namxam-devise 1.1.0.win

Sign up to get free protection for your applications and to get access to all the features.
Files changed (152) hide show
  1. data/CHANGELOG.rdoc +455 -0
  2. data/Gemfile +23 -0
  3. data/Gemfile.lock +118 -0
  4. data/MIT-LICENSE +20 -0
  5. data/README.rdoc +311 -0
  6. data/Rakefile +55 -0
  7. data/TODO +3 -0
  8. data/app/controllers/devise/confirmations_controller.rb +33 -0
  9. data/app/controllers/devise/passwords_controller.rb +41 -0
  10. data/app/controllers/devise/registrations_controller.rb +57 -0
  11. data/app/controllers/devise/sessions_controller.rb +23 -0
  12. data/app/controllers/devise/unlocks_controller.rb +34 -0
  13. data/app/helpers/devise_helper.rb +17 -0
  14. data/app/mailers/devise/mailer.rb +71 -0
  15. data/app/views/devise/confirmations/new.html.erb +12 -0
  16. data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  17. data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  18. data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  19. data/app/views/devise/passwords/edit.html.erb +16 -0
  20. data/app/views/devise/passwords/new.html.erb +12 -0
  21. data/app/views/devise/registrations/edit.html.erb +25 -0
  22. data/app/views/devise/registrations/new.html.erb +18 -0
  23. data/app/views/devise/sessions/new.html.erb +17 -0
  24. data/app/views/devise/shared/_links.erb +19 -0
  25. data/app/views/devise/unlocks/new.html.erb +12 -0
  26. data/config/locales/en.yml +39 -0
  27. data/lib/devise.rb +290 -0
  28. data/lib/devise/controllers/helpers.rb +231 -0
  29. data/lib/devise/controllers/internal_helpers.rb +98 -0
  30. data/lib/devise/controllers/scoped_views.rb +35 -0
  31. data/lib/devise/controllers/url_helpers.rb +41 -0
  32. data/lib/devise/encryptors/authlogic_sha512.rb +19 -0
  33. data/lib/devise/encryptors/base.rb +20 -0
  34. data/lib/devise/encryptors/bcrypt.rb +19 -0
  35. data/lib/devise/encryptors/clearance_sha1.rb +17 -0
  36. data/lib/devise/encryptors/restful_authentication_sha1.rb +22 -0
  37. data/lib/devise/encryptors/sha1.rb +25 -0
  38. data/lib/devise/encryptors/sha512.rb +25 -0
  39. data/lib/devise/failure_app.rb +107 -0
  40. data/lib/devise/hooks/activatable.rb +11 -0
  41. data/lib/devise/hooks/forgetable.rb +11 -0
  42. data/lib/devise/hooks/rememberable.rb +35 -0
  43. data/lib/devise/hooks/timeoutable.rb +22 -0
  44. data/lib/devise/hooks/trackable.rb +9 -0
  45. data/lib/devise/mapping.rb +103 -0
  46. data/lib/devise/models.rb +80 -0
  47. data/lib/devise/models/authenticatable.rb +126 -0
  48. data/lib/devise/models/confirmable.rb +164 -0
  49. data/lib/devise/models/database_authenticatable.rb +110 -0
  50. data/lib/devise/models/lockable.rb +165 -0
  51. data/lib/devise/models/recoverable.rb +81 -0
  52. data/lib/devise/models/registerable.rb +8 -0
  53. data/lib/devise/models/rememberable.rb +104 -0
  54. data/lib/devise/models/timeoutable.rb +26 -0
  55. data/lib/devise/models/token_authenticatable.rb +60 -0
  56. data/lib/devise/models/trackable.rb +30 -0
  57. data/lib/devise/models/validatable.rb +53 -0
  58. data/lib/devise/modules.rb +23 -0
  59. data/lib/devise/orm/active_record.rb +36 -0
  60. data/lib/devise/orm/mongoid.rb +29 -0
  61. data/lib/devise/path_checker.rb +18 -0
  62. data/lib/devise/rails.rb +69 -0
  63. data/lib/devise/rails/routes.rb +248 -0
  64. data/lib/devise/rails/warden_compat.rb +39 -0
  65. data/lib/devise/schema.rb +97 -0
  66. data/lib/devise/strategies/authenticatable.rb +111 -0
  67. data/lib/devise/strategies/base.rb +33 -0
  68. data/lib/devise/strategies/database_authenticatable.rb +21 -0
  69. data/lib/devise/strategies/rememberable.rb +43 -0
  70. data/lib/devise/strategies/token_authenticatable.rb +49 -0
  71. data/lib/devise/test_helpers.rb +90 -0
  72. data/lib/devise/version.rb +3 -0
  73. data/lib/generators/active_record/devise_generator.rb +28 -0
  74. data/lib/generators/active_record/templates/migration.rb +29 -0
  75. data/lib/generators/devise/devise_generator.rb +17 -0
  76. data/lib/generators/devise/install_generator.rb +24 -0
  77. data/lib/generators/devise/orm_helpers.rb +23 -0
  78. data/lib/generators/devise/templates/README +25 -0
  79. data/lib/generators/devise/templates/devise.rb +139 -0
  80. data/lib/generators/devise/views_generator.rb +63 -0
