.8)
|
66
56
|
metaclass (0.0.4)
|
67
|
-
mime-types (1.
|
68
|
-
|
69
|
-
|
57
|
+
mime-types (1.25.1)
|
58
|
+
mini_portile (0.6.0)
|
59
|
+
minitest (5.4.0)
|
60
|
+
mocha (1.1.0)
|
70
61
|
metaclass (~> 0.0.1)
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
62
|
+
mongoid (4.0.0)
|
63
|
+
activemodel (~> 4.0)
|
64
|
+
moped (~> 2.0.0)
|
65
|
+
origin (~> 2.1)
|
66
|
+
tzinfo (>= 0.3.37)
|
67
|
+
moped (2.0.0)
|
68
|
+
bson (~> 2.2)
|
69
|
+
connection_pool (~> 2.0)
|
70
|
+
optionable (~> 0.2.0)
|
71
|
+
multi_json (1.10.1)
|
72
|
+
multi_xml (0.5.5)
|
73
|
+
multipart-post (2.0.0)
|
74
|
+
nokogiri (1.6.3.1)
|
75
|
+
mini_portile (= 0.6.0)
|
76
|
+
oauth2 (0.9.4)
|
77
|
+
faraday (>= 0.8, < 0.10)
|
78
|
+
jwt (~> 1.0)
|
79
|
+
multi_json (~> 1.3)
|
80
|
+
multi_xml (~> 0.5)
|
80
81
|
rack (~> 1.2)
|
81
|
-
omniauth (1.
|
82
|
-
hashie (
|
83
|
-
rack
|
84
|
-
omniauth-facebook (1.
|
85
|
-
omniauth-oauth2 (~> 1.
|
86
|
-
omniauth-oauth2 (1.
|
87
|
-
|
88
|
-
|
82
|
+
omniauth (1.2.2)
|
83
|
+
hashie (>= 1.2, < 4)
|
84
|
+
rack (~> 1.0)
|
85
|
+
omniauth-facebook (1.6.0)
|
86
|
+
omniauth-oauth2 (~> 1.1)
|
87
|
+
omniauth-oauth2 (1.1.2)
|
88
|
+
faraday (>= 0.8, < 0.10)
|
89
|
+
multi_json (~> 1.3)
|
90
|
+
oauth2 (~> 0.9.3)
|
91
|
+
omniauth (~> 1.2)
|
89
92
|
omniauth-openid (1.0.1)
|
90
93
|
omniauth (~> 1.0)
|
91
94
|
rack-openid (~> 1.3.1)
|
92
|
-
|
95
|
+
optionable (0.2.0)
|
96
|
+
origin (2.1.1)
|
93
97
|
orm_adapter (0.5.0)
|
94
|
-
polyglot (0.3.
|
98
|
+
polyglot (0.3.5)
|
95
99
|
rack (1.5.2)
|
96
100
|
rack-openid (1.3.1)
|
97
101
|
rack (>= 1.1.0)
|
98
102
|
ruby-openid (>= 2.1.8)
|
99
103
|
rack-test (0.6.2)
|
100
104
|
rack (>= 1.0)
|
101
|
-
rails (4.
|
102
|
-
actionmailer (= 4.
|
103
|
-
actionpack (= 4.
|
104
|
-
|
105
|
-
|
105
|
+
rails (4.1.4)
|
106
|
+
actionmailer (= 4.1.4)
|
107
|
+
actionpack (= 4.1.4)
|
108
|
+
actionview (= 4.1.4)
|
109
|
+
activemodel (= 4.1.4)
|
110
|
+
activerecord (= 4.1.4)
|
111
|
+
activesupport (= 4.1.4)
|
106
112
|
bundler (>= 1.3.0, < 2.0)
|
107
|
-
railties (= 4.
|
108
|
-
sprockets-rails (~> 2.0
|
109
|
-
railties (4.
|
110
|
-
actionpack (= 4.
|
111
|
-
activesupport (= 4.
|
113
|
+
railties (= 4.1.4)
|
114
|
+
sprockets-rails (~> 2.0)
|
115
|
+
railties (4.1.4)
|
116
|
+
actionpack (= 4.1.4)
|
117
|
+
activesupport (= 4.1.4)
|
112
118
|
rake (>= 0.8.7)
|
113
119
|
thor (>= 0.18.1, < 2.0)
|
114
|
-
rake (10.
