namxam-devise 1.1.0.win

data/lib/devise/controllers/internal_helpers.rb

@@ -0,0 +1,98 @@
+module Devise
+  module Controllers
+    # Those helpers are used only inside Devise controllers and should not be
+    # included in ApplicationController since they all depend on the url being
+    # accessed.
+    module InternalHelpers #:nodoc:
+      extend ActiveSupport::Concern
+      include Devise::Controllers::ScopedViews
+
+      included do
+        helper DeviseHelper
+
+        helpers = %w(resource scope_name resource_name
+                     resource_class devise_mapping devise_controller?)
+        hide_action *helpers
+        helper_method *helpers
+
+        prepend_before_filter :is_devise_resource?
+        skip_before_filter *Devise.mappings.keys.map { |m| :"authenticate_#{m}!" }
+      end
+
+      # Gets the actual resource stored in the instance variable
+      def resource
+        instance_variable_get(:"@#{resource_name}")
+      end
+
+      # Proxy to devise map name
+      def resource_name
+        devise_mapping.name
+      end
+      alias :scope_name :resource_name
+
+      # Proxy to devise map class
+      def resource_class
+        devise_mapping.to
+      end
+
+      # Attempt to find the mapped route for devise based on request path
+      def devise_mapping
+        @devise_mapping ||= request.env["devise.mapping"]
+      end
+
+      # Overwrites devise_controller? to return true
+      def devise_controller?
+        true
+      end
+
+    protected
+
+      # Checks whether it's a devise mapped resource or not.
+      def is_devise_resource? #:nodoc:
+        raise ActionController::UnknownAction unless devise_mapping
+      end
+
+      # Sets the resource creating an instance variable
+      def resource=(new_resource)
+        instance_variable_set(:"@#{resource_name}", new_resource)
+      end
+
+      # Build a devise resource.
+      def build_resource(hash=nil)
+        hash ||= params[resource_name] || {}
+        self.resource = resource_class.new(hash)
+      end
+
+      # Helper for use in before_filters where no authentication is required.
+      #
+      # Example:
+      #   before_filter :require_no_authentication, :only => :new
+      def require_no_authentication
+        redirect_to after_sign_in_path_for(resource_name) if warden.authenticated?(resource_name)
+      end
+
+      # Sets the flash message with :key, using I18n. By default you are able
+      # to setup your messages using specific resource scope, and if no one is
+      # found we look to default scope.
+      # Example (i18n locale file):
+      #
+      #   en:
+      #     devise:
+      #       passwords:
+      #         #default_scope_messages - only if resource_scope is not found
+      #         user:
+      #           #resource_scope_messages
+      #
+      # Please refer to README or en.yml locale file to check what messages are
+      # available.
+      def set_flash_message(key, kind)
+        flash[key] = I18n.t(:"#{resource_name}.#{kind}", :resource_name => resource_name,
+                            :scope => [:devise, controller_name.to_sym], :default => kind)
+      end
+
+      def clean_up_passwords(object)
+        object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
+      end
+    end
+  end
+end

data/lib/devise/controllers/scoped_views.rb

@@ -0,0 +1,35 @@
+module Devise
+  module Controllers
+    module ScopedViews
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def scoped_views?
+          defined?(@scoped_views) ? @scoped_views : Devise.scoped_views
+        end
+
+        def scoped_views=(value)
+          @scoped_views = value
+        end
+      end
+
+    protected
+
+      # Render a view for the specified scope. Turned off by default.
+      # Accepts just :controller as option.
+      def render_with_scope(action, options={})
+        controller_name = options.delete(:controller) || self.controller_name
+
+        if self.class.scoped_views?
+          begin
+            render :template => "#{devise_mapping.plural}/#{controller_name}/#{action}"
+          rescue ActionView::MissingTemplate
+            render :template => "#{controller_path}/#{action}"
+          end
+        else
+          render :template => "#{controller_path}/#{action}"
+        end
+      end
+    end
+  end
+end

