From 3511f8ac00fcff982c5287326648fe57b4b79c93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Manuel=20Cruz=20Due=C3=B1as?= Date: Thu, 5 Jul 2012 19:10:34 +0200 Subject: [PATCH 0001/1473] Checking if unconfirmed_email has changed before to set update_needs_confirmation flash message. --- .../devise/registrations_controller.rb | 3 ++- test/integration/registerable_test.rb | 21 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index b18e9f6903..eae3c38483 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -38,10 +38,11 @@ def edit # the current user in place. def update self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) + prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) if resource.update_with_password(resource_params) if is_navigational_format? - if resource.respond_to?(:pending_reconfirmation?) && resource.pending_reconfirmation? + if resource.respond_to?(:pending_reconfirmation?) && resource.pending_reconfirmation? && (prev_unconfirmed_email != resource.unconfirmed_email) flash_key = :update_needs_confirmation end set_flash_message :notice, flash_key || :updated diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 28953b453d..3028b6bb3b 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -321,4 +321,25 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest assert Admin.first.valid_password?('pas123') end + + test 'a signed in admin should not see a reconfirmation message if he did not change his email, despite having an unconfirmed email' do + sign_in_as_admin + + get edit_admin_registration_path + fill_in 'email', :with => 'admin.new@example.com' + fill_in 'current password', :with => '123456' + click_button 'Update' + + get edit_admin_registration_path + fill_in 'password', :with => 'pas123' + fill_in 'password confirmation', :with => 'pas123' + fill_in 'current password', :with => '123456' + click_button 'Update' + + assert_current_url '/admin_area/home' + assert_contain 'You updated your account successfully.' + + assert_equal "admin.new@example.com", Admin.first.unconfirmed_email + assert Admin.first.valid_password?('pas123') + end end \ No newline at end of file From d59301ed2a44bd0a923692e8b6133a4dfc7c8e63 Mon Sep 17 00:00:00 2001 From: igor04 Date: Sun, 26 Aug 2012 14:54:08 +0300 Subject: [PATCH 0002/1473] Deleted unnecessary validation in generator mongoid model --- lib/generators/mongoid/devise_generator.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/generators/mongoid/devise_generator.rb b/lib/generators/mongoid/devise_generator.rb index d59a844ed4..7aec818ed1 100644 --- a/lib/generators/mongoid/devise_generator.rb +++ b/lib/generators/mongoid/devise_generator.rb @@ -22,9 +22,6 @@ def migration_data ## Database authenticatable field :email, :type => String, :default => "" field :encrypted_password, :type => String, :default => "" - - validates_presence_of :email - validates_presence_of :encrypted_password ## Recoverable field :reset_password_token, :type => String From e345d3940c944ffd18172e5460cf7a98078d078f Mon Sep 17 00:00:00 2001 From: Marcos Toledo Date: Mon, 27 Aug 2012 23:41:47 -0300 Subject: [PATCH 0003/1473] Minor typo fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 03d806c13e..87df54a916 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ The generator will install an initializer which describes ALL Devise's configura rails generate devise MODEL ``` -Replace MODEL by the class name used for the applications users, it's frequently 'User' but could also be 'Admin'. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run "rake db:migrate" as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to Devise controller. +Replace MODEL by the class name used for the applications users, it's frequently 'User' but could also be 'Admin'. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run "rake db:migrate" as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller. Note that you should re-start your app here if you've already started it. Otherwise you'll run into strange errors like users being unable to login and the route helpers being undefined. From f7dd59839cd39ed3c57948d37e8a95c697c14647 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 6 Sep 2012 17:26:20 +0300 Subject: [PATCH 0004/1473] Update lib/generators/templates/README --- lib/generators/templates/README | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/generators/templates/README b/lib/generators/templates/README index d2a26945ab..8f2ff1ffb1 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -21,11 +21,15 @@ Some setup you must do manually if you haven't yet:

<%= notice %>

<%= alert %>

- 4. If you are deploying Rails 3.1 on Heroku, you may want to set: + 4. If you are deploying Rails 3.1+ on Heroku, you may want to set: config.assets.initialize_on_precompile = false On config/application.rb forcing your application to not access the DB or load models when precompiling your assets. + 5. You can copy Devise views (for customization) to your app by running: + + rails g devise:views + =============================================================================== From 9e096a4113e2c5f4d644095bb5684c4a064246c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 18 Sep 2012 14:30:04 +0300 Subject: [PATCH 0005/1473] Update README.md --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 87df54a916..532e75d633 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,9 @@ -*IMPORTANT:* Devise 2.1 is out. If you are upgrading, please read: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.1 - ## Devise -INFO: This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). - [![Build Status](https://secure.travis-ci.org/plataformatec/devise.png)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/plataformatec/devise) +This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). + Devise is a flexible authentication solution for Rails based on Warden. It: * Is Rack based; From b27491061e8033aeffbfeb4b5dc11d0ac1a4e241 Mon Sep 17 00:00:00 2001 From: Jason Rush Date: Thu, 27 Sep 2012 18:44:31 -0600 Subject: [PATCH 0006/1473] Test helper was incorrectly returning failure body The _process_unauthenticated method in test_helper was returning the response as the body. When setting rendering the text, it was calling to_s on the response which would render something like this: #. This change renders the body of the response instead of the response itself --- lib/devise/test_helpers.rb | 4 ++-- test/test_helpers_test.rb | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index 9aa7c2397c..646a9ce600 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -107,8 +107,8 @@ def _process_unauthenticated(env, options = {}) env["warden.options"] = options Warden::Manager._run_callbacks(:before_failure, env, options) - status, headers, body = Devise.warden_config[:failure_app].call(env).to_a - @controller.send :render, :status => status, :text => body, + status, headers, response = Devise.warden_config[:failure_app].call(env).to_a + @controller.send :render, :status => status, :text => response.body, :content_type => headers["Content-Type"], :location => headers["Location"] nil # causes process return @response end diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index ff4a167741..68e55d9527 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -9,7 +9,7 @@ def redirect self.status = 306 end end - + test "redirects if attempting to access a page unauthenticated" do get :index assert_redirected_to new_user_session_path @@ -70,7 +70,7 @@ def redirect get :index assert_redirected_to new_user_session_path end - + test "respects custom failure app" do begin Devise.warden_config.failure_app = CustomFailureApp @@ -81,6 +81,11 @@ def redirect end end + test "returns the body of a failure app" do + get :index + assert_equal response.body, "You are being redirected." + end + test "defined Warden after_authentication callback should not be called when sign_in is called" do begin Warden::Manager.after_authentication do |user, auth, opts| From e873e2aeed4b3eb294ac71636998c6cd79ddd47f Mon Sep 17 00:00:00 2001 From: James Mead Date: Fri, 28 Sep 2012 10:52:37 +0100 Subject: [PATCH 0007/1473] Use "number of" instead of "amount of" for countable nouns. --- app/views/devise/mailer/unlock_instructions.html.erb | 2 +- lib/generators/templates/markerb/unlock_instructions.markerb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb index 2263c21952..a4152e135f 100644 --- a/app/views/devise/mailer/unlock_instructions.html.erb +++ b/app/views/devise/mailer/unlock_instructions.html.erb @@ -1,6 +1,6 @@

Hello <%= @resource.email %>!

-

Your account has been locked due to an excessive amount of unsuccessful sign in attempts.

+

Your account has been locked due to an excessive number of unsuccessful sign in attempts.

Click the link below to unlock your account:

diff --git a/lib/generators/templates/markerb/unlock_instructions.markerb b/lib/generators/templates/markerb/unlock_instructions.markerb index 9bab190438..09b866b94c 100644 --- a/lib/generators/templates/markerb/unlock_instructions.markerb +++ b/lib/generators/templates/markerb/unlock_instructions.markerb @@ -1,6 +1,6 @@ Hello <%= @resource.email %>! -Your account has been locked due to an excessive amount of unsuccessful sign in attempts. +Your account has been locked due to an excessive number of unsuccessful sign in attempts. Click the link below to unlock your account: From 7b04ecdddbd4d73ee4f573fefc3df8d80c048a3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 4 Oct 2012 08:20:50 -0700 Subject: [PATCH 0008/1473] Update CONTRIBUTING.md --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0125b06c31..692b2b12ee 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,12 +1,12 @@ ### Please read before contributing -1) If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). Do not post questions here. +1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). 2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [developers@plataformatec.com.br](mailto:developers@plataformatec.com.br) instead. 3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. In case it was not, create your report including Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace. -That's it! The more information you give, the more easy it becomes for us to track it down and fix it. Ideal scenario would be adding the issue to Devise test suite or to a sample application. +That's it! The more information you give, the more easy it becomes for us to track it down and fix it. +Ideally, you should provide an application that reproduces the error or a test case to Devise's suite. Thanks! - From 75135120003619fcbb09bce3ef29265f1e0b4944 Mon Sep 17 00:00:00 2001 From: Daniel Dyba Date: Thu, 4 Oct 2012 08:38:16 -0700 Subject: [PATCH 0009/1473] Missing https:// in Google Group link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 692b2b12ee..666a920a81 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,6 @@ ### Please read before contributing -1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). +1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). 2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [developers@plataformatec.com.br](mailto:developers@plataformatec.com.br) instead. From 564e588f5e7ae3f0a1312a63b26870f0b35ec3ce Mon Sep 17 00:00:00 2001 From: Adam McNamara Date: Wed, 10 Oct 2012 10:01:35 -0400 Subject: [PATCH 0010/1473] Assigns object to self.resource, changing variable scope. --- app/controllers/devise/sessions_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 2cbd671b33..39a1a99dc1 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -5,14 +5,14 @@ class Devise::SessionsController < DeviseController # GET /resource/sign_in def new - resource = build_resource(nil, :unsafe => true) + self.resource = build_resource(nil, :unsafe => true) clean_up_passwords(resource) respond_with(resource, serialize_options(resource)) end # POST /resource/sign_in def create - resource = warden.authenticate!(auth_options) + self.resource = warden.authenticate!(auth_options) set_flash_message(:notice, :signed_in) if is_navigational_format? sign_in(resource_name, resource) respond_with resource, :location => after_sign_in_path_for(resource) From 68dc20cba27369c35e3203b5c23485f2a919f85d Mon Sep 17 00:00:00 2001 From: Philip Poots Date: Tue, 23 Oct 2012 20:05:45 +0100 Subject: [PATCH 0011/1473] Separates sign_up and sign_in on Registration See #2104 Completed with the help of @rubynortheast --- app/controllers/devise/registrations_controller.rb | 2 +- lib/devise/controllers/helpers.rb | 6 ++++++ test/controllers/helpers_test.rb | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 6c0ede94d2..5d734f7d67 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -15,7 +15,7 @@ def create if resource.save if resource.active_for_authentication? set_flash_message :notice, :signed_up if is_navigational_format? - sign_in(resource_name, resource) + sign_up(resource_name, resource) respond_with resource, :location => after_sign_up_path_for(resource) else set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format? diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 0c147b0655..d0c0488367 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -93,6 +93,12 @@ def signed_in?(scope=nil) end end + # Signs in a user on sign up. This helper delegates to sign_in and separates + # sign_up and sign_in events. Enables hooking into the sign_up event. + def sign_up(resource_name, resource) + sign_in(resource_name, resource) + end + # Sign in a user that already was authenticated. This helper is useful for logging # users in after sign up. # diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 8036b5462b..383d24ab1f 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -100,6 +100,12 @@ def setup @controller.sign_in(:user, user) end + test 'sign up delegates to sign_in' do + user = User.new + @controller.expects(:sign_in).with(:user, user) + @controller.sign_up(:user, user) + end + test 'sign in accepts a resource as argument' do user = User.new @mock_warden.expects(:user).returns(nil) From 692175b897a45786e67c38c7b48f230084934652 Mon Sep 17 00:00:00 2001 From: Philip Poots Date: Tue, 23 Oct 2012 20:29:41 +0100 Subject: [PATCH 0012/1473] Moves sign_up from helpers to controller --- app/controllers/devise/registrations_controller.rb | 6 ++++++ lib/devise/controllers/helpers.rb | 6 ------ test/controllers/helpers_test.rb | 6 ------ 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 5d734f7d67..281979a7c9 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -87,6 +87,12 @@ def build_resource(hash=nil) self.resource = resource_class.new_with_session(hash, session) end + # Signs in a user on sign up. You can overwrite this method in your own + # RegistrationsController. + def sign_up(resource_name, resource) + sign_in(resource_name, resource) + end + # The path used after sign up. You need to overwrite this method # in your own RegistrationsController. def after_sign_up_path_for(resource) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index d0c0488367..0c147b0655 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -93,12 +93,6 @@ def signed_in?(scope=nil) end end - # Signs in a user on sign up. This helper delegates to sign_in and separates - # sign_up and sign_in events. Enables hooking into the sign_up event. - def sign_up(resource_name, resource) - sign_in(resource_name, resource) - end - # Sign in a user that already was authenticated. This helper is useful for logging # users in after sign up. # diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 383d24ab1f..8036b5462b 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -100,12 +100,6 @@ def setup @controller.sign_in(:user, user) end - test 'sign up delegates to sign_in' do - user = User.new - @controller.expects(:sign_in).with(:user, user) - @controller.sign_up(:user, user) - end - test 'sign in accepts a resource as argument' do user = User.new @mock_warden.expects(:user).returns(nil) From b8538716677eab717e537a5b3ef168e7fe82ab6c Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 24 Oct 2012 11:50:26 -0500 Subject: [PATCH 0013/1473] Make #set_flash_message respect i18n-set resource_name Using #devise_i18n_options allows overriding any i18n keys but the resulting call to I18n.t does not respect an override of resource_name. --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index c7dcfac992..848d685fc8 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -168,7 +168,7 @@ def set_flash_message(key, kind, options={}) options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name options = devise_i18n_options(options) if respond_to?(:devise_i18n_options, true) - message = I18n.t("#{resource_name}.#{kind}", options) + message = I18n.t("#{options[:resource_name]}.#{kind}", options) flash[key] = message if message.present? end From d6449d014e2b5f871627ce58fa63ce79915d3a8d Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 24 Oct 2012 12:13:07 -0500 Subject: [PATCH 0014/1473] Add test for #devise_i18n_options allowing resource_name override --- test/controllers/internal_helpers_test.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 504aa90b7c..939549b6a0 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -95,6 +95,12 @@ def setup assert_equal 'devise custom options', flash[:notice] end + test 'allows custom i18n options to override resource_name' do + I18n.expects(:t).with("custom_resource_name.confirmed", anything) + @controller.stubs(:devise_i18n_options).returns(:resource_name => "custom_resource_name") + @controller.send :set_flash_message, :notice, :confirmed + end + test 'navigational_formats not returning a wild card' do MyController.send(:public, :navigational_formats) Devise.navigational_formats = [:"*/*", :html] From f79bb31ee68a71922ea544adec9a74814e6a5b13 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Thu, 25 Oct 2012 16:20:21 -0500 Subject: [PATCH 0015/1473] Add failing test for Issue #1994 Lockable should not leak information about account existence if paranoid mode is on. --- test/integration/lockable_test.rb | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index cbea8755b3..50d4b51919 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -221,4 +221,22 @@ def send_unlock_request end end + test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do + swap Devise, :paranoid => true, :maximum_attempts => 1 do + user = create_user(:locked => false) + + visit new_user_session_path + fill_in 'email', :with => user.email + fill_in 'password', :with => "abadpassword" + click_button 'Sign in' + + fill_in 'email', :with => user.email + fill_in 'password', :with => "abadpassword" + click_button 'Sign in' + + assert_current_url "/users/sign_in" + assert_not_contain "locked" + end + end + end From 00e8841e9351b3e4792cb58fd2f21fe471ad862e Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Thu, 25 Oct 2012 16:51:02 -0500 Subject: [PATCH 0016/1473] Unit test for Lockable#unauthenticated_message not leaking account existence This is another failing test for #1994, a unit test for Lockable. Lockable's #uanauthenticated_message should not return :locked if paranoid mode is on and instead should return the generic :invalid response. --- test/models/lockable_test.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 18ea2edda9..9bc5a43c67 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -260,4 +260,14 @@ def setup end end end + + test 'should not return a locked unauthenticated message if in paranoid mode' do + swap Devise, :paranoid => :true do + user = create_user + user.failed_attempts = Devise.maximum_attempts + 1 + user.lock_access! + + assert_equal :invalid, user.unauthenticated_message + end + end end From 00a01c2bc494ce17269036fadd62ff14a76833ca Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Thu, 25 Oct 2012 16:51:56 -0500 Subject: [PATCH 0017/1473] Fix #1994 Lockable no longer leaks account existence --- lib/devise/models/lockable.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 98b810f830..56ccd6c6f1 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -105,7 +105,11 @@ def valid_for_authentication? end def unauthenticated_message - if lock_strategy_enabled?(:failed_attempts) && attempts_exceeded? + # If set to paranoid mode, do not show the locked message because it + # leaks the existence of an account. + if Devise.paranoid + super + elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded? :locked else super From d5a2a9b2da15bf7572c24941c6a35bf7bb3a9061 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 26 Oct 2012 11:21:16 +0200 Subject: [PATCH 0018/1473] Update CHANGELOG --- CHANGELOG.rdoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index c827b4cd39..469e84f70a 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,6 +1,9 @@ * enhancement * Default minimum password length is now 8 (by @carlosgaldino). * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt) + * Make #set_flash_message respect i18n-set resource_name (by @latortuga) + * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast) + * Add autofocus to default views (by @Radagaisus) * bug fix * Fix a regression introduced on warden 1.2.1 (by @ejfinneran) @@ -8,6 +11,8 @@ * Do not set flash messages for non navigational requests on session sign out (by @mathieul) * Set the proper fields as required on the lockable module (by @nickhoffman) * Respects Devise mailer default's reply_to (by @mrchrisadams) + * Properly assign resource on sign_in action (by @adammcnamara) + * Unlockable could leak account existence on paranoid mode (by @latortuga) == 2.1.2 From 2f36d0dd322b770f7a1955c868d2aaa68399e109 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 28 Oct 2012 00:58:24 +0300 Subject: [PATCH 0019/1473] handle namespaced models in AR generator closes #2043 --- lib/generators/active_record/devise_generator.rb | 6 +++++- test/generators/active_record_generator_test.rb | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index ba55d7ec02..35541d91c9 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -27,7 +27,11 @@ def inject_devise_content attr_accessible :email, :password, :password_confirmation, :remember_me CONTENT - class_path = class_name.to_s.split("::") + class_path = if namespaced? + class_name.to_s.split("::") + else + [class_name] + end indent_depth = class_path.size - 1 content = content.split("\n").map { |line| " " * indent_depth + line } .join("\n") << "\n" diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 7bf11db871..f416003449 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -14,6 +14,12 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase assert_migration "db/migrate/devise_create_monsters.rb", /def change/ end + test "all files for namespaced model are properly created" do + run_generator %w(admin/monster) + assert_file "app/models/admin/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/ + assert_migration "db/migrate/devise_create_admin_monsters.rb", /def change/ + end + test "update model migration when model exists" do run_generator %w(monster) assert_file "app/models/monster.rb" @@ -66,4 +72,4 @@ class ActiveRecordEngineGeneratorTest < Rails::Generators::TestCase end end end -end \ No newline at end of file +end From ee61d86546cb4ef2f182c30d0c2cfc038cbd07d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 30 Oct 2012 20:09:10 +0100 Subject: [PATCH 0020/1473] Update CONTRIBUTING.md --- CONTRIBUTING.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 666a920a81..886bd24fac 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,9 +4,11 @@ 2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [developers@plataformatec.com.br](mailto:developers@plataformatec.com.br) instead. -3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. In case it was not, create your report including Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace. +3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. -That's it! The more information you give, the more easy it becomes for us to track it down and fix it. +4) When reporting an issue, include Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace. + +That's it! The more information you give, the easier it becomes for us to track it down and fix it. Ideally, you should provide an application that reproduces the error or a test case to Devise's suite. Thanks! From 61903b534a37ba8267e03c30632ddd14c08f86fb Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 4 Nov 2012 23:34:20 +0300 Subject: [PATCH 0021/1473] don't delete the return to url from session if the requested format is not navigational closes #2122 --- lib/devise/controllers/helpers.rb | 11 +++++-- test/controllers/sessions_controller_test.rb | 30 +++++++++++++++++++- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 0c147b0655..23c4c503be 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -162,8 +162,8 @@ def sign_out_all_scopes(lock=true) users.any? end - # Returns and delete the url stored in the session for the given scope. Useful - # for giving redirect backs after sign up: + # Returns and delete (if it's navigational format) the url stored in the session for + # the given scope. Useful for giving redirect backs after sign up: # # Example: # @@ -171,7 +171,12 @@ def sign_out_all_scopes(lock=true) # def stored_location_for(resource_or_scope) scope = Devise::Mapping.find_scope!(resource_or_scope) - session.delete("#{scope}_return_to") + + if is_navigational_format? + session.delete("#{scope}_return_to") + else + session["#{scope}_return_to"] + end end # The scope root url to be used when he's signed in. By default, it first diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 3818d9ccb6..7af0a6867c 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -13,6 +13,34 @@ class SessionsControllerTest < ActionController::TestCase end end + test "#create delete the url stored in the session if the requested format is navigational" do + request.env["devise.mapping"] = Devise.mappings[:user] + request.session["user_return_to"] = 'foo.bar' + + user = create_user + user.confirm! + post :create, :user => { + :email => user.email, + :password => user.password + } + + assert_nil request.session["user_return_to"] + end + + test "#create doesn't delete the url stored in the session if the requested format is not navigational" do + request.env["devise.mapping"] = Devise.mappings[:user] + request.session["user_return_to"] = 'foo.bar' + + user = create_user + user.confirm! + post :create, :format => 'json', :user => { + :email => user.email, + :password => user.password + } + + assert_equal 'foo.bar', request.session["user_return_to"] + end + test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do request.env["devise.mapping"] = Devise.mappings[:user] post :create, :user => { @@ -54,4 +82,4 @@ class SessionsControllerTest < ActionController::TestCase end end end -end \ No newline at end of file +end From 5d86327e4d5396211fefbe6fb08c46a967da22f4 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Mon, 5 Nov 2012 09:54:22 +0300 Subject: [PATCH 0022/1473] move is_navigational_format? and request_format methods to helpers --- app/controllers/devise_controller.rb | 8 -------- lib/devise/controllers/helpers.rb | 8 ++++++++ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 8603b938cc..376b03d43e 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -181,12 +181,4 @@ def respond_with_navigational(*args, &block) format.any(*navigational_formats, &block) end end - - def request_format - @request_format ||= request.format.try(:ref) - end - - def is_navigational_format? - Devise.navigational_formats.include?(request_format) - end end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 23c4c503be..a83a77d0ea 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -267,6 +267,14 @@ def handle_unverified_request super # call the default behaviour which resets the session end + def request_format + @request_format ||= request.format.try(:ref) + end + + def is_navigational_format? + Devise.navigational_formats.include?(request_format) + end + private def expire_devise_cached_variables! From 10235f9d7204128e0daf17715b96e65df8e26e7d Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Tue, 6 Nov 2012 21:05:17 +0300 Subject: [PATCH 0023/1473] update_with_password doesn't change encrypted password when it is invalid closes #2130 --- lib/devise/models/database_authenticatable.rb | 1 + test/models/database_authenticatable_test.rb | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 349147a9a4..a0a0f0d8d5 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -64,6 +64,7 @@ def update_with_password(params, *options) result = if valid_password?(current_password) update_attributes(params, *options) else + params.delete(:password) self.assign_attributes(params, *options) self.valid? self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 638eaf39f4..bacbe98669 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -108,6 +108,13 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_match "is invalid", user.errors[:current_password].join end + test 'should not change encrypted password when it is invalid' do + user = create_user + assert_not user.update_with_password(:current_password => 'other', + :password => 'pass4321', :password_confirmation => 'pass4321') + assert_not user.encrypted_password_changed? + end + test 'should add an error to current password when it is blank' do user = create_user assert_not user.update_with_password(:password => 'pass4321', From ac58c286170ed5cf0b534718769b7890a581cbbf Mon Sep 17 00:00:00 2001 From: Marcin Balinski Date: Wed, 7 Nov 2012 10:45:46 +0100 Subject: [PATCH 0024/1473] Unlock user when re-setting password and unlock strategy is :email or :both --- .../devise/passwords_controller.rb | 9 ++++ test/integration/recoverable_test.rb | 44 +++++++++++++++---- 2 files changed, 45 insertions(+), 8 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 46b323d23c..a568d87f4b 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -30,6 +30,7 @@ def update self.resource = resource_class.reset_password_by_token(resource_params) if resource.errors.empty? + resource.unlock_access! if unlockable?(resource) flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message(:notice, flash_message) if is_navigational_format? sign_in(resource_name, resource) @@ -53,4 +54,12 @@ def assert_reset_token_passed redirect_to new_session_path(resource_name) end end + + # Check if proper Lockable module methods are present & unlock strategy + # allows to unlock resource on password reset + def unlockable?(resource) + resource.respond_to?(:unlock_access!) && + resource.respond_to?(:unlock_strategy_enabled?) && + resource.unlock_strategy_enabled?(:email) + end end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 9dbadd0ac3..1524497b92 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -190,15 +190,43 @@ def reset_password(options={}, &block) assert warden.authenticated?(:user) end - test 'does not sign in user automatically after changing its password if it\'s locked' do - user = create_user(:locked => true) - request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token + test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do + [:none, :time].each do |strategy| + swap Devise, :unlock_strategy => strategy do + user = create_user(:locked => true) + request_forgot_password + reset_password :reset_password_token => user.reload.reset_password_token + + assert_contain 'Your password was changed successfully.' + assert_not_contain 'You are now signed in.' + assert_equal new_user_session_path, @request.path + assert !warden.authenticated?(:user) + end + end + end - assert_contain 'Your password was changed successfully.' - assert_not_contain 'You are now signed in.' - assert_equal new_user_session_path, @request.path - assert !warden.authenticated?(:user) + test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :email' do + swap Devise, :unlock_strategy => :email do + user = create_user(:locked => true) + request_forgot_password + reset_password :reset_password_token => user.reload.reset_password_token + + assert_contain 'Your password was changed successfully.' + assert !user.reload.access_locked? + assert warden.authenticated?(:user) + end + end + + test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :both' do + swap Devise, :unlock_strategy => :both do + user = create_user(:locked => true) + request_forgot_password + reset_password :reset_password_token => user.reload.reset_password_token + + assert_contain 'Your password was changed successfully.' + assert !user.reload.access_locked? + assert warden.authenticated?(:user) + end end test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do From ae426dcc1c52abeb4be55b4d19dd1a6990bafc86 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Thu, 8 Nov 2012 22:22:03 +0300 Subject: [PATCH 0025/1473] remove useless test --- test/indifferent_hash.rb | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 test/indifferent_hash.rb diff --git a/test/indifferent_hash.rb b/test/indifferent_hash.rb deleted file mode 100644 index 43dd752927..0000000000 --- a/test/indifferent_hash.rb +++ /dev/null @@ -1,33 +0,0 @@ -require 'test_helper' - -class IndifferentHashTest < ActiveSupport::TestCase - setup do - @hash = Devise::IndifferentHash.new - end - - test "it overwrites getter and setter" do - @hash[:foo] = "bar" - assert_equal "bar", @hash["foo"] - assert_equal "bar", @hash[:foo] - - @hash["foo"] = "baz" - assert_equal "baz", @hash["foo"] - assert_equal "baz", @hash[:foo] - end - - test "it overwrites update" do - @hash.update :foo => "bar" - assert_equal "bar", @hash["foo"] - assert_equal "bar", @hash[:foo] - - @hash.update "foo" => "baz" - assert_equal "baz", @hash["foo"] - assert_equal "baz", @hash[:foo] - end - - test "it returns a Hash on to_hash" do - @hash[:foo] = "bar" - assert_equal Hash["foo", "bar"], @hash.to_hash - assert_kind_of Hash, @hash.to_hash - end -end if defined?(Devise::IndifferentHash) \ No newline at end of file From 59966e817c80da289f4df751ee65bc279965b715 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 10 Nov 2012 20:35:32 +0300 Subject: [PATCH 0026/1473] update README closes #2128 --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 532e75d633..f0a7999098 100644 --- a/README.md +++ b/README.md @@ -339,7 +339,13 @@ There are two things that is important to keep in mind: ### Omniauth -Devise comes with Omniauth support out of the box to authenticate from other providers. You can read more about Omniauth support in the wiki: +Devise comes with Omniauth support out of the box to authenticate from other providers. Note that you should specify all your omniauth configs in i`nitializers/devise.rb` **not** in a separate `omniauth.rb` initializer: + +```ruby +config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo' +``` + +You can read more about Omniauth support in the wiki: * https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview From d821275588accd3fa841311ad01148d92d8afe17 Mon Sep 17 00:00:00 2001 From: Durran Jordan Date: Sat, 10 Nov 2012 20:02:58 +0100 Subject: [PATCH 0027/1473] Fix spec failures for Mongoid 3. This has no actual changes to Devise itself, just fixes the failing tests when running against Mongoid 3 instead of Mongoid 2. Mocha has been locked at 0.10.0 since 0.12.0 raises an error when trying to set an expectation on a frozen object. Tests were updated to work with both AR and Mongoid, some cases the XML serialization was slightly different but both were outputting correct and valid XML, and the id/_id field mismatch is now handled. An active field was missing from the test models for Mongoid, and the invalid :null => true options in field were removed. --- Gemfile | 6 +- Gemfile.lock | 124 +++++++++++------------ test/integration/authenticatable_test.rb | 2 +- test/models/serializable_test.rb | 3 +- test/orm/mongoid.rb | 5 +- test/rails_app/app/mongoid/admin.rb | 6 +- test/rails_app/app/mongoid/shim.rb | 6 +- test/rails_app/app/mongoid/user.rb | 4 +- 8 files changed, 78 insertions(+), 78 deletions(-) diff --git a/Gemfile b/Gemfile index 25e659ef5c..3d429b0f7b 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.2", :require => false - gem "mocha", :require => false + gem "mocha", "0.10.0", :require => false end platforms :jruby do @@ -24,8 +24,6 @@ platforms :ruby do gem "sqlite3" group :mongoid do - gem "mongo", "~> 1.3.0" - gem "mongoid", "~> 2.0" - gem "bson_ext", "~> 1.3.0" + gem "mongoid", "~> 3.0" end end diff --git a/Gemfile.lock b/Gemfile.lock index a13d5de8af..da298a1fb4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,81 +10,83 @@ PATH GEM remote: http://rubygems.org/ specs: - actionmailer (3.2.6) - actionpack (= 3.2.6) + actionmailer (3.2.8) + actionpack (= 3.2.8) mail (~> 2.4.4) - actionpack (3.2.6) - activemodel (= 3.2.6) - activesupport (= 3.2.6) + actionpack (3.2.8) + activemodel (= 3.2.8) + activesupport (= 3.2.8) builder (~> 3.0.0) erubis (~> 2.7.0) - journey (~> 1.0.1) + journey (~> 1.0.4) rack (~> 1.4.0) rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.1.3) - activemodel (3.2.6) - activesupport (= 3.2.6) + activemodel (3.2.8) + activesupport (= 3.2.8) builder (~> 3.0.0) - activerecord (3.2.6) - activemodel (= 3.2.6) - activesupport (= 3.2.6) + activerecord (3.2.8) + activemodel (= 3.2.8) + activesupport (= 3.2.8) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.6) - activemodel (= 3.2.6) - activesupport (= 3.2.6) - activesupport (3.2.6) + activeresource (3.2.8) + activemodel (= 3.2.8) + activesupport (= 3.2.8) + activesupport (3.2.8) i18n (~> 0.6) multi_json (~> 1.0) - addressable (2.2.6) arel (3.0.2) bcrypt-ruby (3.0.1) - bson (1.5.1) - bson_ext (1.3.1) - builder (3.0.0) + builder (3.0.4) erubis (2.7.0) - faraday (0.7.5) - addressable (~> 2.2.6) - multipart-post (~> 1.1.3) - rack (>= 1.1.0, < 2) + faraday (0.8.4) + multipart-post (~> 1.1) hashie (1.2.0) hike (1.2.1) - i18n (0.6.0) + httpauth (0.2.0) + i18n (0.6.1) journey (1.0.4) - json (1.7.3) + json (1.7.5) + jwt (0.1.5) + multi_json (>= 1.0) mail (2.4.4) i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.18) + mime-types (1.19) mocha (0.10.0) metaclass (~> 0.0.1) - mongo (1.3.1) - bson (>= 1.3.1) - mongoid (2.3.4) + mongoid (3.0.11) activemodel (~> 3.1) - mongo (~> 1.3) + moped (~> 1.1) + origin (~> 1.0) tzinfo (~> 0.3.22) - multi_json (1.0.4) - multipart-post (1.1.4) - nokogiri (1.5.0) - oauth2 (0.5.1) - faraday (~> 0.7.4) - multi_json (~> 1.0.3) - omniauth (1.0.1) + moped (1.2.8) + multi_json (1.3.7) + multipart-post (1.1.5) + nokogiri (1.5.5) + oauth2 (0.8.0) + faraday (~> 0.8) + httpauth (~> 0.1) + jwt (~> 0.1.4) + multi_json (~> 1.0) + rack (~> 1.2) + omniauth (1.0.3) hashie (~> 1.2) rack - omniauth-facebook (1.0.0) - omniauth-oauth2 (~> 1.0.0) - omniauth-oauth2 (1.0.0) - oauth2 (~> 0.5.0) + omniauth-facebook (1.4.0) + omniauth-oauth2 (~> 1.0.2) + omniauth-oauth2 (1.0.3) + oauth2 (~> 0.8.0) omniauth (~> 1.0) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - orm_adapter (0.3.0) + origin (1.0.10) + orm_adapter (0.4.0) polyglot (0.3.3) rack (1.4.1) rack-cache (1.2) @@ -94,19 +96,19 @@ GEM ruby-openid (>= 2.1.8) rack-ssl (1.3.2) rack - rack-test (0.6.1) + rack-test (0.6.2) rack (>= 1.0) - rails (3.2.6) - actionmailer (= 3.2.6) - actionpack (= 3.2.6) - activerecord (= 3.2.6) - activeresource (= 3.2.6) - activesupport (= 3.2.6) + rails (3.2.8) + actionmailer (= 3.2.8) + actionpack (= 3.2.8) + activerecord (= 3.2.8) + activeresource (= 3.2.8) + activesupport (= 3.2.8) bundler (~> 1.0) - railties (= 3.2.6) - railties (3.2.6) - actionpack (= 3.2.6) - activesupport (= 3.2.6) + railties (= 3.2.8) + railties (3.2.8) + actionpack (= 3.2.8) + activesupport (= 3.2.8) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) @@ -114,18 +116,18 @@ GEM rake (0.9.2.2) rdoc (3.12) json (~> 1.4) - ruby-openid (2.1.8) + ruby-openid (2.2.2) sprockets (2.1.3) hike (~> 1.2) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.5) - thor (0.15.2) + sqlite3 (1.3.6) + thor (0.16.0) tilt (1.3.3) - treetop (1.4.10) + treetop (1.4.12) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.33) + tzinfo (0.3.35) warden (1.2.1) rack (>= 1.0) webrat (0.7.2) @@ -139,12 +141,10 @@ PLATFORMS DEPENDENCIES activerecord-jdbc-adapter activerecord-jdbcsqlite3-adapter - bson_ext (~> 1.3.0) devise! jruby-openssl - mocha - mongo (~> 1.3.0) - mongoid (~> 2.0) + mocha (= 0.10.0) + mongoid (~> 3.0) omniauth (~> 1.0.0) omniauth-facebook omniauth-oauth2 (~> 1.0.0) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index b2ee55b162..26ada6e276 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -456,7 +456,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest assert_match '', response.body assert_match /.*<\/user>/m, response.body assert_match '', response.body - assert_match '', response.body + assert_match ' String, :null => true - field :encrypted_password, :type => String, :null => true + field :email, :type => String + field :encrypted_password, :type => String ## Recoverable field :reset_password_token, :type => String @@ -24,4 +24,6 @@ class Admin ## Lockable field :locked_at, :type => Time + + field :active, :type => Boolean, :default => false end diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index 0556561e17..14f2182b32 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -7,13 +7,13 @@ module Shim end module ClassMethods - def last(options={}) + def last(options = {}) options.delete(:order) if options[:order] == "id" - super(options) + where(options).last end def find_by_email(email) - first(:conditions => { :email => email }) + find_by(:email => email) end end diff --git a/test/rails_app/app/mongoid/user.rb b/test/rails_app/app/mongoid/user.rb index 5c5a381735..a8adb9b794 100644 --- a/test/rails_app/app/mongoid/user.rb +++ b/test/rails_app/app/mongoid/user.rb @@ -9,8 +9,8 @@ class User field :facebook_token, :type => String ## Database authenticatable - field :email, :type => String, :null => false, :default => "" - field :encrypted_password, :type => String, :null => false, :default => "" + field :email, :type => String, :default => "" + field :encrypted_password, :type => String, :default => "" ## Recoverable field :reset_password_token, :type => String From 071ba358a95546474ccea62e91a3fdbd89fc6eb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 10 Nov 2012 20:51:20 +0100 Subject: [PATCH 0028/1473] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f0a7999098..17924eefe8 100644 --- a/README.md +++ b/README.md @@ -339,7 +339,7 @@ There are two things that is important to keep in mind: ### Omniauth -Devise comes with Omniauth support out of the box to authenticate from other providers. Note that you should specify all your omniauth configs in i`nitializers/devise.rb` **not** in a separate `omniauth.rb` initializer: +Devise comes with Omniauth support out of the box to authenticate with other providers. To use it, just specify your omniauth configuration in `config/initializers/devise.rb`: ```ruby config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo' From fbf667e009213720b3b3c8f02ad038568b8bc004 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 10 Nov 2012 21:07:34 +0100 Subject: [PATCH 0029/1473] Update CHANGELOG --- CHANGELOG.rdoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 469e84f70a..db9bb16ac8 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -4,6 +4,8 @@ * Make #set_flash_message respect i18n-set resource_name (by @latortuga) * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast) * Add autofocus to default views (by @Radagaisus) + * Support Mongoid 3 onwards (by @durran) + * Unlock user on password reset (by @marcinb) * bug fix * Fix a regression introduced on warden 1.2.1 (by @ejfinneran) @@ -11,8 +13,10 @@ * Do not set flash messages for non navigational requests on session sign out (by @mathieul) * Set the proper fields as required on the lockable module (by @nickhoffman) * Respects Devise mailer default's reply_to (by @mrchrisadams) - * Properly assign resource on sign_in action (by @adammcnamara) + * Properly assign resource on `sign_in` related action (by @adammcnamara) * Unlockable could leak account existence on paranoid mode (by @latortuga) + * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby) + * Properly handle namespaced models on Active Record generator (by @nashby) == 2.1.2 From 1c8fc18fad99b265eba8f3e91ef951cbf4f60ab8 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 12 Nov 2012 09:11:55 -0200 Subject: [PATCH 0030/1473] Update Gemfile.rails-3.1.x. --- gemfiles/Gemfile.rails-3.1.x | 4 +--- gemfiles/Gemfile.rails-3.1.x.lock | 25 +++++++++++-------------- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x index b881657f1a..d9d7820827 100644 --- a/gemfiles/Gemfile.rails-3.1.x +++ b/gemfiles/Gemfile.rails-3.1.x @@ -28,8 +28,6 @@ platforms :ruby do gem "sqlite3" group :mongoid do - gem "mongo", "~> 1.3.0" - gem "mongoid", "~> 2.0" - gem "bson_ext", "~> 1.3.0" + gem "mongoid", "~> 3.0" end end diff --git a/gemfiles/Gemfile.rails-3.1.x.lock b/gemfiles/Gemfile.rails-3.1.x.lock index 1dd424e0ca..ddb22af615 100644 --- a/gemfiles/Gemfile.rails-3.1.x.lock +++ b/gemfiles/Gemfile.rails-3.1.x.lock @@ -1,11 +1,11 @@ PATH remote: .. specs: - devise (2.1.0.rc2) + devise (2.1.2) bcrypt-ruby (~> 3.0) - orm_adapter (~> 0.0.7) + orm_adapter (~> 0.1) railties (~> 3.1) - warden (~> 1.1.1) + warden (~> 1.2.1) GEM remote: http://rubygems.org/ @@ -41,8 +41,6 @@ GEM addressable (2.2.7) arel (2.2.3) bcrypt-ruby (3.0.1) - bson (1.5.2) - bson_ext (1.3.1) builder (3.0.0) columnize (0.3.6) erubis (2.7.0) @@ -64,12 +62,12 @@ GEM mime-types (1.18) mocha (0.10.4) metaclass (~> 0.0.1) - mongo (1.3.1) - bson (>= 1.3.1) - mongoid (2.4.4) + mongoid (3.0.12) activemodel (~> 3.1) - mongo (~> 1.3) + moped (~> 1.1) + origin (~> 1.0) tzinfo (~> 0.3.22) + moped (1.2.9) multi_json (1.3.4) multipart-post (1.1.5) nokogiri (1.5.0) @@ -87,7 +85,8 @@ GEM omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - orm_adapter (0.0.7) + origin (1.0.10) + orm_adapter (0.4.0) polyglot (0.3.3) rack (1.3.6) rack-cache (1.2) @@ -137,7 +136,7 @@ GEM polyglot polyglot (>= 0.3.1) tzinfo (0.3.33) - warden (1.1.1) + warden (1.2.1) rack (>= 1.0) webrat (0.7.2) nokogiri (>= 1.2.0) @@ -150,12 +149,10 @@ PLATFORMS DEPENDENCIES activerecord-jdbc-adapter activerecord-jdbcsqlite3-adapter - bson_ext (~> 1.3.0) devise! jruby-openssl mocha - mongo (~> 1.3.0) - mongoid (~> 2.0) + mongoid (~> 3.0) omniauth (~> 1.0.0) omniauth-facebook omniauth-oauth2 (~> 1.0.0) From da5464acf6ea531876276fd6eb6155fbfc6d234a Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 12 Nov 2012 09:12:17 -0200 Subject: [PATCH 0031/1473] Update Travis CI configuration: * `DEVISE_ORM=mongoid` is part of the build matrix, except for 1.8.7 and REE rubies; * `language` key added (Thanks to travis-lint). --- .travis.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.travis.yml b/.travis.yml index 97c4ae8352..880590c4b1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,12 +1,32 @@ +language: ruby script: "bundle exec rake test" rvm: - 1.8.7 - 1.9.2 - 1.9.3 - ree +env: + - DEVISE_ORM=mongoid + - DEVISE_ORM=active_record +matrix: + exclude: + - rvm: ree + env: DEVISE_ORM=mongoid + gemfile: Gemfile + - rvm: 1.8.7 + env: DEVISE_ORM=mongoid + gemfile: Gemfile + - rvm: ree + env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-3.1.x + - rvm: 1.8.7 + env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-3.1.x gemfile: - gemfiles/Gemfile.rails-3.1.x - Gemfile +services: + - mongodb notifications: recipients: - jose.valim@plataformatec.com.br From 96a0477555f6683d71d334bb23e45c8e23cb6468 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 12 Nov 2012 15:07:29 -0200 Subject: [PATCH 0032/1473] Remove 1.9.2 + Mongoid from the build matrix. http://mongoid.org/en/mongoid/docs/tips.html#ruby --- .travis.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 880590c4b1..5584ec5170 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,13 +13,19 @@ matrix: - rvm: ree env: DEVISE_ORM=mongoid gemfile: Gemfile + - rvm: ree + env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-3.1.x - rvm: 1.8.7 env: DEVISE_ORM=mongoid gemfile: Gemfile - - rvm: ree + - rvm: 1.8.7 env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-3.1.x - - rvm: 1.8.7 + - rvm: 1.9.2 + env: DEVISE_ORM=mongoid + gemfile: Gemfile + - rvm: 1.9.2 env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-3.1.x gemfile: From ed6f2abc2311bec0454b3b40c5c00b6120eed660 Mon Sep 17 00:00:00 2001 From: Luis Gracia Date: Mon, 12 Nov 2012 20:05:42 -0500 Subject: [PATCH 0033/1473] Show invalid confirmation token message fixes #2143 Attribute confirmation token is not present in the simple_form template, therefore not being displayed by #error_notification. This fix explicitily call #full_error on :confirmation_token. --- .../templates/simple_form_for/confirmations/new.html.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/generators/templates/simple_form_for/confirmations/new.html.erb b/lib/generators/templates/simple_form_for/confirmations/new.html.erb index c2387ac49a..c80829ad2e 100644 --- a/lib/generators/templates/simple_form_for/confirmations/new.html.erb +++ b/lib/generators/templates/simple_form_for/confirmations/new.html.erb @@ -2,6 +2,7 @@ <%= simple_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %> <%= f.error_notification %> + <%= f.full_error :confirmation_token %>
<%= f.input :email, :required => true, :autofocus => true %> From 0415564a7d7c80cfa4faa484d0a2ae5565d66ef8 Mon Sep 17 00:00:00 2001 From: Luis Gracia Date: Tue, 13 Nov 2012 15:01:32 -0500 Subject: [PATCH 0034/1473] Show invalid unlock token message Attribute unlock token is not present in the simple_form template, therefore not being displayed by #error_notification. This fix explicitily call #full_error on :unlock_token. --- lib/generators/templates/simple_form_for/unlocks/new.html.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/generators/templates/simple_form_for/unlocks/new.html.erb b/lib/generators/templates/simple_form_for/unlocks/new.html.erb index bf39643a01..66495d6a96 100644 --- a/lib/generators/templates/simple_form_for/unlocks/new.html.erb +++ b/lib/generators/templates/simple_form_for/unlocks/new.html.erb @@ -2,6 +2,7 @@ <%= simple_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %> <%= f.error_notification %> + <%= f.full_error :unlock_token %>
<%= f.input :email, :required => true, :autofocus => true %> From f044916f946e8ede94206f99e10eaaf443f63d28 Mon Sep 17 00:00:00 2001 From: Jared Morgan Date: Thu, 15 Nov 2012 12:21:11 -0600 Subject: [PATCH 0035/1473] Use correct current_password in RegistrationTest of invalid confirmation In DatabaseAuthenticatable#update_with_password, password is now deleted if the current_password is invalid. dm-validations will not check the confirmation in that case, so this test was failing in dm-devise. --- test/integration/registerable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 39d3ba7a28..fb3f31f896 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -203,7 +203,7 @@ def user_sign_up fill_in 'password', :with => 'pas123' fill_in 'password confirmation', :with => '' - fill_in 'current password', :with => '123456' + fill_in 'current password', :with => '12345678' click_button 'Update' assert_contain "Password doesn't match confirmation" From cde2229e598d0b91e75c039ead4311fa6a89a2e9 Mon Sep 17 00:00:00 2001 From: Gabe Martin-Dempesy Date: Sun, 18 Nov 2012 15:08:57 -0800 Subject: [PATCH 0036/1473] Support alternate sign in error message when email record does not exist By default, the nonexistent error is still identical to the :invalid message, and must be customized by the developer to implement. --- config/locales/en.yml | 1 + lib/devise/strategies/database_authenticatable.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index a533f90ca2..1c1cb30fe7 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -18,6 +18,7 @@ en: unauthenticated: 'You need to sign in or sign up before continuing.' unconfirmed: 'You have to confirm your account before continuing.' locked: 'Your account is locked.' + nonexitent: 'Invalid email or password.' invalid: 'Invalid email or password.' invalid_token: 'Invalid authentication token.' timeout: 'Your session expired, please sign in again to continue.' diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index 4552d7a396..f024bfcd92 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -6,7 +6,7 @@ module Strategies class DatabaseAuthenticatable < Authenticatable def authenticate! resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) - return fail(:invalid) unless resource + return fail(:nonexitent) unless resource if validate(resource){ resource.valid_password?(password) } resource.after_database_authentication From ffab77c35e3392500ea03ac6ed9669d0ab4ef612 Mon Sep 17 00:00:00 2001 From: Gabe Martin-Dempesy Date: Sun, 18 Nov 2012 15:19:15 -0800 Subject: [PATCH 0037/1473] Fix typo on nonexistent error --- config/locales/en.yml | 2 +- lib/devise/strategies/database_authenticatable.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 1c1cb30fe7..73c6bd5a7b 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -18,7 +18,7 @@ en: unauthenticated: 'You need to sign in or sign up before continuing.' unconfirmed: 'You have to confirm your account before continuing.' locked: 'Your account is locked.' - nonexitent: 'Invalid email or password.' + nonexistent: 'Invalid email or password.' invalid: 'Invalid email or password.' invalid_token: 'Invalid authentication token.' timeout: 'Your session expired, please sign in again to continue.' diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index f024bfcd92..831e5f5609 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -6,7 +6,7 @@ module Strategies class DatabaseAuthenticatable < Authenticatable def authenticate! resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) - return fail(:nonexitent) unless resource + return fail(:nonexistent) unless resource if validate(resource){ resource.valid_password?(password) } resource.after_database_authentication From 50186474d402a908cd8eec170511c96efdd7387f Mon Sep 17 00:00:00 2001 From: Anatoliy Kukul Date: Mon, 19 Nov 2012 13:40:54 +0200 Subject: [PATCH 0038/1473] Fix default email_regexp config to not allow spaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Default email_regexp config accepted emails with spaces. e.g.: "test user@test server.com" http://rubular.com/r/jXGS8pmumd Changed regexp to not allow spaces in email. e.g.:  http://rubular.com/r/tTD9PytGEp --- lib/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 572f63fb97..5b33b1dcae 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -87,7 +87,7 @@ module Strategies # an one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. mattr_accessor :email_regexp - @@email_regexp = /\A[^@]+@([^@\.]+\.)+[^@\.]+\z/ + @@email_regexp = /\A[\w\._%-]+@[\w\.-]+\.[a-zA-Z]{2,4}\z/ # Range validation for password length mattr_accessor :password_length From adc9a45f05b3a1bda015c3035c2a2f32fa929650 Mon Sep 17 00:00:00 2001 From: Anatoliy Kukul Date: Mon, 19 Nov 2012 13:58:19 +0200 Subject: [PATCH 0039/1473] Used other regxp --- lib/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 5b33b1dcae..6b6cf197d6 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -87,7 +87,7 @@ module Strategies # an one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. mattr_accessor :email_regexp - @@email_regexp = /\A[\w\._%-]+@[\w\.-]+\.[a-zA-Z]{2,4}\z/ + @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\s]+\z/ # Range validation for password length mattr_accessor :password_length From 19a1ea52112cf78673ab65b4d274e45e2fe4a4da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 19 Nov 2012 14:02:43 +0100 Subject: [PATCH 0040/1473] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 17924eefe8..d4da20703b 100644 --- a/README.md +++ b/README.md @@ -245,7 +245,7 @@ Remember that Devise uses flash messages to let users know if sign in was succes Devise also ships with default routes. If you need to customize them, you should probably be able to do it through the devise_for method. It accepts several options like :class_name, :path_prefix and so on, including the possibility to change path names for I18n: ```ruby -devise_for :users, :path => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock', :registration => 'register', :sign_up => 'cmon_let_me_in' } +devise_for :users, :path => "auth", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock', :registration => 'register', :sign_up => 'cmon_let_me_in' } ``` Be sure to check `devise_for` documentation for details. From f0f3e15c080d15985c13e0701abe53e18c9def8f Mon Sep 17 00:00:00 2001 From: Anatoliy Kukul Date: Mon, 19 Nov 2012 17:38:22 +0200 Subject: [PATCH 0041/1473] add test for Devise.email_regexp --- test/devise_test.rb | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/test/devise_test.rb b/test/devise_test.rb index 1b0746d73f..9352e164b4 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -68,5 +68,16 @@ class DeviseTest < ActiveSupport::TestCase end assert_not Devise.secure_compare("size_1", "size_four") end - + + test 'Devise.email_regexp should match valid email addresses' do + valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua"] + non_valid_emails = ["rex", "test@go,com", "test user@example.com", "test_user@example server.com"] + + valid_emails.each do |email| + assert_match Devise.email_regexp, email + end + non_valid_emails.each do |email| + assert_no_match Devise.email_regexp, email + end + end end From 130d68419857f3ba0cdc75fafbf65e6e96948797 Mon Sep 17 00:00:00 2001 From: Gabe Martin-Dempesy Date: Mon, 19 Nov 2012 15:49:21 -0800 Subject: [PATCH 0042/1473] Change failure key for missing database resource to :invalid_email --- config/locales/en.yml | 2 +- lib/devise/strategies/database_authenticatable.rb | 2 +- test/integration/database_authenticatable_test.rb | 12 +++++++----- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 73c6bd5a7b..824c4ce8bb 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -18,8 +18,8 @@ en: unauthenticated: 'You need to sign in or sign up before continuing.' unconfirmed: 'You have to confirm your account before continuing.' locked: 'Your account is locked.' - nonexistent: 'Invalid email or password.' invalid: 'Invalid email or password.' + invalid_email: 'Invalid email or password.' invalid_token: 'Invalid authentication token.' timeout: 'Your session expired, please sign in again to continue.' inactive: 'Your account was not activated yet.' diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index 831e5f5609..78d9581211 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -6,7 +6,7 @@ module Strategies class DatabaseAuthenticatable < Authenticatable def authenticate! resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) - return fail(:nonexistent) unless resource + return fail(:invalid_email) unless resource if validate(resource){ resource.valid_password?(password) } resource.after_database_authentication diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 51074d3ab6..39c2e2cda3 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -53,12 +53,14 @@ class DatabaseAuthenticationTest < ActionController::IntegrationTest end test 'sign in with invalid email should return to sign in form with error message' do - sign_in_as_admin do - fill_in 'email', :with => 'wrongemail@test.com' - end + store_translations :en, :devise => { :failure => { :admin => { :invalid_email => 'Invalid email address' } } } do + sign_in_as_admin do + fill_in 'email', :with => 'wrongemail@test.com' + end - assert_contain 'Invalid email or password' - assert_not warden.authenticated?(:admin) + assert_contain 'Invalid email address' + assert_not warden.authenticated?(:admin) + end end test 'sign in with invalid pasword should return to sign in form with error message' do From c026b5a3f652f46b4a3120396f4f09f8ce9f985b Mon Sep 17 00:00:00 2001 From: Aditya Sanghi Date: Thu, 29 Nov 2012 17:15:15 +0530 Subject: [PATCH 0043/1473] minor documentation grammar update --- lib/devise/models/database_authenticatable.rb | 2 +- lib/devise/models/recoverable.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index a0a0f0d8d5..7712544dcb 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -76,7 +76,7 @@ def update_with_password(params, *options) end # Updates record attributes without asking for the current password. - # Never allows to change the current password. If you are using this + # Never allows a change to the current password. If you are using this # method, you should probably override this method to protect other # attributes you would not like to be updated without a password. # diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 0bed681ea9..74f943a6ec 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -101,10 +101,10 @@ def after_password_reset end module ClassMethods - # Attempt to find a user by its email. If a record is found, send new - # password instructions to it. If not user is found, returns a new user + # Attempt to find a user by it's email. If a record is found, send new + # password instructions to it. If user is not found, returns a new user # with an email not found error. - # Attributes must contain the user email + # Attributes must contain the user's email def send_reset_password_instructions(attributes={}) recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found) recoverable.send_reset_password_instructions if recoverable.persisted? From 88dba417ef3ebf17b7757305b127a1fa9d6e6b66 Mon Sep 17 00:00:00 2001 From: Aditya Sanghi Date: Sun, 2 Dec 2012 00:24:09 +0530 Subject: [PATCH 0044/1473] reverting part of #2164 which was a mistake --- lib/devise/models/recoverable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 74f943a6ec..ba434bb37b 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -101,7 +101,7 @@ def after_password_reset end module ClassMethods - # Attempt to find a user by it's email. If a record is found, send new + # Attempt to find a user by its email. If a record is found, send new # password instructions to it. If user is not found, returns a new user # with an email not found error. # Attributes must contain the user's email From 77ec1b08cd263e3cc766f78aca72b05f1334f943 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Sat, 1 Dec 2012 21:06:03 -0600 Subject: [PATCH 0045/1473] Move test models into their own file so they can be used elsewhere --- test/models/database_authenticatable_test.rb | 1 + test/models_test.rb | 23 +--------------- test/support/helpers.rb | 4 +++ test/test_models.rb | 28 ++++++++++++++++++++ 4 files changed, 34 insertions(+), 22 deletions(-) create mode 100644 test/test_models.rb diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index bacbe98669..c184fcb48a 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -1,4 +1,5 @@ require 'test_helper' +require 'test_models' require 'digest/sha1' class DatabaseAuthenticatableTest < ActiveSupport::TestCase diff --git a/test/models_test.rb b/test/models_test.rb index b33404651e..705ad76882 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -1,26 +1,5 @@ require 'test_helper' - -class Configurable < User - devise :database_authenticatable, :confirmable, :rememberable, :timeoutable, :lockable, - :stretches => 15, :pepper => 'abcdef', :allow_unconfirmed_access_for => 5.days, - :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days -end - -class WithValidation < Admin - devise :database_authenticatable, :validatable, :password_length => 2..6 -end - -class UserWithValidation < User - validates_presence_of :username -end - -class Several < Admin - devise :validatable - devise :lockable -end - -class Inheritable < Admin -end +require 'test_models' class ActiveRecordTest < ActiveSupport::TestCase def include_module?(klass, mod) diff --git a/test/support/helpers.rb b/test/support/helpers.rb index a2554485e9..355001d9b4 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -29,6 +29,10 @@ def valid_attributes(attributes={}) :password_confirmation => '12345678' }.update(attributes) end + def new_user_with_class(klass=User, attributes={}) + klass.new(valid_attributes(attributes)) + end + def new_user(attributes={}) User.new(valid_attributes(attributes)) end diff --git a/test/test_models.rb b/test/test_models.rb new file mode 100644 index 0000000000..b17d3773b7 --- /dev/null +++ b/test/test_models.rb @@ -0,0 +1,28 @@ +class Configurable < User + devise :database_authenticatable, :confirmable, :rememberable, :timeoutable, :lockable, + :stretches => 15, :pepper => 'abcdef', :allow_unconfirmed_access_for => 5.days, + :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days +end + +class WithValidation < Admin + devise :database_authenticatable, :validatable, :password_length => 2..6 +end + +class UserWithValidation < User + validates_presence_of :username +end + +class UserWithVirtualAttributes < User + devise :case_insensitive_keys => [ :email, :email_confirmation ] + validates :email, :presence => true, :confirmation => {:on => :create} + attr_accessible :email, :email_confirmation +end + +class Several < Admin + devise :validatable + devise :lockable +end + +class Inheritable < Admin +end + From 0c6f2adf14b6d86961d2389faf8f54334078b4bf Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Sat, 1 Dec 2012 21:06:11 -0600 Subject: [PATCH 0046/1473] Add failing test for #2129 --- test/models/database_authenticatable_test.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index c184fcb48a..0986be073d 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -13,6 +13,21 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_equal email.downcase, user.email end + test 'should downcase case insensitive keys that refer to virtual attributes when saving' do + email = 'Foo@Bar1.com' + confirmation = 'Foo@Bar1.com' + pw = '12345678' + user = UserWithVirtualAttributes.new( + :email => email, + :email_confirmation => confirmation, + :password => pw, + :password_confirmation => pw) + + assert_nothing_raised "ActiveRecord::RecordInvalid" do + user.save! + end + end + test 'should remove whitespace from strip whitespace keys when saving' do # strip_whitespace_keys is set to :email by default. email = ' foo@bar.com ' From 79e9d6e5644c66160ba0d643a7c44356a845ac72 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Sat, 1 Dec 2012 21:01:13 -0600 Subject: [PATCH 0047/1473] Allow validation callbacks to apply to virtual attributes --- lib/devise/models/authenticatable.rb | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index b2eb1decab..1e676a01c9 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -164,11 +164,19 @@ def send_devise_notification(notification) end def downcase_keys - self.class.case_insensitive_keys.each { |k| self[k].try(:downcase!) } + self.class.case_insensitive_keys.each { |k| apply_to_attribute_or_variable(k, :downcase!) } end def strip_whitespace - self.class.strip_whitespace_keys.each { |k| self[k].try(:strip!) } + self.class.strip_whitespace_keys.each { |k| apply_to_attribute_or_variable(k, :strip!) } + end + + def apply_to_attribute_or_variable(attr, method) + if self[attr] + self[attr].try(method) + else + send(attr).try(method) + end end module ClassMethods From 2261005ed506df251073a6b1e4eee7f29cdfe6f0 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 4 Dec 2012 17:37:12 -0200 Subject: [PATCH 0048/1473] Refactor a bit to avoid two model attributes lookup Tidy up tests a bit. --- lib/devise/models/authenticatable.rb | 8 ++------ test/models/database_authenticatable_test.rb | 18 +++++++++--------- test/support/helpers.rb | 4 ---- test/test_models.rb | 1 - 4 files changed, 11 insertions(+), 20 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 1e676a01c9..6600f52632 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -172,11 +172,7 @@ def strip_whitespace end def apply_to_attribute_or_variable(attr, method) - if self[attr] - self[attr].try(method) - else - send(attr).try(method) - end + (self[attr] || send(attr)).try(method) end module ClassMethods @@ -207,7 +203,7 @@ def http_authenticatable?(strategy) # it may be wrapped as well. For instance, database authenticatable # provides a `find_for_database_authentication` that wraps a call to # this method. This allows you to customize both database authenticatable - # or the whole authenticate stack by customize `find_for_authentication.` + # or the whole authenticate stack by customize `find_for_authentication.` # # Overwrite to add customized conditions, create a join, or maybe use a # namedscope to filter records while authenticating. diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 0986be073d..7693b8283b 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -14,18 +14,18 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase end test 'should downcase case insensitive keys that refer to virtual attributes when saving' do - email = 'Foo@Bar1.com' + email = 'Foo@Bar1.com' confirmation = 'Foo@Bar1.com' - pw = '12345678' - user = UserWithVirtualAttributes.new( - :email => email, - :email_confirmation => confirmation, - :password => pw, - :password_confirmation => pw) - - assert_nothing_raised "ActiveRecord::RecordInvalid" do + attributes = valid_attributes(:email => email, :email_confirmation => confirmation) + + user = UserWithVirtualAttributes.new(attributes) + assert_equal confirmation, user.email_confirmation + + assert_nothing_raised ActiveRecord::RecordInvalid do user.save! end + + assert_equal confirmation.downcase, user.email_confirmation end test 'should remove whitespace from strip whitespace keys when saving' do diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 355001d9b4..a2554485e9 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -29,10 +29,6 @@ def valid_attributes(attributes={}) :password_confirmation => '12345678' }.update(attributes) end - def new_user_with_class(klass=User, attributes={}) - klass.new(valid_attributes(attributes)) - end - def new_user(attributes={}) User.new(valid_attributes(attributes)) end diff --git a/test/test_models.rb b/test/test_models.rb index b17d3773b7..fb65d53cad 100644 --- a/test/test_models.rb +++ b/test/test_models.rb @@ -25,4 +25,3 @@ class Several < Admin class Inheritable < Admin end - From 0652117c79cc1ad60a94456a28f125493173f7b6 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 4 Dec 2012 17:37:32 -0200 Subject: [PATCH 0049/1473] Bundle update --- Gemfile.lock | 63 ++++++++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index da298a1fb4..fcda17300d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,31 +10,31 @@ PATH GEM remote: http://rubygems.org/ specs: - actionmailer (3.2.8) - actionpack (= 3.2.8) + actionmailer (3.2.9) + actionpack (= 3.2.9) mail (~> 2.4.4) - actionpack (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) + actionpack (3.2.9) + activemodel (= 3.2.9) + activesupport (= 3.2.9) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) rack (~> 1.4.0) rack-cache (~> 1.2) rack-test (~> 0.6.1) - sprockets (~> 2.1.3) - activemodel (3.2.8) - activesupport (= 3.2.8) + sprockets (~> 2.2.1) + activemodel (3.2.9) + activesupport (= 3.2.9) builder (~> 3.0.0) - activerecord (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) + activerecord (3.2.9) + activemodel (= 3.2.9) + activesupport (= 3.2.9) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) - activesupport (3.2.8) + activeresource (3.2.9) + activemodel (= 3.2.9) + activesupport (= 3.2.9) + activesupport (3.2.9) i18n (~> 0.6) multi_json (~> 1.0) arel (3.0.2) @@ -59,13 +59,13 @@ GEM mime-types (1.19) mocha (0.10.0) metaclass (~> 0.0.1) - mongoid (3.0.11) + mongoid (3.0.14) activemodel (~> 3.1) moped (~> 1.1) origin (~> 1.0) tzinfo (~> 0.3.22) - moped (1.2.8) - multi_json (1.3.7) + moped (1.3.1) + multi_json (1.4.0) multipart-post (1.1.5) nokogiri (1.5.5) oauth2 (0.8.0) @@ -85,7 +85,7 @@ GEM omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - origin (1.0.10) + origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) rack (1.4.1) @@ -98,27 +98,28 @@ GEM rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.8) - actionmailer (= 3.2.8) - actionpack (= 3.2.8) - activerecord (= 3.2.8) - activeresource (= 3.2.8) - activesupport (= 3.2.8) + rails (3.2.9) + actionmailer (= 3.2.9) + actionpack (= 3.2.9) + activerecord (= 3.2.9) + activeresource (= 3.2.9) + activesupport (= 3.2.9) bundler (~> 1.0) - railties (= 3.2.8) - railties (3.2.8) - actionpack (= 3.2.8) - activesupport (= 3.2.8) + railties (= 3.2.9) + railties (3.2.9) + actionpack (= 3.2.9) + activesupport (= 3.2.9) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) - rake (0.9.2.2) + rake (10.0.2) rdoc (3.12) json (~> 1.4) ruby-openid (2.2.2) - sprockets (2.1.3) + sprockets (2.2.2) hike (~> 1.2) + multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.6) From ac3a25bf2e1c7be29b88de0bd6350aedad33f379 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 4 Dec 2012 17:48:49 -0200 Subject: [PATCH 0050/1473] Remove nothing raised assertion Let the test raise if that is the case, no need for assert that nothing was raised. Hopefully fix the build :sparkles: --- test/models/database_authenticatable_test.rb | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 7693b8283b..2984371869 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -17,14 +17,10 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase email = 'Foo@Bar1.com' confirmation = 'Foo@Bar1.com' attributes = valid_attributes(:email => email, :email_confirmation => confirmation) - user = UserWithVirtualAttributes.new(attributes) - assert_equal confirmation, user.email_confirmation - - assert_nothing_raised ActiveRecord::RecordInvalid do - user.save! - end + assert_equal confirmation, user.email_confirmation + user.save! assert_equal confirmation.downcase, user.email_confirmation end From 01669c737487f927f85e51aba2ead709051f85a0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 10 Dec 2012 10:59:50 -0200 Subject: [PATCH 0051/1473] Display the build status just for the `master` branch [ci skip]. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d4da20703b..56ee957e55 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## Devise -[![Build Status](https://secure.travis-ci.org/plataformatec/devise.png)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/plataformatec/devise) +[![Build Status](https://secure.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/plataformatec/devise) This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). From eeb6a3075284e940a4740d90434a306159e6af66 Mon Sep 17 00:00:00 2001 From: Michael Rykov Date: Tue, 11 Dec 2012 10:39:47 -0800 Subject: [PATCH 0052/1473] Add 'Gem Version' badge to README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 56ee957e55..e340a29fdd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ ## Devise -[![Build Status](https://secure.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/plataformatec/devise) +[![Build Status](https://secure.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) +[![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/plataformatec/devise) +[![Gem Version](https://fury-badge.herokuapp.com/rb/devise.png)](http://badge.fury.io/rb/devise) This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). From e1fde192f27a2d31cb005f6fdc7a34609de42083 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 13 Dec 2012 08:43:43 +0100 Subject: [PATCH 0053/1473] Update CHANGELOG --- CHANGELOG.rdoc | 3 +++ config/locales/en.yml | 2 +- lib/devise/strategies/database_authenticatable.rb | 2 +- test/integration/database_authenticatable_test.rb | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index db9bb16ac8..7da10e1ea2 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -6,8 +6,11 @@ * Add autofocus to default views (by @Radagaisus) * Support Mongoid 3 onwards (by @durran) * Unlock user on password reset (by @marcinb) + * Allow validation callbacks to apply to virtual attributes (by @latortuga) + * Support alternate sign in error message when email record does not exist (@gabetax) * bug fix + * Fix default email_regexp config to not allow spaces (by @kukula) * Fix a regression introduced on warden 1.2.1 (by @ejfinneran) * Properly camelize omniauth strategies (by @saizai) * Do not set flash messages for non navigational requests on session sign out (by @mathieul) diff --git a/config/locales/en.yml b/config/locales/en.yml index 824c4ce8bb..4572f2ef8e 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -18,8 +18,8 @@ en: unauthenticated: 'You need to sign in or sign up before continuing.' unconfirmed: 'You have to confirm your account before continuing.' locked: 'Your account is locked.' + not_found_in_database: 'Invalid email or password.' invalid: 'Invalid email or password.' - invalid_email: 'Invalid email or password.' invalid_token: 'Invalid authentication token.' timeout: 'Your session expired, please sign in again to continue.' inactive: 'Your account was not activated yet.' diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index 78d9581211..bccebb25eb 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -6,7 +6,7 @@ module Strategies class DatabaseAuthenticatable < Authenticatable def authenticate! resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) - return fail(:invalid_email) unless resource + return fail(:not_found_in_database) unless resource if validate(resource){ resource.valid_password?(password) } resource.after_database_authentication diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 39c2e2cda3..4bdf10ee1d 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -53,7 +53,7 @@ class DatabaseAuthenticationTest < ActionController::IntegrationTest end test 'sign in with invalid email should return to sign in form with error message' do - store_translations :en, :devise => { :failure => { :admin => { :invalid_email => 'Invalid email address' } } } do + store_translations :en, :devise => { :failure => { :admin => { :not_found_in_database => 'Invalid email address' } } } do sign_in_as_admin do fill_in 'email', :with => 'wrongemail@test.com' end From 4c83743263532259f02e6a1b5c6064ed38016a69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 13 Dec 2012 08:53:23 +0100 Subject: [PATCH 0054/1473] unconfirmed_email now uses the proper e-mail on salutation, related to #2060 --- CHANGELOG.rdoc | 1 + app/views/devise/mailer/confirmation_instructions.html.erb | 2 +- lib/devise/mailers/helpers.rb | 2 +- .../templates/markerb/confirmation_instructions.markerb | 2 +- test/models/confirmable_test.rb | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 7da10e1ea2..17d6adbd1e 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -10,6 +10,7 @@ * Support alternate sign in error message when email record does not exist (@gabetax) * bug fix + * unconfirmed_email now uses the proper e-mail on salutation * Fix default email_regexp config to not allow spaces (by @kukula) * Fix a regression introduced on warden 1.2.1 (by @ejfinneran) * Properly camelize omniauth strategies (by @saizai) diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb index a5c4585e8d..133fd72353 100644 --- a/app/views/devise/mailer/confirmation_instructions.html.erb +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -1,4 +1,4 @@ -

Welcome <%= @resource.email %>!

+

Welcome <%= @headers[:to] %>!

You can confirm your account email through the link below:

diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 7d1b92e283..ee3c7c1be1 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -38,7 +38,7 @@ def headers_for(action) headers.merge!(resource.headers_for(action)) end - headers + @headers = headers end def mailer_reply_to(mapping) diff --git a/lib/generators/templates/markerb/confirmation_instructions.markerb b/lib/generators/templates/markerb/confirmation_instructions.markerb index 84665383ec..621add1d21 100644 --- a/lib/generators/templates/markerb/confirmation_instructions.markerb +++ b/lib/generators/templates/markerb/confirmation_instructions.markerb @@ -1,4 +1,4 @@ -Welcome <%= @resource.email %>! +Welcome <%= @headers[:to] %>! You can confirm your account through the link below: diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 3d93d6dba0..74df0b3769 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -294,7 +294,6 @@ class ReconfirmableTest < ActiveSupport::TestCase assert_nil admin.confirmation_token end - test 'should regenerate confirmation token after changing email' do admin = create_admin assert admin.confirm! @@ -310,6 +309,7 @@ class ReconfirmableTest < ActiveSupport::TestCase assert_email_sent "new_test@example.com" do assert admin.update_attributes(:email => 'new_test@example.com') end + assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded end test 'should not send confirmation by email after changing password' do From 839e8fc8aca87fbe6920b5e4e4a9778362947d71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 13 Dec 2012 09:13:33 +0100 Subject: [PATCH 0055/1473] Show if there is an e-mail waiting for confirmation, closes #2060 --- app/views/devise/registrations/edit.html.erb | 4 ++++ .../templates/simple_form_for/registrations/edit.html.erb | 5 +++++ test/integration/confirmable_test.rb | 1 + test/integration/registerable_test.rb | 4 +++- 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 1f6bbf6bf6..7d701c6c20 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -6,6 +6,10 @@
<%= f.label :email %>
<%= f.email_field :email, :autofocus => true %>
+ <% if resource.class.reconfirmable && resource.unconfirmed_email.present? %> +
Currently waiting confirmation for: <%= resource.unconfirmed_email %>
+ <% end %> +
<%= f.label :password %> (leave blank if you don't want to change it)
<%= f.password_field :password, :autocomplete => "off" %>
diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index 6a9a4b390c..52f8fa82bd 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -5,6 +5,11 @@
<%= f.input :email, :required => true, :autofocus => true %> + + <% if resource.class.reconfirmable && resource.unconfirmed_email.present? %> +

Currently waiting confirmation for: <%= resource.unconfirmed_email %>

+ <% end %> + <%= f.input :password, :autocomplete => "off", :hint => "leave it blank if you don't want to change it", :required => false %> <%= f.input :password_confirmation, :required => false %> <%= f.input :current_password, :hint => "we need your current password to confirm your changes", :required => true %> diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 9acd99eae3..c9858572e0 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -268,6 +268,7 @@ def visit_admin_confirmation_with_token(confirmation_token) admin = create_admin admin.update_attributes(:email => 'first_test@example.com') assert_equal 'first_test@example.com', admin.unconfirmed_email + confirmation_token = admin.confirmation_token admin.update_attributes(:email => 'second_test@example.com') assert_equal 'second_test@example.com', admin.unconfirmed_email diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index fb3f31f896..5fc487eaa9 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -303,8 +303,10 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest assert_current_url '/admin_area/home' assert_contain 'but we need to verify your new email address' + assert_equal 'admin.new@example.com', Admin.first.unconfirmed_email - assert_equal "admin.new@example.com", Admin.first.unconfirmed_email + get edit_admin_registration_path + assert_contain 'Currently waiting confirmation for: admin.new@example.com' end test 'a signed in admin should not see a reconfirmation message if they did not change their password' do From 30ab6f923d2a8306f4f3bbb5aee539bce8c143d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 13 Dec 2012 09:20:46 +0100 Subject: [PATCH 0056/1473] Release 2.2.0.rc --- CHANGELOG.rdoc | 17 +++++++++++------ Gemfile.lock | 2 +- app/controllers/devise_controller.rb | 2 +- lib/devise/version.rb | 2 +- .../app/controllers/application_controller.rb | 1 + 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 17d6adbd1e..d24a0f7900 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,13 +1,19 @@ -* enhancement - * Default minimum password length is now 8 (by @carlosgaldino). +== 2.2.0.rc + +* important changes + * Default minimum password length is now 8 (by @carlosgaldino) + * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (@gabetax) + * DeviseController responds only to HTML requests by default (call `DeviseController.respond_to` or `ApplicationController.respond_to` to add new formats) + * Support Mongoid 3 onwards (by @durran) + * Fix unlockable which could leak account existence on paranoid mode (by @latortuga) + +* enhancements * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt) - * Make #set_flash_message respect i18n-set resource_name (by @latortuga) + * Flash messages in controller now respects `resource_name` (by @latortuga) * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast) * Add autofocus to default views (by @Radagaisus) - * Support Mongoid 3 onwards (by @durran) * Unlock user on password reset (by @marcinb) * Allow validation callbacks to apply to virtual attributes (by @latortuga) - * Support alternate sign in error message when email record does not exist (@gabetax) * bug fix * unconfirmed_email now uses the proper e-mail on salutation @@ -18,7 +24,6 @@ * Set the proper fields as required on the lockable module (by @nickhoffman) * Respects Devise mailer default's reply_to (by @mrchrisadams) * Properly assign resource on `sign_in` related action (by @adammcnamara) - * Unlockable could leak account existence on paranoid mode (by @latortuga) * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby) * Properly handle namespaced models on Active Record generator (by @nashby) diff --git a/Gemfile.lock b/Gemfile.lock index fcda17300d..f605ad18c9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (2.1.2) + devise (2.2.0.rc) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 376b03d43e..d2401796a4 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -10,7 +10,7 @@ class DeviseController < Devise.parent_controller.constantize helper_method *helpers prepend_before_filter :assert_is_devise_resource! - respond_to *Mime::SET.map(&:to_sym) if mimes_for_respond_to.empty? + respond_to :html if mimes_for_respond_to.empty? # Gets the actual resource stored in the instance variable def resource diff --git a/lib/devise/version.rb b/lib/devise/version.rb index e5d6e9f62e..76457be339 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "2.1.2".freeze + VERSION = "2.2.0.rc".freeze end diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb index c1cfa4991a..30b1677a89 100644 --- a/test/rails_app/app/controllers/application_controller.rb +++ b/test/rails_app/app/controllers/application_controller.rb @@ -5,4 +5,5 @@ class ApplicationController < ActionController::Base protect_from_forgery before_filter :current_user, :unless => :devise_controller? before_filter :authenticate_user!, :if => :devise_controller? + respond_to *Mime::SET.map(&:to_sym) end From 86f0bff332e295d59f5daef30f9a28631de0692f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 13 Dec 2012 09:59:36 +0100 Subject: [PATCH 0057/1473] Apparently Rails 3.1 does not like @headers as ivar --- app/views/devise/mailer/confirmation_instructions.html.erb | 2 +- lib/devise/mailers/helpers.rb | 5 +++-- .../templates/markerb/confirmation_instructions.markerb | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb index 133fd72353..5b04a7259e 100644 --- a/app/views/devise/mailer/confirmation_instructions.html.erb +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -1,4 +1,4 @@ -

Welcome <%= @headers[:to] %>!

+

Welcome <%= @email %>!

You can confirm your account email through the link below:

diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index ee3c7c1be1..2572cfeb39 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -38,13 +38,14 @@ def headers_for(action) headers.merge!(resource.headers_for(action)) end - @headers = headers + @email = headers[:to] + headers end def mailer_reply_to(mapping) mailer_sender(mapping, :reply_to) end - + def mailer_from(mapping) mailer_sender(mapping, :from) end diff --git a/lib/generators/templates/markerb/confirmation_instructions.markerb b/lib/generators/templates/markerb/confirmation_instructions.markerb index 621add1d21..bc20339eff 100644 --- a/lib/generators/templates/markerb/confirmation_instructions.markerb +++ b/lib/generators/templates/markerb/confirmation_instructions.markerb @@ -1,4 +1,4 @@ -Welcome <%= @headers[:to] %>! +Welcome <%= @email %>! You can confirm your account through the link below: From 5745d97232a7d0d7b34ef9317a9cfac34af3ce31 Mon Sep 17 00:00:00 2001 From: Graham Wagener Date: Fri, 14 Dec 2012 15:06:45 +1300 Subject: [PATCH 0058/1473] Improved grammar of reset password e-mail. --- app/views/devise/mailer/reset_password_instructions.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb index ae9e888abb..2713034840 100644 --- a/app/views/devise/mailer/reset_password_instructions.html.erb +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -1,6 +1,6 @@

Hello <%= @resource.email %>!

-

Someone has requested a link to change your password, and you can do this through the link below.

+

Someone has requested a link to change your password. You can do this through the link below.

<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>

From 19b5bcbe0fe63489f67eaf42aefea382d45cc1d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 4 Jan 2013 18:34:52 +0100 Subject: [PATCH 0059/1473] Accept mail options in Devise::Mailer and deprecate headers_for --- CHANGELOG.rdoc | 4 ++++ app/mailers/devise/mailer.rb | 12 ++++++------ lib/devise/mailers/helpers.rb | 13 ++++++++----- lib/devise/models/authenticatable.rb | 8 ++------ lib/devise/models/confirmable.rb | 12 +++--------- 5 files changed, 23 insertions(+), 26 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index d24a0f7900..56d27bd26b 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,7 @@ +* backwards incompatibility changes + * `headers_for` is deprecated, customize the mailer directly instead + * All mailer methods now expect a second argument with delivery options + == 2.2.0.rc * important changes diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index df07e0f178..4d923ac34d 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -1,15 +1,15 @@ class Devise::Mailer < ::ActionMailer::Base include Devise::Mailers::Helpers - def confirmation_instructions(record) - devise_mail(record, :confirmation_instructions) + def confirmation_instructions(record, opts={}) + devise_mail(record, :confirmation_instructions, opts) end - def reset_password_instructions(record) - devise_mail(record, :reset_password_instructions) + def reset_password_instructions(record, opts={}) + devise_mail(record, :reset_password_instructions, opts) end - def unlock_instructions(record) - devise_mail(record, :unlock_instructions) + def unlock_instructions(record, opts={}) + devise_mail(record, :unlock_instructions, opts) end end diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 2572cfeb39..6ad500cef3 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -11,9 +11,9 @@ module Helpers protected # Configure default email options - def devise_mail(record, action) + def devise_mail(record, action, opts={}) initialize_from_record(record) - mail headers_for(action) + mail headers_for(action, opts) end def initialize_from_record(record) @@ -25,16 +25,19 @@ def devise_mapping @devise_mapping ||= Devise.mappings[scope_name] end - def headers_for(action) + def headers_for(action, opts) headers = { :subject => translate(devise_mapping, action), :to => resource.email, :from => mailer_sender(devise_mapping), :reply_to => mailer_reply_to(devise_mapping), - :template_path => template_paths - } + :template_path => template_paths, + :template_name => action + }.merge(opts) if resource.respond_to?(:headers_for) + ActiveSupport::Deprecation.warn "Calling headers_for in the model is no longer supported. " << + "Please customize your mailer instead." headers.merge!(resource.headers_for(action)) end diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 6600f52632..7f7d63aae2 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -93,10 +93,6 @@ def inactive_message def authenticatable_salt end - def headers_for(name) - {} - end - array = %w(serializable_hash) # to_xml does not call serializable_hash on 3.1 array << "to_xml" if Rails::VERSION::STRING[0,3] == "3.1" @@ -159,8 +155,8 @@ def devise_mailer # end # end # - def send_devise_notification(notification) - devise_mailer.send(notification, self).deliver + def send_devise_notification(notification, opts={}) + devise_mailer.send(notification, self, opts).deliver end def downcase_keys diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index f21ecb7f31..b3b4188db7 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -87,7 +87,9 @@ def send_confirmation_instructions @reconfirmation_required = false generate_confirmation_token! if self.confirmation_token.blank? - send_devise_notification(:confirmation_instructions) + + opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { } + send_devise_notification(:confirmation_instructions, opts) end # Resend confirmation token. This method does not need to generate a new token. @@ -123,14 +125,6 @@ def skip_reconfirmation! @bypass_postpone = true end - def headers_for(action) - headers = super - if action == :confirmation_instructions && pending_reconfirmation? - headers[:to] = unconfirmed_email - end - headers - end - protected # A callback method used to deliver confirmation From 84b8188db9f265ad9226cb9a4a19339ffd400c31 Mon Sep 17 00:00:00 2001 From: Alan Larkin Date: Sat, 5 Jan 2013 18:20:35 +0000 Subject: [PATCH 0060/1473] Added failing integration test for XHR invocation of SessionsController#destroy with `*/*' in the `Accept' header. --- test/integration/authenticatable_test.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 26ada6e276..04c2fa0b35 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -517,6 +517,25 @@ class AuthenticationOthersTest < ActionController::IntegrationTest assert_response :no_content assert_not warden.authenticated?(:user) end + + test 'sign out with non-navigational format via XHR does not redirect' do + swap Devise, :navigational_formats => ['*/*', :html] do + sign_in_as_user + xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. + assert_response :no_content + assert_not warden.authenticated?(:user) + end + end + + # Belt and braces ... Perhaps this test is not necessary? + test 'sign out with navigational format via XHR does redirect' do + swap Devise, :navigational_formats => ['*/*', :html] do + sign_in_as_user + xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" } + assert_response :redirect + assert_not warden.authenticated?(:user) + end + end end class AuthenticationKeysTest < ActionController::IntegrationTest From f2de7bf84c1aba9becc9822fdaa045bcbc886839 Mon Sep 17 00:00:00 2001 From: Alan Larkin Date: Sun, 6 Jan 2013 03:50:26 +0000 Subject: [PATCH 0061/1473] Fixed bug in SessionsController#destroy which caused all XHR requests, regardless of `Accept' header, to be treated as 'text/html'. --- app/controllers/devise/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 39a1a99dc1..203fbd3a1b 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -27,10 +27,10 @@ def destroy # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request respond_to do |format| - format.any(*navigational_formats) { redirect_to redirect_path } format.all do head :no_content end + format.any(*navigational_formats) { redirect_to redirect_path } end end From 8fa3951beac6287de97133a4cdf34f3a2816afa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 6 Jan 2013 11:07:51 +0100 Subject: [PATCH 0062/1473] Update app/controllers/devise/sessions_controller.rb --- app/controllers/devise/sessions_controller.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 203fbd3a1b..5cd22999a6 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -27,9 +27,7 @@ def destroy # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request respond_to do |format| - format.all do - head :no_content - end + format.all { head :no_content } format.any(*navigational_formats) { redirect_to redirect_path } end end From beda0fe9bd7bc571da72cc1e983c4a172c305a8b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 8 Jan 2013 09:22:26 -0200 Subject: [PATCH 0063/1473] Update copyright [ci skip] Or as @rafaelfranca says: Happy New Year :fireworks: --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index fd1e181c9b..70d5130602 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2009-2012 Plataformatec. http://plataformatec.com.br +Copyright 2009-2013 Plataformatec. http://plataformatec.com.br Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index e340a29fdd..d4347ed0e0 100644 --- a/README.md +++ b/README.md @@ -393,4 +393,4 @@ https://github.com/plataformatec/devise/contributors ## License -MIT License. Copyright 2012 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2013 Plataformatec. http://plataformatec.com.br From b2b8b5bf9a390690c48542b295c918823c95069f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 8 Jan 2013 21:30:43 +0100 Subject: [PATCH 0064/1473] Release v2.2.0 --- CHANGELOG.rdoc | 12 +++++------- lib/devise/version.rb | 2 +- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 56d27bd26b..d3c35e1c23 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,17 +1,15 @@ -* backwards incompatibility changes +== 2.2.0 + +* backwards incompatible changes * `headers_for` is deprecated, customize the mailer directly instead * All mailer methods now expect a second argument with delivery options - -== 2.2.0.rc - -* important changes * Default minimum password length is now 8 (by @carlosgaldino) - * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (@gabetax) + * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (by @gabetax) * DeviseController responds only to HTML requests by default (call `DeviseController.respond_to` or `ApplicationController.respond_to` to add new formats) * Support Mongoid 3 onwards (by @durran) - * Fix unlockable which could leak account existence on paranoid mode (by @latortuga) * enhancements + * Fix unlockable which could leak account existence on paranoid mode (by @latortuga) * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt) * Flash messages in controller now respects `resource_name` (by @latortuga) * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 76457be339..efa83f6c63 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "2.2.0.rc".freeze + VERSION = "2.2.0".freeze end From 4b0d161f95c994b6b5666154a7131e25aaa17f45 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Jan 2013 10:00:51 -0200 Subject: [PATCH 0065/1473] Update Gemfile.locks to latest patch releases of Rails and fix mocha to 0.10.0.t --- Gemfile.lock | 58 +++++++------- gemfiles/Gemfile.rails-3.1.x | 2 +- gemfiles/Gemfile.rails-3.1.x.lock | 121 +++++++++++++++--------------- 3 files changed, 92 insertions(+), 89 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f605ad18c9..8cef9d27e1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (2.2.0.rc) + devise (2.2.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) @@ -10,12 +10,12 @@ PATH GEM remote: http://rubygems.org/ specs: - actionmailer (3.2.9) - actionpack (= 3.2.9) + actionmailer (3.2.11) + actionpack (= 3.2.11) mail (~> 2.4.4) - actionpack (3.2.9) - activemodel (= 3.2.9) - activesupport (= 3.2.9) + actionpack (3.2.11) + activemodel (= 3.2.11) + activesupport (= 3.2.11) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) @@ -23,18 +23,18 @@ GEM rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) - activemodel (3.2.9) - activesupport (= 3.2.9) + activemodel (3.2.11) + activesupport (= 3.2.11) builder (~> 3.0.0) - activerecord (3.2.9) - activemodel (= 3.2.9) - activesupport (= 3.2.9) + activerecord (3.2.11) + activemodel (= 3.2.11) + activesupport (= 3.2.11) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.9) - activemodel (= 3.2.9) - activesupport (= 3.2.9) - activesupport (3.2.9) + activeresource (3.2.11) + activemodel (= 3.2.11) + activesupport (= 3.2.11) + activesupport (3.2.11) i18n (~> 0.6) multi_json (~> 1.0) arel (3.0.2) @@ -48,7 +48,7 @@ GEM httpauth (0.2.0) i18n (0.6.1) journey (1.0.4) - json (1.7.5) + json (1.7.6) jwt (0.1.5) multi_json (>= 1.0) mail (2.4.4) @@ -65,7 +65,7 @@ GEM origin (~> 1.0) tzinfo (~> 0.3.22) moped (1.3.1) - multi_json (1.4.0) + multi_json (1.5.0) multipart-post (1.1.5) nokogiri (1.5.5) oauth2 (0.8.0) @@ -88,7 +88,7 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - rack (1.4.1) + rack (1.4.3) rack-cache (1.2) rack (>= 0.4) rack-openid (1.3.1) @@ -98,22 +98,22 @@ GEM rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.9) - actionmailer (= 3.2.9) - actionpack (= 3.2.9) - activerecord (= 3.2.9) - activeresource (= 3.2.9) - activesupport (= 3.2.9) + rails (3.2.11) + actionmailer (= 3.2.11) + actionpack (= 3.2.11) + activerecord (= 3.2.11) + activeresource (= 3.2.11) + activesupport (= 3.2.11) bundler (~> 1.0) - railties (= 3.2.9) - railties (3.2.9) - actionpack (= 3.2.9) - activesupport (= 3.2.9) + railties (= 3.2.11) + railties (3.2.11) + actionpack (= 3.2.11) + activesupport (= 3.2.11) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) - rake (10.0.2) + rake (10.0.3) rdoc (3.12) json (~> 1.4) ruby-openid (2.2.2) diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x index d9d7820827..dc6ab51fcc 100644 --- a/gemfiles/Gemfile.rails-3.1.x +++ b/gemfiles/Gemfile.rails-3.1.x @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.2", :require => false - gem "mocha", :require => false + gem "mocha", "0.10.0", :require => false platforms :mri_18 do gem "ruby-debug", ">= 0.10.3" diff --git a/gemfiles/Gemfile.rails-3.1.x.lock b/gemfiles/Gemfile.rails-3.1.x.lock index ddb22af615..cd20f8392c 100644 --- a/gemfiles/Gemfile.rails-3.1.x.lock +++ b/gemfiles/Gemfile.rails-3.1.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (2.1.2) + devise (2.2.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) @@ -10,48 +10,48 @@ PATH GEM remote: http://rubygems.org/ specs: - actionmailer (3.1.4) - actionpack (= 3.1.4) - mail (~> 2.3.0) - actionpack (3.1.4) - activemodel (= 3.1.4) - activesupport (= 3.1.4) + actionmailer (3.1.10) + actionpack (= 3.1.10) + mail (~> 2.3.3) + actionpack (3.1.10) + activemodel (= 3.1.10) + activesupport (= 3.1.10) builder (~> 3.0.0) erubis (~> 2.7.0) i18n (~> 0.6) rack (~> 1.3.6) - rack-cache (~> 1.1) + rack-cache (~> 1.2) rack-mount (~> 0.8.2) rack-test (~> 0.6.1) - sprockets (~> 2.0.3) - activemodel (3.1.4) - activesupport (= 3.1.4) + sprockets (~> 2.0.4) + activemodel (3.1.10) + activesupport (= 3.1.10) builder (~> 3.0.0) i18n (~> 0.6) - activerecord (3.1.4) - activemodel (= 3.1.4) - activesupport (= 3.1.4) + activerecord (3.1.10) + activemodel (= 3.1.10) + activesupport (= 3.1.10) arel (~> 2.2.3) tzinfo (~> 0.3.29) - activeresource (3.1.4) - activemodel (= 3.1.4) - activesupport (= 3.1.4) - activesupport (3.1.4) - multi_json (~> 1.0) - addressable (2.2.7) + activeresource (3.1.10) + activemodel (= 3.1.10) + activesupport (= 3.1.10) + activesupport (3.1.10) + multi_json (>= 1.0, < 1.3) arel (2.2.3) bcrypt-ruby (3.0.1) - builder (3.0.0) + builder (3.0.4) columnize (0.3.6) erubis (2.7.0) - faraday (0.7.6) - addressable (~> 2.2) + faraday (0.8.4) multipart-post (~> 1.1) - rack (~> 1.1) hashie (1.2.0) hike (1.2.1) - i18n (0.6.0) - json (1.7.0) + httpauth (0.2.0) + i18n (0.6.1) + json (1.7.6) + jwt (0.1.5) + multi_json (>= 1.0) linecache (0.46) rbx-require-relative (> 0.0.4) mail (2.3.3) @@ -59,36 +59,39 @@ GEM mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.18) - mocha (0.10.4) + mime-types (1.19) + mocha (0.10.0) metaclass (~> 0.0.1) - mongoid (3.0.12) + mongoid (3.0.16) activemodel (~> 3.1) moped (~> 1.1) origin (~> 1.0) tzinfo (~> 0.3.22) - moped (1.2.9) - multi_json (1.3.4) + moped (1.3.2) + multi_json (1.2.0) multipart-post (1.1.5) - nokogiri (1.5.0) - oauth2 (0.5.2) - faraday (~> 0.7) + nokogiri (1.5.6) + oauth2 (0.8.0) + faraday (~> 0.8) + httpauth (~> 0.1) + jwt (~> 0.1.4) multi_json (~> 1.0) - omniauth (1.0.2) + rack (~> 1.2) + omniauth (1.0.3) hashie (~> 1.2) rack - omniauth-facebook (1.2.0) - omniauth-oauth2 (~> 1.0.0) - omniauth-oauth2 (1.0.0) - oauth2 (~> 0.5.0) + omniauth-facebook (1.4.0) + omniauth-oauth2 (~> 1.0.2) + omniauth-oauth2 (1.0.3) + oauth2 (~> 0.8.0) omniauth (~> 1.0) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - origin (1.0.10) + origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - rack (1.3.6) + rack (1.3.8) rack-cache (1.2) rack (>= 0.4) rack-mount (0.8.3) @@ -98,25 +101,25 @@ GEM ruby-openid (>= 2.1.8) rack-ssl (1.3.2) rack - rack-test (0.6.1) + rack-test (0.6.2) rack (>= 1.0) - rails (3.1.4) - actionmailer (= 3.1.4) - actionpack (= 3.1.4) - activerecord (= 3.1.4) - activeresource (= 3.1.4) - activesupport (= 3.1.4) + rails (3.1.10) + actionmailer (= 3.1.10) + actionpack (= 3.1.10) + activerecord (= 3.1.10) + activeresource (= 3.1.10) + activesupport (= 3.1.10) bundler (~> 1.0) - railties (= 3.1.4) - railties (3.1.4) - actionpack (= 3.1.4) - activesupport (= 3.1.4) + railties (= 3.1.10) + railties (3.1.10) + actionpack (= 3.1.10) + activesupport (= 3.1.10) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (~> 0.14.6) - rake (0.9.2.2) - rbx-require-relative (0.0.5) + rake (10.0.3) + rbx-require-relative (0.0.9) rdoc (3.12) json (~> 1.4) ruby-debug (0.10.4) @@ -124,18 +127,18 @@ GEM ruby-debug-base (~> 0.10.4.0) ruby-debug-base (0.10.4) linecache (>= 0.3) - ruby-openid (2.1.8) + ruby-openid (2.2.2) sprockets (2.0.4) hike (~> 1.2) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.5) + sqlite3 (1.3.6) thor (0.14.6) tilt (1.3.3) - treetop (1.4.10) + treetop (1.4.12) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.33) + tzinfo (0.3.35) warden (1.2.1) rack (>= 1.0) webrat (0.7.2) @@ -151,7 +154,7 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha + mocha (= 0.10.0) mongoid (~> 3.0) omniauth (~> 1.0.0) omniauth-facebook From 9f8d3db2b49ddd9aeb45e14d98d7eb78b9162570 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Wed, 9 Jan 2013 10:11:24 -0200 Subject: [PATCH 0066/1473] Notify on campfire --- .travis.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5584ec5170..2e6c157c12 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,8 +34,9 @@ gemfile: services: - mongodb notifications: - recipients: - - jose.valim@plataformatec.com.br - - carlos@plataformatec.com.br - - rodrigo.flores@plataformatec.com.br - - rafael.franca@plataformatec.com.br + email: false + campfire: + on_success: change + on_failure: always + rooms: + secure: "TRiqvuM4i/QmRDWjUSNitE5/P91BOzDkNl53+bZjjtxcISCswZtmECWBR7n9\n3xwqCOU1o2lfohxZ32OHOj/Nj7o+90zWJfWxcv+if0hIXRiil62M5pg0lZUd\nyJ4M5VQ0lSWo5he1OUrXhSabPJeaK3B8yT/tdh+qO5yzR+vb/jc=" From 5bfbc264b7aba03a430549c8cd8d0adc5c3ec6ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Wed, 9 Jan 2013 10:14:01 -0200 Subject: [PATCH 0067/1473] Invalid YAML :bomb: --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 2e6c157c12..6697c9ad44 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,4 +39,4 @@ notifications: on_success: change on_failure: always rooms: - secure: "TRiqvuM4i/QmRDWjUSNitE5/P91BOzDkNl53+bZjjtxcISCswZtmECWBR7n9\n3xwqCOU1o2lfohxZ32OHOj/Nj7o+90zWJfWxcv+if0hIXRiil62M5pg0lZUd\nyJ4M5VQ0lSWo5he1OUrXhSabPJeaK3B8yT/tdh+qO5yzR+vb/jc=" + - secure: "TRiqvuM4i/QmRDWjUSNitE5/P91BOzDkNl53+bZjjtxcISCswZtmECWBR7n9\n3xwqCOU1o2lfohxZ32OHOj/Nj7o+90zWJfWxcv+if0hIXRiil62M5pg0lZUd\nyJ4M5VQ0lSWo5he1OUrXhSabPJeaK3B8yT/tdh+qO5yzR+vb/jc=" From ca7d479e90398239cee732f3d45058295328826a Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Jan 2013 11:50:45 -0200 Subject: [PATCH 0068/1473] Install mongoid only on 1.9 --- Gemfile | 5 ++++- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-3.1.x | 4 +++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 3d429b0f7b..14ca2a0b38 100644 --- a/Gemfile +++ b/Gemfile @@ -22,8 +22,11 @@ end platforms :ruby do gem "sqlite3" +end + +platforms :mri_19 do group :mongoid do gem "mongoid", "~> 3.0" end -end +end \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 8cef9d27e1..ecf580908b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -59,12 +59,12 @@ GEM mime-types (1.19) mocha (0.10.0) metaclass (~> 0.0.1) - mongoid (3.0.14) + mongoid (3.0.16) activemodel (~> 3.1) moped (~> 1.1) origin (~> 1.0) tzinfo (~> 0.3.22) - moped (1.3.1) + moped (1.3.2) multi_json (1.5.0) multipart-post (1.1.5) nokogiri (1.5.5) diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x index dc6ab51fcc..7e6b1db673 100644 --- a/gemfiles/Gemfile.rails-3.1.x +++ b/gemfiles/Gemfile.rails-3.1.x @@ -26,8 +26,10 @@ end platforms :ruby do gem "sqlite3" +end +platforms :mri_19 do group :mongoid do gem "mongoid", "~> 3.0" end -end +end \ No newline at end of file From c76836624088f03e8617f17ac5379e885058de35 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 9 Jan 2013 11:41:20 -0600 Subject: [PATCH 0069/1473] Add failing tests for Issue #2204 For a point release upgrade, Devise should not throw an exception when trying to downcase or strip globally configured keys. This would be a breaking change in functionality and this test demonstrates the issue. --- test/models/database_authenticatable_test.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 2984371869..e9831a7d21 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -34,6 +34,18 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_equal email.strip, user.email end + test "doesn't throw exception when globally configured strip_whitespace_keys are not present on a model" do + swap Devise, :strip_whitespace_keys => [:fake_key] do + assert_nothing_raised { create_user } + end + end + + test "doesn't throw exception when globally configured case_insensitive_keys are not present on a model" do + swap Devise, :case_insensitive_keys => [:fake_key] do + assert_nothing_raised { create_user } + end + end + test "param filter should not convert booleans and integer to strings" do conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) } conditions = Devise::ParamFilter.new([], []).filter(conditions) From 75ce916be9156275ccc8d695930bd033a1246aaa Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 9 Jan 2013 11:42:54 -0600 Subject: [PATCH 0070/1473] Call respond_to?(attr) before applying strip or downcase This avoids calling strip and downcase on globally configured keys that may not exist on all devise models. Fixes #2204, a regression introduced by PR #2135. Also included a note about the intentional use of respond_to. --- lib/devise/models/authenticatable.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 7f7d63aae2..e3f9f75d9c 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -168,7 +168,16 @@ def strip_whitespace end def apply_to_attribute_or_variable(attr, method) - (self[attr] || send(attr)).try(method) + if self[attr] + self[attr].try(method) + + # Use respond_to? here to avoid a regression where globally + # configured strip_whitespace_keys or case_insensitive_keys were + # attempting to strip! or downcase! when a model didn't have the + # globally configured key. + elsif respond_to?(attr) + send(attr).try(method) + end end module ClassMethods From d48414b0a5198480e287e718e427ad2c48cc3269 Mon Sep 17 00:00:00 2001 From: Danial Pearce Date: Thu, 10 Jan 2013 15:26:06 +1100 Subject: [PATCH 0071/1473] Rename Devise::Mailer.translate() to something more inline with what it does. --- lib/devise/mailers/helpers.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 6ad500cef3..7f32e5f25a 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -27,7 +27,7 @@ def devise_mapping def headers_for(action, opts) headers = { - :subject => translate(devise_mapping, action), + :subject => subject_for(action), :to => resource.email, :from => mailer_sender(devise_mapping), :reply_to => mailer_reply_to(devise_mapping), @@ -86,8 +86,8 @@ def template_paths # confirmation_instructions: # subject: '...' # - def translate(mapping, key) - I18n.t(:"#{mapping.name}_subject", :scope => [:devise, :mailer, key], + def subject_for(key) + I18n.t(:"#{devise_mapping.name}_subject", :scope => [:devise, :mailer, key], :default => [:subject, key.to_s.humanize]) end end From 33fb89340a2a6d93f010042636d9f8f2dd48671b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 11 Jan 2013 19:12:53 +0100 Subject: [PATCH 0072/1473] Revert "update_with_password doesn't change encrypted password when it is invalid" This reverts commit 10235f9d7204128e0daf17715b96e65df8e26e7d. --- lib/devise/models/database_authenticatable.rb | 1 - test/models/database_authenticatable_test.rb | 7 ------- 2 files changed, 8 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 7712544dcb..36e1bacc4d 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -64,7 +64,6 @@ def update_with_password(params, *options) result = if valid_password?(current_password) update_attributes(params, *options) else - params.delete(:password) self.assign_attributes(params, *options) self.valid? self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index e9831a7d21..8155b7e07d 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -132,13 +132,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_match "is invalid", user.errors[:current_password].join end - test 'should not change encrypted password when it is invalid' do - user = create_user - assert_not user.update_with_password(:current_password => 'other', - :password => 'pass4321', :password_confirmation => 'pass4321') - assert_not user.encrypted_password_changed? - end - test 'should add an error to current password when it is blank' do user = create_user assert_not user.update_with_password(:password => 'pass4321', From 872ef2b97fdb2efc072559db56daf15943f32eec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 11 Jan 2013 19:15:05 +0100 Subject: [PATCH 0073/1473] Release 2.2.1 with fixes for 2.2.0 regressions --- CHANGELOG.rdoc | 6 ++++++ Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index d3c35e1c23..97aea84748 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,9 @@ +== 2.2.1 + +* bug fix + * Fix regression with case_insensitive_keys + * Fix regression when password is blank when it is invalid + == 2.2.0 * backwards incompatible changes diff --git a/Gemfile.lock b/Gemfile.lock index ecf580908b..18f154ed0a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (2.2.0) + devise (2.2.1) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index efa83f6c63..1d00be94d7 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "2.2.0".freeze + VERSION = "2.2.1".freeze end From 70e38fe66d3a667acc2cffa4e7371673625a21d5 Mon Sep 17 00:00:00 2001 From: Steve Robinson Date: Sat, 12 Jan 2013 01:53:09 +0530 Subject: [PATCH 0074/1473] Changed link_to to button_to for delete user It is advisable to use link_to for mostly GET operations. Actions like DESTROY when presented as a link can cause severe vulnerabilities. Hence using a button is advisable. --- app/views/devise/registrations/edit.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 7d701c6c20..3c1293ddc1 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -24,6 +24,6 @@

Cancel my account

-

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.

+

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.

<%= link_to "Back", :back %> From 9913fde7499dff1dc8b2d46885a084f802b01466 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 12 Jan 2013 14:12:05 +0300 Subject: [PATCH 0075/1473] use click_button for canceling account in integration specs --- test/integration/registerable_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 5fc487eaa9..c1a9b923e9 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -214,7 +214,7 @@ def user_sign_up sign_in_as_user get edit_user_registration_path - click_link "Cancel my account", :method => :delete + click_button "Cancel my account" assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon." assert User.all.empty? @@ -344,4 +344,4 @@ class ReconfirmableRegistrationTest < ActionController::IntegrationTest assert_equal "admin.new@example.com", Admin.first.unconfirmed_email assert Admin.first.valid_password?('pas123') end -end \ No newline at end of file +end From 0c4615e33741f39a6dd1bfdefbcedc3cd2189af8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 13 Jan 2013 09:53:15 +0100 Subject: [PATCH 0076/1473] Properly check if reconfirmable is available --- app/views/devise/registrations/edit.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 3c1293ddc1..9bb2646216 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -6,7 +6,7 @@
<%= f.label :email %>
<%= f.email_field :email, :autofocus => true %>
- <% if resource.class.reconfirmable && resource.unconfirmed_email.present? %> + <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
Currently waiting confirmation for: <%= resource.unconfirmed_email %>
<% end %> From 47db984f52e7dfc8625361924fd33e25f9e30dbe Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 14 Jan 2013 18:53:34 -0200 Subject: [PATCH 0077/1473] Apply the changes on `0c4615e33` to the `simple_form` template too. --- .../templates/simple_form_for/registrations/edit.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index 52f8fa82bd..1ba5e81012 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -6,7 +6,7 @@
<%= f.input :email, :required => true, :autofocus => true %> - <% if resource.class.reconfirmable && resource.unconfirmed_email.present? %> + <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>

Currently waiting confirmation for: <%= resource.unconfirmed_email %>

<% end %> From 6c2f51e35e56c9ff13663101f78c75d9c9d7870d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 15 Jan 2013 21:03:15 +0100 Subject: [PATCH 0078/1473] Release 2.2.2 --- CHANGELOG.rdoc | 5 +++++ lib/devise/version.rb | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 97aea84748..4828c1bb7d 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,8 @@ +== 2.2.2 + +* bug fix + * Fix bug when checking for reconfirmable in templates + == 2.2.1 * bug fix diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 1d00be94d7..052f8f86e0 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "2.2.1".freeze + VERSION = "2.2.2".freeze end From cc017b1f0d41e999e05de684ce09848bcabbbf12 Mon Sep 17 00:00:00 2001 From: Jay Shepherd Date: Fri, 18 Jan 2013 02:26:41 -0600 Subject: [PATCH 0079/1473] Allow parent_mailer to be customizable via Devise.parent_mailer, useful for engines --- app/mailers/devise/mailer.rb | 2 +- lib/devise.rb | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index 4d923ac34d..d8097d1ff6 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -1,4 +1,4 @@ -class Devise::Mailer < ::ActionMailer::Base +class Devise::Mailer < Devise.parent_mailer.constantize include Devise::Mailers::Helpers def confirmation_instructions(record, opts={}) diff --git a/lib/devise.rb b/lib/devise.rb index 6b6cf197d6..1c22a35c29 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -199,6 +199,12 @@ module Strategies mattr_accessor :parent_controller @@parent_controller = "ApplicationController" + # The parent mailer all Devise mailers inherit from. + # Defaults to ActionMailer::Base. This should be set early + # in the initialization process and should be set to a string. + mattr_accessor :parent_mailer + @@parent_mailer = "ActionMailer::Base" + # The router Devise should use to generate routes. Defaults # to :main_app. Should be overriden by engines in order # to provide custom routes. From d3f8bd6cae3e8c24074914c422952684fcaa3ea4 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 20 Jan 2013 22:07:51 +0300 Subject: [PATCH 0080/1473] add key option to rememberable_options closes #2218 --- lib/devise.rb | 2 +- lib/devise/controllers/rememberable.rb | 10 +++++++--- lib/devise/strategies/rememberable.rb | 4 ++-- test/integration/rememberable_test.rb | 7 +++++++ 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 1c22a35c29..a6ed19a592 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -43,7 +43,7 @@ module Strategies # True values used to check params TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'] - # Custom domain for cookies. Not set by default + # Custom domain or key for cookies. Not set by default mattr_accessor :rememberable_options @@rememberable_options = {} diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index f664244daa..5f331cea08 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -23,14 +23,14 @@ def initialize(warden) def remember_me(resource) scope = Devise::Mapping.find_scope!(resource) resource.remember_me!(resource.extend_remember_period) - cookies.signed["remember_#{scope}_token"] = remember_cookie_values(resource) + cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource) end # Forgets the given resource by deleting a cookie def forget_me(resource) scope = Devise::Mapping.find_scope!(resource) resource.forget_me! - cookies.delete("remember_#{scope}_token", forget_cookie_values(resource)) + cookies.delete(remember_key(resource, scope), forget_cookie_values(resource)) end protected @@ -47,6 +47,10 @@ def remember_cookie_values(resource) :expires => resource.remember_expires_at ) end + + def remember_key(resource, scope) + resource.rememberable_options.fetch(:key, "remember_#{scope}_token") + end end end -end \ No newline at end of file +end diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index 68b91b1c48..1aadde2c8d 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -41,7 +41,7 @@ def remember_me? end def remember_key - "remember_#{scope}_token" + mapping.to.rememberable_options.fetch(:key, "remember_#{scope}_token") end def remember_cookie @@ -52,4 +52,4 @@ def remember_cookie end end -Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable) \ No newline at end of file +Warden::Strategies.add(:rememberable, Devise::Strategies::Rememberable) diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 7c50bc11f5..8b0acd5d2e 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -57,6 +57,13 @@ def cookie_expires(key) end end + test 'generate remember token with a custom key' do + swap Devise, :rememberable_options => { :key => "v1lat_token" } do + user = sign_in_as_user :remember_me => true + assert request.cookies["v1lat_token"] + end + end + test 'generate remember token after sign in setting session options' do begin Rails.configuration.session_options[:domain] = "omg.somewhere.com" From 0061f113dbff3350b55e2e22530e8d644a4037cf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 20 Jan 2013 21:49:45 -0200 Subject: [PATCH 0081/1473] Fix indent [ci skip] --- test/integration/rememberable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 8b0acd5d2e..ea98cab7a8 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -58,7 +58,7 @@ def cookie_expires(key) end test 'generate remember token with a custom key' do - swap Devise, :rememberable_options => { :key => "v1lat_token" } do + swap Devise, :rememberable_options => { :key => "v1lat_token" } do user = sign_in_as_user :remember_me => true assert request.cookies["v1lat_token"] end From 01bb721c33615a41fbe3642c02ccbba3193cfa16 Mon Sep 17 00:00:00 2001 From: Alexander Zaytsev Date: Sun, 20 Jan 2013 14:44:09 +0500 Subject: [PATCH 0082/1473] Use mapping.fullpath in omniauth callbacks --- lib/devise/rails/routes.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 440a2a8d80..7853ab4b48 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -392,8 +392,14 @@ def devise_registration(mapping, controllers) #:nodoc: end def devise_omniauth_callback(mapping, controllers) #:nodoc: + if mapping.fullpath =~ /:[a-zA-Z_]/ + raise "[DEVISE] Nesting omniauth callbacks under scopes with dynamic segments " \ + "is not supported. Please, use Devise.omniauth_path_prefix instead." + end + path, @scope[:path] = @scope[:path], nil - path_prefix = Devise.omniauth_path_prefix || "/#{mapping.path}/auth".squeeze("/") + path_prefix = Devise.omniauth_path_prefix || "/#{mapping.fullpath}/auth".squeeze("/") + set_omniauth_path_prefix!(path_prefix) providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s)) From b95c321660752fb24171285bb7ece54345ef27b8 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Mon, 21 Jan 2013 20:14:59 +0300 Subject: [PATCH 0083/1473] update Gemfile.lock --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 18f154ed0a..abf1441c6a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (2.2.1) + devise (2.2.2) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) From 6fd21ae37e9def996021524952953f3356ccc0e6 Mon Sep 17 00:00:00 2001 From: camelmasa Date: Wed, 23 Jan 2013 10:39:58 +0900 Subject: [PATCH 0084/1473] sorted locale file --- config/locales/en.yml | 97 +++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 49 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 4572f2ef8e..d01f375c59 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1,60 +1,59 @@ # Additional translations at https://github.com/plataformatec/devise/wiki/I18n en: + devise: + confirmations: + confirmed: "Your account was successfully confirmed. You are now signed in." + send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." + failure: + already_authenticated: "You are already signed in." + inactive: "Your account was not activated yet." + invalid: "Invalid email or password." + invalid_token: "Invalid authentication token." + locked: "Your account is locked." + not_found_in_database: "Invalid email or password." + timeout: "Your session expired, please sign in again to continue." + unauthenticated: "You need to sign in or sign up before continuing." + unconfirmed: "You have to confirm your account before continuing." + mailer: + confirmation_instructions: + subject: "Confirmation instructions" + reset_password_instructions: + subject: "Reset password instructions" + unlock_instructions: + subject: "Unlock Instructions" + omniauth_callbacks: + failure: "Could not authenticate you from %{kind} because \"%{reason}\"." + success: "Successfully authenticated from %{kind} account." + passwords: + no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." + send_instructions: "You will receive an email with instructions about how to reset your password in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." + updated: "Your password was changed successfully. You are now signed in." + updated_not_active: "Your password was changed successfully." + registrations: + destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon." + signed_up: "Welcome! You have signed up successfully." + signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." + signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address." + updated: "You updated your account successfully." + sessions: + signed_in: "Signed in successfully." + signed_out: "Signed out successfully." + unlocks: + send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes." + unlocked: "Your account has been unlocked successfully. Please sign in to continue." errors: messages: + already_confirmed: "was already confirmed, please try signing in" + confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" expired: "has expired, please request a new one" not_found: "not found" - already_confirmed: "was already confirmed, please try signing in" not_locked: "was not locked" not_saved: one: "1 error prohibited this %{resource} from being saved:" other: "%{count} errors prohibited this %{resource} from being saved:" - confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" - - devise: - failure: - already_authenticated: 'You are already signed in.' - unauthenticated: 'You need to sign in or sign up before continuing.' - unconfirmed: 'You have to confirm your account before continuing.' - locked: 'Your account is locked.' - not_found_in_database: 'Invalid email or password.' - invalid: 'Invalid email or password.' - invalid_token: 'Invalid authentication token.' - timeout: 'Your session expired, please sign in again to continue.' - inactive: 'Your account was not activated yet.' - sessions: - signed_in: 'Signed in successfully.' - signed_out: 'Signed out successfully.' - passwords: - send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.' - updated: 'Your password was changed successfully. You are now signed in.' - updated_not_active: 'Your password was changed successfully.' - send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." - no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." - confirmations: - send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.' - send_paranoid_instructions: 'If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes.' - confirmed: 'Your account was successfully confirmed. You are now signed in.' - registrations: - signed_up: 'Welcome! You have signed up successfully.' - signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.' - signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.' - signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.' - updated: 'You updated your account successfully.' - update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address." - destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.' - unlocks: - send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.' - unlocked: 'Your account has been unlocked successfully. Please sign in to continue.' - send_paranoid_instructions: 'If your account exists, you will receive an email with instructions about how to unlock it in a few minutes.' - omniauth_callbacks: - success: 'Successfully authenticated from %{kind} account.' - failure: 'Could not authenticate you from %{kind} because "%{reason}".' - mailer: - confirmation_instructions: - subject: 'Confirmation instructions' - reset_password_instructions: - subject: 'Reset password instructions' - unlock_instructions: - subject: 'Unlock Instructions' From 5190f5285732131042c45b92431132bb9e84f989 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 26 Jan 2013 11:42:25 -0700 Subject: [PATCH 0085/1473] Require string conversion for all values --- lib/devise/models/authenticatable.rb | 13 ++++++------- lib/devise/param_filter.rb | 3 +-- test/models/authenticatable_test.rb | 8 +++++++- test/models/database_authenticatable_test.rb | 10 ++-------- 4 files changed, 16 insertions(+), 18 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index e3f9f75d9c..74737fe69b 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -214,21 +214,20 @@ def http_authenticatable?(strategy) # namedscope to filter records while authenticating. # Example: # - # def self.find_for_authentication(conditions={}) - # conditions[:active] = true - # super + # def self.find_for_authentication(tainted_conditions) + # find_first_by_auth_conditions(tainted_conditions, active: true) # end # # Finally, notice that Devise also queries for users in other scenarios # besides authentication, for example when retrieving an user to send # an e-mail for password reset. In such cases, find_for_authentication # is not called. - def find_for_authentication(conditions) - find_first_by_auth_conditions(conditions) + def find_for_authentication(tainted_conditions) + find_first_by_auth_conditions(tainted_conditions) end - def find_first_by_auth_conditions(conditions) - to_adapter.find_first devise_param_filter.filter(conditions) + def find_first_by_auth_conditions(tainted_conditions, opts={}) + to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts)) end # Find an initialize a record setting an error if it can't be found. diff --git a/lib/devise/param_filter.rb b/lib/devise/param_filter.rb index 5d0534928f..759518fab9 100644 --- a/lib/devise/param_filter.rb +++ b/lib/devise/param_filter.rb @@ -33,9 +33,8 @@ def stringify_params(conditions) private - # Determine which values should be transformed to string or passed as-is to the query builder underneath def param_requires_string_conversion?(value) - [Fixnum, TrueClass, FalseClass, Regexp].none? {|clz| value.is_a? clz } + true end end end diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 132be644f5..d651bc40f8 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -4,4 +4,10 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'required_fields should be an empty array' do assert_equal Devise::Models::Validatable.required_fields(User), [] end -end \ No newline at end of file + + test 'find_first_by_auth_conditions allows custom filtering parameters' do + user = User.create!(email: "example@example.com", password: "123456") + assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user + assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id + 1), nil + end +end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 8155b7e07d..1439a51f9c 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -47,15 +47,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase end test "param filter should not convert booleans and integer to strings" do - conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) } + conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) } conditions = Devise::ParamFilter.new([], []).filter(conditions) - assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions) - end - - test "param filter should not convert regular expressions to strings" do - conditions = { "regexp" => /expression/ } - conditions = Devise::ParamFilter.new([], []).filter(conditions) - assert_equal( { "regexp" => /expression/ }, conditions) + assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions) end test 'should respond to password and password confirmation' do From d099d8f0ac764f5758b019c7ec28a55ca6b1cc37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 26 Jan 2013 11:43:17 -0700 Subject: [PATCH 0086/1473] Release v2.2.3 --- CHANGELOG.rdoc | 5 +++++ lib/devise/version.rb | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 4828c1bb7d..2026254445 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,8 @@ +== 2.2.3 + +* bug fix + * Require string conversion for all values + == 2.2.2 * bug fix diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 052f8f86e0..107bac24b6 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "2.2.2".freeze + VERSION = "2.2.3".freeze end From bfa65dde70c33a29977f471297de71498d93f90b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 28 Jan 2013 13:21:44 -0200 Subject: [PATCH 0087/1473] Use the Ruby 1.8 hash syntax. Yes we still support Ruby 1.8 :cry: --- Gemfile.lock | 2 +- lib/devise/models/authenticatable.rb | 2 +- test/models/authenticatable_test.rb | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index abf1441c6a..4a44ca0c55 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (2.2.2) + devise (2.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 74737fe69b..e01ebb383f 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -215,7 +215,7 @@ def http_authenticatable?(strategy) # Example: # # def self.find_for_authentication(tainted_conditions) - # find_first_by_auth_conditions(tainted_conditions, active: true) + # find_first_by_auth_conditions(tainted_conditions, :active => true) # end # # Finally, notice that Devise also queries for users in other scenarios diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index d651bc40f8..6c1529be54 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -6,8 +6,8 @@ class AuthenticatableTest < ActiveSupport::TestCase end test 'find_first_by_auth_conditions allows custom filtering parameters' do - user = User.create!(email: "example@example.com", password: "123456") - assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user - assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id + 1), nil + user = User.create!(:email => "example@example.com", :password => "123456") + assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user + assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id + 1), nil end end From 349aab72f0c94f3979ccb44b68806b2364643014 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 28 Jan 2013 13:50:08 -0200 Subject: [PATCH 0088/1473] No need to test against ree since we are testing with 1.8.7 --- .travis.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6697c9ad44..d4cafbdd33 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,18 +4,11 @@ rvm: - 1.8.7 - 1.9.2 - 1.9.3 - - ree env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record matrix: exclude: - - rvm: ree - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - rvm: ree - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-3.1.x - rvm: 1.8.7 env: DEVISE_ORM=mongoid gemfile: Gemfile From 86eecc6606f8a8b2f58e25bfbc9e8732538029a1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 22 Jan 2013 23:17:17 -0200 Subject: [PATCH 0089/1473] Change "ActionController::IntegrationTest" to "ActionDispatch::IntegrationTest" --- test/helpers/devise_helper_test.rb | 2 +- test/integration/authenticatable_test.rb | 22 +++++++++---------- test/integration/confirmable_test.rb | 4 ++-- .../database_authenticatable_test.rb | 2 +- test/integration/http_authenticatable_test.rb | 2 +- test/integration/lockable_test.rb | 2 +- test/integration/omniauthable_test.rb | 2 +- test/integration/recoverable_test.rb | 2 +- test/integration/registerable_test.rb | 4 ++-- test/integration/rememberable_test.rb | 2 +- test/integration/timeoutable_test.rb | 2 +- .../integration/token_authenticatable_test.rb | 2 +- test/integration/trackable_test.rb | 2 +- 13 files changed, 25 insertions(+), 25 deletions(-) diff --git a/test/helpers/devise_helper_test.rb b/test/helpers/devise_helper_test.rb index 61ad1f7bf0..f37682e20f 100644 --- a/test/helpers/devise_helper_test.rb +++ b/test/helpers/devise_helper_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class DeviseHelperTest < ActionController::IntegrationTest +class DeviseHelperTest < ActionDispatch::IntegrationTest setup do model_labels = { :models => { :user => "utilisateur" } } diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 04c2fa0b35..93aeb5f43f 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class AuthenticationSanityTest < ActionController::IntegrationTest +class AuthenticationSanityTest < ActionDispatch::IntegrationTest test 'home should be accessible without sign in' do visit '/' assert_response :success @@ -134,7 +134,7 @@ class AuthenticationSanityTest < ActionController::IntegrationTest end end -class AuthenticationRoutesRestrictions < ActionController::IntegrationTest +class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest test 'not signed in should not be able to access private route (authenticate denied)' do get private_path assert_redirected_to new_admin_session_path @@ -254,7 +254,7 @@ class AuthenticationRoutesRestrictions < ActionController::IntegrationTest end end -class AuthenticationRedirectTest < ActionController::IntegrationTest +class AuthenticationRedirectTest < ActionDispatch::IntegrationTest test 'redirect from warden shows sign in or sign up message' do get admins_path @@ -317,7 +317,7 @@ class AuthenticationRedirectTest < ActionController::IntegrationTest end end -class AuthenticationSessionTest < ActionController::IntegrationTest +class AuthenticationSessionTest < ActionDispatch::IntegrationTest test 'destroyed account is signed out' do sign_in_as_user get '/users' @@ -364,7 +364,7 @@ class AuthenticationSessionTest < ActionController::IntegrationTest end end -class AuthenticationWithScopedViewsTest < ActionController::IntegrationTest +class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest test 'renders the scoped view if turned on and view is available' do swap Devise, :scoped_views => true do assert_raise Webrat::NotFoundError do @@ -405,7 +405,7 @@ class AuthenticationWithScopedViewsTest < ActionController::IntegrationTest end end -class AuthenticationOthersTest < ActionController::IntegrationTest +class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'handles unverified requests gets rid of caches' do swap UsersController, :allow_forgery_protection => true do post exhibit_user_url(1) @@ -519,7 +519,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest end test 'sign out with non-navigational format via XHR does not redirect' do - swap Devise, :navigational_formats => ['*/*', :html] do + swap Devise, :navigational_formats => ['*/*', :html] do sign_in_as_user xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. assert_response :no_content @@ -529,7 +529,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest # Belt and braces ... Perhaps this test is not necessary? test 'sign out with navigational format via XHR does redirect' do - swap Devise, :navigational_formats => ['*/*', :html] do + swap Devise, :navigational_formats => ['*/*', :html] do sign_in_as_user xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" } assert_response :redirect @@ -538,7 +538,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest end end -class AuthenticationKeysTest < ActionController::IntegrationTest +class AuthenticationKeysTest < ActionDispatch::IntegrationTest test 'missing authentication keys cause authentication to abort' do swap Devise, :authentication_keys => [:subdomain] do sign_in_as_user @@ -555,7 +555,7 @@ class AuthenticationKeysTest < ActionController::IntegrationTest end end -class AuthenticationRequestKeysTest < ActionController::IntegrationTest +class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest test 'request keys are used on authentication' do host! 'foo.bar.baz' @@ -596,7 +596,7 @@ class AuthenticationRequestKeysTest < ActionController::IntegrationTest end end -class AuthenticationSignOutViaTest < ActionController::IntegrationTest +class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest def sign_in!(scope) sign_in_as_admin(:visit => send("new_#{scope}_session_path")) assert warden.authenticated?(scope) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index c9858572e0..1e20ec0d21 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class ConfirmationTest < ActionController::IntegrationTest +class ConfirmationTest < ActionDispatch::IntegrationTest def visit_user_confirmation_with_token(confirmation_token) visit user_confirmation_path(:confirmation_token => confirmation_token) @@ -226,7 +226,7 @@ def resend_confirmation end end -class ConfirmationOnChangeTest < ActionController::IntegrationTest +class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest def create_second_admin(options={}) @admin = nil create_admin(options) diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 4bdf10ee1d..65b7c805ff 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class DatabaseAuthenticationTest < ActionController::IntegrationTest +class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do create_user(:email => 'Foo@Bar.com') diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 1227c19c07..de9101905b 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class HttpAuthenticationTest < ActionController::IntegrationTest +class HttpAuthenticationTest < ActionDispatch::IntegrationTest test 'handles unverified requests gets rid of caches but continues signed in' do swap UsersController, :allow_forgery_protection => true do create_user diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 50d4b51919..1a5d99974b 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class LockTest < ActionController::IntegrationTest +class LockTest < ActionDispatch::IntegrationTest def visit_user_unlock_with_token(unlock_token) visit user_unlock_path(:unlock_token => unlock_token) diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 2d55ebc6ea..6269851509 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -1,7 +1,7 @@ require 'test_helper' -class OmniauthableIntegrationTest < ActionController::IntegrationTest +class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest FACEBOOK_INFO = { "id" => '12345', "link" => 'http://facebook.com/josevalim', diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 1524497b92..28781e5e5f 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class PasswordTest < ActionController::IntegrationTest +class PasswordTest < ActionDispatch::IntegrationTest def visit_new_password_path visit new_user_session_path diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index c1a9b923e9..9583097f54 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RegistrationTest < ActionController::IntegrationTest +class RegistrationTest < ActionDispatch::IntegrationTest test 'a guest admin should be able to sign in successfully' do get new_admin_session_path @@ -292,7 +292,7 @@ def user_sign_up end end -class ReconfirmableRegistrationTest < ActionController::IntegrationTest +class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest test 'a signed in admin should see a more appropriate flash message when editing his account if reconfirmable is enabled' do sign_in_as_admin get edit_admin_registration_path diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index ea98cab7a8..69fb202cf0 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RememberMeTest < ActionController::IntegrationTest +class RememberMeTest < ActionDispatch::IntegrationTest def create_user_and_remember(add_to_token='') user = create_user user.remember_me! diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index f488d8ef85..c52835372c 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class SessionTimeoutTest < ActionController::IntegrationTest +class SessionTimeoutTest < ActionDispatch::IntegrationTest def last_request_at @controller.user_session['last_request_at'] diff --git a/test/integration/token_authenticatable_test.rb b/test/integration/token_authenticatable_test.rb index 17426dbf56..07bf05332d 100644 --- a/test/integration/token_authenticatable_test.rb +++ b/test/integration/token_authenticatable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class TokenAuthenticationTest < ActionController::IntegrationTest +class TokenAuthenticationTest < ActionDispatch::IntegrationTest test 'authenticate with valid authentication token key and value through params' do swap Devise, :token_authentication_key => :secret_token do diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index df492784fa..68cfb93c94 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class TrackableHooksTest < ActionController::IntegrationTest +class TrackableHooksTest < ActionDispatch::IntegrationTest test "current and last sign in timestamps are updated on each sign in" do user = create_user From af37800c1dc444d6c6615143fcccdc040cec224b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 22 Jan 2013 23:13:36 -0200 Subject: [PATCH 0090/1473] Change match routes to get / post match without a verb is deprecated in Rails master. --- app/controllers/devise_controller.rb | 2 +- lib/devise/rails/routes.rb | 8 +++++--- test/rails_app/config/routes.rb | 26 +++++++++++++------------- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index d2401796a4..94359769df 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -67,7 +67,7 @@ def assert_is_devise_resource! #:nodoc: 1) You forgot to wrap your route inside the scope block. For example: devise_scope :user do - match "/some/route" => "some_devise_controller" + get "/some/route" => "some_devise_controller" end 2) You are testing a Devise controller bypassing the router. diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 440a2a8d80..605e2718d6 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -329,7 +329,7 @@ def unauthenticated(scope=nil) # good and working example. # # devise_scope :user do - # match "/some/route" => "some_devise_controller" + # get "/some/route" => "some_devise_controller" # end # devise_for :users # @@ -401,12 +401,14 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: match "#{path_prefix}/:provider", :constraints => { :provider => providers }, :to => "#{controllers[:omniauth_callbacks]}#passthru", - :as => :omniauth_authorize + :as => :omniauth_authorize, + :via => [:get, :post] match "#{path_prefix}/:action/callback", :constraints => { :action => providers }, :to => controllers[:omniauth_callbacks], - :as => :omniauth_callback + :as => :omniauth_callback, + :via => [:get, :post] ensure @scope[:path] = path end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 32cad99ca5..aca429490d 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -17,39 +17,39 @@ devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } as :user do - match "/as/sign_in", :to => "devise/sessions#new" + get "/as/sign_in", :to => "devise/sessions#new" end - match "/sign_in", :to => "devise/sessions#new" + get "/sign_in", :to => "devise/sessions#new" # Admin scope devise_for :admin, :path => "admin_area", :controllers => { :sessions => :"admins/sessions" }, :skip => :passwords - match "/admin_area/home", :to => "admins#index", :as => :admin_root - match "/anywhere", :to => "foo#bar", :as => :new_admin_password + get "/admin_area/home", :to => "admins#index", :as => :admin_root + get "/anywhere", :to => "foo#bar", :as => :new_admin_password authenticate(:admin) do - match "/private", :to => "home#private", :as => :private + get "/private", :to => "home#private", :as => :private end authenticate(:admin, lambda { |admin| admin.active? }) do - match "/private/active", :to => "home#private", :as => :private_active + get "/private/active", :to => "home#private", :as => :private_active end authenticated :admin do - match "/dashboard", :to => "home#admin_dashboard" + get "/dashboard", :to => "home#admin_dashboard" end authenticated :admin, lambda { |admin| admin.active? } do - match "/dashboard/active", :to => "home#admin_dashboard" + get "/dashboard/active", :to => "home#admin_dashboard" end authenticated do - match "/dashboard", :to => "home#user_dashboard" + get "/dashboard", :to => "home#user_dashboard" end unauthenticated do - match "/join", :to => "home#join" + get "/join", :to => "home#join" end # Routes for constraints testing @@ -92,9 +92,9 @@ devise_for :delete_or_posts, :sign_out_via => [:delete, :post], :class_name => "Admin" end - match "/set", :to => "home#set" - match "/unauthenticated", :to => "home#unauthenticated" - match "/custom_strategy/new" + get "/set", :to => "home#set" + get "/unauthenticated", :to => "home#unauthenticated" + get "/custom_strategy/new" root :to => "home#index" end From acc3adb2c1579e391ea00d242a4580ab761e0d82 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 28 Jan 2013 20:46:19 -0200 Subject: [PATCH 0091/1473] Use #next instead of calculating id + 1 The id attribute is not Integer in Mongo, so it fails with something like: NoMethodError: undefined method `+' for "5106fc06ee6da1ee44000002":Moped::BSON::ObjectId'` With #next, it will work with both Integer and String ids, for both AR and Mongo, returning a different id to test for filtered conditions. --- test/models/authenticatable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 6c1529be54..61db26e896 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -8,6 +8,6 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'find_first_by_auth_conditions allows custom filtering parameters' do user = User.create!(:email => "example@example.com", :password => "123456") assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user - assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id + 1), nil + assert_nil User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id.next) end end From 02855653226c46966698b42dc483cb150787fae0 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 28 Jan 2013 21:40:10 -0200 Subject: [PATCH 0092/1473] Actually fix this test by forcing to_s on the id --- test/models/authenticatable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 61db26e896..9232f9105a 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -8,6 +8,6 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'find_first_by_auth_conditions allows custom filtering parameters' do user = User.create!(:email => "example@example.com", :password => "123456") assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user - assert_nil User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id.next) + assert_nil User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id.to_s.next) end end From 72be1f12893c5149db24ecd80326c7ff1e456a0b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 28 Jan 2013 23:59:15 -0200 Subject: [PATCH 0093/1473] Match against string value, no need to create regexps --- test/mailers/confirmation_instructions_test.rb | 2 +- test/mailers/reset_password_instructions_test.rb | 2 +- test/mailers/unlock_instructions_test.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 213923d9c6..b44352b430 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -70,7 +70,7 @@ def mail end test 'body should have user info' do - assert_match /#{user.email}/, mail.body.encoded + assert_match user.email, mail.body.encoded end test 'body should have link to confirm the account' do diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 887021b44d..96f72fa617 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -66,7 +66,7 @@ def mail end test 'body should have user info' do - assert_match(/#{user.email}/, mail.body.encoded) + assert_match user.email, mail.body.encoded end test 'body should have link to confirm the account' do diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index a0cf2abd35..4e1e532e11 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -66,7 +66,7 @@ def mail end test 'body should have user info' do - assert_match(/#{user.email}/, mail.body.encoded) + assert_match user.email, mail.body.encoded end test 'body should have link to unlock the account' do From 83ad67bd51c892600c2badcd0b31f0373c9e4e70 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 29 Jan 2013 00:08:26 -0200 Subject: [PATCH 0094/1473] Fix inheriting mailer templates from Devise::Mailer Previously inheriting from Devise::Mailer would not render default views from devise when the inheriting mailer didn't have the view. Now it'll correctly pick the default one from Devise::Mailer. --- CHANGELOG.rdoc | 5 +++++ lib/devise/mailers/helpers.rb | 2 +- test/mailers/confirmation_instructions_test.rb | 6 +++++- test/mailers/reset_password_instructions_test.rb | 6 +++++- test/mailers/unlock_instructions_test.rb | 5 +++++ 5 files changed, 21 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 2026254445..d942ed1afe 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,8 @@ +== master + +* bug fix + * Fix inheriting mailer templates from `Devise::Mailer` + == 2.2.3 * bug fix diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 7f32e5f25a..731242e8ce 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -64,7 +64,7 @@ def mailer_sender(mapping, sender = :from) end def template_paths - template_path = [self.class.mailer_name] + template_path = _prefixes.dup template_path.unshift "#{@devise_mapping.scoped_path}/mailer" if self.class.scoped_views? template_path end diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index b44352b430..ba55817b5b 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -46,6 +46,11 @@ def mail assert_equal ['custom@example.com'], mail.from end + test 'custom mailer renders parent mailer template' do + Devise.mailer = 'Users::Mailer' + assert_not_blank mail.body.encoded + end + test 'setup reply to as copy from sender' do assert_equal ['test@example.com'], mail.reply_to end @@ -56,7 +61,6 @@ def mail assert_equal ['custom_reply_to@example.com'], mail.reply_to end - test 'setup subject from I18n' do store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :subject => 'Account Confirmation' } } } do assert_equal 'Account Confirmation', mail.subject diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 96f72fa617..6aed7b1c67 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -1,7 +1,6 @@ require 'test_helper' class ResetPasswordInstructionsTest < ActionMailer::TestCase - def setup setup_mailer Devise.mailer = 'Devise::Mailer' @@ -49,6 +48,11 @@ def mail assert_equal ['custom@example.com'], mail.from end + test 'custom mailer renders parent mailer template' do + Devise.mailer = 'Users::Mailer' + assert_not_blank mail.body.encoded + end + test 'setup reply to as copy from sender' do assert_equal ['test@example.com'], mail.reply_to end diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 4e1e532e11..fb7324a696 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -49,6 +49,11 @@ def mail assert_equal ['custom@example.com'], mail.from end + test 'custom mailer renders parent mailer template' do + Devise.mailer = 'Users::Mailer' + assert_not_blank mail.body.encoded + end + test 'setup reply to as copy from sender' do assert_equal ['test@example.com'], mail.reply_to end From 5ee07390b7d8975779ea8e920b9c7ea803133437 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Waldyr=20Guimar=C3=A3es=20Ara=C3=BAjo=20de=20Souza?= Date: Tue, 29 Jan 2013 22:45:23 -0200 Subject: [PATCH 0095/1473] correcting tiny typo --- lib/generators/devise/views_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index cf52b14aa0..92cbfae38a 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -18,7 +18,7 @@ module ViewPathTemplates #:nodoc: public_task :copy_views end - # TODO: Add this to Rails itslef + # TODO: Add this to Rails itself module ClassMethods def hide! Rails::Generators.hide_namespace self.namespace From f7a658e13d9ff38097521ff9fa1ec8ee9424b355 Mon Sep 17 00:00:00 2001 From: B V Satyaram Date: Wed, 30 Jan 2013 15:17:36 +0530 Subject: [PATCH 0096/1473] Update README.md Devise is composed of 11 modules instead of 12. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d4347ed0e0..2fc5874f6e 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It: * Allows you to have multiple roles (or models/scopes) signed in at the same time; * Is based on a modularity concept: use just what you really need. -It's composed of 12 modules: +It's composed of 11 modules: * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. * [Token Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable): signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication. From 25296d8c6f1afbedfcdc4024ae4b1b380baf19e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 30 Jan 2013 08:28:51 -0700 Subject: [PATCH 0097/1473] Add tests for sign out with redirect, related to #2249 --- test/integration/authenticatable_test.rb | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 93aeb5f43f..d5c56d5f65 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -504,14 +504,26 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest assert response.body.include? %(\n) end - test 'sign out with xml format returns ok response' do + test 'sign out with html redirects' do + sign_in_as_user + get destroy_user_session_path + assert_response :redirect + assert_current_url '/' + + sign_in_as_user + get destroy_user_session_path(:format => 'html') + assert_response :redirect + assert_current_url '/' + end + + test 'sign out with xml format returns no content' do sign_in_as_user get destroy_user_session_path(:format => 'xml') assert_response :no_content assert_not warden.authenticated?(:user) end - test 'sign out with json format returns empty json response' do + test 'sign out with json format returns no content' do sign_in_as_user get destroy_user_session_path(:format => 'json') assert_response :no_content From c9c1e137431096b8c3d493c6d201073b80c0d038 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Thu, 31 Jan 2013 10:05:53 -0600 Subject: [PATCH 0098/1473] Add test for Issue #2190 Seems to be passing for me. --- test/integration/authenticatable_test.rb | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index d5c56d5f65..faf8b5c327 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -662,3 +662,26 @@ def sign_in!(scope) assert warden.authenticated?(:sign_out_via_delete_or_post) end end + +class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest + test 'signed in as user redirects when visiting user sign in page' do + sign_in_as_user + get new_user_session_path(:format => :html) + assert_redirected_to '/' + end + + test 'signed in as admin redirects when visiting admin sign in page' do + sign_in_as_admin + get new_admin_session_path(:format => :html) + assert_redirected_to '/admin_area/home' + end + + test 'signed in as both user and admin redirects when visiting admin sign in page' do + sign_in_as_user + sign_in_as_admin + get new_user_session_path(:format => :html) + assert_redirected_to '/' + get new_admin_session_path(:format => :html) + assert_redirected_to '/admin_area/home' + end +end From d9364f7a4a5513758aadad0b5e8f8a8a3e0416e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 1 Feb 2013 09:30:43 -0700 Subject: [PATCH 0099/1473] Update CHANGELOG.rdoc Close #2254 --- CHANGELOG.rdoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index d942ed1afe..127a3fda19 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -5,6 +5,8 @@ == 2.2.3 +Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/ + * bug fix * Require string conversion for all values From 3458e12274fbabb23364a9b8e1824226a8c65aab Mon Sep 17 00:00:00 2001 From: Stefan Boesen Date: Wed, 6 Feb 2013 16:30:00 -0800 Subject: [PATCH 0100/1473] Update lib/generators/templates/devise.rb Typo in template comment. --- lib/generators/templates/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 3836a61c66..8df195819e 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -125,7 +125,7 @@ config.password_length = 8..128 # Email regex used to validate email formats. It simply asserts that - # an one (and only one) @ exists in the given string. This is mainly + # one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. # config.email_regexp = /\A[^@]+@[^@]+\z/ From f822f92321d80d5a891841940bee96d00f46e556 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Wed, 6 Feb 2013 21:37:12 +0300 Subject: [PATCH 0101/1473] use scoped path to shared views if scope is present closes #2253 --- CHANGELOG.rdoc | 1 + lib/generators/devise/views_generator.rb | 8 +++++++- test/generators/views_generator_test.rb | 17 ++++++++++++++++- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 127a3fda19..3193998aff 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,6 +1,7 @@ == master * bug fix + * Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by @nashby) * Fix inheriting mailer templates from `Devise::Mailer` == 2.2.3 diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 92cbfae38a..6df981c74e 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -36,7 +36,13 @@ def copy_views protected def view_directory(name, _target_path = nil) - directory name.to_s, _target_path || "#{target_path}/#{name}" + directory name.to_s, _target_path || "#{target_path}/#{name}" do |content| + if scope + content.gsub "devise/shared/links", "#{scope}/shared/links" + else + content + end + end end def target_path diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index 958bae6224..f4044514bb 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -8,14 +8,17 @@ class ViewsGeneratorTest < Rails::Generators::TestCase test "Assert all views are properly created with no params" do run_generator assert_files + assert_shared_links end - test "Assert all views are properly created with scope param param" do + test "Assert all views are properly created with scope param" do run_generator %w(users) assert_files "users" + assert_shared_links "users" run_generator %w(admins) assert_files "admins" + assert_shared_links "admins" end test "Assert views with simple form" do @@ -49,4 +52,16 @@ def assert_files(scope = nil, options={}) assert_file "app/views/#{scope}/shared/_links.erb" assert_file "app/views/#{scope}/unlocks/new.html.erb" end + + def assert_shared_links(scope = nil) + scope = "devise" if scope.nil? + link = /<%= render \"#{scope}\/shared\/links\" %>/ + + assert_file "app/views/#{scope}/passwords/edit.html.erb", link + assert_file "app/views/#{scope}/passwords/new.html.erb", link + assert_file "app/views/#{scope}/confirmations/new.html.erb", link + assert_file "app/views/#{scope}/registrations/new.html.erb", link + assert_file "app/views/#{scope}/sessions/new.html.erb", link + assert_file "app/views/#{scope}/unlocks/new.html.erb", link + end end From 3025b7e2f75165bb7f34b953527c3bc160ba1aa2 Mon Sep 17 00:00:00 2001 From: Rob Date: Sat, 9 Feb 2013 15:12:36 -0500 Subject: [PATCH 0102/1473] Allow http token authorization to set token_authentication_key in place of passing it in via params It will not override existing token_authentication_key params if they are present. --- lib/devise.rb | 4 +++ lib/devise/models/token_authenticatable.rb | 2 +- .../strategies/token_authenticatable.rb | 22 +++++++++++--- .../integration/token_authenticatable_test.rb | 29 +++++++++++++++++++ 4 files changed, 52 insertions(+), 5 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index a6ed19a592..ebf4a681f0 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -177,6 +177,10 @@ module Strategies mattr_accessor :token_authentication_key @@token_authentication_key = :auth_token + # Allow HTTP token authorization to set token_authentication_key + mattr_accessor :allow_authorization_to_set_auth_token + @@allow_authorization_to_set_auth_token = true + # Skip session storage for the following strategies mattr_accessor :skip_session_storage @@skip_session_storage = [] diff --git a/lib/devise/models/token_authenticatable.rb b/lib/devise/models/token_authenticatable.rb index ffe4d30141..5d4a9bbb02 100644 --- a/lib/devise/models/token_authenticatable.rb +++ b/lib/devise/models/token_authenticatable.rb @@ -82,7 +82,7 @@ def authentication_token generate_token(:authentication_token) end - Devise::Models.config(self, :token_authentication_key, :expire_auth_token_on_timeout) + Devise::Models.config(self, :token_authentication_key, :allow_authorization_to_set_auth_token, :expire_auth_token_on_timeout) end end end diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb index 6a9df2232c..cdd8dcd6b3 100644 --- a/lib/devise/strategies/token_authenticatable.rb +++ b/lib/devise/strategies/token_authenticatable.rb @@ -38,11 +38,25 @@ def remember_me? # Try both scoped and non scoped keys. def params_auth_hash - if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first) - params[scope] - else - params + auth_key = authentication_keys.first + + return_params = \ + if params[scope].kind_of?(Hash) && params[scope].has_key?(auth_key) + params[scope] + else + params + end + + if mapping.to.allow_authorization_to_set_auth_token + token = ActionController::HttpAuthentication::Token + .token_and_options(request) + + if token + return_params.merge! auth_key => token.first + end end + + return_params end # Overwrite authentication keys to use token_authentication_key. diff --git a/test/integration/token_authenticatable_test.rb b/test/integration/token_authenticatable_test.rb index 07bf05332d..b1f58af6da 100644 --- a/test/integration/token_authenticatable_test.rb +++ b/test/integration/token_authenticatable_test.rb @@ -129,6 +129,32 @@ class TokenAuthenticationTest < ActionDispatch::IntegrationTest end end + test 'authenticate with valid authentication token key and value through http header' do + swap Devise, :token_authentication_key => :secret_token do + sign_in_as_new_user_with_token(:token_auth => true) + + assert_response :success + assert_match 'user@test.com', response.body + assert warden.authenticated?(:user) + end + end + + test 'authenticate with valid authentication token key and value through http header without allowing token authorization setting is denied' do + swap Devise, :token_authentication_key => :secret_token, :allow_authorization_to_set_auth_token => false do + sign_in_as_new_user_with_token(:token_auth => true) + + assert_response :unauthorized + assert_nil warden.user(:user) + end + end + + test 'does not authenticate with improper authentication token value in header' do + sign_in_as_new_user_with_token(:token_auth => true, :auth_token => '*** INVALID TOKEN ***') + + assert_response :unauthorized + assert_nil warden.user(:user) + end + private def sign_in_as_new_user_with_token(options = {}) @@ -140,6 +166,9 @@ def sign_in_as_new_user_with_token(options = {}) if options[:http_auth] header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}" get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header + elsif options[:token_auth] + header = %{Token token="#{options[:auth_token]}"} + get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header else visit users_path(options[:auth_token_key].to_sym => options[:auth_token]) end From 22a8cfe6d38005f56c3aada1ef3b115d7f901171 Mon Sep 17 00:00:00 2001 From: Rob Date: Sat, 9 Feb 2013 15:19:42 -0500 Subject: [PATCH 0103/1473] fix hanging line on method call --- lib/devise/strategies/token_authenticatable.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb index cdd8dcd6b3..c2681003bd 100644 --- a/lib/devise/strategies/token_authenticatable.rb +++ b/lib/devise/strategies/token_authenticatable.rb @@ -48,8 +48,7 @@ def params_auth_hash end if mapping.to.allow_authorization_to_set_auth_token - token = ActionController::HttpAuthentication::Token - .token_and_options(request) + token = ActionController::HttpAuthentication::Token.token_and_options(request) if token return_params.merge! auth_key => token.first From 84f743c4effe86f765097e5527d9b9f882f8e909 Mon Sep 17 00:00:00 2001 From: Rob Date: Sun, 10 Feb 2013 12:48:02 -0500 Subject: [PATCH 0104/1473] adding http token auth options to env[devise.token_options] --- lib/devise/strategies/token_authenticatable.rb | 1 + test/integration/token_authenticatable_test.rb | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb index c2681003bd..1e28518da2 100644 --- a/lib/devise/strategies/token_authenticatable.rb +++ b/lib/devise/strategies/token_authenticatable.rb @@ -52,6 +52,7 @@ def params_auth_hash if token return_params.merge! auth_key => token.first + request.env['devise.token_options'] = token.last end end diff --git a/test/integration/token_authenticatable_test.rb b/test/integration/token_authenticatable_test.rb index b1f58af6da..2d77aadfd3 100644 --- a/test/integration/token_authenticatable_test.rb +++ b/test/integration/token_authenticatable_test.rb @@ -135,6 +135,20 @@ class TokenAuthenticationTest < ActionDispatch::IntegrationTest assert_response :success assert_match 'user@test.com', response.body + assert_equal request.env['devise.token_options'], {} + assert warden.authenticated?(:user) + end + end + + test 'authenticate with valid authentication token key and value through http header, with options' do + swap Devise, :token_authentication_key => :secret_token do + signature = "**TESTSIGNATURE**" + sign_in_as_new_user_with_token(:token_auth => true, :token_options => {:signature => signature, :nonce => 'def'}) + + assert_response :success + assert_match 'user@test.com', response.body + assert_equal request.env['devise.token_options'][:signature], signature + assert_equal request.env['devise.token_options'][:nonce], 'def' assert warden.authenticated?(:user) end end @@ -167,7 +181,8 @@ def sign_in_as_new_user_with_token(options = {}) header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}" get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header elsif options[:token_auth] - header = %{Token token="#{options[:auth_token]}"} + token_options = options[:token_options] || {} + header = ActionController::HttpAuthentication::Token.encode_credentials(options[:auth_token], token_options) get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header else visit users_path(options[:auth_token_key].to_sym => options[:auth_token]) From 547439d94c32a63a11260f96e3713b88c6b6ac68 Mon Sep 17 00:00:00 2001 From: Rob Date: Sun, 10 Feb 2013 12:50:52 -0500 Subject: [PATCH 0105/1473] renaming devise option "allow_authorization_to_set_auth_token" to "allow_token_authenticatable_via_headers" --- lib/devise.rb | 4 ++-- lib/devise/models/token_authenticatable.rb | 2 +- lib/devise/strategies/token_authenticatable.rb | 4 ++-- test/integration/token_authenticatable_test.rb | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index ebf4a681f0..9f9d0f8b9b 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -178,8 +178,8 @@ module Strategies @@token_authentication_key = :auth_token # Allow HTTP token authorization to set token_authentication_key - mattr_accessor :allow_authorization_to_set_auth_token - @@allow_authorization_to_set_auth_token = true + mattr_accessor :allow_token_authenticatable_via_headers + @@allow_token_authenticatable_via_headers = true # Skip session storage for the following strategies mattr_accessor :skip_session_storage diff --git a/lib/devise/models/token_authenticatable.rb b/lib/devise/models/token_authenticatable.rb index 5d4a9bbb02..11d962328d 100644 --- a/lib/devise/models/token_authenticatable.rb +++ b/lib/devise/models/token_authenticatable.rb @@ -82,7 +82,7 @@ def authentication_token generate_token(:authentication_token) end - Devise::Models.config(self, :token_authentication_key, :allow_authorization_to_set_auth_token, :expire_auth_token_on_timeout) + Devise::Models.config(self, :token_authentication_key, :allow_token_authenticatable_via_headers, :expire_auth_token_on_timeout) end end end diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb index 1e28518da2..5d98dbfba1 100644 --- a/lib/devise/strategies/token_authenticatable.rb +++ b/lib/devise/strategies/token_authenticatable.rb @@ -40,14 +40,14 @@ def remember_me? def params_auth_hash auth_key = authentication_keys.first - return_params = \ + return_params = if params[scope].kind_of?(Hash) && params[scope].has_key?(auth_key) params[scope] else params end - if mapping.to.allow_authorization_to_set_auth_token + if mapping.to.allow_token_authenticatable_via_headers token = ActionController::HttpAuthentication::Token.token_and_options(request) if token diff --git a/test/integration/token_authenticatable_test.rb b/test/integration/token_authenticatable_test.rb index 2d77aadfd3..d744ff6508 100644 --- a/test/integration/token_authenticatable_test.rb +++ b/test/integration/token_authenticatable_test.rb @@ -154,7 +154,7 @@ class TokenAuthenticationTest < ActionDispatch::IntegrationTest end test 'authenticate with valid authentication token key and value through http header without allowing token authorization setting is denied' do - swap Devise, :token_authentication_key => :secret_token, :allow_authorization_to_set_auth_token => false do + swap Devise, :token_authentication_key => :secret_token, :allow_token_authenticatable_via_headers => false do sign_in_as_new_user_with_token(:token_auth => true) assert_response :unauthorized From 395a69b4efd1fb57e94fea16bd3cb77180d3ae57 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Wed, 13 Feb 2013 21:12:47 +0300 Subject: [PATCH 0106/1473] allow_unconfirmed_access_for set to nil means unconfirmed access for unlimited time closes #2275 --- CHANGELOG.rdoc | 3 +++ lib/devise.rb | 1 + lib/devise/models/confirmable.rb | 5 ++++- test/models/confirmable_test.rb | 7 +++++++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 3193998aff..10048dfef0 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,5 +1,8 @@ == master +* enhancements + * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby) + * bug fix * Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by @nashby) * Fix inheriting mailer templates from `Devise::Mailer` diff --git a/lib/devise.rb b/lib/devise.rb index a6ed19a592..0d5ad7be71 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -102,6 +102,7 @@ module Strategies @@extend_remember_period = false # Time interval you can access your account before confirming your account. + # nil - allows unconfirmed access for unlimited time mattr_accessor :allow_unconfirmed_access_for @@allow_unconfirmed_access_for = 0.days diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index b3b4188db7..18146fd72c 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -158,8 +158,11 @@ def confirmation_required? # # allow_unconfirmed_access_for = 0.days # confirmation_period_valid? # will always return false # + # # allow_unconfirmed_access_for = nil + # confirmation_period_valid? # will always return true + # def confirmation_period_valid? - confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago + self.class.allow_unconfirmed_access_for.nil? || (confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago) end # Checks if the user confirmation happens before the token becomes invalid diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 74df0b3769..d262b870af 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -204,6 +204,13 @@ def setup assert_not user.active_for_authentication? end + test 'should be active when we set allow_unconfirmed_access_for to nil' do + Devise.allow_unconfirmed_access_for = nil + user = create_user + user.confirmation_sent_at = Date.today + assert user.active_for_authentication? + end + test 'should not be active without confirmation' do user = create_user user.confirmation_sent_at = nil From 72cfaad6185332857cb5860a1d812f573efadaf7 Mon Sep 17 00:00:00 2001 From: Greg Gates Date: Fri, 22 Feb 2013 12:43:01 -0500 Subject: [PATCH 0107/1473] Add #skip_confirmation_notification to Confirmable --- lib/devise/models/confirmable.rb | 12 +++++++++++- test/models/confirmable_test.rb | 10 ++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 18146fd72c..51ca45d4f1 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -34,7 +34,7 @@ module Confirmable included do before_create :generate_confirmation_token, :if => :confirmation_required? - after_create :send_on_create_confirmation_instructions, :if => :confirmation_required? + after_create :send_on_create_confirmation_instructions, :if => :send_confirmation_notification? before_update :postpone_email_change_until_confirmation, :if => :postpone_email_change? after_update :send_confirmation_instructions, :if => :reconfirmation_required? end @@ -119,6 +119,12 @@ def skip_confirmation! self.confirmed_at = Time.now.utc end + # Skips sending the confirmation notification email after_create. Unlike + # #skip_confirmation!, record still requires confirmation. + def skip_confirmation_notification! + @skip_confirmation_notification = true + end + # If you don't want reconfirmation to be sent, neither a code # to be generated, call skip_reconfirmation! def skip_reconfirmation! @@ -223,6 +229,10 @@ def reconfirmation_required? self.class.reconfirmable && @reconfirmation_required end + def send_confirmation_notification? + confirmation_required? && !@skip_confirmation_notification + end + module ClassMethods # Attempt to find a user by its email. If a record is found, send new # confirmation instructions to it. If not, try searching for a user by unconfirmed_email diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index d262b870af..51e8fee2fa 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -104,6 +104,16 @@ def setup end end + test 'should skip confirmation e-mail without confirming if skip_confirmation_notification! is invoked' do + user = new_user + user.skip_confirmation_notification! + + assert_email_not_sent do + user.save! + assert !user.confirmed? + end + end + test 'should find a user to send confirmation instructions' do user = create_user confirmation_user = User.send_confirmation_instructions(:email => user.email) From c22d755cf420aa002bafff13af5b820ff0c5c28e Mon Sep 17 00:00:00 2001 From: Philipe Fatio Date: Sat, 23 Feb 2013 19:56:41 +0100 Subject: [PATCH 0108/1473] Make use of warden's scoped serialization --- lib/devise.rb | 11 ++++++++ lib/devise/rails/warden_compat.rb | 29 ------------------- test/integration/authenticatable_test.rb | 36 ++++++++++++++++-------- 3 files changed, 35 insertions(+), 41 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 0d5ad7be71..094467c59b 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -421,6 +421,17 @@ def self.configure_warden! #:nodoc: Devise.mappings.each_value do |mapping| warden_config.scope_defaults mapping.name, :strategies => mapping.strategies + + warden_config.serialize_into_session(mapping.name) do |record| + mapping.to.serialize_into_session(record) + end + + warden_config.serialize_from_session(mapping.name) do |key| + # Previous versions contained an additional entry at the beginning of + # key with the record's class name. + args = key[-2, 2] + mapping.to.serialize_from_session(*args) + end end @@warden_config_block.try :call, Devise.warden_config diff --git a/lib/devise/rails/warden_compat.rb b/lib/devise/rails/warden_compat.rb index d1861b3d58..5496d774fa 100644 --- a/lib/devise/rails/warden_compat.rb +++ b/lib/devise/rails/warden_compat.rb @@ -12,32 +12,3 @@ def cookies request.cookie_jar end end - -class Warden::SessionSerializer - def serialize(record) - klass = record.class - array = klass.serialize_into_session(record) - array.unshift(klass.name) - end - - def deserialize(keys) - klass_name, *args = keys - - begin - klass = ActiveSupport::Inflector.constantize(klass_name) - if klass.respond_to? :serialize_from_session - klass.serialize_from_session(*args) - else - Rails.logger.warn "[Devise] Stored serialized class #{klass_name} seems not to be Devise enabled anymore. Did you do that on purpose?" - nil - end - rescue NameError => e - if e.message =~ /uninitialized constant/ - Rails.logger.debug "[Devise] Trying to deserialize invalid class #{klass_name}" - nil - else - raise - end - end - end -end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index faf8b5c327..ea26d74b5f 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -333,22 +333,34 @@ class AuthenticationSessionTest < ActionDispatch::IntegrationTest assert_equal "Cart", @controller.user_session[:cart] end - test 'does not explode when invalid user class is stored in session' do - klass = User - paths = ActiveSupport::Dependencies.autoload_paths.dup - + test 'does not explode when class name is still stored in session' do + # In order to test that old sessions do not break with the new scoped + # deserialization, we need to serialize the session the old way. This is + # done by removing the newly used scoped serialization method + # (#user_serialize) and bringing back the old uncsoped #serialize method + # that includes the record's class name in the serialization. begin + Warden::SessionSerializer.class_eval do + alias_method :original_serialize, :serialize + alias_method :original_user_serialize, :user_serialize + remove_method :user_serialize + + def serialize(record) + klass = record.class + array = klass.serialize_into_session(record) + array.unshift(klass.name) + end + end + sign_in_as_user assert warden.authenticated?(:user) - - Object.send :remove_const, :User - ActiveSupport::Dependencies.autoload_paths.clear - - visit "/users" - assert_not warden.authenticated?(:user) ensure - Object.const_set(:User, klass) - ActiveSupport::Dependencies.autoload_paths.replace(paths) + Warden::SessionSerializer.class_eval do + alias_method :serialize, :original_serialize + remove_method :original_serialize + alias_method :user_serialize, :original_user_serialize + remove_method :original_user_serialize + end end end From f3928d8462ea4ebf68fa1e3903fe83d95b7ef35b Mon Sep 17 00:00:00 2001 From: Ryan Mohr Date: Mon, 25 Feb 2013 10:42:06 -1000 Subject: [PATCH 0109/1473] Mention devise-encryptable requirement for anything but bcrypt. --- lib/generators/templates/devise.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 8df195819e..2793b4f1a5 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -175,7 +175,9 @@ # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, # :authlogic_sha512 (then you should set stretches above to 20 for default behavior) # and :restful_authentication_sha1 (then you should set stretches to 10, and copy - # REST_AUTH_SITE_KEY to pepper) + # REST_AUTH_SITE_KEY to pepper). + # + # Require the `devise-encryptable` gem when using anything other than bcrypt # config.encryptor = :sha512 # ==> Configuration for :token_authenticatable From 77b960f14a1850b4485f732245d3fa6e7e750296 Mon Sep 17 00:00:00 2001 From: Greg Gates Date: Mon, 25 Feb 2013 18:23:43 -0500 Subject: [PATCH 0110/1473] Changelog for #2296 --- CHANGELOG.rdoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 10048dfef0..5d4873e974 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,6 +1,7 @@ == master * enhancements + * Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by @gregates) * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby) * bug fix From f8792c8cf09ad1576538b20599a1a59c7706a6e4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 25 Jan 2013 17:16:40 -0200 Subject: [PATCH 0111/1473] Update to Rails 3-2-stable and fix failing tests --- Gemfile | 6 +- Gemfile.lock | 132 ++++++++++++++++--------------- gemfiles/Gemfile.rails-3.1.x | 4 +- test/models/rememberable_test.rb | 3 +- test/models_test.rb | 7 +- test/test_helper.rb | 2 +- 6 files changed, 83 insertions(+), 71 deletions(-) diff --git a/Gemfile b/Gemfile index 14ca2a0b38..42404a1607 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "http://rubygems.org" gemspec -gem "rails", "~> 3.2.6" +gem "rails", :github => "rails/rails", :branch => "3-2-stable" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.2", :require => false - gem "mocha", "0.10.0", :require => false + gem "mocha", "~> 0.13.1", :require => false end platforms :jruby do @@ -29,4 +29,4 @@ platforms :mri_19 do group :mongoid do gem "mongoid", "~> 3.0" end -end \ No newline at end of file +end diff --git a/Gemfile.lock b/Gemfile.lock index 4a44ca0c55..aa52a17d01 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,74 +1,95 @@ -PATH - remote: . +GIT + remote: git://github.com/rails/rails.git + revision: 0761bb029886bb6920a404ecf409013f83a44f58 + branch: 3-2-stable specs: - devise (2.2.3) - bcrypt-ruby (~> 3.0) - orm_adapter (~> 0.1) - railties (~> 3.1) - warden (~> 1.2.1) - -GEM - remote: http://rubygems.org/ - specs: - actionmailer (3.2.11) - actionpack (= 3.2.11) - mail (~> 2.4.4) - actionpack (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) + actionmailer (3.2.12) + actionpack (= 3.2.12) + mail (~> 2.5.3) + actionpack (3.2.12) + activemodel (= 3.2.12) + activesupport (= 3.2.12) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) - rack (~> 1.4.0) + rack (~> 1.4.5) rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) - activemodel (3.2.11) - activesupport (= 3.2.11) + activemodel (3.2.12) + activesupport (= 3.2.12) builder (~> 3.0.0) - activerecord (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) + activerecord (3.2.12) + activemodel (= 3.2.12) + activesupport (= 3.2.12) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) - activesupport (3.2.11) + activeresource (3.2.12) + activemodel (= 3.2.12) + activesupport (= 3.2.12) + activesupport (3.2.12) i18n (~> 0.6) multi_json (~> 1.0) + rails (3.2.12) + actionmailer (= 3.2.12) + actionpack (= 3.2.12) + activerecord (= 3.2.12) + activeresource (= 3.2.12) + activesupport (= 3.2.12) + bundler (~> 1.0) + railties (= 3.2.12) + railties (3.2.12) + actionpack (= 3.2.12) + activesupport (= 3.2.12) + rack-ssl (~> 1.3.2) + rake (>= 0.8.7) + rdoc (~> 3.4) + thor (>= 0.14.6, < 2.0) + +PATH + remote: . + specs: + devise (2.2.3) + bcrypt-ruby (~> 3.0) + orm_adapter (~> 0.1) + railties (~> 3.1) + warden (~> 1.2.1) + +GEM + remote: http://rubygems.org/ + specs: arel (3.0.2) bcrypt-ruby (3.0.1) builder (3.0.4) erubis (2.7.0) - faraday (0.8.4) + faraday (0.8.6) multipart-post (~> 1.1) hashie (1.2.0) hike (1.2.1) httpauth (0.2.0) - i18n (0.6.1) + i18n (0.6.2) journey (1.0.4) - json (1.7.6) + json (1.7.7) jwt (0.1.5) multi_json (>= 1.0) - mail (2.4.4) + mail (2.5.3) i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.19) - mocha (0.10.0) + mime-types (1.21) + mocha (0.13.2) metaclass (~> 0.0.1) - mongoid (3.0.16) - activemodel (~> 3.1) - moped (~> 1.1) + mongoid (3.1.2) + activemodel (~> 3.2) + moped (~> 1.4.2) origin (~> 1.0) tzinfo (~> 0.3.22) - moped (1.3.2) - multi_json (1.5.0) + moped (1.4.2) + multi_json (1.6.1) multipart-post (1.1.5) - nokogiri (1.5.5) - oauth2 (0.8.0) + nokogiri (1.5.6) + oauth2 (0.8.1) faraday (~> 0.8) httpauth (~> 0.1) jwt (~> 0.1.4) @@ -88,42 +109,27 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - rack (1.4.3) + rack (1.4.5) rack-cache (1.2) rack (>= 0.4) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-ssl (1.3.2) + rack-ssl (1.3.3) rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.11) - actionmailer (= 3.2.11) - actionpack (= 3.2.11) - activerecord (= 3.2.11) - activeresource (= 3.2.11) - activesupport (= 3.2.11) - bundler (~> 1.0) - railties (= 3.2.11) - railties (3.2.11) - actionpack (= 3.2.11) - activesupport (= 3.2.11) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) rake (10.0.3) - rdoc (3.12) + rdoc (3.12.2) json (~> 1.4) - ruby-openid (2.2.2) + ruby-openid (2.2.3) sprockets (2.2.2) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.6) - thor (0.16.0) + sqlite3 (1.3.7) + thor (0.17.0) tilt (1.3.3) treetop (1.4.12) polyglot @@ -144,13 +150,13 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha (= 0.10.0) + mocha (~> 0.13.1) mongoid (~> 3.0) omniauth (~> 1.0.0) omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - rails (~> 3.2.6) + rails! rdoc sqlite3 webrat (= 0.7.2) diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x index 7e6b1db673..c78e8970e1 100644 --- a/gemfiles/Gemfile.rails-3.1.x +++ b/gemfiles/Gemfile.rails-3.1.x @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.2", :require => false - gem "mocha", "0.10.0", :require => false + gem "mocha", "~> 0.13.1", :require => false platforms :mri_18 do gem "ruby-debug", ">= 0.10.3" @@ -32,4 +32,4 @@ platforms :mri_19 do group :mongoid do gem "mongoid", "~> 3.0" end -end \ No newline at end of file +end diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 1a185f6f1f..645f503e91 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -57,9 +57,10 @@ def create_resource test 'forget_me should not try to update resource if it has been destroyed' do resource = create_resource - resource.destroy resource.expects(:remember_created_at).never resource.expects(:save).never + + resource.destroy resource.forget_me! end diff --git a/test/models_test.rb b/test/models_test.rb index 705ad76882..6a00259889 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -83,7 +83,12 @@ def assert_include_modules(klass, *modules) end test 'set null fields on migrations' do - Admin.create! + # Ignore email sending since no email exists. + klass = Class.new(Admin) do + def send_devise_notification(*); end + end + + klass.create! end end diff --git a/test/test_helper.rb b/test/test_helper.rb index f3659efadb..6042044661 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -10,7 +10,7 @@ I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) -require 'mocha' +require 'mocha/setup' require 'webrat' Webrat.configure do |config| config.mode = :rails From 1bae64d8c484c9ee59e97433a418133dc13df506 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 22 Jan 2013 22:46:45 -0200 Subject: [PATCH 0112/1473] Update dependencies for Rails 4 --- .travis.yml | 19 ---- Gemfile | 4 +- Gemfile.lock | 119 +++++++++++---------- devise.gemspec | 2 +- gemfiles/Gemfile.rails-3.1.x | 35 ------- gemfiles/Gemfile.rails-3.1.x.lock | 167 ------------------------------ 6 files changed, 65 insertions(+), 281 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-3.1.x delete mode 100644 gemfiles/Gemfile.rails-3.1.x.lock diff --git a/.travis.yml b/.travis.yml index d4cafbdd33..c8fb10a679 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,29 +1,10 @@ language: ruby script: "bundle exec rake test" rvm: - - 1.8.7 - - 1.9.2 - 1.9.3 env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record -matrix: - exclude: - - rvm: 1.8.7 - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - rvm: 1.8.7 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-3.1.x - - rvm: 1.9.2 - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - rvm: 1.9.2 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-3.1.x -gemfile: - - gemfiles/Gemfile.rails-3.1.x - - Gemfile services: - mongodb notifications: diff --git a/Gemfile b/Gemfile index 42404a1607..542d04841f 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "http://rubygems.org" gemspec -gem "rails", :github => "rails/rails", :branch => "3-2-stable" +gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" @@ -27,6 +27,6 @@ end platforms :mri_19 do group :mongoid do - gem "mongoid", "~> 3.0" + gem "mongoid", github: "mongoid/mongoid", branch: "master" end end diff --git a/Gemfile.lock b/Gemfile.lock index aa52a17d01..fa8bbb7451 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,50 +1,56 @@ +GIT + remote: git://github.com/mongoid/mongoid.git + revision: 124627a60020c081a50136dd49e6c6652e7226c5 + branch: master + specs: + mongoid (4.0.0) + activemodel (~> 4.0.0.beta) + moped (~> 1.4.2) + origin (~> 1.0) + tzinfo (~> 0.3.22) + GIT remote: git://github.com/rails/rails.git - revision: 0761bb029886bb6920a404ecf409013f83a44f58 - branch: 3-2-stable + revision: 202041e762a98cb433c3a24a0b03308d4e05a99d + branch: master specs: - actionmailer (3.2.12) - actionpack (= 3.2.12) + actionmailer (4.0.0.beta1) + actionpack (= 4.0.0.beta1) mail (~> 2.5.3) - actionpack (3.2.12) - activemodel (= 3.2.12) - activesupport (= 3.2.12) - builder (~> 3.0.0) + actionpack (4.0.0.beta1) + activesupport (= 4.0.0.beta1) + builder (~> 3.1.0) erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.12) - activesupport (= 3.2.12) - builder (~> 3.0.0) - activerecord (3.2.12) - activemodel (= 3.2.12) - activesupport (= 3.2.12) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.12) - activemodel (= 3.2.12) - activesupport (= 3.2.12) - activesupport (3.2.12) - i18n (~> 0.6) - multi_json (~> 1.0) - rails (3.2.12) - actionmailer (= 3.2.12) - actionpack (= 3.2.12) - activerecord (= 3.2.12) - activeresource (= 3.2.12) - activesupport (= 3.2.12) - bundler (~> 1.0) - railties (= 3.2.12) - railties (3.2.12) - actionpack (= 3.2.12) - activesupport (= 3.2.12) - rack-ssl (~> 1.3.2) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.0.beta1) + activesupport (= 4.0.0.beta1) + builder (~> 3.1.0) + activerecord (4.0.0.beta1) + activemodel (= 4.0.0.beta1) + activerecord-deprecated_finders (~> 0.0.3) + activesupport (= 4.0.0.beta1) + arel (~> 4.0.0.beta1) + activesupport (4.0.0.beta1) + i18n (~> 0.6.2) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.33) + rails (4.0.0.beta1) + actionmailer (= 4.0.0.beta1) + actionpack (= 4.0.0.beta1) + activerecord (= 4.0.0.beta1) + activesupport (= 4.0.0.beta1) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.0.beta1) + sprockets-rails (~> 2.0.0.rc3) + railties (4.0.0.beta1) + actionpack (= 4.0.0.beta1) + activesupport (= 4.0.0.beta1) rake (>= 0.8.7) rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) + thor (>= 0.17.0, < 2.0) PATH remote: . @@ -52,15 +58,17 @@ PATH devise (2.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) - railties (~> 3.1) + railties (~> 4.0.0.beta) warden (~> 1.2.1) GEM remote: http://rubygems.org/ specs: - arel (3.0.2) + activerecord-deprecated_finders (0.0.3) + arel (4.0.0.beta1) + atomic (1.0.1) bcrypt-ruby (3.0.1) - builder (3.0.4) + builder (3.1.4) erubis (2.7.0) faraday (0.8.6) multipart-post (~> 1.1) @@ -68,7 +76,6 @@ GEM hike (1.2.1) httpauth (0.2.0) i18n (0.6.2) - journey (1.0.4) json (1.7.7) jwt (0.1.5) multi_json (>= 1.0) @@ -78,13 +85,9 @@ GEM treetop (~> 1.4.8) metaclass (0.0.1) mime-types (1.21) + minitest (4.6.1) mocha (0.13.2) metaclass (~> 0.0.1) - mongoid (3.1.2) - activemodel (~> 3.2) - moped (~> 1.4.2) - origin (~> 1.0) - tzinfo (~> 0.3.22) moped (1.4.2) multi_json (1.6.1) multipart-post (1.1.5) @@ -109,27 +112,29 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - rack (1.4.5) - rack-cache (1.2) - rack (>= 0.4) + rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-ssl (1.3.3) - rack rack-test (0.6.2) rack (>= 1.0) rake (10.0.3) rdoc (3.12.2) json (~> 1.4) ruby-openid (2.2.3) - sprockets (2.2.2) + sprockets (2.9.0) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.0.0.rc3) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) sqlite3 (1.3.7) thor (0.17.0) + thread_safe (0.1.0) + atomic tilt (1.3.3) treetop (1.4.12) polyglot @@ -151,12 +156,12 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 0.13.1) - mongoid (~> 3.0) + mongoid! omniauth (~> 1.0.0) omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - rails! + rails (~> 4.0.0.beta)! rdoc sqlite3 webrat (= 0.7.2) diff --git a/devise.gemspec b/devise.gemspec index 4df95625dd..f4595da908 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -21,5 +21,5 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.1") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") - s.add_dependency("railties", "~> 3.1") + s.add_dependency("railties", "~> 4.0.0.beta") end diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x deleted file mode 100644 index c78e8970e1..0000000000 --- a/gemfiles/Gemfile.rails-3.1.x +++ /dev/null @@ -1,35 +0,0 @@ -source "http://rubygems.org" - -gem "devise", :path => ".." - -gem "rails", "~> 3.1.0" -gem "omniauth", "~> 1.0.0" -gem "omniauth-oauth2", "~> 1.0.0" -gem "rdoc" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.2", :require => false - gem "mocha", "~> 0.13.1", :require => false - - platforms :mri_18 do - gem "ruby-debug", ">= 0.10.3" - end -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3" -end - -platforms :mri_19 do - group :mongoid do - gem "mongoid", "~> 3.0" - end -end diff --git a/gemfiles/Gemfile.rails-3.1.x.lock b/gemfiles/Gemfile.rails-3.1.x.lock deleted file mode 100644 index cd20f8392c..0000000000 --- a/gemfiles/Gemfile.rails-3.1.x.lock +++ /dev/null @@ -1,167 +0,0 @@ -PATH - remote: .. - specs: - devise (2.2.0) - bcrypt-ruby (~> 3.0) - orm_adapter (~> 0.1) - railties (~> 3.1) - warden (~> 1.2.1) - -GEM - remote: http://rubygems.org/ - specs: - actionmailer (3.1.10) - actionpack (= 3.1.10) - mail (~> 2.3.3) - actionpack (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) - builder (~> 3.0.0) - erubis (~> 2.7.0) - i18n (~> 0.6) - rack (~> 1.3.6) - rack-cache (~> 1.2) - rack-mount (~> 0.8.2) - rack-test (~> 0.6.1) - sprockets (~> 2.0.4) - activemodel (3.1.10) - activesupport (= 3.1.10) - builder (~> 3.0.0) - i18n (~> 0.6) - activerecord (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) - arel (~> 2.2.3) - tzinfo (~> 0.3.29) - activeresource (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) - activesupport (3.1.10) - multi_json (>= 1.0, < 1.3) - arel (2.2.3) - bcrypt-ruby (3.0.1) - builder (3.0.4) - columnize (0.3.6) - erubis (2.7.0) - faraday (0.8.4) - multipart-post (~> 1.1) - hashie (1.2.0) - hike (1.2.1) - httpauth (0.2.0) - i18n (0.6.1) - json (1.7.6) - jwt (0.1.5) - multi_json (>= 1.0) - linecache (0.46) - rbx-require-relative (> 0.0.4) - mail (2.3.3) - i18n (>= 0.4.0) - mime-types (~> 1.16) - treetop (~> 1.4.8) - metaclass (0.0.1) - mime-types (1.19) - mocha (0.10.0) - metaclass (~> 0.0.1) - mongoid (3.0.16) - activemodel (~> 3.1) - moped (~> 1.1) - origin (~> 1.0) - tzinfo (~> 0.3.22) - moped (1.3.2) - multi_json (1.2.0) - multipart-post (1.1.5) - nokogiri (1.5.6) - oauth2 (0.8.0) - faraday (~> 0.8) - httpauth (~> 0.1) - jwt (~> 0.1.4) - multi_json (~> 1.0) - rack (~> 1.2) - omniauth (1.0.3) - hashie (~> 1.2) - rack - omniauth-facebook (1.4.0) - omniauth-oauth2 (~> 1.0.2) - omniauth-oauth2 (1.0.3) - oauth2 (~> 0.8.0) - omniauth (~> 1.0) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - origin (1.0.11) - orm_adapter (0.4.0) - polyglot (0.3.3) - rack (1.3.8) - rack-cache (1.2) - rack (>= 0.4) - rack-mount (0.8.3) - rack (>= 1.0.0) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-ssl (1.3.2) - rack - rack-test (0.6.2) - rack (>= 1.0) - rails (3.1.10) - actionmailer (= 3.1.10) - actionpack (= 3.1.10) - activerecord (= 3.1.10) - activeresource (= 3.1.10) - activesupport (= 3.1.10) - bundler (~> 1.0) - railties (= 3.1.10) - railties (3.1.10) - actionpack (= 3.1.10) - activesupport (= 3.1.10) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (~> 0.14.6) - rake (10.0.3) - rbx-require-relative (0.0.9) - rdoc (3.12) - json (~> 1.4) - ruby-debug (0.10.4) - columnize (>= 0.1) - ruby-debug-base (~> 0.10.4.0) - ruby-debug-base (0.10.4) - linecache (>= 0.3) - ruby-openid (2.2.2) - sprockets (2.0.4) - hike (~> 1.2) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.6) - thor (0.14.6) - tilt (1.3.3) - treetop (1.4.12) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.35) - warden (1.2.1) - rack (>= 1.0) - webrat (0.7.2) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (= 0.10.0) - mongoid (~> 3.0) - omniauth (~> 1.0.0) - omniauth-facebook - omniauth-oauth2 (~> 1.0.0) - omniauth-openid (~> 1.0.1) - rails (~> 3.1.0) - rdoc - ruby-debug (>= 0.10.3) - sqlite3 - webrat (= 0.7.2) From 9ae013ae3cc264b98964701507242fd19d2dcd96 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 22 Jan 2013 23:01:51 -0200 Subject: [PATCH 0113/1473] Updating test app running rake rails:update, tests running with failures --- Gemfile | 1 + Gemfile.lock | 3 + lib/devise/rails/routes.rb | 4 +- test/rails_app/Rakefile | 4 - test/rails_app/bin/bundle | 3 + test/rails_app/bin/rails | 4 + test/rails_app/bin/rake | 4 + test/rails_app/config/application.rb | 1 - test/rails_app/config/boot.rb | 6 +- test/rails_app/config/environment.rb | 4 +- .../config/environments/development.rb | 30 +++++-- .../config/environments/production.rb | 85 +++++++++++++++---- test/rails_app/config/environments/test.rb | 33 +++---- .../config/initializers/secret_token.rb | 3 +- .../config/initializers/session_store.rb | 1 + test/rails_app/script/rails | 10 --- 16 files changed, 133 insertions(+), 63 deletions(-) create mode 100755 test/rails_app/bin/bundle create mode 100755 test/rails_app/bin/rails create mode 100755 test/rails_app/bin/rake create mode 100644 test/rails_app/config/initializers/session_store.rb delete mode 100755 test/rails_app/script/rails diff --git a/Gemfile b/Gemfile index 542d04841f..2bbcda501f 100644 --- a/Gemfile +++ b/Gemfile @@ -3,6 +3,7 @@ source "http://rubygems.org" gemspec gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master" +gem "protected_attributes", "~> 1.0.0" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index fa8bbb7451..209a593e29 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,6 +112,8 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) + protected_attributes (1.0.0) + activemodel (>= 4.0.0.beta, < 5.0) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) @@ -161,6 +163,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) + protected_attributes (~> 1.0.0) rails (~> 4.0.0.beta)! rdoc sqlite3 diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 605e2718d6..2d06cbf2c9 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -398,13 +398,13 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s)) - match "#{path_prefix}/:provider", + get "#{path_prefix}/:provider", :constraints => { :provider => providers }, :to => "#{controllers[:omniauth_callbacks]}#passthru", :as => :omniauth_authorize, :via => [:get, :post] - match "#{path_prefix}/:action/callback", + get "#{path_prefix}/:action/callback", :constraints => { :action => providers }, :to => controllers[:omniauth_callbacks], :as => :omniauth_callback, diff --git a/test/rails_app/Rakefile b/test/rails_app/Rakefile index f47ab4d562..ba6b733dd2 100644 --- a/test/rails_app/Rakefile +++ b/test/rails_app/Rakefile @@ -3,8 +3,4 @@ require File.expand_path('../config/application', __FILE__) -require 'rake' -require 'rake/testtask' -require 'rake/rdoctask' - Rails.application.load_tasks diff --git a/test/rails_app/bin/bundle b/test/rails_app/bin/bundle new file mode 100755 index 0000000000..66e9889e8b --- /dev/null +++ b/test/rails_app/bin/bundle @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) +load Gem.bin_path('bundler', 'bundle') diff --git a/test/rails_app/bin/rails b/test/rails_app/bin/rails new file mode 100755 index 0000000000..728cd85aa5 --- /dev/null +++ b/test/rails_app/bin/rails @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby +APP_PATH = File.expand_path('../../config/application', __FILE__) +require_relative '../config/boot' +require 'rails/commands' diff --git a/test/rails_app/bin/rake b/test/rails_app/bin/rake new file mode 100755 index 0000000000..17240489f6 --- /dev/null +++ b/test/rails_app/bin/rake @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby +require_relative '../config/boot' +require 'rake' +Rake.application.run diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index ecafba8d93..d1e30db894 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -2,7 +2,6 @@ require "action_controller/railtie" require "action_mailer/railtie" -require "active_resource/railtie" require "rails/test_unit/railtie" Bundler.require :default, DEVISE_ORM diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index ced57d00db..d0ab13940b 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -2,7 +2,7 @@ DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym end -require 'rubygems' -require 'bundler/setup' +# Set up gems listed in the Gemfile. +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__) -$:.unshift File.expand_path('../../../../lib', __FILE__) \ No newline at end of file +require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE']) diff --git a/test/rails_app/config/environment.rb b/test/rails_app/config/environment.rb index cb86aabf1b..1fe685fd93 100644 --- a/test/rails_app/config/environment.rb +++ b/test/rails_app/config/environment.rb @@ -1,5 +1,5 @@ -# Load the rails application +# Load the rails application. require File.expand_path('../application', __FILE__) -# Initialize the rails application +# Initialize the rails application. RailsApp::Application.initialize! diff --git a/test/rails_app/config/environments/development.rb b/test/rails_app/config/environments/development.rb index bc251f755d..f7cea6d528 100644 --- a/test/rails_app/config/environments/development.rb +++ b/test/rails_app/config/environments/development.rb @@ -1,18 +1,34 @@ RailsApp::Application.configure do - # Settings specified here will take precedence over those in config/environment.rb + # Settings specified here will take precedence over those in config/application.rb. # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development - # since you don't have to restart the webserver when you make code changes. + # every request. This slows down response time but is perfect for development + # since you don't have to restart the web server when you make code changes. config.cache_classes = false - # Log error messages when you accidentally call methods on nil. - config.whiny_nils = true + # Do not eager load code on boot. + config.eager_load = false - # Show full error reports and disable caching + # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - # Don't care if the mailer can't send + # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false + + # Print deprecation notices to the Rails logger. + config.active_support.deprecation = :log + + # Only use best-standards-support built into browsers. + config.action_dispatch.best_standards_support = :builtin + + # Log the query plan for queries taking more than this (works + # with SQLite, MySQL, and PostgreSQL). + config.active_record.auto_explain_threshold_in_seconds = 0.5 + + # Raise an error on page load if there are pending migrations + config.active_record.migration_error = :page_load + + # Debug mode disables concatenation and preprocessing of assets. + config.assets.debug = true end diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index fe0831be97..79c54188a1 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -1,33 +1,84 @@ RailsApp::Application.configure do - # Settings specified here will take precedence over those in config/environment.rb + # Settings specified here will take precedence over those in config/application.rb. - # The production environment is meant for finished, "live" apps. - # Code is not reloaded between requests + # Code is not reloaded between requests. config.cache_classes = true - # Full error reports are disabled and caching is turned on + # Eager load code on boot. This eager loads most of Rails and + # your application in memory, allowing both thread web servers + # and those relying on copy on write to perform better. + # Rake tasks automatically ignore this option for performance. + config.eager_load = true + + # Full error reports are disabled and caching is turned on. config.consider_all_requests_local = false config.action_controller.perform_caching = true - # See everything in the log (default is :info) - # config.log_level = :debug + # Enable Rack::Cache to put a simple HTTP cache in front of your application + # Add `rack-cache` to your Gemfile before enabling this. + # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid. + # config.action_dispatch.rack_cache = true - # Use a different logger for distributed setups - # config.logger = SyslogLogger.new + # Disable Rails's static asset server (Apache or nginx will already do this). + config.serve_static_assets = false - # Use a different cache store in production - # config.cache_store = :mem_cache_store + # Compress JavaScripts and CSS. + config.assets.js_compressor = :uglifier + # config.assets.css_compressor = :sass - # Disable Rails's static asset server - # In production, Apache or nginx will already do this - config.serve_static_assets = false + # Whether to fallback to assets pipeline if a precompiled asset is missed. + config.assets.compile = false + + # Generate digests for assets URLs. + config.assets.digest = true + + # Version of your assets, change this if you want to expire all your assets. + config.assets.version = '1.0' + + # Specifies the header that your server uses for sending files. + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx + + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. + # config.force_ssl = true + + # Set to :debug to see everything in the log. + config.log_level = :info - # Enable serving of images, stylesheets, and javascripts from an asset server + # Prepend all log lines with the following tags. + # config.log_tags = [ :subdomain, :uuid ] + + # Use a different logger for distributed setups. + # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + + # Use a different cache store in production. + # config.cache_store = :mem_cache_store + + # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.action_controller.asset_host = "http://assets.example.com" - # Disable delivery errors, bad email addresses will be ignored + # Precompile additional assets. + # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. + # config.assets.precompile += %w( search.js ) + + # Ignore bad email addresses and do not raise email delivery errors. + # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false - # Enable threaded mode - # config.threadsafe! + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation can not be found). + config.i18n.fallbacks = true + + # Send deprecation notices to registered listeners. + config.active_support.deprecation = :notify + + # Log the query plan for queries taking more than this (works + # with SQLite, MySQL, and PostgreSQL). + # config.active_record.auto_explain_threshold_in_seconds = 0.5 + + # Disable automatic flushing of the log to improve performance. + # config.autoflush_log = false + + # Use default logging formatter so that PID and timestamp are not suppressed. + config.log_formatter = ::Logger::Formatter.new end diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index 0dfc4389f8..b9feca8831 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -1,33 +1,36 @@ RailsApp::Application.configure do - # Settings specified here will take precedence over those in config/environment.rb + # Settings specified here will take precedence over those in config/application.rb. # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that + # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! + # and recreated between test runs. Don't rely on the data there! config.cache_classes = true - # Log error messages when you accidentally call methods on nil. - config.whiny_nils = true + # Do not eager load code on boot. This avoids loading your whole application + # just for the purpose of running a single test. If you are using a tool that + # preloads Rails for running tests, you may have to set it to true. + config.eager_load = false - # Show full error reports and disable caching + # Configure static asset server for tests with Cache-Control for performance. + config.serve_static_assets = true + config.static_cache_control = "public, max-age=3600" + + # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - # Disable request forgery protection in test environment - config.action_controller.allow_forgery_protection = false + # Raise exceptions instead of rendering exception templates. + config.action_dispatch.show_exceptions = false + + # Disable request forgery protection in test environment. + config.action_controller.allow_forgery_protection = false # Tell Action Mailer not to deliver emails to the real world. # The :test delivery method accumulates sent emails in the # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - # Use SQL instead of Active Record's schema dumper when creating the test database. - # This is necessary if your schema can't be completely dumped by the schema dumper, - # like if you have constraints or database-specific column types - # config.active_record.schema_format = :sql - - config.action_dispatch.show_exceptions = false - + # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr end diff --git a/test/rails_app/config/initializers/secret_token.rb b/test/rails_app/config/initializers/secret_token.rb index d27fc2d907..4089a38cba 100644 --- a/test/rails_app/config/initializers/secret_token.rb +++ b/test/rails_app/config/initializers/secret_token.rb @@ -1,2 +1 @@ -Rails.application.config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571' -Rails.application.config.session_store :cookie_store, :key => "_my_app" \ No newline at end of file +RailsApp::Application.config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' diff --git a/test/rails_app/config/initializers/session_store.rb b/test/rails_app/config/initializers/session_store.rb new file mode 100644 index 0000000000..d770aeb8b8 --- /dev/null +++ b/test/rails_app/config/initializers/session_store.rb @@ -0,0 +1 @@ +RailsApp::Application.config.session_store :encrypted_cookie_store, key: '_rails_app_session' diff --git a/test/rails_app/script/rails b/test/rails_app/script/rails deleted file mode 100755 index ec22bf978b..0000000000 --- a/test/rails_app/script/rails +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env ruby -# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. - -ENV_PATH = File.expand_path('../../config/environment', __FILE__) -BOOT_PATH = File.expand_path('../../config/boot', __FILE__) -APP_PATH = File.expand_path('../../config/application', __FILE__) -ROOT_PATH = File.expand_path('../..', __FILE__) - -require BOOT_PATH -require 'rails/commands' From 3c885e043db8ef7b620998cc188fdb1aa288d118 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 25 Jan 2013 23:40:35 -0200 Subject: [PATCH 0114/1473] Fix changed error messages from confirmation validation --- test/integration/recoverable_test.rb | 2 +- test/integration/registerable_test.rb | 4 ++-- test/models/validatable_test.rb | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 28781e5e5f..98acd056f2 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -153,7 +153,7 @@ def reset_password(options={}, &block) assert_response :success assert_current_url '/users/password' assert_have_selector '#error_explanation' - assert_contain 'Password doesn\'t match confirmation' + assert_contain 'Password confirmation doesn\'t match Password' assert_not user.reload.valid_password?('987654321') end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 9583097f54..34703c6935 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -100,7 +100,7 @@ def user_sign_up assert_template 'registrations/new' assert_have_selector '#error_explanation' assert_contain "Email is invalid" - assert_contain "Password doesn't match confirmation" + assert_contain "Password confirmation doesn't match Password" assert_contain "2 errors prohibited" assert_nil User.first @@ -206,7 +206,7 @@ def user_sign_up fill_in 'current password', :with => '12345678' click_button 'Update' - assert_contain "Password doesn't match confirmation" + assert_contain "Password confirmation doesn't match Password" assert_not User.first.valid_password?('pas123') end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 10be9092c8..0008aed4ca 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -56,7 +56,7 @@ class ValidatableTest < ActiveSupport::TestCase test 'should require confirmation to be set when creating a new record' do user = new_user(:password => 'new_password', :password_confirmation => 'blabla') assert user.invalid? - assert_equal 'doesn\'t match confirmation', user.errors[:password].join + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join end test 'should require password when updating/reseting password' do @@ -73,7 +73,7 @@ class ValidatableTest < ActiveSupport::TestCase user = create_user user.password_confirmation = 'another_password' assert user.invalid? - assert_equal 'doesn\'t match confirmation', user.errors[:password].join + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join end test 'should require a password with minimum of 6 characters' do From d77a956276e0eff8a49d75195e278ba112dd5234 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 26 Jan 2013 15:26:31 -0200 Subject: [PATCH 0115/1473] Remove AR deprecated finder warnings --- test/integration/registerable_test.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 34703c6935..7923ba9ab0 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -17,7 +17,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert warden.authenticated?(:admin) assert_current_url "/admin_area/home" - admin = Admin.last :order => "id" + admin = Admin.order(:id).last assert_equal admin.email, 'new_user@test.com' end @@ -56,7 +56,7 @@ def user_sign_up assert_not warden.authenticated?(:user) - user = User.last :order => "id" + user = User.order(:id).last assert_equal user.email, 'new_user@test.com' assert_not user.confirmed? end @@ -251,7 +251,7 @@ def user_sign_up assert_response :success assert response.body.include? %(\n) - admin = Admin.last :order => "id" + admin = Admin.order(:id).last assert_equal admin.email, 'new_user@test.com' end @@ -260,7 +260,7 @@ def user_sign_up assert_response :success assert response.body.include? %(\n) - user = User.last :order => "id" + user = User.order(:id).last assert_equal user.email, 'new_user@test.com' end From 567fabbbc624c8dab135c1b104fbc148e2063758 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 26 Jan 2013 15:56:22 -0200 Subject: [PATCH 0116/1473] Disable forcing whitelist attributes from protected attributes This was the previous functionality since we didn't set anything in the application configuration. Now when using protected attributes gem, it sets whitelist to true, forcing us to always declare the accessible attributes, and this is not the case for the Admin model. --- test/rails_app/config/application.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index d1e30db894..a68120b788 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -32,6 +32,9 @@ class Application < Rails::Application config.action_mailer.default_url_options = { :host => "localhost:3000" } + # Disable forcing whitelist attributes from protected attributes. + config.active_record.whitelist_attributes = false + # This was used to break devise in some situations config.to_prepare do Devise::SessionsController.layout "application" From ed6e232756fb98d9a828319802cd5e34bfd25f49 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Mon, 28 Jan 2013 00:48:41 +0300 Subject: [PATCH 0117/1473] assert_recognizes rises `Assertion` instead of `RoutingError` --- test/routes_test.rb | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/test/routes_test.rb b/test/routes_test.rb index 25d0cc77d5..e80ccf6ef4 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -101,7 +101,7 @@ class DefaultRoutingTest < ActionController::TestCase assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'google'}, {:path => 'users/auth/google/callback', :method => :post}) assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'ysers/omniauth_callbacks', :action => 'twitter'}, {:path => 'users/auth/twitter/callback', :method => :get}) end end @@ -123,7 +123,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'does not map admin password' do - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'admin_area/password/new') end end @@ -133,7 +133,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'does only map reader password' do - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, 'reader/sessions/new') end assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'reader/password/new') @@ -161,14 +161,14 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map deletes with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :delete}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :get}) end end test 'map posts with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :post}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :get}) end end @@ -176,56 +176,56 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map delete_or_posts with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :post}) assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :delete}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :get}) end end - + test 'map with constraints defined in hash' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/headquarters/sign_up', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100/headquarters/sign_up', :method => :get}) end end - + test 'map with constraints defined in block' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/homebase/sign_up', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100//homebase/sign_up', :method => :get}) end end - + test 'map with format false for sessions' do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in.xml', :method => :get}) end end - + test 'map with format false for passwords' do assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password', :method => :post}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password.xml', :method => :post}) end end - + test 'map with format false for registrations' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up.xml', :method => :get}) end end - + test 'map with format false for confirmations' do assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation.xml', :method => :get}) end end - + test 'map with format false for unlocks' do assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock.xml', :method => :get}) end end From 7998d6f878b4d5743ad3330a6006ae19da53b94b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 28 Jan 2013 10:29:34 -0200 Subject: [PATCH 0118/1473] Match full template name --- test/integration/authenticatable_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index ea26d74b5f..d9907535d3 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -191,7 +191,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest get dashboard_path assert_response :success - assert_template 'home/admin' + assert_template 'home/admin_dashboard' assert_contain 'Admin dashboard' end @@ -203,7 +203,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest get dashboard_path assert_response :success - assert_template 'home/user' + assert_template 'home/user_dashboard' assert_contain 'User dashboard' end From 02298117a09ed5a5878f30acc44e94d792bc36d2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 28 Jan 2013 22:17:39 -0200 Subject: [PATCH 0119/1473] Do not remove app/mailers from autoloaded paths --- test/rails_app/config/application.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index a68120b788..dc8f466e25 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -16,7 +16,7 @@ module RailsApp class Application < Rails::Application # Add additional load paths for your own custom dirs - config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers views).include?($1) } + config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) } config.autoload_paths += [ "#{config.root}/app/#{DEVISE_ORM}" ] # Configure generators values. Many other options are available, be sure to check the documentation. From aca7e5d1626f14f4e76e24b0f4b1340208216937 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 20 Feb 2013 22:13:46 -0300 Subject: [PATCH 0120/1473] Run tests with mongoid --- Gemfile | 1 - test/rails_app/app/mongoid/shim.rb | 1 + test/rails_app/config/application.rb | 6 ++++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 2bbcda501f..308bb3e43f 100644 --- a/Gemfile +++ b/Gemfile @@ -25,7 +25,6 @@ platforms :ruby do gem "sqlite3" end - platforms :mri_19 do group :mongoid do gem "mongoid", github: "mongoid/mongoid", branch: "master" diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index 14f2182b32..9b41352211 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -2,6 +2,7 @@ module Shim extend ::ActiveSupport::Concern included do + include ::ActiveModel::MassAssignmentSecurity include ::Mongoid::Timestamps field :created_at, :type => DateTime end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index dc8f466e25..9f942f9b10 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -32,8 +32,10 @@ class Application < Rails::Application config.action_mailer.default_url_options = { :host => "localhost:3000" } - # Disable forcing whitelist attributes from protected attributes. - config.active_record.whitelist_attributes = false + if DEVISE_ORM == :active_record + # Disable forcing whitelist attributes from protected attributes. + config.active_record.whitelist_attributes = false + end # This was used to break devise in some situations config.to_prepare do From 135c8da3908f5cccf5aa7bd6d0aaee277f8741b1 Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Wed, 20 Feb 2013 21:15:45 -0200 Subject: [PATCH 0121/1473] To be able to post to root via is now needed --- test/rails_app/config/routes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index aca429490d..1363d2cd17 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -96,5 +96,5 @@ get "/unauthenticated", :to => "home#unauthenticated" get "/custom_strategy/new" - root :to => "home#index" + root :to => "home#index", :via => [:get, :post] end From 04d9512f3019ceef251b6c119290071c9ed3bccf Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Wed, 20 Feb 2013 21:28:58 -0200 Subject: [PATCH 0122/1473] We need to do match via [get, post] --- lib/devise/rails/routes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 2d06cbf2c9..605e2718d6 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -398,13 +398,13 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s)) - get "#{path_prefix}/:provider", + match "#{path_prefix}/:provider", :constraints => { :provider => providers }, :to => "#{controllers[:omniauth_callbacks]}#passthru", :as => :omniauth_authorize, :via => [:get, :post] - get "#{path_prefix}/:action/callback", + match "#{path_prefix}/:action/callback", :constraints => { :action => providers }, :to => controllers[:omniauth_callbacks], :as => :omniauth_callback, From 10f93129c33edbc88fa7890473469ab9ff929856 Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Wed, 20 Feb 2013 22:02:54 -0200 Subject: [PATCH 0123/1473] Rails 4 now raises ActionController::UrlGenerationError This is the commit in Rails https://github.com/rails/rails/commit/db06d128 --- test/omniauth/url_helpers_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 67054b6529..785ef25b85 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -30,7 +30,7 @@ def assert_path(action, provider, with_param=true) test 'should generate authorization path' do assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook) - assert_raise ActionController::RoutingError do + assert_raise ActionController::UrlGenerationError do @controller.omniauth_authorize_path(:user, :github) end end From e79ebe8aeca9edb96c0cee850a6708f6bee2fe04 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 21 Feb 2013 14:38:47 -0300 Subject: [PATCH 0124/1473] Fix last mongoid tests since it does not have the order method --- test/rails_app/app/mongoid/shim.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index 9b41352211..602d059c1e 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -8,9 +8,8 @@ module Shim end module ClassMethods - def last(options = {}) - options.delete(:order) if options[:order] == "id" - where(options).last + def order(attribute) + asc(attribute) end def find_by_email(email) From d29b744d92a380e61d0c62149cc60e91ec4ba0f2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 24 Feb 2013 20:00:28 -0300 Subject: [PATCH 0125/1473] Enable Ruby 2.0 in travis --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index c8fb10a679..fed6a2bae2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,7 @@ language: ruby script: "bundle exec rake test" rvm: - 1.9.3 + - 2.0.0 env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record From e6dc425abba89e8b47bca20ae0dd4375aa7d2ea4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 26 Feb 2013 11:19:48 -0700 Subject: [PATCH 0126/1473] Add Devise logo --- README.md | 4 +++- devise.png | Bin 0 -> 22583 bytes 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 devise.png diff --git a/README.md b/README.md index 2fc5874f6e..c009dd3a22 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -## Devise +![Devise Logo](https://raw.github.com/plataformatec/devise/master/devise.png) [![Build Status](https://secure.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/plataformatec/devise) @@ -394,3 +394,5 @@ https://github.com/plataformatec/devise/contributors ## License MIT License. Copyright 2009-2013 Plataformatec. http://plataformatec.com.br + +You are not granted rights or licenses to the trademarks of the Plataformatec, including without limitation the Devise name or logo. diff --git a/devise.png b/devise.png new file mode 100644 index 0000000000000000000000000000000000000000..241517f01d792b2a84fb28187d9cfab331fccf97 GIT binary patch literal 22583 zcmeFY0O?(P;W=*>Cj_qqSU zy|2D`mF%6YHES~SJY)NZnu;t2DlsY?92|zc+~+TFaEQ!saPXtZ2(T+4rV)BLI6@*D zDJeC1DJe=dS0_swdkZ)?U6e{a4_(dW`L%te9&{=6RoE+QiVj%{Yixp%DL=F{w~#Oh z8QC-(K=a0S`^0d~RdEFceI_z+ z)YRLhF?%uyXXM!k%_(pQwB6{)aP*G@G9*jO%R#S@2mbJycsor`gZWqa$8`zLw{QMF zAi^!uak`|#eejKX;R;Aiemm~a)w4*ZTA_X}gb^ukgKo*(pZ(W9|>8Z}G-&+B6DCUoWIg z-)FuIYJ8E5I(@m28q!|AESA0ZF=ze;TtZBF8=m1b&k{PAk-vS?bh=Vy$H={M=4G(q z^+~hdVZ8B4_Uj4w)^Qmhmtf02cn~K;J<3IM-vM(<22T~ce-yXpy8~kw_V0d*mQU{Y zVDacgX(5emvZiOsZyUMYaw!fJjw29+LHgxRY5#A+n4@q+YM&@C5aYihBEyk3J?NFF#&Tg!c-C35DHA?7rG?&EeU719hjH(5b&uOHpr9?|mxlB!iH1Kk=n{p0)k5u_y+nb_Vfa$*l4dS?n zTAv?O@m}ls>L?FNn%)B&>CoF{mvC?hQt=|L>AsSF$WkhL6Y&RykhCLuU~mnWeTNqel<_^>mik69E%IRdZoZ)4ymZgA5aFJ1@#+)_!QVRRb- zUcGI5IRXY*xTz3CzkZZ?%dmmi`w`*tJFXhyQa4;G0!s~|AR<-`+F>6RB|@zr&Ix=P z<-47bz74`sIEGIcrSHZzaIN31<`S$R-1TsJBV>ojb7F{pdwYRV@d-OL8tGqf751^g3?6Pgn|PojuEm#spV)@Cw6Zg$L+5S9VH&8lq~=jrBi z-Z#WRVme|TV%2oHbk=m-beVMWbewdebUu98j1N zi!E=Xb{=uOoF5#0IRjW5fQ>F}l?IchnJ9j+bS zG2fg#KVAl52AzT6GF79Zy_vnlg3ltxBI2UkBDg-brrO!rjnMgx>yAry~rS*Y**-hCSM=AP+E7FrDn#Qyq$6Azhy@%;gTF7^&i19lXF zD4QT{Gd(T)4s{~k4E6OFLXHY5Qd)n_W>xP`p@2Wy=COl9@mBc_`Na8D`9=9n(mH?s z^soH6jRZxG{dD_o@U!H5&ig>BPl*#L-{VV@y;*-G&BUQ6RQw`M{#K+}Bw5H@M6S>` zWjlp;$b2ZvO-Q7iCYNTLR#N9)7hZ=_w{N~aSUa>hXfXsD2}mZ0ze|*$4m1F2eA1#a z%+ua%p_ZRi;8Ltrbdi@=7y^`iIjrSYUsMt@YLW6$m)56K+YKFVX0HETc?6slpT*$w z;QPJg0}}GU@c`UxAF1-`@}BUa@}60n@<#Jc^R@BmfMy!D8rW@~i`dG^idRd;%4w?J zmui&r6tNU4&WTlulriM)mwPEVeF3QDQ~)Yp=RPh_cIS?N{i`;`Ia4!qQ6K*eXSQ_K zx?guhaP~eNW%$nuE!cc8(fr6%-{fIfX^?f{By;gw%WtS7gan@u%`TD#UzN>=?U{{) zm7rp#@=N7IGnN zctJ!{xZO+BeP!Ew`N!hWK-uJBMtwYlYJZ;{m;I7GpbEXpxC*0+#gX1o+A-nm>a6VS zPOMp!k(?}BP*n#k4BpKu7KuI0y!~=Bd`S$!zf-yDY>Twhxv#PlM;ABG8R;Yh2&~Jj zdt70<^7$-+r_P(#zjf6Hmc0(Zg#;DAy9KufO9%6OYW*brslKPRr@zOI>Vb-m3W8^* z@YaG0W-;am3JWnc^(F?Jj+<;ayf~dWS@DH~HG?mVou!4PvXfJjLX!zx`dkC1_@#3* zt-6eJB8@aLZx?qk|0@1Dj|@!6O;Jm`5S!$?bj8*9Vm|e?PSe%#O6jNGaN6p@>Py?> zE%MpW3WR=^^TwSxaW7>qg*`JnOFYXYTRrCo7=6S)t|(3`@y4Tid9BKR?Ih}?EMV_( ze0O4B%`N+Eel73{?g4JMTdm5~(dW$4_~TlKf7sKnryGRVZ+`DSU?r2SFrzb*3Kx1F z{4qJ%9PBfby^ftB;QCO6r~F|VzlrRFV7k}!F;|Y6m!hVEO7fQCwj#rb{jl(`^e|RR zwN9v}Xc_Nsd!cbR(Yt#Et&g*VC?W6nRj;x~C7|1QyEFGTkZFfm(^)#ch4j$$J5Uv< z32dEdQ@Z_oq7mP@%f%lTKl-guz;oGF?cMEzenay@fjT@0NZX`4AVsaol$**qB}FEx<9>w$wm_s; zfE0+q-prxI@r9r%8MV_HDD`$GD)|IBIgrYXF%5PYQa5@bXUDykoB8AOEJGl9Ff?i!boAR6=}kQ79gfv2uh zoceSt-~Sbv`qP=37TD`58ViP1YDJEHjzB#VWqAW3?cGA# zt|gKiEoEUgb_XUh45RmAA_1x)*nMvbNVjnle5cv#{r14DmTWo|ll)PQqMlnKc&8xJ zC{nhplT0!rL&MdTl~plOQ86(uUtb?zzcbf6mm3e-<%cxr@!L`)g}0aQcp^3==NNOO z)K!6sQuS&&5sEv?D9%=ijjAk9 zlh&j1^Qcd&x4OI8!8^wi%1szaZi|m)pAcE_m)pK5q9N&jk}ZlIN@7f8PG(9e*DTfk zO|DZuC2Zo!eWAH{cu72`-^a7&5pSh&!W}siZ#_|KWPdt6nfdN347%Cs{-2q=L`S4Vl2%G*SPSTIT)jbJh+`Sv7Z59j+_$RXS?= z&tZjM!~V=szvGT{KsM%})`G>d*<7Q%gz7c}4$Z)l;HeoTkoG?T%Ti6;Vb{lj%-n3i^2G=5k2rHmM&91 zN|jsLQa)Rur9s3j)`(g4D59b2I)o@MEk=)C4m`0`l3Y*&cnGp)4@algTs;gh6G*Bad+LZ z-EIGDC15M}3K5)F5ux0tDqB;)92<~r9y=?3N)h;q{%ZIV1{vAWVK83LHuNbMln(In z@wJh$pS*2Q$5RxeFfE|UPybUHGBhv1^OFywaP=u0!6>RWPTuf-2qFc}$CO8&ACt7?=nVrXB#b_$}NAvUVui|}E ze|;lPKRhxs{7_6@j*1vOX~ZU30FVU}mJsYumDW+62*D<)q?F6ZeLIEFjCL~Q3u~g zzjH?xN0Ub}F@m`mK}=ABB#|pKA=2l>dHbE1qLgsUcyfalWuI(F|ERD`pw9W7{M6$7B;o?qt9gjD2}nas+HphW3dWXE7=dc>crUlDR=*dcm9hGH(vlJXhYqM4L9j) z{yYKSosAq+Pah;S0`Ja7{LvUUu$scZ8(UB0_M1Lu&?vdC`Abb`Z*GVhn(N#nYJJ~Q z4OTlrRYb%F2P1nT74sVp!XfN->Gu=1*4z)2t?$J`O!`wzx8gPC1(PxDzAOL99vI&W zbrx@a->kzc$xFpcV9jssV68d{>|5T>K=~|5YZ9swa>g6~QHfGzQe@(en~`gV+m)N# zGT&lJ_M5!kDB+$VzD%;Kw))(NJ-z+*i8?7SDJb)A=6Un2+lZ^gru=@=W1KJKH~ z8e1OIr3Sa(&tAs@G4irQn=GP+G%7u;y4hQ;b1T8PWRV0X-MD}nkn| zo0Ggso{Uewj;Mhz3gXikcvU?ZFvVXVhTZBsesU^jA3l8K;dmi>(gF=OY2GGTwK&k3 zYTXPx_%0WN!BD9;Llu95aA^S-`1!#*lva#yf6J&mL~=6NzlrD>*dV!(-5GU^s-V}B zv$V!wi@ud4$oHEZA!I@)(g^nnrTaQo`&jcV$U2Vdg)E>#Bl%vD=i`V}hMY+F{GS}^ z4U`|DM8aOJ?>?KE3UnX^kc1FRF%*bzv+YC)e?p~Y^M)FO6D@WyEF41;!;jjz`&6{5JJt%s^E+#I9J|KgR=a0%*Rb_}+8w0TBq3)E zrkCCjV%f@)T0LclTFIjhwP{qHzQq4dN=_3`WJ*kG_j1pXRM~t1w|M$QL+##Spx%+% zinSY>e=!V*Y7EsEHm=f9cgrkhKKir3v^wp<#|mokSf~%f@Q>C>x6dfi{{_p1vfA^f ze5+TR%vz2=3V=a#$BrG&06U3YeDG;r8_}H>k_7rJ`Z=iyamUM_S0=)0|6=IV?#Od> z5=n@puL&*+T!+jP9WyP?)iARACR{yU}0iG^p@x4 zmz)X{8E=q!4T?PVBseHN*M$(Ryc>9dL+e!^iYwES?;0PqLC`?EL|_y{-p~2fo)en- zs7pPEV-OP%nb2RfMLzX?(tN5tkFTU7l%PikcL90eVBvuI`_ms`-?tBrNF?F&gTRpB zvLEJ(`sVCbTqb&^l_qW$3^jMIh0ecSfZInqD*LrN7P6)R(XXj+9~Og4k==ge#)GUB z>?Qp_Z&A5&2U0&P>=m4}ipqbInM5U;>}MAHoip>6cZD~yLB?IzqvMA7W*+@CnpoLd znPxOwUsrFfuCbP=sbB#yLVuv*UJ0)0XhVt_uYIV0kzZy1V*?72!7M z25gG+#v0n>=_10U!1Mt>_E~|mpS!W(5#AtUQ+^Ek$Pv7L=s`I^^)U$U-)r~UA0LV+ z{<-zf=T=m?u2xqO!vFg^>=xGlZv9Ui|FeyMz2|@K@IP?){~Qk&%n$(nm;G($osYvT z)uOLY5Q(QvEP(fB*g)g8(7(Ve*xHSiBj)FME&Tm87eT&7{NZJPgriHeJS^J>X-nrH zsBb0;rdU-{*4)8H00cgJa93f8-&4MJD79d!zx{;!584MOAxu>#1$hSQf0b(q_o)Jl zKb{xN15#LzYmW_^k&ksJ>tdiXZn zBVifX$rxsA^~#y*lzkS!U!>+xn7Y0kZVu5+_5t^R$}h%b1$NhAPsxOyR3Q8M>f7^KzI|oX~YO%p%~{m&|KNirop_%LtDaj4CCP$> zoRC507-IMt0x@4Gdwi1dc|2`$Be*tCDw_aBfP@h}ML_CS5XO z7spJ-gI$p<7?E`#=r>mfK1-?epEblku^u6#DGY*_c$TV{q5YO|?~{ zX6yB+nj7~xE5yE@P2XR55Ab}XGjtE`J%HHlc|Xj1>6`gFv?`1biwj!G4lyQboV$O{ z!kk?~M0wiySc`h2Ny%Vdg=)2b1O$#DKMpbE&~8MLfl5_amK}T~eiM1R1>5Uh!gd`? z@g_#9kI3HxsO^^k4sStg*>i_xuB!%-8kyIn&kQC)@80j*EX?bxFeHZF2+6jRNk7a+ zw=M?XCQyqC;aYI#ic(CB+8KXpVNH?>n96Ja)TgM~sw@;`GSGOq(QdhDTP{tU_LNFA zFg{)VO#9wUhxB~f64h&&HM%q5k6pvC5s&KYsbGf3)jd}9k(v}h-GW5U{1rX<69X1I;2CoZ+!&j{3*%NM5|xRG0}|*&Hdr;L)>*p&$lasF!19W9Sx_PDo$YXL3b=C~&chS)lq_QAL^_B)xLc1(lTj!E6>8!SdN%V9 z9xnvWw5y_y7SltJFawN;7$r4n8jEcHm5VVl#je2nhENwF!1)!-6!#vgyg)6-r)*Bi#RdzZVhHU)3SceqwVZj?z;B_{nj+%E9dH}X!mPk6J+-SbtqqRPo+EO!Sj1cr^^ow*kKeKc}NLbVua7nJj^ zu0?S?bGXJ1|H|&{ZN2lVUr#1t0*I+fspHG8w$?}zeNl8_8p+@l;UY2#cx8IOtFm*2 zdqCNyWPlj!VMh|dm`5kxII&gKCvnv=P7j<02@Fe5c1YOb&AgHyP^7in>-ci_(L&Oi zlo6lLx-*-%zR<2!kGlq%kQiwyvMi_}i(%E1P$>h}eyN{u2*Dj`O%pTS2gLCOFv*fAk#ArmRS7dFVt(DC+v`M8vAf zE=Fls@4bA4d{$KSv24h7sYz6pnQNo6%-)Gem#WI=<=|sh@2)Dmi=$_SZe>qEU@&R; zq;|@X;hvkL01*v+cx=7an8p0QG0q^XG~1z2xeBVD#5DsNtNH8?a|?~VbYJbPf~VGl zQRao@`snajca53FGG561s5eNVUFA`VJIXcCj_+I6Umo^q3Ha%i%1$AEzUbG{WMBJw z1 z8l;;OI?J6$JN^F3O*;u7o`JOJd-^0EXXi$hT3!OMNf8?JYEf?e3^@}+D9!<=NJO*k zugZuy>~gkE5@wWYW7Zf%J(-EuHvJ)jUp)kmf zGQAvLI*|C2EU~(NHk_Dl{>SjWvB?%~O5ebO70`G@1z*5mnhd{)9yGErJ6)|0XMja) z^Y^MbUZViIn8H+^_Wa~pA5~jv*-n14YEeox6FQ%H+#?v!3?p99T8$n`Bs*5hwxrCO zBZD!!3d{Kv`?kbmA<=QY)vmwGah_+z_Apmd9Lr4Abcw@EWqq^)3&EaOh$zx;vhoW3 z!8{HcB>_Q)+_Vug*J`errIa|n9wM_rP6P6`#?JR7AxZ^_AxaFSBegYFFoZPLXLygh z3t`)~f4yUOyD{Rig6x3uwED~`{jPMe9OIUX)b+!-N-|wbiVjw`}SjDO}5_o1N?J%6yH%NRJt!-s06m*?7u5CBoLQ{!-xjC1Y<;Zk0A%IxMk1U-G4cepS^hspLC;aKn-yL18^6|D|2a zAsWgA_TL9XexrbV8LX<-VP5&uMEei6(8_`GsM=k0))LS1P|z$&X{I9VI7LGr#D_K> zH|_=Z`^uxxN@PeZzLrEVa?Jl)vfDM5;u|4an39d#Rh(R4t6sa?^NNB7YA3&lb}iJi zRi^^khB+ee+vh&C&h^d98US~Xe?GTo27?rI!M@D^5?H;6*c3l<7=_;$oXlR)Wy6m2 zyxcZxe3)8w;zW^mWx!U};dsV3Q}4`#u{Q-TFkgR2@9lazMWd}>+b_&uu(gX3fXPrs44CF4It+?P3T2s$c(#-S>9?VBP5ik-LaT(ah`Phg0K>ydm#~ zJ^l^{5Klvr-Q@xw&?0n*4Yk0*Q%`8P8r^TDgTJKt`ipuqYBorx3d3x)%_ud{ujcB9 z?V{Urz|7QIXG3{|!-_PD3vtnf{WI&vlHvJ-rx04ftsU|4NqYw5czE0pZPpk9qclh* z|6(1#RDv5v$(#yqSWi*%nG!lRON$*rFN|t!R(LN%!6D_zn9U%Q=j#br3(C8qk2QVA z06OkkIp6QLYXMXzi`W}skNt52^%WFGOeQ&}tJ zHnFWvLEIh--yK;!Uud@;(%O41fZc{R-hZxHFnG~}hM2h>8`2MmmjevFIl&^weJNd* z)wQ8ntf2?o;|vmuCeof;J~y1&MmtsH&v}T9q8xf{&0>8G@oYrGi$a>d=R>QJ|9W4S5>!PDFi>br$F__4~-2t_E|?jR(tB6K>e|b{--h5 z;?ec{W&?a*OY$F`u=M4z!c}Fq_sxQ1{ZIh4SEK?gK744x)Fi|Ue|C#sIGvftHgV|P zYjW3q`qC^iI-_G5q)qC!Y_zQ>7mM#vvy=+dKQ$N10X`faGWh8lyU#LFp6A8v5{ln% zgj{vXE^;yLJw5qV%#6Rkl=P0237PEaor9gHGK_*fa58MO;d^h3SF2ynuHD-f>qfJ} zX6*(uI8}B$YD3|TDpm1eqlclRdH%ttb^lN$?~|u0OX56if0#Nn3a8;u+)ke`IsfLo zyKKvPApXXh`5Trqjft5ro6(S4e0uN*OCHXRgXB4H6d2OFauL21m#Gc#wc&9GNwr@l z47C&mjzAZ!a@c$~3pk5&Kr>Se*;Z`=uYB_vP^-m~<=4lp9hW@?ie2R9i?@AOX%|-`98M&9ZBx~_w(yOdwKJGDpX9^Jd-GHL zer@hjoqP)-UuuYZ5!Y180PnqX`;PY{pV-Ut>AW2>p09Fcj^4JE%SpUbG~4@Qu4^uA z@+O?5wJWfkMxjezew>Zr&YS|4A+1!ZHjYfF2_CDU9<-*aiF5_!TozqSJ*&&1xv+OU zRdik8W#8D(FhQvG_g*dWfr)tjt-@g_HF&8&P+!Vzv7NA+L!JQscwJgg!)nC^Ln{%9 z6DV(a>6TUbVOHaD*^I4&G3JuY!n#?z`|X10&v;ccZF&mq0maUn?<$HCfnhQh=E&vDs52jKEKI_Mlu{xo>!ZZ~Hv3EpFQEzI%apUb1RF&LmyXdhtw$lFxn^*WD9Mo-)M6Nga_K9%q z$vTeK@9=qH0mNz#D*9F zb5zOSbr}B2piMNxO`gIJ@G~rzG1OBr;T^=m5}?FG5I41}IzjhaGkTZ>d7uVH@%-_s z5UHPR;56Ym6A7d;Q=kGfq8me`mcYqjQGw5I7V=3;^R#?>pS)O{_KF@gx@nb;>-Y1z zX-%M}H90TWB|;igx$k_b^$sAP6t8@lTV8i1yWgfgi;xOP9_n;8maoDd-MAStOE?X_Kjk7X-3{#maWq$)^U{ z&$c(bCVI`$jqEG=Y+_fA9Egf6b^W(|nK$phK6eFEqpUv>RL$!+NB*_dvYeVwem(FW z>!9H+xnY&-TAtWg!pbg z*{`^F`PQ*@E^n^L-q_`j38>K`vb0kg3Rc718?i=5ur)l3h-DIItaH59et2C^4WzGLddJj zE>|c62f9e+191qTfm4D>h^2ApNo}gS-c;a$4}dS+wL`C!5!h_!kmf?8cUY`S#ZjJY z&tY?S$YN@+Bb72hCQ+8vGL0x%Im%UN#5S{*xT^KRk)9A{JH@O3K&H4nnv~_6Q*XViOx1DY*_`?jP-7Z7b|LG$ zZOXEE)%9`Xvd$?pLX&&FLD}owV?_>~0)E>;QpI^}`^oE2$DV|#0ievH$H?#4{Ocuj zmm|=p|6{l)Yy6wn?+o)eW}T*PBG*c=FjL)L6_*cKf ztyhskKqR@#n!y7fuL1cu@M?%5i{f+kP3mTgxpDrm=Co%=J~Sw}|Ee(k?+UVM5h&}OCW2ZRq)*Pf@173~vxsFv66{bdl-o|+TLbk(X# z3z?88f#madTsw(Sezts}m^DV)evj}TrUw+#a$;msNA5#scmeCelApRc&GwfVcu?^$ zyhqKGF1zca@r5oQ7hU!F3tv7Z$WSISOh(hAYv)BIjR6pAc z@5bv0ucOay7fREuC?M4b0=AHkAQ*lzxle}lzWdgEZ>=7z{M#9)7XuhKG`<4@XNxJ4 zdsaeg+QBLB;>CDs29VykZ3-;(duh=9W7Le`pLe9;4=xQNUyRF)^%u+vj{#zO#6wh# zPFD!PWv5&@#j#gep$>Pzf#p!&uZ=w==uLItb0pv?-#PgMrtsM>j*?P~uZQJkR1gAm zWJsm`qC&Ss%c_EFpDTGA&+wef-py7d2l?+?)i(wz58&aklgTIdef#yx z`S!Vb>tWlKOIH(hq2f+<`2E0Nyo?eyZH4V=gd?F7580gi2U1AMeQdrNoykBkd{yR` zh2J5-?23on`1P*~Y38@nvXnef5N2X%u4nN ztK~rbWj`lyZ6{Y1|I7F)gbZ61zq1_U%DN7mxG*)z;b25)32|s>+xjpnhU|T>E2tIO zmgqD>oRr%D`NOhtVFy{1$W0hd(VaSO42lr^it}1;( zoBiGF2OrC<>YoAJ*)IQt7Xesee`7qFoLS*v8oy;#*6Y;E9akG&vB?eUaTbIkQmVc85fB(4(8bTCW9!}(iL=Fo&(JnAbbb| zUBcYKmRLN+S+Nm*cxu#wO1?xD~HRKY3T4RCbFV9kXax%|`pK3|%LuHyJ_< zdEvDQv7?Yw`GYai(d4?)6U6m5(whVcR-eR(d!nlbn*oH!tLONwQVD5=(r!8_pY|w5 zTb?dzRny-*>28V#s!{HnWh?Hv7 zbFzrzxlHK1Z?%XHgV%ZRSQCLwRS5v+0BSs5T4#hpI9CH+Jk-x)^i$PP?Xf0wpksBqu`}Y4`DkJ5KUG=#6@8ac<_I{ABe}rQ_040wT z-m*KO{jhkBH%&{QHqhC zM?*UYSW%N>5`ZMc^E@2wxOtw5j-0X~zNi8#Wo4cA(Gk>z=H>QbU}Pa;o=oi%L!63X z4~UAqGz^h^jim3!cR0y7yIT>M_8C5We9}QegWly!{9diES-^xvq(`etVXP*|wQl_N zYej+GVKbhSZ$^C+GMMt59oj1VjCa!4p&XSf^!py&NzhVk?TXJ{|Wc!k}ULnZ8R{C0LZlX{e7)Mg>#oP%& zySFKZV%42L6+K4b%4_iq7DmHDhMW#q4^83~3PvmWTP#+_k3?SxJyeG!6fZB6K{YmQ zEKi!Smf7z~n-K0 z9i2%>pH^r(KUCMGdL_F_%L}ARysI%vR5tEb^;W$-+QFBn-_t2{ zo`jhUuu+L(P%jxXr!9tRSAqR;K}=N~Ya96O{Jp$Mp|Yw7s%Cay@i(IPdlGS{eP@hr zZ?mB-;UA$Qxe~CRyxpI+`&7`=Rl_{H_|BaOtC+j-!Yi!O-?{GB^&0s4e5V?~4NeJM z5CmBG^nYLXJ+7RNvmLq2sgnFH)U_k(l+Nxj4dUp$-+EG0Z5j>Yl&HB5Evj!9(k8Zh zp%S+D(SL@H;27f>ybKjU!>|n4Z6l>&3E_PM)())#Sk)rdHP~9wWnv2GJkcCW?y2&t zD5N(yJX}>ATBzMN-7&1}pMdCy`zNZVM11?|gY4R8zVKR0DrNr3l~}E(9vXVSG)CKF zEwZWVtBLsXo4MH>0I+4BRk;gyN_j0-d8NA~uNr8^-^H*3NuH`M2LVsZ`*;!!*|rwn zRcW1`*a|;dW7#*mcdvFGjS}T*(i+?9%^SJ1FM>i0|OhsB(m#Od0+&ADs>(5NzOxbI**BK#`gbn(8e z*aQ{vY>j*@Q@hK#a`?bszt?jlY+;<(_x`4~q%;yYyq@rYUe7y zz<%E9i|ZM7cGPVThOHLkN~{IxvgTLi%`nHt{YwXo{=B=Jqvw!)?^rBIul**gg1KEM zPpee_?FGG`ai_8GkDo{6YgS$Mxu3PXQ$z#dz4T`AbL<}wfNM-I_uH}i5k^7j|CkNy zQ@{}RQ$pbGL}kowQ$NIkIE*p{Qvs?NR@8=<|NHb;H+~jgpL#0>GDu}$!}e@BR{+Gx~$Qxl)Pawze60Jm{Vtj3eO?A)#Y2aB0ijpi&_-3jyP$8 z)XQIu;5;f+&{5Qluu*9Suxo$xu1Ezdee(3N!|U=@-!kFnU6i;^nMU8$l^$vx@6dvj zY3((!gnriS^U&VN?RIA*e$|Vw;qS)czC?|D=(%Eawx8UAs-NUh=QWe<(XYt<-RLo! z+T?0F*nmaylT(ZVtO_-m2ch%C)G+C_Aw6U#*dulE&FHn}yTrV|u5HvcXqz5`GwS@D zWH(8BI_|N>8zjwfk#*{)uL9n6Jk&`S)an$q+w*t55%o|X$)2;`J=AMXJA~@6s(Q{W zeQs{*%nt3CLz=3#8+z??84;-4^|=oe^lU4Vta1~sF=iJ)sf@#6&x)|d-M66HZGU2Z z@BMav1Ru;$lGc+?@|?92?XK80Wiq@ibJh5Q@?e9-!BXk8TNKgRI(v}ZD&ak>6xiH^ z(q1c!PYuiXr3G{!vhSUTPpzzxO%tH8(|LtjeRx%0bij6Q9u*!xrmu@WY>c|%TPT)b z1hk5(II)iHdtP~49L@$*_)#6IG7KSeCf8V-1d#L8>livFC+p)K9sWIbVnemInI6%1 ze<|b#q}DUtoRa?T8zYDVjx{Ygk1UxLqbrFB_1G5l9d`S+ti<^pN^|LeZV&^6UZPTM z<`m-?B;=6{#Sb3H&{RFiD<Qf?d6bK`)!-@^&v0?p<^k>#sR)9{KA=-6T?yBf>N=WHWu2B5wcZuJ~7dKmSl9^@eF62{(m3>pHa#tIpN>&-a>GB`9 ziNC6^`H{`p@%#0C14=|Wtm@#nY?^^y5n@6$PqZA+CIF8rAX+B3?9)7QmUuN{=vu7^ zUIkJ=FBwhaeF=5R9F{x-HfY-091j2F}H=cI0H3)bz3j9aJyXHy^ z=vUK-baTe4egTVYTO33z^jb4#Bp7aFKHL5Jkw=~JS9`F#Zp1TTi>U>B3Xbk>sT9je zv*Oy0WWJ0A!xL~fH-2xy)YwXyo9jC6Gaq7Sr@XJd19cZP+L4-R z{YSs8)4pVf{F$Zd;k-(Q@AKDmT2>7lp`wf#&dWp&HV~RaLJb8AtxlLE62D=7x@eg^ z)$TqT3JpP&HrpeiIuycpqd%iH^=+3@V5!zWrb4yr3v4Kx${|Us;$%}w^}sV$y}-`9 zAOoJii0$Zg`>ze?lpa|?SOf2$;VocW&jY%>poCkQ3VCv2XeSOj#3Y-*xLl>4^d1G6mj+iB&Mgo_7XjJSu?Z;tV#h_i$8h zry#g0P;i8{{w#X8;syf&Bu)%TKrYTvs^tKx?fJparf=@|R$_F+j> zXfbDVbUj@u!hQw|F5ZXje54u!zoYQK*i8Yb*b8+q%POS|eku`YdsworDBByock9Wp z%+XWn8=E2!hmn(Ha0~FC5uh+K4lnr>AZ&(#U4p~^*9*VCmE*rL#gOJ`tH6sCt`014b&ZO?(7pRVvW#F z{Yk}OE7N`Tom1<&bKXO)3n|F(b`5rt8^XTP0UP6tM#Zh0egXjRkTiGm{#8v===P_k zrgh-s4Xn!LtW}OxkW~(QN>o3oKH{3i!zML2YskE6x8Yr}U*PScmDO^^>kV_uJhtcf z;z4Eg3>@Fe0Vdr5bC^|2axUPv<>k?tSKSKxY4Vly~Ob6z{<(v*7I@M(7ggJofRvvr^p_;d#S?}?vz;;b3IK~+rVhw zDFdwG-%^G=V;27SBpM|2-pbagbeSRyv|+SrilG`}8G3Y~I*LYZ z34&C#RL@W&gKG6?YpYtiaH_4^f~tK8-7?lxNK%bp5KBs{Nra>?$=sgA{6GKpA-*pZow zF5%Jh^tXr@RUBO_c7O$I8i_?^4|wBfFjM>3RLel^3v^7|#2s)7ymNOkDAVqSqULu; zTq`fs{{7lWzK=$A(9+F+4w-f%75u){Q`b_Y zouZdhYrmuVQ9{e6ao0&J_KAymoC>?Zn>{{rs^F!K2N~T{%e{4|^z&p%e>iP17$-a> zsHF4H88>=52(3=-irbA>$Q9&N_6^KjpP%Dl7c^VK^J=O}DQIPrc(Tds z^pn2fVud7O{O%jLw%do@nt0ff=E;)my2-hwojd0ajz(EdKY2%bL%}iMB@4kJLTD46 zbh~fpT#*61z*gl9omcEI?kco;9(a`rKZ&)9&pH-&^s+gI`Bxjy)^aY z{WQ$q4xxsNwa`<&=BG5I1Cn@nsb*id7)=SKV1}y4H6K@UxaeJE<)A|91_A z3(WXW6(Qz0o*O7x8TaBtU20+`5h`oYS*fKWG0k!KP8u>gfQOqEI`9KtLc)5b!FY|oKXN06l z5L}ECe3C2%-V;X_c3uDh*8A^2N<<=SBBY1+Km0CfQ@<0`-7bEKKLZ~Y*W)3Q#n6A< zDc{8ATO@N1i7|Ly?#MhnpH;e0#@O-ZN-|OyM`J+=XF&=elX1xaCe>@Jn&^vcL+ZB_ zNvGC^02a163Kk<%L1%%Pb^hgUiA=F!W-UsW+(vTr{FK8 Date: Tue, 26 Feb 2013 11:23:11 -0700 Subject: [PATCH 0127/1473] Reduce logo dimentions --- devise.png | Bin 22583 -> 14354 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/devise.png b/devise.png index 241517f01d792b2a84fb28187d9cfab331fccf97..5481b00533d601e15e7e0cf8baf3d22de376f929 100644 GIT binary patch literal 14354 zcmb`uWpLa;&?dab7-MEyGc)s=F~-Eq?3m-2X>G^Mabjj>W@culn3fpy$ z^{Gl~Nzq9lWgM2G|c08r&*CDi}`s94B(Hv&B5xJ9_n008hV%SnoT zbzeDMZV!W2#RgA{p+urc60p}mS0jj(b-~kcbMeez_Q5j^ftb3W`}+Da8E#X2hzRo1=#F3&B-NN=&s{(ss$q!RX@O z60*hk1@*_SuBFFC>*&As8&evOr}Opp8bLwMkL2a$w=~E`3?c^o@AALifgJwNlK;On zSA@VuYy508#Losl4@sR3wE=1(4yP_kO69++{cr^dYTup;b9@ECe`Ke@b1AqidPV*$ zc%YGkDEBR+?XRo^5hy1guv}9SI>!kxvOB*PIMSRqd>-^4uSZ#XKaqK(?@y!?**9$k zvssKKvH89}9^&)b>m~6ynKYeLwDts|iQtPoALd^6;~D;{?09B)ecXxhfHvR&f1ONq z=zQbZ8Mn;zNw~7OKV9AmXRH`d8q8#c0Iyqyilfnh<{DpKKj$?c&>P>&kJYscfZJ7gSVWIcOovr7SO0+>TKkviEO2dARhOJZI?Y&y`KetO{5EI&Rs_ruGiaH zWvJ)9M8lqF!E-GRu-5t|!KD4|;k5BkEcq~x%i)y2$gGYeS?J`qiil+!(v_h^vxpgBMG?~P>A{1=uP!oUH^Jh-&J@$ zoM$T}vJ88?*h;0+0Cexbrp3;WA)oOz2^VG6v;le>@lUFGF($Wn1NvDI7j$V5)FYF$t*}q10Qq z4K3VnWMByK4_PUpmV*qhx#*PPB}g}=kb<3fCkQ!$yCwZ%iHK_wuJa|N8%#r@^?K{U zs96;HVbRVL{IqR16M`6qqeHGnZWBT`V_yfL-$2Td_WcdC4cvMWA~P2_8d}{#Zj-_f zRC{-ZKqo*k=G&F~l?Wx8Owokp#QdYtC4tqt|Bp@o6W$y&HF349V3^Ph%8T2}UNkh% zLZQwKVJ||~$`Kei(545?WHjieC^vd!Kt>Wr-e&dVe$|1oWvls;-(x6M*Y|0!Ib$v- zV|K14qE^gH)4*e|i1pHG{+s4rBU26|1wTAvdEHFTBNjof;6+=lz`NGv?{_H<8h+5i zRNODx=u>jeAtWV&PnrCK4)|Z4$qqbdq_q$Fa&dv9)99@?M}?WeHOqW(b@F4*mc5z9O9Rja`(r3d*5)q23%ilad99a*_eyqY=#CdJyPsF)S zI1$!B%p|tN zS7wJ6Wxv8NsRNvMz5}4^IF4UKaEo=)iH-=kdjM#~*NTh0QP~T8kwrwIq8ldC)DDSbstZK#wI-dZqntS&2WbK??0pYwP*If=fcRU4l!N)T-0}qij)a>LW;@< zU29yqU&AA1ZwgdccHP+uJE&fWd7#5~NgSM@026pGI$l_gxabMrhB%+0)gV)CQV`w9 zBMDspoQ!!tq!l~6D5R=t2*>kv*Rc{#bkuJ^mh{5wqP_5eEB7YwpeS^TkMM{1<*}}q zq{m+X0*>pqn_w?4F%gr#Py`{45XOa16I-zaQ=4m$X`H%u{{V59r}%6}AT5XXJF7w` zlqnfT%VclHppuSx7|A(@5}aIL(^u!y&w!#(rVYdz0_gMk+TY&u_2JUEOj=nD0^r@C zF=e4ENiCc5dLv@vW}J#gPMAbuA=soe{vHJpmyfrHNsx7J6c5KDM;7t^Q@_j`pzk_Z z9><+xeTY%bOPw^EUzq_Gkn>|dCxT^!K@Q@?_$G||P#=MP^c}!mXwy5Fi}r^CDxEjx z(^-hSCTm#tv^j?x(j^H}Okxweu#zSiu=(osg$x$fd4EimOdcMch=77fC}P;;$neGW zENYf!Irfw9b{K7NX=R7NSf*$u3iPMHk;KmvW?ZBq0%6`#o@ue>vu@|*`cs*9)n!^G-U_ ze~n})U|UcYzQe{qiT{UB=h3eyANNe&7>1|(q({>S`I_jPWkqiOK>@a0_56@o7b*CIL4PWbH!Ex$ z>X+7z7?L`b4C1?yn^tD9`s%g^KhNOt3uG7y8U(?0=+L-#$!wzjBLlU)eCrSk1W0nb zTmeuXIE(h5JRRf!J;LE5k-P=2)Y!T{AbzNz9-J=v9xR{3?2yp4v8E+T_&CaFzMh1_ zf|p=5MB?xteQJ)J+G~Z(*Nun^~f?07|$1qz3i@QxNfA(_0Y-Vc-W5+edhundj80S z=IZh8CGx@D;M3BgC&!|`-yU9NWrW7W{Zfny7oT^nryZ2`37EF%9ZD0f%MDff#C&}9 z@wkH~Txv@zJAq(Bpca2HO~o|t`~@0Vr*A%}gF=V4N-R+M@U;;q435YgfiAKB2l`3Y zW6N2?DrQg#+Wdq^tif-6x#NU=fxZpn-eA>Nl|0?%&PL$KmbQv@_iR9;EfNRDa(zDr zh%0o?Gk${;p2J}VxAO6%vXdu3E3m~OL*cU)P~5)JA0srKa>*jqZZ6>uc(h5jd$>Hc zV?KZtusoG5k-w>S{1q-LQYe17*=Nz?c)j-OV!1SQ!#!Yk@9btY(LB(OwZZVw`1ukH+U0_fdjMpkTo% zt^#Y@m3Lg+8>9&@ylA0UpQ-+l3|ccm2F5Ll1^MI01JHaDr%l+&ALK5-_k#!&eJn5) zd%kHPMPU19{Dnq~*D$fcqs*$`LEao8mO+xdT*zomgYx|RRlGYHSx=ZUgB*;Zm z)?;7bQ?u({^ij+cU&6hkjtTDK{2Qb$X}oG*I+#>D(|%X<%jC2Fp*Vf%S8h^i{riCC zkP?atU59pV?XBVmy6@PI>+U;IVz-k$DQBN(LE@hrS*|IZa>>T5OD-ZP!BtyH+_A1e z<05%7Ic`LuOji`J zC+oB(2;F!1l`@2uJ&pQR5uEAv=;HM8!@6hP^K#G_CfH)PWtIUsHnHhK+7Sx|s=w4O z%00B07}!P^SX|D6Q8#17c$KgoG-7cZ;Fqtz8ZlfJX?8+U+0Dtj_DdVNiby&~(WKa& z0CJ#=HqBvgaQCdymzm;5a0qIp>*B5@eq>mHY|wxUlxsgmndkl57wPJMW%B32V`K%pv#-05S-1}=I4!y;GQAg=G8q9C9Fou$VvRB zq1`_r)ejVhD_Ks?E{Bn=^P7eGL>!x_d?45?(R!S<(K?bY}wF|rx`6p4}@mr(yU*$NbQ$*zyon?SgvaO z;@|?AvZj{u&64d#?oK^#{vdS~FB|HrxRZK-!EC1dKF9_2=tB5@iE<`e((@~hGx(e7vkmQI z#Loy>{eA`}Hr&Y-CU6&aeh^*v7?GsMk7tGSCj76`sfh8~{VahhF9?zsGkSoBhrRdR z3_*DtRfAH?L~UPG6{Ei2(xg-M((Cv7SVbpgwb63^IFjVpCMsI08Vrm|&I79lj42$9 zlc@+G+0H%a(1FV}=Sk*DtL_T+;;#nU7vJ!GiYg&7bH_P(^ zFo8YGa(yl2SF$`+ZxY9fu%!}>_sU|YG{6M)5Rw}?pccVtFr+OJia#VmmF@Ow0}8Ij zA`+S=@SlhQU&g6-^ZB%Gmu1=ZgmutyEAOg&4l+L{+pR)+qE#FJ3HVzIcTF{Hkxk_0 z^NWLFY2rL2HRY?!lzin_p~kjMx>w`LERp8Cmi{%=R3`?gjyI*0iLRUHSr|pt~t_OA0aW{CI$t6C;T)5&Da!WbYyS!ft@XknWDeB>`B+mv-npgcRB1U8#SsPvT;K7nRo)2InneXyqnNc+{*~a@uYA$Bn{>(9iVl3Sj+Ct7=rDBW<_H^PsmehJgUUE2n2*DE>%nclM~y9oc64A~@HO zeP;hj8a7oD4of9Ave6bgDcy4py@z=BVh3E1I0Z1MV*KZ6h=Za6G zq!DS1bidl@P`F@Cr;)&7k}2r_b}0I|HjU_I3xMXFhYj=sL{`m?*A_Hw*Vs|V$;;rsiAq2>lZ z0Wq-;tqcoMkn)SY7ql&IC$~L(ZClT5LHtp$Gka10ye zP$gM;F4>n117l`6?OqR_nNn?>ou%9)71Fb1rCe)%tV}w2i_dAzXh@vQOa*W}Gbgz_ z_MNwK@L59535&gV`S3O>ZFi8|+=54=)kIF2f6$6 zxtm=OoU{_D3nJGWZOTGEQVCsCszBl}(S<{;)ImQ^0sNjGs^p-VXK61xXgdntl6$vr zEoEo!H-?h60C2Fgy`BZp1fuGg3vW8DN!jGB-*X!*H5@Up=W8&J!552Q<27sN z_zVcgRDSLY0#|9m4Oj2oDo)=*5c} zG9XZA&r1tSz7I8}^-Ka*-2}n_DHFJDE8NmrWy5BH(IBDXVnh3f2XF%7^LbDe z`UnV6OP?T!mLW;X?c2k~&VDJ*hl`(Cu2QhUurBu=%EM8tdqiJs2?e#Ep4&ecN~lPrXGoVmJ8cu&ahgaJ!pFic&Zy*zJNK-krFI#M<%7NesA^f5NA>VRB8#VG zVp{-eb+DPEgim^vZP(#mH5$h(XU$LVRm`y{JXpx=vz4$Ec5v~iU)Gli>Oh}li?xyb zh0ruLbu^|7OeZ~exuKuOtmOcT0I0UW{Q&^5kAt|*bOB&l{o|?Y9p=r< zXkMKcgBa6{7I58z%=%}Ru08XPteHiGXoY9D)eTno{M&?f9N%3}LCTcdLCQTnY7zOBS=%3GFgd8t43;i`)TUKMV1{pC`(%<>i)YmOOTmObG_EzNWH490?{gDAdwL%)~ zR)a6^wG||l6mG;LDHh-(6d=}~G8EvmpKRG;MwR&qYDre=A(_wIaZQ(<*w7q711=-$`BUSFlr|$zSq8+CFuUm66dJrnEh^L&EqHXp zOCY`r3pAz}Ku!yV9(Xi^dZL19^7@4^r%(f>_IR^uXxepU%c2g>{q;N+ifWMrK($Vz zmGa8L919?AYS_eSL%t$i!+PKeAZ6}^0bc3E8|ZarO`5ocpqM?lv_w-^E%X$sp3y<| zB^>6Mqk<56P*Fj)WmZmT`<{4WKXqyt!6mTQTOnkgq8H={9%vn{Ls*Wn{DOek(9CI_ z9<3oNV1cxpN)rrW3APu_+3$s8mr;120prFDXnKR)$N(l*XN3D<(*Ofa>ZE`hg+(={ zx2~W{(gr|LIilMV(*EhCIH1vL9oii(1`|AF*oQiZ2u$U5$e4p>Pq%jjn2ZlVrcC9L zpfK1Bsq)LZSrHF3Mj0KSEev|eti;r-hUb};8+k%89GimUeEZrVAIBbC4ZQnwYL@9x2%#ZmP6kP?}m628w_ys{;tK*)#e ze%Z}cM5e;dXCujku4~c#+a(?dRw>?Mw_9Wa6>s6g1SrGehVsk%zOB;IntpHGvN8fD!pk!Z^uA7 z&dKh=0D>CooRBXjm?eaEw%@PVjP~fpnbne>fPMYL^BebJrTpD+Q? zMOow!)cp*WEX18ctLR6;sx`JvziLu4sf7P=P|)toB$wRe!D_8#jJVY}(hHG8TioN4 zJ5%g41}LZg9)cg{B38DbRldIby=rSIJY`|)Ca}4L09RjT{$RPK{s?hlXci2!s|jHj zyMx4^A&s(M38);d^dN8wBMCm8E3rAXfZY_beP$AQl%ZcNK-{i7VO;lT{7)z#7VxmPah3e3v0MyA0b?Aoo##%39MNl0F%$8pX6PACV|bF;IAK*E#;=_Cx$bq9p6F_BXNXp}`=W#38d(l6mq zWEbOhEuMDBtrlrrytw1wc^bkQPE~#<*3KYMz%K7fQST7^aq276?yN z9NxNC38915-iqea0V_zg0OtpB|1%L5W^mr$s?h4XtFo_w$j{(DSTFe!d-~7f8uJ=2VsZMHjV=H@C&HcA+Hx#cpWeh z#NKdiqTZ*o!aogE;9~k!GVndo;9}mO(X7R>Nf$?4htnx@3r5x{)A#M6l8&>qx+6yP zeW@ihXg~ptROqk+7wcQJz%^Yfk;wlT z1;N)Zf?N@#P_R8}j6s_%(C8beD(FV0S{RmQnJE1Nqq$*vtbd+flT4Zm7xw%p!Mo@VjhFWG{-PB{lgZ{}DQ$LxXAKfN@6}K&ZUWe~c=HL7C z)9t_;t3xxq+vEvtIO^MW>Sp;Blx+KP3pOyG?^4Rk=OWb|!iDi7luH1rRVlNyIqIPd zoHr?7@?wO!>pdRM|AiPps5}YL_eVK_x)4^2b_sOXFC_V#q#g&>t>lCN{H=tX-w0<9YV^a? zG3#7&YJ92yzyD?8Ol14y&RwlH$>+1{pl{9SR>k%pO|4Yw03qhbu^#0;aLS;iTGLr@=X=z*9Vylec;lS3*c-fZ=D*`O;b4<`^ds$rD` zOjT{#k@$;Z(nw#zkTCQjFjKEQ`VICmU^Dp$(2d7+&mx_$5OB2Mpwf%QLYEoVBwgmy zq8N(x$f5uTJoU%ohS<`hgrA6o%RBr70xOuESAg1m63)d7eBlf)ql4lK9f~izCP?ch zk7b7|!nx%UZQyYNVQ@_xb}O}zEtpiPqy)xWSJkgmMLF9X_@v2bq57^~f88hQ3ezNS^*Mw_Z-JXn9gA-G ziVg_vp+q=kx&`x3LIcoKO++tg3la6uq%fai*BT)S+<>rx+$S`V$4&1b^@;9~VAwM? z#ZmfLb2oeE7!qcTk?6YFT%7G2te1ST!k0X_$cI3mI9z^Hr73)MbC=p$2frK+tgAZUPM&;gPAKlk}VrGMH@6D@Zg>LsD54t7Uc{TsqjW<`C}1C<9$2 z#Nd#>*8Q)3=#Rn9FP#Nzdh;}SH>Sm?CFtQVeLm=@u*fT*v7cIV&Y0Nu1YF6jji76{ zFp@N<0RkNgF-f)r6iJ*`n_3`rp}T_ds&~Vh;EJ&u>W}Fkx=~zAD>bgDRz+8Tr4zqj zP4i@K=u0D0?RzV)q)vo^BLql&AGgLT6rQpisrUFe`oG`lL2#LPE{4#$cHUufr#I*t z;rfo)sH^pvqHwATmP#@w6e`|p2*NDSELac3?|WLn9BJcK6G!I!VGsD-IXMQyO~EaN zD7(q6oUz$z!|8CD<>Eo)-x|Wvc><3xX(OMZZ%~+lSeY=~q_%JhLCEhnoO%)1o!`w6Tp<``blp5k6l+oqfsPvty$68@9E=+%XIX4!H!8JAuCCR{(v{~O!p*iZA zgFX@WM<6vPzLuj+pVMHzpfw8SDAfxiEVzP^Wy#VhA0yJSOOp*EaiUjI<6!$c`CN zSwG&a!>(LK8i+j50)pMso3C~+6b@4s?0`KRR#A4TS60j% zQZZBuc->_hMTQF-wnW_W38N;8CnyETuy;l+7g@-Zp9th)ELv41*rAcBe$k1%JH|Im zw{4cykAmo;DWa%-g7yOT#DoSOev&~8Mfz~*+)R$?idb@a29bKhXZGIJe#*~J&WqgMzr^&?*+6BkCj?r4M~EGl$@$Cuz?uZ z8hps4VokzOp^GcKXl@C=q8%AA1;k_eV3?9%&xM3fb){u=HhP!m-!o1EG6_M*sN?PW zj*4f$6xPNd zRP{J1Z+uO!*hSN4-PZOd#liCU+!eSm%#xPS7^}|Zw$|)i_=Q}8-A4C>Hp6|pF<}rM z{A$5|s)?mz7a^(=wR$nL0G&xArV2~jd~$0|!2+nh4y%mY7UanU5JU1d@;^JLXrMNO zZOTm|SemP0s|wVE3jNm4?Jwu8ZLP2yuA3dEEQpb2V)|orSG;p;PbB_&WKL*b)^ku> zvt02D6~~znk*1_S0ezLtk$lm)W|5~vR1^fV{FXX=UaDw*I@G`6YQVgPJah@b|I_$( z8M~0-eLd_^H?RdrBCKX*;>aAWzvnMgr6hpz2%MS!QMA_Ox3o1Jv!FjED7 zN)=uO#BzgRjTe_B_2q1m>g=u3@?d6;3GBL^qnNOCjpxcf1K_{(p+e?ppD;Q$TRO^y z?9(X0ENba5T)Nvz6E+;$a&v@e1J9%U@s$u!60995I0tTLpY5g=XrX884^Tw3^@*!I zvuTBXsq& zB72LL=lViv-Ycgc6YwQW3Odb~lPWRkw1w$+~AjuO7^zu6ptlHDb{hFkPP_81Zr ziV<{S_ltIuSGDq}SgvXt$Wde^G}ka0yG!H%xeMRKp2VrZYu(zCCunLBnX(P!K{3aX zF2yfe@6b-B#Ry|fXVAI~atn&;IiH@NM;}PM5>qxH69;**4P$16r320w&-pLqQy$DW=ceI0G zLNjI3W_m7hiAscG*)mP0Bs{hJ<1$rVqb`iP*vweTa^QPzY{e(TUzEa8&@Mj%; zg!(>!&?UyZwH@xa4o7atQ;ve;Ru+zL(2ue!C+6#%!m--gqog|U(DG>=SWAP!XH~5iBT+GPx=j z8q_0(@N`gbcz1Vq2^)2B0X~*pMWmDTWVuxQ!4QRpN+M0H61)WXr)uQX|Df^})?kt} zW^vTQ0brnWMGjcto= zt*bJ}{C#Z#A6yYPrNAl<2Fa6ELw~CS>Ioa9dyXAw^h_htMoY(M+u%p$rwOA~N z#7Ea3$BMUdR=~Jnt*<>5M)*1%!Qfegxi;aT@NlGFXrPkP>Curta@nF_AggOYaA>V`Rs7I2IKBsGi7ml(@FE2KKD8XeQw)zvXsJL9Hk6q zC#!VkU<}#88W`0P&Q{)J($!&~j#WcMHtd3*>xX{SSj@eJ7D-|Wf49sB3 z@SA~0(Znn)n)DQV5-nd7kUS>7JB2w*Z?%g~+EG$6lE9+-z1DJkLO1m9-@lIEr0|i) zI4R8p*N_Qp80U-zU^>W6XevTR9c8bGDva@M*L3T=#e@0|p)TMOCEUY-*G!*tyI)xt z#1s^ev%*N;lQ_)Aaxa}{9T+36BAd;A@(q+&g+^34vElQOUHrcAiBn38Qe#Wq7Uy)W zG4+9-ZFOWVwBzRCfks(60V}T%q={^%|H=?L4;;i2ew2C2Gd?UczG2DH z0;c2V8!2O2u*F*ZbY~ZKIbCA^quz0g1dP`U?GAudnG)>s=c1zn?;TD?=NPevAWDhN zS~)SF8%xAFXx_UM#^>;W=8~#Zdt^T!g=}Bgdc@*7Vv|ossJU7-|uCX?-h(?aVv*5@V zu2vm$#cjVLkwrh{VFIqpQGDGfFj8{16JnHPmXbPjZ+@a~9=IlQ}+P)W@o zH_HT;rNRuOszv}}hDlPy{Wl>e3SxUn>~4|dXjf`u!=$hHa^LnVMPrz19IL!O^54R5 zo9i0+3aOvOvL@;T_fY9m9!6<%gCWSBX*T=~n$gbCVo$0Oa z^z*_!ZZDrs=a${heqJ=Ed2+N^7#*q^Gy&UbH%?-%H^mp)`0v)i?X!N-8?44PU$o z`TDg$-{})H$Oxh>%V;hx_n_*YCai?OJclx`G|jK!*_^hDzQGYKUwRx+60E+Bs5 zh-%ncU|=e4?Q;~ePkK}*RTl+jSzETdNy)5cJ@uJh_dL*JbKu8;b7Zm+wZ-|Oywg!O zsfYf?^I_*-l|%;1dfoWi_Wb>c==-pHXC5rn z^?~1gQt3a_bAMUhQ|?BQvb{Sy)!f#9E1h@Wze91jKZVbqhORrmpYiP7&&OqNkjz~R zE~Gd&E-8pUvPTI%wvCcSt~4BUI@o`!{ZhV)H)o@KlJ0s@A+c2TM*y5gMqIO} z>zeX%%kkovAk>VpF=_bSrlEf2Z>c6+?5~>klhu6LE?J3N0yHZl)wP- zoQJPFPa~x^w+)PR)Ug!ZXe^|pK6!XO)o1R)4*f*{j$TMHSP`+FzjaH9Ym z&pPnb5M$qqLR$7qy~dce|8gr|w(GXdoZGD1^lEZL%Q1{klCo?5`|fN_1oe_MJ!PzZ zymA_kfxj-4P6Tv#xF?WiDx*lF(D?=e9SKB$oCJR{o#I_ zk=Z^v(%Cj)-%=}3P#9`{(njNBj)5oih6ieP} z`C{+f$lQ3OeVr#%a(TYcdb(a93_XOOca*F-R{qaAGs_MZ8{Ki*%H%vZ{XPa3kUV?K zC5_+2dcs*KT(_YIo2-pW0+7X!2L9#ol0rSBEppaeC)0l@MgVp~$PRQUNdUxQIDyw# z!3aR;PyogMCSErp{_`Hjf7Aa@LG^#p|8JH2zf~jw|5^558~@L%|5@4pt^(=b|D&P* z)cg;XA;0CykEx;)zUZAyzhCH1ur~81+z&Eh*>5U%%}43Z7P?B+1U-tpwMPpYybrz6 zY81NR_ES#X$%N|Mv^%|4|0~KU856hISy2FM+)uYRBRw zTKesm!i8nNbyyC$X`Drk+8(LB>NUaCoHRF$rF^ zpBYWS+Hx5;Pp@7}``VA)#KzA>1v^PBa0o*s6Pk5B1Kqy%)28dk(al~eZuR{NWU*lm zW(ogFj}JdPd^{?R@27L@lM=-$BMzydgf?1>cE0A0-5;3ioSud@%WP;{^VS!iO>GYK zPr*}J!_53FGAuYIPyWQ)8vCdyX@1f$ltdU6-Kl^3Iq$8W*NjIb*St0Qu_B^XhYL02 z&T10E;{D*}FKj7nF)LYQ?w~n;Dyjdzv{4?U7z~E}x%udk{2Zureumn)Ob~B<{w=wk z@8v#m0~vldM6}@NY)7IQ=}C3w$&GNvgP@CBJLBnt(j<)nVJvHBN-X=HPIJffs%VF^ z^O**LdI6f~^Di*do?vXH-}9IHx7?K}(VP~jm!=`fn2c{y2Z-&@3oqHIvd=ow|9VYz z-XuegA6!o2+CzM3Yd*BUaWx)ow~`GF?_GBcj+!}p8ovtv`zKsBG?jGGVoOLo>(gF1 z=lfkx`vpSy3xq;#dyg(@eSHY#y$j4O zITOqsz?(erA_^6Udb*PrUp45+x~rbOcZQ3$KG>q9y!V=9U{7SQ2GOwSCs?nQ%X-B$ z`gzlSH{?Yve}1fG-Q7hPnn4OZ@Z>2iHWQdqoGAE{)Ja2@jTrVK_GN;KiXMul;;ohR?oB(X)G%Na|ojPsh*FnW0NRztv~= zUVU@Jj3-f(z8N`Ew6MMXtNYr^8VR%fC;~uy|DzyW;WssLY}>AVc7)QqVGQ~HTe{dJ z{pHnlzCq$lC88Ud2=rN$k&SMEX~K3I&f&#qZDA7(6aca;3;+cMfc!o3A8X|P7XbnR z0I;xt|3yGn(m|Hg{l|j3{~`YS!~b1`LhAUR>aVi~BnSY=hH%~J8~Ymp78-zj;L~)Q T0;o6rkK1xmN|F`gMgji?HWwbL literal 22583 zcmeFY0O?(P;W=*>Cj_qqSU zy|2D`mF%6YHES~SJY)NZnu;t2DlsY?92|zc+~+TFaEQ!saPXtZ2(T+4rV)BLI6@*D zDJeC1DJe=dS0_swdkZ)?U6e{a4_(dW`L%te9&{=6RoE+QiVj%{Yixp%DL=F{w~#Oh z8QC-(K=a0S`^0d~RdEFceI_z+ z)YRLhF?%uyXXM!k%_(pQwB6{)aP*G@G9*jO%R#S@2mbJycsor`gZWqa$8`zLw{QMF zAi^!uak`|#eejKX;R;Aiemm~a)w4*ZTA_X}gb^ukgKo*(pZ(W9|>8Z}G-&+B6DCUoWIg z-)FuIYJ8E5I(@m28q!|AESA0ZF=ze;TtZBF8=m1b&k{PAk-vS?bh=Vy$H={M=4G(q z^+~hdVZ8B4_Uj4w)^Qmhmtf02cn~K;J<3IM-vM(<22T~ce-yXpy8~kw_V0d*mQU{Y zVDacgX(5emvZiOsZyUMYaw!fJjw29+LHgxRY5#A+n4@q+YM&@C5aYihBEyk3J?NFF#&Tg!c-C35DHA?7rG?&EeU719hjH(5b&uOHpr9?|mxlB!iH1Kk=n{p0)k5u_y+nb_Vfa$*l4dS?n zTAv?O@m}ls>L?FNn%)B&>CoF{mvC?hQt=|L>AsSF$WkhL6Y&RykhCLuU~mnWeTNqel<_^>mik69E%IRdZoZ)4ymZgA5aFJ1@#+)_!QVRRb- zUcGI5IRXY*xTz3CzkZZ?%dmmi`w`*tJFXhyQa4;G0!s~|AR<-`+F>6RB|@zr&Ix=P z<-47bz74`sIEGIcrSHZzaIN31<`S$R-1TsJBV>ojb7F{pdwYRV@d-OL8tGqf751^g3?6Pgn|PojuEm#spV)@Cw6Zg$L+5S9VH&8lq~=jrBi z-Z#WRVme|TV%2oHbk=m-beVMWbewdebUu98j1N zi!E=Xb{=uOoF5#0IRjW5fQ>F}l?IchnJ9j+bS zG2fg#KVAl52AzT6GF79Zy_vnlg3ltxBI2UkBDg-brrO!rjnMgx>yAry~rS*Y**-hCSM=AP+E7FrDn#Qyq$6Azhy@%;gTF7^&i19lXF zD4QT{Gd(T)4s{~k4E6OFLXHY5Qd)n_W>xP`p@2Wy=COl9@mBc_`Na8D`9=9n(mH?s z^soH6jRZxG{dD_o@U!H5&ig>BPl*#L-{VV@y;*-G&BUQ6RQw`M{#K+}Bw5H@M6S>` zWjlp;$b2ZvO-Q7iCYNTLR#N9)7hZ=_w{N~aSUa>hXfXsD2}mZ0ze|*$4m1F2eA1#a z%+ua%p_ZRi;8Ltrbdi@=7y^`iIjrSYUsMt@YLW6$m)56K+YKFVX0HETc?6slpT*$w z;QPJg0}}GU@c`UxAF1-`@}BUa@}60n@<#Jc^R@BmfMy!D8rW@~i`dG^idRd;%4w?J zmui&r6tNU4&WTlulriM)mwPEVeF3QDQ~)Yp=RPh_cIS?N{i`;`Ia4!qQ6K*eXSQ_K zx?guhaP~eNW%$nuE!cc8(fr6%-{fIfX^?f{By;gw%WtS7gan@u%`TD#UzN>=?U{{) zm7rp#@=N7IGnN zctJ!{xZO+BeP!Ew`N!hWK-uJBMtwYlYJZ;{m;I7GpbEXpxC*0+#gX1o+A-nm>a6VS zPOMp!k(?}BP*n#k4BpKu7KuI0y!~=Bd`S$!zf-yDY>Twhxv#PlM;ABG8R;Yh2&~Jj zdt70<^7$-+r_P(#zjf6Hmc0(Zg#;DAy9KufO9%6OYW*brslKPRr@zOI>Vb-m3W8^* z@YaG0W-;am3JWnc^(F?Jj+<;ayf~dWS@DH~HG?mVou!4PvXfJjLX!zx`dkC1_@#3* zt-6eJB8@aLZx?qk|0@1Dj|@!6O;Jm`5S!$?bj8*9Vm|e?PSe%#O6jNGaN6p@>Py?> zE%MpW3WR=^^TwSxaW7>qg*`JnOFYXYTRrCo7=6S)t|(3`@y4Tid9BKR?Ih}?EMV_( ze0O4B%`N+Eel73{?g4JMTdm5~(dW$4_~TlKf7sKnryGRVZ+`DSU?r2SFrzb*3Kx1F z{4qJ%9PBfby^ftB;QCO6r~F|VzlrRFV7k}!F;|Y6m!hVEO7fQCwj#rb{jl(`^e|RR zwN9v}Xc_Nsd!cbR(Yt#Et&g*VC?W6nRj;x~C7|1QyEFGTkZFfm(^)#ch4j$$J5Uv< z32dEdQ@Z_oq7mP@%f%lTKl-guz;oGF?cMEzenay@fjT@0NZX`4AVsaol$**qB}FEx<9>w$wm_s; zfE0+q-prxI@r9r%8MV_HDD`$GD)|IBIgrYXF%5PYQa5@bXUDykoB8AOEJGl9Ff?i!boAR6=}kQ79gfv2uh zoceSt-~Sbv`qP=37TD`58ViP1YDJEHjzB#VWqAW3?cGA# zt|gKiEoEUgb_XUh45RmAA_1x)*nMvbNVjnle5cv#{r14DmTWo|ll)PQqMlnKc&8xJ zC{nhplT0!rL&MdTl~plOQ86(uUtb?zzcbf6mm3e-<%cxr@!L`)g}0aQcp^3==NNOO z)K!6sQuS&&5sEv?D9%=ijjAk9 zlh&j1^Qcd&x4OI8!8^wi%1szaZi|m)pAcE_m)pK5q9N&jk}ZlIN@7f8PG(9e*DTfk zO|DZuC2Zo!eWAH{cu72`-^a7&5pSh&!W}siZ#_|KWPdt6nfdN347%Cs{-2q=L`S4Vl2%G*SPSTIT)jbJh+`Sv7Z59j+_$RXS?= z&tZjM!~V=szvGT{KsM%})`G>d*<7Q%gz7c}4$Z)l;HeoTkoG?T%Ti6;Vb{lj%-n3i^2G=5k2rHmM&91 zN|jsLQa)Rur9s3j)`(g4D59b2I)o@MEk=)C4m`0`l3Y*&cnGp)4@algTs;gh6G*Bad+LZ z-EIGDC15M}3K5)F5ux0tDqB;)92<~r9y=?3N)h;q{%ZIV1{vAWVK83LHuNbMln(In z@wJh$pS*2Q$5RxeFfE|UPybUHGBhv1^OFywaP=u0!6>RWPTuf-2qFc}$CO8&ACt7?=nVrXB#b_$}NAvUVui|}E ze|;lPKRhxs{7_6@j*1vOX~ZU30FVU}mJsYumDW+62*D<)q?F6ZeLIEFjCL~Q3u~g zzjH?xN0Ub}F@m`mK}=ABB#|pKA=2l>dHbE1qLgsUcyfalWuI(F|ERD`pw9W7{M6$7B;o?qt9gjD2}nas+HphW3dWXE7=dc>crUlDR=*dcm9hGH(vlJXhYqM4L9j) z{yYKSosAq+Pah;S0`Ja7{LvUUu$scZ8(UB0_M1Lu&?vdC`Abb`Z*GVhn(N#nYJJ~Q z4OTlrRYb%F2P1nT74sVp!XfN->Gu=1*4z)2t?$J`O!`wzx8gPC1(PxDzAOL99vI&W zbrx@a->kzc$xFpcV9jssV68d{>|5T>K=~|5YZ9swa>g6~QHfGzQe@(en~`gV+m)N# zGT&lJ_M5!kDB+$VzD%;Kw))(NJ-z+*i8?7SDJb)A=6Un2+lZ^gru=@=W1KJKH~ z8e1OIr3Sa(&tAs@G4irQn=GP+G%7u;y4hQ;b1T8PWRV0X-MD}nkn| zo0Ggso{Uewj;Mhz3gXikcvU?ZFvVXVhTZBsesU^jA3l8K;dmi>(gF=OY2GGTwK&k3 zYTXPx_%0WN!BD9;Llu95aA^S-`1!#*lva#yf6J&mL~=6NzlrD>*dV!(-5GU^s-V}B zv$V!wi@ud4$oHEZA!I@)(g^nnrTaQo`&jcV$U2Vdg)E>#Bl%vD=i`V}hMY+F{GS}^ z4U`|DM8aOJ?>?KE3UnX^kc1FRF%*bzv+YC)e?p~Y^M)FO6D@WyEF41;!;jjz`&6{5JJt%s^E+#I9J|KgR=a0%*Rb_}+8w0TBq3)E zrkCCjV%f@)T0LclTFIjhwP{qHzQq4dN=_3`WJ*kG_j1pXRM~t1w|M$QL+##Spx%+% zinSY>e=!V*Y7EsEHm=f9cgrkhKKir3v^wp<#|mokSf~%f@Q>C>x6dfi{{_p1vfA^f ze5+TR%vz2=3V=a#$BrG&06U3YeDG;r8_}H>k_7rJ`Z=iyamUM_S0=)0|6=IV?#Od> z5=n@puL&*+T!+jP9WyP?)iARACR{yU}0iG^p@x4 zmz)X{8E=q!4T?PVBseHN*M$(Ryc>9dL+e!^iYwES?;0PqLC`?EL|_y{-p~2fo)en- zs7pPEV-OP%nb2RfMLzX?(tN5tkFTU7l%PikcL90eVBvuI`_ms`-?tBrNF?F&gTRpB zvLEJ(`sVCbTqb&^l_qW$3^jMIh0ecSfZInqD*LrN7P6)R(XXj+9~Og4k==ge#)GUB z>?Qp_Z&A5&2U0&P>=m4}ipqbInM5U;>}MAHoip>6cZD~yLB?IzqvMA7W*+@CnpoLd znPxOwUsrFfuCbP=sbB#yLVuv*UJ0)0XhVt_uYIV0kzZy1V*?72!7M z25gG+#v0n>=_10U!1Mt>_E~|mpS!W(5#AtUQ+^Ek$Pv7L=s`I^^)U$U-)r~UA0LV+ z{<-zf=T=m?u2xqO!vFg^>=xGlZv9Ui|FeyMz2|@K@IP?){~Qk&%n$(nm;G($osYvT z)uOLY5Q(QvEP(fB*g)g8(7(Ve*xHSiBj)FME&Tm87eT&7{NZJPgriHeJS^J>X-nrH zsBb0;rdU-{*4)8H00cgJa93f8-&4MJD79d!zx{;!584MOAxu>#1$hSQf0b(q_o)Jl zKb{xN15#LzYmW_^k&ksJ>tdiXZn zBVifX$rxsA^~#y*lzkS!U!>+xn7Y0kZVu5+_5t^R$}h%b1$NhAPsxOyR3Q8M>f7^KzI|oX~YO%p%~{m&|KNirop_%LtDaj4CCP$> zoRC507-IMt0x@4Gdwi1dc|2`$Be*tCDw_aBfP@h}ML_CS5XO z7spJ-gI$p<7?E`#=r>mfK1-?epEblku^u6#DGY*_c$TV{q5YO|?~{ zX6yB+nj7~xE5yE@P2XR55Ab}XGjtE`J%HHlc|Xj1>6`gFv?`1biwj!G4lyQboV$O{ z!kk?~M0wiySc`h2Ny%Vdg=)2b1O$#DKMpbE&~8MLfl5_amK}T~eiM1R1>5Uh!gd`? z@g_#9kI3HxsO^^k4sStg*>i_xuB!%-8kyIn&kQC)@80j*EX?bxFeHZF2+6jRNk7a+ zw=M?XCQyqC;aYI#ic(CB+8KXpVNH?>n96Ja)TgM~sw@;`GSGOq(QdhDTP{tU_LNFA zFg{)VO#9wUhxB~f64h&&HM%q5k6pvC5s&KYsbGf3)jd}9k(v}h-GW5U{1rX<69X1I;2CoZ+!&j{3*%NM5|xRG0}|*&Hdr;L)>*p&$lasF!19W9Sx_PDo$YXL3b=C~&chS)lq_QAL^_B)xLc1(lTj!E6>8!SdN%V9 z9xnvWw5y_y7SltJFawN;7$r4n8jEcHm5VVl#je2nhENwF!1)!-6!#vgyg)6-r)*Bi#RdzZVhHU)3SceqwVZj?z;B_{nj+%E9dH}X!mPk6J+-SbtqqRPo+EO!Sj1cr^^ow*kKeKc}NLbVua7nJj^ zu0?S?bGXJ1|H|&{ZN2lVUr#1t0*I+fspHG8w$?}zeNl8_8p+@l;UY2#cx8IOtFm*2 zdqCNyWPlj!VMh|dm`5kxII&gKCvnv=P7j<02@Fe5c1YOb&AgHyP^7in>-ci_(L&Oi zlo6lLx-*-%zR<2!kGlq%kQiwyvMi_}i(%E1P$>h}eyN{u2*Dj`O%pTS2gLCOFv*fAk#ArmRS7dFVt(DC+v`M8vAf zE=Fls@4bA4d{$KSv24h7sYz6pnQNo6%-)Gem#WI=<=|sh@2)Dmi=$_SZe>qEU@&R; zq;|@X;hvkL01*v+cx=7an8p0QG0q^XG~1z2xeBVD#5DsNtNH8?a|?~VbYJbPf~VGl zQRao@`snajca53FGG561s5eNVUFA`VJIXcCj_+I6Umo^q3Ha%i%1$AEzUbG{WMBJw z1 z8l;;OI?J6$JN^F3O*;u7o`JOJd-^0EXXi$hT3!OMNf8?JYEf?e3^@}+D9!<=NJO*k zugZuy>~gkE5@wWYW7Zf%J(-EuHvJ)jUp)kmf zGQAvLI*|C2EU~(NHk_Dl{>SjWvB?%~O5ebO70`G@1z*5mnhd{)9yGErJ6)|0XMja) z^Y^MbUZViIn8H+^_Wa~pA5~jv*-n14YEeox6FQ%H+#?v!3?p99T8$n`Bs*5hwxrCO zBZD!!3d{Kv`?kbmA<=QY)vmwGah_+z_Apmd9Lr4Abcw@EWqq^)3&EaOh$zx;vhoW3 z!8{HcB>_Q)+_Vug*J`errIa|n9wM_rP6P6`#?JR7AxZ^_AxaFSBegYFFoZPLXLygh z3t`)~f4yUOyD{Rig6x3uwED~`{jPMe9OIUX)b+!-N-|wbiVjw`}SjDO}5_o1N?J%6yH%NRJt!-s06m*?7u5CBoLQ{!-xjC1Y<;Zk0A%IxMk1U-G4cepS^hspLC;aKn-yL18^6|D|2a zAsWgA_TL9XexrbV8LX<-VP5&uMEei6(8_`GsM=k0))LS1P|z$&X{I9VI7LGr#D_K> zH|_=Z`^uxxN@PeZzLrEVa?Jl)vfDM5;u|4an39d#Rh(R4t6sa?^NNB7YA3&lb}iJi zRi^^khB+ee+vh&C&h^d98US~Xe?GTo27?rI!M@D^5?H;6*c3l<7=_;$oXlR)Wy6m2 zyxcZxe3)8w;zW^mWx!U};dsV3Q}4`#u{Q-TFkgR2@9lazMWd}>+b_&uu(gX3fXPrs44CF4It+?P3T2s$c(#-S>9?VBP5ik-LaT(ah`Phg0K>ydm#~ zJ^l^{5Klvr-Q@xw&?0n*4Yk0*Q%`8P8r^TDgTJKt`ipuqYBorx3d3x)%_ud{ujcB9 z?V{Urz|7QIXG3{|!-_PD3vtnf{WI&vlHvJ-rx04ftsU|4NqYw5czE0pZPpk9qclh* z|6(1#RDv5v$(#yqSWi*%nG!lRON$*rFN|t!R(LN%!6D_zn9U%Q=j#br3(C8qk2QVA z06OkkIp6QLYXMXzi`W}skNt52^%WFGOeQ&}tJ zHnFWvLEIh--yK;!Uud@;(%O41fZc{R-hZxHFnG~}hM2h>8`2MmmjevFIl&^weJNd* z)wQ8ntf2?o;|vmuCeof;J~y1&MmtsH&v}T9q8xf{&0>8G@oYrGi$a>d=R>QJ|9W4S5>!PDFi>br$F__4~-2t_E|?jR(tB6K>e|b{--h5 z;?ec{W&?a*OY$F`u=M4z!c}Fq_sxQ1{ZIh4SEK?gK744x)Fi|Ue|C#sIGvftHgV|P zYjW3q`qC^iI-_G5q)qC!Y_zQ>7mM#vvy=+dKQ$N10X`faGWh8lyU#LFp6A8v5{ln% zgj{vXE^;yLJw5qV%#6Rkl=P0237PEaor9gHGK_*fa58MO;d^h3SF2ynuHD-f>qfJ} zX6*(uI8}B$YD3|TDpm1eqlclRdH%ttb^lN$?~|u0OX56if0#Nn3a8;u+)ke`IsfLo zyKKvPApXXh`5Trqjft5ro6(S4e0uN*OCHXRgXB4H6d2OFauL21m#Gc#wc&9GNwr@l z47C&mjzAZ!a@c$~3pk5&Kr>Se*;Z`=uYB_vP^-m~<=4lp9hW@?ie2R9i?@AOX%|-`98M&9ZBx~_w(yOdwKJGDpX9^Jd-GHL zer@hjoqP)-UuuYZ5!Y180PnqX`;PY{pV-Ut>AW2>p09Fcj^4JE%SpUbG~4@Qu4^uA z@+O?5wJWfkMxjezew>Zr&YS|4A+1!ZHjYfF2_CDU9<-*aiF5_!TozqSJ*&&1xv+OU zRdik8W#8D(FhQvG_g*dWfr)tjt-@g_HF&8&P+!Vzv7NA+L!JQscwJgg!)nC^Ln{%9 z6DV(a>6TUbVOHaD*^I4&G3JuY!n#?z`|X10&v;ccZF&mq0maUn?<$HCfnhQh=E&vDs52jKEKI_Mlu{xo>!ZZ~Hv3EpFQEzI%apUb1RF&LmyXdhtw$lFxn^*WD9Mo-)M6Nga_K9%q z$vTeK@9=qH0mNz#D*9F zb5zOSbr}B2piMNxO`gIJ@G~rzG1OBr;T^=m5}?FG5I41}IzjhaGkTZ>d7uVH@%-_s z5UHPR;56Ym6A7d;Q=kGfq8me`mcYqjQGw5I7V=3;^R#?>pS)O{_KF@gx@nb;>-Y1z zX-%M}H90TWB|;igx$k_b^$sAP6t8@lTV8i1yWgfgi;xOP9_n;8maoDd-MAStOE?X_Kjk7X-3{#maWq$)^U{ z&$c(bCVI`$jqEG=Y+_fA9Egf6b^W(|nK$phK6eFEqpUv>RL$!+NB*_dvYeVwem(FW z>!9H+xnY&-TAtWg!pbg z*{`^F`PQ*@E^n^L-q_`j38>K`vb0kg3Rc718?i=5ur)l3h-DIItaH59et2C^4WzGLddJj zE>|c62f9e+191qTfm4D>h^2ApNo}gS-c;a$4}dS+wL`C!5!h_!kmf?8cUY`S#ZjJY z&tY?S$YN@+Bb72hCQ+8vGL0x%Im%UN#5S{*xT^KRk)9A{JH@O3K&H4nnv~_6Q*XViOx1DY*_`?jP-7Z7b|LG$ zZOXEE)%9`Xvd$?pLX&&FLD}owV?_>~0)E>;QpI^}`^oE2$DV|#0ievH$H?#4{Ocuj zmm|=p|6{l)Yy6wn?+o)eW}T*PBG*c=FjL)L6_*cKf ztyhskKqR@#n!y7fuL1cu@M?%5i{f+kP3mTgxpDrm=Co%=J~Sw}|Ee(k?+UVM5h&}OCW2ZRq)*Pf@173~vxsFv66{bdl-o|+TLbk(X# z3z?88f#madTsw(Sezts}m^DV)evj}TrUw+#a$;msNA5#scmeCelApRc&GwfVcu?^$ zyhqKGF1zca@r5oQ7hU!F3tv7Z$WSISOh(hAYv)BIjR6pAc z@5bv0ucOay7fREuC?M4b0=AHkAQ*lzxle}lzWdgEZ>=7z{M#9)7XuhKG`<4@XNxJ4 zdsaeg+QBLB;>CDs29VykZ3-;(duh=9W7Le`pLe9;4=xQNUyRF)^%u+vj{#zO#6wh# zPFD!PWv5&@#j#gep$>Pzf#p!&uZ=w==uLItb0pv?-#PgMrtsM>j*?P~uZQJkR1gAm zWJsm`qC&Ss%c_EFpDTGA&+wef-py7d2l?+?)i(wz58&aklgTIdef#yx z`S!Vb>tWlKOIH(hq2f+<`2E0Nyo?eyZH4V=gd?F7580gi2U1AMeQdrNoykBkd{yR` zh2J5-?23on`1P*~Y38@nvXnef5N2X%u4nN ztK~rbWj`lyZ6{Y1|I7F)gbZ61zq1_U%DN7mxG*)z;b25)32|s>+xjpnhU|T>E2tIO zmgqD>oRr%D`NOhtVFy{1$W0hd(VaSO42lr^it}1;( zoBiGF2OrC<>YoAJ*)IQt7Xesee`7qFoLS*v8oy;#*6Y;E9akG&vB?eUaTbIkQmVc85fB(4(8bTCW9!}(iL=Fo&(JnAbbb| zUBcYKmRLN+S+Nm*cxu#wO1?xD~HRKY3T4RCbFV9kXax%|`pK3|%LuHyJ_< zdEvDQv7?Yw`GYai(d4?)6U6m5(whVcR-eR(d!nlbn*oH!tLONwQVD5=(r!8_pY|w5 zTb?dzRny-*>28V#s!{HnWh?Hv7 zbFzrzxlHK1Z?%XHgV%ZRSQCLwRS5v+0BSs5T4#hpI9CH+Jk-x)^i$PP?Xf0wpksBqu`}Y4`DkJ5KUG=#6@8ac<_I{ABe}rQ_040wT z-m*KO{jhkBH%&{QHqhC zM?*UYSW%N>5`ZMc^E@2wxOtw5j-0X~zNi8#Wo4cA(Gk>z=H>QbU}Pa;o=oi%L!63X z4~UAqGz^h^jim3!cR0y7yIT>M_8C5We9}QegWly!{9diES-^xvq(`etVXP*|wQl_N zYej+GVKbhSZ$^C+GMMt59oj1VjCa!4p&XSf^!py&NzhVk?TXJ{|Wc!k}ULnZ8R{C0LZlX{e7)Mg>#oP%& zySFKZV%42L6+K4b%4_iq7DmHDhMW#q4^83~3PvmWTP#+_k3?SxJyeG!6fZB6K{YmQ zEKi!Smf7z~n-K0 z9i2%>pH^r(KUCMGdL_F_%L}ARysI%vR5tEb^;W$-+QFBn-_t2{ zo`jhUuu+L(P%jxXr!9tRSAqR;K}=N~Ya96O{Jp$Mp|Yw7s%Cay@i(IPdlGS{eP@hr zZ?mB-;UA$Qxe~CRyxpI+`&7`=Rl_{H_|BaOtC+j-!Yi!O-?{GB^&0s4e5V?~4NeJM z5CmBG^nYLXJ+7RNvmLq2sgnFH)U_k(l+Nxj4dUp$-+EG0Z5j>Yl&HB5Evj!9(k8Zh zp%S+D(SL@H;27f>ybKjU!>|n4Z6l>&3E_PM)())#Sk)rdHP~9wWnv2GJkcCW?y2&t zD5N(yJX}>ATBzMN-7&1}pMdCy`zNZVM11?|gY4R8zVKR0DrNr3l~}E(9vXVSG)CKF zEwZWVtBLsXo4MH>0I+4BRk;gyN_j0-d8NA~uNr8^-^H*3NuH`M2LVsZ`*;!!*|rwn zRcW1`*a|;dW7#*mcdvFGjS}T*(i+?9%^SJ1FM>i0|OhsB(m#Od0+&ADs>(5NzOxbI**BK#`gbn(8e z*aQ{vY>j*@Q@hK#a`?bszt?jlY+;<(_x`4~q%;yYyq@rYUe7y zz<%E9i|ZM7cGPVThOHLkN~{IxvgTLi%`nHt{YwXo{=B=Jqvw!)?^rBIul**gg1KEM zPpee_?FGG`ai_8GkDo{6YgS$Mxu3PXQ$z#dz4T`AbL<}wfNM-I_uH}i5k^7j|CkNy zQ@{}RQ$pbGL}kowQ$NIkIE*p{Qvs?NR@8=<|NHb;H+~jgpL#0>GDu}$!}e@BR{+Gx~$Qxl)Pawze60Jm{Vtj3eO?A)#Y2aB0ijpi&_-3jyP$8 z)XQIu;5;f+&{5Qluu*9Suxo$xu1Ezdee(3N!|U=@-!kFnU6i;^nMU8$l^$vx@6dvj zY3((!gnriS^U&VN?RIA*e$|Vw;qS)czC?|D=(%Eawx8UAs-NUh=QWe<(XYt<-RLo! z+T?0F*nmaylT(ZVtO_-m2ch%C)G+C_Aw6U#*dulE&FHn}yTrV|u5HvcXqz5`GwS@D zWH(8BI_|N>8zjwfk#*{)uL9n6Jk&`S)an$q+w*t55%o|X$)2;`J=AMXJA~@6s(Q{W zeQs{*%nt3CLz=3#8+z??84;-4^|=oe^lU4Vta1~sF=iJ)sf@#6&x)|d-M66HZGU2Z z@BMav1Ru;$lGc+?@|?92?XK80Wiq@ibJh5Q@?e9-!BXk8TNKgRI(v}ZD&ak>6xiH^ z(q1c!PYuiXr3G{!vhSUTPpzzxO%tH8(|LtjeRx%0bij6Q9u*!xrmu@WY>c|%TPT)b z1hk5(II)iHdtP~49L@$*_)#6IG7KSeCf8V-1d#L8>livFC+p)K9sWIbVnemInI6%1 ze<|b#q}DUtoRa?T8zYDVjx{Ygk1UxLqbrFB_1G5l9d`S+ti<^pN^|LeZV&^6UZPTM z<`m-?B;=6{#Sb3H&{RFiD<Qf?d6bK`)!-@^&v0?p<^k>#sR)9{KA=-6T?yBf>N=WHWu2B5wcZuJ~7dKmSl9^@eF62{(m3>pHa#tIpN>&-a>GB`9 ziNC6^`H{`p@%#0C14=|Wtm@#nY?^^y5n@6$PqZA+CIF8rAX+B3?9)7QmUuN{=vu7^ zUIkJ=FBwhaeF=5R9F{x-HfY-091j2F}H=cI0H3)bz3j9aJyXHy^ z=vUK-baTe4egTVYTO33z^jb4#Bp7aFKHL5Jkw=~JS9`F#Zp1TTi>U>B3Xbk>sT9je zv*Oy0WWJ0A!xL~fH-2xy)YwXyo9jC6Gaq7Sr@XJd19cZP+L4-R z{YSs8)4pVf{F$Zd;k-(Q@AKDmT2>7lp`wf#&dWp&HV~RaLJb8AtxlLE62D=7x@eg^ z)$TqT3JpP&HrpeiIuycpqd%iH^=+3@V5!zWrb4yr3v4Kx${|Us;$%}w^}sV$y}-`9 zAOoJii0$Zg`>ze?lpa|?SOf2$;VocW&jY%>poCkQ3VCv2XeSOj#3Y-*xLl>4^d1G6mj+iB&Mgo_7XjJSu?Z;tV#h_i$8h zry#g0P;i8{{w#X8;syf&Bu)%TKrYTvs^tKx?fJparf=@|R$_F+j> zXfbDVbUj@u!hQw|F5ZXje54u!zoYQK*i8Yb*b8+q%POS|eku`YdsworDBByock9Wp z%+XWn8=E2!hmn(Ha0~FC5uh+K4lnr>AZ&(#U4p~^*9*VCmE*rL#gOJ`tH6sCt`014b&ZO?(7pRVvW#F z{Yk}OE7N`Tom1<&bKXO)3n|F(b`5rt8^XTP0UP6tM#Zh0egXjRkTiGm{#8v===P_k zrgh-s4Xn!LtW}OxkW~(QN>o3oKH{3i!zML2YskE6x8Yr}U*PScmDO^^>kV_uJhtcf z;z4Eg3>@Fe0Vdr5bC^|2axUPv<>k?tSKSKxY4Vly~Ob6z{<(v*7I@M(7ggJofRvvr^p_;d#S?}?vz;;b3IK~+rVhw zDFdwG-%^G=V;27SBpM|2-pbagbeSRyv|+SrilG`}8G3Y~I*LYZ z34&C#RL@W&gKG6?YpYtiaH_4^f~tK8-7?lxNK%bp5KBs{Nra>?$=sgA{6GKpA-*pZow zF5%Jh^tXr@RUBO_c7O$I8i_?^4|wBfFjM>3RLel^3v^7|#2s)7ymNOkDAVqSqULu; zTq`fs{{7lWzK=$A(9+F+4w-f%75u){Q`b_Y zouZdhYrmuVQ9{e6ao0&J_KAymoC>?Zn>{{rs^F!K2N~T{%e{4|^z&p%e>iP17$-a> zsHF4H88>=52(3=-irbA>$Q9&N_6^KjpP%Dl7c^VK^J=O}DQIPrc(Tds z^pn2fVud7O{O%jLw%do@nt0ff=E;)my2-hwojd0ajz(EdKY2%bL%}iMB@4kJLTD46 zbh~fpT#*61z*gl9omcEI?kco;9(a`rKZ&)9&pH-&^s+gI`Bxjy)^aY z{WQ$q4xxsNwa`<&=BG5I1Cn@nsb*id7)=SKV1}y4H6K@UxaeJE<)A|91_A z3(WXW6(Qz0o*O7x8TaBtU20+`5h`oYS*fKWG0k!KP8u>gfQOqEI`9KtLc)5b!FY|oKXN06l z5L}ECe3C2%-V;X_c3uDh*8A^2N<<=SBBY1+Km0CfQ@<0`-7bEKKLZ~Y*W)3Q#n6A< zDc{8ATO@N1i7|Ly?#MhnpH;e0#@O-ZN-|OyM`J+=XF&=elX1xaCe>@Jn&^vcL+ZB_ zNvGC^02a163Kk<%L1%%Pb^hgUiA=F!W-UsW+(vTr{FK8 Date: Tue, 26 Feb 2013 11:25:26 -0700 Subject: [PATCH 0128/1473] Crop the logo a bit more :bomb: --- devise.png | Bin 14354 -> 20840 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/devise.png b/devise.png index 5481b00533d601e15e7e0cf8baf3d22de376f929..a4a79e8c7aa863b087f0fb1e878d3d99b1ea2050 100644 GIT binary patch literal 20840 zcmaI7WmH^E(*;U!cV}?-Ai-gfz+gdwyIXJ#?(Xgq+%-sW8+33IG}z$5-Qn`Q-@SkD zpIK+k>eF4-drx&&)t)F7B@hNGDJl#M42GQS=dUm@A57n$Q;`whKPxwB$6;XL>1?E= zROFAWPJ|6Skw$B z2pU_R9;S?HVEvm%h~S3czVN=`>Ss|So0e=6jmY%sy1Z$+w3Kqf)ch~eb3cD8!2Pa1 zRANtpOyY9%6WmQ5ZIMSKLr#)TUzKiYd%a`+&PLHF_c;)d`;pwEt4{p3ZB@YUMS8lo zX+!*b1vsDQgNLn#&G5^`^_(4H6jh=IqQuXz91+wacOi;&Em?B5nHa$lkEU#CIFNPF zSSJ0fO*V0v-r`JfZsU5x;>dBoJ~jx^e#$LvH~WPZwa$90-V+5}Y`F%UD>N9@x67FX zAlxTB&iTT6QmS58Ci}Uq?}LntYVp?**AaYXoyyU^JbiQL@&OPx&fd@;WscGcEV^6a z{wyI1Jkz{yUNSpKsu)$X*)-Ygm-nm6GRk(=+zVZU{M5~wfTc|^?=7F)2}BA6HrIAl zAWY5)@$(cBUMgtWI@DE4tkh-esG_}aX9*i7j56DIrVXT0LNGf#3P~V@^24)-3<0&4 z-c~p(O9-9$L@S8}YjekLh{Rq?z%C)qJw(8&!SAo8t;KzygU_F7l?d5Q|5VBgm#E}( zr-Hj>_(bTrM?=E~Atqcj%5%7OYhHp0+asZ|O+?-7MXII3BlS+bV~yHCwdD`bl%_wA zKayGDl{D}#__+-9EMv5 z?w9Ht*`Mvd!U`LEN2eE#pL-0Tc+!%K>VKH0$2fA_)R|fNy3$x&`tKoVhL)ipI4U+V z*Sl2IcrK^qq^nHOd9wjZeSM4ReLP( zjT2}s*H_guqxg>h;x_mLiXfQeC79l2;`{!qdmyHmt|x>h{y<{=sYlvl4c-1!?{mc4 zfbfx~wO$3D-wF0jFX>A7xsvZ5Pf-lgO-DC$zgTt$F-c9RVdIJXPyxE;);8-Ic&9PV z_*s~epY*McpH$e0=8bUH;tHq()nafN+Gi9j`{1|36_MAY!>blEca9n#RSl(#g_uY8t@#z_vSo7KI z+;6#Cv3*%wu?0?xnPr6~N=i~uCt}MYqhkbJ6z=A7DW{6R$_qoa zYlnx2AGx?@VS!3n0s=eGpXrf@H2+)b8YO6L1qaek*x0$7t~Vfh_ZP3O_w~`~=8skc zS+9?oz(Z=v;OhEqYoM7DW_zS|$A30GM)f&}@=CCNf4V&}84SlTIaz7hiZOaFqO5P< z%XYe&uw;f%6mFUUCN=9|g3sYR%e9 z>L_}J^w7@J4puh9u3x)e9kT!PJVesC%@yo2fF*jZ;(4UELE3X&%DJmuXV|?m65M9L zO6WP|T;O+mv0tJ<{eK$=7qm8og9e_=;g5Ja>)qhgs?$GI`u_5GW8&iSRdtT*f1_gI zVLNMSEp1i?!qCXgH5E29)&6h2;>bRS7fB>cfw2Fx`XBP~LcHhie&uKS|KWfw8!xad z@jsA=xnaj}uyj5!KmBiLBEY%nKX~3EB2zH_hkFn;Z6e?zksz^2`G4CnhQmnqe}+oQ zyw6L`N@Y>-&KA1&1(o>z;|(2rcO68$@5=#JlC6zr3ym13ToyHXWs9o)-l~J zh^g0Vhf<=~#=usYa7aZ>>b0|6gr zP2OJaz6(8_b~;wZ#p&vV1dPS~a2dGIduOpQ$J-U~4Uft8`?{Bv=VlO+h?ol%kHxW^ zvUl#6Hbn+ALzeo!hWO{_c=YW^R0E~^d*So=h*ZqKS+q!m!zn}kvLY91{Dz-u`mNwn`w~>JN68GzOJw*Tg)(~P# za-4pvg2IXu#DqllxDrs5JqPdx)CwNeM+~(m{#dJvcWzZ?@UG1`3OO+P3yVe+2swk> zpr&|2i$B`|5Iej1vM=p%FRQ&TdiR$Zy@1nS+wpZx{nWs__Gt{@LkjTF;xud8*HZhJ zQ{k#ku9enjvUoP(gp=2ex0j8z{mt(^kALbruwWB9wix}Pj00RF0K9ksXr$AO1X7rl z=#fs4jBzgL`1)v$J!UbJ77>|vC&I=0#D9;c0LAEjfN0=7;B2<2PQbv*WoZmE(Yu0e zDrMe=`Fn8gnKxr8-tI>tGTt5Cvhv@v8Zh)Z*=?5NN2MMPzdG~3>)eWFtwT0?dt7|c z+DXcXsSR+7A|T(EV6{A2sNGuKcx`?A(dd2it$s4#)+&In>pYC}`fADA&2XarIJ;}~ zjn(Ku{@3-K0v!99kSEOsb9pXq{za^n+aGzhZ4;Hd*DcCdYTw8Cf?En1HrgdMr^>%d z!Y9pt%S?R;ln%BADPPaoNE^{hq#PpvF0umKu{`=l@{}V-yIt010tVxhe7CiZezt^i zy8cU2c1F?g%FPvr$+T~i{2RwW(SX~Z1?2vR8UD;7Zx7RV`B~#4(`I(~y#*uM4wn!0 zZ;zagGtVy@Z`~O@x;@T)`zo!8olL^b$Op(qQpHRT#3u8~{+B6(|GB`a=X2Z`F+zmp zKYK(8=cm+AlzcHU>NcMD_&bp; zeQ_~yfvNS^5 z{Z0LaP#E)GPtRUY**duVE%p~&MiUnYmF5ppcf|`7rh(5}Si<90-E|YF*RcXgwXRYE z-8=N0hq8>r|1Ke%-@T!OoZk0%N55J2jve1_9eJ)P_QOO?%ofC*pT0h@t`PCb2p!v9 z6b%{5M8y~+Yg*8ky&Uzv9%W$^@8(WxlrKOVBX3^MM*_DTu%Yk@7Q z4}73a()wfegLpp=bQJ_UkDDM(H%E*6xx>#p{I>Zs-wp-ABt`)*H_JzccOAJVp)i5( z=kPp2blT!?!EiX^ouESPn2*zMqqGSVHMU!efktWNvDG#pfSKz_%c3P`zyrjU0$d+A zB>1M$Jh zPepV8^01_yIowEu=&{M`@p}lg0<~)NpSErIv%5umR;mO%Z&McVh*iN;h5DP3rH~uj z4h^GTLPK}#8q)3~$S=@G)SD&J_}$2XaK*oxqP>og4Kr{`gp=1?AneOoR{6^VXkFAm z7b>d>tNQ(9y+?dR=5`S<~#%FS-rCUt%~qn0``I@S|O5ThOw|^7SVzCnn4X2Fz9oRR!jI|Eu(h zk#4TKB)#^#kV3n>-%j96!+54Io^*BtE5>VIvfBH8W;{sndFOh-pCn6R{SsjOncta@ ztKnFIQJUYTN<)l?Z?x6*m#o;v8J_r=uS1Ye-Ku1$W6Ok74{?Y}bo?b^*M(SK2=eRa z$eic+SK1=wc4L)wy4@_CdL^Ybn+ZY>=((NaO$ToajxUop(x)ppaCI=8?EG4lQy&?va1Z(1{_ktrQWB?CRff4G^oWaSrcy$h~vIY`f1P zb0-M8N`MKikfbp@7J+!~QDh<$X?R<>nDWlx=Ph>aeOi9G+c1I{?=%B%DwVyw51Ok# zk5ZCXeq5rHtM&ayYO8jku3|kFs9>izfMO?Do~FY%b42AI+hTpl^tAuT`F6>fSL0ck z5&>n3s}&hn5;~-t*76#`AXWCu1$3 z>EIv9V?242d5F;i>V;TF@lNX>Om>%)Hs26WD3jP$4tFUx-Uzes2t}kqHg}dZkv;*D zP;2EF+SM^Q3s}cehrq=ikiXAaFe+<@X6*A@avtz}sDbn9YFQ zM~DOdM3it(2hp~q&?R4pOKdIuo?DH=>8}us3rO%O&%;PE1p~?Cxo>gF8Cg9!z_JZ>j%BefP5ge68 z6Q_7?hdCb5gi$RU(y~6N{PJ7*K^{3>3U{LNeijf($sAC_YkV0qrfU}|E*PGE;F{1h zjn$2Jrscn@H4u(LmJ4(Wwc3(+|6Qy0cyjW< zw^*;g-nI!F=%PZ~|1qsCaSu)`Lh|^?k8@;OjP!yV{yNybKyh2}}7rg(P;ATEXQ%vsE0za@eJzKlI;3`0AN+mcNz18R)Rcr~W%-(->A zIGT9Lw7$RcO;=f&NPb}CdfWG=YpM|i#MaPzKg2l&W#3a6CMCi)?;CZl)A;Z>UQ8Up z^>^C;_GcEm7UU}3uxdwZ>t)yIb=TKjir{vfXgic*SbG73ZLc(V4qT$Hy4S9+kPmzw z1iE?k^$HZyu1^b}iA>Aetn3QQg6tqWx!>*DD$tfQ0Uy1+AbRUi0?!E`cj1)>a7a}M zur&ShciL;caX#tP;>bn&Z=0sOJ$jn5FaGWOjqWW^^!*sV>nf!@U{xlM!2le6@+_t= zBPozF@&ezvJ3!3!2&uthAeRweWFo!!f;I1>TBR~_zg;y5PE2C$q$|~^_IBo1-wE`6 z)5tWm|L(e?)weh>01NbwrC0aunY*LEh!xzLX^Iq?cZ}}%wLolk#AM0IJIH2sZXAC% zrx%j<#*<@5IhVtvpKI>*r=3PK483ipLOd%6B&P0jU8kIJXV}p?rahhWP?&caK~8_2 zM=TcX?Q=jnJukl)bt-<_v)8Ofy3zN1>Y4mhZGb%IES&#%5;-IcInh=^3UH25ekM8_ z*=}hxXh|u(k98X_pr}rdN_*d|A}7Cbwfy9}=+DKnz5jH7&7+yi(KU_LSBN+(@5k;} z;ogTC-G?cr)D$Vdav@6lM^C54(?Y~ghSCWsOef65cGMbBb_>lEdBn~RA`uX65p=Sp z!eMn_!01CMQq6M?y)U;Sz1oEjli7^0aheW3Uv)4~kci$W+I+mAg^n^%We3y0v7M;BJ^&fC^$0#sp1$g*aAu&iE~S zku0uQ`D)s+@h8oj zvo!8%=3HA!;XKcm_27|eqnCg3WGUU%cHJlTj;nGVT|FBQz9U&5_dVyvc<_>)ixpbg z9vUrb@!L0p(Juc;B<92%JFn=~hE?A{tFXZl@la4#Q&AX|*K^U1vL2`g{5yC8IXR0P zd&yLMk>$DTw}cQZDt;|4MMnn$dC;IBM8>oSth`nnTS^3C8$NtYDzHXDJ3Z7-Bf9Ik zZK-Fr;ZX1|9!Vi4VqqQ*98-8q402N5|CYz|s#G1KQpULU^X}#ofI1a$bLc``7PNodUM#k;qBz?w1 zlP01RD{;HPgHvF$2>DgvzP4X9Fe$JR<{yL8$A{1F?adNIs3 zEKLyl(JVJxWo$k^ed0YcJrka+B9w@A{mWt*n??2a*)%X9l@n7Uo|c2{y!NS863pmo zT#uUod-mc6hLW!)i9zhXK!~FT&G{v4(2l1Lzw&z7M08c)Zz73Ye0bg=_L@?T!z#5O z353pcsy!Cfxlxj-mHvi?*7|-TcRGgGD@~dn8{HqWP}paoofsO8cVoNMJbY(13=Qv8 zi8d_?dOYl4`p^!~s_obu~;GH_F|!lY!t z#KIE33h`wL1LWn!&Yv%+dfZ~qY-PG*foo=bna!gbY<5K?l%-f5zu`?5n3h?^N#P5C&3$JKbwScqW@y4>ol ztn%E`e`2)`v?=D7okoEs8z9C*S`)?SqNh`>+fwy&(Ut_Qe=`ig1lLqM2@gbsvAe6c zg$}gNTOaU9NvgD)zf1D_-p=DF5XNC`JDG{11}tBO5g8uH(Y4L-d*Rz_9y0|TZ&`5q z=!BDVsme&v4}TP^hf2HsSdyZu4SY491n@GS;5P~#buE}nb6Lke#^ zrX?-AD^@R!%U+OrVcs+qzSNO0X!*DKwMClE1nqv+FYErl|HXU7L$h(H0XvWPhoMp< z=@k(zi|hUOT85I6o9W7nh?aksCVBu%A6I<`i2v)60_0-_)D=5ko9tuMVrIZp3+~>_ zSwQbk<_OgxSG>FabVHt_m&(3ScSSO>f5w#p=(gYDr7S9#Z1tVLxr3>8q&Y6e8kbbq zFXg6HcOf3!ZrbA?vv2ybV-6iF&-s=LUJnaM*EUzToOiw?nKq@V1o?>)>;iaknyLHGsz6%<^INv!maUp5N7N-Fh=l zAw@#h*k}JefH^iX~dU2P0bdF>?3dWjU z_u&MX0Z&mrT?oTuTAC7bFp|q_&tE^LXztHqd|kAQp2Agy5i|2W}FmT&=CYtA4ukAqeu51Y6X6xxPB}%8jdc!om0s&?6k>l&0*HyR#SC23i95@0@(|TdFw+HH+}>khcpc(XqD97 z=w)|bo0{#m8%E>k0UG`24dKPVWB^`=1TA$aJEXN5JEs$)b(4qmUl535-W@a`<8XOi*CcBgxgomB>d#>c~} z{$`=;YHkMpv3nmxX9-$v>K;5x$4&Xe2s)V1L1SMnm~v2qOUf|QRB zqwjmlbOjqbtBE4_q5S4LruROkM-byPl4>8=*B71`m4e+f=i@o(t2V%qV}GFE(87az zr!w7KktiZO#B`ftHE)U%WmRCEY8oqGZfiX`jPpJQE*v&sAV!%FXWWe$9TWKMbQX`R zd?-+l`i)>opfR9FCS0GOckIc|*o>23K#r6kIfyJKgKf%vv;p2^sl$b#2)OjA-}3MU z+2c7{qW0_QDp^X899~nA(JWILNt*3)Hh^HUDJv7Slk}<^F1alWC)DQX>#3wHdMUdh z64_LWs67Ge5@{ty0!r+PUW7*8By!M6m|0XMz3jyUJ^gXoGDM%ve268pg20E5UL0Zx zjpT{Q_!UY9`yJ1btzTr}JN)5wy)7hKXgbp`$lHHeXcG1o+|A%T0Jox)M_Cari1s1p zq1PLSIl;z3`N|>}pBW3?xVoW&u9(d-D8A{DDvWucEJ@q!atn<#FX)l}MafmX#SWqW$@Lpt*4#KtSXYE@KU^dy*o0hT@Gjy)f% zTggBo%rV@Nc|koCu?J@5+Y613Af!4do?*&}L9@oONws-p6bKMq~5#s(V*!pH< zE(?l$K~XFu`3dqWL*ksD&6YG$N|q=+66RYotOw8x&x5<5QeuLE{#)y4mUADjknSn2 zagUhGnA=G*EYOs%H7p^{*%G-BB+cEhlVUtw@MVtk-@iD;#Hrx@)rWt~AE>K?L(3VA zlg;phV`H7g{-{7*Ii4$3wkz&u=p>Y?Wix_*So!v)P)V^4lmBkHEZ>(DuebQb?>nD8 zpxpo$Joh*h4>U%_(BmL5d@dq-GB`+^jh&w*9U@+~T3LvCEarZ6&NiHuUgSHyxcGY6 zLKL7o+Rv#JQy;wDfb8PUjuYWa-MKfq2%OUo94~@ z5oS<4qUt=39)(LR#2UZtS}tt-r}blXr;nrkvo6#uSTOVF!&3F7qvmyio=$yQx5QL8?s1Mn60@YN;$ z>3TR9VKl}<>GJM(m^v+kzfER;T1V?Qsr)^wZ0z+=f2LP-g~>3Uu-eCQsOAoRo5 zF3=ND7(($_7?ars6@2K2vxwnT!i)C)N@|z#haEor1$khIGyFc{QmJn%{UTHeU%Ou_ z5@LKB>7LTk2;Ucl7QYeu%ETkaRSU~Rs@hzbw=yCn>WCl9_61%yYJjnB%XG!X{Pv%# z7#mFuzA_?kwD@v(O9eSbh|OUQ;$8xsUrWf;v%ZQAkQW#~*$W7Z*b*I}5JCnfSSf|Ss`4z5 zP!2C6vsvb$bgWB!J3xXT!b!)7y&DHWejtw;@r4iZFb8#^oKssoU_8N*qvt<`^kIyE z;Un!6vg#*m#A#2Wz@6q1%Jl=5}|Jq5-boJ*!T(4l_$Z77R9j7mfi$(gOpJb>``g=`8*qpGcH{5YCUUXU1~& zhy<-~jkQ*~u_5ZTZtm{oI8H^VtA|HFR|kpLXJ0t&s8~CL17oQ|SxiMzwp_%-xOh5d zn@xX+W{AgF#l@AXQkC|#&(PMQ@-|hq;LOLO{W{0vFh+AgcRYu}H2>1<%2eu|+6o#Y z3pTGDkBKhBa~wtd!b0w|zfR7jJ#womQ$QHRGBzEsb#)q+XNOV zWDJ+h1kKPXs6Awit?r19NmQS6lUW)^k-9)*57+1aY2=#r97JRD(>VENL#RZ%#r)yd zQFmJ`j?*$qGR*?t14iE$zPhJ1Kq;r@A$G<6Cv)`@T5>KCJbvs3HP67ejpxaY>n*16 z&GB*TBul)-oiE$L&nVxl@ogYDYKS%mo00SZF|>PSslV&6VIw;}{;n$~-7}@K;6_Pd z>2Utg_aPPG_QOokY14kluL#;IZo*w2i{-Y9jQdDUjn||Z{uA5PnFL)0ggWLMs<5SvGGWEd(ICgS@lUv&T zgvSK+2L1vL{>@agWQWc!#x&&<*ti&E=cZ#c-N=Bv28RJ^+f#&W4Uh6?ZQw-vHG>Yb zUMp>O46FBv`Pm4M6WdD8Wsq_>lFfrHvCOnCfQ!F6l1bu%$tn6S!Y@wMhC%IL}d$vBlC7zMt)wmiy9$r8KG_J%GmD+SrSw zmB`4h4`38c=m=Uc`x{Kx9nR_Gc}-=fpz+p7k++4mx-!cjm^>94uqLwYS#pB^8>R@C zDiLv{JTQb-<#ctq0Lt$LPkR~5Wd}0am2vivZ`@Ym3Z~H{UllB^;tlzwTn*x>UK_{1 zD%T|{wzQ!v%$pt6menHUMZ|LWH=a7Qs&PuqISdMF_%g7D6N1HF?GZ*@hwcRKsvFNI z80aK=*v0+<+WaDx{%1&{);;{||C+_Lr7_zlsQWI%qc-o(nKhracpVYHRvye?5%}{f zWi?+%@_vS~R5w1r?`*+BhF^_Y4QREu_8ek0+&aqnBP{c_W?E%ollo_gZ?lwm=h!YT z0{Hb|Pnr()@Ow*B8mEyf%CT}9-0YRX;nI|e2P@LJ#`g}r*d2XqjgK+P#D7q0^zpm_RSHk#!~2W$5V9V5mW(-J}axm?cZdGu91&PYY)sJS(KoTXmUa@^SAr&e3=d8ucfuol58ZF$35)qCE~);rLzE^H$)9xXVlxQQ_=Uh( zOIEWlyWt$832y3J30H%&bMh7h@S-7j$|AE~Rs!LgG)g3PP9@DwN9vi4=jsk@2;lx= z;6Vkqh2Q0SNA0lMwZnaQrC<3LdtXN+gEsz5O%;E{V0*vVU(D8;CWqtfs}@R;gT$XJ zleO|a!%mM{s}1`Tz*X#AIYVuAi!lwr_q_kLB0hzghpAS!-)Sqs`IjmhJ{77iIf>c2 zb7)B^#IYdEh15;sQys-f+_VNY7xndf*L>D$e^!ehlcXjJtLz(wS;i1yuc0}cC=T=G4gtKqB#0;4f zogJL9k{f?LnB63tuG9n{FORrd8XIRS4zd_z_z7r? zZK=a{b#`&TI-sW*XTkeLr2CIvR+B_4iEw(ikJnjTe{H^rsusjiMp=5~phr}d=#>=C zf0EfCIXe#_S^Dc@Bp$wtf7$El<^uIPmVfQ`WKasj)!B^ zi}(9Bn-?U7Qeo{FGTJX@zXN$vw~^z>rDj*t?MS8cKLHfY1@R1087tODeriEa*-Tt^ zL?Fj5H&B6eRoNwJcKjAWH8fRsLX2K1K(oI zmHsPH!T%Jkjb;X1s1R#ndd|&KN}fi`C$5nEskKV{-+B077AH1~K^!&NzM3U&_Bl1y zSVFRb{4ILeS(ah;&h+ht+wAjTo+vm3ay^Sf0)+--d7_b3gQ9gNz z${4+OKE3uUx@DdsCis z15N*(lFDYUcqNT>+3Ddg>I3(TLvas)+xBr}3(1`1F+@E87mW2-20WV?g~Ux4dP5U$ zNDq?H_cg(*OW0>V9P2HdA6k2nTr?l5vvmcMFt_*Hs>8IyJ-QTb_bKl5`FT6~n;V1# zO;LryG79O2J#QXzJiHFGSb%f>x8qs$QWIs<-Mg91(YcxZqK=8HnR$r`=PNAyBNN^+ybzBh(z| z7cx~dYmHiIL1V)em6LV#*TI2ChaO^rrnkYg$nkF(g znr;ctNQok(4uWQ)O;h~+xTHN+<8M!I(O=F7J^BephLb3X-&@_&SN!wZUi}}ZJ2ze& zzB^p|J_H?A{izlqUmEQn5s<)p1Y2bWpTA3IR@>p~=a|`b)-!2G1s|lZK^>MS4;6ec zv>w&U_M~-@A;PBcNaEj!du9|WTzEwW`;qax={3vnp_r^HnK!pass|2UUkfdszfNi2 zMK|w6W{J$~=yOe-`m%Q#Bj#!1V5;yyPj+OCz*bs({_wL^@)3rO!q+wYRn{$)yCrT- zUvw1}=PtUc8dxV!{XhFVZH;2F^@q_unijkEh)rGc^4VF1Pz}7?O*VT(Nj-A|B}g{K zIz~u%7;2R@G!F4M<|}b3Tqg8fJDX`+cc-PFAbMb2mv_xmL8HXgN}w76Jk#pIhpto| zf`FO3mR~tr@E1Z_6bDm>wfQuOMeLx7RRdBjTb6)bu5l15e=As^gio)Y=R=LNsks?0 z3P8GA-f&C4bR>h^`cLJjFQjuRZEli8B4IA@4OW7d*CSYGH!um zP%f4Iuu@hdQ!1pdXC_-bt$wR#9EaVM#ZfYCLt;Z62EDk#*C%*wQ~5L!0U3|}d0|cK zm0D!1MzSyaOHiFvu~R4~?5CfeCuy7w{hlA?)8V2VNJKB^w7DTR$Qrf#P1l`+qFa8@ z_)j&)S_>{L<5i933;0*g!AcUp{*eU>;Ofe=JOfA^&2P}X=lAVW>+oJ49sxf4<acwQmEt&Q_91>2qh_M*iZ! z2?eFcTBcQhE7O);H!mt9OQRaHjv@}Li*krXZEKKN=Qiul8a+I)oh}ZZ{BfUHY<5>y z4tzOW53b4%jPf#tmD!H=Jx`(X8@><#Q3{}?b2s)PNQh$hHURN;q1c{JG0~}#^**o0 zL@yy`J4l!=sV~^lm|4Xi-&%~GT6~$1Uz&4}`fwl#4d7U+C+yx!QMN`iN;Jccq(Kcp z{7(J3)T&JKk7oZyw6`&GF76-Nl3mJW8%z%&5@t)jiYaYF$Qof~bY4ad{lI96hcCVI zY+*m!F$_L294Gb~%q;kKO7%N3T3uwJvine33j_{SpjHtBd(wF<6q7hPLwxjM2(-c; z-jzzx_2X3arXhjRxT1wTe!3uU{5*q0VqwFNdl4efh$d$5BEEj?A;JCJ?P?;SG`LTp z_xQMY{^u-0o1E(;w3Za%Dy59eBN_FtP4!v~4q1Lq0a~c+@!Ij~^_5UNh^`;9?2&XW zfW3jDbrWi&;Is)^TWh}zZ~WmjJR>~W#X3Fxu14+wae5^LHyS@b_ABcX??o$fbpz<7 zV8wo0;PG43=9&t1bT&sX#;BVZp2bG+`?-u*9`?5%~Z5&&pqZu1|iA8dOTd&lQC z=5LZ`-P?Oxr<~b9R&3I9#+GmN2t8+1V7t*_m)cy1=hb*1Ad;%$By~dbn5tg{Afewa z3(OnNPvlY?N}3|hp#d*5IyG$qhJU&_ENf`VLYIq`pJkYGZ^ z*qLE#=>&%uE(yf&?O+k*6zZ+nj0-th#rRe}zq%F%88Ur-?C05UoaL<)w#K8l${g7- zqR=F2NddU9D6W`<%tU*sh57u^(0V{aiIo@^jO1I}tvn=oN*z=Y8Y0;(zNQ!LXZ4uO z35lJ}KmUg}V3Giw0Ithhj10?#(qQ`k+yXXzw~vrhE?GMdZD-ntF&OraT~2n;ZW*eJ zQg5=L1PvJy+`TLDoN%FxW&ESAhb$a=b2$K)w7<}wLpasOP2A$O&?-VM_=+{+n(|!` zS~ykWf4wVgb=2AWqFlv!yN~hlJi`rD46MH;&7Pa=T7TK(ugtI-(WoP2U0)1HNhveVc8)3OjYDGKD>Dl8U(r$kgv}m5g+}$ zW$`(&Zi^Y@*|GGZCY!;lA`NOnFcg{%^;F|qjel#hnj>I$@4<9=*M>Zj+I>PyLhHK6 zVR>jqV(t~b8sl=zi0!7T>3TLh zCR^}LWh_?@W%=pw{T!#YqE^b-IKKSMJ5gxPCv)Vrs=Gx<5vp~;)YBsHFRaRb_*&Jc~&H%Z-&RBrYVteNk6fH=z;#!?Hq-JsWxwHqvvsr7zR4buKkHR`uyy%%K55$`gqiM?5FTY()qIxGJ{ zrSqAzt(_EQ59moO+8_)dhkV-3qOn@(m1mqfD`e5&KmoW7iYM`!x<=jD)-9ZZLRiyy6pI(m0|f zU$P5-t=v)^DsH*WrL>MJ|2ZwziR(jPh}z>vS;M8{LZ6xY0^U`bE19X&tDTpwC8w7FWs$16{M|_m zZ9bw;m{MaQ?P>#k6p1f(YOCx|qs1osoRslhEqdlGk*(Ui|0vpfE?Z=HG02}0!QImq9)D?_NLLh`K0%l2ay=fxQ4l-g z+xJS_g5z_U{n zK5rrkUy@!;dU3`J3?pqv#G^_zwvBHd2`!=JyI9i4 zQbEpO!6RPjGB~I9k2}f}^H1w}SVrY*o!=pD75jjVo4W6RB#o{$a4KU7A?e29ImN$!6Rf`xCzS4PBwp1Zg3VEuIFxXF;zfPIW1i!UNMw2iPmL)*v z(`R3>2)!4IX=j=a7!KCLKf`*HG32V@$p=Ec0D!~;}JeiNFdv<%7c z9p?jRda;Gbh(87+Q8P|LcfH(TMJ!7)Tv0*?qSxR^B+Jd}~u8TFXq?C*; zIT3cWdAe}7C)#%^v(atEbHC!gxPWiNtyfKmw<7$;NS4U*rp)HOLo3{DI2A2o`%?ls z!xOGY0PrcATo}C-_q6MWD3w}NYx4U|CW1Ckm02ji+^0a?zNZra8s!?nK7PVoI%s&j*kS#FmGKcC^&Nt8poGVRtF(Oc` z@7G^`e-^y@n4mho7c_QuaUKqdjp#Gkwt++!X0~j3lslRdIGjSJ;#DHTB=UG&5>h`Q za~f%eZj`U)2kM?Rmz!Cr1yJWy+5wqQsk6Mp8UpVzXAIQUcJv2)2^qF?+=w;7keuID z7O~;R5M3Zi|DmUp==Ufc0UTGrn_P0%kOFxq*2jpiI9&egi=M{?-WKW=1j6}zV%ovd zXssZ&*jAilR=@bYfRmz~wdy_GWvs9@4hVOvo5%t*W@a1)Vp{XW9c<>s(nxtq=9 z{HB07W;R&kx}HiKUOulRJb5*O1MZR)9N7C$@NZd=;*6YFC@;8XjKA$ORQ_FPtEjGo zF*hgnagKcLmEpbus`EU{l5Dsm;BMfKU(h-Y8cr659vbG##KGGI&nSCEyW9@q#02=X zQyb+`ktKhT^EaptZqiER@s5U1%b=NFGmMF6xESk{k2oJxu3a+JazhUJrB%0HdKrkd zEcj3f3iNI2bg+oq9N<)kbU@W6F~)H0Uh*|DpZF5rA(_6c_9{L;GZI&(mJL;+ zF%5y3WrsWb<#v_RNQzbH<9s|d7a?VujPH4@oWxUd2wX6(>F%h&5n%scG# zlr?EID;7k2b?{!I6xM|U-yuq4lhx_(Cx!KauwvcZMrRgB@_vQK&Yffh5n2;{&c#zR z6xy#VWn6Xqf>T1?(d3T4b%5ElpxYT zb|}oDH;^t+6Q>n;ml=QhT_{<`1#i(%A9AC$8@i=%{}WSRNuW$E-H{!HE`|Hqz$sKS zD3YLXfP!pCZ~Zd8tD1@72U5yMrXQ(TpfyfZadu^`-ALMar_#iP4tg$1?r5bE1^^d# zl=1@aw--i4yekH~5~lp+qpGZKTy|}j_OS1-R6;mn&VUZ6ixY83$JMyn(r92`n2t?Y zX8P$TKYW?&=0X2ZWnodd@L#r7KJw*~qyJJF79|#kei+4PK9`aWizg91&7NmmvjE)G z=|N`@J`YD6DGLQRJ&M!O1OXQsZzTn72%<($j5jv033%W5Qj`~Z&FSr)z*W%vu~6={ zDsfZ7cN8;nP}jAVi-Gf?PfD?VGz1Fn`kKYnMP;WEPFEd2S~DJ%A!r`KRcq?sQMVfz z1>mW_peDxMgoU+qpW+E}KcJ52_&5O=jt9jy3)5hu^=J7er=)Ph$M?;+ubHXE6Tcz| zI11Qg!iFR{tCOHlg`glkyEtAXX9NFoG(d$$IE-y&kf&I7pYE+=0!nr9$Sd*4p zUEXnwh}V4FAC&gV&^!#Mm~^v~tfa-RH#KaR32Q zYh7vac&p;602XwsTRYw*Uwrz37cYr0LJAN2^RJ0XgsuXI>rknW{$jSKNkGBN;dkcGN% z!&W%g*2Tkf6iHYC8Bb697w0PiX!0;>jN|=4+4PVx#Q3@WLmqIh?fjC=!*pu#%JL^U z-rRJ{2U$RZEA((GW<6R*xX!_Qg>+Ur``7%rCMLMQM*gMrtOj|7*T-$biRuzPk z^P#`jDJY+SaAO$Tkf0_FU^k7vp*{3XuNT8(Z!@IUV5--n4{k2SDyfd7*ijzbHi&F@ zZ)U)@u_pg*(UOkB1STMK@(ceOe!SSD^~U%t;By1)jO(eUtS^tVo)nqgnmw)1aXQKE zzD1jW+YrU5#Rora>BF3d29nfTzmsS!6RTR?xA4Cpu}hrAv!bEavnG2Ob@aWDUAfv= zW8Xon>7rz<=U5&Cc(<|-Ddbtjx8yUQ@!A{KJa(f5&ciwEwW)I7|Gj3o*Vs~a%vLs3 z2DHleDsyZyBM9B^ud|0w<9vqcC*||sN$~LeX;>8Sh@LAOVRtL<`#Sjc&-*V zbp=gW$z2K8&GanNi!Jx{#Kb~WQBqjDHYGLSU!x(+t_0sb4(55NkxD&wEZFLg>Y(RL(sWYS5*hI@ALKy1Yb)9FNM@lf zoWXR!oT1ow(zHtrUn$TCT_$Trq}(Q<4+g9XL?x2UD2+M$Kx&+1gpSFHDYE_lbaUVD zY;f-%z_qH>R-@9`vqtRMAjP8|HCi7_xz2sRUx4AA1L=Q#?-m>naKu`saOiUf*g;8^t%|pq z-zR18ePoQ;`KFrisOLK0-`27&ID}I>5>WVF`AZ^qPwXaU9V(Q@*o^%c_PA@o3k;fE zD-{~#exa-Bbix&xzkgeu(+~fmAD|`0Ns8Md8mcD!c;sTeTW#NMh+y3?5}kgn4zh@C zh+G#YT(SGg8nr{~_}N<4&hPzqv5+Nj<8r>ASdNB>{A#dV*rJa7OU0BT_WhDDRGK!} z3Bm6ArLoij5^tVg9w&1b4IM##`Iw_1#!RPhMJ}-J2p}rxikQUQt%6Y}8?)d&K%>FV zHH?^xVbiNpw`-Q9e`vF%LHBPF5kz&+Vhr2Cx9u3=5HNo)eaqp;ni-EJlPmXrBO`Bj z@J%FGyy9-{dYg<*j@sY~6EBo7UfdJ4MWJDL_yCjdUrjy``6(m6!3ZqsvRKM?Zjl0K ziN>(*3G2_4lo*=GXiy@|TgP7_ zcQfsBPf}2$6|zhzQ<`-C45u2C{)PK|f4)|L9`22i{|R{f z1U(|Ipi{!qrn#asnG!~DF1G@oK0P7|Mzu!ebkp<^`G*+%L(NovIn$h3S~x>FR?oQ# z=jk=4PNpRkV@z}7h9kE8yBHsh7;+oI;z=D_x=#q}4DZF04B?%@PqdB@1RhW40+@_( zjAo-&JAtR*GsC$qYcO8ollbc5EGN^(K7`sWOa{x`iB6lGzUG3(&p$)R*mJlG)ess- zfr}@WUHRD%r&g4lE{+Dh3=3CAwSS8?wGUa!j7(Y0TO5SAUQ0XYa&c_t@xpQyz9y3< zl03*CekB~@suG7?eY{6-5)ffNGws92f81ytm731?24cOWXzW6;$vp_e$i5-PH-KC% zdGuk&Jc~EO=TPbl{*t5EGZP2r;+L?LhJc)(5_{4@-kR0J7-93%lI5Z|sZj;)a%xf3 zAe>|2MVH{Y?o-Y%ka5TNctMZT=_Md!j3>sIh0LHpCo+<#PWRNurgw*+Ov%oP@z|H4 zJfo|g2ZLlWyzHA!4$Tlo>M=3qM2mekqoHA@Tv`C4X?JTpn#3W7n``2^v9BM7IQVqY z)g#`i2T=VZWR`BkTI%{T1~KnFH*^?;?!0~=$HP>Zl0nuQIS%YYJHRvgUOul zTw}9}#D=hg7LYEk+^pLCY7TfaXM0tU_hf~HNjk2Jx!;3x{PABOmfRiBccvoSn~j-# zE)ovmvu*3G24iTUw@yV%`k3L#Qm@!0*y5+(x(~=)&Eit^8SXyr8o(CTa6JOy`QCJu zc(grx+Qf}IuSNH?vgvBxhQ4*BeCVOiVyb%RK&&NQI8(Y6gEG!aQIoZ9>-2F3ivA+c zA)FJP<}dwvbiCFajF*Ah(JeU6-X|bwRW|BZo)BY4><3F+-UT^T9jt&VsDVu+9SPzc zN6BTiY<3m@r;TG}&b!Vu?tGmX4(B7s2rzoh6&HKif3=m6y=mX1uv5QZ1Wc#-|sorDq*Pb{t;(~Ap?>dQ@fmhnp5~6ia)mVQXUtuh}O}`XNi%yL` z+ePJnSZmEvv8-F8NIr}g>EJ?gd8<|%np;;h(~7Xm6Kn$vPf1+MrlYHL6%Kn_;->bL zcd4MB)K^ZnQ#`&>89kX7kEZ}CNe|gCiidu6bDWCu!OEa=={au~cKDjenV`aBV@kW` z0`%5R9CNycLxI2Bd_K*42BczyfI7+gp9q)tyxq1v;KK1Dbug+nD2~(6#iJ}hLFiyi zBR8`$H}^*+dh~bS9oPtlxxllbt!Gx7+ncY2+DJ87y?Q0 zNRAqMFr%u9bUM{2dZhUmv)~roS8w zUMMaeL;W}FpS{h%HJ!K5j~0viU-ns&4D;&OFT(5=t^{7Cw znBL`rpDxi{$#Ri z0yQ3=gmMeit#tmDvlp*8{%m;Y(*iFdYSjF@&i(9tUPWY>ioMzKznf+?0rC+KUb6q2 zMspY<@5PcI~Vhq+x?%+@pFO0 zZSehN(1(*FRa{%*Evu>-<&75WdRdKC@Psz68glj~ff#&|3$CTT-t5yA46WU!Xam+f zlZR$=a<68zc<~?OaM`3l5d1l2GV(|Fk#YP7iE~K%N;|f9A|kE6nng067AVL>ztv_9 zt-+R_)c>f9@RObioTG)G{RnUc6{LXZ%0n)IF#9kS%8dc7NtHhmH1c zu{pL$Q}2xcj;~T(lH%QzU^EBPt^aliIWZ4j3K3*xN)>g-l-D=BFqvw=kl7uA1}*UP z!=VxFUwpD-?s)gbyv&c>YU!S=Y7zcqTRk`-kab8T;zj&(xr+DAAX51ezxsI6R9nI1 zlj4Suv&S0i-C2n;?I`Eqp27jV%Z;`hz`4etu?e3aB}Z)5_5rvy7NP)WxBA^apFaea z`S-OHK>Pkh9$w%m!C~sFu1n+G(F2XO=V@%#ktcZUptN1-EyAh>FuIl!WplE@0%4&4 z^n?eOMY=9Uz?gU`)3*@!O6NIO-g2-)PC9K!N_<`H-I$=cTMm9-dU11IvG8imjdEfA zeyLMXy~f=6cTM=*xQy#){?O*kmPwukB4RTLdG4TbRPW79&)*nD!WHZpq$+@Al_-%1 zC1AXye7jKVK|C>Uc5`MdJaFSQq^$G-r3MuS4O(ei*4*eApXP2%SYndI|FAz!1g)#5 z$hv2Y*)&GYM!-wjzG^nDBx8pv2k-(C14r9)0JSAxhV!FZk6^~nzvw3tKZ3Vd*VVQ; za8Tn?ULL?xJ2m7DHVo7=t$$zU1K@{hCb2nen}vq>IZv;auRb^l7lU$D*1F&zk< zk~8(Qg*icTRdj1aFM}H}* zw#hm6*nQl5h8w8LavjSccOMCUVmSu!G6791%dur`9N=f(qh`~<`Zz|T@>jzz&Oqp3 zJYOH_l>uB6O-f04^GMOhwYvTwNqw}NLSqnm(fm{)#=4mJM(&33EqT@#(#!xG!m-1| zF3asQ*FBNrn=-tMoD+zYZ2GMDiQF0Yc%NwQWOL@Dn5S5I<2>f^Y#6Owme~+&Qe^(l z1C_g4rZ5k%r}HNm(C2wXO6=y*F814o}Z2sLohX9-yUAWiw6SEvTZwEV66>{jbyd}pz>$a!Nb=K7f>N|Zb*I9Lmi zjX|+Io6mwT#7|*w+XJr0K5l4&dEm4snJdL{^9O@kxa}khOWZ>E=#|}Dwl)>Ey6{*> zfy5AWH2t26ol{c9;G3S|L3Uouq43Tf392*jT{@s=^zV&J&qZ74(S+4@^q`j6E52PV ztH_($mmCTURZ|gQ(H4`tq*y{OIhB3rsnG$|c7dr-{g+^sgY?ErX=PcFT04iGmn26o zIhWCURFGwKM1SE@)yXC@P^Fi&%(s7Cx-IuAJ6bTD2|{pcHpqG<7uH1zOWa;Y)CL@*+K+&-t_cX{%>p1%gfq0O4)F&A;4C!UV5s7ue!z7>gg?oLJ+ z(`K63K;6(Q#IS9k6~>`{v3kTUwXKtJwEJjIUTeYE15c58lhC(1^>bu8e1viMH~ogk z^PsvrhX2BwM)*2Q1W=DiF7aWfHR7e&CQv5N5=*r-t)DL^`ir?U^!Tq?LBcz*bBnC3 zXWQmT;7F&dnVA{z=tXx;uSVG#)@8JKr$?WanXQtdEc<@mV!lyP-qW{wHE_l=Bpp8b zsuaG<@$g1s?gm*>Ql{2HrCKQ5dny?leCn5`tY=XCYDE{qt4y~dfXIsu+5Tl(A1pMr zV8GO^6DC_hog{hr-Fr56z1zy8*S4(M>nI1Xm&`qY?_b(PGzG=hb77W`g_9YR>qI0! z-6TaV3Gn-2ghq&Dm|qoKZ=juD;xpE*Xf<%D&G^Mabjj>W@culn3fpy$ z^{Gl~Nzq9lWgM2G|c08r&*CDi}`s94B(Hv&B5xJ9_n008hV%SnoT zbzeDMZV!W2#RgA{p+urc60p}mS0jj(b-~kcbMeez_Q5j^ftb3W`}+Da8E#X2hzRo1=#F3&B-NN=&s{(ss$q!RX@O z60*hk1@*_SuBFFC>*&As8&evOr}Opp8bLwMkL2a$w=~E`3?c^o@AALifgJwNlK;On zSA@VuYy508#Losl4@sR3wE=1(4yP_kO69++{cr^dYTup;b9@ECe`Ke@b1AqidPV*$ zc%YGkDEBR+?XRo^5hy1guv}9SI>!kxvOB*PIMSRqd>-^4uSZ#XKaqK(?@y!?**9$k zvssKKvH89}9^&)b>m~6ynKYeLwDts|iQtPoALd^6;~D;{?09B)ecXxhfHvR&f1ONq z=zQbZ8Mn;zNw~7OKV9AmXRH`d8q8#c0Iyqyilfnh<{DpKKj$?c&>P>&kJYscfZJ7gSVWIcOovr7SO0+>TKkviEO2dARhOJZI?Y&y`KetO{5EI&Rs_ruGiaH zWvJ)9M8lqF!E-GRu-5t|!KD4|;k5BkEcq~x%i)y2$gGYeS?J`qiil+!(v_h^vxpgBMG?~P>A{1=uP!oUH^Jh-&J@$ zoM$T}vJ88?*h;0+0Cexbrp3;WA)oOz2^VG6v;le>@lUFGF($Wn1NvDI7j$V5)FYF$t*}q10Qq z4K3VnWMByK4_PUpmV*qhx#*PPB}g}=kb<3fCkQ!$yCwZ%iHK_wuJa|N8%#r@^?K{U zs96;HVbRVL{IqR16M`6qqeHGnZWBT`V_yfL-$2Td_WcdC4cvMWA~P2_8d}{#Zj-_f zRC{-ZKqo*k=G&F~l?Wx8Owokp#QdYtC4tqt|Bp@o6W$y&HF349V3^Ph%8T2}UNkh% zLZQwKVJ||~$`Kei(545?WHjieC^vd!Kt>Wr-e&dVe$|1oWvls;-(x6M*Y|0!Ib$v- zV|K14qE^gH)4*e|i1pHG{+s4rBU26|1wTAvdEHFTBNjof;6+=lz`NGv?{_H<8h+5i zRNODx=u>jeAtWV&PnrCK4)|Z4$qqbdq_q$Fa&dv9)99@?M}?WeHOqW(b@F4*mc5z9O9Rja`(r3d*5)q23%ilad99a*_eyqY=#CdJyPsF)S zI1$!B%p|tN zS7wJ6Wxv8NsRNvMz5}4^IF4UKaEo=)iH-=kdjM#~*NTh0QP~T8kwrwIq8ldC)DDSbstZK#wI-dZqntS&2WbK??0pYwP*If=fcRU4l!N)T-0}qij)a>LW;@< zU29yqU&AA1ZwgdccHP+uJE&fWd7#5~NgSM@026pGI$l_gxabMrhB%+0)gV)CQV`w9 zBMDspoQ!!tq!l~6D5R=t2*>kv*Rc{#bkuJ^mh{5wqP_5eEB7YwpeS^TkMM{1<*}}q zq{m+X0*>pqn_w?4F%gr#Py`{45XOa16I-zaQ=4m$X`H%u{{V59r}%6}AT5XXJF7w` zlqnfT%VclHppuSx7|A(@5}aIL(^u!y&w!#(rVYdz0_gMk+TY&u_2JUEOj=nD0^r@C zF=e4ENiCc5dLv@vW}J#gPMAbuA=soe{vHJpmyfrHNsx7J6c5KDM;7t^Q@_j`pzk_Z z9><+xeTY%bOPw^EUzq_Gkn>|dCxT^!K@Q@?_$G||P#=MP^c}!mXwy5Fi}r^CDxEjx z(^-hSCTm#tv^j?x(j^H}Okxweu#zSiu=(osg$x$fd4EimOdcMch=77fC}P;;$neGW zENYf!Irfw9b{K7NX=R7NSf*$u3iPMHk;KmvW?ZBq0%6`#o@ue>vu@|*`cs*9)n!^G-U_ ze~n})U|UcYzQe{qiT{UB=h3eyANNe&7>1|(q({>S`I_jPWkqiOK>@a0_56@o7b*CIL4PWbH!Ex$ z>X+7z7?L`b4C1?yn^tD9`s%g^KhNOt3uG7y8U(?0=+L-#$!wzjBLlU)eCrSk1W0nb zTmeuXIE(h5JRRf!J;LE5k-P=2)Y!T{AbzNz9-J=v9xR{3?2yp4v8E+T_&CaFzMh1_ zf|p=5MB?xteQJ)J+G~Z(*Nun^~f?07|$1qz3i@QxNfA(_0Y-Vc-W5+edhundj80S z=IZh8CGx@D;M3BgC&!|`-yU9NWrW7W{Zfny7oT^nryZ2`37EF%9ZD0f%MDff#C&}9 z@wkH~Txv@zJAq(Bpca2HO~o|t`~@0Vr*A%}gF=V4N-R+M@U;;q435YgfiAKB2l`3Y zW6N2?DrQg#+Wdq^tif-6x#NU=fxZpn-eA>Nl|0?%&PL$KmbQv@_iR9;EfNRDa(zDr zh%0o?Gk${;p2J}VxAO6%vXdu3E3m~OL*cU)P~5)JA0srKa>*jqZZ6>uc(h5jd$>Hc zV?KZtusoG5k-w>S{1q-LQYe17*=Nz?c)j-OV!1SQ!#!Yk@9btY(LB(OwZZVw`1ukH+U0_fdjMpkTo% zt^#Y@m3Lg+8>9&@ylA0UpQ-+l3|ccm2F5Ll1^MI01JHaDr%l+&ALK5-_k#!&eJn5) zd%kHPMPU19{Dnq~*D$fcqs*$`LEao8mO+xdT*zomgYx|RRlGYHSx=ZUgB*;Zm z)?;7bQ?u({^ij+cU&6hkjtTDK{2Qb$X}oG*I+#>D(|%X<%jC2Fp*Vf%S8h^i{riCC zkP?atU59pV?XBVmy6@PI>+U;IVz-k$DQBN(LE@hrS*|IZa>>T5OD-ZP!BtyH+_A1e z<05%7Ic`LuOji`J zC+oB(2;F!1l`@2uJ&pQR5uEAv=;HM8!@6hP^K#G_CfH)PWtIUsHnHhK+7Sx|s=w4O z%00B07}!P^SX|D6Q8#17c$KgoG-7cZ;Fqtz8ZlfJX?8+U+0Dtj_DdVNiby&~(WKa& z0CJ#=HqBvgaQCdymzm;5a0qIp>*B5@eq>mHY|wxUlxsgmndkl57wPJMW%B32V`K%pv#-05S-1}=I4!y;GQAg=G8q9C9Fou$VvRB zq1`_r)ejVhD_Ks?E{Bn=^P7eGL>!x_d?45?(R!S<(K?bY}wF|rx`6p4}@mr(yU*$NbQ$*zyon?SgvaO z;@|?AvZj{u&64d#?oK^#{vdS~FB|HrxRZK-!EC1dKF9_2=tB5@iE<`e((@~hGx(e7vkmQI z#Loy>{eA`}Hr&Y-CU6&aeh^*v7?GsMk7tGSCj76`sfh8~{VahhF9?zsGkSoBhrRdR z3_*DtRfAH?L~UPG6{Ei2(xg-M((Cv7SVbpgwb63^IFjVpCMsI08Vrm|&I79lj42$9 zlc@+G+0H%a(1FV}=Sk*DtL_T+;;#nU7vJ!GiYg&7bH_P(^ zFo8YGa(yl2SF$`+ZxY9fu%!}>_sU|YG{6M)5Rw}?pccVtFr+OJia#VmmF@Ow0}8Ij zA`+S=@SlhQU&g6-^ZB%Gmu1=ZgmutyEAOg&4l+L{+pR)+qE#FJ3HVzIcTF{Hkxk_0 z^NWLFY2rL2HRY?!lzin_p~kjMx>w`LERp8Cmi{%=R3`?gjyI*0iLRUHSr|pt~t_OA0aW{CI$t6C;T)5&Da!WbYyS!ft@XknWDeB>`B+mv-npgcRB1U8#SsPvT;K7nRo)2InneXyqnNc+{*~a@uYA$Bn{>(9iVl3Sj+Ct7=rDBW<_H^PsmehJgUUE2n2*DE>%nclM~y9oc64A~@HO zeP;hj8a7oD4of9Ave6bgDcy4py@z=BVh3E1I0Z1MV*KZ6h=Za6G zq!DS1bidl@P`F@Cr;)&7k}2r_b}0I|HjU_I3xMXFhYj=sL{`m?*A_Hw*Vs|V$;;rsiAq2>lZ z0Wq-;tqcoMkn)SY7ql&IC$~L(ZClT5LHtp$Gka10ye zP$gM;F4>n117l`6?OqR_nNn?>ou%9)71Fb1rCe)%tV}w2i_dAzXh@vQOa*W}Gbgz_ z_MNwK@L59535&gV`S3O>ZFi8|+=54=)kIF2f6$6 zxtm=OoU{_D3nJGWZOTGEQVCsCszBl}(S<{;)ImQ^0sNjGs^p-VXK61xXgdntl6$vr zEoEo!H-?h60C2Fgy`BZp1fuGg3vW8DN!jGB-*X!*H5@Up=W8&J!552Q<27sN z_zVcgRDSLY0#|9m4Oj2oDo)=*5c} zG9XZA&r1tSz7I8}^-Ka*-2}n_DHFJDE8NmrWy5BH(IBDXVnh3f2XF%7^LbDe z`UnV6OP?T!mLW;X?c2k~&VDJ*hl`(Cu2QhUurBu=%EM8tdqiJs2?e#Ep4&ecN~lPrXGoVmJ8cu&ahgaJ!pFic&Zy*zJNK-krFI#M<%7NesA^f5NA>VRB8#VG zVp{-eb+DPEgim^vZP(#mH5$h(XU$LVRm`y{JXpx=vz4$Ec5v~iU)Gli>Oh}li?xyb zh0ruLbu^|7OeZ~exuKuOtmOcT0I0UW{Q&^5kAt|*bOB&l{o|?Y9p=r< zXkMKcgBa6{7I58z%=%}Ru08XPteHiGXoY9D)eTno{M&?f9N%3}LCTcdLCQTnY7zOBS=%3GFgd8t43;i`)TUKMV1{pC`(%<>i)YmOOTmObG_EzNWH490?{gDAdwL%)~ zR)a6^wG||l6mG;LDHh-(6d=}~G8EvmpKRG;MwR&qYDre=A(_wIaZQ(<*w7q711=-$`BUSFlr|$zSq8+CFuUm66dJrnEh^L&EqHXp zOCY`r3pAz}Ku!yV9(Xi^dZL19^7@4^r%(f>_IR^uXxepU%c2g>{q;N+ifWMrK($Vz zmGa8L919?AYS_eSL%t$i!+PKeAZ6}^0bc3E8|ZarO`5ocpqM?lv_w-^E%X$sp3y<| zB^>6Mqk<56P*Fj)WmZmT`<{4WKXqyt!6mTQTOnkgq8H={9%vn{Ls*Wn{DOek(9CI_ z9<3oNV1cxpN)rrW3APu_+3$s8mr;120prFDXnKR)$N(l*XN3D<(*Ofa>ZE`hg+(={ zx2~W{(gr|LIilMV(*EhCIH1vL9oii(1`|AF*oQiZ2u$U5$e4p>Pq%jjn2ZlVrcC9L zpfK1Bsq)LZSrHF3Mj0KSEev|eti;r-hUb};8+k%89GimUeEZrVAIBbC4ZQnwYL@9x2%#ZmP6kP?}m628w_ys{;tK*)#e ze%Z}cM5e;dXCujku4~c#+a(?dRw>?Mw_9Wa6>s6g1SrGehVsk%zOB;IntpHGvN8fD!pk!Z^uA7 z&dKh=0D>CooRBXjm?eaEw%@PVjP~fpnbne>fPMYL^BebJrTpD+Q? zMOow!)cp*WEX18ctLR6;sx`JvziLu4sf7P=P|)toB$wRe!D_8#jJVY}(hHG8TioN4 zJ5%g41}LZg9)cg{B38DbRldIby=rSIJY`|)Ca}4L09RjT{$RPK{s?hlXci2!s|jHj zyMx4^A&s(M38);d^dN8wBMCm8E3rAXfZY_beP$AQl%ZcNK-{i7VO;lT{7)z#7VxmPah3e3v0MyA0b?Aoo##%39MNl0F%$8pX6PACV|bF;IAK*E#;=_Cx$bq9p6F_BXNXp}`=W#38d(l6mq zWEbOhEuMDBtrlrrytw1wc^bkQPE~#<*3KYMz%K7fQST7^aq276?yN z9NxNC38915-iqea0V_zg0OtpB|1%L5W^mr$s?h4XtFo_w$j{(DSTFe!d-~7f8uJ=2VsZMHjV=H@C&HcA+Hx#cpWeh z#NKdiqTZ*o!aogE;9~k!GVndo;9}mO(X7R>Nf$?4htnx@3r5x{)A#M6l8&>qx+6yP zeW@ihXg~ptROqk+7wcQJz%^Yfk;wlT z1;N)Zf?N@#P_R8}j6s_%(C8beD(FV0S{RmQnJE1Nqq$*vtbd+flT4Zm7xw%p!Mo@VjhFWG{-PB{lgZ{}DQ$LxXAKfN@6}K&ZUWe~c=HL7C z)9t_;t3xxq+vEvtIO^MW>Sp;Blx+KP3pOyG?^4Rk=OWb|!iDi7luH1rRVlNyIqIPd zoHr?7@?wO!>pdRM|AiPps5}YL_eVK_x)4^2b_sOXFC_V#q#g&>t>lCN{H=tX-w0<9YV^a? zG3#7&YJ92yzyD?8Ol14y&RwlH$>+1{pl{9SR>k%pO|4Yw03qhbu^#0;aLS;iTGLr@=X=z*9Vylec;lS3*c-fZ=D*`O;b4<`^ds$rD` zOjT{#k@$;Z(nw#zkTCQjFjKEQ`VICmU^Dp$(2d7+&mx_$5OB2Mpwf%QLYEoVBwgmy zq8N(x$f5uTJoU%ohS<`hgrA6o%RBr70xOuESAg1m63)d7eBlf)ql4lK9f~izCP?ch zk7b7|!nx%UZQyYNVQ@_xb}O}zEtpiPqy)xWSJkgmMLF9X_@v2bq57^~f88hQ3ezNS^*Mw_Z-JXn9gA-G ziVg_vp+q=kx&`x3LIcoKO++tg3la6uq%fai*BT)S+<>rx+$S`V$4&1b^@;9~VAwM? z#ZmfLb2oeE7!qcTk?6YFT%7G2te1ST!k0X_$cI3mI9z^Hr73)MbC=p$2frK+tgAZUPM&;gPAKlk}VrGMH@6D@Zg>LsD54t7Uc{TsqjW<`C}1C<9$2 z#Nd#>*8Q)3=#Rn9FP#Nzdh;}SH>Sm?CFtQVeLm=@u*fT*v7cIV&Y0Nu1YF6jji76{ zFp@N<0RkNgF-f)r6iJ*`n_3`rp}T_ds&~Vh;EJ&u>W}Fkx=~zAD>bgDRz+8Tr4zqj zP4i@K=u0D0?RzV)q)vo^BLql&AGgLT6rQpisrUFe`oG`lL2#LPE{4#$cHUufr#I*t z;rfo)sH^pvqHwATmP#@w6e`|p2*NDSELac3?|WLn9BJcK6G!I!VGsD-IXMQyO~EaN zD7(q6oUz$z!|8CD<>Eo)-x|Wvc><3xX(OMZZ%~+lSeY=~q_%JhLCEhnoO%)1o!`w6Tp<``blp5k6l+oqfsPvty$68@9E=+%XIX4!H!8JAuCCR{(v{~O!p*iZA zgFX@WM<6vPzLuj+pVMHzpfw8SDAfxiEVzP^Wy#VhA0yJSOOp*EaiUjI<6!$c`CN zSwG&a!>(LK8i+j50)pMso3C~+6b@4s?0`KRR#A4TS60j% zQZZBuc->_hMTQF-wnW_W38N;8CnyETuy;l+7g@-Zp9th)ELv41*rAcBe$k1%JH|Im zw{4cykAmo;DWa%-g7yOT#DoSOev&~8Mfz~*+)R$?idb@a29bKhXZGIJe#*~J&WqgMzr^&?*+6BkCj?r4M~EGl$@$Cuz?uZ z8hps4VokzOp^GcKXl@C=q8%AA1;k_eV3?9%&xM3fb){u=HhP!m-!o1EG6_M*sN?PW zj*4f$6xPNd zRP{J1Z+uO!*hSN4-PZOd#liCU+!eSm%#xPS7^}|Zw$|)i_=Q}8-A4C>Hp6|pF<}rM z{A$5|s)?mz7a^(=wR$nL0G&xArV2~jd~$0|!2+nh4y%mY7UanU5JU1d@;^JLXrMNO zZOTm|SemP0s|wVE3jNm4?Jwu8ZLP2yuA3dEEQpb2V)|orSG;p;PbB_&WKL*b)^ku> zvt02D6~~znk*1_S0ezLtk$lm)W|5~vR1^fV{FXX=UaDw*I@G`6YQVgPJah@b|I_$( z8M~0-eLd_^H?RdrBCKX*;>aAWzvnMgr6hpz2%MS!QMA_Ox3o1Jv!FjED7 zN)=uO#BzgRjTe_B_2q1m>g=u3@?d6;3GBL^qnNOCjpxcf1K_{(p+e?ppD;Q$TRO^y z?9(X0ENba5T)Nvz6E+;$a&v@e1J9%U@s$u!60995I0tTLpY5g=XrX884^Tw3^@*!I zvuTBXsq& zB72LL=lViv-Ycgc6YwQW3Odb~lPWRkw1w$+~AjuO7^zu6ptlHDb{hFkPP_81Zr ziV<{S_ltIuSGDq}SgvXt$Wde^G}ka0yG!H%xeMRKp2VrZYu(zCCunLBnX(P!K{3aX zF2yfe@6b-B#Ry|fXVAI~atn&;IiH@NM;}PM5>qxH69;**4P$16r320w&-pLqQy$DW=ceI0G zLNjI3W_m7hiAscG*)mP0Bs{hJ<1$rVqb`iP*vweTa^QPzY{e(TUzEa8&@Mj%; zg!(>!&?UyZwH@xa4o7atQ;ve;Ru+zL(2ue!C+6#%!m--gqog|U(DG>=SWAP!XH~5iBT+GPx=j z8q_0(@N`gbcz1Vq2^)2B0X~*pMWmDTWVuxQ!4QRpN+M0H61)WXr)uQX|Df^})?kt} zW^vTQ0brnWMGjcto= zt*bJ}{C#Z#A6yYPrNAl<2Fa6ELw~CS>Ioa9dyXAw^h_htMoY(M+u%p$rwOA~N z#7Ea3$BMUdR=~Jnt*<>5M)*1%!Qfegxi;aT@NlGFXrPkP>Curta@nF_AggOYaA>V`Rs7I2IKBsGi7ml(@FE2KKD8XeQw)zvXsJL9Hk6q zC#!VkU<}#88W`0P&Q{)J($!&~j#WcMHtd3*>xX{SSj@eJ7D-|Wf49sB3 z@SA~0(Znn)n)DQV5-nd7kUS>7JB2w*Z?%g~+EG$6lE9+-z1DJkLO1m9-@lIEr0|i) zI4R8p*N_Qp80U-zU^>W6XevTR9c8bGDva@M*L3T=#e@0|p)TMOCEUY-*G!*tyI)xt z#1s^ev%*N;lQ_)Aaxa}{9T+36BAd;A@(q+&g+^34vElQOUHrcAiBn38Qe#Wq7Uy)W zG4+9-ZFOWVwBzRCfks(60V}T%q={^%|H=?L4;;i2ew2C2Gd?UczG2DH z0;c2V8!2O2u*F*ZbY~ZKIbCA^quz0g1dP`U?GAudnG)>s=c1zn?;TD?=NPevAWDhN zS~)SF8%xAFXx_UM#^>;W=8~#Zdt^T!g=}Bgdc@*7Vv|ossJU7-|uCX?-h(?aVv*5@V zu2vm$#cjVLkwrh{VFIqpQGDGfFj8{16JnHPmXbPjZ+@a~9=IlQ}+P)W@o zH_HT;rNRuOszv}}hDlPy{Wl>e3SxUn>~4|dXjf`u!=$hHa^LnVMPrz19IL!O^54R5 zo9i0+3aOvOvL@;T_fY9m9!6<%gCWSBX*T=~n$gbCVo$0Oa z^z*_!ZZDrs=a${heqJ=Ed2+N^7#*q^Gy&UbH%?-%H^mp)`0v)i?X!N-8?44PU$o z`TDg$-{})H$Oxh>%V;hx_n_*YCai?OJclx`G|jK!*_^hDzQGYKUwRx+60E+Bs5 zh-%ncU|=e4?Q;~ePkK}*RTl+jSzETdNy)5cJ@uJh_dL*JbKu8;b7Zm+wZ-|Oywg!O zsfYf?^I_*-l|%;1dfoWi_Wb>c==-pHXC5rn z^?~1gQt3a_bAMUhQ|?BQvb{Sy)!f#9E1h@Wze91jKZVbqhORrmpYiP7&&OqNkjz~R zE~Gd&E-8pUvPTI%wvCcSt~4BUI@o`!{ZhV)H)o@KlJ0s@A+c2TM*y5gMqIO} z>zeX%%kkovAk>VpF=_bSrlEf2Z>c6+?5~>klhu6LE?J3N0yHZl)wP- zoQJPFPa~x^w+)PR)Ug!ZXe^|pK6!XO)o1R)4*f*{j$TMHSP`+FzjaH9Ym z&pPnb5M$qqLR$7qy~dce|8gr|w(GXdoZGD1^lEZL%Q1{klCo?5`|fN_1oe_MJ!PzZ zymA_kfxj-4P6Tv#xF?WiDx*lF(D?=e9SKB$oCJR{o#I_ zk=Z^v(%Cj)-%=}3P#9`{(njNBj)5oih6ieP} z`C{+f$lQ3OeVr#%a(TYcdb(a93_XOOca*F-R{qaAGs_MZ8{Ki*%H%vZ{XPa3kUV?K zC5_+2dcs*KT(_YIo2-pW0+7X!2L9#ol0rSBEppaeC)0l@MgVp~$PRQUNdUxQIDyw# z!3aR;PyogMCSErp{_`Hjf7Aa@LG^#p|8JH2zf~jw|5^558~@L%|5@4pt^(=b|D&P* z)cg;XA;0CykEx;)zUZAyzhCH1ur~81+z&Eh*>5U%%}43Z7P?B+1U-tpwMPpYybrz6 zY81NR_ES#X$%N|Mv^%|4|0~KU856hISy2FM+)uYRBRw zTKesm!i8nNbyyC$X`Drk+8(LB>NUaCoHRF$rF^ zpBYWS+Hx5;Pp@7}``VA)#KzA>1v^PBa0o*s6Pk5B1Kqy%)28dk(al~eZuR{NWU*lm zW(ogFj}JdPd^{?R@27L@lM=-$BMzydgf?1>cE0A0-5;3ioSud@%WP;{^VS!iO>GYK zPr*}J!_53FGAuYIPyWQ)8vCdyX@1f$ltdU6-Kl^3Iq$8W*NjIb*St0Qu_B^XhYL02 z&T10E;{D*}FKj7nF)LYQ?w~n;Dyjdzv{4?U7z~E}x%udk{2Zureumn)Ob~B<{w=wk z@8v#m0~vldM6}@NY)7IQ=}C3w$&GNvgP@CBJLBnt(j<)nVJvHBN-X=HPIJffs%VF^ z^O**LdI6f~^Di*do?vXH-}9IHx7?K}(VP~jm!=`fn2c{y2Z-&@3oqHIvd=ow|9VYz z-XuegA6!o2+CzM3Yd*BUaWx)ow~`GF?_GBcj+!}p8ovtv`zKsBG?jGGVoOLo>(gF1 z=lfkx`vpSy3xq;#dyg(@eSHY#y$j4O zITOqsz?(erA_^6Udb*PrUp45+x~rbOcZQ3$KG>q9y!V=9U{7SQ2GOwSCs?nQ%X-B$ z`gzlSH{?Yve}1fG-Q7hPnn4OZ@Z>2iHWQdqoGAE{)Ja2@jTrVK_GN;KiXMul;;ohR?oB(X)G%Na|ojPsh*FnW0NRztv~= zUVU@Jj3-f(z8N`Ew6MMXtNYr^8VR%fC;~uy|DzyW;WssLY}>AVc7)QqVGQ~HTe{dJ z{pHnlzCq$lC88Ud2=rN$k&SMEX~K3I&f&#qZDA7(6aca;3;+cMfc!o3A8X|P7XbnR z0I;xt|3yGn(m|Hg{l|j3{~`YS!~b1`LhAUR>aVi~BnSY=hH%~J8~Ymp78-zj;L~)Q T0;o6rkK1xmN|F`gMgji?HWwbL From e449c3b6d222c0dc2b27f906a662ca821a362ce8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 26 Feb 2013 11:27:58 -0700 Subject: [PATCH 0129/1473] Update badges --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c009dd3a22..5a4b4cc47f 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ ![Devise Logo](https://raw.github.com/plataformatec/devise/master/devise.png) -[![Build Status](https://secure.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) -[![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/plataformatec/devise) [![Gem Version](https://fury-badge.herokuapp.com/rb/devise.png)](http://badge.fury.io/rb/devise) +[![Build Status](https://secure.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) +[![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise) This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). From ebeee33429e116325b312dd80a1d3c9a4ca9740e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 26 Feb 2013 11:36:25 -0700 Subject: [PATCH 0130/1473] Run image optimizer on the logo (i'm done) --- devise.png | Bin 20840 -> 13322 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/devise.png b/devise.png index a4a79e8c7aa863b087f0fb1e878d3d99b1ea2050..d803835918ebcc2bcec197aa887226535b6cec2c 100644 GIT binary patch literal 13322 zcmcJ0RX`lU)92#uP9V5D0fM_ra9AKX1eZW?TY|g01-AtjC%C%>cXxM}6!^s`6h#gOpFWw0MO)QCDi}`DCUoIA4K>MO1NN<004aXCnqVU z;l6Z|1qarb!WlUCs-MTVR7bkqoXVKL*g^y`zS`U z8TiaVOpVOUOcKZvsc3y&9d+N(&=6F4n`#DNc4dX+?d|!T-S6#XV`pavG+TKvA@YuD z==bX4{%sUJ0d9my*HLY&>!^)fxez`wZ#oXf%UK1mCx1A5IXSNH+0}F z1=NHDhEO6vZ6aGJp=OXWg1S&9=Cg5b5dN0e)w`y){x0ah6k;52hLC*&lsc@pR}}f{ zH~;$C>Ez_pX)W@3jw(hl9-wx<)+V8@u71@f5rY0-!cPexPdA4+&90~E-VT6OPzbpXYObbu-v07t=p+xm$7_Q6Kr8Y+@nG z0bi%w8BSC?@cy`;b20XHJ@9_bi)}QWn~9;;Vxow8ecki8g5B+G<>K{zy@$Gx#i)eI zNXIzb(CcM@%umtX^ZB$fz}@%#^}c66$M5so!#2k9XFUrVEy#lNayj0_y=4P~QTy@?26M&9foaL&^yB+zZ+dM@d|FhRg^+o?D2WrtDp(!deaFE_AACax{ zs&?YDw)-{5v%mYary?hi9_;Kn9ShRS%+{|zKjfeckh*<$8lTlRB+d4@TfF#KpSrQG zRpkusQf8|_Xqhg=*zaXNP5P!S9`mM)5UZ!t{gpSqRVf?QtI<^th8y3Z1-5U<^G>VCemG!FfUm>${F1Iw3nb)Rk#8AMJ|M z2+L-EjBpK1{sB}df?FS+_Mh)V`@1QI;}+#k|D*^wM4Kx0p%6R$uE)NHeApWGcaPnq zx}1rfd!?_df%9e8r?-TtX8*#qXS+~bsyg1Dc1|}`>RW+Jk-7XIQ|l?pun!j;nF_$u z0#evk_u&J8(4HMHR|?jh<}RqDt+#V}35~`7>1X_*j3uJDeomL^q;cJMkj8`R`Ml%Z zpjvEPW0>5YZ4LcT%}LG35AG)IDuZ0Vj<;OD_qW#Qh_5REamH5VSmkjAz>g0F+u!A{ z+MM^tb#7VeXVieSMFH*(B-?m~+z8AgZ1*A?AeinyVgb5PwjI8&Grpa;pRK6gyF|L@ z`S|dRZw~&srzw64*8;w}?Ps~+mn#B21UI3563WaGz)QB*84m5GcRw!2xXfdO?&yOZ zB7Z;CQVJQ#BVgLMoHkUP`Bze{_YoM92uXIt2|aZd-+4Y6e2dw?4^5Z zI`55kNr-=)!H;5!Qo4l2(Ag$j72vq(O_+u^f{;{cfN%dz<$QfX9#*j9_bj zpcF;XMXt=mmg%H)5^`vl4lB_MTCYp#<^xEsZtGYJaExcUE-_fmPbsjGa&_LqpI_qi zhmiR`h@D1>RIj+-a#|-l_`|%zaGLA56`ep2JfF3&ePDY3Z`6CSU_xDC?$B+q%7(!| z6n?*cD<7(9wGs9cefcrDRu;k|ndAFpwUvZH#3^}S_p5j2Q>fgtmqjPoqtRm zg4@scLi-}Su0gAqDq2#^JUN`Wjclqv&bLou&q`~l0j)+V;2QY}O+t-0x8{vt`i0Kl zdU8p;4G~Z5m@vHSk`P=54NNvPu~cN(kP)TwHKjl@>Qj!%MymShbt^I~Z)oPvB0f(( z%?-SmH}n&#N~(t;L>Y2f33zIvd(G{3V3-^iI3LB;dsWx&G$EGE*dXPj(nd{R3U9>9 zaS&n_#3sUg(s)4@EO49u?i>XuH-kLgEj#oe(Pfe^$|l#T^OrTo9s|3?Kb68{b0=Fe zd9q5hk8+L#F59<6u}k*V)Xa;#zg%-XAfMDmvaO%;o=wfr>`8c!BgyH3M*DD6_cMduxA(dheF}xN)9gn*FX-+l?Z9zXZ8PCab#<2i%ZzoNe=Z1Qbqz{ zW*^NEz^IZ3QTd)~V2bVUSp3~hMmer*u_xp(kzCnhE|lrS&*ZD@YJRyI36UZ5sbiVM z_Um<0foD)1=lO>|bbdKNHh=2^!<3jzm zhtiU>dpRnv>i&Rg2~y(LgEVd}oqHNusgtA&xSy<|Zbvhv#>0sWo4-+55d}^lFr0(X z5v*AW{4`{(B(JpiX7KLjKEA6i^FjT=(ojO)L!h$tt7y|-zP*E3uq$C5yC=@eGDpP= z+x)wU>W+xvdkpHxK%x5;XE|~uM20>Bi0o#1GtVKfm@{;|qKIQ*bpiM@W2XlC2zSGA1Aq0>E$a_VQXXq%Mh2705!&f1|-Ka+a5wJU_m# zyDgd%fRQ)|am!TpDPh5c0VKPzlSaes;n`m5*3iJrVw$6hh9&up$SI3@D2Oy>^LlR> z4wMo9XLDwEjKp9XQ(TL}B(0iks{85%196Ape)fjk&4yrHxZX3ear?8R8q+ z1AeN^Bz{%zUCE-6yOQ0px=14c&wY1RBGj<$MP%{AvZ6uX$g5R6f*ze4?%5*gV+2Oy z0j)5t-bfJ^i0DCx;YP>S&R*ZVKM%RBD8q2Wvs^Nvw61v`bI>y@KUI)3G6@l@%t>gj z#uI%OJMs{*X0n3Muxm)`EW(o|a~hIS~1q-`a zHg=y{_!pT^c%wfI!d6#OB0Cf1zJd`2rs^xGpdW1;S>aF6R{}OSz0YP++!e`g=BBJb0f-ym->g}4m?AKk%U z!|)gnaU5Ffc1@eX0F%<~h3xV-Bjh3AluuzmbK^~H6VGNI&n>&UtPy#8a>OLJVLUW?rk|~{A8ee3g zDPb;HP-~u0IdD+bcDJ;JF!8P2L1()DBj!;(Wf???z(1)|Sw6i{e3iapdIXBWyZb6U zh$tovD383jpI3=8MO(=cm`8G84yxa?p+U~tpY1say}qtU4xDmHCFd~~G#hOUQpF^i z^jK;_DZE#6o6H=jV*hbTQPr)m#awBS*Db9H*T!d<=}@Dur)v1kbE#gV{wMV?5e^2g zyrft8!gBhero?cXrGi~9EQzz*t-+;Fun-LxNK+uwoc$YXqp64^-jExIFU_RiR8a~= z$M#&@5allBA(w4d#Faw9U}7+i$`m7HY+Q47I9OE!AF5y5ZnApKC;qZ;*ySInPj0v# zI&`OI@epY(G005G{+*l-Od`k}F5nrKh|U zSk-Qohu|tnnS2JL5-CD6!>1ip-^v;P#}(`6NdFKBke$uUl+++qj~+~h_SPS*tw?f_N^A#J%xY+5CE9E7$LywWrE zlR2URU#{eWIrqr7z_moF{ze!`tEHzxUq8@~I)tgczRVAFq8+0oxKITbk6v+R=O2|b z_?>uByV9aK6bEb%#C#pOFNMKhT-QYuE1of&^0_*e9V%%MF0m6_^(Q3jREkWv2oYmDSBiHj8%87JYX zQ|;xB7b}^=B#&WQOqaqd4}2r-vq8lKB7EtnTm=2dXG1D)?oet^u)Q(|m1Ei@nDkpw zJSFB?mIVyN!u#!%T5)4~46&Cep=x}gKSl@se7BJg7|4f8d)qcdzW;)O3JL4wsSj#p z=>MtosNw}Bg&znuU_z|=sX$r1`h~Hx24S(Cyo>y#Ne#_9V)%QG^a>0H-FO4b*XdPV zuf6jt$%2dOkw|T#ebK`1V;BrUqhf#8#T;O8oY?Up=xV><&k@^Y>8Ph~j@z0CeZ^7v zY`a)Zzg?uXXP>Vuj&eDQQ8l>gtr)$Uwp zUv)u_!*<&WS{0v6_fWK-9!H_jmb$*0G8`TfC?lRzsnkC(Lur% z;h?&n3Nzvi&B3_yA8NmrsbSG+H9={ydDSB&>mGsgRvexMBbcZpty69AMG%33tW*_u z8`a+>R>Z!Vc)CHVATTG}TbbWL1;?xCPrY7|zpK)v&DD=X6w>4%w` zW@e{0K*S6t=jpXa@f1g7c#%fzQI&wv>c@-L(Y|+ZYHYJ3hgN>Z+8q?dzGoO$;4V~a45*Q%}cbv4eApn#4pu_!8AMr^ZPes7i0Eek-ul*1@+3tL2D53U_Z)rzQm<&sdj_?d4m9fAS}f)#!PUxX0h=u4F1WWJdY54+Wu;jdcj*R z2h_AX%^G*?-J+WqVS(*}Hi0)1WvAG?Qefz6-FH2qy5sp_!XaCHC!B3@k1;mvKv$p}hOE4AUzZ2;Iw>p%bDHsZzoA#b_D7XwQiJfelB!F_Hy>lMz+<%ZQ9< znJD`UpfE#EACBan(NG;-p)wH9lXh6Ajx$hd$ZvO*JMFsUYiX-nonMMXEBR*)F@>mJ zsi<02)t_2xd;0a$3r2+BgvW$Sj*r25t;JmCb^Cs1+kEX@?c1@=ME&`V<7*Nj?zO89 z!Ny6r+r3^_TkjWEUKkwdU;CtPb5}#+@+$msuD0@@?{+GQMzglIW#dyh-O@lwzTaG7 z{rT>HPReT{W}guoRZnw};dm4r*wD&D6DWA`F93P@$Jr1pAevXG^0MjFl%377bO~Vg<2~ zpoL*4^~#hin=Ls#Ed@zX4-&i|cq=`fL`3n1FyEL0tDxlPq9WPs|GI9{*P9f9q>RzivYh@CBy%4Y*6B-J-L7b_Gn1UY>-=Rq; z+U^3PJD(%>Nh%7jrG#5{oW}D<7^E?bOTm67JH2$+~_Dcj&95 zL##HMzZCA|fUI14b@SQ+M=bDhbP#L&!pay|pUHRTo$pE&ya@*Xk-@*wPLRtqo(n*uG(Xpl@_ z4d~vSnp}@Qq5{_J!)@I$%p_B^ej_PgV?4^DWhC+| zTXCTh@JZ+!3{T7}G=B1~E+|O1CyHd$rEDO0o_}>`nYNR7QbxSW6yXb(FSU2fy%?(t zpSd;EUvv}(bR-2-MiiRSzCUHd&J1=pCI13dxsicD%bhy9PG_r58g1tc%Yy@S97etJ z^FJCeJO)SBomZI#!{HHUVJd_sJB)Ib{P1#4r7piTl%xSN9xI0}uy8pD^Tt+!f~o5? z%o9CD-AosnI^JljTQ&z9vb;t~XMz(+XY6LGTH2&}h37gUjWKs<)wEiHCUKP?LVMy@Hf z!n(QqvXLh4*+=4gDDxi24)$z>Dz9XCI4`$PhWVZxot(6v>Fv>Cgr7=i3uu^f2e3RJ zez$NVGB?^Tia*jRb{2AHD=#;@*rbQFoKfA5rhO6GDb{7A!2fLU4^3#h^9`op`c~9a z2m`}c{U8MZgxf3GB8=L(t?+xo2gN`W;Yl=;$Hi+pYHU{)anqZ^0q7>3N@oUO-Y!~y zHt!?J_&ok*2odt+dwL4-(_nO%#_(RJ=SLC3dxfMbqD8xkvhh-g|5N&~oX~Yz3NBP2 zv#6xedf3X7to<{k6^r@H+UvU8<Q*mrwy5>s16lezKF&8T&WGJ{NX&|^zuI>Qx4vz zI8WRT@0fG1l|SJvH4lOoUPvHKT~`$zZ}FUqwkckurdD0GCj-GSm#ISQws|DUb>+gZ zZgjb1FzAp;r9lmaY- zdO#h5q<53X66KGp?ucj{(ZcwZw%R&84?$6)D5|F6HbG+w+AvxzOr~Cwwcy4AF0J?S zJ}>e7Zm&@8Szb?cu5aQ7A(OMDu&x;NE;2v-@_SwSTD-Juicfc-T}5!Nd>g6A@I?c^ zHhyUVMCMbpWFZjv0SlPLIRtya2lwA~mR47iI{i7Kq-x6|vURq9x56rtv-h zHYtdFU$LW=a*8impTaEXbXupM1u&bc`TVQ9Zr3H}h1QlY*i(w9$ItY2HqTX5PFM@e znL;gPtxm)M)=#(n!QUX%>n!}Px)hsqI1_VJX?R z)fchqw6|}lcIL`YmyFmWF;5`Lr0G2P>(9BDZ3=DjhQ=>pngY4XvOzmN6QQkvR`@)x zb}w4ln=E1!H~HJ9u9*qDIk1kq-8^6PZgGmo?Q9Mu2jvi8rZ;xWqHqFbF*ET>mM$GPjxQ5`C>1xmP6FEmp;o9Y8<$G;=7ER7}{ zl>K0Tt+Krh_29z(iDzhb590aS$?#avplOiQSov!M6BkT zL=^y%5jJL~=7Q;r4NTi{Jv}fZ$AkbB>q+EF>7(MLDHNcix$s%)v5!ikxS0#9Y&)-* z5qO!70&|O^B9$WU3+x%FxyB^Y>)zBlosdu(N#+d?+nieRGnEJW_v1wm0}wElT5(YZ z1(jb-YJ0IV5^%H>*!vD0JFk}f@J!Thw`>}kSuIbo4myok znFY0g@3wIS5Rsql8*mmMh5SdY3)KM6(0a<%cs70|W|&6n%6aw*OLBNBE}J{Q+Mkxq zbU+AsJrIie=~SA?Zj}0wN}p$8%V*encU=pdjX;3$iC=MT_>}XJC!R+la*^0*wn!(s zR-gl4|0gBvg19eNz25fyrLud!uJQ{M8f+zO*~8A9*pd&9Ar3T3!84 z3#9H`An1GsJOS-4;u*`H9*o0cGL{CUwo)Q#<^W{OwTz~gKBD|R8Djh_TCIR`q~a}? zxB;jnxqHgg$_`OV6E(fVh)-k%(2hA=+)+Uw(o*>;@^1s}Hqdpt?y^6nE!+Uf7EoAG zr2~KWB@F8<;|gQ!9T?uDK7B2^Y0?Y8=l;j=dfO%T`!UvDwV8RYktdOolD`$5{<4r* zVV@};zDV@DUiX%KEk?HY)KG3+nF%a6e!{R3sgP6MDW#L{8FFkYukmlD&+}iLig3S!#?u8Z-1Vb0{FM;-_E=4*>BFgi zj$`TE(A(iM63lr!VcXWGYwX!*n1va{bsnllHN~;qd5l$NE~%}h=-bUm6F#gzj5=?< zbjzXg>DP?#Tyc5-DtLHLk?Lml_e6D!ZhI3*s-?=QnS=<^3mWt4QqTU` zGcn7IrN@I^4=%R{2Ey@}LiKQXc^C3Uy2=*EK)aPfrNR@=T2{Vwo$5JUx?fDsJvH2U zg^~q;o;OkwX`U|BII^J=y@uKb9_FnVTPX1EO4EUz{$%-`JiA!0%EF$d%|TisMy2`u zZt=g?!*KZ{s*@H0*ASRkfuPdI{lnUiOg)h{xK&)BF=Kfd9r%>ZY$$ITn#lfAw|S_O zK`W;)AYuLmFYES1&=VgEzRAXtLsl`lE@6+|y3wM>>#f$==F&^FDL|`!SeT!Gh}|?^ zR2w?EU*m^cfs8hqM%i>&AAU|=uwYZxz6-7f{P&58BJGNfv5c?tEXD$WlZ9%kBBcyk z(Qo@Pm(#TQ{BdV9iz?nbwG%=apJCv%h?RwM-pEVmS6*s85ocA+KaxPiT=0`p@`S)y zd#ofEbh{lBH`9~>aG2!&HwVE+dZdxGWN?|8d1BBY3J97S*`YJ6LD%lDFAwqcRGd-s<1A!9>XN{6==<4#_FnieDNazyOfVPh$Y2gnW4XEl~^R*k#NwW3nVE$XmR$S6IGzE!nxy3 z>Gri+4LJ7Wk*1Rx#skObS2OO2R81uO>koclmH0Vr^{8}tkop+ZqogCC$rD%XEn=;hG@W1HVap}{k$Ik(@Kw!EbCHpIDRTEc;p(dd-AM{qYzn$;$}y?zt#eOiAB{i!rVKp{`$Vt=SwbmC!GHoj-;;Vl2VG0q*K!qC~=x zBgmXw93ioS99voGILv2VeC@pkYlOsq#+x1{XMstcX3<~!SjtmKaoGr->KmoSmp+=u zs*4_SCCE^lX>%#vtoKhviD`rtY3WYvRd9oDs1VCjMBi`vN}(r{LYlC6D!)i$-Rrb) z=$j~YWoX}W;2G2_N;M4}C#NpaI_Oa8t#%!r$iqtFtS2uZGrUg%eNc&Sw$MsM;2PR6 z$(6n&v0(untiw!rLs95jOUlEhuPhpFv1S`LdRcC};BXHuz7#HYgVRFIPN!y?;rw!0 zi63gp`h<#gSHmVD=rkfTZko0@Mf>hq(0J&nC*7qqkZB@Hl>=K*l=xInB2md=*s&t_P5p z_4ags&@DJLY9#3`^S7WVu|d+4gn5&@GFh5~Fu}yNU;h#ueiHh2V9-;sm2QnzSg%)F zjp3i#6pks$ZuS#le(}O6xxII9^ti*$rX3!irJIK-2fwf{Z1|{&!QRm(+M<9j7q;*+ z0@ix8i()XU$#A8y2upHgLSeq4ax{C>5YDUg-^u5?BoWmm48iiRtZjEx!tSO6GujO# z=Qh4yY>JBG!YFB&qc?}kHhoO~i3RYmM_J`h#AU-7Wxj|~IREY`_6O#jvu-Y#xBy!{kirT5*yvA>UBhvD6O z6V$gGM6Jq`-?(|=n`iPu)gisF1DSd)K--e~HG8!H-2Ci)F#%xE*#cB}_NxCvwA1He zWx+&MB1H40-KLAIDv5=M?8a|K4N+SNKCy~ULe)&CgoJ|iIx5pVoeI<%sQrTE130l~ ztVcCR4&BYf*4ljpE)z5i%65NHU6d7a8o~6s!&tJvkuEo7uCurP$)R+3=?+3+y49o$ zDXVit_Wby2NcC(4arR1gbV-&vT(egwb6wUoxKC0hOPaVD1J~&!I8~sUoj<|Eng)QU zF2W#&sCye6K%9fI$Y<6nB&0ky`=?aDm&r-7T&mv#k7P(N8_w=fzQ(oZw7!@=XAJ;5kZ?b_JMmiZ zXGe|uHnFX6>+zE29#glJtL2g)*f~FY+l83SJS3ex29`{;0ieVhtIL6 zFnv~It-W!{+H8xb_IVi^u&vzfwsMUd6Y5yIKtOD#eC9@HURE-+sK8>#u)JPZM*N^O zU@e~QX_77LT+9O1gh6xQBE8~Wb*uJXeg|pZqD^Km=IFYT3aH#&wofeEGb7-5SBb#~ z#1QWE{3>${BjUlGy?C#7!uKG5($Ekx4^!1!`O4O3<3P%ahIlh7;XoF>>UH0DM&O6* zb$2#lcptQsjbY%{c9H*Zc66Z@#JQ{cgVSx z4$Q^-$mNTINVJ<{9Q}cK4gW*VJDxy}*T4PD{`b`D7Z<};mj{Turz0Sl@WsM`ENaZ~ z@p_O|mn>m^g($zO`81Hncb1gnYR^*%Z)E~}PWdQ6|#l&y*D zX^#z~o@3vT*pz@d#`fstVQ)PlJYZd{c-3?sC9YzHBwx!u{IdKU@gF~}LnM@G^`n24 z&T8ZMS-Qhcr}wJeQw*G?&`{GJ^_hgKb+ zcz4fVw)td{2YEAz;(nqC5uD-))ApFgOFlBQTGsIEhn*(#>x)C*gn@_#i4iFuafjRb>p<&Z@kEU6)+o-t z&r#;!x98i`pX0wDx-i`2hDpAIZbckO!`K8bZU@I-qf&3u^zzTAzmhqmtdW?qt`nNF zEn+UV+BicVd=Ejl59-SMsQh20bK1zIbG%eDg>8&WqK4l;Cv^Pqnck{;yCW-yo^y4b ziEs$#7_ko&KENG|6l3kuC(UShkt+q=diuT?Jol|f+CI#rvRnM*&D#EN z-<9HhqSABJ|K7f7Kn)g$vKe{h6IvWhlFAlI!51}&)Kt1Ysptyf~ooEGAe>aXmnNd%>?rx7X zmb)~V=~mnKw>NR({O%24BZCe^aR@agsEScGsOdU`3EjO+MBcp0gv7Tt|H8L1*p*}ni2LSfq@ZN({ zEFuOZ!^}bd0@Op<{A(ukK!sqZ!vV`%5Fo;?sF2KW0H){OG@(w;&MCpq2w<06sJWo8 zy;cNO6OTR;sI||KI16VHf}HltY;>r(SO6rr0F>0&?)RRrqyMFUtxr|_MoTN zmEc0YR5Mkx(Y01k#MP1{fF$=L|AuU}6)9PVvZODhEJ^yZysC3=PW0=|(1{b}WZY>l^YQe)F2o3n`L`4V5x|I-M(juh>JEulP8%>O}nEsKc2MtmWO%jQryl zZU6rG6p7dMXd05T>*vu_=J|lz$0Zhab>Y6iAamW0(8;BC9SBL!enn>~Y`=HmID=Sv z=l%P&;$(KJK_J{K`(F842VQ@q*wYPkfo#R|+$xn1JJ%P2=_};Ptp*N5t?JJsQK}kk zDE&JUHq3{CAMg_37e6_}>UiwG-r`Q_#k>}JGjmH>tp~m`9i5)WbtEVl#3(30p%5g_B#5POa zRR)izaHU1;T+;FSUN)cZ?5~eEbh--%dbm}$(>@9Eo4M>Dq`v%w%YM0KwlaF1CKjE2 zLR;k~i=!C$r@Nn>-a)e&$4;1>?vIkf+Tt8?>*j^26cTOZ(PIyO{J}Qt#w8=U`|WY{ zj%;&vCNSdbnQo9PSgvZVIUs4)_raQ2MRgf*Jy?l8<>Iiq;ko+0TsM=~Yt2(17pQ&y z8dhUBc47A{b`>$IQ`J=yd|v&WVrU%o*KboayTa+q+0rvkc)7KTP9xDSmIqH>Yky3< zi%XN!b%RY8vTHEJ^xYWu+4SB%XvVdEW}&f`X#Py32CjVfOd|2iDv+f2_&p-M{?Ee$oQ2M;{Tk z$MQIm)IS?>1nuNzN;$E?hz?q9rGXIZAj~nvhoYrG4BTq6|4F>%J5I4SJ8pDFu>nHc zXM6pnC{l{kRh5-BJCvYZ{w zEauhtw@-B74uNLucRy}}2J^;j)0FbhhGBxM?ViU;Mr;c?GL-(;)FNbIfoD=@kfx6U dzx9Lxxhqll1BZn0@sAHcPU@RvrMS`W{{b^W=}Z6s literal 20840 zcmaI7WmH^E(*;U!cV}?-Ai-gfz+gdwyIXJ#?(Xgq+%-sW8+33IG}z$5-Qn`Q-@SkD zpIK+k>eF4-drx&&)t)F7B@hNGDJl#M42GQS=dUm@A57n$Q;`whKPxwB$6;XL>1?E= zROFAWPJ|6Skw$B z2pU_R9;S?HVEvm%h~S3czVN=`>Ss|So0e=6jmY%sy1Z$+w3Kqf)ch~eb3cD8!2Pa1 zRANtpOyY9%6WmQ5ZIMSKLr#)TUzKiYd%a`+&PLHF_c;)d`;pwEt4{p3ZB@YUMS8lo zX+!*b1vsDQgNLn#&G5^`^_(4H6jh=IqQuXz91+wacOi;&Em?B5nHa$lkEU#CIFNPF zSSJ0fO*V0v-r`JfZsU5x;>dBoJ~jx^e#$LvH~WPZwa$90-V+5}Y`F%UD>N9@x67FX zAlxTB&iTT6QmS58Ci}Uq?}LntYVp?**AaYXoyyU^JbiQL@&OPx&fd@;WscGcEV^6a z{wyI1Jkz{yUNSpKsu)$X*)-Ygm-nm6GRk(=+zVZU{M5~wfTc|^?=7F)2}BA6HrIAl zAWY5)@$(cBUMgtWI@DE4tkh-esG_}aX9*i7j56DIrVXT0LNGf#3P~V@^24)-3<0&4 z-c~p(O9-9$L@S8}YjekLh{Rq?z%C)qJw(8&!SAo8t;KzygU_F7l?d5Q|5VBgm#E}( zr-Hj>_(bTrM?=E~Atqcj%5%7OYhHp0+asZ|O+?-7MXII3BlS+bV~yHCwdD`bl%_wA zKayGDl{D}#__+-9EMv5 z?w9Ht*`Mvd!U`LEN2eE#pL-0Tc+!%K>VKH0$2fA_)R|fNy3$x&`tKoVhL)ipI4U+V z*Sl2IcrK^qq^nHOd9wjZeSM4ReLP( zjT2}s*H_guqxg>h;x_mLiXfQeC79l2;`{!qdmyHmt|x>h{y<{=sYlvl4c-1!?{mc4 zfbfx~wO$3D-wF0jFX>A7xsvZ5Pf-lgO-DC$zgTt$F-c9RVdIJXPyxE;);8-Ic&9PV z_*s~epY*McpH$e0=8bUH;tHq()nafN+Gi9j`{1|36_MAY!>blEca9n#RSl(#g_uY8t@#z_vSo7KI z+;6#Cv3*%wu?0?xnPr6~N=i~uCt}MYqhkbJ6z=A7DW{6R$_qoa zYlnx2AGx?@VS!3n0s=eGpXrf@H2+)b8YO6L1qaek*x0$7t~Vfh_ZP3O_w~`~=8skc zS+9?oz(Z=v;OhEqYoM7DW_zS|$A30GM)f&}@=CCNf4V&}84SlTIaz7hiZOaFqO5P< z%XYe&uw;f%6mFUUCN=9|g3sYR%e9 z>L_}J^w7@J4puh9u3x)e9kT!PJVesC%@yo2fF*jZ;(4UELE3X&%DJmuXV|?m65M9L zO6WP|T;O+mv0tJ<{eK$=7qm8og9e_=;g5Ja>)qhgs?$GI`u_5GW8&iSRdtT*f1_gI zVLNMSEp1i?!qCXgH5E29)&6h2;>bRS7fB>cfw2Fx`XBP~LcHhie&uKS|KWfw8!xad z@jsA=xnaj}uyj5!KmBiLBEY%nKX~3EB2zH_hkFn;Z6e?zksz^2`G4CnhQmnqe}+oQ zyw6L`N@Y>-&KA1&1(o>z;|(2rcO68$@5=#JlC6zr3ym13ToyHXWs9o)-l~J zh^g0Vhf<=~#=usYa7aZ>>b0|6gr zP2OJaz6(8_b~;wZ#p&vV1dPS~a2dGIduOpQ$J-U~4Uft8`?{Bv=VlO+h?ol%kHxW^ zvUl#6Hbn+ALzeo!hWO{_c=YW^R0E~^d*So=h*ZqKS+q!m!zn}kvLY91{Dz-u`mNwn`w~>JN68GzOJw*Tg)(~P# za-4pvg2IXu#DqllxDrs5JqPdx)CwNeM+~(m{#dJvcWzZ?@UG1`3OO+P3yVe+2swk> zpr&|2i$B`|5Iej1vM=p%FRQ&TdiR$Zy@1nS+wpZx{nWs__Gt{@LkjTF;xud8*HZhJ zQ{k#ku9enjvUoP(gp=2ex0j8z{mt(^kALbruwWB9wix}Pj00RF0K9ksXr$AO1X7rl z=#fs4jBzgL`1)v$J!UbJ77>|vC&I=0#D9;c0LAEjfN0=7;B2<2PQbv*WoZmE(Yu0e zDrMe=`Fn8gnKxr8-tI>tGTt5Cvhv@v8Zh)Z*=?5NN2MMPzdG~3>)eWFtwT0?dt7|c z+DXcXsSR+7A|T(EV6{A2sNGuKcx`?A(dd2it$s4#)+&In>pYC}`fADA&2XarIJ;}~ zjn(Ku{@3-K0v!99kSEOsb9pXq{za^n+aGzhZ4;Hd*DcCdYTw8Cf?En1HrgdMr^>%d z!Y9pt%S?R;ln%BADPPaoNE^{hq#PpvF0umKu{`=l@{}V-yIt010tVxhe7CiZezt^i zy8cU2c1F?g%FPvr$+T~i{2RwW(SX~Z1?2vR8UD;7Zx7RV`B~#4(`I(~y#*uM4wn!0 zZ;zagGtVy@Z`~O@x;@T)`zo!8olL^b$Op(qQpHRT#3u8~{+B6(|GB`a=X2Z`F+zmp zKYK(8=cm+AlzcHU>NcMD_&bp; zeQ_~yfvNS^5 z{Z0LaP#E)GPtRUY**duVE%p~&MiUnYmF5ppcf|`7rh(5}Si<90-E|YF*RcXgwXRYE z-8=N0hq8>r|1Ke%-@T!OoZk0%N55J2jve1_9eJ)P_QOO?%ofC*pT0h@t`PCb2p!v9 z6b%{5M8y~+Yg*8ky&Uzv9%W$^@8(WxlrKOVBX3^MM*_DTu%Yk@7Q z4}73a()wfegLpp=bQJ_UkDDM(H%E*6xx>#p{I>Zs-wp-ABt`)*H_JzccOAJVp)i5( z=kPp2blT!?!EiX^ouESPn2*zMqqGSVHMU!efktWNvDG#pfSKz_%c3P`zyrjU0$d+A zB>1M$Jh zPepV8^01_yIowEu=&{M`@p}lg0<~)NpSErIv%5umR;mO%Z&McVh*iN;h5DP3rH~uj z4h^GTLPK}#8q)3~$S=@G)SD&J_}$2XaK*oxqP>og4Kr{`gp=1?AneOoR{6^VXkFAm z7b>d>tNQ(9y+?dR=5`S<~#%FS-rCUt%~qn0``I@S|O5ThOw|^7SVzCnn4X2Fz9oRR!jI|Eu(h zk#4TKB)#^#kV3n>-%j96!+54Io^*BtE5>VIvfBH8W;{sndFOh-pCn6R{SsjOncta@ ztKnFIQJUYTN<)l?Z?x6*m#o;v8J_r=uS1Ye-Ku1$W6Ok74{?Y}bo?b^*M(SK2=eRa z$eic+SK1=wc4L)wy4@_CdL^Ybn+ZY>=((NaO$ToajxUop(x)ppaCI=8?EG4lQy&?va1Z(1{_ktrQWB?CRff4G^oWaSrcy$h~vIY`f1P zb0-M8N`MKikfbp@7J+!~QDh<$X?R<>nDWlx=Ph>aeOi9G+c1I{?=%B%DwVyw51Ok# zk5ZCXeq5rHtM&ayYO8jku3|kFs9>izfMO?Do~FY%b42AI+hTpl^tAuT`F6>fSL0ck z5&>n3s}&hn5;~-t*76#`AXWCu1$3 z>EIv9V?242d5F;i>V;TF@lNX>Om>%)Hs26WD3jP$4tFUx-Uzes2t}kqHg}dZkv;*D zP;2EF+SM^Q3s}cehrq=ikiXAaFe+<@X6*A@avtz}sDbn9YFQ zM~DOdM3it(2hp~q&?R4pOKdIuo?DH=>8}us3rO%O&%;PE1p~?Cxo>gF8Cg9!z_JZ>j%BefP5ge68 z6Q_7?hdCb5gi$RU(y~6N{PJ7*K^{3>3U{LNeijf($sAC_YkV0qrfU}|E*PGE;F{1h zjn$2Jrscn@H4u(LmJ4(Wwc3(+|6Qy0cyjW< zw^*;g-nI!F=%PZ~|1qsCaSu)`Lh|^?k8@;OjP!yV{yNybKyh2}}7rg(P;ATEXQ%vsE0za@eJzKlI;3`0AN+mcNz18R)Rcr~W%-(->A zIGT9Lw7$RcO;=f&NPb}CdfWG=YpM|i#MaPzKg2l&W#3a6CMCi)?;CZl)A;Z>UQ8Up z^>^C;_GcEm7UU}3uxdwZ>t)yIb=TKjir{vfXgic*SbG73ZLc(V4qT$Hy4S9+kPmzw z1iE?k^$HZyu1^b}iA>Aetn3QQg6tqWx!>*DD$tfQ0Uy1+AbRUi0?!E`cj1)>a7a}M zur&ShciL;caX#tP;>bn&Z=0sOJ$jn5FaGWOjqWW^^!*sV>nf!@U{xlM!2le6@+_t= zBPozF@&ezvJ3!3!2&uthAeRweWFo!!f;I1>TBR~_zg;y5PE2C$q$|~^_IBo1-wE`6 z)5tWm|L(e?)weh>01NbwrC0aunY*LEh!xzLX^Iq?cZ}}%wLolk#AM0IJIH2sZXAC% zrx%j<#*<@5IhVtvpKI>*r=3PK483ipLOd%6B&P0jU8kIJXV}p?rahhWP?&caK~8_2 zM=TcX?Q=jnJukl)bt-<_v)8Ofy3zN1>Y4mhZGb%IES&#%5;-IcInh=^3UH25ekM8_ z*=}hxXh|u(k98X_pr}rdN_*d|A}7Cbwfy9}=+DKnz5jH7&7+yi(KU_LSBN+(@5k;} z;ogTC-G?cr)D$Vdav@6lM^C54(?Y~ghSCWsOef65cGMbBb_>lEdBn~RA`uX65p=Sp z!eMn_!01CMQq6M?y)U;Sz1oEjli7^0aheW3Uv)4~kci$W+I+mAg^n^%We3y0v7M;BJ^&fC^$0#sp1$g*aAu&iE~S zku0uQ`D)s+@h8oj zvo!8%=3HA!;XKcm_27|eqnCg3WGUU%cHJlTj;nGVT|FBQz9U&5_dVyvc<_>)ixpbg z9vUrb@!L0p(Juc;B<92%JFn=~hE?A{tFXZl@la4#Q&AX|*K^U1vL2`g{5yC8IXR0P zd&yLMk>$DTw}cQZDt;|4MMnn$dC;IBM8>oSth`nnTS^3C8$NtYDzHXDJ3Z7-Bf9Ik zZK-Fr;ZX1|9!Vi4VqqQ*98-8q402N5|CYz|s#G1KQpULU^X}#ofI1a$bLc``7PNodUM#k;qBz?w1 zlP01RD{;HPgHvF$2>DgvzP4X9Fe$JR<{yL8$A{1F?adNIs3 zEKLyl(JVJxWo$k^ed0YcJrka+B9w@A{mWt*n??2a*)%X9l@n7Uo|c2{y!NS863pmo zT#uUod-mc6hLW!)i9zhXK!~FT&G{v4(2l1Lzw&z7M08c)Zz73Ye0bg=_L@?T!z#5O z353pcsy!Cfxlxj-mHvi?*7|-TcRGgGD@~dn8{HqWP}paoofsO8cVoNMJbY(13=Qv8 zi8d_?dOYl4`p^!~s_obu~;GH_F|!lY!t z#KIE33h`wL1LWn!&Yv%+dfZ~qY-PG*foo=bna!gbY<5K?l%-f5zu`?5n3h?^N#P5C&3$JKbwScqW@y4>ol ztn%E`e`2)`v?=D7okoEs8z9C*S`)?SqNh`>+fwy&(Ut_Qe=`ig1lLqM2@gbsvAe6c zg$}gNTOaU9NvgD)zf1D_-p=DF5XNC`JDG{11}tBO5g8uH(Y4L-d*Rz_9y0|TZ&`5q z=!BDVsme&v4}TP^hf2HsSdyZu4SY491n@GS;5P~#buE}nb6Lke#^ zrX?-AD^@R!%U+OrVcs+qzSNO0X!*DKwMClE1nqv+FYErl|HXU7L$h(H0XvWPhoMp< z=@k(zi|hUOT85I6o9W7nh?aksCVBu%A6I<`i2v)60_0-_)D=5ko9tuMVrIZp3+~>_ zSwQbk<_OgxSG>FabVHt_m&(3ScSSO>f5w#p=(gYDr7S9#Z1tVLxr3>8q&Y6e8kbbq zFXg6HcOf3!ZrbA?vv2ybV-6iF&-s=LUJnaM*EUzToOiw?nKq@V1o?>)>;iaknyLHGsz6%<^INv!maUp5N7N-Fh=l zAw@#h*k}JefH^iX~dU2P0bdF>?3dWjU z_u&MX0Z&mrT?oTuTAC7bFp|q_&tE^LXztHqd|kAQp2Agy5i|2W}FmT&=CYtA4ukAqeu51Y6X6xxPB}%8jdc!om0s&?6k>l&0*HyR#SC23i95@0@(|TdFw+HH+}>khcpc(XqD97 z=w)|bo0{#m8%E>k0UG`24dKPVWB^`=1TA$aJEXN5JEs$)b(4qmUl535-W@a`<8XOi*CcBgxgomB>d#>c~} z{$`=;YHkMpv3nmxX9-$v>K;5x$4&Xe2s)V1L1SMnm~v2qOUf|QRB zqwjmlbOjqbtBE4_q5S4LruROkM-byPl4>8=*B71`m4e+f=i@o(t2V%qV}GFE(87az zr!w7KktiZO#B`ftHE)U%WmRCEY8oqGZfiX`jPpJQE*v&sAV!%FXWWe$9TWKMbQX`R zd?-+l`i)>opfR9FCS0GOckIc|*o>23K#r6kIfyJKgKf%vv;p2^sl$b#2)OjA-}3MU z+2c7{qW0_QDp^X899~nA(JWILNt*3)Hh^HUDJv7Slk}<^F1alWC)DQX>#3wHdMUdh z64_LWs67Ge5@{ty0!r+PUW7*8By!M6m|0XMz3jyUJ^gXoGDM%ve268pg20E5UL0Zx zjpT{Q_!UY9`yJ1btzTr}JN)5wy)7hKXgbp`$lHHeXcG1o+|A%T0Jox)M_Cari1s1p zq1PLSIl;z3`N|>}pBW3?xVoW&u9(d-D8A{DDvWucEJ@q!atn<#FX)l}MafmX#SWqW$@Lpt*4#KtSXYE@KU^dy*o0hT@Gjy)f% zTggBo%rV@Nc|koCu?J@5+Y613Af!4do?*&}L9@oONws-p6bKMq~5#s(V*!pH< zE(?l$K~XFu`3dqWL*ksD&6YG$N|q=+66RYotOw8x&x5<5QeuLE{#)y4mUADjknSn2 zagUhGnA=G*EYOs%H7p^{*%G-BB+cEhlVUtw@MVtk-@iD;#Hrx@)rWt~AE>K?L(3VA zlg;phV`H7g{-{7*Ii4$3wkz&u=p>Y?Wix_*So!v)P)V^4lmBkHEZ>(DuebQb?>nD8 zpxpo$Joh*h4>U%_(BmL5d@dq-GB`+^jh&w*9U@+~T3LvCEarZ6&NiHuUgSHyxcGY6 zLKL7o+Rv#JQy;wDfb8PUjuYWa-MKfq2%OUo94~@ z5oS<4qUt=39)(LR#2UZtS}tt-r}blXr;nrkvo6#uSTOVF!&3F7qvmyio=$yQx5QL8?s1Mn60@YN;$ z>3TR9VKl}<>GJM(m^v+kzfER;T1V?Qsr)^wZ0z+=f2LP-g~>3Uu-eCQsOAoRo5 zF3=ND7(($_7?ars6@2K2vxwnT!i)C)N@|z#haEor1$khIGyFc{QmJn%{UTHeU%Ou_ z5@LKB>7LTk2;Ucl7QYeu%ETkaRSU~Rs@hzbw=yCn>WCl9_61%yYJjnB%XG!X{Pv%# z7#mFuzA_?kwD@v(O9eSbh|OUQ;$8xsUrWf;v%ZQAkQW#~*$W7Z*b*I}5JCnfSSf|Ss`4z5 zP!2C6vsvb$bgWB!J3xXT!b!)7y&DHWejtw;@r4iZFb8#^oKssoU_8N*qvt<`^kIyE z;Un!6vg#*m#A#2Wz@6q1%Jl=5}|Jq5-boJ*!T(4l_$Z77R9j7mfi$(gOpJb>``g=`8*qpGcH{5YCUUXU1~& zhy<-~jkQ*~u_5ZTZtm{oI8H^VtA|HFR|kpLXJ0t&s8~CL17oQ|SxiMzwp_%-xOh5d zn@xX+W{AgF#l@AXQkC|#&(PMQ@-|hq;LOLO{W{0vFh+AgcRYu}H2>1<%2eu|+6o#Y z3pTGDkBKhBa~wtd!b0w|zfR7jJ#womQ$QHRGBzEsb#)q+XNOV zWDJ+h1kKPXs6Awit?r19NmQS6lUW)^k-9)*57+1aY2=#r97JRD(>VENL#RZ%#r)yd zQFmJ`j?*$qGR*?t14iE$zPhJ1Kq;r@A$G<6Cv)`@T5>KCJbvs3HP67ejpxaY>n*16 z&GB*TBul)-oiE$L&nVxl@ogYDYKS%mo00SZF|>PSslV&6VIw;}{;n$~-7}@K;6_Pd z>2Utg_aPPG_QOokY14kluL#;IZo*w2i{-Y9jQdDUjn||Z{uA5PnFL)0ggWLMs<5SvGGWEd(ICgS@lUv&T zgvSK+2L1vL{>@agWQWc!#x&&<*ti&E=cZ#c-N=Bv28RJ^+f#&W4Uh6?ZQw-vHG>Yb zUMp>O46FBv`Pm4M6WdD8Wsq_>lFfrHvCOnCfQ!F6l1bu%$tn6S!Y@wMhC%IL}d$vBlC7zMt)wmiy9$r8KG_J%GmD+SrSw zmB`4h4`38c=m=Uc`x{Kx9nR_Gc}-=fpz+p7k++4mx-!cjm^>94uqLwYS#pB^8>R@C zDiLv{JTQb-<#ctq0Lt$LPkR~5Wd}0am2vivZ`@Ym3Z~H{UllB^;tlzwTn*x>UK_{1 zD%T|{wzQ!v%$pt6menHUMZ|LWH=a7Qs&PuqISdMF_%g7D6N1HF?GZ*@hwcRKsvFNI z80aK=*v0+<+WaDx{%1&{);;{||C+_Lr7_zlsQWI%qc-o(nKhracpVYHRvye?5%}{f zWi?+%@_vS~R5w1r?`*+BhF^_Y4QREu_8ek0+&aqnBP{c_W?E%ollo_gZ?lwm=h!YT z0{Hb|Pnr()@Ow*B8mEyf%CT}9-0YRX;nI|e2P@LJ#`g}r*d2XqjgK+P#D7q0^zpm_RSHk#!~2W$5V9V5mW(-J}axm?cZdGu91&PYY)sJS(KoTXmUa@^SAr&e3=d8ucfuol58ZF$35)qCE~);rLzE^H$)9xXVlxQQ_=Uh( zOIEWlyWt$832y3J30H%&bMh7h@S-7j$|AE~Rs!LgG)g3PP9@DwN9vi4=jsk@2;lx= z;6Vkqh2Q0SNA0lMwZnaQrC<3LdtXN+gEsz5O%;E{V0*vVU(D8;CWqtfs}@R;gT$XJ zleO|a!%mM{s}1`Tz*X#AIYVuAi!lwr_q_kLB0hzghpAS!-)Sqs`IjmhJ{77iIf>c2 zb7)B^#IYdEh15;sQys-f+_VNY7xndf*L>D$e^!ehlcXjJtLz(wS;i1yuc0}cC=T=G4gtKqB#0;4f zogJL9k{f?LnB63tuG9n{FORrd8XIRS4zd_z_z7r? zZK=a{b#`&TI-sW*XTkeLr2CIvR+B_4iEw(ikJnjTe{H^rsusjiMp=5~phr}d=#>=C zf0EfCIXe#_S^Dc@Bp$wtf7$El<^uIPmVfQ`WKasj)!B^ zi}(9Bn-?U7Qeo{FGTJX@zXN$vw~^z>rDj*t?MS8cKLHfY1@R1087tODeriEa*-Tt^ zL?Fj5H&B6eRoNwJcKjAWH8fRsLX2K1K(oI zmHsPH!T%Jkjb;X1s1R#ndd|&KN}fi`C$5nEskKV{-+B077AH1~K^!&NzM3U&_Bl1y zSVFRb{4ILeS(ah;&h+ht+wAjTo+vm3ay^Sf0)+--d7_b3gQ9gNz z${4+OKE3uUx@DdsCis z15N*(lFDYUcqNT>+3Ddg>I3(TLvas)+xBr}3(1`1F+@E87mW2-20WV?g~Ux4dP5U$ zNDq?H_cg(*OW0>V9P2HdA6k2nTr?l5vvmcMFt_*Hs>8IyJ-QTb_bKl5`FT6~n;V1# zO;LryG79O2J#QXzJiHFGSb%f>x8qs$QWIs<-Mg91(YcxZqK=8HnR$r`=PNAyBNN^+ybzBh(z| z7cx~dYmHiIL1V)em6LV#*TI2ChaO^rrnkYg$nkF(g znr;ctNQok(4uWQ)O;h~+xTHN+<8M!I(O=F7J^BephLb3X-&@_&SN!wZUi}}ZJ2ze& zzB^p|J_H?A{izlqUmEQn5s<)p1Y2bWpTA3IR@>p~=a|`b)-!2G1s|lZK^>MS4;6ec zv>w&U_M~-@A;PBcNaEj!du9|WTzEwW`;qax={3vnp_r^HnK!pass|2UUkfdszfNi2 zMK|w6W{J$~=yOe-`m%Q#Bj#!1V5;yyPj+OCz*bs({_wL^@)3rO!q+wYRn{$)yCrT- zUvw1}=PtUc8dxV!{XhFVZH;2F^@q_unijkEh)rGc^4VF1Pz}7?O*VT(Nj-A|B}g{K zIz~u%7;2R@G!F4M<|}b3Tqg8fJDX`+cc-PFAbMb2mv_xmL8HXgN}w76Jk#pIhpto| zf`FO3mR~tr@E1Z_6bDm>wfQuOMeLx7RRdBjTb6)bu5l15e=As^gio)Y=R=LNsks?0 z3P8GA-f&C4bR>h^`cLJjFQjuRZEli8B4IA@4OW7d*CSYGH!um zP%f4Iuu@hdQ!1pdXC_-bt$wR#9EaVM#ZfYCLt;Z62EDk#*C%*wQ~5L!0U3|}d0|cK zm0D!1MzSyaOHiFvu~R4~?5CfeCuy7w{hlA?)8V2VNJKB^w7DTR$Qrf#P1l`+qFa8@ z_)j&)S_>{L<5i933;0*g!AcUp{*eU>;Ofe=JOfA^&2P}X=lAVW>+oJ49sxf4<acwQmEt&Q_91>2qh_M*iZ! z2?eFcTBcQhE7O);H!mt9OQRaHjv@}Li*krXZEKKN=Qiul8a+I)oh}ZZ{BfUHY<5>y z4tzOW53b4%jPf#tmD!H=Jx`(X8@><#Q3{}?b2s)PNQh$hHURN;q1c{JG0~}#^**o0 zL@yy`J4l!=sV~^lm|4Xi-&%~GT6~$1Uz&4}`fwl#4d7U+C+yx!QMN`iN;Jccq(Kcp z{7(J3)T&JKk7oZyw6`&GF76-Nl3mJW8%z%&5@t)jiYaYF$Qof~bY4ad{lI96hcCVI zY+*m!F$_L294Gb~%q;kKO7%N3T3uwJvine33j_{SpjHtBd(wF<6q7hPLwxjM2(-c; z-jzzx_2X3arXhjRxT1wTe!3uU{5*q0VqwFNdl4efh$d$5BEEj?A;JCJ?P?;SG`LTp z_xQMY{^u-0o1E(;w3Za%Dy59eBN_FtP4!v~4q1Lq0a~c+@!Ij~^_5UNh^`;9?2&XW zfW3jDbrWi&;Is)^TWh}zZ~WmjJR>~W#X3Fxu14+wae5^LHyS@b_ABcX??o$fbpz<7 zV8wo0;PG43=9&t1bT&sX#;BVZp2bG+`?-u*9`?5%~Z5&&pqZu1|iA8dOTd&lQC z=5LZ`-P?Oxr<~b9R&3I9#+GmN2t8+1V7t*_m)cy1=hb*1Ad;%$By~dbn5tg{Afewa z3(OnNPvlY?N}3|hp#d*5IyG$qhJU&_ENf`VLYIq`pJkYGZ^ z*qLE#=>&%uE(yf&?O+k*6zZ+nj0-th#rRe}zq%F%88Ur-?C05UoaL<)w#K8l${g7- zqR=F2NddU9D6W`<%tU*sh57u^(0V{aiIo@^jO1I}tvn=oN*z=Y8Y0;(zNQ!LXZ4uO z35lJ}KmUg}V3Giw0Ithhj10?#(qQ`k+yXXzw~vrhE?GMdZD-ntF&OraT~2n;ZW*eJ zQg5=L1PvJy+`TLDoN%FxW&ESAhb$a=b2$K)w7<}wLpasOP2A$O&?-VM_=+{+n(|!` zS~ykWf4wVgb=2AWqFlv!yN~hlJi`rD46MH;&7Pa=T7TK(ugtI-(WoP2U0)1HNhveVc8)3OjYDGKD>Dl8U(r$kgv}m5g+}$ zW$`(&Zi^Y@*|GGZCY!;lA`NOnFcg{%^;F|qjel#hnj>I$@4<9=*M>Zj+I>PyLhHK6 zVR>jqV(t~b8sl=zi0!7T>3TLh zCR^}LWh_?@W%=pw{T!#YqE^b-IKKSMJ5gxPCv)Vrs=Gx<5vp~;)YBsHFRaRb_*&Jc~&H%Z-&RBrYVteNk6fH=z;#!?Hq-JsWxwHqvvsr7zR4buKkHR`uyy%%K55$`gqiM?5FTY()qIxGJ{ zrSqAzt(_EQ59moO+8_)dhkV-3qOn@(m1mqfD`e5&KmoW7iYM`!x<=jD)-9ZZLRiyy6pI(m0|f zU$P5-t=v)^DsH*WrL>MJ|2ZwziR(jPh}z>vS;M8{LZ6xY0^U`bE19X&tDTpwC8w7FWs$16{M|_m zZ9bw;m{MaQ?P>#k6p1f(YOCx|qs1osoRslhEqdlGk*(Ui|0vpfE?Z=HG02}0!QImq9)D?_NLLh`K0%l2ay=fxQ4l-g z+xJS_g5z_U{n zK5rrkUy@!;dU3`J3?pqv#G^_zwvBHd2`!=JyI9i4 zQbEpO!6RPjGB~I9k2}f}^H1w}SVrY*o!=pD75jjVo4W6RB#o{$a4KU7A?e29ImN$!6Rf`xCzS4PBwp1Zg3VEuIFxXF;zfPIW1i!UNMw2iPmL)*v z(`R3>2)!4IX=j=a7!KCLKf`*HG32V@$p=Ec0D!~;}JeiNFdv<%7c z9p?jRda;Gbh(87+Q8P|LcfH(TMJ!7)Tv0*?qSxR^B+Jd}~u8TFXq?C*; zIT3cWdAe}7C)#%^v(atEbHC!gxPWiNtyfKmw<7$;NS4U*rp)HOLo3{DI2A2o`%?ls z!xOGY0PrcATo}C-_q6MWD3w}NYx4U|CW1Ckm02ji+^0a?zNZra8s!?nK7PVoI%s&j*kS#FmGKcC^&Nt8poGVRtF(Oc` z@7G^`e-^y@n4mho7c_QuaUKqdjp#Gkwt++!X0~j3lslRdIGjSJ;#DHTB=UG&5>h`Q za~f%eZj`U)2kM?Rmz!Cr1yJWy+5wqQsk6Mp8UpVzXAIQUcJv2)2^qF?+=w;7keuID z7O~;R5M3Zi|DmUp==Ufc0UTGrn_P0%kOFxq*2jpiI9&egi=M{?-WKW=1j6}zV%ovd zXssZ&*jAilR=@bYfRmz~wdy_GWvs9@4hVOvo5%t*W@a1)Vp{XW9c<>s(nxtq=9 z{HB07W;R&kx}HiKUOulRJb5*O1MZR)9N7C$@NZd=;*6YFC@;8XjKA$ORQ_FPtEjGo zF*hgnagKcLmEpbus`EU{l5Dsm;BMfKU(h-Y8cr659vbG##KGGI&nSCEyW9@q#02=X zQyb+`ktKhT^EaptZqiER@s5U1%b=NFGmMF6xESk{k2oJxu3a+JazhUJrB%0HdKrkd zEcj3f3iNI2bg+oq9N<)kbU@W6F~)H0Uh*|DpZF5rA(_6c_9{L;GZI&(mJL;+ zF%5y3WrsWb<#v_RNQzbH<9s|d7a?VujPH4@oWxUd2wX6(>F%h&5n%scG# zlr?EID;7k2b?{!I6xM|U-yuq4lhx_(Cx!KauwvcZMrRgB@_vQK&Yffh5n2;{&c#zR z6xy#VWn6Xqf>T1?(d3T4b%5ElpxYT zb|}oDH;^t+6Q>n;ml=QhT_{<`1#i(%A9AC$8@i=%{}WSRNuW$E-H{!HE`|Hqz$sKS zD3YLXfP!pCZ~Zd8tD1@72U5yMrXQ(TpfyfZadu^`-ALMar_#iP4tg$1?r5bE1^^d# zl=1@aw--i4yekH~5~lp+qpGZKTy|}j_OS1-R6;mn&VUZ6ixY83$JMyn(r92`n2t?Y zX8P$TKYW?&=0X2ZWnodd@L#r7KJw*~qyJJF79|#kei+4PK9`aWizg91&7NmmvjE)G z=|N`@J`YD6DGLQRJ&M!O1OXQsZzTn72%<($j5jv033%W5Qj`~Z&FSr)z*W%vu~6={ zDsfZ7cN8;nP}jAVi-Gf?PfD?VGz1Fn`kKYnMP;WEPFEd2S~DJ%A!r`KRcq?sQMVfz z1>mW_peDxMgoU+qpW+E}KcJ52_&5O=jt9jy3)5hu^=J7er=)Ph$M?;+ubHXE6Tcz| zI11Qg!iFR{tCOHlg`glkyEtAXX9NFoG(d$$IE-y&kf&I7pYE+=0!nr9$Sd*4p zUEXnwh}V4FAC&gV&^!#Mm~^v~tfa-RH#KaR32Q zYh7vac&p;602XwsTRYw*Uwrz37cYr0LJAN2^RJ0XgsuXI>rknW{$jSKNkGBN;dkcGN% z!&W%g*2Tkf6iHYC8Bb697w0PiX!0;>jN|=4+4PVx#Q3@WLmqIh?fjC=!*pu#%JL^U z-rRJ{2U$RZEA((GW<6R*xX!_Qg>+Ur``7%rCMLMQM*gMrtOj|7*T-$biRuzPk z^P#`jDJY+SaAO$Tkf0_FU^k7vp*{3XuNT8(Z!@IUV5--n4{k2SDyfd7*ijzbHi&F@ zZ)U)@u_pg*(UOkB1STMK@(ceOe!SSD^~U%t;By1)jO(eUtS^tVo)nqgnmw)1aXQKE zzD1jW+YrU5#Rora>BF3d29nfTzmsS!6RTR?xA4Cpu}hrAv!bEavnG2Ob@aWDUAfv= zW8Xon>7rz<=U5&Cc(<|-Ddbtjx8yUQ@!A{KJa(f5&ciwEwW)I7|Gj3o*Vs~a%vLs3 z2DHleDsyZyBM9B^ud|0w<9vqcC*||sN$~LeX;>8Sh@LAOVRtL<`#Sjc&-*V zbp=gW$z2K8&GanNi!Jx{#Kb~WQBqjDHYGLSU!x(+t_0sb4(55NkxD&wEZFLg>Y(RL(sWYS5*hI@ALKy1Yb)9FNM@lf zoWXR!oT1ow(zHtrUn$TCT_$Trq}(Q<4+g9XL?x2UD2+M$Kx&+1gpSFHDYE_lbaUVD zY;f-%z_qH>R-@9`vqtRMAjP8|HCi7_xz2sRUx4AA1L=Q#?-m>naKu`saOiUf*g;8^t%|pq z-zR18ePoQ;`KFrisOLK0-`27&ID}I>5>WVF`AZ^qPwXaU9V(Q@*o^%c_PA@o3k;fE zD-{~#exa-Bbix&xzkgeu(+~fmAD|`0Ns8Md8mcD!c;sTeTW#NMh+y3?5}kgn4zh@C zh+G#YT(SGg8nr{~_}N<4&hPzqv5+Nj<8r>ASdNB>{A#dV*rJa7OU0BT_WhDDRGK!} z3Bm6ArLoij5^tVg9w&1b4IM##`Iw_1#!RPhMJ}-J2p}rxikQUQt%6Y}8?)d&K%>FV zHH?^xVbiNpw`-Q9e`vF%LHBPF5kz&+Vhr2Cx9u3=5HNo)eaqp;ni-EJlPmXrBO`Bj z@J%FGyy9-{dYg<*j@sY~6EBo7UfdJ4MWJDL_yCjdUrjy``6(m6!3ZqsvRKM?Zjl0K ziN>(*3G2_4lo*=GXiy@|TgP7_ zcQfsBPf}2$6|zhzQ<`-C45u2C{)PK|f4)|L9`22i{|R{f z1U(|Ipi{!qrn#asnG!~DF1G@oK0P7|Mzu!ebkp<^`G*+%L(NovIn$h3S~x>FR?oQ# z=jk=4PNpRkV@z}7h9kE8yBHsh7;+oI;z=D_x=#q}4DZF04B?%@PqdB@1RhW40+@_( zjAo-&JAtR*GsC$qYcO8ollbc5EGN^(K7`sWOa{x`iB6lGzUG3(&p$)R*mJlG)ess- zfr}@WUHRD%r&g4lE{+Dh3=3CAwSS8?wGUa!j7(Y0TO5SAUQ0XYa&c_t@xpQyz9y3< zl03*CekB~@suG7?eY{6-5)ffNGws92f81ytm731?24cOWXzW6;$vp_e$i5-PH-KC% zdGuk&Jc~EO=TPbl{*t5EGZP2r;+L?LhJc)(5_{4@-kR0J7-93%lI5Z|sZj;)a%xf3 zAe>|2MVH{Y?o-Y%ka5TNctMZT=_Md!j3>sIh0LHpCo+<#PWRNurgw*+Ov%oP@z|H4 zJfo|g2ZLlWyzHA!4$Tlo>M=3qM2mekqoHA@Tv`C4X?JTpn#3W7n``2^v9BM7IQVqY z)g#`i2T=VZWR`BkTI%{T1~KnFH*^?;?!0~=$HP>Zl0nuQIS%YYJHRvgUOul zTw}9}#D=hg7LYEk+^pLCY7TfaXM0tU_hf~HNjk2Jx!;3x{PABOmfRiBccvoSn~j-# zE)ovmvu*3G24iTUw@yV%`k3L#Qm@!0*y5+(x(~=)&Eit^8SXyr8o(CTa6JOy`QCJu zc(grx+Qf}IuSNH?vgvBxhQ4*BeCVOiVyb%RK&&NQI8(Y6gEG!aQIoZ9>-2F3ivA+c zA)FJP<}dwvbiCFajF*Ah(JeU6-X|bwRW|BZo)BY4><3F+-UT^T9jt&VsDVu+9SPzc zN6BTiY<3m@r;TG}&b!Vu?tGmX4(B7s2rzoh6&HKif3=m6y=mX1uv5QZ1Wc#-|sorDq*Pb{t;(~Ap?>dQ@fmhnp5~6ia)mVQXUtuh}O}`XNi%yL` z+ePJnSZmEvv8-F8NIr}g>EJ?gd8<|%np;;h(~7Xm6Kn$vPf1+MrlYHL6%Kn_;->bL zcd4MB)K^ZnQ#`&>89kX7kEZ}CNe|gCiidu6bDWCu!OEa=={au~cKDjenV`aBV@kW` z0`%5R9CNycLxI2Bd_K*42BczyfI7+gp9q)tyxq1v;KK1Dbug+nD2~(6#iJ}hLFiyi zBR8`$H}^*+dh~bS9oPtlxxllbt!Gx7+ncY2+DJ87y?Q0 zNRAqMFr%u9bUM{2dZhUmv)~roS8w zUMMaeL;W}FpS{h%HJ!K5j~0viU-ns&4D;&OFT(5=t^{7Cw znBL`rpDxi{$#Ri z0yQ3=gmMeit#tmDvlp*8{%m;Y(*iFdYSjF@&i(9tUPWY>ioMzKznf+?0rC+KUb6q2 zMspY<@5PcI~Vhq+x?%+@pFO0 zZSehN(1(*FRa{%*Evu>-<&75WdRdKC@Psz68glj~ff#&|3$CTT-t5yA46WU!Xam+f zlZR$=a<68zc<~?OaM`3l5d1l2GV(|Fk#YP7iE~K%N;|f9A|kE6nng067AVL>ztv_9 zt-+R_)c>f9@RObioTG)G{RnUc6{LXZ%0n)IF#9kS%8dc7NtHhmH1c zu{pL$Q}2xcj;~T(lH%QzU^EBPt^aliIWZ4j3K3*xN)>g-l-D=BFqvw=kl7uA1}*UP z!=VxFUwpD-?s)gbyv&c>YU!S=Y7zcqTRk`-kab8T;zj&(xr+DAAX51ezxsI6R9nI1 zlj4Suv&S0i-C2n;?I`Eqp27jV%Z;`hz`4etu?e3aB}Z)5_5rvy7NP)WxBA^apFaea z`S-OHK>Pkh9$w%m!C~sFu1n+G(F2XO=V@%#ktcZUptN1-EyAh>FuIl!WplE@0%4&4 z^n?eOMY=9Uz?gU`)3*@!O6NIO-g2-)PC9K!N_<`H-I$=cTMm9-dU11IvG8imjdEfA zeyLMXy~f=6cTM=*xQy#){?O*kmPwukB4RTLdG4TbRPW79&)*nD!WHZpq$+@Al_-%1 zC1AXye7jKVK|C>Uc5`MdJaFSQq^$G-r3MuS4O(ei*4*eApXP2%SYndI|FAz!1g)#5 z$hv2Y*)&GYM!-wjzG^nDBx8pv2k-(C14r9)0JSAxhV!FZk6^~nzvw3tKZ3Vd*VVQ; za8Tn?ULL?xJ2m7DHVo7=t$$zU1K@{hCb2nen}vq>IZv;auRb^l7lU$D*1F&zk< zk~8(Qg*icTRdj1aFM}H}* zw#hm6*nQl5h8w8LavjSccOMCUVmSu!G6791%dur`9N=f(qh`~<`Zz|T@>jzz&Oqp3 zJYOH_l>uB6O-f04^GMOhwYvTwNqw}NLSqnm(fm{)#=4mJM(&33EqT@#(#!xG!m-1| zF3asQ*FBNrn=-tMoD+zYZ2GMDiQF0Yc%NwQWOL@Dn5S5I<2>f^Y#6Owme~+&Qe^(l z1C_g4rZ5k%r}HNm(C2wXO6=y*F814o}Z2sLohX9-yUAWiw6SEvTZwEV66>{jbyd}pz>$a!Nb=K7f>N|Zb*I9Lmi zjX|+Io6mwT#7|*w+XJr0K5l4&dEm4snJdL{^9O@kxa}khOWZ>E=#|}Dwl)>Ey6{*> zfy5AWH2t26ol{c9;G3S|L3Uouq43Tf392*jT{@s=^zV&J&qZ74(S+4@^q`j6E52PV ztH_($mmCTURZ|gQ(H4`tq*y{OIhB3rsnG$|c7dr-{g+^sgY?ErX=PcFT04iGmn26o zIhWCURFGwKM1SE@)yXC@P^Fi&%(s7Cx-IuAJ6bTD2|{pcHpqG<7uH1zOWa;Y)CL@*+K+&-t_cX{%>p1%gfq0O4)F&A;4C!UV5s7ue!z7>gg?oLJ+ z(`K63K;6(Q#IS9k6~>`{v3kTUwXKtJwEJjIUTeYE15c58lhC(1^>bu8e1viMH~ogk z^PsvrhX2BwM)*2Q1W=DiF7aWfHR7e&CQv5N5=*r-t)DL^`ir?U^!Tq?LBcz*bBnC3 zXWQmT;7F&dnVA{z=tXx;uSVG#)@8JKr$?WanXQtdEc<@mV!lyP-qW{wHE_l=Bpp8b zsuaG<@$g1s?gm*>Ql{2HrCKQ5dny?leCn5`tY=XCYDE{qt4y~dfXIsu+5Tl(A1pMr zV8GO^6DC_hog{hr-Fr56z1zy8*S4(M>nI1Xm&`qY?_b(PGzG=hb77W`g_9YR>qI0! z-6TaV3Gn-2ghq&Dm|qoKZ=juD;xpE*Xf<%D& Date: Wed, 27 Feb 2013 21:39:45 -0500 Subject: [PATCH 0131/1473] updates source url to use https --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 14ca2a0b38..f365312e40 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,4 @@ -source "http://rubygems.org" +source "https://rubygems.org" gemspec @@ -29,4 +29,4 @@ platforms :mri_19 do group :mongoid do gem "mongoid", "~> 3.0" end -end \ No newline at end of file +end From c6578250d2e7a5e506eaa574bd525ee6fd848fc5 Mon Sep 17 00:00:00 2001 From: Andrew White Date: Fri, 1 Mar 2013 14:32:15 +0000 Subject: [PATCH 0132/1473] Improve documentation on sending delayed emails There are a couple of gotchas in the existing documentation about the `send_devise_notification` hook. 1. The `after_commit` callback can be called multiple times so you should clear the array otherwise any additional invocations will trigger extra copies of the email. 2. The `after_commit` callback is only called when a record is created or updated so you need to check for `new_record?` or `changed?` before adding it to `pending_notifications` otherwise it's okay to send it immediately. The `new_record? || changed?` condition is necessary because the latter isn't always true for new records, e.g: >> User.new.changed? => false [ci skip] --- lib/devise/models/authenticatable.rb | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index e01ebb383f..f1d08dd149 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -141,13 +141,25 @@ def devise_mailer # protected # # def send_devise_notification(notification) - # pending_notifications << notification + # # if the record is new or changed then delay the + # # delivery until the after_commit callback otherwise + # # send now because after_commit will not be called. + # if new_record? || changed? + # pending_notifications << notification + # else + # devise_mailer.send(notification, self).deliver + # end # end # # def send_pending_notifications # pending_notifications.each do |n| # devise_mailer.send(n, self).deliver # end + # + # # Empty the pending notifications array because the + # # after_commit hook can be called multiple times which + # # could cause multiple emails to be sent. + # pending_notifications.clear # end # # def pending_notifications From f4ceecece416bb71fef8c43a8a0d126222747bc8 Mon Sep 17 00:00:00 2001 From: Matt Jones + Tony Schneider Date: Mon, 4 Mar 2013 12:18:20 -0500 Subject: [PATCH 0133/1473] Allow explicit configuration of http auth key - Fix basic auth case in which authorized_keys is configured as hash - Duplicate existing functionality when http_auth_key is not explicitly set --- lib/devise.rb | 4 ++++ lib/devise/models/authenticatable.rb | 6 +++++- lib/devise/strategies/authenticatable.rb | 10 +++++++++- test/integration/http_authenticatable_test.rb | 18 ++++++++++++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 094467c59b..87e1f3071c 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -51,6 +51,10 @@ module Strategies mattr_accessor :stretches @@stretches = 10 + # The default key used when authenticating over http auth. + mattr_accessor :http_auth_key + @@http_auth_key = nil + # Keys used when authenticating a user. mattr_accessor :authentication_keys @@authentication_keys = [ :email ] diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index f1d08dd149..89820725e2 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -10,6 +10,9 @@ module Models # # * +authentication_keys+: parameters used for authentication. By default [:email]. # + # * +http_auth_key+: map the username passed via HTTP Auth to this parameter. Defaults to + # the first element in +authentication_keys+. + # # * +request_keys+: parameters from the request object used for authentication. # By specifying a symbol (which should be a request method), it will automatically be # passed to find_for_authentication method and considered in your model lookup. @@ -194,7 +197,8 @@ def apply_to_attribute_or_variable(attr, method) module ClassMethods Devise::Models.config(self, :authentication_keys, :request_keys, :strip_whitespace_keys, - :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage) + :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage, + :http_auth_key) def serialize_into_session(record) [record.to_key, record.authenticatable_salt] diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index e57ba9b3f8..3efcbe6701 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -100,7 +100,7 @@ def params_auth_hash # Extract a hash with attributes:values from the http params. def http_auth_hash - keys = [authentication_keys.first, :password] + keys = [http_auth_key, :password] Hash[*keys.zip(decode_credentials).flatten] end @@ -139,6 +139,14 @@ def authentication_keys @authentication_keys ||= mapping.to.authentication_keys end + def http_auth_key + @http_auth_key ||= mapping.to.http_auth_key + @http_auth_key ||= case authentication_keys + when Array then authentication_keys.first + when Hash then authentication_keys.keys.first + end + end + # Holds request keys. def request_keys @request_keys ||= mapping.to.request_keys diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index de9101905b..889a9beed7 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -62,6 +62,24 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end end + test 'it uses appropriate authentication_keys when configured with hash' do + swap Devise, :authentication_keys => { :username => false, :email => false } do + sign_in_as_new_user_with_http("usertest") + assert_response :success + assert_match 'user@test.com', response.body + assert warden.authenticated?(:user) + end + end + + test 'it uses the appropriate key when configured explicitly' do + swap Devise, :authentication_keys => { :email => false, :username => false }, :http_auth_key => :username do + sign_in_as_new_user_with_http("usertest") + assert_response :success + assert_match 'user@test.com', response.body + assert warden.authenticated?(:user) + end + end + test 'test request with oauth2 header doesnt get mistaken for basic authentication' do swap Devise, :http_authenticatable => true do add_oauth2_header From 2d14bd2826a678d349282c9f36827d503d05195a Mon Sep 17 00:00:00 2001 From: robhurring Date: Mon, 4 Mar 2013 17:33:27 -0500 Subject: [PATCH 0134/1473] removing params hash merging of token and mimicking http basic auth flow --- .../strategies/token_authenticatable.rb | 51 ++++++++++++------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb index 5d98dbfba1..71be735afb 100644 --- a/lib/devise/strategies/token_authenticatable.rb +++ b/lib/devise/strategies/token_authenticatable.rb @@ -14,6 +14,10 @@ def store? super && !mapping.to.skip_session_storage.include?(:token_auth) end + def valid? + super || valid_for_token_auth? + end + def authenticate! resource = mapping.to.find_for_token_authentication(authentication_hash) return fail(:invalid_token) unless resource @@ -36,27 +40,40 @@ def remember_me? false end - # Try both scoped and non scoped keys. - def params_auth_hash - auth_key = authentication_keys.first + # Check if the model accepts this strategy as token authenticatable. + def token_authenticatable? + mapping.to.allow_token_authenticatable_via_headers + end + + # Check if this is strategy is valid for token authentication by: + # + # * Validating if the model allows http token authentication; + # * If the http auth token exists; + # * If all authentication keys are present; + # + def valid_for_token_auth? + token_authenticatable? && auth_token.present? && with_authentication_hash(:token_auth, token_auth_hash) + end - return_params = - if params[scope].kind_of?(Hash) && params[scope].has_key?(auth_key) - params[scope] - else - params - end + # Extract the auth token from the request + def auth_token + @auth_token ||= ActionController::HttpAuthentication::Token. + token_and_options(request) + end - if mapping.to.allow_token_authenticatable_via_headers - token = ActionController::HttpAuthentication::Token.token_and_options(request) + # Extract a hash with attributes:values from the auth_token. + def token_auth_hash + request.env['devise.token_options'] = auth_token.last + {authentication_keys.first => auth_token.first} + end - if token - return_params.merge! auth_key => token.first - request.env['devise.token_options'] = token.last - end + # Try both scoped and non scoped keys. + def params_auth_hash + if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first) + params[scope] + else + params end - - return_params end # Overwrite authentication keys to use token_authentication_key. From 10f58b636f45ca86d4a6ef9de561584aedb3c4be Mon Sep 17 00:00:00 2001 From: robhurring Date: Mon, 4 Mar 2013 17:38:36 -0500 Subject: [PATCH 0135/1473] update devise config template with new allow_token_authenticatable_via_headers options --- lib/generators/templates/devise.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 8df195819e..fdc258a28c 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -182,6 +182,11 @@ # Defines name of the authentication token params key # config.token_authentication_key = :auth_token + # Tell if authentication through HTTP Token Auth is enabled. True by default. + # Any extra options passed along with the options will be available in the + # env['devise.token_options'] hash + # config.allow_token_authenticatable_via_headers = false + # ==> Scopes configuration # Turn scoped views on. Before rendering "sessions/new", it will first check for # "users/sessions/new". It's turned off by default because it's slower if you From 22442907af8a356f0448956e061e456e13d66ba0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 5 Mar 2013 15:54:30 -0300 Subject: [PATCH 0136/1473] Fix `send_devise_notification` arity in the documentation. [ci skip] --- lib/devise/models/authenticatable.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index f1d08dd149..6f94357e79 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -140,20 +140,20 @@ def devise_mailer # # protected # - # def send_devise_notification(notification) + # def send_devise_notification(notification, opts = {}) # # if the record is new or changed then delay the # # delivery until the after_commit callback otherwise # # send now because after_commit will not be called. # if new_record? || changed? - # pending_notifications << notification + # pending_notifications << [notification, opts] # else - # devise_mailer.send(notification, self).deliver + # devise_mailer.send(notification, self, opts).deliver # end # end # # def send_pending_notifications - # pending_notifications.each do |n| - # devise_mailer.send(n, self).deliver + # pending_notifications.each do |n, opts| + # devise_mailer.send(n, self, opts).deliver # end # # # Empty the pending notifications array because the From 5d87e150f767a1cc6c33c39f60be5a0fee8397ef Mon Sep 17 00:00:00 2001 From: Puneet Goyal Date: Fri, 15 Mar 2013 15:18:45 +0530 Subject: [PATCH 0137/1473] removing an extra full stop --- .../templates/simple_form_for/registrations/edit.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index 1ba5e81012..6955c2c741 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -22,6 +22,6 @@

Cancel my account

-

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.

