loyal_devise 2.1.2 → 2.1.3
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +2 -0
- data/.travis.yml +14 -9
- data/.yardopts +9 -0
- data/CHANGELOG.rdoc +60 -5
- data/CONTRIBUTING.md +4 -2
- data/Gemfile +7 -7
- data/Gemfile.lock +107 -101
- data/MIT-LICENSE +1 -1
- data/README.md +110 -48
- data/Rakefile +1 -0
- data/app/controllers/devise/confirmations_controller.rb +2 -4
- data/app/controllers/devise/omniauth_callbacks_controller.rb +0 -1
- data/app/controllers/devise/passwords_controller.rb +16 -5
- data/app/controllers/devise/registrations_controller.rb +13 -7
- data/app/controllers/devise/sessions_controller.rb +6 -6
- data/app/controllers/devise/unlocks_controller.rb +3 -4
- data/app/controllers/devise_controller.rb +12 -33
- data/app/helpers/devise_helper.rb +0 -1
- data/app/mailers/devise/mailer.rb +7 -8
- data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
- data/app/views/devise/registrations/edit.html.erb +5 -1
- data/config/locales/en.yml +48 -48
- data/devise.gemspec +6 -6
- data/devise.png +0 -0
- data/gemfiles/{Gemfile.rails-3.1.x → Gemfile.rails-3.2.x} +8 -12
- data/gemfiles/Gemfile.rails-3.2.x.lock +156 -0
- data/lib/devise.rb +34 -11
- data/lib/devise/controllers/helpers.rb +33 -7
- data/lib/devise/controllers/rememberable.rb +6 -3
- data/lib/devise/controllers/scoped_views.rb +1 -2
- data/lib/devise/controllers/url_helpers.rb +0 -1
- data/lib/devise/delegator.rb +0 -1
- data/lib/devise/failure_app.rb +8 -2
- data/lib/devise/hooks/activatable.rb +1 -2
- data/lib/devise/hooks/forgetable.rb +0 -1
- data/lib/devise/hooks/lockable.rb +1 -2
- data/lib/devise/hooks/rememberable.rb +1 -2
- data/lib/devise/hooks/timeoutable.rb +0 -1
- data/lib/devise/hooks/trackable.rb +0 -1
- data/lib/devise/mailers/helpers.rb +18 -14
- data/lib/devise/mapping.rb +6 -7
- data/lib/devise/models.rb +0 -1
- data/lib/devise/models/authenticatable.rb +50 -27
- data/lib/devise/models/confirmable.rb +37 -16
- data/lib/devise/models/database_authenticatable.rb +17 -3
- data/lib/devise/models/lockable.rb +1 -2
- data/lib/devise/models/omniauthable.rb +1 -2
- data/lib/devise/models/recoverable.rb +10 -6
- data/lib/devise/models/registerable.rb +0 -1
- data/lib/devise/models/rememberable.rb +1 -2
- data/lib/devise/models/timeoutable.rb +1 -2
- data/lib/devise/models/token_authenticatable.rb +0 -1
- data/lib/devise/models/trackable.rb +0 -1
- data/lib/devise/models/validatable.rb +0 -1
- data/lib/devise/modules.rb +1 -2
- data/lib/devise/omniauth.rb +0 -1
- data/lib/devise/omniauth/config.rb +0 -1
- data/lib/devise/omniauth/url_helpers.rb +0 -1
- data/lib/devise/orm/active_record.rb +1 -2
- data/lib/devise/orm/mongoid.rb +1 -2
- data/lib/devise/{param_filter.rb → parameter_filter.rb} +10 -12
- data/lib/devise/parameter_sanitizer.rb +59 -0
- data/lib/devise/rails.rb +0 -1
- data/lib/devise/rails/routes.rb +22 -18
- data/lib/devise/rails/warden_compat.rb +0 -30
- data/lib/devise/strategies/authenticatable.rb +8 -6
- data/lib/devise/strategies/base.rb +1 -2
- data/lib/devise/strategies/database_authenticatable.rb +1 -2
- data/lib/devise/strategies/rememberable.rb +1 -2
- data/lib/devise/strategies/token_authenticatable.rb +38 -4
- data/lib/devise/test_helpers.rb +0 -1
- data/lib/devise/time_inflector.rb +1 -2
- data/lib/devise/version.rb +1 -2
- data/lib/generators/active_record/devise_generator.rb +1 -5
- data/lib/generators/active_record/templates/migration.rb +0 -1
- data/lib/generators/active_record/templates/migration_existing.rb +0 -1
- data/lib/generators/devise/devise_generator.rb +0 -1
- data/lib/generators/devise/install_generator.rb +0 -1
- data/lib/generators/devise/orm_helpers.rb +1 -2
