devise 4.0.3 → 4.1.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise might be problematic. Click here for more details.

Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +35 -4
  3. data/Gemfile +1 -0
  4. data/Gemfile.lock +5 -2
  5. data/gemfiles/Gemfile.rails-4.1-stable +1 -0
  6. data/gemfiles/Gemfile.rails-4.1-stable.lock +4 -1
  7. data/gemfiles/Gemfile.rails-4.2-stable +1 -0
  8. data/gemfiles/Gemfile.rails-4.2-stable.lock +5 -2
  9. data/lib/devise.rb +14 -105
  10. data/lib/devise/failure_app.rb +1 -1
  11. data/lib/devise/models/confirmable.rb +9 -5
  12. data/lib/devise/models/lockable.rb +1 -1
  13. data/lib/devise/models/recoverable.rb +1 -1
  14. data/lib/devise/models/rememberable.rb +1 -1
  15. data/lib/devise/omniauth/url_helpers.rb +4 -4
  16. data/lib/devise/parameter_sanitizer.rb +5 -5
  17. data/lib/devise/version.rb +1 -1
  18. data/lib/generators/templates/devise.rb +1 -1
  19. data/test/controllers/sessions_controller_test.rb +1 -1
  20. data/test/devise_test.rb +2 -29
  21. data/test/failure_app_test.rb +5 -5
  22. data/test/generators/active_record_generator_test.rb +1 -1
  23. data/test/integration/authenticatable_test.rb +18 -49
  24. data/test/integration/confirmable_test.rb +3 -3
  25. data/test/integration/database_authenticatable_test.rb +1 -1
  26. data/test/integration/http_authenticatable_test.rb +9 -7
  27. data/test/integration/lockable_test.rb +1 -1
  28. data/test/integration/recoverable_test.rb +2 -2
  29. data/test/integration/rememberable_test.rb +3 -3
  30. data/test/integration/timeoutable_test.rb +1 -1
  31. data/test/integration/trackable_test.rb +3 -3
  32. data/test/mapping_test.rb +2 -2
  33. data/test/models/rememberable_test.rb +0 -12
  34. data/test/models/validatable_test.rb +1 -1
  35. data/test/orm/active_record.rb +3 -1
  36. data/test/rails_app/app/controllers/application_controller.rb +1 -2
  37. data/test/rails_app/config/application.rb +4 -0
  38. data/test/rails_app/config/routes.rb +1 -0
  39. data/test/rails_app/lib/shared_user.rb +2 -1
  40. data/test/rails_app/lib/shared_user_without_omniauth.rb +1 -1
  41. data/test/routes_test.rb +2 -2
  42. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 71f8722abb5f39d461f25e52897d9805d34c126e
4
- data.tar.gz: b23ee1e571b673174794685aec473b60ff9cf808
3
+ metadata.gz: 5ff880fa248ea604b7cc7481eb7f943206cd6e3e
4
+ data.tar.gz: 7aa4b48b8c2aab94d7ce10a3ae911826f5d79533
5
5
  SHA512:
6
- metadata.gz: 241fcc13d6e66b9ee774be880a5a66d2cf0b0c5af0f440e80b0807b80546c8c41ed00dfbe2e287f2ed5094083d8a9f12218a431fc69f16d08b231e23252f6313
7
- data.tar.gz: c93cef3ab690017d030726734c6dbbeb5182072594aa908eed750a6374feed0d0f83aa6a28c76312affe6ec30cf6af81da268573e863867133eb67e043398c7a
6
+ metadata.gz: 92b0d27ae05dbd03db7c25e94ff6f9032796fa7117c1fb6a05072cf79dd4e43c8702156fe01b487aec1e39fdd7d1fb40611c80144319dc8cf73f84312a833717
7
+ data.tar.gz: c5aed368af11f6390dd632616cf3cb8d4d387d39bcdb36a458902d6dc959cf4e9c52c3780d52696efbe254650526147597aafab1b427818e77d5b9ce343968ef
@@ -1,13 +1,44 @@
1
- ### 4.0.3 - 2016-05-15
1
+ ### 4.1.0
2
2
 
3
3
  * bug fixes
4
- * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev).
4
+ * Fix race condition of sending the confirmation instructions e-mail using background jobs.
5
+ Using the previous `after_create` callback, the e-mail can be sent before
6
+ the record be committed on database, generating a `ActiveRecord::NotFound` error.
7
+ Now the confirmation e-mail will be only sent after the database commit,
8
+ using the `after_commit` callback.
9
+ It may break your test suite on Rails 4 if you are testing the sent e-mails
10
+ or enqueued jobs using transactional fixtures enabled or `DatabaseCleaner` with `transaction` strategy.
11
+ You can easily fix your test suite using the gem
12
+ [test_after_commit](https://github.com/grosser/test_after_commit). For example, put in your Gemfile:
5
13
 
6
- ### 4.0.2 - 2016-04-25
14
+ ```ruby
15
+ gem 'test_after_commit', :group => :test
16
+ ```
17
+
18
+ On Rails 5 `after_commit` callbacks are triggered even using transactional
19
+ fixtures, then this fix will not break your test suite. If you are using `DatabaseCleaner` with the `deletion` or `truncation` strategies it may not break your tests. (by @allenwq)
20
+ * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` and
21
+ `:undefined` strategies. (by @f3ndot)
22
+ * features
23
+ * Humanize authentication keys in failure flash message (by @byzg)
24
+ When you are configuring the translations of `devise.failure.invalid`, the
25
+ `authentication_keys` is translated now.
26
+ * deprecations
27
+ * Remove code supporting old session serialization format (by @fphilipe).
28
+ * Now the `email_regexp` default uses a more permissive regex:
29
+ `/\A[^@\s]+@[^@\s]+\z/` (by @kimgb)
30
+ * Now the `strip_whitespace_keys` default is `[:email]` (by @ulissesalmeida)
31
+ * Now the `reconfirmable` default is `true` (by @ulissesalmeida)
32
+ * Now the `skip_session_storage` default is `[:http_auth]` (by @ulissesalmeida)
33
+ * Now the `sign_out_via` default is `:delete` (by @ulissesalmeida)
34
+ * improvements
35
+ * Avoids extra computation of friendly token for confirmation token (by @sbc100)
36
+
37
+ ### 4.0.2 - 2016-05-02
7
38
 