+

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>

<%= link_to "Back", :back %> From ddea9359a66d2d75b9468fa1bdff56a4a283af6e Mon Sep 17 00:00:00 2001 From: Puneet Goyal Date: Fri, 15 Mar 2013 15:19:52 +0530 Subject: [PATCH 0138/1473] Removing an extra full stop --- app/views/devise/registrations/edit.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 9bb2646216..986db407ed 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -24,6 +24,6 @@

Cancel my account

-

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>.

+

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>

<%= link_to "Back", :back %> From 41aed807fc758e39f6f95ef3f84c6be61dc7d19b Mon Sep 17 00:00:00 2001 From: linus Date: Sat, 16 Mar 2013 09:29:46 +0100 Subject: [PATCH 0139/1473] Add license to gemspec. --- devise.gemspec | 1 + 1 file changed, 1 insertion(+) diff --git a/devise.gemspec b/devise.gemspec index 4df95625dd..5ac2862d99 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -6,6 +6,7 @@ Gem::Specification.new do |s| s.name = "devise" s.version = Devise::VERSION.dup s.platform = Gem::Platform::RUBY + s.license = "MIT" s.summary = "Flexible authentication solution for Rails with Warden" s.email = "contact@plataformatec.com.br" s.homepage = "http://github.com/plataformatec/devise" From 4549d8c65f9f66ebe55192eff58afb39ca390a52 Mon Sep 17 00:00:00 2001 From: Scott Jacobsen Date: Thu, 21 Mar 2013 18:49:19 -0600 Subject: [PATCH 0140/1473] Update recoverable.rb Fix type-o. --- lib/devise/models/recoverable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index ba434bb37b..494852f0ea 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -1,7 +1,7 @@ module Devise module Models - # Recoverable takes care of reseting the user password and send reset instructions. + # Recoverable takes care of resetting the user password and send reset instructions. # # ==Options # From 9a8cb011d7c22726b59ab7c101d06dbf995ca222 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 28 Mar 2013 14:00:55 -0300 Subject: [PATCH 0141/1473] Use the latests Rails version --- Gemfile.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 209a593e29..f02a2fa55d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 124627a60020c081a50136dd49e6c6652e7226c5 + revision: 6c8b3f2501ad12dbd453a86d3fe2374a4d14378c branch: master specs: mongoid (4.0.0) @@ -11,7 +11,7 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 202041e762a98cb433c3a24a0b03308d4e05a99d + revision: 27d12bde1f2ef9bac24d24d576f23eee68544ca0 branch: master specs: actionmailer (4.0.0.beta1) @@ -30,13 +30,13 @@ GIT activemodel (= 4.0.0.beta1) activerecord-deprecated_finders (~> 0.0.3) activesupport (= 4.0.0.beta1) - arel (~> 4.0.0.beta1) + arel (~> 4.0.0.beta2) activesupport (4.0.0.beta1) - i18n (~> 0.6.2) + i18n (~> 0.6, >= 0.6.4) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) - tzinfo (~> 0.3.33) + tzinfo (~> 0.3.37) rails (4.0.0.beta1) actionmailer (= 4.0.0.beta1) actionpack (= 4.0.0.beta1) @@ -62,36 +62,36 @@ PATH warden (~> 1.2.1) GEM - remote: http://rubygems.org/ + remote: https://rubygems.org/ specs: activerecord-deprecated_finders (0.0.3) - arel (4.0.0.beta1) + arel (4.0.0.beta2) atomic (1.0.1) bcrypt-ruby (3.0.1) builder (3.1.4) erubis (2.7.0) - faraday (0.8.6) + faraday (0.8.7) multipart-post (~> 1.1) hashie (1.2.0) hike (1.2.1) httpauth (0.2.0) - i18n (0.6.2) + i18n (0.6.4) json (1.7.7) - jwt (0.1.5) - multi_json (>= 1.0) + jwt (0.1.8) + multi_json (>= 1.5) mail (2.5.3) i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) mime-types (1.21) - minitest (4.6.1) - mocha (0.13.2) + minitest (4.7.0) + mocha (0.13.3) metaclass (~> 0.0.1) - moped (1.4.2) - multi_json (1.6.1) - multipart-post (1.1.5) - nokogiri (1.5.6) + moped (1.4.5) + multi_json (1.7.2) + multipart-post (1.2.0) + nokogiri (1.5.9) oauth2 (0.8.1) faraday (~> 0.8) httpauth (~> 0.1) @@ -120,7 +120,7 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rake (10.0.3) + rake (10.0.4) rdoc (3.12.2) json (~> 1.4) ruby-openid (2.2.3) @@ -134,14 +134,14 @@ GEM activesupport (>= 3.0) sprockets (~> 2.8) sqlite3 (1.3.7) - thor (0.17.0) + thor (0.18.0) thread_safe (0.1.0) atomic - tilt (1.3.3) + tilt (1.3.6) treetop (1.4.12) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.35) + tzinfo (0.3.37) warden (1.2.1) rack (>= 1.0) webrat (0.7.2) From c07bc69fadfbd57e8b393feae9e58a1a2434f32e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 31 Mar 2013 17:18:02 -0300 Subject: [PATCH 0142/1473] Install Mongoid in Ruby 2.0 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index d5e9852056..1b064d32b1 100644 --- a/Gemfile +++ b/Gemfile @@ -25,7 +25,7 @@ platforms :ruby do gem "sqlite3" end -platforms :mri_19 do +platforms :mri_19, :mri_20 do group :mongoid do gem "mongoid", github: "mongoid/mongoid", branch: "master" end From bd14589fe4b2de7fc9182413eb6d29d867a2dd0e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 31 Mar 2013 17:18:41 -0300 Subject: [PATCH 0143/1473] Ensure that `include_root_in_json` is true since our test suite depends on that. --- test/orm/active_record.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index d1bff6c201..023e3cb79d 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -1,5 +1,6 @@ ActiveRecord::Migration.verbose = false ActiveRecord::Base.logger = Logger.new(nil) +ActiveRecord::Base.include_root_in_json = true ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__)) From ce37c301ff91f0d59ff91715f0c36e0ee285fb11 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 31 Mar 2013 17:19:10 -0300 Subject: [PATCH 0144/1473] Update Rails dependency --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index f02a2fa55d..e2dab4b2f8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 27d12bde1f2ef9bac24d24d576f23eee68544ca0 + revision: 31216ec84b6988683c0c60e1ff08163a75d27680 branch: master specs: actionmailer (4.0.0.beta1) From 2f88f7c0ed18885ac6305344689e3fa43c1592bd Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 13 Mar 2013 11:15:27 -0500 Subject: [PATCH 0145/1473] Remove protected_attributes gem and all whitelisting --- Gemfile | 1 - Gemfile.lock | 3 --- lib/generators/active_record/devise_generator.rb | 5 +---- test/generators/active_record_generator_test.rb | 4 +--- test/rails_app/config/application.rb | 5 ----- test/rails_app/lib/shared_user.rb | 1 - test/test_models.rb | 1 - 7 files changed, 2 insertions(+), 18 deletions(-) diff --git a/Gemfile b/Gemfile index 1b064d32b1..b0889bc466 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,6 @@ source "https://rubygems.org" gemspec gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master" -gem "protected_attributes", "~> 1.0.0" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index e2dab4b2f8..ad794f5b02 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,8 +112,6 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - protected_attributes (1.0.0) - activemodel (>= 4.0.0.beta, < 5.0) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) @@ -163,7 +161,6 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - protected_attributes (~> 1.0.0) rails (~> 4.0.0.beta)! rdoc sqlite3 diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 35541d91c9..f566cd1510 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -22,10 +22,7 @@ def generate_model end def inject_devise_content - content = model_contents + < "localhost:3000" } - if DEVISE_ORM == :active_record - # Disable forcing whitelist attributes from protected attributes. - config.active_record.whitelist_attributes = false - end - # This was used to break devise in some situations config.to_prepare do Devise::SessionsController.layout "application" diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index 29c262315a..e4bd8712d3 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -7,7 +7,6 @@ module SharedUser :trackable, :validatable, :omniauthable attr_accessor :other_key - attr_accessible :username, :email, :password, :password_confirmation, :remember_me, :confirmation_sent_at # They need to be included after Devise is called. extend ExtendMethods diff --git a/test/test_models.rb b/test/test_models.rb index fb65d53cad..cd7fbaa31a 100644 --- a/test/test_models.rb +++ b/test/test_models.rb @@ -15,7 +15,6 @@ class UserWithValidation < User class UserWithVirtualAttributes < User devise :case_insensitive_keys => [ :email, :email_confirmation ] validates :email, :presence => true, :confirmation => {:on => :create} - attr_accessible :email, :email_confirmation end class Several < Admin From af4a582300b79669682f7c656316b841cc3a0f82 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 27 Mar 2013 22:15:48 -0500 Subject: [PATCH 0146/1473] Remove mass-assignment role-based tests, no longer supported in Rails 4 Mass-assignment security roles are removed in Rails 4 so there's no need to test :as => :role behavior. --- test/models/database_authenticatable_test.rb | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 1439a51f9c..a8577c2262 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -111,13 +111,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert user.reload.valid_password?('pass4321') end - test 'should update password with valid current password and :as option' do - user = create_user - assert user.update_with_password(:current_password => '12345678', - :password => 'pass4321', :password_confirmation => 'pass4321', :as => :admin) - assert user.reload.valid_password?('pass4321') - end - test 'should add an error to current password when it is invalid' do user = create_user assert_not user.update_with_password(:current_password => 'other', @@ -170,12 +163,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_equal 'new@example.com', user.email end - test 'should update the user without password with :as option' do - user = create_user - user.update_without_password(:email => 'new@example.com', :as => :admin) - assert_equal 'new@example.com', user.email - end - test 'should not update password without password' do user = create_user user.update_without_password(:password => 'pass4321', :password_confirmation => 'pass4321') From 78f137368c04adceb4ffabf50c9f476bf757ba3d Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 13 Mar 2013 11:37:54 -0500 Subject: [PATCH 0147/1473] Add support for Rails 4 strong_parameters This brings support for Rails 4 StrongParameters changes. - Parameter sanitizing is setup for Devise controllers via resource_params except Omniauth Callbacks which doesn't use resource_params. - Change #build_resource to not call resource_params for get requests. Parameter sanitizing is only needed when params are posted to the server so there's no need to try to construct resource params on get requests (new, edit). --- .../devise/confirmations_controller.rb | 1 - .../devise/registrations_controller.rb | 6 +- app/controllers/devise/unlocks_controller.rb | 1 - app/controllers/devise_controller.rb | 29 +++++++-- lib/devise.rb | 13 ++-- lib/devise/parameter_sanitizer.rb | 65 +++++++++++++++++++ test/parameter_sanitizer_test.rb | 52 +++++++++++++++ 7 files changed, 153 insertions(+), 14 deletions(-) create mode 100644 lib/devise/parameter_sanitizer.rb create mode 100644 test/parameter_sanitizer_test.rb diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 68014c92bd..588028824e 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -39,5 +39,4 @@ def after_resending_confirmation_instructions_path_for(resource_name) def after_confirmation_path_for(resource_name, resource) after_sign_in_path_for(resource) end - end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 281979a7c9..c7cee32c3e 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -83,7 +83,11 @@ def update_needs_confirmation?(resource, previous) # Build a devise resource passing in the session. Useful to move # temporary session data to the newly created user. def build_resource(hash=nil) - hash ||= resource_params || {} + if request.get? + hash ||= {} + else + hash ||= resource_params || {} + end self.resource = resource_class.new_with_session(hash, session) end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 45f6b2c1d7..3b0d9f7f31 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -40,5 +40,4 @@ def after_sending_unlock_instructions_path_for(resource) def after_unlock_path_for(resource) new_session_path(resource) end - end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 94359769df..8c67eb2ddf 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -28,10 +28,6 @@ def resource_class devise_mapping.to end - def resource_params - params[resource_name] - end - # Returns a signed in resource from session (if one exists) def signed_in_resource warden.authenticate(:scope => resource_name) @@ -96,7 +92,13 @@ def resource=(new_resource) # Build a devise resource. # Assignment bypasses attribute protection when :unsafe option is passed def build_resource(hash = nil, options = {}) - hash ||= resource_params || {} + # When building a resource, invoke strong_parameters require/permit + # steps if the params hash includes the resource name. + if params[resource_name] + hash ||= resource_params || {} + else + hash ||= {} + end if options[:unsafe] self.resource = resource_class.new.tap do |resource| @@ -181,4 +183,21 @@ def respond_with_navigational(*args, &block) format.any(*navigational_formats, &block) end end + + # Setup a param sanitizer to filter parameters using strong_parameters. See + # lib/devise/controllers/parameter_sanitizer.rb for more info. Override this + # method in your application controller to use your own parameter sanitizer. + def parameters_sanitizer + @parameters_sanitizer ||= Devise::ParameterSanitizer.new + end + + # Return the params to be used for mass assignment passed through the + # strong_parameters require/permit step. To customize the parameters + # permitted for a specific controller, simply prepend a before_filter and + # call #permit_devise_param or #remove_permitted_devise_param on + # parameters_sanitizer to update the default allowed lists of permitted + # parameters. + def resource_params + params.require(resource_name).permit(parameters_sanitizer.permitted_params_for(controller_name)) + end end diff --git a/lib/devise.rb b/lib/devise.rb index 87e1f3071c..750015858a 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -6,12 +6,13 @@ require 'securerandom' module Devise - autoload :Delegator, 'devise/delegator' - autoload :FailureApp, 'devise/failure_app' - autoload :OmniAuth, 'devise/omniauth' - autoload :ParamFilter, 'devise/param_filter' - autoload :TestHelpers, 'devise/test_helpers' - autoload :TimeInflector, 'devise/time_inflector' + autoload :Delegator, 'devise/delegator' + autoload :FailureApp, 'devise/failure_app' + autoload :OmniAuth, 'devise/omniauth' + autoload :ParamFilter, 'devise/param_filter' + autoload :ParameterSanitizer, 'devise/parameter_sanitizer' + autoload :TestHelpers, 'devise/test_helpers' + autoload :TimeInflector, 'devise/time_inflector' module Controllers autoload :Helpers, 'devise/controllers/helpers' diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb new file mode 100644 index 0000000000..ce800e2dcd --- /dev/null +++ b/lib/devise/parameter_sanitizer.rb @@ -0,0 +1,65 @@ +module Devise + class ParameterSanitizer + attr_reader :allowed_params + + # Return a list of parameter names permitted to be mass-assigned for the + # passed controller. + def permitted_params_for(controller_name) + allowed_params.fetch(key_for_controller_name(controller_name), []) + end + + # Set up a new parameter sanitizer with a set of allowed parameters. This + # gets initialized on each request so that parameters may be augmented or + # changed as needed via before_filter. + def initialize + @allowed_params = { + :confirmations_controller => [:email], + :passwords_controller => authentication_keys + [:password, :password_confirmation, :reset_password_token], + :registrations_controller => authentication_keys + [:password, :password_confirmation, :current_password], + :sessions_controller => authentication_keys + [:password], + :unlocks_controller => [:email] + } + end + + # Allow additional parameters for a Devise controller. If the + # controller_name doesn't exist in allowed_params, it will be added to it + # as an empty array and param_name will be appended to that array. Note + # that when adding a new controller, use the full controller name + # (:confirmations_controller) and not the short names + # (:confirmation/:confirmations). + def permit_devise_param(controller_name, param_name) + @allowed_params[key_for_controller_name(controller_name)] << param_name + true + end + + # Remove specific allowed parameter for a Devise controller. If the + # controller_name doesn't exist in allowed_params, it will be added to it + # as an empty array. + def remove_permitted_devise_param(controller_name, param_name) + @allowed_params[key_for_controller_name(controller_name)].delete(param_name) + true + end + + protected + + def authentication_keys + Array(::Devise.authentication_keys) + end + + # Flexibly allow access to permitting/denying/checking parameters by + # controller name in the following key formats: :confirmations_controller, + # :confirmations, :confirmation + def key_for_controller_name(name) + if allowed_params.has_key?(name.to_sym) + name.to_sym + elsif allowed_params.has_key?(:"#{name}s_controller") + :"#{name}s_controller" + elsif allowed_params.has_key?(:"#{name}_controller") + :"#{name}_controller" + else + @allowed_params[name.to_sym] = [] + name.to_sym + end + end + end +end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb new file mode 100644 index 0000000000..56c8619343 --- /dev/null +++ b/test/parameter_sanitizer_test.rb @@ -0,0 +1,52 @@ +require 'test_helper' + +class ParameterSanitizerTest < ActiveSupport::TestCase + def sanitizer + Devise::ParameterSanitizer.new + end + + test '#permitted_params_for allows querying of allowed parameters by controller' do + assert_equal [:email], sanitizer.permitted_params_for(:confirmations_controller) + assert_equal [:email, :password, :password_confirmation, :reset_password_token], sanitizer.permitted_params_for(:password) + assert_equal [:email], sanitizer.permitted_params_for(:unlocks) + end + + test '#permitted_params_for returns an empty array for a bad key' do + assert_equal [], sanitizer.permitted_params_for(:bad_key) + end + + test '#permit_devise_param allows adding an allowed param for a specific controller' do + subject = sanitizer + + subject.permit_devise_param(:confirmations_controller, :other) + + assert_equal [:email, :other], subject.permitted_params_for(:confirmations_controller) + end + + test '#remove_permitted_devise_param allows disallowing a param for a specific controller' do + subject = sanitizer + + subject.remove_permitted_devise_param(:confirmations_controller, :email) + + assert_equal [], subject.permitted_params_for(:confirmations_controller) + end + + test '#permit_devise_param allows adding additional devise controllers' do + subject = sanitizer + + subject.permit_devise_param(:invitations_controller, :email) + + assert_equal [:email], subject.permitted_params_for(:invitations) + end + + test '#remove_permitted_devise_param fails gracefully when removing a missing param' do + subject = sanitizer + + # perform twice, just to be sure it handles it gracefully + subject.remove_permitted_devise_param(:invitations_controller, :email) + subject.remove_permitted_devise_param(:invitations_controller, :email) + + assert_equal [], subject.permitted_params_for(:invitations) + end +end + From e0ffe8f85fe6a2420d980d2c1d1061274d2c1a87 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Thu, 28 Mar 2013 11:32:36 -0500 Subject: [PATCH 0148/1473] Fix internal helper test referencing resource_params --- test/controllers/internal_helpers_test.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 939549b6a0..daa338fe6a 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -34,10 +34,13 @@ def setup end test 'get resource params from request params using resource name as key' do - user_params = {'name' => 'Shirley Templar'} - @controller.stubs(:params).returns(HashWithIndifferentAccess.new({'user' => user_params})) + user_params = {'email' => 'shirley@templar.com'} + @controller.stubs(:params).returns(ActionController::Parameters.new({'user' => user_params})) + # Stub controller name so strong parameters can filter properly. + # DeviseController does not allow any parameters by default. + @controller.stubs(:controller_name).returns(:sessions_controller) - assert_equal user_params, @controller.resource_params + assert_equal user_params, @controller.send(:resource_params) end test 'resources methods are not controller actions' do From b151d2cfe20ea13348a4ab49a9176051d587a0ec Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Mon, 1 Apr 2013 09:00:36 -0500 Subject: [PATCH 0149/1473] Remove MassAssignment security from Mongoid test shim --- test/rails_app/app/mongoid/shim.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index 602d059c1e..f74e871154 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -2,7 +2,6 @@ module Shim extend ::ActiveSupport::Concern included do - include ::ActiveModel::MassAssignmentSecurity include ::Mongoid::Timestamps field :created_at, :type => DateTime end From 77203e3d97346378806e35fc96a541403323deda Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Mon, 1 Apr 2013 09:46:46 -0500 Subject: [PATCH 0150/1473] Change parameter sanitizer instance method to scope to devise This way it's very explicit that this method is for devise and it won't run into any naming collisions with user code. --- app/controllers/devise_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 8c67eb2ddf..199bc48d74 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -187,8 +187,8 @@ def respond_with_navigational(*args, &block) # Setup a param sanitizer to filter parameters using strong_parameters. See # lib/devise/controllers/parameter_sanitizer.rb for more info. Override this # method in your application controller to use your own parameter sanitizer. - def parameters_sanitizer - @parameters_sanitizer ||= Devise::ParameterSanitizer.new + def devise_parameters_sanitizer + @devise_parameters_sanitizer ||= Devise::ParameterSanitizer.new end # Return the params to be used for mass assignment passed through the @@ -198,6 +198,6 @@ def parameters_sanitizer # parameters_sanitizer to update the default allowed lists of permitted # parameters. def resource_params - params.require(resource_name).permit(parameters_sanitizer.permitted_params_for(controller_name)) + params.require(resource_name).permit(devise_parameters_sanitizer.permitted_params_for(controller_name)) end end From bf30d79aca539836061e1caa99f40d6c837d0a4b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 3 Apr 2013 10:22:46 -0300 Subject: [PATCH 0151/1473] Update rubygems url inside Gemfile.lock --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 4a44ca0c55..8c62baccf2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,7 +8,7 @@ PATH warden (~> 1.2.1) GEM - remote: http://rubygems.org/ + remote: https://rubygems.org/ specs: actionmailer (3.2.11) actionpack (= 3.2.11) From 37473cdaf76a83605aa18d6880a57d1c5c94364d Mon Sep 17 00:00:00 2001 From: Eloy Espinaco Date: Thu, 4 Apr 2013 09:48:33 -0300 Subject: [PATCH 0152/1473] Add config to customize documentation. --- .yardopts | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .yardopts diff --git a/.yardopts b/.yardopts new file mode 100644 index 0000000000..55bb0d4b55 --- /dev/null +++ b/.yardopts @@ -0,0 +1,9 @@ +--protected +--no-private +--embed-mixin ClassMethods +- +README.md +CHANGELOG.rdoc +CONTRIBUTING.md +MIT-LICENSE + From 8e9ad4626e76cecfbdfc9a785df3ff40370c6cf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Niemier?= Date: Sat, 6 Apr 2013 18:46:21 +0200 Subject: [PATCH 0153/1473] Extract get_message --- app/controllers/devise_controller.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 94359769df..1cf7b4250c 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -164,12 +164,16 @@ def successfully_sent?(resource) # Please refer to README or en.yml locale file to check what messages are # available. def set_flash_message(key, kind, options={}) + flash[key] = get_message(kind, options) if message.present? + end + + # Get message for given + def get_message(kind, options = {}) options[:scope] = "devise.#{controller_name}" options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name options = devise_i18n_options(options) if respond_to?(:devise_i18n_options, true) - message = I18n.t("#{options[:resource_name]}.#{kind}", options) - flash[key] = message if message.present? + I18n.t("#{options[:resource_name]}.#{kind}", options) end def clean_up_passwords(object) From 95f56258d767098ca3f1b8c5e2f330aafb5f1d0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Niemier?= Date: Sun, 7 Apr 2013 08:52:11 +0200 Subject: [PATCH 0154/1473] Rename `get_message` to `find_message` and fix `set_flash_message` --- app/controllers/devise_controller.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 1cf7b4250c..d8264e21ae 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -163,12 +163,13 @@ def successfully_sent?(resource) # # Please refer to README or en.yml locale file to check what messages are # available. - def set_flash_message(key, kind, options={}) - flash[key] = get_message(kind, options) if message.present? + def set_flash_message(key, kind, options = {}) + message = find_message(kind, options) + flash[key] = message if message.present? end # Get message for given - def get_message(kind, options = {}) + def find_message(kind, options = {}) options[:scope] = "devise.#{controller_name}" options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name From d20fdf87b6cc618306e92c66e11ef54e7eb1edce Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 10 Apr 2013 10:33:50 -0500 Subject: [PATCH 0155/1473] Introduce BaseSanitizer null sanitizer and controller-specific callbacks This updates Devise's StrongParameter support to feature: - A Null base sanitizer to support existing Rails 3.x installations that don't want to use StrongParameters yet - A new, simpler API for ParameterSanitizer: #permit, #permit!, and #forbid - Overrideable callbacks on a controller-basis, e.g. #create_sessions_params for passing the current scope's parameters through StrongParameters and a helper method, whitelisted_params, for rolling your own implementations of #create_x_params in your own controllers. - Lots of tests! --- .../devise/confirmations_controller.rb | 6 +- .../devise/registrations_controller.rb | 18 ++- app/controllers/devise/unlocks_controller.rb | 6 +- app/controllers/devise_controller.rb | 23 +++- lib/devise.rb | 1 + lib/devise/parameter_sanitizer.rb | 74 +++++++---- test/parameter_sanitizer_test.rb | 120 +++++++++++++----- 7 files changed, 176 insertions(+), 72 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 588028824e..4da37d94af 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -6,7 +6,7 @@ def new # POST /resource/confirmation def create - self.resource = resource_class.send_confirmation_instructions(resource_params) + self.resource = resource_class.send_confirmation_instructions(create_confirmation_params) if successfully_sent?(resource) respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name)) @@ -39,4 +39,8 @@ def after_resending_confirmation_instructions_path_for(resource_name) def after_confirmation_path_for(resource_name, resource) after_sign_in_path_for(resource) end + + def create_confirmation_params + whitelisted_params(:confirmations) + end end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index c7cee32c3e..4558e40223 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -10,7 +10,7 @@ def new # POST /resource def create - build_resource + build_resource(create_registration_params) if resource.save if resource.active_for_authentication? @@ -40,7 +40,7 @@ def update self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) - if resource.update_with_password(resource_params) + if resource.update_with_password(update_resource_params) if is_navigational_format? flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? :update_needs_confirmation : :updated @@ -83,11 +83,7 @@ def update_needs_confirmation?(resource, previous) # Build a devise resource passing in the session. Useful to move # temporary session data to the newly created user. def build_resource(hash=nil) - if request.get? - hash ||= {} - else - hash ||= resource_params || {} - end + hash ||= {} self.resource = resource_class.new_with_session(hash, session) end @@ -120,4 +116,12 @@ def authenticate_scope! send(:"authenticate_#{resource_name}!", :force => true) self.resource = send(:"current_#{resource_name}") end + + def create_registration_params + whitelisted_params(:registrations) + end + + def update_resource_params + whitelisted_params(:registrations) + end end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 3b0d9f7f31..6566fc09cf 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -8,7 +8,7 @@ def new # POST /resource/unlock def create - self.resource = resource_class.send_unlock_instructions(resource_params) + self.resource = resource_class.send_unlock_instructions(create_unlock_params) if successfully_sent?(resource) respond_with({}, :location => after_sending_unlock_instructions_path_for(resource)) @@ -40,4 +40,8 @@ def after_sending_unlock_instructions_path_for(resource) def after_unlock_path_for(resource) new_session_path(resource) end + + def create_unlock_params + whitelisted_params(:unlocks) + end end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 199bc48d74..9099d6aef9 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -95,7 +95,7 @@ def build_resource(hash = nil, options = {}) # When building a resource, invoke strong_parameters require/permit # steps if the params hash includes the resource name. if params[resource_name] - hash ||= resource_params || {} + hash ||= whitelisted_params(controller_name) || {} else hash ||= {} end @@ -187,17 +187,26 @@ def respond_with_navigational(*args, &block) # Setup a param sanitizer to filter parameters using strong_parameters. See # lib/devise/controllers/parameter_sanitizer.rb for more info. Override this # method in your application controller to use your own parameter sanitizer. - def devise_parameters_sanitizer - @devise_parameters_sanitizer ||= Devise::ParameterSanitizer.new + def devise_parameter_sanitizer + return super if defined?(super) + @devise_parameter_sanitizer ||= if defined?(ActionController::StrongParameters) + Devise::ParameterSanitizer.new(resource_name, params) + else + Devise::BaseSanitizer.new(resource_name, params) + end end # Return the params to be used for mass assignment passed through the # strong_parameters require/permit step. To customize the parameters # permitted for a specific controller, simply prepend a before_filter and - # call #permit_devise_param or #remove_permitted_devise_param on - # parameters_sanitizer to update the default allowed lists of permitted - # parameters. + # call #permit, #permit! or #forbid on devise_parameters_sanitizer to update + # the default allowed lists of permitted parameters for a specific + # controller/action combination. + def whitelisted_params(contr_name) + devise_parameter_sanitizer.sanitize_for(contr_name) + end + def resource_params - params.require(resource_name).permit(devise_parameters_sanitizer.permitted_params_for(controller_name)) + params.fetch(resource_name, {}) end end diff --git a/lib/devise.rb b/lib/devise.rb index 750015858a..4e10343622 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -10,6 +10,7 @@ module Devise autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' autoload :ParamFilter, 'devise/param_filter' + autoload :BaseSanitizer, 'devise/parameter_sanitizer' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index ce800e2dcd..e4638bc8b4 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -1,23 +1,42 @@ module Devise - class ParameterSanitizer - attr_reader :allowed_params + class BaseSanitizer + attr_reader :params, :resource_name, :allowed_params - # Return a list of parameter names permitted to be mass-assigned for the - # passed controller. - def permitted_params_for(controller_name) - allowed_params.fetch(key_for_controller_name(controller_name), []) + def initialize(resource_name, params) + @resource_name, @params = resource_name, params + @allowed_params = {} + end + + def default_params + params.fetch(resource_name, {}) + end + + def sanitize_for(controller) + default_params + end + end + + class ParameterSanitizer < BaseSanitizer + # Return the allowed parameters passed through the StrongParametesr + # require/permit step according to the allowed_params setup via + # #permit, #permit!, #forbid, and any defaults. + def sanitize_for(controller) + permitted_params = allowed_params.fetch(param_key(controller), []).to_a + + params.require(resource_name).permit(permitted_params) end # Set up a new parameter sanitizer with a set of allowed parameters. This # gets initialized on each request so that parameters may be augmented or # changed as needed via before_filter. - def initialize + def initialize(resource_name, params) + super @allowed_params = { - :confirmations_controller => [:email], - :passwords_controller => authentication_keys + [:password, :password_confirmation, :reset_password_token], - :registrations_controller => authentication_keys + [:password, :password_confirmation, :current_password], - :sessions_controller => authentication_keys + [:password], - :unlocks_controller => [:email] + :confirmations => [:email], + :passwords => auth_keys | [:password, :password_confirmation, :reset_password_token], + :registrations => auth_keys | [:password, :password_confirmation, :current_password], + :sessions => auth_keys | [:password], + :unlocks => [:email] } end @@ -27,38 +46,41 @@ def initialize # that when adding a new controller, use the full controller name # (:confirmations_controller) and not the short names # (:confirmation/:confirmations). - def permit_devise_param(controller_name, param_name) - @allowed_params[key_for_controller_name(controller_name)] << param_name + def permit(controller_name, *param_names) + @allowed_params[param_key(controller_name)] |= param_names + true + end + + def permit!(controller_name, *param_names) + @allowed_params[param_key(controller_name)] = param_names true end # Remove specific allowed parameter for a Devise controller. If the # controller_name doesn't exist in allowed_params, it will be added to it # as an empty array. - def remove_permitted_devise_param(controller_name, param_name) - @allowed_params[key_for_controller_name(controller_name)].delete(param_name) + def forbid(controller_name, *param_names) + @allowed_params[param_key(controller_name)] -= param_names true end protected - def authentication_keys + def auth_keys Array(::Devise.authentication_keys) end # Flexibly allow access to permitting/denying/checking parameters by # controller name in the following key formats: :confirmations_controller, # :confirmations, :confirmation - def key_for_controller_name(name) - if allowed_params.has_key?(name.to_sym) - name.to_sym - elsif allowed_params.has_key?(:"#{name}s_controller") - :"#{name}s_controller" - elsif allowed_params.has_key?(:"#{name}_controller") - :"#{name}_controller" + def param_key(controller_name) + k = controller_name.to_sym + + if allowed_params.has_key?(k) + k else - @allowed_params[name.to_sym] = [] - name.to_sym + @allowed_params[k] = [] + k end end end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 56c8619343..e8f9fc84c4 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -1,52 +1,112 @@ require 'test_helper' +require 'devise/parameter_sanitizer' -class ParameterSanitizerTest < ActiveSupport::TestCase +class BaseSanitizerTest < ActiveSupport::TestCase def sanitizer - Devise::ParameterSanitizer.new + @sanitizer ||= Devise::BaseSanitizer.new(:user, {}) end - test '#permitted_params_for allows querying of allowed parameters by controller' do - assert_equal [:email], sanitizer.permitted_params_for(:confirmations_controller) - assert_equal [:email, :password, :password_confirmation, :reset_password_token], sanitizer.permitted_params_for(:password) - assert_equal [:email], sanitizer.permitted_params_for(:unlocks) + test '#default_params returns the params passed in' do + assert_equal({}, sanitizer.default_params) end +end - test '#permitted_params_for returns an empty array for a bad key' do - assert_equal [], sanitizer.permitted_params_for(:bad_key) - end +if defined?(ActionController::StrongParameters) - test '#permit_devise_param allows adding an allowed param for a specific controller' do - subject = sanitizer + require 'active_model/forbidden_attributes_protection' - subject.permit_devise_param(:confirmations_controller, :other) + class ParameterSanitizerTest < ActiveSupport::TestCase + def sanitizer(p={}) + @sanitizer ||= Devise::ParameterSanitizer.new(:user, p) + end - assert_equal [:email, :other], subject.permitted_params_for(:confirmations_controller) - end + test '#permit allows adding an allowed param for a specific controller' do + sanitizer.permit(:confirmations, :other) - test '#remove_permitted_devise_param allows disallowing a param for a specific controller' do - subject = sanitizer + assert_equal [:email, :other], sanitizer.allowed_params[:confirmations] + end - subject.remove_permitted_devise_param(:confirmations_controller, :email) + test '#permit allows adding multiple allowed params for a specific controller' do + sanitizer.permit(:confirmations, :other, :testing) - assert_equal [], subject.permitted_params_for(:confirmations_controller) - end + assert_equal [:email, :other, :testing], sanitizer.allowed_params[:confirmations] + end - test '#permit_devise_param allows adding additional devise controllers' do - subject = sanitizer + test '#permit! overrides allowed params for a specific controller' do + sanitizer.permit!(:confirmations, :other, :testing) - subject.permit_devise_param(:invitations_controller, :email) + assert_equal [:other, :testing], sanitizer.allowed_params[:confirmations] + end - assert_equal [:email], subject.permitted_params_for(:invitations) - end + test '#forbid allows disallowing a param for a specific controller' do + sanitizer.forbid(:confirmations, :email) + + assert_equal [], sanitizer.allowed_params[:confirmations] + end + + test '#forbid allows disallowing multiple params for a specific controller' do + sanitizer.forbid(:sessions, :email, :password) + + assert_equal [], sanitizer.allowed_params[:sessions] + end + + test '#permit allows adding additional devise controllers' do + sanitizer.permit(:invitations, :email) + + assert_equal [:email], sanitizer.allowed_params[:invitations] + end + + test '#permit allows adding additional devise controllers with multiple params' do + sanitizer.permit(:invitations, :email, :pin) + + assert_includes sanitizer.allowed_params[:invitations], :pin + assert_includes sanitizer.allowed_params[:invitations], :email + end + + test '#forbid fails gracefully when removing a missing param' do + # perform twice, just to be sure it handles it gracefully + sanitizer.forbid(:invitations, :email) + sanitizer.forbid(:invitations, :email) + + assert_equal [], sanitizer.allowed_params[:invitations] + end + + test '#forbid fails gracefully when removing multiple missing params' do + # perform twice, just to be sure it handles it gracefully + sanitizer.forbid(:invitations, :email, :badkey) + sanitizer.forbid(:invitations, :email, :badkey) + + assert_equal [], sanitizer.allowed_params[:invitations] + end + + test '#sanitize_for tries to require the resource name on params' do + params = ActionController::Parameters.new({:admin => {}}) + + assert_raises ActionController::ParameterMissing do + sanitizer(params).sanitize_for(:sessions) + end + end + + test '#sanitize_for performs the permit step of strong_parameters, restricting passed attributes' do + params = ActionController::Parameters.new({:user => {:admin => true}}) + + # removes the admin flag + assert_equal({}, sanitizer(params).sanitize_for(:sessions)) + end + + test '#sanitize_for respects any updates to allowed_params' do + params = ActionController::Parameters.new({:user => {:admin => true}}) + sanitizer(params).permit(:sessions, :admin) - test '#remove_permitted_devise_param fails gracefully when removing a missing param' do - subject = sanitizer + assert_equal({'admin' => true}, sanitizer(params).sanitize_for(:sessions)) + end - # perform twice, just to be sure it handles it gracefully - subject.remove_permitted_devise_param(:invitations_controller, :email) - subject.remove_permitted_devise_param(:invitations_controller, :email) + test '#sanitize_for works with newly added controllers' do + params = ActionController::Parameters.new({:user => {:email => 'abc@example.com', :pin => '1234'}}) + sanitizer(params).permit(:invitations, :email, :pin) - assert_equal [], subject.permitted_params_for(:invitations) + assert_equal({'email' => 'abc@example.com', 'pin' => '1234'}, sanitizer(params).sanitize_for(:invitations)) + end end end From 1acd3d17901462d38383a9c0912c0049b18067cd Mon Sep 17 00:00:00 2001 From: Tomas Varneckas Date: Fri, 12 Apr 2013 16:16:33 +0300 Subject: [PATCH 0156/1473] Fix devise sender bug with custom devise mailers. The devise sender detection must take into account that the default sender set in the custom devise mailer can be a proc. --- lib/devise/mailers/helpers.rb | 5 +++-- test/mailers/confirmation_instructions_test.rb | 5 +++++ test/mailers/reset_password_instructions_test.rb | 5 +++++ test/mailers/unlock_instructions_test.rb | 5 +++++ test/rails_app/app/mailers/users/mailer.rb | 6 +++++- 5 files changed, 23 insertions(+), 3 deletions(-) diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 731242e8ce..39b54a1ae4 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -54,8 +54,9 @@ def mailer_from(mapping) end def mailer_sender(mapping, sender = :from) - if default_params[sender].present? - default_params[sender] + default_sender = default_params[sender] + if default_sender.present? + default_sender.respond_to?(:call) ? default_sender.bind(self).call : default_sender elsif Devise.mailer_sender.is_a?(Proc) Devise.mailer_sender.call(mapping.name) else diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index ba55817b5b..4f05261f6b 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -46,6 +46,11 @@ def mail assert_equal ['custom@example.com'], mail.from end + test 'setup sender from curstom mailer defaults with proc' do + Devise.mailer = 'Users::FromProcMailer' + assert_equal ['custom@example.com'], mail.from + end + test 'custom mailer renders parent mailer template' do Devise.mailer = 'Users::Mailer' assert_not_blank mail.body.encoded diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 6aed7b1c67..6eb5acea95 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -48,6 +48,11 @@ def mail assert_equal ['custom@example.com'], mail.from end + test 'setup sender from curstom mailer defaults with proc' do + Devise.mailer = 'Users::FromProcMailer' + assert_equal ['custom@example.com'], mail.from + end + test 'custom mailer renders parent mailer template' do Devise.mailer = 'Users::Mailer' assert_not_blank mail.body.encoded diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index fb7324a696..9d5d6698d1 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -49,6 +49,11 @@ def mail assert_equal ['custom@example.com'], mail.from end + test 'setup sender from curstom mailer defaults with proc' do + Devise.mailer = 'Users::FromProcMailer' + assert_equal ['custom@example.com'], mail.from + end + test 'custom mailer renders parent mailer template' do Devise.mailer = 'Users::Mailer' assert_not_blank mail.body.encoded diff --git a/test/rails_app/app/mailers/users/mailer.rb b/test/rails_app/app/mailers/users/mailer.rb index 6b6b8fbf75..f81d49cae8 100644 --- a/test/rails_app/app/mailers/users/mailer.rb +++ b/test/rails_app/app/mailers/users/mailer.rb @@ -5,4 +5,8 @@ class Users::Mailer < Devise::Mailer class Users::ReplyToMailer < Devise::Mailer default :from => 'custom@example.com' default :reply_to => 'custom_reply_to@example.com' -end \ No newline at end of file +end + +class Users::FromProcMailer < Devise::Mailer + default :from => proc { 'custom@example.com' } +end From 36557ef641408c290bedabc28edfb2e355334d6a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 13 Apr 2013 10:53:30 -0300 Subject: [PATCH 0157/1473] :scissors: [ci skip] --- app/controllers/devise/sessions_controller.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 5cd22999a6..e3760370da 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -45,4 +45,3 @@ def auth_options { :scope => resource_name, :recall => "#{controller_path}#new" } end end - From 32a141d2a90b30a637b1fbf3b0841800334d6f73 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 13 Apr 2013 10:54:52 -0300 Subject: [PATCH 0158/1473] Fix typo in test descriptions --- test/mailers/confirmation_instructions_test.rb | 2 +- test/mailers/reset_password_instructions_test.rb | 2 +- test/mailers/unlock_instructions_test.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 4f05261f6b..9cb613ebbd 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -46,7 +46,7 @@ def mail assert_equal ['custom@example.com'], mail.from end - test 'setup sender from curstom mailer defaults with proc' do + test 'setup sender from custom mailer defaults with proc' do Devise.mailer = 'Users::FromProcMailer' assert_equal ['custom@example.com'], mail.from end diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 6eb5acea95..d56b9b787d 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -48,7 +48,7 @@ def mail assert_equal ['custom@example.com'], mail.from end - test 'setup sender from curstom mailer defaults with proc' do + test 'setup sender from custom mailer defaults with proc' do Devise.mailer = 'Users::FromProcMailer' assert_equal ['custom@example.com'], mail.from end diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 9d5d6698d1..6b61080e40 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -49,7 +49,7 @@ def mail assert_equal ['custom@example.com'], mail.from end - test 'setup sender from curstom mailer defaults with proc' do + test 'setup sender from custom mailer defaults with proc' do Devise.mailer = 'Users::FromProcMailer' assert_equal ['custom@example.com'], mail.from end From d89dad572824df7fbd88e74365f5301f7c420aa1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 13 Apr 2013 10:57:10 -0300 Subject: [PATCH 0159/1473] Bundle update for both Rails 3.1 and 3.2, update mocha, fix failing tests --- Gemfile | 2 +- Gemfile.lock | 106 +++++++++++++++--------------- gemfiles/Gemfile.rails-3.1.x | 4 +- gemfiles/Gemfile.rails-3.1.x.lock | 104 ++++++++++++++--------------- test/models/rememberable_test.rb | 3 +- test/models_test.rb | 7 +- test/test_helper.rb | 2 +- 7 files changed, 117 insertions(+), 111 deletions(-) diff --git a/Gemfile b/Gemfile index f365312e40..90fb228f42 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.2", :require => false - gem "mocha", "0.10.0", :require => false + gem "mocha", "~> 0.13.1", :require => false end platforms :jruby do diff --git a/Gemfile.lock b/Gemfile.lock index 8c62baccf2..245f190a80 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,65 +10,65 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (3.2.11) - actionpack (= 3.2.11) - mail (~> 2.4.4) - actionpack (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) + actionmailer (3.2.13) + actionpack (= 3.2.13) + mail (~> 2.5.3) + actionpack (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) - rack (~> 1.4.0) + rack (~> 1.4.5) rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) - activemodel (3.2.11) - activesupport (= 3.2.11) + activemodel (3.2.13) + activesupport (= 3.2.13) builder (~> 3.0.0) - activerecord (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) + activerecord (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) - activesupport (3.2.11) - i18n (~> 0.6) + activeresource (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) + activesupport (3.2.13) + i18n (= 0.6.1) multi_json (~> 1.0) arel (3.0.2) bcrypt-ruby (3.0.1) builder (3.0.4) erubis (2.7.0) - faraday (0.8.4) + faraday (0.8.7) multipart-post (~> 1.1) hashie (1.2.0) - hike (1.2.1) + hike (1.2.2) httpauth (0.2.0) i18n (0.6.1) journey (1.0.4) - json (1.7.6) - jwt (0.1.5) - multi_json (>= 1.0) - mail (2.4.4) + json (1.7.7) + jwt (0.1.8) + multi_json (>= 1.5) + mail (2.5.3) i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.19) - mocha (0.10.0) + mime-types (1.22) + mocha (0.13.3) metaclass (~> 0.0.1) - mongoid (3.0.16) - activemodel (~> 3.1) - moped (~> 1.1) + mongoid (3.1.2) + activemodel (~> 3.2) + moped (~> 1.4.2) origin (~> 1.0) tzinfo (~> 0.3.22) - moped (1.3.2) - multi_json (1.5.0) - multipart-post (1.1.5) - nokogiri (1.5.5) - oauth2 (0.8.0) + moped (1.4.5) + multi_json (1.7.2) + multipart-post (1.2.0) + nokogiri (1.5.9) + oauth2 (0.8.1) faraday (~> 0.8) httpauth (~> 0.1) jwt (~> 0.1.4) @@ -88,47 +88,47 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - rack (1.4.3) + rack (1.4.5) rack-cache (1.2) rack (>= 0.4) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-ssl (1.3.2) + rack-ssl (1.3.3) rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.11) - actionmailer (= 3.2.11) - actionpack (= 3.2.11) - activerecord (= 3.2.11) - activeresource (= 3.2.11) - activesupport (= 3.2.11) + rails (3.2.13) + actionmailer (= 3.2.13) + actionpack (= 3.2.13) + activerecord (= 3.2.13) + activeresource (= 3.2.13) + activesupport (= 3.2.13) bundler (~> 1.0) - railties (= 3.2.11) - railties (3.2.11) - actionpack (= 3.2.11) - activesupport (= 3.2.11) + railties (= 3.2.13) + railties (3.2.13) + actionpack (= 3.2.13) + activesupport (= 3.2.13) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) - rake (10.0.3) - rdoc (3.12) + rake (10.0.4) + rdoc (3.12.2) json (~> 1.4) - ruby-openid (2.2.2) + ruby-openid (2.2.3) sprockets (2.2.2) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.6) - thor (0.16.0) - tilt (1.3.3) + sqlite3 (1.3.7) + thor (0.18.1) + tilt (1.3.7) treetop (1.4.12) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.35) + tzinfo (0.3.37) warden (1.2.1) rack (>= 1.0) webrat (0.7.2) @@ -144,7 +144,7 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha (= 0.10.0) + mocha (~> 0.13.1) mongoid (~> 3.0) omniauth (~> 1.0.0) omniauth-facebook diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x index 7e6b1db673..c78e8970e1 100644 --- a/gemfiles/Gemfile.rails-3.1.x +++ b/gemfiles/Gemfile.rails-3.1.x @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.2", :require => false - gem "mocha", "0.10.0", :require => false + gem "mocha", "~> 0.13.1", :require => false platforms :mri_18 do gem "ruby-debug", ">= 0.10.3" @@ -32,4 +32,4 @@ platforms :mri_19 do group :mongoid do gem "mongoid", "~> 3.0" end -end \ No newline at end of file +end diff --git a/gemfiles/Gemfile.rails-3.1.x.lock b/gemfiles/Gemfile.rails-3.1.x.lock index cd20f8392c..65a0ab58b9 100644 --- a/gemfiles/Gemfile.rails-3.1.x.lock +++ b/gemfiles/Gemfile.rails-3.1.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (2.2.0) + devise (2.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) @@ -10,12 +10,12 @@ PATH GEM remote: http://rubygems.org/ specs: - actionmailer (3.1.10) - actionpack (= 3.1.10) - mail (~> 2.3.3) - actionpack (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) + actionmailer (3.1.12) + actionpack (= 3.1.12) + mail (~> 2.4.4) + actionpack (3.1.12) + activemodel (= 3.1.12) + activesupport (= 3.1.12) builder (~> 3.0.0) erubis (~> 2.7.0) i18n (~> 0.6) @@ -24,54 +24,54 @@ GEM rack-mount (~> 0.8.2) rack-test (~> 0.6.1) sprockets (~> 2.0.4) - activemodel (3.1.10) - activesupport (= 3.1.10) + activemodel (3.1.12) + activesupport (= 3.1.12) builder (~> 3.0.0) i18n (~> 0.6) - activerecord (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) + activerecord (3.1.12) + activemodel (= 3.1.12) + activesupport (= 3.1.12) arel (~> 2.2.3) tzinfo (~> 0.3.29) - activeresource (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) - activesupport (3.1.10) - multi_json (>= 1.0, < 1.3) + activeresource (3.1.12) + activemodel (= 3.1.12) + activesupport (= 3.1.12) + activesupport (3.1.12) + multi_json (~> 1.0) arel (2.2.3) bcrypt-ruby (3.0.1) builder (3.0.4) columnize (0.3.6) erubis (2.7.0) - faraday (0.8.4) + faraday (0.8.7) multipart-post (~> 1.1) hashie (1.2.0) - hike (1.2.1) + hike (1.2.2) httpauth (0.2.0) - i18n (0.6.1) - json (1.7.6) - jwt (0.1.5) - multi_json (>= 1.0) + i18n (0.6.4) + json (1.7.7) + jwt (0.1.8) + multi_json (>= 1.5) linecache (0.46) rbx-require-relative (> 0.0.4) - mail (2.3.3) + mail (2.4.4) i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.19) - mocha (0.10.0) + mime-types (1.22) + mocha (0.13.3) metaclass (~> 0.0.1) - mongoid (3.0.16) + mongoid (3.0.23) activemodel (~> 3.1) - moped (~> 1.1) + moped (~> 1.2) origin (~> 1.0) tzinfo (~> 0.3.22) - moped (1.3.2) - multi_json (1.2.0) - multipart-post (1.1.5) - nokogiri (1.5.6) - oauth2 (0.8.0) + moped (1.4.5) + multi_json (1.7.2) + multipart-post (1.2.0) + nokogiri (1.5.9) + oauth2 (0.8.1) faraday (~> 0.8) httpauth (~> 0.1) jwt (~> 0.1.4) @@ -91,7 +91,7 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - rack (1.3.8) + rack (1.3.10) rack-cache (1.2) rack (>= 0.4) rack-mount (0.8.3) @@ -99,46 +99,46 @@ GEM rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-ssl (1.3.2) + rack-ssl (1.3.3) rack rack-test (0.6.2) rack (>= 1.0) - rails (3.1.10) - actionmailer (= 3.1.10) - actionpack (= 3.1.10) - activerecord (= 3.1.10) - activeresource (= 3.1.10) - activesupport (= 3.1.10) + rails (3.1.12) + actionmailer (= 3.1.12) + actionpack (= 3.1.12) + activerecord (= 3.1.12) + activeresource (= 3.1.12) + activesupport (= 3.1.12) bundler (~> 1.0) - railties (= 3.1.10) - railties (3.1.10) - actionpack (= 3.1.10) - activesupport (= 3.1.10) + railties (= 3.1.12) + railties (3.1.12) + actionpack (= 3.1.12) + activesupport (= 3.1.12) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (~> 0.14.6) - rake (10.0.3) + rake (10.0.4) rbx-require-relative (0.0.9) - rdoc (3.12) + rdoc (3.12.2) json (~> 1.4) ruby-debug (0.10.4) columnize (>= 0.1) ruby-debug-base (~> 0.10.4.0) ruby-debug-base (0.10.4) linecache (>= 0.3) - ruby-openid (2.2.2) + ruby-openid (2.2.3) sprockets (2.0.4) hike (~> 1.2) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.6) + sqlite3 (1.3.7) thor (0.14.6) - tilt (1.3.3) + tilt (1.3.7) treetop (1.4.12) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.35) + tzinfo (0.3.37) warden (1.2.1) rack (>= 1.0) webrat (0.7.2) @@ -154,7 +154,7 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha (= 0.10.0) + mocha (~> 0.13.1) mongoid (~> 3.0) omniauth (~> 1.0.0) omniauth-facebook diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 1a185f6f1f..645f503e91 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -57,9 +57,10 @@ def create_resource test 'forget_me should not try to update resource if it has been destroyed' do resource = create_resource - resource.destroy resource.expects(:remember_created_at).never resource.expects(:save).never + + resource.destroy resource.forget_me! end diff --git a/test/models_test.rb b/test/models_test.rb index 705ad76882..6a00259889 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -83,7 +83,12 @@ def assert_include_modules(klass, *modules) end test 'set null fields on migrations' do - Admin.create! + # Ignore email sending since no email exists. + klass = Class.new(Admin) do + def send_devise_notification(*); end + end + + klass.create! end end diff --git a/test/test_helper.rb b/test/test_helper.rb index f3659efadb..6042044661 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -10,7 +10,7 @@ I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) -require 'mocha' +require 'mocha/setup' require 'webrat' Webrat.configure do |config| config.mode = :rails From ea94e199cec143d46dbc1500e22967c9e8dcb239 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 13 Apr 2013 11:14:13 -0300 Subject: [PATCH 0160/1473] Bundle update --- Gemfile.lock | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e2dab4b2f8..16c64625da 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 6c8b3f2501ad12dbd453a86d3fe2374a4d14378c + revision: 4a931ca105fddf59cc2f8619e973233376cf4b67 branch: master specs: mongoid (4.0.0) @@ -11,7 +11,7 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 31216ec84b6988683c0c60e1ff08163a75d27680 + revision: 67bb49b69e1f10c2b35a53a645ed98a028375f1d branch: master specs: actionmailer (4.0.0.beta1) @@ -49,8 +49,7 @@ GIT actionpack (= 4.0.0.beta1) activesupport (= 4.0.0.beta1) rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.17.0, < 2.0) + thor (>= 0.18.1, < 2.0) PATH remote: . @@ -66,14 +65,14 @@ GEM specs: activerecord-deprecated_finders (0.0.3) arel (4.0.0.beta2) - atomic (1.0.1) + atomic (1.1.7) bcrypt-ruby (3.0.1) builder (3.1.4) erubis (2.7.0) faraday (0.8.7) multipart-post (~> 1.1) hashie (1.2.0) - hike (1.2.1) + hike (1.2.2) httpauth (0.2.0) i18n (0.6.4) json (1.7.7) @@ -84,8 +83,8 @@ GEM mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.21) - minitest (4.7.0) + mime-types (1.22) + minitest (4.7.1) mocha (0.13.3) metaclass (~> 0.0.1) moped (1.4.5) @@ -112,7 +111,7 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - protected_attributes (1.0.0) + protected_attributes (1.0.1) activemodel (>= 4.0.0.beta, < 5.0) rack (1.5.2) rack-openid (1.3.1) @@ -121,10 +120,10 @@ GEM rack-test (0.6.2) rack (>= 1.0) rake (10.0.4) - rdoc (3.12.2) + rdoc (4.0.1) json (~> 1.4) ruby-openid (2.2.3) - sprockets (2.9.0) + sprockets (2.9.2) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) @@ -134,10 +133,10 @@ GEM activesupport (>= 3.0) sprockets (~> 2.8) sqlite3 (1.3.7) - thor (0.18.0) + thor (0.18.1) thread_safe (0.1.0) atomic - tilt (1.3.6) + tilt (1.3.7) treetop (1.4.12) polyglot polyglot (>= 0.3.1) From ac2ebdfb11b2b4e79a68f98239c6905ad56f6f58 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 13 Apr 2013 11:16:10 -0300 Subject: [PATCH 0161/1473] Fix session store changed in Rails master There's no encrypted cookie store anymore, by default the cookie store will be encrypted. --- test/rails_app/config/initializers/session_store.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rails_app/config/initializers/session_store.rb b/test/rails_app/config/initializers/session_store.rb index d770aeb8b8..5ac94e7e5d 100644 --- a/test/rails_app/config/initializers/session_store.rb +++ b/test/rails_app/config/initializers/session_store.rb @@ -1 +1 @@ -RailsApp::Application.config.session_store :encrypted_cookie_store, key: '_rails_app_session' +RailsApp::Application.config.session_store :cookie_store, key: '_rails_app_session' From fa5ae57ce44d25ac81c99564d555a40815a82678 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 13 Apr 2013 11:35:50 -0300 Subject: [PATCH 0162/1473] Use instance_eval instead of Proc#bind Keep the implementation more similar to how it works in Action Mailer, and avoid deprecation warnings with Proc#bind being raised in rails4 branch. --- lib/devise/mailers/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 39b54a1ae4..4d4c7749bc 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -56,7 +56,7 @@ def mailer_from(mapping) def mailer_sender(mapping, sender = :from) default_sender = default_params[sender] if default_sender.present? - default_sender.respond_to?(:call) ? default_sender.bind(self).call : default_sender + default_sender.respond_to?(:to_proc) ? instance_eval(&default_sender) : default_sender elsif Devise.mailer_sender.is_a?(Proc) Devise.mailer_sender.call(mapping.name) else From 5bf4f57fcf7c8e397b142a16e8d0aabe763f95b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 13 Apr 2013 22:07:54 -0700 Subject: [PATCH 0163/1473] Tidy up devise configuration --- lib/devise.rb | 8 ++------ lib/devise/models/authenticatable.rb | 4 ++-- lib/devise/models/token_authenticatable.rb | 2 +- lib/devise/strategies/authenticatable.rb | 11 +++------- .../strategies/token_authenticatable.rb | 20 +++++++++++-------- lib/generators/templates/devise.rb | 13 ++++++------ test/integration/http_authenticatable_test.rb | 2 +- .../integration/token_authenticatable_test.rb | 4 ++-- 8 files changed, 29 insertions(+), 35 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index c233e31ba0..5479f6bca0 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -52,8 +52,8 @@ module Strategies @@stretches = 10 # The default key used when authenticating over http auth. - mattr_accessor :http_auth_key - @@http_auth_key = nil + mattr_accessor :http_authentication_key + @@http_authentication_key = nil # Keys used when authenticating a user. mattr_accessor :authentication_keys @@ -182,10 +182,6 @@ module Strategies mattr_accessor :token_authentication_key @@token_authentication_key = :auth_token - # Allow HTTP token authorization to set token_authentication_key - mattr_accessor :allow_token_authenticatable_via_headers - @@allow_token_authenticatable_via_headers = true - # Skip session storage for the following strategies mattr_accessor :skip_session_storage @@skip_session_storage = [] diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index c97a4740ed..336db21389 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -10,7 +10,7 @@ module Models # # * +authentication_keys+: parameters used for authentication. By default [:email]. # - # * +http_auth_key+: map the username passed via HTTP Auth to this parameter. Defaults to + # * +http_authentication_key+: map the username passed via HTTP Auth to this parameter. Defaults to # the first element in +authentication_keys+. # # * +request_keys+: parameters from the request object used for authentication. @@ -198,7 +198,7 @@ def apply_to_attribute_or_variable(attr, method) module ClassMethods Devise::Models.config(self, :authentication_keys, :request_keys, :strip_whitespace_keys, :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage, - :http_auth_key) + :http_authentication_key) def serialize_into_session(record) [record.to_key, record.authenticatable_salt] diff --git a/lib/devise/models/token_authenticatable.rb b/lib/devise/models/token_authenticatable.rb index 11d962328d..ffe4d30141 100644 --- a/lib/devise/models/token_authenticatable.rb +++ b/lib/devise/models/token_authenticatable.rb @@ -82,7 +82,7 @@ def authentication_token generate_token(:authentication_token) end - Devise::Models.config(self, :token_authentication_key, :allow_token_authenticatable_via_headers, :expire_auth_token_on_timeout) + Devise::Models.config(self, :token_authentication_key, :expire_auth_token_on_timeout) end end end diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 3efcbe6701..28f12cdacb 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -100,7 +100,7 @@ def params_auth_hash # Extract a hash with attributes:values from the http params. def http_auth_hash - keys = [http_auth_key, :password] + keys = [http_authentication_key, :password] Hash[*keys.zip(decode_credentials).flatten] end @@ -134,32 +134,27 @@ def with_authentication_hash(auth_type, auth_values) parse_authentication_key_values(request_values, request_keys) end - # Holds the authentication keys. def authentication_keys @authentication_keys ||= mapping.to.authentication_keys end - def http_auth_key - @http_auth_key ||= mapping.to.http_auth_key - @http_auth_key ||= case authentication_keys + def http_authentication_key + @http_authentication_key ||= mapping.to.http_authentication_key || case authentication_keys when Array then authentication_keys.first when Hash then authentication_keys.keys.first end end - # Holds request keys. def request_keys @request_keys ||= mapping.to.request_keys end - # Returns values from the request object. def request_values keys = request_keys.respond_to?(:keys) ? request_keys.keys : request_keys values = keys.map { |k| self.request.send(k) } Hash[keys.zip(values)] end - # Parse authentication keys considering if they should be enforced or not. def parse_authentication_key_values(hash, keys) keys.each do |key, enforce| value = hash[key].presence diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb index 71be735afb..f4f9bddfa8 100644 --- a/lib/devise/strategies/token_authenticatable.rb +++ b/lib/devise/strategies/token_authenticatable.rb @@ -7,8 +7,13 @@ module Strategies # # http://myapp.example.com/?user_token=SECRET # - # For HTTP, you can pass the token as username and blank password. Since some clients may require - # a password, you can pass "X" as password and it will simply be ignored. + # For headers, you can use basic authentication passing the token as username and + # blank password. Since some clients may require a password, you can pass "X" as + # password and it will simply be ignored. + # + # You may also pass the token using the Token authentication mechanism provided + # by Rails: http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html + # The token options are stored in request.env['devise.token_options'] class TokenAuthenticatable < Authenticatable def store? super && !mapping.to.skip_session_storage.include?(:token_auth) @@ -42,7 +47,7 @@ def remember_me? # Check if the model accepts this strategy as token authenticatable. def token_authenticatable? - mapping.to.allow_token_authenticatable_via_headers + mapping.to.http_authenticatable?(:token_options) end # Check if this is strategy is valid for token authentication by: @@ -57,17 +62,16 @@ def valid_for_token_auth? # Extract the auth token from the request def auth_token - @auth_token ||= ActionController::HttpAuthentication::Token. - token_and_options(request) + @auth_token ||= ActionController::HttpAuthentication::Token.token_and_options(request) end - # Extract a hash with attributes:values from the auth_token. + # Extract a hash with attributes:values from the auth_token def token_auth_hash request.env['devise.token_options'] = auth_token.last - {authentication_keys.first => auth_token.first} + { authentication_keys.first => auth_token.first } end - # Try both scoped and non scoped keys. + # Try both scoped and non scoped keys def params_auth_hash if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first) params[scope] diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 8b67dc3ccf..6b06cad68d 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -48,10 +48,14 @@ # enable it only for database (email + password) authentication. # config.params_authenticatable = true - # Tell if authentication through HTTP Basic Auth is enabled. False by default. + # Tell if authentication through HTTP Auth is enabled. False by default. # It can be set to an array that will enable http authentication only for the # given strategies, for example, `config.http_authenticatable = [:token]` will - # enable it only for token authentication. + # enable it only for token authentication. The supported strategies are: + # :database = Support basic authentication with authentication key + password + # :token = Support basic authentication with token authentication key + # :token_options = Support token authentication with options as defined in + # http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html # config.http_authenticatable = false # If http headers should be returned for AJAX requests. True by default. @@ -184,11 +188,6 @@ # Defines name of the authentication token params key # config.token_authentication_key = :auth_token - # Tell if authentication through HTTP Token Auth is enabled. True by default. - # Any extra options passed along with the options will be available in the - # env['devise.token_options'] hash - # config.allow_token_authenticatable_via_headers = false - # ==> Scopes configuration # Turn scoped views on. Before rendering "sessions/new", it will first check for # "users/sessions/new". It's turned off by default because it's slower if you diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 889a9beed7..f7f77f677c 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -72,7 +72,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses the appropriate key when configured explicitly' do - swap Devise, :authentication_keys => { :email => false, :username => false }, :http_auth_key => :username do + swap Devise, :authentication_keys => { :email => false, :username => false }, :http_authentication_key => :username do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body diff --git a/test/integration/token_authenticatable_test.rb b/test/integration/token_authenticatable_test.rb index d744ff6508..38750fcf95 100644 --- a/test/integration/token_authenticatable_test.rb +++ b/test/integration/token_authenticatable_test.rb @@ -141,7 +141,7 @@ class TokenAuthenticationTest < ActionDispatch::IntegrationTest end test 'authenticate with valid authentication token key and value through http header, with options' do - swap Devise, :token_authentication_key => :secret_token do + swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:token_options] do signature = "**TESTSIGNATURE**" sign_in_as_new_user_with_token(:token_auth => true, :token_options => {:signature => signature, :nonce => 'def'}) @@ -154,7 +154,7 @@ class TokenAuthenticationTest < ActionDispatch::IntegrationTest end test 'authenticate with valid authentication token key and value through http header without allowing token authorization setting is denied' do - swap Devise, :token_authentication_key => :secret_token, :allow_token_authenticatable_via_headers => false do + swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => false do sign_in_as_new_user_with_token(:token_auth => true) assert_response :unauthorized From 2dfa7e17617065a3c722e9ed458dbe91801e29f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 13 Apr 2013 22:10:48 -0700 Subject: [PATCH 0164/1473] Update CHANGELOG --- CHANGELOG.rdoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 5d4873e974..83b0b28c2e 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -3,10 +3,13 @@ * enhancements * Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by @gregates) * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby) + * Support Rails' token strategy on authentication (by @robhurring) + * Support explicitly setting the http authentication key via `config.http_authentication_key` (by @neo) * bug fix * Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by @nashby) * Fix inheriting mailer templates from `Devise::Mailer` + * Fix a bug when procs are used as default mailer in Devise (by @tomasv) == 2.2.3 From 3ed0dc5d9fd56e60a46b9bea0de834d5901638fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 13 Apr 2013 23:34:07 -0700 Subject: [PATCH 0165/1473] Update README --- README.md | 76 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 5a4b4cc47f..05a1963c43 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ user_session After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use `user_root_path` if it exists, otherwise default `root_path` will be used. This means that you need to set the root inside your routes: ```ruby -root :to => "home#index" +root to: "home#index" ``` You can also overwrite `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks. @@ -174,34 +174,31 @@ devise :database_authenticatable, :registerable, :confirmable, :recoverable, :st Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the "devise:install" generator described above. -### Configuring multiple models +### Parameter sanitization -Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps: +Wehn you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. -```ruby -# Create a migration with the required fields -create_table :admins do |t| - t.string :email - t.string :encrypted_password - t.timestamps -end +There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permited parameters by default are: -# Inside your Admin model -devise :database_authenticatable, :timeoutable +* `sign_in` (`Devise::SessionsController#new`) - Permits only the authentication keys (like `email`) +* `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` +* `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password` -# Inside your routes -devise_for :admins +In case you want to customize the permitted parameters (the lazy way™) you can do with a simple before filter in your `ApplicationController`: -# Inside your protected controller -before_filter :authenticate_admin! +```ruby +class ApplicationController < ActionController::Base + before_filter :configure_permitted_parameters -# Inside your controllers and views -admin_signed_in? -current_admin -admin_session + protected + + def configure_permitted_parameters + devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) } + end +end ``` -On the other hand, you can simply run the generator! +The example above overrides the permitted parameters for the user to be both `:username` and `:email`. The non-lazy way to configure parameters would be by defining the before filter above in a custom controller. We detail how to configure and customize controllers in some sections below. ### Configuring views @@ -351,15 +348,40 @@ You can read more about Omniauth support in the wiki: * https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview -### Other ORMs +### Configuring multiple models -Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file. +Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps: -### Migrating from other solutions +```ruby +# Create a migration with the required fields +create_table :admins do |t| + t.string :email + t.string :encrypted_password + t.timestamps +end + +# Inside your Admin model +devise :database_authenticatable, :timeoutable + +# Inside your routes +devise_for :admins + +# Inside your protected controller +before_filter :authenticate_admin! -Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of these strategies, you need set the desired encryptor in the encryptor initializer config option and add :encryptable to your model. You might also need to rename your encrypted password and salt columns to match Devise's fields (encrypted_password and password_salt). +# Inside your controllers and views +admin_signed_in? +current_admin +admin_session +``` + +On the other hand, you can simply run the generator! -## Troubleshooting +### Other ORMs + +Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file. + +## Additional information ### Heroku @@ -371,8 +393,6 @@ config.assets.initialize_on_precompile = false Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html -## Additional information - ### Warden Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here: From b3edfeab731da77d5824d7c8b6d792432c77bb25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 13 Apr 2013 23:35:58 -0700 Subject: [PATCH 0166/1473] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 5a4b4cc47f..53e233155e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ ![Devise Logo](https://raw.github.com/plataformatec/devise/master/devise.png) +By [Plataformatec](http://plataformatec.com.br/). + [![Gem Version](https://fury-badge.herokuapp.com/rb/devise.png)](http://badge.fury.io/rb/devise) [![Build Status](https://secure.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise) From 8ec89bf6598389a0a37cb50a45b4c4f3ade6b8ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 13 Apr 2013 23:39:32 -0700 Subject: [PATCH 0167/1473] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 05a1963c43..1a122b689a 100644 --- a/README.md +++ b/README.md @@ -174,9 +174,9 @@ devise :database_authenticatable, :registerable, :confirmable, :recoverable, :st Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the "devise:install" generator described above. -### Parameter sanitization +### Strong Parameters -Wehn you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. +When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permited parameters by default are: From c6189696772925ae0c608fdd8d535f735e8e114e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 14 Apr 2013 08:49:30 -0700 Subject: [PATCH 0168/1473] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1a122b689a..4548f1ea1a 100644 --- a/README.md +++ b/README.md @@ -188,7 +188,7 @@ In case you want to customize the permitted parameters (the lazy way™) you can ```ruby class ApplicationController < ActionController::Base - before_filter :configure_permitted_parameters + before_filter :configure_permitted_parameters, if: :devise_controller? protected From 1f68309c470fbba06c9570ea259c6678875baa2f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 15 Apr 2013 15:50:06 -0300 Subject: [PATCH 0169/1473] :scissors: changelog [ci skip] --- CHANGELOG.rdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 83b0b28c2e..cda2ef9ef1 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -4,7 +4,7 @@ * Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by @gregates) * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby) * Support Rails' token strategy on authentication (by @robhurring) - * Support explicitly setting the http authentication key via `config.http_authentication_key` (by @neo) + * Support explicitly setting the http authentication key via `config.http_authentication_key` (by @neo) * bug fix * Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by @nashby) From 2e6457006eed6793fc5adc2b37f22add79a4c22e Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Thu, 18 Apr 2013 10:24:38 +0530 Subject: [PATCH 0170/1473] Remove unused variables and fix typos --- lib/devise.rb | 4 ++-- lib/devise/mailers/helpers.rb | 2 +- lib/devise/models/authenticatable.rb | 4 ++-- lib/devise/models/timeoutable.rb | 2 +- test/integration/confirmable_test.rb | 4 ++-- test/integration/omniauthable_test.rb | 2 +- test/integration/recoverable_test.rb | 2 +- test/integration/registerable_test.rb | 4 ++-- test/integration/rememberable_test.rb | 16 ++++++++-------- test/models/lockable_test.rb | 2 +- test/models/rememberable_test.rb | 4 ++-- test/models/validatable_test.rb | 6 +++--- 12 files changed, 26 insertions(+), 26 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 5479f6bca0..accca99759 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -315,7 +315,7 @@ def self.add_mapping(resource, options) # == Options: # # +model+ - String representing the load path to a custom *model* for this module (to autoload.) - # +controller+ - Symbol representing the name of an exisiting or custom *controller* for this module. + # +controller+ - Symbol representing the name of an existing or custom *controller* for this module. # +route+ - Symbol representing the named *route* helper for this module. # +strategy+ - Symbol representing if this module got a custom *strategy*. # @@ -443,7 +443,7 @@ def self.configure_warden! #:nodoc: end end - # Generate a friendly string randomically to be used as token. + # Generate a friendly string randomly to be used as token. def self.friendly_token SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz') end diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 4d4c7749bc..4f70747a45 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -70,7 +70,7 @@ def template_paths template_path end - # Setup a subject doing an I18n lookup. At first, it attemps to set a subject + # Setup a subject doing an I18n lookup. At first, it attempts to set a subject # based on the current mapping: # # en: diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 336db21389..e0a5ad5d9d 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -18,7 +18,7 @@ module Models # passed to find_for_authentication method and considered in your model lookup. # # For instance, if you set :request_keys to [:subdomain], :subdomain will be considered - # as key on authentication. This can also be a hash where the value is a boolean expliciting + # as key on authentication. This can also be a hash where the value is a boolean specifying # if the value is required or not. # # * +http_authenticatable+: if this model allows http authentication. By default true. @@ -35,7 +35,7 @@ module Models # == active_for_authentication? # # After authenticating a user and in each request, Devise checks if your model is active by - # calling model.active_for_authentication?. This method is overwriten by other devise modules. For instance, + # calling model.active_for_authentication?. This method is overwritten by other devise modules. For instance, # :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed. # # You overwrite this method yourself, but if you do, don't forget to call super: diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index d595323c95..ecc9debf76 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -2,7 +2,7 @@ module Devise module Models - # Timeoutable takes care of veryfing whether a user session has already + # Timeoutable takes care of verifyng whether a user session has already # expired or not. When a session expires after the configured time, the user # will be asked for credentials again, it means, he/she will be redirected # to the sign in page. diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 1e20ec0d21..fedfbe7328 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -167,7 +167,7 @@ def resend_confirmation end test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do - user = create_user(:confirm => false) + create_user(:confirm => false) post user_confirmation_path(:format => 'xml'), :user => { :email => 'invalid.test@test.com' } assert_response :unprocessable_entity assert response.body.include? %(\n) @@ -181,7 +181,7 @@ def resend_confirmation end test 'confirm account with invalid confirmation token in XML format should return invalid response' do - user = create_user(:confirm => false) + create_user(:confirm => false) get user_confirmation_path(:confirmation_token => 'invalid_confirmation', :format => 'xml') assert_response :unprocessable_entity assert response.body.include? %(\n) diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 6269851509..f73324c2c1 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -90,7 +90,7 @@ def stub_action!(name) end assert session["devise.facebook_data"] - user = sign_in_as_user + sign_in_as_user assert !session["devise.facebook_data"] end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 28781e5e5f..5609c96f7c 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -270,7 +270,7 @@ def reset_password(options={}, &block) end test 'change password with invalid token in XML format should return invalid response' do - user = create_user + create_user request_forgot_password put user_password_path(:format => 'xml'), :user => {:reset_password_token => 'invalid.token', :password => '987654321', :password_confirmation => '987654321'} assert_response :unprocessable_entity diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 9583097f54..082e402b71 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -112,7 +112,7 @@ def user_sign_up # https://github.com/mongoid/mongoid/issues/756 (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1 - user = create_user + create_user get new_user_registration_path fill_in 'email', :with => 'user@test.com' @@ -285,7 +285,7 @@ def user_sign_up end test 'a user cancel his account in XML format should return valid response' do - user = sign_in_as_user + sign_in_as_user delete user_registration_path(:format => 'xml') assert_response :success assert_equal User.count, 0 diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 69fb202cf0..9b1023b1f3 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -26,7 +26,7 @@ def cookie_expires(key) end test 'do not remember the user if he has not checked remember me option' do - user = sign_in_as_user + sign_in_as_user assert_nil request.cookies["remember_user_cookie"] end @@ -43,7 +43,7 @@ def cookie_expires(key) end test 'generate remember token after sign in' do - user = sign_in_as_user :remember_me => true + sign_in_as_user :remember_me => true assert request.cookies["remember_user_token"] end @@ -84,7 +84,7 @@ def cookie_expires(key) end test 'remember the user before sign up and redirect him to his home' do - user = create_user_and_remember + create_user_and_remember get new_user_registration_path assert warden.authenticated?(:user) assert_redirected_to root_path @@ -92,7 +92,7 @@ def cookie_expires(key) test 'cookies are destroyed on unverified requests' do swap ApplicationController, :allow_forgery_protection => true do - user = create_user_and_remember + create_user_and_remember get users_path assert warden.authenticated?(:user) post root_path, :authenticity_token => 'INVALID' @@ -117,7 +117,7 @@ def cookie_expires(key) end test 'do not remember other scopes' do - user = create_user_and_remember + create_user_and_remember get root_path assert_response :success assert warden.authenticated?(:user) @@ -125,14 +125,14 @@ def cookie_expires(key) end test 'do not remember with invalid token' do - user = create_user_and_remember('add') + create_user_and_remember('add') get users_path assert_not warden.authenticated?(:user) assert_redirected_to new_user_session_path end test 'do not remember with expired token' do - user = create_user_and_remember + create_user_and_remember swap Devise, :remember_for => 0 do get users_path assert_not warden.authenticated?(:user) @@ -141,7 +141,7 @@ def cookie_expires(key) end test 'do not remember the user anymore after forget' do - user = create_user_and_remember + create_user_and_remember get users_path assert warden.authenticated?(:user) diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 9bc5a43c67..b0642a1f71 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -59,7 +59,7 @@ def setup assert_not user.active_for_authentication? end - test "should unlock a user by cleaning locked_at, falied_attempts and unlock_token" do + test "should unlock a user by cleaning locked_at, failed_attempts and unlock_token" do user = create_user user.lock_access! assert_not_nil user.reload.locked_at diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 645f503e91..ab776ffb01 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -115,7 +115,7 @@ def create_resource end end - test 'remember should not be expired if it was created whitin the limit time' do + test 'remember should not be expired if it was created within the limit time' do swap Devise, :remember_for => 30.days do resource = create_resource resource.remember_me! @@ -167,7 +167,7 @@ def create_resource end end - test 'should have the required_fiels array' do + test 'should have the required_fields array' do assert_same_content Devise::Models::Rememberable.required_fields(User), [ :remember_created_at ] diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 10be9092c8..8e48a153fa 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -59,7 +59,7 @@ class ValidatableTest < ActiveSupport::TestCase assert_equal 'doesn\'t match confirmation', user.errors[:password].join end - test 'should require password when updating/reseting password' do + test 'should require password when updating/resetting password' do user = create_user user.password = '' @@ -69,7 +69,7 @@ class ValidatableTest < ActiveSupport::TestCase assert_equal 'can\'t be blank', user.errors[:password].join end - test 'should require confirmation when updating/reseting password' do + test 'should require confirmation when updating/resetting password' do user = create_user user.password_confirmation = 'another_password' assert user.invalid? @@ -98,7 +98,7 @@ class ValidatableTest < ActiveSupport::TestCase assert_not (user.errors[:password].join =~ /is too long/) end - test 'should complain about length even if possword is not required' do + test 'should complain about length even if password is not required' do user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129) user.stubs(:password_required?).returns(false) assert user.invalid? From da70348662ac2afeb9e5b9634294fe93a5e3c5c4 Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Thu, 18 Apr 2013 11:07:36 +0530 Subject: [PATCH 0171/1473] enable warnings by default --- Rakefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Rakefile b/Rakefile index 8a0ac62459..a8d3353c49 100644 --- a/Rakefile +++ b/Rakefile @@ -22,6 +22,7 @@ Rake::TestTask.new(:test) do |t| t.libs << 'test' t.pattern = 'test/**/*_test.rb' t.verbose = true + t.warning = true end desc 'Generate documentation for Devise.' From b871bd503631914a01b357ec9e93e4e189489270 Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Thu, 18 Apr 2013 11:03:54 +0530 Subject: [PATCH 0172/1473] fix some warning --- lib/devise/models/confirmable.rb | 7 +++++++ test/failure_app_test.rb | 6 +++--- test/integration/confirmable_test.rb | 4 ++-- test/models/serializable_test.rb | 12 ++++++------ 4 files changed, 18 insertions(+), 11 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 51ca45d4f1..ba7d71f8c4 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -39,6 +39,13 @@ module Confirmable after_update :send_confirmation_instructions, :if => :reconfirmation_required? end + def initialize(*args, &block) + @bypass_postpone = false + @reconfirmation_required = false + @skip_confirmation_notification = false + super + end + def self.required_fields(klass) required_methods = [:confirmation_token, :confirmed_at, :confirmation_sent_at] required_methods << :unconfirmed_email if klass.reconfirmable diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 39b0e871de..f543dfb19b 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -80,9 +80,9 @@ def call_failure(env_params={}) test 'setup a default message' do call_failure - assert_match /You are being/, @response.last.body - assert_match /redirected/, @response.last.body - assert_match /users\/sign_in/, @response.last.body + assert_match(/You are being/, @response.last.body) + assert_match(/redirected/, @response.last.body) + assert_match(/users\/sign_in/, @response.last.body) end test 'works for any navigational format' do diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 1e20ec0d21..627dbd74b8 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -275,7 +275,7 @@ def visit_admin_confirmation_with_token(confirmation_token) visit_admin_confirmation_with_token(confirmation_token) assert_have_selector '#error_explanation' - assert_contain /Confirmation token(.*)invalid/ + assert_contain(/Confirmation token(.*)invalid/) visit_admin_confirmation_with_token(admin.confirmation_token) assert_contain 'Your account was successfully confirmed.' @@ -293,7 +293,7 @@ def visit_admin_confirmation_with_token(confirmation_token) visit_admin_confirmation_with_token(admin.confirmation_token) assert_have_selector '#error_explanation' - assert_contain /Email.*already.*taken/ + assert_contain(/Email.*already.*taken/) assert admin.reload.pending_reconfirmation? end end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 946b304d33..565b71fe3c 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -6,18 +6,18 @@ class SerializableTest < ActiveSupport::TestCase end test 'should not include unsafe keys on XML' do - assert_match /email/, @user.to_xml - assert_no_match /confirmation-token/, @user.to_xml + assert_match(/email/, @user.to_xml) + assert_no_match(/confirmation-token/, @user.to_xml) end test 'should not include unsafe keys on XML even if a new except is provided' do - assert_no_match /email/, @user.to_xml(:except => :email) - assert_no_match /confirmation-token/, @user.to_xml(:except => :email) + assert_no_match(/email/, @user.to_xml(:except => :email)) + assert_no_match(/confirmation-token/, @user.to_xml(:except => :email)) end test 'should include unsafe keys on XML if a force_except is provided' do - assert_no_match / :email) - assert_match /confirmation-token/, @user.to_xml(:force_except => :email) + assert_no_match(/ :email)) + assert_match(/confirmation-token/, @user.to_xml(:force_except => :email)) end test 'should not include unsafe keys on JSON' do From df4b282566c7642fb2b4ec8b9abbb9ec4722a97f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 19 Apr 2013 19:59:08 -0300 Subject: [PATCH 0173/1473] Set variable to false instead of nil --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index ba7d71f8c4..2c10ab08e2 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -228,7 +228,7 @@ def postpone_email_change_until_confirmation def postpone_email_change? postpone = self.class.reconfirmable && email_changed? && !@bypass_postpone - @bypass_postpone = nil + @bypass_postpone = false postpone end From c8aa5f3e62cc616e6bcac7c9ffdc2fcda6d72026 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 19 Apr 2013 20:38:39 -0300 Subject: [PATCH 0174/1473] Bump webrat to 0.7.3 --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 90fb228f42..38cf80a15e 100644 --- a/Gemfile +++ b/Gemfile @@ -10,7 +10,7 @@ gem "rdoc" group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.2", :require => false + gem "webrat", "0.7.3", :require => false gem "mocha", "~> 0.13.1", :require => false end diff --git a/Gemfile.lock b/Gemfile.lock index 245f190a80..39bedd7787 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -131,7 +131,7 @@ GEM tzinfo (0.3.37) warden (1.2.1) rack (>= 1.0) - webrat (0.7.2) + webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) @@ -153,4 +153,4 @@ DEPENDENCIES rails (~> 3.2.6) rdoc sqlite3 - webrat (= 0.7.2) + webrat (= 0.7.3) From 9d5a9c8a615c7c85acd83786e9db9f0118cd4492 Mon Sep 17 00:00:00 2001 From: Tan Jun Rong Date: Mon, 22 Apr 2013 20:22:53 +0800 Subject: [PATCH 0175/1473] Add ability to override the redirect path after user has reset their password --- .../devise/passwords_controller.rb | 5 +++- test/controllers/passwords_controller_test.rb | 29 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 test/controllers/passwords_controller_test.rb diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index a568d87f4b..cdde4d067e 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -34,13 +34,16 @@ def update flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message(:notice, flash_message) if is_navigational_format? sign_in(resource_name, resource) - respond_with resource, :location => after_sign_in_path_for(resource) + respond_with resource, :location => after_reseting_password_path_for(resource) else respond_with resource end end protected + def after_reseting_password_path_for(resource_name) + after_sign_in_path_for(resource) + end # The path used after sending reset password instructions def after_sending_reset_password_instructions_path_for(resource_name) diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb new file mode 100644 index 0000000000..a24c3c13ef --- /dev/null +++ b/test/controllers/passwords_controller_test.rb @@ -0,0 +1,29 @@ +require 'test_helper' + +class PasswordsControllerTest < ActionController::TestCase + tests Devise::PasswordsController + include Devise::TestHelpers + + def setup + request.env["devise.mapping"] = Devise.mappings[:user] + @user = create_user + @user.send_reset_password_instructions + end + + def put_update_with_params + put :update, "user"=>{"reset_password_token"=>@user.reset_password_token, "password"=>"123456", "password_confirmation"=>"123456"} + end + + test 'redirect to after_sign_in_path_for if after_reseting_password_path_for is not overridden' do + put_update_with_params + assert_redirected_to "http://test.host/" + end + + test 'redirect accordingly if after_reseting_password_path_for is overridden' do + custom_path = "http://custom.path/" + # Overwrite after_reseting_password_path_for with custom_path + Devise::PasswordsController.any_instance.stubs(:after_reseting_password_path_for).with(@user).returns(custom_path) + put_update_with_params + assert_redirected_to custom_path + end +end From e4987e8bb7194f29971b88faa494f317a8c7b4b6 Mon Sep 17 00:00:00 2001 From: Tan Jun Rong Date: Mon, 22 Apr 2013 21:40:52 +0800 Subject: [PATCH 0176/1473] Fix resource_name to resource --- app/controllers/devise/passwords_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index cdde4d067e..9788c4f26e 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -41,7 +41,7 @@ def update end protected - def after_reseting_password_path_for(resource_name) + def after_reseting_password_path_for(resource) after_sign_in_path_for(resource) end From 804fbdf6d5b5d1db8d6ef6f7bea27bed98e450af Mon Sep 17 00:00:00 2001 From: Tan Jun Rong Date: Mon, 22 Apr 2013 22:25:40 +0800 Subject: [PATCH 0177/1473] Fix spelling error, 'reseting' to 'resetting' --- app/controllers/devise/passwords_controller.rb | 4 ++-- test/controllers/passwords_controller_test.rb | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 9788c4f26e..dbc39f48d0 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -34,14 +34,14 @@ def update flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message(:notice, flash_message) if is_navigational_format? sign_in(resource_name, resource) - respond_with resource, :location => after_reseting_password_path_for(resource) + respond_with resource, :location => after_resetting_password_path_for(resource) else respond_with resource end end protected - def after_reseting_password_path_for(resource) + def after_resetting_password_path_for(resource) after_sign_in_path_for(resource) end diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index a24c3c13ef..a75ee1b57a 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -14,15 +14,15 @@ def put_update_with_params put :update, "user"=>{"reset_password_token"=>@user.reset_password_token, "password"=>"123456", "password_confirmation"=>"123456"} end - test 'redirect to after_sign_in_path_for if after_reseting_password_path_for is not overridden' do + test 'redirect to after_sign_in_path_for if after_resetting_password_path_for is not overridden' do put_update_with_params assert_redirected_to "http://test.host/" end - test 'redirect accordingly if after_reseting_password_path_for is overridden' do + test 'redirect accordingly if after_resetting_password_path_for is overridden' do custom_path = "http://custom.path/" - # Overwrite after_reseting_password_path_for with custom_path - Devise::PasswordsController.any_instance.stubs(:after_reseting_password_path_for).with(@user).returns(custom_path) + # Overwrite after_resetting_password_path_for with custom_path + Devise::PasswordsController.any_instance.stubs(:after_resetting_password_path_for).with(@user).returns(custom_path) put_update_with_params assert_redirected_to custom_path end From 0a588fab3a1a5c7213824efc6b01fc639902ca03 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Mon, 22 Apr 2013 17:51:54 +0300 Subject: [PATCH 0178/1473] update CHANGELOG [ci skip] --- CHANGELOG.rdoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index cda2ef9ef1..c53474e263 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,6 +1,7 @@ == master * enhancements + * Allow to override path after password resetting (by @worker8) * Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by @gregates) * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby) * Support Rails' token strategy on authentication (by @robhurring) From fae8e977e84202872108d6d37cfbfa2020f54387 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Mon, 22 Apr 2013 22:42:49 +0300 Subject: [PATCH 0179/1473] use ordered hash to fix tests on ruby 1.8 --- test/integration/http_authenticatable_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index f7f77f677c..d5a21bcc1c 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -63,7 +63,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses appropriate authentication_keys when configured with hash' do - swap Devise, :authentication_keys => { :username => false, :email => false } do + swap Devise, :authentication_keys => ActiveSupport::OrderedHash.new({ :username => false, :email => false }) do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body @@ -72,7 +72,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses the appropriate key when configured explicitly' do - swap Devise, :authentication_keys => { :email => false, :username => false }, :http_authentication_key => :username do + swap Devise, :authentication_keys => ActiveSupport::OrderedHash.new({ :email => false, :username => false }), :http_authentication_key => :username do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body From dceb788c6b537e2630b879960e0a323e732f973d Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Tue, 23 Apr 2013 10:37:10 +0300 Subject: [PATCH 0180/1473] fix OrderedHash initialization --- test/integration/http_authenticatable_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index d5a21bcc1c..b50a9a06c1 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -63,7 +63,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses appropriate authentication_keys when configured with hash' do - swap Devise, :authentication_keys => ActiveSupport::OrderedHash.new({ :username => false, :email => false }) do + swap Devise, :authentication_keys => ActiveSupport::OrderedHash.new.merge(:username => false, :email => false) do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body @@ -72,7 +72,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses the appropriate key when configured explicitly' do - swap Devise, :authentication_keys => ActiveSupport::OrderedHash.new({ :email => false, :username => false }), :http_authentication_key => :username do + swap Devise, :authentication_keys => ActiveSupport::OrderedHash.new.merge(:email => false, :username => false), :http_authentication_key => :username do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body From 76e4967ca1a0d48ed8fe8d17599ed548012e911e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 28 Apr 2013 13:06:08 -0300 Subject: [PATCH 0181/1473] Update travis-ci link in README [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 53e233155e..eccb3a9acc 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ By [Plataformatec](http://plataformatec.com.br/). [![Gem Version](https://fury-badge.herokuapp.com/rb/devise.png)](http://badge.fury.io/rb/devise) -[![Build Status](https://secure.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) +[![Build Status](https://api.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise) This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). From 2f28e48f540aeb3aa0c1a302194cc36975a93513 Mon Sep 17 00:00:00 2001 From: Scott M Date: Mon, 29 Apr 2013 01:52:37 -0300 Subject: [PATCH 0182/1473] Fix spelling error in doc block --- lib/devise/models/omniauthable.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/omniauthable.rb b/lib/devise/models/omniauthable.rb index d1a2d4ae90..92d10d311b 100644 --- a/lib/devise/models/omniauthable.rb +++ b/lib/devise/models/omniauthable.rb @@ -8,7 +8,7 @@ module Models # # Oauthable adds the following options to devise_for: # - # * +omniauth_providers+: Which providers are avaialble to this model. It expects an array: + # * +omniauth_providers+: Which providers are available to this model. It expects an array: # # devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter] # @@ -24,4 +24,4 @@ module ClassMethods end end end -end \ No newline at end of file +end From 60e933df73ad8cebf7cc8a3010accff5efded472 Mon Sep 17 00:00:00 2001 From: Michiel Prins Date: Mon, 29 Apr 2013 15:06:13 +0200 Subject: [PATCH 0183/1473] Add destroy_with_password method --- lib/devise/models/database_authenticatable.rb | 16 ++++++++++++ test/models/database_authenticatable_test.rb | 26 +++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 36e1bacc4d..6b05a8cf8e 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -95,6 +95,22 @@ def update_without_password(params, *options) result end + # Destroy record when :current_password matches, otherwise returns + # error on :current_password. It also automatically rejects + # :current_password if it is blank. + def destroy_with_password(current_password) + result = if valid_password?(current_password) + destroy + else + self.valid? + self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) + false + end + + self.current_password = nil + result + end + def after_database_authentication end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 1439a51f9c..2ed3f4df99 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -183,6 +183,32 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert user.valid_password?('12345678') end + test 'should destroy user if current password is valid' do + user = create_user + assert user.destroy_with_password('12345678') + assert_raise ActiveRecord::RecordNotFound do + user.reload + end + end + + test 'should not destroy user with invalid password' do + user = create_user + assert_not user.destroy_with_password('other') + assert_nothing_raised ActiveRecord::RecordNotFound do + user.reload + end + assert_match "is invalid", user.errors[:current_password].join + end + + test 'should not destroy user with blank password' do + user = create_user + assert_not user.destroy_with_password(nil) + assert_nothing_raised ActiveRecord::RecordNotFound do + user.reload + end + assert_match "can't be blank", user.errors[:current_password].join + end + test 'downcase_keys with validation' do user = User.create(:email => "HEllO@example.com", :password => "123456") user = User.create(:email => "HEllO@example.com", :password => "123456") From 92218e9ecc6920c9b8db8a10b2c05a62e0cc02b7 Mon Sep 17 00:00:00 2001 From: Michiel Prins Date: Mon, 29 Apr 2013 15:21:31 +0200 Subject: [PATCH 0184/1473] Remove unnecessary code --- lib/devise/models/database_authenticatable.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 6b05a8cf8e..916c33efb5 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -107,7 +107,6 @@ def destroy_with_password(current_password) false end - self.current_password = nil result end From a6b754b697c61eef2078cec1726900ee10430c1a Mon Sep 17 00:00:00 2001 From: Nick Borromeo Date: Tue, 30 Apr 2013 10:23:50 -0700 Subject: [PATCH 0185/1473] Fix gemspec so that MIT license will be visible when running the -d flag --- devise.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise.gemspec b/devise.gemspec index 5ac2862d99..30f0bb18a7 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -6,7 +6,7 @@ Gem::Specification.new do |s| s.name = "devise" s.version = Devise::VERSION.dup s.platform = Gem::Platform::RUBY - s.license = "MIT" + s.licenses = ["MIT"] s.summary = "Flexible authentication solution for Rails with Warden" s.email = "contact@plataformatec.com.br" s.homepage = "http://github.com/plataformatec/devise" From d9d5ae3d58d4a9fad94107fa29e30af96ec9891b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 May 2013 21:35:03 -0300 Subject: [PATCH 0186/1473] Correct OrderedHash initialization to ensure keys order in 1.8.7 This should hopefully fix the build with 1.8.7 :pray: --- test/integration/http_authenticatable_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index b50a9a06c1..8f9a32b81e 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -63,7 +63,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses appropriate authentication_keys when configured with hash' do - swap Devise, :authentication_keys => ActiveSupport::OrderedHash.new.merge(:username => false, :email => false) do + swap Devise, :authentication_keys => ActiveSupport::OrderedHash[:username, false, :email, false] do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body @@ -72,7 +72,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses the appropriate key when configured explicitly' do - swap Devise, :authentication_keys => ActiveSupport::OrderedHash.new.merge(:email => false, :username => false), :http_authentication_key => :username do + swap Devise, :authentication_keys => ActiveSupport::OrderedHash[:email, false, :username, false], :http_authentication_key => :username do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body From e8d1c9ca235f5593c66a01d6e55b65ecc1fcaa25 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 10:00:39 -0300 Subject: [PATCH 0187/1473] Bump rails version to 4.0.0.rc1, closes #2399 --- Gemfile | 2 +- Gemfile.lock | 102 ++++++++++++++++++++++++--------------------------- 2 files changed, 49 insertions(+), 55 deletions(-) diff --git a/Gemfile b/Gemfile index b0889bc466..3df2934fba 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master" +gem "rails", "~> 4.0.0.rc1" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 80b5b3d242..1ef1361c90 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,56 +1,14 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 4a931ca105fddf59cc2f8619e973233376cf4b67 + revision: f703270f44021fb9e7411d8ed113159282e726c6 branch: master specs: mongoid (4.0.0) - activemodel (~> 4.0.0.beta) + activemodel (~> 4.0.0.rc1) moped (~> 1.4.2) origin (~> 1.0) tzinfo (~> 0.3.22) -GIT - remote: git://github.com/rails/rails.git - revision: 67bb49b69e1f10c2b35a53a645ed98a028375f1d - branch: master - specs: - actionmailer (4.0.0.beta1) - actionpack (= 4.0.0.beta1) - mail (~> 2.5.3) - actionpack (4.0.0.beta1) - activesupport (= 4.0.0.beta1) - builder (~> 3.1.0) - erubis (~> 2.7.0) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - activemodel (4.0.0.beta1) - activesupport (= 4.0.0.beta1) - builder (~> 3.1.0) - activerecord (4.0.0.beta1) - activemodel (= 4.0.0.beta1) - activerecord-deprecated_finders (~> 0.0.3) - activesupport (= 4.0.0.beta1) - arel (~> 4.0.0.beta2) - activesupport (4.0.0.beta1) - i18n (~> 0.6, >= 0.6.4) - minitest (~> 4.2) - multi_json (~> 1.3) - thread_safe (~> 0.1) - tzinfo (~> 0.3.37) - rails (4.0.0.beta1) - actionmailer (= 4.0.0.beta1) - actionpack (= 4.0.0.beta1) - activerecord (= 4.0.0.beta1) - activesupport (= 4.0.0.beta1) - bundler (>= 1.3.0, < 2.0) - railties (= 4.0.0.beta1) - sprockets-rails (~> 2.0.0.rc3) - railties (4.0.0.beta1) - actionpack (= 4.0.0.beta1) - activesupport (= 4.0.0.beta1) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - PATH remote: . specs: @@ -63,9 +21,32 @@ PATH GEM remote: https://rubygems.org/ specs: - activerecord-deprecated_finders (0.0.3) - arel (4.0.0.beta2) - atomic (1.1.7) + actionmailer (4.0.0.rc1) + actionpack (= 4.0.0.rc1) + mail (~> 2.5.3) + actionpack (4.0.0.rc1) + activesupport (= 4.0.0.rc1) + builder (~> 3.1.0) + erubis (~> 2.7.0) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.0.rc1) + activesupport (= 4.0.0.rc1) + builder (~> 3.1.0) + activerecord (4.0.0.rc1) + activemodel (= 4.0.0.rc1) + activerecord-deprecated_finders (~> 1.0.2) + activesupport (= 4.0.0.rc1) + arel (~> 4.0.0) + activerecord-deprecated_finders (1.0.2) + activesupport (4.0.0.rc1) + i18n (~> 0.6, >= 0.6.4) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + arel (4.0.0) + atomic (1.1.8) bcrypt-ruby (3.0.1) builder (3.1.4) erubis (2.7.0) @@ -83,8 +64,8 @@ GEM mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.22) - minitest (4.7.1) + mime-types (1.23) + minitest (4.7.4) mocha (0.13.3) metaclass (~> 0.0.1) moped (1.4.5) @@ -108,7 +89,7 @@ GEM omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - origin (1.0.11) + origin (1.1.0) orm_adapter (0.4.0) polyglot (0.3.3) rack (1.5.2) @@ -117,16 +98,29 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) + rails (4.0.0.rc1) + actionmailer (= 4.0.0.rc1) + actionpack (= 4.0.0.rc1) + activerecord (= 4.0.0.rc1) + activesupport (= 4.0.0.rc1) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.0.rc1) + sprockets-rails (~> 2.0.0.rc4) + railties (4.0.0.rc1) + actionpack (= 4.0.0.rc1) + activesupport (= 4.0.0.rc1) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) rake (10.0.4) rdoc (4.0.1) json (~> 1.4) ruby-openid (2.2.3) - sprockets (2.9.2) + sprockets (2.9.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.0.0.rc3) + sprockets-rails (2.0.0.rc4) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (~> 2.8) @@ -134,7 +128,7 @@ GEM thor (0.18.1) thread_safe (0.1.0) atomic - tilt (1.3.7) + tilt (1.4.0) treetop (1.4.12) polyglot polyglot (>= 0.3.1) @@ -160,7 +154,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - rails (~> 4.0.0.beta)! + rails (~> 4.0.0.rc1) rdoc sqlite3 webrat (= 0.7.2) From a0058d5fbff8192e31ac7e1cc41ac4f07e452f9d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 21:52:00 -0300 Subject: [PATCH 0188/1473] Add some spaces, remove comment --- test/controllers/passwords_controller_test.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index a75ee1b57a..4d3dfc0ba5 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -6,12 +6,15 @@ class PasswordsControllerTest < ActionController::TestCase def setup request.env["devise.mapping"] = Devise.mappings[:user] + @user = create_user @user.send_reset_password_instructions end def put_update_with_params - put :update, "user"=>{"reset_password_token"=>@user.reset_password_token, "password"=>"123456", "password_confirmation"=>"123456"} + put :update, "user" => { + "reset_password_token" => @user.reset_password_token, "password" => "123456", "password_confirmation" => "123456" + } end test 'redirect to after_sign_in_path_for if after_resetting_password_path_for is not overridden' do @@ -21,8 +24,8 @@ def put_update_with_params test 'redirect accordingly if after_resetting_password_path_for is overridden' do custom_path = "http://custom.path/" - # Overwrite after_resetting_password_path_for with custom_path Devise::PasswordsController.any_instance.stubs(:after_resetting_password_path_for).with(@user).returns(custom_path) + put_update_with_params assert_redirected_to custom_path end From 1f9ebbd9f402deb3b548a07b4b737883a4ff1472 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 22:04:27 -0300 Subject: [PATCH 0189/1473] Update gemspec dependency to Rails 4 rc1 as well --- Gemfile.lock | 2 +- devise.gemspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1ef1361c90..b2305a8f0a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -15,7 +15,7 @@ PATH devise (2.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) - railties (~> 4.0.0.beta) + railties (~> 4.0.0.rc1) warden (~> 1.2.1) GEM diff --git a/devise.gemspec b/devise.gemspec index 930762a4fc..082f55977a 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -22,5 +22,5 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.1") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") - s.add_dependency("railties", "~> 4.0.0.beta") + s.add_dependency("railties", "~> 4.0.0.rc1") end From 0fe03731447a091a2fe51d9364b25b65b4640bac Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 22:52:26 -0300 Subject: [PATCH 0190/1473] Fix location of parameter sanitizer in docs [ci skip] --- lib/devise/controllers/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 991f7ab53c..4fa64241f0 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -81,7 +81,7 @@ def devise_controller? end # Setup a param sanitizer to filter parameters using strong_parameters. See - # lib/devise/controllers/parameter_sanitizer.rb for more info. Override this + # lib/devise/parameter_sanitizer.rb for more info. Override this # method in your application controller to use your own parameter sanitizer. def devise_parameter_sanitizer @devise_parameter_sanitizer ||= if defined?(ActionController::StrongParameters) From eadce2fef601368539b4d5e73e73b8ab08fda329 Mon Sep 17 00:00:00 2001 From: DI2uNk Date: Sat, 4 May 2013 11:56:56 +0200 Subject: [PATCH 0191/1473] Refactored rails/routes.rb to avoid repeated code --- lib/devise/rails/routes.rb | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 605e2718d6..a7b66c22c6 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -237,6 +237,16 @@ def devise_for(*resources) end end + def get_constraints_given_method(scope=nil, block=nil, method_to_apply='authenticate!') + constraint = lambda do |request| + request.env['warden'].send(method_to_apply, {:scope => scope}) && (block.nil? || block.call(request.env["warden"].user(scope))) + end + + constraints(constraint) do + yield + end + end + # Allow you to add authentication request from the router. # Takes an optional scope and block to provide constraints # on the model instance itself. @@ -254,11 +264,7 @@ def devise_for(*resources) # end # def authenticate(scope=nil, block=nil) - constraint = lambda do |request| - request.env["warden"].authenticate!(:scope => scope) && (block.nil? || block.call(request.env["warden"].user(scope))) - end - - constraints(constraint) do + get_constraints_given_method(scope, block, 'authenticate!') do yield end end @@ -282,11 +288,7 @@ def authenticate(scope=nil, block=nil) # root :to => 'landing#show' # def authenticated(scope=nil, block=nil) - constraint = lambda do |request| - request.env["warden"].authenticate?(:scope => scope) && (block.nil? || block.call(request.env["warden"].user(scope))) - end - - constraints(constraint) do + get_constraints_given_method(scope, block, 'authenticate?') do yield end end From 63627d1439c2ed21e086e3eb1de6146f60c073ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Sat, 4 May 2013 14:31:24 -0300 Subject: [PATCH 0192/1473] Refactoring the code a little bit * Rename #get_constraints_given_method to #constraints_for to make the method clear. * The method name now is required. * Use symbols instead of strings. * Make #constraints_for a protected method. --- lib/devise/rails/routes.rb | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index a7b66c22c6..9c03789261 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -237,16 +237,6 @@ def devise_for(*resources) end end - def get_constraints_given_method(scope=nil, block=nil, method_to_apply='authenticate!') - constraint = lambda do |request| - request.env['warden'].send(method_to_apply, {:scope => scope}) && (block.nil? || block.call(request.env["warden"].user(scope))) - end - - constraints(constraint) do - yield - end - end - # Allow you to add authentication request from the router. # Takes an optional scope and block to provide constraints # on the model instance itself. @@ -264,7 +254,7 @@ def get_constraints_given_method(scope=nil, block=nil, method_to_apply='authenti # end # def authenticate(scope=nil, block=nil) - get_constraints_given_method(scope, block, 'authenticate!') do + constraints_for(:authenticate!, scope, block) do yield end end @@ -288,7 +278,7 @@ def authenticate(scope=nil, block=nil) # root :to => 'landing#show' # def authenticated(scope=nil, block=nil) - get_constraints_given_method(scope, block, 'authenticate?') do + constraints_for(:authenticate?, scope, block) do yield end end @@ -430,6 +420,17 @@ def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: @scope.merge!(old) end + def constraints_for(method_to_apply, scope=nil, block=nil) + constraint = lambda do |request| + request.env['warden'].send(method_to_apply, :scope => scope) && + (block.nil? || block.call(request.env["warden"].user(scope))) + end + + constraints(constraint) do + yield + end + end + def set_omniauth_path_prefix!(path_prefix) #:nodoc: if ::OmniAuth.config.path_prefix && ::OmniAuth.config.path_prefix != path_prefix raise "Wrong OmniAuth configuration. If you are getting this exception, it means that either:\n\n" \ From d6d61fc5be9183a30d517350f6a8b0f4eb3e003c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Victor=20Cruz=20Due=C3=B1as?= Date: Sun, 5 May 2013 01:02:48 +0200 Subject: [PATCH 0193/1473] Adding tests for case_insensitive_keys and strip_whitespace_keys to param filter --- test/models/database_authenticatable_test.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 1439a51f9c..01fded858a 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -52,6 +52,18 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions) end + test 'param filter should filter case_insensitive_keys as insensitive' do + conditions = {'insensitive' => 'insensitive_VAL', 'sensitive' => 'sensitive_VAL'} + conditions = Devise::ParamFilter.new(['insensitive'], []).filter(conditions) + assert_equal( {'insensitive' => 'insensitive_val', 'sensitive' => 'sensitive_VAL'}, conditions ) + end + + test 'param filter should filter strip_whitespace_keys stripping whitespaces' do + conditions = {'strip_whitespace' => ' strip_whitespace_val ', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '} + conditions = Devise::ParamFilter.new([], ['strip_whitespace']).filter(conditions) + assert_equal( {'strip_whitespace' => 'strip_whitespace_val', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}, conditions ) + end + test 'should respond to password and password confirmation' do user = new_user assert user.respond_to?(:password) From ae48fc8419e81fc6fdb65e45520137670e03d8e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Victor=20Cruz=20Due=C3=B1as?= Date: Sun, 5 May 2013 01:19:37 +0200 Subject: [PATCH 0194/1473] Refactor to avoid duplication on param filter --- lib/devise/param_filter.rb | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/lib/devise/param_filter.rb b/lib/devise/param_filter.rb index 759518fab9..29d083dc49 100644 --- a/lib/devise/param_filter.rb +++ b/lib/devise/param_filter.rb @@ -8,19 +8,17 @@ def initialize(case_insensitive_keys, strip_whitespace_keys) def filter(conditions) conditions = stringify_params(conditions.dup) - @case_insensitive_keys.each do |k| - value = conditions[k] - next unless value.respond_to?(:downcase) - conditions[k] = value.downcase - end + apply_filter_method_to_condition_keys(conditions, :downcase, @case_insensitive_keys) + apply_filter_method_to_condition_keys(conditions, :strip, @strip_whitespace_keys) - @strip_whitespace_keys.each do |k| + conditions + end + + def apply_filter_method_to_condition_keys(conditions, method, condition_keys) + condition_keys.each do |k| value = conditions[k] - next unless value.respond_to?(:strip) - conditions[k] = value.strip + conditions[k] = value.send(method) if value.respond_to?(method) end - - conditions end # Force keys to be string to avoid injection on mongoid related database. From 75fdd2944d886bb8b4aa24173279d55d46a5f5be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Victor=20Cruz=20Due=C3=B1as?= Date: Sun, 5 May 2013 10:12:57 +0200 Subject: [PATCH 0195/1473] Avoid hash mutation --- lib/devise/param_filter.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/devise/param_filter.rb b/lib/devise/param_filter.rb index 29d083dc49..46b9ddd6e5 100644 --- a/lib/devise/param_filter.rb +++ b/lib/devise/param_filter.rb @@ -8,17 +8,19 @@ def initialize(case_insensitive_keys, strip_whitespace_keys) def filter(conditions) conditions = stringify_params(conditions.dup) - apply_filter_method_to_condition_keys(conditions, :downcase, @case_insensitive_keys) - apply_filter_method_to_condition_keys(conditions, :strip, @strip_whitespace_keys) + conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :downcase, @case_insensitive_keys)) + conditions.merge!(filtered_hash_by_method_for_given_keys(conditions.dup, :strip, @strip_whitespace_keys)) conditions end - def apply_filter_method_to_condition_keys(conditions, method, condition_keys) + def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys) condition_keys.each do |k| value = conditions[k] conditions[k] = value.send(method) if value.respond_to?(method) end + + conditions end # Force keys to be string to avoid injection on mongoid related database. From 69f79ad446101b45bf7ec29d290dc2be96142686 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 22:56:46 -0300 Subject: [PATCH 0196/1473] Let Devise play with both Rails 3.2 and Rails 4 for now --- .travis.yml | 3 + Gemfile.lock | 2 +- devise.gemspec | 2 +- gemfiles/Gemfile.rails-3.2.x | 31 ++++ gemfiles/Gemfile.rails-3.2.x.lock | 156 ++++++++++++++++++ test/controllers/internal_helpers_test.rb | 15 +- test/integration/recoverable_test.rb | 3 +- test/integration/registerable_test.rb | 6 +- test/models/validatable_test.rb | 14 +- test/omniauth/url_helpers_test.rb | 5 +- .../config/initializers/secret_token.rb | 9 +- test/routes_test.rb | 28 ++-- test/test_helper.rb | 7 + 13 files changed, 255 insertions(+), 26 deletions(-) create mode 100644 gemfiles/Gemfile.rails-3.2.x create mode 100644 gemfiles/Gemfile.rails-3.2.x.lock diff --git a/.travis.yml b/.travis.yml index fed6a2bae2..399c8cbc83 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,9 @@ rvm: env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record +gemfile: + - gemfiles/Gemfile.rails-3.2.x + - Gemfile services: - mongodb notifications: diff --git a/Gemfile.lock b/Gemfile.lock index b2305a8f0a..5bc3914684 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -15,7 +15,7 @@ PATH devise (2.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) - railties (~> 4.0.0.rc1) + railties (>= 3.2.6, < 5) warden (~> 1.2.1) GEM diff --git a/devise.gemspec b/devise.gemspec index 082f55977a..a636d9add2 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -22,5 +22,5 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.1") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") - s.add_dependency("railties", "~> 4.0.0.rc1") + s.add_dependency("railties", ">= 3.2.6", "< 5") end diff --git a/gemfiles/Gemfile.rails-3.2.x b/gemfiles/Gemfile.rails-3.2.x new file mode 100644 index 0000000000..dfc936c59f --- /dev/null +++ b/gemfiles/Gemfile.rails-3.2.x @@ -0,0 +1,31 @@ +source "https://rubygems.org" + +gemspec :path => '..' + +gem "rails", "~> 3.2.6" +gem "omniauth", "~> 1.0.0" +gem "omniauth-oauth2", "~> 1.0.0" +gem "rdoc" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid", "~> 1.0.1" + gem "webrat", "0.7.3", :require => false + gem "mocha", "~> 0.13.1", :require => false +end + +platforms :jruby do + gem "activerecord-jdbc-adapter" + gem "activerecord-jdbcsqlite3-adapter" + gem "jruby-openssl" +end + +platforms :ruby do + gem "sqlite3" +end + +platforms :mri_19, :mri_20 do + group :mongoid do + gem "mongoid", "~> 3.0" + end +end diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock new file mode 100644 index 0000000000..9bac2910bf --- /dev/null +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -0,0 +1,156 @@ +PATH + remote: /Users/carlos/Projects/oss/devise + specs: + devise (2.2.3) + bcrypt-ruby (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + warden (~> 1.2.1) + +GEM + remote: https://rubygems.org/ + specs: + actionmailer (3.2.13) + actionpack (= 3.2.13) + mail (~> 2.5.3) + actionpack (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) + builder (~> 3.0.0) + erubis (~> 2.7.0) + journey (~> 1.0.4) + rack (~> 1.4.5) + rack-cache (~> 1.2) + rack-test (~> 0.6.1) + sprockets (~> 2.2.1) + activemodel (3.2.13) + activesupport (= 3.2.13) + builder (~> 3.0.0) + activerecord (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) + arel (~> 3.0.2) + tzinfo (~> 0.3.29) + activeresource (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) + activesupport (3.2.13) + i18n (= 0.6.1) + multi_json (~> 1.0) + arel (3.0.2) + bcrypt-ruby (3.0.1) + builder (3.0.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + hashie (1.2.0) + hike (1.2.2) + httpauth (0.2.0) + i18n (0.6.1) + journey (1.0.4) + json (1.7.7) + jwt (0.1.8) + multi_json (>= 1.5) + mail (2.5.3) + i18n (>= 0.4.0) + mime-types (~> 1.16) + treetop (~> 1.4.8) + metaclass (0.0.1) + mime-types (1.23) + mocha (0.13.3) + metaclass (~> 0.0.1) + mongoid (3.1.3) + activemodel (~> 3.2) + moped (~> 1.4.2) + origin (~> 1.0) + tzinfo (~> 0.3.22) + moped (1.4.5) + multi_json (1.7.2) + multipart-post (1.2.0) + nokogiri (1.5.9) + oauth2 (0.8.1) + faraday (~> 0.8) + httpauth (~> 0.1) + jwt (~> 0.1.4) + multi_json (~> 1.0) + rack (~> 1.2) + omniauth (1.0.3) + hashie (~> 1.2) + rack + omniauth-facebook (1.4.0) + omniauth-oauth2 (~> 1.0.2) + omniauth-oauth2 (1.0.3) + oauth2 (~> 0.8.0) + omniauth (~> 1.0) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + origin (1.1.0) + orm_adapter (0.4.0) + polyglot (0.3.3) + rack (1.4.5) + rack-cache (1.2) + rack (>= 0.4) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-ssl (1.3.3) + rack + rack-test (0.6.2) + rack (>= 1.0) + rails (3.2.13) + actionmailer (= 3.2.13) + actionpack (= 3.2.13) + activerecord (= 3.2.13) + activeresource (= 3.2.13) + activesupport (= 3.2.13) + bundler (~> 1.0) + railties (= 3.2.13) + railties (3.2.13) + actionpack (= 3.2.13) + activesupport (= 3.2.13) + rack-ssl (~> 1.3.2) + rake (>= 0.8.7) + rdoc (~> 3.4) + thor (>= 0.14.6, < 2.0) + rake (10.0.4) + rdoc (3.12.2) + json (~> 1.4) + ruby-openid (2.2.3) + sprockets (2.2.2) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sqlite3 (1.3.7) + thor (0.18.1) + tilt (1.4.0) + treetop (1.4.12) + polyglot + polyglot (>= 0.3.1) + tzinfo (0.3.37) + warden (1.2.1) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + +PLATFORMS + ruby + +DEPENDENCIES + activerecord-jdbc-adapter + activerecord-jdbcsqlite3-adapter + devise! + jruby-openssl + mocha (~> 0.13.1) + mongoid (~> 3.0) + omniauth (~> 1.0.0) + omniauth-facebook + omniauth-oauth2 (~> 1.0.0) + omniauth-openid (~> 1.0.1) + rails (~> 3.2.6) + rdoc + sqlite3 + webrat (= 0.7.3) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index daa338fe6a..cf38d1360d 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -35,10 +35,17 @@ def setup test 'get resource params from request params using resource name as key' do user_params = {'email' => 'shirley@templar.com'} - @controller.stubs(:params).returns(ActionController::Parameters.new({'user' => user_params})) - # Stub controller name so strong parameters can filter properly. - # DeviseController does not allow any parameters by default. - @controller.stubs(:controller_name).returns(:sessions_controller) + + params = if Devise.rails4? + # Stub controller name so strong parameters can filter properly. + # DeviseController does not allow any parameters by default. + @controller.stubs(:controller_name).returns(:sessions_controller) + + ActionController::Parameters.new({'user' => user_params}) + else + HashWithIndifferentAccess.new({'user' => user_params}) + end + @controller.stubs(:params).returns(params) assert_equal user_params, @controller.send(:resource_params) end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 98acd056f2..4fca003767 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -153,7 +153,8 @@ def reset_password(options={}, &block) assert_response :success assert_current_url '/users/password' assert_have_selector '#error_explanation' - assert_contain 'Password confirmation doesn\'t match Password' + assert_contain Devise.rails4? ? + "Password confirmation doesn't match Password" : "Password doesn't match confirmation" assert_not user.reload.valid_password?('987654321') end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 7923ba9ab0..0d2fb64fa1 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -100,7 +100,8 @@ def user_sign_up assert_template 'registrations/new' assert_have_selector '#error_explanation' assert_contain "Email is invalid" - assert_contain "Password confirmation doesn't match Password" + assert_contain Devise.rails4? ? + "Password confirmation doesn't match Password" : "Password doesn't match confirmation" assert_contain "2 errors prohibited" assert_nil User.first @@ -206,7 +207,8 @@ def user_sign_up fill_in 'current password', :with => '12345678' click_button 'Update' - assert_contain "Password confirmation doesn't match Password" + assert_contain Devise.rails4? ? + "Password confirmation doesn't match Password" : "Password doesn't match confirmation" assert_not User.first.valid_password?('pas123') end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 0008aed4ca..b291fedd71 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -56,7 +56,12 @@ class ValidatableTest < ActiveSupport::TestCase test 'should require confirmation to be set when creating a new record' do user = new_user(:password => 'new_password', :password_confirmation => 'blabla') assert user.invalid? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + + if Devise.rails4? + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + else + assert_equal 'doesn\'t match confirmation', user.errors[:password].join + end end test 'should require password when updating/reseting password' do @@ -73,7 +78,12 @@ class ValidatableTest < ActiveSupport::TestCase user = create_user user.password_confirmation = 'another_password' assert user.invalid? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + + if Devise.rails4? + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + else + assert_equal 'doesn\'t match confirmation', user.errors[:password].join + end end test 'should require a password with minimum of 6 characters' do diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 785ef25b85..9a8b465328 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -1,6 +1,9 @@ require 'test_helper' class OmniAuthRoutesTest < ActionController::TestCase + ExpectedUrlGeneratiorError = Devise.rails4? ? + ActionController::UrlGenerationError : ActionController::RoutingError + tests ApplicationController def assert_path(action, provider, with_param=true) @@ -30,7 +33,7 @@ def assert_path(action, provider, with_param=true) test 'should generate authorization path' do assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook) - assert_raise ActionController::UrlGenerationError do + assert_raise ExpectedUrlGeneratiorError do @controller.omniauth_authorize_path(:user, :github) end end diff --git a/test/rails_app/config/initializers/secret_token.rb b/test/rails_app/config/initializers/secret_token.rb index 4089a38cba..93864c62be 100644 --- a/test/rails_app/config/initializers/secret_token.rb +++ b/test/rails_app/config/initializers/secret_token.rb @@ -1 +1,8 @@ -RailsApp::Application.config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' +config = Rails.application.config + +if Devise.rails4? + config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' +else + config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571' + config.session_store :cookie_store, :key => "_my_app" +end diff --git a/test/routes_test.rb b/test/routes_test.rb index e80ccf6ef4..3abbfc0498 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -1,5 +1,7 @@ require 'test_helper' +ExpectedRoutingError = Devise.rails4? ? MiniTest::Assertion : ActionController::RoutingError + class DefaultRoutingTest < ActionController::TestCase test 'map new user session' do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => 'users/sign_in', :method => :get}) @@ -101,7 +103,7 @@ class DefaultRoutingTest < ActionController::TestCase assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'google'}, {:path => 'users/auth/google/callback', :method => :post}) assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'ysers/omniauth_callbacks', :action => 'twitter'}, {:path => 'users/auth/twitter/callback', :method => :get}) end end @@ -123,7 +125,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'does not map admin password' do - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'admin_area/password/new') end end @@ -133,7 +135,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'does only map reader password' do - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, 'reader/sessions/new') end assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'reader/password/new') @@ -161,14 +163,14 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map deletes with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :delete}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :get}) end end test 'map posts with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :post}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :get}) end end @@ -176,56 +178,56 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map delete_or_posts with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :post}) assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :delete}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :get}) end end test 'map with constraints defined in hash' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/headquarters/sign_up', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100/headquarters/sign_up', :method => :get}) end end test 'map with constraints defined in block' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/homebase/sign_up', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100//homebase/sign_up', :method => :get}) end end test 'map with format false for sessions' do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in.xml', :method => :get}) end end test 'map with format false for passwords' do assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password', :method => :post}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password.xml', :method => :post}) end end test 'map with format false for registrations' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up.xml', :method => :get}) end end test 'map with format false for confirmations' do assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation.xml', :method => :get}) end end test 'map with format false for unlocks' do assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock.xml', :method => :get}) end end diff --git a/test/test_helper.rb b/test/test_helper.rb index 6042044661..1548e93a2f 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -4,6 +4,13 @@ $:.unshift File.dirname(__FILE__) puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}" +module Devise + # Detection for minor differences between Rails 3.2 and 4 in tests. + def self.rails4? + Rails.version.start_with? '4' + end +end + require "rails_app/config/environment" require "rails/test_help" require "orm/#{DEVISE_ORM}" From bb5d65209ad96348adfc305a8950dfeb6e73c89b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 6 May 2013 23:04:47 -0300 Subject: [PATCH 0197/1473] Change rubygems source to use https [ci skip] --- gemfiles/Gemfile.rails-3.1.x | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x index c78e8970e1..cbf8916210 100644 --- a/gemfiles/Gemfile.rails-3.1.x +++ b/gemfiles/Gemfile.rails-3.1.x @@ -1,4 +1,4 @@ -source "http://rubygems.org" +source "https://rubygems.org" gem "devise", :path => ".." From 43f7cf0f1283fd2dc526ebbe7cf17528b42f3884 Mon Sep 17 00:00:00 2001 From: Sebastian Wramba Date: Tue, 7 May 2013 10:18:23 +0200 Subject: [PATCH 0198/1473] No redirect when Devise API is accessed via JSON --- app/controllers/devise/confirmations_controller.rb | 4 ++-- app/controllers/devise/passwords_controller.rb | 4 ++-- app/controllers/devise/registrations_controller.rb | 4 ++-- app/controllers/devise/unlocks_controller.rb | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 68014c92bd..04cc863e0c 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -32,12 +32,12 @@ def show # The path used after resending confirmation instructions. def after_resending_confirmation_instructions_path_for(resource_name) - new_session_path(resource_name) + new_session_path(resource_name) if is_navigational_format? end # The path used after confirmation. def after_confirmation_path_for(resource_name, resource) - after_sign_in_path_for(resource) + after_sign_in_path_for(resource) if is_navigational_format? end end diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index dbc39f48d0..04c5a329d7 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -42,12 +42,12 @@ def update protected def after_resetting_password_path_for(resource) - after_sign_in_path_for(resource) + after_sign_in_path_for(resource) if is_navigational_format? end # The path used after sending reset password instructions def after_sending_reset_password_instructions_path_for(resource_name) - new_session_path(resource_name) + new_session_path(resource_name) if is_navigational_format? end # Check if a reset_password_token is provided in the request diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 281979a7c9..8198d2b905 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -96,7 +96,7 @@ def sign_up(resource_name, resource) # The path used after sign up. You need to overwrite this method # in your own RegistrationsController. def after_sign_up_path_for(resource) - after_sign_in_path_for(resource) + after_sign_in_path_for(resource) if is_navigational_format? end # The path used after sign up for inactive accounts. You need to overwrite @@ -108,7 +108,7 @@ def after_inactive_sign_up_path_for(resource) # The default url to be used after updating a resource. You need to overwrite # this method in your own RegistrationsController. def after_update_path_for(resource) - signed_in_root_path(resource) + signed_in_root_path(resource) if is_navigational_format? end # Authenticates the current scope and gets the current resource from the session. diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 45f6b2c1d7..1639985d09 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -33,12 +33,12 @@ def show # The path used after sending unlock password instructions def after_sending_unlock_instructions_path_for(resource) - new_session_path(resource) + new_session_path(resource) if is_navigational_format? end # The path used after unlocking the resource def after_unlock_path_for(resource) - new_session_path(resource) + new_session_path(resource) if is_navigational_format? end end From 42fca4dbe541b72eb2d0700fdd25f9235606402f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 11:11:36 -0300 Subject: [PATCH 0199/1473] Update 3.1 lock file --- gemfiles/Gemfile.rails-3.1.x.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gemfiles/Gemfile.rails-3.1.x.lock b/gemfiles/Gemfile.rails-3.1.x.lock index 65a0ab58b9..0e09cda966 100644 --- a/gemfiles/Gemfile.rails-3.1.x.lock +++ b/gemfiles/Gemfile.rails-3.1.x.lock @@ -8,7 +8,7 @@ PATH warden (~> 1.2.1) GEM - remote: http://rubygems.org/ + remote: https://rubygems.org/ specs: actionmailer (3.1.12) actionpack (= 3.1.12) @@ -59,7 +59,7 @@ GEM mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.22) + mime-types (1.23) mocha (0.13.3) metaclass (~> 0.0.1) mongoid (3.0.23) @@ -68,7 +68,7 @@ GEM origin (~> 1.0) tzinfo (~> 0.3.22) moped (1.4.5) - multi_json (1.7.2) + multi_json (1.7.3) multipart-post (1.2.0) nokogiri (1.5.9) oauth2 (0.8.1) @@ -88,7 +88,7 @@ GEM omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - origin (1.0.11) + origin (1.1.0) orm_adapter (0.4.0) polyglot (0.3.3) rack (1.3.10) @@ -134,7 +134,7 @@ GEM tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.7) thor (0.14.6) - tilt (1.3.7) + tilt (1.4.0) treetop (1.4.12) polyglot polyglot (>= 0.3.1) From ef2a2280a37e6c47e2ab7c3a0458c35162de3ece Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 7 May 2013 08:18:12 -0600 Subject: [PATCH 0200/1473] Update examples to be compatible with Rails 4 --- app/controllers/devise/confirmations_controller.rb | 2 +- app/controllers/devise/passwords_controller.rb | 2 +- app/controllers/devise/registrations_controller.rb | 4 ++-- lib/devise/rails/routes.rb | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 04cc863e0c..68c2e8bd4b 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -37,7 +37,7 @@ def after_resending_confirmation_instructions_path_for(resource_name) # The path used after confirmation. def after_confirmation_path_for(resource_name, resource) - after_sign_in_path_for(resource) if is_navigational_format? + after_sign_in_path_for(resource) end end diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 04c5a329d7..abe7b5ba4f 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -42,7 +42,7 @@ def update protected def after_resetting_password_path_for(resource) - after_sign_in_path_for(resource) if is_navigational_format? + after_sign_in_path_for(resource) end # The path used after sending reset password instructions diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 8198d2b905..281979a7c9 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -96,7 +96,7 @@ def sign_up(resource_name, resource) # The path used after sign up. You need to overwrite this method # in your own RegistrationsController. def after_sign_up_path_for(resource) - after_sign_in_path_for(resource) if is_navigational_format? + after_sign_in_path_for(resource) end # The path used after sign up for inactive accounts. You need to overwrite @@ -108,7 +108,7 @@ def after_inactive_sign_up_path_for(resource) # The default url to be used after updating a resource. You need to overwrite # this method in your own RegistrationsController. def after_update_path_for(resource) - signed_in_root_path(resource) if is_navigational_format? + signed_in_root_path(resource) end # Authenticates the current scope and gets the current resource from the session. diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 9c03789261..28285745e4 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -250,7 +250,7 @@ def devise_for(*resources) # end # # authenticate :user, lambda {|u| u.role == "admin"} do - # root :to => "admin/dashboard#show" + # root :to => "admin/dashboard#show", :as => :user_root # end # def authenticate(scope=nil, block=nil) @@ -264,15 +264,15 @@ def authenticate(scope=nil, block=nil) # a model and allows extra constraints to be done on the instance. # # authenticated :admin do - # root :to => 'admin/dashboard#show' + # root :to => 'admin/dashboard#show', :as => :admin_root # end # # authenticated do - # root :to => 'dashboard#show' + # root :to => 'dashboard#show', :as => :authenticated_root # end # # authenticated :user, lambda {|u| u.role == "admin"} do - # root :to => "admin/dashboard#show" + # root :to => "admin/dashboard#show", :as => :user_root # end # # root :to => 'landing#show' From c78b4b40c193736dc626d71036b84fe666c7e37c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 7 May 2013 08:22:06 -0600 Subject: [PATCH 0201/1473] Remove warning since webrat is emitting tons of them --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index a8d3353c49..9439d3ddcf 100644 --- a/Rakefile +++ b/Rakefile @@ -22,7 +22,7 @@ Rake::TestTask.new(:test) do |t| t.libs << 'test' t.pattern = 'test/**/*_test.rb' t.verbose = true - t.warning = true + t.warning = false end desc 'Generate documentation for Devise.' From 5ad122b928e4364e915602a9296a490a6af39416 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 7 May 2013 08:47:18 -0600 Subject: [PATCH 0202/1473] Fix build for mongoid --- test/models/database_authenticatable_test.rb | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 24bb8fff10..cdd9820a78 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -198,26 +198,20 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should destroy user if current password is valid' do user = create_user assert user.destroy_with_password('12345678') - assert_raise ActiveRecord::RecordNotFound do - user.reload - end + assert_nil User.find_by_id(user.id) end test 'should not destroy user with invalid password' do user = create_user assert_not user.destroy_with_password('other') - assert_nothing_raised ActiveRecord::RecordNotFound do - user.reload - end + assert User.find(user.id) assert_match "is invalid", user.errors[:current_password].join end test 'should not destroy user with blank password' do user = create_user assert_not user.destroy_with_password(nil) - assert_nothing_raised ActiveRecord::RecordNotFound do - user.reload - end + assert User.find(user.id) assert_match "can't be blank", user.errors[:current_password].join end From fb075580826e1d5488aeff6bd74c5e55fb432a72 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 11:37:21 -0300 Subject: [PATCH 0203/1473] Update changelog with latest fixes [ci skip] --- CHANGELOG.rdoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index c53474e263..b629fbd19f 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,6 +1,7 @@ == master * enhancements + * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3) * Allow to override path after password resetting (by @worker8) * Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by @gregates) * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby) @@ -8,6 +9,7 @@ * Support explicitly setting the http authentication key via `config.http_authentication_key` (by @neo) * bug fix + * Do not redirect when accessing devise API via JSON. (by @sebastianwr) * Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by @nashby) * Fix inheriting mailer templates from `Devise::Mailer` * Fix a bug when procs are used as default mailer in Devise (by @tomasv) From 70199ed039985da167c2a29a445a74746dbf00f1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 11:25:32 -0300 Subject: [PATCH 0204/1473] Bump webrat to 0.7.3 on 3.1 as well --- gemfiles/Gemfile.rails-3.1.x | 2 +- gemfiles/Gemfile.rails-3.1.x.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x index cbf8916210..da8e87ffc4 100644 --- a/gemfiles/Gemfile.rails-3.1.x +++ b/gemfiles/Gemfile.rails-3.1.x @@ -10,7 +10,7 @@ gem "rdoc" group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.2", :require => false + gem "webrat", "0.7.3", :require => false gem "mocha", "~> 0.13.1", :require => false platforms :mri_18 do diff --git a/gemfiles/Gemfile.rails-3.1.x.lock b/gemfiles/Gemfile.rails-3.1.x.lock index 0e09cda966..d2813e1631 100644 --- a/gemfiles/Gemfile.rails-3.1.x.lock +++ b/gemfiles/Gemfile.rails-3.1.x.lock @@ -141,7 +141,7 @@ GEM tzinfo (0.3.37) warden (1.2.1) rack (>= 1.0) - webrat (0.7.2) + webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) @@ -164,4 +164,4 @@ DEPENDENCIES rdoc ruby-debug (>= 0.10.3) sqlite3 - webrat (= 0.7.2) + webrat (= 0.7.3) From e499fadf527c097cfedd982e559d107d30e8951e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 7 May 2013 08:55:12 -0600 Subject: [PATCH 0205/1473] Use persisted? in order to check if the record was destoryed or not --- test/models/database_authenticatable_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index cdd9820a78..fe852d7ed6 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -198,20 +198,20 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should destroy user if current password is valid' do user = create_user assert user.destroy_with_password('12345678') - assert_nil User.find_by_id(user.id) + assert !user.persisted? end test 'should not destroy user with invalid password' do user = create_user assert_not user.destroy_with_password('other') - assert User.find(user.id) + assert user.persisted? assert_match "is invalid", user.errors[:current_password].join end test 'should not destroy user with blank password' do user = create_user assert_not user.destroy_with_password(nil) - assert User.find(user.id) + assert user.persisted? assert_match "can't be blank", user.errors[:current_password].join end From f5e33089a032f44abd80225e34370c4fdd651a25 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 12:51:46 -0300 Subject: [PATCH 0206/1473] Release 2.2.4 --- CHANGELOG.rdoc | 2 +- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.1.x.lock | 2 +- lib/devise/version.rb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index b629fbd19f..48d1fae9e0 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,4 +1,4 @@ -== master +== 2.2.4 * enhancements * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3) diff --git a/Gemfile.lock b/Gemfile.lock index 39bedd7787..4f02fe7eb4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (2.2.3) + devise (2.2.4) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) diff --git a/gemfiles/Gemfile.rails-3.1.x.lock b/gemfiles/Gemfile.rails-3.1.x.lock index d2813e1631..d1a7ebff10 100644 --- a/gemfiles/Gemfile.rails-3.1.x.lock +++ b/gemfiles/Gemfile.rails-3.1.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (2.2.3) + devise (2.2.4) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (~> 3.1) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 107bac24b6..156075e5e1 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "2.2.3".freeze + VERSION = "2.2.4".freeze end From a4efbb9ad692110856970fa09851aac07520d625 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 13:05:02 -0300 Subject: [PATCH 0207/1473] Update mongo revision --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8023bfef06..d6c11a1731 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: f703270f44021fb9e7411d8ed113159282e726c6 + revision: fe7f43430580860db6d1d89cea27eda24ab60ab1 branch: master specs: mongoid (4.0.0) From 6b5988d756d780903bf8c9ccb3e2b3b724ccebe8 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 13:12:21 -0300 Subject: [PATCH 0208/1473] Add changelog note about Rails 4 and Strong Params support Plus dropping support for Rails < 3.2 and Ruby < 1.9.3 [ci skip] --- CHANGELOG.rdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 48d1fae9e0..ff768d36fd 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,9 @@ +== master + +* enhancements + * Rails 4 and Strong Parameters compatibility. (@carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) + * Drop support for Rails < 3.2 and Ruby < 1.9.3. + == 2.2.4 * enhancements From 39c1a2c7d025adbc90e86fb5c1da41dad65d4385 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 13:32:03 -0300 Subject: [PATCH 0209/1473] Release 3.0.0.rc with Rails 4 support --- CHANGELOG.rdoc | 2 +- Gemfile.lock | 2 +- README.md | 4 ++-- gemfiles/Gemfile.rails-3.2.x.lock | 2 +- lib/devise/version.rb | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index ff768d36fd..4c52b183ff 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,4 +1,4 @@ -== master +== 3.0.0.rc * enhancements * Rails 4 and Strong Parameters compatibility. (@carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) diff --git a/Gemfile.lock b/Gemfile.lock index d6c11a1731..f27f607972 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (2.2.4) + devise (3.0.0.rc) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/README.md b/README.md index a93e833982..5b7dd3688b 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ You can view the Devise documentation in RDoc format here: http://rubydoc.info/github/plataformatec/devise/master/frames -If you need to use Devise with Rails 2.3, you can always run "gem server" from the command line after you install the gem to access the old documentation. +If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation. ### Example applications @@ -90,7 +90,7 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 2.0 works with Rails 3.1 onwards. You can add it to your Gemfile with: +Devise 3.0 works with Rails 3.2 onwards. You can add it to your Gemfile with: ```ruby gem 'devise' diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index abeb342808..16183ff599 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (2.2.4) + devise (3.0.0.rc) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 156075e5e1..f22d135f19 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "2.2.4".freeze + VERSION = "3.0.0.rc".freeze end From ab77e08690b7d4f6bbd3ed53370117ba58b35085 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 7 May 2013 16:18:48 -0600 Subject: [PATCH 0210/1473] Update README.md --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 5b7dd3688b..d424d0cdca 100644 --- a/README.md +++ b/README.md @@ -200,6 +200,32 @@ class ApplicationController < ActionController::Base end ``` +If you have multiple roles, you may want to set up different parameter sanitizer per role. In this case, we recommend inheriting from from `Devise::ParameterSanitizer` and add your own logic: + +```ruby +class User::ParameterSanitizer < Devise::ParameterSanitizer + def sign_in + default_params.permit(:username, :email) + end +end +``` + +And then configure your controllers to use it: + +```ruby +class ApplicationController < ActionController::Base + protected + + def devise_parameter_sanitizer + if resource_class.is_a?(User) + User::ParameterSanitizer.new(User, :user, params) + else + super # Use the default one + end + end +end +``` + The example above overrides the permitted parameters for the user to be both `:username` and `:email`. The non-lazy way to configure parameters would be by defining the before filter above in a custom controller. We detail how to configure and customize controllers in some sections below. ### Configuring views From 545a5cec3b69f749a808d7c42a614ed37cfc6bbe Mon Sep 17 00:00:00 2001 From: "Jesse B. Hannah" Date: Thu, 9 May 2013 18:33:30 -0600 Subject: [PATCH 0211/1473] Fix redundant assignment of self.resource in Devise::RegistrationsController Devise::RegistrationsController#create set self.resource to the return value of build_resource--which is nil, because build_resource sets self.resource to an actual resource object. This caused attempting to save the resource (two lines down) to fail with "undefined method `save' on nil:NilClass." --- app/controllers/devise/registrations_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index a990c93a25..9db7e72635 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -10,7 +10,7 @@ def new # POST /resource def create - self.resource = build_resource(sign_up_params) + build_resource(sign_up_params) if resource.save if resource.active_for_authentication? From dd7c3ee91f345478de3f1591278cb75d4c986462 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Tue, 14 May 2013 14:58:20 +0300 Subject: [PATCH 0212/1473] set error to the field specified in unlock_keys config closes #2418 --- lib/devise/models/lockable.rb | 6 +++--- test/models/lockable_test.rb | 21 +++++++++++++++------ 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 56ccd6c6f1..17844c98d7 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -146,16 +146,16 @@ def if_access_locked if access_locked? yield else - self.errors.add(:email, :not_locked) + self.errors.add(Devise.unlock_keys.first, :not_locked) false end end module ClassMethods - # Attempt to find a user by its email. If a record is found, send new + # Attempt to find a user by its unlock keys. If a record is found, send new # unlock instructions to it. If not user is found, returns a new user # with an email not found error. - # Options must contain the user email + # Options must contain the user's unlock keys def send_unlock_instructions(attributes={}) lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found) lockable.resend_unlock_token if lockable.persisted? diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index b0642a1f71..d96e4eb4b1 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -185,12 +185,12 @@ def setup end test 'should require all unlock_keys' do - swap Devise, :unlock_keys => [:username, :email] do - user = create_user - unlock_user = User.send_unlock_instructions(:email => user.email) - assert_not unlock_user.persisted? - assert_equal "can't be blank", unlock_user.errors[:username].join - end + swap Devise, :unlock_keys => [:username, :email] do + user = create_user + unlock_user = User.send_unlock_instructions(:email => user.email) + assert_not unlock_user.persisted? + assert_equal "can't be blank", unlock_user.errors[:username].join + end end test 'should not be able to send instructions if the user is not locked' do @@ -200,6 +200,15 @@ def setup assert_equal 'was not locked', user.errors[:email].join end + test 'should not be able to send instructions if the user if not locked and have username as unlock key' do + swap Devise, :unlock_keys => [:username] do + user = create_user + assert_not user.resend_unlock_token + assert_not user.access_locked? + assert_equal 'was not locked', user.errors[:username].join + end + end + test 'should unlock account if lock has expired and increase attempts on failure' do swap Devise, :unlock_in => 1.minute do user = create_user From 48eea9d32563018546c6d12b54f3690cbf569a5f Mon Sep 17 00:00:00 2001 From: Yuri Pole Date: Fri, 17 May 2013 14:08:08 +0300 Subject: [PATCH 0213/1473] Fix typo in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d424d0cdca..65e69b36de 100644 --- a/README.md +++ b/README.md @@ -200,7 +200,7 @@ class ApplicationController < ActionController::Base end ``` -If you have multiple roles, you may want to set up different parameter sanitizer per role. In this case, we recommend inheriting from from `Devise::ParameterSanitizer` and add your own logic: +If you have multiple roles, you may want to set up different parameter sanitizer per role. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic: ```ruby class User::ParameterSanitizer < Devise::ParameterSanitizer From 020341176cbf86853757d8f89a0c51633e0d4570 Mon Sep 17 00:00:00 2001 From: Emil Soman Date: Sat, 18 May 2013 01:50:06 +0530 Subject: [PATCH 0214/1473] Update doc to mention http_authenticable is false by default --- lib/devise/models/authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index e0a5ad5d9d..00c12fc24a 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -21,7 +21,7 @@ module Models # as key on authentication. This can also be a hash where the value is a boolean specifying # if the value is required or not. # - # * +http_authenticatable+: if this model allows http authentication. By default true. + # * +http_authenticatable+: if this model allows http authentication. By default false. # It also accepts an array specifying the strategies that should allow http. # # * +params_authenticatable+: if this model allows authentication through request params. By default true. From b7079c7cf2c5cbb6b4ba4cef642156e88d73bf87 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 19 May 2013 15:45:11 +0300 Subject: [PATCH 0215/1473] redirect user to the referrer if latest request was not GET after timeout closes #2421 --- lib/devise/failure_app.rb | 9 ++++++++- test/integration/timeoutable_test.rb | 10 ++++++++++ test/rails_app/app/controllers/users_controller.rb | 8 ++++++++ test/rails_app/app/views/users/edit_form.html.erb | 1 + test/rails_app/config/routes.rb | 8 ++++++-- 5 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 test/rails_app/app/views/users/edit_form.html.erb diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 54d214a4f2..08b02568aa 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -78,7 +78,14 @@ def i18n_message(default = nil) def redirect_url if warden_message == :timeout flash[:timedout] = true - attempted_path || scope_path + + path = if request.get? + attempted_path + else + request.referrer + end + + path || scope_path else scope_path end diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index c52835372c..cd1e49a696 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -45,6 +45,16 @@ def last_request_at assert_not warden.authenticated?(:user) end + test 'time out user session after deault limit time and redirect to latest get request' do + user = sign_in_as_user + visit edit_form_user_path(user) + + click_button 'Update' + sign_in_as_user + + assert_equal edit_form_user_url(user), current_url + end + test 'time out is not triggered on sign out' do user = sign_in_as_user get expire_user_path(user) diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index 4fe523289a..d889de69ab 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -8,6 +8,14 @@ def index respond_with(current_user) end + def edit_form + user_session['last_request_at'] = 31.minutes.ago.utc + end + + def update_form + render :text => 'Update' + end + def accept @current_user = current_user end diff --git a/test/rails_app/app/views/users/edit_form.html.erb b/test/rails_app/app/views/users/edit_form.html.erb new file mode 100644 index 0000000000..b7a2e31c1f --- /dev/null +++ b/test/rails_app/app/views/users/edit_form.html.erb @@ -0,0 +1 @@ +<%= button_to 'Update', update_form_user_path(current_user), method: 'put' %> diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 1363d2cd17..9496f86c4e 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -1,8 +1,12 @@ Rails.application.routes.draw do # Resources for testing resources :users, :only => [:index] do - get :expire, :on => :member - get :accept, :on => :member + member do + get :expire + get :accept + get :edit_form + put :update_form + end authenticate do post :exhibit, :on => :member From 17e85aa79dcbf3293e10a6e2346856c450e033e7 Mon Sep 17 00:00:00 2001 From: Kramer Campbell Date: Wed, 22 May 2013 19:48:06 -0700 Subject: [PATCH 0216/1473] Avoid sending confirmations to blank emails. At times, validations may be skipped and no email address may be provided. Such an instance comes when testing uniqueness validations of specific attributes in a Devise model with confirmable, especially when using Shoulda matchers. --- lib/devise/models/confirmable.rb | 6 +++--- test/models/confirmable_test.rb | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 2c10ab08e2..e4412c39a5 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -227,17 +227,17 @@ def postpone_email_change_until_confirmation end def postpone_email_change? - postpone = self.class.reconfirmable && email_changed? && !@bypass_postpone + postpone = self.class.reconfirmable && email_changed? && !@bypass_postpone && !self.email.blank? @bypass_postpone = false postpone end def reconfirmation_required? - self.class.reconfirmable && @reconfirmation_required + self.class.reconfirmable && @reconfirmation_required && !self.email.blank? end def send_confirmation_notification? - confirmation_required? && !@skip_confirmation_notification + confirmation_required? && !@skip_confirmation_notification && !self.email.blank? end module ClassMethods diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 51e8fee2fa..4c6c9f0480 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -114,6 +114,14 @@ def setup end end + test 'should not send confirmation when no email is provided' do + assert_email_not_sent do + user = new_user + user.email = '' + user.save(:validate => false) + end + end + test 'should find a user to send confirmation instructions' do user = create_user confirmation_user = User.send_confirmation_instructions(:email => user.email) @@ -337,6 +345,15 @@ class ReconfirmableTest < ActiveSupport::TestCase end end + test 'should not send confirmation by email after changing to a blank email' do + admin = create_admin + assert admin.confirm! + assert_email_not_sent do + admin.email = '' + admin.save(:validate => false) + end + end + test 'should stay confirmed when email is changed' do admin = create_admin assert admin.confirm! From 7670eb8e986188c7116b9408ff993e0229e206a8 Mon Sep 17 00:00:00 2001 From: julp Date: Wed, 29 May 2013 19:24:51 +0200 Subject: [PATCH 0217/1473] don't update failed_attempts attribute if already equal to 0 --- lib/devise/hooks/lockable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/hooks/lockable.rb b/lib/devise/hooks/lockable.rb index 22d0428e41..d713153f33 100644 --- a/lib/devise/hooks/lockable.rb +++ b/lib/devise/hooks/lockable.rb @@ -2,6 +2,6 @@ # This is only triggered when the user is explicitly set (with set_user) Warden::Manager.after_set_user :except => :fetch do |record, warden, options| if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope]) - record.update_attribute(:failed_attempts, 0) + record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.zero? end end From 10aadee63773f5a8680654a6c67b2e4e3d61933f Mon Sep 17 00:00:00 2001 From: julp Date: Wed, 29 May 2013 19:27:02 +0200 Subject: [PATCH 0218/1473] record is potentially unchanged here, if so, no needs to save it --- lib/devise/models/rememberable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index b9e433868a..ff6c2ee772 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -50,7 +50,7 @@ def self.required_fields(klass) def remember_me!(extend_period=false) self.remember_token = self.class.remember_token if generate_remember_token? self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period) - save(:validate => false) + save(:validate => false) if self.changed? end # If the record is persisted, remove the remember token (but only if From ae4448403c1070313dd18fa9589000c0fa07877a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 29 May 2013 21:34:14 -0300 Subject: [PATCH 0219/1473] Change flash message to alert instead of error Devise uses the defaults :notice and :alert everywhere, this one seems to have been missed since it was introduced in ff75341c757c76ddcab863cac7ab77254dcd230d. --- app/controllers/devise/passwords_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 7528948bd6..4cb353aa8e 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -53,7 +53,7 @@ def after_sending_reset_password_instructions_path_for(resource_name) # Check if a reset_password_token is provided in the request def assert_reset_token_passed if params[:reset_password_token].blank? - set_flash_message(:error, :no_token) + set_flash_message(:alert, :no_token) redirect_to new_session_path(resource_name) end end From fdd47d74dbf26c25873ccad24010a0b21d141cfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 1 Jun 2013 10:06:33 +0900 Subject: [PATCH 0220/1473] We are not duck typing here, so don't call the variable duck --- lib/devise/mapping.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 84d638645a..7ab377b15a 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -29,17 +29,17 @@ class Mapping #:nodoc: # Receives an object and find a scope for it. If a scope cannot be found, # raises an error. If a symbol is given, it's considered to be the scope. - def self.find_scope!(duck) - case duck + def self.find_scope!(obj) + case obj when String, Symbol - return duck + return obj when Class - Devise.mappings.each_value { |m| return m.name if duck <= m.to } + Devise.mappings.each_value { |m| return m.name if obj <= m.to } else - Devise.mappings.each_value { |m| return m.name if duck.is_a?(m.to) } + Devise.mappings.each_value { |m| return m.name if obj.is_a?(m.to) } end - raise "Could not find a valid mapping for #{duck.inspect}" + raise "Could not find a valid mapping for #{obj.inspect}" end def self.find_by_path!(path, path_type=:fullpath) From 85897b4fe218de244cbd375fb1aef841f9274090 Mon Sep 17 00:00:00 2001 From: Jonathan Roes Date: Wed, 5 Jun 2013 09:22:55 -0400 Subject: [PATCH 0221/1473] Code formatting for class names and command --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 65e69b36de..17841243f0 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ The generator will install an initializer which describes ALL Devise's configura rails generate devise MODEL ``` -Replace MODEL by the class name used for the applications users, it's frequently 'User' but could also be 'Admin'. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run "rake db:migrate" as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller. +Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller. Note that you should re-start your app here if you've already started it. Otherwise you'll run into strange errors like users being unable to login and the route helpers being undefined. From 176158a3094d1acce229c10173992a97f298049a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 6 Jun 2013 00:45:02 +0800 Subject: [PATCH 0222/1473] Just for Rails 3.2 --- lib/generators/templates/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/README b/lib/generators/templates/README index 8f2ff1ffb1..762352442a 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -21,7 +21,7 @@ Some setup you must do manually if you haven't yet:

<%= notice %>

<%= alert %>

- 4. If you are deploying Rails 3.1+ on Heroku, you may want to set: + 4. If you are deploying on Heroku with Rails 3.2 only, you may want to set: config.assets.initialize_on_precompile = false From e632240aee2a734b78e5a77cdf78579639dc43f9 Mon Sep 17 00:00:00 2001 From: t-kot Date: Fri, 7 Jun 2013 12:11:00 +0900 Subject: [PATCH 0223/1473] Fix access_locked? always return boolean --- lib/devise/models/lockable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 56ccd6c6f1..bf2ea65260 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -55,7 +55,7 @@ def unlock_access! # Verifies whether a user is locked or not. def access_locked? - locked_at && !lock_expired? + !!locked_at && !lock_expired? end # Send unlock instructions by email From 3c9cfa50c03f38f8f51e5851f3c6a642282429c5 Mon Sep 17 00:00:00 2001 From: Steve Slotnick Date: Mon, 10 Jun 2013 19:17:19 -0700 Subject: [PATCH 0224/1473] Adding publicly available methods on Recoverable and Confirmable to retrieve tokens --- lib/devise/models/confirmable.rb | 8 ++++++++ lib/devise/models/recoverable.rb | 7 ++++++- test/models/confirmable_test.rb | 17 +++++++++++++++++ test/models/recoverable_test.rb | 23 +++++++++++++++++++---- 4 files changed, 50 insertions(+), 5 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index e4412c39a5..3a3d08eb5d 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -106,6 +106,11 @@ def resend_confirmation_token send_confirmation_instructions end end + + def confirmation_token! + generate_confirmation_token! if should_generate_confirmation_token? + self.confirmation_token + end # Overwrites active_for_authentication? for confirmation # by verifying whether a user is active to sign in or not. If the user @@ -139,6 +144,9 @@ def skip_reconfirmation! end protected + def should_generate_confirmation_token? + confirmation_token.nil? || confirmation_period_expired? + end # A callback method used to deliver confirmation # instructions on creation. This can be overriden diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 494852f0ea..85f377044e 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -47,7 +47,12 @@ def send_reset_password_instructions generate_reset_password_token! if should_generate_reset_token? send_devise_notification(:reset_password_instructions) end - + + def reset_password_token! + generate_reset_password_token! if should_generate_reset_token? + self.reset_password_token + end + # Checks if the reset password token sent is within the limit time. # We do this by calculating if the difference between today and the # sending date does not exceed the confirm in time configured. diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 4c6c9f0480..7aedfd2eb9 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -294,6 +294,23 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) assert_not_equal user.confirmation_token, old end end + + test 'should generate a new token when a valid one does not exist' do + swap Devise, :confirm_within => 3.days do + user = create_user + user.update_attribute(:confirmation_sent_at, 4.days.ago) + old = user.confirmation_token + token = user.confirmation_token! + assert_not_equal user.confirmation_token, old + assert_equal user.confirmation_token, token + end + end + + test 'should not generate a new token when a valid one exists' do + user = create_user + assert_not_nil user.confirmation_token + assert_equal user.confirmation_token, user.confirmation_token! + end end class ReconfirmableTest < ActiveSupport::TestCase diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 9907fc26dd..0b86f3464d 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -110,7 +110,7 @@ def setup test 'should find a user to reset his password based on reset_password_token' do user = create_user - user.send :generate_reset_password_token! + user.reset_password_token! reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token) assert_equal reset_password_user, user @@ -130,7 +130,7 @@ def setup test 'should return a new record with errors if password is blank' do user = create_user - user.send :generate_reset_password_token! + user.reset_password_token! reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token, :password => '') assert_not reset_password_user.errors.empty? @@ -140,7 +140,7 @@ def setup test 'should reset successfully user password given the new password and confirmation' do user = create_user old_password = user.password - user.send :generate_reset_password_token! + user.reset_password_token! User.reset_password_by_token( :reset_password_token => user.reset_password_token, @@ -179,7 +179,7 @@ def setup swap Devise, :reset_password_within => 1.hour do user = create_user old_password = user.password - user.send :generate_reset_password_token! + user.reset_password_token! user.reset_password_sent_at = 2.days.ago user.save! @@ -202,4 +202,19 @@ def setup :reset_password_token ] end + + test 'should generate a new token when a valid one does not exist' do + user = create_user + assert_nil user.reset_password_token + + token = user.reset_password_token! + assert_not_nil user.reset_password_token + end + + test 'should not generate a new token when a valid one exists' do + user = create_user + user.send :generate_reset_password_token! + assert_not_nil user.reset_password_token + assert_equal user.reset_password_token, user.reset_password_token! + end end From b5909f9b936078416732bf1d84b0fb8692e9cdff Mon Sep 17 00:00:00 2001 From: Steve Slotnick Date: Tue, 11 Jun 2013 14:14:17 -0700 Subject: [PATCH 0225/1473] changing name from *_token! to get_or_create_*_token --- lib/devise/models/confirmable.rb | 2 +- lib/devise/models/recoverable.rb | 2 +- test/models/confirmable_test.rb | 4 ++-- test/models/recoverable_test.rb | 12 ++++++------ 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 3a3d08eb5d..806aec1310 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -107,7 +107,7 @@ def resend_confirmation_token end end - def confirmation_token! + def get_or_create_confirmation_token generate_confirmation_token! if should_generate_confirmation_token? self.confirmation_token end diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 85f377044e..4b108f24ad 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -48,7 +48,7 @@ def send_reset_password_instructions send_devise_notification(:reset_password_instructions) end - def reset_password_token! + def get_or_create_reset_password_token generate_reset_password_token! if should_generate_reset_token? self.reset_password_token end diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 7aedfd2eb9..2c41624870 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -300,7 +300,7 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) user = create_user user.update_attribute(:confirmation_sent_at, 4.days.ago) old = user.confirmation_token - token = user.confirmation_token! + token = user.get_or_create_confirmation_token assert_not_equal user.confirmation_token, old assert_equal user.confirmation_token, token end @@ -309,7 +309,7 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) test 'should not generate a new token when a valid one exists' do user = create_user assert_not_nil user.confirmation_token - assert_equal user.confirmation_token, user.confirmation_token! + assert_equal user.confirmation_token, user.get_or_create_confirmation_token end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 0b86f3464d..721dc45ad6 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -110,7 +110,7 @@ def setup test 'should find a user to reset his password based on reset_password_token' do user = create_user - user.reset_password_token! + user.get_or_create_reset_password_token reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token) assert_equal reset_password_user, user @@ -130,7 +130,7 @@ def setup test 'should return a new record with errors if password is blank' do user = create_user - user.reset_password_token! + user.get_or_create_reset_password_token reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token, :password => '') assert_not reset_password_user.errors.empty? @@ -140,7 +140,7 @@ def setup test 'should reset successfully user password given the new password and confirmation' do user = create_user old_password = user.password - user.reset_password_token! + user.get_or_create_reset_password_token User.reset_password_by_token( :reset_password_token => user.reset_password_token, @@ -179,7 +179,7 @@ def setup swap Devise, :reset_password_within => 1.hour do user = create_user old_password = user.password - user.reset_password_token! + user.get_or_create_reset_password_token user.reset_password_sent_at = 2.days.ago user.save! @@ -207,7 +207,7 @@ def setup user = create_user assert_nil user.reset_password_token - token = user.reset_password_token! + token = user.get_or_create_reset_password_token assert_not_nil user.reset_password_token end @@ -215,6 +215,6 @@ def setup user = create_user user.send :generate_reset_password_token! assert_not_nil user.reset_password_token - assert_equal user.reset_password_token, user.reset_password_token! + assert_equal user.reset_password_token, user.get_or_create_reset_password_token end end From b194882b2320cabf0d5187505f3bf80da9b9122b Mon Sep 17 00:00:00 2001 From: Steve Slotnick Date: Wed, 12 Jun 2013 15:10:14 -0700 Subject: [PATCH 0226/1473] Renaming get_or_create_*_token to ensure_*_token to match API in token authenticatable --- lib/devise/models/confirmable.rb | 6 +++--- lib/devise/models/recoverable.rb | 6 +++--- test/models/confirmable_test.rb | 7 ++++--- test/models/recoverable_test.rb | 14 ++++++++------ 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 806aec1310..09af6ab88e 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -93,7 +93,7 @@ def send_confirmation_instructions self.confirmation_token = nil if reconfirmation_required? @reconfirmation_required = false - generate_confirmation_token! if self.confirmation_token.blank? + ensure_confirmation_token! opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { } send_devise_notification(:confirmation_instructions, opts) @@ -107,9 +107,9 @@ def resend_confirmation_token end end - def get_or_create_confirmation_token + # Generate a confirmation token unless already exists and save the record. + def ensure_confirmation_token! generate_confirmation_token! if should_generate_confirmation_token? - self.confirmation_token end # Overwrites active_for_authentication? for confirmation diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 4b108f24ad..563dd962ca 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -44,13 +44,13 @@ def reset_password!(new_password, new_password_confirmation) # Resets reset password token and send reset password instructions by email def send_reset_password_instructions - generate_reset_password_token! if should_generate_reset_token? + ensure_reset_password_token! send_devise_notification(:reset_password_instructions) end - def get_or_create_reset_password_token + # Generate reset password token unless already exists and save the record. + def ensure_reset_password_token! generate_reset_password_token! if should_generate_reset_token? - self.reset_password_token end # Checks if the reset password token sent is within the limit time. diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 2c41624870..32c753c23e 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -300,16 +300,17 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) user = create_user user.update_attribute(:confirmation_sent_at, 4.days.ago) old = user.confirmation_token - token = user.get_or_create_confirmation_token + user.ensure_confirmation_token! assert_not_equal user.confirmation_token, old - assert_equal user.confirmation_token, token end end test 'should not generate a new token when a valid one exists' do user = create_user assert_not_nil user.confirmation_token - assert_equal user.confirmation_token, user.get_or_create_confirmation_token + old = user.confirmation_token + user.ensure_confirmation_token! + assert_equal user.confirmation_token, old end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 721dc45ad6..be54444e32 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -110,7 +110,7 @@ def setup test 'should find a user to reset his password based on reset_password_token' do user = create_user - user.get_or_create_reset_password_token + user.ensure_reset_password_token! reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token) assert_equal reset_password_user, user @@ -130,7 +130,7 @@ def setup test 'should return a new record with errors if password is blank' do user = create_user - user.get_or_create_reset_password_token + user.ensure_reset_password_token! reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token, :password => '') assert_not reset_password_user.errors.empty? @@ -140,7 +140,7 @@ def setup test 'should reset successfully user password given the new password and confirmation' do user = create_user old_password = user.password - user.get_or_create_reset_password_token + user.ensure_reset_password_token! User.reset_password_by_token( :reset_password_token => user.reset_password_token, @@ -179,7 +179,7 @@ def setup swap Devise, :reset_password_within => 1.hour do user = create_user old_password = user.password - user.get_or_create_reset_password_token + user.ensure_reset_password_token! user.reset_password_sent_at = 2.days.ago user.save! @@ -207,7 +207,7 @@ def setup user = create_user assert_nil user.reset_password_token - token = user.get_or_create_reset_password_token + user.ensure_reset_password_token! assert_not_nil user.reset_password_token end @@ -215,6 +215,8 @@ def setup user = create_user user.send :generate_reset_password_token! assert_not_nil user.reset_password_token - assert_equal user.reset_password_token, user.get_or_create_reset_password_token + old = user.reset_password_token + user.ensure_reset_password_token! + assert_equal user.reset_password_token, old end end From 72cf2481b503bbdcc36f101823545680af81b1a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 19 Jun 2013 09:17:54 +0200 Subject: [PATCH 0227/1473] Rename ParamFilter to ParameterFilter for consistency --- lib/devise.rb | 2 +- lib/devise/models/authenticatable.rb | 6 +++--- lib/devise/{param_filter.rb => parameter_filter.rb} | 2 +- test/models/database_authenticatable_test.rb | 6 +++--- test/support/helpers.rb | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) rename lib/devise/{param_filter.rb => parameter_filter.rb} (98%) diff --git a/lib/devise.rb b/lib/devise.rb index 3a9722ae57..5c4d9c94f1 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -9,7 +9,7 @@ module Devise autoload :Delegator, 'devise/delegator' autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' - autoload :ParamFilter, 'devise/param_filter' + autoload :ParameterFilter, 'devise/parameter_filter' autoload :BaseSanitizer, 'devise/parameter_sanitizer' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 00c12fc24a..261b38c141 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -243,7 +243,7 @@ def find_for_authentication(tainted_conditions) end def find_first_by_auth_conditions(tainted_conditions, opts={}) - to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts)) + to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts)) end # Find an initialize a record setting an error if it can't be found. @@ -275,8 +275,8 @@ def find_or_initialize_with_errors(required_attributes, attributes, error=:inval protected - def devise_param_filter - @devise_param_filter ||= Devise::ParamFilter.new(case_insensitive_keys, strip_whitespace_keys) + def devise_parameter_filter + @devise_parameter_filter ||= Devise::ParameterFilter.new(case_insensitive_keys, strip_whitespace_keys) end # Generate a token by looping and ensuring does not already exist. diff --git a/lib/devise/param_filter.rb b/lib/devise/parameter_filter.rb similarity index 98% rename from lib/devise/param_filter.rb rename to lib/devise/parameter_filter.rb index 46b9ddd6e5..63d06f9038 100644 --- a/lib/devise/param_filter.rb +++ b/lib/devise/parameter_filter.rb @@ -1,5 +1,5 @@ module Devise - class ParamFilter + class ParameterFilter def initialize(case_insensitive_keys, strip_whitespace_keys) @case_insensitive_keys = case_insensitive_keys || [] @strip_whitespace_keys = strip_whitespace_keys || [] diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index de152ae3d7..c5ecf51ddf 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -48,19 +48,19 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test "param filter should not convert booleans and integer to strings" do conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) } - conditions = Devise::ParamFilter.new([], []).filter(conditions) + conditions = Devise::ParameterFilter.new([], []).filter(conditions) assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions) end test 'param filter should filter case_insensitive_keys as insensitive' do conditions = {'insensitive' => 'insensitive_VAL', 'sensitive' => 'sensitive_VAL'} - conditions = Devise::ParamFilter.new(['insensitive'], []).filter(conditions) + conditions = Devise::ParameterFilter.new(['insensitive'], []).filter(conditions) assert_equal( {'insensitive' => 'insensitive_val', 'sensitive' => 'sensitive_VAL'}, conditions ) end test 'param filter should filter strip_whitespace_keys stripping whitespaces' do conditions = {'strip_whitespace' => ' strip_whitespace_val ', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '} - conditions = Devise::ParamFilter.new([], ['strip_whitespace']).filter(conditions) + conditions = Devise::ParameterFilter.new([], ['strip_whitespace']).filter(conditions) assert_equal( {'strip_whitespace' => 'strip_whitespace_val', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}, conditions ) end diff --git a/test/support/helpers.rb b/test/support/helpers.rb index a2554485e9..d3e1521cc2 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -63,7 +63,7 @@ def swap(object, new_values) def clear_cached_variables(options) if options.key?(:case_insensitive_keys) || options.key?(:strip_whitespace_keys) Devise.mappings.each do |_, mapping| - mapping.to.instance_variable_set(:@devise_param_filter, nil) + mapping.to.instance_variable_set(:@devise_parameter_filter, nil) end end end From 5717c6f08297b11a81a004199de325bfa898903d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 19 Jun 2013 10:37:37 +0200 Subject: [PATCH 0228/1473] Splat args to be sanitized --- lib/devise/parameter_sanitizer.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 6ce0021153..a05a49c1e2 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -41,15 +41,15 @@ def fallback_for(kind) end def sign_in - default_params.permit(auth_keys) + default_params.permit(*auth_keys) end def sign_up - default_params.permit(auth_keys + [:password, :password_confirmation]) + default_params.permit(*(auth_keys + [:password, :password_confirmation])) end def account_update - default_params.permit(auth_keys + [:password, :password_confirmation, :current_password]) + default_params.permit(*(auth_keys + [:password, :password_confirmation, :current_password])) end def auth_keys From df2995ce19ade898bb370bc3bd8a5d47fa541600 Mon Sep 17 00:00:00 2001 From: Takehiro Adachi Date: Fri, 14 Jun 2013 07:19:29 +0900 Subject: [PATCH 0229/1473] Enable to skip sending reconfirmation email when skip_confirmation_notification! is invoked We could always generate a confirmation token but not sending a confirmation email by invoking the skip_confirmation_notification! method when creating the account. But there were no way to do that when we were turning on reconfirmable and updating email. --- lib/devise/models/confirmable.rb | 34 +++++++++++++++++++++++--------- test/models/confirmable_test.rb | 9 +++++++++ 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 09af6ab88e..0e5ce7a11e 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -35,8 +35,8 @@ module Confirmable included do before_create :generate_confirmation_token, :if => :confirmation_required? after_create :send_on_create_confirmation_instructions, :if => :send_confirmation_notification? - before_update :postpone_email_change_until_confirmation, :if => :postpone_email_change? - after_update :send_confirmation_instructions, :if => :reconfirmation_required? + before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, :if => :postpone_email_change? + after_update :send_reconfirmation_instructions, :if => :reconfirmation_required? end def initialize(*args, &block) @@ -90,19 +90,25 @@ def pending_reconfirmation? # Send confirmation instructions by email def send_confirmation_instructions - self.confirmation_token = nil if reconfirmation_required? - @reconfirmation_required = false - ensure_confirmation_token! opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { } send_devise_notification(:confirmation_instructions, opts) end - # Resend confirmation token. This method does not need to generate a new token. + def send_reconfirmation_instructions + @reconfirmation_required = false + + unless @skip_confirmation_notification + send_confirmation_instructions + end + end + + # Resend confirmation token. + # Regenerates the token if the period is expired. def resend_confirmation_token pending_any_confirmation do - self.confirmation_token = nil if confirmation_period_expired? + regenerate_confirmation_token! if confirmation_period_expired? send_confirmation_instructions end end @@ -131,7 +137,7 @@ def skip_confirmation! self.confirmed_at = Time.now.utc end - # Skips sending the confirmation notification email after_create. Unlike + # Skips sending the confirmation/reconfirmation notification email after_create/after_update. Unlike # #skip_confirmation!, record still requires confirmation. def skip_confirmation_notification! @skip_confirmation_notification = true @@ -223,15 +229,25 @@ def generate_confirmation_token! generate_confirmation_token && save(:validate => false) end + # Regenerates a new token. + def regenerate_confirmation_token + generate_confirmation_token + end + + def regenerate_confirmation_token! + regenerate_confirmation_token && save(:validate => false) + end + def after_password_reset super confirm! unless confirmed? end - def postpone_email_change_until_confirmation + def postpone_email_change_until_confirmation_and_regenerate_confirmation_token @reconfirmation_required = true self.unconfirmed_email = self.email self.email = self.email_was + regenerate_confirmation_token end def postpone_email_change? diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 32c753c23e..e367f94174 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -337,6 +337,15 @@ class ReconfirmableTest < ActiveSupport::TestCase assert_nil admin.confirmation_token end + test 'should skip sending reconfirmation email when email is changed and skip_confirmation_notification! is invoked' do + admin = create_admin + admin.skip_confirmation_notification! + + assert_email_not_sent do + admin.update_attributes(:email => 'new_test@example.com') + end + end + test 'should regenerate confirmation token after changing email' do admin = create_admin assert admin.confirm! From 5926898cf48a7a6d32263fad1e96be82f11cb0ee Mon Sep 17 00:00:00 2001 From: Martin Honermeyer Date: Tue, 25 Jun 2013 11:27:35 +0200 Subject: [PATCH 0230/1473] Update code example for #update_without_password --- lib/devise/models/database_authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 916c33efb5..3e1da40c79 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -81,7 +81,7 @@ def update_with_password(params, *options) # # Example: # - # def update_without_password(params={}) + # def update_without_password(params, *options) # params.delete(:email) # super(params) # end From 8487637b2fd953b0edb46ef5d92c573cab4cf551 Mon Sep 17 00:00:00 2001 From: Robin Roestenburg Date: Tue, 25 Jun 2013 14:01:11 +0300 Subject: [PATCH 0231/1473] Updated section 'Configuring controllers' I added an extra note in the section on creating a custom (namespaced) controller. This controller needs to be created in a directory in order for it to work. Otherwise (for example when creating the controller in `app/controllers`) a `uninitialized constant Admins` error is thrown. Also, fixed the Markdown formatting for the numbered lists in the README. --- README.md | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 17841243f0..a66ddf9736 100644 --- a/README.md +++ b/README.md @@ -250,22 +250,24 @@ rails generate devise:views users If the customization at the views level is not enough, you can customize each controller by following these steps: -1) Create your custom controller, for example a Admins::SessionsController: +1. Create your custom controller, for example a `Admins::SessionsController`: -```ruby -class Admins::SessionsController < Devise::SessionsController -end -``` + ```ruby + class Admins::SessionsController < Devise::SessionsController + end + ``` -2) Tell the router to use this controller: + Note that in the above example, the controller needs to be created in the `app/controller/admins/` directory. -```ruby -devise_for :admins, :controllers => { :sessions => "admins/sessions" } -``` +2. Tell the router to use this controller: + + ```ruby + devise_for :admins, :controllers => { :sessions => "admins/sessions" } + ``` -3) And since we changed the controller, it won't use the "devise/sessions" views, so remember to copy "devise/sessions" to "admin/sessions". +3. And since we changed the controller, it won't use the `"devise/sessions"` views, so remember to copy `"devise/sessions"` to `"admin/sessions"`. -Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display. + Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `"flash[:notice]"` and `"flash[:alert]"` as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display. ### Configuring routes @@ -357,12 +359,14 @@ sign_out @user # sign_out(resource) There are two things that is important to keep in mind: -1) These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session; +1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session; -2) If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do: +2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do: + ```ruby @request.env["devise.mapping"] = Devise.mappings[:user] get :new + ``` ### Omniauth From e029ad7b0cc68ecb36a752a1027cbeff3312e80d Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Tue, 25 Jun 2013 13:44:39 -0500 Subject: [PATCH 0232/1473] Fix improper login param sanitization permit This includes a failing test case that hooks into ActiveSupport Notifications to catch the param permit error. --- lib/devise/parameter_sanitizer.rb | 8 ++++++-- test/controllers/sessions_controller_test.rb | 14 ++++++++++++++ test/parameter_sanitizer_test.rb | 9 ++++++++- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index a05a49c1e2..aa78b21f69 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -40,8 +40,12 @@ def fallback_for(kind) end end + # These are the params used to sign in a user so we don't need to + # mass-assign the password param in order to authenticate. Excluding it + # here allows us to construct a new user without sensitive information if + # authentication fails. def sign_in - default_params.permit(*auth_keys) + default_params.permit(*auth_keys + [:password]) end def sign_up @@ -53,7 +57,7 @@ def account_update end def auth_keys - resource_class.authentication_keys + resource_class.authentication_keys.respond_to?(:keys) ? resource_class.authentication_keys.keys : resource_class.authentication_keys end end end diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 7af0a6867c..0bfc8be867 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -4,6 +4,20 @@ class SessionsControllerTest < ActionController::TestCase tests Devise::SessionsController include Devise::TestHelpers + test "#create doesn't raise unpermitted params when sign in fails" do + ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload| + flunk "Unpermitted params: #{payload}" + end + request.env["devise.mapping"] = Devise.mappings[:user] + request.session["user_return_to"] = 'foo.bar' + user = create_user + post :create, :user => { + :email => "wrong@email.com", + :password => "wrongpassword" + } + assert_equal 200, @response.status + end + test "#create works even with scoped views" do swap Devise, :scoped_views => true do request.env["devise.mapping"] = Devise.mappings[:user] diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 5043dd06c1..34f5839277 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -22,7 +22,14 @@ def sanitizer(params) test 'filters some parameters on sign in by default' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in)) + assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in)) + end + + test 'handles auth keys as a hash' do + swap Devise, :authentication_keys => {:email => true} do + sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) + assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in)) + end end test 'filters some parameters on sign up by default' do From 75ad4ee87b29c79215793e7e9d346e3ab81b5b4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 30 Jun 2013 14:18:49 +0200 Subject: [PATCH 0233/1473] Add thread-safety support note --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a66ddf9736..87db7eb3f6 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,8 @@ It's composed of 11 modules: * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is on progress. + ## Information ### The Devise wiki From aeec6138c29c40d23d16c4bae75fb119de554912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petteri=20R=C3=A4ty?= Date: Wed, 3 Jul 2013 13:33:59 +0300 Subject: [PATCH 0234/1473] CHANGELOG fix about _links.erb partial revert 9bf718 got reverted by aa2d15 but the CHANGELOG was not reflected to show this. --- CHANGELOG.rdoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 4c52b183ff..d99e1fdf83 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -119,6 +119,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * Do not accidentally mark `_prefixes` as private * Better support for custom strategies on test helpers (by @mattconnolly) * Return `head :no_content` in SessionsController now that most JS libraries handle it (by @julianvargasalvarez) + * Reverted moving devise/shared/_links.erb to devise/_links.erb == 2.0.4 From 49aebde435cf556a9a897f83babfc1f4e7f4a4cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 9 Jul 2013 09:05:19 +0200 Subject: [PATCH 0235/1473] Update CHANGELOG --- CHANGELOG.rdoc | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index d99e1fdf83..a63e075223 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,8 +1,12 @@ -== 3.0.0.rc +== 3.0.0 * enhancements - * Rails 4 and Strong Parameters compatibility. (@carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) - * Drop support for Rails < 3.2 and Ruby < 1.9.3. + * Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) + * Drop support for Rails < 3.2 and Ruby < 1.9.3 + * Enable to skip sending reconfirmation email when reconfirmable is on and skip_confirmation_notification! is invoked (by @tkhr) + +* bug fix + * Errors on unlock are now properly reflected on the first `unlock_keys` == 2.2.4 From 57515de5ad9f67072df4b7ecd33f8b857423f9d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 9 Jul 2013 09:09:22 +0200 Subject: [PATCH 0236/1473] Update to Rails 4.0 --- Gemfile | 2 +- Gemfile.lock | 65 ++++++++++++++++++++++++++-------------------------- 2 files changed, 33 insertions(+), 34 deletions(-) diff --git a/Gemfile b/Gemfile index 91e9e7d86c..6a9be457f2 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 4.0.0.rc1" +gem "rails", "~> 4.0.0" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index f27f607972..853c0fba32 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -21,55 +21,54 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.0.0.rc1) - actionpack (= 4.0.0.rc1) + actionmailer (4.0.0) + actionpack (= 4.0.0) mail (~> 2.5.3) - actionpack (4.0.0.rc1) - activesupport (= 4.0.0.rc1) + actionpack (4.0.0) + activesupport (= 4.0.0) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.0.rc1) - activesupport (= 4.0.0.rc1) + activemodel (4.0.0) + activesupport (= 4.0.0) builder (~> 3.1.0) - activerecord (4.0.0.rc1) - activemodel (= 4.0.0.rc1) + activerecord (4.0.0) + activemodel (= 4.0.0) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.0.rc1) + activesupport (= 4.0.0) arel (~> 4.0.0) - activerecord-deprecated_finders (1.0.2) - activesupport (4.0.0.rc1) + activerecord-deprecated_finders (1.0.3) + activesupport (4.0.0) i18n (~> 0.6, >= 0.6.4) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) arel (4.0.0) - atomic (1.1.8) + atomic (1.1.10) bcrypt-ruby (3.0.1) builder (3.1.4) erubis (2.7.0) faraday (0.8.7) multipart-post (~> 1.1) hashie (1.2.0) - hike (1.2.2) + hike (1.2.3) httpauth (0.2.0) i18n (0.6.4) json (1.7.7) jwt (0.1.8) multi_json (>= 1.5) - mail (2.5.3) - i18n (>= 0.4.0) + mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) mime-types (1.23) - minitest (4.7.4) + minitest (4.7.5) mocha (0.13.3) metaclass (~> 0.0.1) moped (1.4.5) - multi_json (1.7.2) + multi_json (1.7.7) multipart-post (1.2.0) nokogiri (1.5.9) oauth2 (0.8.1) @@ -98,29 +97,29 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.0.0.rc1) - actionmailer (= 4.0.0.rc1) - actionpack (= 4.0.0.rc1) - activerecord (= 4.0.0.rc1) - activesupport (= 4.0.0.rc1) + rails (4.0.0) + actionmailer (= 4.0.0) + actionpack (= 4.0.0) + activerecord (= 4.0.0) + activesupport (= 4.0.0) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.0.rc1) - sprockets-rails (~> 2.0.0.rc4) - railties (4.0.0.rc1) - actionpack (= 4.0.0.rc1) - activesupport (= 4.0.0.rc1) + railties (= 4.0.0) + sprockets-rails (~> 2.0.0) + railties (4.0.0) + actionpack (= 4.0.0) + activesupport (= 4.0.0) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.0.4) + rake (10.1.0) rdoc (4.0.1) json (~> 1.4) ruby-openid (2.2.3) - sprockets (2.9.3) + sprockets (2.10.0) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.0.0.rc4) + sprockets-rails (2.0.0) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (~> 2.8) @@ -128,8 +127,8 @@ GEM thor (0.18.1) thread_safe (0.1.0) atomic - tilt (1.4.0) - treetop (1.4.12) + tilt (1.4.1) + treetop (1.4.14) polyglot polyglot (>= 0.3.1) tzinfo (0.3.37) @@ -154,7 +153,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - rails (~> 4.0.0.rc1) + rails (~> 4.0.0) rdoc sqlite3 webrat (= 0.7.3) From 6f5d176e8ed023e1153d9afe261d0ed49b146098 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 12 Jul 2013 13:00:31 +0200 Subject: [PATCH 0237/1473] Bump warden dependency --- devise.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise.gemspec b/devise.gemspec index e731a0892b..7f40cf2ce4 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -19,7 +19,7 @@ Gem::Specification.new do |s| s.test_files = `git ls-files -- test/*`.split("\n") s.require_paths = ["lib"] - s.add_dependency("warden", "~> 1.2.1") + s.add_dependency("warden", "~> 1.2.2") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") s.add_dependency("railties", ">= 3.2.6", "< 5") From b69d2c412f1916d48cd22cc64b6c2e71fa952805 Mon Sep 17 00:00:00 2001 From: Nicolas Blanco Date: Fri, 12 Jul 2013 13:25:26 +0200 Subject: [PATCH 0238/1473] Update README.md [ci skip] Fix the example for Strong parameters multi roles as resource_class is actually a class not an instance. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 87db7eb3f6..2c3644ff44 100644 --- a/README.md +++ b/README.md @@ -219,7 +219,8 @@ class ApplicationController < ActionController::Base protected def devise_parameter_sanitizer - if resource_class.is_a?(User) + case resource_class + when User User::ParameterSanitizer.new(User, :user, params) else super # Use the default one From 36fb1ecf4ddcad28e02242ae280c3cd21d9a28c7 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Fri, 12 Jul 2013 22:13:52 +0300 Subject: [PATCH 0239/1473] update Gemfile.lock --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 853c0fba32..afca5910bd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -16,7 +16,7 @@ PATH bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) - warden (~> 1.2.1) + warden (~> 1.2.2) GEM remote: https://rubygems.org/ @@ -47,7 +47,7 @@ GEM tzinfo (~> 0.3.37) arel (4.0.0) atomic (1.1.10) - bcrypt-ruby (3.0.1) + bcrypt-ruby (3.1.1) builder (3.1.4) erubis (2.7.0) faraday (0.8.7) @@ -132,7 +132,7 @@ GEM polyglot polyglot (>= 0.3.1) tzinfo (0.3.37) - warden (1.2.1) + warden (1.2.2) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) From 2c1ca126f41e46b5d1f89d2c4d8dd2000b33f0e5 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Fri, 12 Jul 2013 22:14:32 +0300 Subject: [PATCH 0240/1473] add remember_me to the permitted sign_in params --- lib/devise/parameter_sanitizer.rb | 2 +- test/parameter_sanitizer_test.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index aa78b21f69..0a6f3d4bc1 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -45,7 +45,7 @@ def fallback_for(kind) # here allows us to construct a new user without sensitive information if # authentication fails. def sign_in - default_params.permit(*auth_keys + [:password]) + default_params.permit(*auth_keys + [:password, :remember_me]) end def sign_up diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 34f5839277..244d515e86 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -21,8 +21,8 @@ def sanitizer(params) end test 'filters some parameters on sign in by default' do - sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in)) + sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" }) + assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.for(:sign_in)) end test 'handles auth keys as a hash' do From 4e0c598de1aaad085a96059d87b720a585a1d1a2 Mon Sep 17 00:00:00 2001 From: Max Holder Date: Sun, 14 Jul 2013 10:35:11 -0400 Subject: [PATCH 0241/1473] Update README.md Replace case statement with if statement since we're comparing two equivalent classes (which would never be case equivalent). --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 2c3644ff44..b36dab968c 100644 --- a/README.md +++ b/README.md @@ -219,8 +219,7 @@ class ApplicationController < ActionController::Base protected def devise_parameter_sanitizer - case resource_class - when User + if resource_class == User User::ParameterSanitizer.new(User, :user, params) else super # Use the default one From c5ef39f087ce091ec11dc76e76e8c3d9fb62138e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 14 Jul 2013 20:39:46 +0200 Subject: [PATCH 0242/1473] Bump to Warden 1.2.3 --- Gemfile.lock | 4 ++-- devise.gemspec | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index afca5910bd..f4a0e1033c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -16,7 +16,7 @@ PATH bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) - warden (~> 1.2.2) + warden (~> 1.2.3) GEM remote: https://rubygems.org/ @@ -132,7 +132,7 @@ GEM polyglot polyglot (>= 0.3.1) tzinfo (0.3.37) - warden (1.2.2) + warden (1.2.3) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) diff --git a/devise.gemspec b/devise.gemspec index 7f40cf2ce4..de085992da 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -19,7 +19,7 @@ Gem::Specification.new do |s| s.test_files = `git ls-files -- test/*`.split("\n") s.require_paths = ["lib"] - s.add_dependency("warden", "~> 1.2.2") + s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") s.add_dependency("railties", ">= 3.2.6", "< 5") From b46b7e37360413e6a9faf43df76ffc6f6e749058 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 14 Jul 2013 20:40:56 +0200 Subject: [PATCH 0243/1473] Release v3.0.0 --- lib/devise/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index f22d135f19..6aff3515e8 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.0.0.rc".freeze + VERSION = "3.0.0".freeze end From b8ed2f31608eccb6df6d5bb2e66238d6dfc4bcfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 23 Jul 2013 10:21:01 +0200 Subject: [PATCH 0244/1473] Clarify the roles of Devise models --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b36dab968c..b2206d4ccd 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It: * Is Rack based; * Is a complete MVC solution based on Rails engines; -* Allows you to have multiple roles (or models/scopes) signed in at the same time; +* Allows you to have multiple models signed in at the same time; * Is based on a modularity concept: use just what you really need. It's composed of 11 modules: @@ -202,7 +202,7 @@ class ApplicationController < ActionController::Base end ``` -If you have multiple roles, you may want to set up different parameter sanitizer per role. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic: +If you have multiple Devise models, you may want to set up different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic: ```ruby class User::ParameterSanitizer < Devise::ParameterSanitizer @@ -240,7 +240,7 @@ Since Devise is an engine, all its views are packaged inside the gem. These view rails generate devise:views ``` -If you have more than one role in your application (such as "User" and "Admin"), you will notice that Devise uses the same views for all roles. Fortunately, Devise offers an easy way to customize views. All you need to do is set "config.scoped_views = true" inside "config/initializers/devise.rb". +If you have more than one Devise model in your application (such as "User" and "Admin"), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set "config.scoped_views = true" inside "config/initializers/devise.rb". After doing so, you will be able to have views based on the role like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will use the default view at "devise/sessions/new". You can also use the generator to generate scoped views: @@ -384,7 +384,7 @@ You can read more about Omniauth support in the wiki: ### Configuring multiple models -Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps: +Devise allows you to set up as many Devise models as you want. If you want to have an Admin model with just authentication and timeout features, in addition to the User model above, just run: ```ruby # Create a migration with the required fields @@ -409,7 +409,9 @@ current_admin admin_session ``` -On the other hand, you can simply run the generator! +Alternatively, you can simply run the Devise generator. + +Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using [CanCan](https://github.com/ryanb/cancan). ### Other ORMs From b7bc8dec1297b061732de942ffbe3d10e9e30cc9 Mon Sep 17 00:00:00 2001 From: Siarhei Hanchuk Date: Mon, 22 Jul 2013 20:02:53 +0300 Subject: [PATCH 0245/1473] Added method after_confrimation --- lib/devise/models/confirmable.rb | 8 +++++++- test/models/confirmable_test.rb | 21 +++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 0e5ce7a11e..5803d8d3ea 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -66,7 +66,7 @@ def confirm! self.confirmation_token = nil self.confirmed_at = Time.now.utc - if self.class.reconfirmable && unconfirmed_email.present? + saved = if self.class.reconfirmable && unconfirmed_email.present? skip_reconfirmation! self.email = unconfirmed_email self.unconfirmed_email = nil @@ -76,6 +76,9 @@ def confirm! else save(:validate => false) end + + after_confirmation if saved + saved end end @@ -264,6 +267,9 @@ def send_confirmation_notification? confirmation_required? && !@skip_confirmation_notification && !self.email.blank? end + def after_confirmation + end + module ClassMethods # Attempt to find a user by its email. If a record is found, send new # confirmation instructions to it. If not, try searching for a user by unconfirmed_email diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index e367f94174..b0a7fd4474 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -312,6 +312,27 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) user.ensure_confirmation_token! assert_equal user.confirmation_token, old end + + test 'should call after_confirmation if confirmed' do + user = create_user + user.define_singleton_method :after_confirmation do + self.username = self.username.to_s + 'updated' + end + old = user.username + assert user.confirm! + assert_not_equal user.username, old + end + + test 'should not call after_confirmation if not confirmed' do + user = create_user + assert user.confirm! + user.define_singleton_method :after_confirmation do + self.username = self.username.to_s + 'updated' + end + old = user.username + assert_not user.confirm! + assert_equal user.username, old + end end class ReconfirmableTest < ActiveSupport::TestCase From b7e67115fce9629a90e974a95906bce34716173e Mon Sep 17 00:00:00 2001 From: Justin Coyne Date: Mon, 22 Jul 2013 23:02:36 -0500 Subject: [PATCH 0246/1473] When using rails 3.2, the generator adds 'attr_accessible' to the model. Fixes #2515 --- CHANGELOG.rdoc | 4 ++ Gemfile.lock | 2 +- lib/generators/devise/orm_helpers.rb | 30 +++++++++++- .../active_record_generator_test.rb | 46 ++++++++++++++++++- 4 files changed, 78 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index a63e075223..40be722000 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,7 @@ +== 3.0.1 +* bug fix + * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne) + == 3.0.0 * enhancements diff --git a/Gemfile.lock b/Gemfile.lock index f4a0e1033c..bae9579115 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.0.0.rc) + devise (3.0.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index 97c23887f5..80eb0ce9d6 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -2,7 +2,7 @@ module Devise module Generators module OrmHelpers def model_contents -<<-CONTENT + buffer = <<-CONTENT # Include default devise modules. Others available are: # :token_authenticatable, :confirmable, # :lockable, :timeoutable and :omniauthable @@ -10,6 +10,32 @@ def model_contents :recoverable, :rememberable, :trackable, :validatable CONTENT + buffer += <<-CONTENT if needs_attr_accessible? + # Setup accessible (or protected) attributes for your model + attr_accessible :email, :password, :password_confirmation, :remember_me + +CONTENT + buffer + end + + def needs_attr_accessible? + if rails_3? + !strong_parameters_enabled? + else + protected_attributes_enabled? + end + end + + def rails_3? + Rails::VERSION::MAJOR == 3 + end + + def strong_parameters_enabled? + defined?(ActionController::StrongParameters) + end + + def protected_attributes_enabled? + defined?(ActiveModel::MassAssignmentSecurity) end def model_exists? @@ -29,4 +55,4 @@ def model_path end end end -end \ No newline at end of file +end diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 73971967c9..586744bfd2 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -62,11 +62,55 @@ class ActiveRecordEngineGeneratorTest < Rails::Generators::TestCase destination File.expand_path("../../tmp", __FILE__) setup :prepare_destination - test "all files are properly created" do + test "all files are properly created in rails 4.0 without the protected_attributes gem" do + ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false) + ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:protected_attributes_enabled?).returns(false) simulate_inside_engine(RailsEngine::Engine, RailsEngine) do run_generator ["monster"] assert_file "app/models/rails_engine/monster.rb", /devise/ + assert_file "app/models/rails_engine/monster.rb" do |content| + assert_no_match /attr_accessible :email/, content + end + end + end + + test "all files are properly created in rails 4.0 when the protected_attributes gem is installed" do + ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false) + ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:protected_attributes_enabled?).returns(true) + simulate_inside_engine(RailsEngine::Engine, RailsEngine) do + run_generator ["monster"] + + assert_file "app/models/rails_engine/monster.rb", /devise/ + assert_file "app/models/rails_engine/monster.rb" do |content| + assert_match /attr_accessible :email/, content + end + end + end + + test "all files are properly created in rails 3.2 when strong_parameters gem is not installed" do + ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true) + ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(false) + simulate_inside_engine(RailsEngine::Engine, RailsEngine) do + run_generator ["monster"] + + assert_file "app/models/rails_engine/monster.rb", /devise/ + assert_file "app/models/rails_engine/monster.rb" do |content| + assert_match /attr_accessible :email/, content + end + end + end + + test "all files are properly created in rails 3.2 when strong_parameters gem is installed" do + ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true) + ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(true) + simulate_inside_engine(RailsEngine::Engine, RailsEngine) do + run_generator ["monster"] + + assert_file "app/models/rails_engine/monster.rb", /devise/ + assert_file "app/models/rails_engine/monster.rb" do |content| + assert_no_match /attr_accessible :email/, content + end end end end From 7539d31a05a227e3ac6db522310abe54574f894a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 26 Jul 2013 09:17:35 +0200 Subject: [PATCH 0247/1473] Update 3.2 Gemfile --- gemfiles/Gemfile.rails-3.2.x.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index 16183ff599..a45c6301ff 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,11 +1,11 @@ PATH remote: .. specs: - devise (3.0.0.rc) + devise (3.0.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) - warden (~> 1.2.1) + warden (~> 1.2.3) GEM remote: https://rubygems.org/ @@ -38,7 +38,7 @@ GEM i18n (= 0.6.1) multi_json (~> 1.0) arel (3.0.2) - bcrypt-ruby (3.0.1) + bcrypt-ruby (3.1.1) builder (3.0.4) erubis (2.7.0) faraday (0.8.7) @@ -129,7 +129,7 @@ GEM polyglot polyglot (>= 0.3.1) tzinfo (0.3.37) - warden (1.2.1) + warden (1.2.3) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) From fffbeb5cc7928a0677ba5f5b2dacf257e6a08b0f Mon Sep 17 00:00:00 2001 From: Michael Nikitochkin Date: Tue, 23 Jul 2013 14:05:51 +0300 Subject: [PATCH 0248/1473] Fixed bug when user has field remember_created_at but the module rememberable is not enabled for the user --- Gemfile.lock | 2 +- lib/devise/models/timeoutable.rb | 2 +- test/models/timeoutable_test.rb | 10 ++++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f4a0e1033c..bae9579115 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.0.0.rc) + devise (3.0.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index ecc9debf76..3b75a8d984 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -37,7 +37,7 @@ def timeout_in private def remember_exists_and_not_expired? - return false unless respond_to?(:remember_created_at) + return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?) remember_created_at && !remember_expired? end diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index 9dc93e0c48..cb08b0ff71 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -43,4 +43,14 @@ class TimeoutableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do assert_same_content Devise::Models::Timeoutable.required_fields(User), [] end + + test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do + user = create_admin(remember_created_at: Time.current) + + begin + assert user.timedout?(31.minutes.ago) + rescue NoMethodError => e + refute_includes e.message, "undefined method `remember_expired?' for # Date: Fri, 26 Jul 2013 09:22:03 +0200 Subject: [PATCH 0249/1473] Do not generate attr_accessible for any Rails 4 app --- lib/generators/devise/orm_helpers.rb | 14 ++++---------- test/generators/active_record_generator_test.rb | 16 +--------------- 2 files changed, 5 insertions(+), 25 deletions(-) diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index 80eb0ce9d6..49719b6c20 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -19,11 +19,7 @@ def model_contents end def needs_attr_accessible? - if rails_3? - !strong_parameters_enabled? - else - protected_attributes_enabled? - end + rails_3? && !strong_parameters_enabled? end def rails_3? @@ -34,18 +30,16 @@ def strong_parameters_enabled? defined?(ActionController::StrongParameters) end - def protected_attributes_enabled? - defined?(ActiveModel::MassAssignmentSecurity) - end + private def model_exists? File.exists?(File.join(destination_root, model_path)) end - + def migration_exists?(table_name) Dir.glob("#{File.join(destination_root, migration_path)}/[0-9]*_*.rb").grep(/\d+_add_devise_to_#{table_name}.rb$/).first end - + def migration_path @migration_path ||= File.join("db", "migrate") end diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 586744bfd2..d78c48f820 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -62,9 +62,8 @@ class ActiveRecordEngineGeneratorTest < Rails::Generators::TestCase destination File.expand_path("../../tmp", __FILE__) setup :prepare_destination - test "all files are properly created in rails 4.0 without the protected_attributes gem" do + test "all files are properly created in rails 4.0" do ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false) - ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:protected_attributes_enabled?).returns(false) simulate_inside_engine(RailsEngine::Engine, RailsEngine) do run_generator ["monster"] @@ -75,19 +74,6 @@ class ActiveRecordEngineGeneratorTest < Rails::Generators::TestCase end end - test "all files are properly created in rails 4.0 when the protected_attributes gem is installed" do - ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false) - ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:protected_attributes_enabled?).returns(true) - simulate_inside_engine(RailsEngine::Engine, RailsEngine) do - run_generator ["monster"] - - assert_file "app/models/rails_engine/monster.rb", /devise/ - assert_file "app/models/rails_engine/monster.rb" do |content| - assert_match /attr_accessible :email/, content - end - end - end - test "all files are properly created in rails 3.2 when strong_parameters gem is not installed" do ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true) ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(false) From 9bc8e1211b9db63e5402268d12f1130911b27c90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 26 Jul 2013 09:22:59 +0200 Subject: [PATCH 0250/1473] Update CHANGELOG --- CHANGELOG.rdoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 40be722000..55941c9b01 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,4 +1,8 @@ == 3.0.1 + +* enhancements + * Add after_confirmation callback + * bug fix * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne) From c4d5a3fdaaeb15e60b4e78dde367809561c70f5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 26 Jul 2013 10:00:09 +0200 Subject: [PATCH 0251/1473] No need to assert for a message we won't receive --- test/models/timeoutable_test.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index cb08b0ff71..b25cb2ed21 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -46,11 +46,6 @@ class TimeoutableTest < ActiveSupport::TestCase test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do user = create_admin(remember_created_at: Time.current) - - begin - assert user.timedout?(31.minutes.ago) - rescue NoMethodError => e - refute_includes e.message, "undefined method `remember_expired?' for # Date: Fri, 26 Jul 2013 14:24:13 +0100 Subject: [PATCH 0252/1473] Fix grammar --- config/locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index d01f375c59..d775c1b6d9 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -8,7 +8,7 @@ en: send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." failure: already_authenticated: "You are already signed in." - inactive: "Your account was not activated yet." + inactive: "Your account is not activated yet." invalid: "Invalid email or password." invalid_token: "Invalid authentication token." locked: "Your account is locked." From b861a65e72f6778defcdddc636ac164b4411261c Mon Sep 17 00:00:00 2001 From: hakanensari Date: Fri, 26 Jul 2013 14:24:19 +0100 Subject: [PATCH 0253/1473] Fix run-on sentence --- config/locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index d775c1b6d9..d0932bd86d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -13,7 +13,7 @@ en: invalid_token: "Invalid authentication token." locked: "Your account is locked." not_found_in_database: "Invalid email or password." - timeout: "Your session expired, please sign in again to continue." + timeout: "Your session expired. Please sign in again to continue." unauthenticated: "You need to sign in or sign up before continuing." unconfirmed: "You have to confirm your account before continuing." mailer: From 9a60415e2ea3f88bf49e0290b8d39e18f853de0d Mon Sep 17 00:00:00 2001 From: hakanensari Date: Fri, 26 Jul 2013 19:31:49 +0100 Subject: [PATCH 0254/1473] Fix assertion --- test/failure_app_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index f543dfb19b..36f532b3f2 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -215,7 +215,7 @@ def call_failure(env_params={}) } call_failure(env) assert @response.third.body.include?('

Sign in

') - assert @response.third.body.include?('Your account was not activated yet.') + assert @response.third.body.include?('Your account is not activated yet.') end end end From d88b3cedfb54d30762fc86bed6419ed6bbd4104c Mon Sep 17 00:00:00 2001 From: Paul Chobert Date: Sun, 28 Jul 2013 23:15:42 +0200 Subject: [PATCH 0255/1473] Remove trailing whitespaces --- lib/generators/mongoid/devise_generator.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/generators/mongoid/devise_generator.rb b/lib/generators/mongoid/devise_generator.rb index 7aec818ed1..247bfcde78 100644 --- a/lib/generators/mongoid/devise_generator.rb +++ b/lib/generators/mongoid/devise_generator.rb @@ -22,7 +22,7 @@ def migration_data ## Database authenticatable field :email, :type => String, :default => "" field :encrypted_password, :type => String, :default => "" - + ## Recoverable field :reset_password_token, :type => String field :reset_password_sent_at, :type => Time @@ -54,4 +54,4 @@ def migration_data end end end -end \ No newline at end of file +end From 747751a20f50aa8814dcd3eb9a3648f00ab6a707 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 2 Aug 2013 23:13:15 +0200 Subject: [PATCH 0256/1473] Protect against CSRF token fixation attacks --- lib/devise.rb | 4 ++++ lib/devise/hooks/csrf_cleaner.rb | 5 +++++ lib/devise/models/authenticatable.rb | 1 + lib/generators/templates/devise.rb | 6 ++++++ test/integration/authenticatable_test.rb | 14 ++++++++++++++ 5 files changed, 30 insertions(+) create mode 100644 lib/devise/hooks/csrf_cleaner.rb diff --git a/lib/devise.rb b/lib/devise.rb index 5c4d9c94f1..b9a2156401 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -223,6 +223,10 @@ module Strategies mattr_accessor :omniauth_path_prefix @@omniauth_path_prefix = nil + # Set if we should clean up the CSRF Token on authentication + mattr_accessor :clean_up_csrf_token_on_authentication + @@clean_up_csrf_token_on_authentication = true + def self.encryptor=(value) warn "\n[DEVISE] To select a encryption which isn't bcrypt, you should use devise-encryptable gem.\n" end diff --git a/lib/devise/hooks/csrf_cleaner.rb b/lib/devise/hooks/csrf_cleaner.rb new file mode 100644 index 0000000000..afec4bc84d --- /dev/null +++ b/lib/devise/hooks/csrf_cleaner.rb @@ -0,0 +1,5 @@ +Warden::Manager.after_authentication do |record, warden, options| + if Devise.clean_up_csrf_token_on_authentication + warden.request.session.try(:delete, :_csrf_token) + end +end diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 261b38c141..313aa7e886 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -1,4 +1,5 @@ require 'devise/hooks/activatable' +require 'devise/hooks/csrf_cleaner' module Devise module Models diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 6b06cad68d..d1ab053402 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -76,6 +76,12 @@ # passing :skip => :sessions to `devise_for` in your config/routes.rb config.skip_session_storage = [:http_auth] + # By default, Devise cleans up the CSRF token on authentication to + # avoid CSRF token fixation attacks. This means that, when using AJAX + # requests for sign in and sign up, you need to get a new CSRF token + # from the server. You can disable this option at your own risk. + # config.clean_up_csrf_token_on_authentication = true + # ==> Configuration for :database_authenticatable # For bcrypt, this is the cost for hashing the password and defaults to 10. If # using other encryptors, it sets how many times you want the password re-encrypted. diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index d9907535d3..ab33e9c417 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -327,6 +327,20 @@ class AuthenticationSessionTest < ActionDispatch::IntegrationTest assert_redirected_to new_user_session_path end + test 'refreshes _csrf_token' do + ApplicationController.allow_forgery_protection = true + + begin + get new_user_session_path + token = request.session[:_csrf_token] + + sign_in_as_user + assert_not_equal request.session[:_csrf_token], token + ensure + ApplicationController.allow_forgery_protection = false + end + end + test 'allows session to be set for a given scope' do sign_in_as_user get '/users' From 66afa2a2bf870cfee6f99933a50946f25c7b68f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 2 Aug 2013 23:14:54 +0200 Subject: [PATCH 0257/1473] Update CHANGELOG --- CHANGELOG.rdoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 55941c9b01..cca8958914 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -5,6 +5,7 @@ * bug fix * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne) + * Clean up CSRF token after authentication (by @homakov). Notice this change will clean up the CSRF Token after authentication (sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server. == 3.0.0 From 7c8c0f8dba8b04db8cb12454c195e54270928ed4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 2 Aug 2013 23:25:11 +0200 Subject: [PATCH 0258/1473] Release 3.0.1 --- lib/devise/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 6aff3515e8..0d9496720f 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.0.0".freeze + VERSION = "3.0.1".freeze end From cf1989e1da6e59c7ade4ae7503b8f9d86ddfed9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 2 Aug 2013 23:43:07 +0200 Subject: [PATCH 0259/1473] Update Gemfile.lock --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index bae9579115..7827ed8fe1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.0.0) + devise (3.0.1) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) From 591f4a97f78c96031458efa046796f4089c197bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 2 Aug 2013 23:57:43 +0200 Subject: [PATCH 0260/1473] Update the OTHER gemfile --- gemfiles/Gemfile.rails-3.2.x.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index a45c6301ff..a3ed5cc05a 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (3.0.0) + devise (3.0.1) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) From f5a77ac598ab54c7da00e41fc595b201985b8d1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 5 Aug 2013 10:24:11 +0200 Subject: [PATCH 0261/1473] Skip storage for cookies on unverified requests --- lib/devise/controllers/rememberable.rb | 1 + lib/devise/rails/warden_compat.rb | 11 ++++++-- test/controllers/helpers_test.rb | 2 +- test/integration/authenticatable_test.rb | 2 +- test/integration/http_authenticatable_test.rb | 2 +- test/integration/rememberable_test.rb | 28 ++++++++++--------- 6 files changed, 28 insertions(+), 18 deletions(-) diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index 5f331cea08..d216e6d899 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -21,6 +21,7 @@ def initialize(warden) # Remembers the given resource by setting up a cookie def remember_me(resource) + return if env["devise.skip_storage"] scope = Devise::Mapping.find_scope!(resource) resource.remember_me!(resource.extend_remember_period) cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource) diff --git a/lib/devise/rails/warden_compat.rb b/lib/devise/rails/warden_compat.rb index 5496d774fa..5ec50af1a5 100644 --- a/lib/devise/rails/warden_compat.rb +++ b/lib/devise/rails/warden_compat.rb @@ -3,9 +3,16 @@ def request @request ||= ActionDispatch::Request.new(env) end - # This is called internally by Warden on logout + NULL_STORE = + defined?(ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash) ? + ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash : nil + def reset_session! - request.reset_session + # Calling reset_session on NULL_STORE causes it fail. + # This is a bug that needs to be fixed in Rails. + unless NULL_STORE && request.session.is_a?(NULL_STORE) + request.reset_session + end end def cookies diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 8036b5462b..f65b2959d7 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -202,7 +202,7 @@ def setup test 'sign in and redirect uses the stored location' do user = User.new - @controller.session[:"user_return_to"] = "/foo.bar" + @controller.session[:user_return_to] = "/foo.bar" @mock_warden.expects(:user).with(:user).returns(nil) @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true) @controller.expects(:redirect_to).with("/foo.bar") diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index ab33e9c417..f44a686a3c 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -433,7 +433,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'handles unverified requests gets rid of caches' do - swap UsersController, :allow_forgery_protection => true do + swap ApplicationController, :allow_forgery_protection => true do post exhibit_user_url(1) assert_not warden.authenticated?(:user) diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 8f9a32b81e..31dc3729a3 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -2,7 +2,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest test 'handles unverified requests gets rid of caches but continues signed in' do - swap UsersController, :allow_forgery_protection => true do + swap ApplicationController, :allow_forgery_protection => true do create_user post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" assert warden.authenticated?(:user) diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 9b1023b1f3..490d117077 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -30,8 +30,8 @@ def cookie_expires(key) assert_nil request.cookies["remember_user_cookie"] end - test 'handles unverified requests gets rid of caches' do - swap UsersController, :allow_forgery_protection => true do + test 'handle unverified requests gets rid of caches' do + swap ApplicationController, :allow_forgery_protection => true do post exhibit_user_url(1) assert_not warden.authenticated?(:user) @@ -42,9 +42,21 @@ def cookie_expires(key) end end + test 'handle unverified requests does not create cookies on sign in' do + swap ApplicationController, :allow_forgery_protection => true do + get new_user_session_path + assert request.session[:_csrf_token] + + post user_session_path, :authenticity_token => "oops", :user => + { email: "jose.valim@gmail.com", password: "123456", :remember_me => "1" } + assert_not warden.authenticated?(:user) + assert_not request.cookies['remember_user_token'] + end + end + test 'generate remember token after sign in' do sign_in_as_user :remember_me => true - assert request.cookies["remember_user_token"] + assert request.cookies['remember_user_token'] end test 'generate remember token after sign in setting cookie options' do @@ -90,16 +102,6 @@ def cookie_expires(key) assert_redirected_to root_path end - test 'cookies are destroyed on unverified requests' do - swap ApplicationController, :allow_forgery_protection => true do - create_user_and_remember - get users_path - assert warden.authenticated?(:user) - post root_path, :authenticity_token => 'INVALID' - assert_not warden.authenticated?(:user) - end - end - test 'does not extend remember period through sign in' do swap Devise, :extend_remember_period => true, :remember_for => 1.year do user = create_user From 7e96bac6a48abbf6ac761aab9c01e7efc838b5c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 5 Aug 2013 11:24:04 +0200 Subject: [PATCH 0262/1473] Get rid of deprecated code --- app/views/devise/_links.erb | 3 --- lib/devise.rb | 12 ------------ lib/devise/mailers/helpers.rb | 6 ------ lib/devise/models.rb | 10 ++-------- lib/devise/rails/routes.rb | 8 -------- lib/devise/strategies/authenticatable.rb | 12 ------------ test/models_test.rb | 19 ------------------- test/support/helpers.rb | 21 --------------------- 8 files changed, 2 insertions(+), 89 deletions(-) delete mode 100644 app/views/devise/_links.erb diff --git a/app/views/devise/_links.erb b/app/views/devise/_links.erb deleted file mode 100644 index 44416761d9..0000000000 --- a/app/views/devise/_links.erb +++ /dev/null @@ -1,3 +0,0 @@ -<% ActiveSupport::Deprecation.warn "Rendering partials devise/_links.erb is deprecated" \ - "please use devise/shared/_links.erb instead."%> -<%= render "shared/links" %> diff --git a/lib/devise.rb b/lib/devise.rb index b9a2156401..f6d89bde8e 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -227,18 +227,6 @@ module Strategies mattr_accessor :clean_up_csrf_token_on_authentication @@clean_up_csrf_token_on_authentication = true - def self.encryptor=(value) - warn "\n[DEVISE] To select a encryption which isn't bcrypt, you should use devise-encryptable gem.\n" - end - - def self.use_salt_as_remember_token=(value) - warn "\n[DEVISE] Devise.use_salt_as_remember_token is deprecated and has no effect. Please remove it.\n" - end - - def self.apply_schema=(value) - warn "\n[DEVISE] Devise.apply_schema is deprecated and has no effect. Please remove it.\n" - end - # PRIVATE CONFIGURATION # Store scopes mappings. diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 4f70747a45..06cd4b42de 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -35,12 +35,6 @@ def headers_for(action, opts) :template_name => action }.merge(opts) - if resource.respond_to?(:headers_for) - ActiveSupport::Deprecation.warn "Calling headers_for in the model is no longer supported. " << - "Please customize your mailer instead." - headers.merge!(resource.headers_for(action)) - end - @email = headers[:to] headers end diff --git a/lib/devise/models.rb b/lib/devise/models.rb index f88aee162d..2f973d2577 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -56,14 +56,8 @@ def self.check_fields!(klass) klass.devise_modules.each do |mod| constant = const_get(mod.to_s.classify) - if constant.respond_to?(:required_fields) - constant.required_fields(klass).each do |field| - failed_attributes << field unless instance.respond_to?(field) - end - else - ActiveSupport::Deprecation.warn "The module #{mod} doesn't implement self.required_fields(klass). " \ - "Devise uses required_fields to warn developers of any missing fields in their models. " \ - "Please implement #{mod}.required_fields(klass) that returns an array of symbols with the required fields." + constant.required_fields(klass).each do |field| + failed_attributes << field unless instance.respond_to?(field) end end diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 28285745e4..6e28dc8e8e 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -222,14 +222,6 @@ def devise_for(*resources) routes = mapping.used_routes devise_scope mapping.name do - if block_given? - ActiveSupport::Deprecation.warn "Passing a block to devise_for is deprecated. " \ - "Please remove the block from devise_for (only the block, the call to " \ - "devise_for must still exist) and call devise_scope :#{mapping.name} do ... end " \ - "with the block instead", caller - yield - end - with_devise_exclusive_scope mapping.fullpath, mapping.name, options do routes.each { |mod| send("devise_#{mod}", mapping, mapping.controllers) } end diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 28f12cdacb..0ded0256ca 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -26,20 +26,8 @@ def valid? # In case the resource can't be validated, it will fail with the given # unauthenticated_message. def validate(resource, &block) - unless resource - ActiveSupport::Deprecation.warn "an empty resource was given to #{self.class.name}#validate. " \ - "Please ensure the resource is not nil", caller - end - result = resource && resource.valid_for_authentication?(&block) - case result - when Symbol, String - ActiveSupport::Deprecation.warn "valid_for_authentication? should return a boolean value" - fail!(result) - return false - end - if result decorate(resource) true diff --git a/test/models_test.rb b/test/models_test.rb index 6a00259889..a5f13b4fab 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -141,23 +141,4 @@ def self.before_validation(instance) Devise::Models.check_fields!(Magician) end end - - test "doesn't raise a NoMethodError exception when the module doesn't have a required_field(klass) class method" do - driver = Class.new do - extend Devise::Models - - def self.before_validation(instance) - end - - attr_accessor :encrypted_password, :email - - devise :database_authenticatable - end - - swap_module_method_existence Devise::Models::DatabaseAuthenticatable, :required_fields do - assert_deprecated do - Devise::Models.check_fields!(driver) - end - end - end end diff --git a/test/support/helpers.rb b/test/support/helpers.rb index d3e1521cc2..375d3c3f35 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -67,25 +67,4 @@ def clear_cached_variables(options) end end end - - def swap_module_method_existence(klass, method) - klass.module_eval %Q[ - class << self - alias #{method}_referenced #{method} - undef #{method} - end - ] - - begin - yield if block_given? - ensure - - klass.module_eval %Q[ - class << self - alias #{method} #{method}_referenced - undef #{method}_referenced - end - ] - end - end end From 32648027e282eb4c0f4f42e9c9cc0c961765faa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 5 Aug 2013 11:47:36 +0200 Subject: [PATCH 0263/1473] Add Devise::KeyGenerator --- Gemfile.lock | 1 + devise.gemspec | 1 + lib/devise.rb | 4 ++ lib/devise/key_generator.rb | 43 ++++++++++++++++++++ lib/devise/rails.rb | 20 ++++----- lib/devise/rails/warden_compat.rb | 1 + lib/generators/templates/devise.rb | 22 ++++++---- test/rails_app/config/initializers/devise.rb | 3 ++ 8 files changed, 76 insertions(+), 19 deletions(-) create mode 100644 lib/devise/key_generator.rb diff --git a/Gemfile.lock b/Gemfile.lock index 7827ed8fe1..c159b3e271 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -16,6 +16,7 @@ PATH bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) + thread_safe (~> 0.1) warden (~> 1.2.3) GEM diff --git a/devise.gemspec b/devise.gemspec index de085992da..37f4280cd1 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -22,5 +22,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") + s.add_dependency("thread_safe", "~> 0.1") s.add_dependency("railties", ">= 3.2.6", "< 5") end diff --git a/lib/devise.rb b/lib/devise.rb index f6d89bde8e..c71180917b 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -45,6 +45,10 @@ module Strategies # True values used to check params TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'] + # Secret key used by the key generator + mattr_accessor :secret_key + @@secret_key = nil + # Custom domain or key for cookies. Not set by default mattr_accessor :rememberable_options @@rememberable_options = {} diff --git a/lib/devise/key_generator.rb b/lib/devise/key_generator.rb new file mode 100644 index 0000000000..8248403f8a --- /dev/null +++ b/lib/devise/key_generator.rb @@ -0,0 +1,43 @@ +# Deprecate: Copied verbatim from Rails source, remove once we move to Rails 4 only. +require 'thread_safe' +require 'openssl' +require 'secure_random' + +module Devise + # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2 + # It can be used to derive a number of keys for various purposes from a given secret. + # This lets Rails applications have a single secure secret, but avoid reusing that + # key in multiple incompatible contexts. + class KeyGenerator + def initialize(secret, options = {}) + @secret = secret + # The default iterations are higher than required for our key derivation uses + # on the off chance someone uses this for password storage + @iterations = options[:iterations] || 2**16 + end + + # Returns a derived key suitable for use. The default key_size is chosen + # to be compatible with the default settings of ActiveSupport::MessageVerifier. + # i.e. OpenSSL::Digest::SHA1#block_length + def generate_key(salt, key_size=64) + OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size) + end + end + + # CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid + # re-executing the key generation process when it's called using the same salt and + # key_size + class CachingKeyGenerator + def initialize(key_generator) + @key_generator = key_generator + @cache_keys = ThreadSafe::Cache.new + end + + # Returns a derived key suitable for use. The default key_size is chosen + # to be compatible with the default settings of ActiveSupport::MessageVerifier. + # i.e. OpenSSL::Digest::SHA1#block_length + def generate_key(salt, key_size=64) + @cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size) + end + end +end diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 24a5f9241e..1522022828 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -29,21 +29,19 @@ class Engine < ::Rails::Engine end end - initializer "devise.mongoid_version_warning" do - if defined?(Mongoid) - require 'mongoid/version' - if Mongoid::VERSION.to_f < 2.1 - puts "\n[DEVISE] Please note that Mongoid versions prior to 2.1 handle dirty model " \ - "object attributes in such a way that the Devise `validatable` module will not apply " \ - "its usual uniqueness and format validations for the email field. It is recommended " \ - "that you upgrade to Mongoid 2.1+ for this and other fixes, but if for some reason you " \ - "are unable to do so, you should add these validations manually.\n" - end + initializer "devise.secret_key" do + unless Devise.secret_key + raise <<-ERROR +Devise.secret_key was not set. Please add the following to your Devise initializer: + + config.secret_key = '#{SecureRandom.hex(64)}' + +ERROR end end initializer "devise.fix_routes_proxy_missing_respond_to_bug" do - # We can get rid of this once we support only Rails > 3.2 + # Deprecate: Remove once we move to Rails 4 only. ActionDispatch::Routing::RoutesProxy.class_eval do def respond_to?(method, include_private = false) super || routes.url_helpers.respond_to?(method) diff --git a/lib/devise/rails/warden_compat.rb b/lib/devise/rails/warden_compat.rb index 5ec50af1a5..79bed409a9 100644 --- a/lib/devise/rails/warden_compat.rb +++ b/lib/devise/rails/warden_compat.rb @@ -3,6 +3,7 @@ def request @request ||= ActionDispatch::Request.new(env) end + # Deprecate: Remove this check once we move to Rails 4 only. NULL_STORE = defined?(ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash) ? ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash : nil diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index d1ab053402..2d67de9989 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -1,13 +1,19 @@ # Use this hook to configure devise mailer, warden hooks and so forth. # Many of these configuration options can be set straight in your model. Devise.setup do |config| + # The secret key used by Devise. Devise uses this key to generate + # random tokens. Changing this key will render invalid all existing + # confirmation, reset password and unlock tokens in the database. + config.secret_key = '<%= SecureRandom.hex(64) %>' + # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, - # note that it will be overwritten if you use your own mailer class with default "from" parameter. - config.mailer_sender = "please-change-me-at-config-initializers-devise@example.com" + # note that it will be overwritten if you use your own mailer class + # with default "from" parameter. + config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com' # Configure the class responsible to send e-mails. - # config.mailer = "Devise::Mailer" + # config.mailer = 'Devise::Mailer' # ==> ORM configuration # Load and configure the ORM. Supports :active_record (default) and @@ -61,8 +67,8 @@ # If http headers should be returned for AJAX requests. True by default. # config.http_authenticatable_on_xhr = true - # The realm used in Http Basic Authentication. "Application" by default. - # config.http_authentication_realm = "Application" + # The realm used in Http Basic Authentication. 'Application' by default. + # config.http_authentication_realm = 'Application' # It will change confirmation, password recovery and other workflows # to behave the same regardless if the e-mail provided was right or wrong. @@ -217,7 +223,7 @@ # should add them to the navigational formats lists. # # The "*/*" below is required to match Internet Explorer requests. - # config.navigational_formats = ["*/*", :html] + # config.navigational_formats = ['*/*', :html] # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :delete @@ -241,12 +247,12 @@ # is mountable, there are some extra configurations to be taken into account. # The following options are available, assuming the engine is mounted as: # - # mount MyEngine, at: "/my_engine" + # mount MyEngine, at: '/my_engine' # # The router that invoked `devise_for`, in the example above, would be: # config.router_name = :my_engine # # When using omniauth, Devise cannot automatically set Omniauth path, # so you need to do it manually. For the users scope, it would be: - # config.omniauth_path_prefix = "/my_engine/users/auth" + # config.omniauth_path_prefix = '/my_engine/users/auth' end diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index cd2d70e3de..8403188157 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -4,6 +4,9 @@ # Use this hook to configure devise mailer, warden hooks and so forth. The first # four configuration values can also be set straight in your models. Devise.setup do |config| + config.secret_key = "d9eb5171c59a4c817f68b0de27b8c1e340c2341b52cdbc60d3083d4e8958532" \ + "18dcc5f589cafde048faec956b61f864b9b5513ff9ce29bf9e5d58b0f234f8e3b" + # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, # note that it will be overwritten if you use your own mailer class with default "from" parameter. From 4048545151fe467c9d8c8c6fce164788bb36e25f Mon Sep 17 00:00:00 2001 From: Juan Lulkin Date: Mon, 5 Aug 2013 14:54:40 +0300 Subject: [PATCH 0264/1473] Using urlsafe_base64 cause it already handle url sensitive chars, keeping the replacement of the confusing chars, though --- lib/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index b9a2156401..b40ae5cb32 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -451,7 +451,7 @@ def self.configure_warden! #:nodoc: # Generate a friendly string randomly to be used as token. def self.friendly_token - SecureRandom.base64(15).tr('+/=lIO0', 'pqrsxyz') + SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz') end # constant-time comparison algorithm to prevent timing attacks From 143794d701bcd7b8c900c5bb8a216026c3c68afc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 5 Aug 2013 18:56:07 +0200 Subject: [PATCH 0265/1473] Use HMAC on tokens stored in the DB --- app/mailers/devise/mailer.rb | 9 ++- .../mailer/confirmation_instructions.html.erb | 2 +- .../reset_password_instructions.html.erb | 2 +- .../mailer/unlock_instructions.html.erb | 2 +- lib/devise.rb | 5 ++ lib/devise/models.rb | 5 +- lib/devise/models/authenticatable.rb | 24 +++---- lib/devise/models/confirmable.rb | 59 +++++++---------- lib/devise/models/lockable.rb | 31 ++++----- lib/devise/models/recoverable.rb | 46 ++++++------- lib/devise/models/token_authenticatable.rb | 5 +- lib/devise/rails.rb | 6 +- .../{key_generator.rb => token_generator.rb} | 29 ++++++++- .../mailers/confirmation_instructions_test.rb | 8 ++- .../reset_password_instructions_test.rb | 8 ++- test/mailers/unlock_instructions_test.rb | 8 ++- test/models/confirmable_test.rb | 42 +++++------- test/models/lockable_test.rb | 14 +++- test/models/recoverable_test.rb | 64 +++++-------------- 19 files changed, 177 insertions(+), 192 deletions(-) rename lib/devise/{key_generator.rb => token_generator.rb} (71%) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index d8097d1ff6..8b7a536bd7 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -1,15 +1,18 @@ class Devise::Mailer < Devise.parent_mailer.constantize include Devise::Mailers::Helpers - def confirmation_instructions(record, opts={}) + def confirmation_instructions(record, token, opts={}) + @token = token devise_mail(record, :confirmation_instructions, opts) end - def reset_password_instructions(record, opts={}) + def reset_password_instructions(record, token, opts={}) + @token = token devise_mail(record, :reset_password_instructions, opts) end - def unlock_instructions(record, opts={}) + def unlock_instructions(record, token, opts={}) + @token = token devise_mail(record, :unlock_instructions, opts) end end diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb index 5b04a7259e..36670f9130 100644 --- a/app/views/devise/mailer/confirmation_instructions.html.erb +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -2,4 +2,4 @@

You can confirm your account email through the link below:

-

<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %>

+

<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %>

diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb index 2713034840..93de6d05d2 100644 --- a/app/views/devise/mailer/reset_password_instructions.html.erb +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -2,7 +2,7 @@

Someone has requested a link to change your password. You can do this through the link below.

-

<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %>

+

<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %>

If you didn't request this, please ignore this email.

Your password won't change until you access the link above and create a new one.

diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb index a4152e135f..f59615fed3 100644 --- a/app/views/devise/mailer/unlock_instructions.html.erb +++ b/app/views/devise/mailer/unlock_instructions.html.erb @@ -4,4 +4,4 @@

Click the link below to unlock your account:

-

<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %>

+

<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %>

diff --git a/lib/devise.rb b/lib/devise.rb index c71180917b..595257d31d 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -14,6 +14,7 @@ module Devise autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' + autoload :TokenGenerator, 'devise/token_generator' module Controllers autoload :Helpers, 'devise/controllers/helpers' @@ -49,6 +50,10 @@ module Strategies mattr_accessor :secret_key @@secret_key = nil + # Secret key used by the key generator + mattr_accessor :token_generator + @@token_generator = nil + # Custom domain or key for cookies. Not set by default mattr_accessor :rememberable_options @@rememberable_options = {} diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 2f973d2577..9893062d8d 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -83,11 +83,8 @@ def devise(*modules) devise_modules_hook! do include Devise::Models::Authenticatable - selected_modules.each do |m| - if m == :encryptable && !(defined?(Devise::Models::Encryptable)) - warn "[DEVISE] You're trying to include :encryptable in your model but it is not bundled with the Devise gem anymore. Please add `devise-encryptable` to your Gemfile to proceed.\n" - end + selected_modules.each do |m| mod = Devise::Models.const_get(m.to_s.classify) if mod.const_defined?("ClassMethods") diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 313aa7e886..beee021cce 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -144,20 +144,20 @@ def devise_mailer # # protected # - # def send_devise_notification(notification, opts = {}) - # # if the record is new or changed then delay the + # def send_devise_notification(notification, *args) + # # If the record is new or changed then delay the # # delivery until the after_commit callback otherwise # # send now because after_commit will not be called. # if new_record? || changed? - # pending_notifications << [notification, opts] + # pending_notifications << [notification, args] # else - # devise_mailer.send(notification, self, opts).deliver + # devise_mailer.send(notification, self, *args).deliver # end # end # # def send_pending_notifications - # pending_notifications.each do |n, opts| - # devise_mailer.send(n, self, opts).deliver + # pending_notifications.each do |notification, args| + # devise_mailer.send(notification, self, *args).deliver # end # # # Empty the pending notifications array because the @@ -171,8 +171,8 @@ def devise_mailer # end # end # - def send_devise_notification(notification, opts={}) - devise_mailer.send(notification, self, opts).deliver + def send_devise_notification(notification, *args) + devise_mailer.send(notification, self, *args).deliver end def downcase_keys @@ -279,14 +279,6 @@ def find_or_initialize_with_errors(required_attributes, attributes, error=:inval def devise_parameter_filter @devise_parameter_filter ||= Devise::ParameterFilter.new(case_insensitive_keys, strip_whitespace_keys) end - - # Generate a token by looping and ensuring does not already exist. - def generate_token(column) - loop do - token = Devise.friendly_token - break token unless to_adapter.find_first({ column => token }) - end - end end end end diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 5803d8d3ea..ff02925336 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -40,9 +40,10 @@ module Confirmable end def initialize(*args, &block) - @bypass_postpone = false + @bypass_confirmation_postpone = false @reconfirmation_required = false @skip_confirmation_notification = false + @raw_confirmation_token = nil super end @@ -93,10 +94,12 @@ def pending_reconfirmation? # Send confirmation instructions by email def send_confirmation_instructions - ensure_confirmation_token! + unless @raw_confirmation_token + generate_confirmation_token! + end opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { } - send_devise_notification(:confirmation_instructions, opts) + send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts) end def send_reconfirmation_instructions @@ -109,17 +112,11 @@ def send_reconfirmation_instructions # Resend confirmation token. # Regenerates the token if the period is expired. - def resend_confirmation_token + def resend_confirmation_instructions pending_any_confirmation do - regenerate_confirmation_token! if confirmation_period_expired? send_confirmation_instructions end end - - # Generate a confirmation token unless already exists and save the record. - def ensure_confirmation_token! - generate_confirmation_token! if should_generate_confirmation_token? - end # Overwrites active_for_authentication? for confirmation # by verifying whether a user is active to sign in or not. If the user @@ -149,19 +146,16 @@ def skip_confirmation_notification! # If you don't want reconfirmation to be sent, neither a code # to be generated, call skip_reconfirmation! def skip_reconfirmation! - @bypass_postpone = true + @bypass_confirmation_postpone = true end protected - def should_generate_confirmation_token? - confirmation_token.nil? || confirmation_period_expired? - end # A callback method used to deliver confirmation # instructions on creation. This can be overriden # in models to map to a nice sign up e-mail. def send_on_create_confirmation_instructions - send_devise_notification(:confirmation_instructions) + send_confirmation_instructions end # Callback to overwrite if confirmation is required or not. @@ -221,10 +215,12 @@ def pending_any_confirmation end end - # Generates a new random token for confirmation, and stores the time - # this token is being generated + # Generates a new random token for confirmation, and stores + # the time this token is being generated def generate_confirmation_token - self.confirmation_token = self.class.confirmation_token + raw, enc = Devise.token_generator.generate(self.class, :confirmation_token) + @raw_confirmation_token = raw + self.confirmation_token = enc self.confirmation_sent_at = Time.now.utc end @@ -232,15 +228,6 @@ def generate_confirmation_token! generate_confirmation_token && save(:validate => false) end - # Regenerates a new token. - def regenerate_confirmation_token - generate_confirmation_token - end - - def regenerate_confirmation_token! - regenerate_confirmation_token && save(:validate => false) - end - def after_password_reset super confirm! unless confirmed? @@ -250,12 +237,12 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token @reconfirmation_required = true self.unconfirmed_email = self.email self.email = self.email_was - regenerate_confirmation_token + generate_confirmation_token end def postpone_email_change? - postpone = self.class.reconfirmable && email_changed? && !@bypass_postpone && !self.email.blank? - @bypass_postpone = false + postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && !self.email.blank? + @bypass_confirmation_postpone = false postpone end @@ -280,7 +267,7 @@ def send_confirmation_instructions(attributes={}) unless confirmable.try(:persisted?) confirmable = find_or_initialize_with_errors(confirmation_keys, attributes, :not_found) end - confirmable.resend_confirmation_token if confirmable.persisted? + confirmable.resend_confirmation_instructions if confirmable.persisted? confirmable end @@ -289,16 +276,16 @@ def send_confirmation_instructions(attributes={}) # If the user is already confirmed, create an error for the user # Options must have the confirmation_token def confirm_by_token(confirmation_token) + original_token = confirmation_token + confirmation_token = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token) + unless confirmable.persisted? + confirmable = find_or_initialize_with_error_by(:confirmation_token, original_token) + end confirmable.confirm! if confirmable.persisted? confirmable end - # Generate a token checking if one does not already exist in the database. - def confirmation_token - generate_token(:confirmation_token) - end - # Find a record for confirmation by unconfirmed email field def find_by_unconfirmed_email_with_errors(attributes = {}) unconfirmed_required_attributes = confirmation_keys.map { |k| k == :email ? :unconfirmed_email : k } diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index e19be39aa7..4dd5f8212e 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -38,7 +38,6 @@ def lock_access! self.locked_at = Time.now.utc if unlock_strategy_enabled?(:email) - generate_unlock_token! send_unlock_instructions else save(:validate => false) @@ -60,11 +59,15 @@ def access_locked? # Send unlock instructions by email def send_unlock_instructions - send_devise_notification(:unlock_instructions) + raw, enc = Devise.token_generator.generate(self.class, :unlock_token) + self.unlock_token = enc + self.save(:validate => false) + send_devise_notification(:unlock_instructions, raw, {}) + raw end # Resend the unlock instructions if the user is locked. - def resend_unlock_token + def resend_unlock_instructions if_access_locked { send_unlock_instructions } end @@ -122,15 +125,6 @@ def attempts_exceeded? self.failed_attempts > self.class.maximum_attempts end - # Generates unlock token - def generate_unlock_token - self.unlock_token = self.class.unlock_token - end - - def generate_unlock_token! - generate_unlock_token && save(:validate => false) - end - # Tells if the lock is expired if :time unlock strategy is active def lock_expired? if unlock_strategy_enabled?(:time) @@ -158,7 +152,7 @@ module ClassMethods # Options must contain the user's unlock keys def send_unlock_instructions(attributes={}) lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found) - lockable.resend_unlock_token if lockable.persisted? + lockable.resend_unlock_instructions if lockable.persisted? lockable end @@ -167,7 +161,14 @@ def send_unlock_instructions(attributes={}) # If the user is not locked, creates an error for the user # Options must have the unlock_token def unlock_access_by_token(unlock_token) + original_token = unlock_token + unlock_token = Devise.token_generator.digest(self, :unlock_token, unlock_token) + lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token) + unless lockable.persisted? + lockable = find_or_initialize_with_error_by(:unlock_token, original_token) + end + lockable.unlock_access! if lockable.persisted? lockable end @@ -182,10 +183,6 @@ def lock_strategy_enabled?(strategy) self.lock_strategy == strategy end - def unlock_token - Devise.friendly_token - end - Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys) end end diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 563dd962ca..855d3b6560 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -42,17 +42,19 @@ def reset_password!(new_password, new_password_confirmation) save end - # Resets reset password token and send reset password instructions by email + # Resets reset password token and send reset password instructions by email. + # Returns the token sent in the e-mail. def send_reset_password_instructions - ensure_reset_password_token! - send_devise_notification(:reset_password_instructions) + raw, enc = Devise.token_generator.generate(self.class, :reset_password_token) + + self.reset_password_token = enc + self.reset_password_sent_at = Time.now.utc + self.save(:validate => false) + + send_devise_notification(:reset_password_instructions, raw, {}) + raw end - - # Generate reset password token unless already exists and save the record. - def ensure_reset_password_token! - generate_reset_password_token! if should_generate_reset_token? - end - + # Checks if the reset password token sent is within the limit time. # We do this by calculating if the difference between today and the # sending date does not exceed the confirm in time configured. @@ -79,23 +81,6 @@ def reset_password_period_valid? protected - def should_generate_reset_token? - reset_password_token.nil? || !reset_password_period_valid? - end - - # Generates a new random token for reset password - def generate_reset_password_token - self.reset_password_token = self.class.reset_password_token - self.reset_password_sent_at = Time.now.utc - self.reset_password_token - end - - # Resets the reset password token with and save the record without - # validating - def generate_reset_password_token! - generate_reset_password_token && save(:validate => false) - end - # Removes reset_password token def clear_reset_password_token self.reset_password_token = nil @@ -127,7 +112,14 @@ def reset_password_token # containing an error in reset_password_token attribute. # Attributes must contain reset_password_token, password and confirmation def reset_password_by_token(attributes={}) - recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token]) + original_token = attributes[:reset_password_token] + reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token) + + recoverable = find_or_initialize_with_error_by(:reset_password_token, reset_password_token) + unless recoverable.persisted? + recoverable = find_or_initialize_with_error_by(:reset_password_token, original_token) + end + if recoverable.persisted? if recoverable.reset_password_period_valid? recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) diff --git a/lib/devise/models/token_authenticatable.rb b/lib/devise/models/token_authenticatable.rb index ffe4d30141..b9f1c18900 100644 --- a/lib/devise/models/token_authenticatable.rb +++ b/lib/devise/models/token_authenticatable.rb @@ -79,7 +79,10 @@ def find_for_token_authentication(conditions) # Generate a token checking if one does not already exist in the database. def authentication_token - generate_token(:authentication_token) + loop do + token = Devise.friendly_token + break token unless to_adapter.find_first({ :authentication_token => token }) + end end Devise::Models.config(self, :token_authentication_key, :expire_auth_token_on_timeout) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 1522022828..85439e434b 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -30,7 +30,11 @@ class Engine < ::Rails::Engine end initializer "devise.secret_key" do - unless Devise.secret_key + if secret_key = Devise.secret_key + Devise.token_generator = Devise::TokenGenerator.new( + Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key)) + ) + else raise <<-ERROR Devise.secret_key was not set. Please add the following to your Devise initializer: diff --git a/lib/devise/key_generator.rb b/lib/devise/token_generator.rb similarity index 71% rename from lib/devise/key_generator.rb rename to lib/devise/token_generator.rb index 8248403f8a..4608cc3e5b 100644 --- a/lib/devise/key_generator.rb +++ b/lib/devise/token_generator.rb @@ -1,9 +1,36 @@ # Deprecate: Copied verbatim from Rails source, remove once we move to Rails 4 only. require 'thread_safe' require 'openssl' -require 'secure_random' +require 'securerandom' module Devise + class TokenGenerator + def initialize(key_generator) + @key_generator = key_generator + end + + def digest(klass, column, value) + value.present? && OpenSSL::HMAC.hexdigest("SHA1", key_for(klass, column), value.to_s) + end + + def generate(klass, column) + adapter = klass.to_adapter + key = key_for(klass, column) + + loop do + raw = Devise.friendly_token + enc = OpenSSL::HMAC.hexdigest("SHA1", key, raw) + break [raw, enc] unless adapter.find_first({ column => enc }) + end + end + + private + + def key_for(klass, column) + @key_generator.generate_key("#{klass.name} #{column}") + end + end + # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2 # It can be used to derive a number of keys for various purposes from a given secret. # This lets Rails applications have a single secure secret, but avoid reusing that diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 9cb613ebbd..204ab2d24e 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -84,8 +84,12 @@ def mail test 'body should have link to confirm the account' do host = ActionMailer::Base.default_url_options[:host] - confirmation_url_regexp = %r{} - assert_match confirmation_url_regexp, mail.body.encoded + + if mail.body.encoded =~ %r{} + assert_equal Devise.token_generator.digest(user.class, :confirmation_token, $1), user.confirmation_token + else + flunk "expected confirmation url regex to match" + end end test 'renders a scoped if scoped_views is set to true' do diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index d56b9b787d..4741568a79 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -80,8 +80,12 @@ def mail test 'body should have link to confirm the account' do host = ActionMailer::Base.default_url_options[:host] - reset_url_regexp = %r{} - assert_match reset_url_regexp, mail.body.encoded + + if mail.body.encoded =~ %r{} + assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token + else + flunk "expected reset password url regex to match" + end end test 'mailer sender accepts a proc' do diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 6b61080e40..324529b0a4 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -81,7 +81,11 @@ def mail test 'body should have link to unlock the account' do host = ActionMailer::Base.default_url_options[:host] - unlock_url_regexp = %r{} - assert_match unlock_url_regexp, mail.body.encoded + + if mail.body.encoded =~ %r{} + assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token + else + flunk "expected unlock url regex to match" + end end end diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index b0a7fd4474..7e4b1c827b 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -51,13 +51,21 @@ def setup assert_equal "was already confirmed, please try signing in", user.errors[:email].join end - test 'should find and confirm a user automatically' do + test 'DEPRECATED: should find and confirm a user automatically' do user = create_user confirmed_user = User.confirm_by_token(user.confirmation_token) assert_equal confirmed_user, user assert user.reload.confirmed? end + test 'should find and confirm a user automatically based on the raw token' do + user = create_user + raw = user.instance_variable_get(:@raw_confirmation_token) + confirmed_user = User.confirm_by_token(raw) + assert_equal confirmed_user, user + assert user.reload.confirmed? + end + test 'should return a new record with errors when a invalid token is given' do confirmed_user = User.confirm_by_token('invalid_confirmation_token') assert_not confirmed_user.persisted? @@ -176,7 +184,7 @@ def setup test 'should not be able to send instructions if the user is already confirmed' do user = create_user user.confirm! - assert_not user.resend_confirmation_token + assert_not user.resend_confirmation_instructions assert user.confirmed? assert_equal 'was already confirmed, please try signing in', user.errors[:email].join end @@ -285,32 +293,12 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) end end - test 'should generate a new token if the previous one has expired' do - swap Devise, :confirm_within => 3.days do - user = create_user - user.update_attribute(:confirmation_sent_at, 4.days.ago) - old = user.confirmation_token - user.resend_confirmation_token - assert_not_equal user.confirmation_token, old - end - end - - test 'should generate a new token when a valid one does not exist' do - swap Devise, :confirm_within => 3.days do - user = create_user - user.update_attribute(:confirmation_sent_at, 4.days.ago) - old = user.confirmation_token - user.ensure_confirmation_token! - assert_not_equal user.confirmation_token, old - end - end - - test 'should not generate a new token when a valid one exists' do + test 'always generate a new token on resend' do user = create_user - assert_not_nil user.confirmation_token - old = user.confirmation_token - user.ensure_confirmation_token! - assert_equal user.confirmation_token, old + old = user.confirmation_token + user = User.find(user.id) + user.resend_confirmation_instructions + assert_not_equal user.confirmation_token, old end test 'should call after_confirmation if confirmed' do diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index d96e4eb4b1..32211f3e33 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -139,7 +139,7 @@ def setup end end - test 'should find and unlock a user automatically' do + test 'DEPRECATED: should find and unlock a user automatically' do user = create_user user.lock_access! locked_user = User.unlock_access_by_token(user.unlock_token) @@ -147,6 +147,14 @@ def setup assert_not user.reload.access_locked? end + test 'should find and unlock a user automatically based on raw token' do + user = create_user + raw = user.send_unlock_instructions + locked_user = User.unlock_access_by_token(raw) + assert_equal locked_user, user + assert_not user.reload.access_locked? + end + test 'should return a new record with errors when a invalid token is given' do locked_user = User.unlock_access_by_token('invalid_token') assert_not locked_user.persisted? @@ -195,7 +203,7 @@ def setup test 'should not be able to send instructions if the user is not locked' do user = create_user - assert_not user.resend_unlock_token + assert_not user.resend_unlock_instructions assert_not user.access_locked? assert_equal 'was not locked', user.errors[:email].join end @@ -203,7 +211,7 @@ def setup test 'should not be able to send instructions if the user if not locked and have username as unlock key' do swap Devise, :unlock_keys => [:username] do user = create_user - assert_not user.resend_unlock_token + assert_not user.resend_unlock_instructions assert_not user.access_locked? assert_equal 'was not locked', user.errors[:username].join end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index be54444e32..701a49861f 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -108,14 +108,22 @@ def setup end end - test 'should find a user to reset his password based on reset_password_token' do + test 'DEPRECATED: should find a user to reset his password based on reset_password_token' do user = create_user - user.ensure_reset_password_token! + user.send_reset_password_instructions reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token) assert_equal reset_password_user, user end + test 'should find a user to reset his password based on the raw token' do + user = create_user + raw = user.send_reset_password_instructions + + reset_password_user = User.reset_password_by_token(:reset_password_token => raw) + assert_equal reset_password_user, user + end + test 'should return a new record with errors if no reset_password_token is found' do reset_password_user = User.reset_password_by_token(:reset_password_token => 'invalid_token') assert_not reset_password_user.persisted? @@ -130,9 +138,9 @@ def setup test 'should return a new record with errors if password is blank' do user = create_user - user.ensure_reset_password_token! + raw = user.send_reset_password_instructions - reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token, :password => '') + reset_password_user = User.reset_password_by_token(:reset_password_token => raw, :password => '') assert_not reset_password_user.errors.empty? assert_match "can't be blank", reset_password_user.errors[:password].join end @@ -140,10 +148,10 @@ def setup test 'should reset successfully user password given the new password and confirmation' do user = create_user old_password = user.password - user.ensure_reset_password_token! + raw = user.send_reset_password_instructions User.reset_password_by_token( - :reset_password_token => user.reset_password_token, + :reset_password_token => raw, :password => 'new_password', :password_confirmation => 'new_password' ) @@ -153,38 +161,17 @@ def setup assert user.valid_password?('new_password') end - test 'should not reset reset password token during reset_password_within time' do - swap Devise, :reset_password_within => 1.hour do - user = create_user - user.send_reset_password_instructions - 3.times do - token = user.reset_password_token - user.send_reset_password_instructions - assert_equal token, user.reset_password_token - end - end - end - - test 'should reset reset password token after reset_password_within time' do - swap Devise, :reset_password_within => 1.hour do - user = create_user - user.reset_password_sent_at = 2.days.ago - token = user.reset_password_token - user.send_reset_password_instructions - assert_not_equal token, user.reset_password_token - end - end - test 'should not reset password after reset_password_within time' do swap Devise, :reset_password_within => 1.hour do user = create_user + raw = user.send_reset_password_instructions + old_password = user.password - user.ensure_reset_password_token! user.reset_password_sent_at = 2.days.ago user.save! reset_password_user = User.reset_password_by_token( - :reset_password_token => user.reset_password_token, + :reset_password_token => raw, :password => 'new_password', :password_confirmation => 'new_password' ) @@ -201,22 +188,5 @@ def setup :reset_password_sent_at, :reset_password_token ] - end - - test 'should generate a new token when a valid one does not exist' do - user = create_user - assert_nil user.reset_password_token - - user.ensure_reset_password_token! - assert_not_nil user.reset_password_token - end - - test 'should not generate a new token when a valid one exists' do - user = create_user - user.send :generate_reset_password_token! - assert_not_nil user.reset_password_token - old = user.reset_password_token - user.ensure_reset_password_token! - assert_equal user.reset_password_token, old end end From 3cdbf15fe9fe8f9763ec9e983624763f418b4186 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 5 Aug 2013 19:24:04 +0200 Subject: [PATCH 0266/1473] Update OTHER lock --- gemfiles/Gemfile.rails-3.2.x.lock | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index a3ed5cc05a..8119ce3b8e 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -5,6 +5,7 @@ PATH bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) + thread_safe (~> 0.1) warden (~> 1.2.3) GEM @@ -38,6 +39,7 @@ GEM i18n (= 0.6.1) multi_json (~> 1.0) arel (3.0.2) + atomic (1.1.10) bcrypt-ruby (3.1.1) builder (3.0.4) erubis (2.7.0) @@ -124,6 +126,8 @@ GEM tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.7) thor (0.18.1) + thread_safe (0.1.0) + atomic tilt (1.4.0) treetop (1.4.12) polyglot From 354e5022bf2aa482aba7c13bddeb12535b9858ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 6 Aug 2013 11:55:13 +0200 Subject: [PATCH 0267/1473] Only allow insecure token lookup if a flag is given --- lib/devise.rb | 11 +++-- lib/devise/models/confirmable.rb | 7 +++- lib/devise/models/lockable.rb | 5 ++- lib/devise/models/recoverable.rb | 6 ++- lib/devise/token_generator.rb | 11 +++-- test/controllers/passwords_controller_test.rb | 7 ++-- test/integration/confirmable_test.rb | 32 +++++++-------- test/integration/lockable_test.rb | 25 +++++------- test/integration/recoverable_test.rb | 40 +++++++++++-------- test/models/confirmable_test.rb | 16 ++++---- test/models/lockable_test.rb | 12 +++--- test/models/recoverable_test.rb | 10 +++-- test/rails_app/lib/shared_admin.rb | 3 ++ test/rails_app/lib/shared_user.rb | 4 ++ 14 files changed, 108 insertions(+), 81 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 595257d31d..647f746e55 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -50,9 +50,10 @@ module Strategies mattr_accessor :secret_key @@secret_key = nil - # Secret key used by the key generator - mattr_accessor :token_generator - @@token_generator = nil + # Allow insecure token lookup. Must be used + # temporarily just for migration. + mattr_accessor :allow_insecure_token_lookup + @@allow_insecure_tokens_lookup = false # Custom domain or key for cookies. Not set by default mattr_accessor :rememberable_options @@ -260,6 +261,10 @@ module Strategies mattr_accessor :paranoid @@paranoid = false + # Stores the token generator + mattr_accessor :token_generator + @@token_generator = nil + # Default way to setup Devise. Run rails generate devise_install to create # a fresh initializer with all configuration values. def self.setup diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index ff02925336..4442d29c36 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -276,13 +276,16 @@ def send_confirmation_instructions(attributes={}) # If the user is already confirmed, create an error for the user # Options must have the confirmation_token def confirm_by_token(confirmation_token) - original_token = confirmation_token + original_token = confirmation_token confirmation_token = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) + confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token) - unless confirmable.persisted? + if !confirmable.persisted? && Devise.allow_insecure_token_lookup confirmable = find_or_initialize_with_error_by(:confirmation_token, original_token) end + confirmable.confirm! if confirmable.persisted? + confirmable.confirmation_token = original_token confirmable end diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 4dd5f8212e..a9c8ad5a73 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -162,14 +162,15 @@ def send_unlock_instructions(attributes={}) # Options must have the unlock_token def unlock_access_by_token(unlock_token) original_token = unlock_token - unlock_token = Devise.token_generator.digest(self, :unlock_token, unlock_token) + unlock_token = Devise.token_generator.digest(self, :unlock_token, unlock_token) lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token) - unless lockable.persisted? + if !lockable.persisted? && Devise.allow_insecure_token_lookup lockable = find_or_initialize_with_error_by(:unlock_token, original_token) end lockable.unlock_access! if lockable.persisted? + lockable.unlock_token = original_token lockable end diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 855d3b6560..b063603ee7 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -112,11 +112,11 @@ def reset_password_token # containing an error in reset_password_token attribute. # Attributes must contain reset_password_token, password and confirmation def reset_password_by_token(attributes={}) - original_token = attributes[:reset_password_token] + original_token = attributes[:reset_password_token] reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token) recoverable = find_or_initialize_with_error_by(:reset_password_token, reset_password_token) - unless recoverable.persisted? + if !recoverable.persisted? && Devise.allow_insecure_token_lookup recoverable = find_or_initialize_with_error_by(:reset_password_token, original_token) end @@ -127,6 +127,8 @@ def reset_password_by_token(attributes={}) recoverable.errors.add(:reset_password_token, :expired) end end + + recoverable.reset_password_token = original_token recoverable end diff --git a/lib/devise/token_generator.rb b/lib/devise/token_generator.rb index 4608cc3e5b..3f41ec8a36 100644 --- a/lib/devise/token_generator.rb +++ b/lib/devise/token_generator.rb @@ -10,24 +10,23 @@ def initialize(key_generator) end def digest(klass, column, value) - value.present? && OpenSSL::HMAC.hexdigest("SHA1", key_for(klass, column), value.to_s) + value.present? && OpenSSL::HMAC.hexdigest("SHA1", key_for(column), value.to_s) end def generate(klass, column) - adapter = klass.to_adapter - key = key_for(klass, column) + key = key_for(column) loop do raw = Devise.friendly_token enc = OpenSSL::HMAC.hexdigest("SHA1", key, raw) - break [raw, enc] unless adapter.find_first({ column => enc }) + break [raw, enc] unless klass.to_adapter.find_first({ column => enc }) end end private - def key_for(klass, column) - @key_generator.generate_key("#{klass.name} #{column}") + def key_for(column) + @key_generator.generate_key(column.to_s) end end diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index 4d3dfc0ba5..a7fa06d666 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -4,16 +4,15 @@ class PasswordsControllerTest < ActionController::TestCase tests Devise::PasswordsController include Devise::TestHelpers - def setup + setup do request.env["devise.mapping"] = Devise.mappings[:user] - @user = create_user - @user.send_reset_password_instructions + @raw = @user.send_reset_password_instructions end def put_update_with_params put :update, "user" => { - "reset_password_token" => @user.reset_password_token, "password" => "123456", "password_confirmation" => "123456" + "reset_password_token" => @raw, "password" => "123456", "password_confirmation" => "123456" } end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 7778732992..db09a9fb83 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -28,9 +28,7 @@ def resend_confirmation test 'user should receive a confirmation from a custom mailer' do User.any_instance.stubs(:devise_mailer).returns(Users::Mailer) - resend_confirmation - assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.first.from end @@ -43,7 +41,7 @@ def resend_confirmation test 'user with valid confirmation token should be able to confirm an account' do user = create_user(:confirm => false) assert_not user.confirmed? - visit_user_confirmation_with_token(user.confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your account was successfully confirmed.' assert_current_url '/' @@ -54,7 +52,7 @@ def resend_confirmation swap Devise, :confirm_within => 3.days do user = create_user(:confirm => false, :confirmation_sent_at => 4.days.ago) assert_not user.confirmed? - visit_user_confirmation_with_token(user.confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) assert_have_selector '#error_explanation' assert_contain /needs to be confirmed within 3 days/ @@ -66,7 +64,7 @@ def resend_confirmation swap Devise, :confirm_within => 3.days do user = create_user(:confirm => false, :confirmation_sent_at => 2.days.ago) assert_not user.confirmed? - visit_user_confirmation_with_token(user.confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your account was successfully confirmed.' assert_current_url '/' @@ -78,7 +76,7 @@ def resend_confirmation Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1") user = create_user(:confirm => false) - visit_user_confirmation_with_token(user.confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) assert_current_url "/?custom=1" end @@ -87,7 +85,7 @@ def resend_confirmation user = create_user(:confirm => false) user.confirmed_at = Time.now user.save - visit_user_confirmation_with_token(user.confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) assert_have_selector '#error_explanation' assert_contain 'already confirmed' @@ -98,7 +96,7 @@ def resend_confirmation user.confirmed_at = Time.now user.save - visit_user_confirmation_with_token(user.confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'already confirmed' fill_in 'email', :with => user.email @@ -108,14 +106,14 @@ def resend_confirmation test 'sign in user automatically after confirming its email' do user = create_user(:confirm => false) - visit_user_confirmation_with_token(user.confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) assert warden.authenticated?(:user) end test 'increases sign count when signed in through confirmation' do user = create_user(:confirm => false) - visit_user_confirmation_with_token(user.confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) user.reload assert_equal 1, user.sign_in_count @@ -175,7 +173,7 @@ def resend_confirmation test 'confirm account with valid confirmation token in XML format should return valid response' do user = create_user(:confirm => false) - get user_confirmation_path(:confirmation_token => user.confirmation_token, :format => 'xml') + get user_confirmation_path(:confirmation_token => user.raw_confirmation_token, :format => 'xml') assert_response :success assert response.body.include? %(\n) end @@ -256,7 +254,7 @@ def visit_admin_confirmation_with_token(confirmation_token) admin = create_admin admin.update_attributes(:email => 'new_test@example.com') assert_equal 'new_test@example.com', admin.unconfirmed_email - visit_admin_confirmation_with_token(admin.confirmation_token) + visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_contain 'Your account was successfully confirmed.' assert_current_url '/admin_area/home' @@ -269,15 +267,17 @@ def visit_admin_confirmation_with_token(confirmation_token) admin.update_attributes(:email => 'first_test@example.com') assert_equal 'first_test@example.com', admin.unconfirmed_email - confirmation_token = admin.confirmation_token + raw_confirmation_token = admin.raw_confirmation_token + admin = Admin.find(admin.id) + admin.update_attributes(:email => 'second_test@example.com') assert_equal 'second_test@example.com', admin.unconfirmed_email - visit_admin_confirmation_with_token(confirmation_token) + visit_admin_confirmation_with_token(raw_confirmation_token) assert_have_selector '#error_explanation' assert_contain(/Confirmation token(.*)invalid/) - visit_admin_confirmation_with_token(admin.confirmation_token) + visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_contain 'Your account was successfully confirmed.' assert_current_url '/admin_area/home' assert admin.reload.confirmed? @@ -291,7 +291,7 @@ def visit_admin_confirmation_with_token(confirmation_token) create_second_admin(:email => "new_admin_test@example.com") - visit_admin_confirmation_with_token(admin.confirmation_token) + visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_have_selector '#error_explanation' assert_contain(/Email.*already.*taken/) assert admin.reload.pending_reconfirmation? diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 1a5d99974b..3ab7fd602c 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -13,6 +13,7 @@ def send_unlock_request visit new_user_session_path click_link "Didn't receive unlock instructions?" + Devise.stubs(:friendly_token).returns("abcdef") fill_in 'email', :with => user.email click_button 'Resend unlock instructions' end @@ -22,8 +23,11 @@ def send_unlock_request assert_template 'sessions/new' assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes' + + mail = ActionMailer::Base.deliveries.last assert_equal 1, ActionMailer::Base.deliveries.size - assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from + assert_equal ['please-change-me@config-initializers-devise.com'], mail.from + assert_match user_unlock_path(unlock_token: 'abcdef'), mail.body.encoded end test 'user should receive the instructions from a custom mailer' do @@ -75,23 +79,15 @@ def send_unlock_request end test "locked user should be able to unlock account" do - user = create_user(:locked => true) - assert user.access_locked? - - visit_user_unlock_with_token(user.unlock_token) + user = create_user + raw = user.lock_access! + visit_user_unlock_with_token(raw) assert_current_url "/users/sign_in" assert_contain 'Your account has been unlocked successfully. Please sign in to continue.' - assert_not user.reload.access_locked? end - test "redirect user to sign in page after unlocking its account" do - user = create_user(:locked => true) - visit_user_unlock_with_token(user.unlock_token) - assert_not warden.authenticated?(:user) - end - test "user should not send a new e-mail if already locked" do user = create_user(:locked => true) user.failed_attempts = User.maximum_attempts + 1 @@ -153,9 +149,10 @@ def send_unlock_request end test 'user with valid unlock token should be able to unlock account via XML request' do - user = create_user(:locked => true) + user = create_user() + raw = user.lock_access! assert user.access_locked? - get user_unlock_path(:format => 'xml', :unlock_token => user.unlock_token) + get user_unlock_path(:format => 'xml', :unlock_token => raw) assert_response :success assert response.body.include? %(\n) end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 2ed0bafa2a..4b6d495c9f 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -14,12 +14,16 @@ def request_forgot_password(&block) fill_in 'email', :with => 'user@test.com' yield if block_given? + + Devise.stubs(:friendly_token).returns("abcdef") click_button 'Send me reset password instructions' end def reset_password(options={}, &block) - visit edit_user_password_path(:reset_password_token => options[:reset_password_token]) unless options[:visit] == false - assert_response :success + unless options[:visit] == false + visit edit_user_password_path(:reset_password_token => options[:reset_password_token] || "abcdef") + assert_response :success + end fill_in 'New password', :with => '987654321' fill_in 'Confirm new password', :with => '987654321' @@ -45,7 +49,10 @@ def reset_password(options={}, &block) request_forgot_password do fill_in 'email', :with => 'foo@bar.com' end - assert_equal ['custom@example.com'], ActionMailer::Base.deliveries.last.from + + mail = ActionMailer::Base.deliveries.last + assert_equal ['custom@example.com'], mail.from + assert_match edit_user_password_path(reset_password_token: 'abcdef'), mail.body.encoded end test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do @@ -146,7 +153,7 @@ def reset_password(options={}, &block) test 'not authenticated user with valid reset password token but invalid password should not be able to change his password' do user = create_user request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token do + reset_password do fill_in 'Confirm new password', :with => 'other_password' end @@ -161,7 +168,7 @@ def reset_password(options={}, &block) test 'not authenticated user with valid data should be able to change his password' do user = create_user request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token + reset_password assert_current_url '/' assert_contain 'Your password was changed successfully. You are now signed in.' @@ -171,14 +178,13 @@ def reset_password(options={}, &block) test 'after entering invalid data user should still be able to change his password' do user = create_user request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token do - fill_in 'Confirm new password', :with => 'other_password' - end + + reset_password { fill_in 'Confirm new password', :with => 'other_password' } assert_response :success assert_have_selector '#error_explanation' assert_not user.reload.valid_password?('987654321') - reset_password :reset_password_token => user.reload.reset_password_token, :visit => false + reset_password :visit => false assert_contain 'Your password was changed successfully.' assert user.reload.valid_password?('987654321') end @@ -186,7 +192,7 @@ def reset_password(options={}, &block) test 'sign in user automatically after changing its password' do user = create_user request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token + reset_password assert warden.authenticated?(:user) end @@ -196,7 +202,7 @@ def reset_password(options={}, &block) swap Devise, :unlock_strategy => strategy do user = create_user(:locked => true) request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token + reset_password assert_contain 'Your password was changed successfully.' assert_not_contain 'You are now signed in.' @@ -210,7 +216,7 @@ def reset_password(options={}, &block) swap Devise, :unlock_strategy => :email do user = create_user(:locked => true) request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token + reset_password assert_contain 'Your password was changed successfully.' assert !user.reload.access_locked? @@ -222,7 +228,7 @@ def reset_password(options={}, &block) swap Devise, :unlock_strategy => :both do user = create_user(:locked => true) request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token + reset_password assert_contain 'Your password was changed successfully.' assert !user.reload.access_locked? @@ -233,7 +239,7 @@ def reset_password(options={}, &block) test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do user = create_user(:confirm => false) request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token + reset_password assert warden.authenticated?(:user) assert user.reload.confirmed? @@ -265,7 +271,9 @@ def reset_password(options={}, &block) test 'change password with valid parameters in XML format should return valid response' do user = create_user request_forgot_password - put user_password_path(:format => 'xml'), :user => {:reset_password_token => user.reload.reset_password_token, :password => '987654321', :password_confirmation => '987654321'} + put user_password_path(:format => 'xml'), :user => { + :reset_password_token => 'abcdef', :password => '987654321', :password_confirmation => '987654321' + } assert_response :success assert warden.authenticated?(:user) end @@ -326,7 +334,7 @@ def reset_password(options={}, &block) assert_equal 10, user.failed_attempts request_forgot_password - reset_password :reset_password_token => user.reload.reset_password_token + reset_password assert warden.authenticated?(:user) user.reload diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 7e4b1c827b..0e82e7d2cb 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -52,15 +52,17 @@ def setup end test 'DEPRECATED: should find and confirm a user automatically' do - user = create_user - confirmed_user = User.confirm_by_token(user.confirmation_token) - assert_equal confirmed_user, user - assert user.reload.confirmed? + swap Devise, allow_insecure_token_lookup: true do + user = create_user + confirmed_user = User.confirm_by_token(user.confirmation_token) + assert_equal confirmed_user, user + assert user.reload.confirmed? + end end test 'should find and confirm a user automatically based on the raw token' do user = create_user - raw = user.instance_variable_get(:@raw_confirmation_token) + raw = user.raw_confirmation_token confirmed_user = User.confirm_by_token(raw) assert_equal confirmed_user, user assert user.reload.confirmed? @@ -82,7 +84,7 @@ def setup user = create_user user.confirmed_at = Time.now user.save - confirmed_user = User.confirm_by_token(user.confirmation_token) + confirmed_user = User.confirm_by_token(user.raw_confirmation_token) assert confirmed_user.confirmed? assert_equal "was already confirmed, please try signing in", confirmed_user.errors[:email].join end @@ -272,7 +274,7 @@ def setup def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) user = create_user user.update_attribute(:confirmation_sent_at, confirmation_sent_at) - confirmed_user = User.confirm_by_token(user.confirmation_token) + confirmed_user = User.confirm_by_token(user.raw_confirmation_token) assert_equal confirmed_user, user user.reload.confirmed? end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 32211f3e33..a399849a76 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -140,11 +140,13 @@ def setup end test 'DEPRECATED: should find and unlock a user automatically' do - user = create_user - user.lock_access! - locked_user = User.unlock_access_by_token(user.unlock_token) - assert_equal locked_user, user - assert_not user.reload.access_locked? + swap Devise, allow_insecure_token_lookup: true do + user = create_user + user.lock_access! + locked_user = User.unlock_access_by_token(user.unlock_token) + assert_equal locked_user, user + assert_not user.reload.access_locked? + end end test 'should find and unlock a user automatically based on raw token' do diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 701a49861f..3fb42d0a61 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -109,11 +109,13 @@ def setup end test 'DEPRECATED: should find a user to reset his password based on reset_password_token' do - user = create_user - user.send_reset_password_instructions + swap Devise, allow_insecure_token_lookup: true do + user = create_user + user.send_reset_password_instructions - reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token) - assert_equal reset_password_user, user + reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token) + assert_equal reset_password_user, user + end end test 'should find a user to reset his password based on the raw token' do diff --git a/test/rails_app/lib/shared_admin.rb b/test/rails_app/lib/shared_admin.rb index 5b38341e87..0bb40a4bae 100644 --- a/test/rails_app/lib/shared_admin.rb +++ b/test/rails_app/lib/shared_admin.rb @@ -11,4 +11,7 @@ module SharedAdmin validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed? end + def raw_confirmation_token + @raw_confirmation_token + end end diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index e4bd8712d3..9d7b34ef36 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -12,6 +12,10 @@ module SharedUser extend ExtendMethods end + def raw_confirmation_token + @raw_confirmation_token + end + module ExtendMethods def new_with_session(params, session) super.tap do |user| From d56641f514f54da04f778b2a9b816561df7910c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 6 Aug 2013 12:06:40 +0200 Subject: [PATCH 0268/1473] Move to SHA256 --- lib/devise/rails.rb | 15 ++++++++------- lib/devise/token_generator.rb | 11 ++++++----- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 85439e434b..e2814f7900 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -30,18 +30,19 @@ class Engine < ::Rails::Engine end initializer "devise.secret_key" do - if secret_key = Devise.secret_key - Devise.token_generator = Devise::TokenGenerator.new( - Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key)) - ) - else - raise <<-ERROR + Devise.token_generator ||= + if secret_key = Devise.secret_key + Devise::TokenGenerator.new( + Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key)) + ) + else + raise <<-ERROR Devise.secret_key was not set. Please add the following to your Devise initializer: config.secret_key = '#{SecureRandom.hex(64)}' ERROR - end + end end initializer "devise.fix_routes_proxy_missing_respond_to_bug" do diff --git a/lib/devise/token_generator.rb b/lib/devise/token_generator.rb index 3f41ec8a36..2a4b89f044 100644 --- a/lib/devise/token_generator.rb +++ b/lib/devise/token_generator.rb @@ -5,12 +5,13 @@ module Devise class TokenGenerator - def initialize(key_generator) + def initialize(key_generator, digest="SHA256") @key_generator = key_generator + @digest = digest end def digest(klass, column, value) - value.present? && OpenSSL::HMAC.hexdigest("SHA1", key_for(column), value.to_s) + value.present? && OpenSSL::HMAC.hexdigest(@digest, key_for(column), value.to_s) end def generate(klass, column) @@ -18,15 +19,15 @@ def generate(klass, column) loop do raw = Devise.friendly_token - enc = OpenSSL::HMAC.hexdigest("SHA1", key, raw) + enc = OpenSSL::HMAC.hexdigest(@digest, key, raw) break [raw, enc] unless klass.to_adapter.find_first({ column => enc }) end end private - + def key_for(column) - @key_generator.generate_key(column.to_s) + @key_generator.generate_key("Devise #{column}") end end From acd33174fcc556b57ea3650a9ca3e5b739e52912 Mon Sep 17 00:00:00 2001 From: Vignesh Rajagopalan Date: Thu, 8 Aug 2013 18:05:19 +0530 Subject: [PATCH 0269/1473] Added an extra validation to shared links --- app/views/devise/shared/_links.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/devise/shared/_links.erb b/app/views/devise/shared/_links.erb index eab783a4c9..d84bdde999 100644 --- a/app/views/devise/shared/_links.erb +++ b/app/views/devise/shared/_links.erb @@ -6,7 +6,7 @@ <%= link_to "Sign up", new_registration_path(resource_name) %>
<% end -%> -<%- if devise_mapping.recoverable? && controller_name != 'passwords' %> +<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> <%= link_to "Forgot your password?", new_password_path(resource_name) %>
<% end -%> @@ -22,4 +22,4 @@ <%- resource_class.omniauth_providers.each do |provider| %> <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %>
<% end -%> -<% end -%> \ No newline at end of file +<% end -%> From 3dccf3c6ffcf87be23a9bc584b0aeded1a5aad59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 8 Aug 2013 22:33:58 +0200 Subject: [PATCH 0270/1473] Do not sign in after confirmation --- .../devise/confirmations_controller.rb | 4 +-- lib/devise.rb | 5 +++ test/integration/confirmable_test.rb | 31 ++----------------- 3 files changed, 10 insertions(+), 30 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 6f96e88274..fc81a1a217 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -21,7 +21,7 @@ def show if resource.errors.empty? set_flash_message(:notice, :confirmed) if is_navigational_format? - sign_in(resource_name, resource) + sign_in(resource_name, resource) if Devise.allow_insecure_sign_in_after_confirmation respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new } @@ -37,6 +37,6 @@ def after_resending_confirmation_instructions_path_for(resource_name) # The path used after confirmation. def after_confirmation_path_for(resource_name, resource) - after_sign_in_path_for(resource) + new_session_path(resource_name) end end diff --git a/lib/devise.rb b/lib/devise.rb index 647f746e55..e98de4a6ca 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -55,6 +55,11 @@ module Strategies mattr_accessor :allow_insecure_token_lookup @@allow_insecure_tokens_lookup = false + # Allow insecure sign in after confirmation. Must be used + # temporarily just for migration. + mattr_accessor :allow_insecure_sign_in_after_confirmation + @@allow_insecure_sign_in_after_confirmation = false + # Custom domain or key for cookies. Not set by default mattr_accessor :rememberable_options @@rememberable_options = {} diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index db09a9fb83..6d7c5a2af7 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -38,16 +38,6 @@ def resend_confirmation assert_contain /Confirmation token(.*)invalid/ end - test 'user with valid confirmation token should be able to confirm an account' do - user = create_user(:confirm => false) - assert_not user.confirmed? - visit_user_confirmation_with_token(user.raw_confirmation_token) - - assert_contain 'Your account was successfully confirmed.' - assert_current_url '/' - assert user.reload.confirmed? - end - test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do swap Devise, :confirm_within => 3.days do user = create_user(:confirm => false, :confirmation_sent_at => 4.days.ago) @@ -67,7 +57,7 @@ def resend_confirmation visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your account was successfully confirmed.' - assert_current_url '/' + assert_current_url '/users/sign_in' assert user.reload.confirmed? end end @@ -104,21 +94,6 @@ def resend_confirmation assert_contain 'already confirmed' end - test 'sign in user automatically after confirming its email' do - user = create_user(:confirm => false) - visit_user_confirmation_with_token(user.raw_confirmation_token) - - assert warden.authenticated?(:user) - end - - test 'increases sign count when signed in through confirmation' do - user = create_user(:confirm => false) - visit_user_confirmation_with_token(user.raw_confirmation_token) - - user.reload - assert_equal 1, user.sign_in_count - end - test 'not confirmed user with setup to block without confirmation should not be able to sign in' do swap Devise, :allow_unconfirmed_access_for => 0.days do sign_in_as_user(:confirm => false) @@ -257,7 +232,7 @@ def visit_admin_confirmation_with_token(confirmation_token) visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_contain 'Your account was successfully confirmed.' - assert_current_url '/admin_area/home' + assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? assert_not admin.reload.pending_reconfirmation? end @@ -279,7 +254,7 @@ def visit_admin_confirmation_with_token(confirmation_token) visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_contain 'Your account was successfully confirmed.' - assert_current_url '/admin_area/home' + assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? assert_not admin.reload.pending_reconfirmation? end From 50d17bbb8e0aff1b2d4043f4db1f0fea60cf3fd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 8 Aug 2013 22:37:15 +0200 Subject: [PATCH 0271/1473] Update CHANGELOG --- CHANGELOG.rdoc | 11 +++++++++++ README.md | 3 +-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index cca8958914..ab7398ff08 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,14 @@ +== 3.1.0 + +* bug fix + * Do not sign in after confirmation (you can enable this temporarily by setting `config.allow_insecure_sign_in_after_confirmation` to true in your configuration file) + * Do not store confirmation, unlock and reset password tokens directly in the database (you can enable this temporarily by setting `config.allow_insecure_tokens_lookup` to true in your configuration file) + * Do not compare directly against confirmation, unlock and reset password tokens + * Skip storage for cookies on unverified requests + +* deprecations + * Token authentication is deprecated + == 3.0.1 * enhancements diff --git a/README.md b/README.md index b2206d4ccd..00dc8407c4 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,9 @@ Devise is a flexible authentication solution for Rails based on Warden. It: * Allows you to have multiple models signed in at the same time; * Is based on a modularity concept: use just what you really need. -It's composed of 11 modules: +It's composed of 10 modules: * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Token Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable): signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication. * [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds Omniauth (https://github.com/intridea/omniauth) support; * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. From 4681f81ce6b643cd55d7404500ee02ab18bab5df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 9 Aug 2013 08:37:27 +0200 Subject: [PATCH 0272/1473] Document the :store option for sign in --- lib/devise/controllers/helpers.rb | 1 + lib/devise/hooks/rememberable.rb | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 4fa64241f0..a53469a544 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -117,6 +117,7 @@ def signed_in?(scope=nil) # sign_in :user, @user # sign_in(scope, resource) # sign_in @user # sign_in(resource) # sign_in @user, :event => :authentication # sign_in(resource, options) + # sign_in @user, :store => false # sign_in(resource, options) # sign_in @user, :bypass => true # sign_in(resource, options) # def sign_in(resource_or_scope, *args) diff --git a/lib/devise/hooks/rememberable.rb b/lib/devise/hooks/rememberable.rb index 4d7182645c..c27557b635 100644 --- a/lib/devise/hooks/rememberable.rb +++ b/lib/devise/hooks/rememberable.rb @@ -1,6 +1,7 @@ Warden::Manager.after_set_user :except => :fetch do |record, warden, options| scope = options[:scope] - if record.respond_to?(:remember_me) && record.remember_me && warden.authenticated?(scope) + if record.respond_to?(:remember_me) && options[:store] != false && + record.remember_me && warden.authenticated?(scope) Devise::Controllers::Rememberable::Proxy.new(warden).remember_me(record) end end \ No newline at end of file From a1d83d5d4eedaa6206e15db2915f5f27295bdec9 Mon Sep 17 00:00:00 2001 From: chris Date: Fri, 9 Aug 2013 09:51:05 +0200 Subject: [PATCH 0273/1473] passes headers through test helpers' response --- lib/devise/test_helpers.rb | 1 + test/test_helpers_test.rb | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index 646a9ce600..04070289f9 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -108,6 +108,7 @@ def _process_unauthenticated(env, options = {}) Warden::Manager._run_callbacks(:before_failure, env, options) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a + @controller.response.headers.merge!(headers) @controller.send :render, :status => status, :text => response.body, :content_type => headers["Content-Type"], :location => headers["Location"] nil # causes process return @response diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index 68e55d9527..a91b9f68f7 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -148,4 +148,26 @@ def redirect get :index assert_match /User ##{second_user.id}/, @response.body end + + + test "passes given headers from the failure app to the response" do + + begin + old_failure_app = Devise.warden_config[:failure_app] + class CustomTestFailureApp < Devise::FailureApp + def respond + self.status = 401 + self.response.headers["CUSTOMHEADER"] = 1 + end + end + Devise.warden_config[:failure_app] = CustomTestFailureApp + user = create_user + sign_in user + get :index + assert_equal 1, @response.headers["CUSTOMHEADER"] + ensure + Devise.warden_config[:failure_app] = old_failure_app + end + end + end From 2a8d0f9beeb31cd2287094c5dcf843d0bd069eb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 9 Aug 2013 10:30:29 +0200 Subject: [PATCH 0274/1473] Update CHANGELOG --- CHANGELOG.rdoc | 21 ++++++++++++++++----- lib/devise/models.rb | 5 +++++ 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index ab7398ff08..37dd1c2e3b 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,16 +1,27 @@ -== 3.1.0 +== 3.1.0.rc + +* backwards incompatible changes + * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration + * The Devise mailer and its views were changed to explicitly receive a token as argument. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` + +* deprecations + * Token authentication is deprecated * bug fix - * Do not sign in after confirmation (you can enable this temporarily by setting `config.allow_insecure_sign_in_after_confirmation` to true in your configuration file) - * Do not store confirmation, unlock and reset password tokens directly in the database (you can enable this temporarily by setting `config.allow_insecure_tokens_lookup` to true in your configuration file) + * Do not sign in after confirmation + * Do not store confirmation, unlock and reset password tokens directly in the database * Do not compare directly against confirmation, unlock and reset password tokens * Skip storage for cookies on unverified requests -* deprecations - * Token authentication is deprecated +== 3.0.2 + +* bug fix + * Skip storage for cookies on unverified requests == 3.0.1 +Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/ + * enhancements * Add after_confirmation callback diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 9893062d8d..1beb1fab6e 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -84,6 +84,11 @@ def devise(*modules) devise_modules_hook! do include Devise::Models::Authenticatable + if selected_modules.include?(:token_authenticatable) + ActiveSupport::Deprecation.warn "devise :token_authenticatable is deprecated. " \ + "Please check Devise 3.1 release notes for more information on how to upgrade." + end + selected_modules.each do |m| mod = Devise::Models.const_get(m.to_s.classify) From e7de0d4c4c4d1cca12a9520ce7bf51b70f4b7ce8 Mon Sep 17 00:00:00 2001 From: Gleb Mazovetskiy Date: Sat, 10 Aug 2013 04:43:20 +0200 Subject: [PATCH 0275/1473] fix doc typo --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 4442d29c36..20315da9c8 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -7,7 +7,7 @@ module Models # # == Options # - # Confirmable adds the following options to devise_for: + # Confirmable adds the following options to +devise+: # # * +allow_unconfirmed_access_for+: the time you want to allow the user to access his account # before confirming it. After this period, the user access is denied. You can From 5e7caffc9e3c8aff714c1cebc59fffbf7193b29e Mon Sep 17 00:00:00 2001 From: Alex Peattie Date: Sun, 11 Aug 2013 19:47:18 +0100 Subject: [PATCH 0276/1473] Extend params sanitizer, to make it easier to add/remove permitted params MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Move the default permitted parameters into ParameterSanitizer::PermittedParameters - Add devise_permitted_parameters helper - devise_permitted_parameters.add to add permitted parameters - devise_permitted_parameters.remove to remove Devise's defaults - devise_permitted_parameters.for to access the parameters for a given action - Update 'Strong Parameters' section of README Signed-off-by: José Valim --- README.md | 20 +++++++++- lib/devise/controllers/helpers.rb | 4 ++ lib/devise/parameter_sanitizer.rb | 65 ++++++++++++++++++++++--------- test/parameter_sanitizer_test.rb | 40 +++++++++++++++++++ 4 files changed, 108 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 00dc8407c4..52135f2200 100644 --- a/README.md +++ b/README.md @@ -187,7 +187,7 @@ There are just three actions in Devise that allows any set of parameters to be p * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` * `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password` -In case you want to customize the permitted parameters (the lazy way™) you can do with a simple before filter in your `ApplicationController`: +In case you want to permit additional parameters (the lazy way™) you can do with a simple before filter in your `ApplicationController`: ```ruby class ApplicationController < ActionController::Base @@ -196,11 +196,27 @@ class ApplicationController < ActionController::Base protected def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) } + # permit parameters for all actions + devise_permitted_parameters.add(:username, :age) + + # permit a parameter for a single action + devise_permitted_parameters.for(:sign_up) << :hometown end end ``` +To remove or overwrite the defaults that Devise provides: + +```ruby +def configure_permitted_parameters + # remove a permitted parameter + devise_permitted_parameters.remove(:email) + + # overwrite the Devise defaults + devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) } +end +``` + If you have multiple Devise models, you may want to set up different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic: ```ruby diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index a53469a544..a187fddfa4 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -91,6 +91,10 @@ def devise_parameter_sanitizer end end + def devise_permitted_parameters + devise_parameter_sanitizer.permitted_parameters + end + # Tell warden that params authentication is allowed for that specific page. def allow_params_authentication! request.env["devise.allow_params_authentication"] = true diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 0a6f3d4bc1..69f6c9c83a 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -30,34 +30,61 @@ def default_params end class ParameterSanitizer < BaseSanitizer + + class PermittedParameters + + def initialize(resource_class) + @resource_class = resource_class + @for = { :sign_in => sign_in, :sign_up => sign_up, :account_update => account_update } + end + + def sign_in + auth_keys + [:password, :remember_me] + end + + def sign_up + auth_keys + [:password, :password_confirmation] + end + + def account_update + auth_keys + [:password, :password_confirmation, :current_password] + end + + def auth_keys + @resource_class.authentication_keys.respond_to?(:keys) ? @resource_class.authentication_keys.keys : @resource_class.authentication_keys + end + + def for(kind) + @for[kind] + end + + def add(*params) + @for.each { |action, permitted| permitted.push *params } + end + + def remove(*params) + @for.each do |action, permitted| + permitted.delete_if { |param| params.include? param } + end + end + + end + + def permitted_parameters + @permitted_parameters ||= PermittedParameters.new(@resource_class) + end + private def fallback_for(kind) if respond_to?(kind, true) send(kind) + elsif (permitted = permitted_parameters.for(kind)) + default_params.permit permitted else raise NotImplementedError, "Devise Parameter Sanitizer doesn't know how to sanitize parameters for #{kind}" end end - # These are the params used to sign in a user so we don't need to - # mass-assign the password param in order to authenticate. Excluding it - # here allows us to construct a new user without sensitive information if - # authentication fails. - def sign_in - default_params.permit(*auth_keys + [:password, :remember_me]) - end - - def sign_up - default_params.permit(*(auth_keys + [:password, :password_confirmation])) - end - - def account_update - default_params.permit(*(auth_keys + [:password, :password_confirmation, :current_password])) - end - - def auth_keys - resource_class.authentication_keys.respond_to?(:keys) ? resource_class.authentication_keys.keys : resource_class.authentication_keys - end end end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 244d515e86..061f8f7bc1 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -48,6 +48,46 @@ def sanitizer(params) assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in)) end + test 'adding permitted parameters for a single action' do + sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1" }) + sanitizer.permitted_parameters.for(:sign_up).push(:username) + + assert_equal({ "email" => "jose", "username" => "jose1" }, sanitizer.for(:sign_up)) + assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in)) + end + + test 'adding permitted parameters for all actions' do + sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1" }) + sanitizer.permitted_parameters.add(:username) + + assert_equal({ "email" => "jose", "username" => "jose1" }, sanitizer.for(:sign_in)) + assert_equal({ "email" => "jose", "username" => "jose1" }, sanitizer.for(:sign_up)) + assert_equal({ "email" => "jose", "username" => "jose1" }, sanitizer.for(:account_update)) + end + + test 'removing default parameters' do + sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) + sanitizer.permitted_parameters.remove(:email) + + assert_equal({ "password" => "invalid" }, sanitizer.for(:sign_in)) + assert_equal({ "password" => "invalid" }, sanitizer.for(:sign_up)) + assert_equal({ "password" => "invalid" }, sanitizer.for(:account_update)) + end + + test 'adding multiple permitted parameters' do + sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1", "role" => "valid" }) + + sanitizer.permitted_parameters.add(:username, :role) + assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitizer.for(:sign_in)) + end + + test 'removing multiple default parameters' do + sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" }) + sanitizer.permitted_parameters.remove(:email, :password) + + assert_equal({ "remember_me" => "1" }, sanitizer.for(:sign_in)) + end + test 'raises on unknown hooks' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) assert_raise NotImplementedError do From 4e318b5167fbe16cb4f583a6e4d2bb52e925bc27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 11 Aug 2013 22:18:29 +0200 Subject: [PATCH 0277/1473] Simplify parameter sanitization proposal --- CHANGELOG.rdoc | 5 ++ README.md | 14 +-- .../devise/registrations_controller.rb | 4 +- app/controllers/devise/sessions_controller.rb | 2 +- lib/devise/controllers/helpers.rb | 4 - lib/devise/parameter_sanitizer.rb | 89 +++++++++---------- test/parameter_sanitizer_test.rb | 61 +++++-------- 7 files changed, 73 insertions(+), 106 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 37dd1c2e3b..f455a90a9b 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -3,10 +3,15 @@ * backwards incompatible changes * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration * The Devise mailer and its views were changed to explicitly receive a token as argument. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` + * Sanitization of parameters should be done by calling `devise_parameter_sanitizier.sanitize(:action)` instead of `devise_parameter_sanitizier.for(:action)` * deprecations * Token authentication is deprecated +* enhancements + * Better security defaults + * Allow easier customization of parameter sanitizer + * bug fix * Do not sign in after confirmation * Do not store confirmation, unlock and reset password tokens directly in the database diff --git a/README.md b/README.md index 52135f2200..f51cee4f07 100644 --- a/README.md +++ b/README.md @@ -196,23 +196,15 @@ class ApplicationController < ActionController::Base protected def configure_permitted_parameters - # permit parameters for all actions - devise_permitted_parameters.add(:username, :age) - - # permit a parameter for a single action - devise_permitted_parameters.for(:sign_up) << :hometown + devise_parameter_sanitizer.for(:sign_up) << :username end end ``` -To remove or overwrite the defaults that Devise provides: +To completely change Devise defaults or invoke custom behaviour, you can also pass a block: ```ruby def configure_permitted_parameters - # remove a permitted parameter - devise_permitted_parameters.remove(:email) - - # overwrite the Devise defaults devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) } end ``` @@ -267,7 +259,7 @@ rails generate devise:views users If the customization at the views level is not enough, you can customize each controller by following these steps: -1. Create your custom controller, for example a `Admins::SessionsController`: +1. Create your custom controller, for example a `Admins::SessionsController`: ```ruby class Admins::SessionsController < Devise::SessionsController diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 9db7e72635..7d1e734796 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -117,10 +117,10 @@ def authenticate_scope! end def sign_up_params - devise_parameter_sanitizer.for(:sign_up) + devise_parameter_sanitizer.sanitize(:sign_up) end def account_update_params - devise_parameter_sanitizer.for(:account_update) + devise_parameter_sanitizer.sanitize(:account_update) end end diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 9c355f389c..a9b3922e83 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -35,7 +35,7 @@ def destroy protected def sign_in_params - devise_parameter_sanitizer.for(:sign_in) + devise_parameter_sanitizer.sanitize(:sign_in) end def serialize_options(resource) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index a187fddfa4..a53469a544 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -91,10 +91,6 @@ def devise_parameter_sanitizer end end - def devise_permitted_parameters - devise_parameter_sanitizer.permitted_parameters - end - # Tell warden that params authentication is allowed for that specific page. def allow_params_authentication! request.env["devise.allow_params_authentication"] = true diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 69f6c9c83a..939b2c747d 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -13,14 +13,23 @@ def for(kind, &block) if block_given? @blocks[kind] = block else - block = @blocks[kind] - block ? block.call(default_params) : fallback_for(kind) + default_for(kind) + end + end + + def sanitize(kind) + if block = @blocks[kind] + block.call(default_params) + elsif respond_to?(kind, true) + send(kind) + else + raise NotImplementedError, "Devise doesn't know how to sanitize parameters for #{kind}" end end private - def fallback_for(kind) + def default_for(kind) default_params end @@ -30,61 +39,45 @@ def default_params end class ParameterSanitizer < BaseSanitizer + def initialize(*) + super + @permitted = Hash.new { |h,k| h[k] = attributes_for(k) } + end - class PermittedParameters - - def initialize(resource_class) - @resource_class = resource_class - @for = { :sign_in => sign_in, :sign_up => sign_up, :account_update => account_update } - end - - def sign_in - auth_keys + [:password, :remember_me] - end - - def sign_up - auth_keys + [:password, :password_confirmation] - end - - def account_update - auth_keys + [:password, :password_confirmation, :current_password] - end - - def auth_keys - @resource_class.authentication_keys.respond_to?(:keys) ? @resource_class.authentication_keys.keys : @resource_class.authentication_keys - end - - def for(kind) - @for[kind] - end - - def add(*params) - @for.each { |action, permitted| permitted.push *params } - end - - def remove(*params) - @for.each do |action, permitted| - permitted.delete_if { |param| params.include? param } - end - end + def sign_in + default_params.permit self.for(:sign_in) + end + def sign_up + default_params.permit self.for(:sign_up) end - def permitted_parameters - @permitted_parameters ||= PermittedParameters.new(@resource_class) + def account_update + default_params.permit self.for(:account_update) end private - def fallback_for(kind) - if respond_to?(kind, true) - send(kind) - elsif (permitted = permitted_parameters.for(kind)) - default_params.permit permitted - else - raise NotImplementedError, "Devise Parameter Sanitizer doesn't know how to sanitize parameters for #{kind}" + # Change for(kind) to return the values in the @permitted + # hash, allowing the developer to customize at runtime. + def default_for(kind) + @permitted[kind] || raise("No sanitizer provided for #{kind}") + end + + def attributes_for(kind) + case kind + when :sign_in + auth_keys + [:password, :remember_me] + when :sign_up + auth_keys + [:password, :password_confirmation] + when :account_update + auth_keys + [:password, :password_confirmation, :current_password] end end + def auth_keys + @auth_keys ||= @resource_class.authentication_keys.respond_to?(:keys) ? + @resource_class.authentication_keys.keys : @resource_class.authentication_keys + end end end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 061f8f7bc1..a2dc9a25a2 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -2,13 +2,21 @@ require 'devise/parameter_sanitizer' class BaseSanitizerTest < ActiveSupport::TestCase - def sanitizer - Devise::BaseSanitizer.new(User, :user, { user: { "email" => "jose" } }) + def sanitizer(params) + params = ActionController::Parameters.new(params) + Devise::BaseSanitizer.new(User, :user, params) end test 'returns chosen params' do + sanitizer = sanitizer(user: { "email" => "jose" }) assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in)) end + + test 'allow custom blocks' do + sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) + sanitizer.for(:sign_in) { |user| user.permit(:email) } + assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_in)) + end end if defined?(ActionController::StrongParameters) @@ -22,76 +30,49 @@ def sanitizer(params) test 'filters some parameters on sign in by default' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" }) - assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.for(:sign_in)) + assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.sanitize(:sign_in)) end test 'handles auth keys as a hash' do swap Devise, :authentication_keys => {:email => true} do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in)) + assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in)) end end test 'filters some parameters on sign up by default' do sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" }) - assert_equal({ "email" => "jose" }, sanitizer.for(:sign_up)) + assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_up)) end test 'filters some parameters on account update by default' do sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" }) - assert_equal({ "email" => "jose" }, sanitizer.for(:account_update)) + assert_equal({ "email" => "jose" }, sanitizer.sanitize(:account_update)) end test 'allows custom hooks' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) sanitizer.for(:sign_in) { |user| user.permit(:email, :password) } - assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in)) - end - - test 'adding permitted parameters for a single action' do - sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1" }) - sanitizer.permitted_parameters.for(:sign_up).push(:username) - - assert_equal({ "email" => "jose", "username" => "jose1" }, sanitizer.for(:sign_up)) - assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in)) - end - - test 'adding permitted parameters for all actions' do - sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1" }) - sanitizer.permitted_parameters.add(:username) - - assert_equal({ "email" => "jose", "username" => "jose1" }, sanitizer.for(:sign_in)) - assert_equal({ "email" => "jose", "username" => "jose1" }, sanitizer.for(:sign_up)) - assert_equal({ "email" => "jose", "username" => "jose1" }, sanitizer.for(:account_update)) - end - - test 'removing default parameters' do - sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - sanitizer.permitted_parameters.remove(:email) - - assert_equal({ "password" => "invalid" }, sanitizer.for(:sign_in)) - assert_equal({ "password" => "invalid" }, sanitizer.for(:sign_up)) - assert_equal({ "password" => "invalid" }, sanitizer.for(:account_update)) + assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in)) end test 'adding multiple permitted parameters' do sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1", "role" => "valid" }) - - sanitizer.permitted_parameters.add(:username, :role) - assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitizer.for(:sign_in)) + sanitizer.for(:sign_in).concat([:username, :role]) + assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitizer.sanitize(:sign_in)) end test 'removing multiple default parameters' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" }) - sanitizer.permitted_parameters.remove(:email, :password) - - assert_equal({ "remember_me" => "1" }, sanitizer.for(:sign_in)) + sanitizer.for(:sign_in).delete(:email) + sanitizer.for(:sign_in).delete(:password) + assert_equal({ "remember_me" => "1" }, sanitizer.sanitize(:sign_in)) end test 'raises on unknown hooks' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) assert_raise NotImplementedError do - sanitizer.for(:unknown) + sanitizer.sanitize(:unknown) end end end From 8541c465d76af6af7da5b9c2ae7fbfb688143e99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 11 Aug 2013 22:19:58 +0200 Subject: [PATCH 0278/1473] Convert CHANGELOG to markdown --- CHANGELOG.rdoc => CHANGELOG.md | 48 +++++++++++++++++----------------- 1 file changed, 24 insertions(+), 24 deletions(-) rename CHANGELOG.rdoc => CHANGELOG.md (95%) diff --git a/CHANGELOG.rdoc b/CHANGELOG.md similarity index 95% rename from CHANGELOG.rdoc rename to CHANGELOG.md index f455a90a9b..910c926b91 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.md @@ -660,7 +660,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added Registerable * Added Http Basic Authentication support * Allow scoped_views to be customized per controller/mailer class - * [#99] Allow authenticatable to used in change_table statements + * Allow authenticatable to used in change_table statements == 0.9.2 @@ -800,19 +800,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added DataMapper support * Remove store_location from authenticatable strategy and add it to failure app * Allow a strategy to be placed after authenticatable - * [#45] Do not rely attribute? methods, since they are not added on Datamapper + * Do not rely attribute? methods, since they are not added on Datamapper == 0.5.6 * enhancements - * [#42] Do not send nil to build (DataMapper compatibility) - * [#44] Allow to have scoped views + * Do not send nil to build (DataMapper compatibility) + * Allow to have scoped views == 0.5.5 * enhancements * Allow overwriting find for authentication method - * [#38] Remove Ruby 1.8.7 dependency + * Remove Ruby 1.8.7 dependency == 0.5.4 @@ -820,7 +820,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Deprecate :singular in devise_for and use :scope instead * enhancements - * [#37] Create after_sign_in_path_for and after_sign_out_path_for hooks to be + * Create after_sign_in_path_for and after_sign_out_path_for hooks to be overwriten in ApplicationController * Create sign_in_and_redirect and sign_out_and_redirect helpers * Warden::Manager.default_scope is automatically configured to the first given scope @@ -832,7 +832,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure all controllers are unloadable * enhancements - * [#35] Moved friendly_token to Devise + * Moved friendly_token to Devise * Added Devise.all, so you can freeze your app strategies * Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper in cases you don't want it be handlded automatically @@ -840,9 +840,9 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. == 0.5.2 * enhancements - * [#28] Improved sign_in and sign_out helpers to accepts resources - * [#28] Added stored_location_for as a helper - * [#20] Added test helpers + * Improved sign_in and sign_out helpers to accepts resources + * Added stored_location_for as a helper + * Added test helpers == 0.5.1 @@ -863,7 +863,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. == 0.4.3 * bug fix - * [#29] Authentication just fails if user cannot be serialized from session, without raising errors; + * Authentication just fails if user cannot be serialized from session, without raising errors; * Default configuration values should not overwrite user values; == 0.4.2 @@ -881,7 +881,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. == 0.4.1 * bug fix - * [#21] Ensure options can be set even if models were not loaded + * Ensure options can be set even if models were not loaded == 0.4.0 @@ -892,25 +892,25 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * :authenticable calls are deprecated, use :authenticatable instead * enhancements - * [#16] Allow devise to be more agnostic and do not require ActiveRecord to be loaded + * Allow devise to be more agnostic and do not require ActiveRecord to be loaded * Allow Warden::Manager to be configured through Devise * Created a generator which creates an initializer == 0.3.0 * bug fix - * [#15] Allow yml messages to be configured by not using engine locales + * Allow yml messages to be configured by not using engine locales * deprecations * Renamed confirm_in to confirm_within - * [#14] Do not send confirmation messages when user changes his e-mail - * [#13] Renamed authenticable to authenticatable and added deprecation warnings + * Do not send confirmation messages when user changes his e-mail + * Renamed authenticable to authenticatable and added deprecation warnings == 0.2.3 * enhancements * Ensure fail! works inside strategies - * [#12] Make unauthenticated message (when you haven't signed in) different from invalid message + * Make unauthenticated message (when you haven't signed in) different from invalid message * bug fix * Do not redirect on invalid authenticate @@ -919,7 +919,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. == 0.2.2 * bug fix - * [#9] Fix a bug when using customized resources + * Fix a bug when using customized resources == 0.2.1 @@ -927,17 +927,17 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Clean devise_views generator to use devise existing views * enhancements - * [#7] Create instance variables (like @user) for each devise controller + * Create instance variables (like @user) for each devise controller * Use Devise::Controller::Helpers only internally * bug fix - * [#6] Fix a bug with Mongrel and Ruby 1.8.6 + * Fix a bug with Mongrel and Ruby 1.8.6 == 0.2.0 * enhancements - * [#4] Allow option :null => true in authenticable migration - * [#3] Remove attr_accessible calls from devise modules + * Allow option :null => true in authenticable migration + * Remove attr_accessible calls from devise modules * Customizable time frame for rememberable with :remember_for config * Customizable time frame for confirmable with :confirm_in config * Generators for creating a resource and copy views @@ -946,12 +946,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Do not load hooks or strategies if they are not used * bug fixes - * [#2] Fixed requiring devise strategies + * Fixed requiring devise strategies == 0.1.1 * bug fixes - * [#1] Fixed requiring devise mapping + * Fixed requiring devise mapping == 0.1.0 From 7e855eddef6d37329f9075408b3065205a17fab2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 11 Aug 2013 22:30:19 +0200 Subject: [PATCH 0279/1473] Credit where credit is due --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 910c926b91..4c5ebf0862 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ * enhancements * Better security defaults - * Allow easier customization of parameter sanitizer + * Allow easier customization of parameter sanitizer (by @alexpeattie) * bug fix * Do not sign in after confirmation From bc0cab8d6011cd4e65deca788de8fce4615a7d16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 12 Aug 2013 15:25:44 +0200 Subject: [PATCH 0280/1473] Update README.md Remove unnecessary maintainers list --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index f51cee4f07..2f1f13d478 100644 --- a/README.md +++ b/README.md @@ -448,12 +448,6 @@ We have a long list of valued contributors. Check them all at: https://github.com/plataformatec/devise/contributors -### Maintainers - -* José Valim (https://github.com/josevalim) -* Carlos Antônio da Silva (https://github.com/carlosantoniodasilva) -* Rodrigo Flores (https://github.com/rodrigoflores) - ## License MIT License. Copyright 2009-2013 Plataformatec. http://plataformatec.com.br From efe34219a9bdfa5efc2133f6b0aa430713ff3ff8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 12 Aug 2013 15:36:29 +0200 Subject: [PATCH 0281/1473] Fix the build on Rails 3.2 --- lib/devise/parameter_sanitizer.rb | 16 +++++++++++++--- test/parameter_sanitizer_test.rb | 7 ------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 939b2c747d..e45f8ad801 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -20,16 +20,18 @@ def for(kind, &block) def sanitize(kind) if block = @blocks[kind] block.call(default_params) - elsif respond_to?(kind, true) - send(kind) else - raise NotImplementedError, "Devise doesn't know how to sanitize parameters for #{kind}" + default_sanitize(kind) end end private def default_for(kind) + raise ArgumentError, "a block is expected in Devise base sanitizer" + end + + def default_sanitize(kind) default_params end @@ -64,6 +66,14 @@ def default_for(kind) @permitted[kind] || raise("No sanitizer provided for #{kind}") end + def default_sanitize(kind) + if respond_to?(kind, true) + send(kind) + else + raise NotImplementedError, "Devise doesn't know how to sanitize parameters for #{kind}" + end + end + def attributes_for(kind) case kind when :sign_in diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index a2dc9a25a2..14b48629fa 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -3,18 +3,11 @@ class BaseSanitizerTest < ActiveSupport::TestCase def sanitizer(params) - params = ActionController::Parameters.new(params) Devise::BaseSanitizer.new(User, :user, params) end test 'returns chosen params' do sanitizer = sanitizer(user: { "email" => "jose" }) - assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in)) - end - - test 'allow custom blocks' do - sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - sanitizer.for(:sign_in) { |user| user.permit(:email) } assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_in)) end end From 5ecbbdf2600dfcf3281a1e0fcac2834670bcb74d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 13 Aug 2013 18:22:19 +0200 Subject: [PATCH 0282/1473] Update version.rb --- lib/devise/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 0d9496720f..d2fcc77ad9 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.0.1".freeze + VERSION = "3.1.0.rc".freeze end From a5e63d7a28e3971d639bb329ce25aa6d3cc5f5dd Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 13 Aug 2013 13:39:18 -0300 Subject: [PATCH 0283/1473] Update Gemfile.lock with new Devise version Also bump master with latest mongoid --- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-3.2.x.lock | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c159b3e271..f106c5a8d3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: fe7f43430580860db6d1d89cea27eda24ab60ab1 + revision: 346a79a7d01aa194de80e649916239a18d38ce13 branch: master specs: mongoid (4.0.0) @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.0.1) + devise (3.1.0.rc) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index 8119ce3b8e..54feaf83a7 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (3.0.1) + devise (3.1.0.rc) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -39,7 +39,7 @@ GEM i18n (= 0.6.1) multi_json (~> 1.0) arel (3.0.2) - atomic (1.1.10) + atomic (1.1.12) bcrypt-ruby (3.1.1) builder (3.0.4) erubis (2.7.0) @@ -126,7 +126,7 @@ GEM tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.7) thor (0.18.1) - thread_safe (0.1.0) + thread_safe (0.1.2) atomic tilt (1.4.0) treetop (1.4.12) From 177ed8a3563602aa5922289c937ccb7abd340a11 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 13 Aug 2013 13:43:06 -0300 Subject: [PATCH 0284/1473] Bump up lock dependencies --- Gemfile.lock | 20 ++++---- gemfiles/Gemfile.rails-3.2.x.lock | 79 +++++++++++++++---------------- 2 files changed, 49 insertions(+), 50 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f106c5a8d3..83ffc22eda 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,8 +4,8 @@ GIT branch: master specs: mongoid (4.0.0) - activemodel (~> 4.0.0.rc1) - moped (~> 1.4.2) + activemodel (~> 4.0.0) + moped (~> 1.5) origin (~> 1.0) tzinfo (~> 0.3.22) @@ -47,17 +47,17 @@ GEM thread_safe (~> 0.1) tzinfo (~> 0.3.37) arel (4.0.0) - atomic (1.1.10) + atomic (1.1.12) bcrypt-ruby (3.1.1) builder (3.1.4) erubis (2.7.0) - faraday (0.8.7) - multipart-post (~> 1.1) + faraday (0.8.8) + multipart-post (~> 1.2.0) hashie (1.2.0) hike (1.2.3) httpauth (0.2.0) - i18n (0.6.4) - json (1.7.7) + i18n (0.6.5) + json (1.8.0) jwt (0.1.8) multi_json (>= 1.5) mail (2.5.4) @@ -68,8 +68,8 @@ GEM minitest (4.7.5) mocha (0.13.3) metaclass (~> 0.0.1) - moped (1.4.5) - multi_json (1.7.7) + moped (1.5.1) + multi_json (1.7.9) multipart-post (1.2.0) nokogiri (1.5.9) oauth2 (0.8.1) @@ -126,7 +126,7 @@ GEM sprockets (~> 2.8) sqlite3 (1.3.7) thor (0.18.1) - thread_safe (0.1.0) + thread_safe (0.1.2) atomic tilt (1.4.1) treetop (1.4.14) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index 54feaf83a7..f0a2233c1f 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -11,12 +11,12 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (3.2.13) - actionpack (= 3.2.13) - mail (~> 2.5.3) - actionpack (3.2.13) - activemodel (= 3.2.13) - activesupport (= 3.2.13) + actionmailer (3.2.14) + actionpack (= 3.2.14) + mail (~> 2.5.4) + actionpack (3.2.14) + activemodel (= 3.2.14) + activesupport (= 3.2.14) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) @@ -24,50 +24,49 @@ GEM rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) - activemodel (3.2.13) - activesupport (= 3.2.13) + activemodel (3.2.14) + activesupport (= 3.2.14) builder (~> 3.0.0) - activerecord (3.2.13) - activemodel (= 3.2.13) - activesupport (= 3.2.13) + activerecord (3.2.14) + activemodel (= 3.2.14) + activesupport (= 3.2.14) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.13) - activemodel (= 3.2.13) - activesupport (= 3.2.13) - activesupport (3.2.13) - i18n (= 0.6.1) + activeresource (3.2.14) + activemodel (= 3.2.14) + activesupport (= 3.2.14) + activesupport (3.2.14) + i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) arel (3.0.2) atomic (1.1.12) bcrypt-ruby (3.1.1) builder (3.0.4) erubis (2.7.0) - faraday (0.8.7) - multipart-post (~> 1.1) + faraday (0.8.8) + multipart-post (~> 1.2.0) hashie (1.2.0) - hike (1.2.2) + hike (1.2.3) httpauth (0.2.0) - i18n (0.6.1) + i18n (0.6.5) journey (1.0.4) - json (1.7.7) + json (1.8.0) jwt (0.1.8) multi_json (>= 1.5) - mail (2.5.3) - i18n (>= 0.4.0) + mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) mime-types (1.23) mocha (0.13.3) metaclass (~> 0.0.1) - mongoid (3.1.3) + mongoid (3.1.4) activemodel (~> 3.2) - moped (~> 1.4.2) + moped (~> 1.4) origin (~> 1.0) tzinfo (~> 0.3.22) - moped (1.4.5) - multi_json (1.7.3) + moped (1.5.1) + multi_json (1.7.9) multipart-post (1.2.0) nokogiri (1.5.9) oauth2 (0.8.1) @@ -100,22 +99,22 @@ GEM rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.13) - actionmailer (= 3.2.13) - actionpack (= 3.2.13) - activerecord (= 3.2.13) - activeresource (= 3.2.13) - activesupport (= 3.2.13) + rails (3.2.14) + actionmailer (= 3.2.14) + actionpack (= 3.2.14) + activerecord (= 3.2.14) + activeresource (= 3.2.14) + activesupport (= 3.2.14) bundler (~> 1.0) - railties (= 3.2.13) - railties (3.2.13) - actionpack (= 3.2.13) - activesupport (= 3.2.13) + railties (= 3.2.14) + railties (3.2.14) + actionpack (= 3.2.14) + activesupport (= 3.2.14) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) - rake (10.0.4) + rake (10.1.0) rdoc (3.12.2) json (~> 1.4) ruby-openid (2.2.3) @@ -128,8 +127,8 @@ GEM thor (0.18.1) thread_safe (0.1.2) atomic - tilt (1.4.0) - treetop (1.4.12) + tilt (1.4.1) + treetop (1.4.14) polyglot polyglot (>= 0.3.1) tzinfo (0.3.37) From 58cbd915124c42fcee365581a7966a7edfdeadfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 13 Aug 2013 18:55:50 +0200 Subject: [PATCH 0285/1473] Do not do double redirect on after confirmation path --- app/controllers/devise/confirmations_controller.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index fc81a1a217..4d00465de2 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -37,6 +37,10 @@ def after_resending_confirmation_instructions_path_for(resource_name) # The path used after confirmation. def after_confirmation_path_for(resource_name, resource) - new_session_path(resource_name) + if Devise.allow_insecure_sign_in_after_confirmation + after_sign_in_path_for(resource) + else + new_session_path(resource_name) + end end end From e8b70bb04d0c584fb3c0777b38eff8f63a67037b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 17 Aug 2013 09:19:28 +0200 Subject: [PATCH 0286/1473] Include registration on docs --- lib/devise/rails/routes.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 6e28dc8e8e..f824598465 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -80,7 +80,8 @@ class Mapper # * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up, # :password, :confirmation, :unlock. # - # devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification' } + # devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', + # :password => 'secret', :confirmation => 'verification', registration: 'register } # # * :controllers => the controller which should be used. All routes by default points to Devise controllers. # However, if you want them to point to custom controller, you should do: From b1754074e5a74c2437cf7119730cbc35aeb9d0b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 18 Aug 2013 09:55:05 +0200 Subject: [PATCH 0287/1473] Only raise on missing secret key after a route is defined --- lib/devise/rails.rb | 7 ------- lib/devise/rails/routes.rb | 10 ++++++++++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index e2814f7900..70e79f84ac 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -35,13 +35,6 @@ class Engine < ::Rails::Engine Devise::TokenGenerator.new( Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key)) ) - else - raise <<-ERROR -Devise.secret_key was not set. Please add the following to your Devise initializer: - - config.secret_key = '#{SecureRandom.hex(64)}' - -ERROR end end diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index f824598465..8e728d2d8a 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -192,6 +192,7 @@ class Mapper # def devise_for(*resources) @devise_finalized = false + raise_no_secret_key unless Devise.secret_key options = resources.extract_options! options[:as] ||= @scope[:as] if @scope[:as].present? @@ -435,6 +436,15 @@ def set_omniauth_path_prefix!(path_prefix) #:nodoc: end end + def raise_no_secret_key #:nodoc: + raise <<-ERROR +Devise.secret_key was not set. Please add the following to your Devise initializer: + + config.secret_key = '#{SecureRandom.hex(64)}' + +ERROR + end + def raise_no_devise_method_error!(klass) #:nodoc: raise "#{klass} does not respond to 'devise' method. This usually means you haven't " \ "loaded your ORM file or it's being loaded too late. To fix it, be sure to require 'devise/orm/YOUR_ORM' " \ From 052cbef2056aee3432a23487feede2610d5c773a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andri=20M=C3=B6ll?= Date: Thu, 15 Aug 2013 14:17:11 +0300 Subject: [PATCH 0288/1473] Don't confirm email after password reset. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Valim --- lib/devise/models/confirmable.rb | 5 ----- test/controllers/passwords_controller_test.rb | 2 +- test/integration/recoverable_test.rb | 9 --------- 3 files changed, 1 insertion(+), 15 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 20315da9c8..7c51adcb11 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -228,11 +228,6 @@ def generate_confirmation_token! generate_confirmation_token && save(:validate => false) end - def after_password_reset - super - confirm! unless confirmed? - end - def postpone_email_change_until_confirmation_and_regenerate_confirmation_token @reconfirmation_required = true self.unconfirmed_email = self.email diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index a7fa06d666..3d4c0f2062 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -6,7 +6,7 @@ class PasswordsControllerTest < ActionController::TestCase setup do request.env["devise.mapping"] = Devise.mappings[:user] - @user = create_user + @user = create_user.tap(&:confirm!) @raw = @user.send_reset_password_instructions end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 4b6d495c9f..6afd37e78b 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -236,15 +236,6 @@ def reset_password(options={}, &block) end end - test 'sign in user automatically and confirm after changing its password if it\'s not confirmed' do - user = create_user(:confirm => false) - request_forgot_password - reset_password - - assert warden.authenticated?(:user) - assert user.reload.confirmed? - end - test 'reset password request with valid E-Mail in XML format should return valid response' do create_user post user_password_path(:format => 'xml'), :user => {:email => "user@test.com"} From 1437ae2ce313363caf8b38e8c568ca62847a1b27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 18 Aug 2013 10:13:53 +0200 Subject: [PATCH 0289/1473] Release v3.1.0.rc2 --- CHANGELOG.md | 3 ++- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.2.x.lock | 4 ++-- lib/devise/version.rb | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c5ebf0862..faefb0e37a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -== 3.1.0.rc +== 3.1.0.rc2 * backwards incompatible changes * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration @@ -13,6 +13,7 @@ * Allow easier customization of parameter sanitizer (by @alexpeattie) * bug fix + * Do not confirm e-mail after password reset * Do not sign in after confirmation * Do not store confirmation, unlock and reset password tokens directly in the database * Do not compare directly against confirmation, unlock and reset password tokens diff --git a/Gemfile.lock b/Gemfile.lock index 83ffc22eda..6850c28cb4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.1.0.rc) + devise (3.1.0.rc2) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index f0a2233c1f..50b9c18d5c 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (3.1.0.rc) + devise (3.1.0.rc2) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -39,7 +39,7 @@ GEM i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) arel (3.0.2) - atomic (1.1.12) + atomic (1.1.13) bcrypt-ruby (3.1.1) builder (3.0.4) erubis (2.7.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index d2fcc77ad9..f68f1c06cd 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.1.0.rc".freeze + VERSION = "3.1.0.rc2".freeze end From 3f00d735a45b284bed70845039ad663b7b066dc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 18 Aug 2013 10:17:51 +0200 Subject: [PATCH 0290/1473] Mention the security announcement [ci skip] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index faefb0e37a..6f6cba684a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ == 3.1.0.rc2 +Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ + * backwards incompatible changes * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration * The Devise mailer and its views were changed to explicitly receive a token as argument. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` From ea870e0636fef5486fe2ba4718f76c4eac986555 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 18 Aug 2013 10:46:00 +0200 Subject: [PATCH 0291/1473] Credit where credit is due [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f6cba684a..fc587c8cdd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-w * Allow easier customization of parameter sanitizer (by @alexpeattie) * bug fix - * Do not confirm e-mail after password reset + * Do not confirm e-mail after password reset (by @moll) * Do not sign in after confirmation * Do not store confirmation, unlock and reset password tokens directly in the database * Do not compare directly against confirmation, unlock and reset password tokens From 72c3472fe1d98cbaf15ec3f1e79ccc75189f1e74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 19 Aug 2013 20:33:21 +0200 Subject: [PATCH 0292/1473] Generate remember token --- lib/devise/models/rememberable.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index ff6c2ee772..e59636394f 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -110,12 +110,16 @@ def serialize_into_cookie(record) # Recreate the user based on the stored cookie def serialize_from_cookie(id, remember_token) record = to_adapter.get(id) - record if record && record.rememberable_value == remember_token && !record.remember_expired? + record if record && !record.remember_expired? && + Devise.secure_compare(record.rememberable_value, remember_token) end # Generate a token checking if one does not already exist in the database. def remember_token #:nodoc: - generate_token(:remember_token) + loop do + token = Devise.friendly_token + break token unless to_adapter.find_first({ :remember_token => token }) + end end Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options) From 605924a9212733076f8cef01b9e53b19e83f27d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 19 Aug 2013 20:48:36 +0200 Subject: [PATCH 0293/1473] Add a test related to remember token generation --- test/models/rememberable_test.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index ab776ffb01..4607e6d5e4 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -22,6 +22,14 @@ def create_resource user.forget_me! end + test 'can generate remember token' do + user = create_user + user.singleton_class.send(:attr_accessor, :remember_token) + User.to_adapter.expects(:find_first).returns(nil) + user.remember_me! + assert user.remember_token + end + test 'serialize into cookie' do user = create_user user.remember_me! From 6a22e88dfa6877596a09a8895cb57b67258f00d0 Mon Sep 17 00:00:00 2001 From: Tod Detre Date: Tue, 20 Aug 2013 16:36:35 -0400 Subject: [PATCH 0294/1473] Allowed updating of attributes without a password if password_required? resolves to false --- app/controllers/devise/registrations_controller.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 7d1e734796..7fc472fbe0 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -40,7 +40,15 @@ def update self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) - if resource.update_with_password(account_update_params) + #check to see if a password is required. If not, update_without_password + update_status = false + if resource.password_required? + update_status = resource.update_with_password(account_update_params) + else + update_status = resource.update_without_password(account_update_params) + end + + if update_status if is_navigational_format? flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? :update_needs_confirmation : :updated From 66c829eef453d5357e74dec4f96833d814647af8 Mon Sep 17 00:00:00 2001 From: Tod Detre Date: Wed, 21 Aug 2013 11:04:32 -0400 Subject: [PATCH 0295/1473] created update_resource method to allow subclass overwritting --- .../devise/registrations_controller.rb | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 7fc472fbe0..d8a4d4ce5e 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -40,15 +40,7 @@ def update self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) - #check to see if a password is required. If not, update_without_password - update_status = false - if resource.password_required? - update_status = resource.update_with_password(account_update_params) - else - update_status = resource.update_without_password(account_update_params) - end - - if update_status + if update_resource(resource, account_update_params) if is_navigational_format? flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? :update_needs_confirmation : :updated @@ -88,6 +80,12 @@ def update_needs_confirmation?(resource, previous) previous != resource.unconfirmed_email end + # By default we want to require a password checks on update. + # You can overwrite this method in your own RegistrationsController. + def update_resource(resource, params) + resource.update_with_password(params) + end + # Build a devise resource passing in the session. Useful to move # temporary session data to the newly created user. def build_resource(hash=nil) From 949c9e5ded6c5992ce5f3b393eb6fb62b2eb828b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 21 Aug 2013 17:30:01 +0200 Subject: [PATCH 0296/1473] Remove gem version from README (because it doesn't work when branched) --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2f1f13d478..0c1e89a6a8 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,6 @@ By [Plataformatec](http://plataformatec.com.br/). -[![Gem Version](https://fury-badge.herokuapp.com/rb/devise.png)](http://badge.fury.io/rb/devise) [![Build Status](https://api.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise) From 3232d14b20da4a596f2c0ff31b8a9ac0a529322e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 21 Aug 2013 17:33:38 +0200 Subject: [PATCH 0297/1473] token authenticatable mentions --- lib/generators/active_record/devise_generator.rb | 3 --- lib/generators/active_record/templates/migration.rb | 1 - lib/generators/active_record/templates/migration_existing.rb | 1 - lib/generators/devise/orm_helpers.rb | 3 +-- 4 files changed, 1 insertion(+), 7 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index f566cd1510..166d13131f 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -66,9 +66,6 @@ def migration_data # t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts # t.string :unlock_token # Only if unlock strategy is :email or :both # t.datetime :locked_at - - ## Token authenticatable - # t.string :authentication_token RUBY end end diff --git a/lib/generators/active_record/templates/migration.rb b/lib/generators/active_record/templates/migration.rb index e2cef1a945..5a9d240cd8 100644 --- a/lib/generators/active_record/templates/migration.rb +++ b/lib/generators/active_record/templates/migration.rb @@ -14,6 +14,5 @@ def change add_index :<%= table_name %>, :reset_password_token, :unique => true # add_index :<%= table_name %>, :confirmation_token, :unique => true # add_index :<%= table_name %>, :unlock_token, :unique => true - # add_index :<%= table_name %>, :authentication_token, :unique => true end end diff --git a/lib/generators/active_record/templates/migration_existing.rb b/lib/generators/active_record/templates/migration_existing.rb index 1eda9aeae7..cc49ca42df 100644 --- a/lib/generators/active_record/templates/migration_existing.rb +++ b/lib/generators/active_record/templates/migration_existing.rb @@ -15,7 +15,6 @@ def self.up add_index :<%= table_name %>, :reset_password_token, :unique => true # add_index :<%= table_name %>, :confirmation_token, :unique => true # add_index :<%= table_name %>, :unlock_token, :unique => true - # add_index :<%= table_name %>, :authentication_token, :unique => true end def self.down diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index 49719b6c20..f8f59e490a 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -4,8 +4,7 @@ module OrmHelpers def model_contents buffer = <<-CONTENT # Include default devise modules. Others available are: - # :token_authenticatable, :confirmable, - # :lockable, :timeoutable and :omniauthable + # :confirmable, :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable From 213ed8164112bf0b43ebc54607f0463a14b4e7f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 27 Aug 2013 07:05:54 -0300 Subject: [PATCH 0298/1473] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fc587c8cdd..67aacec4b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-w * backwards incompatible changes * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration - * The Devise mailer and its views were changed to explicitly receive a token as argument. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` + * The Devise mailer and its views were changed to explicitly receive a token argument as `@token`. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` * Sanitization of parameters should be done by calling `devise_parameter_sanitizier.sanitize(:action)` instead of `devise_parameter_sanitizier.for(:action)` * deprecations From 4b7fcac23a96c08e8b646869ec0102809b17773e Mon Sep 17 00:00:00 2001 From: Theodor Tonum Date: Fri, 30 Aug 2013 16:38:34 +0200 Subject: [PATCH 0299/1473] Typo --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 67aacec4b6..de0761edd3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-w * backwards incompatible changes * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration * The Devise mailer and its views were changed to explicitly receive a token argument as `@token`. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` - * Sanitization of parameters should be done by calling `devise_parameter_sanitizier.sanitize(:action)` instead of `devise_parameter_sanitizier.for(:action)` + * Sanitization of parameters should be done by calling `devise_parameter_sanitizer.sanitize(:action)` instead of `devise_parameter_sanitizer.for(:action)` * deprecations * Token authentication is deprecated From 91f2bce08e7bf98d9faddad99baee2600c34ad4d Mon Sep 17 00:00:00 2001 From: Pavel Pravosud Date: Fri, 30 Aug 2013 22:21:12 +0700 Subject: [PATCH 0300/1473] Consistent single quotes in devise.rb generator --- lib/generators/templates/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 2d67de9989..4b9f7ef955 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -98,7 +98,7 @@ config.stretches = Rails.env.test? ? 1 : 10 # Setup a pepper to generate the encrypted password. - # config.pepper = <%= SecureRandom.hex(64).inspect %> + # config.pepper = '<%= SecureRandom.hex(64) %>' # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without From fc251c306c46382f0fccb154d656c80692268a31 Mon Sep 17 00:00:00 2001 From: Greg Gates Date: Fri, 30 Aug 2013 17:13:11 -0400 Subject: [PATCH 0301/1473] Fixes incorrect flash message on confirmation The :confirmed default message in devise.en.yml used to say "You are now signed in." This is no longer the default behavior in v3.1.0. This commit renames that message to :confirmed_and_signed_in and changes the :confirmed message to be appropriate for the default post- confirmation location (which is now the new session page). The new :confirmed message reads: "Your account was successfully confirmed. Please sign in." --- app/controllers/devise/confirmations_controller.rb | 8 ++++++-- config/locales/en.yml | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 4d00465de2..28584957da 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -20,8 +20,12 @@ def show self.resource = resource_class.confirm_by_token(params[:confirmation_token]) if resource.errors.empty? - set_flash_message(:notice, :confirmed) if is_navigational_format? - sign_in(resource_name, resource) if Devise.allow_insecure_sign_in_after_confirmation + if Devise.allow_insecure_sign_in_after_confirmation + set_flash_message(:notice, :confirmed_and_signed_in) if is_navigational_format? + sign_in(resource_name, resource) + else + set_flash_message(:notice, :confirmed) if is_navigational_format? + end respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new } diff --git a/config/locales/en.yml b/config/locales/en.yml index d0932bd86d..e7445b316d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -3,7 +3,8 @@ en: devise: confirmations: - confirmed: "Your account was successfully confirmed. You are now signed in." + confirmed: "Your account was successfully confirmed. Please sign in." + confirmed_and_signed_in: "Your account was successfully confirmed. You are now signed in." send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." failure: From 23c55170090b3a7ffba16283c3c649c750533693 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 31 Aug 2013 15:25:49 +0300 Subject: [PATCH 0302/1473] add test for fc251c306c --- test/integration/confirmable_test.rb | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 6d7c5a2af7..beba732b92 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -56,12 +56,24 @@ def resend_confirmation assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) - assert_contain 'Your account was successfully confirmed.' + assert_contain 'Your account was successfully confirmed. Please sign in.' assert_current_url '/users/sign_in' assert user.reload.confirmed? end end + test 'user should be signed in after confirmation if allow_insecure_sign_in_after_confirmation is enabled' do + swap Devise, :confirm_within => 3.days, :allow_insecure_sign_in_after_confirmation => true do + user = create_user(:confirm => false, :confirmation_sent_at => 2.days.ago) + assert_not user.confirmed? + visit_user_confirmation_with_token(user.raw_confirmation_token) + + assert_contain 'Your account was successfully confirmed. You are now signed in.' + assert_current_url root_url + assert user.reload.confirmed? + end + end + test 'user should be redirected to a custom path after confirmation' do Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1") From b9112d4308115bd1c0c7b49969381d1016f5fb8b Mon Sep 17 00:00:00 2001 From: Alexander Zubkov Date: Mon, 2 Sep 2013 14:48:19 +0400 Subject: [PATCH 0303/1473] Handle nil failed_attempts --- lib/devise/hooks/lockable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/hooks/lockable.rb b/lib/devise/hooks/lockable.rb index d713153f33..b7b1ea0842 100644 --- a/lib/devise/hooks/lockable.rb +++ b/lib/devise/hooks/lockable.rb @@ -2,6 +2,6 @@ # This is only triggered when the user is explicitly set (with set_user) Warden::Manager.after_set_user :except => :fetch do |record, warden, options| if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope]) - record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.zero? + record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.to_i.zero? end end From 095572b6fd4fb16cab59b02ca7827442426923e1 Mon Sep 17 00:00:00 2001 From: Alexander Zubkov Date: Mon, 2 Sep 2013 15:00:12 +0400 Subject: [PATCH 0304/1473] Add nulls to migration generator --- lib/generators/active_record/devise_generator.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 166d13131f..8520b46d79 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -50,7 +50,7 @@ def migration_data t.datetime :remember_created_at ## Trackable - t.integer :sign_in_count, :default => 0 + t.integer :sign_in_count, :default => 0, :null => false t.datetime :current_sign_in_at t.datetime :last_sign_in_at t.string :current_sign_in_ip @@ -63,7 +63,7 @@ def migration_data # t.string :unconfirmed_email # Only if using reconfirmable ## Lockable - # t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts + # t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts # t.string :unlock_token # Only if unlock strategy is :email or :both # t.datetime :locked_at RUBY From 08edcc10fefced9463715174c33f98e489abe053 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 2 Sep 2013 19:02:11 -0300 Subject: [PATCH 0305/1473] Release 3.1.0 --- CHANGELOG.md | 7 +++++-- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.2.x.lock | 2 +- lib/devise/version.rb | 2 +- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index de0761edd3..602ee11fe6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -== 3.1.0.rc2 +== 3.1.0 Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ @@ -42,11 +42,14 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * enhancements * Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) * Drop support for Rails < 3.2 and Ruby < 1.9.3 - * Enable to skip sending reconfirmation email when reconfirmable is on and skip_confirmation_notification! is invoked (by @tkhr) + * Enable to skip sending reconfirmation email when reconfirmable is on and `skip_confirmation_notification!` is invoked (by @tkhr) * bug fix * Errors on unlock are now properly reflected on the first `unlock_keys` +* backwards incompatible changes + * Changes on session storage will expire all existing sessions on upgrade + == 2.2.4 * enhancements diff --git a/Gemfile.lock b/Gemfile.lock index 6850c28cb4..9889a72614 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.1.0.rc2) + devise (3.1.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index 50b9c18d5c..a594406b4f 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (3.1.0.rc2) + devise (3.1.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index f68f1c06cd..2e9034e20a 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.1.0.rc2".freeze + VERSION = "3.1.0".freeze end From 07f0ee75eeb503e47d4bad34f869a11dc0461037 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 2 Sep 2013 19:04:51 -0300 Subject: [PATCH 0306/1473] Link to update gist on CHANGELOG for 3.0 update --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 602ee11fe6..256d5830e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -48,7 +48,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * Errors on unlock are now properly reflected on the first `unlock_keys` * backwards incompatible changes - * Changes on session storage will expire all existing sessions on upgrade + * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606 == 2.2.4 From dff7891b97d785d228a15dff5c1acdb0da34605f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 2 Sep 2013 19:15:47 -0300 Subject: [PATCH 0307/1473] Get rid of token authentication --- config/locales/en.yml | 1 - lib/devise/models.rb | 5 - lib/devise/models/authenticatable.rb | 4 +- lib/devise/models/token_authenticatable.rb | 92 -------- lib/devise/modules.rb | 1 - .../strategies/token_authenticatable.rb | 91 -------- lib/generators/mongoid/devise_generator.rb | 3 - lib/generators/templates/devise.rb | 13 +- test/controllers/internal_helpers_test.rb | 4 +- test/integration/http_authenticatable_test.rb | 10 - .../integration/token_authenticatable_test.rb | 205 ------------------ test/mapping_test.rb | 4 +- test/models/token_authenticatable_test.rb | 55 ----- test/rails_app/app/mongoid/user.rb | 3 - .../migrate/20100401102949_create_tables.rb | 3 - test/rails_app/db/schema.rb | 1 - test/rails_app/lib/shared_user.rb | 2 +- 17 files changed, 9 insertions(+), 488 deletions(-) delete mode 100644 lib/devise/models/token_authenticatable.rb delete mode 100644 lib/devise/strategies/token_authenticatable.rb delete mode 100644 test/integration/token_authenticatable_test.rb delete mode 100644 test/models/token_authenticatable_test.rb diff --git a/config/locales/en.yml b/config/locales/en.yml index e7445b316d..ee239f3613 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -11,7 +11,6 @@ en: already_authenticated: "You are already signed in." inactive: "Your account is not activated yet." invalid: "Invalid email or password." - invalid_token: "Invalid authentication token." locked: "Your account is locked." not_found_in_database: "Invalid email or password." timeout: "Your session expired. Please sign in again to continue." diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 1beb1fab6e..9893062d8d 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -84,11 +84,6 @@ def devise(*modules) devise_modules_hook! do include Devise::Models::Authenticatable - if selected_modules.include?(:token_authenticatable) - ActiveSupport::Deprecation.warn "devise :token_authenticatable is deprecated. " \ - "Please check Devise 3.1 release notes for more information on how to upgrade." - end - selected_modules.each do |m| mod = Devise::Models.const_get(m.to_s.classify) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index beee021cce..c80350a858 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -29,9 +29,7 @@ module Models # It also accepts an array specifying the strategies that should allow params authentication. # # * +skip_session_storage+: By default Devise will store the user in session. - # You can skip storage for http and token auth by appending values to array: - # :skip_session_storage => [:token_auth] or :skip_session_storage => [:http_auth, :token_auth], - # by default is set to :skip_session_storage => [:http_auth]. + # By default is set to :skip_session_storage => [:http_auth]. # # == active_for_authentication? # diff --git a/lib/devise/models/token_authenticatable.rb b/lib/devise/models/token_authenticatable.rb deleted file mode 100644 index b9f1c18900..0000000000 --- a/lib/devise/models/token_authenticatable.rb +++ /dev/null @@ -1,92 +0,0 @@ -require 'devise/strategies/token_authenticatable' - -module Devise - module Models - # The TokenAuthenticatable module is responsible for generating an authentication token and - # validating the authenticity of the same while signing in. - # - # This module only provides a few helpers to help you manage the token, but it is up to you - # to choose how to use it. For example, if you want to have a new token every time the user - # saves his account, you can do the following: - # - # before_save :reset_authentication_token - # - # On the other hand, if you want to generate token unless one exists, you should use instead: - # - # before_save :ensure_authentication_token - # - # If you want to delete the token after it is used, you can do so in the - # after_token_authentication callback. - # - # == APIs - # - # If you are using token authentication with APIs and using trackable. Every - # request will be considered as a new sign in (since there is no session in - # APIs). You can disable this by creating a before filter as follow: - # - # before_filter :skip_trackable - # - # def skip_trackable - # request.env['devise.skip_trackable'] = true - # end - # - # == Options - # - # TokenAuthenticatable adds the following options to devise_for: - # - # * +token_authentication_key+: Defines name of the authentication token params key. E.g. /users/sign_in?some_key=... - # - module TokenAuthenticatable - extend ActiveSupport::Concern - - def self.required_fields(klass) - [:authentication_token] - end - - # Generate new authentication token (a.k.a. "single access token"). - def reset_authentication_token - self.authentication_token = self.class.authentication_token - end - - # Generate new authentication token and save the record. - def reset_authentication_token! - reset_authentication_token - save(:validate => false) - end - - # Generate authentication token unless already exists. - def ensure_authentication_token - reset_authentication_token if authentication_token.blank? - end - - # Generate authentication token unless already exists and save the record. - def ensure_authentication_token! - reset_authentication_token! if authentication_token.blank? - end - - # Hook called after token authentication. - def after_token_authentication - end - - def expire_auth_token_on_timeout - self.class.expire_auth_token_on_timeout - end - - module ClassMethods - def find_for_token_authentication(conditions) - find_for_authentication(:authentication_token => conditions[token_authentication_key]) - end - - # Generate a token checking if one does not already exist in the database. - def authentication_token - loop do - token = Devise.friendly_token - break token unless to_adapter.find_first({ :authentication_token => token }) - end - end - - Devise::Models.config(self, :token_authentication_key, :expire_auth_token_on_timeout) - end - end - end -end diff --git a/lib/devise/modules.rb b/lib/devise/modules.rb index 1c620ca35b..a93b4b0307 100644 --- a/lib/devise/modules.rb +++ b/lib/devise/modules.rb @@ -5,7 +5,6 @@ d.with_options :strategy => true do |s| routes = [nil, :new, :destroy] s.add_module :database_authenticatable, :controller => :sessions, :route => { :session => routes } - s.add_module :token_authenticatable, :controller => :sessions, :route => { :session => routes }, :no_input => true s.add_module :rememberable, :no_input => true end diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb deleted file mode 100644 index f4f9bddfa8..0000000000 --- a/lib/devise/strategies/token_authenticatable.rb +++ /dev/null @@ -1,91 +0,0 @@ -require 'devise/strategies/base' - -module Devise - module Strategies - # Strategy for signing in a user, based on a authenticatable token. This works for both params - # and http. For the former, all you need to do is to pass the params in the URL: - # - # http://myapp.example.com/?user_token=SECRET - # - # For headers, you can use basic authentication passing the token as username and - # blank password. Since some clients may require a password, you can pass "X" as - # password and it will simply be ignored. - # - # You may also pass the token using the Token authentication mechanism provided - # by Rails: http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html - # The token options are stored in request.env['devise.token_options'] - class TokenAuthenticatable < Authenticatable - def store? - super && !mapping.to.skip_session_storage.include?(:token_auth) - end - - def valid? - super || valid_for_token_auth? - end - - def authenticate! - resource = mapping.to.find_for_token_authentication(authentication_hash) - return fail(:invalid_token) unless resource - - if validate(resource) - resource.after_token_authentication - success!(resource) - end - end - - private - - # Token Authenticatable can be authenticated with params in any controller and any verb. - def valid_params_request? - true - end - - # Do not use remember_me behavior with token. - def remember_me? - false - end - - # Check if the model accepts this strategy as token authenticatable. - def token_authenticatable? - mapping.to.http_authenticatable?(:token_options) - end - - # Check if this is strategy is valid for token authentication by: - # - # * Validating if the model allows http token authentication; - # * If the http auth token exists; - # * If all authentication keys are present; - # - def valid_for_token_auth? - token_authenticatable? && auth_token.present? && with_authentication_hash(:token_auth, token_auth_hash) - end - - # Extract the auth token from the request - def auth_token - @auth_token ||= ActionController::HttpAuthentication::Token.token_and_options(request) - end - - # Extract a hash with attributes:values from the auth_token - def token_auth_hash - request.env['devise.token_options'] = auth_token.last - { authentication_keys.first => auth_token.first } - end - - # Try both scoped and non scoped keys - def params_auth_hash - if params[scope].kind_of?(Hash) && params[scope].has_key?(authentication_keys.first) - params[scope] - else - params - end - end - - # Overwrite authentication keys to use token_authentication_key. - def authentication_keys - @authentication_keys ||= [mapping.to.token_authentication_key] - end - end - end -end - -Warden::Strategies.add(:token_authenticatable, Devise::Strategies::TokenAuthenticatable) diff --git a/lib/generators/mongoid/devise_generator.rb b/lib/generators/mongoid/devise_generator.rb index 247bfcde78..33b82bf8e6 100644 --- a/lib/generators/mongoid/devise_generator.rb +++ b/lib/generators/mongoid/devise_generator.rb @@ -47,9 +47,6 @@ def migration_data # field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts # field :unlock_token, :type => String # Only if unlock strategy is :email or :both # field :locked_at, :type => Time - - ## Token authenticatable - # field :authentication_token, :type => String RUBY end end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 4b9f7ef955..fde9c14cd3 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -56,12 +56,9 @@ # Tell if authentication through HTTP Auth is enabled. False by default. # It can be set to an array that will enable http authentication only for the - # given strategies, for example, `config.http_authenticatable = [:token]` will - # enable it only for token authentication. The supported strategies are: + # given strategies, for example, `config.http_authenticatable = [:database]` will + # enable it only for database authentication. The supported strategies are: # :database = Support basic authentication with authentication key + password - # :token = Support basic authentication with token authentication key - # :token_options = Support token authentication with options as defined in - # http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html # config.http_authenticatable = false # If http headers should be returned for AJAX requests. True by default. @@ -76,7 +73,7 @@ # config.paranoid = true # By default Devise will store the user in session. You can skip storage for - # :http_auth and :token_auth by adding those symbols to the array below. + # particular strategies by setting this option. # Notice that if you are skipping storage for all authentication paths, you # may want to disable generating routes to Devise's sessions controller by # passing :skip => :sessions to `devise_for` in your config/routes.rb @@ -196,10 +193,6 @@ # Require the `devise-encryptable` gem when using anything other than bcrypt # config.encryptor = :sha512 - # ==> Configuration for :token_authenticatable - # Defines name of the authentication token params key - # config.token_authentication_key = :auth_token - # ==> Scopes configuration # Turn scoped views on. Before rendering "sessions/new", it will first check for # "users/sessions/new". It's turned off by default because it's slower if you diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index cf38d1360d..59dc7a597f 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -55,7 +55,7 @@ def setup end test 'require no authentication tests current mapping' do - @mock_warden.expects(:authenticate?).with(:rememberable, :token_authenticatable, :scope => :user).returns(true) + @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true) @mock_warden.expects(:user).with(:user).returns(User.new) @controller.expects(:redirect_to).with(root_path) @controller.send :require_no_authentication @@ -71,7 +71,7 @@ def setup end test 'require no authentication sets a flash message' do - @mock_warden.expects(:authenticate?).with(:rememberable, :token_authenticatable, :scope => :user).returns(true) + @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true) @mock_warden.expects(:user).with(:user).returns(User.new) @controller.expects(:redirect_to).with(root_path) @controller.send :require_no_authentication diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 31dc3729a3..1934f31128 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -88,16 +88,6 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end end - test 'sign in should authenticate with really long token' do - token = "token_containing_so_many_characters_that_the_base64_encoding_will_wrap" - user = create_user - user.update_attribute :authentication_token, token - get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{token}:x")}" - assert_response :success - assert_match "user@test.com", response.body - assert warden.authenticated?(:user) - end - private def sign_in_as_new_user_with_http(username="user@test.com", password="12345678") diff --git a/test/integration/token_authenticatable_test.rb b/test/integration/token_authenticatable_test.rb deleted file mode 100644 index 38750fcf95..0000000000 --- a/test/integration/token_authenticatable_test.rb +++ /dev/null @@ -1,205 +0,0 @@ -require 'test_helper' - -class TokenAuthenticationTest < ActionDispatch::IntegrationTest - - test 'authenticate with valid authentication token key and value through params' do - swap Devise, :token_authentication_key => :secret_token do - sign_in_as_new_user_with_token - - assert_response :success - assert_current_url "/users?secret_token=#{VALID_AUTHENTICATION_TOKEN}" - assert_contain 'Welcome' - assert warden.authenticated?(:user) - end - end - - test 'authenticate with valid authentication token key and value through params, when params with the same key as scope exist' do - swap Devise, :token_authentication_key => :secret_token do - user = create_user_with_authentication_token - post exhibit_user_path(user), Devise.token_authentication_key => user.authentication_token, :user => { :some => "data" } - - assert_response :success - assert_contain 'User is authenticated' - assert warden.authenticated?(:user) - end - end - - test 'authenticate with valid authentication token key but does not store if stateless' do - swap Devise, :token_authentication_key => :secret_token, :skip_session_storage => [:token_auth] do - sign_in_as_new_user_with_token - assert warden.authenticated?(:user) - - get users_path - assert_redirected_to new_user_session_path - assert_not warden.authenticated?(:user) - end - end - - test 'authenticate with valid authentication token key and value through http' do - swap Devise, :token_authentication_key => :secret_token do - sign_in_as_new_user_with_token(:http_auth => true) - - assert_response :success - assert_match 'user@test.com', response.body - assert warden.authenticated?(:user) - end - end - - test 'does authenticate with valid authentication token key and value through params if not configured' do - swap Devise, :token_authentication_key => :secret_token, :params_authenticatable => [:database] do - sign_in_as_new_user_with_token - - assert_contain 'You need to sign in or sign up before continuing' - assert_contain 'Sign in' - assert_not warden.authenticated?(:user) - end - end - - test 'does authenticate with valid authentication token key and value through http if not configured' do - swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:database] do - sign_in_as_new_user_with_token(:http_auth => true) - - assert_response 401 - assert_contain 'Invalid email or password.' - assert_not warden.authenticated?(:user) - end - end - - test 'does not authenticate with improper authentication token key' do - swap Devise, :token_authentication_key => :donald_duck_token do - sign_in_as_new_user_with_token(:auth_token_key => :secret_token) - assert_equal new_user_session_path, @request.path - - assert_contain 'You need to sign in or sign up before continuing' - assert_contain 'Sign in' - assert_not warden.authenticated?(:user) - end - end - - test 'does not authenticate with improper authentication token value' do - store_translations :en, :devise => {:failure => {:invalid_token => 'LOL, that was not a single character correct.'}} do - sign_in_as_new_user_with_token(:auth_token => '*** INVALID TOKEN ***') - assert_equal new_user_session_path, @request.path - - assert_contain 'LOL, that was not a single character correct.' - assert_contain 'Sign in' - assert_not warden.authenticated?(:user) - end - end - - test 'authenticate with valid authentication token key and do not store if stateless and timeoutable are enabled' do - swap Devise, :token_authentication_key => :secret_token, :skip_session_storage => [:token_auth], :timeout_in => (0.1).second do - user = sign_in_as_new_user_with_token - assert warden.authenticated?(:user) - - # Expiring does not work because we are setting the session value when accessing it - sleep 0.3 - - get_users_path_as_existing_user(user) - assert warden.authenticated?(:user) - end - end - - test 'should reset token and not authenticate when expire_auth_token_on_timeout is set to true, timeoutable is enabled and we have a timed out session' do - swap Devise, :token_authentication_key => :secret_token, :expire_auth_token_on_timeout => true, :timeout_in => (-1).minute do - user = sign_in_as_new_user_with_token - assert warden.authenticated?(:user) - token = user.authentication_token - - get_users_path_as_existing_user(user) - assert_not warden.authenticated?(:user) - user.reload - assert_not_equal token, user.authentication_token - end - end - - test 'should not be subject to injection' do - swap Devise, :token_authentication_key => :secret_token do - user1 = create_user_with_authentication_token() - - # Clean up user cache - @user = nil - - user2 = create_user_with_authentication_token(:email => "another@test.com") - user2.update_attribute(:authentication_token, "ANOTHERTOKEN") - - assert_not_equal user1, user2 - visit users_path(Devise.token_authentication_key.to_s + '[$ne]' => user1.authentication_token) - assert_nil warden.user(:user) - end - end - - test 'authenticate with valid authentication token key and value through http header' do - swap Devise, :token_authentication_key => :secret_token do - sign_in_as_new_user_with_token(:token_auth => true) - - assert_response :success - assert_match 'user@test.com', response.body - assert_equal request.env['devise.token_options'], {} - assert warden.authenticated?(:user) - end - end - - test 'authenticate with valid authentication token key and value through http header, with options' do - swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => [:token_options] do - signature = "**TESTSIGNATURE**" - sign_in_as_new_user_with_token(:token_auth => true, :token_options => {:signature => signature, :nonce => 'def'}) - - assert_response :success - assert_match 'user@test.com', response.body - assert_equal request.env['devise.token_options'][:signature], signature - assert_equal request.env['devise.token_options'][:nonce], 'def' - assert warden.authenticated?(:user) - end - end - - test 'authenticate with valid authentication token key and value through http header without allowing token authorization setting is denied' do - swap Devise, :token_authentication_key => :secret_token, :http_authenticatable => false do - sign_in_as_new_user_with_token(:token_auth => true) - - assert_response :unauthorized - assert_nil warden.user(:user) - end - end - - test 'does not authenticate with improper authentication token value in header' do - sign_in_as_new_user_with_token(:token_auth => true, :auth_token => '*** INVALID TOKEN ***') - - assert_response :unauthorized - assert_nil warden.user(:user) - end - - private - - def sign_in_as_new_user_with_token(options = {}) - user = options.delete(:user) || create_user_with_authentication_token(options) - - options[:auth_token_key] ||= Devise.token_authentication_key - options[:auth_token] ||= user.authentication_token - - if options[:http_auth] - header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}" - get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header - elsif options[:token_auth] - token_options = options[:token_options] || {} - header = ActionController::HttpAuthentication::Token.encode_credentials(options[:auth_token], token_options) - get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header - else - visit users_path(options[:auth_token_key].to_sym => options[:auth_token]) - end - - user - end - - def create_user_with_authentication_token(options={}) - user = create_user(options) - user.authentication_token = VALID_AUTHENTICATION_TOKEN - user.save - user - end - - def get_users_path_as_existing_user(user) - sign_in_as_new_user_with_token(:user => user) - end - -end diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 7750947678..1617d27172 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -50,12 +50,12 @@ def fake_request(path, params={}) end test 'has strategies depending on the model declaration' do - assert_equal [:rememberable, :token_authenticatable, :database_authenticatable], Devise.mappings[:user].strategies + assert_equal [:rememberable, :database_authenticatable], Devise.mappings[:user].strategies assert_equal [:database_authenticatable], Devise.mappings[:admin].strategies end test 'has no input strategies depending on the model declaration' do - assert_equal [:rememberable, :token_authenticatable], Devise.mappings[:user].no_input_strategies + assert_equal [:rememberable], Devise.mappings[:user].no_input_strategies assert_equal [], Devise.mappings[:admin].no_input_strategies end diff --git a/test/models/token_authenticatable_test.rb b/test/models/token_authenticatable_test.rb deleted file mode 100644 index 15da9dd48a..0000000000 --- a/test/models/token_authenticatable_test.rb +++ /dev/null @@ -1,55 +0,0 @@ -require 'test_helper' - -class TokenAuthenticatableTest < ActiveSupport::TestCase - - test 'should reset authentication token' do - user = new_user - user.reset_authentication_token - previous_token = user.authentication_token - user.reset_authentication_token - assert_not_equal previous_token, user.authentication_token - end - - test 'should ensure authentication token' do - user = new_user - user.ensure_authentication_token - previous_token = user.authentication_token - user.ensure_authentication_token - assert_equal previous_token, user.authentication_token - end - - test 'should authenticate a valid user with authentication token and return it' do - user = create_user - user.ensure_authentication_token! - user.confirm! - authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token) - assert_equal authenticated_user, user - end - - test 'should return nil when authenticating an invalid user by authentication token' do - user = create_user - user.ensure_authentication_token! - user.confirm! - authenticated_user = User.find_for_token_authentication(:auth_token => user.authentication_token.reverse) - assert_nil authenticated_user - end - - test 'should not be subject to injection' do - user1 = create_user - user1.ensure_authentication_token! - user1.confirm! - - user2 = create_user - user2.ensure_authentication_token! - user2.confirm! - - user = User.find_for_token_authentication(:auth_token => {'$ne' => user1.authentication_token}) - assert_nil user - end - - test 'required_fields should contain the fields that Devise uses' do - assert_same_content Devise::Models::TokenAuthenticatable.required_fields(User), [ - :authentication_token - ] - end -end diff --git a/test/rails_app/app/mongoid/user.rb b/test/rails_app/app/mongoid/user.rb index a8adb9b794..867758eaca 100644 --- a/test/rails_app/app/mongoid/user.rb +++ b/test/rails_app/app/mongoid/user.rb @@ -36,7 +36,4 @@ class User field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts field :unlock_token, :type => String # Only if unlock strategy is :email or :both field :locked_at, :type => Time - - ## Token authenticatable - field :authentication_token, :type => String end diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb index 85e3000b52..43bf856496 100644 --- a/test/rails_app/db/migrate/20100401102949_create_tables.rb +++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb @@ -33,9 +33,6 @@ def self.up t.string :unlock_token # Only if unlock strategy is :email or :both t.datetime :locked_at - ## Token authenticatable - t.string :authentication_token - t.timestamps end diff --git a/test/rails_app/db/schema.rb b/test/rails_app/db/schema.rb index 8fae3c2812..c36bc6fb5f 100644 --- a/test/rails_app/db/schema.rb +++ b/test/rails_app/db/schema.rb @@ -44,7 +44,6 @@ t.integer "failed_attempts", :default => 0 t.string "unlock_token" t.datetime "locked_at" - t.string "authentication_token" t.datetime "created_at" t.datetime "updated_at" end diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index 9d7b34ef36..511c23cad1 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -3,7 +3,7 @@ module SharedUser included do devise :database_authenticatable, :confirmable, :lockable, :recoverable, - :registerable, :rememberable, :timeoutable, :token_authenticatable, + :registerable, :rememberable, :timeoutable, :trackable, :validatable, :omniauthable attr_accessor :other_key From 6b3b0c5e8c57253d3d178def678ccc26e66cd630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 2 Sep 2013 19:23:15 -0300 Subject: [PATCH 0308/1473] Remove deprecated token lookups --- CHANGELOG.md | 5 ++++ .../devise/confirmations_controller.rb | 13 ++-------- config/locales/en.yml | 1 - lib/devise.rb | 26 ++++++++++--------- lib/devise/models/confirmable.rb | 4 --- lib/devise/models/lockable.rb | 4 --- lib/devise/models/recoverable.rb | 3 --- test/integration/confirmable_test.rb | 21 --------------- test/models/confirmable_test.rb | 9 ------- test/models/lockable_test.rb | 10 ------- test/models/recoverable_test.rb | 10 ------- 11 files changed, 21 insertions(+), 85 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 256d5830e9..0e503dad13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +== 3.2.0-dev + +* enchancements + * Previously deprecated token authenticatable and insecure lookups have been removed + == 3.1.0 Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 28584957da..ee25e962b9 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -20,12 +20,7 @@ def show self.resource = resource_class.confirm_by_token(params[:confirmation_token]) if resource.errors.empty? - if Devise.allow_insecure_sign_in_after_confirmation - set_flash_message(:notice, :confirmed_and_signed_in) if is_navigational_format? - sign_in(resource_name, resource) - else - set_flash_message(:notice, :confirmed) if is_navigational_format? - end + set_flash_message(:notice, :confirmed) if is_navigational_format? respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new } @@ -41,10 +36,6 @@ def after_resending_confirmation_instructions_path_for(resource_name) # The path used after confirmation. def after_confirmation_path_for(resource_name, resource) - if Devise.allow_insecure_sign_in_after_confirmation - after_sign_in_path_for(resource) - else - new_session_path(resource_name) - end + new_session_path(resource_name) end end diff --git a/config/locales/en.yml b/config/locales/en.yml index ee239f3613..94fd5df37d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -4,7 +4,6 @@ en: devise: confirmations: confirmed: "Your account was successfully confirmed. Please sign in." - confirmed_and_signed_in: "Your account was successfully confirmed. You are now signed in." send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." failure: diff --git a/lib/devise.rb b/lib/devise.rb index 52244020e6..ae5fad7fd3 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -50,15 +50,21 @@ module Strategies mattr_accessor :secret_key @@secret_key = nil - # Allow insecure token lookup. Must be used - # temporarily just for migration. - mattr_accessor :allow_insecure_token_lookup - @@allow_insecure_tokens_lookup = false + [ :allow_insecure_token_lookup, + :allow_insecure_sign_in_after_confirmation, + :token_authentication_key ].each do |method| + class_eval <<-RUBY + def self.#{method} + ActiveSupport::Deprecation.warn "Devise.#{method} is deprecated " \ + "and has no effect" + end - # Allow insecure sign in after confirmation. Must be used - # temporarily just for migration. - mattr_accessor :allow_insecure_sign_in_after_confirmation - @@allow_insecure_sign_in_after_confirmation = false + def self.#{method}=(val) + ActiveSupport::Deprecation.warn "Devise.#{method}= is deprecated " \ + "and has no effect" + end + RUBY + end # Custom domain or key for cookies. Not set by default mattr_accessor :rememberable_options @@ -195,10 +201,6 @@ module Strategies mattr_accessor :mailer_sender @@mailer_sender = nil - # Authentication token params key name of choice. E.g. /users/sign_in?some_key=... - mattr_accessor :token_authentication_key - @@token_authentication_key = :auth_token - # Skip session storage for the following strategies mattr_accessor :skip_session_storage @@skip_session_storage = [] diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 7c51adcb11..9f1034d1fd 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -275,10 +275,6 @@ def confirm_by_token(confirmation_token) confirmation_token = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token) - if !confirmable.persisted? && Devise.allow_insecure_token_lookup - confirmable = find_or_initialize_with_error_by(:confirmation_token, original_token) - end - confirmable.confirm! if confirmable.persisted? confirmable.confirmation_token = original_token confirmable diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index a9c8ad5a73..49a5312eae 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -165,10 +165,6 @@ def unlock_access_by_token(unlock_token) unlock_token = Devise.token_generator.digest(self, :unlock_token, unlock_token) lockable = find_or_initialize_with_error_by(:unlock_token, unlock_token) - if !lockable.persisted? && Devise.allow_insecure_token_lookup - lockable = find_or_initialize_with_error_by(:unlock_token, original_token) - end - lockable.unlock_access! if lockable.persisted? lockable.unlock_token = original_token lockable diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index b063603ee7..bd82ca107e 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -116,9 +116,6 @@ def reset_password_by_token(attributes={}) reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token) recoverable = find_or_initialize_with_error_by(:reset_password_token, reset_password_token) - if !recoverable.persisted? && Devise.allow_insecure_token_lookup - recoverable = find_or_initialize_with_error_by(:reset_password_token, original_token) - end if recoverable.persisted? if recoverable.reset_password_period_valid? diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index beba732b92..d2086cb8e5 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -62,27 +62,6 @@ def resend_confirmation end end - test 'user should be signed in after confirmation if allow_insecure_sign_in_after_confirmation is enabled' do - swap Devise, :confirm_within => 3.days, :allow_insecure_sign_in_after_confirmation => true do - user = create_user(:confirm => false, :confirmation_sent_at => 2.days.ago) - assert_not user.confirmed? - visit_user_confirmation_with_token(user.raw_confirmation_token) - - assert_contain 'Your account was successfully confirmed. You are now signed in.' - assert_current_url root_url - assert user.reload.confirmed? - end - end - - test 'user should be redirected to a custom path after confirmation' do - Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1") - - user = create_user(:confirm => false) - visit_user_confirmation_with_token(user.raw_confirmation_token) - - assert_current_url "/?custom=1" - end - test 'already confirmed user should not be able to confirm the account again' do user = create_user(:confirm => false) user.confirmed_at = Time.now diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 0e82e7d2cb..5d1221a580 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -51,15 +51,6 @@ def setup assert_equal "was already confirmed, please try signing in", user.errors[:email].join end - test 'DEPRECATED: should find and confirm a user automatically' do - swap Devise, allow_insecure_token_lookup: true do - user = create_user - confirmed_user = User.confirm_by_token(user.confirmation_token) - assert_equal confirmed_user, user - assert user.reload.confirmed? - end - end - test 'should find and confirm a user automatically based on the raw token' do user = create_user raw = user.raw_confirmation_token diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index a399849a76..7ac558690b 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -139,16 +139,6 @@ def setup end end - test 'DEPRECATED: should find and unlock a user automatically' do - swap Devise, allow_insecure_token_lookup: true do - user = create_user - user.lock_access! - locked_user = User.unlock_access_by_token(user.unlock_token) - assert_equal locked_user, user - assert_not user.reload.access_locked? - end - end - test 'should find and unlock a user automatically based on raw token' do user = create_user raw = user.send_unlock_instructions diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 3fb42d0a61..3c1564992a 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -108,16 +108,6 @@ def setup end end - test 'DEPRECATED: should find a user to reset his password based on reset_password_token' do - swap Devise, allow_insecure_token_lookup: true do - user = create_user - user.send_reset_password_instructions - - reset_password_user = User.reset_password_by_token(:reset_password_token => user.reset_password_token) - assert_equal reset_password_user, user - end - end - test 'should find a user to reset his password based on the raw token' do user = create_user raw = user.send_reset_password_instructions From 9464416c3e48735ef2d8bb2fafa09ab2a7eac77c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 2 Sep 2013 19:25:05 -0300 Subject: [PATCH 0309/1473] Bring back test removed by accident --- test/integration/confirmable_test.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index d2086cb8e5..e0c02bbce5 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -62,6 +62,15 @@ def resend_confirmation end end + test 'user should be redirected to a custom path after confirmation' do + Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1") + + user = create_user(:confirm => false) + visit_user_confirmation_with_token(user.raw_confirmation_token) + + assert_current_url "/?custom=1" + end + test 'already confirmed user should not be able to confirm the account again' do user = create_user(:confirm => false) user.confirmed_at = Time.now From 47d9f1b95962cf093be9517e2a60d56e963d54a3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 3 Sep 2013 08:47:57 -0300 Subject: [PATCH 0310/1473] Fix changelog [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e503dad13..d81d2a70a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ == 3.2.0-dev -* enchancements +* enhancements * Previously deprecated token authenticatable and insecure lookups have been removed == 3.1.0 From f45d874ed9380ed01ef8f4368006a54ac2613648 Mon Sep 17 00:00:00 2001 From: Benjamin Manns Date: Wed, 4 Sep 2013 14:43:45 -0400 Subject: [PATCH 0311/1473] Update link to new contributors page [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c1e89a6a8..d960c71f6e 100644 --- a/README.md +++ b/README.md @@ -445,7 +445,7 @@ https://github.com/hassox/warden We have a long list of valued contributors. Check them all at: -https://github.com/plataformatec/devise/contributors +https://github.com/plataformatec/devise/graphs/contributors ## License From fc5522a8ed6e8a0c62cdaedca521f4606bb1c7c5 Mon Sep 17 00:00:00 2001 From: Ricardo Henrique Date: Fri, 13 Sep 2013 08:47:27 -0300 Subject: [PATCH 0312/1473] Update wiki link on README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d960c71f6e..9d149b4720 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby i The Devise Wiki has lots of additional information about Devise including many "how-to" articles and answers to the most frequently asked questions. Please browse the Wiki after finishing this README: -https://wiki.github.com/plataformatec/devise +https://github.com/plataformatec/devise/wiki ### Bug reports From 4216c34538827ef205c039195409be9e14497985 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Fri, 13 Sep 2013 22:29:34 +0300 Subject: [PATCH 0313/1473] fix markdown in CHANGELOG [ci skip] closes #2626 --- CHANGELOG.md | 186 +++++++++++++++++++++++++-------------------------- 1 file changed, 93 insertions(+), 93 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d81d2a70a5..a5247ec848 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,9 @@ -== 3.2.0-dev +### 3.2.0-dev * enhancements * Previously deprecated token authenticatable and insecure lookups have been removed -== 3.1.0 +### 3.1.0 Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ @@ -26,12 +26,12 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-w * Do not compare directly against confirmation, unlock and reset password tokens * Skip storage for cookies on unverified requests -== 3.0.2 +### 3.0.2 * bug fix * Skip storage for cookies on unverified requests -== 3.0.1 +### 3.0.1 Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/ @@ -42,7 +42,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne) * Clean up CSRF token after authentication (by @homakov). Notice this change will clean up the CSRF Token after authentication (sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server. -== 3.0.0 +### 3.0.0 * enhancements * Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) @@ -55,7 +55,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * backwards incompatible changes * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606 -== 2.2.4 +### 2.2.4 * enhancements * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3) @@ -71,25 +71,25 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * Fix inheriting mailer templates from `Devise::Mailer` * Fix a bug when procs are used as default mailer in Devise (by @tomasv) -== 2.2.3 +### 2.2.3 Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/ * bug fix * Require string conversion for all values -== 2.2.2 +### 2.2.2 * bug fix * Fix bug when checking for reconfirmable in templates -== 2.2.1 +### 2.2.1 * bug fix * Fix regression with case_insensitive_keys * Fix regression when password is blank when it is invalid -== 2.2.0 +### 2.2.0 * backwards incompatible changes * `headers_for` is deprecated, customize the mailer directly instead @@ -120,7 +120,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby) * Properly handle namespaced models on Active Record generator (by @nashby) -== 2.1.2 +### 2.1.2 * enhancements * Handle backwards incompatibility between Rails 3.2.6 and Thor 0.15.x @@ -128,7 +128,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * bug fix * Fix regression on strategy validation on previous release -== 2.1.1 (yanked) +### 2.1.1 (yanked) * enhancements * `sign_out_all_scopes` now locks warden and does not allow new logins in the same action @@ -145,7 +145,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * deprecations * Strategy#validate() no longer validates nil resources -== 2.1.0 +### 2.1.0 * enhancements * Add `check_fields!(model_class)` method on Devise::Models to check if the model includes the fields that Devise uses @@ -172,7 +172,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * Return `head :no_content` in SessionsController now that most JS libraries handle it (by @julianvargasalvarez) * Reverted moving devise/shared/_links.erb to devise/_links.erb -== 2.0.4 +### 2.0.4 Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0 @@ -180,7 +180,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix when :host is used with devise_for (by @mreinsch) * Fix a regression that caused Warden to be initialized too late -== 2.0.3 (yanked) +### 2.0.3 (yanked) * bug fix * Ensure warning is not shown by mistake on apps with mounted engines @@ -188,7 +188,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure serializable_hash does not depend on accessible attributes * Ensure that timeout callback does not run on sign out action -== 2.0.2 +### 2.0.2 * enhancements * Add devise_i18n_options to customize I18n message @@ -200,7 +200,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Show a warning in case someone gives a pluralized name to devise generator * Fix test behavior for rspec subject requests (by @sj26) -== 2.0.1 +### 2.0.1 * enhancements * Improved error messages on deprecation warnings @@ -209,7 +209,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Removed tmp and log files from gem -== 2.0.0 +### 2.0.0 * enhancements * Add support for e-mail reconfirmation on change (by @Mandaryn and @heimidal) @@ -235,14 +235,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Deprecated support to devise.registrations.reasons and devise.registrations.inactive_signed_up in favor of devise.registrations.signed_up_but_* * Protected method render_with_scope was removed. -== 1.5.3 +### 1.5.3 * bug fix * Ensure delegator converts scope to symbol (by @dmitriy-kiriyenko) * Ensure passing :format => false to devise_for is not permanent * Ensure path checker does not check invalid routes -== 1.5.2 +### 1.5.2 * enhancements * Add support for Rails 3.1 new mass assignment conventions (by @kirs) @@ -251,12 +251,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * OmniAuth error message now shows the proper option (:strategy_class instead of :klass) -== 1.5.1 +### 1.5.1 * bug fix * Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise. -== 1.5.0 +### 1.5.0 * enhancements * Timeoutable also skips tracking if skip_trackable is given @@ -277,12 +277,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * redirect_location is deprecated, please use after_sign_in_path_for * after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it -== 1.4.9 +### 1.4.9 * bug fix * url helpers were not being set under some circumstances -== 1.4.8 +### 1.4.8 * enhancements * Add docs for assets pipeline and Heroku @@ -290,12 +290,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * confirmation_url was not being set under some circumstances -== 1.4.7 +### 1.4.7 * bug fix * Fix backward incompatible change from 1.4.6 for those using custom controllers -== 1.4.6 (yanked) +### 1.4.6 (yanked) * enhancements * Allow devise_for :skip => :all @@ -303,7 +303,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow --skip-routes to devise generator * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller -== 1.4.5 +### 1.4.5 * bug fix * Failure app tries the root path if a session one does not exist @@ -311,12 +311,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Reset password shows proper message if user is not active * `clean_up_passwords` sets the accessors to nil to skip validations -== 1.4.4 +### 1.4.4 * bug fix * Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually -== 1.4.3 +### 1.4.3 * enhancements * Improve Rails 3.1 compatibility @@ -332,12 +332,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecations * Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation -== 1.4.2 +### 1.4.2 * bug fix * Provide a more robust behavior to serializers and add :force_except option -== 1.4.1 +### 1.4.1 * enhancements * Add :defaults and :format support on router @@ -348,7 +348,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure to_xml is properly white listened * Ensure handle_unverified_request clean up any cached signed-in user -== 1.4.0 +### 1.4.0 * enhancements * Added authenticated and unauthenticated to the router to route the used based on his status (by @sj26) @@ -366,22 +366,22 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Devise now honors routes constraints (by @macmartine) * Do not return the user resource when requesting instructions (by @rodrigoflores) -== 1.3.4 +### 1.3.4 * bug fix * Do not add formats if html or "*/*" -== 1.3.3 +### 1.3.3 * bug fix * Explicitly mark the token as expired if so -== 1.3.2 +### 1.3.2 * bug fix * Fix another regression related to reset_password_sent_at (by @alexdreher) -== 1.3.1 +### 1.3.1 * enhancements * Improve failure_app responses (by @indirect) @@ -390,7 +390,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix a regression that occurred if reset_password_sent_at is not present (by @stevehodgkiss) -== 1.3.0 +### 1.3.0 * enhancements * All controllers can now handle different mime types than html using Responders (by @sikachu) @@ -410,19 +410,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * backward incompatible changes * authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior. -== 1.2.1 +### 1.2.1 * enhancements * Improve update path messages -== 1.2.0 +### 1.2.0 * bug fix * Properly ignore path prefix on omniauthable * Faster uniqueness queries * Rename active? to active_for_authentication? to avoid conflicts -== 1.2.rc2 +### 1.2.rc2 * enhancements * Make friendly_token 20 chars long @@ -452,7 +452,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Removed --haml and --slim view templates * Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode -== 1.2.rc +### 1.2.rc * deprecations * cookie_domain is deprecated in favor of cookie_options @@ -490,13 +490,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure namespaces has proper scoped views * Ensure Devise does not set empty flash messages (by @sxross) -== 1.1.6 +### 1.1.6 * Use a more secure e-mail regexp * Implement Rails 3.0.4 handle unverified request * Use secure_compare to compare passwords -== 1.1.5 +### 1.1.5 * bugfix * Ensure to convert keys on indifferent hash @@ -504,12 +504,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * defaults * Set config.http_authenticatable to false to avoid confusion -== 1.1.4 +### 1.1.4 * bugfix * Avoid session fixation attacks -== 1.1.3 +### 1.1.3 * bugfix * Add reply-to to e-mail headers by default @@ -520,17 +520,17 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix for failed first-ever logins on PostgreSQL where column default is nil (by @bensie) * :default options is now honored in migrations -== 1.1.2 +### 1.1.2 * bugfix * Compatibility with latest Rails routes schema -== 1.1.1 +### 1.1.1 * bugfix * Fix a small bug where generated locale file was empty on devise:install -== 1.1.0 +### 1.1.0 * enhancements * Rememberable module allows user to be remembered across browsers and is enabled by default (by @trevorturk) @@ -550,7 +550,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecations * use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead -== 1.1.rc2 +### 1.1.rc2 * enhancements * Allow to set cookie domain for the remember token. (by @mantas) @@ -568,7 +568,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject * Generators now use Rails 3 syntax (devise:install) instead of devise_install -== 1.1.rc1 +### 1.1.rc1 * enhancements * Rails 3 compatibility @@ -600,7 +600,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure * :as and :scope in routes is deprecated. Use :path and :singular instead -== 1.0.8 +### 1.0.8 * enhancements * Support for latest MongoMapper @@ -609,7 +609,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * confirmation_required? is properly honored on active? calls. (by @paulrosania) -== 1.0.7 +### 1.0.7 * bug fix * Ensure password confirmation is always required @@ -618,14 +618,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * authenticatable was deprecated and renamed to database_authenticatable * confirmable is not included by default on generation -== 1.0.6 +### 1.0.6 * bug fix * Do not allow unlockable strategies based on time to access a controller. * Do not send unlockable email several times. * Allow controller to upstram custom! failures to Warden. -== 1.0.5 +### 1.0.5 * bug fix * Use prepend_before_filter in require_no_authentication. @@ -633,19 +633,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix a bug when giving an association proxy to devise. * Do not use lock! on lockable since it's part of ActiveRecord API. -== 1.0.4 +### 1.0.4 * bug fix * Fixed a bug when deleting an account with rememberable * Fixed a bug with custom controllers -== 1.0.3 +### 1.0.3 * enhancements * HTML e-mails now have proper formatting * Do not remove MongoMapper options in find -== 1.0.2 +### 1.0.2 * enhancements * Allows you set mailer content type (by @glennr) @@ -653,7 +653,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Uses the same content type as request on http authenticatable 401 responses -== 1.0.1 +### 1.0.1 * enhancements * HttpAuthenticatable is not added by default automatically. @@ -662,7 +662,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fixed encryptors autoload -== 1.0.0 +### 1.0.0 * deprecation * :old_password in update_with_password is deprecated, use :current_password instead @@ -673,7 +673,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow scoped_views to be customized per controller/mailer class * Allow authenticatable to used in change_table statements -== 0.9.2 +### 0.9.2 * bug fix * Ensure inactive user cannot sign in @@ -683,13 +683,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added gemspec to repo * Added token authenticatable (by @grimen) -== 0.9.1 +### 0.9.1 * bug fix * Allow bigger salt size (by @jgeiger) * Fix relative url root -== 0.9.0 +### 0.9.0 * deprecation * devise :all is deprecated @@ -706,7 +706,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Accept path prefix not starting with slash * url helpers should rely on find_scope! -== 0.8.2 +### 0.8.2 * enhancements * Allow Devise.mailer_sender to be a proc (by @grimen) @@ -714,7 +714,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix bug with passenger, update is required to anyone deploying on passenger (by @dvdpalm) -== 0.8.1 +### 0.8.1 * enhancements * Move salt to encryptors @@ -724,7 +724,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Bcrypt generator was not being loaded neither setting the proper salt -== 0.8.0 +### 0.8.0 * enhancements * Warden 0.8.0 compatibility @@ -738,19 +738,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecation * Removed DeviseMailer.sender -== 0.7.5 +### 0.7.5 * enhancements * Set a default value for mailer to avoid find_template issues * Add models configuration to MongoMapper::EmbeddedDocument as well -== 0.7.4 +### 0.7.4 * enhancements * Extract Activatable from Confirmable * Decouple Serializers from Devise modules -== 0.7.3 +### 0.7.3 * bug fix * Give scope to the proper model validation @@ -760,7 +760,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added update_with_password for authenticatable * Allow render_with_scope to accept :controller option -== 0.7.2 +### 0.7.2 * deprecation * Renamed reset_confirmation! to resend_confirmation! @@ -770,12 +770,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fixed render_with_scope to work with all controllers * Allow sign in with two different users in Devise::TestHelpers -== 0.7.1 +### 0.7.1 * enhancements * Small enhancements for other plugins compatibility (by @grimen) -== 0.7.0 +### 0.7.0 * deprecations * :authenticatable is not included by default anymore @@ -784,25 +784,25 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Improve loading process * Extract SessionSerializer from Authenticatable -== 0.6.3 +### 0.6.3 * bug fix * Added trackable to migrations * Allow inflections to work -== 0.6.2 +### 0.6.2 * enhancements * More DataMapper compatibility * Devise::Trackable - track sign in count, timestamps and ips -== 0.6.1 +### 0.6.1 * enhancements * Devise::Timeoutable - timeout sessions without activity * DataMapper now accepts conditions -== 0.6.0 +### 0.6.0 * deprecations * :authenticatable is still included by default, but yields a deprecation warning @@ -813,19 +813,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow a strategy to be placed after authenticatable * Do not rely attribute? methods, since they are not added on Datamapper -== 0.5.6 +### 0.5.6 * enhancements * Do not send nil to build (DataMapper compatibility) * Allow to have scoped views -== 0.5.5 +### 0.5.5 * enhancements * Allow overwriting find for authentication method * Remove Ruby 1.8.7 dependency -== 0.5.4 +### 0.5.4 * deprecations * Deprecate :singular in devise_for and use :scope instead @@ -836,7 +836,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Create sign_in_and_redirect and sign_out_and_redirect helpers * Warden::Manager.default_scope is automatically configured to the first given scope -== 0.5.3 +### 0.5.3 * bug fix * MongoMapper now converts DateTime to Time @@ -848,20 +848,20 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper in cases you don't want it be handlded automatically -== 0.5.2 +### 0.5.2 * enhancements * Improved sign_in and sign_out helpers to accepts resources * Added stored_location_for as a helper * Added test helpers -== 0.5.1 +### 0.5.1 * enhancements * Added serializers based on Warden ones * Allow authentication keys to be set -== 0.5.0 +### 0.5.0 * bug fix * Fixed a bug where remember me module was not working properly @@ -871,13 +871,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by @mhfs) * Added support for MongoMapper (by @shingara) -== 0.4.3 +### 0.4.3 * bug fix * Authentication just fails if user cannot be serialized from session, without raising errors; * Default configuration values should not overwrite user values; -== 0.4.2 +### 0.4.2 * deprecations * Renamed mail_sender to mailer_sender @@ -889,12 +889,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow :path_prefix to be given to devise_for * Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported) -== 0.4.1 +### 0.4.1 * bug fix * Ensure options can be set even if models were not loaded -== 0.4.0 +### 0.4.0 * deprecations * Notifier is deprecated, use DeviseMailer instead. Remember to rename @@ -907,7 +907,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow Warden::Manager to be configured through Devise * Created a generator which creates an initializer -== 0.3.0 +### 0.3.0 * bug fix * Allow yml messages to be configured by not using engine locales @@ -917,7 +917,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Do not send confirmation messages when user changes his e-mail * Renamed authenticable to authenticatable and added deprecation warnings -== 0.2.3 +### 0.2.3 * enhancements * Ensure fail! works inside strategies @@ -927,12 +927,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Do not redirect on invalid authenticate * Allow model configuration to be set to nil -== 0.2.2 +### 0.2.2 * bug fix * Fix a bug when using customized resources -== 0.2.1 +### 0.2.1 * refactor * Clean devise_views generator to use devise existing views @@ -944,7 +944,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix a bug with Mongrel and Ruby 1.8.6 -== 0.2.0 +### 0.2.0 * enhancements * Allow option :null => true in authenticable migration @@ -959,12 +959,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fixes * Fixed requiring devise strategies -== 0.1.1 +### 0.1.1 * bug fixes * Fixed requiring devise mapping -== 0.1.0 +### 0.1.0 * Devise::Authenticable * Devise::Confirmable From d75fd56f150f006aee51dcafc7157454190de570 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 14 Sep 2013 12:23:48 +0300 Subject: [PATCH 0314/1473] remove unused reset_password_token method closes #2621 --- lib/devise/models/recoverable.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index bd82ca107e..3b4cfa3512 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -101,11 +101,6 @@ def send_reset_password_instructions(attributes={}) recoverable end - # Generate a token checking if one does not already exist in the database. - def reset_password_token - generate_token(:reset_password_token) - end - # Attempt to find a user by its reset_password_token to reset its # password. If a user is found and token is still valid, reset its password and automatically # try saving the record. If not user is found, returns a new user From ae6a37f796f478608aa9e877ba1c0b4c5af05b36 Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Sun, 15 Sep 2013 01:52:53 +0530 Subject: [PATCH 0315/1473] Cleanup tests for unused variables --- test/controllers/sessions_controller_test.rb | 2 +- test/integration/recoverable_test.rb | 4 ++-- test/integration/rememberable_test.rb | 6 +++--- test/models/database_authenticatable_test.rb | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 0bfc8be867..b25b80009d 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -10,7 +10,7 @@ class SessionsControllerTest < ActionController::TestCase end request.env["devise.mapping"] = Devise.mappings[:user] request.session["user_return_to"] = 'foo.bar' - user = create_user + create_user post :create, :user => { :email => "wrong@email.com", :password => "wrongpassword" diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 6afd37e78b..10588ef966 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -190,7 +190,7 @@ def reset_password(options={}, &block) end test 'sign in user automatically after changing its password' do - user = create_user + create_user request_forgot_password reset_password @@ -260,7 +260,7 @@ def reset_password(options={}, &block) end test 'change password with valid parameters in XML format should return valid response' do - user = create_user + create_user request_forgot_password put user_password_path(:format => 'xml'), :user => { :reset_password_token => 'abcdef', :password => '987654321', :password_confirmation => '987654321' diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 490d117077..e7afd67a76 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -64,14 +64,14 @@ def cookie_expires(key) # since we changed the domain. This is the only difference with the # previous test. swap Devise, :rememberable_options => { :domain => "omg.somewhere.com" } do - user = sign_in_as_user :remember_me => true + sign_in_as_user :remember_me => true assert_nil request.cookies["remember_user_token"] end end test 'generate remember token with a custom key' do swap Devise, :rememberable_options => { :key => "v1lat_token" } do - user = sign_in_as_user :remember_me => true + sign_in_as_user :remember_me => true assert request.cookies["v1lat_token"] end end @@ -79,7 +79,7 @@ def cookie_expires(key) test 'generate remember token after sign in setting session options' do begin Rails.configuration.session_options[:domain] = "omg.somewhere.com" - user = sign_in_as_user :remember_me => true + sign_in_as_user :remember_me => true assert_nil request.cookies["remember_user_token"] ensure Rails.configuration.session_options.delete(:domain) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index c5ecf51ddf..d8689aee7e 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -203,7 +203,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase end test 'downcase_keys with validation' do - user = User.create(:email => "HEllO@example.com", :password => "123456") + User.create(:email => "HEllO@example.com", :password => "123456") user = User.create(:email => "HEllO@example.com", :password => "123456") assert !user.valid? end From 989d7192faface7f08082575b5a6619cb6a80d1c Mon Sep 17 00:00:00 2001 From: Greg Gates Date: Mon, 16 Sep 2013 10:12:15 -0400 Subject: [PATCH 0316/1473] Tweaks confirmation flow for signed_in users For #2627 When allow_unconfirmed_access_for > 0, users may be already signed in at the time they confirm their account. Consequently, the default confirmation should be compatible with this possibility. Additionally, they should not be redirected to the sign in form after confirmation in this case. So I've changed ConfirmationsController#after_confirmation_path_for to send the user to the root path when signed in, or the sign in form otherwise. --- app/controllers/devise/confirmations_controller.rb | 6 +++++- config/locales/en.yml | 2 +- test/integration/confirmable_test.rb | 12 +++++++++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index ee25e962b9..a6a4a8801e 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -36,6 +36,10 @@ def after_resending_confirmation_instructions_path_for(resource_name) # The path used after confirmation. def after_confirmation_path_for(resource_name, resource) - new_session_path(resource_name) + if signed_in? + signed_in_root_path(resource) + else + new_session_path(resource_name) + end end end diff --git a/config/locales/en.yml b/config/locales/en.yml index 94fd5df37d..b0e4ed0ca9 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -3,7 +3,7 @@ en: devise: confirmations: - confirmed: "Your account was successfully confirmed. Please sign in." + confirmed: "Your account was successfully confirmed." send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." failure: diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index e0c02bbce5..3bb555d974 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -56,7 +56,7 @@ def resend_confirmation assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) - assert_contain 'Your account was successfully confirmed. Please sign in.' + assert_contain 'Your account was successfully confirmed.' assert_current_url '/users/sign_in' assert user.reload.confirmed? end @@ -123,6 +123,16 @@ def resend_confirmation end end + test 'unconfirmed but signed in user should be redirected to their root path' do + swap Devise, :allow_unconfirmed_access_for => 1.day do + user = sign_in_as_user(:confirm => false) + + visit_user_confirmation_with_token(user.raw_confirmation_token) + assert_contain 'Your account was successfully confirmed.' + assert_current_url '/' + end + end + test 'error message is configurable by resource name' do store_translations :en, :devise => { :failure => { :user => { :unconfirmed => "Not confirmed user" } } From eaad61b2da661ab728acc309bfb2d7ad429d3c4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 1 Oct 2013 17:09:37 +0200 Subject: [PATCH 0317/1473] Make it clear a restart is required when setting the secret key --- lib/devise/rails/routes.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 8e728d2d8a..d443b706f2 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -442,6 +442,7 @@ def raise_no_secret_key #:nodoc: config.secret_key = '#{SecureRandom.hex(64)}' +Please ensure you restarted your application after installing Devise or setting the key. ERROR end From 2351d0215a50554be24870f40b0318b38df91186 Mon Sep 17 00:00:00 2001 From: Ivan Zhidkov Date: Thu, 3 Oct 2013 18:34:39 +0400 Subject: [PATCH 0318/1473] Fix expire_session_data_after_sign_in! --- lib/devise/controllers/helpers.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index a53469a544..5d3e908c99 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -258,6 +258,10 @@ def sign_in_and_redirect(resource_or_scope, *args) end def expire_session_data_after_sign_in! + # session.keys will return an empty array if the session is not yet loaded. + # This is a bug in both Rack and Rails. + # A call to #empty? forces the session to be loaded. + session.empty? session.keys.grep(/^devise\./).each { |k| session.delete(k) } end From 036715faccd78b4de52707c94d78041961ae9908 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Thu, 3 Oct 2013 17:38:26 +0300 Subject: [PATCH 0319/1473] do not define mailer if ActionMailer is not defined closes #2659 --- app/mailers/devise/mailer.rb | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index 8b7a536bd7..e069eefa81 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -1,18 +1,20 @@ -class Devise::Mailer < Devise.parent_mailer.constantize - include Devise::Mailers::Helpers +if defined?(ActionMailer) + class Devise::Mailer < Devise.parent_mailer.constantize + include Devise::Mailers::Helpers - def confirmation_instructions(record, token, opts={}) - @token = token - devise_mail(record, :confirmation_instructions, opts) - end + def confirmation_instructions(record, token, opts={}) + @token = token + devise_mail(record, :confirmation_instructions, opts) + end - def reset_password_instructions(record, token, opts={}) - @token = token - devise_mail(record, :reset_password_instructions, opts) - end + def reset_password_instructions(record, token, opts={}) + @token = token + devise_mail(record, :reset_password_instructions, opts) + end - def unlock_instructions(record, token, opts={}) - @token = token - devise_mail(record, :unlock_instructions, opts) + def unlock_instructions(record, token, opts={}) + @token = token + devise_mail(record, :unlock_instructions, opts) + end end end From 93f59dd63a8c56fc3393e5d08d15651ef110cdc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 4 Oct 2013 20:04:23 +0200 Subject: [PATCH 0320/1473] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a5247ec848..26a502d3d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,12 @@ * enhancements * Previously deprecated token authenticatable and insecure lookups have been removed +### 3.1.1 + +* bug fix + * Improve default message which asked users to sign in even when they were already signed (by @gregates) + * Improve error message for when the config.secret_key is missing + ### 3.1.0 Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ From 5300bdabc8b7740a3a308e97065d2cc941eddffd Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Wed, 28 Aug 2013 11:23:41 -0700 Subject: [PATCH 0321/1473] add a class method so you can encrypt passwords from fixtures --- lib/devise/models/database_authenticatable.rb | 12 ++++++------ test/devise_test.rb | 10 ++++++++++ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 3e1da40c79..1f3ebaab6b 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -2,6 +2,11 @@ require 'bcrypt' module Devise + # Digests the password using bcrypt. + def self.bcrypt(klass, password) + ::BCrypt::Password.create("#{password}#{klass.pepper}", :cost => klass.stretches).to_s + end + module Models # Authenticatable Module, responsible for encrypting password and validating # authenticity of a user while signing in. @@ -34,7 +39,7 @@ def self.required_fields(klass) # Generates password encryption based on the given value. def password=(new_password) @password = new_password - self.encrypted_password = password_digest(@password) if @password.present? + self.encrypted_password = Devise.bcrypt(self.class, @password) if @password.present? end # Verifies whether an password (ie from sign in) is the user password. @@ -120,11 +125,6 @@ def authenticatable_salt protected - # Digests the password using bcrypt. - def password_digest(password) - ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s - end - module ClassMethods Devise::Models.config(self, :pepper, :stretches) diff --git a/test/devise_test.rb b/test/devise_test.rb index 9352e164b4..1a5f714923 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -11,6 +11,16 @@ def self.yield_and_restore end class DeviseTest < ActiveSupport::TestCase + test 'bcrypt on the class' do + password = "super secret" + klass = Struct.new(:pepper, :stretches).new("blahblah", 2) + hash = Devise.bcrypt(klass, password) + assert_equal hash, Devise.bcrypt(klass, password) + + klass = Struct.new(:pepper, :stretches).new("bla", 2) + assert_not_equal hash, Devise.bcrypt(klass, password) + end + test 'model options can be configured through Devise' do swap Devise, :allow_unconfirmed_access_for => 113, :pepper => "foo" do assert_equal 113, Devise.allow_unconfirmed_access_for From 0d6493a9a54c5eb413aafaf4bfc19ae3b93ea63d Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 6 Oct 2013 14:19:08 +0300 Subject: [PATCH 0322/1473] proper hash comparing in Devise.bcrypt test --- test/devise_test.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test/devise_test.rb b/test/devise_test.rb index 1a5f714923..27f46811c9 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -15,10 +15,11 @@ class DeviseTest < ActiveSupport::TestCase password = "super secret" klass = Struct.new(:pepper, :stretches).new("blahblah", 2) hash = Devise.bcrypt(klass, password) - assert_equal hash, Devise.bcrypt(klass, password) + assert_equal ::BCrypt::Password.create(hash), hash klass = Struct.new(:pepper, :stretches).new("bla", 2) - assert_not_equal hash, Devise.bcrypt(klass, password) + hash = Devise.bcrypt(klass, password) + assert_not_equal ::BCrypt::Password.new(hash), hash end test 'model options can be configured through Devise' do @@ -69,7 +70,7 @@ class DeviseTest < ActiveSupport::TestCase Devise::ALL.delete(:kivi) Devise::CONTROLLERS.delete(:kivi) end - + test 'should complain when comparing empty or different sized passes' do [nil, ""].each do |empty| assert_not Devise.secure_compare(empty, "something") From fa16afd90ab1391a97c49aa22fe6bbdf3e03cc3a Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 6 Oct 2013 14:19:19 +0300 Subject: [PATCH 0323/1473] add CHANGELOG entry --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26a502d3d0..70c6a85b51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ * enhancements * Previously deprecated token authenticatable and insecure lookups have been removed + * Add a class method so you can encrypt passwords from fixtures (by @tenderlove) ### 3.1.1 From fa06b33dd3d6756740605af5f38c2a5a096cfcb0 Mon Sep 17 00:00:00 2001 From: Jessy Bernal Date: Tue, 8 Oct 2013 11:25:04 +0200 Subject: [PATCH 0324/1473] Fix #2673 email templates generated with the good @token --- .../templates/markerb/confirmation_instructions.markerb | 2 +- .../templates/markerb/reset_password_instructions.markerb | 2 +- lib/generators/templates/markerb/unlock_instructions.markerb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/generators/templates/markerb/confirmation_instructions.markerb b/lib/generators/templates/markerb/confirmation_instructions.markerb index bc20339eff..8f152996d2 100644 --- a/lib/generators/templates/markerb/confirmation_instructions.markerb +++ b/lib/generators/templates/markerb/confirmation_instructions.markerb @@ -2,4 +2,4 @@ Welcome <%= @email %>! You can confirm your account through the link below: -<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %> +<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %> diff --git a/lib/generators/templates/markerb/reset_password_instructions.markerb b/lib/generators/templates/markerb/reset_password_instructions.markerb index 5587598d89..d149c12467 100644 --- a/lib/generators/templates/markerb/reset_password_instructions.markerb +++ b/lib/generators/templates/markerb/reset_password_instructions.markerb @@ -2,7 +2,7 @@ Hello <%= @resource.email %>! Someone has requested a link to change your password, and you can do this through the link below. -<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %> +<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %> If you didn't request this, please ignore this email. Your password won't change until you access the link above and create a new one. diff --git a/lib/generators/templates/markerb/unlock_instructions.markerb b/lib/generators/templates/markerb/unlock_instructions.markerb index 09b866b94c..389db7e10e 100644 --- a/lib/generators/templates/markerb/unlock_instructions.markerb +++ b/lib/generators/templates/markerb/unlock_instructions.markerb @@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in Click the link below to unlock your account: -<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %> +<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %> From e20e446cf47636d1908142ae8e4445742bb3c5af Mon Sep 17 00:00:00 2001 From: Vitaly Bezkrovny Date: Sat, 12 Oct 2013 02:22:43 +0300 Subject: [PATCH 0325/1473] + last_attempt + @@last_attempt_warning + last_attempt? method; * send :last_attempt key if it is the last attempt + test for last attempt * update test to make two asserts * update message --- config/locales/en.yml | 1 + lib/devise.rb | 4 ++++ lib/devise/models/lockable.rb | 6 ++++++ test/models/lockable_test.rb | 13 +++++++++++++ 4 files changed, 24 insertions(+) diff --git a/config/locales/en.yml b/config/locales/en.yml index b0e4ed0ca9..a867ebd43a 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -11,6 +11,7 @@ en: inactive: "Your account is not activated yet." invalid: "Invalid email or password." locked: "Your account is locked." + last_attempt: "You have one more attempt before your account will be locked'" not_found_in_database: "Invalid email or password." timeout: "Your session expired. Please sign in again to continue." unauthenticated: "You need to sign in or sign up before continuing." diff --git a/lib/devise.rb b/lib/devise.rb index ae5fad7fd3..99e585dfa3 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -268,6 +268,10 @@ def self.#{method}=(val) mattr_accessor :paranoid @@paranoid = false + # When true, warn user if he just used next-to-last attempt of authentication + mattr_accessor :last_attempt_warning + @@last_attempt_warning = false + # Stores the token generator mattr_accessor :token_generator @@token_generator = nil diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 49a5312eae..e5640c562e 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -112,6 +112,8 @@ def unauthenticated_message # leaks the existence of an account. if Devise.paranoid super + elsif lock_strategy_enabled?(:failed_attempts) && last_attempt? + :last_attempt elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded? :locked else @@ -125,6 +127,10 @@ def attempts_exceeded? self.failed_attempts > self.class.maximum_attempts end + def last_attempt? + self.failed_attempts == self.class.maximum_attempts - 1 + end + # Tells if the lock is expired if :time unlock strategy is active def lock_expired? if unlock_strategy_enabled?(:time) diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 7ac558690b..ff29e8da23 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -279,4 +279,17 @@ def setup assert_equal :invalid, user.unauthenticated_message end end + + test 'should return last attempt message if user made next-to-last attempt of password entering' do + swap Devise, :last_attempt_warning => :true do + swap Devise, :lock_strategy => :failed_attempts do + user = create_user + user.failed_attempts = Devise.maximum_attempts - 2 + assert_equal :invalid, user.unauthenticated_message + + user.failed_attempts = Devise.maximum_attempts - 1 + assert_equal :last_attempt, user.unauthenticated_message + end + end + end end From aba19c1ca437df4e9fc2fa1bae9682da1938f821 Mon Sep 17 00:00:00 2001 From: Vitaly Bezkrovny Date: Wed, 16 Oct 2013 23:57:11 +0300 Subject: [PATCH 0326/1473] * typo --- config/locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index a867ebd43a..6cd4cd2776 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -11,7 +11,7 @@ en: inactive: "Your account is not activated yet." invalid: "Invalid email or password." locked: "Your account is locked." - last_attempt: "You have one more attempt before your account will be locked'" + last_attempt: "You have one more attempt before your account will be locked." not_found_in_database: "Invalid email or password." timeout: "Your session expired. Please sign in again to continue." unauthenticated: "You need to sign in or sign up before continuing." From 844d467ab96f8ccacb7d91a94514883d594e71d1 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 20 Oct 2013 17:55:51 +0300 Subject: [PATCH 0327/1473] Update CHANGELOG [ci skip] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70c6a85b51..3faf16ce44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ * enhancements * Previously deprecated token authenticatable and insecure lookups have been removed * Add a class method so you can encrypt passwords from fixtures (by @tenderlove) + * Send custom message when user enters invalid password and it has only one attempt + to enter correct password before his account will be locked (by @Lightpower) ### 3.1.1 From 48614362989178da19aea1e4ee945c7fd5320956 Mon Sep 17 00:00:00 2001 From: Jay Hayes Date: Thu, 17 Oct 2013 18:07:42 -0500 Subject: [PATCH 0328/1473] Prevent mutation of orig values during case and wspace sanitizations --- lib/devise/models/authenticatable.rb | 11 ++++++----- test/models/database_authenticatable_test.rb | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index c80350a858..e2dfab6b4d 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -174,23 +174,24 @@ def send_devise_notification(notification, *args) end def downcase_keys - self.class.case_insensitive_keys.each { |k| apply_to_attribute_or_variable(k, :downcase!) } + self.class.case_insensitive_keys.each { |k| apply_to_attribute_or_variable(k, :downcase) } end def strip_whitespace - self.class.strip_whitespace_keys.each { |k| apply_to_attribute_or_variable(k, :strip!) } + self.class.strip_whitespace_keys.each { |k| apply_to_attribute_or_variable(k, :strip) } end def apply_to_attribute_or_variable(attr, method) if self[attr] - self[attr].try(method) + self[attr] = self[attr].try(method) # Use respond_to? here to avoid a regression where globally # configured strip_whitespace_keys or case_insensitive_keys were # attempting to strip! or downcase! when a model didn't have the # globally configured key. - elsif respond_to?(attr) - send(attr).try(method) + elsif respond_to?(attr) && respond_to?("#{attr}=") + new_value = send(attr).try(method) + send("#{attr}=", new_value) end end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index d8689aee7e..9f7a9f6c1a 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -24,6 +24,15 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_equal confirmation.downcase, user.email_confirmation end + test 'should not mutate value assigned to case insensitive key' do + email = 'Foo@Bar.com' + original_email = email.dup + user = new_user(:email => email) + + user.save! + assert_equal original_email, email + end + test 'should remove whitespace from strip whitespace keys when saving' do # strip_whitespace_keys is set to :email by default. email = ' foo@bar.com ' @@ -34,6 +43,15 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_equal email.strip, user.email end + test 'should not mutate value assigned to string whitespace key' do + email = ' foo@bar.com ' + original_email = email.dup + user = new_user(:email => email) + + user.save! + assert_equal original_email, email + end + test "doesn't throw exception when globally configured strip_whitespace_keys are not present on a model" do swap Devise, :strip_whitespace_keys => [:fake_key] do assert_nothing_raised { create_user } From 21583cbf9541d0a60cad0aa8e563d9020d561956 Mon Sep 17 00:00:00 2001 From: Jay Hayes Date: Fri, 18 Oct 2013 06:45:21 -0500 Subject: [PATCH 0329/1473] Update code comment to keep it up to date [#2691] [ci skip] --- lib/devise/models/authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index e2dfab6b4d..878b438ac1 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -187,7 +187,7 @@ def apply_to_attribute_or_variable(attr, method) # Use respond_to? here to avoid a regression where globally # configured strip_whitespace_keys or case_insensitive_keys were - # attempting to strip! or downcase! when a model didn't have the + # attempting to strip or downcase when a model didn't have the # globally configured key. elsif respond_to?(attr) && respond_to?("#{attr}=") new_value = send(attr).try(method) From 2296d14803fa8feef8110bd0c9ca321221f24137 Mon Sep 17 00:00:00 2001 From: Jay Hayes Date: Fri, 18 Oct 2013 06:47:05 -0500 Subject: [PATCH 0330/1473] Add entry to changelog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [#2691] [ci skip] Signed-off-by: José Valim Conflicts: CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3faf16ce44..9f4d8571a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ * Add a class method so you can encrypt passwords from fixtures (by @tenderlove) * Send custom message when user enters invalid password and it has only one attempt to enter correct password before his account will be locked (by @Lightpower) + * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery) ### 3.1.1 From a8069be4c80266bec7507ba20c91cda6bbd2f370 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 21 Oct 2013 13:28:20 +0200 Subject: [PATCH 0331/1473] Improve devise_for docs to be make routes integration more explicit --- lib/devise/rails/routes.rb | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index d443b706f2..b975c7677b 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -58,6 +58,28 @@ class Mapper # user_confirmation GET /users/confirmation(.:format) {:controller=>"devise/confirmations", :action=>"show"} # POST /users/confirmation(.:format) {:controller=>"devise/confirmations", :action=>"create"} # + # ==== Routes integration + # + # +devise_for+ is meant to play nicely with other routes methods. For example, + # by calling +devise_for+ inside a namespace, it automatically nests your devise + # controllers: + # + # namespace :publisher do + # devise_for :account + # end + # + # The snippet above will use publisher/sessions controller instead of devise/sessions + # controller. You can revert this change or configure it directly by passing the :module + # option described below to +devise_for+. + # + # Also note that when you use a namespace it will affect all the helpers and methods + # for controllers and views. For example, using the above setup you'll end with + # following methods: current_publisher_account, authenticate_publisher_account!, + # publisher_account_signed_in, etc. + # + # The only aspect not affect by the router configuration is the model name. The + # model name can be explicitly set via the :class_name option. + # # ==== Options # # You can configure your routes with some options: @@ -104,20 +126,6 @@ class Mapper # # devise_for :users, :module => "users" # - # Notice that whenever you use namespace in the router DSL, it automatically sets the module. - # So the following setup: - # - # namespace :publisher do - # devise_for :account - # end - # - # Will use publisher/sessions controller instead of devise/sessions controller. You can revert - # this by providing the :module option to devise_for. - # - # Also pay attention that when you use a namespace it will affect all the helpers and methods for controllers - # and views. For example, using the above setup you'll end with following methods: - # current_publisher_account, authenticate_publisher_account!, publisher_account_signed_in, etc. - # # * :skip => tell which controller you want to skip routes from being created: # # devise_for :users, :skip => :sessions From bb810cfb8f4868907c663fce7620b8da5ea78064 Mon Sep 17 00:00:00 2001 From: Vitaly Bezkrovny Date: Tue, 22 Oct 2013 00:43:56 +0300 Subject: [PATCH 0332/1473] * show message for last attempt, not for one-before-last one; * update test to check the message :invalid, :last_attempt, :locked --- lib/devise/models/lockable.rb | 2 +- test/models/lockable_test.rb | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index e5640c562e..4073a6ae54 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -128,7 +128,7 @@ def attempts_exceeded? end def last_attempt? - self.failed_attempts == self.class.maximum_attempts - 1 + self.failed_attempts == self.class.maximum_attempts end # Tells if the lock is expired if :time unlock strategy is active diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index ff29e8da23..62bd2fa194 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -284,11 +284,14 @@ def setup swap Devise, :last_attempt_warning => :true do swap Devise, :lock_strategy => :failed_attempts do user = create_user - user.failed_attempts = Devise.maximum_attempts - 2 + user.failed_attempts = Devise.maximum_attempts - 1 assert_equal :invalid, user.unauthenticated_message - user.failed_attempts = Devise.maximum_attempts - 1 + user.failed_attempts = Devise.maximum_attempts assert_equal :last_attempt, user.unauthenticated_message + + user.failed_attempts = Devise.maximum_attempts + 1 + assert_equal :locked, user.unauthenticated_message end end end From 8bef8b87f183a4cc2aa02a11620d5f08956e2331 Mon Sep 17 00:00:00 2001 From: Dave Tong Date: Thu, 24 Oct 2013 08:15:53 +1100 Subject: [PATCH 0333/1473] Add documentation to the 'after_database_authentication' method. --- lib/devise/models/database_authenticatable.rb | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 1f3ebaab6b..c1285109d3 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -101,7 +101,7 @@ def update_without_password(params, *options) end # Destroy record when :current_password matches, otherwise returns - # error on :current_password. It also automatically rejects + # error on :current_password. It also automatically rejects # :current_password if it is blank. def destroy_with_password(current_password) result = if valid_password?(current_password) @@ -115,6 +115,16 @@ def destroy_with_password(current_password) result end + # A callback initiated after successfully authenticating. This can be + # used to insert your own logic that is only run after the user successfully + # authenticates. + # + # Example: + # + # def after_database_authentication + # self.update_attribute(:invite_code, nil) + # end + # def after_database_authentication end From d5514bf916e3dff38c4e29172547085a2105898e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benoit=20Be=CC=81ne=CC=81zech?= Date: Thu, 24 Oct 2013 16:46:45 +0200 Subject: [PATCH 0334/1473] Add options for FailureApp's i18n_message. Similar #1633 --- lib/devise/failure_app.rb | 9 +++++++-- test/failure_app_test.rb | 11 +++++++++++ test/support/locale/en.yml | 4 ++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 08b02568aa..60092e32e4 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -68,8 +68,13 @@ def i18n_message(default = nil) message = warden_message || default || :unauthenticated if message.is_a?(Symbol) - I18n.t(:"#{scope}.#{message}", :resource_name => scope, - :scope => "devise.failure", :default => [message]) + options = {} + options[:resource_name] = scope + options[:scope] = "devise.failure" + options[:default] = [message] + options = i18n_options(options) if respond_to?(:i18n_options, true) + + I18n.t(:"#{scope}.#{message}", options) else message.to_s end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 36f532b3f2..bab34c28e5 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -8,6 +8,12 @@ def fake_app end end + class FailureWithI18nOptions < Devise::FailureApp + def i18n_options(options) + options.merge(:name => 'Steve') + end + end + def self.context(name, &block) instance_eval(&block) end @@ -67,6 +73,11 @@ def call_failure(env_params={}) assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end + test 'uses custom i18n options' do + call_failure('warden' => OpenStruct.new(:message => :does_not_exist), :app => FailureWithI18nOptions) + assert_equal 'User Steve does not exist', @request.flash[:alert] + end + test 'uses the proxy failure message as string' do call_failure('warden' => OpenStruct.new(:message => 'Hello world')) assert_equal 'Hello world', @request.flash[:alert] diff --git a/test/support/locale/en.yml b/test/support/locale/en.yml index e4501ceb38..e1f977b3e7 100644 --- a/test/support/locale/en.yml +++ b/test/support/locale/en.yml @@ -1,4 +1,8 @@ en: + devise: + failure: + user: + does_not_exist: "User %{name} does not exist" errors: messages: taken: "has already been taken" From 04e47687b2f432d6a7d8937adb53c20e5746c5b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benoit=20Be=CC=81ne=CC=81zech?= Date: Thu, 24 Oct 2013 17:29:53 +0200 Subject: [PATCH 0335/1473] remove respond_to in favor of an implementation that returns options --- app/controllers/devise_controller.rb | 6 +++++- lib/devise/failure_app.rb | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 7e3303b3fc..65822b03e1 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -147,12 +147,16 @@ def set_flash_message(key, kind, options = {}) flash[key] = message if message.present? end + def devise_i18n_options(options) + options + end + # Get message for given def find_message(kind, options = {}) options[:scope] = "devise.#{controller_name}" options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name - options = devise_i18n_options(options) if respond_to?(:devise_i18n_options, true) + options = devise_i18n_options(options) I18n.t("#{options[:resource_name]}.#{kind}", options) end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 60092e32e4..5be1acbe9e 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -64,6 +64,10 @@ def redirect protected + def i18n_options(options) + options + end + def i18n_message(default = nil) message = warden_message || default || :unauthenticated @@ -72,7 +76,7 @@ def i18n_message(default = nil) options[:resource_name] = scope options[:scope] = "devise.failure" options[:default] = [message] - options = i18n_options(options) if respond_to?(:i18n_options, true) + options = i18n_options(options) I18n.t(:"#{scope}.#{message}", options) else From 88de877f8bda866256419f2913ee941bd2b0f87a Mon Sep 17 00:00:00 2001 From: Kiyoshi '13k' Murata <13k@linhareta.net> Date: Thu, 24 Oct 2013 19:35:18 -0200 Subject: [PATCH 0336/1473] Fix configuration option name in CHANGELOG. [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f4d8571a6..d70c23711e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ * backwards incompatible changes - * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration + * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_token_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration * The Devise mailer and its views were changed to explicitly receive a token argument as `@token`. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` * Sanitization of parameters should be done by calling `devise_parameter_sanitizer.sanitize(:action)` instead of `devise_parameter_sanitizer.for(:action)` From 69d28f9b0e8150aaec9f3175ddd8d1a20af0633a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 26 Oct 2013 11:56:31 +0200 Subject: [PATCH 0337/1473] Add config.last_attempt_warning to default config --- lib/generators/templates/devise.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index fde9c14cd3..ab0e8c0e85 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -173,6 +173,9 @@ # Time interval to unlock the account if :time is enabled as unlock_strategy. # config.unlock_in = 1.hour + # Warn on the last attempt before the account is locked. + # config.last_attempt_warning = false + # ==> Configuration for :recoverable # # Defines which key will be used when recovering the password for an account From e445039716c3397e0ef286257bb9bfffe93f2d67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 31 Oct 2013 06:38:30 -0700 Subject: [PATCH 0338/1473] Merge pull request #2717 from memberful/2716-splat-sanitize-params Splat the arguments to strong_parameters#permit, fixes #2716 --- lib/devise/parameter_sanitizer.rb | 10 +++++++--- test/parameter_sanitizer_test.rb | 9 +++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index e45f8ad801..6e4bf074e6 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -47,19 +47,23 @@ def initialize(*) end def sign_in - default_params.permit self.for(:sign_in) + permit self.for(:sign_in) end def sign_up - default_params.permit self.for(:sign_up) + permit self.for(:sign_up) end def account_update - default_params.permit self.for(:account_update) + permit self.for(:account_update) end private + def permit(keys) + default_params.permit(*Array(keys)) + end + # Change for(kind) to return the values in the @permitted # hash, allowing the developer to customize at runtime. def default_for(kind) diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 14b48629fa..cd48b382a7 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -68,5 +68,14 @@ def sanitizer(params) sanitizer.sanitize(:unknown) end end + + test 'passes parameters to filter as arguments to sanitizer' do + params = {user: stub} + sanitizer = Devise::ParameterSanitizer.new(User, :user, params) + + params[:user].expects(:permit).with(kind_of(Symbol), kind_of(Symbol), kind_of(Symbol)) + + sanitizer.sanitize(:sign_in) + end end end From 9eb0768cb9a416a08326d91db3063c64238ee333 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 31 Oct 2013 14:39:52 +0100 Subject: [PATCH 0339/1473] Add Rails 4 related todo --- lib/devise/parameter_sanitizer.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 6e4bf074e6..7b10cf5538 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -60,6 +60,8 @@ def account_update private + # TODO: We do need to flatten so it works with strong_parameters + # gem. We should drop it once we move to Rails 4 only support. def permit(keys) default_params.permit(*Array(keys)) end From c87809a0f5656fa6e944cc6ecbbb11e9020347af Mon Sep 17 00:00:00 2001 From: Kaworu Date: Fri, 1 Nov 2013 21:47:40 +0100 Subject: [PATCH 0340/1473] Separate redirects and flash messages in navigational_formats and flashing_formats --- app/controllers/devise/confirmations_controller.rb | 2 +- app/controllers/devise/passwords_controller.rb | 2 +- app/controllers/devise/registrations_controller.rb | 8 ++++---- app/controllers/devise/sessions_controller.rb | 4 ++-- app/controllers/devise/unlocks_controller.rb | 2 +- app/controllers/devise_controller.rb | 2 +- lib/devise.rb | 4 ++++ lib/devise/controllers/helpers.rb | 4 ++++ lib/generators/templates/devise.rb | 4 ++++ test/rails_app/config/initializers/devise.rb | 4 ++++ 10 files changed, 26 insertions(+), 10 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index a6a4a8801e..a728f7eac9 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -20,7 +20,7 @@ def show self.resource = resource_class.confirm_by_token(params[:confirmation_token]) if resource.errors.empty? - set_flash_message(:notice, :confirmed) if is_navigational_format? + set_flash_message(:notice, :confirmed) if is_flashing_format? respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new } diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 4cb353aa8e..6ecc772bf6 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -32,7 +32,7 @@ def update if resource.errors.empty? resource.unlock_access! if unlockable?(resource) flash_message = resource.active_for_authentication? ? :updated : :updated_not_active - set_flash_message(:notice, flash_message) if is_navigational_format? + set_flash_message(:notice, flash_message) if is_flashing_format? sign_in(resource_name, resource) respond_with resource, :location => after_resetting_password_path_for(resource) else diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index d8a4d4ce5e..22406ad8f1 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -14,11 +14,11 @@ def create if resource.save if resource.active_for_authentication? - set_flash_message :notice, :signed_up if is_navigational_format? + set_flash_message :notice, :signed_up if is_flashing_format? sign_up(resource_name, resource) respond_with resource, :location => after_sign_up_path_for(resource) else - set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_navigational_format? + set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format? expire_session_data_after_sign_in! respond_with resource, :location => after_inactive_sign_up_path_for(resource) end @@ -41,7 +41,7 @@ def update prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) if update_resource(resource, account_update_params) - if is_navigational_format? + if is_flashing_format? flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? :update_needs_confirmation : :updated set_flash_message :notice, flash_key @@ -58,7 +58,7 @@ def update def destroy resource.destroy Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name) - set_flash_message :notice, :destroyed if is_navigational_format? + set_flash_message :notice, :destroyed if is_flashing_format? respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) } end diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index a9b3922e83..87dc5b5497 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -13,7 +13,7 @@ def new # POST /resource/sign_in def create self.resource = warden.authenticate!(auth_options) - set_flash_message(:notice, :signed_in) if is_navigational_format? + set_flash_message(:notice, :signed_in) if is_flashing_format? sign_in(resource_name, resource) respond_with resource, :location => after_sign_in_path_for(resource) end @@ -22,7 +22,7 @@ def create def destroy redirect_path = after_sign_out_path_for(resource_name) signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) - set_flash_message :notice, :signed_out if signed_out && is_navigational_format? + set_flash_message :notice, :signed_out if signed_out && is_flashing_format? # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 539d9741d6..7194755edf 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -22,7 +22,7 @@ def show self.resource = resource_class.unlock_access_by_token(params[:unlock_token]) if resource.errors.empty? - set_flash_message :notice, :unlocked if is_navigational_format? + set_flash_message :notice, :unlocked if is_flashing_format? respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } else respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new } diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 65822b03e1..b1b88b74a6 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -123,7 +123,7 @@ def successfully_sent?(resource) end if notice - set_flash_message :notice, notice if is_navigational_format? + set_flash_message :notice, notice if is_flashing_format? true end end diff --git a/lib/devise.rb b/lib/devise.rb index 99e585dfa3..69b282fad4 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -209,6 +209,10 @@ def self.#{method}=(val) mattr_accessor :navigational_formats @@navigational_formats = ["*/*", :html] + # Which formats should display flash messages. + mattr_accessor :flashing_formats + @@flashing_formats = nil + # When set to true, signing out a user signs out all other scopes. mattr_accessor :sign_out_all_scopes @@sign_out_all_scopes = true diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 5d3e908c99..ab14551e44 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -291,6 +291,10 @@ def is_navigational_format? Devise.navigational_formats.include?(request_format) end + def is_flashing_format? + (Devise.flashing_formats || Devise.navigational_formats).include?(request_format) + end + private def expire_devise_cached_variables! diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index ab0e8c0e85..802cd3f40f 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -221,6 +221,10 @@ # The "*/*" below is required to match Internet Explorer requests. # config.navigational_formats = ['*/*', :html] + # Lists the formats that should display flash messages. Inherits + # navigational_formats if falsy + # config.flashing_formats = nil + # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :delete diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 8403188157..3682bb6b9d 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -162,6 +162,10 @@ # should add them to the navigational formats lists. Default is [:html] # config.navigational_formats = [:html, :iphone] + # Lists the formats that should display flash messages. Inherits + # navigational_formats if falsy + # config.flashing_formats = nil + # The default HTTP method used to sign out a resource. Default is :get. # config.sign_out_via = :get From fe1fb1f7a2dd1e7b8ae2bb5b42afc53536b77e1f Mon Sep 17 00:00:00 2001 From: Kaworu Date: Fri, 1 Nov 2013 22:25:15 +0100 Subject: [PATCH 0341/1473] Don't use config option for flashing_formats --- lib/devise.rb | 4 ---- lib/devise/controllers/helpers.rb | 4 +++- lib/generators/templates/devise.rb | 4 ---- test/rails_app/config/initializers/devise.rb | 4 ---- 4 files changed, 3 insertions(+), 13 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 69b282fad4..99e585dfa3 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -209,10 +209,6 @@ def self.#{method}=(val) mattr_accessor :navigational_formats @@navigational_formats = ["*/*", :html] - # Which formats should display flash messages. - mattr_accessor :flashing_formats - @@flashing_formats = nil - # When set to true, signing out a user signs out all other scopes. mattr_accessor :sign_out_all_scopes @@sign_out_all_scopes = true diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index ab14551e44..697f6a3cd9 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -291,8 +291,10 @@ def is_navigational_format? Devise.navigational_formats.include?(request_format) end + # Check if flash messages should be emitted. Default is to do it on + # navigational formats def is_flashing_format? - (Devise.flashing_formats || Devise.navigational_formats).include?(request_format) + is_navigational_format? end private diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 802cd3f40f..ab0e8c0e85 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -221,10 +221,6 @@ # The "*/*" below is required to match Internet Explorer requests. # config.navigational_formats = ['*/*', :html] - # Lists the formats that should display flash messages. Inherits - # navigational_formats if falsy - # config.flashing_formats = nil - # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :delete diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 3682bb6b9d..8403188157 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -162,10 +162,6 @@ # should add them to the navigational formats lists. Default is [:html] # config.navigational_formats = [:html, :iphone] - # Lists the formats that should display flash messages. Inherits - # navigational_formats if falsy - # config.flashing_formats = nil - # The default HTTP method used to sign out a resource. Default is :get. # config.sign_out_via = :get From 52a3768451e4ef1ebc91a522b706dac3ffaa3eb9 Mon Sep 17 00:00:00 2001 From: andrew morton Date: Fri, 15 Feb 2013 13:39:04 -0500 Subject: [PATCH 0342/1473] A GET to sign in shouldn't extend the session. --- app/controllers/devise/sessions_controller.rb | 2 +- test/integration/timeoutable_test.rb | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 87dc5b5497..7b6c408a1b 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -1,7 +1,7 @@ class Devise::SessionsController < DeviseController prepend_before_filter :require_no_authentication, :only => [ :new, :create ] prepend_before_filter :allow_params_authentication!, :only => :create - prepend_before_filter { request.env["devise.skip_timeout"] = true } + prepend_before_filter :only => [ :create, :destroy ] { request.env["devise.skip_timeout"] = true } # GET /resource/sign_in def new diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index cd1e49a696..b505005e5a 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -67,6 +67,20 @@ def last_request_at assert_contain 'Signed out successfully' end + test 'expired session is not extended by sign in page' do + user = sign_in_as_user + get expire_user_path(user) + assert warden.authenticated?(:user) + + get "/users/sign_in" + assert_redirected_to "/users/sign_in" + follow_redirect! + + assert_response :success + assert_contain 'Sign in' + assert_not warden.authenticated?(:user) + end + test 'time out is not triggered on sign in' do user = sign_in_as_user get expire_user_path(user) From d49f0a1184f15eb740adb2f7dc632f11a8287b47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 6 Nov 2013 20:34:38 +0100 Subject: [PATCH 0343/1473] Update CHANGELOG --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d70c23711e..bfb175dd94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ * Send custom message when user enters invalid password and it has only one attempt to enter correct password before his account will be locked (by @Lightpower) * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery) + * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev) + +* bug fix + * A GET to sign_in page shouldn't extend the session (by @drewish) + * Splat the arguments to `strong_parameters#permit` to work around a limitation in the `strong_parameters` gem (by @memberful) + * Omniauth now uses `mapping.fullpath` when generating routes. This means if you call `devise_for :users` inside a scope, like `scope "/api"`, the scope will now apply to the omniauth route (by @AlexanderZaytsev) ### 3.1.1 From 4f1bf8f3f9f992a25f5dad08ffaf6f77ddbd5c68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 6 Nov 2013 20:55:16 +0100 Subject: [PATCH 0344/1473] Split out sign_in/out functionality so it can be reused in hooks --- CHANGELOG.md | 3 + .../devise/registrations_controller.rb | 4 +- lib/devise.rb | 5 + lib/devise/controllers/helpers.rb | 98 ++--------------- lib/devise/controllers/rememberable.rb | 14 +-- lib/devise/controllers/sign_in_out.rb | 103 ++++++++++++++++++ lib/devise/hooks/forgetable.rb | 2 +- lib/devise/hooks/proxy.rb | 16 +++ lib/devise/hooks/rememberable.rb | 2 +- 9 files changed, 143 insertions(+), 104 deletions(-) create mode 100644 lib/devise/controllers/sign_in_out.rb create mode 100644 lib/devise/hooks/proxy.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index bfb175dd94..afe2799f71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,9 @@ * Splat the arguments to `strong_parameters#permit` to work around a limitation in the `strong_parameters` gem (by @memberful) * Omniauth now uses `mapping.fullpath` when generating routes. This means if you call `devise_for :users` inside a scope, like `scope "/api"`, the scope will now apply to the omniauth route (by @AlexanderZaytsev) +* deprecations + * `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!` + ### 3.1.1 * bug fix diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 22406ad8f1..aeeb15bde2 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -19,7 +19,7 @@ def create respond_with resource, :location => after_sign_up_path_for(resource) else set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format? - expire_session_data_after_sign_in! + expire_data_after_sign_in! respond_with resource, :location => after_inactive_sign_up_path_for(resource) end else @@ -68,7 +68,7 @@ def destroy # cancel oauth signing in/up in the middle of the process, # removing all OAuth session data. def cancel - expire_session_data_after_sign_in! + expire_data_after_sign_in! redirect_to new_registration_path(resource_name) end diff --git a/lib/devise.rb b/lib/devise.rb index 99e585dfa3..3455cb58ed 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -20,9 +20,14 @@ module Controllers autoload :Helpers, 'devise/controllers/helpers' autoload :Rememberable, 'devise/controllers/rememberable' autoload :ScopedViews, 'devise/controllers/scoped_views' + autoload :SignInOut, 'devise/controllers/sign_in_out' autoload :UrlHelpers, 'devise/controllers/url_helpers' end + module Hooks + autoload :Proxy, 'devise/hooks/proxy' + end + module Mailers autoload :Helpers, 'devise/mailers/helpers' end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 697f6a3cd9..842a8d099d 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -3,6 +3,7 @@ module Controllers # Those helpers are convenience methods added to ApplicationController. module Helpers extend ActiveSupport::Concern + include Devise::Controllers::SignInOut included do helper_method :warden, :signed_in?, :devise_controller? @@ -96,84 +97,6 @@ def allow_params_authentication! request.env["devise.allow_params_authentication"] = true end - # Return true if the given scope is signed in session. If no scope given, return - # true if any scope is signed in. Does not run authentication hooks. - def signed_in?(scope=nil) - [ scope || Devise.mappings.keys ].flatten.any? do |_scope| - warden.authenticate?(:scope => _scope) - end - end - - # Sign in a user that already was authenticated. This helper is useful for logging - # users in after sign up. - # - # All options given to sign_in is passed forward to the set_user method in warden. - # The only exception is the :bypass option, which bypass warden callbacks and stores - # the user straight in session. This option is useful in cases the user is already - # signed in, but we want to refresh the credentials in session. - # - # Examples: - # - # sign_in :user, @user # sign_in(scope, resource) - # sign_in @user # sign_in(resource) - # sign_in @user, :event => :authentication # sign_in(resource, options) - # sign_in @user, :store => false # sign_in(resource, options) - # sign_in @user, :bypass => true # sign_in(resource, options) - # - def sign_in(resource_or_scope, *args) - options = args.extract_options! - scope = Devise::Mapping.find_scope!(resource_or_scope) - resource = args.last || resource_or_scope - - expire_session_data_after_sign_in! - - if options[:bypass] - warden.session_serializer.store(resource, scope) - elsif warden.user(scope) == resource && !options.delete(:force) - # Do nothing. User already signed in and we are not forcing it. - true - else - warden.set_user(resource, options.merge!(:scope => scope)) - end - end - - # Sign out a given user or scope. This helper is useful for signing out a user - # after deleting accounts. Returns true if there was a logout and false if there - # is no user logged in on the referred scope - # - # Examples: - # - # sign_out :user # sign_out(scope) - # sign_out @user # sign_out(resource) - # - def sign_out(resource_or_scope=nil) - return sign_out_all_scopes unless resource_or_scope - scope = Devise::Mapping.find_scope!(resource_or_scope) - user = warden.user(:scope => scope, :run_callbacks => false) # If there is no user - - warden.raw_session.inspect # Without this inspect here. The session does not clear. - warden.logout(scope) - warden.clear_strategies_cache!(:scope => scope) - instance_variable_set(:"@current_#{scope}", nil) - - !!user - end - - # Sign out all active users or scopes. This helper is useful for signing out all roles - # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout - # and false if there was no user logged in on all scopes. - def sign_out_all_scopes(lock=true) - users = Devise.mappings.keys.map { |s| warden.user(:scope => s, :run_callbacks => false) } - - warden.raw_session.inspect - warden.logout - expire_devise_cached_variables! - warden.clear_strategies_cache! - warden.lock! if lock - - users.any? - end - # Returns and delete (if it's navigational format) the url stored in the session for # the given scope. Useful for giving redirect backs after sign up: # @@ -257,14 +180,6 @@ def sign_in_and_redirect(resource_or_scope, *args) redirect_to after_sign_in_path_for(resource) end - def expire_session_data_after_sign_in! - # session.keys will return an empty array if the session is not yet loaded. - # This is a bug in both Rack and Rails. - # A call to #empty? forces the session to be loaded. - session.empty? - session.keys.grep(/^devise\./).each { |k| session.delete(k) } - end - # Sign out a user and tries to redirect to the url specified by # after_sign_out_path_for. def sign_out_and_redirect(resource_or_scope) @@ -279,7 +194,7 @@ def sign_out_and_redirect(resource_or_scope) def handle_unverified_request sign_out_all_scopes(false) request.env["devise.skip_storage"] = true - expire_devise_cached_variables! + expire_data_after_sign_out! super # call the default behaviour which resets the session end @@ -299,8 +214,15 @@ def is_flashing_format? private - def expire_devise_cached_variables! + def expire_session_data_after_sign_in! + ActiveSupport::Deprecation.warn "expire_session_data_after_sign_in! is deprecated " \ + "in favor of expire_data_after_sign_in!" + expire_data_after_sign_in! + end + + def expire_data_after_sign_out! Devise.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) } + super end end end diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index d216e6d899..c2958aabf2 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -1,24 +1,14 @@ module Devise module Controllers # A module that may be optionally included in a controller in order - # to provide remember me behavior. + # to provide remember me behavior. Useful when signing in is done + # through a callback, like in Omniauth. module Rememberable # Return default cookie values retrieved from session options. def self.cookie_values Rails.configuration.session_options.slice(:path, :domain, :secure) end - # A small warden proxy so we can remember and forget uses from hooks. - class Proxy #:nodoc: - include Devise::Controllers::Rememberable - - delegate :cookies, :env, :to => :@warden - - def initialize(warden) - @warden = warden - end - end - # Remembers the given resource by setting up a cookie def remember_me(resource) return if env["devise.skip_storage"] diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb new file mode 100644 index 0000000000..78585387c9 --- /dev/null +++ b/lib/devise/controllers/sign_in_out.rb @@ -0,0 +1,103 @@ +module Devise + module Controllers + # Provide sign in and sign out functionality. + # Included by default in all controllers. + module SignInOut + # Return true if the given scope is signed in session. If no scope given, return + # true if any scope is signed in. Does not run authentication hooks. + def signed_in?(scope=nil) + [ scope || Devise.mappings.keys ].flatten.any? do |_scope| + warden.authenticate?(:scope => _scope) + end + end + + # Sign in a user that already was authenticated. This helper is useful for logging + # users in after sign up. + # + # All options given to sign_in is passed forward to the set_user method in warden. + # The only exception is the :bypass option, which bypass warden callbacks and stores + # the user straight in session. This option is useful in cases the user is already + # signed in, but we want to refresh the credentials in session. + # + # Examples: + # + # sign_in :user, @user # sign_in(scope, resource) + # sign_in @user # sign_in(resource) + # sign_in @user, :event => :authentication # sign_in(resource, options) + # sign_in @user, :store => false # sign_in(resource, options) + # sign_in @user, :bypass => true # sign_in(resource, options) + # + def sign_in(resource_or_scope, *args) + options = args.extract_options! + scope = Devise::Mapping.find_scope!(resource_or_scope) + resource = args.last || resource_or_scope + + expire_data_after_sign_in! + + if options[:bypass] + warden.session_serializer.store(resource, scope) + elsif warden.user(scope) == resource && !options.delete(:force) + # Do nothing. User already signed in and we are not forcing it. + true + else + warden.set_user(resource, options.merge!(:scope => scope)) + end + end + + # Sign out a given user or scope. This helper is useful for signing out a user + # after deleting accounts. Returns true if there was a logout and false if there + # is no user logged in on the referred scope + # + # Examples: + # + # sign_out :user # sign_out(scope) + # sign_out @user # sign_out(resource) + # + def sign_out(resource_or_scope=nil) + return sign_out_all_scopes unless resource_or_scope + scope = Devise::Mapping.find_scope!(resource_or_scope) + user = warden.user(:scope => scope, :run_callbacks => false) # If there is no user + + warden.raw_session.inspect # Without this inspect here. The session does not clear. + warden.logout(scope) + warden.clear_strategies_cache!(:scope => scope) + instance_variable_set(:"@current_#{scope}", nil) + + !!user + end + + # Sign out all active users or scopes. This helper is useful for signing out all roles + # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout + # and false if there was no user logged in on all scopes. + def sign_out_all_scopes(lock=true) + users = Devise.mappings.keys.map { |s| warden.user(:scope => s, :run_callbacks => false) } + + warden.raw_session.inspect + warden.logout + expire_data_after_sign_out! + warden.clear_strategies_cache! + warden.lock! if lock + + users.any? + end + + private + + def expire_data_after_sign_in! + # session.keys will return an empty array if the session is not yet loaded. + # This is a bug in both Rack and Rails. + # A call to #empty? forces the session to be loaded. + session.empty? + session.keys.grep(/^devise\./).each { |k| session.delete(k) } + end + + def expire_data_after_sign_out! + # session.keys will return an empty array if the session is not yet loaded. + # This is a bug in both Rack and Rails. + # A call to #empty? forces the session to be loaded. + session.empty? + session.keys.grep(/^devise\./).each { |k| session.delete(k) } + end + end + end +end \ No newline at end of file diff --git a/lib/devise/hooks/forgetable.rb b/lib/devise/hooks/forgetable.rb index bf0374f407..50e2062c2d 100644 --- a/lib/devise/hooks/forgetable.rb +++ b/lib/devise/hooks/forgetable.rb @@ -4,6 +4,6 @@ # This avoids forgetting deleted users. Warden::Manager.before_logout do |record, warden, options| if record.respond_to?(:forget_me!) - Devise::Controllers::Rememberable::Proxy.new(warden).forget_me(record) + Devise::Hooks::Proxy.new(warden).forget_me(record) end end diff --git a/lib/devise/hooks/proxy.rb b/lib/devise/hooks/proxy.rb new file mode 100644 index 0000000000..866d404d81 --- /dev/null +++ b/lib/devise/hooks/proxy.rb @@ -0,0 +1,16 @@ +module Devise + module Hooks + # A small warden proxy so we can remember, forget and + # sign out users from hooks. + class Proxy #:nodoc: + include Devise::Controllers::Rememberable + include Devise::Controllers::SignInOut + + delegate :cookies, :env, :session, :to => :@warden + + def initialize(warden) + @warden = warden + end + end + end +end \ No newline at end of file diff --git a/lib/devise/hooks/rememberable.rb b/lib/devise/hooks/rememberable.rb index c27557b635..0dc19bbd96 100644 --- a/lib/devise/hooks/rememberable.rb +++ b/lib/devise/hooks/rememberable.rb @@ -2,6 +2,6 @@ scope = options[:scope] if record.respond_to?(:remember_me) && options[:store] != false && record.remember_me && warden.authenticated?(scope) - Devise::Controllers::Rememberable::Proxy.new(warden).remember_me(record) + Devise::Hooks::Proxy.new(warden).remember_me(record) end end \ No newline at end of file From 27bcefcf5495d781d3571fc49d78df9a39571938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 6 Nov 2013 21:07:38 +0100 Subject: [PATCH 0345/1473] Ensure timeoutable hook respects `Devise.sign_out_all_scopes` configuration Closes #2606 --- CHANGELOG.md | 1 + lib/devise/hooks/proxy.rb | 7 ++++++- lib/devise/hooks/timeoutable.rb | 5 ++++- test/integration/timeoutable_test.rb | 14 ++++++++++++++ 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index afe2799f71..d0c7dd4394 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ * A GET to sign_in page shouldn't extend the session (by @drewish) * Splat the arguments to `strong_parameters#permit` to work around a limitation in the `strong_parameters` gem (by @memberful) * Omniauth now uses `mapping.fullpath` when generating routes. This means if you call `devise_for :users` inside a scope, like `scope "/api"`, the scope will now apply to the omniauth route (by @AlexanderZaytsev) + * Ensure timeoutable hook respects `Devise.sign_out_all_scopes` configuration * deprecations * `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!` diff --git a/lib/devise/hooks/proxy.rb b/lib/devise/hooks/proxy.rb index 866d404d81..b97c7f6174 100644 --- a/lib/devise/hooks/proxy.rb +++ b/lib/devise/hooks/proxy.rb @@ -6,11 +6,16 @@ class Proxy #:nodoc: include Devise::Controllers::Rememberable include Devise::Controllers::SignInOut - delegate :cookies, :env, :session, :to => :@warden + attr_reader :warden + delegate :cookies, :env, :to => :warden def initialize(warden) @warden = warden end + + def session + warden.request.session + end end end end \ No newline at end of file diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index 2856a081ed..75a21b92dc 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -9,12 +9,15 @@ if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false last_request_at = warden.session(scope)['last_request_at'] + proxy = Devise::Hooks::Proxy.new(warden) if record.timedout?(last_request_at) && !env['devise.skip_timeout'] - warden.logout(scope) + Devise.sign_out_all_scopes ? proxy.sign_out : sign_out(scope) + if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout record.reset_authentication_token! end + throw :warden, :scope => scope, :message => :timeout end diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index b505005e5a..77ca9b65ea 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -45,6 +45,20 @@ def last_request_at assert_not warden.authenticated?(:user) end + test 'time out all sessions after default limit time when sign_out_all_scopes is true' do + swap Devise, sign_out_all_scopes: true do + sign_in_as_admin + + user = sign_in_as_user + get expire_user_path(user) + assert_not_nil last_request_at + + get root_path + assert_not warden.authenticated?(:user) + assert_not warden.authenticated?(:admin) + end + end + test 'time out user session after deault limit time and redirect to latest get request' do user = sign_in_as_user visit edit_form_user_path(user) From 9d872709c06537cdd7e2291ede147e08f5831acb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 6 Nov 2013 21:39:16 +0100 Subject: [PATCH 0346/1473] Release Devise 3.2.0 --- CHANGELOG.md | 2 +- Gemfile.lock | 4 ++-- lib/devise/version.rb | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0c7dd4394..d9026c3649 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### 3.2.0-dev +### 3.2.0 * enhancements * Previously deprecated token authenticatable and insecure lookups have been removed diff --git a/Gemfile.lock b/Gemfile.lock index 9889a72614..66eedb27c8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.1.0) + devise (3.2.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -48,7 +48,7 @@ GEM tzinfo (~> 0.3.37) arel (4.0.0) atomic (1.1.12) - bcrypt-ruby (3.1.1) + bcrypt-ruby (3.1.2) builder (3.1.4) erubis (2.7.0) faraday (0.8.8) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 2e9034e20a..e2dd4c3bf4 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.1.0".freeze + VERSION = "3.2.0".freeze end From c840fc419f985be8a747e8fe572106dfb9a21b9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 6 Nov 2013 21:50:04 +0100 Subject: [PATCH 0347/1473] Update Rails 3.2 lock too --- gemfiles/Gemfile.rails-3.2.x.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index a594406b4f..717a99f2dd 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (3.1.0) + devise (3.2.0) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -39,8 +39,8 @@ GEM i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) arel (3.0.2) - atomic (1.1.13) - bcrypt-ruby (3.1.1) + atomic (1.1.14) + bcrypt-ruby (3.1.2) builder (3.0.4) erubis (2.7.0) faraday (0.8.8) @@ -125,7 +125,7 @@ GEM tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.7) thor (0.18.1) - thread_safe (0.1.2) + thread_safe (0.1.3) atomic tilt (1.4.1) treetop (1.4.14) From e26ea51fe5ae9643bf7690223e06ee1da54766cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 7 Nov 2013 14:30:26 +0100 Subject: [PATCH 0348/1473] Improve error message for wrongly nested omniauth callback --- lib/devise/rails/routes.rb | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 11da56f49b..d6dd66c331 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -387,8 +387,23 @@ def devise_registration(mapping, controllers) #:nodoc: def devise_omniauth_callback(mapping, controllers) #:nodoc: if mapping.fullpath =~ /:[a-zA-Z_]/ - raise "[DEVISE] Nesting omniauth callbacks under scopes with dynamic segments " \ - "is not supported. Please, use Devise.omniauth_path_prefix instead." + raise <<-ERROR +Devise does not support scoping omniauth callbacks under a dynamic segment +and you have set #{mapping.fullpath.inspect}. You can work around by passing +`skip: :omniauth_callbacks` and manually defining the routes. Here is an example: + + match "/users/auth/:provider", + :constraints => { :provider => /\Agoogle|facebook\z/ }, + :to => "devise/omniauth_callbacks#passthru", + :as => :omniauth_authorize, + :via => [:get, :post] + + match "/users/auth/:action/callback", + :constraints => { :action => /\Agoogle|facebook\z/ }, + :to => "devise/omniauth_callbacks", + :as => :omniauth_callback, + :via => [:get, :post] +ERROR end path, @scope[:path] = @scope[:path], nil From bf5bcd52cb9edaefb002927434d7ede398e74bc5 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 8 Nov 2013 16:22:31 -0200 Subject: [PATCH 0349/1473] Bring `password_digest` back. This method is part of the protected API and is used by custom encryption engines (like `devise-encryptable`) to hook the custom encryption logic in the models. Fixes #2730 --- lib/devise/models/database_authenticatable.rb | 11 ++++++++++- test/models/database_authenticatable_test.rb | 5 +++++ test/test_models.rb | 7 +++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index c1285109d3..bb0744c13d 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -39,7 +39,7 @@ def self.required_fields(klass) # Generates password encryption based on the given value. def password=(new_password) @password = new_password - self.encrypted_password = Devise.bcrypt(self.class, @password) if @password.present? + self.encrypted_password = password_digest(@password) if @password.present? end # Verifies whether an password (ie from sign in) is the user password. @@ -135,6 +135,15 @@ def authenticatable_salt protected + # Digests the password using bcrypt. Custom encryption should override + # this method to apply their own algorithm. + # + # See https://github.com/plataformatec/devise-encryptable for examples + # of other encryption engines. + def password_digest(password) + Devise.bcrypt(self.class, password) + end + module ClassMethods Devise::Models.config(self, :pepper, :stretches) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 9f7a9f6c1a..79da1e644b 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -93,6 +93,11 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_present user.encrypted_password end + test 'should support custom encryption methods' do + user = UserWithCustomEncryption.new(:password => '654321') + assert_equal user.encrypted_password, '123456' + end + test 'allow authenticatable_salt to work even with nil encrypted password' do user = User.new user.encrypted_password = nil diff --git a/test/test_models.rb b/test/test_models.rb index cd7fbaa31a..ec3710fca6 100644 --- a/test/test_models.rb +++ b/test/test_models.rb @@ -12,6 +12,13 @@ class UserWithValidation < User validates_presence_of :username end +class UserWithCustomEncryption < User + protected + def password_digest(password) + password.reverse + end +end + class UserWithVirtualAttributes < User devise :case_insensitive_keys => [ :email, :email_confirmation ] validates :email, :presence => true, :confirmation => {:on => :create} From 989071144e80cea01be2ac357730ce98260353bc Mon Sep 17 00:00:00 2001 From: Ezequiel Delpero Date: Wed, 6 Nov 2013 00:33:41 -0300 Subject: [PATCH 0350/1473] Adds yield around resource on devise controllers If you want to add a new behavior to your devise controllers but you don't want to override devise's default workflow, just pass a block around resource. This would give you for example, the ability to trigger background jobs after user signs in. --- app/controllers/devise/confirmations_controller.rb | 2 ++ app/controllers/devise/passwords_controller.rb | 2 ++ app/controllers/devise/registrations_controller.rb | 3 +++ app/controllers/devise/sessions_controller.rb | 2 ++ app/controllers/devise/unlocks_controller.rb | 2 ++ 5 files changed, 11 insertions(+) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index a728f7eac9..314fab20c3 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -7,6 +7,7 @@ def new # POST /resource/confirmation def create self.resource = resource_class.send_confirmation_instructions(resource_params) + yield resource if block_given? if successfully_sent?(resource) respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name)) @@ -18,6 +19,7 @@ def create # GET /resource/confirmation?confirmation_token=abcdef def show self.resource = resource_class.confirm_by_token(params[:confirmation_token]) + yield resource if block_given? if resource.errors.empty? set_flash_message(:notice, :confirmed) if is_flashing_format? diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 6ecc772bf6..ef8888e5b4 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -11,6 +11,7 @@ def new # POST /resource/password def create self.resource = resource_class.send_reset_password_instructions(resource_params) + yield resource if block_given? if successfully_sent?(resource) respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) @@ -28,6 +29,7 @@ def edit # PUT /resource/password def update self.resource = resource_class.reset_password_by_token(resource_params) + yield resource if block_given? if resource.errors.empty? resource.unlock_access! if unlockable?(resource) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index aeeb15bde2..616a226a7c 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -13,6 +13,7 @@ def create build_resource(sign_up_params) if resource.save + yield resource if block_given? if resource.active_for_authentication? set_flash_message :notice, :signed_up if is_flashing_format? sign_up(resource_name, resource) @@ -41,6 +42,7 @@ def update prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) if update_resource(resource, account_update_params) + yield resource if block_given? if is_flashing_format? flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? :update_needs_confirmation : :updated @@ -59,6 +61,7 @@ def destroy resource.destroy Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name) set_flash_message :notice, :destroyed if is_flashing_format? + yield resource if block_given? respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) } end diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 7b6c408a1b..6b78dd857c 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -15,6 +15,7 @@ def create self.resource = warden.authenticate!(auth_options) set_flash_message(:notice, :signed_in) if is_flashing_format? sign_in(resource_name, resource) + yield resource if block_given? respond_with resource, :location => after_sign_in_path_for(resource) end @@ -23,6 +24,7 @@ def destroy redirect_path = after_sign_out_path_for(resource_name) signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) set_flash_message :notice, :signed_out if signed_out && is_flashing_format? + yield resource if block_given? # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 7194755edf..ec9987f574 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -9,6 +9,7 @@ def new # POST /resource/unlock def create self.resource = resource_class.send_unlock_instructions(resource_params) + yield resource if block_given? if successfully_sent?(resource) respond_with({}, :location => after_sending_unlock_instructions_path_for(resource)) @@ -20,6 +21,7 @@ def create # GET /resource/unlock?unlock_token=abcdef def show self.resource = resource_class.unlock_access_by_token(params[:unlock_token]) + yield resource if block_given? if resource.errors.empty? set_flash_message :notice, :unlocked if is_flashing_format? From 268e486dbbdcbbd8a1e7942aa8964ad50d9d11b2 Mon Sep 17 00:00:00 2001 From: Matthew Rudy Jacobs Date: Fri, 8 Nov 2013 14:39:43 +0000 Subject: [PATCH 0351/1473] Add store_location_for helper This is used as a complement to `stored_location_for`. Example: Before authorizing with Omniauth; store_location_for(:user, dashboard_path) redirect_to user_omniauth_authorize_path(:facebook) In our Omniauth callback sign_in(user) redirect_to stored_location_for(:user) || root_path --- lib/devise.rb | 1 + lib/devise/controllers/helpers.rb | 18 +--------- lib/devise/controllers/store_location.rb | 45 ++++++++++++++++++++++++ lib/devise/failure_app.rb | 4 ++- test/controllers/helpers_test.rb | 11 ++++++ 5 files changed, 61 insertions(+), 18 deletions(-) create mode 100644 lib/devise/controllers/store_location.rb diff --git a/lib/devise.rb b/lib/devise.rb index 3455cb58ed..289fa03afc 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -21,6 +21,7 @@ module Controllers autoload :Rememberable, 'devise/controllers/rememberable' autoload :ScopedViews, 'devise/controllers/scoped_views' autoload :SignInOut, 'devise/controllers/sign_in_out' + autoload :StoreLocation, 'devise/controllers/store_location' autoload :UrlHelpers, 'devise/controllers/url_helpers' end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 842a8d099d..066e2e39a9 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -4,6 +4,7 @@ module Controllers module Helpers extend ActiveSupport::Concern include Devise::Controllers::SignInOut + include Devise::Controllers::StoreLocation included do helper_method :warden, :signed_in?, :devise_controller? @@ -97,23 +98,6 @@ def allow_params_authentication! request.env["devise.allow_params_authentication"] = true end - # Returns and delete (if it's navigational format) the url stored in the session for - # the given scope. Useful for giving redirect backs after sign up: - # - # Example: - # - # redirect_to stored_location_for(:user) || root_path - # - def stored_location_for(resource_or_scope) - scope = Devise::Mapping.find_scope!(resource_or_scope) - - if is_navigational_format? - session.delete("#{scope}_return_to") - else - session["#{scope}_return_to"] - end - end - # The scope root url to be used when he's signed in. By default, it first # tries to find a resource_root_path, otherwise it uses the root_path. def signed_in_root_path(resource_or_scope) diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb new file mode 100644 index 0000000000..845c54b154 --- /dev/null +++ b/lib/devise/controllers/store_location.rb @@ -0,0 +1,45 @@ +module Devise + module Controllers + # Provide the ability to store a location. + # Used to redirect back to a desired path after sign in. + # Included by default in all controllers. + module StoreLocation + # Returns and delete (if it's navigational format) the url stored in the session for + # the given scope. Useful for giving redirect backs after sign up: + # + # Example: + # + # redirect_to stored_location_for(:user) || root_path + # + def stored_location_for(resource_or_scope) + session_key = stored_location_key_for(resource_or_scope) + + if is_navigational_format? + session.delete(session_key) + else + session[session_key] + end + end + + # Stores the provided location to redirect the user after signing in. + # Useful in combination with the `stored_location_for` helper. + # + # Example: + # + # store_location_for(:user, dashboard_path) + # redirect_to user_omniauth_authorize_path(:facebook) + # + def store_location_for(resource_or_scope, location) + session_key = stored_location_key_for(resource_or_scope) + session[session_key] = location + end + + private + + def stored_location_key_for(resource_or_scope) + scope = Devise::Mapping.find_scope!(resource_or_scope) + "#{scope}_return_to" + end + end + end +end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 5be1acbe9e..34f6a5c5eb 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -13,6 +13,8 @@ class FailureApp < ActionController::Metal include Rails.application.routes.url_helpers include Rails.application.routes.mounted_helpers + include Devise::Controllers::StoreLocation + delegate :flash, :to => :request def self.call(env) @@ -189,7 +191,7 @@ def attempted_path # yet, but we still need to store the uri based on scope, so different scopes # would never use the same uri to redirect. def store_location! - session["#{scope}_return_to"] = attempted_path if request.get? && !http_auth? + store_location_for(scope, attempted_path) if request.get? && !http_auth? end def is_navigational_format? diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index f65b2959d7..9b10587df6 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -187,6 +187,17 @@ def setup assert_nil @controller.session[:"user_return_to"] end + test 'store location for stores a location to redirect back to' do + assert_nil @controller.stored_location_for(:user) + @controller.store_location_for(:user, "/foo.bar") + assert_equal "/foo.bar", @controller.stored_location_for(:user) + end + + test 'store location for accepts a resource as argument' do + @controller.store_location_for(User.new, "/foo.bar") + assert_equal "/foo.bar", @controller.stored_location_for(User.new) + end + test 'after sign in path defaults to root path if none by was specified for the given scope' do assert_equal root_path, @controller.after_sign_in_path_for(:user) end From 221be6d6efc80f6c58d5ab13cf5898fa1e5e877f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 13 Nov 2013 13:29:25 +0100 Subject: [PATCH 0352/1473] Update bundled rails app --- test/rails_app/config/boot.rb | 8 +++- .../config/environments/development.rb | 4 -- .../config/environments/production.rb | 4 -- test/rails_app/db/schema.rb | 38 ++++++++++--------- test/test_helper.rb | 7 ---- 5 files changed, 28 insertions(+), 33 deletions(-) diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index d0ab13940b..1a479a1ab9 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -2,7 +2,13 @@ DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym end +module Devise + # Detection for minor differences between Rails 3.2 and 4 in tests. + def self.rails4? + Rails.version.start_with? '4' + end +end + # Set up gems listed in the Gemfile. ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__) - require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE']) diff --git a/test/rails_app/config/environments/development.rb b/test/rails_app/config/environments/development.rb index f7cea6d528..fcddb5f583 100644 --- a/test/rails_app/config/environments/development.rb +++ b/test/rails_app/config/environments/development.rb @@ -22,10 +22,6 @@ # Only use best-standards-support built into browsers. config.action_dispatch.best_standards_support = :builtin - # Log the query plan for queries taking more than this (works - # with SQLite, MySQL, and PostgreSQL). - config.active_record.auto_explain_threshold_in_seconds = 0.5 - # Raise an error on page load if there are pending migrations config.active_record.migration_error = :page_load diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index 79c54188a1..2ce2f5188b 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -72,10 +72,6 @@ # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify - # Log the query plan for queries taking more than this (works - # with SQLite, MySQL, and PostgreSQL). - # config.active_record.auto_explain_threshold_in_seconds = 0.5 - # Disable automatic flushing of the log to improve performance. # config.autoflush_log = false diff --git a/test/rails_app/db/schema.rb b/test/rails_app/db/schema.rb index c36bc6fb5f..a7446056c1 100644 --- a/test/rails_app/db/schema.rb +++ b/test/rails_app/db/schema.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 # This file is auto-generated from the current state of the database. Instead # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. @@ -8,40 +9,43 @@ # from scratch. The latter is a flawed and unsustainable approach (the more migrations # you'll amass, the slower it'll run and the greater likelihood for issues). # -# It's strongly recommended to check this file into your version control system. +# It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(:version => 20100401102949) do +ActiveRecord::Schema.define(version: 20100401102949) do - create_table "admins", :force => true do |t| + create_table "admins", force: true do |t| t.string "email" - t.string "encrypted_password", :limit => 128 - t.string "password_salt" - t.string "remember_token" - t.datetime "remember_created_at" + t.string "encrypted_password" t.string "reset_password_token" - t.integer "failed_attempts", :default => 0 - t.string "unlock_token" + t.datetime "reset_password_sent_at" + t.datetime "remember_created_at" + t.string "confirmation_token" + t.datetime "confirmed_at" + t.datetime "confirmation_sent_at" + t.string "unconfirmed_email" t.datetime "locked_at" + t.boolean "active", default: false t.datetime "created_at" t.datetime "updated_at" end - create_table "users", :force => true do |t| + create_table "users", force: true do |t| t.string "username" t.string "facebook_token" - t.string "email", :default => "", :null => false - t.string "encrypted_password", :limit => 128, :default => "", :null => false - t.string "confirmation_token" - t.datetime "confirmed_at" - t.datetime "confirmation_sent_at" + t.string "email", default: "", null: false + t.string "encrypted_password", default: "", null: false t.string "reset_password_token" + t.datetime "reset_password_sent_at" t.datetime "remember_created_at" - t.integer "sign_in_count", :default => 0 + t.integer "sign_in_count", default: 0 t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" t.string "current_sign_in_ip" t.string "last_sign_in_ip" - t.integer "failed_attempts", :default => 0 + t.string "confirmation_token" + t.datetime "confirmed_at" + t.datetime "confirmation_sent_at" + t.integer "failed_attempts", default: 0 t.string "unlock_token" t.datetime "locked_at" t.datetime "created_at" diff --git a/test/test_helper.rb b/test/test_helper.rb index 1548e93a2f..6042044661 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -4,13 +4,6 @@ $:.unshift File.dirname(__FILE__) puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}" -module Devise - # Detection for minor differences between Rails 3.2 and 4 in tests. - def self.rails4? - Rails.version.start_with? '4' - end -end - require "rails_app/config/environment" require "rails/test_help" require "orm/#{DEVISE_ORM}" From 0582467032dcf25dd26f460dfef1b1edbaf65608 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 13 Nov 2013 13:30:24 +0100 Subject: [PATCH 0353/1473] Ensure we only store paths in store_location_for (thanks to @homakov for the tip) --- lib/devise/controllers/store_location.rb | 4 +++- test/controllers/helpers_test.rb | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index 845c54b154..b83fbb9a5c 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -1,3 +1,5 @@ +require "uri" + module Devise module Controllers # Provide the ability to store a location. @@ -31,7 +33,7 @@ def stored_location_for(resource_or_scope) # def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) - session[session_key] = location + session[session_key] = URI.parse(location).path end private diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 9b10587df6..fee034beb6 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -198,6 +198,12 @@ def setup assert_equal "/foo.bar", @controller.stored_location_for(User.new) end + test 'store location for stores only paths' do + assert_nil @controller.stored_location_for(:user) + @controller.store_location_for(:user, "//host/foo.bar") + assert_equal "/foo.bar", @controller.stored_location_for(:user) + end + test 'after sign in path defaults to root path if none by was specified for the given scope' do assert_equal root_path, @controller.after_sign_in_path_for(:user) end From 9a412c139f823cb0ff9bf39cbb10daa9fc94d42d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 13 Nov 2013 13:32:59 +0100 Subject: [PATCH 0354/1473] Update CHANGELOG --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d9026c3649..cc9c559a58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +### 3.2.1 + +* enhancements + * Add `store_location_for` helper and ensure it is safe (by @matthewrudy and @homakov) + * Add `yield` around resource methods in Devise controllers (by @edelpero) + +* bug fix + * Bring `password_digest` back to fix compatibility with `devise-encryptable` + ### 3.2.0 * enhancements From 95ec62ea76b4fca8c2c6f9d49e7e770ff7b39c54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 13 Nov 2013 13:45:34 +0100 Subject: [PATCH 0355/1473] Ensure encryption on authentication --- lib/devise/strategies/database_authenticatable.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index bccebb25eb..e0a38a107d 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -5,13 +5,16 @@ module Strategies # Default strategy for signing in a user, based on his email and password in the database. class DatabaseAuthenticatable < Authenticatable def authenticate! - resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) - return fail(:not_found_in_database) unless resource + resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) + encrypted = false - if validate(resource){ resource.valid_password?(password) } + if validate(resource){ encrypted = true; resource.valid_password?(password) } resource.after_database_authentication success!(resource) end + + mapping.to.new.password = password if !encrypted && Devise.paranoid + fail(:not_found_in_database) unless resource end end end From 3b598ec23584aba30010ef9b186599776f088f86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 13 Nov 2013 14:00:04 +0100 Subject: [PATCH 0356/1473] Release v3.2.1 --- CHANGELOG.md | 3 +++ Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.2.x.lock | 2 +- lib/devise/controllers/store_location.rb | 2 +- lib/devise/version.rb | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc9c559a58..266d23b090 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,14 @@ ### 3.2.1 +Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode + * enhancements * Add `store_location_for` helper and ensure it is safe (by @matthewrudy and @homakov) * Add `yield` around resource methods in Devise controllers (by @edelpero) * bug fix * Bring `password_digest` back to fix compatibility with `devise-encryptable` + * Avoid e-mail enumeration on sign in when in paranoid mode ### 3.2.0 diff --git a/Gemfile.lock b/Gemfile.lock index 66eedb27c8..1f621ea7cc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.2.0) + devise (3.2.1) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index 717a99f2dd..eb1e018762 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (3.2.0) + devise (3.2.1) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index b83fbb9a5c..c15928310f 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -33,7 +33,7 @@ def stored_location_for(resource_or_scope) # def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) - session[session_key] = URI.parse(location).path + session[session_key] = URI.parse(location).path if location end private diff --git a/lib/devise/version.rb b/lib/devise/version.rb index e2dd4c3bf4..42db40a621 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.2.0".freeze + VERSION = "3.2.1".freeze end From f36efc0cc98579cc54bb7f0336078f5fbb6ab1e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 13 Nov 2013 15:01:23 +0100 Subject: [PATCH 0357/1473] Ensure multiple leading / are also removed, thanks @homakov --- lib/devise/controllers/store_location.rb | 2 +- test/controllers/helpers_test.rb | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index c15928310f..a701d34fc5 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -33,7 +33,7 @@ def stored_location_for(resource_or_scope) # def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) - session[session_key] = URI.parse(location).path if location + session[session_key] = URI.parse(location).path.sub(/\A\/+/, '/') if location end private diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index fee034beb6..0238ba1aa8 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -199,9 +199,10 @@ def setup end test 'store location for stores only paths' do - assert_nil @controller.stored_location_for(:user) @controller.store_location_for(:user, "//host/foo.bar") assert_equal "/foo.bar", @controller.stored_location_for(:user) + @controller.store_location_for(:user, "///foo.bar") + assert_equal "/foo.bar", @controller.stored_location_for(:user) end test 'after sign in path defaults to root path if none by was specified for the given scope' do From 1390945e5ca44520f046cbb09eabe09ea2bc00e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 14 Nov 2013 09:09:05 +0100 Subject: [PATCH 0358/1473] Improve default omniauth sample --- lib/devise/rails/routes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index d6dd66c331..0125004e4b 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -393,13 +393,13 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: `skip: :omniauth_callbacks` and manually defining the routes. Here is an example: match "/users/auth/:provider", - :constraints => { :provider => /\Agoogle|facebook\z/ }, + :constraints => { :provider => /\A(google|facebook)\z/ }, :to => "devise/omniauth_callbacks#passthru", :as => :omniauth_authorize, :via => [:get, :post] match "/users/auth/:action/callback", - :constraints => { :action => /\Agoogle|facebook\z/ }, + :constraints => { :action => /\A(google|facebook)\z/ }, :to => "devise/omniauth_callbacks", :as => :omniauth_callback, :via => [:get, :post] From bb2ff3553bbd9c9c0fbf715d95d966e6df1c6996 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Fri, 15 Nov 2013 15:56:05 +0300 Subject: [PATCH 0359/1473] require rails generator base class in devise generators closes #2743 --- lib/generators/devise/devise_generator.rb | 2 ++ lib/generators/devise/install_generator.rb | 1 + lib/generators/devise/views_generator.rb | 2 ++ lib/generators/mongoid/devise_generator.rb | 1 + 4 files changed, 6 insertions(+) diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index ad459ced14..d7555631e7 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -1,3 +1,5 @@ +require 'rails/generators/named_base' + module Devise module Generators class DeviseGenerator < Rails::Generators::NamedBase diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index dd432f1398..a88c623b5e 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -1,3 +1,4 @@ +require 'rails/generators/base' require 'securerandom' module Devise diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 6df981c74e..79fbf57011 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -1,3 +1,5 @@ +require 'rails/generators/base' + module Devise module Generators # Include this module in your generator to generate Devise views. diff --git a/lib/generators/mongoid/devise_generator.rb b/lib/generators/mongoid/devise_generator.rb index 33b82bf8e6..213c953371 100644 --- a/lib/generators/mongoid/devise_generator.rb +++ b/lib/generators/mongoid/devise_generator.rb @@ -1,3 +1,4 @@ +require 'rails/generators/named_base' require 'generators/devise/orm_helpers' module Mongoid From 7afc096fa4ab39f79dacbce9e42ce34a5c37cfca Mon Sep 17 00:00:00 2001 From: Christopher Sexton Date: Wed, 20 Nov 2013 15:47:20 -0500 Subject: [PATCH 0360/1473] Keep the query string and path in store_location_for Persist the URI's query when saving to the session. Fixes #2742 --- lib/devise/controllers/store_location.rb | 5 ++++- test/controllers/helpers_test.rb | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index a701d34fc5..b249037a24 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -33,7 +33,10 @@ def stored_location_for(resource_or_scope) # def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) - session[session_key] = URI.parse(location).path.sub(/\A\/+/, '/') if location + if location + uri = URI.parse(location) + session[session_key] = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?') + end end private diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 0238ba1aa8..3abd0e19c8 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -198,13 +198,18 @@ def setup assert_equal "/foo.bar", @controller.stored_location_for(User.new) end - test 'store location for stores only paths' do + test 'store location for stores paths' do @controller.store_location_for(:user, "//host/foo.bar") assert_equal "/foo.bar", @controller.stored_location_for(:user) @controller.store_location_for(:user, "///foo.bar") assert_equal "/foo.bar", @controller.stored_location_for(:user) end + test 'store location for stores query string' do + @controller.store_location_for(:user, "/foo?bar=baz") + assert_equal "/foo?bar=baz", @controller.stored_location_for(:user) + end + test 'after sign in path defaults to root path if none by was specified for the given scope' do assert_equal root_path, @controller.after_sign_in_path_for(:user) end From bd83483ba6c0901784533053693d43d9277c741b Mon Sep 17 00:00:00 2001 From: Marcus Mansur Date: Thu, 21 Nov 2013 13:26:34 -0200 Subject: [PATCH 0361/1473] fixes missing caller --- lib/devise/hooks/timeoutable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index 75a21b92dc..ac88ee906d 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -12,7 +12,7 @@ proxy = Devise::Hooks::Proxy.new(warden) if record.timedout?(last_request_at) && !env['devise.skip_timeout'] - Devise.sign_out_all_scopes ? proxy.sign_out : sign_out(scope) + Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope) if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout record.reset_authentication_token! From b16899f7bf9fbcefb7dd1b41bddd46e124c381e7 Mon Sep 17 00:00:00 2001 From: Marcus Mansur Date: Thu, 21 Nov 2013 14:02:45 -0200 Subject: [PATCH 0362/1473] fixes timeoutable specs to cover sign_out_all_scopes false --- test/integration/timeoutable_test.rb | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 77ca9b65ea..47aea6bfc2 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -35,14 +35,19 @@ def last_request_at assert warden.authenticated?(:user) end - test 'time out user session after default limit time' do - user = sign_in_as_user - get expire_user_path(user) - assert_not_nil last_request_at + test 'time out user session after default limit time when sign_out_all_scopes is false' do + swap Devise, sign_out_all_scopes: false do + sign_in_as_admin - get users_path - assert_redirected_to users_path - assert_not warden.authenticated?(:user) + user = sign_in_as_user + get expire_user_path(user) + assert_not_nil last_request_at + + get users_path + assert_redirected_to users_path + assert_not warden.authenticated?(:user) + assert warden.authenticated?(:admin) + end end test 'time out all sessions after default limit time when sign_out_all_scopes is true' do From f43820966934f161deb76e96231864361378a8d9 Mon Sep 17 00:00:00 2001 From: Francis Go Date: Fri, 22 Nov 2013 19:55:16 +1100 Subject: [PATCH 0363/1473] Fix spelling in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d149b4720..491fadf085 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :rememb When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. -There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permited parameters by default are: +There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are: * `sign_in` (`Devise::SessionsController#new`) - Permits only the authentication keys (like `email`) * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` From 65947b6696516d210dbb9cc9a5ba053eb4839327 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 25 Nov 2013 12:00:21 +0100 Subject: [PATCH 0364/1473] Release v3.2.2 --- CHANGELOG.md | 7 +++++++ Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.2.x.lock | 2 +- lib/devise/version.rb | 2 +- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 266d23b090..284bdc9655 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +### 3.2.2 + +* bug fix + * Ensure timeoutable works when `sign_out_all_scopes` is false (by @louman) + * Keep the query string when storing location (by @csexton) + * Require rails generator base class in devise generators + ### 3.2.1 Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode diff --git a/Gemfile.lock b/Gemfile.lock index 1f621ea7cc..b73133c5a7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.2.1) + devise (3.2.2) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock index eb1e018762..a7a45690a5 100644 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -1,7 +1,7 @@ PATH remote: .. specs: - devise (3.2.1) + devise (3.2.2) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 42db40a621..53ffa77c95 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.2.1".freeze + VERSION = "3.2.2".freeze end From 3e3a3ad102901a0c173e1cdb5d9e02d96665f1aa Mon Sep 17 00:00:00 2001 From: Rodrigo Navarro Date: Thu, 28 Nov 2013 09:00:59 -0200 Subject: [PATCH 0365/1473] Small typo. --- test/models/database_authenticatable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 79da1e644b..8ab320c996 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -231,7 +231,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert !user.valid? end - test 'required_fiels should be encryptable_password and the email field by default' do + test 'required_fields should be encryptable_password and the email field by default' do assert_same_content Devise::Models::DatabaseAuthenticatable.required_fields(User), [ :email, :encrypted_password From 43282f738e0024f7618d6f3f204868634e5fadb2 Mon Sep 17 00:00:00 2001 From: Paul Anunda Date: Thu, 28 Nov 2013 10:29:50 -0600 Subject: [PATCH 0366/1473] Fixed small grammatical error in en.yml --- config/locales/en.yml | 2 +- test/integration/recoverable_test.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 6cd4cd2776..abccdb087d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -28,7 +28,7 @@ en: success: "Successfully authenticated from %{kind} account." passwords: no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." - send_instructions: "You will receive an email with instructions about how to reset your password in a few minutes." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." updated: "Your password was changed successfully. You are now signed in." updated_not_active: "Your password was changed successfully." diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 10588ef966..264bc0a436 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -39,7 +39,7 @@ def reset_password(options={}, &block) end assert_current_url '/users/sign_in' - assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.' + assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end test 'reset password with email should send an email from a custom mailer' do @@ -78,7 +78,7 @@ def reset_password(options={}, &block) end assert_current_url '/users/sign_in' - assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.' + assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end test 'reset password with email with extra whitespace should fail when email is NOT the list of strip whitespace keys' do @@ -111,7 +111,7 @@ def reset_password(options={}, &block) request_forgot_password assert_current_url '/users/sign_in' - assert_contain 'You will receive an email with instructions about how to reset your password in a few minutes.' + assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end test 'not authenticated user with invalid email should receive an error message' do From 26e85c44e2dbe43c1f7bba7b5ae4a20e64ffbe5e Mon Sep 17 00:00:00 2001 From: Erik Michaels-Ober Date: Mon, 2 Dec 2013 10:02:17 +0100 Subject: [PATCH 0367/1473] Removed use of gendered pronouns --- CHANGELOG.md | 12 ++++++------ lib/devise.rb | 2 +- lib/devise/hooks/activatable.rb | 4 ++-- lib/devise/models/confirmable.rb | 2 +- lib/devise/models/rememberable.rb | 2 +- .../strategies/database_authenticatable.rb | 2 +- lib/generators/templates/devise.rb | 6 +++--- test/integration/recoverable_test.rb | 8 ++++---- test/integration/registerable_test.rb | 18 +++++++++--------- test/integration/rememberable_test.rb | 4 ++-- test/models/confirmable_test.rb | 2 +- test/models/recoverable_test.rb | 4 ++-- test/rails_app/config/initializers/devise.rb | 4 ++-- 13 files changed, 35 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 284bdc9655..71068723f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumerati * Previously deprecated token authenticatable and insecure lookups have been removed * Add a class method so you can encrypt passwords from fixtures (by @tenderlove) * Send custom message when user enters invalid password and it has only one attempt - to enter correct password before his account will be locked (by @Lightpower) + to enter correct password before their account will be locked (by @Lightpower) * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery) * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev) @@ -390,7 +390,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. ### 1.4.0 * enhancements - * Added authenticated and unauthenticated to the router to route the used based on his status (by @sj26) + * Added authenticated and unauthenticated to the router to route the used based on their status (by @sj26) * Improve e-mail regexp (by @rodrigoflores) * Add strip_whitespace_keys and default to e-mail (by @swrobel) * Do not run format and uniqueness validations on e-mail if it hasn't changed (by @Thibaut) @@ -399,7 +399,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * password_required? should not affect length validation - * User cannot access sign up and similar pages if he is already signed in through a cookie or token + * User cannot access sign up and similar pages if they are already signed in through a cookie or token * Do not convert booleans to strings on finders (by @xavier) * Run validations even if current_password fails (by @crx) * Devise now honors routes constraints (by @macmartine) @@ -507,10 +507,10 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by @rymai) * Extracted encryptors into :encryptable for better bcrypt support * :rememberable is now able to use salt as token if no remember_token is provided - * Store the salt in session and expire the session if the user changes his password + * Store the salt in session and expire the session if the user changes their password * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication * cookie_options uses session_options values by default - * Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message + * Sign up now checks if the user is active or not and redirect them accordingly, setting the inactive_signed_up message * Use ActiveModel#to_key instead of #id * sign_out_all_scopes now destroys the whole session * Added case_insensitive_keys that automatically downcases the given keys, by default downcases only e-mail (by @adahl) @@ -953,7 +953,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecations * Renamed confirm_in to confirm_within - * Do not send confirmation messages when user changes his e-mail + * Do not send confirmation messages when user changes their e-mail * Renamed authenticable to authenticatable and added deprecation warnings ### 0.2.3 diff --git a/lib/devise.rb b/lib/devise.rb index 289fa03afc..379ca04805 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -274,7 +274,7 @@ def self.#{method}=(val) mattr_accessor :paranoid @@paranoid = false - # When true, warn user if he just used next-to-last attempt of authentication + # When true, warn user if they just used next-to-last attempt of authentication mattr_accessor :last_attempt_warning @@last_attempt_warning = false diff --git a/lib/devise/hooks/activatable.rb b/lib/devise/hooks/activatable.rb index e9b2d910d9..bca071cec7 100644 --- a/lib/devise/hooks/activatable.rb +++ b/lib/devise/hooks/activatable.rb @@ -1,6 +1,6 @@ -# Deny user access whenever his account is not active yet. All strategies that inherits from +# Deny user access whenever their account is not active yet. All strategies that inherits from # Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication? -# before actively signing him in. However, we need this as hook to validate the user activity +# before actively signing them in. However, we need this as hook to validate the user activity # in each request and in case the user is using other strategies beside Devise ones. Warden::Manager.after_set_user do |record, warden, options| if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication? diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 9f1034d1fd..141cf35ee6 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -9,7 +9,7 @@ module Models # # Confirmable adds the following options to +devise+: # - # * +allow_unconfirmed_access_for+: the time you want to allow the user to access his account + # * +allow_unconfirmed_access_for+: the time you want to allow the user to access their account # before confirming it. After this period, the user access is denied. You can # use this to let your user access some features of your application without # confirming the account, but blocking it after a certain period (ie 7 days). diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index e59636394f..6c756e4427 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -17,7 +17,7 @@ module Models # # * +remember_for+: the time you want the user will be remembered without # asking for credentials. After this time the user will be blocked and - # will have to enter his credentials again. This configuration is also + # will have to enter their credentials again. This configuration is also # used to calculate the expires time for the cookie created to remember # the user. By default remember_for is 2.weeks. # diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index e0a38a107d..c38282796f 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -2,7 +2,7 @@ module Devise module Strategies - # Default strategy for signing in a user, based on his email and password in the database. + # Default strategy for signing in a user, based on their email and password in the database. class DatabaseAuthenticatable < Authenticatable def authenticate! resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index ab0e8c0e85..4e0b0b11d1 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -99,10 +99,10 @@ # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without - # confirming his account. For instance, if set to 2.days, the user will be - # able to access the website for two days without confirming his account, + # confirming their account. For instance, if set to 2.days, the user will be + # able to access the website for two days without confirming their account, # access will be blocked just in the third day. Default is 0.days, meaning - # the user cannot access the website without confirming his account. + # the user cannot access the website without confirming their account. # config.allow_unconfirmed_access_for = 2.days # A period that the user is allowed to confirm their account before their diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 10588ef966..7832b4e723 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -139,7 +139,7 @@ def reset_password(options={}, &block) assert_redirected_to "/users/sign_in" end - test 'not authenticated user with invalid reset password token should not be able to change his password' do + test 'not authenticated user with invalid reset password token should not be able to change their password' do user = create_user reset_password :reset_password_token => 'invalid_reset_password' @@ -150,7 +150,7 @@ def reset_password(options={}, &block) assert_not user.reload.valid_password?('987654321') end - test 'not authenticated user with valid reset password token but invalid password should not be able to change his password' do + test 'not authenticated user with valid reset password token but invalid password should not be able to change their password' do user = create_user request_forgot_password reset_password do @@ -165,7 +165,7 @@ def reset_password(options={}, &block) assert_not user.reload.valid_password?('987654321') end - test 'not authenticated user with valid data should be able to change his password' do + test 'not authenticated user with valid data should be able to change their password' do user = create_user request_forgot_password reset_password @@ -175,7 +175,7 @@ def reset_password(options={}, &block) assert user.reload.valid_password?('987654321') end - test 'after entering invalid data user should still be able to change his password' do + test 'after entering invalid data user should still be able to change their password' do user = create_user request_forgot_password diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 6e8aba22ef..e5e15c3e8d 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -140,7 +140,7 @@ def user_sign_up assert_redirected_to root_path end - test 'a signed in user should be able to edit his account' do + test 'a signed in user should be able to edit their account' do sign_in_as_user get edit_user_registration_path @@ -154,7 +154,7 @@ def user_sign_up assert_equal "user.new@example.com", User.first.email end - test 'a signed in user should still be able to use the website after changing his password' do + test 'a signed in user should still be able to use the website after changing their password' do sign_in_as_user get edit_user_registration_path @@ -168,7 +168,7 @@ def user_sign_up assert warden.authenticated?(:user) end - test 'a signed in user should not change his current user with invalid password' do + test 'a signed in user should not change their current user with invalid password' do sign_in_as_user get edit_user_registration_path @@ -183,7 +183,7 @@ def user_sign_up assert_equal "user@test.com", User.first.email end - test 'a signed in user should be able to edit his password' do + test 'a signed in user should be able to edit their password' do sign_in_as_user get edit_user_registration_path @@ -198,7 +198,7 @@ def user_sign_up assert User.first.valid_password?('pass1234') end - test 'a signed in user should not be able to edit his password with invalid confirmation' do + test 'a signed in user should not be able to edit their password with invalid confirmation' do sign_in_as_user get edit_user_registration_path @@ -212,7 +212,7 @@ def user_sign_up assert_not User.first.valid_password?('pas123') end - test 'a signed in user should be able to cancel his account' do + test 'a signed in user should be able to cancel their account' do sign_in_as_user get edit_user_registration_path @@ -286,7 +286,7 @@ def user_sign_up assert_equal user.reload.email, 'user@test.com' end - test 'a user cancel his account in XML format should return valid response' do + test 'a user cancel their account in XML format should return valid response' do sign_in_as_user delete user_registration_path(:format => 'xml') assert_response :success @@ -295,7 +295,7 @@ def user_sign_up end class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest - test 'a signed in admin should see a more appropriate flash message when editing his account if reconfirmable is enabled' do + test 'a signed in admin should see a more appropriate flash message when editing their account if reconfirmable is enabled' do sign_in_as_admin get edit_admin_registration_path @@ -326,7 +326,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest assert Admin.first.valid_password?('pas123') end - test 'a signed in admin should not see a reconfirmation message if he did not change his email, despite having an unconfirmed email' do + test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do sign_in_as_admin get edit_admin_registration_path diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index e7afd67a76..8f04986d91 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -25,7 +25,7 @@ def cookie_expires(key) Time.parse(expires).utc end - test 'do not remember the user if he has not checked remember me option' do + test 'do not remember the user if they have not checked remember me option' do sign_in_as_user assert_nil request.cookies["remember_user_cookie"] end @@ -95,7 +95,7 @@ def cookie_expires(key) assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie." end - test 'remember the user before sign up and redirect him to his home' do + test 'remember the user before sign up and redirect them to their home' do create_user_and_remember get new_user_registration_path assert warden.authenticated?(:user) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 5d1221a580..8d0b30a5d2 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -155,7 +155,7 @@ def setup assert_not_nil user.reload.confirmation_token end - test 'should not resend email instructions if the user change his email' do + test 'should not resend email instructions if the user change their email' do user = create_user user.email = 'new_test@example.com' assert_email_not_sent do diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 3c1564992a..fa3b1c6328 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -101,14 +101,14 @@ def setup assert_not_equal token, user.reload.reset_password_token end - test 'should send email instructions to the user reset his password' do + test 'should send email instructions to the user reset their password' do user = create_user assert_email_sent do User.send_reset_password_instructions(:email => user.email) end end - test 'should find a user to reset his password based on the raw token' do + test 'should find a user to reset their password based on the raw token' do user = create_user raw = user.send_reset_password_instructions diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 8403188157..3e2506d22e 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -66,8 +66,8 @@ config.stretches = Rails.env.test? ? 1 : 10 # ==> Configuration for :confirmable - # The time you want to give your user to confirm his account. During this time - # he will be able to access your application without confirming. Default is nil. + # The time you want to give your user to confirm their account. During this time + # they will be able to access your application without confirming. Default is nil. # When allow_unconfirmed_access_for is zero, the user won't be able to sign in without confirming. # You can use this to let your user access some features of your application # without confirming the account, but blocking it after a certain period From 53893edec8fdd78d79ae537af85f78965b0bc2d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20Kopi=C5=84ski?= Date: Mon, 2 Dec 2013 21:27:23 +0100 Subject: [PATCH 0368/1473] Removing regexp anchors in routing constraints They're not allowed according to: http://guides.rubyonrails.org/routing.html#segment-constraints --- lib/devise/rails/routes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 0125004e4b..305a79a705 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -393,13 +393,13 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: `skip: :omniauth_callbacks` and manually defining the routes. Here is an example: match "/users/auth/:provider", - :constraints => { :provider => /\A(google|facebook)\z/ }, + :constraints => { :provider => /google|facebook/ }, :to => "devise/omniauth_callbacks#passthru", :as => :omniauth_authorize, :via => [:get, :post] match "/users/auth/:action/callback", - :constraints => { :action => /\A(google|facebook)\z/ }, + :constraints => { :action => /google|facebook/ }, :to => "devise/omniauth_callbacks", :as => :omniauth_callback, :via => [:get, :post] From 4e7cd18a047043437f417488a610806da21bcd1a Mon Sep 17 00:00:00 2001 From: Erik Michaels-Ober Date: Thu, 5 Dec 2013 09:03:28 +0100 Subject: [PATCH 0369/1473] Remove a couple more gendered pronouns --- lib/devise/controllers/helpers.rb | 2 +- lib/devise/models/timeoutable.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 066e2e39a9..a0ea0edf24 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -98,7 +98,7 @@ def allow_params_authentication! request.env["devise.allow_params_authentication"] = true end - # The scope root url to be used when he's signed in. By default, it first + # The scope root url to be used when they're signed in. By default, it first # tries to find a resource_root_path, otherwise it uses the root_path. def signed_in_root_path(resource_or_scope) scope = Devise::Mapping.find_scope!(resource_or_scope) diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index 3b75a8d984..0ad2825d5a 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -4,7 +4,7 @@ module Devise module Models # Timeoutable takes care of verifyng whether a user session has already # expired or not. When a session expires after the configured time, the user - # will be asked for credentials again, it means, he/she will be redirected + # will be asked for credentials again, it means, they will be redirected # to the sign in page. # # == Options From 3f03ec02ade4f5e8b1802170ef59fb18716f6c39 Mon Sep 17 00:00:00 2001 From: Erik Michaels-Ober Date: Thu, 5 Dec 2013 09:03:32 +0100 Subject: [PATCH 0370/1473] Cleanup trailing whitespace --- CONTRIBUTING.md | 2 +- lib/devise/controllers/scoped_views.rb | 2 +- lib/devise/controllers/sign_in_out.rb | 2 +- lib/devise/hooks/activatable.rb | 2 +- lib/devise/hooks/proxy.rb | 2 +- lib/devise/hooks/rememberable.rb | 2 +- lib/devise/modules.rb | 2 +- lib/devise/orm/active_record.rb | 2 +- lib/devise/orm/mongoid.rb | 2 +- lib/devise/strategies/base.rb | 2 +- lib/devise/time_inflector.rb | 2 +- lib/generators/templates/README | 4 ++-- test/generators/mongoid_generator_test.rb | 4 ++-- test/mapping_test.rb | 6 +++--- test/models/recoverable_test.rb | 2 +- test/omniauth/config_test.rb | 2 +- test/rails_app/app/active_record/shim.rb | 2 +- .../rails_app/app/controllers/admins/sessions_controller.rb | 2 +- .../app/controllers/publisher/registrations_controller.rb | 2 +- .../app/controllers/publisher/sessions_controller.rb | 2 +- .../app/controllers/users/omniauth_callbacks_controller.rb | 2 +- test/rails_app/app/views/admins/sessions/new.html.erb | 2 +- test/rails_app/app/views/home/admin_dashboard.html.erb | 2 +- test/rails_app/app/views/home/index.html.erb | 2 +- test/rails_app/app/views/home/join.html.erb | 2 +- test/rails_app/app/views/home/user_dashboard.html.erb | 2 +- 26 files changed, 30 insertions(+), 30 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 886bd24fac..97a936b1e8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,6 @@ ### Please read before contributing -1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). +1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). 2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [developers@plataformatec.com.br](mailto:developers@plataformatec.com.br) instead. diff --git a/lib/devise/controllers/scoped_views.rb b/lib/devise/controllers/scoped_views.rb index 7865b7865b..7ba965e57c 100644 --- a/lib/devise/controllers/scoped_views.rb +++ b/lib/devise/controllers/scoped_views.rb @@ -14,4 +14,4 @@ def scoped_views=(value) end end end -end \ No newline at end of file +end diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 78585387c9..205a1e6e16 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -100,4 +100,4 @@ def expire_data_after_sign_out! end end end -end \ No newline at end of file +end diff --git a/lib/devise/hooks/activatable.rb b/lib/devise/hooks/activatable.rb index bca071cec7..af32e2b011 100644 --- a/lib/devise/hooks/activatable.rb +++ b/lib/devise/hooks/activatable.rb @@ -8,4 +8,4 @@ warden.logout(scope) throw :warden, :scope => scope, :message => record.inactive_message end -end \ No newline at end of file +end diff --git a/lib/devise/hooks/proxy.rb b/lib/devise/hooks/proxy.rb index b97c7f6174..096f624a4d 100644 --- a/lib/devise/hooks/proxy.rb +++ b/lib/devise/hooks/proxy.rb @@ -18,4 +18,4 @@ def session end end end -end \ No newline at end of file +end diff --git a/lib/devise/hooks/rememberable.rb b/lib/devise/hooks/rememberable.rb index 0dc19bbd96..f67e05d4dc 100644 --- a/lib/devise/hooks/rememberable.rb +++ b/lib/devise/hooks/rememberable.rb @@ -4,4 +4,4 @@ record.remember_me && warden.authenticated?(scope) Devise::Hooks::Proxy.new(warden).remember_me(record) end -end \ No newline at end of file +end diff --git a/lib/devise/modules.rb b/lib/devise/modules.rb index a93b4b0307..b7cdc2f688 100644 --- a/lib/devise/modules.rb +++ b/lib/devise/modules.rb @@ -25,4 +25,4 @@ # Stats for last, so we make sure the user is really signed in d.add_module :trackable -end \ No newline at end of file +end diff --git a/lib/devise/orm/active_record.rb b/lib/devise/orm/active_record.rb index 52343d4f31..0935cdaa89 100644 --- a/lib/devise/orm/active_record.rb +++ b/lib/devise/orm/active_record.rb @@ -1,3 +1,3 @@ require 'orm_adapter/adapters/active_record' -ActiveRecord::Base.extend Devise::Models \ No newline at end of file +ActiveRecord::Base.extend Devise::Models diff --git a/lib/devise/orm/mongoid.rb b/lib/devise/orm/mongoid.rb index 858a915617..31a0736d1e 100644 --- a/lib/devise/orm/mongoid.rb +++ b/lib/devise/orm/mongoid.rb @@ -1,3 +1,3 @@ require 'orm_adapter/adapters/mongoid' -Mongoid::Document::ClassMethods.send :include, Devise::Models \ No newline at end of file +Mongoid::Document::ClassMethods.send :include, Devise::Models diff --git a/lib/devise/strategies/base.rb b/lib/devise/strategies/base.rb index 6f18211335..ee5c8c7f44 100644 --- a/lib/devise/strategies/base.rb +++ b/lib/devise/strategies/base.rb @@ -17,4 +17,4 @@ def mapping end end end -end \ No newline at end of file +end diff --git a/lib/devise/time_inflector.rb b/lib/devise/time_inflector.rb index 5d09ce80f6..cb311883f0 100644 --- a/lib/devise/time_inflector.rb +++ b/lib/devise/time_inflector.rb @@ -11,4 +11,4 @@ class << self @instance = new end -end \ No newline at end of file +end diff --git a/lib/generators/templates/README b/lib/generators/templates/README index 762352442a..f50fbb78e9 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -2,8 +2,8 @@ Some setup you must do manually if you haven't yet: - 1. Ensure you have defined default url options in your environments files. Here - is an example of default_url_options appropriate for a development environment + 1. Ensure you have defined default url options in your environments files. Here + is an example of default_url_options appropriate for a development environment in config/environments/development.rb: config.action_mailer.default_url_options = { :host => 'localhost:3000' } diff --git a/test/generators/mongoid_generator_test.rb b/test/generators/mongoid_generator_test.rb index 2302956857..1d0a1b26ad 100644 --- a/test/generators/mongoid_generator_test.rb +++ b/test/generators/mongoid_generator_test.rb @@ -7,12 +7,12 @@ class MongoidGeneratorTest < Rails::Generators::TestCase tests Mongoid::Generators::DeviseGenerator destination File.expand_path("../../tmp", __FILE__) setup :prepare_destination - + test "all files are properly created" do run_generator %w(monster) assert_file "app/models/monster.rb", /devise/ end - + test "all files are properly deleted" do run_generator %w(monster) run_generator %w(monster), :behavior => :revoke diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 1617d27172..2ec97e197f 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -110,12 +110,12 @@ def fake_request(path, params={}) assert mapping.lockable? assert_not mapping.omniauthable? end - + test 'find mapping by path' do assert_raise RuntimeError do Devise::Mapping.find_by_path!('/accounts/facebook/callback') end - + assert_nothing_raised do Devise::Mapping.find_by_path!('/:locale/accounts/login') end @@ -123,5 +123,5 @@ def fake_request(path, params={}) assert_nothing_raised do Devise::Mapping.find_by_path!('/accounts/facebook/callback', :path) end - end + end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index fa3b1c6328..f6afc20c1e 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -180,5 +180,5 @@ def setup :reset_password_sent_at, :reset_password_token ] - end + end end diff --git a/test/omniauth/config_test.rb b/test/omniauth/config_test.rb index 3de56c3525..f53a5d7397 100644 --- a/test/omniauth/config_test.rb +++ b/test/omniauth/config_test.rb @@ -54,4 +54,4 @@ class MyStrategy config_class = config.strategy_class assert_equal MyStrategy, config_class end -end \ No newline at end of file +end diff --git a/test/rails_app/app/active_record/shim.rb b/test/rails_app/app/active_record/shim.rb index f12053eb1f..66f12cdb17 100644 --- a/test/rails_app/app/active_record/shim.rb +++ b/test/rails_app/app/active_record/shim.rb @@ -1,2 +1,2 @@ module Shim -end \ No newline at end of file +end diff --git a/test/rails_app/app/controllers/admins/sessions_controller.rb b/test/rails_app/app/controllers/admins/sessions_controller.rb index 1c1b0b8e1a..525ca5ef1c 100644 --- a/test/rails_app/app/controllers/admins/sessions_controller.rb +++ b/test/rails_app/app/controllers/admins/sessions_controller.rb @@ -3,4 +3,4 @@ def new flash[:special] = "Welcome to #{controller_path.inspect} controller!" super end -end \ No newline at end of file +end diff --git a/test/rails_app/app/controllers/publisher/registrations_controller.rb b/test/rails_app/app/controllers/publisher/registrations_controller.rb index daf5e7fad2..7809a36386 100644 --- a/test/rails_app/app/controllers/publisher/registrations_controller.rb +++ b/test/rails_app/app/controllers/publisher/registrations_controller.rb @@ -1,2 +1,2 @@ class Publisher::RegistrationsController < ApplicationController -end \ No newline at end of file +end diff --git a/test/rails_app/app/controllers/publisher/sessions_controller.rb b/test/rails_app/app/controllers/publisher/sessions_controller.rb index 03e106d7f1..2eed1bb0ed 100644 --- a/test/rails_app/app/controllers/publisher/sessions_controller.rb +++ b/test/rails_app/app/controllers/publisher/sessions_controller.rb @@ -1,2 +1,2 @@ class Publisher::SessionsController < ApplicationController -end \ No newline at end of file +end diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index 71eb57ec5a..0ee486e763 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -11,4 +11,4 @@ def sign_in_facebook sign_in user render :text => "" end -end \ No newline at end of file +end diff --git a/test/rails_app/app/views/admins/sessions/new.html.erb b/test/rails_app/app/views/admins/sessions/new.html.erb index c3f29d2bb0..b9953b17aa 100644 --- a/test/rails_app/app/views/admins/sessions/new.html.erb +++ b/test/rails_app/app/views/admins/sessions/new.html.erb @@ -1,2 +1,2 @@ Welcome to "sessions/new" view! -<%= render :file => "devise/sessions/new" %> \ No newline at end of file +<%= render :file => "devise/sessions/new" %> diff --git a/test/rails_app/app/views/home/admin_dashboard.html.erb b/test/rails_app/app/views/home/admin_dashboard.html.erb index ad6e24625d..382c9968d7 100644 --- a/test/rails_app/app/views/home/admin_dashboard.html.erb +++ b/test/rails_app/app/views/home/admin_dashboard.html.erb @@ -1 +1 @@ -Admin dashboard \ No newline at end of file +Admin dashboard diff --git a/test/rails_app/app/views/home/index.html.erb b/test/rails_app/app/views/home/index.html.erb index 7272a5af22..c3942a09a8 100644 --- a/test/rails_app/app/views/home/index.html.erb +++ b/test/rails_app/app/views/home/index.html.erb @@ -1 +1 @@ -Home! \ No newline at end of file +Home! diff --git a/test/rails_app/app/views/home/join.html.erb b/test/rails_app/app/views/home/join.html.erb index a8d9133de2..e3bafea5c6 100644 --- a/test/rails_app/app/views/home/join.html.erb +++ b/test/rails_app/app/views/home/join.html.erb @@ -1 +1 @@ -Join \ No newline at end of file +Join diff --git a/test/rails_app/app/views/home/user_dashboard.html.erb b/test/rails_app/app/views/home/user_dashboard.html.erb index a54dcabf2f..578ba45aae 100644 --- a/test/rails_app/app/views/home/user_dashboard.html.erb +++ b/test/rails_app/app/views/home/user_dashboard.html.erb @@ -1 +1 @@ -User dashboard \ No newline at end of file +User dashboard From 16ec14322824eea520137c2e96604b5cdf724073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rog=C3=A9rio=20Yokomizo?= Date: Thu, 5 Dec 2013 10:39:42 -0200 Subject: [PATCH 0371/1473] fix typo and some clarification --- lib/devise/strategies/authenticatable.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 0ded0256ca..4468c8ee4d 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -49,7 +49,7 @@ def remember_me? valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me]) end - # Check if this is strategy is valid for http authentication by: + # Check if this is a valid strategy for http authentication by: # # * Validating if the model allows params authentication; # * If any of the authorization headers were sent; @@ -59,7 +59,7 @@ def valid_for_http_auth? http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash) end - # Check if this is strategy is valid for params authentication by: + # Check if this is a valid strategy for params authentication by: # # * Validating if the model allows params authentication; # * If the request hits the sessions controller through POST; From 8ca34aa41e3344b119c0bc9c18be6f26807b6955 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rog=C3=A9rio=20Yokomizo?= Date: Tue, 10 Dec 2013 12:05:48 -0200 Subject: [PATCH 0372/1473] Remove authentication some authentication token stuffs Since we don't have authentication token, we don't have to check if password is "X". :authentication_token don't have to be in the blacklist for serialization too. --- lib/devise/models/authenticatable.rb | 2 +- lib/devise/strategies/authenticatable.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 878b438ac1..06a4803500 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -56,7 +56,7 @@ module Authenticatable BLACKLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip, :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at, - :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at, :authentication_token] + :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] included do class_attribute :devise_modules, :instance_writer => false diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 4468c8ee4d..bd34a45557 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -102,9 +102,9 @@ def valid_params? params_auth_hash.is_a?(Hash) end - # Check if password is present and is not equal to "X" (default value for token). + # Check if password is present. def valid_password? - password.present? && password != "X" + password.present? end # Helper to decode credentials from HTTP. From 380ab682c5208b70913d80b13d15c7619a5ca0d1 Mon Sep 17 00:00:00 2001 From: Erich Kist Date: Tue, 10 Dec 2013 19:05:52 -0200 Subject: [PATCH 0373/1473] Update travis to run with Rails 3.2-stable, 4.0-stable and master --- .gitignore | 1 + .travis.yml | 7 +- ...e.rails-3.2.x => Gemfile.rails-3.2-stable} | 2 +- gemfiles/Gemfile.rails-3.2.x.lock | 159 ------------------ gemfiles/Gemfile.rails-4.0-stable | 31 ++++ gemfiles/Gemfile.rails-head | 31 ++++ 6 files changed, 70 insertions(+), 161 deletions(-) rename gemfiles/{Gemfile.rails-3.2.x => Gemfile.rails-3.2-stable} (90%) delete mode 100644 gemfiles/Gemfile.rails-3.2.x.lock create mode 100644 gemfiles/Gemfile.rails-4.0-stable create mode 100644 gemfiles/Gemfile.rails-head diff --git a/.gitignore b/.gitignore index 0ff7742714..ac2a95781c 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ rdoc/* pkg log test/tmp/* +gemfiles/*.lock diff --git a/.travis.yml b/.travis.yml index 399c8cbc83..f1a4348c98 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,8 +7,13 @@ env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record gemfile: - - gemfiles/Gemfile.rails-3.2.x + - gemfiles/Gemfile.rails-head + - gemfiles/Gemfile.rails-4.0-stable + - gemfiles/Gemfile.rails-3.2-stable - Gemfile +matrix: + allow_failures: + - gemfile: gemfiles/Gemfile.rails-head services: - mongodb notifications: diff --git a/gemfiles/Gemfile.rails-3.2.x b/gemfiles/Gemfile.rails-3.2-stable similarity index 90% rename from gemfiles/Gemfile.rails-3.2.x rename to gemfiles/Gemfile.rails-3.2-stable index dfc936c59f..f2f8a4cece 100644 --- a/gemfiles/Gemfile.rails-3.2.x +++ b/gemfiles/Gemfile.rails-3.2-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec :path => '..' -gem "rails", "~> 3.2.6" +gem "rails", github: 'rails/rails', branch: '3-2-stable' gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock deleted file mode 100644 index a7a45690a5..0000000000 --- a/gemfiles/Gemfile.rails-3.2.x.lock +++ /dev/null @@ -1,159 +0,0 @@ -PATH - remote: .. - specs: - devise (3.2.2) - bcrypt-ruby (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) - thread_safe (~> 0.1) - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actionmailer (3.2.14) - actionpack (= 3.2.14) - mail (~> 2.5.4) - actionpack (3.2.14) - activemodel (= 3.2.14) - activesupport (= 3.2.14) - builder (~> 3.0.0) - erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.14) - activesupport (= 3.2.14) - builder (~> 3.0.0) - activerecord (3.2.14) - activemodel (= 3.2.14) - activesupport (= 3.2.14) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.14) - activemodel (= 3.2.14) - activesupport (= 3.2.14) - activesupport (3.2.14) - i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) - arel (3.0.2) - atomic (1.1.14) - bcrypt-ruby (3.1.2) - builder (3.0.4) - erubis (2.7.0) - faraday (0.8.8) - multipart-post (~> 1.2.0) - hashie (1.2.0) - hike (1.2.3) - httpauth (0.2.0) - i18n (0.6.5) - journey (1.0.4) - json (1.8.0) - jwt (0.1.8) - multi_json (>= 1.5) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) - metaclass (0.0.1) - mime-types (1.23) - mocha (0.13.3) - metaclass (~> 0.0.1) - mongoid (3.1.4) - activemodel (~> 3.2) - moped (~> 1.4) - origin (~> 1.0) - tzinfo (~> 0.3.22) - moped (1.5.1) - multi_json (1.7.9) - multipart-post (1.2.0) - nokogiri (1.5.9) - oauth2 (0.8.1) - faraday (~> 0.8) - httpauth (~> 0.1) - jwt (~> 0.1.4) - multi_json (~> 1.0) - rack (~> 1.2) - omniauth (1.0.3) - hashie (~> 1.2) - rack - omniauth-facebook (1.4.0) - omniauth-oauth2 (~> 1.0.2) - omniauth-oauth2 (1.0.3) - oauth2 (~> 0.8.0) - omniauth (~> 1.0) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - origin (1.1.0) - orm_adapter (0.4.0) - polyglot (0.3.3) - rack (1.4.5) - rack-cache (1.2) - rack (>= 0.4) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-ssl (1.3.3) - rack - rack-test (0.6.2) - rack (>= 1.0) - rails (3.2.14) - actionmailer (= 3.2.14) - actionpack (= 3.2.14) - activerecord (= 3.2.14) - activeresource (= 3.2.14) - activesupport (= 3.2.14) - bundler (~> 1.0) - railties (= 3.2.14) - railties (3.2.14) - actionpack (= 3.2.14) - activesupport (= 3.2.14) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - rake (10.1.0) - rdoc (3.12.2) - json (~> 1.4) - ruby-openid (2.2.3) - sprockets (2.2.2) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.7) - thor (0.18.1) - thread_safe (0.1.3) - atomic - tilt (1.4.1) - treetop (1.4.14) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.37) - warden (1.2.3) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 0.13.1) - mongoid (~> 3.0) - omniauth (~> 1.0.0) - omniauth-facebook - omniauth-oauth2 (~> 1.0.0) - omniauth-openid (~> 1.0.1) - rails (~> 3.2.6) - rdoc - sqlite3 - webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-4.0-stable b/gemfiles/Gemfile.rails-4.0-stable new file mode 100644 index 0000000000..f7837cc1e1 --- /dev/null +++ b/gemfiles/Gemfile.rails-4.0-stable @@ -0,0 +1,31 @@ +source "https://rubygems.org" + +gemspec :path => '..' + +gem "rails", github: 'rails/rails', branch: '4-0-stable' +gem "omniauth", "~> 1.0.0" +gem "omniauth-oauth2", "~> 1.0.0" +gem "rdoc" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid", "~> 1.0.1" + gem "webrat", "0.7.3", :require => false + gem "mocha", "~> 0.13.1", :require => false +end + +platforms :jruby do + gem "activerecord-jdbc-adapter" + gem "activerecord-jdbcsqlite3-adapter" + gem "jruby-openssl" +end + +platforms :ruby do + gem "sqlite3" +end + +platforms :mri_19, :mri_20 do + group :mongoid do + gem "mongoid", github: "mongoid/mongoid", branch: "master" + end +end diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head new file mode 100644 index 0000000000..d014617243 --- /dev/null +++ b/gemfiles/Gemfile.rails-head @@ -0,0 +1,31 @@ +source "https://rubygems.org" + +gemspec :path => '..' + +gem "rails", github: 'rails/rails' +gem "omniauth", "~> 1.0.0" +gem "omniauth-oauth2", "~> 1.0.0" +gem "rdoc" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid", "~> 1.0.1" + gem "webrat", "0.7.3", :require => false + gem "mocha", "~> 0.13.1", :require => false +end + +platforms :jruby do + gem "activerecord-jdbc-adapter" + gem "activerecord-jdbcsqlite3-adapter" + gem "jruby-openssl" +end + +platforms :ruby do + gem "sqlite3" +end + +platforms :mri_19, :mri_20 do + group :mongoid do + gem "mongoid", github: "mongoid/mongoid", branch: "master" + end +end From 71c43926e03f6d4bacb21b70d68135a56a872d99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 16 Dec 2013 17:49:21 -0200 Subject: [PATCH 0374/1473] Add security related email address --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 491fadf085..438fe93625 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ If you discover a problem with Devise, we would like to know about it. However, https://github.com/plataformatec/devise/wiki/Bug-reports -If you found a security bug, do *NOT* use the GitHub issue tracker. Send an email to the maintainers listed at the bottom of the README. +If you found a security bug, do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br. ### Mailing list From a00921f417dad63c7e1f7d1fd8c68b93b58afce0 Mon Sep 17 00:00:00 2001 From: schneems Date: Wed, 18 Dec 2013 19:19:25 -0600 Subject: [PATCH 0375/1473] [close #2755] Raise incompatible route error Right now if you try to use a route that you have defined in your `omniauth_callbacks` but you have not declared that resource to be `omniauthable` you will get a weird route missing error which causes the user to look in the routes for the fix: ```ruby devise_for :users, controllers: {omniauth_callbacks: "users/omniauth_callbacks"} ``` This PR checks to see if the mapping of `:user` has the module `omniauthable` included in it when `omniauth_callbacks` is specified in the route. If it does not, an instructional error is raised: ``` Mapping omniauth_callbacks on a resource that is not omniauthable Please add `devise :omniauthable` to the `User` model ``` --- lib/devise/rails/routes.rb | 8 ++++++++ test/routes_test.rb | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 305a79a705..091fea3cf9 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -229,6 +229,14 @@ def devise_for(*resources) raise_no_devise_method_error!(mapping.class_name) end + if options[:controllers] && options[:controllers][:omniauth_callbacks] + unless mapping.omniauthable? + msg = "Mapping omniauth_callbacks on a resource that is not omniauthable\n" + msg << "Please add `devise :omniauthable` to the `#{mapping.class_name}` model" + raise msg + end + end + routes = mapping.used_routes devise_scope mapping.name do diff --git a/test/routes_test.rb b/test/routes_test.rb index 3abbfc0498..3dd539daa8 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -235,6 +235,14 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false is not permanent' do assert_equal "/set.xml", @routes.url_helpers.set_path(:xml) end + + test 'checks if mapping has proper configuration for omniauth callback' do + assert_raise ArgumentError do + @routes.dup.eval_block do + devise_for :admin, controllers: {omniauth_callbacks: "users/omniauth_callbacks"} + end + end + end end class ScopedRoutingTest < ActionController::TestCase From 4652b3efa0d3746326a2bc2505d32f1e95cd606b Mon Sep 17 00:00:00 2001 From: keating Date: Sat, 21 Dec 2013 19:09:09 +0800 Subject: [PATCH 0376/1473] revise readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 438fe93625..da92090c07 100644 --- a/README.md +++ b/README.md @@ -273,7 +273,7 @@ If the customization at the views level is not enough, you can customize each co devise_for :admins, :controllers => { :sessions => "admins/sessions" } ``` -3. And since we changed the controller, it won't use the `"devise/sessions"` views, so remember to copy `"devise/sessions"` to `"admin/sessions"`. +3. And since we changed the controller, it won't use the `"devise/sessions"` views, so remember to copy `"devise/sessions"` to `"admins/sessions"`. Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `"flash[:notice]"` and `"flash[:alert]"` as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display. From be236fa6ddf383341690ed7f2d51b91e94bb31c2 Mon Sep 17 00:00:00 2001 From: Moises Vargas M Date: Mon, 23 Dec 2013 19:46:15 -0500 Subject: [PATCH 0377/1473] lock_access! without sending email --- lib/devise/models/lockable.rb | 7 +++++-- test/models/lockable_test.rb | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 4073a6ae54..8be25a893a 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -34,10 +34,13 @@ def self.required_fields(klass) end # Lock a user setting its locked_at to actual time. - def lock_access! + # * +opts+: Hash options if you don't want to send email + # when you lock access, you could pass the next hash + # `{ :send_instructions => false } as option`. + def lock_access!(opts = { }) self.locked_at = Time.now.utc - if unlock_strategy_enabled?(:email) + if unlock_strategy_enabled?(:email) && opts.fetch(:send_instructions, true) send_unlock_instructions else save(:validate => false) diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 62bd2fa194..9e44a071b3 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -130,6 +130,24 @@ def setup end end + test "doesn't send email when you pass option send_instructions to false" do + swap Devise, :unlock_strategy => :email do + user = create_user + assert_email_not_sent do + user.lock_access! send_instructions: false + end + end + end + + test "sends email when you pass options other than send_instructions" do + swap Devise, :unlock_strategy => :email do + user = create_user + assert_email_sent do + user.lock_access! foo: :bar, bar: :foo + end + end + end + test "should not send email with unlock instructions when :email is not an unlock strategy" do swap Devise, :unlock_strategy => :time do user = create_user From b50fa7459669aad9069068a52cc137479fb9dcb8 Mon Sep 17 00:00:00 2001 From: Jeremy Ward Date: Thu, 2 Jan 2014 17:49:37 -0800 Subject: [PATCH 0378/1473] Edit is now configurable for devise registrations via path_name. --- lib/devise/rails/routes.rb | 8 ++++++-- test/rails_app/config/routes.rb | 3 ++- test/routes_test.rb | 4 ++++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 091fea3cf9..3f8d7f2687 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -102,8 +102,11 @@ class Mapper # * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up, # :password, :confirmation, :unlock. # - # devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout', - # :password => 'secret', :confirmation => 'verification', registration: 'register } + # devise_for :users, :path_names => { + # :sign_in => 'login', :sign_out => 'logout', + # :password => 'secret', :confirmation => 'verification', + # registration: 'register', edit: 'edit/profile' + # } # # * :controllers => the controller which should be used. All routes by default points to Devise controllers. # However, if you want them to point to custom controller, you should do: @@ -378,6 +381,7 @@ def devise_unlock(mapping, controllers) #:nodoc: def devise_registration(mapping, controllers) #:nodoc: path_names = { :new => mapping.path_names[:sign_up], + :edit => mapping.path_names[:edit], :cancel => mapping.path_names[:cancel] } diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 9496f86c4e..ce78903715 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -86,7 +86,8 @@ :sign_in => "login", :sign_out => "logout", :password => "secret", :confirmation => "verification", :unlock => "unblock", :sign_up => "register", - :registration => "management", :cancel => "giveup" + :registration => "management", + :cancel => "giveup", :edit => "edit/profile" }, :failure_app => lambda { |env| [404, {"Content-Type" => "text/plain"}, ["Oops, not found"]] }, :module => :devise end diff --git a/test/routes_test.rb b/test/routes_test.rb index 3dd539daa8..3376e9149c 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -157,6 +157,10 @@ class CustomizedRoutingTest < ActionController::TestCase assert_recognizes({:controller => 'devise/registrations', :action => 'new', :locale => 'en'}, '/en/accounts/management/register') end + test 'map account with custom path name for edit registration' do + assert_recognizes({:controller => 'devise/registrations', :action => 'edit', :locale => 'en'}, '/en/accounts/management/edit/profile') + end + test 'map account with custom path name for cancel registration' do assert_recognizes({:controller => 'devise/registrations', :action => 'cancel', :locale => 'en'}, '/en/accounts/management/giveup') end From 9d0d15b8143a694389cc780eed8b6afad13717e0 Mon Sep 17 00:00:00 2001 From: Jeremy Ward Date: Thu, 2 Jan 2014 19:02:36 -0800 Subject: [PATCH 0379/1473] Updated documentation to use 1.9 hash syntax. --- lib/devise/rails/routes.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 3f8d7f2687..8ffb971360 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -102,9 +102,9 @@ class Mapper # * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up, # :password, :confirmation, :unlock. # - # devise_for :users, :path_names => { - # :sign_in => 'login', :sign_out => 'logout', - # :password => 'secret', :confirmation => 'verification', + # devise_for :users, path_names: { + # sign_in: 'login', sign_out: 'logout', + # password: 'secret', confirmation: 'verification', # registration: 'register', edit: 'edit/profile' # } # From db204f33e0c226d7eb5b87933b4d9af0048b46bb Mon Sep 17 00:00:00 2001 From: Salimane Adjao Moustapha Date: Fri, 3 Jan 2014 11:39:16 +0100 Subject: [PATCH 0380/1473] Add Ruby 2.1.0 to .travis.yml --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index f1a4348c98..9d901a4277 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,6 +3,7 @@ script: "bundle exec rake test" rvm: - 1.9.3 - 2.0.0 + - 2.1.0 env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record From 2665afa36fcb29b7f456d970cdb8bfbe0a9e126a Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Jan 2014 10:12:23 -0200 Subject: [PATCH 0381/1473] 2014, folks. --- CONTRIBUTING.md | 2 +- MIT-LICENSE | 2 +- README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 97a936b1e8..b9c929a162 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,7 +2,7 @@ 1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). -2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [developers@plataformatec.com.br](mailto:developers@plataformatec.com.br) instead. +2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) instead. 3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. diff --git a/MIT-LICENSE b/MIT-LICENSE index 70d5130602..6d66ba32b5 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2009-2013 Plataformatec. http://plataformatec.com.br +Copyright 2009-2014 Plataformatec. http://plataformatec.com.br Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index da92090c07..6deaa21253 100644 --- a/README.md +++ b/README.md @@ -449,6 +449,6 @@ https://github.com/plataformatec/devise/graphs/contributors ## License -MIT License. Copyright 2009-2013 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2014 Plataformatec. http://plataformatec.com.br You are not granted rights or licenses to the trademarks of the Plataformatec, including without limitation the Devise name or logo. From 517bde86d27942f2dd1092dc72ed0ae94fd29fca Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Jan 2014 10:12:30 -0200 Subject: [PATCH 0382/1473] Update bundler on Travis. --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 9d901a4277..a0e0736706 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,7 @@ language: ruby script: "bundle exec rake test" +before_install: + - gem install bundler -v '>= 1.5.1' rvm: - 1.9.3 - 2.0.0 From 0cb74efd79df996aa161ebf58b36b02a9f935252 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Jan 2014 11:23:01 -0200 Subject: [PATCH 0383/1473] Remove platform constraint from Gemfile since we do not support 1.8 anymore. --- Gemfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 6a9be457f2..ef8624c26d 100644 --- a/Gemfile +++ b/Gemfile @@ -24,8 +24,6 @@ platforms :ruby do gem "sqlite3" end -platforms :mri_19, :mri_20 do - group :mongoid do - gem "mongoid", github: "mongoid/mongoid", branch: "master" - end +group :mongoid do + gem "mongoid", github: "mongoid/mongoid", branch: "master" end From dd95f3f3f77a369651a1b61600df20be4ea56375 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Jan 2014 11:23:34 -0200 Subject: [PATCH 0384/1473] Support custom port for MongoDB config --- test/orm/mongoid.rb | 2 +- test/support/mongoid.yml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 test/support/mongoid.yml diff --git a/test/orm/mongoid.rb b/test/orm/mongoid.rb index 992c0525a1..739b971dda 100644 --- a/test/orm/mongoid.rb +++ b/test/orm/mongoid.rb @@ -1,7 +1,7 @@ require 'mongoid/version' Mongoid.configure do |config| - config.connect_to("devise-test-suite") + config.load!('test/support/mongoid.yml') config.use_utc = true config.include_root_in_json = true end diff --git a/test/support/mongoid.yml b/test/support/mongoid.yml new file mode 100644 index 0000000000..243ca14392 --- /dev/null +++ b/test/support/mongoid.yml @@ -0,0 +1,6 @@ +test: + sessions: + default: + database: devise-test-suite + hosts: + - localhost:<%= ENV['MONGODB_PORT'] || '27017' %> From 02c2ec69dd1f225e37b9542225c7999694f6ac80 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Jan 2014 11:53:13 -0200 Subject: [PATCH 0385/1473] Remove platform constraints from the extra gemfiles. --- gemfiles/Gemfile.rails-3.2-stable | 6 ++---- gemfiles/Gemfile.rails-4.0-stable | 6 ++---- gemfiles/Gemfile.rails-head | 6 ++---- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/gemfiles/Gemfile.rails-3.2-stable b/gemfiles/Gemfile.rails-3.2-stable index f2f8a4cece..38ecac8f6e 100644 --- a/gemfiles/Gemfile.rails-3.2-stable +++ b/gemfiles/Gemfile.rails-3.2-stable @@ -24,8 +24,6 @@ platforms :ruby do gem "sqlite3" end -platforms :mri_19, :mri_20 do - group :mongoid do - gem "mongoid", "~> 3.0" - end +group :mongoid do + gem "mongoid", "~> 3.0" end diff --git a/gemfiles/Gemfile.rails-4.0-stable b/gemfiles/Gemfile.rails-4.0-stable index f7837cc1e1..140edd06fc 100644 --- a/gemfiles/Gemfile.rails-4.0-stable +++ b/gemfiles/Gemfile.rails-4.0-stable @@ -24,8 +24,6 @@ platforms :ruby do gem "sqlite3" end -platforms :mri_19, :mri_20 do - group :mongoid do - gem "mongoid", github: "mongoid/mongoid", branch: "master" - end +group :mongoid do + gem "mongoid", github: "mongoid/mongoid", branch: "master" end diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index d014617243..b69ee78f19 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -24,8 +24,6 @@ platforms :ruby do gem "sqlite3" end -platforms :mri_19, :mri_20 do - group :mongoid do - gem "mongoid", github: "mongoid/mongoid", branch: "master" - end +group :mongoid do + gem "mongoid", github: "mongoid/mongoid", branch: "master" end From 3db4444da891a2d9f1e02e8d4b935f636d62a12c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 4 Jan 2014 09:48:04 +0100 Subject: [PATCH 0386/1473] Update CHANGELOG.md The described change was actually introduced in 2.2.4, closes #2804 --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 71068723f1..9b1be52e63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -91,9 +91,6 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * bug fix * Errors on unlock are now properly reflected on the first `unlock_keys` -* backwards incompatible changes - * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606 - ### 2.2.4 * enhancements @@ -110,6 +107,9 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * Fix inheriting mailer templates from `Devise::Mailer` * Fix a bug when procs are used as default mailer in Devise (by @tomasv) +* backwards incompatible changes + * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606 + ### 2.2.3 Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/ From 9dbc60d36df3c96ba42ebded23ce12f9e29855f0 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 4 Jan 2014 18:52:54 +0300 Subject: [PATCH 0387/1473] update mocha --- gemfiles/Gemfile.rails-head | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index d014617243..0764f2a2a1 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", :require => false - gem "mocha", "~> 0.13.1", :require => false + gem "mocha", "~> 0.14", :require => false end platforms :jruby do From 1b1be514c8a640073686229759d56f2793ba4010 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 4 Jan 2014 18:53:40 +0300 Subject: [PATCH 0388/1473] make webrat compatible with rails 4.1 --- test/support/action_controller/record_identifier.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 test/support/action_controller/record_identifier.rb diff --git a/test/support/action_controller/record_identifier.rb b/test/support/action_controller/record_identifier.rb new file mode 100644 index 0000000000..89b3483ed9 --- /dev/null +++ b/test/support/action_controller/record_identifier.rb @@ -0,0 +1,10 @@ +# Since webrat uses ActionController::RecordIdentifier class that was moved to +# ActionView namespace in Rails 4.1+ + +unless defined?(ActionController::RecordIdentifier) + require 'action_view/record_identifier' + + module ActionController + RecordIdentifier = ActionView::RecordIdentifier + end +end From 49086d0294d0b2e18ebb8d7a83aa15063d8e703c Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 4 Jan 2014 18:54:19 +0300 Subject: [PATCH 0389/1473] remove warnings regarding number extensions --- test/integration/trackable_test.rb | 2 +- test/test_helpers_test.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index 68cfb93c94..44156bfdb7 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -63,7 +63,7 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest end test "does not update anything if user has signed out along the way" do - swap Devise, :allow_unconfirmed_access_for => 0 do + swap Devise, :allow_unconfirmed_access_for => 0.days do user = create_user(:confirm => false) sign_in_as_user diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index a91b9f68f7..7db2c6f8bf 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -17,7 +17,7 @@ def redirect end test "redirects if attempting to access a page with an unconfirmed account" do - swap Devise, :allow_unconfirmed_access_for => 0 do + swap Devise, :allow_unconfirmed_access_for => 0.days do user = create_user assert !user.active_for_authentication? @@ -28,7 +28,7 @@ def redirect end test "returns nil if accessing current_user with an unconfirmed account" do - swap Devise, :allow_unconfirmed_access_for => 0 do + swap Devise, :allow_unconfirmed_access_for => 0.days do user = create_user assert !user.active_for_authentication? From 7b661338611a6aec8a7410ce560643219b12f4a0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 4 Dec 2013 18:22:57 -0200 Subject: [PATCH 0390/1473] Remove subscriber block so it won't leak across the test suite. --- test/controllers/sessions_controller_test.rb | 24 ++++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index b25b80009d..38ee07d928 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -5,17 +5,21 @@ class SessionsControllerTest < ActionController::TestCase include Devise::TestHelpers test "#create doesn't raise unpermitted params when sign in fails" do - ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload| - flunk "Unpermitted params: #{payload}" + begin + subscriber = ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload| + flunk "Unpermitted params: #{payload}" + end + request.env["devise.mapping"] = Devise.mappings[:user] + request.session["user_return_to"] = 'foo.bar' + create_user + post :create, :user => { + :email => "wrong@email.com", + :password => "wrongpassword" + } + assert_equal 200, @response.status + ensure + ActiveSupport::Notifications.unsubscribe(subscriber) end - request.env["devise.mapping"] = Devise.mappings[:user] - request.session["user_return_to"] = 'foo.bar' - create_user - post :create, :user => { - :email => "wrong@email.com", - :password => "wrongpassword" - } - assert_equal 200, @response.status end test "#create works even with scoped views" do From 6d51e67fac84de1acb63c73e6a8ee3f802d5a642 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 4 Jan 2014 19:19:13 +0300 Subject: [PATCH 0391/1473] properly change devise config in specs --- test/controllers/internal_helpers_test.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 59dc7a597f..07aa6b959a 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -113,8 +113,11 @@ def setup test 'navigational_formats not returning a wild card' do MyController.send(:public, :navigational_formats) - Devise.navigational_formats = [:"*/*", :html] - assert_not @controller.navigational_formats.include?(:"*/*") + + swap Devise, :navigational_formats => ['*/*', :html] do + assert_not @controller.navigational_formats.include?("*/*") + end + MyController.send(:protected, :navigational_formats) end end From 2ba8275dcc3bd4037f189949f293bddb6681d001 Mon Sep 17 00:00:00 2001 From: Tobin Juday Date: Mon, 6 Jan 2014 23:51:45 -0500 Subject: [PATCH 0392/1473] Fix off-by-one error in Lockable module When using the maximum_attempts config, Devise actually let you fail n + 1 times, not n times. See https://github.com/plataformatec/devise/issues/2825 for details. --- lib/devise/models/lockable.rb | 4 ++-- test/models/lockable_test.rb | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 8be25a893a..5efd484e89 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -127,11 +127,11 @@ def unauthenticated_message protected def attempts_exceeded? - self.failed_attempts > self.class.maximum_attempts + self.failed_attempts >= self.class.maximum_attempts end def last_attempt? - self.failed_attempts == self.class.maximum_attempts + self.failed_attempts == self.class.maximum_attempts - 1 end # Tells if the lock is expired if :time unlock strategy is active diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 9e44a071b3..c371f9c881 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -9,7 +9,7 @@ def setup user = create_user user.confirm! swap Devise, :maximum_attempts => 2 do - 3.times { user.valid_for_authentication?{ false } } + 2.times { user.valid_for_authentication?{ false } } assert user.reload.access_locked? end end @@ -19,12 +19,12 @@ def setup user.confirm! swap Devise, :maximum_attempts => 2 do - 3.times { user.valid_for_authentication?{ false } } + 2.times { user.valid_for_authentication?{ false } } assert user.reload.access_locked? end user.valid_for_authentication?{ true } - assert_equal 4, user.reload.failed_attempts + assert_equal 3, user.reload.failed_attempts end test "should not touch failed_attempts if lock_strategy is none" do @@ -302,13 +302,13 @@ def setup swap Devise, :last_attempt_warning => :true do swap Devise, :lock_strategy => :failed_attempts do user = create_user - user.failed_attempts = Devise.maximum_attempts - 1 + user.failed_attempts = Devise.maximum_attempts - 2 assert_equal :invalid, user.unauthenticated_message - user.failed_attempts = Devise.maximum_attempts + user.failed_attempts = Devise.maximum_attempts - 1 assert_equal :last_attempt, user.unauthenticated_message - user.failed_attempts = Devise.maximum_attempts + 1 + user.failed_attempts = Devise.maximum_attempts assert_equal :locked, user.unauthenticated_message end end From 61e87be580efd046441c45539bc92097f1b5a5f9 Mon Sep 17 00:00:00 2001 From: Jake Worth Date: Thu, 9 Jan 2014 10:00:27 -0600 Subject: [PATCH 0393/1473] Fix typos --- lib/devise.rb | 4 ++-- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/confirmable.rb | 2 +- lib/devise/models/timeoutable.rb | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 379ca04805..e5e3f9ed48 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -236,12 +236,12 @@ def self.#{method}=(val) @@parent_mailer = "ActionMailer::Base" # The router Devise should use to generate routes. Defaults - # to :main_app. Should be overriden by engines in order + # to :main_app. Should be overridden by engines in order # to provide custom routes. mattr_accessor :router_name @@router_name = nil - # Set the omniauth path prefix so it can be overriden when + # Set the omniauth path prefix so it can be overridden when # Devise is used in a mountable engine mattr_accessor :omniauth_path_prefix @@omniauth_path_prefix = nil diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 06a4803500..b3dc5a95a8 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -127,7 +127,7 @@ def devise_mailer end # This is an internal method called every time Devise needs - # to send a notification/mail. This can be overriden if you + # to send a notification/mail. This can be overridden if you # need to customize the e-mail delivery logic. For instance, # if you are using a queue to deliver e-mails (delayed job, # sidekiq, resque, etc), you must add the delivery to the queue diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 141cf35ee6..4a66b578e0 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -152,7 +152,7 @@ def skip_reconfirmation! protected # A callback method used to deliver confirmation - # instructions on creation. This can be overriden + # instructions on creation. This can be overridden # in models to map to a nice sign up e-mail. def send_on_create_confirmation_instructions send_confirmation_instructions diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index 0ad2825d5a..bdc2abc5d3 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -2,7 +2,7 @@ module Devise module Models - # Timeoutable takes care of verifyng whether a user session has already + # Timeoutable takes care of verifying whether a user session has already # expired or not. When a session expires after the configured time, the user # will be asked for credentials again, it means, they will be redirected # to the sign in page. From eba91e65803cf1cbf8dc6a482507596ab7c23e47 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 13 Jan 2014 21:24:21 -0200 Subject: [PATCH 0394/1473] Read the `secret_key` value from Rails `secret_key_base`. It is possible to override this by setting the `secret_key` manually on the `devise.rb` initializer on your application. --- CHANGELOG.md | 6 ++++++ lib/devise/rails.rb | 8 +++++++- lib/generators/devise/install_generator.rb | 4 ++++ lib/generators/templates/devise.rb | 4 ++++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b1be52e63..65030b5c45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +### Unreleased + +* enhancements + * Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`. + You can change this and use your own secret by changing the `devise.rb` initializer. + ### 3.2.2 * bug fix diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 70e79f84ac..5614f1f0b3 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -29,7 +29,13 @@ class Engine < ::Rails::Engine end end - initializer "devise.secret_key" do + config.after_initialize do |app| + if app.respond_to?(:secrets) + Devise.secret_key ||= app.secrets.secret_key_base + elsif app.config.respond_to?(:secret_key_base) + Devise.secret_key ||= app.config.secret_key_base + end + Devise.token_generator ||= if secret_key = Devise.secret_key Devise::TokenGenerator.new( diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index a88c623b5e..d3eabbea9f 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -20,6 +20,10 @@ def copy_locale def show_readme readme "README" if behavior == :invoke end + + def rails_4? + Rails::VERSION::MAJOR == 4 + end end end end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 4e0b0b11d1..33cca6ba3c 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -4,7 +4,11 @@ # The secret key used by Devise. Devise uses this key to generate # random tokens. Changing this key will render invalid all existing # confirmation, reset password and unlock tokens in the database. +<% if rails_4? -%> + # config.secret_key = '<%= SecureRandom.hex(64) %>' +<% else -%> config.secret_key = '<%= SecureRandom.hex(64) %>' +<% end -%> # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, From 8981c3ef9bec5997e10b64ff3042b45396afd393 Mon Sep 17 00:00:00 2001 From: "Ryan L. Cross" Date: Thu, 23 Jan 2014 00:44:32 -0700 Subject: [PATCH 0395/1473] Correct misspelling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6deaa21253..4523691ad1 100644 --- a/README.md +++ b/README.md @@ -339,7 +339,7 @@ https://github.com/plataformatec/devise/wiki/I18n ### Test helpers -Devise includes some tests helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file: +Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file: ```ruby class ActionController::TestCase From 9d87aa55bdfab69dc1291c1383fb68bca69dd149 Mon Sep 17 00:00:00 2001 From: Shinichi Maeshima Date: Sun, 26 Jan 2014 14:31:26 +0900 Subject: [PATCH 0396/1473] Fix homepage's schema --- devise.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise.gemspec b/devise.gemspec index 37f4280cd1..87a1ca0bd5 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -9,7 +9,7 @@ Gem::Specification.new do |s| s.licenses = ["MIT"] s.summary = "Flexible authentication solution for Rails with Warden" s.email = "contact@plataformatec.com.br" - s.homepage = "http://github.com/plataformatec/devise" + s.homepage = "https://github.com/plataformatec/devise" s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] From 46c01d642b11ca67855561de1f4e8053e51f411f Mon Sep 17 00:00:00 2001 From: Doug Puchalski Date: Sun, 2 Feb 2014 16:45:26 -0800 Subject: [PATCH 0397/1473] Use _devise_route_context in omniauth url_helpers --- lib/devise/omniauth/url_helpers.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/omniauth/url_helpers.rb b/lib/devise/omniauth/url_helpers.rb index d7b3a36eae..dd123f6a9b 100644 --- a/lib/devise/omniauth/url_helpers.rb +++ b/lib/devise/omniauth/url_helpers.rb @@ -6,12 +6,12 @@ def self.define_helpers(mapping) def omniauth_authorize_path(resource_or_scope, *args) scope = Devise::Mapping.find_scope!(resource_or_scope) - send("#{scope}_omniauth_authorize_path", *args) + _devise_route_context.send("#{scope}_omniauth_authorize_path", *args) end def omniauth_callback_path(resource_or_scope, *args) scope = Devise::Mapping.find_scope!(resource_or_scope) - send("#{scope}_omniauth_callback_path", *args) + _devise_route_context.send("#{scope}_omniauth_callback_path", *args) end end end From 7c3e08d92da14fe36edc3ca6d85383e5fd54001f Mon Sep 17 00:00:00 2001 From: Alberto Forni Date: Tue, 11 Feb 2014 10:47:51 +1100 Subject: [PATCH 0398/1473] Update README.md Substitute ; with . --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4523691ad1..3334aa250e 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds Omniauth (https://github.com/intridea/omniauth) support; +* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds Omniauth (https://github.com/intridea/omniauth) support. * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. * [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. From e57b672e90c661ed44aafa28f9fd37242fb76026 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 11 Feb 2014 10:19:05 -0200 Subject: [PATCH 0399/1473] Ensure that migrations are created with the `.rb` extension. Since rails/rails#13612 the generator won't always add the `.rb` extension when creating migrations with the `migration_template` method. --- lib/generators/active_record/devise_generator.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 8520b46d79..28b529db2a 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -11,9 +11,9 @@ class DeviseGenerator < ActiveRecord::Generators::Base def copy_devise_migration if (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?(table_name)) - migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}" + migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb" else - migration_template "migration.rb", "db/migrate/devise_create_#{table_name}" + migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb" end end From e18b822567f35a06ab51e7d9fb9c8916e8a02713 Mon Sep 17 00:00:00 2001 From: Guilherme Simoes Date: Fri, 14 Feb 2014 18:00:26 +0000 Subject: [PATCH 0400/1473] Update README.md The updates are: * Indicate that it is possible to pass a block to `super` to add custom behaviour to some Devise controller actions without completely overriding them. * Move mailer configuration out of the section "Controller filters and helpers". * Consistently use Ruby 1.9's hash syntax, highlight code and capitalize "Devise". * Wording improvements --- README.md | 76 +++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 3334aa250e..f214f8b860 100644 --- a/README.md +++ b/README.md @@ -110,9 +110,15 @@ The generator will install an initializer which describes ALL Devise's configura rails generate devise MODEL ``` -Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller. +Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your `config/routes.rb` file to point to the Devise controller. -Note that you should re-start your app here if you've already started it. Otherwise you'll run into strange errors like users being unable to login and the route helpers being undefined. +Next, you need to set up the default url options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: + +```ruby +config.action_mailer.default_url_options = { host: 'localhost:3000' } +``` + +You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined. ### Controller filters and helpers @@ -140,21 +146,15 @@ You can access the session for this scope: user_session ``` -After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use `user_root_path` if it exists, otherwise default `root_path` will be used. This means that you need to set the root inside your routes: +After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. For instance, for a `:user` resource, the `user_root_path` will be used if it exists, otherwise the default `root_path` will be used. This means that you need to set the root inside your routes: ```ruby root to: "home#index" ``` -You can also overwrite `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks. +You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks. -Finally, you need to set up default url options for the mailer in each environment. Here is the configuration for "config/environments/development.rb": - -```ruby -config.action_mailer.default_url_options = { :host => 'localhost:3000' } -``` - -Notice that if your devise model is not called "user" but "member", then the helpers you should use are: +Notice that if your Devise model is called `Member` instead of `User`, for example, then the helpers available are: ```ruby before_filter :authenticate_member! @@ -168,13 +168,13 @@ member_session ### Configuring Models -The devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the encryption algorithm with: +The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the encryption algorithm with: ```ruby -devise :database_authenticatable, :registerable, :confirmable, :recoverable, :stretches => 20 +devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20 ``` -Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the "devise:install" generator described above. +Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. ### Strong Parameters @@ -246,9 +246,9 @@ Since Devise is an engine, all its views are packaged inside the gem. These view rails generate devise:views ``` -If you have more than one Devise model in your application (such as "User" and "Admin"), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set "config.scoped_views = true" inside "config/initializers/devise.rb". +If you have more than one Devise model in your application (such as `User` and `Admin`), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set `config.scoped_views = true` inside the `config/initializers/devise.rb` file. -After doing so, you will be able to have views based on the role like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will use the default view at "devise/sessions/new". You can also use the generator to generate scoped views: +After doing so, you will be able to have views based on the role like `users/sessions/new` and `admins/sessions/new`. If no view is found within the scope, Devise will use the default view at `devise/sessions/new`. You can also use the generator to generate scoped views: ```console rails generate devise:views users @@ -270,19 +270,45 @@ If the customization at the views level is not enough, you can customize each co 2. Tell the router to use this controller: ```ruby - devise_for :admins, :controllers => { :sessions => "admins/sessions" } + devise_for :admins, controllers: { sessions: "admins/sessions" } + ``` + +3. Copy the views from `devise/sessions` to `admins/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`. + +4. Finally, change or extend the desired controller actions. + + You can completely override a controller action: + + ```ruby + class Admins::SessionsController < Devise::SessionsController + def create + # custom sign-in code + end + end + ``` + + Or you can simply add new behaviour to it: + + ```ruby + class Admins::SessionsController < Devise::SessionsController + def create + super do |resource| + BackgroundWorker.trigger(resource) + end + end + end ``` -3. And since we changed the controller, it won't use the `"devise/sessions"` views, so remember to copy `"devise/sessions"` to `"admins/sessions"`. + This is useful for triggering background jobs or logging events during certain actions. - Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `"flash[:notice]"` and `"flash[:alert]"` as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display. +Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `flash[:notice]` and `flash[:alert]` as appropriate. Do not print the entire flash hash, print only specific keys. In some circumstances, Devise adds a `:timedout` key to the flash hash, which is not meant for display. Remove this key from the hash if you intend to print the entire hash. ### Configuring routes Devise also ships with default routes. If you need to customize them, you should probably be able to do it through the devise_for method. It accepts several options like :class_name, :path_prefix and so on, including the possibility to change path names for I18n: ```ruby -devise_for :users, :path => "auth", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock', :registration => 'register', :sign_up => 'cmon_let_me_in' } +devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` Be sure to check `devise_for` documentation for details. @@ -291,11 +317,11 @@ If you have the need for more deep customization, for instance to also allow "/s ```ruby devise_scope :user do - get "sign_in", :to => "devise/sessions#new" + get "sign_in", to: "devise/sessions#new" end ``` -This way you tell devise to use the scope :user when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router. +This way you tell Devise to use the scope `:user` when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router. ### I18n @@ -351,7 +377,7 @@ If you're using RSpec, you can put the following inside a file named `spec/suppo ```ruby RSpec.configure do |config| - config.include Devise::TestHelpers, :type => :controller + config.include Devise::TestHelpers, type: :controller end ``` @@ -381,7 +407,7 @@ There are two things that is important to keep in mind: Devise comes with Omniauth support out of the box to authenticate with other providers. To use it, just specify your omniauth configuration in `config/initializers/devise.rb`: ```ruby -config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo' +config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' ``` You can read more about Omniauth support in the wiki: @@ -427,7 +453,7 @@ Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you jus ### Heroku -Using devise on Heroku with Ruby on Rails 3.1 requires setting: +Using Devise on Heroku with Ruby on Rails 3.1 requires setting: ```ruby config.assets.initialize_on_precompile = false From 058eac640ffb5d2742874a5f17a09bfeba21949c Mon Sep 17 00:00:00 2001 From: leriksen Date: Sun, 16 Feb 2014 12:06:55 +1100 Subject: [PATCH 0401/1473] Additional documentation on simple scalars and nested types --- README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f214f8b860..6362a5e54d 100644 --- a/README.md +++ b/README.md @@ -200,7 +200,9 @@ class ApplicationController < ActionController::Base end ``` -To completely change Devise defaults or invoke custom behaviour, you can also pass a block: +The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_parameters_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block: + +To permit simple scalar values for username and email, use this ```ruby def configure_permitted_parameters @@ -208,6 +210,17 @@ def configure_permitted_parameters end ``` +If you have some checkboxes that express the roles a user may take on registration, the browser will send those selected checkboxes as an array. An array is not one of Strong Parameters permitted scalars, so we need to configure Devise thusly: + +```ruby +def configure_permitted_parameters + devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(roles: [], :email, :password, :password_confirmation) } +end +``` +For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see + +https://github.com/rails/strong_parameters#nested-parameters + If you have multiple Devise models, you may want to set up different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic: ```ruby From 5f9838950a1f949cf2c17d79b06d12b761569a3f Mon Sep 17 00:00:00 2001 From: Ryan McGeary Date: Sat, 15 Feb 2014 16:39:59 -0500 Subject: [PATCH 0402/1473] Remove password_length default docs in config template The default specified in the docs does not match up with the default specified in the config. See https://github.com/plataformatec/devise/blob/cc8636cfed2801db00bf38f335a3bcc5c79660d3/lib/devise.rb#L127 Changing the docs to read 6..128 with the config setting to 8..128 is feared to cause confusion, so removing the default clause instead. --- lib/generators/templates/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 33cca6ba3c..bcf925bac0 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -138,7 +138,7 @@ # config.rememberable_options = {} # ==> Configuration for :validatable - # Range for password length. Default is 8..128. + # Range for password length. config.password_length = 8..128 # Email regex used to validate email formats. It simply asserts that From b8f1d0d0c69dfd4abc49650691c5bb8038ce9ff7 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 20 Feb 2014 15:30:00 -0300 Subject: [PATCH 0403/1473] Release v3.2.3 --- CHANGELOG.md | 5 +++++ Gemfile.lock | 4 ++-- lib/devise/version.rb | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65030b5c45..8e973ca542 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,14 @@ ### Unreleased +### 3.2.3 + * enhancements * Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`. You can change this and use your own secret by changing the `devise.rb` initializer. +* bug fix + * Migrations will be properly generated when using rails 4.1.0. + ### 3.2.2 * bug fix diff --git a/Gemfile.lock b/Gemfile.lock index b73133c5a7..c8adf9489e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.2.2) + devise (3.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -90,7 +90,7 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) origin (1.1.0) - orm_adapter (0.4.0) + orm_adapter (0.5.0) polyglot (0.3.3) rack (1.5.2) rack-openid (1.3.1) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 53ffa77c95..48137a8e1e 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.2.2".freeze + VERSION = "3.2.3".freeze end From 13b50d63ca3b7481b57a4268a4993b2112c304c8 Mon Sep 17 00:00:00 2001 From: rbsec Date: Fri, 21 Feb 2014 10:37:17 +0000 Subject: [PATCH 0404/1473] Set autocomplete=off on all password inputs --- app/views/devise/passwords/edit.html.erb | 4 ++-- app/views/devise/registrations/edit.html.erb | 6 +++--- app/views/devise/registrations/new.html.erb | 4 ++-- app/views/devise/sessions/new.html.erb | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 34a49604a8..70fb241b0b 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -5,10 +5,10 @@ <%= f.hidden_field :reset_password_token %>
<%= f.label :password, "New password" %>
- <%= f.password_field :password, :autofocus => true %>
+ <%= f.password_field :password, :autofocus => true, :autocomplete => "off" %>
<%= f.label :password_confirmation, "Confirm new password" %>
- <%= f.password_field :password_confirmation %>
+ <%= f.password_field :password_confirmation, :autocomplete => "off" %>
<%= f.submit "Change my password" %>
<% end %> diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 986db407ed..c251d4fdef 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -11,13 +11,13 @@ <% end %>
<%= f.label :password %> (leave blank if you don't want to change it)
- <%= f.password_field :password, :autocomplete => "off" %>
+ <%= f.password_field :password, :autocomplete => "off" %>
<%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation %>
+ <%= f.password_field :password_confirmation, :autocomplete => "off" %>
<%= f.label :current_password %> (we need your current password to confirm your changes)
- <%= f.password_field :current_password %>
+ <%= f.password_field :current_password, :autocomplete => "off" %>
<%= f.submit "Update" %>
<% end %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 3f189d46c7..53ce805156 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -7,10 +7,10 @@ <%= f.email_field :email, :autofocus => true %>
<%= f.label :password %>
- <%= f.password_field :password %>
+ <%= f.password_field :password, :autocomplete => "off" %>
<%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation %>
+ <%= f.password_field :password_confirmation, :autocomplete => "off" %>
<%= f.submit "Sign up" %>
<% end %> diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index f9bc2c16fe..bc7adb4234 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -5,7 +5,7 @@ <%= f.email_field :email, :autofocus => true %>
<%= f.label :password %>
- <%= f.password_field :password %>
+ <%= f.password_field :password, :autocomplete => "off" %> <% if devise_mapping.rememberable? -%>
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
From 4d7473634e0007d4e04de8ca923d58862f352df2 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 21 Feb 2014 18:33:59 -0300 Subject: [PATCH 0405/1473] `bcrypt-ruby` is now `bcrypt`. --- CHANGELOG.md | 3 +++ Gemfile.lock | 4 ++-- devise.gemspec | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e973ca542..4dd2e3f52d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### Unreleased +* enchancements + * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86. + ### 3.2.3 * enhancements diff --git a/Gemfile.lock b/Gemfile.lock index c8adf9489e..02f31277cc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,7 +13,7 @@ PATH remote: . specs: devise (3.2.3) - bcrypt-ruby (~> 3.0) + bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) thread_safe (~> 0.1) @@ -48,7 +48,7 @@ GEM tzinfo (~> 0.3.37) arel (4.0.0) atomic (1.1.12) - bcrypt-ruby (3.1.2) + bcrypt (3.1.3) builder (3.1.4) erubis (2.7.0) faraday (0.8.8) diff --git a/devise.gemspec b/devise.gemspec index 87a1ca0bd5..7f95d8a6d3 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") - s.add_dependency("bcrypt-ruby", "~> 3.0") + s.add_dependency("bcrypt", "~> 3.0") s.add_dependency("thread_safe", "~> 0.1") s.add_dependency("railties", ">= 3.2.6", "< 5") end From 1987ffc171dee6e057a0681719d0af5f340b4799 Mon Sep 17 00:00:00 2001 From: David Butler Date: Sat, 22 Feb 2014 12:22:05 -0800 Subject: [PATCH 0406/1473] Fix for #2875 --- lib/devise/controllers/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index a0ea0edf24..d46f5a2ed1 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -79,7 +79,7 @@ def warden # # before_filter :my_filter, :unless => :devise_controller? def devise_controller? - is_a?(DeviseController) + is_a?(::DeviseController) end # Setup a param sanitizer to filter parameters using strong_parameters. See From a05548110fb500e531de005395b6ede125622d5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Niemier?= Date: Sun, 23 Feb 2014 20:43:16 +0100 Subject: [PATCH 0407/1473] Should fix #2882 --- lib/devise/models/authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index b3dc5a95a8..e2a197672b 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -201,7 +201,7 @@ module ClassMethods :http_authentication_key) def serialize_into_session(record) - [record.to_key, record.authenticatable_salt] + [record.to_key, record.authenticatable_salt].flatten end def serialize_from_session(key, salt) From 2c5126dc42aaa755bdde72a09a7532ad66a0450b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Niemier?= Date: Sun, 23 Feb 2014 21:19:53 +0100 Subject: [PATCH 0408/1473] Temporary, and ugly hack. But works now --- lib/devise/models/authenticatable.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index e2a197672b..f549f1294c 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -200,8 +200,16 @@ module ClassMethods :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage, :http_authentication_key) + def stringify(item) + if item.kind_of?(Array) + item.first.to_s + else + item + end + end + def serialize_into_session(record) - [record.to_key, record.authenticatable_salt].flatten + [stringify(record.to_key), record.authenticatable_salt] end def serialize_from_session(key, salt) From 146a2e500e04177a6a9b49ed3e82cd7b44a73e0b Mon Sep 17 00:00:00 2001 From: Richard Lee Date: Tue, 25 Feb 2014 17:16:59 +0800 Subject: [PATCH 0409/1473] Set default secret_key before eager load --- lib/devise/rails.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 5614f1f0b3..14de2375fc 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -29,7 +29,7 @@ class Engine < ::Rails::Engine end end - config.after_initialize do |app| + initializer "devise.secret_key" do |app| if app.respond_to?(:secrets) Devise.secret_key ||= app.secrets.secret_key_base elsif app.config.respond_to?(:secret_key_base) From dc1b399a8b7f03b4a876109de10fe6c8b771acd0 Mon Sep 17 00:00:00 2001 From: Anshul Sharma Date: Tue, 25 Feb 2014 22:12:55 +0530 Subject: [PATCH 0410/1473] Updated ruby 1.9 hash syntax --- .../devise/confirmations_controller.rb | 4 +- .../devise/omniauth_callbacks_controller.rb | 4 +- .../devise/passwords_controller.rb | 6 +- .../devise/registrations_controller.rb | 14 +- app/controllers/devise/sessions_controller.rb | 12 +- app/controllers/devise/unlocks_controller.rb | 4 +- app/controllers/devise_controller.rb | 6 +- app/helpers/devise_helper.rb | 4 +- lib/devise.rb | 6 +- lib/devise/controllers/helpers.rb | 8 +- lib/devise/controllers/rememberable.rb | 6 +- lib/devise/controllers/sign_in_out.rb | 16 +- lib/devise/failure_app.rb | 6 +- lib/devise/hooks/activatable.rb | 2 +- lib/devise/hooks/lockable.rb | 2 +- lib/devise/hooks/proxy.rb | 2 +- lib/devise/hooks/rememberable.rb | 2 +- lib/devise/hooks/timeoutable.rb | 2 +- lib/devise/hooks/trackable.rb | 2 +- lib/devise/mailers/helpers.rb | 16 +- lib/devise/models/authenticatable.rb | 6 +- lib/devise/models/confirmable.rb | 18 +- lib/devise/models/database_authenticatable.rb | 2 +- lib/devise/models/lockable.rb | 12 +- lib/devise/models/omniauthable.rb | 2 +- lib/devise/models/recoverable.rb | 2 +- lib/devise/models/rememberable.rb | 6 +- lib/devise/models/trackable.rb | 2 +- lib/devise/models/validatable.rb | 12 +- lib/devise/modules.rb | 18 +- lib/devise/rails/routes.rb | 162 +++++++++--------- lib/devise/test_helpers.rb | 4 +- lib/devise/time_inflector.rb | 2 +- .../active_record/devise_generator.rb | 12 +- .../active_record/templates/migration.rb | 8 +- .../templates/migration_existing.rb | 8 +- lib/generators/devise/devise_generator.rb | 6 +- lib/generators/devise/views_generator.rb | 22 +-- lib/generators/mongoid/devise_generator.rb | 38 ++-- lib/generators/templates/devise.rb | 8 +- test/controllers/helpers_test.rb | 62 +++---- test/controllers/internal_helpers_test.rb | 12 +- test/controllers/sessions_controller_test.rb | 36 ++-- test/controllers/url_helpers_test.rb | 8 +- test/delegator_test.rb | 2 +- test/devise_test.rb | 6 +- test/failure_app_test.rb | 42 ++--- .../active_record_generator_test.rb | 8 +- test/generators/devise_generator_test.rb | 4 +- test/generators/mongoid_generator_test.rb | 2 +- test/generators/views_generator_test.rb | 2 +- test/helpers/devise_helper_test.rb | 22 +-- test/integration/authenticatable_test.rb | 84 ++++----- test/integration/confirmable_test.rb | 92 +++++----- .../database_authenticatable_test.rb | 32 ++-- test/integration/http_authenticatable_test.rb | 22 +-- test/integration/lockable_test.rb | 74 ++++---- test/integration/omniauthable_test.rb | 6 +- test/integration/recoverable_test.rb | 82 ++++----- test/integration/registerable_test.rb | 98 +++++------ test/integration/rememberable_test.rb | 26 +-- test/integration/timeoutable_test.rb | 14 +- test/integration/trackable_test.rb | 4 +- .../mailers/confirmation_instructions_test.rb | 8 +- .../reset_password_instructions_test.rb | 6 +- test/mailers/unlock_instructions_test.rb | 4 +- test/models/authenticatable_test.rb | 6 +- test/models/confirmable_test.rb | 62 +++---- test/models/database_authenticatable_test.rb | 54 +++--- test/models/lockable_test.rb | 58 +++---- test/models/recoverable_test.rb | 38 ++-- test/models/rememberable_test.rb | 16 +- test/models/serializable_test.rb | 16 +- test/models/timeoutable_test.rb | 2 +- test/models/validatable_test.rb | 22 +-- test/omniauth/config_test.rb | 6 +- test/omniauth/url_helpers_test.rb | 6 +- test/parameter_sanitizer_test.rb | 2 +- .../app/controllers/admins_controller.rb | 2 +- .../app/controllers/application_controller.rb | 4 +- .../app/controllers/home_controller.rb | 2 +- .../users/omniauth_callbacks_controller.rb | 4 +- .../app/controllers/users_controller.rb | 10 +- test/rails_app/app/mailers/users/mailer.rb | 8 +- test/rails_app/app/mongoid/admin.rb | 22 +-- test/rails_app/app/mongoid/shim.rb | 4 +- test/rails_app/app/mongoid/user.rb | 38 ++-- test/rails_app/config/application.rb | 4 +- test/rails_app/config/initializers/devise.rb | 6 +- .../config/initializers/secret_token.rb | 2 +- test/rails_app/config/routes.rb | 86 +++++----- .../migrate/20100401102949_create_tables.rb | 14 +- test/rails_app/lib/shared_admin.rb | 8 +- test/routes_test.rb | 118 ++++++------- test/support/helpers.rb | 8 +- test/support/integration.rb | 24 +-- test/test_helpers_test.rb | 6 +- test/test_models.rb | 10 +- 98 files changed, 950 insertions(+), 950 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 314fab20c3..8b2cbbcfd6 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -10,7 +10,7 @@ def create yield resource if block_given? if successfully_sent?(resource) - respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name)) + respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name)) else respond_with(resource) end @@ -25,7 +25,7 @@ def show set_flash_message(:notice, :confirmed) if is_flashing_format? respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else - respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new } + respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb index 14b5ee1c5c..92e4067613 100644 --- a/app/controllers/devise/omniauth_callbacks_controller.rb +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -2,11 +2,11 @@ class Devise::OmniauthCallbacksController < DeviseController prepend_before_filter { request.env["devise.skip_timeout"] = true } def passthru - render :status => 404, :text => "Not found. Authentication passthru." + render status: 404, text: "Not found. Authentication passthru." end def failure - set_flash_message :alert, :failure, :kind => OmniAuth::Utils.camelize(failed_strategy.name), :reason => failure_message + set_flash_message :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message redirect_to after_omniauth_failure_path_for(resource_name) end diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index ef8888e5b4..d88ebdb69f 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -1,7 +1,7 @@ class Devise::PasswordsController < DeviseController prepend_before_filter :require_no_authentication # Render the #edit only if coming from a reset password email link - append_before_filter :assert_reset_token_passed, :only => :edit + append_before_filter :assert_reset_token_passed, only: :edit # GET /resource/password/new def new @@ -14,7 +14,7 @@ def create yield resource if block_given? if successfully_sent?(resource) - respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) + respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) else respond_with(resource) end @@ -36,7 +36,7 @@ def update flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message(:notice, flash_message) if is_flashing_format? sign_in(resource_name, resource) - respond_with resource, :location => after_resetting_password_path_for(resource) + respond_with resource, location: after_resetting_password_path_for(resource) else respond_with resource end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 616a226a7c..07f43aa7da 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -1,6 +1,6 @@ class Devise::RegistrationsController < DeviseController - prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ] - prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy] + prepend_before_filter :require_no_authentication, only: [ :new, :create, :cancel ] + prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy] # GET /resource/sign_up def new @@ -17,11 +17,11 @@ def create if resource.active_for_authentication? set_flash_message :notice, :signed_up if is_flashing_format? sign_up(resource_name, resource) - respond_with resource, :location => after_sign_up_path_for(resource) + respond_with resource, location: after_sign_up_path_for(resource) else set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format? expire_data_after_sign_in! - respond_with resource, :location => after_inactive_sign_up_path_for(resource) + respond_with resource, location: after_inactive_sign_up_path_for(resource) end else clean_up_passwords resource @@ -48,8 +48,8 @@ def update :update_needs_confirmation : :updated set_flash_message :notice, flash_key end - sign_in resource_name, resource, :bypass => true - respond_with resource, :location => after_update_path_for(resource) + sign_in resource_name, resource, bypass: true + respond_with resource, location: after_update_path_for(resource) else clean_up_passwords resource respond_with resource @@ -121,7 +121,7 @@ def after_update_path_for(resource) # Authenticates the current scope and gets the current resource from the session. def authenticate_scope! - send(:"authenticate_#{resource_name}!", :force => true) + send(:"authenticate_#{resource_name}!", force: true) self.resource = send(:"current_#{resource_name}") end diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 6b78dd857c..8005a3e462 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -1,7 +1,7 @@ class Devise::SessionsController < DeviseController - prepend_before_filter :require_no_authentication, :only => [ :new, :create ] - prepend_before_filter :allow_params_authentication!, :only => :create - prepend_before_filter :only => [ :create, :destroy ] { request.env["devise.skip_timeout"] = true } + prepend_before_filter :require_no_authentication, only: [ :new, :create ] + prepend_before_filter :allow_params_authentication!, only: :create + prepend_before_filter only: [ :create, :destroy ] { request.env["devise.skip_timeout"] = true } # GET /resource/sign_in def new @@ -16,7 +16,7 @@ def create set_flash_message(:notice, :signed_in) if is_flashing_format? sign_in(resource_name, resource) yield resource if block_given? - respond_with resource, :location => after_sign_in_path_for(resource) + respond_with resource, location: after_sign_in_path_for(resource) end # DELETE /resource/sign_out @@ -44,10 +44,10 @@ def serialize_options(resource) methods = resource_class.authentication_keys.dup methods = methods.keys if methods.is_a?(Hash) methods << :password if resource.respond_to?(:password) - { :methods => methods, :only => [:password] } + { methods: methods, only: [:password] } end def auth_options - { :scope => resource_name, :recall => "#{controller_path}#new" } + { scope: resource_name, recall: "#{controller_path}#new" } end end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index ec9987f574..903dcdbbca 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -12,7 +12,7 @@ def create yield resource if block_given? if successfully_sent?(resource) - respond_with({}, :location => after_sending_unlock_instructions_path_for(resource)) + respond_with({}, location: after_sending_unlock_instructions_path_for(resource)) else respond_with(resource) end @@ -27,7 +27,7 @@ def show set_flash_message :notice, :unlocked if is_flashing_format? respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } else - respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new } + respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index b1b88b74a6..f938034342 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -30,7 +30,7 @@ def resource_class # Returns a signed in resource from session (if one exists) def signed_in_resource - warden.authenticate(:scope => resource_name) + warden.authenticate(scope: resource_name) end # Attempt to find the mapped route for devise based on request path @@ -92,14 +92,14 @@ def resource=(new_resource) # Helper for use in before_filters where no authentication is required. # # Example: - # before_filter :require_no_authentication, :only => :new + # before_filter :require_no_authentication, only: :new def require_no_authentication assert_is_devise_resource! return unless is_navigational_format? no_input = devise_mapping.no_input_strategies authenticated = if no_input.present? - args = no_input.dup.push :scope => resource_name + args = no_input.dup.push scope: resource_name warden.authenticate?(*args) else warden.authenticated?(resource_name) diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index cfcbc82181..f2d0726157 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -10,8 +10,8 @@ def devise_error_messages! messages = resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join sentence = I18n.t("errors.messages.not_saved", - :count => resource.errors.count, - :resource => resource.class.model_name.human.downcase) + count: resource.errors.count, + resource: resource.class.model_name.human.downcase) html = <<-HTML
diff --git a/lib/devise.rb b/lib/devise.rb index e5e3f9ed48..153751ea7a 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -350,8 +350,8 @@ def self.add_mapping(resource, options) # == Examples: # # Devise.add_module(:party_module) - # Devise.add_module(:party_module, :strategy => true, :controller => :sessions) - # Devise.add_module(:party_module, :model => 'party_module/model') + # Devise.add_module(:party_module, strategy: true, controller: :sessions) + # Devise.add_module(:party_module, model: 'party_module/model') # def self.add_module(module_name, options = {}) ALL << module_name @@ -449,7 +449,7 @@ def self.configure_warden! #:nodoc: warden_config.intercept_401 = false Devise.mappings.each_value do |mapping| - warden_config.scope_defaults mapping.name, :strategies => mapping.strategies + warden_config.scope_defaults mapping.name, strategies: mapping.strategies warden_config.serialize_into_session(mapping.name) do |record| mapping.to.serialize_into_session(record) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index d46f5a2ed1..1d3b2ef496 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -55,7 +55,7 @@ def #{mapping}_signed_in? end def current_#{mapping} - @current_#{mapping} ||= warden.authenticate(:scope => :#{mapping}) + @current_#{mapping} ||= warden.authenticate(scope: :#{mapping}) end def #{mapping}_session @@ -77,7 +77,7 @@ def warden # the controllers defined inside devise. Useful if you want to apply a before # filter to all controllers, except the ones in devise: # - # before_filter :my_filter, :unless => :devise_controller? + # before_filter :my_filter, unless: :devise_controller? def devise_controller? is_a?(::DeviseController) end @@ -121,10 +121,10 @@ def signed_in_root_path(resource_or_scope) # root path. For a user scope, you can define the default url in # the following way: # - # map.user_root '/users', :controller => 'users' # creates user_root_path + # map.user_root '/users', controller: 'users' # creates user_root_path # # map.namespace :user do |user| - # user.root :controller => 'users' # creates user_root_path + # user.root controller: 'users' # creates user_root_path # end # # If the resource root path is not defined, root_path is used. However, diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index c2958aabf2..76edfe89e5 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -31,11 +31,11 @@ def forget_cookie_values(resource) end def remember_cookie_values(resource) - options = { :httponly => true } + options = { httponly: true } options.merge!(forget_cookie_values(resource)) options.merge!( - :value => resource.class.serialize_into_cookie(resource), - :expires => resource.remember_expires_at + value: resource.class.serialize_into_cookie(resource), + expires: resource.remember_expires_at ) end diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 205a1e6e16..421819450e 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -7,7 +7,7 @@ module SignInOut # true if any scope is signed in. Does not run authentication hooks. def signed_in?(scope=nil) [ scope || Devise.mappings.keys ].flatten.any? do |_scope| - warden.authenticate?(:scope => _scope) + warden.authenticate?(scope: _scope) end end @@ -23,9 +23,9 @@ def signed_in?(scope=nil) # # sign_in :user, @user # sign_in(scope, resource) # sign_in @user # sign_in(resource) - # sign_in @user, :event => :authentication # sign_in(resource, options) - # sign_in @user, :store => false # sign_in(resource, options) - # sign_in @user, :bypass => true # sign_in(resource, options) + # sign_in @user, event: :authentication # sign_in(resource, options) + # sign_in @user, store: false # sign_in(resource, options) + # sign_in @user, bypass: true # sign_in(resource, options) # def sign_in(resource_or_scope, *args) options = args.extract_options! @@ -40,7 +40,7 @@ def sign_in(resource_or_scope, *args) # Do nothing. User already signed in and we are not forcing it. true else - warden.set_user(resource, options.merge!(:scope => scope)) + warden.set_user(resource, options.merge!(scope: scope)) end end @@ -56,11 +56,11 @@ def sign_in(resource_or_scope, *args) def sign_out(resource_or_scope=nil) return sign_out_all_scopes unless resource_or_scope scope = Devise::Mapping.find_scope!(resource_or_scope) - user = warden.user(:scope => scope, :run_callbacks => false) # If there is no user + user = warden.user(scope: scope, run_callbacks: false) # If there is no user warden.raw_session.inspect # Without this inspect here. The session does not clear. warden.logout(scope) - warden.clear_strategies_cache!(:scope => scope) + warden.clear_strategies_cache!(scope: scope) instance_variable_set(:"@current_#{scope}", nil) !!user @@ -70,7 +70,7 @@ def sign_out(resource_or_scope=nil) # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout # and false if there was no user logged in on all scopes. def sign_out_all_scopes(lock=true) - users = Devise.mappings.keys.map { |s| warden.user(:scope => s, :run_callbacks => false) } + users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } warden.raw_session.inspect warden.logout diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 34f6a5c5eb..fb5e4c79fe 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -15,7 +15,7 @@ class FailureApp < ActionController::Metal include Devise::Controllers::StoreLocation - delegate :flash, :to => :request + delegate :flash, to: :request def self.call(env) @respond ||= action(:respond) @@ -151,9 +151,9 @@ def http_auth_body return i18n_message unless request_format method = "to_#{request_format}" if method == "to_xml" - { :error => i18n_message }.to_xml(:root => "errors") + { error: i18n_message }.to_xml(root: "errors") elsif {}.respond_to?(method) - { :error => i18n_message }.send(method) + { error: i18n_message }.send(method) else i18n_message end diff --git a/lib/devise/hooks/activatable.rb b/lib/devise/hooks/activatable.rb index af32e2b011..0ec7c62d0c 100644 --- a/lib/devise/hooks/activatable.rb +++ b/lib/devise/hooks/activatable.rb @@ -6,6 +6,6 @@ if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication? scope = options[:scope] warden.logout(scope) - throw :warden, :scope => scope, :message => record.inactive_message + throw :warden, scope: scope, message: record.inactive_message end end diff --git a/lib/devise/hooks/lockable.rb b/lib/devise/hooks/lockable.rb index b7b1ea0842..50b726b7aa 100644 --- a/lib/devise/hooks/lockable.rb +++ b/lib/devise/hooks/lockable.rb @@ -1,6 +1,6 @@ # After each sign in, if resource responds to failed_attempts, sets it to 0 # This is only triggered when the user is explicitly set (with set_user) -Warden::Manager.after_set_user :except => :fetch do |record, warden, options| +Warden::Manager.after_set_user except: :fetch do |record, warden, options| if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope]) record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.to_i.zero? end diff --git a/lib/devise/hooks/proxy.rb b/lib/devise/hooks/proxy.rb index 096f624a4d..f27e1d0410 100644 --- a/lib/devise/hooks/proxy.rb +++ b/lib/devise/hooks/proxy.rb @@ -7,7 +7,7 @@ class Proxy #:nodoc: include Devise::Controllers::SignInOut attr_reader :warden - delegate :cookies, :env, :to => :warden + delegate :cookies, :env, to: :warden def initialize(warden) @warden = warden diff --git a/lib/devise/hooks/rememberable.rb b/lib/devise/hooks/rememberable.rb index f67e05d4dc..077be534ec 100644 --- a/lib/devise/hooks/rememberable.rb +++ b/lib/devise/hooks/rememberable.rb @@ -1,4 +1,4 @@ -Warden::Manager.after_set_user :except => :fetch do |record, warden, options| +Warden::Manager.after_set_user except: :fetch do |record, warden, options| scope = options[:scope] if record.respond_to?(:remember_me) && options[:store] != false && record.remember_me && warden.authenticated?(scope) diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index ac88ee906d..cc181747d0 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -18,7 +18,7 @@ record.reset_authentication_token! end - throw :warden, :scope => scope, :message => :timeout + throw :warden, scope: scope, message: :timeout end unless env['devise.skip_trackable'] diff --git a/lib/devise/hooks/trackable.rb b/lib/devise/hooks/trackable.rb index 0b4bc6613d..9bb212881b 100644 --- a/lib/devise/hooks/trackable.rb +++ b/lib/devise/hooks/trackable.rb @@ -2,7 +2,7 @@ # This is only triggered when the user is explicitly set (with set_user) # and on authentication. Retrieving the user from session (:fetch) does # not trigger it. -Warden::Manager.after_set_user :except => :fetch do |record, warden, options| +Warden::Manager.after_set_user except: :fetch do |record, warden, options| if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_trackable'] record.update_tracked_fields!(warden.request) end diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 06cd4b42de..60bf612b3f 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -27,12 +27,12 @@ def devise_mapping def headers_for(action, opts) headers = { - :subject => subject_for(action), - :to => resource.email, - :from => mailer_sender(devise_mapping), - :reply_to => mailer_reply_to(devise_mapping), - :template_path => template_paths, - :template_name => action + subject: subject_for(action), + to: resource.email, + from: mailer_sender(devise_mapping), + reply_to: mailer_reply_to(devise_mapping), + template_path: template_paths, + template_name: action }.merge(opts) @email = headers[:to] @@ -82,8 +82,8 @@ def template_paths # subject: '...' # def subject_for(key) - I18n.t(:"#{devise_mapping.name}_subject", :scope => [:devise, :mailer, key], - :default => [:subject, key.to_s.humanize]) + I18n.t(:"#{devise_mapping.name}_subject", scope: [:devise, :mailer, key], + default: [:subject, key.to_s.humanize]) end end end diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index b3dc5a95a8..78be957baf 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -29,7 +29,7 @@ module Models # It also accepts an array specifying the strategies that should allow params authentication. # # * +skip_session_storage+: By default Devise will store the user in session. - # By default is set to :skip_session_storage => [:http_auth]. + # By default is set to skip_session_storage: [:http_auth]. # # == active_for_authentication? # @@ -59,7 +59,7 @@ module Authenticatable :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] included do - class_attribute :devise_modules, :instance_writer => false + class_attribute :devise_modules, instance_writer: false self.devise_modules ||= [] before_validation :downcase_keys @@ -231,7 +231,7 @@ def http_authenticatable?(strategy) # Example: # # def self.find_for_authentication(tainted_conditions) - # find_first_by_auth_conditions(tainted_conditions, :active => true) + # find_first_by_auth_conditions(tainted_conditions, active: true) # end # # Finally, notice that Devise also queries for users in other scenarios diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 4a66b578e0..102c8cdb03 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -33,10 +33,10 @@ module Confirmable include ActionView::Helpers::DateHelper included do - before_create :generate_confirmation_token, :if => :confirmation_required? - after_create :send_on_create_confirmation_instructions, :if => :send_confirmation_notification? - before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, :if => :postpone_email_change? - after_update :send_reconfirmation_instructions, :if => :reconfirmation_required? + before_create :generate_confirmation_token, if: :confirmation_required? + after_create :send_on_create_confirmation_instructions, if: :send_confirmation_notification? + before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, if: :postpone_email_change? + after_update :send_reconfirmation_instructions, if: :reconfirmation_required? end def initialize(*args, &block) @@ -60,7 +60,7 @@ def confirm! pending_any_confirmation do if confirmation_period_expired? self.errors.add(:email, :confirmation_period_expired, - :period => Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago)) + period: Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago)) return false end @@ -73,9 +73,9 @@ def confirm! self.unconfirmed_email = nil # We need to validate in such cases to enforce e-mail uniqueness - save(:validate => true) + save(validate: true) else - save(:validate => false) + save(validate: false) end after_confirmation if saved @@ -98,7 +98,7 @@ def send_confirmation_instructions generate_confirmation_token! end - opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { } + opts = pending_reconfirmation? ? { to: unconfirmed_email } : { } send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts) end @@ -225,7 +225,7 @@ def generate_confirmation_token end def generate_confirmation_token! - generate_confirmation_token && save(:validate => false) + generate_confirmation_token && save(validate: false) end def postpone_email_change_until_confirmation_and_regenerate_confirmation_token diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index bb0744c13d..6049eab62c 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -4,7 +4,7 @@ module Devise # Digests the password using bcrypt. def self.bcrypt(klass, password) - ::BCrypt::Password.create("#{password}#{klass.pepper}", :cost => klass.stretches).to_s + ::BCrypt::Password.create("#{password}#{klass.pepper}", cost: klass.stretches).to_s end module Models diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 5efd484e89..4fd5c94f23 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -22,7 +22,7 @@ module Models module Lockable extend ActiveSupport::Concern - delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class" + delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, to: "self.class" def self.required_fields(klass) attributes = [] @@ -36,14 +36,14 @@ def self.required_fields(klass) # Lock a user setting its locked_at to actual time. # * +opts+: Hash options if you don't want to send email # when you lock access, you could pass the next hash - # `{ :send_instructions => false } as option`. + # `{ send_instructions: false } as option`. def lock_access!(opts = { }) self.locked_at = Time.now.utc if unlock_strategy_enabled?(:email) && opts.fetch(:send_instructions, true) send_unlock_instructions else - save(:validate => false) + save(validate: false) end end @@ -52,7 +52,7 @@ def unlock_access! self.locked_at = nil self.failed_attempts = 0 if respond_to?(:failed_attempts=) self.unlock_token = nil if respond_to?(:unlock_token=) - save(:validate => false) + save(validate: false) end # Verifies whether a user is locked or not. @@ -64,7 +64,7 @@ def access_locked? def send_unlock_instructions raw, enc = Devise.token_generator.generate(self.class, :unlock_token) self.unlock_token = enc - self.save(:validate => false) + self.save(validate: false) send_devise_notification(:unlock_instructions, raw, {}) raw end @@ -104,7 +104,7 @@ def valid_for_authentication? if attempts_exceeded? lock_access! unless access_locked? else - save(:validate => false) + save(validate: false) end false end diff --git a/lib/devise/models/omniauthable.rb b/lib/devise/models/omniauthable.rb index 92d10d311b..c1faf37a94 100644 --- a/lib/devise/models/omniauthable.rb +++ b/lib/devise/models/omniauthable.rb @@ -10,7 +10,7 @@ module Models # # * +omniauth_providers+: Which providers are available to this model. It expects an array: # - # devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter] + # devise_for :database_authenticatable, :omniauthable, omniauth_providers: [:twitter] # module Omniauthable extend ActiveSupport::Concern diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 3b4cfa3512..0ae4dbee52 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -49,7 +49,7 @@ def send_reset_password_instructions self.reset_password_token = enc self.reset_password_sent_at = Time.now.utc - self.save(:validate => false) + self.save(validate: false) send_devise_notification(:reset_password_instructions, raw, {}) raw diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 6c756e4427..94bf8fe6ac 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -50,7 +50,7 @@ def self.required_fields(klass) def remember_me!(extend_period=false) self.remember_token = self.class.remember_token if generate_remember_token? self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period) - save(:validate => false) if self.changed? + save(validate: false) if self.changed? end # If the record is persisted, remove the remember token (but only if @@ -59,7 +59,7 @@ def forget_me! return unless persisted? self.remember_token = nil if respond_to?(:remember_token=) self.remember_created_at = nil - save(:validate => false) + save(validate: false) end # Remember token should be expired if expiration time not overpass now. @@ -118,7 +118,7 @@ def serialize_from_cookie(id, remember_token) def remember_token #:nodoc: loop do token = Devise.friendly_token - break token unless to_adapter.find_first({ :remember_token => token }) + break token unless to_adapter.find_first({ remember_token: token }) end end diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index cfb70476a0..c701877449 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -27,7 +27,7 @@ def update_tracked_fields!(request) self.sign_in_count ||= 0 self.sign_in_count += 1 - save(:validate => false) or raise "Devise trackable could not save #{inspect}." \ + save(validate: false) or raise "Devise trackable could not save #{inspect}." \ "Please make sure a model using trackable can be saved at sign in." end end diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index bc8ae22553..2bfdf458b9 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -26,13 +26,13 @@ def self.included(base) assert_validations_api!(base) base.class_eval do - validates_presence_of :email, :if => :email_required? - validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed? - validates_format_of :email, :with => email_regexp, :allow_blank => true, :if => :email_changed? + validates_presence_of :email, if: :email_required? + validates_uniqueness_of :email, allow_blank: true, if: :email_changed? + validates_format_of :email, with: email_regexp, allow_blank: true, if: :email_changed? - validates_presence_of :password, :if => :password_required? - validates_confirmation_of :password, :if => :password_required? - validates_length_of :password, :within => password_length, :allow_blank => true + validates_presence_of :password, if: :password_required? + validates_confirmation_of :password, if: :password_required? + validates_length_of :password, within: password_length, allow_blank: true end end diff --git a/lib/devise/modules.rb b/lib/devise/modules.rb index b7cdc2f688..2af8820bd8 100644 --- a/lib/devise/modules.rb +++ b/lib/devise/modules.rb @@ -1,26 +1,26 @@ require 'active_support/core_ext/object/with_options' -Devise.with_options :model => true do |d| +Devise.with_options model: true do |d| # Strategies first - d.with_options :strategy => true do |s| + d.with_options strategy: true do |s| routes = [nil, :new, :destroy] - s.add_module :database_authenticatable, :controller => :sessions, :route => { :session => routes } - s.add_module :rememberable, :no_input => true + s.add_module :database_authenticatable, controller: :sessions, route: { session: routes } + s.add_module :rememberable, no_input: true end # Other authentications - d.add_module :omniauthable, :controller => :omniauth_callbacks, :route => :omniauth_callback + d.add_module :omniauthable, controller: :omniauth_callbacks, route: :omniauth_callback # Misc after routes = [nil, :new, :edit] - d.add_module :recoverable, :controller => :passwords, :route => { :password => routes } - d.add_module :registerable, :controller => :registrations, :route => { :registration => (routes << :cancel) } + d.add_module :recoverable, controller: :passwords, route: { password: routes } + d.add_module :registerable, controller: :registrations, route: { registration: (routes << :cancel) } d.add_module :validatable # The ones which can sign out after routes = [nil, :new] - d.add_module :confirmable, :controller => :confirmations, :route => { :confirmation => routes } - d.add_module :lockable, :controller => :unlocks, :route => { :unlock => routes } + d.add_module :confirmable, controller: :confirmations, route: { confirmation: routes } + d.add_module :lockable, controller: :unlocks, route: { unlock: routes } d.add_module :timeoutable # Stats for last, so we make sure the user is really signed in diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 8ffb971360..2951b14153 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -43,20 +43,20 @@ class Mapper # needed routes: # # # Session routes for Authenticatable (default) - # new_user_session GET /users/sign_in {:controller=>"devise/sessions", :action=>"new"} - # user_session POST /users/sign_in {:controller=>"devise/sessions", :action=>"create"} - # destroy_user_session DELETE /users/sign_out {:controller=>"devise/sessions", :action=>"destroy"} + # new_user_session GET /users/sign_in {controller:"devise/sessions", action:"new"} + # user_session POST /users/sign_in {controller:"devise/sessions", action:"create"} + # destroy_user_session DELETE /users/sign_out {controller:"devise/sessions", action:"destroy"} # # # Password routes for Recoverable, if User model has :recoverable configured - # new_user_password GET /users/password/new(.:format) {:controller=>"devise/passwords", :action=>"new"} - # edit_user_password GET /users/password/edit(.:format) {:controller=>"devise/passwords", :action=>"edit"} - # user_password PUT /users/password(.:format) {:controller=>"devise/passwords", :action=>"update"} - # POST /users/password(.:format) {:controller=>"devise/passwords", :action=>"create"} + # new_user_password GET /users/password/new(.:format) {controller:"devise/passwords", action:"new"} + # edit_user_password GET /users/password/edit(.:format) {controller:"devise/passwords", action:"edit"} + # user_password PUT /users/password(.:format) {controller:"devise/passwords", action:"update"} + # POST /users/password(.:format) {controller:"devise/passwords", action:"create"} # # # Confirmation routes for Confirmable, if User model has :confirmable configured - # new_user_confirmation GET /users/confirmation/new(.:format) {:controller=>"devise/confirmations", :action=>"new"} - # user_confirmation GET /users/confirmation(.:format) {:controller=>"devise/confirmations", :action=>"show"} - # POST /users/confirmation(.:format) {:controller=>"devise/confirmations", :action=>"create"} + # new_user_confirmation GET /users/confirmation/new(.:format) {controller:"devise/confirmations", action:"new"} + # user_confirmation GET /users/confirmation(.:format) {controller:"devise/confirmations", action:"show"} + # POST /users/confirmation(.:format) {controller:"devise/confirmations", action:"create"} # # ==== Routes integration # @@ -84,22 +84,22 @@ class Mapper # # You can configure your routes with some options: # - # * :class_name => setup a different class to be looked up by devise, if it cannot be + # * class_name: setup a different class to be looked up by devise, if it cannot be # properly found by the route name. # - # devise_for :users, :class_name => 'Account' + # devise_for :users, class_name: 'Account' # - # * :path => allows you to setup path name that will be used, as rails routes does. + # * path: allows you to setup path name that will be used, as rails routes does. # The following route configuration would setup your route as /accounts instead of /users: # - # devise_for :users, :path => 'accounts' + # devise_for :users, path: 'accounts' # - # * :singular => setup the singular name for the given resource. This is used as the instance variable + # * singular: setup the singular name for the given resource. This is used as the instance variable # name in controller, as the name in routes and the scope given to warden. # - # devise_for :users, :singular => :user + # devise_for :users, singular: :user # - # * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up, + # * path_names: configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up, # :password, :confirmation, :unlock. # # devise_for :users, path_names: { @@ -108,50 +108,50 @@ class Mapper # registration: 'register', edit: 'edit/profile' # } # - # * :controllers => the controller which should be used. All routes by default points to Devise controllers. + # * controllers: the controller which should be used. All routes by default points to Devise controllers. # However, if you want them to point to custom controller, you should do: # - # devise_for :users, :controllers => { :sessions => "users/sessions" } + # devise_for :users, controllers: { sessions: "users/sessions" } # - # * :failure_app => a rack app which is invoked whenever there is a failure. Strings representing a given + # * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given # are also allowed as parameter. # - # * :sign_out_via => the HTTP method(s) accepted for the :sign_out action (default: :get), + # * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get), # if you wish to restrict this to accept only :post or :delete requests you should do: # - # devise_for :users, :sign_out_via => [ :post, :delete ] + # devise_for :users, sign_out_via: [ :post, :delete ] # # You need to make sure that your sign_out controls trigger a request with a matching HTTP method. # - # * :module => the namespace to find controllers (default: "devise", thus + # * module: the namespace to find controllers (default: "devise", thus # accessing devise/sessions, devise/registrations, and so on). If you want # to namespace all at once, use module: # - # devise_for :users, :module => "users" + # devise_for :users, module: "users" # - # * :skip => tell which controller you want to skip routes from being created: + # * skip: tell which controller you want to skip routes from being created: # - # devise_for :users, :skip => :sessions + # devise_for :users, skip: :sessions # - # * :only => the opposite of :skip, tell which controllers only to generate routes to: + # * only: the opposite of :skip, tell which controllers only to generate routes to: # - # devise_for :users, :only => :sessions + # devise_for :users, only: :sessions # - # * :skip_helpers => skip generating Devise url helpers like new_session_path(@user). + # * skip_helpers: skip generating Devise url helpers like new_session_path(@user). # This is useful to avoid conflicts with previous routes and is false by default. # It accepts true as option, meaning it will skip all the helpers for the controllers # given in :skip but it also accepts specific helpers to be skipped: # - # devise_for :users, :skip => [:registrations, :confirmations], :skip_helpers => true - # devise_for :users, :skip_helpers => [:registrations, :confirmations] + # devise_for :users, skip: [:registrations, :confirmations], skip_helpers: true + # devise_for :users, skip_helpers: [:registrations, :confirmations] # - # * :format => include "(.:format)" in the generated routes? true by default, set to false to disable: + # * format: include "(.:format)" in the generated routes? true by default, set to false to disable: # - # devise_for :users, :format => false + # devise_for :users, format: false # - # * :constraints => works the same as Rails' constraints + # * constraints: works the same as Rails' constraints # - # * :defaults => works the same as Rails' defaults + # * defaults: works the same as Rails' defaults # # ==== Scoping # @@ -173,7 +173,7 @@ class Mapper # # class ApplicationController < ActionController::Base # def self.default_url_options - # { :locale => I18n.locale } + # { locale: I18n.locale } # end # end # @@ -198,7 +198,7 @@ class Mapper # In order to get Devise to recognize the deactivate action, your devise_scope entry should look like this: # # devise_scope :owner do - # post "deactivate", :to => "registrations#deactivate", :as => "deactivate_registration" + # post "deactivate", to: "registrations#deactivate", as: "deactivate_registration" # end # def devise_for(*resources) @@ -263,7 +263,7 @@ def devise_for(*resources) # end # # authenticate :user, lambda {|u| u.role == "admin"} do - # root :to => "admin/dashboard#show", :as => :user_root + # root to: "admin/dashboard#show", as: :user_root # end # def authenticate(scope=nil, block=nil) @@ -277,18 +277,18 @@ def authenticate(scope=nil, block=nil) # a model and allows extra constraints to be done on the instance. # # authenticated :admin do - # root :to => 'admin/dashboard#show', :as => :admin_root + # root to: 'admin/dashboard#show', as: :admin_root # end # # authenticated do - # root :to => 'dashboard#show', :as => :authenticated_root + # root to: 'dashboard#show', as: :authenticated_root # end # # authenticated :user, lambda {|u| u.role == "admin"} do - # root :to => "admin/dashboard#show", :as => :user_root + # root to: "admin/dashboard#show", as: :user_root # end # - # root :to => 'landing#show' + # root to: 'landing#show' # def authenticated(scope=nil, block=nil) constraints_for(:authenticate?, scope, block) do @@ -301,15 +301,15 @@ def authenticated(scope=nil, block=nil) # # unauthenticated do # as :user do - # root :to => 'devise/registrations#new' + # root to: 'devise/registrations#new' # end # end # - # root :to => 'dashboard#show' + # root to: 'dashboard#show' # def unauthenticated(scope=nil) constraint = lambda do |request| - not request.env["warden"].authenticate? :scope => scope + not request.env["warden"].authenticate? scope: scope end constraints(constraint) do @@ -322,7 +322,7 @@ def unauthenticated(scope=nil) # to which controller it is targetted. # # as :user do - # get "sign_in", :to => "devise/sessions#new" + # get "sign_in", to: "devise/sessions#new" # end # # Notice you cannot have two scopes mapping to the same URL. And remember, if @@ -354,42 +354,42 @@ def devise_scope(scope) protected def devise_session(mapping, controllers) #:nodoc: - resource :session, :only => [], :controller => controllers[:sessions], :path => "" do - get :new, :path => mapping.path_names[:sign_in], :as => "new" - post :create, :path => mapping.path_names[:sign_in] - match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => mapping.sign_out_via + resource :session, only: [], controller: controllers[:sessions], path: "" do + get :new, path: mapping.path_names[:sign_in], as: "new" + post :create, path: mapping.path_names[:sign_in] + match :destroy, path: mapping.path_names[:sign_out], as: "destroy", via: mapping.sign_out_via end end def devise_password(mapping, controllers) #:nodoc: - resource :password, :only => [:new, :create, :edit, :update], - :path => mapping.path_names[:password], :controller => controllers[:passwords] + resource :password, only: [:new, :create, :edit, :update], + path: mapping.path_names[:password], controller: controllers[:passwords] end def devise_confirmation(mapping, controllers) #:nodoc: - resource :confirmation, :only => [:new, :create, :show], - :path => mapping.path_names[:confirmation], :controller => controllers[:confirmations] + resource :confirmation, only: [:new, :create, :show], + path: mapping.path_names[:confirmation], controller: controllers[:confirmations] end def devise_unlock(mapping, controllers) #:nodoc: if mapping.to.unlock_strategy_enabled?(:email) - resource :unlock, :only => [:new, :create, :show], - :path => mapping.path_names[:unlock], :controller => controllers[:unlocks] + resource :unlock, only: [:new, :create, :show], + path: mapping.path_names[:unlock], controller: controllers[:unlocks] end end def devise_registration(mapping, controllers) #:nodoc: path_names = { - :new => mapping.path_names[:sign_up], - :edit => mapping.path_names[:edit], - :cancel => mapping.path_names[:cancel] + new: mapping.path_names[:sign_up], + edit: mapping.path_names[:edit], + cancel: mapping.path_names[:cancel] } options = { - :only => [:new, :create, :edit, :update, :destroy], - :path => mapping.path_names[:registration], - :path_names => path_names, - :controller => controllers[:registrations] + only: [:new, :create, :edit, :update, :destroy], + path: mapping.path_names[:registration], + path_names: path_names, + controller: controllers[:registrations] } resource :registration, options do @@ -405,16 +405,16 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: `skip: :omniauth_callbacks` and manually defining the routes. Here is an example: match "/users/auth/:provider", - :constraints => { :provider => /google|facebook/ }, - :to => "devise/omniauth_callbacks#passthru", - :as => :omniauth_authorize, - :via => [:get, :post] + constraints: { provider: /google|facebook/ }, + to: "devise/omniauth_callbacks#passthru", + as: :omniauth_authorize, + via: [:get, :post] match "/users/auth/:action/callback", - :constraints => { :action => /google|facebook/ }, - :to => "devise/omniauth_callbacks", - :as => :omniauth_callback, - :via => [:get, :post] + constraints: { action: /google|facebook/ }, + to: "devise/omniauth_callbacks", + as: :omniauth_callback, + via: [:get, :post] ERROR end @@ -426,16 +426,16 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s)) match "#{path_prefix}/:provider", - :constraints => { :provider => providers }, - :to => "#{controllers[:omniauth_callbacks]}#passthru", - :as => :omniauth_authorize, - :via => [:get, :post] + constraints: { provider: providers }, + to: "#{controllers[:omniauth_callbacks]}#passthru", + as: :omniauth_authorize, + via: [:get, :post] match "#{path_prefix}/:action/callback", - :constraints => { :action => providers }, - :to => controllers[:omniauth_callbacks], - :as => :omniauth_callback, - :via => [:get, :post] + constraints: { action: providers }, + to: controllers[:omniauth_callbacks], + as: :omniauth_callback, + via: [:get, :post] ensure @scope[:path] = path end @@ -446,7 +446,7 @@ def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: old = {} DEVISE_SCOPE_KEYS.each { |k| old[k] = @scope[k] } - new = { :as => new_as, :path => new_path, :module => nil } + new = { as: new_as, path: new_path, module: nil } new.merge!(options.slice(:constraints, :defaults, :options)) @scope.merge!(new) @@ -457,7 +457,7 @@ def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: def constraints_for(method_to_apply, scope=nil, block=nil) constraint = lambda do |request| - request.env['warden'].send(method_to_apply, :scope => scope) && + request.env['warden'].send(method_to_apply, scope: scope) && (block.nil? || block.call(request.env["warden"].user(scope))) end diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index 04070289f9..65adb60223 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -109,8 +109,8 @@ def _process_unauthenticated(env, options = {}) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a @controller.response.headers.merge!(headers) - @controller.send :render, :status => status, :text => response.body, - :content_type => headers["Content-Type"], :location => headers["Location"] + @controller.send :render, status: status, text: response.body, + content_type: headers["Content-Type"], location: headers["Location"] nil # causes process return @response end diff --git a/lib/devise/time_inflector.rb b/lib/devise/time_inflector.rb index cb311883f0..94795afdb6 100644 --- a/lib/devise/time_inflector.rb +++ b/lib/devise/time_inflector.rb @@ -6,7 +6,7 @@ class TimeInflector class << self attr_reader :instance - delegate :time_ago_in_words, :to => :instance + delegate :time_ago_in_words, to: :instance end @instance = new diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 28b529db2a..2d74d3f571 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -4,7 +4,7 @@ module ActiveRecord module Generators class DeviseGenerator < ActiveRecord::Generators::Base - argument :attributes, :type => :array, :default => [], :banner => "field:type field:type" + argument :attributes, type: :array, default: [], banner: "field:type field:type" include Devise::Generators::OrmHelpers source_root File.expand_path("../templates", __FILE__) @@ -18,7 +18,7 @@ def copy_devise_migration end def generate_model - invoke "active_record:model", [name], :migration => false unless model_exists? && behavior == :invoke + invoke "active_record:model", [name], migration: false unless model_exists? && behavior == :invoke end def inject_devise_content @@ -39,8 +39,8 @@ def inject_devise_content def migration_data < false, :default => "" - t.string :encrypted_password, :null => false, :default => "" + t.string :email, null: false, default: "" + t.string :encrypted_password, null: false, default: "" ## Recoverable t.string :reset_password_token @@ -50,7 +50,7 @@ def migration_data t.datetime :remember_created_at ## Trackable - t.integer :sign_in_count, :default => 0, :null => false + t.integer :sign_in_count, default: 0, null: false t.datetime :current_sign_in_at t.datetime :last_sign_in_at t.string :current_sign_in_ip @@ -63,7 +63,7 @@ def migration_data # t.string :unconfirmed_email # Only if using reconfirmable ## Lockable - # t.integer :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts + # t.integer :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts # t.string :unlock_token # Only if unlock strategy is :email or :both # t.datetime :locked_at RUBY diff --git a/lib/generators/active_record/templates/migration.rb b/lib/generators/active_record/templates/migration.rb index 5a9d240cd8..7145422648 100644 --- a/lib/generators/active_record/templates/migration.rb +++ b/lib/generators/active_record/templates/migration.rb @@ -10,9 +10,9 @@ def change t.timestamps end - add_index :<%= table_name %>, :email, :unique => true - add_index :<%= table_name %>, :reset_password_token, :unique => true - # add_index :<%= table_name %>, :confirmation_token, :unique => true - # add_index :<%= table_name %>, :unlock_token, :unique => true + add_index :<%= table_name %>, :email, unique: true + add_index :<%= table_name %>, :reset_password_token, unique: true + # add_index :<%= table_name %>, :confirmation_token, unique: true + # add_index :<%= table_name %>, :unlock_token, unique: true end end diff --git a/lib/generators/active_record/templates/migration_existing.rb b/lib/generators/active_record/templates/migration_existing.rb index cc49ca42df..1b0ff5dd61 100644 --- a/lib/generators/active_record/templates/migration_existing.rb +++ b/lib/generators/active_record/templates/migration_existing.rb @@ -11,10 +11,10 @@ def self.up # t.timestamps end - add_index :<%= table_name %>, :email, :unique => true - add_index :<%= table_name %>, :reset_password_token, :unique => true - # add_index :<%= table_name %>, :confirmation_token, :unique => true - # add_index :<%= table_name %>, :unlock_token, :unique => true + add_index :<%= table_name %>, :email, unique: true + add_index :<%= table_name %>, :reset_password_token, unique: true + # add_index :<%= table_name %>, :confirmation_token, unique: true + # add_index :<%= table_name %>, :unlock_token, unique: true end def self.down diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index d7555631e7..80503951db 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -13,12 +13,12 @@ class DeviseGenerator < Rails::Generators::NamedBase hook_for :orm - class_option :routes, :desc => "Generate routes", :type => :boolean, :default => true + class_option :routes, desc: "Generate routes", type: :boolean, default: true def add_devise_routes devise_route = "devise_for :#{plural_name}" - devise_route << %Q(, :class_name => "#{class_name}") if class_name.include?("::") - devise_route << %Q(, :skip => :all) unless options.routes? + devise_route << %Q(, class_name: "#{class_name}") if class_name.include?("::") + devise_route << %Q(, skip: :all) unless options.routes? route devise_route end end diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 79fbf57011..d8acdec68f 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -9,12 +9,12 @@ module ViewPathTemplates #:nodoc: extend ActiveSupport::Concern included do - argument :scope, :required => false, :default => nil, - :desc => "The scope to copy views to" + argument :scope, required: false, default: nil, + desc: "The scope to copy views to" # Le sigh, ensure Thor won't handle opts as args # It should be fixed in future Rails releases - class_option :form_builder, :aliases => "-b" + class_option :form_builder, aliases: "-b" class_option :markerb public_task :copy_views @@ -107,18 +107,18 @@ def target_path class ViewsGenerator < Rails::Generators::Base desc "Copies Devise views to your application." - argument :scope, :required => false, :default => nil, - :desc => "The scope to copy views to" + argument :scope, required: false, default: nil, + desc: "The scope to copy views to" invoke SharedViewsGenerator - hook_for :form_builder, :aliases => "-b", - :desc => "Form builder to be used", - :default => defined?(SimpleForm) ? "simple_form_for" : "form_for" + hook_for :form_builder, aliases: "-b", + desc: "Form builder to be used", + default: defined?(SimpleForm) ? "simple_form_for" : "form_for" - hook_for :markerb, :desc => "Generate markerb instead of erb mail views", - :default => defined?(Markerb) ? :markerb : :erb, - :type => :boolean + hook_for :markerb, desc: "Generate markerb instead of erb mail views", + default: defined?(Markerb) ? :markerb : :erb, + type: :boolean end end end diff --git a/lib/generators/mongoid/devise_generator.rb b/lib/generators/mongoid/devise_generator.rb index 213c953371..4ff57f06a4 100644 --- a/lib/generators/mongoid/devise_generator.rb +++ b/lib/generators/mongoid/devise_generator.rb @@ -11,43 +11,43 @@ def generate_model end def inject_field_types - inject_into_file model_path, migration_data, :after => "include Mongoid::Document\n" if model_exists? + inject_into_file model_path, migration_data, after: "include Mongoid::Document\n" if model_exists? end def inject_devise_content - inject_into_file model_path, model_contents, :after => "include Mongoid::Document\n" if model_exists? + inject_into_file model_path, model_contents, after: "include Mongoid::Document\n" if model_exists? end def migration_data < String, :default => "" - field :encrypted_password, :type => String, :default => "" + field :email, type: String, default: "" + field :encrypted_password, type: String, default: "" ## Recoverable - field :reset_password_token, :type => String - field :reset_password_sent_at, :type => Time + field :reset_password_token, type: String + field :reset_password_sent_at, type: Time ## Rememberable - field :remember_created_at, :type => Time + field :remember_created_at, type: Time ## Trackable - field :sign_in_count, :type => Integer, :default => 0 - field :current_sign_in_at, :type => Time - field :last_sign_in_at, :type => Time - field :current_sign_in_ip, :type => String - field :last_sign_in_ip, :type => String + field :sign_in_count, type: Integer, default: 0 + field :current_sign_in_at, type: Time + field :last_sign_in_at, type: Time + field :current_sign_in_ip, type: String + field :last_sign_in_ip, type: String ## Confirmable - # field :confirmation_token, :type => String - # field :confirmed_at, :type => Time - # field :confirmation_sent_at, :type => Time - # field :unconfirmed_email, :type => String # Only if using reconfirmable + # field :confirmation_token, type: String + # field :confirmed_at, type: Time + # field :confirmation_sent_at, type: Time + # field :unconfirmed_email, type: String # Only if using reconfirmable ## Lockable - # field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts - # field :unlock_token, :type => String # Only if unlock strategy is :email or :both - # field :locked_at, :type => Time + # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts + # field :unlock_token, type: String # Only if unlock strategy is :email or :both + # field :locked_at, type: Time RUBY end end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index bcf925bac0..b56ef580db 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -80,7 +80,7 @@ # particular strategies by setting this option. # Notice that if you are skipping storage for all authentication paths, you # may want to disable generating routes to Devise's sessions controller by - # passing :skip => :sessions to `devise_for` in your config/routes.rb + # passing skip: :sessions to `devise_for` in your config/routes.rb config.skip_session_storage = [:http_auth] # By default, Devise cleans up the CSRF token on authentication to @@ -134,7 +134,7 @@ # config.extend_remember_period = false # Options to be passed to the created cookie. For instance, you can set - # :secure => true in order to force SSL only cookies. + # secure: true in order to force SSL only cookies. # config.rememberable_options = {} # ==> Configuration for :validatable @@ -231,7 +231,7 @@ # ==> OmniAuth # Add a new OmniAuth provider. Check the wiki for more information on setting # up on your models and hooks. - # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo' + # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' # ==> Warden configuration # If you want to use other strategies, that are not supported by Devise, or @@ -239,7 +239,7 @@ # # config.warden do |manager| # manager.intercept_401 = false - # manager.default_strategies(:scope => :user).unshift :some_external_strategy + # manager.default_strategies(scope: :user).unshift :some_external_strategy # end # ==> Mountable engine configurations diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 3abd0e19c8..4a7b648415 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -14,81 +14,81 @@ def setup end test 'proxy signed_in?(scope) to authenticate?' do - @mock_warden.expects(:authenticate?).with(:scope => :my_scope) + @mock_warden.expects(:authenticate?).with(scope: :my_scope) @controller.signed_in?(:my_scope) end test 'proxy signed_in?(nil) to authenticate?' do Devise.mappings.keys.each do |scope| # :user, :admin, :manager - @mock_warden.expects(:authenticate?).with(:scope => scope) + @mock_warden.expects(:authenticate?).with(scope: scope) end @controller.signed_in? end test 'proxy current_user to authenticate with user scope' do - @mock_warden.expects(:authenticate).with(:scope => :user) + @mock_warden.expects(:authenticate).with(scope: :user) @controller.current_user end test 'proxy current_admin to authenticate with admin scope' do - @mock_warden.expects(:authenticate).with(:scope => :admin) + @mock_warden.expects(:authenticate).with(scope: :admin) @controller.current_admin end test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do - @mock_warden.expects(:authenticate).with(:scope => :publisher_account) + @mock_warden.expects(:authenticate).with(scope: :publisher_account) @controller.current_publisher_account end test 'proxy authenticate_user! to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with(:scope => :user) + @mock_warden.expects(:authenticate!).with(scope: :user) @controller.authenticate_user! end test 'proxy authenticate_user! options to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with(:scope => :user, :recall => "foo") - @controller.authenticate_user!(:recall => "foo") + @mock_warden.expects(:authenticate!).with(scope: :user, recall: "foo") + @controller.authenticate_user!(recall: "foo") end test 'proxy authenticate_admin! to authenticate with admin scope' do - @mock_warden.expects(:authenticate!).with(:scope => :admin) + @mock_warden.expects(:authenticate!).with(scope: :admin) @controller.authenticate_admin! end test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do - @mock_warden.expects(:authenticate!).with(:scope => :publisher_account) + @mock_warden.expects(:authenticate!).with(scope: :publisher_account) @controller.authenticate_publisher_account! end test 'proxy user_signed_in? to authenticate with user scope' do - @mock_warden.expects(:authenticate).with(:scope => :user).returns("user") + @mock_warden.expects(:authenticate).with(scope: :user).returns("user") assert @controller.user_signed_in? end test 'proxy admin_signed_in? to authenticatewith admin scope' do - @mock_warden.expects(:authenticate).with(:scope => :admin) + @mock_warden.expects(:authenticate).with(scope: :admin) assert_not @controller.admin_signed_in? end test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do - @mock_warden.expects(:authenticate).with(:scope => :publisher_account) + @mock_warden.expects(:authenticate).with(scope: :publisher_account) @controller.publisher_account_signed_in? end test 'proxy user_session to session scope in warden' do - @mock_warden.expects(:authenticate).with(:scope => :user).returns(true) + @mock_warden.expects(:authenticate).with(scope: :user).returns(true) @mock_warden.expects(:session).with(:user).returns({}) @controller.user_session end test 'proxy admin_session to session scope in warden' do - @mock_warden.expects(:authenticate).with(:scope => :admin).returns(true) + @mock_warden.expects(:authenticate).with(scope: :admin).returns(true) @mock_warden.expects(:session).with(:admin).returns({}) @controller.admin_session end test 'proxy publisher_account_session from namespaced scope to session scope in warden' do - @mock_warden.expects(:authenticate).with(:scope => :publisher_account).returns(true) + @mock_warden.expects(:authenticate).with(scope: :publisher_account).returns(true) @mock_warden.expects(:session).with(:publisher_account).returns({}) @controller.publisher_account_session end @@ -96,14 +96,14 @@ def setup test 'sign in proxy to set_user on warden' do user = User.new @mock_warden.expects(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true) + @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) @controller.sign_in(:user, user) end test 'sign in accepts a resource as argument' do user = User.new @mock_warden.expects(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true) + @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) @controller.sign_in(user) end @@ -117,15 +117,15 @@ def setup test 'sign in again when the user is already in only if force is given' do user = User.new @mock_warden.expects(:user).returns(user) - @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true) - @controller.sign_in(user, :force => true) + @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @controller.sign_in(user, force: true) end test 'sign in accepts bypass as option' do user = User.new @mock_warden.expects(:session_serializer).returns(serializer = mock()) serializer.expects(:store).with(user, :user) - @controller.sign_in(user, :bypass => true) + @controller.sign_in(user, bypass: true) end test 'sign out clears up any signed in user from all scopes' do @@ -141,18 +141,18 @@ def setup test 'sign out logs out and clears up any signed in user by scope' do user = User.new - @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(user) + @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(user) @mock_warden.expects(:logout).with(:user).returns(true) - @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true) + @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true) @controller.instance_variable_set(:@current_user, user) @controller.sign_out(:user) assert_equal nil, @controller.instance_variable_get(:@current_user) end test 'sign out accepts a resource as argument' do - @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(true) + @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(true) @mock_warden.expects(:logout).with(:user).returns(true) - @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true) + @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true) @controller.sign_out(User.new) end @@ -227,7 +227,7 @@ def setup user = User.new @controller.session[:user_return_to] = "/foo.bar" @mock_warden.expects(:user).with(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true) + @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) @controller.expects(:redirect_to).with("/foo.bar") @controller.sign_in_and_redirect(user) end @@ -235,7 +235,7 @@ def setup test 'sign in and redirect uses the configured after sign in path' do admin = Admin.new @mock_warden.expects(:user).with(:admin).returns(nil) - @mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true) + @mock_warden.expects(:set_user).with(admin, scope: :admin).returns(true) @controller.expects(:redirect_to).with(admin_root_path) @controller.sign_in_and_redirect(admin) end @@ -249,10 +249,10 @@ def setup end test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do - swap Devise, :sign_out_all_scopes => false do - @mock_warden.expects(:user).with(:scope => :admin, :run_callbacks => false).returns(true) + swap Devise, sign_out_all_scopes: false do + @mock_warden.expects(:user).with(scope: :admin, run_callbacks: false).returns(true) @mock_warden.expects(:logout).with(:admin).returns(true) - @mock_warden.expects(:clear_strategies_cache!).with(:scope => :admin).returns(true) + @mock_warden.expects(:clear_strategies_cache!).with(scope: :admin).returns(true) @controller.expects(:redirect_to).with(admin_root_path) @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end" @controller.sign_out_and_redirect(:admin) @@ -260,7 +260,7 @@ def setup end test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do - swap Devise, :sign_out_all_scopes => true do + swap Devise, sign_out_all_scopes: true do @mock_warden.expects(:user).times(Devise.mappings.size) @mock_warden.expects(:logout).with().returns(true) @mock_warden.expects(:clear_strategies_cache!).with().returns(true) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 07aa6b959a..914bab73e0 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -55,7 +55,7 @@ def setup end test 'require no authentication tests current mapping' do - @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true) + @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true) @mock_warden.expects(:user).with(:user).returns(User.new) @controller.expects(:redirect_to).with(root_path) @controller.send :require_no_authentication @@ -71,7 +71,7 @@ def setup end test 'require no authentication sets a flash message' do - @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true) + @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true) @mock_warden.expects(:user).with(:user).returns(User.new) @controller.expects(:redirect_to).with(root_path) @controller.send :require_no_authentication @@ -79,7 +79,7 @@ def setup end test 'signed in resource returns signed in resource for current scope' do - @mock_warden.expects(:authenticate).with(:scope => :user).returns(User.new) + @mock_warden.expects(:authenticate).with(scope: :user).returns(User.new) assert_kind_of User, @controller.signed_in_resource end @@ -100,21 +100,21 @@ def setup end test 'uses custom i18n options' do - @controller.stubs(:devise_i18n_options).returns(:default => "devise custom options") + @controller.stubs(:devise_i18n_options).returns(default: "devise custom options") @controller.send :set_flash_message, :notice, :invalid_i18n_messagesend_instructions assert_equal 'devise custom options', flash[:notice] end test 'allows custom i18n options to override resource_name' do I18n.expects(:t).with("custom_resource_name.confirmed", anything) - @controller.stubs(:devise_i18n_options).returns(:resource_name => "custom_resource_name") + @controller.stubs(:devise_i18n_options).returns(resource_name: "custom_resource_name") @controller.send :set_flash_message, :notice, :confirmed end test 'navigational_formats not returning a wild card' do MyController.send(:public, :navigational_formats) - swap Devise, :navigational_formats => ['*/*', :html] do + swap Devise, navigational_formats: ['*/*', :html] do assert_not @controller.navigational_formats.include?("*/*") end diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 38ee07d928..f82d1e9dff 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -12,9 +12,9 @@ class SessionsControllerTest < ActionController::TestCase request.env["devise.mapping"] = Devise.mappings[:user] request.session["user_return_to"] = 'foo.bar' create_user - post :create, :user => { - :email => "wrong@email.com", - :password => "wrongpassword" + post :create, user: { + email: "wrong@email.com", + password: "wrongpassword" } assert_equal 200, @response.status ensure @@ -23,7 +23,7 @@ class SessionsControllerTest < ActionController::TestCase end test "#create works even with scoped views" do - swap Devise, :scoped_views => true do + swap Devise, scoped_views: true do request.env["devise.mapping"] = Devise.mappings[:user] post :create assert_equal 200, @response.status @@ -37,9 +37,9 @@ class SessionsControllerTest < ActionController::TestCase user = create_user user.confirm! - post :create, :user => { - :email => user.email, - :password => user.password + post :create, user: { + email: user.email, + password: user.password } assert_nil request.session["user_return_to"] @@ -51,9 +51,9 @@ class SessionsControllerTest < ActionController::TestCase user = create_user user.confirm! - post :create, :format => 'json', :user => { - :email => user.email, - :password => user.password + post :create, format: 'json', user: { + email: user.email, + password: user.password } assert_equal 'foo.bar', request.session["user_return_to"] @@ -61,9 +61,9 @@ class SessionsControllerTest < ActionController::TestCase test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do request.env["devise.mapping"] = Devise.mappings[:user] - post :create, :user => { - :email => "nosuchuser@example.com", - :password => "wevdude" + post :create, user: { + email: "nosuchuser@example.com", + password: "wevdude" } assert_equal 200, @response.status assert_template "devise/sessions/new" @@ -73,12 +73,12 @@ class SessionsControllerTest < ActionController::TestCase request.env["devise.mapping"] = Devise.mappings[:user] user = create_user user.confirm! - post :create, :format => 'json', :user => { - :email => user.email, - :password => user.password + post :create, format: 'json', user: { + email: user.email, + password: user.password } - delete :destroy, :format => 'json' + delete :destroy, format: 'json' assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}" assert_equal 204, @response.status end @@ -92,7 +92,7 @@ class SessionsControllerTest < ActionController::TestCase begin assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do - get :new, :user => { :email => "allez viens!" } + get :new, user: { email: "allez viens!" } end ensure ActiveRecord::Base.mass_assignment_sanitizer = :logger diff --git a/test/controllers/url_helpers_test.rb b/test/controllers/url_helpers_test.rb index 1b82bb8fff..23ba5f15ac 100644 --- a/test/controllers/url_helpers_test.rb +++ b/test/controllers/url_helpers_test.rb @@ -14,10 +14,10 @@ def assert_path_and_url(name, prepend_path=nil) send(:"#{prepend_path}user_#{name}_url") # Default url params - assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, :param => 123), - send(:"#{prepend_path}user_#{name}_path", :param => 123) - assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, :param => 123), - send(:"#{prepend_path}user_#{name}_url", :param => 123) + assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, param: 123), + send(:"#{prepend_path}user_#{name}_path", param: 123) + assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, param: 123), + send(:"#{prepend_path}user_#{name}_url", param: 123) @request.path = nil # With an object diff --git a/test/delegator_test.rb b/test/delegator_test.rb index 1618be1053..65dda06e96 100644 --- a/test/delegator_test.rb +++ b/test/delegator_test.rb @@ -14,6 +14,6 @@ def delegator end test 'failure_app returns associated failure app by scope in the given environment' do - assert_kind_of Proc, delegator.failure_app({"warden.options" => {:scope => "manager"}}) + assert_kind_of Proc, delegator.failure_app({"warden.options" => {scope: "manager"}}) end end diff --git a/test/devise_test.rb b/test/devise_test.rb index 27f46811c9..2ee39a99e4 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -23,7 +23,7 @@ class DeviseTest < ActiveSupport::TestCase end test 'model options can be configured through Devise' do - swap Devise, :allow_unconfirmed_access_for => 113, :pepper => "foo" do + swap Devise, allow_unconfirmed_access_for: 113, pepper: "foo" do assert_equal 113, Devise.allow_unconfirmed_access_for assert_equal "foo", Devise.pepper end @@ -60,12 +60,12 @@ class DeviseTest < ActiveSupport::TestCase assert_not defined?(Devise::Models::Coconut) Devise::ALL.delete(:coconut) - assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => :fruits) } + assert_nothing_raised(Exception) { Devise.add_module(:banana, strategy: :fruits) } assert_equal :fruits, Devise::STRATEGIES[:banana] Devise::ALL.delete(:banana) Devise::STRATEGIES.delete(:banana) - assert_nothing_raised(Exception) { Devise.add_module(:kivi, :controller => :fruits) } + assert_nothing_raised(Exception) { Devise.add_module(:kivi, controller: :fruits) } assert_equal :fruits, Devise::CONTROLLERS[:kivi] Devise::ALL.delete(:kivi) Devise::CONTROLLERS.delete(:kivi) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index bab34c28e5..a057b1da8d 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -10,7 +10,7 @@ def fake_app class FailureWithI18nOptions < Devise::FailureApp def i18n_options(options) - options.merge(:name => 'Steve') + options.merge(name: 'Steve') end end @@ -23,11 +23,11 @@ def call_failure(env_params={}) 'REQUEST_URI' => 'http://test.host/', 'HTTP_HOST' => 'test.host', 'REQUEST_METHOD' => 'GET', - 'warden.options' => { :scope => :user }, + 'warden.options' => { scope: :user }, 'rack.session' => {}, 'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime::HTML), 'rack.input' => "", - 'warden' => OpenStruct.new(:message => nil) + 'warden' => OpenStruct.new(message: nil) }.merge!(env_params) @response = (env.delete(:app) || Devise::FailureApp).call(env).to_a @@ -49,8 +49,8 @@ def call_failure(env_params={}) end test 'returns to the root path if no session path is available' do - swap Devise, :router_name => :fake_app do - call_failure :app => RootFailureApp + swap Devise, router_name: :fake_app do + call_failure app: RootFailureApp assert_equal 302, @response.first assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] assert_equal 'http://test.host/', @response.second['Location'] @@ -59,7 +59,7 @@ def call_failure(env_params={}) if Rails.application.config.respond_to?(:relative_url_root) test 'returns to the default redirect location considering the relative url root' do - swap Rails.application.config, :relative_url_root => "/sample" do + swap Rails.application.config, relative_url_root: "/sample" do call_failure assert_equal 302, @response.first assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location'] @@ -68,18 +68,18 @@ def call_failure(env_params={}) end test 'uses the proxy failure message as symbol' do - call_failure('warden' => OpenStruct.new(:message => :invalid)) + call_failure('warden' => OpenStruct.new(message: :invalid)) assert_equal 'Invalid email or password.', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'uses custom i18n options' do - call_failure('warden' => OpenStruct.new(:message => :does_not_exist), :app => FailureWithI18nOptions) + call_failure('warden' => OpenStruct.new(message: :does_not_exist), app: FailureWithI18nOptions) assert_equal 'User Steve does not exist', @request.flash[:alert] end test 'uses the proxy failure message as string' do - call_failure('warden' => OpenStruct.new(:message => 'Hello world')) + call_failure('warden' => OpenStruct.new(message: 'Hello world')) assert_equal 'Hello world', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end @@ -97,14 +97,14 @@ def call_failure(env_params={}) end test 'works for any navigational format' do - swap Devise, :navigational_formats => [:xml] do + swap Devise, navigational_formats: [:xml] do call_failure('formats' => Mime::XML) assert_equal 302, @response.first end end test 'redirects the correct format if it is a non-html format request' do - swap Devise, :navigational_formats => [:js] do + swap Devise, navigational_formats: [:js] do call_failure('formats' => Mime::JS) assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"] end @@ -140,28 +140,28 @@ def call_failure(env_params={}) end test 'does not return WWW-authenticate headers if model does not allow' do - swap Devise, :http_authenticatable => false do + swap Devise, http_authenticatable: false do call_failure('formats' => Mime::XML) assert_nil @response.second["WWW-Authenticate"] end end test 'works for any non navigational format' do - swap Devise, :navigational_formats => [] do + swap Devise, navigational_formats: [] do call_failure('formats' => Mime::HTML) assert_equal 401, @response.first end end test 'uses the failure message as response body' do - call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(:message => :invalid)) + call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(message: :invalid)) assert_match 'Invalid email or password.', @response.third.body end context 'on ajax call' do context 'when http_authenticatable_on_xhr is false' do test 'dont return 401 with navigational formats' do - swap Devise, :http_authenticatable_on_xhr => false do + swap Devise, http_authenticatable_on_xhr: false do call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first assert_equal 'http://test.host/users/sign_in', @response.second["Location"] @@ -169,7 +169,7 @@ def call_failure(env_params={}) end test 'dont return 401 with non navigational formats' do - swap Devise, :http_authenticatable_on_xhr => false do + swap Devise, http_authenticatable_on_xhr: false do call_failure('formats' => Mime::JSON, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"] @@ -179,14 +179,14 @@ def call_failure(env_params={}) context 'when http_authenticatable_on_xhr is true' do test 'return 401' do - swap Devise, :http_authenticatable_on_xhr => true do + swap Devise, http_authenticatable_on_xhr: true do call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 401, @response.first end end test 'skip WWW-Authenticate header' do - swap Devise, :http_authenticatable_on_xhr => true do + swap Devise, http_authenticatable_on_xhr: true do call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_nil @response.second['WWW-Authenticate'] end @@ -198,7 +198,7 @@ def call_failure(env_params={}) context 'With recall' do test 'calls the original controller if invalid email or password' do env = { - "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in" }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } @@ -209,7 +209,7 @@ def call_failure(env_params={}) test 'calls the original controller if not confirmed email' do env = { - "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :unconfirmed }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :unconfirmed }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } @@ -220,7 +220,7 @@ def call_failure(env_params={}) test 'calls the original controller if inactive account' do env = { - "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :inactive }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :inactive }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index d78c48f820..885e8ad7ea 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -30,10 +30,10 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase run_generator %w(monster) assert_migration "db/migrate/devise_create_monsters.rb" assert_migration "db/migrate/add_devise_to_monsters.rb" - run_generator %w(monster), :behavior => :revoke + run_generator %w(monster), behavior: :revoke assert_no_migration "db/migrate/add_devise_to_monsters.rb" assert_migration "db/migrate/devise_create_monsters.rb" - run_generator %w(monster), :behavior => :revoke + run_generator %w(monster), behavior: :revoke assert_no_file "app/models/monster.rb" assert_no_migration "db/migrate/devise_create_monsters.rb" end @@ -47,11 +47,11 @@ class Engine < Rails::Engine def simulate_inside_engine(engine, namespace) if Rails::Generators.respond_to?(:namespace=) - swap Rails::Generators, :namespace => namespace do + swap Rails::Generators, namespace: namespace do yield end else - swap Rails, :application => engine.instance do + swap Rails, application: engine.instance do yield end end diff --git a/test/generators/devise_generator_test.rb b/test/generators/devise_generator_test.rb index 292e0ab2fe..b88246801e 100644 --- a/test/generators/devise_generator_test.rb +++ b/test/generators/devise_generator_test.rb @@ -18,13 +18,13 @@ class DeviseGeneratorTest < Rails::Generators::TestCase test "route generation for namespaced model names" do run_generator %w(monster/goblin name:string) - match = /devise_for :goblins, :class_name => "Monster::Goblin"/ + match = /devise_for :goblins, class_name: "Monster::Goblin"/ assert_file "config/routes.rb", match end test "route generation with skip routes" do run_generator %w(monster name:string --skip-routes) - match = /devise_for :monsters, :skip => :all/ + match = /devise_for :monsters, skip: :all/ assert_file "config/routes.rb", match end diff --git a/test/generators/mongoid_generator_test.rb b/test/generators/mongoid_generator_test.rb index 1d0a1b26ad..51802e8e16 100644 --- a/test/generators/mongoid_generator_test.rb +++ b/test/generators/mongoid_generator_test.rb @@ -15,7 +15,7 @@ class MongoidGeneratorTest < Rails::Generators::TestCase test "all files are properly deleted" do run_generator %w(monster) - run_generator %w(monster), :behavior => :revoke + run_generator %w(monster), behavior: :revoke assert_no_file "app/models/monster.rb" end end diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index f4044514bb..ee9674c859 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -33,7 +33,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase test "Assert views with markerb" do run_generator %w(--markerb) - assert_files nil, :mail_template_engine => "markerb" + assert_files nil, mail_template_engine: "markerb" end def assert_files(scope = nil, options={}) diff --git a/test/helpers/devise_helper_test.rb b/test/helpers/devise_helper_test.rb index f37682e20f..540e7a3ac9 100644 --- a/test/helpers/devise_helper_test.rb +++ b/test/helpers/devise_helper_test.rb @@ -2,16 +2,16 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest setup do - model_labels = { :models => { :user => "utilisateur" } } + model_labels = { models: { user: "utilisateur" } } I18n.backend.store_translations :fr, { - :errors => { :messages => { :not_saved => { - :one => "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.", - :other => "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs." + errors: { messages: { not_saved: { + one: "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.", + other: "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs." } } }, - :activerecord => model_labels, - :mongoid => model_labels + activerecord: model_labels, + mongoid: model_labels } I18n.locale = 'fr' @@ -24,8 +24,8 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest test 'test errors.messages.not_saved with single error from i18n' do get new_user_registration_path - fill_in 'password', :with => 'new_user123' - fill_in 'password confirmation', :with => 'new_user123' + fill_in 'password', with: 'new_user123' + fill_in 'password confirmation', with: 'new_user123' click_button 'Sign up' assert_have_selector '#error_explanation' @@ -39,9 +39,9 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest get new_user_registration_path - fill_in 'email', :with => 'invalid_email' - fill_in 'password', :with => 'new_user123' - fill_in 'password confirmation', :with => 'new_user321' + fill_in 'email', with: 'invalid_email' + fill_in 'password', with: 'new_user123' + fill_in 'password confirmation', with: 'new_user321' click_button 'Sign up' assert_have_selector '#error_explanation' diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index f44a686a3c..039408322c 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -27,7 +27,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest end test 'sign out as user should not touch admin authentication if sign_out_all_scopes is false' do - swap Devise, :sign_out_all_scopes => false do + swap Devise, sign_out_all_scopes: false do sign_in_as_user sign_in_as_admin get destroy_user_session_path @@ -37,7 +37,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest end test 'sign out as admin should not touch user authentication if sign_out_all_scopes is false' do - swap Devise, :sign_out_all_scopes => false do + swap Devise, sign_out_all_scopes: false do sign_in_as_user sign_in_as_admin @@ -48,7 +48,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest end test 'sign out as user should also sign out admin if sign_out_all_scopes is true' do - swap Devise, :sign_out_all_scopes => true do + swap Devise, sign_out_all_scopes: true do sign_in_as_user sign_in_as_admin @@ -59,7 +59,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest end test 'sign out as admin should also sign out user if sign_out_all_scopes is true' do - swap Devise, :sign_out_all_scopes => true do + swap Devise, sign_out_all_scopes: true do sign_in_as_user sign_in_as_admin @@ -162,7 +162,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest end test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do - sign_in_as_admin(:active => false) + sign_in_as_admin(active: false) assert warden.authenticated?(:admin) assert_not warden.authenticated?(:user) @@ -172,7 +172,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest end test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do - sign_in_as_admin(:active => true) + sign_in_as_admin(active: true) assert warden.authenticated?(:admin) assert_not warden.authenticated?(:user) @@ -214,7 +214,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest end test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do - sign_in_as_admin(:active => false) + sign_in_as_admin(active: false) assert warden.authenticated?(:admin) assert_not warden.authenticated?(:user) @@ -224,7 +224,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest end test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do - sign_in_as_admin(:active => true) + sign_in_as_admin(active: true) assert warden.authenticated?(:admin) assert_not warden.authenticated?(:user) @@ -277,7 +277,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest assert_equal users_path, session[:"user_return_to"] follow_redirect! - sign_in_as_user :visit => false + sign_in_as_user visit: false assert_current_url '/users' assert_nil session[:"user_return_to"] @@ -293,7 +293,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest assert_equal users_path, session[:"user_return_to"] follow_redirect! - sign_in_as_user :visit => false + sign_in_as_user visit: false assert_current_url '/users' assert_nil session[:"user_return_to"] @@ -392,7 +392,7 @@ def serialize(record) class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest test 'renders the scoped view if turned on and view is available' do - swap Devise, :scoped_views => true do + swap Devise, scoped_views: true do assert_raise Webrat::NotFoundError do sign_in_as_user end @@ -415,7 +415,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest end test 'does not render the scoped view if turned off' do - swap Devise, :scoped_views => false do + swap Devise, scoped_views: false do assert_nothing_raised do sign_in_as_user end @@ -423,7 +423,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest end test 'does not render the scoped view if not available' do - swap Devise, :scoped_views => true do + swap Devise, scoped_views: true do assert_nothing_raised do sign_in_as_admin end @@ -433,7 +433,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'handles unverified requests gets rid of caches' do - swap ApplicationController, :allow_forgery_protection => true do + swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) assert_not warden.authenticated?(:user) @@ -473,12 +473,12 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'sign in with script name' do assert_nothing_raised do get new_user_session_path, {}, "SCRIPT_NAME" => "/omg" - fill_in "email", :with => "user@test.com" + fill_in "email", with: "user@test.com" end end test 'sign in stub in xml format' do - get new_user_session_path(:format => 'xml') + get new_user_session_path(format: 'xml') assert_match '', response.body assert_match /.*<\/user>/m, response.body assert_match '', response.body @@ -486,15 +486,15 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest end test 'sign in stub in json format' do - get new_user_session_path(:format => 'json') + get new_user_session_path(format: 'json') assert_match '{"user":{', response.body assert_match '"email":""', response.body assert_match '"password":null', response.body end test 'sign in stub in json with non attribute key' do - swap Devise, :authentication_keys => [:other_key] do - get new_user_session_path(:format => 'json') + swap Devise, authentication_keys: [:other_key] do + get new_user_session_path(format: 'json') assert_match '{"user":{', response.body assert_match '"other_key":null', response.body assert_match '"password":null', response.body @@ -502,30 +502,30 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest end test 'uses the mapping from router' do - sign_in_as_user :visit => "/as/sign_in" + sign_in_as_user visit: "/as/sign_in" assert warden.authenticated?(:user) assert_not warden.authenticated?(:admin) end test 'sign in with xml format returns xml response' do create_user - post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'} + post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'} assert_response :success assert response.body.include? %(\n) end test 'sign in with xml format is idempotent' do - get new_user_session_path(:format => 'xml') + get new_user_session_path(format: 'xml') assert_response :success create_user - post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'} + post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'} assert_response :success - get new_user_session_path(:format => 'xml') + get new_user_session_path(format: 'xml') assert_response :success - post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'} + post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'} assert_response :success assert response.body.include? %(\n) end @@ -537,27 +537,27 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest assert_current_url '/' sign_in_as_user - get destroy_user_session_path(:format => 'html') + get destroy_user_session_path(format: 'html') assert_response :redirect assert_current_url '/' end test 'sign out with xml format returns no content' do sign_in_as_user - get destroy_user_session_path(:format => 'xml') + get destroy_user_session_path(format: 'xml') assert_response :no_content assert_not warden.authenticated?(:user) end test 'sign out with json format returns no content' do sign_in_as_user - get destroy_user_session_path(:format => 'json') + get destroy_user_session_path(format: 'json') assert_response :no_content assert_not warden.authenticated?(:user) end test 'sign out with non-navigational format via XHR does not redirect' do - swap Devise, :navigational_formats => ['*/*', :html] do + swap Devise, navigational_formats: ['*/*', :html] do sign_in_as_user xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. assert_response :no_content @@ -567,7 +567,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest # Belt and braces ... Perhaps this test is not necessary? test 'sign out with navigational format via XHR does redirect' do - swap Devise, :navigational_formats => ['*/*', :html] do + swap Devise, navigational_formats: ['*/*', :html] do sign_in_as_user xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" } assert_response :redirect @@ -578,7 +578,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest class AuthenticationKeysTest < ActionDispatch::IntegrationTest test 'missing authentication keys cause authentication to abort' do - swap Devise, :authentication_keys => [:subdomain] do + swap Devise, authentication_keys: [:subdomain] do sign_in_as_user assert_contain "Invalid email or password." assert_not warden.authenticated?(:user) @@ -586,7 +586,7 @@ class AuthenticationKeysTest < ActionDispatch::IntegrationTest end test 'missing authentication keys cause authentication to abort unless marked as not required' do - swap Devise, :authentication_keys => { :email => true, :subdomain => false } do + swap Devise, authentication_keys: { email: true, subdomain: false } do sign_in_as_user assert warden.authenticated?(:user) end @@ -597,15 +597,15 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest test 'request keys are used on authentication' do host! 'foo.bar.baz' - swap Devise, :request_keys => [:subdomain] do - User.expects(:find_for_authentication).with(:subdomain => 'foo', :email => 'user@test.com').returns(create_user) + swap Devise, request_keys: [:subdomain] do + User.expects(:find_for_authentication).with(subdomain: 'foo', email: 'user@test.com').returns(create_user) sign_in_as_user assert warden.authenticated?(:user) end end test 'invalid request keys raises NoMethodError' do - swap Devise, :request_keys => [:unknown_method] do + swap Devise, request_keys: [:unknown_method] do assert_raise NoMethodError do sign_in_as_user end @@ -617,7 +617,7 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest test 'blank request keys cause authentication to abort' do host! 'test.com' - swap Devise, :request_keys => [:subdomain] do + swap Devise, request_keys: [:subdomain] do sign_in_as_user assert_contain "Invalid email or password." assert_not warden.authenticated?(:user) @@ -627,7 +627,7 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest test 'blank request keys cause authentication to abort unless if marked as not required' do host! 'test.com' - swap Devise, :request_keys => { :subdomain => false } do + swap Devise, request_keys: { subdomain: false } do sign_in_as_user assert warden.authenticated?(:user) end @@ -636,7 +636,7 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest def sign_in!(scope) - sign_in_as_admin(:visit => send("new_#{scope}_session_path")) + sign_in_as_admin(visit: send("new_#{scope}_session_path")) assert warden.authenticated?(scope) end @@ -692,22 +692,22 @@ def sign_in!(scope) class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest test 'signed in as user redirects when visiting user sign in page' do sign_in_as_user - get new_user_session_path(:format => :html) + get new_user_session_path(format: :html) assert_redirected_to '/' end test 'signed in as admin redirects when visiting admin sign in page' do sign_in_as_admin - get new_admin_session_path(:format => :html) + get new_admin_session_path(format: :html) assert_redirected_to '/admin_area/home' end test 'signed in as both user and admin redirects when visiting admin sign in page' do sign_in_as_user sign_in_as_admin - get new_user_session_path(:format => :html) + get new_user_session_path(format: :html) assert_redirected_to '/' - get new_admin_session_path(:format => :html) + get new_admin_session_path(format: :html) assert_redirected_to '/admin_area/home' end end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 3bb555d974..510bf12b86 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -3,17 +3,17 @@ class ConfirmationTest < ActionDispatch::IntegrationTest def visit_user_confirmation_with_token(confirmation_token) - visit user_confirmation_path(:confirmation_token => confirmation_token) + visit user_confirmation_path(confirmation_token: confirmation_token) end def resend_confirmation - user = create_user(:confirm => false) + user = create_user(confirm: false) ActionMailer::Base.deliveries.clear visit new_user_session_path click_link "Didn't receive confirmation instructions?" - fill_in 'email', :with => user.email + fill_in 'email', with: user.email click_button 'Resend confirmation instructions' end @@ -39,8 +39,8 @@ def resend_confirmation end test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do - swap Devise, :confirm_within => 3.days do - user = create_user(:confirm => false, :confirmation_sent_at => 4.days.ago) + swap Devise, confirm_within: 3.days do + user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) @@ -51,8 +51,8 @@ def resend_confirmation end test 'user with valid confirmation token should be able to confirm an account before the token has expired' do - swap Devise, :confirm_within => 3.days do - user = create_user(:confirm => false, :confirmation_sent_at => 2.days.ago) + swap Devise, confirm_within: 3.days do + user = create_user(confirm: false, confirmation_sent_at: 2.days.ago) assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) @@ -65,14 +65,14 @@ def resend_confirmation test 'user should be redirected to a custom path after confirmation' do Devise::ConfirmationsController.any_instance.stubs(:after_confirmation_path_for).returns("/?custom=1") - user = create_user(:confirm => false) + user = create_user(confirm: false) visit_user_confirmation_with_token(user.raw_confirmation_token) assert_current_url "/?custom=1" end test 'already confirmed user should not be able to confirm the account again' do - user = create_user(:confirm => false) + user = create_user(confirm: false) user.confirmed_at = Time.now user.save visit_user_confirmation_with_token(user.raw_confirmation_token) @@ -82,21 +82,21 @@ def resend_confirmation end test 'already confirmed user should not be able to confirm the account again neither request confirmation' do - user = create_user(:confirm => false) + user = create_user(confirm: false) user.confirmed_at = Time.now user.save visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'already confirmed' - fill_in 'email', :with => user.email + fill_in 'email', with: user.email click_button 'Resend confirmation instructions' assert_contain 'already confirmed' end test 'not confirmed user with setup to block without confirmation should not be able to sign in' do - swap Devise, :allow_unconfirmed_access_for => 0.days do - sign_in_as_user(:confirm => false) + swap Devise, allow_unconfirmed_access_for: 0.days do + sign_in_as_user(confirm: false) assert_contain 'You have to confirm your account before continuing' assert_not warden.authenticated?(:user) @@ -104,9 +104,9 @@ def resend_confirmation end test 'not confirmed user should not see confirmation message if invalid credentials are given' do - swap Devise, :allow_unconfirmed_access_for => 0.days do - sign_in_as_user(:confirm => false) do - fill_in 'password', :with => 'invalid' + swap Devise, allow_unconfirmed_access_for: 0.days do + sign_in_as_user(confirm: false) do + fill_in 'password', with: 'invalid' end assert_contain 'Invalid email or password' @@ -115,8 +115,8 @@ def resend_confirmation end test 'not confirmed user but configured with some days to confirm should be able to sign in' do - swap Devise, :allow_unconfirmed_access_for => 1.day do - sign_in_as_user(:confirm => false) + swap Devise, allow_unconfirmed_access_for: 1.day do + sign_in_as_user(confirm: false) assert_response :success assert warden.authenticated?(:user) @@ -124,8 +124,8 @@ def resend_confirmation end test 'unconfirmed but signed in user should be redirected to their root path' do - swap Devise, :allow_unconfirmed_access_for => 1.day do - user = sign_in_as_user(:confirm => false) + swap Devise, allow_unconfirmed_access_for: 1.day do + user = sign_in_as_user(confirm: false) visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your account was successfully confirmed.' @@ -134,57 +134,57 @@ def resend_confirmation end test 'error message is configurable by resource name' do - store_translations :en, :devise => { - :failure => { :user => { :unconfirmed => "Not confirmed user" } } + store_translations :en, devise: { + failure: { user: { unconfirmed: "Not confirmed user" } } } do - sign_in_as_user(:confirm => false) + sign_in_as_user(confirm: false) assert_contain 'Not confirmed user' end end test 'resent confirmation token with valid E-Mail in XML format should return valid response' do - user = create_user(:confirm => false) - post user_confirmation_path(:format => 'xml'), :user => { :email => user.email } + user = create_user(confirm: false) + post user_confirmation_path(format: 'xml'), user: { email: user.email } assert_response :success assert_equal response.body, {}.to_xml end test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do - create_user(:confirm => false) - post user_confirmation_path(:format => 'xml'), :user => { :email => 'invalid.test@test.com' } + create_user(confirm: false) + post user_confirmation_path(format: 'xml'), user: { email: 'invalid.test@test.com' } assert_response :unprocessable_entity assert response.body.include? %(\n) end test 'confirm account with valid confirmation token in XML format should return valid response' do - user = create_user(:confirm => false) - get user_confirmation_path(:confirmation_token => user.raw_confirmation_token, :format => 'xml') + user = create_user(confirm: false) + get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml') assert_response :success assert response.body.include? %(\n) end test 'confirm account with invalid confirmation token in XML format should return invalid response' do - create_user(:confirm => false) - get user_confirmation_path(:confirmation_token => 'invalid_confirmation', :format => 'xml') + create_user(confirm: false) + get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml') assert_response :unprocessable_entity assert response.body.include? %(\n) end test 'request an account confirmation account with JSON, should return an empty JSON' do - user = create_user(:confirm => false) + user = create_user(confirm: false) - post user_confirmation_path, :user => { :email => user.email }, :format => :json + post user_confirmation_path, user: { email: user.email }, format: :json assert_response :success assert_equal response.body, {}.to_json end test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do - swap Devise, :paranoid => true do - user = create_user(:confirm => false) + swap Devise, paranoid: true do + user = create_user(confirm: false) visit new_user_session_path click_link "Didn't receive confirmation instructions?" - fill_in 'email', :with => user.email + fill_in 'email', with: user.email click_button 'Resend confirmation instructions' assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." @@ -193,11 +193,11 @@ def resend_confirmation end test "when in paranoid mode and with a invalid e-mail, should not say that the e-mail is invalid" do - swap Devise, :paranoid => true do + swap Devise, paranoid: true do visit new_user_session_path click_link "Didn't receive confirmation instructions?" - fill_in 'email', :with => "idonthavethisemail@gmail.com" + fill_in 'email', with: "idonthavethisemail@gmail.com" click_button 'Resend confirmation instructions' assert_not_contain "1 error prohibited this user from being saved:" @@ -216,17 +216,17 @@ def create_second_admin(options={}) end def visit_admin_confirmation_with_token(confirmation_token) - visit admin_confirmation_path(:confirmation_token => confirmation_token) + visit admin_confirmation_path(confirmation_token: confirmation_token) end test 'admin should be able to request a new confirmation after email changed' do admin = create_admin - admin.update_attributes(:email => 'new_test@example.com') + admin.update_attributes(email: 'new_test@example.com') visit new_admin_session_path click_link "Didn't receive confirmation instructions?" - fill_in 'email', :with => admin.unconfirmed_email + fill_in 'email', with: admin.unconfirmed_email assert_difference "ActionMailer::Base.deliveries.size" do click_button 'Resend confirmation instructions' end @@ -237,7 +237,7 @@ def visit_admin_confirmation_with_token(confirmation_token) test 'admin with valid confirmation token should be able to confirm email after email changed' do admin = create_admin - admin.update_attributes(:email => 'new_test@example.com') + admin.update_attributes(email: 'new_test@example.com') assert_equal 'new_test@example.com', admin.unconfirmed_email visit_admin_confirmation_with_token(admin.raw_confirmation_token) @@ -249,13 +249,13 @@ def visit_admin_confirmation_with_token(confirmation_token) test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do admin = create_admin - admin.update_attributes(:email => 'first_test@example.com') + admin.update_attributes(email: 'first_test@example.com') assert_equal 'first_test@example.com', admin.unconfirmed_email raw_confirmation_token = admin.raw_confirmation_token admin = Admin.find(admin.id) - admin.update_attributes(:email => 'second_test@example.com') + admin.update_attributes(email: 'second_test@example.com') assert_equal 'second_test@example.com', admin.unconfirmed_email visit_admin_confirmation_with_token(raw_confirmation_token) @@ -271,10 +271,10 @@ def visit_admin_confirmation_with_token(confirmation_token) test 'admin email should be unique also within unconfirmed_email' do admin = create_admin - admin.update_attributes(:email => 'new_admin_test@example.com') + admin.update_attributes(email: 'new_admin_test@example.com') assert_equal 'new_admin_test@example.com', admin.unconfirmed_email - create_second_admin(:email => "new_admin_test@example.com") + create_second_admin(email: "new_admin_test@example.com") visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_have_selector '#error_explanation' diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 65b7c805ff..48aed2b8e8 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -2,21 +2,21 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do - create_user(:email => 'Foo@Bar.com') + create_user(email: 'Foo@Bar.com') sign_in_as_user do - fill_in 'email', :with => 'foo@bar.com' + fill_in 'email', with: 'foo@bar.com' end assert warden.authenticated?(:user) end test 'sign in with email of different case should fail when email is NOT the list of case insensitive keys' do - swap Devise, :case_insensitive_keys => [] do - create_user(:email => 'Foo@Bar.com') + swap Devise, case_insensitive_keys: [] do + create_user(email: 'Foo@Bar.com') sign_in_as_user do - fill_in 'email', :with => 'foo@bar.com' + fill_in 'email', with: 'foo@bar.com' end assert_not warden.authenticated?(:user) @@ -24,21 +24,21 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest end test 'sign in with email including extra spaces should succeed when email is in the list of strip whitespace keys' do - create_user(:email => ' foo@bar.com ') + create_user(email: ' foo@bar.com ') sign_in_as_user do - fill_in 'email', :with => 'foo@bar.com' + fill_in 'email', with: 'foo@bar.com' end assert warden.authenticated?(:user) end test 'sign in with email including extra spaces should fail when email is NOT the list of strip whitespace keys' do - swap Devise, :strip_whitespace_keys => [] do - create_user(:email => 'foo@bar.com') + swap Devise, strip_whitespace_keys: [] do + create_user(email: 'foo@bar.com') sign_in_as_user do - fill_in 'email', :with => ' foo@bar.com ' + fill_in 'email', with: ' foo@bar.com ' end assert_not warden.authenticated?(:user) @@ -46,16 +46,16 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest end test 'sign in should not authenticate if not using proper authentication keys' do - swap Devise, :authentication_keys => [:username] do + swap Devise, authentication_keys: [:username] do sign_in_as_user assert_not warden.authenticated?(:user) end end test 'sign in with invalid email should return to sign in form with error message' do - store_translations :en, :devise => { :failure => { :admin => { :not_found_in_database => 'Invalid email address' } } } do + store_translations :en, devise: { failure: { admin: { not_found_in_database: 'Invalid email address' } } } do sign_in_as_admin do - fill_in 'email', :with => 'wrongemail@test.com' + fill_in 'email', with: 'wrongemail@test.com' end assert_contain 'Invalid email address' @@ -65,7 +65,7 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest test 'sign in with invalid pasword should return to sign in form with error message' do sign_in_as_admin do - fill_in 'password', :with => 'abcdef' + fill_in 'password', with: 'abcdef' end assert_contain 'Invalid email or password' @@ -73,9 +73,9 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest end test 'error message is configurable by resource name' do - store_translations :en, :devise => { :failure => { :admin => { :invalid => "Invalid credentials" } } } do + store_translations :en, devise: { failure: { admin: { invalid: "Invalid credentials" } } } do sign_in_as_admin do - fill_in 'password', :with => 'abcdef' + fill_in 'password', with: 'abcdef' end assert_contain 'Invalid credentials' diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 1934f31128..aad51f62c7 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -2,7 +2,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest test 'handles unverified requests gets rid of caches but continues signed in' do - swap ApplicationController, :allow_forgery_protection => true do + swap ApplicationController, allow_forgery_protection: true do create_user post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" assert warden.authenticated?(:user) @@ -16,18 +16,18 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest assert_match 'user@test.com', response.body assert warden.authenticated?(:user) - get users_path(:format => :xml) + get users_path(format: :xml) assert_response 200 end test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do - swap Devise, :skip_session_storage => [:http_auth] do + swap Devise, skip_session_storage: [:http_auth] do sign_in_as_new_user_with_http assert_response 200 assert_match 'user@test.com', response.body assert warden.authenticated?(:user) - get users_path(:format => :xml) + get users_path(format: :xml) assert_response 401 end end @@ -46,7 +46,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'returns a custom response with www-authenticate and chosen realm' do - swap Devise, :http_authentication_realm => "MyApp" do + swap Devise, http_authentication_realm: "MyApp" do sign_in_as_new_user_with_http("unknown") assert_equal 401, status assert_equal 'Basic realm="MyApp"', headers["WWW-Authenticate"] @@ -54,7 +54,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'sign in should authenticate with http even with specific authentication keys' do - swap Devise, :authentication_keys => [:username] do + swap Devise, authentication_keys: [:username] do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body @@ -63,7 +63,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses appropriate authentication_keys when configured with hash' do - swap Devise, :authentication_keys => ActiveSupport::OrderedHash[:username, false, :email, false] do + swap Devise, authentication_keys: ActiveSupport::OrderedHash[:username, false, :email, false] do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body @@ -72,7 +72,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'it uses the appropriate key when configured explicitly' do - swap Devise, :authentication_keys => ActiveSupport::OrderedHash[:email, false, :username, false], :http_authentication_key => :username do + swap Devise, authentication_keys: ActiveSupport::OrderedHash[:email, false, :username, false], http_authentication_key: :username do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body @@ -81,7 +81,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end test 'test request with oauth2 header doesnt get mistaken for basic authentication' do - swap Devise, :http_authenticatable => true do + swap Devise, http_authenticatable: true do add_oauth2_header assert_equal 401, status assert_equal 'Basic realm="Application"', headers["WWW-Authenticate"] @@ -92,14 +92,14 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest def sign_in_as_new_user_with_http(username="user@test.com", password="12345678") user = create_user - get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" + get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" user end # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication def add_oauth2_header user = create_user - get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" + get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" end end diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 3ab7fd602c..5fad5d3d34 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -3,18 +3,18 @@ class LockTest < ActionDispatch::IntegrationTest def visit_user_unlock_with_token(unlock_token) - visit user_unlock_path(:unlock_token => unlock_token) + visit user_unlock_path(unlock_token: unlock_token) end def send_unlock_request - user = create_user(:locked => true) + user = create_user(locked: true) ActionMailer::Base.deliveries.clear visit new_user_session_path click_link "Didn't receive unlock instructions?" Devise.stubs(:friendly_token).returns("abcdef") - fill_in 'email', :with => user.email + fill_in 'email', with: user.email click_button 'Resend unlock instructions' end @@ -39,13 +39,13 @@ def send_unlock_request end test 'unlocked user should not be able to request a unlock token' do - user = create_user(:locked => false) + user = create_user(locked: false) ActionMailer::Base.deliveries.clear visit new_user_session_path click_link "Didn't receive unlock instructions?" - fill_in 'email', :with => user.email + fill_in 'email', with: user.email click_button 'Resend unlock instructions' assert_template 'unlocks/new' @@ -89,60 +89,60 @@ def send_unlock_request end test "user should not send a new e-mail if already locked" do - user = create_user(:locked => true) + user = create_user(locked: true) user.failed_attempts = User.maximum_attempts + 1 user.save! ActionMailer::Base.deliveries.clear - sign_in_as_user(:password => "invalid") + sign_in_as_user(password: "invalid") assert_contain 'Your account is locked.' assert ActionMailer::Base.deliveries.empty? end test 'error message is configurable by resource name' do - store_translations :en, :devise => { - :failure => {:user => {:locked => "You are locked!"}} + store_translations :en, devise: { + failure: {user: {locked: "You are locked!"}} } do - user = create_user(:locked => true) + user = create_user(locked: true) user.failed_attempts = User.maximum_attempts + 1 user.save! - sign_in_as_user(:password => "invalid") + sign_in_as_user(password: "invalid") assert_contain "You are locked!" end end test "user should not be able to sign in when locked" do - store_translations :en, :devise => { - :failure => {:user => {:locked => "You are locked!"}} + store_translations :en, devise: { + failure: {user: {locked: "You are locked!"}} } do - user = create_user(:locked => true) + user = create_user(locked: true) user.failed_attempts = User.maximum_attempts + 1 user.save! - sign_in_as_user(:password => "123456") + sign_in_as_user(password: "123456") assert_contain "You are locked!" end end test 'user should be able to request a new unlock token via XML request' do - user = create_user(:locked => true) + user = create_user(locked: true) ActionMailer::Base.deliveries.clear - post user_unlock_path(:format => 'xml'), :user => {:email => user.email} + post user_unlock_path(format: 'xml'), user: {email: user.email} assert_response :success assert_equal response.body, {}.to_xml assert_equal 1, ActionMailer::Base.deliveries.size end test 'unlocked user should not be able to request a unlock token via XML request' do - user = create_user(:locked => false) + user = create_user(locked: false) ActionMailer::Base.deliveries.clear - post user_unlock_path(:format => 'xml'), :user => {:email => user.email} + post user_unlock_path(format: 'xml'), user: {email: user.email} assert_response :unprocessable_entity assert response.body.include? %(\n) assert_equal 0, ActionMailer::Base.deliveries.size @@ -152,33 +152,33 @@ def send_unlock_request user = create_user() raw = user.lock_access! assert user.access_locked? - get user_unlock_path(:format => 'xml', :unlock_token => raw) + get user_unlock_path(format: 'xml', unlock_token: raw) assert_response :success assert response.body.include? %(\n) end test 'user with invalid unlock token should not be able to unlock the account via XML request' do - get user_unlock_path(:format => 'xml', :unlock_token => 'invalid_token') + get user_unlock_path(format: 'xml', unlock_token: 'invalid_token') assert_response :unprocessable_entity assert response.body.include? %(\n) end test "when using json to ask a unlock request, should not return the user" do - user = create_user(:locked => true) - post user_unlock_path(:format => "json", :user => {:email => user.email}) + user = create_user(locked: true) + post user_unlock_path(format: "json", user: {email: user.email}) assert_response :success assert_equal response.body, {}.to_json end test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do - swap Devise, :paranoid => true do - user = create_user(:locked => true) + swap Devise, paranoid: true do + user = create_user(locked: true) visit new_user_session_path click_link "Didn't receive unlock instructions?" - fill_in 'email', :with => user.email + fill_in 'email', with: user.email click_button 'Resend unlock instructions' assert_current_url "/users/sign_in" @@ -187,13 +187,13 @@ def send_unlock_request end test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do - swap Devise, :paranoid => true do - user = create_user(:locked => false) + swap Devise, paranoid: true do + user = create_user(locked: false) visit new_user_session_path click_link "Didn't receive unlock instructions?" - fill_in 'email', :with => user.email + fill_in 'email', with: user.email click_button 'Resend unlock instructions' assert_current_url "/users/sign_in" @@ -202,11 +202,11 @@ def send_unlock_request end test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do - swap Devise, :paranoid => true do + swap Devise, paranoid: true do visit new_user_session_path click_link "Didn't receive unlock instructions?" - fill_in 'email', :with => "arandomemail@hotmail.com" + fill_in 'email', with: "arandomemail@hotmail.com" click_button 'Resend unlock instructions' assert_not_contain "1 error prohibited this user from being saved:" @@ -219,16 +219,16 @@ def send_unlock_request end test "in paranoid mode, when locking a user that exists it should not say that the user was locked" do - swap Devise, :paranoid => true, :maximum_attempts => 1 do - user = create_user(:locked => false) + swap Devise, paranoid: true, maximum_attempts: 1 do + user = create_user(locked: false) visit new_user_session_path - fill_in 'email', :with => user.email - fill_in 'password', :with => "abadpassword" + fill_in 'email', with: user.email + fill_in 'password', with: "abadpassword" click_button 'Sign in' - fill_in 'email', :with => user.email - fill_in 'password', :with => "abadpassword" + fill_in 'email', with: user.email + fill_in 'password', with: "abadpassword" click_button 'Sign in' assert_current_url "/users/sign_in" diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index f73324c2c1..f131d15572 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -61,8 +61,8 @@ def stub_action!(name) assert_difference "User.count" do visit "/users/sign_up" - fill_in "Password", :with => "12345678" - fill_in "Password confirmation", :with => "12345678" + fill_in "Password", with: "12345678" + fill_in "Password confirmation", with: "12345678" click_button "Sign up" end @@ -111,7 +111,7 @@ def stub_action!(name) test "generates a proper link when SCRIPT_NAME is set" do header 'SCRIPT_NAME', '/q' visit "/users/sign_in" - assert_select "a", :href => "/q/users/auth/facebook" + assert_select "a", href: "/q/users/auth/facebook" end test "handles callback error parameter according to the specification" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 92957da43b..0bd5019c1e 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -12,7 +12,7 @@ def request_forgot_password(&block) assert_response :success assert_not warden.authenticated?(:user) - fill_in 'email', :with => 'user@test.com' + fill_in 'email', with: 'user@test.com' yield if block_given? Devise.stubs(:friendly_token).returns("abcdef") @@ -21,21 +21,21 @@ def request_forgot_password(&block) def reset_password(options={}, &block) unless options[:visit] == false - visit edit_user_password_path(:reset_password_token => options[:reset_password_token] || "abcdef") + visit edit_user_password_path(reset_password_token: options[:reset_password_token] || "abcdef") assert_response :success end - fill_in 'New password', :with => '987654321' - fill_in 'Confirm new password', :with => '987654321' + fill_in 'New password', with: '987654321' + fill_in 'Confirm new password', with: '987654321' yield if block_given? click_button 'Change my password' end test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do - create_user(:email => 'Foo@Bar.com') + create_user(email: 'Foo@Bar.com') request_forgot_password do - fill_in 'email', :with => 'foo@bar.com' + fill_in 'email', with: 'foo@bar.com' end assert_current_url '/users/sign_in' @@ -43,11 +43,11 @@ def reset_password(options={}, &block) end test 'reset password with email should send an email from a custom mailer' do - create_user(:email => 'Foo@Bar.com') + create_user(email: 'Foo@Bar.com') User.any_instance.stubs(:devise_mailer).returns(Users::Mailer) request_forgot_password do - fill_in 'email', :with => 'foo@bar.com' + fill_in 'email', with: 'foo@bar.com' end mail = ActionMailer::Base.deliveries.last @@ -56,11 +56,11 @@ def reset_password(options={}, &block) end test 'reset password with email of different case should fail when email is NOT the list of case insensitive keys' do - swap Devise, :case_insensitive_keys => [] do - create_user(:email => 'Foo@Bar.com') + swap Devise, case_insensitive_keys: [] do + create_user(email: 'Foo@Bar.com') request_forgot_password do - fill_in 'email', :with => 'foo@bar.com' + fill_in 'email', with: 'foo@bar.com' end assert_response :success @@ -71,10 +71,10 @@ def reset_password(options={}, &block) end test 'reset password with email with extra whitespace should succeed when email is in the list of strip whitespace keys' do - create_user(:email => 'foo@bar.com') + create_user(email: 'foo@bar.com') request_forgot_password do - fill_in 'email', :with => ' foo@bar.com ' + fill_in 'email', with: ' foo@bar.com ' end assert_current_url '/users/sign_in' @@ -82,11 +82,11 @@ def reset_password(options={}, &block) end test 'reset password with email with extra whitespace should fail when email is NOT the list of strip whitespace keys' do - swap Devise, :strip_whitespace_keys => [] do - create_user(:email => 'foo@bar.com') + swap Devise, strip_whitespace_keys: [] do + create_user(email: 'foo@bar.com') request_forgot_password do - fill_in 'email', :with => ' foo@bar.com ' + fill_in 'email', with: ' foo@bar.com ' end assert_response :success @@ -116,7 +116,7 @@ def reset_password(options={}, &block) test 'not authenticated user with invalid email should receive an error message' do request_forgot_password do - fill_in 'email', :with => 'invalid.test@test.com' + fill_in 'email', with: 'invalid.test@test.com' end assert_response :success @@ -141,7 +141,7 @@ def reset_password(options={}, &block) test 'not authenticated user with invalid reset password token should not be able to change their password' do user = create_user - reset_password :reset_password_token => 'invalid_reset_password' + reset_password reset_password_token: 'invalid_reset_password' assert_response :success assert_current_url '/users/password' @@ -154,7 +154,7 @@ def reset_password(options={}, &block) user = create_user request_forgot_password reset_password do - fill_in 'Confirm new password', :with => 'other_password' + fill_in 'Confirm new password', with: 'other_password' end assert_response :success @@ -179,12 +179,12 @@ def reset_password(options={}, &block) user = create_user request_forgot_password - reset_password { fill_in 'Confirm new password', :with => 'other_password' } + reset_password { fill_in 'Confirm new password', with: 'other_password' } assert_response :success assert_have_selector '#error_explanation' assert_not user.reload.valid_password?('987654321') - reset_password :visit => false + reset_password visit: false assert_contain 'Your password was changed successfully.' assert user.reload.valid_password?('987654321') end @@ -199,8 +199,8 @@ def reset_password(options={}, &block) test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do [:none, :time].each do |strategy| - swap Devise, :unlock_strategy => strategy do - user = create_user(:locked => true) + swap Devise, unlock_strategy: strategy do + user = create_user(locked: true) request_forgot_password reset_password @@ -213,8 +213,8 @@ def reset_password(options={}, &block) end test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :email' do - swap Devise, :unlock_strategy => :email do - user = create_user(:locked => true) + swap Devise, unlock_strategy: :email do + user = create_user(locked: true) request_forgot_password reset_password @@ -225,8 +225,8 @@ def reset_password(options={}, &block) end test 'unlocks and signs in locked user automatically after changing it\'s password if unlock strategy is :both' do - swap Devise, :unlock_strategy => :both do - user = create_user(:locked => true) + swap Devise, unlock_strategy: :both do + user = create_user(locked: true) request_forgot_password reset_password @@ -238,22 +238,22 @@ def reset_password(options={}, &block) test 'reset password request with valid E-Mail in XML format should return valid response' do create_user - post user_password_path(:format => 'xml'), :user => {:email => "user@test.com"} + post user_password_path(format: 'xml'), user: {email: "user@test.com"} assert_response :success assert_equal response.body, { }.to_xml end test 'reset password request with invalid E-Mail in XML format should return valid response' do create_user - post user_password_path(:format => 'xml'), :user => {:email => "invalid.test@test.com"} + post user_password_path(format: 'xml'), user: {email: "invalid.test@test.com"} assert_response :unprocessable_entity assert response.body.include? %(\n) end test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do - swap Devise, :paranoid => true do + swap Devise, paranoid: true do create_user - post user_password_path(:format => 'xml'), :user => {:email => "invalid@test.com"} + post user_password_path(format: 'xml'), user: {email: "invalid@test.com"} assert_response :success assert_equal response.body, { }.to_xml end @@ -262,8 +262,8 @@ def reset_password(options={}, &block) test 'change password with valid parameters in XML format should return valid response' do create_user request_forgot_password - put user_password_path(:format => 'xml'), :user => { - :reset_password_token => 'abcdef', :password => '987654321', :password_confirmation => '987654321' + put user_password_path(format: 'xml'), user: { + reset_password_token: 'abcdef', password: '987654321', password_confirmation: '987654321' } assert_response :success assert warden.authenticated?(:user) @@ -272,7 +272,7 @@ def reset_password(options={}, &block) test 'change password with invalid token in XML format should return invalid response' do create_user request_forgot_password - put user_password_path(:format => 'xml'), :user => {:reset_password_token => 'invalid.token', :password => '987654321', :password_confirmation => '987654321'} + put user_password_path(format: 'xml'), user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} assert_response :unprocessable_entity assert response.body.include? %(\n) end @@ -280,24 +280,24 @@ def reset_password(options={}, &block) test 'change password with invalid new password in XML format should return invalid response' do user = create_user request_forgot_password - put user_password_path(:format => 'xml'), :user => {:reset_password_token => user.reload.reset_password_token, :password => '', :password_confirmation => '987654321'} + put user_password_path(format: 'xml'), user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} assert_response :unprocessable_entity assert response.body.include? %(\n) end test "when using json requests to ask a confirmable request, should not return the object" do - user = create_user(:confirm => false) + user = create_user(confirm: false) - post user_password_path(:format => :json), :user => { :email => user.email } + post user_password_path(format: :json), user: { email: user.email } assert_response :success assert_equal response.body, "{}" end test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do - swap Devise, :paranoid => true do + swap Devise, paranoid: true do visit_new_password_path - fill_in "email", :with => "arandomemail@test.com" + fill_in "email", with: "arandomemail@test.com" click_button 'Send me reset password instructions' assert_not_contain "1 error prohibited this user from being saved:" @@ -308,10 +308,10 @@ def reset_password(options={}, &block) end test "when in paranoid mode and with a valid e-mail, asking to reset password should display a message that does not indicates that the email exists in the database and redirect to the failure route" do - swap Devise, :paranoid => true do + swap Devise, paranoid: true do user = create_user visit_new_password_path - fill_in 'email', :with => user.email + fill_in 'email', with: user.email click_button 'Send me reset password instructions' assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index e5e15c3e8d..ff3a1728f9 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -8,9 +8,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_template 'registrations/new' - fill_in 'email', :with => 'new_user@test.com' - fill_in 'password', :with => 'new_user123' - fill_in 'password confirmation', :with => 'new_user123' + fill_in 'email', with: 'new_user@test.com' + fill_in 'password', with: 'new_user123' + fill_in 'password confirmation', with: 'new_user123' click_button 'Sign up' assert_contain 'You have signed up successfully' @@ -26,9 +26,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest get new_admin_session_path click_link 'Sign up' - fill_in 'email', :with => 'new_user@test.com' - fill_in 'password', :with => 'new_user123' - fill_in 'password confirmation', :with => 'new_user123' + fill_in 'email', with: 'new_user@test.com' + fill_in 'password', with: 'new_user123' + fill_in 'password confirmation', with: 'new_user123' click_button 'Sign up' assert_contain 'Welcome! You have signed up successfully.' @@ -41,9 +41,9 @@ def user_sign_up get new_user_registration_path - fill_in 'email', :with => 'new_user@test.com' - fill_in 'password', :with => 'new_user123' - fill_in 'password confirmation', :with => 'new_user123' + fill_in 'email', with: 'new_user@test.com' + fill_in 'password', with: 'new_user123' + fill_in 'password confirmation', with: 'new_user123' click_button 'Sign up' end @@ -76,9 +76,9 @@ def user_sign_up Devise::RegistrationsController.any_instance.stubs(:after_inactive_sign_up_path_for).returns("/?custom=1") get new_user_registration_path - fill_in 'email', :with => 'new_user@test.com' - fill_in 'password', :with => 'new_user123' - fill_in 'password confirmation', :with => 'new_user123' + fill_in 'email', with: 'new_user@test.com' + fill_in 'password', with: 'new_user123' + fill_in 'password confirmation', with: 'new_user123' click_button 'Sign up' assert_current_url "/?custom=1" @@ -92,9 +92,9 @@ def user_sign_up get new_user_registration_path - fill_in 'email', :with => 'invalid_email' - fill_in 'password', :with => 'new_user123' - fill_in 'password confirmation', :with => 'new_user321' + fill_in 'email', with: 'invalid_email' + fill_in 'password', with: 'new_user123' + fill_in 'password confirmation', with: 'new_user321' click_button 'Sign up' assert_template 'registrations/new' @@ -116,9 +116,9 @@ def user_sign_up create_user get new_user_registration_path - fill_in 'email', :with => 'user@test.com' - fill_in 'password', :with => '123456' - fill_in 'password confirmation', :with => '123456' + fill_in 'email', with: 'user@test.com' + fill_in 'password', with: '123456' + fill_in 'password confirmation', with: '123456' click_button 'Sign up' assert_current_url '/users' @@ -144,8 +144,8 @@ def user_sign_up sign_in_as_user get edit_user_registration_path - fill_in 'email', :with => 'user.new@example.com' - fill_in 'current password', :with => '12345678' + fill_in 'email', with: 'user.new@example.com' + fill_in 'current password', with: '12345678' click_button 'Update' assert_current_url '/' @@ -158,9 +158,9 @@ def user_sign_up sign_in_as_user get edit_user_registration_path - fill_in 'password', :with => '1234567890' - fill_in 'password confirmation', :with => '1234567890' - fill_in 'current password', :with => '12345678' + fill_in 'password', with: '1234567890' + fill_in 'password confirmation', with: '1234567890' + fill_in 'current password', with: '12345678' click_button 'Update' assert_contain 'You updated your account successfully.' @@ -172,8 +172,8 @@ def user_sign_up sign_in_as_user get edit_user_registration_path - fill_in 'email', :with => 'user.new@example.com' - fill_in 'current password', :with => 'invalid' + fill_in 'email', with: 'user.new@example.com' + fill_in 'current password', with: 'invalid' click_button 'Update' assert_template 'registrations/edit' @@ -187,9 +187,9 @@ def user_sign_up sign_in_as_user get edit_user_registration_path - fill_in 'password', :with => 'pass1234' - fill_in 'password confirmation', :with => 'pass1234' - fill_in 'current password', :with => '12345678' + fill_in 'password', with: 'pass1234' + fill_in 'password confirmation', with: 'pass1234' + fill_in 'current password', with: '12345678' click_button 'Update' assert_current_url '/' @@ -202,9 +202,9 @@ def user_sign_up sign_in_as_user get edit_user_registration_path - fill_in 'password', :with => 'pas123' - fill_in 'password confirmation', :with => '' - fill_in 'current password', :with => '12345678' + fill_in 'password', with: 'pas123' + fill_in 'password confirmation', with: '' + fill_in 'current password', with: '12345678' click_button 'Update' assert_contain Devise.rails4? ? @@ -235,21 +235,21 @@ def user_sign_up end test 'a user with XML sign up stub' do - get new_user_registration_path(:format => 'xml') + get new_user_registration_path(format: 'xml') assert_response :success assert_match %(\n), response.body assert_no_match(/ 'json') + get new_user_registration_path(format: 'json') assert_response :success assert_match %({"user":), response.body assert_no_match(/"confirmation_token"/, response.body) end test 'an admin sign up with valid information in XML format should return valid response' do - post admin_registration_path(:format => 'xml'), :admin => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'new_user123' } + post admin_registration_path(format: 'xml'), admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } assert_response :success assert response.body.include? %(\n) @@ -258,7 +258,7 @@ def user_sign_up end test 'a user sign up with valid information in XML format should return valid response' do - post user_registration_path(:format => 'xml'), :user => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'new_user123' } + post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } assert_response :success assert response.body.include? %(\n) @@ -267,28 +267,28 @@ def user_sign_up end test 'a user sign up with invalid information in XML format should return invalid response' do - post user_registration_path(:format => 'xml'), :user => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'invalid' } + post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } assert_response :unprocessable_entity assert response.body.include? %(\n) end test 'a user update information with valid data in XML format should return valid response' do user = sign_in_as_user - put user_registration_path(:format => 'xml'), :user => { :current_password => '12345678', :email => 'user.new@test.com' } + put user_registration_path(format: 'xml'), user: { current_password: '12345678', email: 'user.new@test.com' } assert_response :success assert_equal user.reload.email, 'user.new@test.com' end test 'a user update information with invalid data in XML format should return invalid response' do user = sign_in_as_user - put user_registration_path(:format => 'xml'), :user => { :current_password => 'invalid', :email => 'user.new@test.com' } + put user_registration_path(format: 'xml'), user: { current_password: 'invalid', email: 'user.new@test.com' } assert_response :unprocessable_entity assert_equal user.reload.email, 'user@test.com' end test 'a user cancel their account in XML format should return valid response' do sign_in_as_user - delete user_registration_path(:format => 'xml') + delete user_registration_path(format: 'xml') assert_response :success assert_equal User.count, 0 end @@ -299,8 +299,8 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest sign_in_as_admin get edit_admin_registration_path - fill_in 'email', :with => 'admin.new@example.com' - fill_in 'current password', :with => '123456' + fill_in 'email', with: 'admin.new@example.com' + fill_in 'current password', with: '123456' click_button 'Update' assert_current_url '/admin_area/home' @@ -315,9 +315,9 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest sign_in_as_admin get edit_admin_registration_path - fill_in 'password', :with => 'pas123' - fill_in 'password confirmation', :with => 'pas123' - fill_in 'current password', :with => '123456' + fill_in 'password', with: 'pas123' + fill_in 'password confirmation', with: 'pas123' + fill_in 'current password', with: '123456' click_button 'Update' assert_current_url '/admin_area/home' @@ -330,14 +330,14 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest sign_in_as_admin get edit_admin_registration_path - fill_in 'email', :with => 'admin.new@example.com' - fill_in 'current password', :with => '123456' + fill_in 'email', with: 'admin.new@example.com' + fill_in 'current password', with: '123456' click_button 'Update' get edit_admin_registration_path - fill_in 'password', :with => 'pas123' - fill_in 'password confirmation', :with => 'pas123' - fill_in 'current password', :with => '123456' + fill_in 'password', with: 'pas123' + fill_in 'password confirmation', with: 'pas123' + fill_in 'current password', with: '123456' click_button 'Update' assert_current_url '/admin_area/home' diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 8f04986d91..718a7146a6 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -31,7 +31,7 @@ def cookie_expires(key) end test 'handle unverified requests gets rid of caches' do - swap ApplicationController, :allow_forgery_protection => true do + swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) assert_not warden.authenticated?(:user) @@ -43,19 +43,19 @@ def cookie_expires(key) end test 'handle unverified requests does not create cookies on sign in' do - swap ApplicationController, :allow_forgery_protection => true do + swap ApplicationController, allow_forgery_protection: true do get new_user_session_path assert request.session[:_csrf_token] - post user_session_path, :authenticity_token => "oops", :user => - { email: "jose.valim@gmail.com", password: "123456", :remember_me => "1" } + post user_session_path, authenticity_token: "oops", user: + { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" } assert_not warden.authenticated?(:user) assert_not request.cookies['remember_user_token'] end end test 'generate remember token after sign in' do - sign_in_as_user :remember_me => true + sign_in_as_user remember_me: true assert request.cookies['remember_user_token'] end @@ -63,15 +63,15 @@ def cookie_expires(key) # We test this by asserting the cookie is not sent after the redirect # since we changed the domain. This is the only difference with the # previous test. - swap Devise, :rememberable_options => { :domain => "omg.somewhere.com" } do - sign_in_as_user :remember_me => true + swap Devise, rememberable_options: { domain: "omg.somewhere.com" } do + sign_in_as_user remember_me: true assert_nil request.cookies["remember_user_token"] end end test 'generate remember token with a custom key' do - swap Devise, :rememberable_options => { :key => "v1lat_token" } do - sign_in_as_user :remember_me => true + swap Devise, rememberable_options: { key: "v1lat_token" } do + sign_in_as_user remember_me: true assert request.cookies["v1lat_token"] end end @@ -79,7 +79,7 @@ def cookie_expires(key) test 'generate remember token after sign in setting session options' do begin Rails.configuration.session_options[:domain] = "omg.somewhere.com" - sign_in_as_user :remember_me => true + sign_in_as_user remember_me: true assert_nil request.cookies["remember_user_token"] ensure Rails.configuration.session_options.delete(:domain) @@ -103,14 +103,14 @@ def cookie_expires(key) end test 'does not extend remember period through sign in' do - swap Devise, :extend_remember_period => true, :remember_for => 1.year do + swap Devise, extend_remember_period: true, remember_for: 1.year do user = create_user user.remember_me! user.remember_created_at = old = 10.days.ago user.save - sign_in_as_user :remember_me => true + sign_in_as_user remember_me: true user.reload assert warden.user(:user) == user @@ -135,7 +135,7 @@ def cookie_expires(key) test 'do not remember with expired token' do create_user_and_remember - swap Devise, :remember_for => 0 do + swap Devise, remember_for: 0 do get users_path assert_not warden.authenticated?(:user) assert_redirected_to new_user_session_path diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 47aea6bfc2..79f643134d 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -104,7 +104,7 @@ def last_request_at user = sign_in_as_user get expire_user_path(user) - post "/users/sign_in", :email => user.email, :password => "123456" + post "/users/sign_in", email: user.email, password: "123456" assert_response :redirect follow_redirect! @@ -129,7 +129,7 @@ def last_request_at end test 'user configured timeout limit' do - swap Devise, :timeout_in => 8.minutes do + swap Devise, timeout_in: 8.minutes do user = sign_in_as_user get users_path @@ -145,8 +145,8 @@ def last_request_at end test 'error message with i18n' do - store_translations :en, :devise => { - :failure => { :user => { :timeout => 'Session expired!' } } + store_translations :en, devise: { + failure: { user: { timeout: 'Session expired!' } } } do user = sign_in_as_user @@ -158,8 +158,8 @@ def last_request_at end test 'error message with i18n with double redirect' do - store_translations :en, :devise => { - :failure => { :user => { :timeout => 'Session expired!' } } + store_translations :en, devise: { + failure: { user: { timeout: 'Session expired!' } } } do user = sign_in_as_user @@ -172,7 +172,7 @@ def last_request_at end test 'time out not triggered if remembered' do - user = sign_in_as_user :remember_me => true + user = sign_in_as_user remember_me: true get expire_user_path(user) assert_not_nil last_request_at diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index 44156bfdb7..f3d73c2e37 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -63,8 +63,8 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest end test "does not update anything if user has signed out along the way" do - swap Devise, :allow_unconfirmed_access_for => 0.days do - user = create_user(:confirm => false) + swap Devise, allow_unconfirmed_access_for: 0.days do + user = create_user(confirm: false) sign_in_as_user user.reload diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 204ab2d24e..2d8581924a 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -67,13 +67,13 @@ def mail end test 'setup subject from I18n' do - store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :subject => 'Account Confirmation' } } } do + store_translations :en, devise: { mailer: { confirmation_instructions: { subject: 'Account Confirmation' } } } do assert_equal 'Account Confirmation', mail.subject end end test 'subject namespaced by model' do - store_translations :en, :devise => { :mailer => { :confirmation_instructions => { :user_subject => 'User Account Confirmation' } } } do + store_translations :en, devise: { mailer: { confirmation_instructions: { user_subject: 'User Account Confirmation' } } } do assert_equal 'User Account Confirmation', mail.subject end end @@ -93,7 +93,7 @@ def mail end test 'renders a scoped if scoped_views is set to true' do - swap Devise, :scoped_views => true do + swap Devise, scoped_views: true do assert_equal user.email, mail.body.decoded end end @@ -108,7 +108,7 @@ def mail end test 'mailer sender accepts a proc' do - swap Devise, :mailer_sender => proc { "another@example.com" } do + swap Devise, mailer_sender: proc { "another@example.com" } do assert_equal ['another@example.com'], mail.from end end diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 4741568a79..83f03ec940 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -63,13 +63,13 @@ def mail end test 'setup subject from I18n' do - store_translations :en, :devise => { :mailer => { :reset_password_instructions => { :subject => 'Reset instructions' } } } do + store_translations :en, devise: { mailer: { reset_password_instructions: { subject: 'Reset instructions' } } } do assert_equal 'Reset instructions', mail.subject end end test 'subject namespaced by model' do - store_translations :en, :devise => { :mailer => { :reset_password_instructions => { :user_subject => 'User Reset Instructions' } } } do + store_translations :en, devise: { mailer: { reset_password_instructions: { user_subject: 'User Reset Instructions' } } } do assert_equal 'User Reset Instructions', mail.subject end end @@ -89,7 +89,7 @@ def mail end test 'mailer sender accepts a proc' do - swap Devise, :mailer_sender => proc { "another@example.com" } do + swap Devise, mailer_sender: proc { "another@example.com" } do assert_equal ['another@example.com'], mail.from end end diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 324529b0a4..35be87efb9 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -64,13 +64,13 @@ def mail end test 'setup subject from I18n' do - store_translations :en, :devise => { :mailer => { :unlock_instructions => { :subject => 'Yo unlock instructions' } } } do + store_translations :en, devise: { mailer: { unlock_instructions: { subject: 'Yo unlock instructions' } } } do assert_equal 'Yo unlock instructions', mail.subject end end test 'subject namespaced by model' do - store_translations :en, :devise => { :mailer => { :unlock_instructions => { :user_subject => 'User Unlock Instructions' } } } do + store_translations :en, devise: { mailer: { unlock_instructions: { user_subject: 'User Unlock Instructions' } } } do assert_equal 'User Unlock Instructions', mail.subject end end diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 9232f9105a..f57d1bdf26 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -6,8 +6,8 @@ class AuthenticatableTest < ActiveSupport::TestCase end test 'find_first_by_auth_conditions allows custom filtering parameters' do - user = User.create!(:email => "example@example.com", :password => "123456") - assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user - assert_nil User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id.to_s.next) + user = User.create!(email: "example@example.com", password: "123456") + assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user + assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next) end end diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 8d0b30a5d2..5de56536de 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -82,7 +82,7 @@ def setup test 'should send confirmation instructions by email' do assert_email_sent "mynewuser@example.com" do - create_user :email => "mynewuser@example.com" + create_user email: "mynewuser@example.com" end end @@ -119,23 +119,23 @@ def setup assert_email_not_sent do user = new_user user.email = '' - user.save(:validate => false) + user.save(validate: false) end end test 'should find a user to send confirmation instructions' do user = create_user - confirmation_user = User.send_confirmation_instructions(:email => user.email) + confirmation_user = User.send_confirmation_instructions(email: user.email) assert_equal confirmation_user, user end test 'should return a new user if no email was found' do - confirmation_user = User.send_confirmation_instructions(:email => "invalid@example.com") + confirmation_user = User.send_confirmation_instructions(email: "invalid@example.com") assert_not confirmation_user.persisted? end test 'should add error to new user email if no email was found' do - confirmation_user = User.send_confirmation_instructions(:email => "invalid@example.com") + confirmation_user = User.send_confirmation_instructions(email: "invalid@example.com") assert confirmation_user.errors[:email] assert_equal "not found", confirmation_user.errors[:email].join end @@ -143,7 +143,7 @@ def setup test 'should send email instructions for the user confirm its email' do user = create_user assert_email_sent user.email do - User.send_confirmation_instructions(:email => user.email) + User.send_confirmation_instructions(email: user.email) end end @@ -183,7 +183,7 @@ def setup end test 'confirm time should fallback to devise confirm in default configuration' do - swap Devise, :allow_unconfirmed_access_for => 1.day do + swap Devise, allow_unconfirmed_access_for: 1.day do user = new_user user.confirmation_sent_at = 2.days.ago assert_not user.active_for_authentication? @@ -194,7 +194,7 @@ def setup end test 'should be active when confirmation sent at is not overpast' do - swap Devise, :allow_unconfirmed_access_for => 5.days do + swap Devise, allow_unconfirmed_access_for: 5.days do Devise.allow_unconfirmed_access_for = 5.days user = create_user @@ -246,17 +246,17 @@ def setup end test 'should find a user to send email instructions for the user confirm its email by authentication_keys' do - swap Devise, :authentication_keys => [:username, :email] do + swap Devise, authentication_keys: [:username, :email] do user = create_user - confirm_user = User.send_confirmation_instructions(:email => user.email, :username => user.username) + confirm_user = User.send_confirmation_instructions(email: user.email, username: user.username) assert_equal confirm_user, user end end test 'should require all confirmation_keys' do - swap Devise, :confirmation_keys => [:username, :email] do + swap Devise, confirmation_keys: [:username, :email] do user = create_user - confirm_user = User.send_confirmation_instructions(:email => user.email) + confirm_user = User.send_confirmation_instructions(email: user.email) assert_not confirm_user.persisted? assert_equal "can't be blank", confirm_user.errors[:username].join end @@ -275,13 +275,13 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) end test 'should accept confirmation email token after 2 days when expiration is set to 3 days' do - swap Devise, :confirm_within => 3.days do + swap Devise, confirm_within: 3.days do assert confirm_user_by_token_with_confirmation_sent_at(2.days.ago) end end test 'should not accept confirmation email token after 4 days when expiration is set to 3 days' do - swap Devise, :confirm_within => 3.days do + swap Devise, confirm_within: 3.days do assert_not confirm_user_by_token_with_confirmation_sent_at(4.days.ago) end end @@ -327,7 +327,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin = create_admin assert admin.confirm! assert_nil admin.confirmation_token - assert admin.update_attributes(:email => 'new_test@example.com') + assert admin.update_attributes(email: 'new_test@example.com') assert_not_nil admin.confirmation_token end @@ -335,7 +335,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin = create_admin assert admin.confirm! admin.skip_reconfirmation! - assert admin.update_attributes(:email => 'new_test@example.com') + assert admin.update_attributes(email: 'new_test@example.com') assert_nil admin.confirmation_token end @@ -344,16 +344,16 @@ class ReconfirmableTest < ActiveSupport::TestCase admin.skip_confirmation_notification! assert_email_not_sent do - admin.update_attributes(:email => 'new_test@example.com') + admin.update_attributes(email: 'new_test@example.com') end end test 'should regenerate confirmation token after changing email' do admin = create_admin assert admin.confirm! - assert admin.update_attributes(:email => 'old_test@example.com') + assert admin.update_attributes(email: 'old_test@example.com') token = admin.confirmation_token - assert admin.update_attributes(:email => 'new_test@example.com') + assert admin.update_attributes(email: 'new_test@example.com') assert_not_equal token, admin.confirmation_token end @@ -361,7 +361,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin = create_admin assert admin.confirm! assert_email_sent "new_test@example.com" do - assert admin.update_attributes(:email => 'new_test@example.com') + assert admin.update_attributes(email: 'new_test@example.com') end assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded end @@ -370,7 +370,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin = create_admin assert admin.confirm! assert_email_not_sent do - assert admin.update_attributes(:password => 'newpass', :password_confirmation => 'newpass') + assert admin.update_attributes(password: 'newpass', password_confirmation: 'newpass') end end @@ -379,21 +379,21 @@ class ReconfirmableTest < ActiveSupport::TestCase assert admin.confirm! assert_email_not_sent do admin.email = '' - admin.save(:validate => false) + admin.save(validate: false) end end test 'should stay confirmed when email is changed' do admin = create_admin assert admin.confirm! - assert admin.update_attributes(:email => 'new_test@example.com') + assert admin.update_attributes(email: 'new_test@example.com') assert admin.confirmed? end test 'should update email only when it is confirmed' do admin = create_admin assert admin.confirm! - assert admin.update_attributes(:email => 'new_test@example.com') + assert admin.update_attributes(email: 'new_test@example.com') assert_not_equal 'new_test@example.com', admin.email assert admin.confirm! assert_equal 'new_test@example.com', admin.email @@ -402,27 +402,27 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should not allow admin to get past confirmation email by resubmitting their new address' do admin = create_admin assert admin.confirm! - assert admin.update_attributes(:email => 'new_test@example.com') + assert admin.update_attributes(email: 'new_test@example.com') assert_not_equal 'new_test@example.com', admin.email - assert admin.update_attributes(:email => 'new_test@example.com') + assert admin.update_attributes(email: 'new_test@example.com') assert_not_equal 'new_test@example.com', admin.email end test 'should find a admin by send confirmation instructions with unconfirmed_email' do admin = create_admin assert admin.confirm! - assert admin.update_attributes(:email => 'new_test@example.com') - confirmation_admin = Admin.send_confirmation_instructions(:email => admin.unconfirmed_email) + assert admin.update_attributes(email: 'new_test@example.com') + confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email) assert_equal confirmation_admin, admin end test 'should return a new admin if no email or unconfirmed_email was found' do - confirmation_admin = Admin.send_confirmation_instructions(:email => "invalid@email.com") + confirmation_admin = Admin.send_confirmation_instructions(email: "invalid@email.com") assert_not confirmation_admin.persisted? end test 'should add error to new admin email if no email or unconfirmed_email was found' do - confirmation_admin = Admin.send_confirmation_instructions(:email => "invalid@email.com") + confirmation_admin = Admin.send_confirmation_instructions(email: "invalid@email.com") assert confirmation_admin.errors[:email] assert_equal "not found", confirmation_admin.errors[:email].join end @@ -431,7 +431,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin = create_admin admin.unconfirmed_email = "new_test@email.com" assert admin.save - admin = Admin.find_by_unconfirmed_email_with_errors(:email => "new_test@email.com") + admin = Admin.find_by_unconfirmed_email_with_errors(email: "new_test@email.com") assert admin.persisted? end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 8ab320c996..fc3f729212 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -6,7 +6,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should downcase case insensitive keys when saving' do # case_insensitive_keys is set to :email by default. email = 'Foo@Bar.com' - user = new_user(:email => email) + user = new_user(email: email) assert_equal email, user.email user.save! @@ -16,7 +16,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should downcase case insensitive keys that refer to virtual attributes when saving' do email = 'Foo@Bar1.com' confirmation = 'Foo@Bar1.com' - attributes = valid_attributes(:email => email, :email_confirmation => confirmation) + attributes = valid_attributes(email: email, email_confirmation: confirmation) user = UserWithVirtualAttributes.new(attributes) assert_equal confirmation, user.email_confirmation @@ -27,7 +27,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should not mutate value assigned to case insensitive key' do email = 'Foo@Bar.com' original_email = email.dup - user = new_user(:email => email) + user = new_user(email: email) user.save! assert_equal original_email, email @@ -36,7 +36,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should remove whitespace from strip whitespace keys when saving' do # strip_whitespace_keys is set to :email by default. email = ' foo@bar.com ' - user = new_user(:email => email) + user = new_user(email: email) assert_equal email, user.email user.save! @@ -46,20 +46,20 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should not mutate value assigned to string whitespace key' do email = ' foo@bar.com ' original_email = email.dup - user = new_user(:email => email) + user = new_user(email: email) user.save! assert_equal original_email, email end test "doesn't throw exception when globally configured strip_whitespace_keys are not present on a model" do - swap Devise, :strip_whitespace_keys => [:fake_key] do + swap Devise, strip_whitespace_keys: [:fake_key] do assert_nothing_raised { create_user } end end test "doesn't throw exception when globally configured case_insensitive_keys are not present on a model" do - swap Devise, :case_insensitive_keys => [:fake_key] do + swap Devise, case_insensitive_keys: [:fake_key] do assert_nothing_raised { create_user } end end @@ -94,7 +94,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase end test 'should support custom encryption methods' do - user = UserWithCustomEncryption.new(:password => '654321') + user = UserWithCustomEncryption.new(password: '654321') assert_equal user.encrypted_password, '123456' end @@ -105,8 +105,8 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase end test 'should not generate encrypted password if password is blank' do - assert_blank new_user(:password => nil).encrypted_password - assert_blank new_user(:password => '').encrypted_password + assert_blank new_user(password: nil).encrypted_password + assert_blank new_user(password: '').encrypted_password end test 'should encrypt password again if password has changed' do @@ -141,23 +141,23 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase test 'should update password with valid current password' do user = create_user - assert user.update_with_password(:current_password => '12345678', - :password => 'pass4321', :password_confirmation => 'pass4321') + assert user.update_with_password(current_password: '12345678', + password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('pass4321') end test 'should add an error to current password when it is invalid' do user = create_user - assert_not user.update_with_password(:current_password => 'other', - :password => 'pass4321', :password_confirmation => 'pass4321') + assert_not user.update_with_password(current_password: 'other', + password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') assert_match "is invalid", user.errors[:current_password].join end test 'should add an error to current password when it is blank' do user = create_user - assert_not user.update_with_password(:password => 'pass4321', - :password_confirmation => 'pass4321') + assert_not user.update_with_password(password: 'pass4321', + password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') assert_match "can't be blank", user.errors[:current_password].join end @@ -166,41 +166,41 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase user = UserWithValidation.create!(valid_attributes) user.save assert user.persisted? - assert_not user.update_with_password(:username => "") + assert_not user.update_with_password(username: "") assert_match "usertest", user.reload.username assert_match "can't be blank", user.errors[:username].join end test 'should ignore password and its confirmation if they are blank' do user = create_user - assert user.update_with_password(:current_password => '12345678', :email => "new@example.com") + assert user.update_with_password(current_password: '12345678', email: "new@example.com") assert_equal "new@example.com", user.email end test 'should not update password with invalid confirmation' do user = create_user - assert_not user.update_with_password(:current_password => '12345678', - :password => 'pass4321', :password_confirmation => 'other') + assert_not user.update_with_password(current_password: '12345678', + password: 'pass4321', password_confirmation: 'other') assert user.reload.valid_password?('12345678') end test 'should clean up password fields on failure' do user = create_user - assert_not user.update_with_password(:current_password => '12345678', - :password => 'pass4321', :password_confirmation => 'other') + assert_not user.update_with_password(current_password: '12345678', + password: 'pass4321', password_confirmation: 'other') assert user.password.blank? assert user.password_confirmation.blank? end test 'should update the user without password' do user = create_user - user.update_without_password(:email => 'new@example.com') + user.update_without_password(email: 'new@example.com') assert_equal 'new@example.com', user.email end test 'should not update password without password' do user = create_user - user.update_without_password(:password => 'pass4321', :password_confirmation => 'pass4321') + user.update_without_password(password: 'pass4321', password_confirmation: 'pass4321') assert !user.reload.valid_password?('pass4321') assert user.valid_password?('12345678') end @@ -226,8 +226,8 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase end test 'downcase_keys with validation' do - User.create(:email => "HEllO@example.com", :password => "123456") - user = User.create(:email => "HEllO@example.com", :password => "123456") + User.create(email: "HEllO@example.com", password: "123456") + user = User.create(email: "HEllO@example.com", password: "123456") assert !user.valid? end @@ -239,7 +239,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase end test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do - swap Devise, :authentication_keys => [:login] do + swap Devise, authentication_keys: [:login] do assert_same_content Devise::Models::DatabaseAuthenticatable.required_fields(User), [ :encrypted_password, :login diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index c371f9c881..7bfb25c668 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -8,7 +8,7 @@ def setup test "should respect maximum attempts configuration" do user = create_user user.confirm! - swap Devise, :maximum_attempts => 2 do + swap Devise, maximum_attempts: 2 do 2.times { user.valid_for_authentication?{ false } } assert user.reload.access_locked? end @@ -18,7 +18,7 @@ def setup user = create_user user.confirm! - swap Devise, :maximum_attempts => 2 do + swap Devise, maximum_attempts: 2 do 2.times { user.valid_for_authentication?{ false } } assert user.reload.access_locked? end @@ -30,7 +30,7 @@ def setup test "should not touch failed_attempts if lock_strategy is none" do user = create_user user.confirm! - swap Devise, :lock_strategy => :none, :maximum_attempts => 2 do + swap Devise, lock_strategy: :none, maximum_attempts: 2 do 3.times { user.valid_for_authentication?{ false } } assert !user.access_locked? assert_equal 0, user.failed_attempts @@ -77,7 +77,7 @@ def setup end test "should unlock user after unlock_in period" do - swap Devise, :unlock_in => 3.hours do + swap Devise, unlock_in: 3.hours do user = new_user user.locked_at = 2.hours.ago assert user.access_locked? @@ -88,7 +88,7 @@ def setup end test "should not unlock in 'unlock_in' if :time unlock strategy is not set" do - swap Devise, :unlock_strategy => :email do + swap Devise, unlock_strategy: :email do user = new_user user.locked_at = 2.hours.ago assert user.access_locked? @@ -114,7 +114,7 @@ def setup end test "should not generate unlock_token when :email is not an unlock strategy" do - swap Devise, :unlock_strategy => :time do + swap Devise, unlock_strategy: :time do user = create_user user.lock_access! assert_nil user.unlock_token @@ -122,7 +122,7 @@ def setup end test "should send email with unlock instructions when :email is an unlock strategy" do - swap Devise, :unlock_strategy => :email do + swap Devise, unlock_strategy: :email do user = create_user assert_email_sent do user.lock_access! @@ -131,7 +131,7 @@ def setup end test "doesn't send email when you pass option send_instructions to false" do - swap Devise, :unlock_strategy => :email do + swap Devise, unlock_strategy: :email do user = create_user assert_email_not_sent do user.lock_access! send_instructions: false @@ -140,7 +140,7 @@ def setup end test "sends email when you pass options other than send_instructions" do - swap Devise, :unlock_strategy => :email do + swap Devise, unlock_strategy: :email do user = create_user assert_email_sent do user.lock_access! foo: :bar, bar: :foo @@ -149,7 +149,7 @@ def setup end test "should not send email with unlock instructions when :email is not an unlock strategy" do - swap Devise, :unlock_strategy => :time do + swap Devise, unlock_strategy: :time do user = create_user assert_email_not_sent do user.lock_access! @@ -180,32 +180,32 @@ def setup test 'should find a user to send unlock instructions' do user = create_user user.lock_access! - unlock_user = User.send_unlock_instructions(:email => user.email) + unlock_user = User.send_unlock_instructions(email: user.email) assert_equal unlock_user, user end test 'should return a new user if no email was found' do - unlock_user = User.send_unlock_instructions(:email => "invalid@example.com") + unlock_user = User.send_unlock_instructions(email: "invalid@example.com") assert_not unlock_user.persisted? end test 'should add error to new user email if no email was found' do - unlock_user = User.send_unlock_instructions(:email => "invalid@example.com") + unlock_user = User.send_unlock_instructions(email: "invalid@example.com") assert_equal 'not found', unlock_user.errors[:email].join end test 'should find a user to send unlock instructions by authentication_keys' do - swap Devise, :authentication_keys => [:username, :email] do + swap Devise, authentication_keys: [:username, :email] do user = create_user - unlock_user = User.send_unlock_instructions(:email => user.email, :username => user.username) + unlock_user = User.send_unlock_instructions(email: user.email, username: user.username) assert_equal unlock_user, user end end test 'should require all unlock_keys' do - swap Devise, :unlock_keys => [:username, :email] do + swap Devise, unlock_keys: [:username, :email] do user = create_user - unlock_user = User.send_unlock_instructions(:email => user.email) + unlock_user = User.send_unlock_instructions(email: user.email) assert_not unlock_user.persisted? assert_equal "can't be blank", unlock_user.errors[:username].join end @@ -219,7 +219,7 @@ def setup end test 'should not be able to send instructions if the user if not locked and have username as unlock key' do - swap Devise, :unlock_keys => [:username] do + swap Devise, unlock_keys: [:username] do user = create_user assert_not user.resend_unlock_instructions assert_not user.access_locked? @@ -228,7 +228,7 @@ def setup end test 'should unlock account if lock has expired and increase attempts on failure' do - swap Devise, :unlock_in => 1.minute do + swap Devise, unlock_in: 1.minute do user = create_user user.confirm! @@ -241,7 +241,7 @@ def setup end test 'should unlock account if lock has expired on success' do - swap Devise, :unlock_in => 1.minute do + swap Devise, unlock_in: 1.minute do user = create_user user.confirm! @@ -255,8 +255,8 @@ def setup end test 'required_fields should contain the all the fields when all the strategies are enabled' do - swap Devise, :unlock_strategy => :both do - swap Devise, :lock_strategy => :failed_attempts do + swap Devise, unlock_strategy: :both do + swap Devise, lock_strategy: :failed_attempts do assert_same_content Devise::Models::Lockable.required_fields(User), [ :failed_attempts, :locked_at, @@ -267,8 +267,8 @@ def setup end test 'required_fields should contain only failed_attempts and locked_at when the strategies are time and failed_attempts are enabled' do - swap Devise, :unlock_strategy => :time do - swap Devise, :lock_strategy => :failed_attempts do + swap Devise, unlock_strategy: :time do + swap Devise, lock_strategy: :failed_attempts do assert_same_content Devise::Models::Lockable.required_fields(User), [ :failed_attempts, :locked_at @@ -278,8 +278,8 @@ def setup end test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do - swap Devise, :unlock_strategy => :email do - swap Devise, :lock_strategy => :failed_attempts do + swap Devise, unlock_strategy: :email do + swap Devise, lock_strategy: :failed_attempts do assert_same_content Devise::Models::Lockable.required_fields(User), [ :failed_attempts, :unlock_token @@ -289,7 +289,7 @@ def setup end test 'should not return a locked unauthenticated message if in paranoid mode' do - swap Devise, :paranoid => :true do + swap Devise, paranoid: :true do user = create_user user.failed_attempts = Devise.maximum_attempts + 1 user.lock_access! @@ -299,8 +299,8 @@ def setup end test 'should return last attempt message if user made next-to-last attempt of password entering' do - swap Devise, :last_attempt_warning => :true do - swap Devise, :lock_strategy => :failed_attempts do + swap Devise, last_attempt_warning: :true do + swap Devise, lock_strategy: :failed_attempts do user = create_user user.failed_attempts = Devise.maximum_attempts - 2 assert_equal :invalid, user.unauthenticated_message diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index f6afc20c1e..a59f06a7f3 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -67,28 +67,28 @@ def setup test 'should find a user to send instructions by email' do user = create_user - reset_password_user = User.send_reset_password_instructions(:email => user.email) + reset_password_user = User.send_reset_password_instructions(email: user.email) assert_equal reset_password_user, user end test 'should return a new record with errors if user was not found by e-mail' do - reset_password_user = User.send_reset_password_instructions(:email => "invalid@example.com") + reset_password_user = User.send_reset_password_instructions(email: "invalid@example.com") assert_not reset_password_user.persisted? assert_equal "not found", reset_password_user.errors[:email].join end test 'should find a user to send instructions by authentication_keys' do - swap Devise, :authentication_keys => [:username, :email] do + swap Devise, authentication_keys: [:username, :email] do user = create_user - reset_password_user = User.send_reset_password_instructions(:email => user.email, :username => user.username) + reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username) assert_equal reset_password_user, user end end test 'should require all reset_password_keys' do - swap Devise, :reset_password_keys => [:username, :email] do + swap Devise, reset_password_keys: [:username, :email] do user = create_user - reset_password_user = User.send_reset_password_instructions(:email => user.email) + reset_password_user = User.send_reset_password_instructions(email: user.email) assert_not reset_password_user.persisted? assert_equal "can't be blank", reset_password_user.errors[:username].join end @@ -97,14 +97,14 @@ def setup test 'should reset reset_password_token before send the reset instructions email' do user = create_user token = user.reset_password_token - User.send_reset_password_instructions(:email => user.email) + User.send_reset_password_instructions(email: user.email) assert_not_equal token, user.reload.reset_password_token end test 'should send email instructions to the user reset their password' do user = create_user assert_email_sent do - User.send_reset_password_instructions(:email => user.email) + User.send_reset_password_instructions(email: user.email) end end @@ -112,18 +112,18 @@ def setup user = create_user raw = user.send_reset_password_instructions - reset_password_user = User.reset_password_by_token(:reset_password_token => raw) + reset_password_user = User.reset_password_by_token(reset_password_token: raw) assert_equal reset_password_user, user end test 'should return a new record with errors if no reset_password_token is found' do - reset_password_user = User.reset_password_by_token(:reset_password_token => 'invalid_token') + reset_password_user = User.reset_password_by_token(reset_password_token: 'invalid_token') assert_not reset_password_user.persisted? assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join end test 'should return a new record with errors if reset_password_token is blank' do - reset_password_user = User.reset_password_by_token(:reset_password_token => '') + reset_password_user = User.reset_password_by_token(reset_password_token: '') assert_not reset_password_user.persisted? assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join end @@ -132,7 +132,7 @@ def setup user = create_user raw = user.send_reset_password_instructions - reset_password_user = User.reset_password_by_token(:reset_password_token => raw, :password => '') + reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '') assert_not reset_password_user.errors.empty? assert_match "can't be blank", reset_password_user.errors[:password].join end @@ -143,9 +143,9 @@ def setup raw = user.send_reset_password_instructions User.reset_password_by_token( - :reset_password_token => raw, - :password => 'new_password', - :password_confirmation => 'new_password' + reset_password_token: raw, + password: 'new_password', + password_confirmation: 'new_password' ) user.reload @@ -154,7 +154,7 @@ def setup end test 'should not reset password after reset_password_within time' do - swap Devise, :reset_password_within => 1.hour do + swap Devise, reset_password_within: 1.hour do user = create_user raw = user.send_reset_password_instructions @@ -163,9 +163,9 @@ def setup user.save! reset_password_user = User.reset_password_by_token( - :reset_password_token => raw, - :password => 'new_password', - :password_confirmation => 'new_password' + reset_password_token: raw, + password: 'new_password', + password_confirmation: 'new_password' ) user.reload diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 4607e6d5e4..74e37f2a28 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -86,7 +86,7 @@ def create_resource end test 'remember for should fallback to devise remember for default configuration' do - swap Devise, :remember_for => 1.day do + swap Devise, remember_for: 1.day do resource = create_resource resource.remember_me! assert_not resource.remember_expired? @@ -94,7 +94,7 @@ def create_resource end test 'remember expires at should sum date of creation with remember for configuration' do - swap Devise, :remember_for => 3.days do + swap Devise, remember_for: 3.days do resource = create_resource resource.remember_me! assert_equal 3.days.from_now.to_date, resource.remember_expires_at.to_date @@ -105,7 +105,7 @@ def create_resource end test 'remember should be expired if remember_for is zero' do - swap Devise, :remember_for => 0.days do + swap Devise, remember_for: 0.days do Devise.remember_for = 0.days resource = create_resource resource.remember_me! @@ -114,7 +114,7 @@ def create_resource end test 'remember should be expired if it was created before limit time' do - swap Devise, :remember_for => 1.day do + swap Devise, remember_for: 1.day do resource = create_resource resource.remember_me! resource.remember_created_at = 2.days.ago @@ -124,7 +124,7 @@ def create_resource end test 'remember should not be expired if it was created within the limit time' do - swap Devise, :remember_for => 30.days do + swap Devise, remember_for: 30.days do resource = create_resource resource.remember_me! resource.remember_created_at = (30.days.ago + 2.minutes) @@ -134,7 +134,7 @@ def create_resource end test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do - swap Devise, :remember_for => 5.minutes do + swap Devise, remember_for: 5.minutes do resource = create_resource resource.remember_me!(false) assert resource.remember_created_at @@ -148,7 +148,7 @@ def create_resource end test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do - swap Devise, :remember_for => 1.year do + swap Devise, remember_for: 1.year do resource = create_resource resource.remember_me!(false) assert resource.remember_created_at @@ -162,7 +162,7 @@ def create_resource end test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do - swap Devise, :remember_for => 1.year do + swap Devise, remember_for: 1.year do resource = create_resource resource.remember_me!(true) assert resource.remember_created_at diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 565b71fe3c..7e16f74fd1 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -11,13 +11,13 @@ class SerializableTest < ActiveSupport::TestCase end test 'should not include unsafe keys on XML even if a new except is provided' do - assert_no_match(/email/, @user.to_xml(:except => :email)) - assert_no_match(/confirmation-token/, @user.to_xml(:except => :email)) + assert_no_match(/email/, @user.to_xml(except: :email)) + assert_no_match(/confirmation-token/, @user.to_xml(except: :email)) end test 'should include unsafe keys on XML if a force_except is provided' do - assert_no_match(/ :email)) - assert_match(/confirmation-token/, @user.to_xml(:force_except => :email)) + assert_no_match(/ :email) - assert_no_key "confirmation_token", from_json(:except => :email) + assert_no_key "email", from_json(except: :email) + assert_no_key "confirmation_token", from_json(except: :email) end test 'should include unsafe keys on JSON if a force_except is provided' do - assert_no_key "email", from_json(:force_except => :email) - assert_key "confirmation_token", from_json(:force_except => :email) + assert_no_key "email", from_json(force_except: :email) + assert_key "confirmation_token", from_json(force_except: :email) end def assert_key(key, subject) diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index b25cb2ed21..be68246743 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -29,7 +29,7 @@ class TimeoutableTest < ActiveSupport::TestCase end test 'fallback to Devise config option' do - swap Devise, :timeout_in => 1.minute do + swap Devise, timeout_in: 1.minute do user = new_user assert user.timedout?(2.minutes.ago) assert_not user.timedout?(30.seconds.ago) diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 983628f6b0..c73b438970 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -3,7 +3,7 @@ class ValidatableTest < ActiveSupport::TestCase test 'should require email to be set' do - user = new_user(:email => nil) + user = new_user(email: nil) assert user.invalid? assert user.errors[:email] assert_equal 'can\'t be blank', user.errors[:email].join @@ -12,7 +12,7 @@ class ValidatableTest < ActiveSupport::TestCase test 'should require uniqueness of email if email has changed, allowing blank' do existing_user = create_user - user = new_user(:email => '') + user = new_user(email: '') assert user.invalid? assert_no_match(/taken/, user.errors[:email].join) @@ -20,12 +20,12 @@ class ValidatableTest < ActiveSupport::TestCase assert user.invalid? assert_match(/taken/, user.errors[:email].join) - user.save(:validate => false) + user.save(validate: false) assert user.valid? end test 'should require correct email format if email has changed, allowing blank' do - user = new_user(:email => '') + user = new_user(email: '') assert user.invalid? assert_not_equal 'is invalid', user.errors[:email].join @@ -35,26 +35,26 @@ class ValidatableTest < ActiveSupport::TestCase assert_equal 'is invalid', user.errors[:email].join end - user.save(:validate => false) + user.save(validate: false) assert user.valid? end test 'should accept valid emails' do %w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test 1☃3@mail.test).each do |email| - user = new_user(:email => email) + user = new_user(email: email) assert user.valid?, 'should be valid with email ' << email assert_blank user.errors[:email] end end test 'should require password to be set when creating a new record' do - user = new_user(:password => '', :password_confirmation => '') + user = new_user(password: '', password_confirmation: '') assert user.invalid? assert_equal 'can\'t be blank', user.errors[:password].join end test 'should require confirmation to be set when creating a new record' do - user = new_user(:password => 'new_password', :password_confirmation => 'blabla') + user = new_user(password: 'new_password', password_confirmation: 'blabla') assert user.invalid? if Devise.rails4? @@ -87,13 +87,13 @@ class ValidatableTest < ActiveSupport::TestCase end test 'should require a password with minimum of 6 characters' do - user = new_user(:password => '12345', :password_confirmation => '12345') + user = new_user(password: '12345', password_confirmation: '12345') assert user.invalid? assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join end test 'should require a password with maximum of 128 characters long' do - user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129) + user = new_user(password: 'x'*129, password_confirmation: 'x'*129) assert user.invalid? assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join end @@ -109,7 +109,7 @@ class ValidatableTest < ActiveSupport::TestCase end test 'should complain about length even if password is not required' do - user = new_user(:password => 'x'*129, :password_confirmation => 'x'*129) + user = new_user(password: 'x'*129, password_confirmation: 'x'*129) user.stubs(:password_required?).returns(false) assert user.invalid? assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join diff --git a/test/omniauth/config_test.rb b/test/omniauth/config_test.rb index f53a5d7397..86e966340b 100644 --- a/test/omniauth/config_test.rb +++ b/test/omniauth/config_test.rb @@ -11,12 +11,12 @@ class MyStrategy end test 'strategy_name returns provider if no name option are given' do - config = Devise::OmniAuth::Config.new :facebook, [{ :other => :option }] + config = Devise::OmniAuth::Config.new :facebook, [{ other: :option }] assert_equal :facebook, config.strategy_name end test 'returns name option when have a name' do - config = Devise::OmniAuth::Config.new :facebook, [{ :name => :github }] + config = Devise::OmniAuth::Config.new :facebook, [{ name: :github }] assert_equal :github, config.strategy_name end @@ -50,7 +50,7 @@ class MyStrategy end test 'allows the user to define a custom require path' do - config = Devise::OmniAuth::Config.new :my_strategy, [{:strategy_class => MyStrategy}] + config = Devise::OmniAuth::Config.new :my_strategy, [{strategy_class: MyStrategy}] config_class = config.strategy_class assert_equal MyStrategy, config_class end diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 9a8b465328..6f9c80e955 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -17,8 +17,8 @@ def assert_path(action, provider, with_param=true) if with_param # Default url params - assert_equal @controller.send(action, :user, provider, :param => 123), - @controller.send("user_#{action}", provider, :param => 123) + assert_equal @controller.send(action, :user, provider, param: 123), + @controller.send("user_#{action}", provider, param: 123) end end @@ -44,7 +44,7 @@ def assert_path(action, provider, with_param=true) test 'should generate authorization path with params' do assert_match "/users/auth/openid?openid_url=http%3A%2F%2Fyahoo.com", - @controller.omniauth_authorize_path(:user, :openid, :openid_url => "http://yahoo.com") + @controller.omniauth_authorize_path(:user, :openid, openid_url: "http://yahoo.com") end test 'should not add a "?" if no param was sent' do diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index cd48b382a7..f086cf9b91 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -27,7 +27,7 @@ def sanitizer(params) end test 'handles auth keys as a hash' do - swap Devise, :authentication_keys => {:email => true} do + swap Devise, authentication_keys: {email: true} do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in)) end diff --git a/test/rails_app/app/controllers/admins_controller.rb b/test/rails_app/app/controllers/admins_controller.rb index 538eb41cdb..2b4837cfe3 100644 --- a/test/rails_app/app/controllers/admins_controller.rb +++ b/test/rails_app/app/controllers/admins_controller.rb @@ -6,6 +6,6 @@ def index def expire admin_session['last_request_at'] = 31.minutes.ago.utc - render :text => 'Admin will be expired on next request' + render text: 'Admin will be expired on next request' end end diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb index 30b1677a89..a3153ffa0d 100644 --- a/test/rails_app/app/controllers/application_controller.rb +++ b/test/rails_app/app/controllers/application_controller.rb @@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base protect_from_forgery - before_filter :current_user, :unless => :devise_controller? - before_filter :authenticate_user!, :if => :devise_controller? + before_filter :current_user, unless: :devise_controller? + before_filter :authenticate_user!, if: :devise_controller? respond_to *Mime::SET.map(&:to_sym) end diff --git a/test/rails_app/app/controllers/home_controller.rb b/test/rails_app/app/controllers/home_controller.rb index 19a787bde5..c6471953e0 100644 --- a/test/rails_app/app/controllers/home_controller.rb +++ b/test/rails_app/app/controllers/home_controller.rb @@ -20,6 +20,6 @@ def set end def unauthenticated - render :text => "unauthenticated", :status => :unauthorized + render text: "unauthenticated", status: :unauthorized end end diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index 0ee486e763..a3b1e1e550 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -2,13 +2,13 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def facebook data = env["omniauth.auth"] session["devise.facebook_data"] = data["extra"]["user_hash"] - render :json => data + render json: data end def sign_in_facebook user = User.find_by_email('user@test.com') user.remember_me = true sign_in user - render :text => "" + render text: "" end end diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index d889de69ab..839e194ec0 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -1,6 +1,6 @@ class UsersController < ApplicationController - prepend_before_filter :current_user, :only => :exhibit - before_filter :authenticate_user!, :except => [:accept, :exhibit] + prepend_before_filter :current_user, only: :exhibit + before_filter :authenticate_user!, except: [:accept, :exhibit] respond_to :html, :xml def index @@ -13,7 +13,7 @@ def edit_form end def update_form - render :text => 'Update' + render text: 'Update' end def accept @@ -21,11 +21,11 @@ def accept end def exhibit - render :text => current_user ? "User is authenticated" : "User is not authenticated" + render text: current_user ? "User is authenticated" : "User is not authenticated" end def expire user_session['last_request_at'] = 31.minutes.ago.utc - render :text => 'User will be expired on next request' + render text: 'User will be expired on next request' end end diff --git a/test/rails_app/app/mailers/users/mailer.rb b/test/rails_app/app/mailers/users/mailer.rb index f81d49cae8..8359d6a5e9 100644 --- a/test/rails_app/app/mailers/users/mailer.rb +++ b/test/rails_app/app/mailers/users/mailer.rb @@ -1,12 +1,12 @@ class Users::Mailer < Devise::Mailer - default :from => 'custom@example.com' + default from: 'custom@example.com' end class Users::ReplyToMailer < Devise::Mailer - default :from => 'custom@example.com' - default :reply_to => 'custom_reply_to@example.com' + default from: 'custom@example.com' + default reply_to: 'custom_reply_to@example.com' end class Users::FromProcMailer < Devise::Mailer - default :from => proc { 'custom@example.com' } + default from: proc { 'custom@example.com' } end diff --git a/test/rails_app/app/mongoid/admin.rb b/test/rails_app/app/mongoid/admin.rb index dea2cc9038..d5884cb69b 100644 --- a/test/rails_app/app/mongoid/admin.rb +++ b/test/rails_app/app/mongoid/admin.rb @@ -6,24 +6,24 @@ class Admin include SharedAdmin ## Database authenticatable - field :email, :type => String - field :encrypted_password, :type => String + field :email, type: String + field :encrypted_password, type: String ## Recoverable - field :reset_password_token, :type => String - field :reset_password_sent_at, :type => Time + field :reset_password_token, type: String + field :reset_password_sent_at, type: Time ## Rememberable - field :remember_created_at, :type => Time + field :remember_created_at, type: Time ## Confirmable - field :confirmation_token, :type => String - field :confirmed_at, :type => Time - field :confirmation_sent_at, :type => Time - field :unconfirmed_email, :type => String # Only if using reconfirmable + field :confirmation_token, type: String + field :confirmed_at, type: Time + field :confirmation_sent_at, type: Time + field :unconfirmed_email, type: String # Only if using reconfirmable ## Lockable - field :locked_at, :type => Time + field :locked_at, type: Time - field :active, :type => Boolean, :default => false + field :active, type: Boolean, default: false end diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index f74e871154..cd48fd408f 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -3,7 +3,7 @@ module Shim included do include ::Mongoid::Timestamps - field :created_at, :type => DateTime + field :created_at, type: DateTime end module ClassMethods @@ -12,7 +12,7 @@ def order(attribute) end def find_by_email(email) - find_by(:email => email) + find_by(email: email) end end diff --git a/test/rails_app/app/mongoid/user.rb b/test/rails_app/app/mongoid/user.rb index 867758eaca..0a2e5ea1cf 100644 --- a/test/rails_app/app/mongoid/user.rb +++ b/test/rails_app/app/mongoid/user.rb @@ -5,35 +5,35 @@ class User include Shim include SharedUser - field :username, :type => String - field :facebook_token, :type => String + field :username, type: String + field :facebook_token, type: String ## Database authenticatable - field :email, :type => String, :default => "" - field :encrypted_password, :type => String, :default => "" + field :email, type: String, default: "" + field :encrypted_password, type: String, default: "" ## Recoverable - field :reset_password_token, :type => String - field :reset_password_sent_at, :type => Time + field :reset_password_token, type: String + field :reset_password_sent_at, type: Time ## Rememberable - field :remember_created_at, :type => Time + field :remember_created_at, type: Time ## Trackable - field :sign_in_count, :type => Integer, :default => 0 - field :current_sign_in_at, :type => Time - field :last_sign_in_at, :type => Time - field :current_sign_in_ip, :type => String - field :last_sign_in_ip, :type => String + field :sign_in_count, type: Integer, default: 0 + field :current_sign_in_at, type: Time + field :last_sign_in_at, type: Time + field :current_sign_in_ip, type: String + field :last_sign_in_ip, type: String ## Confirmable - field :confirmation_token, :type => String - field :confirmed_at, :type => Time - field :confirmation_sent_at, :type => Time - # field :unconfirmed_email, :type => String # Only if using reconfirmable + field :confirmation_token, type: String + field :confirmed_at, type: Time + field :confirmation_sent_at, type: Time + # field :unconfirmed_email, type: String # Only if using reconfirmable ## Lockable - field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts - field :unlock_token, :type => String # Only if unlock strategy is :email or :both - field :locked_at, :type => Time + field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts + field :unlock_token, type: String # Only if unlock strategy is :email or :both + field :locked_at, type: Time end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 5744dae759..46140549fe 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -23,14 +23,14 @@ class Application < Rails::Application # config.generators do |g| # g.orm :active_record # g.template_engine :erb - # g.test_framework :test_unit, :fixture => true + # g.test_framework :test_unit, fixture: true # end # Configure sensitive parameters which will be filtered from the log file. config.filter_parameters << :password config.assets.enabled = false - config.action_mailer.default_url_options = { :host => "localhost:3000" } + config.action_mailer.default_url_options = { host: "localhost:3000" } # This was used to break devise in some situations config.to_prepare do diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 3e2506d22e..81d7a24881 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -166,9 +166,9 @@ # config.sign_out_via = :get # ==> OmniAuth - config.omniauth :facebook, 'APP_ID', 'APP_SECRET', :scope => 'email,offline_access' + config.omniauth :facebook, 'APP_ID', 'APP_SECRET', scope: 'email,offline_access' config.omniauth :openid - config.omniauth :openid, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id' + config.omniauth :openid, name: 'google', identifier: 'https://www.google.com/accounts/o8/id' # ==> Warden configuration # If you want to use other strategies, that are not supported by Devise, or @@ -176,6 +176,6 @@ # # config.warden do |manager| # manager.failure_app = AnotherApp - # manager.default_strategies(:scope => :user).unshift :some_external_strategy + # manager.default_strategies(scope: :user).unshift :some_external_strategy # end end diff --git a/test/rails_app/config/initializers/secret_token.rb b/test/rails_app/config/initializers/secret_token.rb index 93864c62be..24698914a1 100644 --- a/test/rails_app/config/initializers/secret_token.rb +++ b/test/rails_app/config/initializers/secret_token.rb @@ -4,5 +4,5 @@ config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' else config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571' - config.session_store :cookie_store, :key => "_my_app" + config.session_store :cookie_store, key: "_my_app" end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index ce78903715..16f60751b9 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -1,6 +1,6 @@ Rails.application.routes.draw do # Resources for testing - resources :users, :only => [:index] do + resources :users, only: [:index] do member do get :expire get :accept @@ -9,97 +9,97 @@ end authenticate do - post :exhibit, :on => :member + post :exhibit, on: :member end end - resources :admins, :only => [:index] do - get :expire, :on => :member + resources :admins, only: [:index] do + get :expire, on: :member end # Users scope - devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } + devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" } as :user do - get "/as/sign_in", :to => "devise/sessions#new" + get "/as/sign_in", to: "devise/sessions#new" end - get "/sign_in", :to => "devise/sessions#new" + get "/sign_in", to: "devise/sessions#new" # Admin scope - devise_for :admin, :path => "admin_area", :controllers => { :sessions => :"admins/sessions" }, :skip => :passwords + devise_for :admin, path: "admin_area", controllers: { sessions: :"admins/sessions" }, skip: :passwords - get "/admin_area/home", :to => "admins#index", :as => :admin_root - get "/anywhere", :to => "foo#bar", :as => :new_admin_password + get "/admin_area/home", to: "admins#index", as: :admin_root + get "/anywhere", to: "foo#bar", as: :new_admin_password authenticate(:admin) do - get "/private", :to => "home#private", :as => :private + get "/private", to: "home#private", as: :private end authenticate(:admin, lambda { |admin| admin.active? }) do - get "/private/active", :to => "home#private", :as => :private_active + get "/private/active", to: "home#private", as: :private_active end authenticated :admin do - get "/dashboard", :to => "home#admin_dashboard" + get "/dashboard", to: "home#admin_dashboard" end authenticated :admin, lambda { |admin| admin.active? } do - get "/dashboard/active", :to => "home#admin_dashboard" + get "/dashboard/active", to: "home#admin_dashboard" end authenticated do - get "/dashboard", :to => "home#user_dashboard" + get "/dashboard", to: "home#user_dashboard" end unauthenticated do - get "/join", :to => "home#join" + get "/join", to: "home#join" end # Routes for constraints testing - devise_for :headquarters_admin, :class_name => "Admin", :path => "headquarters", :constraints => {:host => /192\.168\.1\.\d\d\d/} + devise_for :headquarters_admin, class_name: "Admin", path: "headquarters", constraints: {host: /192\.168\.1\.\d\d\d/} - constraints(:host => /192\.168\.1\.\d\d\d/) do - devise_for :homebase_admin, :class_name => "Admin", :path => "homebase" + constraints(host: /192\.168\.1\.\d\d\d/) do + devise_for :homebase_admin, class_name: "Admin", path: "homebase" end - devise_for :skip_admin, :class_name => "Admin", :skip => :all + devise_for :skip_admin, class_name: "Admin", skip: :all # Routes for format=false testing - devise_for :htmlonly_admin, :class_name => "Admin", :skip => [:confirmations, :unlocks], :path => "htmlonly_admin", :format => false, :skip_helpers => [:confirmations, :unlocks] - devise_for :htmlonly_users, :class_name => "User", :only => [:confirmations, :unlocks], :path => "htmlonly_users", :format => false, :skip_helpers => true + devise_for :htmlonly_admin, class_name: "Admin", skip: [:confirmations, :unlocks], path: "htmlonly_admin", format: false, skip_helpers: [:confirmations, :unlocks] + devise_for :htmlonly_users, class_name: "User", only: [:confirmations, :unlocks], path: "htmlonly_users", format: false, skip_helpers: true # Other routes for routing_test.rb - devise_for :reader, :class_name => "User", :only => :passwords + devise_for :reader, class_name: "User", only: :passwords - scope :host => "sub.example.com" do - devise_for :sub_admin, :class_name => "Admin" + scope host: "sub.example.com" do + devise_for :sub_admin, class_name: "Admin" end - namespace :publisher, :path_names => { :sign_in => "i_dont_care", :sign_out => "get_out" } do - devise_for :accounts, :class_name => "Admin", :path_names => { :sign_in => "get_in" } + namespace :publisher, path_names: { sign_in: "i_dont_care", sign_out: "get_out" } do + devise_for :accounts, class_name: "Admin", path_names: { sign_in: "get_in" } end - scope ":locale", :module => :invalid do - devise_for :accounts, :singular => "manager", :class_name => "Admin", - :path_names => { - :sign_in => "login", :sign_out => "logout", - :password => "secret", :confirmation => "verification", - :unlock => "unblock", :sign_up => "register", - :registration => "management", - :cancel => "giveup", :edit => "edit/profile" - }, :failure_app => lambda { |env| [404, {"Content-Type" => "text/plain"}, ["Oops, not found"]] }, :module => :devise + scope ":locale", module: :invalid do + devise_for :accounts, singular: "manager", class_name: "Admin", + path_names: { + sign_in: "login", sign_out: "logout", + password: "secret", confirmation: "verification", + unlock: "unblock", sign_up: "register", + registration: "management", + cancel: "giveup", edit: "edit/profile" + }, failure_app: lambda { |env| [404, {"Content-Type" => "text/plain"}, ["Oops, not found"]] }, module: :devise end - namespace :sign_out_via, :module => "devise" do - devise_for :deletes, :sign_out_via => :delete, :class_name => "Admin" - devise_for :posts, :sign_out_via => :post, :class_name => "Admin" - devise_for :delete_or_posts, :sign_out_via => [:delete, :post], :class_name => "Admin" + namespace :sign_out_via, module: "devise" do + devise_for :deletes, sign_out_via: :delete, class_name: "Admin" + devise_for :posts, sign_out_via: :post, class_name: "Admin" + devise_for :delete_or_posts, sign_out_via: [:delete, :post], class_name: "Admin" end - get "/set", :to => "home#set" - get "/unauthenticated", :to => "home#unauthenticated" + get "/set", to: "home#set" + get "/unauthenticated", to: "home#unauthenticated" get "/custom_strategy/new" - root :to => "home#index", :via => [:get, :post] + root to: "home#index", via: [:get, :post] end diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb index 43bf856496..5aaf736479 100644 --- a/test/rails_app/db/migrate/20100401102949_create_tables.rb +++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb @@ -5,8 +5,8 @@ def self.up t.string :facebook_token ## Database authenticatable - t.string :email, :null => false, :default => "" - t.string :encrypted_password, :null => false, :default => "" + t.string :email, null: false, default: "" + t.string :encrypted_password, null: false, default: "" ## Recoverable t.string :reset_password_token @@ -16,7 +16,7 @@ def self.up t.datetime :remember_created_at ## Trackable - t.integer :sign_in_count, :default => 0 + t.integer :sign_in_count, default: 0 t.datetime :current_sign_in_at t.datetime :last_sign_in_at t.string :current_sign_in_ip @@ -29,7 +29,7 @@ def self.up # t.string :unconfirmed_email # Only if using reconfirmable ## Lockable - t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts + t.integer :failed_attempts, default: 0 # Only if lock strategy is :failed_attempts t.string :unlock_token # Only if unlock strategy is :email or :both t.datetime :locked_at @@ -38,8 +38,8 @@ def self.up create_table :admins do |t| ## Database authenticatable - t.string :email, :null => true - t.string :encrypted_password, :null => true + t.string :email, null: true + t.string :encrypted_password, null: true ## Recoverable t.string :reset_password_token @@ -58,7 +58,7 @@ def self.up t.datetime :locked_at ## Attribute for testing route blocks - t.boolean :active, :default => false + t.boolean :active, default: false t.timestamps end diff --git a/test/rails_app/lib/shared_admin.rb b/test/rails_app/lib/shared_admin.rb index 0bb40a4bae..e8c293e56c 100644 --- a/test/rails_app/lib/shared_admin.rb +++ b/test/rails_app/lib/shared_admin.rb @@ -4,11 +4,11 @@ module SharedAdmin included do devise :database_authenticatable, :registerable, :timeoutable, :recoverable, :lockable, :confirmable, - :unlock_strategy => :time, :lock_strategy => :none, - :allow_unconfirmed_access_for => 2.weeks, :reconfirmable => true + unlock_strategy: :time, lock_strategy: :none, + allow_unconfirmed_access_for: 2.weeks, reconfirmable: true - validates_length_of :reset_password_token, :minimum => 3, :allow_blank => true - validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed? + validates_length_of :reset_password_token, minimum: 3, allow_blank: true + validates_uniqueness_of :email, allow_blank: true, if: :email_changed? end def raw_confirmation_token diff --git a/test/routes_test.rb b/test/routes_test.rb index 3376e9149c..33cd63c716 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -4,107 +4,107 @@ class DefaultRoutingTest < ActionController::TestCase test 'map new user session' do - assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => 'users/sign_in', :method => :get}) + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: 'users/sign_in', method: :get}) assert_named_route "/users/sign_in", :new_user_session_path end test 'map create user session' do - assert_recognizes({:controller => 'devise/sessions', :action => 'create'}, {:path => 'users/sign_in', :method => :post}) + assert_recognizes({controller: 'devise/sessions', action: 'create'}, {path: 'users/sign_in', method: :post}) assert_named_route "/users/sign_in", :user_session_path end test 'map destroy user session' do - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => 'users/sign_out', :method => :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/sign_out', method: :get}) assert_named_route "/users/sign_out", :destroy_user_session_path end test 'map new user confirmation' do - assert_recognizes({:controller => 'devise/confirmations', :action => 'new'}, 'users/confirmation/new') + assert_recognizes({controller: 'devise/confirmations', action: 'new'}, 'users/confirmation/new') assert_named_route "/users/confirmation/new", :new_user_confirmation_path end test 'map create user confirmation' do - assert_recognizes({:controller => 'devise/confirmations', :action => 'create'}, {:path => 'users/confirmation', :method => :post}) + assert_recognizes({controller: 'devise/confirmations', action: 'create'}, {path: 'users/confirmation', method: :post}) assert_named_route "/users/confirmation", :user_confirmation_path end test 'map show user confirmation' do - assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => 'users/confirmation', :method => :get}) + assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: 'users/confirmation', method: :get}) end test 'map new user password' do - assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'users/password/new') + assert_recognizes({controller: 'devise/passwords', action: 'new'}, 'users/password/new') assert_named_route "/users/password/new", :new_user_password_path end test 'map create user password' do - assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => 'users/password', :method => :post}) + assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: 'users/password', method: :post}) assert_named_route "/users/password", :user_password_path end test 'map edit user password' do - assert_recognizes({:controller => 'devise/passwords', :action => 'edit'}, 'users/password/edit') + assert_recognizes({controller: 'devise/passwords', action: 'edit'}, 'users/password/edit') assert_named_route "/users/password/edit", :edit_user_password_path end test 'map update user password' do - assert_recognizes({:controller => 'devise/passwords', :action => 'update'}, {:path => 'users/password', :method => :put}) + assert_recognizes({controller: 'devise/passwords', action: 'update'}, {path: 'users/password', method: :put}) end test 'map new user unlock' do - assert_recognizes({:controller => 'devise/unlocks', :action => 'new'}, 'users/unlock/new') + assert_recognizes({controller: 'devise/unlocks', action: 'new'}, 'users/unlock/new') assert_named_route "/users/unlock/new", :new_user_unlock_path end test 'map create user unlock' do - assert_recognizes({:controller => 'devise/unlocks', :action => 'create'}, {:path => 'users/unlock', :method => :post}) + assert_recognizes({controller: 'devise/unlocks', action: 'create'}, {path: 'users/unlock', method: :post}) assert_named_route "/users/unlock", :user_unlock_path end test 'map show user unlock' do - assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => 'users/unlock', :method => :get}) + assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: 'users/unlock', method: :get}) end test 'map new user registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, 'users/sign_up') + assert_recognizes({controller: 'devise/registrations', action: 'new'}, 'users/sign_up') assert_named_route "/users/sign_up", :new_user_registration_path end test 'map create user registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'create'}, {:path => 'users', :method => :post}) + assert_recognizes({controller: 'devise/registrations', action: 'create'}, {path: 'users', method: :post}) assert_named_route "/users", :user_registration_path end test 'map edit user registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'edit'}, {:path => 'users/edit', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'edit'}, {path: 'users/edit', method: :get}) assert_named_route "/users/edit", :edit_user_registration_path end test 'map update user registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'update'}, {:path => 'users', :method => :put}) + assert_recognizes({controller: 'devise/registrations', action: 'update'}, {path: 'users', method: :put}) end test 'map destroy user registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'destroy'}, {:path => 'users', :method => :delete}) + assert_recognizes({controller: 'devise/registrations', action: 'destroy'}, {path: 'users', method: :delete}) end test 'map cancel user registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'cancel'}, {:path => 'users/cancel', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'cancel'}, {path: 'users/cancel', method: :get}) assert_named_route "/users/cancel", :cancel_user_registration_path end test 'map omniauth callbacks' do - assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'facebook'}, {:path => 'users/auth/facebook/callback', :method => :get}) - assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'facebook'}, {:path => 'users/auth/facebook/callback', :method => :post}) + assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :get}) + assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :post}) assert_named_route "/users/auth/facebook/callback", :user_omniauth_callback_path, :facebook # named open_id - assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'google'}, {:path => 'users/auth/google/callback', :method => :get}) - assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'google'}, {:path => 'users/auth/google/callback', :method => :post}) + assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :get}) + assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :post}) assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'ysers/omniauth_callbacks', :action => 'twitter'}, {:path => 'users/auth/twitter/callback', :method => :get}) + assert_recognizes({controller: 'ysers/omniauth_callbacks', action: 'twitter'}, {path: 'users/auth/twitter/callback', method: :get}) end end @@ -117,122 +117,122 @@ def assert_named_route(result, *args) class CustomizedRoutingTest < ActionController::TestCase test 'map admin with :path option' do - assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'admin_area/sign_up', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: 'admin_area/sign_up', method: :get}) end test 'map admin with :controllers option' do - assert_recognizes({:controller => 'admins/sessions', :action => 'new'}, {:path => 'admin_area/sign_in', :method => :get}) + assert_recognizes({controller: 'admins/sessions', action: 'new'}, {path: 'admin_area/sign_in', method: :get}) end test 'does not map admin password' do assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'admin_area/password/new') + assert_recognizes({controller: 'devise/passwords', action: 'new'}, 'admin_area/password/new') end end test 'subdomain admin' do - assert_recognizes({"host"=>"sub.example.com", :controller => 'devise/sessions', :action => 'new'}, {:host => "sub.example.com", :path => '/sub_admin/sign_in', :method => :get}) + assert_recognizes({"host"=>"sub.example.com", controller: 'devise/sessions', action: 'new'}, {host: "sub.example.com", path: '/sub_admin/sign_in', method: :get}) end test 'does only map reader password' do assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, 'reader/sessions/new') + assert_recognizes({controller: 'devise/sessions', action: 'new'}, 'reader/sessions/new') end - assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'reader/password/new') + assert_recognizes({controller: 'devise/passwords', action: 'new'}, 'reader/password/new') end test 'map account with custom path name for session sign in' do - assert_recognizes({:controller => 'devise/sessions', :action => 'new', :locale => 'en'}, '/en/accounts/login') + assert_recognizes({controller: 'devise/sessions', action: 'new', locale: 'en'}, '/en/accounts/login') end test 'map account with custom path name for session sign out' do - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy', :locale => 'en'}, '/en/accounts/logout') + assert_recognizes({controller: 'devise/sessions', action: 'destroy', locale: 'en'}, '/en/accounts/logout') end test 'map account with custom path name for password' do - assert_recognizes({:controller => 'devise/passwords', :action => 'new', :locale => 'en'}, '/en/accounts/secret/new') + assert_recognizes({controller: 'devise/passwords', action: 'new', locale: 'en'}, '/en/accounts/secret/new') end test 'map account with custom path name for registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'new', :locale => 'en'}, '/en/accounts/management/register') + assert_recognizes({controller: 'devise/registrations', action: 'new', locale: 'en'}, '/en/accounts/management/register') end test 'map account with custom path name for edit registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'edit', :locale => 'en'}, '/en/accounts/management/edit/profile') + assert_recognizes({controller: 'devise/registrations', action: 'edit', locale: 'en'}, '/en/accounts/management/edit/profile') end test 'map account with custom path name for cancel registration' do - assert_recognizes({:controller => 'devise/registrations', :action => 'cancel', :locale => 'en'}, '/en/accounts/management/giveup') + assert_recognizes({controller: 'devise/registrations', action: 'cancel', locale: 'en'}, '/en/accounts/management/giveup') end test 'map deletes with :sign_out_via option' do - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :delete}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/sign_out', method: :delete}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/sign_out', method: :get}) end end test 'map posts with :sign_out_via option' do - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :post}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/sign_out', method: :post}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/sign_out', method: :get}) end end test 'map delete_or_posts with :sign_out_via option' do - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :post}) - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :delete}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :post}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :delete}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :get}) end end test 'map with constraints defined in hash' do - assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/headquarters/sign_up', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: 'http://192.168.1.100/headquarters/sign_up', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100/headquarters/sign_up', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: 'http://10.0.0.100/headquarters/sign_up', method: :get}) end end test 'map with constraints defined in block' do - assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/homebase/sign_up', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: 'http://192.168.1.100/homebase/sign_up', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100//homebase/sign_up', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: 'http://10.0.0.100//homebase/sign_up', method: :get}) end end test 'map with format false for sessions' do - assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in', :method => :get}) + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in.xml', :method => :get}) + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in.xml', method: :get}) end end test 'map with format false for passwords' do - assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password', :method => :post}) + assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: '/htmlonly_admin/password', method: :post}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password.xml', :method => :post}) + assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: '/htmlonly_admin/password.xml', method: :post}) end end test 'map with format false for registrations' do - assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: '/htmlonly_admin/sign_up', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up.xml', :method => :get}) + assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: '/htmlonly_admin/sign_up.xml', method: :get}) end end test 'map with format false for confirmations' do - assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation', :method => :get}) + assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: '/htmlonly_users/confirmation', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation.xml', :method => :get}) + assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: '/htmlonly_users/confirmation.xml', method: :get}) end end test 'map with format false for unlocks' do - assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock', :method => :get}) + assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: '/htmlonly_users/unlock', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock.xml', :method => :get}) + assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: '/htmlonly_users/unlock.xml', method: :get}) end end @@ -251,12 +251,12 @@ class CustomizedRoutingTest < ActionController::TestCase class ScopedRoutingTest < ActionController::TestCase test 'map publisher account' do - assert_recognizes({:controller => 'publisher/registrations', :action => 'new'}, {:path => '/publisher/accounts/sign_up', :method => :get}) + assert_recognizes({controller: 'publisher/registrations', action: 'new'}, {path: '/publisher/accounts/sign_up', method: :get}) assert_equal '/publisher/accounts/sign_up', @routes.url_helpers.new_publisher_account_registration_path end test 'map publisher account merges path names' do - assert_recognizes({:controller => 'publisher/sessions', :action => 'new'}, {:path => '/publisher/accounts/get_in', :method => :get}) + assert_recognizes({controller: 'publisher/sessions', action: 'new'}, {path: '/publisher/accounts/get_in', method: :get}) assert_equal '/publisher/accounts/get_in', @routes.url_helpers.new_publisher_account_session_path end end diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 375d3c3f35..4eb0db8674 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -23,10 +23,10 @@ def generate_unique_email end def valid_attributes(attributes={}) - { :username => "usertest", - :email => generate_unique_email, - :password => '12345678', - :password_confirmation => '12345678' }.update(attributes) + { username: "usertest", + email: generate_unique_email, + password: '12345678', + password_confirmation: '12345678' }.update(attributes) end def new_user(attributes={}) diff --git a/test/support/integration.rb b/test/support/integration.rb index 9a451c531f..245b0e4256 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -8,11 +8,11 @@ def warden def create_user(options={}) @user ||= begin user = User.create!( - :username => 'usertest', - :email => options[:email] || 'user@test.com', - :password => options[:password] || '12345678', - :password_confirmation => options[:password] || '12345678', - :created_at => Time.now.utc + username: 'usertest', + email: options[:email] || 'user@test.com', + password: options[:password] || '12345678', + password_confirmation: options[:password] || '12345678', + created_at: Time.now.utc ) user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at] user.confirm! unless options[:confirm] == false @@ -24,9 +24,9 @@ def create_user(options={}) def create_admin(options={}) @admin ||= begin admin = Admin.create!( - :email => options[:email] || 'admin@test.com', - :password => '123456', :password_confirmation => '123456', - :active => options[:active] + email: options[:email] || 'admin@test.com', + password: '123456', password_confirmation: '123456', + active: options[:active] ) admin.confirm! unless options[:confirm] == false admin @@ -36,8 +36,8 @@ def create_admin(options={}) def sign_in_as_user(options={}, &block) user = create_user(options) visit_with_option options[:visit], new_user_session_path - fill_in 'email', :with => options[:email] || 'user@test.com' - fill_in 'password', :with => options[:password] || '12345678' + fill_in 'email', with: options[:email] || 'user@test.com' + fill_in 'password', with: options[:password] || '12345678' check 'remember me' if options[:remember_me] == true yield if block_given? click_button 'Sign In' @@ -47,8 +47,8 @@ def sign_in_as_user(options={}, &block) def sign_in_as_admin(options={}, &block) admin = create_admin(options) visit_with_option options[:visit], new_admin_session_path - fill_in 'email', :with => 'admin@test.com' - fill_in 'password', :with => '123456' + fill_in 'email', with: 'admin@test.com' + fill_in 'password', with: '123456' yield if block_given? click_button 'Sign In' admin diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index 7db2c6f8bf..b0d523da53 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -17,7 +17,7 @@ def redirect end test "redirects if attempting to access a page with an unconfirmed account" do - swap Devise, :allow_unconfirmed_access_for => 0.days do + swap Devise, allow_unconfirmed_access_for: 0.days do user = create_user assert !user.active_for_authentication? @@ -28,12 +28,12 @@ def redirect end test "returns nil if accessing current_user with an unconfirmed account" do - swap Devise, :allow_unconfirmed_access_for => 0.days do + swap Devise, allow_unconfirmed_access_for: 0.days do user = create_user assert !user.active_for_authentication? sign_in user - get :accept, :id => user + get :accept, id: user assert_nil assigns(:current_user) end end diff --git a/test/test_models.rb b/test/test_models.rb index ec3710fca6..ee19b84aed 100644 --- a/test/test_models.rb +++ b/test/test_models.rb @@ -1,11 +1,11 @@ class Configurable < User devise :database_authenticatable, :confirmable, :rememberable, :timeoutable, :lockable, - :stretches => 15, :pepper => 'abcdef', :allow_unconfirmed_access_for => 5.days, - :remember_for => 7.days, :timeout_in => 15.minutes, :unlock_in => 10.days + stretches: 15, pepper: 'abcdef', allow_unconfirmed_access_for: 5.days, + remember_for: 7.days, timeout_in: 15.minutes, unlock_in: 10.days end class WithValidation < Admin - devise :database_authenticatable, :validatable, :password_length => 2..6 + devise :database_authenticatable, :validatable, password_length: 2..6 end class UserWithValidation < User @@ -20,8 +20,8 @@ def password_digest(password) end class UserWithVirtualAttributes < User - devise :case_insensitive_keys => [ :email, :email_confirmation ] - validates :email, :presence => true, :confirmation => {:on => :create} + devise case_insensitive_keys: [ :email, :email_confirmation ] + validates :email, presence: true, confirmation: {on: :create} end class Several < Admin From aea82d0b03a8aa150be8f692bf880d140e477d2e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 25 Feb 2014 14:25:55 -0300 Subject: [PATCH 0411/1473] Update remaning 1.8 hash syntax. --- Gemfile | 4 ++-- Rakefile | 2 +- app/views/devise/confirmations/new.html.erb | 4 ++-- .../devise/mailer/confirmation_instructions.html.erb | 2 +- .../mailer/reset_password_instructions.html.erb | 2 +- app/views/devise/mailer/unlock_instructions.html.erb | 2 +- app/views/devise/passwords/edit.html.erb | 6 +++--- app/views/devise/passwords/new.html.erb | 4 ++-- app/views/devise/registrations/edit.html.erb | 12 ++++++------ app/views/devise/registrations/new.html.erb | 8 ++++---- app/views/devise/sessions/new.html.erb | 6 +++--- app/views/devise/unlocks/new.html.erb | 4 ++-- gemfiles/Gemfile.rails-3.2-stable | 6 +++--- gemfiles/Gemfile.rails-4.0-stable | 6 +++--- gemfiles/Gemfile.rails-head | 6 +++--- lib/generators/templates/README | 4 ++-- .../markerb/confirmation_instructions.markerb | 2 +- .../markerb/reset_password_instructions.markerb | 2 +- .../templates/markerb/unlock_instructions.markerb | 2 +- .../simple_form_for/confirmations/new.html.erb | 4 ++-- .../simple_form_for/passwords/edit.html.erb | 8 ++++---- .../templates/simple_form_for/passwords/new.html.erb | 4 ++-- .../simple_form_for/registrations/edit.html.erb | 12 ++++++------ .../simple_form_for/registrations/new.html.erb | 8 ++++---- .../templates/simple_form_for/sessions/new.html.erb | 8 ++++---- .../templates/simple_form_for/unlocks/new.html.erb | 4 ++-- .../rails_app/app/views/admins/sessions/new.html.erb | 2 +- .../rails_app/app/views/layouts/application.html.erb | 2 +- 28 files changed, 68 insertions(+), 68 deletions(-) diff --git a/Gemfile b/Gemfile index ef8624c26d..fa3db7b1b1 100644 --- a/Gemfile +++ b/Gemfile @@ -10,8 +10,8 @@ gem "rdoc" group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.3", :require => false - gem "mocha", "~> 0.13.1", :require => false + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 0.13.1", require: false end platforms :jruby do diff --git a/Rakefile b/Rakefile index 9439d3ddcf..553344b457 100644 --- a/Rakefile +++ b/Rakefile @@ -4,7 +4,7 @@ require 'rake/testtask' require 'rdoc/task' desc 'Default: run tests for all ORMs.' -task :default => :test +task default: :test desc 'Run Devise tests for all ORMs.' task :pre_commit do diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index 9c27eb72ca..65ba288037 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -1,10 +1,10 @@

Resend confirmation instructions

-<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %> +<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %>
<%= f.label :email %>
- <%= f.email_field :email, :autofocus => true %>
+ <%= f.email_field :email, autofocus: true %>
<%= f.submit "Resend confirmation instructions" %>
<% end %> diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb index 36670f9130..dc55f64f69 100644 --- a/app/views/devise/mailer/confirmation_instructions.html.erb +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -2,4 +2,4 @@

You can confirm your account email through the link below:

-

<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %>

+

<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>

diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb index 93de6d05d2..f667dc12fe 100644 --- a/app/views/devise/mailer/reset_password_instructions.html.erb +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -2,7 +2,7 @@

Someone has requested a link to change your password. You can do this through the link below.

