devise 4.2.0 → 4.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5e29ea6d513d978b0fd04f14b67dd51e2122784d
-  data.tar.gz: 05cc9f23bc3d9a990a174b0c9355e675fd0e4b7a
+  metadata.gz: 31b9e91e121e0472aed16556abc90783d1dfd3ab
+  data.tar.gz: c61f779584d280b27d3d4cd225fe2e864094ccd1
 SHA512:
-  metadata.gz: 75169de4446c19bcd4da1faa1659f8481f807ea6de193a182d38dd681380c60d46cdd07dcfcaad80eaea07d8792878abf29a6572d630e982b6bba239d1b6434e
-  data.tar.gz: 0a45b86723a424e2e9633c32fd3b8775e1f1d20d8316be3af54522112511e3da95d0446abf10c70f9ebf7c57e83adfb883ac2ccb905df3957912a6b9f624d424
+  metadata.gz: df6824c5a07e25ff330be9a4644425f1d46003cbed0e81f218675da644d62ad92733f07d348ed59766d3074596b71399297ea9c04fd09162d429479d098e9185
+  data.tar.gz: 527664a0632252df4b7027335f7a96d8bb564330071ab909aac1ece52071f2494b2def5770544b252dce189af1c3a2ce27c51dc7d6cc89716f813d650e3d1108

data/.travis.yml

@@ -1,9 +1,10 @@
 language: ruby
 
 rvm:
-  - 2.1.9
-  - 2.2.5
-  - 2.3.1
+  - 2.1.10
+  - 2.2.6
+  - 2.3.3
+  - 2.4.0
   - ruby-head
 
 gemfile:
@@ -13,8 +14,12 @@ gemfile:
 
 matrix:
   exclude:
-    - rvm: 2.1.9
+    - rvm: 2.1.10
       gemfile: Gemfile
+    - rvm: 2.4.0
+      gemfile: gemfiles/Gemfile.rails-4.1-stable
+    - rvm: ruby-head
+      gemfile: gemfiles/Gemfile.rails-4.1-stable
     - env: DEVISE_ORM=mongoid
       gemfile: Gemfile
   allow_failures:

data/CHANGELOG.md

@@ -1,4 +1,17 @@
-### Unreleased
+### 4.2.1 - 2017-03-15
+
+* removals
+  * `Devise::Mailer#scope_name` and `Devise::Mailer#resource` are now protected
+    methods instead of public.
+* bug fixes
+  * Attempt to reset password without the password field in the request now results in a `:blank` validation error.
+    Before this change, Devise would accept the reset password request and log the user in, without validating/changing
+    the password. (by @victor-am)
+  * Confirmation links now expire based on UTC time, working properly when using different timezones. (by @jjuliano)
+* enhancements
+  * Notify the original email when it is changed with a new `Devise.send_email_changed_notification` setting.
+    When using `reconfirmable`, the notification will be sent right away instead of when the unconfirmed email is confirmed.
+    (original change by @ethirajsrinivasan)
 
 ### 4.2.0 - 2016-07-01
 

data/CONTRIBUTING.md

@@ -1,39 +1,79 @@
-### Please read before contributing
+# How to contribute to Devise
 
-1) Do not post questions in the issues tracker. If you have any questions about
-Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use
-the [Mailing List](https://groups.google.com/group/plataformatec-devise) or
-[Stack Overflow](http://stackoverflow.com/questions/tagged/devise).
+Thanks for your interest on contributing to Devise! Here are a few general
+guidelines on contributing and reporting bugs to Devise that we ask you to
+take a look first. Notice that all of your interactions in the project are
+expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md).
 