8
39
  * bug fixes
9
40
  * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none`
10
- and `:undefined` strategies. (by @f3ndot)
41
+ and `:undefined` strategies. (by @f3ndot)
11
42
 
12
43
  ### 4.0.1 - 2016-04-25
13
44
 
data/Gemfile CHANGED
@@ -12,6 +12,7 @@ group :test do
12
12
  gem "omniauth-openid", "~> 1.0.1"
13
13
  gem "webrat", "0.7.3", require: false
14
14
  gem "mocha", "~> 1.1", require: false
15
+ gem 'test_after_commit', require: false
15
16
  end
16
17
 
17
18
  platforms :jruby do
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- devise (4.0.3)
4
+ devise (4.1.0)
5
5
  bcrypt (~> 3.0)
6
6
  orm_adapter (~> 0.1)
7
7
  railties (>= 4.1.0, < 5.1)
@@ -145,6 +145,8 @@ GEM
145
145
  activesupport (>= 4.0)
146
146
  sprockets (>= 3.0.0)
147
147
  sqlite3 (1.3.11)
148
+ test_after_commit (1.0.0)
149
+ activerecord (>= 3.2)
148
150
  thor (0.19.1)
149
151
  thread_safe (0.3.5)
150
152
  tzinfo (1.2.2)
@@ -173,7 +175,8 @@ DEPENDENCIES
173
175
  rails (~> 4.2.6)
174
176
  rdoc
175
177
  sqlite3
178
+ test_after_commit
176
179
  webrat (= 0.7.3)
177
180
 
178
181
  BUNDLED WITH
179
- 1.12.3
182
+ 1.11.2
@@ -12,6 +12,7 @@ group :test do
12
12
  gem "omniauth-openid", "~> 1.0.1"
13
13
  gem "webrat", "0.7.3", require: false
14
14
  gem "mocha", "~> 1.1", require: false
15
+ gem 'test_after_commit', require: false
15
16
  end
16
17
 
17
18
  platforms :jruby do
@@ -48,7 +48,7 @@ GIT
48
48
  PATH
49
49
  remote: ..
50
50
  specs:
51
- devise (4.0.0.rc2)
51
+ devise (4.0.1)
52
52
  bcrypt (~> 3.0)
53
53
  orm_adapter (~> 0.1)
54
54
  railties (>= 4.1.0, < 5.1)
@@ -133,6 +133,8 @@ GEM
133
133
  activesupport (>= 3.0)
134
134
  sprockets (>= 2.8, < 4.0)
135
135
  sqlite3 (1.3.11)
136
+ test_after_commit (1.0.0)
137
+ activerecord (>= 3.2)
136
138
  thor (0.19.1)
137
139
  thread_safe (0.3.5)
138
140
  tzinfo (1.2.2)
@@ -161,6 +163,7 @@ DEPENDENCIES
161
163
  rails!
162
164
  rdoc
163
165
  sqlite3
166
+ test_after_commit
164
167
  webrat (= 0.7.3)
165
168
 
166
169
  BUNDLED WITH
@@ -12,6 +12,7 @@ group :test do
12
12
  gem "omniauth-openid", "~> 1.0.1"
13
13
  gem "webrat", "0.7.3", require: false
14
14
  gem "mocha", "~> 1.1", require: false
15
+ gem 'test_after_commit', require: false
15
16
  end
16
17
 
17
18
  platforms :jruby do
@@ -58,7 +58,7 @@ GIT
58
58
  PATH
59
59
  remote: ..
60
60
  specs:
61
- devise (4.0.0.rc2)
61
+ devise (4.0.1)
62
62
  bcrypt (~> 3.0)
63
63
  orm_adapter (~> 0.1)
64
64
  railties (>= 4.1.0, < 5.1)
@@ -144,7 +144,7 @@ GEM
144
144
  rake (11.0.1)
145
145
  rdoc (4.2.2)
146
146
  json (~> 1.4)
147
- responders (2.1.1)
147
+ responders (2.1.2)
148
148
  railties (>= 4.2.0, < 5.1)
149
149
  ruby-openid (2.7.0)
150
150
  sprockets (3.5.2)
@@ -155,6 +155,8 @@ GEM
155
155
  activesupport (>= 4.0)
156
156
  sprockets (>= 3.0.0)
157
157
  sqlite3 (1.3.11)
158
+ test_after_commit (1.0.0)
159
+ activerecord (>= 3.2)
158
160
  thor (0.19.1)
159
161
  thread_safe (0.3.5)
160
162
  tzinfo (1.2.2)
@@ -183,6 +185,7 @@ DEPENDENCIES
183
185
  rails!
184
186
  rdoc
185
187
  sqlite3
188
+ test_after_commit
186
189
  webrat (= 0.7.3)
187
190
 
188
191
  BUNDLED WITH
@@ -53,12 +53,6 @@ module Devise
53
53
  # True values used to check params
54
54
  TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
55
55
 
56
- # Track the configs that user explicit changed the default value. It is
57
- # helpfull to not warn users about default values changing when they willing
58
- # changed.
59
- mattr_accessor :app_set_configs
60
- @@app_set_configs = Set.new
61
-
62
56
  # Secret key used by the key generator
63
57
  mattr_accessor :secret_key
64
58
  @@secret_key = nil
@@ -88,19 +82,8 @@ module Devise
88
82
  @@case_insensitive_keys = [:email]
89
83
 
90
84
  # Keys that should have whitespace stripped.
91
- # TODO: 4.1 Do: @@strip_whitespace_keys = [:email]
92
- mattr_reader :strip_whitespace_keys
93
- @@strip_whitespace_keys = []
94
-
95
- def self.strip_whitespace_keys=(strip_whitespace_keys)
96
- app_set_configs << :strip_whitespace_keys
97
- @@strip_whitespace_keys = strip_whitespace_keys
98
- end
99
-
100
- def strip_whitespace_keys=(strip_whitespace_keys)
101
- app_set_configs << :strip_whitespace_keys
102
- @@strip_whitespace_keys = strip_whitespace_keys
103
- end
85
+ mattr_accessor :strip_whitespace_keys
86
+ @@strip_whitespace_keys = [:email]
104
87
 