-

<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %>

+

<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>

If you didn't request this, please ignore this email.

Your password won't change until you access the link above and create a new one.

diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb index f59615fed3..41e148bf2a 100644 --- a/app/views/devise/mailer/unlock_instructions.html.erb +++ b/app/views/devise/mailer/unlock_instructions.html.erb @@ -4,4 +4,4 @@

Click the link below to unlock your account:

-

<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %>

+

<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>

diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 70fb241b0b..553509886e 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -1,14 +1,14 @@

Change your password

-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %> +<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> <%= devise_error_messages! %> <%= f.hidden_field :reset_password_token %>
<%= f.label :password, "New password" %>
- <%= f.password_field :password, :autofocus => true, :autocomplete => "off" %>
+ <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
<%= f.label :password_confirmation, "Confirm new password" %>
- <%= f.password_field :password_confirmation, :autocomplete => "off" %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %>
<%= f.submit "Change my password" %>
<% end %> diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 5a400df1fa..ea1d46e3d8 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -1,10 +1,10 @@

Forgot your password?

-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %> +<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %>
<%= f.label :email %>
- <%= f.email_field :email, :autofocus => true %>
+ <%= f.email_field :email, autofocus: true %>
<%= f.submit "Send me reset password instructions" %>
<% end %> diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index c251d4fdef..808d62c9ee 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -1,29 +1,29 @@

Edit <%= resource_name.to_s.humanize %>

-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %> +<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> <%= devise_error_messages! %>
<%= f.label :email %>
- <%= f.email_field :email, :autofocus => true %>
+ <%= f.email_field :email, autofocus: true %> <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
Currently waiting confirmation for: <%= resource.unconfirmed_email %>
<% end %>
<%= f.label :password %> (leave blank if you don't want to change it)
- <%= f.password_field :password, :autocomplete => "off" %>
+ <%= f.password_field :password, autocomplete: "off" %>
<%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, :autocomplete => "off" %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %>
<%= f.label :current_password %> (we need your current password to confirm your changes)
- <%= f.password_field :current_password, :autocomplete => "off" %>
+ <%= f.password_field :current_password, autocomplete: "off" %>
<%= f.submit "Update" %>
<% end %>

Cancel my account

-

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>

+

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

<%= link_to "Back", :back %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 53ce805156..234de913ad 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -1,16 +1,16 @@

Sign up

-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %> +<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> <%= devise_error_messages! %>
<%= f.label :email %>
- <%= f.email_field :email, :autofocus => true %>
+ <%= f.email_field :email, autofocus: true %>
<%= f.label :password %>
- <%= f.password_field :password, :autocomplete => "off" %>
+ <%= f.password_field :password, autocomplete: "off" %>
<%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, :autocomplete => "off" %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %>
<%= f.submit "Sign up" %>
<% end %> diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index bc7adb4234..f151ac1da4 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,11 +1,11 @@

Sign in

-<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %> +<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<%= f.label :email %>
- <%= f.email_field :email, :autofocus => true %>
+ <%= f.email_field :email, autofocus: true %>
<%= f.label :password %>
- <%= f.password_field :password, :autocomplete => "off" %>
+ <%= f.password_field :password, autocomplete: "off" %> <% if devise_mapping.rememberable? -%>
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb index 020787f8ea..6fb5612bf8 100644 --- a/app/views/devise/unlocks/new.html.erb +++ b/app/views/devise/unlocks/new.html.erb @@ -1,10 +1,10 @@

Resend unlock instructions

-<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %> +<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %>
<%= f.label :email %>
- <%= f.email_field :email, :autofocus => true %>
+ <%= f.email_field :email, autofocus: true %>
<%= f.submit "Resend unlock instructions" %>
<% end %> diff --git a/gemfiles/Gemfile.rails-3.2-stable b/gemfiles/Gemfile.rails-3.2-stable index 38ecac8f6e..935e4271aa 100644 --- a/gemfiles/Gemfile.rails-3.2-stable +++ b/gemfiles/Gemfile.rails-3.2-stable @@ -1,6 +1,6 @@ source "https://rubygems.org" -gemspec :path => '..' +gemspec path: '..' gem "rails", github: 'rails/rails', branch: '3-2-stable' gem "omniauth", "~> 1.0.0" @@ -10,8 +10,8 @@ gem "rdoc" group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.3", :require => false - gem "mocha", "~> 0.13.1", :require => false + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 0.13.1", require: false end platforms :jruby do diff --git a/gemfiles/Gemfile.rails-4.0-stable b/gemfiles/Gemfile.rails-4.0-stable index 140edd06fc..2c514031e7 100644 --- a/gemfiles/Gemfile.rails-4.0-stable +++ b/gemfiles/Gemfile.rails-4.0-stable @@ -1,6 +1,6 @@ source "https://rubygems.org" -gemspec :path => '..' +gemspec path: '..' gem "rails", github: 'rails/rails', branch: '4-0-stable' gem "omniauth", "~> 1.0.0" @@ -10,8 +10,8 @@ gem "rdoc" group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.3", :require => false - gem "mocha", "~> 0.13.1", :require => false + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 0.13.1", require: false end platforms :jruby do diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index 455a3df52f..c0b1d996cd 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -1,6 +1,6 @@ source "https://rubygems.org" -gemspec :path => '..' +gemspec path: '..' gem "rails", github: 'rails/rails' gem "omniauth", "~> 1.0.0" @@ -10,8 +10,8 @@ gem "rdoc" group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.3", :require => false - gem "mocha", "~> 0.14", :require => false + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 0.14", require: false end platforms :jruby do diff --git a/lib/generators/templates/README b/lib/generators/templates/README index f50fbb78e9..ba3ca6c853 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -6,14 +6,14 @@ Some setup you must do manually if you haven't yet: is an example of default_url_options appropriate for a development environment in config/environments/development.rb: - config.action_mailer.default_url_options = { :host => 'localhost:3000' } + config.action_mailer.default_url_options = { host: 'localhost:3000' } In production, :host should be set to the actual host of your application. 2. Ensure you have defined root_url to *something* in your config/routes.rb. For example: - root :to => "home#index" + root to: "home#index" 3. Ensure you have flash messages in app/views/layouts/application.html.erb. For example: diff --git a/lib/generators/templates/markerb/confirmation_instructions.markerb b/lib/generators/templates/markerb/confirmation_instructions.markerb index 8f152996d2..fe73f001db 100644 --- a/lib/generators/templates/markerb/confirmation_instructions.markerb +++ b/lib/generators/templates/markerb/confirmation_instructions.markerb @@ -2,4 +2,4 @@ Welcome <%= @email %>! You can confirm your account through the link below: -<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %> +<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %> diff --git a/lib/generators/templates/markerb/reset_password_instructions.markerb b/lib/generators/templates/markerb/reset_password_instructions.markerb index d149c12467..b1ca47aed8 100644 --- a/lib/generators/templates/markerb/reset_password_instructions.markerb +++ b/lib/generators/templates/markerb/reset_password_instructions.markerb @@ -2,7 +2,7 @@ Hello <%= @resource.email %>! Someone has requested a link to change your password, and you can do this through the link below. -<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %> +<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %> If you didn't request this, please ignore this email. Your password won't change until you access the link above and create a new one. diff --git a/lib/generators/templates/markerb/unlock_instructions.markerb b/lib/generators/templates/markerb/unlock_instructions.markerb index 389db7e10e..e3ed33d072 100644 --- a/lib/generators/templates/markerb/unlock_instructions.markerb +++ b/lib/generators/templates/markerb/unlock_instructions.markerb @@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in Click the link below to unlock your account: -<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %> +<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %> diff --git a/lib/generators/templates/simple_form_for/confirmations/new.html.erb b/lib/generators/templates/simple_form_for/confirmations/new.html.erb index c80829ad2e..949b17277f 100644 --- a/lib/generators/templates/simple_form_for/confirmations/new.html.erb +++ b/lib/generators/templates/simple_form_for/confirmations/new.html.erb @@ -1,11 +1,11 @@

Resend confirmation instructions

-<%= simple_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %> +<%= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> <%= f.error_notification %> <%= f.full_error :confirmation_token %>
- <%= f.input :email, :required => true, :autofocus => true %> + <%= f.input :email, required: true, autofocus: true %>
diff --git a/lib/generators/templates/simple_form_for/passwords/edit.html.erb b/lib/generators/templates/simple_form_for/passwords/edit.html.erb index 5a2442a692..8f995edc49 100644 --- a/lib/generators/templates/simple_form_for/passwords/edit.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/edit.html.erb @@ -1,14 +1,14 @@

Change your password

-<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %> +<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> <%= f.error_notification %> - <%= f.input :reset_password_token, :as => :hidden %> + <%= f.input :reset_password_token, as: :hidden %> <%= f.full_error :reset_password_token %>
- <%= f.input :password, :label => "New password", :required => true, :autofocus => true %> - <%= f.input :password_confirmation, :label => "Confirm your new password", :required => true %> + <%= f.input :password, label: "New password", required: true, autofocus: true %> + <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
diff --git a/lib/generators/templates/simple_form_for/passwords/new.html.erb b/lib/generators/templates/simple_form_for/passwords/new.html.erb index b196bc90e2..d1503e7640 100644 --- a/lib/generators/templates/simple_form_for/passwords/new.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/new.html.erb @@ -1,10 +1,10 @@

Forgot your password?

-<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %> +<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> <%= f.error_notification %>
- <%= f.input :email, :required => true, :autofocus => true %> + <%= f.input :email, required: true, autofocus: true %>
diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index 6955c2c741..5db350b5c9 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -1,18 +1,18 @@

Edit <%= resource_name.to_s.humanize %>

-<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %> +<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> <%= f.error_notification %>
- <%= f.input :email, :required => true, :autofocus => true %> + <%= f.input :email, required: true, autofocus: true %> <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>

Currently waiting confirmation for: <%= resource.unconfirmed_email %>

<% end %> - <%= f.input :password, :autocomplete => "off", :hint => "leave it blank if you don't want to change it", :required => false %> - <%= f.input :password_confirmation, :required => false %> - <%= f.input :current_password, :hint => "we need your current password to confirm your changes", :required => true %> + <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %> + <%= f.input :password_confirmation, required: false %> + <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
@@ -22,6 +22,6 @@

Cancel my account

-

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %>

+

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

<%= link_to "Back", :back %> diff --git a/lib/generators/templates/simple_form_for/registrations/new.html.erb b/lib/generators/templates/simple_form_for/registrations/new.html.erb index 2665b08174..090fb295c0 100644 --- a/lib/generators/templates/simple_form_for/registrations/new.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/new.html.erb @@ -1,12 +1,12 @@

Sign up

-<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %> +<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> <%= f.error_notification %>
- <%= f.input :email, :required => true, :autofocus => true %> - <%= f.input :password, :required => true %> - <%= f.input :password_confirmation, :required => true %> + <%= f.input :email, required: true, autofocus: true %> + <%= f.input :password, required: true %> + <%= f.input :password_confirmation, required: true %>
diff --git a/lib/generators/templates/simple_form_for/sessions/new.html.erb b/lib/generators/templates/simple_form_for/sessions/new.html.erb index fa53ea87cc..c790b4988a 100644 --- a/lib/generators/templates/simple_form_for/sessions/new.html.erb +++ b/lib/generators/templates/simple_form_for/sessions/new.html.erb @@ -1,10 +1,10 @@

Sign in

-<%= simple_form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %> +<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
- <%= f.input :email, :required => false, :autofocus => true %> - <%= f.input :password, :required => false %> - <%= f.input :remember_me, :as => :boolean if devise_mapping.rememberable? %> + <%= f.input :email, required: false, autofocus: true %> + <%= f.input :password, required: false %> + <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %>
diff --git a/lib/generators/templates/simple_form_for/unlocks/new.html.erb b/lib/generators/templates/simple_form_for/unlocks/new.html.erb index 66495d6a96..788f62e9e7 100644 --- a/lib/generators/templates/simple_form_for/unlocks/new.html.erb +++ b/lib/generators/templates/simple_form_for/unlocks/new.html.erb @@ -1,11 +1,11 @@

Resend unlock instructions

-<%= simple_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %> +<%= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> <%= f.error_notification %> <%= f.full_error :unlock_token %>
- <%= f.input :email, :required => true, :autofocus => true %> + <%= f.input :email, required: true, autofocus: true %>
diff --git a/test/rails_app/app/views/admins/sessions/new.html.erb b/test/rails_app/app/views/admins/sessions/new.html.erb index b9953b17aa..75f3b860fa 100644 --- a/test/rails_app/app/views/admins/sessions/new.html.erb +++ b/test/rails_app/app/views/admins/sessions/new.html.erb @@ -1,2 +1,2 @@ Welcome to "sessions/new" view! -<%= render :file => "devise/sessions/new" %> +<%= render file: "devise/sessions/new" %> diff --git a/test/rails_app/app/views/layouts/application.html.erb b/test/rails_app/app/views/layouts/application.html.erb index 5a4c004829..cdd9fe1acb 100644 --- a/test/rails_app/app/views/layouts/application.html.erb +++ b/test/rails_app/app/views/layouts/application.html.erb @@ -7,7 +7,7 @@
<%- flash.each do |name, msg| -%> - <%= content_tag :div, msg, :id => "flash_#{name}" %> + <%= content_tag :div, msg, id: "flash_#{name}" %> <%- end -%> <% if user_signed_in? -%> From 00af1481f8716b08e5f1c053a4105b2427ba9dcb Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 28 Feb 2014 02:03:37 -0500 Subject: [PATCH 0412/1473] Grammar/content fixes for email confirmation language - account -> email address - was -> has been --- config/locales/en.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index abccdb087d..2433048b40 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -3,19 +3,19 @@ en: devise: confirmations: - confirmed: "Your account was successfully confirmed." - send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes." - send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." + confirmed: "Your email address has been successfully confirmed." + send_instructions: "You will receive an email with instructions about how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your email address in a few minutes." failure: already_authenticated: "You are already signed in." inactive: "Your account is not activated yet." invalid: "Invalid email or password." locked: "Your account is locked." - last_attempt: "You have one more attempt before your account will be locked." - not_found_in_database: "Invalid email or password." + last_attempt: "You have one more attempt before your account is locked." + not_found_in_database: "Invalid email address or password." timeout: "Your session expired. Please sign in again to continue." unauthenticated: "You need to sign in or sign up before continuing." - unconfirmed: "You have to confirm your account before continuing." + unconfirmed: "You have to confirm your email address before continuing." mailer: confirmation_instructions: subject: "Confirmation instructions" @@ -30,22 +30,22 @@ en: no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." - updated: "Your password was changed successfully. You are now signed in." - updated_not_active: "Your password was changed successfully." + updated: "Your password has been changed successfully. You are now signed in." + updated_not_active: "Your password has been changed successfully." registrations: - destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon." + destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." signed_up: "Welcome! You have signed up successfully." signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." - signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account." - update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address." - updated: "You updated your account successfully." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + updated: "Your account has been updated successfully." sessions: signed_in: "Signed in successfully." signed_out: "Signed out successfully." unlocks: - send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes." - send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes." + send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." unlocked: "Your account has been unlocked successfully. Please sign in to continue." errors: messages: From 1a87fd6477b7070c46a58648dba426715ad48e9f Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 28 Feb 2014 02:04:35 -0500 Subject: [PATCH 0413/1473] All other text does not use camel case --- config/locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 2433048b40..023033b657 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -22,7 +22,7 @@ en: reset_password_instructions: subject: "Reset password instructions" unlock_instructions: - subject: "Unlock Instructions" + subject: "Unlock instructions" omniauth_callbacks: failure: "Could not authenticate you from %{kind} because \"%{reason}\"." success: "Successfully authenticated from %{kind} account." From dbddce6acd8e1324dc44262c39b8e1396bd636a6 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 28 Feb 2014 15:12:07 -0500 Subject: [PATCH 0414/1473] Missed some "instructions about" -> for --- config/locales/en.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 023033b657..54e936ba98 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -4,8 +4,8 @@ en: devise: confirmations: confirmed: "Your email address has been successfully confirmed." - send_instructions: "You will receive an email with instructions about how to confirm your email address in a few minutes." - send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your email address in a few minutes." + send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." failure: already_authenticated: "You are already signed in." inactive: "Your account is not activated yet." From a89af190e2e80a8f0a5970a01383406da76ab795 Mon Sep 17 00:00:00 2001 From: Peter Vandenabeele Date: Sun, 2 Mar 2014 15:22:59 +0100 Subject: [PATCH 0415/1473] Fix typo in initializer template comment --- lib/generators/templates/devise.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index b56ef580db..55d7c26f74 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -119,8 +119,8 @@ # If true, requires any email changes to be confirmed (exactly the same way as # initial account confirmation) to be applied. Requires additional unconfirmed_email - # db field (see migrations). Until confirmed new email is stored in - # unconfirmed email column, and copied to email column on successful confirmation. + # db field (see migrations). Until confirmed, new email is stored in + # unconfirmed_email column, and copied to email column on successful confirmation. config.reconfirmable = true # Defines which key will be used when confirming an account From 286eefa9b41f23201f6c2917399e7bb2312d395c Mon Sep 17 00:00:00 2001 From: Peter Vandenabeele Date: Sun, 2 Mar 2014 18:52:01 +0100 Subject: [PATCH 0416/1473] Note that the cost of bcrypt grows dramatically with number of stretches * this will avoid people (like me) loosing an hour trying to understand why doing it "a little bit safer" with 20 stretches suddenly takes 60 seconds to do sign_up or sign_in. An example of such discussion is: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/399627 --- lib/generators/templates/devise.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 55d7c26f74..c3bfba62a6 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -95,7 +95,9 @@ # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use - # a value less than 10 in other environments. + # a value less than 10 in other environments. Note that the cost increases + # exponentially with the number of stretches. A value of 20 is probably way + # too slow (e.g. 60 seconds for 1 calculation). config.stretches = Rails.env.test? ? 1 : 10 # Setup a pepper to generate the encrypted password. From 7e6dd5022b1555ac13fb2d5ce75044d6bfa63797 Mon Sep 17 00:00:00 2001 From: Peter Vandenabeele Date: Sun, 2 Mar 2014 20:23:57 +0100 Subject: [PATCH 0417/1473] Clarify that this stretch behavior is for bcrypt * other encryptors show a different behavior regarding the number of stretches --- lib/generators/templates/devise.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index c3bfba62a6..0b1925b363 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -95,9 +95,9 @@ # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use - # a value less than 10 in other environments. Note that the cost increases - # exponentially with the number of stretches. A value of 20 is probably way - # too slow (e.g. 60 seconds for 1 calculation). + # a value less than 10 in other environments. Note that, for bcrypt (the default + # encryptor), the cost increases exponentially with the number of stretches (e.g. + # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). config.stretches = Rails.env.test? ? 1 : 10 # Setup a pepper to generate the encrypted password. From 47845e44a2f085cfb360c9270e85647a5cb59d40 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 28 Feb 2014 15:18:22 -0500 Subject: [PATCH 0418/1473] Chase language changes in tests --- test/failure_app_test.rb | 2 +- test/integration/confirmable_test.rb | 18 +++++++++--------- test/integration/http_authenticatable_test.rb | 2 +- test/integration/lockable_test.rb | 8 ++++---- test/integration/recoverable_test.rb | 10 +++++----- test/integration/registerable_test.rb | 14 +++++++------- 6 files changed, 27 insertions(+), 27 deletions(-) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index a057b1da8d..bbf08d0ee2 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -215,7 +215,7 @@ def call_failure(env_params={}) } call_failure(env) assert @response.third.body.include?('

Sign in

') - assert @response.third.body.include?('You have to confirm your account before continuing.') + assert @response.third.body.include?('You have to confirm your email address before continuing.') end test 'calls the original controller if inactive account' do diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 510bf12b86..2652c89af6 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -21,7 +21,7 @@ def resend_confirmation resend_confirmation assert_current_url '/users/sign_in' - assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes' + assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes' assert_equal 1, ActionMailer::Base.deliveries.size assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from end @@ -56,7 +56,7 @@ def resend_confirmation assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) - assert_contain 'Your account was successfully confirmed.' + assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/users/sign_in' assert user.reload.confirmed? end @@ -98,7 +98,7 @@ def resend_confirmation swap Devise, allow_unconfirmed_access_for: 0.days do sign_in_as_user(confirm: false) - assert_contain 'You have to confirm your account before continuing' + assert_contain 'You have to confirm your email address before continuing' assert_not warden.authenticated?(:user) end end @@ -128,7 +128,7 @@ def resend_confirmation user = sign_in_as_user(confirm: false) visit_user_confirmation_with_token(user.raw_confirmation_token) - assert_contain 'Your account was successfully confirmed.' + assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/' end end @@ -187,7 +187,7 @@ def resend_confirmation fill_in 'email', with: user.email click_button 'Resend confirmation instructions' - assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." + assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." assert_current_url "/users/sign_in" end end @@ -203,7 +203,7 @@ def resend_confirmation assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "Email not found" - assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." + assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." assert_current_url "/users/sign_in" end end @@ -232,7 +232,7 @@ def visit_admin_confirmation_with_token(confirmation_token) end assert_current_url '/admin_area/sign_in' - assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes' + assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes' end test 'admin with valid confirmation token should be able to confirm email after email changed' do @@ -241,7 +241,7 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_equal 'new_test@example.com', admin.unconfirmed_email visit_admin_confirmation_with_token(admin.raw_confirmation_token) - assert_contain 'Your account was successfully confirmed.' + assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? assert_not admin.reload.pending_reconfirmation? @@ -263,7 +263,7 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_contain(/Confirmation token(.*)invalid/) visit_admin_confirmation_with_token(admin.raw_confirmation_token) - assert_contain 'Your account was successfully confirmed.' + assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? assert_not admin.reload.pending_reconfirmation? diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index aad51f62c7..b7e770e14d 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -42,7 +42,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest sign_in_as_new_user_with_http("unknown") assert_equal 401, status assert_equal "application/xml; charset=utf-8", headers["Content-Type"] - assert_match "Invalid email or password.", response.body + assert_match "Invalid email address or password.", response.body end test 'returns a custom response with www-authenticate and chosen realm' do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 5fad5d3d34..813135e61c 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -22,7 +22,7 @@ def send_unlock_request send_unlock_request assert_template 'sessions/new' - assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes' + assert_contain 'You will receive an email with instructions for how to unlock your account in a few minutes' mail = ActionMailer::Base.deliveries.last assert_equal 1, ActionMailer::Base.deliveries.size @@ -182,7 +182,7 @@ def send_unlock_request click_button 'Resend unlock instructions' assert_current_url "/users/sign_in" - assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes." + assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." end end @@ -197,7 +197,7 @@ def send_unlock_request click_button 'Resend unlock instructions' assert_current_url "/users/sign_in" - assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes." + assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." end end @@ -213,7 +213,7 @@ def send_unlock_request assert_not_contain "Email not found" assert_current_url "/users/sign_in" - assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes." + assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." end end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 0bd5019c1e..004748eff7 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -171,7 +171,7 @@ def reset_password(options={}, &block) reset_password assert_current_url '/' - assert_contain 'Your password was changed successfully. You are now signed in.' + assert_contain 'Your password has been changed successfully. You are now signed in.' assert user.reload.valid_password?('987654321') end @@ -185,7 +185,7 @@ def reset_password(options={}, &block) assert_not user.reload.valid_password?('987654321') reset_password visit: false - assert_contain 'Your password was changed successfully.' + assert_contain 'Your password has been changed successfully.' assert user.reload.valid_password?('987654321') end @@ -204,7 +204,7 @@ def reset_password(options={}, &block) request_forgot_password reset_password - assert_contain 'Your password was changed successfully.' + assert_contain 'Your password has been changed successfully.' assert_not_contain 'You are now signed in.' assert_equal new_user_session_path, @request.path assert !warden.authenticated?(:user) @@ -218,7 +218,7 @@ def reset_password(options={}, &block) request_forgot_password reset_password - assert_contain 'Your password was changed successfully.' + assert_contain 'Your password has been changed successfully.' assert !user.reload.access_locked? assert warden.authenticated?(:user) end @@ -230,7 +230,7 @@ def reset_password(options={}, &block) request_forgot_password reset_password - assert_contain 'Your password was changed successfully.' + assert_contain 'Your password has been changed successfully.' assert !user.reload.access_locked? assert warden.authenticated?(:user) end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index ff3a1728f9..221a0d8bc3 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -50,7 +50,7 @@ def user_sign_up test 'a guest user should be able to sign up successfully and be blocked by confirmation' do user_sign_up - assert_contain 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.' + assert_contain 'A message with a confirmation link has been sent to your email address. Please follow the link to activate your account.' assert_not_contain 'You have to confirm your account before continuing' assert_current_url "/" @@ -149,7 +149,7 @@ def user_sign_up click_button 'Update' assert_current_url '/' - assert_contain 'You updated your account successfully.' + assert_contain 'Your account has been updated successfully.' assert_equal "user.new@example.com", User.first.email end @@ -163,7 +163,7 @@ def user_sign_up fill_in 'current password', with: '12345678' click_button 'Update' - assert_contain 'You updated your account successfully.' + assert_contain 'Your account has been updated successfully.' get users_path assert warden.authenticated?(:user) end @@ -193,7 +193,7 @@ def user_sign_up click_button 'Update' assert_current_url '/' - assert_contain 'You updated your account successfully.' + assert_contain 'Your account has been updated successfully.' assert User.first.valid_password?('pass1234') end @@ -217,7 +217,7 @@ def user_sign_up get edit_user_registration_path click_button "Cancel my account" - assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon." + assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon." assert User.all.empty? end @@ -321,7 +321,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest click_button 'Update' assert_current_url '/admin_area/home' - assert_contain 'You updated your account successfully.' + assert_contain 'Your account has been updated successfully.' assert Admin.first.valid_password?('pas123') end @@ -341,7 +341,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest click_button 'Update' assert_current_url '/admin_area/home' - assert_contain 'You updated your account successfully.' + assert_contain 'Your account has been updated successfully.' assert_equal "admin.new@example.com", Admin.first.unconfirmed_email assert Admin.first.valid_password?('pas123') From 0d06ed6c79fd439a8b433adf97ad36666ab9aec9 Mon Sep 17 00:00:00 2001 From: Greg Cobb and Molly Trombley-McCann Date: Mon, 3 Mar 2014 09:30:00 -0800 Subject: [PATCH 0419/1473] WIP --- lib/generators/devise/views_generator.rb | 8 ++++++++ test/generators/views_generator_test.rb | 11 +++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index d8acdec68f..12d138fd67 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -1,4 +1,5 @@ require 'rails/generators/base' +require 'thor/base' module Devise module Generators @@ -28,6 +29,7 @@ def hide! end def copy_views + puts options view_directory :confirmations view_directory :passwords view_directory :registrations @@ -110,6 +112,12 @@ class ViewsGenerator < Rails::Generators::Base argument :scope, required: false, default: nil, desc: "The scope to copy views to" + method_options :specified_directories, required: false, + aliases: "-S", + desc: "Specify a subset of views to generate", + default: nil, + type: :array + invoke SharedViewsGenerator hook_for :form_builder, aliases: "-b", diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index ee9674c859..87a67d2a7c 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -36,6 +36,17 @@ class ViewsGeneratorTest < Rails::Generators::TestCase assert_files nil, mail_template_engine: "markerb" end + + test "Assert only views within specified directories" do + run_generator %w(-d sessions, registrations) + assert_file "app/views/devise/sessions/new.html.erb" + assert_file "app/views/devise/registrations/new.html.erb" + assert_file "app/views/devise/registrations/edit.html.erb" + assert_no_file "app/views/devise/confirmations/new.html.erb" + + #assert_shared_links + end + def assert_files(scope = nil, options={}) scope = "devise" if scope.nil? mail_template_engine = options[:mail_template_engine] || "html.erb" From 4a0bc7692a40a3cb59d32a9772d3fb8f8f9f0bae Mon Sep 17 00:00:00 2001 From: Molly Trombley-McCann Date: Tue, 4 Mar 2014 14:47:19 -0800 Subject: [PATCH 0420/1473] Add a flag to views generator allowing user to specify which view directories to generate --- lib/generators/devise/views_generator.rb | 32 +++++++++++++----------- test/generators/views_generator_test.rb | 22 ++++++++++++++-- 2 files changed, 38 insertions(+), 16 deletions(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 12d138fd67..ed6e2bace1 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -17,6 +17,7 @@ module ViewPathTemplates #:nodoc: # It should be fixed in future Rails releases class_option :form_builder, aliases: "-b" class_option :markerb + class_option :selective, aliases: "-d", type: :array public_task :copy_views end @@ -29,12 +30,17 @@ def hide! end def copy_views - puts options - view_directory :confirmations - view_directory :passwords - view_directory :registrations - view_directory :sessions - view_directory :unlocks + if options[:selective] + options[:selective].each do |directory| + view_directory directory.to_sym + end + else + view_directory :confirmations + view_directory :passwords + view_directory :registrations + view_directory :sessions + view_directory :unlocks + end end protected @@ -87,7 +93,9 @@ class ErbGenerator < Rails::Generators::Base #:nodoc: hide! def copy_views - view_directory :mailer + if !options[:selective] || options[:selective].include?('mailer') + view_directory :mailer + end end end @@ -98,7 +106,9 @@ class MarkerbGenerator < Rails::Generators::Base #:nodoc: hide! def copy_views - view_directory :markerb, target_path + if !options[:selective] || options[:selective].include?('mailer') + view_directory :markerb, target_path + end end def target_path @@ -112,12 +122,6 @@ class ViewsGenerator < Rails::Generators::Base argument :scope, required: false, default: nil, desc: "The scope to copy views to" - method_options :specified_directories, required: false, - aliases: "-S", - desc: "Specify a subset of views to generate", - default: nil, - type: :array - invoke SharedViewsGenerator hook_for :form_builder, aliases: "-b", diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index 87a67d2a7c..e8143a62b1 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -38,13 +38,31 @@ class ViewsGeneratorTest < Rails::Generators::TestCase test "Assert only views within specified directories" do - run_generator %w(-d sessions, registrations) + run_generator %w(-d sessions registrations) assert_file "app/views/devise/sessions/new.html.erb" assert_file "app/views/devise/registrations/new.html.erb" assert_file "app/views/devise/registrations/edit.html.erb" assert_no_file "app/views/devise/confirmations/new.html.erb" + assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb" + end + + test "Assert specified directories with scope" do + run_generator %w(users -d sessions) + assert_file "app/views/users/sessions/new.html.erb" + assert_no_file "app/views/users/confirmations/new.html.erb" + end - #assert_shared_links + test "Assert specified directories with simple form" do + run_generator %w(-d registrations -b simple_form_for) + assert_file "app/views/devise/registrations/new.html.erb", /simple_form_for/ + assert_no_file "app/views/devise/confirmations/new.html.erb" + end + + test "Assert specified directories with markerb" do + run_generator %w(--markerb -d passwords mailer) + assert_file "app/views/devise/passwords/new.html.erb" + assert_no_file "app/views/devise/confirmations/new.html.erb" + assert_file "app/views/devise/mailer/reset_password_instructions.markerb" end def assert_files(scope = nil, options={}) From 09ebe833b3dc60e82443bae97a0e3d2f223b8ea7 Mon Sep 17 00:00:00 2001 From: Molly Trombley-McCann Date: Tue, 4 Mar 2014 14:47:19 -0800 Subject: [PATCH 0421/1473] Add a flag to views generator allowing user to specify which view directories to generate --- lib/generators/devise/views_generator.rb | 33 +++++++++++++----------- test/generators/views_generator_test.rb | 22 ++++++++++++++-- 2 files changed, 38 insertions(+), 17 deletions(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 12d138fd67..62392d5bac 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -1,5 +1,4 @@ require 'rails/generators/base' -require 'thor/base' module Devise module Generators @@ -17,6 +16,7 @@ module ViewPathTemplates #:nodoc: # It should be fixed in future Rails releases class_option :form_builder, aliases: "-b" class_option :markerb + class_option :selective, aliases: "-d", type: :array, desc: "Select specific view directories to generate (confirmations, passwords, registrations, sessions, unlocks, mailer)" public_task :copy_views end @@ -29,12 +29,17 @@ def hide! end def copy_views - puts options - view_directory :confirmations - view_directory :passwords - view_directory :registrations - view_directory :sessions - view_directory :unlocks + if options[:selective] + options[:selective].each do |directory| + view_directory directory.to_sym + end + else + view_directory :confirmations + view_directory :passwords + view_directory :registrations + view_directory :sessions + view_directory :unlocks + end end protected @@ -87,7 +92,9 @@ class ErbGenerator < Rails::Generators::Base #:nodoc: hide! def copy_views - view_directory :mailer + if !options[:selective] || options[:selective].include?('mailer') + view_directory :mailer + end end end @@ -98,7 +105,9 @@ class MarkerbGenerator < Rails::Generators::Base #:nodoc: hide! def copy_views - view_directory :markerb, target_path + if !options[:selective] || options[:selective].include?('mailer') + view_directory :markerb, target_path + end end def target_path @@ -112,12 +121,6 @@ class ViewsGenerator < Rails::Generators::Base argument :scope, required: false, default: nil, desc: "The scope to copy views to" - method_options :specified_directories, required: false, - aliases: "-S", - desc: "Specify a subset of views to generate", - default: nil, - type: :array - invoke SharedViewsGenerator hook_for :form_builder, aliases: "-b", diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index 87a67d2a7c..e8143a62b1 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -38,13 +38,31 @@ class ViewsGeneratorTest < Rails::Generators::TestCase test "Assert only views within specified directories" do - run_generator %w(-d sessions, registrations) + run_generator %w(-d sessions registrations) assert_file "app/views/devise/sessions/new.html.erb" assert_file "app/views/devise/registrations/new.html.erb" assert_file "app/views/devise/registrations/edit.html.erb" assert_no_file "app/views/devise/confirmations/new.html.erb" + assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb" + end + + test "Assert specified directories with scope" do + run_generator %w(users -d sessions) + assert_file "app/views/users/sessions/new.html.erb" + assert_no_file "app/views/users/confirmations/new.html.erb" + end - #assert_shared_links + test "Assert specified directories with simple form" do + run_generator %w(-d registrations -b simple_form_for) + assert_file "app/views/devise/registrations/new.html.erb", /simple_form_for/ + assert_no_file "app/views/devise/confirmations/new.html.erb" + end + + test "Assert specified directories with markerb" do + run_generator %w(--markerb -d passwords mailer) + assert_file "app/views/devise/passwords/new.html.erb" + assert_no_file "app/views/devise/confirmations/new.html.erb" + assert_file "app/views/devise/mailer/reset_password_instructions.markerb" end def assert_files(scope = nil, options={}) From a79e0f6bca458a7ce1b7cca1f491be25cc970afb Mon Sep 17 00:00:00 2001 From: Molly Trombley-McCann and Shatarupa Nandi Date: Thu, 6 Mar 2014 13:41:11 -0800 Subject: [PATCH 0422/1473] Rename variable to views, change flag to -v --- lib/generators/devise/views_generator.rb | 10 +++++----- test/generators/views_generator_test.rb | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 62392d5bac..beac23836d 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -16,7 +16,7 @@ module ViewPathTemplates #:nodoc: # It should be fixed in future Rails releases class_option :form_builder, aliases: "-b" class_option :markerb - class_option :selective, aliases: "-d", type: :array, desc: "Select specific view directories to generate (confirmations, passwords, registrations, sessions, unlocks, mailer)" + class_option :views, aliases: "-v", type: :array, desc: "Select specific view directories to generate (confirmations, passwords, registrations, sessions, unlocks, mailer)" public_task :copy_views end @@ -29,8 +29,8 @@ def hide! end def copy_views - if options[:selective] - options[:selective].each do |directory| + if options[:views] + options[:views].each do |directory| view_directory directory.to_sym end else @@ -92,7 +92,7 @@ class ErbGenerator < Rails::Generators::Base #:nodoc: hide! def copy_views - if !options[:selective] || options[:selective].include?('mailer') + if !options[:views] || options[:views].include?('mailer') view_directory :mailer end end @@ -105,7 +105,7 @@ class MarkerbGenerator < Rails::Generators::Base #:nodoc: hide! def copy_views - if !options[:selective] || options[:selective].include?('mailer') + if !options[:views] || options[:views].include?('mailer') view_directory :markerb, target_path end end diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index e8143a62b1..279d00cd4e 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -38,7 +38,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase test "Assert only views within specified directories" do - run_generator %w(-d sessions registrations) + run_generator %w(-v sessions registrations) assert_file "app/views/devise/sessions/new.html.erb" assert_file "app/views/devise/registrations/new.html.erb" assert_file "app/views/devise/registrations/edit.html.erb" @@ -47,19 +47,19 @@ class ViewsGeneratorTest < Rails::Generators::TestCase end test "Assert specified directories with scope" do - run_generator %w(users -d sessions) + run_generator %w(users -v sessions) assert_file "app/views/users/sessions/new.html.erb" assert_no_file "app/views/users/confirmations/new.html.erb" end test "Assert specified directories with simple form" do - run_generator %w(-d registrations -b simple_form_for) + run_generator %w(-v registrations -b simple_form_for) assert_file "app/views/devise/registrations/new.html.erb", /simple_form_for/ assert_no_file "app/views/devise/confirmations/new.html.erb" end test "Assert specified directories with markerb" do - run_generator %w(--markerb -d passwords mailer) + run_generator %w(--markerb -v passwords mailer) assert_file "app/views/devise/passwords/new.html.erb" assert_no_file "app/views/devise/confirmations/new.html.erb" assert_file "app/views/devise/mailer/reset_password_instructions.markerb" From 0df786c8493977d51ddce5c9902d92fd20b8491c Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 9 Mar 2014 20:54:01 -0300 Subject: [PATCH 0423/1473] Add README docs and a CHANGELOG entry for #2916 --- CHANGELOG.md | 1 + README.md | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4dd2e3f52d..760a8806a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ * enchancements * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86. + * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline) ### 3.2.3 diff --git a/README.md b/README.md index 6362a5e54d..5116964042 100644 --- a/README.md +++ b/README.md @@ -267,6 +267,13 @@ After doing so, you will be able to have views based on the role like `users/ses rails generate devise:views users ``` +If you want to generate only a few set of views, like the ones for the `registrable` and `confirmable` module, +you can pass a list of modules to the generator with the `-v` flag. + +```console +rails generate devise:views -v registrations confirmations +``` + ### Configuring controllers If the customization at the views level is not enough, you can customize each controller by following these steps: From a8e1d4209706a4d904b968d0fe122bc25457cee8 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 12 Mar 2014 14:40:11 -0300 Subject: [PATCH 0424/1473] Bump mocha. --- Gemfile | 2 +- Gemfile.lock | 6 +++--- gemfiles/Gemfile.rails-3.2-stable | 2 +- gemfiles/Gemfile.rails-4.0-stable | 2 +- gemfiles/Gemfile.rails-head | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index fa3db7b1b1..7cb4e7bac3 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 0.13.1", require: false + gem "mocha", "~> 1.0.0", require: false end platforms :jruby do diff --git a/Gemfile.lock b/Gemfile.lock index 02f31277cc..14b67539fe 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -63,10 +63,10 @@ GEM mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) - metaclass (0.0.1) + metaclass (0.0.4) mime-types (1.23) minitest (4.7.5) - mocha (0.13.3) + mocha (1.0.0) metaclass (~> 0.0.1) moped (1.5.1) multi_json (1.7.9) @@ -148,7 +148,7 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha (~> 0.13.1) + mocha (~> 1.0.0) mongoid! omniauth (~> 1.0.0) omniauth-facebook diff --git a/gemfiles/Gemfile.rails-3.2-stable b/gemfiles/Gemfile.rails-3.2-stable index 935e4271aa..d5740f25e1 100644 --- a/gemfiles/Gemfile.rails-3.2-stable +++ b/gemfiles/Gemfile.rails-3.2-stable @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 0.13.1", require: false + gem "mocha", "~> 1.0.0", require: false end platforms :jruby do diff --git a/gemfiles/Gemfile.rails-4.0-stable b/gemfiles/Gemfile.rails-4.0-stable index 2c514031e7..d09acddd4a 100644 --- a/gemfiles/Gemfile.rails-4.0-stable +++ b/gemfiles/Gemfile.rails-4.0-stable @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 0.13.1", require: false + gem "mocha", "~> 1.0.0", require: false end platforms :jruby do diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index c0b1d996cd..444294f9e7 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 0.14", require: false + gem "mocha", "~> 1.0.0", require: false end platforms :jruby do From 4064155312f1ba15576b42b94bfe32f654688c2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Niemier?= Date: Sat, 15 Mar 2014 16:13:57 +0100 Subject: [PATCH 0425/1473] Small refactoring --- lib/devise/models/authenticatable.rb | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index f549f1294c..25c8dab76f 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -200,16 +200,9 @@ module ClassMethods :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage, :http_authentication_key) - def stringify(item) - if item.kind_of?(Array) - item.first.to_s - else - item - end - end def serialize_into_session(record) - [stringify(record.to_key), record.authenticatable_salt] + [[*record.to_key].first.to_s, record.authenticatable_salt] end def serialize_from_session(key, salt) From a05d001c41e299d148247ccff64110b344ac3e96 Mon Sep 17 00:00:00 2001 From: Wei-Meng Lee Date: Mon, 17 Mar 2014 15:18:44 +0800 Subject: [PATCH 0426/1473] Update CHANGELOG.md with missing 2.1.x minor versions Changelog for missing entries taken from https://github.com/plataformatec/devise/blob/v2.1.4/CHANGELOG.rdoc --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 760a8806a4..e6d452c29d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -174,6 +174,16 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby) * Properly handle namespaced models on Active Record generator (by @nashby) +### 2.1.4 + +* bugfix + * Do not confirm account after reset password + +### 2.1.3 + +* bugfix + * Require string conversion for all values + ### 2.1.2 * enhancements From 755219ccfc1cdde0b77af1f8f837c234c7c93702 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 17 Mar 2014 11:16:38 -0300 Subject: [PATCH 0427/1473] Release v3.2.4 --- CHANGELOG.md | 2 ++ Gemfile.lock | 4 ++-- lib/devise/version.rb | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e6d452c29d..e70b382358 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 3.2.4 + * enchancements * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86. * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline) diff --git a/Gemfile.lock b/Gemfile.lock index 14b67539fe..7f93f992db 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.2.3) + devise (3.2.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -48,7 +48,7 @@ GEM tzinfo (~> 0.3.37) arel (4.0.0) atomic (1.1.12) - bcrypt (3.1.3) + bcrypt (3.1.7) builder (3.1.4) erubis (2.7.0) faraday (0.8.8) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 48137a8e1e..7daf2e8b1f 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.2.3".freeze + VERSION = "3.2.4".freeze end From 1eab594895e9d9c19fd96f5c8c33aa1918c15e85 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 17 Mar 2014 11:51:25 -0300 Subject: [PATCH 0428/1473] `SessionsController#destroy` no longer yields the resource object. If you need access to the current resource when overring the action use the scope helper (like `current_user`) before calling `super`. Closes #2926. --- CHANGELOG.md | 6 ++++++ app/controllers/devise/sessions_controller.rb | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e70b382358..a208c84c8b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ ### Unreleased +* fixes + * `SessionsController#destroy` no longer yields the `resource` to receiving block, + since the resource isn't loaded in the action. If you need access to the current + resource when overring the action use the scope helper (like `current_user`) before + calling `super`. + ### 3.2.4 * enchancements diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 8005a3e462..003ad2f793 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -24,7 +24,7 @@ def destroy redirect_path = after_sign_out_path_for(resource_name) signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) set_flash_message :notice, :signed_out if signed_out && is_flashing_format? - yield resource if block_given? + yield if block_given? # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request From 8d7a72326a9c98d69137a98bcf465c408ac0e48e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 17 Mar 2014 12:10:04 -0300 Subject: [PATCH 0429/1473] Add a note about #2906 to the CHANGELOG. --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a208c84c8b..b1f5a55ad7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased +* enhancements + * Default email messages was updated with grammar fixes. Please check the diff on + #2906 for the updated copy. (by @p-originate) + * fixes * `SessionsController#destroy` no longer yields the `resource` to receiving block, since the resource isn't loaded in the action. If you need access to the current From d439bc409cb3b19e28cb6614acedab6bccf178c4 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 17 Mar 2014 12:11:01 -0300 Subject: [PATCH 0430/1473] Fix typo on CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b1f5a55ad7..47876196cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ ### 3.2.4 -* enchancements +* enhancements * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86. * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline) From ce3ead6b5fced43cd05c794e0847b50be285206e Mon Sep 17 00:00:00 2001 From: Daniel Pehrson Date: Fri, 21 Mar 2014 10:27:23 -0400 Subject: [PATCH 0431/1473] Ensure registration controller block yields happen on failure in addition to success and closes #2936. Now with 100% more unit tests. --- .../devise/registrations_controller.rb | 10 +++--- .../custom_registrations_controller_test.rb | 35 +++++++++++++++++++ .../custom/registrations_controller.rb | 21 +++++++++++ test/rails_app/config/routes.rb | 3 ++ 4 files changed, 65 insertions(+), 4 deletions(-) create mode 100644 test/controllers/custom_registrations_controller_test.rb create mode 100644 test/rails_app/app/controllers/custom/registrations_controller.rb diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 07f43aa7da..eab982e6b7 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -12,8 +12,9 @@ def new def create build_resource(sign_up_params) - if resource.save - yield resource if block_given? + resource_saved = resource.save + yield resource if block_given? + if resource_saved if resource.active_for_authentication? set_flash_message :notice, :signed_up if is_flashing_format? sign_up(resource_name, resource) @@ -41,8 +42,9 @@ def update self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) - if update_resource(resource, account_update_params) - yield resource if block_given? + resource_updated = update_resource(resource, account_update_params) + yield resource if block_given? + if resource_updated if is_flashing_format? flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? :update_needs_confirmation : :updated diff --git a/test/controllers/custom_registrations_controller_test.rb b/test/controllers/custom_registrations_controller_test.rb new file mode 100644 index 0000000000..e56fddc7a0 --- /dev/null +++ b/test/controllers/custom_registrations_controller_test.rb @@ -0,0 +1,35 @@ +require 'test_helper' + +class CustomRegistrationsControllerTest < ActionController::TestCase + tests Custom::RegistrationsController + + include Devise::TestHelpers + + setup do + request.env["devise.mapping"] = Devise.mappings[:user] + @password = 'password' + @user = create_user(password: @password, password_confirmation: @password).tap(&:confirm!) + end + + test "yield resource to block on create success" do + post :create, {user: {:email => "user@example.org", :password => "password", :password_confirmation => "password"}} + assert @controller.create_block_called?, "create failed to yield resource to provided block" + end + + test "yield resource to block on create failure" do + post :create, {user: {}} + assert @controller.create_block_called?, "create failed to yield resource to provided block" + end + + test "yield resource to block on update success" do + sign_in @user + put :update, {user: {current_password: @password}} + assert @controller.update_block_called?, "update failed to yield resource to provided block" + end + + test "yield resource to block on update failure" do + sign_in @user + put :update, {user: {}} + assert @controller.update_block_called?, "update failed to yield resource to provided block" + end +end diff --git a/test/rails_app/app/controllers/custom/registrations_controller.rb b/test/rails_app/app/controllers/custom/registrations_controller.rb new file mode 100644 index 0000000000..9f1699c8ef --- /dev/null +++ b/test/rails_app/app/controllers/custom/registrations_controller.rb @@ -0,0 +1,21 @@ +class Custom::RegistrationsController < Devise::RegistrationsController + def create + super do |resource| + @create_block_called = true + end + end + + def update + super do |resource| + @update_block_called = true + end + end + + def create_block_called? + @create_block_called == true + end + + def update_block_called? + @update_block_called == true + end +end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 16f60751b9..1ab9c290bc 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -26,6 +26,9 @@ get "/sign_in", to: "devise/sessions#new" + # Routes for custom controller testing + devise_for :user, only: [:registrations], controllers: { registrations: "custom/registrations" }, as: :custom, path: :custom + # Admin scope devise_for :admin, path: "admin_area", controllers: { sessions: :"admins/sessions" }, skip: :passwords From 90e55409e115bd82f55eeaecff50b688ff2d69f6 Mon Sep 17 00:00:00 2001 From: Daniel Pehrson Date: Fri, 21 Mar 2014 15:24:25 -0400 Subject: [PATCH 0432/1473] Upgrade stray legacy hash syntax to 1.9 syntax. --- test/controllers/custom_registrations_controller_test.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/controllers/custom_registrations_controller_test.rb b/test/controllers/custom_registrations_controller_test.rb index e56fddc7a0..31a93b87b6 100644 --- a/test/controllers/custom_registrations_controller_test.rb +++ b/test/controllers/custom_registrations_controller_test.rb @@ -12,24 +12,24 @@ class CustomRegistrationsControllerTest < ActionController::TestCase end test "yield resource to block on create success" do - post :create, {user: {:email => "user@example.org", :password => "password", :password_confirmation => "password"}} + post :create, { user: { email: "user@example.org", password: "password", password_confirmation: "password" } } assert @controller.create_block_called?, "create failed to yield resource to provided block" end test "yield resource to block on create failure" do - post :create, {user: {}} + post :create, { user: { } } assert @controller.create_block_called?, "create failed to yield resource to provided block" end test "yield resource to block on update success" do sign_in @user - put :update, {user: {current_password: @password}} + put :update, { user: { current_password: @password } } assert @controller.update_block_called?, "update failed to yield resource to provided block" end test "yield resource to block on update failure" do sign_in @user - put :update, {user: {}} + put :update, { user: { } } assert @controller.update_block_called?, "update failed to yield resource to provided block" end end From 5b49bd3450b208f627fa9052f376c520d523a5ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 24 Mar 2014 21:49:48 +0100 Subject: [PATCH 0433/1473] Improve docs for update_with_password Closes #2942 --- lib/devise/models/database_authenticatable.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 6049eab62c..1eb2a8164a 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -55,9 +55,13 @@ def clean_up_passwords self.password = self.password_confirmation = nil end - # Update record attributes when :current_password matches, otherwise returns - # error on :current_password. It also automatically rejects :password and - # :password_confirmation if they are blank. + # Update record attributes when :current_password matches, otherwise + # returns error on :current_password. + # + # This method also rejects the password field if it is blank (allowing + # users to change relevant information like the e-mail without changing + # their password). In case the password field is rejected, the confirmation + # is also rejected as long as it is also blank. def update_with_password(params, *options) current_password = params.delete(:current_password) From aa456c9d075473745560bbcc4b1dde7b8a6f3890 Mon Sep 17 00:00:00 2001 From: Alvaro Naveda Date: Tue, 25 Mar 2014 15:43:46 +0100 Subject: [PATCH 0434/1473] Fixed path syntax error on README.md Minor fix on the configuring controllers section. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5116964042..827f14693e 100644 --- a/README.md +++ b/README.md @@ -285,7 +285,7 @@ If the customization at the views level is not enough, you can customize each co end ``` - Note that in the above example, the controller needs to be created in the `app/controller/admins/` directory. + Note that in the above example, the controller needs to be created in the `app/controllers/admins/` directory. 2. Tell the router to use this controller: From 739c187e810ee753eb44a5a4f23b03436e0f4a30 Mon Sep 17 00:00:00 2001 From: "J. Nunn" Date: Fri, 28 Mar 2014 17:21:50 -0500 Subject: [PATCH 0435/1473] Fixed documentation for configured_permitted_parameters --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 827f14693e..44c2654055 100644 --- a/README.md +++ b/README.md @@ -214,7 +214,7 @@ If you have some checkboxes that express the roles a user may take on registrati ```ruby def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(roles: [], :email, :password, :password_confirmation) } + devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({roles: []}, :email, :password, :password_confirmation) } end ``` For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see From f19e82021f32933fa6505d2dd3a3a514c9f89826 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 28 Mar 2014 20:53:50 -0300 Subject: [PATCH 0436/1473] Add some spaces around the curly brackets. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 44c2654055..38e674bfc1 100644 --- a/README.md +++ b/README.md @@ -214,7 +214,7 @@ If you have some checkboxes that express the roles a user may take on registrati ```ruby def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({roles: []}, :email, :password, :password_confirmation) } + devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation) } end ``` For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see From da0c27393f4d461c2c160a07408e73650c7078ff Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 28 Mar 2014 22:51:56 -0300 Subject: [PATCH 0437/1473] Serialize the `last_request_at` entry as an Integer Pushing the `Time` object inside the session has inconsistencies across different serializers and we should use a more primitive type so we don't need any specific parsing logic for the JSON serializer. --- lib/devise/hooks/timeoutable.rb | 7 ++++++- test/integration/timeoutable_test.rb | 3 +-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index cc181747d0..79dc1f32ad 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -9,6 +9,11 @@ if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false last_request_at = warden.session(scope)['last_request_at'] + + if last_request_at.is_a? Integer + last_request_at = Time.at(last_request_at).utc + end + proxy = Devise::Hooks::Proxy.new(warden) if record.timedout?(last_request_at) && !env['devise.skip_timeout'] @@ -22,7 +27,7 @@ end unless env['devise.skip_trackable'] - warden.session(scope)['last_request_at'] = Time.now.utc + warden.session(scope)['last_request_at'] = Time.now.utc.to_i end end end diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 79f643134d..f8981ef783 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -8,12 +8,11 @@ def last_request_at test 'set last request at in user session after each request' do sign_in_as_user - old_last_request = last_request_at assert_not_nil last_request_at + @controller.user_session.delete('last_request_at') get users_path assert_not_nil last_request_at - assert_not_equal old_last_request, last_request_at end test 'set last request at in user session after each request is skipped if tracking is disabled' do From 71d8dd37bb82df286cfa0393e8105c0770fec3da Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 28 Mar 2014 23:11:53 -0300 Subject: [PATCH 0438/1473] Update mongoid dependency. --- Gemfile.lock | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7f93f992db..e481eec3b1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,13 +1,13 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 346a79a7d01aa194de80e649916239a18d38ce13 + revision: dba1c17b1dba667e50347ab616aaf6f2e1bee094 branch: master specs: - mongoid (4.0.0) - activemodel (~> 4.0.0) - moped (~> 1.5) - origin (~> 1.0) - tzinfo (~> 0.3.22) + mongoid (4.0.0.beta1) + activemodel (>= 4.0.0) + moped (~> 2.0.beta6) + origin (~> 2.1) + tzinfo (>= 0.3.37) PATH remote: . @@ -47,16 +47,18 @@ GEM thread_safe (~> 0.1) tzinfo (~> 0.3.37) arel (4.0.0) - atomic (1.1.12) + atomic (1.1.16) bcrypt (3.1.7) + bson (2.2.1) builder (3.1.4) + connection_pool (1.2.0) erubis (2.7.0) faraday (0.8.8) multipart-post (~> 1.2.0) hashie (1.2.0) hike (1.2.3) httpauth (0.2.0) - i18n (0.6.5) + i18n (0.6.9) json (1.8.0) jwt (0.1.8) multi_json (>= 1.5) @@ -68,8 +70,11 @@ GEM minitest (4.7.5) mocha (1.0.0) metaclass (~> 0.0.1) - moped (1.5.1) - multi_json (1.7.9) + moped (2.0.0.beta6) + bson (~> 2.2) + connection_pool (~> 1.2) + optionable (~> 0.2.0) + multi_json (1.9.2) multipart-post (1.2.0) nokogiri (1.5.9) oauth2 (0.8.1) @@ -89,7 +94,8 @@ GEM omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - origin (1.1.0) + optionable (0.2.0) + origin (2.1.0) orm_adapter (0.5.0) polyglot (0.3.3) rack (1.5.2) @@ -126,13 +132,13 @@ GEM sprockets (~> 2.8) sqlite3 (1.3.7) thor (0.18.1) - thread_safe (0.1.2) - atomic + thread_safe (0.3.1) + atomic (>= 1.1.7, < 2) tilt (1.4.1) treetop (1.4.14) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.37) + tzinfo (0.3.39) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) From 7adf95b945be9aceba7ecf18d66f317ffd47acba Mon Sep 17 00:00:00 2001 From: Yasserius Date: Sun, 30 Mar 2014 00:52:00 +0600 Subject: [PATCH 0439/1473] before_filter turned into before_action --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 38e674bfc1..35c16abdbb 100644 --- a/README.md +++ b/README.md @@ -122,10 +122,10 @@ You should restart your application after changing Devise's configuration option ### Controller filters and helpers -Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_filter: +Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action: ```ruby -before_filter :authenticate_user! +before_action :authenticate_user! ``` To verify if a user is signed in, use the following helper: @@ -157,7 +157,7 @@ You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to Notice that if your Devise model is called `Member` instead of `User`, for example, then the helpers available are: ```ruby -before_filter :authenticate_member! +before_action :authenticate_member! member_signed_in? @@ -190,7 +190,7 @@ In case you want to permit additional parameters (the lazy way™) you can do wi ```ruby class ApplicationController < ActionController::Base - before_filter :configure_permitted_parameters, if: :devise_controller? + before_action :configure_permitted_parameters, if: :devise_controller? protected From de57ef83fb1884be29fa55df9f13c18aa8c7be6c Mon Sep 17 00:00:00 2001 From: Karl Entwistle Date: Mon, 31 Mar 2014 14:51:13 +0100 Subject: [PATCH 0440/1473] Find a resource based off its encrypted reset_password_token --- lib/devise/models/recoverable.rb | 7 +++++++ test/models/recoverable_test.rb | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 0ae4dbee52..af4ae67829 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -91,6 +91,13 @@ def after_password_reset end module ClassMethods + # Attempt to find a user by password reset token. If a user is found, return it + # If a user is not found, return nil + def with_reset_password_token(token) + reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token) + find_by_reset_password_token(reset_password_token) + end + # Attempt to find a user by its email. If a record is found, send new # password instructions to it. If user is not found, returns a new user # with an email not found error. diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index a59f06a7f3..d4548ed844 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -181,4 +181,16 @@ def setup :reset_password_token ] end + + test 'should return a user based on the raw token' do + user = create_user + raw = user.send_reset_password_instructions + + assert_equal User.with_reset_password_token(raw), user + end + + test 'should return nil if a user based on the raw token is not found' do + assert_equal User.with_reset_password_token('random-token'), nil + end + end From 58b311a93f415e9c6d43bae5e773757b8367d29e Mon Sep 17 00:00:00 2001 From: Karl Entwistle Date: Mon, 31 Mar 2014 15:24:55 +0100 Subject: [PATCH 0441/1473] Use the ORM Adapter API --- lib/devise/models/recoverable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index af4ae67829..d48d0dd768 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -95,7 +95,7 @@ module ClassMethods # If a user is not found, return nil def with_reset_password_token(token) reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token) - find_by_reset_password_token(reset_password_token) + to_adapter.find_first(reset_password_token: reset_password_token) end # Attempt to find a user by its email. If a record is found, send new From a38f2f96b5e79af757682c74d2f5dfb136281bd5 Mon Sep 17 00:00:00 2001 From: Kamil Giszczak Date: Mon, 31 Mar 2014 18:32:45 +0200 Subject: [PATCH 0442/1473] Use _url routes instead of _path --- lib/devise/failure_app.rb | 12 ++++++------ test/failure_app_test.rb | 34 +++++++++++++++++++++++++++++++++ test/rails_app/config/routes.rb | 4 ++++ 3 files changed, 44 insertions(+), 6 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index fb5e4c79fe..27c4154ec2 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -96,15 +96,15 @@ def redirect_url request.referrer end - path || scope_path + path || scope_url else - scope_path + scope_url end end - def scope_path + def scope_url opts = {} - route = :"new_#{scope}_session_path" + route = :"new_#{scope}_session_url" opts[:format] = request_format unless skip_format? config = Rails.application.config @@ -114,8 +114,8 @@ def scope_path if context.respond_to?(route) context.send(route, opts) - elsif respond_to?(:root_path) - root_path(opts) + elsif respond_to?(:root_url) + root_url(opts) else "/" end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index bbf08d0ee2..194a402214 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -8,6 +8,16 @@ def fake_app end end + class FailureWithSubdomain < RootFailureApp + routes = ActionDispatch::Routing::RouteSet.new + + routes.draw do + root to: 'foo#bar', constraints: { subdomain: 'sub' } + end + + include routes.url_helpers + end + class FailureWithI18nOptions < Devise::FailureApp def i18n_options(options) options.merge(name: 'Steve') @@ -42,6 +52,13 @@ def call_failure(env_params={}) assert_equal 'http://test.host/users/sign_in', @response.second['Location'] end + test 'returns to the default redirect location considering subdomain' do + call_failure('warden.options' => { scope: :subdomain_user }) + assert_equal 302, @response.first + assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] + assert_equal 'http://sub.test.host/subdomain_users/sign_in', @response.second['Location'] + end + test 'returns to the default redirect location for wildcard requests' do call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*' assert_equal 302, @response.first @@ -57,6 +74,15 @@ def call_failure(env_params={}) end end + test 'returns to the root path considering subdomain if no session path is available' do + swap Devise, router_name: :fake_app do + call_failure app: FailureWithSubdomain + assert_equal 302, @response.first + assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] + assert_equal 'http://sub.test.host/', @response.second['Location'] + end + end + if Rails.application.config.respond_to?(:relative_url_root) test 'returns to the default redirect location considering the relative url root' do swap Rails.application.config, relative_url_root: "/sample" do @@ -65,6 +91,14 @@ def call_failure(env_params={}) assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location'] end end + + test 'returns to the default redirect location considering the relative url root and subdomain' do + swap Rails.application.config, relative_url_root: "/sample" do + call_failure('warden.options' => { scope: :subdomain_user }) + assert_equal 302, @response.first + assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location'] + end + end end test 'uses the proxy failure message as symbol' do diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 1ab9c290bc..bda678f34c 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -66,6 +66,10 @@ devise_for :homebase_admin, class_name: "Admin", path: "homebase" end + constraints(subdomain: 'sub') do + devise_for :subdomain_users, class_name: "User", only: [:sessions] + end + devise_for :skip_admin, class_name: "Admin", skip: :all # Routes for format=false testing From b786c384d54a6365bdc6c0cf6068dc5325a301a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 3 Apr 2014 21:00:12 +0200 Subject: [PATCH 0443/1473] Remove need for raw session inspect --- lib/devise/controllers/helpers.rb | 5 ++--- lib/devise/controllers/sign_in_out.rb | 1 - 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 1d3b2ef496..14a3dd5d0a 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -176,10 +176,9 @@ def sign_out_and_redirect(resource_or_scope) # Overwrite Rails' handle unverified request to sign out all scopes, # clear run strategies and remove cached variables. def handle_unverified_request - sign_out_all_scopes(false) + super # call the default behaviour which resets/nullifies/raises request.env["devise.skip_storage"] = true - expire_data_after_sign_out! - super # call the default behaviour which resets the session + sign_out_all_scopes(false) end def request_format diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 421819450e..8516d434ad 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -72,7 +72,6 @@ def sign_out(resource_or_scope=nil) def sign_out_all_scopes(lock=true) users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } - warden.raw_session.inspect warden.logout expire_data_after_sign_out! warden.clear_strategies_cache! From 314f731a664cbb45db2aa793e1697dd519a29695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 4 Apr 2014 09:47:11 +0200 Subject: [PATCH 0444/1473] Update CHANGELOG --- CHANGELOG.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47876196cf..d1444fddae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,17 @@ -### Unreleased +### 3.3.0 (unreleased) * enhancements - * Default email messages was updated with grammar fixes. Please check the diff on - #2906 for the updated copy. (by @p-originate) + * Default email messages was updated with grammar fixes, check the diff on + #2906 for the updated copy (by @p-originate) + * Allow a resource to be found based on its encrypted password token (by @karlentwistle) -* fixes +* bug fix * `SessionsController#destroy` no longer yields the `resource` to receiving block, since the resource isn't loaded in the action. If you need access to the current resource when overring the action use the scope helper (like `current_user`) before - calling `super`. + calling `super` + * Serialize the `last_request_at` entry as an Integer + * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson) ### 3.2.4 From 9cada8d2d4fa453b727fbc997080f51e53a9f35a Mon Sep 17 00:00:00 2001 From: Kamil Giszczak Date: Fri, 4 Apr 2014 16:07:37 +0200 Subject: [PATCH 0445/1473] Use scope instead of constraints to define routes. It works the same with rails 3 and rails 4. --- test/failure_app_test.rb | 4 +++- test/rails_app/config/routes.rb | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 194a402214..432c88a068 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -12,7 +12,9 @@ class FailureWithSubdomain < RootFailureApp routes = ActionDispatch::Routing::RouteSet.new routes.draw do - root to: 'foo#bar', constraints: { subdomain: 'sub' } + scope subdomain: 'sub' do + root to: 'foo#bar' + end end include routes.url_helpers diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index bda678f34c..0e710b4938 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -66,7 +66,7 @@ devise_for :homebase_admin, class_name: "Admin", path: "homebase" end - constraints(subdomain: 'sub') do + scope(subdomain: 'sub') do devise_for :subdomain_users, class_name: "User", only: [:sessions] end From f7fdde1ab07d21e86e51afebd04c5428cad9d056 Mon Sep 17 00:00:00 2001 From: Lauro Caetano Date: Fri, 4 Apr 2014 15:45:52 -0300 Subject: [PATCH 0446/1473] Add the invalidate_all_sessions_on_logout configuration to invalidate all the remember me tokens when the user signs out. --- CHANGELOG.md | 2 ++ lib/devise.rb | 4 ++++ lib/devise/models/rememberable.rb | 4 ++-- lib/generators/templates/devise.rb | 3 +++ test/models/rememberable_test.rb | 27 +++++++++++++++++++++------ 5 files changed, 32 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d1444fddae..49bb86285c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ ### 3.3.0 (unreleased) * enhancements + * Add the `expire_all_remember_me_on_sign_out` configuration to invalidate + all the remember me tokens when the user signs out. (by @laurocaetano) * Default email messages was updated with grammar fixes, check the diff on #2906 for the updated copy (by @p-originate) * Allow a resource to be found based on its encrypted password token (by @karlentwistle) diff --git a/lib/devise.rb b/lib/devise.rb index 153751ea7a..75bd40f245 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -134,6 +134,10 @@ def self.#{method}=(val) mattr_accessor :extend_remember_period @@extend_remember_period = false + # If true, all the remember me tokens are going to be invalidated when the user signs out. + mattr_accessor :expire_all_remember_me_on_sign_out + @@expire_all_remember_me_on_sign_out = true + # Time interval you can access your account before confirming your account. # nil - allows unconfirmed access for unlimited time mattr_accessor :allow_unconfirmed_access_for diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 94bf8fe6ac..e9326d269d 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -58,7 +58,7 @@ def remember_me!(extend_period=false) def forget_me! return unless persisted? self.remember_token = nil if respond_to?(:remember_token=) - self.remember_created_at = nil + self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out save(validate: false) end @@ -122,7 +122,7 @@ def remember_token #:nodoc: end end - Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options) + Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out) end end end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 0b1925b363..a2090e620a 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -132,6 +132,9 @@ # The time the user will be remembered without asking for credentials again. # config.remember_for = 2.weeks + # Invalidates all the remember me tokens when the user signs out. + config.expire_all_remember_me_on_sign_out = true + # If true, extends the user's remember period when remembered via cookie. # config.extend_remember_period = false diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 74e37f2a28..aec1fe77cf 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -55,12 +55,27 @@ def create_resource assert resource_class.new.respond_to?(:remember_me=) end - test 'forget_me should clear remember_created_at' do - resource = create_resource - resource.remember_me! - assert_not resource.remember_created_at.nil? - resource.forget_me! - assert resource.remember_created_at.nil? + test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do + swap Devise, expire_all_remember_me_on_sign_out: true do + resource = create_resource + resource.remember_me! + assert_not_nil resource.remember_created_at + + resource.forget_me! + assert_nil resource.remember_created_at + end + end + + test 'forget_me should not clear remember_created_at if expire_all_remember_me_on_sign_out is false' do + swap Devise, expire_all_remember_me_on_sign_out: false do + resource = create_resource + resource.remember_me! + + assert_not_nil resource.remember_created_at + + resource.forget_me! + assert_not_nil resource.remember_created_at + end end test 'forget_me should not try to update resource if it has been destroyed' do From a2bd5631da163a9694b873c0561c7e95c278b9da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sadjow=20Le=C3=A3o?= Date: Fri, 4 Apr 2014 19:01:12 -0300 Subject: [PATCH 0447/1473] Use port option in default url options for ActionMailer --- README.md | 2 +- lib/generators/templates/README | 2 +- test/mailers/confirmation_instructions_test.rb | 4 ++-- test/mailers/reset_password_instructions_test.rb | 4 ++-- test/mailers/unlock_instructions_test.rb | 4 ++-- test/rails_app/config/application.rb | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 35c16abdbb..e0e5d4a8b7 100644 --- a/README.md +++ b/README.md @@ -115,7 +115,7 @@ Replace MODEL by the class name used for the applications users, it's frequently Next, you need to set up the default url options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: ```ruby -config.action_mailer.default_url_options = { host: 'localhost:3000' } +config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } ``` You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined. diff --git a/lib/generators/templates/README b/lib/generators/templates/README index ba3ca6c853..001e6e5a24 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -6,7 +6,7 @@ Some setup you must do manually if you haven't yet: is an example of default_url_options appropriate for a development environment in config/environments/development.rb: - config.action_mailer.default_url_options = { host: 'localhost:3000' } + config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } In production, :host should be set to the actual host of your application. diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 2d8581924a..057814511f 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -83,9 +83,9 @@ def mail end test 'body should have link to confirm the account' do - host = ActionMailer::Base.default_url_options[:host] + host, port = ActionMailer::Base.default_url_options.values_at :host, :port - if mail.body.encoded =~ %r{} + if mail.body.encoded =~ %r{} assert_equal Devise.token_generator.digest(user.class, :confirmation_token, $1), user.confirmation_token else flunk "expected confirmation url regex to match" diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 83f03ec940..79eb92f7b4 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -79,9 +79,9 @@ def mail end test 'body should have link to confirm the account' do - host = ActionMailer::Base.default_url_options[:host] + host, port = ActionMailer::Base.default_url_options.values_at :host, :port - if mail.body.encoded =~ %r{} + if mail.body.encoded =~ %r{} assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token else flunk "expected reset password url regex to match" diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 35be87efb9..518a4c5f63 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -80,9 +80,9 @@ def mail end test 'body should have link to unlock the account' do - host = ActionMailer::Base.default_url_options[:host] + host, port = ActionMailer::Base.default_url_options.values_at :host, :port - if mail.body.encoded =~ %r{} + if mail.body.encoded =~ %r{} assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token else flunk "expected unlock url regex to match" diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 46140549fe..91c75cb942 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -30,7 +30,7 @@ class Application < Rails::Application config.filter_parameters << :password config.assets.enabled = false - config.action_mailer.default_url_options = { host: "localhost:3000" } + config.action_mailer.default_url_options = { host: "localhost", port: 3000 } # This was used to break devise in some situations config.to_prepare do From 5c57d885058aa5664ad24a132576f86b263f1d57 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 25 Feb 2014 14:39:55 -0300 Subject: [PATCH 0448/1473] Cache bundle results on Travis to S3 --- .gitignore | 1 - .travis.yml | 15 ++- gemfiles/Gemfile.rails-3.2-stable.lock | 167 +++++++++++++++++++++++ gemfiles/Gemfile.rails-4.0-stable.lock | 174 ++++++++++++++++++++++++ gemfiles/Gemfile.rails-head.lock | 178 +++++++++++++++++++++++++ script/cached-bundle | 49 +++++++ script/s3-put | 71 ++++++++++ 7 files changed, 650 insertions(+), 5 deletions(-) create mode 100644 gemfiles/Gemfile.rails-3.2-stable.lock create mode 100644 gemfiles/Gemfile.rails-4.0-stable.lock create mode 100644 gemfiles/Gemfile.rails-head.lock create mode 100755 script/cached-bundle create mode 100755 script/s3-put diff --git a/.gitignore b/.gitignore index ac2a95781c..0ff7742714 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,3 @@ rdoc/* pkg log test/tmp/* -gemfiles/*.lock diff --git a/.travis.yml b/.travis.yml index a0e0736706..7a8555e2a1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,14 +1,21 @@ language: ruby script: "bundle exec rake test" -before_install: - - gem install bundler -v '>= 1.5.1' +install: script/cached-bundle install --deployment --path vendor/bundle rvm: - 1.9.3 - 2.0.0 - 2.1.0 env: - - DEVISE_ORM=mongoid - - DEVISE_ORM=active_record + matrix: + - DEVISE_ORM=mongoid + - DEVISE_ORM=active_record + global: + # AMAZON_S3_BUCKET + - secure: "owrGpYVco0CptAcWAGdVUHqoLNcc7s1sl0UrH5kzw7T8mqrskoaI8yrNyqvhCYA/fXdTLlbhXO3GgYW8yMFe8CtcJbWKWpnk2XUDlsYj0pwPp9FPWBK2w7kSsJOjn+SNeJOTPrSkWnmwmDtGSkVW2tIqwb9k4YfOpYEruhhgBJk=" + # AMAZON_ACCESS_KEY_ID + - secure: "iODI901bQTs5s96zS9YbXtIB9V1sikZE6jpLqf8YfA8rDNIk6yzSXWdrqV5NxtI5vTmaor2BXUMXPQ3MAe6CjEn45WqVWfmYnllAl9avREfzxuvGIewPcMzOIiy22R+nKd9gzntVK/czbKoby73RtTpHZmJ74n7hxF8h3pBMy20=" + # AMAZON_SECRET_ACCESS_KEY + - secure: "B9CsMAopxaG7rrIbIZGQku/zte+wJf9RIVsRZTHrlWFLWm572J17FlJmJAcHQGCUHlD8K1HY0hVTRUp9rD3Mt1bUz3FDPWUDuSJO0f/hvN01bqGvuz1snq7Xpi8v09uzAZ+WWjBmv84TbwbHSoqjI2oPp5PePWThuCiEzkIe34Y=" gemfile: - gemfiles/Gemfile.rails-head - gemfiles/Gemfile.rails-4.0-stable diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock new file mode 100644 index 0000000000..7dde1d367a --- /dev/null +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -0,0 +1,167 @@ +GIT + remote: git://github.com/rails/rails.git + revision: a3bda38467377cb8c3cdd52b6fcf6c6c31f74b82 + branch: 3-2-stable + specs: + actionmailer (3.2.17) + actionpack (= 3.2.17) + mail (~> 2.5.4) + actionpack (3.2.17) + activemodel (= 3.2.17) + activesupport (= 3.2.17) + builder (~> 3.0.0) + erubis (~> 2.7.0) + journey (~> 1.0.4) + rack (~> 1.4.5) + rack-cache (~> 1.2) + rack-test (~> 0.6.1) + sprockets (~> 2.2.1) + activemodel (3.2.17) + activesupport (= 3.2.17) + builder (~> 3.0.0) + activerecord (3.2.17) + activemodel (= 3.2.17) + activesupport (= 3.2.17) + arel (~> 3.0.2) + tzinfo (~> 0.3.29) + activeresource (3.2.17) + activemodel (= 3.2.17) + activesupport (= 3.2.17) + activesupport (3.2.17) + i18n (~> 0.6, >= 0.6.4) + multi_json (~> 1.0) + rails (3.2.17) + actionmailer (= 3.2.17) + actionpack (= 3.2.17) + activerecord (= 3.2.17) + activeresource (= 3.2.17) + activesupport (= 3.2.17) + bundler (~> 1.0) + railties (= 3.2.17) + railties (3.2.17) + actionpack (= 3.2.17) + activesupport (= 3.2.17) + rack-ssl (~> 1.3.2) + rake (>= 0.8.7) + rdoc (~> 3.4) + thor (>= 0.14.6, < 2.0) + +PATH + remote: .. + specs: + devise (3.2.4) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + thread_safe (~> 0.1) + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + arel (3.0.3) + atomic (1.1.16) + bcrypt (3.1.7) + builder (3.0.4) + erubis (2.7.0) + faraday (0.9.0) + multipart-post (>= 1.2, < 3) + hashie (1.2.0) + hike (1.2.3) + httpauth (0.2.1) + i18n (0.6.9) + journey (1.0.4) + json (1.8.1) + jwt (0.1.11) + multi_json (>= 1.5) + mail (2.5.4) + mime-types (~> 1.16) + treetop (~> 1.4.8) + metaclass (0.0.4) + mime-types (1.25.1) + mini_portile (0.5.2) + mocha (1.0.0) + metaclass (~> 0.0.1) + mongoid (3.1.6) + activemodel (~> 3.2) + moped (~> 1.4) + origin (~> 1.0) + tzinfo (~> 0.3.29) + moped (1.5.2) + multi_json (1.8.4) + multipart-post (2.0.0) + nokogiri (1.6.1) + mini_portile (~> 0.5.0) + oauth2 (0.8.1) + faraday (~> 0.8) + httpauth (~> 0.1) + jwt (~> 0.1.4) + multi_json (~> 1.0) + rack (~> 1.2) + omniauth (1.0.3) + hashie (~> 1.2) + rack + omniauth-facebook (1.4.0) + omniauth-oauth2 (~> 1.0.2) + omniauth-oauth2 (1.0.3) + oauth2 (~> 0.8.0) + omniauth (~> 1.0) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + origin (1.1.0) + orm_adapter (0.5.0) + polyglot (0.3.4) + rack (1.4.5) + rack-cache (1.2) + rack (>= 0.4) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-ssl (1.3.3) + rack + rack-test (0.6.2) + rack (>= 1.0) + rake (10.1.1) + rdoc (3.12.2) + json (~> 1.4) + ruby-openid (2.5.0) + sprockets (2.2.2) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sqlite3 (1.3.8) + thor (0.18.1) + thread_safe (0.2.0) + atomic (>= 1.1.7, < 2) + tilt (1.4.1) + treetop (1.4.15) + polyglot + polyglot (>= 0.3.1) + tzinfo (0.3.38) + warden (1.2.3) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + +PLATFORMS + ruby + +DEPENDENCIES + activerecord-jdbc-adapter + activerecord-jdbcsqlite3-adapter + devise! + jruby-openssl + mocha (~> 1.0.0) + mongoid (~> 3.0) + omniauth (~> 1.0.0) + omniauth-facebook + omniauth-oauth2 (~> 1.0.0) + omniauth-openid (~> 1.0.1) + rails! + rdoc + sqlite3 + webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock new file mode 100644 index 0000000000..a5b66ea5ed --- /dev/null +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -0,0 +1,174 @@ +GIT + remote: git://github.com/mongoid/mongoid.git + revision: 5b0f031992cbec66d68c6cb288a4edb952ed5336 + branch: master + specs: + mongoid (4.0.0.beta1) + activemodel (>= 4.0.0) + moped (~> 2.0.beta6) + origin (~> 2.1) + tzinfo (>= 0.3.37) + +GIT + remote: git://github.com/rails/rails.git + revision: ccb0301bd43a385305f2d000aa085407926a1059 + branch: 4-0-stable + specs: + actionmailer (4.0.2) + actionpack (= 4.0.2) + mail (~> 2.5.4) + actionpack (4.0.2) + activesupport (= 4.0.2) + builder (~> 3.1.0) + erubis (~> 2.7.0) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.2) + activesupport (= 4.0.2) + builder (~> 3.1.0) + activerecord (4.0.2) + activemodel (= 4.0.2) + activerecord-deprecated_finders (~> 1.0.2) + activesupport (= 4.0.2) + arel (~> 4.0.0) + activesupport (4.0.2) + i18n (~> 0.6, >= 0.6.9) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + rails (4.0.2) + actionmailer (= 4.0.2) + actionpack (= 4.0.2) + activerecord (= 4.0.2) + activesupport (= 4.0.2) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.2) + sprockets-rails (~> 2.0.0) + railties (4.0.2) + actionpack (= 4.0.2) + activesupport (= 4.0.2) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + +PATH + remote: .. + specs: + devise (3.2.4) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + thread_safe (~> 0.1) + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + activerecord-deprecated_finders (1.0.3) + arel (4.0.2) + atomic (1.1.14) + bcrypt (3.1.7) + bson (2.2.0) + builder (3.1.4) + connection_pool (1.2.0) + erubis (2.7.0) + faraday (0.9.0) + multipart-post (>= 1.2, < 3) + hashie (1.2.0) + hike (1.2.3) + httpauth (0.2.1) + i18n (0.6.9) + json (1.8.1) + jwt (0.1.11) + multi_json (>= 1.5) + mail (2.5.4) + mime-types (~> 1.16) + treetop (~> 1.4.8) + metaclass (0.0.4) + mime-types (1.25.1) + mini_portile (0.5.2) + minitest (4.7.5) + mocha (1.0.0) + metaclass (~> 0.0.1) + moped (2.0.0.beta6) + bson (~> 2.2) + connection_pool (~> 1.2) + optionable (~> 0.2.0) + multi_json (1.8.4) + multipart-post (2.0.0) + nokogiri (1.6.1) + mini_portile (~> 0.5.0) + oauth2 (0.8.1) + faraday (~> 0.8) + httpauth (~> 0.1) + jwt (~> 0.1.4) + multi_json (~> 1.0) + rack (~> 1.2) + omniauth (1.0.3) + hashie (~> 1.2) + rack + omniauth-facebook (1.4.0) + omniauth-oauth2 (~> 1.0.2) + omniauth-oauth2 (1.0.3) + oauth2 (~> 0.8.0) + omniauth (~> 1.0) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + optionable (0.2.0) + origin (2.1.0) + orm_adapter (0.5.0) + polyglot (0.3.3) + rack (1.5.2) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (0.6.2) + rack (>= 1.0) + rake (10.1.1) + rdoc (4.1.1) + json (~> 1.4) + ruby-openid (2.5.0) + sprockets (2.10.1) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.0.1) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) + sqlite3 (1.3.8) + thor (0.18.1) + thread_safe (0.1.3) + atomic + tilt (1.4.1) + treetop (1.4.15) + polyglot + polyglot (>= 0.3.1) + tzinfo (0.3.38) + warden (1.2.3) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + +PLATFORMS + ruby + +DEPENDENCIES + activerecord-jdbc-adapter + activerecord-jdbcsqlite3-adapter + devise! + jruby-openssl + mocha (~> 1.0.0) + mongoid! + omniauth (~> 1.0.0) + omniauth-facebook + omniauth-oauth2 (~> 1.0.0) + omniauth-openid (~> 1.0.1) + rails! + rdoc + sqlite3 + webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock new file mode 100644 index 0000000000..6f83c44006 --- /dev/null +++ b/gemfiles/Gemfile.rails-head.lock @@ -0,0 +1,178 @@ +GIT + remote: git://github.com/mongoid/mongoid.git + revision: 5fcb8ddd0ac749a81f499d31722582bda7e654b1 + branch: master + specs: + mongoid (4.0.0.beta1) + activemodel (>= 4.0.0) + moped (~> 2.0.beta6) + origin (~> 2.1) + tzinfo (>= 0.3.37) + +GIT + remote: git://github.com/rails/rails.git + revision: 25ce856c3ea8beb864994b4b13df07b48574df9b + specs: + actionmailer (4.1.0.beta2) + actionpack (= 4.1.0.beta2) + actionview (= 4.1.0.beta2) + mail (~> 2.5.4) + actionpack (4.1.0.beta2) + actionview (= 4.1.0.beta2) + activesupport (= 4.1.0.beta2) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + actionview (4.1.0.beta2) + activesupport (= 4.1.0.beta2) + builder (~> 3.1) + erubis (~> 2.7.0) + activemodel (4.1.0.beta2) + activesupport (= 4.1.0.beta2) + builder (~> 3.1) + activerecord (4.1.0.beta2) + activemodel (= 4.1.0.beta2) + activesupport (= 4.1.0.beta2) + arel (~> 5.0.0) + activesupport (4.1.0.beta2) + i18n (~> 0.6, >= 0.6.9) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) + thread_safe (~> 0.1) + tzinfo (~> 1.1) + rails (4.1.0.beta2) + actionmailer (= 4.1.0.beta2) + actionpack (= 4.1.0.beta2) + actionview (= 4.1.0.beta2) + activemodel (= 4.1.0.beta2) + activerecord (= 4.1.0.beta2) + activesupport (= 4.1.0.beta2) + bundler (>= 1.3.0, < 2.0) + railties (= 4.1.0.beta2) + sprockets-rails (~> 2.0.0) + railties (4.1.0.beta2) + actionpack (= 4.1.0.beta2) + activesupport (= 4.1.0.beta2) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + +PATH + remote: .. + specs: + devise (3.2.4) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + thread_safe (~> 0.1) + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + arel (5.0.0) + atomic (1.1.14) + bcrypt (3.1.7) + bson (2.2.1) + builder (3.2.2) + connection_pool (1.2.0) + erubis (2.7.0) + faraday (0.9.0) + multipart-post (>= 1.2, < 3) + hashie (1.2.0) + hike (1.2.3) + httpauth (0.2.1) + i18n (0.6.9) + json (1.8.1) + jwt (0.1.11) + multi_json (>= 1.5) + mail (2.5.4) + mime-types (~> 1.16) + treetop (~> 1.4.8) + metaclass (0.0.4) + mime-types (1.25.1) + mini_portile (0.5.2) + minitest (5.2.3) + mocha (1.0.0) + metaclass (~> 0.0.1) + moped (2.0.0.beta6) + bson (~> 2.2) + connection_pool (~> 1.2) + optionable (~> 0.2.0) + multi_json (1.8.4) + multipart-post (2.0.0) + nokogiri (1.6.1) + mini_portile (~> 0.5.0) + oauth2 (0.8.1) + faraday (~> 0.8) + httpauth (~> 0.1) + jwt (~> 0.1.4) + multi_json (~> 1.0) + rack (~> 1.2) + omniauth (1.0.3) + hashie (~> 1.2) + rack + omniauth-facebook (1.4.0) + omniauth-oauth2 (~> 1.0.2) + omniauth-oauth2 (1.0.3) + oauth2 (~> 0.8.0) + omniauth (~> 1.0) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + optionable (0.2.0) + origin (2.1.0) + orm_adapter (0.5.0) + polyglot (0.3.4) + rack (1.5.2) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (0.6.2) + rack (>= 1.0) + rake (10.1.1) + rdoc (4.1.1) + json (~> 1.4) + ruby-openid (2.5.0) + sprockets (2.10.1) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.0.1) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) + sqlite3 (1.3.8) + thor (0.18.1) + thread_safe (0.1.3) + atomic + tilt (1.4.1) + treetop (1.4.15) + polyglot + polyglot (>= 0.3.1) + tzinfo (1.1.0) + thread_safe (~> 0.1) + warden (1.2.3) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + +PLATFORMS + ruby + +DEPENDENCIES + activerecord-jdbc-adapter + activerecord-jdbcsqlite3-adapter + devise! + jruby-openssl + mocha (~> 1.0.0) + mongoid! + omniauth (~> 1.0.0) + omniauth-facebook + omniauth-oauth2 (~> 1.0.0) + omniauth-openid (~> 1.0.1) + rails! + rdoc + sqlite3 + webrat (= 0.7.3) diff --git a/script/cached-bundle b/script/cached-bundle new file mode 100755 index 0000000000..5142778073 --- /dev/null +++ b/script/cached-bundle @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +# Usage: cached-bundle install --deployment +# +# After running `bundle`, caches the `vendor/bundle` directory to S3. +# On the next run, restores the cached directory before running `bundle`. +# When `Gemfile.lock` changes, the cache gets rebuilt. +# +# Requirements: +# - Gemfile.lock +# - TRAVIS_REPO_SLUG +# - TRAVIS_RUBY_VERSION +# - AMAZON_S3_BUCKET +# - script/s3-put +# - bundle +# - curl +# +# Author: Mislav Marohnić + +set -e + +compute_md5() { + local output="$(openssl md5)" + echo "${output##* }" +} + +download() { + curl --tcp-nodelay -qsfL "$1" -o "$2" +} + + +gemfile="${BUNDLE_GEMFILE:-Gemfile}" +bundle_fullpath="$(dirname $gemfile)/vendor/bundle" +bundle_path=${bundle_fullpath#$PWD/} +gemfile_hash="$(compute_md5 <"${gemfile}.lock")" +cache_name="${TRAVIS_RUBY_VERSION}-${gemfile_hash}.tgz" +fetch_url="http://${AMAZON_S3_BUCKET}.s3.amazonaws.com/${TRAVIS_REPO_SLUG}/${cache_name}" + +if download "$fetch_url" "$cache_name"; then + echo "Reusing cached bundle ${cache_name}" + tar xzf "$cache_name" +fi + +bundle "$@" + +if [ ! -f "$cache_name" ] && [ -n "$AMAZON_SECRET_ACCESS_KEY" ]; then + echo "Caching \`${bundle_path}' to S3" + tar czf "$cache_name" "$bundle_path" + script/s3-put "$cache_name" "${AMAZON_S3_BUCKET}:${TRAVIS_REPO_SLUG}/${cache_name}" +fi diff --git a/script/s3-put b/script/s3-put new file mode 100755 index 0000000000..036e845de2 --- /dev/null +++ b/script/s3-put @@ -0,0 +1,71 @@ +#!/usr/bin/env bash +# Usage: s3-put [:] [] +# +# Uploads a file to the Amazon S3 service. +# Outputs the URL for the newly uploaded file. +# +# Requirements: +# - AMAZON_ACCESS_KEY_ID +# - AMAZON_SECRET_ACCESS_KEY +# - openssl +# - curl +# +# Author: Mislav Marohnić + +set -e + +authorization() { + local signature="$(string_to_sign | hmac_sha1 | base64)" + echo "AWS ${AMAZON_ACCESS_KEY_ID?}:${signature}" +} + +hmac_sha1() { + openssl dgst -binary -sha1 -hmac "${AMAZON_SECRET_ACCESS_KEY?}" +} + +base64() { + openssl enc -base64 +} + +bin_md5() { + openssl dgst -binary -md5 +} + +string_to_sign() { + echo "$http_method" + echo "$content_md5" + echo "$content_type" + echo "$date" + echo "x-amz-acl:$acl" + printf "/$bucket/$remote_path" +} + +date_string() { + LC_TIME=C date "+%a, %d %h %Y %T %z" +} + +file="$1" +bucket="${2%%:*}" +remote_path="${2#*:}" +content_type="$3" + +if [ -z "$remote_path" ] || [ "$remote_path" = "$bucket" ]; then + remote_path="${file##*/}" +fi + +http_method=PUT +acl="public-read" +content_md5="$(bin_md5 < "$file" | base64)" +date="$(date_string)" + +url="https://$bucket.s3.amazonaws.com/$remote_path" + +curl -qsSf -T "$file" \ + -H "Authorization: $(authorization)" \ + -H "x-amz-acl: $acl" \ + -H "Date: $date" \ + -H "Content-MD5: $content_md5" \ + -H "Content-Type: $content_type" \ + "$url" + +echo "$url" From 571dead19ba436599a7ab0744705a1438d32031f Mon Sep 17 00:00:00 2001 From: Lauro Caetano Date: Tue, 8 Apr 2014 15:49:59 -0300 Subject: [PATCH 0449/1473] Check if there is a signed in user before sign out. Only execute the `SessionsController#destroy` if there is a signed in user, otherwise it will raise `ActionController::InvalidAuthenticityToken`. Fixes #2934. --- CHANGELOG.md | 1 + app/controllers/devise/sessions_controller.rb | 38 +++++++++++++++---- config/locales/en.yml | 1 + test/integration/authenticatable_test.rb | 20 +++++++++- 4 files changed, 51 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 49bb86285c..8322663629 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * Allow a resource to be found based on its encrypted password token (by @karlentwistle) * bug fix + * Check if there is a signed in user before executing the `SessionsController#destroy`. * `SessionsController#destroy` no longer yields the `resource` to receiving block, since the resource isn't loaded in the action. If you need access to the current resource when overring the action use the scope helper (like `current_user`) before diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 003ad2f793..8c41f65361 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -1,6 +1,7 @@ class Devise::SessionsController < DeviseController prepend_before_filter :require_no_authentication, only: [ :new, :create ] prepend_before_filter :allow_params_authentication!, only: :create + prepend_before_filter :verify_signed_out_user, only: :destroy prepend_before_filter only: [ :create, :destroy ] { request.env["devise.skip_timeout"] = true } # GET /resource/sign_in @@ -21,17 +22,11 @@ def create # DELETE /resource/sign_out def destroy - redirect_path = after_sign_out_path_for(resource_name) signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) set_flash_message :notice, :signed_out if signed_out && is_flashing_format? yield if block_given? - # We actually need to hardcode this as Rails default responder doesn't - # support returning empty response on GET request - respond_to do |format| - format.all { head :no_content } - format.any(*navigational_formats) { redirect_to redirect_path } - end + respond_to_on_destroy end protected @@ -50,4 +45,33 @@ def serialize_options(resource) def auth_options { scope: resource_name, recall: "#{controller_path}#new" } end + + private + + # Check if there is no signed in user before doing the sign out. + # + # If there is no signed in user, it will set the flash message and redirect + # to the after_sign_out path. + def verify_signed_out_user + if all_signed_out? + set_flash_message :notice, :already_signed_out if is_flashing_format? + + respond_to_on_destroy + end + end + + def all_signed_out? + users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } + + users.all?(&:blank?) + end + + def respond_to_on_destroy + # We actually need to hardcode this as Rails default responder doesn't + # support returning empty response on GET request + respond_to do |format| + format.all { head :no_content } + format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) } + end + end end diff --git a/config/locales/en.yml b/config/locales/en.yml index 54e936ba98..e419f7794f 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -43,6 +43,7 @@ en: sessions: signed_in: "Signed in successfully." signed_out: "Signed out successfully." + already_signed_out: "Signed out successfully." unlocks: send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 039408322c..c98c9d0e62 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -118,13 +118,13 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest assert_not warden.authenticated?(:admin) end - test 'unauthenticated admin does not set message on sign out' do + test 'unauthenticated admin set message on sign out' do get destroy_admin_session_path assert_response :redirect assert_redirected_to root_path get root_path - assert_not_contain 'Signed out successfully' + assert_contain 'Signed out successfully' end test 'scope uses custom failure app' do @@ -711,3 +711,19 @@ class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest assert_redirected_to '/admin_area/home' end end + +class DoubleSignOutRedirectTest < ActionDispatch::IntegrationTest + test 'sign out after already having signed out redirects to sign in' do + sign_in_as_user + + post destroy_sign_out_via_delete_or_post_session_path + + get root_path + assert_contain 'Signed out successfully.' + + post destroy_sign_out_via_delete_or_post_session_path + + get root_path + assert_contain 'Signed out successfully.' + end +end From 38e868dc79a6520306c5d581c46894839d0c5a7e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Apr 2014 19:24:25 -0300 Subject: [PATCH 0450/1473] Update Travis encrypted keys --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7a8555e2a1..fc75ec2ed1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,11 +11,11 @@ env: - DEVISE_ORM=active_record global: # AMAZON_S3_BUCKET - - secure: "owrGpYVco0CptAcWAGdVUHqoLNcc7s1sl0UrH5kzw7T8mqrskoaI8yrNyqvhCYA/fXdTLlbhXO3GgYW8yMFe8CtcJbWKWpnk2XUDlsYj0pwPp9FPWBK2w7kSsJOjn+SNeJOTPrSkWnmwmDtGSkVW2tIqwb9k4YfOpYEruhhgBJk=" + - secure: "qkeYGn2mpgsgU5tKS9GWvFp/utUF/9O8++Shch24DMnq8OB01TrV5QQ2Elj7sSjMWqw2Pbe56nUCA9eOWXhPglGyIq2AI9E0umsEGZxdRlqqobpiMWs5wl8KZ0cFD1rZm6CwfL8atmcNfTt5TnvsaQ2l/k3TerOT2e66R/Mibk8=" # AMAZON_ACCESS_KEY_ID - - secure: "iODI901bQTs5s96zS9YbXtIB9V1sikZE6jpLqf8YfA8rDNIk6yzSXWdrqV5NxtI5vTmaor2BXUMXPQ3MAe6CjEn45WqVWfmYnllAl9avREfzxuvGIewPcMzOIiy22R+nKd9gzntVK/czbKoby73RtTpHZmJ74n7hxF8h3pBMy20=" + - secure: "rTYGUFH9SPN0L7QtdE6Liyy/1z7nGKxqDF9LMRsmNsIfsqxoTPKZ8bCctQ4ksuk9svynGQsLfsda5pA+YvuALzjdWmGcID6ENgOGvoFnhZO5LuJ5f6t0k8gFpV9oBquQgDWzhzrcPYvCUrUYg3GSlHjFSXdPdht3SoYn7PiDaNs=" # AMAZON_SECRET_ACCESS_KEY - - secure: "B9CsMAopxaG7rrIbIZGQku/zte+wJf9RIVsRZTHrlWFLWm572J17FlJmJAcHQGCUHlD8K1HY0hVTRUp9rD3Mt1bUz3FDPWUDuSJO0f/hvN01bqGvuz1snq7Xpi8v09uzAZ+WWjBmv84TbwbHSoqjI2oPp5PePWThuCiEzkIe34Y=" + - secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI=" gemfile: - gemfiles/Gemfile.rails-head - gemfiles/Gemfile.rails-4.0-stable From 5f32cd25fd6d2ccdff18c2a525c28fc0bc1b996e Mon Sep 17 00:00:00 2001 From: Ross Kaffenberger Date: Tue, 15 Apr 2014 17:20:21 -0400 Subject: [PATCH 0451/1473] support multiple warden configuration blocks Changes the behavior of `Devise.warden` such that calling it multiple times with different blocks will result in a call to each block on `Devise.configure_warden!` rather than "last block wins". This is especially used for plugins that wish to extend warden functionality without clobbering base app configuration or vice versa. --- lib/devise.rb | 6 +++--- test/devise_test.rb | 21 +++++++++++++++++++-- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 75bd40f245..b7b68951ad 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -272,7 +272,7 @@ def self.#{method}=(val) # Private methods to interface with Warden. mattr_accessor :warden_config @@warden_config = nil - @@warden_config_block = nil + @@warden_config_blocks = [] # When true, enter in paranoid mode to avoid user enumeration. mattr_accessor :paranoid @@ -413,7 +413,7 @@ def self.add_module(module_name, options = {}) # end # end def self.warden(&block) - @@warden_config_block = block + @@warden_config_blocks << block end # Specify an omniauth provider. @@ -467,7 +467,7 @@ def self.configure_warden! #:nodoc: end end - @@warden_config_block.try :call, Devise.warden_config + @@warden_config_blocks.map { |block| block.call Devise.warden_config } true end end diff --git a/test/devise_test.rb b/test/devise_test.rb index 2ee39a99e4..ec726b83c1 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -3,10 +3,10 @@ module Devise def self.yield_and_restore @@warden_configured = nil - c, b = @@warden_config, @@warden_config_block + c, b = @@warden_config, @@warden_config_blocks yield ensure - @@warden_config, @@warden_config_block = c, b + @@warden_config, @@warden_config_blocks = c, b end end @@ -53,6 +53,23 @@ class DeviseTest < ActiveSupport::TestCase end end + test 'warden manager user configuration through multiple blocks' do + Devise.yield_and_restore do + @first_executed = false + @second_executed = false + Devise.warden do |config| + @first_executed = true + end + Devise.warden do |config| + @second_executed = true + end + + Devise.configure_warden! + assert @first_executed + assert @second_executed + end + end + test 'add new module using the helper method' do assert_nothing_raised(Exception) { Devise.add_module(:coconut) } assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size From 081ea9e0ba0a9ff8ebe46f520d8247a43844e241 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 15 Apr 2014 18:47:16 -0300 Subject: [PATCH 0452/1473] Add CHANGELOG entry for #2978 [ci skip] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8322663629..41658f5d3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### 3.3.0 (unreleased) * enhancements + * Support multiple warden configuration blocks on devise configuration. (by @rossta) * Add the `expire_all_remember_me_on_sign_out` configuration to invalidate all the remember me tokens when the user signs out. (by @laurocaetano) * Default email messages was updated with grammar fixes, check the diff on From f37b10ef87725b4e39bce522d2fb878ff38adcfa Mon Sep 17 00:00:00 2001 From: Michael Crismali Date: Thu, 17 Apr 2014 20:28:17 -0500 Subject: [PATCH 0453/1473] Switched all instances of 'not blank?' to 'present?' --- lib/devise/models/confirmable.rb | 6 +++--- test/mailers/confirmation_instructions_test.rb | 2 +- test/mailers/reset_password_instructions_test.rb | 2 +- test/mailers/unlock_instructions_test.rb | 2 +- test/support/assertions.rb | 5 ++--- 5 files changed, 8 insertions(+), 9 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 102c8cdb03..dcac6d0762 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -236,17 +236,17 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token end def postpone_email_change? - postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && !self.email.blank? + postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present? @bypass_confirmation_postpone = false postpone end def reconfirmation_required? - self.class.reconfirmable && @reconfirmation_required && !self.email.blank? + self.class.reconfirmable && @reconfirmation_required && self.email.present? end def send_confirmation_notification? - confirmation_required? && !@skip_confirmation_notification && !self.email.blank? + confirmation_required? && !@skip_confirmation_notification && self.email.present? end def after_confirmation diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 057814511f..8eb9358c15 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -53,7 +53,7 @@ def mail test 'custom mailer renders parent mailer template' do Devise.mailer = 'Users::Mailer' - assert_not_blank mail.body.encoded + assert_present mail.body.encoded end test 'setup reply to as copy from sender' do diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 79eb92f7b4..4a95c9a034 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -55,7 +55,7 @@ def mail test 'custom mailer renders parent mailer template' do Devise.mailer = 'Users::Mailer' - assert_not_blank mail.body.encoded + assert_present mail.body.encoded end test 'setup reply to as copy from sender' do diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 518a4c5f63..38948366e0 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -56,7 +56,7 @@ def mail test 'custom mailer renders parent mailer template' do Devise.mailer = 'Users::Mailer' - assert_not_blank mail.body.encoded + assert_present mail.body.encoded end test 'setup reply to as copy from sender' do diff --git a/test/support/assertions.rb b/test/support/assertions.rb index 7937969d58..864999efd2 100644 --- a/test/support/assertions.rb +++ b/test/support/assertions.rb @@ -9,10 +9,9 @@ def assert_blank(assertion) assert assertion.blank? end - def assert_not_blank(assertion) - assert !assertion.blank? + def assert_present(assertion) + assert assertion.present? end - alias :assert_present :assert_not_blank def assert_email_sent(address = nil, &block) assert_difference('ActionMailer::Base.deliveries.size', &block) From 0b096c961a13fecb722e81c0dd13d4e5e79c5c4a Mon Sep 17 00:00:00 2001 From: Weston Platter Date: Sun, 20 Apr 2014 13:57:31 -0600 Subject: [PATCH 0454/1473] remove new line to keep convention with other methods --- app/controllers/devise/sessions_controller.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 8c41f65361..4a5497a0f1 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -25,7 +25,6 @@ def destroy signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) set_flash_message :notice, :signed_out if signed_out && is_flashing_format? yield if block_given? - respond_to_on_destroy end From a841e6c4f0316b8a92858f05095d257a97eabfd8 Mon Sep 17 00:00:00 2001 From: Maxim Pechnikov Date: Wed, 23 Apr 2014 10:27:23 +0400 Subject: [PATCH 0455/1473] fixed storing location with bad URL --- CHANGELOG.md | 1 + lib/devise/controllers/store_location.rb | 9 +++++++-- test/controllers/helpers_test.rb | 6 ++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41658f5d3f..26b548c368 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ calling `super` * Serialize the `last_request_at` entry as an Integer * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson) + * Storing location only for valid url (by @parallel588) ### 3.2.4 diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index b249037a24..b9102ec1b1 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -33,14 +33,19 @@ def stored_location_for(resource_or_scope) # def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) - if location - uri = URI.parse(location) + if (uri = parse_uri(location)) session[session_key] = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?') end end private + def parse_uri(location) + location && URI.parse(location) + rescue URI::InvalidURIError + nil + end + def stored_location_key_for(resource_or_scope) scope = Devise::Mapping.find_scope!(resource_or_scope) "#{scope}_return_to" diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 4a7b648415..7ef4265e5a 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -193,6 +193,12 @@ def setup assert_equal "/foo.bar", @controller.stored_location_for(:user) end + test 'store bad location for stores a location to redirect back to' do + assert_nil @controller.stored_location_for(:user) + @controller.store_location_for(:user, "/foo.bar\">Carry") + assert_nil @controller.stored_location_for(:user) + end + test 'store location for accepts a resource as argument' do @controller.store_location_for(User.new, "/foo.bar") assert_equal "/foo.bar", @controller.stored_location_for(User.new) From 9cafe0dff6f9263033049ae31416fdc236051636 Mon Sep 17 00:00:00 2001 From: daniely Date: Sun, 27 Apr 2014 10:25:16 +0800 Subject: [PATCH 0456/1473] Update README.md Correct grammar from "on progress" to "in progress" --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e0e5d4a8b7..141d8dec22 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ It's composed of 10 modules: * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. -Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is on progress. +Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress. ## Information From d63b6b7b9dd129f1b78597755ed1a40bb300a4c9 Mon Sep 17 00:00:00 2001 From: kento1218 Date: Mon, 28 Apr 2014 20:42:34 +0900 Subject: [PATCH 0457/1473] Fix Devise::ConfirmationsController#after_confirmation_path_for after_confirmation_path_for checks whether the user already signed in by calling signed_in? after confirmation succeeded. Since it was called without scope specification, the user treated as signed in inappropriately when the user signed in as another resource (such as 'admin'). --- app/controllers/devise/confirmations_controller.rb | 2 +- test/integration/confirmable_test.rb | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 8b2cbbcfd6..70f37d9155 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -38,7 +38,7 @@ def after_resending_confirmation_instructions_path_for(resource_name) # The path used after confirmation. def after_confirmation_path_for(resource_name, resource) - if signed_in? + if signed_in?(resource_name) signed_in_root_path(resource) else new_session_path(resource_name) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 2652c89af6..ee3fe19e66 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -133,6 +133,15 @@ def resend_confirmation end end + test 'user should be redirected to sign in page whenever signed in as another resource at same session already' do + sign_in_as_admin + + user = create_user(confirm: false) + visit_user_confirmation_with_token(user.raw_confirmation_token) + + assert_current_url '/users/sign_in' + end + test 'error message is configurable by resource name' do store_translations :en, devise: { failure: { user: { unconfirmed: "Not confirmed user" } } From 1ad09f9cfc0168ef747a79ede506f536e2ecd8a6 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 28 Apr 2014 11:28:48 -0300 Subject: [PATCH 0458/1473] Improve CHANGELOG and move assignment to outside the `if` statement. --- CHANGELOG.md | 2 +- lib/devise/controllers/store_location.rb | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26b548c368..29a9444e61 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,7 +16,7 @@ calling `super` * Serialize the `last_request_at` entry as an Integer * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson) - * Storing location only for valid url (by @parallel588) + * Only valid paths will be stored for redirections (by @parallel588) ### 3.2.4 diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index b9102ec1b1..ad36a4f04c 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -33,7 +33,8 @@ def stored_location_for(resource_or_scope) # def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) - if (uri = parse_uri(location)) + uri = parse_uri(location) + if uri session[session_key] = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?') end end From 11c88754791322c8c4c5c123149f5435eda3b932 Mon Sep 17 00:00:00 2001 From: Hao Wei Date: Thu, 1 May 2014 19:49:37 +0800 Subject: [PATCH 0459/1473] Update legacy comment --- lib/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index b7b68951ad..2b99d923e4 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -404,7 +404,7 @@ def self.add_module(module_name, options = {}) # Sets warden configuration using a block that will be invoked on warden # initialization. # - # Devise.initialize do |config| + # Devise.setup do |config| # config.allow_unconfirmed_access_for = 2.days # # config.warden do |manager| From da49ed23f984540fe4547ad868f42f30a1fcc368 Mon Sep 17 00:00:00 2001 From: David Henry Date: Thu, 1 May 2014 23:39:05 +0100 Subject: [PATCH 0460/1473] Start adding code to allow devise_for to specify the engine context (router_name) to be used. --- lib/devise/controllers/helpers.rb | 11 ++++++++--- lib/devise/controllers/url_helpers.rb | 5 +++-- lib/devise/mapping.rb | 20 +++++++++++++------- lib/devise/rails/routes.rb | 2 ++ 4 files changed, 26 insertions(+), 12 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 14a3dd5d0a..89ddc99ed5 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -101,10 +101,15 @@ def allow_params_authentication! # The scope root url to be used when they're signed in. By default, it first # tries to find a resource_root_path, otherwise it uses the root_path. def signed_in_root_path(resource_or_scope) - scope = Devise::Mapping.find_scope!(resource_or_scope) + scope, router_name = Devise::Mapping.find_scope!(resource_or_scope, :include_router_name) home_path = "#{scope}_root_path" - if respond_to?(home_path, true) - send(home_path) + + context = router_name ? send(router_name) : self + + if context.respond_to?(home_path, true) + context.send(home_path) + elsif context.respond_to?(:root_path) + context.root_path elsif respond_to?(:root_path) root_path else diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index 480687f55b..80fe04dc61 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -46,8 +46,9 @@ def self.generate_helpers!(routes=nil) class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1 def #{method}(resource_or_scope, *args) - scope = Devise::Mapping.find_scope!(resource_or_scope) - _devise_route_context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args) + scope, router_name = Devise::Mapping.find_scope!(resource_or_scope, :include_router_name) + context = router_name ? send(router_name) : _devise_route_context + context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args) end URL_HELPERS end diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 7ab377b15a..02a6433b4b 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -23,23 +23,27 @@ module Devise # class Mapping #:nodoc: attr_reader :singular, :scoped_path, :path, :controllers, :path_names, - :class_name, :sign_out_via, :format, :used_routes, :used_helpers, :failure_app + :class_name, :sign_out_via, :format, :used_routes, :used_helpers, + :failure_app, :router_name alias :name :singular # Receives an object and find a scope for it. If a scope cannot be found, # raises an error. If a symbol is given, it's considered to be the scope. - def self.find_scope!(obj) - case obj + def self.find_scope!(obj, *flags) + include_router_name = flags.include?(:include_router_name) + mapping = case obj when String, Symbol - return obj + return obj unless include_router_name + Devise.mappings.detect { |m| obj == m.name } when Class - Devise.mappings.each_value { |m| return m.name if obj <= m.to } + Devise.mappings.detect { |m| obj <= m.to } else - Devise.mappings.each_value { |m| return m.name if obj.is_a?(m.to) } + Devise.mappings.detect { |m| obj.is_a?(m.to) } end + raise "Could not find a valid mapping for #{obj.inspect}" unless mapping - raise "Could not find a valid mapping for #{obj.inspect}" + return (include_router_name ? mapping.name : [mapping.name, mapping.router_name]) end def self.find_by_path!(path, path_type=:fullpath) @@ -60,6 +64,8 @@ def initialize(name, options) #:nodoc: @sign_out_via = options[:sign_out_via] || Devise.sign_out_via @format = options[:format] + @router_name = options[:router_name] + default_failure_app(options) default_controllers(options) default_path_names(options) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 2951b14153..7f974e5279 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -153,6 +153,8 @@ class Mapper # # * defaults: works the same as Rails' defaults # + # * router_name: allows application level router name to be overwritten for the current scope + # # ==== Scoping # # Following Rails 3 routes DSL, you can nest devise_for calls inside a scope: From 9e8371c29343d9be71fb7df8b19bca8652a5ccec Mon Sep 17 00:00:00 2001 From: David Henry Date: Thu, 1 May 2014 23:46:05 +0100 Subject: [PATCH 0461/1473] Make after_sign_out_path_for and after_inactive_sign_up_path_for aware of router name if declared in devise_for declaration. --- app/controllers/devise/registrations_controller.rb | 4 +++- lib/devise/controllers/helpers.rb | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index eab982e6b7..7d4b736c1f 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -112,7 +112,9 @@ def after_sign_up_path_for(resource) # The path used after sign up for inactive accounts. You need to overwrite # this method in your own RegistrationsController. def after_inactive_sign_up_path_for(resource) - respond_to?(:root_path) ? root_path : "/" + scope, router_name = Devise::Mapping.find_scope!(resource_or_scope, :include_router_name) + context = router_name ? send(router_name) : self + context.respond_to?(:root_path) ? context.root_path : "/" end # The default url to be used after updating a resource. You need to overwrite diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 89ddc99ed5..b0964611eb 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -155,7 +155,9 @@ def after_sign_in_path_for(resource_or_scope) # # By default it is the root_path. def after_sign_out_path_for(resource_or_scope) - respond_to?(:root_path) ? root_path : "/" + scope, router_name = Devise::Mapping.find_scope!(resource_or_scope, :include_router_name) + context = router_name ? send(router_name) : self + context.respond_to?(:root_path) ? context.root_path : "/" end # Sign in a user and tries to redirect first to the stored location and From 38b347ac00870f61cd36678a4d688501446a57a0 Mon Sep 17 00:00:00 2001 From: David Henry Date: Fri, 2 May 2014 00:17:17 +0100 Subject: [PATCH 0462/1473] Fix bug in the tests --- lib/devise/mapping.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 02a6433b4b..2269041666 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -35,11 +35,11 @@ def self.find_scope!(obj, *flags) mapping = case obj when String, Symbol return obj unless include_router_name - Devise.mappings.detect { |m| obj == m.name } + Devise.mappings.values.detect { |m| obj == m.name } when Class - Devise.mappings.detect { |m| obj <= m.to } + Devise.mappings.values.detect { |m| obj <= m.to } else - Devise.mappings.detect { |m| obj.is_a?(m.to) } + Devise.mappings.values.detect { |m| obj.is_a?(m.to) } end raise "Could not find a valid mapping for #{obj.inspect}" unless mapping From e085526b6ea3e1144b6df32c5b814944ad7b6c9b Mon Sep 17 00:00:00 2001 From: David Henry Date: Fri, 2 May 2014 00:22:20 +0100 Subject: [PATCH 0463/1473] Get the logic in the right order and fix variable naming (and run the tests) --- app/controllers/devise/registrations_controller.rb | 2 +- lib/devise/mapping.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 7d4b736c1f..6adefc6a95 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -112,7 +112,7 @@ def after_sign_up_path_for(resource) # The path used after sign up for inactive accounts. You need to overwrite # this method in your own RegistrationsController. def after_inactive_sign_up_path_for(resource) - scope, router_name = Devise::Mapping.find_scope!(resource_or_scope, :include_router_name) + scope, router_name = Devise::Mapping.find_scope!(resource, :include_router_name) context = router_name ? send(router_name) : self context.respond_to?(:root_path) ? context.root_path : "/" end diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 2269041666..47d2c06f88 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -43,7 +43,7 @@ def self.find_scope!(obj, *flags) end raise "Could not find a valid mapping for #{obj.inspect}" unless mapping - return (include_router_name ? mapping.name : [mapping.name, mapping.router_name]) + return (include_router_name ? [mapping.name, mapping.router_name] : mapping.name) end def self.find_by_path!(path, path_type=:fullpath) From 23761aded2a8dd03c013a0140e015369b1f08891 Mon Sep 17 00:00:00 2001 From: David Henry Date: Sat, 3 May 2014 22:37:21 +0100 Subject: [PATCH 0464/1473] Add find_mapping! method to return the router_name instead of overloading find_scope! --- .../devise/registrations_controller.rb | 2 +- lib/devise/controllers/helpers.rb | 5 ++-- lib/devise/controllers/url_helpers.rb | 3 +- lib/devise/mapping.rb | 29 +++++++++++++------ 4 files changed, 26 insertions(+), 13 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 6adefc6a95..4d4c960b36 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -112,7 +112,7 @@ def after_sign_up_path_for(resource) # The path used after sign up for inactive accounts. You need to overwrite # this method in your own RegistrationsController. def after_inactive_sign_up_path_for(resource) - scope, router_name = Devise::Mapping.find_scope!(resource, :include_router_name) + router_name = Devise::Mapping.find_mapping!(resource) context = router_name ? send(router_name) : self context.respond_to?(:root_path) ? context.root_path : "/" end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index b0964611eb..8af8a3d337 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -101,7 +101,8 @@ def allow_params_authentication! # The scope root url to be used when they're signed in. By default, it first # tries to find a resource_root_path, otherwise it uses the root_path. def signed_in_root_path(resource_or_scope) - scope, router_name = Devise::Mapping.find_scope!(resource_or_scope, :include_router_name) + scope = Devise::Mapping.find_scope!(resource_or_scope) + router_name = Devise::Mapping.find_mapping!(resource_or_scope) home_path = "#{scope}_root_path" context = router_name ? send(router_name) : self @@ -155,7 +156,7 @@ def after_sign_in_path_for(resource_or_scope) # # By default it is the root_path. def after_sign_out_path_for(resource_or_scope) - scope, router_name = Devise::Mapping.find_scope!(resource_or_scope, :include_router_name) + router_name = Devise::Mapping.find_mapping!(resource_or_scope) context = router_name ? send(router_name) : self context.respond_to?(:root_path) ? context.root_path : "/" end diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index 80fe04dc61..28c5c45f4c 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -46,7 +46,8 @@ def self.generate_helpers!(routes=nil) class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1 def #{method}(resource_or_scope, *args) - scope, router_name = Devise::Mapping.find_scope!(resource_or_scope, :include_router_name) + scope = Devise::Mapping.find_scope!(resource_or_scope) + router_name = Devise::Mapping.find_mapping!(resource_or_scope) context = router_name ? send(router_name) : _devise_route_context context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args) end diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 47d2c06f88..f39c431f0b 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -30,20 +30,31 @@ class Mapping #:nodoc: # Receives an object and find a scope for it. If a scope cannot be found, # raises an error. If a symbol is given, it's considered to be the scope. - def self.find_scope!(obj, *flags) - include_router_name = flags.include?(:include_router_name) - mapping = case obj + def self.find_scope!(obj) + case obj when String, Symbol - return obj unless include_router_name - Devise.mappings.values.detect { |m| obj == m.name } + return obj when Class - Devise.mappings.values.detect { |m| obj <= m.to } + Devise.mappings.each_value { |m| return m.name if obj <= m.to } else - Devise.mappings.values.detect { |m| obj.is_a?(m.to) } + Devise.mappings.each_value { |m| return m.name if obj.is_a?(m.to) } end - raise "Could not find a valid mapping for #{obj.inspect}" unless mapping - return (include_router_name ? [mapping.name, mapping.router_name] : mapping.name) + raise "Could not find a valid mapping for #{obj.inspect}" + end + + def self.find_mapping!(obj) + case obj + when String, Symbol + scope = obj.to_sym + Devise.mappings.each_value { |m| return m.router_name if m.name == scope } + when Class + Devise.mappings.each_value { |m| return m.router_name if obj <= m.to } + else + Devise.mappings.each_value { |m| return m.router_name if obj.is_a?(m.to) } + end + + raise "Could not find a valid mapping for #{obj.inspect}" unless mapping end def self.find_by_path!(path, path_type=:fullpath) From 2dee54bc865526ed3c12f7a848689928d2f878d1 Mon Sep 17 00:00:00 2001 From: David Henry Date: Sat, 3 May 2014 22:41:32 +0100 Subject: [PATCH 0465/1473] make the find_mapping! method return a mapping object --- app/controllers/devise/registrations_controller.rb | 2 +- lib/devise/controllers/helpers.rb | 7 ++++--- lib/devise/controllers/url_helpers.rb | 5 +++-- lib/devise/mapping.rb | 6 +++--- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 4d4c960b36..4a350f8080 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -112,7 +112,7 @@ def after_sign_up_path_for(resource) # The path used after sign up for inactive accounts. You need to overwrite # this method in your own RegistrationsController. def after_inactive_sign_up_path_for(resource) - router_name = Devise::Mapping.find_mapping!(resource) + router_name = Devise::Mapping.find_mapping!(resource).router_name context = router_name ? send(router_name) : self context.respond_to?(:root_path) ? context.root_path : "/" end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 8af8a3d337..e82d1d0abf 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -101,8 +101,9 @@ def allow_params_authentication! # The scope root url to be used when they're signed in. By default, it first # tries to find a resource_root_path, otherwise it uses the root_path. def signed_in_root_path(resource_or_scope) - scope = Devise::Mapping.find_scope!(resource_or_scope) - router_name = Devise::Mapping.find_mapping!(resource_or_scope) + mapping = Devise::Mapping.find_mapping!(resource_or_scope) + scope = mapping.name + router_name = mapping.router_name home_path = "#{scope}_root_path" context = router_name ? send(router_name) : self @@ -156,7 +157,7 @@ def after_sign_in_path_for(resource_or_scope) # # By default it is the root_path. def after_sign_out_path_for(resource_or_scope) - router_name = Devise::Mapping.find_mapping!(resource_or_scope) + router_name = Devise::Mapping.find_mapping!(resource_or_scope).router_name context = router_name ? send(router_name) : self context.respond_to?(:root_path) ? context.root_path : "/" end diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index 28c5c45f4c..4067745e81 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -46,8 +46,9 @@ def self.generate_helpers!(routes=nil) class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1 def #{method}(resource_or_scope, *args) - scope = Devise::Mapping.find_scope!(resource_or_scope) - router_name = Devise::Mapping.find_mapping!(resource_or_scope) + mapping = Devise::Mapping.find_mapping!(resource_or_scope) + scope = mapping.name + router_name = mapping.router_name context = router_name ? send(router_name) : _devise_route_context context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args) end diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index f39c431f0b..fa39dd3380 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -47,11 +47,11 @@ def self.find_mapping!(obj) case obj when String, Symbol scope = obj.to_sym - Devise.mappings.each_value { |m| return m.router_name if m.name == scope } + Devise.mappings.each_value { |m| return m if m.name == scope } when Class - Devise.mappings.each_value { |m| return m.router_name if obj <= m.to } + Devise.mappings.each_value { |m| return m if obj <= m.to } else - Devise.mappings.each_value { |m| return m.router_name if obj.is_a?(m.to) } + Devise.mappings.each_value { |m| return m if obj.is_a?(m.to) } end raise "Could not find a valid mapping for #{obj.inspect}" unless mapping From 1dd84a8244f3a1ce6c17aa4b5f606a3fef0fff0c Mon Sep 17 00:00:00 2001 From: David Henry Date: Sat, 3 May 2014 22:46:04 +0100 Subject: [PATCH 0466/1473] Don't couple the routing object to the whole system.. pass around the RoutingDetails object instead. NOTE: RoutingDetails is supposed to be a simple data transfer object. --- lib/devise/controllers/helpers.rb | 2 +- lib/devise/controllers/url_helpers.rb | 2 +- lib/devise/mapping.rb | 14 +++++++++++--- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index e82d1d0abf..96646d4184 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -102,7 +102,7 @@ def allow_params_authentication! # tries to find a resource_root_path, otherwise it uses the root_path. def signed_in_root_path(resource_or_scope) mapping = Devise::Mapping.find_mapping!(resource_or_scope) - scope = mapping.name + scope = mapping.scope router_name = mapping.router_name home_path = "#{scope}_root_path" diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index 4067745e81..ebc574d8e2 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -47,7 +47,7 @@ def self.generate_helpers!(routes=nil) class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1 def #{method}(resource_or_scope, *args) mapping = Devise::Mapping.find_mapping!(resource_or_scope) - scope = mapping.name + scope = mapping.scope router_name = mapping.router_name context = router_name ? send(router_name) : _devise_route_context context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index fa39dd3380..da8630beca 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -1,4 +1,12 @@ module Devise + class RoutingDetails + attr_reader :scope, :router_name + + def initialize(mapping) + @scope = mapping.name + @router_name = mapping.router_name + end + end # Responsible for handling devise mappings and routes configuration. Each # resource configured by devise_for in routes is actually creating a mapping # object. You can refer to devise_for in routes for usage options. @@ -47,11 +55,11 @@ def self.find_mapping!(obj) case obj when String, Symbol scope = obj.to_sym - Devise.mappings.each_value { |m| return m if m.name == scope } + Devise.mappings.each_value { |m| return RoutingDetails.new(m) if m.name == scope } when Class - Devise.mappings.each_value { |m| return m if obj <= m.to } + Devise.mappings.each_value { |m| return RoutingDetails.new(m) if obj <= m.to } else - Devise.mappings.each_value { |m| return m if obj.is_a?(m.to) } + Devise.mappings.each_value { |m| return RoutingDetails.new(m) if obj.is_a?(m.to) } end raise "Could not find a valid mapping for #{obj.inspect}" unless mapping From feff27aaeeb2988358b4a489e2659b74bfdf7fe8 Mon Sep 17 00:00:00 2001 From: David Henry Date: Sat, 3 May 2014 22:47:27 +0100 Subject: [PATCH 0467/1473] Add description around the new method. --- lib/devise/mapping.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index da8630beca..07b8f24a97 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -51,6 +51,9 @@ def self.find_scope!(obj) raise "Could not find a valid mapping for #{obj.inspect}" end + # Receives an object and find a mapping for it, then return the routing + # details associated with the mapping. If a scope cannot be found, + # raises an error. def self.find_mapping!(obj) case obj when String, Symbol From d875c01bc2bb2d5582091b4f4af2dd18e7ca9e21 Mon Sep 17 00:00:00 2001 From: David Henry Date: Sat, 3 May 2014 23:22:00 +0100 Subject: [PATCH 0468/1473] Extract routing context to its own file. --- lib/devise/mapping.rb | 8 -------- lib/devise/routing_details.rb | 12 ++++++++++++ 2 files changed, 12 insertions(+), 8 deletions(-) create mode 100644 lib/devise/routing_details.rb diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 07b8f24a97..342b6a8a4f 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -1,12 +1,4 @@ module Devise - class RoutingDetails - attr_reader :scope, :router_name - - def initialize(mapping) - @scope = mapping.name - @router_name = mapping.router_name - end - end # Responsible for handling devise mappings and routes configuration. Each # resource configured by devise_for in routes is actually creating a mapping # object. You can refer to devise_for in routes for usage options. diff --git a/lib/devise/routing_details.rb b/lib/devise/routing_details.rb new file mode 100644 index 0000000000..b53b7d813d --- /dev/null +++ b/lib/devise/routing_details.rb @@ -0,0 +1,12 @@ +module Devise + # This is a data transfer object to avoid coupling between + # Devive::Mapping and the rest of the application. + class RoutingDetails + attr_reader :scope, :router_name + + def initialize(mapping) + @scope = mapping.name + @router_name = mapping.router_name + end + end +end From 3e8fce5081b1317e03cd774f55b8e308e219edd0 Mon Sep 17 00:00:00 2001 From: David Henry Date: Sun, 4 May 2014 12:53:25 +0100 Subject: [PATCH 0469/1473] Make sure I include the new class into the gem --- lib/devise.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/devise.rb b/lib/devise.rb index 2b99d923e4..da3bab0729 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -489,6 +489,7 @@ def self.secure_compare(a, b) end require 'warden' +require 'devise/routing_details' require 'devise/mapping' require 'devise/models' require 'devise/modules' From 33873426ad1a3d45efb2931b024edf6342b10907 Mon Sep 17 00:00:00 2001 From: David Henry Date: Sun, 4 May 2014 22:59:29 +0100 Subject: [PATCH 0470/1473] Use 2.1 instead of 2.1.0 travis-ci/travis-ci#2220 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index fc75ec2ed1..eb20a23089 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ install: script/cached-bundle install --deployment --path vendor/bundle rvm: - 1.9.3 - 2.0.0 - - 2.1.0 + - 2.1 env: matrix: - DEVISE_ORM=mongoid From 7bab20e55e171b0eab5387633d436c5a790ef981 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 4 May 2014 21:21:45 -0300 Subject: [PATCH 0471/1473] Update main Gemfile dependencies. --- Gemfile | 6 +- Gemfile.lock | 165 +++++++++++++++++++++++++++------------------------ 2 files changed, 89 insertions(+), 82 deletions(-) diff --git a/Gemfile b/Gemfile index 7cb4e7bac3..85667cc88a 100644 --- a/Gemfile +++ b/Gemfile @@ -2,9 +2,9 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 4.0.0" -gem "omniauth", "~> 1.0.0" -gem "omniauth-oauth2", "~> 1.0.0" +gem "rails", "~> 4.1.0" +gem "omniauth", "~> 1.2.0" +gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" group :test do diff --git a/Gemfile.lock b/Gemfile.lock index e481eec3b1..52518b52aa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: dba1c17b1dba667e50347ab616aaf6f2e1bee094 + revision: e93a4837b0266db46c24aae172e184f57c847b04 branch: master specs: mongoid (4.0.0.beta1) @@ -22,123 +22,130 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.0.0) - actionpack (= 4.0.0) - mail (~> 2.5.3) - actionpack (4.0.0) - activesupport (= 4.0.0) - builder (~> 3.1.0) - erubis (~> 2.7.0) + actionmailer (4.1.0) + actionpack (= 4.1.0) + actionview (= 4.1.0) + mail (~> 2.5.4) + actionpack (4.1.0) + actionview (= 4.1.0) + activesupport (= 4.1.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.0) - activesupport (= 4.0.0) - builder (~> 3.1.0) - activerecord (4.0.0) - activemodel (= 4.0.0) - activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.0) - arel (~> 4.0.0) - activerecord-deprecated_finders (1.0.3) - activesupport (4.0.0) - i18n (~> 0.6, >= 0.6.4) - minitest (~> 4.2) - multi_json (~> 1.3) + actionview (4.1.0) + activesupport (= 4.1.0) + builder (~> 3.1) + erubis (~> 2.7.0) + activemodel (4.1.0) + activesupport (= 4.1.0) + builder (~> 3.1) + activerecord (4.1.0) + activemodel (= 4.1.0) + activesupport (= 4.1.0) + arel (~> 5.0.0) + activesupport (4.1.0) + i18n (~> 0.6, >= 0.6.9) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) thread_safe (~> 0.1) - tzinfo (~> 0.3.37) - arel (4.0.0) - atomic (1.1.16) + tzinfo (~> 1.1) + arel (5.0.1.20140414130214) bcrypt (3.1.7) - bson (2.2.1) - builder (3.1.4) - connection_pool (1.2.0) + bson (2.2.2) + builder (3.2.2) + connection_pool (2.0.0) erubis (2.7.0) - faraday (0.8.8) - multipart-post (~> 1.2.0) - hashie (1.2.0) + faraday (0.9.0) + multipart-post (>= 1.2, < 3) + hashie (2.1.1) hike (1.2.3) - httpauth (0.2.0) i18n (0.6.9) - json (1.8.0) - jwt (0.1.8) + json (1.8.1) + jwt (0.1.11) multi_json (>= 1.5) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.4) - mime-types (1.23) - minitest (4.7.5) + mime-types (1.25.1) + mini_portile (0.5.3) + minitest (5.3.3) mocha (1.0.0) metaclass (~> 0.0.1) - moped (2.0.0.beta6) + moped (2.0.0.rc1) bson (~> 2.2) - connection_pool (~> 1.2) + connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.9.2) - multipart-post (1.2.0) - nokogiri (1.5.9) - oauth2 (0.8.1) - faraday (~> 0.8) - httpauth (~> 0.1) - jwt (~> 0.1.4) - multi_json (~> 1.0) + multi_json (1.9.3) + multi_xml (0.5.5) + multipart-post (2.0.0) + nokogiri (1.6.1) + mini_portile (~> 0.5.0) + oauth2 (0.9.3) + faraday (>= 0.8, < 0.10) + jwt (~> 0.1.8) + multi_json (~> 1.3) + multi_xml (~> 0.5) rack (~> 1.2) - omniauth (1.0.3) - hashie (~> 1.2) - rack - omniauth-facebook (1.4.0) - omniauth-oauth2 (~> 1.0.2) - omniauth-oauth2 (1.0.3) - oauth2 (~> 0.8.0) - omniauth (~> 1.0) + omniauth (1.2.1) + hashie (>= 1.2, < 3) + rack (~> 1.0) + omniauth-facebook (1.6.0) + omniauth-oauth2 (~> 1.1) + omniauth-oauth2 (1.1.2) + faraday (>= 0.8, < 0.10) + multi_json (~> 1.3) + oauth2 (~> 0.9.3) + omniauth (~> 1.2) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.1.0) + origin (2.1.1) orm_adapter (0.5.0) - polyglot (0.3.3) + polyglot (0.3.4) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.0.0) - actionmailer (= 4.0.0) - actionpack (= 4.0.0) - activerecord (= 4.0.0) - activesupport (= 4.0.0) + rails (4.1.0) + actionmailer (= 4.1.0) + actionpack (= 4.1.0) + actionview (= 4.1.0) + activemodel (= 4.1.0) + activerecord (= 4.1.0) + activesupport (= 4.1.0) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.0) - sprockets-rails (~> 2.0.0) - railties (4.0.0) - actionpack (= 4.0.0) - activesupport (= 4.0.0) + railties (= 4.1.0) + sprockets-rails (~> 2.0) + railties (4.1.0) + actionpack (= 4.1.0) + activesupport (= 4.1.0) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.1.0) - rdoc (4.0.1) + rake (10.3.1) + rdoc (4.1.1) json (~> 1.4) - ruby-openid (2.2.3) - sprockets (2.10.0) + ruby-openid (2.5.0) + sprockets (2.12.1) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.0.0) + sprockets-rails (2.1.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (~> 2.8) - sqlite3 (1.3.7) - thor (0.18.1) - thread_safe (0.3.1) - atomic (>= 1.1.7, < 2) + sqlite3 (1.3.9) + thor (0.19.1) + thread_safe (0.3.3) tilt (1.4.1) - treetop (1.4.14) + treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.39) + tzinfo (1.1.0) + thread_safe (~> 0.1) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) @@ -156,11 +163,11 @@ DEPENDENCIES jruby-openssl mocha (~> 1.0.0) mongoid! - omniauth (~> 1.0.0) + omniauth (~> 1.2.0) omniauth-facebook - omniauth-oauth2 (~> 1.0.0) + omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (~> 4.0.0) + rails (~> 4.1.0) rdoc sqlite3 webrat (= 0.7.3) From 303145c8b788d4f11fb5418b92bb6e0035ba2c20 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 4 May 2014 21:28:01 -0300 Subject: [PATCH 0472/1473] Update 3-2-stable Gemfile dependencies. --- gemfiles/Gemfile.rails-3.2-stable | 4 +- gemfiles/Gemfile.rails-3.2-stable.lock | 54 +++++++++++++------------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/gemfiles/Gemfile.rails-3.2-stable b/gemfiles/Gemfile.rails-3.2-stable index d5740f25e1..efed60a8e6 100644 --- a/gemfiles/Gemfile.rails-3.2-stable +++ b/gemfiles/Gemfile.rails-3.2-stable @@ -3,8 +3,8 @@ source "https://rubygems.org" gemspec path: '..' gem "rails", github: 'rails/rails', branch: '3-2-stable' -gem "omniauth", "~> 1.0.0" -gem "omniauth-oauth2", "~> 1.0.0" +gem "omniauth", "~> 1.2.0" +gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" group :test do diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index 7dde1d367a..d490d5df0e 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -60,15 +60,13 @@ GEM remote: https://rubygems.org/ specs: arel (3.0.3) - atomic (1.1.16) bcrypt (3.1.7) builder (3.0.4) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (1.2.0) + hashie (2.1.1) hike (1.2.3) - httpauth (0.2.1) i18n (0.6.9) journey (1.0.4) json (1.8.1) @@ -79,7 +77,7 @@ GEM treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.5.2) + mini_portile (0.5.3) mocha (1.0.0) metaclass (~> 0.0.1) mongoid (3.1.6) @@ -88,24 +86,27 @@ GEM origin (~> 1.0) tzinfo (~> 0.3.29) moped (1.5.2) - multi_json (1.8.4) + multi_json (1.9.3) + multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.1) mini_portile (~> 0.5.0) - oauth2 (0.8.1) - faraday (~> 0.8) - httpauth (~> 0.1) - jwt (~> 0.1.4) - multi_json (~> 1.0) + oauth2 (0.9.3) + faraday (>= 0.8, < 0.10) + jwt (~> 0.1.8) + multi_json (~> 1.3) + multi_xml (~> 0.5) rack (~> 1.2) - omniauth (1.0.3) - hashie (~> 1.2) - rack - omniauth-facebook (1.4.0) - omniauth-oauth2 (~> 1.0.2) - omniauth-oauth2 (1.0.3) - oauth2 (~> 0.8.0) - omniauth (~> 1.0) + omniauth (1.2.1) + hashie (>= 1.2, < 3) + rack (~> 1.0) + omniauth-facebook (1.6.0) + omniauth-oauth2 (~> 1.1) + omniauth-oauth2 (1.1.2) + faraday (>= 0.8, < 0.10) + multi_json (~> 1.3) + oauth2 (~> 0.9.3) + omniauth (~> 1.2) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) @@ -118,11 +119,11 @@ GEM rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-ssl (1.3.3) + rack-ssl (1.3.4) rack rack-test (0.6.2) rack (>= 1.0) - rake (10.1.1) + rake (10.3.1) rdoc (3.12.2) json (~> 1.4) ruby-openid (2.5.0) @@ -131,15 +132,14 @@ GEM multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.8) - thor (0.18.1) - thread_safe (0.2.0) - atomic (>= 1.1.7, < 2) + sqlite3 (1.3.9) + thor (0.19.1) + thread_safe (0.3.3) tilt (1.4.1) treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.38) + tzinfo (0.3.39) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) @@ -157,9 +157,9 @@ DEPENDENCIES jruby-openssl mocha (~> 1.0.0) mongoid (~> 3.0) - omniauth (~> 1.0.0) + omniauth (~> 1.2.0) omniauth-facebook - omniauth-oauth2 (~> 1.0.0) + omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) rails! rdoc From 4110ab3228aea7a4acff869e9b3a16bdada067e0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 4 May 2014 21:30:06 -0300 Subject: [PATCH 0473/1473] Update 4-0-stable Gemfile dependencies. --- gemfiles/Gemfile.rails-4.0-stable | 4 +- gemfiles/Gemfile.rails-4.0-stable.lock | 112 ++++++++++++------------- 2 files changed, 58 insertions(+), 58 deletions(-) diff --git a/gemfiles/Gemfile.rails-4.0-stable b/gemfiles/Gemfile.rails-4.0-stable index d09acddd4a..3688a50ea6 100644 --- a/gemfiles/Gemfile.rails-4.0-stable +++ b/gemfiles/Gemfile.rails-4.0-stable @@ -3,8 +3,8 @@ source "https://rubygems.org" gemspec path: '..' gem "rails", github: 'rails/rails', branch: '4-0-stable' -gem "omniauth", "~> 1.0.0" -gem "omniauth-oauth2", "~> 1.0.0" +gem "omniauth", "~> 1.2.0" +gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" group :test do diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index a5b66ea5ed..78742d59e0 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 5b0f031992cbec66d68c6cb288a4edb952ed5336 + revision: e93a4837b0266db46c24aae172e184f57c847b04 branch: master specs: mongoid (4.0.0.beta1) @@ -11,43 +11,43 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: ccb0301bd43a385305f2d000aa085407926a1059 + revision: 2961fa8819e4d6a4007dbe54209a3de893b3604f branch: 4-0-stable specs: - actionmailer (4.0.2) - actionpack (= 4.0.2) + actionmailer (4.0.4) + actionpack (= 4.0.4) mail (~> 2.5.4) - actionpack (4.0.2) - activesupport (= 4.0.2) + actionpack (4.0.4) + activesupport (= 4.0.4) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.2) - activesupport (= 4.0.2) + activemodel (4.0.4) + activesupport (= 4.0.4) builder (~> 3.1.0) - activerecord (4.0.2) - activemodel (= 4.0.2) + activerecord (4.0.4) + activemodel (= 4.0.4) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.2) + activesupport (= 4.0.4) arel (~> 4.0.0) - activesupport (4.0.2) + activesupport (4.0.4) i18n (~> 0.6, >= 0.6.9) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) - rails (4.0.2) - actionmailer (= 4.0.2) - actionpack (= 4.0.2) - activerecord (= 4.0.2) - activesupport (= 4.0.2) + rails (4.0.4) + actionmailer (= 4.0.4) + actionpack (= 4.0.4) + activerecord (= 4.0.4) + activesupport (= 4.0.4) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.2) - sprockets-rails (~> 2.0.0) - railties (4.0.2) - actionpack (= 4.0.2) - activesupport (= 4.0.2) + railties (= 4.0.4) + sprockets-rails (~> 2.0) + railties (4.0.4) + actionpack (= 4.0.4) + activesupport (= 4.0.4) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -66,17 +66,15 @@ GEM specs: activerecord-deprecated_finders (1.0.3) arel (4.0.2) - atomic (1.1.14) bcrypt (3.1.7) - bson (2.2.0) + bson (2.2.2) builder (3.1.4) - connection_pool (1.2.0) + connection_pool (2.0.0) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (1.2.0) + hashie (2.1.1) hike (1.2.3) - httpauth (0.2.1) i18n (0.6.9) json (1.8.1) jwt (0.1.11) @@ -86,67 +84,69 @@ GEM treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.5.2) + mini_portile (0.5.3) minitest (4.7.5) mocha (1.0.0) metaclass (~> 0.0.1) - moped (2.0.0.beta6) + moped (2.0.0.rc1) bson (~> 2.2) - connection_pool (~> 1.2) + connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.8.4) + multi_json (1.9.3) + multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.1) mini_portile (~> 0.5.0) - oauth2 (0.8.1) - faraday (~> 0.8) - httpauth (~> 0.1) - jwt (~> 0.1.4) - multi_json (~> 1.0) + oauth2 (0.9.3) + faraday (>= 0.8, < 0.10) + jwt (~> 0.1.8) + multi_json (~> 1.3) + multi_xml (~> 0.5) rack (~> 1.2) - omniauth (1.0.3) - hashie (~> 1.2) - rack - omniauth-facebook (1.4.0) - omniauth-oauth2 (~> 1.0.2) - omniauth-oauth2 (1.0.3) - oauth2 (~> 0.8.0) - omniauth (~> 1.0) + omniauth (1.2.1) + hashie (>= 1.2, < 3) + rack (~> 1.0) + omniauth-facebook (1.6.0) + omniauth-oauth2 (~> 1.1) + omniauth-oauth2 (1.1.2) + faraday (>= 0.8, < 0.10) + multi_json (~> 1.3) + oauth2 (~> 0.9.3) + omniauth (~> 1.2) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.1.0) + origin (2.1.1) orm_adapter (0.5.0) - polyglot (0.3.3) + polyglot (0.3.4) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rake (10.1.1) + rake (10.3.1) rdoc (4.1.1) json (~> 1.4) ruby-openid (2.5.0) - sprockets (2.10.1) + sprockets (2.12.1) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.0.1) + sprockets-rails (2.1.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (~> 2.8) - sqlite3 (1.3.8) - thor (0.18.1) - thread_safe (0.1.3) - atomic + sqlite3 (1.3.9) + thor (0.19.1) + thread_safe (0.3.3) tilt (1.4.1) treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.38) + tzinfo (0.3.39) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) @@ -164,9 +164,9 @@ DEPENDENCIES jruby-openssl mocha (~> 1.0.0) mongoid! - omniauth (~> 1.0.0) + omniauth (~> 1.2.0) omniauth-facebook - omniauth-oauth2 (~> 1.0.0) + omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) rails! rdoc From 3014bcbc452280f057c2e1b67c3c28bd16c8d59e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 4 May 2014 21:36:38 -0300 Subject: [PATCH 0474/1473] Update Rails HEAD Gemfile dependencies. --- gemfiles/Gemfile.rails-head | 7 +- gemfiles/Gemfile.rails-head.lock | 130 ++++++++++++++++--------------- 2 files changed, 72 insertions(+), 65 deletions(-) diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index 444294f9e7..d43c27ed83 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -2,9 +2,10 @@ source "https://rubygems.org" gemspec path: '..' -gem "rails", github: 'rails/rails' -gem "omniauth", "~> 1.0.0" -gem "omniauth-oauth2", "~> 1.0.0" +gem "rails", github: "rails/rails" +gem "arel", github: "rails/arel" +gem "omniauth", "~> 1.2.0" +gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" group :test do diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index 6f83c44006..ee8fcae63a 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 5fcb8ddd0ac749a81f499d31722582bda7e654b1 + revision: e93a4837b0266db46c24aae172e184f57c847b04 branch: master specs: mongoid (4.0.0.beta1) @@ -9,49 +9,55 @@ GIT origin (~> 2.1) tzinfo (>= 0.3.37) +GIT + remote: git://github.com/rails/arel.git + revision: d30b47ed86fd26f36e73d68a8e91f9d8912f1bfe + specs: + arel (5.0.0.20140412150050) + GIT remote: git://github.com/rails/rails.git - revision: 25ce856c3ea8beb864994b4b13df07b48574df9b + revision: e918516d2fdfa24e5fc04ef14e371f08f4a8315f specs: - actionmailer (4.1.0.beta2) - actionpack (= 4.1.0.beta2) - actionview (= 4.1.0.beta2) + actionmailer (4.2.0.alpha) + actionpack (= 4.2.0.alpha) + actionview (= 4.2.0.alpha) mail (~> 2.5.4) - actionpack (4.1.0.beta2) - actionview (= 4.1.0.beta2) - activesupport (= 4.1.0.beta2) + actionpack (4.2.0.alpha) + actionview (= 4.2.0.alpha) + activesupport (= 4.2.0.alpha) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.0.beta2) - activesupport (= 4.1.0.beta2) + actionview (4.2.0.alpha) + activesupport (= 4.2.0.alpha) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.0.beta2) - activesupport (= 4.1.0.beta2) + activemodel (4.2.0.alpha) + activesupport (= 4.2.0.alpha) builder (~> 3.1) - activerecord (4.1.0.beta2) - activemodel (= 4.1.0.beta2) - activesupport (= 4.1.0.beta2) + activerecord (4.2.0.alpha) + activemodel (= 4.2.0.alpha) + activesupport (= 4.2.0.alpha) arel (~> 5.0.0) - activesupport (4.1.0.beta2) + activesupport (4.2.0.alpha) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - rails (4.1.0.beta2) - actionmailer (= 4.1.0.beta2) - actionpack (= 4.1.0.beta2) - actionview (= 4.1.0.beta2) - activemodel (= 4.1.0.beta2) - activerecord (= 4.1.0.beta2) - activesupport (= 4.1.0.beta2) + rails (4.2.0.alpha) + actionmailer (= 4.2.0.alpha) + actionpack (= 4.2.0.alpha) + actionview (= 4.2.0.alpha) + activemodel (= 4.2.0.alpha) + activerecord (= 4.2.0.alpha) + activesupport (= 4.2.0.alpha) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.0.beta2) - sprockets-rails (~> 2.0.0) - railties (4.1.0.beta2) - actionpack (= 4.1.0.beta2) - activesupport (= 4.1.0.beta2) + railties (= 4.2.0.alpha) + sprockets-rails (~> 2.1) + railties (4.2.0.alpha) + actionpack (= 4.2.0.alpha) + activesupport (= 4.2.0.alpha) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -68,18 +74,15 @@ PATH GEM remote: https://rubygems.org/ specs: - arel (5.0.0) - atomic (1.1.14) bcrypt (3.1.7) - bson (2.2.1) + bson (2.2.2) builder (3.2.2) - connection_pool (1.2.0) + connection_pool (2.0.0) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (1.2.0) + hashie (2.1.1) hike (1.2.3) - httpauth (0.2.1) i18n (0.6.9) json (1.8.1) jwt (0.1.11) @@ -89,37 +92,40 @@ GEM treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.5.2) - minitest (5.2.3) + mini_portile (0.5.3) + minitest (5.3.3) mocha (1.0.0) metaclass (~> 0.0.1) - moped (2.0.0.beta6) + moped (2.0.0.rc1) bson (~> 2.2) - connection_pool (~> 1.2) + connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.8.4) + multi_json (1.9.3) + multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.1) mini_portile (~> 0.5.0) - oauth2 (0.8.1) - faraday (~> 0.8) - httpauth (~> 0.1) - jwt (~> 0.1.4) - multi_json (~> 1.0) + oauth2 (0.9.3) + faraday (>= 0.8, < 0.10) + jwt (~> 0.1.8) + multi_json (~> 1.3) + multi_xml (~> 0.5) rack (~> 1.2) - omniauth (1.0.3) - hashie (~> 1.2) - rack - omniauth-facebook (1.4.0) - omniauth-oauth2 (~> 1.0.2) - omniauth-oauth2 (1.0.3) - oauth2 (~> 0.8.0) - omniauth (~> 1.0) + omniauth (1.2.1) + hashie (>= 1.2, < 3) + rack (~> 1.0) + omniauth-facebook (1.6.0) + omniauth-oauth2 (~> 1.1) + omniauth-oauth2 (1.1.2) + faraday (>= 0.8, < 0.10) + multi_json (~> 1.3) + oauth2 (~> 0.9.3) + omniauth (~> 1.2) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.1.0) + origin (2.1.1) orm_adapter (0.5.0) polyglot (0.3.4) rack (1.5.2) @@ -128,23 +134,22 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rake (10.1.1) + rake (10.3.1) rdoc (4.1.1) json (~> 1.4) ruby-openid (2.5.0) - sprockets (2.10.1) + sprockets (2.12.1) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.0.1) + sprockets-rails (2.1.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (~> 2.8) - sqlite3 (1.3.8) - thor (0.18.1) - thread_safe (0.1.3) - atomic + sqlite3 (1.3.9) + thor (0.19.1) + thread_safe (0.3.3) tilt (1.4.1) treetop (1.4.15) polyglot @@ -164,13 +169,14 @@ PLATFORMS DEPENDENCIES activerecord-jdbc-adapter activerecord-jdbcsqlite3-adapter + arel! devise! jruby-openssl mocha (~> 1.0.0) mongoid! - omniauth (~> 1.0.0) + omniauth (~> 1.2.0) omniauth-facebook - omniauth-oauth2 (~> 1.0.0) + omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) rails! rdoc From a3fc587c24323c2b147fe1b4ba45bdd50e20ea66 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 4 May 2014 22:45:07 -0300 Subject: [PATCH 0475/1473] Update Travis config to test on ruby 2.1.1 instead of 2.1.0 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index fc75ec2ed1..dc40146f19 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ install: script/cached-bundle install --deployment --path vendor/bundle rvm: - 1.9.3 - 2.0.0 - - 2.1.0 + - 2.1.1 env: matrix: - DEVISE_ORM=mongoid From c8fcbde2af61677b9f1c7305c76e33c3e3c223ab Mon Sep 17 00:00:00 2001 From: aditya-kapoor Date: Mon, 5 May 2014 13:41:08 +0530 Subject: [PATCH 0476/1473] split send_reset_password_instructions into two parts for better hooking --- lib/devise/models/recoverable.rb | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index d48d0dd768..94ab1ff392 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -45,14 +45,10 @@ def reset_password!(new_password, new_password_confirmation) # Resets reset password token and send reset password instructions by email. # Returns the token sent in the e-mail. def send_reset_password_instructions - raw, enc = Devise.token_generator.generate(self.class, :reset_password_token) + token = set_reset_password_token + send_reset_password_instruction_notification(token) - self.reset_password_token = enc - self.reset_password_sent_at = Time.now.utc - self.save(validate: false) - - send_devise_notification(:reset_password_instructions, raw, {}) - raw + token end # Checks if the reset password token sent is within the limit time. @@ -90,6 +86,20 @@ def clear_reset_password_token def after_password_reset end + def set_reset_password_token + raw, enc = Devise.token_generator.generate(self.class, :reset_password_token) + + self.reset_password_token = enc + self.save(validate: false) + raw + end + + def send_reset_password_instruction_notification(token) + self.reset_password_sent_at = Time.now.utc + self.save(validate: false) + send_devise_notification(:reset_password_instructions, token, {}) + end + module ClassMethods # Attempt to find a user by password reset token. If a user is found, return it # If a user is not found, return nil From 2fc25a8c687be77c712859fa433c83b974e13aaa Mon Sep 17 00:00:00 2001 From: aditya-kapoor Date: Tue, 6 May 2014 01:23:55 +0530 Subject: [PATCH 0477/1473] rename method + remove extra db call --- lib/devise/models/recoverable.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 94ab1ff392..2694b338ef 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -46,7 +46,7 @@ def reset_password!(new_password, new_password_confirmation) # Returns the token sent in the e-mail. def send_reset_password_instructions token = set_reset_password_token - send_reset_password_instruction_notification(token) + send_reset_password_instructions_notification(token) token end @@ -90,13 +90,12 @@ def set_reset_password_token raw, enc = Devise.token_generator.generate(self.class, :reset_password_token) self.reset_password_token = enc + self.reset_password_sent_at = Time.now.utc self.save(validate: false) raw end - def send_reset_password_instruction_notification(token) - self.reset_password_sent_at = Time.now.utc - self.save(validate: false) + def send_reset_password_instructions_notification(token) send_devise_notification(:reset_password_instructions, token, {}) end From 1e8e8516f00637f0d451504e0820fa8caccc8cf7 Mon Sep 17 00:00:00 2001 From: David Henry Date: Mon, 5 May 2014 23:19:03 +0100 Subject: [PATCH 0478/1473] Simplify access to router_name using the existing scope lookup. --- .../devise/registrations_controller.rb | 3 ++- lib/devise/controllers/helpers.rb | 9 +++++---- lib/devise/controllers/url_helpers.rb | 5 ++--- lib/devise/mapping.rb | 17 ----------------- .../app/models/rails_engine/user.rb | 0 5 files changed, 9 insertions(+), 25 deletions(-) create mode 100644 test/rails_app/rails_engine/app/models/rails_engine/user.rb diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 4a350f8080..7c2f18a442 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -112,7 +112,8 @@ def after_sign_up_path_for(resource) # The path used after sign up for inactive accounts. You need to overwrite # this method in your own RegistrationsController. def after_inactive_sign_up_path_for(resource) - router_name = Devise::Mapping.find_mapping!(resource).router_name + scope = Devise::Mapping.find_scope!(resource) + router_name = Devise.mappings[scope].router_name context = router_name ? send(router_name) : self context.respond_to?(:root_path) ? context.root_path : "/" end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 96646d4184..48dd50e011 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -101,9 +101,9 @@ def allow_params_authentication! # The scope root url to be used when they're signed in. By default, it first # tries to find a resource_root_path, otherwise it uses the root_path. def signed_in_root_path(resource_or_scope) - mapping = Devise::Mapping.find_mapping!(resource_or_scope) - scope = mapping.scope - router_name = mapping.router_name + scope = Devise::Mapping.find_scope!(resource_or_scope) + router_name = Devise.mappings[scope].router_name + home_path = "#{scope}_root_path" context = router_name ? send(router_name) : self @@ -157,7 +157,8 @@ def after_sign_in_path_for(resource_or_scope) # # By default it is the root_path. def after_sign_out_path_for(resource_or_scope) - router_name = Devise::Mapping.find_mapping!(resource_or_scope).router_name + scope = Devise::Mapping.find_scope!(resource_or_scope) + router_name = Devise.mappings[scope].router_name context = router_name ? send(router_name) : self context.respond_to?(:root_path) ? context.root_path : "/" end diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index ebc574d8e2..465d698acf 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -46,9 +46,8 @@ def self.generate_helpers!(routes=nil) class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1 def #{method}(resource_or_scope, *args) - mapping = Devise::Mapping.find_mapping!(resource_or_scope) - scope = mapping.scope - router_name = mapping.router_name + scope = Devise::Mapping.find_scope!(resource_or_scope) + router_name = Devise.mappings[scope].router_name context = router_name ? send(router_name) : _devise_route_context context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args) end diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 342b6a8a4f..de787dc5c4 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -43,23 +43,6 @@ def self.find_scope!(obj) raise "Could not find a valid mapping for #{obj.inspect}" end - # Receives an object and find a mapping for it, then return the routing - # details associated with the mapping. If a scope cannot be found, - # raises an error. - def self.find_mapping!(obj) - case obj - when String, Symbol - scope = obj.to_sym - Devise.mappings.each_value { |m| return RoutingDetails.new(m) if m.name == scope } - when Class - Devise.mappings.each_value { |m| return RoutingDetails.new(m) if obj <= m.to } - else - Devise.mappings.each_value { |m| return RoutingDetails.new(m) if obj.is_a?(m.to) } - end - - raise "Could not find a valid mapping for #{obj.inspect}" unless mapping - end - def self.find_by_path!(path, path_type=:fullpath) Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) } raise "Could not find a valid mapping for path #{path.inspect}" diff --git a/test/rails_app/rails_engine/app/models/rails_engine/user.rb b/test/rails_app/rails_engine/app/models/rails_engine/user.rb new file mode 100644 index 0000000000..e69de29bb2 From 18da4b1effe1febb9f59f5fc3aa65a2ffa08677c Mon Sep 17 00:00:00 2001 From: David Henry Date: Mon, 5 May 2014 23:23:55 +0100 Subject: [PATCH 0479/1473] Stash as test have broken --- Gemfile | 1 + Gemfile.lock | 7 ++ test/rails_app/config/application.rb | 1 + test/rails_app/config/routes.rb | 2 + test/rails_app/rails_engine/Gemfile | 5 ++ test/rails_app/rails_engine/Gemfile.lock | 86 +++++++++++++++++++ test/rails_app/rails_engine/Rakefile | 13 +++ .../rails_engine/application_controller.rb | 4 + .../app/models/rails_engine/user.rb | 5 ++ .../layouts/rails_engine/application.html.erb | 14 +++ test/rails_app/rails_engine/bin/rails | 8 ++ test/rails_app/rails_engine/config/routes.rb | 5 ++ .../rails_engine/lib/rails_engine.rb | 4 + .../rails_engine/lib/rails_engine/engine.rb | 5 ++ .../rails_engine/lib/rails_engine/version.rb | 3 + .../lib/tasks/rails_engine_tasks.rake | 4 + .../rails_engine/rails_engine.gemspec | 16 ++++ 17 files changed, 183 insertions(+) create mode 100644 test/rails_app/rails_engine/Gemfile create mode 100644 test/rails_app/rails_engine/Gemfile.lock create mode 100644 test/rails_app/rails_engine/Rakefile create mode 100644 test/rails_app/rails_engine/app/controllers/rails_engine/application_controller.rb create mode 100644 test/rails_app/rails_engine/app/views/layouts/rails_engine/application.html.erb create mode 100755 test/rails_app/rails_engine/bin/rails create mode 100644 test/rails_app/rails_engine/config/routes.rb create mode 100644 test/rails_app/rails_engine/lib/rails_engine.rb create mode 100644 test/rails_app/rails_engine/lib/rails_engine/engine.rb create mode 100644 test/rails_app/rails_engine/lib/rails_engine/version.rb create mode 100644 test/rails_app/rails_engine/lib/tasks/rails_engine_tasks.rake create mode 100644 test/rails_app/rails_engine/rails_engine.gemspec diff --git a/Gemfile b/Gemfile index 7cb4e7bac3..d6944bea4d 100644 --- a/Gemfile +++ b/Gemfile @@ -12,6 +12,7 @@ group :test do gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.0.0", require: false + gemspec path: "test/rails_app/rails_engine" end platforms :jruby do diff --git a/Gemfile.lock b/Gemfile.lock index e481eec3b1..3582c65965 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,6 +19,12 @@ PATH thread_safe (~> 0.1) warden (~> 1.2.3) +PATH + remote: test/rails_app/rails_engine + specs: + rails_engine (0.0.1) + rails + GEM remote: https://rubygems.org/ specs: @@ -161,6 +167,7 @@ DEPENDENCIES omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) rails (~> 4.0.0) + rails_engine! rdoc sqlite3 webrat (= 0.7.3) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 91c75cb942..fb60bae76c 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -12,6 +12,7 @@ end require "devise" +require "rails_engine" module RailsApp class Application < Rails::Application diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 0e710b4938..136f0418e4 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -1,4 +1,6 @@ Rails.application.routes.draw do + mount RailsEngine::Engine => '/rails_engine', as: 'rails_engine' + # Resources for testing resources :users, only: [:index] do member do diff --git a/test/rails_app/rails_engine/Gemfile b/test/rails_app/rails_engine/Gemfile new file mode 100644 index 0000000000..7e2c3dff76 --- /dev/null +++ b/test/rails_app/rails_engine/Gemfile @@ -0,0 +1,5 @@ +source "https://rubygems.org" + +gemspec + + diff --git a/test/rails_app/rails_engine/Gemfile.lock b/test/rails_app/rails_engine/Gemfile.lock new file mode 100644 index 0000000000..aecb5fa0c0 --- /dev/null +++ b/test/rails_app/rails_engine/Gemfile.lock @@ -0,0 +1,86 @@ +PATH + remote: . + specs: + rails_engine (0.0.1) + rails (~> 4.0.0) + +GEM + remote: https://rubygems.org/ + specs: + actionmailer (4.0.4) + actionpack (= 4.0.4) + mail (~> 2.5.4) + actionpack (4.0.4) + activesupport (= 4.0.4) + builder (~> 3.1.0) + erubis (~> 2.7.0) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.4) + activesupport (= 4.0.4) + builder (~> 3.1.0) + activerecord (4.0.4) + activemodel (= 4.0.4) + activerecord-deprecated_finders (~> 1.0.2) + activesupport (= 4.0.4) + arel (~> 4.0.0) + activerecord-deprecated_finders (1.0.3) + activesupport (4.0.4) + i18n (~> 0.6, >= 0.6.9) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + arel (4.0.2) + builder (3.1.4) + erubis (2.7.0) + hike (1.2.3) + i18n (0.6.9) + mail (2.5.4) + mime-types (~> 1.16) + treetop (~> 1.4.8) + mime-types (1.25.1) + minitest (4.7.5) + multi_json (1.9.3) + polyglot (0.3.4) + rack (1.5.2) + rack-test (0.6.2) + rack (>= 1.0) + rails (4.0.4) + actionmailer (= 4.0.4) + actionpack (= 4.0.4) + activerecord (= 4.0.4) + activesupport (= 4.0.4) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.4) + sprockets-rails (~> 2.0.0) + railties (4.0.4) + actionpack (= 4.0.4) + activesupport (= 4.0.4) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (10.3.1) + sprockets (2.12.1) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.0.1) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) + sqlite3 (1.3.9) + thor (0.19.1) + thread_safe (0.3.3) + tilt (1.4.1) + treetop (1.4.15) + polyglot + polyglot (>= 0.3.1) + tzinfo (0.3.39) + +PLATFORMS + ruby + +DEPENDENCIES + rails_engine! + sqlite3 diff --git a/test/rails_app/rails_engine/Rakefile b/test/rails_app/rails_engine/Rakefile new file mode 100644 index 0000000000..834f9e763a --- /dev/null +++ b/test/rails_app/rails_engine/Rakefile @@ -0,0 +1,13 @@ +begin + require 'bundler/setup' +rescue LoadError + puts 'You must `gem install bundler` and `bundle install` to run rake tasks' +end + +load 'rails/tasks/engine.rake' + + + +Bundler::GemHelper.install_tasks + + diff --git a/test/rails_app/rails_engine/app/controllers/rails_engine/application_controller.rb b/test/rails_app/rails_engine/app/controllers/rails_engine/application_controller.rb new file mode 100644 index 0000000000..249809d88e --- /dev/null +++ b/test/rails_app/rails_engine/app/controllers/rails_engine/application_controller.rb @@ -0,0 +1,4 @@ +module RailsEngine + class ApplicationController < ActionController::Base + end +end diff --git a/test/rails_app/rails_engine/app/models/rails_engine/user.rb b/test/rails_app/rails_engine/app/models/rails_engine/user.rb index e69de29bb2..846acf9bf4 100644 --- a/test/rails_app/rails_engine/app/models/rails_engine/user.rb +++ b/test/rails_app/rails_engine/app/models/rails_engine/user.rb @@ -0,0 +1,5 @@ +module RailsEngine + class User + table_name :user + end +end diff --git a/test/rails_app/rails_engine/app/views/layouts/rails_engine/application.html.erb b/test/rails_app/rails_engine/app/views/layouts/rails_engine/application.html.erb new file mode 100644 index 0000000000..d78fccfb1e --- /dev/null +++ b/test/rails_app/rails_engine/app/views/layouts/rails_engine/application.html.erb @@ -0,0 +1,14 @@ + + + + RailsEngine + <%= stylesheet_link_tag "rails_engine/application", media: "all" %> + <%= javascript_include_tag "rails_engine/application" %> + <%= csrf_meta_tags %> + + + +<%= yield %> + + + diff --git a/test/rails_app/rails_engine/bin/rails b/test/rails_app/rails_engine/bin/rails new file mode 100755 index 0000000000..258ac12814 --- /dev/null +++ b/test/rails_app/rails_engine/bin/rails @@ -0,0 +1,8 @@ +#!/usr/bin/env ruby +# This command will automatically be run when you run "rails" with Rails 4 gems installed from the root of your application. + +ENGINE_ROOT = File.expand_path('../..', __FILE__) +ENGINE_PATH = File.expand_path('../../lib/rails_engine/engine', __FILE__) + +require 'rails/all' +require 'rails/engine/commands' diff --git a/test/rails_app/rails_engine/config/routes.rb b/test/rails_app/rails_engine/config/routes.rb new file mode 100644 index 0000000000..65ca86056f --- /dev/null +++ b/test/rails_app/rails_engine/config/routes.rb @@ -0,0 +1,5 @@ +RailsEngine::Engine.routes.draw do + # devise_for :engine_users, class_name: RailsEngine::User + + # devise_for :engine_users_with_router_name, router_name: :rails_engine +end diff --git a/test/rails_app/rails_engine/lib/rails_engine.rb b/test/rails_app/rails_engine/lib/rails_engine.rb new file mode 100644 index 0000000000..45ab5d5201 --- /dev/null +++ b/test/rails_app/rails_engine/lib/rails_engine.rb @@ -0,0 +1,4 @@ +require "rails_engine/engine" + +module RailsEngine +end diff --git a/test/rails_app/rails_engine/lib/rails_engine/engine.rb b/test/rails_app/rails_engine/lib/rails_engine/engine.rb new file mode 100644 index 0000000000..f73fea4527 --- /dev/null +++ b/test/rails_app/rails_engine/lib/rails_engine/engine.rb @@ -0,0 +1,5 @@ +module RailsEngine + class Engine < ::Rails::Engine + isolate_namespace RailsEngine + end +end diff --git a/test/rails_app/rails_engine/lib/rails_engine/version.rb b/test/rails_app/rails_engine/lib/rails_engine/version.rb new file mode 100644 index 0000000000..ef5d8b720a --- /dev/null +++ b/test/rails_app/rails_engine/lib/rails_engine/version.rb @@ -0,0 +1,3 @@ +module RailsEngine + VERSION = "0.0.1" +end diff --git a/test/rails_app/rails_engine/lib/tasks/rails_engine_tasks.rake b/test/rails_app/rails_engine/lib/tasks/rails_engine_tasks.rake new file mode 100644 index 0000000000..c179de9d9c --- /dev/null +++ b/test/rails_app/rails_engine/lib/tasks/rails_engine_tasks.rake @@ -0,0 +1,4 @@ +# desc "Explaining what the task does" +# task :rails_engine do +# # Task goes here +# end diff --git a/test/rails_app/rails_engine/rails_engine.gemspec b/test/rails_app/rails_engine/rails_engine.gemspec new file mode 100644 index 0000000000..b5c65758c0 --- /dev/null +++ b/test/rails_app/rails_engine/rails_engine.gemspec @@ -0,0 +1,16 @@ +$:.push File.expand_path("../lib", __FILE__) + +# Maintain your gem's version: +require "rails_engine/version" + +# Describe your gem and declare its dependencies: +Gem::Specification.new do |s| + s.name = "rails_engine" + s.version = RailsEngine::VERSION + s.summary = "Engine route testing." + s.authors = "David Henry" + + s.files = Dir["{app,config,db,lib}/**/*", "MIT-LICENSE", "Rakefile"] + + s.add_dependency "rails" +end From 2d3ca4dc31f7c6edf531d0e64c7c44ac176bab59 Mon Sep 17 00:00:00 2001 From: David Henry Date: Mon, 5 May 2014 23:50:26 +0100 Subject: [PATCH 0480/1473] get everything working with the engine included and devise routes declared within it. --- Gemfile.lock | 1 + test/rails_app/rails_engine/app/models/rails_engine/user.rb | 4 ++-- test/rails_app/rails_engine/config/routes.rb | 2 +- test/rails_app/rails_engine/lib/rails_engine/engine.rb | 1 + test/rails_app/rails_engine/rails_engine.gemspec | 1 + 5 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 3582c65965..6e8369fc3d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -23,6 +23,7 @@ PATH remote: test/rails_app/rails_engine specs: rails_engine (0.0.1) + devise rails GEM diff --git a/test/rails_app/rails_engine/app/models/rails_engine/user.rb b/test/rails_app/rails_engine/app/models/rails_engine/user.rb index 846acf9bf4..f97fcc8d68 100644 --- a/test/rails_app/rails_engine/app/models/rails_engine/user.rb +++ b/test/rails_app/rails_engine/app/models/rails_engine/user.rb @@ -1,5 +1,5 @@ module RailsEngine - class User - table_name :user + class User < ActiveRecord::Base + self.table_name = :user end end diff --git a/test/rails_app/rails_engine/config/routes.rb b/test/rails_app/rails_engine/config/routes.rb index 65ca86056f..f0145199ea 100644 --- a/test/rails_app/rails_engine/config/routes.rb +++ b/test/rails_app/rails_engine/config/routes.rb @@ -1,5 +1,5 @@ RailsEngine::Engine.routes.draw do - # devise_for :engine_users, class_name: RailsEngine::User + devise_for :engine_users, class_name: 'RailsEngine::User' # devise_for :engine_users_with_router_name, router_name: :rails_engine end diff --git a/test/rails_app/rails_engine/lib/rails_engine/engine.rb b/test/rails_app/rails_engine/lib/rails_engine/engine.rb index f73fea4527..c2503961c9 100644 --- a/test/rails_app/rails_engine/lib/rails_engine/engine.rb +++ b/test/rails_app/rails_engine/lib/rails_engine/engine.rb @@ -1,3 +1,4 @@ +require 'devise' module RailsEngine class Engine < ::Rails::Engine isolate_namespace RailsEngine diff --git a/test/rails_app/rails_engine/rails_engine.gemspec b/test/rails_app/rails_engine/rails_engine.gemspec index b5c65758c0..8ce0a3e6e7 100644 --- a/test/rails_app/rails_engine/rails_engine.gemspec +++ b/test/rails_app/rails_engine/rails_engine.gemspec @@ -13,4 +13,5 @@ Gem::Specification.new do |s| s.files = Dir["{app,config,db,lib}/**/*", "MIT-LICENSE", "Rakefile"] s.add_dependency "rails" + s.add_dependency "devise" end From ceafc710ef2e412161d2377b52eab9135bc972b3 Mon Sep 17 00:00:00 2001 From: David Henry Date: Tue, 6 May 2014 00:56:58 +0100 Subject: [PATCH 0481/1473] Start adding tests to the engine routing tests. --- test/integration/confirmable_test.rb | 21 +++++++++++++++++++ .../app/models/rails_engine/user.rb | 6 +++++- test/rails_app/rails_engine/config/routes.rb | 11 ++++++++-- 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index ee3fe19e66..a7049cf0c3 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -47,6 +47,27 @@ def resend_confirmation assert_have_selector '#error_explanation' assert_contain /needs to be confirmed within 3 days/ assert_not user.reload.confirmed? + assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}" + end + end + + test 'user with valid confirmation token where the token has expired and the mapping is in the non-default engine it should raise an error' do + swap Devise, confirm_within: 3.days do + user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) + + assert_raise ActionView::Template::Error do + visit rails_engine.without_router_confirmation_path(confirmation_token: user.raw_confirmation_token) + end + end + end + + test 'user with valid confirmation token where the token has expired and the mapping is in the non-default engine and a router_name has been specified it should not raise an error' do + swap Devise, confirm_within: 3.days do + user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) + + visit rails_engine.with_router_confirmation_path(confirmation_token: user.raw_confirmation_token) + + assert_current_url "/rails_engine/with_router/confirmation?confirmation_token=#{user.raw_confirmation_token}" end end diff --git a/test/rails_app/rails_engine/app/models/rails_engine/user.rb b/test/rails_app/rails_engine/app/models/rails_engine/user.rb index f97fcc8d68..e60087ff38 100644 --- a/test/rails_app/rails_engine/app/models/rails_engine/user.rb +++ b/test/rails_app/rails_engine/app/models/rails_engine/user.rb @@ -1,5 +1,9 @@ module RailsEngine class User < ActiveRecord::Base - self.table_name = :user + self.table_name = :users + + devise :database_authenticatable, :confirmable, :lockable, :recoverable, + :registerable, :rememberable, :timeoutable, + :trackable, :validatable end end diff --git a/test/rails_app/rails_engine/config/routes.rb b/test/rails_app/rails_engine/config/routes.rb index f0145199ea..d36a42461a 100644 --- a/test/rails_app/rails_engine/config/routes.rb +++ b/test/rails_app/rails_engine/config/routes.rb @@ -1,5 +1,12 @@ RailsEngine::Engine.routes.draw do - devise_for :engine_users, class_name: 'RailsEngine::User' + devise_for :without_router, + class_name: 'RailsEngine::User', + module: :devise - # devise_for :engine_users_with_router_name, router_name: :rails_engine + devise_for :with_router, + class_name: 'RailsEngine::User', + router_name: :rails_engine, + module: :devise + + root to: 'with_router#index' end From b5da4e82d05207f478ac49a82c574e3cb1e19da7 Mon Sep 17 00:00:00 2001 From: David Henry Date: Tue, 6 May 2014 23:07:24 +0100 Subject: [PATCH 0482/1473] Add full tests around confirmation when using devise_for with router_name --- test/integration/confirmable_test.rb | 32 ++++++++++++++++++- .../user_without_confirmation.rb | 14 ++++++++ test/rails_app/config/routes.rb | 5 +++ .../app/models/rails_engine/user.rb | 5 +++ test/support/integration.rb | 16 ++++++++++ 5 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 test/rails_app/app/active_record/user_without_confirmation.rb diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index a7049cf0c3..6b72980fa7 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -61,7 +61,7 @@ def resend_confirmation end end - test 'user with valid confirmation token where the token has expired and the mapping is in the non-default engine and a router_name has been specified it should not raise an error' do + test 'user with valid confirmation token where the token has expired and the mapping is in the non-default engine and a router_name has been specified it returns the confirmation path' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) @@ -71,6 +71,36 @@ def resend_confirmation end end + test 'user with valid confirmation token where the token has expired and the mapping is in the non-default engine and the application router points to that engine it returns the path' do + swap Devise, confirm_within: 3.days, router_name: :rails_engine do + user = create_engine_user(confirm: false, confirmation_sent_at: 4.days.ago) + visit rails_engine.without_router_confirmation_path(confirmation_token: user.raw_confirmation_token) + + assert_current_url "/rails_engine/without_router/confirmation?confirmation_token=#{user.raw_confirmation_token}" + end + end + + test 'user with valid confirmation token where the token has expired and the mapping is in the main app and the application router points at the engine it raises an error' do + swap Devise, confirm_within: 3.days, router_name: :rails_engine do + user = create_engine_user(confirm: false, confirmation_sent_at: 4.days.ago) + + assert_raise ActionView::Template::Error do + visit_user_confirmation_with_token(user.raw_confirmation_token) + end + end + end + + test 'user with valid confirmation token where the token has expired and the mapping points to the main app and the application router points at the engine it returns the path' do + user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) + + swap Devise, confirm_within: 3.days, router_name: :rails_engine do + visit user_with_router_confirmation_path(confirmation_token: user.raw_confirmation_token) + + assert_current_url "/user_with_routers/confirmation?confirmation_token=#{user.raw_confirmation_token}" + end + end + + test 'user with valid confirmation token should be able to confirm an account before the token has expired' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 2.days.ago) diff --git a/test/rails_app/app/active_record/user_without_confirmation.rb b/test/rails_app/app/active_record/user_without_confirmation.rb new file mode 100644 index 0000000000..58ac544ff5 --- /dev/null +++ b/test/rails_app/app/active_record/user_without_confirmation.rb @@ -0,0 +1,14 @@ +require 'shared_user' + +class UserWithoutConfirmation < ActiveRecord::Base + self.table_name = 'users' + include Shim + + devise :database_authenticatable, :confirmable, :lockable, :recoverable, + :registerable, :rememberable, :timeoutable, + :trackable, :validatable + + def raw_confirmation_token + @raw_confirmation_token + end +end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 136f0418e4..4384d9aa2c 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -22,6 +22,11 @@ # Users scope devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" } + devise_for :user_with_routers, + class_name: 'UserWithoutConfirmation', + router_name: :main_app, + module: :devise + as :user do get "/as/sign_in", to: "devise/sessions#new" end diff --git a/test/rails_app/rails_engine/app/models/rails_engine/user.rb b/test/rails_app/rails_engine/app/models/rails_engine/user.rb index e60087ff38..03c8ebfed6 100644 --- a/test/rails_app/rails_engine/app/models/rails_engine/user.rb +++ b/test/rails_app/rails_engine/app/models/rails_engine/user.rb @@ -5,5 +5,10 @@ class User < ActiveRecord::Base devise :database_authenticatable, :confirmable, :lockable, :recoverable, :registerable, :rememberable, :timeoutable, :trackable, :validatable + + def raw_confirmation_token + @raw_confirmation_token + end + end end diff --git a/test/support/integration.rb b/test/support/integration.rb index 245b0e4256..d16cc65ed4 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -21,6 +21,22 @@ def create_user(options={}) end end + def create_engine_user(options={}) + @user ||= begin + user = RailsEngine::User.create!( + username: 'usertest', + email: options[:email] || 'user@test.com', + password: options[:password] || '12345678', + password_confirmation: options[:password] || '12345678', + created_at: Time.now.utc + ) + user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at] + user.confirm! unless options[:confirm] == false + user.lock_access! if options[:locked] == true + user + end + end + def create_admin(options={}) @admin ||= begin admin = Admin.create!( From bec913fc07168b3767430b6e6cd2c1f66bbdeec0 Mon Sep 17 00:00:00 2001 From: David Henry Date: Tue, 6 May 2014 23:31:59 +0100 Subject: [PATCH 0483/1473] Clean up the code. --- lib/devise.rb | 1 - lib/devise/routing_details.rb | 12 ------------ .../app/active_record/user_without_confirmation.rb | 11 ++--------- test/rails_app/lib/shared_user_without_omniauth.rb | 13 +++++++++++++ test/rails_app/rails_engine/Rakefile | 6 +----- .../rails_engine/app/models/rails_engine/user.rb | 12 +++--------- 6 files changed, 19 insertions(+), 36 deletions(-) delete mode 100644 lib/devise/routing_details.rb create mode 100644 test/rails_app/lib/shared_user_without_omniauth.rb diff --git a/lib/devise.rb b/lib/devise.rb index da3bab0729..2b99d923e4 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -489,7 +489,6 @@ def self.secure_compare(a, b) end require 'warden' -require 'devise/routing_details' require 'devise/mapping' require 'devise/models' require 'devise/modules' diff --git a/lib/devise/routing_details.rb b/lib/devise/routing_details.rb deleted file mode 100644 index b53b7d813d..0000000000 --- a/lib/devise/routing_details.rb +++ /dev/null @@ -1,12 +0,0 @@ -module Devise - # This is a data transfer object to avoid coupling between - # Devive::Mapping and the rest of the application. - class RoutingDetails - attr_reader :scope, :router_name - - def initialize(mapping) - @scope = mapping.name - @router_name = mapping.router_name - end - end -end diff --git a/test/rails_app/app/active_record/user_without_confirmation.rb b/test/rails_app/app/active_record/user_without_confirmation.rb index 58ac544ff5..974bca13b7 100644 --- a/test/rails_app/app/active_record/user_without_confirmation.rb +++ b/test/rails_app/app/active_record/user_without_confirmation.rb @@ -1,14 +1,7 @@ -require 'shared_user' +require 'shared_user_without_omniauth' class UserWithoutConfirmation < ActiveRecord::Base self.table_name = 'users' include Shim - - devise :database_authenticatable, :confirmable, :lockable, :recoverable, - :registerable, :rememberable, :timeoutable, - :trackable, :validatable - - def raw_confirmation_token - @raw_confirmation_token - end + include SharedUserWithoutOmniauth end diff --git a/test/rails_app/lib/shared_user_without_omniauth.rb b/test/rails_app/lib/shared_user_without_omniauth.rb new file mode 100644 index 0000000000..df145e3506 --- /dev/null +++ b/test/rails_app/lib/shared_user_without_omniauth.rb @@ -0,0 +1,13 @@ +module SharedUserWithoutOmniauth + extend ActiveSupport::Concern + + included do + devise :database_authenticatable, :confirmable, :lockable, :recoverable, + :registerable, :rememberable, :timeoutable, + :trackable, :validatable + end + + def raw_confirmation_token + @raw_confirmation_token + end +end diff --git a/test/rails_app/rails_engine/Rakefile b/test/rails_app/rails_engine/Rakefile index 834f9e763a..e97c2e3db9 100644 --- a/test/rails_app/rails_engine/Rakefile +++ b/test/rails_app/rails_engine/Rakefile @@ -6,8 +6,4 @@ end load 'rails/tasks/engine.rake' - - -Bundler::GemHelper.install_tasks - - +Bundler::GemHelper.install_tasks \ No newline at end of file diff --git a/test/rails_app/rails_engine/app/models/rails_engine/user.rb b/test/rails_app/rails_engine/app/models/rails_engine/user.rb index 03c8ebfed6..a9cb6fdede 100644 --- a/test/rails_app/rails_engine/app/models/rails_engine/user.rb +++ b/test/rails_app/rails_engine/app/models/rails_engine/user.rb @@ -1,14 +1,8 @@ +require 'shared_user_without_omniauth' + module RailsEngine class User < ActiveRecord::Base self.table_name = :users - - devise :database_authenticatable, :confirmable, :lockable, :recoverable, - :registerable, :rememberable, :timeoutable, - :trackable, :validatable - - def raw_confirmation_token - @raw_confirmation_token - end - + include SharedUserWithoutOmniauth end end From 53504f7e28fe1db845304614d4fd006925c713b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Paca=C5=82a?= Date: Wed, 7 May 2014 08:50:21 +0200 Subject: [PATCH 0484/1473] Generate inet columns for postgresql --- lib/generators/active_record/devise_generator.rb | 13 +++++++++++-- test/generators/active_record_generator_test.rb | 6 ++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 2d74d3f571..e1d8ce33e9 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -53,8 +53,8 @@ def migration_data t.integer :sign_in_count, default: 0, null: false t.datetime :current_sign_in_at t.datetime :last_sign_in_at - t.string :current_sign_in_ip - t.string :last_sign_in_ip + t.#{ip_column} :current_sign_in_ip + t.#{ip_column} :last_sign_in_ip ## Confirmable # t.string :confirmation_token @@ -68,6 +68,15 @@ def migration_data # t.datetime :locked_at RUBY end + + def ip_column + # Padded with spaces so it aligns nicely with the rest of the columns. + "%-8s" % (postgresql? ? "inet" : "string") + end + + def postgresql? + ActiveRecord::Base.connection.adapter_name.downcase == "postgresql" + end end end end diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 885e8ad7ea..e032bd9bdf 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -37,6 +37,12 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase assert_no_file "app/models/monster.rb" assert_no_migration "db/migrate/devise_create_monsters.rb" end + + test "use string column type for ip addresses" do + run_generator %w(monster) + assert_migration "db/migrate/devise_create_monsters.rb", /t.string :current_sign_in_ip/ + assert_migration "db/migrate/devise_create_monsters.rb", /t.string :last_sign_in_ip/ + end end module RailsEngine From fa1a8647313e0e69e5d88f3424cf30a8aa33b716 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Paca=C5=82a?= Date: Wed, 7 May 2014 09:18:10 +0200 Subject: [PATCH 0485/1473] Generate inet columns for Rails 4 only --- lib/generators/active_record/devise_generator.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index e1d8ce33e9..e4b66f085f 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -71,7 +71,11 @@ def migration_data def ip_column # Padded with spaces so it aligns nicely with the rest of the columns. - "%-8s" % (postgresql? ? "inet" : "string") + "%-8s" % (inet? ? "inet" : "string") + end + + def inet? + Devise.rails4? && postgresql? end def postgresql? From a2376d6ca19372acad9e7d63cefbe1bc286b23bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Paca=C5=82a?= Date: Wed, 7 May 2014 22:17:40 +0200 Subject: [PATCH 0486/1473] Fix Rails 4 detection --- lib/generators/active_record/devise_generator.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index e4b66f085f..2ab56b3fc2 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -75,7 +75,11 @@ def ip_column end def inet? - Devise.rails4? && postgresql? + rails4? && postgresql? + end + + def rails4? + Rails.version.start_with? '4' end def postgresql? From 916e1d8da9f616c99e559176e5fb40a428256c7c Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 7 May 2014 18:50:50 -0300 Subject: [PATCH 0487/1473] No need for instance vars on these tests --- test/devise_test.rb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/test/devise_test.rb b/test/devise_test.rb index ec726b83c1..81486c9e9f 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -42,31 +42,31 @@ class DeviseTest < ActiveSupport::TestCase test 'warden manager user configuration through a block' do Devise.yield_and_restore do - @executed = false + executed = false Devise.warden do |config| - @executed = true + executed = true assert_kind_of Warden::Config, config end Devise.configure_warden! - assert @executed + assert executed end end test 'warden manager user configuration through multiple blocks' do Devise.yield_and_restore do - @first_executed = false - @second_executed = false + first_executed = false + second_executed = false Devise.warden do |config| - @first_executed = true + first_executed = true end Devise.warden do |config| - @second_executed = true + second_executed = true end Devise.configure_warden! - assert @first_executed - assert @second_executed + assert first_executed + assert second_executed end end From 6129215afecc0b3628e0d46f5253f89e2a862c6b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 7 May 2014 18:53:09 -0300 Subject: [PATCH 0488/1473] Simplify test that verifies multiple warden blocks --- test/devise_test.rb | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/test/devise_test.rb b/test/devise_test.rb index 81486c9e9f..09f9aa9383 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -55,18 +55,14 @@ class DeviseTest < ActiveSupport::TestCase test 'warden manager user configuration through multiple blocks' do Devise.yield_and_restore do - first_executed = false - second_executed = false - Devise.warden do |config| - first_executed = true - end - Devise.warden do |config| - second_executed = true + executed = 0 + + 3.times do + Devise.warden { |config| executed += 1 } end Devise.configure_warden! - assert first_executed - assert second_executed + assert_equal 3, executed end end From 426560a4db59e9a9d5744197bae9aca7effff885 Mon Sep 17 00:00:00 2001 From: David Henry Date: Thu, 8 May 2014 00:46:19 +0100 Subject: [PATCH 0489/1473] Attempt without adding engine to application --- Gemfile | 1 - Gemfile.lock | 8 -- test/integration/confirmable_test.rb | 46 +++------- ...hout_confirmation.rb => user_on_engine.rb} | 2 +- .../app/active_record/user_on_main_app.rb | 7 ++ .../app/controllers/application_controller.rb | 1 + .../application_with_fake_engine.rb | 28 ++++++ test/rails_app/config/application.rb | 1 - test/rails_app/config/initializers/devise.rb | 2 + test/rails_app/config/routes.rb | 11 ++- test/rails_app/rails_engine/Gemfile | 5 -- test/rails_app/rails_engine/Gemfile.lock | 86 ------------------- test/rails_app/rails_engine/Rakefile | 9 -- .../rails_engine/application_controller.rb | 4 - .../app/models/rails_engine/user.rb | 8 -- .../layouts/rails_engine/application.html.erb | 14 --- test/rails_app/rails_engine/bin/rails | 8 -- test/rails_app/rails_engine/config/routes.rb | 12 --- .../rails_engine/lib/rails_engine.rb | 4 - .../rails_engine/lib/rails_engine/engine.rb | 6 -- .../rails_engine/lib/rails_engine/version.rb | 3 - .../lib/tasks/rails_engine_tasks.rake | 4 - .../rails_engine/rails_engine.gemspec | 17 ---- test/support/integration.rb | 16 ---- 24 files changed, 59 insertions(+), 244 deletions(-) rename test/rails_app/app/active_record/{user_without_confirmation.rb => user_on_engine.rb} (70%) create mode 100644 test/rails_app/app/active_record/user_on_main_app.rb create mode 100644 test/rails_app/app/controllers/application_with_fake_engine.rb delete mode 100644 test/rails_app/rails_engine/Gemfile delete mode 100644 test/rails_app/rails_engine/Gemfile.lock delete mode 100644 test/rails_app/rails_engine/Rakefile delete mode 100644 test/rails_app/rails_engine/app/controllers/rails_engine/application_controller.rb delete mode 100644 test/rails_app/rails_engine/app/models/rails_engine/user.rb delete mode 100644 test/rails_app/rails_engine/app/views/layouts/rails_engine/application.html.erb delete mode 100755 test/rails_app/rails_engine/bin/rails delete mode 100644 test/rails_app/rails_engine/config/routes.rb delete mode 100644 test/rails_app/rails_engine/lib/rails_engine.rb delete mode 100644 test/rails_app/rails_engine/lib/rails_engine/engine.rb delete mode 100644 test/rails_app/rails_engine/lib/rails_engine/version.rb delete mode 100644 test/rails_app/rails_engine/lib/tasks/rails_engine_tasks.rake delete mode 100644 test/rails_app/rails_engine/rails_engine.gemspec diff --git a/Gemfile b/Gemfile index e6d6fe8aa7..85667cc88a 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,6 @@ group :test do gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.0.0", require: false - gemspec path: "test/rails_app/rails_engine" end platforms :jruby do diff --git a/Gemfile.lock b/Gemfile.lock index bc7dfb89c0..52518b52aa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,13 +19,6 @@ PATH thread_safe (~> 0.1) warden (~> 1.2.3) -PATH - remote: test/rails_app/rails_engine - specs: - rails_engine (0.0.1) - devise - rails - GEM remote: https://rubygems.org/ specs: @@ -175,7 +168,6 @@ DEPENDENCIES omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) rails (~> 4.1.0) - rails_engine! rdoc sqlite3 webrat (= 0.7.3) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 6b72980fa7..d04b00c98a 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -51,56 +51,36 @@ def resend_confirmation end end - test 'user with valid confirmation token where the token has expired and the mapping is in the non-default engine it should raise an error' do - swap Devise, confirm_within: 3.days do - user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) + test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine it should raise an error' do + user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) + swap Devise, confirm_within: 3.days, router_name: :fake_engine do assert_raise ActionView::Template::Error do - visit rails_engine.without_router_confirmation_path(confirmation_token: user.raw_confirmation_token) + visit_user_confirmation_with_token(user.raw_confirmation_token) end end end - test 'user with valid confirmation token where the token has expired and the mapping is in the non-default engine and a router_name has been specified it returns the confirmation path' do - swap Devise, confirm_within: 3.days do - user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) - - visit rails_engine.with_router_confirmation_path(confirmation_token: user.raw_confirmation_token) - - assert_current_url "/rails_engine/with_router/confirmation?confirmation_token=#{user.raw_confirmation_token}" - end - end - - test 'user with valid confirmation token where the token has expired and the mapping is in the non-default engine and the application router points to that engine it returns the path' do - swap Devise, confirm_within: 3.days, router_name: :rails_engine do - user = create_engine_user(confirm: false, confirmation_sent_at: 4.days.ago) - visit rails_engine.without_router_confirmation_path(confirmation_token: user.raw_confirmation_token) - - assert_current_url "/rails_engine/without_router/confirmation?confirmation_token=#{user.raw_confirmation_token}" - end - end + test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine and route overrides back to main it shows the path' do + user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) - test 'user with valid confirmation token where the token has expired and the mapping is in the main app and the application router points at the engine it raises an error' do - swap Devise, confirm_within: 3.days, router_name: :rails_engine do - user = create_engine_user(confirm: false, confirmation_sent_at: 4.days.ago) + swap Devise, confirm_within: 3.days, router_name: :fake_engine do + visit user_on_main_app_confirmation_path(confirmation_token: user.raw_confirmation_token) - assert_raise ActionView::Template::Error do - visit_user_confirmation_with_token(user.raw_confirmation_token) - end + assert_current_url "/user_on_main_apps/confirmation?confirmation_token=#{user.raw_confirmation_token}" end end - test 'user with valid confirmation token where the token has expired and the mapping points to the main app and the application router points at the engine it returns the path' do + test 'user with valid confirmation token where the token has expired with router overrides different engine it shows the path' do user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) - swap Devise, confirm_within: 3.days, router_name: :rails_engine do - visit user_with_router_confirmation_path(confirmation_token: user.raw_confirmation_token) + swap Devise, confirm_within: 3.days do + visit user_on_engine_confirmation_path(confirmation_token: user.raw_confirmation_token) - assert_current_url "/user_with_routers/confirmation?confirmation_token=#{user.raw_confirmation_token}" + assert_current_url "/user_on_engines/confirmation?confirmation_token=#{user.raw_confirmation_token}" end end - test 'user with valid confirmation token should be able to confirm an account before the token has expired' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 2.days.ago) diff --git a/test/rails_app/app/active_record/user_without_confirmation.rb b/test/rails_app/app/active_record/user_on_engine.rb similarity index 70% rename from test/rails_app/app/active_record/user_without_confirmation.rb rename to test/rails_app/app/active_record/user_on_engine.rb index 974bca13b7..21eb305015 100644 --- a/test/rails_app/app/active_record/user_without_confirmation.rb +++ b/test/rails_app/app/active_record/user_on_engine.rb @@ -1,6 +1,6 @@ require 'shared_user_without_omniauth' -class UserWithoutConfirmation < ActiveRecord::Base +class UserOnEngine < ActiveRecord::Base self.table_name = 'users' include Shim include SharedUserWithoutOmniauth diff --git a/test/rails_app/app/active_record/user_on_main_app.rb b/test/rails_app/app/active_record/user_on_main_app.rb new file mode 100644 index 0000000000..54ef1f8048 --- /dev/null +++ b/test/rails_app/app/active_record/user_on_main_app.rb @@ -0,0 +1,7 @@ +require 'shared_user_without_omniauth' + +class UserOnMainApp < ActiveRecord::Base + self.table_name = 'users' + include Shim + include SharedUserWithoutOmniauth +end diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb index a3153ffa0d..d5a2609018 100644 --- a/test/rails_app/app/controllers/application_controller.rb +++ b/test/rails_app/app/controllers/application_controller.rb @@ -7,3 +7,4 @@ class ApplicationController < ActionController::Base before_filter :authenticate_user!, if: :devise_controller? respond_to *Mime::SET.map(&:to_sym) end + diff --git a/test/rails_app/app/controllers/application_with_fake_engine.rb b/test/rails_app/app/controllers/application_with_fake_engine.rb new file mode 100644 index 0000000000..3f60c54d04 --- /dev/null +++ b/test/rails_app/app/controllers/application_with_fake_engine.rb @@ -0,0 +1,28 @@ +class ApplicationWithFakeEngine < ApplicationController + helper_method :fake_engine + def fake_engine + @fake_engine ||= FakeEngine.new + end +end + +class FakeEngine + def user_on_engine_confirmation_path + '/user_on_engine/confirmation' + end + + def new_user_on_engine_session_path + '/user_on_engine/confirmation/new' + end + + def new_user_on_engine_registration_path + '/user_on_engine/registration/new' + end + + def new_user_on_engine_password_path + '/user_on_engine/password/new' + end + + def new_user_on_engine_unlock_path + '/user_on_engine/unlock/new' + end +end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index fb60bae76c..91c75cb942 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -12,7 +12,6 @@ end require "devise" -require "rails_engine" module RailsApp class Application < Rails::Application diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 81d7a24881..1f99480250 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -12,6 +12,8 @@ # note that it will be overwritten if you use your own mailer class with default "from" parameter. config.mailer_sender = "please-change-me@config-initializers-devise.com" + + config.parent_controller = "ApplicationWithFakeEngine" # Configure the class responsible to send e-mails. # config.mailer = "Devise::Mailer" diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 4384d9aa2c..7438114b7d 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -1,6 +1,4 @@ Rails.application.routes.draw do - mount RailsEngine::Engine => '/rails_engine', as: 'rails_engine' - # Resources for testing resources :users, only: [:index] do member do @@ -22,11 +20,16 @@ # Users scope devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" } - devise_for :user_with_routers, - class_name: 'UserWithoutConfirmation', + devise_for :user_on_main_apps, + class_name: 'UserOnMainApp', router_name: :main_app, module: :devise + devise_for :user_on_engines, + class_name: 'UserOnEngine', + router_name: :fake_engine, + module: :devise + as :user do get "/as/sign_in", to: "devise/sessions#new" end diff --git a/test/rails_app/rails_engine/Gemfile b/test/rails_app/rails_engine/Gemfile deleted file mode 100644 index 7e2c3dff76..0000000000 --- a/test/rails_app/rails_engine/Gemfile +++ /dev/null @@ -1,5 +0,0 @@ -source "https://rubygems.org" - -gemspec - - diff --git a/test/rails_app/rails_engine/Gemfile.lock b/test/rails_app/rails_engine/Gemfile.lock deleted file mode 100644 index aecb5fa0c0..0000000000 --- a/test/rails_app/rails_engine/Gemfile.lock +++ /dev/null @@ -1,86 +0,0 @@ -PATH - remote: . - specs: - rails_engine (0.0.1) - rails (~> 4.0.0) - -GEM - remote: https://rubygems.org/ - specs: - actionmailer (4.0.4) - actionpack (= 4.0.4) - mail (~> 2.5.4) - actionpack (4.0.4) - activesupport (= 4.0.4) - builder (~> 3.1.0) - erubis (~> 2.7.0) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - activemodel (4.0.4) - activesupport (= 4.0.4) - builder (~> 3.1.0) - activerecord (4.0.4) - activemodel (= 4.0.4) - activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.4) - arel (~> 4.0.0) - activerecord-deprecated_finders (1.0.3) - activesupport (4.0.4) - i18n (~> 0.6, >= 0.6.9) - minitest (~> 4.2) - multi_json (~> 1.3) - thread_safe (~> 0.1) - tzinfo (~> 0.3.37) - arel (4.0.2) - builder (3.1.4) - erubis (2.7.0) - hike (1.2.3) - i18n (0.6.9) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) - mime-types (1.25.1) - minitest (4.7.5) - multi_json (1.9.3) - polyglot (0.3.4) - rack (1.5.2) - rack-test (0.6.2) - rack (>= 1.0) - rails (4.0.4) - actionmailer (= 4.0.4) - actionpack (= 4.0.4) - activerecord (= 4.0.4) - activesupport (= 4.0.4) - bundler (>= 1.3.0, < 2.0) - railties (= 4.0.4) - sprockets-rails (~> 2.0.0) - railties (4.0.4) - actionpack (= 4.0.4) - activesupport (= 4.0.4) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (10.3.1) - sprockets (2.12.1) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.0.1) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (~> 2.8) - sqlite3 (1.3.9) - thor (0.19.1) - thread_safe (0.3.3) - tilt (1.4.1) - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.39) - -PLATFORMS - ruby - -DEPENDENCIES - rails_engine! - sqlite3 diff --git a/test/rails_app/rails_engine/Rakefile b/test/rails_app/rails_engine/Rakefile deleted file mode 100644 index e97c2e3db9..0000000000 --- a/test/rails_app/rails_engine/Rakefile +++ /dev/null @@ -1,9 +0,0 @@ -begin - require 'bundler/setup' -rescue LoadError - puts 'You must `gem install bundler` and `bundle install` to run rake tasks' -end - -load 'rails/tasks/engine.rake' - -Bundler::GemHelper.install_tasks \ No newline at end of file diff --git a/test/rails_app/rails_engine/app/controllers/rails_engine/application_controller.rb b/test/rails_app/rails_engine/app/controllers/rails_engine/application_controller.rb deleted file mode 100644 index 249809d88e..0000000000 --- a/test/rails_app/rails_engine/app/controllers/rails_engine/application_controller.rb +++ /dev/null @@ -1,4 +0,0 @@ -module RailsEngine - class ApplicationController < ActionController::Base - end -end diff --git a/test/rails_app/rails_engine/app/models/rails_engine/user.rb b/test/rails_app/rails_engine/app/models/rails_engine/user.rb deleted file mode 100644 index a9cb6fdede..0000000000 --- a/test/rails_app/rails_engine/app/models/rails_engine/user.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'shared_user_without_omniauth' - -module RailsEngine - class User < ActiveRecord::Base - self.table_name = :users - include SharedUserWithoutOmniauth - end -end diff --git a/test/rails_app/rails_engine/app/views/layouts/rails_engine/application.html.erb b/test/rails_app/rails_engine/app/views/layouts/rails_engine/application.html.erb deleted file mode 100644 index d78fccfb1e..0000000000 --- a/test/rails_app/rails_engine/app/views/layouts/rails_engine/application.html.erb +++ /dev/null @@ -1,14 +0,0 @@ - - - - RailsEngine - <%= stylesheet_link_tag "rails_engine/application", media: "all" %> - <%= javascript_include_tag "rails_engine/application" %> - <%= csrf_meta_tags %> - - - -<%= yield %> - - - diff --git a/test/rails_app/rails_engine/bin/rails b/test/rails_app/rails_engine/bin/rails deleted file mode 100755 index 258ac12814..0000000000 --- a/test/rails_app/rails_engine/bin/rails +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env ruby -# This command will automatically be run when you run "rails" with Rails 4 gems installed from the root of your application. - -ENGINE_ROOT = File.expand_path('../..', __FILE__) -ENGINE_PATH = File.expand_path('../../lib/rails_engine/engine', __FILE__) - -require 'rails/all' -require 'rails/engine/commands' diff --git a/test/rails_app/rails_engine/config/routes.rb b/test/rails_app/rails_engine/config/routes.rb deleted file mode 100644 index d36a42461a..0000000000 --- a/test/rails_app/rails_engine/config/routes.rb +++ /dev/null @@ -1,12 +0,0 @@ -RailsEngine::Engine.routes.draw do - devise_for :without_router, - class_name: 'RailsEngine::User', - module: :devise - - devise_for :with_router, - class_name: 'RailsEngine::User', - router_name: :rails_engine, - module: :devise - - root to: 'with_router#index' -end diff --git a/test/rails_app/rails_engine/lib/rails_engine.rb b/test/rails_app/rails_engine/lib/rails_engine.rb deleted file mode 100644 index 45ab5d5201..0000000000 --- a/test/rails_app/rails_engine/lib/rails_engine.rb +++ /dev/null @@ -1,4 +0,0 @@ -require "rails_engine/engine" - -module RailsEngine -end diff --git a/test/rails_app/rails_engine/lib/rails_engine/engine.rb b/test/rails_app/rails_engine/lib/rails_engine/engine.rb deleted file mode 100644 index c2503961c9..0000000000 --- a/test/rails_app/rails_engine/lib/rails_engine/engine.rb +++ /dev/null @@ -1,6 +0,0 @@ -require 'devise' -module RailsEngine - class Engine < ::Rails::Engine - isolate_namespace RailsEngine - end -end diff --git a/test/rails_app/rails_engine/lib/rails_engine/version.rb b/test/rails_app/rails_engine/lib/rails_engine/version.rb deleted file mode 100644 index ef5d8b720a..0000000000 --- a/test/rails_app/rails_engine/lib/rails_engine/version.rb +++ /dev/null @@ -1,3 +0,0 @@ -module RailsEngine - VERSION = "0.0.1" -end diff --git a/test/rails_app/rails_engine/lib/tasks/rails_engine_tasks.rake b/test/rails_app/rails_engine/lib/tasks/rails_engine_tasks.rake deleted file mode 100644 index c179de9d9c..0000000000 --- a/test/rails_app/rails_engine/lib/tasks/rails_engine_tasks.rake +++ /dev/null @@ -1,4 +0,0 @@ -# desc "Explaining what the task does" -# task :rails_engine do -# # Task goes here -# end diff --git a/test/rails_app/rails_engine/rails_engine.gemspec b/test/rails_app/rails_engine/rails_engine.gemspec deleted file mode 100644 index 8ce0a3e6e7..0000000000 --- a/test/rails_app/rails_engine/rails_engine.gemspec +++ /dev/null @@ -1,17 +0,0 @@ -$:.push File.expand_path("../lib", __FILE__) - -# Maintain your gem's version: -require "rails_engine/version" - -# Describe your gem and declare its dependencies: -Gem::Specification.new do |s| - s.name = "rails_engine" - s.version = RailsEngine::VERSION - s.summary = "Engine route testing." - s.authors = "David Henry" - - s.files = Dir["{app,config,db,lib}/**/*", "MIT-LICENSE", "Rakefile"] - - s.add_dependency "rails" - s.add_dependency "devise" -end diff --git a/test/support/integration.rb b/test/support/integration.rb index d16cc65ed4..245b0e4256 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -21,22 +21,6 @@ def create_user(options={}) end end - def create_engine_user(options={}) - @user ||= begin - user = RailsEngine::User.create!( - username: 'usertest', - email: options[:email] || 'user@test.com', - password: options[:password] || '12345678', - password_confirmation: options[:password] || '12345678', - created_at: Time.now.utc - ) - user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at] - user.confirm! unless options[:confirm] == false - user.lock_access! if options[:locked] == true - user - end - end - def create_admin(options={}) @admin ||= begin admin = Admin.create!( From d1a9f220a12ea284cbffbab763e079cd1ae2855c Mon Sep 17 00:00:00 2001 From: Diego Souza Rodrigues Date: Sun, 11 May 2014 01:11:48 -0300 Subject: [PATCH 0490/1473] Update README.md The old Michael Hartl's online book link was broken. I guess this link is its substitute. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 141d8dec22..741c1a5c56 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ You will usually want to write tests for your changes. To run the test suite, g If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources: -* Michael Hartl's online book: http://railstutorial.org/chapters/modeling-and-viewing-users-two#top +* Michael Hartl's online book: http://www.railstutorial.org/book/demo_app#sec-modeling_demo_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :) From fa36464268a3a519c57d0b99a81c27e406cd938f Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 14 May 2014 23:25:29 -0300 Subject: [PATCH 0491/1473] Silence the OmniAuth logger during tests. --- test/test_helper.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/test_helper.rb b/test/test_helper.rb index 6042044661..dd200611e5 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -17,6 +17,8 @@ config.open_error_files = false end +OmniAuth.config.logger = Logger.new('/dev/null') + # Add support to load paths so we can overwrite broken webrat setup $:.unshift File.expand_path('../support', __FILE__) Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } From 2f6edfd0c57078a9d518fcd85276e92bc61c3ceb Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 14 May 2014 23:41:29 -0300 Subject: [PATCH 0492/1473] Update dependencies. --- Gemfile.lock | 64 +++++++++++++------------- gemfiles/Gemfile.rails-3.2-stable.lock | 60 ++++++++++++------------ gemfiles/Gemfile.rails-4.0-stable.lock | 54 +++++++++++----------- gemfiles/Gemfile.rails-head.lock | 22 ++++----- 4 files changed, 100 insertions(+), 100 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 52518b52aa..b90f743025 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: e93a4837b0266db46c24aae172e184f57c847b04 + revision: 9be37a9266d8b703e8f549af7bb6977e7a3a8352 branch: master specs: mongoid (4.0.0.beta1) @@ -22,27 +22,27 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.1.0) - actionpack (= 4.1.0) - actionview (= 4.1.0) + actionmailer (4.1.1) + actionpack (= 4.1.1) + actionview (= 4.1.1) mail (~> 2.5.4) - actionpack (4.1.0) - actionview (= 4.1.0) - activesupport (= 4.1.0) + actionpack (4.1.1) + actionview (= 4.1.1) + activesupport (= 4.1.1) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.0) - activesupport (= 4.1.0) + actionview (4.1.1) + activesupport (= 4.1.1) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.0) - activesupport (= 4.1.0) + activemodel (4.1.1) + activesupport (= 4.1.1) builder (~> 3.1) - activerecord (4.1.0) - activemodel (= 4.1.0) - activesupport (= 4.1.0) + activerecord (4.1.1) + activemodel (= 4.1.1) + activesupport (= 4.1.1) arel (~> 5.0.0) - activesupport (4.1.0) + activesupport (4.1.1) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -50,7 +50,7 @@ GEM tzinfo (~> 1.1) arel (5.0.1.20140414130214) bcrypt (3.1.7) - bson (2.2.2) + bson (2.2.3) builder (3.2.2) connection_pool (2.0.0) erubis (2.7.0) @@ -60,14 +60,14 @@ GEM hike (1.2.3) i18n (0.6.9) json (1.8.1) - jwt (0.1.11) + jwt (0.1.13) multi_json (>= 1.5) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.5.3) + mini_portile (0.6.0) minitest (5.3.3) mocha (1.0.0) metaclass (~> 0.0.1) @@ -75,11 +75,11 @@ GEM bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.9.3) + multi_json (1.10.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.1) - mini_portile (~> 0.5.0) + nokogiri (1.6.2.1) + mini_portile (= 0.6.0) oauth2 (0.9.3) faraday (>= 0.8, < 0.10) jwt (~> 0.1.8) @@ -109,19 +109,19 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.1.0) - actionmailer (= 4.1.0) - actionpack (= 4.1.0) - actionview (= 4.1.0) - activemodel (= 4.1.0) - activerecord (= 4.1.0) - activesupport (= 4.1.0) + rails (4.1.1) + actionmailer (= 4.1.1) + actionpack (= 4.1.1) + actionview (= 4.1.1) + activemodel (= 4.1.1) + activerecord (= 4.1.1) + activesupport (= 4.1.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.0) + railties (= 4.1.1) sprockets-rails (~> 2.0) - railties (4.1.0) - actionpack (= 4.1.0) - activesupport (= 4.1.0) + railties (4.1.1) + actionpack (= 4.1.1) + activesupport (= 4.1.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.3.1) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index d490d5df0e..64f022a245 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -1,14 +1,14 @@ GIT remote: git://github.com/rails/rails.git - revision: a3bda38467377cb8c3cdd52b6fcf6c6c31f74b82 + revision: c40df470556646a90a9070a077f19f8e520304f4 branch: 3-2-stable specs: - actionmailer (3.2.17) - actionpack (= 3.2.17) + actionmailer (3.2.18) + actionpack (= 3.2.18) mail (~> 2.5.4) - actionpack (3.2.17) - activemodel (= 3.2.17) - activesupport (= 3.2.17) + actionpack (3.2.18) + activemodel (= 3.2.18) + activesupport (= 3.2.18) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) @@ -16,31 +16,31 @@ GIT rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) - activemodel (3.2.17) - activesupport (= 3.2.17) + activemodel (3.2.18) + activesupport (= 3.2.18) builder (~> 3.0.0) - activerecord (3.2.17) - activemodel (= 3.2.17) - activesupport (= 3.2.17) + activerecord (3.2.18) + activemodel (= 3.2.18) + activesupport (= 3.2.18) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.17) - activemodel (= 3.2.17) - activesupport (= 3.2.17) - activesupport (3.2.17) + activeresource (3.2.18) + activemodel (= 3.2.18) + activesupport (= 3.2.18) + activesupport (3.2.18) i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) - rails (3.2.17) - actionmailer (= 3.2.17) - actionpack (= 3.2.17) - activerecord (= 3.2.17) - activeresource (= 3.2.17) - activesupport (= 3.2.17) + rails (3.2.18) + actionmailer (= 3.2.18) + actionpack (= 3.2.18) + activerecord (= 3.2.18) + activeresource (= 3.2.18) + activesupport (= 3.2.18) bundler (~> 1.0) - railties (= 3.2.17) - railties (3.2.17) - actionpack (= 3.2.17) - activesupport (= 3.2.17) + railties (= 3.2.18) + railties (3.2.18) + actionpack (= 3.2.18) + activesupport (= 3.2.18) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) @@ -70,14 +70,14 @@ GEM i18n (0.6.9) journey (1.0.4) json (1.8.1) - jwt (0.1.11) + jwt (0.1.13) multi_json (>= 1.5) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.5.3) + mini_portile (0.6.0) mocha (1.0.0) metaclass (~> 0.0.1) mongoid (3.1.6) @@ -86,11 +86,11 @@ GEM origin (~> 1.0) tzinfo (~> 0.3.29) moped (1.5.2) - multi_json (1.9.3) + multi_json (1.10.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.1) - mini_portile (~> 0.5.0) + nokogiri (1.6.2.1) + mini_portile (= 0.6.0) oauth2 (0.9.3) faraday (>= 0.8, < 0.10) jwt (~> 0.1.8) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 78742d59e0..4879603a08 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: e93a4837b0266db46c24aae172e184f57c847b04 + revision: 9be37a9266d8b703e8f549af7bb6977e7a3a8352 branch: master specs: mongoid (4.0.0.beta1) @@ -11,43 +11,43 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 2961fa8819e4d6a4007dbe54209a3de893b3604f + revision: 11cfe1075baa9c42b945e424adcbb69c5c7ad67c branch: 4-0-stable specs: - actionmailer (4.0.4) - actionpack (= 4.0.4) + actionmailer (4.0.5) + actionpack (= 4.0.5) mail (~> 2.5.4) - actionpack (4.0.4) - activesupport (= 4.0.4) + actionpack (4.0.5) + activesupport (= 4.0.5) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.4) - activesupport (= 4.0.4) + activemodel (4.0.5) + activesupport (= 4.0.5) builder (~> 3.1.0) - activerecord (4.0.4) - activemodel (= 4.0.4) + activerecord (4.0.5) + activemodel (= 4.0.5) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.4) + activesupport (= 4.0.5) arel (~> 4.0.0) - activesupport (4.0.4) + activesupport (4.0.5) i18n (~> 0.6, >= 0.6.9) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) - rails (4.0.4) - actionmailer (= 4.0.4) - actionpack (= 4.0.4) - activerecord (= 4.0.4) - activesupport (= 4.0.4) + rails (4.0.5) + actionmailer (= 4.0.5) + actionpack (= 4.0.5) + activerecord (= 4.0.5) + activesupport (= 4.0.5) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.4) + railties (= 4.0.5) sprockets-rails (~> 2.0) - railties (4.0.4) - actionpack (= 4.0.4) - activesupport (= 4.0.4) + railties (4.0.5) + actionpack (= 4.0.5) + activesupport (= 4.0.5) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -67,7 +67,7 @@ GEM activerecord-deprecated_finders (1.0.3) arel (4.0.2) bcrypt (3.1.7) - bson (2.2.2) + bson (2.2.3) builder (3.1.4) connection_pool (2.0.0) erubis (2.7.0) @@ -77,14 +77,14 @@ GEM hike (1.2.3) i18n (0.6.9) json (1.8.1) - jwt (0.1.11) + jwt (0.1.13) multi_json (>= 1.5) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.5.3) + mini_portile (0.6.0) minitest (4.7.5) mocha (1.0.0) metaclass (~> 0.0.1) @@ -92,11 +92,11 @@ GEM bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.9.3) + multi_json (1.10.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.1) - mini_portile (~> 0.5.0) + nokogiri (1.6.2.1) + mini_portile (= 0.6.0) oauth2 (0.9.3) faraday (>= 0.8, < 0.10) jwt (~> 0.1.8) diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index ee8fcae63a..1608b42a57 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: e93a4837b0266db46c24aae172e184f57c847b04 + revision: 9be37a9266d8b703e8f549af7bb6977e7a3a8352 branch: master specs: mongoid (4.0.0.beta1) @@ -11,13 +11,13 @@ GIT GIT remote: git://github.com/rails/arel.git - revision: d30b47ed86fd26f36e73d68a8e91f9d8912f1bfe + revision: 51d552c2cdcb749c2aaa96e982b5789b73f12f56 specs: - arel (5.0.0.20140412150050) + arel (6.0.0.20140505020427) GIT remote: git://github.com/rails/rails.git - revision: e918516d2fdfa24e5fc04ef14e371f08f4a8315f + revision: 1961894d1254c71f816dad33ce0164fb88625479 specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) @@ -38,7 +38,7 @@ GIT activerecord (4.2.0.alpha) activemodel (= 4.2.0.alpha) activesupport (= 4.2.0.alpha) - arel (~> 5.0.0) + arel (~> 6.0.0) activesupport (4.2.0.alpha) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) @@ -75,7 +75,7 @@ GEM remote: https://rubygems.org/ specs: bcrypt (3.1.7) - bson (2.2.2) + bson (2.2.3) builder (3.2.2) connection_pool (2.0.0) erubis (2.7.0) @@ -85,14 +85,14 @@ GEM hike (1.2.3) i18n (0.6.9) json (1.8.1) - jwt (0.1.11) + jwt (0.1.13) multi_json (>= 1.5) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.5.3) + mini_portile (0.6.0) minitest (5.3.3) mocha (1.0.0) metaclass (~> 0.0.1) @@ -100,11 +100,11 @@ GEM bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.9.3) + multi_json (1.10.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.1) - mini_portile (~> 0.5.0) + nokogiri (1.6.2.1) + mini_portile (= 0.6.0) oauth2 (0.9.3) faraday (>= 0.8, < 0.10) jwt (~> 0.1.8) From d47c370916fb24e31facedc74f563d508d45f22f Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Fri, 9 May 2014 15:48:52 -0500 Subject: [PATCH 0493/1473] * Allows CSRF cleanup to be turned off for certain strategy types * Defaults Authenticatable CSRF cleanup --- lib/devise/hooks/csrf_cleaner.rb | 4 +++- lib/devise/strategies/authenticatable.rb | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/devise/hooks/csrf_cleaner.rb b/lib/devise/hooks/csrf_cleaner.rb index afec4bc84d..28d4aea8b9 100644 --- a/lib/devise/hooks/csrf_cleaner.rb +++ b/lib/devise/hooks/csrf_cleaner.rb @@ -1,5 +1,7 @@ Warden::Manager.after_authentication do |record, warden, options| - if Devise.clean_up_csrf_token_on_authentication + clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) || + warden.winning_strategy.clean_up_csrf? + if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy warden.request.session.try(:delete, :_csrf_token) end end diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index bd34a45557..cd3a15ea9f 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -16,6 +16,13 @@ def valid? valid_for_params_auth? || valid_for_http_auth? end + # Override and set to false for things like OmniAuth that technically + # run through Authentication (user_set) very often, which would normally + # reset CSRF data in the session + def clean_up_csrf? + true + end + private # Receives a resource and check if it is valid by calling valid_for_authentication? From c5c360cdd93f8c43e76d30f2b7d0727d0bc7f4de Mon Sep 17 00:00:00 2001 From: David Henry Date: Thu, 15 May 2014 18:59:51 +0100 Subject: [PATCH 0494/1473] Add classes for mongoid based tests --- test/rails_app/app/mongoid/user_on_engine.rb | 39 +++++++++++++++++++ .../rails_app/app/mongoid/user_on_main_app.rb | 39 +++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 test/rails_app/app/mongoid/user_on_engine.rb create mode 100644 test/rails_app/app/mongoid/user_on_main_app.rb diff --git a/test/rails_app/app/mongoid/user_on_engine.rb b/test/rails_app/app/mongoid/user_on_engine.rb new file mode 100644 index 0000000000..e68b096f63 --- /dev/null +++ b/test/rails_app/app/mongoid/user_on_engine.rb @@ -0,0 +1,39 @@ +require 'shared_user_without_omniauth' + +class UserOnEngine + include Mongoid::Document + include Shim + include SharedUserWithoutOmniauth + + field :username, type: String + field :facebook_token, type: String + + ## Database authenticatable + field :email, type: String, default: "" + field :encrypted_password, type: String, default: "" + + ## Recoverable + field :reset_password_token, type: String + field :reset_password_sent_at, type: Time + + ## Rememberable + field :remember_created_at, type: Time + + ## Trackable + field :sign_in_count, type: Integer, default: 0 + field :current_sign_in_at, type: Time + field :last_sign_in_at, type: Time + field :current_sign_in_ip, type: String + field :last_sign_in_ip, type: String + + ## Confirmable + field :confirmation_token, type: String + field :confirmed_at, type: Time + field :confirmation_sent_at, type: Time + # field :unconfirmed_email, type: String # Only if using reconfirmable + + ## Lockable + field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts + field :unlock_token, type: String # Only if unlock strategy is :email or :both + field :locked_at, type: Time +end diff --git a/test/rails_app/app/mongoid/user_on_main_app.rb b/test/rails_app/app/mongoid/user_on_main_app.rb new file mode 100644 index 0000000000..a35f2336ae --- /dev/null +++ b/test/rails_app/app/mongoid/user_on_main_app.rb @@ -0,0 +1,39 @@ +require 'shared_user_without_omniauth' + +class UserOnMainApp + include Mongoid::Document + include Shim + include SharedUserWithoutOmniauth + + field :username, type: String + field :facebook_token, type: String + + ## Database authenticatable + field :email, type: String, default: "" + field :encrypted_password, type: String, default: "" + + ## Recoverable + field :reset_password_token, type: String + field :reset_password_sent_at, type: Time + + ## Rememberable + field :remember_created_at, type: Time + + ## Trackable + field :sign_in_count, type: Integer, default: 0 + field :current_sign_in_at, type: Time + field :last_sign_in_at, type: Time + field :current_sign_in_ip, type: String + field :last_sign_in_ip, type: String + + ## Confirmable + field :confirmation_token, type: String + field :confirmed_at, type: Time + field :confirmation_sent_at, type: Time + # field :unconfirmed_email, type: String # Only if using reconfirmable + + ## Lockable + field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts + field :unlock_token, type: String # Only if unlock strategy is :email or :both + field :locked_at, type: Time +end From 6a628724eabf369c1ad35f99fdc1e311ad2ca558 Mon Sep 17 00:00:00 2001 From: David Henry Date: Thu, 15 May 2014 19:42:08 +0100 Subject: [PATCH 0495/1473] Ensure I don't leave public methods around that break the test suit.. --- test/rails_app/app/controllers/application_with_fake_engine.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/rails_app/app/controllers/application_with_fake_engine.rb b/test/rails_app/app/controllers/application_with_fake_engine.rb index 3f60c54d04..c77d67f157 100644 --- a/test/rails_app/app/controllers/application_with_fake_engine.rb +++ b/test/rails_app/app/controllers/application_with_fake_engine.rb @@ -1,4 +1,6 @@ class ApplicationWithFakeEngine < ApplicationController + private + helper_method :fake_engine def fake_engine @fake_engine ||= FakeEngine.new From d8ee3e49cb2185366e924b799dbdb92ee94d3c20 Mon Sep 17 00:00:00 2001 From: randoum Date: Fri, 16 May 2014 05:57:18 +0800 Subject: [PATCH 0496/1473] lock_access! better failure message --- lib/devise/models/lockable.rb | 4 ++-- test/models/lockable_test.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 4fd5c94f23..d3159be3f5 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -115,10 +115,10 @@ def unauthenticated_message # leaks the existence of an account. if Devise.paranoid super + elsif access_locked? || (lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?) + :locked elsif lock_strategy_enabled?(:failed_attempts) && last_attempt? :last_attempt - elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded? - :locked else super end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 7bfb25c668..dac5a73d61 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -313,4 +313,14 @@ def setup end end end + + test 'should return locked message if user was programatically locked' do + swap Devise, last_attempt_warning: :true do + swap Devise, lock_strategy: :failed_attempts do + user = create_user + user.lock_access! + assert_equal :locked, user.unauthenticated_message + end + end + end end From 4ee2402cd78e8f83d9cdc9f1e3f7c1a26d78c78c Mon Sep 17 00:00:00 2001 From: randoum Date: Fri, 16 May 2014 06:02:11 +0800 Subject: [PATCH 0497/1473] lock_access! better failure message --- test/models/lockable_test.rb | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index dac5a73d61..aa6dedcdd9 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -315,12 +315,8 @@ def setup end test 'should return locked message if user was programatically locked' do - swap Devise, last_attempt_warning: :true do - swap Devise, lock_strategy: :failed_attempts do - user = create_user - user.lock_access! - assert_equal :locked, user.unauthenticated_message - end - end + user = create_user + user.lock_access! + assert_equal :locked, user.unauthenticated_message end end From 72f5eae391a8923a6ffb8f08c5b8fad0d6e87f28 Mon Sep 17 00:00:00 2001 From: Jimmy Chen Date: Wed, 30 Apr 2014 12:00:45 -0400 Subject: [PATCH 0498/1473] Document that we can configure Devise test helpers in spec_helper.rb Closes #3006 [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 741c1a5c56..def80e1493 100644 --- a/README.md +++ b/README.md @@ -393,7 +393,7 @@ class ActionController::TestCase end ``` -If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb`: +If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb`: ```ruby RSpec.configure do |config| From 451be888cb7c2e2e63222f012308f5304236a704 Mon Sep 17 00:00:00 2001 From: Kush Kella Date: Wed, 21 May 2014 16:18:35 -0700 Subject: [PATCH 0499/1473] added non-bang version of update_tracked_fields --- lib/devise/models/trackable.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index c701877449..ae65c91479 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -15,7 +15,7 @@ def self.required_fields(klass) [:current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count] end - def update_tracked_fields!(request) + def update_tracked_fields(request) old_current, new_current = self.current_sign_in_at, Time.now.utc self.last_sign_in_at = old_current || new_current self.current_sign_in_at = new_current @@ -26,7 +26,10 @@ def update_tracked_fields!(request) self.sign_in_count ||= 0 self.sign_in_count += 1 + end + def update_tracked_fields!(request) + update_tracked_fields(request) save(validate: false) or raise "Devise trackable could not save #{inspect}." \ "Please make sure a model using trackable can be saved at sign in." end From dd56dc7da6970dbfff634b4115973ad278ab19d6 Mon Sep 17 00:00:00 2001 From: Kush Kella Date: Thu, 22 May 2014 11:11:06 -0700 Subject: [PATCH 0500/1473] added test for update_tracked_fields method --- test/models/trackable_test.rb | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/test/models/trackable_test.rb b/test/models/trackable_test.rb index 6abcd76cba..c63682f3a7 100644 --- a/test/models/trackable_test.rb +++ b/test/models/trackable_test.rb @@ -10,4 +10,32 @@ class TrackableTest < ActiveSupport::TestCase :sign_in_count ] end + + test 'update_tracked_fields should only set attributes but not save the record' do + user = create_user + request = mock + request.stubs(:remote_ip).returns("127.0.0.1") + + assert_nil user.current_sign_in_ip + assert_nil user.last_sign_in_ip + assert_nil user.current_sign_in_at + assert_nil user.last_sign_in_at + assert_equal 0, user.sign_in_count + + user.update_tracked_fields(request) + + assert_equal "127.0.0.1", user.current_sign_in_ip + assert_equal "127.0.0.1", user.last_sign_in_ip + assert_not_nil user.current_sign_in_at + assert_not_nil user.last_sign_in_at + assert_equal 1, user.sign_in_count + + user.reload + + assert_nil user.current_sign_in_ip + assert_nil user.last_sign_in_ip + assert_nil user.current_sign_in_at + assert_nil user.last_sign_in_at + assert_equal 0, user.sign_in_count + end end From 0e14ac3aa77df077d024a1278e2fc9f7cd0e64f6 Mon Sep 17 00:00:00 2001 From: Brent Kearney Date: Fri, 23 May 2014 12:26:19 -0600 Subject: [PATCH 0501/1473] Updated Getting Started instructions to help avoid confusion around alternate devise MODEL names --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index def80e1493..cde18b16a7 100644 --- a/README.md +++ b/README.md @@ -122,12 +122,14 @@ You should restart your application after changing Devise's configuration option ### Controller filters and helpers -Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action: +Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action (assuming your devise model is 'User'): ```ruby before_action :authenticate_user! ``` +If your devise MODEL is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below. + To verify if a user is signed in, use the following helper: ```ruby From 82b60fce15e46eb9429625a56caea7faa5336091 Mon Sep 17 00:00:00 2001 From: Brent Kearney Date: Fri, 23 May 2014 15:15:41 -0600 Subject: [PATCH 0502/1473] Changed MODEL to model, as per request. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cde18b16a7..a0e945dfbb 100644 --- a/README.md +++ b/README.md @@ -128,7 +128,7 @@ Devise will create some helpers to use inside your controllers and views. To set before_action :authenticate_user! ``` -If your devise MODEL is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below. +If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below. To verify if a user is signed in, use the following helper: From 8df6a2f38bb189be8843f768a6f95708cecb4ac2 Mon Sep 17 00:00:00 2001 From: Giovanni Caniato Date: Tue, 20 May 2014 00:18:41 +0200 Subject: [PATCH 0503/1473] added groups with their helper methods --- lib/devise.rb | 13 ++++++ lib/devise/controllers/helpers.rb | 64 ++++++++++++++++++++++++++++++ lib/devise/omniauth/url_helpers.rb | 3 ++ lib/devise/rails/routes.rb | 13 ++++++ test/controllers/helpers_test.rb | 29 ++++++++++++++ test/rails_app/config/routes.rb | 2 + 6 files changed, 124 insertions(+) diff --git a/lib/devise.rb b/lib/devise.rb index 153751ea7a..653e940fc3 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -256,6 +256,10 @@ def self.#{method}=(val) mattr_reader :mappings @@mappings = ActiveSupport::OrderedHash.new + # Store groups. + mattr_reader :groups + @@groups = {} + # Omniauth configurations. mattr_reader :omniauth_configs @@omniauth_configs = ActiveSupport::OrderedHash.new @@ -335,6 +339,15 @@ def self.add_mapping(resource, options) mapping end + # Adds a group to Devise. + def self.add_group(group_name, resources) + singular_sym = lambda { |thing| thing.to_s.singularize.to_sym } + + group_name = singular_sym.call(group_name) + Devise.groups[group_name] = resources.map!(&singular_sym) + @@helpers.each { |h| h.define_group_helpers(group_name) } + end + # Make Devise aware of an 3rd party Devise-module (like invitable). For convenience. # # == Options: diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 14a3dd5d0a..aee9571b6d 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -68,6 +68,70 @@ def #{mapping}_session end end + # Define authentication filters and accessor helpers for a group of mappings. + # These methods are useful when you are working with multiple mappings that + # share some functionality. They are pretty much the same as the ones + # defined for normal mappings. + # + # Example: + # + # Group: + # blogger (contains User and Admin) + # + # Generated methods: + # authenticate_blogger! # Redirects unless user or admin are signed in + # blogger_signed_in? # Checks whether there is either a user or an admin signed in + # current_blogger # Currently signed in user or admin + # current_bloggers # Currently signed in user and admin + # + # Use: + # before_filter :authenticate_blogger! # Redirects unless either a user or an admin are authenticated + # before_filter ->{ authenticate_blogger! :admin } # Redirects to the admin login page + # current_blogger :user # Preferably returns a User if one is signed in + # + def self.define_group_helpers(group_name) + class_eval <<-METHODS, __FILE__, __LINE__ + 1 + def authenticate_#{group_name}!(favourite=nil, opts={}) + unless #{group_name}_signed_in? + mappings = Devise.groups[:#{group_name}] + mappings.unshift mappings.delete(favourite.to_sym) if favourite + mappings.each do |mapping| + opts[:scope] = mapping + warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) + end + end + end + + def #{group_name}_signed_in? + Devise.groups[:#{group_name}].any? do |mapping| + warden.authenticate?(scope: mapping) + end + end + + def current_#{group_name}(favourite=nil) + mappings = Devise.groups[:#{group_name}] + mappings.unshift(mappings.delete favourite.to_sym) if favourite + mappings.each do |mapping| + current = warden.authenticate(scope: mapping) + return current if current + end + nil + end + + def current_#{group_name.to_s.pluralize} + records = [] + Devise.groups[:#{group_name}].each do |mapping| + records << warden.authenticate(scope: mapping) + end + records.compact + end + METHODS + + ActiveSupport.on_load(:action_controller) do + helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?" + end + end + # The main accessor for the warden proxy instance def warden request.env['warden'] diff --git a/lib/devise/omniauth/url_helpers.rb b/lib/devise/omniauth/url_helpers.rb index dd123f6a9b..969ac46843 100644 --- a/lib/devise/omniauth/url_helpers.rb +++ b/lib/devise/omniauth/url_helpers.rb @@ -4,6 +4,9 @@ module UrlHelpers def self.define_helpers(mapping) end + def self.define_group_helpers(group_name) + end + def omniauth_authorize_path(resource_or_scope, *args) scope = Devise::Mapping.find_scope!(resource_or_scope) _devise_route_context.send("#{scope}_omniauth_authorize_path", *args) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 2951b14153..5c1080a801 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -351,6 +351,19 @@ def devise_scope(scope) end alias :as :devise_scope + # Creates a group that can contain multiple scopes in order to abstract them + # over some functionality, the only thing it really does is defining helper methods. + # + # For example + # + # devise_group :bloggers, includes: [:users, :admins] + # + # will define: current_blogger, current_bloggers, authenticate_blogger! and blogger_signed_in? + # + def devise_group(group_name, opts={}) + Devise.add_group(group_name.to_s.singularize, opts[:includes]) + end + protected def devise_session(mapping, controllers) #:nodoc: diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 4a7b648415..c691e5905b 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -25,6 +25,13 @@ def setup @controller.signed_in? end + test 'proxy [group]_signed_in? to authenticate? with each scope' do + Devise.groups[:commenter].each do |scope| + @mock_warden.expects(:authenticate?).with(scope: scope).returns(false) + end + @controller.commenter_signed_in? + end + test 'proxy current_user to authenticate with user scope' do @mock_warden.expects(:authenticate).with(scope: :user) @controller.current_user @@ -35,6 +42,20 @@ def setup @controller.current_admin end + test 'proxy current_[group] to authenticate with each scope' do + Devise.groups[:commenter].each do |scope| + @mock_warden.expects(:authenticate).with(scope: scope).returns(nil) + end + @controller.current_commenter + end + + test 'proxy current_[plural_group] to authenticate with each scope' do + Devise.groups[:commenter].each do |scope| + @mock_warden.expects(:authenticate).with(scope: scope) + end + @controller.current_commenters + end + test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do @mock_warden.expects(:authenticate).with(scope: :publisher_account) @controller.current_publisher_account @@ -55,6 +76,14 @@ def setup @controller.authenticate_admin! end + test 'proxy authenticate_[group]! to authenticate!? with each scope' do + Devise.groups[:commenter].each do |scope| + @mock_warden.expects(:authenticate!).with(scope: scope) + @mock_warden.expects(:authenticate?).with(scope: scope).returns(false) + end + @controller.authenticate_commenter! + end + test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do @mock_warden.expects(:authenticate!).with(scope: :publisher_account) @controller.authenticate_publisher_account! diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 1ab9c290bc..f218de1eb2 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -104,5 +104,7 @@ get "/unauthenticated", to: "home#unauthenticated" get "/custom_strategy/new" + devise_group :commenters, includes: [:admins, :users] + root to: "home#index", via: [:get, :post] end From cb1d6c4684371c1532433767e647ff7a04ac8bef Mon Sep 17 00:00:00 2001 From: Giovanni Caniato Date: Tue, 27 May 2014 10:48:34 +0200 Subject: [PATCH 0504/1473] moved helpers definition from routes to controllers --- lib/devise.rb | 13 -- lib/devise/controllers/helpers.rb | 113 ++++++++++-------- lib/devise/omniauth/url_helpers.rb | 3 - lib/devise/rails/routes.rb | 13 -- test/controllers/helpers_test.rb | 8 +- .../app/controllers/application_controller.rb | 2 + test/rails_app/config/routes.rb | 2 - 7 files changed, 66 insertions(+), 88 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 653e940fc3..153751ea7a 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -256,10 +256,6 @@ def self.#{method}=(val) mattr_reader :mappings @@mappings = ActiveSupport::OrderedHash.new - # Store groups. - mattr_reader :groups - @@groups = {} - # Omniauth configurations. mattr_reader :omniauth_configs @@omniauth_configs = ActiveSupport::OrderedHash.new @@ -339,15 +335,6 @@ def self.add_mapping(resource, options) mapping end - # Adds a group to Devise. - def self.add_group(group_name, resources) - singular_sym = lambda { |thing| thing.to_s.singularize.to_sym } - - group_name = singular_sym.call(group_name) - Devise.groups[group_name] = resources.map!(&singular_sym) - @@helpers.each { |h| h.define_group_helpers(group_name) } - end - # Make Devise aware of an 3rd party Devise-module (like invitable). For convenience. # # == Options: diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index aee9571b6d..79b696ef2d 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -6,8 +6,12 @@ module Helpers include Devise::Controllers::SignInOut include Devise::Controllers::StoreLocation - included do + included do |base| helper_method :warden, :signed_in?, :devise_controller? + + base.class_eval do + extend GroupHelpers + end end module ClassMethods @@ -68,67 +72,70 @@ def #{mapping}_session end end - # Define authentication filters and accessor helpers for a group of mappings. - # These methods are useful when you are working with multiple mappings that - # share some functionality. They are pretty much the same as the ones - # defined for normal mappings. - # - # Example: - # - # Group: - # blogger (contains User and Admin) - # - # Generated methods: - # authenticate_blogger! # Redirects unless user or admin are signed in - # blogger_signed_in? # Checks whether there is either a user or an admin signed in - # current_blogger # Currently signed in user or admin - # current_bloggers # Currently signed in user and admin - # - # Use: - # before_filter :authenticate_blogger! # Redirects unless either a user or an admin are authenticated - # before_filter ->{ authenticate_blogger! :admin } # Redirects to the admin login page - # current_blogger :user # Preferably returns a User if one is signed in - # - def self.define_group_helpers(group_name) - class_eval <<-METHODS, __FILE__, __LINE__ + 1 - def authenticate_#{group_name}!(favourite=nil, opts={}) - unless #{group_name}_signed_in? - mappings = Devise.groups[:#{group_name}] - mappings.unshift mappings.delete(favourite.to_sym) if favourite - mappings.each do |mapping| - opts[:scope] = mapping - warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) + module GroupHelpers + # Define authentication filters and accessor helpers for a group of mappings. + # These methods are useful when you are working with multiple mappings that + # share some functionality. They are pretty much the same as the ones + # defined for normal mappings. + # + # Example: + # + # inside BlogsController (or any other controller, it doesn't matter which): + # devise_helpers_for :blogger, contains: [:user, :admin] + # + # Generated methods: + # authenticate_blogger! # Redirects unless user or admin are signed in + # blogger_signed_in? # Checks whether there is either a user or an admin signed in + # current_blogger # Currently signed in user or admin + # current_bloggers # Currently signed in user and admin + # + # Use: + # before_filter :authenticate_blogger! # Redirects unless either a user or an admin are authenticated + # before_filter ->{ authenticate_blogger! :admin } # Redirects to the admin login page + # current_blogger :user # Preferably returns a User if one is signed in + # + def devise_group(group_name, opts={}) + opts[:contains].map! { |m| ":#{m}" } + mappings = "[#{ opts[:contains].join(',') }]" + + ActionController::Base.class_eval <<-METHODS, __FILE__, __LINE__ + 1 + def authenticate_#{group_name}!(favourite=nil, opts={}) + unless #{group_name}_signed_in? + mappings = #{mappings} + mappings.unshift mappings.delete(favourite.to_sym) if favourite + mappings.each do |mapping| + opts[:scope] = mapping + warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) + end end end - end - def #{group_name}_signed_in? - Devise.groups[:#{group_name}].any? do |mapping| - warden.authenticate?(scope: mapping) + def #{group_name}_signed_in? + #{mappings}.any? do |mapping| + warden.authenticate?(scope: mapping) + end end - end - def current_#{group_name}(favourite=nil) - mappings = Devise.groups[:#{group_name}] - mappings.unshift(mappings.delete favourite.to_sym) if favourite - mappings.each do |mapping| - current = warden.authenticate(scope: mapping) - return current if current + def current_#{group_name}(favourite=nil) + mappings = #{mappings} + mappings.unshift mappings.delete(favourite.to_sym) if favourite + mappings.each do |mapping| + current = warden.authenticate(scope: mapping) + return current if current + end + nil end - nil - end - def current_#{group_name.to_s.pluralize} - records = [] - Devise.groups[:#{group_name}].each do |mapping| - records << warden.authenticate(scope: mapping) + def current_#{group_name.to_s.pluralize} + records = [] + #{mappings}.each do |mapping| + records << warden.authenticate(scope: mapping) + end + records.compact end - records.compact - end - METHODS - ActiveSupport.on_load(:action_controller) do - helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?" + helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?" + METHODS end end diff --git a/lib/devise/omniauth/url_helpers.rb b/lib/devise/omniauth/url_helpers.rb index 969ac46843..dd123f6a9b 100644 --- a/lib/devise/omniauth/url_helpers.rb +++ b/lib/devise/omniauth/url_helpers.rb @@ -4,9 +4,6 @@ module UrlHelpers def self.define_helpers(mapping) end - def self.define_group_helpers(group_name) - end - def omniauth_authorize_path(resource_or_scope, *args) scope = Devise::Mapping.find_scope!(resource_or_scope) _devise_route_context.send("#{scope}_omniauth_authorize_path", *args) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 5c1080a801..2951b14153 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -351,19 +351,6 @@ def devise_scope(scope) end alias :as :devise_scope - # Creates a group that can contain multiple scopes in order to abstract them - # over some functionality, the only thing it really does is defining helper methods. - # - # For example - # - # devise_group :bloggers, includes: [:users, :admins] - # - # will define: current_blogger, current_bloggers, authenticate_blogger! and blogger_signed_in? - # - def devise_group(group_name, opts={}) - Devise.add_group(group_name.to_s.singularize, opts[:includes]) - end - protected def devise_session(mapping, controllers) #:nodoc: diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index c691e5905b..0af99cbea8 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -26,7 +26,7 @@ def setup end test 'proxy [group]_signed_in? to authenticate? with each scope' do - Devise.groups[:commenter].each do |scope| + [:user, :admin].each do |scope| @mock_warden.expects(:authenticate?).with(scope: scope).returns(false) end @controller.commenter_signed_in? @@ -43,14 +43,14 @@ def setup end test 'proxy current_[group] to authenticate with each scope' do - Devise.groups[:commenter].each do |scope| + [:user, :admin].each do |scope| @mock_warden.expects(:authenticate).with(scope: scope).returns(nil) end @controller.current_commenter end test 'proxy current_[plural_group] to authenticate with each scope' do - Devise.groups[:commenter].each do |scope| + [:user, :admin].each do |scope| @mock_warden.expects(:authenticate).with(scope: scope) end @controller.current_commenters @@ -77,7 +77,7 @@ def setup end test 'proxy authenticate_[group]! to authenticate!? with each scope' do - Devise.groups[:commenter].each do |scope| + [:user, :admin].each do |scope| @mock_warden.expects(:authenticate!).with(scope: scope) @mock_warden.expects(:authenticate?).with(scope: scope).returns(false) end diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb index a3153ffa0d..b6df55f493 100644 --- a/test/rails_app/app/controllers/application_controller.rb +++ b/test/rails_app/app/controllers/application_controller.rb @@ -6,4 +6,6 @@ class ApplicationController < ActionController::Base before_filter :current_user, unless: :devise_controller? before_filter :authenticate_user!, if: :devise_controller? respond_to *Mime::SET.map(&:to_sym) + + devise_group :commenter, contains: [:user, :admin] end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index f218de1eb2..1ab9c290bc 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -104,7 +104,5 @@ get "/unauthenticated", to: "home#unauthenticated" get "/custom_strategy/new" - devise_group :commenters, includes: [:admins, :users] - root to: "home#index", via: [:get, :post] end From 88efa6545f24a9e087e5f7b13f47931fbe6349b3 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 28 May 2014 10:38:29 -0300 Subject: [PATCH 0505/1473] Swap the failure app during the test case properly. --- test/test_helpers_test.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index b0d523da53..f2db748559 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -72,12 +72,9 @@ def redirect end test "respects custom failure app" do - begin - Devise.warden_config.failure_app = CustomFailureApp + swap Devise.warden_config, failure_app: CustomFailureApp do get :index assert_response 306 - ensure - Devise.warden_config.failure_app = Devise::FailureApp end end From dfcb342a8f79a9940448a01d137928ba5297cb53 Mon Sep 17 00:00:00 2001 From: Giovanni Caniato Date: Wed, 28 May 2014 19:29:34 +0200 Subject: [PATCH 0506/1473] group methods defined in the current scope --- lib/devise/controllers/helpers.rb | 2 +- test/controllers/internal_helpers_test.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 79b696ef2d..06b9b1afa7 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -98,7 +98,7 @@ def devise_group(group_name, opts={}) opts[:contains].map! { |m| ":#{m}" } mappings = "[#{ opts[:contains].join(',') }]" - ActionController::Base.class_eval <<-METHODS, __FILE__, __LINE__ + 1 + class_eval <<-METHODS, __FILE__, __LINE__ + 1 def authenticate_#{group_name}!(favourite=nil, opts={}) unless #{group_name}_signed_in? mappings = #{mappings} diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 914bab73e0..db5f6870b8 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -51,7 +51,7 @@ def setup end test 'resources methods are not controller actions' do - assert @controller.class.action_methods.empty? + assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty? end test 'require no authentication tests current mapping' do From 65d7d1ba5528a18130607d72a763e59850f81bef Mon Sep 17 00:00:00 2001 From: Brian Underwood Date: Wed, 28 May 2014 22:17:07 -0700 Subject: [PATCH 0507/1473] Change test to use acts_like? so that we can have DateTime fields --- test/integration/trackable_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index f3d73c2e37..0dbbee297a 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -10,8 +10,8 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest sign_in_as_user user.reload - assert_kind_of Time, user.current_sign_in_at - assert_kind_of Time, user.last_sign_in_at + assert user.current_sign_in_at.acts_like?(:time) + assert user.last_sign_in_at.acts_like?(:time) assert_equal user.current_sign_in_at, user.last_sign_in_at assert user.current_sign_in_at >= user.created_at From 37e05380d1fedfdad02134c63f45a28a63d62645 Mon Sep 17 00:00:00 2001 From: Ahmed Mostafa Date: Thu, 29 May 2014 16:08:29 +0300 Subject: [PATCH 0508/1473] Update README.md Fixed incorrect method definition. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a0e945dfbb..6a9a2eb982 100644 --- a/README.md +++ b/README.md @@ -202,7 +202,7 @@ class ApplicationController < ActionController::Base end ``` -The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_parameters_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block: +The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block: To permit simple scalar values for username and email, use this From 2174e4675efcf84091a58e823c73d2e152fc0770 Mon Sep 17 00:00:00 2001 From: Brian Underwood Date: Wed, 4 Jun 2014 21:59:30 -0700 Subject: [PATCH 0509/1473] Use User and Admin orm_adapter adapter in tests to support other ORMs (neo4j, in this case) --- test/integration/registerable_test.rb | 30 +++++++++---------- .../users/omniauth_callbacks_controller.rb | 2 +- test/test_helper.rb | 3 ++ 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 221a0d8bc3..06b7106e8e 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -17,7 +17,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert warden.authenticated?(:admin) assert_current_url "/admin_area/home" - admin = Admin.order(:id).last + admin = AdminAdapter.find_first(order: [:id, :desc]) assert_equal admin.email, 'new_user@test.com' end @@ -56,7 +56,7 @@ def user_sign_up assert_not warden.authenticated?(:user) - user = User.order(:id).last + user = UserAdapter.find_first(order: [:id, :desc]) assert_equal user.email, 'new_user@test.com' assert_not user.confirmed? end @@ -103,7 +103,7 @@ def user_sign_up assert_contain Devise.rails4? ? "Password confirmation doesn't match Password" : "Password doesn't match confirmation" assert_contain "2 errors prohibited" - assert_nil User.first + assert_nil UserAdapter.find_first assert_not warden.authenticated?(:user) end @@ -151,7 +151,7 @@ def user_sign_up assert_current_url '/' assert_contain 'Your account has been updated successfully.' - assert_equal "user.new@example.com", User.first.email + assert_equal "user.new@example.com", UserAdapter.find_first.email end test 'a signed in user should still be able to use the website after changing their password' do @@ -180,7 +180,7 @@ def user_sign_up assert_contain 'user@test.com' assert_have_selector 'form input[value="user.new@example.com"]' - assert_equal "user@test.com", User.first.email + assert_equal "user@test.com", UserAdapter.find_first.email end test 'a signed in user should be able to edit their password' do @@ -195,7 +195,7 @@ def user_sign_up assert_current_url '/' assert_contain 'Your account has been updated successfully.' - assert User.first.valid_password?('pass1234') + assert UserAdapter.find_first.valid_password?('pass1234') end test 'a signed in user should not be able to edit their password with invalid confirmation' do @@ -209,7 +209,7 @@ def user_sign_up assert_contain Devise.rails4? ? "Password confirmation doesn't match Password" : "Password doesn't match confirmation" - assert_not User.first.valid_password?('pas123') + assert_not UserAdapter.find_first.valid_password?('pas123') end test 'a signed in user should be able to cancel their account' do @@ -219,7 +219,7 @@ def user_sign_up click_button "Cancel my account" assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon." - assert User.all.empty? + assert UserAdapter.find_all.empty? end test 'a user should be able to cancel sign up by deleting data in the session' do @@ -253,7 +253,7 @@ def user_sign_up assert_response :success assert response.body.include? %(\n) - admin = Admin.order(:id).last + admin = AdminAdapter.find_first(order: [:id, :desc]) assert_equal admin.email, 'new_user@test.com' end @@ -262,7 +262,7 @@ def user_sign_up assert_response :success assert response.body.include? %(\n) - user = User.order(:id).last + user = UserAdapter.find_first(order: [:id, :desc]) assert_equal user.email, 'new_user@test.com' end @@ -290,7 +290,7 @@ def user_sign_up sign_in_as_user delete user_registration_path(format: 'xml') assert_response :success - assert_equal User.count, 0 + assert_equal UserAdapter.find_all.size, 0 end end @@ -305,7 +305,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest assert_current_url '/admin_area/home' assert_contain 'but we need to verify your new email address' - assert_equal 'admin.new@example.com', Admin.first.unconfirmed_email + assert_equal 'admin.new@example.com', AdminAdapter.find_first.unconfirmed_email get edit_admin_registration_path assert_contain 'Currently waiting confirmation for: admin.new@example.com' @@ -323,7 +323,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest assert_current_url '/admin_area/home' assert_contain 'Your account has been updated successfully.' - assert Admin.first.valid_password?('pas123') + assert AdminAdapter.find_first.valid_password?('pas123') end test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do @@ -343,7 +343,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest assert_current_url '/admin_area/home' assert_contain 'Your account has been updated successfully.' - assert_equal "admin.new@example.com", Admin.first.unconfirmed_email - assert Admin.first.valid_password?('pas123') + assert_equal "admin.new@example.com", AdminAdapter.find_first.unconfirmed_email + assert AdminAdapter.find_first.valid_password?('pas123') end end diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index a3b1e1e550..94ea9ff07e 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -6,7 +6,7 @@ def facebook end def sign_in_facebook - user = User.find_by_email('user@test.com') + user = UserAdapter.find_first(email: 'user@test.com') user.remember_me = true sign_in user render text: "" diff --git a/test/test_helper.rb b/test/test_helper.rb index 6042044661..3c0a835393 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -8,6 +8,9 @@ require "rails/test_help" require "orm/#{DEVISE_ORM}" +AdminAdapter = Admin.to_adapter unless Admin.is_a?(OrmAdapter::Base) +UserAdapter = User.to_adapter unless User.is_a?(OrmAdapter::Base) + I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) require 'mocha/setup' From 2bde395840b9991c5f8117e1596064e3bb04b483 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 6 Jun 2014 13:03:53 +0200 Subject: [PATCH 0510/1473] Update activatable.rb --- lib/devise/hooks/activatable.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/devise/hooks/activatable.rb b/lib/devise/hooks/activatable.rb index 0ec7c62d0c..805c2c5752 100644 --- a/lib/devise/hooks/activatable.rb +++ b/lib/devise/hooks/activatable.rb @@ -1,7 +1,6 @@ -# Deny user access whenever their account is not active yet. All strategies that inherits from -# Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication? -# before actively signing them in. However, we need this as hook to validate the user activity -# in each request and in case the user is using other strategies beside Devise ones. +# Deny user access whenever their account is not active yet. +# We need this as hook to validate the user activity on each request +# and in case the user is using other strategies beside Devise ones. Warden::Manager.after_set_user do |record, warden, options| if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication? scope = options[:scope] From 74f4442319fa556c4fe2d5997470e5e58b227218 Mon Sep 17 00:00:00 2001 From: Brian Underwood Date: Fri, 6 Jun 2014 08:35:42 -0700 Subject: [PATCH 0511/1473] User Model.to_adapter directly as suggested by @josevalim --- test/integration/registerable_test.rb | 30 +++++++++---------- .../users/omniauth_callbacks_controller.rb | 2 +- test/test_helper.rb | 3 -- 3 files changed, 16 insertions(+), 19 deletions(-) diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 06b7106e8e..4bfdf39cf5 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -17,7 +17,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert warden.authenticated?(:admin) assert_current_url "/admin_area/home" - admin = AdminAdapter.find_first(order: [:id, :desc]) + admin = Admin.to_adapter.find_first(order: [:id, :desc]) assert_equal admin.email, 'new_user@test.com' end @@ -56,7 +56,7 @@ def user_sign_up assert_not warden.authenticated?(:user) - user = UserAdapter.find_first(order: [:id, :desc]) + user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal user.email, 'new_user@test.com' assert_not user.confirmed? end @@ -103,7 +103,7 @@ def user_sign_up assert_contain Devise.rails4? ? "Password confirmation doesn't match Password" : "Password doesn't match confirmation" assert_contain "2 errors prohibited" - assert_nil UserAdapter.find_first + assert_nil User.to_adapter.find_first assert_not warden.authenticated?(:user) end @@ -151,7 +151,7 @@ def user_sign_up assert_current_url '/' assert_contain 'Your account has been updated successfully.' - assert_equal "user.new@example.com", UserAdapter.find_first.email + assert_equal "user.new@example.com", User.to_adapter.find_first.email end test 'a signed in user should still be able to use the website after changing their password' do @@ -180,7 +180,7 @@ def user_sign_up assert_contain 'user@test.com' assert_have_selector 'form input[value="user.new@example.com"]' - assert_equal "user@test.com", UserAdapter.find_first.email + assert_equal "user@test.com", User.to_adapter.find_first.email end test 'a signed in user should be able to edit their password' do @@ -195,7 +195,7 @@ def user_sign_up assert_current_url '/' assert_contain 'Your account has been updated successfully.' - assert UserAdapter.find_first.valid_password?('pass1234') + assert User.to_adapter.find_first.valid_password?('pass1234') end test 'a signed in user should not be able to edit their password with invalid confirmation' do @@ -209,7 +209,7 @@ def user_sign_up assert_contain Devise.rails4? ? "Password confirmation doesn't match Password" : "Password doesn't match confirmation" - assert_not UserAdapter.find_first.valid_password?('pas123') + assert_not User.to_adapter.find_first.valid_password?('pas123') end test 'a signed in user should be able to cancel their account' do @@ -219,7 +219,7 @@ def user_sign_up click_button "Cancel my account" assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon." - assert UserAdapter.find_all.empty? + assert User.to_adapter.find_all.empty? end test 'a user should be able to cancel sign up by deleting data in the session' do @@ -253,7 +253,7 @@ def user_sign_up assert_response :success assert response.body.include? %(\n) - admin = AdminAdapter.find_first(order: [:id, :desc]) + admin = Admin.to_adapter.find_first(order: [:id, :desc]) assert_equal admin.email, 'new_user@test.com' end @@ -262,7 +262,7 @@ def user_sign_up assert_response :success assert response.body.include? %(\n) - user = UserAdapter.find_first(order: [:id, :desc]) + user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal user.email, 'new_user@test.com' end @@ -290,7 +290,7 @@ def user_sign_up sign_in_as_user delete user_registration_path(format: 'xml') assert_response :success - assert_equal UserAdapter.find_all.size, 0 + assert_equal User.to_adapter.find_all.size, 0 end end @@ -305,7 +305,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest assert_current_url '/admin_area/home' assert_contain 'but we need to verify your new email address' - assert_equal 'admin.new@example.com', AdminAdapter.find_first.unconfirmed_email + assert_equal 'admin.new@example.com', Admin.to_adapter.find_first.unconfirmed_email get edit_admin_registration_path assert_contain 'Currently waiting confirmation for: admin.new@example.com' @@ -323,7 +323,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest assert_current_url '/admin_area/home' assert_contain 'Your account has been updated successfully.' - assert AdminAdapter.find_first.valid_password?('pas123') + assert Admin.to_adapter.find_first.valid_password?('pas123') end test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do @@ -343,7 +343,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest assert_current_url '/admin_area/home' assert_contain 'Your account has been updated successfully.' - assert_equal "admin.new@example.com", AdminAdapter.find_first.unconfirmed_email - assert AdminAdapter.find_first.valid_password?('pas123') + assert_equal "admin.new@example.com", Admin.to_adapter.find_first.unconfirmed_email + assert Admin.to_adapter.find_first.valid_password?('pas123') end end diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index 94ea9ff07e..f6474be2a2 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -6,7 +6,7 @@ def facebook end def sign_in_facebook - user = UserAdapter.find_first(email: 'user@test.com') + user = User.to_adapter.find_first(email: 'user@test.com') user.remember_me = true sign_in user render text: "" diff --git a/test/test_helper.rb b/test/test_helper.rb index 3c0a835393..6042044661 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -8,9 +8,6 @@ require "rails/test_help" require "orm/#{DEVISE_ORM}" -AdminAdapter = Admin.to_adapter unless Admin.is_a?(OrmAdapter::Base) -UserAdapter = User.to_adapter unless User.is_a?(OrmAdapter::Base) - I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) require 'mocha/setup' From cb48c9c40844367a4db74caf3eaaaaae74a5b6e0 Mon Sep 17 00:00:00 2001 From: Thomas Darde Date: Fri, 6 Jun 2014 18:39:06 +0200 Subject: [PATCH 0512/1473] Update README.md Add more description on the way I18n.locale has to be set in case of multi-locale app. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 6a9a2eb982..7be216123e 100644 --- a/README.md +++ b/README.md @@ -385,6 +385,8 @@ Take a look at our locale file to check all available messages. You may also be https://github.com/plataformatec/devise/wiki/I18n +Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController + ### Test helpers Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file: From 47ba796c26cf4f534ae17517260f059f2b1c7a4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rory=20O=E2=80=99Kane?= Date: Mon, 16 Jun 2014 13:43:55 -0400 Subject: [PATCH 0513/1473] Fix grammar and capitalization errors in README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7be216123e..53bc49d42b 100644 --- a/README.md +++ b/README.md @@ -110,9 +110,9 @@ The generator will install an initializer which describes ALL Devise's configura rails generate devise MODEL ``` -Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your `config/routes.rb` file to point to the Devise controller. +Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. Next, you’ll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your `config/routes.rb` file to point to the Devise controller. -Next, you need to set up the default url options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: +Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: ```ruby config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } From a0b97f5b5dbfadff6962805cfe51749e7a2cae38 Mon Sep 17 00:00:00 2001 From: Adam Niedzielski Date: Wed, 18 Jun 2014 16:03:39 +0200 Subject: [PATCH 0514/1473] Update README.md Remove reference to CanCan - it is no longer maintained --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 53bc49d42b..ba78f794c5 100644 --- a/README.md +++ b/README.md @@ -467,7 +467,7 @@ admin_session Alternatively, you can simply run the Devise generator. -Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using [CanCan](https://github.com/ryanb/cancan). +Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using a dedicated gem for authorization. ### Other ORMs From d0cb629f8134e54032eb3cc2e6d33211984e8541 Mon Sep 17 00:00:00 2001 From: Jared Koumentis Date: Thu, 19 Jun 2014 00:31:37 -0400 Subject: [PATCH 0515/1473] Make minor changes to readme grammar. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ba78f794c5..049f8380f9 100644 --- a/README.md +++ b/README.md @@ -415,11 +415,11 @@ sign_out :user # sign_out(scope) sign_out @user # sign_out(resource) ``` -There are two things that is important to keep in mind: +There are two things that are important to keep in mind: 1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session; -2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do: +2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do: ```ruby @request.env["devise.mapping"] = Devise.mappings[:user] From 9abee354f7ddad9ac9a97c41855d6c46db561c57 Mon Sep 17 00:00:00 2001 From: Chris Downey Date: Thu, 19 Jun 2014 15:03:19 -0400 Subject: [PATCH 0516/1473] Add migration setup detail to README --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 049f8380f9..76cc78cf8d 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,9 @@ The generator will install an initializer which describes ALL Devise's configura rails generate devise MODEL ``` -Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. Next, you’ll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your `config/routes.rb` file to point to the Devise controller. +Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. + +Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate` Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: From 89629e68c90c8358aa0f998f0437fcdb818b40f4 Mon Sep 17 00:00:00 2001 From: Grey Baker Date: Fri, 20 Jun 2014 14:31:15 +0100 Subject: [PATCH 0517/1473] Update Travis config to test on ruby 2.1.2 instead of 2.1.1 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index dc40146f19..1baa1c1c10 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ install: script/cached-bundle install --deployment --path vendor/bundle rvm: - 1.9.3 - 2.0.0 - - 2.1.1 + - 2.1.2 env: matrix: - DEVISE_ORM=mongoid From 8c7f6bd2aa523cdaeef687465a22c54b5154dbf1 Mon Sep 17 00:00:00 2001 From: John Bachir Date: Fri, 20 Jun 2014 18:01:35 -0400 Subject: [PATCH 0518/1473] changelog detail for expire_all_remember_me_on_sign_out explain that it's the configurability and not the functionality which is new --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 29a9444e61..901ecfde4c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,9 @@ * enhancements * Support multiple warden configuration blocks on devise configuration. (by @rossta) - * Add the `expire_all_remember_me_on_sign_out` configuration to invalidate - all the remember me tokens when the user signs out. (by @laurocaetano) + * Previously, when a user signed out, all remember me tokens for all sessions/browsers would be + invalidated, and this behavior could not be changed. This behavior is now configurable via + `expire_all_remember_me_on_sign_out`. The default continues to be true. (by @laurocaetano) * Default email messages was updated with grammar fixes, check the diff on #2906 for the updated copy (by @p-originate) * Allow a resource to be found based on its encrypted password token (by @karlentwistle) From 8df6980c9e10cbe4b4c7f39274792cb4fe07fc17 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 24 Jun 2014 10:06:45 -0300 Subject: [PATCH 0519/1473] Update `_prefixes` override to work with Rails 4.2 --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index f938034342..99ba99bb46 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -44,7 +44,7 @@ def devise_mapping # loaded before even having a request object. def _prefixes #:nodoc: @_prefixes ||= if self.class.scoped_views? && request && devise_mapping - super.unshift("#{devise_mapping.scoped_path}/#{controller_name}") + ["#{devise_mapping.scoped_path}/#{controller_name}"] + super else super end From 520dfe2eb496f7cf0dbaac9f8a7b3b1d2054c18e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 24 Jun 2014 10:22:26 -0300 Subject: [PATCH 0520/1473] Update the overall dependencies and test with mongoid 4.0.0 for now on. --- Gemfile | 4 +- Gemfile.lock | 47 +++++++++------------ gemfiles/Gemfile.rails-3.2-stable | 2 +- gemfiles/Gemfile.rails-3.2-stable.lock | 23 +++++------ gemfiles/Gemfile.rails-4.0-stable | 4 +- gemfiles/Gemfile.rails-4.0-stable.lock | 56 ++++++++++---------------- gemfiles/Gemfile.rails-head | 2 +- gemfiles/Gemfile.rails-head.lock | 52 +++++++++++------------- 8 files changed, 82 insertions(+), 108 deletions(-) diff --git a/Gemfile b/Gemfile index 85667cc88a..91b556455b 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.0.0", require: false + gem "mocha", "~> 1.1", require: false end platforms :jruby do @@ -25,5 +25,5 @@ platforms :ruby do end group :mongoid do - gem "mongoid", github: "mongoid/mongoid", branch: "master" + gem "mongoid", "~> 4.0.0" end diff --git a/Gemfile.lock b/Gemfile.lock index b90f743025..2b4c2138b4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,14 +1,3 @@ -GIT - remote: git://github.com/mongoid/mongoid.git - revision: 9be37a9266d8b703e8f549af7bb6977e7a3a8352 - branch: master - specs: - mongoid (4.0.0.beta1) - activemodel (>= 4.0.0) - moped (~> 2.0.beta6) - origin (~> 2.1) - tzinfo (>= 0.3.37) - PATH remote: . specs: @@ -50,39 +39,43 @@ GEM tzinfo (~> 1.1) arel (5.0.1.20140414130214) bcrypt (3.1.7) - bson (2.2.3) + bson (2.3.0) builder (3.2.2) connection_pool (2.0.0) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (2.1.1) + hashie (2.1.2) hike (1.2.3) i18n (0.6.9) json (1.8.1) - jwt (0.1.13) - multi_json (>= 1.5) + jwt (1.0.0) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) mini_portile (0.6.0) - minitest (5.3.3) - mocha (1.0.0) + minitest (5.3.5) + mocha (1.1.0) metaclass (~> 0.0.1) - moped (2.0.0.rc1) + mongoid (4.0.0) + activemodel (~> 4.0) + moped (~> 2.0.0) + origin (~> 2.1) + tzinfo (>= 0.3.37) + moped (2.0.0) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.10.0) + multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.2.1) mini_portile (= 0.6.0) - oauth2 (0.9.3) + oauth2 (0.9.4) faraday (>= 0.8, < 0.10) - jwt (~> 0.1.8) + jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) @@ -102,7 +95,7 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - polyglot (0.3.4) + polyglot (0.3.5) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) @@ -124,7 +117,7 @@ GEM activesupport (= 4.1.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.3.1) + rake (10.3.2) rdoc (4.1.1) json (~> 1.4) ruby-openid (2.5.0) @@ -139,12 +132,12 @@ GEM sprockets (~> 2.8) sqlite3 (1.3.9) thor (0.19.1) - thread_safe (0.3.3) + thread_safe (0.3.4) tilt (1.4.1) treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (1.1.0) + tzinfo (1.2.1) thread_safe (~> 0.1) warden (1.2.3) rack (>= 1.0) @@ -161,8 +154,8 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha (~> 1.0.0) - mongoid! + mocha (~> 1.1) + mongoid (~> 4.0.0) omniauth (~> 1.2.0) omniauth-facebook omniauth-oauth2 (~> 1.1.0) diff --git a/gemfiles/Gemfile.rails-3.2-stable b/gemfiles/Gemfile.rails-3.2-stable index efed60a8e6..99713e0daf 100644 --- a/gemfiles/Gemfile.rails-3.2-stable +++ b/gemfiles/Gemfile.rails-3.2-stable @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.0.0", require: false + gem "mocha", "~> 1.1", require: false end platforms :jruby do diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index 64f022a245..03b707cd83 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: c40df470556646a90a9070a077f19f8e520304f4 + revision: bc90ea63e9937d2eee3da7dce022bf4bed10e49a branch: 3-2-stable specs: actionmailer (3.2.18) @@ -65,20 +65,19 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (2.1.1) + hashie (2.1.2) hike (1.2.3) i18n (0.6.9) journey (1.0.4) json (1.8.1) - jwt (0.1.13) - multi_json (>= 1.5) + jwt (1.0.0) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) mini_portile (0.6.0) - mocha (1.0.0) + mocha (1.1.0) metaclass (~> 0.0.1) mongoid (3.1.6) activemodel (~> 3.2) @@ -86,14 +85,14 @@ GEM origin (~> 1.0) tzinfo (~> 0.3.29) moped (1.5.2) - multi_json (1.10.0) + multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.2.1) mini_portile (= 0.6.0) - oauth2 (0.9.3) + oauth2 (0.9.4) faraday (>= 0.8, < 0.10) - jwt (~> 0.1.8) + jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) @@ -112,7 +111,7 @@ GEM rack-openid (~> 1.3.1) origin (1.1.0) orm_adapter (0.5.0) - polyglot (0.3.4) + polyglot (0.3.5) rack (1.4.5) rack-cache (1.2) rack (>= 0.4) @@ -123,7 +122,7 @@ GEM rack rack-test (0.6.2) rack (>= 1.0) - rake (10.3.1) + rake (10.3.2) rdoc (3.12.2) json (~> 1.4) ruby-openid (2.5.0) @@ -134,7 +133,7 @@ GEM tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.9) thor (0.19.1) - thread_safe (0.3.3) + thread_safe (0.3.4) tilt (1.4.1) treetop (1.4.15) polyglot @@ -155,7 +154,7 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha (~> 1.0.0) + mocha (~> 1.1) mongoid (~> 3.0) omniauth (~> 1.2.0) omniauth-facebook diff --git a/gemfiles/Gemfile.rails-4.0-stable b/gemfiles/Gemfile.rails-4.0-stable index 3688a50ea6..66ab20d3b5 100644 --- a/gemfiles/Gemfile.rails-4.0-stable +++ b/gemfiles/Gemfile.rails-4.0-stable @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.0.0", require: false + gem "mocha", "~> 1.1", require: false end platforms :jruby do @@ -25,5 +25,5 @@ platforms :ruby do end group :mongoid do - gem "mongoid", github: "mongoid/mongoid", branch: "master" + gem "mongoid", "~> 4.0.0" end diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 4879603a08..45670c26ef 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,22 +1,11 @@ -GIT - remote: git://github.com/mongoid/mongoid.git - revision: 9be37a9266d8b703e8f549af7bb6977e7a3a8352 - branch: master - specs: - mongoid (4.0.0.beta1) - activemodel (>= 4.0.0) - moped (~> 2.0.beta6) - origin (~> 2.1) - tzinfo (>= 0.3.37) - GIT remote: git://github.com/rails/rails.git - revision: 11cfe1075baa9c42b945e424adcbb69c5c7ad67c + revision: 82139b987602bab87607cb96f333cd9fe1c0171f branch: 4-0-stable specs: actionmailer (4.0.5) actionpack (= 4.0.5) - mail (~> 2.5.4) + mail (~> 2.5, >= 2.5.4) actionpack (4.0.5) activesupport (= 4.0.5) builder (~> 3.1.0) @@ -67,39 +56,42 @@ GEM activerecord-deprecated_finders (1.0.3) arel (4.0.2) bcrypt (3.1.7) - bson (2.2.3) + bson (2.3.0) builder (3.1.4) connection_pool (2.0.0) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (2.1.1) + hashie (2.1.2) hike (1.2.3) i18n (0.6.9) json (1.8.1) - jwt (0.1.13) - multi_json (>= 1.5) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) + jwt (1.0.0) + mail (2.6.1) + mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (1.25.1) + mime-types (2.3) mini_portile (0.6.0) minitest (4.7.5) - mocha (1.0.0) + mocha (1.1.0) metaclass (~> 0.0.1) - moped (2.0.0.rc1) + mongoid (4.0.0) + activemodel (~> 4.0) + moped (~> 2.0.0) + origin (~> 2.1) + tzinfo (>= 0.3.37) + moped (2.0.0) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.10.0) + multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.2.1) mini_portile (= 0.6.0) - oauth2 (0.9.3) + oauth2 (0.9.4) faraday (>= 0.8, < 0.10) - jwt (~> 0.1.8) + jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) @@ -119,14 +111,13 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - polyglot (0.3.4) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rake (10.3.1) + rake (10.3.2) rdoc (4.1.1) json (~> 1.4) ruby-openid (2.5.0) @@ -141,11 +132,8 @@ GEM sprockets (~> 2.8) sqlite3 (1.3.9) thor (0.19.1) - thread_safe (0.3.3) + thread_safe (0.3.4) tilt (1.4.1) - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) tzinfo (0.3.39) warden (1.2.3) rack (>= 1.0) @@ -162,8 +150,8 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha (~> 1.0.0) - mongoid! + mocha (~> 1.1) + mongoid (~> 4.0.0) omniauth (~> 1.2.0) omniauth-facebook omniauth-oauth2 (~> 1.1.0) diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index d43c27ed83..c7cd64cb3b 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -12,7 +12,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.0.0", require: false + gem "mocha", "~> 1.1", require: false end platforms :jruby do diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index 1608b42a57..c62bc692c2 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -1,28 +1,28 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 9be37a9266d8b703e8f549af7bb6977e7a3a8352 + revision: 50b633c8baf2fa467e8c36b18a013a2cd50e0454 branch: master specs: - mongoid (4.0.0.beta1) - activemodel (>= 4.0.0) - moped (~> 2.0.beta6) + mongoid (4.0.0) + activemodel (~> 4.0) + moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) GIT remote: git://github.com/rails/arel.git - revision: 51d552c2cdcb749c2aaa96e982b5789b73f12f56 + revision: f50de54a6f0c59ab75526cfdb7896830130ffdf7 specs: arel (6.0.0.20140505020427) GIT remote: git://github.com/rails/rails.git - revision: 1961894d1254c71f816dad33ce0164fb88625479 + revision: 9ac1ce11ad9ec22157d2e542437c5c5cccaf58fe specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) actionview (= 4.2.0.alpha) - mail (~> 2.5.4) + mail (~> 2.5, >= 2.5.4) actionpack (4.2.0.alpha) actionview (= 4.2.0.alpha) activesupport (= 4.2.0.alpha) @@ -75,39 +75,37 @@ GEM remote: https://rubygems.org/ specs: bcrypt (3.1.7) - bson (2.2.3) + bson (2.3.0) builder (3.2.2) connection_pool (2.0.0) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (2.1.1) + hashie (2.1.2) hike (1.2.3) i18n (0.6.9) json (1.8.1) - jwt (0.1.13) - multi_json (>= 1.5) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) + jwt (1.0.0) + mail (2.6.1) + mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (1.25.1) + mime-types (2.3) mini_portile (0.6.0) - minitest (5.3.3) - mocha (1.0.0) + minitest (5.3.5) + mocha (1.1.0) metaclass (~> 0.0.1) - moped (2.0.0.rc1) + moped (2.0.0) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.10.0) + multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.2.1) mini_portile (= 0.6.0) - oauth2 (0.9.3) + oauth2 (0.9.4) faraday (>= 0.8, < 0.10) - jwt (~> 0.1.8) + jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) @@ -127,14 +125,13 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - polyglot (0.3.4) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rake (10.3.1) + rake (10.3.2) rdoc (4.1.1) json (~> 1.4) ruby-openid (2.5.0) @@ -149,12 +146,9 @@ GEM sprockets (~> 2.8) sqlite3 (1.3.9) thor (0.19.1) - thread_safe (0.3.3) + thread_safe (0.3.4) tilt (1.4.1) - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) - tzinfo (1.1.0) + tzinfo (1.2.1) thread_safe (~> 0.1) warden (1.2.3) rack (>= 1.0) @@ -172,7 +166,7 @@ DEPENDENCIES arel! devise! jruby-openssl - mocha (~> 1.0.0) + mocha (~> 1.1) mongoid! omniauth (~> 1.2.0) omniauth-facebook From 50679e1d93a13d3111b92a929ac1f62d65338e29 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 26 Jun 2014 20:17:16 -0300 Subject: [PATCH 0521/1473] Update Rails version across all the Gemfiles --- Gemfile.lock | 50 +++++++++++++------------- gemfiles/Gemfile.rails-3.2-stable.lock | 2 +- gemfiles/Gemfile.rails-4.0-stable.lock | 40 ++++++++++----------- gemfiles/Gemfile.rails-head.lock | 4 +-- 4 files changed, 48 insertions(+), 48 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2b4c2138b4..ad8493a796 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,27 +11,27 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.1.1) - actionpack (= 4.1.1) - actionview (= 4.1.1) + actionmailer (4.1.2) + actionpack (= 4.1.2) + actionview (= 4.1.2) mail (~> 2.5.4) - actionpack (4.1.1) - actionview (= 4.1.1) - activesupport (= 4.1.1) + actionpack (4.1.2) + actionview (= 4.1.2) + activesupport (= 4.1.2) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.1) - activesupport (= 4.1.1) + actionview (4.1.2) + activesupport (= 4.1.2) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.1) - activesupport (= 4.1.1) + activemodel (4.1.2) + activesupport (= 4.1.2) builder (~> 3.1) - activerecord (4.1.1) - activemodel (= 4.1.1) - activesupport (= 4.1.1) + activerecord (4.1.2) + activemodel (= 4.1.2) + activesupport (= 4.1.2) arel (~> 5.0.0) - activesupport (4.1.1) + activesupport (4.1.2) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -102,19 +102,19 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.1.1) - actionmailer (= 4.1.1) - actionpack (= 4.1.1) - actionview (= 4.1.1) - activemodel (= 4.1.1) - activerecord (= 4.1.1) - activesupport (= 4.1.1) + rails (4.1.2) + actionmailer (= 4.1.2) + actionpack (= 4.1.2) + actionview (= 4.1.2) + activemodel (= 4.1.2) + activerecord (= 4.1.2) + activesupport (= 4.1.2) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.1) + railties (= 4.1.2) sprockets-rails (~> 2.0) - railties (4.1.1) - actionpack (= 4.1.1) - activesupport (= 4.1.1) + railties (4.1.2) + actionpack (= 4.1.2) + activesupport (= 4.1.2) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.3.2) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index 03b707cd83..de83bfa1d2 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: bc90ea63e9937d2eee3da7dce022bf4bed10e49a + revision: 297bff7f8f01fbda2a6bacaed4afb3d060292b9f branch: 3-2-stable specs: actionmailer (3.2.18) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 45670c26ef..17f3c44fe7 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,42 +1,42 @@ GIT remote: git://github.com/rails/rails.git - revision: 82139b987602bab87607cb96f333cd9fe1c0171f + revision: 3be7f294cdbe44501eb2090241652b852fa23bdb branch: 4-0-stable specs: - actionmailer (4.0.5) - actionpack (= 4.0.5) + actionmailer (4.0.6) + actionpack (= 4.0.6) mail (~> 2.5, >= 2.5.4) - actionpack (4.0.5) - activesupport (= 4.0.5) + actionpack (4.0.6) + activesupport (= 4.0.6) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.5) - activesupport (= 4.0.5) + activemodel (4.0.6) + activesupport (= 4.0.6) builder (~> 3.1.0) - activerecord (4.0.5) - activemodel (= 4.0.5) + activerecord (4.0.6) + activemodel (= 4.0.6) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.5) + activesupport (= 4.0.6) arel (~> 4.0.0) - activesupport (4.0.5) + activesupport (4.0.6) i18n (~> 0.6, >= 0.6.9) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) - rails (4.0.5) - actionmailer (= 4.0.5) - actionpack (= 4.0.5) - activerecord (= 4.0.5) - activesupport (= 4.0.5) + rails (4.0.6) + actionmailer (= 4.0.6) + actionpack (= 4.0.6) + activerecord (= 4.0.6) + activesupport (= 4.0.6) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.5) + railties (= 4.0.6) sprockets-rails (~> 2.0) - railties (4.0.5) - actionpack (= 4.0.5) - activesupport (= 4.0.5) + railties (4.0.6) + actionpack (= 4.0.6) + activesupport (= 4.0.6) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index c62bc692c2..bdfd80db0d 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -11,13 +11,13 @@ GIT GIT remote: git://github.com/rails/arel.git - revision: f50de54a6f0c59ab75526cfdb7896830130ffdf7 + revision: ebbd786945c12f65062ef5b4809b4f13643e3c52 specs: arel (6.0.0.20140505020427) GIT remote: git://github.com/rails/rails.git - revision: 9ac1ce11ad9ec22157d2e542437c5c5cccaf58fe + revision: d04763f43c905375d20213b020d258bab959bd51 specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) From 9a5783ade3e55e441396a055cea63701655eff01 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 3 Jul 2014 11:50:46 -0300 Subject: [PATCH 0522/1473] Update Rails dependency across all lockfiles --- Gemfile.lock | 50 +++++++++++++------------- gemfiles/Gemfile.rails-3.2-stable.lock | 50 +++++++++++++------------- gemfiles/Gemfile.rails-4.0-stable.lock | 40 ++++++++++----------- gemfiles/Gemfile.rails-head.lock | 6 ++-- 4 files changed, 73 insertions(+), 73 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ad8493a796..eed64cdcf6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,27 +11,27 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.1.2) - actionpack (= 4.1.2) - actionview (= 4.1.2) + actionmailer (4.1.4) + actionpack (= 4.1.4) + actionview (= 4.1.4) mail (~> 2.5.4) - actionpack (4.1.2) - actionview (= 4.1.2) - activesupport (= 4.1.2) + actionpack (4.1.4) + actionview (= 4.1.4) + activesupport (= 4.1.4) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.2) - activesupport (= 4.1.2) + actionview (4.1.4) + activesupport (= 4.1.4) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.2) - activesupport (= 4.1.2) + activemodel (4.1.4) + activesupport (= 4.1.4) builder (~> 3.1) - activerecord (4.1.2) - activemodel (= 4.1.2) - activesupport (= 4.1.2) + activerecord (4.1.4) + activemodel (= 4.1.4) + activesupport (= 4.1.4) arel (~> 5.0.0) - activesupport (4.1.2) + activesupport (4.1.4) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -102,19 +102,19 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.1.2) - actionmailer (= 4.1.2) - actionpack (= 4.1.2) - actionview (= 4.1.2) - activemodel (= 4.1.2) - activerecord (= 4.1.2) - activesupport (= 4.1.2) + rails (4.1.4) + actionmailer (= 4.1.4) + actionpack (= 4.1.4) + actionview (= 4.1.4) + activemodel (= 4.1.4) + activerecord (= 4.1.4) + activesupport (= 4.1.4) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.2) + railties (= 4.1.4) sprockets-rails (~> 2.0) - railties (4.1.2) - actionpack (= 4.1.2) - activesupport (= 4.1.2) + railties (4.1.4) + actionpack (= 4.1.4) + activesupport (= 4.1.4) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.3.2) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index de83bfa1d2..f856c86020 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -1,14 +1,14 @@ GIT remote: git://github.com/rails/rails.git - revision: 297bff7f8f01fbda2a6bacaed4afb3d060292b9f + revision: c43f20a4048ff2b245f8f163c2f9642f56c697a0 branch: 3-2-stable specs: - actionmailer (3.2.18) - actionpack (= 3.2.18) + actionmailer (3.2.19) + actionpack (= 3.2.19) mail (~> 2.5.4) - actionpack (3.2.18) - activemodel (= 3.2.18) - activesupport (= 3.2.18) + actionpack (3.2.19) + activemodel (= 3.2.19) + activesupport (= 3.2.19) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) @@ -16,31 +16,31 @@ GIT rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) - activemodel (3.2.18) - activesupport (= 3.2.18) + activemodel (3.2.19) + activesupport (= 3.2.19) builder (~> 3.0.0) - activerecord (3.2.18) - activemodel (= 3.2.18) - activesupport (= 3.2.18) + activerecord (3.2.19) + activemodel (= 3.2.19) + activesupport (= 3.2.19) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.18) - activemodel (= 3.2.18) - activesupport (= 3.2.18) - activesupport (3.2.18) + activeresource (3.2.19) + activemodel (= 3.2.19) + activesupport (= 3.2.19) + activesupport (3.2.19) i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) - rails (3.2.18) - actionmailer (= 3.2.18) - actionpack (= 3.2.18) - activerecord (= 3.2.18) - activeresource (= 3.2.18) - activesupport (= 3.2.18) + rails (3.2.19) + actionmailer (= 3.2.19) + actionpack (= 3.2.19) + activerecord (= 3.2.19) + activeresource (= 3.2.19) + activesupport (= 3.2.19) bundler (~> 1.0) - railties (= 3.2.18) - railties (3.2.18) - actionpack (= 3.2.18) - activesupport (= 3.2.18) + railties (= 3.2.19) + railties (3.2.19) + actionpack (= 3.2.19) + activesupport (= 3.2.19) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 17f3c44fe7..99f522c30d 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,42 +1,42 @@ GIT remote: git://github.com/rails/rails.git - revision: 3be7f294cdbe44501eb2090241652b852fa23bdb + revision: 3f233ae42d8d7c2453216d9f531c5bd896bb8647 branch: 4-0-stable specs: - actionmailer (4.0.6) - actionpack (= 4.0.6) + actionmailer (4.0.8) + actionpack (= 4.0.8) mail (~> 2.5, >= 2.5.4) - actionpack (4.0.6) - activesupport (= 4.0.6) + actionpack (4.0.8) + activesupport (= 4.0.8) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.6) - activesupport (= 4.0.6) + activemodel (4.0.8) + activesupport (= 4.0.8) builder (~> 3.1.0) - activerecord (4.0.6) - activemodel (= 4.0.6) + activerecord (4.0.8) + activemodel (= 4.0.8) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.6) + activesupport (= 4.0.8) arel (~> 4.0.0) - activesupport (4.0.6) + activesupport (4.0.8) i18n (~> 0.6, >= 0.6.9) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) - rails (4.0.6) - actionmailer (= 4.0.6) - actionpack (= 4.0.6) - activerecord (= 4.0.6) - activesupport (= 4.0.6) + rails (4.0.8) + actionmailer (= 4.0.8) + actionpack (= 4.0.8) + activerecord (= 4.0.8) + activesupport (= 4.0.8) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.6) + railties (= 4.0.8) sprockets-rails (~> 2.0) - railties (4.0.6) - actionpack (= 4.0.6) - activesupport (= 4.0.6) + railties (4.0.8) + actionpack (= 4.0.8) + activesupport (= 4.0.8) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index bdfd80db0d..d2d29a333a 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 50b633c8baf2fa467e8c36b18a013a2cd50e0454 + revision: e01daa73623520716d62b7513bda10e978e0d583 branch: master specs: mongoid (4.0.0) @@ -11,13 +11,13 @@ GIT GIT remote: git://github.com/rails/arel.git - revision: ebbd786945c12f65062ef5b4809b4f13643e3c52 + revision: 66cee768bc163537087037a583f60639eae49fc3 specs: arel (6.0.0.20140505020427) GIT remote: git://github.com/rails/rails.git - revision: d04763f43c905375d20213b020d258bab959bd51 + revision: 03c9c0e2fa83e4ccaefb3b06970b9c3efe170be5 specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) From 9938a5e933b7eafa4dd2c94af1dbd57e4a65325f Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 6 Jul 2014 16:35:51 +0300 Subject: [PATCH 0523/1473] add documentation about `skip: :all` option to `devise_for` method --- lib/devise/rails/routes.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 7f974e5279..e9c089e2d4 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -129,7 +129,8 @@ class Mapper # # devise_for :users, module: "users" # - # * skip: tell which controller you want to skip routes from being created: + # * skip: tell which controller you want to skip routes from being created. + # It accepts :all as an option, meaning it will not generate any route at all: # # devise_for :users, skip: :sessions # From 2e8aecdac24e5cc531dd6d3b59f67e71a008bd2a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 10 Jul 2014 08:12:29 -0300 Subject: [PATCH 0524/1473] Create an anonymous class to test the failure app No need to have a named class inside the test. --- test/test_helpers_test.rb | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index f2db748559..997ba8e891 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -146,25 +146,21 @@ def redirect assert_match /User ##{second_user.id}/, @response.body end - - test "passes given headers from the failure app to the response" do - + test "passes given headers from the failure app to the response" do begin old_failure_app = Devise.warden_config[:failure_app] - class CustomTestFailureApp < Devise::FailureApp + Devise.warden_config[:failure_app] = Class.new(Devise::FailureApp) do def respond self.status = 401 self.response.headers["CUSTOMHEADER"] = 1 end end - Devise.warden_config[:failure_app] = CustomTestFailureApp - user = create_user - sign_in user + + sign_in create_user get :index assert_equal 1, @response.headers["CUSTOMHEADER"] ensure Devise.warden_config[:failure_app] = old_failure_app end end - end From 57d7a75b658a193be4cb611a9068d436e1856b9e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 10 Jul 2014 08:48:37 -0300 Subject: [PATCH 0525/1473] Use Devise's swap mechanism in failure app test Also refactor tests to remove the custom failure app class only used once in favor of an inline class for the specific test, makes it easier to follow what's going on. --- test/test_helpers_test.rb | 47 ++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index 997ba8e891..fd1a202893 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -4,12 +4,6 @@ class TestHelpersTest < ActionController::TestCase tests UsersController include Devise::TestHelpers - class CustomFailureApp < Devise::FailureApp - def redirect - self.status = 306 - end - end - test "redirects if attempting to access a page unauthenticated" do get :index assert_redirected_to new_user_session_path @@ -72,12 +66,33 @@ def redirect end test "respects custom failure app" do - swap Devise.warden_config, failure_app: CustomFailureApp do + custom_failure_app = Class.new(Devise::FailureApp) do + def redirect + self.status = 306 + end + end + + swap Devise.warden_config, failure_app: custom_failure_app do get :index assert_response 306 end end + test "passes given headers from the failure app to the response" do + custom_failure_app = Class.new(Devise::FailureApp) do + def respond + self.status = 401 + self.response.headers["CUSTOMHEADER"] = 1 + end + end + + swap Devise.warden_config, failure_app: custom_failure_app do + sign_in create_user + get :index + assert_equal 1, @response.headers["CUSTOMHEADER"] + end + end + test "returns the body of a failure app" do get :index assert_equal response.body, "You are being redirected." @@ -145,22 +160,4 @@ def redirect get :index assert_match /User ##{second_user.id}/, @response.body end - - test "passes given headers from the failure app to the response" do - begin - old_failure_app = Devise.warden_config[:failure_app] - Devise.warden_config[:failure_app] = Class.new(Devise::FailureApp) do - def respond - self.status = 401 - self.response.headers["CUSTOMHEADER"] = 1 - end - end - - sign_in create_user - get :index - assert_equal 1, @response.headers["CUSTOMHEADER"] - ensure - Devise.warden_config[:failure_app] = old_failure_app - end - end end From da01235a20ebc352847d361a333a1f9262ed909b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 10 Jul 2014 08:26:40 -0300 Subject: [PATCH 0526/1473] Fix test that checks for proper configuration of omniauth callback Previously the test was raising an ArgumentError by mistake: ArgumentError: wrong number of arguments (0 for 1) actionpack (4.1.4) lib/action_dispatch/routing/route_set.rb:328:in `eval_block'` The #eval_block method expects a proc/lambda argument that can be instance_exec'ed, not a real block. In the Rails implementation the block is passed to #draw, which calls #eval_block internally passing the block along, but as a Proc argument and not as a block. Also the error we were raising from #devise_for was a RuntimeError, changed to the expected ArgumentError. Adding an assertion on top of the expected message should ensure we won't have this issue again. This was introduced in 29da146c07fc4601f23fc610c916a630da4553b4, related to #2802. --- lib/devise/rails/routes.rb | 11 +++++------ test/routes_test.rb | 7 ++++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index e9c089e2d4..8b4589bc8e 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -129,7 +129,7 @@ class Mapper # # devise_for :users, module: "users" # - # * skip: tell which controller you want to skip routes from being created. + # * skip: tell which controller you want to skip routes from being created. # It accepts :all as an option, meaning it will not generate any route at all: # # devise_for :users, skip: :sessions @@ -227,7 +227,7 @@ def devise_for(*resources) raise_no_devise_method_error!(mapping.class_name) unless mapping.to.respond_to?(:devise) rescue NameError => e raise unless mapping.class_name == resource.to_s.classify - warn "[WARNING] You provided devise_for #{resource.inspect} but there is " << + warn "[WARNING] You provided devise_for #{resource.inspect} but there is " \ "no model #{mapping.class_name} defined in your application" next rescue NoMethodError => e @@ -237,13 +237,12 @@ def devise_for(*resources) if options[:controllers] && options[:controllers][:omniauth_callbacks] unless mapping.omniauthable? - msg = "Mapping omniauth_callbacks on a resource that is not omniauthable\n" - msg << "Please add `devise :omniauthable` to the `#{mapping.class_name}` model" - raise msg + raise ArgumentError, "Mapping omniauth_callbacks on a resource that is not omniauthable\n" \ + "Please add `devise :omniauthable` to the `#{mapping.class_name}` model" end end - routes = mapping.used_routes + routes = mapping.used_routes devise_scope mapping.name do with_devise_exclusive_scope mapping.fullpath, mapping.name, options do diff --git a/test/routes_test.rb b/test/routes_test.rb index 33cd63c716..cc93c717e6 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -241,11 +241,12 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'checks if mapping has proper configuration for omniauth callback' do - assert_raise ArgumentError do - @routes.dup.eval_block do + e = assert_raise ArgumentError do + @routes.dup.eval_block -> { devise_for :admin, controllers: {omniauth_callbacks: "users/omniauth_callbacks"} - end + } end + assert_match "Mapping omniauth_callbacks on a resource that is not omniauthable", e.message end end From f1d57d7791bb7173d2208f1a30c91e8183be6a11 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 10 Jul 2014 08:58:21 -0300 Subject: [PATCH 0527/1473] Use a different mapping name for testing the omniauth callback failure This leaks into Devise mappings overriding the existing :admin one, so depending on the test seed it fails like this: $ TESTOPTS="--seed=9972" rake ==> Devise.orm = :active_record Run options: --seed=9972 ... 1) Failure: MappingTest#test_allows_path_to_be_given [./test/mapping_test.rb:31]: Expected: "admin_area" Actual: "admin" Using a different name should avoid any test randomization issues. --- test/routes_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/routes_test.rb b/test/routes_test.rb index cc93c717e6..4fa34644f0 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -243,7 +243,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'checks if mapping has proper configuration for omniauth callback' do e = assert_raise ArgumentError do @routes.dup.eval_block -> { - devise_for :admin, controllers: {omniauth_callbacks: "users/omniauth_callbacks"} + devise_for :not_omniauthable, class_name: 'Admin', controllers: {omniauth_callbacks: "users/omniauth_callbacks"} } end assert_match "Mapping omniauth_callbacks on a resource that is not omniauthable", e.message From 1d803dd23bdbba8b912c0c15a4755444b0b50e80 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 10 Jul 2014 16:56:06 -0300 Subject: [PATCH 0528/1473] Get rid of extra module for group helpers Just use the existing ClassMethods module which is properly extended with AS::Concern. --- lib/devise/controllers/helpers.rb | 120 ++++++++++++++---------------- 1 file changed, 57 insertions(+), 63 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index ebc8a5b62d..f040a579fe 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -6,73 +6,11 @@ module Helpers include Devise::Controllers::SignInOut include Devise::Controllers::StoreLocation - included do |base| + included do helper_method :warden, :signed_in?, :devise_controller? - - base.class_eval do - extend GroupHelpers - end end module ClassMethods - def log_process_action(payload) - payload[:status] ||= 401 unless payload[:exception] - super - end - end - - # Define authentication filters and accessor helpers based on mappings. - # These filters should be used inside the controllers as before_filters, - # so you can control the scope of the user who should be signed in to - # access that specific controller/action. - # Example: - # - # Roles: - # User - # Admin - # - # Generated methods: - # authenticate_user! # Signs user in or redirect - # authenticate_admin! # Signs admin in or redirect - # user_signed_in? # Checks whether there is a user signed in or not - # admin_signed_in? # Checks whether there is an admin signed in or not - # current_user # Current signed in user - # current_admin # Current signed in admin - # user_session # Session data available only to the user scope - # admin_session # Session data available only to the admin scope - # - # Use: - # before_filter :authenticate_user! # Tell devise to use :user map - # before_filter :authenticate_admin! # Tell devise to use :admin map - # - def self.define_helpers(mapping) #:nodoc: - mapping = mapping.name - - class_eval <<-METHODS, __FILE__, __LINE__ + 1 - def authenticate_#{mapping}!(opts={}) - opts[:scope] = :#{mapping} - warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) - end - - def #{mapping}_signed_in? - !!current_#{mapping} - end - - def current_#{mapping} - @current_#{mapping} ||= warden.authenticate(scope: :#{mapping}) - end - - def #{mapping}_session - current_#{mapping} && warden.session(:#{mapping}) - end - METHODS - - ActiveSupport.on_load(:action_controller) do - helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session" - end - end - - module GroupHelpers # Define authentication filters and accessor helpers for a group of mappings. # These methods are useful when you are working with multiple mappings that # share some functionality. They are pretty much the same as the ones @@ -137,6 +75,62 @@ def current_#{group_name.to_s.pluralize} helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?" METHODS end + + def log_process_action(payload) + payload[:status] ||= 401 unless payload[:exception] + super + end + end + + # Define authentication filters and accessor helpers based on mappings. + # These filters should be used inside the controllers as before_filters, + # so you can control the scope of the user who should be signed in to + # access that specific controller/action. + # Example: + # + # Roles: + # User + # Admin + # + # Generated methods: + # authenticate_user! # Signs user in or redirect + # authenticate_admin! # Signs admin in or redirect + # user_signed_in? # Checks whether there is a user signed in or not + # admin_signed_in? # Checks whether there is an admin signed in or not + # current_user # Current signed in user + # current_admin # Current signed in admin + # user_session # Session data available only to the user scope + # admin_session # Session data available only to the admin scope + # + # Use: + # before_filter :authenticate_user! # Tell devise to use :user map + # before_filter :authenticate_admin! # Tell devise to use :admin map + # + def self.define_helpers(mapping) #:nodoc: + mapping = mapping.name + + class_eval <<-METHODS, __FILE__, __LINE__ + 1 + def authenticate_#{mapping}!(opts={}) + opts[:scope] = :#{mapping} + warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) + end + + def #{mapping}_signed_in? + !!current_#{mapping} + end + + def current_#{mapping} + @current_#{mapping} ||= warden.authenticate(scope: :#{mapping}) + end + + def #{mapping}_session + current_#{mapping} && warden.session(:#{mapping}) + end + METHODS + + ActiveSupport.on_load(:action_controller) do + helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session" + end end # The main accessor for the warden proxy instance From b64f165154ec2a741eb8f5406960ac8a28b97f7f Mon Sep 17 00:00:00 2001 From: James Herdman Date: Fri, 11 Jul 2014 15:06:56 -0400 Subject: [PATCH 0529/1473] Silence Warning Regarding Use of Splat I was seeing the following in my console: ``` /home/vagrant/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/devise-3.2.4/app/controllers/devise_controller.rb:9: warning: `*' interpreted as argument prefix /home/vagrant/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/devise-3.2.4/app/controllers/devise_controller.rb:10: warning: `*' interpreted as argument prefix ``` This change silences this warning. --- app/controllers/devise_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 99ba99bb46..7cdd0f7e0d 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -6,8 +6,8 @@ class DeviseController < Devise.parent_controller.constantize helpers = %w(resource scope_name resource_name signed_in_resource resource_class resource_params devise_mapping) - hide_action *helpers - helper_method *helpers + hide_action(*helpers) + helper_method(*helpers) prepend_before_filter :assert_is_devise_resource! respond_to :html if mimes_for_respond_to.empty? From 8a4fd044364166a15103756a7443f287304bc553 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 29 Jul 2014 15:58:15 -0300 Subject: [PATCH 0530/1473] Update dependencies --- Gemfile.lock | 12 ++++----- gemfiles/Gemfile.rails-3.2-stable.lock | 12 ++++----- gemfiles/Gemfile.rails-4.0-stable.lock | 14 +++++------ gemfiles/Gemfile.rails-head | 2 ++ gemfiles/Gemfile.rails-head.lock | 34 +++++++++++++++++--------- 5 files changed, 44 insertions(+), 30 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index eed64cdcf6..fc75cfbcde 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -45,9 +45,9 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (2.1.2) + hashie (3.2.0) hike (1.2.3) - i18n (0.6.9) + i18n (0.6.11) json (1.8.1) jwt (1.0.0) mail (2.5.4) @@ -56,7 +56,7 @@ GEM metaclass (0.0.4) mime-types (1.25.1) mini_portile (0.6.0) - minitest (5.3.5) + minitest (5.4.0) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.0) @@ -71,7 +71,7 @@ GEM multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.2.1) + nokogiri (1.6.3.1) mini_portile (= 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -79,8 +79,8 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) - omniauth (1.2.1) - hashie (>= 1.2, < 3) + omniauth (1.2.2) + hashie (>= 1.2, < 4) rack (~> 1.0) omniauth-facebook (1.6.0) omniauth-oauth2 (~> 1.1) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index f856c86020..11167fbe8d 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -65,9 +65,9 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (2.1.2) + hashie (3.2.0) hike (1.2.3) - i18n (0.6.9) + i18n (0.6.11) journey (1.0.4) json (1.8.1) jwt (1.0.0) @@ -88,7 +88,7 @@ GEM multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.2.1) + nokogiri (1.6.3.1) mini_portile (= 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -96,8 +96,8 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) - omniauth (1.2.1) - hashie (>= 1.2, < 3) + omniauth (1.2.2) + hashie (>= 1.2, < 4) rack (~> 1.0) omniauth-facebook (1.6.0) omniauth-oauth2 (~> 1.1) @@ -138,7 +138,7 @@ GEM treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.39) + tzinfo (0.3.40) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 99f522c30d..cb343c5d51 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: 3f233ae42d8d7c2453216d9f531c5bd896bb8647 + revision: cb5d8892bb3d5aae89030eba052e9af0182843e7 branch: 4-0-stable specs: actionmailer (4.0.8) @@ -62,9 +62,9 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (2.1.2) + hashie (3.2.0) hike (1.2.3) - i18n (0.6.9) + i18n (0.6.11) json (1.8.1) jwt (1.0.0) mail (2.6.1) @@ -87,7 +87,7 @@ GEM multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.2.1) + nokogiri (1.6.3.1) mini_portile (= 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -95,8 +95,8 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) - omniauth (1.2.1) - hashie (>= 1.2, < 3) + omniauth (1.2.2) + hashie (>= 1.2, < 4) rack (~> 1.0) omniauth-facebook (1.6.0) omniauth-oauth2 (~> 1.1) @@ -134,7 +134,7 @@ GEM thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) - tzinfo (0.3.39) + tzinfo (0.3.40) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index c7cd64cb3b..e1dfa07ab1 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -4,6 +4,8 @@ gemspec path: '..' gem "rails", github: "rails/rails" gem "arel", github: "rails/arel" +gem "rack", github: "rack/rack" +gem "i18n", github: "svenfuchs/i18n" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index d2d29a333a..e8a0bebf20 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: e01daa73623520716d62b7513bda10e978e0d583 + revision: a2586f039fe6c0a1b11ad3bbcf62a7b9f488e960 branch: master specs: mongoid (4.0.0) @@ -9,6 +9,12 @@ GIT origin (~> 2.1) tzinfo (>= 0.3.37) +GIT + remote: git://github.com/rack/rack.git + revision: 5a9ffeb77c613e3611262f1182284f1d7df393a8 + specs: + rack (1.6.0.alpha) + GIT remote: git://github.com/rails/arel.git revision: 66cee768bc163537087037a583f60639eae49fc3 @@ -17,7 +23,7 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 03c9c0e2fa83e4ccaefb3b06970b9c3efe170be5 + revision: 0088b08dcaf16176c8f9364d1d786f0c3728d369 specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) @@ -26,7 +32,7 @@ GIT actionpack (4.2.0.alpha) actionview (= 4.2.0.alpha) activesupport (= 4.2.0.alpha) - rack (~> 1.5.2) + rack (~> 1.6.0.alpha) rack-test (~> 0.6.2) actionview (4.2.0.alpha) activesupport (= 4.2.0.alpha) @@ -40,7 +46,7 @@ GIT activesupport (= 4.2.0.alpha) arel (~> 6.0.0) activesupport (4.2.0.alpha) - i18n (~> 0.6, >= 0.6.9) + i18n (>= 0.7.0.dev, < 0.8) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) @@ -61,6 +67,12 @@ GIT rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) +GIT + remote: git://github.com/svenfuchs/i18n.git + revision: cb679b8cdbab675703a3f88de4d48a48f7b50e06 + specs: + i18n (0.7.0.dev) + PATH remote: .. specs: @@ -81,9 +93,8 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (2.1.2) + hashie (3.2.0) hike (1.2.3) - i18n (0.6.9) json (1.8.1) jwt (1.0.0) mail (2.6.1) @@ -91,7 +102,7 @@ GEM metaclass (0.0.4) mime-types (2.3) mini_portile (0.6.0) - minitest (5.3.5) + minitest (5.4.0) mocha (1.1.0) metaclass (~> 0.0.1) moped (2.0.0) @@ -101,7 +112,7 @@ GEM multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.2.1) + nokogiri (1.6.3.1) mini_portile (= 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -109,8 +120,8 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (~> 1.2) - omniauth (1.2.1) - hashie (>= 1.2, < 3) + omniauth (1.2.2) + hashie (>= 1.2, < 4) rack (~> 1.0) omniauth-facebook (1.6.0) omniauth-oauth2 (~> 1.1) @@ -125,7 +136,6 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -165,6 +175,7 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter arel! devise! + i18n! jruby-openssl mocha (~> 1.1) mongoid! @@ -172,6 +183,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) + rack! rails! rdoc sqlite3 From 3cd6e650ef5de3c85590ca9338c17381d0db4c3d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 29 Jul 2014 18:22:42 -0300 Subject: [PATCH 0531/1473] 'eval_block' shouldn't be used since it is a private API. This method was made private on Rails master @ https://github.com/rails/rails/commit/d2d33769030b3a560bdbc9c33e7c189274a0dc3a --- test/routes_test.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/routes_test.rb b/test/routes_test.rb index 4fa34644f0..d3b3765c4d 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -242,9 +242,10 @@ class CustomizedRoutingTest < ActionController::TestCase test 'checks if mapping has proper configuration for omniauth callback' do e = assert_raise ArgumentError do - @routes.dup.eval_block -> { + routes = ActionDispatch::Routing::RouteSet.new + routes.draw do devise_for :not_omniauthable, class_name: 'Admin', controllers: {omniauth_callbacks: "users/omniauth_callbacks"} - } + end end assert_match "Mapping omniauth_callbacks on a resource that is not omniauthable", e.message end From 447b7030f856a3e1e9a08f3cc038977587420b9c Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 29 Jul 2014 18:27:34 -0300 Subject: [PATCH 0532/1473] Work around I18n recent failures. --- test/helpers/devise_helper_test.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/helpers/devise_helper_test.rb b/test/helpers/devise_helper_test.rb index 540e7a3ac9..9d39b61fa8 100644 --- a/test/helpers/devise_helper_test.rb +++ b/test/helpers/devise_helper_test.rb @@ -3,7 +3,9 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest setup do model_labels = { models: { user: "utilisateur" } } - + # TODO: Remove this hack that fixes the I18n performance safeguards that + # breaks the custom locale. + I18n.available_locales += [:fr] I18n.backend.store_translations :fr, { errors: { messages: { not_saved: { @@ -48,4 +50,3 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 2 erreurs" end end - From c38accd648edbfef084d0a458e4664e9864391e1 Mon Sep 17 00:00:00 2001 From: alexsoble Date: Mon, 4 Aug 2014 15:53:40 -0400 Subject: [PATCH 0533/1473] Tell new signups about minimum password length in registrations/new.html.erb --- app/controllers/devise/registrations_controller.rb | 1 + app/views/devise/registrations/new.html.erb | 2 +- test/integration/registerable_test.rb | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 7c2f18a442..101fc2703a 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -4,6 +4,7 @@ class Devise::RegistrationsController < DeviseController # GET /resource/sign_up def new + @minimum_password_length = Devise.password_length.min build_resource({}) respond_with self.resource end diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 234de913ad..6eceaffec2 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -6,7 +6,7 @@
<%= f.label :email %>
<%= f.email_field :email, autofocus: true %>
-
<%= f.label :password %>
+
<%= f.label :password %> (<%= @minimum_password_length %> characters minimum)
<%= f.password_field :password, autocomplete: "off" %>
<%= f.label :password_confirmation %>
diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 4bfdf39cf5..155702ccc3 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -8,6 +8,8 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_template 'registrations/new' + assert_contain "#{Devise.password_length.min} characters minimum" + fill_in 'email', with: 'new_user@test.com' fill_in 'password', with: 'new_user123' fill_in 'password confirmation', with: 'new_user123' From e65c26e1e7318361aeda92e10997f5d738b648f3 Mon Sep 17 00:00:00 2001 From: alexsoble Date: Tue, 5 Aug 2014 10:22:47 -0400 Subject: [PATCH 0534/1473] Only display password length warning if validatable module is included --- app/controllers/devise/registrations_controller.rb | 3 ++- app/views/devise/registrations/new.html.erb | 2 +- test/integration/registerable_test.rb | 2 -- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 101fc2703a..1ae5af8721 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -4,8 +4,9 @@ class Devise::RegistrationsController < DeviseController # GET /resource/sign_up def new - @minimum_password_length = Devise.password_length.min build_resource({}) + @validatable = Devise.mappings[resource_name].modules.include?(:validatable) + @minimum_password_length = Devise.password_length.min respond_with self.resource end diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 6eceaffec2..41830424c0 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -6,7 +6,7 @@
<%= f.label :email %>
<%= f.email_field :email, autofocus: true %>
-
<%= f.label :password %> (<%= @minimum_password_length %> characters minimum)
+
<%= f.label :password %> <% if @validatable %>(<%= @minimum_password_length %> characters minimum)<% end %>
<%= f.password_field :password, autocomplete: "off" %>
<%= f.label :password_confirmation %>
diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 155702ccc3..4bfdf39cf5 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -8,8 +8,6 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_template 'registrations/new' - assert_contain "#{Devise.password_length.min} characters minimum" - fill_in 'email', with: 'new_user@test.com' fill_in 'password', with: 'new_user123' fill_in 'password confirmation', with: 'new_user123' From eb9db7ba3a552ed410b20f1040e167569838b068 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 5 Aug 2014 14:53:51 -0300 Subject: [PATCH 0535/1473] Coerce time objects serialized as Strings before doing the timeoutable comparisons. The comparison only fails on Ruby 1.9.3, when we need to parse it properly back to a Time instance. Related to #2930. --- lib/devise/hooks/timeoutable.rb | 2 ++ test/integration/timeoutable_test.rb | 7 +++++++ test/rails_app/app/controllers/users_controller.rb | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index 79dc1f32ad..b9373cbdef 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -12,6 +12,8 @@ if last_request_at.is_a? Integer last_request_at = Time.at(last_request_at).utc + elsif last_request_at.is_a? String + last_request_at = Time.parse(last_request_at) end proxy = Devise::Hooks::Proxy.new(warden) diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index f8981ef783..71a6fdb24c 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -179,4 +179,11 @@ def last_request_at assert_response :success assert warden.authenticated?(:user) end + + test 'does not crashes when the last_request_at is a String' do + user = sign_in_as_user + + get edit_form_user_path(user, last_request_at: Time.now.utc.to_s) + get users_path + end end diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index 839e194ec0..c1ae874d37 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -9,7 +9,7 @@ def index end def edit_form - user_session['last_request_at'] = 31.minutes.ago.utc + user_session['last_request_at'] = params.fetch(:last_request_at, 31.minutes.ago.utc) end def update_form From 039b75ba8338e29f05798603614177b06929cb38 Mon Sep 17 00:00:00 2001 From: alexsoble Date: Wed, 6 Aug 2014 11:04:46 -0400 Subject: [PATCH 0536/1473] Incorporated edits from @lucasmazza, wrote integration tests for password reminder feature --- app/controllers/devise/registrations_controller.rb | 6 ++++-- test/controllers/passwords_controller_test.rb | 2 +- test/integration/registerable_test.rb | 11 +++++++++++ test/models/authenticatable_test.rb | 2 +- test/models/validatable_test.rb | 4 ++-- test/rails_app/lib/shared_user.rb | 2 +- 6 files changed, 20 insertions(+), 7 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 1ae5af8721..fabe66f8f7 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -5,8 +5,10 @@ class Devise::RegistrationsController < DeviseController # GET /resource/sign_up def new build_resource({}) - @validatable = Devise.mappings[resource_name].modules.include?(:validatable) - @minimum_password_length = Devise.password_length.min + @validatable = devise_mapping.validatable? + if @validatable + @minimum_password_length = resource_class.password_length.min + end respond_with self.resource end diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index 3d4c0f2062..3c225cbf5d 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -12,7 +12,7 @@ class PasswordsControllerTest < ActionController::TestCase def put_update_with_params put :update, "user" => { - "reset_password_token" => @raw, "password" => "123456", "password_confirmation" => "123456" + "reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567" } end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 4bfdf39cf5..3e58076db6 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -36,6 +36,12 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_current_url "/?custom=1" end + test 'a guest admin should not see a warning about minimum password length' do + get new_admin_session_path + assert_not_contain 'characters minimum' + end + + def user_sign_up ActionMailer::Base.deliveries.clear @@ -47,6 +53,11 @@ def user_sign_up click_button 'Sign up' end + test 'a guest user should see a warning about minimum password length' do + get new_user_registration_path + assert_contain '7 characters minimum' + end + test 'a guest user should be able to sign up successfully and be blocked by confirmation' do user_sign_up diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index f57d1bdf26..3d791d44a1 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -6,7 +6,7 @@ class AuthenticatableTest < ActiveSupport::TestCase end test 'find_first_by_auth_conditions allows custom filtering parameters' do - user = User.create!(email: "example@example.com", password: "123456") + user = User.create!(email: "example@example.com", password: "1234567") assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next) end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index c73b438970..c8dc6877f2 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -86,10 +86,10 @@ class ValidatableTest < ActiveSupport::TestCase end end - test 'should require a password with minimum of 6 characters' do + test 'should require a password with minimum of 7 characters' do user = new_user(password: '12345', password_confirmation: '12345') assert user.invalid? - assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join + assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join end test 'should require a password with maximum of 128 characters long' do diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index 511c23cad1..adb0e33351 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -4,7 +4,7 @@ module SharedUser included do devise :database_authenticatable, :confirmable, :lockable, :recoverable, :registerable, :rememberable, :timeoutable, - :trackable, :validatable, :omniauthable + :trackable, :validatable, :omniauthable, password_length: 7..128 attr_accessor :other_key From 086b77ae6d9156489cb1bd8e862370fb491d5c56 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 6 Aug 2014 13:23:52 -0300 Subject: [PATCH 0537/1473] Update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 901ecfde4c..a858118af1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * Default email messages was updated with grammar fixes, check the diff on #2906 for the updated copy (by @p-originate) * Allow a resource to be found based on its encrypted password token (by @karlentwistle) + * Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz) * bug fix * Check if there is a signed in user before executing the `SessionsController#destroy`. From 880146668b91e94b51f016ae2a56aeeb8bef24ba Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 6 Aug 2014 13:24:10 -0300 Subject: [PATCH 0538/1473] Update devise_group documentation --- lib/devise/controllers/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index f040a579fe..2b68df9576 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -19,7 +19,7 @@ module ClassMethods # Example: # # inside BlogsController (or any other controller, it doesn't matter which): - # devise_helpers_for :blogger, contains: [:user, :admin] + # devise_group :blogger, contains: [:user, :admin] # # Generated methods: # authenticate_blogger! # Redirects unless user or admin are signed in From 876644168bbb73dec7e0e8e9ae7ce09e62f4a128 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 6 Aug 2014 13:24:29 -0300 Subject: [PATCH 0539/1473] remove intermediate Array manipulation --- lib/devise/controllers/helpers.rb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 2b68df9576..803f7a46f1 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -65,11 +65,9 @@ def current_#{group_name}(favourite=nil) end def current_#{group_name.to_s.pluralize} - records = [] - #{mappings}.each do |mapping| - records << warden.authenticate(scope: mapping) - end - records.compact + #{mappings}.map do |mapping| + warden.authenticate(scope: mapping) + end.compact end helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?" From 6f75fc7a14237a488dbbf4866cf788cfb407e2c0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 6 Aug 2014 13:27:58 -0300 Subject: [PATCH 0540/1473] Do not mutate the receiving arguments --- lib/devise/controllers/helpers.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 803f7a46f1..b3f43d0480 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -33,8 +33,7 @@ module ClassMethods # current_blogger :user # Preferably returns a User if one is signed in # def devise_group(group_name, opts={}) - opts[:contains].map! { |m| ":#{m}" } - mappings = "[#{ opts[:contains].join(',') }]" + mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]" class_eval <<-METHODS, __FILE__, __LINE__ + 1 def authenticate_#{group_name}!(favourite=nil, opts={}) From 42c35236326a218e37d2a9ff2ab69c4bd93371fe Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 6 Aug 2014 13:40:26 -0300 Subject: [PATCH 0541/1473] Update Rails git dependencies --- gemfiles/Gemfile.rails-3.2-stable.lock | 2 +- gemfiles/Gemfile.rails-4.0-stable.lock | 2 +- gemfiles/Gemfile.rails-head.lock | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index 11167fbe8d..67aa87e9e3 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: c43f20a4048ff2b245f8f163c2f9642f56c697a0 + revision: 11fd052aa815ae0255ea5b2463e88138fb3fec61 branch: 3-2-stable specs: actionmailer (3.2.19) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index cb343c5d51..d33d92a082 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: cb5d8892bb3d5aae89030eba052e9af0182843e7 + revision: 6d95e04c6968fb7597ea5dbd08b31f271fb87c9c branch: 4-0-stable specs: actionmailer (4.0.8) diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index e8a0bebf20..a4a913c45a 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: a2586f039fe6c0a1b11ad3bbcf62a7b9f488e960 + revision: 8cb17e9839973b76295cf87189e91a5ffcc03ab0 branch: master specs: mongoid (4.0.0) @@ -11,7 +11,7 @@ GIT GIT remote: git://github.com/rack/rack.git - revision: 5a9ffeb77c613e3611262f1182284f1d7df393a8 + revision: 92811eec6e86cb4dba52b3969c4dd66e639df158 specs: rack (1.6.0.alpha) @@ -23,7 +23,7 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 0088b08dcaf16176c8f9364d1d786f0c3728d369 + revision: d5be08347fb7ff758572775ec93247a3ca886004 specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) From 67d8dd1e948b363523bb567417965b4c1cf4ed02 Mon Sep 17 00:00:00 2001 From: alexsoble Date: Wed, 6 Aug 2014 13:32:02 -0400 Subject: [PATCH 0542/1473] Replace 'Sign in' with 'Log in' in views, update tests --- app/views/devise/sessions/new.html.erb | 4 ++-- app/views/devise/shared/_links.erb | 2 +- test/failure_app_test.rb | 6 +++--- test/integration/authenticatable_test.rb | 2 +- test/integration/lockable_test.rb | 4 ++-- test/support/integration.rb | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index f151ac1da4..f24d7dfde7 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,4 +1,4 @@ -

Sign in

+

Log in

<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<%= f.label :email %>
@@ -11,7 +11,7 @@
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
<% end -%> -
<%= f.submit "Sign in" %>
+
<%= f.submit "Log in" %>
<% end %> <%= render "devise/shared/links" %> diff --git a/app/views/devise/shared/_links.erb b/app/views/devise/shared/_links.erb index d84bdde999..cd795adb68 100644 --- a/app/views/devise/shared/_links.erb +++ b/app/views/devise/shared/_links.erb @@ -1,5 +1,5 @@ <%- if controller_name != 'sessions' %> - <%= link_to "Sign in", new_session_path(resource_name) %>
+ <%= link_to "Log in", new_session_path(resource_name) %>
<% end -%> <%- if devise_mapping.registerable? && controller_name != 'registrations' %> diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 432c88a068..8fb8588aaa 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -239,7 +239,7 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Sign in

') + assert @response.third.body.include?('

Log in

') assert @response.third.body.include?('Invalid email or password.') end @@ -250,7 +250,7 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Sign in

') + assert @response.third.body.include?('

Log in

') assert @response.third.body.include?('You have to confirm your email address before continuing.') end @@ -261,7 +261,7 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Sign in

') + assert @response.third.body.include?('

