loyal_devise 2.1.7 → 2.1.10

data/README.md

@@ -57,7 +57,7 @@ You can view the Devise documentation in RDoc format here:
 
 http://rubydoc.info/github/plataformatec/devise/master/frames
 
-If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation.
+If you need to use Devise with Rails 2.3, you can always run "gem server" from the command line after you install the gem to access the old documentation.
 
 ### Example applications
 
@@ -90,7 +90,7 @@ Once you have solidified your understanding of Rails and authentication mechanis
 
 ## Getting started
 
-Devise 3.0 works with Rails 3.2 onwards. You can add it to your Gemfile with:
+Devise 2.0 works with Rails 3.1 onwards. You can add it to your Gemfile with:
 
 ```ruby
 gem 'devise'
@@ -110,7 +110,7 @@ The generator will install an initializer which describes ALL Devise's configura
 rails generate devise MODEL
 ```
 
-Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller.
+Replace MODEL by the class name used for the applications users, it's frequently 'User' but could also be 'Admin'. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run "rake db:migrate" as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller.
 
 Note that you should re-start your app here if you've already started it. Otherwise you'll run into strange errors like users being unable to login and the route helpers being undefined.
 
@@ -200,32 +200,6 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-If you have multiple roles, you may want to set up different parameter sanitizer per role. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic:
-
-```ruby
-class User::ParameterSanitizer < Devise::ParameterSanitizer
-  def sign_in
-    default_params.permit(:username, :email)
-  end
-end
-```
-
-And then configure your controllers to use it:
-
-```ruby
-class ApplicationController < ActionController::Base
-  protected
-
-  def devise_parameter_sanitizer
-    if resource_class.is_a?(User)
-      User::ParameterSanitizer.new(User, :user, params)
-    else
-      super # Use the default one
-    end
-  end
-end
-```
-
 The example above overrides the permitted parameters for the user to be both `:username` and `:email`. The non-lazy way to configure parameters would be by defining the before filter above in a custom controller. We detail how to configure and customize controllers in some sections below.
 
 ### Configuring views
@@ -250,24 +224,22 @@ rails generate devise:views users
 
 If the customization at the views level is not enough, you can customize each controller by following these steps:
 
-1. Create your custom controller, for example a `Admins::SessionsController`:  
-
-    ```ruby
-    class Admins::SessionsController < Devise::SessionsController
-    end
-    ```
+1) Create your custom controller, for example a Admins::SessionsController:
 
-    Note that in the above example, the controller needs to be created in the `app/controller/admins/` directory.
+```ruby
+class Admins::SessionsController < Devise::SessionsController
+end
+```
 
-2. Tell the router to use this controller:
+2) Tell the router to use this controller:
 
-    ```ruby
-    devise_for :admins, :controllers => { :sessions => "admins/sessions" }
-    ```
+```ruby
+devise_for :admins, :controllers => { :sessions => "admins/sessions" }
+```
 
-3. And since we changed the controller, it won't use the `"devise/sessions"` views, so remember to copy `"devise/sessions"` to `"admin/sessions"`.
+3) And since we changed the controller, it won't use the "devise/sessions" views, so remember to copy "devise/sessions" to "admin/sessions".
 
-    Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `"flash[:notice]"` and `"flash[:alert]"` as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display.
+Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display.
 
 ### Configuring routes
 
@@ -359,14 +331,12 @@ sign_out @user         # sign_out(resource)
 
 There are two things that is important to keep in mind:
 
-1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
+1) These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
 
-2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
+2) If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
 
-    ```ruby
     @request.env["devise.mapping"] = Devise.mappings[:user]
     get :new
-    ```
 
 ### Omniauth
 

data/app/controllers/devise/passwords_controller.rb

@@ -53,7 +53,7 @@ class Devise::PasswordsController < DeviseController
     # Check if a reset_password_token is provided in the request
     def assert_reset_token_passed
       if params[:reset_password_token].blank?
-        set_flash_message(:alert, :no_token)
+        set_flash_message(:error, :no_token)
         redirect_to new_session_path(resource_name)
       end
     end

data/app/controllers/devise/registrations_controller.rb

@@ -10,7 +10,7 @@ class Devise::RegistrationsController < DeviseController
 
   # POST /resource
   def create
-    build_resource(sign_up_params)
+    self.resource = build_resource(sign_up_params)
 
     if resource.save
       if resource.active_for_authentication?