105
88
  # If http authentication is enabled by default.
106
89
  mattr_accessor :http_authenticatable
@@ -118,22 +101,11 @@ module Devise
118
101
  mattr_accessor :http_authentication_realm
119
102
  @@http_authentication_realm = "Application"
120
103
 
121
- # Email regex used to validate email formats. It simply asserts that
122
- # an one (and only one) @ exists in the given string. This is mainly
123
- # to give user feedback and not to assert the e-mail validity.
124
- # TODO: 4.1 Do: @@email_regexp = [/\A[^@\s]+@[^@\s]+\z/]
125
- mattr_reader :email_regexp
126
- @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/
127
-
128
- def self.email_regexp=(email_regexp)
129
- app_set_configs << :email_regexp
130
- @@email_regexp = email_regexp
131
- end
132
-
133
- def email_regexp=(email_regexp)
134
- app_set_configs << :email_regexp
135
- @@email_regexp = email_regexp
136
- end
104
+ # Email regex used to validate email formats. It asserts that there are no
105
+ # @ symbols or whitespaces in either the localpart or the domain, and that
106
+ # there is a single @ symbol separating the localpart and the domain.
107
+ mattr_accessor :email_regexp
108
+ @@email_regexp = /\A[^@\s]+@[^@\s]+\z/
137
109
 
138
110
  # Range validation for password length
139
111
  mattr_accessor :password_length
@@ -165,20 +137,8 @@ module Devise
165
137
  @@confirmation_keys = [:email]
166
138
 
167
139
  # Defines if email should be reconfirmable.
168
- # False by default for backwards compatibility.
169
- # TODO: 4.1 Do: @@reconfirmable = true
170
- mattr_reader :reconfirmable
171
- @@reconfirmable = false
172
-
173
- def self.reconfirmable=(reconfirmable)
174
- app_set_configs << :reconfirmable
175
- @@reconfirmable = reconfirmable
176
- end
177
-
178
- def reconfirmable=(reconfirmable)
179
- app_set_configs << :reconfirmable
180
- @@reconfirmable = reconfirmable
181
- end
140
+ mattr_accessor :reconfirmable
141
+ @@reconfirmable = true
182
142
 
183
143
  # Time interval to timeout the user session without activity.
184
144
  mattr_accessor :timeout_in
@@ -240,19 +200,8 @@ module Devise
240
200
  @@mailer_sender = nil
241
201
 
242
202
  # Skip session storage for the following strategies
243
- # TODO: 4.1 Do: @@skip_session_storage = [:http_auth]
244
- mattr_reader :skip_session_storage
245
- @@skip_session_storage = []
246
-
247
- def self.skip_session_storage=(skip_session_storage)
248
- app_set_configs << :skip_session_storage
249
- @@skip_session_storage = skip_session_storage
250
- end
251
-
252
- def skip_session_storage=(skip_session_storage)
253
- app_set_configs << :skip_session_storage
254
- @@skip_session_storage = skip_session_storage
255
- end
203
+ mattr_accessor :skip_session_storage
204
+ @@skip_session_storage = [:http_auth]
256
205
 
257
206
  # Which formats should be treated as navigational.
258
207
  mattr_accessor :navigational_formats
@@ -263,19 +212,8 @@ module Devise
263
212
  @@sign_out_all_scopes = true
264
213
 
265
214
  # The default method used while signing out
266
- # TODO: 4.1 Do: @@sign_out_via = :delete
267
- mattr_reader :sign_out_via
268
- @@sign_out_via = :get
269
-
270
- def self.sign_out_via=(sign_out_via)
271
- app_set_configs << :sign_out_via
272
- @@sign_out_via = sign_out_via
273
- end
274
-
275
- def sign_out_via=(sign_out_via)
276
- app_set_configs << :sign_out_via
277
- @@sign_out_via = sign_out_via
278
- end
215
+ mattr_accessor :sign_out_via
216
+ @@sign_out_via = :delete
279
217
 
280
218
  # The parent controller all Devise controllers inherits from.
281
219
  # Defaults to ApplicationController. This should be set early
@@ -340,32 +278,6 @@ module Devise
340
278
  # a fresh initializer with all configuration values.
341
279
  def self.setup
342
280
  yield self
343
-
344
- warn_default_config_changed(:email_regexp, '/\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/', '/\A[^@\s]+@[^@\s]+\z/')
345
- warn_default_config_changed(:reconfirmable, 'false', 'true')
346
- warn_default_config_changed(:sign_out_via, ':get', ':delete')
347
- warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]')
348
- warn_default_config_changed(:strip_whitespace_keys, '[]', '[:email]')
349
- end
350
-
351
- def self.warn_default_config_changed(config, current_default, new_default)
352
- unless app_set_configs.include?(config)
353
- warn = <<-MESSAGE.strip_heredoc
354
- [Devise] config.#{config} will have a new default on Devise 4.1
355
- To keep the current behavior please set in your config/initializers/devise.rb the following:
356
-
357
- Devise.setup do |config|
358
- config.#{config} = #{current_default}
359
- end
360
-
361
- If you want to use the new default:
362
-
363
- Devise.setup do |config|
364
- config.#{config} = #{new_default}
365
- end
366
- MESSAGE
367
- ActiveSupport::Deprecation.warn(warn)
368
- end
369
281
  end
370
282
 
371
283
  class Getter
@@ -543,10 +455,7 @@ module Devise
543
455
  mapping.to.serialize_into_session(record)
544
456
  end
545
457
 
546
- warden_config.serialize_from_session(mapping.name) do |key|
547
- # Previous versions contained an additional entry at the beginning of
548
- # key with the record's class name.
549
- args = key[-2, 2]
458
+ warden_config.serialize_from_session(mapping.name) do |args|
550
459
  mapping.to.serialize_from_session(*args)
551
460
  end
552
461
  end
@@ -103,7 +103,7 @@ module Devise
103
103
  options[:scope] = "devise.failure"
104
104
  options[:default] = [message]
105
105
  auth_keys = scope_class.authentication_keys
106
- keys = auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys
106
+ keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) }
107
107
  options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector"))
108
108
  options = i18n_options(options)
109
109
 