  81. data/lib/generators/devise_install_generator.rb +4 -0
  82. data/lib/generators/devise_views_generator.rb +4 -0
  83. data/lib/generators/mongoid/devise_generator.rb +17 -0
  84. data/test/controllers/helpers_test.rb +213 -0
  85. data/test/controllers/internal_helpers_test.rb +51 -0
  86. data/test/controllers/url_helpers_test.rb +58 -0
  87. data/test/devise_test.rb +65 -0
  88. data/test/encryptors_test.rb +30 -0
  89. data/test/failure_app_test.rb +123 -0
  90. data/test/integration/authenticatable_test.rb +344 -0
  91. data/test/integration/confirmable_test.rb +104 -0
  92. data/test/integration/database_authenticatable_test.rb +38 -0
  93. data/test/integration/http_authenticatable_test.rb +49 -0
  94. data/test/integration/lockable_test.rb +109 -0
  95. data/test/integration/recoverable_test.rb +141 -0
  96. data/test/integration/registerable_test.rb +153 -0
  97. data/test/integration/rememberable_test.rb +91 -0
  98. data/test/integration/timeoutable_test.rb +80 -0
  99. data/test/integration/token_authenticatable_test.rb +88 -0
  100. data/test/integration/trackable_test.rb +64 -0
  101. data/test/mailers/confirmation_instructions_test.rb +80 -0
  102. data/test/mailers/reset_password_instructions_test.rb +68 -0
  103. data/test/mailers/unlock_instructions_test.rb +62 -0
  104. data/test/mapping_test.rb +85 -0
  105. data/test/models/confirmable_test.rb +221 -0
  106. data/test/models/database_authenticatable_test.rb +148 -0
  107. data/test/models/lockable_test.rb +188 -0
  108. data/test/models/recoverable_test.rb +138 -0
  109. data/test/models/rememberable_test.rb +176 -0
  110. data/test/models/timeoutable_test.rb +28 -0
  111. data/test/models/token_authenticatable_test.rb +37 -0
  112. data/test/models/trackable_test.rb +5 -0
  113. data/test/models/validatable_test.rb +99 -0
  114. data/test/models_test.rb +77 -0
  115. data/test/orm/active_record.rb +9 -0
  116. data/test/orm/mongoid.rb +10 -0
  117. data/test/rails_app/app/active_record/admin.rb +3 -0
  118. data/test/rails_app/app/active_record/shim.rb +2 -0
  119. data/test/rails_app/app/active_record/user.rb +7 -0
  120. data/test/rails_app/app/controllers/admins_controller.rb +6 -0
  121. data/test/rails_app/app/controllers/application_controller.rb +9 -0
  122. data/test/rails_app/app/controllers/home_controller.rb +7 -0
  123. data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
  124. data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
  125. data/test/rails_app/app/controllers/sessions_controller.rb +6 -0
  126. data/test/rails_app/app/controllers/users_controller.rb +18 -0
  127. data/test/rails_app/app/helpers/application_helper.rb +3 -0
  128. data/test/rails_app/app/mongoid/admin.rb +6 -0
  129. data/test/rails_app/app/mongoid/shim.rb +16 -0
  130. data/test/rails_app/app/mongoid/user.rb +10 -0
  131. data/test/rails_app/config/application.rb +35 -0
  132. data/test/rails_app/config/boot.rb +13 -0
  133. data/test/rails_app/config/environment.rb +5 -0
  134. data/test/rails_app/config/environments/development.rb +19 -0
  135. data/test/rails_app/config/environments/production.rb +33 -0
  136. data/test/rails_app/config/environments/test.rb +33 -0
  137. data/test/rails_app/config/initializers/backtrace_silencers.rb +7 -0
  138. data/test/rails_app/config/initializers/devise.rb +136 -0
  139. data/test/rails_app/config/initializers/inflections.rb +2 -0
  140. data/test/rails_app/config/initializers/secret_token.rb +2 -0
  141. data/test/rails_app/config/routes.rb +47 -0
  142. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +27 -0
  143. data/test/rails_app/db/schema.rb +86 -0
  144. data/test/routes_test.rb +146 -0
  145. data/test/support/assertions.rb +24 -0
  146. data/test/support/helpers.rb +54 -0
  147. data/test/support/integration.rb +88 -0
  148. data/test/support/test_silencer.rb +5 -0
  149. data/test/support/webrat/integrations/rails.rb +32 -0
  150. data/test/test_helper.rb +21 -0
  151. data/test/test_helpers_test.rb +72 -0
  152. metadata +230 -0
@@ -0,0 +1,11 @@
1
+ # Before logout hook to forget the user in the given scope, if it responds
2
+ # to forget_me! Also clear remember token to ensure the user won't be
3
+ # remembered again. Notice that we forget the user unless the record is frozen.