-2) If you find a security bug, **DO NOT** submit an issue here. Please send an
+## Reporting Issues
+
+Before reporting a new issue, please be sure that the issue wasn't already
+reported or fixed by searching on GitHub through our [issues](https://github.com/plataformatec/devise/issues).
+
+When creating a new issue, be sure to include a **title and clear description**,
+as much relevant information as possible, and either a test case example or
+even better a **sample Rails app that replicates the issue** - Devise has a lot
+of moving parts and it's functionality can be affected by third party gems, so
+we need as much context and details as possible to identify what might be broken
+for you. We have a [test case template](guides/bug_report_templates/integration_test.rb)
+that can be used to replicate issues with minimal setup.
+
+Please do not attempt to translate Devise built in views. The views are meant
+to be a starting point for fresh apps and not production material - eventually
+all applications will require custom views where you can write your own copy and
+translate it if the application requires it . For historical references, please look into closed
+[Issues/Pull Requests](https://github.com/plataformatec/devise/issues?q=i18n) regarding
+internationalization.
+
+Avoid opening new issues to ask questions in our issues tracker. Please go through
+the project wiki, documentation and source code first, or try to ask your question
+on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise).
+
+**If you find a security bug, do not report it through GitHub. Please send an
 e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br)
-instead.
+instead.**
+
+## Sending Pull Requests
+
+Before sending a new Pull Request, take a look on existing Pull Requests and Issues
+to see if the proposed change or fix has been discussed in the past, or if the
+change was already implemented but not yet released.
+
+We expect new Pull Requests to include enough tests for new or changed behavior,
+and we aim to maintain everything as most backwards compatible as possible,
+reserving breaking changes to be ship in major releases when necessary - you
+can wrap the new code path with a setting toggle from the `Devise` module defined
+as `false` by default to require developers to opt-in for the new behavior.
 
-3) If possible, replicate your issue with our
-[guides/bug_report_templates/integration_test.rb](test case example), and attach
-it to your issue or Pull Request - this way we have an isolated way to replicate
-your issue and investigate it further.
+If your Pull Request includes new or changed behavior, be sure that the changes
+are beneficial to a wide range of use cases or it's an application specific change
+that might not be so valuable to other applications. Some changes can be introduced
+as a new `devise-something` gem instead of belonging to the main codebase.
 
-4) Otherwise, please provide a fresh new Rails application that replicates your
-issue on a public GitHub repository, as some scenarios might not be possible to
-replicate using the standalone test case example.
+When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/plataformatec/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks
+to the new setting.
 
-5) Do a small search on the issues tracker before submitting your issue to see
-if it was already reported / fixed. Duplicated issues will be closed to avoid
-too much noise/duplication in the issue tracker.
+We also welcome Pull Requests that improve our existing documentation (both our
+`README.md` and the RDoc sections in the source code) or improve existing rough
+edges in our API that might be blocking existing integrations or 3rd party gems.
 
-6) When reporting an issue, include Rails, Devise and Warden versions. If you
-are getting exceptions, please include the full backtrace.
+## Other ways to contribute
 
-7) Please do not attempt to translate Devise built in views. The views are meant
-to be a starting point and not a final version. For historical references,
-please look into closed issues/Pull regarding i18n.
+We welcome anyone that wants to contribute to Devise to triage and reply to
+open issues to help troubleshoot and fix existing bugs on Devise. Here is what
+you can do:
 
-8) Notice that all of your interactions in the project are expected to follow
-our [Code of Conduct](CODE_OF_CONDUCT.md)
+* Help ensure that existing issues follows the recommendations from the
+_[Reporting Issues](#reporting-issues)_ section, providing feeback to the issue's
+author on what might be missing.
+* Review and update the existing content of our [Wiki](https://github.com/plataformatec/devise/wiki)
+with up to date instructions and code samples - the wiki was grown with several
+different tutorials and references that we can't keep track of everything, so if
+there is a page that showcases an integration or customization that you are
+familiar with feel free to update it as necessary.
+* Review existing Pull Requests, and testing patches against real existing
+applications that use Devise.
 
-That's it! The more information you give, the easier it becomes for us to track
-it down and fix it. Ideally, you should provide an application that reproduces
-the error or a test case to Devise's suite.
+Thanks again for your interest on contributing to the project!
 