@@ -43,9 +43,15 @@ module Devise
43
43
 
44
44
  included do
45
45
  before_create :generate_confirmation_token, if: :confirmation_required?
46
- after_create :send_on_create_confirmation_instructions, if: :send_confirmation_notification?
46
+ after_create :skip_reconfirmation!, if: :send_confirmation_notification?
47
+ if respond_to?(:after_commit) # ActiveRecord
48
+ after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification?
49
+ after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required?
50
+ else # Mongoid
51
+ after_create :send_on_create_confirmation_instructions, if: :send_confirmation_notification?
52
+ after_update :send_reconfirmation_instructions, if: :reconfirmation_required?
53
+ end
47
54
  before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, if: :postpone_email_change?
48
- after_update :send_reconfirmation_instructions, if: :reconfirmation_required?
49
55
  end
50
56
 
51
57
  def initialize(*args, &block)
@@ -169,7 +175,6 @@ module Devise
169
175
  # in models to map to a nice sign up e-mail.
170
176
  def send_on_create_confirmation_instructions
171
177
  send_confirmation_instructions
172
- skip_reconfirmation!
173
178
  end
174
179
 
175
180
  # Callback to overwrite if confirmation is required or not.
@@ -235,8 +240,7 @@ module Devise
235
240
  if self.confirmation_token && !confirmation_period_expired?
236
241
  @raw_confirmation_token = self.confirmation_token
237
242
  else
238
- raw, _ = Devise.token_generator.generate(self.class, :confirmation_token)
239
- self.confirmation_token = @raw_confirmation_token = raw
243
+ self.confirmation_token = @raw_confirmation_token = Devise.friendly_token
240
244
  self.confirmation_sent_at = Time.now.utc
241
245
  end
242
246
  end
@@ -64,7 +64,7 @@ module Devise
64
64
  def send_unlock_instructions
65
65
  raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
66
66
  self.unlock_token = enc
67
- self.save(validate: false)
67
+ save(validate: false)
68
68
  send_devise_notification(:unlock_instructions, raw, {})
69
69
  raw
70
70
  end
@@ -99,7 +99,7 @@ module Devise
99
99
 
100
100
  self.reset_password_token = enc
101
101
  self.reset_password_sent_at = Time.now.utc
102
- self.save(validate: false)
102
+ save(validate: false)
103
103
  raw
104
104
  end
105
105
 
@@ -46,7 +46,7 @@ module Devise
46
46
  end
47
47
 
48
48
  def remember_me!
49
- self.remember_token ||= self.class.remember_token if respond_to?(:remember_token)
49
+ self.remember_token = self.class.remember_token if respond_to?(:remember_token)
50
50
  self.remember_created_at ||= Time.now.utc
51
51
  save(validate: false) if self.changed?
52
52
  end
@@ -9,7 +9,7 @@ module Devise
9
9
  class_eval do
10
10
  define_method("#{mapping}_omniauth_authorize_path") do |provider, *args|
11
11
  ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
12
- [Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
12
+ [Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2.
13
13
 
14
14
  Please use #{mapping}_#{provider}_omniauth_authorize_path instead.
15
15
  DEPRECATION
@@ -18,7 +18,7 @@ module Devise
18
18
 
19
19
  define_method("#{mapping}_omniauth_authorize_url") do |provider, *args|
20
20
  ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
21
- [Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
21
+ [Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2.
22
22
 
23
23
  Please use #{mapping}_#{provider}_omniauth_authorize_url instead.
24
24
  DEPRECATION
@@ -27,7 +27,7 @@ module Devise
27
27
 
28
28
  define_method("#{mapping}_omniauth_callback_path") do |provider, *args|
29
29
  ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
30
- [Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
30
+ [Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2.
31
31
 
32
32
  Please use #{mapping}_#{provider}_omniauth_callback_path instead.
33
33
  DEPRECATION
@@ -36,7 +36,7 @@ module Devise
36
36
 
37
37
  define_method("#{mapping}_omniauth_callback_url") do |provider, *args|
38
38
  ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
39
- [Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
39
+ [Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2.
40
40
 
41
41
  Please use #{mapping}_#{provider}_omniauth_callback_url instead.
42
42
  DEPRECATION
@@ -68,7 +68,7 @@ module Devise
68
68
  def sanitize(action)
69
69
  permissions = @permitted[action]
70
70
 
71
- # DEPRECATED: Remove this branch on Devise 4.1.
71
+ # DEPRECATED: Remove this branch on Devise 4.2.
72
72
  if respond_to?(action, true)
73
73
  deprecate_instance_method_sanitization(action)
74
74
  return cast_to_hash send(action)
@@ -127,7 +127,7 @@ module Devise
127
127
  end
128
128
  end
129
129
 
130
- # DEPRECATED: Remove this method on Devise 4.1.
130
+ # DEPRECATED: Remove this method on Devise 4.2.
131
131
  def for(action, &block) # :nodoc:
132
132
  if block_given?
133
133
  deprecate_for_with_block(action)
@@ -175,7 +175,7 @@ module Devise
175
175
 
176
176
  def deprecate_for_with_block(action)
177
177
  ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
178
- [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.1.
178
+ [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2.
179
179
  Please use the `permit` method:
180
180
 
181
181
  devise_parameter_sanitizer.permit(:#{action}) do |user|
@@ -186,7 +186,7 @@ module Devise
186
186
 
187
187
  def deprecate_for_without_block(action)
188
188
  ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
189
- [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.1.
189
+ [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2.
190
190
  Please use the `permit` method to add or remove any key:
191
191
 
192
192
  To add any new key, use the `keys` keyword argument:
@@ -199,7 +199,7 @@ module Devise
199
199
 
200
200
  def deprecate_instance_method_sanitization(action)
201
201
  ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc)
202
- [Devise] Parameter sanitization through a "#{self.class.name}##{action}" method is deprecated and it will be removed from Devise 4.1.
202
+ [Devise] Parameter sanitization through a "#{self.class.name}##{action}" method is deprecated and it will be removed from Devise 4.2.
203
203
  Please use the `permit` method on your sanitizer `initialize` method.
204
204
 
205
205
  class #{self.class.name} < Devise::ParameterSanitizer
@@ -1,3 +1,3 @@
1
1
  module Devise
2
- VERSION = "4.0.3".freeze
2
+ VERSION = "4.1.0".freeze
3
3
  end
@@ -153,7 +153,7 @@ Devise.setup do |config|
153
153
  # Email regex used to validate email formats. It simply asserts that
154
154
  # one (and only one) @ exists in the given string. This is mainly
155
155
  # to give user feedback and not to assert the e-mail validity.
156
- config.email_regexp = /\A[^@]+@[^@]+\z/
156
+ config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
157
157
 
