janus 0.8.1 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cfd15bc79e41899bc65c3eddc3042f11524e4616
-  data.tar.gz: f836a95402bb7371fe25d1af49cd5841b74bb6b3
+  metadata.gz: fea9943c78cce6d222a79c9038f4cfed503eb2f2
+  data.tar.gz: 7a40e9798588323ba8318b845395a4384d77f59d
 SHA512:
-  metadata.gz: 15d3598d95a4e264a6087fea6244fe4937849c759dca34ffd0377a0764ef1b5a633bb98004e083e7a15136999d8535d71674e1944a9d913799af69ccb9601720
-  data.tar.gz: ee62d38fd4070283177a52176ac77525ad0994e991aaa0f579b2e9f559ad4ba38ae0a86c679c42f449825f2979c14cac43cb10b1410387d254a4309699e7983a
+  metadata.gz: a13b710c833af906688fc9bc8dce633c9cc4d54f7c31563fdf25d8828ece45c490b8fe550f84c0f0e4f21bc42c8570fa211a5112f7db13eb97c8ea18bd4e661a
+  data.tar.gz: 8aecfa6247cc1acc5e8ad016106ef596b6e6676458be3d3f95bf883775f120a0dc0bc1e70cb5946113aa0b15c6eb347dc8019d23a467fa254829a173fd7747a8

data/README.rdoc

@@ -47,6 +47,24 @@ Run the <tt>janus:install</tt> generator to setup janus in your app:
 
   $ rails generate janus:install
 
+If you are running Rails 4.1+ you must add a `secret_pepper` to your
+`config/secrets.yml` file after generating a secure token with `rake secret`:
+
+  # config/secrets.yml
+  development:
+    secret_key_base: "..."
+    secret_pepper: "..."
+  test:
+    secret_key_base: "..."
+    secret_pepper: "..."
+  production:
+    secret_key_base: ENV["SECRET_KEY_BASE"]
+    secret_pepper: ENV["SECRET_PEPPER"]
+
+If you are running a previous version of Rails, then you should edit
+`config/initializers/janus.rb` to use an environment variable instead of the
+generated token.
+
 Then create your first authenticatable resource, let's say +User+:
 
   $ rails generate janus:resource user

data/VERSION

@@ -1 +1 @@
-0.8.1
+0.9.0

data/lib/generators/templates/confirmations_controller.erb

@@ -1,3 +1,15 @@
 class <%= class_name.pluralize %>::ConfirmationsController < Janus::ConfirmationsController
   respond_to :html
+
+  # def deliver_confirmation_instructions(<%= singular_name %>)
+  #   <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>).deliver
+  # end
+
+  # def after_resending_confirmation_instructions_url(<%= singular_name %>)
+  #   root_url
+  # end
+
+  # def after_confirmation_url(<%= singular_name %>)
+  #   root_url
+  # end
 end

data/lib/generators/templates/janus.rb

@@ -7,7 +7,11 @@ Janus.config do |config|
   # bcrypt:
   config.encryptor = :bcrypt
   config.stretches = Rails.env.test? ? 1 : 10
-  config.pepper = <%= SecureRandom.hex(64).inspect %>
+  config.pepper = <%= if Rails.application.respond_to?(:secrets)
+                        "Rails.application.secrets[:secret_pepper]"
+                      else
+                        SecureRandom.hex(64).inspect
+                      end %>
 
   # scrypt:
   # config.encryptor = :scrypt

data/lib/generators/templates/passwords_controller.erb

@@ -1,3 +1,15 @@
 class <%= class_name.pluralize %>::PasswordsController < Janus::PasswordsController
   respond_to :html
+
+  # def deliver_reset_password_instructions(<%= singular_name %>)
+  #   <%= class_name %>Mailer.reset_password_instructions(<%= singular_name %>).deliver
+  # end
+
+  # def after_password_change_url(<%= singular_name %>)
+  #   root_url
+  # end
+
+  # def after_sending_reset_password_instructions_url(<%= singular_name %>)
+  #   root_url
+  # end
 end

data/lib/generators/templates/registrations_controller.erb

@@ -1,10 +1,18 @@
 class <%= class_name.pluralize %>::RegistrationsController < Janus::RegistrationsController
   respond_to :html
 
