RubyGems - loyal_devise - Versions diffs - 2.1.2 → 2.1.3 - Mend

loyal_devise 2.1.2 → 2.1.3

Files changed (188) hide show

data/.gitignore +2 -0
data/.travis.yml +14 -9
data/.yardopts +9 -0
data/CHANGELOG.rdoc +60 -5
data/CONTRIBUTING.md +4 -2
data/Gemfile +7 -7
data/Gemfile.lock +107 -101
data/MIT-LICENSE +1 -1
data/README.md +110 -48
data/Rakefile +1 -0
data/app/controllers/devise/confirmations_controller.rb +2 -4
data/app/controllers/devise/omniauth_callbacks_controller.rb +0 -1
data/app/controllers/devise/passwords_controller.rb +16 -5
data/app/controllers/devise/registrations_controller.rb +13 -7
data/app/controllers/devise/sessions_controller.rb +6 -6
data/app/controllers/devise/unlocks_controller.rb +3 -4
data/app/controllers/devise_controller.rb +12 -33
data/app/helpers/devise_helper.rb +0 -1
data/app/mailers/devise/mailer.rb +7 -8
data/app/views/devise/mailer/confirmation_instructions.html.erb +1 -1
data/app/views/devise/mailer/reset_password_instructions.html.erb +1 -1
data/app/views/devise/registrations/edit.html.erb +5 -1
data/config/locales/en.yml +48 -48
data/devise.gemspec +6 -6
data/devise.png +0 -0
data/gemfiles/{Gemfile.rails-3.1.x → Gemfile.rails-3.2.x} +8 -12
data/gemfiles/Gemfile.rails-3.2.x.lock +156 -0
data/lib/devise.rb +34 -11
data/lib/devise/controllers/helpers.rb +33 -7
data/lib/devise/controllers/rememberable.rb +6 -3
data/lib/devise/controllers/scoped_views.rb +1 -2
data/lib/devise/controllers/url_helpers.rb +0 -1
data/lib/devise/delegator.rb +0 -1
data/lib/devise/failure_app.rb +8 -2
data/lib/devise/hooks/activatable.rb +1 -2
data/lib/devise/hooks/forgetable.rb +0 -1
data/lib/devise/hooks/lockable.rb +1 -2
data/lib/devise/hooks/rememberable.rb +1 -2
data/lib/devise/hooks/timeoutable.rb +0 -1
data/lib/devise/hooks/trackable.rb +0 -1
data/lib/devise/mailers/helpers.rb +18 -14
data/lib/devise/mapping.rb +6 -7
data/lib/devise/models.rb +0 -1
data/lib/devise/models/authenticatable.rb +50 -27
data/lib/devise/models/confirmable.rb +37 -16
data/lib/devise/models/database_authenticatable.rb +17 -3
data/lib/devise/models/lockable.rb +1 -2
data/lib/devise/models/omniauthable.rb +1 -2
data/lib/devise/models/recoverable.rb +10 -6
data/lib/devise/models/registerable.rb +0 -1
data/lib/devise/models/rememberable.rb +1 -2
data/lib/devise/models/timeoutable.rb +1 -2
data/lib/devise/models/token_authenticatable.rb +0 -1
data/lib/devise/models/trackable.rb +0 -1
data/lib/devise/models/validatable.rb +0 -1
data/lib/devise/modules.rb +1 -2
data/lib/devise/omniauth.rb +0 -1
data/lib/devise/omniauth/config.rb +0 -1
data/lib/devise/omniauth/url_helpers.rb +0 -1
data/lib/devise/orm/active_record.rb +1 -2
data/lib/devise/orm/mongoid.rb +1 -2
data/lib/devise/{param_filter.rb → parameter_filter.rb} +10 -12
data/lib/devise/parameter_sanitizer.rb +59 -0
data/lib/devise/rails.rb +0 -1
data/lib/devise/rails/routes.rb +22 -18
data/lib/devise/rails/warden_compat.rb +0 -30
data/lib/devise/strategies/authenticatable.rb +8 -6