- data/lib/generators/devise/views_generator.rb +8 -3
- data/lib/generators/mongoid/devise_generator.rb +1 -2
- data/lib/generators/templates/README +1 -1
- data/lib/generators/templates/devise.rb +10 -5
- data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
- data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +1 -0
- data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -1
- data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +1 -0
- data/loyal_devise.gemspec +27 -0
- data/test/controllers/custom_strategy_test.rb +0 -1
- data/test/controllers/helpers_test.rb +0 -1
- data/test/controllers/internal_helpers_test.rb +13 -4
- data/test/controllers/passwords_controller_test.rb +32 -0
- data/test/controllers/sessions_controller_test.rb +28 -1
- data/test/controllers/url_helpers_test.rb +0 -1
- data/test/delegator_test.rb +0 -1
- data/test/devise_test.rb +12 -2
- data/test/failure_app_test.rb +3 -4
- data/test/generators/active_record_generator_test.rb +1 -4
- data/test/generators/devise_generator_test.rb +0 -1
- data/test/generators/install_generator_test.rb +0 -1
- data/test/generators/mongoid_generator_test.rb +0 -1
- data/test/generators/views_generator_test.rb +16 -2
- data/test/helpers/devise_helper_test.rb +1 -2
- data/test/integration/authenticatable_test.rb +92 -27
- data/test/integration/confirmable_test.rb +7 -7
- data/test/integration/database_authenticatable_test.rb +8 -7
- data/test/integration/http_authenticatable_test.rb +19 -2
- data/test/integration/lockable_test.rb +1 -2
- data/test/integration/omniauthable_test.rb +2 -3
- data/test/integration/recoverable_test.rb +40 -12
- data/test/integration/registerable_test.rb +17 -14
- data/test/integration/rememberable_test.rb +16 -10
- data/test/integration/timeoutable_test.rb +11 -2
- data/test/integration/token_authenticatable_test.rb +45 -2
- data/test/integration/trackable_test.rb +1 -2
- data/test/mailers/confirmation_instructions_test.rb +11 -3
- data/test/mailers/reset_password_instructions_test.rb +11 -3
- data/test/mailers/unlock_instructions_test.rb +11 -2
- data/test/mapping_test.rb +0 -1
- data/test/models/authenticatable_test.rb +6 -1
- data/test/models/confirmable_test.rb +53 -2
- data/test/models/database_authenticatable_test.rb +57 -21
- data/test/models/lockable_test.rb +1 -2
- data/test/models/omniauthable_test.rb +0 -1
- data/test/models/recoverable_test.rb +21 -5
- data/test/models/registerable_test.rb +0 -1
- data/test/models/rememberable_test.rb +4 -4
- data/test/models/serializable_test.rb +8 -8
- data/test/models/timeoutable_test.rb +0 -1
- data/test/models/token_authenticatable_test.rb +0 -1
- data/test/models/trackable_test.rb +0 -1
- data/test/models/validatable_test.rb +16 -6
- data/test/models_test.rb +7 -24
- data/test/omniauth/config_test.rb +1 -2
- data/test/omniauth/url_helpers_test.rb +4 -2
- data/test/orm/active_record.rb +1 -1
- data/test/orm/mongoid.rb +2 -4
- data/test/parameter_sanitizer_test.rb +51 -0
- data/test/rails_app/Rakefile +0 -4
- data/test/rails_app/app/active_record/admin.rb +0 -1
- data/test/rails_app/app/active_record/shim.rb +1 -2
- data/test/rails_app/app/active_record/user.rb +0 -1
- data/test/rails_app/app/controllers/admins/sessions_controller.rb +1 -2
- data/test/rails_app/app/controllers/admins_controller.rb +0 -1
- data/test/rails_app/app/controllers/application_controller.rb +1 -1
- data/test/rails_app/app/controllers/home_controller.rb +0 -1
- data/test/rails_app/app/controllers/publisher/registrations_controller.rb +1 -2
- data/test/rails_app/app/controllers/publisher/sessions_controller.rb +1 -2
- data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +1 -2
