RubyGems - deviseOne - Versions diffs - 1.0.0 - Mend

deviseOne 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (246) hide show

checksums.yaml +7 -0
data/.gitignore +12 -0
data/.travis.yml +38 -0
data/.yardopts +9 -0
data/CHANGELOG.md +1117 -0
data/CONTRIBUTING.md +14 -0
data/Gemfile +29 -0
data/Gemfile.lock +199 -0
data/MIT-LICENSE +20 -0
data/README.md +529 -0
data/Rakefile +35 -0
data/app/controllers/devise/confirmations_controller.rb +47 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +30 -0
data/app/controllers/devise/passwords_controller.rb +71 -0
data/app/controllers/devise/registrations_controller.rb +143 -0
data/app/controllers/devise/sessions_controller.rb +166 -0
data/app/controllers/devise/unlocks_controller.rb +46 -0
data/app/controllers/devise_controller.rb +193 -0
data/app/helpers/devise_helper.rb +25 -0
data/app/mailers/devise/mailer.rb +20 -0
data/app/views/devise/confirmations/new.html.erb +16 -0
data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
data/app/views/devise/passwords/edit.html.erb +25 -0
data/app/views/devise/passwords/new.html.erb +16 -0
data/app/views/devise/registrations/edit.html.erb +39 -0
data/app/views/devise/registrations/new.html.erb +29 -0
data/app/views/devise/sessions/new.html.erb +27 -0
data/app/views/devise/shared/_links.html.erb +21 -0
data/app/views/devise/unlocks/new.html.erb +16 -0
data/config/locales/en.yml +70 -0
data/devise.gemspec +33 -0
data/devise.png +0 -0
data/gemfiles/Gemfile.rails-3.2-stable +29 -0
data/gemfiles/Gemfile.rails-3.2-stable.lock +169 -0
data/gemfiles/Gemfile.rails-4.0-stable +29 -0
data/gemfiles/Gemfile.rails-4.0-stable.lock +165 -0
data/gemfiles/Gemfile.rails-4.1-stable +29 -0
data/gemfiles/Gemfile.rails-4.1-stable.lock +170 -0
data/lib/devise.rb +499 -0
data/lib/devise/controllers/helpers.rb +284 -0
data/lib/devise/controllers/rememberable.rb +47 -0
data/lib/devise/controllers/scoped_views.rb +17 -0
data/lib/devise/controllers/sign_in_out.rb +102 -0
data/lib/devise/controllers/store_location.rb +58 -0
data/lib/devise/controllers/url_helpers.rb +69 -0
data/lib/devise/delegator.rb +16 -0
data/lib/devise/failure_app.rb +212 -0
data/lib/devise/hooks/activatable.rb +10 -0
data/lib/devise/hooks/csrf_cleaner.rb +7 -0
data/lib/devise/hooks/forgetable.rb +9 -0
data/lib/devise/hooks/lockable.rb +7 -0
data/lib/devise/hooks/proxy.rb +21 -0
data/lib/devise/hooks/rememberable.rb +7 -0
data/lib/devise/hooks/timeoutable.rb +35 -0
data/lib/devise/hooks/trackable.rb +9 -0
data/lib/devise/mailers/helpers.rb +90 -0
data/lib/devise/mapping.rb +175 -0
data/lib/devise/models.rb +119 -0
data/lib/devise/models/authenticatable.rb +290 -0
data/lib/devise/models/confirmable.rb +305 -0
data/lib/devise/models/database_authenticatable.rb +164 -0
data/lib/devise/models/lockable.rb +196 -0
data/lib/devise/models/omniauthable.rb +27 -0
data/lib/devise/models/recoverable.rb +157 -0
data/lib/devise/models/registerable.rb +25 -0
data/lib/devise/models/rememberable.rb +142 -0
data/lib/devise/models/timeoutable.rb +49 -0
data/lib/devise/models/trackable.rb +38 -0
data/lib/devise/models/validatable.rb +66 -0
data/lib/devise/modules.rb +28 -0
data/lib/devise/omniauth.rb +28 -0
data/lib/devise/omniauth/config.rb +45 -0
data/lib/devise/omniauth/url_helpers.rb +18 -0
data/lib/devise/orm/active_record.rb +3 -0
data/lib/devise/orm/mongoid.rb +3 -0
data/lib/devise/parameter_filter.rb +40 -0
data/lib/devise/parameter_sanitizer.rb +99 -0
data/lib/devise/rails.rb +56 -0
data/lib/devise/rails/routes.rb +495 -0
data/lib/devise/rails/warden_compat.rb +22 -0
data/lib/devise/strategies/authenticatable.rb +173 -0
data/lib/devise/strategies/base.rb +20 -0
data/lib/devise/strategies/database_authenticatable.rb +24 -0
data/lib/devise/strategies/rememberable.rb +59 -0
data/lib/devise/test_helpers.rb +132 -0
data/lib/devise/time_inflector.rb +14 -0
data/lib/devise/token_generator.rb +70 -0
data/lib/devise/version.rb +3 -0