data/lib/devise/strategies/base.rb +1 -2
data/lib/devise/strategies/database_authenticatable.rb +1 -2
data/lib/devise/strategies/rememberable.rb +1 -2
data/lib/devise/strategies/token_authenticatable.rb +38 -4
data/lib/devise/test_helpers.rb +0 -1
data/lib/devise/time_inflector.rb +1 -2
data/lib/devise/version.rb +1 -2
data/lib/generators/active_record/devise_generator.rb +1 -5
data/lib/generators/active_record/templates/migration.rb +0 -1
data/lib/generators/active_record/templates/migration_existing.rb +0 -1
data/lib/generators/devise/devise_generator.rb +0 -1
data/lib/generators/devise/install_generator.rb +0 -1
data/lib/generators/devise/orm_helpers.rb +1 -2
data/lib/generators/devise/views_generator.rb +8 -3
data/lib/generators/mongoid/devise_generator.rb +1 -2
data/lib/generators/templates/README +1 -1
data/lib/generators/templates/devise.rb +10 -5
data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +1 -0
data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +6 -1
data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +1 -0
data/loyal_devise.gemspec +27 -0
data/test/controllers/custom_strategy_test.rb +0 -1
data/test/controllers/helpers_test.rb +0 -1
data/test/controllers/internal_helpers_test.rb +13 -4
data/test/controllers/passwords_controller_test.rb +32 -0
data/test/controllers/sessions_controller_test.rb +28 -1
data/test/controllers/url_helpers_test.rb +0 -1
data/test/delegator_test.rb +0 -1
data/test/devise_test.rb +12 -2
data/test/failure_app_test.rb +3 -4
data/test/generators/active_record_generator_test.rb +1 -4
data/test/generators/devise_generator_test.rb +0 -1
data/test/generators/install_generator_test.rb +0 -1
data/test/generators/mongoid_generator_test.rb +0 -1
data/test/generators/views_generator_test.rb +16 -2
data/test/helpers/devise_helper_test.rb +1 -2
data/test/integration/authenticatable_test.rb +92 -27
data/test/integration/confirmable_test.rb +7 -7
data/test/integration/database_authenticatable_test.rb +8 -7
data/test/integration/http_authenticatable_test.rb +19 -2
data/test/integration/lockable_test.rb +1 -2
data/test/integration/omniauthable_test.rb +2 -3
data/test/integration/recoverable_test.rb +40 -12
data/test/integration/registerable_test.rb +17 -14
data/test/integration/rememberable_test.rb +16 -10
data/test/integration/timeoutable_test.rb +11 -2
data/test/integration/token_authenticatable_test.rb +45 -2
data/test/integration/trackable_test.rb +1 -2
data/test/mailers/confirmation_instructions_test.rb +11 -3
data/test/mailers/reset_password_instructions_test.rb +11 -3
data/test/mailers/unlock_instructions_test.rb +11 -2
data/test/mapping_test.rb +0 -1
data/test/models/authenticatable_test.rb +6 -1
data/test/models/confirmable_test.rb +53 -2
data/test/models/database_authenticatable_test.rb +57 -21
data/test/models/lockable_test.rb +1 -2
data/test/models/omniauthable_test.rb +0 -1
data/test/models/recoverable_test.rb +21 -5