- data/test/rails_app/app/controllers/users_controller.rb +8 -1
- data/test/rails_app/app/helpers/application_helper.rb +0 -1
- data/test/rails_app/app/mailers/users/mailer.rb +4 -1
- data/test/rails_app/app/mongoid/admin.rb +4 -3
- data/test/rails_app/app/mongoid/shim.rb +3 -5
- data/test/rails_app/app/mongoid/user.rb +2 -3
- data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
- data/test/rails_app/bin/bundle +3 -0
- data/test/rails_app/bin/rails +4 -0
- data/test/rails_app/bin/rake +4 -0
- data/test/rails_app/config/application.rb +1 -3
- data/test/rails_app/config/boot.rb +3 -4
- data/test/rails_app/config/environment.rb +2 -3
- data/test/rails_app/config/environments/development.rb +23 -8
- data/test/rails_app/config/environments/production.rb +68 -18
- data/test/rails_app/config/environments/test.rb +18 -16
- data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -1
- data/test/rails_app/config/initializers/devise.rb +0 -1
- data/test/rails_app/config/initializers/inflections.rb +0 -1
- data/test/rails_app/config/initializers/secret_token.rb +8 -3
- data/test/rails_app/config/initializers/session_store.rb +1 -0
- data/test/rails_app/config/routes.rb +20 -17
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -1
- data/test/rails_app/db/schema.rb +0 -1
- data/test/rails_app/lib/shared_admin.rb +0 -1
- data/test/rails_app/lib/shared_user.rb +0 -2
- data/test/routes_test.rb +22 -21
- data/test/support/assertions.rb +0 -1
- data/test/support/helpers.rb +1 -2
- data/test/support/integration.rb +0 -1
- data/test/support/webrat/integrations/rails.rb +0 -1
- data/test/test_helper.rb +8 -2
- data/test/test_helpers_test.rb +0 -1
- data/test/test_models.rb +26 -0
- metadata +65 -27
- data/gemfiles/Gemfile.rails-3.1.x.lock +0 -167
- data/test/indifferent_hash.rb +0 -34
- data/test/rails_app/script/rails +0 -10
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
require 'devise/strategies/database_authenticatable'
|
|
3
2
|
require 'bcrypt'
|
|
4
3
|
|
|
@@ -76,13 +75,13 @@ module Devise
|
|
|
76
75
|
end
|
|
77
76
|
|
|
78
77
|
# Updates record attributes without asking for the current password.
|
|
79
|
-
# Never allows
|
|
78
|
+
# Never allows a change to the current password. If you are using this
|
|
80
79
|
# method, you should probably override this method to protect other
|
|
81
80
|
# attributes you would not like to be updated without a password.
|
|
82
81
|
#
|
|
83
82
|
# Example:
|
|
84
83
|
#
|
|
85
|
-
# def update_without_password(params
|
|
84
|
+
# def update_without_password(params, *options)
|
|
86
85
|
# params.delete(:email)
|
|
87
86
|
# super(params)
|
|
88
87
|
# end
|
|
@@ -96,6 +95,21 @@ module Devise
|
|
|
96
95
|
result
|
|
97
96
|
end
|
|
98
97
|
|
|
98
|
+
# Destroy record when :current_password matches, otherwise returns
|
|
99
|
+
# error on :current_password. It also automatically rejects
|
|
100
|
+
# :current_password if it is blank.
|
|
101
|
+
def destroy_with_password(current_password)
|
|
102
|
+
result = if valid_password?(current_password)
|
|
103
|
+
destroy
|
|
104
|
+
else
|
|
105
|
+
self.valid?
|
|
106
|
+
self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
|
|
107
|
+
false
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
result
|
|
111
|
+
end
|
|
112
|
+
|
|
99
113
|
def after_database_authentication
|
|
100
114
|
end
|
|
101
115
|
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
require "devise/hooks/lockable"
|
|
3
2
|
|
|
4
3
|
module Devise
|
|
@@ -56,7 +55,7 @@ module Devise
|
|
|
56
55
|
|
|
57
56
|
# Verifies whether a user is locked or not.
|
|
58
57
|
def access_locked?