158
158
  # ==> Configuration for :timeoutable
159
159
  # The time you want to timeout the user session without activity. After this
@@ -6,7 +6,7 @@ class SessionsControllerTest < Devise::ControllerTestCase
6
6
 
7
7
  test "#create doesn't raise unpermitted params when sign in fails" do
8
8
  begin
9
- subscriber = ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload|
9
+ subscriber = ActiveSupport::Notifications.subscribe %r{unpermitted_parameters} do |name, start, finish, id, payload|
10
10
  flunk "Unpermitted params: #{payload}"
11
11
  end
12
12
  request.env["devise.mapping"] = Devise.mappings[:user]
@@ -35,33 +35,6 @@ class DeviseTest < ActiveSupport::TestCase
35
35
  end
36
36
  end
37
37
 
38
- test 'setup block warns about defaults changing' do
39
- Devise.app_set_configs = Set.new
40
-
41
- ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /email_regexp/ }
42
- ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /reconfirmable/ }
43
- ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ }
44
- ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ }
45
- ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /strip_whitespace_keys/ }
46
-
47
- Devise.setup do
48
- end
49
- end
50
-
51
- test 'setup block doest not warns when the change is explicit set' do
52
- ActiveSupport::Deprecation.expects(:warn).never
53
-
54
- swap Devise,
55
- email_regexp: /@/,
56
- reconfirmable: false,
57
- sign_out_via: :get,
58
- skip_session_storage: [],
59
- strip_whitespace_keys: [] do
60
- Devise.setup do
61
- end
62
- end
63
- end
64
-
65
38
  test 'stores warden configuration' do
66
39
  assert_kind_of Devise::Delegator, Devise.warden_config.failure_app
67
40
  assert_equal :user, Devise.warden_config.default_scope
@@ -121,8 +94,8 @@ class DeviseTest < ActiveSupport::TestCase
121
94
  end
122
95
 
123
96
  test 'Devise.email_regexp should match valid email addresses' do
124
- valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua"]
125
- non_valid_emails = ["rex", "test@go,com", "test user@example.com", "test_user@example server.com", "test_user@example.com."]
97
+ valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua", "test@tt", "test@valid---domain.com"]
98
+ non_valid_emails = ["rex", "test user@example.com", "test_user@example server.com"]
126
99
 
127
100
  valid_emails.each do |email|
128
101
  assert_match Devise.email_regexp, email
@@ -133,14 +133,14 @@ class FailureTest < ActiveSupport::TestCase
133
133
 
134
134
  test 'uses the proxy failure message as symbol' do
135
135
  call_failure('warden' => OpenStruct.new(message: :invalid))
136
- assert_equal 'Invalid email or password.', @request.flash[:alert]
136
+ assert_equal 'Invalid Email or password.', @request.flash[:alert]
137
137
  assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
138
138
  end
139
139
 
140
140
  test 'supports authentication_keys as a Hash for the flash message' do
141
141
  swap Devise, authentication_keys: { email: true, login: true } do
142
142
  call_failure('warden' => OpenStruct.new(message: :invalid))
143
- assert_equal 'Invalid email, login or password.', @request.flash[:alert]
143
+ assert_equal 'Invalid Email, Login or password.', @request.flash[:alert]
144
144
  end
145
145
  end
146
146
 
@@ -226,7 +226,7 @@ class FailureTest < ActiveSupport::TestCase
226
226
 
227
227
  test 'uses the failure message as response body' do
228
228
  call_failure('formats' => Mime[:xml], 'warden' => OpenStruct.new(message: :invalid))
229
- assert_match '<error>Invalid email or password.</error>', @response.third.body
229
+ assert_match '<error>Invalid Email or password.</error>', @response.third.body
230
230
  end
231
231
 
232
232
  context 'on ajax call' do
@@ -275,7 +275,7 @@ class FailureTest < ActiveSupport::TestCase
275
275
  }
276
276
  call_failure(env)
277
277
  assert @response.third.body.include?('<h2>Log in</h2>')
278
- assert @response.third.body.include?('Invalid email or password.')
278
+ assert @response.third.body.include?('Invalid Email or password.')
279
279
  end
280
280
 
281
281
  test 'calls the original controller if not confirmed email' do
@@ -310,7 +310,7 @@ class FailureTest < ActiveSupport::TestCase
310
310
  }
311
311
  call_failure(env)
312
312
  assert @response.third.body.include?('<h2>Log in</h2>')
313
- assert @response.third.body.include?('Invalid email or password.')
313
+ assert @response.third.body.include?('Invalid Email or password.')
314
314
  assert_equal @request.env["SCRIPT_NAME"], '/sample'
315
315
  assert_equal @request.env["PATH_INFO"], '/users/sign_in'
316
316
  end
@@ -74,7 +74,7 @@ if DEVISE_ORM == :active_record
74
74
 
75
75
  assert_file "app/models/rails_engine/monster.rb", /devise/
76
76
  assert_file "app/models/rails_engine/monster.rb" do |content|
77
- assert_no_match /attr_accessible :email/, content
77
+ assert_no_match %r{attr_accessible :email}, content
78
78
  end
79
79
  end
80
80
  end
@@ -30,7 +30,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
30
30
  swap Devise, sign_out_all_scopes: false do
31
31
  sign_in_as_user
32
32
  sign_in_as_admin
33
- get destroy_user_session_path
33
+ delete destroy_user_session_path
34
34
  assert_not warden.authenticated?(:user)
35
35
  assert warden.authenticated?(:admin)
36
36
  end
@@ -41,7 +41,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
41
41
  sign_in_as_user
42
42
  sign_in_as_admin
43
43
 
44
- get destroy_admin_session_path
44
+ delete destroy_admin_session_path
45
45
  assert_not warden.authenticated?(:admin)
46
46
  assert warden.authenticated?(:user)
47
47
  end
@@ -52,7 +52,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
52
52
  sign_in_as_user
53
53
  sign_in_as_admin
54
54
 
55
- get destroy_user_session_path
55
+ delete destroy_user_session_path
56
56
  assert_not warden.authenticated?(:user)
57
57
  assert_not warden.authenticated?(:admin)
58
58
  end
@@ -63,7 +63,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
63
63
  sign_in_as_user
64
64
  sign_in_as_admin
65
65
 