4
+ # This avoids forgetting deleted users.
5
+ Warden::Manager.before_logout do |record, warden, options|
6
+ if record.respond_to?(:forget_me!)
7
+ record.forget_me! unless record.frozen?
8
+ options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
9
+ warden.cookies.delete("remember_#{options[:scope]}_token", options)
10
+ end
11
+ end
@@ -0,0 +1,35 @@
1
+ module Devise
2
+ module Hooks
3
+ # Overwrite success! in authentication strategies allowing users to be remembered.
4
+ # We choose to implement this as an strategy hook instead of a warden hook to allow a specific
5
+ # strategy (like token authenticatable or facebook authenticatable) to turn off remember_me?
6
+ # cookies.
7
+ module Rememberable #:nodoc:
8
+ def success!(resource)
9
+ super
10
+
11
+ if succeeded? && resource.respond_to?(:remember_me!) && remember_me?
12
+ resource.remember_me!
13
+
14
+ configuration = {
15
+ :value => resource.class.serialize_into_cookie(resource),
16
+ :expires => resource.remember_expires_at,
17
+ :path => "/"
18
+ }
19
+
20
+ configuration[:domain] = resource.cookie_domain if resource.cookie_domain?
21
+ cookies.signed["remember_#{scope}_token"] = configuration
22
+ end
23
+ end
24
+
25
+ protected
26
+
27
+ def remember_me?
28
+ valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
29
+ end
30
+ end
31
+ end
32
+ end
33
+
34
+ Devise::Strategies::Authenticatable.send :include, Devise::Hooks::Rememberable
35
+
@@ -0,0 +1,22 @@
1
+ # Each time a record is set we check whether its session has already timed out
2
+ # or not, based on last request time. If so, the record is logged out and
3
+ # redirected to the sign in page. Also, each time the request comes and the
4
+ # record is set, we set the last request time inside it's scoped session to
5
+ # verify timeout in the following request.
6
+ Warden::Manager.after_set_user do |record, warden, options|
7
+ scope = options[:scope]
8
+
9
+ if record && record.respond_to?(:timedout?) && warden.authenticated?(scope)
10
+ last_request_at = warden.session(scope)['last_request_at']
11
+
12
+ if record.timedout?(last_request_at)
13
+ path_checker = Devise::PathChecker.new(warden.env, scope)
14
+ unless path_checker.signing_out?
15
+ warden.logout(scope)
16
+ throw :warden, :scope => scope, :message => :timeout
17
+ end
18
+ end
19
+
20
+ warden.session(scope)['last_request_at'] = Time.now.utc
21
+ end
22
+ end
@@ -0,0 +1,9 @@
1
+ # After each sign in, update sign in time, sign in count and sign in IP.
2
+ # This is only triggered when the user is explicitly set (with set_user)
3
+ # and on authentication. Retrieving the user from session (:fetch) does
4
+ # not trigger it.
5
+ Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
6
+ if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope])
7
+ record.update_tracked_fields!(warden.request)
8
+ end
9
+ end
@@ -0,0 +1,103 @@
1
+ module Devise
2
+ # Responsible for handling devise mappings and routes configuration. Each
3
+ # resource configured by devise_for in routes is actually creating a mapping
4
+ # object. You can refer to devise_for in routes for usage options.