Log in

') assert @response.third.body.include?('Your account is not activated yet.') end end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index c98c9d0e62..91449fddd9 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -448,7 +448,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'uses the custom controller with the custom controller view' do get '/admin_area/sign_in' - assert_contain 'Sign in' + assert_contain 'Log in' assert_contain 'Welcome to "admins/sessions" controller!' assert_contain 'Welcome to "sessions/new" view!' end diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 813135e61c..0c8c4a79cf 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -225,11 +225,11 @@ def send_unlock_request visit new_user_session_path fill_in 'email', with: user.email fill_in 'password', with: "abadpassword" - click_button 'Sign in' + click_button 'Log in' fill_in 'email', with: user.email fill_in 'password', with: "abadpassword" - click_button 'Sign in' + click_button 'Log in' assert_current_url "/users/sign_in" assert_not_contain "locked" diff --git a/test/support/integration.rb b/test/support/integration.rb index 245b0e4256..39111d52e3 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -40,7 +40,7 @@ def sign_in_as_user(options={}, &block) fill_in 'password', with: options[:password] || '12345678' check 'remember me' if options[:remember_me] == true yield if block_given? - click_button 'Sign In' + click_button 'Log In' user end @@ -50,7 +50,7 @@ def sign_in_as_admin(options={}, &block) fill_in 'email', with: 'admin@test.com' fill_in 'password', with: '123456' yield if block_given? - click_button 'Sign In' + click_button 'Log In' admin end From de2a24b3d37631caaf2c95d58cbf9cd6e659071e Mon Sep 17 00:00:00 2001 From: alexsoble Date: Thu, 7 Aug 2014 11:33:03 -0400 Subject: [PATCH 0543/1473] Update routes to match 'sign up'/'log in', incorporate feedback from @carlosantoniodasilva --- .../devise/registrations_controller.rb | 4 +++ lib/devise/rails/routes.rb | 6 ++-- test/failure_app_test.rb | 28 +++++++-------- test/integration/authenticatable_test.rb | 2 +- test/integration/confirmable_test.rb | 16 ++++----- test/integration/lockable_test.rb | 12 +++---- test/integration/omniauthable_test.rb | 20 +++++------ test/integration/recoverable_test.rb | 12 +++---- test/integration/registerable_test.rb | 5 --- test/integration/timeoutable_test.rb | 6 ++-- test/mapping_test.rb | 8 ++--- test/rails_app/config/routes.rb | 4 +-- test/routes_test.rb | 34 +++++++++---------- test/test_helpers_test.rb | 2 +- 14 files changed, 79 insertions(+), 80 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index fabe66f8f7..f8f82b0d11 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -30,6 +30,10 @@ def create end else clean_up_passwords resource + @validatable = devise_mapping.validatable? + if @validatable + @minimum_password_length = resource_class.password_length.min + end respond_with resource end end diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 8b4589bc8e..13395e5ef2 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -357,9 +357,9 @@ def devise_scope(scope) def devise_session(mapping, controllers) #:nodoc: resource :session, only: [], controller: controllers[:sessions], path: "" do - get :new, path: mapping.path_names[:sign_in], as: "new" - post :create, path: mapping.path_names[:sign_in] - match :destroy, path: mapping.path_names[:sign_out], as: "destroy", via: mapping.sign_out_via + get :new, path: mapping.path_names[:log_in], as: "new" + post :create, path: mapping.path_names[:log_in] + match :destroy, path: mapping.path_names[:log_out], as: "destroy", via: mapping.sign_out_via end end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 8fb8588aaa..cc0faeda32 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -51,20 +51,20 @@ def call_failure(env_params={}) call_failure assert_equal 302, @response.first assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] - assert_equal 'http://test.host/users/sign_in', @response.second['Location'] + assert_equal 'http://test.host/users/log_in', @response.second['Location'] end test 'returns to the default redirect location considering subdomain' do call_failure('warden.options' => { scope: :subdomain_user }) assert_equal 302, @response.first assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] - assert_equal 'http://sub.test.host/subdomain_users/sign_in', @response.second['Location'] + assert_equal 'http://sub.test.host/subdomain_users/log_in', @response.second['Location'] end test 'returns to the default redirect location for wildcard requests' do call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*' assert_equal 302, @response.first - assert_equal 'http://test.host/users/sign_in', @response.second['Location'] + assert_equal 'http://test.host/users/log_in', @response.second['Location'] end test 'returns to the root path if no session path is available' do @@ -90,7 +90,7 @@ def call_failure(env_params={}) swap Rails.application.config, relative_url_root: "/sample" do call_failure assert_equal 302, @response.first - assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location'] + assert_equal 'http://test.host/sample/users/log_in', @response.second['Location'] end end @@ -98,7 +98,7 @@ def call_failure(env_params={}) swap Rails.application.config, relative_url_root: "/sample" do call_failure('warden.options' => { scope: :subdomain_user }) assert_equal 302, @response.first - assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location'] + assert_equal 'http://sub.test.host/sample/subdomain_users/log_in', @response.second['Location'] end end end @@ -106,7 +106,7 @@ def call_failure(env_params={}) test 'uses the proxy failure message as symbol' do call_failure('warden' => OpenStruct.new(message: :invalid)) assert_equal 'Invalid email or password.', @request.flash[:alert] - assert_equal 'http://test.host/users/sign_in', @response.second["Location"] + assert_equal 'http://test.host/users/log_in', @response.second["Location"] end test 'uses custom i18n options' do @@ -117,7 +117,7 @@ def call_failure(env_params={}) test 'uses the proxy failure message as string' do call_failure('warden' => OpenStruct.new(message: 'Hello world')) assert_equal 'Hello world', @request.flash[:alert] - assert_equal 'http://test.host/users/sign_in', @response.second["Location"] + assert_equal 'http://test.host/users/log_in', @response.second["Location"] end test 'set content type to default text/html' do @@ -129,7 +129,7 @@ def call_failure(env_params={}) call_failure assert_match(/You are being/, @response.last.body) assert_match(/redirected/, @response.last.body) - assert_match(/users\/sign_in/, @response.last.body) + assert_match(/users\/log_in/, @response.last.body) end test 'works for any navigational format' do @@ -142,7 +142,7 @@ def call_failure(env_params={}) test 'redirects the correct format if it is a non-html format request' do swap Devise, navigational_formats: [:js] do call_failure('formats' => Mime::JS) - assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"] + assert_equal 'http://test.host/users/log_in.js', @response.second["Location"] end end end @@ -200,7 +200,7 @@ def call_failure(env_params={}) swap Devise, http_authenticatable_on_xhr: false do call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first - assert_equal 'http://test.host/users/sign_in', @response.second["Location"] + assert_equal 'http://test.host/users/log_in', @response.second["Location"] end end @@ -208,7 +208,7 @@ def call_failure(env_params={}) swap Devise, http_authenticatable_on_xhr: false do call_failure('formats' => Mime::JSON, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first - assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"] + assert_equal 'http://test.host/users/log_in.json', @response.second["Location"] end end end @@ -234,7 +234,7 @@ def call_failure(env_params={}) context 'With recall' do test 'calls the original controller if invalid email or password' do env = { - "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/log_in" }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } @@ -245,7 +245,7 @@ def call_failure(env_params={}) test 'calls the original controller if not confirmed email' do env = { - "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :unconfirmed }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/log_in", message: :unconfirmed }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } @@ -256,7 +256,7 @@ def call_failure(env_params={}) test 'calls the original controller if inactive account' do env = { - "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :inactive }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/log_in", message: :inactive }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 91449fddd9..9c8d80295f 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -447,7 +447,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest end test 'uses the custom controller with the custom controller view' do - get '/admin_area/sign_in' + get '/admin_area/log_in' assert_contain 'Log in' assert_contain 'Welcome to "admins/sessions" controller!' assert_contain 'Welcome to "sessions/new" view!' diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index d04b00c98a..15755cf07e 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -20,7 +20,7 @@ def resend_confirmation test 'user should be able to request a new confirmation' do resend_confirmation - assert_current_url '/users/sign_in' + assert_current_url '/users/log_in' assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes' assert_equal 1, ActionMailer::Base.deliveries.size assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from @@ -88,7 +88,7 @@ def resend_confirmation visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' - assert_current_url '/users/sign_in' + assert_current_url '/users/log_in' assert user.reload.confirmed? end end @@ -170,7 +170,7 @@ def resend_confirmation user = create_user(confirm: false) visit_user_confirmation_with_token(user.raw_confirmation_token) - assert_current_url '/users/sign_in' + assert_current_url '/users/log_in' end test 'error message is configurable by resource name' do @@ -228,7 +228,7 @@ def resend_confirmation click_button 'Resend confirmation instructions' assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" end end @@ -244,7 +244,7 @@ def resend_confirmation assert_not_contain "Email not found" assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" end end end @@ -271,7 +271,7 @@ def visit_admin_confirmation_with_token(confirmation_token) click_button 'Resend confirmation instructions' end - assert_current_url '/admin_area/sign_in' + assert_current_url '/admin_area/log_in' assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes' end @@ -282,7 +282,7 @@ def visit_admin_confirmation_with_token(confirmation_token) visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' - assert_current_url '/admin_area/sign_in' + assert_current_url '/admin_area/log_in' assert admin.reload.confirmed? assert_not admin.reload.pending_reconfirmation? end @@ -304,7 +304,7 @@ def visit_admin_confirmation_with_token(confirmation_token) visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' - assert_current_url '/admin_area/sign_in' + assert_current_url '/admin_area/log_in' assert admin.reload.confirmed? assert_not admin.reload.pending_reconfirmation? end diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 0c8c4a79cf..6e911e127d 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -54,7 +54,7 @@ def send_unlock_request end test 'unlocked pages should not be available if email strategy is disabled' do - visit "/admin_area/sign_in" + visit "/admin_area/log_in" assert_raise Webrat::NotFoundError do click_link "Didn't receive unlock instructions?" @@ -83,7 +83,7 @@ def send_unlock_request raw = user.lock_access! visit_user_unlock_with_token(raw) - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" assert_contain 'Your account has been unlocked successfully. Please sign in to continue.' assert_not user.reload.access_locked? end @@ -181,7 +181,7 @@ def send_unlock_request fill_in 'email', with: user.email click_button 'Resend unlock instructions' - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." end end @@ -196,7 +196,7 @@ def send_unlock_request fill_in 'email', with: user.email click_button 'Resend unlock instructions' - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." end end @@ -211,7 +211,7 @@ def send_unlock_request assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "Email not found" - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." @@ -231,7 +231,7 @@ def send_unlock_request fill_in 'password', with: "abadpassword" click_button 'Log in' - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" assert_not_contain "locked" end end diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index f131d15572..afbb1342ab 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -39,7 +39,7 @@ def stub_action!(name) end test "can access omniauth.auth in the env hash" do - visit "/users/sign_in" + visit "/users/log_in" click_link "Sign in with Facebook" json = ActiveSupport::JSON.decode(response.body) @@ -53,7 +53,7 @@ def stub_action!(name) test "cleans up session on sign up" do assert_no_difference "User.count" do - visit "/users/sign_in" + visit "/users/log_in" click_link "Sign in with Facebook" end @@ -74,7 +74,7 @@ def stub_action!(name) test "cleans up session on cancel" do assert_no_difference "User.count" do - visit "/users/sign_in" + visit "/users/log_in" click_link "Sign in with Facebook" end @@ -85,7 +85,7 @@ def stub_action!(name) test "cleans up session on sign in" do assert_no_difference "User.count" do - visit "/users/sign_in" + visit "/users/log_in" click_link "Sign in with Facebook" end @@ -95,13 +95,13 @@ def stub_action!(name) end test "sign in and send remember token if configured" do - visit "/users/sign_in" + visit "/users/log_in" click_link "Sign in with Facebook" assert_nil warden.cookies["remember_user_token"] stub_action!(:sign_in_facebook) do create_user - visit "/users/sign_in" + visit "/users/log_in" click_link "Sign in with Facebook" assert warden.authenticated?(:user) assert warden.cookies["remember_user_token"] @@ -110,24 +110,24 @@ def stub_action!(name) test "generates a proper link when SCRIPT_NAME is set" do header 'SCRIPT_NAME', '/q' - visit "/users/sign_in" + visit "/users/log_in" assert_select "a", href: "/q/users/auth/facebook" end test "handles callback error parameter according to the specification" do OmniAuth.config.mock_auth[:facebook] = :access_denied visit "/users/auth/facebook/callback?error=access_denied" - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" assert_contain 'Could not authenticate you from Facebook because "Access denied".' end test "handles other exceptions from omniauth" do OmniAuth.config.mock_auth[:facebook] = :invalid_credentials - visit "/users/sign_in" + visit "/users/log_in" click_link "Sign in with Facebook" - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" assert_contain 'Could not authenticate you from Facebook because "Invalid credentials".' end end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 004748eff7..2cc0e872df 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -38,7 +38,7 @@ def reset_password(options={}, &block) fill_in 'email', with: 'foo@bar.com' end - assert_current_url '/users/sign_in' + assert_current_url '/users/log_in' assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end @@ -77,7 +77,7 @@ def reset_password(options={}, &block) fill_in 'email', with: ' foo@bar.com ' end - assert_current_url '/users/sign_in' + assert_current_url '/users/log_in' assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end @@ -110,7 +110,7 @@ def reset_password(options={}, &block) create_user request_forgot_password - assert_current_url '/users/sign_in' + assert_current_url '/users/log_in' assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end @@ -136,7 +136,7 @@ def reset_password(options={}, &block) test 'not authenticated user without a reset password token should not be able to visit the page' do get edit_user_password_path assert_response :redirect - assert_redirected_to "/users/sign_in" + assert_redirected_to "/users/log_in" end test 'not authenticated user with invalid reset password token should not be able to change their password' do @@ -303,7 +303,7 @@ def reset_password(options={}, &block) assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "Email not found" assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" end end @@ -315,7 +315,7 @@ def reset_password(options={}, &block) click_button 'Send me reset password instructions' assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." - assert_current_url "/users/sign_in" + assert_current_url "/users/log_in" end end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 3e58076db6..eee9e74c06 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -36,11 +36,6 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_current_url "/?custom=1" end - test 'a guest admin should not see a warning about minimum password length' do - get new_admin_session_path - assert_not_contain 'characters minimum' - end - def user_sign_up ActionMailer::Base.deliveries.clear diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index f8981ef783..43580549d0 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -90,8 +90,8 @@ def last_request_at get expire_user_path(user) assert warden.authenticated?(:user) - get "/users/sign_in" - assert_redirected_to "/users/sign_in" + get "/users/log_in" + assert_redirected_to "/users/log_in" follow_redirect! assert_response :success @@ -103,7 +103,7 @@ def last_request_at user = sign_in_as_user get expire_user_path(user) - post "/users/sign_in", email: user.email, password: "123456" + post "/users/log_in", email: user.email, password: "123456" assert_response :redirect follow_redirect! diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 2ec97e197f..123dcc4b76 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -78,8 +78,8 @@ def fake_request(path, params={}) test 'return default path names' do mapping = Devise.mappings[:user] - assert_equal 'sign_in', mapping.path_names[:sign_in] - assert_equal 'sign_out', mapping.path_names[:sign_out] + assert_equal 'log_in', mapping.path_names[:log_in] + assert_equal 'log_out', mapping.path_names[:log_out] assert_equal 'password', mapping.path_names[:password] assert_equal 'confirmation', mapping.path_names[:confirmation] assert_equal 'sign_up', mapping.path_names[:sign_up] @@ -88,8 +88,8 @@ def fake_request(path, params={}) test 'allow custom path names to be given' do mapping = Devise.mappings[:manager] - assert_equal 'login', mapping.path_names[:sign_in] - assert_equal 'logout', mapping.path_names[:sign_out] + assert_equal 'login', mapping.path_names[:log_in] + assert_equal 'logout', mapping.path_names[:log_out] assert_equal 'secret', mapping.path_names[:password] assert_equal 'verification', mapping.path_names[:confirmation] assert_equal 'register', mapping.path_names[:sign_up] diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 7438114b7d..26bafa313b 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -94,13 +94,13 @@ end namespace :publisher, path_names: { sign_in: "i_dont_care", sign_out: "get_out" } do - devise_for :accounts, class_name: "Admin", path_names: { sign_in: "get_in" } + devise_for :accounts, class_name: "Admin", path_names: { log_in: "get_in" } end scope ":locale", module: :invalid do devise_for :accounts, singular: "manager", class_name: "Admin", path_names: { - sign_in: "login", sign_out: "logout", + log_in: "login", log_out: "logout", password: "secret", confirmation: "verification", unlock: "unblock", sign_up: "register", registration: "management", diff --git a/test/routes_test.rb b/test/routes_test.rb index d3b3765c4d..948d2c6989 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -4,18 +4,18 @@ class DefaultRoutingTest < ActionController::TestCase test 'map new user session' do - assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: 'users/sign_in', method: :get}) - assert_named_route "/users/sign_in", :new_user_session_path + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: 'users/log_in', method: :get}) + assert_named_route "/users/log_in", :new_user_session_path end test 'map create user session' do - assert_recognizes({controller: 'devise/sessions', action: 'create'}, {path: 'users/sign_in', method: :post}) - assert_named_route "/users/sign_in", :user_session_path + assert_recognizes({controller: 'devise/sessions', action: 'create'}, {path: 'users/log_in', method: :post}) + assert_named_route "/users/log_in", :user_session_path end test 'map destroy user session' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/sign_out', method: :get}) - assert_named_route "/users/sign_out", :destroy_user_session_path + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/log_out', method: :get}) + assert_named_route "/users/log_out", :destroy_user_session_path end test 'map new user confirmation' do @@ -121,7 +121,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'map admin with :controllers option' do - assert_recognizes({controller: 'admins/sessions', action: 'new'}, {path: 'admin_area/sign_in', method: :get}) + assert_recognizes({controller: 'admins/sessions', action: 'new'}, {path: 'admin_area/log_in', method: :get}) end test 'does not map admin password' do @@ -131,7 +131,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'subdomain admin' do - assert_recognizes({"host"=>"sub.example.com", controller: 'devise/sessions', action: 'new'}, {host: "sub.example.com", path: '/sub_admin/sign_in', method: :get}) + assert_recognizes({"host"=>"sub.example.com", controller: 'devise/sessions', action: 'new'}, {host: "sub.example.com", path: '/sub_admin/log_in', method: :get}) end test 'does only map reader password' do @@ -166,24 +166,24 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'map deletes with :sign_out_via option' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/sign_out', method: :delete}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/log_out', method: :delete}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/sign_out', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/log_out', method: :get}) end end test 'map posts with :sign_out_via option' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/sign_out', method: :post}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/log_out', method: :post}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/sign_out', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/log_out', method: :get}) end end test 'map delete_or_posts with :sign_out_via option' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :post}) - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :delete}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/log_out', method: :post}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/log_out', method: :delete}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/log_out', method: :get}) end end @@ -202,9 +202,9 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'map with format false for sessions' do - assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/log_in', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in.xml', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/log_in.xml', method: :get}) end end diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index fd1a202893..36fc988466 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -95,7 +95,7 @@ def respond test "returns the body of a failure app" do get :index - assert_equal response.body, "You are being redirected." + assert_equal response.body, "You are being redirected." end test "defined Warden after_authentication callback should not be called when sign_in is called" do From fe015f5a54bb1d91fc10d1e419a9fca7806369d6 Mon Sep 17 00:00:00 2001 From: alexsoble Date: Sun, 10 Aug 2014 12:13:35 -0400 Subject: [PATCH 0544/1473] Revert "Update routes to match 'sign up'/'log in', incorporate feedback from @carlosantoniodasilva" This reverts commit de2a24b3d37631caaf2c95d58cbf9cd6e659071e. --- .../devise/registrations_controller.rb | 4 --- lib/devise/rails/routes.rb | 6 ++-- test/failure_app_test.rb | 28 +++++++-------- test/integration/authenticatable_test.rb | 2 +- test/integration/confirmable_test.rb | 16 ++++----- test/integration/lockable_test.rb | 12 +++---- test/integration/omniauthable_test.rb | 20 +++++------ test/integration/recoverable_test.rb | 12 +++---- test/integration/registerable_test.rb | 5 +++ test/integration/timeoutable_test.rb | 6 ++-- test/mapping_test.rb | 8 ++--- test/rails_app/config/routes.rb | 4 +-- test/routes_test.rb | 34 +++++++++---------- test/test_helpers_test.rb | 2 +- 14 files changed, 80 insertions(+), 79 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index f8f82b0d11..fabe66f8f7 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -30,10 +30,6 @@ def create end else clean_up_passwords resource - @validatable = devise_mapping.validatable? - if @validatable - @minimum_password_length = resource_class.password_length.min - end respond_with resource end end diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 13395e5ef2..8b4589bc8e 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -357,9 +357,9 @@ def devise_scope(scope) def devise_session(mapping, controllers) #:nodoc: resource :session, only: [], controller: controllers[:sessions], path: "" do - get :new, path: mapping.path_names[:log_in], as: "new" - post :create, path: mapping.path_names[:log_in] - match :destroy, path: mapping.path_names[:log_out], as: "destroy", via: mapping.sign_out_via + get :new, path: mapping.path_names[:sign_in], as: "new" + post :create, path: mapping.path_names[:sign_in] + match :destroy, path: mapping.path_names[:sign_out], as: "destroy", via: mapping.sign_out_via end end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index cc0faeda32..8fb8588aaa 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -51,20 +51,20 @@ def call_failure(env_params={}) call_failure assert_equal 302, @response.first assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] - assert_equal 'http://test.host/users/log_in', @response.second['Location'] + assert_equal 'http://test.host/users/sign_in', @response.second['Location'] end test 'returns to the default redirect location considering subdomain' do call_failure('warden.options' => { scope: :subdomain_user }) assert_equal 302, @response.first assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] - assert_equal 'http://sub.test.host/subdomain_users/log_in', @response.second['Location'] + assert_equal 'http://sub.test.host/subdomain_users/sign_in', @response.second['Location'] end test 'returns to the default redirect location for wildcard requests' do call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*' assert_equal 302, @response.first - assert_equal 'http://test.host/users/log_in', @response.second['Location'] + assert_equal 'http://test.host/users/sign_in', @response.second['Location'] end test 'returns to the root path if no session path is available' do @@ -90,7 +90,7 @@ def call_failure(env_params={}) swap Rails.application.config, relative_url_root: "/sample" do call_failure assert_equal 302, @response.first - assert_equal 'http://test.host/sample/users/log_in', @response.second['Location'] + assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location'] end end @@ -98,7 +98,7 @@ def call_failure(env_params={}) swap Rails.application.config, relative_url_root: "/sample" do call_failure('warden.options' => { scope: :subdomain_user }) assert_equal 302, @response.first - assert_equal 'http://sub.test.host/sample/subdomain_users/log_in', @response.second['Location'] + assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location'] end end end @@ -106,7 +106,7 @@ def call_failure(env_params={}) test 'uses the proxy failure message as symbol' do call_failure('warden' => OpenStruct.new(message: :invalid)) assert_equal 'Invalid email or password.', @request.flash[:alert] - assert_equal 'http://test.host/users/log_in', @response.second["Location"] + assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'uses custom i18n options' do @@ -117,7 +117,7 @@ def call_failure(env_params={}) test 'uses the proxy failure message as string' do call_failure('warden' => OpenStruct.new(message: 'Hello world')) assert_equal 'Hello world', @request.flash[:alert] - assert_equal 'http://test.host/users/log_in', @response.second["Location"] + assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'set content type to default text/html' do @@ -129,7 +129,7 @@ def call_failure(env_params={}) call_failure assert_match(/You are being/, @response.last.body) assert_match(/redirected/, @response.last.body) - assert_match(/users\/log_in/, @response.last.body) + assert_match(/users\/sign_in/, @response.last.body) end test 'works for any navigational format' do @@ -142,7 +142,7 @@ def call_failure(env_params={}) test 'redirects the correct format if it is a non-html format request' do swap Devise, navigational_formats: [:js] do call_failure('formats' => Mime::JS) - assert_equal 'http://test.host/users/log_in.js', @response.second["Location"] + assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"] end end end @@ -200,7 +200,7 @@ def call_failure(env_params={}) swap Devise, http_authenticatable_on_xhr: false do call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first - assert_equal 'http://test.host/users/log_in', @response.second["Location"] + assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end end @@ -208,7 +208,7 @@ def call_failure(env_params={}) swap Devise, http_authenticatable_on_xhr: false do call_failure('formats' => Mime::JSON, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first - assert_equal 'http://test.host/users/log_in.json', @response.second["Location"] + assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"] end end end @@ -234,7 +234,7 @@ def call_failure(env_params={}) context 'With recall' do test 'calls the original controller if invalid email or password' do env = { - "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/log_in" }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } @@ -245,7 +245,7 @@ def call_failure(env_params={}) test 'calls the original controller if not confirmed email' do env = { - "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/log_in", message: :unconfirmed }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :unconfirmed }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } @@ -256,7 +256,7 @@ def call_failure(env_params={}) test 'calls the original controller if inactive account' do env = { - "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/log_in", message: :inactive }, + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :inactive }, "devise.mapping" => Devise.mappings[:user], "warden" => stub_everything } diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 9c8d80295f..91449fddd9 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -447,7 +447,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest end test 'uses the custom controller with the custom controller view' do - get '/admin_area/log_in' + get '/admin_area/sign_in' assert_contain 'Log in' assert_contain 'Welcome to "admins/sessions" controller!' assert_contain 'Welcome to "sessions/new" view!' diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 15755cf07e..d04b00c98a 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -20,7 +20,7 @@ def resend_confirmation test 'user should be able to request a new confirmation' do resend_confirmation - assert_current_url '/users/log_in' + assert_current_url '/users/sign_in' assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes' assert_equal 1, ActionMailer::Base.deliveries.size assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from @@ -88,7 +88,7 @@ def resend_confirmation visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' - assert_current_url '/users/log_in' + assert_current_url '/users/sign_in' assert user.reload.confirmed? end end @@ -170,7 +170,7 @@ def resend_confirmation user = create_user(confirm: false) visit_user_confirmation_with_token(user.raw_confirmation_token) - assert_current_url '/users/log_in' + assert_current_url '/users/sign_in' end test 'error message is configurable by resource name' do @@ -228,7 +228,7 @@ def resend_confirmation click_button 'Resend confirmation instructions' assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" end end @@ -244,7 +244,7 @@ def resend_confirmation assert_not_contain "Email not found" assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" end end end @@ -271,7 +271,7 @@ def visit_admin_confirmation_with_token(confirmation_token) click_button 'Resend confirmation instructions' end - assert_current_url '/admin_area/log_in' + assert_current_url '/admin_area/sign_in' assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes' end @@ -282,7 +282,7 @@ def visit_admin_confirmation_with_token(confirmation_token) visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' - assert_current_url '/admin_area/log_in' + assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? assert_not admin.reload.pending_reconfirmation? end @@ -304,7 +304,7 @@ def visit_admin_confirmation_with_token(confirmation_token) visit_admin_confirmation_with_token(admin.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' - assert_current_url '/admin_area/log_in' + assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? assert_not admin.reload.pending_reconfirmation? end diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 6e911e127d..0c8c4a79cf 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -54,7 +54,7 @@ def send_unlock_request end test 'unlocked pages should not be available if email strategy is disabled' do - visit "/admin_area/log_in" + visit "/admin_area/sign_in" assert_raise Webrat::NotFoundError do click_link "Didn't receive unlock instructions?" @@ -83,7 +83,7 @@ def send_unlock_request raw = user.lock_access! visit_user_unlock_with_token(raw) - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" assert_contain 'Your account has been unlocked successfully. Please sign in to continue.' assert_not user.reload.access_locked? end @@ -181,7 +181,7 @@ def send_unlock_request fill_in 'email', with: user.email click_button 'Resend unlock instructions' - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." end end @@ -196,7 +196,7 @@ def send_unlock_request fill_in 'email', with: user.email click_button 'Resend unlock instructions' - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." end end @@ -211,7 +211,7 @@ def send_unlock_request assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "Email not found" - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." @@ -231,7 +231,7 @@ def send_unlock_request fill_in 'password', with: "abadpassword" click_button 'Log in' - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" assert_not_contain "locked" end end diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index afbb1342ab..f131d15572 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -39,7 +39,7 @@ def stub_action!(name) end test "can access omniauth.auth in the env hash" do - visit "/users/log_in" + visit "/users/sign_in" click_link "Sign in with Facebook" json = ActiveSupport::JSON.decode(response.body) @@ -53,7 +53,7 @@ def stub_action!(name) test "cleans up session on sign up" do assert_no_difference "User.count" do - visit "/users/log_in" + visit "/users/sign_in" click_link "Sign in with Facebook" end @@ -74,7 +74,7 @@ def stub_action!(name) test "cleans up session on cancel" do assert_no_difference "User.count" do - visit "/users/log_in" + visit "/users/sign_in" click_link "Sign in with Facebook" end @@ -85,7 +85,7 @@ def stub_action!(name) test "cleans up session on sign in" do assert_no_difference "User.count" do - visit "/users/log_in" + visit "/users/sign_in" click_link "Sign in with Facebook" end @@ -95,13 +95,13 @@ def stub_action!(name) end test "sign in and send remember token if configured" do - visit "/users/log_in" + visit "/users/sign_in" click_link "Sign in with Facebook" assert_nil warden.cookies["remember_user_token"] stub_action!(:sign_in_facebook) do create_user - visit "/users/log_in" + visit "/users/sign_in" click_link "Sign in with Facebook" assert warden.authenticated?(:user) assert warden.cookies["remember_user_token"] @@ -110,24 +110,24 @@ def stub_action!(name) test "generates a proper link when SCRIPT_NAME is set" do header 'SCRIPT_NAME', '/q' - visit "/users/log_in" + visit "/users/sign_in" assert_select "a", href: "/q/users/auth/facebook" end test "handles callback error parameter according to the specification" do OmniAuth.config.mock_auth[:facebook] = :access_denied visit "/users/auth/facebook/callback?error=access_denied" - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" assert_contain 'Could not authenticate you from Facebook because "Access denied".' end test "handles other exceptions from omniauth" do OmniAuth.config.mock_auth[:facebook] = :invalid_credentials - visit "/users/log_in" + visit "/users/sign_in" click_link "Sign in with Facebook" - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" assert_contain 'Could not authenticate you from Facebook because "Invalid credentials".' end end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 2cc0e872df..004748eff7 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -38,7 +38,7 @@ def reset_password(options={}, &block) fill_in 'email', with: 'foo@bar.com' end - assert_current_url '/users/log_in' + assert_current_url '/users/sign_in' assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end @@ -77,7 +77,7 @@ def reset_password(options={}, &block) fill_in 'email', with: ' foo@bar.com ' end - assert_current_url '/users/log_in' + assert_current_url '/users/sign_in' assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end @@ -110,7 +110,7 @@ def reset_password(options={}, &block) create_user request_forgot_password - assert_current_url '/users/log_in' + assert_current_url '/users/sign_in' assert_contain 'You will receive an email with instructions on how to reset your password in a few minutes.' end @@ -136,7 +136,7 @@ def reset_password(options={}, &block) test 'not authenticated user without a reset password token should not be able to visit the page' do get edit_user_password_path assert_response :redirect - assert_redirected_to "/users/log_in" + assert_redirected_to "/users/sign_in" end test 'not authenticated user with invalid reset password token should not be able to change their password' do @@ -303,7 +303,7 @@ def reset_password(options={}, &block) assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "Email not found" assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" end end @@ -315,7 +315,7 @@ def reset_password(options={}, &block) click_button 'Send me reset password instructions' assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." - assert_current_url "/users/log_in" + assert_current_url "/users/sign_in" end end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index eee9e74c06..3e58076db6 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -36,6 +36,11 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_current_url "/?custom=1" end + test 'a guest admin should not see a warning about minimum password length' do + get new_admin_session_path + assert_not_contain 'characters minimum' + end + def user_sign_up ActionMailer::Base.deliveries.clear diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 43580549d0..f8981ef783 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -90,8 +90,8 @@ def last_request_at get expire_user_path(user) assert warden.authenticated?(:user) - get "/users/log_in" - assert_redirected_to "/users/log_in" + get "/users/sign_in" + assert_redirected_to "/users/sign_in" follow_redirect! assert_response :success @@ -103,7 +103,7 @@ def last_request_at user = sign_in_as_user get expire_user_path(user) - post "/users/log_in", email: user.email, password: "123456" + post "/users/sign_in", email: user.email, password: "123456" assert_response :redirect follow_redirect! diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 123dcc4b76..2ec97e197f 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -78,8 +78,8 @@ def fake_request(path, params={}) test 'return default path names' do mapping = Devise.mappings[:user] - assert_equal 'log_in', mapping.path_names[:log_in] - assert_equal 'log_out', mapping.path_names[:log_out] + assert_equal 'sign_in', mapping.path_names[:sign_in] + assert_equal 'sign_out', mapping.path_names[:sign_out] assert_equal 'password', mapping.path_names[:password] assert_equal 'confirmation', mapping.path_names[:confirmation] assert_equal 'sign_up', mapping.path_names[:sign_up] @@ -88,8 +88,8 @@ def fake_request(path, params={}) test 'allow custom path names to be given' do mapping = Devise.mappings[:manager] - assert_equal 'login', mapping.path_names[:log_in] - assert_equal 'logout', mapping.path_names[:log_out] + assert_equal 'login', mapping.path_names[:sign_in] + assert_equal 'logout', mapping.path_names[:sign_out] assert_equal 'secret', mapping.path_names[:password] assert_equal 'verification', mapping.path_names[:confirmation] assert_equal 'register', mapping.path_names[:sign_up] diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 26bafa313b..7438114b7d 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -94,13 +94,13 @@ end namespace :publisher, path_names: { sign_in: "i_dont_care", sign_out: "get_out" } do - devise_for :accounts, class_name: "Admin", path_names: { log_in: "get_in" } + devise_for :accounts, class_name: "Admin", path_names: { sign_in: "get_in" } end scope ":locale", module: :invalid do devise_for :accounts, singular: "manager", class_name: "Admin", path_names: { - log_in: "login", log_out: "logout", + sign_in: "login", sign_out: "logout", password: "secret", confirmation: "verification", unlock: "unblock", sign_up: "register", registration: "management", diff --git a/test/routes_test.rb b/test/routes_test.rb index 948d2c6989..d3b3765c4d 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -4,18 +4,18 @@ class DefaultRoutingTest < ActionController::TestCase test 'map new user session' do - assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: 'users/log_in', method: :get}) - assert_named_route "/users/log_in", :new_user_session_path + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: 'users/sign_in', method: :get}) + assert_named_route "/users/sign_in", :new_user_session_path end test 'map create user session' do - assert_recognizes({controller: 'devise/sessions', action: 'create'}, {path: 'users/log_in', method: :post}) - assert_named_route "/users/log_in", :user_session_path + assert_recognizes({controller: 'devise/sessions', action: 'create'}, {path: 'users/sign_in', method: :post}) + assert_named_route "/users/sign_in", :user_session_path end test 'map destroy user session' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/log_out', method: :get}) - assert_named_route "/users/log_out", :destroy_user_session_path + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/sign_out', method: :get}) + assert_named_route "/users/sign_out", :destroy_user_session_path end test 'map new user confirmation' do @@ -121,7 +121,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'map admin with :controllers option' do - assert_recognizes({controller: 'admins/sessions', action: 'new'}, {path: 'admin_area/log_in', method: :get}) + assert_recognizes({controller: 'admins/sessions', action: 'new'}, {path: 'admin_area/sign_in', method: :get}) end test 'does not map admin password' do @@ -131,7 +131,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'subdomain admin' do - assert_recognizes({"host"=>"sub.example.com", controller: 'devise/sessions', action: 'new'}, {host: "sub.example.com", path: '/sub_admin/log_in', method: :get}) + assert_recognizes({"host"=>"sub.example.com", controller: 'devise/sessions', action: 'new'}, {host: "sub.example.com", path: '/sub_admin/sign_in', method: :get}) end test 'does only map reader password' do @@ -166,24 +166,24 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'map deletes with :sign_out_via option' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/log_out', method: :delete}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/sign_out', method: :delete}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/log_out', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/deletes/sign_out', method: :get}) end end test 'map posts with :sign_out_via option' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/log_out', method: :post}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/sign_out', method: :post}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/log_out', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/posts/sign_out', method: :get}) end end test 'map delete_or_posts with :sign_out_via option' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/log_out', method: :post}) - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/log_out', method: :delete}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :post}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :delete}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/log_out', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: '/sign_out_via/delete_or_posts/sign_out', method: :get}) end end @@ -202,9 +202,9 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'map with format false for sessions' do - assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/log_in', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/log_in.xml', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in.xml', method: :get}) end end diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index 36fc988466..fd1a202893 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -95,7 +95,7 @@ def respond test "returns the body of a failure app" do get :index - assert_equal response.body, "You are being redirected." + assert_equal response.body, "You are being redirected." end test "defined Warden after_authentication callback should not be called when sign_in is called" do From c3fa8fabcf3e16b08e58fdd17ee415aed8313d33 Mon Sep 17 00:00:00 2001 From: alexsoble Date: Sun, 10 Aug 2014 12:17:54 -0400 Subject: [PATCH 0545/1473] Restore password length message in case of error --- app/controllers/devise/registrations_controller.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index fabe66f8f7..f8f82b0d11 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -30,6 +30,10 @@ def create end else clean_up_passwords resource + @validatable = devise_mapping.validatable? + if @validatable + @minimum_password_length = resource_class.password_length.min + end respond_with resource end end From 5d43d5f3bc65555b6f5b7c23d3741a20b031c572 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 11 Aug 2014 17:35:28 -0300 Subject: [PATCH 0546/1473] :scissors: --- test/integration/registerable_test.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 3e58076db6..162ab313d4 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -41,7 +41,6 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_not_contain 'characters minimum' end - def user_sign_up ActionMailer::Base.deliveries.clear From c37552f552e9e798e9a478e188a941c1d7689498 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 11 Aug 2014 17:36:57 -0300 Subject: [PATCH 0547/1473] Update CHANGELOG --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a858118af1..d36afb5420 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ #2906 for the updated copy (by @p-originate) * Allow a resource to be found based on its encrypted password token (by @karlentwistle) * Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz) + * The default views now use `Log in` instead of `Sign in` and have a hint about the minimum password length if + the current scope is using the `validatable` module (by @alexsoble) * bug fix * Check if there is a signed in user before executing the `SessionsController#destroy`. From 6e95b66b544638178f1e9648369ec560594163ac Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 13 Aug 2014 13:41:14 -0300 Subject: [PATCH 0548/1473] Release v3.3.0 --- CHANGELOG.md | 7 ++++++- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.2-stable.lock | 2 +- gemfiles/Gemfile.rails-4.0-stable.lock | 2 +- gemfiles/Gemfile.rails-head.lock | 2 +- lib/devise/version.rb | 2 +- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d36afb5420..6968e7c03d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,9 @@ -### 3.3.0 (unreleased) +### Unreleased + +* enhancements +* bug fixes + +### 3.3.0 * enhancements * Support multiple warden configuration blocks on devise configuration. (by @rossta) diff --git a/Gemfile.lock b/Gemfile.lock index fc75cfbcde..2c232340dc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (3.2.4) + devise (3.3.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index 67aa87e9e3..d79e2ea4ec 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -49,7 +49,7 @@ GIT PATH remote: .. specs: - devise (3.2.4) + devise (3.3.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index d33d92a082..a0d9d5f519 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -43,7 +43,7 @@ GIT PATH remote: .. specs: - devise (3.2.4) + devise (3.3.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index a4a913c45a..5fb499ae60 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -76,7 +76,7 @@ GIT PATH remote: .. specs: - devise (3.2.4) + devise (3.3.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 7daf2e8b1f..5832f10769 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.2.4".freeze + VERSION = "3.3.0".freeze end From df9712bbe4c5027fadc86cdf6c5b6091c424243c Mon Sep 17 00:00:00 2001 From: Damir Svrtan Date: Mon, 18 Aug 2014 00:15:25 +0200 Subject: [PATCH 0549/1473] Rename links.erb to links.html.erb --- app/views/devise/shared/{_links.erb => _links.html.erb} | 0 test/generators/views_generator_test.rb | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename app/views/devise/shared/{_links.erb => _links.html.erb} (100%) diff --git a/app/views/devise/shared/_links.erb b/app/views/devise/shared/_links.html.erb similarity index 100% rename from app/views/devise/shared/_links.erb rename to app/views/devise/shared/_links.html.erb diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index 279d00cd4e..052b2ade89 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -78,7 +78,7 @@ def assert_files(scope = nil, options={}) assert_file "app/views/#{scope}/registrations/new.html.erb" assert_file "app/views/#{scope}/registrations/edit.html.erb" assert_file "app/views/#{scope}/sessions/new.html.erb" - assert_file "app/views/#{scope}/shared/_links.erb" + assert_file "app/views/#{scope}/shared/_links.html.erb" assert_file "app/views/#{scope}/unlocks/new.html.erb" end From 8e4a700f81c8bfc3d46951e34f5ff3c18138c89e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 18 Aug 2014 10:34:17 -0300 Subject: [PATCH 0550/1473] Update gemfiles --- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.2-stable.lock | 2 +- gemfiles/Gemfile.rails-4.0-stable.lock | 4 ++-- gemfiles/Gemfile.rails-head.lock | 27 +++++++++++++++++++------- 4 files changed, 24 insertions(+), 11 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2c232340dc..a38e089734 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -137,7 +137,7 @@ GEM treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (1.2.1) + tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.3) rack (>= 1.0) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index d79e2ea4ec..fb472126ba 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -138,7 +138,7 @@ GEM treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.40) + tzinfo (0.3.41) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index a0d9d5f519..4a89287683 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: 6d95e04c6968fb7597ea5dbd08b31f271fb87c9c + revision: ca152fc80ea14f41f0a9a53a0ed901a5c8eadccf branch: 4-0-stable specs: actionmailer (4.0.8) @@ -134,7 +134,7 @@ GEM thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) - tzinfo (0.3.40) + tzinfo (0.3.41) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index 5fb499ae60..f177b8644c 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 8cb17e9839973b76295cf87189e91a5ffcc03ab0 + revision: 5ba2e1fb4cb8189c9890e29c19cf4e16c25e4bc5 branch: master specs: mongoid (4.0.0) @@ -17,34 +17,39 @@ GIT GIT remote: git://github.com/rails/arel.git - revision: 66cee768bc163537087037a583f60639eae49fc3 + revision: c93f6bd8abc800ba31950f719f7c1006062051ae specs: - arel (6.0.0.20140505020427) + arel (6.0.0.beta1.20140817224534) GIT remote: git://github.com/rails/rails.git - revision: d5be08347fb7ff758572775ec93247a3ca886004 + revision: 6d92dcc7bd25f1533d3fc282dd4909ac8ed1a2dc specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) actionview (= 4.2.0.alpha) mail (~> 2.5, >= 2.5.4) + rails-dom-testing actionpack (4.2.0.alpha) actionview (= 4.2.0.alpha) activesupport (= 4.2.0.alpha) rack (~> 1.6.0.alpha) rack-test (~> 0.6.2) + rails-deprecated_sanitizer actionview (4.2.0.alpha) activesupport (= 4.2.0.alpha) builder (~> 3.1) erubis (~> 2.7.0) + rails-deprecated_sanitizer + activejob (4.2.0.alpha) + globalid activemodel (4.2.0.alpha) activesupport (= 4.2.0.alpha) builder (~> 3.1) activerecord (4.2.0.alpha) activemodel (= 4.2.0.alpha) activesupport (= 4.2.0.alpha) - arel (~> 6.0.0) + arel (>= 6.0.0.beta1, < 6.1) activesupport (4.2.0.alpha) i18n (>= 0.7.0.dev, < 0.8) json (~> 1.7, >= 1.7.7) @@ -55,6 +60,7 @@ GIT actionmailer (= 4.2.0.alpha) actionpack (= 4.2.0.alpha) actionview (= 4.2.0.alpha) + activejob (= 4.2.0.alpha) activemodel (= 4.2.0.alpha) activerecord (= 4.2.0.alpha) activesupport (= 4.2.0.alpha) @@ -69,7 +75,7 @@ GIT GIT remote: git://github.com/svenfuchs/i18n.git - revision: cb679b8cdbab675703a3f88de4d48a48f7b50e06 + revision: a715d7aeed8903bf4b91b8b9005bc14cfc9f83cb specs: i18n (0.7.0.dev) @@ -93,6 +99,8 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) + globalid (0.2.0) + activesupport (>= 4.1.0) hashie (3.2.0) hike (1.2.3) json (1.8.1) @@ -141,6 +149,11 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) + rails-deprecated_sanitizer (1.0.0) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.0) + activesupport + nokogiri (~> 1.6.0) rake (10.3.2) rdoc (4.1.1) json (~> 1.4) @@ -158,7 +171,7 @@ GEM thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) - tzinfo (1.2.1) + tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.3) rack (>= 1.0) From df43642cd5e5a4ed666fc8e57a1bee46de864394 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 19 Aug 2014 22:14:35 -0300 Subject: [PATCH 0551/1473] Update Gemfiles --- Gemfile.lock | 50 +++++++++++++------------- gemfiles/Gemfile.rails-4.0-stable.lock | 40 ++++++++++----------- gemfiles/Gemfile.rails-head.lock | 39 ++++++++++---------- 3 files changed, 66 insertions(+), 63 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a38e089734..f8217633fa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,27 +11,27 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.1.4) - actionpack (= 4.1.4) - actionview (= 4.1.4) + actionmailer (4.1.5) + actionpack (= 4.1.5) + actionview (= 4.1.5) mail (~> 2.5.4) - actionpack (4.1.4) - actionview (= 4.1.4) - activesupport (= 4.1.4) + actionpack (4.1.5) + actionview (= 4.1.5) + activesupport (= 4.1.5) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.4) - activesupport (= 4.1.4) + actionview (4.1.5) + activesupport (= 4.1.5) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.4) - activesupport (= 4.1.4) + activemodel (4.1.5) + activesupport (= 4.1.5) builder (~> 3.1) - activerecord (4.1.4) - activemodel (= 4.1.4) - activesupport (= 4.1.4) + activerecord (4.1.5) + activemodel (= 4.1.5) + activesupport (= 4.1.5) arel (~> 5.0.0) - activesupport (4.1.4) + activesupport (4.1.5) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -102,19 +102,19 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.1.4) - actionmailer (= 4.1.4) - actionpack (= 4.1.4) - actionview (= 4.1.4) - activemodel (= 4.1.4) - activerecord (= 4.1.4) - activesupport (= 4.1.4) + rails (4.1.5) + actionmailer (= 4.1.5) + actionpack (= 4.1.5) + actionview (= 4.1.5) + activemodel (= 4.1.5) + activerecord (= 4.1.5) + activesupport (= 4.1.5) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.4) + railties (= 4.1.5) sprockets-rails (~> 2.0) - railties (4.1.4) - actionpack (= 4.1.4) - activesupport (= 4.1.4) + railties (4.1.5) + actionpack (= 4.1.5) + activesupport (= 4.1.5) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.3.2) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 4a89287683..29155e9f04 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,42 +1,42 @@ GIT remote: git://github.com/rails/rails.git - revision: ca152fc80ea14f41f0a9a53a0ed901a5c8eadccf + revision: d01651a360a0ecea6eb78dcb03fc44120bd83495 branch: 4-0-stable specs: - actionmailer (4.0.8) - actionpack (= 4.0.8) + actionmailer (4.0.9) + actionpack (= 4.0.9) mail (~> 2.5, >= 2.5.4) - actionpack (4.0.8) - activesupport (= 4.0.8) + actionpack (4.0.9) + activesupport (= 4.0.9) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.8) - activesupport (= 4.0.8) + activemodel (4.0.9) + activesupport (= 4.0.9) builder (~> 3.1.0) - activerecord (4.0.8) - activemodel (= 4.0.8) + activerecord (4.0.9) + activemodel (= 4.0.9) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.8) + activesupport (= 4.0.9) arel (~> 4.0.0) - activesupport (4.0.8) + activesupport (4.0.9) i18n (~> 0.6, >= 0.6.9) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) - rails (4.0.8) - actionmailer (= 4.0.8) - actionpack (= 4.0.8) - activerecord (= 4.0.8) - activesupport (= 4.0.8) + rails (4.0.9) + actionmailer (= 4.0.9) + actionpack (= 4.0.9) + activerecord (= 4.0.9) + activesupport (= 4.0.9) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.8) + railties (= 4.0.9) sprockets-rails (~> 2.0) - railties (4.0.8) - actionpack (= 4.0.8) - activesupport (= 4.0.8) + railties (4.0.9) + actionpack (= 4.0.9) + activesupport (= 4.0.9) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index f177b8644c..55437ce942 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -11,9 +11,9 @@ GIT GIT remote: git://github.com/rack/rack.git - revision: 92811eec6e86cb4dba52b3969c4dd66e639df158 + revision: e4e4c397e89c026f9c23500cf7fc14ccdb756010 specs: - rack (1.6.0.alpha) + rack (1.6.0.beta) GIT remote: git://github.com/rails/arel.git @@ -23,26 +23,28 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 6d92dcc7bd25f1533d3fc282dd4909ac8ed1a2dc + revision: 9733dc5b39a5c8ce53febc4b55c3b2643b14dd87 specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) actionview (= 4.2.0.alpha) mail (~> 2.5, >= 2.5.4) - rails-dom-testing + rails-dom-testing (~> 1.0, >= 1.0.2) actionpack (4.2.0.alpha) actionview (= 4.2.0.alpha) activesupport (= 4.2.0.alpha) - rack (~> 1.6.0.alpha) + rack (~> 1.6.0.beta) rack-test (~> 0.6.2) - rails-deprecated_sanitizer + rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) + rails-dom-testing (~> 1.0, >= 1.0.2) actionview (4.2.0.alpha) activesupport (= 4.2.0.alpha) builder (~> 3.1) erubis (~> 2.7.0) - rails-deprecated_sanitizer + rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) + rails-dom-testing (~> 1.0, >= 1.0.2) activejob (4.2.0.alpha) - globalid + globalid (>= 0.2.3) activemodel (4.2.0.alpha) activesupport (= 4.2.0.alpha) builder (~> 3.1) @@ -51,7 +53,7 @@ GIT activesupport (= 4.2.0.alpha) arel (>= 6.0.0.beta1, < 6.1) activesupport (4.2.0.alpha) - i18n (>= 0.7.0.dev, < 0.8) + i18n (>= 0.7.0.beta1, < 0.8) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) @@ -66,7 +68,7 @@ GIT activesupport (= 4.2.0.alpha) bundler (>= 1.3.0, < 2.0) railties (= 4.2.0.alpha) - sprockets-rails (~> 2.1) + sprockets-rails (~> 3.0.0.beta1) railties (4.2.0.alpha) actionpack (= 4.2.0.alpha) activesupport (= 4.2.0.alpha) @@ -75,9 +77,9 @@ GIT GIT remote: git://github.com/svenfuchs/i18n.git - revision: a715d7aeed8903bf4b91b8b9005bc14cfc9f83cb + revision: 4612e6ebf357fba5f90f879ff8b753f8cf8415ff specs: - i18n (0.7.0.dev) + i18n (0.7.0.beta1) PATH remote: .. @@ -99,7 +101,7 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - globalid (0.2.0) + globalid (0.2.3) activesupport (>= 4.1.0) hashie (3.2.0) hike (1.2.3) @@ -149,11 +151,12 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails-deprecated_sanitizer (1.0.0) + rails-deprecated_sanitizer (1.0.2) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.0) + rails-dom-testing (1.0.2) activesupport nokogiri (~> 1.6.0) + rails-deprecated_sanitizer (>= 1.0.1) rake (10.3.2) rdoc (4.1.1) json (~> 1.4) @@ -163,9 +166,9 @@ GEM multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.1.3) - actionpack (>= 3.0) - activesupport (>= 3.0) + sprockets-rails (3.0.0.beta1) + actionpack (>= 4.0) + activesupport (>= 4.0) sprockets (~> 2.8) sqlite3 (1.3.9) thor (0.19.1) From 7f3dac86522fa2d95f67ced005a4343eecf29e28 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 17 Aug 2014 19:43:34 -0300 Subject: [PATCH 0552/1473] Use `[]=` instead of `merge!` to mutate the current Router scope. This was broken in Rails 4.2.0+ because the `@scope` object is no longer a Hash but an internal structure that supports a better override/rollback flow for cases like this. If we would only support Rails 4.2, this method could be something like this: ```ruby def with_devise_exclusive_scope(new_path, new_as, options) overrides = { as: new_as, path: new_path, module: nil } overrides.merge!(options.slice(:constraints, :defaults, :options)) @scope = @scope.new(overrides) yield ensure @scope = @scope.parent end ``` --- lib/devise/rails/routes.rb | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 8b4589bc8e..92cf4646d0 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -442,19 +442,16 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: @scope[:path] = path end - DEVISE_SCOPE_KEYS = [:as, :path, :module, :constraints, :defaults, :options] - def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: - old = {} - DEVISE_SCOPE_KEYS.each { |k| old[k] = @scope[k] } + current_scope = @scope.dup - new = { as: new_as, path: new_path, module: nil } - new.merge!(options.slice(:constraints, :defaults, :options)) + exclusive = { as: new_as, path: new_path, module: nil } + exclusive.merge!(options.slice(:constraints, :defaults, :options)) - @scope.merge!(new) + exclusive.each_pair { |key, value| @scope[key] = value } yield ensure - @scope.merge!(old) + @scope = current_scope end def constraints_for(method_to_apply, scope=nil, block=nil) From 0e384f6fb6de9782a01181bcebf6f14e5352f5bf Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 19 Aug 2014 23:30:49 -0300 Subject: [PATCH 0553/1473] Remove missing action warning from the omniauth callbacks route. --- lib/devise/rails/routes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 92cf4646d0..8048f9961f 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -435,7 +435,7 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: match "#{path_prefix}/:action/callback", constraints: { action: providers }, - to: controllers[:omniauth_callbacks], + to: "#{controllers[:omniauth_callbacks]}#:action", as: :omniauth_callback, via: [:get, :post] ensure From 0b13f587ef97fe6b3f3d6869ba392cb881f89c4d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 19 Aug 2014 23:37:52 -0300 Subject: [PATCH 0554/1473] Update gemfile with latest Rails changes and Responders 2. --- gemfiles/Gemfile.rails-head | 4 +--- gemfiles/Gemfile.rails-head.lock | 29 +++++++---------------------- 2 files changed, 8 insertions(+), 25 deletions(-) diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index e1dfa07ab1..269e39c710 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -3,9 +3,7 @@ source "https://rubygems.org" gemspec path: '..' gem "rails", github: "rails/rails" -gem "arel", github: "rails/arel" -gem "rack", github: "rack/rack" -gem "i18n", github: "svenfuchs/i18n" +gem "responders", "~> 2.0" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index 55437ce942..1d75f576d7 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -9,21 +9,9 @@ GIT origin (~> 2.1) tzinfo (>= 0.3.37) -GIT - remote: git://github.com/rack/rack.git - revision: e4e4c397e89c026f9c23500cf7fc14ccdb756010 - specs: - rack (1.6.0.beta) - -GIT - remote: git://github.com/rails/arel.git - revision: c93f6bd8abc800ba31950f719f7c1006062051ae - specs: - arel (6.0.0.beta1.20140817224534) - GIT remote: git://github.com/rails/rails.git - revision: 9733dc5b39a5c8ce53febc4b55c3b2643b14dd87 + revision: 78728af2c9bba23ac96c8e78666102f58e6c890d specs: actionmailer (4.2.0.alpha) actionpack (= 4.2.0.alpha) @@ -75,12 +63,6 @@ GIT rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) -GIT - remote: git://github.com/svenfuchs/i18n.git - revision: 4612e6ebf357fba5f90f879ff8b753f8cf8415ff - specs: - i18n (0.7.0.beta1) - PATH remote: .. specs: @@ -94,6 +76,7 @@ PATH GEM remote: https://rubygems.org/ specs: + arel (6.0.0.beta1) bcrypt (3.1.7) bson (2.3.0) builder (3.2.2) @@ -105,6 +88,7 @@ GEM activesupport (>= 4.1.0) hashie (3.2.0) hike (1.2.3) + i18n (0.7.0.beta1) json (1.8.1) jwt (1.0.0) mail (2.6.1) @@ -146,6 +130,7 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) + rack (1.6.0.beta) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -160,6 +145,8 @@ GEM rake (10.3.2) rdoc (4.1.1) json (~> 1.4) + responders (2.0.0) + railties (>= 4.2.0.alpha, < 5) ruby-openid (2.5.0) sprockets (2.12.1) hike (~> 1.2) @@ -189,9 +176,7 @@ PLATFORMS DEPENDENCIES activerecord-jdbc-adapter activerecord-jdbcsqlite3-adapter - arel! devise! - i18n! jruby-openssl mocha (~> 1.1) mongoid! @@ -199,8 +184,8 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rack! rails! rdoc + responders (~> 2.0) sqlite3 webrat (= 0.7.3) From 9b9ee8bd2d265ad48a34a6bdd3662f8fa6c28971 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 19 Aug 2014 23:41:51 -0300 Subject: [PATCH 0555/1473] Test against the released gem --- gemfiles/Gemfile.rails-head | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index 269e39c710..5aee897b4e 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: '..' -gem "rails", github: "rails/rails" +gem "rails", "4.2.0.beta1" gem "responders", "~> 2.0" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" From a638c21e76050d69f8fda39cd1d055db728d2e96 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 20 Aug 2014 18:12:57 -0300 Subject: [PATCH 0556/1473] Add responders as a Devise dependency. --- devise.gemspec | 1 + gemfiles/Gemfile.rails-head | 1 - gemfiles/Gemfile.rails-head.lock | 95 +++++++++++++++----------------- lib/devise.rb | 1 + 4 files changed, 47 insertions(+), 51 deletions(-) diff --git a/devise.gemspec b/devise.gemspec index 7f95d8a6d3..73b81075c7 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -24,4 +24,5 @@ Gem::Specification.new do |s| s.add_dependency("bcrypt", "~> 3.0") s.add_dependency("thread_safe", "~> 0.1") s.add_dependency("railties", ">= 3.2.6", "< 5") + s.add_dependency("responders") end diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-head index 5aee897b4e..f4b9bd230e 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-head @@ -3,7 +3,6 @@ source "https://rubygems.org" gemspec path: '..' gem "rails", "4.2.0.beta1" -gem "responders", "~> 2.0" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-head.lock index 1d75f576d7..ab10f87388 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-head.lock @@ -9,73 +9,53 @@ GIT origin (~> 2.1) tzinfo (>= 0.3.37) -GIT - remote: git://github.com/rails/rails.git - revision: 78728af2c9bba23ac96c8e78666102f58e6c890d +PATH + remote: .. + specs: + devise (3.3.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + responders + thread_safe (~> 0.1) + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ specs: - actionmailer (4.2.0.alpha) - actionpack (= 4.2.0.alpha) - actionview (= 4.2.0.alpha) + actionmailer (4.2.0.beta1) + actionpack (= 4.2.0.beta1) + actionview (= 4.2.0.beta1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.2) - actionpack (4.2.0.alpha) - actionview (= 4.2.0.alpha) - activesupport (= 4.2.0.alpha) + actionpack (4.2.0.beta1) + actionview (= 4.2.0.beta1) + activesupport (= 4.2.0.beta1) rack (~> 1.6.0.beta) rack-test (~> 0.6.2) rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) rails-dom-testing (~> 1.0, >= 1.0.2) - actionview (4.2.0.alpha) - activesupport (= 4.2.0.alpha) + actionview (4.2.0.beta1) + activesupport (= 4.2.0.beta1) builder (~> 3.1) erubis (~> 2.7.0) rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) rails-dom-testing (~> 1.0, >= 1.0.2) - activejob (4.2.0.alpha) + activejob (4.2.0.beta1) globalid (>= 0.2.3) - activemodel (4.2.0.alpha) - activesupport (= 4.2.0.alpha) + activemodel (4.2.0.beta1) + activesupport (= 4.2.0.beta1) builder (~> 3.1) - activerecord (4.2.0.alpha) - activemodel (= 4.2.0.alpha) - activesupport (= 4.2.0.alpha) + activerecord (4.2.0.beta1) + activemodel (= 4.2.0.beta1) + activesupport (= 4.2.0.beta1) arel (>= 6.0.0.beta1, < 6.1) - activesupport (4.2.0.alpha) + activesupport (4.2.0.beta1) i18n (>= 0.7.0.beta1, < 0.8) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - rails (4.2.0.alpha) - actionmailer (= 4.2.0.alpha) - actionpack (= 4.2.0.alpha) - actionview (= 4.2.0.alpha) - activejob (= 4.2.0.alpha) - activemodel (= 4.2.0.alpha) - activerecord (= 4.2.0.alpha) - activesupport (= 4.2.0.alpha) - bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0.alpha) - sprockets-rails (~> 3.0.0.beta1) - railties (4.2.0.alpha) - actionpack (= 4.2.0.alpha) - activesupport (= 4.2.0.alpha) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - -PATH - remote: .. - specs: - devise (3.3.0) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) - thread_safe (~> 0.1) - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: arel (6.0.0.beta1) bcrypt (3.1.7) bson (2.3.0) @@ -136,12 +116,28 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) + rails (4.2.0.beta1) + actionmailer (= 4.2.0.beta1) + actionpack (= 4.2.0.beta1) + actionview (= 4.2.0.beta1) + activejob (= 4.2.0.beta1) + activemodel (= 4.2.0.beta1) + activerecord (= 4.2.0.beta1) + activesupport (= 4.2.0.beta1) + bundler (>= 1.3.0, < 2.0) + railties (= 4.2.0.beta1) + sprockets-rails (~> 3.0.0.beta1) rails-deprecated_sanitizer (1.0.2) activesupport (>= 4.2.0.alpha) rails-dom-testing (1.0.2) activesupport nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) + railties (4.2.0.beta1) + actionpack (= 4.2.0.beta1) + activesupport (= 4.2.0.beta1) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) rake (10.3.2) rdoc (4.1.1) json (~> 1.4) @@ -184,8 +180,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails! + rails (= 4.2.0.beta1) rdoc - responders (~> 2.0) sqlite3 webrat (= 0.7.3) diff --git a/lib/devise.rb b/lib/devise.rb index 2b99d923e4..95e2f98158 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -4,6 +4,7 @@ require 'orm_adapter' require 'set' require 'securerandom' +require 'responders' module Devise autoload :Delegator, 'devise/delegator' From 70e9e92d23c64fdd686b9d22406c2e576a1b4910 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 20 Aug 2014 18:16:51 -0300 Subject: [PATCH 0557/1473] Reorganize Gemfiles. --- Gemfile | 4 +- Gemfile.lock | 122 ++++++++++------- gemfiles/Gemfile.rails-3.2-stable.lock | 3 + gemfiles/Gemfile.rails-4.0-stable.lock | 5 +- ...le.rails-head => Gemfile.rails-4.1-stable} | 4 +- ...ead.lock => Gemfile.rails-4.1-stable.lock} | 125 ++++++++---------- 6 files changed, 136 insertions(+), 127 deletions(-) rename gemfiles/{Gemfile.rails-head => Gemfile.rails-4.1-stable} (84%) rename gemfiles/{Gemfile.rails-head.lock => Gemfile.rails-4.1-stable.lock} (56%) diff --git a/Gemfile b/Gemfile index 91b556455b..76a67a82a3 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 4.1.0" +gem "rails", "4.2.0.beta1" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" @@ -25,5 +25,5 @@ platforms :ruby do end group :mongoid do - gem "mongoid", "~> 4.0.0" + gem "mongoid", github: "mongoid/mongoid", branch: "master" end diff --git a/Gemfile.lock b/Gemfile.lock index f8217633fa..7379672952 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,14 @@ +GIT + remote: git://github.com/mongoid/mongoid.git + revision: 5ba2e1fb4cb8189c9890e29c19cf4e16c25e4bc5 + branch: master + specs: + mongoid (4.0.0) + activemodel (~> 4.0) + moped (~> 2.0.0) + origin (~> 2.1) + tzinfo (>= 0.3.37) + PATH remote: . specs: @@ -5,39 +16,47 @@ PATH bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) + responders thread_safe (~> 0.1) warden (~> 1.2.3) GEM remote: https://rubygems.org/ specs: - actionmailer (4.1.5) - actionpack (= 4.1.5) - actionview (= 4.1.5) - mail (~> 2.5.4) - actionpack (4.1.5) - actionview (= 4.1.5) - activesupport (= 4.1.5) - rack (~> 1.5.2) + actionmailer (4.2.0.beta1) + actionpack (= 4.2.0.beta1) + actionview (= 4.2.0.beta1) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 1.0, >= 1.0.2) + actionpack (4.2.0.beta1) + actionview (= 4.2.0.beta1) + activesupport (= 4.2.0.beta1) + rack (~> 1.6.0.beta) rack-test (~> 0.6.2) - actionview (4.1.5) - activesupport (= 4.1.5) + rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) + rails-dom-testing (~> 1.0, >= 1.0.2) + actionview (4.2.0.beta1) + activesupport (= 4.2.0.beta1) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.5) - activesupport (= 4.1.5) + rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) + rails-dom-testing (~> 1.0, >= 1.0.2) + activejob (4.2.0.beta1) + globalid (>= 0.2.3) + activemodel (4.2.0.beta1) + activesupport (= 4.2.0.beta1) builder (~> 3.1) - activerecord (4.1.5) - activemodel (= 4.1.5) - activesupport (= 4.1.5) - arel (~> 5.0.0) - activesupport (4.1.5) - i18n (~> 0.6, >= 0.6.9) + activerecord (4.2.0.beta1) + activemodel (= 4.2.0.beta1) + activesupport (= 4.2.0.beta1) + arel (>= 6.0.0.beta1, < 6.1) + activesupport (4.2.0.beta1) + i18n (>= 0.7.0.beta1, < 0.8) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - arel (5.0.1.20140414130214) + arel (6.0.0.beta1) bcrypt (3.1.7) bson (2.3.0) builder (3.2.2) @@ -45,25 +64,21 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) + globalid (0.2.3) + activesupport (>= 4.1.0) hashie (3.2.0) hike (1.2.3) - i18n (0.6.11) + i18n (0.7.0.beta1) json (1.8.1) jwt (1.0.0) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) + mail (2.6.1) + mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (1.25.1) + mime-types (2.3) mini_portile (0.6.0) minitest (5.4.0) mocha (1.1.0) metaclass (~> 0.0.1) - mongoid (4.0.0) - activemodel (~> 4.0) - moped (~> 2.0.0) - origin (~> 2.1) - tzinfo (>= 0.3.37) moped (2.0.0) bson (~> 2.2) connection_pool (~> 2.0) @@ -95,48 +110,53 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - polyglot (0.3.5) - rack (1.5.2) + rack (1.6.0.beta) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.1.5) - actionmailer (= 4.1.5) - actionpack (= 4.1.5) - actionview (= 4.1.5) - activemodel (= 4.1.5) - activerecord (= 4.1.5) - activesupport (= 4.1.5) + rails (4.2.0.beta1) + actionmailer (= 4.2.0.beta1) + actionpack (= 4.2.0.beta1) + actionview (= 4.2.0.beta1) + activejob (= 4.2.0.beta1) + activemodel (= 4.2.0.beta1) + activerecord (= 4.2.0.beta1) + activesupport (= 4.2.0.beta1) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.5) - sprockets-rails (~> 2.0) - railties (4.1.5) - actionpack (= 4.1.5) - activesupport (= 4.1.5) + railties (= 4.2.0.beta1) + sprockets-rails (~> 3.0.0.beta1) + rails-deprecated_sanitizer (1.0.2) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.2) + activesupport + nokogiri (~> 1.6.0) + rails-deprecated_sanitizer (>= 1.0.1) + railties (4.2.0.beta1) + actionpack (= 4.2.0.beta1) + activesupport (= 4.2.0.beta1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.3.2) rdoc (4.1.1) json (~> 1.4) + responders (2.0.0) + railties (>= 4.2.0.alpha, < 5) ruby-openid (2.5.0) sprockets (2.12.1) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.1.3) - actionpack (>= 3.0) - activesupport (>= 3.0) + sprockets-rails (3.0.0.beta1) + actionpack (>= 4.0) + activesupport (>= 4.0) sprockets (~> 2.8) sqlite3 (1.3.9) thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.3) @@ -155,12 +175,12 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 1.1) - mongoid (~> 4.0.0) + mongoid! omniauth (~> 1.2.0) omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (~> 4.1.0) + rails (= 4.2.0.beta1) rdoc sqlite3 webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index fb472126ba..72f0d6b3c9 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -53,6 +53,7 @@ PATH bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) + responders thread_safe (~> 0.1) warden (~> 1.2.3) @@ -125,6 +126,8 @@ GEM rake (10.3.2) rdoc (3.12.2) json (~> 1.4) + responders (1.1.1) + railties (>= 3.2, < 4.2) ruby-openid (2.5.0) sprockets (2.2.2) hike (~> 1.2) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 29155e9f04..f8558f4d78 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: d01651a360a0ecea6eb78dcb03fc44120bd83495 + revision: 2d8886e05104316273a0f95dfbcd171d3b12678b branch: 4-0-stable specs: actionmailer (4.0.9) @@ -47,6 +47,7 @@ PATH bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) + responders thread_safe (~> 0.1) warden (~> 1.2.3) @@ -120,6 +121,8 @@ GEM rake (10.3.2) rdoc (4.1.1) json (~> 1.4) + responders (1.1.1) + railties (>= 3.2, < 4.2) ruby-openid (2.5.0) sprockets (2.12.1) hike (~> 1.2) diff --git a/gemfiles/Gemfile.rails-head b/gemfiles/Gemfile.rails-4.1-stable similarity index 84% rename from gemfiles/Gemfile.rails-head rename to gemfiles/Gemfile.rails-4.1-stable index f4b9bd230e..f4f0e37cf9 100644 --- a/gemfiles/Gemfile.rails-head +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: '..' -gem "rails", "4.2.0.beta1" +gem "rails", github: 'rails/rails', branch: '4-1-stable' gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" @@ -25,5 +25,5 @@ platforms :ruby do end group :mongoid do - gem "mongoid", github: "mongoid/mongoid", branch: "master" + gem "mongoid", "~> 4.0.0" end diff --git a/gemfiles/Gemfile.rails-head.lock b/gemfiles/Gemfile.rails-4.1-stable.lock similarity index 56% rename from gemfiles/Gemfile.rails-head.lock rename to gemfiles/Gemfile.rails-4.1-stable.lock index ab10f87388..abe9fba4c2 100644 --- a/gemfiles/Gemfile.rails-head.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,16 +1,5 @@ -GIT - remote: git://github.com/mongoid/mongoid.git - revision: 5ba2e1fb4cb8189c9890e29c19cf4e16c25e4bc5 - branch: master - specs: - mongoid (4.0.0) - activemodel (~> 4.0) - moped (~> 2.0.0) - origin (~> 2.1) - tzinfo (>= 0.3.37) - PATH - remote: .. + remote: . specs: devise (3.3.0) bcrypt (~> 3.0) @@ -23,40 +12,33 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.0.beta1) - actionpack (= 4.2.0.beta1) - actionview (= 4.2.0.beta1) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.2) - actionpack (4.2.0.beta1) - actionview (= 4.2.0.beta1) - activesupport (= 4.2.0.beta1) - rack (~> 1.6.0.beta) + actionmailer (4.1.5) + actionpack (= 4.1.5) + actionview (= 4.1.5) + mail (~> 2.5.4) + actionpack (4.1.5) + actionview (= 4.1.5) + activesupport (= 4.1.5) + rack (~> 1.5.2) rack-test (~> 0.6.2) - rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) - rails-dom-testing (~> 1.0, >= 1.0.2) - actionview (4.2.0.beta1) - activesupport (= 4.2.0.beta1) + actionview (4.1.5) + activesupport (= 4.1.5) builder (~> 3.1) erubis (~> 2.7.0) - rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) - rails-dom-testing (~> 1.0, >= 1.0.2) - activejob (4.2.0.beta1) - globalid (>= 0.2.3) - activemodel (4.2.0.beta1) - activesupport (= 4.2.0.beta1) + activemodel (4.1.5) + activesupport (= 4.1.5) builder (~> 3.1) - activerecord (4.2.0.beta1) - activemodel (= 4.2.0.beta1) - activesupport (= 4.2.0.beta1) - arel (>= 6.0.0.beta1, < 6.1) - activesupport (4.2.0.beta1) - i18n (>= 0.7.0.beta1, < 0.8) + activerecord (4.1.5) + activemodel (= 4.1.5) + activesupport (= 4.1.5) + arel (~> 5.0.0) + activesupport (4.1.5) + i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - arel (6.0.0.beta1) + arel (5.0.1.20140414130214) bcrypt (3.1.7) bson (2.3.0) builder (3.2.2) @@ -64,21 +46,25 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - globalid (0.2.3) - activesupport (>= 4.1.0) hashie (3.2.0) hike (1.2.3) - i18n (0.7.0.beta1) + i18n (0.6.11) json (1.8.1) jwt (1.0.0) - mail (2.6.1) - mime-types (>= 1.16, < 3) + mail (2.5.4) + mime-types (~> 1.16) + treetop (~> 1.4.8) metaclass (0.0.4) - mime-types (2.3) + mime-types (1.25.1) mini_portile (0.6.0) minitest (5.4.0) mocha (1.1.0) metaclass (~> 0.0.1) + mongoid (4.0.0) + activemodel (~> 4.0) + moped (~> 2.0.0) + origin (~> 2.1) + tzinfo (>= 0.3.37) moped (2.0.0) bson (~> 2.2) connection_pool (~> 2.0) @@ -110,53 +96,50 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - rack (1.6.0.beta) + polyglot (0.3.5) + rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.2.0.beta1) - actionmailer (= 4.2.0.beta1) - actionpack (= 4.2.0.beta1) - actionview (= 4.2.0.beta1) - activejob (= 4.2.0.beta1) - activemodel (= 4.2.0.beta1) - activerecord (= 4.2.0.beta1) - activesupport (= 4.2.0.beta1) + rails (4.1.5) + actionmailer (= 4.1.5) + actionpack (= 4.1.5) + actionview (= 4.1.5) + activemodel (= 4.1.5) + activerecord (= 4.1.5) + activesupport (= 4.1.5) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0.beta1) - sprockets-rails (~> 3.0.0.beta1) - rails-deprecated_sanitizer (1.0.2) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.2) - activesupport - nokogiri (~> 1.6.0) - rails-deprecated_sanitizer (>= 1.0.1) - railties (4.2.0.beta1) - actionpack (= 4.2.0.beta1) - activesupport (= 4.2.0.beta1) + railties (= 4.1.5) + sprockets-rails (~> 2.0) + railties (4.1.5) + actionpack (= 4.1.5) + activesupport (= 4.1.5) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.3.2) rdoc (4.1.1) json (~> 1.4) - responders (2.0.0) - railties (>= 4.2.0.alpha, < 5) + responders (1.1.0) + railties (>= 3.2, < 5) ruby-openid (2.5.0) sprockets (2.12.1) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (3.0.0.beta1) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (2.1.3) + actionpack (>= 3.0) + activesupport (>= 3.0) sprockets (~> 2.8) sqlite3 (1.3.9) thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) + treetop (1.4.15) + polyglot + polyglot (>= 0.3.1) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.3) @@ -175,12 +158,12 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 1.1) - mongoid! + mongoid (~> 4.0.0) omniauth (~> 1.2.0) omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (= 4.2.0.beta1) + rails (~> 4.1.0) rdoc sqlite3 webrat (= 0.7.3) From 2beae8e1438e2e5de201c5cbea9668af2f2e09f2 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 20 Aug 2014 18:44:50 -0300 Subject: [PATCH 0558/1473] Update Gemfile list on Travis. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1baa1c1c10..278b10cfd9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,7 +17,7 @@ env: # AMAZON_SECRET_ACCESS_KEY - secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI=" gemfile: - - gemfiles/Gemfile.rails-head + - gemfiles/Gemfile.rails-4.1-stable - gemfiles/Gemfile.rails-4.0-stable - gemfiles/Gemfile.rails-3.2-stable - Gemfile From 2f4fab00d9f44958957e6699d8ee02a063565c19 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 22 Aug 2014 13:22:00 -0300 Subject: [PATCH 0559/1473] Update 4.1 Gemfile --- gemfiles/Gemfile.rails-4.1-stable.lock | 81 +++++++++++++------------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index abe9fba4c2..5e14ee254a 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,21 +1,12 @@ -PATH - remote: . - specs: - devise (3.3.0) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) - responders - thread_safe (~> 0.1) - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ +GIT + remote: git://github.com/rails/rails.git + revision: 90b70cd453e6b88b2ad484861ad9913f70bd15c9 + branch: 4-1-stable specs: actionmailer (4.1.5) actionpack (= 4.1.5) actionview (= 4.1.5) - mail (~> 2.5.4) + mail (~> 2.5, >= 2.5.4) actionpack (4.1.5) actionview (= 4.1.5) activesupport (= 4.1.5) @@ -38,6 +29,36 @@ GEM minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) + rails (4.1.5) + actionmailer (= 4.1.5) + actionpack (= 4.1.5) + actionview (= 4.1.5) + activemodel (= 4.1.5) + activerecord (= 4.1.5) + activesupport (= 4.1.5) + bundler (>= 1.3.0, < 2.0) + railties (= 4.1.5) + sprockets-rails (~> 2.0) + railties (4.1.5) + actionpack (= 4.1.5) + activesupport (= 4.1.5) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + +PATH + remote: .. + specs: + devise (3.3.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + responders + thread_safe (~> 0.1) + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: arel (5.0.1.20140414130214) bcrypt (3.1.7) bson (2.3.0) @@ -51,11 +72,10 @@ GEM i18n (0.6.11) json (1.8.1) jwt (1.0.0) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) + mail (2.6.1) + mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (1.25.1) + mime-types (2.3) mini_portile (0.6.0) minitest (5.4.0) mocha (1.1.0) @@ -96,33 +116,17 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - polyglot (0.3.5) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.1.5) - actionmailer (= 4.1.5) - actionpack (= 4.1.5) - actionview (= 4.1.5) - activemodel (= 4.1.5) - activerecord (= 4.1.5) - activesupport (= 4.1.5) - bundler (>= 1.3.0, < 2.0) - railties (= 4.1.5) - sprockets-rails (~> 2.0) - railties (4.1.5) - actionpack (= 4.1.5) - activesupport (= 4.1.5) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) rake (10.3.2) rdoc (4.1.1) json (~> 1.4) - responders (1.1.0) - railties (>= 3.2, < 5) + responders (1.1.1) + railties (>= 3.2, < 4.2) ruby-openid (2.5.0) sprockets (2.12.1) hike (~> 1.2) @@ -137,9 +141,6 @@ GEM thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.3) @@ -163,7 +164,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (~> 4.1.0) + rails! rdoc sqlite3 webrat (= 0.7.3) From 4f77da5b87293c1ef9f2c4f94a862f580bf0815d Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Sat, 23 Aug 2014 16:44:06 -0500 Subject: [PATCH 0560/1473] Step1: Create controllers templates, and create controller generator to copy ALL templates to rails app directory --- .../devise/controllers_generator.rb | 17 ++ .../controllers/confirmations_controller.rb | 16 ++ .../controllers/devise_controller.rb | 176 ++++++++++++++++++ .../omniauth_callbacks_controller.rb | 21 +++ .../controllers/passwords_controller.rb | 21 +++ .../controllers/registrations_controller.rb | 35 ++++ .../controllers/sessions_controller.rb | 16 ++ .../controllers/unlocks_controller.rb | 16 ++ 8 files changed, 318 insertions(+) create mode 100644 lib/generators/devise/controllers_generator.rb create mode 100644 lib/generators/templates/controllers/confirmations_controller.rb create mode 100644 lib/generators/templates/controllers/devise_controller.rb create mode 100644 lib/generators/templates/controllers/omniauth_callbacks_controller.rb create mode 100644 lib/generators/templates/controllers/passwords_controller.rb create mode 100644 lib/generators/templates/controllers/registrations_controller.rb create mode 100644 lib/generators/templates/controllers/sessions_controller.rb create mode 100644 lib/generators/templates/controllers/unlocks_controller.rb diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb new file mode 100644 index 0000000000..c3cd01fc6e --- /dev/null +++ b/lib/generators/devise/controllers_generator.rb @@ -0,0 +1,17 @@ +require 'rails/generators/base' + +module Devise + module Generators + class ControllersGenerator < Rails::Generators::Base + desc "Create inherited Devise controllers in your application." + source_root File.expand_path("../../templates/", __FILE__) + argument :scope, required: false, default: nil, + desc: "The scope to create controllers in" + + def create_controllers + directory "controllers", "app/controllers/#{scope || :devise}" + end + end + end +end + diff --git a/lib/generators/templates/controllers/confirmations_controller.rb b/lib/generators/templates/controllers/confirmations_controller.rb new file mode 100644 index 0000000000..e3ce0872bc --- /dev/null +++ b/lib/generators/templates/controllers/confirmations_controller.rb @@ -0,0 +1,16 @@ +class Users::ConfirmationsController < Devise::ConfirmationsController + # GET /resource/confirmation/new + def new + super + end + + # POST /resource/confirmation + def create + super + end + + # GET /resource/confirmation?confirmation_token=abcdef + def show + super + end +end diff --git a/lib/generators/templates/controllers/devise_controller.rb b/lib/generators/templates/controllers/devise_controller.rb new file mode 100644 index 0000000000..7cdd0f7e0d --- /dev/null +++ b/lib/generators/templates/controllers/devise_controller.rb @@ -0,0 +1,176 @@ +# All Devise controllers are inherited from here. +class DeviseController < Devise.parent_controller.constantize + include Devise::Controllers::ScopedViews + + helper DeviseHelper + + helpers = %w(resource scope_name resource_name signed_in_resource + resource_class resource_params devise_mapping) + hide_action(*helpers) + helper_method(*helpers) + + prepend_before_filter :assert_is_devise_resource! + respond_to :html if mimes_for_respond_to.empty? + + # Gets the actual resource stored in the instance variable + def resource + instance_variable_get(:"@#{resource_name}") + end + + # Proxy to devise map name + def resource_name + devise_mapping.name + end + alias :scope_name :resource_name + + # Proxy to devise map class + def resource_class + devise_mapping.to + end + + # Returns a signed in resource from session (if one exists) + def signed_in_resource + warden.authenticate(scope: resource_name) + end + + # Attempt to find the mapped route for devise based on request path + def devise_mapping + @devise_mapping ||= request.env["devise.mapping"] + end + + # Override prefixes to consider the scoped view. + # Notice we need to check for the request due to a bug in + # Action Controller tests that forces _prefixes to be + # loaded before even having a request object. + def _prefixes #:nodoc: + @_prefixes ||= if self.class.scoped_views? && request && devise_mapping + ["#{devise_mapping.scoped_path}/#{controller_name}"] + super + else + super + end + end + + hide_action :_prefixes + + protected + + # Checks whether it's a devise mapped resource or not. + def assert_is_devise_resource! #:nodoc: + unknown_action! <<-MESSAGE unless devise_mapping +Could not find devise mapping for path #{request.fullpath.inspect}. +This may happen for two reasons: + +1) You forgot to wrap your route inside the scope block. For example: + + devise_scope :user do + get "/some/route" => "some_devise_controller" + end + +2) You are testing a Devise controller bypassing the router. + If so, you can explicitly tell Devise which mapping to use: + + @request.env["devise.mapping"] = Devise.mappings[:user] + +MESSAGE + end + + # Returns real navigational formats which are supported by Rails + def navigational_formats + @navigational_formats ||= Devise.navigational_formats.select { |format| Mime::EXTENSION_LOOKUP[format.to_s] } + end + + def unknown_action!(msg) + logger.debug "[Devise] #{msg}" if logger + raise AbstractController::ActionNotFound, msg + end + + # Sets the resource creating an instance variable + def resource=(new_resource) + instance_variable_set(:"@#{resource_name}", new_resource) + end + + # Helper for use in before_filters where no authentication is required. + # + # Example: + # before_filter :require_no_authentication, only: :new + def require_no_authentication + assert_is_devise_resource! + return unless is_navigational_format? + no_input = devise_mapping.no_input_strategies + + authenticated = if no_input.present? + args = no_input.dup.push scope: resource_name + warden.authenticate?(*args) + else + warden.authenticated?(resource_name) + end + + if authenticated && resource = warden.user(resource_name) + flash[:alert] = I18n.t("devise.failure.already_authenticated") + redirect_to after_sign_in_path_for(resource) + end + end + + # Helper for use after calling send_*_instructions methods on a resource. + # If we are in paranoid mode, we always act as if the resource was valid + # and instructions were sent. + def successfully_sent?(resource) + notice = if Devise.paranoid + resource.errors.clear + :send_paranoid_instructions + elsif resource.errors.empty? + :send_instructions + end + + if notice + set_flash_message :notice, notice if is_flashing_format? + true + end + end + + # Sets the flash message with :key, using I18n. By default you are able + # to setup your messages using specific resource scope, and if no one is + # found we look to default scope. + # Example (i18n locale file): + # + # en: + # devise: + # passwords: + # #default_scope_messages - only if resource_scope is not found + # user: + # #resource_scope_messages + # + # Please refer to README or en.yml locale file to check what messages are + # available. + def set_flash_message(key, kind, options = {}) + message = find_message(kind, options) + flash[key] = message if message.present? + end + + def devise_i18n_options(options) + options + end + + # Get message for given + def find_message(kind, options = {}) + options[:scope] = "devise.#{controller_name}" + options[:default] = Array(options[:default]).unshift(kind.to_sym) + options[:resource_name] = resource_name + options = devise_i18n_options(options) + I18n.t("#{options[:resource_name]}.#{kind}", options) + end + + def clean_up_passwords(object) + object.clean_up_passwords if object.respond_to?(:clean_up_passwords) + end + + def respond_with_navigational(*args, &block) + respond_with(*args) do |format| + format.any(*navigational_formats, &block) + end + end + + def resource_params + params.fetch(resource_name, {}) + end +end diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb new file mode 100644 index 0000000000..ecde966929 --- /dev/null +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb @@ -0,0 +1,21 @@ +class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController + # You should configure your model like this: + # devise :omniauthable, omniauth_providers: [:twitter] + + # You should also create an action method in this controller like this: + # def twitter + # end + + # More info at: + # https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview + + # GET|POST /resource/auth/twitter + def passthru + super + end + + # GET|POST /users/auth/twitter/callback + def failure + super + end +end diff --git a/lib/generators/templates/controllers/passwords_controller.rb b/lib/generators/templates/controllers/passwords_controller.rb new file mode 100644 index 0000000000..69bb42a159 --- /dev/null +++ b/lib/generators/templates/controllers/passwords_controller.rb @@ -0,0 +1,21 @@ +class Users::PasswordsController < Devise::PasswordsController + # GET /resource/password/new + def new + super + end + + # POST /resource/password + def create + super + end + + # GET /resource/password/edit?reset_password_token=abcdef + def edit + super + end + + # PUT /resource/password + def update + super + end +end diff --git a/lib/generators/templates/controllers/registrations_controller.rb b/lib/generators/templates/controllers/registrations_controller.rb new file mode 100644 index 0000000000..0c6cb09321 --- /dev/null +++ b/lib/generators/templates/controllers/registrations_controller.rb @@ -0,0 +1,35 @@ +class Users::RegistrationsController < Devise::RegistrationsController + # GET /resource/sign_up + def new + super + end + + # POST /resource + def create + super + end + + # GET /resource/edit + def edit + super + end + + # PUT /resource + def update + super + end + + # DELETE /resource + def destroy + super + end + + # GET /resource/cancel + # Forces the session data which is usually expired after sign + # in to be expired now. This is useful if the user wants to + # cancel oauth signing in/up in the middle of the process, + # removing all OAuth session data. + def cancel + super + end +end diff --git a/lib/generators/templates/controllers/sessions_controller.rb b/lib/generators/templates/controllers/sessions_controller.rb new file mode 100644 index 0000000000..68aa08ff50 --- /dev/null +++ b/lib/generators/templates/controllers/sessions_controller.rb @@ -0,0 +1,16 @@ +class Users::SessionsController < Devise::SessionsController + # GET /resource/sign_in + def new + super + end + + # POST /resource/sign_in + def create + super + end + + # DELETE /resource/sign_out + def destroy + super + end +end diff --git a/lib/generators/templates/controllers/unlocks_controller.rb b/lib/generators/templates/controllers/unlocks_controller.rb new file mode 100644 index 0000000000..1ec445c51b --- /dev/null +++ b/lib/generators/templates/controllers/unlocks_controller.rb @@ -0,0 +1,16 @@ +class Users::UnlocksController < Devise::UnlocksController + # GET /resource/unlock/new + def new + super + end + + # POST /resource/unlock + def create + super + end + + # GET /resource/unlock?unlock_token=abcdef + def show + super + end +end From d8d9814ed4889e6bbe7fd2ee9e4b5a6823f1e0db Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Sat, 23 Aug 2014 23:29:45 -0500 Subject: [PATCH 0561/1473] user erb template to generate controllers, enable --controllers option to specify controllers, make 'scope' argument required --- .../devise/controllers_generator.rb | 18 +- ...roller.rb => confirmations_controller.erb} | 2 +- .../controllers/devise_controller.rb | 176 ------------------ ...r.rb => omniauth_callbacks_controller.erb} | 2 +- ...controller.rb => passwords_controller.erb} | 2 +- ...roller.rb => registrations_controller.erb} | 2 +- ..._controller.rb => sessions_controller.erb} | 2 +- ...s_controller.rb => unlocks_controller.erb} | 2 +- 8 files changed, 20 insertions(+), 186 deletions(-) rename lib/generators/templates/controllers/{confirmations_controller.rb => confirmations_controller.erb} (71%) delete mode 100644 lib/generators/templates/controllers/devise_controller.rb rename lib/generators/templates/controllers/{omniauth_callbacks_controller.rb => omniauth_callbacks_controller.erb} (82%) rename lib/generators/templates/controllers/{passwords_controller.rb => passwords_controller.erb} (77%) rename lib/generators/templates/controllers/{registrations_controller.rb => registrations_controller.erb} (86%) rename lib/generators/templates/controllers/{sessions_controller.rb => sessions_controller.erb} (69%) rename lib/generators/templates/controllers/{unlocks_controller.rb => unlocks_controller.erb} (71%) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index c3cd01fc6e..d5b4f090cc 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -3,13 +3,23 @@ module Devise module Generators class ControllersGenerator < Rails::Generators::Base + def self.all_controllers + @@controllers ||= %w(confirmations passwords registrations sessions unlocks omniauth_callbacks) + end + desc "Create inherited Devise controllers in your application." - source_root File.expand_path("../../templates/", __FILE__) - argument :scope, required: false, default: nil, - desc: "The scope to create controllers in" + source_root File.expand_path("../../templates/controllers", __FILE__) + argument :scope, required: true, + desc: "The scope to create controllers in, e.g. users, admins" + class_option :controllers, aliases: "-c", type: :array, desc: "Select specific controllers to generate (#{all_controllers})" def create_controllers - directory "controllers", "app/controllers/#{scope || :devise}" + @scope_module = scope.camelize + controllers = options[:controllers] || self.class.all_controllers + controllers.each do |name| + template "#{name}_controller.erb", + "app/controllers/#{scope}/#{name}_controller.rb" + end end end end diff --git a/lib/generators/templates/controllers/confirmations_controller.rb b/lib/generators/templates/controllers/confirmations_controller.erb similarity index 71% rename from lib/generators/templates/controllers/confirmations_controller.rb rename to lib/generators/templates/controllers/confirmations_controller.erb index e3ce0872bc..bc8f147cf1 100644 --- a/lib/generators/templates/controllers/confirmations_controller.rb +++ b/lib/generators/templates/controllers/confirmations_controller.erb @@ -1,4 +1,4 @@ -class Users::ConfirmationsController < Devise::ConfirmationsController +class <%= @scope_module %>::ConfirmationsController < Devise::ConfirmationsController # GET /resource/confirmation/new def new super diff --git a/lib/generators/templates/controllers/devise_controller.rb b/lib/generators/templates/controllers/devise_controller.rb deleted file mode 100644 index 7cdd0f7e0d..0000000000 --- a/lib/generators/templates/controllers/devise_controller.rb +++ /dev/null @@ -1,176 +0,0 @@ -# All Devise controllers are inherited from here. -class DeviseController < Devise.parent_controller.constantize - include Devise::Controllers::ScopedViews - - helper DeviseHelper - - helpers = %w(resource scope_name resource_name signed_in_resource - resource_class resource_params devise_mapping) - hide_action(*helpers) - helper_method(*helpers) - - prepend_before_filter :assert_is_devise_resource! - respond_to :html if mimes_for_respond_to.empty? - - # Gets the actual resource stored in the instance variable - def resource - instance_variable_get(:"@#{resource_name}") - end - - # Proxy to devise map name - def resource_name - devise_mapping.name - end - alias :scope_name :resource_name - - # Proxy to devise map class - def resource_class - devise_mapping.to - end - - # Returns a signed in resource from session (if one exists) - def signed_in_resource - warden.authenticate(scope: resource_name) - end - - # Attempt to find the mapped route for devise based on request path - def devise_mapping - @devise_mapping ||= request.env["devise.mapping"] - end - - # Override prefixes to consider the scoped view. - # Notice we need to check for the request due to a bug in - # Action Controller tests that forces _prefixes to be - # loaded before even having a request object. - def _prefixes #:nodoc: - @_prefixes ||= if self.class.scoped_views? && request && devise_mapping - ["#{devise_mapping.scoped_path}/#{controller_name}"] + super - else - super - end - end - - hide_action :_prefixes - - protected - - # Checks whether it's a devise mapped resource or not. - def assert_is_devise_resource! #:nodoc: - unknown_action! <<-MESSAGE unless devise_mapping -Could not find devise mapping for path #{request.fullpath.inspect}. -This may happen for two reasons: - -1) You forgot to wrap your route inside the scope block. For example: - - devise_scope :user do - get "/some/route" => "some_devise_controller" - end - -2) You are testing a Devise controller bypassing the router. - If so, you can explicitly tell Devise which mapping to use: - - @request.env["devise.mapping"] = Devise.mappings[:user] - -MESSAGE - end - - # Returns real navigational formats which are supported by Rails - def navigational_formats - @navigational_formats ||= Devise.navigational_formats.select { |format| Mime::EXTENSION_LOOKUP[format.to_s] } - end - - def unknown_action!(msg) - logger.debug "[Devise] #{msg}" if logger - raise AbstractController::ActionNotFound, msg - end - - # Sets the resource creating an instance variable - def resource=(new_resource) - instance_variable_set(:"@#{resource_name}", new_resource) - end - - # Helper for use in before_filters where no authentication is required. - # - # Example: - # before_filter :require_no_authentication, only: :new - def require_no_authentication - assert_is_devise_resource! - return unless is_navigational_format? - no_input = devise_mapping.no_input_strategies - - authenticated = if no_input.present? - args = no_input.dup.push scope: resource_name - warden.authenticate?(*args) - else - warden.authenticated?(resource_name) - end - - if authenticated && resource = warden.user(resource_name) - flash[:alert] = I18n.t("devise.failure.already_authenticated") - redirect_to after_sign_in_path_for(resource) - end - end - - # Helper for use after calling send_*_instructions methods on a resource. - # If we are in paranoid mode, we always act as if the resource was valid - # and instructions were sent. - def successfully_sent?(resource) - notice = if Devise.paranoid - resource.errors.clear - :send_paranoid_instructions - elsif resource.errors.empty? - :send_instructions - end - - if notice - set_flash_message :notice, notice if is_flashing_format? - true - end - end - - # Sets the flash message with :key, using I18n. By default you are able - # to setup your messages using specific resource scope, and if no one is - # found we look to default scope. - # Example (i18n locale file): - # - # en: - # devise: - # passwords: - # #default_scope_messages - only if resource_scope is not found - # user: - # #resource_scope_messages - # - # Please refer to README or en.yml locale file to check what messages are - # available. - def set_flash_message(key, kind, options = {}) - message = find_message(kind, options) - flash[key] = message if message.present? - end - - def devise_i18n_options(options) - options - end - - # Get message for given - def find_message(kind, options = {}) - options[:scope] = "devise.#{controller_name}" - options[:default] = Array(options[:default]).unshift(kind.to_sym) - options[:resource_name] = resource_name - options = devise_i18n_options(options) - I18n.t("#{options[:resource_name]}.#{kind}", options) - end - - def clean_up_passwords(object) - object.clean_up_passwords if object.respond_to?(:clean_up_passwords) - end - - def respond_with_navigational(*args, &block) - respond_with(*args) do |format| - format.any(*navigational_formats, &block) - end - end - - def resource_params - params.fetch(resource_name, {}) - end -end diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb similarity index 82% rename from lib/generators/templates/controllers/omniauth_callbacks_controller.rb rename to lib/generators/templates/controllers/omniauth_callbacks_controller.erb index ecde966929..2b2dd0cdad 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb @@ -1,4 +1,4 @@ -class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController +class <%= @scope_module %>::OmniauthCallbacksController < Devise::OmniauthCallbacksController # You should configure your model like this: # devise :omniauthable, omniauth_providers: [:twitter] diff --git a/lib/generators/templates/controllers/passwords_controller.rb b/lib/generators/templates/controllers/passwords_controller.erb similarity index 77% rename from lib/generators/templates/controllers/passwords_controller.rb rename to lib/generators/templates/controllers/passwords_controller.erb index 69bb42a159..b77c83b380 100644 --- a/lib/generators/templates/controllers/passwords_controller.rb +++ b/lib/generators/templates/controllers/passwords_controller.erb @@ -1,4 +1,4 @@ -class Users::PasswordsController < Devise::PasswordsController +class <%= @scope_module %>::PasswordsController < Devise::PasswordsController # GET /resource/password/new def new super diff --git a/lib/generators/templates/controllers/registrations_controller.rb b/lib/generators/templates/controllers/registrations_controller.erb similarity index 86% rename from lib/generators/templates/controllers/registrations_controller.rb rename to lib/generators/templates/controllers/registrations_controller.erb index 0c6cb09321..8916b30aa1 100644 --- a/lib/generators/templates/controllers/registrations_controller.rb +++ b/lib/generators/templates/controllers/registrations_controller.erb @@ -1,4 +1,4 @@ -class Users::RegistrationsController < Devise::RegistrationsController +class <%= @scope_module %>::RegistrationsController < Devise::RegistrationsController # GET /resource/sign_up def new super diff --git a/lib/generators/templates/controllers/sessions_controller.rb b/lib/generators/templates/controllers/sessions_controller.erb similarity index 69% rename from lib/generators/templates/controllers/sessions_controller.rb rename to lib/generators/templates/controllers/sessions_controller.erb index 68aa08ff50..acd52dcbc0 100644 --- a/lib/generators/templates/controllers/sessions_controller.rb +++ b/lib/generators/templates/controllers/sessions_controller.erb @@ -1,4 +1,4 @@ -class Users::SessionsController < Devise::SessionsController +module <%= @scope_module %>::SessionsController < Devise::SessionsController # GET /resource/sign_in def new super diff --git a/lib/generators/templates/controllers/unlocks_controller.rb b/lib/generators/templates/controllers/unlocks_controller.erb similarity index 71% rename from lib/generators/templates/controllers/unlocks_controller.rb rename to lib/generators/templates/controllers/unlocks_controller.erb index 1ec445c51b..a4d2edf6b5 100644 --- a/lib/generators/templates/controllers/unlocks_controller.rb +++ b/lib/generators/templates/controllers/unlocks_controller.erb @@ -1,4 +1,4 @@ -class Users::UnlocksController < Devise::UnlocksController +class <%= @scope_module %>::UnlocksController < Devise::UnlocksController # GET /resource/unlock/new def new super From 8de94035f0f8908b15189c89a02b7c43a8ff5df4 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Sun, 24 Aug 2014 00:06:12 -0500 Subject: [PATCH 0562/1473] add better help description --- .../devise/controllers_generator.rb | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index d5b4f090cc..8ebc7e68fb 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -7,11 +7,31 @@ def self.all_controllers @@controllers ||= %w(confirmations passwords registrations sessions unlocks omniauth_callbacks) end - desc "Create inherited Devise controllers in your application." + desc <<-DESC +Create inherited Devise controllers in your app/controllers folder. + +User -c to specify which controller you want to overwrite. +If you do no specify a controller, all controllers will be created. + +Usage example: rails generate devise:controllers users -c=sessions +This will create a controller class at app/controllers/users/sessions_controller.rb like this: +> class Users::ConfirmationsController < Devise::ConfirmationsController +> content... +> end + +Note: you MUST specify a scope(like users here) and config your route.rb file accordingly like this: +> Rails.application.routes.draw do +> content... +> devise_for :users, controllers: { +> sessions: 'users/sessions', +> other controller... +> } +> end + DESC source_root File.expand_path("../../templates/controllers", __FILE__) argument :scope, required: true, desc: "The scope to create controllers in, e.g. users, admins" - class_option :controllers, aliases: "-c", type: :array, desc: "Select specific controllers to generate (#{all_controllers})" + class_option :controllers, aliases: "-c", type: :array, desc: "Select specific controllers to generate (#{all_controllers.join(', ')})" def create_controllers @scope_module = scope.camelize From 7b5293906b6da9d14e65abb92fa42c850ed1b0fe Mon Sep 17 00:00:00 2001 From: micat Date: Sat, 23 Aug 2014 22:33:08 +0900 Subject: [PATCH 0563/1473] Return Symbol in find_scope! if String passed --- lib/devise/mapping.rb | 2 +- test/controllers/url_helpers_test.rb | 6 ++++++ test/mapping_test.rb | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index de787dc5c4..5c40f762c8 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -33,7 +33,7 @@ class Mapping #:nodoc: def self.find_scope!(obj) case obj when String, Symbol - return obj + return obj.to_sym when Class Devise.mappings.each_value { |m| return m.name if obj <= m.to } else diff --git a/test/controllers/url_helpers_test.rb b/test/controllers/url_helpers_test.rb index 23ba5f15ac..06895b5db7 100644 --- a/test/controllers/url_helpers_test.rb +++ b/test/controllers/url_helpers_test.rb @@ -13,6 +13,12 @@ def assert_path_and_url(name, prepend_path=nil) assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user), send(:"#{prepend_path}user_#{name}_url") + # With string + assert_equal @controller.send(:"#{prepend_path}#{name}_path", "user"), + send(:"#{prepend_path}user_#{name}_path") + assert_equal @controller.send(:"#{prepend_path}#{name}_url", "user"), + send(:"#{prepend_path}user_#{name}_url") + # Default url params assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, param: 123), send(:"#{prepend_path}user_#{name}_path", param: 123) diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 2ec97e197f..d22bf0bc2e 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -62,6 +62,7 @@ def fake_request(path, params={}) test 'find scope for a given object' do assert_equal :user, Devise::Mapping.find_scope!(User) assert_equal :user, Devise::Mapping.find_scope!(:user) + assert_equal :user, Devise::Mapping.find_scope!("user") assert_equal :user, Devise::Mapping.find_scope!(User.new) end From 02b1a9c4e0fa30fcc78618de552513f91433ee13 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Sun, 24 Aug 2014 21:28:06 -0500 Subject: [PATCH 0564/1473] enable empty scope when generating a controller --- lib/generators/devise/controllers_generator.rb | 4 ++-- .../templates/controllers/confirmations_controller.erb | 2 +- .../templates/controllers/omniauth_callbacks_controller.erb | 2 +- lib/generators/templates/controllers/passwords_controller.erb | 2 +- .../templates/controllers/registrations_controller.erb | 2 +- lib/generators/templates/controllers/sessions_controller.erb | 2 +- lib/generators/templates/controllers/unlocks_controller.erb | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index 8ebc7e68fb..46b50dea85 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -29,12 +29,12 @@ def self.all_controllers > end DESC source_root File.expand_path("../../templates/controllers", __FILE__) - argument :scope, required: true, + argument :scope, required: false, default: nil, desc: "The scope to create controllers in, e.g. users, admins" class_option :controllers, aliases: "-c", type: :array, desc: "Select specific controllers to generate (#{all_controllers.join(', ')})" def create_controllers - @scope_module = scope.camelize + @scope_prefix = scope.blank? ? '' : (scope.camelize + '::') controllers = options[:controllers] || self.class.all_controllers controllers.each do |name| template "#{name}_controller.erb", diff --git a/lib/generators/templates/controllers/confirmations_controller.erb b/lib/generators/templates/controllers/confirmations_controller.erb index bc8f147cf1..520e5e2369 100644 --- a/lib/generators/templates/controllers/confirmations_controller.erb +++ b/lib/generators/templates/controllers/confirmations_controller.erb @@ -1,4 +1,4 @@ -class <%= @scope_module %>::ConfirmationsController < Devise::ConfirmationsController +class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController # GET /resource/confirmation/new def new super diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb index 2b2dd0cdad..4769fd92ff 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb @@ -1,4 +1,4 @@ -class <%= @scope_module %>::OmniauthCallbacksController < Devise::OmniauthCallbacksController +class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallbacksController # You should configure your model like this: # devise :omniauthable, omniauth_providers: [:twitter] diff --git a/lib/generators/templates/controllers/passwords_controller.erb b/lib/generators/templates/controllers/passwords_controller.erb index b77c83b380..17b7573cf0 100644 --- a/lib/generators/templates/controllers/passwords_controller.erb +++ b/lib/generators/templates/controllers/passwords_controller.erb @@ -1,4 +1,4 @@ -class <%= @scope_module %>::PasswordsController < Devise::PasswordsController +class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController # GET /resource/password/new def new super diff --git a/lib/generators/templates/controllers/registrations_controller.erb b/lib/generators/templates/controllers/registrations_controller.erb index 8916b30aa1..32bf819685 100644 --- a/lib/generators/templates/controllers/registrations_controller.erb +++ b/lib/generators/templates/controllers/registrations_controller.erb @@ -1,4 +1,4 @@ -class <%= @scope_module %>::RegistrationsController < Devise::RegistrationsController +class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController # GET /resource/sign_up def new super diff --git a/lib/generators/templates/controllers/sessions_controller.erb b/lib/generators/templates/controllers/sessions_controller.erb index acd52dcbc0..beedf72b64 100644 --- a/lib/generators/templates/controllers/sessions_controller.erb +++ b/lib/generators/templates/controllers/sessions_controller.erb @@ -1,4 +1,4 @@ -module <%= @scope_module %>::SessionsController < Devise::SessionsController +class <%= @scope_prefix %>SessionsController < Devise::SessionsController # GET /resource/sign_in def new super diff --git a/lib/generators/templates/controllers/unlocks_controller.erb b/lib/generators/templates/controllers/unlocks_controller.erb index a4d2edf6b5..61fb2f44f7 100644 --- a/lib/generators/templates/controllers/unlocks_controller.erb +++ b/lib/generators/templates/controllers/unlocks_controller.erb @@ -1,4 +1,4 @@ -class <%= @scope_module %>::UnlocksController < Devise::UnlocksController +class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController # GET /resource/unlock/new def new super From 992ee86b4123132abe939d0304c8b4306ca92d26 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Sun, 24 Aug 2014 22:05:54 -0500 Subject: [PATCH 0565/1473] add test for controllers generator --- test/generators/controllers_generator_test.rb | 47 +++++++++++++++++++ test/test_helper.rb | 1 + 2 files changed, 48 insertions(+) create mode 100644 test/generators/controllers_generator_test.rb diff --git a/test/generators/controllers_generator_test.rb b/test/generators/controllers_generator_test.rb new file mode 100644 index 0000000000..e3363b6abd --- /dev/null +++ b/test/generators/controllers_generator_test.rb @@ -0,0 +1,47 @@ +require "test_helper" + +class ControllersGeneratorTest < Rails::Generators::TestCase + tests Devise::Generators::ControllersGenerator + destination File.expand_path("../../tmp", __FILE__) + setup :prepare_destination + + test "Assert all controllers are properly created with no params" do + run_generator + assert_class_names + end + + test "Assert all controllers are properly created with scope param" do + run_generator %w(users) + assert_class_names 'users' + + run_generator %w(admins) + assert_class_names 'admins' + end + + test "Assert only controllers with specific names" do + run_generator %w(-c sessions registrations) + assert_file "app/controllers/sessions_controller.rb" + assert_file "app/controllers/registrations_controller.rb" + assert_no_file "app/controllers/confirmations_controller.rb" + assert_no_file "app/controllers/passwords_controller.rb" + assert_no_file "app/controllers/unlocks_controller.rb" + assert_no_file "app/controllers/omniauth_callbacks_controller.rb" + end + + test "Assert specified controllers with scope" do + run_generator %w(users -c sessions) + assert_file "app/controllers/users/sessions_controller.rb" + assert_no_file "app/controllers/users/confirmations_controller.rb" + end + + def assert_class_names(scope = nil, options = {}) + base_dir = "app/controllers#{scope.blank? ? '' : ('/' + scope)}" + scope_prefix = scope.blank? ? '' : (scope.camelize + '::') + controllers = options[:controllers] || + %w(confirmations passwords registrations sessions unlocks omniauth_callbacks) + + controllers.each do |c| + assert_file "#{base_dir}/#{c}_controller.rb", /#{scope_prefix + c.camelize}/ + end + end +end diff --git a/test/test_helper.rb b/test/test_helper.rb index dd200611e5..49553d8284 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -27,3 +27,4 @@ require "rails/generators/test_case" require "generators/devise/install_generator" require "generators/devise/views_generator" +require "generators/devise/controllers_generator" From af47bb5542874d296bb6cd0c4d73c0f23dd48db5 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Sun, 24 Aug 2014 22:41:00 -0500 Subject: [PATCH 0566/1473] update description message in the controllers generator --- lib/generators/devise/controllers_generator.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index 46b50dea85..1ee08eae05 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -19,7 +19,8 @@ def self.all_controllers > content... > end -Note: you MUST specify a scope(like users here) and config your route.rb file accordingly like this: +Note: you also need to override routes in your route.rb file accordingly. +For example, you can do it like this: > Rails.application.routes.draw do > content... > devise_for :users, controllers: { From 220c8ff089e797c9f230e4c06a10e6af4a86542c Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Wed, 27 Aug 2014 23:19:43 -0500 Subject: [PATCH 0567/1473] print README instruction after running controller generator --- .../devise/controllers_generator.rb | 26 +++++++++---------- lib/generators/templates/README | 4 +++ 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index 1ee08eae05..0f275630f5 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -12,23 +12,17 @@ def self.all_controllers User -c to specify which controller you want to overwrite. If you do no specify a controller, all controllers will be created. +For example: + + rails generate devise:controllers users -c=sessions -Usage example: rails generate devise:controllers users -c=sessions This will create a controller class at app/controllers/users/sessions_controller.rb like this: -> class Users::ConfirmationsController < Devise::ConfirmationsController -> content... -> end - -Note: you also need to override routes in your route.rb file accordingly. -For example, you can do it like this: -> Rails.application.routes.draw do -> content... -> devise_for :users, controllers: { -> sessions: 'users/sessions', -> other controller... -> } -> end + + class Users::ConfirmationsController < Devise::ConfirmationsController + content... + end DESC + source_root File.expand_path("../../templates/controllers", __FILE__) argument :scope, required: false, default: nil, desc: "The scope to create controllers in, e.g. users, admins" @@ -42,6 +36,10 @@ def create_controllers "app/controllers/#{scope}/#{name}_controller.rb" end end + + def show_readme + readme "README" if behavior == :invoke + end end end end diff --git a/lib/generators/templates/README b/lib/generators/templates/README index 001e6e5a24..985dfe94b5 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -32,4 +32,8 @@ Some setup you must do manually if you haven't yet: rails g devise:views + 6. You can generate inherited controller templates by running: + + rails g devise:controllers + =============================================================================== From 316be42ed6167e813e901256a6d3f3811986cbb8 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Wed, 27 Aug 2014 23:20:26 -0500 Subject: [PATCH 0568/1473] add instruction in the README file for controllers generator. This readme will be printed when user invoke devise:install --- lib/generators/templates/controllers/README | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 lib/generators/templates/controllers/README diff --git a/lib/generators/templates/controllers/README b/lib/generators/templates/controllers/README new file mode 100644 index 0000000000..b130ed3354 --- /dev/null +++ b/lib/generators/templates/controllers/README @@ -0,0 +1,14 @@ +=============================================================================== + +Some setup you must do manually if you haven't yet: + + Ensure you have overridden routes for generated controllers in your route.rb. + For example: + + Rails.application.routes.draw do + devise_for :users, controllers: { + sessions: 'users/sessions' + } + end + +=============================================================================== From 274daad005b2afa674ff5e30d1af63da4534bae3 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Wed, 27 Aug 2014 23:25:48 -0500 Subject: [PATCH 0569/1473] fix code example shown in README user will see after running generator --- lib/generators/templates/controllers/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/controllers/README b/lib/generators/templates/controllers/README index b130ed3354..d8fa757fd3 100644 --- a/lib/generators/templates/controllers/README +++ b/lib/generators/templates/controllers/README @@ -7,7 +7,7 @@ Some setup you must do manually if you haven't yet: Rails.application.routes.draw do devise_for :users, controllers: { - sessions: 'users/sessions' + sessions: 'sessions' } end From 6117a3b56d8f599622d06c11e70f49096165696a Mon Sep 17 00:00:00 2001 From: Anton Rieder Date: Tue, 26 Aug 2014 15:54:49 +0200 Subject: [PATCH 0570/1473] Update Simple Form templates for 3.3.0 --- .../templates/simple_form_for/registrations/new.html.erb | 2 +- .../templates/simple_form_for/sessions/new.html.erb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/generators/templates/simple_form_for/registrations/new.html.erb b/lib/generators/templates/simple_form_for/registrations/new.html.erb index 090fb295c0..4ea8fb9589 100644 --- a/lib/generators/templates/simple_form_for/registrations/new.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/new.html.erb @@ -5,7 +5,7 @@
<%= f.input :email, required: true, autofocus: true %> - <%= f.input :password, required: true %> + <%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %> <%= f.input :password_confirmation, required: true %>
diff --git a/lib/generators/templates/simple_form_for/sessions/new.html.erb b/lib/generators/templates/simple_form_for/sessions/new.html.erb index c790b4988a..31f8a4d42c 100644 --- a/lib/generators/templates/simple_form_for/sessions/new.html.erb +++ b/lib/generators/templates/simple_form_for/sessions/new.html.erb @@ -1,4 +1,4 @@ -

Sign in

+

Log in

<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
@@ -8,7 +8,7 @@
- <%= f.button :submit, "Sign in" %> + <%= f.button :submit, "Log in" %>
<% end %> From 7dce5baf6c2a482e07034eaf0db5d04193690e28 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 1 Sep 2014 18:47:08 -0300 Subject: [PATCH 0571/1473] Devise tests are order dependent. Until 4.2.0, any test suite based on the `TestCase` classes provided by Rails would always run into alphabetical, but now they run in random order. For now, we ensure that our tests always run in alphabetical order. Related commit on rails/rails https://github.com/rails/rails/commit/6ffb29d24e05abbd9ffe3ea974140d6c70221807 --- test/test_helper.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/test_helper.rb b/test/test_helper.rb index dd200611e5..a7c59f9f8e 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,6 +23,10 @@ $:.unshift File.expand_path('../support', __FILE__) Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } +# Devise test suite is order dependent, and we need to ensure that same order +# in Rails 4.2.0. +ActiveSupport::TestCase.my_tests_are_order_dependent! + # For generators require "rails/generators/test_case" require "generators/devise/install_generator" From 13eebb6b76ba51eae8502c49a747ad2e53824504 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 1 Sep 2014 19:01:24 -0300 Subject: [PATCH 0572/1473] Ensure that this is only called when necessary. --- test/test_helper.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index a7c59f9f8e..32c547f32c 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,9 +23,11 @@ $:.unshift File.expand_path('../support', __FILE__) Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } -# Devise test suite is order dependent, and we need to ensure that same order -# in Rails 4.2.0. -ActiveSupport::TestCase.my_tests_are_order_dependent! +if ActiveSupport::TestCase.respond_to?(:my_tests_are_order_dependent!) + # Devise test suite is order dependent, and we need to ensure that same order + # in Rails 4.2.0. + ActiveSupport::TestCase.my_tests_are_order_dependent! +end # For generators require "rails/generators/test_case" From 930bed7a103f162c80a87e30190d05a0d3d98c94 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 1 Sep 2014 19:38:07 -0300 Subject: [PATCH 0573/1473] Add changelog for #3175 [ci skip] --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6968e7c03d..225199d9cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ ### Unreleased * enhancements + * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding + a hint about the minimum password length when `validatable` is enabled (by @aried3r) + * bug fixes ### 3.3.0 From 6af18ed9e3f2344ac020d51fe6e06a9ee245ee0b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 2 Sep 2014 11:24:31 -0300 Subject: [PATCH 0574/1473] Change the 'postgresql?' check to not connect to the database. Closes #3181 --- lib/generators/active_record/devise_generator.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 2ab56b3fc2..7394bd84db 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -83,7 +83,8 @@ def rails4? end def postgresql? - ActiveRecord::Base.connection.adapter_name.downcase == "postgresql" + config = ActiveRecord::Base.configurations[Rails.env] + config && config['adapter'] == 'postgresql' end end end From c25312e78ec413f2edb0f50bc03e3472c328d862 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 2 Sep 2014 14:50:57 -0300 Subject: [PATCH 0575/1473] Remove ActionMailer/ActiveJob deprecation. --- README.md | 12 ++++++++++++ lib/devise/models/authenticatable.rb | 8 +++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 76cc78cf8d..b25ea5ad40 100644 --- a/README.md +++ b/README.md @@ -471,6 +471,18 @@ Alternatively, you can simply run the Devise generator. Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using a dedicated gem for authorization. +### ActiveJob Integration + +If you are using Rails 4.2 and ActiveJob to deliver ActionMailer messages in the +background through a queueing backend, you can send Devise emails through your +existing queue by overriding the `send_devise_notification` method in your model. + +```ruby +def send_devise_notification(notification, *args) + devise_mailer.send(notification, self, *args).deliver_later +end +``` + ### Other ORMs Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file. diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 78be957baf..ebeb9a9829 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -170,7 +170,13 @@ def devise_mailer # end # def send_devise_notification(notification, *args) - devise_mailer.send(notification, self, *args).deliver + message = devise_mailer.send(notification, self, *args) + # Remove once we move to Rails 4.2+ only. + if message.respond_to?(:deliver_now) + message.deliver_now + else + message.deliver + end end def downcase_keys From 6ba87ed339c255e932812b1392122c9a3f28e1d2 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Tue, 2 Sep 2014 22:34:13 -0500 Subject: [PATCH 0576/1473] comment out all stubs --- .../controllers/confirmations_controller.erb | 18 ++++----- .../omniauth_callbacks_controller.erb | 12 +++--- .../controllers/passwords_controller.erb | 24 +++++------ .../controllers/registrations_controller.erb | 40 +++++++++---------- .../controllers/sessions_controller.erb | 18 ++++----- .../controllers/unlocks_controller.erb | 18 ++++----- 6 files changed, 63 insertions(+), 67 deletions(-) diff --git a/lib/generators/templates/controllers/confirmations_controller.erb b/lib/generators/templates/controllers/confirmations_controller.erb index 520e5e2369..d8446a8b5c 100644 --- a/lib/generators/templates/controllers/confirmations_controller.erb +++ b/lib/generators/templates/controllers/confirmations_controller.erb @@ -1,16 +1,16 @@ class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController # GET /resource/confirmation/new - def new - super - end + # def new + # super + # end # POST /resource/confirmation - def create - super - end + # def create + # super + # end # GET /resource/confirmation?confirmation_token=abcdef - def show - super - end + # def show + # super + # end end diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb index 4769fd92ff..dce4fb64b6 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb @@ -10,12 +10,12 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback # https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview # GET|POST /resource/auth/twitter - def passthru - super - end + # def passthru + # super + # end # GET|POST /users/auth/twitter/callback - def failure - super - end + # def failure + # super + # end end diff --git a/lib/generators/templates/controllers/passwords_controller.erb b/lib/generators/templates/controllers/passwords_controller.erb index 17b7573cf0..af02f9f316 100644 --- a/lib/generators/templates/controllers/passwords_controller.erb +++ b/lib/generators/templates/controllers/passwords_controller.erb @@ -1,21 +1,21 @@ class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController # GET /resource/password/new - def new - super - end + # def new + # super + # end # POST /resource/password - def create - super - end + # def create + # super + # end # GET /resource/password/edit?reset_password_token=abcdef - def edit - super - end + # def edit + # super + # end # PUT /resource/password - def update - super - end + # def update + # super + # end end diff --git a/lib/generators/templates/controllers/registrations_controller.erb b/lib/generators/templates/controllers/registrations_controller.erb index 32bf819685..98986e8564 100644 --- a/lib/generators/templates/controllers/registrations_controller.erb +++ b/lib/generators/templates/controllers/registrations_controller.erb @@ -1,35 +1,31 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController # GET /resource/sign_up - def new - super - end + # def new + # super + # end # POST /resource - def create - super - end + # def create + # super + # end # GET /resource/edit - def edit - super - end + # def edit + # super + # end # PUT /resource - def update - super - end + # def update + # super + # end # DELETE /resource - def destroy - super - end + # def destroy + # super + # end # GET /resource/cancel - # Forces the session data which is usually expired after sign - # in to be expired now. This is useful if the user wants to - # cancel oauth signing in/up in the middle of the process, - # removing all OAuth session data. - def cancel - super - end + # def cancel + # super + # end end diff --git a/lib/generators/templates/controllers/sessions_controller.erb b/lib/generators/templates/controllers/sessions_controller.erb index beedf72b64..941abdb052 100644 --- a/lib/generators/templates/controllers/sessions_controller.erb +++ b/lib/generators/templates/controllers/sessions_controller.erb @@ -1,16 +1,16 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController # GET /resource/sign_in - def new - super - end + # def new + # super + # end # POST /resource/sign_in - def create - super - end + # def create + # super + # end # DELETE /resource/sign_out - def destroy - super - end + # def destroy + # super + # end end diff --git a/lib/generators/templates/controllers/unlocks_controller.erb b/lib/generators/templates/controllers/unlocks_controller.erb index 61fb2f44f7..b5ae5071cf 100644 --- a/lib/generators/templates/controllers/unlocks_controller.erb +++ b/lib/generators/templates/controllers/unlocks_controller.erb @@ -1,16 +1,16 @@ class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController # GET /resource/unlock/new - def new - super - end + # def new + # super + # end # POST /resource/unlock - def create - super - end + # def create + # super + # end # GET /resource/unlock?unlock_token=abcdef - def show - super - end + # def show + # super + # end end From 2f81a832326674ab907471444c548c9d26e6aeec Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Tue, 2 Sep 2014 22:54:06 -0500 Subject: [PATCH 0577/1473] refactor code, use a constant insead of a class variable --- .../devise/controllers_generator.rb | 32 +++++++++---------- test/generators/controllers_generator_test.rb | 20 ++++++------ 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index 0f275630f5..537ffb48f1 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -3,34 +3,33 @@ module Devise module Generators class ControllersGenerator < Rails::Generators::Base - def self.all_controllers - @@controllers ||= %w(confirmations passwords registrations sessions unlocks omniauth_callbacks) - end + CONTROLLERS = %w(confirmations passwords registrations sessions unlocks omniauth_callbacks).freeze - desc <<-DESC -Create inherited Devise controllers in your app/controllers folder. + desc <<-DESC.strip_heredoc + Create inherited Devise controllers in your app/controllers folder. -User -c to specify which controller you want to overwrite. -If you do no specify a controller, all controllers will be created. -For example: + User -c to specify which controller you want to overwrite. + If you do no specify a controller, all controllers will be created. + For example: - rails generate devise:controllers users -c=sessions + rails generate devise:controllers users -c=sessions -This will create a controller class at app/controllers/users/sessions_controller.rb like this: + This will create a controller class at app/controllers/users/sessions_controller.rb like this: - class Users::ConfirmationsController < Devise::ConfirmationsController - content... - end + class Users::ConfirmationsController < Devise::ConfirmationsController + content... + end DESC source_root File.expand_path("../../templates/controllers", __FILE__) argument :scope, required: false, default: nil, - desc: "The scope to create controllers in, e.g. users, admins" - class_option :controllers, aliases: "-c", type: :array, desc: "Select specific controllers to generate (#{all_controllers.join(', ')})" + desc: "The scope to create controllers in, e.g. users, admins" + class_option :controllers, aliases: "-c", type: :array, + desc: "Select specific controllers to generate (#{CONTROLLERS.join(', ')})" def create_controllers @scope_prefix = scope.blank? ? '' : (scope.camelize + '::') - controllers = options[:controllers] || self.class.all_controllers + controllers = options[:controllers] || CONTROLLERS controllers.each do |name| template "#{name}_controller.erb", "app/controllers/#{scope}/#{name}_controller.rb" @@ -43,4 +42,3 @@ def show_readme end end end - diff --git a/test/generators/controllers_generator_test.rb b/test/generators/controllers_generator_test.rb index e3363b6abd..759ba7dc37 100644 --- a/test/generators/controllers_generator_test.rb +++ b/test/generators/controllers_generator_test.rb @@ -34,14 +34,16 @@ class ControllersGeneratorTest < Rails::Generators::TestCase assert_no_file "app/controllers/users/confirmations_controller.rb" end - def assert_class_names(scope = nil, options = {}) - base_dir = "app/controllers#{scope.blank? ? '' : ('/' + scope)}" - scope_prefix = scope.blank? ? '' : (scope.camelize + '::') - controllers = options[:controllers] || - %w(confirmations passwords registrations sessions unlocks omniauth_callbacks) - - controllers.each do |c| - assert_file "#{base_dir}/#{c}_controller.rb", /#{scope_prefix + c.camelize}/ + private + + def assert_class_names(scope = nil, options = {}) + base_dir = "app/controllers#{scope.blank? ? '' : ('/' + scope)}" + scope_prefix = scope.blank? ? '' : (scope.camelize + '::') + controllers = options[:controllers] || + %w(confirmations passwords registrations sessions unlocks omniauth_callbacks) + + controllers.each do |c| + assert_file "#{base_dir}/#{c}_controller.rb", /#{scope_prefix + c.camelize}/ + end end - end end From daad552e1b13c5fe68114ce563ca1d83e44fc1b6 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Tue, 2 Sep 2014 23:04:27 -0500 Subject: [PATCH 0578/1473] make scope required --- .../devise/controllers_generator.rb | 2 +- test/generators/controllers_generator_test.rb | 25 +++++++++---------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index 537ffb48f1..721c5e49c5 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -22,7 +22,7 @@ class Users::ConfirmationsController < Devise::ConfirmationsController DESC source_root File.expand_path("../../templates/controllers", __FILE__) - argument :scope, required: false, default: nil, + argument :scope, required: true, desc: "The scope to create controllers in, e.g. users, admins" class_option :controllers, aliases: "-c", type: :array, desc: "Select specific controllers to generate (#{CONTROLLERS.join(', ')})" diff --git a/test/generators/controllers_generator_test.rb b/test/generators/controllers_generator_test.rb index 759ba7dc37..11d1c35dbc 100644 --- a/test/generators/controllers_generator_test.rb +++ b/test/generators/controllers_generator_test.rb @@ -5,9 +5,14 @@ class ControllersGeneratorTest < Rails::Generators::TestCase destination File.expand_path("../../tmp", __FILE__) setup :prepare_destination - test "Assert all controllers are properly created with no params" do + test "Assert no controllers are created with no params" do run_generator - assert_class_names + assert_no_file "app/controllers/sessions_controller.rb" + assert_no_file "app/controllers/registrations_controller.rb" + assert_no_file "app/controllers/confirmations_controller.rb" + assert_no_file "app/controllers/passwords_controller.rb" + assert_no_file "app/controllers/unlocks_controller.rb" + assert_no_file "app/controllers/omniauth_callbacks_controller.rb" end test "Assert all controllers are properly created with scope param" do @@ -18,25 +23,19 @@ class ControllersGeneratorTest < Rails::Generators::TestCase assert_class_names 'admins' end - test "Assert only controllers with specific names" do - run_generator %w(-c sessions registrations) - assert_file "app/controllers/sessions_controller.rb" - assert_file "app/controllers/registrations_controller.rb" - assert_no_file "app/controllers/confirmations_controller.rb" - assert_no_file "app/controllers/passwords_controller.rb" - assert_no_file "app/controllers/unlocks_controller.rb" - assert_no_file "app/controllers/omniauth_callbacks_controller.rb" - end - test "Assert specified controllers with scope" do run_generator %w(users -c sessions) assert_file "app/controllers/users/sessions_controller.rb" + assert_no_file "app/controllers/users/registrations_controller.rb" assert_no_file "app/controllers/users/confirmations_controller.rb" + assert_no_file "app/controllers/users/passwords_controller.rb" + assert_no_file "app/controllers/users/unlocks_controller.rb" + assert_no_file "app/controllers/users/omniauth_callbacks_controller.rb" end private - def assert_class_names(scope = nil, options = {}) + def assert_class_names(scope, options = {}) base_dir = "app/controllers#{scope.blank? ? '' : ('/' + scope)}" scope_prefix = scope.blank? ? '' : (scope.camelize + '::') controllers = options[:controllers] || From e2e9e90d6953a2a3f7b980540e42aa8907f70bf4 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Tue, 2 Sep 2014 23:25:38 -0500 Subject: [PATCH 0579/1473] move controller generator info from lib/generators/templates/README to README --- README.md | 16 +++++++++++++--- lib/generators/templates/README | 4 ---- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 76cc78cf8d..79e992c558 100644 --- a/README.md +++ b/README.md @@ -282,15 +282,25 @@ rails generate devise:views -v registrations confirmations If the customization at the views level is not enough, you can customize each controller by following these steps: -1. Create your custom controller, for example a `Admins::SessionsController`: +1. Create your custom controllers using the generator which requires a scope: + + ```console + rails generate devise:controllers [scope] + ``` + + If you specify `admins` as the scope, controllers will be created in `app/controllers/admins/`. + And the sessions controller will look like this: ```ruby class Admins::SessionsController < Devise::SessionsController + # GET /resource/sign_in + # def new + # super + # end + ... end ``` - Note that in the above example, the controller needs to be created in the `app/controllers/admins/` directory. - 2. Tell the router to use this controller: ```ruby diff --git a/lib/generators/templates/README b/lib/generators/templates/README index 985dfe94b5..001e6e5a24 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -32,8 +32,4 @@ Some setup you must do manually if you haven't yet: rails g devise:views - 6. You can generate inherited controller templates by running: - - rails g devise:controllers - =============================================================================== From 86ac552287eb3db9934641e761eaa3ba5b8ee7ee Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Tue, 2 Sep 2014 23:49:37 -0500 Subject: [PATCH 0580/1473] add *_path_for stubs in all controllers --- .../controllers/confirmations_controller.erb | 12 ++++++++++++ .../omniauth_callbacks_controller.erb | 7 +++++++ .../controllers/passwords_controller.erb | 11 +++++++++++ .../controllers/registrations_controller.erb | 16 ++++++++++++++++ .../templates/controllers/unlocks_controller.erb | 12 ++++++++++++ 5 files changed, 58 insertions(+) diff --git a/lib/generators/templates/controllers/confirmations_controller.erb b/lib/generators/templates/controllers/confirmations_controller.erb index d8446a8b5c..a92d3703b5 100644 --- a/lib/generators/templates/controllers/confirmations_controller.erb +++ b/lib/generators/templates/controllers/confirmations_controller.erb @@ -13,4 +13,16 @@ class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsControl # def show # super # end + + # protected + + # The path used after resending confirmation instructions. + # def after_resending_confirmation_instructions_path_for(resource_name) + # super(resource_name) + # end + + # The path used after confirmation. + # def after_confirmation_path_for(resource_name, resource) + # super(resource_name, resource) + # end end diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb index dce4fb64b6..a54181c223 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb @@ -18,4 +18,11 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback # def failure # super # end + + # protected + + # The path used when omniauth fails + # def after_omniauth_failure_path_for(scope) + # super(scope) + # end end diff --git a/lib/generators/templates/controllers/passwords_controller.erb b/lib/generators/templates/controllers/passwords_controller.erb index af02f9f316..fe0514fa77 100644 --- a/lib/generators/templates/controllers/passwords_controller.erb +++ b/lib/generators/templates/controllers/passwords_controller.erb @@ -18,4 +18,15 @@ class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController # def update # super # end + + # protected + + # def after_resetting_password_path_for(resource) + # super(resource) + # end + + # The path used after sending reset password instructions + # def after_sending_reset_password_instructions_path_for(resource_name) + # super(resource_name) + # end end diff --git a/lib/generators/templates/controllers/registrations_controller.erb b/lib/generators/templates/controllers/registrations_controller.erb index 98986e8564..9425e75834 100644 --- a/lib/generators/templates/controllers/registrations_controller.erb +++ b/lib/generators/templates/controllers/registrations_controller.erb @@ -25,7 +25,23 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl # end # GET /resource/cancel + # Forces the session data which is usually expired after sign + # in to be expired now. This is useful if the user wants to + # cancel oauth signing in/up in the middle of the process, + # removing all OAuth session data. # def cancel # super # end + + # protected + + # The path used after sign up. + # def after_sign_up_path_for(resource) + # super(resource) + # end + + # The path used after sign up for inactive accounts. + # def after_inactive_sign_up_path_for(resource) + # super(resource) + # end end diff --git a/lib/generators/templates/controllers/unlocks_controller.erb b/lib/generators/templates/controllers/unlocks_controller.erb index b5ae5071cf..42aa96bf38 100644 --- a/lib/generators/templates/controllers/unlocks_controller.erb +++ b/lib/generators/templates/controllers/unlocks_controller.erb @@ -13,4 +13,16 @@ class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController # def show # super # end + + # protected + + # The path used after sending unlock password instructions + # def after_sending_unlock_instructions_path_for(resource) + # super(resource) + # end + + # The path used after unlocking the resource + # def after_unlock_path_for(resource) + # super(resource) + # end end From a9095b86d4f5d53f7dd77f231762a03d3f7f6ae2 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Wed, 3 Sep 2014 00:02:07 -0500 Subject: [PATCH 0581/1473] fix typo: 'new' action should be 'create' action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 79e992c558..28aad919d8 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,7 @@ When you customize your own views, you may end up adding new attributes to forms There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are: -* `sign_in` (`Devise::SessionsController#new`) - Permits only the authentication keys (like `email`) +* `sign_in` (`Devise::SessionsController#create`) - Permits only the authentication keys (like `email`) * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` * `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password` From 67dc138d949b15f9d203372f54f62c71ae591c41 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Wed, 3 Sep 2014 00:10:32 -0500 Subject: [PATCH 0582/1473] add before_action hooks for registrations and sessions controllers to enable user to add extra params --- .../controllers/registrations_controller.erb | 17 +++++++++++++++++ .../controllers/sessions_controller.erb | 11 +++++++++++ 2 files changed, 28 insertions(+) diff --git a/lib/generators/templates/controllers/registrations_controller.erb b/lib/generators/templates/controllers/registrations_controller.erb index 9425e75834..3acbafd9b7 100644 --- a/lib/generators/templates/controllers/registrations_controller.erb +++ b/lib/generators/templates/controllers/registrations_controller.erb @@ -1,4 +1,7 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController +# before_action :configure_sign_up_params, only: [:create] +# before_action :configure_account_update_params, only: [:update] + # GET /resource/sign_up # def new # super @@ -35,6 +38,20 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl # protected + # You can put the params you want to permit in the empty array. + # def configure_sign_up_params + # [].each do |field| + # devise_parameter_sanitizer.for(:sign_up) << field.to_sym + # end + # end + + # You can put the params you want to permit in the empty array. + # def configure_account_update_params + # [].each do |field| + # devise_parameter_sanitizer.for(:account_update) << field.to_sym + # end + # end + # The path used after sign up. # def after_sign_up_path_for(resource) # super(resource) diff --git a/lib/generators/templates/controllers/sessions_controller.erb b/lib/generators/templates/controllers/sessions_controller.erb index 941abdb052..1384a9abbc 100644 --- a/lib/generators/templates/controllers/sessions_controller.erb +++ b/lib/generators/templates/controllers/sessions_controller.erb @@ -1,4 +1,6 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController +# before_action :configure_sign_in_params, only: [:create] + # GET /resource/sign_in # def new # super @@ -13,4 +15,13 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController # def destroy # super # end + + # protected + + # You can put the params you want to permit in the empty array. + # def configure_sign_in_params + # [].each do |field| + # devise_parameter_sanitizer.for(:sign_in) << field.to_sym + # end + # end end From cc21c87bb385831f2f3e4988428fffe0b5d3604c Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 3 Sep 2014 21:58:44 -0500 Subject: [PATCH 0583/1473] Update CHANGELOG [ci skip] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 225199d9cc..ec66617df9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ a hint about the minimum password length when `validatable` is enabled (by @aried3r) * bug fixes + * Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished` + exception when executed inside a mountable engine. ### 3.3.0 From db883414024853163507818608417fe7e2118e9c Mon Sep 17 00:00:00 2001 From: Fred Grosskopf Date: Mon, 8 Sep 2014 14:21:33 +0200 Subject: [PATCH 0584/1473] Removes reloading of routes when eager loading ... ... is enabled. The old code may cause conflicts when developing an engine (i.e. invalid route name) and according to @josevalim the reason for it to remain is unknown. --- lib/devise/rails.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 14de2375fc..8416981056 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -10,9 +10,6 @@ class Engine < ::Rails::Engine Devise.warden_config = config end - # Force routes to be loaded if we are doing any eager load. - config.before_eager_load { |app| app.reload_routes! } - initializer "devise.url_helpers" do Devise.include_helpers(Devise::Controllers) end From 716d128e27489af57270bde8da606de3346f099b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 8 Sep 2014 17:38:06 -0300 Subject: [PATCH 0585/1473] Restore global allow_unconfirmed_access_for after test --- test/models/confirmable_test.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 5de56536de..a08addf649 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -224,10 +224,11 @@ def setup end test 'should be active when we set allow_unconfirmed_access_for to nil' do - Devise.allow_unconfirmed_access_for = nil - user = create_user - user.confirmation_sent_at = Date.today - assert user.active_for_authentication? + swap Devise, allow_unconfirmed_access_for: nil do + user = create_user + user.confirmation_sent_at = Date.today + assert user.active_for_authentication? + end end test 'should not be active without confirmation' do From a6f3f8cb4a24774b897f4c16ea4bb63a2700a5ac Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 8 Sep 2014 18:01:39 -0300 Subject: [PATCH 0586/1473] Split up mailer classes into their own files. --- test/rails_app/app/mailers/users/from_proc_mailer.rb | 3 +++ test/rails_app/app/mailers/users/mailer.rb | 9 --------- test/rails_app/app/mailers/users/reply_to_mailer.rb | 4 ++++ 3 files changed, 7 insertions(+), 9 deletions(-) create mode 100644 test/rails_app/app/mailers/users/from_proc_mailer.rb create mode 100644 test/rails_app/app/mailers/users/reply_to_mailer.rb diff --git a/test/rails_app/app/mailers/users/from_proc_mailer.rb b/test/rails_app/app/mailers/users/from_proc_mailer.rb new file mode 100644 index 0000000000..1bff4cacc2 --- /dev/null +++ b/test/rails_app/app/mailers/users/from_proc_mailer.rb @@ -0,0 +1,3 @@ +class Users::FromProcMailer < Devise::Mailer + default from: proc { 'custom@example.com' } +end diff --git a/test/rails_app/app/mailers/users/mailer.rb b/test/rails_app/app/mailers/users/mailer.rb index 8359d6a5e9..3342f75aa1 100644 --- a/test/rails_app/app/mailers/users/mailer.rb +++ b/test/rails_app/app/mailers/users/mailer.rb @@ -1,12 +1,3 @@ class Users::Mailer < Devise::Mailer default from: 'custom@example.com' end - -class Users::ReplyToMailer < Devise::Mailer - default from: 'custom@example.com' - default reply_to: 'custom_reply_to@example.com' -end - -class Users::FromProcMailer < Devise::Mailer - default from: proc { 'custom@example.com' } -end diff --git a/test/rails_app/app/mailers/users/reply_to_mailer.rb b/test/rails_app/app/mailers/users/reply_to_mailer.rb new file mode 100644 index 0000000000..67ca82cffa --- /dev/null +++ b/test/rails_app/app/mailers/users/reply_to_mailer.rb @@ -0,0 +1,4 @@ +class Users::ReplyToMailer < Devise::Mailer + default from: 'custom@example.com' + default reply_to: 'custom_reply_to@example.com' +end From 6003c6981806adc35d84c66a0a3c27f3b12deb0c Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Tue, 9 Sep 2014 20:31:48 -0500 Subject: [PATCH 0587/1473] change indentation --- .../controllers/confirmations_controller.erb | 16 ++++---- .../omniauth_callbacks_controller.erb | 8 ++-- .../controllers/passwords_controller.erb | 14 +++---- .../controllers/registrations_controller.erb | 40 +++++++++---------- .../controllers/sessions_controller.erb | 12 +++--- .../controllers/unlocks_controller.erb | 16 ++++---- 6 files changed, 53 insertions(+), 53 deletions(-) diff --git a/lib/generators/templates/controllers/confirmations_controller.erb b/lib/generators/templates/controllers/confirmations_controller.erb index a92d3703b5..480ee9a079 100644 --- a/lib/generators/templates/controllers/confirmations_controller.erb +++ b/lib/generators/templates/controllers/confirmations_controller.erb @@ -16,13 +16,13 @@ class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsControl # protected - # The path used after resending confirmation instructions. - # def after_resending_confirmation_instructions_path_for(resource_name) - # super(resource_name) - # end + # The path used after resending confirmation instructions. + # def after_resending_confirmation_instructions_path_for(resource_name) + # super(resource_name) + # end - # The path used after confirmation. - # def after_confirmation_path_for(resource_name, resource) - # super(resource_name, resource) - # end + # The path used after confirmation. + # def after_confirmation_path_for(resource_name, resource) + # super(resource_name, resource) + # end end diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb index a54181c223..d6838366e2 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb @@ -21,8 +21,8 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback # protected - # The path used when omniauth fails - # def after_omniauth_failure_path_for(scope) - # super(scope) - # end + # The path used when omniauth fails + # def after_omniauth_failure_path_for(scope) + # super(scope) + # end end diff --git a/lib/generators/templates/controllers/passwords_controller.erb b/lib/generators/templates/controllers/passwords_controller.erb index fe0514fa77..3409d43597 100644 --- a/lib/generators/templates/controllers/passwords_controller.erb +++ b/lib/generators/templates/controllers/passwords_controller.erb @@ -21,12 +21,12 @@ class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController # protected - # def after_resetting_password_path_for(resource) - # super(resource) - # end + # def after_resetting_password_path_for(resource) + # super(resource) + # end - # The path used after sending reset password instructions - # def after_sending_reset_password_instructions_path_for(resource_name) - # super(resource_name) - # end + # The path used after sending reset password instructions + # def after_sending_reset_password_instructions_path_for(resource_name) + # super(resource_name) + # end end diff --git a/lib/generators/templates/controllers/registrations_controller.erb b/lib/generators/templates/controllers/registrations_controller.erb index 3acbafd9b7..579adfaab2 100644 --- a/lib/generators/templates/controllers/registrations_controller.erb +++ b/lib/generators/templates/controllers/registrations_controller.erb @@ -38,27 +38,27 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl # protected - # You can put the params you want to permit in the empty array. - # def configure_sign_up_params - # [].each do |field| - # devise_parameter_sanitizer.for(:sign_up) << field.to_sym - # end - # end + # You can put the params you want to permit in the empty array. + # def configure_sign_up_params + # [].each do |field| + # devise_parameter_sanitizer.for(:sign_up) << field.to_sym + # end + # end - # You can put the params you want to permit in the empty array. - # def configure_account_update_params - # [].each do |field| - # devise_parameter_sanitizer.for(:account_update) << field.to_sym - # end - # end + # You can put the params you want to permit in the empty array. + # def configure_account_update_params + # [].each do |field| + # devise_parameter_sanitizer.for(:account_update) << field.to_sym + # end + # end - # The path used after sign up. - # def after_sign_up_path_for(resource) - # super(resource) - # end + # The path used after sign up. + # def after_sign_up_path_for(resource) + # super(resource) + # end - # The path used after sign up for inactive accounts. - # def after_inactive_sign_up_path_for(resource) - # super(resource) - # end + # The path used after sign up for inactive accounts. + # def after_inactive_sign_up_path_for(resource) + # super(resource) + # end end diff --git a/lib/generators/templates/controllers/sessions_controller.erb b/lib/generators/templates/controllers/sessions_controller.erb index 1384a9abbc..f5b77176cf 100644 --- a/lib/generators/templates/controllers/sessions_controller.erb +++ b/lib/generators/templates/controllers/sessions_controller.erb @@ -18,10 +18,10 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController # protected - # You can put the params you want to permit in the empty array. - # def configure_sign_in_params - # [].each do |field| - # devise_parameter_sanitizer.for(:sign_in) << field.to_sym - # end - # end + # You can put the params you want to permit in the empty array. + # def configure_sign_in_params + # [].each do |field| + # devise_parameter_sanitizer.for(:sign_in) << field.to_sym + # end + # end end diff --git a/lib/generators/templates/controllers/unlocks_controller.erb b/lib/generators/templates/controllers/unlocks_controller.erb index 42aa96bf38..0e2cced594 100644 --- a/lib/generators/templates/controllers/unlocks_controller.erb +++ b/lib/generators/templates/controllers/unlocks_controller.erb @@ -16,13 +16,13 @@ class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController # protected - # The path used after sending unlock password instructions - # def after_sending_unlock_instructions_path_for(resource) - # super(resource) - # end + # The path used after sending unlock password instructions + # def after_sending_unlock_instructions_path_for(resource) + # super(resource) + # end - # The path used after unlocking the resource - # def after_unlock_path_for(resource) - # super(resource) - # end + # The path used after unlocking the resource + # def after_unlock_path_for(resource) + # super(resource) + # end end From 17f6c76dc701d475e2787fa89eb6a3af0da8b60d Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Tue, 9 Sep 2014 20:35:46 -0500 Subject: [PATCH 0588/1473] simplify sanitizer in *_params function --- .../templates/controllers/registrations_controller.erb | 8 ++------ .../templates/controllers/sessions_controller.erb | 4 +--- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/lib/generators/templates/controllers/registrations_controller.erb b/lib/generators/templates/controllers/registrations_controller.erb index 579adfaab2..e08d0e6f4f 100644 --- a/lib/generators/templates/controllers/registrations_controller.erb +++ b/lib/generators/templates/controllers/registrations_controller.erb @@ -40,16 +40,12 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl # You can put the params you want to permit in the empty array. # def configure_sign_up_params - # [].each do |field| - # devise_parameter_sanitizer.for(:sign_up) << field.to_sym - # end + # devise_parameter_sanitizer.for(:sign_up) << :attribute # end # You can put the params you want to permit in the empty array. # def configure_account_update_params - # [].each do |field| - # devise_parameter_sanitizer.for(:account_update) << field.to_sym - # end + # devise_parameter_sanitizer.for(:account_update) << :attribute # end # The path used after sign up. diff --git a/lib/generators/templates/controllers/sessions_controller.erb b/lib/generators/templates/controllers/sessions_controller.erb index f5b77176cf..b750038ea0 100644 --- a/lib/generators/templates/controllers/sessions_controller.erb +++ b/lib/generators/templates/controllers/sessions_controller.erb @@ -20,8 +20,6 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController # You can put the params you want to permit in the empty array. # def configure_sign_in_params - # [].each do |field| - # devise_parameter_sanitizer.for(:sign_in) << field.to_sym - # end + # devise_parameter_sanitizer.for(:sign_in) << :attribute # end end From 439112adf3abadf2f1dc7e8352533754e8e4f6d8 Mon Sep 17 00:00:00 2001 From: Chun-Yang Date: Tue, 9 Sep 2014 20:40:05 -0500 Subject: [PATCH 0589/1473] change before_action to before_filter to make it backward compatible to rails 3.2 --- .../templates/controllers/registrations_controller.erb | 4 ++-- lib/generators/templates/controllers/sessions_controller.erb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/generators/templates/controllers/registrations_controller.erb b/lib/generators/templates/controllers/registrations_controller.erb index e08d0e6f4f..3566e453d0 100644 --- a/lib/generators/templates/controllers/registrations_controller.erb +++ b/lib/generators/templates/controllers/registrations_controller.erb @@ -1,6 +1,6 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController -# before_action :configure_sign_up_params, only: [:create] -# before_action :configure_account_update_params, only: [:update] +# before_filter :configure_sign_up_params, only: [:create] +# before_filter :configure_account_update_params, only: [:update] # GET /resource/sign_up # def new diff --git a/lib/generators/templates/controllers/sessions_controller.erb b/lib/generators/templates/controllers/sessions_controller.erb index b750038ea0..7a243f4ee8 100644 --- a/lib/generators/templates/controllers/sessions_controller.erb +++ b/lib/generators/templates/controllers/sessions_controller.erb @@ -1,5 +1,5 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController -# before_action :configure_sign_in_params, only: [:create] +# before_filter :configure_sign_in_params, only: [:create] # GET /resource/sign_in # def new From 6e0c287391f4b7c876d5bba1673c34db616d6435 Mon Sep 17 00:00:00 2001 From: "Paul A. Jungwirth" Date: Thu, 11 Sep 2014 08:38:14 -0700 Subject: [PATCH 0590/1473] All causes of failed login should have the same error message --- config/locales/en.yml | 2 +- test/integration/http_authenticatable_test.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index e419f7794f..fa69b16d75 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -12,7 +12,7 @@ en: invalid: "Invalid email or password." locked: "Your account is locked." last_attempt: "You have one more attempt before your account is locked." - not_found_in_database: "Invalid email address or password." + not_found_in_database: "Invalid email or password." timeout: "Your session expired. Please sign in again to continue." unauthenticated: "You need to sign in or sign up before continuing." unconfirmed: "You have to confirm your email address before continuing." diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index b7e770e14d..aad51f62c7 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -42,7 +42,7 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest sign_in_as_new_user_with_http("unknown") assert_equal 401, status assert_equal "application/xml; charset=utf-8", headers["Content-Type"] - assert_match "Invalid email address or password.", response.body + assert_match "Invalid email or password.", response.body end test 'returns a custom response with www-authenticate and chosen realm' do From 48f03d8cc43509893e38f7a486cd62df87dfb1de Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 11 Sep 2014 15:19:41 -0300 Subject: [PATCH 0591/1473] Ensure that the I18n backend is always initialized when we store custom translations. Depending on the test order, there might a moment when a test reloads the I18n backend and another tries to store a translation, but since the backend wasn't re-initialized the custom translations would be overriden when i18n loads the translations from the en.yml file. --- test/support/helpers.rb | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 4eb0db8674..02e5c8d189 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -8,12 +8,15 @@ def setup_mailer end def store_translations(locale, translations, &block) - begin - I18n.backend.store_translations(locale, translations) - yield - ensure - I18n.reload! - end + # Calling 'available_locales' before storing the translations to ensure + # that the I18n backend will be initialized before we store our custom + # translations, so they will always override the translations for the + # YML file. + I18n.available_locales + I18n.backend.store_translations(locale, translations) + yield + ensure + I18n.reload! end def generate_unique_email From 8a8e8c6519032f965779ce3ffabe9c3aca947bc5 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 11 Sep 2014 17:01:07 -0300 Subject: [PATCH 0592/1473] Simplify the setup code for the Devise Helper tests so no locales or translations are leaked between tests. --- test/helpers/devise_helper_test.rb | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/test/helpers/devise_helper_test.rb b/test/helpers/devise_helper_test.rb index 9d39b61fa8..df4b23f4f9 100644 --- a/test/helpers/devise_helper_test.rb +++ b/test/helpers/devise_helper_test.rb @@ -2,25 +2,22 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest setup do - model_labels = { models: { user: "utilisateur" } } - # TODO: Remove this hack that fixes the I18n performance safeguards that - # breaks the custom locale. - I18n.available_locales += [:fr] - I18n.backend.store_translations :fr, - { + model_labels = { models: { user: "the user" } } + translations = { errors: { messages: { not_saved: { - one: "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.", - other: "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs." + one: "Can't save %{resource} because of 1 error", + other: "Can't save %{resource} because of %{count} errors", } } }, activerecord: model_labels, mongoid: model_labels } - I18n.locale = 'fr' + I18n.available_locales + I18n.backend.store_translations(:en, translations) end teardown do - I18n.locale = 'en' + I18n.reload! end test 'test errors.messages.not_saved with single error from i18n' do @@ -31,7 +28,7 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest click_button 'Sign up' assert_have_selector '#error_explanation' - assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 1 erreur" + assert_contain "Can't save the user because of 1 error" end test 'test errors.messages.not_saved with multiple errors from i18n' do @@ -47,6 +44,6 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest click_button 'Sign up' assert_have_selector '#error_explanation' - assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 2 erreurs" + assert_contain "Can't save the user because of 2 errors" end end From ce6e369ba85d3759474e468dd0b28735e7450a3d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 11 Sep 2014 17:41:40 -0300 Subject: [PATCH 0593/1473] Remove test ordering setup We can now run the test suite on random order. --- test/test_helper.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index 32c547f32c..dd200611e5 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,12 +23,6 @@ $:.unshift File.expand_path('../support', __FILE__) Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f } -if ActiveSupport::TestCase.respond_to?(:my_tests_are_order_dependent!) - # Devise test suite is order dependent, and we need to ensure that same order - # in Rails 4.2.0. - ActiveSupport::TestCase.my_tests_are_order_dependent! -end - # For generators require "rails/generators/test_case" require "generators/devise/install_generator" From 432a172533e652ff96600210ada63c1ccd0a7535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 18 Sep 2014 19:44:19 +0200 Subject: [PATCH 0594/1473] Set null: false explicitly in timestamps --- test/rails_app/db/migrate/20100401102949_create_tables.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb index 5aaf736479..fd90b504bf 100644 --- a/test/rails_app/db/migrate/20100401102949_create_tables.rb +++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb @@ -33,7 +33,7 @@ def self.up t.string :unlock_token # Only if unlock strategy is :email or :both t.datetime :locked_at - t.timestamps + t.timestamps null: false end create_table :admins do |t| @@ -60,7 +60,7 @@ def self.up ## Attribute for testing route blocks t.boolean :active, default: false - t.timestamps + t.timestamps null: false end end From 73c406b48146139a5daee6652b49bb418df81c33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 18 Sep 2014 19:50:52 +0200 Subject: [PATCH 0595/1473] Fix docs for http_authenticatable_on_xhr, closes #3112 --- lib/generators/templates/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index a2090e620a..589063d0b6 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -65,7 +65,7 @@ # :database = Support basic authentication with authentication key + password # config.http_authenticatable = false - # If http headers should be returned for AJAX requests. True by default. + # If 401 status code should be returned for AJAX requests. True by default. # config.http_authenticatable_on_xhr = true # The realm used in Http Basic Authentication. 'Application' by default. From 7029a5aaa88fcee9a9bf25a63d0105ad97728d08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 18 Sep 2014 20:04:05 +0200 Subject: [PATCH 0596/1473] Decouple validation from remember_me in authentication strategies Closes #3118 --- lib/devise/strategies/authenticatable.rb | 3 +-- lib/devise/strategies/database_authenticatable.rb | 1 + lib/devise/strategies/rememberable.rb | 9 ++++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index cd3a15ea9f..1e2055ec30 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -36,7 +36,6 @@ def validate(resource, &block) result = resource && resource.valid_for_authentication?(&block) if result - decorate(resource) true else if resource @@ -47,7 +46,7 @@ def validate(resource, &block) end # Get values from params and set in the resource. - def decorate(resource) + def remember_me(resource) resource.remember_me = remember_me? if resource.respond_to?(:remember_me=) end diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index c38282796f..2a8e91d01b 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -9,6 +9,7 @@ def authenticate! encrypted = false if validate(resource){ encrypted = true; resource.valid_password?(password) } + remember_me(resource) resource.after_database_authentication success!(resource) end diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index 1aadde2c8d..6906627332 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -25,15 +25,18 @@ def authenticate! end if validate(resource) + remember_me(resource) + extend_remember_me_period(resource) success!(resource) end end private - def decorate(resource) - super - resource.extend_remember_period = mapping.to.extend_remember_period if resource.respond_to?(:extend_remember_period=) + def extend_remember_me_period(resource) + if resource.respond_to?(:extend_remember_period=) + resource.extend_remember_period = mapping.to.extend_remember_period + end end def remember_me? From a5158939de3cdd4370be300fb2e2c06410c996eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 18 Sep 2014 20:28:24 +0200 Subject: [PATCH 0597/1473] Update CHANGELOG --- CHANGELOG.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ec66617df9..d0c53e8f29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,10 +3,13 @@ * enhancements * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding a hint about the minimum password length when `validatable` is enabled (by @aried3r) + * Remove reloading of routes when eager loading is enabled. This change was added during Rails 3 and it doesn't seem to be relevant to currently supported Rails versions (by @fgro) -* bug fixes +* bug fix * Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished` - exception when executed inside a mountable engine. + exception when executed inside a mountable engine + * Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by @micat) + * Ensure all causes of failed login have the same error message (by @pjungwir) ### 3.3.0 From 79a4b93993db60f6f1529c7b5d8e4264cafe9e5c Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 18 Sep 2014 17:18:11 -0300 Subject: [PATCH 0598/1473] Point users to the canonical Omniauth docs in our README, not the wiki. --- .../templates/controllers/omniauth_callbacks_controller.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb index d6838366e2..6516213c9c 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.erb @@ -7,7 +7,7 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback # end # More info at: - # https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview + # https://github.com/plataformatec/devise#omniauth # GET|POST /resource/auth/twitter # def passthru From 131013ac5679da46d2beb0b6625b3a04379b15bd Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 18 Sep 2014 17:21:25 -0300 Subject: [PATCH 0599/1473] Controller templates should have the `.rb` extension, not `.erb`. --- lib/generators/devise/controllers_generator.rb | 2 +- ...confirmations_controller.erb => confirmations_controller.rb} | 0 ...allbacks_controller.erb => omniauth_callbacks_controller.rb} | 0 .../{passwords_controller.erb => passwords_controller.rb} | 0 ...registrations_controller.erb => registrations_controller.rb} | 0 .../{sessions_controller.erb => sessions_controller.rb} | 0 .../{unlocks_controller.erb => unlocks_controller.rb} | 0 7 files changed, 1 insertion(+), 1 deletion(-) rename lib/generators/templates/controllers/{confirmations_controller.erb => confirmations_controller.rb} (100%) rename lib/generators/templates/controllers/{omniauth_callbacks_controller.erb => omniauth_callbacks_controller.rb} (100%) rename lib/generators/templates/controllers/{passwords_controller.erb => passwords_controller.rb} (100%) rename lib/generators/templates/controllers/{registrations_controller.erb => registrations_controller.rb} (100%) rename lib/generators/templates/controllers/{sessions_controller.erb => sessions_controller.rb} (100%) rename lib/generators/templates/controllers/{unlocks_controller.erb => unlocks_controller.rb} (100%) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index 721c5e49c5..921c21c746 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -31,7 +31,7 @@ def create_controllers @scope_prefix = scope.blank? ? '' : (scope.camelize + '::') controllers = options[:controllers] || CONTROLLERS controllers.each do |name| - template "#{name}_controller.erb", + template "#{name}_controller.rb", "app/controllers/#{scope}/#{name}_controller.rb" end end diff --git a/lib/generators/templates/controllers/confirmations_controller.erb b/lib/generators/templates/controllers/confirmations_controller.rb similarity index 100% rename from lib/generators/templates/controllers/confirmations_controller.erb rename to lib/generators/templates/controllers/confirmations_controller.rb diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.erb b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb similarity index 100% rename from lib/generators/templates/controllers/omniauth_callbacks_controller.erb rename to lib/generators/templates/controllers/omniauth_callbacks_controller.rb diff --git a/lib/generators/templates/controllers/passwords_controller.erb b/lib/generators/templates/controllers/passwords_controller.rb similarity index 100% rename from lib/generators/templates/controllers/passwords_controller.erb rename to lib/generators/templates/controllers/passwords_controller.rb diff --git a/lib/generators/templates/controllers/registrations_controller.erb b/lib/generators/templates/controllers/registrations_controller.rb similarity index 100% rename from lib/generators/templates/controllers/registrations_controller.erb rename to lib/generators/templates/controllers/registrations_controller.rb diff --git a/lib/generators/templates/controllers/sessions_controller.erb b/lib/generators/templates/controllers/sessions_controller.rb similarity index 100% rename from lib/generators/templates/controllers/sessions_controller.erb rename to lib/generators/templates/controllers/sessions_controller.rb diff --git a/lib/generators/templates/controllers/unlocks_controller.erb b/lib/generators/templates/controllers/unlocks_controller.rb similarity index 100% rename from lib/generators/templates/controllers/unlocks_controller.erb rename to lib/generators/templates/controllers/unlocks_controller.rb From 952c162bee8dbf7fb8ef0522a5142d8567bb4f1b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 18 Sep 2014 17:25:13 -0300 Subject: [PATCH 0600/1473] Update CHANGELOG --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0c53e8f29..7b10405288 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,8 @@ * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding a hint about the minimum password length when `validatable` is enabled (by @aried3r) * Remove reloading of routes when eager loading is enabled. This change was added during Rails 3 and it doesn't seem to be relevant to currently supported Rails versions (by @fgro) - + * Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag + to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by @Chun-Yang) * bug fix * Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished` exception when executed inside a mountable engine From 39ed3322990bcd8682d9eeecffb2e1972c996446 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 18 Sep 2014 18:15:08 -0300 Subject: [PATCH 0601/1473] Ensure that we sanitize any `AC::Parameters` in `find_or_initialize_with_errors`. As we are already slicing the Hash, we must be sure that this method will send a "safe" object down to the other finder methods that will use the Hash entries to do the querying. --- lib/devise/models/authenticatable.rb | 2 +- test/models/authenticatable_test.rb | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 78be957baf..75cb2d0e60 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -253,7 +253,7 @@ def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc: # Find an initialize a group of attributes based on a list of required attributes. def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc: - attributes = attributes.slice(*required_attributes) + attributes = attributes.slice(*required_attributes).with_indifferent_access attributes.delete_if { |key, value| value.blank? } if attributes.size == required_attributes.size diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 3d791d44a1..ba664f3edf 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -10,4 +10,14 @@ class AuthenticatableTest < ActiveSupport::TestCase assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next) end + + if defined?(ActionController::Parameters) + test 'does not passes an ActionController::Parameters to find_first_by_auth_conditions through find_or_initialize_with_errors' do + user = create_user(email: 'example@example.com') + attributes = ActionController::Parameters.new(email: 'example@example.com') + + User.expects(:find_first_by_auth_conditions).with('email' => 'example@example.com').returns(user) + User.find_or_initialize_with_errors([:email], attributes) + end + end end From c043eca2b20539c7be58e3d7fd60d6488dd55287 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 18 Sep 2014 18:24:26 -0300 Subject: [PATCH 0602/1473] Silence controller generator warning output --- test/generators/controllers_generator_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/generators/controllers_generator_test.rb b/test/generators/controllers_generator_test.rb index 11d1c35dbc..6df0f0c270 100644 --- a/test/generators/controllers_generator_test.rb +++ b/test/generators/controllers_generator_test.rb @@ -6,7 +6,7 @@ class ControllersGeneratorTest < Rails::Generators::TestCase setup :prepare_destination test "Assert no controllers are created with no params" do - run_generator + capture(:stderr) { run_generator } assert_no_file "app/controllers/sessions_controller.rb" assert_no_file "app/controllers/registrations_controller.rb" assert_no_file "app/controllers/confirmations_controller.rb" From c811ea2edb867d6bcff2fb48a77817bcc695b28a Mon Sep 17 00:00:00 2001 From: Vasily Vasinov Date: Sun, 21 Sep 2014 21:41:42 -0600 Subject: [PATCH 0603/1473] Update README.md Added the security shield from Hakiri. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 28aad919d8..7b55e47190 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ By [Plataformatec](http://plataformatec.com.br/). [![Build Status](https://api.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise) +[![Security](https://hakiri.io/github/plataformatec/devise/master.svg)](https://hakiri.io/github/plataformatec/devise/master) This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). From 6b0d11ed7a457ef1a338718e2e1819aeb25e943d Mon Sep 17 00:00:00 2001 From: Timo Schilling Date: Tue, 23 Sep 2014 18:42:11 +0200 Subject: [PATCH 0604/1473] =?UTF-8?q?use=20authentication=5Fkeys=20in=20fl?= =?UTF-8?q?ash=20message,=20instead=20of=20static=20=E2=80=98username?= =?UTF-8?q?=E2=80=99=20(fix=20#3201)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/locales/en.yml | 4 ++-- lib/devise/failure_app.rb | 1 + test/integration/authenticatable_test.rb | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index fa69b16d75..26a10f2928 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -9,10 +9,10 @@ en: failure: already_authenticated: "You are already signed in." inactive: "Your account is not activated yet." - invalid: "Invalid email or password." + invalid: "Invalid %{authentication_keys} or password." locked: "Your account is locked." last_attempt: "You have one more attempt before your account is locked." - not_found_in_database: "Invalid email or password." + not_found_in_database: "Invalid %{authentication_keys} or password." timeout: "Your session expired. Please sign in again to continue." unauthenticated: "You need to sign in or sign up before continuing." unconfirmed: "You have to confirm your email address before continuing." diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 27c4154ec2..863b33d613 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -78,6 +78,7 @@ def i18n_message(default = nil) options[:resource_name] = scope options[:scope] = "devise.failure" options[:default] = [message] + options[:authentication_keys] = Devise.authentication_keys.join(", ") options = i18n_options(options) I18n.t(:"#{scope}.#{message}", options) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 91449fddd9..8048390b75 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -580,7 +580,7 @@ class AuthenticationKeysTest < ActionDispatch::IntegrationTest test 'missing authentication keys cause authentication to abort' do swap Devise, authentication_keys: [:subdomain] do sign_in_as_user - assert_contain "Invalid email or password." + assert_contain "Invalid subdomain or password." assert_not warden.authenticated?(:user) end end From d3c53904c7286eab879c65a5945b0226794e310a Mon Sep 17 00:00:00 2001 From: Timo Schilling Date: Wed, 24 Sep 2014 14:05:38 +0200 Subject: [PATCH 0605/1473] use auth keys from scope instead of global config --- lib/devise/failure_app.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 863b33d613..61e9ad41da 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -78,7 +78,8 @@ def i18n_message(default = nil) options[:resource_name] = scope options[:scope] = "devise.failure" options[:default] = [message] - options[:authentication_keys] = Devise.authentication_keys.join(", ") + authentication_keys = Devise.mappings[scope].to.authentication_keys + options[:authentication_keys] = authentication_keys.join(", ") options = i18n_options(options) I18n.t(:"#{scope}.#{message}", options) From d546665102babbd763e519a4ee0904cfc1a00b6d Mon Sep 17 00:00:00 2001 From: Timo Schilling Date: Wed, 24 Sep 2014 14:13:37 +0200 Subject: [PATCH 0606/1473] use I18n "support.array.words_connector" as connector --- lib/devise/failure_app.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 61e9ad41da..48537e9273 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -79,7 +79,7 @@ def i18n_message(default = nil) options[:scope] = "devise.failure" options[:default] = [message] authentication_keys = Devise.mappings[scope].to.authentication_keys - options[:authentication_keys] = authentication_keys.join(", ") + options[:authentication_keys] = authentication_keys.join(I18n.translate(:"support.array.words_connector")) options = i18n_options(options) I18n.t(:"#{scope}.#{message}", options) From 0f240ab68f8e6544c15f7dfe7e2a0696184ac222 Mon Sep 17 00:00:00 2001 From: Timo Schilling Date: Wed, 24 Sep 2014 15:48:46 +0200 Subject: [PATCH 0607/1473] code cleanup FailureApp --- lib/devise/failure_app.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 48537e9273..7cedf646e6 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -78,8 +78,7 @@ def i18n_message(default = nil) options[:resource_name] = scope options[:scope] = "devise.failure" options[:default] = [message] - authentication_keys = Devise.mappings[scope].to.authentication_keys - options[:authentication_keys] = authentication_keys.join(I18n.translate(:"support.array.words_connector")) + options[:authentication_keys] = scope_class.authentication_keys.join(I18n.translate(:"support.array.words_connector")) options = i18n_options(options) I18n.t(:"#{scope}.#{message}", options) @@ -146,7 +145,7 @@ def http_auth? # It does not make sense to send authenticate headers in ajax requests # or if the user disabled them. def http_auth_header? - Devise.mappings[scope].to.http_authenticatable && !request.xhr? + scope_class.http_authenticatable && !request.xhr? end def http_auth_body @@ -184,6 +183,10 @@ def scope @scope ||= warden_options[:scope] || Devise.default_scope end + def scope_class + @scope_class ||= Devise.mappings[scope].to + end + def attempted_path warden_options[:attempted_path] end From 002b4c6c01fe4c2455ff9d21eb6da233fe40c331 Mon Sep 17 00:00:00 2001 From: Michael Ding Date: Mon, 29 Sep 2014 14:36:05 +0800 Subject: [PATCH 0608/1473] fix argument bug when `is_navigational_format?` returns false, Exception will be throw: ArgumentError (Nil location provided. Can't build URI.) --- app/controllers/devise/confirmations_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 70f37d9155..ec4aff14ce 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -33,7 +33,7 @@ def show # The path used after resending confirmation instructions. def after_resending_confirmation_instructions_path_for(resource_name) - new_session_path(resource_name) if is_navigational_format? + is_navigational_format? ? new_session_path(resource_name) : '/' end # The path used after confirmation. From 1ed93cacd82f6af639d8fc13d0d59a0e46081b6d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 29 Sep 2014 17:38:16 -0300 Subject: [PATCH 0609/1473] Update Rails dependency --- Gemfile | 2 +- Gemfile.lock | 84 ++++++++++++++++++++++++++++------------------------ 2 files changed, 46 insertions(+), 40 deletions(-) diff --git a/Gemfile b/Gemfile index 76a67a82a3..3eab620997 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "4.2.0.beta1" +gem "rails", "4.2.0.beta2" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 7379672952..0c32379608 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -23,34 +23,36 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.0.beta1) - actionpack (= 4.2.0.beta1) - actionview (= 4.2.0.beta1) + actionmailer (4.2.0.beta2) + actionpack (= 4.2.0.beta2) + actionview (= 4.2.0.beta2) + activejob (= 4.2.0.beta2) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.2) - actionpack (4.2.0.beta1) - actionview (= 4.2.0.beta1) - activesupport (= 4.2.0.beta1) + rails-dom-testing (~> 1.0, >= 1.0.3) + actionpack (4.2.0.beta2) + actionview (= 4.2.0.beta2) + activesupport (= 4.2.0.beta2) rack (~> 1.6.0.beta) rack-test (~> 0.6.2) - rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) - rails-dom-testing (~> 1.0, >= 1.0.2) - actionview (4.2.0.beta1) - activesupport (= 4.2.0.beta1) + rails-dom-testing (~> 1.0, >= 1.0.3) + rails-html-sanitizer (~> 1.0, >= 1.0.1) + actionview (4.2.0.beta2) + activesupport (= 4.2.0.beta2) builder (~> 3.1) erubis (~> 2.7.0) - rails-deprecated_sanitizer (~> 1.0, >= 1.0.2) - rails-dom-testing (~> 1.0, >= 1.0.2) - activejob (4.2.0.beta1) - globalid (>= 0.2.3) - activemodel (4.2.0.beta1) - activesupport (= 4.2.0.beta1) + rails-dom-testing (~> 1.0, >= 1.0.3) + rails-html-sanitizer (~> 1.0, >= 1.0.1) + activejob (4.2.0.beta2) + activesupport (= 4.2.0.beta2) + globalid (>= 0.3.0) + activemodel (4.2.0.beta2) + activesupport (= 4.2.0.beta2) builder (~> 3.1) - activerecord (4.2.0.beta1) - activemodel (= 4.2.0.beta1) - activesupport (= 4.2.0.beta1) + activerecord (4.2.0.beta2) + activemodel (= 4.2.0.beta2) + activesupport (= 4.2.0.beta2) arel (>= 6.0.0.beta1, < 6.1) - activesupport (4.2.0.beta1) + activesupport (4.2.0.beta2) i18n (>= 0.7.0.beta1, < 0.8) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -64,19 +66,21 @@ GEM erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - globalid (0.2.3) + globalid (0.3.0) activesupport (>= 4.1.0) hashie (3.2.0) hike (1.2.3) i18n (0.7.0.beta1) json (1.8.1) jwt (1.0.0) + loofah (2.0.1) + nokogiri (>= 1.5.9) mail (2.6.1) mime-types (>= 1.16, < 3) metaclass (0.0.4) mime-types (2.3) mini_portile (0.6.0) - minitest (5.4.0) + minitest (5.4.2) mocha (1.1.0) metaclass (~> 0.0.1) moped (2.0.0) @@ -116,26 +120,28 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.2.0.beta1) - actionmailer (= 4.2.0.beta1) - actionpack (= 4.2.0.beta1) - actionview (= 4.2.0.beta1) - activejob (= 4.2.0.beta1) - activemodel (= 4.2.0.beta1) - activerecord (= 4.2.0.beta1) - activesupport (= 4.2.0.beta1) + rails (4.2.0.beta2) + actionmailer (= 4.2.0.beta2) + actionpack (= 4.2.0.beta2) + actionview (= 4.2.0.beta2) + activejob (= 4.2.0.beta2) + activemodel (= 4.2.0.beta2) + activerecord (= 4.2.0.beta2) + activesupport (= 4.2.0.beta2) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0.beta1) + railties (= 4.2.0.beta2) sprockets-rails (~> 3.0.0.beta1) - rails-deprecated_sanitizer (1.0.2) + rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.2) + rails-dom-testing (1.0.3) activesupport nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) - railties (4.2.0.beta1) - actionpack (= 4.2.0.beta1) - activesupport (= 4.2.0.beta1) + rails-html-sanitizer (1.0.1) + loofah (~> 2.0) + railties (4.2.0.beta2) + actionpack (= 4.2.0.beta2) + activesupport (= 4.2.0.beta2) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.3.2) @@ -144,7 +150,7 @@ GEM responders (2.0.0) railties (>= 4.2.0.alpha, < 5) ruby-openid (2.5.0) - sprockets (2.12.1) + sprockets (2.12.2) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) @@ -180,7 +186,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (= 4.2.0.beta1) + rails (= 4.2.0.beta2) rdoc sqlite3 webrat (= 0.7.3) From ee69d41fc1707c5b7b2630034dc1d120b6200f56 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 29 Sep 2014 17:42:08 -0300 Subject: [PATCH 0610/1473] Remove ActiveSupport test order deprecation warning --- test/test_helper.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/test_helper.rb b/test/test_helper.rb index 49553d8284..9f36b48826 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -17,6 +17,10 @@ config.open_error_files = false end +if ActiveSupport.respond_to?(:test_order) + ActiveSupport.test_order = :random +end + OmniAuth.config.logger = Logger.new('/dev/null') # Add support to load paths so we can overwrite broken webrat setup From ed109ac3d5e7654cc1d1d59201cfd2dcc8af2d3f Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 2 Oct 2014 18:42:46 -0300 Subject: [PATCH 0611/1473] Merge `swap` usage into a single method call. --- test/models/lockable_test.rb | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index aa6dedcdd9..6e48b20538 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -299,18 +299,16 @@ def setup end test 'should return last attempt message if user made next-to-last attempt of password entering' do - swap Devise, last_attempt_warning: :true do - swap Devise, lock_strategy: :failed_attempts do - user = create_user - user.failed_attempts = Devise.maximum_attempts - 2 - assert_equal :invalid, user.unauthenticated_message + swap Devise, last_attempt_warning: :true, lock_strategy: :failed_attempts do + user = create_user + user.failed_attempts = Devise.maximum_attempts - 2 + assert_equal :invalid, user.unauthenticated_message - user.failed_attempts = Devise.maximum_attempts - 1 - assert_equal :last_attempt, user.unauthenticated_message + user.failed_attempts = Devise.maximum_attempts - 1 + assert_equal :last_attempt, user.unauthenticated_message - user.failed_attempts = Devise.maximum_attempts - assert_equal :locked, user.unauthenticated_message - end + user.failed_attempts = Devise.maximum_attempts + assert_equal :locked, user.unauthenticated_message end end From 8b15184a250a6912cb7042474a7faeab25d4c81e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 2 Oct 2014 18:50:48 -0300 Subject: [PATCH 0612/1473] Use the `last_attempt_warning` configuration with the lockable unauthenticated_message message. This configuration was added in #2687 but it was never used in the real code that defines what message should be used by the app. --- lib/devise/models/lockable.rb | 4 ++-- test/models/lockable_test.rb | 10 +++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index d3159be3f5..803ea04381 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -117,7 +117,7 @@ def unauthenticated_message super elsif access_locked? || (lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?) :locked - elsif lock_strategy_enabled?(:failed_attempts) && last_attempt? + elsif lock_strategy_enabled?(:failed_attempts) && last_attempt? && self.class.last_attempt_warning :last_attempt else super @@ -189,7 +189,7 @@ def lock_strategy_enabled?(strategy) self.lock_strategy == strategy end - Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys) + Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys, :last_attempt_warning) end end end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 6e48b20538..3f7284ca99 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -299,7 +299,7 @@ def setup end test 'should return last attempt message if user made next-to-last attempt of password entering' do - swap Devise, last_attempt_warning: :true, lock_strategy: :failed_attempts do + swap Devise, last_attempt_warning: true, lock_strategy: :failed_attempts do user = create_user user.failed_attempts = Devise.maximum_attempts - 2 assert_equal :invalid, user.unauthenticated_message @@ -312,6 +312,14 @@ def setup end end + test 'should not return last attempt message if last_attempt_warning is disabled' do + swap Devise, last_attempt_warning: false, lock_strategy: :failed_attempts do + user = create_user + user.failed_attempts = Devise.maximum_attempts - 1 + assert_equal :invalid, user.unauthenticated_message + end + end + test 'should return locked message if user was programatically locked' do user = create_user user.lock_access! From c411ebcad6ed14653d8840f009f5716d0a18fcbe Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Oct 2014 09:35:05 -0300 Subject: [PATCH 0613/1473] Revert "Removes reloading of routes when eager loading ..." --- lib/devise/rails.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 8416981056..14de2375fc 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -10,6 +10,9 @@ class Engine < ::Rails::Engine Devise.warden_config = config end + # Force routes to be loaded if we are doing any eager load. + config.before_eager_load { |app| app.reload_routes! } + initializer "devise.url_helpers" do Devise.include_helpers(Devise::Controllers) end From 6405c96213d7b018490cf208cb4ddd9479929c19 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Oct 2014 09:49:29 -0300 Subject: [PATCH 0614/1473] `last_attempt_warning` should be `true` for now on. --- lib/devise.rb | 2 +- lib/generators/templates/devise.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 2b99d923e4..9968bc1ae1 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -280,7 +280,7 @@ def self.#{method}=(val) # When true, warn user if they just used next-to-last attempt of authentication mattr_accessor :last_attempt_warning - @@last_attempt_warning = false + @@last_attempt_warning = true # Stores the token generator mattr_accessor :token_generator diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 589063d0b6..90e138c436 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -183,7 +183,7 @@ # config.unlock_in = 1.hour # Warn on the last attempt before the account is locked. - # config.last_attempt_warning = false + # config.last_attempt_warning = true # ==> Configuration for :recoverable # From fa7714218eb7c7f7ebc4412930abaffac580a74b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Oct 2014 09:49:48 -0300 Subject: [PATCH 0615/1473] Update CHANGELOG --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b10405288..88899c67bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ exception when executed inside a mountable engine * Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by @micat) * Ensure all causes of failed login have the same error message (by @pjungwir) + * The `last_attempt_warning` now takes effect when generating the unauthenticated + message for your users. To keep the current behavior, this flag is now `true` + by default. (by @lucasmazza) ### 3.3.0 From 6445e077917bf0b25869a611c4cdd9ed45b72432 Mon Sep 17 00:00:00 2001 From: Abhinav Date: Fri, 3 Oct 2014 10:13:36 -0600 Subject: [PATCH 0616/1473] Use spec/rails_helper.rb for rspec-rails config. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7b55e47190..13b51fb6c8 100644 --- a/README.md +++ b/README.md @@ -410,7 +410,7 @@ class ActionController::TestCase end ``` -If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb`: +If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb` (or `spec/rails_helper.rb` if you are using rspec-rails): ```ruby RSpec.configure do |config| From 9b49e89ebdff050ce20570739cc73652ac387926 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Oct 2014 14:20:31 -0300 Subject: [PATCH 0617/1473] Update CHANGELOG [ci skip] --- CHANGELOG.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 88899c67bf..9f25131f47 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,19 +1,29 @@ ### Unreleased * enhancements +* bugfixes + +### 3.4.0 + +* enhancements + * Support added for Rails 4.2. Devise now depends on the `responders` gem due + the extraction of the `respond_with` API from Rails. (by @lucasmazza) * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding - a hint about the minimum password length when `validatable` is enabled (by @aried3r) + a hint about the minimum password length when `validatable` is enabled. (by @aried3r) * Remove reloading of routes when eager loading is enabled. This change was added during Rails 3 and it doesn't seem to be relevant to currently supported Rails versions (by @fgro) * Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by @Chun-Yang) + * Removed the hardcoded references for "email" in the flash messages. If you are using + different attributes as the `authentication_keys` they will be interpolated in the + messages instead. (by @timoschilling) * bug fix * Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished` - exception when executed inside a mountable engine + exception when executed inside a mountable engine. (by @lucasmazza) * Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by @micat) * Ensure all causes of failed login have the same error message (by @pjungwir) * The `last_attempt_warning` now takes effect when generating the unauthenticated message for your users. To keep the current behavior, this flag is now `true` - by default. (by @lucasmazza) + by default. (by @lucasmazza) ### 3.3.0 From bdf9c25f3b46dfa47aa59d9b656014a7054b9e77 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Oct 2014 14:28:15 -0300 Subject: [PATCH 0618/1473] Release 3.4.0 --- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.2-stable.lock | 2 +- gemfiles/Gemfile.rails-4.0-stable.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- lib/devise/version.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0c32379608..6441944d9e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.3.0) + devise (3.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index 72f0d6b3c9..174922a8ff 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -49,7 +49,7 @@ GIT PATH remote: .. specs: - devise (3.3.0) + devise (3.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index f8558f4d78..4cfa4ff92e 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -43,7 +43,7 @@ GIT PATH remote: .. specs: - devise (3.3.0) + devise (3.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 5e14ee254a..7bf1312ec6 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (3.3.0) + devise (3.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 5832f10769..04bd7ec24c 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.3.0".freeze + VERSION = "3.4.0".freeze end From f246f62b106e14e0e123d823f5ad5496d8641c83 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 3 Oct 2014 14:31:01 -0300 Subject: [PATCH 0619/1473] Remove CHANGELOG entry since #3195 was reverted. --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f25131f47..349b8b7e12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,6 @@ the extraction of the `respond_with` API from Rails. (by @lucasmazza) * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding a hint about the minimum password length when `validatable` is enabled. (by @aried3r) - * Remove reloading of routes when eager loading is enabled. This change was added during Rails 3 and it doesn't seem to be relevant to currently supported Rails versions (by @fgro) * Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by @Chun-Yang) * Removed the hardcoded references for "email" in the flash messages. If you are using From d6c8aef15f1a1881d8f18619acfc008cd660cd4c Mon Sep 17 00:00:00 2001 From: Jan Pantel Date: Sat, 18 Oct 2014 17:34:38 +0200 Subject: [PATCH 0620/1473] Fix typo in controller generators help message --- lib/generators/devise/controllers_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index 921c21c746..803ba04129 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -8,7 +8,7 @@ class ControllersGenerator < Rails::Generators::Base desc <<-DESC.strip_heredoc Create inherited Devise controllers in your app/controllers folder. - User -c to specify which controller you want to overwrite. + Use -c to specify which controller you want to overwrite. If you do no specify a controller, all controllers will be created. For example: From f80ebea0e6bf34282f996464778154772d1b6fb6 Mon Sep 17 00:00:00 2001 From: Hannah Briggs Date: Sat, 18 Oct 2014 21:28:20 -0700 Subject: [PATCH 0621/1473] allow set_flash_message to set flash.now messages --- app/controllers/devise_controller.rb | 13 ++++++++++--- test/controllers/internal_helpers_test.rb | 6 ++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 7cdd0f7e0d..20cc161fb7 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -129,8 +129,11 @@ def successfully_sent?(resource) end # Sets the flash message with :key, using I18n. By default you are able - # to setup your messages using specific resource scope, and if no one is - # found we look to default scope. + # to setup your messages using specific resource scope, and if no message is + # found we look to the default scope. Set the "now" options key to a true + # value to populate the flash.now hash in lieu of the default flash hash (so + # the flash message will be available to the current action instead of the + # next action). # Example (i18n locale file): # # en: @@ -144,7 +147,11 @@ def successfully_sent?(resource) # available. def set_flash_message(key, kind, options = {}) message = find_message(kind, options) - flash[key] = message if message.present? + if options[:now] + flash.now[key] = message if message.present? + else + flash[key] = message if message.present? + end end def devise_i18n_options(options) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index db5f6870b8..c13c9917f9 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -99,6 +99,12 @@ def setup assert_equal 'non-blank', flash[:notice] end + test 'issues non-blank flash.now messages normally' do + I18n.stubs(:t).returns('non-blank') + @controller.send :set_flash_message, :notice, :send_instructions, { now: true } + assert_equal 'non-blank', flash.now[:notice] + end + test 'uses custom i18n options' do @controller.stubs(:devise_i18n_options).returns(default: "devise custom options") @controller.send :set_flash_message, :notice, :invalid_i18n_messagesend_instructions From f91dbd1b8b80f2fc49980de982fa824eb07867ca Mon Sep 17 00:00:00 2001 From: Abdelkader Boudih Date: Sun, 19 Oct 2014 15:15:55 +0000 Subject: [PATCH 0622/1473] require ruby 1.9.3+ --- devise.gemspec | 1 + 1 file changed, 1 insertion(+) diff --git a/devise.gemspec b/devise.gemspec index 73b81075c7..12f3362d32 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -18,6 +18,7 @@ Gem::Specification.new do |s| s.files = `git ls-files`.split("\n") s.test_files = `git ls-files -- test/*`.split("\n") s.require_paths = ["lib"] + s.required_ruby_version = '>= 1.9.3' s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") From c1864663aa913ad1299cbc8503592259bdb07322 Mon Sep 17 00:00:00 2001 From: James Kiesel Date: Tue, 21 Oct 2014 02:28:58 +1300 Subject: [PATCH 0623/1473] Localize confirmable tests --- test/models/confirmable_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index a08addf649..0c2c56ffdb 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -219,14 +219,14 @@ def setup test 'should not be active when confirm in is zero' do Devise.allow_unconfirmed_access_for = 0.days user = create_user - user.confirmation_sent_at = Date.today + user.confirmation_sent_at = Time.zone.today assert_not user.active_for_authentication? end test 'should be active when we set allow_unconfirmed_access_for to nil' do swap Devise, allow_unconfirmed_access_for: nil do user = create_user - user.confirmation_sent_at = Date.today + user.confirmation_sent_at = Time.zone.today assert user.active_for_authentication? end end From a5bab11321304fa35a5c213e6664871d0489034f Mon Sep 17 00:00:00 2001 From: Uday Singh Date: Wed, 22 Oct 2014 04:08:33 -0400 Subject: [PATCH 0624/1473] reformatted fields, added fields and actions class like rails scaffolding, changed html tag for updated html5 tag --- app/views/devise/registrations/edit.html.erb | 28 +++++++++++++------- app/views/devise/registrations/new.html.erb | 25 ++++++++++++----- 2 files changed, 37 insertions(+), 16 deletions(-) diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 808d62c9ee..87c104b858 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -3,23 +3,33 @@ <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> <%= devise_error_messages! %> -
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %>
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
Currently waiting confirmation for: <%= resource.unconfirmed_email %>
<% end %> -
<%= f.label :password %> (leave blank if you don't want to change it)
- <%= f.password_field :password, autocomplete: "off" %>
+
+ <%= f.label :password %> (leave blank if you don't want to change it)
+ <%= f.password_field :password, autocomplete: "off" %> +
-
<%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "off" %>
+
+ <%= f.label :password_confirmation %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %> +
-
<%= f.label :current_password %> (we need your current password to confirm your changes)
- <%= f.password_field :current_password, autocomplete: "off" %>
+
+ <%= f.label :current_password %> (we need your current password to confirm your changes)
+ <%= f.password_field :current_password, autocomplete: "off" %> +
-
<%= f.submit "Update" %>
+
+ <%= f.submit "Update" %> +
<% end %>

Cancel my account

diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 41830424c0..70eb6ef80a 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -3,16 +3,27 @@ <%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> <%= devise_error_messages! %> -
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %>
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
-
<%= f.label :password %> <% if @validatable %>(<%= @minimum_password_length %> characters minimum)<% end %>
- <%= f.password_field :password, autocomplete: "off" %>
+
+ <%= f.label :password %> + <% if @validatable %> + (<%= @minimum_password_length %> characters minimum) + <% end %>
+ <%= f.password_field :password, autocomplete: "off" %> +
-
<%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "off" %>
+
+ <%= f.label :password_confirmation %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %> +
-
<%= f.submit "Sign up" %>
+
+ <%= f.submit "Sign up" %> +
<% end %> <%= render "devise/shared/links" %> From ef016b448ee9fa5e4f0160fe08ca867a876fe96c Mon Sep 17 00:00:00 2001 From: Uday Singh Date: Wed, 22 Oct 2014 04:10:01 -0400 Subject: [PATCH 0625/1473] reformatted and updated sessions views with proper fields and action classes --- app/views/devise/sessions/new.html.erb | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index f24d7dfde7..4df8ebab87 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,17 +1,26 @@

Log in

<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> -
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %>
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
-
<%= f.label :password %>
- <%= f.password_field :password, autocomplete: "off" %>
+
+ <%= f.label :password %>
+ <%= f.password_field :password, autocomplete: "off" %> +
<% if devise_mapping.rememberable? -%> -
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
+
+ <%= f.check_box :remember_me %> + <%= f.label :remember_me %> +
<% end -%> -
<%= f.submit "Log in" %>
+
+ <%= f.submit "Log in" %> +
<% end %> <%= render "devise/shared/links" %> From 9c221e2418bbcd3c13b1cbb0371638f72ad350fb Mon Sep 17 00:00:00 2001 From: Uday Singh Date: Wed, 22 Oct 2014 04:12:28 -0400 Subject: [PATCH 0626/1473] updated new.html.erb unlock views --- app/views/devise/unlocks/new.html.erb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb index 6fb5612bf8..50e81c088f 100644 --- a/app/views/devise/unlocks/new.html.erb +++ b/app/views/devise/unlocks/new.html.erb @@ -3,10 +3,14 @@ <%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %> -
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %>
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
-
<%= f.submit "Resend unlock instructions" %>
+
+ <%= f.submit "Resend unlock instructions" %> +
<% end %> <%= render "devise/shared/links" %> From f9ca733e6872583f35360ddea761fc8bdb84868d Mon Sep 17 00:00:00 2001 From: Uday Singh Date: Wed, 22 Oct 2014 04:23:51 -0400 Subject: [PATCH 0627/1473] updated passwords views with proper formatting akin to scaffolding and classes for fields and actions --- app/views/devise/passwords/edit.html.erb | 16 +++++++++++----- app/views/devise/passwords/new.html.erb | 10 +++++++--- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 553509886e..cfa2ed77db 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -4,13 +4,19 @@ <%= devise_error_messages! %> <%= f.hidden_field :reset_password_token %> -
<%= f.label :password, "New password" %>
- <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
+
+ <%= f.label :password, "New password" %>
+ <%= f.password_field :password, autofocus: true, autocomplete: "off" %> +
-
<%= f.label :password_confirmation, "Confirm new password" %>
- <%= f.password_field :password_confirmation, autocomplete: "off" %>
+
+ <%= f.label :password_confirmation, "Confirm new password" %>
+ <%= f.password_field :password_confirmation, autocomplete: "off" %> +
-
<%= f.submit "Change my password" %>
+
+ <%= f.submit "Change my password" %> +
<% end %> <%= render "devise/shared/links" %> diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index ea1d46e3d8..a8e1c3f0a4 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -3,10 +3,14 @@ <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %> -
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %>
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
-
<%= f.submit "Send me reset password instructions" %>
+
+ <%= f.submit "Send me reset password instructions" %> +
<% end %> <%= render "devise/shared/links" %> From 51263f995b513e6b676813a9172a65a456ac9bc6 Mon Sep 17 00:00:00 2001 From: Uday Singh Date: Wed, 22 Oct 2014 04:25:33 -0400 Subject: [PATCH 0628/1473] updated confirmation views with the same formatting and added fields and actions to tag --- app/views/devise/confirmations/new.html.erb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index 65ba288037..657afd8764 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -3,10 +3,14 @@ <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %> -
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %>
+
+ <%= f.label :email %>
+ <%= f.email_field :email, autofocus: true %> +
-
<%= f.submit "Resend confirmation instructions" %>
+
+ <%= f.submit "Resend confirmation instructions" %> +
<% end %> <%= render "devise/shared/links" %> From cfe0dc1ee1563f3fbda430de17353ee9652401d3 Mon Sep 17 00:00:00 2001 From: Sean Collins Date: Wed, 22 Oct 2014 12:44:01 -0400 Subject: [PATCH 0629/1473] change class="fields" to class="field" to be same as rails scaffolding --- app/views/devise/confirmations/new.html.erb | 2 +- app/views/devise/passwords/edit.html.erb | 4 ++-- app/views/devise/passwords/new.html.erb | 2 +- app/views/devise/registrations/edit.html.erb | 8 ++++---- app/views/devise/registrations/new.html.erb | 6 +++--- app/views/devise/sessions/new.html.erb | 6 +++--- app/views/devise/unlocks/new.html.erb | 2 +- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index 657afd8764..454081193b 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -3,7 +3,7 @@ <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %> -
+
<%= f.label :email %>
<%= f.email_field :email, autofocus: true %>
diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index cfa2ed77db..1b2ff26a56 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -4,12 +4,12 @@ <%= devise_error_messages! %> <%= f.hidden_field :reset_password_token %> -
+
<%= f.label :password, "New password" %>
<%= f.password_field :password, autofocus: true, autocomplete: "off" %>
-
+
<%= f.label :password_confirmation, "Confirm new password" %>
<%= f.password_field :password_confirmation, autocomplete: "off" %>
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index a8e1c3f0a4..3d6d11aae2 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -3,7 +3,7 @@ <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %> -
+
<%= f.label :email %>
<%= f.email_field :email, autofocus: true %>
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 87c104b858..3ea40f0148 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -3,7 +3,7 @@ <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> <%= devise_error_messages! %> -
+
<%= f.label :email %>
<%= f.email_field :email, autofocus: true %>
@@ -12,17 +12,17 @@
Currently waiting confirmation for: <%= resource.unconfirmed_email %>
<% end %> -
+
<%= f.label :password %> (leave blank if you don't want to change it)
<%= f.password_field :password, autocomplete: "off" %>
-
+
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation, autocomplete: "off" %>
-
+
<%= f.label :current_password %> (we need your current password to confirm your changes)
<%= f.password_field :current_password, autocomplete: "off" %>
diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 70eb6ef80a..343b265620 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -3,12 +3,12 @@ <%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> <%= devise_error_messages! %> -
+
<%= f.label :email %>
<%= f.email_field :email, autofocus: true %>
-
+
<%= f.label :password %> <% if @validatable %> (<%= @minimum_password_length %> characters minimum) @@ -16,7 +16,7 @@ <%= f.password_field :password, autocomplete: "off" %>
-
+
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation, autocomplete: "off" %>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 4df8ebab87..b261cfd152 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,18 +1,18 @@

Log in

<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> -
+
<%= f.label :email %>
<%= f.email_field :email, autofocus: true %>
-
+
<%= f.label :password %>
<%= f.password_field :password, autocomplete: "off" %>
<% if devise_mapping.rememberable? -%> -
+
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb index 50e81c088f..16586bc7af 100644 --- a/app/views/devise/unlocks/new.html.erb +++ b/app/views/devise/unlocks/new.html.erb @@ -3,7 +3,7 @@ <%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> <%= devise_error_messages! %> -
+
<%= f.label :email %>
<%= f.email_field :email, autofocus: true %>
From 2c2e3665002f758a184b665a5999cf72eb7f2826 Mon Sep 17 00:00:00 2001 From: Michael Moulsdale Date: Sun, 26 Oct 2014 18:33:27 +0000 Subject: [PATCH 0630/1473] Update README.md Updated decsription of Configuring controllers to use Users rather than Admins. This is purely to be consistent with the previous documentation --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 7ef0b7b82b..daca42d631 100644 --- a/README.md +++ b/README.md @@ -289,11 +289,11 @@ If the customization at the views level is not enough, you can customize each co rails generate devise:controllers [scope] ``` - If you specify `admins` as the scope, controllers will be created in `app/controllers/admins/`. + If you specify `users` as the scope, controllers will be created in `app/controllers/users/`. And the sessions controller will look like this: ```ruby - class Admins::SessionsController < Devise::SessionsController + class Users::SessionsController < Devise::SessionsController # GET /resource/sign_in # def new # super @@ -305,17 +305,17 @@ If the customization at the views level is not enough, you can customize each co 2. Tell the router to use this controller: ```ruby - devise_for :admins, controllers: { sessions: "admins/sessions" } + devise_for :users, controllers: { sessions: "users/sessions" } ``` -3. Copy the views from `devise/sessions` to `admins/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`. +3. Copy the views from `devise/sessions` to `users/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`. 4. Finally, change or extend the desired controller actions. You can completely override a controller action: ```ruby - class Admins::SessionsController < Devise::SessionsController + class Users::SessionsController < Devise::SessionsController def create # custom sign-in code end @@ -325,7 +325,7 @@ If the customization at the views level is not enough, you can customize each co Or you can simply add new behaviour to it: ```ruby - class Admins::SessionsController < Devise::SessionsController + class Users::SessionsController < Devise::SessionsController def create super do |resource| BackgroundWorker.trigger(resource) From a93edc72fd9f6cc5839dd74107b215a81c16dc37 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Oct 2014 22:32:19 -0200 Subject: [PATCH 0631/1473] Check for a `Hash` when using the `authentication_keys` to generate the FailureApp flash message. Fixes #3270. --- lib/devise/failure_app.rb | 4 +++- test/failure_app_test.rb | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 7cedf646e6..783d2d6e27 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -78,7 +78,9 @@ def i18n_message(default = nil) options[:resource_name] = scope options[:scope] = "devise.failure" options[:default] = [message] - options[:authentication_keys] = scope_class.authentication_keys.join(I18n.translate(:"support.array.words_connector")) + auth_keys = scope_class.authentication_keys + keys = auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys + options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector")) options = i18n_options(options) I18n.t(:"#{scope}.#{message}", options) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 8fb8588aaa..a5952f5f49 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -109,6 +109,13 @@ def call_failure(env_params={}) assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end + test 'supports authentication_keys as a Hash for the flash message' do + swap Devise, authentication_keys: { email: true, login: true } do + call_failure('warden' => OpenStruct.new(message: :invalid)) + assert_equal 'Invalid email, login or password.', @request.flash[:alert] + end + end + test 'uses custom i18n options' do call_failure('warden' => OpenStruct.new(message: :does_not_exist), app: FailureWithI18nOptions) assert_equal 'User Steve does not exist', @request.flash[:alert] From 05d8d81ff406060a7e8982279887b89f3fbcc4e5 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Oct 2014 22:58:24 -0200 Subject: [PATCH 0632/1473] Update CHANGELOG --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 349b8b7e12..2fd939fcc7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,12 @@ ### Unreleased * enhancements + * Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns) + * Passing `now: true` to the `set_flash_message` helper now sets the message into + the `flash.now` Hash. (by @hbriggs) * bugfixes + * Fixed an regression with translation of flash messages for when the `authentication_keys` + config is a Hash. (by @lucasmazza) ### 3.4.0 From 8a7796aea997d5e8ba9d60b731904cca4dd1f479 Mon Sep 17 00:00:00 2001 From: Chaker Nakhli Date: Tue, 28 Oct 2014 12:17:06 +0100 Subject: [PATCH 0633/1473] Add ActiveSupport load hook for DeviseController --- app/controllers/devise_controller.rb | 2 ++ test/controllers/load_hooks_controller_test.rb | 15 +++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 test/controllers/load_hooks_controller_test.rb diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 20cc161fb7..722170ca9a 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -180,4 +180,6 @@ def respond_with_navigational(*args, &block) def resource_params params.fetch(resource_name, {}) end + + ActiveSupport.run_load_hooks(:devise_controller, self) end diff --git a/test/controllers/load_hooks_controller_test.rb b/test/controllers/load_hooks_controller_test.rb new file mode 100644 index 0000000000..3b9493c56f --- /dev/null +++ b/test/controllers/load_hooks_controller_test.rb @@ -0,0 +1,15 @@ +require 'test_helper' + +class LoadHooksControllerTest < ActionController::TestCase + setup do + ActiveSupport.on_load(:devise_controller) do + define_method :defined_by_load_hook do + puts 'I am defined dynamically by activesupport load hook' + end + end + end + + test 'load hook called when controller is loaded' do + assert DeviseController.instance_methods.include? :defined_by_load_hook + end +end \ No newline at end of file From e3f794f369e6c63c4f42f75dfcc187d3bf987bd0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 29 Oct 2014 12:59:33 -0200 Subject: [PATCH 0634/1473] Release 3.4.1 --- CHANGELOG.md | 2 ++ Gemfile.lock | 2 +- gemfiles/Gemfile.rails-3.2-stable.lock | 2 +- gemfiles/Gemfile.rails-4.0-stable.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- lib/devise/version.rb | 2 +- 6 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2fd939fcc7..676d69a387 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 3.4.1 + * enhancements * Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns) * Passing `now: true` to the `set_flash_message` helper now sets the message into diff --git a/Gemfile.lock b/Gemfile.lock index 6441944d9e..2119556576 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GIT PATH remote: . specs: - devise (3.4.0) + devise (3.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index 174922a8ff..8a88861d3d 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -49,7 +49,7 @@ GIT PATH remote: .. specs: - devise (3.4.0) + devise (3.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 4cfa4ff92e..6540b1c8f9 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -43,7 +43,7 @@ GIT PATH remote: .. specs: - devise (3.4.0) + devise (3.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 7bf1312ec6..7473795de7 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (3.4.0) + devise (3.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 04bd7ec24c..e82c7a6a9a 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.4.0".freeze + VERSION = "3.4.1".freeze end From e46a21be16b9c96b08682183b2af72323d570e55 Mon Sep 17 00:00:00 2001 From: Chaker Nakhli Date: Wed, 29 Oct 2014 16:14:38 +0100 Subject: [PATCH 0635/1473] remove dynamically added method to DeviseController by active support load hook test --- test/controllers/load_hooks_controller_test.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/controllers/load_hooks_controller_test.rb b/test/controllers/load_hooks_controller_test.rb index 3b9493c56f..4f6d9a8e0c 100644 --- a/test/controllers/load_hooks_controller_test.rb +++ b/test/controllers/load_hooks_controller_test.rb @@ -3,12 +3,16 @@ class LoadHooksControllerTest < ActionController::TestCase setup do ActiveSupport.on_load(:devise_controller) do - define_method :defined_by_load_hook do + define_method :defined_by_load_hook do puts 'I am defined dynamically by activesupport load hook' end end end + teardown do + DeviseController.class_eval { undef :defined_by_load_hook } + end + test 'load hook called when controller is loaded' do assert DeviseController.instance_methods.include? :defined_by_load_hook end From 2a5ae0200d3cbf2db741794de35a301965c17b95 Mon Sep 17 00:00:00 2001 From: Olivier Lacan Date: Mon, 3 Nov 2014 13:52:03 +0100 Subject: [PATCH 0636/1473] Add release dates to each version in CHANGELOG As I've described [here](http://keepachangelog.com), it's quite useful to associate release version numbers with dates to get situated in a change log. Hope you find this useful. PS: While doing this I did notice that a release marked as yanked in the CHANGELOG was not showing up as yanked on RubyGems, hence #3289. --- CHANGELOG.md | 206 +++++++++++++++++++++++++-------------------------- 1 file changed, 103 insertions(+), 103 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 676d69a387..e4149bb2a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ ### Unreleased -### 3.4.1 +### 3.4.1 - 2014-10-29 * enhancements * Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns) @@ -10,7 +10,7 @@ * Fixed an regression with translation of flash messages for when the `authentication_keys` config is a Hash. (by @lucasmazza) -### 3.4.0 +### 3.4.0 - 2014-10-03 * enhancements * Support added for Rails 4.2. Devise now depends on the `responders` gem due @@ -31,7 +31,7 @@ message for your users. To keep the current behavior, this flag is now `true` by default. (by @lucasmazza) -### 3.3.0 +### 3.3.0 - 2014-08-13 * enhancements * Support multiple warden configuration blocks on devise configuration. (by @rossta) @@ -55,13 +55,13 @@ * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson) * Only valid paths will be stored for redirections (by @parallel588) -### 3.2.4 +### 3.2.4 - 2014-03-17 * enhancements * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86. * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline) -### 3.2.3 +### 3.2.3 - 2014-02-20 * enhancements * Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`. @@ -70,14 +70,14 @@ * bug fix * Migrations will be properly generated when using rails 4.1.0. -### 3.2.2 +### 3.2.2 - 2013-11-25 * bug fix * Ensure timeoutable works when `sign_out_all_scopes` is false (by @louman) * Keep the query string when storing location (by @csexton) * Require rails generator base class in devise generators -### 3.2.1 +### 3.2.1 - 2013-11-13 Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode @@ -89,7 +89,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumerati * Bring `password_digest` back to fix compatibility with `devise-encryptable` * Avoid e-mail enumeration on sign in when in paranoid mode -### 3.2.0 +### 3.2.0 - 2013-11-06 * enhancements * Previously deprecated token authenticatable and insecure lookups have been removed @@ -108,13 +108,13 @@ Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumerati * deprecations * `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!` -### 3.1.1 +### 3.1.1 - 2013-10-01 * bug fix * Improve default message which asked users to sign in even when they were already signed (by @gregates) * Improve error message for when the config.secret_key is missing -### 3.1.0 +### 3.1.0 - 2013-09-05 Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ @@ -137,12 +137,12 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-w * Do not compare directly against confirmation, unlock and reset password tokens * Skip storage for cookies on unverified requests -### 3.0.2 +### 3.0.2 - 2013-08-09 * bug fix * Skip storage for cookies on unverified requests -### 3.0.1 +### 3.0.1 - 2013-08-02 Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/ @@ -153,7 +153,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne) * Clean up CSRF token after authentication (by @homakov). Notice this change will clean up the CSRF Token after authentication (sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server. -### 3.0.0 +### 3.0.0 - 2013-07-14 * enhancements * Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) @@ -163,7 +163,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * bug fix * Errors on unlock are now properly reflected on the first `unlock_keys` -### 2.2.4 +### 2.2.4 - 2013-05-07 * enhancements * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3) @@ -182,25 +182,25 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * backwards incompatible changes * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606 -### 2.2.3 +### 2.2.3 - 2013-01-26 Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/ * bug fix * Require string conversion for all values -### 2.2.2 +### 2.2.2 - 2013-01-15 * bug fix * Fix bug when checking for reconfirmable in templates -### 2.2.1 +### 2.2.1 - 2013-01-11 * bug fix * Fix regression with case_insensitive_keys * Fix regression when password is blank when it is invalid -### 2.2.0 +### 2.2.0 - 2013-01-08 * backwards incompatible changes * `headers_for` is deprecated, customize the mailer directly instead @@ -231,17 +231,17 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby) * Properly handle namespaced models on Active Record generator (by @nashby) -### 2.1.4 +### 2.1.4 - 2013-08-18 * bugfix * Do not confirm account after reset password -### 2.1.3 +### 2.1.3 - 2013-01-26 * bugfix * Require string conversion for all values -### 2.1.2 +### 2.1.2 - 2012-06-19 * enhancements * Handle backwards incompatibility between Rails 3.2.6 and Thor 0.15.x @@ -249,7 +249,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * bug fix * Fix regression on strategy validation on previous release -### 2.1.1 (yanked) +### 2.1.1 - 2012-06-15 (yanked) * enhancements * `sign_out_all_scopes` now locks warden and does not allow new logins in the same action @@ -266,7 +266,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * deprecations * Strategy#validate() no longer validates nil resources -### 2.1.0 +### 2.1.0 - 2012-05-15 * enhancements * Add `check_fields!(model_class)` method on Devise::Models to check if the model includes the fields that Devise uses @@ -293,7 +293,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * Return `head :no_content` in SessionsController now that most JS libraries handle it (by @julianvargasalvarez) * Reverted moving devise/shared/_links.erb to devise/_links.erb -### 2.0.4 +### 2.0.4 - 2012-02-17 Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0 @@ -301,7 +301,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix when :host is used with devise_for (by @mreinsch) * Fix a regression that caused Warden to be initialized too late -### 2.0.3 (yanked) +### 2.0.3 - 2012-06-16 (yanked) * bug fix * Ensure warning is not shown by mistake on apps with mounted engines @@ -309,7 +309,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure serializable_hash does not depend on accessible attributes * Ensure that timeout callback does not run on sign out action -### 2.0.2 +### 2.0.2 - 2012-02-14 * enhancements * Add devise_i18n_options to customize I18n message @@ -321,7 +321,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Show a warning in case someone gives a pluralized name to devise generator * Fix test behavior for rspec subject requests (by @sj26) -### 2.0.1 +### 2.0.1 - 2012-02-09 * enhancements * Improved error messages on deprecation warnings @@ -330,7 +330,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Removed tmp and log files from gem -### 2.0.0 +### 2.0.0 - 2012-01-26 * enhancements * Add support for e-mail reconfirmation on change (by @Mandaryn and @heimidal) @@ -356,14 +356,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Deprecated support to devise.registrations.reasons and devise.registrations.inactive_signed_up in favor of devise.registrations.signed_up_but_* * Protected method render_with_scope was removed. -### 1.5.3 +### 1.5.3 - 2011-12-19 * bug fix * Ensure delegator converts scope to symbol (by @dmitriy-kiriyenko) * Ensure passing :format => false to devise_for is not permanent * Ensure path checker does not check invalid routes -### 1.5.2 +### 1.5.2 - 2011-11-30 * enhancements * Add support for Rails 3.1 new mass assignment conventions (by @kirs) @@ -372,12 +372,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * OmniAuth error message now shows the proper option (:strategy_class instead of :klass) -### 1.5.1 +### 1.5.1 - 2011-11-22 * bug fix * Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise. -### 1.5.0 +### 1.5.0 - 2011-11-13 * enhancements * Timeoutable also skips tracking if skip_trackable is given @@ -398,12 +398,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * redirect_location is deprecated, please use after_sign_in_path_for * after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it -### 1.4.9 +### 1.4.9 - 2011-10-19 * bug fix * url helpers were not being set under some circumstances -### 1.4.8 +### 1.4.8 - 2011-10-09 * enhancements * Add docs for assets pipeline and Heroku @@ -411,12 +411,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * confirmation_url was not being set under some circumstances -### 1.4.7 +### 1.4.7 - 2011-09-21 * bug fix * Fix backward incompatible change from 1.4.6 for those using custom controllers -### 1.4.6 (yanked) +### 1.4.6 - 2011-09-19 (yanked) * enhancements * Allow devise_for :skip => :all @@ -424,7 +424,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow --skip-routes to devise generator * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller -### 1.4.5 +### 1.4.5 - 2011-09-07 * bug fix * Failure app tries the root path if a session one does not exist @@ -432,12 +432,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Reset password shows proper message if user is not active * `clean_up_passwords` sets the accessors to nil to skip validations -### 1.4.4 +### 1.4.4 - 2011-08-30 * bug fix * Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually -### 1.4.3 +### 1.4.3 - 2011-08-29 * enhancements * Improve Rails 3.1 compatibility @@ -453,12 +453,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecations * Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation -### 1.4.2 +### 1.4.2 - 2011-06-30 * bug fix * Provide a more robust behavior to serializers and add :force_except option -### 1.4.1 +### 1.4.1 - 2011-06-29 * enhancements * Add :defaults and :format support on router @@ -469,7 +469,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure to_xml is properly white listened * Ensure handle_unverified_request clean up any cached signed-in user -### 1.4.0 +### 1.4.0 - 2011-06-23 * enhancements * Added authenticated and unauthenticated to the router to route the used based on their status (by @sj26) @@ -487,22 +487,22 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Devise now honors routes constraints (by @macmartine) * Do not return the user resource when requesting instructions (by @rodrigoflores) -### 1.3.4 +### 1.3.4 - 2011-04-28 * bug fix * Do not add formats if html or "*/*" -### 1.3.3 +### 1.3.3 - 2011-04-20 * bug fix * Explicitly mark the token as expired if so -### 1.3.2 +### 1.3.2 - 2011-04-20 * bug fix * Fix another regression related to reset_password_sent_at (by @alexdreher) -### 1.3.1 +### 1.3.1 - 2011-04-18 * enhancements * Improve failure_app responses (by @indirect) @@ -511,7 +511,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix a regression that occurred if reset_password_sent_at is not present (by @stevehodgkiss) -### 1.3.0 +### 1.3.0 - 2011-04-15 * enhancements * All controllers can now handle different mime types than html using Responders (by @sikachu) @@ -531,19 +531,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * backward incompatible changes * authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior. -### 1.2.1 +### 1.2.1 - 2011-03-27 * enhancements * Improve update path messages -### 1.2.0 +### 1.2.0 - 2011-03-24 * bug fix * Properly ignore path prefix on omniauthable * Faster uniqueness queries * Rename active? to active_for_authentication? to avoid conflicts -### 1.2.rc2 +### 1.2.rc2 - 2011-03-10 * enhancements * Make friendly_token 20 chars long @@ -573,7 +573,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Removed --haml and --slim view templates * Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode -### 1.2.rc +### 1.2.rc - 2010-10-25 * deprecations * cookie_domain is deprecated in favor of cookie_options @@ -611,13 +611,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure namespaces has proper scoped views * Ensure Devise does not set empty flash messages (by @sxross) -### 1.1.6 +### 1.1.6 - 2011-02-14 * Use a more secure e-mail regexp * Implement Rails 3.0.4 handle unverified request * Use secure_compare to compare passwords -### 1.1.5 +### 1.1.5 - 2010-11-26 * bugfix * Ensure to convert keys on indifferent hash @@ -625,12 +625,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * defaults * Set config.http_authenticatable to false to avoid confusion -### 1.1.4 +### 1.1.4 - 2010-11-25 * bugfix * Avoid session fixation attacks -### 1.1.3 +### 1.1.3 - 2010-09-23 * bugfix * Add reply-to to e-mail headers by default @@ -641,17 +641,17 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix for failed first-ever logins on PostgreSQL where column default is nil (by @bensie) * :default options is now honored in migrations -### 1.1.2 +### 1.1.2 - 2010-08-25 * bugfix * Compatibility with latest Rails routes schema -### 1.1.1 +### 1.1.1 - 2010-07-26 * bugfix * Fix a small bug where generated locale file was empty on devise:install -### 1.1.0 +### 1.1.0 - 2010-07-25 * enhancements * Rememberable module allows user to be remembered across browsers and is enabled by default (by @trevorturk) @@ -671,7 +671,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecations * use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead -### 1.1.rc2 +### 1.1.rc2 - 2010-06-22 * enhancements * Allow to set cookie domain for the remember token. (by @mantas) @@ -689,7 +689,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject * Generators now use Rails 3 syntax (devise:install) instead of devise_install -### 1.1.rc1 +### 1.1.rc1 - 2010-04-14 * enhancements * Rails 3 compatibility @@ -721,7 +721,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure * :as and :scope in routes is deprecated. Use :path and :singular instead -### 1.0.8 +### 1.0.8 - 2010-06-22 * enhancements * Support for latest MongoMapper @@ -730,7 +730,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * confirmation_required? is properly honored on active? calls. (by @paulrosania) -### 1.0.7 +### 1.0.7 - 2010-05-02 * bug fix * Ensure password confirmation is always required @@ -739,14 +739,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * authenticatable was deprecated and renamed to database_authenticatable * confirmable is not included by default on generation -### 1.0.6 +### 1.0.6 - 2010-04-02 * bug fix * Do not allow unlockable strategies based on time to access a controller. * Do not send unlockable email several times. * Allow controller to upstram custom! failures to Warden. -### 1.0.5 +### 1.0.5 - 2010-03-25 * bug fix * Use prepend_before_filter in require_no_authentication. @@ -754,19 +754,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix a bug when giving an association proxy to devise. * Do not use lock! on lockable since it's part of ActiveRecord API. -### 1.0.4 +### 1.0.4 - 2010-03-02 * bug fix * Fixed a bug when deleting an account with rememberable * Fixed a bug with custom controllers -### 1.0.3 +### 1.0.3 - 2010-02-22 * enhancements * HTML e-mails now have proper formatting * Do not remove MongoMapper options in find -### 1.0.2 +### 1.0.2 - 2010-02-17 * enhancements * Allows you set mailer content type (by @glennr) @@ -774,7 +774,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Uses the same content type as request on http authenticatable 401 responses -### 1.0.1 +### 1.0.1 - 2010-02-16 * enhancements * HttpAuthenticatable is not added by default automatically. @@ -783,7 +783,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fixed encryptors autoload -### 1.0.0 +### 1.0.0 - 2010-02-08 * deprecation * :old_password in update_with_password is deprecated, use :current_password instead @@ -794,7 +794,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow scoped_views to be customized per controller/mailer class * Allow authenticatable to used in change_table statements -### 0.9.2 +### 0.9.2 - 2010-02-04 * bug fix * Ensure inactive user cannot sign in @@ -804,13 +804,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added gemspec to repo * Added token authenticatable (by @grimen) -### 0.9.1 +### 0.9.1 - 2010-01-24 * bug fix * Allow bigger salt size (by @jgeiger) * Fix relative url root -### 0.9.0 +### 0.9.0 - 2010-01-20 * deprecation * devise :all is deprecated @@ -827,7 +827,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Accept path prefix not starting with slash * url helpers should rely on find_scope! -### 0.8.2 +### 0.8.2 - 2010-01-12 * enhancements * Allow Devise.mailer_sender to be a proc (by @grimen) @@ -835,7 +835,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix bug with passenger, update is required to anyone deploying on passenger (by @dvdpalm) -### 0.8.1 +### 0.8.1 - 2010-01-07 * enhancements * Move salt to encryptors @@ -845,7 +845,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Bcrypt generator was not being loaded neither setting the proper salt -### 0.8.0 +### 0.8.0 - 2010-01-06 * enhancements * Warden 0.8.0 compatibility @@ -859,19 +859,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecation * Removed DeviseMailer.sender -### 0.7.5 +### 0.7.5 - 2010-01-01 * enhancements * Set a default value for mailer to avoid find_template issues * Add models configuration to MongoMapper::EmbeddedDocument as well -### 0.7.4 +### 0.7.4 - 2009-12-21 * enhancements * Extract Activatable from Confirmable * Decouple Serializers from Devise modules -### 0.7.3 +### 0.7.3 - 2009-12-15 * bug fix * Give scope to the proper model validation @@ -881,7 +881,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added update_with_password for authenticatable * Allow render_with_scope to accept :controller option -### 0.7.2 +### 0.7.2 - 2009-12-14 * deprecation * Renamed reset_confirmation! to resend_confirmation! @@ -891,12 +891,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fixed render_with_scope to work with all controllers * Allow sign in with two different users in Devise::TestHelpers -### 0.7.1 +### 0.7.1 - 2009-12-09 * enhancements * Small enhancements for other plugins compatibility (by @grimen) -### 0.7.0 +### 0.7.0 - 2009-12-08 * deprecations * :authenticatable is not included by default anymore @@ -905,25 +905,25 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Improve loading process * Extract SessionSerializer from Authenticatable -### 0.6.3 +### 0.6.3 - 2009-12-02 * bug fix * Added trackable to migrations * Allow inflections to work -### 0.6.2 +### 0.6.2 - 2009-11-25 * enhancements * More DataMapper compatibility * Devise::Trackable - track sign in count, timestamps and ips -### 0.6.1 +### 0.6.1 - 2009-11-24 * enhancements * Devise::Timeoutable - timeout sessions without activity * DataMapper now accepts conditions -### 0.6.0 +### 0.6.0 - 2009-11-22 * deprecations * :authenticatable is still included by default, but yields a deprecation warning @@ -934,19 +934,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow a strategy to be placed after authenticatable * Do not rely attribute? methods, since they are not added on Datamapper -### 0.5.6 +### 0.5.6 - 2009-11-21 * enhancements * Do not send nil to build (DataMapper compatibility) * Allow to have scoped views -### 0.5.5 +### 0.5.5 - 2009-11-20 * enhancements * Allow overwriting find for authentication method * Remove Ruby 1.8.7 dependency -### 0.5.4 +### 0.5.4 - 2009-11-19 * deprecations * Deprecate :singular in devise_for and use :scope instead @@ -957,7 +957,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Create sign_in_and_redirect and sign_out_and_redirect helpers * Warden::Manager.default_scope is automatically configured to the first given scope -### 0.5.3 +### 0.5.3 - 2009-11-18 * bug fix * MongoMapper now converts DateTime to Time @@ -969,20 +969,20 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper in cases you don't want it be handlded automatically -### 0.5.2 +### 0.5.2 - 2009-11-17 * enhancements * Improved sign_in and sign_out helpers to accepts resources * Added stored_location_for as a helper * Added test helpers -### 0.5.1 +### 0.5.1 - 2009-11-15 * enhancements * Added serializers based on Warden ones * Allow authentication keys to be set -### 0.5.0 +### 0.5.0 - 2009-11-13 * bug fix * Fixed a bug where remember me module was not working properly @@ -992,13 +992,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by @mhfs) * Added support for MongoMapper (by @shingara) -### 0.4.3 +### 0.4.3 - 2009-11-10 * bug fix * Authentication just fails if user cannot be serialized from session, without raising errors; * Default configuration values should not overwrite user values; -### 0.4.2 +### 0.4.2 - 2009-11-06 * deprecations * Renamed mail_sender to mailer_sender @@ -1010,12 +1010,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow :path_prefix to be given to devise_for * Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported) -### 0.4.1 +### 0.4.1 - 2009-11-04 * bug fix * Ensure options can be set even if models were not loaded -### 0.4.0 +### 0.4.0 - 2009-11-03 * deprecations * Notifier is deprecated, use DeviseMailer instead. Remember to rename @@ -1028,7 +1028,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow Warden::Manager to be configured through Devise * Created a generator which creates an initializer -### 0.3.0 +### 0.3.0 - 2009-10-30 * bug fix * Allow yml messages to be configured by not using engine locales @@ -1038,7 +1038,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Do not send confirmation messages when user changes their e-mail * Renamed authenticable to authenticatable and added deprecation warnings -### 0.2.3 +### 0.2.3 - 2009-10-29 * enhancements * Ensure fail! works inside strategies @@ -1048,12 +1048,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Do not redirect on invalid authenticate * Allow model configuration to be set to nil -### 0.2.2 +### 0.2.2 - 2009-10-28 * bug fix * Fix a bug when using customized resources -### 0.2.1 +### 0.2.1 - 2009-10-27 * refactor * Clean devise_views generator to use devise existing views @@ -1065,7 +1065,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix a bug with Mongrel and Ruby 1.8.6 -### 0.2.0 +### 0.2.0 - 2009-10-24 * enhancements * Allow option :null => true in authenticable migration @@ -1080,12 +1080,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fixes * Fixed requiring devise strategies -### 0.1.1 +### 0.1.1 - 2009-10-21 * bug fixes * Fixed requiring devise mapping -### 0.1.0 +### 0.1.0 - 2009-10-21 * Devise::Authenticable * Devise::Confirmable From 3902e0702cf8a5b75eae77b3a8528506a7ab938d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mihai=20T=C3=A2rnovan?= Date: Wed, 5 Nov 2014 15:47:10 +0200 Subject: [PATCH 0637/1473] Yield the resource in SessionsController#new --- app/controllers/devise/sessions_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 4a5497a0f1..c0dd1fb4f6 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -8,6 +8,7 @@ class Devise::SessionsController < DeviseController def new self.resource = resource_class.new(sign_in_params) clean_up_passwords(resource) + yield resource if block_given? respond_with(resource, serialize_options(resource)) end From 09f433691aa234900d247bc8451e9791deb0b83a Mon Sep 17 00:00:00 2001 From: Alan deLevie Date: Wed, 5 Nov 2014 16:51:29 -0500 Subject: [PATCH 0638/1473] Fix small typo in devise_authenticatable.rb --- lib/devise/models/database_authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 1eb2a8164a..28dfcace19 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -42,7 +42,7 @@ def password=(new_password) self.encrypted_password = password_digest(@password) if @password.present? end - # Verifies whether an password (ie from sign in) is the user password. + # Verifies whether a password (ie from sign in) is the user password. def valid_password?(password) return false if encrypted_password.blank? bcrypt = ::BCrypt::Password.new(encrypted_password) From 5dedd8c4cfc06c8eebc72fc1823683c5c511be63 Mon Sep 17 00:00:00 2001 From: Jimmy Bourassa Date: Wed, 5 Nov 2014 16:52:40 -0500 Subject: [PATCH 0639/1473] Add fragment support for `store_location_for` --- lib/devise/controllers/store_location.rb | 4 +++- test/controllers/helpers_test.rb | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index ad36a4f04c..84adbaaa2c 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -35,7 +35,9 @@ def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) uri = parse_uri(location) if uri - session[session_key] = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?') + path = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?') + path = [path, uri.fragment].compact.join('#') + session[session_key] = path end end diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 4563b66c91..bae10c25b9 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -245,6 +245,11 @@ def setup assert_equal "/foo?bar=baz", @controller.stored_location_for(:user) end + test 'store location for stores fragments' do + @controller.store_location_for(:user, "/foo#bar") + assert_equal "/foo#bar", @controller.stored_location_for(:user) + end + test 'after sign in path defaults to root path if none by was specified for the given scope' do assert_equal root_path, @controller.after_sign_in_path_for(:user) end From 6f88df345399fe6d0cd63403727075edf98473be Mon Sep 17 00:00:00 2001 From: BM5k Date: Sat, 8 Nov 2014 15:52:39 -0700 Subject: [PATCH 0640/1473] add test for after_database_authentication --- test/integration/database_authenticatable_test.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 48aed2b8e8..18a633d3af 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -81,4 +81,15 @@ class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest assert_contain 'Invalid credentials' end end + + test 'valid sign in calls after_database_authentication callback' do + user = create_user(email: ' foo@bar.com ') + + User.expects(:find_for_database_authentication).returns user + user.expects :after_database_authentication + + sign_in_as_user do + fill_in 'email', with: 'foo@bar.com' + end + end end From b5713a8ddf00867df3e0bf28890f4a86c933328b Mon Sep 17 00:00:00 2001 From: BM5k Date: Sat, 8 Nov 2014 16:39:24 -0700 Subject: [PATCH 0641/1473] add Rememerable#after_remembered callback --- lib/devise/models/rememberable.rb | 13 +++++++++++++ lib/devise/strategies/rememberable.rb | 1 + test/integration/rememberable_test.rb | 9 +++++++++ 3 files changed, 23 insertions(+) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index e9326d269d..2f75290bc9 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -89,6 +89,19 @@ def rememberable_options self.class.rememberable_options end + # A callback initiated after successfully being remembered. This can be + # used to insert your own logic that is only run after the user is + # remembered. + # + # Example: + # + # def after_remembered + # self.update_attribute(:invite_code, nil) + # end + # + def after_remembered + end + protected def generate_remember_token? #:nodoc: diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index 6906627332..b1f0dadd61 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -27,6 +27,7 @@ def authenticate! if validate(resource) remember_me(resource) extend_remember_me_period(resource) + resource.after_remembered success!(resource) end end diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 718a7146a6..a762eb11c2 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -164,4 +164,13 @@ def cookie_expires(key) get users_path assert_not warden.authenticated?(:user) end + + test 'valid sign in calls after_remembered callback' do + user = create_user_and_remember + + User.expects(:serialize_from_cookie).returns user + user.expects :after_remembered + + get new_user_registration_path + end end From 8c3c6ac10f8e8472b012798895f2794365b6c16d Mon Sep 17 00:00:00 2001 From: BM5k Date: Sat, 8 Nov 2014 16:51:08 -0700 Subject: [PATCH 0642/1473] add docs to other callbacks --- lib/devise/models/confirmable.rb | 10 ++++++++++ lib/devise/models/recoverable.rb | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index dcac6d0762..07b81c91ac 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -249,6 +249,16 @@ def send_confirmation_notification? confirmation_required? && !@skip_confirmation_notification && self.email.present? end + # A callback initiated after successfully confirming. This can be + # used to insert your own logic that is only run after the user successfully + # confirms. + # + # Example: + # + # def after_confirmation + # self.update_attribute(:invite_code, nil) + # end + # def after_confirmation end diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 2694b338ef..fa74f25dd0 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -83,6 +83,16 @@ def clear_reset_password_token self.reset_password_sent_at = nil end + # A callback initiated after password is successfully reset. This can + # be used to insert your own logic that is only run after the user + # successfully resets their password. + # + # Example: + # + # def after_password_reset + # self.update_attribute(:invite_code, nil) + # end + # def after_password_reset end From 9e083c9689f23eb3998703ab34d72ec57a274beb Mon Sep 17 00:00:00 2001 From: Dave Powers Date: Thu, 13 Nov 2014 23:08:42 -0500 Subject: [PATCH 0643/1473] Fix link to Michael Hartl's Rails Tutorial Update link to go to authentication chapter of latest edition (3rd) of online book --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index daca42d631..d1775175f5 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ You will usually want to write tests for your changes. To run the test suite, g If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources: -* Michael Hartl's online book: http://www.railstutorial.org/book/demo_app#sec-modeling_demo_users +* Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :) From 63ae9701b4fc671ddc01e33461e50090949cb661 Mon Sep 17 00:00:00 2001 From: Dave Powers Date: Fri, 14 Nov 2014 14:45:09 -0500 Subject: [PATCH 0644/1473] Update casing of 'OmniAuth' to match that of official OmniAuth documentation --- README.md | 8 ++++---- lib/devise.rb | 6 +++--- lib/devise/controllers/rememberable.rb | 2 +- lib/devise/rails/routes.rb | 2 +- .../controllers/omniauth_callbacks_controller.rb | 2 +- lib/generators/templates/devise.rb | 2 +- test/integration/omniauthable_test.rb | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index d1775175f5..2dd4730273 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds Omniauth (https://github.com/intridea/omniauth) support. +* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support. * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. * [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. @@ -439,15 +439,15 @@ There are two things that are important to keep in mind: get :new ``` -### Omniauth +### OmniAuth -Devise comes with Omniauth support out of the box to authenticate with other providers. To use it, just specify your omniauth configuration in `config/initializers/devise.rb`: +Devise comes with OmniAuth support out of the box to authenticate with other providers. To use it, just specify your OmniAuth configuration in `config/initializers/devise.rb`: ```ruby config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' ``` -You can read more about Omniauth support in the wiki: +You can read more about OmniAuth support in the wiki: * https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview diff --git a/lib/devise.rb b/lib/devise.rb index 88c7c27d54..5a6fa9dbd0 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -246,7 +246,7 @@ def self.#{method}=(val) mattr_accessor :router_name @@router_name = nil - # Set the omniauth path prefix so it can be overridden when + # Set the OmniAuth path prefix so it can be overridden when # Devise is used in a mountable engine mattr_accessor :omniauth_path_prefix @@omniauth_path_prefix = nil @@ -261,7 +261,7 @@ def self.#{method}=(val) mattr_reader :mappings @@mappings = ActiveSupport::OrderedHash.new - # Omniauth configurations. + # OmniAuth configurations. mattr_reader :omniauth_configs @@omniauth_configs = ActiveSupport::OrderedHash.new @@ -417,7 +417,7 @@ def self.warden(&block) @@warden_config_blocks << block end - # Specify an omniauth provider. + # Specify an OmniAuth provider. # # config.omniauth :github, APP_ID, APP_SECRET # diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index 76edfe89e5..5700fde8cf 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -2,7 +2,7 @@ module Devise module Controllers # A module that may be optionally included in a controller in order # to provide remember me behavior. Useful when signing in is done - # through a callback, like in Omniauth. + # through a callback, like in OmniAuth. module Rememberable # Return default cookie values retrieved from session options. def self.cookie_values diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 8048f9961f..23991f3e01 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -402,7 +402,7 @@ def devise_registration(mapping, controllers) #:nodoc: def devise_omniauth_callback(mapping, controllers) #:nodoc: if mapping.fullpath =~ /:[a-zA-Z_]/ raise <<-ERROR -Devise does not support scoping omniauth callbacks under a dynamic segment +Devise does not support scoping OmniAuth callbacks under a dynamic segment and you have set #{mapping.fullpath.inspect}. You can work around by passing `skip: :omniauth_callbacks` and manually defining the routes. Here is an example: diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb index 6516213c9c..cc122dc4f4 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb @@ -21,7 +21,7 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback # protected - # The path used when omniauth fails + # The path used when OmniAuth fails # def after_omniauth_failure_path_for(scope) # super(scope) # end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 90e138c436..d8cd54f0d8 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -257,7 +257,7 @@ # The router that invoked `devise_for`, in the example above, would be: # config.router_name = :my_engine # - # When using omniauth, Devise cannot automatically set Omniauth path, + # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' end diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index f131d15572..76e8a83fb3 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -121,7 +121,7 @@ def stub_action!(name) assert_contain 'Could not authenticate you from Facebook because "Access denied".' end - test "handles other exceptions from omniauth" do + test "handles other exceptions from OmniAuth" do OmniAuth.config.mock_auth[:facebook] = :invalid_credentials visit "/users/sign_in" From c7cc91cb65687e0325d817472a9da9b0c3894b41 Mon Sep 17 00:00:00 2001 From: Logan Leger Date: Tue, 18 Nov 2014 23:10:01 -0600 Subject: [PATCH 0645/1473] Update password length validation to 72 characters max BCrypt has a limit of 72 characters for the password. Anything beyond 72 characters is truncated. This commit updates the validation to limit passwords to less than 72 characters, keeping within the limitation. --- lib/devise/models/validatable.rb | 2 +- lib/generators/templates/devise.rb | 2 +- test/models/validatable_test.rb | 10 +++++----- test/rails_app/config/initializers/devise.rb | 4 ++-- test/rails_app/lib/shared_user.rb | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 2bfdf458b9..bd21fbf66d 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -10,7 +10,7 @@ module Models # Validatable adds the following options to devise_for: # # * +email_regexp+: the regular expression used to validate e-mails; - # * +password_length+: a range expressing password length. Defaults to 8..128. + # * +password_length+: a range expressing password length. Defaults to 8..72. # module Validatable # All validations used by this module. diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index d8cd54f0d8..18d3a555dd 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -144,7 +144,7 @@ # ==> Configuration for :validatable # Range for password length. - config.password_length = 8..128 + config.password_length = 8..72 # Email regex used to validate email formats. It simply asserts that # one (and only one) @ exists in the given string. This is mainly diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index c8dc6877f2..3cd03d8629 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -92,10 +92,10 @@ class ValidatableTest < ActiveSupport::TestCase assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join end - test 'should require a password with maximum of 128 characters long' do - user = new_user(password: 'x'*129, password_confirmation: 'x'*129) + test 'should require a password with maximum of 72 characters long' do + user = new_user(password: 'x'*73, password_confirmation: 'x'*73) assert user.invalid? - assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join + assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join end test 'should not require password length when it\'s not changed' do @@ -109,10 +109,10 @@ class ValidatableTest < ActiveSupport::TestCase end test 'should complain about length even if password is not required' do - user = new_user(password: 'x'*129, password_confirmation: 'x'*129) + user = new_user(password: 'x'*73, password_confirmation: 'x'*73) user.stubs(:password_required?).returns(false) assert user.invalid? - assert_equal 'is too long (maximum is 128 characters)', user.errors[:password].join + assert_equal 'is too long (maximum is 72 characters)', user.errors[:password].join end test 'should not be included in objects with invalid API' do diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 1f99480250..9be1e9a1e9 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -90,8 +90,8 @@ # config.extend_remember_period = false # ==> Configuration for :validatable - # Range for password length. Default is 8..128. - # config.password_length = 8..128 + # Range for password length. Default is 8..72. + # config.password_length = 8..72 # Regex to use to validate the email address # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index adb0e33351..9d7cac2146 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -4,7 +4,7 @@ module SharedUser included do devise :database_authenticatable, :confirmable, :lockable, :recoverable, :registerable, :rememberable, :timeoutable, - :trackable, :validatable, :omniauthable, password_length: 7..128 + :trackable, :validatable, :omniauthable, password_length: 7..72 attr_accessor :other_key From 1bbcc54026d90731179a8f610ab26a437fa02fec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Wed, 19 Nov 2014 09:32:51 +0100 Subject: [PATCH 0646/1473] Yield the resource in RegistrationsController#new --- app/controllers/devise/registrations_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index f8f82b0d11..df65aa24bd 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -9,6 +9,7 @@ def new if @validatable @minimum_password_length = resource_class.password_length.min end + yield resource if block_given? respond_with self.resource end From adc031b214c7c7f0f08fff21085035a74e917939 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 19 Nov 2014 14:26:44 -0200 Subject: [PATCH 0647/1473] Update CHANGELOG [ci skip] --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e4149bb2a2..d774d442d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ ### Unreleased +* enhancements + * Added an ActiveSupport load hook for `:devise_controller` (by @nakhli) + * Location fragments are now preserved between requests (by @jbourassa) + * Added an `after_remembered` callback for the Rememerable module (by @BM5k) + * `RegistrationsController#new` and `SessionsController#new` now yields the + current resource (by @mtarnovan, @deivid-rodriguez) + * Password length validation is now limited to 72 characters for newer apps (by @lleger) + ### 3.4.1 - 2014-10-29 * enhancements From c54e9863a681d32e7fef1e87007686dd8d850040 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 19 Nov 2014 15:43:47 -0200 Subject: [PATCH 0648/1473] Update Gemfiles. --- Gemfile.lock | 38 ++++++------ gemfiles/Gemfile.rails-3.2-stable.lock | 70 ++++++++++----------- gemfiles/Gemfile.rails-4.0-stable.lock | 74 +++++++++++----------- gemfiles/Gemfile.rails-4.1-stable.lock | 86 +++++++++++++------------- 4 files changed, 134 insertions(+), 134 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2119556576..f78f1b7a8c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 5ba2e1fb4cb8189c9890e29c19cf4e16c25e4bc5 + revision: f4f489e45adb0059fae6854d8a29ebb79cc6c8fd branch: master specs: mongoid (4.0.0) @@ -58,40 +58,40 @@ GEM minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - arel (6.0.0.beta1) - bcrypt (3.1.7) + arel (6.0.0.beta2) + bcrypt (3.1.9) bson (2.3.0) builder (3.2.2) - connection_pool (2.0.0) + connection_pool (2.1.0) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) globalid (0.3.0) activesupport (>= 4.1.0) - hashie (3.2.0) + hashie (3.3.1) hike (1.2.3) i18n (0.7.0.beta1) json (1.8.1) jwt (1.0.0) loofah (2.0.1) nokogiri (>= 1.5.9) - mail (2.6.1) + mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.3) - mini_portile (0.6.0) - minitest (5.4.2) + mime-types (2.4.3) + mini_portile (0.6.1) + minitest (5.4.3) mocha (1.1.0) metaclass (~> 0.0.1) - moped (2.0.0) + moped (2.0.2) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.3.1) - mini_portile (= 0.6.0) + nokogiri (1.6.4.1) + mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -133,8 +133,8 @@ GEM sprockets-rails (~> 3.0.0.beta1) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.3) - activesupport + rails-dom-testing (1.0.4) + activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.1) @@ -145,12 +145,12 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.3.2) - rdoc (4.1.1) + rdoc (4.1.2) json (~> 1.4) - responders (2.0.0) + responders (2.0.2) railties (>= 4.2.0.alpha, < 5) - ruby-openid (2.5.0) - sprockets (2.12.2) + ruby-openid (2.6.0) + sprockets (2.12.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) @@ -159,7 +159,7 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (~> 2.8) - sqlite3 (1.3.9) + sqlite3 (1.3.10) thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index 8a88861d3d..a6cd2c374c 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -1,14 +1,14 @@ GIT remote: git://github.com/rails/rails.git - revision: 11fd052aa815ae0255ea5b2463e88138fb3fec61 + revision: ba886f73a2b4a06f3400f0698290c54566639b6a branch: 3-2-stable specs: - actionmailer (3.2.19) - actionpack (= 3.2.19) + actionmailer (3.2.21) + actionpack (= 3.2.21) mail (~> 2.5.4) - actionpack (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) + actionpack (3.2.21) + activemodel (= 3.2.21) + activesupport (= 3.2.21) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) @@ -16,31 +16,31 @@ GIT rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.2.1) - activemodel (3.2.19) - activesupport (= 3.2.19) + activemodel (3.2.21) + activesupport (= 3.2.21) builder (~> 3.0.0) - activerecord (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) + activerecord (3.2.21) + activemodel (= 3.2.21) + activesupport (= 3.2.21) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.19) - activemodel (= 3.2.19) - activesupport (= 3.2.19) - activesupport (3.2.19) + activeresource (3.2.21) + activemodel (= 3.2.21) + activesupport (= 3.2.21) + activesupport (3.2.21) i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) - rails (3.2.19) - actionmailer (= 3.2.19) - actionpack (= 3.2.19) - activerecord (= 3.2.19) - activeresource (= 3.2.19) - activesupport (= 3.2.19) + rails (3.2.21) + actionmailer (= 3.2.21) + actionpack (= 3.2.21) + activerecord (= 3.2.21) + activeresource (= 3.2.21) + activesupport (= 3.2.21) bundler (~> 1.0) - railties (= 3.2.19) - railties (3.2.19) - actionpack (= 3.2.19) - activesupport (= 3.2.19) + railties (= 3.2.21) + railties (3.2.21) + actionpack (= 3.2.21) + activesupport (= 3.2.21) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) @@ -61,12 +61,12 @@ GEM remote: https://rubygems.org/ specs: arel (3.0.3) - bcrypt (3.1.7) + bcrypt (3.1.9) builder (3.0.4) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (3.2.0) + hashie (3.3.1) hike (1.2.3) i18n (0.6.11) journey (1.0.4) @@ -77,7 +77,7 @@ GEM treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.6.0) + mini_portile (0.6.1) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (3.1.6) @@ -89,8 +89,8 @@ GEM multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.3.1) - mini_portile (= 0.6.0) + nokogiri (1.6.4.1) + mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -126,22 +126,22 @@ GEM rake (10.3.2) rdoc (3.12.2) json (~> 1.4) - responders (1.1.1) + responders (1.1.2) railties (>= 3.2, < 4.2) - ruby-openid (2.5.0) - sprockets (2.2.2) + ruby-openid (2.6.0) + sprockets (2.2.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.9) + sqlite3 (1.3.10) thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.41) + tzinfo (0.3.42) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index 6540b1c8f9..cf041a81c3 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,42 +1,42 @@ GIT remote: git://github.com/rails/rails.git - revision: 2d8886e05104316273a0f95dfbcd171d3b12678b + revision: 690bdf9e65713a6da55a9e3a4ba28245c0c75671 branch: 4-0-stable specs: - actionmailer (4.0.9) - actionpack (= 4.0.9) + actionmailer (4.0.12) + actionpack (= 4.0.12) mail (~> 2.5, >= 2.5.4) - actionpack (4.0.9) - activesupport (= 4.0.9) + actionpack (4.0.12) + activesupport (= 4.0.12) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.9) - activesupport (= 4.0.9) + activemodel (4.0.12) + activesupport (= 4.0.12) builder (~> 3.1.0) - activerecord (4.0.9) - activemodel (= 4.0.9) + activerecord (4.0.12) + activemodel (= 4.0.12) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.9) + activesupport (= 4.0.12) arel (~> 4.0.0) - activesupport (4.0.9) + activesupport (4.0.12) i18n (~> 0.6, >= 0.6.9) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) - rails (4.0.9) - actionmailer (= 4.0.9) - actionpack (= 4.0.9) - activerecord (= 4.0.9) - activesupport (= 4.0.9) + rails (4.0.12) + actionmailer (= 4.0.12) + actionpack (= 4.0.12) + activerecord (= 4.0.12) + activesupport (= 4.0.12) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.9) + railties (= 4.0.12) sprockets-rails (~> 2.0) - railties (4.0.9) - actionpack (= 4.0.9) - activesupport (= 4.0.9) + railties (4.0.12) + actionpack (= 4.0.12) + activesupport (= 4.0.12) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -56,23 +56,23 @@ GEM specs: activerecord-deprecated_finders (1.0.3) arel (4.0.2) - bcrypt (3.1.7) + bcrypt (3.1.9) bson (2.3.0) builder (3.1.4) - connection_pool (2.0.0) + connection_pool (2.1.0) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (3.2.0) + hashie (3.3.1) hike (1.2.3) i18n (0.6.11) json (1.8.1) jwt (1.0.0) - mail (2.6.1) + mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.3) - mini_portile (0.6.0) + mime-types (2.4.3) + mini_portile (0.6.1) minitest (4.7.5) mocha (1.1.0) metaclass (~> 0.0.1) @@ -81,15 +81,15 @@ GEM moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.0) + moped (2.0.2) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.3.1) - mini_portile (= 0.6.0) + nokogiri (1.6.4.1) + mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -119,25 +119,25 @@ GEM rack-test (0.6.2) rack (>= 1.0) rake (10.3.2) - rdoc (4.1.1) + rdoc (4.1.2) json (~> 1.4) - responders (1.1.1) + responders (1.1.2) railties (>= 3.2, < 4.2) - ruby-openid (2.5.0) - sprockets (2.12.1) + ruby-openid (2.6.0) + sprockets (2.12.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.1.3) + sprockets-rails (2.2.0) actionpack (>= 3.0) activesupport (>= 3.0) - sprockets (~> 2.8) - sqlite3 (1.3.9) + sprockets (>= 2.8, < 4.0) + sqlite3 (1.3.10) thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) - tzinfo (0.3.41) + tzinfo (0.3.42) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 7473795de7..5fea34ee28 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,47 +1,47 @@ GIT remote: git://github.com/rails/rails.git - revision: 90b70cd453e6b88b2ad484861ad9913f70bd15c9 + revision: 042c7cb9ccfb771dcfd3dcacb7cb2d19d3747853 branch: 4-1-stable specs: - actionmailer (4.1.5) - actionpack (= 4.1.5) - actionview (= 4.1.5) + actionmailer (4.1.8) + actionpack (= 4.1.8) + actionview (= 4.1.8) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.5) - actionview (= 4.1.5) - activesupport (= 4.1.5) + actionpack (4.1.8) + actionview (= 4.1.8) + activesupport (= 4.1.8) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.5) - activesupport (= 4.1.5) + actionview (4.1.8) + activesupport (= 4.1.8) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.5) - activesupport (= 4.1.5) + activemodel (4.1.8) + activesupport (= 4.1.8) builder (~> 3.1) - activerecord (4.1.5) - activemodel (= 4.1.5) - activesupport (= 4.1.5) + activerecord (4.1.8) + activemodel (= 4.1.8) + activesupport (= 4.1.8) arel (~> 5.0.0) - activesupport (4.1.5) + activesupport (4.1.8) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - rails (4.1.5) - actionmailer (= 4.1.5) - actionpack (= 4.1.5) - actionview (= 4.1.5) - activemodel (= 4.1.5) - activerecord (= 4.1.5) - activesupport (= 4.1.5) + rails (4.1.8) + actionmailer (= 4.1.8) + actionpack (= 4.1.8) + actionview (= 4.1.8) + activemodel (= 4.1.8) + activerecord (= 4.1.8) + activesupport (= 4.1.8) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.5) + railties (= 4.1.8) sprockets-rails (~> 2.0) - railties (4.1.5) - actionpack (= 4.1.5) - activesupport (= 4.1.5) + railties (4.1.8) + actionpack (= 4.1.8) + activesupport (= 4.1.8) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -60,24 +60,24 @@ GEM remote: https://rubygems.org/ specs: arel (5.0.1.20140414130214) - bcrypt (3.1.7) + bcrypt (3.1.9) bson (2.3.0) builder (3.2.2) - connection_pool (2.0.0) + connection_pool (2.1.0) erubis (2.7.0) faraday (0.9.0) multipart-post (>= 1.2, < 3) - hashie (3.2.0) + hashie (3.3.1) hike (1.2.3) i18n (0.6.11) json (1.8.1) jwt (1.0.0) - mail (2.6.1) + mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.3) - mini_portile (0.6.0) - minitest (5.4.0) + mime-types (2.4.3) + mini_portile (0.6.1) + minitest (5.4.3) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.0) @@ -85,15 +85,15 @@ GEM moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.0) + moped (2.0.2) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.3.1) - mini_portile (= 0.6.0) + nokogiri (1.6.4.1) + mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -123,21 +123,21 @@ GEM rack-test (0.6.2) rack (>= 1.0) rake (10.3.2) - rdoc (4.1.1) + rdoc (4.1.2) json (~> 1.4) - responders (1.1.1) + responders (1.1.2) railties (>= 3.2, < 4.2) - ruby-openid (2.5.0) - sprockets (2.12.1) + ruby-openid (2.6.0) + sprockets (2.12.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.1.3) + sprockets-rails (2.2.0) actionpack (>= 3.0) activesupport (>= 3.0) - sprockets (~> 2.8) - sqlite3 (1.3.9) + sprockets (>= 2.8, < 4.0) + sqlite3 (1.3.10) thor (0.19.1) thread_safe (0.3.4) tilt (1.4.1) From 4ba84eeb274236ce00750afa16cdd35d0fb33909 Mon Sep 17 00:00:00 2001 From: Tim Scott Date: Wed, 19 Nov 2014 12:29:08 -0600 Subject: [PATCH 0649/1473] Option to validate upon #confirm! Allow to ensure valid upon confirming. We might want to consider confirmation status in validations. For example, maybe we want to require certain fields upon confirmation, but not at registration. --- lib/devise/models/confirmable.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 07b81c91ac..f323d454ad 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -56,7 +56,7 @@ def self.required_fields(klass) # Confirm a user by setting it's confirmed_at to actual time. If the user # is already confirmed, add an error to email field. If the user is invalid # add errors - def confirm! + def confirm!(ensure_valid=false) pending_any_confirmation do if confirmation_period_expired? self.errors.add(:email, :confirmation_period_expired, @@ -75,7 +75,7 @@ def confirm! # We need to validate in such cases to enforce e-mail uniqueness save(validate: true) else - save(validate: false) + save(validate: ensure_valid) end after_confirmation if saved From 04561542b15cc19c1c56b619387d79cf0ef3d800 Mon Sep 17 00:00:00 2001 From: Josh Kalderimis Date: Wed, 19 Nov 2014 13:49:55 -0500 Subject: [PATCH 0650/1473] Use the new build env on Travis - use the new build env on Travis (sudo: false) (docs coming soon) faster vms, more cpu, more ram, faster vm boot time - remove the custom caching for now as the new setup has a far better network - add rails-head to the gemfile list as it wasn't there caching is generally not recommended for libs like Devise as you want to test against the latest gem versions. Caching will use the min requirements available on the system instead of retrieving the latest. On that note, it is also recommended to remove the Gemfile.lock from the repo. For now I have just 'rm'd it before 'bundle install' --- .travis.yml | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index 278b10cfd9..7b6ba6cb54 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,31 +1,35 @@ language: ruby -script: "bundle exec rake test" -install: script/cached-bundle install --deployment --path vendor/bundle + rvm: - 1.9.3 - 2.0.0 - - 2.1.2 -env: - matrix: - - DEVISE_ORM=mongoid - - DEVISE_ORM=active_record - global: - # AMAZON_S3_BUCKET - - secure: "qkeYGn2mpgsgU5tKS9GWvFp/utUF/9O8++Shch24DMnq8OB01TrV5QQ2Elj7sSjMWqw2Pbe56nUCA9eOWXhPglGyIq2AI9E0umsEGZxdRlqqobpiMWs5wl8KZ0cFD1rZm6CwfL8atmcNfTt5TnvsaQ2l/k3TerOT2e66R/Mibk8=" - # AMAZON_ACCESS_KEY_ID - - secure: "rTYGUFH9SPN0L7QtdE6Liyy/1z7nGKxqDF9LMRsmNsIfsqxoTPKZ8bCctQ4ksuk9svynGQsLfsda5pA+YvuALzjdWmGcID6ENgOGvoFnhZO5LuJ5f6t0k8gFpV9oBquQgDWzhzrcPYvCUrUYg3GSlHjFSXdPdht3SoYn7PiDaNs=" - # AMAZON_SECRET_ACCESS_KEY - - secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI=" + - 2.1 + gemfile: - gemfiles/Gemfile.rails-4.1-stable - gemfiles/Gemfile.rails-4.0-stable - gemfiles/Gemfile.rails-3.2-stable + - gemfiles/Gemfile.rails-head - Gemfile + +services: + - mongodb + +sudo: false + +env: + matrix: + - DEVISE_ORM=mongoid + - DEVISE_ORM=active_record + +before_install: "rm Gemfile.lock" + +script: "bundle exec rake test" + matrix: allow_failures: - gemfile: gemfiles/Gemfile.rails-head -services: - - mongodb + notifications: email: false campfire: From cf53131ed66c22d75f8f7c00c1a48eb3b4379ac1 Mon Sep 17 00:00:00 2001 From: Josh Kalderimis Date: Wed, 19 Nov 2014 14:51:42 -0500 Subject: [PATCH 0651/1473] there is no rails-head Gemfile --- .travis.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7b6ba6cb54..c2678751b1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,6 @@ gemfile: - gemfiles/Gemfile.rails-4.1-stable - gemfiles/Gemfile.rails-4.0-stable - gemfiles/Gemfile.rails-3.2-stable - - gemfiles/Gemfile.rails-head - Gemfile services: @@ -26,10 +25,6 @@ before_install: "rm Gemfile.lock" script: "bundle exec rake test" -matrix: - allow_failures: - - gemfile: gemfiles/Gemfile.rails-head - notifications: email: false campfire: From 4599b577984eb38a27d1c49dc7b7894d4d04b515 Mon Sep 17 00:00:00 2001 From: Josh Kalderimis Date: Wed, 19 Nov 2014 14:54:31 -0500 Subject: [PATCH 0652/1473] remove the relevant Gemfile.lock --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c2678751b1..f9619e8861 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,7 +21,7 @@ env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record -before_install: "rm Gemfile.lock" +before_install: "rm ${BUNDLE_GEMFILE}.lock" script: "bundle exec rake test" From 3015ac458d175f8b8c274096b5304bf9601f480c Mon Sep 17 00:00:00 2001 From: Josh Kalderimis Date: Wed, 19 Nov 2014 17:08:07 -0500 Subject: [PATCH 0653/1473] use built in travis caching make sure bundle update is run so that the latest gems are used --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index f9619e8861..852bf1ac63 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,6 +16,8 @@ services: sudo: false +cache: bundler + env: matrix: - DEVISE_ORM=mongoid @@ -23,6 +25,8 @@ env: before_install: "rm ${BUNDLE_GEMFILE}.lock" +before_script: "bundle update" + script: "bundle exec rake test" notifications: From 3b882dadac9d1efc74b456e70670561c16ec58b1 Mon Sep 17 00:00:00 2001 From: Tim Scott Date: Wed, 19 Nov 2014 16:48:35 -0600 Subject: [PATCH 0654/1473] Made ensure valid a named param for confirm!, and added a test. --- lib/devise/models/confirmable.rb | 2 +- test/models/confirmable_test.rb | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index f323d454ad..e6df31ac00 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -56,7 +56,7 @@ def self.required_fields(klass) # Confirm a user by setting it's confirmed_at to actual time. If the user # is already confirmed, add an error to email field. If the user is invalid # add errors - def confirm!(ensure_valid=false) + def confirm!(ensure_valid: false) pending_any_confirmation do if confirmation_period_expired? self.errors.add(:email, :confirmation_period_expired, diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 0c2c56ffdb..10cd160d41 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -315,6 +315,12 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) assert_not user.confirm! assert_equal user.username, old end + + test 'should always perform validations upon confirm when ensure valid true' do + admin = create_admin + admin.stubs(:valid?).returns(false) + assert_not admin.confirm!(ensure_valid: true) + end end class ReconfirmableTest < ActiveSupport::TestCase From e9bf72be6a8d9845031be2ade6b2477afb33937f Mon Sep 17 00:00:00 2001 From: Tim Scott Date: Wed, 19 Nov 2014 18:38:58 -0600 Subject: [PATCH 0655/1473] Use args hash instead of named parameters for confirm! --- lib/devise/models/confirmable.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index e6df31ac00..91cc074829 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -56,7 +56,7 @@ def self.required_fields(klass) # Confirm a user by setting it's confirmed_at to actual time. If the user # is already confirmed, add an error to email field. If the user is invalid # add errors - def confirm!(ensure_valid: false) + def confirm!(args={}) pending_any_confirmation do if confirmation_period_expired? self.errors.add(:email, :confirmation_period_expired, @@ -75,7 +75,7 @@ def confirm!(ensure_valid: false) # We need to validate in such cases to enforce e-mail uniqueness save(validate: true) else - save(validate: ensure_valid) + save(validate: args[:ensure_valid] == true) end after_confirmation if saved From a9e87f067a2a89977930df8f78db48cfeb50d683 Mon Sep 17 00:00:00 2001 From: Stephen Baldwin Date: Thu, 20 Nov 2014 15:16:46 -0500 Subject: [PATCH 0656/1473] Ability to load modules in specific order Allow modules to be inserted at set positions --- lib/devise.rb | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 5a6fa9dbd0..6bb89844f2 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -348,6 +348,7 @@ def self.add_mapping(resource, options) # +controller+ - Symbol representing the name of an existing or custom *controller* for this module. # +route+ - Symbol representing the named *route* helper for this module. # +strategy+ - Symbol representing if this module got a custom *strategy*. + # +insert_at+ - Integer representing the order in which this module's model will be included # # All values, except :model, accept also a boolean and will have the same name as the given module # name. @@ -357,10 +358,16 @@ def self.add_mapping(resource, options) # Devise.add_module(:party_module) # Devise.add_module(:party_module, strategy: true, controller: :sessions) # Devise.add_module(:party_module, model: 'party_module/model') + # Devise.add_module(:party_module, insert_at: 0) # def self.add_module(module_name, options = {}) - ALL << module_name - options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input) + options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input, :insert_at) + + if insert_at = options[:insert_at] + ALL.insert insert_at, module_name + else + ALL << module_name + end if strategy = options[:strategy] strategy = (strategy == true ? module_name : strategy) From 06e0f8adca227eb170a95e9dac25c3e907e8b3ad Mon Sep 17 00:00:00 2001 From: Stephen Baldwin Date: Thu, 20 Nov 2014 16:01:21 -0500 Subject: [PATCH 0657/1473] Update devise.rb --- lib/devise.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 6bb89844f2..3be7f325bc 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -363,11 +363,7 @@ def self.add_mapping(resource, options) def self.add_module(module_name, options = {}) options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input, :insert_at) - if insert_at = options[:insert_at] - ALL.insert insert_at, module_name - else - ALL << module_name - end + ALL.insert (options[:insert_at] || -1), module_name if strategy = options[:strategy] strategy = (strategy == true ? module_name : strategy) From ae00e0bb208085f4d0ef5a4215fe601b7589968b Mon Sep 17 00:00:00 2001 From: Rodrigo Rosenfeld Rosas Date: Fri, 21 Nov 2014 17:33:58 -0200 Subject: [PATCH 0658/1473] Remove old references to removed remember_across_browsers option --- lib/devise/models/rememberable.rb | 2 +- test/rails_app/config/initializers/devise.rb | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 2f75290bc9..e016fd78b3 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -46,7 +46,7 @@ def self.required_fields(klass) end # Generate a new remember token and save the record without validations - # unless remember_across_browsers is true and the user already has a valid token. + # if remember expired (token is no longer valid) or extend_remember_period is true def remember_me!(extend_period=false) self.remember_token = self.class.remember_token if generate_remember_token? self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period) diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 9be1e9a1e9..ef9a556b34 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -83,9 +83,6 @@ # The time the user will be remembered without asking for credentials again. # config.remember_for = 2.weeks - # If true, a valid remember token can be re-used between multiple browsers. - # config.remember_across_browsers = true - # If true, extends the user's remember period when remembered via cookie. # config.extend_remember_period = false From 0e218d8a01d053c4e834b6b0c4c0796972940361 Mon Sep 17 00:00:00 2001 From: Irfan Ahmed Date: Tue, 25 Nov 2014 18:32:58 +0600 Subject: [PATCH 0659/1473] ensuse digested token for reset password token is valid --- test/models/recoverable_test.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index d4548ed844..ab08de3dfc 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -189,6 +189,12 @@ def setup assert_equal User.with_reset_password_token(raw), user end + test 'should return the same reset password token as generated' do + user = create_user + raw = user.send_reset_password_instructions + assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token + end + test 'should return nil if a user based on the raw token is not found' do assert_equal User.with_reset_password_token('random-token'), nil end From 640dd97149ae0e1e57c28453c72963799c16150b Mon Sep 17 00:00:00 2001 From: Jorge Gajon Date: Sun, 30 Nov 2014 22:56:44 -0600 Subject: [PATCH 0660/1473] Trivial doc text correction in authenticatable.rb --- lib/devise/models/authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 1b59049a07..5052a8d83b 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -37,7 +37,7 @@ module Models # calling model.active_for_authentication?. This method is overwritten by other devise modules. For instance, # :confirmable overwrites .active_for_authentication? to only return true if your model was confirmed. # - # You overwrite this method yourself, but if you do, don't forget to call super: + # You can overwrite this method yourself, but if you do, don't forget to call super: # # def active_for_authentication? # super && special_condition_is_valid? From 6fb466eb1e70c2aaa5d64f4cd464a26acfb671c0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 1 Dec 2014 10:18:00 -0200 Subject: [PATCH 0661/1473] Use Rails 4.2.0.rc1 --- Gemfile | 2 +- Gemfile.lock | 96 ++++++++++++++++++++++++++-------------------------- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/Gemfile b/Gemfile index 3eab620997..43869ec35a 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "4.2.0.beta2" +gem "rails", "4.2.0.rc1" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index f78f1b7a8c..e7a9eb9c16 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: f4f489e45adb0059fae6854d8a29ebb79cc6c8fd + revision: 90567eab72caa136bae6efcfcf61a6e929e9299c branch: master specs: mongoid (4.0.0) @@ -23,42 +23,42 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.0.beta2) - actionpack (= 4.2.0.beta2) - actionview (= 4.2.0.beta2) - activejob (= 4.2.0.beta2) + actionmailer (4.2.0.rc1) + actionpack (= 4.2.0.rc1) + actionview (= 4.2.0.rc1) + activejob (= 4.2.0.rc1) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.3) - actionpack (4.2.0.beta2) - actionview (= 4.2.0.beta2) - activesupport (= 4.2.0.beta2) - rack (~> 1.6.0.beta) + rails-dom-testing (~> 1.0, >= 1.0.5) + actionpack (4.2.0.rc1) + actionview (= 4.2.0.rc1) + activesupport (= 4.2.0.rc1) + rack (~> 1.6.0.beta2) rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.3) + rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.0.beta2) - activesupport (= 4.2.0.beta2) + actionview (4.2.0.rc1) + activesupport (= 4.2.0.rc1) builder (~> 3.1) erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.3) + rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.0.beta2) - activesupport (= 4.2.0.beta2) + activejob (4.2.0.rc1) + activesupport (= 4.2.0.rc1) globalid (>= 0.3.0) - activemodel (4.2.0.beta2) - activesupport (= 4.2.0.beta2) + activemodel (4.2.0.rc1) + activesupport (= 4.2.0.rc1) builder (~> 3.1) - activerecord (4.2.0.beta2) - activemodel (= 4.2.0.beta2) - activesupport (= 4.2.0.beta2) - arel (>= 6.0.0.beta1, < 6.1) - activesupport (4.2.0.beta2) + activerecord (4.2.0.rc1) + activemodel (= 4.2.0.rc1) + activesupport (= 4.2.0.rc1) + arel (~> 6.0) + activesupport (4.2.0.rc1) i18n (>= 0.7.0.beta1, < 0.8) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - arel (6.0.0.beta2) + arel (6.0.0) bcrypt (3.1.9) bson (2.3.0) builder (3.2.2) @@ -68,11 +68,11 @@ GEM multipart-post (>= 1.2, < 3) globalid (0.3.0) activesupport (>= 4.1.0) - hashie (3.3.1) + hashie (3.3.2) hike (1.2.3) i18n (0.7.0.beta1) json (1.8.1) - jwt (1.0.0) + jwt (1.2.0) loofah (2.0.1) nokogiri (>= 1.5.9) mail (2.6.3) @@ -90,7 +90,7 @@ GEM multi_json (1.10.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.4.1) + nokogiri (1.6.5) mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -114,37 +114,37 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - rack (1.6.0.beta) + rack (1.6.0.beta2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.2.0.beta2) - actionmailer (= 4.2.0.beta2) - actionpack (= 4.2.0.beta2) - actionview (= 4.2.0.beta2) - activejob (= 4.2.0.beta2) - activemodel (= 4.2.0.beta2) - activerecord (= 4.2.0.beta2) - activesupport (= 4.2.0.beta2) + rails (4.2.0.rc1) + actionmailer (= 4.2.0.rc1) + actionpack (= 4.2.0.rc1) + actionview (= 4.2.0.rc1) + activejob (= 4.2.0.rc1) + activemodel (= 4.2.0.rc1) + activerecord (= 4.2.0.rc1) + activesupport (= 4.2.0.rc1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0.beta2) - sprockets-rails (~> 3.0.0.beta1) + railties (= 4.2.0.rc1) + sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.4) + rails-dom-testing (1.0.5) activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.1) loofah (~> 2.0) - railties (4.2.0.beta2) - actionpack (= 4.2.0.beta2) - activesupport (= 4.2.0.beta2) + railties (4.2.0.rc1) + actionpack (= 4.2.0.rc1) + activesupport (= 4.2.0.rc1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.3.2) + rake (10.4.0) rdoc (4.1.2) json (~> 1.4) responders (2.0.2) @@ -155,10 +155,10 @@ GEM multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (3.0.0.beta1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (~> 2.8) + sprockets-rails (2.2.2) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (>= 2.8, < 4.0) sqlite3 (1.3.10) thor (0.19.1) thread_safe (0.3.4) @@ -186,7 +186,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (= 4.2.0.beta2) + rails (= 4.2.0.rc1) rdoc sqlite3 webrat (= 0.7.3) From cb89e4435c41baa5a50ab389efb0be0f1f8db1d6 Mon Sep 17 00:00:00 2001 From: Brent Wheeldon Date: Mon, 17 Nov 2014 14:44:15 -0500 Subject: [PATCH 0662/1473] Only set token back if password reset fails. This prevents the digested version of the token being saved when a reset is successful. --- lib/devise/models/recoverable.rb | 2 +- test/models/recoverable_test.rb | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index fa74f25dd0..f5acfce212 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -146,7 +146,7 @@ def reset_password_by_token(attributes={}) end end - recoverable.reset_password_token = original_token + recoverable.reset_password_token = original_token if recoverable.reset_password_token.present? recoverable end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index ab08de3dfc..95534d826c 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -135,6 +135,7 @@ def setup reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '') assert_not reset_password_user.errors.empty? assert_match "can't be blank", reset_password_user.errors[:password].join + assert_equal raw, reset_password_user.reset_password_token end test 'should reset successfully user password given the new password and confirmation' do @@ -142,15 +143,17 @@ def setup old_password = user.password raw = user.send_reset_password_instructions - User.reset_password_by_token( + reset_password_user = User.reset_password_by_token( reset_password_token: raw, password: 'new_password', password_confirmation: 'new_password' ) - user.reload + assert_nil reset_password_user.reset_password_token + user.reload assert_not user.valid_password?(old_password) assert user.valid_password?('new_password') + assert_nil user.reset_password_token end test 'should not reset password after reset_password_within time' do From 0522b1eb46bdda1b9542657560bb42fa4ae47a3d Mon Sep 17 00:00:00 2001 From: psgs Date: Tue, 2 Dec 2014 11:41:11 +1000 Subject: [PATCH 0663/1473] Improve README.md flow Improve the way in which the README.md file flows when read. --- README.md | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 2dd4730273..5c0b721591 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It: * Is Rack based; * Is a complete MVC solution based on Rails engines; * Allows you to have multiple models signed in at the same time; -* Is based on a modularity concept: use just what you really need. +* Is based on a modularity concept: use only what you really need. It's composed of 10 modules: @@ -24,7 +24,7 @@ It's composed of 10 modules: * [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. * [Rememberable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. * [Trackable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have no activity in a specified period of time. +* [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. @@ -44,7 +44,7 @@ If you discover a problem with Devise, we would like to know about it. However, https://github.com/plataformatec/devise/wiki/Bug-reports -If you found a security bug, do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br. +If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br. ### Mailing list @@ -82,12 +82,12 @@ You will usually want to write tests for your changes. To run the test suite, g ## Starting with Rails? -If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources: +If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today we have two resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch -Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :) +Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: ## Getting started @@ -105,7 +105,7 @@ After you install Devise and add it to your Gemfile, you need to run the generat rails generate devise:install ``` -The generator will install an initializer which describes ALL Devise's configuration options and you MUST take a look at it. When you are done, you are ready to add Devise to any of your models using the generator: +The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator: ```console rails generate devise MODEL @@ -121,7 +121,7 @@ Next, you need to set up the default URL options for the Devise mailer in each e config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } ``` -You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined. +You should restart your application after changing Devise's configuration options. Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined. ### Controller filters and helpers @@ -151,7 +151,7 @@ You can access the session for this scope: user_session ``` -After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. For instance, for a `:user` resource, the `user_root_path` will be used if it exists, otherwise the default `root_path` will be used. This means that you need to set the root inside your routes: +After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect to. For instance, when using a `:user` resource, the `user_root_path` will be used if it exists; otherwise, the default `root_path` will be used. This means that you need to set the root inside your routes: ```ruby root to: "home#index" @@ -179,7 +179,7 @@ The Devise method in your models also accepts some options to configure its modu devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20 ``` -Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. +Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. This file is usually located at `/config/initializers/devise.rb`. ### Strong Parameters @@ -191,7 +191,7 @@ There are just three actions in Devise that allows any set of parameters to be p * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` * `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password` -In case you want to permit additional parameters (the lazy way™) you can do with a simple before filter in your `ApplicationController`: +In case you want to permit additional parameters (the lazy way™), you can do so using a simple before filter in your `ApplicationController`: ```ruby class ApplicationController < ActionController::Base @@ -215,7 +215,7 @@ def configure_permitted_parameters end ``` -If you have some checkboxes that express the roles a user may take on registration, the browser will send those selected checkboxes as an array. An array is not one of Strong Parameters permitted scalars, so we need to configure Devise thusly: +If you have some checkboxes that express the roles a user may take on registration, the browser will send those selected checkboxes as an array. An array is not one of Strong Parameters' permitted scalars, so we need to configure Devise in the following way: ```ruby def configure_permitted_parameters @@ -226,7 +226,7 @@ For the list of permitted scalars, and how to declare permitted keys in nested h https://github.com/rails/strong_parameters#nested-parameters -If you have multiple Devise models, you may want to set up different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic: +If you have multiple Devise models, you may want to set up a different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and adding your own logic: ```ruby class User::ParameterSanitizer < Devise::ParameterSanitizer @@ -272,7 +272,7 @@ After doing so, you will be able to have views based on the role like `users/ses rails generate devise:views users ``` -If you want to generate only a few set of views, like the ones for the `registrable` and `confirmable` module, +If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module, you can pass a list of modules to the generator with the `-v` flag. ```console @@ -336,7 +336,7 @@ If the customization at the views level is not enough, you can customize each co This is useful for triggering background jobs or logging events during certain actions. -Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `flash[:notice]` and `flash[:alert]` as appropriate. Do not print the entire flash hash, print only specific keys. In some circumstances, Devise adds a `:timedout` key to the flash hash, which is not meant for display. Remove this key from the hash if you intend to print the entire hash. +Remember that Devise uses flash messages to let users know if sign in was successful or unsuccessful. Devise expects your application to call `flash[:notice]` and `flash[:alert]` as appropriate. Do not print the entire flash hash, print only specific keys. In some circumstances, Devise adds a `:timedout` key to the flash hash, which is not meant for display. Remove this key from the hash if you intend to print the entire hash. ### Configuring routes @@ -356,11 +356,11 @@ devise_scope :user do end ``` -This way you tell Devise to use the scope `:user` when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router. +This way, you tell Devise to use the scope `:user` when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router. ### I18n -Devise uses flash messages with I18n with the flash keys :notice and :alert. To customize your app, you can set up your locale file: +Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file: ```yaml en: @@ -398,7 +398,7 @@ Take a look at our locale file to check all available messages. You may also be https://github.com/plataformatec/devise/wiki/I18n -Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController +Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController. ### Test helpers @@ -432,7 +432,7 @@ There are two things that are important to keep in mind: 1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session; -2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do: +2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use: ```ruby @request.env["devise.mapping"] = Devise.mappings[:user] @@ -441,7 +441,7 @@ There are two things that are important to keep in mind: ### OmniAuth -Devise comes with OmniAuth support out of the box to authenticate with other providers. To use it, just specify your OmniAuth configuration in `config/initializers/devise.rb`: +Devise comes with OmniAuth support out of the box to authenticate with other providers. To use it, simply specify your OmniAuth configuration in `config/initializers/devise.rb`: ```ruby config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' @@ -480,12 +480,12 @@ admin_session Alternatively, you can simply run the Devise generator. -Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using a dedicated gem for authorization. +Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend that you use a role-based approach, by either providing a role column or using a dedicated gem for authorization. ### ActiveJob Integration If you are using Rails 4.2 and ActiveJob to deliver ActionMailer messages in the -background through a queueing backend, you can send Devise emails through your +background through a queuing back-end, you can send Devise emails through your existing queue by overriding the `send_devise_notification` method in your model. ```ruby @@ -496,7 +496,7 @@ end ### Other ORMs -Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file. +Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simply require it in the initializer file. ## Additional information @@ -526,4 +526,4 @@ https://github.com/plataformatec/devise/graphs/contributors MIT License. Copyright 2009-2014 Plataformatec. http://plataformatec.com.br -You are not granted rights or licenses to the trademarks of the Plataformatec, including without limitation the Devise name or logo. +You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. From 13c2d4e807252015add033a49b55af8548357460 Mon Sep 17 00:00:00 2001 From: Prathamesh Sonpatki Date: Fri, 12 Dec 2014 09:25:25 +0530 Subject: [PATCH 0664/1473] Fix description of find_or_initialize_with_error methods [ci skip] --- lib/devise/models/authenticatable.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 5052a8d83b..097b818cc1 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -252,12 +252,12 @@ def find_first_by_auth_conditions(tainted_conditions, opts={}) to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts)) end - # Find an initialize a record setting an error if it can't be found. + # Find or initialize a record setting an error if it can't be found. def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc: find_or_initialize_with_errors([attribute], { attribute => value }, error) end - # Find an initialize a group of attributes based on a list of required attributes. + # Find or initialize a record with group of attributes based on a list of required attributes. def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc: attributes = attributes.slice(*required_attributes).with_indifferent_access attributes.delete_if { |key, value| value.blank? } From 607bf7067463a19b733bbc6db335b2336718e19a Mon Sep 17 00:00:00 2001 From: Katee Date: Mon, 15 Dec 2014 19:52:58 -0500 Subject: [PATCH 0665/1473] Shows min password length on edit password view. --- app/controllers/devise/passwords_controller.rb | 4 ++++ app/views/devise/passwords/edit.html.erb | 3 +++ .../templates/simple_form_for/passwords/edit.html.erb | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index d88ebdb69f..ee238b780d 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -23,6 +23,10 @@ def create # GET /resource/password/edit?reset_password_token=abcdef def edit self.resource = resource_class.new + @validatable = devise_mapping.validatable? + if @validatable + @minimum_password_length = resource_class.password_length.min + end resource.reset_password_token = params[:reset_password_token] end diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 1b2ff26a56..a2ce2f5b32 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -6,6 +6,9 @@
<%= f.label :password, "New password" %>
+ <% if @validatable %> + (<%= @minimum_password_length %> characters minimum) + <% end %>
<%= f.password_field :password, autofocus: true, autocomplete: "off" %>
diff --git a/lib/generators/templates/simple_form_for/passwords/edit.html.erb b/lib/generators/templates/simple_form_for/passwords/edit.html.erb index 8f995edc49..b51f1a06ee 100644 --- a/lib/generators/templates/simple_form_for/passwords/edit.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/edit.html.erb @@ -7,7 +7,7 @@ <%= f.full_error :reset_password_token %>
- <%= f.input :password, label: "New password", required: true, autofocus: true %> + <%= f.input :password, label: "New password", required: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %> <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
From 5e12b158d1c5f504df293d7cb0dfcbb65346889e Mon Sep 17 00:00:00 2001 From: Katee Date: Mon, 15 Dec 2014 20:05:46 -0500 Subject: [PATCH 0666/1473] Fixes accidentally removed autofocus. --- .../templates/simple_form_for/passwords/edit.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/simple_form_for/passwords/edit.html.erb b/lib/generators/templates/simple_form_for/passwords/edit.html.erb index b51f1a06ee..9050032478 100644 --- a/lib/generators/templates/simple_form_for/passwords/edit.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/edit.html.erb @@ -7,7 +7,7 @@ <%= f.full_error :reset_password_token %>
- <%= f.input :password, label: "New password", required: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %> + <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %> <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
From 2c8e242000921910077951ecce538a21e802c59d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 16 Dec 2014 11:03:26 -0200 Subject: [PATCH 0667/1473] Use Rails 4.2.0.rc3. --- Gemfile | 2 +- Gemfile.lock | 64 ++++++++++++++++++++++++++-------------------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/Gemfile b/Gemfile index 43869ec35a..56b744a096 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "4.2.0.rc1" +gem "rails", "4.2.0.rc3" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index e7a9eb9c16..de6ecba7f2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -23,36 +23,36 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.0.rc1) - actionpack (= 4.2.0.rc1) - actionview (= 4.2.0.rc1) - activejob (= 4.2.0.rc1) + actionmailer (4.2.0.rc3) + actionpack (= 4.2.0.rc3) + actionview (= 4.2.0.rc3) + activejob (= 4.2.0.rc3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.0.rc1) - actionview (= 4.2.0.rc1) - activesupport (= 4.2.0.rc1) + actionpack (4.2.0.rc3) + actionview (= 4.2.0.rc3) + activesupport (= 4.2.0.rc3) rack (~> 1.6.0.beta2) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.0.rc1) - activesupport (= 4.2.0.rc1) + actionview (4.2.0.rc3) + activesupport (= 4.2.0.rc3) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.0.rc1) - activesupport (= 4.2.0.rc1) + activejob (4.2.0.rc3) + activesupport (= 4.2.0.rc3) globalid (>= 0.3.0) - activemodel (4.2.0.rc1) - activesupport (= 4.2.0.rc1) + activemodel (4.2.0.rc3) + activesupport (= 4.2.0.rc3) builder (~> 3.1) - activerecord (4.2.0.rc1) - activemodel (= 4.2.0.rc1) - activesupport (= 4.2.0.rc1) + activerecord (4.2.0.rc3) + activemodel (= 4.2.0.rc3) + activesupport (= 4.2.0.rc3) arel (~> 6.0) - activesupport (4.2.0.rc1) + activesupport (4.2.0.rc3) i18n (>= 0.7.0.beta1, < 0.8) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -80,7 +80,7 @@ GEM metaclass (0.0.4) mime-types (2.4.3) mini_portile (0.6.1) - minitest (5.4.3) + minitest (5.5.0) mocha (1.1.0) metaclass (~> 0.0.1) moped (2.0.2) @@ -120,16 +120,16 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.2.0.rc1) - actionmailer (= 4.2.0.rc1) - actionpack (= 4.2.0.rc1) - actionview (= 4.2.0.rc1) - activejob (= 4.2.0.rc1) - activemodel (= 4.2.0.rc1) - activerecord (= 4.2.0.rc1) - activesupport (= 4.2.0.rc1) + rails (4.2.0.rc3) + actionmailer (= 4.2.0.rc3) + actionpack (= 4.2.0.rc3) + actionview (= 4.2.0.rc3) + activejob (= 4.2.0.rc3) + activemodel (= 4.2.0.rc3) + activerecord (= 4.2.0.rc3) + activesupport (= 4.2.0.rc3) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0.rc1) + railties (= 4.2.0.rc3) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) @@ -139,12 +139,12 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.1) loofah (~> 2.0) - railties (4.2.0.rc1) - actionpack (= 4.2.0.rc1) - activesupport (= 4.2.0.rc1) + railties (4.2.0.rc3) + actionpack (= 4.2.0.rc3) + activesupport (= 4.2.0.rc3) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.0) + rake (10.4.2) rdoc (4.1.2) json (~> 1.4) responders (2.0.2) @@ -186,7 +186,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (= 4.2.0.rc1) + rails (= 4.2.0.rc3) rdoc sqlite3 webrat (= 0.7.3) From d0a30d485d89083bf4cb882b196cbacd925bf314 Mon Sep 17 00:00:00 2001 From: Katee Date: Tue, 16 Dec 2014 16:14:32 -0500 Subject: [PATCH 0668/1473] Moves minimum_password_length to DeviseController. --- app/controllers/devise/passwords_controller.rb | 5 +---- app/controllers/devise/registrations_controller.rb | 10 ++-------- app/controllers/devise_controller.rb | 8 ++++++++ 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index ee238b780d..5e3d328524 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -23,10 +23,7 @@ def create # GET /resource/password/edit?reset_password_token=abcdef def edit self.resource = resource_class.new - @validatable = devise_mapping.validatable? - if @validatable - @minimum_password_length = resource_class.password_length.min - end + set_minimum_password_length resource.reset_password_token = params[:reset_password_token] end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index df65aa24bd..b66b4af844 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -5,10 +5,7 @@ class Devise::RegistrationsController < DeviseController # GET /resource/sign_up def new build_resource({}) - @validatable = devise_mapping.validatable? - if @validatable - @minimum_password_length = resource_class.password_length.min - end + set_minimum_password_length yield resource if block_given? respond_with self.resource end @@ -31,10 +28,7 @@ def create end else clean_up_passwords resource - @validatable = devise_mapping.validatable? - if @validatable - @minimum_password_length = resource_class.password_length.min - end + set_minimum_password_length respond_with resource end end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 722170ca9a..4ab8d57073 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -154,6 +154,14 @@ def set_flash_message(key, kind, options = {}) end end + # Sets minimum password length to show to user + def set_minimum_password_length + @validatable = devise_mapping.validatable? + if @validatable + @minimum_password_length = resource_class.password_length.min + end + end + def devise_i18n_options(options) options end From 5c5200b5d99abc727e9bcb41ef7e08d81713c67e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 27 Dec 2014 11:15:08 -0200 Subject: [PATCH 0669/1473] Update dependencies with the released 4.2.0 --- Gemfile | 2 +- Gemfile.lock | 75 ++++++++++++++++++++++++++-------------------------- 2 files changed, 38 insertions(+), 39 deletions(-) diff --git a/Gemfile b/Gemfile index 56b744a096..43ada899a7 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "4.2.0.rc3" +gem "rails", "4.2.0" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index de6ecba7f2..df08756bba 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 90567eab72caa136bae6efcfcf61a6e929e9299c + revision: a4365d7ecfa8221bfcf36a4e7ce7993142fc5940 branch: master specs: mongoid (4.0.0) @@ -23,40 +23,40 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.0.rc3) - actionpack (= 4.2.0.rc3) - actionview (= 4.2.0.rc3) - activejob (= 4.2.0.rc3) + actionmailer (4.2.0) + actionpack (= 4.2.0) + actionview (= 4.2.0) + activejob (= 4.2.0) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.0.rc3) - actionview (= 4.2.0.rc3) - activesupport (= 4.2.0.rc3) - rack (~> 1.6.0.beta2) + actionpack (4.2.0) + actionview (= 4.2.0) + activesupport (= 4.2.0) + rack (~> 1.6.0) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.0.rc3) - activesupport (= 4.2.0.rc3) + actionview (4.2.0) + activesupport (= 4.2.0) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.0.rc3) - activesupport (= 4.2.0.rc3) + activejob (4.2.0) + activesupport (= 4.2.0) globalid (>= 0.3.0) - activemodel (4.2.0.rc3) - activesupport (= 4.2.0.rc3) + activemodel (4.2.0) + activesupport (= 4.2.0) builder (~> 3.1) - activerecord (4.2.0.rc3) - activemodel (= 4.2.0.rc3) - activesupport (= 4.2.0.rc3) + activerecord (4.2.0) + activemodel (= 4.2.0) + activesupport (= 4.2.0) arel (~> 6.0) - activesupport (4.2.0.rc3) - i18n (>= 0.7.0.beta1, < 0.8) + activesupport (4.2.0) + i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) - thread_safe (~> 0.1) + thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) arel (6.0.0) bcrypt (3.1.9) @@ -70,7 +70,7 @@ GEM activesupport (>= 4.1.0) hashie (3.3.2) hike (1.2.3) - i18n (0.7.0.beta1) + i18n (0.7.0) json (1.8.1) jwt (1.2.0) loofah (2.0.1) @@ -114,22 +114,22 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - rack (1.6.0.beta2) + rack (1.6.0) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rails (4.2.0.rc3) - actionmailer (= 4.2.0.rc3) - actionpack (= 4.2.0.rc3) - actionview (= 4.2.0.rc3) - activejob (= 4.2.0.rc3) - activemodel (= 4.2.0.rc3) - activerecord (= 4.2.0.rc3) - activesupport (= 4.2.0.rc3) + rails (4.2.0) + actionmailer (= 4.2.0) + actionpack (= 4.2.0) + actionview (= 4.2.0) + activejob (= 4.2.0) + activemodel (= 4.2.0) + activerecord (= 4.2.0) + activesupport (= 4.2.0) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0.rc3) + railties (= 4.2.0) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) @@ -139,14 +139,13 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.1) loofah (~> 2.0) - railties (4.2.0.rc3) - actionpack (= 4.2.0.rc3) - activesupport (= 4.2.0.rc3) + railties (4.2.0) + actionpack (= 4.2.0) + activesupport (= 4.2.0) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.4.2) - rdoc (4.1.2) - json (~> 1.4) + rdoc (4.2.0) responders (2.0.2) railties (>= 4.2.0.alpha, < 5) ruby-openid (2.6.0) @@ -186,7 +185,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (= 4.2.0.rc3) + rails (= 4.2.0) rdoc sqlite3 webrat (= 0.7.3) From bebf0ecbbe4982d8a02097680ffa2eb1d3242dce Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 27 Dec 2014 11:22:40 -0200 Subject: [PATCH 0670/1473] Simplify the logic to display the minimum password length hint There's no real need to pass 2 variables to the view to figure that out, we can simply display the message relying on whether or not the `@minimum_password_length` variable is present. --- CHANGELOG.md | 3 +++ app/controllers/devise_controller.rb | 3 +-- app/views/devise/passwords/edit.html.erb | 2 +- app/views/devise/registrations/new.html.erb | 2 +- .../templates/simple_form_for/passwords/edit.html.erb | 2 +- .../templates/simple_form_for/registrations/new.html.erb | 2 +- 6 files changed, 8 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d774d442d1..3922151984 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ ### Unreleased * enhancements + * The hint about minimum password length required both `@validatable` and `@minimum_password_length` + variables on the views, it now uses only the latter. If you have generated the views + relying on the `@validatable` variable, replace it with `@minimum_password_length`. * Added an ActiveSupport load hook for `:devise_controller` (by @nakhli) * Location fragments are now preserved between requests (by @jbourassa) * Added an `after_remembered` callback for the Rememerable module (by @BM5k) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 4ab8d57073..589bd62333 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -156,8 +156,7 @@ def set_flash_message(key, kind, options = {}) # Sets minimum password length to show to user def set_minimum_password_length - @validatable = devise_mapping.validatable? - if @validatable + if devise_mapping.validatable? @minimum_password_length = resource_class.password_length.min end end diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index a2ce2f5b32..0ee12dd279 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -6,7 +6,7 @@
<%= f.label :password, "New password" %>
- <% if @validatable %> + <% if @minimum_password_length %> (<%= @minimum_password_length %> characters minimum) <% end %>
<%= f.password_field :password, autofocus: true, autocomplete: "off" %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 343b265620..5a238ce6eb 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -10,7 +10,7 @@
<%= f.label :password %> - <% if @validatable %> + <% if @minimum_password_length %> (<%= @minimum_password_length %> characters minimum) <% end %>
<%= f.password_field :password, autocomplete: "off" %> diff --git a/lib/generators/templates/simple_form_for/passwords/edit.html.erb b/lib/generators/templates/simple_form_for/passwords/edit.html.erb index 9050032478..a938930bf3 100644 --- a/lib/generators/templates/simple_form_for/passwords/edit.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/edit.html.erb @@ -7,7 +7,7 @@ <%= f.full_error :reset_password_token %>
- <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %> + <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
diff --git a/lib/generators/templates/simple_form_for/registrations/new.html.erb b/lib/generators/templates/simple_form_for/registrations/new.html.erb index 4ea8fb9589..34b4279e52 100644 --- a/lib/generators/templates/simple_form_for/registrations/new.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/new.html.erb @@ -5,7 +5,7 @@
<%= f.input :email, required: true, autofocus: true %> - <%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %> + <%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> <%= f.input :password_confirmation, required: true %>
From bb05314c8f800ff76c9aff4b8a7dd7abf914ab5c Mon Sep 17 00:00:00 2001 From: Juanito Fatas Date: Sat, 27 Dec 2014 16:05:43 +0800 Subject: [PATCH 0671/1473] Test against Ruby 2.2 on Travis. * Add 4.2 stable to matrix. * Exclude test against Ruby 2.2 for Rails 3.2. --- .travis.yml | 7 + gemfiles/Gemfile.rails-4.2-stable | 29 ++++ gemfiles/Gemfile.rails-4.2-stable.lock | 191 +++++++++++++++++++++++++ 3 files changed, 227 insertions(+) create mode 100644 gemfiles/Gemfile.rails-4.2-stable create mode 100644 gemfiles/Gemfile.rails-4.2-stable.lock diff --git a/.travis.yml b/.travis.yml index 852bf1ac63..d357f84244 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,13 +4,20 @@ rvm: - 1.9.3 - 2.0.0 - 2.1 + - 2.2 gemfile: + - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable - gemfiles/Gemfile.rails-4.0-stable - gemfiles/Gemfile.rails-3.2-stable - Gemfile +matrix: + exclude: + - rvm: 2.2 + gemfile: gemfiles/Gemfile.rails-3.2-stable + services: - mongodb diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable new file mode 100644 index 0000000000..972e2f10be --- /dev/null +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -0,0 +1,29 @@ +source "https://rubygems.org" + +gemspec path: '..' + +gem "rails", github: 'rails/rails', branch: '4-2-stable' +gem "omniauth", "~> 1.2.2" +gem "omniauth-oauth2", "~> 1.2.0" +gem "rdoc" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid", "~> 1.0.1" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :jruby do + gem "activerecord-jdbc-adapter" + gem "activerecord-jdbcsqlite3-adapter" + gem "jruby-openssl" +end + +platforms :ruby do + gem "sqlite3" +end + +group :mongoid do + gem "mongoid", "~> 4.0.0" +end diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock new file mode 100644 index 0000000000..2729f03f9e --- /dev/null +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -0,0 +1,191 @@ +GIT + remote: git://github.com/rails/rails.git + revision: 3a388cb26b143294c42d2cc0e44ca212065175ad + branch: 4-2-stable + specs: + actionmailer (4.2.0) + actionpack (= 4.2.0) + actionview (= 4.2.0) + activejob (= 4.2.0) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 1.0, >= 1.0.5) + actionpack (4.2.0) + actionview (= 4.2.0) + activesupport (= 4.2.0) + rack (~> 1.6.0) + rack-test (~> 0.6.2) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.1) + actionview (4.2.0) + activesupport (= 4.2.0) + builder (~> 3.1) + erubis (~> 2.7.0) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.1) + activejob (4.2.0) + activesupport (= 4.2.0) + globalid (>= 0.3.0) + activemodel (4.2.0) + activesupport (= 4.2.0) + builder (~> 3.1) + activerecord (4.2.0) + activemodel (= 4.2.0) + activesupport (= 4.2.0) + arel (~> 6.0) + activesupport (4.2.0) + i18n (~> 0.7) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) + thread_safe (~> 0.3, >= 0.3.4) + tzinfo (~> 1.1) + rails (4.2.0) + actionmailer (= 4.2.0) + actionpack (= 4.2.0) + actionview (= 4.2.0) + activejob (= 4.2.0) + activemodel (= 4.2.0) + activerecord (= 4.2.0) + activesupport (= 4.2.0) + bundler (>= 1.3.0, < 2.0) + railties (= 4.2.0) + sprockets-rails + railties (4.2.0) + actionpack (= 4.2.0) + activesupport (= 4.2.0) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + +PATH + remote: . + specs: + devise (3.4.1) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + responders + thread_safe (~> 0.1) + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + arel (6.0.0) + bcrypt (3.1.9) + bson (2.3.0) + builder (3.2.2) + connection_pool (2.1.0) + erubis (2.7.0) + faraday (0.9.0) + multipart-post (>= 1.2, < 3) + globalid (0.3.0) + activesupport (>= 4.1.0) + hashie (3.3.2) + hike (1.2.3) + i18n (0.7.0) + json (1.8.1) + jwt (1.2.0) + loofah (2.0.1) + nokogiri (>= 1.5.9) + mail (2.6.3) + mime-types (>= 1.16, < 3) + metaclass (0.0.4) + mime-types (2.4.3) + mini_portile (0.6.1) + minitest (5.5.0) + mocha (1.1.0) + metaclass (~> 0.0.1) + mongoid (4.0.0) + activemodel (~> 4.0) + moped (~> 2.0.0) + origin (~> 2.1) + tzinfo (>= 0.3.37) + moped (2.0.2) + bson (~> 2.2) + connection_pool (~> 2.0) + optionable (~> 0.2.0) + multi_json (1.10.1) + multi_xml (0.5.5) + multipart-post (2.0.0) + nokogiri (1.6.5) + mini_portile (~> 0.6.0) + oauth2 (1.0.0) + faraday (>= 0.8, < 0.10) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (~> 1.2) + omniauth (1.2.2) + hashie (>= 1.2, < 4) + rack (~> 1.0) + omniauth-facebook (2.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.2.0) + faraday (>= 0.8, < 0.10) + multi_json (~> 1.3) + oauth2 (~> 1.0) + omniauth (~> 1.2) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + optionable (0.2.0) + origin (2.1.1) + orm_adapter (0.5.0) + rack (1.6.0) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (0.6.2) + rack (>= 1.0) + rails-deprecated_sanitizer (1.0.3) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.5) + activesupport (>= 4.2.0.beta, < 5.0) + nokogiri (~> 1.6.0) + rails-deprecated_sanitizer (>= 1.0.1) + rails-html-sanitizer (1.0.1) + loofah (~> 2.0) + rake (10.4.2) + rdoc (4.2.0) + responders (2.0.2) + railties (>= 4.2.0.alpha, < 5) + ruby-openid (2.6.0) + sprockets (2.12.3) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.2.2) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (>= 2.8, < 4.0) + sqlite3 (1.3.10) + thor (0.19.1) + thread_safe (0.3.4) + tilt (1.4.1) + tzinfo (1.2.2) + thread_safe (~> 0.1) + warden (1.2.3) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + +PLATFORMS + ruby + +DEPENDENCIES + activerecord-jdbc-adapter + activerecord-jdbcsqlite3-adapter + devise! + jruby-openssl + mocha + mongoid + omniauth + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails! + rdoc + sqlite3 + webrat From b2a66732cf4a1b06f31a25371822364a60e25111 Mon Sep 17 00:00:00 2001 From: Juanito Fatas Date: Wed, 31 Dec 2014 11:35:18 +0800 Subject: [PATCH 0672/1473] Suppress test.rb config warning for Rails 4.2. --- test/rails_app/config/environments/test.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index b9feca8831..536b4f0908 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -12,8 +12,13 @@ # preloads Rails for running tests, you may have to set it to true. config.eager_load = false - # Configure static asset server for tests with Cache-Control for performance. - config.serve_static_assets = true + # Disable serving static files from the `/public` folder by default since + # Apache or NGINX already handles this. + if Rails.version >= "4.2.0" + config.serve_static_files = true + else + config.serve_static_assets = true + end config.static_cache_control = "public, max-age=3600" # Show full error reports and disable caching. From 8d9dd50e4aaad2ce6dcf7bb1fafb0d1d2c85bf44 Mon Sep 17 00:00:00 2001 From: Eugene Kenny Date: Mon, 5 Jan 2015 00:34:54 +0000 Subject: [PATCH 0673/1473] Allow warden proxy to change with request in tests The warden method in the Devise::TestHelpers module adds a Warden proxy object to the request environment hash under the 'warden' key. Including this module in your test case registers that method as a callback, which runs before every test: https://github.com/plataformatec/devise/blob/v3.4.1/lib/devise/test_helpers.rb#L12 The request object itself is created in a callback added by Rails: https://github.com/rails/rails/blob/v4.2.0/actionpack/lib/action_controller/test_case.rb#L687 So before each test runs, the Rails callback creates the request object, and then the Devise callback adds a Warden proxy object to it. I was using the rspec-retry gem (https://github.com/y310/rspec-retry), and noticed that my controller specs would always fail whenever they were retried with this error: NoMethodError: undefined method `authenticate!' for nil:NilClass When rspec-retry re-runs a failed test, it runs the setup callbacks again. The Rails callback creates a new request object, but because of the memoization that was here before, the Devise callback wouldn't add a Warden proxy to it, which was causing the error. With this change, the Warden setup code will still only run once as long as the request object stays the same, but if it changes a new Warden proxy will be added to the new request object. --- lib/devise/test_helpers.rb | 4 ++-- test/test_helpers_test.rb | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index 65adb60223..58fde3df62 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -26,11 +26,11 @@ def setup_controller_for_warden #:nodoc: # Quick access to Warden::Proxy. def warden #:nodoc: - @warden ||= begin + @request.env['warden'] ||= begin manager = Warden::Manager.new(nil) do |config| config.merge! Devise.warden_config end - @request.env['warden'] = Warden::Proxy.new(@request.env, manager) + Warden::Proxy.new(@request.env, manager) end end diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index fd1a202893..847258abe3 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -160,4 +160,19 @@ def respond get :index assert_match /User ##{second_user.id}/, @response.body end + + test "creates a new warden proxy if the request object has changed" do + old_warden_proxy = warden + @request = ActionController::TestRequest.new + new_warden_proxy = warden + + assert_not_equal old_warden_proxy, new_warden_proxy + end + + test "doesn't create a new warden proxy if the request object hasn't changed" do + old_warden_proxy = warden + new_warden_proxy = warden + + assert_equal old_warden_proxy, new_warden_proxy + end end From b223ddeb35d9ea13f3b3b3bc3eae86288c4c5f39 Mon Sep 17 00:00:00 2001 From: Mark Guk Date: Tue, 6 Jan 2015 18:05:38 +0300 Subject: [PATCH 0674/1473] Added devise.omniauth initializer explicit position requirements. It is obvious that this initializer should be executed before Rails build_middleware_stack as Omniauth is build on middleware. Also it is obvious that we need that initializer to be executed after all config/initializers/* files (that is where devise.rb usually is). --- lib/devise/rails.rb | 5 ++++- test/rails_test.rb | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 test/rails_test.rb diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 14de2375fc..d9d767afa2 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -17,7 +17,10 @@ class Engine < ::Rails::Engine Devise.include_helpers(Devise::Controllers) end - initializer "devise.omniauth" do |app| + initializer "devise.omniauth", + after: :load_config_initializers, + before: :build_middleware_stack do |app| + Devise.omniauth_configs.each do |provider, config| app.middleware.use config.strategy_class, *config.args do |strategy| config.strategy = strategy diff --git a/test/rails_test.rb b/test/rails_test.rb new file mode 100644 index 0000000000..ef91bd1dc9 --- /dev/null +++ b/test/rails_test.rb @@ -0,0 +1,9 @@ +require 'test_helper' + +class DeviseTest < ActiveSupport::TestCase + test 'correct initializer position' do + initializer = Devise::Engine.initializers.detect {|i| i.name == 'devise.omniauth' } + assert_equal :load_config_initializers, initializer.after + assert_equal :build_middleware_stack, initializer.before + end +end From d6972ab2640bdf4cfe6bee8f467686f61a8ddea9 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 6 Jan 2015 14:21:03 -0200 Subject: [PATCH 0675/1473] Tidy up * Fix test class name * No need for line breaks --- lib/devise/rails.rb | 5 +---- test/rails_test.rb | 8 ++++---- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index d9d767afa2..dbe972a8ed 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -17,10 +17,7 @@ class Engine < ::Rails::Engine Devise.include_helpers(Devise::Controllers) end - initializer "devise.omniauth", - after: :load_config_initializers, - before: :build_middleware_stack do |app| - + initializer "devise.omniauth", after: :load_config_initializers, before: :build_middleware_stack do |app| Devise.omniauth_configs.each do |provider, config| app.middleware.use config.strategy_class, *config.args do |strategy| config.strategy = strategy diff --git a/test/rails_test.rb b/test/rails_test.rb index ef91bd1dc9..65cba2ebfb 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -1,9 +1,9 @@ require 'test_helper' -class DeviseTest < ActiveSupport::TestCase +class RailsTest < ActiveSupport::TestCase test 'correct initializer position' do - initializer = Devise::Engine.initializers.detect {|i| i.name == 'devise.omniauth' } - assert_equal :load_config_initializers, initializer.after - assert_equal :build_middleware_stack, initializer.before + initializer = Devise::Engine.initializers.detect { |i| i.name == 'devise.omniauth' } + assert_equal :load_config_initializers, initializer.after + assert_equal :build_middleware_stack, initializer.before end end From c92ef26b94c5489a274ed84a961e00eed95006b4 Mon Sep 17 00:00:00 2001 From: Massimiliano Date: Tue, 6 Jan 2015 21:06:09 -0500 Subject: [PATCH 0676/1473] Update find_message to accept scope This should still keep the devise lookup in the case that a customed scope is not passed as option, but if instead the custom scope is passed, then the find_message method will use it. This is kind of useful, if i don't want overwrite the devise locale, and use different locale files, but keeping still the fallback of my devise locale. --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 589bd62333..66c799d46f 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -167,7 +167,7 @@ def devise_i18n_options(options) # Get message for given def find_message(kind, options = {}) - options[:scope] = "devise.#{controller_name}" + options[:scope] = "devise.#{controller_name}" unless options[:scope] options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name options = devise_i18n_options(options) From 6c5323c57424bfe72b502dd30888bbfec657f207 Mon Sep 17 00:00:00 2001 From: Massimiliano Date: Wed, 7 Jan 2015 14:46:02 -0500 Subject: [PATCH 0677/1473] Update devise_controller.rb --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 66c799d46f..91c6209fc1 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -167,7 +167,7 @@ def devise_i18n_options(options) # Get message for given def find_message(kind, options = {}) - options[:scope] = "devise.#{controller_name}" unless options[:scope] + options[:scope] ||= "devise.#{controller_name}" options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name options = devise_i18n_options(options) From 620478cc5f2127362cfe83f591f25bc80accba68 Mon Sep 17 00:00:00 2001 From: Nicolas Viennot Date: Sat, 10 Jan 2015 09:38:43 -0500 Subject: [PATCH 0678/1473] Revert "Better error message in case a trackable module can't be saved." This reverts commit 43d0715238e762e89cc465a441dd1bdffc0529e3. save() returns false only when validations failed. In this case, validations are not performed. Therefore save() may never return a falsy value. If save() fails, the appropriate exception is raised. With certain ORMs, such as NoBrainer, save() never returns true/false, but always raise an exception. This commit lift the incompatiblity. --- lib/devise/models/trackable.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index ae65c91479..a596523500 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -30,8 +30,7 @@ def update_tracked_fields(request) def update_tracked_fields!(request) update_tracked_fields(request) - save(validate: false) or raise "Devise trackable could not save #{inspect}." \ - "Please make sure a model using trackable can be saved at sign in." + save(validate: false) end end end From 5bb479052c43e7723a85b8057374880d591fc1e8 Mon Sep 17 00:00:00 2001 From: George Millo Date: Sun, 11 Jan 2015 15:10:44 +0000 Subject: [PATCH 0679/1473] Remove local variable from RegistrationsController --- app/controllers/devise/registrations_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index b66b4af844..4e21eb3f28 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -14,9 +14,9 @@ def new def create build_resource(sign_up_params) - resource_saved = resource.save + resource.save yield resource if block_given? - if resource_saved + if resource.persisted? if resource.active_for_authentication? set_flash_message :notice, :signed_up if is_flashing_format? sign_up(resource_name, resource) From c2fb80d4d9482cc9e923d2434556f2aadc4cbd3c Mon Sep 17 00:00:00 2001 From: Rodrigo Rosenfeld Rosas Date: Wed, 7 Jan 2015 11:35:45 -0200 Subject: [PATCH 0680/1473] Use Devise translations when inheriting from core controllers closes #3367 --- CHANGELOG.md | 2 ++ app/controllers/devise/confirmations_controller.rb | 4 ++++ app/controllers/devise/omniauth_callbacks_controller.rb | 4 ++++ app/controllers/devise/passwords_controller.rb | 4 ++++ app/controllers/devise/registrations_controller.rb | 4 ++++ app/controllers/devise/sessions_controller.rb | 4 ++++ app/controllers/devise/unlocks_controller.rb | 3 +++ app/controllers/devise_controller.rb | 9 ++++++++- 8 files changed, 33 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3922151984..18ef44b46e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ * `RegistrationsController#new` and `SessionsController#new` now yields the current resource (by @mtarnovan, @deivid-rodriguez) * Password length validation is now limited to 72 characters for newer apps (by @lleger) + * Controllers inheriting from any Devise core controller will now use appropriate translations. + The i18n scope can be overridden in `translation_scope`. ### 3.4.1 - 2014-10-29 diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index ec4aff14ce..f04f6098ec 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -44,4 +44,8 @@ def after_confirmation_path_for(resource_name, resource) new_session_path(resource_name) end end + + def translation_scope + 'devise.confirmations' + end end diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb index 92e4067613..38c6857e9a 100644 --- a/app/controllers/devise/omniauth_callbacks_controller.rb +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -27,4 +27,8 @@ def failure_message def after_omniauth_failure_path_for(scope) new_session_path(scope) end + + def translation_scope + 'devise.omniauth_callbacks' + end end diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 5e3d328524..c97d22da20 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -68,4 +68,8 @@ def unlockable?(resource) resource.respond_to?(:unlock_strategy_enabled?) && resource.unlock_strategy_enabled?(:email) end + + def translation_scope + 'devise.passwords' + end end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 4e21eb3f28..42b0f006fd 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -140,4 +140,8 @@ def sign_up_params def account_update_params devise_parameter_sanitizer.sanitize(:account_update) end + + def translation_scope + 'devise.registrations' + end end diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index c0dd1fb4f6..d6a7a28a43 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -46,6 +46,10 @@ def auth_options { scope: resource_name, recall: "#{controller_path}#new" } end + def translation_scope + 'devise.sessions' + end + private # Check if there is no signed in user before doing the sign out. diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 903dcdbbca..bcc2b16be0 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -43,4 +43,7 @@ def after_unlock_path_for(resource) new_session_path(resource) if is_navigational_format? end + def translation_scope + 'devise.unlocks' + end end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 91c6209fc1..c8cb0b4029 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -167,13 +167,20 @@ def devise_i18n_options(options) # Get message for given def find_message(kind, options = {}) - options[:scope] ||= "devise.#{controller_name}" + options[:scope] ||= translation_scope options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name options = devise_i18n_options(options) I18n.t("#{options[:resource_name]}.#{kind}", options) end + # Controllers inheriting DeviseController are advised to override this + # method so that other controllers inheriting from them would use + # existing translations. + def translation_scope + "devise.#{controller_name}" + end + def clean_up_passwords(object) object.clean_up_passwords if object.respond_to?(:clean_up_passwords) end From 7e5d0ac7362c91e1e925badee976cb91a84e78d9 Mon Sep 17 00:00:00 2001 From: Rodrigo Rosenfeld Rosas Date: Wed, 7 Jan 2015 12:25:16 -0200 Subject: [PATCH 0681/1473] Add tests for translation scope being preserved when inheriting a controller issue #3367 --- ...inherited_controller_i18n_messages_test.rb | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 test/controllers/inherited_controller_i18n_messages_test.rb diff --git a/test/controllers/inherited_controller_i18n_messages_test.rb b/test/controllers/inherited_controller_i18n_messages_test.rb new file mode 100644 index 0000000000..66d2df49f9 --- /dev/null +++ b/test/controllers/inherited_controller_i18n_messages_test.rb @@ -0,0 +1,51 @@ +require 'test_helper' + +class SessionsInheritedController < Devise::SessionsController + def test_i18n_scope + set_flash_message(:notice, :signed_in) + end +end + +class AnotherInheritedController < SessionsInheritedController + protected + + def translation_scope + 'another' + end +end + +class InheritedControllerTest < ActionController::TestCase + tests SessionsInheritedController + + def setup + @mock_warden = OpenStruct.new + @controller.request.env['warden'] = @mock_warden + @controller.request.env['devise.mapping'] = Devise.mappings[:user] + end + + test 'I18n scope is inherited from Devise::Sessions' do + I18n.expects(:t).with do |message, options| + message == 'user.signed_in' && + options[:scope] == 'devise.sessions' + end + @controller.test_i18n_scope + end +end + +class AnotherInheritedControllerTest < ActionController::TestCase + tests AnotherInheritedController + + def setup + @mock_warden = OpenStruct.new + @controller.request.env['warden'] = @mock_warden + @controller.request.env['devise.mapping'] = Devise.mappings[:user] + end + + test 'I18n scope is overridden' do + I18n.expects(:t).with do |message, options| + message == 'user.signed_in' && + options[:scope] == 'another' + end + @controller.test_i18n_scope + end +end From 1118762ce7eaa26d56c4d0000a5ac502f8356223 Mon Sep 17 00:00:00 2001 From: Kevin Bullaughey Date: Fri, 16 Jan 2015 15:29:08 -0500 Subject: [PATCH 0682/1473] apply the same change to production.rb that was put into test.rb to get rid of the depracation warning related to the config.serve_static_assets -> config.serve_static_files in Rails 4.2.0 --- test/rails_app/config/environments/production.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index 2ce2f5188b..0179871696 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -20,7 +20,11 @@ # config.action_dispatch.rack_cache = true # Disable Rails's static asset server (Apache or nginx will already do this). - config.serve_static_assets = false + if Rails.version >= "4.2.0" + config.serve_static_files = false + else + config.serve_static_assets = false + end # Compress JavaScripts and CSS. config.assets.js_compressor = :uglifier From bf2b37a39c28d3fb4f9635db44ffd6e529c5a89f Mon Sep 17 00:00:00 2001 From: Tamas Erdos Date: Sun, 18 Jan 2015 16:21:59 -0500 Subject: [PATCH 0683/1473] updating copyrights to 2015 --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 6d66ba32b5..5b378a2f9d 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2009-2014 Plataformatec. http://plataformatec.com.br +Copyright 2009-2015 Plataformatec. http://plataformatec.com.br Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index 5c0b721591..2162e3a6bb 100644 --- a/README.md +++ b/README.md @@ -524,6 +524,6 @@ https://github.com/plataformatec/devise/graphs/contributors ## License -MIT License. Copyright 2009-2014 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2015 Plataformatec. http://plataformatec.com.br You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. From 3f95ac8fec93954966f5033d378a6ff750272f50 Mon Sep 17 00:00:00 2001 From: Ronald Chan Date: Mon, 19 Jan 2015 22:27:37 +1300 Subject: [PATCH 0684/1473] Keep used confirmation tokens for more user friendly error message (fixes #3429) --- lib/devise/models/confirmable.rb | 1 - test/models/confirmable_test.rb | 31 +++++++++++++++++++------------ 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 91cc074829..42ead95d5f 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -64,7 +64,6 @@ def confirm!(args={}) return false end - self.confirmation_token = nil self.confirmed_at = Time.now.utc saved = if self.class.reconfirmable && unconfirmed_email.present? diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 10cd160d41..c4ce4e5590 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -27,13 +27,6 @@ def setup assert_not_nil user.confirmed_at end - test 'should clear confirmation token while confirming a user' do - user = create_user - assert_present user.confirmation_token - user.confirm! - assert_nil user.confirmation_token - end - test 'should verify whether a user is confirmed or not' do assert_not new_user.confirmed? user = create_user @@ -80,6 +73,16 @@ def setup assert_equal "was already confirmed, please try signing in", confirmed_user.errors[:email].join end + test 'should show error when a token has already been used' do + user = create_user + raw = user.raw_confirmation_token + User.confirm_by_token(raw) + assert user.reload.confirmed? + + confirmed_user = User.confirm_by_token(raw) + assert_equal "was already confirmed, please try signing in", confirmed_user.errors[:email].join + end + test 'should send confirmation instructions by email' do assert_email_sent "mynewuser@example.com" do create_user email: "mynewuser@example.com" @@ -165,13 +168,14 @@ def setup test 'should not reset confirmation status or token when updating email' do user = create_user + original_token = user.confirmation_token user.confirm! user.email = 'new_test@example.com' user.save! user.reload assert user.confirmed? - assert_nil user.confirmation_token + assert_equal original_token, user.confirmation_token end test 'should not be able to send instructions if the user is already confirmed' do @@ -333,17 +337,20 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should generate confirmation token after changing email' do admin = create_admin assert admin.confirm! - assert_nil admin.confirmation_token + residual_token = admin.confirmation_token assert admin.update_attributes(email: 'new_test@example.com') - assert_not_nil admin.confirmation_token + assert_not_equal residual_token, admin.confirmation_token end - test 'should not generate confirmation token if skipping reconfirmation after changing email' do + test 'should not regenerate confirmation token or require reconfirmation if skipping reconfirmation after changing email' do admin = create_admin + original_token = admin.confirmation_token assert admin.confirm! admin.skip_reconfirmation! assert admin.update_attributes(email: 'new_test@example.com') - assert_nil admin.confirmation_token + assert admin.confirmed? + assert_not admin.pending_reconfirmation? + assert_equal original_token, admin.confirmation_token end test 'should skip sending reconfirmation email when email is changed and skip_confirmation_notification! is invoked' do From 8d48bcd594058049f0976b36764247d6286650af Mon Sep 17 00:00:00 2001 From: Dave Stevens Date: Mon, 26 Jan 2015 09:07:54 +0000 Subject: [PATCH 0685/1473] Only add pepper if needed Due to bug in Ruby 2.2.0; The bug has been acknowledged and fixed in trunk. When password comes in FormEncoded the result of `gsub` breaks when peppered with `nil`. This only adds pepper if defined on the model and works around this bug. See: https://github.com/ruby/ruby/commit/622f3f14b6928ee4fe3afa96db0250eb9da32e7a --- lib/devise/models/database_authenticatable.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 28dfcace19..4e6c2f2a27 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -4,7 +4,10 @@ module Devise # Digests the password using bcrypt. def self.bcrypt(klass, password) - ::BCrypt::Password.create("#{password}#{klass.pepper}", cost: klass.stretches).to_s + if klass.pepper.present? + password = "#{password}#{klass.pepper}" + end + ::BCrypt::Password.create(password, cost: klass.stretches).to_s end module Models @@ -46,7 +49,10 @@ def password=(new_password) def valid_password?(password) return false if encrypted_password.blank? bcrypt = ::BCrypt::Password.new(encrypted_password) - password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt) + if self.class.pepper.present? + password = "#{password}#{self.class.pepper}" + end + password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt) Devise.secure_compare(password, encrypted_password) end From 252a57d9b333220713e2afba03d4e45a8dc5a0d0 Mon Sep 17 00:00:00 2001 From: Luciano Sousa Date: Mon, 2 Feb 2015 22:54:46 -0300 Subject: [PATCH 0686/1473] removing deprecation warning from rails 5 --- README.md | 2 +- lib/generators/active_record/templates/migration.rb | 2 +- lib/generators/active_record/templates/migration_existing.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2162e3a6bb..fe85d6c31d 100644 --- a/README.md +++ b/README.md @@ -460,7 +460,7 @@ Devise allows you to set up as many Devise models as you want. If you want to ha create_table :admins do |t| t.string :email t.string :encrypted_password - t.timestamps + t.timestamps, null: false end # Inside your Admin model diff --git a/lib/generators/active_record/templates/migration.rb b/lib/generators/active_record/templates/migration.rb index 7145422648..e8d72d4aec 100644 --- a/lib/generators/active_record/templates/migration.rb +++ b/lib/generators/active_record/templates/migration.rb @@ -7,7 +7,7 @@ def change t.<%= attribute.type %> :<%= attribute.name %> <% end -%> - t.timestamps + t.timestamps, null: false end add_index :<%= table_name %>, :email, unique: true diff --git a/lib/generators/active_record/templates/migration_existing.rb b/lib/generators/active_record/templates/migration_existing.rb index 1b0ff5dd61..9c27bedbb0 100644 --- a/lib/generators/active_record/templates/migration_existing.rb +++ b/lib/generators/active_record/templates/migration_existing.rb @@ -8,7 +8,7 @@ def self.up <% end -%> # Uncomment below if timestamps were not included in your original model. - # t.timestamps + # t.timestamps, null: false end add_index :<%= table_name %>, :email, unique: true From 9177bd70cfdb8827f55d4aa7b6e7ce22fbb67f9f Mon Sep 17 00:00:00 2001 From: Luciano Sousa Date: Mon, 2 Feb 2015 23:02:52 -0300 Subject: [PATCH 0687/1473] removing optional commas --- README.md | 2 +- lib/generators/active_record/templates/migration.rb | 2 +- lib/generators/active_record/templates/migration_existing.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fe85d6c31d..f76c0d3e5d 100644 --- a/README.md +++ b/README.md @@ -460,7 +460,7 @@ Devise allows you to set up as many Devise models as you want. If you want to ha create_table :admins do |t| t.string :email t.string :encrypted_password - t.timestamps, null: false + t.timestamps null: false end # Inside your Admin model diff --git a/lib/generators/active_record/templates/migration.rb b/lib/generators/active_record/templates/migration.rb index e8d72d4aec..62725d7f20 100644 --- a/lib/generators/active_record/templates/migration.rb +++ b/lib/generators/active_record/templates/migration.rb @@ -7,7 +7,7 @@ def change t.<%= attribute.type %> :<%= attribute.name %> <% end -%> - t.timestamps, null: false + t.timestamps null: false end add_index :<%= table_name %>, :email, unique: true diff --git a/lib/generators/active_record/templates/migration_existing.rb b/lib/generators/active_record/templates/migration_existing.rb index 9c27bedbb0..0dfba15d42 100644 --- a/lib/generators/active_record/templates/migration_existing.rb +++ b/lib/generators/active_record/templates/migration_existing.rb @@ -8,7 +8,7 @@ def self.up <% end -%> # Uncomment below if timestamps were not included in your original model. - # t.timestamps, null: false + # t.timestamps null: false end add_index :<%= table_name %>, :email, unique: true From 90f1d4d37ad7185dae8fbad60fcda2613af17bba Mon Sep 17 00:00:00 2001 From: Gagan Awhad Date: Wed, 4 Feb 2015 14:36:02 -0600 Subject: [PATCH 0688/1473] Add helpful comments re: 'secret_key' in devise initializer template Adding a couple comments that explain that Devise will use 'secret_key_base' on Rails 4+ applications as its 'secret_key' by default. --- lib/generators/templates/devise.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 18d3a555dd..bb44891017 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -4,6 +4,8 @@ # The secret key used by Devise. Devise uses this key to generate # random tokens. Changing this key will render invalid all existing # confirmation, reset password and unlock tokens in the database. + # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key` + # by default. You can change it below and use your own secret key. <% if rails_4? -%> # config.secret_key = '<%= SecureRandom.hex(64) %>' <% else -%> From af8d38e45b24ad06f89af254c4c0dc4c6c39f723 Mon Sep 17 00:00:00 2001 From: Jaume Prat Date: Thu, 5 Feb 2015 14:33:09 +0100 Subject: [PATCH 0689/1473] do not set :script_name option with nil --- lib/devise/failure_app.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 783d2d6e27..2c758bfa30 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -111,7 +111,10 @@ def scope_url opts[:format] = request_format unless skip_format? config = Rails.application.config - opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root)) + + if config.respond_to?(:relative_url_root) && config.relative_url_root.present? + opts[:script_name] = config.relative_url_root + end context = send(Devise.available_router_name) From 846123448301fcb394e143f65e32fa5a5cb349dc Mon Sep 17 00:00:00 2001 From: Ania Slimak Date: Thu, 12 Feb 2015 13:07:57 +0100 Subject: [PATCH 0690/1473] Extracted route to separate method to be able to override in child class --- lib/devise/failure_app.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 783d2d6e27..a66d53bddc 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -105,9 +105,13 @@ def redirect_url end end + def route(scope) + :"new_#{scope}_session_url" + end + def scope_url opts = {} - route = :"new_#{scope}_session_url" + route = route(scope) opts[:format] = request_format unless skip_format? config = Rails.application.config From 7acc7a6659834ccc6f15ab54685faf1dea41f47c Mon Sep 17 00:00:00 2001 From: Matt Brictson Date: Thu, 12 Feb 2015 16:05:58 -0800 Subject: [PATCH 0691/1473] Add warning about logged tokens to the README --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index f76c0d3e5d..1f9918b631 100644 --- a/README.md +++ b/README.md @@ -494,6 +494,20 @@ def send_devise_notification(notification, *args) end ``` +### Password reset tokens and Rails logs + +If you enable the [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: + +1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. +2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. + +Rails sets the production logger level to DEBUG by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`: + +```ruby +config.log_level = :warn +``` + + ### Other ORMs Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simply require it in the initializer file. From f0992e4a96352dbb2dfec731f46a51f99a013b29 Mon Sep 17 00:00:00 2001 From: Michael Borohovski Date: Fri, 13 Feb 2015 02:14:02 -0800 Subject: [PATCH 0692/1473] Added an option to not automatically sign in a user after a password reset. This is useful for cases where additional strategies might be needed (such as two-factor authentication, e.g.), or generally if it is considered a security risk to automatically log in a user after a password is reset. --- app/controllers/devise/passwords_controller.rb | 13 +++++++++---- lib/devise.rb | 6 +++++- lib/devise/models/recoverable.rb | 4 +++- lib/generators/templates/devise.rb | 4 ++++ test/integration/recoverable_test.rb | 13 +++++++++++++ test/rails_app/config/initializers/devise.rb | 4 ++++ 6 files changed, 38 insertions(+), 6 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index c97d22da20..3175ac5754 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -34,10 +34,15 @@ def update if resource.errors.empty? resource.unlock_access! if unlockable?(resource) - flash_message = resource.active_for_authentication? ? :updated : :updated_not_active - set_flash_message(:notice, flash_message) if is_flashing_format? - sign_in(resource_name, resource) - respond_with resource, location: after_resetting_password_path_for(resource) + if Devise.sign_in_after_reset_password + flash_message = resource.active_for_authentication? ? :updated : :updated_not_active + set_flash_message(:notice, flash_message) if is_flashing_format? + sign_in(resource_name, resource) + respond_with resource, location: after_resetting_password_path_for(resource) + else + set_flash_message(:notice, :updated_not_active) if is_flashing_format? + respond_with resource, location: new_session_path(resource_name) + end else respond_with resource end diff --git a/lib/devise.rb b/lib/devise.rb index 3be7f325bc..89b8b03a46 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -204,6 +204,10 @@ def self.#{method}=(val) mattr_accessor :reset_password_within @@reset_password_within = 6.hours + # When set to false, resetting a password does not automatically sign in a user + mattr_accessor :sign_in_after_reset_password + @@sign_in_after_reset_password = true + # The default scope which is used by warden. mattr_accessor :default_scope @@default_scope = nil @@ -362,7 +366,7 @@ def self.add_mapping(resource, options) # def self.add_module(module_name, options = {}) options.assert_valid_keys(:strategy, :model, :controller, :route, :no_input, :insert_at) - + ALL.insert (options[:insert_at] || -1), module_name if strategy = options[:strategy] diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index f5acfce212..3dce0d7c17 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -8,6 +8,8 @@ module Models # Recoverable adds the following options to devise_for: # # * +reset_password_keys+: the keys you want to use when recovering the password for an account + # * +reset_password_within+: the time period within which the password must be reset or the token expires. + # * +sign_in_after_reset_password+: whether or not to sign in the user automatically after a password reset. # # == Examples # @@ -150,7 +152,7 @@ def reset_password_by_token(attributes={}) recoverable end - Devise::Models.config(self, :reset_password_keys, :reset_password_within) + Devise::Models.config(self, :reset_password_keys, :reset_password_within, :sign_in_after_reset_password) end end end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index bb44891017..5891bc8783 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -197,6 +197,10 @@ # change their passwords. config.reset_password_within = 6.hours + # When set to false, does not sign a user in automatically after their password is + # reset. Defaults to true, so a user is signed in automatically after a reset. + # config.sign_in_after_reset_password = true + # ==> Configuration for :encryptable # Allow you to use another encryption algorithm besides bcrypt (default). You can use # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 004748eff7..d13caa8f3f 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -197,6 +197,19 @@ def reset_password(options={}, &block) assert warden.authenticated?(:user) end + test 'does not sign in user automatically after changing its password if config.sign_in_after_reset_password is false' do + swap Devise, sign_in_after_reset_password: false do + create_user + request_forgot_password + reset_password + + assert_contain 'Your password has been changed successfully.' + assert_not_contain 'You are now signed in.' + assert_equal new_user_session_path, @request.path + assert !warden.authenticated?(:user) + end + end + test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do [:none, :time].each do |strategy| swap Devise, unlock_strategy: strategy do diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index ef9a556b34..0f5c3fd0d7 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -131,6 +131,10 @@ # change their passwords. config.reset_password_within = 2.hours + # When set to false, does not sign a user in automatically after their password is + # reset. Defaults to true, so a user is signed in automatically after a reset. + # config.sign_in_after_reset_password = true + # Setup a pepper to generate the encrypted password. config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a" From ee8c13435fb80b88191c933b99975182a34d6754 Mon Sep 17 00:00:00 2001 From: redbar0n Date: Fri, 13 Feb 2015 21:43:06 +0100 Subject: [PATCH 0693/1473] Fix potential security leak in email reconfirmation flow Ref. bug/issue: https://github.com/plataformatec/devise/issues/3457 --- app/views/devise/confirmations/new.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index 454081193b..b37ea74722 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -5,7 +5,7 @@
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %> + <%= f.email_field :email, required: true, readonly: true, input_html: { value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) } %>
From 893a0222ef28930dcbb385d4b482ab4a9d10b568 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 14 Feb 2015 10:59:01 +0100 Subject: [PATCH 0694/1473] Update new.html.erb --- app/views/devise/confirmations/new.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index b37ea74722..826672f740 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -5,7 +5,7 @@
<%= f.label :email %>
- <%= f.email_field :email, required: true, readonly: true, input_html: { value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) } %> + <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
From 2992b411a283b6483a3f30c9ac2541c2e9488dc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 14 Feb 2015 11:02:13 +0100 Subject: [PATCH 0695/1473] Update authenticatable.rb --- lib/devise/models/authenticatable.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index b1faf79073..757b6e4a23 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -206,8 +206,10 @@ module ClassMethods :case_insensitive_keys, :http_authenticatable, :params_authenticatable, :skip_session_storage, :http_authentication_key) - def serialize_into_session(record) + # This is a work around a mongoid bug, that's why we do + # the whole *record.to_key dance. Hopefully we can remove + # this once mongoid generates proper to_key ids. [[*record.to_key].first.to_s, record.authenticatable_salt] end From a6a15241466a9623b6605764ffd036c2a50d1b04 Mon Sep 17 00:00:00 2001 From: George Millo Date: Sat, 14 Feb 2015 15:37:21 +0100 Subject: [PATCH 0696/1473] adding test for RegistrationsController#new yielding the resource --- .../custom_registrations_controller_test.rb | 5 +++++ .../app/controllers/custom/registrations_controller.rb | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/test/controllers/custom_registrations_controller_test.rb b/test/controllers/custom_registrations_controller_test.rb index 31a93b87b6..10e81e4826 100644 --- a/test/controllers/custom_registrations_controller_test.rb +++ b/test/controllers/custom_registrations_controller_test.rb @@ -32,4 +32,9 @@ class CustomRegistrationsControllerTest < ActionController::TestCase put :update, { user: { } } assert @controller.update_block_called?, "update failed to yield resource to provided block" end + + test "yield resource to block on new" do + get :new + assert @controller.new_block_called?, "new failed to yield resource to provided block" + end end diff --git a/test/rails_app/app/controllers/custom/registrations_controller.rb b/test/rails_app/app/controllers/custom/registrations_controller.rb index 9f1699c8ef..3864661f2d 100644 --- a/test/rails_app/app/controllers/custom/registrations_controller.rb +++ b/test/rails_app/app/controllers/custom/registrations_controller.rb @@ -1,4 +1,10 @@ class Custom::RegistrationsController < Devise::RegistrationsController + def new + super do |resource| + @new_block_called = true + end + end + def create super do |resource| @create_block_called = true @@ -18,4 +24,8 @@ def create_block_called? def update_block_called? @update_block_called == true end + + def new_block_called? + @new_block_called == true + end end From 5e12508b963de3d1d96b4d7a2445e9a7934e952e Mon Sep 17 00:00:00 2001 From: Nikolay Shebanov Date: Mon, 16 Feb 2015 19:41:38 +0300 Subject: [PATCH 0697/1473] Update message after rails g devise:controllers --- lib/generators/templates/controllers/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/controllers/README b/lib/generators/templates/controllers/README index d8fa757fd3..b130ed3354 100644 --- a/lib/generators/templates/controllers/README +++ b/lib/generators/templates/controllers/README @@ -7,7 +7,7 @@ Some setup you must do manually if you haven't yet: Rails.application.routes.draw do devise_for :users, controllers: { - sessions: 'sessions' + sessions: 'users/sessions' } end From 61ec44b76edb7f4f0df9683ebb515beb80196fe9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 19 Feb 2015 12:13:57 +0100 Subject: [PATCH 0698/1473] Rollback mongoid fix as 4.0.2 will be out soon --- lib/devise/models/authenticatable.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 757b6e4a23..097b818cc1 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -207,10 +207,7 @@ module ClassMethods :http_authentication_key) def serialize_into_session(record) - # This is a work around a mongoid bug, that's why we do - # the whole *record.to_key dance. Hopefully we can remove - # this once mongoid generates proper to_key ids. - [[*record.to_key].first.to_s, record.authenticatable_salt] + [record.to_key, record.authenticatable_salt] end def serialize_from_session(key, salt) From ac79f1e1148d38bf26f3e78f21ee79de80622820 Mon Sep 17 00:00:00 2001 From: Isaac Betesh Date: Tue, 24 Feb 2015 13:58:18 -0500 Subject: [PATCH 0699/1473] allow Devise::Models::Authenticatable to be loaded before Rails --- lib/devise/models/authenticatable.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 097b818cc1..30aecc505c 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -1,3 +1,4 @@ +require 'active_model/version' require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' @@ -97,7 +98,7 @@ def authenticatable_salt array = %w(serializable_hash) # to_xml does not call serializable_hash on 3.1 - array << "to_xml" if Rails::VERSION::STRING[0,3] == "3.1" + array << "to_xml" if ActiveModel::VERSION::STRING[0,3] == "3.1" array.each do |method| class_eval <<-RUBY, __FILE__, __LINE__ From f038c36161f26dd4a15f464fcb43273c75c01c36 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 27 Feb 2015 14:16:54 -0300 Subject: [PATCH 0700/1473] Use SVG badges in the README. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1f9918b631..51d1d9000d 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ By [Plataformatec](http://plataformatec.com.br/). -[![Build Status](https://api.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise) -[![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise) +[![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise) +[![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise) [![Security](https://hakiri.io/github/plataformatec/devise/master.svg)](https://hakiri.io/github/plataformatec/devise/master) This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). From e1b9dc860f89727f9c4569132e2502a6bea5b75d Mon Sep 17 00:00:00 2001 From: Dave Copeland Date: Sun, 1 Mar 2015 15:05:20 -0500 Subject: [PATCH 0701/1473] remove use of hide_action in favor of protected Rails 5 will [not have `hide_action` any longer](https://github.com/rails/rails/pull/18371/files), as the Rails convention is to not expose private or protected methods as actions, thus obviating the need for `hide_action`. Presumably, there is code inheriting from `DeviseController` that is calling these helpers, so they cannot be private, so protected seems to be the only way to get Devise working with Rails 5. --- app/controllers/devise_controller.rb | 7 +++---- test/controllers/internal_helpers_test.rb | 8 ++++---- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index c8cb0b4029..59ca55f661 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -6,12 +6,13 @@ class DeviseController < Devise.parent_controller.constantize helpers = %w(resource scope_name resource_name signed_in_resource resource_class resource_params devise_mapping) - hide_action(*helpers) helper_method(*helpers) prepend_before_filter :assert_is_devise_resource! respond_to :html if mimes_for_respond_to.empty? + protected + # Gets the actual resource stored in the instance variable def resource instance_variable_get(:"@#{resource_name}") @@ -38,6 +39,7 @@ def devise_mapping @devise_mapping ||= request.env["devise.mapping"] end + # Override prefixes to consider the scoped view. # Notice we need to check for the request due to a bug in # Action Controller tests that forces _prefixes to be @@ -50,9 +52,6 @@ def _prefixes #:nodoc: end end - hide_action :_prefixes - - protected # Checks whether it's a devise mapped resource or not. def assert_is_devise_resource! #:nodoc: diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index c13c9917f9..2ba50306bd 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -13,16 +13,16 @@ def setup end test 'get resource name from env' do - assert_equal :user, @controller.resource_name + assert_equal :user, @controller.send(:resource_name) end test 'get resource class from env' do - assert_equal User, @controller.resource_class + assert_equal User, @controller.send(:resource_class) end test 'get resource instance variable from env' do @controller.instance_variable_set(:@user, user = User.new) - assert_equal user, @controller.resource + assert_equal user, @controller.send(:resource) end test 'set resource instance variable from env' do @@ -80,7 +80,7 @@ def setup test 'signed in resource returns signed in resource for current scope' do @mock_warden.expects(:authenticate).with(scope: :user).returns(User.new) - assert_kind_of User, @controller.signed_in_resource + assert_kind_of User, @controller.send(:signed_in_resource) end test 'is a devise controller' do From 8d5c2c4fd990624234b903c92d777e47023ff0b3 Mon Sep 17 00:00:00 2001 From: Grzegorz Witek Date: Tue, 3 Mar 2015 23:51:10 +0800 Subject: [PATCH 0702/1473] Remove redundant `remember_created_at.nil?` `remember_expired?` already calls this method --- lib/devise/models/rememberable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index e016fd78b3..2eec42fc0e 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -111,7 +111,7 @@ def generate_remember_token? #:nodoc: # Generate a timestamp if extend_remember_period is true, if no remember_token # exists, or if an existing remember token has expired. def generate_remember_timestamp?(extend_period) #:nodoc: - extend_period || remember_created_at.nil? || remember_expired? + extend_period || remember_expired? end module ClassMethods From 4837bb0a4e5a1ea00e732f48ee2acef90606a31e Mon Sep 17 00:00:00 2001 From: Scott Jacobsen Date: Tue, 3 Mar 2015 22:37:25 -0700 Subject: [PATCH 0703/1473] Allow objects to specify their devise scope. Introspecting the scope of an object can make it difficult to use wrapper patterns. See issue plataformatec/devise#3307 for an example. Allow objects to specify their scope explicitly by implementing `devise_scope`. --- lib/devise/mapping.rb | 1 + test/mapping_test.rb | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 5c40f762c8..af4a14127a 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -31,6 +31,7 @@ class Mapping #:nodoc: # Receives an object and find a scope for it. If a scope cannot be found, # raises an error. If a symbol is given, it's considered to be the scope. def self.find_scope!(obj) + obj = obj.devise_scope if obj.respond_to?(:devise_scope) case obj when String, Symbol return obj.to_sym diff --git a/test/mapping_test.rb b/test/mapping_test.rb index d22bf0bc2e..2159997c58 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -71,6 +71,12 @@ def fake_request(path, params={}) assert_equal :user, Devise::Mapping.find_scope!(Class.new(User).new) end + test 'find scope uses devise_scope' do + user = User.new + def user.devise_scope; :special_scope; end + assert_equal :special_scope, Devise::Mapping.find_scope!(user) + end + test 'find scope raises an error if cannot be found' do assert_raise RuntimeError do Devise::Mapping.find_scope!(String) From d1d5996b6b107e59baa486f11209ca25d4f4a998 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Mar 2015 13:54:32 -0300 Subject: [PATCH 0704/1473] Remove deprecated methods related to token authentication These methods have no effect since Devise 3.2.0, released in Nov 2013. --- lib/devise.rb | 16 ---------------- test/rails_app/config/initializers/devise.rb | 4 ---- 2 files changed, 20 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 89b8b03a46..368d682cb0 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -57,22 +57,6 @@ module Strategies mattr_accessor :secret_key @@secret_key = nil - [ :allow_insecure_token_lookup, - :allow_insecure_sign_in_after_confirmation, - :token_authentication_key ].each do |method| - class_eval <<-RUBY - def self.#{method} - ActiveSupport::Deprecation.warn "Devise.#{method} is deprecated " \ - "and has no effect" - end - - def self.#{method}=(val) - ActiveSupport::Deprecation.warn "Devise.#{method}= is deprecated " \ - "and has no effect" - end - RUBY - end - # Custom domain or key for cookies. Not set by default mattr_accessor :rememberable_options @@rememberable_options = {} diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 0f5c3fd0d7..c7fb49ca71 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -138,10 +138,6 @@ # Setup a pepper to generate the encrypted password. config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a" - # ==> Configuration for :token_authenticatable - # Defines name of the authentication token params key - # config.token_authentication_key = :auth_token - # ==> Scopes configuration # Turn scoped views on. Before rendering "sessions/new", it will first check for # "users/sessions/new". It's turned off by default because it's slower if you From 1ab2d51308b44c7fef9797c0a2881bb559f04f36 Mon Sep 17 00:00:00 2001 From: Kosmas Chatzimichalis Date: Tue, 17 Feb 2015 13:25:09 +0100 Subject: [PATCH 0705/1473] removed spaces inside square brackets --- lib/devise.rb | 10 +++++----- lib/generators/templates/devise.rb | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 368d682cb0..09c9c5a922 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -71,7 +71,7 @@ module Strategies # Keys used when authenticating a user. mattr_accessor :authentication_keys - @@authentication_keys = [ :email ] + @@authentication_keys = [:email] # Request keys used when authenticating a user. mattr_accessor :request_keys @@ -79,7 +79,7 @@ module Strategies # Keys that should be case-insensitive. mattr_accessor :case_insensitive_keys - @@case_insensitive_keys = [ :email ] + @@case_insensitive_keys = [:email] # Keys that should have whitespace stripped. mattr_accessor :strip_whitespace_keys @@ -134,7 +134,7 @@ module Strategies # Defines which key will be used when confirming an account. mattr_accessor :confirmation_keys - @@confirmation_keys = [ :email ] + @@confirmation_keys = [:email] # Defines if email should be reconfirmable. # False by default for backwards compatibility. @@ -165,7 +165,7 @@ module Strategies # Defines which key will be used when locking and unlocking an account mattr_accessor :unlock_keys - @@unlock_keys = [ :email ] + @@unlock_keys = [:email] # Defines which strategy can be used to unlock an account. # Values: :email, :time, :both @@ -182,7 +182,7 @@ module Strategies # Defines which key will be used when recovering the password for an account mattr_accessor :reset_password_keys - @@reset_password_keys = [ :email ] + @@reset_password_keys = [:email] # Time interval you can reset your password with a reset password key mattr_accessor :reset_password_within diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 5891bc8783..b9fc2502f4 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -47,12 +47,12 @@ # Configure which authentication keys should be case-insensitive. # These keys will be downcased upon creating or modifying a user and when used # to authenticate or find a user. Default is :email. - config.case_insensitive_keys = [ :email ] + config.case_insensitive_keys = [:email] # Configure which authentication keys should have whitespace stripped. # These keys will have whitespace before and after removed upon creating or # modifying a user and when used to authenticate or find a user. Default is :email. - config.strip_whitespace_keys = [ :email ] + config.strip_whitespace_keys = [:email] # Tell if authentication through request.params is enabled. True by default. # It can be set to an array that will enable params authentication only for the @@ -128,7 +128,7 @@ config.reconfirmable = true # Defines which key will be used when confirming an account - # config.confirmation_keys = [ :email ] + # config.confirmation_keys = [:email] # ==> Configuration for :rememberable # The time the user will be remembered without asking for credentials again. @@ -168,7 +168,7 @@ # config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account - # config.unlock_keys = [ :email ] + # config.unlock_keys = [:email] # Defines which strategy will be used to unlock an account. # :email = Sends an unlock link to the user email @@ -190,7 +190,7 @@ # ==> Configuration for :recoverable # # Defines which key will be used when recovering the password for an account - # config.reset_password_keys = [ :email ] + # config.reset_password_keys = [:email] # Time interval you can reset your password with a reset password key. # Don't put a too small interval or your users won't have the time to From 868d3d82a014509167ccd7dd3e794171011bffe1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Mar 2015 13:48:14 -0300 Subject: [PATCH 0706/1473] Do a final pass removing spaces around square brackets Keep plataformatec guidelines and review tools happy. Related to #3480. --- app/controllers/devise/registrations_controller.rb | 2 +- app/controllers/devise/sessions_controller.rb | 4 ++-- lib/devise/controllers/sign_in_out.rb | 2 +- lib/devise/models/validatable.rb | 4 ++-- lib/devise/rails/routes.rb | 2 +- lib/generators/templates/devise.rb | 2 +- test/rails_app/config/application.rb | 2 +- test/rails_app/config/environments/production.rb | 2 +- test/rails_app/config/initializers/devise.rb | 12 ++++++------ test/test_models.rb | 4 ++-- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 42b0f006fd..36dcd825b5 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -1,5 +1,5 @@ class Devise::RegistrationsController < DeviseController - prepend_before_filter :require_no_authentication, only: [ :new, :create, :cancel ] + prepend_before_filter :require_no_authentication, only: [:new, :create, :cancel] prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy] # GET /resource/sign_up diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index d6a7a28a43..d8d18d789e 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -1,8 +1,8 @@ class Devise::SessionsController < DeviseController - prepend_before_filter :require_no_authentication, only: [ :new, :create ] + prepend_before_filter :require_no_authentication, only: [:new, :create] prepend_before_filter :allow_params_authentication!, only: :create prepend_before_filter :verify_signed_out_user, only: :destroy - prepend_before_filter only: [ :create, :destroy ] { request.env["devise.skip_timeout"] = true } + prepend_before_filter only: [:create, :destroy] { request.env["devise.skip_timeout"] = true } # GET /resource/sign_in def new diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 8516d434ad..c8ab6ac7c4 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -6,7 +6,7 @@ module SignInOut # Return true if the given scope is signed in session. If no scope given, return # true if any scope is signed in. Does not run authentication hooks. def signed_in?(scope=nil) - [ scope || Devise.mappings.keys ].flatten.any? do |_scope| + [scope || Devise.mappings.keys].flatten.any? do |_scope| warden.authenticate?(scope: _scope) end end diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index bd21fbf66d..3a08037047 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -14,8 +14,8 @@ module Models # module Validatable # All validations used by this module. - VALIDATIONS = [ :validates_presence_of, :validates_uniqueness_of, :validates_format_of, - :validates_confirmation_of, :validates_length_of ].freeze + VALIDATIONS = [:validates_presence_of, :validates_uniqueness_of, :validates_format_of, + :validates_confirmation_of, :validates_length_of].freeze def self.required_fields(klass) [] diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 23991f3e01..9f0cf5812c 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -119,7 +119,7 @@ class Mapper # * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get), # if you wish to restrict this to accept only :post or :delete requests you should do: # - # devise_for :users, sign_out_via: [ :post, :delete ] + # devise_for :users, sign_out_via: [:post, :delete] # # You need to make sure that your sign_out controls trigger a request with a matching HTTP method. # diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index b9fc2502f4..020bfc3472 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -35,7 +35,7 @@ # session. If you need permissions, you should implement that in a before filter. # You can also supply a hash where the value is a boolean determining whether # or not authentication should be aborted when the value is not present. - # config.authentication_keys = [ :email ] + # config.authentication_keys = [:email] # Configure parameters from the request object used for authentication. Each entry # given should be a request method and it will automatically be passed to the diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 91c75cb942..351b7c6ae4 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -17,7 +17,7 @@ module RailsApp class Application < Rails::Application # Add additional load paths for your own custom dirs config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) } - config.autoload_paths += [ "#{config.root}/app/#{DEVISE_ORM}" ] + config.autoload_paths += ["#{config.root}/app/#{DEVISE_ORM}"] # Configure generators values. Many other options are available, be sure to check the documentation. # config.generators do |g| diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index 0179871696..6a13ede1ba 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -50,7 +50,7 @@ config.log_level = :info # Prepend all log lines with the following tags. - # config.log_tags = [ :subdomain, :uuid ] + # config.log_tags = [:subdomain, :uuid] # Use a different logger for distributed setups. # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index c7fb49ca71..a39c4504e4 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -31,7 +31,7 @@ # session. If you need permissions, you should implement that in a before filter. # You can also supply hash where the value is a boolean expliciting if authentication # should be aborted or not if the value is not present. By default is empty. - # config.authentication_keys = [ :email ] + # config.authentication_keys = [:email] # Configure parameters from the request object used for authentication. Each entry # given should be a request method and it will automatically be passed to @@ -43,12 +43,12 @@ # Configure which authentication keys should be case-insensitive. # These keys will be downcased upon creating or modifying a user and when used # to authenticate or find a user. Default is :email. - config.case_insensitive_keys = [ :email ] + config.case_insensitive_keys = [:email] # Configure which authentication keys should have whitespace stripped. # These keys will have whitespace before and after removed upon creating or # modifying a user and when used to authenticate or find a user. Default is :email. - config.strip_whitespace_keys = [ :email ] + config.strip_whitespace_keys = [:email] # Tell if authentication through request.params is enabled. True by default. # config.params_authenticatable = true @@ -77,7 +77,7 @@ # config.allow_unconfirmed_access_for = 2.days # Defines which key will be used when confirming an account - # config.confirmation_keys = [ :email ] + # config.confirmation_keys = [:email] # ==> Configuration for :rememberable # The time the user will be remembered without asking for credentials again. @@ -105,7 +105,7 @@ # config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account - # config.unlock_keys = [ :email ] + # config.unlock_keys = [:email] # Defines which strategy will be used to unlock an account. # :email = Sends an unlock link to the user email @@ -124,7 +124,7 @@ # ==> Configuration for :recoverable # # Defines which key will be used when recovering the password for an account - # config.reset_password_keys = [ :email ] + # config.reset_password_keys = [:email] # Time interval you can reset your password with a reset password key. # Don't put a too small interval or your users won't have the time to diff --git a/test/test_models.rb b/test/test_models.rb index ee19b84aed..3c1f1787a5 100644 --- a/test/test_models.rb +++ b/test/test_models.rb @@ -20,8 +20,8 @@ def password_digest(password) end class UserWithVirtualAttributes < User - devise case_insensitive_keys: [ :email, :email_confirmation ] - validates :email, presence: true, confirmation: {on: :create} + devise case_insensitive_keys: [:email, :email_confirmation] + validates :email, presence: true, confirmation: { on: :create } end class Several < Admin From 9aa72db3656e6b0e84683f7dc8dad639415c78c0 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 15 Mar 2015 02:09:46 +0300 Subject: [PATCH 0707/1473] Remove extra space. [ci skip] --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 42ead95d5f..07adbe4835 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -201,7 +201,7 @@ def confirmation_period_valid? # confirmation_period_expired? # will always return false # def confirmation_period_expired? - self.class.confirm_within && (Time.now > self.confirmation_sent_at + self.class.confirm_within ) + self.class.confirm_within && (Time.now > self.confirmation_sent_at + self.class.confirm_within) end # Checks whether the record requires any confirmation. From 70ab38839fe99c65be06c9a70fd4797c7fffa885 Mon Sep 17 00:00:00 2001 From: Ian Ker-Seymer Date: Tue, 17 Mar 2015 15:19:23 -0600 Subject: [PATCH 0708/1473] Use `password.present?` in DatabaseAuthenticatable strategy In order to be more clear about the expectations of for authenticating, we use `password.present?` so there is no confusion about the role of the `valid_password?` method. More info: https://github.com/plataformatec/devise/issues/3519 --- lib/devise/strategies/database_authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index 2a8e91d01b..42880acfb1 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -5,7 +5,7 @@ module Strategies # Default strategy for signing in a user, based on their email and password in the database. class DatabaseAuthenticatable < Authenticatable def authenticate! - resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) + resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash) encrypted = false if validate(resource){ encrypted = true; resource.valid_password?(password) } From 8743ce6cf8ced4e9f5849e370e7a64a1066c9972 Mon Sep 17 00:00:00 2001 From: Ian Ker-Seymer Date: Tue, 17 Mar 2015 15:21:59 -0600 Subject: [PATCH 0709/1473] Clearly comment on the functionality of valid_password? --- lib/devise/strategies/authenticatable.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 1e2055ec30..29bb50a79b 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -108,7 +108,10 @@ def valid_params? params_auth_hash.is_a?(Hash) end - # Check if password is present. + # Note: unlike `Model.valid_password?`, this method does not actually + # ensure that the password in the params matches the password stored in + # the database. It only checks if the password is *present*. Do not rely + # on this method for validating that a given password is correct. def valid_password? password.present? end From 79c6f47ad3471e4ec652801fae2ecd91998e400c Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 24 Mar 2015 09:00:28 -0300 Subject: [PATCH 0710/1473] Bundle update --- Gemfile | 2 +- Gemfile.lock | 102 ++++++++++---------- gemfiles/Gemfile.rails-3.2-stable.lock | 30 +++--- gemfiles/Gemfile.rails-4.0-stable.lock | 78 ++++++++-------- gemfiles/Gemfile.rails-4.1-stable.lock | 91 +++++++++--------- gemfiles/Gemfile.rails-4.2-stable.lock | 124 ++++++++++++------------- 6 files changed, 212 insertions(+), 215 deletions(-) diff --git a/Gemfile b/Gemfile index 43ada899a7..99d0ec97c4 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "4.2.0" +gem "rails", "4.2.1" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index df08756bba..d5ef9bf034 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -23,74 +23,74 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.0) - actionpack (= 4.2.0) - actionview (= 4.2.0) - activejob (= 4.2.0) + actionmailer (4.2.1) + actionpack (= 4.2.1) + actionview (= 4.2.1) + activejob (= 4.2.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.0) - actionview (= 4.2.0) - activesupport (= 4.2.0) - rack (~> 1.6.0) + actionpack (4.2.1) + actionview (= 4.2.1) + activesupport (= 4.2.1) + rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.0) - activesupport (= 4.2.0) + actionview (4.2.1) + activesupport (= 4.2.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.0) - activesupport (= 4.2.0) + activejob (4.2.1) + activesupport (= 4.2.1) globalid (>= 0.3.0) - activemodel (4.2.0) - activesupport (= 4.2.0) + activemodel (4.2.1) + activesupport (= 4.2.1) builder (~> 3.1) - activerecord (4.2.0) - activemodel (= 4.2.0) - activesupport (= 4.2.0) + activerecord (4.2.1) + activemodel (= 4.2.1) + activesupport (= 4.2.1) arel (~> 6.0) - activesupport (4.2.0) + activesupport (4.2.1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) arel (6.0.0) - bcrypt (3.1.9) + bcrypt (3.1.10) bson (2.3.0) builder (3.2.2) - connection_pool (2.1.0) + connection_pool (2.1.3) erubis (2.7.0) - faraday (0.9.0) + faraday (0.9.1) multipart-post (>= 1.2, < 3) - globalid (0.3.0) + globalid (0.3.3) activesupport (>= 4.1.0) - hashie (3.3.2) + hashie (3.4.0) hike (1.2.3) i18n (0.7.0) - json (1.8.1) - jwt (1.2.0) + json (1.8.2) + jwt (1.4.1) loofah (2.0.1) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) mime-types (2.4.3) - mini_portile (0.6.1) - minitest (5.5.0) + mini_portile (0.6.2) + minitest (5.5.1) mocha (1.1.0) metaclass (~> 0.0.1) - moped (2.0.2) + moped (2.0.4) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.10.1) + multi_json (1.11.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.5) + nokogiri (1.6.6.2) mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -118,49 +118,49 @@ GEM rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (0.6.2) + rack-test (0.6.3) rack (>= 1.0) - rails (4.2.0) - actionmailer (= 4.2.0) - actionpack (= 4.2.0) - actionview (= 4.2.0) - activejob (= 4.2.0) - activemodel (= 4.2.0) - activerecord (= 4.2.0) - activesupport (= 4.2.0) + rails (4.2.1) + actionmailer (= 4.2.1) + actionpack (= 4.2.1) + actionview (= 4.2.1) + activejob (= 4.2.1) + activemodel (= 4.2.1) + activerecord (= 4.2.1) + activesupport (= 4.2.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0) + railties (= 4.2.1) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.5) + rails-dom-testing (1.0.6) activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.1) + rails-html-sanitizer (1.0.2) loofah (~> 2.0) - railties (4.2.0) - actionpack (= 4.2.0) - activesupport (= 4.2.0) + railties (4.2.1) + actionpack (= 4.2.1) + activesupport (= 4.2.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.4.2) rdoc (4.2.0) - responders (2.0.2) - railties (>= 4.2.0.alpha, < 5) - ruby-openid (2.6.0) + responders (2.1.0) + railties (>= 4.2.0, < 5) + ruby-openid (2.7.0) sprockets (2.12.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.2) + sprockets-rails (2.2.4) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.10) thor (0.19.1) - thread_safe (0.3.4) + thread_safe (0.3.5) tilt (1.4.1) tzinfo (1.2.2) thread_safe (~> 0.1) @@ -185,7 +185,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (= 4.2.0) + rails (= 4.2.1) rdoc sqlite3 webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index a6cd2c374c..cf6725cabb 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: ba886f73a2b4a06f3400f0698290c54566639b6a + revision: b344986bc3d94ca7821fc5e0eef1874882ac6cbb branch: 3-2-stable specs: actionmailer (3.2.21) @@ -61,23 +61,23 @@ GEM remote: https://rubygems.org/ specs: arel (3.0.3) - bcrypt (3.1.9) + bcrypt (3.1.10) builder (3.0.4) erubis (2.7.0) - faraday (0.9.0) + faraday (0.9.1) multipart-post (>= 1.2, < 3) - hashie (3.3.1) + hashie (3.4.0) hike (1.2.3) - i18n (0.6.11) + i18n (0.7.0) journey (1.0.4) - json (1.8.1) - jwt (1.0.0) + json (1.8.2) + jwt (1.4.1) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.4) mime-types (1.25.1) - mini_portile (0.6.1) + mini_portile (0.6.2) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (3.1.6) @@ -86,10 +86,10 @@ GEM origin (~> 1.0) tzinfo (~> 0.3.29) moped (1.5.2) - multi_json (1.10.1) + multi_json (1.11.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.4.1) + nokogiri (1.6.6.2) mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -121,14 +121,14 @@ GEM ruby-openid (>= 2.1.8) rack-ssl (1.3.4) rack - rack-test (0.6.2) + rack-test (0.6.3) rack (>= 1.0) - rake (10.3.2) + rake (10.4.2) rdoc (3.12.2) json (~> 1.4) responders (1.1.2) railties (>= 3.2, < 4.2) - ruby-openid (2.6.0) + ruby-openid (2.7.0) sprockets (2.2.3) hike (~> 1.2) multi_json (~> 1.0) @@ -136,12 +136,12 @@ GEM tilt (~> 1.1, != 1.3.0) sqlite3 (1.3.10) thor (0.19.1) - thread_safe (0.3.4) + thread_safe (0.3.5) tilt (1.4.1) treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.42) + tzinfo (0.3.43) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index cf041a81c3..cee515c51e 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -1,42 +1,42 @@ GIT remote: git://github.com/rails/rails.git - revision: 690bdf9e65713a6da55a9e3a4ba28245c0c75671 + revision: 7ec9c9635bf4d57009135ed11e89d8bf32306d73 branch: 4-0-stable specs: - actionmailer (4.0.12) - actionpack (= 4.0.12) + actionmailer (4.0.13) + actionpack (= 4.0.13) mail (~> 2.5, >= 2.5.4) - actionpack (4.0.12) - activesupport (= 4.0.12) + actionpack (4.0.13) + activesupport (= 4.0.13) builder (~> 3.1.0) erubis (~> 2.7.0) rack (~> 1.5.2) rack-test (~> 0.6.2) - activemodel (4.0.12) - activesupport (= 4.0.12) + activemodel (4.0.13) + activesupport (= 4.0.13) builder (~> 3.1.0) - activerecord (4.0.12) - activemodel (= 4.0.12) + activerecord (4.0.13) + activemodel (= 4.0.13) activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.12) + activesupport (= 4.0.13) arel (~> 4.0.0) - activesupport (4.0.12) + activesupport (4.0.13) i18n (~> 0.6, >= 0.6.9) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) tzinfo (~> 0.3.37) - rails (4.0.12) - actionmailer (= 4.0.12) - actionpack (= 4.0.12) - activerecord (= 4.0.12) - activesupport (= 4.0.12) + rails (4.0.13) + actionmailer (= 4.0.13) + actionpack (= 4.0.13) + activerecord (= 4.0.13) + activesupport (= 4.0.13) bundler (>= 1.3.0, < 2.0) - railties (= 4.0.12) + railties (= 4.0.13) sprockets-rails (~> 2.0) - railties (4.0.12) - actionpack (= 4.0.12) - activesupport (= 4.0.12) + railties (4.0.13) + actionpack (= 4.0.13) + activesupport (= 4.0.13) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -56,39 +56,38 @@ GEM specs: activerecord-deprecated_finders (1.0.3) arel (4.0.2) - bcrypt (3.1.9) + bcrypt (3.1.10) bson (2.3.0) builder (3.1.4) - connection_pool (2.1.0) + connection_pool (2.1.3) erubis (2.7.0) - faraday (0.9.0) + faraday (0.9.1) multipart-post (>= 1.2, < 3) - hashie (3.3.1) + hashie (3.4.0) hike (1.2.3) - i18n (0.6.11) - json (1.8.1) - jwt (1.0.0) + i18n (0.7.0) + jwt (1.4.1) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) mime-types (2.4.3) - mini_portile (0.6.1) + mini_portile (0.6.2) minitest (4.7.5) mocha (1.1.0) metaclass (~> 0.0.1) - mongoid (4.0.0) + mongoid (4.0.2) activemodel (~> 4.0) moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.2) + moped (2.0.4) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.10.1) + multi_json (1.11.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.4.1) + nokogiri (1.6.6.2) mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -116,28 +115,27 @@ GEM rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (0.6.2) + rack-test (0.6.3) rack (>= 1.0) - rake (10.3.2) - rdoc (4.1.2) - json (~> 1.4) + rake (10.4.2) + rdoc (4.2.0) responders (1.1.2) railties (>= 3.2, < 4.2) - ruby-openid (2.6.0) + ruby-openid (2.7.0) sprockets (2.12.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.0) + sprockets-rails (2.2.4) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.10) thor (0.19.1) - thread_safe (0.3.4) + thread_safe (0.3.5) tilt (1.4.1) - tzinfo (0.3.42) + tzinfo (0.3.43) warden (1.2.3) rack (>= 1.0) webrat (0.7.3) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 5fea34ee28..3460d6722e 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,47 +1,47 @@ GIT remote: git://github.com/rails/rails.git - revision: 042c7cb9ccfb771dcfd3dcacb7cb2d19d3747853 + revision: bf32ec7b8611e6b4c7e9398f7d297a1f0221e9b9 branch: 4-1-stable specs: - actionmailer (4.1.8) - actionpack (= 4.1.8) - actionview (= 4.1.8) + actionmailer (4.1.10) + actionpack (= 4.1.10) + actionview (= 4.1.10) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.8) - actionview (= 4.1.8) - activesupport (= 4.1.8) + actionpack (4.1.10) + actionview (= 4.1.10) + activesupport (= 4.1.10) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.8) - activesupport (= 4.1.8) + actionview (4.1.10) + activesupport (= 4.1.10) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.8) - activesupport (= 4.1.8) + activemodel (4.1.10) + activesupport (= 4.1.10) builder (~> 3.1) - activerecord (4.1.8) - activemodel (= 4.1.8) - activesupport (= 4.1.8) + activerecord (4.1.10) + activemodel (= 4.1.10) + activesupport (= 4.1.10) arel (~> 5.0.0) - activesupport (4.1.8) + activesupport (4.1.10) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - rails (4.1.8) - actionmailer (= 4.1.8) - actionpack (= 4.1.8) - actionview (= 4.1.8) - activemodel (= 4.1.8) - activerecord (= 4.1.8) - activesupport (= 4.1.8) + rails (4.1.10) + actionmailer (= 4.1.10) + actionpack (= 4.1.10) + actionview (= 4.1.10) + activemodel (= 4.1.10) + activerecord (= 4.1.10) + activesupport (= 4.1.10) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.8) + railties (= 4.1.10) sprockets-rails (~> 2.0) - railties (4.1.8) - actionpack (= 4.1.8) - activesupport (= 4.1.8) + railties (4.1.10) + actionpack (= 4.1.10) + activesupport (= 4.1.10) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -60,39 +60,39 @@ GEM remote: https://rubygems.org/ specs: arel (5.0.1.20140414130214) - bcrypt (3.1.9) + bcrypt (3.1.10) bson (2.3.0) builder (3.2.2) - connection_pool (2.1.0) + connection_pool (2.1.3) erubis (2.7.0) - faraday (0.9.0) + faraday (0.9.1) multipart-post (>= 1.2, < 3) - hashie (3.3.1) + hashie (3.4.0) hike (1.2.3) - i18n (0.6.11) - json (1.8.1) - jwt (1.0.0) + i18n (0.7.0) + json (1.8.2) + jwt (1.4.1) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) mime-types (2.4.3) - mini_portile (0.6.1) - minitest (5.4.3) + mini_portile (0.6.2) + minitest (5.5.1) mocha (1.1.0) metaclass (~> 0.0.1) - mongoid (4.0.0) + mongoid (4.0.2) activemodel (~> 4.0) moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.2) + moped (2.0.4) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.10.1) + multi_json (1.11.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.4.1) + nokogiri (1.6.6.2) mini_portile (~> 0.6.0) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -120,26 +120,25 @@ GEM rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (0.6.2) + rack-test (0.6.3) rack (>= 1.0) - rake (10.3.2) - rdoc (4.1.2) - json (~> 1.4) + rake (10.4.2) + rdoc (4.2.0) responders (1.1.2) railties (>= 3.2, < 4.2) - ruby-openid (2.6.0) + ruby-openid (2.7.0) sprockets (2.12.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.0) + sprockets-rails (2.2.4) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.10) thor (0.19.1) - thread_safe (0.3.4) + thread_safe (0.3.5) tilt (1.4.1) tzinfo (1.2.2) thread_safe (~> 0.1) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 2729f03f9e..076688b898 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,62 +1,62 @@ GIT remote: git://github.com/rails/rails.git - revision: 3a388cb26b143294c42d2cc0e44ca212065175ad + revision: f12ff8ddab7b199707ec36d72bd72f206f142c8b branch: 4-2-stable specs: - actionmailer (4.2.0) - actionpack (= 4.2.0) - actionview (= 4.2.0) - activejob (= 4.2.0) + actionmailer (4.2.1) + actionpack (= 4.2.1) + actionview (= 4.2.1) + activejob (= 4.2.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.0) - actionview (= 4.2.0) - activesupport (= 4.2.0) - rack (~> 1.6.0) + actionpack (4.2.1) + actionview (= 4.2.1) + activesupport (= 4.2.1) + rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.0) - activesupport (= 4.2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (4.2.1) + activesupport (= 4.2.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.0) - activesupport (= 4.2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + activejob (4.2.1) + activesupport (= 4.2.1) globalid (>= 0.3.0) - activemodel (4.2.0) - activesupport (= 4.2.0) + activemodel (4.2.1) + activesupport (= 4.2.1) builder (~> 3.1) - activerecord (4.2.0) - activemodel (= 4.2.0) - activesupport (= 4.2.0) + activerecord (4.2.1) + activemodel (= 4.2.1) + activesupport (= 4.2.1) arel (~> 6.0) - activesupport (4.2.0) + activesupport (4.2.1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - rails (4.2.0) - actionmailer (= 4.2.0) - actionpack (= 4.2.0) - actionview (= 4.2.0) - activejob (= 4.2.0) - activemodel (= 4.2.0) - activerecord (= 4.2.0) - activesupport (= 4.2.0) + rails (4.2.1) + actionmailer (= 4.2.1) + actionpack (= 4.2.1) + actionview (= 4.2.1) + activejob (= 4.2.1) + activemodel (= 4.2.1) + activerecord (= 4.2.1) + activesupport (= 4.2.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.0) + railties (= 4.2.1) sprockets-rails - railties (4.2.0) - actionpack (= 4.2.0) - activesupport (= 4.2.0) + railties (4.2.1) + actionpack (= 4.2.1) + activesupport (= 4.2.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) PATH - remote: . + remote: .. specs: devise (3.4.1) bcrypt (~> 3.0) @@ -70,43 +70,43 @@ GEM remote: https://rubygems.org/ specs: arel (6.0.0) - bcrypt (3.1.9) + bcrypt (3.1.10) bson (2.3.0) builder (3.2.2) - connection_pool (2.1.0) + connection_pool (2.1.3) erubis (2.7.0) - faraday (0.9.0) + faraday (0.9.1) multipart-post (>= 1.2, < 3) - globalid (0.3.0) + globalid (0.3.3) activesupport (>= 4.1.0) - hashie (3.3.2) + hashie (3.4.0) hike (1.2.3) i18n (0.7.0) - json (1.8.1) - jwt (1.2.0) + json (1.8.2) + jwt (1.4.1) loofah (2.0.1) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) mime-types (2.4.3) - mini_portile (0.6.1) - minitest (5.5.0) + mini_portile (0.6.2) + minitest (5.5.1) mocha (1.1.0) metaclass (~> 0.0.1) - mongoid (4.0.0) + mongoid (4.0.2) activemodel (~> 4.0) moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.2) + moped (2.0.4) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.10.1) + multi_json (1.11.0) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.5) + nokogiri (1.6.6.2) mini_portile (~> 0.6.0) oauth2 (1.0.0) faraday (>= 0.8, < 0.10) @@ -117,7 +117,7 @@ GEM omniauth (1.2.2) hashie (>= 1.2, < 4) rack (~> 1.0) - omniauth-facebook (2.0.0) + omniauth-facebook (2.0.1) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.2.0) faraday (>= 0.8, < 0.10) @@ -134,33 +134,33 @@ GEM rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (0.6.2) + rack-test (0.6.3) rack (>= 1.0) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.5) + rails-dom-testing (1.0.6) activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.1) + rails-html-sanitizer (1.0.2) loofah (~> 2.0) rake (10.4.2) rdoc (4.2.0) - responders (2.0.2) - railties (>= 4.2.0.alpha, < 5) - ruby-openid (2.6.0) + responders (2.1.0) + railties (>= 4.2.0, < 5) + ruby-openid (2.7.0) sprockets (2.12.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.2) + sprockets-rails (2.2.4) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.10) thor (0.19.1) - thread_safe (0.3.4) + thread_safe (0.3.5) tilt (1.4.1) tzinfo (1.2.2) thread_safe (~> 0.1) @@ -179,13 +179,13 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha - mongoid - omniauth + mocha (~> 1.1) + mongoid (~> 4.0.0) + omniauth (~> 1.2.2) omniauth-facebook - omniauth-oauth2 - omniauth-openid + omniauth-oauth2 (~> 1.2.0) + omniauth-openid (~> 1.0.1) rails! rdoc sqlite3 - webrat + webrat (= 0.7.3) From 7c309f9b91fe787c2ec1fbb821ecc52d1c7f90f8 Mon Sep 17 00:00:00 2001 From: pythogorian Date: Thu, 26 Mar 2015 23:47:20 +0100 Subject: [PATCH 0711/1473] Formatting --- Rakefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 553344b457..bbf716633b 100644 --- a/Rakefile +++ b/Rakefile @@ -1,5 +1,6 @@ # encoding: UTF-8 -require "bundler/gem_tasks" + +require 'bundler/gem_tasks' require 'rake/testtask' require 'rdoc/task' From e5400bc709ab8f6532717de0e17726593e28e19a Mon Sep 17 00:00:00 2001 From: Lucien Boix Date: Sun, 29 Mar 2015 19:05:24 -0400 Subject: [PATCH 0712/1473] Adding link to wiki + include clarification Like discussed at the bottom of this ticket : https://github.com/plataformatec/devise/issues/1029 --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 51d1d9000d..a4804de8d8 100644 --- a/README.md +++ b/README.md @@ -418,6 +418,8 @@ RSpec.configure do |config| end ``` +Just be sure that this inclusion is made *after* the `require 'rspec/rails'` directive. + Now you are ready to use the `sign_in` and `sign_out` methods. Such methods have the same signature as in controllers: ```ruby @@ -439,6 +441,10 @@ There are two things that are important to keep in mind: get :new ``` +You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki: + +* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-3-and-4-%28and-RSpec%29 + ### OmniAuth Devise comes with OmniAuth support out of the box to authenticate with other providers. To use it, simply specify your OmniAuth configuration in `config/initializers/devise.rb`: From 15d3fc497c74072d027a56b362acb7b46f4ebc2c Mon Sep 17 00:00:00 2001 From: cipater Date: Mon, 30 Mar 2015 16:18:05 -0700 Subject: [PATCH 0713/1473] Use router_name from scope if available MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Devise.available_router_name currently returns either Devise.router_name or :main_app. As such, any redirecting is done within either of those contexts. Which leads to undesirable redirects for scopes that reside in an isolate_namespace mounted engine. This commit makes it possible for FailureApp’s redirect behavior to be performed in the context of the router_name given to devise_for. Test case added to cover undesirable behavior. Without change to lib/devise/failure_app.rb, test case throws exception. --- lib/devise/failure_app.rb | 3 ++- test/failure_app_test.rb | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index a5718b41ce..a2fa2721ea 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -120,7 +120,8 @@ def scope_url opts[:script_name] = config.relative_url_root end - context = send(Devise.available_router_name) + router_name = Devise.mappings[scope].router_name || Devise.available_router_name + context = send(router_name) if context.respond_to?(route) context.send(route, opts) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index a5952f5f49..140ac14a21 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -26,6 +26,22 @@ def i18n_options(options) end end + class FakeEngineApp < Devise::FailureApp + class FakeEngine + def new_user_on_engine_session_url _ + '/user_on_engines/sign_in' + end + end + + def main_app + raise 'main_app router called instead of fake_engine' + end + + def fake_engine + @fake_engine ||= FakeEngine.new + end + end + def self.context(name, &block) instance_eval(&block) end @@ -85,6 +101,13 @@ def call_failure(env_params={}) end end + test 'returns to the default redirect location considering the router for supplied scope' do + call_failure app: FakeEngineApp, 'warden.options' => { scope: :user_on_engine } + assert_equal 302, @response.first + assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] + assert_equal 'http://test.host/user_on_engines/sign_in', @response.second['Location'] + end + if Rails.application.config.respond_to?(:relative_url_root) test 'returns to the default redirect location considering the relative url root' do swap Rails.application.config, relative_url_root: "/sample" do From 2f0002a449a8b9616d51127dc6247bfd8414523d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 31 Mar 2015 14:09:34 -0300 Subject: [PATCH 0714/1473] Simplify serializable_hash implementation Now that Rails 3.1 is not supported anymore, we don't need to implement to_xml, since it does the right thing by calling serializable_hash. This removes the class_eval need that existed to simplify the implementation of both to_xml and serializable_hash. --- README.md | 2 +- lib/devise/models/authenticatable.rb | 39 ++++++++++++---------------- 2 files changed, 17 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 51d1d9000d..3b25df5395 100644 --- a/README.md +++ b/README.md @@ -516,7 +516,7 @@ Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simpl ### Heroku -Using Devise on Heroku with Ruby on Rails 3.1 requires setting: +Using Devise on Heroku with Ruby on Rails 3.2 requires setting: ```ruby config.assets.initialize_on_precompile = false diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 30aecc505c..8980b208a8 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -96,29 +96,22 @@ def inactive_message def authenticatable_salt end - array = %w(serializable_hash) - # to_xml does not call serializable_hash on 3.1 - array << "to_xml" if ActiveModel::VERSION::STRING[0,3] == "3.1" - - array.each do |method| - class_eval <<-RUBY, __FILE__, __LINE__ - # Redefine to_xml and serializable_hash in models for more secure defaults. - # By default, it removes from the serializable model all attributes that - # are *not* accessible. You can remove this default by using :force_except - # and passing a new list of attributes you want to exempt. All attributes - # given to :except will simply add names to exempt to Devise internal list. - def #{method}(options=nil) - options ||= {} - options[:except] = Array(options[:except]) - - if options[:force_except] - options[:except].concat Array(options[:force_except]) - else - options[:except].concat BLACKLIST_FOR_SERIALIZATION - end - super(options) - end - RUBY + # Redefine serializable_hash in models for more secure defaults. + # By default, it removes from the serializable model all attributes that + # are *not* accessible. You can remove this default by using :force_except + # and passing a new list of attributes you want to exempt. All attributes + # given to :except will simply add names to exempt to Devise internal list. + def serializable_hash(options = nil) + options ||= {} + options[:except] = Array(options[:except]) + + if options[:force_except] + options[:except].concat Array(options[:force_except]) + else + options[:except].concat BLACKLIST_FOR_SERIALIZATION + end + + super(options) end protected From c22e7133b68a2e89d009adc8a780455f2bc6e61f Mon Sep 17 00:00:00 2001 From: Nicolas Viennot Date: Sun, 19 Apr 2015 10:41:06 -0400 Subject: [PATCH 0715/1473] Removes the bang in confirm! and reset_password! Closes #3412 and #3570. --- CHANGELOG.md | 4 ++ lib/devise/models/confirmable.rb | 11 +++-- lib/devise/models/recoverable.rb | 11 +++-- .../custom_registrations_controller_test.rb | 2 +- test/controllers/passwords_controller_test.rb | 2 +- test/controllers/sessions_controller_test.rb | 6 +-- test/models/confirmable_test.rb | 46 +++++++++---------- test/models/lockable_test.rb | 12 ++--- test/models/recoverable_test.rb | 10 ++-- test/support/integration.rb | 4 +- test/test_helpers_test.rb | 14 +++--- 11 files changed, 68 insertions(+), 54 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18ef44b46e..2bca470dfd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,10 @@ * Controllers inheriting from any Devise core controller will now use appropriate translations. The i18n scope can be overridden in `translation_scope`. +* deprecations + * `confirm!` has been deprecated in favor of `confirm`. + * `reset_password!` has been deprecated in favor of `reset_password`. + ### 3.4.1 - 2014-10-29 * enhancements diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 07adbe4835..5d0ce63208 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -24,7 +24,7 @@ module Models # # == Examples # - # User.find(1).confirm! # returns true unless it's already confirmed + # User.find(1).confirm # returns true unless it's already confirmed # User.find(1).confirmed? # true/false # User.find(1).send_confirmation_instructions # manually send instructions # @@ -56,7 +56,7 @@ def self.required_fields(klass) # Confirm a user by setting it's confirmed_at to actual time. If the user # is already confirmed, add an error to email field. If the user is invalid # add errors - def confirm!(args={}) + def confirm(args={}) pending_any_confirmation do if confirmation_period_expired? self.errors.add(:email, :confirmation_period_expired, @@ -82,6 +82,11 @@ def confirm!(args={}) end end + def confirm!(args={}) + ActiveSupport::Deprecation.warn "confirm! is deprecated in favor of confirm" + confirm(args) + end + # Verifies whether a user is confirmed or not def confirmed? !!confirmed_at @@ -284,7 +289,7 @@ def confirm_by_token(confirmation_token) confirmation_token = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token) - confirmable.confirm! if confirmable.persisted? + confirmable.confirm if confirmable.persisted? confirmable.confirmation_token = original_token confirmable end diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 3dce0d7c17..5819417404 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -14,7 +14,7 @@ module Models # == Examples # # # resets the user password and save the record, true if valid passwords are given, otherwise false - # User.find(1).reset_password!('password123', 'password123') + # User.find(1).reset_password('password123', 'password123') # # # only resets the user password, without saving the record # user = User.find(1) @@ -32,7 +32,7 @@ def self.required_fields(klass) # Update password saving the record and clearing token. Returns true if # the passwords are valid and the record was saved, false otherwise. - def reset_password!(new_password, new_password_confirmation) + def reset_password(new_password, new_password_confirmation) self.password = new_password self.password_confirmation = new_password_confirmation @@ -44,6 +44,11 @@ def reset_password!(new_password, new_password_confirmation) save end + def reset_password!(new_password, new_password_confirmation) + ActiveSupport::Deprecation.warn "reset_password! is deprecated in favor of reset_password" + reset_password(new_password, new_password_confirmation) + end + # Resets reset password token and send reset password instructions by email. # Returns the token sent in the e-mail. def send_reset_password_instructions @@ -142,7 +147,7 @@ def reset_password_by_token(attributes={}) if recoverable.persisted? if recoverable.reset_password_period_valid? - recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) + recoverable.reset_password(attributes[:password], attributes[:password_confirmation]) else recoverable.errors.add(:reset_password_token, :expired) end diff --git a/test/controllers/custom_registrations_controller_test.rb b/test/controllers/custom_registrations_controller_test.rb index 10e81e4826..0421ad0376 100644 --- a/test/controllers/custom_registrations_controller_test.rb +++ b/test/controllers/custom_registrations_controller_test.rb @@ -8,7 +8,7 @@ class CustomRegistrationsControllerTest < ActionController::TestCase setup do request.env["devise.mapping"] = Devise.mappings[:user] @password = 'password' - @user = create_user(password: @password, password_confirmation: @password).tap(&:confirm!) + @user = create_user(password: @password, password_confirmation: @password).tap(&:confirm) end test "yield resource to block on create success" do diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index 3c225cbf5d..383724b8dc 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -6,7 +6,7 @@ class PasswordsControllerTest < ActionController::TestCase setup do request.env["devise.mapping"] = Devise.mappings[:user] - @user = create_user.tap(&:confirm!) + @user = create_user.tap(&:confirm) @raw = @user.send_reset_password_instructions end diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index f82d1e9dff..d931bf83a8 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -36,7 +36,7 @@ class SessionsControllerTest < ActionController::TestCase request.session["user_return_to"] = 'foo.bar' user = create_user - user.confirm! + user.confirm post :create, user: { email: user.email, password: user.password @@ -50,7 +50,7 @@ class SessionsControllerTest < ActionController::TestCase request.session["user_return_to"] = 'foo.bar' user = create_user - user.confirm! + user.confirm post :create, format: 'json', user: { email: user.email, password: user.password @@ -72,7 +72,7 @@ class SessionsControllerTest < ActionController::TestCase test "#destroy doesn't set the flash if the requested format is not navigational" do request.env["devise.mapping"] = Devise.mappings[:user] user = create_user - user.confirm! + user.confirm post :create, format: 'json', user: { email: user.email, password: user.password diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index c4ce4e5590..fa3a226b70 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -23,7 +23,7 @@ def setup test 'should confirm a user by updating confirmed at' do user = create_user assert_nil user.confirmed_at - assert user.confirm! + assert user.confirm assert_not_nil user.confirmed_at end @@ -31,16 +31,16 @@ def setup assert_not new_user.confirmed? user = create_user assert_not user.confirmed? - user.confirm! + user.confirm assert user.confirmed? end test 'should not confirm a user already confirmed' do user = create_user - assert user.confirm! + assert user.confirm assert_blank user.errors[:email] - assert_not user.confirm! + assert_not user.confirm assert_equal "was already confirmed, please try signing in", user.errors[:email].join end @@ -169,7 +169,7 @@ def setup test 'should not reset confirmation status or token when updating email' do user = create_user original_token = user.confirmation_token - user.confirm! + user.confirm user.email = 'new_test@example.com' user.save! @@ -180,7 +180,7 @@ def setup test 'should not be able to send instructions if the user is already confirmed' do user = create_user - user.confirm! + user.confirm assert_not user.resend_confirmation_instructions assert user.confirmed? assert_equal 'was already confirmed, please try signing in', user.errors[:email].join @@ -215,7 +215,7 @@ def setup assert_not user.confirmed? assert_not user.active_for_authentication? - user.confirm! + user.confirm assert user.confirmed? assert user.active_for_authentication? end @@ -305,25 +305,25 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) self.username = self.username.to_s + 'updated' end old = user.username - assert user.confirm! + assert user.confirm assert_not_equal user.username, old end test 'should not call after_confirmation if not confirmed' do user = create_user - assert user.confirm! + assert user.confirm user.define_singleton_method :after_confirmation do self.username = self.username.to_s + 'updated' end old = user.username - assert_not user.confirm! + assert_not user.confirm assert_equal user.username, old end test 'should always perform validations upon confirm when ensure valid true' do admin = create_admin admin.stubs(:valid?).returns(false) - assert_not admin.confirm!(ensure_valid: true) + assert_not admin.confirm(ensure_valid: true) end end @@ -331,12 +331,12 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should not worry about validations on confirm even with reconfirmable' do admin = create_admin admin.reset_password_token = "a" - assert admin.confirm! + assert admin.confirm end test 'should generate confirmation token after changing email' do admin = create_admin - assert admin.confirm! + assert admin.confirm residual_token = admin.confirmation_token assert admin.update_attributes(email: 'new_test@example.com') assert_not_equal residual_token, admin.confirmation_token @@ -345,7 +345,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should not regenerate confirmation token or require reconfirmation if skipping reconfirmation after changing email' do admin = create_admin original_token = admin.confirmation_token - assert admin.confirm! + assert admin.confirm admin.skip_reconfirmation! assert admin.update_attributes(email: 'new_test@example.com') assert admin.confirmed? @@ -364,7 +364,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should regenerate confirmation token after changing email' do admin = create_admin - assert admin.confirm! + assert admin.confirm assert admin.update_attributes(email: 'old_test@example.com') token = admin.confirmation_token assert admin.update_attributes(email: 'new_test@example.com') @@ -373,7 +373,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should send confirmation instructions by email after changing email' do admin = create_admin - assert admin.confirm! + assert admin.confirm assert_email_sent "new_test@example.com" do assert admin.update_attributes(email: 'new_test@example.com') end @@ -382,7 +382,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should not send confirmation by email after changing password' do admin = create_admin - assert admin.confirm! + assert admin.confirm assert_email_not_sent do assert admin.update_attributes(password: 'newpass', password_confirmation: 'newpass') end @@ -390,7 +390,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should not send confirmation by email after changing to a blank email' do admin = create_admin - assert admin.confirm! + assert admin.confirm assert_email_not_sent do admin.email = '' admin.save(validate: false) @@ -399,23 +399,23 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should stay confirmed when email is changed' do admin = create_admin - assert admin.confirm! + assert admin.confirm assert admin.update_attributes(email: 'new_test@example.com') assert admin.confirmed? end test 'should update email only when it is confirmed' do admin = create_admin - assert admin.confirm! + assert admin.confirm assert admin.update_attributes(email: 'new_test@example.com') assert_not_equal 'new_test@example.com', admin.email - assert admin.confirm! + assert admin.confirm assert_equal 'new_test@example.com', admin.email end test 'should not allow admin to get past confirmation email by resubmitting their new address' do admin = create_admin - assert admin.confirm! + assert admin.confirm assert admin.update_attributes(email: 'new_test@example.com') assert_not_equal 'new_test@example.com', admin.email assert admin.update_attributes(email: 'new_test@example.com') @@ -424,7 +424,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should find a admin by send confirmation instructions with unconfirmed_email' do admin = create_admin - assert admin.confirm! + assert admin.confirm assert admin.update_attributes(email: 'new_test@example.com') confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email) assert_equal confirmation_admin, admin diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 3f7284ca99..8acbf3cf27 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -7,7 +7,7 @@ def setup test "should respect maximum attempts configuration" do user = create_user - user.confirm! + user.confirm swap Devise, maximum_attempts: 2 do 2.times { user.valid_for_authentication?{ false } } assert user.reload.access_locked? @@ -16,7 +16,7 @@ def setup test "should increment failed_attempts on successfull validation if the user is already locked" do user = create_user - user.confirm! + user.confirm swap Devise, maximum_attempts: 2 do 2.times { user.valid_for_authentication?{ false } } @@ -29,7 +29,7 @@ def setup test "should not touch failed_attempts if lock_strategy is none" do user = create_user - user.confirm! + user.confirm swap Devise, lock_strategy: :none, maximum_attempts: 2 do 3.times { user.valid_for_authentication?{ false } } assert !user.access_locked? @@ -53,7 +53,7 @@ def setup test "active_for_authentication? should be the opposite of locked?" do user = create_user - user.confirm! + user.confirm assert user.active_for_authentication? user.lock_access! assert_not user.active_for_authentication? @@ -230,7 +230,7 @@ def setup test 'should unlock account if lock has expired and increase attempts on failure' do swap Devise, unlock_in: 1.minute do user = create_user - user.confirm! + user.confirm user.failed_attempts = 2 user.locked_at = 2.minutes.ago @@ -243,7 +243,7 @@ def setup test 'should unlock account if lock has expired on success' do swap Devise, unlock_in: 1.minute do user = create_user - user.confirm! + user.confirm user.failed_attempts = 2 user.locked_at = 2.minutes.ago diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 95534d826c..51c1348d6b 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -23,13 +23,13 @@ def setup test 'should reset password and password confirmation from params' do user = create_user - user.reset_password!('123456789', '987654321') + user.reset_password('123456789', '987654321') assert_equal '123456789', user.password assert_equal '987654321', user.password_confirmation end test 'should reset password and save the record' do - assert create_user.reset_password!('123456789', '123456789') + assert create_user.reset_password('123456789', '123456789') end test 'should clear reset password token while reseting the password' do @@ -38,7 +38,7 @@ def setup user.send_reset_password_instructions assert_present user.reset_password_token - assert user.reset_password!('123456789', '123456789') + assert user.reset_password('123456789', '123456789') assert_nil user.reset_password_token end @@ -46,14 +46,14 @@ def setup user = create_user user.send_reset_password_instructions assert_present user.reset_password_token - assert_not user.reset_password!('123456789', '987654321') + assert_not user.reset_password('123456789', '987654321') assert_present user.reset_password_token end test 'should not reset password with invalid data' do user = create_user user.stubs(:valid?).returns(false) - assert_not user.reset_password!('123456789', '987654321') + assert_not user.reset_password('123456789', '987654321') end test 'should reset reset password token and send instructions by email' do diff --git a/test/support/integration.rb b/test/support/integration.rb index 39111d52e3..ac140e86db 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -15,7 +15,7 @@ def create_user(options={}) created_at: Time.now.utc ) user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at] - user.confirm! unless options[:confirm] == false + user.confirm unless options[:confirm] == false user.lock_access! if options[:locked] == true user end @@ -28,7 +28,7 @@ def create_admin(options={}) password: '123456', password_confirmation: '123456', active: options[:active] ) - admin.confirm! unless options[:confirm] == false + admin.confirm unless options[:confirm] == false admin end end diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index 847258abe3..2f02b173f0 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -34,7 +34,7 @@ class TestHelpersTest < ActionController::TestCase test "does not redirect with valid user" do user = create_user - user.confirm! + user.confirm sign_in user get :index @@ -46,7 +46,7 @@ class TestHelpersTest < ActionController::TestCase assert_response :redirect user = create_user - user.confirm! + user.confirm sign_in user get :index @@ -55,7 +55,7 @@ class TestHelpersTest < ActionController::TestCase test "redirects if valid user signed out" do user = create_user - user.confirm! + user.confirm sign_in user get :index @@ -105,7 +105,7 @@ def respond end user = create_user - user.confirm! + user.confirm sign_in user ensure Warden::Manager._after_set_user.pop @@ -118,7 +118,7 @@ def respond flunk "callback was called while it should not" end user = create_user - user.confirm! + user.confirm sign_in user sign_out user @@ -146,7 +146,7 @@ def respond test "allows to sign in with different users" do first_user = create_user - first_user.confirm! + first_user.confirm sign_in first_user get :index @@ -154,7 +154,7 @@ def respond sign_out first_user second_user = create_user - second_user.confirm! + second_user.confirm sign_in second_user get :index From 85d75702ed5772cce16805bbd50a97640bc4c8b6 Mon Sep 17 00:00:00 2001 From: Victor Emanouilov Date: Tue, 21 Apr 2015 13:02:28 +0300 Subject: [PATCH 0716/1473] improve error message when using omniauth callbacks under a dynamic segment --- lib/devise/rails/routes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 9f0cf5812c..0541795699 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -414,7 +414,7 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: match "/users/auth/:action/callback", constraints: { action: /google|facebook/ }, - to: "devise/omniauth_callbacks", + to: "devise/omniauth_callbacks#:action", as: :omniauth_callback, via: [:get, :post] ERROR From eac6c743fd02c3213c54bddbde4d417b6d3b896b Mon Sep 17 00:00:00 2001 From: Alessandro Tagliapietra Date: Tue, 21 Apr 2015 16:27:44 +0200 Subject: [PATCH 0717/1473] Conditionally use flashes in failure_app Fixes #3574 --- lib/devise/failure_app.rb | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index a5718b41ce..59697cde5f 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -49,17 +49,19 @@ def http_auth def recall env["PATH_INFO"] = attempted_path - flash.now[:alert] = i18n_message(:invalid) + flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? self.response = recall_app(warden_options[:recall]).call(env) end def redirect store_location! - if flash[:timedout] && flash[:alert] - flash.keep(:timedout) - flash.keep(:alert) - else - flash[:alert] = i18n_message + if is_flashing_format? + if flash[:timedout] && flash[:alert] + flash.keep(:timedout) + flash.keep(:alert) + else + flash[:alert] = i18n_message + end end redirect_to redirect_url end @@ -91,7 +93,7 @@ def i18n_message(default = nil) def redirect_url if warden_message == :timeout - flash[:timedout] = true + flash[:timedout] = true if is_flashing_format? path = if request.get? attempted_path @@ -212,6 +214,12 @@ def is_navigational_format? Devise.navigational_formats.include?(request_format) end + # Check if flash messages should be emitted. Default is to do it on + # navigational formats + def is_flashing_format? + is_navigational_format? + end + def request_format @request_format ||= request.format.try(:ref) end From 26492b3c50a1e81534389cb58369f61c5267f363 Mon Sep 17 00:00:00 2001 From: Alan Da Costa Date: Tue, 5 May 2015 16:03:10 -0700 Subject: [PATCH 0718/1473] Add confirmable column documentation --- lib/devise/models/confirmable.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 5d0ce63208..fa3b63fb56 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -5,6 +5,14 @@ module Models # Confirmation instructions are sent to the user email after creating a # record and when manually requested by a new confirmation instruction request. # + # Confirmable tracks the following columns: + # + # * confirmation_token - An OpenSSL::HMAC.hexdigest of @raw_confirmation_token + # * confirmed_at - A timestamp when the user clicked the confirmation link + # * confirmation_sent_at - A timestamp when the confirmation_token was generated (not sent) + # * unconfirmed_email - An email address copied from the email attr. After confirmation + # this value is copied to the email attr then cleared + # # == Options # # Confirmable adds the following options to +devise+: @@ -220,7 +228,7 @@ def pending_any_confirmation end # Generates a new random token for confirmation, and stores - # the time this token is being generated + # the time this token is being generated in confirmation_sent_at def generate_confirmation_token raw, enc = Devise.token_generator.generate(self.class, :confirmation_token) @raw_confirmation_token = raw From a8769933d1842e8dff1a625d202f693403663e12 Mon Sep 17 00:00:00 2001 From: Magnus von Koeller Date: Tue, 25 Mar 2014 09:44:40 -0400 Subject: [PATCH 0719/1473] Split out BCrypt hashing to make it reusable This logic is generic and reusable -- hash a secret; and take an unhashed secret and compare it to a hashed secret. This breaks this out to make it reusable in other places. Specifically, we use this in our own token auth at Bonobos that we plan to split out as a Devise extension. This will make that possible without copy & pasting this code. --- lib/devise/encryptor.rb | 22 +++++++++++++++++++ lib/devise/models/database_authenticatable.rb | 19 +++++----------- test/devise_test.rb | 4 ++-- 3 files changed, 29 insertions(+), 16 deletions(-) create mode 100644 lib/devise/encryptor.rb diff --git a/lib/devise/encryptor.rb b/lib/devise/encryptor.rb new file mode 100644 index 0000000000..751db10682 --- /dev/null +++ b/lib/devise/encryptor.rb @@ -0,0 +1,22 @@ +require 'bcrypt' + +module Devise + module Encryptor + def self.digest(klass, password) + if klass.pepper.present? + password = "#{password}#{klass.pepper}" + end + ::BCrypt::Password.create(password, cost: klass.stretches).to_s + end + + def self.compare(klass, encrypted_password, password) + return false if encrypted_password.blank? + bcrypt = ::BCrypt::Password.new(encrypted_password) + if klass.pepper.present? + password = "#{password}#{klass.pepper}" + end + password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt) + Devise.secure_compare(password, encrypted_password) + end + end +end diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 4e6c2f2a27..f9ae17e573 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -1,13 +1,10 @@ require 'devise/strategies/database_authenticatable' -require 'bcrypt' +require 'devise/encryptor' module Devise - # Digests the password using bcrypt. def self.bcrypt(klass, password) - if klass.pepper.present? - password = "#{password}#{klass.pepper}" - end - ::BCrypt::Password.create(password, cost: klass.stretches).to_s + ActiveSupport::Deprecation.warn "Devise.bcrypt is deprecated; use Devise::Encryptor.digest instead" + Devise::Encryptor.digest(klass, password) end module Models @@ -47,13 +44,7 @@ def password=(new_password) # Verifies whether a password (ie from sign in) is the user password. def valid_password?(password) - return false if encrypted_password.blank? - bcrypt = ::BCrypt::Password.new(encrypted_password) - if self.class.pepper.present? - password = "#{password}#{self.class.pepper}" - end - password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt) - Devise.secure_compare(password, encrypted_password) + Devise::Encryptor.compare(self.class, encrypted_password, password) end # Set password and password confirmation to nil @@ -151,7 +142,7 @@ def authenticatable_salt # See https://github.com/plataformatec/devise-encryptable for examples # of other encryption engines. def password_digest(password) - Devise.bcrypt(self.class, password) + Devise::Encryptor.digest(self.class, password) end module ClassMethods diff --git a/test/devise_test.rb b/test/devise_test.rb index 09f9aa9383..629fcf340f 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -14,11 +14,11 @@ class DeviseTest < ActiveSupport::TestCase test 'bcrypt on the class' do password = "super secret" klass = Struct.new(:pepper, :stretches).new("blahblah", 2) - hash = Devise.bcrypt(klass, password) + hash = Devise::Encryptor.digest(klass, password) assert_equal ::BCrypt::Password.create(hash), hash klass = Struct.new(:pepper, :stretches).new("bla", 2) - hash = Devise.bcrypt(klass, password) + hash = Devise::Encryptor.digest(klass, password) assert_not_equal ::BCrypt::Password.new(hash), hash end From 35de859e28863c46c1055ece7db8ad976c8b3547 Mon Sep 17 00:00:00 2001 From: James Sanders Date: Mon, 11 May 2015 12:12:10 -0600 Subject: [PATCH 0720/1473] Change comments on registration and session controller configure methods --- .../templates/controllers/registrations_controller.rb | 4 ++-- lib/generators/templates/controllers/sessions_controller.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/generators/templates/controllers/registrations_controller.rb b/lib/generators/templates/controllers/registrations_controller.rb index 3566e453d0..99f4a799ee 100644 --- a/lib/generators/templates/controllers/registrations_controller.rb +++ b/lib/generators/templates/controllers/registrations_controller.rb @@ -38,12 +38,12 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl # protected - # You can put the params you want to permit in the empty array. + # If you have extra params to permit, append them to the sanitizer. # def configure_sign_up_params # devise_parameter_sanitizer.for(:sign_up) << :attribute # end - # You can put the params you want to permit in the empty array. + # If you have extra params to permit, append them to the sanitizer. # def configure_account_update_params # devise_parameter_sanitizer.for(:account_update) << :attribute # end diff --git a/lib/generators/templates/controllers/sessions_controller.rb b/lib/generators/templates/controllers/sessions_controller.rb index 7a243f4ee8..0e2f45072b 100644 --- a/lib/generators/templates/controllers/sessions_controller.rb +++ b/lib/generators/templates/controllers/sessions_controller.rb @@ -18,7 +18,7 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController # protected - # You can put the params you want to permit in the empty array. + # If you have extra params to permit, append them to the sanitizer. # def configure_sign_in_params # devise_parameter_sanitizer.for(:sign_in) << :attribute # end From d701ed764fee94735f4e0aeaf556c27df2952cf9 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 12 May 2015 14:34:56 -0300 Subject: [PATCH 0721/1473] Fix wrong comment about http validation method [ci skip] --- lib/devise/strategies/authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 29bb50a79b..288e73c5db 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -57,7 +57,7 @@ def remember_me? # Check if this is a valid strategy for http authentication by: # - # * Validating if the model allows params authentication; + # * Validating if the model allows http authentication; # * If any of the authorization headers were sent; # * If all authentication keys are present; # From 741df732dc65015b13641ad5d26d74325464a804 Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Tue, 12 May 2015 15:05:31 -0400 Subject: [PATCH 0722/1473] Use `define_method`, not `class_eval`, for url_helpers I'm not hugely familiar with ruby internals vis a vis sclass semantics, but this *probably* serves as a workaround for the MRI thread-safety bug mentioned in #3505. Beyond that, and even if this doesn't fix the thread-safety issue, per [this blog post][1], `define_method` is recommended over `class_eval` for performance (and, fwiw, readability) reasons anyway. [1]: http://tenderlovemaking.com/2013/03/03/dynamic_method_definitions.html --- lib/devise/controllers/url_helpers.rb | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index 465d698acf..fed1383f23 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -42,16 +42,14 @@ def self.generate_helpers!(routes=nil) [:path, :url].each do |path_or_url| actions.each do |action| action = action ? "#{action}_" : "" - method = "#{action}#{module_name}_#{path_or_url}" + method = :"#{action}#{module_name}_#{path_or_url}" - class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1 - def #{method}(resource_or_scope, *args) - scope = Devise::Mapping.find_scope!(resource_or_scope) - router_name = Devise.mappings[scope].router_name - context = router_name ? send(router_name) : _devise_route_context - context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args) - end - URL_HELPERS + define_method method do |resource_or_scope, *args| + scope = Devise::Mapping.find_scope!(resource_or_scope) + router_name = Devise.mappings[scope].router_name + context = router_name ? send(router_name) : _devise_route_context + context.send("#{action}#{scope}_#{module_name}_#{path_or_url}", *args) + end end end end From b89537936b09271f7a3a7c6e3cec70f81eded251 Mon Sep 17 00:00:00 2001 From: Angel M de Miguel Date: Thu, 21 May 2015 13:46:31 +0200 Subject: [PATCH 0723/1473] Allow the user to set the length of friendly token --- lib/devise.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 09c9c5a922..4ab0b6db0f 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -465,8 +465,9 @@ def self.configure_warden! #:nodoc: end # Generate a friendly string randomly to be used as token. - def self.friendly_token - SecureRandom.urlsafe_base64(15).tr('lIO0', 'sxyz') + # By default, length is 15 characters. + def self.friendly_token(length = 15) + SecureRandom.urlsafe_base64(length).tr('lIO0', 'sxyz') end # constant-time comparison algorithm to prevent timing attacks From db63df7a8fd2a71c95fa2848265bc60ab6b73e17 Mon Sep 17 00:00:00 2001 From: Angel M de Miguel Date: Thu, 21 May 2015 14:41:34 +0200 Subject: [PATCH 0724/1473] Calculate real characters based on SecureRandom.urlsafe_base64 method --- lib/devise.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 4ab0b6db0f..44860f5cbd 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -465,9 +465,12 @@ def self.configure_warden! #:nodoc: end # Generate a friendly string randomly to be used as token. - # By default, length is 15 characters. - def self.friendly_token(length = 15) - SecureRandom.urlsafe_base64(length).tr('lIO0', 'sxyz') + # By default, length is 20 characters. + def self.friendly_token(length = 20) + # To calculate real characters, we must perform this operation. + # See SecureRandom.urlsafe_base64 + rlength = (length * 3) / 4 + SecureRandom.urlsafe_base64(rlength).tr('lIO0', 'sxyz') end # constant-time comparison algorithm to prevent timing attacks From 1f3638aaa5cb2a26b65e0a8eab04a1571deed96c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 23 May 2015 22:13:59 +0200 Subject: [PATCH 0725/1473] Do not clean up CSRF on rememberable --- lib/devise/strategies/rememberable.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index b1f0dadd61..fcc76ea5e7 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -32,6 +32,15 @@ def authenticate! end end + # No need to clean up the CSRF when using rememberable. + # In fact, cleaning it up here would be a bug because + # rememberable is triggered on GET requests which means + # we would render a page on first access with all csrf + # tokens expired. + def clean_up_csrf? + false + end + private def extend_remember_me_period(resource) From 4c137c480680e6c4e0d4f993906ed4ba160dbc7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 23 May 2015 22:42:32 +0200 Subject: [PATCH 0726/1473] Release v3.5.0 --- CHANGELOG.md | 26 +++++++++++++++----------- Gemfile.lock | 22 +++++++++++----------- lib/devise/version.rb | 2 +- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2bca470dfd..654ed00373 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,21 +1,25 @@ -### Unreleased +### 3.5.0 - 2015-05-23 * enhancements - * The hint about minimum password length required both `@validatable` and `@minimum_password_length` - variables on the views, it now uses only the latter. If you have generated the views - relying on the `@validatable` variable, replace it with `@minimum_password_length`. - * Added an ActiveSupport load hook for `:devise_controller` (by @nakhli) - * Location fragments are now preserved between requests (by @jbourassa) - * Added an `after_remembered` callback for the Rememerable module (by @BM5k) + * The hint about minimum password length required both `@validatable` and `@minimum_password_length` variables on the views, it now uses only the latter. If you have generated the views relying on the `@validatable` variable, replace it with `@minimum_password_length`. + * Added an ActiveSupport load hook for `:devise_controller`. (by @nakhli) + * Location fragments are now preserved between requests. (by @jbourassa) + * Added an `after_remembered` callback for the Rememerable module. (by @BM5k) * `RegistrationsController#new` and `SessionsController#new` now yields the - current resource (by @mtarnovan, @deivid-rodriguez) - * Password length validation is now limited to 72 characters for newer apps (by @lleger) - * Controllers inheriting from any Devise core controller will now use appropriate translations. - The i18n scope can be overridden in `translation_scope`. + current resource. (by @mtarnovan, @deivid-rodriguez) + * Password length validation is now limited to 72 characters for newer apps. (by @lleger) + * Controllers inheriting from any Devise core controller will now use appropriate translations. The i18n scope can be overridden in `translation_scope`. + * Allow the user to set the length of friendly token. (by @Angelmmiguel) + +* bug fixes + * Use router_name from scope if one is available to support isolated engines. (by @cipater) + * Do not clean up CSRF on rememberable. + * Only use flash if it has been configured in failure app. (by @alex88) * deprecations * `confirm!` has been deprecated in favor of `confirm`. * `reset_password!` has been deprecated in favor of `reset_password`. + * `Devise.bcrypt` has been deprecated in favor of `Devise::Encryptor.digest`". ### 3.4.1 - 2014-10-29 diff --git a/Gemfile.lock b/Gemfile.lock index d5ef9bf034..67de02bbda 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,14 @@ +PATH + remote: . + specs: + devise (3.5.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + responders + thread_safe (~> 0.1) + warden (~> 1.2.3) + GIT remote: git://github.com/mongoid/mongoid.git revision: a4365d7ecfa8221bfcf36a4e7ce7993142fc5940 @@ -9,17 +20,6 @@ GIT origin (~> 2.1) tzinfo (>= 0.3.37) -PATH - remote: . - specs: - devise (3.4.1) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) - responders - thread_safe (~> 0.1) - warden (~> 1.2.3) - GEM remote: https://rubygems.org/ specs: diff --git a/lib/devise/version.rb b/lib/devise/version.rb index e82c7a6a9a..d9d2e25cf4 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.4.1".freeze + VERSION = "3.5.0".freeze end From b14995167b33602e04d2e907d9c2f536d48cb796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 26 May 2015 09:53:38 +0200 Subject: [PATCH 0727/1473] Do not mark _prefixes as protected --- app/controllers/devise_controller.rb | 29 ++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 59ca55f661..bb3feafa69 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -11,6 +11,21 @@ class DeviseController < Devise.parent_controller.constantize prepend_before_filter :assert_is_devise_resource! respond_to :html if mimes_for_respond_to.empty? + # Override prefixes to consider the scoped view. + # Notice we need to check for the request due to a bug in + # Action Controller tests that forces _prefixes to be + # loaded before even having a request object. + # + # This method should be public as it is is in ActionPack + # itself. Changing its visibility may break other gems. + def _prefixes #:nodoc: + @_prefixes ||= if self.class.scoped_views? && request && devise_mapping + ["#{devise_mapping.scoped_path}/#{controller_name}"] + super + else + super + end + end + protected # Gets the actual resource stored in the instance variable @@ -39,20 +54,6 @@ def devise_mapping @devise_mapping ||= request.env["devise.mapping"] end - - # Override prefixes to consider the scoped view. - # Notice we need to check for the request due to a bug in - # Action Controller tests that forces _prefixes to be - # loaded before even having a request object. - def _prefixes #:nodoc: - @_prefixes ||= if self.class.scoped_views? && request && devise_mapping - ["#{devise_mapping.scoped_path}/#{controller_name}"] + super - else - super - end - end - - # Checks whether it's a devise mapped resource or not. def assert_is_devise_resource! #:nodoc: unknown_action! <<-MESSAGE unless devise_mapping From 31901bc862db60878130fcd9cbf9c4895d41b2d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 26 May 2015 15:00:12 +0200 Subject: [PATCH 0728/1473] Clear up reset password token whenever encrypted password changes --- lib/devise/models/recoverable.rb | 21 ++++++--------------- test/models/recoverable_test.rb | 12 ++++++++++++ 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 5819417404..dd4d66a056 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -30,14 +30,18 @@ def self.required_fields(klass) [:reset_password_sent_at, :reset_password_token] end + included do + before_update :clear_reset_password_token, if: :encrypted_password_changed? + end + # Update password saving the record and clearing token. Returns true if # the passwords are valid and the record was saved, false otherwise. def reset_password(new_password, new_password_confirmation) self.password = new_password self.password_confirmation = new_password_confirmation - if valid? - clear_reset_password_token + if respond_to?(:after_password_reset) && valid? + ActiveSupport::Deprecation.warn "after_password_reset is deprecated" after_password_reset end @@ -90,19 +94,6 @@ def clear_reset_password_token self.reset_password_sent_at = nil end - # A callback initiated after password is successfully reset. This can - # be used to insert your own logic that is only run after the user - # successfully resets their password. - # - # Example: - # - # def after_password_reset - # self.update_attribute(:invite_code, nil) - # end - # - def after_password_reset - end - def set_reset_password_token raw, enc = Devise.token_generator.generate(self.class, :reset_password_token) diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 51c1348d6b..ca03a5034f 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -42,6 +42,18 @@ def setup assert_nil user.reset_password_token end + test 'should clear reset password token if changing password' do + user = create_user + assert_nil user.reset_password_token + + user.send_reset_password_instructions + assert_present user.reset_password_token + user.password = "123456678" + user.password_confirmation = "123456678" + user.save! + assert_nil user.reset_password_token + end + test 'should not clear reset password token if record is invalid' do user = create_user user.send_reset_password_instructions From fe49e625e890b13465e42c2dddd337394f80a131 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 26 May 2015 15:04:27 +0200 Subject: [PATCH 0729/1473] Do not accept empty authentication_salt too --- lib/devise/models/rememberable.rb | 2 +- test/models/rememberable_test.rb | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 2eec42fc0e..62b052fc27 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -75,7 +75,7 @@ def remember_expires_at def rememberable_value if respond_to?(:remember_token) remember_token - elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt) + elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt.presence) salt else raise "authenticable_salt returned nil for the #{self.class.name} model. " \ diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index aec1fe77cf..c69643c6db 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -42,9 +42,15 @@ def create_resource assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt) end - test 'raises a RuntimeError if authenticatable_salt is nil' do + test 'raises a RuntimeError if authenticatable_salt is nil or empty' do user = User.new - user.encrypted_password = nil + def user.authenticable_salt; nil; end + assert_raise RuntimeError do + user.rememberable_value + end + + user = User.new + def user.authenticable_salt; ""; end assert_raise RuntimeError do user.rememberable_value end From e641b4b7b97159054b7d92fb14df557ac18ae6f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 26 May 2015 15:09:07 +0200 Subject: [PATCH 0730/1473] Also reset password token on email change --- lib/devise/models/recoverable.rb | 6 +++++- test/models/recoverable_test.rb | 11 +++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index dd4d66a056..f90279c3a2 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -31,7 +31,11 @@ def self.required_fields(klass) end included do - before_update :clear_reset_password_token, if: :encrypted_password_changed? + before_save do + if email_changed? || encrypted_password_changed? + clear_reset_password_token + end + end end # Update password saving the record and clearing token. Returns true if diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index ca03a5034f..8198698b7f 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -54,6 +54,17 @@ def setup assert_nil user.reset_password_token end + test 'should clear reset password token if changing email' do + user = create_user + assert_nil user.reset_password_token + + user.send_reset_password_instructions + assert_present user.reset_password_token + user.email = "another@example.com" + user.save! + assert_nil user.reset_password_token + end + test 'should not clear reset password token if record is invalid' do user = create_user user.send_reset_password_instructions From 42c1ad3c780aa74a289ec308cf01fd1ab8e91926 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Tue, 26 May 2015 15:10:29 +0200 Subject: [PATCH 0731/1473] Release v3.5.1 --- CHANGELOG.md | 8 +++++++- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 654ed00373..a9f886fa4d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,10 @@ -### 3.5.0 - 2015-05-23 +### 3.5.1 - 2015-05-24 + +Note: 3.5.0 has been yanked due to a regression + +* security improvements + * Clean up reset password token whenever e-mail or password changes. thanks to George Deglin & Dennis Charles Hackethal for reporting this bug + * Ensure empty `authenticable_salt` cannot be used as remember token. This bug can only affect users who manually implement their own `authenticable_salt` and allow empty values as salt * enhancements * The hint about minimum password length required both `@validatable` and `@minimum_password_length` variables on the views, it now uses only the latter. If you have generated the views relying on the `@validatable` variable, replace it with `@minimum_password_length`. diff --git a/Gemfile.lock b/Gemfile.lock index 67de02bbda..148bd1d35d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (3.5.0) + devise (3.5.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index d9d2e25cf4..8a0be0d0b2 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.5.0".freeze + VERSION = "3.5.1".freeze end From 8db50f437782c31a5cf922827da2351c7a8a6393 Mon Sep 17 00:00:00 2001 From: Rodrigo Argumedo Date: Tue, 26 May 2015 17:53:10 -0600 Subject: [PATCH 0732/1473] Add GoRails resource into README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ce02a9ee5a..cdd2495d83 100644 --- a/README.md +++ b/README.md @@ -82,10 +82,11 @@ You will usually want to write tests for your changes. To run the test suite, g ## Starting with Rails? -If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today we have two resources that should help you get started: +If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch +* Chris Oliver's GoRails Episode 12: https://gorails.com/episodes/user-authentication-with-devise Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From 29e257e8bae2d52c95ced7bd2fafc8efaeba454b Mon Sep 17 00:00:00 2001 From: Danny Burt Date: Tue, 2 Jun 2015 18:10:22 -0700 Subject: [PATCH 0733/1473] fixed typo referring to routes.rb file --- lib/generators/templates/controllers/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/controllers/README b/lib/generators/templates/controllers/README index b130ed3354..8671bbb280 100644 --- a/lib/generators/templates/controllers/README +++ b/lib/generators/templates/controllers/README @@ -2,7 +2,7 @@ Some setup you must do manually if you haven't yet: - Ensure you have overridden routes for generated controllers in your route.rb. + Ensure you have overridden routes for generated controllers in your routes.rb. For example: Rails.application.routes.draw do From 3207c73d4befef03c5ad87f3ccd21a8096c72d15 Mon Sep 17 00:00:00 2001 From: yui-knk Date: Wed, 3 Jun 2015 13:14:18 +0900 Subject: [PATCH 0734/1473] Refactoring `expire_data_after_sign_out!` This method is same to `expire_data_after_sign_in!`, so alias it --- lib/devise/controllers/sign_in_out.rb | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index c8ab6ac7c4..2ba90a0d4b 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -90,13 +90,7 @@ def expire_data_after_sign_in! session.keys.grep(/^devise\./).each { |k| session.delete(k) } end - def expire_data_after_sign_out! - # session.keys will return an empty array if the session is not yet loaded. - # This is a bug in both Rack and Rails. - # A call to #empty? forces the session to be loaded. - session.empty? - session.keys.grep(/^devise\./).each { |k| session.delete(k) } - end + alias :expire_data_after_sign_out! :expire_data_after_sign_in! end end end From 916c0fc60bd7c5c2d8593be310ee6f27a8808456 Mon Sep 17 00:00:00 2001 From: VISHAL DEEPAK Date: Tue, 9 Jun 2015 15:51:45 +0530 Subject: [PATCH 0735/1473] Add codecademy authorization tutorial A really good , learn by doing, tutorial at codecademy --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cdd2495d83..b61a7de65c 100644 --- a/README.md +++ b/README.md @@ -82,11 +82,12 @@ You will usually want to write tests for your changes. To run the test suite, g ## Starting with Rails? -If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started: +If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have four resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch * Chris Oliver's GoRails Episode 12: https://gorails.com/episodes/user-authentication-with-devise +* Codecademy's Ruby on Rails: Authentication and Authorization: http://www.codecademy.com/en/learn/rails-auth Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From e3244b2c319a0a0f6675e821d870d27255cd850a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Andr=C3=A9asson?= Date: Fri, 12 Jun 2015 10:36:45 +0200 Subject: [PATCH 0736/1473] Autoload Encryptor --- lib/devise.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/devise.rb b/lib/devise.rb index 44860f5cbd..eba64b7590 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -8,6 +8,7 @@ module Devise autoload :Delegator, 'devise/delegator' + autoload :Encryptor, 'devise/encryptor' autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' autoload :ParameterFilter, 'devise/parameter_filter' From 65dc208ad7752482e72b3610c671559b1dafc3a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Andr=C3=A9asson?= Date: Fri, 12 Jun 2015 13:18:34 +0200 Subject: [PATCH 0737/1473] Rm require 'devise/encryptor' in database_authenticable.rb --- lib/devise/models/database_authenticatable.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index f9ae17e573..5168630335 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -1,5 +1,4 @@ require 'devise/strategies/database_authenticatable' -require 'devise/encryptor' module Devise def self.bcrypt(klass, password) From 055f67e414a4cc691d5e1d3ba02449639a698381 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 15 Jun 2015 22:58:25 +0200 Subject: [PATCH 0738/1473] Update README.md See discussion in #3607 --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b61a7de65c..a06977eed3 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,6 @@ If you are building your first Rails application, we recommend you *do not* use * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch -* Chris Oliver's GoRails Episode 12: https://gorails.com/episodes/user-authentication-with-devise * Codecademy's Ruby on Rails: Authentication and Authorization: http://www.codecademy.com/en/learn/rails-auth Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From 15b99977a2a3539c28c5c03fb2d5d7ad721ccbc7 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 16 Jun 2015 07:22:54 -0300 Subject: [PATCH 0739/1473] Fix count of starting with rails resources After 055f67e414a4cc691d5e1d3ba02449639a698381. [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a06977eed3..ca83314355 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ You will usually want to write tests for your changes. To run the test suite, g ## Starting with Rails? -If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have four resources that should help you get started: +If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch From 1aaf6345a49724ef8111ec84ae5864a1c1e6fdca Mon Sep 17 00:00:00 2001 From: camelmasa Date: Wed, 17 Jun 2015 15:42:42 +0900 Subject: [PATCH 0740/1473] Update rails gem for security See. http://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/ --- Gemfile | 2 +- Gemfile.lock | 105 ++++++++++++++++++++++++--------------------------- 2 files changed, 51 insertions(+), 56 deletions(-) diff --git a/Gemfile b/Gemfile index 99d0ec97c4..bf45131d4a 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "4.2.1" +gem "rails", "4.2.2" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 148bd1d35d..96636f8f47 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,14 +1,3 @@ -PATH - remote: . - specs: - devise (3.5.1) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) - responders - thread_safe (~> 0.1) - warden (~> 1.2.3) - GIT remote: git://github.com/mongoid/mongoid.git revision: a4365d7ecfa8221bfcf36a4e7ce7993142fc5940 @@ -20,39 +9,50 @@ GIT origin (~> 2.1) tzinfo (>= 0.3.37) +PATH + remote: . + specs: + devise (3.5.1) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + responders + thread_safe (~> 0.1) + warden (~> 1.2.3) + GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.1) - actionpack (= 4.2.1) - actionview (= 4.2.1) - activejob (= 4.2.1) + actionmailer (4.2.2) + actionpack (= 4.2.2) + actionview (= 4.2.2) + activejob (= 4.2.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.1) - actionview (= 4.2.1) - activesupport (= 4.2.1) + actionpack (4.2.2) + actionview (= 4.2.2) + activesupport (= 4.2.2) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.1) - activesupport (= 4.2.1) + actionview (4.2.2) + activesupport (= 4.2.2) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.1) - activesupport (= 4.2.1) + activejob (4.2.2) + activesupport (= 4.2.2) globalid (>= 0.3.0) - activemodel (4.2.1) - activesupport (= 4.2.1) + activemodel (4.2.2) + activesupport (= 4.2.2) builder (~> 3.1) - activerecord (4.2.1) - activemodel (= 4.2.1) - activesupport (= 4.2.1) + activerecord (4.2.2) + activemodel (= 4.2.2) + activesupport (= 4.2.2) arel (~> 6.0) - activesupport (4.2.1) + activesupport (4.2.2) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -66,28 +66,27 @@ GEM erubis (2.7.0) faraday (0.9.1) multipart-post (>= 1.2, < 3) - globalid (0.3.3) + globalid (0.3.5) activesupport (>= 4.1.0) hashie (3.4.0) - hike (1.2.3) i18n (0.7.0) - json (1.8.2) + json (1.8.3) jwt (1.4.1) - loofah (2.0.1) + loofah (2.0.2) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.4.3) + mime-types (2.6.1) mini_portile (0.6.2) - minitest (5.5.1) + minitest (5.7.0) mocha (1.1.0) metaclass (~> 0.0.1) moped (2.0.4) bson (~> 2.2) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.11.0) + multi_json (1.11.1) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.6.2) @@ -114,22 +113,22 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - rack (1.6.0) + rack (1.6.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (4.2.1) - actionmailer (= 4.2.1) - actionpack (= 4.2.1) - actionview (= 4.2.1) - activejob (= 4.2.1) - activemodel (= 4.2.1) - activerecord (= 4.2.1) - activesupport (= 4.2.1) + rails (4.2.2) + actionmailer (= 4.2.2) + actionpack (= 4.2.2) + actionview (= 4.2.2) + activejob (= 4.2.2) + activemodel (= 4.2.2) + activerecord (= 4.2.2) + activesupport (= 4.2.2) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.1) + railties (= 4.2.2) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) @@ -139,9 +138,9 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.2) loofah (~> 2.0) - railties (4.2.1) - actionpack (= 4.2.1) - activesupport (= 4.2.1) + railties (4.2.2) + actionpack (= 4.2.2) + activesupport (= 4.2.2) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.4.2) @@ -149,19 +148,15 @@ GEM responders (2.1.0) railties (>= 4.2.0, < 5) ruby-openid (2.7.0) - sprockets (2.12.3) - hike (~> 1.2) - multi_json (~> 1.0) + sprockets (3.2.0) rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.4) + sprockets-rails (2.3.1) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.10) thor (0.19.1) thread_safe (0.3.5) - tilt (1.4.1) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.3) @@ -185,7 +180,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (= 4.2.1) + rails (= 4.2.2) rdoc sqlite3 webrat (= 0.7.3) From 0d59781ea8ad6a74e3e088a56d449ce7b01ed304 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Fri, 19 Jun 2015 14:21:10 -0500 Subject: [PATCH 0741/1473] tests --- test/models/database_authenticatable_test.rb | 19 +++++++++++++++++++ test/models_test.rb | 15 +++++++++------ test/support/stub_model_filters.rb | 5 +++++ 3 files changed, 33 insertions(+), 6 deletions(-) create mode 100644 test/support/stub_model_filters.rb diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index fc3f729212..ad7f5dd766 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -3,6 +3,10 @@ require 'digest/sha1' class DatabaseAuthenticatableTest < ActiveSupport::TestCase + def setup + setup_mailer + end + test 'should downcase case insensitive keys when saving' do # case_insensitive_keys is set to :email by default. email = 'Foo@Bar.com' @@ -225,6 +229,21 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_match "can't be blank", user.errors[:current_password].join end + test 'should not email on password change' do + user = create_user + assert_email_not_sent do + assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + end + end + + test 'should email on password change when configured' do + User.stubs(:send_password_change_notification).returns(true) + user = create_user + assert_email_sent user.email do + assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + end + end + test 'downcase_keys with validation' do User.create(email: "HEllO@example.com", password: "123456") user = User.create(email: "HEllO@example.com", password: "123456") diff --git a/test/models_test.rb b/test/models_test.rb index a5f13b4fab..e8103d6781 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -96,9 +96,10 @@ class CheckFieldsTest < ActiveSupport::TestCase test 'checks if the class respond_to the required fields' do Player = Class.new do extend Devise::Models + extend StubModelFilters - def self.before_validation(instance) - end + stub_filter :before_validation + stub_filter :after_update devise :database_authenticatable @@ -113,9 +114,10 @@ def self.before_validation(instance) test 'raises Devise::Models::MissingAtrribute and shows the missing attribute if the class doesn\'t respond_to one of the attributes' do Clown = Class.new do extend Devise::Models + extend StubModelFilters - def self.before_validation(instance) - end + stub_filter :before_validation + stub_filter :after_update devise :database_authenticatable @@ -130,9 +132,10 @@ def self.before_validation(instance) test 'raises Devise::Models::MissingAtrribute with all the missing attributes if there is more than one' do Magician = Class.new do extend Devise::Models + extend StubModelFilters - def self.before_validation(instance) - end + stub_filter :before_validation + stub_filter :after_update devise :database_authenticatable end diff --git a/test/support/stub_model_filters.rb b/test/support/stub_model_filters.rb new file mode 100644 index 0000000000..6e257f37b2 --- /dev/null +++ b/test/support/stub_model_filters.rb @@ -0,0 +1,5 @@ +module StubModelFilters + def stub_filter(name) + define_singleton_method(name) { |*| nil } + end +end From cc9a4e3edca82d9c7df10960e220473a2e77fd77 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Fri, 19 Jun 2015 14:22:37 -0500 Subject: [PATCH 0742/1473] functionality --- app/mailers/devise/mailer.rb | 4 ++++ lib/devise.rb | 4 ++++ lib/devise/models/database_authenticatable.rb | 12 +++++++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index e069eefa81..efb0bba52d 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -16,5 +16,9 @@ def unlock_instructions(record, token, opts={}) @token = token devise_mail(record, :unlock_instructions, opts) end + + def password_change(record, opts={}) + devise_mail(record, :unlock_instructions) + end end end diff --git a/lib/devise.rb b/lib/devise.rb index eba64b7590..8a83d4a30e 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -154,6 +154,10 @@ module Strategies mattr_accessor :pepper @@pepper = nil + # Used to encrypt password. Please generate one with rake secret. + mattr_accessor :send_password_change_notification + @@send_password_change_notification = false + # Scoped views. Since it relies on fallbacks to render default views, it's # turned off by default. mattr_accessor :scoped_views diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 5168630335..8f41bfff53 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -27,6 +27,8 @@ module DatabaseAuthenticatable extend ActiveSupport::Concern included do + after_update :send_password_change_notification, if: :send_password_change_notification? + attr_reader :password, :current_password attr_accessor :password_confirmation end @@ -133,6 +135,10 @@ def authenticatable_salt encrypted_password[0,29] if encrypted_password end + def send_password_change_notification + send_devise_notification(:password_change) + end + protected # Digests the password using bcrypt. Custom encryption should override @@ -144,8 +150,12 @@ def password_digest(password) Devise::Encryptor.digest(self.class, password) end + def send_password_change_notification? + self.class.send_password_change_notification && encrypted_password_changed? + end + module ClassMethods - Devise::Models.config(self, :pepper, :stretches) + Devise::Models.config(self, :pepper, :stretches, :send_password_change_notification) # We assume this method already gets the sanitized values from the # DatabaseAuthenticatable strategy. If you are using this method on From 6c993beb22977581039f54aa6cf435e75459766d Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Fri, 19 Jun 2015 14:22:54 -0500 Subject: [PATCH 0743/1473] templates, config documentation --- app/views/devise/mailer/password_change.html.erb | 3 +++ lib/generators/templates/devise.rb | 3 +++ lib/generators/templates/markerb/password_change.markerb | 3 +++ 3 files changed, 9 insertions(+) create mode 100644 app/views/devise/mailer/password_change.html.erb create mode 100644 lib/generators/templates/markerb/password_change.markerb diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb new file mode 100644 index 0000000000..7575168767 --- /dev/null +++ b/app/views/devise/mailer/password_change.html.erb @@ -0,0 +1,3 @@ +

Hello <%= @resource.email %>!

+ +

We're contacting you to notify you that you're password has been changed.

diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 020bfc3472..02d49c5ca3 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -105,6 +105,9 @@ # Setup a pepper to generate the encrypted password. # config.pepper = '<%= SecureRandom.hex(64) %>' + # Send a notification email on password change + # config.send_password_change_notification = false + # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without # confirming their account. For instance, if set to 2.days, the user will be diff --git a/lib/generators/templates/markerb/password_change.markerb b/lib/generators/templates/markerb/password_change.markerb new file mode 100644 index 0000000000..7575168767 --- /dev/null +++ b/lib/generators/templates/markerb/password_change.markerb @@ -0,0 +1,3 @@ +

Hello <%= @resource.email %>!

+ +

We're contacting you to notify you that you're password has been changed.

From 954767d456a484e357eccb7434fffb8cbdfb1724 Mon Sep 17 00:00:00 2001 From: takiy33 Date: Sun, 21 Jun 2015 18:12:28 +0900 Subject: [PATCH 0744/1473] Remove rubyforge_project option rubyforge_project option is deprecated. --- devise.gemspec | 2 -- 1 file changed, 2 deletions(-) diff --git a/devise.gemspec b/devise.gemspec index 12f3362d32..16f754c127 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -13,8 +13,6 @@ Gem::Specification.new do |s| s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] - s.rubyforge_project = "devise" - s.files = `git ls-files`.split("\n") s.test_files = `git ls-files -- test/*`.split("\n") s.require_paths = ["lib"] From d49533bedcce004ef8999d10924d1194bee79486 Mon Sep 17 00:00:00 2001 From: Sean Marzug-McCarthy Date: Mon, 22 Jun 2015 15:41:49 +0200 Subject: [PATCH 0745/1473] Fix default email_regexp config to disallow trailing non-word characters --- lib/devise.rb | 2 +- test/devise_test.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index eba64b7590..e9b2948315 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -106,7 +106,7 @@ module Strategies # an one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. mattr_accessor :email_regexp - @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\s]+\z/ + @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/ # Range validation for password length mattr_accessor :password_length diff --git a/test/devise_test.rb b/test/devise_test.rb index 629fcf340f..519142ab4f 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -95,7 +95,7 @@ class DeviseTest < ActiveSupport::TestCase test 'Devise.email_regexp should match valid email addresses' do valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua"] - non_valid_emails = ["rex", "test@go,com", "test user@example.com", "test_user@example server.com"] + non_valid_emails = ["rex", "test@go,com", "test user@example.com", "test_user@example server.com", "test_user@example.com."] valid_emails.each do |email| assert_match Devise.email_regexp, email From 464edd5e5fa397af25e2b7f13648b60e381f8f44 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Wed, 24 Jun 2015 10:50:43 -0500 Subject: [PATCH 0746/1473] quick comment touch-ups --- app/mailers/devise/mailer.rb | 2 +- app/views/devise/mailer/password_change.html.erb | 2 +- lib/devise.rb | 2 +- lib/generators/templates/devise.rb | 2 +- lib/generators/templates/markerb/password_change.markerb | 2 +- test/models/database_authenticatable_test.rb | 9 +++++---- 6 files changed, 10 insertions(+), 9 deletions(-) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index efb0bba52d..555b64d29f 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -18,7 +18,7 @@ def unlock_instructions(record, token, opts={}) end def password_change(record, opts={}) - devise_mail(record, :unlock_instructions) + devise_mail(record, :password_change, opts) end end end diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb index 7575168767..b41daf476a 100644 --- a/app/views/devise/mailer/password_change.html.erb +++ b/app/views/devise/mailer/password_change.html.erb @@ -1,3 +1,3 @@

Hello <%= @resource.email %>!

-

We're contacting you to notify you that you're password has been changed.

+

We're contacting you to notify you that your password has been changed.

diff --git a/lib/devise.rb b/lib/devise.rb index 8a83d4a30e..42e06131dd 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -154,7 +154,7 @@ module Strategies mattr_accessor :pepper @@pepper = nil - # Used to encrypt password. Please generate one with rake secret. + # Used to enable sending notification to user when their password is changed mattr_accessor :send_password_change_notification @@send_password_change_notification = false diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 02d49c5ca3..1fb58cce75 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -105,7 +105,7 @@ # Setup a pepper to generate the encrypted password. # config.pepper = '<%= SecureRandom.hex(64) %>' - # Send a notification email on password change + # Send a notification email when the user's password is changed # config.send_password_change_notification = false # ==> Configuration for :confirmable diff --git a/lib/generators/templates/markerb/password_change.markerb b/lib/generators/templates/markerb/password_change.markerb index 7575168767..b41daf476a 100644 --- a/lib/generators/templates/markerb/password_change.markerb +++ b/lib/generators/templates/markerb/password_change.markerb @@ -1,3 +1,3 @@

Hello <%= @resource.email %>!

-

We're contacting you to notify you that you're password has been changed.