data/test/models/registerable_test.rb +0 -1
data/test/models/rememberable_test.rb +4 -4
data/test/models/serializable_test.rb +8 -8
data/test/models/timeoutable_test.rb +0 -1
data/test/models/token_authenticatable_test.rb +0 -1
data/test/models/trackable_test.rb +0 -1
data/test/models/validatable_test.rb +16 -6
data/test/models_test.rb +7 -24
data/test/omniauth/config_test.rb +1 -2
data/test/omniauth/url_helpers_test.rb +4 -2
data/test/orm/active_record.rb +1 -1
data/test/orm/mongoid.rb +2 -4
data/test/parameter_sanitizer_test.rb +51 -0
data/test/rails_app/Rakefile +0 -4
data/test/rails_app/app/active_record/admin.rb +0 -1
data/test/rails_app/app/active_record/shim.rb +1 -2
data/test/rails_app/app/active_record/user.rb +0 -1
data/test/rails_app/app/controllers/admins/sessions_controller.rb +1 -2
data/test/rails_app/app/controllers/admins_controller.rb +0 -1
data/test/rails_app/app/controllers/application_controller.rb +1 -1
data/test/rails_app/app/controllers/home_controller.rb +0 -1
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +1 -2
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +1 -2
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +1 -2
data/test/rails_app/app/controllers/users_controller.rb +8 -1
data/test/rails_app/app/helpers/application_helper.rb +0 -1
data/test/rails_app/app/mailers/users/mailer.rb +4 -1
data/test/rails_app/app/mongoid/admin.rb +4 -3
data/test/rails_app/app/mongoid/shim.rb +3 -5
data/test/rails_app/app/mongoid/user.rb +2 -3
data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
data/test/rails_app/bin/bundle +3 -0
data/test/rails_app/bin/rails +4 -0
data/test/rails_app/bin/rake +4 -0
data/test/rails_app/config/application.rb +1 -3
data/test/rails_app/config/boot.rb +3 -4
data/test/rails_app/config/environment.rb +2 -3
data/test/rails_app/config/environments/development.rb +23 -8
data/test/rails_app/config/environments/production.rb +68 -18
data/test/rails_app/config/environments/test.rb +18 -16
data/test/rails_app/config/initializers/backtrace_silencers.rb +0 -1
data/test/rails_app/config/initializers/devise.rb +0 -1
data/test/rails_app/config/initializers/inflections.rb +0 -1
data/test/rails_app/config/initializers/secret_token.rb +8 -3
data/test/rails_app/config/initializers/session_store.rb +1 -0
data/test/rails_app/config/routes.rb +20 -17
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -1
data/test/rails_app/db/schema.rb +0 -1
data/test/rails_app/lib/shared_admin.rb +0 -1
data/test/rails_app/lib/shared_user.rb +0 -2
data/test/routes_test.rb +22 -21
data/test/support/assertions.rb +0 -1
data/test/support/helpers.rb +1 -2
data/test/support/integration.rb +0 -1
data/test/support/webrat/integrations/rails.rb +0 -1
data/test/test_helper.rb +8 -2
data/test/test_helpers_test.rb +0 -1
data/test/test_models.rb +26 -0
metadata +65 -27
data/gemfiles/Gemfile.rails-3.1.x.lock +0 -167
data/test/indifferent_hash.rb +0 -34
data/test/rails_app/script/rails +0 -10

