RubyGems - deviseOne - Versions diffs - 1.0.0 - Mend

deviseOne 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (246) hide show

checksums.yaml +7 -0
data/.gitignore +12 -0
data/.travis.yml +38 -0
data/.yardopts +9 -0
data/CHANGELOG.md +1117 -0
data/CONTRIBUTING.md +14 -0
data/Gemfile +29 -0
data/Gemfile.lock +199 -0
data/MIT-LICENSE +20 -0
data/README.md +529 -0
data/Rakefile +35 -0
data/app/controllers/devise/confirmations_controller.rb +47 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +30 -0
data/app/controllers/devise/passwords_controller.rb +71 -0
data/app/controllers/devise/registrations_controller.rb +143 -0
data/app/controllers/devise/sessions_controller.rb +166 -0
data/app/controllers/devise/unlocks_controller.rb +46 -0
data/app/controllers/devise_controller.rb +193 -0
data/app/helpers/devise_helper.rb +25 -0
data/app/mailers/devise/mailer.rb +20 -0
data/app/views/devise/confirmations/new.html.erb +16 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise/passwords/edit.html.erb +25 -0
data/app/views/devise/passwords/new.html.erb +16 -0
data/app/views/devise/registrations/edit.html.erb +39 -0
data/app/views/devise/registrations/new.html.erb +29 -0
data/app/views/devise/sessions/new.html.erb +27 -0
data/app/views/devise/shared/_links.html.erb +21 -0
data/app/views/devise/unlocks/new.html.erb +16 -0
data/config/locales/en.yml +70 -0
data/devise.gemspec +33 -0
data/devise.png +0 -0
data/gemfiles/Gemfile.rails-3.2-stable +29 -0
data/gemfiles/Gemfile.rails-3.2-stable.lock +169 -0
data/gemfiles/Gemfile.rails-4.0-stable +29 -0
data/gemfiles/Gemfile.rails-4.0-stable.lock +165 -0
data/gemfiles/Gemfile.rails-4.1-stable +29 -0
data/gemfiles/Gemfile.rails-4.1-stable.lock +170 -0
data/lib/devise.rb +499 -0
data/lib/devise/controllers/helpers.rb +284 -0
data/lib/devise/controllers/rememberable.rb +47 -0
data/lib/devise/controllers/scoped_views.rb +17 -0
data/lib/devise/controllers/sign_in_out.rb +102 -0
data/lib/devise/controllers/store_location.rb +58 -0
data/lib/devise/controllers/url_helpers.rb +69 -0
data/lib/devise/delegator.rb +16 -0
data/lib/devise/failure_app.rb +212 -0
data/lib/devise/hooks/activatable.rb +10 -0
data/lib/devise/hooks/csrf_cleaner.rb +7 -0
data/lib/devise/hooks/forgetable.rb +9 -0
data/lib/devise/hooks/lockable.rb +7 -0
data/lib/devise/hooks/proxy.rb +21 -0
data/lib/devise/hooks/rememberable.rb +7 -0
data/lib/devise/hooks/timeoutable.rb +35 -0
data/lib/devise/hooks/trackable.rb +9 -0
data/lib/devise/mailers/helpers.rb +90 -0
data/lib/devise/mapping.rb +175 -0
data/lib/devise/models.rb +119 -0
data/lib/devise/models/authenticatable.rb +290 -0
data/lib/devise/models/confirmable.rb +305 -0
data/lib/devise/models/database_authenticatable.rb +164 -0
data/lib/devise/models/lockable.rb +196 -0
data/lib/devise/models/omniauthable.rb +27 -0
data/lib/devise/models/recoverable.rb +157 -0
data/lib/devise/models/registerable.rb +25 -0
data/lib/devise/models/rememberable.rb +142 -0
data/lib/devise/models/timeoutable.rb +49 -0
data/lib/devise/models/trackable.rb +38 -0
data/lib/devise/models/validatable.rb +66 -0
data/lib/devise/modules.rb +28 -0
data/lib/devise/omniauth.rb +28 -0
data/lib/devise/omniauth/config.rb +45 -0
data/lib/devise/omniauth/url_helpers.rb +18 -0
data/lib/devise/orm/active_record.rb +3 -0
data/lib/devise/orm/mongoid.rb +3 -0
data/lib/devise/parameter_filter.rb +40 -0
data/lib/devise/parameter_sanitizer.rb +99 -0
data/lib/devise/rails.rb +56 -0
data/lib/devise/rails/routes.rb +495 -0
data/lib/devise/rails/warden_compat.rb +22 -0
data/lib/devise/strategies/authenticatable.rb +173 -0
data/lib/devise/strategies/base.rb +20 -0
data/lib/devise/strategies/database_authenticatable.rb +24 -0
data/lib/devise/strategies/rememberable.rb +59 -0