data/lib/devise/controllers/helpers.rb

@@ -272,12 +272,9 @@ module Devise
       # Overwrite Rails' handle unverified request to sign out all scopes,
       # clear run strategies and remove cached variables.
       def handle_unverified_request
-        if sign_in?
-          sign_out_all_scopes(false)
-          request.env["devise.skip_storage"] = true
-          expire_devise_cached_variables!
-        end
-
+        sign_out_all_scopes(false)
+        request.env["devise.skip_storage"] = true
+        expire_devise_cached_variables!
         super # call the default behaviour which resets the session
       end
 

data/lib/devise/failure_app.rb

@@ -78,14 +78,7 @@ module Devise
     def redirect_url
       if warden_message == :timeout
         flash[:timedout] = true
-
-        path = if request.get?
-          attempted_path
-        else
-          request.referrer
-        end
-
-        path || scope_path
+        attempted_path || scope_path
       else
         scope_path
       end

data/lib/devise/hooks/lockable.rb

@@ -2,6 +2,6 @@
 # This is only triggered when the user is explicitly set (with set_user)
 Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
   if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
-    record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.zero?
+    record.update_attribute(:failed_attempts, 0)
   end
 end

data/lib/devise/mapping.rb

@@ -29,17 +29,17 @@ module Devise
 
     # Receives an object and find a scope for it. If a scope cannot be found,
     # raises an error. If a symbol is given, it's considered to be the scope.
-    def self.find_scope!(obj)
-      case obj
+    def self.find_scope!(duck)
+      case duck
       when String, Symbol
-        return obj
+        return duck
       when Class
-        Devise.mappings.each_value { |m| return m.name if obj <= m.to }
+        Devise.mappings.each_value { |m| return m.name if duck <= m.to }
       else
-        Devise.mappings.each_value { |m| return m.name if obj.is_a?(m.to) }
+        Devise.mappings.each_value { |m| return m.name if duck.is_a?(m.to) }
       end
 
-      raise "Could not find a valid mapping for #{obj.inspect}"
+      raise "Could not find a valid mapping for #{duck.inspect}"
     end
 
     def self.find_by_path!(path, path_type=:fullpath)

data/lib/devise/models/authenticatable.rb

@@ -21,7 +21,7 @@ module Devise
     #     as key on authentication. This can also be a hash where the value is a boolean specifying
     #     if the value is required or not.
     #
-    #   * +http_authenticatable+: if this model allows http authentication. By default false.
+    #   * +http_authenticatable+: if this model allows http authentication. By default true.
     #     It also accepts an array specifying the strategies that should allow http.
     #
     #   * +params_authenticatable+: if this model allows authentication through request params. By default true.
@@ -243,7 +243,7 @@ module Devise
         end
 
         def find_first_by_auth_conditions(tainted_conditions, opts={})
-          to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts))
+          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
         end
 
         # Find an initialize a record setting an error if it can't be found.
@@ -275,8 +275,8 @@ module Devise
 
         protected
 
-        def devise_parameter_filter
-          @devise_parameter_filter ||= Devise::ParameterFilter.new(case_insensitive_keys, strip_whitespace_keys)
+        def devise_param_filter
+          @devise_param_filter ||= Devise::ParamFilter.new(case_insensitive_keys, strip_whitespace_keys)
         end
 
         # Generate a token by looping and ensuring does not already exist.

data/lib/devise/models/confirmable.rb

@@ -93,7 +93,7 @@ module Devise
         self.confirmation_token = nil if reconfirmation_required?
         @reconfirmation_required = false
 
-        ensure_confirmation_token!
+        generate_confirmation_token! if self.confirmation_token.blank?
 
         opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { }
         send_devise_notification(:confirmation_instructions, opts)
@@ -106,11 +106,6 @@ module Devise
           send_confirmation_instructions
         end
       end
-      
-      # Generate a confirmation token unless already exists and save the record.
-      def ensure_confirmation_token!
-        generate_confirmation_token! if should_generate_confirmation_token?
-      end 
 
       # Overwrites active_for_authentication? for confirmation
       # by verifying whether a user is active to sign in or not. If the user
@@ -144,9 +139,6 @@ module Devise
       end
 
       protected
-        def should_generate_confirmation_token?
-          confirmation_token.nil? || confirmation_period_expired?
-        end
 