data/lib/devise/strategies/base.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   module Strategies
     # Base strategy for Devise. Responsible for verifying correct scope and mapping.
@@ -18,4 +17,4 @@ module Devise
       end
     end
   end
-end
+end

data/lib/devise/strategies/database_authenticatable.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'devise/strategies/authenticatable'
 module Devise
@@ -7,7 +6,7 @@ module Devise
     class DatabaseAuthenticatable < Authenticatable
       def authenticate!
         resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
-        return fail(:invalid) unless resource
+        return fail(:not_found_in_database) unless resource
         if validate(resource){ resource.valid_password?(password) }
           resource.after_database_authentication

data/lib/devise/strategies/rememberable.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'devise/strategies/authenticatable'
 module Devise
@@ -42,7 +41,7 @@ module Devise
       end
       def remember_key
-        "remember_#{scope}_token"
+        mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
       end
       def remember_cookie

data/lib/devise/strategies/token_authenticatable.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'devise/strategies/base'
 module Devise
@@ -8,13 +7,22 @@ module Devise
     #
     #   http://myapp.example.com/?user_token=SECRET
     #
-    # For HTTP, you can pass the token as username and blank password. Since some clients may require
-    # a password, you can pass "X" as password and it will simply be ignored.
+    # For headers, you can use basic authentication passing the token as username and
+    # blank password. Since some clients may require a password, you can pass "X" as
+    # password and it will simply be ignored.
+    #
+    # You may also pass the token using the Token authentication mechanism provided
+    # by Rails: http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
+    # The token options are stored in request.env['devise.token_options']
     class TokenAuthenticatable < Authenticatable
       def store?
         super && !mapping.to.skip_session_storage.include?(:token_auth)
       end
+      def valid?
+        super || valid_for_token_auth?
+      end
       def authenticate!
         resource = mapping.to.find_for_token_authentication(authentication_hash)
         return fail(:invalid_token) unless resource
@@ -37,7 +45,33 @@ module Devise
         false
       end
-      # Try both scoped and non scoped keys.
+      # Check if the model accepts this strategy as token authenticatable.
+      def token_authenticatable?
+        mapping.to.http_authenticatable?(:token_options)
+      end
+      # Check if this is strategy is valid for token authentication by:
+      #
+      #   * Validating if the model allows http token authentication;
+      #   * If the http auth token exists;
+      #   * If all authentication keys are present;
+      #
+      def valid_for_token_auth?
+        token_authenticatable? && auth_token.present? && with_authentication_hash(:token_auth, token_auth_hash)
+      end
+      # Extract the auth token from the request
+      def auth_token
+        @auth_token ||= ActionController::HttpAuthentication::Token.token_and_options(request)
+      end
+      # Extract a hash with attributes:values from the auth_token
+      def token_auth_hash
+        request.env['devise.token_options'] = auth_token.last
+        { authentication_keys.first => auth_token.first }
+      end
+      # Try both scoped and non scoped keys
       def params_auth_hash
         if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first)
           params[scope]

data/lib/devise/test_helpers.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   # Devise::TestHelpers provides a facility to test controllers in isolation
   # when using ActionController::TestCase allowing you to quickly sign_in or

data/lib/devise/time_inflector.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require "active_support/core_ext/module/delegation"
 module Devise
@@ -12,4 +11,4 @@ module Devise
     @instance = new
   end
-end
+end

data/lib/devise/version.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
-  VERSION = "2.1.2".freeze
+  VERSION = "3.0.0.rc".freeze
 end

data/lib/generators/active_record/devise_generator.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'rails/generators/active_record'
 require 'generators/devise/orm_helpers'
@@ -23,10 +22,7 @@ module ActiveRecord
       end
       def inject_devise_content
-        content = model_contents + <<CONTENT
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-CONTENT
+        content = model_contents
         class_path = if namespaced?
           class_name.to_s.split("::")

data/lib/generators/active_record/templates/migration.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
   def change
     create_table(:<%= table_name %>) do |t|

data/lib/generators/active_record/templates/migration_existing.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
   def self.up
     change_table(:<%= table_name %>) do |t|

data/lib/generators/devise/devise_generator.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   module Generators
     class DeviseGenerator < Rails::Generators::NamedBase

data/lib/generators/devise/install_generator.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'securerandom'
 module Devise

data/lib/generators/devise/orm_helpers.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   module Generators
     module OrmHelpers
@@ -30,4 +29,4 @@ CONTENT
       end
     end
   end
-end
+end

data/lib/generators/devise/views_generator.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 module Devise
   module Generators
     # Include this module in your generator to generate Devise views.
@@ -19,7 +18,7 @@ module Devise
         public_task :copy_views
       end
-      # TODO: Add this to Rails itslef
+      # TODO: Add this to Rails itself
       module ClassMethods
         def hide!
           Rails::Generators.hide_namespace self.namespace
@@ -37,7 +36,13 @@ module Devise
       protected
       def view_directory(name, _target_path = nil)
-        directory name.to_s, _target_path || "#{target_path}/#{name}"
+        directory name.to_s, _target_path || "#{target_path}/#{name}" do |content|
+          if scope
+            content.gsub "devise/shared/links", "#{scope}/shared/links"
+          else
+            content
+          end
+        end
       end
       def target_path