data/lib/generators/active_record/devise_generator.rb +91 -0
data/lib/generators/active_record/templates/migration.rb +18 -0
data/lib/generators/active_record/templates/migration_existing.rb +25 -0
data/lib/generators/devise/controllers_generator.rb +44 -0
data/lib/generators/devise/devise_generator.rb +26 -0
data/lib/generators/devise/install_generator.rb +29 -0
data/lib/generators/devise/orm_helpers.rb +51 -0
data/lib/generators/devise/views_generator.rb +135 -0
data/lib/generators/mongoid/devise_generator.rb +55 -0
data/lib/generators/templates/README +35 -0
data/lib/generators/templates/controllers/README +14 -0
data/lib/generators/templates/controllers/confirmations_controller.rb +28 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +28 -0
data/lib/generators/templates/controllers/passwords_controller.rb +32 -0
data/lib/generators/templates/controllers/registrations_controller.rb +60 -0
data/lib/generators/templates/controllers/sessions_controller.rb +25 -0
data/lib/generators/templates/controllers/unlocks_controller.rb +28 -0
data/lib/generators/templates/devise.rb +263 -0
data/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
data/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
data/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +16 -0
data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +19 -0
data/lib/generators/templates/simple_form_for/passwords/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +27 -0
data/lib/generators/templates/simple_form_for/registrations/new.html.erb +17 -0
data/lib/generators/templates/simple_form_for/sessions/new.html.erb +15 -0
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +16 -0
data/script/cached-bundle +49 -0
data/script/s3-put +71 -0
data/test/controllers/custom_registrations_controller_test.rb +35 -0
data/test/controllers/custom_strategy_test.rb +62 -0
data/test/controllers/helpers_test.rb +316 -0
data/test/controllers/internal_helpers_test.rb +129 -0
data/test/controllers/load_hooks_controller_test.rb +19 -0
data/test/controllers/passwords_controller_test.rb +31 -0
data/test/controllers/sessions_controller_test.rb +102 -0
data/test/controllers/url_helpers_test.rb +65 -0
data/test/delegator_test.rb +19 -0
data/test/devise_test.rb +107 -0
data/test/failure_app_test.rb +275 -0
data/test/generators/active_record_generator_test.rb +109 -0
data/test/generators/controllers_generator_test.rb +48 -0
data/test/generators/devise_generator_test.rb +39 -0
data/test/generators/install_generator_test.rb +13 -0
data/test/generators/mongoid_generator_test.rb +23 -0
data/test/generators/views_generator_test.rb +96 -0
data/test/helpers/devise_helper_test.rb +49 -0
data/test/integration/authenticatable_test.rb +731 -0
data/test/integration/confirmable_test.rb +324 -0
data/test/integration/database_authenticatable_test.rb +94 -0
data/test/integration/http_authenticatable_test.rb +105 -0
data/test/integration/lockable_test.rb +239 -0
data/test/integration/omniauthable_test.rb +133 -0
data/test/integration/recoverable_test.rb +334 -0
data/test/integration/registerable_test.rb +361 -0
data/test/integration/rememberable_test.rb +176 -0
data/test/integration/timeoutable_test.rb +189 -0
data/test/integration/trackable_test.rb +92 -0
data/test/mailers/confirmation_instructions_test.rb +115 -0
data/test/mailers/reset_password_instructions_test.rb +96 -0
data/test/mailers/unlock_instructions_test.rb +91 -0
data/test/mapping_test.rb +128 -0
data/test/models/authenticatable_test.rb +23 -0
data/test/models/confirmable_test.rb +461 -0
data/test/models/database_authenticatable_test.rb +249 -0
data/test/models/lockable_test.rb +328 -0
data/test/models/omniauthable_test.rb +7 -0
data/test/models/recoverable_test.rb +205 -0
data/test/models/registerable_test.rb +7 -0
data/test/models/rememberable_test.rb +198 -0
data/test/models/serializable_test.rb +49 -0
data/test/models/timeoutable_test.rb +51 -0
data/test/models/trackable_test.rb +41 -0
