loyal_devise 2.1.2

data/lib/devise/controllers/url_helpers.rb

@@ -0,0 +1,68 @@
+# -*- encoding : utf-8 -*-
+module Devise
+  module Controllers
+    # Create url helpers to be used with resource/scope configuration. Acts as
+    # proxies to the generated routes created by devise.
+    # Resource param can be a string or symbol, a class, or an instance object.
+    # Example using a :user resource:
+    #
+    #   new_session_path(:user)      => new_user_session_path
+    #   session_path(:user)          => user_session_path
+    #   destroy_session_path(:user)  => destroy_user_session_path
+    #
+    #   new_password_path(:user)     => new_user_password_path
+    #   password_path(:user)         => user_password_path
+    #   edit_password_path(:user)    => edit_user_password_path
+    #
+    #   new_confirmation_path(:user) => new_user_confirmation_path
+    #   confirmation_path(:user)     => user_confirmation_path
+    #
+    # Those helpers are included by default to ActionController::Base.
+    #
+    # In case you want to add such helpers to another class, you can do
+    # that as long as this new class includes both url_helpers and
+    # mounted_helpers. Example:
+    #
+    #     include Rails.application.routes.url_helpers
+    #     include Rails.application.routes.mounted_helpers
+    #
+    module UrlHelpers
+      def self.remove_helpers!
+        self.instance_methods.map(&:to_s).grep(/_(url|path)$/).each do |method|
+          remove_method method
+        end
+      end
+
+      def self.generate_helpers!(routes=nil)
+        routes ||= begin
+          mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
+          Devise::URL_HELPERS.slice(*mappings)
+        end
+
+        routes.each do |module_name, actions|
+          [:path, :url].each do |path_or_url|
+            actions.each do |action|
+              action = action ? "#{action}_" : ""
+              method = "#{action}#{module_name}_#{path_or_url}"
+
+              class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+                def #{method}(resource_or_scope, *args)
+                  scope = Devise::Mapping.find_scope!(resource_or_scope)
+                  _devise_route_context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
+                end
+              URL_HELPERS
+            end
+          end
+        end
+      end
+
+      generate_helpers!(Devise::URL_HELPERS)
+
+      private
+
+      def _devise_route_context
+        @_devise_route_context ||= send(Devise.available_router_name)
+      end
+    end
+  end
+end

data/lib/devise/delegator.rb

@@ -0,0 +1,17 @@
+# -*- encoding : utf-8 -*-
+module Devise
+  # Checks the scope in the given environment and returns the associated failure app.
+  class Delegator
+    def call(env)
+      failure_app(env).call(env)
+    end
+
+    def failure_app(env)
+      app = env["warden.options"] &&
+        (scope = env["warden.options"][:scope]) &&
+        Devise.mappings[scope.to_sym].failure_app
+
+      app || Devise::FailureApp
+    end
+  end
+end