66
- get destroy_admin_session_path
66
+ delete destroy_admin_session_path
67
67
  assert_not warden.authenticated?(:admin)
68
68
  assert_not warden.authenticated?(:user)
69
69
  end
@@ -109,7 +109,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
109
109
  sign_in_as_admin
110
110
  assert warden.authenticated?(:admin)
111
111
 
112
- get destroy_admin_session_path
112
+ delete destroy_admin_session_path
113
113
  assert_response :redirect
114
114
  assert_redirected_to root_path
115
115
 
@@ -119,7 +119,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
119
119
  end
120
120
 
121
121
  test 'unauthenticated admin set message on sign out' do
122
- get destroy_admin_session_path
122
+ delete destroy_admin_session_path
123
123
  assert_response :redirect
124
124
  assert_redirected_to root_path
125
125
 
@@ -347,37 +347,6 @@ class AuthenticationSessionTest < Devise::IntegrationTest
347
347
  assert_equal "Cart", @controller.user_session[:cart]
348
348
  end
349
349
 
350
- test 'does not explode when class name is still stored in session' do
351
- # In order to test that old sessions do not break with the new scoped
352
- # deserialization, we need to serialize the session the old way. This is
353
- # done by removing the newly used scoped serialization method
354
- # (#user_serialize) and bringing back the old uncsoped #serialize method
355
- # that includes the record's class name in the serialization.
356
- begin
357
- Warden::SessionSerializer.class_eval do
358
- alias_method :original_serialize, :serialize
359
- alias_method :original_user_serialize, :user_serialize
360
- remove_method :user_serialize
361
-
362
- def serialize(record)
363
- klass = record.class
364
- array = klass.serialize_into_session(record)
365
- array.unshift(klass.name)
366
- end
367
- end
368
-
369
- sign_in_as_user
370
- assert warden.authenticated?(:user)
371
- ensure
372
- Warden::SessionSerializer.class_eval do
373
- alias_method :serialize, :original_serialize
374
- remove_method :original_serialize
375
- alias_method :user_serialize, :original_user_serialize
376
- remove_method :original_user_serialize
377
- end
378
- end
379
- end
380
-
381
350
  test 'session id is changed on sign in' do
382
351
  get '/users'
383
352
  session_id = request.session["session_id"]
@@ -396,7 +365,7 @@ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest
396
365
  assert_raise Webrat::NotFoundError do
397
366
  sign_in_as_user
398
367
  end
399
- assert_match /Special user view/, response.body
368
+ assert_match %r{Special user view}, response.body
400
369
  end
401
370
  end
402
371
 
@@ -407,7 +376,7 @@ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest
407
376
  sign_in_as_user
408
377
  end
409
378
 
410
- assert_match /Special user view/, response.body
379
+ assert_match %r{Special user view}, response.body
411
380
  assert !Devise::PasswordsController.scoped_views?
412
381
  ensure
413
382
  Devise::SessionsController.send :remove_instance_variable, :@scoped_views
@@ -480,7 +449,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
480
449
  test 'sign in stub in xml format' do
481
450
  get new_user_session_path(format: 'xml')
482
451
  assert_match '<?xml version="1.0" encoding="UTF-8"?>', response.body
483
- assert_match /<user>.*<\/user>/m, response.body
452
+ assert_match %r{<user>.*</user>}m, response.body
484
453
  assert_match '<email></email>', response.body
485
454
  assert_match '<password nil="true"', response.body
486
455
  end
@@ -532,34 +501,34 @@ class AuthenticationOthersTest < Devise::IntegrationTest
532
501
 
533
502
  test 'sign out with html redirects' do
534
503
  sign_in_as_user
535
- get destroy_user_session_path
504
+ delete destroy_user_session_path
536
505
  assert_response :redirect
537
506
  assert_current_url '/'
538
507
 
539
508
  sign_in_as_user
540
- get destroy_user_session_path(format: 'html')
509
+ delete destroy_user_session_path(format: 'html')
541
510
  assert_response :redirect
542
511
  assert_current_url '/'
543
512
  end
544
513
 
545
514
  test 'sign out with xml format returns no content' do
546
515
  sign_in_as_user
547
- get destroy_user_session_path(format: 'xml')
516
+ delete destroy_user_session_path(format: 'xml')
548
517
  assert_response :no_content
549
518
  assert_not warden.authenticated?(:user)
550
519
  end
551
520
 
552
521
  test 'sign out with json format returns no content' do
553
522
  sign_in_as_user
554
- get destroy_user_session_path(format: 'json')
523
+ delete destroy_user_session_path(format: 'json')
555
524
  assert_response :no_content
556
525
  assert_not warden.authenticated?(:user)
557
526
  end
558
527
 
559
528
  test 'sign out with non-navigational format via XHR does not redirect' do
560
529
  swap Devise, navigational_formats: ['*/*', :html] do
561
- sign_in_as_user
562
- get destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
530
+ sign_in_as_admin
531
+ get destroy_sign_out_via_get_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
563
532
  assert_response :no_content
564
533
  assert_not warden.authenticated?(:user)
565
534
  end
@@ -569,7 +538,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
569
538
  test 'sign out with navigational format via XHR does redirect' do
570
539
  swap Devise, navigational_formats: ['*/*', :html] do
571
540
  sign_in_as_user
572
- get destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" }
541
+ delete destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" }
573
542
  assert_response :redirect
574
543
  assert_not warden.authenticated?(:user)
575
544
  end
@@ -580,7 +549,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest
580
549
  test 'missing authentication keys cause authentication to abort' do
581
550
  swap Devise, authentication_keys: [:subdomain] do
582
551
  sign_in_as_user
583
- assert_contain "Invalid subdomain or password."
552
+ assert_contain "Invalid Subdomain or password."
584
553
  assert_not warden.authenticated?(:user)
585
554
  end
586
555
  end
@@ -619,7 +588,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest
619
588
 