+  # def deliver_confirmation_instructions(<%= singular_name %>)
+  #   <%= class_name %>Mailer.confirmation_instructions(<%= singular_name %>).deliver
+  # end
+
   # def after_sign_up_url(<%= singular_name %>)
   #   profile_url(<%= singular_name %>)
   # end
 
+  # def after_destroy_url(<%= singular_name %>)
+  #   root_url
+  # end
+
   def <%= singular_name %>_params
     if params.respond_to?(:permit)
       # Rails 4 (or Rails 3 + strong_parameters)

data/lib/generators/templates/sessions_controller.erb

@@ -5,6 +5,10 @@ class <%= class_name.pluralize %>::SessionsController < Janus::SessionsControlle
   #   profile_url(<%= singular_name %>)
   # end
 
+  # def after_sign_out_url(<%= singular_name %>)
+  #   profile_url(<%= singular_name %>)
+  # end
+
   # def valid_remote_host?(host)
   #   ['www.example.com', 'test.host'].include?(host)
   # end

data/lib/janus/controllers/confirmations_controller.rb

@@ -12,8 +12,12 @@ class Janus::ConfirmationsController < ApplicationController
       resource.confirm!
 
       respond_to do |format|
-        format.html { redirect_to root_url, :notice => t('flash.janus.confirmations.edit.confirmed') }
-        format.any  { head :ok }
+        format.html do
+          redirect_to after_confirmation_url(resource),
+            :notice => t('flash.janus.confirmations.edit.confirmed')
+        end
+
+        format.any { head :ok }
       end
     else
       respond_to do |format|
@@ -37,10 +41,14 @@ class Janus::ConfirmationsController < ApplicationController
     self.resource = resource_class.find_for_database_authentication(params[resource_name])
 
     if resource
-      deliver_confirmation_instructions
+      deliver_confirmation_instructions(resource)
 
       respond_to do |format|
-        format.html { redirect_to root_url, :notice => t('flash.janus.confirmations.create.email_sent') }
+        format.html do
+          redirect_to after_resending_confirmation_instructions_url(resource),
+            :notice => t('flash.janus.confirmations.create.email_sent')
+        end
+
         format.any  { head :ok }
       end
     else
@@ -58,7 +66,17 @@ class Janus::ConfirmationsController < ApplicationController
 
   # Simple wrapper for Mailer#confirmation_instructions.deliver to
   # allow customization of the email (eg: to pass additional data).
-  def deliver_confirmation_instructions
+  def deliver_confirmation_instructions(resource)
     mailer_class.confirmation_instructions(resource).deliver
   end
+
+  # Where to redirect after the instructions have been sent.
+  def after_resending_confirmation_instructions_url(resource)
+    root_url
+  end
+
+  # Where to redirect when the user has confirmed her account.
+  def after_confirmation_url(resource)
+    root_url
+  end
 end

data/lib/janus/controllers/passwords_controller.rb

@@ -15,10 +15,13 @@ class Janus::PasswordsController < ApplicationController
 
     if resource
       resource.generate_reset_password_token!
-      deliver_reset_password_instructions
+      deliver_reset_password_instructions(resource)
 
       respond_to do |format|
-        format.html { redirect_to root_url, :notice => t('flash.janus.passwords.create.email_sent') }
+        format.html do
+          redirect_to after_sending_reset_password_instructions_url(resource),
+            :notice => t('flash.janus.passwords.create.email_sent')
+        end
         format.any  { head :ok }
       end
     else
@@ -63,21 +66,27 @@ class Janus::PasswordsController < ApplicationController
 
   # Simple wrapper for Mailer#reset_password_instructions.deliver to
   # allow customization of the email (eg: to pass additional data).
-  def deliver_reset_password_instructions
+  def deliver_reset_password_instructions(resource)
     mailer_class.reset_password_instructions(resource).deliver
   end
 
   # Either redirects the user to after_password_change_url or to
   # <tt>params[:return_to]</tt> if present.
-  def redirect_after_password_change(user, options = {})
+  def redirect_after_password_change(resource, options = {})
     if params[:return_to].present?
       redirect_to params[:return_to], options
     else
-      redirect_to after_password_change_url(user), options
+      redirect_to after_password_change_url(resource), options
     end
   end
 