data/lib/devise/failure_app.rb

@@ -0,0 +1,188 @@
+# -*- encoding : utf-8 -*-
+require "action_controller/metal"
+
+module Devise
+  # Failure application that will be called every time :warden is thrown from
+  # any strategy or hook. Responsible for redirect the user to the sign in
+  # page based on current scope and mapping. If no scope is given, redirect
+  # to the default_url.
+  class FailureApp < ActionController::Metal
+    include ActionController::RackDelegation
+    include ActionController::UrlFor
+    include ActionController::Redirecting
+
+    include Rails.application.routes.url_helpers
+    include Rails.application.routes.mounted_helpers
+
+    delegate :flash, :to => :request
+
+    def self.call(env)
+      @respond ||= action(:respond)
+      @respond.call(env)
+    end
+
+    def self.default_url_options(*args)
+      if defined?(ApplicationController)
+        ApplicationController.default_url_options(*args)
+      else
+        {}
+      end
+    end
+
+    def respond
+      if http_auth?
+        http_auth
+      elsif warden_options[:recall]
+        recall
+      else
+        redirect
+      end
+    end
+
+    def http_auth
+      self.status = 401
+      self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect}) if http_auth_header?
+      self.content_type = request.format.to_s
+      self.response_body = http_auth_body
+    end
+
+    def recall
+      env["PATH_INFO"]  = attempted_path
+      flash.now[:alert] = i18n_message(:invalid)
+      self.response = recall_app(warden_options[:recall]).call(env)
+    end
+
+    def redirect
+      store_location!
+      if flash[:timedout] && flash[:alert]
+        flash.keep(:timedout)
+        flash.keep(:alert)
+      else
+        flash[:alert] = i18n_message
+      end
+      redirect_to redirect_url
+    end
+
+  protected
+
+    def i18n_message(default = nil)
+      message = warden_message || default || :unauthenticated
+
+      if message.is_a?(Symbol)
+        I18n.t(:"#{scope}.#{message}", :resource_name => scope,
+               :scope => "devise.failure", :default => [message])
+      else
+        message.to_s
+      end
+    end
+
+    def redirect_url
+      if warden_message == :timeout
+        flash[:timedout] = true
+        attempted_path || scope_path
+      else
+        scope_path
+      end
+    end
+
+    def scope_path
+      opts  = {}
+      route = :"new_#{scope}_session_path"
+      opts[:format] = request_format unless skip_format?
+
+      config = Rails.application.config
+      opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root))
+
+      context = send(Devise.available_router_name)
+
+      if context.respond_to?(route)
+        context.send(route, opts)
+      elsif respond_to?(:root_path)
+        root_path(opts)
+      else
+        "/"
+      end
+    end
+
+    def skip_format?
+      %w(html */*).include? request_format.to_s
+    end
+
+    # Choose whether we should respond in a http authentication fashion,
+    # including 401 and optional headers.
+    #
+    # This method allows the user to explicitly disable http authentication
+    # on ajax requests in case they want to redirect on failures instead of
+    # handling the errors on their own. This is useful in case your ajax API
+    # is the same as your public API and uses a format like JSON (so you
+    # cannot mark JSON as a navigational format).
+    def http_auth?
+      if request.xhr?
+        Devise.http_authenticatable_on_xhr
+      else
+        !(request_format && is_navigational_format?)
+      end
+    end
+
+    # It does not make sense to send authenticate headers in ajax requests
+    # or if the user disabled them.
+    def http_auth_header?
+      Devise.mappings[scope].to.http_authenticatable && !request.xhr?
+    end
+
+    def http_auth_body
+      return i18n_message unless request_format
+      method = "to_#{request_format}"
+      if method == "to_xml"
+        { :error => i18n_message }.to_xml(:root => "errors")
+      elsif {}.respond_to?(method)
+        { :error => i18n_message }.send(method)
+      else
+        i18n_message
+      end
+    end
+
+    def recall_app(app)
+      controller, action = app.split("#")
+      controller_name  = ActiveSupport::Inflector.camelize(controller)
+      controller_klass = ActiveSupport::Inflector.constantize("#{controller_name}Controller")
+      controller_klass.action(action)
+    end
+
+    def warden
+      env['warden']
+    end
+
+    def warden_options
+      env['warden.options']
+    end
+
+    def warden_message
+      @message ||= warden.message || warden_options[:message]
+    end
+
+    def scope
+      @scope ||= warden_options[:scope] || Devise.default_scope
+    end
+
+    def attempted_path
+      warden_options[:attempted_path]
+    end
+
+    # Stores requested uri to redirect the user after signing in. We cannot use
+    # scoped session provided by warden here, since the user is not authenticated
+    # yet, but we still need to store the uri based on scope, so different scopes
+    # would never use the same uri to redirect.
+    def store_location!
+      session["#{scope}_return_to"] = attempted_path if request.get? && !http_auth?
+    end
+
+    def is_navigational_format?
+      Devise.navigational_formats.include?(request_format)
+    end
+
+    def request_format
+      @request_format ||= request.format.try(:ref)
+    end
+  end
+end