data/lib/devise/test_helpers.rb +132 -0
data/lib/devise/time_inflector.rb +14 -0
data/lib/devise/token_generator.rb +70 -0
data/lib/devise/version.rb +3 -0
data/lib/generators/active_record/devise_generator.rb +91 -0
data/lib/generators/active_record/templates/migration.rb +18 -0
data/lib/generators/active_record/templates/migration_existing.rb +25 -0
data/lib/generators/devise/controllers_generator.rb +44 -0
data/lib/generators/devise/devise_generator.rb +26 -0
data/lib/generators/devise/install_generator.rb +29 -0
data/lib/generators/devise/orm_helpers.rb +51 -0
data/lib/generators/devise/views_generator.rb +135 -0
data/lib/generators/mongoid/devise_generator.rb +55 -0
data/lib/generators/templates/README +35 -0
data/lib/generators/templates/controllers/README +14 -0
data/lib/generators/templates/controllers/confirmations_controller.rb +28 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +28 -0
data/lib/generators/templates/controllers/passwords_controller.rb +32 -0
data/lib/generators/templates/controllers/registrations_controller.rb +60 -0
data/lib/generators/templates/controllers/sessions_controller.rb +25 -0
data/lib/generators/templates/controllers/unlocks_controller.rb +28 -0
data/lib/generators/templates/devise.rb +263 -0
data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +16 -0
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +27 -0
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +16 -0
data/script/cached-bundle +49 -0
data/script/s3-put +71 -0
data/test/controllers/custom_registrations_controller_test.rb +35 -0
data/test/controllers/custom_strategy_test.rb +62 -0
data/test/controllers/helpers_test.rb +316 -0
data/test/controllers/internal_helpers_test.rb +129 -0
data/test/controllers/load_hooks_controller_test.rb +19 -0
data/test/controllers/passwords_controller_test.rb +31 -0
data/test/controllers/sessions_controller_test.rb +102 -0
data/test/controllers/url_helpers_test.rb +65 -0
data/test/delegator_test.rb +19 -0
data/test/devise_test.rb +107 -0
data/test/failure_app_test.rb +275 -0
data/test/generators/active_record_generator_test.rb +109 -0
data/test/generators/controllers_generator_test.rb +48 -0
data/test/generators/devise_generator_test.rb +39 -0
data/test/generators/install_generator_test.rb +13 -0
data/test/generators/mongoid_generator_test.rb +23 -0
data/test/generators/views_generator_test.rb +96 -0
data/test/helpers/devise_helper_test.rb +49 -0
data/test/integration/authenticatable_test.rb +731 -0
data/test/integration/confirmable_test.rb +324 -0
data/test/integration/database_authenticatable_test.rb +94 -0
data/test/integration/http_authenticatable_test.rb +105 -0
data/test/integration/lockable_test.rb +239 -0
data/test/integration/omniauthable_test.rb +133 -0
data/test/integration/recoverable_test.rb +334 -0
data/test/integration/registerable_test.rb +361 -0
data/test/integration/rememberable_test.rb +176 -0
data/test/integration/timeoutable_test.rb +189 -0
data/test/integration/trackable_test.rb +92 -0
data/test/mailers/confirmation_instructions_test.rb +115 -0
data/test/mailers/reset_password_instructions_test.rb +96 -0
data/test/mailers/unlock_instructions_test.rb +91 -0
data/test/mapping_test.rb +128 -0
data/test/models/authenticatable_test.rb +23 -0
data/test/models/confirmable_test.rb +461 -0
data/test/models/database_authenticatable_test.rb +249 -0
data/test/models/lockable_test.rb +328 -0
data/test/models/omniauthable_test.rb +7 -0
data/test/models/recoverable_test.rb +205 -0
data/test/models/registerable_test.rb +7 -0
data/test/models/rememberable_test.rb +198 -0
data/test/models/serializable_test.rb +49 -0
data/test/models/timeoutable_test.rb +51 -0
data/test/models/trackable_test.rb +41 -0
data/test/models/validatable_test.rb +127 -0