5
+ #
6
+ # The required value in devise_for is actually not used internally, but it's
7
+ # inflected to find all other values.
8
+ #
9
+ # map.devise_for :users
10
+ # mapping = Devise.mappings[:user]
11
+ #
12
+ # mapping.name #=> :user
13
+ # # is the scope used in controllers and warden, given in the route as :singular.
14
+ #
15
+ # mapping.as #=> "users"
16
+ # # how the mapping should be search in the path, given in the route as :as.
17
+ #
18
+ # mapping.to #=> User
19
+ # # is the class to be loaded from routes, given in the route as :class_name.
20
+ #
21
+ # mapping.modules #=> [:authenticatable]
22
+ # # is the modules included in the class
23
+ #
24
+ class Mapping #:nodoc:
25
+ attr_reader :singular, :plural, :path, :controllers, :path_names, :class_name
26
+ alias :name :singular
27
+
28
+ # Receives an object and find a scope for it. If a scope cannot be found,
29
+ # raises an error. If a symbol is given, it's considered to be the scope.
30
+ def self.find_scope!(duck)
31
+ case duck
32
+ when String, Symbol
33
+ return duck
34
+ when Class
35
+ Devise.mappings.each_value { |m| return m.name if duck <= m.to }
36
+ else
37
+ Devise.mappings.each_value { |m| return m.name if duck.is_a?(m.to) }
38
+ end
39
+
40
+ raise "Could not find a valid mapping for #{duck}"
41
+ end
42
+
43
+ def initialize(name, options) #:nodoc:
44
+ @plural = (options[:as] ? "#{options[:as]}_#{name}" : name).to_sym
45
+ @singular = (options[:singular] || @plural.to_s.singularize).to_sym
46
+
47
+ @class_name = (options[:class_name] || name.to_s.classify).to_s
48
+ @ref = ActiveSupport::Dependencies.ref(@class_name)
49
+
50
+ @path = (options[:path] || name).to_s
51
+ @path_prefix = options[:path_prefix]
52
+
53
+ mod = options[:module] || "devise"
54
+ @controllers = Hash.new { |h,k| h[k] = "#{mod}/#{k}" }
55
+ @controllers.merge!(options[:controllers] || {})
56
+
57
+ @path_names = Hash.new { |h,k| h[k] = k.to_s }
58
+ @path_names.merge!(:registration => "")
59
+ @path_names.merge!(options[:path_names] || {})
60
+ end
61
+
62
+ # Return modules for the mapping.
63
+ def modules
64
+ @modules ||= to.respond_to?(:devise_modules) ? to.devise_modules : []
65
+ end
66
+
67
+ # Gives the class the mapping points to.
68
+ def to
69
+ @ref.get
70
+ end
71
+
72
+ def strategies
73
+ @strategies ||= STRATEGIES.values_at(*self.modules).compact.uniq.reverse
74
+ end
75
+
76
+ def routes
77
+ @routes ||= ROUTES.values_at(*self.modules).compact.uniq
78
+ end
79
+
80
+ def authenticatable?
81
+ @authenticatable ||= self.modules.any? { |m| m.to_s =~ /authenticatable/ }
82
+ end
83
+
84
+ def fullpath
85
+ "#{@path_prefix}/#{@path}".squeeze("/")
86
+ end
87
+
88
+ # Create magic predicates for verifying what module is activated by this map.
89
+ # Example:
90
+ #
91
+ # def confirmable?
92
+ # self.modules.include?(:confirmable)
93
+ # end
94
+ #
95
+ def self.add_module(m)
96
+ class_eval <<-METHOD, __FILE__, __LINE__ + 1
97
+ def #{m}?
98
+ self.modules.include?(:#{m})
99
+ end
100
+ METHOD
101
+ end
102
+ end
103
+ end
@@ -0,0 +1,80 @@
1
+ module Devise
2
+ module Models
3
+ # Creates configuration values for Devise and for the given module.
4
+ #
5
+ # Devise::Models.config(Devise::Authenticable, :stretches, 10)
6
+ #
7
+ # The line above creates:
8
+ #
9
+ # 1) An accessor called Devise.stretches, which value is used by default;
10
+ #
11
+ # 2) Some class methods for your model Model.stretches and Model.stretches=
12
+ # which have higher priority than Devise.stretches;
13
+ #
14
+ # 3) And an instance method stretches.