data/lib/devise/hooks/activatable.rb

@@ -0,0 +1,12 @@
+# -*- encoding : utf-8 -*-
+# Deny user access whenever his account is not active yet. All strategies that inherits from
+# Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication?
+# before actively signing him in. However, we need this as hook to validate the user activity
+# in each request and in case the user is using other strategies beside Devise ones.
+Warden::Manager.after_set_user do |record, warden, options|
+  if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication?
+    scope = options[:scope]
+    warden.logout(scope)
+    throw :warden, :scope => scope, :message => record.inactive_message
+  end
+end

data/lib/devise/hooks/forgetable.rb

@@ -0,0 +1,10 @@
+# -*- encoding : utf-8 -*-
+# Before logout hook to forget the user in the given scope, if it responds
+# to forget_me! Also clear remember token to ensure the user won't be
+# remembered again. Notice that we forget the user unless the record is not persisted.
+# This avoids forgetting deleted users.
+Warden::Manager.before_logout do |record, warden, options|
+  if record.respond_to?(:forget_me!)
+    Devise::Controllers::Rememberable::Proxy.new(warden).forget_me(record)
+  end
+end

data/lib/devise/hooks/lockable.rb

@@ -0,0 +1,8 @@
+# -*- encoding : utf-8 -*-
+# After each sign in, if resource responds to failed_attempts, sets it to 0
+# This is only triggered when the user is explicitly set (with set_user)
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
+    record.update_attribute(:failed_attempts, 0)
+  end
+end

data/lib/devise/hooks/rememberable.rb

@@ -0,0 +1,7 @@
+# -*- encoding : utf-8 -*-
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  scope = options[:scope]
+  if record.respond_to?(:remember_me) && record.remember_me && warden.authenticated?(scope)
+    Devise::Controllers::Rememberable::Proxy.new(warden).remember_me(record)
+  end
+end

data/lib/devise/hooks/timeoutable.rb

@@ -0,0 +1,26 @@
+# -*- encoding : utf-8 -*-
+# Each time a record is set we check whether its session has already timed out
+# or not, based on last request time. If so, the record is logged out and
+# redirected to the sign in page. Also, each time the request comes and the
+# record is set, we set the last request time inside its scoped session to
+# verify timeout in the following request.
+Warden::Manager.after_set_user do |record, warden, options|
+  scope = options[:scope]
+  env   = warden.request.env
+
+  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
+    last_request_at = warden.session(scope)['last_request_at']
+
+    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
+      warden.logout(scope)
+      if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout
+        record.reset_authentication_token!
+      end
+      throw :warden, :scope => scope, :message => :timeout
+    end
+
+    unless env['devise.skip_trackable']
+      warden.session(scope)['last_request_at'] = Time.now.utc
+    end
+  end
+end

data/lib/devise/hooks/trackable.rb

@@ -0,0 +1,10 @@
+# -*- encoding : utf-8 -*-
+# After each sign in, update sign in time, sign in count and sign in IP.
+# This is only triggered when the user is explicitly set (with set_user)
+# and on authentication. Retrieving the user from session (:fetch) does
+# not trigger it.
+Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+  if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_trackable']
+    record.update_tracked_fields!(warden.request)
+  end
+end

