loyal_devise 2.1.2 → 2.1.3

data/lib/devise/strategies/base.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   module Strategies
     # Base strategy for Devise. Responsible for verifying correct scope and mapping.
@@ -18,4 +17,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise/strategies/database_authenticatable.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'devise/strategies/authenticatable'
 
 module Devise
@@ -7,7 +6,7 @@ module Devise
     class DatabaseAuthenticatable < Authenticatable
       def authenticate!
         resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
-        return fail(:invalid) unless resource
+        return fail(:not_found_in_database) unless resource
 
         if validate(resource){ resource.valid_password?(password) }
           resource.after_database_authentication

data/lib/devise/strategies/rememberable.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'devise/strategies/authenticatable'
 
 module Devise
@@ -42,7 +41,7 @@ module Devise
       end
 
       def remember_key
-        "remember_#{scope}_token"
+        mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
       end
 
       def remember_cookie

data/lib/devise/strategies/token_authenticatable.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'devise/strategies/base'
 
 module Devise
@@ -8,13 +7,22 @@ module Devise
     #
     #   http://myapp.example.com/?user_token=SECRET
     #
-    # For HTTP, you can pass the token as username and blank password. Since some clients may require
-    # a password, you can pass "X" as password and it will simply be ignored.
+    # For headers, you can use basic authentication passing the token as username and
+    # blank password. Since some clients may require a password, you can pass "X" as
+    # password and it will simply be ignored.
+    #
+    # You may also pass the token using the Token authentication mechanism provided
+    # by Rails: http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
+    # The token options are stored in request.env['devise.token_options']
     class TokenAuthenticatable < Authenticatable
       def store?
         super && !mapping.to.skip_session_storage.include?(:token_auth)
       end
 
+      def valid?
+        super || valid_for_token_auth?
+      end
+
       def authenticate!
         resource = mapping.to.find_for_token_authentication(authentication_hash)
         return fail(:invalid_token) unless resource
@@ -37,7 +45,33 @@ module Devise
         false
       end
 
-      # Try both scoped and non scoped keys.
+      # Check if the model accepts this strategy as token authenticatable.
+      def token_authenticatable?
+        mapping.to.http_authenticatable?(:token_options)
+      end
+
+      # Check if this is strategy is valid for token authentication by:
+      #
+      #   * Validating if the model allows http token authentication;
+      #   * If the http auth token exists;
+      #   * If all authentication keys are present;
+      #
+      def valid_for_token_auth?
+        token_authenticatable? && auth_token.present? && with_authentication_hash(:token_auth, token_auth_hash)
+      end
+
+      # Extract the auth token from the request
+      def auth_token
+        @auth_token ||= ActionController::HttpAuthentication::Token.token_and_options(request)
+      end
+
+      # Extract a hash with attributes:values from the auth_token
+      def token_auth_hash
+        request.env['devise.token_options'] = auth_token.last
+        { authentication_keys.first => auth_token.first }
+      end
+
+      # Try both scoped and non scoped keys
       def params_auth_hash
         if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first)
           params[scope]

data/lib/devise/test_helpers.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   # Devise::TestHelpers provides a facility to test controllers in isolation
   # when using ActionController::TestCase allowing you to quickly sign_in or

data/lib/devise/time_inflector.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require "active_support/core_ext/module/delegation"
 
 module Devise
@@ -12,4 +11,4 @@ module Devise
 
     @instance = new
   end
-end
+end

data/lib/devise/version.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
-  VERSION = "2.1.2".freeze
+  VERSION = "3.0.0.rc".freeze
 end

data/lib/generators/active_record/devise_generator.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'rails/generators/active_record'
 require 'generators/devise/orm_helpers'
 
@@ -23,10 +22,7 @@ module ActiveRecord
       end
 
       def inject_devise_content
-        content = model_contents + <<CONTENT
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-CONTENT
+        content = model_contents
 
         class_path = if namespaced?
           class_name.to_s.split("::")

data/lib/generators/active_record/templates/migration.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
   def change
     create_table(:<%= table_name %>) do |t|

data/lib/generators/active_record/templates/migration_existing.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
   def self.up
     change_table(:<%= table_name %>) do |t|

data/lib/generators/devise/devise_generator.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   module Generators
     class DeviseGenerator < Rails::Generators::NamedBase

data/lib/generators/devise/install_generator.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'securerandom'
 
 module Devise

data/lib/generators/devise/orm_helpers.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   module Generators
     module OrmHelpers
@@ -30,4 +29,4 @@ CONTENT
       end
     end
   end
-end
+end

data/lib/generators/devise/views_generator.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   module Generators
     # Include this module in your generator to generate Devise views.
@@ -19,7 +18,7 @@ module Devise
         public_task :copy_views
       end
 
