ultra-max-kit 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. checksums.yaml +7 -0
  2. data/devise-5.0.4/CHANGELOG.md +88 -0
  3. data/devise-5.0.4/MIT-LICENSE +21 -0
  4. data/devise-5.0.4/README.md +776 -0
  5. data/devise-5.0.4/app/controllers/devise/confirmations_controller.rb +54 -0
  6. data/devise-5.0.4/app/controllers/devise/omniauth_callbacks_controller.rb +36 -0
  7. data/devise-5.0.4/app/controllers/devise/passwords_controller.rb +88 -0
  8. data/devise-5.0.4/app/controllers/devise/registrations_controller.rb +169 -0
  9. data/devise-5.0.4/app/controllers/devise/sessions_controller.rb +83 -0
  10. data/devise-5.0.4/app/controllers/devise/unlocks_controller.rb +52 -0
  11. data/devise-5.0.4/app/controllers/devise_controller.rb +226 -0
  12. data/devise-5.0.4/app/helpers/devise_helper.rb +5 -0
  13. data/devise-5.0.4/app/mailers/devise/mailer.rb +30 -0
  14. data/devise-5.0.4/app/views/devise/confirmations/new.html.erb +16 -0
  15. data/devise-5.0.4/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
  16. data/devise-5.0.4/app/views/devise/mailer/email_changed.html.erb +7 -0
  17. data/devise-5.0.4/app/views/devise/mailer/password_change.html.erb +3 -0
  18. data/devise-5.0.4/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
  19. data/devise-5.0.4/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
  20. data/devise-5.0.4/app/views/devise/passwords/edit.html.erb +25 -0
  21. data/devise-5.0.4/app/views/devise/passwords/new.html.erb +16 -0
  22. data/devise-5.0.4/app/views/devise/registrations/edit.html.erb +42 -0
  23. data/devise-5.0.4/app/views/devise/registrations/new.html.erb +29 -0
  24. data/devise-5.0.4/app/views/devise/sessions/new.html.erb +26 -0
  25. data/devise-5.0.4/app/views/devise/shared/_error_messages.html.erb +15 -0
  26. data/devise-5.0.4/app/views/devise/shared/_links.html.erb +25 -0
  27. data/devise-5.0.4/app/views/devise/unlocks/new.html.erb +16 -0
  28. data/devise-5.0.4/config/locales/en.yml +65 -0
  29. data/devise-5.0.4/lib/devise/controllers/helpers.rb +295 -0
  30. data/devise-5.0.4/lib/devise/controllers/rememberable.rb +56 -0
  31. data/devise-5.0.4/lib/devise/controllers/responder.rb +35 -0
  32. data/devise-5.0.4/lib/devise/controllers/scoped_views.rb +19 -0
  33. data/devise-5.0.4/lib/devise/controllers/sign_in_out.rb +106 -0
  34. data/devise-5.0.4/lib/devise/controllers/store_location.rb +76 -0
  35. data/devise-5.0.4/lib/devise/controllers/url_helpers.rb +69 -0
  36. data/devise-5.0.4/lib/devise/delegator.rb +18 -0
  37. data/devise-5.0.4/lib/devise/encryptor.rb +24 -0
  38. data/devise-5.0.4/lib/devise/failure_app.rb +287 -0
  39. data/devise-5.0.4/lib/devise/hooks/activatable.rb +12 -0
  40. data/devise-5.0.4/lib/devise/hooks/csrf_cleaner.rb +14 -0
  41. data/devise-5.0.4/lib/devise/hooks/forgetable.rb +11 -0
  42. data/devise-5.0.4/lib/devise/hooks/lockable.rb +9 -0
  43. data/devise-5.0.4/lib/devise/hooks/proxy.rb +23 -0
  44. data/devise-5.0.4/lib/devise/hooks/rememberable.rb +9 -0
  45. data/devise-5.0.4/lib/devise/hooks/timeoutable.rb +35 -0
  46. data/devise-5.0.4/lib/devise/hooks/trackable.rb +11 -0
  47. data/devise-5.0.4/lib/devise/mailers/helpers.rb +87 -0
  48. data/devise-5.0.4/lib/devise/mapping.rb +178 -0
  49. data/devise-5.0.4/lib/devise/models/authenticatable.rb +302 -0
  50. data/devise-5.0.4/lib/devise/models/confirmable.rb +371 -0