data/lib/devise/mailers/helpers.rb

@@ -0,0 +1,92 @@
+# -*- encoding : utf-8 -*-
+module Devise
+  module Mailers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        include Devise::Controllers::ScopedViews
+        attr_reader :scope_name, :resource
+      end
+
+      protected
+
+      # Configure default email options
+      def devise_mail(record, action)
+        initialize_from_record(record)
+        mail headers_for(action)
+      end
+
+      def initialize_from_record(record)
+        @scope_name = Devise::Mapping.find_scope!(record)
+        @resource   = instance_variable_set("@#{devise_mapping.name}", record)
+      end
+
+      def devise_mapping
+        @devise_mapping ||= Devise.mappings[scope_name]
+      end
+
+      def headers_for(action)
+        headers = {
+          :subject       => translate(devise_mapping, action),
+          :to            => resource.email,
+          :from          => mailer_sender(devise_mapping),
+          :reply_to      => mailer_reply_to(devise_mapping),
+          :template_path => template_paths
+        }
+
+        if resource.respond_to?(:headers_for)
+          headers.merge!(resource.headers_for(action))
+        end
+
+        headers
+      end
+
+      def mailer_reply_to(mapping)
+        mailer_sender(mapping, :reply_to)
+      end
+      
+      def mailer_from(mapping)
+        mailer_sender(mapping, :from)
+      end
+
+      def mailer_sender(mapping, sender = :from)
+        if default_params[sender].present?
+          default_params[sender]
+        elsif Devise.mailer_sender.is_a?(Proc)
+          Devise.mailer_sender.call(mapping.name)
+        else
+          Devise.mailer_sender
+        end
+      end
+
+      def template_paths
+        template_path = [self.class.mailer_name]
+        template_path.unshift "#{@devise_mapping.scoped_path}/mailer" if self.class.scoped_views?
+        template_path
+      end
+
+      # Setup a subject doing an I18n lookup. At first, it attemps to set a subject
+      # based on the current mapping:
+      #
+      #   en:
+      #     devise:
+      #       mailer:
+      #         confirmation_instructions:
+      #           user_subject: '...'
+      #
+      # If one does not exist, it fallbacks to ActionMailer default:
+      #
+      #   en:
+      #     devise:
+      #       mailer:
+      #         confirmation_instructions:
+      #           subject: '...'
+      #
+      def translate(mapping, key)
+        I18n.t(:"#{mapping.name}_subject", :scope => [:devise, :mailer, key],
+          :default => [:subject, key.to_s.humanize])
+      end
+    end
+  end
+end