|
|
59
|
-
locked_at && !lock_expired?
|
|
58
|
+
!!locked_at && !lock_expired?
|
|
60
59
|
end
|
|
61
60
|
|
|
62
61
|
# Send unlock instructions by email
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
require 'devise/omniauth'
|
|
3
2
|
|
|
4
3
|
module Devise
|
|
@@ -9,7 +8,7 @@ module Devise
|
|
|
9
8
|
#
|
|
10
9
|
# Oauthable adds the following options to devise_for:
|
|
11
10
|
#
|
|
12
|
-
# * +omniauth_providers+: Which providers are
|
|
11
|
+
# * +omniauth_providers+: Which providers are available to this model. It expects an array:
|
|
13
12
|
#
|
|
14
13
|
# devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter]
|
|
15
14
|
#
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
module Devise
|
|
3
2
|
module Models
|
|
4
3
|
|
|
5
|
-
# Recoverable takes care of
|
|
4
|
+
# Recoverable takes care of resetting the user password and send reset instructions.
|
|
6
5
|
#
|
|
7
6
|
# ==Options
|
|
8
7
|
#
|
|
@@ -45,10 +44,15 @@ module Devise
|
|
|
45
44
|
|
|
46
45
|
# Resets reset password token and send reset password instructions by email
|
|
47
46
|
def send_reset_password_instructions
|
|
48
|
-
|
|
47
|
+
ensure_reset_password_token!
|
|
49
48
|
send_devise_notification(:reset_password_instructions)
|
|
50
49
|
end
|
|
51
|
-
|
|
50
|
+
|
|
51
|
+
# Generate reset password token unless already exists and save the record.
|
|
52
|
+
def ensure_reset_password_token!
|
|
53
|
+
generate_reset_password_token! if should_generate_reset_token?
|
|
54
|
+
end
|
|
55
|
+
|
|
52
56
|
# Checks if the reset password token sent is within the limit time.
|
|
53
57
|
# We do this by calculating if the difference between today and the
|
|
54
58
|
# sending date does not exceed the confirm in time configured.
|
|
@@ -103,9 +107,9 @@ module Devise
|
|
|
103
107
|
|
|
104
108
|
module ClassMethods
|
|
105
109
|
# Attempt to find a user by its email. If a record is found, send new
|
|
106
|
-
# password instructions to it. If
|
|
110
|
+
# password instructions to it. If user is not found, returns a new user
|
|
107
111
|
# with an email not found error.
|
|
108
|
-
# Attributes must contain the user email
|
|
112
|
+
# Attributes must contain the user's email
|
|
109
113
|
def send_reset_password_instructions(attributes={})
|
|
110
114
|
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
|
|
111
115
|
recoverable.send_reset_password_instructions if recoverable.persisted?
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
require 'devise/strategies/rememberable'
|
|
3
2
|
require 'devise/hooks/rememberable'
|
|
4
3
|
require 'devise/hooks/forgetable'
|
|
@@ -51,7 +50,7 @@ module Devise
|
|
|
51
50
|
def remember_me!(extend_period=false)
|
|
52
51
|
self.remember_token = self.class.remember_token if generate_remember_token?
|
|
53
52
|
self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
|
|
54
|
-
save(:validate => false)
|
|
53
|
+
save(:validate => false) if self.changed?
|
|
55
54
|
end
|
|
56
55
|
|
|
57
56
|
# If the record is persisted, remove the remember token (but only if
|
|
@@ -1,9 +1,8 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
require 'devise/hooks/timeoutable'