620
589
  swap Devise, request_keys: [:subdomain] do
621
590
  sign_in_as_user
622
- assert_contain "Invalid email or password."
591
+ assert_contain "Invalid Email or password."
623
592
  assert_not warden.authenticated?(:user)
624
593
  end
625
594
  end
@@ -35,7 +35,7 @@ class ConfirmationTest < Devise::IntegrationTest
35
35
  test 'user with invalid confirmation token should not be able to confirm an account' do
36
36
  visit_user_confirmation_with_token('invalid_confirmation')
37
37
  assert_have_selector '#error_explanation'
38
- assert_contain /Confirmation token(.*)invalid/
38
+ assert_contain %r{Confirmation token(.*)invalid}
39
39
  end
40
40
 
41
41
  test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do
@@ -45,7 +45,7 @@ class ConfirmationTest < Devise::IntegrationTest
45
45
  visit_user_confirmation_with_token(user.raw_confirmation_token)
46
46
 
47
47
  assert_have_selector '#error_explanation'
48
- assert_contain /needs to be confirmed within 3 days/
48
+ assert_contain %r{needs to be confirmed within 3 days}
49
49
  assert_not user.reload.confirmed?
50
50
  assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}"
51
51
  end
@@ -140,7 +140,7 @@ class ConfirmationTest < Devise::IntegrationTest
140
140
  fill_in 'password', with: 'invalid'
141
141
  end
142
142
 
143
- assert_contain 'Invalid email or password'
143
+ assert_contain 'Invalid Email or password'
144
144
  assert_not warden.authenticated?(:user)
145
145
  end
146
146
  end
@@ -68,7 +68,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest
68
68
  fill_in 'password', with: 'abcdef'
69
69
  end
70
70
 
71
- assert_contain 'Invalid email or password'
71
+ assert_contain 'Invalid Email or password'
72
72
  assert_not warden.authenticated?(:admin)
73
73
  end
74
74
 
@@ -11,13 +11,15 @@ class HttpAuthenticationTest < Devise::IntegrationTest
11
11
  end
12
12
 
13
13
  test 'sign in should authenticate with http' do
14
- sign_in_as_new_user_with_http
15
- assert_response 200
16
- assert_match '<email>user@test.com</email>', response.body
17
- assert warden.authenticated?(:user)
14
+ swap Devise, skip_session_storage: [] do
15
+ sign_in_as_new_user_with_http
16
+ assert_response 200
17
+ assert_match '<email>user@test.com</email>', response.body
18
+ assert warden.authenticated?(:user)
18
19
 
19
- get users_path(format: :xml)
20
- assert_response 200
20
+ get users_path(format: :xml)
21
+ assert_response 200
22
+ end
21
23
  end
22
24
 
23
25
  test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do
@@ -42,7 +44,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
42
44
  sign_in_as_new_user_with_http("unknown")
43
45
  assert_equal 401, status
44
46
  assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
45
- assert_match "<error>Invalid email or password.</error>", response.body
47
+ assert_match "<error>Invalid Email or password.</error>", response.body
46
48
  end
47
49
 
48
50
  test 'returns a custom response with www-authenticate and chosen realm' do
@@ -75,7 +75,7 @@ class LockTest < Devise::IntegrationTest
75
75
  assert_response :success
76
76
  assert_current_url '/users/unlock?unlock_token=invalid_token'
77
77
  assert_have_selector '#error_explanation'
78
- assert_contain /Unlock token(.*)invalid/
78
+ assert_contain %r{Unlock token(.*)invalid}
79
79
  end
80
80
 
81
81
  test "locked user should be able to unlock account" do
@@ -146,7 +146,7 @@ class PasswordTest < Devise::IntegrationTest
146
146
  assert_response :success
147
147
  assert_current_url '/users/password'
148
148
  assert_have_selector '#error_explanation'
149
- assert_contain /Reset password token(.*)invalid/
149
+ assert_contain %r{Reset password token(.*)invalid}
150
150
  assert_not user.reload.valid_password?('987654321')
151
151
  end
152
152
 
@@ -212,7 +212,7 @@ class PasswordTest < Devise::IntegrationTest
212
212
  test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do
213
213
  [:none, :time].each do |strategy|
214
214
  swap Devise, unlock_strategy: strategy do
215
- user = create_user(locked: true)
215
+ create_user(locked: true)
216
216
  request_forgot_password
217
217
  reset_password
218
218
 
@@ -121,7 +121,7 @@ class RememberMeTest < Devise::IntegrationTest
121
121
 
122
122
  test 'extends remember period when extend remember period config is true' do
123
123
  swap Devise, extend_remember_period: true, remember_for: 1.year do
124
- user = create_user_and_remember
124
+ create_user_and_remember
125
125
  old_remember_token = nil
126
126
 
127
127
  travel_to 1.day.ago do
@@ -138,7 +138,7 @@ class RememberMeTest < Devise::IntegrationTest
138
138
 
139
139
  test 'does not extend remember period when extend period config is false' do
140
140
  swap Devise, extend_remember_period: false, remember_for: 1.year do
141
- user = create_user_and_remember
141
+ create_user_and_remember
142
142
  old_remember_token = nil
143
143
 
144
144
  travel_to 1.day.ago do
@@ -182,7 +182,7 @@ class RememberMeTest < Devise::IntegrationTest
182
182
  get users_path
183
183
  assert warden.authenticated?(:user)
184
184
 
185
- get destroy_user_session_path
185
+ delete destroy_user_session_path
186
186
  assert_not warden.authenticated?(:user)
187
187
  assert_nil warden.cookies['remember_user_token']
188
188
 
@@ -89,7 +89,7 @@ class SessionTimeoutTest < Devise::IntegrationTest
89
89
  user = sign_in_as_user
90
90
  get expire_user_path(user)
91
91
 
92
- get destroy_user_session_path
92
+ delete destroy_user_session_path
93
93
 
94
94
  assert_response :redirect
95
95
  assert_redirected_to root_path
@@ -16,7 +16,7 @@ class TrackableHooksTest < Devise::IntegrationTest
16
16
  assert_equal user.current_sign_in_at, user.last_sign_in_at
17
17
  assert user.current_sign_in_at >= user.created_at
18
18
 
19
- visit destroy_user_session_path
19
+ delete destroy_user_session_path
20
20
  new_time = 2.seconds.from_now
21
21
  Time.stubs(:now).returns(new_time)
22
22
 
@@ -56,7 +56,7 @@ class TrackableHooksTest < Devise::IntegrationTest
56
56
  user.reload
57
57
  assert_equal 1, user.sign_in_count
58
58
 