+

We're contacting you to notify you that your password has been changed.

diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index ad7f5dd766..5daca4248f 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -237,10 +237,11 @@ def setup end test 'should email on password change when configured' do - User.stubs(:send_password_change_notification).returns(true) - user = create_user - assert_email_sent user.email do - assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + swap Devise, send_password_change_notification: true do + user = create_user + assert_email_sent user.email do + assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + end end end From e966ba72b1e663829aa16d2c41b336d1b6f37d35 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Wed, 24 Jun 2015 10:50:54 -0500 Subject: [PATCH 0747/1473] move model stubs --- test/models_test.rb | 6 ++++++ test/support/stub_model_filters.rb | 5 ----- 2 files changed, 6 insertions(+), 5 deletions(-) delete mode 100644 test/support/stub_model_filters.rb diff --git a/test/models_test.rb b/test/models_test.rb index e8103d6781..3fc78806f6 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -92,6 +92,12 @@ def send_devise_notification(*); end end end +module StubModelFilters + def stub_filter(name) + define_singleton_method(name) { |*| nil } + end +end + class CheckFieldsTest < ActiveSupport::TestCase test 'checks if the class respond_to the required fields' do Player = Class.new do diff --git a/test/support/stub_model_filters.rb b/test/support/stub_model_filters.rb deleted file mode 100644 index 6e257f37b2..0000000000 --- a/test/support/stub_model_filters.rb +++ /dev/null @@ -1,5 +0,0 @@ -module StubModelFilters - def stub_filter(name) - define_singleton_method(name) { |*| nil } - end -end From 0164f5862c0513ee974539beb821a439d310d393 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Wed, 24 Jun 2015 11:01:46 -0500 Subject: [PATCH 0748/1473] translation for mailer subject --- config/locales/en.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/locales/en.yml b/config/locales/en.yml index 26a10f2928..bd4c3ebc69 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -23,6 +23,8 @@ en: subject: "Reset password instructions" unlock_instructions: subject: "Unlock instructions" + password_change: + subject: "Password Changed" omniauth_callbacks: failure: "Could not authenticate you from %{kind} because \"%{reason}\"." success: "Successfully authenticated from %{kind} account." From 89dbbfd0fdb9c04acfd0c0c94681a4e227055023 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Wed, 24 Jun 2015 11:13:06 -0500 Subject: [PATCH 0749/1473] CHANGELOG --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9f886fa4d..8348ab4f04 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* enhancements + * Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed. + ### 3.5.1 - 2015-05-24 Note: 3.5.0 has been yanked due to a regression From 4d8bec435db28c1193a04a2c3b15a1fd81f977ed Mon Sep 17 00:00:00 2001 From: Andrey Novikov Date: Wed, 24 Jun 2015 20:32:31 +0300 Subject: [PATCH 0750/1473] Provided another solution in error message when using omniauth callbacks under a dynamic segment Previous solution was too complex and wasn't worked for everyone. See discussion at https://github.com/plataformatec/devise/pull/2227 Fixes #3651 [ci skip] --- lib/devise/rails/routes.rb | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 0541795699..817c736add 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -404,19 +404,14 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: raise <<-ERROR Devise does not support scoping OmniAuth callbacks under a dynamic segment and you have set #{mapping.fullpath.inspect}. You can work around by passing -`skip: :omniauth_callbacks` and manually defining the routes. Here is an example: - - match "/users/auth/:provider", - constraints: { provider: /google|facebook/ }, - to: "devise/omniauth_callbacks#passthru", - as: :omniauth_authorize, - via: [:get, :post] - - match "/users/auth/:action/callback", - constraints: { action: /google|facebook/ }, - to: "devise/omniauth_callbacks#:action", - as: :omniauth_callback, - via: [:get, :post] +`skip: :omniauth_callbacks` to the `devise_for` call and extract omniauth +options to another `devise_for` call outside the scope. Here is an example: + + devise_for :users, only: :omniauth_callbacks, controllers: {omniauth_callbacks: 'users/omniauth_callbacks'} + + scope '/(:locale)', locale: /ru|en/ do + devise_for :users, skip: :omniauth_callbacks + end ERROR end From aa675f7f6611de5d40114aa98153f3f0c0b3e8d5 Mon Sep 17 00:00:00 2001 From: Abe Voelker Date: Sat, 27 Jun 2015 14:21:24 -0500 Subject: [PATCH 0751/1473] Fix infinite redirect in Rails 4.2 authenticated routes. Closes #3643 --- lib/devise/failure_app.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index ca71edb4d5..56c44a42b8 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -118,8 +118,13 @@ def scope_url config = Rails.application.config - if config.respond_to?(:relative_url_root) && config.relative_url_root.present? - opts[:script_name] = config.relative_url_root + # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset + if (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2) + opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root)) + else + if config.respond_to?(:relative_url_root) && config.relative_url_root.present? + opts[:script_name] = config.relative_url_root + end end router_name = Devise.mappings[scope].router_name || Devise.available_router_name From b23f5223ddda4d70be5460d1c101d0c12db896a4 Mon Sep 17 00:00:00 2001 From: Vincent Woo Date: Tue, 30 Jun 2015 16:02:06 -0700 Subject: [PATCH 0752/1473] just use regular 4.x mongoid gem --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index bf45131d4a..7dd8be4883 100644 --- a/Gemfile +++ b/Gemfile @@ -25,5 +25,5 @@ platforms :ruby do end group :mongoid do - gem "mongoid", github: "mongoid/mongoid", branch: "master" + gem "mongoid", "~> 4.0" end From 4d89c709a5c7ea8354fe060806a2b412fcb5239a Mon Sep 17 00:00:00 2001 From: Feng Ye Date: Fri, 10 Jul 2015 20:01:42 +0800 Subject: [PATCH 0753/1473] redirect to after_resetting_password_path always --- app/controllers/devise/passwords_controller.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 3175ac5754..782a2a937f 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -38,11 +38,10 @@ def update flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message(:notice, flash_message) if is_flashing_format? sign_in(resource_name, resource) - respond_with resource, location: after_resetting_password_path_for(resource) else set_flash_message(:notice, :updated_not_active) if is_flashing_format? - respond_with resource, location: new_session_path(resource_name) end + respond_with resource, location: after_resetting_password_path_for(resource) else respond_with resource end @@ -50,7 +49,7 @@ def update protected def after_resetting_password_path_for(resource) - after_sign_in_path_for(resource) + Devise.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name) end # The path used after sending reset password instructions From c72be1531cf6d4d7d3acc8cb3660586ae0e93f9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Sat, 11 Jul 2015 08:57:40 -0300 Subject: [PATCH 0754/1473] Keep Gemfile.lock in sync Forgotten in b23f5223ddda4d70be5460d1c101d0c12db896a4 --- Gemfile.lock | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 96636f8f47..eeaf2ffa8f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,14 +1,3 @@ -GIT - remote: git://github.com/mongoid/mongoid.git - revision: a4365d7ecfa8221bfcf36a4e7ce7993142fc5940 - branch: master - specs: - mongoid (4.0.0) - activemodel (~> 4.0) - moped (~> 2.0.0) - origin (~> 2.1) - tzinfo (>= 0.3.37) - PATH remote: . specs: @@ -60,9 +49,9 @@ GEM tzinfo (~> 1.1) arel (6.0.0) bcrypt (3.1.10) - bson (2.3.0) + bson (3.1.2) builder (3.2.2) - connection_pool (2.1.3) + connection_pool (2.2.0) erubis (2.7.0) faraday (0.9.1) multipart-post (>= 1.2, < 3) @@ -82,8 +71,13 @@ GEM minitest (5.7.0) mocha (1.1.0) metaclass (~> 0.0.1) - moped (2.0.4) - bson (~> 2.2) + mongoid (4.0.2) + activemodel (~> 4.0) + moped (~> 2.0.0) + origin (~> 2.1) + tzinfo (>= 0.3.37) + moped (2.0.6) + bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) multi_json (1.11.1) @@ -175,7 +169,7 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 1.1) - mongoid! + mongoid (~> 4.0) omniauth (~> 1.2.0) omniauth-facebook omniauth-oauth2 (~> 1.1.0) @@ -184,3 +178,6 @@ DEPENDENCIES rdoc sqlite3 webrat (= 0.7.3) + +BUNDLED WITH + 1.10.5 From 406464196708562c8a45256c242bef039fb741a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Sat, 11 Jul 2015 09:01:22 -0300 Subject: [PATCH 0755/1473] Remove obsolete expire_auth_token_on_timeout This should have been removed in dff7891b97d785d228a15dff5c1acdb0da34605f when token authentication (and the reset_authentication_token! method) were removed. --- lib/devise.rb | 4 ---- lib/devise/hooks/timeoutable.rb | 4 ---- lib/generators/templates/devise.rb | 3 --- test/integration/timeoutable_test.rb | 17 ----------------- .../app/controllers/admins_controller.rb | 5 ----- test/rails_app/config/routes.rb | 4 +--- 6 files changed, 1 insertion(+), 36 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index e9b2948315..f0f8412359 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -146,10 +146,6 @@ module Strategies mattr_accessor :timeout_in @@timeout_in = 30.minutes - # Authentication token expiration on timeout - mattr_accessor :expire_auth_token_on_timeout - @@expire_auth_token_on_timeout = false - # Used to encrypt password. Please generate one with rake secret. mattr_accessor :pepper @@pepper = nil diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index b9373cbdef..a118211731 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -21,10 +21,6 @@ if record.timedout?(last_request_at) && !env['devise.skip_timeout'] Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope) - if record.respond_to?(:expire_auth_token_on_timeout) && record.expire_auth_token_on_timeout - record.reset_authentication_token! - end - throw :warden, scope: scope, message: :timeout end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 020bfc3472..3fae04d05d 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -158,9 +158,6 @@ # time the user will be asked for credentials again. Default is 30 minutes. # config.timeout_in = 30.minutes - # If true, expires auth token on session timeout. - # config.expire_auth_token_on_timeout = false - # ==> Configuration for :lockable # Defines which strategy will be used to lock an account. # :failed_attempts = Locks an account after a number of failed attempts to sign in. diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 71a6fdb24c..66e1ce9ad3 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -110,23 +110,6 @@ def last_request_at assert_contain 'You are signed in' end - test 'admin does not explode on time out' do - admin = sign_in_as_admin - get expire_admin_path(admin) - - Admin.send :define_method, :reset_authentication_token! do - nil - end - - begin - get admins_path - assert_redirected_to admins_path - assert_not warden.authenticated?(:admin) - ensure - Admin.send(:remove_method, :reset_authentication_token!) - end - end - test 'user configured timeout limit' do swap Devise, timeout_in: 8.minutes do user = sign_in_as_user diff --git a/test/rails_app/app/controllers/admins_controller.rb b/test/rails_app/app/controllers/admins_controller.rb index 2b4837cfe3..6c1fa3b540 100644 --- a/test/rails_app/app/controllers/admins_controller.rb +++ b/test/rails_app/app/controllers/admins_controller.rb @@ -3,9 +3,4 @@ class AdminsController < ApplicationController def index end - - def expire - admin_session['last_request_at'] = 31.minutes.ago.utc - render text: 'Admin will be expired on next request' - end end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 7438114b7d..815479618c 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -13,9 +13,7 @@ end end - resources :admins, only: [:index] do - get :expire, on: :member - end + resources :admins, only: [:index] # Users scope devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" } From 5c244d9e2b207a54f1c308d02703442183f7786e Mon Sep 17 00:00:00 2001 From: David Trotz Date: Thu, 16 Jul 2015 10:58:59 -0700 Subject: [PATCH 0756/1473] Basic auth case insensitive pattern match Allow basic authentication to be case insensitive as per the HTTP 1.1 spec RFC 2068 Section 11 > It uses an extensible, case-insensitive token to identify the authentication scheme, followed by a comma-separated list of attribute-value pairs which carry the parameters necessary for achieving authentication via that scheme. We have a particular client in production that has basic auth hard-coded as `basic` rather than `Basic` and devise is rejecting perfectly fine credentials. Making this small change has allowed us to authenticate this client with no issues. --- lib/devise/strategies/authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 288e73c5db..1906cf0828 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -118,7 +118,7 @@ def valid_password? # Helper to decode credentials from HTTP. def decode_credentials - return [] unless request.authorization && request.authorization =~ /^Basic (.*)/m + return [] unless request.authorization && request.authorization =~ /^Basic (.*)/mi Base64.decode64($1).split(/:/, 2) end From eb640ed344fb5e227e82b1f3a914ca9fabb938e0 Mon Sep 17 00:00:00 2001 From: Vincent Woo Date: Tue, 30 Jun 2015 15:22:09 -0700 Subject: [PATCH 0757/1473] Do not use digests for confirmation tokens --- lib/devise/models/confirmable.rb | 29 +++++++++++++------ .../mailers/confirmation_instructions_test.rb | 2 +- test/models/confirmable_test.rb | 15 ++++++++-- 3 files changed, 34 insertions(+), 12 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index fa3b63fb56..5a05e0f95f 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -7,7 +7,7 @@ module Models # # Confirmable tracks the following columns: # - # * confirmation_token - An OpenSSL::HMAC.hexdigest of @raw_confirmation_token + # * confirmation_token - A unique random token # * confirmed_at - A timestamp when the user clicked the confirmation link # * confirmation_sent_at - A timestamp when the confirmation_token was generated (not sent) # * unconfirmed_email - An email address copied from the email attr. After confirmation @@ -29,6 +29,8 @@ module Models # confirmation. # * +confirm_within+: the time before a sent confirmation token becomes invalid. # You can use this to force the user to confirm within a set period of time. + # Confirmable will not generate a new token if a repeat confirmation is requested + # during this time frame, unless the user's email changed too. # # == Examples # @@ -230,10 +232,13 @@ def pending_any_confirmation # Generates a new random token for confirmation, and stores # the time this token is being generated in confirmation_sent_at def generate_confirmation_token - raw, enc = Devise.token_generator.generate(self.class, :confirmation_token) - @raw_confirmation_token = raw - self.confirmation_token = enc - self.confirmation_sent_at = Time.now.utc + if self.confirmation_token && !confirmation_period_expired? + @raw_confirmation_token = self.confirmation_token + else + raw, _ = Devise.token_generator.generate(self.class, :confirmation_token) + self.confirmation_token = @raw_confirmation_token = raw + self.confirmation_sent_at = Time.now.utc + end end def generate_confirmation_token! @@ -244,6 +249,7 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token @reconfirmation_required = true self.unconfirmed_email = self.email self.email = self.email_was + self.confirmation_token = nil generate_confirmation_token end @@ -293,12 +299,17 @@ def send_confirmation_instructions(attributes={}) # If the user is already confirmed, create an error for the user # Options must have the confirmation_token def confirm_by_token(confirmation_token) - original_token = confirmation_token - confirmation_token = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) + confirmable = find_first_by_auth_conditions(confirmation_token: confirmation_token) + unless confirmable + confirmation_digest = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) + confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_digest) + end + + # TODO: replace above lines with + # confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token) + # after enough time has passed that Devise clients do not use digested tokens - confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token) confirmable.confirm if confirmable.persisted? - confirmable.confirmation_token = original_token confirmable end diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 8eb9358c15..ef8d496283 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -86,7 +86,7 @@ def mail host, port = ActionMailer::Base.default_url_options.values_at :host, :port if mail.body.encoded =~ %r{} - assert_equal Devise.token_generator.digest(user.class, :confirmation_token, $1), user.confirmation_token + assert_equal $1, user.confirmation_token else flunk "expected confirmation url regex to match" end diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index fa3a226b70..008996c06c 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -291,12 +291,23 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) end end - test 'always generate a new token on resend' do + test 'do not generate a new token on resend' do user = create_user old = user.confirmation_token user = User.find(user.id) user.resend_confirmation_instructions - assert_not_equal user.confirmation_token, old + assert_equal user.confirmation_token, old + end + + test 'generate a new token after first has expired' do + swap Devise, confirm_within: 3.days do + user = create_user + old = user.confirmation_token + user.update_attribute(:confirmation_sent_at, 4.days.ago) + user = User.find(user.id) + user.resend_confirmation_instructions + assert_not_equal user.confirmation_token, old + end end test 'should call after_confirmation if confirmed' do From 021f2da1e44db4b6ae119e72a588a215799b879d Mon Sep 17 00:00:00 2001 From: Denis Yakovenko Date: Sun, 2 Aug 2015 13:48:31 +0300 Subject: [PATCH 0758/1473] Improve grammar on lines 189 and 352 in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ca83314355..ec3b6fa2b4 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. -There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are: +There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are: * `sign_in` (`Devise::SessionsController#create`) - Permits only the authentication keys (like `email`) * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` @@ -349,7 +349,7 @@ devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logo Be sure to check `devise_for` documentation for details. -If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is to create your routes normally and wrap them in a `devise_scope` block in the router: +If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router: ```ruby devise_scope :user do From 710496b6a8e45b24c5f559349657deeec7f2a074 Mon Sep 17 00:00:00 2001 From: Neil van Beinum Date: Thu, 6 Aug 2015 18:21:34 +0100 Subject: [PATCH 0759/1473] Remove unnecessary line break on edit password page. --- app/views/devise/passwords/edit.html.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 0ee12dd279..6a796b050e 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -7,8 +7,8 @@
<%= f.label :password, "New password" %>
<% if @minimum_password_length %> - (<%= @minimum_password_length %> characters minimum) - <% end %>
+ (<%= @minimum_password_length %> characters minimum)
+ <% end %> <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
From d9939d1ea01e53a53023511f48491544821bea3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 10 Aug 2015 14:46:36 +0200 Subject: [PATCH 0760/1473] Release v3.5.2 --- CHANGELOG.md | 10 ++++++++++ Gemfile.lock | 4 ++-- lib/devise/version.rb | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9f886fa4d..9eeb982cc5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +### 3.5.2 - 2015-08-10 + +* enhancements + * Perform case insensitive basic authorization matching + +* Big fixes + * Do not use digests for password confirmation token + * Fix infinite redirect in Rails 4.2 authenticated routes + * Autoload Devise::Encryptor to avoid errors on thread-safe mode + ### 3.5.1 - 2015-05-24 Note: 3.5.0 has been yanked due to a regression diff --git a/Gemfile.lock b/Gemfile.lock index eeaf2ffa8f..d23c38d197 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (3.5.1) + devise (3.5.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -180,4 +180,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.10.5 + 1.10.6 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 8a0be0d0b2..5b8137a501 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.5.1".freeze + VERSION = "3.5.2".freeze end From 52e35f69c51e404836e1dfe8c1cb766ac55115fd Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 10 Aug 2015 20:39:22 -0300 Subject: [PATCH 0761/1473] Fix typo in changelo [ci skip] Thanks @reedloden. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9eeb982cc5..de72b296af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ * enhancements * Perform case insensitive basic authorization matching -* Big fixes +* bug fixes * Do not use digests for password confirmation token * Fix infinite redirect in Rails 4.2 authenticated routes * Autoload Devise::Encryptor to avoid errors on thread-safe mode From 8c6de852c6d840befb043561281136a5c95b05f8 Mon Sep 17 00:00:00 2001 From: Daniel Hollands Date: Thu, 13 Aug 2015 13:57:01 +0100 Subject: [PATCH 0762/1473] modifys markerb templates to use markdown links, not html ones. --- .../templates/markerb/confirmation_instructions.markerb | 2 +- .../templates/markerb/reset_password_instructions.markerb | 2 +- lib/generators/templates/markerb/unlock_instructions.markerb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/generators/templates/markerb/confirmation_instructions.markerb b/lib/generators/templates/markerb/confirmation_instructions.markerb index fe73f001db..48ebb86739 100644 --- a/lib/generators/templates/markerb/confirmation_instructions.markerb +++ b/lib/generators/templates/markerb/confirmation_instructions.markerb @@ -2,4 +2,4 @@ Welcome <%= @email %>! You can confirm your account through the link below: -<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %> +[Confirm my account](<%= confirmation_url(@resource, confirmation_token: @token) %>) diff --git a/lib/generators/templates/markerb/reset_password_instructions.markerb b/lib/generators/templates/markerb/reset_password_instructions.markerb index b1ca47aed8..eead40a09a 100644 --- a/lib/generators/templates/markerb/reset_password_instructions.markerb +++ b/lib/generators/templates/markerb/reset_password_instructions.markerb @@ -2,7 +2,7 @@ Hello <%= @resource.email %>! Someone has requested a link to change your password, and you can do this through the link below. -<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %> +[Change my password](<%= edit_password_url(@resource, reset_password_token: @token) %>) If you didn't request this, please ignore this email. Your password won't change until you access the link above and create a new one. diff --git a/lib/generators/templates/markerb/unlock_instructions.markerb b/lib/generators/templates/markerb/unlock_instructions.markerb index e3ed33d072..ff0d9c38dd 100644 --- a/lib/generators/templates/markerb/unlock_instructions.markerb +++ b/lib/generators/templates/markerb/unlock_instructions.markerb @@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in Click the link below to unlock your account: -<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %> +[Unlock my account](<%= unlock_url(@resource, unlock_token: @token) %>) From 8588387fad835edc5e06f43b2ec0a808b2ea9ba6 Mon Sep 17 00:00:00 2001 From: David Hrachovy Date: Fri, 14 Aug 2015 14:02:57 +0200 Subject: [PATCH 0763/1473] Add removed method to CHANGELOG my app failed to start because the method was removed. I think it makes sense to mention it here. --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index de72b296af..18eb569534 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,9 @@ * Fix infinite redirect in Rails 4.2 authenticated routes * Autoload Devise::Encryptor to avoid errors on thread-safe mode +* deprecations + * `config.expire_auth_token_on_timeout` was removed + ### 3.5.1 - 2015-05-24 Note: 3.5.0 has been yanked due to a regression From 3a056f6d10d86fd5a16e9eca9b88fcb6870a66be Mon Sep 17 00:00:00 2001 From: MarkMT Date: Tue, 18 Aug 2015 22:41:58 -0500 Subject: [PATCH 0764/1473] Update comment on Devise.configure_warden The existing comment seems to be either outdated or obscure. I interpret it as meaning that configure_warden! is invoked by an 'initializer' block in class Devise::Engine, i.e. in lib/devise/rails.rb. However, as far as I can tell the only time the method is invoked is when ActionDispatch::Routing::RouteSet#finalize! is called, and this is aliased by devise to finalize_with_devise!. --- lib/devise.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index f0f8412359..40413f4ef7 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -433,8 +433,8 @@ def self.regenerate_helpers! Devise::Controllers::UrlHelpers.generate_helpers! end - # A method used internally to setup warden manager from the Rails initialize - # block. + # A method used internally to complete the setup of warden manager after routes are loaded. + # See lib/devise/rails/routes.rb - ActionDispatch::Routing::RouteSet#finalize_with_devise! def self.configure_warden! #:nodoc: @@warden_configured ||= begin warden_config.failure_app = Devise::Delegator.new From 155e23a73eb183a48af48894e57429f30e2dc4c0 Mon Sep 17 00:00:00 2001 From: MarkMT Date: Thu, 20 Aug 2015 19:17:52 -0500 Subject: [PATCH 0765/1473] Update comment on Devise.add_module The existing comment suggests that add_module is used only for modules that are not provided by Devise itself. --- lib/devise.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 40413f4ef7..d1bbb3b3bb 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -325,7 +325,12 @@ def self.add_mapping(resource, options) mapping end - # Make Devise aware of an 3rd party Devise-module (like invitable). For convenience. + # Register available devise modules. For the standard modules that Devise provides, this method is + # called from lib/devise/modules.rb. Third-party modules need to be added explicitly using this method. + # + # Note that adding a module using this method does not cause it to be used in the authentication + # process. That requires that the module be listed in the arguments passed to the 'devise' method + # in the model class definition. # # == Options: # From 8aa0e2655e58c599e94c8d0ca6d20921d847f68c Mon Sep 17 00:00:00 2001 From: Marcus Ilgner Date: Thu, 20 Aug 2015 17:56:08 +0200 Subject: [PATCH 0766/1473] Use default_url_options from parent_controller Use a configured Devise.parent_controller, not ApplicationController Also remove passing `*args` since it's a class-level attribute, not a method. --- lib/devise/failure_app.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 56c44a42b8..56d5cbb501 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -22,9 +22,12 @@ def self.call(env) @respond.call(env) end + # Try retrieving the URL options from the parent controller (usually + # ApplicationController). Instance methods are not supported at the moment, + # so only the class-level attribute is used. def self.default_url_options(*args) - if defined?(ApplicationController) - ApplicationController.default_url_options(*args) + if defined?(Devise.parent_controller.constantize) + Devise.parent_controller.constantize.try(:default_url_options) || {} else {} end From 068da8045b66cb87a925cf412f700ee6d7d6bf6b Mon Sep 17 00:00:00 2001 From: Dave Gynn Date: Fri, 21 Aug 2015 00:49:46 -0700 Subject: [PATCH 0767/1473] update api docs for Models.config config no longer takes a default value since 80699c58b4. also, :streches was moved to DatabaseAuthenticatable. --- lib/devise/models.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 9893062d8d..338f7e0e89 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -12,7 +12,7 @@ def message # Creates configuration values for Devise and for the given module. # - # Devise::Models.config(Devise::Authenticatable, :stretches, 10) + # Devise::Models.config(Devise::DatabaseAuthenticatable, :stretches) # # The line above creates: # From eb091b867f50da1e097dcf07e3e9fe5ceae5785e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 27 Aug 2015 12:12:13 -0300 Subject: [PATCH 0768/1473] Fix `rails g devise:views -v mailer` with the Simple Form generator. Our Simple Form generator shouldn't be responsible for generating the `mailer` view directory, so we should skip it and let the Erb generator do the job. Closes #3254. --- lib/generators/devise/views_generator.rb | 7 +++++++ test/generators/views_generator_test.rb | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index beac23836d..b3a77397af 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -83,6 +83,13 @@ class SimpleFormForGenerator < Rails::Generators::Base #:nodoc: source_root File.expand_path("../../templates/simple_form_for", __FILE__) desc "Copies simple form enabled views to your application." hide! + + def copy_views + if options[:views] + options[:views].delete('mailer') + end + super + end end class ErbGenerator < Rails::Generators::Base #:nodoc: diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index 052b2ade89..7fcdff0d2f 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -46,6 +46,13 @@ class ViewsGeneratorTest < Rails::Generators::TestCase assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb" end + test "Assert mailer specific directory with simple form" do + run_generator %w(-v mailer -b simple_form_for) + assert_file "app/views/devise/mailer/confirmation_instructions.html.erb" + assert_file "app/views/devise/mailer/reset_password_instructions.html.erb" + assert_file "app/views/devise/mailer/unlock_instructions.html.erb" + end + test "Assert specified directories with scope" do run_generator %w(users -v sessions) assert_file "app/views/users/sessions/new.html.erb" From c744dcf07ad48b16a7c6259da6be90c4239690fb Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Fri, 19 Jun 2015 14:21:10 -0500 Subject: [PATCH 0769/1473] tests --- test/models/database_authenticatable_test.rb | 19 +++++++++++++++++++ test/models_test.rb | 15 +++++++++------ test/support/stub_model_filters.rb | 5 +++++ 3 files changed, 33 insertions(+), 6 deletions(-) create mode 100644 test/support/stub_model_filters.rb diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index fc3f729212..ad7f5dd766 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -3,6 +3,10 @@ require 'digest/sha1' class DatabaseAuthenticatableTest < ActiveSupport::TestCase + def setup + setup_mailer + end + test 'should downcase case insensitive keys when saving' do # case_insensitive_keys is set to :email by default. email = 'Foo@Bar.com' @@ -225,6 +229,21 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_match "can't be blank", user.errors[:current_password].join end + test 'should not email on password change' do + user = create_user + assert_email_not_sent do + assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + end + end + + test 'should email on password change when configured' do + User.stubs(:send_password_change_notification).returns(true) + user = create_user + assert_email_sent user.email do + assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + end + end + test 'downcase_keys with validation' do User.create(email: "HEllO@example.com", password: "123456") user = User.create(email: "HEllO@example.com", password: "123456") diff --git a/test/models_test.rb b/test/models_test.rb index a5f13b4fab..e8103d6781 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -96,9 +96,10 @@ class CheckFieldsTest < ActiveSupport::TestCase test 'checks if the class respond_to the required fields' do Player = Class.new do extend Devise::Models + extend StubModelFilters - def self.before_validation(instance) - end + stub_filter :before_validation + stub_filter :after_update devise :database_authenticatable @@ -113,9 +114,10 @@ def self.before_validation(instance) test 'raises Devise::Models::MissingAtrribute and shows the missing attribute if the class doesn\'t respond_to one of the attributes' do Clown = Class.new do extend Devise::Models + extend StubModelFilters - def self.before_validation(instance) - end + stub_filter :before_validation + stub_filter :after_update devise :database_authenticatable @@ -130,9 +132,10 @@ def self.before_validation(instance) test 'raises Devise::Models::MissingAtrribute with all the missing attributes if there is more than one' do Magician = Class.new do extend Devise::Models + extend StubModelFilters - def self.before_validation(instance) - end + stub_filter :before_validation + stub_filter :after_update devise :database_authenticatable end diff --git a/test/support/stub_model_filters.rb b/test/support/stub_model_filters.rb new file mode 100644 index 0000000000..6e257f37b2 --- /dev/null +++ b/test/support/stub_model_filters.rb @@ -0,0 +1,5 @@ +module StubModelFilters + def stub_filter(name) + define_singleton_method(name) { |*| nil } + end +end From 0fa74d863d71f186c3d746ce9acdd582ba60461a Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Fri, 19 Jun 2015 14:22:37 -0500 Subject: [PATCH 0770/1473] functionality --- app/mailers/devise/mailer.rb | 4 ++++ lib/devise.rb | 4 ++++ lib/devise/models/database_authenticatable.rb | 12 +++++++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index e069eefa81..efb0bba52d 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -16,5 +16,9 @@ def unlock_instructions(record, token, opts={}) @token = token devise_mail(record, :unlock_instructions, opts) end + + def password_change(record, opts={}) + devise_mail(record, :unlock_instructions) + end end end diff --git a/lib/devise.rb b/lib/devise.rb index d1bbb3b3bb..979479dfcb 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -150,6 +150,10 @@ module Strategies mattr_accessor :pepper @@pepper = nil + # Used to encrypt password. Please generate one with rake secret. + mattr_accessor :send_password_change_notification + @@send_password_change_notification = false + # Scoped views. Since it relies on fallbacks to render default views, it's # turned off by default. mattr_accessor :scoped_views diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 5168630335..8f41bfff53 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -27,6 +27,8 @@ module DatabaseAuthenticatable extend ActiveSupport::Concern included do + after_update :send_password_change_notification, if: :send_password_change_notification? + attr_reader :password, :current_password attr_accessor :password_confirmation end @@ -133,6 +135,10 @@ def authenticatable_salt encrypted_password[0,29] if encrypted_password end + def send_password_change_notification + send_devise_notification(:password_change) + end + protected # Digests the password using bcrypt. Custom encryption should override @@ -144,8 +150,12 @@ def password_digest(password) Devise::Encryptor.digest(self.class, password) end + def send_password_change_notification? + self.class.send_password_change_notification && encrypted_password_changed? + end + module ClassMethods - Devise::Models.config(self, :pepper, :stretches) + Devise::Models.config(self, :pepper, :stretches, :send_password_change_notification) # We assume this method already gets the sanitized values from the # DatabaseAuthenticatable strategy. If you are using this method on From 48ed2fd1aaf918a91fde7df79aeb50d36dfdce2e Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Fri, 19 Jun 2015 14:22:54 -0500 Subject: [PATCH 0771/1473] templates, config documentation --- app/views/devise/mailer/password_change.html.erb | 3 +++ lib/generators/templates/devise.rb | 3 +++ lib/generators/templates/markerb/password_change.markerb | 3 +++ 3 files changed, 9 insertions(+) create mode 100644 app/views/devise/mailer/password_change.html.erb create mode 100644 lib/generators/templates/markerb/password_change.markerb diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb new file mode 100644 index 0000000000..7575168767 --- /dev/null +++ b/app/views/devise/mailer/password_change.html.erb @@ -0,0 +1,3 @@ +

Hello <%= @resource.email %>!

+ +

We're contacting you to notify you that you're password has been changed.

diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 3fae04d05d..80a5e38cd4 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -105,6 +105,9 @@ # Setup a pepper to generate the encrypted password. # config.pepper = '<%= SecureRandom.hex(64) %>' + # Send a notification email on password change + # config.send_password_change_notification = false + # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without # confirming their account. For instance, if set to 2.days, the user will be diff --git a/lib/generators/templates/markerb/password_change.markerb b/lib/generators/templates/markerb/password_change.markerb new file mode 100644 index 0000000000..7575168767 --- /dev/null +++ b/lib/generators/templates/markerb/password_change.markerb @@ -0,0 +1,3 @@ +

Hello <%= @resource.email %>!

+ +

We're contacting you to notify you that you're password has been changed.

From e9c82472ffe7c43a448945f77e034a0e47dde0bb Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Wed, 24 Jun 2015 10:50:43 -0500 Subject: [PATCH 0772/1473] quick comment touch-ups --- app/mailers/devise/mailer.rb | 2 +- app/views/devise/mailer/password_change.html.erb | 2 +- lib/devise.rb | 2 +- lib/generators/templates/devise.rb | 2 +- lib/generators/templates/markerb/password_change.markerb | 2 +- test/models/database_authenticatable_test.rb | 9 +++++---- 6 files changed, 10 insertions(+), 9 deletions(-) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index efb0bba52d..555b64d29f 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -18,7 +18,7 @@ def unlock_instructions(record, token, opts={}) end def password_change(record, opts={}) - devise_mail(record, :unlock_instructions) + devise_mail(record, :password_change, opts) end end end diff --git a/app/views/devise/mailer/password_change.html.erb b/app/views/devise/mailer/password_change.html.erb index 7575168767..b41daf476a 100644 --- a/app/views/devise/mailer/password_change.html.erb +++ b/app/views/devise/mailer/password_change.html.erb @@ -1,3 +1,3 @@

Hello <%= @resource.email %>!

-

We're contacting you to notify you that you're password has been changed.

+

We're contacting you to notify you that your password has been changed.

diff --git a/lib/devise.rb b/lib/devise.rb index 979479dfcb..d1869651e1 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -150,7 +150,7 @@ module Strategies mattr_accessor :pepper @@pepper = nil - # Used to encrypt password. Please generate one with rake secret. + # Used to enable sending notification to user when their password is changed mattr_accessor :send_password_change_notification @@send_password_change_notification = false diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 80a5e38cd4..42720aa582 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -105,7 +105,7 @@ # Setup a pepper to generate the encrypted password. # config.pepper = '<%= SecureRandom.hex(64) %>' - # Send a notification email on password change + # Send a notification email when the user's password is changed # config.send_password_change_notification = false # ==> Configuration for :confirmable diff --git a/lib/generators/templates/markerb/password_change.markerb b/lib/generators/templates/markerb/password_change.markerb index 7575168767..b41daf476a 100644 --- a/lib/generators/templates/markerb/password_change.markerb +++ b/lib/generators/templates/markerb/password_change.markerb @@ -1,3 +1,3 @@

Hello <%= @resource.email %>!

-

We're contacting you to notify you that you're password has been changed.

+

We're contacting you to notify you that your password has been changed.

diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index ad7f5dd766..5daca4248f 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -237,10 +237,11 @@ def setup end test 'should email on password change when configured' do - User.stubs(:send_password_change_notification).returns(true) - user = create_user - assert_email_sent user.email do - assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + swap Devise, send_password_change_notification: true do + user = create_user + assert_email_sent user.email do + assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + end end end From ab141a877960e65c058bde8917c6dde08d9b4aa7 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Wed, 24 Jun 2015 10:50:54 -0500 Subject: [PATCH 0773/1473] move model stubs --- test/models_test.rb | 6 ++++++ test/support/stub_model_filters.rb | 5 ----- 2 files changed, 6 insertions(+), 5 deletions(-) delete mode 100644 test/support/stub_model_filters.rb diff --git a/test/models_test.rb b/test/models_test.rb index e8103d6781..3fc78806f6 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -92,6 +92,12 @@ def send_devise_notification(*); end end end +module StubModelFilters + def stub_filter(name) + define_singleton_method(name) { |*| nil } + end +end + class CheckFieldsTest < ActiveSupport::TestCase test 'checks if the class respond_to the required fields' do Player = Class.new do diff --git a/test/support/stub_model_filters.rb b/test/support/stub_model_filters.rb deleted file mode 100644 index 6e257f37b2..0000000000 --- a/test/support/stub_model_filters.rb +++ /dev/null @@ -1,5 +0,0 @@ -module StubModelFilters - def stub_filter(name) - define_singleton_method(name) { |*| nil } - end -end From 211159f2eba97d8c6d9c0f09ed8fec29d5cd125e Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Wed, 24 Jun 2015 11:01:46 -0500 Subject: [PATCH 0774/1473] translation for mailer subject --- config/locales/en.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/locales/en.yml b/config/locales/en.yml index 26a10f2928..bd4c3ebc69 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -23,6 +23,8 @@ en: subject: "Reset password instructions" unlock_instructions: subject: "Unlock instructions" + password_change: + subject: "Password Changed" omniauth_callbacks: failure: "Could not authenticate you from %{kind} because \"%{reason}\"." success: "Successfully authenticated from %{kind} account." From 9bcc2d1c5fc03dc475576fed782698f4cd3c7005 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Wed, 24 Jun 2015 11:13:06 -0500 Subject: [PATCH 0775/1473] CHANGELOG --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18eb569534..87a522b366 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* enhancements + * Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed. + ### 3.5.2 - 2015-08-10 * enhancements From f5e984c151d1e1de1dd9bca30d326eb6ddc8d231 Mon Sep 17 00:00:00 2001 From: Timo Schilling Date: Fri, 28 Aug 2015 07:51:37 +0200 Subject: [PATCH 0776/1473] use OmniAuth::Utils.camelize This will display the provider name with the original camelization: facebook => Facebook github => GitHub linkedin => LinkedIn --- app/views/devise/shared/_links.html.erb | 2 +- test/integration/omniauthable_test.rb | 19 ++++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index cd795adb68..e6a3e41969 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -20,6 +20,6 @@ <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> - <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %>
+ <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %>
<% end -%> <% end -%> diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 76e8a83fb3..b5cec476a8 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -20,6 +20,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest "credentials" => {"token" => 'plataformatec'}, "extra" => {"user_hash" => FACEBOOK_INFO} } + OmniAuth.config.add_camelization 'facebook', 'FaceBook' end teardown do @@ -40,7 +41,7 @@ def stub_action!(name) test "can access omniauth.auth in the env hash" do visit "/users/sign_in" - click_link "Sign in with Facebook" + click_link "Sign in with FaceBook" json = ActiveSupport::JSON.decode(response.body) @@ -54,7 +55,7 @@ def stub_action!(name) test "cleans up session on sign up" do assert_no_difference "User.count" do visit "/users/sign_in" - click_link "Sign in with Facebook" + click_link "Sign in with FaceBook" end assert session["devise.facebook_data"] @@ -75,7 +76,7 @@ def stub_action!(name) test "cleans up session on cancel" do assert_no_difference "User.count" do visit "/users/sign_in" - click_link "Sign in with Facebook" + click_link "Sign in with FaceBook" end assert session["devise.facebook_data"] @@ -86,7 +87,7 @@ def stub_action!(name) test "cleans up session on sign in" do assert_no_difference "User.count" do visit "/users/sign_in" - click_link "Sign in with Facebook" + click_link "Sign in with FaceBook" end assert session["devise.facebook_data"] @@ -96,13 +97,13 @@ def stub_action!(name) test "sign in and send remember token if configured" do visit "/users/sign_in" - click_link "Sign in with Facebook" + click_link "Sign in with FaceBook" assert_nil warden.cookies["remember_user_token"] stub_action!(:sign_in_facebook) do create_user visit "/users/sign_in" - click_link "Sign in with Facebook" + click_link "Sign in with FaceBook" assert warden.authenticated?(:user) assert warden.cookies["remember_user_token"] end @@ -118,16 +119,16 @@ def stub_action!(name) OmniAuth.config.mock_auth[:facebook] = :access_denied visit "/users/auth/facebook/callback?error=access_denied" assert_current_url "/users/sign_in" - assert_contain 'Could not authenticate you from Facebook because "Access denied".' + assert_contain 'Could not authenticate you from FaceBook because "Access denied".' end test "handles other exceptions from OmniAuth" do OmniAuth.config.mock_auth[:facebook] = :invalid_credentials visit "/users/sign_in" - click_link "Sign in with Facebook" + click_link "Sign in with FaceBook" assert_current_url "/users/sign_in" - assert_contain 'Could not authenticate you from Facebook because "Invalid credentials".' + assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".' end end From 40258bf100c023f785ec0b4b730604da60f31b3f Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 28 Aug 2015 11:26:41 -0300 Subject: [PATCH 0777/1473] Remove the custom OmniAuth camelization on teardown. --- test/integration/omniauthable_test.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index b5cec476a8..36d2fb15e6 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -24,6 +24,7 @@ class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest end teardown do + OmniAuth.config.camelizations.delete('facebook') OmniAuth.config.test_mode = false end From a3da40a701197961d8eae0ca0cf75300a85b7cf2 Mon Sep 17 00:00:00 2001 From: Ryan Mitchell Date: Sat, 29 Aug 2015 05:29:05 -0400 Subject: [PATCH 0778/1473] Wrap helper_method calls in respond_to?(:helper_method) --- lib/devise/controllers/helpers.rb | 12 +++++++++--- test/controllers/helper_methods_test.rb | 21 +++++++++++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 test/controllers/helper_methods_test.rb diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index b3f43d0480..de3b2a0afa 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -7,7 +7,9 @@ module Helpers include Devise::Controllers::StoreLocation included do - helper_method :warden, :signed_in?, :devise_controller? + if respond_to?(:helper_method) + helper_method :warden, :signed_in?, :devise_controller? + end end module ClassMethods @@ -69,7 +71,9 @@ def current_#{group_name.to_s.pluralize} end.compact end - helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?" + if respond_to?(:helper_method) + helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?" + end METHODS end @@ -126,7 +130,9 @@ def #{mapping}_session METHODS ActiveSupport.on_load(:action_controller) do - helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session" + if respond_to?(:helper_method) + helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session" + end end end diff --git a/test/controllers/helper_methods_test.rb b/test/controllers/helper_methods_test.rb new file mode 100644 index 0000000000..5cc9bb57ab --- /dev/null +++ b/test/controllers/helper_methods_test.rb @@ -0,0 +1,21 @@ +require 'test_helper' + +class ApiController < ActionController::Metal + include Devise::Controllers::Helpers +end + +class HelperMethodsTest < ActionController::TestCase + tests ApiController + + test 'includes Devise::Controllers::Helpers' do + assert @controller.class.ancestors.include?(Devise::Controllers::Helpers) + end + + test 'does not respond_to helper_method' do + refute @controller.respond_to?(:helper_method) + end + + test 'defines methods like current_user' do + assert @controller.respond_to?(:current_user) + end +end From 04e01f49a9fb326f88ba4f34cb49234a41ce8f80 Mon Sep 17 00:00:00 2001 From: Ryan Mitchell Date: Mon, 31 Aug 2015 09:58:25 -0400 Subject: [PATCH 0779/1473] Use builtin matchers in helper tests --- test/controllers/helper_methods_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/controllers/helper_methods_test.rb b/test/controllers/helper_methods_test.rb index 5cc9bb57ab..ee7050170e 100644 --- a/test/controllers/helper_methods_test.rb +++ b/test/controllers/helper_methods_test.rb @@ -8,14 +8,14 @@ class HelperMethodsTest < ActionController::TestCase tests ApiController test 'includes Devise::Controllers::Helpers' do - assert @controller.class.ancestors.include?(Devise::Controllers::Helpers) + assert_includes @controller.class.ancestors, Devise::Controllers::Helpers end test 'does not respond_to helper_method' do - refute @controller.respond_to?(:helper_method) + refute_respond_to @controller.class, :helper_method end test 'defines methods like current_user' do - assert @controller.respond_to?(:current_user) + assert_respond_to @controller, :current_user end end From 7025f968c690775de42cf31a969c0e97913df59f Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sun, 6 Sep 2015 00:05:19 -0700 Subject: [PATCH 0780/1473] Account for relative_url_root in FailureApp's recall method Closes #3738 --- lib/devise/failure_app.rb | 13 ++++++++++++- test/failure_app_test.rb | 17 +++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 56d5cbb501..bf3881854a 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -51,7 +51,18 @@ def http_auth end def recall - env["PATH_INFO"] = attempted_path + config = Rails.application.config + + if config.try(:relative_url_root) + base_path = Pathname.new(config.relative_url_root) + full_path = Pathname.new(attempted_path) + + env["SCRIPT_NAME"] = config.relative_url_root + env["PATH_INFO"] = '/' + full_path.relative_path_from(base_path).to_s + else + env["PATH_INFO"] = attempted_path + end + flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? self.response = recall_app(warden_options[:recall]).call(env) end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 140ac14a21..44ac767141 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -294,5 +294,22 @@ def call_failure(env_params={}) assert @response.third.body.include?('

Log in

') assert @response.third.body.include?('Your account is not activated yet.') end + + if Rails.application.config.respond_to?(:relative_url_root) + test 'calls the original controller with the proper environment considering the relative url root' do + swap Rails.application.config, relative_url_root: "/sample" do + env = { + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/sample/users/sign_in"}, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + assert @response.third.body.include?('

Log in

') + assert @response.third.body.include?('Invalid email or password.') + assert_equal @request.env["SCRIPT_NAME"], '/sample' + assert_equal @request.env["PATH_INFO"], '/users/sign_in' + end + end + end end end From 797a19352c443c679fe0082e7253c533f690668c Mon Sep 17 00:00:00 2001 From: Flavia Fortes Date: Mon, 7 Sep 2015 23:00:26 -0300 Subject: [PATCH 0781/1473] Add a Code of Conduct --- CODE_OF_CONDUCT.md | 22 ++++++++++++++++++++++ CONTRIBUTING.md | 2 ++ 2 files changed, 24 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000000..cae2742e10 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,22 @@ +# Contributor Code of Conduct + +As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities. + +We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality. + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery +* Personal attacks +* Trolling or insulting/derogatory comments +* Public or private harassment +* Publishing other's private information, such as physical or electronic addresses, without explicit permission +* Other unethical or unprofessional conduct. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team. + +This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [conduct@plataformatec.com.br](conduct@plataformatec.com.br) or contacting one or more of the project maintainers. + +This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b9c929a162..3b12b9ceea 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,6 +8,8 @@ 4) When reporting an issue, include Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace. +5) Notice that all of your interactions in the project are expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md) + That's it! The more information you give, the easier it becomes for us to track it down and fix it. Ideally, you should provide an application that reproduces the error or a test case to Devise's suite. From 56edeec958ce7e15a00f82e5e4f984f0585dec2c Mon Sep 17 00:00:00 2001 From: Nam Chu Hoai Date: Mon, 28 Sep 2015 11:25:03 -0400 Subject: [PATCH 0782/1473] Add missing comma --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 5a05e0f95f..daa1b67c64 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -24,7 +24,7 @@ module Models # By default allow_unconfirmed_access_for is zero, it means users always have to confirm to sign in. # * +reconfirmable+: requires any email changes to be confirmed (exactly the same way as # initial account confirmation) to be applied. Requires additional unconfirmed_email - # db field to be setup (t.reconfirmable in migrations). Until confirmed new email is + # db field to be setup (t.reconfirmable in migrations). Until confirmed, new email is # stored in unconfirmed email column, and copied to email column on successful # confirmation. # * +confirm_within+: the time before a sent confirmation token becomes invalid. From c334179c95513a3fe26058437507bb7fcf92e2d3 Mon Sep 17 00:00:00 2001 From: Adrian Mugnolo Date: Wed, 30 Sep 2015 19:31:49 -0300 Subject: [PATCH 0783/1473] Fix typo: successful --- test/models/lockable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 8acbf3cf27..d4ded24913 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -14,7 +14,7 @@ def setup end end - test "should increment failed_attempts on successfull validation if the user is already locked" do + test "should increment failed_attempts on successful validation if the user is already locked" do user = create_user user.confirm From 2380612b6e6da7917f8e3997f28a3170dd4d3c33 Mon Sep 17 00:00:00 2001 From: Adrian Mugnolo Date: Wed, 30 Sep 2015 19:31:55 -0300 Subject: [PATCH 0784/1473] Fix typo: authenticatable --- lib/devise/models/database_authenticatable.rb | 2 +- lib/devise/strategies/authenticatable.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 8f41bfff53..b155f3d0fd 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -12,7 +12,7 @@ module Models # # == Options # - # DatabaseAuthenticable adds the following options to devise_for: + # DatabaseAuthenticatable adds the following options to devise_for: # # * +pepper+: a random string used to provide a more secure hash. Use # `rake secret` to generate new keys. diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 1906cf0828..13249e8257 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -27,7 +27,7 @@ def clean_up_csrf? # Receives a resource and check if it is valid by calling valid_for_authentication? # An optional block that will be triggered while validating can be optionally - # given as parameter. Check Devise::Models::Authenticable.valid_for_authentication? + # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication? # for more information. # # In case the resource can't be validated, it will fail with the given From 619128cb9be73153dac0b66d84120c08e3d0504a Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Fri, 2 Oct 2015 12:28:58 -0700 Subject: [PATCH 0785/1473] Only clear the reset password token if the model has already been persisted If a new user is created with a reset password token, the previous behavior would automatically clear the token even when it was desired for setting the password for the first time. --- lib/devise/models/recoverable.rb | 2 +- test/models/recoverable_test.rb | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index f90279c3a2..51b7f0b16b 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -32,7 +32,7 @@ def self.required_fields(klass) included do before_save do - if email_changed? || encrypted_password_changed? + if persisted? && (email_changed? || encrypted_password_changed?) clear_reset_password_token end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 8198698b7f..fc9ef949c9 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -42,6 +42,17 @@ def setup assert_nil user.reset_password_token end + test 'should not clear reset password token for new user' do + user = new_user + assert_nil user.reset_password_token + + user.send_reset_password_instructions + assert_present user.reset_password_token + + user.save + assert_present user.reset_password_token + end + test 'should clear reset password token if changing password' do user = create_user assert_nil user.reset_password_token From e33d285e4ae2130fe9acd00ef60782ae8bee6ad9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 15 Oct 2015 16:13:06 -0300 Subject: [PATCH 0786/1473] Update the documentation to use current Rails code [ci skip] --- lib/devise/controllers/helpers.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index de3b2a0afa..58e894db2f 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -196,10 +196,10 @@ def signed_in_root_path(resource_or_scope) # root path. For a user scope, you can define the default url in # the following way: # - # map.user_root '/users', controller: 'users' # creates user_root_path + # get '/users' => 'users#index', as: :user_root # creates user_root_path # - # map.namespace :user do |user| - # user.root controller: 'users' # creates user_root_path + # namespace :user do + # root 'users#index' # creates user_root_path # end # # If the resource root path is not defined, root_path is used. However, From 4f2571a4086f85405aa896c4adaa060d9330e0ec Mon Sep 17 00:00:00 2001 From: yui-knk Date: Fri, 16 Oct 2015 11:49:22 +0900 Subject: [PATCH 0787/1473] [ci skip] Write how to use `singular` option of `ActionDispatch::Routing::Mapper#devise_for` * Replace "the instance variable name in controller" with "the helper methods names in controller". Devise dose not define instance variable for controllers but define helper methods for controllers. * Replace "the name in routes" with "the scope name in routes". `singular` is used as an argument of `devise_scope`. * Add sample codes of routing and controller. --- lib/devise/rails/routes.rb | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 817c736add..d40be48946 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -94,10 +94,24 @@ class Mapper # # devise_for :users, path: 'accounts' # - # * singular: setup the singular name for the given resource. This is used as the instance variable - # name in controller, as the name in routes and the scope given to warden. + # * singular: setup the singular name for the given resource. This is used as the helper methods + # names in controller ("authenticate_#{singular}!", "#{singular}_signed_in?", "current_#{singular}" + # and "#{singular}_session"), as the scope name in routes and as the scope given to warden. # - # devise_for :users, singular: :user + # devise_for :admins, singular: :manager + # + # devise_scope :manager do + # ... + # end + # + # class ManagerController < ApplicationController + # before_filter authenticate_manager! + # + # def show + # @manager = current_manager + # ... + # end + # end # # * path_names: configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up, # :password, :confirmation, :unlock. From 005d514adf7c1cc581951829ab2671272867fe10 Mon Sep 17 00:00:00 2001 From: Chris Oliver Date: Wed, 21 Oct 2015 14:53:03 -0400 Subject: [PATCH 0788/1473] Automatically underscore and pluralize scoped views generator. Fixes #3790 --- lib/generators/devise/views_generator.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index b3a77397af..d5d831f1de 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -47,7 +47,7 @@ def copy_views def view_directory(name, _target_path = nil) directory name.to_s, _target_path || "#{target_path}/#{name}" do |content| if scope - content.gsub "devise/shared/links", "#{scope}/shared/links" + content.gsub "devise/shared/links", "#{plural_scope}/shared/links" else content end @@ -55,7 +55,11 @@ def view_directory(name, _target_path = nil) end def target_path - @target_path ||= "app/views/#{scope || :devise}" + @target_path ||= "app/views/#{plural_scope || :devise}" + end + + def plural_scope + @plural_scope ||= scope.presence && scope.underscore.pluralize end end @@ -118,7 +122,7 @@ def copy_views end def target_path - "app/views/#{scope || :devise}/mailer" + "app/views/#{plural_scope || :devise}/mailer" end end From 5ae6360e758a03cd4deea61f320f9df973c72849 Mon Sep 17 00:00:00 2001 From: Christian Macias Date: Thu, 22 Oct 2015 13:05:02 -0700 Subject: [PATCH 0789/1473] fix for #3787, save in after_create hook breaks devise confirmation --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 5a05e0f95f..28cd04e691 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -254,7 +254,7 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token end def postpone_email_change? - postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present? + postpone = self.class.reconfirmable && email_changed? && email_was != "" && !@bypass_confirmation_postpone && self.email.present? @bypass_confirmation_postpone = false postpone end From 54bb30a1a42362378b4029c969541fa159677890 Mon Sep 17 00:00:00 2001 From: Christian Macias Date: Mon, 26 Oct 2015 08:56:14 -0700 Subject: [PATCH 0790/1473] changed email_was !='' to email_was.present? --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 28cd04e691..78b77323f8 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -254,7 +254,7 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token end def postpone_email_change? - postpone = self.class.reconfirmable && email_changed? && email_was != "" && !@bypass_confirmation_postpone && self.email.present? + postpone = self.class.reconfirmable && email_changed? && email_was.present? && !@bypass_confirmation_postpone && self.email.present? @bypass_confirmation_postpone = false postpone end From 4477bab1aa049d014846cc9ae3e2a5b2690e6520 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 1 Nov 2015 19:54:58 -0200 Subject: [PATCH 0791/1473] Update Travis CI notification settings. --- .travis.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index d357f84244..43bc8a4cb2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,8 +38,7 @@ script: "bundle exec rake test" notifications: email: false - campfire: + slack: on_success: change on_failure: always - rooms: - - secure: "TRiqvuM4i/QmRDWjUSNitE5/P91BOzDkNl53+bZjjtxcISCswZtmECWBR7n9\n3xwqCOU1o2lfohxZ32OHOj/Nj7o+90zWJfWxcv+if0hIXRiil62M5pg0lZUd\nyJ4M5VQ0lSWo5he1OUrXhSabPJeaK3B8yT/tdh+qO5yzR+vb/jc=" + secure: Q3M+kmude3FjisibEeeGe0wSMXgvwLH+vL7Zrx9//q4QtkfnrQ/BBMvY9KXxPEsNF+eys4YopYjTkJ8uRmeboUATW/oQ4Jrv3+u3zkIHK2sFn/Q2cQWpK5w+CbgEnHPjKYnUu34b09njXTgDlr/mqtbPqrKeZ1dLlpKXCB/q4GY= From df6a83b27b4811f7f085eb0268b47b7b0fd4c13b Mon Sep 17 00:00:00 2001 From: robuye Date: Mon, 2 Nov 2015 23:06:38 +0100 Subject: [PATCH 0792/1473] Remove outdated example from documentation `#reset_password` always saves the record if validation passes. --- lib/devise/models/recoverable.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index f90279c3a2..d678297752 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -16,10 +16,6 @@ module Models # # resets the user password and save the record, true if valid passwords are given, otherwise false # User.find(1).reset_password('password123', 'password123') # - # # only resets the user password, without saving the record - # user = User.find(1) - # user.reset_password('password123', 'password123') - # # # creates a new token and send it with instructions about how to reset the password # User.find(1).send_reset_password_instructions # From 9f32f421a550d821428a7334e33641ab91ace8c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C5=82a=C5=BCej=20Pankowiak?= Date: Mon, 2 Nov 2015 23:53:09 +0100 Subject: [PATCH 0793/1473] Allow skipping the timeoutable hook --- lib/devise/hooks/timeoutable.rb | 3 ++- test/integration/timeoutable_test.rb | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index a118211731..e610885507 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -7,7 +7,8 @@ scope = options[:scope] env = warden.request.env - if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false + if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && + options[:store] != false && !env['devise.skip_timeoutable'] last_request_at = warden.session(scope)['last_request_at'] if last_request_at.is_a? Integer diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 66e1ce9ad3..1160571ce5 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -24,6 +24,18 @@ def last_request_at assert_equal old_last_request, last_request_at end + test 'does not set last request at in user session after each request if timeoutable is disabled' do + sign_in_as_user + old_last_request = last_request_at + assert_not_nil last_request_at + + new_time = 2.seconds.from_now + Time.stubs(:now).returns(new_time) + + get users_path, {}, 'devise.skip_timeoutable' => true + assert_equal old_last_request, last_request_at + end + test 'does not time out user session before default limit time' do sign_in_as_user assert_response :success From 8426b12550f9993e4851f535cda15d1a7aada333 Mon Sep 17 00:00:00 2001 From: Julien Lerpscher Date: Tue, 10 Nov 2015 12:17:29 +0100 Subject: [PATCH 0794/1473] set minimum password length on reset failure --- app/controllers/devise/passwords_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 782a2a937f..1906b84c6e 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -43,6 +43,7 @@ def update end respond_with resource, location: after_resetting_password_path_for(resource) else + set_minimum_password_length respond_with resource end end From 8a8887ea829824886d13afce5f32994b418d968c Mon Sep 17 00:00:00 2001 From: Andy Geers Date: Wed, 1 Apr 2015 12:41:37 +0100 Subject: [PATCH 0795/1473] Don't error if resource doesn't need confirming --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index daa1b67c64..33689f0dbc 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -216,7 +216,7 @@ def confirmation_period_valid? # confirmation_period_expired? # will always return false # def confirmation_period_expired? - self.class.confirm_within && (Time.now > self.confirmation_sent_at + self.class.confirm_within) + self.class.confirm_within && self.confirmation_sent_at && (Time.now > self.confirmation_sent_at + self.class.confirm_within) end # Checks whether the record requires any confirmation. From d3f521925ecff8af46d2a44dad0d90d228d87d88 Mon Sep 17 00:00:00 2001 From: Andy Geers Date: Wed, 18 Nov 2015 22:19:36 +0000 Subject: [PATCH 0796/1473] Write unit test for bug fix --- test/models/confirmable_test.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 008996c06c..5c1cf69a63 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -250,6 +250,16 @@ def setup assert user.reload.active_for_authentication? end + test 'should not break when a user tries to reset their password in the case where confirmation is not required and confirm_within is set' do + swap Devise, confirm_within: 3.days do + user = create_user + user.instance_eval { def confirmation_required?; false end } + user.confirmation_sent_at = nil + user.save + assert user.reload.confirm! + end + end + test 'should find a user to send email instructions for the user confirm its email by authentication_keys' do swap Devise, authentication_keys: [:username, :email] do user = create_user From a0cd4655baa68e532de93d0e5a2af911f1ab3b33 Mon Sep 17 00:00:00 2001 From: Kacper Walanus Date: Tue, 24 Nov 2015 01:54:03 +0100 Subject: [PATCH 0797/1473] test for save in after_create hook breaks devise confirmation [3787] --- test/models/confirmable_test.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 008996c06c..d9f2a3135b 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -476,4 +476,18 @@ class ReconfirmableTest < ActiveSupport::TestCase :unconfirmed_email ] end + + test 'should not require reconfirmation after creating a record' do + user = create_admin + assert !user.pending_reconfirmation? + end + + test 'should not require reconfirmation after creating a record with #save called in callback' do + class Admin::WithSaveInCallback < Admin + after_create :save + end + + user = Admin::WithSaveInCallback.create(valid_attributes.except(:username)) + assert !user.pending_reconfirmation? + end end From 56fed052f8a93fdbd9a53753ffb88ca7cad0e33e Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Tue, 24 Nov 2015 23:23:34 -0800 Subject: [PATCH 0798/1473] Wrap logic for resetting token into instance method and add comments --- lib/devise/models/recoverable.rb | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 51b7f0b16b..8525b81d73 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -31,10 +31,16 @@ def self.required_fields(klass) end included do + def expire_reset_token? + # Expire the reset token only if the e-mail or password were changed + # since the last time the record was saved to the database. An admin + # may want to retain the token to give the newly-created user a chance + # to set the password for the first time. + persisted? && (email_changed? || encrypted_password_changed?) + end + before_save do - if persisted? && (email_changed? || encrypted_password_changed?) - clear_reset_password_token - end + clear_reset_password_token if expire_reset_token? end end From 4a45eb9899f0ca5cfb0ab391cee3fe84ac24b3aa Mon Sep 17 00:00:00 2001 From: Ed Saunders Date: Mon, 7 Dec 2015 16:50:14 +0000 Subject: [PATCH 0799/1473] Allow resources with no email field to be recoverable The current implementation is opinionated about the resource should have an "email" column on it if it is to be recoverable, which isn't necessarily the case. For example, developers may decide to pull emails out into their own model or have some other way of communicating password resets to their users (e.g. text message) I'm not sure there's an easy test to put together for this case, as minitest doesn't make it very easy to stub the "email_changed?" to raise an error. Happy to look into building another model in the "test/rails_app" if you want to have this properly tested though? Or for a nice way to get calls to "email_changed?" to raise; minitest isn't a test framework I'm overly familiar with :). As a side note, it would be nice if the Validatable module also took this into account, I may raise another PR for that. This comes off the back of comments on this commit: https://github.com/plataformatec/devise/commit/e641b4b7b97159054b7d92fb14df557ac18ae6f4 --- lib/devise/models/recoverable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index d678297752..9762eaef75 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -28,7 +28,7 @@ def self.required_fields(klass) included do before_save do - if email_changed? || encrypted_password_changed? + if (respond_to?(:email_changed?) && email_changed?) || encrypted_password_changed? clear_reset_password_token end end From d98e98fe77cf2b92ac7f2a73de1cebc7232866fd Mon Sep 17 00:00:00 2001 From: Ed Saunders Date: Tue, 8 Dec 2015 14:32:03 +0000 Subject: [PATCH 0800/1473] Add a test for when a recoverable resource has a non-AR email field --- test/models/recoverable_test.rb | 12 +++++++ .../app/active_record/user_without_email.rb | 8 +++++ .../app/mongoid/user_without_email.rb | 33 +++++++++++++++++++ test/rails_app/config/routes.rb | 5 +++ .../lib/shared_user_without_email.rb | 26 +++++++++++++++ test/support/helpers.rb | 4 +++ 6 files changed, 88 insertions(+) create mode 100644 test/rails_app/app/active_record/user_without_email.rb create mode 100644 test/rails_app/app/mongoid/user_without_email.rb create mode 100644 test/rails_app/lib/shared_user_without_email.rb diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 8198698b7f..e658d7ac32 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -65,6 +65,18 @@ def setup assert_nil user.reset_password_token end + test 'should clear reset password successfully even if there is no email' do + user = create_user_without_email + assert_nil user.reset_password_token + + user.send_reset_password_instructions + assert_present user.reset_password_token + user.password = "123456678" + user.password_confirmation = "123456678" + user.save! + assert_nil user.reset_password_token + end + test 'should not clear reset password token if record is invalid' do user = create_user user.send_reset_password_instructions diff --git a/test/rails_app/app/active_record/user_without_email.rb b/test/rails_app/app/active_record/user_without_email.rb new file mode 100644 index 0000000000..9ad5818842 --- /dev/null +++ b/test/rails_app/app/active_record/user_without_email.rb @@ -0,0 +1,8 @@ +require "shared_user_without_email" + +class UserWithoutEmail < ActiveRecord::Base + self.table_name = 'users' + include Shim + include SharedUserWithoutEmail +end + diff --git a/test/rails_app/app/mongoid/user_without_email.rb b/test/rails_app/app/mongoid/user_without_email.rb new file mode 100644 index 0000000000..f46ab63563 --- /dev/null +++ b/test/rails_app/app/mongoid/user_without_email.rb @@ -0,0 +1,33 @@ +require "shared_user_without_email" + +class UserWithoutEmail + include Mongoid::Document + include Shim + include SharedUserWithoutEmail + + field :username, type: String + field :facebook_token, type: String + + ## Database authenticatable + field :email, type: String, default: "" + field :encrypted_password, type: String, default: "" + + ## Recoverable + field :reset_password_token, type: String + field :reset_password_sent_at, type: Time + + ## Rememberable + field :remember_created_at, type: Time + + ## Trackable + field :sign_in_count, type: Integer, default: 0 + field :current_sign_in_at, type: Time + field :last_sign_in_at, type: Time + field :current_sign_in_ip, type: String + field :last_sign_in_ip, type: String + + ## Lockable + field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts + field :unlock_token, type: String # Only if unlock strategy is :email or :both + field :locked_at, type: Time +end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 815479618c..22365880c1 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -28,6 +28,11 @@ router_name: :fake_engine, module: :devise + devise_for :user_without_email, + class_name: 'UserWithoutEmail', + router_name: :main_app, + module: :devise + as :user do get "/as/sign_in", to: "devise/sessions#new" end diff --git a/test/rails_app/lib/shared_user_without_email.rb b/test/rails_app/lib/shared_user_without_email.rb new file mode 100644 index 0000000000..cc0a4045b0 --- /dev/null +++ b/test/rails_app/lib/shared_user_without_email.rb @@ -0,0 +1,26 @@ +module SharedUserWithoutEmail + extend ActiveSupport::Concern + + included do + # NOTE: This is missing :validatable and :confirmable, as they both require + # an email field at the moment. It is also missing :omniauthable because that + # adds unnecessary complexity to the setup + devise :database_authenticatable, :lockable, :recoverable, + :registerable, :rememberable, :timeoutable, + :trackable + end + + # This test stub is a bit rubbish because it's tied very closely to the + # implementation where we care about this one case. However, completely + # removing the email field breaks "recoverable" tests completely, so we are + # just taking the approach here that "email" is something that is a not an + # ActiveRecord field. + def email_changed? + raise NoMethodError + end + + def respond_to?(method_name, include_all=false) + return false if method_name.to_sym == :email_changed? + super(method_name, include_all) + end +end diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 02e5c8d189..ab77b91f68 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -46,6 +46,10 @@ def create_admin(attributes={}) Admin.create!(valid_attributes) end + def create_user_without_email(attributes={}) + UserWithoutEmail.create!(valid_attributes(attributes)) + end + # Execute the block setting the given values and restoring old values after # the block is executed. def swap(object, new_values) From 901919f25fbb2b98171d851fdeefe744c0f65c37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 9 Dec 2015 14:21:09 +0100 Subject: [PATCH 0801/1473] Revert "Merge pull request #3774 from stanhu/reset-token-only-if-not-persisted" This reverts commit 15c38d918f48c3318c64b1edd60ce095c84c4443, reversing changes made to 508c3418f99dcd7e2d3d908fc17fe15616d59281. --- lib/devise/models/recoverable.rb | 12 +++--------- test/models/recoverable_test.rb | 11 ----------- 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 35dc8b44f2..d678297752 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -27,16 +27,10 @@ def self.required_fields(klass) end included do - def expire_reset_token? - # Expire the reset token only if the e-mail or password were changed - # since the last time the record was saved to the database. An admin - # may want to retain the token to give the newly-created user a chance - # to set the password for the first time. - persisted? && (email_changed? || encrypted_password_changed?) - end - before_save do - clear_reset_password_token if expire_reset_token? + if email_changed? || encrypted_password_changed? + clear_reset_password_token + end end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index fc9ef949c9..8198698b7f 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -42,17 +42,6 @@ def setup assert_nil user.reset_password_token end - test 'should not clear reset password token for new user' do - user = new_user - assert_nil user.reset_password_token - - user.send_reset_password_instructions - assert_present user.reset_password_token - - user.save - assert_present user.reset_password_token - end - test 'should clear reset password token if changing password' do user = create_user assert_nil user.reset_password_token From 7d825c93b61c15f7c4d19e9d3ad6f3d782971649 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Dec 2015 13:53:29 -0200 Subject: [PATCH 0802/1473] Update CHANGELOG [ci skip]. --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87a522b366..97d49cc1fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ ### Unreleased +* bug fixes + * Fix password reset for records where `confirmation_required?` is disabled and + `confirmation_sent_at` is nil. (by @andygeers) + * Allow resources with no `email` field to be recoverable (and do not clear the + reset password token if the model was already persisted). (by @seddy, @stanhu) + * enhancements * Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed. From f71d843f9393fe0e718aadbfb3632c10ce353358 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 9 Dec 2015 11:11:30 -0800 Subject: [PATCH 0803/1473] Only clear the reset token on an update This solves the issue where a package might do: ``` user = User.new user.email = 'test@test.com' token = user.generate_reset_token user.save send_reset_email(token) ``` Since the save clears the reset token, the user will receive a stale token that no longer works. Closes #3774 --- lib/devise/models/recoverable.rb | 2 +- test/models/recoverable_test.rb | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 9762eaef75..e5c5a2c8ab 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -27,7 +27,7 @@ def self.required_fields(klass) end included do - before_save do + before_update do if (respond_to?(:email_changed?) && email_changed?) || encrypted_password_changed? clear_reset_password_token end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index e658d7ac32..2585bdd161 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -42,6 +42,17 @@ def setup assert_nil user.reset_password_token end + test 'should not clear reset password token for new user' do + user = new_user + assert_nil user.reset_password_token + + user.send_reset_password_instructions + assert_present user.reset_password_token + + user.save + assert_present user.reset_password_token + end + test 'should clear reset password token if changing password' do user = create_user assert_nil user.reset_password_token From 032eb145df73820db35629336c9a5953705b91ca Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 10 Dec 2015 14:36:34 -0200 Subject: [PATCH 0804/1473] Release 3.5.3. --- CHANGELOG.md | 2 ++ Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-3.2-stable.lock | 7 +++++-- gemfiles/Gemfile.rails-4.0-stable.lock | 7 +++++-- gemfiles/Gemfile.rails-4.1-stable.lock | 7 +++++-- gemfiles/Gemfile.rails-4.2-stable.lock | 7 +++++-- lib/devise/version.rb | 2 +- 7 files changed, 25 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 97d49cc1fa..11e6996d75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 3.5.3 - 2015-12-10 + * bug fixes * Fix password reset for records where `confirmation_required?` is disabled and `confirmation_sent_at` is nil. (by @andygeers) diff --git a/Gemfile.lock b/Gemfile.lock index d23c38d197..fc60013f23 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (3.5.2) + devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -153,7 +153,7 @@ GEM thread_safe (0.3.5) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.3) + warden (1.2.4) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock index cf6725cabb..f33db3a788 100644 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ b/gemfiles/Gemfile.rails-3.2-stable.lock @@ -49,7 +49,7 @@ GIT PATH remote: .. specs: - devise (3.4.1) + devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -142,7 +142,7 @@ GEM polyglot polyglot (>= 0.3.1) tzinfo (0.3.43) - warden (1.2.3) + warden (1.2.4) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) @@ -167,3 +167,6 @@ DEPENDENCIES rdoc sqlite3 webrat (= 0.7.3) + +BUNDLED WITH + 1.10.6 diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock index cee515c51e..ab3bd52882 100644 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ b/gemfiles/Gemfile.rails-4.0-stable.lock @@ -43,7 +43,7 @@ GIT PATH remote: .. specs: - devise (3.4.1) + devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -136,7 +136,7 @@ GEM thread_safe (0.3.5) tilt (1.4.1) tzinfo (0.3.43) - warden (1.2.3) + warden (1.2.4) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) @@ -161,3 +161,6 @@ DEPENDENCIES rdoc sqlite3 webrat (= 0.7.3) + +BUNDLED WITH + 1.10.6 diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 3460d6722e..35d917d9a5 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (3.4.1) + devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -142,7 +142,7 @@ GEM tilt (1.4.1) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.3) + warden (1.2.4) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) @@ -167,3 +167,6 @@ DEPENDENCIES rdoc sqlite3 webrat (= 0.7.3) + +BUNDLED WITH + 1.10.6 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 076688b898..678baf4982 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -58,7 +58,7 @@ GIT PATH remote: .. specs: - devise (3.4.1) + devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -164,7 +164,7 @@ GEM tilt (1.4.1) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.3) + warden (1.2.4) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) @@ -189,3 +189,6 @@ DEPENDENCIES rdoc sqlite3 webrat (= 0.7.3) + +BUNDLED WITH + 1.10.6 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 5b8137a501..80363a014b 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.5.2".freeze + VERSION = "3.5.3".freeze end From 2024fca4dfa3323070c3477e262b8422cadf6a42 Mon Sep 17 00:00:00 2001 From: Thomas Walpole Date: Tue, 18 Aug 2015 16:42:56 -0700 Subject: [PATCH 0805/1473] Rails 5 compatability. Remove rails < 4.1 and Ruby < 2.1 --- .travis.yml | 14 +- Gemfile.lock | 45 ++-- README.md | 2 +- .../devise/omniauth_callbacks_controller.rb | 8 +- .../devise/passwords_controller.rb | 4 +- .../devise/registrations_controller.rb | 4 +- app/controllers/devise/sessions_controller.rb | 8 +- app/controllers/devise/unlocks_controller.rb | 2 +- app/controllers/devise_controller.rb | 6 +- devise.gemspec | 4 +- gemfiles/Gemfile.rails-3.2-stable | 29 --- gemfiles/Gemfile.rails-3.2-stable.lock | 172 ------------- gemfiles/Gemfile.rails-4.0-stable | 29 --- gemfiles/Gemfile.rails-4.0-stable.lock | 166 ------------ gemfiles/Gemfile.rails-4.1-stable.lock | 100 ++++---- gemfiles/Gemfile.rails-4.2-stable.lock | 99 ++++---- gemfiles/Gemfile.rails-5.0-alpha | 41 +++ gemfiles/Gemfile.rails-5.0-alpha.lock | 236 ++++++++++++++++++ lib/devise/controllers/helpers.rb | 12 +- lib/devise/failure_app.rb | 26 +- lib/devise/models/authenticatable.rb | 1 + lib/devise/models/confirmable.rb | 1 + lib/devise/models/database_authenticatable.rb | 1 + lib/devise/rails/routes.rb | 39 +-- lib/devise/test_helpers.rb | 13 +- .../active_record/devise_generator.rb | 6 +- lib/generators/devise/orm_helpers.rb | 17 -- .../controllers/registrations_controller.rb | 4 +- .../controllers/sessions_controller.rb | 2 +- lib/generators/templates/devise.rb | 4 - .../custom_registrations_controller_test.rb | 10 +- test/controllers/custom_strategy_test.rb | 12 +- test/controllers/helper_methods_test.rb | 2 +- test/controllers/helpers_test.rb | 2 +- ...inherited_controller_i18n_messages_test.rb | 4 +- test/controllers/internal_helpers_test.rb | 19 +- .../controllers/load_hooks_controller_test.rb | 2 +- test/controllers/passwords_controller_test.rb | 7 +- test/controllers/sessions_controller_test.rb | 39 +-- test/controllers/url_helpers_test.rb | 2 +- test/failure_app_test.rb | 33 +-- .../active_record_generator_test.rb | 26 -- test/helpers/devise_helper_test.rb | 2 +- test/integration/authenticatable_test.rb | 48 ++-- test/integration/confirmable_test.rb | 10 +- .../database_authenticatable_test.rb | 2 +- test/integration/http_authenticatable_test.rb | 9 +- test/integration/lockable_test.rb | 7 +- test/integration/omniauthable_test.rb | 2 +- test/integration/recoverable_test.rb | 20 +- test/integration/registerable_test.rb | 20 +- test/integration/rememberable_test.rb | 10 +- test/integration/timeoutable_test.rb | 8 +- test/integration/trackable_test.rb | 2 +- test/models/validatable_test.rb | 12 +- test/omniauth/url_helpers_test.rb | 3 +- test/orm/active_record.rb | 7 +- test/parameter_sanitizer_test.rb | 28 ++- test/rails_app/app/active_record/user.rb | 3 + .../app/controllers/admins_controller.rb | 2 +- .../app/controllers/application_controller.rb | 4 +- .../app/controllers/home_controller.rb | 6 +- .../users/omniauth_callbacks_controller.rb | 4 +- .../app/controllers/users_controller.rb | 10 +- test/rails_app/config/application.rb | 2 +- test/rails_app/config/boot.rb | 6 +- test/rails_app/config/environments/test.rb | 7 +- .../config/initializers/secret_token.rb | 7 +- test/routes_test.rb | 37 ++- test/support/http_method_compatibility.rb | 51 ++++ test/support/webrat/integrations/rails.rb | 9 + test/test_helpers_test.rb | 6 +- 72 files changed, 782 insertions(+), 815 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-3.2-stable delete mode 100644 gemfiles/Gemfile.rails-3.2-stable.lock delete mode 100644 gemfiles/Gemfile.rails-4.0-stable delete mode 100644 gemfiles/Gemfile.rails-4.0-stable.lock create mode 100644 gemfiles/Gemfile.rails-5.0-alpha create mode 100644 gemfiles/Gemfile.rails-5.0-alpha.lock create mode 100644 test/support/http_method_compatibility.rb diff --git a/.travis.yml b/.travis.yml index 43bc8a4cb2..bf817434f9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,23 +1,21 @@ language: ruby rvm: - - 1.9.3 - - 2.0.0 - 2.1 - 2.2 gemfile: - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable - - gemfiles/Gemfile.rails-4.0-stable - - gemfiles/Gemfile.rails-3.2-stable - Gemfile matrix: - exclude: - - rvm: 2.2 - gemfile: gemfiles/Gemfile.rails-3.2-stable - + include: + - rvm: 2.2.2 + gemfile: gemfiles/Gemfile.rails-5.0-alpha + allow_failures: + - rvm: 2.2.2 + gemfile: gemfiles/Gemfile.rails-5.0-alpha services: - mongodb diff --git a/Gemfile.lock b/Gemfile.lock index fc60013f23..b86b761f24 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,7 +4,7 @@ PATH devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) + railties (>= 4.1.0, < 5) responders thread_safe (~> 0.1) warden (~> 1.2.3) @@ -47,28 +47,29 @@ GEM minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - arel (6.0.0) + arel (6.0.3) bcrypt (3.1.10) - bson (3.1.2) + bson (3.2.6) builder (3.2.2) + concurrent-ruby (1.0.0) connection_pool (2.2.0) erubis (2.7.0) - faraday (0.9.1) + faraday (0.9.2) multipart-post (>= 1.2, < 3) - globalid (0.3.5) + globalid (0.3.6) activesupport (>= 4.1.0) - hashie (3.4.0) + hashie (3.4.3) i18n (0.7.0) json (1.8.3) - jwt (1.4.1) - loofah (2.0.2) + jwt (1.5.2) + loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.6.1) - mini_portile (0.6.2) - minitest (5.7.0) + mime-types (2.99) + mini_portile2 (2.0.0) + minitest (5.8.3) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.2) @@ -76,15 +77,15 @@ GEM moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.6) + moped (2.0.7) bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.11.1) + multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + nokogiri (1.6.7) + mini_portile2 (~> 2.0.0.rc2) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -107,7 +108,7 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - rack (1.6.2) + rack (1.6.4) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -126,7 +127,7 @@ GEM sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.6) + rails-dom-testing (1.0.7) activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) @@ -139,16 +140,18 @@ GEM thor (>= 0.18.1, < 2.0) rake (10.4.2) rdoc (4.2.0) + json (~> 1.4) responders (2.1.0) railties (>= 4.2.0, < 5) ruby-openid (2.7.0) - sprockets (3.2.0) - rack (~> 1.0) - sprockets-rails (2.3.1) + sprockets (3.5.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (2.3.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.10) + sqlite3 (1.3.11) thor (0.19.1) thread_safe (0.3.5) tzinfo (1.2.2) diff --git a/README.md b/README.md index ec3b6fa2b4..ba86d7edf4 100644 --- a/README.md +++ b/README.md @@ -477,7 +477,7 @@ devise :database_authenticatable, :timeoutable devise_for :admins # Inside your protected controller -before_filter :authenticate_admin! +before_action :authenticate_admin! # Inside your controllers and views admin_signed_in? diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb index 38c6857e9a..d04a57a438 100644 --- a/app/controllers/devise/omniauth_callbacks_controller.rb +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -1,5 +1,5 @@ class Devise::OmniauthCallbacksController < DeviseController - prepend_before_filter { request.env["devise.skip_timeout"] = true } + prepend_before_action { request.env["devise.skip_timeout"] = true } def passthru render status: 404, text: "Not found. Authentication passthru." @@ -13,14 +13,14 @@ def failure protected def failed_strategy - env["omniauth.error.strategy"] + request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : env["omniauth.error.strategy"] end def failure_message - exception = env["omniauth.error"] + exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : env["omniauth.error"] error = exception.error_reason if exception.respond_to?(:error_reason) error ||= exception.error if exception.respond_to?(:error) - error ||= env["omniauth.error.type"].to_s + error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : env["omniauth.error.type"]).to_s error.to_s.humanize if error end diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 1906b84c6e..851634adeb 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -1,7 +1,7 @@ class Devise::PasswordsController < DeviseController - prepend_before_filter :require_no_authentication + prepend_before_action :require_no_authentication # Render the #edit only if coming from a reset password email link - append_before_filter :assert_reset_token_passed, only: :edit + append_before_action :assert_reset_token_passed, only: :edit # GET /resource/password/new def new diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 36dcd825b5..27c1a596b5 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -1,6 +1,6 @@ class Devise::RegistrationsController < DeviseController - prepend_before_filter :require_no_authentication, only: [:new, :create, :cancel] - prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy] + prepend_before_action :require_no_authentication, only: [:new, :create, :cancel] + prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy] # GET /resource/sign_up def new diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index d8d18d789e..4adf377d8c 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -1,8 +1,8 @@ class Devise::SessionsController < DeviseController - prepend_before_filter :require_no_authentication, only: [:new, :create] - prepend_before_filter :allow_params_authentication!, only: :create - prepend_before_filter :verify_signed_out_user, only: :destroy - prepend_before_filter only: [:create, :destroy] { request.env["devise.skip_timeout"] = true } + prepend_before_action :require_no_authentication, only: [:new, :create] + prepend_before_action :allow_params_authentication!, only: :create + prepend_before_action :verify_signed_out_user, only: :destroy + prepend_before_action only: [:create, :destroy] { request.env["devise.skip_timeout"] = true } # GET /resource/sign_in def new diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index bcc2b16be0..8bbbfe01d2 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -1,5 +1,5 @@ class Devise::UnlocksController < DeviseController - prepend_before_filter :require_no_authentication + prepend_before_action :require_no_authentication # GET /resource/unlock/new def new diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index bb3feafa69..3d7cd22287 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -8,7 +8,7 @@ class DeviseController < Devise.parent_controller.constantize resource_class resource_params devise_mapping) helper_method(*helpers) - prepend_before_filter :assert_is_devise_resource! + prepend_before_action :assert_is_devise_resource! respond_to :html if mimes_for_respond_to.empty? # Override prefixes to consider the scoped view. @@ -89,10 +89,10 @@ def resource=(new_resource) instance_variable_set(:"@#{resource_name}", new_resource) end - # Helper for use in before_filters where no authentication is required. + # Helper for use in before_actions where no authentication is required. # # Example: - # before_filter :require_no_authentication, only: :new + # before_action :require_no_authentication, only: :new def require_no_authentication assert_is_devise_resource! return unless is_navigational_format? diff --git a/devise.gemspec b/devise.gemspec index 16f754c127..491832eb5e 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -16,12 +16,12 @@ Gem::Specification.new do |s| s.files = `git ls-files`.split("\n") s.test_files = `git ls-files -- test/*`.split("\n") s.require_paths = ["lib"] - s.required_ruby_version = '>= 1.9.3' + s.required_ruby_version = '>= 2.1.0' s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") s.add_dependency("thread_safe", "~> 0.1") - s.add_dependency("railties", ">= 3.2.6", "< 5") + s.add_dependency("railties", ">= 4.1.0", "< 5") s.add_dependency("responders") end diff --git a/gemfiles/Gemfile.rails-3.2-stable b/gemfiles/Gemfile.rails-3.2-stable deleted file mode 100644 index 99713e0daf..0000000000 --- a/gemfiles/Gemfile.rails-3.2-stable +++ /dev/null @@ -1,29 +0,0 @@ -source "https://rubygems.org" - -gemspec path: '..' - -gem "rails", github: 'rails/rails', branch: '3-2-stable' -gem "omniauth", "~> 1.2.0" -gem "omniauth-oauth2", "~> 1.1.0" -gem "rdoc" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3" -end - -group :mongoid do - gem "mongoid", "~> 3.0" -end diff --git a/gemfiles/Gemfile.rails-3.2-stable.lock b/gemfiles/Gemfile.rails-3.2-stable.lock deleted file mode 100644 index f33db3a788..0000000000 --- a/gemfiles/Gemfile.rails-3.2-stable.lock +++ /dev/null @@ -1,172 +0,0 @@ -GIT - remote: git://github.com/rails/rails.git - revision: b344986bc3d94ca7821fc5e0eef1874882ac6cbb - branch: 3-2-stable - specs: - actionmailer (3.2.21) - actionpack (= 3.2.21) - mail (~> 2.5.4) - actionpack (3.2.21) - activemodel (= 3.2.21) - activesupport (= 3.2.21) - builder (~> 3.0.0) - erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.21) - activesupport (= 3.2.21) - builder (~> 3.0.0) - activerecord (3.2.21) - activemodel (= 3.2.21) - activesupport (= 3.2.21) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.21) - activemodel (= 3.2.21) - activesupport (= 3.2.21) - activesupport (3.2.21) - i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) - rails (3.2.21) - actionmailer (= 3.2.21) - actionpack (= 3.2.21) - activerecord (= 3.2.21) - activeresource (= 3.2.21) - activesupport (= 3.2.21) - bundler (~> 1.0) - railties (= 3.2.21) - railties (3.2.21) - actionpack (= 3.2.21) - activesupport (= 3.2.21) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - -PATH - remote: .. - specs: - devise (3.5.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) - responders - thread_safe (~> 0.1) - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - arel (3.0.3) - bcrypt (3.1.10) - builder (3.0.4) - erubis (2.7.0) - faraday (0.9.1) - multipart-post (>= 1.2, < 3) - hashie (3.4.0) - hike (1.2.3) - i18n (0.7.0) - journey (1.0.4) - json (1.8.2) - jwt (1.4.1) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) - metaclass (0.0.4) - mime-types (1.25.1) - mini_portile (0.6.2) - mocha (1.1.0) - metaclass (~> 0.0.1) - mongoid (3.1.6) - activemodel (~> 3.2) - moped (~> 1.4) - origin (~> 1.0) - tzinfo (~> 0.3.29) - moped (1.5.2) - multi_json (1.11.0) - multi_xml (0.5.5) - multipart-post (2.0.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) - oauth2 (0.9.4) - faraday (>= 0.8, < 0.10) - jwt (~> 1.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (~> 1.2) - omniauth (1.2.2) - hashie (>= 1.2, < 4) - rack (~> 1.0) - omniauth-facebook (1.6.0) - omniauth-oauth2 (~> 1.1) - omniauth-oauth2 (1.1.2) - faraday (>= 0.8, < 0.10) - multi_json (~> 1.3) - oauth2 (~> 0.9.3) - omniauth (~> 1.2) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - origin (1.1.0) - orm_adapter (0.5.0) - polyglot (0.3.5) - rack (1.4.5) - rack-cache (1.2) - rack (>= 0.4) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-ssl (1.3.4) - rack - rack-test (0.6.3) - rack (>= 1.0) - rake (10.4.2) - rdoc (3.12.2) - json (~> 1.4) - responders (1.1.2) - railties (>= 3.2, < 4.2) - ruby-openid (2.7.0) - sprockets (2.2.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.10) - thor (0.19.1) - thread_safe (0.3.5) - tilt (1.4.1) - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.43) - warden (1.2.4) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 1.1) - mongoid (~> 3.0) - omniauth (~> 1.2.0) - omniauth-facebook - omniauth-oauth2 (~> 1.1.0) - omniauth-openid (~> 1.0.1) - rails! - rdoc - sqlite3 - webrat (= 0.7.3) - -BUNDLED WITH - 1.10.6 diff --git a/gemfiles/Gemfile.rails-4.0-stable b/gemfiles/Gemfile.rails-4.0-stable deleted file mode 100644 index 66ab20d3b5..0000000000 --- a/gemfiles/Gemfile.rails-4.0-stable +++ /dev/null @@ -1,29 +0,0 @@ -source "https://rubygems.org" - -gemspec path: '..' - -gem "rails", github: 'rails/rails', branch: '4-0-stable' -gem "omniauth", "~> 1.2.0" -gem "omniauth-oauth2", "~> 1.1.0" -gem "rdoc" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3" -end - -group :mongoid do - gem "mongoid", "~> 4.0.0" -end diff --git a/gemfiles/Gemfile.rails-4.0-stable.lock b/gemfiles/Gemfile.rails-4.0-stable.lock deleted file mode 100644 index ab3bd52882..0000000000 --- a/gemfiles/Gemfile.rails-4.0-stable.lock +++ /dev/null @@ -1,166 +0,0 @@ -GIT - remote: git://github.com/rails/rails.git - revision: 7ec9c9635bf4d57009135ed11e89d8bf32306d73 - branch: 4-0-stable - specs: - actionmailer (4.0.13) - actionpack (= 4.0.13) - mail (~> 2.5, >= 2.5.4) - actionpack (4.0.13) - activesupport (= 4.0.13) - builder (~> 3.1.0) - erubis (~> 2.7.0) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - activemodel (4.0.13) - activesupport (= 4.0.13) - builder (~> 3.1.0) - activerecord (4.0.13) - activemodel (= 4.0.13) - activerecord-deprecated_finders (~> 1.0.2) - activesupport (= 4.0.13) - arel (~> 4.0.0) - activesupport (4.0.13) - i18n (~> 0.6, >= 0.6.9) - minitest (~> 4.2) - multi_json (~> 1.3) - thread_safe (~> 0.1) - tzinfo (~> 0.3.37) - rails (4.0.13) - actionmailer (= 4.0.13) - actionpack (= 4.0.13) - activerecord (= 4.0.13) - activesupport (= 4.0.13) - bundler (>= 1.3.0, < 2.0) - railties (= 4.0.13) - sprockets-rails (~> 2.0) - railties (4.0.13) - actionpack (= 4.0.13) - activesupport (= 4.0.13) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - -PATH - remote: .. - specs: - devise (3.5.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) - responders - thread_safe (~> 0.1) - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - activerecord-deprecated_finders (1.0.3) - arel (4.0.2) - bcrypt (3.1.10) - bson (2.3.0) - builder (3.1.4) - connection_pool (2.1.3) - erubis (2.7.0) - faraday (0.9.1) - multipart-post (>= 1.2, < 3) - hashie (3.4.0) - hike (1.2.3) - i18n (0.7.0) - jwt (1.4.1) - mail (2.6.3) - mime-types (>= 1.16, < 3) - metaclass (0.0.4) - mime-types (2.4.3) - mini_portile (0.6.2) - minitest (4.7.5) - mocha (1.1.0) - metaclass (~> 0.0.1) - mongoid (4.0.2) - activemodel (~> 4.0) - moped (~> 2.0.0) - origin (~> 2.1) - tzinfo (>= 0.3.37) - moped (2.0.4) - bson (~> 2.2) - connection_pool (~> 2.0) - optionable (~> 0.2.0) - multi_json (1.11.0) - multi_xml (0.5.5) - multipart-post (2.0.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) - oauth2 (0.9.4) - faraday (>= 0.8, < 0.10) - jwt (~> 1.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (~> 1.2) - omniauth (1.2.2) - hashie (>= 1.2, < 4) - rack (~> 1.0) - omniauth-facebook (1.6.0) - omniauth-oauth2 (~> 1.1) - omniauth-oauth2 (1.1.2) - faraday (>= 0.8, < 0.10) - multi_json (~> 1.3) - oauth2 (~> 0.9.3) - omniauth (~> 1.2) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - optionable (0.2.0) - origin (2.1.1) - orm_adapter (0.5.0) - rack (1.5.2) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rake (10.4.2) - rdoc (4.2.0) - responders (1.1.2) - railties (>= 3.2, < 4.2) - ruby-openid (2.7.0) - sprockets (2.12.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.4) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.10) - thor (0.19.1) - thread_safe (0.3.5) - tilt (1.4.1) - tzinfo (0.3.43) - warden (1.2.4) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 1.1) - mongoid (~> 4.0.0) - omniauth (~> 1.2.0) - omniauth-facebook - omniauth-oauth2 (~> 1.1.0) - omniauth-openid (~> 1.0.1) - rails! - rdoc - sqlite3 - webrat (= 0.7.3) - -BUNDLED WITH - 1.10.6 diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 35d917d9a5..d4052c24cb 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,47 +1,47 @@ GIT remote: git://github.com/rails/rails.git - revision: bf32ec7b8611e6b4c7e9398f7d297a1f0221e9b9 + revision: 7310a6d5c82d990122f5c49114aeb93dfa73b031 branch: 4-1-stable specs: - actionmailer (4.1.10) - actionpack (= 4.1.10) - actionview (= 4.1.10) + actionmailer (4.1.14) + actionpack (= 4.1.14) + actionview (= 4.1.14) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.10) - actionview (= 4.1.10) - activesupport (= 4.1.10) + actionpack (4.1.14) + actionview (= 4.1.14) + activesupport (= 4.1.14) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.10) - activesupport (= 4.1.10) + actionview (4.1.14) + activesupport (= 4.1.14) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.10) - activesupport (= 4.1.10) + activemodel (4.1.14) + activesupport (= 4.1.14) builder (~> 3.1) - activerecord (4.1.10) - activemodel (= 4.1.10) - activesupport (= 4.1.10) + activerecord (4.1.14) + activemodel (= 4.1.14) + activesupport (= 4.1.14) arel (~> 5.0.0) - activesupport (4.1.10) + activesupport (4.1.14) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - rails (4.1.10) - actionmailer (= 4.1.10) - actionpack (= 4.1.10) - actionview (= 4.1.10) - activemodel (= 4.1.10) - activerecord (= 4.1.10) - activesupport (= 4.1.10) + rails (4.1.14) + actionmailer (= 4.1.14) + actionpack (= 4.1.14) + actionview (= 4.1.14) + activemodel (= 4.1.14) + activerecord (= 4.1.14) + activesupport (= 4.1.14) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.10) + railties (= 4.1.14) sprockets-rails (~> 2.0) - railties (4.1.10) - actionpack (= 4.1.10) - activesupport (= 4.1.10) + railties (4.1.14) + actionpack (= 4.1.14) + activesupport (= 4.1.14) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -51,7 +51,7 @@ PATH devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) + railties (>= 4.1.0, < 5) responders thread_safe (~> 0.1) warden (~> 1.2.3) @@ -61,23 +61,23 @@ GEM specs: arel (5.0.1.20140414130214) bcrypt (3.1.10) - bson (2.3.0) + bson (3.2.6) builder (3.2.2) - connection_pool (2.1.3) + concurrent-ruby (1.0.0) + connection_pool (2.2.0) erubis (2.7.0) - faraday (0.9.1) + faraday (0.9.2) multipart-post (>= 1.2, < 3) - hashie (3.4.0) - hike (1.2.3) + hashie (3.4.3) i18n (0.7.0) - json (1.8.2) - jwt (1.4.1) + json (1.8.3) + jwt (1.5.2) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.4.3) - mini_portile (0.6.2) - minitest (5.5.1) + mime-types (2.99) + mini_portile2 (2.0.0) + minitest (5.8.3) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.2) @@ -85,15 +85,15 @@ GEM moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.4) - bson (~> 2.2) + moped (2.0.7) + bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.11.0) + multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + nokogiri (1.6.7) + mini_portile2 (~> 2.0.0.rc2) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -116,7 +116,7 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - rack (1.5.2) + rack (1.5.5) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -124,22 +124,20 @@ GEM rack (>= 1.0) rake (10.4.2) rdoc (4.2.0) + json (~> 1.4) responders (1.1.2) railties (>= 3.2, < 4.2) ruby-openid (2.7.0) - sprockets (2.12.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.4) + sprockets (3.5.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (2.3.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.10) + sqlite3 (1.3.11) thor (0.19.1) thread_safe (0.3.5) - tilt (1.4.1) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.4) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 678baf4982..e9b8b0d54f 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,57 +1,57 @@ GIT remote: git://github.com/rails/rails.git - revision: f12ff8ddab7b199707ec36d72bd72f206f142c8b + revision: f2b860fc0846c89e0cb2f5d844af458c410c65e3 branch: 4-2-stable specs: - actionmailer (4.2.1) - actionpack (= 4.2.1) - actionview (= 4.2.1) - activejob (= 4.2.1) + actionmailer (4.2.4) + actionpack (= 4.2.4) + actionview (= 4.2.4) + activejob (= 4.2.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.1) - actionview (= 4.2.1) - activesupport (= 4.2.1) + actionpack (4.2.4) + actionview (= 4.2.4) + activesupport (= 4.2.4) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.1) - activesupport (= 4.2.1) + actionview (4.2.4) + activesupport (= 4.2.4) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.1) - activesupport (= 4.2.1) + activejob (4.2.4) + activesupport (= 4.2.4) globalid (>= 0.3.0) - activemodel (4.2.1) - activesupport (= 4.2.1) + activemodel (4.2.4) + activesupport (= 4.2.4) builder (~> 3.1) - activerecord (4.2.1) - activemodel (= 4.2.1) - activesupport (= 4.2.1) + activerecord (4.2.4) + activemodel (= 4.2.4) + activesupport (= 4.2.4) arel (~> 6.0) - activesupport (4.2.1) + activesupport (4.2.4) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - rails (4.2.1) - actionmailer (= 4.2.1) - actionpack (= 4.2.1) - actionview (= 4.2.1) - activejob (= 4.2.1) - activemodel (= 4.2.1) - activerecord (= 4.2.1) - activesupport (= 4.2.1) + rails (4.2.4) + actionmailer (= 4.2.4) + actionpack (= 4.2.4) + actionview (= 4.2.4) + activejob (= 4.2.4) + activemodel (= 4.2.4) + activerecord (= 4.2.4) + activesupport (= 4.2.4) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.1) + railties (= 4.2.4) sprockets-rails - railties (4.2.1) - actionpack (= 4.2.1) - activesupport (= 4.2.1) + railties (4.2.4) + actionpack (= 4.2.4) + activesupport (= 4.2.4) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -69,29 +69,28 @@ PATH GEM remote: https://rubygems.org/ specs: - arel (6.0.0) + arel (6.0.3) bcrypt (3.1.10) - bson (2.3.0) + bson (3.2.1) builder (3.2.2) - connection_pool (2.1.3) + connection_pool (2.2.0) erubis (2.7.0) faraday (0.9.1) multipart-post (>= 1.2, < 3) - globalid (0.3.3) + globalid (0.3.6) activesupport (>= 4.1.0) - hashie (3.4.0) - hike (1.2.3) + hashie (3.4.2) i18n (0.7.0) - json (1.8.2) - jwt (1.4.1) - loofah (2.0.1) + json (1.8.3) + jwt (1.5.1) + loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.4.3) + mime-types (2.6.1) mini_portile (0.6.2) - minitest (5.5.1) + minitest (5.8.0) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.2) @@ -99,11 +98,11 @@ GEM moped (~> 2.0.0) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.4) - bson (~> 2.2) + moped (2.0.7) + bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.11.0) + multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.6.2) @@ -130,7 +129,7 @@ GEM optionable (0.2.0) origin (2.1.1) orm_adapter (0.5.0) - rack (1.6.0) + rack (1.6.4) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -138,7 +137,7 @@ GEM rack (>= 1.0) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.6) + rails-dom-testing (1.0.7) activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) @@ -149,19 +148,15 @@ GEM responders (2.1.0) railties (>= 4.2.0, < 5) ruby-openid (2.7.0) - sprockets (2.12.3) - hike (~> 1.2) - multi_json (~> 1.0) + sprockets (3.3.3) rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.4) + sprockets-rails (2.3.2) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.10) thor (0.19.1) thread_safe (0.3.5) - tilt (1.4.1) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.4) diff --git a/gemfiles/Gemfile.rails-5.0-alpha b/gemfiles/Gemfile.rails-5.0-alpha new file mode 100644 index 0000000000..10e6085880 --- /dev/null +++ b/gemfiles/Gemfile.rails-5.0-alpha @@ -0,0 +1,41 @@ +source "https://rubygems.org" + +gemspec path: '..' + +gem "rails", github: 'rails/rails', branch: 'master' +gem "arel", github: 'rails/arel' +gem "rack", github: 'rack/rack' +gem "sprockets-rails", github: 'rails/sprockets-rails' +gem "sprockets", github: 'rails/sprockets' +# gem "omniauth", "~> 1.2.2" +gem "omniauth", github: 'twalpole/omniauth', branch: 'rack_master' +gem "oauth2", github: 'twalpole/oauth2', branch: 'rack_master' +gem "omniauth-oauth2", "~> 1.2.0" +gem "rdoc" + +gem 'activemodel-serializers-xml', github: 'rails/activemodel-serializers-xml' + +gem 'rails-controller-testing' + +gem 'responders', github: 'plataformatec/responders' + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid", "~> 1.0.1" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :jruby do + gem "activerecord-jdbc-adapter" + gem "activerecord-jdbcsqlite3-adapter" + gem "jruby-openssl" +end + +platforms :ruby do + gem "sqlite3" +end + +# group :mongoid do +# gem "mongoid", "~> 4.0.0" +# end diff --git a/gemfiles/Gemfile.rails-5.0-alpha.lock b/gemfiles/Gemfile.rails-5.0-alpha.lock new file mode 100644 index 0000000000..a12faf799d --- /dev/null +++ b/gemfiles/Gemfile.rails-5.0-alpha.lock @@ -0,0 +1,236 @@ +GIT + remote: git://github.com/plataformatec/responders.git + revision: 240314b4502aa8e84020beee903be80f93b1f109 + specs: + responders (2.1.0) + railties (>= 4.2.0, < 5) + +GIT + remote: git://github.com/rack/rack.git + revision: 35599cfc2751e0ee611c0ff799924b8e7fe0c0b4 + specs: + rack (2.0.0.alpha) + json + +GIT + remote: git://github.com/rails/activemodel-serializers-xml.git + revision: 1f72d9507c91b1cda10d1d20eac2b74dd6d9d4b9 + specs: + activemodel-serializers-xml (0.1.0) + activemodel + activerecord + activesupport + +GIT + remote: git://github.com/rails/arel.git + revision: 3c429c5d86e9e2201c2a35d934ca6a8911c18e69 + specs: + arel (7.0.0.alpha) + +GIT + remote: git://github.com/rails/rails.git + revision: b859d97081c688f627eda30fc1c601e4ec070205 + branch: master + specs: + actionmailer (5.0.0.alpha) + actionpack (= 5.0.0.alpha) + actionview (= 5.0.0.alpha) + activejob (= 5.0.0.alpha) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 1.0, >= 1.0.5) + actionpack (5.0.0.alpha) + actionview (= 5.0.0.alpha) + activesupport (= 5.0.0.alpha) + rack (~> 2.x) + rack-test (~> 0.6.3) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.0.0.alpha) + activesupport (= 5.0.0.alpha) + builder (~> 3.1) + erubis (~> 2.7.0) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + activejob (5.0.0.alpha) + activesupport (= 5.0.0.alpha) + globalid (>= 0.3.0) + activemodel (5.0.0.alpha) + activesupport (= 5.0.0.alpha) + builder (~> 3.1) + activerecord (5.0.0.alpha) + activemodel (= 5.0.0.alpha) + activesupport (= 5.0.0.alpha) + arel (= 7.0.0.alpha) + activesupport (5.0.0.alpha) + concurrent-ruby (~> 1.0.0.pre3, < 2.0.0) + i18n (~> 0.7) + json (~> 1.7, >= 1.7.7) + method_source + minitest (~> 5.1) + tzinfo (~> 1.1) + rails (5.0.0.alpha) + actionmailer (= 5.0.0.alpha) + actionpack (= 5.0.0.alpha) + actionview (= 5.0.0.alpha) + activejob (= 5.0.0.alpha) + activemodel (= 5.0.0.alpha) + activerecord (= 5.0.0.alpha) + activesupport (= 5.0.0.alpha) + bundler (>= 1.3.0, < 2.0) + railties (= 5.0.0.alpha) + sprockets-rails (>= 2.0.0) + railties (5.0.0.alpha) + actionpack (= 5.0.0.alpha) + activesupport (= 5.0.0.alpha) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + +GIT + remote: git://github.com/rails/sprockets-rails.git + revision: 93a45b1c463a063ec7cf4d160107b67aa3db7a1a + specs: + sprockets-rails (3.0.0.beta3) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + +GIT + remote: git://github.com/rails/sprockets.git + revision: 5a77f8b007b8ec61edd783c48baf9d971f1c684d + specs: + sprockets (4.0.0) + rack (>= 1, < 3) + +GIT + remote: git://github.com/twalpole/oauth2.git + revision: 38e5b4bfe29b7ef87e87a3f323a088914393cfb5 + branch: rack_master + specs: + oauth2 (1.0.0) + faraday (>= 0.8, < 0.10) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 2.0) + +GIT + remote: git://github.com/twalpole/omniauth.git + revision: e0c2cd7c75ba741bcbb7318e104ec868454d7cc9 + branch: rack_master + specs: + omniauth (1.2.2) + hashie (>= 1.2, < 4) + rack (>= 1.0, < 2.0) + +PATH + remote: .. + specs: + devise (3.5.2) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + responders + thread_safe (~> 0.1) + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + bcrypt (3.1.10) + builder (3.2.2) + concurrent-ruby (1.0.0.pre4) + erubis (2.7.0) + faraday (0.9.2) + multipart-post (>= 1.2, < 3) + globalid (0.3.6) + activesupport (>= 4.1.0) + hashie (3.4.2) + i18n (0.7.0) + json (1.8.3) + jwt (1.5.1) + loofah (2.0.3) + nokogiri (>= 1.5.9) + mail (2.6.3) + mime-types (>= 1.16, < 3) + metaclass (0.0.4) + method_source (0.8.2) + mime-types (2.6.2) + mini_portile (0.6.2) + minitest (5.8.1) + mocha (1.1.0) + metaclass (~> 0.0.1) + multi_json (1.11.2) + multi_xml (0.5.5) + multipart-post (2.0.0) + nokogiri (1.6.6.2) + mini_portile (~> 0.6.0) + omniauth-facebook (2.0.1) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.2.0) + faraday (>= 0.8, < 0.10) + multi_json (~> 1.3) + oauth2 (~> 1.0) + omniauth (~> 1.2) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (0.6.3) + rack (>= 1.0) + rails-controller-testing (0.0.3) + rails (>= 4.2) + rails-deprecated_sanitizer (1.0.3) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.7) + activesupport (>= 4.2.0.beta, < 5.0) + nokogiri (~> 1.6.0) + rails-deprecated_sanitizer (>= 1.0.1) + rails-html-sanitizer (1.0.2) + loofah (~> 2.0) + rake (10.4.2) + rdoc (4.2.0) + ruby-openid (2.7.0) + sqlite3 (1.3.11) + thor (0.19.1) + thread_safe (0.3.5) + tzinfo (1.2.2) + thread_safe (~> 0.1) + warden (1.2.3) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + activerecord-jdbc-adapter + activerecord-jdbcsqlite3-adapter + arel! + devise! + jruby-openssl + mocha (~> 1.1) + oauth2! + omniauth! + omniauth-facebook + omniauth-oauth2 (~> 1.2.0) + omniauth-openid (~> 1.0.1) + rack! + rails! + rails-controller-testing + rdoc + responders! + sprockets! + sprockets-rails! + sqlite3 + webrat (= 0.7.3) + +BUNDLED WITH + 1.10.6 diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 58e894db2f..2516b8cb48 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -30,8 +30,8 @@ module ClassMethods # current_bloggers # Currently signed in user and admin # # Use: - # before_filter :authenticate_blogger! # Redirects unless either a user or an admin are authenticated - # before_filter ->{ authenticate_blogger! :admin } # Redirects to the admin login page + # before_action :authenticate_blogger! # Redirects unless either a user or an admin are authenticated + # before_action ->{ authenticate_blogger! :admin } # Redirects to the admin login page # current_blogger :user # Preferably returns a User if one is signed in # def devise_group(group_name, opts={}) @@ -84,7 +84,7 @@ def log_process_action(payload) end # Define authentication filters and accessor helpers based on mappings. - # These filters should be used inside the controllers as before_filters, + # These filters should be used inside the controllers as before_actions, # so you can control the scope of the user who should be signed in to # access that specific controller/action. # Example: @@ -104,8 +104,8 @@ def log_process_action(payload) # admin_session # Session data available only to the admin scope # # Use: - # before_filter :authenticate_user! # Tell devise to use :user map - # before_filter :authenticate_admin! # Tell devise to use :admin map + # before_action :authenticate_user! # Tell devise to use :user map + # before_action :authenticate_admin! # Tell devise to use :admin map # def self.define_helpers(mapping) #:nodoc: mapping = mapping.name @@ -145,7 +145,7 @@ def warden # the controllers defined inside devise. Useful if you want to apply a before # filter to all controllers, except the ones in devise: # - # before_filter :my_filter, unless: :devise_controller? + # before_action :my_filter, unless: :devise_controller? def devise_controller? is_a?(::DeviseController) end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index bf3881854a..863be07bc1 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -6,7 +6,6 @@ module Devise # page based on current scope and mapping. If no scope is given, redirect # to the default_url. class FailureApp < ActionController::Metal - include ActionController::RackDelegation include ActionController::UrlFor include ActionController::Redirecting @@ -22,7 +21,7 @@ def self.call(env) @respond.call(env) end - # Try retrieving the URL options from the parent controller (usually + # Try retrieving the URL options from the parent controller (usually # ApplicationController). Instance methods are not supported at the moment, # so only the class-level attribute is used. def self.default_url_options(*args) @@ -53,18 +52,27 @@ def http_auth def recall config = Rails.application.config - if config.try(:relative_url_root) + header_info = if config.try(:relative_url_root) base_path = Pathname.new(config.relative_url_root) full_path = Pathname.new(attempted_path) - env["SCRIPT_NAME"] = config.relative_url_root - env["PATH_INFO"] = '/' + full_path.relative_path_from(base_path).to_s + { "SCRIPT_NAME" => config.relative_url_root, + "PATH_INFO" => '/' + full_path.relative_path_from(base_path).to_s } else - env["PATH_INFO"] = attempted_path + { "PATH_INFO" => attempted_path } + end + + header_info.each do | var, value| + if request.respond_to?(:set_header) + request.set_header(var, value) + else + env[var] = value + end end flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? - self.response = recall_app(warden_options[:recall]).call(env) + # self.response = recall_app(warden_options[:recall]).call(env) + self.response = recall_app(warden_options[:recall]).call(request.env) end def redirect @@ -199,11 +207,11 @@ def recall_app(app) end def warden - env['warden'] + request.respond_to?(:get_header) ? request.get_header("warden") : env["warden"] end def warden_options - env['warden.options'] + request.respond_to?(:get_header) ? request.get_header("warden.options") : env["warden.options"] end def warden_message diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 8980b208a8..f8cc99cd1e 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -253,6 +253,7 @@ def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc: # Find or initialize a record with group of attributes based on a list of required attributes. def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc: + attributes = attributes.to_unsafe_h.with_indifferent_access if attributes.respond_to? :to_unsafe_h attributes = attributes.slice(*required_attributes).with_indifferent_access attributes.delete_if { |key, value| value.blank? } diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 33689f0dbc..cc7bb0550f 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -316,6 +316,7 @@ def confirm_by_token(confirmation_token) # Find a record for confirmation by unconfirmed email field def find_by_unconfirmed_email_with_errors(attributes = {}) unconfirmed_required_attributes = confirmation_keys.map { |k| k == :email ? :unconfirmed_email : k } + attributes = attributes.to_unsafe_h if attributes.respond_to? :to_unsafe_h unconfirmed_attributes = attributes.symbolize_keys unconfirmed_attributes[:unconfirmed_email] = unconfirmed_attributes.delete(:email) find_or_initialize_with_errors(unconfirmed_required_attributes, unconfirmed_attributes, :not_found) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index b155f3d0fd..27a8646d6a 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -39,6 +39,7 @@ def self.required_fields(klass) # Generates password encryption based on the given value. def password=(new_password) + attribute_will_change! 'password' @password = new_password self.encrypted_password = password_digest(@password) if @password.present? end diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index d40be48946..5041c02bc5 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -1,13 +1,10 @@ require "active_support/core_ext/object/try" require "active_support/core_ext/hash/slice" -module ActionDispatch::Routing - class RouteSet #:nodoc: - # Ensure Devise modules are included only after loading routes, because we - # need devise_for mappings already declared to create filters and helpers. - def finalize_with_devise! - result = finalize_without_devise! - +module Devise + module RouteSet + def finalize! + result = super @devise_finalized ||= begin if Devise.router_name.nil? && defined?(@devise_finalized) && self != Rails.application.try(:routes) warn "[DEVISE] We have detected that you are using devise_for inside engine routes. " \ @@ -21,10 +18,16 @@ def finalize_with_devise! Devise.regenerate_helpers! true end - result end - alias_method_chain :finalize!, :devise + end +end + +module ActionDispatch::Routing + class RouteSet #:nodoc: + # Ensure Devise modules are included only after loading routes, because we + # need devise_for mappings already declared to create filters and helpers. + prepend Devise::RouteSet end class Mapper @@ -105,7 +108,7 @@ class Mapper # end # # class ManagerController < ApplicationController - # before_filter authenticate_manager! + # before_action authenticate_manager! # # def show # @manager = current_manager @@ -428,8 +431,12 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: end ERROR end - - path, @scope[:path] = @scope[:path], nil + current_scope = @scope.dup + if @scope.respond_to? :new + @scope = @scope.new path: nil + else + @scope[:path] = nil + end path_prefix = Devise.omniauth_path_prefix || "/#{mapping.fullpath}/auth".squeeze("/") set_omniauth_path_prefix!(path_prefix) @@ -448,7 +455,7 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: as: :omniauth_callback, via: [:get, :post] ensure - @scope[:path] = path + @scope = current_scope end def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: @@ -457,7 +464,11 @@ def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: exclusive = { as: new_as, path: new_path, module: nil } exclusive.merge!(options.slice(:constraints, :defaults, :options)) - exclusive.each_pair { |key, value| @scope[key] = value } + if @scope.respond_to? :new + @scope = @scope.new exclusive + else + exclusive.each_pair { |key, value| @scope[key] = value } + end yield ensure @scope = current_scope diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index 58fde3df62..36f440c0fe 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -16,7 +16,10 @@ def self.included(base) # Override process to consider warden. def process(*) # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts - _catch_warden { super } || @response + _catch_warden { super } # || @response # _catch_warden will setup the @response object + + # process needs to return the ActionDispath::TestResponse object + @response end # We need to setup the environment variables and the response in the controller. @@ -109,8 +112,9 @@ def _process_unauthenticated(env, options = {}) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a @controller.response.headers.merge!(headers) - @controller.send :render, status: status, text: response.body, - content_type: headers["Content-Type"], location: headers["Location"] + r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] } + r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body + @controller.send :render, r_opts nil # causes process return @response end @@ -122,7 +126,8 @@ def _process_unauthenticated(env, options = {}) # ensure the controller response is set to our response. @controller.response ||= @response @response.status = ret.first - @response.headers = ret.second + @response.headers.clear + ret.second.each { |k,v| @response[k] = v } @response.body = ret.third end diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 7394bd84db..ff73b97105 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -75,11 +75,11 @@ def ip_column end def inet? - rails4? && postgresql? + postgresql? end - def rails4? - Rails.version.start_with? '4' + def rails5? + Rails.version.start_with? '5' end def postgresql? diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index f8f59e490a..37228fd944 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -8,27 +8,10 @@ def model_contents devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable -CONTENT - buffer += <<-CONTENT if needs_attr_accessible? - # Setup accessible (or protected) attributes for your model - attr_accessible :email, :password, :password_confirmation, :remember_me - CONTENT buffer end - def needs_attr_accessible? - rails_3? && !strong_parameters_enabled? - end - - def rails_3? - Rails::VERSION::MAJOR == 3 - end - - def strong_parameters_enabled? - defined?(ActionController::StrongParameters) - end - private def model_exists? diff --git a/lib/generators/templates/controllers/registrations_controller.rb b/lib/generators/templates/controllers/registrations_controller.rb index 99f4a799ee..68de84d7ec 100644 --- a/lib/generators/templates/controllers/registrations_controller.rb +++ b/lib/generators/templates/controllers/registrations_controller.rb @@ -1,6 +1,6 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController -# before_filter :configure_sign_up_params, only: [:create] -# before_filter :configure_account_update_params, only: [:update] +# before_action :configure_sign_up_params, only: [:create] +# before_action :configure_account_update_params, only: [:update] # GET /resource/sign_up # def new diff --git a/lib/generators/templates/controllers/sessions_controller.rb b/lib/generators/templates/controllers/sessions_controller.rb index 0e2f45072b..44f748f71b 100644 --- a/lib/generators/templates/controllers/sessions_controller.rb +++ b/lib/generators/templates/controllers/sessions_controller.rb @@ -1,5 +1,5 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController -# before_filter :configure_sign_in_params, only: [:create] +# before_action :configure_sign_in_params, only: [:create] # GET /resource/sign_in # def new diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 42720aa582..9356de44b3 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -6,11 +6,7 @@ # confirmation, reset password and unlock tokens in the database. # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key` # by default. You can change it below and use your own secret key. -<% if rails_4? -%> # config.secret_key = '<%= SecureRandom.hex(64) %>' -<% else -%> - config.secret_key = '<%= SecureRandom.hex(64) %>' -<% end -%> # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, diff --git a/test/controllers/custom_registrations_controller_test.rb b/test/controllers/custom_registrations_controller_test.rb index 0421ad0376..60db1f49fa 100644 --- a/test/controllers/custom_registrations_controller_test.rb +++ b/test/controllers/custom_registrations_controller_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class CustomRegistrationsControllerTest < ActionController::TestCase +class CustomRegistrationsControllerTest < Devise::ControllerTestCase tests Custom::RegistrationsController include Devise::TestHelpers @@ -12,24 +12,24 @@ class CustomRegistrationsControllerTest < ActionController::TestCase end test "yield resource to block on create success" do - post :create, { user: { email: "user@example.org", password: "password", password_confirmation: "password" } } + post :create, params: { user: { email: "user@example.org", password: "password", password_confirmation: "password" } } assert @controller.create_block_called?, "create failed to yield resource to provided block" end test "yield resource to block on create failure" do - post :create, { user: { } } + post :create, params: { user: { } } assert @controller.create_block_called?, "create failed to yield resource to provided block" end test "yield resource to block on update success" do sign_in @user - put :update, { user: { current_password: @password } } + put :update, params: { user: { current_password: @password } } assert @controller.update_block_called?, "update failed to yield resource to provided block" end test "yield resource to block on update failure" do sign_in @user - put :update, { user: { } } + put :update, params: { user: { } } assert @controller.update_block_called?, "update failed to yield resource to provided block" end diff --git a/test/controllers/custom_strategy_test.rb b/test/controllers/custom_strategy_test.rb index 798ca77724..165f5a2c0e 100644 --- a/test/controllers/custom_strategy_test.rb +++ b/test/controllers/custom_strategy_test.rb @@ -24,7 +24,7 @@ def authenticate! end end -class CustomStrategyTest < ActionController::TestCase +class CustomStrategyTest < Devise::ControllerTestCase tests CustomStrategyController include Devise::TestHelpers @@ -41,8 +41,9 @@ class CustomStrategyTest < ActionController::TestCase ret = get :new # check the returned rack array - assert ret.is_a?(Array) - assert_equal 400, ret.first + # assert ret.is_a?(Array) + # assert_equal 400, ret.first + assert ret.is_a?(ActionDispatch::TestResponse) # check the saved response as well. This is purely so that the response is available to the testing framework # for verification. In production, the above array would be delivered directly to Rack. @@ -53,8 +54,9 @@ class CustomStrategyTest < ActionController::TestCase ret = get :new # check the returned rack array - assert ret.is_a?(Array) - assert_equal ret.third['X-FOO'], 'BAR' + # assert ret.is_a?(Array) + # assert_equal ret.third['X-FOO'], 'BAR' + assert ret.is_a?(ActionDispatch::TestResponse) # check the saved response headers as well. assert_equal response.headers['X-FOO'], 'BAR' diff --git a/test/controllers/helper_methods_test.rb b/test/controllers/helper_methods_test.rb index ee7050170e..52fa6b88ae 100644 --- a/test/controllers/helper_methods_test.rb +++ b/test/controllers/helper_methods_test.rb @@ -4,7 +4,7 @@ class ApiController < ActionController::Metal include Devise::Controllers::Helpers end -class HelperMethodsTest < ActionController::TestCase +class HelperMethodsTest < Devise::ControllerTestCase tests ApiController test 'includes Devise::Controllers::Helpers' do diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index bae10c25b9..6df78d9ce2 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -1,7 +1,7 @@ require 'test_helper' require 'ostruct' -class ControllerAuthenticatableTest < ActionController::TestCase +class ControllerAuthenticatableTest < Devise::ControllerTestCase tests ApplicationController def setup diff --git a/test/controllers/inherited_controller_i18n_messages_test.rb b/test/controllers/inherited_controller_i18n_messages_test.rb index 66d2df49f9..677ce30fd2 100644 --- a/test/controllers/inherited_controller_i18n_messages_test.rb +++ b/test/controllers/inherited_controller_i18n_messages_test.rb @@ -14,7 +14,7 @@ def translation_scope end end -class InheritedControllerTest < ActionController::TestCase +class InheritedControllerTest < Devise::ControllerTestCase tests SessionsInheritedController def setup @@ -32,7 +32,7 @@ def setup end end -class AnotherInheritedControllerTest < ActionController::TestCase +class AnotherInheritedControllerTest < Devise::ControllerTestCase tests AnotherInheritedController def setup diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 2ba50306bd..47beab928d 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -3,7 +3,7 @@ class MyController < DeviseController end -class HelpersTest < ActionController::TestCase +class HelpersTest < Devise::ControllerTestCase tests MyController def setup @@ -36,18 +36,17 @@ def setup test 'get resource params from request params using resource name as key' do user_params = {'email' => 'shirley@templar.com'} - params = if Devise.rails4? - # Stub controller name so strong parameters can filter properly. - # DeviseController does not allow any parameters by default. - @controller.stubs(:controller_name).returns(:sessions_controller) + # Stub controller name so strong parameters can filter properly. + # DeviseController does not allow any parameters by default. + @controller.stubs(:controller_name).returns(:sessions_controller) + + params = ActionController::Parameters.new({'user' => user_params}) - ActionController::Parameters.new({'user' => user_params}) - else - HashWithIndifferentAccess.new({'user' => user_params}) - end @controller.stubs(:params).returns(params) - assert_equal user_params, @controller.send(:resource_params) + res_params = @controller.send(:resource_params) + res_params = res_params.to_unsafe_h if res_params.respond_to? :to_unsafe_h + assert_equal user_params, res_params end test 'resources methods are not controller actions' do diff --git a/test/controllers/load_hooks_controller_test.rb b/test/controllers/load_hooks_controller_test.rb index 4f6d9a8e0c..cf8f454461 100644 --- a/test/controllers/load_hooks_controller_test.rb +++ b/test/controllers/load_hooks_controller_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class LoadHooksControllerTest < ActionController::TestCase +class LoadHooksControllerTest < Devise::ControllerTestCase setup do ActiveSupport.on_load(:devise_controller) do define_method :defined_by_load_hook do diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index 383724b8dc..f8a3f2c831 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class PasswordsControllerTest < ActionController::TestCase +class PasswordsControllerTest < Devise::ControllerTestCase tests Devise::PasswordsController include Devise::TestHelpers @@ -11,8 +11,9 @@ class PasswordsControllerTest < ActionController::TestCase end def put_update_with_params - put :update, "user" => { - "reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567" + put :update, params: { "user" => { + "reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567" + } } end diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index d931bf83a8..c224983a66 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class SessionsControllerTest < ActionController::TestCase +class SessionsControllerTest < Devise::ControllerTestCase tests Devise::SessionsController include Devise::TestHelpers @@ -12,9 +12,10 @@ class SessionsControllerTest < ActionController::TestCase request.env["devise.mapping"] = Devise.mappings[:user] request.session["user_return_to"] = 'foo.bar' create_user - post :create, user: { - email: "wrong@email.com", - password: "wrongpassword" + post :create, params: { user: { + email: "wrong@email.com", + password: "wrongpassword" + } } assert_equal 200, @response.status ensure @@ -37,11 +38,11 @@ class SessionsControllerTest < ActionController::TestCase user = create_user user.confirm - post :create, user: { - email: user.email, - password: user.password + post :create, params: { user: { + email: user.email, + password: user.password + } } - assert_nil request.session["user_return_to"] end @@ -51,9 +52,10 @@ class SessionsControllerTest < ActionController::TestCase user = create_user user.confirm - post :create, format: 'json', user: { - email: user.email, - password: user.password + post :create, params: { format: 'json', user: { + email: user.email, + password: user.password + } } assert_equal 'foo.bar', request.session["user_return_to"] @@ -61,9 +63,10 @@ class SessionsControllerTest < ActionController::TestCase test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do request.env["devise.mapping"] = Devise.mappings[:user] - post :create, user: { - email: "nosuchuser@example.com", - password: "wevdude" + post :create, params: { user: { + email: "nosuchuser@example.com", + password: "wevdude" + } } assert_equal 200, @response.status assert_template "devise/sessions/new" @@ -73,11 +76,11 @@ class SessionsControllerTest < ActionController::TestCase request.env["devise.mapping"] = Devise.mappings[:user] user = create_user user.confirm - post :create, format: 'json', user: { - email: user.email, - password: user.password + post :create, params: { format: 'json', user: { + email: user.email, + password: user.password + } } - delete :destroy, format: 'json' assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}" assert_equal 204, @response.status diff --git a/test/controllers/url_helpers_test.rb b/test/controllers/url_helpers_test.rb index 06895b5db7..a4db090109 100644 --- a/test/controllers/url_helpers_test.rb +++ b/test/controllers/url_helpers_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RoutesTest < ActionController::TestCase +class RoutesTest < Devise::ControllerTestCase tests ApplicationController def assert_path_and_url(name, prepend_path=nil) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 44ac767141..8919654a39 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -53,11 +53,16 @@ def call_failure(env_params={}) 'REQUEST_METHOD' => 'GET', 'warden.options' => { scope: :user }, 'rack.session' => {}, - 'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime::HTML), + 'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime[:html]), 'rack.input' => "", 'warden' => OpenStruct.new(message: nil) }.merge!(env_params) + # Passing nil for action_dispatch.request.formats prevents the default from being used in Rails 5, need to remove it + if env.has_key?('action_dispatch.request.formats') && env['action_dispatch.request.formats'].nil? + env.delete 'action_dispatch.request.formats' unless env['action_dispatch.request.formats'] + end + @response = (env.delete(:app) || Devise::FailureApp).call(env).to_a @request = ActionDispatch::Request.new(env) end @@ -164,14 +169,14 @@ def call_failure(env_params={}) test 'works for any navigational format' do swap Devise, navigational_formats: [:xml] do - call_failure('formats' => Mime::XML) + call_failure('formats' => Mime[:xml]) assert_equal 302, @response.first end end test 'redirects the correct format if it is a non-html format request' do swap Devise, navigational_formats: [:js] do - call_failure('formats' => Mime::JS) + call_failure('formats' => Mime[:js]) assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"] end end @@ -179,18 +184,18 @@ def call_failure(env_params={}) context 'For HTTP request' do test 'return 401 status' do - call_failure('formats' => Mime::XML) + call_failure('formats' => Mime[:xml]) assert_equal 401, @response.first end test 'return appropriate body for xml' do - call_failure('formats' => Mime::XML) + call_failure('formats' => Mime[:xml]) result = %(\n\n You need to sign in or sign up before continuing.\n\n) assert_equal result, @response.last.body end test 'return appropriate body for json' do - call_failure('formats' => Mime::JSON) + call_failure('formats' => Mime[:json]) result = %({"error":"You need to sign in or sign up before continuing."}) assert_equal result, @response.last.body end @@ -201,26 +206,26 @@ def call_failure(env_params={}) end test 'return WWW-authenticate headers if model allows' do - call_failure('formats' => Mime::XML) + call_failure('formats' => Mime[:xml]) assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"] end test 'does not return WWW-authenticate headers if model does not allow' do swap Devise, http_authenticatable: false do - call_failure('formats' => Mime::XML) + call_failure('formats' => Mime[:xml]) assert_nil @response.second["WWW-Authenticate"] end end test 'works for any non navigational format' do swap Devise, navigational_formats: [] do - call_failure('formats' => Mime::HTML) + call_failure('formats' => Mime[:html]) assert_equal 401, @response.first end end test 'uses the failure message as response body' do - call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(message: :invalid)) + call_failure('formats' => Mime[:xml], 'warden' => OpenStruct.new(message: :invalid)) assert_match 'Invalid email or password.', @response.third.body end @@ -228,7 +233,7 @@ def call_failure(env_params={}) context 'when http_authenticatable_on_xhr is false' do test 'dont return 401 with navigational formats' do swap Devise, http_authenticatable_on_xhr: false do - call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') + call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end @@ -236,7 +241,7 @@ def call_failure(env_params={}) test 'dont return 401 with non navigational formats' do swap Devise, http_authenticatable_on_xhr: false do - call_failure('formats' => Mime::JSON, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') + call_failure('formats' => Mime[:json], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 302, @response.first assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"] end @@ -246,14 +251,14 @@ def call_failure(env_params={}) context 'when http_authenticatable_on_xhr is true' do test 'return 401' do swap Devise, http_authenticatable_on_xhr: true do - call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') + call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_equal 401, @response.first end end test 'skip WWW-Authenticate header' do swap Devise, http_authenticatable_on_xhr: true do - call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') + call_failure('formats' => Mime[:html], 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest') assert_nil @response.second['WWW-Authenticate'] end end diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index e032bd9bdf..adfa8fd1d8 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -69,7 +69,6 @@ class ActiveRecordEngineGeneratorTest < Rails::Generators::TestCase setup :prepare_destination test "all files are properly created in rails 4.0" do - ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(false) simulate_inside_engine(RailsEngine::Engine, RailsEngine) do run_generator ["monster"] @@ -80,30 +79,5 @@ class ActiveRecordEngineGeneratorTest < Rails::Generators::TestCase end end - test "all files are properly created in rails 3.2 when strong_parameters gem is not installed" do - ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true) - ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(false) - simulate_inside_engine(RailsEngine::Engine, RailsEngine) do - run_generator ["monster"] - - assert_file "app/models/rails_engine/monster.rb", /devise/ - assert_file "app/models/rails_engine/monster.rb" do |content| - assert_match /attr_accessible :email/, content - end - end - end - - test "all files are properly created in rails 3.2 when strong_parameters gem is installed" do - ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:rails_3?).returns(true) - ActiveRecord::Generators::DeviseGenerator.any_instance.stubs(:strong_parameters_enabled?).returns(true) - simulate_inside_engine(RailsEngine::Engine, RailsEngine) do - run_generator ["monster"] - - assert_file "app/models/rails_engine/monster.rb", /devise/ - assert_file "app/models/rails_engine/monster.rb" do |content| - assert_no_match /attr_accessible :email/, content - end - end - end end end diff --git a/test/helpers/devise_helper_test.rb b/test/helpers/devise_helper_test.rb index df4b23f4f9..816d54267b 100644 --- a/test/helpers/devise_helper_test.rb +++ b/test/helpers/devise_helper_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class DeviseHelperTest < ActionDispatch::IntegrationTest +class DeviseHelperTest < Devise::IntegrationTest setup do model_labels = { models: { user: "the user" } } translations = { diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 8048390b75..f22b287177 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class AuthenticationSanityTest < ActionDispatch::IntegrationTest +class AuthenticationSanityTest < Devise::IntegrationTest test 'home should be accessible without sign in' do visit '/' assert_response :success @@ -134,7 +134,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest end end -class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest +class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'not signed in should not be able to access private route (authenticate denied)' do get private_path assert_redirected_to new_admin_session_path @@ -254,7 +254,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest end end -class AuthenticationRedirectTest < ActionDispatch::IntegrationTest +class AuthenticationRedirectTest < Devise::IntegrationTest test 'redirect from warden shows sign in or sign up message' do get admins_path @@ -300,7 +300,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest end test 'xml http requests does not store urls for redirect' do - get users_path, {}, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest' + get users_path, headers: { 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest' } assert_equal 401, response.status assert_nil session[:"user_return_to"] end @@ -317,7 +317,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest end end -class AuthenticationSessionTest < ActionDispatch::IntegrationTest +class AuthenticationSessionTest < Devise::IntegrationTest test 'destroyed account is signed out' do sign_in_as_user get '/users' @@ -390,7 +390,7 @@ def serialize(record) end end -class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest +class AuthenticationWithScopedViewsTest < Devise::IntegrationTest test 'renders the scoped view if turned on and view is available' do swap Devise, scoped_views: true do assert_raise Webrat::NotFoundError do @@ -431,7 +431,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest end end -class AuthenticationOthersTest < ActionDispatch::IntegrationTest +class AuthenticationOthersTest < Devise::IntegrationTest test 'handles unverified requests gets rid of caches' do swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) @@ -472,7 +472,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'sign in with script name' do assert_nothing_raised do - get new_user_session_path, {}, "SCRIPT_NAME" => "/omg" + get new_user_session_path, headers: { "SCRIPT_NAME" => "/omg" } fill_in "email", with: "user@test.com" end end @@ -509,7 +509,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'sign in with xml format returns xml response' do create_user - post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'} + post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success assert response.body.include? %(\n) end @@ -519,13 +519,13 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest assert_response :success create_user - post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'} + post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success get new_user_session_path(format: 'xml') assert_response :success - post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'} + post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success assert response.body.include? %(\n) end @@ -559,7 +559,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'sign out with non-navigational format via XHR does not redirect' do swap Devise, navigational_formats: ['*/*', :html] do sign_in_as_user - xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. + get destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. assert_response :no_content assert_not warden.authenticated?(:user) end @@ -569,14 +569,14 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest test 'sign out with navigational format via XHR does redirect' do swap Devise, navigational_formats: ['*/*', :html] do sign_in_as_user - xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" } + get destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" } assert_response :redirect assert_not warden.authenticated?(:user) end end end -class AuthenticationKeysTest < ActionDispatch::IntegrationTest +class AuthenticationKeysTest < Devise::IntegrationTest test 'missing authentication keys cause authentication to abort' do swap Devise, authentication_keys: [:subdomain] do sign_in_as_user @@ -593,7 +593,7 @@ class AuthenticationKeysTest < ActionDispatch::IntegrationTest end end -class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest +class AuthenticationRequestKeysTest < Devise::IntegrationTest test 'request keys are used on authentication' do host! 'foo.bar.baz' @@ -612,7 +612,17 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest assert_not warden.authenticated?(:user) end - end + end if Rails.version < '5.0.0' + + test 'invalid request keys raises ActionController::RoutingError' do + swap Devise, request_keys: [:unknown_method] do + assert_raise ActionController::RoutingError do + sign_in_as_user + end + + assert_not warden.authenticated?(:user) + end + end if Rails.version >= '5.0.0' test 'blank request keys cause authentication to abort' do host! 'test.com' @@ -634,7 +644,7 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest end end -class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest +class AuthenticationSignOutViaTest < Devise::IntegrationTest def sign_in!(scope) sign_in_as_admin(visit: send("new_#{scope}_session_path")) assert warden.authenticated?(scope) @@ -689,7 +699,7 @@ def sign_in!(scope) end end -class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest +class DoubleAuthenticationRedirectTest < Devise::IntegrationTest test 'signed in as user redirects when visiting user sign in page' do sign_in_as_user get new_user_session_path(format: :html) @@ -712,7 +722,7 @@ class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest end end -class DoubleSignOutRedirectTest < ActionDispatch::IntegrationTest +class DoubleSignOutRedirectTest < Devise::IntegrationTest test 'sign out after already having signed out redirects to sign in' do sign_in_as_user diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index d04b00c98a..5241517a66 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class ConfirmationTest < ActionDispatch::IntegrationTest +class ConfirmationTest < Devise::IntegrationTest def visit_user_confirmation_with_token(confirmation_token) visit user_confirmation_path(confirmation_token: confirmation_token) @@ -184,14 +184,14 @@ def resend_confirmation test 'resent confirmation token with valid E-Mail in XML format should return valid response' do user = create_user(confirm: false) - post user_confirmation_path(format: 'xml'), user: { email: user.email } + post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } } assert_response :success assert_equal response.body, {}.to_xml end test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do create_user(confirm: false) - post user_confirmation_path(format: 'xml'), user: { email: 'invalid.test@test.com' } + post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } } assert_response :unprocessable_entity assert response.body.include? %(\n) end @@ -213,7 +213,7 @@ def resend_confirmation test 'request an account confirmation account with JSON, should return an empty JSON' do user = create_user(confirm: false) - post user_confirmation_path, user: { email: user.email }, format: :json + post user_confirmation_path, params: { user: { email: user.email }, format: :json } assert_response :success assert_equal response.body, {}.to_json end @@ -249,7 +249,7 @@ def resend_confirmation end end -class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest +class ConfirmationOnChangeTest < Devise::IntegrationTest def create_second_admin(options={}) @admin = nil create_admin(options) diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 18a633d3af..578eb4de83 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class DatabaseAuthenticationTest < ActionDispatch::IntegrationTest +class DatabaseAuthenticationTest < Devise::IntegrationTest test 'sign in with email of different case should succeed when email is in the list of case insensitive keys' do create_user(email: 'Foo@Bar.com') diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index aad51f62c7..7efdafe8c8 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -1,10 +1,10 @@ require 'test_helper' -class HttpAuthenticationTest < ActionDispatch::IntegrationTest +class HttpAuthenticationTest < Devise::IntegrationTest test 'handles unverified requests gets rid of caches but continues signed in' do swap ApplicationController, allow_forgery_protection: true do create_user - post exhibit_user_url(1), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" + post exhibit_user_url(1), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("user@test.com:12345678")}" } assert warden.authenticated?(:user) assert_equal "User is authenticated", response.body end @@ -89,17 +89,16 @@ class HttpAuthenticationTest < ActionDispatch::IntegrationTest end private - def sign_in_as_new_user_with_http(username="user@test.com", password="12345678") user = create_user - get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" + get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" } user end # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication def add_oauth2_header user = create_user - get users_path(format: :xml), {}, "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" + get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" } end end diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 0c8c4a79cf..a13de7a63f 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class LockTest < ActionDispatch::IntegrationTest +class LockTest < Devise::IntegrationTest def visit_user_unlock_with_token(unlock_token) visit user_unlock_path(unlock_token: unlock_token) @@ -132,9 +132,10 @@ def send_unlock_request user = create_user(locked: true) ActionMailer::Base.deliveries.clear - post user_unlock_path(format: 'xml'), user: {email: user.email} + post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } assert_response :success assert_equal response.body, {}.to_xml + assert_equal 1, ActionMailer::Base.deliveries.size end @@ -142,7 +143,7 @@ def send_unlock_request user = create_user(locked: false) ActionMailer::Base.deliveries.clear - post user_unlock_path(format: 'xml'), user: {email: user.email} + post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } assert_response :unprocessable_entity assert response.body.include? %(\n) assert_equal 0, ActionMailer::Base.deliveries.size diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 36d2fb15e6..76c2cdcfea 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -1,7 +1,7 @@ require 'test_helper' -class OmniauthableIntegrationTest < ActionDispatch::IntegrationTest +class OmniauthableIntegrationTest < Devise::IntegrationTest FACEBOOK_INFO = { "id" => '12345', "link" => 'http://facebook.com/josevalim', diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index d13caa8f3f..a26ca758b2 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class PasswordTest < ActionDispatch::IntegrationTest +class PasswordTest < Devise::IntegrationTest def visit_new_password_path visit new_user_session_path @@ -160,8 +160,7 @@ def reset_password(options={}, &block) assert_response :success assert_current_url '/users/password' assert_have_selector '#error_explanation' - assert_contain Devise.rails4? ? - "Password confirmation doesn't match Password" : "Password doesn't match confirmation" + assert_contain "Password confirmation doesn't match Password" assert_not user.reload.valid_password?('987654321') end @@ -251,14 +250,14 @@ def reset_password(options={}, &block) test 'reset password request with valid E-Mail in XML format should return valid response' do create_user - post user_password_path(format: 'xml'), user: {email: "user@test.com"} + post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} } assert_response :success assert_equal response.body, { }.to_xml end test 'reset password request with invalid E-Mail in XML format should return valid response' do create_user - post user_password_path(format: 'xml'), user: {email: "invalid.test@test.com"} + post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} } assert_response :unprocessable_entity assert response.body.include? %(\n) end @@ -266,7 +265,7 @@ def reset_password(options={}, &block) test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do swap Devise, paranoid: true do create_user - post user_password_path(format: 'xml'), user: {email: "invalid@test.com"} + post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} } assert_response :success assert_equal response.body, { }.to_xml end @@ -275,8 +274,9 @@ def reset_password(options={}, &block) test 'change password with valid parameters in XML format should return valid response' do create_user request_forgot_password - put user_password_path(format: 'xml'), user: { + put user_password_path(format: 'xml'), params: { user: { reset_password_token: 'abcdef', password: '987654321', password_confirmation: '987654321' + } } assert_response :success assert warden.authenticated?(:user) @@ -285,7 +285,7 @@ def reset_password(options={}, &block) test 'change password with invalid token in XML format should return invalid response' do create_user request_forgot_password - put user_password_path(format: 'xml'), user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} + put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} } assert_response :unprocessable_entity assert response.body.include? %(\n) end @@ -293,7 +293,7 @@ def reset_password(options={}, &block) test 'change password with invalid new password in XML format should return invalid response' do user = create_user request_forgot_password - put user_password_path(format: 'xml'), user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} + put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} } assert_response :unprocessable_entity assert response.body.include? %(\n) end @@ -301,7 +301,7 @@ def reset_password(options={}, &block) test "when using json requests to ask a confirmable request, should not return the object" do user = create_user(confirm: false) - post user_password_path(format: :json), user: { email: user.email } + post user_password_path(format: :json), params: { user: { email: user.email } } assert_response :success assert_equal response.body, "{}" diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 162ab313d4..617958d029 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RegistrationTest < ActionDispatch::IntegrationTest +class RegistrationTest < Devise::IntegrationTest test 'a guest admin should be able to sign in successfully' do get new_admin_session_path @@ -110,8 +110,7 @@ def user_sign_up assert_template 'registrations/new' assert_have_selector '#error_explanation' assert_contain "Email is invalid" - assert_contain Devise.rails4? ? - "Password confirmation doesn't match Password" : "Password doesn't match confirmation" + assert_contain "Password confirmation doesn't match Password" assert_contain "2 errors prohibited" assert_nil User.to_adapter.find_first @@ -217,8 +216,7 @@ def user_sign_up fill_in 'current password', with: '12345678' click_button 'Update' - assert_contain Devise.rails4? ? - "Password confirmation doesn't match Password" : "Password doesn't match confirmation" + assert_contain "Password confirmation doesn't match Password" assert_not User.to_adapter.find_first.valid_password?('pas123') end @@ -259,7 +257,7 @@ def user_sign_up end test 'an admin sign up with valid information in XML format should return valid response' do - post admin_registration_path(format: 'xml'), admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } + post admin_registration_path(format: 'xml'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } assert_response :success assert response.body.include? %(\n) @@ -268,7 +266,7 @@ def user_sign_up end test 'a user sign up with valid information in XML format should return valid response' do - post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } + post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } assert_response :success assert response.body.include? %(\n) @@ -277,21 +275,21 @@ def user_sign_up end test 'a user sign up with invalid information in XML format should return invalid response' do - post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } + post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } } assert_response :unprocessable_entity assert response.body.include? %(\n) end test 'a user update information with valid data in XML format should return valid response' do user = sign_in_as_user - put user_registration_path(format: 'xml'), user: { current_password: '12345678', email: 'user.new@test.com' } + put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } } assert_response :success assert_equal user.reload.email, 'user.new@test.com' end test 'a user update information with invalid data in XML format should return invalid response' do user = sign_in_as_user - put user_registration_path(format: 'xml'), user: { current_password: 'invalid', email: 'user.new@test.com' } + put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } } assert_response :unprocessable_entity assert_equal user.reload.email, 'user@test.com' end @@ -304,7 +302,7 @@ def user_sign_up end end -class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest +class ReconfirmableRegistrationTest < Devise::IntegrationTest test 'a signed in admin should see a more appropriate flash message when editing their account if reconfirmable is enabled' do sign_in_as_admin get edit_admin_registration_path diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index a762eb11c2..39d7e6065b 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RememberMeTest < ActionDispatch::IntegrationTest +class RememberMeTest < Devise::IntegrationTest def create_user_and_remember(add_to_token='') user = create_user user.remember_me! @@ -10,7 +10,7 @@ def create_user_and_remember(add_to_token='') end def generate_signed_cookie(raw_cookie) - request = ActionDispatch::TestRequest.new + request = Devise.rails5? ? ActionDispatch::TestRequest.create : ActionDispatch::TestRequest.new request.cookie_jar.signed['raw_cookie'] = raw_cookie request.cookie_jar['raw_cookie'] end @@ -47,8 +47,10 @@ def cookie_expires(key) get new_user_session_path assert request.session[:_csrf_token] - post user_session_path, authenticity_token: "oops", user: - { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" } + post user_session_path, params: { + authenticity_token: "oops", + user: { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" } + } assert_not warden.authenticated?(:user) assert_not request.cookies['remember_user_token'] end diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 1160571ce5..3c3503dcb1 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class SessionTimeoutTest < ActionDispatch::IntegrationTest +class SessionTimeoutTest < Devise::IntegrationTest def last_request_at @controller.user_session['last_request_at'] @@ -20,7 +20,7 @@ def last_request_at old_last_request = last_request_at assert_not_nil last_request_at - get users_path, {}, 'devise.skip_trackable' => true + get users_path, headers: { 'devise.skip_trackable' => true } assert_equal old_last_request, last_request_at end @@ -32,7 +32,7 @@ def last_request_at new_time = 2.seconds.from_now Time.stubs(:now).returns(new_time) - get users_path, {}, 'devise.skip_timeoutable' => true + get users_path, headers: { 'devise.skip_timeoutable' => true } assert_equal old_last_request, last_request_at end @@ -115,7 +115,7 @@ def last_request_at user = sign_in_as_user get expire_user_path(user) - post "/users/sign_in", email: user.email, password: "123456" + post "/users/sign_in", params: { email: user.email, password: "123456" } assert_response :redirect follow_redirect! diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index 0dbbee297a..4089dd5823 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class TrackableHooksTest < ActionDispatch::IntegrationTest +class TrackableHooksTest < Devise::IntegrationTest test "current and last sign in timestamps are updated on each sign in" do user = create_user diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 3cd03d8629..83f8a4301e 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -57,11 +57,7 @@ class ValidatableTest < ActiveSupport::TestCase user = new_user(password: 'new_password', password_confirmation: 'blabla') assert user.invalid? - if Devise.rails4? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join - else - assert_equal 'doesn\'t match confirmation', user.errors[:password].join - end + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join end test 'should require password when updating/resetting password' do @@ -79,11 +75,7 @@ class ValidatableTest < ActiveSupport::TestCase user.password_confirmation = 'another_password' assert user.invalid? - if Devise.rails4? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join - else - assert_equal 'doesn\'t match confirmation', user.errors[:password].join - end + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join end test 'should require a password with minimum of 7 characters' do diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 6f9c80e955..7dfc628090 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -1,8 +1,7 @@ require 'test_helper' class OmniAuthRoutesTest < ActionController::TestCase - ExpectedUrlGeneratiorError = Devise.rails4? ? - ActionController::UrlGenerationError : ActionController::RoutingError + ExpectedUrlGeneratiorError = ActionController::UrlGenerationError tests ApplicationController diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index 023e3cb79d..2386f1fe7e 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,6 +5,11 @@ ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__)) class ActiveSupport::TestCase - self.use_transactional_fixtures = true + if Rails.version >= '5.0.0' + self.use_transactional_tests = true + else + self.use_transactional_fixtures = true + end + self.use_instantiated_fixtures = false end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index f086cf9b91..a291580bde 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -23,43 +23,57 @@ def sanitizer(params) test 'filters some parameters on sign in by default' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" }) - assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitizer.sanitize(:sign_in)) + sanitized = sanitizer.sanitize(:sign_in) + sanitized = sanitized.to_h if sanitized.respond_to? :to_h + assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitized) end test 'handles auth keys as a hash' do swap Devise, authentication_keys: {email: true} do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in)) + sanitized = sanitizer.sanitize(:sign_in) + sanitized = sanitized.to_h if sanitized.respond_to? :to_h + assert_equal({ "email" => "jose", "password" => "invalid" }, sanitized) end end test 'filters some parameters on sign up by default' do sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" }) - assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_up)) + sanitized = sanitizer.sanitize(:sign_up) + sanitized = sanitized.to_h if sanitized.respond_to? :to_h + assert_equal({ "email" => "jose" }, sanitized) end test 'filters some parameters on account update by default' do sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" }) - assert_equal({ "email" => "jose" }, sanitizer.sanitize(:account_update)) + sanitized = sanitizer.sanitize(:account_update) + sanitized = sanitized.to_h if sanitized.respond_to? :to_h + assert_equal({ "email" => "jose" }, sanitized) end test 'allows custom hooks' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) sanitizer.for(:sign_in) { |user| user.permit(:email, :password) } - assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.sanitize(:sign_in)) + sanitized = sanitizer.sanitize(:sign_in) + sanitized = sanitized.to_h if sanitized.respond_to? :to_h + assert_equal({ "email" => "jose", "password" => "invalid" }, sanitized) end test 'adding multiple permitted parameters' do sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1", "role" => "valid" }) sanitizer.for(:sign_in).concat([:username, :role]) - assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitizer.sanitize(:sign_in)) + sanitized = sanitizer.sanitize(:sign_in) + sanitized = sanitized.to_h if sanitized.respond_to? :to_h + assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitized) end test 'removing multiple default parameters' do sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" }) sanitizer.for(:sign_in).delete(:email) sanitizer.for(:sign_in).delete(:password) - assert_equal({ "remember_me" => "1" }, sanitizer.sanitize(:sign_in)) + sanitized = sanitizer.sanitize(:sign_in) + sanitized = sanitized.to_h if sanitized.respond_to? :to_h + assert_equal({ "remember_me" => "1" }, sanitized) end test 'raises on unknown hooks' do diff --git a/test/rails_app/app/active_record/user.rb b/test/rails_app/app/active_record/user.rb index eefe2dd91b..431bdf5de7 100644 --- a/test/rails_app/app/active_record/user.rb +++ b/test/rails_app/app/active_record/user.rb @@ -1,6 +1,9 @@ require 'shared_user' +require 'active_model/serializers/xml' if Devise.rails5? +require 'active_model-serializers' if Devise.rails5? class User < ActiveRecord::Base include Shim include SharedUser + include ActiveModel::Serializers::Xml if Devise.rails5? end diff --git a/test/rails_app/app/controllers/admins_controller.rb b/test/rails_app/app/controllers/admins_controller.rb index 6c1fa3b540..6b39be19e4 100644 --- a/test/rails_app/app/controllers/admins_controller.rb +++ b/test/rails_app/app/controllers/admins_controller.rb @@ -1,5 +1,5 @@ class AdminsController < ApplicationController - before_filter :authenticate_admin! + before_action :authenticate_admin! def index end diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb index 740830dc1d..fdcce729fc 100644 --- a/test/rails_app/app/controllers/application_controller.rb +++ b/test/rails_app/app/controllers/application_controller.rb @@ -3,8 +3,8 @@ class ApplicationController < ActionController::Base protect_from_forgery - before_filter :current_user, unless: :devise_controller? - before_filter :authenticate_user!, if: :devise_controller? + before_action :current_user, unless: :devise_controller? + before_action :authenticate_user!, if: :devise_controller? respond_to *Mime::SET.map(&:to_sym) devise_group :commenter, contains: [:user, :admin] diff --git a/test/rails_app/app/controllers/home_controller.rb b/test/rails_app/app/controllers/home_controller.rb index c6471953e0..49ea8b1d70 100644 --- a/test/rails_app/app/controllers/home_controller.rb +++ b/test/rails_app/app/controllers/home_controller.rb @@ -20,6 +20,10 @@ def set end def unauthenticated - render text: "unauthenticated", status: :unauthorized + if Devise.rails5? + render body: "unauthenticated", status: :unauthorized + else + render text: "unauthenticated", status: :unauthorized + end end end diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index f6474be2a2..8d70ac6502 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -1,6 +1,6 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def facebook - data = env["omniauth.auth"] + data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : env["omniauth.auth"] session["devise.facebook_data"] = data["extra"]["user_hash"] render json: data end @@ -9,6 +9,6 @@ def sign_in_facebook user = User.to_adapter.find_first(email: 'user@test.com') user.remember_me = true sign_in user - render text: "" + render (Devise.rails5? ? :body : :text) => "" end end diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index c1ae874d37..420c010427 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -1,6 +1,6 @@ class UsersController < ApplicationController - prepend_before_filter :current_user, only: :exhibit - before_filter :authenticate_user!, except: [:accept, :exhibit] + prepend_before_action :current_user, only: :exhibit + before_action :authenticate_user!, except: [:accept, :exhibit] respond_to :html, :xml def index @@ -13,7 +13,7 @@ def edit_form end def update_form - render text: 'Update' + render (Devise.rails5? ? :body : :text) => 'Update' end def accept @@ -21,11 +21,11 @@ def accept end def exhibit - render text: current_user ? "User is authenticated" : "User is not authenticated" + render (Devise.rails5? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated" end def expire user_session['last_request_at'] = 31.minutes.ago.utc - render text: 'User will be expired on next request' + render (Devise.rails5? ? :body : :text) => 'User will be expired on next request' end end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 351b7c6ae4..5cffa8739a 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -28,7 +28,7 @@ class Application < Rails::Application # Configure sensitive parameters which will be filtered from the log file. config.filter_parameters << :password - config.assets.enabled = false + # config.assets.enabled = false config.action_mailer.default_url_options = { host: "localhost", port: 3000 } diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 1a479a1ab9..2d82acf5b7 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -3,9 +3,9 @@ end module Devise - # Detection for minor differences between Rails 3.2 and 4 in tests. - def self.rails4? - Rails.version.start_with? '4' + # Detection for minor differences between Rails 4 and 5 in tests. + def self.rails5? + Rails.version.start_with? '5' end end diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index 536b4f0908..b2f9f320b3 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -19,7 +19,12 @@ else config.serve_static_assets = true end - config.static_cache_control = "public, max-age=3600" + + if Rails.version >= "5.0.0" + config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'} + else + config.static_cache_control = "public, max-age=3600" + end # Show full error reports and disable caching. config.consider_all_requests_local = true diff --git a/test/rails_app/config/initializers/secret_token.rb b/test/rails_app/config/initializers/secret_token.rb index 24698914a1..35818fa165 100644 --- a/test/rails_app/config/initializers/secret_token.rb +++ b/test/rails_app/config/initializers/secret_token.rb @@ -1,8 +1,3 @@ config = Rails.application.config -if Devise.rails4? - config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' -else - config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571' - config.session_store :cookie_store, key: "_my_app" -end +config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' diff --git a/test/routes_test.rb b/test/routes_test.rb index d3b3765c4d..4c6a3a1f4a 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -ExpectedRoutingError = Devise.rails4? ? MiniTest::Assertion : ActionController::RoutingError +ExpectedRoutingError = MiniTest::Assertion class DefaultRoutingTest < ActionController::TestCase test 'map new user session' do @@ -202,37 +202,52 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'map with format false for sessions' do - assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in', method: :get}) + expected_params = {controller: 'devise/sessions', action: 'new'} + expected_params[:format] = false if Devise.rails5? + + assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/sessions', action: 'new'}, {path: '/htmlonly_admin/sign_in.xml', method: :get}) + assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in.xml', method: :get}) end end test 'map with format false for passwords' do - assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: '/htmlonly_admin/password', method: :post}) + expected_params = {controller: 'devise/passwords', action: 'create'} + expected_params[:format] = false if Devise.rails5? + + assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/passwords', action: 'create'}, {path: '/htmlonly_admin/password.xml', method: :post}) + assert_recognizes(expected_params, {path: '/htmlonly_admin/password.xml', method: :post}) end end test 'map with format false for registrations' do - assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: '/htmlonly_admin/sign_up', method: :get}) + expected_params = {controller: 'devise/registrations', action: 'new'} + expected_params[:format] = false if Devise.rails5? + + assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/registrations', action: 'new'}, {path: '/htmlonly_admin/sign_up.xml', method: :get}) + assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up.xml', method: :get}) end end test 'map with format false for confirmations' do - assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: '/htmlonly_users/confirmation', method: :get}) + expected_params = {controller: 'devise/confirmations', action: 'show'} + expected_params[:format] = false if Devise.rails5? + + assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/confirmations', action: 'show'}, {path: '/htmlonly_users/confirmation.xml', method: :get}) + assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation.xml', method: :get}) end end test 'map with format false for unlocks' do - assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: '/htmlonly_users/unlock', method: :get}) + expected_params = {controller: 'devise/unlocks', action: 'show'} + expected_params[:format] = false if Devise.rails5? + + assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get}) assert_raise ExpectedRoutingError do - assert_recognizes({controller: 'devise/unlocks', action: 'show'}, {path: '/htmlonly_users/unlock.xml', method: :get}) + assert_recognizes(expected_params, {path: '/htmlonly_users/unlock.xml', method: :get}) end end diff --git a/test/support/http_method_compatibility.rb b/test/support/http_method_compatibility.rb new file mode 100644 index 0000000000..7b8fdf0851 --- /dev/null +++ b/test/support/http_method_compatibility.rb @@ -0,0 +1,51 @@ +module Devise + class IntegrationTest < ActionDispatch::IntegrationTest + # %w( get post patch put head delete xml_http_request + # xhr get_via_redirect post_via_redirect + # ).each do |method| + %w( get post put ).each do |method| + if Rails.version >= '5.0.0' + define_method(method) do |url, options={}| + if options.empty? + super url + else + super url, options + end + end + else + define_method(method) do |url, options={}| + if options[:xhr]==true + xml_http_request __method__, url, options[:params] || {}, options[:headers] + else + super url, options[:params] || {}, options[:headers] + end + end + end + end + end + + class ControllerTestCase < ActionController::TestCase + # %w( get post patch put head delete xml_http_request + # xhr get_via_redirect post_via_redirect + # ).each do |method| + %w( get post put ).each do |method| + if Rails.version >= '5.0.0' + define_method(method) do |action, options={}| + if options.empty? + super action + else + super action, options + end + end + else + define_method(method) do |action, options={}| + if options[:xhr]==true + xml_http_request __method__, action, options[:params] || {}, options[:headers] + else + super action, options[:params] || {}, options[:headers] + end + end + end + end + end +end diff --git a/test/support/webrat/integrations/rails.rb b/test/support/webrat/integrations/rails.rb index 03821d2628..6f4aedcf21 100644 --- a/test/support/webrat/integrations/rails.rb +++ b/test/support/webrat/integrations/rails.rb @@ -14,6 +14,15 @@ def logger # :nodoc: ::Rails.logger end end + + class RailsAdapter + protected + + def do_request(http_method, url, data, headers) + update_protocol(url) + integration_session.send(http_method, normalize_url(url), params: data, headers: headers) + end + end end module ActionDispatch #:nodoc: diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index 2f02b173f0..31230e3552 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class TestHelpersTest < ActionController::TestCase +class TestHelpersTest < Devise::ControllerTestCase tests UsersController include Devise::TestHelpers @@ -27,7 +27,7 @@ class TestHelpersTest < ActionController::TestCase assert !user.active_for_authentication? sign_in user - get :accept, id: user + get :accept, params: { id: user } assert_nil assigns(:current_user) end end @@ -163,7 +163,7 @@ def respond test "creates a new warden proxy if the request object has changed" do old_warden_proxy = warden - @request = ActionController::TestRequest.new + @request = Devise.rails5? ? ActionController::TestRequest.create : ActionController::TestRequest.new new_warden_proxy = warden assert_not_equal old_warden_proxy, new_warden_proxy From 8701a88c946d423642e2561321ef8058e3b039b2 Mon Sep 17 00:00:00 2001 From: betesh Date: Tue, 15 Dec 2015 02:52:17 -0500 Subject: [PATCH 0806/1473] Removed unnecessary module --- lib/devise/models/confirmable.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 5a05e0f95f..5adb7a5e7a 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -40,7 +40,6 @@ module Models # module Confirmable extend ActiveSupport::Concern - include ActionView::Helpers::DateHelper included do before_create :generate_confirmation_token, if: :confirmation_required? From 23933d2fb05045bef2731fabbcfbe836126f7a35 Mon Sep 17 00:00:00 2001 From: Siva Gollapalli Date: Tue, 15 Dec 2015 15:17:11 +0530 Subject: [PATCH 0807/1473] FIX# Comparing times in UTC --- lib/devise/models/recoverable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index e5c5a2c8ab..94407e1ed2 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -83,7 +83,7 @@ def send_reset_password_instructions # reset_password_period_valid? # will always return false # def reset_password_period_valid? - reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago + reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago.utc end protected From 7b000390ac267ad4ad15c29145c652ebf3c82c90 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 15 Dec 2015 11:48:41 -0200 Subject: [PATCH 0808/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 1165 +------------------------------------------------- 1 file changed, 5 insertions(+), 1160 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11e6996d75..3c312f257e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,1162 +1,7 @@ -### Unreleased +### (4.0.0) Unreleased -### 3.5.3 - 2015-12-10 +* Support added to Rails 5 (by @twalpole). +* Devise no longer supports Rails 3.2 and 4.0. +* Devise no longer supports Ruby 1.9 and 2.0. -* bug fixes - * Fix password reset for records where `confirmation_required?` is disabled and - `confirmation_sent_at` is nil. (by @andygeers) - * Allow resources with no `email` field to be recoverable (and do not clear the - reset password token if the model was already persisted). (by @seddy, @stanhu) - -* enhancements - * Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed. - -### 3.5.2 - 2015-08-10 - -* enhancements - * Perform case insensitive basic authorization matching - -* bug fixes - * Do not use digests for password confirmation token - * Fix infinite redirect in Rails 4.2 authenticated routes - * Autoload Devise::Encryptor to avoid errors on thread-safe mode - -* deprecations - * `config.expire_auth_token_on_timeout` was removed - -### 3.5.1 - 2015-05-24 - -Note: 3.5.0 has been yanked due to a regression - -* security improvements - * Clean up reset password token whenever e-mail or password changes. thanks to George Deglin & Dennis Charles Hackethal for reporting this bug - * Ensure empty `authenticable_salt` cannot be used as remember token. This bug can only affect users who manually implement their own `authenticable_salt` and allow empty values as salt - -* enhancements - * The hint about minimum password length required both `@validatable` and `@minimum_password_length` variables on the views, it now uses only the latter. If you have generated the views relying on the `@validatable` variable, replace it with `@minimum_password_length`. - * Added an ActiveSupport load hook for `:devise_controller`. (by @nakhli) - * Location fragments are now preserved between requests. (by @jbourassa) - * Added an `after_remembered` callback for the Rememerable module. (by @BM5k) - * `RegistrationsController#new` and `SessionsController#new` now yields the - current resource. (by @mtarnovan, @deivid-rodriguez) - * Password length validation is now limited to 72 characters for newer apps. (by @lleger) - * Controllers inheriting from any Devise core controller will now use appropriate translations. The i18n scope can be overridden in `translation_scope`. - * Allow the user to set the length of friendly token. (by @Angelmmiguel) - -* bug fixes - * Use router_name from scope if one is available to support isolated engines. (by @cipater) - * Do not clean up CSRF on rememberable. - * Only use flash if it has been configured in failure app. (by @alex88) - -* deprecations - * `confirm!` has been deprecated in favor of `confirm`. - * `reset_password!` has been deprecated in favor of `reset_password`. - * `Devise.bcrypt` has been deprecated in favor of `Devise::Encryptor.digest`". - -### 3.4.1 - 2014-10-29 - -* enhancements - * Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns) - * Passing `now: true` to the `set_flash_message` helper now sets the message into - the `flash.now` Hash. (by @hbriggs) -* bugfixes - * Fixed an regression with translation of flash messages for when the `authentication_keys` - config is a Hash. (by @lucasmazza) - -### 3.4.0 - 2014-10-03 - -* enhancements - * Support added for Rails 4.2. Devise now depends on the `responders` gem due - the extraction of the `respond_with` API from Rails. (by @lucasmazza) - * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding - a hint about the minimum password length when `validatable` is enabled. (by @aried3r) - * Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag - to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by @Chun-Yang) - * Removed the hardcoded references for "email" in the flash messages. If you are using - different attributes as the `authentication_keys` they will be interpolated in the - messages instead. (by @timoschilling) -* bug fix - * Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished` - exception when executed inside a mountable engine. (by @lucasmazza) - * Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by @micat) - * Ensure all causes of failed login have the same error message (by @pjungwir) - * The `last_attempt_warning` now takes effect when generating the unauthenticated - message for your users. To keep the current behavior, this flag is now `true` - by default. (by @lucasmazza) - -### 3.3.0 - 2014-08-13 - -* enhancements - * Support multiple warden configuration blocks on devise configuration. (by @rossta) - * Previously, when a user signed out, all remember me tokens for all sessions/browsers would be - invalidated, and this behavior could not be changed. This behavior is now configurable via - `expire_all_remember_me_on_sign_out`. The default continues to be true. (by @laurocaetano) - * Default email messages was updated with grammar fixes, check the diff on - #2906 for the updated copy (by @p-originate) - * Allow a resource to be found based on its encrypted password token (by @karlentwistle) - * Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz) - * The default views now use `Log in` instead of `Sign in` and have a hint about the minimum password length if - the current scope is using the `validatable` module (by @alexsoble) - -* bug fix - * Check if there is a signed in user before executing the `SessionsController#destroy`. - * `SessionsController#destroy` no longer yields the `resource` to receiving block, - since the resource isn't loaded in the action. If you need access to the current - resource when overring the action use the scope helper (like `current_user`) before - calling `super` - * Serialize the `last_request_at` entry as an Integer - * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson) - * Only valid paths will be stored for redirections (by @parallel588) - -### 3.2.4 - 2014-03-17 - -* enhancements - * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86. - * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline) - -### 3.2.3 - 2014-02-20 - -* enhancements - * Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`. - You can change this and use your own secret by changing the `devise.rb` initializer. - -* bug fix - * Migrations will be properly generated when using rails 4.1.0. - -### 3.2.2 - 2013-11-25 - -* bug fix - * Ensure timeoutable works when `sign_out_all_scopes` is false (by @louman) - * Keep the query string when storing location (by @csexton) - * Require rails generator base class in devise generators - -### 3.2.1 - 2013-11-13 - -Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode - -* enhancements - * Add `store_location_for` helper and ensure it is safe (by @matthewrudy and @homakov) - * Add `yield` around resource methods in Devise controllers (by @edelpero) - -* bug fix - * Bring `password_digest` back to fix compatibility with `devise-encryptable` - * Avoid e-mail enumeration on sign in when in paranoid mode - -### 3.2.0 - 2013-11-06 - -* enhancements - * Previously deprecated token authenticatable and insecure lookups have been removed - * Add a class method so you can encrypt passwords from fixtures (by @tenderlove) - * Send custom message when user enters invalid password and it has only one attempt - to enter correct password before their account will be locked (by @Lightpower) - * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery) - * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev) - -* bug fix - * A GET to sign_in page shouldn't extend the session (by @drewish) - * Splat the arguments to `strong_parameters#permit` to work around a limitation in the `strong_parameters` gem (by @memberful) - * Omniauth now uses `mapping.fullpath` when generating routes. This means if you call `devise_for :users` inside a scope, like `scope "/api"`, the scope will now apply to the omniauth route (by @AlexanderZaytsev) - * Ensure timeoutable hook respects `Devise.sign_out_all_scopes` configuration - -* deprecations - * `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!` - -### 3.1.1 - 2013-10-01 - -* bug fix - * Improve default message which asked users to sign in even when they were already signed (by @gregates) - * Improve error message for when the config.secret_key is missing - -### 3.1.0 - 2013-09-05 - -Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ - -* backwards incompatible changes - * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_token_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration - * The Devise mailer and its views were changed to explicitly receive a token argument as `@token`. You will need to update your mailers and re-copy the views to your application with `rails g devise:views` - * Sanitization of parameters should be done by calling `devise_parameter_sanitizer.sanitize(:action)` instead of `devise_parameter_sanitizer.for(:action)` - -* deprecations - * Token authentication is deprecated - -* enhancements - * Better security defaults - * Allow easier customization of parameter sanitizer (by @alexpeattie) - -* bug fix - * Do not confirm e-mail after password reset (by @moll) - * Do not sign in after confirmation - * Do not store confirmation, unlock and reset password tokens directly in the database - * Do not compare directly against confirmation, unlock and reset password tokens - * Skip storage for cookies on unverified requests - -### 3.0.2 - 2013-08-09 - -* bug fix - * Skip storage for cookies on unverified requests - -### 3.0.1 - 2013-08-02 - -Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/ - -* enhancements - * Add after_confirmation callback - -* bug fix - * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne) - * Clean up CSRF token after authentication (by @homakov). Notice this change will clean up the CSRF Token after authentication (sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server. - -### 3.0.0 - 2013-07-14 - -* enhancements - * Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) - * Drop support for Rails < 3.2 and Ruby < 1.9.3 - * Enable to skip sending reconfirmation email when reconfirmable is on and `skip_confirmation_notification!` is invoked (by @tkhr) - -* bug fix - * Errors on unlock are now properly reflected on the first `unlock_keys` - -### 2.2.4 - 2013-05-07 - -* enhancements - * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3) - * Allow to override path after password resetting (by @worker8) - * Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by @gregates) - * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby) - * Support Rails' token strategy on authentication (by @robhurring) - * Support explicitly setting the http authentication key via `config.http_authentication_key` (by @neo) - -* bug fix - * Do not redirect when accessing devise API via JSON. (by @sebastianwr) - * Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by @nashby) - * Fix inheriting mailer templates from `Devise::Mailer` - * Fix a bug when procs are used as default mailer in Devise (by @tomasv) - -* backwards incompatible changes - * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606 - -### 2.2.3 - 2013-01-26 - -Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/ - -* bug fix - * Require string conversion for all values - -### 2.2.2 - 2013-01-15 - -* bug fix - * Fix bug when checking for reconfirmable in templates - -### 2.2.1 - 2013-01-11 - -* bug fix - * Fix regression with case_insensitive_keys - * Fix regression when password is blank when it is invalid - -### 2.2.0 - 2013-01-08 - -* backwards incompatible changes - * `headers_for` is deprecated, customize the mailer directly instead - * All mailer methods now expect a second argument with delivery options - * Default minimum password length is now 8 (by @carlosgaldino) - * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (by @gabetax) - * DeviseController responds only to HTML requests by default (call `DeviseController.respond_to` or `ApplicationController.respond_to` to add new formats) - * Support Mongoid 3 onwards (by @durran) - -* enhancements - * Fix unlockable which could leak account existence on paranoid mode (by @latortuga) - * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt) - * Flash messages in controller now respects `resource_name` (by @latortuga) - * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast) - * Add autofocus to default views (by @Radagaisus) - * Unlock user on password reset (by @marcinb) - * Allow validation callbacks to apply to virtual attributes (by @latortuga) - -* bug fix - * unconfirmed_email now uses the proper e-mail on salutation - * Fix default email_regexp config to not allow spaces (by @kukula) - * Fix a regression introduced on warden 1.2.1 (by @ejfinneran) - * Properly camelize omniauth strategies (by @saizai) - * Do not set flash messages for non navigational requests on session sign out (by @mathieul) - * Set the proper fields as required on the lockable module (by @nickhoffman) - * Respects Devise mailer default's reply_to (by @mrchrisadams) - * Properly assign resource on `sign_in` related action (by @adammcnamara) - * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby) - * Properly handle namespaced models on Active Record generator (by @nashby) - -### 2.1.4 - 2013-08-18 - -* bugfix - * Do not confirm account after reset password - -### 2.1.3 - 2013-01-26 - -* bugfix - * Require string conversion for all values - -### 2.1.2 - 2012-06-19 - -* enhancements - * Handle backwards incompatibility between Rails 3.2.6 and Thor 0.15.x - -* bug fix - * Fix regression on strategy validation on previous release - -### 2.1.1 - 2012-06-15 (yanked) - -* enhancements - * `sign_out_all_scopes` now locks warden and does not allow new logins in the same action - * `Devise.omniauth_path_prefix` is available to configure omniauth path prefix - * Redirect to sign in page when trying to access password#edit without a token (by @gbataille) - * Allow a lambda in authenticate(d) routes helpers to further select the scope - * Removed warnings on Rails 3.2.6 (by @nashby) - -* bug fix - * `update_with_password` now relies on assign_attributes and forwards the :as option (by @wtn) - * Do not trigger timeout on sign in related actions - * Timeout does not explode when reset_authentication_token! is accidentally defined by Active Model (by @remomueller) - -* deprecations - * Strategy#validate() no longer validates nil resources - -### 2.1.0 - 2012-05-15 - -* enhancements - * Add `check_fields!(model_class)` method on Devise::Models to check if the model includes the fields that Devise uses - * Add `skip_reconfirmation!` to skip reconfirmation - * Devise model generator now works with engines - * Devise encryptable was moved to its new gem (http://github.com/plataformatec/devise-encryptable) - -* deprecations - * Deprecations warnings added on Devise 2.0 are now removed with their features - * All devise modules should now have a `required_fields(klass)` module method to help gathering missing attributes - * `use_salt_as_remember_token` and `apply_schema` does not have any effect since 2.0 and are now deprecated - * `valid_for_authentication?` must now return a boolean - -* bug fix - * Ensure after sign in hook is not called without a resource - * Fix a term: now on Omniauth related flash messages, we say that we're authenticating from an omniauth provider instead of authorizing - * Fixed redirect when authenticated mounted apps (by @hakanensari) - * Ensure the failure app still respects config.relative_url_root - * `/users/sign_in` doesn't choke on protected attributes used to select sign in scope (by @Paymium) - * `failed_attempts` is set to zero after any sign in (including via reset password) (by @rodrigoflores) - * Added token expiration on timeout (by @antiarchitect) - * Do not accidentally mark `_prefixes` as private - * Better support for custom strategies on test helpers (by @mattconnolly) - * Return `head :no_content` in SessionsController now that most JS libraries handle it (by @julianvargasalvarez) - * Reverted moving devise/shared/_links.erb to devise/_links.erb - -### 2.0.4 - 2012-02-17 - -Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0 - -* bug fix - * Fix when :host is used with devise_for (by @mreinsch) - * Fix a regression that caused Warden to be initialized too late - -### 2.0.3 - 2012-06-16 (yanked) - -* bug fix - * Ensure warning is not shown by mistake on apps with mounted engines - * Fixes related to remember_token and rememberable_options - * Ensure serializable_hash does not depend on accessible attributes - * Ensure that timeout callback does not run on sign out action - -### 2.0.2 - 2012-02-14 - -* enhancements - * Add devise_i18n_options to customize I18n message - -* bug fix - * Ensure Devise.available_router_name defaults to :main_app - * Set autocomplete to off for password on edit forms - * Better error messages in case a trackable model can't be saved - * Show a warning in case someone gives a pluralized name to devise generator - * Fix test behavior for rspec subject requests (by @sj26) - -### 2.0.1 - 2012-02-09 - -* enhancements - * Improved error messages on deprecation warnings - * Hide Devise's internal generators from `rails g` command - -* bug fix - * Removed tmp and log files from gem - -### 2.0.0 - 2012-01-26 - -* enhancements - * Add support for e-mail reconfirmation on change (by @Mandaryn and @heimidal) - * Redirect users to sign in page after unlock (by @nashby) - * Redirect to the previous URL on timeout - * Inherit from the same Devise parent controller (by @sj26) - * Allow parent_controller to be customizable via Devise.parent_controller, useful for engines - * Allow router_name to be customizable via Devise.router_name, useful for engines - * Allow alternate ORMs to run compatibility setup code before Authenticatable is included (by @jm81) - -* deprecation - * Devise now only supports Rails 3.1 forward - * Devise.confirm_within was deprecated in favor Devise.allow_unconfirmed_access_for - * Devise.stateless_token= is deprecated in favor of appending :token_auth to Devise.skip_session_storage - * Usage of Devise.apply_schema is deprecated - * Usage of Devise migration helpers are deprecated - * Usage of Devise.remember_across_browsers was deprecated - * Usage of rememberable with remember_token was removed - * Usage of recoverable without reset_password_sent_at was removed - * Usage of Devise.case_insensitive_keys equals to false was removed - * Move devise/shared/_links.erb to devise/_links.erb - * Deprecated support of nested devise_for blocks - * Deprecated support to devise.registrations.reasons and devise.registrations.inactive_signed_up in favor of devise.registrations.signed_up_but_* - * Protected method render_with_scope was removed. - -### 1.5.3 - 2011-12-19 - -* bug fix - * Ensure delegator converts scope to symbol (by @dmitriy-kiriyenko) - * Ensure passing :format => false to devise_for is not permanent - * Ensure path checker does not check invalid routes - -### 1.5.2 - 2011-11-30 - -* enhancements - * Add support for Rails 3.1 new mass assignment conventions (by @kirs) - * Add timeout_in method to Timeoutable, it can be overridden in a model (by @lest) - -* bug fix - * OmniAuth error message now shows the proper option (:strategy_class instead of :klass) - -### 1.5.1 - 2011-11-22 - -* bug fix - * Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise. - -### 1.5.0 - 2011-11-13 - -* enhancements - * Timeoutable also skips tracking if skip_trackable is given - * devise_for now accepts :failure_app as an option - * Models can select the proper mailer via devise_mailer method (by @locomotivecms) - * Migration generator now uses the change method (by @nashby) - * Support to markerb templates on the mailer generator (by @sbounmy) - * Support for Omniauth 1.0 (older versions are no longer supported) (by @TamiasSibiricus) - -* bug fix - * Allow idempotent API requests - * Fix bug where logs did not show 401 as status code - * Change paranoid settings to behave as success instead of as failure - * Fix bug where activation messages were shown first than the credentials error message - * Instance variables are expired after sign out - -* deprecation - * redirect_location is deprecated, please use after_sign_in_path_for - * after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it - -### 1.4.9 - 2011-10-19 - -* bug fix - * url helpers were not being set under some circumstances - -### 1.4.8 - 2011-10-09 - -* enhancements - * Add docs for assets pipeline and Heroku - -* bug fix - * confirmation_url was not being set under some circumstances - -### 1.4.7 - 2011-09-21 - -* bug fix - * Fix backward incompatible change from 1.4.6 for those using custom controllers - -### 1.4.6 - 2011-09-19 (yanked) - -* enhancements - * Allow devise_for :skip => :all - * Allow options to be passed to authenticate_user! - * Allow --skip-routes to devise generator - * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller - -### 1.4.5 - 2011-09-07 - -* bug fix - * Failure app tries the root path if a session one does not exist - * No need to finalize Devise helpers all the time (by @bradleypriest) - * Reset password shows proper message if user is not active - * `clean_up_passwords` sets the accessors to nil to skip validations - -### 1.4.4 - 2011-08-30 - -* bug fix - * Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually - -### 1.4.3 - 2011-08-29 - -* enhancements - * Improve Rails 3.1 compatibility - * Use serialize_into_session and serialize_from_session in Warden serialize to improve extensibility - -* bug fix - * Generator properly generates a change_table migration if a model already exists - * Properly deprecate setup_mail - * Fix encoding issues with email regexp - * Only generate helpers for the used mappings - * Wrap :action constraints in the proper hash - -* deprecations - * Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation - -### 1.4.2 - 2011-06-30 - -* bug fix - * Provide a more robust behavior to serializers and add :force_except option - -### 1.4.1 - 2011-06-29 - -* enhancements - * Add :defaults and :format support on router - * Add simple form generators - * Better localization for devise_error_messages! (by @zedtux) - -* bug fix - * Ensure to_xml is properly white listened - * Ensure handle_unverified_request clean up any cached signed-in user - -### 1.4.0 - 2011-06-23 - -* enhancements - * Added authenticated and unauthenticated to the router to route the used based on their status (by @sj26) - * Improve e-mail regexp (by @rodrigoflores) - * Add strip_whitespace_keys and default to e-mail (by @swrobel) - * Do not run format and uniqueness validations on e-mail if it hasn't changed (by @Thibaut) - * Added update_without_password to update models but not allowing the password to change (by @fschwahn) - * Added config.paranoid, check the generator for more information (by @rodrigoflores) - -* bug fix - * password_required? should not affect length validation - * User cannot access sign up and similar pages if they are already signed in through a cookie or token - * Do not convert booleans to strings on finders (by @xavier) - * Run validations even if current_password fails (by @crx) - * Devise now honors routes constraints (by @macmartine) - * Do not return the user resource when requesting instructions (by @rodrigoflores) - -### 1.3.4 - 2011-04-28 - -* bug fix - * Do not add formats if html or "*/*" - -### 1.3.3 - 2011-04-20 - -* bug fix - * Explicitly mark the token as expired if so - -### 1.3.2 - 2011-04-20 - -* bug fix - * Fix another regression related to reset_password_sent_at (by @alexdreher) - -### 1.3.1 - 2011-04-18 - -* enhancements - * Improve failure_app responses (by @indirect) - * sessions/new and registrations/new also respond to xml and json now - -* bug fix - * Fix a regression that occurred if reset_password_sent_at is not present (by @stevehodgkiss) - -### 1.3.0 - 2011-04-15 - -* enhancements - * All controllers can now handle different mime types than html using Responders (by @sikachu) - * Added reset_password_within as configuration option to send the token for recovery (by @jdguyot) - * Bump password length to 128 characters (by @k33l0r) - * Add :only as option to devise_for (by @timoschilling) - * Allow to override path after sending password instructions (by @irohiroki) - * require_no_authentication has its own flash message (by @jackdempsey) - -* bug fix - * Fix a bug where configuration options were being included too late - * Ensure Devise::TestHelpers can be used to tests Devise internal controllers (by @jwilger) - * valid_password? should not choke on empty passwords (by @mikel) - * Calling devise more than once does not include previously added modules anymore - * downcase_keys before validation - -* backward incompatible changes - * authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior. - -### 1.2.1 - 2011-03-27 - -* enhancements - * Improve update path messages - -### 1.2.0 - 2011-03-24 - -* bug fix - * Properly ignore path prefix on omniauthable - * Faster uniqueness queries - * Rename active? to active_for_authentication? to avoid conflicts - -### 1.2.rc2 - 2011-03-10 - -* enhancements - * Make friendly_token 20 chars long - * Use secure_compare - -* bug fix - * Fix an issue causing infinite redirects in production - * rails g destroy works properly with devise generators (by @andmej) - * before_failure callbacks should work on test helpers (by @twinge) - * rememberable cookie now is httponly by default (by @JamesFerguson) - * Add missing confirmation_keys (by @JohnPlummer) - * Ensure after_* hooks are called on RegistrationsController - * When using database_authenticatable Devise will now only create an email field when appropriate (if using default authentication_keys or custom authentication_keys with email included) - * Ensure stateless token does not trigger timeout (by @pixelauthority) - * Implement handle_unverified_request for Rails 3.0.4 compatibility and improve FailureApp reliance on symbols - * Consider namespaces while generating routes - * Custom failure apps no longer ignored in test mode (by @jaghion) - * Do not depend on ActiveModel::Dirty - * Manual sign_in now triggers remember token - * Be sure to halt strategies on failures - * Consider SCRIPT_NAME on Omniauth paths - * Reset failed attempts when lock is expired - * Ensure there is no Mongoid injection - -* deprecations - * Deprecated anybody_signed_in? in favor of signed_in? (by @gavinhughes) - * Removed --haml and --slim view templates - * Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode - -### 1.2.rc - 2010-10-25 - -* deprecations - * cookie_domain is deprecated in favor of cookie_options - * after_update_path_for can no longer be defined in ApplicationController - -* enhancements - * Added OmniAuth support - * Added ORM adapter to abstract ORM iteraction - * sign_out_via is available in the router to configure the method used for sign out (by @martinrehfeld) - * Improved Ajax requests handling in failure app (by @spastorino) - * Added request_keys to easily use request specific values (like subdomain) in authentication - * Increased the size of friendly_token to 60 characters (reduces the chances of a successful brute attack) - * Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by @rymai) - * Extracted encryptors into :encryptable for better bcrypt support - * :rememberable is now able to use salt as token if no remember_token is provided - * Store the salt in session and expire the session if the user changes their password - * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication - * cookie_options uses session_options values by default - * Sign up now checks if the user is active or not and redirect them accordingly, setting the inactive_signed_up message - * Use ActiveModel#to_key instead of #id - * sign_out_all_scopes now destroys the whole session - * Added case_insensitive_keys that automatically downcases the given keys, by default downcases only e-mail (by @adahl) - -* default behavior changes - * sign_out_all_scopes defaults to true as security measure - * http authenticatable is disabled by default - * Devise does not intercept 401 returned from applications - -* bugfix - * after_sign_in_path_for always receives a resource - * Do not execute Warden::Callbacks on Devise::TestHelpers (by @sgronblo) - * Allow password recovery and account unlocking to change used keys (by @RStankov) - * FailureApp now properly handles nil request.format - * Fix a bug causing FailureApp to return with HTTP Auth Headers for IE7 - * Ensure namespaces has proper scoped views - * Ensure Devise does not set empty flash messages (by @sxross) - -### 1.1.6 - 2011-02-14 - -* Use a more secure e-mail regexp -* Implement Rails 3.0.4 handle unverified request -* Use secure_compare to compare passwords - -### 1.1.5 - 2010-11-26 - -* bugfix - * Ensure to convert keys on indifferent hash - -* defaults - * Set config.http_authenticatable to false to avoid confusion - -### 1.1.4 - 2010-11-25 - -* bugfix - * Avoid session fixation attacks - -### 1.1.3 - 2010-09-23 - -* bugfix - * Add reply-to to e-mail headers by default - * Updated the views generator to respect the rails :template_engine option (by @fredwu) - * Check the type of HTTP Authentication before using Basic headers - * Avoid invalid_salt errors by checking salt presence (by @thibaudgg) - * Forget user deletes the right cookie before logout, not remembering the user anymore (by @emtrane) - * Fix for failed first-ever logins on PostgreSQL where column default is nil (by @bensie) - * :default options is now honored in migrations - -### 1.1.2 - 2010-08-25 - -* bugfix - * Compatibility with latest Rails routes schema - -### 1.1.1 - 2010-07-26 - -* bugfix - * Fix a small bug where generated locale file was empty on devise:install - -### 1.1.0 - 2010-07-25 - -* enhancements - * Rememberable module allows user to be remembered across browsers and is enabled by default (by @trevorturk) - * Rememberable module allows you to activate the period the remember me token is extended (by @trevorturk) - * devise_for can now be used together with scope method in routes but with a few limitations (check the documentation) - * Support `as` or `devise_scope` in the router to specify controller access scope - * HTTP Basic Auth can now be disabled/enabled for xhr(ajax) requests using http_authenticatable_on_xhr option (by @pellja) - -* bug fix - * Fix a bug in Devise::TestHelpers where current_user was returning a Response object for non active accounts - * Devise should respect script_name and path_info contracts - * Fix a bug when accessing a path with (.:format) (by @klacointe) - * Do not add unlock routes unless unlock strategy is email or both - * Email should be case insensitive - * Store classes as string in session, to avoid serialization and stale data issues - -* deprecations - * use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead - -### 1.1.rc2 - 2010-06-22 - -* enhancements - * Allow to set cookie domain for the remember token. (by @mantas) - * Added navigational formats to specify when it should return a 302 and when a 401. - * Added authenticate(scope) support in routes (by @wildchild) - * Added after_update_path_for to registrations controller (by @thedelchop) - * Allow the mailer object to be replaced through config.mailer = "MyOwnMailer" - -* bug fix - * Fix a bug where session was timing out on sign out - -* deprecations - * bcrypt is now the default encryptor - * devise.mailer.confirmations_instructions now should be devise.mailer.confirmations_instructions.subject - * devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject - * Generators now use Rails 3 syntax (devise:install) instead of devise_install - -### 1.1.rc1 - 2010-04-14 - -* enhancements - * Rails 3 compatibility - * All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions" - * Devise.orm is deprecated. This reduces the required API to hook your ORM with devise - * Use metal for failure app - * HTML e-mails now have proper formatting - * Allow to give :skip and :controllers in routes - * Move trackable logic to the model - * E-mails now use any template available in the filesystem. Easy to create multipart e-mails - * E-mails asks headers_for in the model to set the proper headers - * Allow to specify haml in devise_views - * Compatibility with Mongoid - * Make config.devise available on config/application.rb - * TokenAuthenticatable now works with HTTP Basic Auth - * Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or none. Setting those values to :none means that you want to handle lock and unlocking by yourself - * No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3 - * :activatable is included by default in your models - -* bug fix - * Fix a bug with STI - -* deprecations - * Rails 3 compatible only - * Removed support for MongoMapper - * Scoped views are no longer "sessions/users/new". Now use "users/sessions/new" - * Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead - * Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options - * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure - * :as and :scope in routes is deprecated. Use :path and :singular instead - -### 1.0.8 - 2010-06-22 - -* enhancements - * Support for latest MongoMapper - * Added anybody_signed_in? helper (by @SSDany) - -* bug fix - * confirmation_required? is properly honored on active? calls. (by @paulrosania) - -### 1.0.7 - 2010-05-02 - -* bug fix - * Ensure password confirmation is always required - -* deprecations - * authenticatable was deprecated and renamed to database_authenticatable - * confirmable is not included by default on generation - -### 1.0.6 - 2010-04-02 - -* bug fix - * Do not allow unlockable strategies based on time to access a controller. - * Do not send unlockable email several times. - * Allow controller to upstram custom! failures to Warden. - -### 1.0.5 - 2010-03-25 - -* bug fix - * Use prepend_before_filter in require_no_authentication. - * require_no_authentication on unlockable. - * Fix a bug when giving an association proxy to devise. - * Do not use lock! on lockable since it's part of ActiveRecord API. - -### 1.0.4 - 2010-03-02 - -* bug fix - * Fixed a bug when deleting an account with rememberable - * Fixed a bug with custom controllers - -### 1.0.3 - 2010-02-22 - -* enhancements - * HTML e-mails now have proper formatting - * Do not remove MongoMapper options in find - -### 1.0.2 - 2010-02-17 - -* enhancements - * Allows you set mailer content type (by @glennr) - -* bug fix - * Uses the same content type as request on http authenticatable 401 responses - -### 1.0.1 - 2010-02-16 - -* enhancements - * HttpAuthenticatable is not added by default automatically. - * Avoid mass assignment error messages with current password. - -* bug fix - * Fixed encryptors autoload - -### 1.0.0 - 2010-02-08 - -* deprecation - * :old_password in update_with_password is deprecated, use :current_password instead - -* enhancements - * Added Registerable - * Added Http Basic Authentication support - * Allow scoped_views to be customized per controller/mailer class - * Allow authenticatable to used in change_table statements - -### 0.9.2 - 2010-02-04 - -* bug fix - * Ensure inactive user cannot sign in - * Ensure redirect to proper url after sign up - -* enhancements - * Added gemspec to repo - * Added token authenticatable (by @grimen) - -### 0.9.1 - 2010-01-24 - -* bug fix - * Allow bigger salt size (by @jgeiger) - * Fix relative url root - -### 0.9.0 - 2010-01-20 - -* deprecation - * devise :all is deprecated - * :success and :failure flash messages are now :notice and :alert - -* enhancements - * Added devise lockable (by @mhfs) - * Warden 0.9.0 compatibility - * Mongomapper 0.6.10 compatibility - * Added Devise.add_module as hooks for extensions (by @grimen) - * Ruby 1.9.1 compatibility (by @grimen) - -* bug fix - * Accept path prefix not starting with slash - * url helpers should rely on find_scope! - -### 0.8.2 - 2010-01-12 - -* enhancements - * Allow Devise.mailer_sender to be a proc (by @grimen) - -* bug fix - * Fix bug with passenger, update is required to anyone deploying on passenger (by @dvdpalm) - -### 0.8.1 - 2010-01-07 - -* enhancements - * Move salt to encryptors - * Devise::Lockable - * Moved view links into partial and I18n'ed them - -* bug fix - * Bcrypt generator was not being loaded neither setting the proper salt - -### 0.8.0 - 2010-01-06 - -* enhancements - * Warden 0.8.0 compatibility - * Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work - * Added :bcrypt encryptor (by @capotej) - -* bug fix - * sign_in_count is also increased when user signs in via password change, confirmation, etc.. - * More DataMapper compatibility (by @lancecarlson) - -* deprecation - * Removed DeviseMailer.sender - -### 0.7.5 - 2010-01-01 - -* enhancements - * Set a default value for mailer to avoid find_template issues - * Add models configuration to MongoMapper::EmbeddedDocument as well - -### 0.7.4 - 2009-12-21 - -* enhancements - * Extract Activatable from Confirmable - * Decouple Serializers from Devise modules - -### 0.7.3 - 2009-12-15 - -* bug fix - * Give scope to the proper model validation - -* enhancements - * Mail views are scoped as well - * Added update_with_password for authenticatable - * Allow render_with_scope to accept :controller option - -### 0.7.2 - 2009-12-14 - -* deprecation - * Renamed reset_confirmation! to resend_confirmation! - * Copying locale is part of the installation process - -* bug fix - * Fixed render_with_scope to work with all controllers - * Allow sign in with two different users in Devise::TestHelpers - -### 0.7.1 - 2009-12-09 - -* enhancements - * Small enhancements for other plugins compatibility (by @grimen) - -### 0.7.0 - 2009-12-08 - -* deprecations - * :authenticatable is not included by default anymore - -* enhancements - * Improve loading process - * Extract SessionSerializer from Authenticatable - -### 0.6.3 - 2009-12-02 - -* bug fix - * Added trackable to migrations - * Allow inflections to work - -### 0.6.2 - 2009-11-25 - -* enhancements - * More DataMapper compatibility - * Devise::Trackable - track sign in count, timestamps and ips - -### 0.6.1 - 2009-11-24 - -* enhancements - * Devise::Timeoutable - timeout sessions without activity - * DataMapper now accepts conditions - -### 0.6.0 - 2009-11-22 - -* deprecations - * :authenticatable is still included by default, but yields a deprecation warning - -* enhancements - * Added DataMapper support - * Remove store_location from authenticatable strategy and add it to failure app - * Allow a strategy to be placed after authenticatable - * Do not rely attribute? methods, since they are not added on Datamapper - -### 0.5.6 - 2009-11-21 - -* enhancements - * Do not send nil to build (DataMapper compatibility) - * Allow to have scoped views - -### 0.5.5 - 2009-11-20 - -* enhancements - * Allow overwriting find for authentication method - * Remove Ruby 1.8.7 dependency - -### 0.5.4 - 2009-11-19 - -* deprecations - * Deprecate :singular in devise_for and use :scope instead - -* enhancements - * Create after_sign_in_path_for and after_sign_out_path_for hooks to be - overwriten in ApplicationController - * Create sign_in_and_redirect and sign_out_and_redirect helpers - * Warden::Manager.default_scope is automatically configured to the first given scope - -### 0.5.3 - 2009-11-18 - -* bug fix - * MongoMapper now converts DateTime to Time - * Ensure all controllers are unloadable - -* enhancements - * Moved friendly_token to Devise - * Added Devise.all, so you can freeze your app strategies - * Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper - in cases you don't want it be handlded automatically - -### 0.5.2 - 2009-11-17 - -* enhancements - * Improved sign_in and sign_out helpers to accepts resources - * Added stored_location_for as a helper - * Added test helpers - -### 0.5.1 - 2009-11-15 - -* enhancements - * Added serializers based on Warden ones - * Allow authentication keys to be set - -### 0.5.0 - 2009-11-13 - -* bug fix - * Fixed a bug where remember me module was not working properly - -* enhancements - * Moved encryption strategy into the Encryptors module to allow several algorithms (by @mhfs) - * Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by @mhfs) - * Added support for MongoMapper (by @shingara) - -### 0.4.3 - 2009-11-10 - -* bug fix - * Authentication just fails if user cannot be serialized from session, without raising errors; - * Default configuration values should not overwrite user values; - -### 0.4.2 - 2009-11-06 - -* deprecations - * Renamed mail_sender to mailer_sender - -* enhancements - * skip_before_filter added in Devise controllers - * Use home_or_root_path on require_no_authentication as well - * Added devise_controller?, useful to select or reject filters in ApplicationController - * Allow :path_prefix to be given to devise_for - * Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported) - -### 0.4.1 - 2009-11-04 - -* bug fix - * Ensure options can be set even if models were not loaded - -### 0.4.0 - 2009-11-03 - -* deprecations - * Notifier is deprecated, use DeviseMailer instead. Remember to rename - app/views/notifier to app/views/devise_mailer and I18n key from - devise.notifier to devise.mailer - * :authenticable calls are deprecated, use :authenticatable instead - -* enhancements - * Allow devise to be more agnostic and do not require ActiveRecord to be loaded - * Allow Warden::Manager to be configured through Devise - * Created a generator which creates an initializer - -### 0.3.0 - 2009-10-30 - -* bug fix - * Allow yml messages to be configured by not using engine locales - -* deprecations - * Renamed confirm_in to confirm_within - * Do not send confirmation messages when user changes their e-mail - * Renamed authenticable to authenticatable and added deprecation warnings - -### 0.2.3 - 2009-10-29 - -* enhancements - * Ensure fail! works inside strategies - * Make unauthenticated message (when you haven't signed in) different from invalid message - -* bug fix - * Do not redirect on invalid authenticate - * Allow model configuration to be set to nil - -### 0.2.2 - 2009-10-28 - -* bug fix - * Fix a bug when using customized resources - -### 0.2.1 - 2009-10-27 - -* refactor - * Clean devise_views generator to use devise existing views - -* enhancements - * Create instance variables (like @user) for each devise controller - * Use Devise::Controller::Helpers only internally - -* bug fix - * Fix a bug with Mongrel and Ruby 1.8.6 - -### 0.2.0 - 2009-10-24 - -* enhancements - * Allow option :null => true in authenticable migration - * Remove attr_accessible calls from devise modules - * Customizable time frame for rememberable with :remember_for config - * Customizable time frame for confirmable with :confirm_in config - * Generators for creating a resource and copy views - -* optimize - * Do not load hooks or strategies if they are not used - -* bug fixes - * Fixed requiring devise strategies - -### 0.1.1 - 2009-10-21 - -* bug fixes - * Fixed requiring devise mapping - -### 0.1.0 - 2009-10-21 - -* Devise::Authenticable -* Devise::Confirmable -* Devise::Recoverable -* Devise::Validatable -* Devise::Migratable -* Devise::Rememberable - -* SessionsController -* PasswordsController -* ConfirmationsController - -* Create an example app -* devise :all, :except => :rememberable -* Use sign_in and sign_out in SessionsController - -* Mailer subjects namespaced by model -* Allow stretches and pepper per model - -* Store session[:return_to] in session -* Sign user in automatically after confirming or changing it's password +Please check [3-stable](https://github.com/plataformatec/devise/blob/3-stable/CHANGELOG.md) for previous changes. From 1147badf7ca4d203c34a41a46113459e82687812 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 15 Dec 2015 11:49:44 -0200 Subject: [PATCH 0809/1473] Update Rails dependency contrainst to support the stable `5.0.0` release. --- devise.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise.gemspec b/devise.gemspec index 491832eb5e..c4cf7facba 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -22,6 +22,6 @@ Gem::Specification.new do |s| s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") s.add_dependency("thread_safe", "~> 0.1") - s.add_dependency("railties", ">= 4.1.0", "< 5") + s.add_dependency("railties", ">= 4.1.0", "< 5.1") s.add_dependency("responders") end From 42376db763b9cee9c1af74aafe5a9afa23b643e7 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 15 Dec 2015 11:52:26 -0200 Subject: [PATCH 0810/1473] Update Devise version on README [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ba86d7edf4..5ecba8444e 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,7 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 3.0 works with Rails 3.2 onwards. You can add it to your Gemfile with: +Devise 4.0 works with Rails 4.2 onwards. You can add it to your Gemfile with: ```ruby gem 'devise' From 330e0f71658cc5d3dda621ba9c181f7db8f0aae0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 15 Dec 2015 14:55:36 -0200 Subject: [PATCH 0811/1473] Update lockfile. --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index b86b761f24..a4e59b2f26 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,7 +4,7 @@ PATH devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5) + railties (>= 4.1.0, < 5.1) responders thread_safe (~> 0.1) warden (~> 1.2.3) From f5926f6514918b2ae4dc5f81bdb556973a071f3f Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 15 Dec 2015 15:26:08 -0200 Subject: [PATCH 0812/1473] Do not send Travis notifications of Pull Requests. --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index bf817434f9..ab0ca2db0f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,6 +37,7 @@ script: "bundle exec rake test" notifications: email: false slack: + on_pull_requests: false on_success: change on_failure: always secure: Q3M+kmude3FjisibEeeGe0wSMXgvwLH+vL7Zrx9//q4QtkfnrQ/BBMvY9KXxPEsNF+eys4YopYjTkJ8uRmeboUATW/oQ4Jrv3+u3zkIHK2sFn/Q2cQWpK5w+CbgEnHPjKYnUu34b09njXTgDlr/mqtbPqrKeZ1dLlpKXCB/q4GY= From 302c4e43bde5be68682b82b55539f83a66467426 Mon Sep 17 00:00:00 2001 From: Thomas Walpole Date: Tue, 15 Dec 2015 10:32:24 -0800 Subject: [PATCH 0813/1473] fix Rails 5 test --- test/integration/authenticatable_test.rb | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index f22b287177..10e090172e 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -612,17 +612,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest assert_not warden.authenticated?(:user) end - end if Rails.version < '5.0.0' - - test 'invalid request keys raises ActionController::RoutingError' do - swap Devise, request_keys: [:unknown_method] do - assert_raise ActionController::RoutingError do - sign_in_as_user - end - - assert_not warden.authenticated?(:user) - end - end if Rails.version >= '5.0.0' + end test 'blank request keys cause authentication to abort' do host! 'test.com' From 5d9f6d892f19eedd8e46af85f3ffc6487cac61ff Mon Sep 17 00:00:00 2001 From: Thomas Walpole Date: Tue, 15 Dec 2015 11:26:19 -0800 Subject: [PATCH 0814/1473] Explicitly permit rather than using to_unsafe_h --- lib/devise/models/authenticatable.rb | 7 +++++-- lib/devise/models/confirmable.rb | 2 +- test/controllers/internal_helpers_test.rb | 3 +-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index f8cc99cd1e..c313fb342c 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -253,8 +253,11 @@ def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc: # Find or initialize a record with group of attributes based on a list of required attributes. def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc: - attributes = attributes.to_unsafe_h.with_indifferent_access if attributes.respond_to? :to_unsafe_h - attributes = attributes.slice(*required_attributes).with_indifferent_access + attributes = if attributes.respond_to? :permit + attributes.slice(*required_attributes).permit!.to_h.with_indifferent_access + else + attributes.with_indifferent_access.slice(*required_attributes) + end attributes.delete_if { |key, value| value.blank? } if attributes.size == required_attributes.size diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 69316c69c3..e2f3cddb90 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -314,8 +314,8 @@ def confirm_by_token(confirmation_token) # Find a record for confirmation by unconfirmed email field def find_by_unconfirmed_email_with_errors(attributes = {}) + attributes = attributes.slice(*confirmation_keys).permit!.to_h if attributes.respond_to? :permit unconfirmed_required_attributes = confirmation_keys.map { |k| k == :email ? :unconfirmed_email : k } - attributes = attributes.to_unsafe_h if attributes.respond_to? :to_unsafe_h unconfirmed_attributes = attributes.symbolize_keys unconfirmed_attributes[:unconfirmed_email] = unconfirmed_attributes.delete(:email) find_or_initialize_with_errors(unconfirmed_required_attributes, unconfirmed_attributes, :not_found) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 47beab928d..c9eada0024 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -44,8 +44,7 @@ def setup @controller.stubs(:params).returns(params) - res_params = @controller.send(:resource_params) - res_params = res_params.to_unsafe_h if res_params.respond_to? :to_unsafe_h + res_params = @controller.send(:resource_params).permit!.to_h assert_equal user_params, res_params end From 2006f87b580b22c109a3e8cd25b0b5632727532b Mon Sep 17 00:00:00 2001 From: djsegal Date: Fri, 18 Dec 2015 04:05:30 -0500 Subject: [PATCH 0815/1473] Add #3732 helper logic to devise controller: #3864 --- app/controllers/devise_controller.rb | 12 ++++++++---- test/controllers/helper_methods_test.rb | 3 ++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 3d7cd22287..493d524899 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -2,11 +2,15 @@ class DeviseController < Devise.parent_controller.constantize include Devise::Controllers::ScopedViews - helper DeviseHelper + if respond_to?(:helper) + helper DeviseHelper + end - helpers = %w(resource scope_name resource_name signed_in_resource - resource_class resource_params devise_mapping) - helper_method(*helpers) + if respond_to?(:helper_method) + helpers = %w(resource scope_name resource_name signed_in_resource + resource_class resource_params devise_mapping) + helper_method(*helpers) + end prepend_before_action :assert_is_devise_resource! respond_to :html if mimes_for_respond_to.empty? diff --git a/test/controllers/helper_methods_test.rb b/test/controllers/helper_methods_test.rb index 52fa6b88ae..59f913fdf1 100644 --- a/test/controllers/helper_methods_test.rb +++ b/test/controllers/helper_methods_test.rb @@ -11,7 +11,8 @@ class HelperMethodsTest < Devise::ControllerTestCase assert_includes @controller.class.ancestors, Devise::Controllers::Helpers end - test 'does not respond_to helper_method' do + test 'does not respond_to helper or helper_method' do + refute_respond_to @controller.class, :helper refute_respond_to @controller.class, :helper_method end From df8b48646b0d0bc10d07c7757d8a841e85f77a37 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 15 Dec 2015 14:56:15 -0200 Subject: [PATCH 0816/1473] Remove `ParametersSanitizer` inheritance. We no longer need to support the `BaseSanitizer` implementation for apps without the Strong Parameters API, and this section is lacking a minimal set of docs to document the expected behavior besides the `README` section. --- README.md | 15 +- lib/devise.rb | 1 - lib/devise/controllers/helpers.rb | 6 +- lib/devise/parameter_sanitizer.rb | 231 ++++++++++++++++++++++-------- test/parameter_sanitizer_test.rb | 166 ++++++++++++--------- 5 files changed, 282 insertions(+), 137 deletions(-) diff --git a/README.md b/README.md index 5ecba8444e..d877a6e8b5 100644 --- a/README.md +++ b/README.md @@ -201,7 +201,7 @@ class ApplicationController < ActionController::Base protected def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_up) << :username + devise_parameter_sanitizer.permit(:sign_up, keys: [:username]) end end ``` @@ -212,7 +212,9 @@ To permit simple scalar values for username and email, use this ```ruby def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) } + devise_parameter_sanitizer.permit(:sign_in) do |user_params| + user_params.permit(:username, :email) + end end ``` @@ -220,7 +222,9 @@ If you have some checkboxes that express the roles a user may take on registrati ```ruby def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation) } + devise_parameter_sanitizer.permit(:sign_up) do |user_params| + user_params.permit({ roles: [] }, :email, :password, :password_confirmation) + end end ``` For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see @@ -231,8 +235,9 @@ If you have multiple Devise models, you may want to set up a different parameter ```ruby class User::ParameterSanitizer < Devise::ParameterSanitizer - def sign_in - default_params.permit(:username, :email) + def initialize(*) + super + permit(:sign_up, keys: [:username, :email]) end end ``` diff --git a/lib/devise.rb b/lib/devise.rb index d1869651e1..2d3540b7fc 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -12,7 +12,6 @@ module Devise autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' autoload :ParameterFilter, 'devise/parameter_filter' - autoload :BaseSanitizer, 'devise/parameter_sanitizer' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 2516b8cb48..702744f016 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -154,11 +154,7 @@ def devise_controller? # lib/devise/parameter_sanitizer.rb for more info. Override this # method in your application controller to use your own parameter sanitizer. def devise_parameter_sanitizer - @devise_parameter_sanitizer ||= if defined?(ActionController::StrongParameters) - Devise::ParameterSanitizer.new(resource_class, resource_name, params) - else - Devise::BaseSanitizer.new(resource_class, resource_name, params) - end + @devise_parameter_sanitizer ||= Devise::ParameterSanitizer.new(resource_class, resource_name, params) end # Tell warden that params authentication is allowed for that specific page. diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 7b10cf5538..5eba063207 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -1,99 +1,208 @@ module Devise - class BaseSanitizer - attr_reader :params, :resource_name, :resource_class + # The +ParameterSanitizer+ deals with permitting specific parameters values + # for each +Devise+ scope in the application. + # + # The sanitizer knows about Devise default parameters (like +password+ and + # +password_confirmation+ for the `RegistrationsController`), and you can + # extend or change the permitted parameters list on your controllers. + # + # === Permitting new parameters + # + # You can add new parameters to the permitted list using the +permit+ method + # in a +before_action+ method, for instance. + # + # class ApplicationController < ActionController::Base + # before_action :configure_permitted_parameters, if: :devise_controller? + # + # protected + # + # def configure_permitted_parameters + # # Permit the `subscribe_newsletter` parameter along with the other + # # sign up parameters. + # devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter]) + # end + # end + # + # Using a block yields an +ActionController::Parameters+ object so you can + # permit nested parameters and have more control over how the parameters are + # permitted in your controller. + # + # def configure_permitted_parameters + # devise_parameter_sanitizer.permit(:sign_up) do |user| + # user.permit(newsletter_preferences: []) + # end + # end + class ParameterSanitizer + DEFAULT_PERMITTED_ATTRIBUTES = { + sign_in: [:password, :remember_me], + sign_up: [:password, :password_confirmation], + account_update: [:password, :password_confirmation, :current_password] + } def initialize(resource_class, resource_name, params) - @resource_class = resource_class - @resource_name = resource_name + @auth_keys = extract_auth_keys(resource_class) @params = params - @blocks = Hash.new + @resource_name = resource_name + @permitted = {} + + DEFAULT_PERMITTED_ATTRIBUTES.each_pair do |action, keys| + permit(action, keys: keys) + end end - def for(kind, &block) - if block_given? - @blocks[kind] = block + # Sanitize the parameters for a specific +action+. + # + # === Arguments + # + # * +action+ - A +Symbol+ with the action that the controller is + # performing, like +sign_up+, +sign_in+, etc. + # + # === Examples + # + # # Inside the `RegistrationsController#create` action. + # resource = build_resource(devise_parameter_sanitizer.sanitize(:sign_up)) + # resource.save + # + # Returns an +ActiveSupport::HashWithIndifferentAccess+ with the permitted + # attributes. + def sanitize(action) + permissions = @permitted[action] + + # DEPRECATED: Remove this branch on Devise 4.1. + if respond_to?(action, true) + deprecate_instance_method_sanitization(action) + return send(action) + end + + if permissions.respond_to?(:call) + cast_to_hash permissions.call(default_params) + elsif permissions.present? + cast_to_hash permit_keys(default_params, permissions) else - default_for(kind) + unknown_action!(action) + end + end + + # Add or remove new parameters to the permitted list of an +action+. + # + # === Arguments + # + # * +action+ - A +Symbol+ with the action that the controller is + # performing, like +sign_up+, +sign_in+, etc. + # * +keys:+ - An +Array+ of keys that also should be permitted. + # * +except:+ - An +Array+ of keys that shouldn't be permitted. + # * +block+ - A block that should be used to permit the action + # parameters instead of the +Array+ based approach. The block will be + # called with an +ActionController::Parameters+ instance. + # + # === Examples + # + # # Adding new parameters to be permitted in the `sign_up` action. + # devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter]) + # + # # Removing the `password` parameter from the `account_update` action. + # devise_parameter_sanitizer.permit(:account_update, except: [:password]) + # + # # Using the block form to completely override how we permit the + # # parameters for the `sign_up` action. + # devise_parameter_sanitizer.permit(:sign_up) do |user| + # user.permit(:email, :password, :password_confirmation) + # end + # + # + # Returns nothing. + def permit(action, keys: nil, except: nil, &block) + if block_given? + @permitted[action] = block + end + + if keys.present? + @permitted[action] ||= @auth_keys.dup + @permitted[action].concat(keys) + end + + if except.present? + @permitted[action] ||= @auth_keys.dup + @permitted[action] = @permitted[action] - except end end - def sanitize(kind) - if block = @blocks[kind] - block.call(default_params) + # DEPRECATED: Remove this method on Devise 4.1. + def for(action, &block) # :nodoc: + if block_given? + deprecate_for_with_block(action) + permit(action, &block) else - default_sanitize(kind) + deprecate_for_without_block(action) + @permitted[action] or unknown_action!(action) end end private - def default_for(kind) - raise ArgumentError, "a block is expected in Devise base sanitizer" - end - - def default_sanitize(kind) - default_params + # Cast a sanitized +ActionController::Parameters+ to a +HashWithIndifferentAccess+ + # that can be used elsewhere. + # + # Returns an +ActiveSupport::HashWithIndifferentAccess+. + def cast_to_hash(params) + # TODO: Remove the `with_indifferent_access` method call when we only support Rails 5+. + params && params.to_h.with_indifferent_access end def default_params - params.fetch(resource_name, {}) + @params.fetch(@resource_name, {}) end - end - class ParameterSanitizer < BaseSanitizer - def initialize(*) - super - @permitted = Hash.new { |h,k| h[k] = attributes_for(k) } + def permit_keys(parameters, keys) + parameters.permit(*keys) end - def sign_in - permit self.for(:sign_in) - end + def extract_auth_keys(klass) + auth_keys = klass.authentication_keys - def sign_up - permit self.for(:sign_up) + auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys end - def account_update - permit self.for(:account_update) + def unknown_action!(action) + raise NotImplementedError, "Devise doesn't know how to sanitize parameters for #{action}" end - private + def deprecate_for_with_block(action) + ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) + [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.1. + Please use the `permit` method: - # TODO: We do need to flatten so it works with strong_parameters - # gem. We should drop it once we move to Rails 4 only support. - def permit(keys) - default_params.permit(*Array(keys)) + devise_parameter_sanitizer.permit(:#{action}) do |user| + # Your block here. + end + MESSAGE end - # Change for(kind) to return the values in the @permitted - # hash, allowing the developer to customize at runtime. - def default_for(kind) - @permitted[kind] || raise("No sanitizer provided for #{kind}") - end + def deprecate_for_without_block(action) + ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) + [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.1. + Please use the `permit` method to add or remove any key: - def default_sanitize(kind) - if respond_to?(kind, true) - send(kind) - else - raise NotImplementedError, "Devise doesn't know how to sanitize parameters for #{kind}" - end - end + To add any new key, use the `keys` keyword argument: + devise_parameter_sanitizer.permit(:#{action}, keys: [:key1, key2, key3]) - def attributes_for(kind) - case kind - when :sign_in - auth_keys + [:password, :remember_me] - when :sign_up - auth_keys + [:password, :password_confirmation] - when :account_update - auth_keys + [:password, :password_confirmation, :current_password] - end + To remove any existing key, use the `except` keyword argument: + devise_parameter_sanitizer.permit(:#{action}, except: [:email]) + MESSAGE end - def auth_keys - @auth_keys ||= @resource_class.authentication_keys.respond_to?(:keys) ? - @resource_class.authentication_keys.keys : @resource_class.authentication_keys + def deprecate_instance_method_sanitization(action) + ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) + [Devise] Parameter sanitization through a "#{self.class.name}##{action}" method is deprecated and it will be removed from Devise 4.1. + Please use the `permit` method on your sanitizer `initialize` method. + + class #{self.class.name} < Devise::ParameterSanitizer + def initialize(*) + super + permit(:#{action}, keys: [:key1, :key2, :key3]) + end + end + MESSAGE end end end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index a291580bde..b40bf6a7c2 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -1,95 +1,131 @@ require 'test_helper' require 'devise/parameter_sanitizer' -class BaseSanitizerTest < ActiveSupport::TestCase +class ParameterSanitizerTest < ActiveSupport::TestCase def sanitizer(params) - Devise::BaseSanitizer.new(User, :user, params) + params = ActionController::Parameters.new(params) + Devise::ParameterSanitizer.new(User, :user, params) end - test 'returns chosen params' do - sanitizer = sanitizer(user: { "email" => "jose" }) - assert_equal({ "email" => "jose" }, sanitizer.sanitize(:sign_in)) + test 'permits the default parameters for sign in' do + sanitizer = sanitizer('user' => { 'email' => 'jose' }) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({ 'email' => 'jose' }, sanitized) end -end -if defined?(ActionController::StrongParameters) - require 'active_model/forbidden_attributes_protection' + test 'permits the default parameters for sign up' do + sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' }) + sanitized = sanitizer.sanitize(:sign_up) - class ParameterSanitizerTest < ActiveSupport::TestCase - def sanitizer(params) - params = ActionController::Parameters.new(params) - Devise::ParameterSanitizer.new(User, :user, params) - end + assert_equal({ 'email' => 'jose' }, sanitized) + end - test 'filters some parameters on sign in by default' do - sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" }) - sanitized = sanitizer.sanitize(:sign_in) - sanitized = sanitized.to_h if sanitized.respond_to? :to_h - assert_equal({ "email" => "jose", "password" => "invalid", "remember_me" => "1" }, sanitized) - end + test 'permits the default parameters for account update' do + sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' }) + sanitized = sanitizer.sanitize(:account_update) - test 'handles auth keys as a hash' do - swap Devise, authentication_keys: {email: true} do - sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - sanitized = sanitizer.sanitize(:sign_in) - sanitized = sanitized.to_h if sanitized.respond_to? :to_h - assert_equal({ "email" => "jose", "password" => "invalid" }, sanitized) - end - end + assert_equal({ 'email' => 'jose' }, sanitized) + end + + test 'permits news parameters for an existing action' do + sanitizer = sanitizer('user' => { 'username' => 'jose' }) + sanitizer.permit(:sign_in, keys: [:username]) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({ 'username' => 'jose' }, sanitized) + end - test 'filters some parameters on sign up by default' do - sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" }) - sanitized = sanitizer.sanitize(:sign_up) - sanitized = sanitized.to_h if sanitized.respond_to? :to_h - assert_equal({ "email" => "jose" }, sanitized) + test 'permits news parameters for an existing action with a block' do + sanitizer = sanitizer('user' => { 'username' => 'jose' }) + sanitizer.permit(:sign_in) do |user| + user.permit(:username) end - test 'filters some parameters on account update by default' do - sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" }) - sanitized = sanitizer.sanitize(:account_update) - sanitized = sanitized.to_h if sanitized.respond_to? :to_h - assert_equal({ "email" => "jose" }, sanitized) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({ 'username' => 'jose' }, sanitized) + end + + test 'permit parameters for new actions' do + sanitizer = sanitizer('user' => { 'email' => 'jose@omglol', 'name' => 'Jose' }) + sanitizer.permit(:invite_user, keys: [:email, :name]) + + sanitized = sanitizer.sanitize(:invite_user) + + assert_equal({ 'email' => 'jose@omglol', 'name' => 'Jose' }, sanitized) + end + + test 'fails when we do not have any permitted parameters for the action' do + sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid' }) + + assert_raise NotImplementedError do + sanitizer.sanitize(:unknown) end + end - test 'allows custom hooks' do - sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - sanitizer.for(:sign_in) { |user| user.permit(:email, :password) } - sanitized = sanitizer.sanitize(:sign_in) - sanitized = sanitized.to_h if sanitized.respond_to? :to_h - assert_equal({ "email" => "jose", "password" => "invalid" }, sanitized) + test 'removes permitted parameters' do + sanitizer = sanitizer('user' => { 'email' => 'jose@omglol', 'username' => 'jose' }) + + sanitizer.permit(:sign_in, keys: [:username], except: [:email]) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({ 'username' => 'jose' }, sanitized) + end +end + +class DeprecatedParameterSanitizerAPITest < ActiveSupport::TestCase + class CustomSanitizer < Devise::ParameterSanitizer + def sign_in + default_params.permit(:username) end + end + + def sanitizer(params) + params = ActionController::Parameters.new(params) + Devise::ParameterSanitizer.new(User, :user, params) + end + + test 'overriding instance methods have precedence over the default sanitized attributes' do + assert_deprecated do + params = ActionController::Parameters.new(user: { "username" => "jose", "name" => "Jose" }) + sanitizer = CustomSanitizer.new(User, :user, params) - test 'adding multiple permitted parameters' do - sanitizer = sanitizer(user: { "email" => "jose", "username" => "jose1", "role" => "valid" }) - sanitizer.for(:sign_in).concat([:username, :role]) sanitized = sanitizer.sanitize(:sign_in) - sanitized = sanitized.to_h if sanitized.respond_to? :to_h - assert_equal({ "email" => "jose", "username" => "jose1", "role" => "valid" }, sanitized) + + assert_equal({ "username" => "jose" }, sanitized) end + end - test 'removing multiple default parameters' do - sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid", "remember_me" => "1" }) - sanitizer.for(:sign_in).delete(:email) - sanitizer.for(:sign_in).delete(:password) + test 'adding new parameters by mutating the Array' do + assert_deprecated do + sanitizer = sanitizer('user' => { 'username' => 'jose' }) + sanitizer.for(:sign_in) << :username sanitized = sanitizer.sanitize(:sign_in) - sanitized = sanitized.to_h if sanitized.respond_to? :to_h - assert_equal({ "remember_me" => "1" }, sanitized) - end - test 'raises on unknown hooks' do - sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" }) - assert_raise NotImplementedError do - sanitizer.sanitize(:unknown) - end + assert_equal({ 'username' => 'jose' }, sanitized) end + end - test 'passes parameters to filter as arguments to sanitizer' do - params = {user: stub} - sanitizer = Devise::ParameterSanitizer.new(User, :user, params) + test 'adding new parameters with a block' do + assert_deprecated do + sanitizer = sanitizer('user' => { 'username' => 'jose' }) + sanitizer.for(:sign_in) { |user| user.permit(:username) } - params[:user].expects(:permit).with(kind_of(Symbol), kind_of(Symbol), kind_of(Symbol)) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({ 'username' => 'jose' }, sanitized) + end + end + + test 'removing multiple default parameters' do + assert_deprecated do + sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid', 'remember_me' => '1' }) + sanitizer.for(:sign_in).delete(:email) + sanitizer.for(:sign_in).delete(:password) + sanitized = sanitizer.sanitize(:sign_in) - sanitizer.sanitize(:sign_in) + assert_equal({ 'remember_me' => '1' }, sanitized) end end end From 9499736593674e20536ec294e9a8890717e7894a Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 18 Dec 2015 14:39:06 -0200 Subject: [PATCH 0817/1473] Remove safeguard against a previously broken `NullSessionHash#reset_session`. This behavior was fixed on https://github.com/rails/rails/pull/12279. --- lib/devise/rails/warden_compat.rb | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/lib/devise/rails/warden_compat.rb b/lib/devise/rails/warden_compat.rb index 79bed409a9..553e8e44ac 100644 --- a/lib/devise/rails/warden_compat.rb +++ b/lib/devise/rails/warden_compat.rb @@ -3,17 +3,8 @@ def request @request ||= ActionDispatch::Request.new(env) end - # Deprecate: Remove this check once we move to Rails 4 only. - NULL_STORE = - defined?(ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash) ? - ActionController::RequestForgeryProtection::ProtectionMethods::NullSession::NullSessionHash : nil - def reset_session! - # Calling reset_session on NULL_STORE causes it fail. - # This is a bug that needs to be fixed in Rails. - unless NULL_STORE && request.session.is_a?(NULL_STORE) - request.reset_session - end + request.reset_session end def cookies From 4e45a5fde4d069ffa53b833d477edd3cc7259c2e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 18 Dec 2015 14:45:28 -0200 Subject: [PATCH 0818/1473] Remove Rails version mention from the initializer template. --- lib/generators/templates/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 9356de44b3..ef8aaf5640 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -4,7 +4,7 @@ # The secret key used by Devise. Devise uses this key to generate # random tokens. Changing this key will render invalid all existing # confirmation, reset password and unlock tokens in the database. - # Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key` + # Devise will use the `secret_key_base` as its `secret_key` # by default. You can change it below and use your own secret key. # config.secret_key = '<%= SecureRandom.hex(64) %>' From a24ecc65f50768ae0eb510894ca48317969eebce Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 18 Dec 2015 14:49:50 -0200 Subject: [PATCH 0819/1473] Remove `KeyGenerator` implementation ported from Rails 4.x. --- Gemfile.lock | 3 +-- devise.gemspec | 1 - lib/devise/rails.rb | 2 +- lib/devise/token_generator.rb | 42 +---------------------------------- 4 files changed, 3 insertions(+), 45 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a4e59b2f26..79d899b252 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -6,7 +6,6 @@ PATH orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) responders - thread_safe (~> 0.1) warden (~> 1.2.3) GEM @@ -183,4 +182,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.10.6 + 1.11.2 diff --git a/devise.gemspec b/devise.gemspec index c4cf7facba..a66f97a74f 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -21,7 +21,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("thread_safe", "~> 0.1") s.add_dependency("railties", ">= 4.1.0", "< 5.1") s.add_dependency("responders") end diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index dbe972a8ed..82fcb1229c 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -39,7 +39,7 @@ class Engine < ::Rails::Engine Devise.token_generator ||= if secret_key = Devise.secret_key Devise::TokenGenerator.new( - Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key)) + ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key)) ) end end diff --git a/lib/devise/token_generator.rb b/lib/devise/token_generator.rb index 2a4b89f044..636a1e788a 100644 --- a/lib/devise/token_generator.rb +++ b/lib/devise/token_generator.rb @@ -1,11 +1,8 @@ -# Deprecate: Copied verbatim from Rails source, remove once we move to Rails 4 only. -require 'thread_safe' require 'openssl' -require 'securerandom' module Devise class TokenGenerator - def initialize(key_generator, digest="SHA256") + def initialize(key_generator, digest = "SHA256") @key_generator = key_generator @digest = digest end @@ -30,41 +27,4 @@ def key_for(column) @key_generator.generate_key("Devise #{column}") end end - - # KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2 - # It can be used to derive a number of keys for various purposes from a given secret. - # This lets Rails applications have a single secure secret, but avoid reusing that - # key in multiple incompatible contexts. - class KeyGenerator - def initialize(secret, options = {}) - @secret = secret - # The default iterations are higher than required for our key derivation uses - # on the off chance someone uses this for password storage - @iterations = options[:iterations] || 2**16 - end - - # Returns a derived key suitable for use. The default key_size is chosen - # to be compatible with the default settings of ActiveSupport::MessageVerifier. - # i.e. OpenSSL::Digest::SHA1#block_length - def generate_key(salt, key_size=64) - OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size) - end - end - - # CachingKeyGenerator is a wrapper around KeyGenerator which allows users to avoid - # re-executing the key generation process when it's called using the same salt and - # key_size - class CachingKeyGenerator - def initialize(key_generator) - @key_generator = key_generator - @cache_keys = ThreadSafe::Cache.new - end - - # Returns a derived key suitable for use. The default key_size is chosen - # to be compatible with the default settings of ActiveSupport::MessageVerifier. - # i.e. OpenSSL::Digest::SHA1#block_length - def generate_key(salt, key_size=64) - @cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size) - end - end end From 97ab41728e100edff38b9572133988dc1550944c Mon Sep 17 00:00:00 2001 From: Thomas Walpole Date: Sun, 20 Dec 2015 12:31:51 -0800 Subject: [PATCH 0820/1473] update rails 5 gemfile with compatbile gem releases --- gemfiles/Gemfile.rails-5.0-alpha | 6 +- gemfiles/Gemfile.rails-5.0-alpha.lock | 188 +++++++++++++++----------- 2 files changed, 115 insertions(+), 79 deletions(-) diff --git a/gemfiles/Gemfile.rails-5.0-alpha b/gemfiles/Gemfile.rails-5.0-alpha index 10e6085880..d0c5c696d3 100644 --- a/gemfiles/Gemfile.rails-5.0-alpha +++ b/gemfiles/Gemfile.rails-5.0-alpha @@ -8,16 +8,16 @@ gem "rack", github: 'rack/rack' gem "sprockets-rails", github: 'rails/sprockets-rails' gem "sprockets", github: 'rails/sprockets' # gem "omniauth", "~> 1.2.2" -gem "omniauth", github: 'twalpole/omniauth', branch: 'rack_master' +gem "omniauth", "~>1.3.1" gem "oauth2", github: 'twalpole/oauth2', branch: 'rack_master' -gem "omniauth-oauth2", "~> 1.2.0" +gem "omniauth-oauth2", ">= 1.2.0", "< 1.5.0" gem "rdoc" gem 'activemodel-serializers-xml', github: 'rails/activemodel-serializers-xml' gem 'rails-controller-testing' -gem 'responders', github: 'plataformatec/responders' +gem 'responders', '~>2.1.1' group :test do gem "omniauth-facebook" diff --git a/gemfiles/Gemfile.rails-5.0-alpha.lock b/gemfiles/Gemfile.rails-5.0-alpha.lock index a12faf799d..965b67ba33 100644 --- a/gemfiles/Gemfile.rails-5.0-alpha.lock +++ b/gemfiles/Gemfile.rails-5.0-alpha.lock @@ -1,13 +1,6 @@ -GIT - remote: git://github.com/plataformatec/responders.git - revision: 240314b4502aa8e84020beee903be80f93b1f109 - specs: - responders (2.1.0) - railties (>= 4.2.0, < 5) - GIT remote: git://github.com/rack/rack.git - revision: 35599cfc2751e0ee611c0ff799924b8e7fe0c0b4 + revision: f4562619c3c669404e39d9b09924bed5a6b71c14 specs: rack (2.0.0.alpha) json @@ -23,84 +16,94 @@ GIT GIT remote: git://github.com/rails/arel.git - revision: 3c429c5d86e9e2201c2a35d934ca6a8911c18e69 + revision: ea2d50706a5f8215ff2346fa562423700b2d2b6e specs: - arel (7.0.0.alpha) + arel (7.0.0) GIT remote: git://github.com/rails/rails.git - revision: b859d97081c688f627eda30fc1c601e4ec070205 + revision: 249e943a0d25f0014e14e52454e01205c9537019 branch: master specs: - actionmailer (5.0.0.alpha) - actionpack (= 5.0.0.alpha) - actionview (= 5.0.0.alpha) - activejob (= 5.0.0.alpha) + actioncable (5.0.0.beta1) + actionpack (= 5.0.0.beta1) + celluloid (~> 0.17.2) + coffee-rails (~> 4.1.0) + em-hiredis (~> 0.3.0) + faye-websocket (~> 0.10.0) + redis (~> 3.0) + websocket-driver (~> 0.6.1) + actionmailer (5.0.0.beta1) + actionpack (= 5.0.0.beta1) + actionview (= 5.0.0.beta1) + activejob (= 5.0.0.beta1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (5.0.0.alpha) - actionview (= 5.0.0.alpha) - activesupport (= 5.0.0.alpha) + actionpack (5.0.0.beta1) + actionview (= 5.0.0.beta1) + activesupport (= 5.0.0.beta1) rack (~> 2.x) rack-test (~> 0.6.3) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0.alpha) - activesupport (= 5.0.0.alpha) + actionview (5.0.0.beta1) + activesupport (= 5.0.0.beta1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.0.alpha) - activesupport (= 5.0.0.alpha) - globalid (>= 0.3.0) - activemodel (5.0.0.alpha) - activesupport (= 5.0.0.alpha) + activejob (5.0.0.beta1) + activesupport (= 5.0.0.beta1) + globalid (>= 0.3.6) + activemodel (5.0.0.beta1) + activesupport (= 5.0.0.beta1) builder (~> 3.1) - activerecord (5.0.0.alpha) - activemodel (= 5.0.0.alpha) - activesupport (= 5.0.0.alpha) - arel (= 7.0.0.alpha) - activesupport (5.0.0.alpha) - concurrent-ruby (~> 1.0.0.pre3, < 2.0.0) + activerecord (5.0.0.beta1) + activemodel (= 5.0.0.beta1) + activesupport (= 5.0.0.beta1) + arel (~> 7.0) + activesupport (5.0.0.beta1) + concurrent-ruby (~> 1.0) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) method_source minitest (~> 5.1) tzinfo (~> 1.1) - rails (5.0.0.alpha) - actionmailer (= 5.0.0.alpha) - actionpack (= 5.0.0.alpha) - actionview (= 5.0.0.alpha) - activejob (= 5.0.0.alpha) - activemodel (= 5.0.0.alpha) - activerecord (= 5.0.0.alpha) - activesupport (= 5.0.0.alpha) + rails (5.0.0.beta1) + actioncable (= 5.0.0.beta1) + actionmailer (= 5.0.0.beta1) + actionpack (= 5.0.0.beta1) + actionview (= 5.0.0.beta1) + activejob (= 5.0.0.beta1) + activemodel (= 5.0.0.beta1) + activerecord (= 5.0.0.beta1) + activesupport (= 5.0.0.beta1) bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.alpha) + railties (= 5.0.0.beta1) sprockets-rails (>= 2.0.0) - railties (5.0.0.alpha) - actionpack (= 5.0.0.alpha) - activesupport (= 5.0.0.alpha) + railties (5.0.0.beta1) + actionpack (= 5.0.0.beta1) + activesupport (= 5.0.0.beta1) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) GIT remote: git://github.com/rails/sprockets-rails.git - revision: 93a45b1c463a063ec7cf4d160107b67aa3db7a1a + revision: 54d4fa5a1c8e54b17baacffb49100b977bf37477 specs: - sprockets-rails (3.0.0.beta3) + sprockets-rails (3.0.0) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) GIT remote: git://github.com/rails/sprockets.git - revision: 5a77f8b007b8ec61edd783c48baf9d971f1c684d + revision: 030b7ccdea92b756aab1b8d3620cc7991d98090d specs: sprockets (4.0.0) - rack (>= 1, < 3) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) GIT remote: git://github.com/twalpole/oauth2.git @@ -114,24 +117,14 @@ GIT multi_xml (~> 0.5) rack (>= 1.2, < 2.0) -GIT - remote: git://github.com/twalpole/omniauth.git - revision: e0c2cd7c75ba741bcbb7318e104ec868454d7cc9 - branch: rack_master - specs: - omniauth (1.2.2) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 2.0) - PATH remote: .. specs: - devise (3.5.2) + devise (3.5.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) + railties (>= 4.1.0, < 5.1) responders - thread_safe (~> 0.1) warden (~> 1.2.3) GEM @@ -139,37 +132,72 @@ GEM specs: bcrypt (3.1.10) builder (3.2.2) - concurrent-ruby (1.0.0.pre4) + celluloid (0.17.2) + celluloid-essentials + celluloid-extras + celluloid-fsm + celluloid-pool + celluloid-supervision + timers (>= 4.1.1) + celluloid-essentials (0.20.5) + timers (>= 4.1.1) + celluloid-extras (0.20.5) + timers (>= 4.1.1) + celluloid-fsm (0.20.5) + timers (>= 4.1.1) + celluloid-pool (0.20.5) + timers (>= 4.1.1) + celluloid-supervision (0.20.5) + timers (>= 4.1.1) + coffee-rails (4.1.1) + coffee-script (>= 2.2.0) + railties (>= 4.0.0, < 5.1.x) + coffee-script (2.4.1) + coffee-script-source + execjs + coffee-script-source (1.10.0) + concurrent-ruby (1.0.0) + em-hiredis (0.3.0) + eventmachine (~> 1.0) + hiredis (~> 0.5.0) erubis (2.7.0) + eventmachine (1.0.8) + execjs (2.6.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) + faye-websocket (0.10.2) + eventmachine (>= 0.12.0) + websocket-driver (>= 0.5.1) globalid (0.3.6) activesupport (>= 4.1.0) - hashie (3.4.2) + hashie (3.4.3) + hiredis (0.5.2) + hitimes (1.2.3) i18n (0.7.0) json (1.8.3) - jwt (1.5.1) + jwt (1.5.2) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) method_source (0.8.2) - mime-types (2.6.2) - mini_portile (0.6.2) - minitest (5.8.1) + mime-types (2.99) + mini_portile2 (2.0.0) + minitest (5.8.3) mocha (1.1.0) metaclass (~> 0.0.1) multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) - omniauth-facebook (2.0.1) + nokogiri (1.6.7.1) + mini_portile2 (~> 2.0.0.rc2) + omniauth (1.3.1) + hashie (>= 1.2, < 4) + rack (>= 1.0, < 3) + omniauth-facebook (3.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.2.0) - faraday (>= 0.8, < 0.10) - multi_json (~> 1.3) + omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) omniauth (~> 1.2) omniauth-openid (1.0.1) @@ -193,18 +221,26 @@ GEM loofah (~> 2.0) rake (10.4.2) rdoc (4.2.0) + redis (3.2.2) + responders (2.1.1) + railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sqlite3 (1.3.11) thor (0.19.1) thread_safe (0.3.5) + timers (4.1.1) + hitimes tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.3) + warden (1.2.4) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) + websocket-driver (0.6.3) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.2) PLATFORMS ruby @@ -218,19 +254,19 @@ DEPENDENCIES jruby-openssl mocha (~> 1.1) oauth2! - omniauth! + omniauth (~> 1.3.1) omniauth-facebook - omniauth-oauth2 (~> 1.2.0) + omniauth-oauth2 (>= 1.2.0, < 1.5.0) omniauth-openid (~> 1.0.1) rack! rails! rails-controller-testing rdoc - responders! + responders (~> 2.1.1) sprockets! sprockets-rails! sqlite3 webrat (= 0.7.3) BUNDLED WITH - 1.10.6 + 1.11.2 From 238ccb15b58c853eff1ccba09b68b7d4c1204df3 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 20 Dec 2015 22:56:13 -0200 Subject: [PATCH 0821/1473] Test against the beta Rails release. --- .travis.yml | 17 +-- gemfiles/Gemfile.rails-5.0-alpha | 41 ------ gemfiles/Gemfile.rails-5.0-beta | 37 +++++ ...alpha.lock => Gemfile.rails-5.0-beta.lock} | 130 +++++++----------- 4 files changed, 96 insertions(+), 129 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-5.0-alpha create mode 100644 gemfiles/Gemfile.rails-5.0-beta rename gemfiles/{Gemfile.rails-5.0-alpha.lock => Gemfile.rails-5.0-beta.lock} (90%) diff --git a/.travis.yml b/.travis.yml index ab0ca2db0f..9eacce5028 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,21 +1,22 @@ language: ruby rvm: - - 2.1 - - 2.2 + - 2.1.5 + - 2.2.4 gemfile: - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable + - gemfiles/Gemfile.rails-5.0-beta - Gemfile matrix: - include: - - rvm: 2.2.2 - gemfile: gemfiles/Gemfile.rails-5.0-alpha - allow_failures: - - rvm: 2.2.2 - gemfile: gemfiles/Gemfile.rails-5.0-alpha + exclude: + - rvm: 2.1.5 + gemfile: gemfiles/Gemfile.rails-5.0-beta + exclude: + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.0-beta services: - mongodb diff --git a/gemfiles/Gemfile.rails-5.0-alpha b/gemfiles/Gemfile.rails-5.0-alpha deleted file mode 100644 index d0c5c696d3..0000000000 --- a/gemfiles/Gemfile.rails-5.0-alpha +++ /dev/null @@ -1,41 +0,0 @@ -source "https://rubygems.org" - -gemspec path: '..' - -gem "rails", github: 'rails/rails', branch: 'master' -gem "arel", github: 'rails/arel' -gem "rack", github: 'rack/rack' -gem "sprockets-rails", github: 'rails/sprockets-rails' -gem "sprockets", github: 'rails/sprockets' -# gem "omniauth", "~> 1.2.2" -gem "omniauth", "~>1.3.1" -gem "oauth2", github: 'twalpole/oauth2', branch: 'rack_master' -gem "omniauth-oauth2", ">= 1.2.0", "< 1.5.0" -gem "rdoc" - -gem 'activemodel-serializers-xml', github: 'rails/activemodel-serializers-xml' - -gem 'rails-controller-testing' - -gem 'responders', '~>2.1.1' - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3" -end - -# group :mongoid do -# gem "mongoid", "~> 4.0.0" -# end diff --git a/gemfiles/Gemfile.rails-5.0-beta b/gemfiles/Gemfile.rails-5.0-beta new file mode 100644 index 0000000000..a9b4d35da3 --- /dev/null +++ b/gemfiles/Gemfile.rails-5.0-beta @@ -0,0 +1,37 @@ +source 'https://rubygems.org' + +gemspec path: '..' + +gem 'rails', '5.0.0.beta1' +gem 'omniauth', '~>1.3.1' +gem 'oauth2', github: 'twalpole/oauth2', branch: 'rack_master' +gem 'omniauth-oauth2', '>= 1.2.0', '< 1.5.0' +gem 'rdoc' + +gem 'activemodel-serializers-xml', github: 'rails/activemodel-serializers-xml' + +gem 'rails-controller-testing' + +gem 'responders', '~>2.1.1' + +group :test do + gem 'omniauth-facebook' + gem 'omniauth-openid', '~> 1.0.1' + gem 'webrat', '0.7.3', require: false + gem 'mocha', '~> 1.1', require: false +end + +platforms :jruby do + gem 'activerecord-jdbc-adapter' + gem 'activerecord-jdbcsqlite3-adapter' + gem 'jruby-openssl' +end + +platforms :ruby do + gem 'sqlite3' +end + +# TODO: +# group :mongoid do +# gem 'mongoid', '~> 4.0.0' +# end diff --git a/gemfiles/Gemfile.rails-5.0-alpha.lock b/gemfiles/Gemfile.rails-5.0-beta.lock similarity index 90% rename from gemfiles/Gemfile.rails-5.0-alpha.lock rename to gemfiles/Gemfile.rails-5.0-beta.lock index 965b67ba33..e82252317c 100644 --- a/gemfiles/Gemfile.rails-5.0-alpha.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -1,10 +1,3 @@ -GIT - remote: git://github.com/rack/rack.git - revision: f4562619c3c669404e39d9b09924bed5a6b71c14 - specs: - rack (2.0.0.alpha) - json - GIT remote: git://github.com/rails/activemodel-serializers-xml.git revision: 1f72d9507c91b1cda10d1d20eac2b74dd6d9d4b9 @@ -15,15 +8,29 @@ GIT activesupport GIT - remote: git://github.com/rails/arel.git - revision: ea2d50706a5f8215ff2346fa562423700b2d2b6e + remote: git://github.com/twalpole/oauth2.git + revision: 38e5b4bfe29b7ef87e87a3f323a088914393cfb5 + branch: rack_master specs: - arel (7.0.0) + oauth2 (1.0.0) + faraday (>= 0.8, < 0.10) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 2.0) -GIT - remote: git://github.com/rails/rails.git - revision: 249e943a0d25f0014e14e52454e01205c9537019 - branch: master +PATH + remote: .. + specs: + devise (3.5.3) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 5.1) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ specs: actioncable (5.0.0.beta1) actionpack (= 5.0.0.beta1) @@ -69,67 +76,7 @@ GIT method_source minitest (~> 5.1) tzinfo (~> 1.1) - rails (5.0.0.beta1) - actioncable (= 5.0.0.beta1) - actionmailer (= 5.0.0.beta1) - actionpack (= 5.0.0.beta1) - actionview (= 5.0.0.beta1) - activejob (= 5.0.0.beta1) - activemodel (= 5.0.0.beta1) - activerecord (= 5.0.0.beta1) - activesupport (= 5.0.0.beta1) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.beta1) - sprockets-rails (>= 2.0.0) - railties (5.0.0.beta1) - actionpack (= 5.0.0.beta1) - activesupport (= 5.0.0.beta1) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - -GIT - remote: git://github.com/rails/sprockets-rails.git - revision: 54d4fa5a1c8e54b17baacffb49100b977bf37477 - specs: - sprockets-rails (3.0.0) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - -GIT - remote: git://github.com/rails/sprockets.git - revision: 030b7ccdea92b756aab1b8d3620cc7991d98090d - specs: - sprockets (4.0.0) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - -GIT - remote: git://github.com/twalpole/oauth2.git - revision: 38e5b4bfe29b7ef87e87a3f323a088914393cfb5 - branch: rack_master - specs: - oauth2 (1.0.0) - faraday (>= 0.8, < 0.10) - jwt (~> 1.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 2.0) - -PATH - remote: .. - specs: - devise (3.5.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.1) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: + arel (7.0.0) bcrypt (3.1.10) builder (3.2.2) celluloid (0.17.2) @@ -204,11 +151,25 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) + rack (2.0.0.alpha) + json rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) + rails (5.0.0.beta1) + actioncable (= 5.0.0.beta1) + actionmailer (= 5.0.0.beta1) + actionpack (= 5.0.0.beta1) + actionview (= 5.0.0.beta1) + activejob (= 5.0.0.beta1) + activemodel (= 5.0.0.beta1) + activerecord (= 5.0.0.beta1) + activesupport (= 5.0.0.beta1) + bundler (>= 1.3.0, < 2.0) + railties (= 5.0.0.beta1) + sprockets-rails (>= 2.0.0) rails-controller-testing (0.0.3) rails (>= 4.2) rails-deprecated_sanitizer (1.0.3) @@ -219,12 +180,25 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.2) loofah (~> 2.0) + railties (5.0.0.beta1) + actionpack (= 5.0.0.beta1) + activesupport (= 5.0.0.beta1) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) rake (10.4.2) rdoc (4.2.0) redis (3.2.2) responders (2.1.1) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) + sprockets (3.5.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.0.0) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.11) thor (0.19.1) thread_safe (0.3.5) @@ -249,7 +223,6 @@ DEPENDENCIES activemodel-serializers-xml! activerecord-jdbc-adapter activerecord-jdbcsqlite3-adapter - arel! devise! jruby-openssl mocha (~> 1.1) @@ -258,13 +231,10 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (>= 1.2.0, < 1.5.0) omniauth-openid (~> 1.0.1) - rack! - rails! + rails (= 5.0.0.beta1) rails-controller-testing rdoc responders (~> 2.1.1) - sprockets! - sprockets-rails! sqlite3 webrat (= 0.7.3) From 00a0b8e516fbe8fa2bd842b69fd1f294020e323f Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 20 Dec 2015 23:02:52 -0200 Subject: [PATCH 0822/1473] Fix duplicated `exclude` entry. --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 9eacce5028..8c79f33b6e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,6 @@ matrix: exclude: - rvm: 2.1.5 gemfile: gemfiles/Gemfile.rails-5.0-beta - exclude: - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.0-beta services: From 8d57a54b2d232b229ae69533d4499e910cf9589e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 18 Dec 2015 14:59:31 -0200 Subject: [PATCH 0823/1473] :scissors: Remove custom Travis cache scripts. --- script/cached-bundle | 49 ------------------------------ script/s3-put | 71 -------------------------------------------- 2 files changed, 120 deletions(-) delete mode 100755 script/cached-bundle delete mode 100755 script/s3-put diff --git a/script/cached-bundle b/script/cached-bundle deleted file mode 100755 index 5142778073..0000000000 --- a/script/cached-bundle +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env bash -# Usage: cached-bundle install --deployment -# -# After running `bundle`, caches the `vendor/bundle` directory to S3. -# On the next run, restores the cached directory before running `bundle`. -# When `Gemfile.lock` changes, the cache gets rebuilt. -# -# Requirements: -# - Gemfile.lock -# - TRAVIS_REPO_SLUG -# - TRAVIS_RUBY_VERSION -# - AMAZON_S3_BUCKET -# - script/s3-put -# - bundle -# - curl -# -# Author: Mislav Marohnić - -set -e - -compute_md5() { - local output="$(openssl md5)" - echo "${output##* }" -} - -download() { - curl --tcp-nodelay -qsfL "$1" -o "$2" -} - - -gemfile="${BUNDLE_GEMFILE:-Gemfile}" -bundle_fullpath="$(dirname $gemfile)/vendor/bundle" -bundle_path=${bundle_fullpath#$PWD/} -gemfile_hash="$(compute_md5 <"${gemfile}.lock")" -cache_name="${TRAVIS_RUBY_VERSION}-${gemfile_hash}.tgz" -fetch_url="http://${AMAZON_S3_BUCKET}.s3.amazonaws.com/${TRAVIS_REPO_SLUG}/${cache_name}" - -if download "$fetch_url" "$cache_name"; then - echo "Reusing cached bundle ${cache_name}" - tar xzf "$cache_name" -fi - -bundle "$@" - -if [ ! -f "$cache_name" ] && [ -n "$AMAZON_SECRET_ACCESS_KEY" ]; then - echo "Caching \`${bundle_path}' to S3" - tar czf "$cache_name" "$bundle_path" - script/s3-put "$cache_name" "${AMAZON_S3_BUCKET}:${TRAVIS_REPO_SLUG}/${cache_name}" -fi diff --git a/script/s3-put b/script/s3-put deleted file mode 100755 index 036e845de2..0000000000 --- a/script/s3-put +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/bin/env bash -# Usage: s3-put [:] [] -# -# Uploads a file to the Amazon S3 service. -# Outputs the URL for the newly uploaded file. -# -# Requirements: -# - AMAZON_ACCESS_KEY_ID -# - AMAZON_SECRET_ACCESS_KEY -# - openssl -# - curl -# -# Author: Mislav Marohnić - -set -e - -authorization() { - local signature="$(string_to_sign | hmac_sha1 | base64)" - echo "AWS ${AMAZON_ACCESS_KEY_ID?}:${signature}" -} - -hmac_sha1() { - openssl dgst -binary -sha1 -hmac "${AMAZON_SECRET_ACCESS_KEY?}" -} - -base64() { - openssl enc -base64 -} - -bin_md5() { - openssl dgst -binary -md5 -} - -string_to_sign() { - echo "$http_method" - echo "$content_md5" - echo "$content_type" - echo "$date" - echo "x-amz-acl:$acl" - printf "/$bucket/$remote_path" -} - -date_string() { - LC_TIME=C date "+%a, %d %h %Y %T %z" -} - -file="$1" -bucket="${2%%:*}" -remote_path="${2#*:}" -content_type="$3" - -if [ -z "$remote_path" ] || [ "$remote_path" = "$bucket" ]; then - remote_path="${file##*/}" -fi - -http_method=PUT -acl="public-read" -content_md5="$(bin_md5 < "$file" | base64)" -date="$(date_string)" - -url="https://$bucket.s3.amazonaws.com/$remote_path" - -curl -qsSf -T "$file" \ - -H "Authorization: $(authorization)" \ - -H "x-amz-acl: $acl" \ - -H "Date: $date" \ - -H "Content-MD5: $content_md5" \ - -H "Content-Type: $content_type" \ - "$url" - -echo "$url" From 6431445846846f013be60a8ea6e48b9fcfe19b2d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 21 Dec 2015 09:57:20 -0200 Subject: [PATCH 0824/1473] Cast the result of deperecated sanitization calls to a HWIA as well. --- lib/devise/parameter_sanitizer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 5eba063207..4fcf69714e 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -71,7 +71,7 @@ def sanitize(action) # DEPRECATED: Remove this branch on Devise 4.1. if respond_to?(action, true) deprecate_instance_method_sanitization(action) - return send(action) + return cast_to_hash send(action) end if permissions.respond_to?(:call) From 924a989f377214afedf83fb64bd39260c8acd623 Mon Sep 17 00:00:00 2001 From: James Darling Date: Mon, 28 Dec 2015 00:45:03 +0000 Subject: [PATCH 0825/1473] Update controller generator templates for new ParameterSanitizer syntax Devise::ParameterSanitizer has a new syntax for permitting additional attributes to a model. This commit updates the generated controllers to reflect that. --- .../templates/controllers/registrations_controller.rb | 4 ++-- lib/generators/templates/controllers/sessions_controller.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/generators/templates/controllers/registrations_controller.rb b/lib/generators/templates/controllers/registrations_controller.rb index 68de84d7ec..71791daedf 100644 --- a/lib/generators/templates/controllers/registrations_controller.rb +++ b/lib/generators/templates/controllers/registrations_controller.rb @@ -40,12 +40,12 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsControl # If you have extra params to permit, append them to the sanitizer. # def configure_sign_up_params - # devise_parameter_sanitizer.for(:sign_up) << :attribute + # devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute]) # end # If you have extra params to permit, append them to the sanitizer. # def configure_account_update_params - # devise_parameter_sanitizer.for(:account_update) << :attribute + # devise_parameter_sanitizer.permit(:account_update, keys: [:attribute]) # end # The path used after sign up. diff --git a/lib/generators/templates/controllers/sessions_controller.rb b/lib/generators/templates/controllers/sessions_controller.rb index 44f748f71b..c5a02bd216 100644 --- a/lib/generators/templates/controllers/sessions_controller.rb +++ b/lib/generators/templates/controllers/sessions_controller.rb @@ -20,6 +20,6 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController # If you have extra params to permit, append them to the sanitizer. # def configure_sign_in_params - # devise_parameter_sanitizer.for(:sign_in) << :attribute + # devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute]) # end end From 48e26c5d0aa4319696735d0acfa0d94ea583ec42 Mon Sep 17 00:00:00 2001 From: Atul Bhosale Date: Fri, 1 Jan 2016 11:24:00 +0530 Subject: [PATCH 0826/1473] Update copyright notices to 2016 [ci skip] --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 5b378a2f9d..33f3243371 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2009-2015 Plataformatec. http://plataformatec.com.br +Copyright 2009-2016 Plataformatec. http://plataformatec.com.br Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index d877a6e8b5..123345b7b4 100644 --- a/README.md +++ b/README.md @@ -550,6 +550,6 @@ https://github.com/plataformatec/devise/graphs/contributors ## License -MIT License. Copyright 2009-2015 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2016 Plataformatec. http://plataformatec.com.br You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. From 37b7e9b850a0c3775b5973c405982e45dba275b4 Mon Sep 17 00:00:00 2001 From: Dave Morse Date: Sun, 3 Jan 2016 16:50:47 -0500 Subject: [PATCH 0827/1473] README.md: clarified how to include Devise::TestHelpers for :view tests. Also clarified that including Devise::TestHelpers during integration tests is a mistake. source: https://github.com/plataformatec/devise/issues/3881 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d877a6e8b5..c698c54080 100644 --- a/README.md +++ b/README.md @@ -421,6 +421,7 @@ If you're using RSpec, you can put the following inside a file named `spec/suppo ```ruby RSpec.configure do |config| config.include Devise::TestHelpers, type: :controller + config.include Devise::TestHelpers, type: :view end ``` @@ -438,7 +439,7 @@ sign_out @user # sign_out(resource) There are two things that are important to keep in mind: -1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session; +1. `Devise::TestHelpers` is not going to work for integration tests driven by Capybara or Webrat. It is meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session; 2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use: From 42fac75e8e09f0f3fc566965cb973d3ed7a2afed Mon Sep 17 00:00:00 2001 From: Dave Morse Date: Sun, 3 Jan 2016 17:06:34 -0500 Subject: [PATCH 0828/1473] Clarify previous clarification to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c698c54080..65b87519a6 100644 --- a/README.md +++ b/README.md @@ -439,7 +439,7 @@ sign_out @user # sign_out(resource) There are two things that are important to keep in mind: -1. `Devise::TestHelpers` is not going to work for integration tests driven by Capybara or Webrat. It is meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session; +1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. It is undesirable even to include `Devise::TestHelpers` during integration tests. Instead, fill in the form or explicitly set the user in session; 2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use: From f0b937c538d8d9a30264a969895b3c298728c801 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 5 Jan 2016 14:48:10 -0200 Subject: [PATCH 0829/1473] Test against Ruby 2.3.0. --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 8c79f33b6e..53d97b5c96 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,6 +3,7 @@ language: ruby rvm: - 2.1.5 - 2.2.4 + - 2.3.0 gemfile: - gemfiles/Gemfile.rails-4.2-stable From e5797001a7e5ce2863a11b79d6ff3dfe7e2c67d3 Mon Sep 17 00:00:00 2001 From: Owen Davies Date: Wed, 6 Jan 2016 13:00:54 +0000 Subject: [PATCH 0830/1473] Add parent_mailer to lib/generators/templates/devise.rb --- lib/generators/templates/devise.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index ef8aaf5640..62f31b100e 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -17,6 +17,9 @@ # Configure the class responsible to send e-mails. # config.mailer = 'Devise::Mailer' + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + # ==> ORM configuration # Load and configure the ORM. Supports :active_record (default) and # :mongoid (bson_ext recommended) by default. Other ORMs may be From 6f91baf99cc51fa4f2f86de878c265e952475aeb Mon Sep 17 00:00:00 2001 From: araa Date: Thu, 7 Jan 2016 14:37:02 -0500 Subject: [PATCH 0831/1473] Add link to devise_for documentation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bc8e18a3eb..7357b7e490 100644 --- a/README.md +++ b/README.md @@ -352,7 +352,7 @@ Devise also ships with default routes. If you need to customize them, you should devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` -Be sure to check `devise_for` documentation for details. +Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details. If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router: From 260fa1a2e2f7c83c98c665ed2c80bd23a2f8b1d3 Mon Sep 17 00:00:00 2001 From: Zachary Friedman Date: Wed, 13 Jan 2016 14:03:21 -0800 Subject: [PATCH 0832/1473] It would appear that consistency with the indentation used in the top-level Devise module would dictate this formatting change --- lib/devise.rb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 2d3540b7fc..ac71b83068 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -18,12 +18,12 @@ module Devise autoload :TokenGenerator, 'devise/token_generator' module Controllers - autoload :Helpers, 'devise/controllers/helpers' - autoload :Rememberable, 'devise/controllers/rememberable' - autoload :ScopedViews, 'devise/controllers/scoped_views' - autoload :SignInOut, 'devise/controllers/sign_in_out' - autoload :StoreLocation, 'devise/controllers/store_location' - autoload :UrlHelpers, 'devise/controllers/url_helpers' + autoload :Helpers, 'devise/controllers/helpers' + autoload :Rememberable, 'devise/controllers/rememberable' + autoload :ScopedViews, 'devise/controllers/scoped_views' + autoload :SignInOut, 'devise/controllers/sign_in_out' + autoload :StoreLocation, 'devise/controllers/store_location' + autoload :UrlHelpers, 'devise/controllers/url_helpers' end module Hooks @@ -35,7 +35,7 @@ module Mailers end module Strategies - autoload :Base, 'devise/strategies/base' + autoload :Base, 'devise/strategies/base' autoload :Authenticatable, 'devise/strategies/authenticatable' end From 0a4da78b227016f6103319e0f9512a8e99053249 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 17 Jan 2016 12:53:31 -0200 Subject: [PATCH 0833/1473] Add a notice to README regarding the sanitizer API change. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 7357b7e490..fd1db05324 100644 --- a/README.md +++ b/README.md @@ -184,6 +184,10 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, ### Strong Parameters +![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204) + +*For previous Devise versions see https://github.com/plataformatec/devise/tree/3-stable#strong-parameters* + When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are: From 4ec7dc0f2777bde10125dcf6f72c536232086665 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 16 Dec 2015 17:13:46 +0100 Subject: [PATCH 0834/1473] Store creation timestamp on remember cookies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Valim --- lib/devise.rb | 1 + lib/devise/controllers/rememberable.rb | 2 +- lib/devise/models/rememberable.rb | 54 +++++----- lib/devise/models/timeoutable.rb | 6 -- test/integration/rememberable_test.rb | 4 +- test/integration/timeoutable_test.rb | 10 -- test/models/rememberable_test.rb | 131 +++++++------------------ 7 files changed, 66 insertions(+), 142 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index ac71b83068..d80c977a90 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -115,6 +115,7 @@ module Strategies mattr_accessor :remember_for @@remember_for = 2.weeks + # TODO: extend_remember_period is no longer used # If true, extends the user's remember period when remembered via cookie. mattr_accessor :extend_remember_period @@extend_remember_period = false diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index 5700fde8cf..fcd2c0ff34 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -13,7 +13,7 @@ def self.cookie_values def remember_me(resource) return if env["devise.skip_storage"] scope = Devise::Mapping.find_scope!(resource) - resource.remember_me!(resource.extend_remember_period) + resource.remember_me! cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource) end diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 62b052fc27..9849b3ca47 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -45,11 +45,11 @@ def self.required_fields(klass) [:remember_created_at] end - # Generate a new remember token and save the record without validations - # if remember expired (token is no longer valid) or extend_remember_period is true - def remember_me!(extend_period=false) - self.remember_token = self.class.remember_token if generate_remember_token? - self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period) + # TODO: We were used to receive a extend period argument but we no longer do. + # Remove this for Devise 4.0. + def remember_me!(*) + self.remember_token = self.class.remember_token if respond_to?(:remember_token) + self.remember_created_at ||= Time.now.utc save(validate: false) if self.changed? end @@ -57,19 +57,13 @@ def remember_me!(extend_period=false) # it exists), and save the record without validations. def forget_me! return unless persisted? - self.remember_token = nil if respond_to?(:remember_token=) + self.remember_token = nil if respond_to?(:remember_token) self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out save(validate: false) end - # Remember token should be expired if expiration time not overpass now. - def remember_expired? - remember_created_at.nil? || (remember_expires_at <= Time.now.utc) - end - - # Remember token expires at created time + remember_for configuration def remember_expires_at - remember_created_at + self.class.remember_for + self.class.remember_for.from_now end def rememberable_value @@ -104,27 +98,30 @@ def after_remembered protected - def generate_remember_token? #:nodoc: - respond_to?(:remember_token) && remember_expired? - end - - # Generate a timestamp if extend_remember_period is true, if no remember_token - # exists, or if an existing remember token has expired. - def generate_remember_timestamp?(extend_period) #:nodoc: - extend_period || remember_expired? - end - module ClassMethods # Create the cookie key using the record id and remember_token def serialize_into_cookie(record) - [record.to_key, record.rememberable_value] + [record.to_key, record.rememberable_value, Time.now.utc] end # Recreate the user based on the stored cookie - def serialize_from_cookie(id, remember_token) - record = to_adapter.get(id) - record if record && !record.remember_expired? && - Devise.secure_compare(record.rememberable_value, remember_token) + def serialize_from_cookie(*args) + id, token, generated_at = args + + # The token is only valid if: + # 1. we have a date + # 2. the current time does not pass the expiry period + # 3. there is a record with the given id + # 4. the record has a remember_created_at date + # 5. the token date is bigger than the remember_created_at + # 6. the token matches + if generated_at && + (self.remember_for.ago < generated_at) && + (record = to_adapter.get(id)) && + (generated_at > (record.remember_created_at || Time.now).utc) && + Devise.secure_compare(record.rememberable_value, token) + record + end end # Generate a token checking if one does not already exist in the database. @@ -135,6 +132,7 @@ def remember_token #:nodoc: end end + # TODO: extend_remember_period is no longer used Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out) end end diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index bdc2abc5d3..d589e24a47 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -26,7 +26,6 @@ def self.required_fields(klass) # Checks whether the user session has expired based on configured time. def timedout?(last_access) - return false if remember_exists_and_not_expired? !timeout_in.nil? && last_access && last_access <= timeout_in.ago end @@ -36,11 +35,6 @@ def timeout_in private - def remember_exists_and_not_expired? - return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?) - remember_created_at && !remember_expired? - end - module ClassMethods Devise::Models.config(self, :timeout_in) end diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 39d7e6065b..d381083331 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -4,7 +4,7 @@ class RememberMeTest < Devise::IntegrationTest def create_user_and_remember(add_to_token='') user = create_user user.remember_me! - raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token } + raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token } cookies['remember_user_token'] = generate_signed_cookie(raw_cookie) user end @@ -137,7 +137,7 @@ def cookie_expires(key) test 'do not remember with expired token' do create_user_and_remember - swap Devise, remember_for: 0 do + swap Devise, remember_for: 0.days do get users_path assert_not warden.authenticated?(:user) assert_redirected_to new_user_session_path diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 3c3503dcb1..60b8e5a606 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -165,16 +165,6 @@ def last_request_at end end - test 'time out not triggered if remembered' do - user = sign_in_as_user remember_me: true - get expire_user_path(user) - assert_not_nil last_request_at - - get users_path - assert_response :success - assert warden.authenticated?(:user) - end - test 'does not crashes when the last_request_at is a String' do user = sign_in_as_user diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index c69643c6db..eb1346382d 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -13,6 +13,7 @@ def create_resource user = create_user user.expects(:valid?).never user.remember_me! + assert user.remember_created_at end test 'forget_me should not clear remember token if using salt' do @@ -33,13 +34,45 @@ def create_resource test 'serialize into cookie' do user = create_user user.remember_me! - assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user) + id, token, date = User.serialize_into_cookie(user) + assert_equal id, user.to_key + assert_equal token, user.authenticatable_salt + assert date.is_a?(Time) end test 'serialize from cookie' do user = create_user user.remember_me! - assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt) + assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc) + end + + test 'serialize from cookie should return nil if no resource is found' do + assert_nil resource_class.serialize_from_cookie([0], "123", Time.now.utc) + end + + test 'serialize from cookie should return nil if no timestamp' do + user = create_user + user.remember_me! + assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt) + end + + test 'serialize from cookie should return nil if timestamp is earlier than token creation' do + user = create_user + user.remember_me! + assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 1.day.ago) + end + + test 'serialize from cookie should return nil if timestamp is older than remember_for' do + user = create_user + user.remember_created_at = 1.month.ago + user.remember_me! + assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 3.weeks.ago) + end + + test 'serialize from cookie me return nil if is a valid resource with invalid token' do + user = create_user + user.remember_me! + assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc) end test 'raises a RuntimeError if authenticatable_salt is nil or empty' do @@ -93,28 +126,7 @@ def user.authenticable_salt; ""; end resource.forget_me! end - test 'remember is expired if not created at timestamp is set' do - assert create_resource.remember_expired? - end - - test 'serialize should return nil if no resource is found' do - assert_nil resource_class.serialize_from_cookie([0], "123") - end - - test 'remember me return nil if is a valid resource with invalid token' do - resource = create_resource - assert_nil resource_class.serialize_from_cookie([resource.id], "123") - end - - test 'remember for should fallback to devise remember for default configuration' do - swap Devise, remember_for: 1.day do - resource = create_resource - resource.remember_me! - assert_not resource.remember_expired? - end - end - - test 'remember expires at should sum date of creation with remember for configuration' do + test 'remember expires at uses remember for configuration' do swap Devise, remember_for: 3.days do resource = create_resource resource.remember_me! @@ -125,77 +137,6 @@ def user.authenticable_salt; ""; end end end - test 'remember should be expired if remember_for is zero' do - swap Devise, remember_for: 0.days do - Devise.remember_for = 0.days - resource = create_resource - resource.remember_me! - assert resource.remember_expired? - end - end - - test 'remember should be expired if it was created before limit time' do - swap Devise, remember_for: 1.day do - resource = create_resource - resource.remember_me! - resource.remember_created_at = 2.days.ago - resource.save - assert resource.remember_expired? - end - end - - test 'remember should not be expired if it was created within the limit time' do - swap Devise, remember_for: 30.days do - resource = create_resource - resource.remember_me! - resource.remember_created_at = (30.days.ago + 2.minutes) - resource.save - assert_not resource.remember_expired? - end - end - - test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do - swap Devise, remember_for: 5.minutes do - resource = create_resource - resource.remember_me!(false) - assert resource.remember_created_at - - resource.remember_created_at = old = 10.minutes.ago - resource.save - - resource.remember_me!(false) - assert_not_equal old.to_i, resource.remember_created_at.to_i - end - end - - test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do - swap Devise, remember_for: 1.year do - resource = create_resource - resource.remember_me!(false) - assert resource.remember_created_at - - resource.remember_created_at = old = 10.minutes.ago.utc - resource.save - - resource.remember_me!(false) - assert_equal old.to_i, resource.remember_created_at.to_i - end - end - - test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do - swap Devise, remember_for: 1.year do - resource = create_resource - resource.remember_me!(true) - assert resource.remember_created_at - - resource.remember_created_at = old = 10.minutes.ago - resource.save - - resource.remember_me!(true) - assert_not_equal old, resource.remember_created_at - end - end - test 'should have the required_fields array' do assert_same_content Devise::Models::Rememberable.required_fields(User), [ :remember_created_at From 52b1ca2d801b2f511bb2fef4c48f96c8576a63ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 18 Jan 2016 15:22:00 +0100 Subject: [PATCH 0835/1473] Bump to dev version --- Gemfile.lock | 6 +++--- lib/devise/version.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 79d899b252..365bc020c1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (3.5.3) + devise (4.0.0.pre.dev) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -140,8 +140,8 @@ GEM rake (10.4.2) rdoc (4.2.0) json (~> 1.4) - responders (2.1.0) - railties (>= 4.2.0, < 5) + responders (2.1.1) + railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) concurrent-ruby (~> 1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 80363a014b..0e32a6a3a7 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "3.5.3".freeze + VERSION = "4.0.0-dev".freeze end From b91bbb1590bbf8c545115587a10d52845d98d8c7 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 18 Jan 2016 13:51:51 -0200 Subject: [PATCH 0836/1473] Tweak `ParameterSanitizer` exception/deprecation messages. --- lib/devise/parameter_sanitizer.rb | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 4fcf69714e..ad01ac738f 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -164,7 +164,13 @@ def extract_auth_keys(klass) end def unknown_action!(action) - raise NotImplementedError, "Devise doesn't know how to sanitize parameters for #{action}" + raise NotImplementedError, <<-MESSAGE.strip_heredoc + "Devise doesn't know how to sanitize parameters for '#{action}'". + If you want to define a new set of parameters to be sanitized use the + `permit` method first: + + devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, param2, param3]) + MESSAGE end def deprecate_for_with_block(action) @@ -184,7 +190,7 @@ def deprecate_for_without_block(action) Please use the `permit` method to add or remove any key: To add any new key, use the `keys` keyword argument: - devise_parameter_sanitizer.permit(:#{action}, keys: [:key1, key2, key3]) + devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, param2, param3]) To remove any existing key, use the `except` keyword argument: devise_parameter_sanitizer.permit(:#{action}, except: [:email]) @@ -199,7 +205,7 @@ def deprecate_instance_method_sanitization(action) class #{self.class.name} < Devise::ParameterSanitizer def initialize(*) super - permit(:#{action}, keys: [:key1, :key2, :key3]) + permit(:#{action}, keys: [:param1, :param2, :param3]) end end MESSAGE From cc02d06c5823c667a53c52f6dddafe3109450d7d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 18 Jan 2016 13:59:27 -0200 Subject: [PATCH 0837/1473] Remove Rails 3.2 compatibility fix. --- lib/devise/rails.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 82fcb1229c..1071d185f5 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -43,14 +43,5 @@ class Engine < ::Rails::Engine ) end end - - initializer "devise.fix_routes_proxy_missing_respond_to_bug" do - # Deprecate: Remove once we move to Rails 4 only. - ActionDispatch::Routing::RoutesProxy.class_eval do - def respond_to?(method, include_private = false) - super || routes.url_helpers.respond_to?(method) - end - end - end end end From b97b3e6e3b570324467ac84d807111837943ec20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Fri, 22 Jan 2016 16:18:57 +0100 Subject: [PATCH 0838/1473] Do not timeout if remember me is enabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Valim --- lib/devise/controllers/rememberable.rb | 7 +++++++ lib/devise/hooks/timeoutable.rb | 5 +++-- lib/devise/models/rememberable.rb | 29 ++++++++++++++++++-------- test/integration/timeoutable_test.rb | 12 ++++++++++- 4 files changed, 41 insertions(+), 12 deletions(-) diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index fcd2c0ff34..a91209adec 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -9,6 +9,13 @@ def self.cookie_values Rails.configuration.session_options.slice(:path, :domain, :secure) end + def remember_me_is_active?(resource) + return false unless resource.respond_to?(:remember_me) + scope = Devise::Mapping.find_scope!(resource) + cookie = cookies.signed[remember_key(resource, scope)] + resource.class.serialized_in_cookie?(resource, *cookie) + end + # Remembers the given resource by setting up a cookie def remember_me(resource) return if env["devise.skip_storage"] diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index e610885507..1bfa07d7ab 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -19,9 +19,10 @@ proxy = Devise::Hooks::Proxy.new(warden) - if record.timedout?(last_request_at) && !env['devise.skip_timeout'] + if record.timedout?(last_request_at) && + !env['devise.skip_timeout'] && + !proxy.remember_me_is_active?(record) Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope) - throw :warden, scope: scope, message: :timeout end diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 9849b3ca47..f307a00fc3 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -96,7 +96,6 @@ def rememberable_options def after_remembered end - protected module ClassMethods # Create the cookie key using the record id and remember_token @@ -106,6 +105,25 @@ def serialize_into_cookie(record) # Recreate the user based on the stored cookie def serialize_from_cookie(*args) + serialize_from_cookie_with_or_without_record(nil, args) + end + + # Check if the given record is the one serialized in cookie + def serialized_in_cookie?(record, *args) + !!serialize_from_cookie_with_or_without_record(record, args) + end + + # Generate a token checking if one does not already exist in the database. + def remember_token #:nodoc: + loop do + token = Devise.friendly_token + break token unless to_adapter.find_first({ remember_token: token }) + end + end + + private + + def serialize_from_cookie_with_or_without_record(record, args) id, token, generated_at = args # The token is only valid if: @@ -117,20 +135,13 @@ def serialize_from_cookie(*args) # 6. the token matches if generated_at && (self.remember_for.ago < generated_at) && - (record = to_adapter.get(id)) && + (record ||= to_adapter.get(id)) && (id == record.to_key) && (generated_at > (record.remember_created_at || Time.now).utc) && Devise.secure_compare(record.rememberable_value, token) record end end - # Generate a token checking if one does not already exist in the database. - def remember_token #:nodoc: - loop do - token = Devise.friendly_token - break token unless to_adapter.find_first({ remember_token: token }) - end - end # TODO: extend_remember_period is no longer used Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out) diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 60b8e5a606..f34eaa7e47 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -165,7 +165,17 @@ def last_request_at end end - test 'does not crashes when the last_request_at is a String' do + test 'time out not triggered if remembered' do + user = sign_in_as_user remember_me: true + get expire_user_path(user) + assert_not_nil last_request_at + + get users_path + assert_response :success + assert warden.authenticated?(:user) + end + + test 'does not crash when the last_request_at is a String' do user = sign_in_as_user get edit_form_user_path(user, last_request_at: Time.now.utc.to_s) From d1d8c2f03de76b8d394c2335df336d082628de01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 25 Jan 2016 11:17:05 +0100 Subject: [PATCH 0839/1473] Ensure generated_at is a Time MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Valim --- lib/devise/models/rememberable.rb | 2 +- test/models/rememberable_test.rb | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index f307a00fc3..e6102e4a46 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -133,7 +133,7 @@ def serialize_from_cookie_with_or_without_record(record, args) # 4. the record has a remember_created_at date # 5. the token date is bigger than the remember_created_at # 6. the token matches - if generated_at && + if generated_at.is_a?(Time) && (self.remember_for.ago < generated_at) && (record ||= to_adapter.get(id)) && (id == record.to_key) && (generated_at > (record.remember_created_at || Time.now).utc) && diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index eb1346382d..7a04cfc666 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -46,6 +46,12 @@ def create_resource assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc) end + test 'serialize from cookie should return nil with invalid datetime' do + user = create_user + user.remember_me! + assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, "2013") + end + test 'serialize from cookie should return nil if no resource is found' do assert_nil resource_class.serialize_from_cookie([0], "123", Time.now.utc) end From 0c7f8764c99ac55656f5b40f2ff7d260abe4dcae Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 27 Jan 2016 13:52:37 -0200 Subject: [PATCH 0840/1473] Bump `Gemfile` dependencies. --- Gemfile.lock | 21 +++-- gemfiles/Gemfile.rails-4.1-stable.lock | 70 ++++++++------- gemfiles/Gemfile.rails-4.2-stable.lock | 115 +++++++++++++------------ gemfiles/Gemfile.rails-5.0-beta | 2 +- gemfiles/Gemfile.rails-5.0-beta.lock | 82 +++++++++--------- 5 files changed, 144 insertions(+), 146 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 365bc020c1..c4f65daf67 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -68,7 +68,7 @@ GEM metaclass (0.0.4) mime-types (2.99) mini_portile2 (2.0.0) - minitest (5.8.3) + minitest (5.8.4) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.2) @@ -83,7 +83,7 @@ GEM multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.7) + nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -105,7 +105,7 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.1.1) + origin (2.2.0) orm_adapter (0.5.0) rack (1.6.4) rack-openid (1.3.1) @@ -130,26 +130,25 @@ GEM activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.2) + rails-html-sanitizer (1.0.3) loofah (~> 2.0) railties (4.2.2) actionpack (= 4.2.2) activesupport (= 4.2.2) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.2) - rdoc (4.2.0) - json (~> 1.4) + rake (10.5.0) + rdoc (4.2.1) responders (2.1.1) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (2.3.3) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) + sprockets-rails (3.0.0) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) sqlite3 (1.3.11) thor (0.19.1) thread_safe (0.3.5) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index d4052c24cb..dd73859d98 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,59 +1,58 @@ GIT remote: git://github.com/rails/rails.git - revision: 7310a6d5c82d990122f5c49114aeb93dfa73b031 + revision: e8eda76893479a29ace8d85cf4e4cfc67cd6fd4b branch: 4-1-stable specs: - actionmailer (4.1.14) - actionpack (= 4.1.14) - actionview (= 4.1.14) + actionmailer (4.1.14.1) + actionpack (= 4.1.14.1) + actionview (= 4.1.14.1) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.14) - actionview (= 4.1.14) - activesupport (= 4.1.14) + actionpack (4.1.14.1) + actionview (= 4.1.14.1) + activesupport (= 4.1.14.1) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.14) - activesupport (= 4.1.14) + actionview (4.1.14.1) + activesupport (= 4.1.14.1) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.14) - activesupport (= 4.1.14) + activemodel (4.1.14.1) + activesupport (= 4.1.14.1) builder (~> 3.1) - activerecord (4.1.14) - activemodel (= 4.1.14) - activesupport (= 4.1.14) + activerecord (4.1.14.1) + activemodel (= 4.1.14.1) + activesupport (= 4.1.14.1) arel (~> 5.0.0) - activesupport (4.1.14) + activesupport (4.1.14.1) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - rails (4.1.14) - actionmailer (= 4.1.14) - actionpack (= 4.1.14) - actionview (= 4.1.14) - activemodel (= 4.1.14) - activerecord (= 4.1.14) - activesupport (= 4.1.14) + rails (4.1.14.1) + actionmailer (= 4.1.14.1) + actionpack (= 4.1.14.1) + actionview (= 4.1.14.1) + activemodel (= 4.1.14.1) + activerecord (= 4.1.14.1) + activesupport (= 4.1.14.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.14) + railties (= 4.1.14.1) sprockets-rails (~> 2.0) - railties (4.1.14) - actionpack (= 4.1.14) - activesupport (= 4.1.14) + railties (4.1.14.1) + actionpack (= 4.1.14.1) + activesupport (= 4.1.14.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) PATH remote: .. specs: - devise (3.5.3) + devise (4.0.0.pre.dev) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5) + railties (>= 4.1.0, < 5.1) responders - thread_safe (~> 0.1) warden (~> 1.2.3) GEM @@ -77,7 +76,7 @@ GEM metaclass (0.0.4) mime-types (2.99) mini_portile2 (2.0.0) - minitest (5.8.3) + minitest (5.8.4) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.2) @@ -92,7 +91,7 @@ GEM multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.7) + nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) oauth2 (0.9.4) faraday (>= 0.8, < 0.10) @@ -114,7 +113,7 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.1.1) + origin (2.2.0) orm_adapter (0.5.0) rack (1.5.5) rack-openid (1.3.1) @@ -122,9 +121,8 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rake (10.4.2) - rdoc (4.2.0) - json (~> 1.4) + rake (10.5.0) + rdoc (4.2.1) responders (1.1.2) railties (>= 3.2, < 4.2) ruby-openid (2.7.0) @@ -167,4 +165,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.10.6 + 1.11.2 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index e9b8b0d54f..89949311a3 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,69 +1,68 @@ GIT remote: git://github.com/rails/rails.git - revision: f2b860fc0846c89e0cb2f5d844af458c410c65e3 + revision: acf654b1c4a1ffe2a90d6ea63a0b989d656bb87d branch: 4-2-stable specs: - actionmailer (4.2.4) - actionpack (= 4.2.4) - actionview (= 4.2.4) - activejob (= 4.2.4) + actionmailer (4.2.5.1) + actionpack (= 4.2.5.1) + actionview (= 4.2.5.1) + activejob (= 4.2.5.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.4) - actionview (= 4.2.4) - activesupport (= 4.2.4) + actionpack (4.2.5.1) + actionview (= 4.2.5.1) + activesupport (= 4.2.5.1) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.4) - activesupport (= 4.2.4) + actionview (4.2.5.1) + activesupport (= 4.2.5.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.4) - activesupport (= 4.2.4) + activejob (4.2.5.1) + activesupport (= 4.2.5.1) globalid (>= 0.3.0) - activemodel (4.2.4) - activesupport (= 4.2.4) + activemodel (4.2.5.1) + activesupport (= 4.2.5.1) builder (~> 3.1) - activerecord (4.2.4) - activemodel (= 4.2.4) - activesupport (= 4.2.4) + activerecord (4.2.5.1) + activemodel (= 4.2.5.1) + activesupport (= 4.2.5.1) arel (~> 6.0) - activesupport (4.2.4) + activesupport (4.2.5.1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - rails (4.2.4) - actionmailer (= 4.2.4) - actionpack (= 4.2.4) - actionview (= 4.2.4) - activejob (= 4.2.4) - activemodel (= 4.2.4) - activerecord (= 4.2.4) - activesupport (= 4.2.4) + rails (4.2.5.1) + actionmailer (= 4.2.5.1) + actionpack (= 4.2.5.1) + actionview (= 4.2.5.1) + activejob (= 4.2.5.1) + activemodel (= 4.2.5.1) + activerecord (= 4.2.5.1) + activesupport (= 4.2.5.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.4) + railties (= 4.2.5.1) sprockets-rails - railties (4.2.4) - actionpack (= 4.2.4) - activesupport (= 4.2.4) + railties (4.2.5.1) + actionpack (= 4.2.5.1) + activesupport (= 4.2.5.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) PATH remote: .. specs: - devise (3.5.3) + devise (4.0.0.pre.dev) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) + railties (>= 4.1.0, < 5.1) responders - thread_safe (~> 0.1) warden (~> 1.2.3) GEM @@ -71,26 +70,27 @@ GEM specs: arel (6.0.3) bcrypt (3.1.10) - bson (3.2.1) + bson (3.2.6) builder (3.2.2) + concurrent-ruby (1.0.0) connection_pool (2.2.0) erubis (2.7.0) - faraday (0.9.1) + faraday (0.9.2) multipart-post (>= 1.2, < 3) globalid (0.3.6) activesupport (>= 4.1.0) - hashie (3.4.2) + hashie (3.4.3) i18n (0.7.0) json (1.8.3) - jwt (1.5.1) + jwt (1.5.2) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.6.1) - mini_portile (0.6.2) - minitest (5.8.0) + mime-types (2.99) + mini_portile2 (2.0.0) + minitest (5.8.4) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.2) @@ -105,8 +105,8 @@ GEM multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + nokogiri (1.6.7.2) + mini_portile2 (~> 2.0.0.rc2) oauth2 (1.0.0) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -116,7 +116,7 @@ GEM omniauth (1.2.2) hashie (>= 1.2, < 4) rack (~> 1.0) - omniauth-facebook (2.0.1) + omniauth-facebook (3.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.2.0) faraday (>= 0.8, < 0.10) @@ -127,7 +127,7 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.1.1) + origin (2.2.0) orm_adapter (0.5.0) rack (1.6.4) rack-openid (1.3.1) @@ -141,20 +141,21 @@ GEM activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.2) + rails-html-sanitizer (1.0.3) loofah (~> 2.0) - rake (10.4.2) - rdoc (4.2.0) - responders (2.1.0) - railties (>= 4.2.0, < 5) + rake (10.5.0) + rdoc (4.2.1) + responders (2.1.1) + railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.3.3) - rack (~> 1.0) - sprockets-rails (2.3.2) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.10) + sprockets (3.5.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.0.0) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.3.11) thor (0.19.1) thread_safe (0.3.5) tzinfo (1.2.2) @@ -186,4 +187,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.10.6 + 1.11.2 diff --git a/gemfiles/Gemfile.rails-5.0-beta b/gemfiles/Gemfile.rails-5.0-beta index a9b4d35da3..d78745f446 100644 --- a/gemfiles/Gemfile.rails-5.0-beta +++ b/gemfiles/Gemfile.rails-5.0-beta @@ -2,7 +2,7 @@ source 'https://rubygems.org' gemspec path: '..' -gem 'rails', '5.0.0.beta1' +gem 'rails', '5.0.0.beta1.1' gem 'omniauth', '~>1.3.1' gem 'oauth2', github: 'twalpole/oauth2', branch: 'rack_master' gem 'omniauth-oauth2', '>= 1.2.0', '< 1.5.0' diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock index e82252317c..cd8923c2c0 100644 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -22,7 +22,7 @@ GIT PATH remote: .. specs: - devise (3.5.3) + devise (4.0.0.pre.dev) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -32,44 +32,44 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.0.0.beta1) - actionpack (= 5.0.0.beta1) + actioncable (5.0.0.beta1.1) + actionpack (= 5.0.0.beta1.1) celluloid (~> 0.17.2) coffee-rails (~> 4.1.0) em-hiredis (~> 0.3.0) faye-websocket (~> 0.10.0) redis (~> 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.0.beta1) - actionpack (= 5.0.0.beta1) - actionview (= 5.0.0.beta1) - activejob (= 5.0.0.beta1) + actionmailer (5.0.0.beta1.1) + actionpack (= 5.0.0.beta1.1) + actionview (= 5.0.0.beta1.1) + activejob (= 5.0.0.beta1.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (5.0.0.beta1) - actionview (= 5.0.0.beta1) - activesupport (= 5.0.0.beta1) + actionpack (5.0.0.beta1.1) + actionview (= 5.0.0.beta1.1) + activesupport (= 5.0.0.beta1.1) rack (~> 2.x) rack-test (~> 0.6.3) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0.beta1) - activesupport (= 5.0.0.beta1) + actionview (5.0.0.beta1.1) + activesupport (= 5.0.0.beta1.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.0.beta1) - activesupport (= 5.0.0.beta1) + activejob (5.0.0.beta1.1) + activesupport (= 5.0.0.beta1.1) globalid (>= 0.3.6) - activemodel (5.0.0.beta1) - activesupport (= 5.0.0.beta1) + activemodel (5.0.0.beta1.1) + activesupport (= 5.0.0.beta1.1) builder (~> 3.1) - activerecord (5.0.0.beta1) - activemodel (= 5.0.0.beta1) - activesupport (= 5.0.0.beta1) + activerecord (5.0.0.beta1.1) + activemodel (= 5.0.0.beta1.1) + activesupport (= 5.0.0.beta1.1) arel (~> 7.0) - activesupport (5.0.0.beta1) + activesupport (5.0.0.beta1.1) concurrent-ruby (~> 1.0) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) @@ -79,7 +79,7 @@ GEM arel (7.0.0) bcrypt (3.1.10) builder (3.2.2) - celluloid (0.17.2) + celluloid (0.17.3) celluloid-essentials celluloid-extras celluloid-fsm @@ -108,7 +108,7 @@ GEM eventmachine (~> 1.0) hiredis (~> 0.5.0) erubis (2.7.0) - eventmachine (1.0.8) + eventmachine (1.0.9.1) execjs (2.6.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) @@ -131,13 +131,13 @@ GEM method_source (0.8.2) mime-types (2.99) mini_portile2 (2.0.0) - minitest (5.8.3) + minitest (5.8.4) mocha (1.1.0) metaclass (~> 0.0.1) multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.7.1) + nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) omniauth (1.3.1) hashie (>= 1.2, < 4) @@ -158,17 +158,17 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.0.beta1) - actioncable (= 5.0.0.beta1) - actionmailer (= 5.0.0.beta1) - actionpack (= 5.0.0.beta1) - actionview (= 5.0.0.beta1) - activejob (= 5.0.0.beta1) - activemodel (= 5.0.0.beta1) - activerecord (= 5.0.0.beta1) - activesupport (= 5.0.0.beta1) + rails (5.0.0.beta1.1) + actioncable (= 5.0.0.beta1.1) + actionmailer (= 5.0.0.beta1.1) + actionpack (= 5.0.0.beta1.1) + actionview (= 5.0.0.beta1.1) + activejob (= 5.0.0.beta1.1) + activemodel (= 5.0.0.beta1.1) + activerecord (= 5.0.0.beta1.1) + activesupport (= 5.0.0.beta1.1) bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.beta1) + railties (= 5.0.0.beta1.1) sprockets-rails (>= 2.0.0) rails-controller-testing (0.0.3) rails (>= 4.2) @@ -178,16 +178,16 @@ GEM activesupport (>= 4.2.0.beta, < 5.0) nokogiri (~> 1.6.0) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.2) + rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (5.0.0.beta1) - actionpack (= 5.0.0.beta1) - activesupport (= 5.0.0.beta1) + railties (5.0.0.beta1.1) + actionpack (= 5.0.0.beta1.1) + activesupport (= 5.0.0.beta1.1) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.4.2) - rdoc (4.2.0) + rake (10.5.0) + rdoc (4.2.1) redis (3.2.2) responders (2.1.1) railties (>= 4.2.0, < 5.1) @@ -231,7 +231,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (>= 1.2.0, < 1.5.0) omniauth-openid (~> 1.0.1) - rails (= 5.0.0.beta1) + rails (= 5.0.0.beta1.1) rails-controller-testing rdoc responders (~> 2.1.1) From 6008885152d4011cf82016b62e9613ca757f91cc Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 27 Jan 2016 13:32:34 -0200 Subject: [PATCH 0841/1473] Refactor `Rememberable.serialized_in_cookie?` to split class/instance API. We now expose a `remember_me?` instance method as internal API for the controller layer check if the remember me cookie is still valid. --- lib/devise/controllers/rememberable.rb | 4 +-- lib/devise/models/rememberable.rb | 40 ++++++++++---------------- 2 files changed, 17 insertions(+), 27 deletions(-) diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index a91209adec..a90614879e 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -12,8 +12,8 @@ def self.cookie_values def remember_me_is_active?(resource) return false unless resource.respond_to?(:remember_me) scope = Devise::Mapping.find_scope!(resource) - cookie = cookies.signed[remember_key(resource, scope)] - resource.class.serialized_in_cookie?(resource, *cookie) + _, token, generated_at = cookies.signed[remember_key(resource, scope)] + resource.remember_me?(token, generated_at) end # Remembers the given resource by setting up a cookie diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index e6102e4a46..3ecb1c76ff 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -96,6 +96,18 @@ def rememberable_options def after_remembered end + def remember_me?(token, generated_at) + # The token is only valid if: + # 1. we have a date + # 2. the current time does not pass the expiry period + # 3. the record has a remember_created_at date + # 4. the token date is bigger than the remember_created_at + # 5. the token matches + generated_at.is_a?(Time) && + (self.class.remember_for.ago < generated_at) && + (generated_at > (remember_created_at || Time.now).utc) && + Devise.secure_compare(rememberable_value, token) + end module ClassMethods # Create the cookie key using the record id and remember_token @@ -105,12 +117,10 @@ def serialize_into_cookie(record) # Recreate the user based on the stored cookie def serialize_from_cookie(*args) - serialize_from_cookie_with_or_without_record(nil, args) - end + id, token, generated_at = *args - # Check if the given record is the one serialized in cookie - def serialized_in_cookie?(record, *args) - !!serialize_from_cookie_with_or_without_record(record, args) + record = to_adapter.get(id) + record if record && record.remember_me?(token, generated_at) end # Generate a token checking if one does not already exist in the database. @@ -123,26 +133,6 @@ def remember_token #:nodoc: private - def serialize_from_cookie_with_or_without_record(record, args) - id, token, generated_at = args - - # The token is only valid if: - # 1. we have a date - # 2. the current time does not pass the expiry period - # 3. there is a record with the given id - # 4. the record has a remember_created_at date - # 5. the token date is bigger than the remember_created_at - # 6. the token matches - if generated_at.is_a?(Time) && - (self.remember_for.ago < generated_at) && - (record ||= to_adapter.get(id)) && (id == record.to_key) && - (generated_at > (record.remember_created_at || Time.now).utc) && - Devise.secure_compare(record.rememberable_value, token) - record - end - end - - # TODO: extend_remember_period is no longer used Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out) end From 3e80c9a80f23766eb70829d4f0c33e01f88b8613 Mon Sep 17 00:00:00 2001 From: Thomas Walpole Date: Wed, 27 Jan 2016 09:03:01 -0800 Subject: [PATCH 0842/1473] switch to oauth2 home repository --- gemfiles/Gemfile.rails-5.0-beta | 2 +- gemfiles/Gemfile.rails-5.0-beta.lock | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/gemfiles/Gemfile.rails-5.0-beta b/gemfiles/Gemfile.rails-5.0-beta index d78745f446..7a2fcec7be 100644 --- a/gemfiles/Gemfile.rails-5.0-beta +++ b/gemfiles/Gemfile.rails-5.0-beta @@ -4,7 +4,7 @@ gemspec path: '..' gem 'rails', '5.0.0.beta1.1' gem 'omniauth', '~>1.3.1' -gem 'oauth2', github: 'twalpole/oauth2', branch: 'rack_master' +gem 'oauth2', github: 'intridea/oauth2', branch: 'master' gem 'omniauth-oauth2', '>= 1.2.0', '< 1.5.0' gem 'rdoc' diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock index cd8923c2c0..2413c9f066 100644 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -1,3 +1,15 @@ +GIT + remote: git://github.com/intridea/oauth2.git + revision: 43e1fdd87e95a5b02438d5cce6a67e411afb5fec + branch: master + specs: + oauth2 (1.0.0) + faraday (>= 0.8, < 0.10) + jwt (~> 1.0, < 1.5.2) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + GIT remote: git://github.com/rails/activemodel-serializers-xml.git revision: 1f72d9507c91b1cda10d1d20eac2b74dd6d9d4b9 @@ -7,18 +19,6 @@ GIT activerecord activesupport -GIT - remote: git://github.com/twalpole/oauth2.git - revision: 38e5b4bfe29b7ef87e87a3f323a088914393cfb5 - branch: rack_master - specs: - oauth2 (1.0.0) - faraday (>= 0.8, < 0.10) - jwt (~> 1.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 2.0) - PATH remote: .. specs: @@ -122,7 +122,7 @@ GEM hitimes (1.2.3) i18n (0.7.0) json (1.8.3) - jwt (1.5.2) + jwt (1.5.1) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.3) From ffe9d6d406e79108cf32a2c6a1d0b3828849c40b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 28 Jan 2016 11:10:15 -0200 Subject: [PATCH 0843/1473] Fix Symbol syntax on ParameterSanitizer deprecation message. --- lib/devise/parameter_sanitizer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index ad01ac738f..d34d32c207 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -190,7 +190,7 @@ def deprecate_for_without_block(action) Please use the `permit` method to add or remove any key: To add any new key, use the `keys` keyword argument: - devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, param2, param3]) + devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3]) To remove any existing key, use the `except` keyword argument: devise_parameter_sanitizer.permit(:#{action}, except: [:email]) From 7d81731d4f46c90ed9e7a1cf67e4721e757a6567 Mon Sep 17 00:00:00 2001 From: schneems Date: Fri, 29 Jan 2016 10:56:13 -0600 Subject: [PATCH 0844/1473] [close 3925] Fix version for older Bundler compat --- lib/devise/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 0e32a6a3a7..441f73f739 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.0.0-dev".freeze + VERSION = "4.0.0.dev".freeze end From 7bff3be8696f7d3375bb76643ab7fd9b69fdd899 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 28 Jan 2016 15:01:06 -0200 Subject: [PATCH 0845/1473] Attempt to coerce the `generated_at` cookie to a `Time` object. Time objects aren't properly coerced back when using the JSON cookie serialization, so we need to do it ourselves. To avoid any new JSON serialization issues, we now store the `generated_at` as an String with the timestamp seconds + miliseconds in the cookie but still the previous JSON encoded format. Thanks to @boblail at https://github.com/plataformatec/devise/pull/3917 for the initial patch. --- lib/devise/models/rememberable.rb | 18 +++++++++++++++++- test/models/rememberable_test.rb | 8 +++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 3ecb1c76ff..77393f5291 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -97,6 +97,12 @@ def after_remembered end def remember_me?(token, generated_at) + # TODO: Normalize the JSON type coercion along with the Timeoutable hook + # in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18 + if generated_at.is_a?(String) + generated_at = time_from_json(generated_at) + end + # The token is only valid if: # 1. we have a date # 2. the current time does not pass the expiry period @@ -109,10 +115,20 @@ def remember_me?(token, generated_at) Devise.secure_compare(rememberable_value, token) end + private + + def time_from_json(value) + if value =~ /\A\d+\.\d+\Z/ + Time.at(value.to_f) + else + Time.parse(value) rescue nil + end + end + module ClassMethods # Create the cookie key using the record id and remember_token def serialize_into_cookie(record) - [record.to_key, record.rememberable_value, Time.now.utc] + [record.to_key, record.rememberable_value, Time.now.utc.to_f.to_s] end # Recreate the user based on the stored cookie diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 7a04cfc666..055a778bf0 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -37,7 +37,7 @@ def create_resource id, token, date = User.serialize_into_cookie(user) assert_equal id, user.to_key assert_equal token, user.authenticatable_salt - assert date.is_a?(Time) + assert date.is_a?(String) end test 'serialize from cookie' do @@ -46,6 +46,12 @@ def create_resource assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc) end + test 'serialize from cookie should accept a String with the datetime seconds and microseconds' do + user = create_user + user.remember_me! + assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc.to_f.to_json) + end + test 'serialize from cookie should return nil with invalid datetime' do user = create_user user.remember_me! From 91f93b38eef691e510e66f92f10d75e6f3be06de Mon Sep 17 00:00:00 2001 From: Gustavo Villa Date: Sat, 30 Jan 2016 14:20:32 -0300 Subject: [PATCH 0846/1473] Remove optional parenthesis. --- lib/generators/active_record/templates/migration.rb | 2 +- lib/generators/active_record/templates/migration_existing.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/generators/active_record/templates/migration.rb b/lib/generators/active_record/templates/migration.rb index 62725d7f20..cf7b1dcf3b 100644 --- a/lib/generators/active_record/templates/migration.rb +++ b/lib/generators/active_record/templates/migration.rb @@ -1,6 +1,6 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration def change - create_table(:<%= table_name %>) do |t| + create_table :<%= table_name %> do |t| <%= migration_data -%> <% attributes.each do |attribute| -%> diff --git a/lib/generators/active_record/templates/migration_existing.rb b/lib/generators/active_record/templates/migration_existing.rb index 0dfba15d42..b6db505b4b 100644 --- a/lib/generators/active_record/templates/migration_existing.rb +++ b/lib/generators/active_record/templates/migration_existing.rb @@ -1,6 +1,6 @@ class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration def self.up - change_table(:<%= table_name %>) do |t| + change_table :<%= table_name %> do |t| <%= migration_data -%> <% attributes.each do |attribute| -%> From 8edee143e88d1af0ab959e8c74677a89fef46bb5 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 31 Jan 2016 17:01:52 -0200 Subject: [PATCH 0847/1473] Prep for 4.0.0.rc1 release. --- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 4 ++-- gemfiles/Gemfile.rails-4.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.0-beta.lock | 4 ++-- lib/devise/version.rb | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c4f65daf67..8f25c124e2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (4.0.0.pre.dev) + devise (4.0.0.rc1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -154,7 +154,7 @@ GEM thread_safe (0.3.5) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.4) + warden (1.2.6) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index dd73859d98..2b94058c7a 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.0.0.pre.dev) + devise (4.0.0.rc1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -138,7 +138,7 @@ GEM thread_safe (0.3.5) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.4) + warden (1.2.6) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 89949311a3..06cb5a1b83 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -58,7 +58,7 @@ GIT PATH remote: .. specs: - devise (4.0.0.pre.dev) + devise (4.0.0.rc1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -160,7 +160,7 @@ GEM thread_safe (0.3.5) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.4) + warden (1.2.6) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock index 2413c9f066..af77722683 100644 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -22,7 +22,7 @@ GIT PATH remote: .. specs: - devise (4.0.0.pre.dev) + devise (4.0.0.rc1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -206,7 +206,7 @@ GEM hitimes tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.4) + warden (1.2.6) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 441f73f739..ff1ff0463c 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.0.0.dev".freeze + VERSION = "4.0.0.rc1".freeze end From aab7610808287602115804409ffb485d65df6899 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 1 Feb 2016 09:20:42 -0200 Subject: [PATCH 0848/1473] Release 4.0.0.rc1. --- CHANGELOG.md | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c312f257e..66433afb2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,43 @@ -### (4.0.0) Unreleased +### 4.0.0.rc1 - 2016-01-02 * Support added to Rails 5 (by @twalpole). * Devise no longer supports Rails 3.2 and 4.0. * Devise no longer supports Ruby 1.9 and 2.0. -Please check [3-stable](https://github.com/plataformatec/devise/blob/3-stable/CHANGELOG.md) for previous changes. +* deprecations + * The `devise_parameter_sanitize` API has changed: + The `for` method was deprecated in favor of `permit`: + + ```ruby + def configure_permitted_parameters + devise_parameter_sanitizer.for(:sign_up) << :subscribe_newsletter + # Should become the following. + devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter]) + end + ``` + + The customization through instance methods on the sanitizer implementation + should be done through it's `initialize` method: + + ```ruby + class User::ParameterSanitizer < Devise::ParameterSanitizer + def sign_up + default_params.permit(:username, :email) + end + end + + # The `sign_up` method can be a `permit` call on the sanitizer `initialize`. + + class User::ParameterSanitizer < Devise::ParameterSanitizer + def initialize(*) + super + permit(:sign_up, keys: [:username, :email]) + end + end + ``` + + You can check more examples and explanations on the [README section](/plataformatec/devise#strong-parameters) + and on the [ParameterSanitizer docs](lib/devise/parameter_sanitizer.rb). + +Please check [3-stable](https://github.com/plataformatec/devise/blob/3-stable/CHANGELOG.md) +for previous changes. From 17d6a74909694d73a85415599aaeabe919ed7464 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 1 Feb 2016 10:39:10 -0200 Subject: [PATCH 0849/1473] `oauth2` 1.1.0 is out. --- gemfiles/Gemfile.rails-5.0-beta | 2 +- gemfiles/Gemfile.rails-5.0-beta.lock | 20 +++++++------------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/gemfiles/Gemfile.rails-5.0-beta b/gemfiles/Gemfile.rails-5.0-beta index 7a2fcec7be..c85bce0f29 100644 --- a/gemfiles/Gemfile.rails-5.0-beta +++ b/gemfiles/Gemfile.rails-5.0-beta @@ -4,7 +4,7 @@ gemspec path: '..' gem 'rails', '5.0.0.beta1.1' gem 'omniauth', '~>1.3.1' -gem 'oauth2', github: 'intridea/oauth2', branch: 'master' +gem 'oauth2' gem 'omniauth-oauth2', '>= 1.2.0', '< 1.5.0' gem 'rdoc' diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock index af77722683..6f5ff4fe48 100644 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -1,15 +1,3 @@ -GIT - remote: git://github.com/intridea/oauth2.git - revision: 43e1fdd87e95a5b02438d5cce6a67e411afb5fec - branch: master - specs: - oauth2 (1.0.0) - faraday (>= 0.8, < 0.10) - jwt (~> 1.0, < 1.5.2) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - GIT remote: git://github.com/rails/activemodel-serializers-xml.git revision: 1f72d9507c91b1cda10d1d20eac2b74dd6d9d4b9 @@ -139,6 +127,12 @@ GEM multipart-post (2.0.0) nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) + oauth2 (1.1.0) + faraday (>= 0.8, < 0.10) + jwt (~> 1.0, < 1.5.2) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) omniauth (1.3.1) hashie (>= 1.2, < 4) rack (>= 1.0, < 3) @@ -226,7 +220,7 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 1.1) - oauth2! + oauth2 omniauth (~> 1.3.1) omniauth-facebook omniauth-oauth2 (>= 1.2.0, < 1.5.0) From beb8cc8e0bb30ae1c76fcf8ac99101c19a9d25fa Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 2 Feb 2016 14:28:34 -0200 Subject: [PATCH 0850/1473] Test against Rails 5 beta 2. --- gemfiles/Gemfile.rails-5.0-beta | 2 +- gemfiles/Gemfile.rails-5.0-beta.lock | 113 +++++++++------------------ test/test_helpers_test.rb | 4 +- 3 files changed, 39 insertions(+), 80 deletions(-) diff --git a/gemfiles/Gemfile.rails-5.0-beta b/gemfiles/Gemfile.rails-5.0-beta index c85bce0f29..81a2cc1a43 100644 --- a/gemfiles/Gemfile.rails-5.0-beta +++ b/gemfiles/Gemfile.rails-5.0-beta @@ -2,7 +2,7 @@ source 'https://rubygems.org' gemspec path: '..' -gem 'rails', '5.0.0.beta1.1' +gem 'rails', '5.0.0.beta2' gem 'omniauth', '~>1.3.1' gem 'oauth2' gem 'omniauth-oauth2', '>= 1.2.0', '< 1.5.0' diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock index 6f5ff4fe48..f68710be77 100644 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -20,44 +20,39 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.0.0.beta1.1) - actionpack (= 5.0.0.beta1.1) - celluloid (~> 0.17.2) - coffee-rails (~> 4.1.0) - em-hiredis (~> 0.3.0) - faye-websocket (~> 0.10.0) - redis (~> 3.0) + actioncable (5.0.0.beta2) + actionpack (= 5.0.0.beta2) + nio4r (~> 1.2) websocket-driver (~> 0.6.1) - actionmailer (5.0.0.beta1.1) - actionpack (= 5.0.0.beta1.1) - actionview (= 5.0.0.beta1.1) - activejob (= 5.0.0.beta1.1) + actionmailer (5.0.0.beta2) + actionpack (= 5.0.0.beta2) + actionview (= 5.0.0.beta2) + activejob (= 5.0.0.beta2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (5.0.0.beta1.1) - actionview (= 5.0.0.beta1.1) - activesupport (= 5.0.0.beta1.1) + actionpack (5.0.0.beta2) + actionview (= 5.0.0.beta2) + activesupport (= 5.0.0.beta2) rack (~> 2.x) rack-test (~> 0.6.3) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0.beta1.1) - activesupport (= 5.0.0.beta1.1) + actionview (5.0.0.beta2) + activesupport (= 5.0.0.beta2) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.0.beta1.1) - activesupport (= 5.0.0.beta1.1) + activejob (5.0.0.beta2) + activesupport (= 5.0.0.beta2) globalid (>= 0.3.6) - activemodel (5.0.0.beta1.1) - activesupport (= 5.0.0.beta1.1) - builder (~> 3.1) - activerecord (5.0.0.beta1.1) - activemodel (= 5.0.0.beta1.1) - activesupport (= 5.0.0.beta1.1) + activemodel (5.0.0.beta2) + activesupport (= 5.0.0.beta2) + activerecord (5.0.0.beta2) + activemodel (= 5.0.0.beta2) + activesupport (= 5.0.0.beta2) arel (~> 7.0) - activesupport (5.0.0.beta1.1) + activesupport (5.0.0.beta2) concurrent-ruby (~> 1.0) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) @@ -67,47 +62,13 @@ GEM arel (7.0.0) bcrypt (3.1.10) builder (3.2.2) - celluloid (0.17.3) - celluloid-essentials - celluloid-extras - celluloid-fsm - celluloid-pool - celluloid-supervision - timers (>= 4.1.1) - celluloid-essentials (0.20.5) - timers (>= 4.1.1) - celluloid-extras (0.20.5) - timers (>= 4.1.1) - celluloid-fsm (0.20.5) - timers (>= 4.1.1) - celluloid-pool (0.20.5) - timers (>= 4.1.1) - celluloid-supervision (0.20.5) - timers (>= 4.1.1) - coffee-rails (4.1.1) - coffee-script (>= 2.2.0) - railties (>= 4.0.0, < 5.1.x) - coffee-script (2.4.1) - coffee-script-source - execjs - coffee-script-source (1.10.0) concurrent-ruby (1.0.0) - em-hiredis (0.3.0) - eventmachine (~> 1.0) - hiredis (~> 0.5.0) erubis (2.7.0) - eventmachine (1.0.9.1) - execjs (2.6.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) - faye-websocket (0.10.2) - eventmachine (>= 0.12.0) - websocket-driver (>= 0.5.1) globalid (0.3.6) activesupport (>= 4.1.0) hashie (3.4.3) - hiredis (0.5.2) - hitimes (1.2.3) i18n (0.7.0) json (1.8.3) jwt (1.5.1) @@ -125,6 +86,7 @@ GEM multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) + nio4r (1.2.1) nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) oauth2 (1.1.0) @@ -152,17 +114,17 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.0.beta1.1) - actioncable (= 5.0.0.beta1.1) - actionmailer (= 5.0.0.beta1.1) - actionpack (= 5.0.0.beta1.1) - actionview (= 5.0.0.beta1.1) - activejob (= 5.0.0.beta1.1) - activemodel (= 5.0.0.beta1.1) - activerecord (= 5.0.0.beta1.1) - activesupport (= 5.0.0.beta1.1) + rails (5.0.0.beta2) + actioncable (= 5.0.0.beta2) + actionmailer (= 5.0.0.beta2) + actionpack (= 5.0.0.beta2) + actionview (= 5.0.0.beta2) + activejob (= 5.0.0.beta2) + activemodel (= 5.0.0.beta2) + activerecord (= 5.0.0.beta2) + activesupport (= 5.0.0.beta2) bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.beta1.1) + railties (= 5.0.0.beta2) sprockets-rails (>= 2.0.0) rails-controller-testing (0.0.3) rails (>= 4.2) @@ -174,30 +136,27 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (5.0.0.beta1.1) - actionpack (= 5.0.0.beta1.1) - activesupport (= 5.0.0.beta1.1) + railties (5.0.0.beta2) + actionpack (= 5.0.0.beta2) + activesupport (= 5.0.0.beta2) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.5.0) rdoc (4.2.1) - redis (3.2.2) responders (2.1.1) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.0.0) + sprockets-rails (3.0.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.11) thor (0.19.1) thread_safe (0.3.5) - timers (4.1.1) - hitimes tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.6) @@ -225,7 +184,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (>= 1.2.0, < 1.5.0) omniauth-openid (~> 1.0.1) - rails (= 5.0.0.beta1.1) + rails (= 5.0.0.beta2) rails-controller-testing rdoc responders (~> 2.1.1) diff --git a/test/test_helpers_test.rb b/test/test_helpers_test.rb index 31230e3552..374c2dba30 100644 --- a/test/test_helpers_test.rb +++ b/test/test_helpers_test.rb @@ -68,13 +68,13 @@ class TestHelpersTest < Devise::ControllerTestCase test "respects custom failure app" do custom_failure_app = Class.new(Devise::FailureApp) do def redirect - self.status = 306 + self.status = 300 end end swap Devise.warden_config, failure_app: custom_failure_app do get :index - assert_response 306 + assert_response 300 end end From f2d7b8f740dacd535966274374b14c7a8948699c Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Tue, 2 Feb 2016 19:00:17 +0100 Subject: [PATCH 0851/1473] Spell verb *set up* with a space The verb *set up* is spelled with a space [1]. ``` $ git grep -l 'to setup' | xargs sed -i 's/to setup/to set up/g' $ git grep -l '# Setup' | xargs sed -i 's/# Setup/# Set up/g' $ git grep -l "test 'setup" | xargs sed -i "s/test 'setup/test 'set up/g" ``` Revert the change for *setup block yields self*. Change the rest manually. [1] http://www.merriam-webster.com/dictionary/set%20up --- app/controllers/devise_controller.rb | 2 +- lib/devise.rb | 2 +- lib/devise/controllers/helpers.rb | 2 +- lib/devise/mailers/helpers.rb | 2 +- lib/devise/models/confirmable.rb | 2 +- lib/devise/models/lockable.rb | 2 +- lib/devise/rails/routes.rb | 8 ++++---- lib/devise/test_helpers.rb | 2 +- lib/generators/templates/devise.rb | 2 +- test/failure_app_test.rb | 2 +- test/mailers/confirmation_instructions_test.rb | 12 ++++++------ test/mailers/reset_password_instructions_test.rb | 10 +++++----- test/mailers/unlock_instructions_test.rb | 10 +++++----- test/rails_app/config/initializers/devise.rb | 2 +- 14 files changed, 30 insertions(+), 30 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 493d524899..ab159b3142 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -133,7 +133,7 @@ def successfully_sent?(resource) end # Sets the flash message with :key, using I18n. By default you are able - # to setup your messages using specific resource scope, and if no message is + # to set up your messages using specific resource scope, and if no message is # found we look to the default scope. Set the "now" options key to a true # value to populate the flash.now hash in lieu of the default flash hash (so # the flash message will be available to the current action instead of the diff --git a/lib/devise.rb b/lib/devise.rb index d80c977a90..4652c1ab58 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -276,7 +276,7 @@ module Strategies mattr_accessor :token_generator @@token_generator = nil - # Default way to setup Devise. Run rails generate devise_install to create + # Default way to set up Devise. Run rails generate devise_install to create # a fresh initializer with all configuration values. def self.setup yield self diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 702744f016..a23f4020c2 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -150,7 +150,7 @@ def devise_controller? is_a?(::DeviseController) end - # Setup a param sanitizer to filter parameters using strong_parameters. See + # Set up a param sanitizer to filter parameters using strong_parameters. See # lib/devise/parameter_sanitizer.rb for more info. Override this # method in your application controller to use your own parameter sanitizer. def devise_parameter_sanitizer diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 60bf612b3f..79c7c72fc3 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -64,7 +64,7 @@ def template_paths template_path end - # Setup a subject doing an I18n lookup. At first, it attempts to set a subject + # Set up a subject doing an I18n lookup. At first, it attempts to set a subject # based on the current mapping: # # en: diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index e2f3cddb90..76d4e15bb4 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -24,7 +24,7 @@ module Models # By default allow_unconfirmed_access_for is zero, it means users always have to confirm to sign in. # * +reconfirmable+: requires any email changes to be confirmed (exactly the same way as # initial account confirmation) to be applied. Requires additional unconfirmed_email - # db field to be setup (t.reconfirmable in migrations). Until confirmed, new email is + # db field to be set up (t.reconfirmable in migrations). Until confirmed, new email is # stored in unconfirmed email column, and copied to email column on successful # confirmation. # * +confirm_within+: the time before a sent confirmation token becomes invalid. diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 803ea04381..38b5fd5ce8 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -7,7 +7,7 @@ module Models # blocked: email and time. The former will send an email to the user when # the lock happens, containing a link to unlock its account. The second # will unlock the user automatically after some configured time (ie 2.hours). - # It's also possible to setup lockable to use both email and time strategies. + # It's also possible to set up lockable to use both email and time strategies. # # == Options # diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 5041c02bc5..e52b3062db 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -87,17 +87,17 @@ class Mapper # # You can configure your routes with some options: # - # * class_name: setup a different class to be looked up by devise, if it cannot be + # * class_name: set up a different class to be looked up by devise, if it cannot be # properly found by the route name. # # devise_for :users, class_name: 'Account' # - # * path: allows you to setup path name that will be used, as rails routes does. - # The following route configuration would setup your route as /accounts instead of /users: + # * path: allows you to set up path name that will be used, as rails routes does. + # The following route configuration would set up your route as /accounts instead of /users: # # devise_for :users, path: 'accounts' # - # * singular: setup the singular name for the given resource. This is used as the helper methods + # * singular: set up the singular name for the given resource. This is used as the helper methods # names in controller ("authenticate_#{singular}!", "#{singular}_signed_in?", "current_#{singular}" # and "#{singular}_session"), as the scope name in routes and as the scope given to warden. # diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index 36f440c0fe..7d97147ba3 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -22,7 +22,7 @@ def process(*) @response end - # We need to setup the environment variables and the response in the controller. + # We need to set up the environment variables and the response in the controller. def setup_controller_for_warden #:nodoc: @request.env['action_controller.instance'] = @controller end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 62f31b100e..818eebe553 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -101,7 +101,7 @@ # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). config.stretches = Rails.env.test? ? 1 : 10 - # Setup a pepper to generate the encrypted password. + # Set up a pepper to generate the encrypted password. # config.pepper = '<%= SecureRandom.hex(64) %>' # Send a notification email when the user's password is changed diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 8919654a39..524850eb70 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -160,7 +160,7 @@ def call_failure(env_params={}) assert_equal 'text/html; charset=utf-8', @response.second['Content-Type'] end - test 'setup a default message' do + test 'set up a default message' do call_failure assert_match(/You are being/, @response.last.body) assert_match(/redirected/, @response.last.body) diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index ef8d496283..f929ba43f2 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -37,16 +37,16 @@ def mail assert_equal [user.email], mail.to end - test 'setup sender from configuration' do + test 'set up sender from configuration' do assert_equal ['test@example.com'], mail.from end - test 'setup sender from custom mailer defaults' do + test 'set up sender from custom mailer defaults' do Devise.mailer = 'Users::Mailer' assert_equal ['custom@example.com'], mail.from end - test 'setup sender from custom mailer defaults with proc' do + test 'set up sender from custom mailer defaults with proc' do Devise.mailer = 'Users::FromProcMailer' assert_equal ['custom@example.com'], mail.from end @@ -56,17 +56,17 @@ def mail assert_present mail.body.encoded end - test 'setup reply to as copy from sender' do + test 'set up reply to as copy from sender' do assert_equal ['test@example.com'], mail.reply_to end - test 'setup reply to as different if set in defaults' do + test 'set up reply to as different if set in defaults' do Devise.mailer = 'Users::ReplyToMailer' assert_equal ['custom@example.com'], mail.from assert_equal ['custom_reply_to@example.com'], mail.reply_to end - test 'setup subject from I18n' do + test 'set up subject from I18n' do store_translations :en, devise: { mailer: { confirmation_instructions: { subject: 'Account Confirmation' } } } do assert_equal 'Account Confirmation', mail.subject end diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 4a95c9a034..511cadd324 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -39,16 +39,16 @@ def mail assert_equal [user.email], mail.to end - test 'setup sender from configuration' do + test 'set up sender from configuration' do assert_equal ['test@example.com'], mail.from end - test 'setup sender from custom mailer defaults' do + test 'set up sender from custom mailer defaults' do Devise.mailer = 'Users::Mailer' assert_equal ['custom@example.com'], mail.from end - test 'setup sender from custom mailer defaults with proc' do + test 'set up sender from custom mailer defaults with proc' do Devise.mailer = 'Users::FromProcMailer' assert_equal ['custom@example.com'], mail.from end @@ -58,11 +58,11 @@ def mail assert_present mail.body.encoded end - test 'setup reply to as copy from sender' do + test 'set up reply to as copy from sender' do assert_equal ['test@example.com'], mail.reply_to end - test 'setup subject from I18n' do + test 'set up subject from I18n' do store_translations :en, devise: { mailer: { reset_password_instructions: { subject: 'Reset instructions' } } } do assert_equal 'Reset instructions', mail.subject end diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 38948366e0..32b998f3c8 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -40,16 +40,16 @@ def mail assert_equal [user.email], mail.to end - test 'setup sender from configuration' do + test 'set up sender from configuration' do assert_equal ['test@example.com'], mail.from end - test 'setup sender from custom mailer defaults' do + test 'set up sender from custom mailer defaults' do Devise.mailer = 'Users::Mailer' assert_equal ['custom@example.com'], mail.from end - test 'setup sender from custom mailer defaults with proc' do + test 'set up sender from custom mailer defaults with proc' do Devise.mailer = 'Users::FromProcMailer' assert_equal ['custom@example.com'], mail.from end @@ -59,11 +59,11 @@ def mail assert_present mail.body.encoded end - test 'setup reply to as copy from sender' do + test 'set up reply to as copy from sender' do assert_equal ['test@example.com'], mail.reply_to end - test 'setup subject from I18n' do + test 'set up subject from I18n' do store_translations :en, devise: { mailer: { unlock_instructions: { subject: 'Yo unlock instructions' } } } do assert_equal 'Yo unlock instructions', mail.subject end diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index a39c4504e4..d79e71f579 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -135,7 +135,7 @@ # reset. Defaults to true, so a user is signed in automatically after a reset. # config.sign_in_after_reset_password = true - # Setup a pepper to generate the encrypted password. + # Set up a pepper to generate the encrypted password. config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a" # ==> Scopes configuration From d3fa53151a80e408b1b5c75d4cecd00057defada Mon Sep 17 00:00:00 2001 From: Bogdan Date: Wed, 3 Feb 2016 22:09:38 +0200 Subject: [PATCH 0852/1473] change call deprecated method confirm! to confirm in test --- test/models/confirmable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 41512fd163..0411a12d4a 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -256,7 +256,7 @@ def setup user.instance_eval { def confirmation_required?; false end } user.confirmation_sent_at = nil user.save - assert user.reload.confirm! + assert user.reload.confirm end end From d9481ff9b8514bbaa42f79cc3e1cb9e591182b1f Mon Sep 17 00:00:00 2001 From: bogdanvlviv Date: Sat, 6 Feb 2016 20:37:31 +0200 Subject: [PATCH 0853/1473] Update confirmable_test.rb --- test/models/confirmable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 41512fd163..4f0e165035 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -188,7 +188,7 @@ def setup test 'confirm time should fallback to devise confirm in default configuration' do swap Devise, allow_unconfirmed_access_for: 1.day do - user = new_user + user = create_user user.confirmation_sent_at = 2.days.ago assert_not user.active_for_authentication? From 1dd315ce1d0fa17e8ded0f22d344ab134eb4389c Mon Sep 17 00:00:00 2001 From: Simon Knight Date: Tue, 9 Feb 2016 13:29:42 +0000 Subject: [PATCH 0854/1473] Added clarity to documentation regarding where to place test helpers for functional tests --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fd1db05324..41e0285758 100644 --- a/README.md +++ b/README.md @@ -412,7 +412,7 @@ Caution: Devise Controllers inherit from ApplicationController. If your app uses ### Test helpers -Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file: +Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of ActiveSupport::TestCase which is the default class inside of 'test/test_helper.rb): ```ruby class ActionController::TestCase From c4b441151300b86ec7ebbb973b88fad9689617c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?George=20Guimara=CC=83es?= Date: Wed, 10 Feb 2016 17:00:49 -0200 Subject: [PATCH 0855/1473] Change encryption for hashing in the documentation. Throughout the documentations, we are using 'encrypt' incorrectly. Encrypt means that someone will eventually decrypt the message, which is obviously not the case for Devise. I'm changing the docs to use 'hashing' instead. However, I left the database field as `encrypted_password` for now. I'll update the db field in an upcoming PR. --- README.md | 4 ++-- lib/devise.rb | 4 ++-- lib/devise/encryptor.rb | 8 ++++---- lib/devise/models/database_authenticatable.rb | 12 +++++++----- .../strategies/database_authenticatable.rb | 6 +++--- lib/generators/templates/devise.rb | 16 ++++++++-------- test/models/database_authenticatable_test.rb | 12 ++++++------ test/test_models.rb | 2 +- 8 files changed, 33 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index fd1db05324..6603eebef8 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: -* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. * [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support. * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. @@ -174,7 +174,7 @@ member_session ### Configuring Models -The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the encryption algorithm with: +The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with: ```ruby devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20 diff --git a/lib/devise.rb b/lib/devise.rb index 4652c1ab58..dca9af6cd4 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -61,7 +61,7 @@ module Strategies mattr_accessor :rememberable_options @@rememberable_options = {} - # The number of times to encrypt password. + # The number of times to hash the password. mattr_accessor :stretches @@stretches = 10 @@ -146,7 +146,7 @@ module Strategies mattr_accessor :timeout_in @@timeout_in = 30.minutes - # Used to encrypt password. Please generate one with rake secret. + # Used to hash the password. Please generate one with rake secret. mattr_accessor :pepper @@pepper = nil diff --git a/lib/devise/encryptor.rb b/lib/devise/encryptor.rb index 751db10682..19651d7b4d 100644 --- a/lib/devise/encryptor.rb +++ b/lib/devise/encryptor.rb @@ -9,14 +9,14 @@ def self.digest(klass, password) ::BCrypt::Password.create(password, cost: klass.stretches).to_s end - def self.compare(klass, encrypted_password, password) - return false if encrypted_password.blank? - bcrypt = ::BCrypt::Password.new(encrypted_password) + def self.compare(klass, hashed_password, password) + return false if hashed_password.blank? + bcrypt = ::BCrypt::Password.new(hashed_password) if klass.pepper.present? password = "#{password}#{klass.pepper}" end password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt) - Devise.secure_compare(password, encrypted_password) + Devise.secure_compare(password, hashed_password) end end end diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 27a8646d6a..2816a813ad 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -7,8 +7,8 @@ def self.bcrypt(klass, password) end module Models - # Authenticatable Module, responsible for encrypting password and validating - # authenticity of a user while signing in. + # Authenticatable Module, responsible for hashing the password and + # validating the authenticity of a user while signing in. # # == Options # @@ -37,7 +37,9 @@ def self.required_fields(klass) [:encrypted_password] + klass.authentication_keys end - # Generates password encryption based on the given value. + # Generates a hashed password based on the given value. + # For legacy reasons, we use `encrypted_password` to store + # the hashed password. def password=(new_password) attribute_will_change! 'password' @password = new_password @@ -142,11 +144,11 @@ def send_password_change_notification protected - # Digests the password using bcrypt. Custom encryption should override + # Hashes the password using bcrypt. Custom hash functions should override # this method to apply their own algorithm. # # See https://github.com/plataformatec/devise-encryptable for examples - # of other encryption engines. + # of other hashing engines. def password_digest(password) Devise::Encryptor.digest(self.class, password) end diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index 42880acfb1..3d8f40726d 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -6,15 +6,15 @@ module Strategies class DatabaseAuthenticatable < Authenticatable def authenticate! resource = password.present? && mapping.to.find_for_database_authentication(authentication_hash) - encrypted = false + hashed = false - if validate(resource){ encrypted = true; resource.valid_password?(password) } + if validate(resource){ hashed = true; resource.valid_password?(password) } remember_me(resource) resource.after_database_authentication success!(resource) end - mapping.to.new.password = password if !encrypted && Devise.paranoid + mapping.to.new.password = password if !hashed && Devise.paranoid fail(:not_found_in_database) unless resource end end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 818eebe553..64a22c8982 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -92,16 +92,16 @@ # ==> Configuration for :database_authenticatable # For bcrypt, this is the cost for hashing the password and defaults to 10. If - # using other encryptors, it sets how many times you want the password re-encrypted. + # using other algorithms, it sets how many times you want the password to be hashed. # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use # a value less than 10 in other environments. Note that, for bcrypt (the default - # encryptor), the cost increases exponentially with the number of stretches (e.g. + # algorithm), the cost increases exponentially with the number of stretches (e.g. # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). config.stretches = Rails.env.test? ? 1 : 10 - # Set up a pepper to generate the encrypted password. + # Set up a pepper to generate the hashed password. # config.pepper = '<%= SecureRandom.hex(64) %>' # Send a notification email when the user's password is changed @@ -201,11 +201,11 @@ # config.sign_in_after_reset_password = true # ==> Configuration for :encryptable - # Allow you to use another encryption algorithm besides bcrypt (default). You can use - # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, - # :authlogic_sha512 (then you should set stretches above to 20 for default behavior) - # and :restful_authentication_sha1 (then you should set stretches to 10, and copy - # REST_AUTH_SITE_KEY to pepper). + # Allow you to use another hashing or encryption algorithm besides bcrypt (default). + # You can use :sha1, :sha512 or algorithms from others authentication tools as + # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20 + # for default behavior) and :restful_authentication_sha1 (then you should set + # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). # # Require the `devise-encryptable` gem when using anything other than bcrypt # config.encryptor = :sha512 diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 5daca4248f..8c12d93c89 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -92,28 +92,28 @@ def setup assert user.respond_to?(:password_confirmation) end - test 'should generate encrypted password while setting password' do + test 'should generate a hashed password while setting password' do user = new_user assert_present user.encrypted_password end - test 'should support custom encryption methods' do - user = UserWithCustomEncryption.new(password: '654321') + test 'should support custom hashing methods' do + user = UserWithCustomHashing.new(password: '654321') assert_equal user.encrypted_password, '123456' end - test 'allow authenticatable_salt to work even with nil encrypted password' do + test 'allow authenticatable_salt to work even with nil hashed password' do user = User.new user.encrypted_password = nil assert_nil user.authenticatable_salt end - test 'should not generate encrypted password if password is blank' do + test 'should not generate a hashed password if password is blank' do assert_blank new_user(password: nil).encrypted_password assert_blank new_user(password: '').encrypted_password end - test 'should encrypt password again if password has changed' do + test 'should hash password again if password has changed' do user = create_user encrypted_password = user.encrypted_password user.password = user.password_confirmation = 'new_password' diff --git a/test/test_models.rb b/test/test_models.rb index 3c1f1787a5..d65648d901 100644 --- a/test/test_models.rb +++ b/test/test_models.rb @@ -12,7 +12,7 @@ class UserWithValidation < User validates_presence_of :username end -class UserWithCustomEncryption < User +class UserWithCustomHashing < User protected def password_digest(password) password.reverse From 79e861b52b7a98513f203956386f53f098d6c80e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?George=20Guimara=CC=83es?= Date: Wed, 10 Feb 2016 17:20:36 -0200 Subject: [PATCH 0856/1473] Reorder travis builds to prioritize newer ruby and rails versions --- .travis.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 53d97b5c96..0d40603ba7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,15 +1,15 @@ language: ruby rvm: - - 2.1.5 - - 2.2.4 - 2.3.0 + - 2.2.4 + - 2.1.5 gemfile: + - Gemfile + - gemfiles/Gemfile.rails-5.0-beta - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable - - gemfiles/Gemfile.rails-5.0-beta - - Gemfile matrix: exclude: @@ -26,8 +26,8 @@ cache: bundler env: matrix: - - DEVISE_ORM=mongoid - DEVISE_ORM=active_record + - DEVISE_ORM=mongoid before_install: "rm ${BUNDLE_GEMFILE}.lock" From 4b8ea5d0f0438b8b9d078580a1f95df07037705d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?George=20Guimara=CC=83es?= Date: Wed, 10 Feb 2016 18:37:16 -0200 Subject: [PATCH 0857/1473] Updates the development/testing dependencies --- Gemfile | 2 +- Gemfile.lock | 69 ++++++++++++++++++++++++++-------------------------- 2 files changed, 36 insertions(+), 35 deletions(-) diff --git a/Gemfile b/Gemfile index 7dd8be4883..f43190b539 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "4.2.2" +gem "rails", "~> 4.2.5" gem "omniauth", "~> 1.2.0" gem "omniauth-oauth2", "~> 1.1.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 8f25c124e2..a605993aee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,36 +11,36 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.2) - actionpack (= 4.2.2) - actionview (= 4.2.2) - activejob (= 4.2.2) + actionmailer (4.2.5.1) + actionpack (= 4.2.5.1) + actionview (= 4.2.5.1) + activejob (= 4.2.5.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.2) - actionview (= 4.2.2) - activesupport (= 4.2.2) + actionpack (4.2.5.1) + actionview (= 4.2.5.1) + activesupport (= 4.2.5.1) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.1) - actionview (4.2.2) - activesupport (= 4.2.2) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (4.2.5.1) + activesupport (= 4.2.5.1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.1) - activejob (4.2.2) - activesupport (= 4.2.2) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + activejob (4.2.5.1) + activesupport (= 4.2.5.1) globalid (>= 0.3.0) - activemodel (4.2.2) - activesupport (= 4.2.2) + activemodel (4.2.5.1) + activesupport (= 4.2.5.1) builder (~> 3.1) - activerecord (4.2.2) - activemodel (= 4.2.2) - activesupport (= 4.2.2) + activerecord (4.2.5.1) + activemodel (= 4.2.5.1) + activesupport (= 4.2.5.1) arel (~> 6.0) - activesupport (4.2.2) + activesupport (4.2.5.1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -113,16 +113,16 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (4.2.2) - actionmailer (= 4.2.2) - actionpack (= 4.2.2) - actionview (= 4.2.2) - activejob (= 4.2.2) - activemodel (= 4.2.2) - activerecord (= 4.2.2) - activesupport (= 4.2.2) + rails (4.2.5.1) + actionmailer (= 4.2.5.1) + actionpack (= 4.2.5.1) + actionview (= 4.2.5.1) + activejob (= 4.2.5.1) + activemodel (= 4.2.5.1) + activerecord (= 4.2.5.1) + activesupport (= 4.2.5.1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.2) + railties (= 4.2.5.1) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) @@ -132,20 +132,21 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (4.2.2) - actionpack (= 4.2.2) - activesupport (= 4.2.2) + railties (4.2.5.1) + actionpack (= 4.2.5.1) + activesupport (= 4.2.5.1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (10.5.0) - rdoc (4.2.1) + rdoc (4.2.2) + json (~> 1.4) responders (2.1.1) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.0.0) + sprockets-rails (3.0.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -175,7 +176,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.1.0) omniauth-openid (~> 1.0.1) - rails (= 4.2.2) + rails (~> 4.2.5) rdoc sqlite3 webrat (= 0.7.3) From b74235d4a1f97b9dc56b9f8bbff084a8e88834fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?George=20Guimara=CC=83es?= Date: Wed, 10 Feb 2016 18:43:33 -0200 Subject: [PATCH 0858/1473] Removes Hakiri, since it thinks Devise is a Rails app I'd like to remove the Hakiri badge from devise's README. Since we do check in Gemfile and Gemfile.lock for development and testing purposes (contrary to the popular belief that gems don't need those files), Hakiri thinks Devise is a Rails app, instead of a library/gem. Depending on the Rails version that is locked in Gemfile.lock, Hakiri will show several CVEs for Rails. But our Travis pipeline builds against several Rails' branches, all of them updated. And it is up to the developers using Devise to update Rails in their apps. Those warnings (Rails CVEs) don't make sense for devise. --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index fd1db05324..f0fd4f2c48 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,6 @@ By [Plataformatec](http://plataformatec.com.br/). [![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise) -[![Security](https://hakiri.io/github/plataformatec/devise/master.svg)](https://hakiri.io/github/plataformatec/devise/master) This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). From a371f03c51ba3210640695533140c57f0f5b5590 Mon Sep 17 00:00:00 2001 From: Simon Knight Date: Wed, 10 Feb 2016 21:11:57 +0000 Subject: [PATCH 0859/1473] Update README.md Added formatting to file. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 41e0285758..50592c138e 100644 --- a/README.md +++ b/README.md @@ -412,7 +412,7 @@ Caution: Devise Controllers inherit from ApplicationController. If your app uses ### Test helpers -Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of ActiveSupport::TestCase which is the default class inside of 'test/test_helper.rb): +Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of `ActiveSupport::TestCase` which is the default class inside of `test/test_helper.rb`): ```ruby class ActionController::TestCase From 18528650c3c63cb8829ec25acf06865027c07f3d Mon Sep 17 00:00:00 2001 From: oss92 Date: Thu, 11 Feb 2016 02:45:18 +0200 Subject: [PATCH 0860/1473] Added DeviseController#set_flash_message! --- CHANGELOG.md | 5 +++++ app/controllers/devise/confirmations_controller.rb | 2 +- app/controllers/devise/passwords_controller.rb | 4 ++-- app/controllers/devise/registrations_controller.rb | 6 +++--- app/controllers/devise/sessions_controller.rb | 6 +++--- app/controllers/devise/unlocks_controller.rb | 2 +- app/controllers/devise_controller.rb | 9 ++++++++- lib/devise/failure_app.rb | 9 ++++----- 8 files changed, 27 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66433afb2d..6f3f0d3bb2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* enhancements + * Introduced `DeviseController#set_flash_message!` for conditional flash messages setting to reduce complexity. + ### 4.0.0.rc1 - 2016-01-02 * Support added to Rails 5 (by @twalpole). diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index f04f6098ec..4981545a3d 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -22,7 +22,7 @@ def show yield resource if block_given? if resource.errors.empty? - set_flash_message(:notice, :confirmed) if is_flashing_format? + set_flash_message!(:notice, :confirmed) respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 851634adeb..f4291c76a6 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -36,10 +36,10 @@ def update resource.unlock_access! if unlockable?(resource) if Devise.sign_in_after_reset_password flash_message = resource.active_for_authentication? ? :updated : :updated_not_active - set_flash_message(:notice, flash_message) if is_flashing_format? + set_flash_message!(:notice, flash_message) sign_in(resource_name, resource) else - set_flash_message(:notice, :updated_not_active) if is_flashing_format? + set_flash_message!(:notice, :updated_not_active) end respond_with resource, location: after_resetting_password_path_for(resource) else diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 27c1a596b5..01926bbcac 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -18,11 +18,11 @@ def create yield resource if block_given? if resource.persisted? if resource.active_for_authentication? - set_flash_message :notice, :signed_up if is_flashing_format? + set_flash_message! :notice, :signed_up sign_up(resource_name, resource) respond_with resource, location: after_sign_up_path_for(resource) else - set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format? + set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}" expire_data_after_sign_in! respond_with resource, location: after_inactive_sign_up_path_for(resource) end @@ -65,7 +65,7 @@ def update def destroy resource.destroy Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name) - set_flash_message :notice, :destroyed if is_flashing_format? + set_flash_message! :notice, :destroyed yield resource if block_given? respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) } end diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 4adf377d8c..d0ddf75065 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -15,7 +15,7 @@ def new # POST /resource/sign_in def create self.resource = warden.authenticate!(auth_options) - set_flash_message(:notice, :signed_in) if is_flashing_format? + set_flash_message!(:notice, :signed_in) sign_in(resource_name, resource) yield resource if block_given? respond_with resource, location: after_sign_in_path_for(resource) @@ -24,7 +24,7 @@ def create # DELETE /resource/sign_out def destroy signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) - set_flash_message :notice, :signed_out if signed_out && is_flashing_format? + set_flash_message! :notice, :signed_out if signed_out yield if block_given? respond_to_on_destroy end @@ -58,7 +58,7 @@ def translation_scope # to the after_sign_out path. def verify_signed_out_user if all_signed_out? - set_flash_message :notice, :already_signed_out if is_flashing_format? + set_flash_message! :notice, :already_signed_out respond_to_on_destroy end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 8bbbfe01d2..179c9525f1 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -24,7 +24,7 @@ def show yield resource if block_given? if resource.errors.empty? - set_flash_message :notice, :unlocked if is_flashing_format? + set_flash_message! :notice, :unlocked respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } else respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index ab159b3142..0679a62e66 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -127,7 +127,7 @@ def successfully_sent?(resource) end if notice - set_flash_message :notice, notice if is_flashing_format? + set_flash_message! :notice, notice true end end @@ -158,6 +158,13 @@ def set_flash_message(key, kind, options = {}) end end + # Sets flash message if is_flashing_format? equals true + def set_flash_message!(key, kind, options = {}) + if is_flashing_format? + set_flash_message(key, kind, options) + end + end + # Sets minimum password length to show to user def set_minimum_password_length if devise_mapping.validatable? diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 863be07bc1..1ce30140aa 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -140,11 +140,10 @@ def scope_url config = Rails.application.config - # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset - if (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2) - opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root)) - else - if config.respond_to?(:relative_url_root) && config.relative_url_root.present? + if config.respond_to?(:relative_url_root) + # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset + rails_4_2 = (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2) + if config.relative_url_root.present? || rails_4_2 opts[:script_name] = config.relative_url_root end end From dc7e7d66c99c77621ac6073259db4666251e6475 Mon Sep 17 00:00:00 2001 From: Justin Etheredge Date: Thu, 2 Apr 2015 17:12:03 -0400 Subject: [PATCH 0861/1473] Increase default stretches to 11 --- lib/devise.rb | 2 +- lib/devise/models.rb | 2 +- lib/generators/templates/devise.rb | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 09c9c5a922..9640f15e30 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -63,7 +63,7 @@ module Strategies # The number of times to encrypt password. mattr_accessor :stretches - @@stretches = 10 + @@stretches = 11 # The default key used when authenticating over http auth. mattr_accessor :http_authentication_key diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 9893062d8d..b7f726c533 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -12,7 +12,7 @@ def message # Creates configuration values for Devise and for the given module. # - # Devise::Models.config(Devise::Authenticatable, :stretches, 10) + # Devise::Models.config(Devise::Authenticatable, :stretches, 11) # # The line above creates: # diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 020bfc3472..5010d791a3 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -92,15 +92,15 @@ # config.clean_up_csrf_token_on_authentication = true # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 10. If + # For bcrypt, this is the cost for hashing the password and defaults to 12. If # using other encryptors, it sets how many times you want the password re-encrypted. # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use - # a value less than 10 in other environments. Note that, for bcrypt (the default + # a value less than 12 in other environments. Note that, for bcrypt (the default # encryptor), the cost increases exponentially with the number of stretches (e.g. # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 10 + config.stretches = Rails.env.test? ? 1 : 11 # Setup a pepper to generate the encrypted password. # config.pepper = '<%= SecureRandom.hex(64) %>' From 4585281da4a46ddbc2748cd13c18873b09a07378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?George=20Guimara=CC=83es?= Date: Thu, 11 Feb 2016 13:29:42 -0200 Subject: [PATCH 0862/1473] Devise is already thread-safe and has been working in production on both YARV and JRuby. --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 44cd3d7d89..c7c65e57d5 100644 --- a/README.md +++ b/README.md @@ -27,8 +27,6 @@ It's composed of 10 modules: * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. -Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress. - ## Information ### The Devise wiki From 648ed3b41265b3ccdba93f031486e1fdcebb5e2b Mon Sep 17 00:00:00 2001 From: Arjun Sharma Date: Sun, 14 Feb 2016 14:59:21 -0700 Subject: [PATCH 0863/1473] Raise error if no ORM is found during install generator --- lib/generators/devise/install_generator.rb | 1 + test/generators/install_generator_test.rb | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index d3eabbea9f..2717d2aad9 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -10,6 +10,7 @@ class InstallGenerator < Rails::Generators::Base class_option :orm def copy_initializer + raise "An ORM must be set to install Devise" unless options[:orm] template "devise.rb", "config/initializers/devise.rb" end diff --git a/test/generators/install_generator_test.rb b/test/generators/install_generator_test.rb index db63e23a44..6a4657e1a9 100644 --- a/test/generators/install_generator_test.rb +++ b/test/generators/install_generator_test.rb @@ -6,8 +6,16 @@ class InstallGeneratorTest < Rails::Generators::TestCase setup :prepare_destination test "Assert all files are properly created" do - run_generator - assert_file "config/initializers/devise.rb" + run_generator(['--orm=active_record']) + assert_file "config/initializers/devise.rb", /devise\/orm\/active_record/ assert_file "config/locales/devise.en.yml" end + + test "Fail if no ORM is specified" do + error = assert_raises RuntimeError do + run_generator + end + + assert_match /An ORM must be set to install Devise/, error.message + end end From c228227bc1cac766c15f89513063da5d554fb1d1 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 15 Feb 2016 10:16:43 -0200 Subject: [PATCH 0864/1473] Tweak no ORM check on `InstallGenerator`. * Expand the explanation of why it fail. * Raise a subclass of `Thor::Error` so the Thor doesn't output the exception backtrace as it isn't useful for developers facing this error. --- lib/generators/devise/install_generator.rb | 16 +++++++++++++++- test/generators/install_generator_test.rb | 13 ++++++++----- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index 2717d2aad9..6c6626b1a1 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -3,6 +3,8 @@ module Devise module Generators + MissingORMError = Class.new(Thor::Error) + class InstallGenerator < Rails::Generators::Base source_root File.expand_path("../../templates", __FILE__) @@ -10,7 +12,19 @@ class InstallGenerator < Rails::Generators::Base class_option :orm def copy_initializer - raise "An ORM must be set to install Devise" unless options[:orm] + unless options[:orm] + raise MissingORMError, <<-ERROR.strip_heredoc + An ORM must be set to install Devise in your application. + + Be sure to have an ORM like Active Record or Mongoid loaded in your + app or configure your own at `config/application.rb`. + + config.generators do |g| + g.orm :your_orm_gem + end + ERROR + end + template "devise.rb", "config/initializers/devise.rb" end diff --git a/test/generators/install_generator_test.rb b/test/generators/install_generator_test.rb index 6a4657e1a9..daf386d9c5 100644 --- a/test/generators/install_generator_test.rb +++ b/test/generators/install_generator_test.rb @@ -5,17 +5,20 @@ class InstallGeneratorTest < Rails::Generators::TestCase destination File.expand_path("../../tmp", __FILE__) setup :prepare_destination - test "Assert all files are properly created" do - run_generator(['--orm=active_record']) + test "assert all files are properly created" do + run_generator(["--orm=active_record"]) assert_file "config/initializers/devise.rb", /devise\/orm\/active_record/ assert_file "config/locales/devise.en.yml" end - test "Fail if no ORM is specified" do - error = assert_raises RuntimeError do + test "fails if no ORM is specified" do + stderr = capture(:stderr) do run_generator end - assert_match /An ORM must be set to install Devise/, error.message + assert_match %r{An ORM must be set to install Devise}, stderr + + assert_no_file "config/initializers/devise.rb" + assert_no_file "config/locales/devise.en.yml" end end From a9b94f5eb95293d59479a0291909114444f2c3bb Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 15 Feb 2016 10:19:08 -0200 Subject: [PATCH 0865/1473] Update CHANGELOG. --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f3f0d3bb2..36146e5e47 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,10 @@ ### Unreleased * enhancements - * Introduced `DeviseController#set_flash_message!` for conditional flash messages setting to reduce complexity. + * Introduced `DeviseController#set_flash_message!` for conditional flash + messages setting to reduce complexity. + * `rails g devise:install` will fail if the app does not have a ORM configured + (by @arjunsharma) ### 4.0.0.rc1 - 2016-01-02 From 8c636ef08af760b400ae5e59ff5aab1101925219 Mon Sep 17 00:00:00 2001 From: Anthony To Date: Thu, 18 Feb 2016 13:35:13 +1100 Subject: [PATCH 0866/1473] Clarify allow_unconfirmed_access_for comments in confirmation module --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 76d4e15bb4..85438dcacc 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -179,7 +179,7 @@ def confirmation_required? # Checks if the confirmation for the user is within the limit time. # We do this by calculating if the difference between today and the # confirmation sent date does not exceed the confirm in time configured. - # Confirm_within is a model configuration, must always be an integer value. + # allow_unconfirmed_access_for is a model configuration, must always be an integer value. # # Example: # From b2143337602f27bbb7b805fa371f245a147bb808 Mon Sep 17 00:00:00 2001 From: Jeroen Visser Date: Mon, 7 Mar 2016 10:07:34 +0100 Subject: [PATCH 0867/1473] Remove trailing whitespace from confirmation view Though not a real issue, it was highlighted as an error by my commit hooks, so I took the opportunity to fix it. --- app/views/devise/confirmations/new.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index 826672f740..2dc668fc52 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -5,7 +5,7 @@
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> + <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
From ec07bdb315966de84686f7499828dd8f890e371a Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 7 Mar 2016 11:19:27 -0300 Subject: [PATCH 0868/1473] Do not use the dynamic `:action` segment on Omniauth routes. This was deprecated on rails/rails#23980. We now generate scope and provider specific routes, like `user_facebook_omniauth_callback` or `user_github_omniauth_callback`. We could deprecate the `omniauth_authorize_path` in favor of the generated routes, but the `shared/links.html.erb` depends on it to generate all omniauth links at once. Closes #3983. --- lib/devise/omniauth/url_helpers.rb | 8 ++++---- lib/devise/rails/routes.rb | 24 +++++++++++------------- test/omniauth/url_helpers_test.rb | 10 ++++------ test/routes_test.rb | 4 ++-- 4 files changed, 21 insertions(+), 25 deletions(-) diff --git a/lib/devise/omniauth/url_helpers.rb b/lib/devise/omniauth/url_helpers.rb index dd123f6a9b..cc0eaee954 100644 --- a/lib/devise/omniauth/url_helpers.rb +++ b/lib/devise/omniauth/url_helpers.rb @@ -4,14 +4,14 @@ module UrlHelpers def self.define_helpers(mapping) end - def omniauth_authorize_path(resource_or_scope, *args) + def omniauth_authorize_path(resource_or_scope, provider, *args) scope = Devise::Mapping.find_scope!(resource_or_scope) - _devise_route_context.send("#{scope}_omniauth_authorize_path", *args) + _devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_path", *args) end - def omniauth_callback_path(resource_or_scope, *args) + def omniauth_callback_path(resource_or_scope, provider, *args) scope = Devise::Mapping.find_scope!(resource_or_scope) - _devise_route_context.send("#{scope}_omniauth_callback_path", *args) + _devise_route_context.send("#{scope}_#{provider}_omniauth_callback_path", *args) end end end diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index e52b3062db..73c5ceef92 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -441,19 +441,17 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: set_omniauth_path_prefix!(path_prefix) - providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s)) - - match "#{path_prefix}/:provider", - constraints: { provider: providers }, - to: "#{controllers[:omniauth_callbacks]}#passthru", - as: :omniauth_authorize, - via: [:get, :post] - - match "#{path_prefix}/:action/callback", - constraints: { action: providers }, - to: "#{controllers[:omniauth_callbacks]}#:action", - as: :omniauth_callback, - via: [:get, :post] + mapping.to.omniauth_providers.each do |provider| + match "#{path_prefix}/#{provider}", + to: "#{controllers[:omniauth_callbacks]}#passthru", + as: "#{provider}_omniauth_authorize", + via: [:get, :post] + + match "#{path_prefix}/#{provider}/callback", + to: "#{controllers[:omniauth_callbacks]}##{provider}", + as: "#{provider}_omniauth_callback", + via: [:get, :post] + end ensure @scope = current_scope end diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 7dfc628090..21bf9d3ae8 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -1,23 +1,21 @@ require 'test_helper' class OmniAuthRoutesTest < ActionController::TestCase - ExpectedUrlGeneratiorError = ActionController::UrlGenerationError - tests ApplicationController def assert_path(action, provider, with_param=true) # Resource param assert_equal @controller.send(action, :user, provider), - @controller.send("user_#{action}", provider) + @controller.send("user_#{provider}_#{action}") # With an object assert_equal @controller.send(action, User.new, provider), - @controller.send("user_#{action}", provider) + @controller.send("user_#{provider}_#{action}") if with_param # Default url params assert_equal @controller.send(action, :user, provider, param: 123), - @controller.send("user_#{action}", provider, param: 123) + @controller.send("user_#{provider}_#{action}", param: 123) end end @@ -32,7 +30,7 @@ def assert_path(action, provider, with_param=true) test 'should generate authorization path' do assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook) - assert_raise ExpectedUrlGeneratiorError do + assert_raise NoMethodError do @controller.omniauth_authorize_path(:user, :github) end end diff --git a/test/routes_test.rb b/test/routes_test.rb index 4c6a3a1f4a..9589d60536 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -96,12 +96,12 @@ class DefaultRoutingTest < ActionController::TestCase test 'map omniauth callbacks' do assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :get}) assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :post}) - assert_named_route "/users/auth/facebook/callback", :user_omniauth_callback_path, :facebook + assert_named_route "/users/auth/facebook/callback", :user_facebook_omniauth_callback_path # named open_id assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :get}) assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :post}) - assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google + assert_named_route "/users/auth/google/callback", :user_google_omniauth_callback_path assert_raise ExpectedRoutingError do assert_recognizes({controller: 'ysers/omniauth_callbacks', action: 'twitter'}, {path: 'users/auth/twitter/callback', method: :get}) From 353b14f473ec0e2e9bb45617f7283ba4a0a25872 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 7 Mar 2016 11:34:19 -0300 Subject: [PATCH 0869/1473] Use versioned migrations when possible Rails 5 deprecates inheriting directly from `ActiveRecord::Migration` in favor of inheriting from `ActiveRecord::Migration[5.0]` where `5.0` is the `major.minor` version of Rails that the migration was originally written to support. h/t to https://github.com/thoughtbot/clearance/commit/b0ce189c69d52155660232604cc30d729d6b4221. --- lib/generators/active_record/devise_generator.rb | 10 ++++++++-- lib/generators/active_record/templates/migration.rb | 2 +- .../active_record/templates/migration_existing.rb | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index ff73b97105..ffcca8705e 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -11,9 +11,9 @@ class DeviseGenerator < ActiveRecord::Generators::Base def copy_devise_migration if (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?(table_name)) - migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb" + migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb", migration_version: migration_version else - migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb" + migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb", migration_version: migration_version end end @@ -86,6 +86,12 @@ def postgresql? config = ActiveRecord::Base.configurations[Rails.env] config && config['adapter'] == 'postgresql' end + + def migration_version + if rails5? + "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" + end + end end end end diff --git a/lib/generators/active_record/templates/migration.rb b/lib/generators/active_record/templates/migration.rb index cf7b1dcf3b..2df528a996 100644 --- a/lib/generators/active_record/templates/migration.rb +++ b/lib/generators/active_record/templates/migration.rb @@ -1,4 +1,4 @@ -class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration +class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %> def change create_table :<%= table_name %> do |t| <%= migration_data -%> diff --git a/lib/generators/active_record/templates/migration_existing.rb b/lib/generators/active_record/templates/migration_existing.rb index b6db505b4b..d7893343e6 100644 --- a/lib/generators/active_record/templates/migration_existing.rb +++ b/lib/generators/active_record/templates/migration_existing.rb @@ -1,4 +1,4 @@ -class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration +class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %> def self.up change_table :<%= table_name %> do |t| <%= migration_data -%> From 5b1182460c2fe8685b7d21abd3a499fc1f7f61ca Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 8 Mar 2016 11:55:11 -0300 Subject: [PATCH 0870/1473] Deprecate legacy OmniAuth URL helpers. --- lib/devise/omniauth/url_helpers.rb | 58 ++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/lib/devise/omniauth/url_helpers.rb b/lib/devise/omniauth/url_helpers.rb index cc0eaee954..da6cc63426 100644 --- a/lib/devise/omniauth/url_helpers.rb +++ b/lib/devise/omniauth/url_helpers.rb @@ -2,6 +2,54 @@ module Devise module OmniAuth module UrlHelpers def self.define_helpers(mapping) + return unless mapping.omniauthable? + + mapping = mapping.name + + class_eval do + define_method("#{mapping}_omniauth_authorize_path") do |provider, *args| + ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) + [Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1. + + Please use #{mapping}_#{provider}_omniauth_authorize_path instead. + DEPRECATION + send("#{mapping}_#{provider}_omniauth_authorize_path", *args) + end + + define_method("#{mapping}_omniauth_authorize_url") do |provider, *args| + ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) + [Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1. + + Please use #{mapping}_#{provider}_omniauth_authorize_url instead. + DEPRECATION + send("#{mapping}_#{provider}_omniauth_authorize_url", *args) + end + + define_method("#{mapping}_omniauth_callback_path") do |provider, *args| + ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) + [Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1. + + Please use #{mapping}_#{provider}_omniauth_callback_path instead. + DEPRECATION + send("#{mapping}_#{provider}_omniauth_callback_path", *args) + end + + define_method("#{mapping}_omniauth_callback_url") do |provider, *args| + ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) + [Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1. + + Please use #{mapping}_#{provider}_omniauth_callback_url instead. + DEPRECATION + send("#{mapping}_#{provider}_omniauth_callback_url", *args) + end + end + + ActiveSupport.on_load(:action_controller) do + if respond_to?(:helper_method) + helper_method "#{mapping}_omniauth_authorize_path", "#{mapping}_omniauth_authorize_url" + helper_method "#{mapping}_omniauth_callback_path", "#{mapping}_omniauth_callback_url" + end + end end def omniauth_authorize_path(resource_or_scope, provider, *args) @@ -9,10 +57,20 @@ def omniauth_authorize_path(resource_or_scope, provider, *args) _devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_path", *args) end + def omniauth_authorize_url(resource_or_scope, provider, *args) + scope = Devise::Mapping.find_scope!(resource_or_scope) + _devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_url", *args) + end + def omniauth_callback_path(resource_or_scope, provider, *args) scope = Devise::Mapping.find_scope!(resource_or_scope) _devise_route_context.send("#{scope}_#{provider}_omniauth_callback_path", *args) end + + def omniauth_callback_url(resource_or_scope, provider, *args) + scope = Devise::Mapping.find_scope!(resource_or_scope) + _devise_route_context.send("#{scope}_#{provider}_omniauth_callback_url", *args) + end end end end From 9ec126bd8b59a4e1e94c14e53b43de677c3e5da0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Mar 2016 11:00:04 -0300 Subject: [PATCH 0871/1473] Update CHANGELOG [ci skip] --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 36146e5e47..987505d27b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,13 @@ messages setting to reduce complexity. * `rails g devise:install` will fail if the app does not have a ORM configured (by @arjunsharma) + * Support to Rails 5 versioned migrations added. + +* deprecations + * omniauth routes are no longer defined with a wildcard `:provider` parameter, + and provider specific routes are defined instead, so route helpers like `user_omniauth_authorize_path(:github)` are deprecated in favor of `user_github_authorize_path`. + You can still use `omniauth_authorize_path(:user, :github)` if you need to + call the helpers dynamically. ### 4.0.0.rc1 - 2016-01-02 From 1c2328bb906704c9f710b053da181b37ec87d93e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Mar 2016 11:01:50 -0300 Subject: [PATCH 0872/1473] Prep for 4.0.0.rc2 release. --- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 4 ++-- gemfiles/Gemfile.rails-4.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.0-beta.lock | 4 ++-- lib/devise/version.rb | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a605993aee..7e0d3183dc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (4.0.0.rc1) + devise (4.0.0.rc2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -47,7 +47,7 @@ GEM thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) arel (6.0.3) - bcrypt (3.1.10) + bcrypt (3.1.11) bson (3.2.6) builder (3.2.2) concurrent-ruby (1.0.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 2b94058c7a..71b55e7729 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.0.0.rc1) + devise (4.0.0.rc2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -59,7 +59,7 @@ GEM remote: https://rubygems.org/ specs: arel (5.0.1.20140414130214) - bcrypt (3.1.10) + bcrypt (3.1.11) bson (3.2.6) builder (3.2.2) concurrent-ruby (1.0.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 06cb5a1b83..6e36578336 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -58,7 +58,7 @@ GIT PATH remote: .. specs: - devise (4.0.0.rc1) + devise (4.0.0.rc2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -69,7 +69,7 @@ GEM remote: https://rubygems.org/ specs: arel (6.0.3) - bcrypt (3.1.10) + bcrypt (3.1.11) bson (3.2.6) builder (3.2.2) concurrent-ruby (1.0.0) diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock index f68710be77..c6e30f29a9 100644 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.0.0.rc1) + devise (4.0.0.rc2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -60,7 +60,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (7.0.0) - bcrypt (3.1.10) + bcrypt (3.1.11) builder (3.2.2) concurrent-ruby (1.0.0) erubis (2.7.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index ff1ff0463c..df5ea76fe7 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.0.0.rc1".freeze + VERSION = "4.0.0.rc2".freeze end From e6563bc4cb47183c5cec593a07b902961cc4f224 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Mar 2016 11:13:04 -0300 Subject: [PATCH 0873/1473] Update Gemfile's dependencies. --- Gemfile | 4 +- Gemfile.lock | 92 ++++++++++++------------ gemfiles/Gemfile.rails-4.1-stable | 8 +-- gemfiles/Gemfile.rails-4.1-stable.lock | 87 +++++++++++------------ gemfiles/Gemfile.rails-4.2-stable | 8 +-- gemfiles/Gemfile.rails-4.2-stable.lock | 91 ++++++++++++------------ gemfiles/Gemfile.rails-5.0-beta | 38 +++++----- gemfiles/Gemfile.rails-5.0-beta.lock | 98 +++++++++++++------------- 8 files changed, 212 insertions(+), 214 deletions(-) diff --git a/Gemfile b/Gemfile index f43190b539..06ff5bdfc9 100644 --- a/Gemfile +++ b/Gemfile @@ -3,8 +3,8 @@ source "https://rubygems.org" gemspec gem "rails", "~> 4.2.5" -gem "omniauth", "~> 1.2.0" -gem "omniauth-oauth2", "~> 1.1.0" +gem "omniauth", "~> 1.3" +gem "omniauth-oauth2", "~> 1.4" gem "rdoc" group :test do diff --git a/Gemfile.lock b/Gemfile.lock index 7e0d3183dc..42ceb2194f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,36 +11,36 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.5.1) - actionpack (= 4.2.5.1) - actionview (= 4.2.5.1) - activejob (= 4.2.5.1) + actionmailer (4.2.6) + actionpack (= 4.2.6) + actionview (= 4.2.6) + activejob (= 4.2.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.5.1) - actionview (= 4.2.5.1) - activesupport (= 4.2.5.1) + actionpack (4.2.6) + actionview (= 4.2.6) + activesupport (= 4.2.6) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.5.1) - activesupport (= 4.2.5.1) + actionview (4.2.6) + activesupport (= 4.2.6) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.5.1) - activesupport (= 4.2.5.1) + activejob (4.2.6) + activesupport (= 4.2.6) globalid (>= 0.3.0) - activemodel (4.2.5.1) - activesupport (= 4.2.5.1) + activemodel (4.2.6) + activesupport (= 4.2.6) builder (~> 3.1) - activerecord (4.2.5.1) - activemodel (= 4.2.5.1) - activesupport (= 4.2.5.1) + activerecord (4.2.6) + activemodel (= 4.2.6) + activesupport (= 4.2.6) arel (~> 6.0) - activesupport (4.2.5.1) + activesupport (4.2.6) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -50,7 +50,7 @@ GEM bcrypt (3.1.11) bson (3.2.6) builder (3.2.2) - concurrent-ruby (1.0.0) + concurrent-ruby (1.0.1) connection_pool (2.2.0) erubis (2.7.0) faraday (0.9.2) @@ -60,13 +60,13 @@ GEM hashie (3.4.3) i18n (0.7.0) json (1.8.3) - jwt (1.5.2) + jwt (1.5.1) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.99) + mime-types (2.99.1) mini_portile2 (2.0.0) minitest (5.8.4) mocha (1.1.0) @@ -85,21 +85,19 @@ GEM multipart-post (2.0.0) nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) - oauth2 (0.9.4) + oauth2 (1.1.0) faraday (>= 0.8, < 0.10) - jwt (~> 1.0) + jwt (~> 1.0, < 1.5.2) multi_json (~> 1.3) multi_xml (~> 0.5) - rack (~> 1.2) - omniauth (1.2.2) + rack (>= 1.2, < 3) + omniauth (1.3.1) hashie (>= 1.2, < 4) - rack (~> 1.0) - omniauth-facebook (1.6.0) - omniauth-oauth2 (~> 1.1) - omniauth-oauth2 (1.1.2) - faraday (>= 0.8, < 0.10) - multi_json (~> 1.3) - oauth2 (~> 0.9.3) + rack (>= 1.0, < 3) + omniauth-facebook (3.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.4.0) + oauth2 (~> 1.0) omniauth (~> 1.2) omniauth-openid (1.0.1) omniauth (~> 1.0) @@ -113,16 +111,16 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (4.2.5.1) - actionmailer (= 4.2.5.1) - actionpack (= 4.2.5.1) - actionview (= 4.2.5.1) - activejob (= 4.2.5.1) - activemodel (= 4.2.5.1) - activerecord (= 4.2.5.1) - activesupport (= 4.2.5.1) + rails (4.2.6) + actionmailer (= 4.2.6) + actionpack (= 4.2.6) + actionview (= 4.2.6) + activejob (= 4.2.6) + activemodel (= 4.2.6) + activerecord (= 4.2.6) + activesupport (= 4.2.6) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.5.1) + railties (= 4.2.6) sprockets-rails rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) @@ -132,12 +130,12 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (4.2.5.1) - actionpack (= 4.2.5.1) - activesupport (= 4.2.5.1) + railties (4.2.6) + actionpack (= 4.2.6) + activesupport (= 4.2.6) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.5.0) + rake (11.0.1) rdoc (4.2.2) json (~> 1.4) responders (2.1.1) @@ -146,7 +144,7 @@ GEM sprockets (3.5.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.0.1) + sprockets-rails (3.0.4) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -172,9 +170,9 @@ DEPENDENCIES jruby-openssl mocha (~> 1.1) mongoid (~> 4.0) - omniauth (~> 1.2.0) + omniauth (~> 1.3) omniauth-facebook - omniauth-oauth2 (~> 1.1.0) + omniauth-oauth2 (~> 1.4) omniauth-openid (~> 1.0.1) rails (~> 4.2.5) rdoc diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile.rails-4.1-stable index f4f0e37cf9..72d73d6f86 100644 --- a/gemfiles/Gemfile.rails-4.1-stable +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -1,10 +1,10 @@ source "https://rubygems.org" -gemspec path: '..' +gemspec path: ".." -gem "rails", github: 'rails/rails', branch: '4-1-stable' -gem "omniauth", "~> 1.2.0" -gem "omniauth-oauth2", "~> 1.1.0" +gem "rails", github: "rails/rails", branch: "4-1-stable" +gem "omniauth", "~> 1.3" +gem "omniauth-oauth2", "~> 1.4" gem "rdoc" group :test do diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 71b55e7729..b67b6de620 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,47 +1,47 @@ GIT remote: git://github.com/rails/rails.git - revision: e8eda76893479a29ace8d85cf4e4cfc67cd6fd4b + revision: 41b4d81b4fd14cbf43060c223bea0f461256d099 branch: 4-1-stable specs: - actionmailer (4.1.14.1) - actionpack (= 4.1.14.1) - actionview (= 4.1.14.1) + actionmailer (4.1.15) + actionpack (= 4.1.15) + actionview (= 4.1.15) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.14.1) - actionview (= 4.1.14.1) - activesupport (= 4.1.14.1) + actionpack (4.1.15) + actionview (= 4.1.15) + activesupport (= 4.1.15) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.14.1) - activesupport (= 4.1.14.1) + actionview (4.1.15) + activesupport (= 4.1.15) builder (~> 3.1) erubis (~> 2.7.0) - activemodel (4.1.14.1) - activesupport (= 4.1.14.1) + activemodel (4.1.15) + activesupport (= 4.1.15) builder (~> 3.1) - activerecord (4.1.14.1) - activemodel (= 4.1.14.1) - activesupport (= 4.1.14.1) + activerecord (4.1.15) + activemodel (= 4.1.15) + activesupport (= 4.1.15) arel (~> 5.0.0) - activesupport (4.1.14.1) + activesupport (4.1.15) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.1) tzinfo (~> 1.1) - rails (4.1.14.1) - actionmailer (= 4.1.14.1) - actionpack (= 4.1.14.1) - actionview (= 4.1.14.1) - activemodel (= 4.1.14.1) - activerecord (= 4.1.14.1) - activesupport (= 4.1.14.1) + rails (4.1.15) + actionmailer (= 4.1.15) + actionpack (= 4.1.15) + actionview (= 4.1.15) + activemodel (= 4.1.15) + activerecord (= 4.1.15) + activesupport (= 4.1.15) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.14.1) + railties (= 4.1.15) sprockets-rails (~> 2.0) - railties (4.1.14.1) - actionpack (= 4.1.14.1) - activesupport (= 4.1.14.1) + railties (4.1.15) + actionpack (= 4.1.15) + activesupport (= 4.1.15) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -62,7 +62,7 @@ GEM bcrypt (3.1.11) bson (3.2.6) builder (3.2.2) - concurrent-ruby (1.0.0) + concurrent-ruby (1.0.1) connection_pool (2.2.0) erubis (2.7.0) faraday (0.9.2) @@ -70,11 +70,11 @@ GEM hashie (3.4.3) i18n (0.7.0) json (1.8.3) - jwt (1.5.2) + jwt (1.5.1) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.99) + mime-types (2.99.1) mini_portile2 (2.0.0) minitest (5.8.4) mocha (1.1.0) @@ -93,21 +93,19 @@ GEM multipart-post (2.0.0) nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) - oauth2 (0.9.4) + oauth2 (1.1.0) faraday (>= 0.8, < 0.10) - jwt (~> 1.0) + jwt (~> 1.0, < 1.5.2) multi_json (~> 1.3) multi_xml (~> 0.5) - rack (~> 1.2) - omniauth (1.2.2) + rack (>= 1.2, < 3) + omniauth (1.3.1) hashie (>= 1.2, < 4) - rack (~> 1.0) - omniauth-facebook (1.6.0) - omniauth-oauth2 (~> 1.1) - omniauth-oauth2 (1.1.2) - faraday (>= 0.8, < 0.10) - multi_json (~> 1.3) - oauth2 (~> 0.9.3) + rack (>= 1.0, < 3) + omniauth-facebook (3.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.4.0) + oauth2 (~> 1.0) omniauth (~> 1.2) omniauth-openid (1.0.1) omniauth (~> 1.0) @@ -121,8 +119,9 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rake (10.5.0) - rdoc (4.2.1) + rake (11.0.1) + rdoc (4.2.2) + json (~> 1.4) responders (1.1.2) railties (>= 3.2, < 4.2) ruby-openid (2.7.0) @@ -155,9 +154,9 @@ DEPENDENCIES jruby-openssl mocha (~> 1.1) mongoid (~> 4.0.0) - omniauth (~> 1.2.0) + omniauth (~> 1.3) omniauth-facebook - omniauth-oauth2 (~> 1.1.0) + omniauth-oauth2 (~> 1.4) omniauth-openid (~> 1.0.1) rails! rdoc diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable index 972e2f10be..de9c4d05dc 100644 --- a/gemfiles/Gemfile.rails-4.2-stable +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -1,10 +1,10 @@ source "https://rubygems.org" -gemspec path: '..' +gemspec path: ".." -gem "rails", github: 'rails/rails', branch: '4-2-stable' -gem "omniauth", "~> 1.2.2" -gem "omniauth-oauth2", "~> 1.2.0" +gem "rails", github: "rails/rails", branch: "4-2-stable" +gem "omniauth", "~> 1.3" +gem "omniauth-oauth2", "~> 1.4" gem "rdoc" group :test do diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 6e36578336..6144a11d8a 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,57 +1,57 @@ GIT remote: git://github.com/rails/rails.git - revision: acf654b1c4a1ffe2a90d6ea63a0b989d656bb87d + revision: 2aa27582c202148296bb169159b0bf9a47a7bd80 branch: 4-2-stable specs: - actionmailer (4.2.5.1) - actionpack (= 4.2.5.1) - actionview (= 4.2.5.1) - activejob (= 4.2.5.1) + actionmailer (4.2.6) + actionpack (= 4.2.6) + actionview (= 4.2.6) + activejob (= 4.2.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.5.1) - actionview (= 4.2.5.1) - activesupport (= 4.2.5.1) + actionpack (4.2.6) + actionview (= 4.2.6) + activesupport (= 4.2.6) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.5.1) - activesupport (= 4.2.5.1) + actionview (4.2.6) + activesupport (= 4.2.6) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.5.1) - activesupport (= 4.2.5.1) + activejob (4.2.6) + activesupport (= 4.2.6) globalid (>= 0.3.0) - activemodel (4.2.5.1) - activesupport (= 4.2.5.1) + activemodel (4.2.6) + activesupport (= 4.2.6) builder (~> 3.1) - activerecord (4.2.5.1) - activemodel (= 4.2.5.1) - activesupport (= 4.2.5.1) + activerecord (4.2.6) + activemodel (= 4.2.6) + activesupport (= 4.2.6) arel (~> 6.0) - activesupport (4.2.5.1) + activesupport (4.2.6) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - rails (4.2.5.1) - actionmailer (= 4.2.5.1) - actionpack (= 4.2.5.1) - actionview (= 4.2.5.1) - activejob (= 4.2.5.1) - activemodel (= 4.2.5.1) - activerecord (= 4.2.5.1) - activesupport (= 4.2.5.1) + rails (4.2.6) + actionmailer (= 4.2.6) + actionpack (= 4.2.6) + actionview (= 4.2.6) + activejob (= 4.2.6) + activemodel (= 4.2.6) + activerecord (= 4.2.6) + activesupport (= 4.2.6) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.5.1) + railties (= 4.2.6) sprockets-rails - railties (4.2.5.1) - actionpack (= 4.2.5.1) - activesupport (= 4.2.5.1) + railties (4.2.6) + actionpack (= 4.2.6) + activesupport (= 4.2.6) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -72,7 +72,7 @@ GEM bcrypt (3.1.11) bson (3.2.6) builder (3.2.2) - concurrent-ruby (1.0.0) + concurrent-ruby (1.0.1) connection_pool (2.2.0) erubis (2.7.0) faraday (0.9.2) @@ -82,13 +82,13 @@ GEM hashie (3.4.3) i18n (0.7.0) json (1.8.3) - jwt (1.5.2) + jwt (1.5.1) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.3) mime-types (>= 1.16, < 3) metaclass (0.0.4) - mime-types (2.99) + mime-types (2.99.1) mini_portile2 (2.0.0) minitest (5.8.4) mocha (1.1.0) @@ -107,20 +107,18 @@ GEM multipart-post (2.0.0) nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) - oauth2 (1.0.0) + oauth2 (1.1.0) faraday (>= 0.8, < 0.10) - jwt (~> 1.0) + jwt (~> 1.0, < 1.5.2) multi_json (~> 1.3) multi_xml (~> 0.5) - rack (~> 1.2) - omniauth (1.2.2) + rack (>= 1.2, < 3) + omniauth (1.3.1) hashie (>= 1.2, < 4) - rack (~> 1.0) + rack (>= 1.0, < 3) omniauth-facebook (3.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.2.0) - faraday (>= 0.8, < 0.10) - multi_json (~> 1.3) + omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) omniauth (~> 1.2) omniauth-openid (1.0.1) @@ -143,15 +141,16 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - rake (10.5.0) - rdoc (4.2.1) + rake (11.0.1) + rdoc (4.2.2) + json (~> 1.4) responders (2.1.1) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.0.0) + sprockets-rails (3.0.4) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -177,9 +176,9 @@ DEPENDENCIES jruby-openssl mocha (~> 1.1) mongoid (~> 4.0.0) - omniauth (~> 1.2.2) + omniauth (~> 1.3) omniauth-facebook - omniauth-oauth2 (~> 1.2.0) + omniauth-oauth2 (~> 1.4) omniauth-openid (~> 1.0.1) rails! rdoc diff --git a/gemfiles/Gemfile.rails-5.0-beta b/gemfiles/Gemfile.rails-5.0-beta index 81a2cc1a43..100b7f5e35 100644 --- a/gemfiles/Gemfile.rails-5.0-beta +++ b/gemfiles/Gemfile.rails-5.0-beta @@ -1,37 +1,37 @@ -source 'https://rubygems.org' +source "https://rubygems.org" -gemspec path: '..' +gemspec path: ".." -gem 'rails', '5.0.0.beta2' -gem 'omniauth', '~>1.3.1' -gem 'oauth2' -gem 'omniauth-oauth2', '>= 1.2.0', '< 1.5.0' -gem 'rdoc' +gem "rails", "5.0.0.beta3" +gem "omniauth", " ~>1.3" +gem "oauth2" +gem "omniauth-oauth2", ">= 1.2.0", "< 1.5.0" +gem "rdoc" -gem 'activemodel-serializers-xml', github: 'rails/activemodel-serializers-xml' +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" -gem 'rails-controller-testing' +gem "rails-controller-testing" -gem 'responders', '~>2.1.1' +gem "responders", "~> 2.1.1" group :test do - gem 'omniauth-facebook' - gem 'omniauth-openid', '~> 1.0.1' - gem 'webrat', '0.7.3', require: false - gem 'mocha', '~> 1.1', require: false + gem "omniauth-facebook" + gem "omniauth-openid", "~> 1.0.1" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false end platforms :jruby do - gem 'activerecord-jdbc-adapter' - gem 'activerecord-jdbcsqlite3-adapter' - gem 'jruby-openssl' + gem "activerecord-jdbc-adapter" + gem "activerecord-jdbcsqlite3-adapter" + gem "jruby-openssl" end platforms :ruby do - gem 'sqlite3' + gem "sqlite3" end # TODO: # group :mongoid do -# gem 'mongoid', '~> 4.0.0' +# gem "mongoid", "~> 4.0.0" # end diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock index c6e30f29a9..7e35cbcde8 100644 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -1,11 +1,12 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: 1f72d9507c91b1cda10d1d20eac2b74dd6d9d4b9 + revision: ad5ff3a9262576362792196a991de1d1778c5f48 specs: - activemodel-serializers-xml (0.1.0) - activemodel - activerecord - activesupport + activemodel-serializers-xml (1.0.0) + activemodel (> 5.x) + activerecord (> 5.x) + activesupport (> 5.x) + builder (~> 3.1) PATH remote: .. @@ -20,49 +21,47 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.0.0.beta2) - actionpack (= 5.0.0.beta2) + actioncable (5.0.0.beta3) + actionpack (= 5.0.0.beta3) nio4r (~> 1.2) websocket-driver (~> 0.6.1) - actionmailer (5.0.0.beta2) - actionpack (= 5.0.0.beta2) - actionview (= 5.0.0.beta2) - activejob (= 5.0.0.beta2) + actionmailer (5.0.0.beta3) + actionpack (= 5.0.0.beta3) + actionview (= 5.0.0.beta3) + activejob (= 5.0.0.beta3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (5.0.0.beta2) - actionview (= 5.0.0.beta2) - activesupport (= 5.0.0.beta2) + actionpack (5.0.0.beta3) + actionview (= 5.0.0.beta3) + activesupport (= 5.0.0.beta3) rack (~> 2.x) rack-test (~> 0.6.3) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0.beta2) - activesupport (= 5.0.0.beta2) + actionview (5.0.0.beta3) + activesupport (= 5.0.0.beta3) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.0.beta2) - activesupport (= 5.0.0.beta2) + activejob (5.0.0.beta3) + activesupport (= 5.0.0.beta3) globalid (>= 0.3.6) - activemodel (5.0.0.beta2) - activesupport (= 5.0.0.beta2) - activerecord (5.0.0.beta2) - activemodel (= 5.0.0.beta2) - activesupport (= 5.0.0.beta2) + activemodel (5.0.0.beta3) + activesupport (= 5.0.0.beta3) + activerecord (5.0.0.beta3) + activemodel (= 5.0.0.beta3) + activesupport (= 5.0.0.beta3) arel (~> 7.0) - activesupport (5.0.0.beta2) + activesupport (5.0.0.beta3) concurrent-ruby (~> 1.0) i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) - method_source minitest (~> 5.1) tzinfo (~> 1.1) arel (7.0.0) bcrypt (3.1.11) builder (3.2.2) - concurrent-ruby (1.0.0) + concurrent-ruby (1.0.1) erubis (2.7.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) @@ -78,7 +77,7 @@ GEM mime-types (>= 1.16, < 3) metaclass (0.0.4) method_source (0.8.2) - mime-types (2.99) + mime-types (2.99.1) mini_portile2 (2.0.0) minitest (5.8.4) mocha (1.1.0) @@ -114,20 +113,22 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.0.beta2) - actioncable (= 5.0.0.beta2) - actionmailer (= 5.0.0.beta2) - actionpack (= 5.0.0.beta2) - actionview (= 5.0.0.beta2) - activejob (= 5.0.0.beta2) - activemodel (= 5.0.0.beta2) - activerecord (= 5.0.0.beta2) - activesupport (= 5.0.0.beta2) + rails (5.0.0.beta3) + actioncable (= 5.0.0.beta3) + actionmailer (= 5.0.0.beta3) + actionpack (= 5.0.0.beta3) + actionview (= 5.0.0.beta3) + activejob (= 5.0.0.beta3) + activemodel (= 5.0.0.beta3) + activerecord (= 5.0.0.beta3) + activesupport (= 5.0.0.beta3) bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.beta2) + railties (= 5.0.0.beta3) sprockets-rails (>= 2.0.0) - rails-controller-testing (0.0.3) - rails (>= 4.2) + rails-controller-testing (0.1.1) + actionpack (~> 5.x) + actionview (~> 5.x) + activesupport (~> 5.x) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) rails-dom-testing (1.0.7) @@ -136,21 +137,22 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (5.0.0.beta2) - actionpack (= 5.0.0.beta2) - activesupport (= 5.0.0.beta2) + railties (5.0.0.beta3) + actionpack (= 5.0.0.beta3) + activesupport (= 5.0.0.beta3) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (10.5.0) - rdoc (4.2.1) + rake (11.0.1) + rdoc (4.2.2) + json (~> 1.4) responders (2.1.1) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.0.1) + sprockets-rails (3.0.4) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -180,11 +182,11 @@ DEPENDENCIES jruby-openssl mocha (~> 1.1) oauth2 - omniauth (~> 1.3.1) + omniauth (~> 1.3) omniauth-facebook omniauth-oauth2 (>= 1.2.0, < 1.5.0) omniauth-openid (~> 1.0.1) - rails (= 5.0.0.beta2) + rails (= 5.0.0.beta3) rails-controller-testing rdoc responders (~> 2.1.1) From ccda4692b45c60ba2a76bc9d2cdac777a2574769 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Mar 2016 11:16:21 -0300 Subject: [PATCH 0874/1473] Add a `bin/test` executable to use Rails 5 Minitest report. --- .travis.yml | 2 +- bin/test | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100755 bin/test diff --git a/.travis.yml b/.travis.yml index 0d40603ba7..88ef334ac4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,7 +33,7 @@ before_install: "rm ${BUNDLE_GEMFILE}.lock" before_script: "bundle update" -script: "bundle exec rake test" +script: "bin/test" notifications: email: false diff --git a/bin/test b/bin/test new file mode 100755 index 0000000000..cb9baa81e4 --- /dev/null +++ b/bin/test @@ -0,0 +1,13 @@ +#!/usr/bin/env ruby +$: << File.expand_path(File.expand_path('../../test', __FILE__)) + +require 'bundler/setup' +begin + require 'rails/test_unit/minitest_plugin' +rescue LoadError + exec 'rake' +end + +Rails::TestUnitReporter.executable = 'bin/test' + +exit Minitest.run(ARGV) From d0e5a1d252aeea350b11ab066cba5765d5f523dd Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Mar 2016 11:34:14 -0300 Subject: [PATCH 0875/1473] Update CHANGELOG [ci skip] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 987505d27b..70ee056a8e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.0.0.rc2 - 2016-03-09 + * enhancements * Introduced `DeviseController#set_flash_message!` for conditional flash messages setting to reduce complexity. From db901399f2ec411ab5dd6795f277ae26c1d7380e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 9 Mar 2016 15:59:00 -0300 Subject: [PATCH 0876/1473] Fix Symbol syntax no deprecation message. --- lib/devise/parameter_sanitizer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index d34d32c207..358b95e584 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -169,7 +169,7 @@ def unknown_action!(action) If you want to define a new set of parameters to be sanitized use the `permit` method first: - devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, param2, param3]) + devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3]) MESSAGE end From c70eb0a5a847c0b87ce1c2c7c6b6fb4cbb24f917 Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 12 Mar 2016 07:10:20 +0800 Subject: [PATCH 0877/1473] unified use pending_reconfirmation? method --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 85438dcacc..0787acef22 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -75,7 +75,7 @@ def confirm(args={}) self.confirmed_at = Time.now.utc - saved = if self.class.reconfirmable && unconfirmed_email.present? + saved = if pending_reconfirmation? skip_reconfirmation! self.email = unconfirmed_email self.unconfirmed_email = nil From c3c2438c9c7f79dd5091e5688cd3fde06f9d185f Mon Sep 17 00:00:00 2001 From: bogdanvlviv Date: Wed, 23 Mar 2016 21:21:58 +0200 Subject: [PATCH 0878/1473] change rails version from 4.2.5 to 4.2.6 --- Gemfile | 2 +- Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 06ff5bdfc9..7ec502c514 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 4.2.5" +gem "rails", "~> 4.2.6" gem "omniauth", "~> 1.3" gem "omniauth-oauth2", "~> 1.4" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 42ceb2194f..5e08cf5e3d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -174,7 +174,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.4) omniauth-openid (~> 1.0.1) - rails (~> 4.2.5) + rails (~> 4.2.6) rdoc sqlite3 webrat (= 0.7.3) From 2af3a83ef4a007183e9a07b20da14b7ef89a43c5 Mon Sep 17 00:00:00 2001 From: Bogdan Date: Sat, 26 Mar 2016 03:48:33 +0200 Subject: [PATCH 0879/1473] Update .travis.yml --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 88ef334ac4..e19c32b4a5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,7 @@ language: ruby rvm: - 2.3.0 - 2.2.4 - - 2.1.5 + - 2.1.8 gemfile: - Gemfile @@ -13,7 +13,7 @@ gemfile: matrix: exclude: - - rvm: 2.1.5 + - rvm: 2.1.8 gemfile: gemfiles/Gemfile.rails-5.0-beta - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.0-beta From aa25e2080ed089804826277a0119cd6ca384c348 Mon Sep 17 00:00:00 2001 From: Bogdan Date: Wed, 23 Mar 2016 20:57:56 +0200 Subject: [PATCH 0880/1473] removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in! --- CHANGELOG.md | 4 ++++ lib/devise/controllers/helpers.rb | 6 ------ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70ee056a8e..9e93759559 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased +* deprecations + * removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in! + (by @bogdanvlviv) + ### 4.0.0.rc2 - 2016-03-09 * enhancements diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index a23f4020c2..d3153e93df 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -271,12 +271,6 @@ def is_flashing_format? private - def expire_session_data_after_sign_in! - ActiveSupport::Deprecation.warn "expire_session_data_after_sign_in! is deprecated " \ - "in favor of expire_data_after_sign_in!" - expire_data_after_sign_in! - end - def expire_data_after_sign_out! Devise.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) } super From c520e93733701321c86db320db181521caea0ca1 Mon Sep 17 00:00:00 2001 From: Sammy Larbi Date: Sat, 9 Apr 2016 17:55:20 -0500 Subject: [PATCH 0881/1473] Note change to Rails 5 that affects Devise example [A change in Rails 5](https://github.com/rails/rails/commit/39794037817703575c35a75f1961b01b83791191) left me hunting for hours on why I could no longer log in to my application. To save others the trouble, I thought it would be nice to note it in the README. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c7c65e57d5..23659f0a8b 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,8 @@ Devise will create some helpers to use inside your controllers and views. To set before_action :authenticate_user! ``` +For Rails 5, note that `protect_from_forgery` is no longer prepended to the `before_action` chain, so if you have set `authenticate_user` before `protect_from_forgery`, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use `protect_from_forgery prepend: true`. + If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below. To verify if a user is signed in, use the following helper: From 0f11c0f6b3937d9b14d73fb56fb7cc311776715f Mon Sep 17 00:00:00 2001 From: bogdanvlviv Date: Tue, 12 Apr 2016 09:03:54 +0300 Subject: [PATCH 0882/1473] fix method name for File --- lib/generators/devise/orm_helpers.rb | 2 +- test/rails_app/config/boot.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index 37228fd944..f67204b37c 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -15,7 +15,7 @@ def model_contents private def model_exists? - File.exists?(File.join(destination_root, model_path)) + File.exist?(File.join(destination_root, model_path)) end def migration_exists?(table_name) diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 2d82acf5b7..fef72810d3 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -11,4 +11,4 @@ def self.rails5? # Set up gems listed in the Gemfile. ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__) -require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE']) +require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) From 9cdf7860d59b7aafec1ee38930f4405d4c9b82f7 Mon Sep 17 00:00:00 2001 From: Tom Kadwill Date: Sat, 9 Apr 2016 12:16:37 +0100 Subject: [PATCH 0883/1473] Update README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c7c65e57d5..b57348c36a 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,7 @@ The generator will install an initializer which describes ALL of Devise's config rails generate devise MODEL ``` -Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. +Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate` @@ -187,7 +187,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. -There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are: +There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and default permitted parameters are: * `sign_in` (`Devise::SessionsController#create`) - Permits only the authentication keys (like `email`) * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` From 48af3e82499d7488d3ae99d111f3d2c1ea2c9f74 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Fri, 15 Apr 2016 16:57:35 -0300 Subject: [PATCH 0884/1473] Fix Rails 5 build With this [PR](https://github.com/rails/activemodel-serializers-xml/pull/8) of activemodel-serializers bundle will require it by default. --- gemfiles/Gemfile.rails-5.0-beta.lock | 16 +++++++++------- test/rails_app/app/active_record/user.rb | 2 -- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock index 7e35cbcde8..6e92daa86c 100644 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ b/gemfiles/Gemfile.rails-5.0-beta.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: ad5ff3a9262576362792196a991de1d1778c5f48 + revision: f380ea5ddefcb9a37f4fbc47606ed6fbecdb2b2a specs: activemodel-serializers-xml (1.0.0) activemodel (> 5.x) @@ -73,11 +73,13 @@ GEM jwt (1.5.1) loofah (2.0.3) nokogiri (>= 1.5.9) - mail (2.6.3) - mime-types (>= 1.16, < 3) + mail (2.6.4) + mime-types (>= 1.16, < 4) metaclass (0.0.4) method_source (0.8.2) - mime-types (2.99.1) + mime-types (3.0) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0221) mini_portile2 (2.0.0) minitest (5.8.4) mocha (1.1.0) @@ -143,13 +145,13 @@ GEM method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.0.1) + rake (11.1.2) rdoc (4.2.2) json (~> 1.4) - responders (2.1.1) + responders (2.1.2) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.5.2) + sprockets (3.6.0) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.0.4) diff --git a/test/rails_app/app/active_record/user.rb b/test/rails_app/app/active_record/user.rb index 431bdf5de7..ec9d0c282c 100644 --- a/test/rails_app/app/active_record/user.rb +++ b/test/rails_app/app/active_record/user.rb @@ -1,6 +1,4 @@ require 'shared_user' -require 'active_model/serializers/xml' if Devise.rails5? -require 'active_model-serializers' if Devise.rails5? class User < ActiveRecord::Base include Shim From 4a4b5ba196af951695730a1a71cc7aa1d875db0d Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Thu, 14 Apr 2016 18:45:41 -0300 Subject: [PATCH 0885/1473] Fix remember me always extending the period Now the config `extend_remember_period` is used to: `true` - Every time the user authentication is validated, the cookie expiration is updated. `false` - Does not updates the cookie expiration. Closes #3994 --- lib/devise.rb | 1 - lib/devise/models/rememberable.rb | 9 ++++--- lib/devise/strategies/rememberable.rb | 9 +++---- test/integration/rememberable_test.rb | 35 ++++++++++++++++++++++++++- 4 files changed, 42 insertions(+), 12 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 64c885224b..800a0d2b2f 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -115,7 +115,6 @@ module Strategies mattr_accessor :remember_for @@remember_for = 2.weeks - # TODO: extend_remember_period is no longer used # If true, extends the user's remember period when remembered via cookie. mattr_accessor :extend_remember_period @@extend_remember_period = false diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 77393f5291..222c740eda 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -39,7 +39,7 @@ module Models module Rememberable extend ActiveSupport::Concern - attr_accessor :remember_me, :extend_remember_period + attr_accessor :remember_me def self.required_fields(klass) [:remember_created_at] @@ -66,6 +66,10 @@ def remember_expires_at self.class.remember_for.from_now end + def extend_remember_period + self.class.extend_remember_period + end + def rememberable_value if respond_to?(:remember_token) remember_token @@ -147,9 +151,6 @@ def remember_token #:nodoc: end end - private - - # TODO: extend_remember_period is no longer used Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out) end end diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index fcc76ea5e7..3a09a6b4ee 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -25,8 +25,7 @@ def authenticate! end if validate(resource) - remember_me(resource) - extend_remember_me_period(resource) + remember_me(resource) if extend_remember_me?(resource) resource.after_remembered success!(resource) end @@ -43,10 +42,8 @@ def clean_up_csrf? private - def extend_remember_me_period(resource) - if resource.respond_to?(:extend_remember_period=) - resource.extend_remember_period = mapping.to.extend_remember_period - end + def extend_remember_me?(resource) + resource.respond_to?(:extend_remember_period) && resource.extend_remember_period end def remember_me? diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index d381083331..0cb43ea788 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -94,7 +94,6 @@ def cookie_expires(key) assert_response :success assert warden.authenticated?(:user) assert warden.user(:user) == user - assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie." end test 'remember the user before sign up and redirect them to their home' do @@ -120,6 +119,40 @@ def cookie_expires(key) end end + test 'extends remember period when extend remember period config is true' do + swap Devise, extend_remember_period: true, remember_for: 1.year do + user = create_user_and_remember + old_remember_token = nil + + travel_to 1.day.ago do + get root_path + old_remember_token = request.cookies['remember_user_token'] + end + + get root_path + current_remember_token = request.cookies['remember_user_token'] + + refute_equal old_remember_token, current_remember_token + end + end + + test 'does not extend remember period when extend period config is false' do + swap Devise, extend_remember_period: false, remember_for: 1.year do + user = create_user_and_remember + old_remember_token = nil + + travel_to 1.day.ago do + get root_path + old_remember_token = request.cookies['remember_user_token'] + end + + get root_path + current_remember_token = request.cookies['remember_user_token'] + + assert_equal old_remember_token, current_remember_token + end + end + test 'do not remember other scopes' do create_user_and_remember get root_path From 164134c78aee44c5b04ee004b5d0f0584418c43c Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Tue, 12 Apr 2016 16:01:34 -0300 Subject: [PATCH 0886/1473] Add warning about default config change This change add warnings for these configurations: * strip_whitespace_keys - It is already explicit on config template, now it will be the same of the template. * email_regexp - In the new version this regexp will be more permissive. * reconfirmable - It is already explicit on config template, now it will be the same of the template. * skip_session_storage - It is already explicit on config template, now it will be the same of the template. * sign_out_via - It is already explicit on config template, now it will be the same of the template. These ones is important to change, since the configuration says current explicit value are the default. It can lead to misunderstanging if users remove the explicit configuration. It also updates the template explicit values: * Warns the `config.mailer_sender` is nil by default * Update `config.password_length` to use the current default * Make the e-mail configuration explicit --- lib/devise.rb | 97 ++++++++++++++++++++++++++++-- lib/generators/templates/devise.rb | 4 +- test/devise_test.rb | 27 +++++++++ 3 files changed, 121 insertions(+), 7 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 64c885224b..9b02c81d14 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -53,6 +53,12 @@ module Strategies # True values used to check params TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'] + # Track the configs that user explicit changed the default value. It is + # helpfull to not warn users about default values changing when they willing + # changed. + mattr_accessor :app_set_configs + @@app_set_configs = Set.new + # Secret key used by the key generator mattr_accessor :secret_key @@secret_key = nil @@ -82,9 +88,20 @@ module Strategies @@case_insensitive_keys = [:email] # Keys that should have whitespace stripped. - mattr_accessor :strip_whitespace_keys + # TODO: 4.1 Do: @@strip_whitespace_keys = [:email] + mattr_reader :strip_whitespace_keys @@strip_whitespace_keys = [] + def self.strip_whitespace_keys=(strip_whitespace_keys) + app_set_configs << :strip_whitespace_keys + @@strip_whitespace_keys = strip_whitespace_keys + end + + def strip_whitespace_keys=(strip_whitespace_keys) + app_set_configs << :strip_whitespace_keys + @@strip_whitespace_keys = strip_whitespace_keys + end + # If http authentication is enabled by default. mattr_accessor :http_authenticatable @@http_authenticatable = false @@ -104,9 +121,20 @@ module Strategies # Email regex used to validate email formats. It simply asserts that # an one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. - mattr_accessor :email_regexp + # TODO: 4.1 Do: @@email_regexp = [/\A[^@\s]+@[^@\s]+\z/] + mattr_reader :email_regexp @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/ + def self.email_regexp=(email_regexp) + app_set_configs << :email_regexp + @@email_regexp = email_regexp + end + + def email_regexp=(email_regexp) + app_set_configs << :email_regexp + @@email_regexp = email_regexp + end + # Range validation for password length mattr_accessor :password_length @@password_length = 6..128 @@ -139,9 +167,20 @@ module Strategies # Defines if email should be reconfirmable. # False by default for backwards compatibility. - mattr_accessor :reconfirmable + # TODO: 4.1 Do: @@reconfirmable = true + mattr_reader :reconfirmable @@reconfirmable = false + def self.reconfirmable=(reconfirmable) + app_set_configs << :reconfirmable + @@reconfirmable = reconfirmable + end + + def reconfirmable=(reconfirmable) + app_set_configs << :reconfirmable + @@reconfirmable = reconfirmable + end + # Time interval to timeout the user session without activity. mattr_accessor :timeout_in @@timeout_in = 30.minutes @@ -202,9 +241,20 @@ module Strategies @@mailer_sender = nil # Skip session storage for the following strategies - mattr_accessor :skip_session_storage + # TODO: 4.1 Do: @@skip_session_storage = [:http_auth] + mattr_reader :skip_session_storage @@skip_session_storage = [] + def self.skip_session_storage=(skip_session_storage) + app_set_configs << :skip_session_storage + @@skip_session_storage = skip_session_storage + end + + def skip_session_storage=(skip_session_storage) + app_set_configs << :skip_session_storage + @@skip_session_storage = skip_session_storage + end + # Which formats should be treated as navigational. mattr_accessor :navigational_formats @@navigational_formats = ["*/*", :html] @@ -214,9 +264,20 @@ module Strategies @@sign_out_all_scopes = true # The default method used while signing out - mattr_accessor :sign_out_via + # TODO: 4.1 Do: @@sign_out_via = :delete + mattr_reader :sign_out_via @@sign_out_via = :get + def self.sign_out_via=(sign_out_via) + app_set_configs << :sign_out_via + @@sign_out_via = sign_out_via + end + + def sign_out_via=(sign_out_via) + app_set_configs << :sign_out_via + @@sign_out_via = sign_out_via + end + # The parent controller all Devise controllers inherits from. # Defaults to ApplicationController. This should be set early # in the initialization process and should be set to a string. @@ -280,6 +341,32 @@ module Strategies # a fresh initializer with all configuration values. def self.setup yield self + + warn_default_config_changed(:email_regexp, '/\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/', '/\A[^@\s]+@[^@\s]+\z/') + warn_default_config_changed(:reconfirmable, 'false', 'true') + warn_default_config_changed(:sign_out_via, ':get', ':delete') + warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]') + warn_default_config_changed(:strip_whitespace_keys, '[]', '[:email]') + end + + def self.warn_default_config_changed(config, current_default, new_default) + unless app_set_configs.include?(config) + warn = <<-MESSAGE.strip_heredoc + [Devise] config.#{config} will have a new default on Devise 4.1 + To keep the current behavior please set in your config/initializers/devise.rb the following: + + Devise.setup do |config| + config.#{config} = #{current_default} + end + + If you want to use the new default: + + Devise.setup do |config| + config.#{config} = #{new_default} + end + MESSAGE + ActiveSupport::Deprecation.warn(warn) + end end class Getter diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 600506486c..215c45fa44 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -148,12 +148,12 @@ # ==> Configuration for :validatable # Range for password length. - config.password_length = 8..72 + config.password_length = 6..128 # Email regex used to validate email formats. It simply asserts that # one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. - # config.email_regexp = /\A[^@]+@[^@]+\z/ + config.email_regexp = /\A[^@]+@[^@]+\z/ # ==> Configuration for :timeoutable # The time you want to timeout the user session without activity. After this diff --git a/test/devise_test.rb b/test/devise_test.rb index 519142ab4f..74018fed9e 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -35,6 +35,33 @@ class DeviseTest < ActiveSupport::TestCase end end + test 'setup block warns about defaults changing' do + Devise.app_set_configs = Set.new + + ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /email_regexp/ } + ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /reconfirmable/ } + ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ } + ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ } + ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /strip_whitespace_keys/ } + + Devise.setup do + end + end + + test 'setup block doest not warns when the change is explicit set' do + ActiveSupport::Deprecation.expects(:warn).never + + swap Devise, + email_regexp: /@/, + reconfirmable: false, + sign_out_via: :get, + skip_session_storage: [], + strip_whitespace_keys: [] do + Devise.setup do + end + end + end + test 'stores warden configuration' do assert_kind_of Devise::Delegator, Devise.warden_config.failure_app assert_equal :user, Devise.warden_config.default_scope From 016b216d95f8aae2757578eb5c8531fb0e93f3b7 Mon Sep 17 00:00:00 2001 From: MatBi Date: Mon, 18 Apr 2016 18:15:32 +0800 Subject: [PATCH 0887/1473] Change the name of variables to keep the tests consistent --- test/models/confirmable_test.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 847fe2f904..8199e83153 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -488,8 +488,8 @@ class ReconfirmableTest < ActiveSupport::TestCase end test 'should not require reconfirmation after creating a record' do - user = create_admin - assert !user.pending_reconfirmation? + admin = create_admin + assert !admin.pending_reconfirmation? end test 'should not require reconfirmation after creating a record with #save called in callback' do @@ -497,7 +497,7 @@ class Admin::WithSaveInCallback < Admin after_create :save end - user = Admin::WithSaveInCallback.create(valid_attributes.except(:username)) - assert !user.pending_reconfirmation? + admin = Admin::WithSaveInCallback.create(valid_attributes.except(:username)) + assert !admin.pending_reconfirmation? end end From 6f9561e64f4cac893782900a371098b4ad8ae646 Mon Sep 17 00:00:00 2001 From: MatBi Date: Mon, 18 Apr 2016 18:30:20 +0800 Subject: [PATCH 0888/1473] Refactor a test --- test/models/confirmable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 8199e83153..826e7bb758 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -114,7 +114,7 @@ def setup assert_email_not_sent do user.save! - assert !user.confirmed? + assert_not user.confirmed? end end From 3360b10c2fdb6b325a79101786d7c4c7c7237650 Mon Sep 17 00:00:00 2001 From: MatBi Date: Mon, 18 Apr 2016 19:32:54 +0800 Subject: [PATCH 0889/1473] Skip reconfirmation in case that a record is created with #save called in callback --- lib/devise/models/confirmable.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 0787acef22..1353369868 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -169,6 +169,7 @@ def skip_reconfirmation! # in models to map to a nice sign up e-mail. def send_on_create_confirmation_instructions send_confirmation_instructions + skip_reconfirmation! end # Callback to overwrite if confirmation is required or not. From 274f8f2f87d8033d0ad5da84ed397f76a23ba688 Mon Sep 17 00:00:00 2001 From: MatBi Date: Mon, 18 Apr 2016 19:35:56 +0800 Subject: [PATCH 0890/1473] Should send confirmation instructions after changing email from nil --- lib/devise/models/confirmable.rb | 4 ++-- test/models/confirmable_test.rb | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 1353369868..237ec67d13 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -254,13 +254,13 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token end def postpone_email_change? - postpone = self.class.reconfirmable && email_changed? && email_was.present? && !@bypass_confirmation_postpone && self.email.present? + postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present? @bypass_confirmation_postpone = false postpone end def reconfirmation_required? - self.class.reconfirmable && @reconfirmation_required && self.email.present? + self.class.reconfirmable && @reconfirmation_required && (self.email || self.unconfirmed_email) end def send_confirmation_notification? diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 826e7bb758..5baf252e76 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -401,6 +401,14 @@ class ReconfirmableTest < ActiveSupport::TestCase assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded end + test 'should send confirmation instructions by email after changing email from nil' do + admin = create_admin(email: nil) + assert_email_sent "new_test@example.com" do + assert admin.update_attributes(email: 'new_test@example.com') + end + assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded + end + test 'should not send confirmation by email after changing password' do admin = create_admin assert admin.confirm From 7d10019d2a0feaba26af875ed7a7b3e3f4a1a05d Mon Sep 17 00:00:00 2001 From: MatBi Date: Mon, 18 Apr 2016 19:52:31 +0800 Subject: [PATCH 0891/1473] Should check email present --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 237ec67d13..2d78013570 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -260,7 +260,7 @@ def postpone_email_change? end def reconfirmation_required? - self.class.reconfirmable && @reconfirmation_required && (self.email || self.unconfirmed_email) + self.class.reconfirmable && @reconfirmation_required && (self.email.present? || self.unconfirmed_email.present?) end def send_confirmation_notification? From 7a235849cff3f99d22a8e0818e76877fdfea2e4b Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Mon, 18 Apr 2016 11:14:01 -0300 Subject: [PATCH 0892/1473] Remove deprecated argument of `remember_me!` --- lib/devise/models/rememberable.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 222c740eda..61e6579edc 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -45,9 +45,7 @@ def self.required_fields(klass) [:remember_created_at] end - # TODO: We were used to receive a extend period argument but we no longer do. - # Remove this for Devise 4.0. - def remember_me!(*) + def remember_me! self.remember_token = self.class.remember_token if respond_to?(:remember_token) self.remember_created_at ||= Time.now.utc save(validate: false) if self.changed? From f38250245f2956ac88bbb81dd95cc37053338397 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Mon, 18 Apr 2016 11:46:21 -0300 Subject: [PATCH 0893/1473] :memo: Update CHANGELOG --- CHANGELOG.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e93759559..a6de58afce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,19 @@ ### Unreleased +* bug fixes + * Fix the `extend_remember_period` configuration. When set to `false` it does + not update the cookie expiration anymore.(by @ulissesalmeida) + * deprecations - * removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in! + * Added a warning of default value change in Devise 4.1 for users that uses + the the default configuration of the following configurations: (by @ulissesalmeida) + * `strip_whitespace_keys` - The default will be `[:email]`. + * `skip_session_storage` - The default will be `[:http_auth]`. + * `sign_out_via` - The default will be `:delete`. + * `reconfirmable` - The default will be `true`. + * `email_regexp` - The default will be `/\A[^@\s]+@[^@\s]+\z/`. + * Removed deprecated argument of `Devise::Models::Rememberable#remember_me!` (by @ulissesalmeida) + * Removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in! (by @bogdanvlviv) ### 4.0.0.rc2 - 2016-03-09 From 940ca4f2b82a2a4b7272a3d55e2bc51fc3702928 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 18 Apr 2016 11:52:49 -0300 Subject: [PATCH 0894/1473] Release 4.0.0. version. --- CHANGELOG.md | 2 ++ Gemfile.lock | 4 ++-- lib/devise/version.rb | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6de58afce..3d9058a3c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.0.0 - 2016-04-18 + * bug fixes * Fix the `extend_remember_period` configuration. When set to `false` it does not update the cookie expiration anymore.(by @ulissesalmeida) diff --git a/Gemfile.lock b/Gemfile.lock index 5e08cf5e3d..4bc66f6cf9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (4.0.0.rc2) + devise (4.0.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -138,7 +138,7 @@ GEM rake (11.0.1) rdoc (4.2.2) json (~> 1.4) - responders (2.1.1) + responders (2.1.2) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index df5ea76fe7..3407da4a38 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.0.0.rc2".freeze + VERSION = "4.0.0".freeze end From 9696d83e7d12e9c2a51e1597718cab80d5d37fc6 Mon Sep 17 00:00:00 2001 From: Yogesh Khater Date: Tue, 15 Dec 2015 16:51:32 +0530 Subject: [PATCH 0895/1473] Upgrade Mongoid to 5.0 --- Gemfile | 2 +- Gemfile.lock | 14 ++++++-------- test/support/mongoid.yml | 2 +- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/Gemfile b/Gemfile index 7ec502c514..97187bb975 100644 --- a/Gemfile +++ b/Gemfile @@ -25,5 +25,5 @@ platforms :ruby do end group :mongoid do - gem "mongoid", "~> 4.0" + gem "mongoid", "~> 5.0" end diff --git a/Gemfile.lock b/Gemfile.lock index 4bc66f6cf9..e3cc2f5a69 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -48,10 +48,10 @@ GEM tzinfo (~> 1.1) arel (6.0.3) bcrypt (3.1.11) - bson (3.2.6) builder (3.2.2) concurrent-ruby (1.0.1) connection_pool (2.2.0) + bson (4.0.0) erubis (2.7.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) @@ -71,15 +71,13 @@ GEM minitest (5.8.4) mocha (1.1.0) metaclass (~> 0.0.1) - mongoid (4.0.2) + mongo (2.2.0) + bson (~> 4.0) + mongoid (5.0.1) activemodel (~> 4.0) - moped (~> 2.0.0) + mongo (~> 2.1) origin (~> 2.1) tzinfo (>= 0.3.37) - moped (2.0.7) - bson (~> 3.0) - connection_pool (~> 2.0) - optionable (~> 0.2.0) multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) @@ -169,8 +167,8 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 1.1) - mongoid (~> 4.0) omniauth (~> 1.3) + mongoid (~> 5.0) omniauth-facebook omniauth-oauth2 (~> 1.4) omniauth-openid (~> 1.0.1) diff --git a/test/support/mongoid.yml b/test/support/mongoid.yml index 243ca14392..cfd0124e25 100644 --- a/test/support/mongoid.yml +++ b/test/support/mongoid.yml @@ -1,5 +1,5 @@ test: - sessions: + <%= Mongoid::VERSION.to_i > 4 ? 'clients' : 'sessions' %>: default: database: devise-test-suite hosts: From 26b17abb012ce9252452fe45c77b495e0e7dec68 Mon Sep 17 00:00:00 2001 From: Cade Scroggins Date: Wed, 20 Apr 2016 16:27:42 -0500 Subject: [PATCH 0896/1473] Remove attribute_will_change! method as it is unnecessary --- lib/devise/models/database_authenticatable.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 2816a813ad..fcf0c902f1 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -41,7 +41,6 @@ def self.required_fields(klass) # For legacy reasons, we use `encrypted_password` to store # the hashed password. def password=(new_password) - attribute_will_change! 'password' @password = new_password self.encrypted_password = password_digest(@password) if @password.present? end From eba2527b8e730907c51da8eceaa9b996b865523a Mon Sep 17 00:00:00 2001 From: Damir Zekic Date: Wed, 20 Apr 2016 23:53:37 -0300 Subject: [PATCH 0897/1473] Make reloading of routes optional As has been seen in a previous pull request, some applications require routes to be loaded before the code is eagerly loaded, which implies that all Rails applications using Devise need to have routes reloaded twice: https://github.com/plataformatec/devise/pull/3241 This can incur a very significant slowdown for large apps that have a lot of routes or a lot of controllers, so reloading should be optional. --- lib/devise.rb | 4 ++++ lib/devise/rails.rb | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 88e0d61b62..8e1aa32fb0 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -304,6 +304,10 @@ def sign_out_via=(sign_out_via) mattr_accessor :clean_up_csrf_token_on_authentication @@clean_up_csrf_token_on_authentication = true + # When false, Devise will not attempt to reload routes on eager load + mattr_accessor :reload_routes + @@reload_routes = true + # PRIVATE CONFIGURATION # Store scopes mappings. diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 1071d185f5..6321c71d70 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -11,7 +11,9 @@ class Engine < ::Rails::Engine end # Force routes to be loaded if we are doing any eager load. - config.before_eager_load { |app| app.reload_routes! } + config.before_eager_load do |app| + app.reload_routes! if Devise.reload_routes + end initializer "devise.url_helpers" do Devise.include_helpers(Devise::Controllers) From 90acc6fc23b0bd000f86ba563075ce59393775b9 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Fri, 22 Apr 2016 20:36:55 -0300 Subject: [PATCH 0898/1473] Change the check for `permit!` method We are using the `permit!` method, we should check for `permit!`. --- lib/devise/models/authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index c313fb342c..d66c3340b4 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -253,7 +253,7 @@ def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc: # Find or initialize a record with group of attributes based on a list of required attributes. def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc: - attributes = if attributes.respond_to? :permit + attributes = if attributes.respond_to? :permit! attributes.slice(*required_attributes).permit!.to_h.with_indifferent_access else attributes.with_indifferent_access.slice(*required_attributes) From 4da955d9cd1aa0b726c3a2c5f6335911984a653a Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Mon, 25 Apr 2016 17:06:05 -0300 Subject: [PATCH 0899/1473] Release 4.0.1 --- CHANGELOG.md | 8 ++++++++ Gemfile.lock | 8 +++----- lib/devise/version.rb | 2 +- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d9058a3c5..11e74bf7c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ ### Unreleased +### 4.0.1 - 2016-04-25 + +* bug fixes + * Fix the e-mail confirmation instructions send when a user updates the email + address from nil. (by @lmduc) + * Remove unnecessary `attribute_will_change!` call. (by @cadejscroggins) + * Consistent `permit!` check. (by @ulissesalmeida) + ### 4.0.0 - 2016-04-18 * bug fixes diff --git a/Gemfile.lock b/Gemfile.lock index e3cc2f5a69..55f456ec49 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (4.0.0) + devise (4.0.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -48,10 +48,9 @@ GEM tzinfo (~> 1.1) arel (6.0.3) bcrypt (3.1.11) + bson (4.0.0) builder (3.2.2) concurrent-ruby (1.0.1) - connection_pool (2.2.0) - bson (4.0.0) erubis (2.7.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) @@ -100,7 +99,6 @@ GEM omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - optionable (0.2.0) origin (2.2.0) orm_adapter (0.5.0) rack (1.6.4) @@ -167,8 +165,8 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 1.1) - omniauth (~> 1.3) mongoid (~> 5.0) + omniauth (~> 1.3) omniauth-facebook omniauth-oauth2 (~> 1.4) omniauth-openid (~> 1.0.1) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 3407da4a38..11e5a2d4cc 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.0.0".freeze + VERSION = "4.0.1".freeze end From 209b97d86b88f58e460d968d0d442d8d6e911495 Mon Sep 17 00:00:00 2001 From: Philipe Fatio Date: Tue, 26 Apr 2016 16:10:55 +0200 Subject: [PATCH 0900/1473] Remove upgrade path for old session format (#4032) This removes an upgrade path that migrated the old serialization format to the new one introduced. This was introduced in c22d755 (#2300) 3 years ago and should no longer be needed. --- CHANGELOG.md | 2 ++ lib/devise.rb | 5 +--- test/integration/authenticatable_test.rb | 31 ------------------------ 3 files changed, 3 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11e74bf7c3..9c39aceade 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +* Remove code supporting old session serialization format (by @fphilipe). + ### 4.0.1 - 2016-04-25 * bug fixes diff --git a/lib/devise.rb b/lib/devise.rb index 88e0d61b62..9aa44d8a36 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -543,10 +543,7 @@ def self.configure_warden! #:nodoc: mapping.to.serialize_into_session(record) end - warden_config.serialize_from_session(mapping.name) do |key| - # Previous versions contained an additional entry at the beginning of - # key with the record's class name. - args = key[-2, 2] + warden_config.serialize_from_session(mapping.name) do |args| mapping.to.serialize_from_session(*args) end end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 10e090172e..2e3ce268f6 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -347,37 +347,6 @@ class AuthenticationSessionTest < Devise::IntegrationTest assert_equal "Cart", @controller.user_session[:cart] end - test 'does not explode when class name is still stored in session' do - # In order to test that old sessions do not break with the new scoped - # deserialization, we need to serialize the session the old way. This is - # done by removing the newly used scoped serialization method - # (#user_serialize) and bringing back the old uncsoped #serialize method - # that includes the record's class name in the serialization. - begin - Warden::SessionSerializer.class_eval do - alias_method :original_serialize, :serialize - alias_method :original_user_serialize, :user_serialize - remove_method :user_serialize - - def serialize(record) - klass = record.class - array = klass.serialize_into_session(record) - array.unshift(klass.name) - end - end - - sign_in_as_user - assert warden.authenticated?(:user) - ensure - Warden::SessionSerializer.class_eval do - alias_method :serialize, :original_serialize - remove_method :original_serialize - alias_method :user_serialize, :original_user_serialize - remove_method :original_user_serialize - end - end - end - test 'session id is changed on sign in' do get '/users' session_id = request.session["session_id"] From 830d3e86ee9541b1f8a9ddddd176bba35e0a0e68 Mon Sep 17 00:00:00 2001 From: kimgb Date: Wed, 27 Apr 2016 00:13:07 +1000 Subject: [PATCH 0901/1473] updated email_regexp and added test cases (#4001) Add a more permissive default e-mail regex. --- lib/devise.rb | 22 +++++----------------- lib/generators/templates/devise.rb | 2 +- test/devise_test.rb | 8 +++----- test/models/validatable_test.rb | 2 +- 4 files changed, 10 insertions(+), 24 deletions(-) mode change 100644 => 100755 lib/devise.rb mode change 100644 => 100755 lib/generators/templates/devise.rb mode change 100644 => 100755 test/devise_test.rb diff --git a/lib/devise.rb b/lib/devise.rb old mode 100644 new mode 100755 index 9aa44d8a36..9ac71a7579 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -118,22 +118,11 @@ def strip_whitespace_keys=(strip_whitespace_keys) mattr_accessor :http_authentication_realm @@http_authentication_realm = "Application" - # Email regex used to validate email formats. It simply asserts that - # an one (and only one) @ exists in the given string. This is mainly - # to give user feedback and not to assert the e-mail validity. - # TODO: 4.1 Do: @@email_regexp = [/\A[^@\s]+@[^@\s]+\z/] - mattr_reader :email_regexp - @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/ - - def self.email_regexp=(email_regexp) - app_set_configs << :email_regexp - @@email_regexp = email_regexp - end - - def email_regexp=(email_regexp) - app_set_configs << :email_regexp - @@email_regexp = email_regexp - end + # Email regex used to validate email formats. It asserts that there are no + # @ symbols or whitespaces in either the localpart or the domain, and that + # there is a single @ symbol separating the localpart and the domain. + mattr_accessor :email_regexp + @@email_regexp = /\A[^@\s]+@[^@\s]+\z/ # Range validation for password length mattr_accessor :password_length @@ -341,7 +330,6 @@ def sign_out_via=(sign_out_via) def self.setup yield self - warn_default_config_changed(:email_regexp, '/\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/', '/\A[^@\s]+@[^@\s]+\z/') warn_default_config_changed(:reconfirmable, 'false', 'true') warn_default_config_changed(:sign_out_via, ':get', ':delete') warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]') diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb old mode 100644 new mode 100755 index 215c45fa44..c6ed2143fe --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -153,7 +153,7 @@ # Email regex used to validate email formats. It simply asserts that # one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. - config.email_regexp = /\A[^@]+@[^@]+\z/ + config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ # ==> Configuration for :timeoutable # The time you want to timeout the user session without activity. After this diff --git a/test/devise_test.rb b/test/devise_test.rb old mode 100644 new mode 100755 index 74018fed9e..1392dc63d0 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -37,8 +37,7 @@ class DeviseTest < ActiveSupport::TestCase test 'setup block warns about defaults changing' do Devise.app_set_configs = Set.new - - ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /email_regexp/ } + ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /reconfirmable/ } ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ } ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ } @@ -52,7 +51,6 @@ class DeviseTest < ActiveSupport::TestCase ActiveSupport::Deprecation.expects(:warn).never swap Devise, - email_regexp: /@/, reconfirmable: false, sign_out_via: :get, skip_session_storage: [], @@ -121,8 +119,8 @@ class DeviseTest < ActiveSupport::TestCase end test 'Devise.email_regexp should match valid email addresses' do - valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua"] - non_valid_emails = ["rex", "test@go,com", "test user@example.com", "test_user@example server.com", "test_user@example.com."] + valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua", "test@tt", "test@valid---domain.com"] + non_valid_emails = ["rex", "test user@example.com", "test_user@example server.com"] valid_emails.each do |email| assert_match Devise.email_regexp, email diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 83f8a4301e..0491297b38 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -29,7 +29,7 @@ class ValidatableTest < ActiveSupport::TestCase assert user.invalid? assert_not_equal 'is invalid', user.errors[:email].join - %w{invalid_email_format 123 $$$ () ☃ bla@bla.}.each do |email| + %w{invalid_email_format 123 $$$ () ☃}.each do |email| user.email = email assert user.invalid?, 'should be invalid with email ' << email assert_equal 'is invalid', user.errors[:email].join From 357ce9c3b50476b61c2ee224c9403241e7d6f5d7 Mon Sep 17 00:00:00 2001 From: byzg Date: Tue, 26 Apr 2016 17:17:03 +0300 Subject: [PATCH 0902/1473] Humanize authentication keys in failure flash message (#4014) Humanize and translates the authentication keys in failure flash message. --- lib/devise/failure_app.rb | 2 +- test/failure_app_test.rb | 10 +++++----- test/integration/authenticatable_test.rb | 4 ++-- test/integration/confirmable_test.rb | 2 +- test/integration/database_authenticatable_test.rb | 2 +- test/integration/http_authenticatable_test.rb | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 1ce30140aa..82a201f29e 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -103,7 +103,7 @@ def i18n_message(default = nil) options[:scope] = "devise.failure" options[:default] = [message] auth_keys = scope_class.authentication_keys - keys = auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys + keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) } options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector")) options = i18n_options(options) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 524850eb70..dd400d75fe 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -133,14 +133,14 @@ def call_failure(env_params={}) test 'uses the proxy failure message as symbol' do call_failure('warden' => OpenStruct.new(message: :invalid)) - assert_equal 'Invalid email or password.', @request.flash[:alert] + assert_equal 'Invalid Email or password.', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'supports authentication_keys as a Hash for the flash message' do swap Devise, authentication_keys: { email: true, login: true } do call_failure('warden' => OpenStruct.new(message: :invalid)) - assert_equal 'Invalid email, login or password.', @request.flash[:alert] + assert_equal 'Invalid Email, Login or password.', @request.flash[:alert] end end @@ -226,7 +226,7 @@ def call_failure(env_params={}) test 'uses the failure message as response body' do call_failure('formats' => Mime[:xml], 'warden' => OpenStruct.new(message: :invalid)) - assert_match 'Invalid email or password.', @response.third.body + assert_match 'Invalid Email or password.', @response.third.body end context 'on ajax call' do @@ -275,7 +275,7 @@ def call_failure(env_params={}) } call_failure(env) assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('Invalid email or password.') + assert @response.third.body.include?('Invalid Email or password.') end test 'calls the original controller if not confirmed email' do @@ -310,7 +310,7 @@ def call_failure(env_params={}) } call_failure(env) assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('Invalid email or password.') + assert @response.third.body.include?('Invalid Email or password.') assert_equal @request.env["SCRIPT_NAME"], '/sample' assert_equal @request.env["PATH_INFO"], '/users/sign_in' end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 2e3ce268f6..3545c053aa 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -549,7 +549,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest test 'missing authentication keys cause authentication to abort' do swap Devise, authentication_keys: [:subdomain] do sign_in_as_user - assert_contain "Invalid subdomain or password." + assert_contain "Invalid Subdomain or password." assert_not warden.authenticated?(:user) end end @@ -588,7 +588,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest swap Devise, request_keys: [:subdomain] do sign_in_as_user - assert_contain "Invalid email or password." + assert_contain "Invalid Email or password." assert_not warden.authenticated?(:user) end end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 5241517a66..4fdf749bc5 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -140,7 +140,7 @@ def resend_confirmation fill_in 'password', with: 'invalid' end - assert_contain 'Invalid email or password' + assert_contain 'Invalid Email or password' assert_not warden.authenticated?(:user) end end diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 578eb4de83..659f20b675 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -68,7 +68,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'password', with: 'abcdef' end - assert_contain 'Invalid email or password' + assert_contain 'Invalid Email or password' assert_not warden.authenticated?(:admin) end diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 7efdafe8c8..37c17efbee 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -42,7 +42,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest sign_in_as_new_user_with_http("unknown") assert_equal 401, status assert_equal "application/xml; charset=utf-8", headers["Content-Type"] - assert_match "Invalid email or password.", response.body + assert_match "Invalid Email or password.", response.body end test 'returns a custom response with www-authenticate and chosen realm' do From 0c1a14e8f251ea9dd28c467f48877fcaaf5c3a14 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Tue, 26 Apr 2016 11:32:15 -0300 Subject: [PATCH 0903/1473] :memo: Update the CHANGELOG --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c39aceade..e8625d267c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ ### Unreleased -* Remove code supporting old session serialization format (by @fphilipe). +* features + * Humanize authentication keys in failure flash message (by @byzg) + When you are configuring the translations of `devise.failure.invalid`, the + `authentication_keys` is translated now. +* deprecations + * Remove code supporting old session serialization format (by @fphilipe). + * Now the `email_regexp` default uses a more permissive regex: + `/\A[^@\s]+@[^@\s]+\z/` (by @kimgb) ### 4.0.1 - 2016-04-25 From eaa4713e22ecf17b2c7e3c21985f7ba72e14b51d Mon Sep 17 00:00:00 2001 From: Sam Clegg Date: Tue, 26 Apr 2016 15:16:11 -0400 Subject: [PATCH 0904/1473] Consistent use of save method --- lib/devise/models/lockable.rb | 2 +- lib/devise/models/recoverable.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 38b5fd5ce8..9522dc079d 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -64,7 +64,7 @@ def access_locked? def send_unlock_instructions raw, enc = Devise.token_generator.generate(self.class, :unlock_token) self.unlock_token = enc - self.save(validate: false) + save(validate: false) send_devise_notification(:unlock_instructions, raw, {}) raw end diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 94407e1ed2..4ee8378f05 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -99,7 +99,7 @@ def set_reset_password_token self.reset_password_token = enc self.reset_password_sent_at = Time.now.utc - self.save(validate: false) + save(validate: false) raw end From d122faf410e0d6f7589adf9aa624ea4ee5bff8b9 Mon Sep 17 00:00:00 2001 From: Sam Clegg Date: Wed, 27 Apr 2016 00:03:49 -0400 Subject: [PATCH 0905/1473] Use friendly_token over token_generator when only raw value is needed The first value returned by token_generator.generate is simply the return value of friendly_token so this code should be equivalent. The use of token_generator here dates back to when the confirmation_token was stored as a digest, but that is no longer true. --- lib/devise/models/confirmable.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 2d78013570..02f4847ba5 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -235,8 +235,7 @@ def generate_confirmation_token if self.confirmation_token && !confirmation_period_expired? @raw_confirmation_token = self.confirmation_token else - raw, _ = Devise.token_generator.generate(self.class, :confirmation_token) - self.confirmation_token = @raw_confirmation_token = raw + self.confirmation_token = @raw_confirmation_token = Devise.friendly_token self.confirmation_sent_at = Time.now.utc end end From 2040b021e15ae8807187c25924148cecffedb02d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 29 Apr 2016 16:20:01 -0300 Subject: [PATCH 0906/1473] Extend the deprecation horizon for the ParameterSanitizer and the OmniAuth helpers. --- lib/devise/omniauth/url_helpers.rb | 8 ++++---- lib/devise/parameter_sanitizer.rb | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/devise/omniauth/url_helpers.rb b/lib/devise/omniauth/url_helpers.rb index da6cc63426..d3e1e678be 100644 --- a/lib/devise/omniauth/url_helpers.rb +++ b/lib/devise/omniauth/url_helpers.rb @@ -9,7 +9,7 @@ def self.define_helpers(mapping) class_eval do define_method("#{mapping}_omniauth_authorize_path") do |provider, *args| ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) - [Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1. + [Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2. Please use #{mapping}_#{provider}_omniauth_authorize_path instead. DEPRECATION @@ -18,7 +18,7 @@ def self.define_helpers(mapping) define_method("#{mapping}_omniauth_authorize_url") do |provider, *args| ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) - [Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1. + [Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2. Please use #{mapping}_#{provider}_omniauth_authorize_url instead. DEPRECATION @@ -27,7 +27,7 @@ def self.define_helpers(mapping) define_method("#{mapping}_omniauth_callback_path") do |provider, *args| ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) - [Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1. + [Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2. Please use #{mapping}_#{provider}_omniauth_callback_path instead. DEPRECATION @@ -36,7 +36,7 @@ def self.define_helpers(mapping) define_method("#{mapping}_omniauth_callback_url") do |provider, *args| ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) - [Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1. + [Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2. Please use #{mapping}_#{provider}_omniauth_callback_url instead. DEPRECATION diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 358b95e584..fc08d3c9ac 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -68,7 +68,7 @@ def initialize(resource_class, resource_name, params) def sanitize(action) permissions = @permitted[action] - # DEPRECATED: Remove this branch on Devise 4.1. + # DEPRECATED: Remove this branch on Devise 4.2. if respond_to?(action, true) deprecate_instance_method_sanitization(action) return cast_to_hash send(action) @@ -127,7 +127,7 @@ def permit(action, keys: nil, except: nil, &block) end end - # DEPRECATED: Remove this method on Devise 4.1. + # DEPRECATED: Remove this method on Devise 4.2. def for(action, &block) # :nodoc: if block_given? deprecate_for_with_block(action) @@ -175,7 +175,7 @@ def unknown_action!(action) def deprecate_for_with_block(action) ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) - [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.1. + [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2. Please use the `permit` method: devise_parameter_sanitizer.permit(:#{action}) do |user| @@ -186,7 +186,7 @@ def deprecate_for_with_block(action) def deprecate_for_without_block(action) ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) - [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.1. + [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2. Please use the `permit` method to add or remove any key: To add any new key, use the `keys` keyword argument: @@ -199,7 +199,7 @@ def deprecate_for_without_block(action) def deprecate_instance_method_sanitization(action) ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) - [Devise] Parameter sanitization through a "#{self.class.name}##{action}" method is deprecated and it will be removed from Devise 4.1. + [Devise] Parameter sanitization through a "#{self.class.name}##{action}" method is deprecated and it will be removed from Devise 4.2. Please use the `permit` method on your sanitizer `initialize` method. class #{self.class.name} < Devise::ParameterSanitizer From 93df02f6014fcdd4bae90ae07d8d5ea63717a30e Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Tue, 26 Apr 2016 15:36:15 -0300 Subject: [PATCH 0907/1473] Set the new default for strip_whitespace_keys config --- lib/devise.rb | 16 ++-------------- test/devise_test.rb | 6 ++---- 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 9ac71a7579..dae7bda6b0 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -88,19 +88,8 @@ module Strategies @@case_insensitive_keys = [:email] # Keys that should have whitespace stripped. - # TODO: 4.1 Do: @@strip_whitespace_keys = [:email] - mattr_reader :strip_whitespace_keys - @@strip_whitespace_keys = [] - - def self.strip_whitespace_keys=(strip_whitespace_keys) - app_set_configs << :strip_whitespace_keys - @@strip_whitespace_keys = strip_whitespace_keys - end - - def strip_whitespace_keys=(strip_whitespace_keys) - app_set_configs << :strip_whitespace_keys - @@strip_whitespace_keys = strip_whitespace_keys - end + mattr_accessor :strip_whitespace_keys + @@strip_whitespace_keys = [:email] # If http authentication is enabled by default. mattr_accessor :http_authenticatable @@ -333,7 +322,6 @@ def self.setup warn_default_config_changed(:reconfirmable, 'false', 'true') warn_default_config_changed(:sign_out_via, ':get', ':delete') warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]') - warn_default_config_changed(:strip_whitespace_keys, '[]', '[:email]') end def self.warn_default_config_changed(config, current_default, new_default) diff --git a/test/devise_test.rb b/test/devise_test.rb index 1392dc63d0..fe75a45af1 100755 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -37,11 +37,10 @@ class DeviseTest < ActiveSupport::TestCase test 'setup block warns about defaults changing' do Devise.app_set_configs = Set.new - + ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /reconfirmable/ } ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ } ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ } - ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /strip_whitespace_keys/ } Devise.setup do end @@ -53,8 +52,7 @@ class DeviseTest < ActiveSupport::TestCase swap Devise, reconfirmable: false, sign_out_via: :get, - skip_session_storage: [], - strip_whitespace_keys: [] do + skip_session_storage: [] do Devise.setup do end end From 6e419ce82178bf5d702992922946ae85ffd62d08 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Tue, 26 Apr 2016 18:02:51 -0300 Subject: [PATCH 0908/1473] Set the new default for reconfirmable config --- lib/devise.rb | 17 ++--------------- test/devise_test.rb | 2 -- test/rails_app/lib/shared_user.rb | 3 ++- .../lib/shared_user_without_omniauth.rb | 2 +- 4 files changed, 5 insertions(+), 19 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index dae7bda6b0..bce7e94c51 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -143,20 +143,8 @@ module Strategies @@confirmation_keys = [:email] # Defines if email should be reconfirmable. - # False by default for backwards compatibility. - # TODO: 4.1 Do: @@reconfirmable = true - mattr_reader :reconfirmable - @@reconfirmable = false - - def self.reconfirmable=(reconfirmable) - app_set_configs << :reconfirmable - @@reconfirmable = reconfirmable - end - - def reconfirmable=(reconfirmable) - app_set_configs << :reconfirmable - @@reconfirmable = reconfirmable - end + mattr_accessor :reconfirmable + @@reconfirmable = true # Time interval to timeout the user session without activity. mattr_accessor :timeout_in @@ -319,7 +307,6 @@ def sign_out_via=(sign_out_via) def self.setup yield self - warn_default_config_changed(:reconfirmable, 'false', 'true') warn_default_config_changed(:sign_out_via, ':get', ':delete') warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]') end diff --git a/test/devise_test.rb b/test/devise_test.rb index fe75a45af1..4c0b1efec9 100755 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -38,7 +38,6 @@ class DeviseTest < ActiveSupport::TestCase test 'setup block warns about defaults changing' do Devise.app_set_configs = Set.new - ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /reconfirmable/ } ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ } ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ } @@ -50,7 +49,6 @@ class DeviseTest < ActiveSupport::TestCase ActiveSupport::Deprecation.expects(:warn).never swap Devise, - reconfirmable: false, sign_out_via: :get, skip_session_storage: [] do Devise.setup do diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index 9d7cac2146..c3b023a421 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -4,7 +4,8 @@ module SharedUser included do devise :database_authenticatable, :confirmable, :lockable, :recoverable, :registerable, :rememberable, :timeoutable, - :trackable, :validatable, :omniauthable, password_length: 7..72 + :trackable, :validatable, :omniauthable, password_length: 7..72, + reconfirmable: false attr_accessor :other_key diff --git a/test/rails_app/lib/shared_user_without_omniauth.rb b/test/rails_app/lib/shared_user_without_omniauth.rb index df145e3506..7f0396c0a6 100644 --- a/test/rails_app/lib/shared_user_without_omniauth.rb +++ b/test/rails_app/lib/shared_user_without_omniauth.rb @@ -4,7 +4,7 @@ module SharedUserWithoutOmniauth included do devise :database_authenticatable, :confirmable, :lockable, :recoverable, :registerable, :rememberable, :timeoutable, - :trackable, :validatable + :trackable, :validatable, reconfirmable: false end def raw_confirmation_token From 896521be73095c53291df56fc1ab4f51c9a5eb6e Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Tue, 26 Apr 2016 18:11:54 -0300 Subject: [PATCH 0909/1473] Se the new default for skip_session_storage config --- lib/devise.rb | 16 ++-------------- test/devise_test.rb | 9 +++------ test/integration/http_authenticatable_test.rb | 14 ++++++++------ 3 files changed, 13 insertions(+), 26 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index bce7e94c51..05b5289641 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -206,19 +206,8 @@ module Strategies @@mailer_sender = nil # Skip session storage for the following strategies - # TODO: 4.1 Do: @@skip_session_storage = [:http_auth] - mattr_reader :skip_session_storage - @@skip_session_storage = [] - - def self.skip_session_storage=(skip_session_storage) - app_set_configs << :skip_session_storage - @@skip_session_storage = skip_session_storage - end - - def skip_session_storage=(skip_session_storage) - app_set_configs << :skip_session_storage - @@skip_session_storage = skip_session_storage - end + mattr_accessor :skip_session_storage + @@skip_session_storage = [:http_auth] # Which formats should be treated as navigational. mattr_accessor :navigational_formats @@ -308,7 +297,6 @@ def self.setup yield self warn_default_config_changed(:sign_out_via, ':get', ':delete') - warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]') end def self.warn_default_config_changed(config, current_default, new_default) diff --git a/test/devise_test.rb b/test/devise_test.rb index 4c0b1efec9..60f351bd44 100755 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -39,7 +39,6 @@ class DeviseTest < ActiveSupport::TestCase Devise.app_set_configs = Set.new ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ } - ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ } Devise.setup do end @@ -48,11 +47,9 @@ class DeviseTest < ActiveSupport::TestCase test 'setup block doest not warns when the change is explicit set' do ActiveSupport::Deprecation.expects(:warn).never - swap Devise, - sign_out_via: :get, - skip_session_storage: [] do - Devise.setup do - end + swap Devise, sign_out_via: :get do + Devise.setup do + end end end diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 37c17efbee..a57901ccc3 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -11,13 +11,15 @@ class HttpAuthenticationTest < Devise::IntegrationTest end test 'sign in should authenticate with http' do - sign_in_as_new_user_with_http - assert_response 200 - assert_match 'user@test.com', response.body - assert warden.authenticated?(:user) + swap Devise, skip_session_storage: [] do + sign_in_as_new_user_with_http + assert_response 200 + assert_match 'user@test.com', response.body + assert warden.authenticated?(:user) - get users_path(format: :xml) - assert_response 200 + get users_path(format: :xml) + assert_response 200 + end end test 'sign in should authenticate with http but not emit a cookie if skipping session storage' do From 1ddca80cee2703f433d5724e585583c4bff95076 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Tue, 26 Apr 2016 19:12:05 -0300 Subject: [PATCH 0910/1473] Set the new default of sign_out_via config --- lib/devise.rb | 17 ++-------------- test/devise_test.rb | 18 ---------------- test/integration/authenticatable_test.rb | 26 ++++++++++++------------ test/integration/rememberable_test.rb | 2 +- test/integration/timeoutable_test.rb | 2 +- test/integration/trackable_test.rb | 6 +++--- test/mapping_test.rb | 4 ++-- test/rails_app/config/routes.rb | 1 + test/routes_test.rb | 4 ++-- 9 files changed, 25 insertions(+), 55 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 05b5289641..2545675243 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -218,19 +218,8 @@ module Strategies @@sign_out_all_scopes = true # The default method used while signing out - # TODO: 4.1 Do: @@sign_out_via = :delete - mattr_reader :sign_out_via - @@sign_out_via = :get - - def self.sign_out_via=(sign_out_via) - app_set_configs << :sign_out_via - @@sign_out_via = sign_out_via - end - - def sign_out_via=(sign_out_via) - app_set_configs << :sign_out_via - @@sign_out_via = sign_out_via - end + mattr_accessor :sign_out_via + @@sign_out_via = :delete # The parent controller all Devise controllers inherits from. # Defaults to ApplicationController. This should be set early @@ -295,8 +284,6 @@ def sign_out_via=(sign_out_via) # a fresh initializer with all configuration values. def self.setup yield self - - warn_default_config_changed(:sign_out_via, ':get', ':delete') end def self.warn_default_config_changed(config, current_default, new_default) diff --git a/test/devise_test.rb b/test/devise_test.rb index 60f351bd44..d59deb78cf 100755 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -35,24 +35,6 @@ class DeviseTest < ActiveSupport::TestCase end end - test 'setup block warns about defaults changing' do - Devise.app_set_configs = Set.new - - ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ } - - Devise.setup do - end - end - - test 'setup block doest not warns when the change is explicit set' do - ActiveSupport::Deprecation.expects(:warn).never - - swap Devise, sign_out_via: :get do - Devise.setup do - end - end - end - test 'stores warden configuration' do assert_kind_of Devise::Delegator, Devise.warden_config.failure_app assert_equal :user, Devise.warden_config.default_scope diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 3545c053aa..099206f728 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -30,7 +30,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest swap Devise, sign_out_all_scopes: false do sign_in_as_user sign_in_as_admin - get destroy_user_session_path + delete destroy_user_session_path assert_not warden.authenticated?(:user) assert warden.authenticated?(:admin) end @@ -41,7 +41,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_user sign_in_as_admin - get destroy_admin_session_path + delete destroy_admin_session_path assert_not warden.authenticated?(:admin) assert warden.authenticated?(:user) end @@ -52,7 +52,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_user sign_in_as_admin - get destroy_user_session_path + delete destroy_user_session_path assert_not warden.authenticated?(:user) assert_not warden.authenticated?(:admin) end @@ -63,7 +63,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_user sign_in_as_admin - get destroy_admin_session_path + delete destroy_admin_session_path assert_not warden.authenticated?(:admin) assert_not warden.authenticated?(:user) end @@ -109,7 +109,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin assert warden.authenticated?(:admin) - get destroy_admin_session_path + delete destroy_admin_session_path assert_response :redirect assert_redirected_to root_path @@ -119,7 +119,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest end test 'unauthenticated admin set message on sign out' do - get destroy_admin_session_path + delete destroy_admin_session_path assert_response :redirect assert_redirected_to root_path @@ -501,34 +501,34 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'sign out with html redirects' do sign_in_as_user - get destroy_user_session_path + delete destroy_user_session_path assert_response :redirect assert_current_url '/' sign_in_as_user - get destroy_user_session_path(format: 'html') + delete destroy_user_session_path(format: 'html') assert_response :redirect assert_current_url '/' end test 'sign out with xml format returns no content' do sign_in_as_user - get destroy_user_session_path(format: 'xml') + delete destroy_user_session_path(format: 'xml') assert_response :no_content assert_not warden.authenticated?(:user) end test 'sign out with json format returns no content' do sign_in_as_user - get destroy_user_session_path(format: 'json') + delete destroy_user_session_path(format: 'json') assert_response :no_content assert_not warden.authenticated?(:user) end test 'sign out with non-navigational format via XHR does not redirect' do swap Devise, navigational_formats: ['*/*', :html] do - sign_in_as_user - get destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. + sign_in_as_admin + get destroy_sign_out_via_get_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. assert_response :no_content assert_not warden.authenticated?(:user) end @@ -538,7 +538,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'sign out with navigational format via XHR does redirect' do swap Devise, navigational_formats: ['*/*', :html] do sign_in_as_user - get destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" } + delete destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" } assert_response :redirect assert_not warden.authenticated?(:user) end diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 0cb43ea788..fc6900df3e 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -182,7 +182,7 @@ def cookie_expires(key) get users_path assert warden.authenticated?(:user) - get destroy_user_session_path + delete destroy_user_session_path assert_not warden.authenticated?(:user) assert_nil warden.cookies['remember_user_token'] diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index f34eaa7e47..1458495e4d 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -89,7 +89,7 @@ def last_request_at user = sign_in_as_user get expire_user_path(user) - get destroy_user_session_path + delete destroy_user_session_path assert_response :redirect assert_redirected_to root_path diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index 4089dd5823..4337f15353 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -16,7 +16,7 @@ class TrackableHooksTest < Devise::IntegrationTest assert_equal user.current_sign_in_at, user.last_sign_in_at assert user.current_sign_in_at >= user.created_at - visit destroy_user_session_path + delete destroy_user_session_path new_time = 2.seconds.from_now Time.stubs(:now).returns(new_time) @@ -56,7 +56,7 @@ class TrackableHooksTest < Devise::IntegrationTest user.reload assert_equal 1, user.sign_in_count - visit destroy_user_session_path + delete destroy_user_session_path sign_in_as_user user.reload assert_equal 2, user.sign_in_count @@ -80,7 +80,7 @@ class TrackableHooksTest < Devise::IntegrationTest end user.reload assert_equal 0, user.sign_in_count - visit destroy_user_session_path + delete destroy_user_session_path sign_in_as_user do header 'devise.skip_trackable', false diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 2159997c58..8c69981d2c 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -35,8 +35,8 @@ def fake_request(path, params={}) assert_equal [], Devise.mappings[:skip_admin].used_routes end - test 'sign_out_via defaults to :get' do - assert_equal :get, Devise.mappings[:user].sign_out_via + test 'sign_out_via defaults to :delete' do + assert_equal :delete, Devise.mappings[:user].sign_out_via end test 'allows custom sign_out_via to be given' do diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 22365880c1..fb33154f01 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -114,6 +114,7 @@ namespace :sign_out_via, module: "devise" do devise_for :deletes, sign_out_via: :delete, class_name: "Admin" devise_for :posts, sign_out_via: :post, class_name: "Admin" + devise_for :gets, sign_out_via: :get, class_name: "Admin" devise_for :delete_or_posts, sign_out_via: [:delete, :post], class_name: "Admin" end diff --git a/test/routes_test.rb b/test/routes_test.rb index 9589d60536..8502f5528a 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -14,7 +14,7 @@ class DefaultRoutingTest < ActionController::TestCase end test 'map destroy user session' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/sign_out', method: :get}) + assert_recognizes({controller: 'devise/sessions', action: 'destroy'}, {path: 'users/sign_out', method: :delete}) assert_named_route "/users/sign_out", :destroy_user_session_path end @@ -146,7 +146,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'map account with custom path name for session sign out' do - assert_recognizes({controller: 'devise/sessions', action: 'destroy', locale: 'en'}, '/en/accounts/logout') + assert_recognizes({controller: 'devise/sessions', action: 'destroy', locale: 'en'}, {path: '/en/accounts/logout', method: :delete }) end test 'map account with custom path name for password' do From 91ef42dc0a9ce1a94252a41c3607de56bebeeafc Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Tue, 26 Apr 2016 19:13:12 -0300 Subject: [PATCH 0911/1473] Remove remaining code of setup deprecation warning Since all configurations are using the current recomended defaults. We can remove this deprecation warning for Devise 4.1. --- lib/devise.rb | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 2545675243..40558900c8 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -53,12 +53,6 @@ module Strategies # True values used to check params TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'] - # Track the configs that user explicit changed the default value. It is - # helpfull to not warn users about default values changing when they willing - # changed. - mattr_accessor :app_set_configs - @@app_set_configs = Set.new - # Secret key used by the key generator mattr_accessor :secret_key @@secret_key = nil @@ -286,26 +280,6 @@ def self.setup yield self end - def self.warn_default_config_changed(config, current_default, new_default) - unless app_set_configs.include?(config) - warn = <<-MESSAGE.strip_heredoc - [Devise] config.#{config} will have a new default on Devise 4.1 - To keep the current behavior please set in your config/initializers/devise.rb the following: - - Devise.setup do |config| - config.#{config} = #{current_default} - end - - If you want to use the new default: - - Devise.setup do |config| - config.#{config} = #{new_default} - end - MESSAGE - ActiveSupport::Deprecation.warn(warn) - end - end - class Getter def initialize name @name = name From 7346ce709a52f73c347da9573c1bff406d03d7b7 Mon Sep 17 00:00:00 2001 From: Justin Bull Date: Fri, 29 Apr 2016 17:31:33 -0400 Subject: [PATCH 0912/1473] :beetle: Fix strategy checking in #unlock_strategy_enabled? for :none and undefined strategies A bug that if the unlock strategy was set to `:both`, it would return true for all & any inputs See #4072 --- lib/devise/models/lockable.rb | 4 +++- test/models/lockable_test.rb | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 9522dc079d..971ab9bae7 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -181,7 +181,9 @@ def unlock_access_by_token(unlock_token) # Is the unlock enabled for the given unlock strategy? def unlock_strategy_enabled?(strategy) - [:both, strategy].include?(self.unlock_strategy) + self.unlock_strategy == strategy || + # only :time and :email are subsets of the :both strategy + (self.unlock_strategy == :both && [:time, :email].include?(strategy)) end # Is the lock enabled for the given lock strategy? diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index d4ded24913..ac86c77909 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -325,4 +325,26 @@ def setup user.lock_access! assert_equal :locked, user.unauthenticated_message end + + test 'unlock_strategy_enabled? should return true for both, email, and time strategies if :both is used' do + swap Devise, unlock_strategy: :both do + user = create_user + assert_equal true, user.unlock_strategy_enabled?(:both) + assert_equal true, user.unlock_strategy_enabled?(:time) + assert_equal true, user.unlock_strategy_enabled?(:email) + assert_equal false, user.unlock_strategy_enabled?(:none) + assert_equal false, user.unlock_strategy_enabled?(:an_undefined_strategy) + end + end + + test 'unlock_strategy_enabled? should return true only for the configured strategy' do + swap Devise, unlock_strategy: :email do + user = create_user + assert_equal false, user.unlock_strategy_enabled?(:both) + assert_equal false, user.unlock_strategy_enabled?(:time) + assert_equal true, user.unlock_strategy_enabled?(:email) + assert_equal false, user.unlock_strategy_enabled?(:none) + assert_equal false, user.unlock_strategy_enabled?(:an_undefined_strategy) + end + end end From 13285d7ef3ffa26ad6275647efbb86740254665b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 2 May 2016 10:46:57 -0300 Subject: [PATCH 0913/1473] Remove a few Ruby syntax warnings from the test suite. --- test/controllers/sessions_controller_test.rb | 2 +- test/generators/active_record_generator_test.rb | 2 +- test/integration/authenticatable_test.rb | 6 +++--- test/integration/confirmable_test.rb | 4 ++-- test/integration/lockable_test.rb | 2 +- test/integration/recoverable_test.rb | 4 ++-- test/integration/rememberable_test.rb | 4 ++-- test/rails_app/app/controllers/application_controller.rb | 3 +-- 8 files changed, 13 insertions(+), 14 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index c224983a66..6d28c6d9bf 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -6,7 +6,7 @@ class SessionsControllerTest < Devise::ControllerTestCase test "#create doesn't raise unpermitted params when sign in fails" do begin - subscriber = ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload| + subscriber = ActiveSupport::Notifications.subscribe %r{unpermitted_parameters} do |name, start, finish, id, payload| flunk "Unpermitted params: #{payload}" end request.env["devise.mapping"] = Devise.mappings[:user] diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index adfa8fd1d8..79fab2b181 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -74,7 +74,7 @@ class ActiveRecordEngineGeneratorTest < Rails::Generators::TestCase assert_file "app/models/rails_engine/monster.rb", /devise/ assert_file "app/models/rails_engine/monster.rb" do |content| - assert_no_match /attr_accessible :email/, content + assert_no_match %r{attr_accessible :email}, content end end end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 099206f728..e85ae666f2 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -365,7 +365,7 @@ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest assert_raise Webrat::NotFoundError do sign_in_as_user end - assert_match /Special user view/, response.body + assert_match %r{Special user view}, response.body end end @@ -376,7 +376,7 @@ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest sign_in_as_user end - assert_match /Special user view/, response.body + assert_match %r{Special user view}, response.body assert !Devise::PasswordsController.scoped_views? ensure Devise::SessionsController.send :remove_instance_variable, :@scoped_views @@ -449,7 +449,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'sign in stub in xml format' do get new_user_session_path(format: 'xml') assert_match '', response.body - assert_match /.*<\/user>/m, response.body + assert_match %r{.*}m, response.body assert_match '', response.body assert_match ' Date: Mon, 2 May 2016 14:22:09 -0400 Subject: [PATCH 0914/1473] Extract list of both strategies into class constant --- lib/devise/models/lockable.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 971ab9bae7..fe05b255aa 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -155,6 +155,9 @@ def if_access_locked end module ClassMethods + # List of strategies that are enabled/supported if :both is used. + BOTH_STRATEGIES = [:time, :email] + # Attempt to find a user by its unlock keys. If a record is found, send new # unlock instructions to it. If not user is found, returns a new user # with an email not found error. @@ -182,8 +185,7 @@ def unlock_access_by_token(unlock_token) # Is the unlock enabled for the given unlock strategy? def unlock_strategy_enabled?(strategy) self.unlock_strategy == strategy || - # only :time and :email are subsets of the :both strategy - (self.unlock_strategy == :both && [:time, :email].include?(strategy)) + (self.unlock_strategy == :both && BOTH_STRATEGIES.include?(strategy)) end # Is the lock enabled for the given lock strategy? From 78bbf6dcc4d0a63ab68c31d31d8905dbf8f9c1bb Mon Sep 17 00:00:00 2001 From: ALLEN WANG QIANG Date: Tue, 3 May 2016 08:32:14 +0800 Subject: [PATCH 0915/1473] Send on create confirmation email after commit (#4064) Call send_on_create_confirmation_instructions in after_commit instead of after_create, I think this is no harm in general and it makes things like async job work. Fix #4062 --- Gemfile | 1 + Gemfile.lock | 3 +++ gemfiles/Gemfile.rails-4.1-stable | 1 + gemfiles/Gemfile.rails-4.1-stable.lock | 5 ++++- gemfiles/Gemfile.rails-4.2-stable | 1 + gemfiles/Gemfile.rails-4.2-stable.lock | 7 +++++-- lib/devise/models/confirmable.rb | 11 ++++++++--- test/orm/active_record.rb | 4 +++- 8 files changed, 26 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 97187bb975..738aba2d08 100644 --- a/Gemfile +++ b/Gemfile @@ -12,6 +12,7 @@ group :test do gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false + gem 'test_after_commit', require: false end platforms :jruby do diff --git a/Gemfile.lock b/Gemfile.lock index 55f456ec49..4fc37cd4fe 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -145,6 +145,8 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.11) + test_after_commit (1.0.0) + activerecord (>= 3.2) thor (0.19.1) thread_safe (0.3.5) tzinfo (1.2.2) @@ -173,6 +175,7 @@ DEPENDENCIES rails (~> 4.2.6) rdoc sqlite3 + test_after_commit webrat (= 0.7.3) BUNDLED WITH diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile.rails-4.1-stable index 72d73d6f86..aa966c1cb4 100644 --- a/gemfiles/Gemfile.rails-4.1-stable +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -12,6 +12,7 @@ group :test do gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false + gem 'test_after_commit', require: false end platforms :jruby do diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index b67b6de620..76652824d9 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.0.0.rc2) + devise (4.0.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -133,6 +133,8 @@ GEM activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.11) + test_after_commit (1.0.0) + activerecord (>= 3.2) thor (0.19.1) thread_safe (0.3.5) tzinfo (1.2.2) @@ -161,6 +163,7 @@ DEPENDENCIES rails! rdoc sqlite3 + test_after_commit webrat (= 0.7.3) BUNDLED WITH diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable index de9c4d05dc..10c0c1b685 100644 --- a/gemfiles/Gemfile.rails-4.2-stable +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -12,6 +12,7 @@ group :test do gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false + gem 'test_after_commit', require: false end platforms :jruby do diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 6144a11d8a..751c8d359f 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -58,7 +58,7 @@ GIT PATH remote: .. specs: - devise (4.0.0.rc2) + devise (4.0.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -144,7 +144,7 @@ GEM rake (11.0.1) rdoc (4.2.2) json (~> 1.4) - responders (2.1.1) + responders (2.1.2) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) @@ -155,6 +155,8 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.11) + test_after_commit (1.0.0) + activerecord (>= 3.2) thor (0.19.1) thread_safe (0.3.5) tzinfo (1.2.2) @@ -183,6 +185,7 @@ DEPENDENCIES rails! rdoc sqlite3 + test_after_commit webrat (= 0.7.3) BUNDLED WITH diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 02f4847ba5..c00e41da38 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -43,9 +43,15 @@ module Confirmable included do before_create :generate_confirmation_token, if: :confirmation_required? - after_create :send_on_create_confirmation_instructions, if: :send_confirmation_notification? + after_create :skip_reconfirmation!, if: :send_confirmation_notification? + if respond_to?(:after_commit) # ActiveRecord + after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification? + after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required? + else # Mongoid + after_create :send_on_create_confirmation_instructions, if: :send_confirmation_notification? + after_update :send_reconfirmation_instructions, if: :reconfirmation_required? + end before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, if: :postpone_email_change? - after_update :send_reconfirmation_instructions, if: :reconfirmation_required? end def initialize(*args, &block) @@ -169,7 +175,6 @@ def skip_reconfirmation! # in models to map to a nice sign up e-mail. def send_on_create_confirmation_instructions send_confirmation_instructions - skip_reconfirmation! end # Callback to overwrite if confirmation is required or not. diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index 2386f1fe7e..d9455434d1 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,9 +5,11 @@ ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__)) class ActiveSupport::TestCase - if Rails.version >= '5.0.0' + if Devise.rails5? self.use_transactional_tests = true else + # Let `after_commit` work with transactional fixtures, however this is not needed for Rails 5. + require 'test_after_commit' self.use_transactional_fixtures = true end From d66d9297fb9ba11ec021fbab84a955a4f2e96011 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Mon, 2 May 2016 22:33:51 -0300 Subject: [PATCH 0916/1473] :memo: Update the CHANGELOG --- CHANGELOG.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8625d267c..c35ef7b090 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ ### Unreleased +* bug fixes + * Fix race condition of sending the confirmation instructions e-mail using background jobs. + Using the previous `after_create` callback, the e-mail can be sent before + the record be committed on database, generating a `ActiveRecord::NotFound` error. + Now the confirmation e-mail will be only sent after the database commit, + using the `after_commit` callback. + It may break your test suite on Rails 4 if you are testing the sent e-mails + or enqueued jobs using transactional fixtures enabled or `DatabaseCleaner` with `transaction` strategy. + You can easily fix your test suite using the gem + [test_after_commit](https://github.com/grosser/test_after_commit). For example, put in your Gemfile: + + ```ruby + gem 'test_after_commit', :group => :test + ``` + + On Rails 5 `after_commit` callbacks are triggered even using transactional + fixtures, then this fix will not break your test suite. If you are using `DatabaseCleaner` with the `deletion` or `truncation` strategies it may not break your tests. (by @allenwq) + * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` and + `:undefined` strategies. (by @f3ndot) * features * Humanize authentication keys in failure flash message (by @byzg) When you are configuring the translations of `devise.failure.invalid`, the @@ -8,6 +27,12 @@ * Remove code supporting old session serialization format (by @fphilipe). * Now the `email_regexp` default uses a more permissive regex: `/\A[^@\s]+@[^@\s]+\z/` (by @kimgb) + * Now the `strip_whitespace_keys` default is `[:email]` (by @ulissesalmeida) + * Now the `reconfirmable` default is `true` (by @ulissesalmeida) + * Now the `skip_session_storage` default is `[:http_auth]` (by @ulissesalmeida) + * Now the `sign_out_via` default is `:delete` (by @ulissesalmeida) +* improvements + * Avoids extra computation of friendly token for confirmation token (by @sbc100) ### 4.0.1 - 2016-04-25 From f6301c08f66ef8e3bf6a0256c366664b9d40fa1f Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Mon, 2 May 2016 22:41:51 -0300 Subject: [PATCH 0917/1473] Add raise_in_transactional_callbacks to true Using a rails app without this config generates a rails warning, since it will be the new default. Let's udpate it. --- test/rails_app/config/application.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 5cffa8739a..df4e6da9bd 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -32,6 +32,8 @@ class Application < Rails::Application config.action_mailer.default_url_options = { host: "localhost", port: 3000 } + config.active_record.raise_in_transactional_callbacks = true + # This was used to break devise in some situations config.to_prepare do Devise::SessionsController.layout "application" From 81869de9c549374dfa7c53235723b996b0edc3aa Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Mon, 2 May 2016 23:17:27 -0300 Subject: [PATCH 0918/1473] Only set raise_in_transactional_callbacks for Rails 4.2 * Only set for active record orm. * Only set for Rails versions that supports the config. --- test/rails_app/config/application.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index df4e6da9bd..34732d0a42 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -32,7 +32,9 @@ class Application < Rails::Application config.action_mailer.default_url_options = { host: "localhost", port: 3000 } - config.active_record.raise_in_transactional_callbacks = true + if DEVISE_ORM == :active_record && (Rails::VERSION::MAJOR >= 4 && Rails::VERSION::MINOR >= 2) + config.active_record.raise_in_transactional_callbacks = true + end # This was used to break devise in some situations config.to_prepare do From 1bc9ebd7de422aebf9e542e1059f1edb59571f23 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Mon, 2 May 2016 23:51:49 -0300 Subject: [PATCH 0919/1473] Release 4.1.0 --- CHANGELOG.md | 8 +++++++- Gemfile.lock | 4 ++-- lib/devise/version.rb | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c35ef7b090..5069b1ec4c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 4.1.0 * bug fixes * Fix race condition of sending the confirmation instructions e-mail using background jobs. @@ -34,6 +34,12 @@ * improvements * Avoids extra computation of friendly token for confirmation token (by @sbc100) +### 4.0.2 - 2016-05-02 + +* bug fixes + * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` + and `:undefined` strategies. (by @f3ndot) + ### 4.0.1 - 2016-04-25 * bug fixes diff --git a/Gemfile.lock b/Gemfile.lock index 4fc37cd4fe..ffabf1ed69 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - devise (4.0.1) + devise (4.1.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -134,7 +134,7 @@ GEM rake (11.0.1) rdoc (4.2.2) json (~> 1.4) - responders (2.1.2) + responders (2.2.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.5.2) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 11e5a2d4cc..51251d7c0c 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.0.1".freeze + VERSION = "4.1.0".freeze end From 74ab3e9a0578435da83d9493dd940e7508586b77 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 13:48:42 -0300 Subject: [PATCH 0920/1473] Remove references to `ActiveSupport::OrderedHash`. We no longer support legacy rubies where hashes aren't ordered, so we don't need to use this class for it. --- lib/devise.rb | 12 ++++++------ test/integration/http_authenticatable_test.rb | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 40558900c8..9df03a4c8c 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -42,10 +42,10 @@ module Strategies # Constants which holds devise configuration for extensions. Those should # not be modified by the "end user" (this is why they are constants). ALL = [] - CONTROLLERS = ActiveSupport::OrderedHash.new - ROUTES = ActiveSupport::OrderedHash.new - STRATEGIES = ActiveSupport::OrderedHash.new - URL_HELPERS = ActiveSupport::OrderedHash.new + CONTROLLERS = {} + ROUTES = {} + STRATEGIES = {} + URL_HELPERS = {} # Strategies that do not require user input. NO_INPUT = [] @@ -246,11 +246,11 @@ module Strategies # Store scopes mappings. mattr_reader :mappings - @@mappings = ActiveSupport::OrderedHash.new + @@mappings = {} # OmniAuth configurations. mattr_reader :omniauth_configs - @@omniauth_configs = ActiveSupport::OrderedHash.new + @@omniauth_configs = {} # Define a set of modules that are called when a mapping is added. mattr_reader :helpers diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index a57901ccc3..56ea541c29 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -65,7 +65,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest end test 'it uses appropriate authentication_keys when configured with hash' do - swap Devise, authentication_keys: ActiveSupport::OrderedHash[:username, false, :email, false] do + swap Devise, authentication_keys: { username: false, email: false } do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body @@ -74,7 +74,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest end test 'it uses the appropriate key when configured explicitly' do - swap Devise, authentication_keys: ActiveSupport::OrderedHash[:email, false, :username, false], http_authentication_key: :username do + swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do sign_in_as_new_user_with_http("usertest") assert_response :success assert_match 'user@test.com', response.body From 031351224afcf21af78d21ad1e715a6a7093e043 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 13:52:33 -0300 Subject: [PATCH 0921/1473] Remove usage of `ActiveSupport::Dependencies` 3.x API. --- lib/devise.rb | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 9df03a4c8c..8bbb58b052 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -281,7 +281,7 @@ def self.setup end class Getter - def initialize name + def initialize(name) @name = name end @@ -291,12 +291,8 @@ def get end def self.ref(arg) - if defined?(ActiveSupport::Dependencies::ClassCache) - ActiveSupport::Dependencies::reference(arg) - Getter.new(arg) - else - ActiveSupport::Dependencies.ref(arg) - end + ActiveSupport::Dependencies.reference(arg) + Getter.new(arg) end def self.available_router_name From 536279b05b9d78acc80bd579ffe6786a7cff818c Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 13:57:10 -0300 Subject: [PATCH 0922/1473] Replace homemade `assert_not` matcher in favor of `refute`. --- test/controllers/helpers_test.rb | 4 +- test/controllers/internal_helpers_test.rb | 2 +- test/devise_test.rb | 12 ++-- test/integration/authenticatable_test.rb | 72 +++++++++---------- test/integration/confirmable_test.rb | 14 ++-- .../database_authenticatable_test.rb | 10 +-- test/integration/lockable_test.rb | 2 +- test/integration/omniauthable_test.rb | 2 +- test/integration/recoverable_test.rb | 8 +-- test/integration/registerable_test.rb | 12 ++-- test/integration/rememberable_test.rb | 20 +++--- test/integration/timeoutable_test.rb | 10 +-- test/mapping_test.rb | 2 +- test/models/confirmable_test.rb | 40 +++++------ test/models/database_authenticatable_test.rb | 18 ++--- test/models/lockable_test.rb | 26 +++---- test/models/recoverable_test.rb | 18 ++--- test/models/timeoutable_test.rb | 12 ++-- test/models/validatable_test.rb | 2 +- test/models_test.rb | 2 +- test/support/assertions.rb | 4 -- 21 files changed, 144 insertions(+), 148 deletions(-) diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 6df78d9ce2..4783356153 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -96,7 +96,7 @@ def setup test 'proxy admin_signed_in? to authenticatewith admin scope' do @mock_warden.expects(:authenticate).with(scope: :admin) - assert_not @controller.admin_signed_in? + refute @controller.admin_signed_in? end test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do @@ -311,6 +311,6 @@ def setup end test 'is not a devise controller' do - assert_not @controller.devise_controller? + refute @controller.devise_controller? end end diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index c9eada0024..d2a96119c9 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -119,7 +119,7 @@ def setup MyController.send(:public, :navigational_formats) swap Devise, navigational_formats: ['*/*', :html] do - assert_not @controller.navigational_formats.include?("*/*") + refute @controller.navigational_formats.include?("*/*") end MyController.send(:protected, :navigational_formats) diff --git a/test/devise_test.rb b/test/devise_test.rb index d59deb78cf..1281a5186e 100755 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -69,8 +69,8 @@ class DeviseTest < ActiveSupport::TestCase test 'add new module using the helper method' do assert_nothing_raised(Exception) { Devise.add_module(:coconut) } assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size - assert_not Devise::STRATEGIES.include?(:coconut) - assert_not defined?(Devise::Models::Coconut) + refute Devise::STRATEGIES.include?(:coconut) + refute defined?(Devise::Models::Coconut) Devise::ALL.delete(:coconut) assert_nothing_raised(Exception) { Devise.add_module(:banana, strategy: :fruits) } @@ -86,11 +86,11 @@ class DeviseTest < ActiveSupport::TestCase test 'should complain when comparing empty or different sized passes' do [nil, ""].each do |empty| - assert_not Devise.secure_compare(empty, "something") - assert_not Devise.secure_compare("something", empty) - assert_not Devise.secure_compare(empty, empty) + refute Devise.secure_compare(empty, "something") + refute Devise.secure_compare("something", empty) + refute Devise.secure_compare(empty, empty) end - assert_not Devise.secure_compare("size_1", "size_four") + refute Devise.secure_compare("size_1", "size_four") end test 'Devise.email_regexp should match valid email addresses' do diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index e85ae666f2..7ad08486f0 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -10,13 +10,13 @@ class AuthenticationSanityTest < Devise::IntegrationTest test 'sign in as user should not authenticate admin scope' do sign_in_as_user assert warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) end test 'sign in as admin should not authenticate user scope' do sign_in_as_admin assert warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'sign in as both user and admin at same time' do @@ -31,7 +31,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_user sign_in_as_admin delete destroy_user_session_path - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) assert warden.authenticated?(:admin) end end @@ -42,7 +42,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_admin_session_path - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) assert warden.authenticated?(:user) end end @@ -53,8 +53,8 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_user_session_path - assert_not warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:user) + refute warden.authenticated?(:admin) end end @@ -64,21 +64,21 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_admin_session_path - assert_not warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:admin) + refute warden.authenticated?(:user) end end test 'not signed in as admin should not be able to access admins actions' do get admins_path assert_redirected_to new_admin_session_path - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) end test 'signed in as user should not be able to access admins actions' do sign_in_as_user assert warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) get admins_path assert_redirected_to new_admin_session_path @@ -87,7 +87,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest test 'signed in as admin should be able to access admin actions' do sign_in_as_admin assert warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) get admins_path @@ -115,7 +115,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest get root_path assert_contain 'Signed out successfully' - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) end test 'unauthenticated admin set message on sign out' do @@ -138,13 +138,13 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'not signed in should not be able to access private route (authenticate denied)' do get private_path assert_redirected_to new_admin_session_path - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) end test 'signed in as user should not be able to access private route restricted to admins (authenticate denied)' do sign_in_as_user assert warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) get private_path assert_redirected_to new_admin_session_path end @@ -152,7 +152,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as admin should be able to access private route restricted to admins (authenticate accepted)' do sign_in_as_admin assert warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) get private_path @@ -164,7 +164,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do sign_in_as_admin(active: false) assert warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) assert_raises ActionController::RoutingError do get "/private/active" @@ -174,7 +174,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do sign_in_as_admin(active: true) assert warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) get private_active_path @@ -186,7 +186,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as admin should get admin dashboard (authenticated accepted)' do sign_in_as_admin assert warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) get dashboard_path @@ -198,7 +198,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as user should get user dashboard (authenticated accepted)' do sign_in_as_user assert warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) get dashboard_path @@ -216,7 +216,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do sign_in_as_admin(active: false) assert warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) assert_raises ActionController::RoutingError do get "/dashboard/active" @@ -226,7 +226,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do sign_in_as_admin(active: true) assert warden.authenticated?(:admin) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) get dashboard_active_path @@ -238,7 +238,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in user should not see unauthenticated page (unauthenticated denied)' do sign_in_as_user assert warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) assert_raises ActionController::RoutingError do get join_path @@ -404,13 +404,13 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'handles unverified requests gets rid of caches' do swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) sign_in_as_user assert warden.authenticated?(:user) post exhibit_user_url(1) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) assert_equal "User is not authenticated", response.body end end @@ -473,7 +473,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'uses the mapping from router' do sign_in_as_user visit: "/as/sign_in" assert warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) end test 'sign in with xml format returns xml response' do @@ -515,14 +515,14 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_user delete destroy_user_session_path(format: 'xml') assert_response :no_content - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'sign out with json format returns no content' do sign_in_as_user delete destroy_user_session_path(format: 'json') assert_response :no_content - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'sign out with non-navigational format via XHR does not redirect' do @@ -530,7 +530,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_admin get destroy_sign_out_via_get_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. assert_response :no_content - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -540,7 +540,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_user delete destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" } assert_response :redirect - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end end @@ -550,7 +550,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest swap Devise, authentication_keys: [:subdomain] do sign_in_as_user assert_contain "Invalid Subdomain or password." - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -579,7 +579,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest sign_in_as_user end - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -589,7 +589,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest swap Devise, request_keys: [:subdomain] do sign_in_as_user assert_contain "Invalid Email or password." - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -612,7 +612,7 @@ def sign_in!(scope) test 'allow sign out via delete when sign_out_via provides only delete' do sign_in!(:sign_out_via_delete) delete destroy_sign_out_via_delete_session_path - assert_not warden.authenticated?(:sign_out_via_delete) + refute warden.authenticated?(:sign_out_via_delete) end test 'do not allow sign out via get when sign_out_via provides only delete' do @@ -626,7 +626,7 @@ def sign_in!(scope) test 'allow sign out via post when sign_out_via provides only post' do sign_in!(:sign_out_via_post) post destroy_sign_out_via_post_session_path - assert_not warden.authenticated?(:sign_out_via_post) + refute warden.authenticated?(:sign_out_via_post) end test 'do not allow sign out via get when sign_out_via provides only post' do @@ -640,13 +640,13 @@ def sign_in!(scope) test 'allow sign out via delete when sign_out_via provides delete and post' do sign_in!(:sign_out_via_delete_or_post) delete destroy_sign_out_via_delete_or_post_session_path - assert_not warden.authenticated?(:sign_out_via_delete_or_post) + refute warden.authenticated?(:sign_out_via_delete_or_post) end test 'allow sign out via post when sign_out_via provides delete and post' do sign_in!(:sign_out_via_delete_or_post) post destroy_sign_out_via_delete_or_post_session_path - assert_not warden.authenticated?(:sign_out_via_delete_or_post) + refute warden.authenticated?(:sign_out_via_delete_or_post) end test 'do not allow sign out via get when sign_out_via provides delete and post' do diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 484d4bdfde..02730d5891 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -41,12 +41,12 @@ def resend_confirmation test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) - assert_not user.confirmed? + refute user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) assert_have_selector '#error_explanation' assert_contain %r{needs to be confirmed within 3 days} - assert_not user.reload.confirmed? + refute user.reload.confirmed? assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}" end end @@ -84,7 +84,7 @@ def resend_confirmation test 'user with valid confirmation token should be able to confirm an account before the token has expired' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 2.days.ago) - assert_not user.confirmed? + refute user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' @@ -130,7 +130,7 @@ def resend_confirmation sign_in_as_user(confirm: false) assert_contain 'You have to confirm your email address before continuing' - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -141,7 +141,7 @@ def resend_confirmation end assert_contain 'Invalid Email or password' - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -284,7 +284,7 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? - assert_not admin.reload.pending_reconfirmation? + refute admin.reload.pending_reconfirmation? end test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do @@ -306,7 +306,7 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? - assert_not admin.reload.pending_reconfirmation? + refute admin.reload.pending_reconfirmation? end test 'admin email should be unique also within unconfirmed_email' do diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 659f20b675..135f113b04 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -19,7 +19,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'email', with: 'foo@bar.com' end - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -41,14 +41,14 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'email', with: ' foo@bar.com ' end - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end test 'sign in should not authenticate if not using proper authentication keys' do swap Devise, authentication_keys: [:username] do sign_in_as_user - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -59,7 +59,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end assert_contain 'Invalid email address' - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) end end @@ -69,7 +69,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end assert_contain 'Invalid Email or password' - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) end test 'error message is configurable by resource name' do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 0537742188..5602bb9fd2 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -85,7 +85,7 @@ def send_unlock_request assert_current_url "/users/sign_in" assert_contain 'Your account has been unlocked successfully. Please sign in to continue.' - assert_not user.reload.access_locked? + refute user.reload.access_locked? end test "user should not send a new e-mail if already locked" do diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 76c2cdcfea..6af8842007 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -71,7 +71,7 @@ def stub_action!(name) assert_current_url "/" assert_contain "You have signed up successfully." assert_contain "Hello User user@example.com" - assert_not session["devise.facebook_data"] + refute session["devise.facebook_data"] end test "cleans up session on cancel" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index d738ccfa89..f35a46b7b3 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -10,7 +10,7 @@ def visit_new_password_path def request_forgot_password(&block) visit_new_password_path assert_response :success - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) fill_in 'email', with: 'user@test.com' yield if block_given? @@ -147,7 +147,7 @@ def reset_password(options={}, &block) assert_current_url '/users/password' assert_have_selector '#error_explanation' assert_contain %r{Reset password token(.*)invalid} - assert_not user.reload.valid_password?('987654321') + refute user.reload.valid_password?('987654321') end test 'not authenticated user with valid reset password token but invalid password should not be able to change their password' do @@ -161,7 +161,7 @@ def reset_password(options={}, &block) assert_current_url '/users/password' assert_have_selector '#error_explanation' assert_contain "Password confirmation doesn't match Password" - assert_not user.reload.valid_password?('987654321') + refute user.reload.valid_password?('987654321') end test 'not authenticated user with valid data should be able to change their password' do @@ -181,7 +181,7 @@ def reset_password(options={}, &block) reset_password { fill_in 'Confirm new password', with: 'other_password' } assert_response :success assert_have_selector '#error_explanation' - assert_not user.reload.valid_password?('987654321') + refute user.reload.valid_password?('987654321') reset_password visit: false assert_contain 'Your password has been changed successfully.' diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 617958d029..9417a17723 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -64,11 +64,11 @@ def user_sign_up assert_not_contain 'You have to confirm your account before continuing' assert_current_url "/" - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal user.email, 'new_user@test.com' - assert_not user.confirmed? + refute user.confirmed? end test 'a guest user should receive the confirmation instructions from the default mailer' do @@ -92,7 +92,7 @@ def user_sign_up click_button 'Sign up' assert_current_url "/?custom=1" - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'a guest user cannot sign up with invalid information' do @@ -114,7 +114,7 @@ def user_sign_up assert_contain "2 errors prohibited" assert_nil User.to_adapter.find_first - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'a guest should not sign up with email/password that already exists' do @@ -133,7 +133,7 @@ def user_sign_up assert_current_url '/users' assert_contain(/Email.*already.*taken/) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'a guest should not be able to change account' do @@ -217,7 +217,7 @@ def user_sign_up click_button 'Update' assert_contain "Password confirmation doesn't match Password" - assert_not User.to_adapter.find_first.valid_password?('pas123') + refute User.to_adapter.find_first.valid_password?('pas123') end test 'a signed in user should be able to cancel their account' do diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 31e5d219f3..b5a227db48 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -33,12 +33,12 @@ def cookie_expires(key) test 'handle unverified requests gets rid of caches' do swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) create_user_and_remember post exhibit_user_url(1) assert_equal "User is not authenticated", response.body - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end @@ -51,8 +51,8 @@ def cookie_expires(key) authenticity_token: "oops", user: { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" } } - assert_not warden.authenticated?(:user) - assert_not request.cookies['remember_user_token'] + refute warden.authenticated?(:user) + refute request.cookies['remember_user_token'] end end @@ -158,13 +158,13 @@ def cookie_expires(key) get root_path assert_response :success assert warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:admin) end test 'do not remember with invalid token' do create_user_and_remember('add') get users_path - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) assert_redirected_to new_user_session_path end @@ -172,7 +172,7 @@ def cookie_expires(key) create_user_and_remember swap Devise, remember_for: 0.days do get users_path - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) assert_redirected_to new_user_session_path end end @@ -183,11 +183,11 @@ def cookie_expires(key) assert warden.authenticated?(:user) delete destroy_user_session_path - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) assert_nil warden.cookies['remember_user_token'] get users_path - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'changing user password expires remember me token' do @@ -197,7 +197,7 @@ def cookie_expires(key) user.save! get users_path - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'valid sign in calls after_remembered callback' do diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 1458495e4d..d831a96c6f 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -56,7 +56,7 @@ def last_request_at get users_path assert_redirected_to users_path - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) assert warden.authenticated?(:admin) end end @@ -70,8 +70,8 @@ def last_request_at assert_not_nil last_request_at get root_path - assert_not warden.authenticated?(:user) - assert_not warden.authenticated?(:admin) + refute warden.authenticated?(:user) + refute warden.authenticated?(:admin) end end @@ -108,7 +108,7 @@ def last_request_at assert_response :success assert_contain 'Sign in' - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end test 'time out is not triggered on sign in' do @@ -134,7 +134,7 @@ def last_request_at get expire_user_path(user) get users_path assert_redirected_to users_path - assert_not warden.authenticated?(:user) + refute warden.authenticated?(:user) end end diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 8c69981d2c..b1010166f6 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -115,7 +115,7 @@ def user.devise_scope; :special_scope; end assert mapping.authenticatable? assert mapping.recoverable? assert mapping.lockable? - assert_not mapping.omniauthable? + refute mapping.omniauthable? end test 'find mapping by path' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 5baf252e76..9eace6a9d9 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -28,9 +28,9 @@ def setup end test 'should verify whether a user is confirmed or not' do - assert_not new_user.confirmed? + refute new_user.confirmed? user = create_user - assert_not user.confirmed? + refute user.confirmed? user.confirm assert user.confirmed? end @@ -40,7 +40,7 @@ def setup assert user.confirm assert_blank user.errors[:email] - assert_not user.confirm + refute user.confirm assert_equal "was already confirmed, please try signing in", user.errors[:email].join end @@ -54,13 +54,13 @@ def setup test 'should return a new record with errors when a invalid token is given' do confirmed_user = User.confirm_by_token('invalid_confirmation_token') - assert_not confirmed_user.persisted? + refute confirmed_user.persisted? assert_equal "is invalid", confirmed_user.errors[:confirmation_token].join end test 'should return a new record with errors when a blank token is given' do confirmed_user = User.confirm_by_token('') - assert_not confirmed_user.persisted? + refute confirmed_user.persisted? assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end @@ -114,7 +114,7 @@ def setup assert_email_not_sent do user.save! - assert_not user.confirmed? + refute user.confirmed? end end @@ -134,7 +134,7 @@ def setup test 'should return a new user if no email was found' do confirmation_user = User.send_confirmation_instructions(email: "invalid@example.com") - assert_not confirmation_user.persisted? + refute confirmation_user.persisted? end test 'should add error to new user email if no email was found' do @@ -181,7 +181,7 @@ def setup test 'should not be able to send instructions if the user is already confirmed' do user = create_user user.confirm - assert_not user.resend_confirmation_instructions + refute user.resend_confirmation_instructions assert user.confirmed? assert_equal 'was already confirmed, please try signing in', user.errors[:email].join end @@ -190,7 +190,7 @@ def setup swap Devise, allow_unconfirmed_access_for: 1.day do user = create_user user.confirmation_sent_at = 2.days.ago - assert_not user.active_for_authentication? + refute user.active_for_authentication? Devise.allow_unconfirmed_access_for = 3.days assert user.active_for_authentication? @@ -206,14 +206,14 @@ def setup assert user.active_for_authentication? user.confirmation_sent_at = 5.days.ago - assert_not user.active_for_authentication? + refute user.active_for_authentication? end end test 'should be active when already confirmed' do user = create_user - assert_not user.confirmed? - assert_not user.active_for_authentication? + refute user.confirmed? + refute user.active_for_authentication? user.confirm assert user.confirmed? @@ -224,7 +224,7 @@ def setup Devise.allow_unconfirmed_access_for = 0.days user = create_user user.confirmation_sent_at = Time.zone.today - assert_not user.active_for_authentication? + refute user.active_for_authentication? end test 'should be active when we set allow_unconfirmed_access_for to nil' do @@ -239,7 +239,7 @@ def setup user = create_user user.confirmation_sent_at = nil user.save - assert_not user.reload.active_for_authentication? + refute user.reload.active_for_authentication? end test 'should be active without confirmation when confirmation is not required' do @@ -272,7 +272,7 @@ def setup swap Devise, confirmation_keys: [:username, :email] do user = create_user confirm_user = User.send_confirmation_instructions(email: user.email) - assert_not confirm_user.persisted? + refute confirm_user.persisted? assert_equal "can't be blank", confirm_user.errors[:username].join end end @@ -297,7 +297,7 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) test 'should not accept confirmation email token after 4 days when expiration is set to 3 days' do swap Devise, confirm_within: 3.days do - assert_not confirm_user_by_token_with_confirmation_sent_at(4.days.ago) + refute confirm_user_by_token_with_confirmation_sent_at(4.days.ago) end end @@ -337,14 +337,14 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) self.username = self.username.to_s + 'updated' end old = user.username - assert_not user.confirm + refute user.confirm assert_equal user.username, old end test 'should always perform validations upon confirm when ensure valid true' do admin = create_admin admin.stubs(:valid?).returns(false) - assert_not admin.confirm(ensure_valid: true) + refute admin.confirm(ensure_valid: true) end end @@ -370,7 +370,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin.skip_reconfirmation! assert admin.update_attributes(email: 'new_test@example.com') assert admin.confirmed? - assert_not admin.pending_reconfirmation? + refute admin.pending_reconfirmation? assert_equal original_token, admin.confirmation_token end @@ -461,7 +461,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should return a new admin if no email or unconfirmed_email was found' do confirmation_admin = Admin.send_confirmation_instructions(email: "invalid@email.com") - assert_not confirmation_admin.persisted? + refute confirmation_admin.persisted? end test 'should add error to new admin email if no email or unconfirmed_email was found' do diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 8c12d93c89..4f7aa75bd5 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -124,7 +124,7 @@ def setup test 'should test for a valid password' do user = create_user assert user.valid_password?('12345678') - assert_not user.valid_password?('654321') + refute user.valid_password?('654321') end test 'should not raise error with an empty password' do @@ -136,7 +136,7 @@ def setup test 'should be an invalid password if the user has an empty password' do user = create_user user.encrypted_password = '' - assert_not user.valid_password?('654321') + refute user.valid_password?('654321') end test 'should respond to current password' do @@ -152,7 +152,7 @@ def setup test 'should add an error to current password when it is invalid' do user = create_user - assert_not user.update_with_password(current_password: 'other', + refute user.update_with_password(current_password: 'other', password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') assert_match "is invalid", user.errors[:current_password].join @@ -160,7 +160,7 @@ def setup test 'should add an error to current password when it is blank' do user = create_user - assert_not user.update_with_password(password: 'pass4321', + refute user.update_with_password(password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') assert_match "can't be blank", user.errors[:current_password].join @@ -170,7 +170,7 @@ def setup user = UserWithValidation.create!(valid_attributes) user.save assert user.persisted? - assert_not user.update_with_password(username: "") + refute user.update_with_password(username: "") assert_match "usertest", user.reload.username assert_match "can't be blank", user.errors[:username].join end @@ -183,14 +183,14 @@ def setup test 'should not update password with invalid confirmation' do user = create_user - assert_not user.update_with_password(current_password: '12345678', + refute user.update_with_password(current_password: '12345678', password: 'pass4321', password_confirmation: 'other') assert user.reload.valid_password?('12345678') end test 'should clean up password fields on failure' do user = create_user - assert_not user.update_with_password(current_password: '12345678', + refute user.update_with_password(current_password: '12345678', password: 'pass4321', password_confirmation: 'other') assert user.password.blank? assert user.password_confirmation.blank? @@ -217,14 +217,14 @@ def setup test 'should not destroy user with invalid password' do user = create_user - assert_not user.destroy_with_password('other') + refute user.destroy_with_password('other') assert user.persisted? assert_match "is invalid", user.errors[:current_password].join end test 'should not destroy user with blank password' do user = create_user - assert_not user.destroy_with_password(nil) + refute user.destroy_with_password(nil) assert user.persisted? assert_match "can't be blank", user.errors[:current_password].join end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index ac86c77909..38ba351138 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -46,7 +46,7 @@ def setup test "should verify whether a user is locked or not" do user = create_user - assert_not user.access_locked? + refute user.access_locked? user.lock_access! assert user.access_locked? end @@ -56,7 +56,7 @@ def setup user.confirm assert user.active_for_authentication? user.lock_access! - assert_not user.active_for_authentication? + refute user.active_for_authentication? end test "should unlock a user by cleaning locked_at, failed_attempts and unlock_token" do @@ -72,7 +72,7 @@ def setup end test "new user should not be locked and should have zero failed_attempts" do - assert_not new_user.access_locked? + refute new_user.access_locked? assert_equal 0, create_user.failed_attempts end @@ -83,7 +83,7 @@ def setup assert user.access_locked? Devise.unlock_in = 1.hour - assert_not user.access_locked? + refute user.access_locked? end end @@ -162,18 +162,18 @@ def setup raw = user.send_unlock_instructions locked_user = User.unlock_access_by_token(raw) assert_equal locked_user, user - assert_not user.reload.access_locked? + refute user.reload.access_locked? end test 'should return a new record with errors when a invalid token is given' do locked_user = User.unlock_access_by_token('invalid_token') - assert_not locked_user.persisted? + refute locked_user.persisted? assert_equal "is invalid", locked_user.errors[:unlock_token].join end test 'should return a new record with errors when a blank token is given' do locked_user = User.unlock_access_by_token('') - assert_not locked_user.persisted? + refute locked_user.persisted? assert_equal "can't be blank", locked_user.errors[:unlock_token].join end @@ -186,7 +186,7 @@ def setup test 'should return a new user if no email was found' do unlock_user = User.send_unlock_instructions(email: "invalid@example.com") - assert_not unlock_user.persisted? + refute unlock_user.persisted? end test 'should add error to new user email if no email was found' do @@ -206,23 +206,23 @@ def setup swap Devise, unlock_keys: [:username, :email] do user = create_user unlock_user = User.send_unlock_instructions(email: user.email) - assert_not unlock_user.persisted? + refute unlock_user.persisted? assert_equal "can't be blank", unlock_user.errors[:username].join end end test 'should not be able to send instructions if the user is not locked' do user = create_user - assert_not user.resend_unlock_instructions - assert_not user.access_locked? + refute user.resend_unlock_instructions + refute user.access_locked? assert_equal 'was not locked', user.errors[:email].join end test 'should not be able to send instructions if the user if not locked and have username as unlock key' do swap Devise, unlock_keys: [:username] do user = create_user - assert_not user.resend_unlock_instructions - assert_not user.access_locked? + refute user.resend_unlock_instructions + refute user.access_locked? assert_equal 'was not locked', user.errors[:username].join end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 2585bdd161..bf334b5496 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -92,14 +92,14 @@ def setup user = create_user user.send_reset_password_instructions assert_present user.reset_password_token - assert_not user.reset_password('123456789', '987654321') + refute user.reset_password('123456789', '987654321') assert_present user.reset_password_token end test 'should not reset password with invalid data' do user = create_user user.stubs(:valid?).returns(false) - assert_not user.reset_password('123456789', '987654321') + refute user.reset_password('123456789', '987654321') end test 'should reset reset password token and send instructions by email' do @@ -119,7 +119,7 @@ def setup test 'should return a new record with errors if user was not found by e-mail' do reset_password_user = User.send_reset_password_instructions(email: "invalid@example.com") - assert_not reset_password_user.persisted? + refute reset_password_user.persisted? assert_equal "not found", reset_password_user.errors[:email].join end @@ -135,7 +135,7 @@ def setup swap Devise, reset_password_keys: [:username, :email] do user = create_user reset_password_user = User.send_reset_password_instructions(email: user.email) - assert_not reset_password_user.persisted? + refute reset_password_user.persisted? assert_equal "can't be blank", reset_password_user.errors[:username].join end end @@ -164,13 +164,13 @@ def setup test 'should return a new record with errors if no reset_password_token is found' do reset_password_user = User.reset_password_by_token(reset_password_token: 'invalid_token') - assert_not reset_password_user.persisted? + refute reset_password_user.persisted? assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join end test 'should return a new record with errors if reset_password_token is blank' do reset_password_user = User.reset_password_by_token(reset_password_token: '') - assert_not reset_password_user.persisted? + refute reset_password_user.persisted? assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join end @@ -179,7 +179,7 @@ def setup raw = user.send_reset_password_instructions reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '') - assert_not reset_password_user.errors.empty? + refute reset_password_user.errors.empty? assert_match "can't be blank", reset_password_user.errors[:password].join assert_equal raw, reset_password_user.reset_password_token end @@ -197,7 +197,7 @@ def setup assert_nil reset_password_user.reset_password_token user.reload - assert_not user.valid_password?(old_password) + refute user.valid_password?(old_password) assert user.valid_password?('new_password') assert_nil user.reset_password_token end @@ -219,7 +219,7 @@ def setup user.reload assert user.valid_password?(old_password) - assert_not user.valid_password?('new_password') + refute user.valid_password?('new_password') assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join end end diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index be68246743..dea3ed6684 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -7,11 +7,11 @@ class TimeoutableTest < ActiveSupport::TestCase end test 'should not be expired' do - assert_not new_user.timedout?(29.minutes.ago) + refute new_user.timedout?(29.minutes.ago) end test 'should not be expired when params is nil' do - assert_not new_user.timedout?(nil) + refute new_user.timedout?(nil) end test 'should use timeout_in method' do @@ -19,23 +19,23 @@ class TimeoutableTest < ActiveSupport::TestCase user.instance_eval { def timeout_in; 10.minutes end } assert user.timedout?(12.minutes.ago) - assert_not user.timedout?(8.minutes.ago) + refute user.timedout?(8.minutes.ago) end test 'should not be expired when timeout_in method returns nil' do user = new_user user.instance_eval { def timeout_in; nil end } - assert_not user.timedout?(10.hours.ago) + refute user.timedout?(10.hours.ago) end test 'fallback to Devise config option' do swap Devise, timeout_in: 1.minute do user = new_user assert user.timedout?(2.minutes.ago) - assert_not user.timedout?(30.seconds.ago) + refute user.timedout?(30.seconds.ago) Devise.timeout_in = 5.minutes - assert_not user.timedout?(2.minutes.ago) + refute user.timedout?(2.minutes.ago) assert user.timedout?(6.minutes.ago) end end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 0491297b38..a54810e8c0 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -97,7 +97,7 @@ class ValidatableTest < ActiveSupport::TestCase user.password_confirmation = 'confirmation' assert user.invalid? - assert_not (user.errors[:password].join =~ /is too long/) + refute (user.errors[:password].join =~ /is too long/) end test 'should complain about length even if password is not required' do diff --git a/test/models_test.rb b/test/models_test.rb index 3fc78806f6..3b462afc1b 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -13,7 +13,7 @@ def assert_include_modules(klass, *modules) end (Devise::ALL - modules).each do |mod| - assert_not include_module?(klass, mod) + refute include_module?(klass, mod) end end diff --git a/test/support/assertions.rb b/test/support/assertions.rb index 864999efd2..1198e84c0e 100644 --- a/test/support/assertions.rb +++ b/test/support/assertions.rb @@ -1,10 +1,6 @@ require 'active_support/test_case' class ActiveSupport::TestCase - def assert_not(assertion) - assert !assertion - end - def assert_blank(assertion) assert assertion.blank? end From a2498074f19a047d422222e82257db15eaba9759 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 14:18:35 -0300 Subject: [PATCH 0923/1473] Replace custom `Array` assertion with `assert_equal`. --- test/models/confirmable_test.rb | 10 +++++----- test/models/database_authenticatable_test.rb | 8 ++++---- test/models/lockable_test.rb | 6 +++--- test/models/omniauthable_test.rb | 2 +- test/models/recoverable_test.rb | 2 +- test/models/registerable_test.rb | 2 +- test/models/rememberable_test.rb | 2 +- test/models/timeoutable_test.rb | 2 +- test/models/trackable_test.rb | 2 +- test/support/assertions.rb | 7 ------- 10 files changed, 18 insertions(+), 25 deletions(-) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 9eace6a9d9..59f70fcffe 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -479,18 +479,18 @@ class ReconfirmableTest < ActiveSupport::TestCase end test 'required_fields should contain the fields that Devise uses' do - assert_same_content Devise::Models::Confirmable.required_fields(User), [ - :confirmation_sent_at, + assert_equal Devise::Models::Confirmable.required_fields(User), [ :confirmation_token, - :confirmed_at + :confirmed_at, + :confirmation_sent_at ] end test 'required_fields should also contain unconfirmable when reconfirmable_email is true' do - assert_same_content Devise::Models::Confirmable.required_fields(Admin), [ - :confirmation_sent_at, + assert_equal Devise::Models::Confirmable.required_fields(Admin), [ :confirmation_token, :confirmed_at, + :confirmation_sent_at, :unconfirmed_email ] end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 4f7aa75bd5..dafd7b81ce 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -252,15 +252,15 @@ def setup end test 'required_fields should be encryptable_password and the email field by default' do - assert_same_content Devise::Models::DatabaseAuthenticatable.required_fields(User), [ - :email, - :encrypted_password + assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [ + :encrypted_password, + :email ] end test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do swap Devise, authentication_keys: [:login] do - assert_same_content Devise::Models::DatabaseAuthenticatable.required_fields(User), [ + assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [ :encrypted_password, :login ] diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 38ba351138..52373b8192 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -257,7 +257,7 @@ def setup test 'required_fields should contain the all the fields when all the strategies are enabled' do swap Devise, unlock_strategy: :both do swap Devise, lock_strategy: :failed_attempts do - assert_same_content Devise::Models::Lockable.required_fields(User), [ + assert_equal Devise::Models::Lockable.required_fields(User), [ :failed_attempts, :locked_at, :unlock_token @@ -269,7 +269,7 @@ def setup test 'required_fields should contain only failed_attempts and locked_at when the strategies are time and failed_attempts are enabled' do swap Devise, unlock_strategy: :time do swap Devise, lock_strategy: :failed_attempts do - assert_same_content Devise::Models::Lockable.required_fields(User), [ + assert_equal Devise::Models::Lockable.required_fields(User), [ :failed_attempts, :locked_at ] @@ -280,7 +280,7 @@ def setup test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do swap Devise, unlock_strategy: :email do swap Devise, lock_strategy: :failed_attempts do - assert_same_content Devise::Models::Lockable.required_fields(User), [ + assert_equal Devise::Models::Lockable.required_fields(User), [ :failed_attempts, :unlock_token ] diff --git a/test/models/omniauthable_test.rb b/test/models/omniauthable_test.rb index 13a89a5964..03e1f68868 100644 --- a/test/models/omniauthable_test.rb +++ b/test/models/omniauthable_test.rb @@ -2,6 +2,6 @@ class OmniauthableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_same_content Devise::Models::Omniauthable.required_fields(User), [] + assert_equal Devise::Models::Omniauthable.required_fields(User), [] end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index bf334b5496..55aa8d2a09 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -225,7 +225,7 @@ def setup end test 'required_fields should contain the fields that Devise uses' do - assert_same_content Devise::Models::Recoverable.required_fields(User), [ + assert_equal Devise::Models::Recoverable.required_fields(User), [ :reset_password_sent_at, :reset_password_token ] diff --git a/test/models/registerable_test.rb b/test/models/registerable_test.rb index fe15728989..bef6c8ce4e 100644 --- a/test/models/registerable_test.rb +++ b/test/models/registerable_test.rb @@ -2,6 +2,6 @@ class RegisterableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_same_content Devise::Models::Registerable.required_fields(User), [] + assert_equal Devise::Models::Registerable.required_fields(User), [] end end diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 055a778bf0..5dc8851fb5 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -150,7 +150,7 @@ def user.authenticable_salt; ""; end end test 'should have the required_fields array' do - assert_same_content Devise::Models::Rememberable.required_fields(User), [ + assert_equal Devise::Models::Rememberable.required_fields(User), [ :remember_created_at ] end diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index dea3ed6684..2deac0d3aa 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -41,7 +41,7 @@ class TimeoutableTest < ActiveSupport::TestCase end test 'required_fields should contain the fields that Devise uses' do - assert_same_content Devise::Models::Timeoutable.required_fields(User), [] + assert_equal Devise::Models::Timeoutable.required_fields(User), [] end test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do diff --git a/test/models/trackable_test.rb b/test/models/trackable_test.rb index c63682f3a7..e792e337a5 100644 --- a/test/models/trackable_test.rb +++ b/test/models/trackable_test.rb @@ -2,7 +2,7 @@ class TrackableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_same_content Devise::Models::Trackable.required_fields(User), [ + assert_equal Devise::Models::Trackable.required_fields(User), [ :current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, diff --git a/test/support/assertions.rb b/test/support/assertions.rb index 1198e84c0e..7ec8b32345 100644 --- a/test/support/assertions.rb +++ b/test/support/assertions.rb @@ -20,13 +20,6 @@ def assert_email_not_sent(&block) assert_no_difference('ActionMailer::Base.deliveries.size', &block) end - def assert_same_content(result, expected) - assert expected.size == result.size, "the arrays doesn't have the same size" - expected.each do |element| - assert result.include?(element), "The array doesn't include '#{element}'." - end - end - def assert_raise_with_message(exception_klass, message, &block) exception = assert_raise exception_klass, &block assert_equal exception.message, message, From e79201aef86e048ed38e2181675458bc3b9da2a1 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 18:18:56 -0300 Subject: [PATCH 0924/1473] Remove deprecated `ParameterSanitizer` API. --- lib/devise/parameter_sanitizer.rb | 55 ------------------------------ test/parameter_sanitizer_test.rb | 56 ------------------------------- 2 files changed, 111 deletions(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index fc08d3c9ac..0f6faee680 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -68,12 +68,6 @@ def initialize(resource_class, resource_name, params) def sanitize(action) permissions = @permitted[action] - # DEPRECATED: Remove this branch on Devise 4.2. - if respond_to?(action, true) - deprecate_instance_method_sanitization(action) - return cast_to_hash send(action) - end - if permissions.respond_to?(:call) cast_to_hash permissions.call(default_params) elsif permissions.present? @@ -127,17 +121,6 @@ def permit(action, keys: nil, except: nil, &block) end end - # DEPRECATED: Remove this method on Devise 4.2. - def for(action, &block) # :nodoc: - if block_given? - deprecate_for_with_block(action) - permit(action, &block) - else - deprecate_for_without_block(action) - @permitted[action] or unknown_action!(action) - end - end - private # Cast a sanitized +ActionController::Parameters+ to a +HashWithIndifferentAccess+ @@ -172,43 +155,5 @@ def unknown_action!(action) devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3]) MESSAGE end - - def deprecate_for_with_block(action) - ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) - [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2. - Please use the `permit` method: - - devise_parameter_sanitizer.permit(:#{action}) do |user| - # Your block here. - end - MESSAGE - end - - def deprecate_for_without_block(action) - ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) - [Devise] Changing the sanitized parameters through "#{self.class.name}#for(#{action}) is deprecated and it will be removed from Devise 4.2. - Please use the `permit` method to add or remove any key: - - To add any new key, use the `keys` keyword argument: - devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3]) - - To remove any existing key, use the `except` keyword argument: - devise_parameter_sanitizer.permit(:#{action}, except: [:email]) - MESSAGE - end - - def deprecate_instance_method_sanitization(action) - ActiveSupport::Deprecation.warn(<<-MESSAGE.strip_heredoc) - [Devise] Parameter sanitization through a "#{self.class.name}##{action}" method is deprecated and it will be removed from Devise 4.2. - Please use the `permit` method on your sanitizer `initialize` method. - - class #{self.class.name} < Devise::ParameterSanitizer - def initialize(*) - super - permit(:#{action}, keys: [:param1, :param2, :param3]) - end - end - MESSAGE - end end end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index b40bf6a7c2..a1f3842638 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -73,59 +73,3 @@ def sanitizer(params) assert_equal({ 'username' => 'jose' }, sanitized) end end - -class DeprecatedParameterSanitizerAPITest < ActiveSupport::TestCase - class CustomSanitizer < Devise::ParameterSanitizer - def sign_in - default_params.permit(:username) - end - end - - def sanitizer(params) - params = ActionController::Parameters.new(params) - Devise::ParameterSanitizer.new(User, :user, params) - end - - test 'overriding instance methods have precedence over the default sanitized attributes' do - assert_deprecated do - params = ActionController::Parameters.new(user: { "username" => "jose", "name" => "Jose" }) - sanitizer = CustomSanitizer.new(User, :user, params) - - sanitized = sanitizer.sanitize(:sign_in) - - assert_equal({ "username" => "jose" }, sanitized) - end - end - - test 'adding new parameters by mutating the Array' do - assert_deprecated do - sanitizer = sanitizer('user' => { 'username' => 'jose' }) - sanitizer.for(:sign_in) << :username - sanitized = sanitizer.sanitize(:sign_in) - - assert_equal({ 'username' => 'jose' }, sanitized) - end - end - - test 'adding new parameters with a block' do - assert_deprecated do - sanitizer = sanitizer('user' => { 'username' => 'jose' }) - sanitizer.for(:sign_in) { |user| user.permit(:username) } - - sanitized = sanitizer.sanitize(:sign_in) - - assert_equal({ 'username' => 'jose' }, sanitized) - end - end - - test 'removing multiple default parameters' do - assert_deprecated do - sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'invalid', 'remember_me' => '1' }) - sanitizer.for(:sign_in).delete(:email) - sanitizer.for(:sign_in).delete(:password) - sanitized = sanitizer.sanitize(:sign_in) - - assert_equal({ 'remember_me' => '1' }, sanitized) - end - end -end From f64022a57b83849ed7a624349f40a2e9b67b1275 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 18:22:41 -0300 Subject: [PATCH 0925/1473] Remove deprecated OmniAuth URL helpers. --- lib/devise.rb | 1 - lib/devise/omniauth/url_helpers.rb | 51 ------------------------------ 2 files changed, 52 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 8bbb58b052..94d61ce62c 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -413,7 +413,6 @@ def self.warden(&block) # config.omniauth :github, APP_ID, APP_SECRET # def self.omniauth(provider, *args) - @@helpers << Devise::OmniAuth::UrlHelpers config = Devise::OmniAuth::Config.new(provider, args) @@omniauth_configs[config.strategy_name.to_sym] = config end diff --git a/lib/devise/omniauth/url_helpers.rb b/lib/devise/omniauth/url_helpers.rb index d3e1e678be..f2cc3dbcd9 100644 --- a/lib/devise/omniauth/url_helpers.rb +++ b/lib/devise/omniauth/url_helpers.rb @@ -1,57 +1,6 @@ module Devise module OmniAuth module UrlHelpers - def self.define_helpers(mapping) - return unless mapping.omniauthable? - - mapping = mapping.name - - class_eval do - define_method("#{mapping}_omniauth_authorize_path") do |provider, *args| - ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) - [Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2. - - Please use #{mapping}_#{provider}_omniauth_authorize_path instead. - DEPRECATION - send("#{mapping}_#{provider}_omniauth_authorize_path", *args) - end - - define_method("#{mapping}_omniauth_authorize_url") do |provider, *args| - ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) - [Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2. - - Please use #{mapping}_#{provider}_omniauth_authorize_url instead. - DEPRECATION - send("#{mapping}_#{provider}_omniauth_authorize_url", *args) - end - - define_method("#{mapping}_omniauth_callback_path") do |provider, *args| - ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) - [Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2. - - Please use #{mapping}_#{provider}_omniauth_callback_path instead. - DEPRECATION - send("#{mapping}_#{provider}_omniauth_callback_path", *args) - end - - define_method("#{mapping}_omniauth_callback_url") do |provider, *args| - ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc) - [Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.2. - - Please use #{mapping}_#{provider}_omniauth_callback_url instead. - DEPRECATION - send("#{mapping}_#{provider}_omniauth_callback_url", *args) - end - end - - ActiveSupport.on_load(:action_controller) do - if respond_to?(:helper_method) - helper_method "#{mapping}_omniauth_authorize_path", "#{mapping}_omniauth_authorize_url" - helper_method "#{mapping}_omniauth_callback_path", "#{mapping}_omniauth_callback_url" - end - end - end - def omniauth_authorize_path(resource_or_scope, provider, *args) scope = Devise::Mapping.find_scope!(resource_or_scope) _devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_path", *args) From 980572896440435b9853765acc43e0e4ee623b08 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 18:24:08 -0300 Subject: [PATCH 0926/1473] Remove deprecated `Devise.bcrypt` method. --- lib/devise/models/database_authenticatable.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index fcf0c902f1..70f6460947 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -1,11 +1,6 @@ require 'devise/strategies/database_authenticatable' module Devise - def self.bcrypt(klass, password) - ActiveSupport::Deprecation.warn "Devise.bcrypt is deprecated; use Devise::Encryptor.digest instead" - Devise::Encryptor.digest(klass, password) - end - module Models # Authenticatable Module, responsible for hashing the password and # validating the authenticity of a user while signing in. From 26e22d8e953184b38a87f3a9b935db32258637d5 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 18:27:16 -0300 Subject: [PATCH 0927/1473] Remove deprecated `Devise::Models::Confirmable#confirm!` method. --- lib/devise/models/confirmable.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index c00e41da38..449435ab5d 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -97,11 +97,6 @@ def confirm(args={}) end end - def confirm!(args={}) - ActiveSupport::Deprecation.warn "confirm! is deprecated in favor of confirm" - confirm(args) - end - # Verifies whether a user is confirmed or not def confirmed? !!confirmed_at From 71f90c0d6ecbfb8c3526531920d5822cd9e97254 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 18:28:47 -0300 Subject: [PATCH 0928/1473] Remove deprecated `Devise::Models::Recoverable#reset_password!` method. --- lib/devise/models/recoverable.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 4ee8378f05..0328577b2f 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -48,11 +48,6 @@ def reset_password(new_password, new_password_confirmation) save end - def reset_password!(new_password, new_password_confirmation) - ActiveSupport::Deprecation.warn "reset_password! is deprecated in favor of reset_password" - reset_password(new_password, new_password_confirmation) - end - # Resets reset password token and send reset password instructions by email. # Returns the token sent in the e-mail. def send_reset_password_instructions From 201a4f92c2a7916bc44143f1c48fb0ef160f2c5d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 3 May 2016 18:30:49 -0300 Subject: [PATCH 0929/1473] Remove deprecated `Devise::Models::Recoverable#after_password_reset` method. --- lib/devise/models/recoverable.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 0328577b2f..c2cbd0f27b 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -40,11 +40,6 @@ def reset_password(new_password, new_password_confirmation) self.password = new_password self.password_confirmation = new_password_confirmation - if respond_to?(:after_password_reset) && valid? - ActiveSupport::Deprecation.warn "after_password_reset is deprecated" - after_password_reset - end - save end From a45c4c0ac42702ba4cff0e47aa0885383acd47ba Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 5 May 2016 17:14:27 -0300 Subject: [PATCH 0930/1473] Update CHANGELOG.md. --- CHANGELOG.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5069b1ec4c..e5e226643b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +### Unreleased + +* removals + * Remove the deprecated `Devise::ParameterSanitizer` API from Devise 3. + Please use the `#permit` and `#sanitize` methods over `#for`. + * Remove the deprecated OmniAuth URL helpers. Use the fully qualified helpers + (`user_facebook_omniauth_authorize_path`) over the scope based helpers + ( `user_omniauth_authorize_path(:facebook)`). + * Remove the `Devise.bcrypt` method, use `Devise::Encryptor.digest` instead. + * Remove the `Devise::Models::Confirmable#confirm!` method, use `confirm` instead. + * Remove the `Devise::Models::Recoverable#reset_password!` method, use `reset_password` instead. + * Remove the `Devise::Models::Recoverable#after_password_reset` method. + ### 4.1.0 * bug fixes From 85bcbdf18b5c3a5ecf254412539bbb31aa1a54f0 Mon Sep 17 00:00:00 2001 From: Matt Yanchek Date: Thu, 5 May 2016 13:16:41 -0700 Subject: [PATCH 0931/1473] Set minimum password length for edit and new views (#4068) * Set minimum password length for edit and new views * Update edit.html.erb * Update registerable_test.rb --- app/controllers/devise/registrations_controller.rb | 2 +- app/views/devise/registrations/edit.html.erb | 4 ++++ test/integration/registerable_test.rb | 6 ++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 01926bbcac..53b375c914 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -1,11 +1,11 @@ class Devise::RegistrationsController < DeviseController prepend_before_action :require_no_authentication, only: [:new, :create, :cancel] prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy] + prepend_before_action :set_minimum_password_length, only: [:new, :edit] # GET /resource/sign_up def new build_resource({}) - set_minimum_password_length yield resource if block_given? respond_with self.resource end diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 3ea40f0148..1e66f3d7ad 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -15,6 +15,10 @@
<%= f.label :password %> (leave blank if you don't want to change it)
<%= f.password_field :password, autocomplete: "off" %> + <% if @minimum_password_length %> +
+ <%= @minimum_password_length %> characters minimum + <% end %>
diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 9417a17723..4fa361b7cb 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -219,6 +219,12 @@ def user_sign_up assert_contain "Password confirmation doesn't match Password" refute User.to_adapter.find_first.valid_password?('pas123') end + + test 'a signed in user should see a warning about minimum password length' do + sign_in_as_user + get edit_user_registration_path + assert_contain 'characters minimum' + end test 'a signed in user should be able to cancel their account' do sign_in_as_user From 0a1e55f11ca17933e41c0abd05e57be26b6d9184 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 5 May 2016 17:17:48 -0300 Subject: [PATCH 0932/1473] Update CHANGELOG [ci skip]. --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e5e226643b..29a9e9af18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ * Remove the `Devise::Models::Confirmable#confirm!` method, use `confirm` instead. * Remove the `Devise::Models::Recoverable#reset_password!` method, use `reset_password` instead. * Remove the `Devise::Models::Recoverable#after_password_reset` method. +* enhancements + * Display the minimum password length on `registrations/edit` view (by @Yanchek99). ### 4.1.0 From db8e247aa59f88a9fb0882af224739287332a19b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 5 May 2016 17:23:05 -0300 Subject: [PATCH 0933/1473] Document `reload_routes` on the app file template. --- lib/devise.rb | 5 ++++- lib/generators/templates/devise.rb | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 810783dc79..9c10fc1e90 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -242,7 +242,10 @@ module Strategies mattr_accessor :clean_up_csrf_token_on_authentication @@clean_up_csrf_token_on_authentication = true - # When false, Devise will not attempt to reload routes on eager load + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. mattr_accessor :reload_routes @@reload_routes = true diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index c6ed2143fe..4bc37ca52d 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -90,6 +90,12 @@ # from the server. You can disable this option at your own risk. # config.clean_up_csrf_token_on_authentication = true + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. + # config.reload_routes = true + # ==> Configuration for :database_authenticatable # For bcrypt, this is the cost for hashing the password and defaults to 11. If # using other algorithms, it sets how many times you want the password to be hashed. From 0c1b1a896f549f92d76baf06fcece150420e94bf Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Thu, 5 May 2016 17:23:19 -0300 Subject: [PATCH 0934/1473] Update CHANGELOG [ci skip]. --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 29a9e9af18..0209f092e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,11 @@ * Remove the `Devise::Models::Recoverable#after_password_reset` method. * enhancements * Display the minimum password length on `registrations/edit` view (by @Yanchek99). + * You can disable Devise's routes reloading on boot by through the `reload_routes = false` config. + This can reduce the time taken to boot the application but it might trigger some errors + if you application (mostly your controllers) requires that Devise mappings be loaded + during boot time. + (by @sidonath). ### 4.1.0 From 20d786d7caf11f02e957dc15293c9ad34615b2d9 Mon Sep 17 00:00:00 2001 From: Leonardo Date: Thu, 5 May 2016 13:46:35 +0100 Subject: [PATCH 0935/1473] fix #3958 adding helper test to report bugs --- .../integration_test_master.rb | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 guides/bug_report_templates/integration_test_master.rb diff --git a/guides/bug_report_templates/integration_test_master.rb b/guides/bug_report_templates/integration_test_master.rb new file mode 100644 index 0000000000..4a76796119 --- /dev/null +++ b/guides/bug_report_templates/integration_test_master.rb @@ -0,0 +1,104 @@ +begin + require 'bundler/inline' +rescue LoadError => e + $stderr.puts 'Bundler version 1.10 or later is required. Please update your Bundler' + raise e +end + +gemfile(true) do + source 'https://rubygems.org' + # Activate the gem you are reporting the issue against. + gem 'rails', '4.2.0' + gem 'devise' + gem 'sqlite3' + gem 'byebug' +end + +require 'rack/test' +require 'action_controller/railtie' +require 'active_record' +require 'devise/rails/routes' +require 'devise/rails/warden_compat' + +ActiveRecord::Base.establish_connection( adapter: :sqlite3, database: ":memory:") + +class DeviseCreateUsers < ActiveRecord::Migration + def change + create_table(:users) do |t| + t.string :email, null: false + t.string :encrypted_password, null: true + t.timestamps null: false + end + + end +end + +Devise.setup do |config| + require 'devise/orm/active_record' + config.secret_key = 'secret_key_base' +end + +class TestApp < Rails::Application + config.root = File.dirname(__FILE__) + config.session_store :cookie_store, key: 'cookie_store_key' + secrets.secret_token = 'secret_token' + secrets.secret_key_base = 'secret_key_base' + config.eager_load = false + + config.middleware.use Warden::Manager do |config| + Devise.warden_config = config + end + + config.logger = Logger.new($stdout) + Rails.logger = config.logger + +end + +Rails.application.initialize! + +DeviseCreateUsers.migrate(:up) + +class User < ActiveRecord::Base + devise :database_authenticatable +end + +Rails.application.routes.draw do + devise_for :users + + get '/' => 'test#index' +end + +class ApplicationController < ActionController::Base +end + +class TestController < ApplicationController + include Rails.application.routes.url_helpers + + before_filter :authenticate_user! + + def index + render plain: 'Home' + end +end + +require 'minitest/autorun' + +class BugTest < ActionDispatch::IntegrationTest + include Rack::Test::Methods + include Warden::Test::Helpers + + def test_returns_success + Warden.test_mode! + + login_as User.create!(email: "test@test.com", password: "test123456", password_confirmation: "test123456") + + get '/' + assert last_response.ok? + end + + private + + def app + Rails.application + end +end From cff78eec2395d90ed42908aca15ce40834c7ee91 Mon Sep 17 00:00:00 2001 From: bogdanvlviv Date: Fri, 6 May 2016 23:05:03 +0300 Subject: [PATCH 0936/1473] Update .travis.yml --- .travis.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index e19c32b4a5..5831ecfc8a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,9 +1,10 @@ language: ruby rvm: - - 2.3.0 - - 2.2.4 - - 2.1.8 + - 2.1.9 + - 2.2.5 + - 2.3.1 + - ruby-head gemfile: - Gemfile @@ -13,10 +14,13 @@ gemfile: matrix: exclude: - - rvm: 2.1.8 + - rvm: 2.1.9 gemfile: gemfiles/Gemfile.rails-5.0-beta - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.0-beta + allow_failures: + - rvm: ruby-head + fast_finish: true services: - mongodb From 8286325fd0fcc9dc165a245c1af6551020247ad5 Mon Sep 17 00:00:00 2001 From: Maarten van Vliet Date: Sun, 8 May 2016 18:41:46 +0200 Subject: [PATCH 0937/1473] Remove reference to Rails 3.2 in post-install text (#4094) --- lib/generators/templates/README | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/lib/generators/templates/README b/lib/generators/templates/README index 001e6e5a24..b76482806a 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -21,14 +21,7 @@ Some setup you must do manually if you haven't yet:

<%= notice %>

<%= alert %>

- 4. If you are deploying on Heroku with Rails 3.2 only, you may want to set: - - config.assets.initialize_on_precompile = false - - On config/application.rb forcing your application to not access the DB - or load models when precompiling your assets. - - 5. You can copy Devise views (for customization) to your app by running: + 4. You can copy Devise views (for customization) to your app by running: rails g devise:views From 1beac93961ad19a4f9b64ddeea93afea9c37132f Mon Sep 17 00:00:00 2001 From: Shinya Kitamura Date: Tue, 10 May 2016 22:11:12 +0800 Subject: [PATCH 0938/1473] Update README.md --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 102d48b5cf..ef02d95cf5 100644 --- a/README.md +++ b/README.md @@ -100,13 +100,13 @@ Run the bundle command to install it. After you install Devise and add it to your Gemfile, you need to run the generator: ```console -rails generate devise:install +$ rails generate devise:install ``` The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator: ```console -rails generate devise MODEL +$ rails generate devise MODEL ``` Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. @@ -270,7 +270,7 @@ We built Devise to help you quickly develop an application that uses authenticat Since Devise is an engine, all its views are packaged inside the gem. These views will help you get started, but after some time you may want to change them. If this is the case, you just need to invoke the following generator, and it will copy all views to your application: ```console -rails generate devise:views +$ rails generate devise:views ``` If you have more than one Devise model in your application (such as `User` and `Admin`), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set `config.scoped_views = true` inside the `config/initializers/devise.rb` file. @@ -278,14 +278,14 @@ If you have more than one Devise model in your application (such as `User` and ` After doing so, you will be able to have views based on the role like `users/sessions/new` and `admins/sessions/new`. If no view is found within the scope, Devise will use the default view at `devise/sessions/new`. You can also use the generator to generate scoped views: ```console -rails generate devise:views users +$ rails generate devise:views users ``` If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module, you can pass a list of modules to the generator with the `-v` flag. ```console -rails generate devise:views -v registrations confirmations +$ rails generate devise:views -v registrations confirmations ``` ### Configuring controllers @@ -295,7 +295,7 @@ If the customization at the views level is not enough, you can customize each co 1. Create your custom controllers using the generator which requires a scope: ```console - rails generate devise:controllers [scope] + $ rails generate devise:controllers [scope] ``` If you specify `users` as the scope, controllers will be created in `app/controllers/users/`. From 4a9eee5a1c9961fde9c3be5d6047256d0968a09d Mon Sep 17 00:00:00 2001 From: Lucas Nelson Date: Thu, 12 May 2016 10:24:47 +1000 Subject: [PATCH 0939/1473] Fix suggested omniauth path The suggested omniauth path noted in the CHANGELOG.md under 4.0.0.rc2 did not work. It was missing an `_omniauth` in the middle of the method name. user_github_authorize_path => user_github_omniauth_authorize_path --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0209f092e7..9edb036671 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -97,7 +97,7 @@ * deprecations * omniauth routes are no longer defined with a wildcard `:provider` parameter, - and provider specific routes are defined instead, so route helpers like `user_omniauth_authorize_path(:github)` are deprecated in favor of `user_github_authorize_path`. + and provider specific routes are defined instead, so route helpers like `user_omniauth_authorize_path(:github)` are deprecated in favor of `user_github_omniauth_authorize_path`. You can still use `omniauth_authorize_path(:user, :github)` if you need to call the helpers dynamically. From 28f0e3281a9d7b9d0d6a749bb4eb3743a9eb8665 Mon Sep 17 00:00:00 2001 From: Steven Spiel Date: Wed, 11 May 2016 22:06:40 -0400 Subject: [PATCH 0940/1473] Consistency of quotation marks in README (#4103) * Change double to single quotes in ruby code blocks For consistency, I switched some of the double quotes to single quotes in the ruby code blocks. --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ef02d95cf5..53d1d08e9d 100644 --- a/README.md +++ b/README.md @@ -154,7 +154,7 @@ user_session After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect to. For instance, when using a `:user` resource, the `user_root_path` will be used if it exists; otherwise, the default `root_path` will be used. This means that you need to set the root inside your routes: ```ruby -root to: "home#index" +root to: 'home#index' ``` You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks. @@ -314,7 +314,7 @@ If the customization at the views level is not enough, you can customize each co 2. Tell the router to use this controller: ```ruby - devise_for :users, controllers: { sessions: "users/sessions" } + devise_for :users, controllers: { sessions: 'users/sessions' } ``` 3. Copy the views from `devise/sessions` to `users/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`. @@ -352,7 +352,7 @@ Remember that Devise uses flash messages to let users know if sign in was succes Devise also ships with default routes. If you need to customize them, you should probably be able to do it through the devise_for method. It accepts several options like :class_name, :path_prefix and so on, including the possibility to change path names for I18n: ```ruby -devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } +devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details. @@ -361,7 +361,7 @@ If you have the need for more deep customization, for instance to also allow "/s ```ruby devise_scope :user do - get "sign_in", to: "devise/sessions#new" + get 'sign_in', to: 'devise/sessions#new' end ``` @@ -447,7 +447,7 @@ There are two things that are important to keep in mind: 2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use: ```ruby - @request.env["devise.mapping"] = Devise.mappings[:user] + @request.env['devise.mapping'] = Devise.mappings[:user] get :new ``` From 2e442d81f728d825f712f5ab4140c5ee98681009 Mon Sep 17 00:00:00 2001 From: Giedrius Rimkus Date: Thu, 12 May 2016 15:47:04 +0300 Subject: [PATCH 0941/1473] Update example code in authenticatable model --- lib/devise/models/authenticatable.rb | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index d66c3340b4..567b230efb 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -143,13 +143,25 @@ def devise_mailer # if new_record? || changed? # pending_notifications << [notification, args] # else - # devise_mailer.send(notification, self, *args).deliver + # message = devise_mailer.send(notification, self, *args) + # Remove once we move to Rails 4.2+ only. + # if message.respond_to?(:deliver_now) + # message.deliver_now + # else + # message.deliver + # end # end # end # # def send_pending_notifications # pending_notifications.each do |notification, args| - # devise_mailer.send(notification, self, *args).deliver + # message = devise_mailer.send(notification, self, *args) + # Remove once we move to Rails 4.2+ only. + # if message.respond_to?(:deliver_now) + # message.deliver_now + # else + # message.deliver + # end # end # # # Empty the pending notifications array because the From 2044fffa25d781fcbaf090e7728b48b65c854ccb Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Sun, 15 May 2016 11:46:48 -0300 Subject: [PATCH 0942/1473] Deprecate the bypass option of sign_in (#4078) The sign_in method permits the bypass option that ignore the others options used. This behavior has lead some users to a misconfusion what the method really does. This change deprecate the bypass option in favor of a method that only does the sign in with bypass. Closes #3981 --- .../devise/registrations_controller.rb | 2 +- lib/devise/controllers/sign_in_out.rb | 34 ++++++++++++++----- test/controllers/helpers_test.rb | 4 +-- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 53b375c914..d96f205779 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -53,7 +53,7 @@ def update :update_needs_confirmation : :updated set_flash_message :notice, flash_key end - sign_in resource_name, resource, bypass: true + bypass_sign_in resource, scope: resource_name respond_with resource, location: after_update_path_for(resource) else clean_up_passwords resource diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 2ba90a0d4b..30d4913855 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -12,20 +12,15 @@ def signed_in?(scope=nil) end # Sign in a user that already was authenticated. This helper is useful for logging - # users in after sign up. - # - # All options given to sign_in is passed forward to the set_user method in warden. - # The only exception is the :bypass option, which bypass warden callbacks and stores - # the user straight in session. This option is useful in cases the user is already - # signed in, but we want to refresh the credentials in session. + # users in after sign up. All options given to sign_in is passed forward + # to the set_user method in warden. # # Examples: # # sign_in :user, @user # sign_in(scope, resource) # sign_in @user # sign_in(resource) - # sign_in @user, event: :authentication # sign_in(resource, options) - # sign_in @user, store: false # sign_in(resource, options) - # sign_in @user, bypass: true # sign_in(resource, options) + # sign_in @user, event: :authentication # sign_in(resource, options) + # sign_in @user, store: false # sign_in(resource, options) # def sign_in(resource_or_scope, *args) options = args.extract_options! @@ -35,6 +30,13 @@ def sign_in(resource_or_scope, *args) expire_data_after_sign_in! if options[:bypass] + ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller) + [Devise] bypass option is deprecated and it will be removed in future version of Devise. + Please use bypass_sign_in method instead. + Example: + + bypass_sign_in(user) + DEPRECATION warden.session_serializer.store(resource, scope) elsif warden.user(scope) == resource && !options.delete(:force) # Do nothing. User already signed in and we are not forcing it. @@ -44,6 +46,20 @@ def sign_in(resource_or_scope, *args) end end + # Sign in a user bypassing the warden callbacks and stores the user + # straight in session. This option is useful in cases the user is already + # signed in, but we want to refresh the credentials in session. + # + # Examples: + # + # bypass_sign_in @user, scope: :user + # bypass_sign_in @user + def bypass_sign_in(resource, scope: nil) + scope ||= Devise::Mapping.find_scope!(resource) + expire_data_after_sign_in! + warden.session_serializer.store(resource, scope) + end + # Sign out a given user or scope. This helper is useful for signing out a user # after deleting accounts. Returns true if there was a logout and false if there # is no user logged in on the referred scope diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 4783356153..0de1e19c5d 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -150,11 +150,11 @@ def setup @controller.sign_in(user, force: true) end - test 'sign in accepts bypass as option' do + test 'bypass the sign in' do user = User.new @mock_warden.expects(:session_serializer).returns(serializer = mock()) serializer.expects(:store).with(user, :user) - @controller.sign_in(user, bypass: true) + @controller.bypass_sign_in(user) end test 'sign out clears up any signed in user from all scopes' do From 9caf07dd4f7036168c423d335f53ae8a212eba18 Mon Sep 17 00:00:00 2001 From: Ralin Chimev Date: Sun, 15 May 2016 17:48:12 +0300 Subject: [PATCH 0943/1473] Fix overwriting the remember_token when a valid one already exists (#4101) The remember_token should not get overwritten when a user is signing in and a valid token already exists. Fixes #3950. --- lib/devise/models/rememberable.rb | 2 +- test/models/rememberable_test.rb | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 61e6579edc..add55c1c46 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -46,7 +46,7 @@ def self.required_fields(klass) end def remember_me! - self.remember_token = self.class.remember_token if respond_to?(:remember_token) + self.remember_token ||= self.class.remember_token if respond_to?(:remember_token) self.remember_created_at ||= Time.now.utc save(validate: false) if self.changed? end diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 5dc8851fb5..4950e33dd7 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -16,6 +16,18 @@ def create_resource assert user.remember_created_at end + test 'remember_me should not generate a new token if valid token exists' do + user = create_user + user.singleton_class.send(:attr_accessor, :remember_token) + User.to_adapter.expects(:find_first).returns(nil) + + user.remember_me! + existing_token = user.remember_token + + user.remember_me! + assert_equal existing_token, user.remember_token + end + test 'forget_me should not clear remember token if using salt' do user = create_user user.remember_me! From 863b811167ef515f1e28de5ba14b0224728c4642 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Sun, 15 May 2016 11:58:02 -0300 Subject: [PATCH 0944/1473] :memo: Update CHANGELOG --- CHANGELOG.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9edb036671..e708ad8a44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,10 +13,16 @@ * enhancements * Display the minimum password length on `registrations/edit` view (by @Yanchek99). * You can disable Devise's routes reloading on boot by through the `reload_routes = false` config. - This can reduce the time taken to boot the application but it might trigger some errors - if you application (mostly your controllers) requires that Devise mappings be loaded - during boot time. - (by @sidonath). + This can reduce the time taken to boot the application but it might trigger + some errors if you application (mostly your controllers) requires that + Devise mappings be loaded during boot time (by @sidonath). +* deprecations + * The option `bypass` of `Devise::Controllers::SignInOut#sign_in` method is + deprecated in favor of `Devise::Controllers::SignInOut#bypass_sign_in` + method (by @ulissesalmeida). +* bug fixes + * Fix overwriting the remember_token when a valid one already exists + (by @ralinchimev). ### 4.1.0 From f89921e1532e3f0d55f759179113944e0a941ce7 Mon Sep 17 00:00:00 2001 From: Ulisses Almeida Date: Sun, 15 May 2016 12:22:45 -0300 Subject: [PATCH 0945/1473] :memo: Update with minor patch releases --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e708ad8a44..0b798c0939 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,11 @@ * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev). +### 4.1.1 - 2016-05-15 + +* bug fixes + * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev). + ### 4.1.0 * bug fixes @@ -60,6 +65,11 @@ * improvements * Avoids extra computation of friendly token for confirmation token (by @sbc100) +### 4.0.3 - 2016-05-15 + + * bug fixes + * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev). + ### 4.0.2 - 2016-05-02 * bug fixes From 4925ffda315002d132f17e539475a9c015f1d76d Mon Sep 17 00:00:00 2001 From: Washington Botelho Date: Sun, 15 May 2016 13:51:41 -0300 Subject: [PATCH 0946/1473] removes bugfix, from unreleased, already shipped --- CHANGELOG.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b798c0939..2e328df840 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,9 +20,6 @@ * The option `bypass` of `Devise::Controllers::SignInOut#sign_in` method is deprecated in favor of `Devise::Controllers::SignInOut#bypass_sign_in` method (by @ulissesalmeida). -* bug fixes - * Fix overwriting the remember_token when a valid one already exists - (by @ralinchimev). ### 4.1.1 - 2016-05-15 From 48251f236f53369b8f3a8a4b3ba036de3ad90fdc Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 15 May 2016 19:19:27 -0300 Subject: [PATCH 0947/1473] Use single quotes consistently through the integration test example. --- .../integration_test_master.rb | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/guides/bug_report_templates/integration_test_master.rb b/guides/bug_report_templates/integration_test_master.rb index 4a76796119..c4764b1343 100644 --- a/guides/bug_report_templates/integration_test_master.rb +++ b/guides/bug_report_templates/integration_test_master.rb @@ -20,10 +20,10 @@ require 'devise/rails/routes' require 'devise/rails/warden_compat' -ActiveRecord::Base.establish_connection( adapter: :sqlite3, database: ":memory:") +ActiveRecord::Base.establish_connection( adapter: :sqlite3, database: ':memory:') class DeviseCreateUsers < ActiveRecord::Migration - def change + def change create_table(:users) do |t| t.string :email, null: false t.string :encrypted_password, null: true @@ -44,14 +44,14 @@ class TestApp < Rails::Application secrets.secret_token = 'secret_token' secrets.secret_key_base = 'secret_key_base' config.eager_load = false - + config.middleware.use Warden::Manager do |config| Devise.warden_config = config end - + config.logger = Logger.new($stdout) Rails.logger = config.logger - + end Rails.application.initialize! @@ -64,7 +64,7 @@ class User < ActiveRecord::Base Rails.application.routes.draw do devise_for :users - + get '/' => 'test#index' end @@ -73,9 +73,9 @@ class ApplicationController < ActionController::Base class TestController < ApplicationController include Rails.application.routes.url_helpers - + before_filter :authenticate_user! - + def index render plain: 'Home' end @@ -86,11 +86,11 @@ def index class BugTest < ActionDispatch::IntegrationTest include Rack::Test::Methods include Warden::Test::Helpers - + def test_returns_success Warden.test_mode! - - login_as User.create!(email: "test@test.com", password: "test123456", password_confirmation: "test123456") + + login_as User.create!(email: 'test@test.com', password: 'test123456', password_confirmation: 'test123456') get '/' assert last_response.ok? From 675ae4d8029a51142265e7585a4e8ab5161b410e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 15 May 2016 19:20:32 -0300 Subject: [PATCH 0948/1473] Lock devise version on the bug report template. --- guides/bug_report_templates/integration_test_master.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/guides/bug_report_templates/integration_test_master.rb b/guides/bug_report_templates/integration_test_master.rb index c4764b1343..6fea86bbb3 100644 --- a/guides/bug_report_templates/integration_test_master.rb +++ b/guides/bug_report_templates/integration_test_master.rb @@ -8,8 +8,8 @@ gemfile(true) do source 'https://rubygems.org' # Activate the gem you are reporting the issue against. - gem 'rails', '4.2.0' - gem 'devise' + gem 'rails', '~> 4.2.0' + gem 'devise', '~> 4.0' gem 'sqlite3' gem 'byebug' end From 934fe45cfe873d183c9cab358152c4f50ac21a4e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 15 May 2016 19:21:50 -0300 Subject: [PATCH 0949/1473] Drop `_master` suffix as the bug template doesnt use Rails/Devise master. --- .../{integration_test_master.rb => integration_test.rb} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename guides/bug_report_templates/{integration_test_master.rb => integration_test.rb} (100%) diff --git a/guides/bug_report_templates/integration_test_master.rb b/guides/bug_report_templates/integration_test.rb similarity index 100% rename from guides/bug_report_templates/integration_test_master.rb rename to guides/bug_report_templates/integration_test.rb From 62d6b5afb71cb1ca6976b4ac92cb340ca8a7b9b0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 15 May 2016 19:24:59 -0300 Subject: [PATCH 0950/1473] Mention the bug report test case on `CONTRIBUTING.md.` --- CONTRIBUTING.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3b12b9ceea..7e5061db41 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,11 +4,16 @@ 2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) instead. -3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. +3) If possible, replicate your issue with our +[guides/bug_report_templates/integration_test.rb](test case example), and attach +it to your issue or Pull Request - this way we have an isolated way to replicate +your issue and investigate it further. -4) When reporting an issue, include Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace. +4) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. -5) Notice that all of your interactions in the project are expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md) +5) When reporting an issue, include Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace. + +6) Notice that all of your interactions in the project are expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md) That's it! The more information you give, the easier it becomes for us to track it down and fix it. Ideally, you should provide an application that reproduces the error or a test case to Devise's suite. From 0d45142845728ca02cf1a4301c4fe740aaad5dde Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 15 May 2016 19:30:14 -0300 Subject: [PATCH 0951/1473] `CONTRIBUTING.md` edits * Wrap lines to around ~80 characters. * Suggest reporting issues with fresh apps that replicate the issue. * Mention our policy regarding internationalizing Devise views. --- CONTRIBUTING.md | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7e5061db41..302fbd6e64 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,21 +1,39 @@ ### Please read before contributing -1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). +1) Do not post questions in the issues tracker. If you have any questions about +Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use +the [Mailing List](https://groups.google.com/group/plataformatec-devise) or +[Stack Overflow](http://stackoverflow.com/questions/tagged/devise). -2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) instead. +2) If you find a security bug, **DO NOT** submit an issue here. Please send an +e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) +instead. 3) If possible, replicate your issue with our [guides/bug_report_templates/integration_test.rb](test case example), and attach it to your issue or Pull Request - this way we have an isolated way to replicate your issue and investigate it further. -4) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. +4) Otherwise, please provide a fresh new Rails application that replicates your +issue on a public GitHub repository, as some scenarios might not be possible to +replicate using the standalone test case example. -5) When reporting an issue, include Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace. +5) Do a small search on the issues tracker before submitting your issue to see +if it was already reported / fixed. Duplicated issues will be closed to avoid +too much noise/duplication in the issue tracker. -6) Notice that all of your interactions in the project are expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md) +6) When reporting an issue, include Rails, Devise and Warden versions. If you +are getting exceptions, please include the full backtrace. -That's it! The more information you give, the easier it becomes for us to track it down and fix it. -Ideally, you should provide an application that reproduces the error or a test case to Devise's suite. +7) Please do not attempt to translate Devise built in views. The views are meant +to be a starting point and not a final version. For historical references, +please look into closed issues/Pull regarding i18n. + +8) Notice that all of your interactions in the project are expected to follow +our [Code of Conduct](CODE_OF_CONDUCT.md) + +That's it! The more information you give, the easier it becomes for us to track +it down and fix it. Ideally, you should provide an application that reproduces +the error or a test case to Devise's suite. Thanks! From 3f3ec236bb50a2ae8b0eede90d8f7ecd201d7dbb Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 29 Apr 2016 15:46:49 -0300 Subject: [PATCH 0952/1473] Move `Devise::TestHelpers` to `Devise::Test::ControllerHelpers`. --- lib/devise.rb | 5 + lib/devise/test/controller_helpers.rb | 139 ++++++++++++++++++ lib/devise/test_helpers.rb | 134 +---------------- .../custom_registrations_controller_test.rb | 2 +- test/controllers/custom_strategy_test.rb | 2 +- test/controllers/passwords_controller_test.rb | 2 +- test/controllers/sessions_controller_test.rb | 2 +- .../controller_helpers_test.rb} | 4 +- 8 files changed, 155 insertions(+), 135 deletions(-) create mode 100644 lib/devise/test/controller_helpers.rb rename test/{test_helpers_test.rb => test/controller_helpers_test.rb} (97%) diff --git a/lib/devise.rb b/lib/devise.rb index 9c10fc1e90..045b617773 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -39,6 +39,11 @@ module Strategies autoload :Authenticatable, 'devise/strategies/authenticatable' end + module Test + autoload :ControllerHelpers, 'devise/test/controller_helpers' + end + + # Constants which holds devise configuration for extensions. Those should # not be modified by the "end user" (this is why they are constants). ALL = [] diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb new file mode 100644 index 0000000000..328767a8e5 --- /dev/null +++ b/lib/devise/test/controller_helpers.rb @@ -0,0 +1,139 @@ +module Devise + module Test + # Devise::Test::ControllerHelpers provides a facility to test controllers in isolation + # when using ActionController::TestCase allowing you to quickly sign_in or + # sign_out a user. Do not use Devise::TestHelpers in integration tests. + # + # Notice you should not test Warden specific behavior (like Warden callbacks) + # using Devise::TestHelpers since it is a stub of the actual behavior. Such + # callbacks should be tested in your integration suite instead. + module ControllerHelpers + def self.included(base) + base.class_eval do + setup :setup_controller_for_warden, :warden if respond_to?(:setup) + end + end + + # Override process to consider warden. + def process(*) + # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts + _catch_warden { super } # || @response # _catch_warden will setup the @response object + + # process needs to return the ActionDispath::TestResponse object + @response + end + + # We need to set up the environment variables and the response in the controller. + def setup_controller_for_warden #:nodoc: + @request.env['action_controller.instance'] = @controller + end + + # Quick access to Warden::Proxy. + def warden #:nodoc: + @request.env['warden'] ||= begin + manager = Warden::Manager.new(nil) do |config| + config.merge! Devise.warden_config + end + Warden::Proxy.new(@request.env, manager) + end + end + + # sign_in a given resource by storing its keys in the session. + # This method bypass any warden authentication callback. + # + # Examples: + # + # sign_in :user, @user # sign_in(scope, resource) + # sign_in @user # sign_in(resource) + # + def sign_in(resource_or_scope, resource=nil) + scope ||= Devise::Mapping.find_scope!(resource_or_scope) + resource ||= resource_or_scope + warden.instance_variable_get(:@users).delete(scope) + warden.session_serializer.store(resource, scope) + end + + # Sign out a given resource or scope by calling logout on Warden. + # This method bypass any warden logout callback. + # + # Examples: + # + # sign_out :user # sign_out(scope) + # sign_out @user # sign_out(resource) + # + def sign_out(resource_or_scope) + scope = Devise::Mapping.find_scope!(resource_or_scope) + @controller.instance_variable_set(:"@current_#{scope}", nil) + user = warden.instance_variable_get(:@users).delete(scope) + warden.session_serializer.delete(scope, user) + end + + protected + + # Catch warden continuations and handle like the middleware would. + # Returns nil when interrupted, otherwise the normal result of the block. + def _catch_warden(&block) + result = catch(:warden, &block) + + env = @controller.request.env + + result ||= {} + + # Set the response. In production, the rack result is returned + # from Warden::Manager#call, which the following is modelled on. + case result + when Array + if result.first == 401 && intercept_401?(env) # does this happen during testing? + _process_unauthenticated(env) + else + result + end + when Hash + _process_unauthenticated(env, result) + else + result + end + end + + def _process_unauthenticated(env, options = {}) + options[:action] ||= :unauthenticated + proxy = env['warden'] + result = options[:result] || proxy.result + + ret = case result + when :redirect + body = proxy.message || "You are being redirected to #{proxy.headers['Location']}" + [proxy.status, proxy.headers, [body]] + when :custom + proxy.custom_response + else + env["PATH_INFO"] = "/#{options[:action]}" + env["warden.options"] = options + Warden::Manager._run_callbacks(:before_failure, env, options) + + status, headers, response = Devise.warden_config[:failure_app].call(env).to_a + @controller.response.headers.merge!(headers) + r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] } + r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body + @controller.send :render, r_opts + nil # causes process return @response + end + + # ensure that the controller response is set up. In production, this is + # not necessary since warden returns the results to rack. However, at + # testing time, we want the response to be available to the testing + # framework to verify what would be returned to rack. + if ret.is_a?(Array) + # ensure the controller response is set to our response. + @controller.response ||= @response + @response.status = ret.first + @response.headers.clear + ret.second.each { |k,v| @response[k] = v } + @response.body = ret.third + end + + ret + end + end + end +end diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index 7d97147ba3..dc53be8282 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -1,137 +1,13 @@ module Devise - # Devise::TestHelpers provides a facility to test controllers in isolation - # when using ActionController::TestCase allowing you to quickly sign_in or - # sign_out a user. Do not use Devise::TestHelpers in integration tests. - # - # Notice you should not test Warden specific behavior (like Warden callbacks) - # using Devise::TestHelpers since it is a stub of the actual behavior. Such - # callbacks should be tested in your integration suite instead. module TestHelpers def self.included(base) base.class_eval do - setup :setup_controller_for_warden, :warden if respond_to?(:setup) + ActiveSupport::Deprecation.warn <<-DEPRECATION + [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise. + For controller tests, please include `Devise::Test::ControllerHelpers` instead. + DEPRECATION + include Devise::Test::ControllerHelpers end end - - # Override process to consider warden. - def process(*) - # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts - _catch_warden { super } # || @response # _catch_warden will setup the @response object - - # process needs to return the ActionDispath::TestResponse object - @response - end - - # We need to set up the environment variables and the response in the controller. - def setup_controller_for_warden #:nodoc: - @request.env['action_controller.instance'] = @controller - end - - # Quick access to Warden::Proxy. - def warden #:nodoc: - @request.env['warden'] ||= begin - manager = Warden::Manager.new(nil) do |config| - config.merge! Devise.warden_config - end - Warden::Proxy.new(@request.env, manager) - end - end - - # sign_in a given resource by storing its keys in the session. - # This method bypass any warden authentication callback. - # - # Examples: - # - # sign_in :user, @user # sign_in(scope, resource) - # sign_in @user # sign_in(resource) - # - def sign_in(resource_or_scope, resource=nil) - scope ||= Devise::Mapping.find_scope!(resource_or_scope) - resource ||= resource_or_scope - warden.instance_variable_get(:@users).delete(scope) - warden.session_serializer.store(resource, scope) - end - - # Sign out a given resource or scope by calling logout on Warden. - # This method bypass any warden logout callback. - # - # Examples: - # - # sign_out :user # sign_out(scope) - # sign_out @user # sign_out(resource) - # - def sign_out(resource_or_scope) - scope = Devise::Mapping.find_scope!(resource_or_scope) - @controller.instance_variable_set(:"@current_#{scope}", nil) - user = warden.instance_variable_get(:@users).delete(scope) - warden.session_serializer.delete(scope, user) - end - - protected - - # Catch warden continuations and handle like the middleware would. - # Returns nil when interrupted, otherwise the normal result of the block. - def _catch_warden(&block) - result = catch(:warden, &block) - - env = @controller.request.env - - result ||= {} - - # Set the response. In production, the rack result is returned - # from Warden::Manager#call, which the following is modelled on. - case result - when Array - if result.first == 401 && intercept_401?(env) # does this happen during testing? - _process_unauthenticated(env) - else - result - end - when Hash - _process_unauthenticated(env, result) - else - result - end - end - - def _process_unauthenticated(env, options = {}) - options[:action] ||= :unauthenticated - proxy = env['warden'] - result = options[:result] || proxy.result - - ret = case result - when :redirect - body = proxy.message || "You are being redirected to #{proxy.headers['Location']}" - [proxy.status, proxy.headers, [body]] - when :custom - proxy.custom_response - else - env["PATH_INFO"] = "/#{options[:action]}" - env["warden.options"] = options - Warden::Manager._run_callbacks(:before_failure, env, options) - - status, headers, response = Devise.warden_config[:failure_app].call(env).to_a - @controller.response.headers.merge!(headers) - r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] } - r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body - @controller.send :render, r_opts - nil # causes process return @response - end - - # ensure that the controller response is set up. In production, this is - # not necessary since warden returns the results to rack. However, at - # testing time, we want the response to be available to the testing - # framework to verify what would be returned to rack. - if ret.is_a?(Array) - # ensure the controller response is set to our response. - @controller.response ||= @response - @response.status = ret.first - @response.headers.clear - ret.second.each { |k,v| @response[k] = v } - @response.body = ret.third - end - - ret - end end end diff --git a/test/controllers/custom_registrations_controller_test.rb b/test/controllers/custom_registrations_controller_test.rb index 60db1f49fa..13e4eef280 100644 --- a/test/controllers/custom_registrations_controller_test.rb +++ b/test/controllers/custom_registrations_controller_test.rb @@ -3,7 +3,7 @@ class CustomRegistrationsControllerTest < Devise::ControllerTestCase tests Custom::RegistrationsController - include Devise::TestHelpers + include Devise::Test::ControllerHelpers setup do request.env["devise.mapping"] = Devise.mappings[:user] diff --git a/test/controllers/custom_strategy_test.rb b/test/controllers/custom_strategy_test.rb index 165f5a2c0e..b63bead68d 100644 --- a/test/controllers/custom_strategy_test.rb +++ b/test/controllers/custom_strategy_test.rb @@ -27,7 +27,7 @@ def authenticate! class CustomStrategyTest < Devise::ControllerTestCase tests CustomStrategyController - include Devise::TestHelpers + include Devise::Test::ControllerHelpers setup do Warden::Strategies.add(:custom_strategy, CustomStrategy) diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index f8a3f2c831..5c359eed59 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -2,7 +2,7 @@ class PasswordsControllerTest < Devise::ControllerTestCase tests Devise::PasswordsController - include Devise::TestHelpers + include Devise::Test::ControllerHelpers setup do request.env["devise.mapping"] = Devise.mappings[:user] diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 6d28c6d9bf..82d066b229 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -2,7 +2,7 @@ class SessionsControllerTest < Devise::ControllerTestCase tests Devise::SessionsController - include Devise::TestHelpers + include Devise::Test::ControllerHelpers test "#create doesn't raise unpermitted params when sign in fails" do begin diff --git a/test/test_helpers_test.rb b/test/test/controller_helpers_test.rb similarity index 97% rename from test/test_helpers_test.rb rename to test/test/controller_helpers_test.rb index 374c2dba30..dc0c2a2a7c 100644 --- a/test/test_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -1,8 +1,8 @@ require 'test_helper' -class TestHelpersTest < Devise::ControllerTestCase +class TestControllerHelpersTest < Devise::ControllerTestCase tests UsersController - include Devise::TestHelpers + include Devise::Test::ControllerHelpers test "redirects if attempting to access a page unauthenticated" do get :index From 7b000390a066d89b9cc474b22aa8afff6f5c85b7 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 29 Apr 2016 15:47:57 -0300 Subject: [PATCH 0953/1473] Add `Devise::Test::IntegrationHelpers`. --- lib/devise.rb | 2 +- lib/devise/test/integration_helpers.rb | 61 ++++++++++++++++++++++++++ test/test/integration_helpers_test.rb | 32 ++++++++++++++ 3 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 lib/devise/test/integration_helpers.rb create mode 100644 test/test/integration_helpers_test.rb diff --git a/lib/devise.rb b/lib/devise.rb index 045b617773..7819551fff 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -41,9 +41,9 @@ module Strategies module Test autoload :ControllerHelpers, 'devise/test/controller_helpers' + autoload :IntegrationHelpers, 'devise/test/integration_helpers' end - # Constants which holds devise configuration for extensions. Those should # not be modified by the "end user" (this is why they are constants). ALL = [] diff --git a/lib/devise/test/integration_helpers.rb b/lib/devise/test/integration_helpers.rb new file mode 100644 index 0000000000..e39b67924c --- /dev/null +++ b/lib/devise/test/integration_helpers.rb @@ -0,0 +1,61 @@ +module Devise + # Devise::Test::IntegrationHelpers is a helper module for facilitating + # authentication on Rails integration tests to bypass the required steps for + # signin in or signin out a record. + # + # Examples + # + # class PostsTest < ActionDispatch::IntegrationTest + # include Devise::Test::IntegrationHelpers + # + # test 'authenticated users can see posts' do + # sign_in users(:bob) + # + # get '/posts' + # assert_response :success + # end + # end + module Test + module IntegrationHelpers + def self.included(base) + base.class_eval do + include Warden::Test::Helpers + + setup :setup_integration_for_devise + teardown :teardown_integration_for_devise + end + end + + # Signs in a specific resource, mimicking a successfull sign in + # operation through +Devise::SessionsController#create+. + # + # * +resource+ - The resource that should be authenticated + # * +scope+ - An optional +Symbol+ with the scope where the resource + # should be signed in with. + def sign_in(resource, scope: nil) + scope ||= Devise::Mapping.find_scope!(resource) + + login_as(resource, scope: scope) + end + + # Signs out a specific scope from the session. + # + # * +resource_or_scope+ - The resource or scope that should be signed out. + def sign_out(resource_or_scope) + scope = Devise::Mapping.find_scope!(resource_or_scope) + + logout scope + end + + protected + + def setup_integration_for_devise + Warden.test_mode! + end + + def teardown_integration_for_devise + Warden.test_reset! + end + end + end +end diff --git a/test/test/integration_helpers_test.rb b/test/test/integration_helpers_test.rb new file mode 100644 index 0000000000..5f7dfd31b7 --- /dev/null +++ b/test/test/integration_helpers_test.rb @@ -0,0 +1,32 @@ +require 'test_helper' + +class TestIntegrationsHelpersTest < Devise::IntegrationTest + include Devise::Test::IntegrationHelpers + + test '#sign_in signs in the resource directly' do + sign_in(create_user) + + visit '/' + assert warden.authenticated?(:user) + end + + test '#sign_outs signs out in the resource directly' do + user = create_user + sign_in user + sign_out user + + visit '/' + refute warden.authenticated?(:user) + end + + test '#sign_out does not signs out other scopes' do + sign_in(create_user) + sign_in(create_admin) + sign_out :user + + visit '/' + + refute warden.authenticated?(:user) + assert warden.authenticated?(:admin) + end +end From e757543323ba54f11b33b87172da91a876ad6d69 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 29 Apr 2016 16:51:39 -0300 Subject: [PATCH 0954/1473] Revisit docs on test helpers on README.md --- README.md | 86 +++++++++++++++++++++------ lib/devise/test/controller_helpers.rb | 30 +++++++--- 2 files changed, 89 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 53d1d08e9d..898292667a 100644 --- a/README.md +++ b/README.md @@ -411,45 +411,95 @@ Caution: Devise Controllers inherit from ApplicationController. If your app uses ### Test helpers -Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of `ActiveSupport::TestCase` which is the default class inside of `test/test_helper.rb`): +Devise includes some test helpers for controller and integration tests. +In order to use them, you need to include the respective module in your test +cases/specs. + +### Controller tests + +Controller tests require that you include `Devise::Test::ControllerHelpers` on +your test case or its parent `ActionController::TestCase` superclass. ```ruby -class ActionController::TestCase - include Devise::TestHelpers +class PostsControllerTest < ActionController::TestCase + include Devise::Test::ControllerHelpers end ``` -If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb` (or `spec/rails_helper.rb` if you are using rspec-rails): +If you're using RSpec, you can put the following inside a file named +`spec/support/devise.rb` or in your `spec/spec_helper.rb` (or +`spec/rails_helper.rb` if you are using `rspec-rails`): ```ruby RSpec.configure do |config| - config.include Devise::TestHelpers, type: :controller - config.include Devise::TestHelpers, type: :view + config.include Devise::Test::ControllerHelpers, type: :controller + config.include Devise::Test::ControllerHelpers, type: :view end ``` Just be sure that this inclusion is made *after* the `require 'rspec/rails'` directive. -Now you are ready to use the `sign_in` and `sign_out` methods. Such methods have the same signature as in controllers: +Now you are ready to use the `sign_in` and `sign_out` methods on your controller +tests: ```ruby -sign_in :user, @user # sign_in(scope, resource) -sign_in @user # sign_in(resource) +sign_in @user +sign_in @user, scope: admin +``` + +If you are testing Devise internal controllers or a controller that inherits +from Devise's, you need to tell Devise which mapping should be used before a +request. This is necessary because Devise gets this information from the router, +but since controller tests do not pass through the router, it needs to be stated +explicitly. For example, if you are testing the user scope, simply use: + +```ruby +test 'GET new' do + # Mimic the router behavior of setting the Devise scope through the env. + @request.env['devise.mapping'] = Devise.mappings[:user] + + # Use the sign_in helper to sign in a fixture `User` record. + sign_in users(:alice) -sign_out :user # sign_out(scope) -sign_out @user # sign_out(resource) + get :new + + # assert something +end ``` -There are two things that are important to keep in mind: +### Integration tests -1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. It is undesirable even to include `Devise::TestHelpers` during integration tests. Instead, fill in the form or explicitly set the user in session; +Integration test helpers are available by including the +`Devise::Test::IntegrationHelpers` module. -2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be stated explicitly. For example, if you are testing the user scope, simply use: +``` +ruby +class PostsTests < ActionDispatch::IntegrationTest + include Devise::Test::IntegrationHelpers +end +``` - ```ruby - @request.env['devise.mapping'] = Devise.mappings[:user] - get :new - ``` +Now you can use the following `sign_in` and `sign_out` methods in your integration +tests: + +```ruby +sign_in users(:bob) +sign_in users(:bob), scope: :admin + +sign_out :user +``` + +RSpec users can include the `IntegrationHelpers` module on their `:feature` specs. + +```ruby +RSpec.configure do |config| + config.include Devise::Test::IntegrationHelpers, type: :feature +end +``` + +Unlike controller tests, integration tests do not need to supply the +`devise.mapping` `env` value, as the mapping can be inferred by the routes that +are executed in your tests. You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki: diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 328767a8e5..3ebd220976 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -2,11 +2,11 @@ module Devise module Test # Devise::Test::ControllerHelpers provides a facility to test controllers in isolation # when using ActionController::TestCase allowing you to quickly sign_in or - # sign_out a user. Do not use Devise::TestHelpers in integration tests. + # sign_out a user. Do not use Devise::Test::ControllerHelpers in integration tests. # # Notice you should not test Warden specific behavior (like Warden callbacks) - # using Devise::TestHelpers since it is a stub of the actual behavior. Such - # callbacks should be tested in your integration suite instead. + # using Devise::Test::ControllerHelpers since it is a stub of the actual + # behavior. Such callbacks should be tested in your integration suite instead. module ControllerHelpers def self.included(base) base.class_eval do @@ -41,14 +41,26 @@ def warden #:nodoc: # sign_in a given resource by storing its keys in the session. # This method bypass any warden authentication callback. # + # * +resource+ - The resource that should be authenticated + # * +scope+ - An optional +Symbol+ with the scope where the resource + # should be signed in with. # Examples: # - # sign_in :user, @user # sign_in(scope, resource) - # sign_in @user # sign_in(resource) - # - def sign_in(resource_or_scope, resource=nil) - scope ||= Devise::Mapping.find_scope!(resource_or_scope) - resource ||= resource_or_scope + # sign_in users(:alice) + # sign_in users(:alice), scope: :admin + def sign_in(resource, deprecated = nil, scope: nil) + if deprecated.present? + scope = resource + resource = deprecated + + ActiveSupport::Deprecation.warn <<-DEPRECATION + [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise. + Please use sign_in(resource, scope: :#{scope}) instead. + DEPRECATION + end + + scope ||= Devise::Mapping.find_scope!(resource) + warden.instance_variable_get(:@users).delete(scope) warden.session_serializer.store(resource, scope) end From b5a5bae09cd8b8f7837889682b0c4d836d610601 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 15 May 2016 19:55:24 -0300 Subject: [PATCH 0955/1473] Tidy up `ControllerHelpers` implementation a bit. --- lib/devise/test/controller_helpers.rb | 36 ++++++++++++++++++--------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 3ebd220976..462f3131e3 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -1,25 +1,37 @@ module Devise module Test - # Devise::Test::ControllerHelpers provides a facility to test controllers in isolation - # when using ActionController::TestCase allowing you to quickly sign_in or - # sign_out a user. Do not use Devise::Test::ControllerHelpers in integration tests. + # `Devise::Test::ControllerHelpers` provides a facility to test controllers + # in isolation when using `ActionController::TestCase` allowing you to + # quickly sign_in or sign_out a user. Do not use + # `Devise::Test::ControllerHelpers` in integration tests. # - # Notice you should not test Warden specific behavior (like Warden callbacks) - # using Devise::Test::ControllerHelpers since it is a stub of the actual + # Examples + # + # class PostsTest < ActionController::TestCase + # include Devise::Test::ControllerHelpers + # + # test 'authenticated users can GET index' do + # sign_in users(:bob) + # + # get :index + # assert_response :success + # end + # end + # + # Important: you should not test Warden specific behavior (like callbacks) + # using `Devise::Test::ControllerHelpers` since it is a stub of the actual # behavior. Such callbacks should be tested in your integration suite instead. module ControllerHelpers - def self.included(base) - base.class_eval do - setup :setup_controller_for_warden, :warden if respond_to?(:setup) - end + extend ActiveSupport::Concern + + included do + setup :setup_controller_for_warden, :warden end # Override process to consider warden. def process(*) - # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts - _catch_warden { super } # || @response # _catch_warden will setup the @response object + _catch_warden { super } - # process needs to return the ActionDispath::TestResponse object @response end From 02ed166f51b4c700ac6dedc89038c7c52c089ffe Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 16 May 2016 14:45:30 -0300 Subject: [PATCH 0956/1473] Update CHANGELOG [ci skip] --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e328df840..f9b8fd31bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,7 +16,14 @@ This can reduce the time taken to boot the application but it might trigger some errors if you application (mostly your controllers) requires that Devise mappings be loaded during boot time (by @sidonath). + * Added `Devise::Test::IntegrationHelpers` to bypass the sign in process using + Warden test API (by @lucasmazza). * deprecations + * `Devise::TestHelpers` is deprecated in favor of `Devise::Test::ControllerHelpers` + (by @lucasmazza). + * The `sign_in` test helper has changed to use keyword arguments when passing + a scope. `sign_in :admin, users(:alice)` should be rewritten as + `sign_in users(:alice), scope: :admin` (by @lucasmazza). * The option `bypass` of `Devise::Controllers::SignInOut#sign_in` method is deprecated in favor of `Devise::Controllers::SignInOut#bypass_sign_in` method (by @ulissesalmeida). From 4924dd68ae952a427d08c43e7afb2dc8045efbc0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 16 May 2016 15:23:25 -0300 Subject: [PATCH 0957/1473] Raise a more informative error when `request.env['warden']` is `nil`. Previously, a `NoMethodError` exception would be raised from here when the middleware stack isn't present and Warden wasn't injected as expected (like in a controller test). To foolproof ourselves, we now raise a more informative error when `request.env['warden']` is `nil` so developers can figure this out on their own instead of reaching to the issue tracker for guidance. --- lib/devise/controllers/helpers.rb | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index d3153e93df..3f7cc29ca1 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -138,7 +138,7 @@ def #{mapping}_session # The main accessor for the warden proxy instance def warden - request.env['warden'] + request.env['warden'] or raise MissingWarden end # Return true if it's a devise_controller. false to all controllers unless @@ -277,4 +277,15 @@ def expire_data_after_sign_out! end end end + + class MissingWarden < StandardError + def initialize + super "Devise could not find the `Warden::Proxy` instance on your request environment.\n" + \ + "Make sure that your application is loading Devise and Warden as expected and that " + \ + "the `Warden::Manager` middleware is present in your middleware stack.\n" + \ + "If you are seeing this on one of your tests, ensure that your tests are either " + \ + "executing the Rails middleware stack or that your tests are using the `Devise::Test::ControllerHelpers` " + \ + "module to inject the `request.env['warden']` object for you." + end + end end From f7359d6d962a02ebb974bf99d4d97bd9c0f67383 Mon Sep 17 00:00:00 2001 From: Ryuta Kamizono Date: Tue, 17 May 2016 22:00:22 +0900 Subject: [PATCH 0958/1473] Fix release date in CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9b8fd31bf..529868b0f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -121,7 +121,7 @@ You can still use `omniauth_authorize_path(:user, :github)` if you need to call the helpers dynamically. -### 4.0.0.rc1 - 2016-01-02 +### 4.0.0.rc1 - 2016-02-01 * Support added to Rails 5 (by @twalpole). * Devise no longer supports Rails 3.2 and 4.0. From 1b48fd0abea7042945bb05e177ad4e6f811079bb Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 18 May 2016 09:39:04 -0300 Subject: [PATCH 0959/1473] Fix syntax highlight on README [ci skip] --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 898292667a..cd04791c44 100644 --- a/README.md +++ b/README.md @@ -472,8 +472,7 @@ end Integration test helpers are available by including the `Devise::Test::IntegrationHelpers` module. -``` -ruby +```ruby class PostsTests < ActionDispatch::IntegrationTest include Devise::Test::IntegrationHelpers end From 53f6785e11998f41ce9ea63e56916434b91169f1 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 18 May 2016 13:42:31 -0300 Subject: [PATCH 0960/1473] Fix Rails version reference on README.md [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cd04791c44..3293056606 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 4.0 works with Rails 4.2 onwards. You can add it to your Gemfile with: +Devise 4.0 works with Rails 4.1 onwards. You can add it to your Gemfile with: ```ruby gem 'devise' From e9770fd43407ce5c9f1453e287a96add241acd2d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 18 May 2016 13:50:07 -0300 Subject: [PATCH 0961/1473] Update Rails 5 Gemfile. --- .travis.yml | 6 +- ...mfile.rails-5.0-beta => Gemfile.rails-5.0} | 10 +- gemfiles/Gemfile.rails-5.0.lock | 199 ++++++++++++++++++ 3 files changed, 207 insertions(+), 8 deletions(-) rename gemfiles/{Gemfile.rails-5.0-beta => Gemfile.rails-5.0} (76%) create mode 100644 gemfiles/Gemfile.rails-5.0.lock diff --git a/.travis.yml b/.travis.yml index 5831ecfc8a..46ab3993bf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,16 +8,16 @@ rvm: gemfile: - Gemfile - - gemfiles/Gemfile.rails-5.0-beta + - gemfiles/Gemfile.rails-5.0 - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable matrix: exclude: - rvm: 2.1.9 - gemfile: gemfiles/Gemfile.rails-5.0-beta + gemfile: gemfiles/Gemfile.rails-5.0 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.0-beta + gemfile: gemfiles/Gemfile.rails-5.0 allow_failures: - rvm: ruby-head fast_finish: true diff --git a/gemfiles/Gemfile.rails-5.0-beta b/gemfiles/Gemfile.rails-5.0 similarity index 76% rename from gemfiles/Gemfile.rails-5.0-beta rename to gemfiles/Gemfile.rails-5.0 index 100b7f5e35..cd2c98eabe 100644 --- a/gemfiles/Gemfile.rails-5.0-beta +++ b/gemfiles/Gemfile.rails-5.0 @@ -2,21 +2,21 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", "5.0.0.beta3" -gem "omniauth", " ~>1.3" +gem "rails", "5.0.0.rc1" +gem "omniauth", " ~> 1.3" gem "oauth2" -gem "omniauth-oauth2", ">= 1.2.0", "< 1.5.0" +gem "omniauth-oauth2" gem "rdoc" gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" gem "rails-controller-testing" -gem "responders", "~> 2.1.1" +gem "responders", "~> 2.1" group :test do gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" + gem "omniauth-openid" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false end diff --git a/gemfiles/Gemfile.rails-5.0.lock b/gemfiles/Gemfile.rails-5.0.lock new file mode 100644 index 0000000000..b5965e5713 --- /dev/null +++ b/gemfiles/Gemfile.rails-5.0.lock @@ -0,0 +1,199 @@ +GIT + remote: git://github.com/rails/activemodel-serializers-xml.git + revision: 570ee7ed33d60e44ca1f3ccbec3d1fbf61d52cbf + specs: + activemodel-serializers-xml (1.0.1) + activemodel (> 5.x) + activerecord (> 5.x) + activesupport (> 5.x) + builder (~> 3.1) + +PATH + remote: .. + specs: + devise (4.1.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 5.1) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + actioncable (5.0.0.rc1) + actionpack (= 5.0.0.rc1) + nio4r (~> 1.2) + websocket-driver (~> 0.6.1) + actionmailer (5.0.0.rc1) + actionpack (= 5.0.0.rc1) + actionview (= 5.0.0.rc1) + activejob (= 5.0.0.rc1) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 1.0, >= 1.0.5) + actionpack (5.0.0.rc1) + actionview (= 5.0.0.rc1) + activesupport (= 5.0.0.rc1) + rack (~> 2.x) + rack-test (~> 0.6.3) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.0.0.rc1) + activesupport (= 5.0.0.rc1) + builder (~> 3.1) + erubis (~> 2.7.0) + rails-dom-testing (~> 1.0, >= 1.0.5) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + activejob (5.0.0.rc1) + activesupport (= 5.0.0.rc1) + globalid (>= 0.3.6) + activemodel (5.0.0.rc1) + activesupport (= 5.0.0.rc1) + activerecord (5.0.0.rc1) + activemodel (= 5.0.0.rc1) + activesupport (= 5.0.0.rc1) + arel (~> 7.0) + activesupport (5.0.0.rc1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (~> 0.7) + minitest (~> 5.1) + tzinfo (~> 1.1) + arel (7.0.0) + bcrypt (3.1.11) + builder (3.2.2) + concurrent-ruby (1.0.2) + erubis (2.7.0) + faraday (0.9.2) + multipart-post (>= 1.2, < 3) + globalid (0.3.6) + activesupport (>= 4.1.0) + hashie (3.4.4) + i18n (0.7.0) + json (1.8.3) + jwt (1.5.1) + loofah (2.0.3) + nokogiri (>= 1.5.9) + mail (2.6.4) + mime-types (>= 1.16, < 4) + metaclass (0.0.4) + method_source (0.8.2) + mime-types (3.0) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0221) + mini_portile2 (2.0.0) + minitest (5.9.0) + mocha (1.1.0) + metaclass (~> 0.0.1) + multi_json (1.12.0) + multi_xml (0.5.5) + multipart-post (2.0.0) + nio4r (1.2.1) + nokogiri (1.6.7.2) + mini_portile2 (~> 2.0.0.rc2) + oauth2 (1.1.0) + faraday (>= 0.8, < 0.10) + jwt (~> 1.0, < 1.5.2) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.3.1) + hashie (>= 1.2, < 4) + rack (>= 1.0, < 3) + omniauth-facebook (3.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.4.0) + oauth2 (~> 1.0) + omniauth (~> 1.2) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack (2.0.0.rc1) + json + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (0.6.3) + rack (>= 1.0) + rails (5.0.0.rc1) + actioncable (= 5.0.0.rc1) + actionmailer (= 5.0.0.rc1) + actionpack (= 5.0.0.rc1) + actionview (= 5.0.0.rc1) + activejob (= 5.0.0.rc1) + activemodel (= 5.0.0.rc1) + activerecord (= 5.0.0.rc1) + activesupport (= 5.0.0.rc1) + bundler (>= 1.3.0, < 2.0) + railties (= 5.0.0.rc1) + sprockets-rails (>= 2.0.0) + rails-controller-testing (0.1.1) + actionpack (~> 5.x) + actionview (~> 5.x) + activesupport (~> 5.x) + rails-deprecated_sanitizer (1.0.3) + activesupport (>= 4.2.0.alpha) + rails-dom-testing (1.0.7) + activesupport (>= 4.2.0.beta, < 5.0) + nokogiri (~> 1.6.0) + rails-deprecated_sanitizer (>= 1.0.1) + rails-html-sanitizer (1.0.3) + loofah (~> 2.0) + railties (5.0.0.rc1) + actionpack (= 5.0.0.rc1) + activesupport (= 5.0.0.rc1) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (11.1.2) + rdoc (4.2.2) + json (~> 1.4) + responders (2.2.0) + railties (>= 4.2.0, < 5.1) + ruby-openid (2.7.0) + sprockets (3.6.0) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.0.4) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.3.11) + thor (0.19.1) + thread_safe (0.3.5) + tzinfo (1.2.2) + thread_safe (~> 0.1) + warden (1.2.6) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + websocket-driver (0.6.3) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.2) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + activerecord-jdbc-adapter + activerecord-jdbcsqlite3-adapter + devise! + jruby-openssl + mocha (~> 1.1) + oauth2 + omniauth (~> 1.3) + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails (= 5.0.0.rc1) + rails-controller-testing + rdoc + responders (~> 2.1) + sqlite3 + webrat (= 0.7.3) + +BUNDLED WITH + 1.11.2 From 593ae41f9dac165a404b05cd3abd959245c64908 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 18 May 2016 13:59:06 -0300 Subject: [PATCH 0962/1473] Update existing Gemfiles. --- Gemfile | 6 ++--- Gemfile.lock | 34 ++++++++++++++------------ gemfiles/Gemfile.rails-4.1-stable | 8 +++--- gemfiles/Gemfile.rails-4.1-stable.lock | 30 ++++++++++++----------- gemfiles/Gemfile.rails-4.2-stable | 8 +++--- gemfiles/Gemfile.rails-4.2-stable.lock | 34 ++++++++++++++------------ 6 files changed, 63 insertions(+), 57 deletions(-) diff --git a/Gemfile b/Gemfile index 738aba2d08..48640eba22 100644 --- a/Gemfile +++ b/Gemfile @@ -3,13 +3,13 @@ source "https://rubygems.org" gemspec gem "rails", "~> 4.2.6" -gem "omniauth", "~> 1.3" -gem "omniauth-oauth2", "~> 1.4" +gem "omniauth" +gem "omniauth-oauth2" gem "rdoc" group :test do gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" + gem "omniauth-openid" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false gem 'test_after_commit', require: false diff --git a/Gemfile.lock b/Gemfile.lock index ffabf1ed69..3054c2facb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -48,36 +48,38 @@ GEM tzinfo (~> 1.1) arel (6.0.3) bcrypt (3.1.11) - bson (4.0.0) + bson (4.1.1) builder (3.2.2) - concurrent-ruby (1.0.1) + concurrent-ruby (1.0.2) erubis (2.7.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) globalid (0.3.6) activesupport (>= 4.1.0) - hashie (3.4.3) + hashie (3.4.4) i18n (0.7.0) json (1.8.3) jwt (1.5.1) loofah (2.0.3) nokogiri (>= 1.5.9) - mail (2.6.3) - mime-types (>= 1.16, < 3) + mail (2.6.4) + mime-types (>= 1.16, < 4) metaclass (0.0.4) - mime-types (2.99.1) + mime-types (3.0) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0221) mini_portile2 (2.0.0) - minitest (5.8.4) + minitest (5.9.0) mocha (1.1.0) metaclass (~> 0.0.1) - mongo (2.2.0) + mongo (2.2.5) bson (~> 4.0) - mongoid (5.0.1) + mongoid (5.1.3) activemodel (~> 4.0) mongo (~> 2.1) - origin (~> 2.1) + origin (~> 2.2) tzinfo (>= 0.3.37) - multi_json (1.11.2) + multi_json (1.12.0) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.7.2) @@ -131,13 +133,13 @@ GEM activesupport (= 4.2.6) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.0.1) + rake (11.1.2) rdoc (4.2.2) json (~> 1.4) responders (2.2.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.5.2) + sprockets (3.6.0) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.0.4) @@ -168,10 +170,10 @@ DEPENDENCIES jruby-openssl mocha (~> 1.1) mongoid (~> 5.0) - omniauth (~> 1.3) + omniauth omniauth-facebook - omniauth-oauth2 (~> 1.4) - omniauth-openid (~> 1.0.1) + omniauth-oauth2 + omniauth-openid rails (~> 4.2.6) rdoc sqlite3 diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile.rails-4.1-stable index aa966c1cb4..2dde99dd64 100644 --- a/gemfiles/Gemfile.rails-4.1-stable +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -3,13 +3,13 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-1-stable" -gem "omniauth", "~> 1.3" -gem "omniauth-oauth2", "~> 1.4" +gem "omniauth" +gem "omniauth-oauth2" gem "rdoc" group :test do gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" + gem "omniauth-openid" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false gem 'test_after_commit', require: false @@ -26,5 +26,5 @@ platforms :ruby do end group :mongoid do - gem "mongoid", "~> 4.0.0" + gem "mongoid", "~> 4.0" end diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 76652824d9..05ad1c537f 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.0.1) + devise (4.1.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -62,21 +62,23 @@ GEM bcrypt (3.1.11) bson (3.2.6) builder (3.2.2) - concurrent-ruby (1.0.1) + concurrent-ruby (1.0.2) connection_pool (2.2.0) erubis (2.7.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) - hashie (3.4.3) + hashie (3.4.4) i18n (0.7.0) json (1.8.3) jwt (1.5.1) - mail (2.6.3) - mime-types (>= 1.16, < 3) + mail (2.6.4) + mime-types (>= 1.16, < 4) metaclass (0.0.4) - mime-types (2.99.1) + mime-types (3.0) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0221) mini_portile2 (2.0.0) - minitest (5.8.4) + minitest (5.9.0) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.2) @@ -88,7 +90,7 @@ GEM bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.11.2) + multi_json (1.12.0) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.7.2) @@ -119,13 +121,13 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rake (11.0.1) + rake (11.1.2) rdoc (4.2.2) json (~> 1.4) responders (1.1.2) railties (>= 3.2, < 4.2) ruby-openid (2.7.0) - sprockets (3.5.2) + sprockets (3.6.0) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) @@ -155,11 +157,11 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 1.1) - mongoid (~> 4.0.0) - omniauth (~> 1.3) + mongoid (~> 4.0) + omniauth omniauth-facebook - omniauth-oauth2 (~> 1.4) - omniauth-openid (~> 1.0.1) + omniauth-oauth2 + omniauth-openid rails! rdoc sqlite3 diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable index 10c0c1b685..8165a9501b 100644 --- a/gemfiles/Gemfile.rails-4.2-stable +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -3,13 +3,13 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-2-stable" -gem "omniauth", "~> 1.3" -gem "omniauth-oauth2", "~> 1.4" +gem "omniauth" +gem "omniauth-oauth2" gem "rdoc" group :test do gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" + gem "omniauth-openid" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false gem 'test_after_commit', require: false @@ -26,5 +26,5 @@ platforms :ruby do end group :mongoid do - gem "mongoid", "~> 4.0.0" + gem "mongoid", "~> 4.0" end diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 751c8d359f..9f353204e0 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: 2aa27582c202148296bb169159b0bf9a47a7bd80 + revision: 5be7cfa46e055148c8b74ac5d48982a3435f477c branch: 4-2-stable specs: actionmailer (4.2.6) @@ -58,7 +58,7 @@ GIT PATH remote: .. specs: - devise (4.0.1) + devise (4.1.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) @@ -72,25 +72,27 @@ GEM bcrypt (3.1.11) bson (3.2.6) builder (3.2.2) - concurrent-ruby (1.0.1) + concurrent-ruby (1.0.2) connection_pool (2.2.0) erubis (2.7.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) globalid (0.3.6) activesupport (>= 4.1.0) - hashie (3.4.3) + hashie (3.4.4) i18n (0.7.0) json (1.8.3) jwt (1.5.1) loofah (2.0.3) nokogiri (>= 1.5.9) - mail (2.6.3) - mime-types (>= 1.16, < 3) + mail (2.6.4) + mime-types (>= 1.16, < 4) metaclass (0.0.4) - mime-types (2.99.1) + mime-types (3.0) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0221) mini_portile2 (2.0.0) - minitest (5.8.4) + minitest (5.9.0) mocha (1.1.0) metaclass (~> 0.0.1) mongoid (4.0.2) @@ -102,7 +104,7 @@ GEM bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.11.2) + multi_json (1.12.0) multi_xml (0.5.5) multipart-post (2.0.0) nokogiri (1.6.7.2) @@ -141,13 +143,13 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - rake (11.0.1) + rake (11.1.2) rdoc (4.2.2) json (~> 1.4) - responders (2.1.2) + responders (2.2.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.5.2) + sprockets (3.6.0) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.0.4) @@ -177,11 +179,11 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 1.1) - mongoid (~> 4.0.0) - omniauth (~> 1.3) + mongoid (~> 4.0) + omniauth omniauth-facebook - omniauth-oauth2 (~> 1.4) - omniauth-openid (~> 1.0.1) + omniauth-oauth2 + omniauth-openid rails! rdoc sqlite3 From cbbe932ee22947fb7fc741a4da3e6783091c88b0 Mon Sep 17 00:00:00 2001 From: Stefan Botzenhart Date: Sat, 21 May 2016 16:55:56 +0200 Subject: [PATCH 0963/1473] Fix authenticated engine routes (#4081) Fix infinite loop in authenticated engine routes in Rails 5 https://github.com/plataformatec/devise/issues/3705 --- gemfiles/Gemfile.rails-5.0 | 2 +- gemfiles/Gemfile.rails-5.0-beta.lock | 199 ------------------------ lib/devise/failure_app.rb | 14 +- test/integration/mounted_engine_test.rb | 36 +++++ 4 files changed, 45 insertions(+), 206 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-5.0-beta.lock create mode 100644 test/integration/mounted_engine_test.rb diff --git a/gemfiles/Gemfile.rails-5.0 b/gemfiles/Gemfile.rails-5.0 index cd2c98eabe..2a4c1e3c9b 100644 --- a/gemfiles/Gemfile.rails-5.0 +++ b/gemfiles/Gemfile.rails-5.0 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", "5.0.0.rc1" -gem "omniauth", " ~> 1.3" +gem "omniauth", "~> 1.3" gem "oauth2" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-5.0-beta.lock b/gemfiles/Gemfile.rails-5.0-beta.lock deleted file mode 100644 index 6e92daa86c..0000000000 --- a/gemfiles/Gemfile.rails-5.0-beta.lock +++ /dev/null @@ -1,199 +0,0 @@ -GIT - remote: git://github.com/rails/activemodel-serializers-xml.git - revision: f380ea5ddefcb9a37f4fbc47606ed6fbecdb2b2a - specs: - activemodel-serializers-xml (1.0.0) - activemodel (> 5.x) - activerecord (> 5.x) - activesupport (> 5.x) - builder (~> 3.1) - -PATH - remote: .. - specs: - devise (4.0.0.rc2) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.1) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.0.0.beta3) - actionpack (= 5.0.0.beta3) - nio4r (~> 1.2) - websocket-driver (~> 0.6.1) - actionmailer (5.0.0.beta3) - actionpack (= 5.0.0.beta3) - actionview (= 5.0.0.beta3) - activejob (= 5.0.0.beta3) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (5.0.0.beta3) - actionview (= 5.0.0.beta3) - activesupport (= 5.0.0.beta3) - rack (~> 2.x) - rack-test (~> 0.6.3) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0.beta3) - activesupport (= 5.0.0.beta3) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.0.beta3) - activesupport (= 5.0.0.beta3) - globalid (>= 0.3.6) - activemodel (5.0.0.beta3) - activesupport (= 5.0.0.beta3) - activerecord (5.0.0.beta3) - activemodel (= 5.0.0.beta3) - activesupport (= 5.0.0.beta3) - arel (~> 7.0) - activesupport (5.0.0.beta3) - concurrent-ruby (~> 1.0) - i18n (~> 0.7) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (7.0.0) - bcrypt (3.1.11) - builder (3.2.2) - concurrent-ruby (1.0.1) - erubis (2.7.0) - faraday (0.9.2) - multipart-post (>= 1.2, < 3) - globalid (0.3.6) - activesupport (>= 4.1.0) - hashie (3.4.3) - i18n (0.7.0) - json (1.8.3) - jwt (1.5.1) - loofah (2.0.3) - nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - metaclass (0.0.4) - method_source (0.8.2) - mime-types (3.0) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0221) - mini_portile2 (2.0.0) - minitest (5.8.4) - mocha (1.1.0) - metaclass (~> 0.0.1) - multi_json (1.11.2) - multi_xml (0.5.5) - multipart-post (2.0.0) - nio4r (1.2.1) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) - oauth2 (1.1.0) - faraday (>= 0.8, < 0.10) - jwt (~> 1.0, < 1.5.2) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.3.1) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) - omniauth-facebook (3.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) - omniauth (~> 1.2) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.0.0.alpha) - json - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails (5.0.0.beta3) - actioncable (= 5.0.0.beta3) - actionmailer (= 5.0.0.beta3) - actionpack (= 5.0.0.beta3) - actionview (= 5.0.0.beta3) - activejob (= 5.0.0.beta3) - activemodel (= 5.0.0.beta3) - activerecord (= 5.0.0.beta3) - activesupport (= 5.0.0.beta3) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.beta3) - sprockets-rails (>= 2.0.0) - rails-controller-testing (0.1.1) - actionpack (~> 5.x) - actionview (~> 5.x) - activesupport (~> 5.x) - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.0.0.beta3) - actionpack (= 5.0.0.beta3) - activesupport (= 5.0.0.beta3) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (11.1.2) - rdoc (4.2.2) - json (~> 1.4) - responders (2.1.2) - railties (>= 4.2.0, < 5.1) - ruby-openid (2.7.0) - sprockets (3.6.0) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.0.4) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.11) - thor (0.19.1) - thread_safe (0.3.5) - tzinfo (1.2.2) - thread_safe (~> 0.1) - warden (1.2.6) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.6.3) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 1.1) - oauth2 - omniauth (~> 1.3) - omniauth-facebook - omniauth-oauth2 (>= 1.2.0, < 1.5.0) - omniauth-openid (~> 1.0.1) - rails (= 5.0.0.beta3) - rails-controller-testing - rdoc - responders (~> 2.1.1) - sqlite3 - webrat (= 0.7.3) - -BUNDLED WITH - 1.11.2 diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 82a201f29e..2353e43a32 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -135,17 +135,19 @@ def route(scope) def scope_url opts = {} + + # Initialize script_name with nil to prevent infinite loops in + # authenticated mounted engines in rails 4.2 and 5.0 + opts[:script_name] = nil + route = route(scope) + opts[:format] = request_format unless skip_format? config = Rails.application.config - if config.respond_to?(:relative_url_root) - # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset - rails_4_2 = (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2) - if config.relative_url_root.present? || rails_4_2 - opts[:script_name] = config.relative_url_root - end + if config.respond_to?(:relative_url_root) && config.relative_url_root.present? + opts[:script_name] = config.relative_url_root end router_name = Devise.mappings[scope].router_name || Devise.available_router_name diff --git a/test/integration/mounted_engine_test.rb b/test/integration/mounted_engine_test.rb new file mode 100644 index 0000000000..98dcf47594 --- /dev/null +++ b/test/integration/mounted_engine_test.rb @@ -0,0 +1,36 @@ +require 'test_helper' + +class MyMountableEngine + def self.call(env) + ['200', { 'Content-Type' => 'text/html' }, ['Rendered content of MyMountableEngine']] + end +end + +# If disable_clear_and_finalize is set to true, Rails will not clear other routes when calling +# again the draw method. Look at the source code at: +# http://www.rubydoc.info/docs/rails/ActionDispatch/Routing/RouteSet:draw +Rails.application.routes.disable_clear_and_finalize = true + +Rails.application.routes.draw do + authenticate(:user) do + mount MyMountableEngine, at: '/mountable_engine' + end +end + +class AuthenticatedMountedEngineTest < Devise::IntegrationTest + test 'redirects to the sign in page when not authenticated' do + get '/mountable_engine' + follow_redirect! + + assert_response :ok + assert_contain 'You need to sign in or sign up before continuing.' + end + + test 'renders the mounted engine when authenticated' do + sign_in_as_user + get '/mountable_engine' + + assert_response :success + assert_contain 'Rendered content of MyMountableEngine' + end +end From 83d5d3142d57273603149046cfd0d1ef0d89dd59 Mon Sep 17 00:00:00 2001 From: Steve Richert Date: Thu, 26 May 2016 09:25:44 -0400 Subject: [PATCH 0964/1473] Self-love isn't entirely appropriate in this setting --- app/controllers/devise/registrations_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index d96f205779..4a75e543e3 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -7,7 +7,7 @@ class Devise::RegistrationsController < DeviseController def new build_resource({}) yield resource if block_given? - respond_with self.resource + respond_with resource end # POST /resource From 57980ba82ab0828d5989272748e49c94ef2608e8 Mon Sep 17 00:00:00 2001 From: Shinya Kitamura Date: Wed, 1 Jun 2016 14:44:35 +0800 Subject: [PATCH 0965/1473] Add public_file_server setting for Rails5 --- test/rails_app/config/environments/production.rb | 4 +++- test/rails_app/config/environments/test.rb | 11 +++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index 6a13ede1ba..bb2d0504d1 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -20,7 +20,9 @@ # config.action_dispatch.rack_cache = true # Disable Rails's static asset server (Apache or nginx will already do this). - if Rails.version >= "4.2.0" + if Rails.version >= "5.0.0" + config.public_file_server.enabled = false + elsif Rails.version >= "4.2.0" config.serve_static_files = false else config.serve_static_assets = false diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index b2f9f320b3..1473297382 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -14,15 +14,14 @@ # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - if Rails.version >= "4.2.0" - config.serve_static_files = true - else - config.serve_static_assets = true - end - if Rails.version >= "5.0.0" + config.public_file_server.enabled = true config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'} + elsif Rails.version >= "4.2.0" + config.serve_static_files = true + config.static_cache_control = "public, max-age=3600" else + config.serve_static_assets = true config.static_cache_control = "public, max-age=3600" end From a0232cf76338927433f76e103fdfe8b66f93fe8a Mon Sep 17 00:00:00 2001 From: Tim Krajcar Date: Fri, 3 Jun 2016 15:10:28 -0700 Subject: [PATCH 0966/1473] Implement Devise::Models::Authenticatable#inspect, re-using #serializable_hash. --- CHANGELOG.md | 2 ++ lib/devise/models/authenticatable.rb | 9 +++++++++ test/models/serializable_test.rb | 5 +++++ 3 files changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 529868b0f4..7c05a8c7bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,8 @@ Devise mappings be loaded during boot time (by @sidonath). * Added `Devise::Test::IntegrationHelpers` to bypass the sign in process using Warden test API (by @lucasmazza). + * Define `inspect` in `Devise::Models::Authenticatable` to help ensure password hashes + aren't included in exceptions or otherwise accidentally serialized (by @tkrajcar). * deprecations * `Devise::TestHelpers` is deprecated in favor of `Devise::Test::ControllerHelpers` (by @lucasmazza). diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 567b230efb..6f2f4fbb5c 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -114,6 +114,15 @@ def serializable_hash(options = nil) super(options) end + # Redefine inspect using serializable_hash, to ensure we don't accidentally + # leak passwords into exceptions. + def inspect + inspection = serializable_hash.collect do |k,v| + "#{k}: #{respond_to?(:attribute_for_inspect) ? attribute_for_inspect(k) : v.inspect}" + end + "#<#{self.class} #{inspection.join(", ")}>" + end + protected def devise_mailer diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 7e16f74fd1..6ced12d992 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -35,6 +35,11 @@ class SerializableTest < ActiveSupport::TestCase assert_key "confirmation_token", from_json(force_except: :email) end + test 'should not include unsafe keys in inspect' do + assert_match(/email/, @user.inspect) + assert_no_match(/confirmation_token/, @user.inspect) + end + def assert_key(key, subject) assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}" end From c3b54dc0c2fde8da44dd3d8eaf174cf279639557 Mon Sep 17 00:00:00 2001 From: James Cook Date: Fri, 10 Jun 2016 20:13:47 -0500 Subject: [PATCH 0967/1473] Remove unnecessary 'warden.raw_session.inspect' --- lib/devise/controllers/sign_in_out.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 30d4913855..77c5987ba0 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -74,7 +74,6 @@ def sign_out(resource_or_scope=nil) scope = Devise::Mapping.find_scope!(resource_or_scope) user = warden.user(scope: scope, run_callbacks: false) # If there is no user - warden.raw_session.inspect # Without this inspect here. The session does not clear. warden.logout(scope) warden.clear_strategies_cache!(scope: scope) instance_variable_set(:"@current_#{scope}", nil) From 4015488b90eb0ad7c87360b29908986d82966f28 Mon Sep 17 00:00:00 2001 From: Kostas Diamantis Date: Mon, 13 Jun 2016 21:46:43 +0300 Subject: [PATCH 0968/1473] Add missing support of Rails.application.config.action_controller.relative_url_root (#4146) * Add Devise::FailureApp#{relative_url_root, relative_url_root?} Also support missing action_controller.relative_url_root configuration. * Dry assignment of relative_url_root Also this commit adds support for Rails.application.config.action_controller.relative_url_root --- lib/devise/failure_app.rb | 26 ++++++++++++++++---------- test/failure_app_test.rb | 18 ++++++++++++++++++ 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 2353e43a32..d369686778 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -50,13 +50,11 @@ def http_auth end def recall - config = Rails.application.config - - header_info = if config.try(:relative_url_root) - base_path = Pathname.new(config.relative_url_root) + header_info = if relative_url_root? + base_path = Pathname.new(relative_url_root) full_path = Pathname.new(attempted_path) - { "SCRIPT_NAME" => config.relative_url_root, + { "SCRIPT_NAME" => relative_url_root, "PATH_INFO" => '/' + full_path.relative_path_from(base_path).to_s } else { "PATH_INFO" => attempted_path } @@ -144,11 +142,7 @@ def scope_url opts[:format] = request_format unless skip_format? - config = Rails.application.config - - if config.respond_to?(:relative_url_root) && config.relative_url_root.present? - opts[:script_name] = config.relative_url_root - end + opts[:script_name] = relative_url_root if relative_url_root? router_name = Devise.mappings[scope].router_name || Devise.available_router_name context = send(router_name) @@ -252,5 +246,17 @@ def is_flashing_format? def request_format @request_format ||= request.format.try(:ref) end + + def relative_url_root + @relative_url_root ||= begin + config = Rails.application.config + + config.try(:relative_url_root) || config.action_controller.try(:relative_url_root) + end + end + + def relative_url_root? + relative_url_root.present? + end end end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index dd400d75fe..ee6d19fbe1 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -131,6 +131,24 @@ def call_failure(env_params={}) end end + if Rails.application.config.action_controller.respond_to?(:relative_url_root) + test "returns to the default redirect location considering action_controller's relative url root" do + swap Rails.application.config.action_controller, relative_url_root: "/sample" do + call_failure + assert_equal 302, @response.first + assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location'] + end + end + + test "returns to the default redirect location considering action_controller's relative url root and subdomain" do + swap Rails.application.config.action_controller, relative_url_root: "/sample" do + call_failure('warden.options' => { scope: :subdomain_user }) + assert_equal 302, @response.first + assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location'] + end + end + end + test 'uses the proxy failure message as symbol' do call_failure('warden' => OpenStruct.new(message: :invalid)) assert_equal 'Invalid Email or password.', @request.flash[:alert] From ac702843ddaa5652fde7a0050ff2378e7368149e Mon Sep 17 00:00:00 2001 From: Arne Zeising Date: Mon, 13 Jun 2016 22:57:24 +0200 Subject: [PATCH 0969/1473] Change behavior to skip reconfirmation after creating a record with #save called in callback (#4125) https://github.com/plataformatec/devise/pull/4125 --- lib/devise/models/confirmable.rb | 15 +++++++++++++-- test/models/confirmable_test.rb | 8 ++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 449435ab5d..ffd20f94d5 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -43,7 +43,7 @@ module Confirmable included do before_create :generate_confirmation_token, if: :confirmation_required? - after_create :skip_reconfirmation!, if: :send_confirmation_notification? + after_create :skip_reconfirmation_in_callback!, if: :send_confirmation_notification? if respond_to?(:after_commit) # ActiveRecord after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification? after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required? @@ -56,6 +56,7 @@ module Confirmable def initialize(*args, &block) @bypass_confirmation_postpone = false + @skip_reconfirmation_in_callback = false @reconfirmation_required = false @skip_confirmation_notification = false @raw_confirmation_token = nil @@ -165,6 +166,12 @@ def skip_reconfirmation! protected + # To not require reconfirmation after creating with #save called in a + # callback call skip_create_confirmation! + def skip_reconfirmation_in_callback! + @skip_reconfirmation_in_callback = true + end + # A callback method used to deliver confirmation # instructions on creation. This can be overridden # in models to map to a nice sign up e-mail. @@ -253,7 +260,11 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token end def postpone_email_change? - postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present? + postpone = self.class.reconfirmable && + email_changed? && + !@bypass_confirmation_postpone && + self.email.present? && + (!@skip_reconfirmation_in_callback || !self.email_was.nil?) @bypass_confirmation_postpone = false postpone end diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 59f70fcffe..c67f012776 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -508,4 +508,12 @@ class Admin::WithSaveInCallback < Admin admin = Admin::WithSaveInCallback.create(valid_attributes.except(:username)) assert !admin.pending_reconfirmation? end + + test 'should require reconfirmation after creating a record and updating the email' do + admin = create_admin + assert !admin.instance_variable_get(:@bypass_confirmation_postpone) + admin.email = "new_test@email.com" + admin.save + assert admin.pending_reconfirmation? + end end From 0c991af9851d0742d2ff9277dccf1d7572cfc115 Mon Sep 17 00:00:00 2001 From: Kris Handley Date: Sat, 18 Jun 2016 14:20:08 +0100 Subject: [PATCH 0970/1473] Fix Rails 5 env deprecation warning Full warning ```DEPRECATION WARNING: env is deprecated and will be removed from Rails 5.1``` --- app/controllers/devise/omniauth_callbacks_controller.rb | 6 +++--- lib/devise/controllers/rememberable.rb | 2 +- lib/devise/failure_app.rb | 6 +++--- lib/devise/hooks/proxy.rb | 2 +- lib/devise/test/controller_helpers.rb | 6 +++--- .../app/controllers/users/omniauth_callbacks_controller.rb | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb index d04a57a438..e89233bf63 100644 --- a/app/controllers/devise/omniauth_callbacks_controller.rb +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -13,14 +13,14 @@ def failure protected def failed_strategy - request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : env["omniauth.error.strategy"] + request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : request.env["omniauth.error.strategy"] end def failure_message - exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : env["omniauth.error"] + exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : request.env["omniauth.error"] error = exception.error_reason if exception.respond_to?(:error_reason) error ||= exception.error if exception.respond_to?(:error) - error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : env["omniauth.error.type"]).to_s + error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : request.env["omniauth.error.type"]).to_s error.to_s.humanize if error end diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index a90614879e..02bdaf1173 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -18,7 +18,7 @@ def remember_me_is_active?(resource) # Remembers the given resource by setting up a cookie def remember_me(resource) - return if env["devise.skip_storage"] + return if request.env["devise.skip_storage"] scope = Devise::Mapping.find_scope!(resource) resource.remember_me! cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index d369686778..6e5cd158d1 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -64,7 +64,7 @@ def recall if request.respond_to?(:set_header) request.set_header(var, value) else - env[var] = value + request.env[var] = value end end @@ -202,11 +202,11 @@ def recall_app(app) end def warden - request.respond_to?(:get_header) ? request.get_header("warden") : env["warden"] + request.respond_to?(:get_header) ? request.get_header("warden") : request.env["warden"] end def warden_options - request.respond_to?(:get_header) ? request.get_header("warden.options") : env["warden.options"] + request.respond_to?(:get_header) ? request.get_header("warden.options") : request.env["warden.options"] end def warden_message diff --git a/lib/devise/hooks/proxy.rb b/lib/devise/hooks/proxy.rb index f27e1d0410..24de988ec6 100644 --- a/lib/devise/hooks/proxy.rb +++ b/lib/devise/hooks/proxy.rb @@ -7,7 +7,7 @@ class Proxy #:nodoc: include Devise::Controllers::SignInOut attr_reader :warden - delegate :cookies, :env, to: :warden + delegate :cookies, :request, to: :warden def initialize(warden) @warden = warden diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 462f3131e3..12e531b4dc 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -121,7 +121,7 @@ def _catch_warden(&block) def _process_unauthenticated(env, options = {}) options[:action] ||= :unauthenticated - proxy = env['warden'] + proxy = request.env['warden'] result = options[:result] || proxy.result ret = case result @@ -131,8 +131,8 @@ def _process_unauthenticated(env, options = {}) when :custom proxy.custom_response else - env["PATH_INFO"] = "/#{options[:action]}" - env["warden.options"] = options + request.env["PATH_INFO"] = "/#{options[:action]}" + request.env["warden.options"] = options Warden::Manager._run_callbacks(:before_failure, env, options) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index 8d70ac6502..f24eae50e9 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -1,6 +1,6 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def facebook - data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : env["omniauth.auth"] + data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : request.env["omniauth.auth"] session["devise.facebook_data"] = data["extra"]["user_hash"] render json: data end From 5d304ae63a5b73563cd53d707a855b40549e7111 Mon Sep 17 00:00:00 2001 From: Greg Date: Sat, 25 Jun 2016 11:36:11 -0700 Subject: [PATCH 0971/1473] Update README.md Explain the `MODEL` replacement before the command is shown. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3293056606..f5cf66a004 100644 --- a/README.md +++ b/README.md @@ -103,14 +103,14 @@ After you install Devise and add it to your Gemfile, you need to run the generat $ rails generate devise:install ``` -The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator: +The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator. + +In the following command you will replace `MODEL` with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. ```console $ rails generate devise MODEL ``` -Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. - Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate` Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: From bb44d422d6442fb77904f7fd65146f3460c12f30 Mon Sep 17 00:00:00 2001 From: HAMADA Takayuki Date: Sun, 26 Jun 2016 06:02:58 +0900 Subject: [PATCH 0972/1473] not signed_in 302 redirect failed on Rails5 RC2 --- lib/devise/test/controller_helpers.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 462f3131e3..060630e07d 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -137,9 +137,8 @@ def _process_unauthenticated(env, options = {}) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a @controller.response.headers.merge!(headers) - r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] } - r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body - @controller.send :render, r_opts + @controller.status = status + @controller.response.body = response.body nil # causes process return @response end From 92bb772d3654746e2279563036d78a3263080f3c Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Jun 2016 14:45:48 -0300 Subject: [PATCH 0973/1473] Update CHANGELOG. --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c05a8c7bf..73c2ca2760 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ * Remove the `Devise::Models::Confirmable#confirm!` method, use `confirm` instead. * Remove the `Devise::Models::Recoverable#reset_password!` method, use `reset_password` instead. * Remove the `Devise::Models::Recoverable#after_password_reset` method. +* bug fixes + * Fix an `ActionDispatch::IllegalStateError` when testing controllers with Rails 5 rc 2(by @hamadata). * enhancements * Display the minimum password length on `registrations/edit` view (by @Yanchek99). * You can disable Devise's routes reloading on boot by through the `reload_routes = false` config. @@ -20,6 +22,7 @@ Warden test API (by @lucasmazza). * Define `inspect` in `Devise::Models::Authenticatable` to help ensure password hashes aren't included in exceptions or otherwise accidentally serialized (by @tkrajcar). + * Add missing support of `Rails.application.config.action_controller.relative_url_root` (by @kosdiamantis). * deprecations * `Devise::TestHelpers` is deprecated in favor of `Devise::Test::ControllerHelpers` (by @lucasmazza). From c2c74b0a39238e7d997486814a1c8f75fdaf276f Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Jun 2016 14:54:48 -0300 Subject: [PATCH 0974/1473] Use `ActiveSupport.on_load` to hook into Active Record and Mongoid. --- CHANGELOG.md | 2 ++ lib/devise/orm/active_record.rb | 4 +++- lib/devise/orm/mongoid.rb | 6 ++++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73c2ca2760..4f1d988198 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,8 @@ * Remove the `Devise::Models::Recoverable#after_password_reset` method. * bug fixes * Fix an `ActionDispatch::IllegalStateError` when testing controllers with Rails 5 rc 2(by @hamadata). + * Use `ActiveSupport.on_load` hooks to include Devise on `ActiveRecord` and `Mongoid`, + avoiding autoloading these constants too soon (by @lucasmazza, @rafaelfranca). * enhancements * Display the minimum password length on `registrations/edit` view (by @Yanchek99). * You can disable Devise's routes reloading on boot by through the `reload_routes = false` config. diff --git a/lib/devise/orm/active_record.rb b/lib/devise/orm/active_record.rb index 0935cdaa89..de11482589 100644 --- a/lib/devise/orm/active_record.rb +++ b/lib/devise/orm/active_record.rb @@ -1,3 +1,5 @@ require 'orm_adapter/adapters/active_record' -ActiveRecord::Base.extend Devise::Models +ActiveSupport.on_load(:active_record) do + extend Devise::Models +end diff --git a/lib/devise/orm/mongoid.rb b/lib/devise/orm/mongoid.rb index 31a0736d1e..cc2f1c55cc 100644 --- a/lib/devise/orm/mongoid.rb +++ b/lib/devise/orm/mongoid.rb @@ -1,3 +1,5 @@ -require 'orm_adapter/adapters/mongoid' +ActiveSupport.on_load(:mongoid) do + require 'orm_adapter/adapters/mongoid' -Mongoid::Document::ClassMethods.send :include, Devise::Models + Mongoid::Document::ClassMethods.send :include, Devise::Models +end From b2a2e8541292df0a3cb85e76697522f0d50ed869 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Jun 2016 15:13:47 -0300 Subject: [PATCH 0975/1473] Update dependencies. --- Gemfile.lock | 22 ++++--- gemfiles/Gemfile.rails-4.1-stable.lock | 76 +++++++++++----------- gemfiles/Gemfile.rails-4.2-stable.lock | 24 +++---- gemfiles/Gemfile.rails-5.0 | 2 +- gemfiles/Gemfile.rails-5.0.lock | 88 +++++++++++++------------- 5 files changed, 110 insertions(+), 102 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 3054c2facb..6eb71c171f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -65,10 +65,10 @@ GEM mail (2.6.4) mime-types (>= 1.16, < 4) metaclass (0.0.4) - mime-types (3.0) + mime-types (3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0221) - mini_portile2 (2.0.0) + mime-types-data (3.2016.0521) + mini_portile2 (2.1.0) minitest (5.9.0) mocha (1.1.0) metaclass (~> 0.0.1) @@ -79,11 +79,12 @@ GEM mongo (~> 2.1) origin (~> 2.2) tzinfo (>= 0.3.37) - multi_json (1.12.0) + multi_json (1.12.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) + nokogiri (1.6.8) + mini_portile2 (~> 2.1.0) + pkg-config (~> 1.1.7) oauth2 (1.1.0) faraday (>= 0.8, < 0.10) jwt (~> 1.0, < 1.5.2) @@ -103,6 +104,7 @@ GEM rack-openid (~> 1.3.1) origin (2.2.0) orm_adapter (0.5.0) + pkg-config (1.1.7) rack (1.6.4) rack-openid (1.3.1) rack (>= 1.1.0) @@ -133,13 +135,13 @@ GEM activesupport (= 4.2.6) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.1.2) + rake (11.2.2) rdoc (4.2.2) json (~> 1.4) responders (2.2.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.6.0) + sprockets (3.6.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.0.4) @@ -147,7 +149,7 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.11) - test_after_commit (1.0.0) + test_after_commit (1.1.0) activerecord (>= 3.2) thor (0.19.1) thread_safe (0.3.5) @@ -181,4 +183,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.11.2 + 1.12.5 diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 05ad1c537f..4ac364f28e 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -7,28 +7,6 @@ GIT actionpack (= 4.1.15) actionview (= 4.1.15) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.15) - actionview (= 4.1.15) - activesupport (= 4.1.15) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - actionview (4.1.15) - activesupport (= 4.1.15) - builder (~> 3.1) - erubis (~> 2.7.0) - activemodel (4.1.15) - activesupport (= 4.1.15) - builder (~> 3.1) - activerecord (4.1.15) - activemodel (= 4.1.15) - activesupport (= 4.1.15) - arel (~> 5.0.0) - activesupport (4.1.15) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.1) - tzinfo (~> 1.1) rails (4.1.15) actionmailer (= 4.1.15) actionpack (= 4.1.15) @@ -39,11 +17,6 @@ GIT bundler (>= 1.3.0, < 2.0) railties (= 4.1.15) sprockets-rails (~> 2.0) - railties (4.1.15) - actionpack (= 4.1.15) - activesupport (= 4.1.15) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) PATH remote: .. @@ -58,6 +31,28 @@ PATH GEM remote: https://rubygems.org/ specs: + actionpack (4.1.15) + actionview (= 4.1.15) + activesupport (= 4.1.15) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + actionview (4.1.15) + activesupport (= 4.1.15) + builder (~> 3.1) + erubis (~> 2.7.0) + activemodel (4.1.15) + activesupport (= 4.1.15) + builder (~> 3.1) + activerecord (4.1.15) + activemodel (= 4.1.15) + activesupport (= 4.1.15) + arel (~> 5.0.0) + activesupport (4.1.15) + i18n (~> 0.6, >= 0.6.9) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) + thread_safe (~> 0.1) + tzinfo (~> 1.1) arel (5.0.1.20140414130214) bcrypt (3.1.11) bson (3.2.6) @@ -74,10 +69,10 @@ GEM mail (2.6.4) mime-types (>= 1.16, < 4) metaclass (0.0.4) - mime-types (3.0) + mime-types (3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0221) - mini_portile2 (2.0.0) + mime-types-data (3.2016.0521) + mini_portile2 (2.1.0) minitest (5.9.0) mocha (1.1.0) metaclass (~> 0.0.1) @@ -90,11 +85,12 @@ GEM bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.12.0) + multi_json (1.12.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) + nokogiri (1.6.8) + mini_portile2 (~> 2.1.0) + pkg-config (~> 1.1.7) oauth2 (1.1.0) faraday (>= 0.8, < 0.10) jwt (~> 1.0, < 1.5.2) @@ -115,19 +111,25 @@ GEM optionable (0.2.0) origin (2.2.0) orm_adapter (0.5.0) + pkg-config (1.1.7) rack (1.5.5) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rake (11.1.2) + railties (4.1.15) + actionpack (= 4.1.15) + activesupport (= 4.1.15) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (11.2.2) rdoc (4.2.2) json (~> 1.4) responders (1.1.2) railties (>= 3.2, < 4.2) ruby-openid (2.7.0) - sprockets (3.6.0) + sprockets (3.6.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) @@ -135,7 +137,7 @@ GEM activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.11) - test_after_commit (1.0.0) + test_after_commit (1.1.0) activerecord (>= 3.2) thor (0.19.1) thread_safe (0.3.5) @@ -169,4 +171,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.11.2 + 1.12.5 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 9f353204e0..23f8d06c5a 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/rails.git - revision: 5be7cfa46e055148c8b74ac5d48982a3435f477c + revision: 2c07f591c78a9915557a041f093cf79670423dd8 branch: 4-2-stable specs: actionmailer (4.2.6) @@ -88,10 +88,10 @@ GEM mail (2.6.4) mime-types (>= 1.16, < 4) metaclass (0.0.4) - mime-types (3.0) + mime-types (3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0221) - mini_portile2 (2.0.0) + mime-types-data (3.2016.0521) + mini_portile2 (2.1.0) minitest (5.9.0) mocha (1.1.0) metaclass (~> 0.0.1) @@ -104,11 +104,12 @@ GEM bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.12.0) + multi_json (1.12.1) multi_xml (0.5.5) multipart-post (2.0.0) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) + nokogiri (1.6.8) + mini_portile2 (~> 2.1.0) + pkg-config (~> 1.1.7) oauth2 (1.1.0) faraday (>= 0.8, < 0.10) jwt (~> 1.0, < 1.5.2) @@ -129,6 +130,7 @@ GEM optionable (0.2.0) origin (2.2.0) orm_adapter (0.5.0) + pkg-config (1.1.7) rack (1.6.4) rack-openid (1.3.1) rack (>= 1.1.0) @@ -143,13 +145,13 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - rake (11.1.2) + rake (11.2.2) rdoc (4.2.2) json (~> 1.4) responders (2.2.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.6.0) + sprockets (3.6.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.0.4) @@ -157,7 +159,7 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.11) - test_after_commit (1.0.0) + test_after_commit (1.1.0) activerecord (>= 3.2) thor (0.19.1) thread_safe (0.3.5) @@ -191,4 +193,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.11.2 + 1.12.5 diff --git a/gemfiles/Gemfile.rails-5.0 b/gemfiles/Gemfile.rails-5.0 index 2a4c1e3c9b..09cad40a48 100644 --- a/gemfiles/Gemfile.rails-5.0 +++ b/gemfiles/Gemfile.rails-5.0 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", "5.0.0.rc1" +gem "rails", "5.0.0.rc2" gem "omniauth", "~> 1.3" gem "oauth2" gem "omniauth-oauth2" diff --git a/gemfiles/Gemfile.rails-5.0.lock b/gemfiles/Gemfile.rails-5.0.lock index b5965e5713..23a3468128 100644 --- a/gemfiles/Gemfile.rails-5.0.lock +++ b/gemfiles/Gemfile.rails-5.0.lock @@ -21,39 +21,39 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.0.0.rc1) - actionpack (= 5.0.0.rc1) + actioncable (5.0.0.rc2) + actionpack (= 5.0.0.rc2) nio4r (~> 1.2) websocket-driver (~> 0.6.1) - actionmailer (5.0.0.rc1) - actionpack (= 5.0.0.rc1) - actionview (= 5.0.0.rc1) - activejob (= 5.0.0.rc1) + actionmailer (5.0.0.rc2) + actionpack (= 5.0.0.rc2) + actionview (= 5.0.0.rc2) + activejob (= 5.0.0.rc2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (5.0.0.rc1) - actionview (= 5.0.0.rc1) - activesupport (= 5.0.0.rc1) + actionpack (5.0.0.rc2) + actionview (= 5.0.0.rc2) + activesupport (= 5.0.0.rc2) rack (~> 2.x) rack-test (~> 0.6.3) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0.rc1) - activesupport (= 5.0.0.rc1) + actionview (5.0.0.rc2) + activesupport (= 5.0.0.rc2) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.0.rc1) - activesupport (= 5.0.0.rc1) + activejob (5.0.0.rc2) + activesupport (= 5.0.0.rc2) globalid (>= 0.3.6) - activemodel (5.0.0.rc1) - activesupport (= 5.0.0.rc1) - activerecord (5.0.0.rc1) - activemodel (= 5.0.0.rc1) - activesupport (= 5.0.0.rc1) + activemodel (5.0.0.rc2) + activesupport (= 5.0.0.rc2) + activerecord (5.0.0.rc2) + activemodel (= 5.0.0.rc2) + activesupport (= 5.0.0.rc2) arel (~> 7.0) - activesupport (5.0.0.rc1) + activesupport (5.0.0.rc2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (~> 0.7) minitest (~> 5.1) @@ -77,19 +77,20 @@ GEM mime-types (>= 1.16, < 4) metaclass (0.0.4) method_source (0.8.2) - mime-types (3.0) + mime-types (3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0221) - mini_portile2 (2.0.0) + mime-types-data (3.2016.0521) + mini_portile2 (2.1.0) minitest (5.9.0) mocha (1.1.0) metaclass (~> 0.0.1) - multi_json (1.12.0) + multi_json (1.12.1) multi_xml (0.5.5) multipart-post (2.0.0) nio4r (1.2.1) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) + nokogiri (1.6.8) + mini_portile2 (~> 2.1.0) + pkg-config (~> 1.1.7) oauth2 (1.1.0) faraday (>= 0.8, < 0.10) jwt (~> 1.0, < 1.5.2) @@ -108,6 +109,7 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) + pkg-config (1.1.7) rack (2.0.0.rc1) json rack-openid (1.3.1) @@ -115,17 +117,17 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.0.rc1) - actioncable (= 5.0.0.rc1) - actionmailer (= 5.0.0.rc1) - actionpack (= 5.0.0.rc1) - actionview (= 5.0.0.rc1) - activejob (= 5.0.0.rc1) - activemodel (= 5.0.0.rc1) - activerecord (= 5.0.0.rc1) - activesupport (= 5.0.0.rc1) + rails (5.0.0.rc2) + actioncable (= 5.0.0.rc2) + actionmailer (= 5.0.0.rc2) + actionpack (= 5.0.0.rc2) + actionview (= 5.0.0.rc2) + activejob (= 5.0.0.rc2) + activemodel (= 5.0.0.rc2) + activerecord (= 5.0.0.rc2) + activesupport (= 5.0.0.rc2) bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.rc1) + railties (= 5.0.0.rc2) sprockets-rails (>= 2.0.0) rails-controller-testing (0.1.1) actionpack (~> 5.x) @@ -139,19 +141,19 @@ GEM rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (5.0.0.rc1) - actionpack (= 5.0.0.rc1) - activesupport (= 5.0.0.rc1) + railties (5.0.0.rc2) + actionpack (= 5.0.0.rc2) + activesupport (= 5.0.0.rc2) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.1.2) + rake (11.2.2) rdoc (4.2.2) json (~> 1.4) responders (2.2.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.6.0) + sprockets (3.6.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.0.4) @@ -169,7 +171,7 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.6.3) + websocket-driver (0.6.4) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.2) @@ -188,7 +190,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (= 5.0.0.rc1) + rails (= 5.0.0.rc2) rails-controller-testing rdoc responders (~> 2.1) @@ -196,4 +198,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.11.2 + 1.12.5 From 8d78dc072f78b842a3541deb63c1bde261ddf1b7 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Jun 2016 15:17:20 -0300 Subject: [PATCH 0976/1473] Disable Travis CI `fast_finish`. Fast finish triggers multiple Slack notification and floods our OSS slack room, and it is a known bug for a while. Reference: travis-ci/travis-ci/issues/1696 --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 46ab3993bf..79411e03df 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,6 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.0 allow_failures: - rvm: ruby-head - fast_finish: true services: - mongodb From a20cca68733c422116dabb66f28fe769e0bf303b Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Jun 2016 16:43:57 -0300 Subject: [PATCH 0977/1473] Fix `IllegalStateError` for controller tests with custom strategies. --- lib/devise/test/controller_helpers.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 0535183ab4..bd0d4aa189 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -147,12 +147,12 @@ def _process_unauthenticated(env, options = {}) # testing time, we want the response to be available to the testing # framework to verify what would be returned to rack. if ret.is_a?(Array) + status, headers, body = *ret # ensure the controller response is set to our response. @controller.response ||= @response - @response.status = ret.first - @response.headers.clear - ret.second.each { |k,v| @response[k] = v } - @response.body = ret.third + @response.status = status + @response.headers.merge!(headers) + @response.body = body end ret From 656720583ff0ee382e608fa8b074649d8b5a7132 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Jun 2016 16:48:12 -0300 Subject: [PATCH 0978/1473] Remove `assert_nothing_raised` deprecated usage. --- test/controllers/sessions_controller_test.rb | 2 +- test/devise_test.rb | 6 +++--- test/models_test.rb | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 82d066b229..69b65f379f 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -94,7 +94,7 @@ class SessionsControllerTest < Devise::ControllerTestCase User.class_eval { attr_protected :email } begin - assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do + assert_nothing_raised do get :new, user: { email: "allez viens!" } end ensure diff --git a/test/devise_test.rb b/test/devise_test.rb index 1281a5186e..07377cc626 100755 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -67,18 +67,18 @@ class DeviseTest < ActiveSupport::TestCase end test 'add new module using the helper method' do - assert_nothing_raised(Exception) { Devise.add_module(:coconut) } + Devise.add_module(:coconut) assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size refute Devise::STRATEGIES.include?(:coconut) refute defined?(Devise::Models::Coconut) Devise::ALL.delete(:coconut) - assert_nothing_raised(Exception) { Devise.add_module(:banana, strategy: :fruits) } + Devise.add_module(:banana, strategy: :fruits) assert_equal :fruits, Devise::STRATEGIES[:banana] Devise::ALL.delete(:banana) Devise::STRATEGIES.delete(:banana) - assert_nothing_raised(Exception) { Devise.add_module(:kivi, controller: :fruits) } + Devise.add_module(:kivi, controller: :fruits) assert_equal :fruits, Devise::CONTROLLERS[:kivi] Devise::ALL.delete(:kivi) Devise::CONTROLLERS.delete(:kivi) diff --git a/test/models_test.rb b/test/models_test.rb index 3b462afc1b..2dc3d9d813 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -112,7 +112,7 @@ class CheckFieldsTest < ActiveSupport::TestCase attr_accessor :encrypted_password, :email end - assert_nothing_raised Devise::Models::MissingAttribute do + assert_nothing_raised do Devise::Models.check_fields!(Player) end end From 22784cb55abefc8a62c69dcc170a30d18e45c7ac Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Jun 2016 16:50:26 -0300 Subject: [PATCH 0979/1473] Remove `ActiveRecord::Migration` inheritance deprecation warning. --- test/rails_app/db/migrate/20100401102949_create_tables.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb index fd90b504bf..4eecbc2cd3 100644 --- a/test/rails_app/db/migrate/20100401102949_create_tables.rb +++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb @@ -1,4 +1,8 @@ -class CreateTables < ActiveRecord::Migration +superclass = ActiveRecord::Migration +# TODO: Inherit from the 5.0 Migration class directly when we drop support for Rails 4. +superclass = ActiveRecord::Migration[5.0] if superclass.respond_to?(:[]) + +class CreateTables < superclass def self.up create_table :users do |t| t.string :username From fe10a5b17a2d2c7f83ca3f3b978e5084e041dd88 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Mon, 27 Jun 2016 17:08:52 -0300 Subject: [PATCH 0980/1473] Fix test typo and expand test cases for `Rememberable#rememberable_value`. Closes #4157 --- test/models/rememberable_test.rb | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 4950e33dd7..aa9ce817a1 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -99,15 +99,28 @@ def create_resource assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc) end + test 'raises a RuntimeError if the user does not implements a rememberable value' do + user = User.new + assert_raise(RuntimeError) { user.rememberable_value } + + user_with_remember_token = User.new + def user_with_remember_token.remember_token; '123-token'; end + assert_equal '123-token', user_with_remember_token.rememberable_value + + user_with_salt = User.new + def user_with_salt.authenticatable_salt; '123-salt'; end + assert_equal '123-salt', user_with_salt.rememberable_value + end + test 'raises a RuntimeError if authenticatable_salt is nil or empty' do user = User.new - def user.authenticable_salt; nil; end + def user.authenticatable_salt; nil; end assert_raise RuntimeError do user.rememberable_value end user = User.new - def user.authenticable_salt; ""; end + def user.authenticatable_salt; ""; end assert_raise RuntimeError do user.rememberable_value end From 768656deb9391837492febb1d2dd6459e72dca08 Mon Sep 17 00:00:00 2001 From: AnnaGulstine Date: Thu, 30 Jun 2016 21:15:32 -0500 Subject: [PATCH 0981/1473] Added clarification to README regarding Devise setup --- README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index f5cf66a004..20a730c50f 100644 --- a/README.md +++ b/README.md @@ -97,27 +97,30 @@ gem 'devise' Run the bundle command to install it. -After you install Devise and add it to your Gemfile, you need to run the generator: +Next, you need to run the generator: ```console $ rails generate devise:install ``` +At this point, a number of instructions will appear in the console. Among these instructions, you'll need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: + +```ruby +config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } +``` + The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator. + In the following command you will replace `MODEL` with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. ```console $ rails generate devise MODEL ``` -Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate` - -Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: +Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. -```ruby -config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } -``` +Then run `rake db:migrate` You should restart your application after changing Devise's configuration options. Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined. From b1508e93e188596e42e4b889552854c9a24c891e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 1 Jul 2016 14:08:38 -0300 Subject: [PATCH 0982/1473] Properly check for `authentication_keys` or `encrypted_password` changes when clearing the reset password token This change is required to better support scenarios where records don't have an `encrypted_password` column and the password is managed elsewhere (LDAP, for instance). The move from `email_changed?` to loop through the `authentication_keys` is also useful to support edge cases where users can authenticate with different attributes besides their email. Closes #3624. --- lib/devise/models/recoverable.rb | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index c2cbd0f27b..e1e8ed8f1d 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -27,11 +27,7 @@ def self.required_fields(klass) end included do - before_update do - if (respond_to?(:email_changed?) && email_changed?) || encrypted_password_changed? - clear_reset_password_token - end - end + before_update :clear_reset_password_token, if: :clear_reset_password_token? end # Update password saving the record and clearing token. Returns true if @@ -97,6 +93,15 @@ def send_reset_password_instructions_notification(token) send_devise_notification(:reset_password_instructions, token, {}) end + def clear_reset_password_token? + encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed? + authentication_keys_changed = self.class.authentication_keys.any? do |attribute| + respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") + end + + authentication_keys_changed || encrypted_password_changed + end + module ClassMethods # Attempt to find a user by password reset token. If a user is found, return it # If a user is not found, return nil From 2c8727ad426fd10ab5a35e7e5cffd7cab60f4c2d Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 1 Jul 2016 14:13:20 -0300 Subject: [PATCH 0983/1473] Test against Rails 5 by default. --- Gemfile | 19 ++- Gemfile.lock | 143 ++++++++++-------- gemfiles/Gemfile.rails-4.1-stable.lock | 62 ++++---- gemfiles/Gemfile.rails-4.2-stable.lock | 68 ++++----- gemfiles/Gemfile.rails-5.0 | 37 ----- gemfiles/Gemfile.rails-5.0.lock | 201 ------------------------- 6 files changed, 155 insertions(+), 375 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-5.0 delete mode 100644 gemfiles/Gemfile.rails-5.0.lock diff --git a/Gemfile b/Gemfile index 48640eba22..13023d87a2 100644 --- a/Gemfile +++ b/Gemfile @@ -2,17 +2,23 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 4.2.6" -gem "omniauth" +gem "rails", "~> 5.0.0" +gem "omniauth", "~> 1.3" +gem "oauth2" gem "omniauth-oauth2" gem "rdoc" +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing" + +gem "responders", "~> 2.1" + group :test do gem "omniauth-facebook" gem "omniauth-openid" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :jruby do @@ -25,6 +31,7 @@ platforms :ruby do gem "sqlite3" end -group :mongoid do - gem "mongoid", "~> 5.0" -end +# TODO: +# group :mongoid do +# gem "mongoid", "~> 4.0.0" +# end diff --git a/Gemfile.lock b/Gemfile.lock index 6eb71c171f..1afecdef5b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,13 @@ +GIT + remote: git://github.com/rails/activemodel-serializers-xml.git + revision: 570ee7ed33d60e44ca1f3ccbec3d1fbf61d52cbf + specs: + activemodel-serializers-xml (1.0.1) + activemodel (> 5.x) + activerecord (> 5.x) + activesupport (> 5.x) + builder (~> 3.1) + PATH remote: . specs: @@ -11,44 +21,45 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.2.6) - actionpack (= 4.2.6) - actionview (= 4.2.6) - activejob (= 4.2.6) + actioncable (5.0.0) + actionpack (= 5.0.0) + nio4r (~> 1.2) + websocket-driver (~> 0.6.1) + actionmailer (5.0.0) + actionpack (= 5.0.0) + actionview (= 5.0.0) + activejob (= 5.0.0) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.6) - actionview (= 4.2.6) - activesupport (= 4.2.6) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) + rails-dom-testing (~> 2.0) + actionpack (5.0.0) + actionview (= 5.0.0) + activesupport (= 5.0.0) + rack (~> 2.0) + rack-test (~> 0.6.3) + rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.6) - activesupport (= 4.2.6) + actionview (5.0.0) + activesupport (= 5.0.0) builder (~> 3.1) erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) + rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.6) - activesupport (= 4.2.6) - globalid (>= 0.3.0) - activemodel (4.2.6) - activesupport (= 4.2.6) - builder (~> 3.1) - activerecord (4.2.6) - activemodel (= 4.2.6) - activesupport (= 4.2.6) - arel (~> 6.0) - activesupport (4.2.6) + activejob (5.0.0) + activesupport (= 5.0.0) + globalid (>= 0.3.6) + activemodel (5.0.0) + activesupport (= 5.0.0) + activerecord (5.0.0) + activemodel (= 5.0.0) + activesupport (= 5.0.0) + arel (~> 7.0) + activesupport (5.0.0) + concurrent-ruby (~> 1.0, >= 1.0.2) i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - arel (6.0.3) + arel (7.0.0) bcrypt (3.1.11) - bson (4.1.1) builder (3.2.2) concurrent-ruby (1.0.2) erubis (2.7.0) @@ -59,12 +70,13 @@ GEM hashie (3.4.4) i18n (0.7.0) json (1.8.3) - jwt (1.5.1) + jwt (1.5.4) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.4) mime-types (>= 1.16, < 4) metaclass (0.0.4) + method_source (0.8.2) mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) @@ -72,22 +84,16 @@ GEM minitest (5.9.0) mocha (1.1.0) metaclass (~> 0.0.1) - mongo (2.2.5) - bson (~> 4.0) - mongoid (5.1.3) - activemodel (~> 4.0) - mongo (~> 2.1) - origin (~> 2.2) - tzinfo (>= 0.3.37) multi_json (1.12.1) multi_xml (0.5.5) multipart-post (2.0.0) + nio4r (1.2.1) nokogiri (1.6.8) mini_portile2 (~> 2.1.0) pkg-config (~> 1.1.7) - oauth2 (1.1.0) + oauth2 (1.2.0) faraday (>= 0.8, < 0.10) - jwt (~> 1.0, < 1.5.2) + jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) @@ -102,37 +108,39 @@ GEM omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - origin (2.2.0) orm_adapter (0.5.0) pkg-config (1.1.7) - rack (1.6.4) + rack (2.0.1) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (4.2.6) - actionmailer (= 4.2.6) - actionpack (= 4.2.6) - actionview (= 4.2.6) - activejob (= 4.2.6) - activemodel (= 4.2.6) - activerecord (= 4.2.6) - activesupport (= 4.2.6) + rails (5.0.0) + actioncable (= 5.0.0) + actionmailer (= 5.0.0) + actionpack (= 5.0.0) + actionview (= 5.0.0) + activejob (= 5.0.0) + activemodel (= 5.0.0) + activerecord (= 5.0.0) + activesupport (= 5.0.0) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.6) - sprockets-rails - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) + railties (= 5.0.0) + sprockets-rails (>= 2.0.0) + rails-controller-testing (0.1.1) + actionpack (~> 5.x) + actionview (~> 5.x) + activesupport (~> 5.x) + rails-dom-testing (2.0.1) + activesupport (>= 4.2.0, < 6.0) nokogiri (~> 1.6.0) - rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (4.2.6) - actionpack (= 4.2.6) - activesupport (= 4.2.6) + railties (5.0.0) + actionpack (= 5.0.0) + activesupport (= 5.0.0) + method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (11.2.2) @@ -144,13 +152,11 @@ GEM sprockets (3.6.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.0.4) + sprockets-rails (3.1.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.11) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (0.19.1) thread_safe (0.3.5) tzinfo (1.2.2) @@ -161,25 +167,30 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) + websocket-driver (0.6.4) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.2) PLATFORMS ruby DEPENDENCIES + activemodel-serializers-xml! activerecord-jdbc-adapter activerecord-jdbcsqlite3-adapter devise! jruby-openssl mocha (~> 1.1) - mongoid (~> 5.0) - omniauth + oauth2 + omniauth (~> 1.3) omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 4.2.6) + rails (~> 5.0.0) + rails-controller-testing rdoc + responders (~> 2.1) sqlite3 - test_after_commit webrat (= 0.7.3) BUNDLED WITH diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 4ac364f28e..44d3f116a5 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,12 +1,34 @@ GIT remote: git://github.com/rails/rails.git - revision: 41b4d81b4fd14cbf43060c223bea0f461256d099 + revision: 9f5cbe613c8a80282970c73b0f00095788d54e34 branch: 4-1-stable specs: actionmailer (4.1.15) actionpack (= 4.1.15) actionview (= 4.1.15) mail (~> 2.5, >= 2.5.4) + actionpack (4.1.15) + actionview (= 4.1.15) + activesupport (= 4.1.15) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + actionview (4.1.15) + activesupport (= 4.1.15) + builder (~> 3.1) + erubis (~> 2.7.0) + activemodel (4.1.15) + activesupport (= 4.1.15) + builder (~> 3.1) + activerecord (4.1.15) + activemodel (= 4.1.15) + activesupport (= 4.1.15) + arel (~> 5.0.0) + activesupport (4.1.15) + i18n (~> 0.6, >= 0.6.9) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) + thread_safe (~> 0.1) + tzinfo (~> 1.1) rails (4.1.15) actionmailer (= 4.1.15) actionpack (= 4.1.15) @@ -17,6 +39,11 @@ GIT bundler (>= 1.3.0, < 2.0) railties (= 4.1.15) sprockets-rails (~> 2.0) + railties (4.1.15) + actionpack (= 4.1.15) + activesupport (= 4.1.15) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) PATH remote: .. @@ -31,28 +58,6 @@ PATH GEM remote: https://rubygems.org/ specs: - actionpack (4.1.15) - actionview (= 4.1.15) - activesupport (= 4.1.15) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - actionview (4.1.15) - activesupport (= 4.1.15) - builder (~> 3.1) - erubis (~> 2.7.0) - activemodel (4.1.15) - activesupport (= 4.1.15) - builder (~> 3.1) - activerecord (4.1.15) - activemodel (= 4.1.15) - activesupport (= 4.1.15) - arel (~> 5.0.0) - activesupport (4.1.15) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.1) - tzinfo (~> 1.1) arel (5.0.1.20140414130214) bcrypt (3.1.11) bson (3.2.6) @@ -65,7 +70,7 @@ GEM hashie (3.4.4) i18n (0.7.0) json (1.8.3) - jwt (1.5.1) + jwt (1.5.4) mail (2.6.4) mime-types (>= 1.16, < 4) metaclass (0.0.4) @@ -91,9 +96,9 @@ GEM nokogiri (1.6.8) mini_portile2 (~> 2.1.0) pkg-config (~> 1.1.7) - oauth2 (1.1.0) + oauth2 (1.2.0) faraday (>= 0.8, < 0.10) - jwt (~> 1.0, < 1.5.2) + jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) @@ -118,11 +123,6 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - railties (4.1.15) - actionpack (= 4.1.15) - activesupport (= 4.1.15) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) rake (11.2.2) rdoc (4.2.2) json (~> 1.4) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 23f8d06c5a..07faad2611 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,57 +1,57 @@ GIT remote: git://github.com/rails/rails.git - revision: 2c07f591c78a9915557a041f093cf79670423dd8 + revision: 5a85938418285ab81e3db52ea102d19f95ed7a94 branch: 4-2-stable specs: - actionmailer (4.2.6) - actionpack (= 4.2.6) - actionview (= 4.2.6) - activejob (= 4.2.6) + actionmailer (4.2.7.rc1) + actionpack (= 4.2.7.rc1) + actionview (= 4.2.7.rc1) + activejob (= 4.2.7.rc1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.6) - actionview (= 4.2.6) - activesupport (= 4.2.6) + actionpack (4.2.7.rc1) + actionview (= 4.2.7.rc1) + activesupport (= 4.2.7.rc1) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.6) - activesupport (= 4.2.6) + actionview (4.2.7.rc1) + activesupport (= 4.2.7.rc1) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.6) - activesupport (= 4.2.6) + activejob (4.2.7.rc1) + activesupport (= 4.2.7.rc1) globalid (>= 0.3.0) - activemodel (4.2.6) - activesupport (= 4.2.6) + activemodel (4.2.7.rc1) + activesupport (= 4.2.7.rc1) builder (~> 3.1) - activerecord (4.2.6) - activemodel (= 4.2.6) - activesupport (= 4.2.6) + activerecord (4.2.7.rc1) + activemodel (= 4.2.7.rc1) + activesupport (= 4.2.7.rc1) arel (~> 6.0) - activesupport (4.2.6) + activesupport (4.2.7.rc1) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - rails (4.2.6) - actionmailer (= 4.2.6) - actionpack (= 4.2.6) - actionview (= 4.2.6) - activejob (= 4.2.6) - activemodel (= 4.2.6) - activerecord (= 4.2.6) - activesupport (= 4.2.6) + rails (4.2.7.rc1) + actionmailer (= 4.2.7.rc1) + actionpack (= 4.2.7.rc1) + actionview (= 4.2.7.rc1) + activejob (= 4.2.7.rc1) + activemodel (= 4.2.7.rc1) + activerecord (= 4.2.7.rc1) + activesupport (= 4.2.7.rc1) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.6) + railties (= 4.2.7.rc1) sprockets-rails - railties (4.2.6) - actionpack (= 4.2.6) - activesupport (= 4.2.6) + railties (4.2.7.rc1) + actionpack (= 4.2.7.rc1) + activesupport (= 4.2.7.rc1) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -82,7 +82,7 @@ GEM hashie (3.4.4) i18n (0.7.0) json (1.8.3) - jwt (1.5.1) + jwt (1.5.4) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.4) @@ -110,9 +110,9 @@ GEM nokogiri (1.6.8) mini_portile2 (~> 2.1.0) pkg-config (~> 1.1.7) - oauth2 (1.1.0) + oauth2 (1.2.0) faraday (>= 0.8, < 0.10) - jwt (~> 1.0, < 1.5.2) + jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) @@ -154,7 +154,7 @@ GEM sprockets (3.6.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.0.4) + sprockets-rails (3.1.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) diff --git a/gemfiles/Gemfile.rails-5.0 b/gemfiles/Gemfile.rails-5.0 deleted file mode 100644 index 09cad40a48..0000000000 --- a/gemfiles/Gemfile.rails-5.0 +++ /dev/null @@ -1,37 +0,0 @@ -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", "5.0.0.rc2" -gem "omniauth", "~> 1.3" -gem "oauth2" -gem "omniauth-oauth2" -gem "rdoc" - -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - -gem "rails-controller-testing" - -gem "responders", "~> 2.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3" -end - -# TODO: -# group :mongoid do -# gem "mongoid", "~> 4.0.0" -# end diff --git a/gemfiles/Gemfile.rails-5.0.lock b/gemfiles/Gemfile.rails-5.0.lock deleted file mode 100644 index 23a3468128..0000000000 --- a/gemfiles/Gemfile.rails-5.0.lock +++ /dev/null @@ -1,201 +0,0 @@ -GIT - remote: git://github.com/rails/activemodel-serializers-xml.git - revision: 570ee7ed33d60e44ca1f3ccbec3d1fbf61d52cbf - specs: - activemodel-serializers-xml (1.0.1) - activemodel (> 5.x) - activerecord (> 5.x) - activesupport (> 5.x) - builder (~> 3.1) - -PATH - remote: .. - specs: - devise (4.1.0) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.1) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.0.0.rc2) - actionpack (= 5.0.0.rc2) - nio4r (~> 1.2) - websocket-driver (~> 0.6.1) - actionmailer (5.0.0.rc2) - actionpack (= 5.0.0.rc2) - actionview (= 5.0.0.rc2) - activejob (= 5.0.0.rc2) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (5.0.0.rc2) - actionview (= 5.0.0.rc2) - activesupport (= 5.0.0.rc2) - rack (~> 2.x) - rack-test (~> 0.6.3) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0.rc2) - activesupport (= 5.0.0.rc2) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.0.rc2) - activesupport (= 5.0.0.rc2) - globalid (>= 0.3.6) - activemodel (5.0.0.rc2) - activesupport (= 5.0.0.rc2) - activerecord (5.0.0.rc2) - activemodel (= 5.0.0.rc2) - activesupport (= 5.0.0.rc2) - arel (~> 7.0) - activesupport (5.0.0.rc2) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (7.0.0) - bcrypt (3.1.11) - builder (3.2.2) - concurrent-ruby (1.0.2) - erubis (2.7.0) - faraday (0.9.2) - multipart-post (>= 1.2, < 3) - globalid (0.3.6) - activesupport (>= 4.1.0) - hashie (3.4.4) - i18n (0.7.0) - json (1.8.3) - jwt (1.5.1) - loofah (2.0.3) - nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - metaclass (0.0.4) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.9.0) - mocha (1.1.0) - metaclass (~> 0.0.1) - multi_json (1.12.1) - multi_xml (0.5.5) - multipart-post (2.0.0) - nio4r (1.2.1) - nokogiri (1.6.8) - mini_portile2 (~> 2.1.0) - pkg-config (~> 1.1.7) - oauth2 (1.1.0) - faraday (>= 0.8, < 0.10) - jwt (~> 1.0, < 1.5.2) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.3.1) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) - omniauth-facebook (3.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) - omniauth (~> 1.2) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - pkg-config (1.1.7) - rack (2.0.0.rc1) - json - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails (5.0.0.rc2) - actioncable (= 5.0.0.rc2) - actionmailer (= 5.0.0.rc2) - actionpack (= 5.0.0.rc2) - actionview (= 5.0.0.rc2) - activejob (= 5.0.0.rc2) - activemodel (= 5.0.0.rc2) - activerecord (= 5.0.0.rc2) - activesupport (= 5.0.0.rc2) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0.rc2) - sprockets-rails (>= 2.0.0) - rails-controller-testing (0.1.1) - actionpack (~> 5.x) - actionview (~> 5.x) - activesupport (~> 5.x) - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.0.0.rc2) - actionpack (= 5.0.0.rc2) - activesupport (= 5.0.0.rc2) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (11.2.2) - rdoc (4.2.2) - json (~> 1.4) - responders (2.2.0) - railties (>= 4.2.0, < 5.1) - ruby-openid (2.7.0) - sprockets (3.6.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.0.4) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.11) - thor (0.19.1) - thread_safe (0.3.5) - tzinfo (1.2.2) - thread_safe (~> 0.1) - warden (1.2.6) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.6.4) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 1.1) - oauth2 - omniauth (~> 1.3) - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (= 5.0.0.rc2) - rails-controller-testing - rdoc - responders (~> 2.1) - sqlite3 - webrat (= 0.7.3) - -BUNDLED WITH - 1.12.5 From e05523f7673ea6f53d5baadeb045e81476c3af38 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 1 Jul 2016 14:13:50 -0300 Subject: [PATCH 0984/1473] Prepare for 4.2.0 release. --- CHANGELOG.md | 2 ++ Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- lib/devise/version.rb | 2 +- 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f1d988198..b929948556 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.2.0 - 2016-07-01 + * removals * Remove the deprecated `Devise::ParameterSanitizer` API from Devise 3. Please use the `#permit` and `#sanitize` methods over `#for`. diff --git a/Gemfile.lock b/Gemfile.lock index 1afecdef5b..0bcc7598a3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (4.1.0) + devise (4.2.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 44d3f116a5..6db57394cd 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.1.0) + devise (4.2.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 07faad2611..85494014a7 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -58,7 +58,7 @@ GIT PATH remote: .. specs: - devise (4.1.0) + devise (4.2.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 51251d7c0c..0c77195a2a 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.1.0".freeze + VERSION = "4.2.0".freeze end From 245b1f9de0b3386b7913e14b60ea24f43b77feb0 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 1 Jul 2016 14:22:38 -0300 Subject: [PATCH 0985/1473] Update `.travis.yml`. --- .travis.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 79411e03df..75015f2373 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,16 +8,15 @@ rvm: gemfile: - Gemfile - - gemfiles/Gemfile.rails-5.0 - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable matrix: exclude: - rvm: 2.1.9 - gemfile: gemfiles/Gemfile.rails-5.0 + gemfile: Gemfile - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.0 + gemfile: Gemfile allow_failures: - rvm: ruby-head services: From e6b5f5f31a1d48f6e8d08c530eaea8ca3979fa99 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 12 Jul 2016 21:29:02 -0300 Subject: [PATCH 0986/1473] Expand `CONTRIBUTING.md` [ci skip]. --- CONTRIBUTING.md | 96 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 68 insertions(+), 28 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 302fbd6e64..fb9dd7ad40 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,39 +1,79 @@ -### Please read before contributing +# How to contribute to Devise -1) Do not post questions in the issues tracker. If you have any questions about -Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use -the [Mailing List](https://groups.google.com/group/plataformatec-devise) or -[Stack Overflow](http://stackoverflow.com/questions/tagged/devise). +Thanks for your interest on contributing to Devise! Here are a few general +guidelines on contributing and reporting bugs to Devise that we ask you to +take a look first. Notice that all of your interactions in the project are +expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md). -2) If you find a security bug, **DO NOT** submit an issue here. Please send an +## Reporting Issues + +Before reporting a new issue, please be sure that the issue wasn't already +reported or fixed by searching on GitHub through our [issues](https://github.com/plataformatec/devise/issues). + +When creating a new issue, be sure to include a **title and clear description**, +as much relevant information as possible, and either a test case example or +even better a **sample Rails app that replicates the issue** - Devise has a lot +of moving parts and it's functionality can be affected by third party gems, so +we need as much context and details as possible to identify what might be broken +for you. We have a [test case template](guides/bug_report_templates/integration_test.rb) +that can be used to replicate issues with minimal setup. + +Please do not attempt to translate Devise built in views. The views are meant +to be a starting point for fresh apps and not production material - eventually +all applications will require custom views where you can write your own copy and +translate it if the application requires it . For historical references, please look into closed +[Issues/Pull Requests](https://github.com/plataformatec/devise/issues?q=i18n) regarding +internationalization. + +Avoid opening new issues to ask questions in our issues tracker. Please go through +the project wiki, documentation and source code first, or try to ask your question +on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). + +**If you find a security bug, do not report it through GitHub. Please send an e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) -instead. +instead.** + +## Sending Pull Requests + +Before sending a new Pull Request, take a look on existing Pull Requests and Issues +to see if the proposed change or fix has been discussed in the past, or if the +change was already implemented but not yet released. + +We expect new Pull Requests to include enough tests for new or changed behavior, +and we aim to maintain everything as most backwards compatible as possible, +reserving breaking changes to be ship in major releases when necessary - you +can wrap the new code path with a setting toggle from the `Devise` module defined +as `false` by default to require developers to opt-in for the new behavior. -3) If possible, replicate your issue with our -[guides/bug_report_templates/integration_test.rb](test case example), and attach -it to your issue or Pull Request - this way we have an isolated way to replicate -your issue and investigate it further. +If your Pull Request includes new or changed behavior, be sure that the changes +are beneficial to a wide range of use cases or it's an application specific change +that might not be so valuable to other applications. Some changes can be introduced +as a new `devise-something` gem instead of belonging to the main codebase. -4) Otherwise, please provide a fresh new Rails application that replicates your -issue on a public GitHub repository, as some scenarios might not be possible to -replicate using the standalone test case example. +When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/plataformatec/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks +to the new setting. -5) Do a small search on the issues tracker before submitting your issue to see -if it was already reported / fixed. Duplicated issues will be closed to avoid -too much noise/duplication in the issue tracker. +We also welcome Pull Requests that improve our existing documentation (both our +`README.md` and the RDoc sections in the source code) or improve existing rough +edges in our API that might be blocking existing integrations or 3rd party gems. -6) When reporting an issue, include Rails, Devise and Warden versions. If you -are getting exceptions, please include the full backtrace. +## Other ways to contribute -7) Please do not attempt to translate Devise built in views. The views are meant -to be a starting point and not a final version. For historical references, -please look into closed issues/Pull regarding i18n. +We welcome anyone that wants to contribute to Devise to triage and reply to +open issues to help troubleshoot and fix existing bugs on Devise. Here is what +you can do: -8) Notice that all of your interactions in the project are expected to follow -our [Code of Conduct](CODE_OF_CONDUCT.md) +* Help ensure that existing issues follows the recommendations from the +_[Reporting Issues](#reporting-issues)_ section, providing feeback to the issue's +author on what might be missing. +* Review and update the existing content of our [Wiki](https://github.com/plataformatec/devise/wiki) +with up to date instructions and code samples - the wiki was grown with several +different tutorials and references that we can't keep track of everything, so if +there is a page that showcases an integration or customization that you are +familiar with feel free to update it as necessary. +* Review existing Pull Requests, and testing patches against real existing +applications that use Devise. -That's it! The more information you give, the easier it becomes for us to track -it down and fix it. Ideally, you should provide an application that reproduces -the error or a test case to Devise's suite. +Thanks again for your interest on contributing to the project! -Thanks! +:heart: From e90ba2fbcb4d8a02b1e39c887d646673757ef706 Mon Sep 17 00:00:00 2001 From: Frederik Wille Date: Wed, 13 Jul 2016 11:25:35 +0200 Subject: [PATCH 0987/1473] add block passthrough to devise_mail ActionMailer's ``mail`` method may receive a block for customizing the mails format ``devise_mail`` now has the same functionality by just passing the block to ``mail`` call. fixes plataformatec/devise#2341 --- lib/devise/mailers/helpers.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 79c7c72fc3..ddf8f2bb45 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -11,9 +11,9 @@ module Helpers protected # Configure default email options - def devise_mail(record, action, opts={}) + def devise_mail(record, action, opts = {}, &block) initialize_from_record(record) - mail headers_for(action, opts) + mail headers_for(action, opts), &block end def initialize_from_record(record) From e841c4c5ef826b6838b269d259170bb4fbca82f1 Mon Sep 17 00:00:00 2001 From: Nicolas Viennot Date: Wed, 13 Jul 2016 10:13:14 -0400 Subject: [PATCH 0988/1473] Reduce ORM API surface --- lib/devise/hooks/lockable.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/devise/hooks/lockable.rb b/lib/devise/hooks/lockable.rb index 50b726b7aa..c9d4df140b 100644 --- a/lib/devise/hooks/lockable.rb +++ b/lib/devise/hooks/lockable.rb @@ -2,6 +2,9 @@ # This is only triggered when the user is explicitly set (with set_user) Warden::Manager.after_set_user except: :fetch do |record, warden, options| if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope]) - record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.to_i.zero? + unless record.failed_attempts.to_i.zero? + record.failed_attempts = 0 + record.save(validate: false) + end end end From 83b88353b5c68b5137fd5ea9156b9fc3ad4f0399 Mon Sep 17 00:00:00 2001 From: amingilani Date: Fri, 15 Jul 2016 13:22:51 +0500 Subject: [PATCH 0989/1473] Fix indentation in generators --- .../templates/controllers/registrations_controller.rb | 4 ++-- lib/generators/templates/controllers/sessions_controller.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/generators/templates/controllers/registrations_controller.rb b/lib/generators/templates/controllers/registrations_controller.rb index 71791daedf..3ffd29e91c 100644 --- a/lib/generators/templates/controllers/registrations_controller.rb +++ b/lib/generators/templates/controllers/registrations_controller.rb @@ -1,6 +1,6 @@ class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController -# before_action :configure_sign_up_params, only: [:create] -# before_action :configure_account_update_params, only: [:update] + # before_action :configure_sign_up_params, only: [:create] + # before_action :configure_account_update_params, only: [:update] # GET /resource/sign_up # def new diff --git a/lib/generators/templates/controllers/sessions_controller.rb b/lib/generators/templates/controllers/sessions_controller.rb index c5a02bd216..69afe4b4b4 100644 --- a/lib/generators/templates/controllers/sessions_controller.rb +++ b/lib/generators/templates/controllers/sessions_controller.rb @@ -1,5 +1,5 @@ class <%= @scope_prefix %>SessionsController < Devise::SessionsController -# before_action :configure_sign_in_params, only: [:create] + # before_action :configure_sign_in_params, only: [:create] # GET /resource/sign_in # def new From 65d8e94ed9ee41d563f60f4af6fd1ae1177afe8a Mon Sep 17 00:00:00 2001 From: Frederik Wille Date: Fri, 15 Jul 2016 11:31:11 +0200 Subject: [PATCH 0990/1473] add test in the test we need to declare a subclass of ``Devise::Mailer`` to give a block to mail call inside of method which has a corresponding view template there are propably better ways to test this, but this is pretty much the use case for passing a block --- test/mailers/mailer_test.rb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 test/mailers/mailer_test.rb diff --git a/test/mailers/mailer_test.rb b/test/mailers/mailer_test.rb new file mode 100644 index 0000000000..2c167f73f4 --- /dev/null +++ b/test/mailers/mailer_test.rb @@ -0,0 +1,20 @@ +require "test_helper" + +class MailerTest < ActionMailer::TestCase + test "pass given block to #mail call" do + class TestMailer < Devise::Mailer + def confirmation_instructions(record, token, opts = {}) + @token = token + devise_mail(record, :confirmation_instructions, opts) do |format| + format.html(content_transfer_encoding: "7bit") + end + end + end + + Devise.mailer = TestMailer + create_user + mail = ActionMailer::Base.deliveries.first + + assert mail.content_transfer_encoding, "7bit" + end +end From 54e7a3b9d9783ce7fbfcb79eefb663a4f07d2a89 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Fri, 15 Jul 2016 16:02:43 -0300 Subject: [PATCH 0991/1473] `Devise::Mailer#scope_name` and `Devise::Mailer#resource` shouldn't be public. --- CHANGELOG.md | 4 ++++ lib/devise/mailers/helpers.rb | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b929948556..df8049142a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased +* removals + * `Devise::Mailer#scope_name` and `Devise::Mailer#resource` are now protected + methods instead of public. + ### 4.2.0 - 2016-07-01 * removals diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 79c7c72fc3..70ccdf340a 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -5,11 +5,12 @@ module Helpers included do include Devise::Controllers::ScopedViews - attr_reader :scope_name, :resource end protected + attr_reader :scope_name, :resource + # Configure default email options def devise_mail(record, action, opts={}) initialize_from_record(record) From a5f8cd9d32c7075c9f57bdd26d729b0b21b3d8c4 Mon Sep 17 00:00:00 2001 From: Frederik Wille Date: Mon, 18 Jul 2016 09:00:32 +0200 Subject: [PATCH 0992/1473] simplify test --- test/mailers/mailer_test.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/mailers/mailer_test.rb b/test/mailers/mailer_test.rb index 2c167f73f4..e0f1a5c70f 100644 --- a/test/mailers/mailer_test.rb +++ b/test/mailers/mailer_test.rb @@ -11,8 +11,7 @@ def confirmation_instructions(record, token, opts = {}) end end - Devise.mailer = TestMailer - create_user + TestMailer.confirmation_instructions(create_user, "confirmation-token").deliver_now mail = ActionMailer::Base.deliveries.first assert mail.content_transfer_encoding, "7bit" From 08374f1d338c029dc090b89759eee3166ba4c7ab Mon Sep 17 00:00:00 2001 From: Frederik Wille Date: Mon, 18 Jul 2016 09:24:46 +0200 Subject: [PATCH 0993/1473] fix test --- test/mailers/mailer_test.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/mailers/mailer_test.rb b/test/mailers/mailer_test.rb index e0f1a5c70f..f6ec5d5ad5 100644 --- a/test/mailers/mailer_test.rb +++ b/test/mailers/mailer_test.rb @@ -11,8 +11,7 @@ def confirmation_instructions(record, token, opts = {}) end end - TestMailer.confirmation_instructions(create_user, "confirmation-token").deliver_now - mail = ActionMailer::Base.deliveries.first + mail = TestMailer.confirmation_instructions(create_user, "confirmation-token") assert mail.content_transfer_encoding, "7bit" end From eb0540e0288e58ed43de337be808fc09c9180f41 Mon Sep 17 00:00:00 2001 From: nickharvey27 Date: Mon, 18 Jul 2016 23:46:51 -0700 Subject: [PATCH 0994/1473] fix small typo --- lib/devise/rails/routes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 73c5ceef92..9a02363e9a 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -338,7 +338,7 @@ def unauthenticated(scope=nil) # Sets the devise scope to be used in the controller. If you have custom routes, # you are required to call this method (also aliased as :as) in order to specify - # to which controller it is targetted. + # to which controller it is targeted. # # as :user do # get "sign_in", to: "devise/sessions#new" From 6720f93d2c54904f10b6e6d6beb51d0b5b330976 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Tue, 26 Jul 2016 10:10:31 -0300 Subject: [PATCH 0995/1473] Remove deprecated omniauth path from `store_location` docs [ci skip] --- lib/devise/controllers/store_location.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index 84adbaaa2c..91655a35c4 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -29,7 +29,7 @@ def stored_location_for(resource_or_scope) # Example: # # store_location_for(:user, dashboard_path) - # redirect_to user_omniauth_authorize_path(:facebook) + # redirect_to user_facebook_omniauth_authorize_path # def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) From ae8b0914a99661f429943d9840b7a0e8583c35b0 Mon Sep 17 00:00:00 2001 From: "Ryan T. Hosford" Date: Wed, 10 Aug 2016 09:57:14 -0500 Subject: [PATCH 0996/1473] Updates url for omniauth to omniauth/omniauth repo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 20a730c50f..03ae1d0282 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support. +* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. * [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. From 8ee01fc10bfcd82428e5a32693348dc18b33a9f0 Mon Sep 17 00:00:00 2001 From: Marc G Gauthier Date: Thu, 11 Aug 2016 09:56:45 +0200 Subject: [PATCH 0997/1473] Fix a minor typo in specs There is nothing much to this one, it's in the test description so it shouldn't impact a thing and will make this line more greppable. --- test/integration/authenticatable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 7ad08486f0..57b29aa9b1 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -245,7 +245,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest end end - test 'not signed in users should see unautheticated page (unauthenticated accepted)' do + test 'not signed in users should see unauthenticated page (unauthenticated accepted)' do get join_path assert_response :success From 48aa20897f2a2022c970398c67495cfb04be5f2a Mon Sep 17 00:00:00 2001 From: Olivier Lacan Date: Mon, 15 Aug 2016 15:51:11 -0400 Subject: [PATCH 0998/1473] Fix typos in failure_app comments --- lib/devise/failure_app.rb | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 6e5cd158d1..4f7a3ddc8b 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -2,9 +2,9 @@ module Devise # Failure application that will be called every time :warden is thrown from - # any strategy or hook. Responsible for redirect the user to the sign in - # page based on current scope and mapping. If no scope is given, redirect - # to the default_url. + # any strategy or hook. It is responsible for redirecting the user to the sign + # in page based on current scope and mapping. If no scope is given, it + # redirects to the default_url. class FailureApp < ActionController::Metal include ActionController::UrlFor include ActionController::Redirecting @@ -160,12 +160,12 @@ def skip_format? %w(html */*).include? request_format.to_s end - # Choose whether we should respond in a http authentication fashion, + # Choose whether we should respond in an HTTP authentication fashion, # including 401 and optional headers. # - # This method allows the user to explicitly disable http authentication - # on ajax requests in case they want to redirect on failures instead of - # handling the errors on their own. This is useful in case your ajax API + # This method allows the user to explicitly disable HTTP authentication + # on AJAX requests in case they want to redirect on failures instead of + # handling the errors on their own. This is useful in case your AJAX API # is the same as your public API and uses a format like JSON (so you # cannot mark JSON as a navigational format). def http_auth? @@ -176,7 +176,7 @@ def http_auth? end end - # It does not make sense to send authenticate headers in ajax requests + # It doesn't make sense to send authenticate headers in AJAX requests # or if the user disabled them. def http_auth_header? scope_class.http_authenticatable && !request.xhr? @@ -225,10 +225,10 @@ def attempted_path warden_options[:attempted_path] end - # Stores requested uri to redirect the user after signing in. We cannot use - # scoped session provided by warden here, since the user is not authenticated - # yet, but we still need to store the uri based on scope, so different scopes - # would never use the same uri to redirect. + # Stores requested URI to redirect the user after signing in. We can't use + # the scoped session provided by warden here, since the user is not + # authenticated yet, but we still need to store the URI based on scope, so + # different scopes would never use the same URI to redirect. def store_location! store_location_for(scope, attempted_path) if request.get? && !http_auth? end From 9fe7040db90be1acb499d2534b077266dbf3b209 Mon Sep 17 00:00:00 2001 From: Kazuhiro NISHIYAMA Date: Sun, 4 Sep 2016 19:15:09 +0900 Subject: [PATCH 0999/1473] Use `strip_heredoc` for deprecation warnings --- lib/devise/test/controller_helpers.rb | 2 +- lib/devise/test_helpers.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index bd0d4aa189..89060e572b 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -65,7 +65,7 @@ def sign_in(resource, deprecated = nil, scope: nil) scope = resource resource = deprecated - ActiveSupport::Deprecation.warn <<-DEPRECATION + ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise. Please use sign_in(resource, scope: :#{scope}) instead. DEPRECATION diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index dc53be8282..fbaed4cd87 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -2,7 +2,7 @@ module Devise module TestHelpers def self.included(base) base.class_eval do - ActiveSupport::Deprecation.warn <<-DEPRECATION + ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise. For controller tests, please include `Devise::Test::ControllerHelpers` instead. DEPRECATION From 30405943b56faf8844f3ff228f829180adc90b7e Mon Sep 17 00:00:00 2001 From: Konstantinos Rousis Date: Tue, 13 Sep 2016 20:39:44 +0200 Subject: [PATCH 1000/1473] convert variable to symbol in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 03ae1d0282..d1121f5efe 100644 --- a/README.md +++ b/README.md @@ -447,7 +447,7 @@ tests: ```ruby sign_in @user -sign_in @user, scope: admin +sign_in @user, scope: :admin ``` If you are testing Devise internal controllers or a controller that inherits From ebf79be163c9bcc31d169f249e8182e4292679ab Mon Sep 17 00:00:00 2001 From: kami Date: Thu, 6 Oct 2016 01:05:39 +0900 Subject: [PATCH 1001/1473] Update README - Decrease stretches to 12 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d1121f5efe..18e9e36f8e 100644 --- a/README.md +++ b/README.md @@ -179,7 +179,7 @@ member_session The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with: ```ruby -devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20 +devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 12 ``` Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. This file is usually located at `/config/initializers/devise.rb`. From a9bb7d0318054ebb74d09d835927fbb377afd8bd Mon Sep 17 00:00:00 2001 From: Hiroo Takizawa Date: Sat, 24 Sep 2016 14:50:45 +0900 Subject: [PATCH 1002/1473] Update README.md change "bundle command" to the writing of "command line" --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 18e9e36f8e..ab690ffc23 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ Devise 4.0 works with Rails 4.1 onwards. You can add it to your Gemfile with: gem 'devise' ``` -Run the bundle command to install it. +Then run `bundle install` Next, you need to run the generator: From 7a44233fb9439e7cc4d1503b14f02a1d9f6da7b9 Mon Sep 17 00:00:00 2001 From: ethiraj Date: Thu, 27 Oct 2016 08:33:35 +0530 Subject: [PATCH 1003/1473] set minimum password length after user registration update --- app/controllers/devise/registrations_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 4a75e543e3..31ba0887bd 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -57,6 +57,7 @@ def update respond_with resource, location: after_update_path_for(resource) else clean_up_passwords resource + set_minimum_password_length respond_with resource end end From 3d2a908f64a70ec0377e2a6e79bd2f53f7bbd2e5 Mon Sep 17 00:00:00 2001 From: lmatiolis Date: Wed, 23 Nov 2016 17:25:44 -0200 Subject: [PATCH 1004/1473] Fix authenticatable_salt name on exception text. --- lib/devise/models/rememberable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index add55c1c46..8f32031114 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -74,7 +74,7 @@ def rememberable_value elsif respond_to?(:authenticatable_salt) && (salt = authenticatable_salt.presence) salt else - raise "authenticable_salt returned nil for the #{self.class.name} model. " \ + raise "authenticatable_salt returned nil for the #{self.class.name} model. " \ "In order to use rememberable, you must ensure a password is always set " \ "or have a remember_token column in your model or implement your own " \ "rememberable_value in the model with custom logic." From 9caae5033944e4ba6668d812703e004aaa14fc7e Mon Sep 17 00:00:00 2001 From: Felipe Bergamo Date: Sat, 10 Dec 2016 17:44:51 -0200 Subject: [PATCH 1005/1473] Replace log_process_action to append_info_to_payload --- lib/devise/controllers/helpers.rb | 10 +++++----- test/integration/authenticatable_test.rb | 12 ++++++++++++ 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 3f7cc29ca1..81d5e38551 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -10,6 +10,11 @@ module Helpers if respond_to?(:helper_method) helper_method :warden, :signed_in?, :devise_controller? end + + def append_info_to_payload(payload) + super + payload[:status] ||= 401 unless payload[:exception] + end end module ClassMethods @@ -76,11 +81,6 @@ def current_#{group_name.to_s.pluralize} end METHODS end - - def log_process_action(payload) - payload[:status] ||= 401 unless payload[:exception] - super - end end # Define authentication filters and accessor helpers based on mappings. diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 57b29aa9b1..fed62b0403 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -543,6 +543,18 @@ class AuthenticationOthersTest < Devise::IntegrationTest refute warden.authenticated?(:user) end end + + test 'not signed in should returns notification payload with 401 status' do + begin + subscriber = ActiveSupport::Notifications.subscribe /process_action.action_controller/ do |_name, _start, _finish, _id, payload| + assert_equal 401, payload[:status] + end + + get admins_path + ensure + ActiveSupport::Notifications.unsubscribe(subscriber) + end + end end class AuthenticationKeysTest < Devise::IntegrationTest From 47077bf810a573311297f881d2d4891df22219a8 Mon Sep 17 00:00:00 2001 From: Alexander Grebennik Date: Tue, 20 Dec 2016 02:14:41 +0300 Subject: [PATCH 1006/1473] fix warnings about default value with new thor --- lib/generators/devise/views_generator.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index d5d831f1de..6254fe9e40 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -139,7 +139,11 @@ class ViewsGenerator < Rails::Generators::Base default: defined?(SimpleForm) ? "simple_form_for" : "form_for" hook_for :markerb, desc: "Generate markerb instead of erb mail views", - default: defined?(Markerb) ? :markerb : :erb, + default: defined?(Markerb), + type: :boolean + + hook_for :erb, desc: "Generate erb mail views", + default: !defined?(Markerb), type: :boolean end end From 33d5335f53fc159477d08cb92f331b94fc3475ff Mon Sep 17 00:00:00 2001 From: Daniel Wiesmann Date: Thu, 19 Jan 2017 13:03:10 +0100 Subject: [PATCH 1007/1473] fix name of the module in the docs --- lib/devise/models.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 338f7e0e89..6419814de9 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -12,7 +12,7 @@ def message # Creates configuration values for Devise and for the given module. # - # Devise::Models.config(Devise::DatabaseAuthenticatable, :stretches) + # Devise::Models.config(Devise::Models::DatabaseAuthenticatable, :stretches) # # The line above creates: # From 5abdb65e5691dc9f95540c7c4a9060a30ae5cd9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?George=20Guimara=CC=83es?= Date: Sat, 4 Feb 2017 18:57:47 -0200 Subject: [PATCH 1008/1473] Deprecate mailing list --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ab690ffc23..5232fc01eb 100644 --- a/README.md +++ b/README.md @@ -43,9 +43,13 @@ https://github.com/plataformatec/devise/wiki/Bug-reports If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br. -### Mailing list +### StackOverflow and Mailing List -If you have any questions, comments, or concerns, please use the Google Group instead of the GitHub issue tracker: +If you have any questions, comments, or concerns, please use StackOverflow instead of the GitHub issue tracker: + +http://stackoverflow.com/questions/tagged/devise + +The deprecated mailing list can still be read on https://groups.google.com/group/plataformatec-devise From 6bc2db4567084bfde44161a393cb3cbf05305253 Mon Sep 17 00:00:00 2001 From: Matthew Rudy Jacobs Date: Sun, 26 Feb 2017 21:52:51 +0000 Subject: [PATCH 1009/1473] Fix Omniauth config tests --- test/omniauth/config_test.rb | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/test/omniauth/config_test.rb b/test/omniauth/config_test.rb index 86e966340b..d2d0223dcf 100644 --- a/test/omniauth/config_test.rb +++ b/test/omniauth/config_test.rb @@ -25,19 +25,21 @@ class MyStrategy assert_equal OmniAuth::Strategies::Facebook, config.strategy_class end - test "finds the strategy in OmniAuth's list by name" do - NamedTestStrategy = Class.new - NamedTestStrategy.send :include, OmniAuth::Strategy - NamedTestStrategy.option :name, :the_one + class NamedTestStrategy + include OmniAuth::Strategy + option :name, :the_one + end + test "finds the strategy in OmniAuth's list by name" do config = Devise::OmniAuth::Config.new :the_one, [{}] assert_equal NamedTestStrategy, config.strategy_class end - test "finds the strategy in OmniAuth's list by class name" do - UnNamedTestStrategy = Class.new - UnNamedTestStrategy.send :include, OmniAuth::Strategy + class UnNamedTestStrategy + include OmniAuth::Strategy + end + test "finds the strategy in OmniAuth's list by class name" do config = Devise::OmniAuth::Config.new :un_named_test_strategy, [{}] assert_equal UnNamedTestStrategy, config.strategy_class end From 6fc6a28e3b3a92b6140cdcfa6cbccdf87ab27895 Mon Sep 17 00:00:00 2001 From: Matthew Rudy Jacobs Date: Sun, 26 Feb 2017 22:05:15 +0000 Subject: [PATCH 1010/1473] Avoid the assert_equal nil deprecation warning --- test/controllers/helpers_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 0de1e19c5d..acbfe4042a 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -164,8 +164,8 @@ def setup @controller.instance_variable_set(:@current_user, user) @controller.instance_variable_set(:@current_admin, user) @controller.sign_out - assert_equal nil, @controller.instance_variable_get(:@current_user) - assert_equal nil, @controller.instance_variable_get(:@current_admin) + assert_nil @controller.instance_variable_get(:@current_user) + assert_nil @controller.instance_variable_get(:@current_admin) end test 'sign out logs out and clears up any signed in user by scope' do @@ -175,7 +175,7 @@ def setup @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true) @controller.instance_variable_set(:@current_user, user) @controller.sign_out(:user) - assert_equal nil, @controller.instance_variable_get(:@current_user) + assert_nil @controller.instance_variable_get(:@current_user) end test 'sign out accepts a resource as argument' do From 15a50dc8d7447e30c2f9780f59e23c17304c7785 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 2 Mar 2017 08:11:08 -0300 Subject: [PATCH 1011/1473] Test against latest ruby versions --- .travis.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 75015f2373..6153d63ddf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,9 +1,10 @@ language: ruby rvm: - - 2.1.9 - - 2.2.5 - - 2.3.1 + - 2.1.10 + - 2.2.6 + - 2.3.3 + - 2.4.0 - ruby-head gemfile: From fa2d333bde0508330467fbdace6e6f3c6085532c Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 2 Mar 2017 08:12:36 -0300 Subject: [PATCH 1012/1473] Update Gemfile dependencies --- Gemfile.lock | 104 +++++++++++++++++++++++++-------------------------- 1 file changed, 51 insertions(+), 53 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0bcc7598a3..7e6c689ffb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -21,54 +21,54 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.0.0) - actionpack (= 5.0.0) - nio4r (~> 1.2) + actioncable (5.0.2) + actionpack (= 5.0.2) + nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.0) - actionpack (= 5.0.0) - actionview (= 5.0.0) - activejob (= 5.0.0) + actionmailer (5.0.2) + actionpack (= 5.0.2) + actionview (= 5.0.2) + activejob (= 5.0.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.0) - actionview (= 5.0.0) - activesupport (= 5.0.0) + actionpack (5.0.2) + actionview (= 5.0.2) + activesupport (= 5.0.2) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.0) - activesupport (= 5.0.0) + actionview (5.0.2) + activesupport (= 5.0.2) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (5.0.0) - activesupport (= 5.0.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.0.2) + activesupport (= 5.0.2) globalid (>= 0.3.6) - activemodel (5.0.0) - activesupport (= 5.0.0) - activerecord (5.0.0) - activemodel (= 5.0.0) - activesupport (= 5.0.0) + activemodel (5.0.2) + activesupport (= 5.0.2) + activerecord (5.0.2) + activemodel (= 5.0.2) + activesupport (= 5.0.2) arel (~> 7.0) - activesupport (5.0.0) + activesupport (5.0.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (~> 0.7) minitest (~> 5.1) tzinfo (~> 1.1) - arel (7.0.0) + arel (7.1.4) bcrypt (3.1.11) - builder (3.2.2) - concurrent-ruby (1.0.2) + builder (3.2.3) + concurrent-ruby (1.0.5) erubis (2.7.0) faraday (0.9.2) multipart-post (>= 1.2, < 3) - globalid (0.3.6) + globalid (0.3.7) activesupport (>= 4.1.0) hashie (3.4.4) - i18n (0.7.0) + i18n (0.8.1) json (1.8.3) jwt (1.5.4) loofah (2.0.3) @@ -81,16 +81,15 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mini_portile2 (2.1.0) - minitest (5.9.0) + minitest (5.10.1) mocha (1.1.0) metaclass (~> 0.0.1) multi_json (1.12.1) multi_xml (0.5.5) multipart-post (2.0.0) - nio4r (1.2.1) - nokogiri (1.6.8) + nio4r (2.0.0) + nokogiri (1.7.0.1) mini_portile2 (~> 2.1.0) - pkg-config (~> 1.1.7) oauth2 (1.2.0) faraday (>= 0.8, < 0.10) jwt (~> 1.0) @@ -109,56 +108,55 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - pkg-config (1.1.7) rack (2.0.1) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.0) - actioncable (= 5.0.0) - actionmailer (= 5.0.0) - actionpack (= 5.0.0) - actionview (= 5.0.0) - activejob (= 5.0.0) - activemodel (= 5.0.0) - activerecord (= 5.0.0) - activesupport (= 5.0.0) + rails (5.0.2) + actioncable (= 5.0.2) + actionmailer (= 5.0.2) + actionpack (= 5.0.2) + actionview (= 5.0.2) + activejob (= 5.0.2) + activemodel (= 5.0.2) + activerecord (= 5.0.2) + activesupport (= 5.0.2) bundler (>= 1.3.0, < 2.0) - railties (= 5.0.0) + railties (= 5.0.2) sprockets-rails (>= 2.0.0) rails-controller-testing (0.1.1) actionpack (~> 5.x) actionview (~> 5.x) activesupport (~> 5.x) - rails-dom-testing (2.0.1) + rails-dom-testing (2.0.2) activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6.0) + nokogiri (~> 1.6) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (5.0.0) - actionpack (= 5.0.0) - activesupport (= 5.0.0) + railties (5.0.2) + actionpack (= 5.0.2) + activesupport (= 5.0.2) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (11.2.2) + rake (12.0.0) rdoc (4.2.2) json (~> 1.4) responders (2.2.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.6.2) + sprockets (3.7.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.1.1) + sprockets-rails (3.2.0) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.11) - thor (0.19.1) - thread_safe (0.3.5) + thor (0.19.4) + thread_safe (0.3.6) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.6) @@ -167,7 +165,7 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.6.4) + websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.2) @@ -194,4 +192,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.12.5 + 1.12.6 From c76f0e59b7c3e36cefd313a35bbf9812201d64e5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 2 Mar 2017 08:12:46 -0300 Subject: [PATCH 1013/1473] Use assert_nil to prevent minitest warnings --- test/models/recoverable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 55aa8d2a09..a1cf3b43ca 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -245,7 +245,7 @@ def setup end test 'should return nil if a user based on the raw token is not found' do - assert_equal User.with_reset_password_token('random-token'), nil + assert_nil User.with_reset_password_token('random-token') end end From bf4641c8cfd5b16526133fb71bb8600127e7a0b6 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 2 Mar 2017 09:59:05 -0300 Subject: [PATCH 1014/1473] Skip running tests on Ruby 2.4 / head and Rails 4.1 --- .travis.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6153d63ddf..5aed0c1f79 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,8 +14,12 @@ gemfile: matrix: exclude: - - rvm: 2.1.9 + - rvm: 2.1.10 gemfile: Gemfile + - rvm: 2.4.0 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: ruby-head + gemfile: gemfiles/Gemfile.rails-4.1-stable - env: DEVISE_ORM=mongoid gemfile: Gemfile allow_failures: From 70eb18d766d161438d428c62015cfc4fdb6c8724 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 6 Mar 2017 16:34:38 -0300 Subject: [PATCH 1015/1473] Notify original user email when the email changes This adds a new setting `send_email_change_notification` which will send an email to the original user email when their email is updated to a new one. It doesn't take into account the reconfirmable setting yet, it will be added next, so that if confirmable is included and reconfirmable is being used, the email will be triggered when the email change is requested, not when confirmed (e.g when we store the email in `unconfirmed_email`, not when it's later copied to `email` when that is confirmed). --- app/mailers/devise/mailer.rb | 4 ++++ app/views/devise/mailer/email_change.html.erb | 3 +++ config/locales/en.yml | 2 ++ lib/devise.rb | 6 +++++- lib/devise/models/database_authenticatable.rb | 13 ++++++++++++- lib/generators/templates/devise.rb | 5 ++++- .../templates/markerb/email_change.markerb | 3 +++ .../templates/markerb/password_change.markerb | 4 ++-- test/models/database_authenticatable_test.rb | 14 +++++++++++++- 9 files changed, 48 insertions(+), 6 deletions(-) create mode 100644 app/views/devise/mailer/email_change.html.erb create mode 100644 lib/generators/templates/markerb/email_change.markerb diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index 555b64d29f..0011a06094 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -17,6 +17,10 @@ def unlock_instructions(record, token, opts={}) devise_mail(record, :unlock_instructions, opts) end + def email_change(record, opts={}) + devise_mail(record, :email_change, opts) + end + def password_change(record, opts={}) devise_mail(record, :password_change, opts) end diff --git a/app/views/devise/mailer/email_change.html.erb b/app/views/devise/mailer/email_change.html.erb new file mode 100644 index 0000000000..8486305adc --- /dev/null +++ b/app/views/devise/mailer/email_change.html.erb @@ -0,0 +1,3 @@ +

Hello <%= @email %>!

+ +

We're contacting you to notify you that your email has been changed to <%= @resource.email %>.

diff --git a/config/locales/en.yml b/config/locales/en.yml index bd4c3ebc69..ac059bbe84 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -23,6 +23,8 @@ en: subject: "Reset password instructions" unlock_instructions: subject: "Unlock instructions" + email_change: + subject: "Email Changed" password_change: subject: "Password Changed" omniauth_callbacks: diff --git a/lib/devise.rb b/lib/devise.rb index 7819551fff..3f4f415405 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -153,7 +153,11 @@ module Test mattr_accessor :pepper @@pepper = nil - # Used to enable sending notification to user when their password is changed + # Used to send notification to the original user email when their email is changed. + mattr_accessor :send_email_change_notification + @@send_email_change_notification = false + + # Used to enable sending notification to user when their password is changed. mattr_accessor :send_password_change_notification @@send_password_change_notification = false diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 70f6460947..bda5213468 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -22,6 +22,7 @@ module DatabaseAuthenticatable extend ActiveSupport::Concern included do + after_update :send_email_change_notification, if: :send_email_change_notification? after_update :send_password_change_notification, if: :send_password_change_notification? attr_reader :password, :current_password @@ -132,6 +133,12 @@ def authenticatable_salt encrypted_password[0,29] if encrypted_password end + # Send notification to user when email changes. + def send_email_change_notification + send_devise_notification(:email_change, to: email_was) + end + + # Send notification to user when password changes. def send_password_change_notification send_devise_notification(:password_change) end @@ -147,12 +154,16 @@ def password_digest(password) Devise::Encryptor.digest(self.class, password) end + def send_email_change_notification? + self.class.send_email_change_notification && email_changed? + end + def send_password_change_notification? self.class.send_password_change_notification && encrypted_password_changed? end module ClassMethods - Devise::Models.config(self, :pepper, :stretches, :send_password_change_notification) + Devise::Models.config(self, :pepper, :stretches, :send_email_change_notification, :send_password_change_notification) # We assume this method already gets the sanitized values from the # DatabaseAuthenticatable strategy. If you are using this method on diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 4bc37ca52d..4906098771 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -110,7 +110,10 @@ # Set up a pepper to generate the hashed password. # config.pepper = '<%= SecureRandom.hex(64) %>' - # Send a notification email when the user's password is changed + # Send a notification to the original email when the user's email is changed. + # config.send_email_change_notification = false + + # Send a notification email when the user's password is changed. # config.send_password_change_notification = false # ==> Configuration for :confirmable diff --git a/lib/generators/templates/markerb/email_change.markerb b/lib/generators/templates/markerb/email_change.markerb new file mode 100644 index 0000000000..a46768b55a --- /dev/null +++ b/lib/generators/templates/markerb/email_change.markerb @@ -0,0 +1,3 @@ +Hello <%= @email %>! + +We're contacting you to notify you that your email has been changed to <%= @resource.email %>. diff --git a/lib/generators/templates/markerb/password_change.markerb b/lib/generators/templates/markerb/password_change.markerb index b41daf476a..4f9f96203a 100644 --- a/lib/generators/templates/markerb/password_change.markerb +++ b/lib/generators/templates/markerb/password_change.markerb @@ -1,3 +1,3 @@ -

Hello <%= @resource.email %>!

+Hello <%= @resource.email %>! -

We're contacting you to notify you that your password has been changed.

+We're contacting you to notify you that your password has been changed. diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index dafd7b81ce..11bd69a6f7 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -236,12 +236,24 @@ def setup end end - test 'should email on password change when configured' do + test 'should notify previous email on email change when configured' do + swap Devise, send_email_change_notification: true do + user = create_user + original_email = user.email + assert_email_sent original_email do + assert user.update_attributes(email: 'new-email@example.com') + end + assert_match original_email, ActionMailer::Base.deliveries.last.body.encoded + end + end + + test 'should notify email on password change when configured' do swap Devise, send_password_change_notification: true do user = create_user assert_email_sent user.email do assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') end + assert_match user.email, ActionMailer::Base.deliveries.last.body.encoded end end From 8387cc947459486d6b758e35a07b0c054334d451 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 6 Mar 2017 17:07:55 -0300 Subject: [PATCH 1016/1473] When using reconfirmable, notify the original email about the change right away Do not wait for the email change to be confirmed by the "unconfirmed email" with reconfirmable: notify the original email right away. --- lib/devise/models/confirmable.rb | 10 ++++++++++ test/models/confirmable_test.rb | 17 +++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index ffd20f94d5..9dea39336a 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -277,6 +277,16 @@ def send_confirmation_notification? confirmation_required? && !@skip_confirmation_notification && self.email.present? end + # With reconfirmable, notify the original email when the user first + # requests the email change, instead of when the change is confirmed. + def send_email_change_notification? + if self.class.reconfirmable + self.class.send_email_change_notification && reconfirmation_required? + else + super + end + end + # A callback initiated after successfully confirming. This can be # used to insert your own logic that is only run after the user successfully # confirms. diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index c67f012776..2e566abd6f 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -516,4 +516,21 @@ class Admin::WithSaveInCallback < Admin admin.save assert admin.pending_reconfirmation? end + + test 'should notify previous email on email change when configured' do + swap Devise, send_email_change_notification: true do + admin = create_admin + original_email = admin.email + + assert_difference 'ActionMailer::Base.deliveries.size', 2 do + assert admin.update_attributes(email: 'new-email@example.com') + end + assert_equal original_email, ActionMailer::Base.deliveries[-2]['to'].to_s + assert_equal 'new-email@example.com', ActionMailer::Base.deliveries[-1]['to'].to_s + + assert_email_not_sent do + assert admin.confirm + end + end + end end From 0a9e2c961f834bb99ef107d95c8562dd6953a53e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 6 Mar 2017 17:20:55 -0300 Subject: [PATCH 1017/1473] Add changelog entry for new email change notification feature [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index df8049142a..567d132367 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ * removals * `Devise::Mailer#scope_name` and `Devise::Mailer#resource` are now protected methods instead of public. +* enhancements + * Notify the original email when it is changed with a new `Devise.send_email_change_notification` setting. + When using `reconfirmable`, the notification will be sent right away instead of when the unconfirmed email is confirmed. + (original change by @ethirajsrinivasan) ### 4.2.0 - 2016-07-01 From d7f6855ad86eda7249616a23bf5e2ed82835846a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 6 Mar 2017 17:33:34 -0300 Subject: [PATCH 1018/1473] Add some docs to the send email/password notification settings [ci skip] --- lib/devise/models/confirmable.rb | 4 +++- lib/devise/models/database_authenticatable.rb | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 9dea39336a..f5ad5bce67 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -26,7 +26,9 @@ module Models # initial account confirmation) to be applied. Requires additional unconfirmed_email # db field to be set up (t.reconfirmable in migrations). Until confirmed, new email is # stored in unconfirmed email column, and copied to email column on successful - # confirmation. + # confirmation. Also, when used in conjunction with `send_email_change_notification`, + # the notification is sent to the original email when the change is requested, + # not when the unconfirmed email is confirmed. # * +confirm_within+: the time before a sent confirmation token becomes invalid. # You can use this to force the user to confirm within a set period of time. # Confirmable will not generate a new token if a repeat confirmation is requested diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index bda5213468..7494a31b12 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -14,6 +14,10 @@ module Models # # * +stretches+: the cost given to bcrypt. # + # * +send_email_change_notification+: notify original email when it changes. + # + # * +send_password_change_notification+: notify email when password changes. + # # == Examples # # User.find(1).valid_password?('password123') # returns true/false From a3d31778c2421156af59ac1df500625182d5f564 Mon Sep 17 00:00:00 2001 From: Joel Bryan Juliano Date: Wed, 8 Mar 2017 19:36:41 +0800 Subject: [PATCH 1019/1473] Confirmation link validity is wrong in different time zone Due to time zone difference, the confirmation link in email is invalid, this can be solved by using UTC for Time.now for confirmation_period_expired? --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index ffd20f94d5..404da8d982 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -223,7 +223,7 @@ def confirmation_period_valid? # confirmation_period_expired? # will always return false # def confirmation_period_expired? - self.class.confirm_within && self.confirmation_sent_at && (Time.now > self.confirmation_sent_at + self.class.confirm_within) + self.class.confirm_within && self.confirmation_sent_at && (Time.now.utc > self.confirmation_sent_at + self.class.confirm_within) end # Checks whether the record requires any confirmation. From 2135ae5e5e3c0256480343e36c0015b1e0931bc7 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 10 Mar 2017 08:56:33 -0300 Subject: [PATCH 1020/1473] Change email_change => email_changed notification This better indicates what the setting is for, and when it's supposed to be triggered. We might eventually deprecate the existing password_change on in favor of password_changed. --- CHANGELOG.md | 2 +- app/mailers/devise/mailer.rb | 4 ++-- ...mail_change.html.erb => email_changed.html.erb} | 0 config/locales/en.yml | 2 +- lib/devise.rb | 4 ++-- lib/devise/models/confirmable.rb | 6 +++--- lib/devise/models/database_authenticatable.rb | 14 +++++++------- lib/generators/templates/devise.rb | 2 +- ...{email_change.markerb => email_changed.markerb} | 0 test/models/confirmable_test.rb | 2 +- test/models/database_authenticatable_test.rb | 2 +- 11 files changed, 19 insertions(+), 19 deletions(-) rename app/views/devise/mailer/{email_change.html.erb => email_changed.html.erb} (100%) rename lib/generators/templates/markerb/{email_change.markerb => email_changed.markerb} (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 567d132367..9ae4f02132 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ * `Devise::Mailer#scope_name` and `Devise::Mailer#resource` are now protected methods instead of public. * enhancements - * Notify the original email when it is changed with a new `Devise.send_email_change_notification` setting. + * Notify the original email when it is changed with a new `Devise.send_email_changed_notification` setting. When using `reconfirmable`, the notification will be sent right away instead of when the unconfirmed email is confirmed. (original change by @ethirajsrinivasan) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index 0011a06094..857a8bc69b 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -17,8 +17,8 @@ def unlock_instructions(record, token, opts={}) devise_mail(record, :unlock_instructions, opts) end - def email_change(record, opts={}) - devise_mail(record, :email_change, opts) + def email_changed(record, opts={}) + devise_mail(record, :email_changed, opts) end def password_change(record, opts={}) diff --git a/app/views/devise/mailer/email_change.html.erb b/app/views/devise/mailer/email_changed.html.erb similarity index 100% rename from app/views/devise/mailer/email_change.html.erb rename to app/views/devise/mailer/email_changed.html.erb diff --git a/config/locales/en.yml b/config/locales/en.yml index ac059bbe84..0b8f130278 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -23,7 +23,7 @@ en: subject: "Reset password instructions" unlock_instructions: subject: "Unlock instructions" - email_change: + email_changed: subject: "Email Changed" password_change: subject: "Password Changed" diff --git a/lib/devise.rb b/lib/devise.rb index 3f4f415405..2262c9b89b 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -154,8 +154,8 @@ module Test @@pepper = nil # Used to send notification to the original user email when their email is changed. - mattr_accessor :send_email_change_notification - @@send_email_change_notification = false + mattr_accessor :send_email_changed_notification + @@send_email_changed_notification = false # Used to enable sending notification to user when their password is changed. mattr_accessor :send_password_change_notification diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index f5ad5bce67..3b4bdd6089 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -26,7 +26,7 @@ module Models # initial account confirmation) to be applied. Requires additional unconfirmed_email # db field to be set up (t.reconfirmable in migrations). Until confirmed, new email is # stored in unconfirmed email column, and copied to email column on successful - # confirmation. Also, when used in conjunction with `send_email_change_notification`, + # confirmation. Also, when used in conjunction with `send_email_changed_notification`, # the notification is sent to the original email when the change is requested, # not when the unconfirmed email is confirmed. # * +confirm_within+: the time before a sent confirmation token becomes invalid. @@ -281,9 +281,9 @@ def send_confirmation_notification? # With reconfirmable, notify the original email when the user first # requests the email change, instead of when the change is confirmed. - def send_email_change_notification? + def send_email_changed_notification? if self.class.reconfirmable - self.class.send_email_change_notification && reconfirmation_required? + self.class.send_email_changed_notification && reconfirmation_required? else super end diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 7494a31b12..bb8ea50bc1 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -14,7 +14,7 @@ module Models # # * +stretches+: the cost given to bcrypt. # - # * +send_email_change_notification+: notify original email when it changes. + # * +send_email_changed_notification+: notify original email when it changes. # # * +send_password_change_notification+: notify email when password changes. # @@ -26,7 +26,7 @@ module DatabaseAuthenticatable extend ActiveSupport::Concern included do - after_update :send_email_change_notification, if: :send_email_change_notification? + after_update :send_email_changed_notification, if: :send_email_changed_notification? after_update :send_password_change_notification, if: :send_password_change_notification? attr_reader :password, :current_password @@ -138,8 +138,8 @@ def authenticatable_salt end # Send notification to user when email changes. - def send_email_change_notification - send_devise_notification(:email_change, to: email_was) + def send_email_changed_notification + send_devise_notification(:email_changed, to: email_was) end # Send notification to user when password changes. @@ -158,8 +158,8 @@ def password_digest(password) Devise::Encryptor.digest(self.class, password) end - def send_email_change_notification? - self.class.send_email_change_notification && email_changed? + def send_email_changed_notification? + self.class.send_email_changed_notification && email_changed? end def send_password_change_notification? @@ -167,7 +167,7 @@ def send_password_change_notification? end module ClassMethods - Devise::Models.config(self, :pepper, :stretches, :send_email_change_notification, :send_password_change_notification) + Devise::Models.config(self, :pepper, :stretches, :send_email_changed_notification, :send_password_change_notification) # We assume this method already gets the sanitized values from the # DatabaseAuthenticatable strategy. If you are using this method on diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 4906098771..e3d9ede77d 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -111,7 +111,7 @@ # config.pepper = '<%= SecureRandom.hex(64) %>' # Send a notification to the original email when the user's email is changed. - # config.send_email_change_notification = false + # config.send_email_changed_notification = false # Send a notification email when the user's password is changed. # config.send_password_change_notification = false diff --git a/lib/generators/templates/markerb/email_change.markerb b/lib/generators/templates/markerb/email_changed.markerb similarity index 100% rename from lib/generators/templates/markerb/email_change.markerb rename to lib/generators/templates/markerb/email_changed.markerb diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 2e566abd6f..e0f08cc001 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -518,7 +518,7 @@ class Admin::WithSaveInCallback < Admin end test 'should notify previous email on email change when configured' do - swap Devise, send_email_change_notification: true do + swap Devise, send_email_changed_notification: true do admin = create_admin original_email = admin.email diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 11bd69a6f7..a5c7c77fa5 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -237,7 +237,7 @@ def setup end test 'should notify previous email on email change when configured' do - swap Devise, send_email_change_notification: true do + swap Devise, send_email_changed_notification: true do user = create_user original_email = user.email assert_email_sent original_email do From c6057588008c5c81b1ac0611c7e461fe599832e6 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 10 Mar 2017 09:10:57 -0300 Subject: [PATCH 1021/1473] Add some basic tests for the email changed notification --- test/mailers/email_changed_test.rb | 90 ++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 test/mailers/email_changed_test.rb diff --git a/test/mailers/email_changed_test.rb b/test/mailers/email_changed_test.rb new file mode 100644 index 0000000000..e473eebdfb --- /dev/null +++ b/test/mailers/email_changed_test.rb @@ -0,0 +1,90 @@ +require 'test_helper' + +class EmailChangedTest < ActionMailer::TestCase + def setup + setup_mailer + Devise.mailer = 'Devise::Mailer' + Devise.mailer_sender = 'test@example.com' + Devise.send_email_changed_notification = true + end + + def teardown + Devise.mailer = 'Devise::Mailer' + Devise.mailer_sender = 'please-change-me@config-initializers-devise.com' + Devise.send_email_changed_notification = false + end + + def user + @user ||= create_user.tap { |u| + @original_user_email = u.email + u.update_attributes!(email: 'new-email@example.com') + } + end + + def mail + @mail ||= begin + user + ActionMailer::Base.deliveries.last + end + end + + test 'email sent after changing the user email' do + assert_not_nil mail + end + + test 'content type should be set to html' do + assert mail.content_type.include?('text/html') + end + + test 'send email changed to the original user email' do + mail + assert_equal [@original_user_email], mail.to + end + + test 'set up sender from configuration' do + assert_equal ['test@example.com'], mail.from + end + + test 'set up sender from custom mailer defaults' do + Devise.mailer = 'Users::Mailer' + assert_equal ['custom@example.com'], mail.from + end + + test 'set up sender from custom mailer defaults with proc' do + Devise.mailer = 'Users::FromProcMailer' + assert_equal ['custom@example.com'], mail.from + end + + test 'custom mailer renders parent mailer template' do + Devise.mailer = 'Users::Mailer' + assert_present mail.body.encoded + end + + test 'set up reply to as copy from sender' do + assert_equal ['test@example.com'], mail.reply_to + end + + test 'set up reply to as different if set in defaults' do + Devise.mailer = 'Users::ReplyToMailer' + assert_equal ['custom@example.com'], mail.from + assert_equal ['custom_reply_to@example.com'], mail.reply_to + end + + test 'set up subject from I18n' do + store_translations :en, devise: { mailer: { email_changed: { subject: 'Email Has Changed' } } } do + assert_equal 'Email Has Changed', mail.subject + end + end + + test 'subject namespaced by model' do + store_translations :en, devise: { mailer: { email_changed: { user_subject: 'User Email Has Changed' } } } do + assert_equal 'User Email Has Changed', mail.subject + end + end + + test 'body should have user info' do + body = mail.body.encoded + assert_match @original_user_email, body + assert_match user.email, body + end +end From 60dc4be8c10d5af9d185e62e9a943e5dfb2ec9a2 Mon Sep 17 00:00:00 2001 From: victor-am Date: Mon, 6 Mar 2017 17:57:32 -0300 Subject: [PATCH 1022/1473] Fix absent password params from Password#update Related to issue #4397 This hotfix adds a string coercion to new_password paramenters when trying to reset an user's password. Before that, when a user submitted a password recovery form with the new_password and new_password_confirmation params as nil, Devise would sign in the user with a success notice but without actually changing the password. --- lib/devise/models/recoverable.rb | 12 ++++++++---- test/models/recoverable_test.rb | 10 ++++++++++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index e1e8ed8f1d..14c33d6e8e 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -33,10 +33,14 @@ def self.required_fields(klass) # Update password saving the record and clearing token. Returns true if # the passwords are valid and the record was saved, false otherwise. def reset_password(new_password, new_password_confirmation) - self.password = new_password - self.password_confirmation = new_password_confirmation - - save + if new_password.present? + self.password = new_password + self.password_confirmation = new_password_confirmation + save + else + errors.add(:password, :blank) + false + end end # Resets reset password token and send reset password instructions by email. diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index a1cf3b43ca..96b36187d7 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -184,6 +184,16 @@ def setup assert_equal raw, reset_password_user.reset_password_token end + test 'should return a new record with errors if password is not provided' do + user = create_user + raw = user.send_reset_password_instructions + + reset_password_user = User.reset_password_by_token(reset_password_token: raw) + refute reset_password_user.errors.empty? + assert_match "can't be blank", reset_password_user.errors[:password].join + assert_equal raw, reset_password_user.reset_password_token + end + test 'should reset successfully user password given the new password and confirmation' do user = create_user old_password = user.password From bacd9d244cdf223b1fe080fa01b8c5bfc0b7a181 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 15 Mar 2017 10:22:01 -0300 Subject: [PATCH 1023/1473] Ensure both times are UTC when validating the confirmation period The fact that we're setting them value as UTC doesn't necessarily mean we're gonna get it back as UTC, so ensure both are converted to compare. --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 3450b976e1..7c0ef02fff 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -225,7 +225,7 @@ def confirmation_period_valid? # confirmation_period_expired? # will always return false # def confirmation_period_expired? - self.class.confirm_within && self.confirmation_sent_at && (Time.now.utc > self.confirmation_sent_at + self.class.confirm_within) + self.class.confirm_within && self.confirmation_sent_at && (Time.now.utc > self.confirmation_sent_at.utc + self.class.confirm_within) end # Checks whether the record requires any confirmation. From 32f63b2fb9ad7bb230906adb6825c6cf64d6a22c Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 15 Mar 2017 10:31:00 -0300 Subject: [PATCH 1024/1473] Bundle update --- Gemfile.lock | 37 ++++--- gemfiles/Gemfile.rails-4.1-stable.lock | 131 ++++++++++++------------ gemfiles/Gemfile.rails-4.2-stable.lock | 133 ++++++++++++------------- 3 files changed, 145 insertions(+), 156 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7e6c689ffb..184d9f747a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,9 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: 570ee7ed33d60e44ca1f3ccbec3d1fbf61d52cbf + revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531 specs: activemodel-serializers-xml (1.0.1) activemodel (> 5.x) - activerecord (> 5.x) activesupport (> 5.x) builder (~> 3.1) @@ -63,14 +62,13 @@ GEM builder (3.2.3) concurrent-ruby (1.0.5) erubis (2.7.0) - faraday (0.9.2) + faraday (0.11.0) multipart-post (>= 1.2, < 3) globalid (0.3.7) activesupport (>= 4.1.0) - hashie (3.4.4) + hashie (3.5.5) i18n (0.8.1) - json (1.8.3) - jwt (1.5.4) + jwt (1.5.6) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.4) @@ -82,24 +80,24 @@ GEM mime-types-data (3.2016.0521) mini_portile2 (2.1.0) minitest (5.10.1) - mocha (1.1.0) + mocha (1.2.1) metaclass (~> 0.0.1) multi_json (1.12.1) - multi_xml (0.5.5) + multi_xml (0.6.0) multipart-post (2.0.0) nio4r (2.0.0) nokogiri (1.7.0.1) mini_portile2 (~> 2.1.0) - oauth2 (1.2.0) - faraday (>= 0.8, < 0.10) + oauth2 (1.3.1) + faraday (>= 0.8, < 0.12) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.3.1) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) - omniauth-facebook (3.0.0) + omniauth (1.6.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) + omniauth-facebook (4.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) @@ -126,7 +124,7 @@ GEM bundler (>= 1.3.0, < 2.0) railties (= 5.0.2) sprockets-rails (>= 2.0.0) - rails-controller-testing (0.1.1) + rails-controller-testing (1.0.1) actionpack (~> 5.x) actionview (~> 5.x) activesupport (~> 5.x) @@ -142,9 +140,8 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (12.0.0) - rdoc (4.2.2) - json (~> 1.4) - responders (2.2.0) + rdoc (5.1.0) + responders (2.3.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) sprockets (3.7.1) @@ -154,12 +151,12 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.11) + sqlite3 (1.3.13) thor (0.19.4) thread_safe (0.3.6) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.6) + warden (1.2.7) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 6db57394cd..096fcbd2ba 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,49 +1,22 @@ GIT remote: git://github.com/rails/rails.git - revision: 9f5cbe613c8a80282970c73b0f00095788d54e34 + revision: 0cad778c2605a5204a05a9f1dbd3344e39f248d8 branch: 4-1-stable specs: - actionmailer (4.1.15) - actionpack (= 4.1.15) - actionview (= 4.1.15) + actionmailer (4.1.16) + actionpack (= 4.1.16) + actionview (= 4.1.16) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.15) - actionview (= 4.1.15) - activesupport (= 4.1.15) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - actionview (4.1.15) - activesupport (= 4.1.15) - builder (~> 3.1) - erubis (~> 2.7.0) - activemodel (4.1.15) - activesupport (= 4.1.15) - builder (~> 3.1) - activerecord (4.1.15) - activemodel (= 4.1.15) - activesupport (= 4.1.15) - arel (~> 5.0.0) - activesupport (4.1.15) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.1) - tzinfo (~> 1.1) - rails (4.1.15) - actionmailer (= 4.1.15) - actionpack (= 4.1.15) - actionview (= 4.1.15) - activemodel (= 4.1.15) - activerecord (= 4.1.15) - activesupport (= 4.1.15) + rails (4.1.16) + actionmailer (= 4.1.16) + actionpack (= 4.1.16) + actionview (= 4.1.16) + activemodel (= 4.1.16) + activerecord (= 4.1.16) + activesupport (= 4.1.16) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.15) + railties (= 4.1.16) sprockets-rails (~> 2.0) - railties (4.1.15) - actionpack (= 4.1.15) - activesupport (= 4.1.15) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) PATH remote: .. @@ -58,19 +31,41 @@ PATH GEM remote: https://rubygems.org/ specs: + actionpack (4.1.16) + actionview (= 4.1.16) + activesupport (= 4.1.16) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + actionview (4.1.16) + activesupport (= 4.1.16) + builder (~> 3.1) + erubis (~> 2.7.0) + activemodel (4.1.16) + activesupport (= 4.1.16) + builder (~> 3.1) + activerecord (4.1.16) + activemodel (= 4.1.16) + activesupport (= 4.1.16) + arel (~> 5.0.0) + activesupport (4.1.16) + i18n (~> 0.6, >= 0.6.9) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) + thread_safe (~> 0.1) + tzinfo (~> 1.1) arel (5.0.1.20140414130214) bcrypt (3.1.11) bson (3.2.6) - builder (3.2.2) - concurrent-ruby (1.0.2) - connection_pool (2.2.0) + builder (3.2.3) + concurrent-ruby (1.0.5) + connection_pool (2.2.1) erubis (2.7.0) - faraday (0.9.2) + faraday (0.11.0) multipart-post (>= 1.2, < 3) - hashie (3.4.4) - i18n (0.7.0) - json (1.8.3) - jwt (1.5.4) + hashie (3.5.5) + i18n (0.8.1) + json (1.8.6) + jwt (1.5.6) mail (2.6.4) mime-types (>= 1.16, < 4) metaclass (0.0.4) @@ -78,8 +73,8 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mini_portile2 (2.1.0) - minitest (5.9.0) - mocha (1.1.0) + minitest (5.10.1) + mocha (1.2.1) metaclass (~> 0.0.1) mongoid (4.0.2) activemodel (~> 4.0) @@ -91,21 +86,20 @@ GEM connection_pool (~> 2.0) optionable (~> 0.2.0) multi_json (1.12.1) - multi_xml (0.5.5) + multi_xml (0.6.0) multipart-post (2.0.0) - nokogiri (1.6.8) + nokogiri (1.7.0.1) mini_portile2 (~> 2.1.0) - pkg-config (~> 1.1.7) - oauth2 (1.2.0) - faraday (>= 0.8, < 0.10) + oauth2 (1.3.1) + faraday (>= 0.8, < 0.12) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.3.1) + omniauth (1.4.2) hashie (>= 1.2, < 4) rack (>= 1.0, < 3) - omniauth-facebook (3.0.0) + omniauth-facebook (4.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) @@ -114,36 +108,39 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.2.0) + origin (2.3.0) orm_adapter (0.5.0) - pkg-config (1.1.7) rack (1.5.5) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rake (11.2.2) - rdoc (4.2.2) - json (~> 1.4) + railties (4.1.16) + actionpack (= 4.1.16) + activesupport (= 4.1.16) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (12.0.0) + rdoc (5.1.0) responders (1.1.2) railties (>= 3.2, < 4.2) ruby-openid (2.7.0) - sprockets (3.6.2) + sprockets (3.7.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.11) + sqlite3 (1.3.13) test_after_commit (1.1.0) activerecord (>= 3.2) - thor (0.19.1) - thread_safe (0.3.5) + thor (0.19.4) + thread_safe (0.3.6) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.6) + warden (1.2.7) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) @@ -171,4 +168,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.12.5 + 1.12.6 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 85494014a7..0c8eb79a9d 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,57 +1,56 @@ GIT remote: git://github.com/rails/rails.git - revision: 5a85938418285ab81e3db52ea102d19f95ed7a94 + revision: dc3ae21802c316e1639239d28202db7aa7fb7cac branch: 4-2-stable specs: - actionmailer (4.2.7.rc1) - actionpack (= 4.2.7.rc1) - actionview (= 4.2.7.rc1) - activejob (= 4.2.7.rc1) + actionmailer (4.2.8) + actionpack (= 4.2.8) + actionview (= 4.2.8) + activejob (= 4.2.8) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.7.rc1) - actionview (= 4.2.7.rc1) - activesupport (= 4.2.7.rc1) + actionpack (4.2.8) + actionview (= 4.2.8) + activesupport (= 4.2.8) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.7.rc1) - activesupport (= 4.2.7.rc1) + actionview (4.2.8) + activesupport (= 4.2.8) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activejob (4.2.7.rc1) - activesupport (= 4.2.7.rc1) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (4.2.8) + activesupport (= 4.2.8) globalid (>= 0.3.0) - activemodel (4.2.7.rc1) - activesupport (= 4.2.7.rc1) + activemodel (4.2.8) + activesupport (= 4.2.8) builder (~> 3.1) - activerecord (4.2.7.rc1) - activemodel (= 4.2.7.rc1) - activesupport (= 4.2.7.rc1) + activerecord (4.2.8) + activemodel (= 4.2.8) + activesupport (= 4.2.8) arel (~> 6.0) - activesupport (4.2.7.rc1) + activesupport (4.2.8) i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - rails (4.2.7.rc1) - actionmailer (= 4.2.7.rc1) - actionpack (= 4.2.7.rc1) - actionview (= 4.2.7.rc1) - activejob (= 4.2.7.rc1) - activemodel (= 4.2.7.rc1) - activerecord (= 4.2.7.rc1) - activesupport (= 4.2.7.rc1) + rails (4.2.8) + actionmailer (= 4.2.8) + actionpack (= 4.2.8) + actionview (= 4.2.8) + activejob (= 4.2.8) + activemodel (= 4.2.8) + activerecord (= 4.2.8) + activesupport (= 4.2.8) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.7.rc1) + railties (= 4.2.8) sprockets-rails - railties (4.2.7.rc1) - actionpack (= 4.2.7.rc1) - activesupport (= 4.2.7.rc1) + railties (4.2.8) + actionpack (= 4.2.8) + activesupport (= 4.2.8) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -68,21 +67,20 @@ PATH GEM remote: https://rubygems.org/ specs: - arel (6.0.3) + arel (6.0.4) bcrypt (3.1.11) bson (3.2.6) - builder (3.2.2) - concurrent-ruby (1.0.2) - connection_pool (2.2.0) + builder (3.2.3) + concurrent-ruby (1.0.5) + connection_pool (2.2.1) erubis (2.7.0) - faraday (0.9.2) + faraday (0.11.0) multipart-post (>= 1.2, < 3) - globalid (0.3.6) + globalid (0.3.7) activesupport (>= 4.1.0) - hashie (3.4.4) - i18n (0.7.0) - json (1.8.3) - jwt (1.5.4) + hashie (3.5.5) + i18n (0.8.1) + jwt (1.5.6) loofah (2.0.3) nokogiri (>= 1.5.9) mail (2.6.4) @@ -92,8 +90,8 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mini_portile2 (2.1.0) - minitest (5.9.0) - mocha (1.1.0) + minitest (5.10.1) + mocha (1.2.1) metaclass (~> 0.0.1) mongoid (4.0.2) activemodel (~> 4.0) @@ -105,21 +103,20 @@ GEM connection_pool (~> 2.0) optionable (~> 0.2.0) multi_json (1.12.1) - multi_xml (0.5.5) + multi_xml (0.6.0) multipart-post (2.0.0) - nokogiri (1.6.8) + nokogiri (1.7.0.1) mini_portile2 (~> 2.1.0) - pkg-config (~> 1.1.7) - oauth2 (1.2.0) - faraday (>= 0.8, < 0.10) + oauth2 (1.3.1) + faraday (>= 0.8, < 0.12) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.3.1) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) - omniauth-facebook (3.0.0) + omniauth (1.6.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) + omniauth-facebook (4.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.4.0) oauth2 (~> 1.0) @@ -128,10 +125,9 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.2.0) + origin (2.3.0) orm_adapter (0.5.0) - pkg-config (1.1.7) - rack (1.6.4) + rack (1.6.5) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -139,33 +135,32 @@ GEM rack (>= 1.0) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) + rails-dom-testing (1.0.8) activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) + nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - rake (11.2.2) - rdoc (4.2.2) - json (~> 1.4) - responders (2.2.0) + rake (12.0.0) + rdoc (5.1.0) + responders (2.3.0) railties (>= 4.2.0, < 5.1) ruby-openid (2.7.0) - sprockets (3.6.2) + sprockets (3.7.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.1.1) + sprockets-rails (3.2.0) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.11) + sqlite3 (1.3.13) test_after_commit (1.1.0) activerecord (>= 3.2) - thor (0.19.1) - thread_safe (0.3.5) + thor (0.19.4) + thread_safe (0.3.6) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.6) + warden (1.2.7) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) @@ -193,4 +188,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.12.5 + 1.12.6 From ce071502eeb5c5c5199436f6694bfb6103010c4a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 15 Mar 2017 11:47:47 -0300 Subject: [PATCH 1025/1473] Display unconfirmed email when using reconfirmable and email changed notification Otherwise we'd be mistakenly displaying the original email in the message (which is the same we're sending the message to). Also tweak the messaging a bit in this case, to show that the email "is being changed" (the change hasn't taken effect yet). Related to #4455. --- .../devise/mailer/email_changed.html.erb | 6 ++- .../templates/markerb/email_changed.markerb | 4 ++ test/mailers/email_changed_test.rb | 44 ++++++++++++++++++- 3 files changed, 51 insertions(+), 3 deletions(-) diff --git a/app/views/devise/mailer/email_changed.html.erb b/app/views/devise/mailer/email_changed.html.erb index 8486305adc..32f4ba8038 100644 --- a/app/views/devise/mailer/email_changed.html.erb +++ b/app/views/devise/mailer/email_changed.html.erb @@ -1,3 +1,7 @@

Hello <%= @email %>!

-

We're contacting you to notify you that your email has been changed to <%= @resource.email %>.

+<% if @resource.try(:unconfirmed_email?) %> +

We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.

+<% else %> +

We're contacting you to notify you that your email has been changed to <%= @resource.email %>.