-  def after_password_change_url(user)
+  # Where to redirect when the password has been changed.
+  def after_password_change_url(resource)
+    root_url
+  end
+
+  # Where to redirect when the instructions have been sent.
+  def after_sending_reset_password_instructions_url(resource)
     root_url
   end
 end

data/lib/janus/controllers/registrations_controller.rb

@@ -21,7 +21,7 @@ class Janus::RegistrationsController < ApplicationController
 
     if resource.save
       janus.login(resource, :scope => janus_scope, :rememberable => true)
-      mailer_class.confirmation_instructions(resource).deliver if resource.respond_to?(:confirm!)
+      deliver_confirmation_instructions(resource) if resource.respond_to?(:confirm!)
     else
       resource.clean_up_passwords
     end
@@ -41,14 +41,26 @@ class Janus::RegistrationsController < ApplicationController
     janus.unset_user(janus_scope) if resource.destroy
 
     respond_with(resource) do |format|
-      format.html { redirect_to root_url }
+      format.html { redirect_to after_destroy_url(resource) }
     end
   end
 
+  # Simple wrapper for Mailer#confirmation_instructions.deliver to
+  # allow customization of the email (eg: to pass additional data).
+  def deliver_confirmation_instructions(resource)
+    mailer_class.confirmation_instructions(resource).deliver
+  end
+
+  # Where to redirect after user has registered.
   def after_sign_up_url(user)
     user
   end
 
+  # Where to redirect after user has unregistered.
+  def after_destroy_url(resource)
+    root_url
+  end
+
   def resource_params
     keys = %w{current_password password password_confirmation}
     send("#{janus_scope}_params").reject do |key, value|

data/lib/janus/manager.rb

@@ -60,12 +60,12 @@ module Janus
     # authenticate process.
     def set_user(user, options = {})
       scope = options[:scope] || Janus.scope_for(user)
-      janus_sessions[scope.to_sym] = { :user_class => user.class, :user_id => user.id }
+      janus_sessions[scope.to_s] = { 'user_class' => user.class.name, 'user_id' => user.id }
     end
 
     # Manually removes the user without going throught the whole logout process.
     def unset_user(scope)
-      janus_sessions.delete(scope.to_sym)
+      janus_sessions.delete(scope.to_s)
       @users.delete(scope.to_sym) unless @users.nil?
     end
 
@@ -77,7 +77,7 @@ module Janus
       if authenticated?(scope)
         if @users[scope].nil?
           begin
-          @users[scope] = session(scope)[:user_class].find(session(scope)[:user_id])
+          @users[scope] = user_class(scope).find(session(scope)['user_id'])
           rescue ActiveRecord::RecordNotFound
             unset_user(scope)
           else
@@ -91,12 +91,16 @@ module Janus
 
     # Returns the current session for user.
     def session(scope)
-      janus_sessions[scope.to_sym]
+      janus_sessions[scope.to_s]
     end
 
     private
       def janus_sessions
         request.session['janus'] ||= {}
       end
+
+      def user_class(scope)
+        session(scope)['user_class'].constantize
+      end
   end
 end

data/test/rails_app/config/initializers/janus.rb

@@ -1,3 +1,5 @@
+require 'janus'
+
 Janus.config do |config|
   config.contact_email = "contact@some-example-domain.com"
 
@@ -5,7 +7,13 @@ Janus.config do |config|
   config.authentication_keys = [:email]
   config.encryptor = :bcrypt
   config.stretches = 10
-  config.pepper = "db5ef161873f4b4cd966ff042c448282e8243a0a4e090347370360796ecc769f384d898badda1881bc7ed4483f20f6809b39a54f6671cc35cda18bfe554cd8e0"
+
+  if Rails.application.respond_to?(:secrets)
+    config.pepper = Rails.application.secrets[:secret_pepper]
+  else
+    config.pepper = "db5ef161873f4b4cd966ff042c448282e8243a0a4e090347370360796ecc769f384d898badda1881bc7ed4483f20f6809b39a54f6671cc35cda18bfe554cd8e0"
+  end
+
   # config.scrypt_options = { :max_time => 0.25 }
 