-Thanks!
+:heart:

data/Gemfile.lock

@@ -1,17 +1,16 @@
 GIT
   remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 570ee7ed33d60e44ca1f3ccbec3d1fbf61d52cbf
+  revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531
   specs:
     activemodel-serializers-xml (1.0.1)
       activemodel (> 5.x)
-      activerecord (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
 
 PATH
   remote: .
   specs:
-    devise (4.2.0)
+    devise (4.2.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 5.1)
@@ -21,56 +20,55 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.0.0)
-      actionpack (= 5.0.0)
-      nio4r (~> 1.2)
+    actioncable (5.0.2)
+      actionpack (= 5.0.2)
+      nio4r (>= 1.2, < 3.0)
       websocket-driver (~> 0.6.1)
-    actionmailer (5.0.0)
-      actionpack (= 5.0.0)
-      actionview (= 5.0.0)
-      activejob (= 5.0.0)
+    actionmailer (5.0.2)
+      actionpack (= 5.0.2)
+      actionview (= 5.0.2)
+      activejob (= 5.0.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.0.0)
-      actionview (= 5.0.0)
-      activesupport (= 5.0.0)
+    actionpack (5.0.2)
+      actionview (= 5.0.2)
+      activesupport (= 5.0.2)
       rack (~> 2.0)
       rack-test (~> 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.0.0)
-      activesupport (= 5.0.0)
+    actionview (5.0.2)
+      activesupport (= 5.0.2)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (5.0.0)
-      activesupport (= 5.0.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activejob (5.0.2)
+      activesupport (= 5.0.2)
       globalid (>= 0.3.6)
-    activemodel (5.0.0)
-      activesupport (= 5.0.0)
-    activerecord (5.0.0)
-      activemodel (= 5.0.0)
-      activesupport (= 5.0.0)
+    activemodel (5.0.2)
+      activesupport (= 5.0.2)
+    activerecord (5.0.2)
+      activemodel (= 5.0.2)
+      activesupport (= 5.0.2)
       arel (~> 7.0)
-    activesupport (5.0.0)
+    activesupport (5.0.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (~> 0.7)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    arel (7.0.0)
+    arel (7.1.4)
     bcrypt (3.1.11)
-    builder (3.2.2)
-    concurrent-ruby (1.0.2)
+    builder (3.2.3)
+    concurrent-ruby (1.0.5)
     erubis (2.7.0)
-    faraday (0.9.2)
+    faraday (0.11.0)
       multipart-post (>= 1.2, < 3)
-    globalid (0.3.6)
+    globalid (0.3.7)
       activesupport (>= 4.1.0)
-    hashie (3.4.4)
-    i18n (0.7.0)
-    json (1.8.3)
-    jwt (1.5.4)
+    hashie (3.5.5)
+    i18n (0.8.1)
+    jwt (1.5.6)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
     mail (2.6.4)
@@ -81,26 +79,25 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
     mini_portile2 (2.1.0)
-    minitest (5.9.0)
-    mocha (1.1.0)
+    minitest (5.10.1)
+    mocha (1.2.1)
       metaclass (~> 0.0.1)
     multi_json (1.12.1)
-    multi_xml (0.5.5)
+    multi_xml (0.6.0)
     multipart-post (2.0.0)
-    nio4r (1.2.1)
-    nokogiri (1.6.8)
+    nio4r (2.0.0)
+    nokogiri (1.7.0.1)
       mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
-    oauth2 (1.2.0)
-      faraday (>= 0.8, < 0.10)
+    oauth2 (1.3.1)
+      faraday (>= 0.8, < 0.12)
       jwt (~> 1.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (1.3.1)
-      hashie (>= 1.2, < 4)
-      rack (>= 1.0, < 3)
-    omniauth-facebook (3.0.0)
+    omniauth (1.6.1)
+      hashie (>= 3.4.6, < 3.6.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-facebook (4.0.0)
       omniauth-oauth2 (~> 1.2)
     omniauth-oauth2 (1.4.0)
       oauth2 (~> 1.0)
@@ -109,65 +106,63 @@ GEM
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     orm_adapter (0.5.0)
-    pkg-config (1.1.7)
     rack (2.0.1)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (5.0.0)
-      actioncable (= 5.0.0)
-      actionmailer (= 5.0.0)
-      actionpack (= 5.0.0)
-      actionview (= 5.0.0)
-      activejob (= 5.0.0)
-      activemodel (= 5.0.0)
-      activerecord (= 5.0.0)
-      activesupport (= 5.0.0)
+    rails (5.0.2)
+      actioncable (= 5.0.2)
+      actionmailer (= 5.0.2)
+      actionpack (= 5.0.2)
+      actionview (= 5.0.2)
+      activejob (= 5.0.2)
+      activemodel (= 5.0.2)
+      activerecord (= 5.0.2)
+      activesupport (= 5.0.2)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 5.0.0)
+      railties (= 5.0.2)
       sprockets-rails (>= 2.0.0)
-    rails-controller-testing (0.1.1)
+    rails-controller-testing (1.0.1)
       actionpack (~> 5.x)
       actionview (~> 5.x)
       activesupport (~> 5.x)
-    rails-dom-testing (2.0.1)
+    rails-dom-testing (2.0.2)
       activesupport (>= 4.2.0, < 6.0)
-      nokogiri (~> 1.6.0)
+      nokogiri (~> 1.6)
     rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
-    railties (5.0.0)
-      actionpack (= 5.0.0)
-      activesupport (= 5.0.0)
+    railties (5.0.2)
+      actionpack (= 5.0.2)
+      activesupport (= 5.0.2)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (11.2.2)
-    rdoc (4.2.2)
-      json (~> 1.4)
-    responders (2.2.0)
+    rake (12.0.0)
+    rdoc (5.1.0)
+    responders (2.3.0)
       railties (>= 4.2.0, < 5.1)
     ruby-openid (2.7.0)
-    sprockets (3.6.2)
+    sprockets (3.7.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.1.1)
+    sprockets-rails (3.2.0)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
-    sqlite3 (1.3.11)
-    thor (0.19.1)
-    thread_safe (0.3.5)
+    sqlite3 (1.3.13)
+    thor (0.19.4)
+    thread_safe (0.3.6)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    warden (1.2.6)
+    warden (1.2.7)
       rack (>= 1.0)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
-    websocket-driver (0.6.4)
+    websocket-driver (0.6.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.2)
 