data/test/models/validatable_test.rb +127 -0
data/test/models_test.rb +144 -0
data/test/omniauth/config_test.rb +57 -0
data/test/omniauth/url_helpers_test.rb +54 -0
data/test/orm/active_record.rb +10 -0
data/test/orm/mongoid.rb +13 -0
data/test/parameter_sanitizer_test.rb +81 -0
data/test/rails_app/Rakefile +6 -0
data/test/rails_app/app/active_record/admin.rb +6 -0
data/test/rails_app/app/active_record/shim.rb +2 -0
data/test/rails_app/app/active_record/user.rb +6 -0
data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
data/test/rails_app/app/controllers/admins/sessions_controller.rb +6 -0
data/test/rails_app/app/controllers/admins_controller.rb +11 -0
data/test/rails_app/app/controllers/application_controller.rb +12 -0
data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
data/test/rails_app/app/controllers/custom/registrations_controller.rb +21 -0
data/test/rails_app/app/controllers/home_controller.rb +25 -0
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +14 -0
data/test/rails_app/app/controllers/users_controller.rb +31 -0
data/test/rails_app/app/helpers/application_helper.rb +3 -0
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +3 -0
data/test/rails_app/app/mailers/users/mailer.rb +3 -0
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +4 -0
data/test/rails_app/app/mongoid/admin.rb +29 -0
data/test/rails_app/app/mongoid/shim.rb +23 -0
data/test/rails_app/app/mongoid/user.rb +39 -0
data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
data/test/rails_app/app/views/admins/index.html.erb +1 -0
data/test/rails_app/app/views/admins/sessions/new.html.erb +2 -0
data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -0
data/test/rails_app/app/views/home/index.html.erb +1 -0
data/test/rails_app/app/views/home/join.html.erb +1 -0
data/test/rails_app/app/views/home/private.html.erb +1 -0
data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -0
data/test/rails_app/app/views/layouts/application.html.erb +24 -0
data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
data/test/rails_app/app/views/users/index.html.erb +1 -0
data/test/rails_app/app/views/users/mailer/confirmation_instructions.erb +1 -0
data/test/rails_app/app/views/users/sessions/new.html.erb +1 -0
data/test/rails_app/bin/bundle +3 -0
data/test/rails_app/bin/rails +4 -0
data/test/rails_app/bin/rake +4 -0
data/test/rails_app/config.ru +4 -0
data/test/rails_app/config/application.rb +40 -0
data/test/rails_app/config/boot.rb +14 -0
data/test/rails_app/config/database.yml +18 -0
data/test/rails_app/config/environment.rb +5 -0
data/test/rails_app/config/environments/development.rb +30 -0
data/test/rails_app/config/environments/production.rb +80 -0
data/test/rails_app/config/environments/test.rb +36 -0
data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
data/test/rails_app/config/initializers/devise.rb +180 -0
data/test/rails_app/config/initializers/inflections.rb +2 -0
data/test/rails_app/config/initializers/secret_token.rb +8 -0
data/test/rails_app/config/initializers/session_store.rb +1 -0
data/test/rails_app/config/routes.rb +122 -0
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +71 -0
data/test/rails_app/db/schema.rb +55 -0
data/test/rails_app/lib/shared_admin.rb +17 -0
data/test/rails_app/lib/shared_user.rb +29 -0
data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
data/test/rails_app/public/404.html +26 -0
data/test/rails_app/public/422.html +26 -0
data/test/rails_app/public/500.html +26 -0
data/test/rails_app/public/favicon.ico +0 -0
data/test/routes_test.rb +264 -0
data/test/support/action_controller/record_identifier.rb +10 -0
data/test/support/assertions.rb +39 -0
data/test/support/helpers.rb +73 -0
data/test/support/integration.rb +92 -0
data/test/support/locale/en.yml +8 -0
data/test/support/mongoid.yml +6 -0
data/test/support/webrat/integrations/rails.rb +24 -0
data/test/test_helper.rb +34 -0
data/test/test_helpers_test.rb +163 -0
data/test/test_models.rb +33 -0
metadata +531 -0