data/test/models_test.rb +144 -0
data/test/omniauth/config_test.rb +57 -0
data/test/omniauth/url_helpers_test.rb +54 -0
data/test/orm/active_record.rb +10 -0
data/test/orm/mongoid.rb +13 -0
data/test/parameter_sanitizer_test.rb +81 -0
data/test/rails_app/Rakefile +6 -0
data/test/rails_app/app/active_record/admin.rb +6 -0
data/test/rails_app/app/active_record/shim.rb +2 -0
data/test/rails_app/app/active_record/user.rb +6 -0
data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
data/test/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
data/test/rails_app/app/controllers/admins_controller.rb +11 -0
data/test/rails_app/app/controllers/application_controller.rb +12 -0
data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
data/test/rails_app/app/controllers/custom/registrations_controller.rb +21 -0
data/test/rails_app/app/controllers/home_controller.rb +25 -0
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +14 -0
data/test/rails_app/app/controllers/users_controller.rb +31 -0
data/test/rails_app/app/helpers/application_helper.rb +3 -0
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +3 -0
data/test/rails_app/app/mailers/users/mailer.rb +3 -0
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +4 -0
data/test/rails_app/app/mongoid/admin.rb +29 -0
data/test/rails_app/app/mongoid/shim.rb +23 -0
data/test/rails_app/app/mongoid/user.rb +39 -0
data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
data/test/rails_app/app/views/admins/index.html.erb +1 -0
data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
data/test/rails_app/app/views/home/index.html.erb +1 -0
data/test/rails_app/app/views/home/join.html.erb +1 -0
data/test/rails_app/app/views/home/private.html.erb +1 -0
data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
data/test/rails_app/app/views/layouts/application.html.erb +24 -0
data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
data/test/rails_app/app/views/users/index.html.erb +1 -0
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
data/test/rails_app/bin/bundle +3 -0
data/test/rails_app/bin/rails +4 -0
data/test/rails_app/bin/rake +4 -0
data/test/rails_app/config.ru +4 -0
data/test/rails_app/config/application.rb +40 -0
data/test/rails_app/config/boot.rb +14 -0
data/test/rails_app/config/database.yml +18 -0
data/test/rails_app/config/environment.rb +5 -0
data/test/rails_app/config/environments/development.rb +30 -0
data/test/rails_app/config/environments/production.rb +80 -0
data/test/rails_app/config/environments/test.rb +36 -0
data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
data/test/rails_app/config/initializers/devise.rb +180 -0
data/test/rails_app/config/initializers/inflections.rb +2 -0
data/test/rails_app/config/initializers/secret_token.rb +8 -0
data/test/rails_app/config/initializers/session_store.rb +1 -0
data/test/rails_app/config/routes.rb +122 -0
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +71 -0
data/test/rails_app/db/schema.rb +55 -0
data/test/rails_app/lib/shared_admin.rb +17 -0
data/test/rails_app/lib/shared_user.rb +29 -0
data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
data/test/rails_app/public/404.html +26 -0
data/test/rails_app/public/422.html +26 -0
data/test/rails_app/public/500.html +26 -0
data/test/rails_app/public/favicon.ico +0 -0
data/test/routes_test.rb +264 -0
data/test/support/action_controller/record_identifier.rb +10 -0
data/test/support/assertions.rb +39 -0
data/test/support/helpers.rb +73 -0
data/test/support/integration.rb +92 -0
data/test/support/locale/en.yml +8 -0
data/test/support/mongoid.yml +6 -0
data/test/support/webrat/integrations/rails.rb +24 -0
data/test/test_helper.rb +34 -0
data/test/test_helpers_test.rb +163 -0
data/test/test_models.rb +33 -0
metadata +531 -0