|
115
|
-
rdoc (4.
|
120
|
+
rake (10.3.2)
|
121
|
+
rdoc (4.1.1)
|
116
122
|
json (~> 1.4)
|
117
|
-
ruby-openid (2.
|
118
|
-
sprockets (2.
|
123
|
+
ruby-openid (2.5.0)
|
124
|
+
sprockets (2.12.1)
|
119
125
|
hike (~> 1.2)
|
120
126
|
multi_json (~> 1.0)
|
121
127
|
rack (~> 1.0)
|
122
128
|
tilt (~> 1.1, != 1.3.0)
|
123
|
-
sprockets-rails (2.
|
129
|
+
sprockets-rails (2.1.3)
|
124
130
|
actionpack (>= 3.0)
|
125
131
|
activesupport (>= 3.0)
|
126
132
|
sprockets (~> 2.8)
|
127
|
-
sqlite3 (1.3.
|
128
|
-
thor (0.
|
129
|
-
thread_safe (0.
|
130
|
-
atomic
|
133
|
+
sqlite3 (1.3.9)
|
134
|
+
thor (0.19.1)
|
135
|
+
thread_safe (0.3.4)
|
131
136
|
tilt (1.4.1)
|
132
|
-
treetop (1.4.
|
137
|
+
treetop (1.4.15)
|
133
138
|
polyglot
|
134
139
|
polyglot (>= 0.3.1)
|
135
|
-
tzinfo (
|
140
|
+
tzinfo (1.2.1)
|
141
|
+
thread_safe (~> 0.1)
|
136
142
|
warden (1.2.3)
|
137
143
|
rack (>= 1.0)
|
138
144
|
webrat (0.7.3)
|
@@ -148,13 +154,13 @@ DEPENDENCIES
|
|
148
154
|
activerecord-jdbcsqlite3-adapter
|
149
155
|
devise!
|
150
156
|
jruby-openssl
|
151
|
-
mocha (~> 1.
|
152
|
-
mongoid
|
153
|
-
omniauth (~> 1.
|
157
|
+
mocha (~> 1.1)
|
158
|
+
mongoid (~> 4.0.0)
|
159
|
+
omniauth (~> 1.2.0)
|
154
160
|
omniauth-facebook
|
155
|
-
omniauth-oauth2 (~> 1.
|
161
|
+
omniauth-oauth2 (~> 1.1.0)
|
156
162
|
omniauth-openid (~> 1.0.1)
|
157
|
-
rails (~> 4.
|
163
|
+
rails (~> 4.1.0)
|
158
164
|
rdoc
|
159
165
|
sqlite3
|
160
166
|
webrat (= 0.7.3)
|
data/README.md
CHANGED
@@ -27,7 +27,7 @@ It's composed of 10 modules:
|
|
27
27
|
* [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
|
28
28
|
* [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
|
29
29
|
|
30
|
-
Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is
|
30
|
+
Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress.
|
31
31
|
|
32
32
|
## Information
|
33
33
|
|
@@ -83,7 +83,7 @@ You will usually want to write tests for your changes. To run the test suite, g
|
|
83
83
|
|
84
84
|
If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources:
|
85
85
|
|
86
|
-
* Michael Hartl's online book: http://railstutorial.org/
|
86
|
+
* Michael Hartl's online book: http://www.railstutorial.org/book/demo_app#sec-modeling_demo_users
|
87
87
|
* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch
|
88
88
|
|
89
89
|
Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
|
@@ -110,24 +110,28 @@ The generator will install an initializer which describes ALL Devise's configura
|
|
110
110
|
rails generate devise MODEL
|
111
111
|
```
|
112
112
|
|
113
|
-
Replace MODEL
|
113
|
+
Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
|
114
114
|
|
115
|
-
Next, you
|
115
|
+
Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
|
116
|
+
|
117
|
+
Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
|
116
118
|
|
117
119
|
```ruby
|
118
|
-
config.action_mailer.default_url_options = { host: 'localhost:3000
|
120
|
+
config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
|
119
121
|
```
|
120
122
|
|
121
123
|
You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined.