data/lib/generators/mongoid/devise_generator.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'generators/devise/orm_helpers'
 module Mongoid
@@ -55,4 +54,4 @@ RUBY
       end
     end
   end
-end
+end

data/lib/generators/templates/README CHANGED

@@ -21,7 +21,7 @@ Some setup you must do manually if you haven't yet:
        <p class="notice"><%= notice %></p>
        <p class="alert"><%= alert %></p>
-  4. If you are deploying Rails 3.1+ on Heroku, you may want to set:
+  4. If you are deploying on Heroku with Rails 3.2 only, you may want to set:
        config.assets.initialize_on_precompile = false

data/lib/generators/templates/devise.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
@@ -49,10 +48,14 @@ Devise.setup do |config|
   # enable it only for database (email + password) authentication.
   # config.params_authenticatable = true
-  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  # Tell if authentication through HTTP Auth is enabled. False by default.
   # It can be set to an array that will enable http authentication only for the
   # given strategies, for example, `config.http_authenticatable = [:token]` will
-  # enable it only for token authentication.
+  # enable it only for token authentication. The supported strategies are:
+  # :database      = Support basic authentication with authentication key + password
+  # :token         = Support basic authentication with token authentication key
+  # :token_options = Support token authentication with options as defined in
+  #                  http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
   # config.http_authenticatable = false
   # If http headers should be returned for AJAX requests. True by default.
@@ -126,7 +129,7 @@ Devise.setup do |config|
   config.password_length = 8..128
   # Email regex used to validate email formats. It simply asserts that
-  # an one (and only one) @ exists in the given string. This is mainly
+  # one (and only one) @ exists in the given string. This is mainly
   # to give user feedback and not to assert the e-mail validity.
   # config.email_regexp = /\A[^@]+@[^@]+\z/
@@ -176,7 +179,9 @@ Devise.setup do |config|
   # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
   # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
   # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper)
+  # REST_AUTH_SITE_KEY to pepper).
+  #
+  # Require the `devise-encryptable` gem when using anything other than bcrypt
   # config.encryptor = :sha512
   # ==> Configuration for :token_authenticatable

data/lib/generators/templates/markerb/confirmation_instructions.markerb CHANGED

@@ -1,4 +1,4 @@
-Welcome <%= @resource.email %>!
+Welcome <%= @email %>!
 You can confirm your account through the link below:

data/lib/generators/templates/simple_form_for/confirmations/new.html.erb CHANGED

@@ -2,6 +2,7 @@
 <%= simple_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= f.error_notification %>
+  <%= f.full_error :confirmation_token %>
   <div class="form-inputs">
     <%= f.input :email, :required => true, :autofocus => true %>

data/lib/generators/templates/simple_form_for/registrations/edit.html.erb CHANGED

@@ -5,6 +5,11 @@
   <div class="form-inputs">
     <%= f.input :email, :required => true, :autofocus => true %>
+    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+      <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
+    <% end %>
     <%= f.input :password, :autocomplete => "off", :hint => "leave it blank if you don't want to change it", :required => false %>
     <%= f.input :password_confirmation, :required => false %>
     <%= f.input :current_password, :hint => "we need your current password to confirm your changes", :required => true %>
@@ -17,6 +22,6 @@
 <h3>Cancel my account</h3>
-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.</p>
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
 <%= link_to "Back", :back %>

data/lib/generators/templates/simple_form_for/unlocks/new.html.erb CHANGED

@@ -2,6 +2,7 @@
 <%= simple_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
   <%= f.error_notification %>
+  <%= f.full_error :unlock_token %>
   <div class="form-inputs">
     <%= f.input :email, :required => true, :autofocus => true %>