  51. data/devise-5.0.4/lib/devise/models/database_authenticatable.rb +204 -0
  52. data/devise-5.0.4/lib/devise/models/lockable.rb +214 -0
  53. data/devise-5.0.4/lib/devise/models/omniauthable.rb +29 -0
  54. data/devise-5.0.4/lib/devise/models/recoverable.rb +156 -0
  55. data/devise-5.0.4/lib/devise/models/registerable.rb +29 -0
  56. data/devise-5.0.4/lib/devise/models/rememberable.rb +158 -0
  57. data/devise-5.0.4/lib/devise/models/timeoutable.rb +45 -0
  58. data/devise-5.0.4/lib/devise/models/trackable.rb +51 -0
  59. data/devise-5.0.4/lib/devise/models/validatable.rb +70 -0
  60. data/devise-5.0.4/lib/devise/models.rb +122 -0
  61. data/devise-5.0.4/lib/devise/modules.rb +30 -0
  62. data/devise-5.0.4/lib/devise/omniauth/config.rb +47 -0
  63. data/devise-5.0.4/lib/devise/omniauth/url_helpers.rb +27 -0
  64. data/devise-5.0.4/lib/devise/omniauth.rb +27 -0
  65. data/devise-5.0.4/lib/devise/orm/active_record.rb +7 -0
  66. data/devise-5.0.4/lib/devise/orm/mongoid.rb +7 -0
  67. data/devise-5.0.4/lib/devise/orm.rb +80 -0
  68. data/devise-5.0.4/lib/devise/parameter_filter.rb +44 -0
  69. data/devise-5.0.4/lib/devise/parameter_sanitizer.rb +172 -0
  70. data/devise-5.0.4/lib/devise/rails/routes.rb +514 -0
  71. data/devise-5.0.4/lib/devise/rails/warden_compat.rb +15 -0
  72. data/devise-5.0.4/lib/devise/rails.rb +57 -0
  73. data/devise-5.0.4/lib/devise/strategies/authenticatable.rb +178 -0
  74. data/devise-5.0.4/lib/devise/strategies/base.rb +22 -0
  75. data/devise-5.0.4/lib/devise/strategies/database_authenticatable.rb +31 -0
  76. data/devise-5.0.4/lib/devise/strategies/rememberable.rb +67 -0
  77. data/devise-5.0.4/lib/devise/test/controller_helpers.rb +156 -0
  78. data/devise-5.0.4/lib/devise/test/integration_helpers.rb +63 -0
  79. data/devise-5.0.4/lib/devise/time_inflector.rb +16 -0
  80. data/devise-5.0.4/lib/devise/token_generator.rb +32 -0
  81. data/devise-5.0.4/lib/devise/version.rb +5 -0
  82. data/devise-5.0.4/lib/devise.rb +533 -0
  83. data/devise-5.0.4/lib/generators/active_record/devise_generator.rb +119 -0
  84. data/devise-5.0.4/lib/generators/active_record/templates/migration.rb +20 -0
  85. data/devise-5.0.4/lib/generators/active_record/templates/migration_existing.rb +27 -0
  86. data/devise-5.0.4/lib/generators/devise/controllers_generator.rb +46 -0
  87. data/devise-5.0.4/lib/generators/devise/devise_generator.rb +28 -0
  88. data/devise-5.0.4/lib/generators/devise/install_generator.rb +42 -0
  89. data/devise-5.0.4/lib/generators/devise/orm_helpers.rb +36 -0
  90. data/devise-5.0.4/lib/generators/devise/views_generator.rb +145 -0
  91. data/devise-5.0.4/lib/generators/mongoid/devise_generator.rb +57 -0
  92. data/devise-5.0.4/lib/generators/templates/README +36 -0
  93. data/devise-5.0.4/lib/generators/templates/controllers/README +14 -0
  94. data/devise-5.0.4/lib/generators/templates/controllers/confirmations_controller.rb +30 -0
  95. data/devise-5.0.4/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +30 -0
  96. data/devise-5.0.4/lib/generators/templates/controllers/passwords_controller.rb +34 -0
  97. data/devise-5.0.4/lib/generators/templates/controllers/registrations_controller.rb +62 -0
  98. data/devise-5.0.4/lib/generators/templates/controllers/sessions_controller.rb +27 -0
  99. data/devise-5.0.4/lib/generators/templates/controllers/unlocks_controller.rb +30 -0