@@ -194,4 +189,4 @@ DEPENDENCIES
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.12.5
+   1.12.6

data/README.md

@@ -17,7 +17,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 It's composed of 10 modules:
 
 * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
-* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support.
+* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support.
 * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
 * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
 * [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
@@ -43,9 +43,13 @@ https://github.com/plataformatec/devise/wiki/Bug-reports
 
 If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br.
 
-### Mailing list
+### StackOverflow and Mailing List
 
-If you have any questions, comments, or concerns, please use the Google Group instead of the GitHub issue tracker:
+If you have any questions, comments, or concerns, please use StackOverflow instead of the GitHub issue tracker:
+
+http://stackoverflow.com/questions/tagged/devise
+
+The deprecated mailing list can still be read on
 
 https://groups.google.com/group/plataformatec-devise
 
@@ -95,7 +99,7 @@ Devise 4.0 works with Rails 4.1 onwards. You can add it to your Gemfile with:
 gem 'devise'
 ```
 
-Run the bundle command to install it.
+Then run `bundle install`
 
 Next, you need to run the generator:
 
@@ -179,7 +183,7 @@ member_session
 The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with:
 
 ```ruby
-devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20
+devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 12
 ```
 
 Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. This file is usually located at `/config/initializers/devise.rb`.
@@ -447,7 +451,7 @@ tests:
 
 ```ruby
 sign_in @user
-sign_in @user, scope: admin
+sign_in @user, scope: :admin
 ```
 
 If you are testing Devise internal controllers or a controller that inherits