data/lib/devise/models/timeoutable.rb ADDED

@@ -0,0 +1,49 @@
+require 'devise/hooks/timeoutable'
+module Devise
+  module Models
+    # Timeoutable takes care of verifying whether a user session has already
+    # expired or not. When a session expires after the configured time, the user
+    # will be asked for credentials again, it means, they will be redirected
+    # to the sign in page.
+    #
+    # == Options
+    #
+    # Timeoutable adds the following options to devise_for:
+    #
+    #   * +timeout_in+: the interval to timeout the user session without activity.
+    #
+    # == Examples
+    #
+    #   user.timedout?(30.minutes.ago)
+    #
+    module Timeoutable
+      extend ActiveSupport::Concern
+      def self.required_fields(klass)
+        []
+      end
+      # Checks whether the user session has expired based on configured time.
+      def timedout?(last_access)
+        return false if remember_exists_and_not_expired?
+        !timeout_in.nil? && last_access && last_access <= timeout_in.ago
+      end
+      def timeout_in
+        self.class.timeout_in
+      end
+      private
+      def remember_exists_and_not_expired?
+        return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?)
+        remember_created_at && !remember_expired?
+      end
+      module ClassMethods
+        Devise::Models.config(self, :timeout_in)
+      end
+    end
+  end
+end

data/lib/devise/models/trackable.rb ADDED

@@ -0,0 +1,38 @@
+require 'devise/hooks/trackable'
+module Devise
+  module Models
+    # Track information about your user sign in. It tracks the following columns:
+    #
+    # * sign_in_count      - Increased every time a sign in is made (by form, openid, oauth)
+    # * current_sign_in_at - A timestamp updated when the user signs in
+    # * last_sign_in_at    - Holds the timestamp of the previous sign in
+    # * current_sign_in_ip - The remote ip updated when the user sign in
+    # * last_sign_in_ip    - Holds the remote ip of the previous sign in
+    #
+    module Trackable
+      def self.required_fields(klass)
+        [:current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count]
+      end
+      def update_tracked_fields(request)
+        old_current, new_current = self.current_sign_in_at, Time.now.utc
+        self.last_sign_in_at     = old_current || new_current
+        self.current_sign_in_at  = new_current
+        old_current, new_current = self.current_sign_in_ip, request.remote_ip
+        self.last_sign_in_ip     = old_current || new_current
+        self.current_sign_in_ip  = new_current
+        self.sign_in_count ||= 0
+        self.sign_in_count += 1
+      end
+      def update_tracked_fields!(request)
+        update_tracked_fields(request)
+        save(validate: false) or raise "Devise trackable could not save #{inspect}." \
+          "Please make sure a model using trackable can be saved at sign in."
+      end
+    end
+  end
+end