data/lib/devise/mapping.rb

@@ -0,0 +1,173 @@
+# -*- encoding : utf-8 -*-
+module Devise
+  # Responsible for handling devise mappings and routes configuration. Each
+  # resource configured by devise_for in routes is actually creating a mapping
+  # object. You can refer to devise_for in routes for usage options.
+  #
+  # The required value in devise_for is actually not used internally, but it's
+  # inflected to find all other values.
+  #
+  #   map.devise_for :users
+  #   mapping = Devise.mappings[:user]
+  #
+  #   mapping.name #=> :user
+  #   # is the scope used in controllers and warden, given in the route as :singular.
+  #
+  #   mapping.as   #=> "users"
+  #   # how the mapping should be search in the path, given in the route as :as.
+  #
+  #   mapping.to   #=> User
+  #   # is the class to be loaded from routes, given in the route as :class_name.
+  #
+  #   mapping.modules  #=> [:authenticatable]
+  #   # is the modules included in the class
+  #
+  class Mapping #:nodoc:
+    attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers, :failure_app
+
+    alias :name :singular
+
+    # Receives an object and find a scope for it. If a scope cannot be found,
+    # raises an error. If a symbol is given, it's considered to be the scope.
+    def self.find_scope!(duck)
+      case duck
+      when String, Symbol
+        return duck
+      when Class
+        Devise.mappings.each_value { |m| return m.name if duck <= m.to }
+      else
+        Devise.mappings.each_value { |m| return m.name if duck.is_a?(m.to) }
+      end
+
+      raise "Could not find a valid mapping for #{duck.inspect}"
+    end
+
+    def self.find_by_path!(path, path_type=:fullpath)
+      Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) }
+      raise "Could not find a valid mapping for path #{path.inspect}"
+    end
+
+    def initialize(name, options) #:nodoc:
+      @scoped_path = options[:as] ? "#{options[:as]}/#{name}" : name.to_s
+      @singular = (options[:singular] || @scoped_path.tr('/', '_').singularize).to_sym
+
+      @class_name = (options[:class_name] || name.to_s.classify).to_s
+      @klass = Devise.ref(@class_name)
+
+      @path = (options[:path] || name).to_s
+      @path_prefix = options[:path_prefix]
+
+      @sign_out_via = options[:sign_out_via] || Devise.sign_out_via
+      @format = options[:format]
+
+      default_failure_app(options)
+      default_controllers(options)
+      default_path_names(options)
+      default_used_route(options)
+      default_used_helpers(options)
+    end
+
+    # Return modules for the mapping.
+    def modules
+      @modules ||= to.respond_to?(:devise_modules) ? to.devise_modules : []
+    end
+
+    # Gives the class the mapping points to.
+    def to
+      @klass.get
+    end
+
+    def strategies
+      @strategies ||= STRATEGIES.values_at(*self.modules).compact.uniq.reverse
+    end
+
+    def no_input_strategies
+      self.strategies & Devise::NO_INPUT
+    end
+
+    def routes
+      @routes ||= ROUTES.values_at(*self.modules).compact.uniq
+    end
+
+    def authenticatable?
+      @authenticatable ||= self.modules.any? { |m| m.to_s =~ /authenticatable/ }
+    end
+
+    def fullpath
+      "/#{@path_prefix}/#{@path}".squeeze("/")
+    end
+
+    # Create magic predicates for verifying what module is activated by this map.
+    # Example:
+    #
+    #   def confirmable?
+    #     self.modules.include?(:confirmable)
+    #   end
+    #
+    def self.add_module(m)
+      class_eval <<-METHOD, __FILE__, __LINE__ + 1
+        def #{m}?
+          self.modules.include?(:#{m})
+        end
+      METHOD
+    end
+
+    private
+
+    def default_failure_app(options)
+      @failure_app = options[:failure_app] || Devise::FailureApp
+      if @failure_app.is_a?(String)
+        ref = Devise.ref(@failure_app)
+        @failure_app = lambda { |env| ref.get.call(env) }
+      end
+    end
+
+    def default_controllers(options)
+      mod = options[:module] || "devise"
+      @controllers = Hash.new { |h,k| h[k] = "#{mod}/#{k}" }
+      @controllers.merge!(options[:controllers]) if options[:controllers]
+      @controllers.each { |k,v| @controllers[k] = v.to_s }
+    end
+
+    def default_path_names(options)
+      @path_names = Hash.new { |h,k| h[k] = k.to_s }
+      @path_names[:registration] = ""
+      @path_names.merge!(options[:path_names]) if options[:path_names]
+    end
+
+    def default_constraints(options)
+      @constraints = Hash.new
+      @constraints.merge!(options[:constraints]) if options[:constraints]
+    end
+
+    def default_defaults(options)
+      @defaults = Hash.new
+      @defaults.merge!(options[:defaults]) if options[:defaults]
+    end
+
+    def default_used_route(options)
+      singularizer = lambda { |s| s.to_s.singularize.to_sym }
+
+      if options.has_key?(:only)
+        @used_routes = self.routes & Array(options[:only]).map(&singularizer)
+      elsif options[:skip] == :all
+        @used_routes = []
+      else
+        @used_routes = self.routes - Array(options[:skip]).map(&singularizer)
+      end
+    end
+
+    def default_used_helpers(options)
+      singularizer = lambda { |s| s.to_s.singularize.to_sym }
+
+      if options[:skip_helpers] == true
+        @used_helpers = @used_routes
+      elsif skip = options[:skip_helpers]
+        @used_helpers = self.routes - Array(skip).map(&singularizer)
+      else
+        @used_helpers = self.routes
+      end
+    end
+  end
+end