-      # TODO: Add this to Rails itslef
+      # TODO: Add this to Rails itself
       module ClassMethods
         def hide!
           Rails::Generators.hide_namespace self.namespace
@@ -37,7 +36,13 @@ module Devise
       protected
 
       def view_directory(name, _target_path = nil)
-        directory name.to_s, _target_path || "#{target_path}/#{name}"
+        directory name.to_s, _target_path || "#{target_path}/#{name}" do |content|
+          if scope
+            content.gsub "devise/shared/links", "#{scope}/shared/links"
+          else
+            content
+          end
+        end
       end
 
       def target_path

data/lib/generators/mongoid/devise_generator.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'generators/devise/orm_helpers'
 
 module Mongoid
@@ -55,4 +54,4 @@ RUBY
       end
     end
   end
-end
+end

data/lib/generators/templates/README

@@ -21,7 +21,7 @@ Some setup you must do manually if you haven't yet:
        <p class="notice"><%= notice %></p>
        <p class="alert"><%= alert %></p>
 
-  4. If you are deploying Rails 3.1+ on Heroku, you may want to set:
+  4. If you are deploying on Heroku with Rails 3.2 only, you may want to set:
 
        config.assets.initialize_on_precompile = false
 

data/lib/generators/templates/devise.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
@@ -49,10 +48,14 @@ Devise.setup do |config|
   # enable it only for database (email + password) authentication.
   # config.params_authenticatable = true
 
-  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # Tell if authentication through HTTP Auth is enabled. False by default.
   # It can be set to an array that will enable http authentication only for the
   # given strategies, for example, `config.http_authenticatable = [:token]` will
-  # enable it only for token authentication.
+  # enable it only for token authentication. The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
+  # :token         = Support basic authentication with token authentication key
+  # :token_options = Support token authentication with options as defined in
+  #                  http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
   # config.http_authenticatable = false
 
   # If http headers should be returned for AJAX requests. True by default.
@@ -126,7 +129,7 @@ Devise.setup do |config|
   config.password_length = 8..128
 
   # Email regex used to validate email formats. It simply asserts that
-  # an one (and only one) @ exists in the given string. This is mainly
+  # one (and only one) @ exists in the given string. This is mainly
   # to give user feedback and not to assert the e-mail validity.
   # config.email_regexp = /\A[^@]+@[^@]+\z/
 
@@ -176,7 +179,9 @@ Devise.setup do |config|
   # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
   # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
   # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper)
+  # REST_AUTH_SITE_KEY to pepper).
+  #
+  # Require the `devise-encryptable` gem when using anything other than bcrypt
   # config.encryptor = :sha512
 
   # ==> Configuration for :token_authenticatable

data/lib/generators/templates/markerb/confirmation_instructions.markerb

@@ -1,4 +1,4 @@
-Welcome <%= @resource.email %>!
+Welcome <%= @email %>!
 
 You can confirm your account through the link below:
 

data/lib/generators/templates/simple_form_for/confirmations/new.html.erb

@@ -2,6 +2,7 @@
 
 <%= simple_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= f.error_notification %>
+  <%= f.full_error :confirmation_token %>
 
   <div class="form-inputs">
     <%= f.input :email, :required => true, :autofocus => true %>

data/lib/generators/templates/simple_form_for/registrations/edit.html.erb

@@ -5,6 +5,11 @@
 
   <div class="form-inputs">
     <%= f.input :email, :required => true, :autofocus => true %>
+
+    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+      <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
+    <% end %>
+
     <%= f.input :password, :autocomplete => "off", :hint => "leave it blank if you don't want to change it", :required => false %>
     <%= f.input :password_confirmation, :required => false %>
     <%= f.input :current_password, :hint => "we need your current password to confirm your changes", :required => true %>
@@ -17,6 +22,6 @@
 
 <h3>Cancel my account</h3>
 
-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.</p>
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
 
 <%= link_to "Back", :back %>

data/lib/generators/templates/simple_form_for/unlocks/new.html.erb

@@ -2,6 +2,7 @@
 
 <%= simple_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= f.error_notification %>
+  <%= f.full_error :unlock_token %>
 