data/lib/devise/models/validatable.rb ADDED

@@ -0,0 +1,66 @@
+module Devise
+  module Models
+    # Validatable creates all needed validations for a user email and password.
+    # It's optional, given you may want to create the validations by yourself.
+    # Automatically validate if the email is present, unique and its format is
+    # valid. Also tests presence of password, confirmation and length.
+    #
+    # == Options
+    #
+    # Validatable adds the following options to devise_for:
+    #
+    #   * +email_regexp+: the regular expression used to validate e-mails;
+    #   * +password_length+: a range expressing password length. Defaults to 8..72.
+    #
+    module Validatable
+      # All validations used by this module.
+      VALIDATIONS = [ :validates_presence_of, :validates_uniqueness_of, :validates_format_of,
+                      :validates_confirmation_of, :validates_length_of ].freeze
+      def self.required_fields(klass)
+        []
+      end
+      def self.included(base)
+        base.extend ClassMethods
+        assert_validations_api!(base)
+        base.class_eval do
+          validates_presence_of   :email, if: :email_required?
+          validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
+          validates_format_of     :email, with: email_regexp, allow_blank: true, if: :email_changed?
+          validates_presence_of     :password, if: :password_required?
+          validates_confirmation_of :password, if: :password_required?
+          validates_length_of       :password, within: password_length, allow_blank: true
+        end
+      end
+      def self.assert_validations_api!(base) #:nodoc:
+        unavailable_validations = VALIDATIONS.select { |v| !base.respond_to?(v) }
+        unless unavailable_validations.empty?
+          raise "Could not use :validatable module since #{base} does not respond " <<
+                "to the following methods: #{unavailable_validations.to_sentence}."
+        end
+      end
+    protected
+      # Checks whether a password is needed or not. For validations only.
+      # Passwords are always required if it's a new record, or if the password
+      # or confirmation are being set somewhere.
+      def password_required?
+        !persisted? || !password.nil? || !password_confirmation.nil?
+      end
+      def email_required?
+        true
+      end
+      module ClassMethods
+        Devise::Models.config(self, :email_regexp, :password_length)
+      end
+    end
+  end
+end

data/lib/devise/modules.rb ADDED

@@ -0,0 +1,28 @@
+require 'active_support/core_ext/object/with_options'
+Devise.with_options model: true do |d|
+  # Strategies first
+  d.with_options strategy: true do |s|
+    routes = [nil, :new, :destroy]
+    s.add_module :database_authenticatable, controller: :sessions, route: { session: routes }
+    s.add_module :rememberable, no_input: true
+  end
+  # Other authentications
+  d.add_module :omniauthable, controller: :omniauth_callbacks,  route: :omniauth_callback
+  # Misc after
+  routes = [nil, :new, :edit]
+  d.add_module :recoverable,  controller: :passwords,     route: { password: routes }
+  d.add_module :registerable, controller: :registrations, route: { registration: (routes << :cancel) }
+  d.add_module :validatable
+  # The ones which can sign out after
+  routes = [nil, :new]
+  d.add_module :confirmable,  controller: :confirmations, route: { confirmation: routes }
+  d.add_module :lockable,     controller: :unlocks,       route: { unlock: routes }
+  d.add_module :timeoutable
+  # Stats for last, so we make sure the user is really signed in
+  d.add_module :trackable
+end

data/lib/devise/omniauth.rb ADDED

@@ -0,0 +1,28 @@
+begin
+  require "omniauth"
+  require "omniauth/version"
+rescue LoadError
+  warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
+  raise
+end
+unless OmniAuth::VERSION =~ /^1\./
+  raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
+end
+# Clean up the default path_prefix. It will be automatically set by Devise.
+OmniAuth.config.path_prefix = nil
+OmniAuth.config.on_failure = Proc.new do |env|
+  env['devise.mapping'] = Devise::Mapping.find_by_path!(env['PATH_INFO'], :path)
+  controller_name  = ActiveSupport::Inflector.camelize(env['devise.mapping'].controllers[:omniauth_callbacks])
+  controller_klass = ActiveSupport::Inflector.constantize("#{controller_name}Controller")
+  controller_klass.action(:failure).call(env)
+end
+module Devise
+  module OmniAuth
+    autoload :Config,      "devise/omniauth/config"
+    autoload :UrlHelpers,  "devise/omniauth/url_helpers"
+  end
+end