         # A callback method used to deliver confirmation
         # instructions on creation. This can be overriden
@@ -235,17 +227,17 @@ module Devise
         end
 
         def postpone_email_change?
-          postpone = self.class.reconfirmable && email_changed? && !@bypass_postpone && !self.email.blank?
+          postpone = self.class.reconfirmable && email_changed? && !@bypass_postpone
           @bypass_postpone = false
           postpone
         end
 
         def reconfirmation_required?
-          self.class.reconfirmable && @reconfirmation_required && !self.email.blank?
+          self.class.reconfirmable && @reconfirmation_required
         end
 
         def send_confirmation_notification?
-          confirmation_required? && !@skip_confirmation_notification && !self.email.blank?
+          confirmation_required? && !@skip_confirmation_notification
         end
 
       module ClassMethods

data/lib/devise/models/database_authenticatable.rb

@@ -81,7 +81,7 @@ module Devise
       #
       # Example:
       #
-      #   def update_without_password(params, *options)
+      #   def update_without_password(params={})
       #     params.delete(:email)
       #     super(params)
       #   end

data/lib/devise/models/lockable.rb

@@ -55,7 +55,7 @@ module Devise
 
       # Verifies whether a user is locked or not.
       def access_locked?
-        !!locked_at && !lock_expired?
+        locked_at && !lock_expired?
       end
 
       # Send unlock instructions by email

data/lib/devise/models/recoverable.rb

@@ -44,15 +44,10 @@ module Devise
 
       # Resets reset password token and send reset password instructions by email
       def send_reset_password_instructions
-        ensure_reset_password_token!
+        generate_reset_password_token! if should_generate_reset_token?
         send_devise_notification(:reset_password_instructions)
       end
-      
-      # Generate reset password token unless already exists and save the record.
-      def ensure_reset_password_token!
-        generate_reset_password_token! if should_generate_reset_token?
-      end 
-      
+
       # Checks if the reset password token sent is within the limit time.
       # We do this by calculating if the difference between today and the
       # sending date does not exceed the confirm in time configured.

data/lib/devise/models/rememberable.rb

@@ -50,7 +50,7 @@ module Devise
       def remember_me!(extend_period=false)
         self.remember_token = self.class.remember_token if generate_remember_token?
         self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
-        save(:validate => false) if self.changed?
+        save(:validate => false)
       end
 
       # If the record is persisted, remove the remember token (but only if

data/lib/devise/{parameter_filter.rb → param_filter.rb}

@@ -1,5 +1,5 @@
 module Devise
-  class ParameterFilter
+  class ParamFilter
     def initialize(case_insensitive_keys, strip_whitespace_keys)
       @case_insensitive_keys = case_insensitive_keys || []
       @strip_whitespace_keys = strip_whitespace_keys || []

data/lib/devise/parameter_sanitizer.rb

@@ -41,15 +41,15 @@ module Devise
     end
 
     def sign_in
-      default_params.permit(*auth_keys)
+      default_params.permit(auth_keys)
     end
 
     def sign_up
-      default_params.permit(*(auth_keys + [:password, :password_confirmation]))
+      default_params.permit(auth_keys + [:password, :password_confirmation])
     end
 
     def account_update
-      default_params.permit(*(auth_keys + [:password, :password_confirmation, :current_password]))
+      default_params.permit(auth_keys + [:password, :password_confirmation, :current_password])
     end
 
     def auth_keys

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.0.0.rc".freeze
+  VERSION = "2.2.4".freeze
 end

data/lib/devise.rb

@@ -9,7 +9,7 @@ module Devise
   autoload :Delegator,          'devise/delegator'
   autoload :FailureApp,         'devise/failure_app'
   autoload :OmniAuth,           'devise/omniauth'
-  autoload :ParameterFilter,    'devise/parameter_filter'
+  autoload :ParamFilter,        'devise/param_filter'
   autoload :BaseSanitizer,      'devise/parameter_sanitizer'
   autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
   autoload :TestHelpers,        'devise/test_helpers'

data/lib/generators/templates/README

@@ -21,7 +21,7 @@ Some setup you must do manually if you haven't yet:
        <p class="notice"><%= notice %></p>
        <p class="alert"><%= alert %></p>
 
-  4. If you are deploying on Heroku with Rails 3.2 only, you may want to set:
+  4. If you are deploying Rails 3.1+ on Heroku, you may want to set:
 
        config.assets.initialize_on_precompile = false
 

data/lib/loyal_devise.rb

@@ -0,0 +1 @@
+require 'devise'