data/lib/devise/rails/warden_compat.rb ADDED

@@ -0,0 +1,22 @@
+module Warden::Mixins::Common
+  def request
+    @request ||= ActionDispatch::Request.new(env)
+  end
+  # Deprecate: Remove this check once we move to Rails 4 only.
+  NULL_STORE =
+    defined?(ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash) ?
+      ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash : nil
+  def reset_session!
+    # Calling reset_session on NULL_STORE causes it fail.
+    # This is a bug that needs to be fixed in Rails.
+    unless NULL_STORE && request.session.is_a?(NULL_STORE)
+      request.reset_session
+    end
+  end
+  def cookies
+    request.cookie_jar
+  end
+end

data/lib/devise/strategies/authenticatable.rb ADDED

@@ -0,0 +1,173 @@
+require 'devise/strategies/base'
+module Devise
+  module Strategies
+    # This strategy should be used as basis for authentication strategies. It retrieves
+    # parameters both from params or from http authorization headers. See database_authenticatable
+    # for an example.
+    class Authenticatable < Base
+      attr_accessor :authentication_hash, :authentication_type, :password
+      def store?
+        super && !mapping.to.skip_session_storage.include?(authentication_type)
+      end
+      def valid?
+        valid_for_params_auth? || valid_for_http_auth?
+      end
+      # Override and set to false for things like OmniAuth that technically
+      # run through Authentication (user_set) very often, which would normally
+      # reset CSRF data in the session
+      def clean_up_csrf?
+        true
+      end
+    private
+      # Receives a resource and check if it is valid by calling valid_for_authentication?
+      # An optional block that will be triggered while validating can be optionally
+      # given as parameter. Check Devise::Models::Authenticable.valid_for_authentication?
+      # for more information.
+      #
+      # In case the resource can't be validated, it will fail with the given
+      # unauthenticated_message.
+      def validate(resource, &block)
+        result = resource && resource.valid_for_authentication?(&block)
+        if result
+          true
+        else
+          if resource
+            fail!(resource.unauthenticated_message)
+          end
+          false
+        end
+      end
+      # Get values from params and set in the resource.
+      def remember_me(resource)
+        resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
+      end
+      # Should this resource be marked to be remembered?
+      def remember_me?
+        valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
+      end
+      # Check if this is a valid strategy for http authentication by:
+      #
+      #   * Validating if the model allows params authentication;
+      #   * If any of the authorization headers were sent;
+      #   * If all authentication keys are present;
+      #
+      def valid_for_http_auth?
+        http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash)
+      end
+      # Check if this is a valid strategy for params authentication by:
+      #
+      #   * Validating if the model allows params authentication;
+      #   * If the request hits the sessions controller through POST;
+      #   * If the params[scope] returns a hash with credentials;
+      #   * If all authentication keys are present;
+      #
+      def valid_for_params_auth?
+        params_authenticatable? && valid_params_request? &&
+          valid_params? && with_authentication_hash(:params_auth, params_auth_hash)
+      end
+      # Check if the model accepts this strategy as http authenticatable.
+      def http_authenticatable?
+        mapping.to.http_authenticatable?(authenticatable_name)
+      end
+      # Check if the model accepts this strategy as params authenticatable.
+      def params_authenticatable?
+        mapping.to.params_authenticatable?(authenticatable_name)
+      end
+      # Extract the appropriate subhash for authentication from params.
+      def params_auth_hash
+        params[scope]
+      end
+      # Extract a hash with attributes:values from the http params.
+      def http_auth_hash
+        keys = [http_authentication_key, :password]
+        Hash[*keys.zip(decode_credentials).flatten]
+      end
+      # By default, a request is valid if the controller set the proper env variable.
+      def valid_params_request?
+        !!env["devise.allow_params_authentication"]
+      end
+      # If the request is valid, finally check if params_auth_hash returns a hash.
+      def valid_params?
+        params_auth_hash.is_a?(Hash)
+      end
+      # Check if password is present.
+      def valid_password?
+        password.present?
+      end
+      # Helper to decode credentials from HTTP.
+      def decode_credentials
+        return [] unless request.authorization && request.authorization =~ /^Basic (.*)/m
+        Base64.decode64($1).split(/:/, 2)
+      end
+      # Sets the authentication hash and the password from params_auth_hash or http_auth_hash.
+      def with_authentication_hash(auth_type, auth_values)
+        self.authentication_hash, self.authentication_type = {}, auth_type
+        self.password = auth_values[:password]
+        parse_authentication_key_values(auth_values, authentication_keys) &&
+        parse_authentication_key_values(request_values, request_keys)
+      end
+      def authentication_keys
+        @authentication_keys ||= mapping.to.authentication_keys
+      end
+      def http_authentication_key
+        @http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys
+          when Array then authentication_keys.first
+          when Hash then authentication_keys.keys.first
+        end
+      end
+      def request_keys
+        @request_keys ||= mapping.to.request_keys
+      end
+      def request_values
+        keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys
+        values = keys.map { |k| self.request.send(k) }
+        Hash[keys.zip(values)]
+      end
+      def parse_authentication_key_values(hash, keys)
+        keys.each do |key, enforce|
+          value = hash[key].presence
+          if value
+            self.authentication_hash[key] = value
+          else
+            return false unless enforce == false
+          end
+        end
+        true
+      end
+      # Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable
+      # becomes simply :database.
+      def authenticatable_name
+        @authenticatable_name ||=
+          ActiveSupport::Inflector.underscore(self.class.name.split("::").last).
+            sub("_authenticatable", "").to_sym
+      end
+    end
+  end
+end