data/lib/devise/controllers/url_helpers.rb

@@ -0,0 +1,41 @@
+module Devise
+  module Controllers
+    # Create url helpers to be used with resource/scope configuration. Acts as
+    # proxies to the generated routes created by devise.
+    # Resource param can be a string or symbol, a class, or an instance object.
+    # Example using a :user resource:
+    #
+    #   new_session_path(:user)      => new_user_session_path
+    #   session_path(:user)          => user_session_path
+    #   destroy_session_path(:user)  => destroy_user_session_path
+    #
+    #   new_password_path(:user)     => new_user_password_path
+    #   password_path(:user)         => user_password_path
+    #   edit_password_path(:user)    => edit_user_password_path
+    #
+    #   new_confirmation_path(:user) => new_user_confirmation_path
+    #   confirmation_path(:user)     => user_confirmation_path
+    #
+    # Those helpers are added to your ApplicationController.
+    module UrlHelpers
+
+      Devise::ROUTES.values.uniq.each do |module_name|
+        [:path, :url].each do |path_or_url|
+          actions = [ nil, :new_ ]
+          actions << :edit_    if [:password, :registration].include?(module_name)
+          actions << :destroy_ if [:session].include?(module_name)
+
+          actions.each do |action|
+            class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
+              def #{action}#{module_name}_#{path_or_url}(resource_or_scope, *args)
+                scope = Devise::Mapping.find_scope!(resource_or_scope)
+                send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
+              end
+            URL_HELPERS
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/devise/encryptors/authlogic_sha512.rb

@@ -0,0 +1,19 @@
+require "digest/sha2"
+
+module Devise
+  module Encryptors
+    # = AuthlogicSha512
+    # Simulates Authlogic's default encryption mechanism.
+    # Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to silumate
+    #  the default behavior.
+    class AuthlogicSha512 < Base
+      # Gererates a default password digest based on salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = [password, salt].flatten.join('')
+        stretches.times { digest = Digest::SHA512.hexdigest(digest) }
+        digest
+      end
+    end
+  end
+end

data/lib/devise/encryptors/base.rb

@@ -0,0 +1,20 @@
+module Devise
+  # Implements a way of adding different encryptions.
+  # The class should implement a self.digest method that taks the following params:
+  #   - password
+  #   - stretches: the number of times the encryption will be applied
+  #   - salt: the password salt as defined by devise
+  #   - pepper: Devise config option
+  #
+  module Encryptors
+    class Base
+      def self.digest
+        raise NotImplemented
+      end
+
+      def self.salt(stretches)
+        Devise.friendly_token
+      end
+    end
+  end
+end

data/lib/devise/encryptors/bcrypt.rb

@@ -0,0 +1,19 @@
+require "bcrypt"
+
+module Devise
+  module Encryptors
+    # = BCrypt
+    # Uses the BCrypt hash algorithm to encrypt passwords.
+    class Bcrypt < Base
+      # Gererates a default password digest based on stretches, salt, pepper and the
+      # incoming password. We don't strech it ourselves since BCrypt does so internally.
+      def self.digest(password, stretches, salt, pepper)
+        ::BCrypt::Engine.hash_secret([password, pepper].join, salt, stretches)
+      end
+
+      def self.salt(stretches)
+        ::BCrypt::Engine.generate_salt(stretches)
+      end
+    end
+  end
+end

data/lib/devise/encryptors/clearance_sha1.rb

@@ -0,0 +1,17 @@
+require "digest/sha1"
+
+module Devise
+  module Encryptors
+    # = ClearanceSha1
+    # Simulates Clearance's default encryption mechanism.
+    # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
+    # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
+    class ClearanceSha1 < Base
+      # Gererates a default password digest based on salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+      end
+    end
+  end
+end

data/lib/devise/encryptors/restful_authentication_sha1.rb

@@ -0,0 +1,22 @@
+require "digest/sha1"
+
+module Devise
+  module Encryptors
+    # = RestfulAuthenticationSha1
+    # Simulates Restful Authentication's default encryption mechanism.
+    # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
+    # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in 
+    # the initializer to silumate the default behavior.
+    class RestfulAuthenticationSha1 < Base
+      
+      # Gererates a default password digest based on salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = pepper
+        stretches.times { digest = Digest::SHA1.hexdigest([digest, salt, password, pepper].flatten.join('--')) }
+        digest
+      end
+
+    end
+  end
+end

data/lib/devise/encryptors/sha1.rb

@@ -0,0 +1,25 @@
+require "digest/sha1"
+
+module Devise
+  module Encryptors
+    # = Sha1
+    # Uses the Sha1 hash algorithm to encrypt passwords.
+    class Sha1 < Base
+      # Gererates a default password digest based on stretches, salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = pepper
+        stretches.times { digest = self.secure_digest(salt, digest, password, pepper) }
+        digest
+      end
+
+    private
+
+      # Generate a SHA1 digest joining args. Generated token is something like
+      #   --arg1--arg2--arg3--argN--
+      def self.secure_digest(*tokens)
+        ::Digest::SHA1.hexdigest('--' << tokens.flatten.join('--') << '--')
+      end
+    end
+  end
+end