15
+ #
16
+ # To add the class methods you need to have a module ClassMethods defined
17
+ # inside the given class.
18
+ #
19
+ def self.config(mod, *accessors) #:nodoc:
20
+ accessors.each do |accessor|
21
+ mod.class_eval <<-METHOD, __FILE__, __LINE__ + 1
22
+ def #{accessor}
23
+ if defined?(@#{accessor})
24
+ @#{accessor}
25
+ elsif superclass.respond_to?(:#{accessor})
26
+ superclass.#{accessor}
27
+ else
28
+ Devise.#{accessor}
29
+ end
30
+ end
31
+
32
+ def #{accessor}=(value)
33
+ @#{accessor} = value
34
+ end
35
+ METHOD
36
+ end
37
+ end
38
+
39
+ # Include the chosen devise modules in your model:
40
+ #
41
+ # devise :database_authenticatable, :confirmable, :recoverable
42
+ #
43
+ # You can also give any of the devise configuration values in form of a hash,
44
+ # with specific values for this model. Please check your Devise initializer
45
+ # for a complete description on those values.
46
+ #
47
+ def devise(*modules)
48
+ include Devise::Models::Authenticatable
49
+ options = modules.extract_options!
50
+
51
+ if modules.delete(:authenticatable)
52
+ ActiveSupport::Deprecation.warn ":authenticatable as module is deprecated. Please give :database_authenticatable instead.", caller
53
+ modules << :database_authenticatable
54
+ end
55
+
56
+ if modules.delete(:activatable)
57
+ ActiveSupport::Deprecation.warn ":activatable as module is deprecated. It's included in your model by default.", caller
58
+ end
59
+
60
+ if modules.delete(:http_authenticatable)
61
+ ActiveSupport::Deprecation.warn ":http_authenticatable as module is deprecated and is on by default. Revert by setting :http_authenticatable => false.", caller
62
+ end
63
+
64
+ self.devise_modules += Devise::ALL & modules.map(&:to_sym).uniq
65
+
66
+ devise_modules_hook! do
67
+ devise_modules.each { |m| include Devise::Models.const_get(m.to_s.classify) }
68
+ options.each { |key, value| send(:"#{key}=", value) }
69
+ end
70
+ end
71
+
72
+ # The hook which is called inside devise. So your ORM can include devise
73
+ # compatibility stuff.
74
+ def devise_modules_hook!
75
+ yield
76
+ end
77
+ end
78
+ end
79
+
80
+ require 'devise/models/authenticatable'
@@ -0,0 +1,126 @@
1
+ require 'devise/hooks/activatable'
2
+
3
+ module Devise
4
+ module Models
5
+ # Authenticable module. Holds common settings for authentication.
6
+ #
7
+ # == Configuration:
8
+ #
9
+ # You can overwrite configuration values by setting in globally in Devise,
10
+ # using devise method or overwriting the respective instance method.
11
+ #
12
+ # authentication_keys: parameters used for authentication. By default [:email].
13
+ #
14
+ # http_authenticatable: if this model allows http authentication. By default true.
15
+ # It also accepts an array specifying the strategies that should allow http.
16
+ #
17
+ # params_authenticatable: if this model allows authentication through request params. By default true.
18
+ # It also accepts an array specifying the strategies that should allow params authentication.
19
+ #
20
+ # == Active?
21
+ #
22
+ # Before authenticating an user and in each request, Devise checks if your model is active by
23
+ # calling model.active?. This method is overwriten by other devise modules. For instance,
24
+ # :confirmable overwrites .active? to only return true if your model was confirmed.
25
+ #
26
+ # You overwrite this method yourself, but if you do, don't forget to call super:
27
+ #
28
+ # def active?
29
+ # super && special_condition_is_valid?
30
+ # end
31
+ #
32
+ # Whenever active? returns false, Devise asks the reason why your model is inactive using
33
+ # the inactive_message method. You can overwrite it as well:
34
+ #
35
+ # def inactive_message
36
+ # special_condition_is_valid? ? super : :special_condition_is_not_valid
37
+ # end
38
+ #
39
+ module Authenticatable
40
+ extend ActiveSupport::Concern
41
+
42
+ included do
43
+ class_attribute :devise_modules, :instance_writer => false
44
+ self.devise_modules ||= []
45
+ end
46
+
47
+ # Check if the current object is valid for authentication. This method and
48
+ # find_for_authentication are the methods used in a Warden::Strategy to check
49
+ # if a model should be signed in or not.