data/lib/devise/omniauth/config.rb ADDED

@@ -0,0 +1,45 @@
+module Devise
+  module OmniAuth
+    class StrategyNotFound < NameError
+      def initialize(strategy)
+        @strategy = strategy
+        super("Could not find a strategy with name `#{strategy}'. " \
+          "Please ensure it is required or explicitly set it using the :strategy_class option.")
+      end
+    end
+    class Config
+      attr_accessor :strategy
+      attr_reader :args, :options, :provider, :strategy_name
+      def initialize(provider, args)
+        @provider       = provider
+        @args           = args
+        @options        = @args.last.is_a?(Hash) ? @args.last : {}
+        @strategy       = nil
+        @strategy_name  = options[:name] || @provider
+        @strategy_class = options.delete(:strategy_class)
+      end
+      def strategy_class
+        @strategy_class ||= find_strategy || autoload_strategy
+      end
+      def find_strategy
+        ::OmniAuth.strategies.find do |strategy_class|
+          strategy_class.to_s =~ /#{::OmniAuth::Utils.camelize(strategy_name)}$/ ||
+            strategy_class.default_options[:name] == strategy_name
+        end
+      end
+      def autoload_strategy
+        name = ::OmniAuth::Utils.camelize(provider.to_s)
+        if ::OmniAuth::Strategies.const_defined?(name)
+          ::OmniAuth::Strategies.const_get(name)
+        else
+          raise StrategyNotFound, name
+        end
+      end
+    end
+  end
+end

data/lib/devise/omniauth/url_helpers.rb ADDED

@@ -0,0 +1,18 @@
+module Devise
+  module OmniAuth
+    module UrlHelpers
+      def self.define_helpers(mapping)
+      end
+      def omniauth_authorize_path(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        _devise_route_context.send("#{scope}_omniauth_authorize_path", *args)
+      end
+      def omniauth_callback_path(resource_or_scope, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        _devise_route_context.send("#{scope}_omniauth_callback_path", *args)
+      end
+    end
+  end
+end

data/lib/devise/orm/active_record.rb ADDED

@@ -0,0 +1,3 @@
+require 'orm_adapter/adapters/active_record'
+ActiveRecord::Base.extend Devise::Models

data/lib/devise/orm/mongoid.rb ADDED

@@ -0,0 +1,3 @@
+require 'orm_adapter/adapters/mongoid'
+Mongoid::Document::ClassMethods.send :include, Devise::Models

data/lib/devise/parameter_filter.rb ADDED

@@ -0,0 +1,40 @@
+module Devise
+  class ParameterFilter
+    def initialize(case_insensitive_keys, strip_whitespace_keys)
+      @case_insensitive_keys = case_insensitive_keys || []
+      @strip_whitespace_keys = strip_whitespace_keys || []
+    end
+    def filter(conditions)
+      conditions = stringify_params(conditions.dup)
+      conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :downcase, @case_insensitive_keys))
+      conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :strip, @strip_whitespace_keys))
+      conditions
+    end
+    def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys)
+      condition_keys.each do |k|
+        value = conditions[k]
+        conditions[k] = value.send(method) if value.respond_to?(method)
+      end
+      conditions
+    end
+    # Force keys to be string to avoid injection on mongoid related database.
+    def stringify_params(conditions)
+      return conditions unless conditions.is_a?(Hash)
+      conditions.each do |k, v|
+        conditions[k] = v.to_s if param_requires_string_conversion?(v)
+      end
+    end
+    private
+    def param_requires_string_conversion?(value)
+      true
+    end
+  end
+end