  100. data/devise-5.0.4/lib/generators/templates/devise.rb +316 -0
  101. data/devise-5.0.4/lib/generators/templates/markerb/confirmation_instructions.markerb +5 -0
  102. data/devise-5.0.4/lib/generators/templates/markerb/email_changed.markerb +7 -0
  103. data/devise-5.0.4/lib/generators/templates/markerb/password_change.markerb +3 -0
  104. data/devise-5.0.4/lib/generators/templates/markerb/reset_password_instructions.markerb +8 -0
  105. data/devise-5.0.4/lib/generators/templates/markerb/unlock_instructions.markerb +7 -0
  106. data/devise-5.0.4/lib/generators/templates/simple_form_for/confirmations/new.html.erb +20 -0
  107. data/devise-5.0.4/lib/generators/templates/simple_form_for/passwords/edit.html.erb +27 -0
  108. data/devise-5.0.4/lib/generators/templates/simple_form_for/passwords/new.html.erb +18 -0
  109. data/devise-5.0.4/lib/generators/templates/simple_form_for/registrations/edit.html.erb +35 -0
  110. data/devise-5.0.4/lib/generators/templates/simple_form_for/registrations/new.html.erb +25 -0
  111. data/devise-5.0.4/lib/generators/templates/simple_form_for/sessions/new.html.erb +20 -0
  112. data/devise-5.0.4/lib/generators/templates/simple_form_for/unlocks/new.html.erb +19 -0
  113. data/ultra-max-kit.gemspec +12 -0
  114. metadata +153 -0
@@ -0,0 +1,178 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'devise/strategies/base'
4
+
5
+ module Devise
6
+ module Strategies
7
+ # This strategy should be used as basis for authentication strategies. It retrieves
8
+ # parameters both from params or from http authorization headers. See database_authenticatable
9
+ # for an example.
10
+ class Authenticatable < Base
11
+ attr_accessor :authentication_hash, :authentication_type, :password
12
+
13
+ def store?
14
+ super && !mapping.to.skip_session_storage.include?(authentication_type)
15
+ end
16
+
17
+ def valid?
18
+ valid_for_params_auth? || valid_for_http_auth?
19
+ end
20
+
21
+ # Override and set to false for things like OmniAuth that technically
22
+ # run through Authentication (user_set) very often, which would normally
23
+ # reset CSRF data in the session
24
+ def clean_up_csrf?
25
+ true
26
+ end
27
+
28
+ private
29
+
30
+ # Receives a resource and check if it is valid by calling valid_for_authentication?
31
+ # A block that will be triggered while validating can be optionally
32
+ # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication?
33
+ # for more information.
34
+ #
35
+ # In case the resource can't be validated, it will fail with the given
36
+ # unauthenticated_message.
37
+ def validate(resource, &block)
38
+ result = resource && resource.valid_for_authentication?(&block)
39
+
40
+ if result
41
+ true
42
+ else
43
+ if resource
44
+ fail!(resource.unauthenticated_message)
45
+ end
46
+ false
47
+ end
48
+ end
49
+
50
+ # Get values from params and set in the resource.
51
+ def remember_me(resource)
52
+ resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
53
+ end
54
+
55
+ # Should this resource be marked to be remembered?
56
+ def remember_me?
57
+ valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
58
+ end
59
+
60
+ # Check if this is a valid strategy for http authentication by:
61
+ #
62
+ # * Validating if the model allows http authentication;
63
+ # * If any of the authorization headers were sent;
64
+ # * If all authentication keys are present;
65
+ #
66
+ def valid_for_http_auth?