|
|
3
2
|
|
|
4
3
|
module Devise
|
|
5
4
|
module Models
|
|
6
|
-
# Timeoutable takes care of
|
|
5
|
+
# Timeoutable takes care of verifyng whether a user session has already
|
|
7
6
|
# expired or not. When a session expires after the configured time, the user
|
|
8
7
|
# will be asked for credentials again, it means, he/she will be redirected
|
|
9
8
|
# to the sign in page.
|
data/lib/devise/modules.rb
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
require 'active_support/core_ext/object/with_options'
|
|
3
2
|
|
|
4
3
|
Devise.with_options :model => true do |d|
|
|
@@ -27,4 +26,4 @@ Devise.with_options :model => true do |d|
|
|
|
27
26
|
|
|
28
27
|
# Stats for last, so we make sure the user is really signed in
|
|
29
28
|
d.add_module :trackable
|
|
30
|
-
end
|
|
29
|
+
end
|
data/lib/devise/omniauth.rb
CHANGED
data/lib/devise/orm/mongoid.rb
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
module Devise
|
|
3
|
-
class
|
|
2
|
+
class ParameterFilter
|
|
4
3
|
def initialize(case_insensitive_keys, strip_whitespace_keys)
|
|
5
4
|
@case_insensitive_keys = case_insensitive_keys || []
|
|
6
5
|
@strip_whitespace_keys = strip_whitespace_keys || []
|
|
@@ -9,16 +8,16 @@ module Devise
|
|
|
9
8
|
def filter(conditions)
|
|
10
9
|
conditions = stringify_params(conditions.dup)
|
|
11
10
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
11
|
+
conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :downcase, @case_insensitive_keys))
|
|
12
|
+
conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :strip, @strip_whitespace_keys))
|
|
13
|
+
|
|
14
|
+
conditions
|
|
15
|
+
end
|
|
17
16
|
|
|
18
|
-
|
|
17
|
+
def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys)
|
|
18
|
+
condition_keys.each do |k|
|
|
19
19
|
value = conditions[k]
|
|
20
|
-
|
|
21
|
-
conditions[k] = value.strip
|
|
20
|
+
conditions[k] = value.send(method) if value.respond_to?(method)
|
|
22
21
|
end
|
|
23
22
|
|
|
24
23
|
conditions
|
|
@@ -34,9 +33,8 @@ module Devise
|
|
|
34
33
|
|
|
35
34
|
private
|
|
36
35
|
|
|
37
|
-
# Determine which values should be transformed to string or passed as-is to the query builder underneath
|
|
38
36
|
def param_requires_string_conversion?(value)
|
|
39
|
-
|
|
37
|
+
true
|
|
40
38
|
end
|
|
41
39
|
end
|
|
42
40
|
end
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
module Devise
|
|
2
|
+
class BaseSanitizer
|
|
3
|
+
attr_reader :params, :resource_name, :resource_class
|
|
4
|
+
|
|
5
|
+
def initialize(resource_class, resource_name, params)
|
|
6
|
+
@resource_class = resource_class
|
|
7
|
+
@resource_name = resource_name
|
|
8
|
+
@params = params
|
|
9
|
+
@blocks = Hash.new
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def for(kind, &block)
|
|
13
|
+
if block_given?
|
|
14
|
+
@blocks[kind] = block
|
|
15
|
+
else
|
|
16
|
+
block = @blocks[kind]
|
|
17
|
+
block ? block.call(default_params) : fallback_for(kind)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
private
|
|
22
|
+
|
|
23
|
+
def fallback_for(kind)
|
|
24
|
+
default_params
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def default_params
|
|
28
|
+
params.fetch(resource_name, {})
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
class ParameterSanitizer < BaseSanitizer
|
|
33
|
+
private
|
|
34
|
+
|
|
35
|
+
def fallback_for(kind)
|
|
36
|
+
if respond_to?(kind, true)
|
|
37
|
+
send(kind)
|
|
38
|
+
else
|
|
39
|
+
raise NotImplementedError, "Devise Parameter Sanitizer doesn't know how to sanitize parameters for #{kind}"
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def sign_in
|
|
44
|
+
default_params.permit(*auth_keys)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def sign_up
|
|
48
|
+
default_params.permit(*(auth_keys + [:password, :password_confirmation]))
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def account_update
|
|
52
|
+
default_params.permit(*(auth_keys + [:password, :password_confirmation, :current_password]))
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def auth_keys
|
|
56
|
+
resource_class.authentication_keys
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
data/lib/devise/rails.rb
CHANGED
data/lib/devise/rails/routes.rb
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
require "active_support/core_ext/object/try"
|
|
3
2
|
require "active_support/core_ext/hash/slice"
|
|
4
3
|
|
|
@@ -251,15 +250,11 @@ module ActionDispatch::Routing
|
|
|
251
250
|
# end
|
|
252
251
|
#
|
|
253
252
|
# authenticate :user, lambda {|u| u.role == "admin"} do
|
|
254
|
-
# root :to => "admin/dashboard#show"
|
|
253
|
+
# root :to => "admin/dashboard#show", :as => :user_root
|
|
255
254
|
# end
|
|
256
255
|
#
|
|
257
256
|
def authenticate(scope=nil, block=nil)
|
|
258
|
-
|
|
259
|
-
request.env["warden"].authenticate!(:scope => scope) && (block.nil? || block.call(request.env["warden"].user(scope)))