data/lib/devise/encryptors/sha512.rb

@@ -0,0 +1,25 @@
+require "digest/sha2"
+
+module Devise
+  module Encryptors
+    # = Sha512
+    # Uses the Sha512 hash algorithm to encrypt passwords.
+    class Sha512 < Base
+      # Gererates a default password digest based on salt, pepper and the
+      # incoming password.
+      def self.digest(password, stretches, salt, pepper)
+        digest = pepper
+        stretches.times { digest = self.secure_digest(salt, digest, password, pepper) }
+        digest
+      end
+
+    private
+
+      # Generate a Sha512 digest joining args. Generated token is something like
+      #   --arg1--arg2--arg3--argN--
+      def self.secure_digest(*tokens)
+        ::Digest::SHA512.hexdigest('--' << tokens.flatten.join('--') << '--')
+      end
+    end
+  end
+end

data/lib/devise/failure_app.rb

@@ -0,0 +1,107 @@
+require "action_controller/metal"
+
+module Devise
+  # Failure application that will be called every time :warden is thrown from
+  # any strategy or hook. Responsible for redirect the user to the sign in
+  # page based on current scope and mapping. If no scope is given, redirect
+  # to the default_url.
+  class FailureApp < ActionController::Metal
+    include ActionController::RackDelegation
+    include ActionController::UrlFor
+    include ActionController::Redirecting
+    include Rails.application.routes.url_helpers
+
+    delegate :flash, :to => :request
+
+    def self.call(env)
+      action(:respond).call(env)
+    end
+
+    def self.default_url_options(*args)
+      ApplicationController.default_url_options(*args)
+    end
+
+    def respond
+      if http_auth?
+        http_auth
+      elsif warden_options[:recall]
+        recall
+      else
+        redirect
+      end
+    end
+
+    def http_auth
+      self.status = 401
+      self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect})
+      self.content_type = request.format.to_s
+      self.response_body = http_auth_body
+    end
+
+    def recall
+      env["PATH_INFO"]  = attempted_path
+      flash.now[:alert] = i18n_message(:invalid)
+      self.response = recall_controller.action(warden_options[:recall]).call(env)
+    end
+
+    def redirect
+      store_location!
+      flash[:alert] = i18n_message unless flash[:notice]
+      redirect_to redirect_url
+    end
+
+  protected
+
+    def i18n_message(default = nil)
+      message = warden.message || warden_options[:message] || default || :unauthenticated
+
+      if message.is_a?(Symbol)
+        I18n.t(:"#{scope}.#{message}", :resource_name => scope,
+               :scope => "devise.failure", :default => [message, message.to_s])
+      else
+        message.to_s
+      end
+    end
+
+    def redirect_url
+      send(:"new_#{scope}_session_path")
+    end
+
+    def http_auth?
+      !Devise.navigational_formats.include?(request.format.to_sym) || (request.xhr? && Devise.http_authenticatable_on_xhr)
+    end
+
+    def http_auth_body
+      method = :"to_#{request.format.to_sym}"
+      {}.respond_to?(method) ? { :error => i18n_message }.send(method) : i18n_message
+    end
+
+    def recall_controller
+      "#{params[:controller].camelize}Controller".constantize
+    end
+
+    def warden
+      env['warden']
+    end
+
+    def warden_options
+      env['warden.options']
+    end
+
+    def scope
+      @scope ||= warden_options[:scope]
+    end
+
+    def attempted_path
+      warden_options[:attempted_path]
+    end
+
+    # Stores requested uri to redirect the user after signing in. We cannot use
+    # scoped session provided by warden here, since the user is not authenticated
+    # yet, but we still need to store the uri based on scope, so different scopes
+    # would never use the same uri to redirect.
+    def store_location!
+      session[:"#{scope}_return_to"] = attempted_path if request.get? && !http_auth?
+    end
+  end
+end

data/lib/devise/hooks/activatable.rb

@@ -0,0 +1,11 @@
+# Deny user access whenever his account is not active yet. All strategies that inherits from
+# Devise::Strategies::Authenticatable and uses the validate already check if the user is active?
+# before actively signing him in. However, we need this as hook to validate the user activity
+# in each request and in case the user is using other strategies beside Devise ones.
+Warden::Manager.after_set_user do |record, warden, options|
+  if record && record.respond_to?(:active?) && !record.active?
+    scope = options[:scope]
+    warden.logout(scope)
+    throw :warden, :scope => scope, :message => record.inactive_message
+  end
+end