data/loyal_devise.gemspec ADDED

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+# require "devise/version"
+Gem::Specification.new do |s|
+  s.name        = "loyal_devise"
+  # s.version     = Devise::VERSION.dup
+  s.version     = '2.1.3'
+  s.platform    = Gem::Platform::RUBY
+  s.licenses    = ["MIT"]
+  s.summary     = "Flexible authentication solution for Rails with Warden"
+  s.email       = "andywang7259@gmail.com"
+  s.homepage    = "http://github.com/blogsoso/devise"
+  s.description = "Flexible authentication solution for Rails with Warden"
+  s.authors     = ['happy']
+  # s.rubyforge_project = "devise"
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- test/*`.split("\n")
+  s.require_paths = ["lib"]
+  s.add_dependency("warden", "~> 1.2.1")
+  s.add_dependency("orm_adapter", "~> 0.1")
+  s.add_dependency("bcrypt-ruby", "~> 3.0")
+  s.add_dependency("railties", ">= 3.2.6", "< 5")
+end

data/test/controllers/custom_strategy_test.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 require 'ostruct'
 require 'warden/strategies/base'

data/test/controllers/helpers_test.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 require 'ostruct'

data/test/controllers/internal_helpers_test.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 class MyController < DeviseController
@@ -35,10 +34,20 @@ class HelpersTest < ActionController::TestCase
   end
   test 'get resource params from request params using resource name as key' do
-    user_params = {'name' => 'Shirley Templar'}
-    @controller.stubs(:params).returns(HashWithIndifferentAccess.new({'user' => user_params}))
+    user_params = {'email' => 'shirley@templar.com'}
-    assert_equal user_params, @controller.resource_params
+    params = if Devise.rails4?
+      # Stub controller name so strong parameters can filter properly.
+      # DeviseController does not allow any parameters by default.
+      @controller.stubs(:controller_name).returns(:sessions_controller)
+      ActionController::Parameters.new({'user' => user_params})
+    else
+      HashWithIndifferentAccess.new({'user' => user_params})
+    end
+    @controller.stubs(:params).returns(params)
+    assert_equal user_params, @controller.send(:resource_params)
   end
   test 'resources methods are not controller actions' do

data/test/controllers/passwords_controller_test.rb ADDED

@@ -0,0 +1,32 @@
+require 'test_helper'
+class PasswordsControllerTest < ActionController::TestCase
+  tests Devise::PasswordsController
+  include Devise::TestHelpers
+  def setup
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    @user = create_user
+    @user.send_reset_password_instructions
+  end
+  def put_update_with_params
+    put :update, "user" => {
+      "reset_password_token" => @user.reset_password_token, "password" => "123456", "password_confirmation" => "123456"
+    }
+  end
+  test 'redirect to after_sign_in_path_for if after_resetting_password_path_for is not overridden' do
+    put_update_with_params
+    assert_redirected_to "http://test.host/"
+  end
+  test 'redirect accordingly if after_resetting_password_path_for is overridden' do
+    custom_path = "http://custom.path/"
+    Devise::PasswordsController.any_instance.stubs(:after_resetting_password_path_for).with(@user).returns(custom_path)
+    put_update_with_params
+    assert_redirected_to custom_path
+  end
+end

data/test/controllers/sessions_controller_test.rb CHANGED

@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 require 'test_helper'
 class SessionsControllerTest < ActionController::TestCase
@@ -14,6 +13,34 @@ class SessionsControllerTest < ActionController::TestCase
     end
   end
+  test "#create delete the url stored in the session if the requested format is navigational" do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    request.session["user_return_to"] = 'foo.bar'
+    user = create_user
+    user.confirm!
+    post :create, :user => {
+      :email => user.email,
+      :password => user.password
+    }
+    assert_nil request.session["user_return_to"]
+  end
+  test "#create doesn't delete the url stored in the session if the requested format is not navigational" do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    request.session["user_return_to"] = 'foo.bar'
+    user = create_user
+    user.confirm!
+    post :create, :format => 'json', :user => {
+      :email => user.email,
+      :password => user.password
+    }
+    assert_equal 'foo.bar', request.session["user_return_to"]
+  end
   test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
     request.env["devise.mapping"] = Devise.mappings[:user]
     post :create, :user => {