67
+ http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash)
68
+ end
69
+
70
+ # Check if this is a valid strategy for params authentication by:
71
+ #
72
+ # * Validating if the model allows params authentication;
73
+ # * If the request hits the sessions controller through POST;
74
+ # * If the params[scope] returns a hash with credentials;
75
+ # * If all authentication keys are present;
76
+ #
77
+ def valid_for_params_auth?
78
+ params_authenticatable? && valid_params_request? &&
79
+ valid_params? && with_authentication_hash(:params_auth, params_auth_hash)
80
+ end
81
+
82
+ # Check if the model accepts this strategy as http authenticatable.
83
+ def http_authenticatable?
84
+ mapping.to.http_authenticatable?(authenticatable_name)
85
+ end
86
+
87
+ # Check if the model accepts this strategy as params authenticatable.
88
+ def params_authenticatable?
89
+ mapping.to.params_authenticatable?(authenticatable_name)
90
+ end
91
+
92
+ # Extract the appropriate subhash for authentication from params.
93
+ def params_auth_hash
94
+ params[scope]
95
+ end
96
+
97
+ # Extract a hash with attributes:values from the http params.
98
+ def http_auth_hash
99
+ keys = [http_authentication_key, :password]
100
+ Hash[*keys.zip(decode_credentials).flatten]
101
+ end
102
+
103
+ # By default, a request is valid if the controller set the proper env variable.
104
+ def valid_params_request?
105
+ !!env["devise.allow_params_authentication"]
106
+ end
107
+
108
+ # If the request is valid, finally check if params_auth_hash returns a hash.
109
+ def valid_params?
110
+ params_auth_hash.is_a?(Hash)
111
+ end
112
+
113
+ # Note: unlike `Model.valid_password?`, this method does not actually
114
+ # ensure that the password in the params matches the password stored in
115
+ # the database. It only checks if the password is *present*. Do not rely
116
+ # on this method for validating that a given password is correct.
117
+ def valid_password?
118
+ password.present?
119
+ end
120
+
121
+ # Helper to decode credentials from HTTP.
122
+ def decode_credentials
123
+ return [] unless request.authorization && request.authorization =~ /^Basic (.*)/mi
124
+ Base64.decode64($1).split(/:/, 2)
125
+ end
126
+
127
+ # Sets the authentication hash and the password from params_auth_hash or http_auth_hash.
128
+ def with_authentication_hash(auth_type, auth_values)
129
+ self.authentication_hash, self.authentication_type = {}, auth_type
130
+ self.password = auth_values[:password]
131
+
132
+ parse_authentication_key_values(auth_values, authentication_keys) &&
133
+ parse_authentication_key_values(request_values, request_keys)
134
+ end
135
+
136
+ def authentication_keys
137
+ @authentication_keys ||= mapping.to.authentication_keys
138
+ end
139
+
140
+ def http_authentication_key
141
+ @http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys
142
+ when Array then authentication_keys.first
143
+ when Hash then authentication_keys.keys.first
144
+ end
145
+ end
146
+
147
+ def request_keys
148
+ @request_keys ||= mapping.to.request_keys
149
+ end
150
+
151
+ def request_values
152
+ keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys
153
+ values = keys.map { |k| self.request.send(k) }
154
+ Hash[keys.zip(values)]
155
+ end
156
+
157
+ def parse_authentication_key_values(hash, keys)
158
+ keys.each do |key, enforce|
159
+ value = hash[key].presence
160
+ if value
161
+ self.authentication_hash[key] = value
162
+ else
163
+ return false unless enforce == false
164
+ end
165
+ end
166
+ true
167
+ end
168
+
169
+ # Holds the authenticatable name for this class. Devise::Strategies::DatabaseAuthenticatable
170
+ # becomes simply :database.
171
+ def authenticatable_name
172
+ @authenticatable_name ||=
173
+ ActiveSupport::Inflector.underscore(self.class.name.split("::").last).
174
+ sub("_authenticatable", "").to_sym
175
+ end
176
+ end
177
+ end
178
+ end
@@ -0,0 +1,22 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Devise
4
+ module Strategies
5
+ # Base strategy for Devise. Responsible for verifying correct scope and mapping.