data/lib/devise/parameter_sanitizer.rb ADDED

@@ -0,0 +1,99 @@
+module Devise
+  class BaseSanitizer
+    attr_reader :params, :resource_name, :resource_class
+    def initialize(resource_class, resource_name, params)
+      @resource_class = resource_class
+      @resource_name  = resource_name
+      @params         = params
+      @blocks         = Hash.new
+    end
+    def for(kind, &block)
+      if block_given?
+        @blocks[kind] = block
+      else
+        default_for(kind)
+      end
+    end
+    def sanitize(kind)
+      if block = @blocks[kind]
+        block.call(default_params)
+      else
+        default_sanitize(kind)
+      end
+    end
+    private
+    def default_for(kind)
+      raise ArgumentError, "a block is expected in Devise base sanitizer"
+    end
+    def default_sanitize(kind)
+      default_params
+    end
+    def default_params
+      params.fetch(resource_name, {})
+    end
+  end
+  class ParameterSanitizer < BaseSanitizer
+    def initialize(*)
+      super
+      @permitted = Hash.new { |h,k| h[k] = attributes_for(k) }
+    end
+    def sign_in
+      permit self.for(:sign_in)
+    end
+    def sign_up
+      permit self.for(:sign_up)
+    end
+    def account_update
+      permit self.for(:account_update)
+    end
+    private
+    # TODO: We do need to flatten so it works with strong_parameters
+    # gem. We should drop it once we move to Rails 4 only support.
+    def permit(keys)
+      default_params.permit(*Array(keys))
+    end
+    # Change for(kind) to return the values in the @permitted
+    # hash, allowing the developer to customize at runtime.
+    def default_for(kind)
+      @permitted[kind] || raise("No sanitizer provided for #{kind}")
+    end
+    def default_sanitize(kind)
+      if respond_to?(kind, true)
+        send(kind)
+      else
+        raise NotImplementedError, "Devise doesn't know how to sanitize parameters for #{kind}"
+      end
+    end
+    def attributes_for(kind)
+      case kind
+      when :sign_in
+        auth_keys + [:password, :remember_me]
+      when :sign_up
+        auth_keys + [:password, :remember_me]
+      when :account_update
+        auth_keys + [:password, :current_password]
+      end
+    end
+    def auth_keys
+      @auth_keys ||= @resource_class.authentication_keys.respond_to?(:keys) ?
+                       @resource_class.authentication_keys.keys : @resource_class.authentication_keys
+    end
+  end
+end

data/lib/devise/rails.rb ADDED

@@ -0,0 +1,56 @@
+require 'devise/rails/routes'
+require 'devise/rails/warden_compat'
+module Devise
+  class Engine < ::Rails::Engine
+    config.devise = Devise
+    # Initialize Warden and copy its configurations.
+    config.app_middleware.use Warden::Manager do |config|
+      Devise.warden_config = config
+    end
+    # Force routes to be loaded if we are doing any eager load.
+    config.before_eager_load { |app| app.reload_routes! }
+    initializer "devise.url_helpers" do
+      Devise.include_helpers(Devise::Controllers)
+    end
+    initializer "devise.omniauth" do |app|
+      Devise.omniauth_configs.each do |provider, config|
+        app.middleware.use config.strategy_class, *config.args do |strategy|
+          config.strategy = strategy
+        end
+      end
+      if Devise.omniauth_configs.any?
+        Devise.include_helpers(Devise::OmniAuth)
+      end
+    end
+    initializer "devise.secret_key" do |app|
+      if app.respond_to?(:secrets)
+        Devise.secret_key ||= app.secrets.secret_key_base
+      elsif app.config.respond_to?(:secret_key_base)
+        Devise.secret_key ||= app.config.secret_key_base
+      end
+      Devise.token_generator ||=
+        if secret_key = Devise.secret_key
+          Devise::TokenGenerator.new(
+            Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key))
+          )
+        end
+    end
+    initializer "devise.fix_routes_proxy_missing_respond_to_bug" do
+      # Deprecate: Remove once we move to Rails 4 only.
+      ActionDispatch::Routing::RoutesProxy.class_eval do
+        def respond_to?(method, include_private = false)
+          super || routes.url_helpers.respond_to?(method)
+        end
+      end
+    end
+  end
+end