|
|
260
|
-
end
|
|
261
|
-
|
|
262
|
-
constraints(constraint) do
|
|
257
|
+
constraints_for(:authenticate!, scope, block) do
|
|
263
258
|
yield
|
|
264
259
|
end
|
|
265
260
|
end
|
|
@@ -269,25 +264,21 @@ module ActionDispatch::Routing
|
|
|
269
264
|
# a model and allows extra constraints to be done on the instance.
|
|
270
265
|
#
|
|
271
266
|
# authenticated :admin do
|
|
272
|
-
# root :to => 'admin/dashboard#show'
|
|
267
|
+
# root :to => 'admin/dashboard#show', :as => :admin_root
|
|
273
268
|
# end
|
|
274
269
|
#
|
|
275
270
|
# authenticated do
|
|
276
|
-
# root :to => 'dashboard#show'
|
|
271
|
+
# root :to => 'dashboard#show', :as => :authenticated_root
|
|
277
272
|
# end
|
|
278
273
|
#
|
|
279
274
|
# authenticated :user, lambda {|u| u.role == "admin"} do
|
|
280
|
-
# root :to => "admin/dashboard#show"
|
|
275
|
+
# root :to => "admin/dashboard#show", :as => :user_root
|
|
281
276
|
# end
|
|
282
277
|
#
|
|
283
278
|
# root :to => 'landing#show'
|
|
284
279
|
#
|
|
285
280
|
def authenticated(scope=nil, block=nil)
|
|
286
|
-
|
|
287
|
-
request.env["warden"].authenticate?(:scope => scope) && (block.nil? || block.call(request.env["warden"].user(scope)))
|
|
288
|
-
end
|
|
289
|
-
|
|
290
|
-
constraints(constraint) do
|
|
281
|
+
constraints_for(:authenticate?, scope, block) do
|
|
291
282
|
yield
|
|
292
283
|
end
|
|
293
284
|
end
|
|
@@ -330,7 +321,7 @@ module ActionDispatch::Routing
|
|
|
330
321
|
# good and working example.
|
|
331
322
|
#
|
|
332
323
|
# devise_scope :user do
|
|
333
|
-
#
|
|
324
|
+
# get "/some/route" => "some_devise_controller"
|
|
334
325
|
# end
|
|
335
326
|
# devise_for :users
|
|
336
327
|
#
|
|
@@ -402,12 +393,14 @@ module ActionDispatch::Routing
|
|
|
402
393
|
match "#{path_prefix}/:provider",
|
|
403
394
|
:constraints => { :provider => providers },
|
|
404
395
|
:to => "#{controllers[:omniauth_callbacks]}#passthru",
|
|
405
|
-
:as => :omniauth_authorize
|
|
396
|
+
:as => :omniauth_authorize,
|
|
397
|
+
:via => [:get, :post]
|
|
406
398
|
|
|
407
399
|
match "#{path_prefix}/:action/callback",
|
|
408
400
|
:constraints => { :action => providers },
|
|
409
401
|
:to => controllers[:omniauth_callbacks],
|
|
410
|
-
:as => :omniauth_callback
|
|
402
|
+
:as => :omniauth_callback,
|
|
403
|
+
:via => [:get, :post]
|
|
411
404
|
ensure
|
|
412
405
|
@scope[:path] = path
|
|
413
406
|
end
|
|
@@ -427,6 +420,17 @@ module ActionDispatch::Routing
|
|
|
427
420
|
@scope.merge!(old)
|
|
428
421
|
end
|
|
429
422
|
|
|
423
|
+
def constraints_for(method_to_apply, scope=nil, block=nil)
|
|
424
|
+
constraint = lambda do |request|
|
|
425
|
+
request.env['warden'].send(method_to_apply, :scope => scope) &&
|
|
426
|
+
(block.nil? || block.call(request.env["warden"].user(scope)))
|
|
427
|
+
end
|
|
428
|
+
|
|
429
|
+
constraints(constraint) do
|
|
430
|
+
yield
|
|
431
|
+
end
|
|
432
|
+
end
|
|
433
|
+
|
|
430
434
|
def set_omniauth_path_prefix!(path_prefix) #:nodoc:
|
|
431
435
|
if ::OmniAuth.config.path_prefix && ::OmniAuth.config.path_prefix != path_prefix
|
|
432
436
|