6
+ class Base < ::Warden::Strategies::Base
7
+ # Whenever CSRF cannot be verified, we turn off any kind of storage
8
+ def store?
9
+ !env["devise.skip_storage"]
10
+ end
11
+
12
+ # Checks if a valid scope was given for devise and find mapping based on this scope.
13
+ def mapping
14
+ @mapping ||= begin
15
+ mapping = Devise.mappings[scope]
16
+ raise "Could not find mapping for #{scope}" unless mapping
17
+ mapping
18
+ end
19
+ end
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'devise/strategies/authenticatable'
4
+
5
+ module Devise
6
+ module Strategies
7
+ # Default strategy for signing in a user, based on their email and password in the database.
8
+ class DatabaseAuthenticatable < Authenticatable
9
+ def authenticate!
10
+ resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
11
+ hashed = false
12
+
13
+ if validate(resource){ hashed = true; resource.valid_password?(password) }
14
+ remember_me(resource)
15
+ resource.after_database_authentication
16
+ success!(resource)
17
+ end
18
+
19
+ # In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key.
20
+ # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't
21
+ # exist in the database if the password hashing algorithm is not called.
22
+ mapping.to.new.password = password if !hashed && Devise.paranoid
23
+ unless resource
24
+ Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database)
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
30
+
31
+ Warden::Strategies.add(:database_authenticatable, Devise::Strategies::DatabaseAuthenticatable)
@@ -0,0 +1,67 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'devise/strategies/authenticatable'
4
+
5
+ module Devise
6
+ module Strategies
7
+ # Remember the user through the remember token. This strategy is responsible
8
+ # to verify whether there is a cookie with the remember token, and to
9
+ # recreate the user from this cookie if it exists. Must be called *before*
10
+ # authenticatable.
11
+ class Rememberable < Authenticatable
12
+ # A valid strategy for rememberable needs a remember token in the cookies.
13
+ def valid?
14
+ @remember_cookie = nil
15
+ remember_cookie.present?
16
+ end
17
+
18
+ # To authenticate a user we deserialize the cookie and attempt finding
19
+ # the record in the database. If the attempt fails, we pass to another
20
+ # strategy handle the authentication.
21
+ def authenticate!
22
+ resource = mapping.to.serialize_from_cookie(*remember_cookie)
23
+
24
+ unless resource
25
+ cookies.delete(remember_key)
26
+ return pass
27
+ end
28
+
29
+ if validate(resource)
30
+ remember_me(resource) if extend_remember_me?(resource)
31
+ resource.after_remembered
32
+ success!(resource)
33
+ end
34
+ end
35
+
36
+ # No need to clean up the CSRF when using rememberable.
37
+ # In fact, cleaning it up here would be a bug because
38
+ # rememberable is triggered on GET requests which means
39
+ # we would render a page on first access with all csrf
40
+ # tokens expired.
41
+ def clean_up_csrf?
42
+ false
43
+ end
44
+
45
+ private
46
+
47
+ def extend_remember_me?(resource)
48
+ resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
49
+ end
50
+
51
+ def remember_me?
52
+ true
53
+ end
54
+
55
+ def remember_key
56
+ mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token")
57
+ end
58
+
59
+ def remember_cookie
60
+ @remember_cookie ||= cookies.signed[remember_key]
61
+ end
62
+
63
+ end
64
+ end
65
+ end
66
+
67
+ Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable)
@@ -0,0 +1,156 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Devise
4
+ module Test
5
+ # `Devise::Test::ControllerHelpers` provides a facility to test controllers
6
+ # in isolation when using `ActionController::TestCase` allowing you to
7
+ # quickly sign_in or sign_out a user. Do not use
8
+ # `Devise::Test::ControllerHelpers` in integration tests.
9
+ #
10
+ # Examples
11
+ #
12
+ # class PostsTest < ActionController::TestCase
13
+ # include Devise::Test::ControllerHelpers
14
+ #
15
+ # test 'authenticated users can GET index' do
16
+ # sign_in users(:bob)
17
+ #
18
+ # get :index
19
+ # assert_response :success
20
+ # end
21
+ # end
22
+ #
23
+ # Important: you should not test Warden specific behavior (like callbacks)
24
+ # using `Devise::Test::ControllerHelpers` since it is a stub of the actual
25
+ # behavior. Such callbacks should be tested in your integration suite instead.