59
- visit destroy_user_session_path
59
+ delete destroy_user_session_path
60
60
  sign_in_as_user
61
61
  user.reload
62
62
  assert_equal 2, user.sign_in_count
@@ -80,7 +80,7 @@ class TrackableHooksTest < Devise::IntegrationTest
80
80
  end
81
81
  user.reload
82
82
  assert_equal 0, user.sign_in_count
83
- visit destroy_user_session_path
83
+ delete destroy_user_session_path
84
84
 
85
85
  sign_in_as_user do
86
86
  header 'devise.skip_trackable', false
@@ -35,8 +35,8 @@ class MappingTest < ActiveSupport::TestCase
35
35
  assert_equal [], Devise.mappings[:skip_admin].used_routes
36
36
  end
37
37
 
38
- test 'sign_out_via defaults to :get' do
39
- assert_equal :get, Devise.mappings[:user].sign_out_via
38
+ test 'sign_out_via defaults to :delete' do
39
+ assert_equal :delete, Devise.mappings[:user].sign_out_via
40
40
  end
41
41
 
42
42
  test 'allows custom sign_out_via to be given' do
@@ -16,18 +16,6 @@ class RememberableTest < ActiveSupport::TestCase
16
16
  assert user.remember_created_at
17
17
  end
18
18
 
19
- test 'remember_me should not generate a new token if valid token exists' do
20
- user = create_user
21
- user.singleton_class.send(:attr_accessor, :remember_token)
22
- User.to_adapter.expects(:find_first).returns(nil)
23
-
24
- user.remember_me!
25
- existing_token = user.remember_token
26
-
27
- user.remember_me!
28
- assert_equal existing_token, user.remember_token
29
- end
30
-
31
19
  test 'forget_me should not clear remember token if using salt' do
32
20
  user = create_user
33
21
  user.remember_me!
@@ -29,7 +29,7 @@ class ValidatableTest < ActiveSupport::TestCase
29
29
  assert user.invalid?
30
30
  assert_not_equal 'is invalid', user.errors[:email].join
31
31
 
32
- %w{invalid_email_format 123 $$$ () ☃ bla@bla.}.each do |email|
32
+ %w{invalid_email_format 123 $$$ () ☃}.each do |email|
33
33
  user.email = email
34
34
  assert user.invalid?, 'should be invalid with email ' << email
35
35
  assert_equal 'is invalid', user.errors[:email].join
@@ -5,9 +5,11 @@ ActiveRecord::Base.include_root_in_json = true
5
5
  ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__))
6
6
 
7
7
  class ActiveSupport::TestCase
8
- if Rails.version >= '5.0.0'
8
+ if Devise.rails5?
9
9
  self.use_transactional_tests = true
10
10
  else
11
+ # Let `after_commit` work with transactional fixtures, however this is not needed for Rails 5.
12
+ require 'test_after_commit'
11
13
  self.use_transactional_fixtures = true
12
14
  end
13
15
 
@@ -5,8 +5,7 @@ class ApplicationController < ActionController::Base
5
5
  protect_from_forgery
6
6
  before_action :current_user, unless: :devise_controller?
7
7
  before_action :authenticate_user!, if: :devise_controller?
8
- respond_to *Mime::SET.map(&:to_sym)
8
+ respond_to(*Mime::SET.map(&:to_sym))
9
9
 
10
10
  devise_group :commenter, contains: [:user, :admin]
11
11
  end
12
-
@@ -32,6 +32,10 @@ module RailsApp
32
32
 
33
33
  config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
34
34
 
35
+ if DEVISE_ORM == :active_record && (Rails::VERSION::MAJOR >= 4 && Rails::VERSION::MINOR >= 2)
36
+ config.active_record.raise_in_transactional_callbacks = true
37
+ end
38
+
35
39
  # This was used to break devise in some situations
36
40
  config.to_prepare do
37
41
  Devise::SessionsController.layout "application"
@@ -114,6 +114,7 @@ Rails.application.routes.draw do
114
114
  namespace :sign_out_via, module: "devise" do
115
115
  devise_for :deletes, sign_out_via: :delete, class_name: "Admin"
116
116
  devise_for :posts, sign_out_via: :post, class_name: "Admin"
117
+ devise_for :gets, sign_out_via: :get, class_name: "Admin"
117
118
  devise_for :delete_or_posts, sign_out_via: [:delete, :post], class_name: "Admin"
118
119
  end
119
120
 
@@ -4,7 +4,8 @@ module SharedUser
4
4
  included do
5
5
  devise :database_authenticatable, :confirmable, :lockable, :recoverable,
6
6
  :registerable, :rememberable, :timeoutable,
7
- :trackable, :validatable, :omniauthable, password_length: 7..72
7
+ :trackable, :validatable, :omniauthable, password_length: 7..72,
8
+ reconfirmable: false
8
9
 
9
10
  attr_accessor :other_key
10
11
 
@@ -4,7 +4,7 @@ module SharedUserWithoutOmniauth
4
4
  included do
5
5
  devise :database_authenticatable, :confirmable, :lockable, :recoverable,
6
6
  :registerable, :rememberable, :timeoutable,
7
- :trackable, :validatable
7
+ :trackable, :validatable, reconfirmable: false
8
8
  end
9
9
 
10
10
  def raw_confirmation_token
@@ -14,7 +14,7 @@ class DefaultRoutingTest < ActionController::TestCase
14
14
  end
15
15
 
16
16
  test 'map destroy user session' do
17
- assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/sign_out', method: :get})
17
+ assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/sign_out', method: :delete})
18
18
  assert_named_route "/users/sign_out", :destroy_user_session_path
19
19
  end
20
20
 
@@ -146,7 +146,7 @@ class CustomizedRoutingTest < ActionController::TestCase
146
146
  end
147
147
 
148
148
  test 'map account with custom path name for session sign out' do
149
- assert_recognizes({controller: 'devise/sessions', action: 'destroy', locale: 'en'}, '/en/accounts/logout')
149
+ assert_recognizes({controller: 'devise/sessions', action: 'destroy', locale: 'en'}, {path: '/en/accounts/logout', method: :delete })
150
150
  end
151
151
 
152
152
  test 'map account with custom path name for password' do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.3
4
+ version: 4.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - José Valim
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-05-15 00:00:00.000000000 Z
12
+ date: 2016-05-03 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: warden