data/lib/devise/strategies/base.rb ADDED

@@ -0,0 +1,20 @@
+module Devise
+  module Strategies
+    # Base strategy for Devise. Responsible for verifying correct scope and mapping.
+    class Base < ::Warden::Strategies::Base
+      # Whenever CSRF cannot be verified, we turn off any kind of storage
+      def store?
+        !env["devise.skip_storage"]
+      end
+      # Checks if a valid scope was given for devise and find mapping based on this scope.
+      def mapping
+        @mapping ||= begin
+          mapping = Devise.mappings[scope]
+          raise "Could not find mapping for #{scope}" unless mapping
+          mapping
+        end
+      end
+    end
+  end
+end

data/lib/devise/strategies/database_authenticatable.rb ADDED

@@ -0,0 +1,24 @@
+require 'devise/strategies/authenticatable'
+module Devise
+  module Strategies
+    # Default strategy for signing in a user, based on their email and password in the database.
+    class DatabaseAuthenticatable < Authenticatable
+      def authenticate!
+        resource  = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
+        encrypted = false
+        if validate(resource){ encrypted = true; resource.valid_password?(password) }
+          remember_me(resource)
+          resource.after_database_authentication
+          success!(resource)
+        end
+        mapping.to.new.password = password if !encrypted && Devise.paranoid
+        fail(:not_found_in_database) unless resource
+      end
+    end
+  end
+end
+Warden::Strategies.add(:database_authenticatable, Devise::Strategies::DatabaseAuthenticatable)

data/lib/devise/strategies/rememberable.rb ADDED

@@ -0,0 +1,59 @@
+require 'devise/strategies/authenticatable'
+module Devise
+  module Strategies
+    # Remember the user through the remember token. This strategy is responsible
+    # to verify whether there is a cookie with the remember token, and to
+    # recreate the user from this cookie if it exists. Must be called *before*
+    # authenticatable.
+    class Rememberable < Authenticatable
+      # A valid strategy for rememberable needs a remember token in the cookies.
+      def valid?
+        @remember_cookie = nil
+        remember_cookie.present?
+      end
+      # To authenticate a user we deserialize the cookie and attempt finding
+      # the record in the database. If the attempt fails, we pass to another
+      # strategy handle the authentication.
+      def authenticate!
+        resource = mapping.to.serialize_from_cookie(*remember_cookie)
+        unless resource
+          cookies.delete(remember_key)
+          return pass
+        end
+        if validate(resource)
+          remember_me(resource)
+          extend_remember_me_period(resource)
+          resource.after_remembered
+          success!(resource)
+        end
+      end
+    private
+      def extend_remember_me_period(resource)
+        if resource.respond_to?(:extend_remember_period=)
+          resource.extend_remember_period = mapping.to.extend_remember_period
+        end
+      end
+      def remember_me?
+        true
+      end
+      def remember_key
+        mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
+      end
+      def remember_cookie
+        @remember_cookie ||= cookies.signed[remember_key]
+      end
+    end
+  end
+end
+Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)