26
+ module ControllerHelpers
27
+ extend ActiveSupport::Concern
28
+
29
+ included do
30
+ setup :setup_controller_for_warden, :warden
31
+ end
32
+
33
+ # Override process to consider warden.
34
+ def process(*)
35
+ _catch_warden { super }
36
+
37
+ @response
38
+ end
39
+
40
+ ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true)
41
+
42
+ # We need to set up the environment variables and the response in the controller.
43
+ def setup_controller_for_warden #:nodoc:
44
+ @request.env['action_controller.instance'] = @controller
45
+ end
46
+
47
+ # Quick access to Warden::Proxy.
48
+ def warden #:nodoc:
49
+ @request.env['warden'] ||= begin
50
+ manager = Warden::Manager.new(nil) do |config|
51
+ config.merge! Devise.warden_config
52
+ end
53
+ Warden::Proxy.new(@request.env, manager)
54
+ end
55
+ end
56
+
57
+ # sign_in a given resource by storing its keys in the session.
58
+ # This method bypass any warden authentication callback.
59
+ #
60
+ # * +resource+ - The resource that should be authenticated
61
+ # * +scope+ - An optional +Symbol+ with the scope where the resource
62
+ # should be signed in with.
63
+ # Examples:
64
+ #
65
+ # sign_in users(:alice)
66
+ # sign_in users(:alice), scope: :admin
67
+ def sign_in(resource, scope: nil)
68
+ scope ||= Devise::Mapping.find_scope!(resource)
69
+
70
+ warden.instance_variable_get(:@users).delete(scope)
71
+ warden.session_serializer.store(resource, scope)
72
+ end
73
+
74
+ # Sign out a given resource or scope by calling logout on Warden.
75
+ # This method bypass any warden logout callback.
76
+ #
77
+ # Examples:
78
+ #
79
+ # sign_out :user # sign_out(scope)
80
+ # sign_out @user # sign_out(resource)
81
+ #
82
+ def sign_out(resource_or_scope)
83
+ scope = Devise::Mapping.find_scope!(resource_or_scope)
84
+ @controller.instance_variable_set(:"@current_#{scope}", nil)
85
+ user = warden.instance_variable_get(:@users).delete(scope)
86
+ warden.session_serializer.delete(scope, user)
87
+ end
88
+
89
+ protected
90
+
91
+ # Catch warden continuations and handle like the middleware would.
92
+ # Returns nil when interrupted, otherwise the normal result of the block.
93
+ def _catch_warden(&block)
94
+ result = catch(:warden, &block)
95
+
96
+ env = @controller.request.env
97
+
98
+ result ||= {}
99
+
100
+ # Set the response. In production, the rack result is returned
101
+ # from Warden::Manager#call, which the following is modelled on.
102
+ case result
103
+ when Array
104
+ if result.first == 401 && intercept_401?(env) # does this happen during testing?
105
+ _process_unauthenticated(env)
106
+ else
107
+ result
108
+ end
109
+ when Hash
110
+ _process_unauthenticated(env, result)
111
+ else
112
+ result
113
+ end
114
+ end
115
+
116
+ def _process_unauthenticated(env, options = {})
117
+ options[:action] ||= :unauthenticated
118
+ proxy = request.env['warden']
119
+ result = options[:result] || proxy.result
120
+
121
+ ret = case result
122
+ when :redirect
123
+ body = proxy.message || "You are being redirected to #{proxy.headers['Location']}"
124
+ [proxy.status, proxy.headers, [body]]
125
+ when :custom
126
+ proxy.custom_response
127
+ else
128
+ request.env["PATH_INFO"] = "/#{options[:action]}"
129
+ request.env["warden.options"] = options
130
+ Warden::Manager._run_callbacks(:before_failure, env, options)
131
+
132
+ status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
133
+ @controller.response.headers.merge!(headers)
134
+ @controller.status = status
135
+ @controller.response_body = response.body
136
+ nil # causes process return @response
137
+ end
138
+
139
+ # ensure that the controller response is set up. In production, this is
140
+ # not necessary since warden returns the results to rack. However, at
141
+ # testing time, we want the response to be available to the testing
142
+ # framework to verify what would be returned to rack.