raise "Wrong OmniAuth configuration. If you are getting this exception, it means that either:\n\n" \
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
module Warden::Mixins::Common
|
|
3
2
|
def request
|
|
4
3
|
@request ||= ActionDispatch::Request.new(env)
|
|
@@ -13,32 +12,3 @@ module Warden::Mixins::Common
|
|
|
13
12
|
request.cookie_jar
|
|
14
13
|
end
|
|
15
14
|
end
|
|
16
|
-
|
|
17
|
-
class Warden::SessionSerializer
|
|
18
|
-
def serialize(record)
|
|
19
|
-
klass = record.class
|
|
20
|
-
array = klass.serialize_into_session(record)
|
|
21
|
-
array.unshift(klass.name)
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def deserialize(keys)
|
|
25
|
-
klass_name, *args = keys
|
|
26
|
-
|
|
27
|
-
begin
|
|
28
|
-
klass = ActiveSupport::Inflector.constantize(klass_name)
|
|
29
|
-
if klass.respond_to? :serialize_from_session
|
|
30
|
-
klass.serialize_from_session(*args)
|
|
31
|
-
else
|
|
32
|
-
Rails.logger.warn "[Devise] Stored serialized class #{klass_name} seems not to be Devise enabled anymore. Did you do that on purpose?"
|
|
33
|
-
nil
|
|
34
|
-
end
|
|
35
|
-
rescue NameError => e
|
|
36
|
-
if e.message =~ /uninitialized constant/
|
|
37
|
-
Rails.logger.debug "[Devise] Trying to deserialize invalid class #{klass_name}"
|
|
38
|
-
nil
|
|
39
|
-
else
|
|
40
|
-
raise
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
end
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
# -*- encoding : utf-8 -*-
|
|
2
1
|
require 'devise/strategies/base'
|
|
3
2
|
|
|
4
3
|
module Devise
|
|
@@ -101,7 +100,7 @@ module Devise
|
|
|
101
100
|
|
|
102
101
|
# Extract a hash with attributes:values from the http params.
|
|
103
102
|
def http_auth_hash
|
|
104
|
-
keys = [
|
|
103
|
+
keys = [http_authentication_key, :password]
|
|
105
104
|
Hash[*keys.zip(decode_credentials).flatten]
|
|
106
105
|
end
|
|
107
106
|
|
|
@@ -135,24 +134,27 @@ module Devise
|
|
|
135
134
|
parse_authentication_key_values(request_values, request_keys)
|
|
136
135
|
end
|
|
137
136
|
|
|
138
|
-
# Holds the authentication keys.
|
|
139
137
|
def authentication_keys
|
|
140
138
|
@authentication_keys ||= mapping.to.authentication_keys
|
|
141
139
|
end
|
|
142
140
|
|
|
143
|
-
|
|
141
|
+
def http_authentication_key
|
|
142
|
+
@http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys
|
|
143
|
+
when Array then authentication_keys.first
|
|
144
|
+
when Hash then authentication_keys.keys.first
|
|
145
|
+
end
|
|
146
|
+
end
|
|
147
|
+
|
|
144
148
|
def request_keys
|
|
145
149
|
@request_keys ||= mapping.to.request_keys
|
|
146
150
|
end
|
|
147
151
|
|
|
148
|
-
# Returns values from the request object.
|
|
149
152
|
def request_values
|
|
150
153
|
keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys
|
|
151
154
|
values = keys.map { |k| self.request.send(k) }
|
|
152
155
|
Hash[keys.zip(values)]
|
|
153
156
|
end
|
|
154
157
|
|
|
155
|
-
# Parse authentication keys considering if they should be enforced or not.
|
|
156
158
|
def parse_authentication_key_values(hash, keys)
|
|
157
159
|
keys.each do |key, enforce|
|
|
158
160
|
value = hash[key].presence
|