50
+ #
51
+ # However, you should not overwrite this method, you should overwrite active? and
52
+ # inactive_message instead.
53
+ def valid_for_authentication?
54
+ if active?
55
+ block_given? ? yield : true
56
+ else
57
+ inactive_message
58
+ end
59
+ end
60
+
61
+ def active?
62
+ true
63
+ end
64
+
65
+ def inactive_message
66
+ :inactive
67
+ end
68
+
69
+ module ClassMethods
70
+ Devise::Models.config(self, :authentication_keys, :http_authenticatable, :params_authenticatable)
71
+
72
+ def params_authenticatable?(strategy)
73
+ params_authenticatable.is_a?(Array) ?
74
+ params_authenticatable.include?(strategy) : params_authenticatable
75
+ end
76
+
77
+ def http_authenticatable?(strategy)
78
+ http_authenticatable.is_a?(Array) ?
79
+ http_authenticatable.include?(strategy) : http_authenticatable
80
+ end
81
+
82
+ # Find first record based on conditions given (ie by the sign in form).
83
+ # Overwrite to add customized conditions, create a join, or maybe use a
84
+ # namedscope to filter records while authenticating.
85
+ # Example:
86
+ #
87
+ # def self.find_for_authentication(conditions={})
88
+ # conditions[:active] = true
89
+ # super
90
+ # end
91
+ #
92
+ def find_for_authentication(conditions)
93
+ find(:first, :conditions => conditions)
94
+ end
95
+
96
+ # Find an initialize a record setting an error if it can't be found.
97
+ def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
98
+ if value.present?
99
+ conditions = { attribute => value }
100
+ record = find(:first, :conditions => conditions)
101
+ end
102
+
103
+ unless record
104
+ record = new
105
+ if value.present?
106
+ record.send(:"#{attribute}=", value)
107
+ else
108
+ error = :blank
109
+ end
110
+ record.errors.add(attribute, error)
111
+ end
112
+
113
+ record
114
+ end
115
+
116
+ # Generate a token by looping and ensuring does not already exist.
117
+ def generate_token(column)
118
+ loop do
119
+ token = Devise.friendly_token
120
+ break token unless find(:first, :conditions => { column => token })
121
+ end
122
+ end
123
+ end
124
+ end
125
+ end
126
+ end
@@ -0,0 +1,164 @@
1
+ module Devise
2
+ module Models
3
+ # Confirmable is responsible to verify if an account is already confirmed to
4
+ # sign in, and to send emails with confirmation instructions.
5
+ # Confirmation instructions are sent to the user email after creating a
6
+ # record, after updating it's email and also when manually requested by
7
+ # a new confirmation instruction request.
8
+ # Whenever the user update it's email, his account is automatically unconfirmed,
9
+ # it means it won't be able to sign in again without confirming the account
10
+ # again through the email that was sent.
11
+ #
12
+ # Configuration:
13
+ #
14
+ # confirm_within: the time you want the user will have to confirm it's account
15
+ # without blocking his access. When confirm_within is zero, the
16
+ # user won't be able to sign in without confirming. You can
17
+ # use this to let your user access some features of your
18
+ # application without confirming the account, but blocking it
19
+ # after a certain period (ie 7 days). By default confirm_within is
20
+ # zero, it means users always have to confirm to sign in.
21
+ #
22
+ # Examples:
23
+ #
24
+ # User.find(1).confirm! # returns true unless it's already confirmed
25
+ # User.find(1).confirmed? # true/false
26
+ # User.find(1).send_confirmation_instructions # manually send instructions
27
+ # User.find(1).resend_confirmation! # generates a new token and resent it
28
+ module Confirmable
29
+ extend ActiveSupport::Concern
30
+
31
+ included do
32
+ before_create :generate_confirmation_token, :if => :confirmation_required?
33
+ after_create :send_confirmation_instructions, :if => :confirmation_required?
34
+ end
35
+
36
+ # Confirm a user by setting it's confirmed_at to actual time. If the user
37
+ # is already confirmed, add en error to email field
38
+ def confirm!
39
+ unless_confirmed do
40
+ self.confirmation_token = nil
41
+ self.confirmed_at = Time.now
42
+ save(:validate => false)
43
+ end
44
+ end
45
+
46
+ # Verifies whether a user is confirmed or not
47
+ def confirmed?