143
+ if ret.is_a?(Array)
144
+ status, headers, body = *ret
145
+ # ensure the controller response is set to our response.
146
+ @controller.response ||= @response
147
+ @response.status = status
148
+ @response.headers.merge!(headers)
149
+ @response.body = body
150
+ end
151
+
152
+ ret
153
+ end
154
+ end
155
+ end
156
+ end
@@ -0,0 +1,63 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Devise
4
+ # Devise::Test::IntegrationHelpers is a helper module for facilitating
5
+ # authentication on Rails integration tests to bypass the required steps for
6
+ # signin in or signin out a record.
7
+ #
8
+ # Examples
9
+ #
10
+ # class PostsTest < ActionDispatch::IntegrationTest
11
+ # include Devise::Test::IntegrationHelpers
12
+ #
13
+ # test 'authenticated users can see posts' do
14
+ # sign_in users(:bob)
15
+ #
16
+ # get '/posts'
17
+ # assert_response :success
18
+ # end
19
+ # end
20
+ module Test
21
+ module IntegrationHelpers
22
+ def self.included(base)
23
+ base.class_eval do
24
+ include Warden::Test::Helpers
25
+
26
+ setup :setup_integration_for_devise
27
+ teardown :teardown_integration_for_devise
28
+ end
29
+ end
30
+
31
+ # Signs in a specific resource, mimicking a successful sign in
32
+ # operation through +Devise::SessionsController#create+.
33
+ #
34
+ # * +resource+ - The resource that should be authenticated
35
+ # * +scope+ - An optional +Symbol+ with the scope where the resource
36
+ # should be signed in with.
37
+ def sign_in(resource, scope: nil)
38
+ scope ||= Devise::Mapping.find_scope!(resource)
39
+
40
+ login_as(resource, scope: scope)
41
+ end
42
+
43
+ # Signs out a specific scope from the session.
44
+ #
45
+ # * +resource_or_scope+ - The resource or scope that should be signed out.
46
+ def sign_out(resource_or_scope)
47
+ scope = Devise::Mapping.find_scope!(resource_or_scope)
48
+
49
+ logout scope
50
+ end
51
+
52
+ protected
53
+
54
+ def setup_integration_for_devise
55
+ Warden.test_mode!
56
+ end
57
+
58
+ def teardown_integration_for_devise
59
+ Warden.test_reset!
60
+ end
61
+ end
62
+ end
63
+ end
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "active_support/core_ext/module/delegation"
4
+
5
+ module Devise
6
+ class TimeInflector
7
+ include ActionView::Helpers::DateHelper
8
+
9
+ class << self
10
+ attr_reader :instance
11
+ delegate :time_ago_in_words, to: :instance
12
+ end
13
+
14
+ @instance = new
15
+ end
16
+ end
@@ -0,0 +1,32 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'openssl'
4
+
5
+ module Devise
6
+ class TokenGenerator
7
+ def initialize(key_generator, digest = "SHA256")
8
+ @key_generator = key_generator
9
+ @digest = digest
10
+ end
11
+
12
+ def digest(klass, column, value)
13
+ value.present? && OpenSSL::HMAC.hexdigest(@digest, key_for(column), value.to_s)
14
+ end
15
+
16
+ def generate(klass, column)
17
+ key = key_for(column)
18
+
19
+ loop do
20
+ raw = Devise.friendly_token
21
+ enc = OpenSSL::HMAC.hexdigest(@digest, key, raw)
22
+ break [raw, enc] unless klass.to_adapter.find_first({ column => enc })
23
+ end
24
+ end
25
+
26
+ private
27
+
28
+ def key_for(column)
29
+ @key_generator.generate_key("Devise #{column}")
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Devise
4
+ VERSION = "5.0.4".freeze
5
+ end