   # Confirmable

data/test/rails_app/config/initializers/secret_token.rb

@@ -1,8 +1,7 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-RailsApp::Application.config.secret_key_base = 'c6a67697877c66be70cdcc4680f37593045a721cf757de4110f9749877cb32f94fe4ddaa5e816af4555d91c4f6142a401972474d50fe620d41ede300d3143d4a'
-RailsApp::Application.config.secret_token    = 'c6a67697877c66be70cdcc4680f37593045a721cf757de4110f9749877cb32f94fe4ddaa5e816af4555d91c4f6142a401972474d50fe620d41ede300d3143d4a'
+if RailsApp::Application.config.respond_to?(:secret_key_base)
+  if Rails.version < '4.1.0'
+    RailsApp::Application.config.secret_key_base = 'c6a67697877c66be70cdcc4680f37593045a721cf757de4110f9749877cb32f94fe4ddaa5e816af4555d91c4f6142a401972474d50fe620d41ede300d3143d4a'
+  end
+else
+  RailsApp::Application.config.secret_token = 'c6a67697877c66be70cdcc4680f37593045a721cf757de4110f9749877cb32f94fe4ddaa5e816af4555d91c4f6142a401972474d50fe620d41ede300d3143d4a'
+end

data/test/rails_app/config/initializers/session_store.rb

@@ -1,8 +1 @@
-# Be sure to restart your server when you modify this file.
-
 RailsApp::Application.config.session_store :cookie_store, :key => '_rails_app_session'
-
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rails generate session_migration")
-# RailsApp::Application.config.session_store :active_record_store

data/test/rails_app/config/secrets.yml

@@ -0,0 +1,12 @@
+development:
+  secret_key_base: 306a71f354ac073a1fc1383922098a3f5d406d56df8512e9bf159f4d1cec5bfb51b396a16a4d421c105a879f81caf35e6f49781d3bf0c06e9355d8eff111b7ff
+  secret_pepper: db5ef161873f4b4cd966ff042c448282e8243a0a4e090347370360796ecc769f384d898badda1881bc7ed4483f20f6809b39a54f6671cc35cda18bfe554cd8e0
+
+test:
+  secret_key_base: 3229572c7449e158994a35b38fc5acf0ac8136245be074657394f913cc025284f7adee7ca75deaf637ae3e54c8c50d8cdfcd2ea1ef40c53afcd25e5c27fa11f7
+  secret_pepper: db5ef161873f4b4cd966ff042c448282e8243a0a4e090347370360796ecc769f384d898badda1881bc7ed4483f20f6809b39a54f6671cc35cda18bfe554cd8e0
+
+production:
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  secret_pepper: <%= ENV["SECRET_PEPPER"] %>
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: janus
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.9.0
 platform: ruby
 authors:
 - Julien Portalier
@@ -30,104 +30,104 @@ cert_chain:
   KVqCN//9bevjMk5OiMi9X3Wu/GtVWDwC6OTWFWKd54KgbuWlakO8LC1SMmStnCIF
   W4qpyMWMZMcB4ZN/0mUVzY5xwrislBtsmQVUSw==
   -----END CERTIFICATE-----
-date: 2014-02-07 00:00:00.000000000 Z
+date: 2014-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bcrypt-ruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Authentication engine for Ruby on Rails
@@ -137,8 +137,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - LICENSE
 - README.rdoc
 - Rakefile
@@ -262,6 +262,7 @@ files:
 - test/rails_app/config/initializers/session_store.rb
 - test/rails_app/config/locales/janus.en.yml
 - test/rails_app/config/routes.rb
+- test/rails_app/config/secrets.yml
 - test/rails_app/db/migrate/20110323153820_create_users.rb
 - test/rails_app/db/migrate/20110331153546_create_remote_tokens.rb
 - test/rails_app/db/migrate/20130412104138_create_admins.rb
@@ -292,17 +293,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Authentication engine for Ruby on Rails
@@ -369,6 +370,7 @@ test_files:
 - test/rails_app/config/initializers/session_store.rb
 - test/rails_app/config/locales/janus.en.yml
 - test/rails_app/config/routes.rb
+- test/rails_app/config/secrets.yml
 - test/rails_app/db/migrate/20110323153820_create_users.rb
 - test/rails_app/db/migrate/20110331153546_create_remote_tokens.rb
 - test/rails_app/db/migrate/20130412104138_create_admins.rb