data/lib/devise/test_helpers.rb ADDED

@@ -0,0 +1,132 @@
+module Devise
+  # Devise::TestHelpers provides a facility to test controllers in isolation
+  # when using ActionController::TestCase allowing you to quickly sign_in or
+  # sign_out a user. Do not use Devise::TestHelpers in integration tests.
+  #
+  # Notice you should not test Warden specific behavior (like Warden callbacks)
+  # using Devise::TestHelpers since it is a stub of the actual behavior. Such
+  # callbacks should be tested in your integration suite instead.
+  module TestHelpers
+    def self.included(base)
+      base.class_eval do
+        setup :setup_controller_for_warden, :warden if respond_to?(:setup)
+      end
+    end
+    # Override process to consider warden.
+    def process(*)
+      # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts
+      _catch_warden { super } || @response
+    end
+    # We need to setup the environment variables and the response in the controller.
+    def setup_controller_for_warden #:nodoc:
+      @request.env['action_controller.instance'] = @controller
+    end
+    # Quick access to Warden::Proxy.
+    def warden #:nodoc:
+      @warden ||= begin
+        manager = Warden::Manager.new(nil) do |config|
+          config.merge! Devise.warden_config
+        end
+        @request.env['warden'] = Warden::Proxy.new(@request.env, manager)
+      end
+    end
+    # sign_in a given resource by storing its keys in the session.
+    # This method bypass any warden authentication callback.
+    #
+    # Examples:
+    #
+    #   sign_in :user, @user   # sign_in(scope, resource)
+    #   sign_in @user          # sign_in(resource)
+    #
+    def sign_in(resource_or_scope, resource=nil)
+      scope    ||= Devise::Mapping.find_scope!(resource_or_scope)
+      resource ||= resource_or_scope
+      warden.instance_variable_get(:@users).delete(scope)
+      warden.session_serializer.store(resource, scope)
+    end
+    # Sign out a given resource or scope by calling logout on Warden.
+    # This method bypass any warden logout callback.
+    #
+    # Examples:
+    #
+    #   sign_out :user     # sign_out(scope)
+    #   sign_out @user     # sign_out(resource)
+    #
+    def sign_out(resource_or_scope)
+      scope = Devise::Mapping.find_scope!(resource_or_scope)
+      @controller.instance_variable_set(:"@current_#{scope}", nil)
+      user = warden.instance_variable_get(:@users).delete(scope)
+      warden.session_serializer.delete(scope, user)
+    end
+    protected
+    # Catch warden continuations and handle like the middleware would.
+    # Returns nil when interrupted, otherwise the normal result of the block.
+    def _catch_warden(&block)
+      result = catch(:warden, &block)
+      env = @controller.request.env
+      result ||= {}
+      # Set the response. In production, the rack result is returned
+      # from Warden::Manager#call, which the following is modelled on.
+      case result
+      when Array
+        if result.first == 401 && intercept_401?(env) # does this happen during testing?
+          _process_unauthenticated(env)
+        else
+          result
+        end
+      when Hash
+        _process_unauthenticated(env, result)
+      else
+        result
+      end
+    end
+    def _process_unauthenticated(env, options = {})
+      options[:action] ||= :unauthenticated
+      proxy = env['warden']
+      result = options[:result] || proxy.result
+      ret = case result
+      when :redirect
+        body = proxy.message || "You are being redirected to #{proxy.headers['Location']}"
+        [proxy.status, proxy.headers, [body]]
+      when :custom
+        proxy.custom_response
+      else
+        env["PATH_INFO"] = "/#{options[:action]}"
+        env["warden.options"] = options
+        Warden::Manager._run_callbacks(:before_failure, env, options)
+        status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
+        @controller.response.headers.merge!(headers)
+        @controller.send :render, status: status, text: response.body,
+          content_type: headers["Content-Type"], location: headers["Location"]
+        nil # causes process return @response
+      end
+      # ensure that the controller response is set up. In production, this is
+      # not necessary since warden returns the results to rack. However, at
+      # testing time, we want the response to be available to the testing
+      # framework to verify what would be returned to rack.
+      if ret.is_a?(Array)
+        # ensure the controller response is set to our response.
+        @controller.response ||= @response
+        @response.status = ret.first
+        @response.headers = ret.second
+        @response.body = ret.third
+      end
+      ret
+    end
+  end
+end

data/lib/devise/time_inflector.rb ADDED

@@ -0,0 +1,14 @@
+require "active_support/core_ext/module/delegation"
+module Devise
+  class TimeInflector
+    include ActionView::Helpers::DateHelper
+    class << self
+      attr_reader :instance
+      delegate :time_ago_in_words, to: :instance
+    end
+    @instance = new
+  end
+end