48
+ !!confirmed_at
49
+ end
50
+
51
+ # Send confirmation instructions by email
52
+ def send_confirmation_instructions
53
+ generate_confirmation_token! if self.confirmation_token.nil?
54
+ ::Devise.mailer.confirmation_instructions(self).deliver
55
+ end
56
+
57
+ # Resend confirmation token. This method does not need to generate a new token.
58
+ def resend_confirmation_token
59
+ unless_confirmed { send_confirmation_instructions }
60
+ end
61
+
62
+ # Overwrites active? from Devise::Models::Activatable for confirmation
63
+ # by verifying whether an user is active to sign in or not. If the user
64
+ # is already confirmed, it should never be blocked. Otherwise we need to
65
+ # calculate if the confirm time has not expired for this user.
66
+ def active?
67
+ super && (!confirmation_required? || confirmed? || confirmation_period_valid?)
68
+ end
69
+
70
+ # The message to be shown if the account is inactive.
71
+ def inactive_message
72
+ !confirmed? ? :unconfirmed : super
73
+ end
74
+
75
+ # If you don't want confirmation to be sent on create, neither a code
76
+ # to be generated, call skip_confirmation!
77
+ def skip_confirmation!
78
+ self.confirmed_at = Time.now
79
+ end
80
+
81
+ protected
82
+
83
+ # Callback to overwrite if confirmation is required or not.
84
+ def confirmation_required?
85
+ !confirmed?
86
+ end
87
+
88
+ # Checks if the confirmation for the user is within the limit time.
89
+ # We do this by calculating if the difference between today and the
90
+ # confirmation sent date does not exceed the confirm in time configured.
91
+ # Confirm_in is a model configuration, must always be an integer value.
92
+ #
93
+ # Example:
94
+ #
95
+ # # confirm_within = 1.day and confirmation_sent_at = today
96
+ # confirmation_period_valid? # returns true
97
+ #
98
+ # # confirm_within = 5.days and confirmation_sent_at = 4.days.ago
99
+ # confirmation_period_valid? # returns true
100
+ #
101
+ # # confirm_within = 5.days and confirmation_sent_at = 5.days.ago
102
+ # confirmation_period_valid? # returns false
103
+ #
104
+ # # confirm_within = 0.days
105
+ # confirmation_period_valid? # will always return false
106
+ #
107
+ def confirmation_period_valid?
108
+ confirmation_sent_at && confirmation_sent_at.utc >= self.class.confirm_within.ago
109
+ end
110
+
111
+ # Checks whether the record is confirmed or not, yielding to the block
112
+ # if it's already confirmed, otherwise adds an error to email.
113
+ def unless_confirmed
114
+ unless confirmed?
115
+ yield
116
+ else
117
+ self.errors.add(:email, :already_confirmed)
118
+ false
119
+ end
120
+ end
121
+
122
+ # Generates a new random token for confirmation, and stores the time
123
+ # this token is being generated
124
+ def generate_confirmation_token
125
+ self.confirmed_at = nil
126
+ self.confirmation_token = self.class.confirmation_token
127
+ self.confirmation_sent_at = Time.now.utc
128
+ end
129
+
130
+ def generate_confirmation_token!
131
+ generate_confirmation_token && save(:validate => false)
132
+ end
133
+
134
+ module ClassMethods
135
+ # Attempt to find a user by it's email. If a record is found, send new
136
+ # confirmation instructions to it. If not user is found, returns a new user
137
+ # with an email not found error.
138
+ # Options must contain the user email
139
+ def send_confirmation_instructions(attributes={})
140
+ confirmable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
141
+ confirmable.resend_confirmation_token if confirmable.persisted?
142
+ confirmable
143
+ end
144
+
145
+ # Find a user by it's confirmation token and try to confirm it.
146
+ # If no user is found, returns a new user with an error.
147
+ # If the user is already confirmed, create an error for the user
148
+ # Options must have the confirmation_token
149
+ def confirm_by_token(confirmation_token)
150
+ confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token)
151
+ confirmable.confirm! if confirmable.persisted?
152
+ confirmable
153
+ end
154
+
155
+ # Generate a token checking if one does not already exist in the database.
156
+ def confirmation_token
157
+ generate_token(:confirmation_token)
158
+ end
159
+
160
+ Devise::Models.config(self, :confirm_within)
161
+ end
162
+ end
163
+ end
164
+ end