|
122
124
|
|
123
125
|
### Controller filters and helpers
|
124
126
|
|
125
|
-
Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this
|
127
|
+
Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action (assuming your devise model is 'User'):
|
126
128
|
|
127
129
|
```ruby
|
128
|
-
|
130
|
+
before_action :authenticate_user!
|
129
131
|
```
|
130
132
|
|
133
|
+
If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below.
|
134
|
+
|
131
135
|
To verify if a user is signed in, use the following helper:
|
132
136
|
|
133
137
|
```ruby
|
@@ -157,7 +161,7 @@ You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to
|
|
157
161
|
Notice that if your Devise model is called `Member` instead of `User`, for example, then the helpers available are:
|
158
162
|
|
159
163
|
```ruby
|
160
|
-
|
164
|
+
before_action :authenticate_member!
|
161
165
|
|
162
166
|
member_signed_in?
|
163
167
|
|
@@ -190,7 +194,7 @@ In case you want to permit additional parameters (the lazy way™) you can do wi
|
|
190
194
|
|
191
195
|
```ruby
|
192
196
|
class ApplicationController < ActionController::Base
|
193
|
-
|
197
|
+
before_action :configure_permitted_parameters, if: :devise_controller?
|
194
198
|
|
195
199
|
protected
|
196
200
|
|
@@ -200,7 +204,7 @@ class ApplicationController < ActionController::Base
|
|
200
204
|
end
|
201
205
|
```
|
202
206
|
|
203
|
-
The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `
|
207
|
+
The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
|
204
208
|
|
205
209
|
To permit simple scalar values for username and email, use this
|
206
210
|
|
@@ -214,7 +218,7 @@ If you have some checkboxes that express the roles a user may take on registrati
|
|
214
218
|
|
215
219
|
```ruby
|
216
220
|
def configure_permitted_parameters
|
217
|
-
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(roles: [], :email, :password, :password_confirmation) }
|
221
|
+
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation) }
|
218
222
|
end
|
219
223
|
```
|
220
224
|
For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see
|
@@ -285,7 +289,7 @@ If the customization at the views level is not enough, you can customize each co
|
|
285
289
|
end
|
286
290
|
```
|
287
291
|
|
288
|
-
Note that in the above example, the controller needs to be created in the `app/
|
292
|
+
Note that in the above example, the controller needs to be created in the `app/controllers/admins/` directory.
|
289
293
|
|
290
294
|
2. Tell the router to use this controller:
|
291
295
|
|
@@ -383,6 +387,8 @@ Take a look at our locale file to check all available messages. You may also be
|
|
383
387
|
|
384
388
|
https://github.com/plataformatec/devise/wiki/I18n
|
385
389
|
|
390
|
+
Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController
|
391
|
+
|
386
392
|
### Test helpers
|
387
393
|
|
388
394
|
Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
|
@@ -393,7 +399,7 @@ class ActionController::TestCase
|
|
393
399
|
end
|
394
400
|
```
|
395
401
|
|
396
|
-
If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb`:
|
402
|
+
If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb`:
|
397
403
|
|
398
404
|
```ruby
|
399
405
|
RSpec.configure do |config|
|
@@ -411,11 +417,11 @@ sign_out :user # sign_out(scope)
|
|
411
417
|
sign_out @user # sign_out(resource)
|
412
418
|
```
|
413
419
|
|
414
|
-
There are two things that
|
420
|
+
There are two things that are important to keep in mind:
|
415
421
|
|
416
422
|
1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
|
417
423
|
|
418
|
-
2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
|
424
|
+
2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
|
419
425
|
|
420
426
|
```ruby
|
421
427
|
@request.env["devise.mapping"] = Devise.mappings[:user]
|
@@ -463,7 +469,7 @@ admin_session
|
|
463
469
|
|
464
470
|
Alternatively, you can simply run the Devise generator.
|
465
471
|
|
466
|
-
Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using
|
472
|
+
Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using a dedicated gem for authorization.
|
467
473
|
|
468
474
|
### Other ORMs
|
469
475
|
|