   <div class="form-inputs">
     <%= f.input :email, :required => true, :autofocus => true %>

data/loyal_devise.gemspec

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+# require "devise/version"
+
+Gem::Specification.new do |s|
+  s.name        = "loyal_devise"
+  # s.version     = Devise::VERSION.dup
+  s.version     = '2.1.3'
+  s.platform    = Gem::Platform::RUBY
+  s.licenses    = ["MIT"]
+  s.summary     = "Flexible authentication solution for Rails with Warden"
+  s.email       = "andywang7259@gmail.com"
+  s.homepage    = "http://github.com/blogsoso/devise"
+  s.description = "Flexible authentication solution for Rails with Warden"
+  s.authors     = ['happy']
+
+  # s.rubyforge_project = "devise"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- test/*`.split("\n")
+  s.require_paths = ["lib"]
+
+  s.add_dependency("warden", "~> 1.2.1")
+  s.add_dependency("orm_adapter", "~> 0.1")
+  s.add_dependency("bcrypt-ruby", "~> 3.0")
+  s.add_dependency("railties", ">= 3.2.6", "< 5")
+end

data/test/controllers/custom_strategy_test.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 require 'ostruct'
 require 'warden/strategies/base'

data/test/controllers/helpers_test.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 require 'ostruct'
 

data/test/controllers/internal_helpers_test.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
 class MyController < DeviseController
@@ -35,10 +34,20 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'get resource params from request params using resource name as key' do
-    user_params = {'name' => 'Shirley Templar'}
-    @controller.stubs(:params).returns(HashWithIndifferentAccess.new({'user' => user_params}))
+    user_params = {'email' => 'shirley@templar.com'}
 
-    assert_equal user_params, @controller.resource_params
+    params = if Devise.rails4?
+      # Stub controller name so strong parameters can filter properly.
+      # DeviseController does not allow any parameters by default.
+      @controller.stubs(:controller_name).returns(:sessions_controller)
+
+      ActionController::Parameters.new({'user' => user_params})
+    else
+      HashWithIndifferentAccess.new({'user' => user_params})
+    end
+    @controller.stubs(:params).returns(params)
+
+    assert_equal user_params, @controller.send(:resource_params)
   end
 
   test 'resources methods are not controller actions' do

data/test/controllers/passwords_controller_test.rb

@@ -0,0 +1,32 @@
+require 'test_helper'
+
+class PasswordsControllerTest < ActionController::TestCase
+  tests Devise::PasswordsController
+  include Devise::TestHelpers
+
+  def setup
+    request.env["devise.mapping"] = Devise.mappings[:user]
+
+    @user = create_user
+    @user.send_reset_password_instructions
+  end
+
+  def put_update_with_params
+    put :update, "user" => {
+      "reset_password_token" => @user.reset_password_token, "password" => "123456", "password_confirmation" => "123456"
+    }
+  end
+
+  test 'redirect to after_sign_in_path_for if after_resetting_password_path_for is not overridden' do
+    put_update_with_params
+    assert_redirected_to "http://test.host/"
+  end
+
+  test 'redirect accordingly if after_resetting_password_path_for is overridden' do
+    custom_path = "http://custom.path/"
+    Devise::PasswordsController.any_instance.stubs(:after_resetting_password_path_for).with(@user).returns(custom_path)
+
+    put_update_with_params
+    assert_redirected_to custom_path
+  end
+end

data/test/controllers/sessions_controller_test.rb

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 
 class SessionsControllerTest < ActionController::TestCase
@@ -14,6 +13,34 @@ class SessionsControllerTest < ActionController::TestCase
     end
   end
 
+  test "#create delete the url stored in the session if the requested format is navigational" do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    request.session["user_return_to"] = 'foo.bar'
+
+    user = create_user
+    user.confirm!
+    post :create, :user => {
+      :email => user.email,
+      :password => user.password
+    }
+
+    assert_nil request.session["user_return_to"]
+  end
+
+  test "#create doesn't delete the url stored in the session if the requested format is not navigational" do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    request.session["user_return_to"] = 'foo.bar'
+
+    user = create_user
+    user.confirm!
+    post :create, :format => 'json', :user => {
+      :email => user.email,
+      :password => user.password
+    }
+
+    assert_equal 'foo.bar', request.session["user_return_to"]
+  end
+
   test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
     request.env["devise.mapping"] = Devise.mappings[:user]
     post :create, :user => {