+<% end %> diff --git a/lib/generators/templates/markerb/email_changed.markerb b/lib/generators/templates/markerb/email_changed.markerb index a46768b55a..5416b2a534 100644 --- a/lib/generators/templates/markerb/email_changed.markerb +++ b/lib/generators/templates/markerb/email_changed.markerb @@ -1,3 +1,7 @@ Hello <%= @email %>! +<% if @resource.try(:unconfirmed_email?) %> +We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>. +<% else %> We're contacting you to notify you that your email has been changed to <%= @resource.email %>. +<% end %> diff --git a/test/mailers/email_changed_test.rb b/test/mailers/email_changed_test.rb index e473eebdfb..f3578297a7 100644 --- a/test/mailers/email_changed_test.rb +++ b/test/mailers/email_changed_test.rb @@ -84,7 +84,47 @@ def mail test 'body should have user info' do body = mail.body.encoded - assert_match @original_user_email, body - assert_match user.email, body + assert_match "Hello #{@original_user_email}", body + assert_match "has been changed to #{user.email}", body + end +end + +class EmailChangedReconfirmationTest < ActionMailer::TestCase + def setup + setup_mailer + Devise.mailer = 'Devise::Mailer' + Devise.mailer_sender = 'test@example.com' + Devise.send_email_changed_notification = true + end + + def teardown + Devise.mailer = 'Devise::Mailer' + Devise.mailer_sender = 'please-change-me@config-initializers-devise.com' + Devise.send_email_changed_notification = false + end + + def admin + @admin ||= create_admin.tap { |u| + @original_admin_email = u.email + u.update_attributes!(email: 'new-email@example.com') + } + end + + def mail + @mail ||= begin + admin + ActionMailer::Base.deliveries[-2] + end + end + + test 'send email changed to the original user email' do + mail + assert_equal [@original_admin_email], mail.to + end + + test 'body should have unconfirmed user info' do + body = mail.body.encoded + assert_match admin.email, body + assert_match "is being changed to #{admin.unconfirmed_email}", body end end From 7d3d6fb3f04caea95e343956a88654f753b45af4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 15 Mar 2017 10:48:48 -0300 Subject: [PATCH 1026/1473] Release 4.2.1 --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- lib/devise/version.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2aeab6fcdc..d402fcac2b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 4.2.1 - 2017-03-15 * removals * `Devise::Mailer#scope_name` and `Devise::Mailer#resource` are now protected diff --git a/Gemfile.lock b/Gemfile.lock index 184d9f747a..2cc6fa5f41 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.2.0) + devise (4.2.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 096fcbd2ba..31a31fd635 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,7 +21,7 @@ GIT PATH remote: .. specs: - devise (4.2.0) + devise (4.2.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 0c8eb79a9d..2e3757c03d 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.2.0) + devise (4.2.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.1) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 0c77195a2a..b6ddb34517 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.2.0".freeze + VERSION = "4.2.1".freeze end From 244c22a6a2a225b30e6a065da38dbf0cd08a3e33 Mon Sep 17 00:00:00 2001 From: Jason Luo Date: Fri, 7 Apr 2017 22:36:22 +0800 Subject: [PATCH 1027/1473] Update copyright year to 2017 --- MIT-LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 33f3243371..73b88e91c8 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2009-2016 Plataformatec. http://plataformatec.com.br +Copyright 2009-2017 Plataformatec. http://plataformatec.com.br Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the From 6eb412efae632aadfd2580776b13492c6fa62a89 Mon Sep 17 00:00:00 2001 From: Felipe Bergamo Date: Mon, 24 Apr 2017 18:38:49 -0300 Subject: [PATCH 1028/1473] Typo test doc --- test/integration/authenticatable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index fed62b0403..e3e33f5adc 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -544,7 +544,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest end end - test 'not signed in should returns notification payload with 401 status' do + test 'not signed in should return notification payload with 401 status' do begin subscriber = ActiveSupport::Notifications.subscribe /process_action.action_controller/ do |_name, _start, _finish, _id, payload| assert_equal 401, payload[:status] From 31774452e813ee0f8cc0344d814b9389b426cf75 Mon Sep 17 00:00:00 2001 From: Stefan Hartmann Date: Tue, 25 Apr 2017 16:19:20 -0400 Subject: [PATCH 1029/1473] update rake reference to rails --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5232fc01eb..d60711866b 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ $ rails generate devise MODEL Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. -Then run `rake db:migrate` +Then run `rails db:migrate` You should restart your application after changing Devise's configuration options. Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined. From 36613b09d7de74228556a68e497377eed7a28a75 Mon Sep 17 00:00:00 2001 From: Matthew Rudy Jacobs Date: Sun, 26 Feb 2017 17:58:38 +0000 Subject: [PATCH 1030/1473] Allow Rails 5.1 --- .travis.yml | 5 + Gemfile.lock | 6 +- devise.gemspec | 2 +- gemfiles/Gemfile.rails-5.1-stable | 32 ++++ gemfiles/Gemfile.rails-5.1-stable.lock | 196 +++++++++++++++++++++++++ 5 files changed, 237 insertions(+), 4 deletions(-) create mode 100644 gemfiles/Gemfile.rails-5.1-stable create mode 100644 gemfiles/Gemfile.rails-5.1-stable.lock diff --git a/.travis.yml b/.travis.yml index 5aed0c1f79..f8c170b052 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,7 @@ rvm: gemfile: - Gemfile + - gemfiles/Gemfile.rails-5.1-stable - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable @@ -20,8 +21,12 @@ matrix: gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.1-stable - env: DEVISE_ORM=mongoid gemfile: Gemfile + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.1-stable allow_failures: - rvm: ruby-head services: diff --git a/Gemfile.lock b/Gemfile.lock index 7e6c689ffb..6c1bb99c52 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -14,7 +14,7 @@ PATH devise (4.2.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.1) + railties (>= 4.1.0, < 5.2) responders warden (~> 1.2.3) @@ -159,7 +159,7 @@ GEM thread_safe (0.3.6) tzinfo (1.2.2) thread_safe (~> 0.1) - warden (1.2.6) + warden (1.2.7) rack (>= 1.0) webrat (0.7.3) nokogiri (>= 1.2.0) @@ -192,4 +192,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.12.6 + 1.13.7 diff --git a/devise.gemspec b/devise.gemspec index a66f97a74f..3e67230b12 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -21,6 +21,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 4.1.0", "< 5.1") + s.add_dependency("railties", ">= 4.1.0", "< 5.2") s.add_dependency("responders") end diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile.rails-5.1-stable new file mode 100644 index 0000000000..6bbeae5b90 --- /dev/null +++ b/gemfiles/Gemfile.rails-5.1-stable @@ -0,0 +1,32 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '~> 5.1.0' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing" + +# Waiting on https://github.com/plataformatec/responders/issues/179 +gem "responders", github: "plataformatec/responders" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false + gem 'test_after_commit', require: false +end + +platforms :ruby do + gem "sqlite3" +end + +# TODO: +# group :mongoid do +# gem "mongoid", "~> 4.0.0" +# end diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock new file mode 100644 index 0000000000..0ef1da1a76 --- /dev/null +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -0,0 +1,196 @@ +GIT + remote: git://github.com/plataformatec/responders.git + revision: 153f2c603fcbd0adb90a15021a7cba53654a78e5 + specs: + responders (2.3.0) + railties (>= 4.2.0, < 5.3) + +GIT + remote: git://github.com/rails/activemodel-serializers-xml.git + revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531 + specs: + activemodel-serializers-xml (1.0.1) + activemodel (> 5.x) + activesupport (> 5.x) + builder (~> 3.1) + +PATH + remote: .. + specs: + devise (4.2.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 5.2) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + actioncable (5.1.0) + actionpack (= 5.1.0) + nio4r (~> 2.0) + websocket-driver (~> 0.6.1) + actionmailer (5.1.0) + actionpack (= 5.1.0) + actionview (= 5.1.0) + activejob (= 5.1.0) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.1.0) + actionview (= 5.1.0) + activesupport (= 5.1.0) + rack (~> 2.0) + rack-test (~> 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.1.0) + activesupport (= 5.1.0) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.1.0) + activesupport (= 5.1.0) + globalid (>= 0.3.6) + activemodel (5.1.0) + activesupport (= 5.1.0) + activerecord (5.1.0) + activemodel (= 5.1.0) + activesupport (= 5.1.0) + arel (~> 8.0) + activesupport (5.1.0) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (~> 0.7) + minitest (~> 5.1) + tzinfo (~> 1.1) + arel (8.0.0) + bcrypt (3.1.11) + builder (3.2.3) + concurrent-ruby (1.0.5) + erubi (1.6.0) + faraday (0.11.0) + multipart-post (>= 1.2, < 3) + globalid (0.4.0) + activesupport (>= 4.2.0) + hashie (3.5.5) + i18n (0.8.1) + jwt (1.5.6) + loofah (2.0.3) + nokogiri (>= 1.5.9) + mail (2.6.5) + mime-types (>= 1.16, < 4) + metaclass (0.0.4) + method_source (0.8.2) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) + mini_portile2 (2.1.0) + minitest (5.10.1) + mocha (1.2.1) + metaclass (~> 0.0.1) + multi_json (1.12.1) + multi_xml (0.6.0) + multipart-post (2.0.0) + nio4r (2.0.0) + nokogiri (1.7.1) + mini_portile2 (~> 2.1.0) + oauth2 (1.3.1) + faraday (>= 0.8, < 0.12) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.6.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) + omniauth-facebook (4.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.4.0) + oauth2 (~> 1.0) + omniauth (~> 1.2) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack (2.0.1) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (0.6.3) + rack (>= 1.0) + rails (5.1.0) + actioncable (= 5.1.0) + actionmailer (= 5.1.0) + actionpack (= 5.1.0) + actionview (= 5.1.0) + activejob (= 5.1.0) + activemodel (= 5.1.0) + activerecord (= 5.1.0) + activesupport (= 5.1.0) + bundler (>= 1.3.0, < 2.0) + railties (= 5.1.0) + sprockets-rails (>= 2.0.0) + rails-controller-testing (1.0.1) + actionpack (~> 5.x) + actionview (~> 5.x) + activesupport (~> 5.x) + rails-dom-testing (2.0.2) + activesupport (>= 4.2.0, < 6.0) + nokogiri (~> 1.6) + rails-html-sanitizer (1.0.3) + loofah (~> 2.0) + railties (5.1.0) + actionpack (= 5.1.0) + activesupport (= 5.1.0) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (12.0.0) + rdoc (5.1.0) + ruby-openid (2.7.0) + sprockets (3.7.1) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.0) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.3.13) + test_after_commit (1.1.0) + activerecord (>= 3.2) + thor (0.19.4) + thread_safe (0.3.6) + tzinfo (1.2.3) + thread_safe (~> 0.1) + warden (1.2.7) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + websocket-driver (0.6.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.2) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + devise! + mocha (~> 1.1) + omniauth + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails (~> 5.1.0) + rails-controller-testing + rdoc + responders! + sqlite3 + test_after_commit + webrat (= 0.7.3) + +BUNDLED WITH + 1.14.6 From 7c4e8c8d17047bceea490173af42bfbbc54cf849 Mon Sep 17 00:00:00 2001 From: Matthew Rudy Jacobs Date: Sun, 26 Feb 2017 20:56:19 +0000 Subject: [PATCH 1031/1473] Rails 5.1 requires ActionController::TestRequest to have a controller class Pass it in as an anonymous class --- test/integration/rememberable_test.rb | 8 +++++++- test/rails_app/config/boot.rb | 6 +++++- test/test/controller_helpers_test.rb | 10 +++++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index b5a227db48..cb68664995 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -10,7 +10,13 @@ def create_user_and_remember(add_to_token='') end def generate_signed_cookie(raw_cookie) - request = Devise.rails5? ? ActionDispatch::TestRequest.create : ActionDispatch::TestRequest.new + request = if Devise.rails51? + ActionController::TestRequest.create(Class.new) # needs a "controller class" + elsif Devise.rails5? + ActionController::TestRequest.create + else + ActionController::TestRequest.new + end request.cookie_jar.signed['raw_cookie'] = raw_cookie request.cookie_jar['raw_cookie'] end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index fef72810d3..5831994adf 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -3,7 +3,11 @@ end module Devise - # Detection for minor differences between Rails 4 and 5 in tests. + # Detection for minor differences between Rails 4 and 5, and 5.1 in tests. + def self.rails51? + Rails.version.start_with? '5.1' + end + def self.rails5? Rails.version.start_with? '5' end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index dc0c2a2a7c..cfc37bbdf2 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -163,7 +163,15 @@ def respond test "creates a new warden proxy if the request object has changed" do old_warden_proxy = warden - @request = Devise.rails5? ? ActionController::TestRequest.create : ActionController::TestRequest.new + + @request = if Devise.rails51? + ActionController::TestRequest.create(Class.new) # needs a "controller class" + elsif Devise.rails5? + ActionController::TestRequest.create + else + ActionController::TestRequest.new + end + new_warden_proxy = warden assert_not_equal old_warden_proxy, new_warden_proxy From 801cf001468c86cebef4543254e3140f79feccee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 28 Apr 2017 15:33:43 -0700 Subject: [PATCH 1032/1473] Test by default with Rails 5.1 --- Gemfile | 2 +- Gemfile.lock | 93 +++++++++++++------------- gemfiles/Gemfile.rails-5.1-stable | 3 +- gemfiles/Gemfile.rails-5.1-stable.lock | 14 ++-- 4 files changed, 54 insertions(+), 58 deletions(-) diff --git a/Gemfile b/Gemfile index 13023d87a2..57494b931d 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 5.0.0" +gem "rails", "~> 5.1" gem "omniauth", "~> 1.3" gem "oauth2" gem "omniauth-oauth2" diff --git a/Gemfile.lock b/Gemfile.lock index 351373e073..e954770bb5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,58 +20,58 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.0.2) - actionpack (= 5.0.2) - nio4r (>= 1.2, < 3.0) + actioncable (5.1.0) + actionpack (= 5.1.0) + nio4r (~> 2.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.2) - actionpack (= 5.0.2) - actionview (= 5.0.2) - activejob (= 5.0.2) + actionmailer (5.1.0) + actionpack (= 5.1.0) + actionview (= 5.1.0) + activejob (= 5.1.0) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.2) - actionview (= 5.0.2) - activesupport (= 5.0.2) + actionpack (5.1.0) + actionview (= 5.1.0) + activesupport (= 5.1.0) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.2) - activesupport (= 5.0.2) + actionview (5.1.0) + activesupport (= 5.1.0) builder (~> 3.1) - erubis (~> 2.7.0) + erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.0.2) - activesupport (= 5.0.2) + activejob (5.1.0) + activesupport (= 5.1.0) globalid (>= 0.3.6) - activemodel (5.0.2) - activesupport (= 5.0.2) - activerecord (5.0.2) - activemodel (= 5.0.2) - activesupport (= 5.0.2) - arel (~> 7.0) - activesupport (5.0.2) + activemodel (5.1.0) + activesupport (= 5.1.0) + activerecord (5.1.0) + activemodel (= 5.1.0) + activesupport (= 5.1.0) + arel (~> 8.0) + activesupport (5.1.0) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (~> 0.7) minitest (~> 5.1) tzinfo (~> 1.1) - arel (7.1.4) + arel (8.0.0) bcrypt (3.1.11) builder (3.2.3) concurrent-ruby (1.0.5) - erubis (2.7.0) + erubi (1.6.0) faraday (0.11.0) multipart-post (>= 1.2, < 3) - globalid (0.3.7) - activesupport (>= 4.1.0) + globalid (0.4.0) + activesupport (>= 4.2.0) hashie (3.5.5) i18n (0.8.1) jwt (1.5.6) loofah (2.0.3) nokogiri (>= 1.5.9) - mail (2.6.4) + mail (2.6.5) mime-types (>= 1.16, < 4) metaclass (0.0.4) method_source (0.8.2) @@ -86,7 +86,7 @@ GEM multi_xml (0.6.0) multipart-post (2.0.0) nio4r (2.0.0) - nokogiri (1.7.0.1) + nokogiri (1.7.1) mini_portile2 (~> 2.1.0) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) @@ -112,17 +112,17 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.2) - actioncable (= 5.0.2) - actionmailer (= 5.0.2) - actionpack (= 5.0.2) - actionview (= 5.0.2) - activejob (= 5.0.2) - activemodel (= 5.0.2) - activerecord (= 5.0.2) - activesupport (= 5.0.2) + rails (5.1.0) + actioncable (= 5.1.0) + actionmailer (= 5.1.0) + actionpack (= 5.1.0) + actionview (= 5.1.0) + activejob (= 5.1.0) + activemodel (= 5.1.0) + activerecord (= 5.1.0) + activesupport (= 5.1.0) bundler (>= 1.3.0, < 2.0) - railties (= 5.0.2) + railties (= 5.1.0) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.1) actionpack (~> 5.x) @@ -133,16 +133,17 @@ GEM nokogiri (~> 1.6) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (5.0.2) - actionpack (= 5.0.2) - activesupport (= 5.0.2) + railties (5.1.0) + actionpack (= 5.1.0) + activesupport (= 5.1.0) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) rake (12.0.0) rdoc (5.1.0) - responders (2.3.0) - railties (>= 4.2.0, < 5.1) + responders (2.4.0) + actionpack (>= 4.2.0, < 5.3) + railties (>= 4.2.0, < 5.3) ruby-openid (2.7.0) sprockets (3.7.1) concurrent-ruby (~> 1.0) @@ -154,7 +155,7 @@ GEM sqlite3 (1.3.13) thor (0.19.4) thread_safe (0.3.6) - tzinfo (1.2.2) + tzinfo (1.2.3) thread_safe (~> 0.1) warden (1.2.7) rack (>= 1.0) @@ -181,7 +182,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.0.0) + rails (~> 5.1) rails-controller-testing rdoc responders (~> 2.1) @@ -189,4 +190,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.13.7 + 1.14.6 diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile.rails-5.1-stable index 6bbeae5b90..3ea1b69a67 100644 --- a/gemfiles/Gemfile.rails-5.1-stable +++ b/gemfiles/Gemfile.rails-5.1-stable @@ -11,8 +11,7 @@ gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" gem "rails-controller-testing" -# Waiting on https://github.com/plataformatec/responders/issues/179 -gem "responders", github: "plataformatec/responders" +gem "responders", "~> 2.1" group :test do gem "omniauth-facebook" diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index 0ef1da1a76..480792e24a 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -1,10 +1,3 @@ -GIT - remote: git://github.com/plataformatec/responders.git - revision: 153f2c603fcbd0adb90a15021a7cba53654a78e5 - specs: - responders (2.3.0) - railties (>= 4.2.0, < 5.3) - GIT remote: git://github.com/rails/activemodel-serializers-xml.git revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531 @@ -17,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.2.0) + devise (4.2.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -148,6 +141,9 @@ GEM thor (>= 0.18.1, < 2.0) rake (12.0.0) rdoc (5.1.0) + responders (2.4.0) + actionpack (>= 4.2.0, < 5.3) + railties (>= 4.2.0, < 5.3) ruby-openid (2.7.0) sprockets (3.7.1) concurrent-ruby (~> 1.0) @@ -187,7 +183,7 @@ DEPENDENCIES rails (~> 5.1.0) rails-controller-testing rdoc - responders! + responders (~> 2.1) sqlite3 test_after_commit webrat (= 0.7.3) From 0fe308e7a77ff4f4e41228c04c109ce0178f4d4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 28 Apr 2017 15:33:55 -0700 Subject: [PATCH 1033/1473] Remove deprecation in the email_was method --- lib/devise/models/database_authenticatable.rb | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index bb8ea50bc1..0fa6eb8902 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -137,9 +137,16 @@ def authenticatable_salt encrypted_password[0,29] if encrypted_password end - # Send notification to user when email changes. - def send_email_changed_notification - send_devise_notification(:email_changed, to: email_was) + if Devise.rails51? + # Send notification to user when email changes. + def send_email_changed_notification + send_devise_notification(:email_changed, to: email_before_last_save) + end + else + # Send notification to user when email changes. + def send_email_changed_notification + send_devise_notification(:email_changed, to: email_was) + end end # Send notification to user when password changes. From 94c6d5f5cca55680f0c607525ea5fbb80a24115d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 28 Apr 2017 16:05:39 -0700 Subject: [PATCH 1034/1473] Remove deprecation on _changed? methods --- lib/devise/models/confirmable.rb | 28 +++++++++++++------ lib/devise/models/database_authenticatable.rb | 20 ++++++++++--- lib/devise/models/recoverable.rb | 21 ++++++++++---- lib/devise/models/validatable.rb | 9 ++++-- test/rails_app/lib/shared_admin.rb | 6 +++- 5 files changed, 64 insertions(+), 20 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 7c0ef02fff..6400a93125 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -261,14 +261,26 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token generate_confirmation_token end - def postpone_email_change? - postpone = self.class.reconfirmable && - email_changed? && - !@bypass_confirmation_postpone && - self.email.present? && - (!@skip_reconfirmation_in_callback || !self.email_was.nil?) - @bypass_confirmation_postpone = false - postpone + if Devise.rails51? + def postpone_email_change? + postpone = self.class.reconfirmable && + will_save_change_to_email? && + !@bypass_confirmation_postpone && + self.email.present? && + (!@skip_reconfirmation_in_callback || !self.email_in_database.nil?) + @bypass_confirmation_postpone = false + postpone + end + else + def postpone_email_change? + postpone = self.class.reconfirmable && + email_changed? && + !@bypass_confirmation_postpone && + self.email.present? && + (!@skip_reconfirmation_in_callback || !self.email_was.nil?) + @bypass_confirmation_postpone = false + postpone + end end def reconfirmation_required? diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 0fa6eb8902..b1cdea222a 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -165,12 +165,24 @@ def password_digest(password) Devise::Encryptor.digest(self.class, password) end - def send_email_changed_notification? - self.class.send_email_changed_notification && email_changed? + if Devise.rails51? + def send_email_changed_notification? + self.class.send_email_changed_notification && saved_change_to_email? + end + else + def send_email_changed_notification? + self.class.send_email_changed_notification && email_changed? + end end - def send_password_change_notification? - self.class.send_password_change_notification && encrypted_password_changed? + if Devise.rails51? + def send_password_change_notification? + self.class.send_password_change_notification && saved_change_to_encrypted_password? + end + else + def send_password_change_notification? + self.class.send_password_change_notification && encrypted_password_changed? + end end module ClassMethods diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 14c33d6e8e..75ca9cde61 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -97,13 +97,24 @@ def send_reset_password_instructions_notification(token) send_devise_notification(:reset_password_instructions, token, {}) end - def clear_reset_password_token? - encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed? - authentication_keys_changed = self.class.authentication_keys.any? do |attribute| - respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") + if Devise.rails51? + def clear_reset_password_token? + encrypted_password_changed = respond_to?(:will_save_change_to_encrypted_password?) && will_save_change_to_encrypted_password? + authentication_keys_changed = self.class.authentication_keys.any? do |attribute| + respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") + end + + authentication_keys_changed || encrypted_password_changed end + else + def clear_reset_password_token? + encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed? + authentication_keys_changed = self.class.authentication_keys.any? do |attribute| + respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") + end - authentication_keys_changed || encrypted_password_changed + authentication_keys_changed || encrypted_password_changed + end end module ClassMethods diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 3a08037047..761d76d896 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -27,8 +27,13 @@ def self.included(base) base.class_eval do validates_presence_of :email, if: :email_required? - validates_uniqueness_of :email, allow_blank: true, if: :email_changed? - validates_format_of :email, with: email_regexp, allow_blank: true, if: :email_changed? + if Devise.rails51? + validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email? + validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email? + else + validates_uniqueness_of :email, allow_blank: true, if: :email_changed? + validates_format_of :email, with: email_regexp, allow_blank: true, if: :email_changed? + end validates_presence_of :password, if: :password_required? validates_confirmation_of :password, if: :password_required? diff --git a/test/rails_app/lib/shared_admin.rb b/test/rails_app/lib/shared_admin.rb index e8c293e56c..efda353c49 100644 --- a/test/rails_app/lib/shared_admin.rb +++ b/test/rails_app/lib/shared_admin.rb @@ -8,7 +8,11 @@ module SharedAdmin allow_unconfirmed_access_for: 2.weeks, reconfirmable: true validates_length_of :reset_password_token, minimum: 3, allow_blank: true - validates_uniqueness_of :email, allow_blank: true, if: :email_changed? + if Devise.rails51? + validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email? + else + validates_uniqueness_of :email, allow_blank: true, if: :email_changed? + end end def raw_confirmation_token From 244cc60d352137db3ebbf10819897bd3c70744bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 28 Apr 2017 16:07:27 -0700 Subject: [PATCH 1035/1473] Remove deprecation on email_was --- lib/devise/models/confirmable.rb | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 6400a93125..02ef6bc33b 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -253,12 +253,22 @@ def generate_confirmation_token! generate_confirmation_token && save(validate: false) end - def postpone_email_change_until_confirmation_and_regenerate_confirmation_token - @reconfirmation_required = true - self.unconfirmed_email = self.email - self.email = self.email_was - self.confirmation_token = nil - generate_confirmation_token + if Devise.rails51? + def postpone_email_change_until_confirmation_and_regenerate_confirmation_token + @reconfirmation_required = true + self.unconfirmed_email = self.email + self.email = self.email_in_database + self.confirmation_token = nil + generate_confirmation_token + end + else + def postpone_email_change_until_confirmation_and_regenerate_confirmation_token + @reconfirmation_required = true + self.unconfirmed_email = self.email + self.email = self.email_was + self.confirmation_token = nil + generate_confirmation_token + end end if Devise.rails51? From 0591d92f53e91f9aec88e561634da9e437f793ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Sat, 29 Apr 2017 10:12:28 -0700 Subject: [PATCH 1036/1473] Move the version check to the lib folder Closes #4514. Fixes #4513. --- lib/devise.rb | 4 ++++ test/rails_app/config/boot.rb | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 2262c9b89b..1b7e1df19d 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -290,6 +290,10 @@ module Test mattr_accessor :token_generator @@token_generator = nil + def self.rails51? # :nodoc: + Rails.gem_version >= Gem::Version.new("5.1.x") + end + # Default way to set up Devise. Run rails generate devise_install to create # a fresh initializer with all configuration values. def self.setup diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 5831994adf..a7ab3335da 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -4,10 +4,6 @@ module Devise # Detection for minor differences between Rails 4 and 5, and 5.1 in tests. - def self.rails51? - Rails.version.start_with? '5.1' - end - def self.rails5? Rails.version.start_with? '5' end From be2e17841e6c9fba1ae255f447803b8337ca6354 Mon Sep 17 00:00:00 2001 From: Dan Schultzer Date: Sat, 29 Apr 2017 10:24:22 -0700 Subject: [PATCH 1037/1473] Separate Devise test methods from Devise --- test/integration/rememberable_test.rb | 4 ++-- test/orm/active_record.rb | 2 +- test/rails_app/app/active_record/user.rb | 2 +- test/rails_app/app/controllers/home_controller.rb | 2 +- .../users/omniauth_callbacks_controller.rb | 2 +- test/rails_app/app/controllers/users_controller.rb | 6 +++--- test/rails_app/config/boot.rb | 12 +++++++++--- test/rails_app/lib/shared_admin.rb | 2 +- test/routes_test.rb | 10 +++++----- test/test/controller_helpers_test.rb | 4 ++-- 10 files changed, 26 insertions(+), 20 deletions(-) diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index cb68664995..1dfd07d6ed 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -10,9 +10,9 @@ def create_user_and_remember(add_to_token='') end def generate_signed_cookie(raw_cookie) - request = if Devise.rails51? + request = if Devise::Test.rails51? ActionController::TestRequest.create(Class.new) # needs a "controller class" - elsif Devise.rails5? + elsif Devise::Test.rails5? ActionController::TestRequest.create else ActionController::TestRequest.new diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index d9455434d1..a3afd74e6c 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,7 @@ ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__)) class ActiveSupport::TestCase - if Devise.rails5? + if Devise::Test.rails5? self.use_transactional_tests = true else # Let `after_commit` work with transactional fixtures, however this is not needed for Rails 5. diff --git a/test/rails_app/app/active_record/user.rb b/test/rails_app/app/active_record/user.rb index ec9d0c282c..78b3530ae1 100644 --- a/test/rails_app/app/active_record/user.rb +++ b/test/rails_app/app/active_record/user.rb @@ -3,5 +3,5 @@ class User < ActiveRecord::Base include Shim include SharedUser - include ActiveModel::Serializers::Xml if Devise.rails5? + include ActiveModel::Serializers::Xml if Devise::Test.rails5? end diff --git a/test/rails_app/app/controllers/home_controller.rb b/test/rails_app/app/controllers/home_controller.rb index 49ea8b1d70..e2a342302f 100644 --- a/test/rails_app/app/controllers/home_controller.rb +++ b/test/rails_app/app/controllers/home_controller.rb @@ -20,7 +20,7 @@ def set end def unauthenticated - if Devise.rails5? + if Devise::Test.rails5? render body: "unauthenticated", status: :unauthorized else render text: "unauthenticated", status: :unauthorized diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index f24eae50e9..37cf9a8ae3 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -9,6 +9,6 @@ def sign_in_facebook user = User.to_adapter.find_first(email: 'user@test.com') user.remember_me = true sign_in user - render (Devise.rails5? ? :body : :text) => "" + render (Devise::Test.rails5? ? :body : :text) => "" end end diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index 420c010427..1d2d749430 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -13,7 +13,7 @@ def edit_form end def update_form - render (Devise.rails5? ? :body : :text) => 'Update' + render (Devise::Test.rails5? ? :body : :text) => 'Update' end def accept @@ -21,11 +21,11 @@ def accept end def exhibit - render (Devise.rails5? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated" + render (Devise::Test.rails5? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated" end def expire user_session['last_request_at'] = 31.minutes.ago.utc - render (Devise.rails5? ? :body : :text) => 'User will be expired on next request' + render (Devise::Test.rails5? ? :body : :text) => 'User will be expired on next request' end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index a7ab3335da..60b9073025 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -3,9 +3,15 @@ end module Devise - # Detection for minor differences between Rails 4 and 5, and 5.1 in tests. - def self.rails5? - Rails.version.start_with? '5' + module Test + # Detection for minor differences between Rails 4 and 5, and 5.1 in tests. + def self.rails51? + Rails.version.start_with? '5.1' + end + + def self.rails5? + Rails.version.start_with? '5' + end end end diff --git a/test/rails_app/lib/shared_admin.rb b/test/rails_app/lib/shared_admin.rb index efda353c49..7d6227a3c5 100644 --- a/test/rails_app/lib/shared_admin.rb +++ b/test/rails_app/lib/shared_admin.rb @@ -8,7 +8,7 @@ module SharedAdmin allow_unconfirmed_access_for: 2.weeks, reconfirmable: true validates_length_of :reset_password_token, minimum: 3, allow_blank: true - if Devise.rails51? + if Devise::Test.rails51? validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email? else validates_uniqueness_of :email, allow_blank: true, if: :email_changed? diff --git a/test/routes_test.rb b/test/routes_test.rb index 8502f5528a..84229f254b 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -203,7 +203,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for sessions' do expected_params = {controller: 'devise/sessions', action: 'new'} - expected_params[:format] = false if Devise.rails5? + expected_params[:format] = false if Devise::Test.rails5? assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do @@ -213,7 +213,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for passwords' do expected_params = {controller: 'devise/passwords', action: 'create'} - expected_params[:format] = false if Devise.rails5? + expected_params[:format] = false if Devise::Test.rails5? assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post}) assert_raise ExpectedRoutingError do @@ -223,7 +223,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for registrations' do expected_params = {controller: 'devise/registrations', action: 'new'} - expected_params[:format] = false if Devise.rails5? + expected_params[:format] = false if Devise::Test.rails5? assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get}) assert_raise ExpectedRoutingError do @@ -233,7 +233,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for confirmations' do expected_params = {controller: 'devise/confirmations', action: 'show'} - expected_params[:format] = false if Devise.rails5? + expected_params[:format] = false if Devise::Test.rails5? assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get}) assert_raise ExpectedRoutingError do @@ -243,7 +243,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for unlocks' do expected_params = {controller: 'devise/unlocks', action: 'show'} - expected_params[:format] = false if Devise.rails5? + expected_params[:format] = false if Devise::Test.rails5? assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get}) assert_raise ExpectedRoutingError do diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index cfc37bbdf2..e94ce309e3 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -164,9 +164,9 @@ def respond test "creates a new warden proxy if the request object has changed" do old_warden_proxy = warden - @request = if Devise.rails51? + @request = if Devise::Test.rails51? ActionController::TestRequest.create(Class.new) # needs a "controller class" - elsif Devise.rails5? + elsif Devise::Test.rails5? ActionController::TestRequest.create else ActionController::TestRequest.new From ce08d7abb83a1675bd98804ad06e00271c408863 Mon Sep 17 00:00:00 2001 From: Jonathon Padfield Date: Wed, 3 May 2017 13:31:52 +1000 Subject: [PATCH 1038/1473] Replaced render :text 404 with :plain in omniauth Rails 5.1 has deprecated render :text, and HEAD requests on the omniauth callbacks passthru method is causing errors because the render :text is non-existant, and there's no template to fall back to. Replacing :text with :plain, adds a content-type type of text/plain and also returns the previous message. render :plain was supported back in rails 4.1.0 http://api.rubyonrails.org/v4.1.0/classes/ActionView/Helpers/RenderingHelper.html#method-i-render --- app/controllers/devise/omniauth_callbacks_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb index e89233bf63..d5b2c094e9 100644 --- a/app/controllers/devise/omniauth_callbacks_controller.rb +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -2,7 +2,7 @@ class Devise::OmniauthCallbacksController < DeviseController prepend_before_action { request.env["devise.skip_timeout"] = true } def passthru - render status: 404, text: "Not found. Authentication passthru." + render status: 404, plain: "Not found. Authentication passthru." end def failure From 059dfc8ccec940a7227aa8c45e8946a11672b485 Mon Sep 17 00:00:00 2001 From: Michael Kevin Victor Date: Fri, 5 May 2017 18:28:30 +0530 Subject: [PATCH 1039/1473] Update copyright licence year to 2017 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d60711866b..19c9d6a300 100644 --- a/README.md +++ b/README.md @@ -610,6 +610,6 @@ https://github.com/plataformatec/devise/graphs/contributors ## License -MIT License. Copyright 2009-2016 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2017 Plataformatec. http://plataformatec.com.br You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. From 399774af696dd6dffee485f41cf413dd6c5e7b49 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 10 May 2017 16:50:40 -0300 Subject: [PATCH 1040/1473] Prepare for 4.3.0 release. --- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 6 +++--- gemfiles/Gemfile.rails-4.2-stable.lock | 11 ++++++----- gemfiles/Gemfile.rails-5.1-stable.lock | 2 +- lib/devise/version.rb | 2 +- 5 files changed, 12 insertions(+), 11 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e954770bb5..9093363151 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.2.1) + devise (4.3.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 31a31fd635..864d944beb 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,10 +21,10 @@ GIT PATH remote: .. specs: - devise (4.2.1) + devise (4.3.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.1) + railties (>= 4.1.0, < 5.2) responders warden (~> 1.2.3) @@ -168,4 +168,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.12.6 + 1.14.6 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 2e3757c03d..66a87d8deb 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,10 +57,10 @@ GIT PATH remote: .. specs: - devise (4.2.1) + devise (4.3.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.1) + railties (>= 4.1.0, < 5.2) responders warden (~> 1.2.3) @@ -143,8 +143,9 @@ GEM loofah (~> 2.0) rake (12.0.0) rdoc (5.1.0) - responders (2.3.0) - railties (>= 4.2.0, < 5.1) + responders (2.4.0) + actionpack (>= 4.2.0, < 5.3) + railties (>= 4.2.0, < 5.3) ruby-openid (2.7.0) sprockets (3.7.1) concurrent-ruby (~> 1.0) @@ -188,4 +189,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.12.6 + 1.14.6 diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index 480792e24a..f23248ed91 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.2.1) + devise (4.3.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index b6ddb34517..ac983193ba 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,3 @@ module Devise - VERSION = "4.2.1".freeze + VERSION = "4.3.0".freeze end From 3e1c9e343ce537e3c9aabd74592e375152482045 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 10 May 2017 17:09:38 -0300 Subject: [PATCH 1041/1473] Add `Devise.activerecord51?` Active Record changed it's public API, so we should check against its version instead of Rails as it is possible to use Rails 5.1 with Mongoid, which still has the older Dirty API. However, this patch does not fixes a scenario where an app has both Active Record and Mongoid loaded. It should be fixed by either normalizing the Mongoid/ActiveRecord API or replacing the conditional method definitions with a shim layer that abstracts this away. --- lib/devise.rb | 4 ++++ lib/devise/models/confirmable.rb | 4 ++-- lib/devise/models/database_authenticatable.rb | 6 +++--- lib/devise/models/recoverable.rb | 2 +- lib/devise/models/validatable.rb | 2 +- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 1b7e1df19d..debd342b71 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -294,6 +294,10 @@ def self.rails51? # :nodoc: Rails.gem_version >= Gem::Version.new("5.1.x") end + def self.activerecord51? # :nodoc: + defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + end + # Default way to set up Devise. Run rails generate devise_install to create # a fresh initializer with all configuration values. def self.setup diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 02ef6bc33b..726b8fa917 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -253,7 +253,7 @@ def generate_confirmation_token! generate_confirmation_token && save(validate: false) end - if Devise.rails51? + if Devise.activerecord51? def postpone_email_change_until_confirmation_and_regenerate_confirmation_token @reconfirmation_required = true self.unconfirmed_email = self.email @@ -271,7 +271,7 @@ def postpone_email_change_until_confirmation_and_regenerate_confirmation_token end end - if Devise.rails51? + if Devise.activerecord51? def postpone_email_change? postpone = self.class.reconfirmable && will_save_change_to_email? && diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index b1cdea222a..a981b91a79 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -137,7 +137,7 @@ def authenticatable_salt encrypted_password[0,29] if encrypted_password end - if Devise.rails51? + if Devise.activerecord51? # Send notification to user when email changes. def send_email_changed_notification send_devise_notification(:email_changed, to: email_before_last_save) @@ -165,7 +165,7 @@ def password_digest(password) Devise::Encryptor.digest(self.class, password) end - if Devise.rails51? + if Devise.activerecord51? def send_email_changed_notification? self.class.send_email_changed_notification && saved_change_to_email? end @@ -175,7 +175,7 @@ def send_email_changed_notification? end end - if Devise.rails51? + if Devise.activerecord51? def send_password_change_notification? self.class.send_password_change_notification && saved_change_to_encrypted_password? end diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 75ca9cde61..7857b6868b 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -97,7 +97,7 @@ def send_reset_password_instructions_notification(token) send_devise_notification(:reset_password_instructions, token, {}) end - if Devise.rails51? + if Devise.activerecord51? def clear_reset_password_token? encrypted_password_changed = respond_to?(:will_save_change_to_encrypted_password?) && will_save_change_to_encrypted_password? authentication_keys_changed = self.class.authentication_keys.any? do |attribute| diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 761d76d896..7a39737837 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -27,7 +27,7 @@ def self.included(base) base.class_eval do validates_presence_of :email, if: :email_required? - if Devise.rails51? + if Devise.activerecord51? validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email? validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email? else From ee01bac8b0b828b3da0d79c46115ba65c433d6c8 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Wed, 10 May 2017 17:18:00 -0300 Subject: [PATCH 1042/1473] Update CHANGELOG. --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d402fcac2b..5be22684da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### 4.3.0 - unreleased + +* Enhancements + * Dependency support added for Rails 5.1.x. + ### 4.2.1 - 2017-03-15 * removals From b5629ebf1dde9462de4944e1221e954a1349e4c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 11 May 2017 19:00:04 -0700 Subject: [PATCH 1043/1473] Test with Rails 5.0 --- .travis.yml | 14 +-- ...ls-5.1-stable => Gemfile.rails-5.0-stable} | 2 +- ...ble.lock => Gemfile.rails-5.0-stable.lock} | 88 +++++++++---------- 3 files changed, 53 insertions(+), 51 deletions(-) rename gemfiles/{Gemfile.rails-5.1-stable => Gemfile.rails-5.0-stable} (95%) rename gemfiles/{Gemfile.rails-5.1-stable.lock => Gemfile.rails-5.0-stable.lock} (75%) diff --git a/.travis.yml b/.travis.yml index f8c170b052..c4df4aeb35 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,14 +2,14 @@ language: ruby rvm: - 2.1.10 - - 2.2.6 - - 2.3.3 - - 2.4.0 + - 2.2.7 + - 2.3.4 + - 2.4.1 - ruby-head gemfile: - Gemfile - - gemfiles/Gemfile.rails-5.1-stable + - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable @@ -22,11 +22,13 @@ matrix: - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.1-stable + gemfile: gemfiles/Gemfile.rails-5.0-stable + - rvm: 2.1.10 + gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.1-stable + gemfile: gemfiles/Gemfile.rails-5.0-stable allow_failures: - rvm: ruby-head services: diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile.rails-5.0-stable similarity index 95% rename from gemfiles/Gemfile.rails-5.1-stable rename to gemfiles/Gemfile.rails-5.0-stable index 3ea1b69a67..af0e3b4717 100644 --- a/gemfiles/Gemfile.rails-5.1-stable +++ b/gemfiles/Gemfile.rails-5.0-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 5.1.0' +gem "rails", '~> 5.0.0' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock similarity index 75% rename from gemfiles/Gemfile.rails-5.1-stable.lock rename to gemfiles/Gemfile.rails-5.0-stable.lock index f23248ed91..59784500b6 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -20,48 +20,48 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.1.0) - actionpack (= 5.1.0) - nio4r (~> 2.0) + actioncable (5.0.2) + actionpack (= 5.0.2) + nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.1.0) - actionpack (= 5.1.0) - actionview (= 5.1.0) - activejob (= 5.1.0) + actionmailer (5.0.2) + actionpack (= 5.0.2) + actionview (= 5.0.2) + activejob (= 5.0.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.0) - actionview (= 5.1.0) - activesupport (= 5.1.0) + actionpack (5.0.2) + actionview (= 5.0.2) + activesupport (= 5.0.2) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.0) - activesupport (= 5.1.0) + actionview (5.0.2) + activesupport (= 5.0.2) builder (~> 3.1) - erubi (~> 1.4) + erubis (~> 2.7.0) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.0) - activesupport (= 5.1.0) + activejob (5.0.2) + activesupport (= 5.0.2) globalid (>= 0.3.6) - activemodel (5.1.0) - activesupport (= 5.1.0) - activerecord (5.1.0) - activemodel (= 5.1.0) - activesupport (= 5.1.0) - arel (~> 8.0) - activesupport (5.1.0) + activemodel (5.0.2) + activesupport (= 5.0.2) + activerecord (5.0.2) + activemodel (= 5.0.2) + activesupport (= 5.0.2) + arel (~> 7.0) + activesupport (5.0.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (~> 0.7) minitest (~> 5.1) tzinfo (~> 1.1) - arel (8.0.0) + arel (7.1.4) bcrypt (3.1.11) builder (3.2.3) concurrent-ruby (1.0.5) - erubi (1.6.0) + erubis (2.7.0) faraday (0.11.0) multipart-post (>= 1.2, < 3) globalid (0.4.0) @@ -79,14 +79,14 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mini_portile2 (2.1.0) - minitest (5.10.1) + minitest (5.10.2) mocha (1.2.1) metaclass (~> 0.0.1) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) nio4r (2.0.0) - nokogiri (1.7.1) + nokogiri (1.7.2) mini_portile2 (~> 2.1.0) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) @@ -106,36 +106,36 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.1) + rack (2.0.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.1.0) - actioncable (= 5.1.0) - actionmailer (= 5.1.0) - actionpack (= 5.1.0) - actionview (= 5.1.0) - activejob (= 5.1.0) - activemodel (= 5.1.0) - activerecord (= 5.1.0) - activesupport (= 5.1.0) + rails (5.0.2) + actioncable (= 5.0.2) + actionmailer (= 5.0.2) + actionpack (= 5.0.2) + actionview (= 5.0.2) + activejob (= 5.0.2) + activemodel (= 5.0.2) + activerecord (= 5.0.2) + activesupport (= 5.0.2) bundler (>= 1.3.0, < 2.0) - railties (= 5.1.0) + railties (= 5.0.2) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.1) actionpack (~> 5.x) actionview (~> 5.x) activesupport (~> 5.x) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) rails-html-sanitizer (1.0.3) loofah (~> 2.0) - railties (5.1.0) - actionpack (= 5.1.0) - activesupport (= 5.1.0) + railties (5.0.2) + actionpack (= 5.0.2) + activesupport (= 5.0.2) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -180,7 +180,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.1.0) + rails (~> 5.0.0) rails-controller-testing rdoc responders (~> 2.1) From 0f6014b84d64e9dde9de5f8eb338f18a618a655f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 11 May 2017 19:05:30 -0700 Subject: [PATCH 1044/1473] Make sure we are using a version of minitest that is not broken with Rails. --- Gemfile | 3 +++ Gemfile.lock | 1 + gemfiles/Gemfile.rails-5.0-stable | 3 +++ gemfiles/Gemfile.rails-5.0-stable.lock | 3 ++- 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 57494b931d..dc7b6b4aef 100644 --- a/Gemfile +++ b/Gemfile @@ -14,6 +14,9 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" +# TODO: Remove this line when Rails 5.1.1 is released +gem "minitest", "< 5.10.2" + group :test do gem "omniauth-facebook" gem "omniauth-openid" diff --git a/Gemfile.lock b/Gemfile.lock index 9093363151..9b012392a1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -176,6 +176,7 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl + minitest (< 5.10.2) mocha (~> 1.1) oauth2 omniauth (~> 1.3) diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile.rails-5.0-stable index af0e3b4717..f4acf8acf3 100644 --- a/gemfiles/Gemfile.rails-5.0-stable +++ b/gemfiles/Gemfile.rails-5.0-stable @@ -13,6 +13,9 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" +# TODO: Remove this line when Rails 5.0.3 is released +gem "minitest", "< 5.10.2" + group :test do gem "omniauth-facebook" gem "omniauth-openid" diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 59784500b6..cd93317653 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -79,7 +79,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mini_portile2 (2.1.0) - minitest (5.10.2) + minitest (5.10.1) mocha (1.2.1) metaclass (~> 0.0.1) multi_json (1.12.1) @@ -175,6 +175,7 @@ PLATFORMS DEPENDENCIES activemodel-serializers-xml! devise! + minitest (< 5.10.2) mocha (~> 1.1) omniauth omniauth-facebook From 5e014ab6072551f6c39c391340e6b2089c849d00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 11 May 2017 19:23:05 -0700 Subject: [PATCH 1045/1473] Exclude Rails 4.1 in Ruby 2.4.1 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c4df4aeb35..feeb80b182 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,7 +17,7 @@ matrix: exclude: - rvm: 2.1.10 gemfile: Gemfile - - rvm: 2.4.0 + - rvm: 2.4.1 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable From 079ed3b6f8b671acde2dd630d28d21adb010fb3a Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 14 May 2017 21:10:36 -0300 Subject: [PATCH 1046/1473] Update Changelog [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5be22684da..f0ead4c46c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### 4.3.0 - unreleased +### 4.3.0 - 2017-05-14 * Enhancements * Dependency support added for Rails 5.1.x. From 4e9860d2681a3b3f4416f470e2499008f679806a Mon Sep 17 00:00:00 2001 From: Pat Allan Date: Tue, 20 Jun 2017 16:45:43 +1000 Subject: [PATCH 1047/1473] Ensure string literals can be frozen. --- lib/generators/devise/devise_generator.rb | 4 ++-- test/models/validatable_test.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index 80503951db..ea7054c703 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -8,7 +8,7 @@ class DeviseGenerator < Rails::Generators::NamedBase namespace "devise" source_root File.expand_path("../templates", __FILE__) - desc "Generates a model with the given NAME (if one does not exist) with devise " << + desc "Generates a model with the given NAME (if one does not exist) with devise " \ "configuration plus a migration file and devise routes." hook_for :orm @@ -16,7 +16,7 @@ class DeviseGenerator < Rails::Generators::NamedBase class_option :routes, desc: "Generate routes", type: :boolean, default: true def add_devise_routes - devise_route = "devise_for :#{plural_name}" + devise_route = "devise_for :#{plural_name}".dup devise_route << %Q(, class_name: "#{class_name}") if class_name.include?("::") devise_route << %Q(, skip: :all) unless options.routes? route devise_route diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index a54810e8c0..343be9cebf 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -31,7 +31,7 @@ class ValidatableTest < ActiveSupport::TestCase %w{invalid_email_format 123 $$$ () ☃}.each do |email| user.email = email - assert user.invalid?, 'should be invalid with email ' << email + assert user.invalid?, "should be invalid with email #{email}" assert_equal 'is invalid', user.errors[:email].join end @@ -42,7 +42,7 @@ class ValidatableTest < ActiveSupport::TestCase test 'should accept valid emails' do %w(a.b.c@example.com test_mail@gmail.com any@any.net email@test.br 123@mail.test 1☃3@mail.test).each do |email| user = new_user(email: email) - assert user.valid?, 'should be valid with email ' << email + assert user.valid?, "should be valid with email #{email}" assert_blank user.errors[:email] end end From 92b94bc84dd762c0e1a30dfef8b0d371e91cad83 Mon Sep 17 00:00:00 2001 From: swamp09 Date: Sat, 16 Sep 2017 23:40:57 +0900 Subject: [PATCH 1048/1473] CI against Ruby 2.2.8, 2.3.5, and 2.4.2 --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index feeb80b182..166cede8ae 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,9 +2,9 @@ language: ruby rvm: - 2.1.10 - - 2.2.7 - - 2.3.4 - - 2.4.1 + - 2.2.8 + - 2.3.5 + - 2.4.2 - ruby-head gemfile: @@ -17,7 +17,7 @@ matrix: exclude: - rvm: 2.1.10 gemfile: Gemfile - - rvm: 2.4.1 + - rvm: 2.4.2 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable From 197ac565208c58206f828b2d8efb15f4a663bcc2 Mon Sep 17 00:00:00 2001 From: bananaappletw Date: Sat, 7 Oct 2017 02:40:32 -0700 Subject: [PATCH 1049/1473] Remove TODO when Rails 5.0.3 is released --- gemfiles/Gemfile.rails-5.0-stable | 3 --- 1 file changed, 3 deletions(-) diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile.rails-5.0-stable index f4acf8acf3..af0e3b4717 100644 --- a/gemfiles/Gemfile.rails-5.0-stable +++ b/gemfiles/Gemfile.rails-5.0-stable @@ -13,9 +13,6 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" -# TODO: Remove this line when Rails 5.0.3 is released -gem "minitest", "< 5.10.2" - group :test do gem "omniauth-facebook" gem "omniauth-openid" From 1009096172f2cbc86bcd54d053c89a09be67fb9f Mon Sep 17 00:00:00 2001 From: Pat Allan Date: Fri, 13 Oct 2017 10:38:43 +1100 Subject: [PATCH 1050/1473] Fix syntax for MRI 2.5.0-preview1. --- app/controllers/devise/sessions_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index d0ddf75065..d04c3aa871 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -2,7 +2,7 @@ class Devise::SessionsController < DeviseController prepend_before_action :require_no_authentication, only: [:new, :create] prepend_before_action :allow_params_authentication!, only: :create prepend_before_action :verify_signed_out_user, only: :destroy - prepend_before_action only: [:create, :destroy] { request.env["devise.skip_timeout"] = true } + prepend_before_action(only: [:create, :destroy]) { request.env["devise.skip_timeout"] = true } # GET /resource/sign_in def new From c74e2693a3de0b44bea946d084216fb9c46214bc Mon Sep 17 00:00:00 2001 From: haneru Date: Sat, 28 Oct 2017 01:09:43 +0900 Subject: [PATCH 1051/1473] Removed gem minitest --- Gemfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Gemfile b/Gemfile index dc7b6b4aef..57494b931d 100644 --- a/Gemfile +++ b/Gemfile @@ -14,9 +14,6 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" -# TODO: Remove this line when Rails 5.1.1 is released -gem "minitest", "< 5.10.2" - group :test do gem "omniauth-facebook" gem "omniauth-openid" From a24f98f31563311d026544bb233c9c5eb8fa4693 Mon Sep 17 00:00:00 2001 From: masatooba Date: Sat, 28 Oct 2017 01:26:16 +0900 Subject: [PATCH 1052/1473] Delete unnecessary hide! method This method has already been added to Rails. --- lib/generators/devise/views_generator.rb | 7 ------- 1 file changed, 7 deletions(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 6254fe9e40..2faacd5a00 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -21,13 +21,6 @@ module ViewPathTemplates #:nodoc: public_task :copy_views end - # TODO: Add this to Rails itself - module ClassMethods - def hide! - Rails::Generators.hide_namespace self.namespace - end - end - def copy_views if options[:views] options[:views].each do |directory| From 4184e23d714483bb1839e05cd92ce3ef09ffc7df Mon Sep 17 00:00:00 2001 From: haneru Date: Sat, 28 Oct 2017 01:46:55 +0900 Subject: [PATCH 1053/1473] bundle installed --- Gemfile.lock | 1 - 1 file changed, 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 9b012392a1..9093363151 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -176,7 +176,6 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - minitest (< 5.10.2) mocha (~> 1.1) oauth2 omniauth (~> 1.3) From bcb67ecde8ed0512e524b7e1478a3bd4b6b8da5e Mon Sep 17 00:00:00 2001 From: Katsuhiko YOSHIDA Date: Sat, 28 Oct 2017 15:56:32 +0900 Subject: [PATCH 1054/1473] Fix mongoid test failed problem --- test/orm/mongoid.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/orm/mongoid.rb b/test/orm/mongoid.rb index 739b971dda..1cbe5ed48b 100644 --- a/test/orm/mongoid.rb +++ b/test/orm/mongoid.rb @@ -8,6 +8,6 @@ class ActiveSupport::TestCase setup do - Mongoid.purge! + Mongoid.default_session.drop end end From 6ceb649b103ec4a6088c8d61e0a2e32cde514cca Mon Sep 17 00:00:00 2001 From: Masato Oba Date: Sun, 29 Oct 2017 12:10:27 +0000 Subject: [PATCH 1055/1473] Fix small typo in authenticatable_test.rb --- test/integration/authenticatable_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 57b29aa9b1..26e2d60a05 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -369,7 +369,7 @@ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest end end - test 'renders the scoped view if turned on in an specific controller' do + test 'renders the scoped view if turned on in a specific controller' do begin Devise::SessionsController.scoped_views = true assert_raise Webrat::NotFoundError do From 975bb8490d125ccaecbb9aa89a6dadeebf08700e Mon Sep 17 00:00:00 2001 From: Masato Oba Date: Sun, 29 Oct 2017 12:31:02 +0000 Subject: [PATCH 1056/1473] Fix typo 'an user' to 'a user' --- lib/devise/models/authenticatable.rb | 2 +- test/integration/lockable_test.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 6f2f4fbb5c..7d21d5020d 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -256,7 +256,7 @@ def http_authenticatable?(strategy) # end # # Finally, notice that Devise also queries for users in other scenarios - # besides authentication, for example when retrieving an user to send + # besides authentication, for example when retrieving a user to send # an e-mail for password reset. In such cases, find_for_authentication # is not called. def find_for_authentication(tainted_conditions) diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 5602bb9fd2..cf6a9001d5 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -172,7 +172,7 @@ def send_unlock_request assert_equal response.body, {}.to_json end - test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do + test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do swap Devise, paranoid: true do user = create_user(locked: true) @@ -187,7 +187,7 @@ def send_unlock_request end end - test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do + test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is not locked" do swap Devise, paranoid: true do user = create_user(locked: false) @@ -202,7 +202,7 @@ def send_unlock_request end end - test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do + test "in paranoid mode, when trying to unlock a user that does not exists it should not say that it does not exists" do swap Devise, paranoid: true do visit new_user_session_path click_link "Didn't receive unlock instructions?" From a88f88eb4bfa2bab733b40b97d15d9bdb47fee52 Mon Sep 17 00:00:00 2001 From: Masato Oba Date: Thu, 2 Nov 2017 15:37:51 +0000 Subject: [PATCH 1057/1473] Change `rake secret` to `rails secret` in comments --- lib/devise.rb | 2 +- lib/devise/models/database_authenticatable.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index debd342b71..3627f2da8b 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -149,7 +149,7 @@ module Test mattr_accessor :timeout_in @@timeout_in = 30.minutes - # Used to hash the password. Please generate one with rake secret. + # Used to hash the password. Please generate one with rails secret. mattr_accessor :pepper @@pepper = nil diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index a981b91a79..6996723982 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -10,7 +10,7 @@ module Models # DatabaseAuthenticatable adds the following options to devise_for: # # * +pepper+: a random string used to provide a more secure hash. Use - # `rake secret` to generate new keys. + # `rails secret` to generate new keys. # # * +stretches+: the cost given to bcrypt. # From d6ffa8ef22c4e543395436bc2de24a72c9cf4ec3 Mon Sep 17 00:00:00 2001 From: Richard Baptist Date: Mon, 6 Nov 2017 17:25:29 +0100 Subject: [PATCH 1058/1473] Provide additional info on devise_scope usage --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 19c9d6a300..4a9c623738 100644 --- a/README.md +++ b/README.md @@ -374,6 +374,12 @@ end This way, you tell Devise to use the scope `:user` when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router. +Please note: You will still need to add `devise_for` in your routes in order to use helper methods such as `current_user`. + +```ruby +devise_for :users, skip: :all +``` + ### I18n Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file: From e61f4bae40b0fdeb2fadc51d7433c301db86f6a9 Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Wed, 22 Nov 2017 18:39:01 -0200 Subject: [PATCH 1059/1473] Add issue template The issue template is a guide to help the contributors report issues. --- ISSUE_TEMPLATE.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 ISSUE_TEMPLATE.md diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md new file mode 100644 index 0000000000..b14cc45294 --- /dev/null +++ b/ISSUE_TEMPLATE.md @@ -0,0 +1,19 @@ +## Precheck + +- Do not use the issues tracker for help or support, try Stack Overflow. +- For bugs, do a quick search and make sure the bug has not yet been reported +- Finally, be nice and have fun! + +## Environment + +- Ruby **[version]** +- Rails **[version]** +- Devise **[version]** + +## Current behavior + +Include code samples, errors, steps to reproduce the error and stacktraces if appropriate. + +Will be even more helpful if you provide a sample application or a test case that reproduces the error. + +## Expected behavior From 31801fc9a0774657b30b08208ca54f9572609fbd Mon Sep 17 00:00:00 2001 From: Ashley Foster Date: Tue, 28 Nov 2017 09:58:41 -0500 Subject: [PATCH 1060/1473] Fix missing validations on Signup (#4674) * Fix missing validations on Signup This commit fixes issue https://github.com/plataformatec/devise/issues/4673 This removes `validate: false` from saving a record when `Trackable` is in use. * Add test case * Add mongoid model --- lib/devise/models/trackable.rb | 2 +- test/models/trackable_test.rb | 9 +++++ test/rails_app/app/active_record/user.rb | 2 ++ .../active_record/user_with_validations.rb | 10 ++++++ .../app/mongoid/user_with_validations.rb | 35 +++++++++++++++++++ test/support/helpers.rb | 4 +++ 6 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 test/rails_app/app/active_record/user_with_validations.rb create mode 100644 test/rails_app/app/mongoid/user_with_validations.rb diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index a596523500..adee0eaa69 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -30,7 +30,7 @@ def update_tracked_fields(request) def update_tracked_fields!(request) update_tracked_fields(request) - save(validate: false) + save end end end diff --git a/test/models/trackable_test.rb b/test/models/trackable_test.rb index e792e337a5..07ac980220 100644 --- a/test/models/trackable_test.rb +++ b/test/models/trackable_test.rb @@ -38,4 +38,13 @@ class TrackableTest < ActiveSupport::TestCase assert_nil user.last_sign_in_at assert_equal 0, user.sign_in_count end + + test 'update_tracked_fields should run model validations' do + user = UserWithValidations.new + request = mock + request.stubs(:remote_ip).returns("127.0.0.1") + + assert_not user.update_tracked_fields!(request) + assert_not user.persisted? + end end diff --git a/test/rails_app/app/active_record/user.rb b/test/rails_app/app/active_record/user.rb index 78b3530ae1..1c9ebd41a3 100644 --- a/test/rails_app/app/active_record/user.rb +++ b/test/rails_app/app/active_record/user.rb @@ -4,4 +4,6 @@ class User < ActiveRecord::Base include Shim include SharedUser include ActiveModel::Serializers::Xml if Devise::Test.rails5? + + validates :sign_in_count, presence: true end diff --git a/test/rails_app/app/active_record/user_with_validations.rb b/test/rails_app/app/active_record/user_with_validations.rb new file mode 100644 index 0000000000..abfbe7e03b --- /dev/null +++ b/test/rails_app/app/active_record/user_with_validations.rb @@ -0,0 +1,10 @@ +require 'shared_user' + +class UserWithValidations < ActiveRecord::Base + self.table_name = 'users' + include Shim + include SharedUser + + validates :email, presence: true +end + diff --git a/test/rails_app/app/mongoid/user_with_validations.rb b/test/rails_app/app/mongoid/user_with_validations.rb new file mode 100644 index 0000000000..25dc5a3111 --- /dev/null +++ b/test/rails_app/app/mongoid/user_with_validations.rb @@ -0,0 +1,35 @@ +require "shared_user" + +class UserWithValidations + include Mongoid::Document + include Shim + include SharedUser + + field :username, type: String + field :facebook_token, type: String + + ## Database authenticatable + field :email, type: String, default: "" + field :encrypted_password, type: String, default: "" + + ## Recoverable + field :reset_password_token, type: String + field :reset_password_sent_at, type: Time + + ## Rememberable + field :remember_created_at, type: Time + + ## Trackable + field :sign_in_count, type: Integer, default: 0 + field :current_sign_in_at, type: Time + field :last_sign_in_at, type: Time + field :current_sign_in_ip, type: String + field :last_sign_in_ip, type: String + + ## Lockable + field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts + field :unlock_token, type: String # Only if unlock strategy is :email or :both + field :locked_at, type: Time + + validates :email, presence: true +end diff --git a/test/support/helpers.rb b/test/support/helpers.rb index ab77b91f68..db82dd7ce4 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -50,6 +50,10 @@ def create_user_without_email(attributes={}) UserWithoutEmail.create!(valid_attributes(attributes)) end + def create_user_with_validations(attributes={}) + UserWithValidations.create!(valid_attributes(attributes)) + end + # Execute the block setting the given values and restoring old values after # the block is executed. def swap(object, new_values) From 451ba5362b84ff18a31ea1b3251137128a6b1beb Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 28 Nov 2017 13:03:53 -0200 Subject: [PATCH 1061/1473] Update changelog [ci skip] --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f0ead4c46c..32ce2c44e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* bug fixes + * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) + ### 4.3.0 - 2017-05-14 * Enhancements From 2458334de6bf04b34a3c6722762c72312821dd6a Mon Sep 17 00:00:00 2001 From: Calvin Claus Date: Fri, 8 Dec 2017 01:29:41 +0100 Subject: [PATCH 1062/1473] added note about stopping spring (#4506) For me it was necessary to stop spring for the route helpers to be defined. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4a9c623738..588f89f42d 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,7 @@ Next, check the MODEL for any additional configuration options you might want to Then run `rails db:migrate` -You should restart your application after changing Devise's configuration options. Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined. +You should restart your application after changing Devise's configuration options (this includes stopping spring). Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined. ### Controller filters and helpers From f8c1ee0f909fdee22d862f3a4bc60f31ea0f87de Mon Sep 17 00:00:00 2001 From: Ahmad hamza Date: Fri, 8 Dec 2017 06:43:30 +0530 Subject: [PATCH 1063/1473] Added nested attributes example for README (#4434) --- README.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 588f89f42d..ff2d357df1 100644 --- a/README.md +++ b/README.md @@ -216,7 +216,21 @@ class ApplicationController < ActionController::Base end ``` -The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block: +The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types: + +```ruby +class ApplicationController < ActionController::Base + before_action :configure_permitted_parameters, if: :devise_controller? + + protected + + def configure_permitted_parameters + devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name, address_attributes: [:country, :state, :city, :area, :postal_code]]) + end +end +``` + +Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block: To permit simple scalar values for username and email, use this From 4f2e9158336a3e82fcfd803f2a74f4830fcc364d Mon Sep 17 00:00:00 2001 From: Mark Donald Amobi Date: Thu, 7 Dec 2017 19:16:27 -0600 Subject: [PATCH 1064/1473] minor grammar fix in rememberable documentation (#4550) --- lib/devise/models/rememberable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 8f32031114..5b72ebba3a 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -4,7 +4,7 @@ module Devise module Models - # Rememberable manages generating and clearing token for remember the user + # Rememberable manages generating and clearing token for remembering the user # from a saved cookie. Rememberable also has utility methods for dealing # with serializing the user into the cookie and back from the cookie, trying # to lookup the record based on the saved information. From 42b68d53a707dca655e27ab63c6c3f0b583c8bbe Mon Sep 17 00:00:00 2001 From: Shiva Bhusal Date: Sun, 17 Dec 2017 21:45:32 +0545 Subject: [PATCH 1065/1473] Adds Table of content to Readme.md (#4621) * Adds Table of content to Readme.md * adds 's' to content --- README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/README.md b/README.md index ff2d357df1..b7722643ca 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,50 @@ It's composed of 10 modules: * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +## Table of Contents + + + +- [Information](#information) + - [The Devise wiki](#the-devise-wiki) + - [Bug reports](#bug-reports) + - [StackOverflow and Mailing List](#stackoverflow-and-mailing-list) + - [RDocs](#rdocs) + - [Example applications](#example-applications) + - [Extensions](#extensions) + - [Contributing](#contributing) +- [Starting with Rails?](#starting-with-rails) +- [Getting started](#getting-started) + - [Controller filters and helpers](#controller-filters-and-helpers) + - [Configuring Models](#configuring-models) + - [Strong Parameters](#strong-parameters) + - [Configuring views](#configuring-views) + - [Configuring controllers](#configuring-controllers) + - [Configuring routes](#configuring-routes) + - [I18n](#i18n) + - [Test helpers](#test-helpers) + - [Controller tests](#controller-tests) + - [Integration tests](#integration-tests) + - [OmniAuth](#omniauth) + - [Configuring multiple models](#configuring-multiple-models) +- [Create a migration with the required fields](#create-a-migration-with-the-required-fields) +- [Inside your Admin model](#inside-your-admin-model) +- [Inside your routes](#inside-your-routes) +- [Inside your protected controller](#inside-your-protected-controller) +- [Inside your controllers and views](#inside-your-controllers-and-views) + - [ActiveJob Integration](#activejob-integration) + - [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs) + - [Other ORMs](#other-orms) +- [Additional information](#additional-information) + - [Heroku](#heroku) + - [Warden](#warden) + - [Contributors](#contributors) +- [License](#license) + + + + + ## Information ### The Devise wiki From 1b02534bef5e5ef106b3252e75b78a73a8bae06b Mon Sep 17 00:00:00 2001 From: Paulo Henrique Castro Date: Tue, 19 Dec 2017 20:34:45 +1000 Subject: [PATCH 1066/1473] change validatable docs to match generator (#4727) lib/generators/templates/devise.rb#L160 --- lib/devise/models/validatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 7a39737837..1ad2e70e0a 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -10,7 +10,7 @@ module Models # Validatable adds the following options to devise_for: # # * +email_regexp+: the regular expression used to validate e-mails; - # * +password_length+: a range expressing password length. Defaults to 8..72. + # * +password_length+: a range expressing password length. Defaults to 6..128. # module Validatable # All validations used by this module. From 12298ef9680d45b73540e60fb6338f6941fc734c Mon Sep 17 00:00:00 2001 From: Alexey Degtyarev Date: Thu, 21 Dec 2017 17:12:19 +0200 Subject: [PATCH 1067/1473] Added the ability to change the default migrations path (introduced in Rails 5.0.3) --- .../active_record/devise_generator.rb | 4 +-- lib/generators/devise/orm_helpers.rb | 6 +++- .../active_record_generator_test.rb | 31 +++++++++++++++++++ 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index ffcca8705e..03e14ff035 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -11,9 +11,9 @@ class DeviseGenerator < ActiveRecord::Generators::Base def copy_devise_migration if (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?(table_name)) - migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb", migration_version: migration_version + migration_template "migration_existing.rb", "#{migration_path}/add_devise_to_#{table_name}.rb", migration_version: migration_version else - migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb", migration_version: migration_version + migration_template "migration.rb", "#{migration_path}/devise_create_#{table_name}.rb", migration_version: migration_version end end diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index f67204b37c..f98f3774d8 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -23,7 +23,11 @@ def migration_exists?(table_name) end def migration_path - @migration_path ||= File.join("db", "migrate") + if Rails.version >= '5.0.3' + db_migrate_path + else + @migration_path ||= File.join("db", "migrate") + end end def model_path diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 79fab2b181..941162c9d2 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -13,6 +13,20 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase assert_migration "db/migrate/devise_create_monsters.rb", /def change/ end + test "all files are properly created with changed db/migrate path in application configuration" do + old_paths = Rails.application.config.paths["db/migrate"] + Rails.application.config.paths.add "db/migrate", with: "db2/migrate" + + run_generator %w(monster) + if Rails.version >= '5.0.3' + assert_migration "db2/migrate/devise_create_monsters.rb", /def change/ + else + assert_migration "db/migrate/devise_create_monsters.rb", /def change/ + end + + Rails.application.config.paths["db/migrate"] = old_paths + end + test "all files for namespaced model are properly created" do run_generator %w(admin/monster) assert_migration "db/migrate/devise_create_admin_monsters.rb", /def change/ @@ -25,6 +39,23 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase assert_migration "db/migrate/add_devise_to_monsters.rb" end + test "update model migration when model exists with changed db/migrate path in application configuration" do + old_paths = Rails.application.config.paths["db/migrate"] + Rails.application.config.paths.add "db/migrate", with: "db2/migrate" + + run_generator %w(monster) + assert_file "app/models/monster.rb" + run_generator %w(monster) + + if Rails.version >= '5.0.3' + assert_migration "db2/migrate/add_devise_to_monsters.rb" + else + assert_migration "db/migrate/add_devise_to_monsters.rb" + end + + Rails.application.config.paths["db/migrate"] = old_paths + end + test "all files are properly deleted" do run_generator %w(monster) run_generator %w(monster) From 8b9fba73fd1f76d173e7424dcfe12e0c06301e0a Mon Sep 17 00:00:00 2001 From: Guilherme Goettems Schneider Date: Thu, 21 Dec 2017 15:23:25 -0200 Subject: [PATCH 1068/1473] Allow frozen options in as_json (#4655) The test uses `as_json` instead of `to_json` because `to_json` does `#dup` on `options` before it reaches `#serializable_hash` and the test would pass without the fix. --- CHANGELOG.md | 1 + lib/devise/models/authenticatable.rb | 2 +- test/models/serializable_test.rb | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32ce2c44e1..edd12e70df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ * bug fixes * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) + * Do not modify options for `#serializable_hash`. (by @guigs) ### 4.3.0 - 2017-05-14 diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 7d21d5020d..1246d90da1 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -102,7 +102,7 @@ def authenticatable_salt # and passing a new list of attributes you want to exempt. All attributes # given to :except will simply add names to exempt to Devise internal list. def serializable_hash(options = nil) - options ||= {} + options = options.try(:dup) || {} options[:except] = Array(options[:except]) if options[:force_except] diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 6ced12d992..784b51d715 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -40,6 +40,10 @@ class SerializableTest < ActiveSupport::TestCase assert_no_match(/confirmation_token/, @user.inspect) end + test 'should accept frozen options' do + assert_key "username", @user.as_json({only: :username}.freeze)["user"] + end + def assert_key(key, subject) assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}" end From f39c6fd92774cb66f96f546d8d5e8281542b4e78 Mon Sep 17 00:00:00 2001 From: Pat Allan Date: Fri, 22 Dec 2017 04:36:29 +1100 Subject: [PATCH 1069/1473] Add the frozen_string_literal pragma comment to all Ruby files. (#4725) --- Gemfile | 2 ++ Rakefile | 1 + app/controllers/devise/confirmations_controller.rb | 2 ++ app/controllers/devise/omniauth_callbacks_controller.rb | 2 ++ app/controllers/devise/passwords_controller.rb | 2 ++ app/controllers/devise/registrations_controller.rb | 2 ++ app/controllers/devise/sessions_controller.rb | 2 ++ app/controllers/devise/unlocks_controller.rb | 2 ++ app/controllers/devise_controller.rb | 2 ++ app/helpers/devise_helper.rb | 2 ++ app/mailers/devise/mailer.rb | 2 ++ devise.gemspec | 2 ++ gemfiles/Gemfile.rails-4.1-stable | 2 ++ gemfiles/Gemfile.rails-4.2-stable | 2 ++ gemfiles/Gemfile.rails-5.0-stable | 2 ++ guides/bug_report_templates/integration_test.rb | 2 ++ lib/devise.rb | 2 ++ lib/devise/controllers/helpers.rb | 2 ++ lib/devise/controllers/rememberable.rb | 2 ++ lib/devise/controllers/scoped_views.rb | 2 ++ lib/devise/controllers/sign_in_out.rb | 2 ++ lib/devise/controllers/store_location.rb | 2 ++ lib/devise/controllers/url_helpers.rb | 2 ++ lib/devise/delegator.rb | 2 ++ lib/devise/encryptor.rb | 2 ++ lib/devise/failure_app.rb | 2 ++ lib/devise/hooks/activatable.rb | 2 ++ lib/devise/hooks/csrf_cleaner.rb | 2 ++ lib/devise/hooks/forgetable.rb | 2 ++ lib/devise/hooks/lockable.rb | 2 ++ lib/devise/hooks/proxy.rb | 2 ++ lib/devise/hooks/rememberable.rb | 2 ++ lib/devise/hooks/timeoutable.rb | 2 ++ lib/devise/hooks/trackable.rb | 2 ++ lib/devise/mailers/helpers.rb | 2 ++ lib/devise/mapping.rb | 2 ++ lib/devise/models.rb | 2 ++ lib/devise/models/authenticatable.rb | 2 ++ lib/devise/models/confirmable.rb | 2 ++ lib/devise/models/database_authenticatable.rb | 2 ++ lib/devise/models/lockable.rb | 2 ++ lib/devise/models/omniauthable.rb | 2 ++ lib/devise/models/recoverable.rb | 2 ++ lib/devise/models/registerable.rb | 2 ++ lib/devise/models/rememberable.rb | 2 ++ lib/devise/models/timeoutable.rb | 2 ++ lib/devise/models/trackable.rb | 2 ++ lib/devise/models/validatable.rb | 2 ++ lib/devise/modules.rb | 2 ++ lib/devise/omniauth.rb | 2 ++ lib/devise/omniauth/config.rb | 2 ++ lib/devise/omniauth/url_helpers.rb | 2 ++ lib/devise/orm/active_record.rb | 2 ++ lib/devise/orm/mongoid.rb | 2 ++ lib/devise/parameter_filter.rb | 2 ++ lib/devise/parameter_sanitizer.rb | 2 ++ lib/devise/rails.rb | 2 ++ lib/devise/rails/routes.rb | 2 ++ lib/devise/rails/warden_compat.rb | 2 ++ lib/devise/strategies/authenticatable.rb | 2 ++ lib/devise/strategies/base.rb | 2 ++ lib/devise/strategies/database_authenticatable.rb | 2 ++ lib/devise/strategies/rememberable.rb | 2 ++ lib/devise/test/controller_helpers.rb | 2 ++ lib/devise/test/integration_helpers.rb | 2 ++ lib/devise/test_helpers.rb | 2 ++ lib/devise/time_inflector.rb | 2 ++ lib/devise/token_generator.rb | 2 ++ lib/devise/version.rb | 2 ++ lib/generators/active_record/devise_generator.rb | 2 ++ lib/generators/active_record/templates/migration.rb | 2 ++ lib/generators/active_record/templates/migration_existing.rb | 2 ++ lib/generators/devise/controllers_generator.rb | 2 ++ lib/generators/devise/devise_generator.rb | 2 ++ lib/generators/devise/install_generator.rb | 2 ++ lib/generators/devise/orm_helpers.rb | 2 ++ lib/generators/devise/views_generator.rb | 2 ++ lib/generators/mongoid/devise_generator.rb | 2 ++ .../templates/controllers/confirmations_controller.rb | 2 ++ .../templates/controllers/omniauth_callbacks_controller.rb | 2 ++ lib/generators/templates/controllers/passwords_controller.rb | 2 ++ .../templates/controllers/registrations_controller.rb | 2 ++ lib/generators/templates/controllers/sessions_controller.rb | 2 ++ lib/generators/templates/controllers/unlocks_controller.rb | 2 ++ lib/generators/templates/devise.rb | 2 ++ test/controllers/custom_registrations_controller_test.rb | 2 ++ test/controllers/custom_strategy_test.rb | 2 ++ test/controllers/helper_methods_test.rb | 2 ++ test/controllers/helpers_test.rb | 2 ++ test/controllers/inherited_controller_i18n_messages_test.rb | 2 ++ test/controllers/internal_helpers_test.rb | 2 ++ test/controllers/load_hooks_controller_test.rb | 2 ++ test/controllers/passwords_controller_test.rb | 2 ++ test/controllers/sessions_controller_test.rb | 2 ++ test/controllers/url_helpers_test.rb | 2 ++ test/delegator_test.rb | 2 ++ test/devise_test.rb | 2 ++ test/failure_app_test.rb | 2 ++ test/generators/active_record_generator_test.rb | 2 ++ test/generators/controllers_generator_test.rb | 2 ++ test/generators/devise_generator_test.rb | 2 ++ test/generators/install_generator_test.rb | 2 ++ test/generators/mongoid_generator_test.rb | 2 ++ test/generators/views_generator_test.rb | 2 ++ test/helpers/devise_helper_test.rb | 2 ++ test/integration/authenticatable_test.rb | 2 ++ test/integration/confirmable_test.rb | 2 ++ test/integration/database_authenticatable_test.rb | 2 ++ test/integration/http_authenticatable_test.rb | 2 ++ test/integration/lockable_test.rb | 2 ++ test/integration/mounted_engine_test.rb | 2 ++ test/integration/omniauthable_test.rb | 2 ++ test/integration/recoverable_test.rb | 2 ++ test/integration/registerable_test.rb | 2 ++ test/integration/rememberable_test.rb | 2 ++ test/integration/timeoutable_test.rb | 2 ++ test/integration/trackable_test.rb | 2 ++ test/mailers/confirmation_instructions_test.rb | 2 ++ test/mailers/email_changed_test.rb | 2 ++ test/mailers/mailer_test.rb | 2 ++ test/mailers/reset_password_instructions_test.rb | 2 ++ test/mailers/unlock_instructions_test.rb | 2 ++ test/mapping_test.rb | 2 ++ test/models/authenticatable_test.rb | 2 ++ test/models/confirmable_test.rb | 2 ++ test/models/database_authenticatable_test.rb | 2 ++ test/models/lockable_test.rb | 2 ++ test/models/omniauthable_test.rb | 2 ++ test/models/recoverable_test.rb | 2 ++ test/models/registerable_test.rb | 2 ++ test/models/rememberable_test.rb | 2 ++ test/models/serializable_test.rb | 2 ++ test/models/timeoutable_test.rb | 2 ++ test/models/trackable_test.rb | 2 ++ test/models/validatable_test.rb | 2 ++ test/models_test.rb | 2 ++ test/omniauth/config_test.rb | 2 ++ test/omniauth/url_helpers_test.rb | 2 ++ test/orm/active_record.rb | 2 ++ test/orm/mongoid.rb | 2 ++ test/parameter_sanitizer_test.rb | 2 ++ test/rails_app/app/active_record/admin.rb | 2 ++ test/rails_app/app/active_record/shim.rb | 2 ++ test/rails_app/app/active_record/user.rb | 2 ++ test/rails_app/app/active_record/user_on_engine.rb | 2 ++ test/rails_app/app/active_record/user_on_main_app.rb | 2 ++ test/rails_app/app/active_record/user_with_validations.rb | 2 ++ test/rails_app/app/active_record/user_without_email.rb | 2 ++ test/rails_app/app/controllers/admins/sessions_controller.rb | 2 ++ test/rails_app/app/controllers/admins_controller.rb | 2 ++ test/rails_app/app/controllers/application_controller.rb | 2 ++ test/rails_app/app/controllers/application_with_fake_engine.rb | 2 ++ .../app/controllers/custom/registrations_controller.rb | 2 ++ test/rails_app/app/controllers/home_controller.rb | 2 ++ .../app/controllers/publisher/registrations_controller.rb | 2 ++ test/rails_app/app/controllers/publisher/sessions_controller.rb | 2 ++ .../app/controllers/users/omniauth_callbacks_controller.rb | 2 ++ test/rails_app/app/controllers/users_controller.rb | 2 ++ test/rails_app/app/helpers/application_helper.rb | 2 ++ test/rails_app/app/mailers/users/from_proc_mailer.rb | 2 ++ test/rails_app/app/mailers/users/mailer.rb | 2 ++ test/rails_app/app/mailers/users/reply_to_mailer.rb | 2 ++ test/rails_app/app/mongoid/admin.rb | 2 ++ test/rails_app/app/mongoid/shim.rb | 2 ++ test/rails_app/app/mongoid/user.rb | 2 ++ test/rails_app/app/mongoid/user_on_engine.rb | 2 ++ test/rails_app/app/mongoid/user_on_main_app.rb | 2 ++ test/rails_app/app/mongoid/user_with_validations.rb | 2 ++ test/rails_app/app/mongoid/user_without_email.rb | 2 ++ test/rails_app/config/application.rb | 2 ++ test/rails_app/config/boot.rb | 2 ++ test/rails_app/config/environment.rb | 2 ++ test/rails_app/config/environments/development.rb | 2 ++ test/rails_app/config/environments/production.rb | 2 ++ test/rails_app/config/environments/test.rb | 2 ++ test/rails_app/config/initializers/backtrace_silencers.rb | 2 ++ test/rails_app/config/initializers/devise.rb | 2 ++ test/rails_app/config/initializers/inflections.rb | 2 ++ test/rails_app/config/initializers/secret_token.rb | 2 ++ test/rails_app/config/initializers/session_store.rb | 2 ++ test/rails_app/config/routes.rb | 2 ++ test/rails_app/db/migrate/20100401102949_create_tables.rb | 2 ++ test/rails_app/db/schema.rb | 2 ++ test/rails_app/lib/shared_admin.rb | 2 ++ test/rails_app/lib/shared_user.rb | 2 ++ test/rails_app/lib/shared_user_without_email.rb | 2 ++ test/rails_app/lib/shared_user_without_omniauth.rb | 2 ++ test/rails_test.rb | 2 ++ test/routes_test.rb | 2 ++ test/support/action_controller/record_identifier.rb | 2 ++ test/support/assertions.rb | 2 ++ test/support/helpers.rb | 2 ++ test/support/http_method_compatibility.rb | 2 ++ test/support/integration.rb | 2 ++ test/support/webrat/integrations/rails.rb | 2 ++ test/test/controller_helpers_test.rb | 2 ++ test/test/integration_helpers_test.rb | 2 ++ test/test_helper.rb | 2 ++ test/test_models.rb | 2 ++ 199 files changed, 397 insertions(+) diff --git a/Gemfile b/Gemfile index 57494b931d..f5689e344b 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source "https://rubygems.org" gemspec diff --git a/Rakefile b/Rakefile index bbf716633b..6e2ab1802a 100644 --- a/Rakefile +++ b/Rakefile @@ -1,4 +1,5 @@ # encoding: UTF-8 +# frozen_string_literal: true require 'bundler/gem_tasks' require 'rake/testtask' diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 4981545a3d..3069c6efbf 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Devise::ConfirmationsController < DeviseController # GET /resource/confirmation/new def new diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb index d5b2c094e9..5f3f89d7d3 100644 --- a/app/controllers/devise/omniauth_callbacks_controller.rb +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Devise::OmniauthCallbacksController < DeviseController prepend_before_action { request.env["devise.skip_timeout"] = true } diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index f4291c76a6..010199a72b 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Devise::PasswordsController < DeviseController prepend_before_action :require_no_authentication # Render the #edit only if coming from a reset password email link diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 31ba0887bd..ca2bb34c97 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Devise::RegistrationsController < DeviseController prepend_before_action :require_no_authentication, only: [:new, :create, :cancel] prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy] diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index d04c3aa871..9090b002f3 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Devise::SessionsController < DeviseController prepend_before_action :require_no_authentication, only: [:new, :create] prepend_before_action :allow_params_authentication!, only: :create diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 179c9525f1..1d04d62274 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Devise::UnlocksController < DeviseController prepend_before_action :require_no_authentication diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 0679a62e66..702b97bd37 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # All Devise controllers are inherited from here. class DeviseController < Devise.parent_controller.constantize include Devise::Controllers::ScopedViews diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index f2d0726157..c29120f76b 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module DeviseHelper # A simple way to show error messages for the current devise resource. If you need # to customize this method, you can either overwrite it in your application helpers or diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index 857a8bc69b..11ef449cb0 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + if defined?(ActionMailer) class Devise::Mailer < Devise.parent_mailer.constantize include Devise::Mailers::Helpers diff --git a/devise.gemspec b/devise.gemspec index 3e67230b12..18a4300208 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # -*- encoding: utf-8 -*- $:.push File.expand_path("../lib", __FILE__) require "devise/version" diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile.rails-4.1-stable index 2dde99dd64..2841603231 100644 --- a/gemfiles/Gemfile.rails-4.1-stable +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source "https://rubygems.org" gemspec path: ".." diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable index 8165a9501b..7856859f9f 100644 --- a/gemfiles/Gemfile.rails-4.2-stable +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source "https://rubygems.org" gemspec path: ".." diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile.rails-5.0-stable index af0e3b4717..6ae8724432 100644 --- a/gemfiles/Gemfile.rails-5.0-stable +++ b/gemfiles/Gemfile.rails-5.0-stable @@ -1,3 +1,5 @@ +# frozen_string_literal: true + source "https://rubygems.org" gemspec path: ".." diff --git a/guides/bug_report_templates/integration_test.rb b/guides/bug_report_templates/integration_test.rb index 6fea86bbb3..b3eecd22f9 100644 --- a/guides/bug_report_templates/integration_test.rb +++ b/guides/bug_report_templates/integration_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + begin require 'bundler/inline' rescue LoadError => e diff --git a/lib/devise.rb b/lib/devise.rb index 3627f2da8b..160493824c 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails' require 'active_support/core_ext/numeric/time' require 'active_support/dependencies' diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 81d5e38551..7e67660a40 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Controllers # Those helpers are convenience methods added to ApplicationController. diff --git a/lib/devise/controllers/rememberable.rb b/lib/devise/controllers/rememberable.rb index 02bdaf1173..420a2f785d 100644 --- a/lib/devise/controllers/rememberable.rb +++ b/lib/devise/controllers/rememberable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Controllers # A module that may be optionally included in a controller in order diff --git a/lib/devise/controllers/scoped_views.rb b/lib/devise/controllers/scoped_views.rb index 7ba965e57c..989d3879cb 100644 --- a/lib/devise/controllers/scoped_views.rb +++ b/lib/devise/controllers/scoped_views.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Controllers module ScopedViews diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 77c5987ba0..2d38ab2380 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Controllers # Provide sign in and sign out functionality. diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index 91655a35c4..fa8cb342af 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "uri" module Devise diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index fed1383f23..3da36423e0 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Controllers # Create url helpers to be used with resource/scope configuration. Acts as diff --git a/lib/devise/delegator.rb b/lib/devise/delegator.rb index 361d4cffed..d04f15f198 100644 --- a/lib/devise/delegator.rb +++ b/lib/devise/delegator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise # Checks the scope in the given environment and returns the associated failure app. class Delegator diff --git a/lib/devise/encryptor.rb b/lib/devise/encryptor.rb index 19651d7b4d..7a53bef309 100644 --- a/lib/devise/encryptor.rb +++ b/lib/devise/encryptor.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'bcrypt' module Devise diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 4f7a3ddc8b..047c5c3fd2 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "action_controller/metal" module Devise diff --git a/lib/devise/hooks/activatable.rb b/lib/devise/hooks/activatable.rb index 805c2c5752..b2eaea199f 100644 --- a/lib/devise/hooks/activatable.rb +++ b/lib/devise/hooks/activatable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Deny user access whenever their account is not active yet. # We need this as hook to validate the user activity on each request # and in case the user is using other strategies beside Devise ones. diff --git a/lib/devise/hooks/csrf_cleaner.rb b/lib/devise/hooks/csrf_cleaner.rb index 28d4aea8b9..d725fbc42c 100644 --- a/lib/devise/hooks/csrf_cleaner.rb +++ b/lib/devise/hooks/csrf_cleaner.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + Warden::Manager.after_authentication do |record, warden, options| clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) || warden.winning_strategy.clean_up_csrf? diff --git a/lib/devise/hooks/forgetable.rb b/lib/devise/hooks/forgetable.rb index 50e2062c2d..317dc54748 100644 --- a/lib/devise/hooks/forgetable.rb +++ b/lib/devise/hooks/forgetable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Before logout hook to forget the user in the given scope, if it responds # to forget_me! Also clear remember token to ensure the user won't be # remembered again. Notice that we forget the user unless the record is not persisted. diff --git a/lib/devise/hooks/lockable.rb b/lib/devise/hooks/lockable.rb index c9d4df140b..a73a1752e2 100644 --- a/lib/devise/hooks/lockable.rb +++ b/lib/devise/hooks/lockable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # After each sign in, if resource responds to failed_attempts, sets it to 0 # This is only triggered when the user is explicitly set (with set_user) Warden::Manager.after_set_user except: :fetch do |record, warden, options| diff --git a/lib/devise/hooks/proxy.rb b/lib/devise/hooks/proxy.rb index 24de988ec6..96b3a07e8b 100644 --- a/lib/devise/hooks/proxy.rb +++ b/lib/devise/hooks/proxy.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Hooks # A small warden proxy so we can remember, forget and diff --git a/lib/devise/hooks/rememberable.rb b/lib/devise/hooks/rememberable.rb index 077be534ec..345f2f2403 100644 --- a/lib/devise/hooks/rememberable.rb +++ b/lib/devise/hooks/rememberable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + Warden::Manager.after_set_user except: :fetch do |record, warden, options| scope = options[:scope] if record.respond_to?(:remember_me) && options[:store] != false && diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index 1bfa07d7ab..41b1fde80a 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Each time a record is set we check whether its session has already timed out # or not, based on last request time. If so, the record is logged out and # redirected to the sign in page. Also, each time the request comes and the diff --git a/lib/devise/hooks/trackable.rb b/lib/devise/hooks/trackable.rb index 9bb212881b..53ac30dd32 100644 --- a/lib/devise/hooks/trackable.rb +++ b/lib/devise/hooks/trackable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # After each sign in, update sign in time, sign in count and sign in IP. # This is only triggered when the user is explicitly set (with set_user) # and on authentication. Retrieving the user from session (:fetch) does diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 12cac733ee..f6997462d4 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Mailers module Helpers diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index af4a14127a..7692020ff4 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise # Responsible for handling devise mappings and routes configuration. Each # resource configured by devise_for in routes is actually creating a mapping diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 6419814de9..4d50fa2453 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Models class MissingAttribute < StandardError diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 1246d90da1..0ed150418b 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'active_model/version' require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 726b8fa917..5dfcd77212 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Models # Confirmable is responsible to verify if an account is already confirmed to diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 6996723982..a91b21cac7 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/strategies/database_authenticatable' module Devise diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index fe05b255aa..b97d12d302 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "devise/hooks/lockable" module Devise diff --git a/lib/devise/models/omniauthable.rb b/lib/devise/models/omniauthable.rb index c1faf37a94..c0fe1e5471 100644 --- a/lib/devise/models/omniauthable.rb +++ b/lib/devise/models/omniauthable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/omniauth' module Devise diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 7857b6868b..75318d503e 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Models diff --git a/lib/devise/models/registerable.rb b/lib/devise/models/registerable.rb index 1f10dd2e69..3965ee5cbc 100644 --- a/lib/devise/models/registerable.rb +++ b/lib/devise/models/registerable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Models # Registerable is responsible for everything related to registering a new diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 5b72ebba3a..5a175013c1 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/strategies/rememberable' require 'devise/hooks/rememberable' require 'devise/hooks/forgetable' diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index d589e24a47..ee187dbfed 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/hooks/timeoutable' module Devise diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index adee0eaa69..9a3056e92f 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/hooks/trackable' module Devise diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 1ad2e70e0a..91890fb5a1 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Models # Validatable creates all needed validations for a user email and password. diff --git a/lib/devise/modules.rb b/lib/devise/modules.rb index 2af8820bd8..d8cde834c1 100644 --- a/lib/devise/modules.rb +++ b/lib/devise/modules.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'active_support/core_ext/object/with_options' Devise.with_options model: true do |d| diff --git a/lib/devise/omniauth.rb b/lib/devise/omniauth.rb index ff342fd73f..63ea6ca519 100644 --- a/lib/devise/omniauth.rb +++ b/lib/devise/omniauth.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + begin require "omniauth" require "omniauth/version" diff --git a/lib/devise/omniauth/config.rb b/lib/devise/omniauth/config.rb index e22d701ce5..2d3749ffdd 100644 --- a/lib/devise/omniauth/config.rb +++ b/lib/devise/omniauth/config.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module OmniAuth class StrategyNotFound < NameError diff --git a/lib/devise/omniauth/url_helpers.rb b/lib/devise/omniauth/url_helpers.rb index f2cc3dbcd9..72eac65ed3 100644 --- a/lib/devise/omniauth/url_helpers.rb +++ b/lib/devise/omniauth/url_helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module OmniAuth module UrlHelpers diff --git a/lib/devise/orm/active_record.rb b/lib/devise/orm/active_record.rb index de11482589..0fecf64e3f 100644 --- a/lib/devise/orm/active_record.rb +++ b/lib/devise/orm/active_record.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'orm_adapter/adapters/active_record' ActiveSupport.on_load(:active_record) do diff --git a/lib/devise/orm/mongoid.rb b/lib/devise/orm/mongoid.rb index cc2f1c55cc..034501eff4 100644 --- a/lib/devise/orm/mongoid.rb +++ b/lib/devise/orm/mongoid.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + ActiveSupport.on_load(:mongoid) do require 'orm_adapter/adapters/mongoid' diff --git a/lib/devise/parameter_filter.rb b/lib/devise/parameter_filter.rb index 63d06f9038..d61e66d111 100644 --- a/lib/devise/parameter_filter.rb +++ b/lib/devise/parameter_filter.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise class ParameterFilter def initialize(case_insensitive_keys, strip_whitespace_keys) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 0f6faee680..91060c6681 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise # The +ParameterSanitizer+ deals with permitting specific parameters values # for each +Devise+ scope in the application. diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 6321c71d70..d23aade512 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/rails/routes' require 'devise/rails/warden_compat' diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 9a02363e9a..2d177b2520 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "active_support/core_ext/object/try" require "active_support/core_ext/hash/slice" diff --git a/lib/devise/rails/warden_compat.rb b/lib/devise/rails/warden_compat.rb index 553e8e44ac..3db7ecaeaf 100644 --- a/lib/devise/rails/warden_compat.rb +++ b/lib/devise/rails/warden_compat.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Warden::Mixins::Common def request @request ||= ActionDispatch::Request.new(env) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index 13249e8257..afcbef0b45 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/strategies/base' module Devise diff --git a/lib/devise/strategies/base.rb b/lib/devise/strategies/base.rb index ee5c8c7f44..998e6a367f 100644 --- a/lib/devise/strategies/base.rb +++ b/lib/devise/strategies/base.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Strategies # Base strategy for Devise. Responsible for verifying correct scope and mapping. diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index 3d8f40726d..fe9812ab3e 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/strategies/authenticatable' module Devise diff --git a/lib/devise/strategies/rememberable.rb b/lib/devise/strategies/rememberable.rb index 3a09a6b4ee..fe20804f68 100644 --- a/lib/devise/strategies/rememberable.rb +++ b/lib/devise/strategies/rememberable.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'devise/strategies/authenticatable' module Devise diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 89060e572b..a5447f09cc 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Test # `Devise::Test::ControllerHelpers` provides a facility to test controllers diff --git a/lib/devise/test/integration_helpers.rb b/lib/devise/test/integration_helpers.rb index e39b67924c..9973138969 100644 --- a/lib/devise/test/integration_helpers.rb +++ b/lib/devise/test/integration_helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise # Devise::Test::IntegrationHelpers is a helper module for facilitating # authentication on Rails integration tests to bypass the required steps for diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index fbaed4cd87..c5b52fade7 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module TestHelpers def self.included(base) diff --git a/lib/devise/time_inflector.rb b/lib/devise/time_inflector.rb index 94795afdb6..db3f655803 100644 --- a/lib/devise/time_inflector.rb +++ b/lib/devise/time_inflector.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "active_support/core_ext/module/delegation" module Devise diff --git a/lib/devise/token_generator.rb b/lib/devise/token_generator.rb index 636a1e788a..9eb74a046a 100644 --- a/lib/devise/token_generator.rb +++ b/lib/devise/token_generator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'openssl' module Devise diff --git a/lib/devise/version.rb b/lib/devise/version.rb index ac983193ba..44b6adf2b5 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise VERSION = "4.3.0".freeze end diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index ffcca8705e..b5640bf8d9 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails/generators/active_record' require 'generators/devise/orm_helpers' diff --git a/lib/generators/active_record/templates/migration.rb b/lib/generators/active_record/templates/migration.rb index 2df528a996..deed985974 100644 --- a/lib/generators/active_record/templates/migration.rb +++ b/lib/generators/active_record/templates/migration.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %> def change create_table :<%= table_name %> do |t| diff --git a/lib/generators/active_record/templates/migration_existing.rb b/lib/generators/active_record/templates/migration_existing.rb index d7893343e6..a44e5413e7 100644 --- a/lib/generators/active_record/templates/migration_existing.rb +++ b/lib/generators/active_record/templates/migration_existing.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %> def self.up change_table :<%= table_name %> do |t| diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index 803ba04129..c91371a3d0 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails/generators/base' module Devise diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index ea7054c703..79f860ba9e 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails/generators/named_base' module Devise diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index 6c6626b1a1..f81494d6b2 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails/generators/base' require 'securerandom' diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index f67204b37c..34afc38d56 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Generators module OrmHelpers diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 2faacd5a00..29bf8feda0 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails/generators/base' module Devise diff --git a/lib/generators/mongoid/devise_generator.rb b/lib/generators/mongoid/devise_generator.rb index 4ff57f06a4..40a8ac2770 100644 --- a/lib/generators/mongoid/devise_generator.rb +++ b/lib/generators/mongoid/devise_generator.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'rails/generators/named_base' require 'generators/devise/orm_helpers' diff --git a/lib/generators/templates/controllers/confirmations_controller.rb b/lib/generators/templates/controllers/confirmations_controller.rb index 480ee9a079..e0466111c8 100644 --- a/lib/generators/templates/controllers/confirmations_controller.rb +++ b/lib/generators/templates/controllers/confirmations_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController # GET /resource/confirmation/new # def new diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb index cc122dc4f4..5f95be2d2b 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallbacksController # You should configure your model like this: # devise :omniauthable, omniauth_providers: [:twitter] diff --git a/lib/generators/templates/controllers/passwords_controller.rb b/lib/generators/templates/controllers/passwords_controller.rb index 3409d43597..afd468cc1d 100644 --- a/lib/generators/templates/controllers/passwords_controller.rb +++ b/lib/generators/templates/controllers/passwords_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController # GET /resource/password/new # def new diff --git a/lib/generators/templates/controllers/registrations_controller.rb b/lib/generators/templates/controllers/registrations_controller.rb index 3ffd29e91c..cdd91acc12 100644 --- a/lib/generators/templates/controllers/registrations_controller.rb +++ b/lib/generators/templates/controllers/registrations_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController # before_action :configure_sign_up_params, only: [:create] # before_action :configure_account_update_params, only: [:update] diff --git a/lib/generators/templates/controllers/sessions_controller.rb b/lib/generators/templates/controllers/sessions_controller.rb index 69afe4b4b4..f229c9b4a0 100644 --- a/lib/generators/templates/controllers/sessions_controller.rb +++ b/lib/generators/templates/controllers/sessions_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class <%= @scope_prefix %>SessionsController < Devise::SessionsController # before_action :configure_sign_in_params, only: [:create] diff --git a/lib/generators/templates/controllers/unlocks_controller.rb b/lib/generators/templates/controllers/unlocks_controller.rb index 0e2cced594..0eadbbf65b 100644 --- a/lib/generators/templates/controllers/unlocks_controller.rb +++ b/lib/generators/templates/controllers/unlocks_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController # GET /resource/unlock/new # def new diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index e3d9ede77d..17bd507341 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Use this hook to configure devise mailer, warden hooks and so forth. # Many of these configuration options can be set straight in your model. Devise.setup do |config| diff --git a/test/controllers/custom_registrations_controller_test.rb b/test/controllers/custom_registrations_controller_test.rb index 13e4eef280..683322ebf8 100644 --- a/test/controllers/custom_registrations_controller_test.rb +++ b/test/controllers/custom_registrations_controller_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class CustomRegistrationsControllerTest < Devise::ControllerTestCase diff --git a/test/controllers/custom_strategy_test.rb b/test/controllers/custom_strategy_test.rb index b63bead68d..c39ac3e619 100644 --- a/test/controllers/custom_strategy_test.rb +++ b/test/controllers/custom_strategy_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' require 'ostruct' require 'warden/strategies/base' diff --git a/test/controllers/helper_methods_test.rb b/test/controllers/helper_methods_test.rb index 59f913fdf1..5e20477ca6 100644 --- a/test/controllers/helper_methods_test.rb +++ b/test/controllers/helper_methods_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class ApiController < ActionController::Metal diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index acbfe4042a..2380d36268 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' require 'ostruct' diff --git a/test/controllers/inherited_controller_i18n_messages_test.rb b/test/controllers/inherited_controller_i18n_messages_test.rb index 677ce30fd2..f5d142d218 100644 --- a/test/controllers/inherited_controller_i18n_messages_test.rb +++ b/test/controllers/inherited_controller_i18n_messages_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class SessionsInheritedController < Devise::SessionsController diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index d2a96119c9..7710e0d7bd 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class MyController < DeviseController diff --git a/test/controllers/load_hooks_controller_test.rb b/test/controllers/load_hooks_controller_test.rb index cf8f454461..6387b309a8 100644 --- a/test/controllers/load_hooks_controller_test.rb +++ b/test/controllers/load_hooks_controller_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class LoadHooksControllerTest < Devise::ControllerTestCase diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index 5c359eed59..887e01336b 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class PasswordsControllerTest < Devise::ControllerTestCase diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 69b65f379f..e88cf7e908 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class SessionsControllerTest < Devise::ControllerTestCase diff --git a/test/controllers/url_helpers_test.rb b/test/controllers/url_helpers_test.rb index a4db090109..d5328a367f 100644 --- a/test/controllers/url_helpers_test.rb +++ b/test/controllers/url_helpers_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class RoutesTest < Devise::ControllerTestCase diff --git a/test/delegator_test.rb b/test/delegator_test.rb index 65dda06e96..851afbca0e 100644 --- a/test/delegator_test.rb +++ b/test/delegator_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class DelegatorTest < ActiveSupport::TestCase diff --git a/test/devise_test.rb b/test/devise_test.rb index 07377cc626..088527febb 100755 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' module Devise diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index ee6d19fbe1..b37a9f00c4 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' require 'ostruct' diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 79fab2b181..006ec5d307 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "test_helper" if DEVISE_ORM == :active_record diff --git a/test/generators/controllers_generator_test.rb b/test/generators/controllers_generator_test.rb index 6df0f0c270..01bf970ec3 100644 --- a/test/generators/controllers_generator_test.rb +++ b/test/generators/controllers_generator_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "test_helper" class ControllersGeneratorTest < Rails::Generators::TestCase diff --git a/test/generators/devise_generator_test.rb b/test/generators/devise_generator_test.rb index b88246801e..00118c22dd 100644 --- a/test/generators/devise_generator_test.rb +++ b/test/generators/devise_generator_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' require "generators/devise/devise_generator" diff --git a/test/generators/install_generator_test.rb b/test/generators/install_generator_test.rb index daf386d9c5..45aeddd07d 100644 --- a/test/generators/install_generator_test.rb +++ b/test/generators/install_generator_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "test_helper" class InstallGeneratorTest < Rails::Generators::TestCase diff --git a/test/generators/mongoid_generator_test.rb b/test/generators/mongoid_generator_test.rb index 51802e8e16..ea20b4cadf 100644 --- a/test/generators/mongoid_generator_test.rb +++ b/test/generators/mongoid_generator_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "test_helper" if DEVISE_ORM == :mongoid diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index 7fcdff0d2f..bfb4a7f1b9 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "test_helper" class ViewsGeneratorTest < Rails::Generators::TestCase diff --git a/test/helpers/devise_helper_test.rb b/test/helpers/devise_helper_test.rb index 816d54267b..754e82d819 100644 --- a/test/helpers/devise_helper_test.rb +++ b/test/helpers/devise_helper_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class DeviseHelperTest < Devise::IntegrationTest diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 6d715b79ec..4f19f3c868 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class AuthenticationSanityTest < Devise::IntegrationTest diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 02730d5891..72a28c82d8 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class ConfirmationTest < Devise::IntegrationTest diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 135f113b04..c367ce0719 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class DatabaseAuthenticationTest < Devise::IntegrationTest diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 56ea541c29..54349f4517 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class HttpAuthenticationTest < Devise::IntegrationTest diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index cf6a9001d5..87e439ef1f 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class LockTest < Devise::IntegrationTest diff --git a/test/integration/mounted_engine_test.rb b/test/integration/mounted_engine_test.rb index 98dcf47594..a19d6a227b 100644 --- a/test/integration/mounted_engine_test.rb +++ b/test/integration/mounted_engine_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class MyMountableEngine diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 6af8842007..050b210c67 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index f35a46b7b3..c834f1d226 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class PasswordTest < Devise::IntegrationTest diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 4fa361b7cb..2387cd29d0 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class RegistrationTest < Devise::IntegrationTest diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 1dfd07d6ed..193a458ed9 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class RememberMeTest < Devise::IntegrationTest diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index d831a96c6f..ceddd10866 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class SessionTimeoutTest < Devise::IntegrationTest diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index 4337f15353..68d50e1132 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class TrackableHooksTest < Devise::IntegrationTest diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index f929ba43f2..358b092c19 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class ConfirmationInstructionsTest < ActionMailer::TestCase diff --git a/test/mailers/email_changed_test.rb b/test/mailers/email_changed_test.rb index f3578297a7..09717f3c83 100644 --- a/test/mailers/email_changed_test.rb +++ b/test/mailers/email_changed_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class EmailChangedTest < ActionMailer::TestCase diff --git a/test/mailers/mailer_test.rb b/test/mailers/mailer_test.rb index f6ec5d5ad5..f8369052a8 100644 --- a/test/mailers/mailer_test.rb +++ b/test/mailers/mailer_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "test_helper" class MailerTest < ActionMailer::TestCase diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 511cadd324..f0b4580910 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class ResetPasswordInstructionsTest < ActionMailer::TestCase diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 32b998f3c8..586799da52 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class UnlockInstructionsTest < ActionMailer::TestCase diff --git a/test/mapping_test.rb b/test/mapping_test.rb index b1010166f6..0fc10c1a64 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class FakeRequest < Struct.new(:path_info, :params) diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index ba664f3edf..b3cab65bf2 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class AuthenticatableTest < ActiveSupport::TestCase diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index e0f08cc001..d0446642d0 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class ConfirmableTest < ActiveSupport::TestCase diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index a5c7c77fa5..fa0de7d063 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' require 'test_models' require 'digest/sha1' diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 52373b8192..2685afe9ca 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class LockableTest < ActiveSupport::TestCase diff --git a/test/models/omniauthable_test.rb b/test/models/omniauthable_test.rb index 03e1f68868..c22bc43086 100644 --- a/test/models/omniauthable_test.rb +++ b/test/models/omniauthable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class OmniauthableTest < ActiveSupport::TestCase diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 96b36187d7..919e6e4866 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class RecoverableTest < ActiveSupport::TestCase diff --git a/test/models/registerable_test.rb b/test/models/registerable_test.rb index bef6c8ce4e..2549341684 100644 --- a/test/models/registerable_test.rb +++ b/test/models/registerable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class RegisterableTest < ActiveSupport::TestCase diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index aa9ce817a1..24ebb3feb0 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class RememberableTest < ActiveSupport::TestCase diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 784b51d715..0ec9e72069 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class SerializableTest < ActiveSupport::TestCase diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index 2deac0d3aa..205c8023be 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class TimeoutableTest < ActiveSupport::TestCase diff --git a/test/models/trackable_test.rb b/test/models/trackable_test.rb index 07ac980220..4685f1ce72 100644 --- a/test/models/trackable_test.rb +++ b/test/models/trackable_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class TrackableTest < ActiveSupport::TestCase diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 343be9cebf..6e02ad4455 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -1,4 +1,6 @@ # encoding: UTF-8 +# frozen_string_literal: true + require 'test_helper' class ValidatableTest < ActiveSupport::TestCase diff --git a/test/models_test.rb b/test/models_test.rb index 2dc3d9d813..f1e42799cb 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' require 'test_models' diff --git a/test/omniauth/config_test.rb b/test/omniauth/config_test.rb index d2d0223dcf..d2bf11bb01 100644 --- a/test/omniauth/config_test.rb +++ b/test/omniauth/config_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class OmniAuthConfigTest < ActiveSupport::TestCase diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 21bf9d3ae8..41d4f50162 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class OmniAuthRoutesTest < ActionController::TestCase diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index a3afd74e6c..138c554c93 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + ActiveRecord::Migration.verbose = false ActiveRecord::Base.logger = Logger.new(nil) ActiveRecord::Base.include_root_in_json = true diff --git a/test/orm/mongoid.rb b/test/orm/mongoid.rb index 1cbe5ed48b..d31bc4d212 100644 --- a/test/orm/mongoid.rb +++ b/test/orm/mongoid.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'mongoid/version' Mongoid.configure do |config| diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index a1f3842638..4e89eb9edf 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' require 'devise/parameter_sanitizer' diff --git a/test/rails_app/app/active_record/admin.rb b/test/rails_app/app/active_record/admin.rb index 124bc9059f..5383b3b23e 100644 --- a/test/rails_app/app/active_record/admin.rb +++ b/test/rails_app/app/active_record/admin.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_admin' class Admin < ActiveRecord::Base diff --git a/test/rails_app/app/active_record/shim.rb b/test/rails_app/app/active_record/shim.rb index 66f12cdb17..be35adb9b6 100644 --- a/test/rails_app/app/active_record/shim.rb +++ b/test/rails_app/app/active_record/shim.rb @@ -1,2 +1,4 @@ +# frozen_string_literal: true + module Shim end diff --git a/test/rails_app/app/active_record/user.rb b/test/rails_app/app/active_record/user.rb index 1c9ebd41a3..52bb16ddde 100644 --- a/test/rails_app/app/active_record/user.rb +++ b/test/rails_app/app/active_record/user.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_user' class User < ActiveRecord::Base diff --git a/test/rails_app/app/active_record/user_on_engine.rb b/test/rails_app/app/active_record/user_on_engine.rb index 21eb305015..42f233f36d 100644 --- a/test/rails_app/app/active_record/user_on_engine.rb +++ b/test/rails_app/app/active_record/user_on_engine.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_user_without_omniauth' class UserOnEngine < ActiveRecord::Base diff --git a/test/rails_app/app/active_record/user_on_main_app.rb b/test/rails_app/app/active_record/user_on_main_app.rb index 54ef1f8048..596bc3b94c 100644 --- a/test/rails_app/app/active_record/user_on_main_app.rb +++ b/test/rails_app/app/active_record/user_on_main_app.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_user_without_omniauth' class UserOnMainApp < ActiveRecord::Base diff --git a/test/rails_app/app/active_record/user_with_validations.rb b/test/rails_app/app/active_record/user_with_validations.rb index abfbe7e03b..c396ba8835 100644 --- a/test/rails_app/app/active_record/user_with_validations.rb +++ b/test/rails_app/app/active_record/user_with_validations.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_user' class UserWithValidations < ActiveRecord::Base diff --git a/test/rails_app/app/active_record/user_without_email.rb b/test/rails_app/app/active_record/user_without_email.rb index 9ad5818842..62bdb89760 100644 --- a/test/rails_app/app/active_record/user_without_email.rb +++ b/test/rails_app/app/active_record/user_without_email.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "shared_user_without_email" class UserWithoutEmail < ActiveRecord::Base diff --git a/test/rails_app/app/controllers/admins/sessions_controller.rb b/test/rails_app/app/controllers/admins/sessions_controller.rb index 525ca5ef1c..122e15a77e 100644 --- a/test/rails_app/app/controllers/admins/sessions_controller.rb +++ b/test/rails_app/app/controllers/admins/sessions_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Admins::SessionsController < Devise::SessionsController def new flash[:special] = "Welcome to #{controller_path.inspect} controller!" diff --git a/test/rails_app/app/controllers/admins_controller.rb b/test/rails_app/app/controllers/admins_controller.rb index 6b39be19e4..c732f58908 100644 --- a/test/rails_app/app/controllers/admins_controller.rb +++ b/test/rails_app/app/controllers/admins_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class AdminsController < ApplicationController before_action :authenticate_admin! diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb index 7adee128c2..e60ba0c224 100644 --- a/test/rails_app/app/controllers/application_controller.rb +++ b/test/rails_app/app/controllers/application_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Filters added to this controller apply to all controllers in the application. # Likewise, all the methods added will be available for all controllers. diff --git a/test/rails_app/app/controllers/application_with_fake_engine.rb b/test/rails_app/app/controllers/application_with_fake_engine.rb index c77d67f157..652bd2e000 100644 --- a/test/rails_app/app/controllers/application_with_fake_engine.rb +++ b/test/rails_app/app/controllers/application_with_fake_engine.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class ApplicationWithFakeEngine < ApplicationController private diff --git a/test/rails_app/app/controllers/custom/registrations_controller.rb b/test/rails_app/app/controllers/custom/registrations_controller.rb index 3864661f2d..dd0e7a2fa0 100644 --- a/test/rails_app/app/controllers/custom/registrations_controller.rb +++ b/test/rails_app/app/controllers/custom/registrations_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Custom::RegistrationsController < Devise::RegistrationsController def new super do |resource| diff --git a/test/rails_app/app/controllers/home_controller.rb b/test/rails_app/app/controllers/home_controller.rb index e2a342302f..703e9ef874 100644 --- a/test/rails_app/app/controllers/home_controller.rb +++ b/test/rails_app/app/controllers/home_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class HomeController < ApplicationController def index end diff --git a/test/rails_app/app/controllers/publisher/registrations_controller.rb b/test/rails_app/app/controllers/publisher/registrations_controller.rb index 7809a36386..f7bdaa08e2 100644 --- a/test/rails_app/app/controllers/publisher/registrations_controller.rb +++ b/test/rails_app/app/controllers/publisher/registrations_controller.rb @@ -1,2 +1,4 @@ +# frozen_string_literal: true + class Publisher::RegistrationsController < ApplicationController end diff --git a/test/rails_app/app/controllers/publisher/sessions_controller.rb b/test/rails_app/app/controllers/publisher/sessions_controller.rb index 2eed1bb0ed..48ce6859dc 100644 --- a/test/rails_app/app/controllers/publisher/sessions_controller.rb +++ b/test/rails_app/app/controllers/publisher/sessions_controller.rb @@ -1,2 +1,4 @@ +# frozen_string_literal: true + class Publisher::SessionsController < ApplicationController end diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index 37cf9a8ae3..98df295788 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def facebook data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : request.env["omniauth.auth"] diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index 1d2d749430..d02b8844bf 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class UsersController < ApplicationController prepend_before_action :current_user, only: :exhibit before_action :authenticate_user!, except: [:accept, :exhibit] diff --git a/test/rails_app/app/helpers/application_helper.rb b/test/rails_app/app/helpers/application_helper.rb index 22a7940eb2..fc3fb393d3 100644 --- a/test/rails_app/app/helpers/application_helper.rb +++ b/test/rails_app/app/helpers/application_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Methods added to this helper will be available to all templates in the application. module ApplicationHelper end diff --git a/test/rails_app/app/mailers/users/from_proc_mailer.rb b/test/rails_app/app/mailers/users/from_proc_mailer.rb index 1bff4cacc2..e369512576 100644 --- a/test/rails_app/app/mailers/users/from_proc_mailer.rb +++ b/test/rails_app/app/mailers/users/from_proc_mailer.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Users::FromProcMailer < Devise::Mailer default from: proc { 'custom@example.com' } end diff --git a/test/rails_app/app/mailers/users/mailer.rb b/test/rails_app/app/mailers/users/mailer.rb index 3342f75aa1..5962e15daa 100644 --- a/test/rails_app/app/mailers/users/mailer.rb +++ b/test/rails_app/app/mailers/users/mailer.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Users::Mailer < Devise::Mailer default from: 'custom@example.com' end diff --git a/test/rails_app/app/mailers/users/reply_to_mailer.rb b/test/rails_app/app/mailers/users/reply_to_mailer.rb index 67ca82cffa..4b241d32a9 100644 --- a/test/rails_app/app/mailers/users/reply_to_mailer.rb +++ b/test/rails_app/app/mailers/users/reply_to_mailer.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Users::ReplyToMailer < Devise::Mailer default from: 'custom@example.com' default reply_to: 'custom_reply_to@example.com' diff --git a/test/rails_app/app/mongoid/admin.rb b/test/rails_app/app/mongoid/admin.rb index d5884cb69b..c41ea059d0 100644 --- a/test/rails_app/app/mongoid/admin.rb +++ b/test/rails_app/app/mongoid/admin.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_admin' class Admin diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index cd48fd408f..e5f35782f5 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Shim extend ::ActiveSupport::Concern diff --git a/test/rails_app/app/mongoid/user.rb b/test/rails_app/app/mongoid/user.rb index 0a2e5ea1cf..7dd7dbe3f3 100644 --- a/test/rails_app/app/mongoid/user.rb +++ b/test/rails_app/app/mongoid/user.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_user' class User diff --git a/test/rails_app/app/mongoid/user_on_engine.rb b/test/rails_app/app/mongoid/user_on_engine.rb index e68b096f63..f63b727bbf 100644 --- a/test/rails_app/app/mongoid/user_on_engine.rb +++ b/test/rails_app/app/mongoid/user_on_engine.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_user_without_omniauth' class UserOnEngine diff --git a/test/rails_app/app/mongoid/user_on_main_app.rb b/test/rails_app/app/mongoid/user_on_main_app.rb index a35f2336ae..92fea262b5 100644 --- a/test/rails_app/app/mongoid/user_on_main_app.rb +++ b/test/rails_app/app/mongoid/user_on_main_app.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'shared_user_without_omniauth' class UserOnMainApp diff --git a/test/rails_app/app/mongoid/user_with_validations.rb b/test/rails_app/app/mongoid/user_with_validations.rb index 25dc5a3111..c1b73a3063 100644 --- a/test/rails_app/app/mongoid/user_with_validations.rb +++ b/test/rails_app/app/mongoid/user_with_validations.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "shared_user" class UserWithValidations diff --git a/test/rails_app/app/mongoid/user_without_email.rb b/test/rails_app/app/mongoid/user_without_email.rb index f46ab63563..b82ea56ad2 100644 --- a/test/rails_app/app/mongoid/user_without_email.rb +++ b/test/rails_app/app/mongoid/user_without_email.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "shared_user_without_email" class UserWithoutEmail diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 34732d0a42..19f44e41c9 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require File.expand_path('../boot', __FILE__) require "action_controller/railtie" diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 60b9073025..07fe8daaf8 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unless defined?(DEVISE_ORM) DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym end diff --git a/test/rails_app/config/environment.rb b/test/rails_app/config/environment.rb index 1fe685fd93..1c7a3ec2c2 100644 --- a/test/rails_app/config/environment.rb +++ b/test/rails_app/config/environment.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Load the rails application. require File.expand_path('../application', __FILE__) diff --git a/test/rails_app/config/environments/development.rb b/test/rails_app/config/environments/development.rb index fcddb5f583..d23c88d153 100644 --- a/test/rails_app/config/environments/development.rb +++ b/test/rails_app/config/environments/development.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + RailsApp::Application.configure do # Settings specified here will take precedence over those in config/application.rb. diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index bb2d0504d1..3e62a174a4 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + RailsApp::Application.configure do # Settings specified here will take precedence over those in config/application.rb. diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index 1473297382..b202bc3e51 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + RailsApp::Application.configure do # Settings specified here will take precedence over those in config/application.rb. diff --git a/test/rails_app/config/initializers/backtrace_silencers.rb b/test/rails_app/config/initializers/backtrace_silencers.rb index 56ddc8da86..9edabe9365 100644 --- a/test/rails_app/config/initializers/backtrace_silencers.rb +++ b/test/rails_app/config/initializers/backtrace_silencers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Be sure to restart your server when you modify this file. # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index d79e71f579..761e398a2d 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require "omniauth-facebook" require "omniauth-openid" diff --git a/test/rails_app/config/initializers/inflections.rb b/test/rails_app/config/initializers/inflections.rb index 45fc8f45a6..7bb3dc01ff 100644 --- a/test/rails_app/config/initializers/inflections.rb +++ b/test/rails_app/config/initializers/inflections.rb @@ -1,2 +1,4 @@ +# frozen_string_literal: true + ActiveSupport::Inflector.inflections do |inflect| end diff --git a/test/rails_app/config/initializers/secret_token.rb b/test/rails_app/config/initializers/secret_token.rb index 35818fa165..48d1b70a52 100644 --- a/test/rails_app/config/initializers/secret_token.rb +++ b/test/rails_app/config/initializers/secret_token.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + config = Rails.application.config config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' diff --git a/test/rails_app/config/initializers/session_store.rb b/test/rails_app/config/initializers/session_store.rb index 5ac94e7e5d..5cfac4ec5d 100644 --- a/test/rails_app/config/initializers/session_store.rb +++ b/test/rails_app/config/initializers/session_store.rb @@ -1 +1,3 @@ +# frozen_string_literal: true + RailsApp::Application.config.session_store :cookie_store, key: '_rails_app_session' diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index fb33154f01..8687dae243 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + Rails.application.routes.draw do # Resources for testing resources :users, only: [:index] do diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb index 4eecbc2cd3..43c6d867b3 100644 --- a/test/rails_app/db/migrate/20100401102949_create_tables.rb +++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + superclass = ActiveRecord::Migration # TODO: Inherit from the 5.0 Migration class directly when we drop support for Rails 4. superclass = ActiveRecord::Migration[5.0] if superclass.respond_to?(:[]) diff --git a/test/rails_app/db/schema.rb b/test/rails_app/db/schema.rb index a7446056c1..c435f6b96e 100644 --- a/test/rails_app/db/schema.rb +++ b/test/rails_app/db/schema.rb @@ -1,4 +1,6 @@ # encoding: UTF-8 +# frozen_string_literal: true + # This file is auto-generated from the current state of the database. Instead # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. diff --git a/test/rails_app/lib/shared_admin.rb b/test/rails_app/lib/shared_admin.rb index 7d6227a3c5..3e6362a78d 100644 --- a/test/rails_app/lib/shared_admin.rb +++ b/test/rails_app/lib/shared_admin.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module SharedAdmin extend ActiveSupport::Concern diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index c3b023a421..e037fe867a 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module SharedUser extend ActiveSupport::Concern diff --git a/test/rails_app/lib/shared_user_without_email.rb b/test/rails_app/lib/shared_user_without_email.rb index cc0a4045b0..f030c195de 100644 --- a/test/rails_app/lib/shared_user_without_email.rb +++ b/test/rails_app/lib/shared_user_without_email.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module SharedUserWithoutEmail extend ActiveSupport::Concern diff --git a/test/rails_app/lib/shared_user_without_omniauth.rb b/test/rails_app/lib/shared_user_without_omniauth.rb index 7f0396c0a6..7b9ae08fd4 100644 --- a/test/rails_app/lib/shared_user_without_omniauth.rb +++ b/test/rails_app/lib/shared_user_without_omniauth.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module SharedUserWithoutOmniauth extend ActiveSupport::Concern diff --git a/test/rails_test.rb b/test/rails_test.rb index 65cba2ebfb..fdc1612e8f 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class RailsTest < ActiveSupport::TestCase diff --git a/test/routes_test.rb b/test/routes_test.rb index 84229f254b..ba580f5b54 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' ExpectedRoutingError = MiniTest::Assertion diff --git a/test/support/action_controller/record_identifier.rb b/test/support/action_controller/record_identifier.rb index 89b3483ed9..3d6c61e8b9 100644 --- a/test/support/action_controller/record_identifier.rb +++ b/test/support/action_controller/record_identifier.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Since webrat uses ActionController::RecordIdentifier class that was moved to # ActionView namespace in Rails 4.1+ diff --git a/test/support/assertions.rb b/test/support/assertions.rb index 7ec8b32345..9872a0ae40 100644 --- a/test/support/assertions.rb +++ b/test/support/assertions.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'active_support/test_case' class ActiveSupport::TestCase diff --git a/test/support/helpers.rb b/test/support/helpers.rb index db82dd7ce4..fe7cf1b572 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'active_support/test_case' class ActiveSupport::TestCase diff --git a/test/support/http_method_compatibility.rb b/test/support/http_method_compatibility.rb index 7b8fdf0851..87946314b2 100644 --- a/test/support/http_method_compatibility.rb +++ b/test/support/http_method_compatibility.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise class IntegrationTest < ActionDispatch::IntegrationTest # %w( get post patch put head delete xml_http_request diff --git a/test/support/integration.rb b/test/support/integration.rb index ac140e86db..ea6792a713 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'action_dispatch/testing/integration' class ActionDispatch::IntegrationTest diff --git a/test/support/webrat/integrations/rails.rb b/test/support/webrat/integrations/rails.rb index 6f4aedcf21..ebb481a193 100644 --- a/test/support/webrat/integrations/rails.rb +++ b/test/support/webrat/integrations/rails.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'webrat/core/elements/form' require 'action_dispatch/testing/integration' diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index e94ce309e3..6c14c189b8 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class TestControllerHelpersTest < Devise::ControllerTestCase diff --git a/test/test/integration_helpers_test.rb b/test/test/integration_helpers_test.rb index 5f7dfd31b7..131593c1da 100644 --- a/test/test/integration_helpers_test.rb +++ b/test/test/integration_helpers_test.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'test_helper' class TestIntegrationsHelpersTest < Devise::IntegrationTest diff --git a/test/test_helper.rb b/test/test_helper.rb index 9f36b48826..cfd925d5c3 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + ENV["RAILS_ENV"] = "test" DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym diff --git a/test/test_models.rb b/test/test_models.rb index d65648d901..0e52bef430 100644 --- a/test/test_models.rb +++ b/test/test_models.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + class Configurable < User devise :database_authenticatable, :confirmable, :rememberable, :timeoutable, :lockable, stretches: 15, pepper: 'abcdef', allow_unconfirmed_access_for: 5.days, From db011c0192495c2f1ff28f1599d9de7b7ed76485 Mon Sep 17 00:00:00 2001 From: Sai Chander Date: Thu, 21 Dec 2017 23:23:14 +0530 Subject: [PATCH 1070/1473] set_flash_method! instead of set_flash_method in omniauth callbacks controller (#4680) --- app/controllers/devise/omniauth_callbacks_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb index 5f3f89d7d3..a9a2c30ea7 100644 --- a/app/controllers/devise/omniauth_callbacks_controller.rb +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -8,7 +8,7 @@ def passthru end def failure - set_flash_message :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message + set_flash_message! :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message redirect_to after_omniauth_failure_path_for(resource_name) end From 5a3b7a17718b816374ce123479fff922acef46aa Mon Sep 17 00:00:00 2001 From: Olivier Lacan Date: Thu, 21 Dec 2017 13:15:53 -0500 Subject: [PATCH 1071/1473] Clarify how store_location_for modifies URIs (#4391) This fairly straightforward refactor extracts the most obtuse portions of store_location_for into the following discrete private methods: - extract_path_from_location - remove_domain_from_uri - add_fragment_back_to_path This may seem like indirection but it was very unclear what operation was being performed on the location sent to store_location_for prior to this change. I considered documenting the behavior but the code seemed like a prime candidate for method extraction. --- lib/devise/controllers/store_location.rb | 28 +++++++++++++++++++----- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index fa8cb342af..d2e431e800 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -35,12 +35,9 @@ def stored_location_for(resource_or_scope) # def store_location_for(resource_or_scope, location) session_key = stored_location_key_for(resource_or_scope) - uri = parse_uri(location) - if uri - path = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?') - path = [path, uri.fragment].compact.join('#') - session[session_key] = path - end + + path = extract_path_from_location(location) + session[session_key] = path if path end private @@ -55,6 +52,25 @@ def stored_location_key_for(resource_or_scope) scope = Devise::Mapping.find_scope!(resource_or_scope) "#{scope}_return_to" end + + def extract_path_from_location(location) + uri = parse_uri(location) + + if uri + path = remove_domain_from_uri(uri) + path = add_fragment_back_to_path(uri, path) + + path + end + end + + def remove_domain_from_uri(uri) + [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?') + end + + def add_fragment_back_to_path(uri, path) + [path, uri.fragment].compact.join('#') + end end end end From 7b3081760f32e7150601776276bd809601b8eaaa Mon Sep 17 00:00:00 2001 From: Lutz Lengemann Date: Thu, 21 Dec 2017 19:49:09 +0100 Subject: [PATCH 1072/1473] Move failed_attempts increment into its a function (#4351) With this change one can overwrite when the incrementation is handled without duplicating the other `valid_for_authentication` logic. --- lib/devise/models/lockable.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index b97d12d302..079142af6f 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -101,8 +101,7 @@ def valid_for_authentication? if super && !access_locked? true else - self.failed_attempts ||= 0 - self.failed_attempts += 1 + increment_failed_attempts if attempts_exceeded? lock_access! unless access_locked? else @@ -111,6 +110,11 @@ def valid_for_authentication? false end end + + def increment_failed_attempts + self.failed_attempts ||= 0 + self.failed_attempts += 1 + end def unauthenticated_message # If set to paranoid mode, do not show the locked message because it From 16b3d6d67c7e017d461ea17ed29ea9738dc77e83 Mon Sep 17 00:00:00 2001 From: Mike Rogers Date: Thu, 21 Dec 2017 19:13:50 +0000 Subject: [PATCH 1073/1473] Adding `autocomplete="email"` to email fields (#4643) As discussed in https://github.com/plataformatec/devise/issues/4635 --- app/views/devise/confirmations/new.html.erb | 2 +- app/views/devise/passwords/new.html.erb | 2 +- app/views/devise/registrations/edit.html.erb | 2 +- app/views/devise/registrations/new.html.erb | 2 +- app/views/devise/sessions/new.html.erb | 2 +- app/views/devise/unlocks/new.html.erb | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index 2dc668fc52..2dea36607f 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -5,7 +5,7 @@
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> + <%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 3d6d11aae2..11b3d6afca 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -5,7 +5,7 @@
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %> + <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 1e66f3d7ad..10ed32a9e1 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -5,7 +5,7 @@
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %> + <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 5a238ce6eb..602803cff3 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -5,7 +5,7 @@
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %> + <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index b261cfd152..3ebb001d14 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -3,7 +3,7 @@ <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %> + <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb index 16586bc7af..cfe8aa816a 100644 --- a/app/views/devise/unlocks/new.html.erb +++ b/app/views/devise/unlocks/new.html.erb @@ -5,7 +5,7 @@
<%= f.label :email %>
- <%= f.email_field :email, autofocus: true %> + <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
From 5f1c21051173a10ac7928b25bd7d6be44ba94d6b Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 21 Dec 2017 17:15:01 -0200 Subject: [PATCH 1074/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index edd12e70df..94a61d2bc8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ ### Unreleased +* Enhancements + * Add `frozen_string_literal` pragma comment to all Ruby files. (by @pat) + * Use `set_flash_method!` instead of `set_flash_method` in `Devise::OmniauthCallbacksController#failure`. (by @saichander17) + * Clarify how `store_location_for` modifies URIs. (by @olivierlacan) + * Move `failed_attempts` increment into its own function. by (@mobilutz) + * Add `autocomplete="email"` to email fields. by (@MikeRogers0) + * bug fixes * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) * Do not modify options for `#serializable_hash`. (by @guigs) From 95689757c0945e15a4880919c15a55aeda118630 Mon Sep 17 00:00:00 2001 From: Anton Davydov Date: Fri, 22 Dec 2017 20:38:45 +0300 Subject: [PATCH 1075/1473] Delete unnecessary condition for helper method (#4359) --- app/controllers/devise/registrations_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index ca2bb34c97..0c1e876418 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -7,7 +7,7 @@ class Devise::RegistrationsController < DeviseController # GET /resource/sign_up def new - build_resource({}) + build_resource yield resource if block_given? respond_with resource end @@ -99,8 +99,8 @@ def update_resource(resource, params) # Build a devise resource passing in the session. Useful to move # temporary session data to the newly created user. - def build_resource(hash=nil) - self.resource = resource_class.new_with_session(hash || {}, session) + def build_resource(hash = {}) + self.resource = resource_class.new_with_session(hash, session) end # Signs in a user on sign up. You can overwrite this method in your own From 8c9cc8d355825e2b7ae0b4dcdedee518831e3338 Mon Sep 17 00:00:00 2001 From: fjg Date: Sat, 23 Dec 2017 19:39:39 +0100 Subject: [PATCH 1076/1473] Change the way to detect ActiveRecord vs Mongoid (#4302) * Change the way to detect ActiveRecord vs Mongoid Cause of **mongoid-paperclip** declaring *after_commit* callback while **mongoid** (and MongoDB) does not support it. * Update test for ActiveRecord presence to handle Mongoid/ActiveRecord project --- lib/devise/models/confirmable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 5dfcd77212..0bd9d40941 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -48,7 +48,7 @@ module Confirmable included do before_create :generate_confirmation_token, if: :confirmation_required? after_create :skip_reconfirmation_in_callback!, if: :send_confirmation_notification? - if respond_to?(:after_commit) # ActiveRecord + if defined?(ActiveRecord) && self.is_a?(ActiveRecord::Base) # ActiveRecord after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification? after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required? else # Mongoid From b01ae718b3a7423016f5997388179422a70b7b93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Soszy=C5=84ski?= Date: Sat, 23 Dec 2017 20:20:45 +0100 Subject: [PATCH 1077/1473] Primary key type in migration template (#4426) * Tests * Add primary key type to migration template * Change Rails version-detecting method in test --- lib/generators/active_record/devise_generator.rb | 11 +++++++++++ .../active_record/templates/migration.rb | 2 +- test/generators/active_record_generator_test.rb | 14 ++++++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 139598e8a5..182c44600d 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -8,6 +8,8 @@ module Generators class DeviseGenerator < ActiveRecord::Generators::Base argument :attributes, type: :array, default: [], banner: "field:type field:type" + class_option :primary_key_type, type: :string, desc: "The type for primary key" + include Devise::Generators::OrmHelpers source_root File.expand_path("../templates", __FILE__) @@ -94,6 +96,15 @@ def migration_version "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" end end + + def primary_key_type + primary_key_string if rails5? + end + + def primary_key_string + key_string = options[:primary_key_type] + ", id: :#{key_string}" if key_string + end end end end diff --git a/lib/generators/active_record/templates/migration.rb b/lib/generators/active_record/templates/migration.rb index deed985974..ad85124972 100644 --- a/lib/generators/active_record/templates/migration.rb +++ b/lib/generators/active_record/templates/migration.rb @@ -2,7 +2,7 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %> def change - create_table :<%= table_name %> do |t| + create_table :<%= table_name %><%= primary_key_type %> do |t| <%= migration_data -%> <% attributes.each do |attribute| -%> diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 0324890b6c..d79163cb63 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -76,6 +76,20 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase assert_migration "db/migrate/devise_create_monsters.rb", /t.string :current_sign_in_ip/ assert_migration "db/migrate/devise_create_monsters.rb", /t.string :last_sign_in_ip/ end + + test "do NOT add primary key type when NOT specified in rails generator" do + run_generator %w(monster) + assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters do/ + end + + test "add primary key type with rails 5 when specified in rails generator" do + run_generator ["monster", "--primary_key_type=uuid"] + if Rails.version.start_with? '5' + assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/ + else + assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters do/ + end + end end module RailsEngine From 135d898e0e955bfeb539611cf0f575d244275b22 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 26 Dec 2017 07:59:48 -0200 Subject: [PATCH 1078/1473] Update CHANGELOG.md --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 94a61d2bc8..31249fc7e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,15 +1,19 @@ ### Unreleased -* Enhancements +* enhancements * Add `frozen_string_literal` pragma comment to all Ruby files. (by @pat) * Use `set_flash_method!` instead of `set_flash_method` in `Devise::OmniauthCallbacksController#failure`. (by @saichander17) * Clarify how `store_location_for` modifies URIs. (by @olivierlacan) * Move `failed_attempts` increment into its own function. by (@mobilutz) * Add `autocomplete="email"` to email fields. by (@MikeRogers0) + * Add the ability to change the default migrations path introduced in Rails 5.0.3. (by @alexhifer) + * Delete unnecessary condition for helper method. (by @davydovanton) +  * Support `id: :uuid` option for migrations. (by @filip373) * bug fixes * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) * Do not modify options for `#serializable_hash`. (by @guigs) + * Email confirmations were being sent on sign in/sign out for application using `mongoid` and `mongoid-paperclip` gems. This is because previously we were checking if a model is from Active Record by checking if the method `after_commit` was defined - since `mongoid` doesn' have one - but `mongoid-paperclip` gem does define one, which cause this issue. (by @fjg) ### 4.3.0 - 2017-05-14 From 50bbb5657672c621061a7226ac4c2ce83cc30b3b Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 29 Dec 2017 14:34:02 -0200 Subject: [PATCH 1079/1473] Prepare for 4.4.0 release --- CHANGELOG.md | 5 ++++- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 4 ++-- gemfiles/Gemfile.rails-4.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.0-stable.lock | 5 ++--- lib/devise/version.rb | 2 +- 6 files changed, 13 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 31249fc7e9..93885d8223 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.4.0 - 2017-12-29 + * enhancements * Add `frozen_string_literal` pragma comment to all Ruby files. (by @pat) * Use `set_flash_method!` instead of `set_flash_method` in `Devise::OmniauthCallbacksController#failure`. (by @saichander17) @@ -8,9 +10,10 @@ * Add `autocomplete="email"` to email fields. by (@MikeRogers0) * Add the ability to change the default migrations path introduced in Rails 5.0.3. (by @alexhifer) * Delete unnecessary condition for helper method. (by @davydovanton) -  * Support `id: :uuid` option for migrations. (by @filip373) + * Support `id: :uuid` option for migrations. (by @filip373) * bug fixes + * Fix syntax for MRI 2.5.0. (by @pat) * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) * Do not modify options for `#serializable_hash`. (by @guigs) * Email confirmations were being sent on sign in/sign out for application using `mongoid` and `mongoid-paperclip` gems. This is because previously we were checking if a model is from Active Record by checking if the method `after_commit` was defined - since `mongoid` doesn' have one - but `mongoid-paperclip` gem does define one, which cause this issue. (by @fjg) diff --git a/Gemfile.lock b/Gemfile.lock index 9093363151..5907c3e0f7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.3.0) + devise (4.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -190,4 +190,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.14.6 + 1.15.3 diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 864d944beb..176928bc4f 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,7 +21,7 @@ GIT PATH remote: .. specs: - devise (4.3.0) + devise (4.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -168,4 +168,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.14.6 + 1.15.3 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 66a87d8deb..84933ed938 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.3.0) + devise (4.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -189,4 +189,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.14.6 + 1.15.3 diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index cd93317653..81030143b5 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.3.0) + devise (4.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -175,7 +175,6 @@ PLATFORMS DEPENDENCIES activemodel-serializers-xml! devise! - minitest (< 5.10.2) mocha (~> 1.1) omniauth omniauth-facebook @@ -190,4 +189,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.14.6 + 1.15.3 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 44b6adf2b5..532e43670e 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.3.0".freeze + VERSION = "4.4.0".freeze end From 9843cb27dca0eb463a98cca78694d96605fff124 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 29 Dec 2017 15:08:49 -0200 Subject: [PATCH 1080/1473] Run tests on ruby 2.5.0 --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 166cede8ae..dad1aad10a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,7 @@ rvm: - 2.2.8 - 2.3.5 - 2.4.2 + - 2.5.0 - ruby-head gemfile: From f016e823cdbbbfdf15f2a7d23d0a595f4a610163 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 29 Dec 2017 16:09:51 -0200 Subject: [PATCH 1081/1473] Use `rdoc 5.1` for ruby 2.1 on CI `rdoc 6.0` requires ruby version >= `2.2.2` --- gemfiles/Gemfile.rails-4.1-stable | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile.rails-4.1-stable index 2841603231..5db67dad6b 100644 --- a/gemfiles/Gemfile.rails-4.1-stable +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -7,7 +7,7 @@ gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-1-stable" gem "omniauth" gem "omniauth-oauth2" -gem "rdoc" +gem "rdoc", "~> 5.1" group :test do gem "omniauth-facebook" diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 176928bc4f..4e5ada850f 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -162,7 +162,7 @@ DEPENDENCIES omniauth-oauth2 omniauth-openid rails! - rdoc + rdoc (~> 5.1) sqlite3 test_after_commit webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable index 7856859f9f..f3912002df 100644 --- a/gemfiles/Gemfile.rails-4.2-stable +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -7,7 +7,7 @@ gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-2-stable" gem "omniauth" gem "omniauth-oauth2" -gem "rdoc" +gem "rdoc", "~> 5.1" group :test do gem "omniauth-facebook" diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 84933ed938..acf6392544 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -183,7 +183,7 @@ DEPENDENCIES omniauth-oauth2 omniauth-openid rails! - rdoc + rdoc (~> 5.1) sqlite3 test_after_commit webrat (= 0.7.3) From caf633854d45edad153a6df0eaf1b5a352608024 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 29 Dec 2017 16:11:04 -0200 Subject: [PATCH 1082/1473] Run `gem update --system` before install on CI There's an issue with the combination of Bundler `1.16.1` and rubygems `2.7.3`. This command will install rubygems `2.7.4` in order to fix it. https://github.com/travis-ci/travis-ci/issues/8978 --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index dad1aad10a..ce4c13d34d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -44,7 +44,9 @@ env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid -before_install: "rm ${BUNDLE_GEMFILE}.lock" +before_install: + - "rm ${BUNDLE_GEMFILE}.lock" + - gem update --system before_script: "bundle update" From 3080e9e018f3a6f5171837ea6ad2fbfcaf43af8e Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 29 Dec 2017 16:42:58 -0200 Subject: [PATCH 1083/1473] Don't run ruby `2.5.0` with rails `4.1` https://github.com/rails/rails/issues/25125 --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index ce4c13d34d..1dd682d4e9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,6 +18,8 @@ matrix: exclude: - rvm: 2.1.10 gemfile: Gemfile + - rvm: 2.5.0 + gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.4.2 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: ruby-head From 463351922fdafb96c50ba2496c7d0adaa3223283 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 3 Jan 2018 21:20:13 -0200 Subject: [PATCH 1084/1473] Update copyright [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b7722643ca..51bdb631e7 100644 --- a/README.md +++ b/README.md @@ -674,6 +674,6 @@ https://github.com/plataformatec/devise/graphs/contributors ## License -MIT License. Copyright 2009-2017 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2018 Plataformatec. http://plataformatec.com.br You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. From 82087ce2116e0f17b8281b9924e5f6417af54cdb Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Fri, 12 Jan 2018 21:23:44 -0800 Subject: [PATCH 1085/1473] [Gemspec] Ensure it is loaded as utf-8 --- devise.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise.gemspec b/devise.gemspec index 18a4300208..f1e1ec5153 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -1,6 +1,6 @@ +# -*- encoding: utf-8 -*- # frozen_string_literal: true -# -*- encoding: utf-8 -*- $:.push File.expand_path("../lib", __FILE__) require "devise/version" From d1948b79d3e933253baa753bd033c92171c0a7d0 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 16 Jan 2018 10:25:20 -0200 Subject: [PATCH 1086/1473] Fix `ActiveRecord` check on `Confirmable` (#4752) * Fix `ActiveRecord` check on `Confirmable` As pointed out by @dark-panda in #4302, the condition for an `ActiveRecord` model is wrong inside the `Confirmable` initialization block. https://github.com/plataformatec/devise/pull/4302#issuecomment-355103489 * Add specs --- lib/devise/models/confirmable.rb | 2 +- test/models/confirmable_test.rb | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 0bd9d40941..ca1acf9206 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -48,7 +48,7 @@ module Confirmable included do before_create :generate_confirmation_token, if: :confirmation_required? after_create :skip_reconfirmation_in_callback!, if: :send_confirmation_notification? - if defined?(ActiveRecord) && self.is_a?(ActiveRecord::Base) # ActiveRecord + if defined?(ActiveRecord) && self < ActiveRecord::Base # ActiveRecord after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification? after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required? else # Mongoid diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index d0446642d0..739dc77921 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -8,6 +8,17 @@ def setup setup_mailer end + test 'should set callbacks to send the mail' do + if DEVISE_ORM == :active_record + defined_callbacks = User._commit_callbacks.map(&:filter) + assert_includes defined_callbacks, :send_on_create_confirmation_instructions + assert_includes defined_callbacks, :send_reconfirmation_instructions + elsif DEVISE_ORM == :mongoid + assert_includes User._create_callbacks.map(&:filter), :send_on_create_confirmation_instructions + assert_includes User._update_callbacks.map(&:filter), :send_reconfirmation_instructions + end + end + test 'should generate confirmation token after creating a record' do assert_nil new_user.confirmation_token assert_not_nil create_user.confirmation_token From d9deeba582b64b75e249f6ecd86768e5a49e22a6 Mon Sep 17 00:00:00 2001 From: Alex Matchneer Date: Tue, 23 Jan 2018 10:18:37 -0500 Subject: [PATCH 1087/1473] Fix `signed_in?` docs w.r.t. running auth hooks (#4733) Addresses #4599 The docs previously mentioned that authentication hooks are not run when `signed_in?` is called, when in fact they are. This commit fixes the comment and suggests calling `authenticated?` on warden directly as an alternative for when you _don't_ want to run auth hooks. --- lib/devise/controllers/sign_in_out.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 2d38ab2380..b0e7b9397d 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -6,7 +6,10 @@ module Controllers # Included by default in all controllers. module SignInOut # Return true if the given scope is signed in session. If no scope given, return - # true if any scope is signed in. Does not run authentication hooks. + # true if any scope is signed in. This will run authentication hooks, which may + # cause exceptions to be thrown from this method; if you simply want to check + # if a scope has already previously been authenticated without running + # authentication hooks, you can directly call `warden.authenticated?(scope: scope)` def signed_in?(scope=nil) [scope || Devise.mappings.keys].flatten.any? do |_scope| warden.authenticate?(scope: _scope) From 0f8695dd4bd637870758787ddcf73d106b24a3f2 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 23 Jan 2018 13:31:26 -0200 Subject: [PATCH 1088/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93885d8223..3cb8958e7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ ### Unreleased +* bug fixes + * Ensure Gemspec is loaded as utf-8. (by @segiddins) + * Fix `ActiveRecord` check on `Confirmable`. (by @tegon) + * Fix `signed_in?` docs without running auth hooks. by (@machty) + ### 4.4.0 - 2017-12-29 * enhancements From e55c9caa056a80a8ad10f4afffb70ffacf503a2d Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 23 Jan 2018 15:03:41 -0200 Subject: [PATCH 1089/1473] Prepare for 4.4.1 release --- CHANGELOG.md | 2 ++ Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 4 ++-- gemfiles/Gemfile.rails-4.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.0-stable.lock | 4 ++-- lib/devise/version.rb | 2 +- 6 files changed, 11 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3cb8958e7f..e19ada31d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.4.1 - 2018-01-23 + * bug fixes * Ensure Gemspec is loaded as utf-8. (by @segiddins) * Fix `ActiveRecord` check on `Confirmable`. (by @tegon) diff --git a/Gemfile.lock b/Gemfile.lock index 5907c3e0f7..c0a100e3fd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.4.0) + devise (4.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -190,4 +190,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.15.3 + 1.16.0 diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 4e5ada850f..efe187f907 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,7 +21,7 @@ GIT PATH remote: .. specs: - devise (4.4.0) + devise (4.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -168,4 +168,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.15.3 + 1.16.0 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index acf6392544..976945c5d6 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.4.0) + devise (4.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -189,4 +189,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.15.3 + 1.16.0 diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 81030143b5..601340b0f3 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.4.0) + devise (4.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 5.2) @@ -189,4 +189,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.15.3 + 1.16.0 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 532e43670e..4c7fada2b5 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.4.0".freeze + VERSION = "4.4.1".freeze end From bdd6081815ca80705aada4cf77aed3b2a2df71c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gencer=20W=2E=20Gen=C3=A7?= Date: Wed, 24 Jan 2018 00:19:29 +0300 Subject: [PATCH 1090/1473] Support for :credentials on Rails v5.2.x. (#4712) This fixes #4710. Rails introduced :secrets in v5.1. They somehow changed it to :credentials. This fix represents this change. Devise will now look :credentials first, then fallback to :secrets for 5.1.x compatibility then it will check for standard secret key. If three not found then exception will arise. --- lib/devise/rails.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index d23aade512..dd4339fb97 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -34,7 +34,9 @@ class Engine < ::Rails::Engine end initializer "devise.secret_key" do |app| - if app.respond_to?(:secrets) + if app.respond_to?(:credentials) + Devise.secret_key ||= app.credentials.secret_key_base + elsif app.respond_to?(:secrets) Devise.secret_key ||= app.secrets.secret_key_base elsif app.config.respond_to?(:secret_key_base) Devise.secret_key ||= app.config.secret_key_base From 8b539756522368e6c0581e84ddb982400bb27b9a Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 6 Feb 2018 10:49:45 -0200 Subject: [PATCH 1091/1473] Improve documentation about the test suite (#4774) --- README.md | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 51bdb631e7..44cd8e4c3a 100644 --- a/README.md +++ b/README.md @@ -123,7 +123,36 @@ We hope that you will consider contributing to Devise. Please read this short ov https://github.com/plataformatec/devise/wiki/Contributing -You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run "bundle install" and "rake". For the tests to pass, you will need to have a MongoDB server (version 2.0 or newer) running on your system. +You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run `bundle install` and `bin/test`. +Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`. + +### DEVISE_ORM +Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. +The default value of `DEVISE_ORM` is `active_record`. To run the tests for mongoid, you can pass `mongoid`: +``` +DEVISE_ORM=mongoid bin/test + +==> Devise.orm = :mongoid +``` +When running the tests for Mongoid, you will need to have a MongoDB server (version 2.0 or newer) running on your system. + +Please note that the command output will show the variable value being used. + +### BUNDLE_GEMFILE +We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). +Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite brakes on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: +```bash +rbenv shell 2.4.2 # or rvm use 2.4.2 +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bin/test +``` + +You can also combine both of them if the tests broke for Mongoid: +```bash +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable DEVISE_ORM=mongoid bin/test +``` ## Starting with Rails? From 2514c69d81665ca493b7f3164c8bcbf047357a9c Mon Sep 17 00:00:00 2001 From: Yuri S Date: Wed, 21 Feb 2018 07:18:36 +0500 Subject: [PATCH 1092/1473] Allow rails 6 --- devise.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise.gemspec b/devise.gemspec index f1e1ec5153..d958b4a2a5 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -23,6 +23,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 4.1.0", "< 5.2") + s.add_dependency("railties", ">= 4.1.0", "< 6.1") s.add_dependency("responders") end From a45bbe1783e4b46af15825a0bb2eb5917a9b8726 Mon Sep 17 00:00:00 2001 From: Justin Coyne Date: Thu, 22 Feb 2018 07:05:19 -0600 Subject: [PATCH 1093/1473] Test on Rails 5.2.0.rc1 (#4711) --- .travis.yml | 5 + gemfiles/Gemfile.rails-5.2-rc1 | 26 ++++ gemfiles/Gemfile.rails-5.2-rc1.lock | 201 ++++++++++++++++++++++++++ test/integration/rememberable_test.rb | 2 +- test/orm/active_record.rb | 7 +- test/rails_app/config/application.rb | 6 +- test/rails_app/config/boot.rb | 7 +- test/test/controller_helpers_test.rb | 2 +- 8 files changed, 250 insertions(+), 6 deletions(-) create mode 100644 gemfiles/Gemfile.rails-5.2-rc1 create mode 100644 gemfiles/Gemfile.rails-5.2-rc1.lock diff --git a/.travis.yml b/.travis.yml index 1dd682d4e9..bc96039e5b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,7 @@ rvm: gemfile: - Gemfile + - gemfiles/Gemfile.rails-5.2-rc1 - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable @@ -18,6 +19,8 @@ matrix: exclude: - rvm: 2.1.10 gemfile: Gemfile + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.2-rc1 - rvm: 2.5.0 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.4.2 @@ -32,6 +35,8 @@ matrix: gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.0-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.2-rc1 allow_failures: - rvm: ruby-head services: diff --git a/gemfiles/Gemfile.rails-5.2-rc1 b/gemfiles/Gemfile.rails-5.2-rc1 new file mode 100644 index 0000000000..2853e1883d --- /dev/null +++ b/gemfiles/Gemfile.rails-5.2-rc1 @@ -0,0 +1,26 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '~> 5.2.0.rc1' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing" + +gem "responders", "~> 2.1" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false + gem 'test_after_commit', require: false +end + +platforms :ruby do + gem "sqlite3" +end diff --git a/gemfiles/Gemfile.rails-5.2-rc1.lock b/gemfiles/Gemfile.rails-5.2-rc1.lock new file mode 100644 index 0000000000..b29a281918 --- /dev/null +++ b/gemfiles/Gemfile.rails-5.2-rc1.lock @@ -0,0 +1,201 @@ +GIT + remote: git://github.com/rails/activemodel-serializers-xml.git + revision: 356edf4dfc38fb1fbfee90c87856e4fe5b73c5e1 + specs: + activemodel-serializers-xml (1.0.2) + activemodel (> 5.x) + activesupport (> 5.x) + builder (~> 3.1) + +PATH + remote: .. + specs: + devise (4.4.1) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 5.2) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + actioncable (5.2.0.rc1) + actionpack (= 5.2.0.rc1) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailer (5.2.0.rc1) + actionpack (= 5.2.0.rc1) + actionview (= 5.2.0.rc1) + activejob (= 5.2.0.rc1) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.2.0.rc1) + actionview (= 5.2.0.rc1) + activesupport (= 5.2.0.rc1) + rack (~> 2.0) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.2.0.rc1) + activesupport (= 5.2.0.rc1) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.2.0.rc1) + activesupport (= 5.2.0.rc1) + globalid (>= 0.3.6) + activemodel (5.2.0.rc1) + activesupport (= 5.2.0.rc1) + activerecord (5.2.0.rc1) + activemodel (= 5.2.0.rc1) + activesupport (= 5.2.0.rc1) + arel (>= 9.0) + activestorage (5.2.0.rc1) + actionpack (= 5.2.0.rc1) + activerecord (= 5.2.0.rc1) + marcel (~> 0.3.1) + activesupport (5.2.0.rc1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (~> 0.7) + minitest (~> 5.1) + tzinfo (~> 1.1) + arel (9.0.0) + bcrypt (3.1.11) + builder (3.2.3) + concurrent-ruby (1.0.5) + crass (1.0.3) + erubi (1.7.0) + faraday (0.12.2) + multipart-post (>= 1.2, < 3) + globalid (0.4.1) + activesupport (>= 4.2.0) + hashie (3.5.7) + i18n (0.9.3) + concurrent-ruby (~> 1.0) + jwt (1.5.6) + loofah (2.1.1) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.0) + mini_mime (>= 0.1.1) + marcel (0.3.1) + mimemagic (~> 0.3.2) + metaclass (0.0.4) + method_source (0.9.0) + mimemagic (0.3.2) + mini_mime (1.0.0) + mini_portile2 (2.3.0) + minitest (5.11.3) + mocha (1.3.0) + metaclass (~> 0.0.1) + multi_json (1.13.1) + multi_xml (0.6.0) + multipart-post (2.0.0) + nio4r (2.2.0) + nokogiri (1.8.2) + mini_portile2 (~> 2.3.0) + oauth2 (1.4.0) + faraday (>= 0.8, < 0.13) + jwt (~> 1.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.8.1) + hashie (>= 3.4.6, < 3.6.0) + rack (>= 1.6.2, < 3) + omniauth-facebook (4.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.5.0) + oauth2 (~> 1.1) + omniauth (~> 1.2) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack (2.0.4) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (0.8.2) + rack (>= 1.0, < 3) + rails (5.2.0.rc1) + actioncable (= 5.2.0.rc1) + actionmailer (= 5.2.0.rc1) + actionpack (= 5.2.0.rc1) + actionview (= 5.2.0.rc1) + activejob (= 5.2.0.rc1) + activemodel (= 5.2.0.rc1) + activerecord (= 5.2.0.rc1) + activestorage (= 5.2.0.rc1) + activesupport (= 5.2.0.rc1) + bundler (>= 1.3.0) + railties (= 5.2.0.rc1) + sprockets-rails (>= 2.0.0) + rails-controller-testing (1.0.2) + actionpack (~> 5.x, >= 5.0.1) + actionview (~> 5.x, >= 5.0.1) + activesupport (~> 5.x) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.0.3) + loofah (~> 2.0) + railties (5.2.0.rc1) + actionpack (= 5.2.0.rc1) + activesupport (= 5.2.0.rc1) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (12.3.0) + rdoc (6.0.1) + responders (2.4.0) + actionpack (>= 4.2.0, < 5.3) + railties (>= 4.2.0, < 5.3) + ruby-openid (2.7.0) + sprockets (3.7.1) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.3.13) + test_after_commit (1.1.0) + activerecord (>= 3.2) + thor (0.20.0) + thread_safe (0.3.6) + tzinfo (1.2.5) + thread_safe (~> 0.1) + warden (1.2.7) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + websocket-driver (0.7.0) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.3) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + devise! + mocha (~> 1.1) + omniauth + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails (~> 5.2.0.rc1) + rails-controller-testing + rdoc + responders (~> 2.1) + sqlite3 + test_after_commit + webrat (= 0.7.3) + +BUNDLED WITH + 1.16.0 diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 193a458ed9..a85e66a0ad 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -12,7 +12,7 @@ def create_user_and_remember(add_to_token='') end def generate_signed_cookie(raw_cookie) - request = if Devise::Test.rails51? + request = if Devise::Test.rails51? || Devise::Test.rails52? ActionController::TestRequest.create(Class.new) # needs a "controller class" elsif Devise::Test.rails5? ActionController::TestRequest.create diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index 138c554c93..1aec0cad5d 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -4,7 +4,12 @@ ActiveRecord::Base.logger = Logger.new(nil) ActiveRecord::Base.include_root_in_json = true -ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__)) +migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) +if Devise::Test.rails52? + ActiveRecord::MigrationContext.new(migrate_path).migrate +else + ActiveRecord::Migrator.migrate(migrate_path) +end class ActiveSupport::TestCase if Devise::Test.rails5? diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 19f44e41c9..6d4606d63e 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -33,8 +33,10 @@ class Application < Rails::Application # config.assets.enabled = false config.action_mailer.default_url_options = { host: "localhost", port: 3000 } - - if DEVISE_ORM == :active_record && (Rails::VERSION::MAJOR >= 4 && Rails::VERSION::MINOR >= 2) + rails_version = Gem::Version.new(Rails.version) + if DEVISE_ORM == :active_record && + rails_version >= Gem::Version.new('4.2.0') && + rails_version < Gem::Version.new('5.1.0') config.active_record.raise_in_transactional_callbacks = true end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 07fe8daaf8..38d770f147 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -6,7 +6,12 @@ module Devise module Test - # Detection for minor differences between Rails 4 and 5, and 5.1 in tests. + # Detection for minor differences between Rails 4 and 5, 5.1, and 5.2 in tests. + + def self.rails52? + Rails.version.start_with? '5.2' + end + def self.rails51? Rails.version.start_with? '5.1' end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 6c14c189b8..5ca59f3cd2 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -166,7 +166,7 @@ def respond test "creates a new warden proxy if the request object has changed" do old_warden_proxy = warden - @request = if Devise::Test.rails51? + @request = if Devise::Test.rails51? || Devise::Test.rails52? ActionController::TestRequest.create(Class.new) # needs a "controller class" elsif Devise::Test.rails5? ActionController::TestRequest.create From 5919620b2449dfd3553a0bcca04d20548592470d Mon Sep 17 00:00:00 2001 From: Yuri S Date: Thu, 22 Feb 2018 21:55:17 +0500 Subject: [PATCH 1094/1473] change right border --- devise.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devise.gemspec b/devise.gemspec index d958b4a2a5..9a81ed89a8 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -23,6 +23,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 4.1.0", "< 6.1") + s.add_dependency("railties", ">= 4.1.0", "< 6.0") s.add_dependency("responders") end From f141bb57ec1d56071e3098b628fa72fc865733d6 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 22 Feb 2018 17:59:33 -0300 Subject: [PATCH 1095/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e19ada31d9..3ee832d6e0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ ### Unreleased +* enhancements + * Support for :credentials on Rails v5.2.x. (by @gencer) + * Improve documentation about the test suite. (by @tegon) + * Test with Rails 5.2.rc1 on Travis. (by @jcoyne) + * Allow test with Rails 6. (by @Fudoshiki) + ### 4.4.1 - 2018-01-23 * bug fixes From 6bda962547fb460285e637d50e25200b7b5bc711 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 22 Feb 2018 18:00:13 -0300 Subject: [PATCH 1096/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ee832d6e0..587a657a63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,10 @@ ### Unreleased * enhancements - * Support for :credentials on Rails v5.2.x. (by @gencer) - * Improve documentation about the test suite. (by @tegon) - * Test with Rails 5.2.rc1 on Travis. (by @jcoyne) - * Allow test with Rails 6. (by @Fudoshiki) + * Support for :credentials on Rails v5.2.x. (by @gencer) + * Improve documentation about the test suite. (by @tegon) + * Test with Rails 5.2.rc1 on Travis. (by @jcoyne) + * Allow test with Rails 6. (by @Fudoshiki) ### 4.4.1 - 2018-01-23 From 3e23371b01443d6b8bdbfcbdcd33d2883847e39d Mon Sep 17 00:00:00 2001 From: Gordon McNaughton Date: Mon, 26 Feb 2018 12:09:26 -0500 Subject: [PATCH 1097/1473] Preserve content_type for unauthenticated tests In Rails 4, for unauthenticated controller tests which trigger the failure app, ensure that the simulated failure response includes a content_type (broken in bb44d42). This works in Rails5, which parses the content-type header on-demand, but not in Rails4 which requires setting the response's content_type explicitly. Fixes #4783. --- lib/devise/test/controller_helpers.rb | 1 + test/test/controller_helpers_test.rb | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index a5447f09cc..3e461c340c 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -139,6 +139,7 @@ def _process_unauthenticated(env, options = {}) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a @controller.response.headers.merge!(headers) + @controller.response.content_type = headers["Content-Type"] unless Devise::Test.rails5? @controller.status = status @controller.response.body = response.body nil # causes process return @response diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 5ca59f3cd2..857fa12b39 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -100,6 +100,11 @@ def respond assert_equal response.body, "You are being redirected." end + test "returns the content type of a failure app" do + get :index, params: { format: :xml } + assert response.content_type.include?('application/xml') + end + test "defined Warden after_authentication callback should not be called when sign_in is called" do begin Warden::Manager.after_authentication do |user, auth, opts| From 8ab7963e500115fbf2a0b90adc50338835e48e64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Danilo=20Ara=C3=BAjo=20Silva?= Date: Sat, 1 Apr 2017 06:48:34 -0300 Subject: [PATCH 1098/1473] Creating a new section for controller configuration on devise.rb template Creating a new section called `Controller configuration`. An optional devise configuration is set `config.parent_controller` but this configuration is missing in the `devise.rb` template file. --- lib/generators/templates/devise.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 17bd507341..f4bba5fac9 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -9,6 +9,10 @@ # Devise will use the `secret_key_base` as its `secret_key` # by default. You can change it below and use your own secret key. # config.secret_key = '<%= SecureRandom.hex(64) %>' + + # ==> Controller configuration + # Configure the parent class to the devise controllers. + # config.parent_controller = 'DeviseController' # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, From d870c0dced8499931495e07190aa8a9ff8caaadf Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 5 Mar 2018 18:45:49 -0300 Subject: [PATCH 1099/1473] Check if the record is persisted in `update_tracked_fields!` In some cases, invalid records could be created during the signup process because we were calling `save(validate: false)` inside the `update_tracked_fields!` method. See https://github.com/plataformatec/devise/issues/4673 for more information. This was fixed on https://github.com/plataformatec/devise/pull/4674 by calling `save` directly, but it caused some trouble and confusion since it changed Devise's behavior significantly. We talked about on https://github.com/plataformatec/devise/issues/4790 and it doesn't even make sense to call `save` on an object that isn't persisted yet, so I've added a guard clause to the `update_tracked_fields!` method. Fixes https://github.com/plataformatec/devise/issues/4790 --- Gemfile.lock | 2 +- lib/devise/models/trackable.rb | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c0a100e3fd..64a3ae922c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,7 +13,7 @@ PATH devise (4.4.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.2) + railties (>= 4.1.0, < 6.0) responders warden (~> 1.2.3) diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index 9a3056e92f..e0be240a8f 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -31,8 +31,13 @@ def update_tracked_fields(request) end def update_tracked_fields!(request) + # We have to check if the user is already persisted before running + # `save` here because invalid users can be saved if we don't. + # See https://github.com/plataformatec/devise/issues/4673 for more details. + return if new_record? + update_tracked_fields(request) - save + save(validate: false) end end end From 5664b19703c36a4257fa1f1488da96f4a3a85a52 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 12 Mar 2018 15:57:34 -0300 Subject: [PATCH 1100/1473] Ensure Devise isn't performing model validations --- test/integration/authenticatable_test.rb | 6 ++++++ test/integration/http_authenticatable_test.rb | 6 ++++++ test/integration/omniauthable_test.rb | 11 +++++++++++ test/integration/trackable_test.rb | 5 +++++ test/models/trackable_test.rb | 12 +++++++++++- test/rails_app/app/active_record/user.rb | 9 +++++++++ test/rails_app/app/mongoid/user.rb | 9 +++++++++ test/support/integration.rb | 1 + 8 files changed, 58 insertions(+), 1 deletion(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 4f19f3c868..e76592ce7a 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -3,6 +3,12 @@ require 'test_helper' class AuthenticationSanityTest < Devise::IntegrationTest + test 'sign in should not run model validations' do + sign_in_as_user + + refute User.validations_performed + end + test 'home should be accessible without sign in' do visit '/' assert_response :success diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 54349f4517..3a52c571fb 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -3,6 +3,12 @@ require 'test_helper' class HttpAuthenticationTest < Devise::IntegrationTest + test 'sign in with HTTP should not run model validations' do + sign_in_as_new_user_with_http + + refute User.validations_performed + end + test 'handles unverified requests gets rid of caches but continues signed in' do swap ApplicationController, allow_forgery_protection: true do create_user diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 050b210c67..6c989f0c1a 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -42,6 +42,17 @@ def stub_action!(name) end end + test "omniauth sign in should not run model validations" do + stub_action!(:sign_in_facebook) do + create_user + visit "/users/sign_in" + click_link "Sign in with FaceBook" + assert warden.authenticated?(:user) + + refute User.validations_performed + end + end + test "can access omniauth.auth in the env hash" do visit "/users/sign_in" click_link "Sign in with FaceBook" diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index 68d50e1132..6695ac52b4 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -3,6 +3,11 @@ require 'test_helper' class TrackableHooksTest < Devise::IntegrationTest + test "trackable should not run model validations" do + sign_in_as_user + + refute User.validations_performed + end test "current and last sign in timestamps are updated on each sign in" do user = create_user diff --git a/test/models/trackable_test.rb b/test/models/trackable_test.rb index 4685f1ce72..d103863a2a 100644 --- a/test/models/trackable_test.rb +++ b/test/models/trackable_test.rb @@ -41,7 +41,7 @@ class TrackableTest < ActiveSupport::TestCase assert_equal 0, user.sign_in_count end - test 'update_tracked_fields should run model validations' do + test "update_tracked_fields! should not persist invalid records" do user = UserWithValidations.new request = mock request.stubs(:remote_ip).returns("127.0.0.1") @@ -49,4 +49,14 @@ class TrackableTest < ActiveSupport::TestCase assert_not user.update_tracked_fields!(request) assert_not user.persisted? end + + test "update_tracked_fields! should not run model validations" do + user = User.new + request = mock + request.stubs(:remote_ip).returns("127.0.0.1") + + user.expects(:after_validation_callback).never + + assert_not user.update_tracked_fields!(request) + end end diff --git a/test/rails_app/app/active_record/user.rb b/test/rails_app/app/active_record/user.rb index 52bb16ddde..e065e2614c 100644 --- a/test/rails_app/app/active_record/user.rb +++ b/test/rails_app/app/active_record/user.rb @@ -8,4 +8,13 @@ class User < ActiveRecord::Base include ActiveModel::Serializers::Xml if Devise::Test.rails5? validates :sign_in_count, presence: true + + cattr_accessor :validations_performed + + after_validation :after_validation_callback + + def after_validation_callback + # used to check in our test if the validations were called + @@validations_performed = true + end end diff --git a/test/rails_app/app/mongoid/user.rb b/test/rails_app/app/mongoid/user.rb index 7dd7dbe3f3..7e5b2b381c 100644 --- a/test/rails_app/app/mongoid/user.rb +++ b/test/rails_app/app/mongoid/user.rb @@ -38,4 +38,13 @@ class User field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts field :unlock_token, type: String # Only if unlock strategy is :email or :both field :locked_at, type: Time + + cattr_accessor :validations_performed + + after_validation :after_validation_callback + + def after_validation_callback + # used to check in our test if the validations were called + @@validations_performed = true + end end diff --git a/test/support/integration.rb b/test/support/integration.rb index ea6792a713..2dccccf118 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -19,6 +19,7 @@ def create_user(options={}) user.update_attribute(:confirmation_sent_at, options[:confirmation_sent_at]) if options[:confirmation_sent_at] user.confirm unless options[:confirm] == false user.lock_access! if options[:locked] == true + User.validations_performed = false user end end From 3722aa62961720eafa5bb5ee6c99b76c26b6be3e Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 14 Mar 2018 16:00:35 -0300 Subject: [PATCH 1101/1473] Revert "Replace log_process_action to append_info_to_payload" --- lib/devise/controllers/helpers.rb | 10 +++++----- test/integration/authenticatable_test.rb | 12 ------------ 2 files changed, 5 insertions(+), 17 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 7e67660a40..f8871deaf6 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -12,11 +12,6 @@ module Helpers if respond_to?(:helper_method) helper_method :warden, :signed_in?, :devise_controller? end - - def append_info_to_payload(payload) - super - payload[:status] ||= 401 unless payload[:exception] - end end module ClassMethods @@ -83,6 +78,11 @@ def current_#{group_name.to_s.pluralize} end METHODS end + + def log_process_action(payload) + payload[:status] ||= 401 unless payload[:exception] + super + end end # Define authentication filters and accessor helpers based on mappings. diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index e76592ce7a..6b1d5799f7 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -551,18 +551,6 @@ class AuthenticationOthersTest < Devise::IntegrationTest refute warden.authenticated?(:user) end end - - test 'not signed in should return notification payload with 401 status' do - begin - subscriber = ActiveSupport::Notifications.subscribe /process_action.action_controller/ do |_name, _start, _finish, _id, payload| - assert_equal 401, payload[:status] - end - - get admins_path - ensure - ActiveSupport::Notifications.unsubscribe(subscriber) - end - end end class AuthenticationKeysTest < Devise::IntegrationTest From fc45f916d605712623ae6494d7468b1b14a629b3 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 15 Mar 2018 09:48:59 -0300 Subject: [PATCH 1102/1473] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 587a657a63..13602e6efe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ * Improve documentation about the test suite. (by @tegon) * Test with Rails 5.2.rc1 on Travis. (by @jcoyne) * Allow test with Rails 6. (by @Fudoshiki) + * Creating a new section for controller configuration on `devise.rb` template (by @Danilo-Araujo-Silva) + +* bug fixes + * Preserve content_type for unauthenticated tests (by @gmcnaughton) + * Check if the resource is persisted in `update_tracked_fields!` instead of performing validations (by @tegon) + * Revert "Replace log_process_action to append_info_to_payload" (by @tegon) ### 4.4.1 - 2018-01-23 From 0d279415f3f5e0ee9c4675ba5affb0b8a9d2d39c Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 15 Mar 2018 09:56:15 -0300 Subject: [PATCH 1103/1473] Prepare for 4.4.2 release --- CHANGELOG.md | 2 ++ Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 4 ++-- gemfiles/Gemfile.rails-4.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.0-stable.lock | 4 ++-- lib/devise/version.rb | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13602e6efe..fec4578ae5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.4.2 - 2018-03-15 + * enhancements * Support for :credentials on Rails v5.2.x. (by @gencer) * Improve documentation about the test suite. (by @tegon) diff --git a/Gemfile.lock b/Gemfile.lock index 64a3ae922c..91593a4a7e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.4.1) + devise (4.4.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index efe187f907..e19d046ac5 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,10 +21,10 @@ GIT PATH remote: .. specs: - devise (4.4.1) + devise (4.4.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.2) + railties (>= 4.1.0, < 6.0) responders warden (~> 1.2.3) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 976945c5d6..c4e8789bba 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,10 +57,10 @@ GIT PATH remote: .. specs: - devise (4.4.1) + devise (4.4.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.2) + railties (>= 4.1.0, < 6.0) responders warden (~> 1.2.3) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 601340b0f3..25e90d5ed9 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,10 +10,10 @@ GIT PATH remote: .. specs: - devise (4.4.1) + devise (4.4.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.2) + railties (>= 4.1.0, < 6.0) responders warden (~> 1.2.3) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 4c7fada2b5..700c7dd536 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.4.1".freeze + VERSION = "4.4.2".freeze end From 64aad8b1383ac68f2d8cec21d3c69af684709931 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 15 Mar 2018 15:29:40 -0300 Subject: [PATCH 1104/1473] Fix `Devise::Test::ControllerHelpers` This was broken on https://github.com/plataformatec/devise/commit/3e23371b01443d6b8bdbfcbdcd33d2883847e39d#diff-bafaaa60fc003e648eb4981c9add523eR142 because of a call to the method `Devise::Test.rails5?` which is only defined inside our test suite's rails app https://github.com/plataformatec/devise/blob/a45bbe1783e4b46af15825a0bb2eb5917a9b8726/test/rails_app/config/boot.rb#L19 This commits checks for the rails version directly. --- lib/devise/test/controller_helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 3e461c340c..198144ae0a 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -139,7 +139,7 @@ def _process_unauthenticated(env, options = {}) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a @controller.response.headers.merge!(headers) - @controller.response.content_type = headers["Content-Type"] unless Devise::Test.rails5? + @controller.response.content_type = headers["Content-Type"] unless Rails.version.start_with?('5') @controller.status = status @controller.response.body = response.body nil # causes process return @response From 962cea2039c72a92691af734ebbd8495dd5c0501 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 16 Mar 2018 16:18:18 -0300 Subject: [PATCH 1105/1473] Create `Devise::SecretKeyFinder` When supporting Rails 5.2 credentials on https://github.com/plataformatec/devise/pull/4712, we ended up breaking apps that were upgraded to Rails 5.2 and weren't using `credentials` to store their `secret_key_base`. See https://github.com/plataformatec/devise/issues/4807 for more context. To fix it, we're now checking whether the key is present before using it. Since there weren't any automated test for this - the conditionals were in a Rails engine initializer - I've extracted it to a new class so that we are able to test it easily. Fixes #4807 --- lib/devise.rb | 1 + lib/devise/rails.rb | 8 +-- lib/devise/secret_key_finder.rb | 25 +++++++++ test/secret_key_finder_test.rb | 97 +++++++++++++++++++++++++++++++++ 4 files changed, 124 insertions(+), 7 deletions(-) create mode 100644 lib/devise/secret_key_finder.rb create mode 100644 test/secret_key_finder_test.rb diff --git a/lib/devise.rb b/lib/devise.rb index 160493824c..360d5e13d8 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -18,6 +18,7 @@ module Devise autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' autoload :TokenGenerator, 'devise/token_generator' + autoload :SecretKeyFinder, 'devise/secret_key_finder' module Controllers autoload :Helpers, 'devise/controllers/helpers' diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index dd4339fb97..5cc5fa6d52 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -34,13 +34,7 @@ class Engine < ::Rails::Engine end initializer "devise.secret_key" do |app| - if app.respond_to?(:credentials) - Devise.secret_key ||= app.credentials.secret_key_base - elsif app.respond_to?(:secrets) - Devise.secret_key ||= app.secrets.secret_key_base - elsif app.config.respond_to?(:secret_key_base) - Devise.secret_key ||= app.config.secret_key_base - end + Devise.secret_key ||= Devise::SecretKeyFinder.new(app).find Devise.token_generator ||= if secret_key = Devise.secret_key diff --git a/lib/devise/secret_key_finder.rb b/lib/devise/secret_key_finder.rb new file mode 100644 index 0000000000..5a2fbfa4ff --- /dev/null +++ b/lib/devise/secret_key_finder.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Devise + class SecretKeyFinder + def initialize(application) + @application = application + end + + def find + if @application.respond_to?(:credentials) && key_exists?(@application.credentials) + @application.credentials.secret_key_base + elsif @application.respond_to?(:secrets) && key_exists?(@application.secrets) + @application.secrets.secret_key_base + elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config) + @application.config.secret_key_base + end + end + + private + + def key_exists?(object) + object.secret_key_base.present? + end + end +end diff --git a/test/secret_key_finder_test.rb b/test/secret_key_finder_test.rb new file mode 100644 index 0000000000..af421d4c92 --- /dev/null +++ b/test/secret_key_finder_test.rb @@ -0,0 +1,97 @@ +# frozen_string_literal: true + +require 'test_helper' + +class Rails52Credentials + def credentials + OpenStruct.new(secret_key_base: 'credentials') + end +end + +class Rails52Secrets + def credentials + OpenStruct.new(secret_key_base: nil) + end + + def secrets + OpenStruct.new(secret_key_base: 'secrets') + end +end + +class Rails52Config + def credentials + OpenStruct.new(secret_key_base: nil) + end + + def secrets + OpenStruct.new(secret_key_base: nil) + end + + def config + OpenStruct.new(secret_key_base: 'config') + end +end + +class Rails41Secrets + def secrets + OpenStruct.new(secret_key_base: 'secrets') + end + + def config + OpenStruct.new(secret_key_base: nil) + end +end + +class Rails41Config + def secrets + OpenStruct.new(secret_key_base: nil) + end + + def config + OpenStruct.new(secret_key_base: 'config') + end +end + +class Rails40Config + def config + OpenStruct.new(secret_key_base: 'config') + end +end + +class SecretKeyFinderTest < ActiveSupport::TestCase + test "rails 5.2 uses credentials when they're available" do + secret_key_finder = Devise::SecretKeyFinder.new(Rails52Credentials.new) + + assert_equal 'credentials', secret_key_finder.find + end + + test "rails 5.2 uses secrets when credentials are empty" do + secret_key_finder = Devise::SecretKeyFinder.new(Rails52Secrets.new) + + assert_equal 'secrets', secret_key_finder.find + end + + test "rails 5.2 uses config when secrets are empty" do + secret_key_finder = Devise::SecretKeyFinder.new(Rails52Config.new) + + assert_equal 'config', secret_key_finder.find + end + + test "rails 4.1 uses secrets" do + secret_key_finder = Devise::SecretKeyFinder.new(Rails41Secrets.new) + + assert_equal 'secrets', secret_key_finder.find + end + + test "rails 4.1 uses config when secrets are empty" do + secret_key_finder = Devise::SecretKeyFinder.new(Rails41Config.new) + + assert_equal 'config', secret_key_finder.find + end + + test "rails 4.0 uses config" do + secret_key_finder = Devise::SecretKeyFinder.new(Rails40Config.new) + + assert_equal 'config', secret_key_finder.find + end +end From 75f9e76f65d2fd9892631efd0221ebe1921344b7 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Sat, 17 Mar 2018 20:43:07 -0300 Subject: [PATCH 1106/1473] Prepare for 4.4.3 release --- CHANGELOG.md | 6 ++++++ Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 4 ++-- gemfiles/Gemfile.rails-4.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.0-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.2-rc1.lock | 6 +++--- lib/devise/version.rb | 2 +- 7 files changed, 18 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fec4578ae5..54ff15bb06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ ### Unreleased +### 4.4.3 - 2018-03-17 + +* bug fixes + * Fix undefined method `rails5?` for Devise::Test:Module (by @tegon) + * Fix: secret key was being required to be set inside credentials on Rails 5.2 (by @tegon) + ### 4.4.2 - 2018-03-15 * enhancements diff --git a/Gemfile.lock b/Gemfile.lock index 91593a4a7e..928a9bbd58 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.4.2) + devise (4.4.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -190,4 +190,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.0 + 1.16.1 diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index e19d046ac5..7883d31d0b 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,7 +21,7 @@ GIT PATH remote: .. specs: - devise (4.4.2) + devise (4.4.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -168,4 +168,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.0 + 1.16.1 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index c4e8789bba..9e9da87594 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.4.2) + devise (4.4.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -189,4 +189,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.0 + 1.16.1 diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 25e90d5ed9..3c4f2b6d47 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.4.2) + devise (4.4.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -189,4 +189,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.0 + 1.16.1 diff --git a/gemfiles/Gemfile.rails-5.2-rc1.lock b/gemfiles/Gemfile.rails-5.2-rc1.lock index b29a281918..2510490bdb 100644 --- a/gemfiles/Gemfile.rails-5.2-rc1.lock +++ b/gemfiles/Gemfile.rails-5.2-rc1.lock @@ -10,10 +10,10 @@ GIT PATH remote: .. specs: - devise (4.4.1) + devise (4.4.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 5.2) + railties (>= 4.1.0, < 6.0) responders warden (~> 1.2.3) @@ -198,4 +198,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.0 + 1.16.1 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 700c7dd536..89415964f3 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.4.2".freeze + VERSION = "4.4.3".freeze end From 26723d9bbcafa0e5df0fa648fec3ba29529774e4 Mon Sep 17 00:00:00 2001 From: Johan Kim Date: Fri, 23 Mar 2018 22:58:40 +1000 Subject: [PATCH 1107/1473] cleanup in ToC --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 44cd8e4c3a..f3afad9f8a 100644 --- a/README.md +++ b/README.md @@ -53,11 +53,6 @@ It's composed of 10 modules: - [Integration tests](#integration-tests) - [OmniAuth](#omniauth) - [Configuring multiple models](#configuring-multiple-models) -- [Create a migration with the required fields](#create-a-migration-with-the-required-fields) -- [Inside your Admin model](#inside-your-admin-model) -- [Inside your routes](#inside-your-routes) -- [Inside your protected controller](#inside-your-protected-controller) -- [Inside your controllers and views](#inside-your-controllers-and-views) - [ActiveJob Integration](#activejob-integration) - [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs) - [Other ORMs](#other-orms) From c9a2d0654e9fc1aaebe6f99ef6fbc55c55a91fdd Mon Sep 17 00:00:00 2001 From: Fred Ngo Date: Wed, 17 Jan 2018 16:06:12 -0500 Subject: [PATCH 1108/1473] Update sample code in Devise::Models::Authenticatable. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - DRY up some of the sample code by refactoring into smaller methods. - ‘Namespace’ method names to reduce chances of conflict. - Mark send_pending_devise_notifications, pending_devise_notifications, and render_and_send_devise_message as `private` since they are only used internally. - Update comments. --- lib/devise/models/authenticatable.rb | 55 ++++++++++++++++------------ 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 0ed150418b..c598b4fc83 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -134,16 +134,18 @@ def devise_mailer # This is an internal method called every time Devise needs # to send a notification/mail. This can be overridden if you # need to customize the e-mail delivery logic. For instance, - # if you are using a queue to deliver e-mails (delayed job, - # sidekiq, resque, etc), you must add the delivery to the queue + # if you are using a queue to deliver e-mails (active job, delayed + # job, sidekiq, resque, etc), you must add the delivery to the queue # just after the transaction was committed. To achieve this, # you can override send_devise_notification to store the - # deliveries until the after_commit callback is triggered: + # deliveries until the after_commit callback is triggered. + # + # The following example uses Active Job's `deliver_later` : # # class User # devise :database_authenticatable, :confirmable # - # after_commit :send_pending_notifications + # after_commit :send_pending_devise_notifications # # protected # @@ -152,38 +154,43 @@ def devise_mailer # # delivery until the after_commit callback otherwise # # send now because after_commit will not be called. # if new_record? || changed? - # pending_notifications << [notification, args] + # pending_devise_notifications << [notification, args] # else - # message = devise_mailer.send(notification, self, *args) - # Remove once we move to Rails 4.2+ only. - # if message.respond_to?(:deliver_now) - # message.deliver_now - # else - # message.deliver - # end + # render_and_send_devise_message(notification, *args) # end # end # - # def send_pending_notifications - # pending_notifications.each do |notification, args| - # message = devise_mailer.send(notification, self, *args) - # Remove once we move to Rails 4.2+ only. - # if message.respond_to?(:deliver_now) - # message.deliver_now - # else - # message.deliver - # end + # private + # + # def send_pending_devise_notifications + # pending_devise_notifications.each do |notification, args| + # render_and_send_devise_message(notification, *args) # end # # # Empty the pending notifications array because the # # after_commit hook can be called multiple times which # # could cause multiple emails to be sent. - # pending_notifications.clear + # pending_devise_notifications.clear + # end + # + # def pending_devise_notifications + # @pending_devise_notifications ||= [] # end # - # def pending_notifications - # @pending_notifications ||= [] + # def render_and_send_devise_message(notification, *args) + # message = devise_mailer.send(notification, self, *args) + # + # # Deliver later with Active Job's `deliver_later` + # if message.respond_to?(:deliver_later) + # message.deliver_later + # # Remove once we move to Rails 4.2+ only, as `deliver` is deprecated. + # elsif message.respond_to?(:deliver_now) + # message.deliver_now + # else + # message.deliver + # end # end + # # end # def send_devise_notification(notification, *args) From d7507092502eb98fc82f9d9649e1a12f0127e1c9 Mon Sep 17 00:00:00 2001 From: Eden Rohatensky Date: Mon, 26 Mar 2018 18:30:25 -0400 Subject: [PATCH 1109/1473] Use before_action instead of before_filter --- guides/bug_report_templates/integration_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guides/bug_report_templates/integration_test.rb b/guides/bug_report_templates/integration_test.rb index b3eecd22f9..08b3401772 100644 --- a/guides/bug_report_templates/integration_test.rb +++ b/guides/bug_report_templates/integration_test.rb @@ -76,7 +76,7 @@ class ApplicationController < ActionController::Base class TestController < ApplicationController include Rails.application.routes.url_helpers - before_filter :authenticate_user! + before_action :authenticate_user! def index render plain: 'Home' From 268bd691647acc662909f009488a413462fbc362 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfram=20Nikolas=20Mu=CC=88ller?= Date: Sun, 25 Mar 2018 13:34:59 +0200 Subject: [PATCH 1110/1473] Allow people to extend devise failure app, through invoking ActiveSupport.run_load_hooks once Devise::FailureApp is loaded --- lib/devise/failure_app.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 047c5c3fd2..69c80cf4f7 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -260,5 +260,7 @@ def relative_url_root def relative_url_root? relative_url_root.present? end + + ActiveSupport.run_load_hooks(:devise_failure_app, self) end end From e44a8b2d434dd078bfd4bd38849504e9a6cfc169 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfram=20Nikolas=20Mu=CC=88ller?= Date: Sun, 25 Mar 2018 13:37:42 +0200 Subject: [PATCH 1111/1473] Include configuration for Turbolinks in devise initializer template --- lib/generators/templates/devise.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index f4bba5fac9..ac8a1d5955 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -280,4 +280,11 @@ # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' + + # ==> Turbolinks configuration + # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly: + # + # ActiveSupport.on_load(:devise_failure_app) + # include Turbolinks::Controller + # end end From 2bb8e1c236c068f7726ff3aaef7e9106e9a9a9c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfram=20Nikolas=20Mu=CC=88ller?= Date: Tue, 27 Mar 2018 16:32:06 +0200 Subject: [PATCH 1112/1473] Fix missing do block in config --- lib/generators/templates/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index ac8a1d5955..92765cfaa4 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -284,7 +284,7 @@ # ==> Turbolinks configuration # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly: # - # ActiveSupport.on_load(:devise_failure_app) + # ActiveSupport.on_load(:devise_failure_app) do # include Turbolinks::Controller # end end From f220b992c338122226f6fd396056d5a1adf28df8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfram=20Nikolas=20Mu=CC=88ller?= Date: Tue, 27 Mar 2018 16:33:01 +0200 Subject: [PATCH 1113/1473] add test for lazy loading hook --- test/failure_app_test.rb | 6 ++++++ test/rails_app/config/initializers/devise.rb | 5 +++++ test/rails_app/lib/lazy_load_test_module.rb | 5 +++++ 3 files changed, 16 insertions(+) create mode 100644 test/rails_app/lib/lazy_load_test_module.rb diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index b37a9f00c4..f852f239c6 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -337,4 +337,10 @@ def call_failure(env_params={}) end end end + + context "Lazy loading" do + test "loads" do + assert_equal Devise::FailureApp.new.lazy_loading_works?, "yes it does" + end + end end diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 761e398a2d..bf4f7212a2 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -179,4 +179,9 @@ # manager.failure_app = AnotherApp # manager.default_strategies(scope: :user).unshift :some_external_strategy # end + + ActiveSupport.on_load(:devise_failure_app) do + require "lazy_load_test_module" + include LazyLoadTestModule + end end diff --git a/test/rails_app/lib/lazy_load_test_module.rb b/test/rails_app/lib/lazy_load_test_module.rb new file mode 100644 index 0000000000..15b0a03c43 --- /dev/null +++ b/test/rails_app/lib/lazy_load_test_module.rb @@ -0,0 +1,5 @@ +module LazyLoadTestModule + def lazy_loading_works? + "yes it does" + end +end \ No newline at end of file From dac90eeb80ac351697e0a8d1bda9d1697c7b7078 Mon Sep 17 00:00:00 2001 From: Koichi ITO Date: Sun, 4 Mar 2018 19:39:12 +0900 Subject: [PATCH 1114/1473] Use `update` instead of `update_attributes` `update_attributes` and `update_attributes!` will be deprecated in Rails 6. Refer https://github.com/rails/rails/commit/5645149d3a27054450bd1130ff5715504638a5f5 --- lib/devise/models/database_authenticatable.rb | 4 +-- test/integration/confirmable_test.rb | 10 +++---- test/mailers/email_changed_test.rb | 4 +-- test/models/confirmable_test.rb | 28 +++++++++---------- test/models/database_authenticatable_test.rb | 6 ++-- 5 files changed, 26 insertions(+), 26 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index a91b21cac7..2211184f32 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -73,7 +73,7 @@ def update_with_password(params, *options) end result = if valid_password?(current_password) - update_attributes(params, *options) + update(params, *options) else self.assign_attributes(params, *options) self.valid? @@ -101,7 +101,7 @@ def update_without_password(params, *options) params.delete(:password) params.delete(:password_confirmation) - result = update_attributes(params, *options) + result = update(params, *options) clean_up_passwords result end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 72a28c82d8..73563f283f 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -263,7 +263,7 @@ def visit_admin_confirmation_with_token(confirmation_token) test 'admin should be able to request a new confirmation after email changed' do admin = create_admin - admin.update_attributes(email: 'new_test@example.com') + admin.update(email: 'new_test@example.com') visit new_admin_session_path click_link "Didn't receive confirmation instructions?" @@ -279,7 +279,7 @@ def visit_admin_confirmation_with_token(confirmation_token) test 'admin with valid confirmation token should be able to confirm email after email changed' do admin = create_admin - admin.update_attributes(email: 'new_test@example.com') + admin.update(email: 'new_test@example.com') assert_equal 'new_test@example.com', admin.unconfirmed_email visit_admin_confirmation_with_token(admin.raw_confirmation_token) @@ -291,13 +291,13 @@ def visit_admin_confirmation_with_token(confirmation_token) test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do admin = create_admin - admin.update_attributes(email: 'first_test@example.com') + admin.update(email: 'first_test@example.com') assert_equal 'first_test@example.com', admin.unconfirmed_email raw_confirmation_token = admin.raw_confirmation_token admin = Admin.find(admin.id) - admin.update_attributes(email: 'second_test@example.com') + admin.update(email: 'second_test@example.com') assert_equal 'second_test@example.com', admin.unconfirmed_email visit_admin_confirmation_with_token(raw_confirmation_token) @@ -313,7 +313,7 @@ def visit_admin_confirmation_with_token(confirmation_token) test 'admin email should be unique also within unconfirmed_email' do admin = create_admin - admin.update_attributes(email: 'new_admin_test@example.com') + admin.update(email: 'new_admin_test@example.com') assert_equal 'new_admin_test@example.com', admin.unconfirmed_email create_second_admin(email: "new_admin_test@example.com") diff --git a/test/mailers/email_changed_test.rb b/test/mailers/email_changed_test.rb index 09717f3c83..c82517f504 100644 --- a/test/mailers/email_changed_test.rb +++ b/test/mailers/email_changed_test.rb @@ -19,7 +19,7 @@ def teardown def user @user ||= create_user.tap { |u| @original_user_email = u.email - u.update_attributes!(email: 'new-email@example.com') + u.update!(email: 'new-email@example.com') } end @@ -108,7 +108,7 @@ def teardown def admin @admin ||= create_admin.tap { |u| @original_admin_email = u.email - u.update_attributes!(email: 'new-email@example.com') + u.update!(email: 'new-email@example.com') } end diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 739dc77921..b2ff045a55 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -372,7 +372,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin = create_admin assert admin.confirm residual_token = admin.confirmation_token - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') assert_not_equal residual_token, admin.confirmation_token end @@ -381,7 +381,7 @@ class ReconfirmableTest < ActiveSupport::TestCase original_token = admin.confirmation_token assert admin.confirm admin.skip_reconfirmation! - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') assert admin.confirmed? refute admin.pending_reconfirmation? assert_equal original_token, admin.confirmation_token @@ -392,16 +392,16 @@ class ReconfirmableTest < ActiveSupport::TestCase admin.skip_confirmation_notification! assert_email_not_sent do - admin.update_attributes(email: 'new_test@example.com') + admin.update(email: 'new_test@example.com') end end test 'should regenerate confirmation token after changing email' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: 'old_test@example.com') + assert admin.update(email: 'old_test@example.com') token = admin.confirmation_token - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') assert_not_equal token, admin.confirmation_token end @@ -409,7 +409,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin = create_admin assert admin.confirm assert_email_sent "new_test@example.com" do - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') end assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded end @@ -417,7 +417,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should send confirmation instructions by email after changing email from nil' do admin = create_admin(email: nil) assert_email_sent "new_test@example.com" do - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') end assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded end @@ -426,7 +426,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin = create_admin assert admin.confirm assert_email_not_sent do - assert admin.update_attributes(password: 'newpass', password_confirmation: 'newpass') + assert admin.update(password: 'newpass', password_confirmation: 'newpass') end end @@ -442,14 +442,14 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should stay confirmed when email is changed' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') assert admin.confirmed? end test 'should update email only when it is confirmed' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') assert_not_equal 'new_test@example.com', admin.email assert admin.confirm assert_equal 'new_test@example.com', admin.email @@ -458,16 +458,16 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should not allow admin to get past confirmation email by resubmitting their new address' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') assert_not_equal 'new_test@example.com', admin.email - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') assert_not_equal 'new_test@example.com', admin.email end test 'should find a admin by send confirmation instructions with unconfirmed_email' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: 'new_test@example.com') + assert admin.update(email: 'new_test@example.com') confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email) assert_equal confirmation_admin, admin end @@ -536,7 +536,7 @@ class Admin::WithSaveInCallback < Admin original_email = admin.email assert_difference 'ActionMailer::Base.deliveries.size', 2 do - assert admin.update_attributes(email: 'new-email@example.com') + assert admin.update(email: 'new-email@example.com') end assert_equal original_email, ActionMailer::Base.deliveries[-2]['to'].to_s assert_equal 'new-email@example.com', ActionMailer::Base.deliveries[-1]['to'].to_s diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index fa0de7d063..4e2c6d7242 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -234,7 +234,7 @@ def setup test 'should not email on password change' do user = create_user assert_email_not_sent do - assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + assert user.update(password: 'newpass', password_confirmation: 'newpass') end end @@ -243,7 +243,7 @@ def setup user = create_user original_email = user.email assert_email_sent original_email do - assert user.update_attributes(email: 'new-email@example.com') + assert user.update(email: 'new-email@example.com') end assert_match original_email, ActionMailer::Base.deliveries.last.body.encoded end @@ -253,7 +253,7 @@ def setup swap Devise, send_password_change_notification: true do user = create_user assert_email_sent user.email do - assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + assert user.update(password: 'newpass', password_confirmation: 'newpass') end assert_match user.email, ActionMailer::Base.deliveries.last.body.encoded end From e9abba797a1b9cea1174d998226c97c064959f6a Mon Sep 17 00:00:00 2001 From: yusukemorita Date: Wed, 28 Mar 2018 21:27:47 +0900 Subject: [PATCH 1115/1473] added comment in README about controller tests for rails 5 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f3afad9f8a..da8c2ca8b4 100644 --- a/README.md +++ b/README.md @@ -514,6 +514,8 @@ cases/specs. Controller tests require that you include `Devise::Test::ControllerHelpers` on your test case or its parent `ActionController::TestCase` superclass. +For Rails 5, include `Devise::Test::IntegrationHelpers` instead, since the superclass +for controller tests has been changed to ActionDispatch::IntegrationTest. ```ruby class PostsControllerTest < ActionController::TestCase From 20bde34981f3e0bb1bb8037013a6fcad15934288 Mon Sep 17 00:00:00 2001 From: yusukemorita Date: Fri, 30 Mar 2018 22:49:07 +0900 Subject: [PATCH 1116/1473] added link to integration tests section --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index da8c2ca8b4..8d7451dac2 100644 --- a/README.md +++ b/README.md @@ -515,7 +515,8 @@ cases/specs. Controller tests require that you include `Devise::Test::ControllerHelpers` on your test case or its parent `ActionController::TestCase` superclass. For Rails 5, include `Devise::Test::IntegrationHelpers` instead, since the superclass -for controller tests has been changed to ActionDispatch::IntegrationTest. +for controller tests has been changed to ActionDispatch::IntegrationTest +(for more details, see the [Integration tests](#integration-tests) section). ```ruby class PostsControllerTest < ActionController::TestCase From b20de505abe53dc794a77e446901d46a9257772b Mon Sep 17 00:00:00 2001 From: Max Kramer Date: Tue, 13 Feb 2018 23:23:42 -0500 Subject: [PATCH 1117/1473] Split IP resolution from update_tracked_fields This permits users to easily customize where the ip address should be resolved. When fronting the application with a webserver or load balancer, the ip address may be the server and not be the user. E.g. consider the IP address is passed as the header: "X-Forwarded-For". ```ruby class User devise :trackable protected def extract_ip_from(request) request.headers["X-Forwarded-For"] end end ``` --- lib/devise/models/trackable.rb | 9 ++++++++- test/models/trackable_test.rb | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index e0be240a8f..e450838d33 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -22,7 +22,7 @@ def update_tracked_fields(request) self.last_sign_in_at = old_current || new_current self.current_sign_in_at = new_current - old_current, new_current = self.current_sign_in_ip, request.remote_ip + old_current, new_current = self.current_sign_in_ip, extract_ip_from(request) self.last_sign_in_ip = old_current || new_current self.current_sign_in_ip = new_current @@ -39,6 +39,13 @@ def update_tracked_fields!(request) update_tracked_fields(request) save(validate: false) end + + protected + + def extract_ip_from(request) + request.remote_ip + end + end end end diff --git a/test/models/trackable_test.rb b/test/models/trackable_test.rb index d103863a2a..d89df42d43 100644 --- a/test/models/trackable_test.rb +++ b/test/models/trackable_test.rb @@ -59,4 +59,22 @@ class TrackableTest < ActiveSupport::TestCase assert_not user.update_tracked_fields!(request) end + + test 'extract_ip_from should be overridable' do + class UserWithOverride < User + protected + def extract_ip_from(request) + "127.0.0.2" + end + end + + request = mock + request.stubs(:remote_ip).returns("127.0.0.1") + user = UserWithOverride.new + + user.update_tracked_fields(request) + + assert_equal "127.0.0.2", user.current_sign_in_ip + assert_equal "127.0.0.2", user.last_sign_in_ip + end end From bcbea081879300b978894ff85eaa9e7c2ab85137 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 2 Apr 2018 17:16:48 -0300 Subject: [PATCH 1118/1473] Add note in the documentation about `sign_in` and timeoutable In order to use the `sign_in` helper along with the timeoutable module, we have to set `env["devise.skip_timeout"] = true` in the request. Currently, we do this in the sessions controller: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 This commit adds a note to the `sign_in` documentation to help other developers that want to use custom warden strategies. Closes #4773 --- lib/devise/controllers/sign_in_out.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index b0e7b9397d..e4d3789390 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -19,6 +19,9 @@ def signed_in?(scope=nil) # Sign in a user that already was authenticated. This helper is useful for logging # users in after sign up. All options given to sign_in is passed forward # to the set_user method in warden. + # If you are using a custom warden strategy and the timeoutable module, you have to + # set `env["devise.skip_timeout"] = true` in the request to use this method, like we do + # in the sessions controller: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 # # Examples: # From 2cf18f99e040853db587a3acdaf6c91737a1fa1c Mon Sep 17 00:00:00 2001 From: yhirano55 Date: Fri, 30 Mar 2018 00:01:11 +0900 Subject: [PATCH 1119/1473] CI against Ruby 2.3.7, 2.4.4, 2.5.1 --- .travis.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/.travis.yml b/.travis.yml index bc96039e5b..5908b7ec98 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,10 +2,10 @@ language: ruby rvm: - 2.1.10 - - 2.2.8 - - 2.3.5 - - 2.4.2 - - 2.5.0 + - 2.2.10 + - 2.3.7 + - 2.4.4 + - 2.5.1 - ruby-head gemfile: @@ -21,16 +21,16 @@ matrix: gemfile: Gemfile - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.2-rc1 - - rvm: 2.5.0 + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.0-stable + - rvm: 2.2.10 + gemfile: gemfiles/Gemfile.rails-5.2-rc1 + - rvm: 2.4.4 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.4.2 + - rvm: 2.5.1 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.0-stable - - rvm: 2.1.10 - gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid @@ -52,8 +52,9 @@ env: - DEVISE_ORM=mongoid before_install: - - "rm ${BUNDLE_GEMFILE}.lock" - gem update --system + - gem install bundler + - "rm ${BUNDLE_GEMFILE}.lock" before_script: "bundle update" From 7eccd4e9c6e65a8bf900aeee7ea9a57cb992e667 Mon Sep 17 00:00:00 2001 From: Lance Carlson Date: Tue, 17 Apr 2018 00:03:12 -0400 Subject: [PATCH 1120/1473] upgrade dependencies for rails and responders --- Gemfile | 4 +- Gemfile.lock | 151 +++++++++++++++++++++++++++------------------------ 2 files changed, 82 insertions(+), 73 deletions(-) diff --git a/Gemfile b/Gemfile index f5689e344b..84a8c8b199 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 5.1" +gem "rails", "~> 5.2" gem "omniauth", "~> 1.3" gem "oauth2" gem "omniauth-oauth2" @@ -14,7 +14,7 @@ gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" gem "rails-controller-testing" -gem "responders", "~> 2.1" +gem "responders", "~> 2.4" group :test do gem "omniauth-facebook" diff --git a/Gemfile.lock b/Gemfile.lock index 928a9bbd58..e90b284c76 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,81 +20,89 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.1.0) - actionpack (= 5.1.0) + actioncable (5.2.0) + actionpack (= 5.2.0) nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.0) - actionpack (= 5.1.0) - actionview (= 5.1.0) - activejob (= 5.1.0) + websocket-driver (>= 0.6.1) + actionmailer (5.2.0) + actionpack (= 5.2.0) + actionview (= 5.2.0) + activejob (= 5.2.0) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.0) - actionview (= 5.1.0) - activesupport (= 5.1.0) + actionpack (5.2.0) + actionview (= 5.2.0) + activesupport (= 5.2.0) rack (~> 2.0) - rack-test (~> 0.6.3) + rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.0) - activesupport (= 5.1.0) + actionview (5.2.0) + activesupport (= 5.2.0) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.0) - activesupport (= 5.1.0) + activejob (5.2.0) + activesupport (= 5.2.0) globalid (>= 0.3.6) - activemodel (5.1.0) - activesupport (= 5.1.0) - activerecord (5.1.0) - activemodel (= 5.1.0) - activesupport (= 5.1.0) - arel (~> 8.0) - activesupport (5.1.0) + activemodel (5.2.0) + activesupport (= 5.2.0) + activerecord (5.2.0) + activemodel (= 5.2.0) + activesupport (= 5.2.0) + arel (>= 9.0) + activestorage (5.2.0) + actionpack (= 5.2.0) + activerecord (= 5.2.0) + marcel (~> 0.3.1) + activesupport (5.2.0) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - arel (8.0.0) + arel (9.0.0) bcrypt (3.1.11) builder (3.2.3) concurrent-ruby (1.0.5) - erubi (1.6.0) + crass (1.0.4) + erubi (1.7.1) faraday (0.11.0) multipart-post (>= 1.2, < 3) - globalid (0.4.0) + globalid (0.4.1) activesupport (>= 4.2.0) - hashie (3.5.5) - i18n (0.8.1) + hashie (3.5.7) + i18n (1.0.0) + concurrent-ruby (~> 1.0) jwt (1.5.6) - loofah (2.0.3) + loofah (2.2.2) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.5) - mime-types (>= 1.16, < 4) + mail (2.7.0) + mini_mime (>= 0.1.1) + marcel (0.3.2) + mimemagic (~> 0.3.2) metaclass (0.0.4) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) + method_source (0.9.0) + mimemagic (0.3.2) + mini_mime (1.0.0) + mini_portile2 (2.3.0) + minitest (5.11.3) mocha (1.2.1) metaclass (~> 0.0.1) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) - nio4r (2.0.0) - nokogiri (1.7.1) - mini_portile2 (~> 2.1.0) + nio4r (2.3.0) + nokogiri (1.8.2) + mini_portile2 (~> 2.3.0) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.6.1) + omniauth (1.8.1) hashie (>= 3.4.6, < 3.6.0) rack (>= 1.6.2, < 3) omniauth-facebook (4.0.0) @@ -106,40 +114,41 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.1) + rack (2.0.4) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails (5.1.0) - actioncable (= 5.1.0) - actionmailer (= 5.1.0) - actionpack (= 5.1.0) - actionview (= 5.1.0) - activejob (= 5.1.0) - activemodel (= 5.1.0) - activerecord (= 5.1.0) - activesupport (= 5.1.0) - bundler (>= 1.3.0, < 2.0) - railties (= 5.1.0) + rack-test (1.0.0) + rack (>= 1.0, < 3) + rails (5.2.0) + actioncable (= 5.2.0) + actionmailer (= 5.2.0) + actionpack (= 5.2.0) + actionview (= 5.2.0) + activejob (= 5.2.0) + activemodel (= 5.2.0) + activerecord (= 5.2.0) + activestorage (= 5.2.0) + activesupport (= 5.2.0) + bundler (>= 1.3.0) + railties (= 5.2.0) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.1) actionpack (~> 5.x) actionview (~> 5.x) activesupport (~> 5.x) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.1.0) - actionpack (= 5.1.0) - activesupport (= 5.1.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) + railties (5.2.0) + actionpack (= 5.2.0) + activesupport (= 5.2.0) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (12.0.0) + rake (12.3.1) rdoc (5.1.0) responders (2.4.0) actionpack (>= 4.2.0, < 5.3) @@ -148,14 +157,14 @@ GEM sprockets (3.7.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - thor (0.19.4) + thor (0.20.0) thread_safe (0.3.6) - tzinfo (1.2.3) + tzinfo (1.2.5) thread_safe (~> 0.1) warden (1.2.7) rack (>= 1.0) @@ -163,9 +172,9 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.6.5) + websocket-driver (0.7.0) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.3) PLATFORMS ruby @@ -182,10 +191,10 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.1) + rails (~> 5.2) rails-controller-testing rdoc - responders (~> 2.1) + responders (~> 2.4) sqlite3 webrat (= 0.7.3) From 6260c29a867b9a656f1e1557abe347a523178fab Mon Sep 17 00:00:00 2001 From: Gustavo Bazan Date: Wed, 4 Apr 2018 15:46:34 +0100 Subject: [PATCH 1121/1473] Improve passwords autocomplete MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use `autocomplete="new-password"` or `autocomplete="current-password"` to better signal to browsers and password managers how to handle the password fields. This feature is especially useful for “change your password” and “new user” forms --- CHANGELOG.md | 6 +++++- app/views/devise/passwords/edit.html.erb | 2 +- app/views/devise/registrations/edit.html.erb | 6 +++--- app/views/devise/registrations/new.html.erb | 4 ++-- app/views/devise/sessions/new.html.erb | 2 +- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 54ff15bb06..247f5cd994 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased +* enhancements + * Add `autocomplete="new-password"` to new password fields (by @gssbzn) + * Add `autocomplete="current-password"` to current password fields (by @gssbzn) + ### 4.4.3 - 2018-03-17 * bug fixes @@ -44,7 +48,7 @@ * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) * Do not modify options for `#serializable_hash`. (by @guigs) * Email confirmations were being sent on sign in/sign out for application using `mongoid` and `mongoid-paperclip` gems. This is because previously we were checking if a model is from Active Record by checking if the method `after_commit` was defined - since `mongoid` doesn' have one - but `mongoid-paperclip` gem does define one, which cause this issue. (by @fjg) - + ### 4.3.0 - 2017-05-14 * Enhancements diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 6a796b050e..442036a7ff 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -9,7 +9,7 @@ <% if @minimum_password_length %> (<%= @minimum_password_length %> characters minimum)
<% end %> - <%= f.password_field :password, autofocus: true, autocomplete: "off" %> + <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 10ed32a9e1..f46553275a 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -14,7 +14,7 @@
<%= f.label :password %> (leave blank if you don't want to change it)
- <%= f.password_field :password, autocomplete: "off" %> + <%= f.password_field :password, autocomplete: "new-password" %> <% if @minimum_password_length %>
<%= @minimum_password_length %> characters minimum @@ -23,12 +23,12 @@
<%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "off" %> + <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
<%= f.label :current_password %> (we need your current password to confirm your changes)
- <%= f.password_field :current_password, autocomplete: "off" %> + <%= f.password_field :current_password, autocomplete: "current-password" %>
diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 602803cff3..36c9ed729b 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -13,12 +13,12 @@ <% if @minimum_password_length %> (<%= @minimum_password_length %> characters minimum) <% end %>
- <%= f.password_field :password, autocomplete: "off" %> + <%= f.password_field :password, autocomplete: "new-password" %>
<%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "off" %> + <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 3ebb001d14..e3b93197fb 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -8,7 +8,7 @@
<%= f.label :password %>
- <%= f.password_field :password, autocomplete: "off" %> + <%= f.password_field :password, autocomplete: "current-password" %>
<% if devise_mapping.rememberable? -%> From f99636da76990da6f82c27410502935d65bb275c Mon Sep 17 00:00:00 2001 From: Abhishek kanojia Date: Sun, 22 Apr 2018 11:57:18 +0530 Subject: [PATCH 1122/1473] Remove redundant self from database_authenticatable module. --- lib/devise/models/database_authenticatable.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 2211184f32..e5f98f6b7b 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -75,9 +75,9 @@ def update_with_password(params, *options) result = if valid_password?(current_password) update(params, *options) else - self.assign_attributes(params, *options) - self.valid? - self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) + assign_attributes(params, *options) + valid? + errors.add(:current_password, current_password.blank? ? :blank : :invalid) false end @@ -113,8 +113,8 @@ def destroy_with_password(current_password) result = if valid_password?(current_password) destroy else - self.valid? - self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) + valid? + errors.add(:current_password, current_password.blank? ? :blank : :invalid) false end From 9d90a559cef9b916b18b1415aaa5d2f2b0873673 Mon Sep 17 00:00:00 2001 From: Jayanth Manklu Date: Thu, 3 May 2018 15:36:43 +0530 Subject: [PATCH 1123/1473] Fix in rdoc of DeviseController#_prefixes Removing an additional "is" --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 702b97bd37..bfc34579fc 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -22,7 +22,7 @@ class DeviseController < Devise.parent_controller.constantize # Action Controller tests that forces _prefixes to be # loaded before even having a request object. # - # This method should be public as it is is in ActionPack + # This method should be public as it is in ActionPack # itself. Changing its visibility may break other gems. def _prefixes #:nodoc: @_prefixes ||= if self.class.scoped_views? && request && devise_mapping From cd9ad848fbb68972ad5a2c6b850c392c2443a471 Mon Sep 17 00:00:00 2001 From: Gustavo Bazan Date: Tue, 24 Apr 2018 12:36:41 +0100 Subject: [PATCH 1124/1473] Update simple form templates Update `simple_form` templates with changes from 16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and 6260c29a867b9a656f1e1557abe347a523178fab --- CHANGELOG.md | 1 + .../simple_form_for/confirmations/new.html.erb | 6 +++++- .../simple_form_for/passwords/edit.html.erb | 7 ++++++- .../simple_form_for/passwords/new.html.erb | 5 ++++- .../simple_form_for/registrations/edit.html.erb | 14 +++++++++++--- .../simple_form_for/registrations/new.html.erb | 14 +++++++++++--- .../simple_form_for/sessions/new.html.erb | 9 +++++++-- .../templates/simple_form_for/unlocks/new.html.erb | 5 ++++- 8 files changed, 49 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 247f5cd994..1a17abd995 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ * enhancements * Add `autocomplete="new-password"` to new password fields (by @gssbzn) * Add `autocomplete="current-password"` to current password fields (by @gssbzn) + * Update `simple_form` templates with changes from 16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and 6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) ### 4.4.3 - 2018-03-17 diff --git a/lib/generators/templates/simple_form_for/confirmations/new.html.erb b/lib/generators/templates/simple_form_for/confirmations/new.html.erb index 949b17277f..f7b4a65c50 100644 --- a/lib/generators/templates/simple_form_for/confirmations/new.html.erb +++ b/lib/generators/templates/simple_form_for/confirmations/new.html.erb @@ -5,7 +5,11 @@ <%= f.full_error :confirmation_token %>
- <%= f.input :email, required: true, autofocus: true %> + <%= f.input :email, + required: true, + autofocus: true, + value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email), + input_html: { autocomplete: "email" } %>
diff --git a/lib/generators/templates/simple_form_for/passwords/edit.html.erb b/lib/generators/templates/simple_form_for/passwords/edit.html.erb index a938930bf3..b43dc15a4b 100644 --- a/lib/generators/templates/simple_form_for/passwords/edit.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/edit.html.erb @@ -7,7 +7,12 @@ <%= f.full_error :reset_password_token %>
- <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> + <%= f.input :password, + label: "New password", + required: true, + autofocus: true, + hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length), + input_html: { autocomplete: "new-password" } %> <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
diff --git a/lib/generators/templates/simple_form_for/passwords/new.html.erb b/lib/generators/templates/simple_form_for/passwords/new.html.erb index d1503e7640..01ce0b8b9b 100644 --- a/lib/generators/templates/simple_form_for/passwords/new.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/new.html.erb @@ -4,7 +4,10 @@ <%= f.error_notification %>
- <%= f.input :email, required: true, autofocus: true %> + <%= f.input :email, + required: true, + autofocus: true, + input_html: { autocomplete: "email" } %>
diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index 5db350b5c9..54fbc6c38a 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -10,9 +10,17 @@

Currently waiting confirmation for: <%= resource.unconfirmed_email %>

<% end %> - <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %> - <%= f.input :password_confirmation, required: false %> - <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %> + <%= f.input :password, + hint: "leave it blank if you don't want to change it", + required: false + input_html: { autocomplete: "new-password" } %> + <%= f.input :password_confirmation, + required: false, + input_html: { autocomplete: "new-password" } %> + <%= f.input :current_password, + hint: "we need your current password to confirm your changes", + required: true, + input_html: { autocomplete: "current-password" } %>
diff --git a/lib/generators/templates/simple_form_for/registrations/new.html.erb b/lib/generators/templates/simple_form_for/registrations/new.html.erb index 34b4279e52..8eeba8cabb 100644 --- a/lib/generators/templates/simple_form_for/registrations/new.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/new.html.erb @@ -4,9 +4,17 @@ <%= f.error_notification %>
- <%= f.input :email, required: true, autofocus: true %> - <%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> - <%= f.input :password_confirmation, required: true %> + <%= f.input :email, + required: true, + autofocus: true , + input_html: { autocomplete: "email" }%> + <%= f.input :password, + required: true, + hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length), + input_html: { autocomplete: "new-password" } %> + <%= f.input :password_confirmation, + required: true, + input_html: { autocomplete: "new-password" } %>
diff --git a/lib/generators/templates/simple_form_for/sessions/new.html.erb b/lib/generators/templates/simple_form_for/sessions/new.html.erb index 31f8a4d42c..e542e61827 100644 --- a/lib/generators/templates/simple_form_for/sessions/new.html.erb +++ b/lib/generators/templates/simple_form_for/sessions/new.html.erb @@ -2,8 +2,13 @@ <%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
- <%= f.input :email, required: false, autofocus: true %> - <%= f.input :password, required: false %> + <%= f.input :email, + required: false, + autofocus: true, + input_html: { autocomplete: "email" } %> + <%= f.input :password, + required: false, + input_html: { autocomplete: "current-password" } %> <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %>
diff --git a/lib/generators/templates/simple_form_for/unlocks/new.html.erb b/lib/generators/templates/simple_form_for/unlocks/new.html.erb index 788f62e9e7..c42de1738e 100644 --- a/lib/generators/templates/simple_form_for/unlocks/new.html.erb +++ b/lib/generators/templates/simple_form_for/unlocks/new.html.erb @@ -5,7 +5,10 @@ <%= f.full_error :unlock_token %>
- <%= f.input :email, required: true, autofocus: true %> + <%= f.input :email, + required: true, + autofocus: true, + input_html: { autocomplete: "email" } %>
From 1c8e97c75ace52be4e2d0531dd4fc70e95d3cb83 Mon Sep 17 00:00:00 2001 From: Tony Correia Date: Fri, 27 Apr 2018 22:19:58 -0700 Subject: [PATCH 1125/1473] Issue 4763: Change login errors for when in paranoid mode --- lib/devise/strategies/database_authenticatable.rb | 4 +++- test/integration/database_authenticatable_test.rb | 13 +++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index fe9812ab3e..c23af9ef77 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -17,7 +17,9 @@ def authenticate! end mapping.to.new.password = password if !hashed && Devise.paranoid - fail(:not_found_in_database) unless resource + unless resource + Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database) + end end end end diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index c367ce0719..64a52b9077 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -74,6 +74,19 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest refute warden.authenticated?(:admin) end + test 'when in paranoid mode and without a valid e-mail' do + swap Devise, paranoid: true do + store_translations :en, devise: { failure: { not_found_in_database: 'Not found in database' } } do + sign_in_as_user do + fill_in 'email', with: 'wrongemail@test.com' + end + + assert_not_contain 'Not found in database' + assert_contain 'Invalid Email or password.' + end + end + end + test 'error message is configurable by resource name' do store_translations :en, devise: { failure: { admin: { invalid: "Invalid credentials" } } } do sign_in_as_admin do From 8866b8e5eb00a3624810c25c1e3ebde846942270 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 28 Feb 2018 14:35:32 +0300 Subject: [PATCH 1126/1473] Fix error when params is not a hash --- lib/devise/parameter_sanitizer.rb | 14 +++++++++++++- test/parameter_sanitizer_test.rb | 28 ++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index 91060c6681..a2d721a1a3 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -135,7 +135,19 @@ def cast_to_hash(params) end def default_params - @params.fetch(@resource_name, {}) + if hashable_resource_params? + @params.fetch(@resource_name) + else + empty_params + end + end + + def hashable_resource_params? + @params[@resource_name].respond_to?(:permit) + end + + def empty_params + ActionController::Parameters.new({}) end def permit_keys(parameters, keys) diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 4e89eb9edf..c00cd58eb9 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -16,6 +16,34 @@ def sanitizer(params) assert_equal({ 'email' => 'jose' }, sanitized) end + test 'permits empty params when received not a hash' do + sanitizer = sanitizer({ 'user' => 'string' }) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({}, sanitized) + end + + test 'does not rise error when received string instead of hash' do + sanitizer = sanitizer('user' => 'string') + assert_nothing_raised do + sanitizer.sanitize(:sign_in) + end + end + + test 'does not rise error when received nil instead of hash' do + sanitizer = sanitizer('user' => nil) + assert_nothing_raised do + sanitizer.sanitize(:sign_in) + end + end + + test 'permits empty params when received nil instead of hash' do + sanitizer = sanitizer({ 'user' => nil }) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({}, sanitized) + end + test 'permits the default parameters for sign up' do sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' }) sanitized = sanitizer.sanitize(:sign_up) From 246a50876aab2f9fce9b5fd754d98c1483821826 Mon Sep 17 00:00:00 2001 From: Maud de Vries Date: Thu, 10 May 2018 22:47:27 +0200 Subject: [PATCH 1127/1473] Mention the -c flag for the controller generator Similar to the views section, that mentions the -v flag --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8d7451dac2..1626a10152 100644 --- a/README.md +++ b/README.md @@ -399,6 +399,7 @@ If the customization at the views level is not enough, you can customize each co ... end ``` + (Use the -c flag to specify a controller, for example: `rails generate devise:controllers users -c=sessions`) 2. Tell the router to use this controller: From 6c916488af936655f896b8631d17ec0563326f73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gencer=20W=2E=20Gen=C3=A7?= Date: Tue, 15 May 2018 00:09:25 +0300 Subject: [PATCH 1128/1473] find auto-generated secret_key_base in development (#4869) With this fix, we will try latest changes in Rails 5.2 together with standard auto-generated secret_key_base in development as a fallback. If no specified key found, auto-generated value will be used instead. --- lib/devise/secret_key_finder.rb | 2 ++ test/secret_key_finder_test.rb | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/lib/devise/secret_key_finder.rb b/lib/devise/secret_key_finder.rb index 5a2fbfa4ff..d07106c44b 100644 --- a/lib/devise/secret_key_finder.rb +++ b/lib/devise/secret_key_finder.rb @@ -13,6 +13,8 @@ def find @application.secrets.secret_key_base elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config) @application.config.secret_key_base + elsif @application.respond_to?(:secret_key_base) && key_exists?(@application) + @application.secret_key_base end end diff --git a/test/secret_key_finder_test.rb b/test/secret_key_finder_test.rb index af421d4c92..434dbc8d12 100644 --- a/test/secret_key_finder_test.rb +++ b/test/secret_key_finder_test.rb @@ -32,6 +32,24 @@ def config end end +class Rails52SecretKeyBase + def credentials + OpenStruct.new(secret_key_base: nil) + end + + def secrets + OpenStruct.new(secret_key_base: nil) + end + + def config + OpenStruct.new(secret_key_base: nil) + end + + def secret_key_base + 'secret_key_base' + end +end + class Rails41Secrets def secrets OpenStruct.new(secret_key_base: 'secrets') @@ -77,6 +95,12 @@ class SecretKeyFinderTest < ActiveSupport::TestCase assert_equal 'config', secret_key_finder.find end + test "rails 5.2 uses secret_key_base when config is empty" do + secret_key_finder = Devise::SecretKeyFinder.new(Rails52SecretKeyBase.new) + + assert_equal 'secret_key_base', secret_key_finder.find + end + test "rails 4.1 uses secrets" do secret_key_finder = Devise::SecretKeyFinder.new(Rails41Secrets.new) From af8f7e9797ad903d30e471ca04e6194816248094 Mon Sep 17 00:00:00 2001 From: Samy Kacimi Date: Mon, 14 May 2018 23:11:15 +0200 Subject: [PATCH 1129/1473] remove :trackable from the default modules (#4857) This removes :trackable from the default modules in the generators, to be more GDPR-friendly. --- lib/generators/active_record/devise_generator.rb | 10 +++++----- lib/generators/devise/orm_helpers.rb | 4 ++-- lib/generators/mongoid/devise_generator.rb | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 182c44600d..039ef75ec2 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -54,11 +54,11 @@ def migration_data t.datetime :remember_created_at ## Trackable - t.integer :sign_in_count, default: 0, null: false - t.datetime :current_sign_in_at - t.datetime :last_sign_in_at - t.#{ip_column} :current_sign_in_ip - t.#{ip_column} :last_sign_in_ip + # t.integer :sign_in_count, default: 0, null: false + # t.datetime :current_sign_in_at + # t.datetime :last_sign_in_at + # t.#{ip_column} :current_sign_in_ip + # t.#{ip_column} :last_sign_in_ip ## Confirmable # t.string :confirmation_token diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index 1dcbfa0d89..067eb36f5b 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -6,9 +6,9 @@ module OrmHelpers def model_contents buffer = <<-CONTENT # Include default devise modules. Others available are: - # :confirmable, :lockable, :timeoutable and :omniauthable + # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable devise :database_authenticatable, :registerable, - :recoverable, :rememberable, :trackable, :validatable + :recoverable, :rememberable, :validatable CONTENT buffer diff --git a/lib/generators/mongoid/devise_generator.rb b/lib/generators/mongoid/devise_generator.rb index 40a8ac2770..777f3d6bc6 100644 --- a/lib/generators/mongoid/devise_generator.rb +++ b/lib/generators/mongoid/devise_generator.rb @@ -34,11 +34,11 @@ def migration_data field :remember_created_at, type: Time ## Trackable - field :sign_in_count, type: Integer, default: 0 - field :current_sign_in_at, type: Time - field :last_sign_in_at, type: Time - field :current_sign_in_ip, type: String - field :last_sign_in_ip, type: String + # field :sign_in_count, type: Integer, default: 0 + # field :current_sign_in_at, type: Time + # field :last_sign_in_at, type: Time + # field :current_sign_in_ip, type: String + # field :last_sign_in_ip, type: String ## Confirmable # field :confirmation_token, type: String From 31aceeb10429d711e5fee99f5a44b05c8c7c0f0b Mon Sep 17 00:00:00 2001 From: Josh Pencheon Date: Tue, 15 May 2018 14:47:18 +0100 Subject: [PATCH 1130/1473] Fix bug: `ParameterFilter` should not add keys (#3431) (#4457) If called with a hash that has a `default` / `default_proc` configured, `Devise::ParameterFilter` can add in missing keys it was due to attempt to sanitise the values for. This patch prevents this from happening, whilst also clarifying the filtering intent of `ParamaterFilter`. (This can also occur if NilClass has been augmented with definitions for `strip` or `downcase`.) Fixes #3431. --- lib/devise/parameter_filter.rb | 2 ++ test/models/database_authenticatable_test.rb | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/lib/devise/parameter_filter.rb b/lib/devise/parameter_filter.rb index d61e66d111..11e6f9c051 100644 --- a/lib/devise/parameter_filter.rb +++ b/lib/devise/parameter_filter.rb @@ -18,6 +18,8 @@ def filter(conditions) def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys) condition_keys.each do |k| + next unless conditions.key?(k) + value = conditions[k] conditions[k] = value.send(method) if value.respond_to?(method) end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 4e2c6d7242..ffd5f291d6 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -88,6 +88,13 @@ def setup assert_equal( {'strip_whitespace' => 'strip_whitespace_val', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}, conditions ) end + test 'param filter should not add keys to filtered hash' do + conditions = { 'present' => 'present_val' } + conditions.default = '' + conditions = Devise::ParameterFilter.new(['not_present'], []).filter(conditions) + assert_equal({ 'present' => 'present_val' }, conditions) + end + test 'should respond to password and password confirmation' do user = new_user assert user.respond_to?(:password) From 715192a7709a4c02127afb067e66230061b82cf2 Mon Sep 17 00:00:00 2001 From: lucfranken Date: Wed, 16 May 2018 19:48:24 +0200 Subject: [PATCH 1131/1473] Improve getting started text on Gemfile (#4875) The original text: > You can add it to your Gemfile with: Could easily be read as: "Run this command to add it to your Gemfile" That's what I did at least. I think the change makes it much clearer that you need to really manually add a line of text into the Gemfile. One of the reasons why this is not fully clear is that it's badly visible on Github whether a command is a console / terminal command or a ruby line of code. Visually they look the same except for the $ sign which is easy to overlook. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1626a10152..d2e31ea59c 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,7 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 4.0 works with Rails 4.1 onwards. You can add it to your Gemfile with: +Devise 4.0 works with Rails 4.1 onwards. Add the following line to your Gemfile: ```ruby gem 'devise' From b8f644198d34e96039b84b69842ecb4edffa4664 Mon Sep 17 00:00:00 2001 From: Phil Nash Date: Tue, 3 Jul 2018 22:52:07 +1000 Subject: [PATCH 1132/1473] Corrects brakes -> breaks when talking about tests (#4897) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d2e31ea59c..ffa2924c30 100644 --- a/README.md +++ b/README.md @@ -135,7 +135,7 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). -Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite brakes on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: ```bash rbenv shell 2.4.2 # or rvm use 2.4.2 @@ -190,7 +190,7 @@ In the following command you will replace `MODEL` with the class name used for t $ rails generate devise MODEL ``` -Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. +Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rails db:migrate` From e4dd1509c4399f10366170bac95a25034005bb86 Mon Sep 17 00:00:00 2001 From: Guillaume CABANEL Date: Tue, 31 Jul 2018 16:36:42 +0200 Subject: [PATCH 1133/1473] Update README.md (#4911) update links to rubydoc.info to the url `www.rubydoc.info` since the ssl certificate is only valid for www.rubydoc.info (not rubydoc.info) --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index ffa2924c30..255beca3b9 100644 --- a/README.md +++ b/README.md @@ -16,16 +16,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: -* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. -* [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. -* [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. -* [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. -* [Rememberable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. -* [Trackable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. -* [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. -* [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +* [Database Authenticatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Omniauthable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. +* [Confirmable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. +* [Recoverable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. +* [Registerable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. +* [Rememberable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. +* [Trackable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. +* [Timeoutable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. +* [Validatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. +* [Lockable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. ## Table of Contents From acc45c5a44c45b252ccba65fd169a45af73ff369 Mon Sep 17 00:00:00 2001 From: Isaac Orme Date: Thu, 2 Aug 2018 07:02:50 -0700 Subject: [PATCH 1134/1473] issue 4356 adds is_navigational_format? check to after_sign_up_path_for (#4833) --- app/controllers/devise/registrations_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 0c1e876418..c79ce56ece 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -112,7 +112,7 @@ def sign_up(resource_name, resource) # The path used after sign up. You need to overwrite this method # in your own RegistrationsController. def after_sign_up_path_for(resource) - after_sign_in_path_for(resource) + after_sign_in_path_for(resource) if is_navigational_format? end # The path used after sign up for inactive accounts. You need to overwrite From 2eca92f9509252a88696cad9cc102f542dd4e4e2 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 15 Aug 2018 17:05:50 -0300 Subject: [PATCH 1135/1473] Update CHANGELOG.md --- CHANGELOG.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a17abd995..ed7cb66d3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,24 @@ ### Unreleased * enhancements + * Use `before_action` instead of `before_filter` (by @edenthecat) + * Allow people to extend devise failure app, through invoking `ActiveSupport.run_load_hooks` once `Devise::FailureApp` is loaded (by @wnm) + * Use `update` instead of `update_attributes` (by @koic) + * Split IP resolution from `update_tracked_fields` (by @mckramer) + * upgrade dependencies for rails and responders (by @lancecarlson) * Add `autocomplete="new-password"` to new password fields (by @gssbzn) * Add `autocomplete="current-password"` to current password fields (by @gssbzn) - * Update `simple_form` templates with changes from 16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and 6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) + * Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia) + * Update `simple_form` templates with changes from https://github.com/plataformatec/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/plataformatec/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) + * Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine) + +* bug fixes + * Use same string on failed login regardless of whether account exists when in paranoid mode (by @TonyMK9068) + * Fix error when params is not a hash inside `Devise::ParameterSanitizer` (by @b0nn1e) + * Look for `secret_key_base` inside `Rails.application` (by @gencer) + * Ensure `Devise::ParameterFilter` does not add missing keys when called with a hash that has a `default` / `default_proc` +configured (by @joshpencheon) + * Adds `is_navigational_format?` check to `after_sign_up_path_for` to keep consistency (by @iorme1) ### 4.4.3 - 2018-03-17 From 3b0bc08ec67dd073ddd6d043c71646c2784ced6c Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 15 Aug 2018 20:03:08 -0300 Subject: [PATCH 1136/1473] Prepare for `4.5.0` release --- CHANGELOG.md | 2 ++ Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 4 ++-- gemfiles/Gemfile.rails-4.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.0-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.2-rc1.lock | 4 ++-- lib/devise/version.rb | 2 +- 7 files changed, 13 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed7cb66d3b..fce10a1391 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.5.0 - 2018-08-15 + * enhancements * Use `before_action` instead of `before_filter` (by @edenthecat) * Allow people to extend devise failure app, through invoking `ActiveSupport.run_load_hooks` once `Devise::FailureApp` is loaded (by @wnm) diff --git a/Gemfile.lock b/Gemfile.lock index e90b284c76..e79cd7b8f8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -62,7 +62,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) - bcrypt (3.1.11) + bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.0.5) crass (1.0.4) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 7883d31d0b..9f6b66e5b2 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,7 +21,7 @@ GIT PATH remote: .. specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -54,7 +54,7 @@ GEM thread_safe (~> 0.1) tzinfo (~> 1.1) arel (5.0.1.20140414130214) - bcrypt (3.1.11) + bcrypt (3.1.12) bson (3.2.6) builder (3.2.3) concurrent-ruby (1.0.5) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 9e9da87594..73c08accc5 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -68,7 +68,7 @@ GEM remote: https://rubygems.org/ specs: arel (6.0.4) - bcrypt (3.1.11) + bcrypt (3.1.12) bson (3.2.6) builder (3.2.3) concurrent-ruby (1.0.5) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 3c4f2b6d47..2edb7bc197 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -58,7 +58,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (7.1.4) - bcrypt (3.1.11) + bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.0.5) erubis (2.7.0) diff --git a/gemfiles/Gemfile.rails-5.2-rc1.lock b/gemfiles/Gemfile.rails-5.2-rc1.lock index 2510490bdb..463dd2645d 100644 --- a/gemfiles/Gemfile.rails-5.2-rc1.lock +++ b/gemfiles/Gemfile.rails-5.2-rc1.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -62,7 +62,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) - bcrypt (3.1.11) + bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.0.5) crass (1.0.3) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 89415964f3..66d69f13ad 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.4.3".freeze + VERSION = "4.5.0".freeze end From 389cd85d477b9d71e8b7d998f3a520bae51747d5 Mon Sep 17 00:00:00 2001 From: Colin Ross Date: Wed, 19 Sep 2018 18:19:56 -0700 Subject: [PATCH 1137/1473] Missing comma in form input --- .../templates/simple_form_for/registrations/edit.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index 54fbc6c38a..dfb7eb94ea 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -12,7 +12,7 @@ <%= f.input :password, hint: "leave it blank if you don't want to change it", - required: false + required: false, input_html: { autocomplete: "new-password" } %> <%= f.input :password_confirmation, required: false, From 25f908ad9c96f2e47276fa10862c367c9a8a9c58 Mon Sep 17 00:00:00 2001 From: Isaac Orme Date: Fri, 28 Sep 2018 14:55:00 -0700 Subject: [PATCH 1138/1473] issue 4526 adds skip email and password change notifications methods (#4824) --- lib/devise/models/database_authenticatable.rb | 24 +++++++++++++++---- test/models/database_authenticatable_test.rb | 20 ++++++++++++++++ 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index e5f98f6b7b..db81fea133 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -35,6 +35,22 @@ module DatabaseAuthenticatable attr_accessor :password_confirmation end + def initialize(*args, &block) + @skip_email_changed_notification = false + @skip_password_change_notification = false + super + end + + # Skips sending the email changed notification after_update + def skip_email_changed_notification! + @skip_email_changed_notification = true + end + + # Skips sending the password change notification after_update + def skip_password_change_notification! + @skip_password_change_notification = true + end + def self.required_fields(klass) [:encrypted_password] + klass.authentication_keys end @@ -169,21 +185,21 @@ def password_digest(password) if Devise.activerecord51? def send_email_changed_notification? - self.class.send_email_changed_notification && saved_change_to_email? + self.class.send_email_changed_notification && saved_change_to_email? && !@skip_email_changed_notification end else def send_email_changed_notification? - self.class.send_email_changed_notification && email_changed? + self.class.send_email_changed_notification && email_changed? && !@skip_email_changed_notification end end if Devise.activerecord51? def send_password_change_notification? - self.class.send_password_change_notification && saved_change_to_encrypted_password? + self.class.send_password_change_notification && saved_change_to_encrypted_password? && !@skip_password_change_notification end else def send_password_change_notification? - self.class.send_password_change_notification && encrypted_password_changed? + self.class.send_password_change_notification && encrypted_password_changed? && !@skip_password_change_notification end end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index ffd5f291d6..6eb6a0527a 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -266,6 +266,26 @@ def setup end end + test 'should not notify email on password change even when configured if skip_password_change_notification! is invoked' do + swap Devise, send_password_change_notification: true do + user = create_user + user.skip_password_change_notification! + assert_email_not_sent do + assert user.update(password: 'newpass', password_confirmation: 'newpass') + end + end + end + + test 'should not notify email on email change even when configured if skip_email_changed_notification! is invoked' do + swap Devise, send_email_changed_notification: true do + user = create_user + user.skip_email_changed_notification! + assert_email_not_sent do + assert user.update(email: 'new-email@example.com') + end + end + end + test 'downcase_keys with validation' do User.create(email: "HEllO@example.com", password: "123456") user = User.create(email: "HEllO@example.com", password: "123456") From 87b73540a4b8a8fad2d5a198598d3e4aa3b44431 Mon Sep 17 00:00:00 2001 From: Ieva S <35448476+ievax@users.noreply.github.com> Date: Mon, 1 Oct 2018 14:38:41 +0300 Subject: [PATCH 1139/1473] Updated year in MIT-LICENSE (#4948) --- MIT-LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 73b88e91c8..3df1078623 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2009-2017 Plataformatec. http://plataformatec.com.br +Copyright 2009-2018 Plataformatec. http://plataformatec.com.br Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the From 94adec3ceef6a3e9eb6bdc4d3fa7ed4a3fc6b348 Mon Sep 17 00:00:00 2001 From: Sam Weerasinghe Date: Wed, 3 Oct 2018 11:21:59 -0700 Subject: [PATCH 1140/1473] Issue #4941 , handle error 'Please specify the Rails release the migration was written for' (#4942) --- lib/generators/active_record/devise_generator.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 039ef75ec2..7319c47f21 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -82,8 +82,8 @@ def inet? postgresql? end - def rails5? - Rails.version.start_with? '5' + def rails5_and_up? + Rails::VERSION::MAJOR >= 5 end def postgresql? @@ -92,13 +92,13 @@ def postgresql? end def migration_version - if rails5? + if rails5_and_up? "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" end end def primary_key_type - primary_key_string if rails5? + primary_key_string if rails5_and_up? end def primary_key_string From 95fad8b408500f8a4ca8101b34e8e79afdfad552 Mon Sep 17 00:00:00 2001 From: Kevin McCormack Date: Sun, 28 Oct 2018 12:36:00 -0400 Subject: [PATCH 1141/1473] Fix CONTRIBUTING.md typo --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index fb9dd7ad40..d4a03e7a1f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -64,7 +64,7 @@ open issues to help troubleshoot and fix existing bugs on Devise. Here is what you can do: * Help ensure that existing issues follows the recommendations from the -_[Reporting Issues](#reporting-issues)_ section, providing feeback to the issue's +_[Reporting Issues](#reporting-issues)_ section, providing feedback to the issue's author on what might be missing. * Review and update the existing content of our [Wiki](https://github.com/plataformatec/devise/wiki) with up to date instructions and code samples - the wiki was grown with several From 0640b318caf284827c3f8c3babb83a6aa557c823 Mon Sep 17 00:00:00 2001 From: Kevin McCormack Date: Sun, 28 Oct 2018 12:41:08 -0400 Subject: [PATCH 1142/1473] Fix Issue template grammar --- ISSUE_TEMPLATE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index b14cc45294..b24214c4fd 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -1,4 +1,4 @@ -## Precheck +## Pre-check - Do not use the issues tracker for help or support, try Stack Overflow. - For bugs, do a quick search and make sure the bug has not yet been reported @@ -12,7 +12,7 @@ ## Current behavior -Include code samples, errors, steps to reproduce the error and stacktraces if appropriate. +Include code samples, errors, steps to reproduce the error and stack traces if appropriate. Will be even more helpful if you provide a sample application or a test case that reproduces the error. From fa067b31c60a035bae61745fbb78f21b4da50b3c Mon Sep 17 00:00:00 2001 From: John Gabriel Date: Mon, 12 Nov 2018 14:27:27 -0200 Subject: [PATCH 1143/1473] chore(docs): allow_unconfirmed_access_for = nil (#2275) (#4964) --- lib/generators/templates/devise.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 92765cfaa4..09616950f3 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -126,8 +126,11 @@ # A period that the user is allowed to access the website even without # confirming their account. For instance, if set to 2.days, the user will be # able to access the website for two days without confirming their account, - # access will be blocked just in the third day. Default is 0.days, meaning - # the user cannot access the website without confirming their account. + # access will be blocked just in the third day. + # You can also set it to nil, which will allow the user to access the website + # without confirming their account. + # Default is 0.days, meaning the user cannot access the website without + # confirming their account. # config.allow_unconfirmed_access_for = 2.days # A period that the user is allowed to confirm their account before their From 3aedbf0a4d5b4dce42d05edaa5ac61363a41dcb0 Mon Sep 17 00:00:00 2001 From: sivagollapalli Date: Tue, 13 Nov 2018 21:27:23 +0530 Subject: [PATCH 1144/1473] [#4245] Allowing password to nil (#4261) * [#4245] Allowing password to nil * Set encrypted password to nil if password is nil * [#4245] Fixing the build * Removed unnecessary code --- lib/devise/models/database_authenticatable.rb | 6 ++++-- test/models/database_authenticatable_test.rb | 13 ++++++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index db81fea133..0857cd7735 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -60,17 +60,18 @@ def self.required_fields(klass) # the hashed password. def password=(new_password) @password = new_password - self.encrypted_password = password_digest(@password) if @password.present? + self.encrypted_password = password_digest(@password) end # Verifies whether a password (ie from sign in) is the user password. def valid_password?(password) + return false if password.blank? Devise::Encryptor.compare(self.class, encrypted_password, password) end # Set password and password confirmation to nil def clean_up_passwords - self.password = self.password_confirmation = nil + @password = @password_confirmation = nil end # Update record attributes when :current_password matches, otherwise @@ -180,6 +181,7 @@ def send_password_change_notification # See https://github.com/plataformatec/devise-encryptable for examples # of other hashing engines. def password_digest(password) + return if password.blank? Devise::Encryptor.digest(self.class, password) end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 6eb6a0527a..2b0b92319f 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -117,9 +117,9 @@ def setup assert_nil user.authenticatable_salt end - test 'should not generate a hashed password if password is blank' do - assert_blank new_user(password: nil).encrypted_password - assert_blank new_user(password: '').encrypted_password + test 'should set encrypted password to nil if password is nil' do + assert_nil new_user(password: nil).encrypted_password + assert_nil new_user(password: '').encrypted_password end test 'should hash password again if password has changed' do @@ -307,4 +307,11 @@ def setup ] end end + + test 'nil password should be invalid if password is set to nil' do + user = User.create(email: "HEllO@example.com", password: "12345678") + user.password = nil + refute user.valid_password?('12345678') + refute user.valid_password?(nil) + end end From 40f02ae69baf7e9b0449aaab2aba0d0e166f77a3 Mon Sep 17 00:00:00 2001 From: Colin Ross Date: Tue, 13 Nov 2018 09:26:00 -0800 Subject: [PATCH 1145/1473] Only flash if the request object that is loaded supports it (#4950) --- lib/devise/controllers/helpers.rb | 2 +- lib/devise/failure_app.rb | 2 +- test/controllers/helpers_test.rb | 10 ++++++++++ test/failure_app_test.rb | 13 ++++++++++++- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index f8871deaf6..7ef8507ffc 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -268,7 +268,7 @@ def is_navigational_format? # Check if flash messages should be emitted. Default is to do it on # navigational formats def is_flashing_format? - is_navigational_format? + request.respond_to?(:flash) && is_navigational_format? end private diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 69c80cf4f7..14de94b0a2 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -242,7 +242,7 @@ def is_navigational_format? # Check if flash messages should be emitted. Default is to do it on # navigational formats def is_flashing_format? - is_navigational_format? + request.respond_to?(:flash) && is_navigational_format? end def request_format diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 2380d36268..b48502643e 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -312,6 +312,16 @@ def setup end end + test 'is_flashing_format? depends on is_navigation_format?' do + @controller.expects(:is_navigational_format?).returns(true) + assert @controller.is_flashing_format? + end + + test 'is_flashing_format? is guarded against flash (middleware) not being loaded' do + @controller.request.expects(:respond_to?).with(:flash).returns(false) + refute @controller.is_flashing_format? + end + test 'is not a devise controller' do refute @controller.devise_controller? end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index f852f239c6..2429d40673 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -44,6 +44,10 @@ def fake_engine end end + class RequestWithoutFlashSupport < ActionDispatch::Request + undef_method :flash + end + def self.context(name, &block) instance_eval(&block) end @@ -66,7 +70,7 @@ def call_failure(env_params={}) end @response = (env.delete(:app) || Devise::FailureApp).call(env).to_a - @request = ActionDispatch::Request.new(env) + @request = (env.delete(:request_klass) || ActionDispatch::Request).new(env) end context 'When redirecting' do @@ -343,4 +347,11 @@ def call_failure(env_params={}) assert_equal Devise::FailureApp.new.lazy_loading_works?, "yes it does" end end + context "Without Flash Support" do + test "returns to the default redirect location without a flash message" do + call_failure request_klass: RequestWithoutFlashSupport + assert_equal 302, @response.first + assert_equal 'http://test.host/users/sign_in', @response.second['Location'] + end + end end From 05bf574799dc75b0d4578e31a40bb8d63ff63855 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 13 Nov 2018 15:29:14 -0200 Subject: [PATCH 1146/1473] Add more tests (#4970) After merging #4261, I realized that we could add a couple more tests, to ensure the new behavior added to `#valid_password?` - which is that it should return `false` when the password is either `nil` or blank (''). I've also removed [this condition](https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb#L68) because it's already present at `Devise::Encryptor` module in the `.compare` [method](https://github.com/plataformatec/devise/blob/master/lib/devise/encryptor.rb#L15). --- lib/devise/models/database_authenticatable.rb | 1 - test/models/database_authenticatable_test.rb | 10 ++++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 0857cd7735..f639704989 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -65,7 +65,6 @@ def password=(new_password) # Verifies whether a password (ie from sign in) is the user password. def valid_password?(password) - return false if password.blank? Devise::Encryptor.compare(self.class, encrypted_password, password) end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 2b0b92319f..dadab91bfb 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -148,6 +148,16 @@ def setup refute user.valid_password?('654321') end + test 'should be invalid if the password is nil' do + user = new_user(password: nil) + refute user.valid_password?(nil) + end + + test 'should be invalid if the password is blank' do + user = new_user(password: '') + refute user.valid_password?('') + end + test 'should respond to current password' do assert new_user.respond_to?(:current_password) end From 6f140faf0d6519b46ed8f9c4af7b871317389488 Mon Sep 17 00:00:00 2001 From: Kopylov Vladislav Date: Thu, 22 Nov 2018 00:20:23 +0300 Subject: [PATCH 1147/1473] fixed description for Devise::Generators::ControllersGenerator (#4975) --- lib/generators/devise/controllers_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index c91371a3d0..caa04f1a56 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -18,7 +18,7 @@ class ControllersGenerator < Rails::Generators::Base This will create a controller class at app/controllers/users/sessions_controller.rb like this: - class Users::ConfirmationsController < Devise::ConfirmationsController + class Users::SessionsController < Devise::SessionsController content... end DESC From 354df3bc65fb211f0704208f52bf2213758585cf Mon Sep 17 00:00:00 2001 From: Ryan Lue Date: Fri, 23 Nov 2018 01:10:50 +0800 Subject: [PATCH 1148/1473] [bugfix] [refactoring] Sanitize parameters in find_or_initialize_with_errors (#4797) * Use parameter sanitizer for new records in find_or_initialize_with_errors * Add test for find_or_initialize_with_errors bugfix --- lib/devise/models/authenticatable.rb | 22 +++++++--------------- test/models/authenticatable_test.rb | 15 +++++++++++++++ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index c598b4fc83..d4d72e909e 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -283,28 +283,20 @@ def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc: # Find or initialize a record with group of attributes based on a list of required attributes. def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc: - attributes = if attributes.respond_to? :permit! - attributes.slice(*required_attributes).permit!.to_h.with_indifferent_access - else - attributes.with_indifferent_access.slice(*required_attributes) - end - attributes.delete_if { |key, value| value.blank? } + attributes.try(:permit!) + attributes = attributes.to_h.with_indifferent_access + .slice(*required_attributes) + .delete_if { |key, value| value.blank? } if attributes.size == required_attributes.size - record = find_first_by_auth_conditions(attributes) + record = find_first_by_auth_conditions(attributes) and return record end - unless record - record = new - + new(devise_parameter_filter.filter(attributes)).tap do |record| required_attributes.each do |key| - value = attributes[key] - record.send("#{key}=", value) - record.errors.add(key, value.present? ? error : :blank) + record.errors.add(key, attributes[key].blank? ? :blank : error) end end - - record end protected diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index b3cab65bf2..205f4ee39b 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -13,6 +13,21 @@ class AuthenticatableTest < ActiveSupport::TestCase assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next) end + # assumes default configuration of + # config.case_insensitive_keys = [:email] + # config.strip_whitespace_keys = [:email] + test 'find_or_initialize_with_errors uses parameter filter on find' do + user = User.create!(email: "example@example.com", password: "1234567") + assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }), user + end + + # assumes default configuration of + # config.case_insensitive_keys = [:email] + # config.strip_whitespace_keys = [:email] + test 'find_or_initialize_with_errors uses parameter filter on initialize' do + assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email, "example@example.com" + end + if defined?(ActionController::Parameters) test 'does not passes an ActionController::Parameters to find_first_by_auth_conditions through find_or_initialize_with_errors' do user = create_user(email: 'example@example.com') From aa6cb411bca060683002767591c2380d185a6383 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 22 Nov 2018 18:44:09 -0200 Subject: [PATCH 1149/1473] Add missing specs for `#find_or_initialize_with_errors` After merging https://github.com/plataformatec/devise/pull/4797, I noticed that we had no specs for the scenarios where this method was adding the errors to the resource. This commit adds tests to cover those cases. --- test/models/authenticatable_test.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 205f4ee39b..4fc30a8101 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -28,6 +28,16 @@ class AuthenticatableTest < ActiveSupport::TestCase assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email, "example@example.com" end + test 'find_or_initialize_with_errors adds blank error' do + user_with_error = User.find_or_initialize_with_errors([:email], { email: "" }) + assert_equal [:email, "can't be blank"], user_with_error.errors.first + end + + test 'find_or_initialize_with_errors adds invalid error' do + user_with_error = User.find_or_initialize_with_errors([:email], { email: "example@example.com" }) + assert_equal [:email, "is invalid"], user_with_error.errors.first + end + if defined?(ActionController::Parameters) test 'does not passes an ActionController::Parameters to find_first_by_auth_conditions through find_or_initialize_with_errors' do user = create_user(email: 'example@example.com') From bafc23eae58fd530f4e149a9b17542c577cf7bb3 Mon Sep 17 00:00:00 2001 From: Kanmaniselvan Murugesan Date: Thu, 22 Nov 2018 22:13:55 +0100 Subject: [PATCH 1150/1473] Issue 4895: Add `after_database_authentication` callback after sign_in immediately after password update (#4916) --- app/controllers/devise/passwords_controller.rb | 1 + test/controllers/passwords_controller_test.rb | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 010199a72b..64c2e2f858 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -39,6 +39,7 @@ def update if Devise.sign_in_after_reset_password flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message!(:notice, flash_message) + resource.after_database_authentication sign_in(resource_name, resource) else set_flash_message!(:notice, :updated_not_active) diff --git a/test/controllers/passwords_controller_test.rb b/test/controllers/passwords_controller_test.rb index 887e01336b..8561027d98 100644 --- a/test/controllers/passwords_controller_test.rb +++ b/test/controllers/passwords_controller_test.rb @@ -31,4 +31,9 @@ def put_update_with_params put_update_with_params assert_redirected_to custom_path end + + test 'calls after_database_authentication callback after sign_in immediately after password update' do + User.any_instance.expects :after_database_authentication + put_update_with_params + end end From c84169122f21b8a030c2e18ae3c20a08f50c9828 Mon Sep 17 00:00:00 2001 From: Jason Lee Date: Fri, 23 Nov 2018 06:04:53 +0800 Subject: [PATCH 1151/1473] Ignore useless files into the gem file. (#4955) --- devise.gemspec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/devise.gemspec b/devise.gemspec index 9a81ed89a8..5df410bae8 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -15,8 +15,7 @@ Gem::Specification.new do |s| s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] - s.files = `git ls-files`.split("\n") - s.test_files = `git ls-files -- test/*`.split("\n") + s.files = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"] s.require_paths = ["lib"] s.required_ruby_version = '>= 2.1.0' From 5f62f28d6ec6b8b4799da3db770d2fa4ed4c5b8d Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 22 Nov 2018 20:38:02 -0200 Subject: [PATCH 1152/1473] Explain the code that prevents enumeration attacks --- lib/devise/strategies/database_authenticatable.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index c23af9ef77..96af692284 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -16,6 +16,9 @@ def authenticate! success!(resource) end + # On paranoid mode, hash the password even when a resource doesn't exist for the given authentication key. + # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't + # exist in the database if the password hashing algorithm is not called. mapping.to.new.password = password if !hashed && Devise.paranoid unless resource Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database) From 52b24e41de5093fe60a89019b2462608874d5745 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 23 Nov 2018 13:26:26 -0200 Subject: [PATCH 1153/1473] Fix typo [ci skip] --- lib/devise/strategies/database_authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index 96af692284..f7e007d144 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -16,7 +16,7 @@ def authenticate! success!(resource) end - # On paranoid mode, hash the password even when a resource doesn't exist for the given authentication key. + # In paranoid mode, hash the password even when a resource doesn't exist for the given authentication key. # This is necessary to prevent enumeration attacks - e.g. the request is faster when a resource doesn't # exist in the database if the password hashing algorithm is not called. mapping.to.new.password = password if !hashed && Devise.paranoid From d1571627b78399b55b76c400a78c4a3f367dad2c Mon Sep 17 00:00:00 2001 From: ihatov08 Date: Thu, 29 Nov 2018 04:58:10 +0900 Subject: [PATCH 1154/1473] Add deprication waring if use options argument at DatabaseAuthenticatable#update_with_password,#update_without_password (#4935) --- lib/devise/models/database_authenticatable.rb | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index f639704989..71f7b43d2f 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -81,6 +81,15 @@ def clean_up_passwords # their password). In case the password field is rejected, the confirmation # is also rejected as long as it is also blank. def update_with_password(params, *options) + if options.present? + ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + [Devise] The second argument of `DatabaseAuthenticatable#update_with_password` + (`options`) is deprecated and it will be removed in the next major version. + It was added to support a feature deprecated in Rails 4, so you can safely remove it + from your code. + DEPRECATION + end + current_password = params.delete(:current_password) if params[:password].blank? @@ -114,6 +123,15 @@ def update_with_password(params, *options) # end # def update_without_password(params, *options) + if options.present? + ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + [Devise] The second argument of `DatabaseAuthenticatable#update_without_password` + (`options`) is deprecated and it will be removed in the next major version. + It was added to support a feature deprecated in Rails 4, so you can safely remove it + from your code. + DEPRECATION + end + params.delete(:password) params.delete(:password_confirmation) From ecd218765283c8d0c00017b4201f037ffe54d99a Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 30 Nov 2018 17:43:28 -0200 Subject: [PATCH 1155/1473] Update `CHANGELOG.md` [ci skip] --- CHANGELOG.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fce10a1391..7b522ca386 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,23 @@ ### Unreleased +* enhancements + * Allow to skip email and password change notifications (by @iorme1) + * Include the use of `nil` for `allow_unconfirmed_access_for` in the docs (by @joaumg) + * Ignore useless files into the `.gem` file (by @huacnlee) + * Explain the code that prevents enumeration attacks inside `Devise::Strategies::DatabaseAuthenticatable` (by @tegon) + +* bug fixes + * Fix missing comma in Simple Form generator (by @colinross) + * Fix error with migration generator in Rails 6 (by @oystersauce8) + * Set `encrypted_password` to `nil` when `password` is set to `nil` (by @sivagollapalli) + * Consider whether the request supports flash messages inside `Devise::Controllers::Helpers#is_flashing_format?` (by @colinross) + * Fix typo inside `Devise::Generators::ControllersGenerator` (by @kopylovvlad) + * Sanitize parameters inside `Devise::Models::Authenticatable#find_or_initialize_with_errors` (by @rlue) + * `#after_database_authentication` callback was not called after authentication on password reset (by @kanmaniselvan) + +* deprecations + * The second argument of `DatabaseAuthenticatable`'s `#update_with_password` and `#update_without_password` is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08) + ### 4.5.0 - 2018-08-15 * enhancements From 1192c76f62795cedc40640104d84a907661814a4 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Tue, 4 Dec 2018 08:34:32 -0800 Subject: [PATCH 1156/1473] Fix corner case when confirmation_sent_at is equal to 0.days.ago (#4529) If `Confirmable#confirmation_sent_at` is equal to `0.days.ago`, then `confirmation_period_valid?` will be deemed valid even if the setting is configured to disable this outright. To prevent this error, we explicitly check the configuration setting to be `0.days.ago`. --- Gemfile | 1 + Gemfile.lock | 2 ++ gemfiles/Gemfile.rails-4.1-stable | 1 + gemfiles/Gemfile.rails-4.1-stable.lock | 2 ++ gemfiles/Gemfile.rails-4.2-stable | 1 + gemfiles/Gemfile.rails-4.2-stable.lock | 2 ++ gemfiles/Gemfile.rails-5.0-stable | 1 + gemfiles/Gemfile.rails-5.0-stable.lock | 2 ++ gemfiles/Gemfile.rails-5.2-rc1 | 1 + gemfiles/Gemfile.rails-5.2-rc1.lock | 4 +++- lib/devise/models/confirmable.rb | 5 ++++- test/models/confirmable_test.rb | 10 ++++++++++ test/test_helper.rb | 1 + 13 files changed, 31 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 84a8c8b199..7bf232dca2 100644 --- a/Gemfile +++ b/Gemfile @@ -19,6 +19,7 @@ gem "responders", "~> 2.4" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false end diff --git a/Gemfile.lock b/Gemfile.lock index e79cd7b8f8..8c95b6c4ee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -164,6 +164,7 @@ GEM sqlite3 (1.3.13) thor (0.20.0) thread_safe (0.3.6) + timecop (0.8.1) tzinfo (1.2.5) thread_safe (~> 0.1) warden (1.2.7) @@ -196,6 +197,7 @@ DEPENDENCIES rdoc responders (~> 2.4) sqlite3 + timecop webrat (= 0.7.3) BUNDLED WITH diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile.rails-4.1-stable index 5db67dad6b..f58f971a59 100644 --- a/gemfiles/Gemfile.rails-4.1-stable +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -12,6 +12,7 @@ gem "rdoc", "~> 5.1" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false gem 'test_after_commit', require: false diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 9f6b66e5b2..fda4a4fc20 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -137,6 +137,7 @@ GEM test_after_commit (1.1.0) activerecord (>= 3.2) thor (0.19.4) + timecop (0.8.1) thread_safe (0.3.6) tzinfo (1.2.2) thread_safe (~> 0.1) @@ -165,6 +166,7 @@ DEPENDENCIES rdoc (~> 5.1) sqlite3 test_after_commit + timecop webrat (= 0.7.3) BUNDLED WITH diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable index f3912002df..69078ca89c 100644 --- a/gemfiles/Gemfile.rails-4.2-stable +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -12,6 +12,7 @@ gem "rdoc", "~> 5.1" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false gem 'test_after_commit', require: false diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 73c08accc5..1e461fd49e 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -159,6 +159,7 @@ GEM activerecord (>= 3.2) thor (0.19.4) thread_safe (0.3.6) + timecop (0.8.1) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.7) @@ -186,6 +187,7 @@ DEPENDENCIES rdoc (~> 5.1) sqlite3 test_after_commit + timecop webrat (= 0.7.3) BUNDLED WITH diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile.rails-5.0-stable index 6ae8724432..5171d10743 100644 --- a/gemfiles/Gemfile.rails-5.0-stable +++ b/gemfiles/Gemfile.rails-5.0-stable @@ -18,6 +18,7 @@ gem "responders", "~> 2.1" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false gem 'test_after_commit', require: false diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 2edb7bc197..cfcbaa58f7 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -157,6 +157,7 @@ GEM activerecord (>= 3.2) thor (0.19.4) thread_safe (0.3.6) + timecop (0.8.1) tzinfo (1.2.3) thread_safe (~> 0.1) warden (1.2.7) @@ -186,6 +187,7 @@ DEPENDENCIES responders (~> 2.1) sqlite3 test_after_commit + timecop webrat (= 0.7.3) BUNDLED WITH diff --git a/gemfiles/Gemfile.rails-5.2-rc1 b/gemfiles/Gemfile.rails-5.2-rc1 index 2853e1883d..850a5ba2bb 100644 --- a/gemfiles/Gemfile.rails-5.2-rc1 +++ b/gemfiles/Gemfile.rails-5.2-rc1 @@ -16,6 +16,7 @@ gem "responders", "~> 2.1" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false gem 'test_after_commit', require: false diff --git a/gemfiles/Gemfile.rails-5.2-rc1.lock b/gemfiles/Gemfile.rails-5.2-rc1.lock index 463dd2645d..4f33d26725 100644 --- a/gemfiles/Gemfile.rails-5.2-rc1.lock +++ b/gemfiles/Gemfile.rails-5.2-rc1.lock @@ -166,6 +166,7 @@ GEM activerecord (>= 3.2) thor (0.20.0) thread_safe (0.3.6) + timecop (0.9.1) tzinfo (1.2.5) thread_safe (~> 0.1) warden (1.2.7) @@ -195,7 +196,8 @@ DEPENDENCIES responders (~> 2.1) sqlite3 test_after_commit + timecop webrat (= 0.7.3) BUNDLED WITH - 1.16.1 + 1.17.1 diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index ca1acf9206..dbf6d0ffc8 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -211,7 +211,10 @@ def confirmation_required? # confirmation_period_valid? # will always return true # def confirmation_period_valid? - self.class.allow_unconfirmed_access_for.nil? || (confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago) + return true if self.class.allow_unconfirmed_access_for.nil? + return false if self.class.allow_unconfirmed_access_for == 0.days + + confirmation_sent_at && confirmation_sent_at.utc >= self.class.allow_unconfirmed_access_for.ago end # Checks if the user confirmation happens before the token becomes invalid diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index b2ff045a55..cab1d4f387 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -240,6 +240,16 @@ def setup refute user.active_for_authentication? end + test 'should not be active when confirm period is set to 0 days' do + Devise.allow_unconfirmed_access_for = 0.days + user = create_user + + Timecop.freeze(Time.zone.today) do + user.confirmation_sent_at = Time.zone.today + refute user.active_for_authentication? + end + end + test 'should be active when we set allow_unconfirmed_access_for to nil' do swap Devise, allow_unconfirmed_access_for: nil do user = create_user diff --git a/test/test_helper.rb b/test/test_helper.rb index cfd925d5c3..378c9b110a 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -13,6 +13,7 @@ I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) require 'mocha/setup' +require 'timecop' require 'webrat' Webrat.configure do |config| config.mode = :rails From cb663e96a370ba5d3dc6aa8ea3a2683268e980a0 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 4 Dec 2018 14:37:20 -0200 Subject: [PATCH 1157/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b522ca386..ee34a05cbc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ * Fix typo inside `Devise::Generators::ControllersGenerator` (by @kopylovvlad) * Sanitize parameters inside `Devise::Models::Authenticatable#find_or_initialize_with_errors` (by @rlue) * `#after_database_authentication` callback was not called after authentication on password reset (by @kanmaniselvan) + * Fix corner case when `#confirmation_period_valid?` was called at the same second as `confirmation_sent_at` was set. Mostly true for date types that only have second precisions. (by @stanhu) * deprecations * The second argument of `DatabaseAuthenticatable`'s `#update_with_password` and `#update_without_password` is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08) From 76b87dc0e83736cf16e3ffbc465fcd8ee3c06d46 Mon Sep 17 00:00:00 2001 From: Graham Brereton Date: Tue, 18 Dec 2018 23:01:16 +0000 Subject: [PATCH 1158/1473] Refactor the devise_error_messages! helper to render a partial (#4616) This should make it more intuitive and easier for developers using the project to implement their own layout for errors. --- app/helpers/devise_helper.rb | 22 +++---------------- app/views/devise/confirmations/new.html.erb | 2 +- app/views/devise/passwords/edit.html.erb | 2 +- app/views/devise/passwords/new.html.erb | 2 +- app/views/devise/registrations/edit.html.erb | 2 +- app/views/devise/registrations/new.html.erb | 2 +- .../devise/shared/_error_messages.html.erb | 15 +++++++++++++ app/views/devise/unlocks/new.html.erb | 2 +- 8 files changed, 24 insertions(+), 25 deletions(-) create mode 100644 app/views/devise/shared/_error_messages.html.erb diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index c29120f76b..fff3727f88 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -1,27 +1,11 @@ # frozen_string_literal: true module DeviseHelper - # A simple way to show error messages for the current devise resource. If you need - # to customize this method, you can either overwrite it in your application helpers or - # copy the views to your application. - # - # This method is intended to stay simple and it is unlikely that we are going to change - # it to add more behavior or options. + # Retain this method for backwards compatibility, deprecated in favour of modifying the + # devise/shared/error_messages partial def devise_error_messages! return "" if resource.errors.empty? - messages = resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join - sentence = I18n.t("errors.messages.not_saved", - count: resource.errors.count, - resource: resource.class.model_name.human.downcase) - - html = <<-HTML -
-

#{sentence}

-
    #{messages}
-
- HTML - - html.html_safe + render "devise/shared/error_messages", resource: resource end end diff --git a/app/views/devise/confirmations/new.html.erb b/app/views/devise/confirmations/new.html.erb index 2dea36607f..b12dd0cbeb 100644 --- a/app/views/devise/confirmations/new.html.erb +++ b/app/views/devise/confirmations/new.html.erb @@ -1,7 +1,7 @@

Resend confirmation instructions

<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %> - <%= devise_error_messages! %> + <%= render "devise/shared/error_messages", resource: resource %>
<%= f.label :email %>
diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 442036a7ff..cf3d2813e3 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -1,7 +1,7 @@

Change your password

<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %> - <%= devise_error_messages! %> + <%= render "devise/shared/error_messages", resource: resource %> <%= f.hidden_field :reset_password_token %>
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 11b3d6afca..9b486b81b9 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -1,7 +1,7 @@

Forgot your password?

<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %> - <%= devise_error_messages! %> + <%= render "devise/shared/error_messages", resource: resource %>
<%= f.label :email %>
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index f46553275a..38d95b85a8 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -1,7 +1,7 @@

Edit <%= resource_name.to_s.humanize %>

<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %> - <%= devise_error_messages! %> + <%= render "devise/shared/error_messages", resource: resource %>
<%= f.label :email %>
diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index 36c9ed729b..d655b66f6f 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -1,7 +1,7 @@

Sign up

<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %> - <%= devise_error_messages! %> + <%= render "devise/shared/error_messages", resource: resource %>
<%= f.label :email %>
diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb new file mode 100644 index 0000000000..d937c6c499 --- /dev/null +++ b/app/views/devise/shared/_error_messages.html.erb @@ -0,0 +1,15 @@ +<% if resource.errors.any? %> +
+

+ <%= I18n.t("errors.messages.not_saved", + count: resource.errors.count, + resource: resource.class.model_name.human.downcase) + %> +

+
    + <% resource.errors.full_messages.each do |message| %> +
  • <%= message %> + <% end %> +
+
+<% end %> diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb index cfe8aa816a..ffc34de8d1 100644 --- a/app/views/devise/unlocks/new.html.erb +++ b/app/views/devise/unlocks/new.html.erb @@ -1,7 +1,7 @@

Resend unlock instructions

<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %> - <%= devise_error_messages! %> + <%= render "devise/shared/error_messages", resource: resource %>
<%= f.label :email %>
From 66a96ab9d6b56d4ba9bf20973af1118775b5e0b4 Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Tue, 18 Dec 2018 21:04:34 -0200 Subject: [PATCH 1159/1473] Fix unclosed `li` tag in `error_messages` partial --- app/views/devise/shared/_error_messages.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb index d937c6c499..ba7ab88701 100644 --- a/app/views/devise/shared/_error_messages.html.erb +++ b/app/views/devise/shared/_error_messages.html.erb @@ -8,7 +8,7 @@
    <% resource.errors.full_messages.each do |message| %> -
  • <%= message %> +
  • <%= message %>
    • <% end %>
From 14785afe8de59ad6bc4a351d62c453abd964f577 Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Tue, 18 Dec 2018 21:11:37 -0200 Subject: [PATCH 1160/1473] Add a deprecation warn for `DeviseHelper.devise_error_messages!` To customize the error style one should modifying the `devise/shared/error_messages` partial. --- app/helpers/devise_helper.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index fff3727f88..200a77464c 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -4,6 +4,13 @@ module DeviseHelper # Retain this method for backwards compatibility, deprecated in favour of modifying the # devise/shared/error_messages partial def devise_error_messages! + ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + [Devise] `DeviseHelper.devise_error_messages!` + is deprecated and it will be removed in the next major version. + To customize the errors styles please run `rails g devise:views` and modify the + `devise/shared/error_messages` partial. + DEPRECATION + return "" if resource.errors.empty? render "devise/shared/error_messages", resource: resource From bf74a506c86c554ad1206956b29dabbb03c79f7e Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 19 Dec 2018 10:32:50 -0200 Subject: [PATCH 1161/1473] Update `CHANGELOG.md` [ci skip] --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ee34a05cbc..03439f2098 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ * Include the use of `nil` for `allow_unconfirmed_access_for` in the docs (by @joaumg) * Ignore useless files into the `.gem` file (by @huacnlee) * Explain the code that prevents enumeration attacks inside `Devise::Strategies::DatabaseAuthenticatable` (by @tegon) + * Refactor the `devise_error_messages!` helper to render a partial (by @prograhamer) * bug fixes * Fix missing comma in Simple Form generator (by @colinross) @@ -15,9 +16,11 @@ * Sanitize parameters inside `Devise::Models::Authenticatable#find_or_initialize_with_errors` (by @rlue) * `#after_database_authentication` callback was not called after authentication on password reset (by @kanmaniselvan) * Fix corner case when `#confirmation_period_valid?` was called at the same second as `confirmation_sent_at` was set. Mostly true for date types that only have second precisions. (by @stanhu) + * Fix unclosed `li` tag in `error_messages` partial (by @mracos) * deprecations * The second argument of `DatabaseAuthenticatable`'s `#update_with_password` and `#update_without_password` is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08) + * The `DeviseHelper.devise_error_messages!` is deprecated and will be removed in the next major version. Use the `devise/shared/error_messages` partial instead. (by @mracos) ### 4.5.0 - 2018-08-15 From 6e4b0b94bcec39c7dfdcc89e1f5768ab3e71defb Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Wed, 19 Dec 2018 14:27:11 -0200 Subject: [PATCH 1162/1473] Don't run `gem update --system` and `gem install bundler` on CI There were some issues with the combination of some `bundler` and `rubygems` versions. We got around that by always updating `bundler` in the CI but since those issues were fixed we can quit doing that. Related to `gem update --system`: - travis-ci/travis-ci#8978 - rubygems/rubygems#2123 Related to `gem install bundler`: - travis-ci/travis-ci#9333 - travis-ci/travis-ci#8969 - bundler/bundler#6340 --- .travis.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5908b7ec98..e3ad22beab 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,10 +51,7 @@ env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid -before_install: - - gem update --system - - gem install bundler - - "rm ${BUNDLE_GEMFILE}.lock" +before_install: "rm ${BUNDLE_GEMFILE}.lock" before_script: "bundle update" From 4372dd402b2c8557e41e8c8eaa60fdb5f5e1495d Mon Sep 17 00:00:00 2001 From: Pavel Pestau Date: Thu, 20 Dec 2018 08:51:19 -0500 Subject: [PATCH 1163/1473] Removed extra characters (#4988) --- app/views/devise/sessions/new.html.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index e3b93197fb..5ede96489d 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -11,12 +11,12 @@ <%= f.password_field :password, autocomplete: "current-password" %>
- <% if devise_mapping.rememberable? -%> + <% if devise_mapping.rememberable? %>
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
- <% end -%> + <% end %>
<%= f.submit "Log in" %> From 8266e8557622c978e6927a635d62e245bf54f239 Mon Sep 17 00:00:00 2001 From: Pavel Pestau Date: Fri, 21 Dec 2018 07:18:05 -0500 Subject: [PATCH 1164/1473] Removing extra characters (#4991) --- app/views/devise/shared/_links.html.erb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index e6a3e41969..084af701c6 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -1,25 +1,25 @@ <%- if controller_name != 'sessions' %> <%= link_to "Log in", new_session_path(resource_name) %>
-<% end -%> +<% end %> <%- if devise_mapping.registerable? && controller_name != 'registrations' %> <%= link_to "Sign up", new_registration_path(resource_name) %>
-<% end -%> +<% end %> <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> <%= link_to "Forgot your password?", new_password_path(resource_name) %>
-<% end -%> +<% end %> <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
-<% end -%> +<% end %> <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
-<% end -%> +<% end %> <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %>
- <% end -%> -<% end -%> + <% end %> +<% end %> From e3a00b27d19ba995891d7dd92394fe2900a789c2 Mon Sep 17 00:00:00 2001 From: kenji kobayashi Date: Fri, 28 Dec 2018 22:29:58 +0900 Subject: [PATCH 1165/1473] Add an option to not automatically sign in a user after changing a password (#4569) --- .../devise/registrations_controller.rb | 32 ++++++++++++++---- config/locales/en.yml | 1 + lib/devise.rb | 4 +++ lib/devise/models/registerable.rb | 2 ++ lib/generators/templates/devise.rb | 8 ++++- test/integration/registerable_test.rb | 33 +++++++++++++++++++ test/rails_app/config/initializers/devise.rb | 6 ++++ 7 files changed, 78 insertions(+), 8 deletions(-) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index c79ce56ece..1b8a969f82 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -50,12 +50,9 @@ def update resource_updated = update_resource(resource, account_update_params) yield resource if block_given? if resource_updated - if is_flashing_format? - flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? - :update_needs_confirmation : :updated - set_flash_message :notice, flash_key - end - bypass_sign_in resource, scope: resource_name + set_flash_message_for_update(resource, prev_unconfirmed_email) + bypass_sign_in resource, scope: resource_name if sign_in_after_change_password? + respond_with resource, location: after_update_path_for(resource) else clean_up_passwords resource @@ -127,7 +124,7 @@ def after_inactive_sign_up_path_for(resource) # The default url to be used after updating a resource. You need to overwrite # this method in your own RegistrationsController. def after_update_path_for(resource) - signed_in_root_path(resource) + sign_in_after_change_password? ? signed_in_root_path(resource) : new_session_path(resource_name) end # Authenticates the current scope and gets the current resource from the session. @@ -147,4 +144,25 @@ def account_update_params def translation_scope 'devise.registrations' end + + private + + def set_flash_message_for_update(resource, prev_unconfirmed_email) + return unless is_flashing_format? + + flash_key = if update_needs_confirmation?(resource, prev_unconfirmed_email) + :update_needs_confirmation + elsif sign_in_after_change_password? + :updated + else + :updated_but_not_signed_in + end + set_flash_message :notice, flash_key + end + + def sign_in_after_change_password? + return true if account_update_params[:password].blank? + + Devise.sign_in_after_change_password + end end diff --git a/config/locales/en.yml b/config/locales/en.yml index 0b8f130278..55617bdf3c 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -44,6 +44,7 @@ en: signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." updated: "Your account has been updated successfully." + updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again" sessions: signed_in: "Signed in successfully." signed_out: "Signed out successfully." diff --git a/lib/devise.rb b/lib/devise.rb index 360d5e13d8..dceee08900 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -293,6 +293,10 @@ module Test mattr_accessor :token_generator @@token_generator = nil + # When set to false, changing a password does not automatically sign in a user + mattr_accessor :sign_in_after_change_password + @@sign_in_after_change_password = true + def self.rails51? # :nodoc: Rails.gem_version >= Gem::Version.new("5.1.x") end diff --git a/lib/devise/models/registerable.rb b/lib/devise/models/registerable.rb index 3965ee5cbc..e55dac2723 100644 --- a/lib/devise/models/registerable.rb +++ b/lib/devise/models/registerable.rb @@ -21,6 +21,8 @@ module ClassMethods def new_with_session(params, session) new(params) end + + Devise::Models.config(self, :sign_in_after_change_password) end end end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 09616950f3..5bad7f9aff 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -9,7 +9,7 @@ # Devise will use the `secret_key_base` as its `secret_key` # by default. You can change it below and use your own secret key. # config.secret_key = '<%= SecureRandom.hex(64) %>' - + # ==> Controller configuration # Configure the parent class to the devise controllers. # config.parent_controller = 'DeviseController' @@ -290,4 +290,10 @@ # ActiveSupport.on_load(:devise_failure_app) do # include Turbolinks::Controller # end + + # ==> Configuration for :registerable + + # When set to false, does not sign a user in automatically after their password is + # changed. Defaults to true, so a user is signed in automatically after changing a password. + # config.sign_in_after_change_password = true end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 2387cd29d0..46f09f37b8 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -179,6 +179,39 @@ def user_sign_up assert warden.authenticated?(:user) end + test 'a signed in user should not be able to use the website after changing their password if config.sign_in_after_change_password is false' do + swap Devise, sign_in_after_change_password: false do + sign_in_as_user + get edit_user_registration_path + + fill_in 'password', with: '1234567890' + fill_in 'password confirmation', with: '1234567890' + fill_in 'current password', with: '12345678' + click_button 'Update' + + assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again' + assert_equal new_user_session_path, @request.path + refute warden.authenticated?(:user) + end + end + + test 'a signed in user should be able to use the website after changing its email with config.sign_in_after_change_password is false' do + swap Devise, sign_in_after_change_password: false do + sign_in_as_user + get edit_user_registration_path + + fill_in 'email', with: 'user.new@example.com' + fill_in 'current password', with: '12345678' + click_button 'Update' + + assert_current_url '/' + assert_contain 'Your account has been updated successfully.' + + assert warden.authenticated?(:user) + assert_equal "user.new@example.com", User.to_adapter.find_first.email + end + end + test 'a signed in user should not change their current user with invalid password' do sign_in_as_user get edit_user_registration_path diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index bf4f7212a2..0ce41964bb 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -180,6 +180,12 @@ # manager.default_strategies(scope: :user).unshift :some_external_strategy # end + # ==> Configuration for :registerable + + # When set to false, does not sign a user in automatically after their password is + # changed. Defaults to true, so a user is signed in automatically after changing a password. + # config.sign_in_after_change_password = true + ActiveSupport.on_load(:devise_failure_app) do require "lazy_load_test_module" include LazyLoadTestModule From 62703943bef75aba09ec3e346aba4c9159300ecd Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 28 Dec 2018 17:00:50 -0200 Subject: [PATCH 1166/1473] Make `#increment_failed_attempts` concurrency safe (#4996) As reported in #4981, the method `#increment_failed_attempts` of `Devise::Models::Lockable` was not concurrency safe. The increment operation was being done in two steps: first the value was read from the database, and then incremented by 1. This may result in wrong values if two requests try to update the value concurrently. For example: ``` Browser1 -------> Read `failed_attempts` from DB (1) -------> Increment `failed_attempts` to 2 Browser2 -------> Read `failed_attempts` from DB (1) -------> Increment `failed_attempts` to 2 ``` In the example above, `failed_attempts` should have been set to 3, but it will be set to 2. This commit handles this case by calling `ActiveRecord::CounterCache.increment_counter` method, which will do both steps at once, reading the value straight from the database. This commit also adds a `ActiveRecord::AttributeMethods::Dirty#reload` call to ensure that the application gets the updated value - i.e. that other request might have updated. Although this does not ensure that the value is in fact the most recent one - other request could've updated it after the `reload` call - it seems good enough for this implementation. Even if a request does not locks the account because it has a stale value, the next one - that updated that value - will do it. That's why we decided not to use a pessimistic lock here. Closes #4981. --- lib/devise/models/lockable.rb | 4 ++-- test/models/lockable_test.rb | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 079142af6f..b8ec4dcaa9 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -112,8 +112,8 @@ def valid_for_authentication? end def increment_failed_attempts - self.failed_attempts ||= 0 - self.failed_attempts += 1 + self.class.increment_counter(:failed_attempts, id) + reload end def unauthenticated_message diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 2685afe9ca..644156a4e8 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -39,6 +39,17 @@ def setup end end + test "should read failed_attempts from database when incrementing" do + user = create_user + initial_failed_attempts = user.failed_attempts + same_user = User.find(user.id) + + user.increment_failed_attempts + same_user.increment_failed_attempts + + assert_equal initial_failed_attempts + 2, user.reload.failed_attempts + end + test 'should be valid for authentication with a unlocked user' do user = create_user user.lock_access! From a8d0a8f63d002f2f9a85b46628f4b7a375deab38 Mon Sep 17 00:00:00 2001 From: Atul Bhosale Date: Mon, 7 Jan 2019 23:28:19 +0530 Subject: [PATCH 1167/1473] Update copyright notice to 2019 [ci skip] --- MIT-LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 3df1078623..d452d3d490 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2009-2018 Plataformatec. http://plataformatec.com.br +Copyright 2009-2019 Plataformatec. http://plataformatec.com.br Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the From 518f6f39bfdc5671cbbf53dfd4b27035c2104f17 Mon Sep 17 00:00:00 2001 From: Patrick Jones Date: Thu, 10 Jan 2019 14:09:51 +0100 Subject: [PATCH 1168/1473] Fixed broken README link in changelog [ci skip] (#4999) --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03439f2098..b8db8185a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -277,7 +277,7 @@ configured (by @joshpencheon) end ``` - You can check more examples and explanations on the [README section](/plataformatec/devise#strong-parameters) + You can check more examples and explanations on the [README section](README.md#strong-parameters) and on the [ParameterSanitizer docs](lib/devise/parameter_sanitizer.rb). Please check [3-stable](https://github.com/plataformatec/devise/blob/3-stable/CHANGELOG.md) From 6b1ead8654ec2e7fda7e10d42f9b1627c2355970 Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Thu, 17 Jan 2019 17:07:44 -0200 Subject: [PATCH 1169/1473] Fix travis build Now Travis uses bundler 2.0+ and it causes some build fails since we still support Rails 4. This commit set Travis to not use a bundler version higher than 2.0. More info: https://docs.travis-ci.com/user/languages/ruby/#bundler-20 --- .travis.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e3ad22beab..faba913861 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,7 +51,10 @@ env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid -before_install: "rm ${BUNDLE_GEMFILE}.lock" +before_install: + - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true + - gem install bundler -v '< 2' + - "rm ${BUNDLE_GEMFILE}.lock" before_script: "bundle update" From 40e8812d7598c5eeba72cdcebd17ac7e3d24a66b Mon Sep 17 00:00:00 2001 From: Matthew Rudy Jacobs Date: Thu, 17 Jan 2019 20:29:00 +0000 Subject: [PATCH 1170/1473] Apply Test Helper fix to Rails 6.0 as well as 5.x (#5002) --- lib/devise/test/controller_helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 198144ae0a..cd1a8be8e3 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -139,7 +139,7 @@ def _process_unauthenticated(env, options = {}) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a @controller.response.headers.merge!(headers) - @controller.response.content_type = headers["Content-Type"] unless Rails.version.start_with?('5') + @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5 @controller.status = status @controller.response.body = response.body nil # causes process return @response From c000b58c565f46cb63d52ade0807294943b20cd3 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 22 Jan 2019 12:43:31 -0200 Subject: [PATCH 1171/1473] Add Rails 6 to CI (#5009) --- .travis.yml | 40 +++- gemfiles/Gemfile.rails-4.2-stable | 1 + ...rails-5.2-rc1 => Gemfile.rails-5.2-stable} | 2 +- ...rc1.lock => Gemfile.rails-5.2-stable.lock} | 114 ++++----- gemfiles/Gemfile.rails-6.0-beta | 27 +++ gemfiles/Gemfile.rails-6.0-beta.lock | 216 ++++++++++++++++++ .../active_record_generator_test.rb | 2 +- test/integration/rememberable_test.rb | 2 +- test/orm/active_record.rb | 4 +- test/rails_app/app/active_record/user.rb | 2 +- .../app/controllers/home_controller.rb | 2 +- .../users/omniauth_callbacks_controller.rb | 2 +- .../app/controllers/users_controller.rb | 6 +- test/rails_app/config/boot.rb | 8 + .../config/environments/production.rb | 2 +- test/rails_app/config/environments/test.rb | 2 +- test/routes_test.rb | 10 +- test/support/http_method_compatibility.rb | 4 +- test/test/controller_helpers_test.rb | 2 +- 19 files changed, 361 insertions(+), 87 deletions(-) rename gemfiles/{Gemfile.rails-5.2-rc1 => Gemfile.rails-5.2-stable} (94%) rename gemfiles/{Gemfile.rails-5.2-rc1.lock => Gemfile.rails-5.2-stable.lock} (68%) create mode 100644 gemfiles/Gemfile.rails-6.0-beta create mode 100644 gemfiles/Gemfile.rails-6.0-beta.lock diff --git a/.travis.yml b/.travis.yml index faba913861..2cb3aca8e7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,14 +3,16 @@ language: ruby rvm: - 2.1.10 - 2.2.10 - - 2.3.7 - - 2.4.4 - - 2.5.1 + - 2.3.8 + - 2.4.5 + - 2.5.3 + - 2.6.0 - ruby-head gemfile: - Gemfile - - gemfiles/Gemfile.rails-5.2-rc1 + - gemfiles/Gemfile.rails-6.0-beta + - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable @@ -20,25 +22,45 @@ matrix: - rvm: 2.1.10 gemfile: Gemfile - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.2-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-beta + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.0-stable - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-5.2-rc1 - - rvm: 2.4.4 + gemfile: Gemfile + - rvm: 2.2.10 + gemfile: gemfiles/Gemfile.rails-6.0-beta + - rvm: 2.2.10 + gemfile: gemfiles/Gemfile.rails-5.2-stable + - rvm: 2.3.8 + gemfile: gemfiles/Gemfile.rails-6.0-beta + - rvm: 2.4.5 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.5.1 + - rvm: 2.4.5 + gemfile: gemfiles/Gemfile.rails-6.0-beta + - rvm: 2.5.3 gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: 2.6.0 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: 2.6.0 + gemfile: gemfiles/Gemfile.rails-4.2-stable - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: ruby-head + gemfile: gemfiles/Gemfile.rails-4.2-stable - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.0-stable - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.2-rc1 + gemfile: gemfiles/Gemfile.rails-5.2-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-6.0-beta allow_failures: - rvm: ruby-head + - gemfile: gemfiles/Gemfile.rails-6.0-beta + services: - mongodb diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable index 69078ca89c..262e49c045 100644 --- a/gemfiles/Gemfile.rails-4.2-stable +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -8,6 +8,7 @@ gem "rails", github: "rails/rails", branch: "4-2-stable" gem "omniauth" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" +gem "nokogiri", "1.9.1" group :test do gem "omniauth-facebook" diff --git a/gemfiles/Gemfile.rails-5.2-rc1 b/gemfiles/Gemfile.rails-5.2-stable similarity index 94% rename from gemfiles/Gemfile.rails-5.2-rc1 rename to gemfiles/Gemfile.rails-5.2-stable index 850a5ba2bb..37d4664b44 100644 --- a/gemfiles/Gemfile.rails-5.2-rc1 +++ b/gemfiles/Gemfile.rails-5.2-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 5.2.0.rc1' +gem "rails", '~> 5.2' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-5.2-rc1.lock b/gemfiles/Gemfile.rails-5.2-stable.lock similarity index 68% rename from gemfiles/Gemfile.rails-5.2-rc1.lock rename to gemfiles/Gemfile.rails-5.2-stable.lock index 4f33d26725..fc2f8fbd53 100644 --- a/gemfiles/Gemfile.rails-5.2-rc1.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: 356edf4dfc38fb1fbfee90c87856e4fe5b73c5e1 + revision: f744aeca2747ed3134e492249c4ee39b548efdf6 specs: activemodel-serializers-xml (1.0.2) activemodel (> 5.x) @@ -20,81 +20,81 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.0.rc1) - actionpack (= 5.2.0.rc1) + actioncable (5.2.1) + actionpack (= 5.2.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.0.rc1) - actionpack (= 5.2.0.rc1) - actionview (= 5.2.0.rc1) - activejob (= 5.2.0.rc1) + actionmailer (5.2.1) + actionpack (= 5.2.1) + actionview (= 5.2.1) + activejob (= 5.2.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.0.rc1) - actionview (= 5.2.0.rc1) - activesupport (= 5.2.0.rc1) + actionpack (5.2.1) + actionview (= 5.2.1) + activesupport (= 5.2.1) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.0.rc1) - activesupport (= 5.2.0.rc1) + actionview (5.2.1) + activesupport (= 5.2.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.0.rc1) - activesupport (= 5.2.0.rc1) + activejob (5.2.1) + activesupport (= 5.2.1) globalid (>= 0.3.6) - activemodel (5.2.0.rc1) - activesupport (= 5.2.0.rc1) - activerecord (5.2.0.rc1) - activemodel (= 5.2.0.rc1) - activesupport (= 5.2.0.rc1) + activemodel (5.2.1) + activesupport (= 5.2.1) + activerecord (5.2.1) + activemodel (= 5.2.1) + activesupport (= 5.2.1) arel (>= 9.0) - activestorage (5.2.0.rc1) - actionpack (= 5.2.0.rc1) - activerecord (= 5.2.0.rc1) + activestorage (5.2.1) + actionpack (= 5.2.1) + activerecord (= 5.2.1) marcel (~> 0.3.1) - activesupport (5.2.0.rc1) + activesupport (5.2.1) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.0.5) - crass (1.0.3) - erubi (1.7.0) + crass (1.0.4) + erubi (1.7.1) faraday (0.12.2) multipart-post (>= 1.2, < 3) globalid (0.4.1) activesupport (>= 4.2.0) hashie (3.5.7) - i18n (0.9.3) + i18n (1.1.0) concurrent-ruby (~> 1.0) jwt (1.5.6) - loofah (2.1.1) + loofah (2.2.2) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.0) mini_mime (>= 0.1.1) - marcel (0.3.1) + marcel (0.3.3) mimemagic (~> 0.3.2) metaclass (0.0.4) method_source (0.9.0) mimemagic (0.3.2) - mini_mime (1.0.0) + mini_mime (1.0.1) mini_portile2 (2.3.0) minitest (5.11.3) - mocha (1.3.0) + mocha (1.7.0) metaclass (~> 0.0.1) multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) - nio4r (2.2.0) - nokogiri (1.8.2) + nio4r (2.3.1) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) oauth2 (1.4.0) faraday (>= 0.8, < 0.13) @@ -105,7 +105,7 @@ GEM omniauth (1.8.1) hashie (>= 3.4.6, < 3.6.0) rack (>= 1.6.2, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (5.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.5.0) oauth2 (~> 1.1) @@ -114,24 +114,24 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.4) + rack (2.0.5) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (0.8.2) + rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.0.rc1) - actioncable (= 5.2.0.rc1) - actionmailer (= 5.2.0.rc1) - actionpack (= 5.2.0.rc1) - actionview (= 5.2.0.rc1) - activejob (= 5.2.0.rc1) - activemodel (= 5.2.0.rc1) - activerecord (= 5.2.0.rc1) - activestorage (= 5.2.0.rc1) - activesupport (= 5.2.0.rc1) + rails (5.2.1) + actioncable (= 5.2.1) + actionmailer (= 5.2.1) + actionpack (= 5.2.1) + actionview (= 5.2.1) + activejob (= 5.2.1) + activemodel (= 5.2.1) + activerecord (= 5.2.1) + activestorage (= 5.2.1) + activesupport (= 5.2.1) bundler (>= 1.3.0) - railties (= 5.2.0.rc1) + railties (= 5.2.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.2) actionpack (~> 5.x, >= 5.0.1) @@ -140,21 +140,21 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.2.0.rc1) - actionpack (= 5.2.0.rc1) - activesupport (= 5.2.0.rc1) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) + railties (5.2.1) + actionpack (= 5.2.1) + activesupport (= 5.2.1) method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (12.3.0) - rdoc (6.0.1) + thor (>= 0.19.0, < 2.0) + rake (12.3.1) + rdoc (6.0.4) responders (2.4.0) actionpack (>= 4.2.0, < 5.3) railties (>= 4.2.0, < 5.3) ruby-openid (2.7.0) - sprockets (3.7.1) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -190,7 +190,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.2.0.rc1) + rails (~> 5.2) rails-controller-testing rdoc responders (~> 2.1) diff --git a/gemfiles/Gemfile.rails-6.0-beta b/gemfiles/Gemfile.rails-6.0-beta new file mode 100644 index 0000000000..8ea4f7061e --- /dev/null +++ b/gemfiles/Gemfile.rails-6.0-beta @@ -0,0 +1,27 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '6.0.0.beta1' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing" + +gem "responders", "~> 2.4" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false + gem 'test_after_commit', require: false +end + +platforms :ruby do + gem "sqlite3" +end diff --git a/gemfiles/Gemfile.rails-6.0-beta.lock b/gemfiles/Gemfile.rails-6.0-beta.lock new file mode 100644 index 0000000000..7421de6312 --- /dev/null +++ b/gemfiles/Gemfile.rails-6.0-beta.lock @@ -0,0 +1,216 @@ +GIT + remote: git://github.com/rails/activemodel-serializers-xml.git + revision: f744aeca2747ed3134e492249c4ee39b548efdf6 + specs: + activemodel-serializers-xml (1.0.2) + activemodel (> 5.x) + activesupport (> 5.x) + builder (~> 3.1) + +PATH + remote: .. + specs: + devise (4.5.0) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0, < 6.0) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + actioncable (6.0.0.beta1) + actionpack (= 6.0.0.beta1) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailbox (6.0.0.beta1) + actionpack (= 6.0.0.beta1) + activejob (= 6.0.0.beta1) + activerecord (= 6.0.0.beta1) + activestorage (= 6.0.0.beta1) + activesupport (= 6.0.0.beta1) + mail (>= 2.7.1) + actionmailer (6.0.0.beta1) + actionpack (= 6.0.0.beta1) + actionview (= 6.0.0.beta1) + activejob (= 6.0.0.beta1) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (6.0.0.beta1) + actionview (= 6.0.0.beta1) + activesupport (= 6.0.0.beta1) + rack (~> 2.0) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actiontext (6.0.0.beta1) + actionpack (= 6.0.0.beta1) + activerecord (= 6.0.0.beta1) + activestorage (= 6.0.0.beta1) + activesupport (= 6.0.0.beta1) + nokogiri (>= 1.8.5) + actionview (6.0.0.beta1) + activesupport (= 6.0.0.beta1) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (6.0.0.beta1) + activesupport (= 6.0.0.beta1) + globalid (>= 0.3.6) + activemodel (6.0.0.beta1) + activesupport (= 6.0.0.beta1) + activerecord (6.0.0.beta1) + activemodel (= 6.0.0.beta1) + activesupport (= 6.0.0.beta1) + activestorage (6.0.0.beta1) + actionpack (= 6.0.0.beta1) + activerecord (= 6.0.0.beta1) + marcel (~> 0.3.1) + activesupport (6.0.0.beta1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + bcrypt (3.1.12) + builder (3.2.3) + concurrent-ruby (1.1.4) + crass (1.0.4) + erubi (1.8.0) + faraday (0.15.4) + multipart-post (>= 1.2, < 3) + globalid (0.4.2) + activesupport (>= 4.2.0) + hashie (3.6.0) + i18n (1.5.2) + concurrent-ruby (~> 1.0) + jwt (2.1.0) + loofah (2.2.3) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (0.3.3) + mimemagic (~> 0.3.2) + metaclass (0.0.4) + method_source (0.9.2) + mimemagic (0.3.3) + mini_mime (1.0.1) + mini_portile2 (2.4.0) + minitest (5.11.3) + mocha (1.8.0) + metaclass (~> 0.0.1) + multi_json (1.13.1) + multi_xml (0.6.0) + multipart-post (2.0.0) + nio4r (2.3.1) + nokogiri (1.10.1) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.1) + faraday (>= 0.8, < 0.16.0) + jwt (>= 1.0, < 3.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.9.0) + hashie (>= 3.4.6, < 3.7.0) + rack (>= 1.6.2, < 3) + omniauth-facebook (5.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack (2.0.6) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (6.0.0.beta1) + actioncable (= 6.0.0.beta1) + actionmailbox (= 6.0.0.beta1) + actionmailer (= 6.0.0.beta1) + actionpack (= 6.0.0.beta1) + actiontext (= 6.0.0.beta1) + actionview (= 6.0.0.beta1) + activejob (= 6.0.0.beta1) + activemodel (= 6.0.0.beta1) + activerecord (= 6.0.0.beta1) + activestorage (= 6.0.0.beta1) + activesupport (= 6.0.0.beta1) + bundler (>= 1.3.0) + railties (= 6.0.0.beta1) + sprockets-rails (>= 2.0.0) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) + railties (6.0.0.beta1) + actionpack (= 6.0.0.beta1) + activesupport (= 6.0.0.beta1) + method_source + rake (>= 0.8.7) + thor (>= 0.20.3, < 2.0) + rake (12.3.2) + rdoc (6.1.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.7.0) + sprockets (3.7.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.3.13) + test_after_commit (1.1.0) + activerecord (>= 3.2) + thor (0.20.3) + thread_safe (0.3.6) + timecop (0.9.1) + tzinfo (1.2.5) + thread_safe (~> 0.1) + warden (1.2.8) + rack (>= 2.0.6) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + websocket-driver (0.7.0) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.3) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + devise! + mocha (~> 1.1) + omniauth + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails (= 6.0.0.beta1) + rails-controller-testing + rdoc + responders (~> 2.4) + sqlite3 + test_after_commit + timecop + webrat (= 0.7.3) + +BUNDLED WITH + 1.17.1 diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index d79163cb63..757095edcf 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -84,7 +84,7 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase test "add primary key type with rails 5 when specified in rails generator" do run_generator ["monster", "--primary_key_type=uuid"] - if Rails.version.start_with? '5' + if Devise::Test.rails5_and_up? assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/ else assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters do/ diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index a85e66a0ad..cd6f2f10e2 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -12,7 +12,7 @@ def create_user_and_remember(add_to_token='') end def generate_signed_cookie(raw_cookie) - request = if Devise::Test.rails51? || Devise::Test.rails52? + request = if Devise::Test.rails51? || Devise::Test.rails52_and_up? ActionController::TestRequest.create(Class.new) # needs a "controller class" elsif Devise::Test.rails5? ActionController::TestRequest.create diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index 1aec0cad5d..e258ca8afb 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,14 +5,14 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails52? +if Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate else ActiveRecord::Migrator.migrate(migrate_path) end class ActiveSupport::TestCase - if Devise::Test.rails5? + if Devise::Test.rails5_and_up? self.use_transactional_tests = true else # Let `after_commit` work with transactional fixtures, however this is not needed for Rails 5. diff --git a/test/rails_app/app/active_record/user.rb b/test/rails_app/app/active_record/user.rb index e065e2614c..3cc2fc9d1a 100644 --- a/test/rails_app/app/active_record/user.rb +++ b/test/rails_app/app/active_record/user.rb @@ -5,7 +5,7 @@ class User < ActiveRecord::Base include Shim include SharedUser - include ActiveModel::Serializers::Xml if Devise::Test.rails5? + include ActiveModel::Serializers::Xml if Devise::Test.rails5_and_up? validates :sign_in_count, presence: true diff --git a/test/rails_app/app/controllers/home_controller.rb b/test/rails_app/app/controllers/home_controller.rb index 703e9ef874..9eff82d53b 100644 --- a/test/rails_app/app/controllers/home_controller.rb +++ b/test/rails_app/app/controllers/home_controller.rb @@ -22,7 +22,7 @@ def set end def unauthenticated - if Devise::Test.rails5? + if Devise::Test.rails5_and_up? render body: "unauthenticated", status: :unauthorized else render text: "unauthenticated", status: :unauthorized diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index 98df295788..5da3b94f97 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -11,6 +11,6 @@ def sign_in_facebook user = User.to_adapter.find_first(email: 'user@test.com') user.remember_me = true sign_in user - render (Devise::Test.rails5? ? :body : :text) => "" + render (Devise::Test.rails5_and_up? ? :body : :text) => "" end end diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index d02b8844bf..384aa67a70 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -15,7 +15,7 @@ def edit_form end def update_form - render (Devise::Test.rails5? ? :body : :text) => 'Update' + render (Devise::Test.rails5_and_up? ? :body : :text) => 'Update' end def accept @@ -23,11 +23,11 @@ def accept end def exhibit - render (Devise::Test.rails5? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated" + render (Devise::Test.rails5_and_up? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated" end def expire user_session['last_request_at'] = 31.minutes.ago.utc - render (Devise::Test.rails5? ? :body : :text) => 'User will be expired on next request' + render (Devise::Test.rails5_and_up? ? :body : :text) => 'User will be expired on next request' end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 38d770f147..01621de75c 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -8,6 +8,10 @@ module Devise module Test # Detection for minor differences between Rails 4 and 5, 5.1, and 5.2 in tests. + def self.rails52_and_up? + Rails::VERSION::MAJOR > 5 || rails52? + end + def self.rails52? Rails.version.start_with? '5.2' end @@ -16,6 +20,10 @@ def self.rails51? Rails.version.start_with? '5.1' end + def self.rails5_and_up? + Rails::VERSION::MAJOR >= 5 + end + def self.rails5? Rails.version.start_with? '5' end diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index 3e62a174a4..3a3be4784e 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -22,7 +22,7 @@ # config.action_dispatch.rack_cache = true # Disable Rails's static asset server (Apache or nginx will already do this). - if Rails.version >= "5.0.0" + if Devise::Test.rails5_and_up? config.public_file_server.enabled = false elsif Rails.version >= "4.2.0" config.serve_static_files = false diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index b202bc3e51..c5d393c5e0 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -16,7 +16,7 @@ # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - if Rails.version >= "5.0.0" + if Devise::Test.rails5_and_up? config.public_file_server.enabled = true config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'} elsif Rails.version >= "4.2.0" diff --git a/test/routes_test.rb b/test/routes_test.rb index ba580f5b54..4f6233afcd 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -205,7 +205,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for sessions' do expected_params = {controller: 'devise/sessions', action: 'new'} - expected_params[:format] = false if Devise::Test.rails5? + expected_params[:format] = false if Devise::Test.rails5_and_up? assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do @@ -215,7 +215,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for passwords' do expected_params = {controller: 'devise/passwords', action: 'create'} - expected_params[:format] = false if Devise::Test.rails5? + expected_params[:format] = false if Devise::Test.rails5_and_up? assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post}) assert_raise ExpectedRoutingError do @@ -225,7 +225,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for registrations' do expected_params = {controller: 'devise/registrations', action: 'new'} - expected_params[:format] = false if Devise::Test.rails5? + expected_params[:format] = false if Devise::Test.rails5_and_up? assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get}) assert_raise ExpectedRoutingError do @@ -235,7 +235,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for confirmations' do expected_params = {controller: 'devise/confirmations', action: 'show'} - expected_params[:format] = false if Devise::Test.rails5? + expected_params[:format] = false if Devise::Test.rails5_and_up? assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get}) assert_raise ExpectedRoutingError do @@ -245,7 +245,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for unlocks' do expected_params = {controller: 'devise/unlocks', action: 'show'} - expected_params[:format] = false if Devise::Test.rails5? + expected_params[:format] = false if Devise::Test.rails5_and_up? assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get}) assert_raise ExpectedRoutingError do diff --git a/test/support/http_method_compatibility.rb b/test/support/http_method_compatibility.rb index 87946314b2..de207087f2 100644 --- a/test/support/http_method_compatibility.rb +++ b/test/support/http_method_compatibility.rb @@ -6,7 +6,7 @@ class IntegrationTest < ActionDispatch::IntegrationTest # xhr get_via_redirect post_via_redirect # ).each do |method| %w( get post put ).each do |method| - if Rails.version >= '5.0.0' + if Devise::Test.rails5_and_up? define_method(method) do |url, options={}| if options.empty? super url @@ -31,7 +31,7 @@ class ControllerTestCase < ActionController::TestCase # xhr get_via_redirect post_via_redirect # ).each do |method| %w( get post put ).each do |method| - if Rails.version >= '5.0.0' + if Devise::Test.rails5_and_up? define_method(method) do |action, options={}| if options.empty? super action diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 857fa12b39..7855621c13 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -171,7 +171,7 @@ def respond test "creates a new warden proxy if the request object has changed" do old_warden_proxy = warden - @request = if Devise::Test.rails51? || Devise::Test.rails52? + @request = if Devise::Test.rails51? || Devise::Test.rails52_and_up? ActionController::TestRequest.create(Class.new) # needs a "controller class" elsif Devise::Test.rails5? ActionController::TestRequest.create From ee65cd60c96e039f64fe291f5d55f2f2cb471de8 Mon Sep 17 00:00:00 2001 From: Alessandro Date: Wed, 23 Jan 2019 18:32:29 +0100 Subject: [PATCH 1172/1473] FIX plataformatec/devise#4127 (#4700) --- lib/devise/failure_app.rb | 9 ++++-- test/integration/mounted_engine_test.rb | 40 +++++++++++++++++++++---- 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 14de94b0a2..b50e48ceb5 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -144,11 +144,16 @@ def scope_url opts[:format] = request_format unless skip_format? - opts[:script_name] = relative_url_root if relative_url_root? - router_name = Devise.mappings[scope].router_name || Devise.available_router_name context = send(router_name) + if relative_url_root? + opts[:script_name] = relative_url_root + elsif defined? context.routes + rootpath = context.routes.url_helpers.root_path + opts[:script_name] = rootpath.chomp('/') unless rootpath.length <= 1 + end + if context.respond_to?(route) context.send(route, opts) elsif respond_to?(:root_url) diff --git a/test/integration/mounted_engine_test.rb b/test/integration/mounted_engine_test.rb index a19d6a227b..0ac47e335a 100644 --- a/test/integration/mounted_engine_test.rb +++ b/test/integration/mounted_engine_test.rb @@ -2,10 +2,23 @@ require 'test_helper' -class MyMountableEngine - def self.call(env) - ['200', { 'Content-Type' => 'text/html' }, ['Rendered content of MyMountableEngine']] +module MyMountableEngine + class Engine < ::Rails::Engine + isolate_namespace MyMountableEngine end + class TestsController < ActionController::Base + def index + render plain: 'Root test successful' + end + def inner_route + render plain: 'Inner route test successful' + end + end +end + +MyMountableEngine::Engine.routes.draw do + get 'test', to: 'tests#inner_route' + root to: 'tests#index' end # If disable_clear_and_finalize is set to true, Rails will not clear other routes when calling @@ -15,7 +28,7 @@ def self.call(env) Rails.application.routes.draw do authenticate(:user) do - mount MyMountableEngine, at: '/mountable_engine' + mount MyMountableEngine::Engine, at: '/mountable_engine' end end @@ -33,6 +46,23 @@ class AuthenticatedMountedEngineTest < Devise::IntegrationTest get '/mountable_engine' assert_response :success - assert_contain 'Rendered content of MyMountableEngine' + assert_contain 'Root test successful' + end + + + test 'renders a inner route of the mounted engine when authenticated' do + sign_in_as_user + get '/mountable_engine/test' + + assert_response :success + assert_contain 'Inner route test successful' + end + + test 'respond properly to a non existing route of the mounted engine' do + sign_in_as_user + + assert_raise ActionController::RoutingError do + get '/mountable_engine/non-existing-route' + end end end From 1aab4499330c8a7641a3dea7e2ec3b96acdf46ae Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Wed, 23 Jan 2019 15:41:30 -0200 Subject: [PATCH 1173/1473] Refactor fix #4127 * Adding to check if rootpath is present on url_helpers. * Run this code only for Rails versions lower than 5.1. --- lib/devise/failure_app.rb | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index b50e48ceb5..4894ecb779 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -149,9 +149,13 @@ def scope_url if relative_url_root? opts[:script_name] = relative_url_root - elsif defined? context.routes + + # We need to add the rootpath to `script_name` manually for applications that use a Rails + # version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines + # that use Devise. Remove it when the support of Rails 5.0 is droped. + elsif root_path_defined?(context) && rails_5_and_down? rootpath = context.routes.url_helpers.root_path - opts[:script_name] = rootpath.chomp('/') unless rootpath.length <= 1 + opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1 end if context.respond_to?(route) @@ -267,5 +271,21 @@ def relative_url_root? end ActiveSupport.run_load_hooks(:devise_failure_app, self) + + private + + def root_path_defined?(context) + defined?(context.routes) && context.routes.url_helpers.root_path.present? + end + + def rails_5_and_down? + return false if rails_5_up? + + Rails::VERSION::MAJOR >= 4 + end + + def rails_5_up? + Rails::VERSION::MAJOR >= 5 && Rails::VERSION::MINOR > 0 + end end end From a42033cb04dcd78c3b4e707bae0266262e603cc6 Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Wed, 23 Jan 2019 16:02:12 -0200 Subject: [PATCH 1174/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b8db8185a6..058bb83e8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ * `#after_database_authentication` callback was not called after authentication on password reset (by @kanmaniselvan) * Fix corner case when `#confirmation_period_valid?` was called at the same second as `confirmation_sent_at` was set. Mostly true for date types that only have second precisions. (by @stanhu) * Fix unclosed `li` tag in `error_messages` partial (by @mracos) + * Fix Routes issue when devise engine is mounted in another engine on Rails versions lower than 5.1 (by @a-barbieri) * deprecations * The second argument of `DatabaseAuthenticatable`'s `#update_with_password` and `#update_without_password` is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08) From 369ba267efaa10d01c8dba59b09c3b94dd9e5551 Mon Sep 17 00:00:00 2001 From: Hyeonseok Date: Thu, 24 Jan 2019 21:20:03 +0900 Subject: [PATCH 1175/1473] removing white space in devise generator new.html.erb (#5010) --- .../templates/simple_form_for/registrations/new.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/simple_form_for/registrations/new.html.erb b/lib/generators/templates/simple_form_for/registrations/new.html.erb index 8eeba8cabb..5dafdd7601 100644 --- a/lib/generators/templates/simple_form_for/registrations/new.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/new.html.erb @@ -6,7 +6,7 @@
<%= f.input :email, required: true, - autofocus: true , + autofocus: true, input_html: { autocomplete: "email" }%> <%= f.input :password, required: true, From f3329110ba786b9262ffacf662d73bc0633e9624 Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Mon, 28 Jan 2019 14:31:42 -0200 Subject: [PATCH 1176/1473] Update README to help run tests [ci skip] (#5012) Adds a section to help contributors run Devise test suite. --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 255beca3b9..5668efc4da 100644 --- a/README.md +++ b/README.md @@ -149,6 +149,24 @@ BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable DEVISE_ORM=mongoid bin/test ``` +### Running tests +Devise uses [Mini Test](https://github.com/seattlerb/minitest) as test framework. + +* Running all tests: +```bash +bin/test +``` + +* Running tests for an specific file: +```bash +ruby -Itest test/models/trackable_test.rb +``` + +* Running a specific test given a regex: +```bash +ruby -Itest test/models/trackable_test.rb --name /authentication/ +``` + ## Starting with Rails? If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started: From 45438fcfc4084d9e56b6f0c079eaaff8557c24d9 Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Fri, 25 Jan 2019 17:01:28 -0200 Subject: [PATCH 1177/1473] Fix SQLite3 warning Before setting this option, our test suite was giving the following warning: ``` DEPRECATION WARNING: Leaving `ActiveRecord::ConnectionAdapters::SQLite3Adapter.represent_boolean_as_integer` set to false is deprecated. SQLite databases have used 't' and 'f' to serialize boolean values and must have old data converted to 1 and 0 (its native boolean serialization) before setting this flag to true. Conversion can be accomplished by setting up a rake task which runs ExampleModel.where("boolean_column = 't'").update_all(boolean_column: 1) ExampleModel.where("boolean_column = 'f'").update_all(boolean_column: 0) for all models and all boolean columns, after which the flag must be set to true by adding the following to your application.rb file: Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true (called from at $PATH/devise/test/rails_app/app/active_record/user.rb:5) ``` After configuring `represent_boolean_as_integer = true` as specified above, we don't have this warning anymore. More info: https://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/SQLite3Adapter.html#method-c-represent_boolean_as_integer --- test/rails_app/config/application.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 6d4606d63e..d39fa7dd6e 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -44,5 +44,10 @@ class Application < Rails::Application config.to_prepare do Devise::SessionsController.layout "application" end + + # Remove this check once Rails 5.0 support is removed. + if Devise::Test.rails52_and_up? + Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true + end end end From 2dd322579fdfb6705f49c1e4ca769c57cc92bf1a Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Tue, 29 Jan 2019 17:07:59 -0200 Subject: [PATCH 1178/1473] Fix bin/test to use Rails::TestUnit The command bin/test stop running single tests once Devise started to support Rails 5.2. The problem is because we used `rails/test_unit/minitest_plugin` and this file was moved to another place. See: https://github.com/rails/rails/pull/29572 I'm not sure if we should require the `minitest-plugin` directly from Rails like we were doing, I tried it and it didn't work. So I'm changing this `bin/test` completely based on how Rails does that [here](https://github.com/rails/rails/blob/master/tools/test.rb) --- README.md | 4 ++-- bin/test | 16 ++++++++++------ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 5668efc4da..0ecd3e5c48 100644 --- a/README.md +++ b/README.md @@ -159,12 +159,12 @@ bin/test * Running tests for an specific file: ```bash -ruby -Itest test/models/trackable_test.rb +bin/test test/models/trackable_test.rb ``` * Running a specific test given a regex: ```bash -ruby -Itest test/models/trackable_test.rb --name /authentication/ +bin/test test/models/trackable_test.rb:16 ``` ## Starting with Rails? diff --git a/bin/test b/bin/test index cb9baa81e4..3670b19da8 100755 --- a/bin/test +++ b/bin/test @@ -1,13 +1,17 @@ #!/usr/bin/env ruby $: << File.expand_path(File.expand_path('../../test', __FILE__)) -require 'bundler/setup' +# Remove this begin/rescue once Rails 4 support is removed. begin - require 'rails/test_unit/minitest_plugin' + require 'bundler/setup' + require 'rails/test_unit/runner' + require 'rails/test_unit/reporter' + require 'rails/test_unit/line_filtering' + + Rails::TestUnitReporter.executable = 'bin/test' + + Rails::TestUnit::Runner.parse_options(ARGV) + Rails::TestUnit::Runner.run(ARGV) rescue LoadError exec 'rake' end - -Rails::TestUnitReporter.executable = 'bin/test' - -exit Minitest.run(ARGV) From 101e50f9df004f22a8e08f2cac4589766a3461c4 Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Mon, 4 Feb 2019 14:36:04 -0200 Subject: [PATCH 1179/1473] Fix webrat warnings Forwarding methods to private methods is deprecated and produces a warning after Ruby 2.4. see: https://bugs.ruby-lang.org/issues/12782 To fix this issue I'm mocking patching webrat making RailsAdatper#response method public since Webrat::Session is delegating functions to it. --- test/support/webrat/integrations/rails.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test/support/webrat/integrations/rails.rb b/test/support/webrat/integrations/rails.rb index ebb481a193..a78d04e662 100644 --- a/test/support/webrat/integrations/rails.rb +++ b/test/support/webrat/integrations/rails.rb @@ -18,6 +18,12 @@ def logger # :nodoc: end class RailsAdapter + # This method is private within webrat gem and after Ruby 2.4 we get a lot of warnings because + # Webrat::Session#response is delegated to this method. + def response + integration_session.response + end + protected def do_request(http_method, url, data, headers) From 337db5a3a2fa178a14dc4536d0d8ae2ccde5adc5 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 6 Feb 2019 20:01:55 -0200 Subject: [PATCH 1180/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 058bb83e8d..4c78169cde 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * Ignore useless files into the `.gem` file (by @huacnlee) * Explain the code that prevents enumeration attacks inside `Devise::Strategies::DatabaseAuthenticatable` (by @tegon) * Refactor the `devise_error_messages!` helper to render a partial (by @prograhamer) + * Add an option (`Devise.sign_in_after_change_password`) to not automatically sign in a user after changing a password (by @knjko) * bug fixes * Fix missing comma in Simple Form generator (by @colinross) @@ -18,6 +19,9 @@ * Fix corner case when `#confirmation_period_valid?` was called at the same second as `confirmation_sent_at` was set. Mostly true for date types that only have second precisions. (by @stanhu) * Fix unclosed `li` tag in `error_messages` partial (by @mracos) * Fix Routes issue when devise engine is mounted in another engine on Rails versions lower than 5.1 (by @a-barbieri) + * Make `#increment_failed_attempts` concurrency safe (by @tegon) + * Apply Test Helper fix to Rails 6.0 as well as 5.x (by @matthewrudy) + * deprecations * The second argument of `DatabaseAuthenticatable`'s `#update_with_password` and `#update_without_password` is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08) From 45016829d6fce6db42c900a5f7565cd670fd9cc9 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 7 Feb 2019 10:46:41 -0200 Subject: [PATCH 1181/1473] Prepare for `4.6.0` release It was necessary to manually set the `sqlite3` Gem version after the release of version `1.4.0`. See https://github.com/rails/rails/issues/35153 for more info. --- CHANGELOG.md | 2 ++ Gemfile | 2 +- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 6 +++--- gemfiles/Gemfile.rails-4.2-stable | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 17 +++++++++-------- gemfiles/Gemfile.rails-5.0-stable | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.2-stable | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 2 +- gemfiles/Gemfile.rails-6.0-beta | 2 +- lib/devise/version.rb | 2 +- 13 files changed, 26 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c78169cde..61c6c8078c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.6.0 - 2019-02-07 + * enhancements * Allow to skip email and password change notifications (by @iorme1) * Include the use of `nil` for `allow_unconfirmed_access_for` in the docs (by @joaumg) diff --git a/Gemfile b/Gemfile index 7bf232dca2..ce2e6ba024 100644 --- a/Gemfile +++ b/Gemfile @@ -31,7 +31,7 @@ platforms :jruby do end platforms :ruby do - gem "sqlite3" + gem "sqlite3", "~> 1.3.6" end # TODO: diff --git a/Gemfile.lock b/Gemfile.lock index 8c95b6c4ee..8e72438eb1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.5.0) + devise (4.6.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -201,4 +201,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.1 + 1.17.1 diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile.rails-4.1-stable index f58f971a59..69eff84901 100644 --- a/gemfiles/Gemfile.rails-4.1-stable +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -25,7 +25,7 @@ platforms :jruby do end platforms :ruby do - gem "sqlite3" + gem "sqlite3", "~> 1.3.6" end group :mongoid do diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index fda4a4fc20..9008888f16 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,7 +21,7 @@ GIT PATH remote: .. specs: - devise (4.5.0) + devise (4.6.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -137,8 +137,8 @@ GEM test_after_commit (1.1.0) activerecord (>= 3.2) thor (0.19.4) - timecop (0.8.1) thread_safe (0.3.6) + timecop (0.8.1) tzinfo (1.2.2) thread_safe (~> 0.1) warden (1.2.7) @@ -170,4 +170,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.1 + 1.17.3 diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile.rails-4.2-stable index 262e49c045..bb35c5f2f3 100644 --- a/gemfiles/Gemfile.rails-4.2-stable +++ b/gemfiles/Gemfile.rails-4.2-stable @@ -26,7 +26,7 @@ platforms :jruby do end platforms :ruby do - gem "sqlite3" + gem "sqlite3", "~> 1.3.6" end group :mongoid do diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 1e461fd49e..910045cf35 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.5.0) + devise (4.6.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -89,7 +89,7 @@ GEM mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) + mini_portile2 (2.4.0) minitest (5.10.1) mocha (1.2.1) metaclass (~> 0.0.1) @@ -105,8 +105,8 @@ GEM multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) + nokogiri (1.9.1) + mini_portile2 (~> 2.4.0) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) jwt (~> 1.0) @@ -143,9 +143,9 @@ GEM loofah (~> 2.0) rake (12.0.0) rdoc (5.1.0) - responders (2.4.0) - actionpack (>= 4.2.0, < 5.3) - railties (>= 4.2.0, < 5.3) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) ruby-openid (2.7.0) sprockets (3.7.1) concurrent-ruby (~> 1.0) @@ -179,6 +179,7 @@ DEPENDENCIES jruby-openssl mocha (~> 1.1) mongoid (~> 4.0) + nokogiri (= 1.9.1) omniauth omniauth-facebook omniauth-oauth2 @@ -191,4 +192,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.1 + 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile.rails-5.0-stable index 5171d10743..902ef21a5a 100644 --- a/gemfiles/Gemfile.rails-5.0-stable +++ b/gemfiles/Gemfile.rails-5.0-stable @@ -25,7 +25,7 @@ group :test do end platforms :ruby do - gem "sqlite3" + gem "sqlite3", "~> 1.3.6" end # TODO: diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index cfcbaa58f7..61e0f64848 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.5.0) + devise (4.6.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -191,4 +191,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.16.1 + 1.17.1 diff --git a/gemfiles/Gemfile.rails-5.2-stable b/gemfiles/Gemfile.rails-5.2-stable index 37d4664b44..3fc1bb7caa 100644 --- a/gemfiles/Gemfile.rails-5.2-stable +++ b/gemfiles/Gemfile.rails-5.2-stable @@ -23,5 +23,5 @@ group :test do end platforms :ruby do - gem "sqlite3" + gem "sqlite3", "~> 1.3.6" end diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index fc2f8fbd53..27a9240811 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.5.0) + devise (4.6.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) diff --git a/gemfiles/Gemfile.rails-6.0-beta b/gemfiles/Gemfile.rails-6.0-beta index 8ea4f7061e..4e13c52a93 100644 --- a/gemfiles/Gemfile.rails-6.0-beta +++ b/gemfiles/Gemfile.rails-6.0-beta @@ -23,5 +23,5 @@ group :test do end platforms :ruby do - gem "sqlite3" + gem "sqlite3", "~> 1.3.6" end diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 66d69f13ad..e3dad6fb1d 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.5.0".freeze + VERSION = "4.6.0".freeze end From fcb04f53023d04b4b308acedb762bcefcf86f9a7 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 11 Feb 2019 11:00:56 -0200 Subject: [PATCH 1182/1473] Check if `root_path` is defined with `#respond_to?` instead of `#present` (#5022) When an application does not define a `root`, the method will be undefined instead of returning a falsey value. This commit also includes a new test with fake objects that mimic this behavior. Related resources: * https://github.com/plataformatec/devise/commit/1aab4499330c8a7641a3dea7e2ec3b96acdf46ae#diff-c1be825bdb5f3160081e41432f83d0d7R278 * https://github.com/plataformatec/devise/issues/5021 --- lib/devise/failure_app.rb | 2 +- test/failure_app_test.rb | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 4894ecb779..9dcaea8d8c 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -275,7 +275,7 @@ def relative_url_root? private def root_path_defined?(context) - defined?(context.routes) && context.routes.url_helpers.root_path.present? + defined?(context.routes) && context.routes.url_helpers.respond_to?(:root_path) end def rails_5_and_down? diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 2429d40673..af622fff26 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -28,6 +28,27 @@ def i18n_options(options) end end + class FailureWithoutRootPath < Devise::FailureApp + class FakeURLHelpers + end + + class FakeRoutesWithoutRoot + def url_helpers + FakeURLHelpers.new + end + end + + class FakeAppWithoutRootPath + def routes + FakeRoutesWithoutRoot.new + end + end + + def main_app + FakeAppWithoutRootPath.new + end + end + class FakeEngineApp < Devise::FailureApp class FakeEngine def new_user_on_engine_session_url _ @@ -103,6 +124,13 @@ def call_failure(env_params={}) end end + test 'returns to the root path even when it\'s not defined' do + call_failure app: FailureWithoutRootPath + assert_equal 302, @response.first + assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert] + assert_equal 'http://test.host/', @response.second['Location'] + end + test 'returns to the root path considering subdomain if no session path is available' do swap Devise, router_name: :fake_app do call_failure app: FailureWithSubdomain From 5be5220e5a65094f09d01b3c55cfb3061d8bce27 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 11 Feb 2019 11:04:12 -0200 Subject: [PATCH 1183/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61c6c8078c..b28b314b2d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ ### Unreleased +### 4.6.1 - 2019-02-11 + +* bug fixes + * Check if `root_path` is defined with `#respond_to?` instead of `#present` (by @tegon) + ### 4.6.0 - 2019-02-07 * enhancements From 20e299bce0307d79895b05b13530f3c74a0ca0e0 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 11 Feb 2019 11:38:35 -0200 Subject: [PATCH 1184/1473] Prepare for `4.6.1` release --- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 4 ++-- gemfiles/Gemfile.rails-4.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.0-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-6.0-beta.lock | 4 ++-- lib/devise/version.rb | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8e72438eb1..ba3eb67aa3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.6.0) + devise (4.6.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -196,7 +196,7 @@ DEPENDENCIES rails-controller-testing rdoc responders (~> 2.4) - sqlite3 + sqlite3 (~> 1.3.6) timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 9008888f16..45c62fdfc2 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,7 +21,7 @@ GIT PATH remote: .. specs: - devise (4.6.0) + devise (4.6.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -164,7 +164,7 @@ DEPENDENCIES omniauth-openid rails! rdoc (~> 5.1) - sqlite3 + sqlite3 (~> 1.3.6) test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 910045cf35..471156226f 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.6.0) + devise (4.6.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -186,7 +186,7 @@ DEPENDENCIES omniauth-openid rails! rdoc (~> 5.1) - sqlite3 + sqlite3 (~> 1.3.6) test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 61e0f64848..a295ac76b5 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.6.0) + devise (4.6.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -185,7 +185,7 @@ DEPENDENCIES rails-controller-testing rdoc responders (~> 2.1) - sqlite3 + sqlite3 (~> 1.3.6) test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 27a9240811..f1e4fe3314 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.6.0) + devise (4.6.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -194,7 +194,7 @@ DEPENDENCIES rails-controller-testing rdoc responders (~> 2.1) - sqlite3 + sqlite3 (~> 1.3.6) test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-6.0-beta.lock b/gemfiles/Gemfile.rails-6.0-beta.lock index 7421de6312..4ec14f0a4a 100644 --- a/gemfiles/Gemfile.rails-6.0-beta.lock +++ b/gemfiles/Gemfile.rails-6.0-beta.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.5.0) + devise (4.6.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -207,7 +207,7 @@ DEPENDENCIES rails-controller-testing rdoc responders (~> 2.4) - sqlite3 + sqlite3 (~> 1.3.6) test_after_commit timecop webrat (= 0.7.3) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index e3dad6fb1d..a9bd557a2b 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.6.0".freeze + VERSION = "4.6.1".freeze end From 4e4e42e1ae291b69822d7bb8a487a869e1e5d2d9 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 19 Feb 2019 16:04:32 -0300 Subject: [PATCH 1185/1473] Include note about security issues in `ISSUE_TEMPLATE.md` --- ISSUE_TEMPLATE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index b24214c4fd..6f03f6f937 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -2,6 +2,7 @@ - Do not use the issues tracker for help or support, try Stack Overflow. - For bugs, do a quick search and make sure the bug has not yet been reported +- If you found a security bug, do not report it through GitHub. Please send an e-mail to opensource@plataformatec.com.br instead. - Finally, be nice and have fun! ## Environment From 11026007206226c1189f6050ab05d2284f47a669 Mon Sep 17 00:00:00 2001 From: Felipe Renan Date: Sun, 3 Mar 2019 20:46:48 -0300 Subject: [PATCH 1186/1473] Force nokogiri 1.9.1 on Rails 4.1 Sometimes our CI breaks because it tries to fetch a higher nokogiri version that requires Ruby 2.3+. --- gemfiles/Gemfile.rails-4.1-stable | 2 ++ gemfiles/Gemfile.rails-4.1-stable.lock | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile.rails-4.1-stable index 69eff84901..44a1c98aac 100644 --- a/gemfiles/Gemfile.rails-4.1-stable +++ b/gemfiles/Gemfile.rails-4.1-stable @@ -8,6 +8,8 @@ gem "rails", github: "rails/rails", branch: "4-1-stable" gem "omniauth" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" +# Force this version because it's breaking on CI since a higher nokogiri version requires Ruby 2.3+. +gem "nokogiri", "1.9.1" group :test do gem "omniauth-facebook" diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 45c62fdfc2..b86fdbb620 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -72,7 +72,7 @@ GEM mime-types (3.1) mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) + mini_portile2 (2.4.0) minitest (5.10.1) mocha (1.2.1) metaclass (~> 0.0.1) @@ -88,8 +88,8 @@ GEM multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) - nokogiri (1.7.0.1) - mini_portile2 (~> 2.1.0) + nokogiri (1.9.1) + mini_portile2 (~> 2.4.0) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) jwt (~> 1.0) @@ -158,6 +158,7 @@ DEPENDENCIES jruby-openssl mocha (~> 1.1) mongoid (~> 4.0) + nokogiri (= 1.9.1) omniauth omniauth-facebook omniauth-oauth2 From 2f3a59640b39c28934ae5dfce64d600f3f07bf17 Mon Sep 17 00:00:00 2001 From: emersonthis Date: Thu, 14 Mar 2019 14:19:45 -0700 Subject: [PATCH 1187/1473] Added mention of API mode complications to README (#5041) [ci skip] --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 0ecd3e5c48..cae2fa3eca 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,7 @@ It's composed of 10 modules: - [ActiveJob Integration](#activejob-integration) - [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs) - [Other ORMs](#other-orms) + - [Rails API mode](#rails-api-mode) - [Additional information](#additional-information) - [Heroku](#heroku) - [Warden](#warden) @@ -694,6 +695,17 @@ config.log_level = :warn Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simply require it in the initializer file. +### Rails API Mode + +Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). One of the side effects is that it changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb: + +```ruby +Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Cookies +Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Session::CookieStore +``` + +For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696). + ## Additional information ### Heroku From a460d79b0889d90c6bd1eb9c69755bc2720761ba Mon Sep 17 00:00:00 2001 From: Matheus Berkenbrock Nedel Date: Sun, 17 Mar 2019 21:20:06 -0300 Subject: [PATCH 1188/1473] fix text redundancy --- lib/devise/strategies/authenticatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb index afcbef0b45..2af7a741cf 100644 --- a/lib/devise/strategies/authenticatable.rb +++ b/lib/devise/strategies/authenticatable.rb @@ -28,7 +28,7 @@ def clean_up_csrf? private # Receives a resource and check if it is valid by calling valid_for_authentication? - # An optional block that will be triggered while validating can be optionally + # A block that will be triggered while validating can be optionally # given as parameter. Check Devise::Models::Authenticatable.valid_for_authentication? # for more information. # From b2dc388556aa882048a1ab1ca142721cb53e2037 Mon Sep 17 00:00:00 2001 From: John Hinnegan <426690+softwaregravy@users.noreply.github.com> Date: Sun, 24 Mar 2019 11:07:29 -0400 Subject: [PATCH 1189/1473] Fix dead link The link that's in there goes to a non-existent page. I'm guessing it was moved. I put the link in that I think it was moved to. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cae2fa3eca..2d58826e53 100644 --- a/README.md +++ b/README.md @@ -620,7 +620,7 @@ are executed in your tests. You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki: -* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-3-and-4-%28and-RSpec%29 +* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec) ### OmniAuth From e704221842cccf37d6867d1da3f88019748d94dc Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Tue, 26 Mar 2019 10:29:16 -0300 Subject: [PATCH 1190/1473] Revert "Add more tests (#4970)" This reverts commit 05bf574799dc75b0d4578e31a40bb8d63ff63855. --- lib/devise/models/database_authenticatable.rb | 1 + test/models/database_authenticatable_test.rb | 10 ---------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 71f7b43d2f..4e107143cb 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -65,6 +65,7 @@ def password=(new_password) # Verifies whether a password (ie from sign in) is the user password. def valid_password?(password) + return false if password.blank? Devise::Encryptor.compare(self.class, encrypted_password, password) end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index dadab91bfb..2b0b92319f 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -148,16 +148,6 @@ def setup refute user.valid_password?('654321') end - test 'should be invalid if the password is nil' do - user = new_user(password: nil) - refute user.valid_password?(nil) - end - - test 'should be invalid if the password is blank' do - user = new_user(password: '') - refute user.valid_password?('') - end - test 'should respond to current password' do assert new_user.respond_to?(:current_password) end From f9d13f015a80ca25713d30a49312390db390229d Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Tue, 26 Mar 2019 10:29:46 -0300 Subject: [PATCH 1191/1473] Revert "[#4245] Allowing password to nil (#4261)" This reverts commit 3aedbf0a4d5b4dce42d05edaa5ac61363a41dcb0. --- lib/devise/models/database_authenticatable.rb | 6 ++---- test/models/database_authenticatable_test.rb | 13 +++---------- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 4e107143cb..ffb3ec6064 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -60,18 +60,17 @@ def self.required_fields(klass) # the hashed password. def password=(new_password) @password = new_password - self.encrypted_password = password_digest(@password) + self.encrypted_password = password_digest(@password) if @password.present? end # Verifies whether a password (ie from sign in) is the user password. def valid_password?(password) - return false if password.blank? Devise::Encryptor.compare(self.class, encrypted_password, password) end # Set password and password confirmation to nil def clean_up_passwords - @password = @password_confirmation = nil + self.password = self.password_confirmation = nil end # Update record attributes when :current_password matches, otherwise @@ -199,7 +198,6 @@ def send_password_change_notification # See https://github.com/plataformatec/devise-encryptable for examples # of other hashing engines. def password_digest(password) - return if password.blank? Devise::Encryptor.digest(self.class, password) end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 2b0b92319f..6eb6a0527a 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -117,9 +117,9 @@ def setup assert_nil user.authenticatable_salt end - test 'should set encrypted password to nil if password is nil' do - assert_nil new_user(password: nil).encrypted_password - assert_nil new_user(password: '').encrypted_password + test 'should not generate a hashed password if password is blank' do + assert_blank new_user(password: nil).encrypted_password + assert_blank new_user(password: '').encrypted_password end test 'should hash password again if password has changed' do @@ -307,11 +307,4 @@ def setup ] end end - - test 'nil password should be invalid if password is set to nil' do - user = User.create(email: "HEllO@example.com", password: "12345678") - user.password = nil - refute user.valid_password?('12345678') - refute user.valid_password?(nil) - end end From 241e8077e366f3baa70518e4bc5e24fbbddc27dc Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 26 Mar 2019 13:22:52 -0300 Subject: [PATCH 1192/1473] Update `CHANGELOG.md` [ci skip] --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b28b314b2d..3db9136f2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ ### Unreleased +### 4.6.2 - 2019-03-26 + +* bug fixes + * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/plataformatec/devise/issues/5033#issuecomment-476386275 (by @mracos) + ### 4.6.1 - 2019-02-11 * bug fixes From 2e5b5fcd705b06c518ab0156b96badb91c4cb6ea Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Tue, 26 Mar 2019 13:26:56 -0300 Subject: [PATCH 1193/1473] Prepare for `4.6.2` release --- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 2 +- gemfiles/Gemfile.rails-6.0-beta.lock | 2 +- lib/devise/version.rb | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ba3eb67aa3..55cb8e15c9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.6.1) + devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index b86fdbb620..fbf1888390 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,7 +21,7 @@ GIT PATH remote: .. specs: - devise (4.6.1) + devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 471156226f..de76d2106c 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.6.1) + devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index a295ac76b5..f4a97f8e08 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.6.1) + devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index f1e4fe3314..c9541696bf 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.6.1) + devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) diff --git a/gemfiles/Gemfile.rails-6.0-beta.lock b/gemfiles/Gemfile.rails-6.0-beta.lock index 4ec14f0a4a..5416276e6e 100644 --- a/gemfiles/Gemfile.rails-6.0-beta.lock +++ b/gemfiles/Gemfile.rails-6.0-beta.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.6.1) + devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index a9bd557a2b..e232ce1823 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.6.1".freeze + VERSION = "4.6.2".freeze end From 964ae53e5b134a0210461d06ceb16cfd95b895b3 Mon Sep 17 00:00:00 2001 From: Lucas Ferreira Date: Tue, 2 Apr 2019 18:39:19 -0300 Subject: [PATCH 1194/1473] Update password confirmation autocomplete --- CHANGELOG.md | 3 +++ app/views/devise/passwords/edit.html.erb | 2 +- .../templates/simple_form_for/passwords/edit.html.erb | 5 ++++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3db9136f2e..6c7506cd5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### Unreleased +* enhancements + * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) + ### 4.6.2 - 2019-03-26 * bug fixes diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index cf3d2813e3..5fbb9ff0a7 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -14,7 +14,7 @@
<%= f.label :password_confirmation, "Confirm new password" %>
- <%= f.password_field :password_confirmation, autocomplete: "off" %> + <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
diff --git a/lib/generators/templates/simple_form_for/passwords/edit.html.erb b/lib/generators/templates/simple_form_for/passwords/edit.html.erb index b43dc15a4b..591cd8c85a 100644 --- a/lib/generators/templates/simple_form_for/passwords/edit.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/edit.html.erb @@ -13,7 +13,10 @@ autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length), input_html: { autocomplete: "new-password" } %> - <%= f.input :password_confirmation, label: "Confirm your new password", required: true %> + <%= f.input :password_confirmation, + label: "Confirm your new password", + required: true, + input_html: { autocomplete: "new-password" } %>
From 0d56ae2705d5d989c74a710c556f8ab90a2ad393 Mon Sep 17 00:00:00 2001 From: "M. Saiqul Haq" Date: Wed, 3 Apr 2019 20:44:35 +0700 Subject: [PATCH 1195/1473] refactor method name to be more consistent --- lib/devise/failure_app.rb | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 9dcaea8d8c..4ad2dd93a0 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -153,7 +153,7 @@ def scope_url # We need to add the rootpath to `script_name` manually for applications that use a Rails # version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines # that use Devise. Remove it when the support of Rails 5.0 is droped. - elsif root_path_defined?(context) && rails_5_and_down? + elsif root_path_defined?(context) && !rails_51_and_up? rootpath = context.routes.url_helpers.root_path opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1 end @@ -278,14 +278,8 @@ def root_path_defined?(context) defined?(context.routes) && context.routes.url_helpers.respond_to?(:root_path) end - def rails_5_and_down? - return false if rails_5_up? - - Rails::VERSION::MAJOR >= 4 - end - - def rails_5_up? - Rails::VERSION::MAJOR >= 5 && Rails::VERSION::MINOR > 0 + def rails_51_and_up? + Rails::VERSION::MAJOR >= 5 && Rails::VERSION::MINOR >= 1 end end end From dbc3c4f08f9d3f6c39ac656f5d23785f6451e063 Mon Sep 17 00:00:00 2001 From: Ayrton Felipe Date: Thu, 4 Apr 2019 11:40:03 -0300 Subject: [PATCH 1196/1473] Update CI to rails 6.0.0.beta3 In order to check CI behavior was requested by @tegon in slack channel to update rails 6.0.0.beta1 to 6.0.0.beta3 Issue reference: 5037 --- gemfiles/Gemfile.rails-6.0-beta | 2 +- gemfiles/Gemfile.rails-6.0-beta.lock | 118 ++++++++++++++------------- 2 files changed, 61 insertions(+), 59 deletions(-) diff --git a/gemfiles/Gemfile.rails-6.0-beta b/gemfiles/Gemfile.rails-6.0-beta index 4e13c52a93..6b11adb979 100644 --- a/gemfiles/Gemfile.rails-6.0-beta +++ b/gemfiles/Gemfile.rails-6.0-beta @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '6.0.0.beta1' +gem 'rails', '~> 6.0.0.beta3' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-6.0-beta.lock b/gemfiles/Gemfile.rails-6.0-beta.lock index 5416276e6e..1c4207e46a 100644 --- a/gemfiles/Gemfile.rails-6.0-beta.lock +++ b/gemfiles/Gemfile.rails-6.0-beta.lock @@ -1,10 +1,10 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: f744aeca2747ed3134e492249c4ee39b548efdf6 + revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) - activemodel (> 5.x) - activesupport (> 5.x) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) builder (~> 3.1) PATH @@ -20,62 +20,63 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0.beta1) - actionpack (= 6.0.0.beta1) + actioncable (6.0.0.beta3) + actionpack (= 6.0.0.beta3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0.beta1) - actionpack (= 6.0.0.beta1) - activejob (= 6.0.0.beta1) - activerecord (= 6.0.0.beta1) - activestorage (= 6.0.0.beta1) - activesupport (= 6.0.0.beta1) + actionmailbox (6.0.0.beta3) + actionpack (= 6.0.0.beta3) + activejob (= 6.0.0.beta3) + activerecord (= 6.0.0.beta3) + activestorage (= 6.0.0.beta3) + activesupport (= 6.0.0.beta3) mail (>= 2.7.1) - actionmailer (6.0.0.beta1) - actionpack (= 6.0.0.beta1) - actionview (= 6.0.0.beta1) - activejob (= 6.0.0.beta1) + actionmailer (6.0.0.beta3) + actionpack (= 6.0.0.beta3) + actionview (= 6.0.0.beta3) + activejob (= 6.0.0.beta3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0.beta1) - actionview (= 6.0.0.beta1) - activesupport (= 6.0.0.beta1) + actionpack (6.0.0.beta3) + actionview (= 6.0.0.beta3) + activesupport (= 6.0.0.beta3) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actiontext (6.0.0.beta1) - actionpack (= 6.0.0.beta1) - activerecord (= 6.0.0.beta1) - activestorage (= 6.0.0.beta1) - activesupport (= 6.0.0.beta1) + actiontext (6.0.0.beta3) + actionpack (= 6.0.0.beta3) + activerecord (= 6.0.0.beta3) + activestorage (= 6.0.0.beta3) + activesupport (= 6.0.0.beta3) nokogiri (>= 1.8.5) - actionview (6.0.0.beta1) - activesupport (= 6.0.0.beta1) + actionview (6.0.0.beta3) + activesupport (= 6.0.0.beta3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (6.0.0.beta1) - activesupport (= 6.0.0.beta1) + activejob (6.0.0.beta3) + activesupport (= 6.0.0.beta3) globalid (>= 0.3.6) - activemodel (6.0.0.beta1) - activesupport (= 6.0.0.beta1) - activerecord (6.0.0.beta1) - activemodel (= 6.0.0.beta1) - activesupport (= 6.0.0.beta1) - activestorage (6.0.0.beta1) - actionpack (= 6.0.0.beta1) - activerecord (= 6.0.0.beta1) + activemodel (6.0.0.beta3) + activesupport (= 6.0.0.beta3) + activerecord (6.0.0.beta3) + activemodel (= 6.0.0.beta3) + activesupport (= 6.0.0.beta3) + activestorage (6.0.0.beta3) + actionpack (= 6.0.0.beta3) + activerecord (= 6.0.0.beta3) marcel (~> 0.3.1) - activesupport (6.0.0.beta1) + activesupport (6.0.0.beta3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) + zeitwerk (~> 1.3, >= 1.3.1) bcrypt (3.1.12) builder (3.2.3) - concurrent-ruby (1.1.4) + concurrent-ruby (1.1.5) crass (1.0.4) erubi (1.8.0) faraday (0.15.4) @@ -83,7 +84,7 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (3.6.0) - i18n (1.5.2) + i18n (1.6.0) concurrent-ruby (~> 1.0) jwt (2.1.0) loofah (2.2.3) @@ -105,7 +106,7 @@ GEM multi_xml (0.6.0) multipart-post (2.0.0) nio4r (2.3.1) - nokogiri (1.10.1) + nokogiri (1.10.2) mini_portile2 (~> 2.4.0) oauth2 (1.4.1) faraday (>= 0.8, < 0.16.0) @@ -125,26 +126,26 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.6) + rack (2.0.7) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0.beta1) - actioncable (= 6.0.0.beta1) - actionmailbox (= 6.0.0.beta1) - actionmailer (= 6.0.0.beta1) - actionpack (= 6.0.0.beta1) - actiontext (= 6.0.0.beta1) - actionview (= 6.0.0.beta1) - activejob (= 6.0.0.beta1) - activemodel (= 6.0.0.beta1) - activerecord (= 6.0.0.beta1) - activestorage (= 6.0.0.beta1) - activesupport (= 6.0.0.beta1) + rails (6.0.0.beta3) + actioncable (= 6.0.0.beta3) + actionmailbox (= 6.0.0.beta3) + actionmailer (= 6.0.0.beta3) + actionpack (= 6.0.0.beta3) + actiontext (= 6.0.0.beta3) + actionview (= 6.0.0.beta3) + activejob (= 6.0.0.beta3) + activemodel (= 6.0.0.beta3) + activerecord (= 6.0.0.beta3) + activestorage (= 6.0.0.beta3) + activesupport (= 6.0.0.beta3) bundler (>= 1.3.0) - railties (= 6.0.0.beta1) + railties (= 6.0.0.beta3) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -155,9 +156,9 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.0.4) loofah (~> 2.2, >= 2.2.2) - railties (6.0.0.beta1) - actionpack (= 6.0.0.beta1) - activesupport (= 6.0.0.beta1) + railties (6.0.0.beta3) + actionpack (= 6.0.0.beta3) + activesupport (= 6.0.0.beta3) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -191,6 +192,7 @@ GEM websocket-driver (0.7.0) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.3) + zeitwerk (1.4.3) PLATFORMS ruby @@ -203,7 +205,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (= 6.0.0.beta1) + rails (~> 6.0.0.beta3) rails-controller-testing rdoc responders (~> 2.4) @@ -213,4 +215,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.1 + 1.17.2 From 2d53cf4424cddd02470521095bc68d79cd2a9cdc Mon Sep 17 00:00:00 2001 From: Vasily Fedoseyev Date: Fri, 26 Apr 2019 14:20:30 +0300 Subject: [PATCH 1197/1473] Fix rails 6.0.rc1 email uniqueness validation deprecation error --- lib/devise/models/validatable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 91890fb5a1..40c63de3c2 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -30,7 +30,7 @@ def self.included(base) base.class_eval do validates_presence_of :email, if: :email_required? if Devise.activerecord51? - validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email? + validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email? validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email? else validates_uniqueness_of :email, allow_blank: true, if: :email_changed? From a823e510f3988be53b74eae9ae28af1084a23005 Mon Sep 17 00:00:00 2001 From: Shobhit Bakliwal Date: Thu, 2 May 2019 13:24:01 +0530 Subject: [PATCH 1198/1473] Using scoped errors for scoped views. Fixes #5066 --- lib/generators/devise/views_generator.rb | 2 +- test/generators/views_generator_test.rb | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 29bf8feda0..3ceda56b52 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -42,7 +42,7 @@ def copy_views def view_directory(name, _target_path = nil) directory name.to_s, _target_path || "#{target_path}/#{name}" do |content| if scope - content.gsub "devise/shared/links", "#{plural_scope}/shared/links" + content.gsub("devise/shared/links", "#{plural_scope}/shared/links").gsub("devise/shared/error_messages", "#{plural_scope}/shared/error_messages") else content end diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index bfb4a7f1b9..3b7349fa6e 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -11,16 +11,19 @@ class ViewsGeneratorTest < Rails::Generators::TestCase run_generator assert_files assert_shared_links + assert_error_messages end test "Assert all views are properly created with scope param" do run_generator %w(users) assert_files "users" assert_shared_links "users" + assert_error_messages "users" run_generator %w(admins) assert_files "admins" assert_shared_links "admins" + assert_error_messages "admins" end test "Assert views with simple form" do @@ -88,6 +91,7 @@ def assert_files(scope = nil, options={}) assert_file "app/views/#{scope}/registrations/edit.html.erb" assert_file "app/views/#{scope}/sessions/new.html.erb" assert_file "app/views/#{scope}/shared/_links.html.erb" + assert_file "app/views/#{scope}/shared/_error_messages.html.erb" assert_file "app/views/#{scope}/unlocks/new.html.erb" end @@ -102,4 +106,16 @@ def assert_shared_links(scope = nil) assert_file "app/views/#{scope}/sessions/new.html.erb", link assert_file "app/views/#{scope}/unlocks/new.html.erb", link end + + def assert_error_messages(scope = nil) + scope = "devise" if scope.nil? + link = /<%= render \"#{scope}\/shared\/error_messages\", resource: resource %>/ + + assert_file "app/views/#{scope}/passwords/edit.html.erb", link + assert_file "app/views/#{scope}/passwords/new.html.erb", link + assert_file "app/views/#{scope}/confirmations/new.html.erb", link + assert_file "app/views/#{scope}/registrations/new.html.erb", link + assert_file "app/views/#{scope}/registrations/edit.html.erb", link + assert_file "app/views/#{scope}/unlocks/new.html.erb", link + end end From 75e85550351ac97933517b9307a35a26de611c42 Mon Sep 17 00:00:00 2001 From: Igor Kasyanchuk Date: Fri, 3 May 2019 13:11:34 -0700 Subject: [PATCH 1199/1473] Fix rails_51_and_up? method for Rails 6.rc1 --- lib/devise/failure_app.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 4ad2dd93a0..e6d92f26dd 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -279,7 +279,7 @@ def root_path_defined?(context) end def rails_51_and_up? - Rails::VERSION::MAJOR >= 5 && Rails::VERSION::MINOR >= 1 + Rails::VERSION::MAJOR >= 6 || (Rails::VERSION::MAJOR >= 5 && Rails::VERSION::MINOR >= 1) end end end From 76c888268bd58b748f8f8bc1070d2809a5b3c3f6 Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Sat, 4 May 2019 15:09:44 -0300 Subject: [PATCH 1200/1473] Use rails 6.0.0.rc1 instead of the 6.0.0.beta-3 on CI Also bumped sqlite from 1.3.6 to 1.4 because besides conflicting with the version that the sqlite adapter was trying to load [0], it is supported officially since rails 6 [1]. Related: [0] rails/rails#35153 [1] rails/rails#35844 --- .travis.yml | 14 +-- ...e.rails-6.0-beta => Gemfile.rails-6.0-rc1} | 4 +- ...0-beta.lock => Gemfile.rails-6.0-rc1.lock} | 111 +++++++++--------- 3 files changed, 65 insertions(+), 64 deletions(-) rename gemfiles/{Gemfile.rails-6.0-beta => Gemfile.rails-6.0-rc1} (89%) rename gemfiles/{Gemfile.rails-6.0-beta.lock => Gemfile.rails-6.0-rc1.lock} (68%) diff --git a/.travis.yml b/.travis.yml index 2cb3aca8e7..325b2d2386 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ rvm: gemfile: - Gemfile - - gemfiles/Gemfile.rails-6.0-beta + - gemfiles/Gemfile.rails-6.0-rc1 - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable @@ -22,7 +22,7 @@ matrix: - rvm: 2.1.10 gemfile: Gemfile - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.1.10 @@ -30,15 +30,15 @@ matrix: - rvm: 2.2.10 gemfile: Gemfile - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 - rvm: 2.4.5 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.4.5 - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 - rvm: 2.5.3 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.6.0 @@ -56,10 +56,10 @@ matrix: - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 allow_failures: - rvm: ruby-head - - gemfile: gemfiles/Gemfile.rails-6.0-beta + - gemfile: gemfiles/Gemfile.rails-6.0-rc1 services: - mongodb diff --git a/gemfiles/Gemfile.rails-6.0-beta b/gemfiles/Gemfile.rails-6.0-rc1 similarity index 89% rename from gemfiles/Gemfile.rails-6.0-beta rename to gemfiles/Gemfile.rails-6.0-rc1 index 6b11adb979..125818f68d 100644 --- a/gemfiles/Gemfile.rails-6.0-beta +++ b/gemfiles/Gemfile.rails-6.0-rc1 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem 'rails', '~> 6.0.0.beta3' +gem 'rails', '~> 6.0.0.rc1' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -23,5 +23,5 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 1.3.6" + gem "sqlite3", "~> 1.4" end diff --git a/gemfiles/Gemfile.rails-6.0-beta.lock b/gemfiles/Gemfile.rails-6.0-rc1.lock similarity index 68% rename from gemfiles/Gemfile.rails-6.0-beta.lock rename to gemfiles/Gemfile.rails-6.0-rc1.lock index 1c4207e46a..9d035bcf0a 100644 --- a/gemfiles/Gemfile.rails-6.0-beta.lock +++ b/gemfiles/Gemfile.rails-6.0-rc1.lock @@ -20,60 +20,61 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0.beta3) - actionpack (= 6.0.0.beta3) + actioncable (6.0.0.rc1) + actionpack (= 6.0.0.rc1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - activejob (= 6.0.0.beta3) - activerecord (= 6.0.0.beta3) - activestorage (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + actionmailbox (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + activejob (= 6.0.0.rc1) + activerecord (= 6.0.0.rc1) + activestorage (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) mail (>= 2.7.1) - actionmailer (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - actionview (= 6.0.0.beta3) - activejob (= 6.0.0.beta3) + actionmailer (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + actionview (= 6.0.0.rc1) + activejob (= 6.0.0.rc1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0.beta3) - actionview (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + actionpack (6.0.0.rc1) + actionview (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actiontext (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - activerecord (= 6.0.0.beta3) - activestorage (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + actiontext (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + activerecord (= 6.0.0.rc1) + activestorage (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) nokogiri (>= 1.8.5) - actionview (6.0.0.beta3) - activesupport (= 6.0.0.beta3) + actionview (6.0.0.rc1) + activesupport (= 6.0.0.rc1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (6.0.0.beta3) - activesupport (= 6.0.0.beta3) + activejob (6.0.0.rc1) + activesupport (= 6.0.0.rc1) globalid (>= 0.3.6) - activemodel (6.0.0.beta3) - activesupport (= 6.0.0.beta3) - activerecord (6.0.0.beta3) - activemodel (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) - activestorage (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - activerecord (= 6.0.0.beta3) + activemodel (6.0.0.rc1) + activesupport (= 6.0.0.rc1) + activerecord (6.0.0.rc1) + activemodel (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) + activestorage (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + activejob (= 6.0.0.rc1) + activerecord (= 6.0.0.rc1) marcel (~> 0.3.1) - activesupport (6.0.0.beta3) + activesupport (6.0.0.rc1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - zeitwerk (~> 1.3, >= 1.3.1) + zeitwerk (~> 2.1, >= 2.1.4) bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.1.5) @@ -106,7 +107,7 @@ GEM multi_xml (0.6.0) multipart-post (2.0.0) nio4r (2.3.1) - nokogiri (1.10.2) + nokogiri (1.10.3) mini_portile2 (~> 2.4.0) oauth2 (1.4.1) faraday (>= 0.8, < 0.16.0) @@ -132,20 +133,20 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0.beta3) - actioncable (= 6.0.0.beta3) - actionmailbox (= 6.0.0.beta3) - actionmailer (= 6.0.0.beta3) - actionpack (= 6.0.0.beta3) - actiontext (= 6.0.0.beta3) - actionview (= 6.0.0.beta3) - activejob (= 6.0.0.beta3) - activemodel (= 6.0.0.beta3) - activerecord (= 6.0.0.beta3) - activestorage (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + rails (6.0.0.rc1) + actioncable (= 6.0.0.rc1) + actionmailbox (= 6.0.0.rc1) + actionmailer (= 6.0.0.rc1) + actionpack (= 6.0.0.rc1) + actiontext (= 6.0.0.rc1) + actionview (= 6.0.0.rc1) + activejob (= 6.0.0.rc1) + activemodel (= 6.0.0.rc1) + activerecord (= 6.0.0.rc1) + activestorage (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) bundler (>= 1.3.0) - railties (= 6.0.0.beta3) + railties (= 6.0.0.rc1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -156,9 +157,9 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.0.4) loofah (~> 2.2, >= 2.2.2) - railties (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + railties (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -175,7 +176,7 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.13) + sqlite3 (1.4.1) test_after_commit (1.1.0) activerecord (>= 3.2) thor (0.20.3) @@ -192,7 +193,7 @@ GEM websocket-driver (0.7.0) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.3) - zeitwerk (1.4.3) + zeitwerk (2.1.6) PLATFORMS ruby @@ -205,11 +206,11 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 6.0.0.beta3) + rails (~> 6.0.0.rc1) rails-controller-testing rdoc responders (~> 2.4) - sqlite3 (~> 1.3.6) + sqlite3 (~> 1.4) test_after_commit timecop webrat (= 0.7.3) From 612e30258c56845aafe7e3ee6ab12bcef9dcf6b5 Mon Sep 17 00:00:00 2001 From: Igor Kasyanchuk Date: Sun, 5 May 2019 03:44:44 -0700 Subject: [PATCH 1201/1473] Use better syntax to compare gem version --- lib/devise/failure_app.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index e6d92f26dd..7f80733c80 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -279,7 +279,7 @@ def root_path_defined?(context) end def rails_51_and_up? - Rails::VERSION::MAJOR >= 6 || (Rails::VERSION::MAJOR >= 5 && Rails::VERSION::MINOR >= 1) + Rails.gem_version >= Gem::Version.new("5.1") end end end From aedc9b76967ec243c86da5d7ae85859a72bd5def Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Mon, 6 May 2019 21:10:27 -0300 Subject: [PATCH 1202/1473] Update `CHANGELOG.md` [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c7506cd5d..491ae4322e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ * enhancements * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) + * Update CI to rails 6.0.0.beta3 (by @tunnes) + * refactor method name to be more consistent (by @saiqulhaq) + * Fix rails 6.0.rc1 email uniqueness validation deprecation error (by @Vasfed) + * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) ### 4.6.2 - 2019-03-26 From 63ea6533de34b6457b31d375fb30cd44d6403616 Mon Sep 17 00:00:00 2001 From: Sergey Alekseev Date: Sat, 11 May 2019 19:35:13 +0300 Subject: [PATCH 1203/1473] increase default stretches to 12 Test script --- ```ruby require 'bcrypt' require 'benchmark' Benchmark.measure { BCrypt::Password.create('password', cost: 12) } ``` Test results --- - [Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz](https://ark.intel.com/content/www/us/en/ark/products/97535/intel-core-i5-7360u-processor-4m-cache-up-to-3-60-ghz.html): `#` - [Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz](https://ark.intel.com/content/www/us/en/ark/products/137979/intel-core-i7-8559u-processor-8m-cache-up-to-4-50-ghz.html): `#` Other gems --- - bcrypt-ruby which is used by devise [updated](https://github.com/codahale/bcrypt-ruby/pull/181) their default cost to 12 (not released a gem version yet). - rails has [a PR](https://github.com/rails/rails/pull/35321) from the Rails core team member to update their `ActiveModel::SecurePassword` which powers `has_secure_password` default cost to 13 (not merged yet). Previous changes --- [Previous PR](https://github.com/plataformatec/devise/pull/3549) to increase the default stretches to 12 was created more than 4 years ago. That time the default stretches value [was increased](https://github.com/plataformatec/devise/commit/9efc601c73c147c207de15f1caea75de12ebef70) from 10 to 11. --- README.md | 2 +- lib/devise.rb | 2 +- lib/generators/templates/devise.rb | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2d58826e53..33a731ebba 100644 --- a/README.md +++ b/README.md @@ -270,7 +270,7 @@ member_session The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with: ```ruby -devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 12 +devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 13 ``` Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. This file is usually located at `/config/initializers/devise.rb`. diff --git a/lib/devise.rb b/lib/devise.rb index dceee08900..d4d54aeb28 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -71,7 +71,7 @@ module Test # The number of times to hash the password. mattr_accessor :stretches - @@stretches = 11 + @@stretches = 12 # The default key used when authenticating over http auth. mattr_accessor :http_authentication_key diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 5bad7f9aff..e136b37352 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -103,7 +103,7 @@ # config.reload_routes = true # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # For bcrypt, this is the cost for hashing the password and defaults to 12. If # using other algorithms, it sets how many times you want the password to be hashed. # # Limiting the stretches to just one in testing will increase the performance of @@ -111,7 +111,7 @@ # a value less than 10 in other environments. Note that, for bcrypt (the default # algorithm), the cost increases exponentially with the number of stretches (e.g. # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 11 + config.stretches = Rails.env.test? ? 1 : 12 # Set up a pepper to generate the hashed password. # config.pepper = '<%= SecureRandom.hex(64) %>' From 45245df16a6d617d21194dfa398de9ceedfc56f8 Mon Sep 17 00:00:00 2001 From: Sergey Alekseev Date: Mon, 13 May 2019 14:15:14 +0300 Subject: [PATCH 1204/1473] update changelog [skip ci] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 491ae4322e..b28a08c018 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * refactor method name to be more consistent (by @saiqulhaq) * Fix rails 6.0.rc1 email uniqueness validation deprecation error (by @Vasfed) * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) + * Increase default stretches to 12 (by @sergey-alekseev) ### 4.6.2 - 2019-03-26 From 44f7325a9138aebf800ada92277505d65a6a9f9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Wed, 12 Jun 2019 16:04:50 -0400 Subject: [PATCH 1205/1473] Remove unneeded require The code that was using that constant is not being used anymore. Closes #5083 --- lib/devise/models/authenticatable.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index d4d72e909e..8325623b25 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -1,6 +1,5 @@ # frozen_string_literal: true -require 'active_model/version' require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' From 54fb58226976984bf7b322a2136d25921093fa85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Wed, 12 Jun 2019 16:10:13 -0400 Subject: [PATCH 1206/1473] Officially support Rails 6.0 Also remove upper bound on railties so people can try devise with new versions without having to wait us to change the gem and report bugs. --- .travis.yml | 14 +++++++------- CHANGELOG.md | 1 + Gemfile.lock | 6 +++--- devise.gemspec | 2 +- ...file.rails-6.0-rc1 => Gemfile.rails-6.0-stable} | 2 +- ...-6.0-rc1.lock => Gemfile.rails-6.0-stable.lock} | 0 lib/devise.rb | 0 lib/generators/templates/devise.rb | 0 test/devise_test.rb | 0 9 files changed, 13 insertions(+), 12 deletions(-) rename gemfiles/{Gemfile.rails-6.0-rc1 => Gemfile.rails-6.0-stable} (93%) rename gemfiles/{Gemfile.rails-6.0-rc1.lock => Gemfile.rails-6.0-stable.lock} (100%) mode change 100755 => 100644 lib/devise.rb mode change 100755 => 100644 lib/generators/templates/devise.rb mode change 100755 => 100644 test/devise_test.rb diff --git a/.travis.yml b/.travis.yml index 325b2d2386..edf881b3d4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ rvm: gemfile: - Gemfile - - gemfiles/Gemfile.rails-6.0-rc1 + - gemfiles/Gemfile.rails-6.0-stable - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable @@ -22,7 +22,7 @@ matrix: - rvm: 2.1.10 gemfile: Gemfile - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.1.10 @@ -30,15 +30,15 @@ matrix: - rvm: 2.2.10 gemfile: Gemfile - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.5 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.4.5 - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.5.3 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.6.0 @@ -56,10 +56,10 @@ matrix: - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable allow_failures: - rvm: ruby-head - - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + - gemfile: gemfiles/Gemfile.rails-6.0-stable services: - mongodb diff --git a/CHANGELOG.md b/CHANGELOG.md index 491ae4322e..50b1512ecb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### Unreleased * enhancements + * Support Rails 6.0 * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) * Update CI to rails 6.0.0.beta3 (by @tunnes) * refactor method name to be more consistent (by @saiqulhaq) diff --git a/Gemfile.lock b/Gemfile.lock index 55cb8e15c9..5c041167c3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,7 +13,7 @@ PATH devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -62,7 +62,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) - bcrypt (3.1.12) + bcrypt (3.1.13) builder (3.2.3) concurrent-ruby (1.0.5) crass (1.0.4) @@ -201,4 +201,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.1 + 1.17.3 diff --git a/devise.gemspec b/devise.gemspec index 5df410bae8..66d09ca406 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -22,6 +22,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 4.1.0", "< 6.0") + s.add_dependency("railties", ">= 4.1.0") s.add_dependency("responders") end diff --git a/gemfiles/Gemfile.rails-6.0-rc1 b/gemfiles/Gemfile.rails-6.0-stable similarity index 93% rename from gemfiles/Gemfile.rails-6.0-rc1 rename to gemfiles/Gemfile.rails-6.0-stable index 125818f68d..2358639add 100644 --- a/gemfiles/Gemfile.rails-6.0-rc1 +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem 'rails', '~> 6.0.0.rc1' +gem 'rails', '>= 6.0.0.rc1', '< 6.1' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-6.0-rc1.lock b/gemfiles/Gemfile.rails-6.0-stable.lock similarity index 100% rename from gemfiles/Gemfile.rails-6.0-rc1.lock rename to gemfiles/Gemfile.rails-6.0-stable.lock diff --git a/lib/devise.rb b/lib/devise.rb old mode 100755 new mode 100644 diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb old mode 100755 new mode 100644 diff --git a/test/devise_test.rb b/test/devise_test.rb old mode 100755 new mode 100644 From f618b88f91a3aec1ad8cbc9a0ff547583bc3ad56 Mon Sep 17 00:00:00 2001 From: Abhijeet Singh Date: Wed, 26 Jun 2019 15:22:40 +0530 Subject: [PATCH 1207/1473] Updated Codeacademy's Rails Auth link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2d58826e53..16d584596e 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ If you are building your first Rails application, we recommend you *do not* use * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch -* Codecademy's Ruby on Rails: Authentication and Authorization: http://www.codecademy.com/en/learn/rails-auth +* Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From 45cc66868354f9f1293ae7004705314c88ba1525 Mon Sep 17 00:00:00 2001 From: Denis Krasulin Date: Tue, 16 Jul 2019 01:08:44 +0300 Subject: [PATCH 1208/1473] Update routes.rb Comment incorrectly states that default method is "get", while line 228 of /lib/devise.rb sets "delete": "The default method used while signing out: @@sign_out_via = :delete" --- lib/devise/rails/routes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 2d177b2520..95a4ced795 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -135,10 +135,10 @@ class Mapper # * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given # are also allowed as parameter. # - # * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get), + # * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :delete), # if you wish to restrict this to accept only :post or :delete requests you should do: # - # devise_for :users, sign_out_via: [:post, :delete] + # devise_for :users, sign_out_via: [:get, :post] # # You need to make sure that your sign_out controls trigger a request with a matching HTTP method. # From df43a3560a8aa44f052cb7deb7096413b5013a88 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 5 Aug 2019 14:28:54 -0300 Subject: [PATCH 1209/1473] Rails 6 release candidate 2 on CI --- gemfiles/Gemfile.rails-6.0-stable | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 122 ++++++++++++------------- 2 files changed, 62 insertions(+), 62 deletions(-) diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile.rails-6.0-stable index 2358639add..ce541bf38e 100644 --- a/gemfiles/Gemfile.rails-6.0-stable +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem 'rails', '>= 6.0.0.rc1', '< 6.1' +gem 'rails', '>= 6.0.0.rc2', '< 6.1' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 9d035bcf0a..8f35d2c1a7 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -13,69 +13,69 @@ PATH devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0.rc1) - actionpack (= 6.0.0.rc1) + actioncable (6.0.0.rc2) + actionpack (= 6.0.0.rc2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - activejob (= 6.0.0.rc1) - activerecord (= 6.0.0.rc1) - activestorage (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + actionmailbox (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + activejob (= 6.0.0.rc2) + activerecord (= 6.0.0.rc2) + activestorage (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) mail (>= 2.7.1) - actionmailer (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - actionview (= 6.0.0.rc1) - activejob (= 6.0.0.rc1) + actionmailer (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + actionview (= 6.0.0.rc2) + activejob (= 6.0.0.rc2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0.rc1) - actionview (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + actionpack (6.0.0.rc2) + actionview (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actiontext (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - activerecord (= 6.0.0.rc1) - activestorage (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + actiontext (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + activerecord (= 6.0.0.rc2) + activestorage (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) nokogiri (>= 1.8.5) - actionview (6.0.0.rc1) - activesupport (= 6.0.0.rc1) + actionview (6.0.0.rc2) + activesupport (= 6.0.0.rc2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (6.0.0.rc1) - activesupport (= 6.0.0.rc1) + activejob (6.0.0.rc2) + activesupport (= 6.0.0.rc2) globalid (>= 0.3.6) - activemodel (6.0.0.rc1) - activesupport (= 6.0.0.rc1) - activerecord (6.0.0.rc1) - activemodel (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) - activestorage (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - activejob (= 6.0.0.rc1) - activerecord (= 6.0.0.rc1) + activemodel (6.0.0.rc2) + activesupport (= 6.0.0.rc2) + activerecord (6.0.0.rc2) + activemodel (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) + activestorage (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + activejob (= 6.0.0.rc2) + activerecord (= 6.0.0.rc2) marcel (~> 0.3.1) - activesupport (6.0.0.rc1) + activesupport (6.0.0.rc2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - zeitwerk (~> 2.1, >= 2.1.4) - bcrypt (3.1.12) + zeitwerk (~> 2.1, >= 2.1.8) + bcrypt (3.1.13) builder (3.2.3) concurrent-ruby (1.1.5) crass (1.0.4) @@ -98,7 +98,7 @@ GEM metaclass (0.0.4) method_source (0.9.2) mimemagic (0.3.3) - mini_mime (1.0.1) + mini_mime (1.0.2) mini_portile2 (2.4.0) minitest (5.11.3) mocha (1.8.0) @@ -106,7 +106,7 @@ GEM multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) - nio4r (2.3.1) + nio4r (2.4.0) nokogiri (1.10.3) mini_portile2 (~> 2.4.0) oauth2 (1.4.1) @@ -133,20 +133,20 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0.rc1) - actioncable (= 6.0.0.rc1) - actionmailbox (= 6.0.0.rc1) - actionmailer (= 6.0.0.rc1) - actionpack (= 6.0.0.rc1) - actiontext (= 6.0.0.rc1) - actionview (= 6.0.0.rc1) - activejob (= 6.0.0.rc1) - activemodel (= 6.0.0.rc1) - activerecord (= 6.0.0.rc1) - activestorage (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + rails (6.0.0.rc2) + actioncable (= 6.0.0.rc2) + actionmailbox (= 6.0.0.rc2) + actionmailer (= 6.0.0.rc2) + actionpack (= 6.0.0.rc2) + actiontext (= 6.0.0.rc2) + actionview (= 6.0.0.rc2) + activejob (= 6.0.0.rc2) + activemodel (= 6.0.0.rc2) + activerecord (= 6.0.0.rc2) + activestorage (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) bundler (>= 1.3.0) - railties (= 6.0.0.rc1) + railties (= 6.0.0.rc2) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -155,15 +155,15 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) + rails-html-sanitizer (1.1.0) loofah (~> 2.2, >= 2.2.2) - railties (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + railties (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) - rake (12.3.2) + rake (12.3.3) rdoc (6.1.1) responders (2.4.1) actionpack (>= 4.2.0, < 6.0) @@ -190,10 +190,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.0) + websocket-driver (0.7.1) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) - zeitwerk (2.1.6) + websocket-extensions (0.1.4) + zeitwerk (2.1.9) PLATFORMS ruby @@ -206,7 +206,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 6.0.0.rc1) + rails (>= 6.0.0.rc2, < 6.1) rails-controller-testing rdoc responders (~> 2.4) From ad5892391da99cafb462e8883a185b3a0e653f4f Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 7 Aug 2019 12:32:01 -0300 Subject: [PATCH 1210/1473] Fix specs on Rails 6 RC2 (#5109) * Fix specs on Rails 6 RC2 `ActiveRecord::MigrationContext` now has a `schema_migration` attribute. Ref: https://github.com/rails/rails/pull/36439/files#diff-8d3c44120f7b67ff79e2fbe6a40d0ad6R1018 * Use `media_type` instead of `content_type` Before Rails 6 RC2, the `ActionDispatch::Response#content_type` method would return only the media part of the `Content-Type` header, without any other parts. Now the `#content_type` method returns the entire header - as it is - and `#media_type` should be used instead to get the previous behavior. Ref: - https://github.com/rails/rails/pull/36034 - https://github.com/rails/rails/pull/36854 * Use render template instead of render file Render file will need the full path in order to avoid security breaches. In this particular case, there's no need to use render file, it's ok to use render template. Ref: https://github.com/rails/rails/pull/35688 * Don't set `represent_boolean_as_integer` on Rails 6 * Update comments [ci skip] --- test/orm/active_record.rb | 4 +++- test/rails_app/app/views/admins/sessions/new.html.erb | 2 +- test/rails_app/config/application.rb | 4 ++-- test/rails_app/config/boot.rb | 6 +++++- test/test/controller_helpers_test.rb | 7 ++++++- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index e258ca8afb..001f99b993 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,9 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails52_and_up? +if Devise::Test.rails6? + ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate +elsif Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate else ActiveRecord::Migrator.migrate(migrate_path) diff --git a/test/rails_app/app/views/admins/sessions/new.html.erb b/test/rails_app/app/views/admins/sessions/new.html.erb index 75f3b860fa..f3be6278ed 100644 --- a/test/rails_app/app/views/admins/sessions/new.html.erb +++ b/test/rails_app/app/views/admins/sessions/new.html.erb @@ -1,2 +1,2 @@ Welcome to "sessions/new" view! -<%= render file: "devise/sessions/new" %> +<%= render template: "devise/sessions/new" %> diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index d39fa7dd6e..0c844878a0 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -45,8 +45,8 @@ class Application < Rails::Application Devise::SessionsController.layout "application" end - # Remove this check once Rails 5.0 support is removed. - if Devise::Test.rails52_and_up? + # Remove the first check once Rails 5.0 support is removed. + if Devise::Test.rails52_and_up? && !Devise::Test.rails6? Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 01621de75c..bc3dfa62d9 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -6,8 +6,12 @@ module Devise module Test - # Detection for minor differences between Rails 4 and 5, 5.1, and 5.2 in tests. + # Detection for minor differences between Rails versions in tests. + def self.rails6? + Rails.version.start_with? '6' + end + def self.rails52_and_up? Rails::VERSION::MAJOR > 5 || rails52? end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 7855621c13..f285cbbfd6 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -102,7 +102,12 @@ def respond test "returns the content type of a failure app" do get :index, params: { format: :xml } - assert response.content_type.include?('application/xml') + + if Devise::Test.rails6? + assert response.media_type.include?('application/xml') + else + assert response.content_type.include?('application/xml') + end end test "defined Warden after_authentication callback should not be called when sign_in is called" do From 12fc5b76d89cf6e9c47289416fb24bf1a85f03da Mon Sep 17 00:00:00 2001 From: Ewerton Date: Thu, 15 Aug 2019 09:28:15 -0300 Subject: [PATCH 1211/1473] Update README.md (#5115) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 16d584596e..73e7c6ffd0 100644 --- a/README.md +++ b/README.md @@ -732,6 +732,6 @@ https://github.com/plataformatec/devise/graphs/contributors ## License -MIT License. Copyright 2009-2018 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2019 Plataformatec. http://plataformatec.com.br You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. From a79057070c60a274936b8421cd35846e03aa08bd Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 19 Aug 2019 11:35:55 -0300 Subject: [PATCH 1212/1473] Prepare for `4.7.0` release --- CHANGELOG.md | 6 +- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 6 +- gemfiles/Gemfile.rails-5.2-stable.lock | 6 +- gemfiles/Gemfile.rails-6.0-stable | 4 +- gemfiles/Gemfile.rails-6.0-stable.lock | 126 ++++++++++++------------- lib/devise/version.rb | 2 +- 7 files changed, 77 insertions(+), 75 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50b1512ecb..1afe68ddb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,12 @@ * enhancements * Support Rails 6.0 - * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) * Update CI to rails 6.0.0.beta3 (by @tunnes) * refactor method name to be more consistent (by @saiqulhaq) - * Fix rails 6.0.rc1 email uniqueness validation deprecation error (by @Vasfed) + * Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed) + +* bug fixes + * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) ### 4.6.2 - 2019-03-26 diff --git a/Gemfile.lock b/Gemfile.lock index 5c041167c3..e9632beedf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.6.2) + devise (4.7.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index f4a97f8e08..ad11e2cb43 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,10 +10,10 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -58,7 +58,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (7.1.4) - bcrypt (3.1.12) + bcrypt (3.1.13) builder (3.2.3) concurrent-ruby (1.0.5) erubis (2.7.0) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index c9541696bf..5d33b726fa 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,10 +10,10 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -62,7 +62,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) - bcrypt (3.1.12) + bcrypt (3.1.13) builder (3.2.3) concurrent-ruby (1.0.5) crass (1.0.4) diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile.rails-6.0-stable index ce541bf38e..cdef68f66a 100644 --- a/gemfiles/Gemfile.rails-6.0-stable +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem 'rails', '>= 6.0.0.rc2', '< 6.1' +gem "rails", '~> 6.0.0' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -11,7 +11,7 @@ gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" gem "rails-controller-testing" -gem "responders", "~> 2.4" +gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 8f35d2c1a7..e8f1232be1 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -20,56 +20,56 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0.rc2) - actionpack (= 6.0.0.rc2) + actioncable (6.0.0) + actionpack (= 6.0.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - activejob (= 6.0.0.rc2) - activerecord (= 6.0.0.rc2) - activestorage (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + actionmailbox (6.0.0) + actionpack (= 6.0.0) + activejob (= 6.0.0) + activerecord (= 6.0.0) + activestorage (= 6.0.0) + activesupport (= 6.0.0) mail (>= 2.7.1) - actionmailer (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - actionview (= 6.0.0.rc2) - activejob (= 6.0.0.rc2) + actionmailer (6.0.0) + actionpack (= 6.0.0) + actionview (= 6.0.0) + activejob (= 6.0.0) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0.rc2) - actionview (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + actionpack (6.0.0) + actionview (= 6.0.0) + activesupport (= 6.0.0) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actiontext (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - activerecord (= 6.0.0.rc2) - activestorage (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.0.0) + actionpack (= 6.0.0) + activerecord (= 6.0.0) + activestorage (= 6.0.0) + activesupport (= 6.0.0) nokogiri (>= 1.8.5) - actionview (6.0.0.rc2) - activesupport (= 6.0.0.rc2) + actionview (6.0.0) + activesupport (= 6.0.0) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (6.0.0.rc2) - activesupport (= 6.0.0.rc2) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.0.0) + activesupport (= 6.0.0) globalid (>= 0.3.6) - activemodel (6.0.0.rc2) - activesupport (= 6.0.0.rc2) - activerecord (6.0.0.rc2) - activemodel (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) - activestorage (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - activejob (= 6.0.0.rc2) - activerecord (= 6.0.0.rc2) + activemodel (6.0.0) + activesupport (= 6.0.0) + activerecord (6.0.0) + activemodel (= 6.0.0) + activesupport (= 6.0.0) + activestorage (6.0.0) + actionpack (= 6.0.0) + activejob (= 6.0.0) + activerecord (= 6.0.0) marcel (~> 0.3.1) - activesupport (6.0.0.rc2) + activesupport (6.0.0) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -87,7 +87,7 @@ GEM hashie (3.6.0) i18n (1.6.0) concurrent-ruby (~> 1.0) - jwt (2.1.0) + jwt (2.2.1) loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) @@ -101,13 +101,13 @@ GEM mini_mime (1.0.2) mini_portile2 (2.4.0) minitest (5.11.3) - mocha (1.8.0) + mocha (1.9.0) metaclass (~> 0.0.1) multi_json (1.13.1) multi_xml (0.6.0) - multipart-post (2.0.0) + multipart-post (2.1.1) nio4r (2.4.0) - nokogiri (1.10.3) + nokogiri (1.10.4) mini_portile2 (~> 2.4.0) oauth2 (1.4.1) faraday (>= 0.8, < 0.16.0) @@ -133,20 +133,20 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0.rc2) - actioncable (= 6.0.0.rc2) - actionmailbox (= 6.0.0.rc2) - actionmailer (= 6.0.0.rc2) - actionpack (= 6.0.0.rc2) - actiontext (= 6.0.0.rc2) - actionview (= 6.0.0.rc2) - activejob (= 6.0.0.rc2) - activemodel (= 6.0.0.rc2) - activerecord (= 6.0.0.rc2) - activestorage (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + rails (6.0.0) + actioncable (= 6.0.0) + actionmailbox (= 6.0.0) + actionmailer (= 6.0.0) + actionpack (= 6.0.0) + actiontext (= 6.0.0) + actionview (= 6.0.0) + activejob (= 6.0.0) + activemodel (= 6.0.0) + activerecord (= 6.0.0) + activestorage (= 6.0.0) + activesupport (= 6.0.0) bundler (>= 1.3.0) - railties (= 6.0.0.rc2) + railties (= 6.0.0) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -155,19 +155,19 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.1.0) + rails-html-sanitizer (1.2.0) loofah (~> 2.2, >= 2.2.2) - railties (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + railties (6.0.0) + actionpack (= 6.0.0) + activesupport (= 6.0.0) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) rake (12.3.3) rdoc (6.1.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) + responders (3.0.0) + actionpack (>= 5.0) + railties (>= 5.0) ruby-openid (2.7.0) sprockets (3.7.2) concurrent-ruby (~> 1.0) @@ -206,10 +206,10 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (>= 6.0.0.rc2, < 6.1) + rails (~> 6.0.0) rails-controller-testing rdoc - responders (~> 2.4) + responders (~> 3.0) sqlite3 (~> 1.4) test_after_commit timecop diff --git a/lib/devise/version.rb b/lib/devise/version.rb index e232ce1823..d18e24e35c 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.6.2".freeze + VERSION = "4.7.0".freeze end From 6bb74c5abff9f75e992560b308b1f8ae926da50e Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 19 Aug 2019 13:32:56 -0300 Subject: [PATCH 1213/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1afe68ddb7..6b0843d2e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.7.0 - 2019-08-19 + * enhancements * Support Rails 6.0 * Update CI to rails 6.0.0.beta3 (by @tunnes) From e051360ea2035af4e033c0722eb51ac83ec13761 Mon Sep 17 00:00:00 2001 From: Olle Jonsson Date: Mon, 26 Aug 2019 13:36:34 +0200 Subject: [PATCH 1214/1473] CI: Drop unused Travis sudo: false directive --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index edf881b3d4..a3cd864c27 100644 --- a/.travis.yml +++ b/.travis.yml @@ -64,8 +64,6 @@ matrix: services: - mongodb -sudo: false - cache: bundler env: From 6635caf12ed0879cd369a239c20b02e16f90c944 Mon Sep 17 00:00:00 2001 From: Lucas Santos Date: Fri, 30 Aug 2019 14:35:19 -0300 Subject: [PATCH 1215/1473] Fix typo --- config/locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 55617bdf3c..ca3d61994d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -42,7 +42,7 @@ en: signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." - update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address." updated: "Your account has been updated successfully." updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again" sessions: From fee43f3c11e176c53c5c3bfda7fd2e97c4c912be Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 4 Sep 2019 15:42:48 -0300 Subject: [PATCH 1216/1473] Always return an error when `confirmation_token` is blank (#5132) As reported in https://github.com/plataformatec/devise/issues/5071, if for some reason, a user in the database had the `confirmation_token` column as a blank string, Devise would confirm that user after receiving a request with a blank `confirmation_token` parameter. After this commit, a request sending a blank `confirmation_token` parameter will receive a validation error. For applications that have users with a blank `confirmation_token` in the database, it's recommended to manually regenerate or to nullify them. --- lib/devise/models/confirmable.rb | 12 +++++++++++ test/integration/confirmable_test.rb | 30 ++++++++++++++++++++++++++++ test/models/confirmable_test.rb | 18 +++++++++++++++++ 3 files changed, 60 insertions(+) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index dbf6d0ffc8..91258f4c33 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -348,7 +348,19 @@ def send_confirmation_instructions(attributes={}) # If the user is already confirmed, create an error for the user # Options must have the confirmation_token def confirm_by_token(confirmation_token) + # When the `confirmation_token` parameter is blank, if there are any users with a blank + # `confirmation_token` in the database, the first one would be confirmed here. + # The error is being manually added here to ensure no users are confirmed by mistake. + # This was done in the model for convenience, since validation errors are automatically + # displayed in the view. + if confirmation_token.blank? + confirmable = new + confirmable.errors.add(:confirmation_token, :blank) + return confirmable + end + confirmable = find_first_by_auth_conditions(confirmation_token: confirmation_token) + unless confirmable confirmation_digest = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_digest) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 73563f283f..5cafacb430 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -175,6 +175,36 @@ def resend_confirmation assert_current_url '/users/sign_in' end + test "should not be able to confirm an email with a blank confirmation token" do + visit_user_confirmation_with_token("") + + assert_contain "Confirmation token can't be blank" + end + + test "should not be able to confirm an email with a nil confirmation token" do + visit_user_confirmation_with_token(nil) + + assert_contain "Confirmation token can't be blank" + end + + test "should not be able to confirm user with blank confirmation token" do + user = create_user(confirm: false) + user.update_attribute(:confirmation_token, "") + + visit_user_confirmation_with_token("") + + assert_contain "Confirmation token can't be blank" + end + + test "should not be able to confirm user with nil confirmation token" do + user = create_user(confirm: false) + user.update_attribute(:confirmation_token, nil) + + visit_user_confirmation_with_token(nil) + + assert_contain "Confirmation token can't be blank" + end + test 'error message is configurable by resource name' do store_translations :en, devise: { failure: { user: { unconfirmed: "Not confirmed user" } } diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index cab1d4f387..899c9caba2 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -77,6 +77,24 @@ def setup assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end + test 'should return a new record with errors when a blank token is given and a record exists on the database' do + user = create_user(confirmation_token: '') + + confirmed_user = User.confirm_by_token('') + + refute user.reload.confirmed? + assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + end + + test 'should return a new record with errors when a nil token is given and a record exists on the database' do + user = create_user(confirmation_token: nil) + + confirmed_user = User.confirm_by_token(nil) + + refute user.reload.confirmed? + assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + end + test 'should generate errors for a user email if user is already confirmed' do user = create_user user.confirmed_at = Time.now From caa1a55d17f5139347be6808954c492b469d3da4 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 5 Sep 2019 09:55:12 -0300 Subject: [PATCH 1217/1473] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b0843d2e5..8dbd3d5dd9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased +* bug fixes + * Fix an edge case where records with a blank `confirmation_token` could be confirmed (by @tegon) + * Fix typo inside `update_needs_confirmation` i18n key (by @lslm) + ### 4.7.0 - 2019-08-19 * enhancements From 098345aace53d4ddf88e04f1eb2680e2676e8c28 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 6 Sep 2019 10:20:20 -0300 Subject: [PATCH 1218/1473] Prepare for version `4.7.1` --- CHANGELOG.md | 2 ++ Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 6 +++--- gemfiles/Gemfile.rails-4.2-stable.lock | 6 +++--- gemfiles/Gemfile.rails-5.0-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-6.0-stable.lock | 4 ++-- lib/devise/version.rb | 2 +- 8 files changed, 16 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8dbd3d5dd9..929fad18a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.7.1 - 2019-09-06 + * bug fixes * Fix an edge case where records with a blank `confirmation_token` could be confirmed (by @tegon) * Fix typo inside `update_needs_confirmation` i18n key (by @lslm) diff --git a/Gemfile.lock b/Gemfile.lock index e9632beedf..aaac958521 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.7.0) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index fbf1888390..dbdfe0f874 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,10 +21,10 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -54,7 +54,7 @@ GEM thread_safe (~> 0.1) tzinfo (~> 1.1) arel (5.0.1.20140414130214) - bcrypt (3.1.12) + bcrypt (3.1.13) bson (3.2.6) builder (3.2.3) concurrent-ruby (1.0.5) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index de76d2106c..f0aa865182 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,10 +57,10 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -68,7 +68,7 @@ GEM remote: https://rubygems.org/ specs: arel (6.0.4) - bcrypt (3.1.12) + bcrypt (3.1.13) bson (3.2.6) builder (3.2.3) concurrent-ruby (1.0.5) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index ad11e2cb43..9d0b936c26 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.0) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -191,4 +191,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.1 + 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 5d33b726fa..629971f41d 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.0) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -200,4 +200,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.1 + 1.17.3 diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index e8f1232be1..103d678005 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.0) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -216,4 +216,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.2 + 1.17.3 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index d18e24e35c..f901c8c868 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.7.0".freeze + VERSION = "4.7.1".freeze end From 34ed98972518d035b28d359e774aa6e0608c0979 Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Tue, 17 Sep 2019 13:37:19 -0300 Subject: [PATCH 1219/1473] Move PR #5074 to unreleased in changelog [skip ci] --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7485da3d4..5b0ad3c4ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ### Unreleased +* enhancements + * Increase default stretches to 12 (by @sergey-alekseev) ### 4.7.1 - 2019-09-06 @@ -17,7 +19,6 @@ * bug fixes * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) - * Increase default stretches to 12 (by @sergey-alekseev) ### 4.6.2 - 2019-03-26 From 5d73e1e3bb4961e143ca3d6aa75ca13a7ef9a7cd Mon Sep 17 00:00:00 2001 From: Ryan Lue Date: Wed, 25 Sep 2019 11:02:20 +0800 Subject: [PATCH 1220/1473] Explain layout of default config initializer [ci skip] --- lib/generators/templates/devise.rb | 6 ++++++ test/rails_app/config/initializers/devise.rb | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index e136b37352..5f37f6960b 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -1,5 +1,11 @@ # frozen_string_literal: true +# Assuming you have not yet modified this file, each configuration option below +# is set to its default value. Note that some are commented out while others +# are not: uncommented lines are intended to protect your configuration from +# breaking changes in upgrades (i.e., in the event that future versions of +# Devise change the default values for those options). +# # Use this hook to configure devise mailer, warden hooks and so forth. # Many of these configuration options can be set straight in your model. Devise.setup do |config| diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 0ce41964bb..a3a339edc1 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -3,6 +3,12 @@ require "omniauth-facebook" require "omniauth-openid" +# Assuming you have not yet modified this file, each configuration option below +# is set to its default value. Note that some are commented out while others +# are not: uncommented lines are intended to protect your configuration from +# breaking changes in upgrades (i.e., in the event that future versions of +# Devise change the default values for those options). +# # Use this hook to configure devise mailer, warden hooks and so forth. The first # four configuration values can also be set straight in your models. Devise.setup do |config| From 0f134f7030edbca0366f2979e9fbe48abe02edd8 Mon Sep 17 00:00:00 2001 From: Renan Gurgel Date: Thu, 3 Oct 2019 00:15:15 -0300 Subject: [PATCH 1221/1473] Call set_flash_message helper instead of flash accessor --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index bfc34579fc..1cd454f129 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -112,7 +112,7 @@ def require_no_authentication end if authenticated && resource = warden.user(resource_name) - flash[:alert] = I18n.t("devise.failure.already_authenticated") + set_flash_message(:alert, "already_authenticated", scope: "devise.failure") redirect_to after_sign_in_path_for(resource) end end From 421ffc479fa83720c23343978200ea6ad1b461f3 Mon Sep 17 00:00:00 2001 From: Renan Gurgel Date: Thu, 3 Oct 2019 14:15:47 -0300 Subject: [PATCH 1222/1473] Add test to admin error message --- test/integration/authenticatable_test.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 6b1d5799f7..6ffd463792 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -323,6 +323,14 @@ class AuthenticationRedirectTest < Devise::IntegrationTest visit new_user_session_path assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated") end + + test 'require_no_authentication should set the already_authenticated flash message as admin' do + store_translations :en, devise: { failure: { admin: { already_authenticated: 'You are already signed in as admin.' } } } do + sign_in_as_admin + visit new_admin_session_path + assert_equal flash[:alert], "You are already signed in as admin." + end + end end class AuthenticationSessionTest < Devise::IntegrationTest From d022fb8cc4490479421c78b98586463e3978f511 Mon Sep 17 00:00:00 2001 From: Renan Gurgel Date: Thu, 3 Oct 2019 14:27:59 -0300 Subject: [PATCH 1223/1473] Update code with single-quotes --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 1cd454f129..a583d2b4af 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -112,7 +112,7 @@ def require_no_authentication end if authenticated && resource = warden.user(resource_name) - set_flash_message(:alert, "already_authenticated", scope: "devise.failure") + set_flash_message(:alert, 'already_authenticated', scope: 'devise.failure') redirect_to after_sign_in_path_for(resource) end end From 0a6cd99d030439ce7540b6e1565cd71541dab2dc Mon Sep 17 00:00:00 2001 From: Steven Torrence <36111610+storrence88@users.noreply.github.com> Date: Fri, 11 Oct 2019 09:27:46 -0500 Subject: [PATCH 1224/1473] Update README.md Change before filter to before action to match the code example given below. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8be4b44aae..ab4dffc747 100644 --- a/README.md +++ b/README.md @@ -289,7 +289,7 @@ There are just three actions in Devise that allow any set of parameters to be pa * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` * `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password` -In case you want to permit additional parameters (the lazy way™), you can do so using a simple before filter in your `ApplicationController`: +In case you want to permit additional parameters (the lazy way™), you can do so using a simple before action in your `ApplicationController`: ```ruby class ApplicationController < ActionController::Base From 406915cb781e38255a30ad2a0609e33952b9ec50 Mon Sep 17 00:00:00 2001 From: Looi David Date: Wed, 23 Oct 2019 00:39:35 +1100 Subject: [PATCH 1225/1473] `changed?` behaviour has been updated (#5135) * `changed?` behaviour has been updated Due to https://github.com/rails/rails/commit/16ae3db5a5c6a08383b974ae6c96faac5b4a3c81 `changed?` has been updated to check for dirtiness after save. The new method that behaves like the old `changed` is `saved_changes?`. * Add comment to explain which method to used based on which rails version it is --- lib/devise/models/authenticatable.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 8325623b25..430c9aac5a 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -152,7 +152,8 @@ def devise_mailer # # If the record is new or changed then delay the # # delivery until the after_commit callback otherwise # # send now because after_commit will not be called. - # if new_record? || changed? + # # For Rails < 6 is `changed?` instead of `saved_changes?`. + # if new_record? || saved_changes? # pending_devise_notifications << [notification, args] # else # render_and_send_devise_message(notification, *args) From 940b939791e77073dbaa6f869bd203037e638abc Mon Sep 17 00:00:00 2001 From: tabakazu Date: Thu, 24 Oct 2019 21:12:27 +0900 Subject: [PATCH 1226/1473] Add assert for check last_sign_in_ip value --- test/integration/trackable_test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index 6695ac52b4..adfd0bd6f0 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -44,7 +44,7 @@ class TrackableHooksTest < Devise::IntegrationTest assert_equal "127.0.0.1", user.last_sign_in_ip end - test "current remote ip returns original ip behind a non transparent proxy" do + test "current and last sign in remote ip returns original ip behind a non transparent proxy" do user = create_user arbitrary_ip = '200.121.1.69' @@ -53,6 +53,7 @@ class TrackableHooksTest < Devise::IntegrationTest end user.reload assert_equal arbitrary_ip, user.current_sign_in_ip + assert_equal arbitrary_ip, user.last_sign_in_ip end test "increase sign in count" do From 14863ba4c92cd9781a961be0486f0ea7dfe84144 Mon Sep 17 00:00:00 2001 From: Colin Ross Date: Tue, 29 Oct 2019 11:06:37 -0700 Subject: [PATCH 1227/1473] Documentation: Details/Notes regarding Rails API-only applications (#5152) * doc: Add some additional details concerning using devise in an API-only Rails application * Apply wording suggestions from code review Co-Authored-By: Marcos Ferreira * Apply suggestions from code review Co-Authored-By: Marcos Ferreira --- README.md | 19 ++++++++++++++++++- lib/generators/templates/README | 10 +++++++++- lib/generators/templates/devise.rb | 5 ++++- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ab4dffc747..575bd1218a 100644 --- a/README.md +++ b/README.md @@ -697,7 +697,22 @@ Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simpl ### Rails API Mode -Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). One of the side effects is that it changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb: +Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). Devise is _somewhat_ able to handle applications that are built in this mode without additional modifications in the sense that it should not raise exceptions and the like. But some issues may still arise during `development`/`testing`, as we still don't know the full extent of this compatibility. (For more information, see [issue #4947](https://github.com/plataformatec/devise/issues/4947/)) + +#### Supported Authentication Strategies +API-only applications don't support browser-based authentication via cookies, which is devise's default. Yet, devise can still provide authentication out of the box in those cases with the `http_authenticatable` strategy, which uses HTTP Basic Auth and authenticates the user on each request. (For more info, see this wiki article for [How To: Use HTTP Basic Authentication](https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication)) + +The devise default for HTTP Auth is disabled, so it will need to be enabled in the devise initializer for the database strategy: + +```ruby +config.http_authenticatable = [:database] +``` + +This restriction does not limit you from implementing custom warden strategies, either in your application or via gem-based extensions for devise. +A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](http://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/). + +#### Testing +API Mode changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb: ```ruby Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Cookies @@ -706,6 +721,8 @@ Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatc For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696). +Additionally be mindful that without views supported, some email-based flows from Confirmable, Recoverable and Lockable are not supported directly at this time. + ## Additional information ### Heroku diff --git a/lib/generators/templates/README b/lib/generators/templates/README index b76482806a..c89920b0c6 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -1,6 +1,6 @@ =============================================================================== -Some setup you must do manually if you haven't yet: +Depending on your application's configuration some manual setup may be required: 1. Ensure you have defined default url options in your environments files. Here is an example of default_url_options appropriate for a development environment @@ -10,10 +10,14 @@ Some setup you must do manually if you haven't yet: In production, :host should be set to the actual host of your application. + * Required for all applications. * + 2. Ensure you have defined root_url to *something* in your config/routes.rb. For example: root to: "home#index" + + * Not required for API-only Applications * 3. Ensure you have flash messages in app/views/layouts/application.html.erb. For example: @@ -21,8 +25,12 @@ Some setup you must do manually if you haven't yet:

<%= notice %>

<%= alert %>

+ * Not required for API-only Applications * + 4. You can copy Devise views (for customization) to your app by running: rails g devise:views + + * Not required * =============================================================================== diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 5f37f6960b..0c971902b8 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -74,7 +74,10 @@ # Tell if authentication through HTTP Auth is enabled. False by default. # It can be set to an array that will enable http authentication only for the # given strategies, for example, `config.http_authenticatable = [:database]` will - # enable it only for database authentication. The supported strategies are: + # enable it only for database authentication. + # For API-only applications to support authentication "out-of-the-box", you will likely want to + # enable this with :database unless you are using a custom strategy. + # The supported strategies are: # :database = Support basic authentication with authentication key + password # config.http_authenticatable = false From fb18c6ca8da093c911ae44922b65334579ce8727 Mon Sep 17 00:00:00 2001 From: Samuel Pordeus Date: Thu, 28 Nov 2019 18:13:47 -0300 Subject: [PATCH 1228/1473] Fix typos --- lib/devise/failure_app.rb | 2 +- lib/devise/test/integration_helpers.rb | 2 +- test/integration/database_authenticatable_test.rb | 4 ++-- test/integration/timeoutable_test.rb | 2 +- test/mailers/reset_password_instructions_test.rb | 2 +- test/models/recoverable_test.rb | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 7f80733c80..522c60247f 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -152,7 +152,7 @@ def scope_url # We need to add the rootpath to `script_name` manually for applications that use a Rails # version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines - # that use Devise. Remove it when the support of Rails 5.0 is droped. + # that use Devise. Remove it when the support of Rails 5.0 is dropped. elsif root_path_defined?(context) && !rails_51_and_up? rootpath = context.routes.url_helpers.root_path opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1 diff --git a/lib/devise/test/integration_helpers.rb b/lib/devise/test/integration_helpers.rb index 9973138969..0c7c910a71 100644 --- a/lib/devise/test/integration_helpers.rb +++ b/lib/devise/test/integration_helpers.rb @@ -28,7 +28,7 @@ def self.included(base) end end - # Signs in a specific resource, mimicking a successfull sign in + # Signs in a specific resource, mimicking a successful sign in # operation through +Devise::SessionsController#create+. # # * +resource+ - The resource that should be authenticated diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 64a52b9077..ed641ef297 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -65,7 +65,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end end - test 'sign in with invalid pasword should return to sign in form with error message' do + test 'sign in with invalid password should return to sign in form with error message' do sign_in_as_admin do fill_in 'password', with: 'abcdef' end @@ -80,7 +80,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest sign_in_as_user do fill_in 'email', with: 'wrongemail@test.com' end - + assert_not_contain 'Not found in database' assert_contain 'Invalid Email or password.' end diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index ceddd10866..b6f2471480 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -77,7 +77,7 @@ def last_request_at end end - test 'time out user session after deault limit time and redirect to latest get request' do + test 'time out user session after default limit time and redirect to latest get request' do user = sign_in_as_user visit edit_form_user_path(user) diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index f0b4580910..f38829dd42 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -29,7 +29,7 @@ def mail end end - test 'email sent after reseting the user password' do + test 'email sent after resetting the user password' do assert_not_nil mail end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 919e6e4866..ab47f95f13 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -34,7 +34,7 @@ def setup assert create_user.reset_password('123456789', '123456789') end - test 'should clear reset password token while reseting the password' do + test 'should clear reset password token while resetting the password' do user = create_user assert_nil user.reset_password_token From 9fb079c09739b903ad48bade995c7c85d88d72f0 Mon Sep 17 00:00:00 2001 From: Luke Rollans Date: Tue, 17 Dec 2019 13:40:41 +0800 Subject: [PATCH 1229/1473] Add a test which checks for Case Mapping Collisions when resetting pw See here for more information https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/ --- test/integration/recoverable_test.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index c834f1d226..fde7805960 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -33,6 +33,17 @@ def reset_password(options={}, &block) click_button 'Change my password' end + test 'reset password should send to user record email and avoid case mapping collisions' do + create_user(email: 'luke@github.com') + + request_forgot_password do + fill_in 'email', with: 'luke@gıthub.com' + end + + mail = ActionMailer::Base.deliveries.last + assert_equal ['luke@github.com'], mail.to + end + test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do create_user(email: 'Foo@Bar.com') From 0d95c5ae8bf75878e9315e9c5ab829db64e903c8 Mon Sep 17 00:00:00 2001 From: Luke Rollans Date: Tue, 17 Dec 2019 13:47:40 +0800 Subject: [PATCH 1230/1473] Generalise email address --- test/integration/recoverable_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index fde7805960..b1cdb6571f 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -34,14 +34,14 @@ def reset_password(options={}, &block) end test 'reset password should send to user record email and avoid case mapping collisions' do - create_user(email: 'luke@github.com') + create_user(email: 'user@github.com') request_forgot_password do - fill_in 'email', with: 'luke@gıthub.com' + fill_in 'email', with: 'user@gıthub.com' end mail = ActionMailer::Base.deliveries.last - assert_equal ['luke@github.com'], mail.to + assert_equal ['user@github.com'], mail.to end test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do From a3fcb3b682b1648a7ba96e532b6405a95c96ef88 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Thu, 26 Dec 2019 17:44:53 -0700 Subject: [PATCH 1231/1473] Fix two deprecated usages of keyword arguments. This prevents us from using behavior that was deprecated in Ruby 2.7. --- app/controllers/devise_controller.rb | 2 +- lib/devise/failure_app.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index a583d2b4af..9911fa0b85 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -184,7 +184,7 @@ def find_message(kind, options = {}) options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name options = devise_i18n_options(options) - I18n.t("#{options[:resource_name]}.#{kind}", options) + I18n.t("#{options[:resource_name]}.#{kind}", **options) end # Controllers inheriting DeviseController are advised to override this diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 522c60247f..1a7e8e54e3 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -107,7 +107,7 @@ def i18n_message(default = nil) options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector")) options = i18n_options(options) - I18n.t(:"#{scope}.#{message}", options) + I18n.t(:"#{scope}.#{message}", **options) else message.to_s end From a17abad57a5d97594701cee7eac072170f739313 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 3 Feb 2020 11:33:17 -0500 Subject: [PATCH 1232/1473] Remove all references to Plataformatec --- CHANGELOG.md | 6 +- CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 10 +-- ISSUE_TEMPLATE.md | 2 +- MIT-LICENSE | 3 +- README.md | 70 +++++++++---------- config/locales/en.yml | 2 +- devise.gemspec | 4 +- lib/devise/controllers/sign_in_out.rb | 2 +- lib/devise/models/database_authenticatable.rb | 2 +- lib/devise/models/rememberable.rb | 2 +- lib/devise/models/trackable.rb | 2 +- .../omniauth_callbacks_controller.rb | 2 +- 13 files changed, 53 insertions(+), 56 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5b0ad3c4ff..233e9691d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ ### 4.6.2 - 2019-03-26 * bug fixes - * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/plataformatec/devise/issues/5033#issuecomment-476386275 (by @mracos) + * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/heartcombo/devise/issues/5033#issuecomment-476386275 (by @mracos) ### 4.6.1 - 2019-02-11 @@ -70,7 +70,7 @@ * Add `autocomplete="new-password"` to new password fields (by @gssbzn) * Add `autocomplete="current-password"` to current password fields (by @gssbzn) * Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia) - * Update `simple_form` templates with changes from https://github.com/plataformatec/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/plataformatec/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) + * Update `simple_form` templates with changes from https://github.com/heartcombo/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/heartcombo/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) * Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine) * bug fixes @@ -317,5 +317,5 @@ configured (by @joshpencheon) You can check more examples and explanations on the [README section](README.md#strong-parameters) and on the [ParameterSanitizer docs](lib/devise/parameter_sanitizer.rb). -Please check [3-stable](https://github.com/plataformatec/devise/blob/3-stable/CHANGELOG.md) +Please check [3-stable](https://github.com/heartcombo/devise/blob/3-stable/CHANGELOG.md) for previous changes. diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index cae2742e10..a947362010 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -17,6 +17,6 @@ Project maintainers have the right and responsibility to remove, edit, or reject This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [conduct@plataformatec.com.br](conduct@plataformatec.com.br) or contacting one or more of the project maintainers. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [heartcombo@googlegroups.com](heartcombo@googlegroups.com) or contacting one or more of the project maintainers. This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d4a03e7a1f..51b94f9d4f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,7 +8,7 @@ expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md). ## Reporting Issues Before reporting a new issue, please be sure that the issue wasn't already -reported or fixed by searching on GitHub through our [issues](https://github.com/plataformatec/devise/issues). +reported or fixed by searching on GitHub through our [issues](https://github.com/heartcombo/devise/issues). When creating a new issue, be sure to include a **title and clear description**, as much relevant information as possible, and either a test case example or @@ -22,7 +22,7 @@ Please do not attempt to translate Devise built in views. The views are meant to be a starting point for fresh apps and not production material - eventually all applications will require custom views where you can write your own copy and translate it if the application requires it . For historical references, please look into closed -[Issues/Pull Requests](https://github.com/plataformatec/devise/issues?q=i18n) regarding +[Issues/Pull Requests](https://github.com/heartcombo/devise/issues?q=i18n) regarding internationalization. Avoid opening new issues to ask questions in our issues tracker. Please go through @@ -30,7 +30,7 @@ the project wiki, documentation and source code first, or try to ask your questi on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). **If you find a security bug, do not report it through GitHub. Please send an -e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) +e-mail to [heartcombo@googlegroups.com](mailto:heartcombo@googlegroups.com) instead.** ## Sending Pull Requests @@ -50,7 +50,7 @@ are beneficial to a wide range of use cases or it's an application specific chan that might not be so valuable to other applications. Some changes can be introduced as a new `devise-something` gem instead of belonging to the main codebase. -When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/plataformatec/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks +When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/heartcombo/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks to the new setting. We also welcome Pull Requests that improve our existing documentation (both our @@ -66,7 +66,7 @@ you can do: * Help ensure that existing issues follows the recommendations from the _[Reporting Issues](#reporting-issues)_ section, providing feedback to the issue's author on what might be missing. -* Review and update the existing content of our [Wiki](https://github.com/plataformatec/devise/wiki) +* Review and update the existing content of our [Wiki](https://github.com/heartcombo/devise/wiki) with up to date instructions and code samples - the wiki was grown with several different tutorials and references that we can't keep track of everything, so if there is a page that showcases an integration or customization that you are diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 6f03f6f937..904d810734 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -2,7 +2,7 @@ - Do not use the issues tracker for help or support, try Stack Overflow. - For bugs, do a quick search and make sure the bug has not yet been reported -- If you found a security bug, do not report it through GitHub. Please send an e-mail to opensource@plataformatec.com.br instead. +- If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo@googlegroups.com instead. - Finally, be nice and have fun! ## Environment diff --git a/MIT-LICENSE b/MIT-LICENSE index d452d3d490..4896d6e61e 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,5 @@ -Copyright 2009-2019 Plataformatec. http://plataformatec.com.br +Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. +Copyright 2009-2019 Plataformatec. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index 575bd1218a..21c69533c1 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,7 @@ -![Devise Logo](https://raw.github.com/plataformatec/devise/master/devise.png) +![Devise Logo](https://raw.github.com/heartcombo/devise/master/devise.png) -By [Plataformatec](http://plataformatec.com.br/). - -[![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise) -[![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise) - -This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). +[![Build Status](https://api.travis-ci.org/heartcombo/devise.svg?branch=master)](http://travis-ci.org/heartcombo/devise) +[![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise) Devise is a flexible authentication solution for Rails based on Warden. It: @@ -16,16 +12,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: -* [Database Authenticatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. -* [Confirmable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. -* [Recoverable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. -* [Registerable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. -* [Rememberable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. -* [Trackable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. -* [Validatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. -* [Lockable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. +* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. +* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. +* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. +* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. +* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. +* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. +* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. +* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. ## Table of Contents @@ -73,15 +69,15 @@ It's composed of 10 modules: The Devise Wiki has lots of additional information about Devise including many "how-to" articles and answers to the most frequently asked questions. Please browse the Wiki after finishing this README: -https://github.com/plataformatec/devise/wiki +https://github.com/heartcombo/devise/wiki ### Bug reports If you discover a problem with Devise, we would like to know about it. However, we ask that you please review these guidelines before submitting a bug report: -https://github.com/plataformatec/devise/wiki/Bug-reports +https://github.com/heartcombo/devise/wiki/Bug-reports -If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br. +If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to heartcombo@googlegroups.com. ### StackOverflow and Mailing List @@ -97,7 +93,7 @@ https://groups.google.com/group/plataformatec-devise You can view the Devise documentation in RDoc format here: -http://rubydoc.info/github/plataformatec/devise/master/frames +http://rubydoc.info/github/heartcombo/devise/master/frames If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation. @@ -105,19 +101,19 @@ If you need to use Devise with previous versions of Rails, you can always run "g There are a few example applications available on GitHub that demonstrate various features of Devise with different versions of Rails. You can view them here: -https://github.com/plataformatec/devise/wiki/Example-Applications +https://github.com/heartcombo/devise/wiki/Example-Applications ### Extensions Our community has created a number of extensions that add functionality above and beyond what is included with Devise. You can view a list of available extensions and add your own here: -https://github.com/plataformatec/devise/wiki/Extensions +https://github.com/heartcombo/devise/wiki/Extensions ### Contributing We hope that you will consider contributing to Devise. Please read this short overview for some information about how to get started: -https://github.com/plataformatec/devise/wiki/Contributing +https://github.com/heartcombo/devise/wiki/Contributing You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run `bundle install` and `bin/test`. Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`. @@ -136,7 +132,7 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). -Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: ```bash rbenv shell 2.4.2 # or rvm use 2.4.2 @@ -279,7 +275,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, ![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204) -*For previous Devise versions see https://github.com/plataformatec/devise/tree/3-stable#strong-parameters* +*For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters* When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. @@ -464,7 +460,7 @@ Devise also ships with default routes. If you need to customize them, you should devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` -Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details. +Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details. If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router: @@ -520,7 +516,7 @@ en: Take a look at our locale file to check all available messages. You may also be interested in one of the many translations that are available on our wiki: -https://github.com/plataformatec/devise/wiki/I18n +https://github.com/heartcombo/devise/wiki/I18n Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController. @@ -620,7 +616,7 @@ are executed in your tests. You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki: -* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec) +* https://github.com/heartcombo/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec) ### OmniAuth @@ -632,7 +628,7 @@ config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' You can read more about OmniAuth support in the wiki: -* https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview +* https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview ### Configuring multiple models @@ -679,7 +675,7 @@ end ### Password reset tokens and Rails logs -If you enable the [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: +If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. @@ -697,10 +693,10 @@ Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simpl ### Rails API Mode -Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). Devise is _somewhat_ able to handle applications that are built in this mode without additional modifications in the sense that it should not raise exceptions and the like. But some issues may still arise during `development`/`testing`, as we still don't know the full extent of this compatibility. (For more information, see [issue #4947](https://github.com/plataformatec/devise/issues/4947/)) +Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). Devise is _somewhat_ able to handle applications that are built in this mode without additional modifications in the sense that it should not raise exceptions and the like. But some issues may still arise during `development`/`testing`, as we still don't know the full extent of this compatibility. (For more information, see [issue #4947](https://github.com/heartcombo/devise/issues/4947/)) #### Supported Authentication Strategies -API-only applications don't support browser-based authentication via cookies, which is devise's default. Yet, devise can still provide authentication out of the box in those cases with the `http_authenticatable` strategy, which uses HTTP Basic Auth and authenticates the user on each request. (For more info, see this wiki article for [How To: Use HTTP Basic Authentication](https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication)) +API-only applications don't support browser-based authentication via cookies, which is devise's default. Yet, devise can still provide authentication out of the box in those cases with the `http_authenticatable` strategy, which uses HTTP Basic Auth and authenticates the user on each request. (For more info, see this wiki article for [How To: Use HTTP Basic Authentication](https://github.com/heartcombo/devise/wiki/How-To:-Use-HTTP-Basic-Authentication)) The devise default for HTTP Auth is disabled, so it will need to be enabled in the devise initializer for the database strategy: @@ -709,7 +705,7 @@ config.http_authenticatable = [:database] ``` This restriction does not limit you from implementing custom warden strategies, either in your application or via gem-based extensions for devise. -A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](http://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/). +A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/heartcombo/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](http://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/). #### Testing API Mode changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb: @@ -719,7 +715,7 @@ Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatc Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Session::CookieStore ``` -For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696). +For a deeper understanding of this, review [this issue](https://github.com/heartcombo/devise/issues/4696). Additionally be mindful that without views supported, some email-based flows from Confirmable, Recoverable and Lockable are not supported directly at this time. @@ -745,10 +741,10 @@ https://github.com/hassox/warden We have a long list of valued contributors. Check them all at: -https://github.com/plataformatec/devise/graphs/contributors +https://github.com/heartcombo/devise/graphs/contributors ## License -MIT License. Copyright 2009-2019 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2020 Rafael França, Leaonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. diff --git a/config/locales/en.yml b/config/locales/en.yml index ca3d61994d..ab1f07060d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1,4 +1,4 @@ -# Additional translations at https://github.com/plataformatec/devise/wiki/I18n +# Additional translations at https://github.com/heartcombo/devise/wiki/I18n en: devise: diff --git a/devise.gemspec b/devise.gemspec index 66d09ca406..abbbd7f863 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -10,8 +10,8 @@ Gem::Specification.new do |s| s.platform = Gem::Platform::RUBY s.licenses = ["MIT"] s.summary = "Flexible authentication solution for Rails with Warden" - s.email = "contact@plataformatec.com.br" - s.homepage = "https://github.com/plataformatec/devise" + s.email = "heartcombo@googlegroups.com" + s.homepage = "https://github.com/heartcombo/devise" s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index e4d3789390..19481b4d40 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -21,7 +21,7 @@ def signed_in?(scope=nil) # to the set_user method in warden. # If you are using a custom warden strategy and the timeoutable module, you have to # set `env["devise.skip_timeout"] = true` in the request to use this method, like we do - # in the sessions controller: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 + # in the sessions controller: https://github.com/heartcombo/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 # # Examples: # diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index ffb3ec6064..7b1df78955 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -195,7 +195,7 @@ def send_password_change_notification # Hashes the password using bcrypt. Custom hash functions should override # this method to apply their own algorithm. # - # See https://github.com/plataformatec/devise-encryptable for examples + # See https://github.com/heartcombo/devise-encryptable for examples # of other hashing engines. def password_digest(password) Devise::Encryptor.digest(self.class, password) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 5a175013c1..76ac0b8139 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -102,7 +102,7 @@ def after_remembered def remember_me?(token, generated_at) # TODO: Normalize the JSON type coercion along with the Timeoutable hook - # in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18 + # in a single place https://github.com/heartcombo/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18 if generated_at.is_a?(String) generated_at = time_from_json(generated_at) end diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index e450838d33..2328597c30 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -33,7 +33,7 @@ def update_tracked_fields(request) def update_tracked_fields!(request) # We have to check if the user is already persisted before running # `save` here because invalid users can be saved if we don't. - # See https://github.com/plataformatec/devise/issues/4673 for more details. + # See https://github.com/heartcombo/devise/issues/4673 for more details. return if new_record? update_tracked_fields(request) diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb index 5f95be2d2b..29556cf6e9 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb @@ -9,7 +9,7 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback # end # More info at: - # https://github.com/plataformatec/devise#omniauth + # https://github.com/heartcombo/devise#omniauth # GET|POST /resource/auth/twitter # def passthru From f8daa52b9b99269ce24ddeb418fbd1652730d3c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 3 Feb 2020 12:01:11 -0500 Subject: [PATCH 1233/1473] Change license of the logo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 21c69533c1..93c2d055e2 100644 --- a/README.md +++ b/README.md @@ -747,4 +747,4 @@ https://github.com/heartcombo/devise/graphs/contributors MIT License. Copyright 2020 Rafael França, Leaonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. -You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. +The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From 249064d8f61f0abed0c7d14207f8a3f4ce0b6544 Mon Sep 17 00:00:00 2001 From: Felix Wolfsteller Date: Thu, 6 Feb 2020 18:13:30 +0100 Subject: [PATCH 1234/1473] update README to reflect current Rails version Paragraph defaults to description of how to test in Rails 5/6 now. --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 93c2d055e2..35608bcbe7 100644 --- a/README.md +++ b/README.md @@ -528,15 +528,21 @@ cases/specs. ### Controller tests -Controller tests require that you include `Devise::Test::ControllerHelpers` on +Controller tests require that you include `Devise::Test::IntegrationHelpers` on your test case or its parent `ActionController::TestCase` superclass. -For Rails 5, include `Devise::Test::IntegrationHelpers` instead, since the superclass -for controller tests has been changed to ActionDispatch::IntegrationTest +For Rails versions prior to 5, include `Devise::Test::ControllerHelpers` instead, since the superclass +for controller tests was changed to ActionDispatch::IntegrationTest (for more details, see the [Integration tests](#integration-tests) section). ```ruby class PostsControllerTest < ActionController::TestCase - include Devise::Test::ControllerHelpers + include Devise::Test::IntegrationHelpers # Rails >= 5 +end +``` + +```ruby +class PostsControllerTest < ActionController::TestCase + include Devise::Test::ControllerHelpers # Rails < 5 end ``` From 12a265d1eb97114b3ec5a6a9d826ba92c5287a09 Mon Sep 17 00:00:00 2001 From: Steven Hsieh Date: Wed, 19 Feb 2020 10:51:36 -0800 Subject: [PATCH 1235/1473] optimize earlier timeout_skip to avoid unecessary record lookup --- lib/devise/hooks/timeoutable.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index 41b1fde80a..772eb142b7 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -21,8 +21,8 @@ proxy = Devise::Hooks::Proxy.new(warden) - if record.timedout?(last_request_at) && - !env['devise.skip_timeout'] && + if !env['devise.skip_timeout'] && + record.timedout?(last_request_at) && !proxy.remember_me_is_active?(record) Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope) throw :warden, scope: scope, message: :timeout From 748803cd5931724680ec1f6906e64c42203bb7e8 Mon Sep 17 00:00:00 2001 From: unleashy Date: Thu, 5 Mar 2020 14:47:43 -0300 Subject: [PATCH 1236/1473] Clarify DatabaseAuthenticable's behaviour with regards to the `password` field --- lib/devise/models/database_authenticatable.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 7b1df78955..039cc977a4 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -7,6 +7,10 @@ module Models # Authenticatable Module, responsible for hashing the password and # validating the authenticity of a user while signing in. # + # This module overrides the `password=` method and skips setting the password + # when Rails is setting attributes, instead it hashes the plaintext password + # and stores it in `encrypted_password` for legacy reasons. + # # == Options # # DatabaseAuthenticatable adds the following options to devise_for: From 63fe1a843f60c3cd1d89731ab82bcc44e1a653e5 Mon Sep 17 00:00:00 2001 From: Petrik Date: Thu, 12 Mar 2020 16:16:55 +0100 Subject: [PATCH 1237/1473] Explain how changing stretches affects existing password hashes --- lib/generators/templates/devise.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 0c971902b8..1dbaddaa6e 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -114,6 +114,9 @@ # ==> Configuration for :database_authenticatable # For bcrypt, this is the cost for hashing the password and defaults to 12. If # using other algorithms, it sets how many times you want the password to be hashed. + # The number of stretches used for generating the hashed password are stored + # with the hashed password. This allows you to change the stretches without + # invalidating existing passwords. # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use From eefae83c923454b2410d110fa678c238b630a0eb Mon Sep 17 00:00:00 2001 From: unleashy Date: Thu, 12 Mar 2020 15:52:51 -0300 Subject: [PATCH 1238/1473] Make a more accurate claim --- lib/devise/models/database_authenticatable.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 039cc977a4..58bac413ad 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -7,9 +7,9 @@ module Models # Authenticatable Module, responsible for hashing the password and # validating the authenticity of a user while signing in. # - # This module overrides the `password=` method and skips setting the password - # when Rails is setting attributes, instead it hashes the plaintext password - # and stores it in `encrypted_password` for legacy reasons. + # This module defines a `password=` method. This method will hash the argument + # and store it in the `encrypted_password` column, bypassing any pre-existing + # `password` column if it exists. # # == Options # From 6851f1d1c45ac9400d0610b64145f0b23195129d Mon Sep 17 00:00:00 2001 From: Gaspard d'Hautefeuille Date: Thu, 26 Mar 2020 16:56:45 +0000 Subject: [PATCH 1239/1473] Deprecation warning: Expected string default value for '--orm' --- lib/generators/devise/devise_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index 79f860ba9e..55a7a7d487 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -13,7 +13,7 @@ class DeviseGenerator < Rails::Generators::NamedBase desc "Generates a model with the given NAME (if one does not exist) with devise " \ "configuration plus a migration file and devise routes." - hook_for :orm + hook_for :orm, required: true, desc: "ORM to be invoked" class_option :routes, desc: "Generate routes", type: :boolean, default: true From d65bb156c1f9f0256da313f5a6c52b23b08a255d Mon Sep 17 00:00:00 2001 From: HLFH Date: Sat, 28 Mar 2020 09:13:35 +0000 Subject: [PATCH 1240/1473] type: :boolean for :orm --- lib/generators/devise/devise_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index 55a7a7d487..625b6db76f 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -13,7 +13,7 @@ class DeviseGenerator < Rails::Generators::NamedBase desc "Generates a model with the given NAME (if one does not exist) with devise " \ "configuration plus a migration file and devise routes." - hook_for :orm, required: true, desc: "ORM to be invoked" + hook_for :orm, type: :boolean class_option :routes, desc: "Generate routes", type: :boolean, default: true From 1f30f6fa8521aae0fca658208da8f55b47f39878 Mon Sep 17 00:00:00 2001 From: Hiroyuki Morita Date: Thu, 23 Apr 2020 08:19:21 +0900 Subject: [PATCH 1241/1473] Remove unused method from Devise::Generators::InstallGenerator `rails_4?` is not called anymore since 2024fca4dfa3323070c3477e262b8422cadf6a42. --- lib/generators/devise/install_generator.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index f81494d6b2..5f091893dc 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -37,10 +37,6 @@ def copy_locale def show_readme readme "README" if behavior == :invoke end - - def rails_4? - Rails::VERSION::MAJOR == 4 - end end end end From 64ea43f6ab80325a9fa6a585574e0f4b241b3a0a Mon Sep 17 00:00:00 2001 From: OKURA Masafumi Date: Fri, 1 May 2020 16:48:17 +0900 Subject: [PATCH 1242/1473] Correct warden URL in README [ci skip] Warden moved to its own organization so we should follow it. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 35608bcbe7..ac2a1d7cce 100644 --- a/README.md +++ b/README.md @@ -741,7 +741,7 @@ Read more about the potential issues at http://guides.rubyonrails.org/asset_pipe Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here: -https://github.com/hassox/warden +https://github.com/wardencommunity/warden ### Contributors From 9437f2de57a05d35e007d4fbce2ddc40355bc918 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:25:08 -0300 Subject: [PATCH 1243/1473] Test with Ruby 2.7 --- .travis.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.travis.yml b/.travis.yml index a3cd864c27..f9e8d5474d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,7 @@ rvm: - 2.4.5 - 2.5.3 - 2.6.0 + - 2.7.1 - ruby-head gemfile: @@ -45,6 +46,16 @@ matrix: gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.6.0 gemfile: gemfiles/Gemfile.rails-4.2-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.2-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.0-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: ruby-head From e3f4beced4749832a071d0b5b75f61c3c1a85552 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:33:09 -0300 Subject: [PATCH 1244/1473] Add Rails 5.1 to the matrix Not sure how/when this one was removed, probably just mistakenly, so let's add it back for now, at least while we support multiple old Ruby / Rails versions. (which I plan to remove support in the near future.) --- .travis.yml | 7 + gemfiles/Gemfile.rails-5.1-stable | 27 ++++ gemfiles/Gemfile.rails-5.1-stable.lock | 193 +++++++++++++++++++++++++ 3 files changed, 227 insertions(+) create mode 100644 gemfiles/Gemfile.rails-5.1-stable create mode 100644 gemfiles/Gemfile.rails-5.1-stable.lock diff --git a/.travis.yml b/.travis.yml index f9e8d5474d..06d9224248 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,7 @@ gemfile: - Gemfile - gemfiles/Gemfile.rails-6.0-stable - gemfiles/Gemfile.rails-5.2-stable + - gemfiles/Gemfile.rails-5.1-stable - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable @@ -26,6 +27,8 @@ matrix: gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.2-stable + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.1-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.0-stable - rvm: 2.2.10 @@ -54,6 +57,8 @@ matrix: gemfile: gemfiles/Gemfile.rails-4.2-stable - rvm: 2.7.1 gemfile: gemfiles/Gemfile.rails-5.0-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.1-stable - rvm: 2.7.1 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: ruby-head @@ -64,6 +69,8 @@ matrix: gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.0-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.1-stable - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile.rails-5.1-stable new file mode 100644 index 0000000000..70c21f0f03 --- /dev/null +++ b/gemfiles/Gemfile.rails-5.1-stable @@ -0,0 +1,27 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '~> 5.1.0' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing" + +gem "responders", "~> 2.1" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false + gem 'test_after_commit', require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.3.6" +end diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock new file mode 100644 index 0000000000..a992f85ddc --- /dev/null +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -0,0 +1,193 @@ +GIT + remote: https://github.com/rails/activemodel-serializers-xml.git + revision: 93689638c28525acc65afb638fce866826532641 + specs: + activemodel-serializers-xml (1.0.2) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) + builder (~> 3.1) + +PATH + remote: .. + specs: + devise (4.7.1) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + actioncable (5.1.7) + actionpack (= 5.1.7) + nio4r (~> 2.0) + websocket-driver (~> 0.6.1) + actionmailer (5.1.7) + actionpack (= 5.1.7) + actionview (= 5.1.7) + activejob (= 5.1.7) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.1.7) + actionview (= 5.1.7) + activesupport (= 5.1.7) + rack (~> 2.0) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.1.7) + activesupport (= 5.1.7) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.1.7) + activesupport (= 5.1.7) + globalid (>= 0.3.6) + activemodel (5.1.7) + activesupport (= 5.1.7) + activerecord (5.1.7) + activemodel (= 5.1.7) + activesupport (= 5.1.7) + arel (~> 8.0) + activesupport (5.1.7) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + arel (8.0.0) + bcrypt (3.1.13) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) + faraday (1.0.1) + multipart-post (>= 1.2, < 3) + globalid (0.4.2) + activesupport (>= 4.2.0) + hashie (4.1.0) + i18n (1.8.3) + concurrent-ruby (~> 1.0) + jwt (2.2.1) + loofah (2.5.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + method_source (1.0.0) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) + multi_xml (0.6.0) + multipart-post (2.1.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.9.1) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + omniauth-facebook (6.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack (2.2.2) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (5.1.7) + actioncable (= 5.1.7) + actionmailer (= 5.1.7) + actionpack (= 5.1.7) + actionview (= 5.1.7) + activejob (= 5.1.7) + activemodel (= 5.1.7) + activerecord (= 5.1.7) + activesupport (= 5.1.7) + bundler (>= 1.3.0) + railties (= 5.1.7) + sprockets-rails (>= 2.0.0) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.1.7) + actionpack (= 5.1.7) + activesupport (= 5.1.7) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (13.0.1) + rdoc (6.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.9.2) + sprockets (4.0.1) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.3.13) + test_after_commit (1.1.0) + activerecord (>= 3.2) + thor (1.0.1) + thread_safe (0.3.6) + timecop (0.9.1) + tzinfo (1.2.7) + thread_safe (~> 0.1) + warden (1.2.8) + rack (>= 2.0.6) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + websocket-driver (0.6.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + devise! + mocha (~> 1.1) + omniauth + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails (~> 5.1.0) + rails-controller-testing + rdoc + responders (~> 2.1) + sqlite3 (~> 1.3.6) + test_after_commit + timecop + webrat (= 0.7.3) + +BUNDLED WITH + 1.17.3 From 1a83b58d7253906f2cebb58dff4c3327b5d8712e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:36:09 -0300 Subject: [PATCH 1245/1473] Remove Rails 6 from allow failures Rails 6 is officially supported, so tests must pass with it. --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 06d9224248..5ab3b9a05e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -77,7 +77,6 @@ matrix: gemfile: gemfiles/Gemfile.rails-6.0-stable allow_failures: - rvm: ruby-head - - gemfile: gemfiles/Gemfile.rails-6.0-stable services: - mongodb From 2e3b70ca62ef23557643f827b864dc6fa00ec535 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:40:27 -0300 Subject: [PATCH 1246/1473] Update Ruby versions to test against --- .travis.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5ab3b9a05e..3a420e339a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,9 +4,9 @@ rvm: - 2.1.10 - 2.2.10 - 2.3.8 - - 2.4.5 - - 2.5.3 - - 2.6.0 + - 2.4.10 + - 2.5.8 + - 2.6.6 - 2.7.1 - ruby-head @@ -39,15 +39,15 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.4.5 + - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.4.5 + - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.5.3 + - rvm: 2.5.8 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.6.0 + - rvm: 2.6.6 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.6.0 + - rvm: 2.6.6 gemfile: gemfiles/Gemfile.rails-4.2-stable - rvm: 2.7.1 gemfile: gemfiles/Gemfile.rails-4.1-stable From a3d9161712dc27f5c0cea4e0f3c2602e9cc803af Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:45:24 -0300 Subject: [PATCH 1247/1473] Bundle update everything --- Gemfile.lock | 194 ++++++++++++------------- gemfiles/Gemfile.rails-4.1-stable.lock | 119 ++++++++------- gemfiles/Gemfile.rails-4.2-stable.lock | 151 ++++++++++--------- gemfiles/Gemfile.rails-5.0-stable.lock | 183 ++++++++++++----------- gemfiles/Gemfile.rails-5.2-stable | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 184 ++++++++++++----------- gemfiles/Gemfile.rails-6.0-stable.lock | 174 +++++++++++----------- 7 files changed, 498 insertions(+), 509 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index aaac958521..957127deea 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,10 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531 + revision: 93689638c28525acc65afb638fce866826532641 specs: - activemodel-serializers-xml (1.0.1) - activemodel (> 5.x) - activesupport (> 5.x) + activemodel-serializers-xml (1.0.2) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) builder (~> 3.1) PATH @@ -20,141 +20,139 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.0) - actionpack (= 5.2.0) + actioncable (5.2.4.3) + actionpack (= 5.2.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.0) - actionpack (= 5.2.0) - actionview (= 5.2.0) - activejob (= 5.2.0) + actionmailer (5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.0) - actionview (= 5.2.0) - activesupport (= 5.2.0) - rack (~> 2.0) + actionpack (5.2.4.3) + actionview (= 5.2.4.3) + activesupport (= 5.2.4.3) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.0) - activesupport (= 5.2.0) + actionview (5.2.4.3) + activesupport (= 5.2.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.0) - activesupport (= 5.2.0) + activejob (5.2.4.3) + activesupport (= 5.2.4.3) globalid (>= 0.3.6) - activemodel (5.2.0) - activesupport (= 5.2.0) - activerecord (5.2.0) - activemodel (= 5.2.0) - activesupport (= 5.2.0) + activemodel (5.2.4.3) + activesupport (= 5.2.4.3) + activerecord (5.2.4.3) + activemodel (= 5.2.4.3) + activesupport (= 5.2.4.3) arel (>= 9.0) - activestorage (5.2.0) - actionpack (= 5.2.0) - activerecord (= 5.2.0) + activestorage (5.2.4.3) + actionpack (= 5.2.4.3) + activerecord (= 5.2.4.3) marcel (~> 0.3.1) - activesupport (5.2.0) + activesupport (5.2.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) bcrypt (3.1.13) - builder (3.2.3) - concurrent-ruby (1.0.5) - crass (1.0.4) - erubi (1.7.1) - faraday (0.11.0) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - globalid (0.4.1) + globalid (0.4.2) activesupport (>= 4.2.0) - hashie (3.5.7) - i18n (1.0.0) + hashie (4.1.0) + i18n (1.8.3) concurrent-ruby (~> 1.0) - jwt (1.5.6) - loofah (2.2.2) + jwt (2.2.1) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.0) + mail (2.7.1) mini_mime (>= 0.1.1) - marcel (0.3.2) + marcel (0.3.3) mimemagic (~> 0.3.2) - metaclass (0.0.4) - method_source (0.9.0) - mimemagic (0.3.2) - mini_mime (1.0.0) - mini_portile2 (2.3.0) - minitest (5.11.3) - mocha (1.2.1) - metaclass (~> 0.0.1) - multi_json (1.12.1) + method_source (1.0.0) + mimemagic (0.3.5) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) - nio4r (2.3.0) - nokogiri (1.8.2) - mini_portile2 (~> 2.3.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + multipart-post (2.1.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.8.1) - hashie (>= 3.4.6, < 3.6.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) - omniauth (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.4) + rack (2.2.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (1.0.0) + rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.0) - actioncable (= 5.2.0) - actionmailer (= 5.2.0) - actionpack (= 5.2.0) - actionview (= 5.2.0) - activejob (= 5.2.0) - activemodel (= 5.2.0) - activerecord (= 5.2.0) - activestorage (= 5.2.0) - activesupport (= 5.2.0) + rails (5.2.4.3) + actioncable (= 5.2.4.3) + actionmailer (= 5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) + activemodel (= 5.2.4.3) + activerecord (= 5.2.4.3) + activestorage (= 5.2.4.3) + activesupport (= 5.2.4.3) bundler (>= 1.3.0) - railties (= 5.2.0) + railties (= 5.2.4.3) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.1) - actionpack (~> 5.x) - actionview (~> 5.x) - activesupport (~> 5.x) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) - loofah (~> 2.2, >= 2.2.2) - railties (5.2.0) - actionpack (= 5.2.0) - activesupport (= 5.2.0) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.3) + actionpack (= 5.2.4.3) + activesupport (= 5.2.4.3) method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (12.3.1) - rdoc (5.1.0) - responders (2.4.0) - actionpack (>= 4.2.0, < 5.3) - railties (>= 4.2.0, < 5.3) - ruby-openid (2.7.0) - sprockets (3.7.1) + thor (>= 0.19.0, < 2.0) + rake (13.0.1) + rdoc (6.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -162,20 +160,20 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - thor (0.20.0) + thor (1.0.1) thread_safe (0.3.6) - timecop (0.8.1) - tzinfo (1.2.5) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) + warden (1.2.8) + rack (>= 2.0.6) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.0) + websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.5) PLATFORMS ruby diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index dbdfe0f874..081d634b50 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -7,6 +7,28 @@ GIT actionpack (= 4.1.16) actionview (= 4.1.16) mail (~> 2.5, >= 2.5.4) + actionpack (4.1.16) + actionview (= 4.1.16) + activesupport (= 4.1.16) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + actionview (4.1.16) + activesupport (= 4.1.16) + builder (~> 3.1) + erubis (~> 2.7.0) + activemodel (4.1.16) + activesupport (= 4.1.16) + builder (~> 3.1) + activerecord (4.1.16) + activemodel (= 4.1.16) + activesupport (= 4.1.16) + arel (~> 5.0.0) + activesupport (4.1.16) + i18n (~> 0.6, >= 0.6.9) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) + thread_safe (~> 0.1) + tzinfo (~> 1.1) rails (4.1.16) actionmailer (= 4.1.16) actionpack (= 4.1.16) @@ -17,6 +39,11 @@ GIT bundler (>= 1.3.0, < 2.0) railties (= 4.1.16) sprockets-rails (~> 2.0) + railties (4.1.16) + actionpack (= 4.1.16) + activesupport (= 4.1.16) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) PATH remote: .. @@ -31,51 +58,26 @@ PATH GEM remote: https://rubygems.org/ specs: - actionpack (4.1.16) - actionview (= 4.1.16) - activesupport (= 4.1.16) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - actionview (4.1.16) - activesupport (= 4.1.16) - builder (~> 3.1) - erubis (~> 2.7.0) - activemodel (4.1.16) - activesupport (= 4.1.16) - builder (~> 3.1) - activerecord (4.1.16) - activemodel (= 4.1.16) - activesupport (= 4.1.16) - arel (~> 5.0.0) - activesupport (4.1.16) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.1) - tzinfo (~> 1.1) arel (5.0.1.20140414130214) bcrypt (3.1.13) - bson (3.2.6) - builder (3.2.3) - concurrent-ruby (1.0.5) - connection_pool (2.2.1) + bson (3.2.7) + builder (3.2.4) + concurrent-ruby (1.1.6) + connection_pool (2.2.3) erubis (2.7.0) - faraday (0.11.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - hashie (3.5.5) - i18n (0.8.1) + hashie (3.6.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) json (1.8.6) - jwt (1.5.6) - mail (2.6.4) - mime-types (>= 1.16, < 4) - metaclass (0.0.4) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) + jwt (2.2.1) + mail (2.7.1) + mini_mime (>= 0.1.1) + mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.10.1) - mocha (1.2.1) - metaclass (~> 0.0.1) + minitest (5.14.1) + mocha (1.11.2) mongoid (4.0.2) activemodel (~> 4.0) moped (~> 2.0.0) @@ -85,30 +87,30 @@ GEM bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.12.1) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) + multipart-post (2.1.1) nokogiri (1.9.1) mini_portile2 (~> 2.4.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) omniauth (1.4.2) hashie (>= 1.2, < 4) rack (>= 1.0, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) + omniauth-oauth2 (1.5.0) + oauth2 (~> 1.1) omniauth (~> 1.2) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.3.0) + origin (2.3.1) orm_adapter (0.5.0) rack (1.5.5) rack-openid (1.3.1) @@ -116,17 +118,12 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - railties (4.1.16) - actionpack (= 4.1.16) - activesupport (= 4.1.16) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (12.0.0) + rake (13.0.1) rdoc (5.1.0) responders (1.1.2) railties (>= 3.2, < 4.2) - ruby-openid (2.7.0) - sprockets (3.7.1) + ruby-openid (2.9.2) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) @@ -134,12 +131,12 @@ GEM activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) - thor (0.19.4) + test_after_commit (1.2.2) + activerecord (>= 3.2, < 5.0) + thor (1.0.1) thread_safe (0.3.6) - timecop (0.8.1) - tzinfo (1.2.2) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) warden (1.2.7) rack (>= 1.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index f0aa865182..7ad16cca50 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,56 +1,56 @@ GIT remote: git://github.com/rails/rails.git - revision: dc3ae21802c316e1639239d28202db7aa7fb7cac + revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997 branch: 4-2-stable specs: - actionmailer (4.2.8) - actionpack (= 4.2.8) - actionview (= 4.2.8) - activejob (= 4.2.8) + actionmailer (4.2.11.3) + actionpack (= 4.2.11.3) + actionview (= 4.2.11.3) + activejob (= 4.2.11.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.8) - actionview (= 4.2.8) - activesupport (= 4.2.8) + actionpack (4.2.11.3) + actionview (= 4.2.11.3) + activesupport (= 4.2.11.3) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.8) - activesupport (= 4.2.8) + actionview (4.2.11.3) + activesupport (= 4.2.11.3) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (4.2.8) - activesupport (= 4.2.8) + activejob (4.2.11.3) + activesupport (= 4.2.11.3) globalid (>= 0.3.0) - activemodel (4.2.8) - activesupport (= 4.2.8) + activemodel (4.2.11.3) + activesupport (= 4.2.11.3) builder (~> 3.1) - activerecord (4.2.8) - activemodel (= 4.2.8) - activesupport (= 4.2.8) + activerecord (4.2.11.3) + activemodel (= 4.2.11.3) + activesupport (= 4.2.11.3) arel (~> 6.0) - activesupport (4.2.8) + activesupport (4.2.11.3) i18n (~> 0.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - rails (4.2.8) - actionmailer (= 4.2.8) - actionpack (= 4.2.8) - actionview (= 4.2.8) - activejob (= 4.2.8) - activemodel (= 4.2.8) - activerecord (= 4.2.8) - activesupport (= 4.2.8) + rails (4.2.11.3) + actionmailer (= 4.2.11.3) + actionpack (= 4.2.11.3) + actionview (= 4.2.11.3) + activejob (= 4.2.11.3) + activemodel (= 4.2.11.3) + activerecord (= 4.2.11.3) + activesupport (= 4.2.11.3) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.8) + railties (= 4.2.11.3) sprockets-rails - railties (4.2.8) - actionpack (= 4.2.8) - activesupport (= 4.2.8) + railties (4.2.11.3) + actionpack (= 4.2.11.3) + activesupport (= 4.2.11.3) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -69,30 +69,29 @@ GEM specs: arel (6.0.4) bcrypt (3.1.13) - bson (3.2.6) - builder (3.2.3) - concurrent-ruby (1.0.5) - connection_pool (2.2.1) + bson (3.2.7) + builder (3.2.4) + concurrent-ruby (1.1.6) + connection_pool (2.2.3) + crass (1.0.6) erubis (2.7.0) - faraday (0.11.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - globalid (0.3.7) - activesupport (>= 4.1.0) - hashie (3.5.5) - i18n (0.8.1) - jwt (1.5.6) - loofah (2.0.3) + globalid (0.4.2) + activesupport (>= 4.2.0) + hashie (4.1.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) + jwt (2.2.1) + loofah (2.5.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - metaclass (0.0.4) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) + mail (2.7.1) + mini_mime (>= 0.1.1) + mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.10.1) - mocha (1.2.1) - metaclass (~> 0.0.1) + minitest (5.14.1) + mocha (1.11.2) mongoid (4.0.2) activemodel (~> 4.0) moped (~> 2.0.0) @@ -102,32 +101,32 @@ GEM bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.12.1) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) + multipart-post (2.1.1) nokogiri (1.9.1) mini_portile2 (~> 2.4.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.6.1) - hashie (>= 3.4.6, < 3.6.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) - omniauth (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.3.0) + origin (2.3.1) orm_adapter (0.5.0) - rack (1.6.5) + rack (1.6.13) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -135,32 +134,32 @@ GEM rack (>= 1.0) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.8) - activesupport (>= 4.2.0.beta, < 5.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - rake (12.0.0) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + rake (13.0.1) rdoc (5.1.0) responders (2.4.1) actionpack (>= 4.2.0, < 6.0) railties (>= 4.2.0, < 6.0) - ruby-openid (2.7.0) - sprockets (3.7.1) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) - thor (0.19.4) + test_after_commit (1.2.2) + activerecord (>= 3.2, < 5.0) + thor (1.0.1) thread_safe (0.3.6) - timecop (0.8.1) - tzinfo (1.2.2) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) warden (1.2.7) rack (>= 1.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 9d0b936c26..be02fd054b 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -1,10 +1,10 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531 + revision: 93689638c28525acc65afb638fce866826532641 specs: - activemodel-serializers-xml (1.0.1) - activemodel (> 5.x) - activesupport (> 5.x) + activemodel-serializers-xml (1.0.2) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) builder (~> 3.1) PATH @@ -20,155 +20,154 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.0.2) - actionpack (= 5.0.2) + actioncable (5.0.7.2) + actionpack (= 5.0.7.2) nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.2) - actionpack (= 5.0.2) - actionview (= 5.0.2) - activejob (= 5.0.2) + actionmailer (5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.2) - actionview (= 5.0.2) - activesupport (= 5.0.2) + actionpack (5.0.7.2) + actionview (= 5.0.7.2) + activesupport (= 5.0.7.2) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.2) - activesupport (= 5.0.2) + actionview (5.0.7.2) + activesupport (= 5.0.7.2) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.0.2) - activesupport (= 5.0.2) + activejob (5.0.7.2) + activesupport (= 5.0.7.2) globalid (>= 0.3.6) - activemodel (5.0.2) - activesupport (= 5.0.2) - activerecord (5.0.2) - activemodel (= 5.0.2) - activesupport (= 5.0.2) + activemodel (5.0.7.2) + activesupport (= 5.0.7.2) + activerecord (5.0.7.2) + activemodel (= 5.0.7.2) + activesupport (= 5.0.7.2) arel (~> 7.0) - activesupport (5.0.2) + activesupport (5.0.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) arel (7.1.4) bcrypt (3.1.13) - builder (3.2.3) - concurrent-ruby (1.0.5) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) erubis (2.7.0) - faraday (0.11.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - globalid (0.4.0) + globalid (0.4.2) activesupport (>= 4.2.0) - hashie (3.5.5) - i18n (0.8.1) - jwt (1.5.6) - loofah (2.0.3) + hashie (4.1.0) + i18n (1.8.3) + concurrent-ruby (~> 1.0) + jwt (2.2.1) + loofah (2.5.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.5) - mime-types (>= 1.16, < 4) - metaclass (0.0.4) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) - mocha (1.2.1) - metaclass (~> 0.0.1) - multi_json (1.12.1) + mail (2.7.1) + mini_mime (>= 0.1.1) + method_source (1.0.0) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) - nio4r (2.0.0) - nokogiri (1.7.2) - mini_portile2 (~> 2.1.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + multipart-post (2.1.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.6.1) - hashie (>= 3.4.6, < 3.6.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) - omniauth (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.2) + rack (2.2.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.2) - actioncable (= 5.0.2) - actionmailer (= 5.0.2) - actionpack (= 5.0.2) - actionview (= 5.0.2) - activejob (= 5.0.2) - activemodel (= 5.0.2) - activerecord (= 5.0.2) - activesupport (= 5.0.2) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.2) + rails (5.0.7.2) + actioncable (= 5.0.7.2) + actionmailer (= 5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) + activemodel (= 5.0.7.2) + activerecord (= 5.0.7.2) + activesupport (= 5.0.7.2) + bundler (>= 1.3.0) + railties (= 5.0.7.2) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.1) - actionpack (~> 5.x) - actionview (~> 5.x) - activesupport (~> 5.x) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.0.2) - actionpack (= 5.0.2) - activesupport (= 5.0.2) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.0.7.2) + actionpack (= 5.0.7.2) + activesupport (= 5.0.7.2) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (12.0.0) - rdoc (5.1.0) - responders (2.4.0) - actionpack (>= 4.2.0, < 5.3) - railties (>= 4.2.0, < 5.3) - ruby-openid (2.7.0) - sprockets (3.7.1) + rake (13.0.1) + rdoc (6.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) test_after_commit (1.1.0) activerecord (>= 3.2) - thor (0.19.4) + thor (1.0.1) thread_safe (0.3.6) - timecop (0.8.1) - tzinfo (1.2.3) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) + warden (1.2.8) + rack (>= 2.0.6) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.5) PLATFORMS ruby diff --git a/gemfiles/Gemfile.rails-5.2-stable b/gemfiles/Gemfile.rails-5.2-stable index 3fc1bb7caa..5f472c81ee 100644 --- a/gemfiles/Gemfile.rails-5.2-stable +++ b/gemfiles/Gemfile.rails-5.2-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 5.2' +gem "rails", '~> 5.2.0' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 629971f41d..4e46928a4a 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -1,10 +1,10 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: f744aeca2747ed3134e492249c4ee39b548efdf6 + revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) - activemodel (> 5.x) - activesupport (> 5.x) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) builder (~> 3.1) PATH @@ -20,141 +20,139 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.1) - actionpack (= 5.2.1) + actioncable (5.2.4.3) + actionpack (= 5.2.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.1) - actionpack (= 5.2.1) - actionview (= 5.2.1) - activejob (= 5.2.1) + actionmailer (5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.1) - actionview (= 5.2.1) - activesupport (= 5.2.1) - rack (~> 2.0) + actionpack (5.2.4.3) + actionview (= 5.2.4.3) + activesupport (= 5.2.4.3) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.1) - activesupport (= 5.2.1) + actionview (5.2.4.3) + activesupport (= 5.2.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.1) - activesupport (= 5.2.1) + activejob (5.2.4.3) + activesupport (= 5.2.4.3) globalid (>= 0.3.6) - activemodel (5.2.1) - activesupport (= 5.2.1) - activerecord (5.2.1) - activemodel (= 5.2.1) - activesupport (= 5.2.1) + activemodel (5.2.4.3) + activesupport (= 5.2.4.3) + activerecord (5.2.4.3) + activemodel (= 5.2.4.3) + activesupport (= 5.2.4.3) arel (>= 9.0) - activestorage (5.2.1) - actionpack (= 5.2.1) - activerecord (= 5.2.1) + activestorage (5.2.4.3) + actionpack (= 5.2.4.3) + activerecord (= 5.2.4.3) marcel (~> 0.3.1) - activesupport (5.2.1) + activesupport (5.2.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) bcrypt (3.1.13) - builder (3.2.3) - concurrent-ruby (1.0.5) - crass (1.0.4) - erubi (1.7.1) - faraday (0.12.2) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - globalid (0.4.1) + globalid (0.4.2) activesupport (>= 4.2.0) - hashie (3.5.7) - i18n (1.1.0) + hashie (4.1.0) + i18n (1.8.3) concurrent-ruby (~> 1.0) - jwt (1.5.6) - loofah (2.2.2) + jwt (2.2.1) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.0) + mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) - metaclass (0.0.4) - method_source (0.9.0) - mimemagic (0.3.2) - mini_mime (1.0.1) - mini_portile2 (2.3.0) - minitest (5.11.3) - mocha (1.7.0) - metaclass (~> 0.0.1) - multi_json (1.13.1) + method_source (1.0.0) + mimemagic (0.3.5) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) - nio4r (2.3.1) - nokogiri (1.8.5) - mini_portile2 (~> 2.3.0) - oauth2 (1.4.0) - faraday (>= 0.8, < 0.13) - jwt (~> 1.0) + multipart-post (2.1.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.8.1) - hashie (>= 3.4.6, < 3.6.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (5.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.5.0) + omniauth-oauth2 (1.6.0) oauth2 (~> 1.1) - omniauth (~> 1.2) + omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.5) + rack (2.2.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.1) - actioncable (= 5.2.1) - actionmailer (= 5.2.1) - actionpack (= 5.2.1) - actionview (= 5.2.1) - activejob (= 5.2.1) - activemodel (= 5.2.1) - activerecord (= 5.2.1) - activestorage (= 5.2.1) - activesupport (= 5.2.1) + rails (5.2.4.3) + actioncable (= 5.2.4.3) + actionmailer (= 5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) + activemodel (= 5.2.4.3) + activerecord (= 5.2.4.3) + activestorage (= 5.2.4.3) + activesupport (= 5.2.4.3) bundler (>= 1.3.0) - railties (= 5.2.1) + railties (= 5.2.4.3) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.2) - actionpack (~> 5.x, >= 5.0.1) - actionview (~> 5.x, >= 5.0.1) - activesupport (~> 5.x) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) - loofah (~> 2.2, >= 2.2.2) - railties (5.2.1) - actionpack (= 5.2.1) - activesupport (= 5.2.1) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.3) + actionpack (= 5.2.4.3) + activesupport (= 5.2.4.3) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) - rake (12.3.1) - rdoc (6.0.4) - responders (2.4.0) - actionpack (>= 4.2.0, < 5.3) - railties (>= 4.2.0, < 5.3) - ruby-openid (2.7.0) - sprockets (3.7.2) + rake (13.0.1) + rdoc (6.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -164,20 +162,20 @@ GEM sqlite3 (1.3.13) test_after_commit (1.1.0) activerecord (>= 3.2) - thor (0.20.0) + thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) - tzinfo (1.2.5) + tzinfo (1.2.7) thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) + warden (1.2.8) + rack (>= 2.0.6) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.0) + websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.5) PLATFORMS ruby @@ -190,7 +188,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.2) + rails (~> 5.2.0) rails-controller-testing rdoc responders (~> 2.1) diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 103d678005..8c7ee0eb8c 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -20,105 +20,103 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0) - actionpack (= 6.0.0) + actioncable (6.0.3.1) + actionpack (= 6.0.3.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0) - actionpack (= 6.0.0) - activejob (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) + actionmailbox (6.0.3.1) + actionpack (= 6.0.3.1) + activejob (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) mail (>= 2.7.1) - actionmailer (6.0.0) - actionpack (= 6.0.0) - actionview (= 6.0.0) - activejob (= 6.0.0) + actionmailer (6.0.3.1) + actionpack (= 6.0.3.1) + actionview (= 6.0.3.1) + activejob (= 6.0.3.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0) - actionview (= 6.0.0) - activesupport (= 6.0.0) - rack (~> 2.0) + actionpack (6.0.3.1) + actionview (= 6.0.3.1) + activesupport (= 6.0.3.1) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.0) - actionpack (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) + actiontext (6.0.3.1) + actionpack (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) nokogiri (>= 1.8.5) - actionview (6.0.0) - activesupport (= 6.0.0) + actionview (6.0.3.1) + activesupport (= 6.0.3.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.0) - activesupport (= 6.0.0) + activejob (6.0.3.1) + activesupport (= 6.0.3.1) globalid (>= 0.3.6) - activemodel (6.0.0) - activesupport (= 6.0.0) - activerecord (6.0.0) - activemodel (= 6.0.0) - activesupport (= 6.0.0) - activestorage (6.0.0) - actionpack (= 6.0.0) - activejob (= 6.0.0) - activerecord (= 6.0.0) + activemodel (6.0.3.1) + activesupport (= 6.0.3.1) + activerecord (6.0.3.1) + activemodel (= 6.0.3.1) + activesupport (= 6.0.3.1) + activestorage (6.0.3.1) + actionpack (= 6.0.3.1) + activejob (= 6.0.3.1) + activerecord (= 6.0.3.1) marcel (~> 0.3.1) - activesupport (6.0.0) + activesupport (6.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - zeitwerk (~> 2.1, >= 2.1.8) + zeitwerk (~> 2.2, >= 2.2.2) bcrypt (3.1.13) - builder (3.2.3) - concurrent-ruby (1.1.5) - crass (1.0.4) - erubi (1.8.0) - faraday (0.15.4) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) globalid (0.4.2) activesupport (>= 4.2.0) - hashie (3.6.0) - i18n (1.6.0) + hashie (4.1.0) + i18n (1.8.3) concurrent-ruby (~> 1.0) jwt (2.2.1) - loofah (2.2.3) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) - metaclass (0.0.4) - method_source (0.9.2) - mimemagic (0.3.3) + method_source (1.0.0) + mimemagic (0.3.5) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.11.3) - mocha (1.9.0) - metaclass (~> 0.0.1) - multi_json (1.13.1) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.4.0) - nokogiri (1.10.4) + nio4r (2.5.2) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) - oauth2 (1.4.1) - faraday (>= 0.8, < 0.16.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.9.0) - hashie (>= 3.4.6, < 3.7.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (5.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.6.0) oauth2 (~> 1.1) @@ -127,26 +125,26 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.7) + rack (2.2.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0) - actioncable (= 6.0.0) - actionmailbox (= 6.0.0) - actionmailer (= 6.0.0) - actionpack (= 6.0.0) - actiontext (= 6.0.0) - actionview (= 6.0.0) - activejob (= 6.0.0) - activemodel (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) + rails (6.0.3.1) + actioncable (= 6.0.3.1) + actionmailbox (= 6.0.3.1) + actionmailer (= 6.0.3.1) + actionpack (= 6.0.3.1) + actiontext (= 6.0.3.1) + actionview (= 6.0.3.1) + activejob (= 6.0.3.1) + activemodel (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) bundler (>= 1.3.0) - railties (= 6.0.0) + railties (= 6.0.3.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -155,34 +153,34 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.2.0) - loofah (~> 2.2, >= 2.2.2) - railties (6.0.0) - actionpack (= 6.0.0) - activesupport (= 6.0.0) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (6.0.3.1) + actionpack (= 6.0.3.1) + activesupport (= 6.0.3.1) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) - rake (12.3.3) - rdoc (6.1.1) - responders (3.0.0) + rake (13.0.1) + rdoc (6.2.1) + responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) - ruby-openid (2.7.0) - sprockets (3.7.2) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.4.1) + sqlite3 (1.4.2) test_after_commit (1.1.0) activerecord (>= 3.2) - thor (0.20.3) + thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) - tzinfo (1.2.5) + tzinfo (1.2.7) thread_safe (~> 0.1) warden (1.2.8) rack (>= 2.0.6) @@ -190,10 +188,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.1) + websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.4) - zeitwerk (2.1.9) + websocket-extensions (0.1.5) + zeitwerk (2.3.0) PLATFORMS ruby From 22e2ab4be397cb692ceeaf822652b63583303cfa Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 11:08:48 -0300 Subject: [PATCH 1248/1473] Update `Gemfile` to point to Rails 6.0.x This is essentially the same as `gemfiles/Gemfile.rails-6.0-stable`, but I'm keeping both for now since I want to change the main `Gemfile` later to point to Rails master (`6.1.0.alpha`), so then I won't need to recreate the `6.0-stable` Gemfile again. --- .travis.yml | 6 ++- Gemfile | 21 +++++---- Gemfile.lock | 118 ++++++++++++++++++++++++++++----------------------- 3 files changed, 80 insertions(+), 65 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3a420e339a..3d1b6451e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,12 +37,16 @@ matrix: gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable + - rvm: 2.3.8 + gemfile: Gemfile - rvm: 2.3.8 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: Gemfile - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-6.0-stable + - rvm: 2.4.10 + gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.5.8 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.6.6 diff --git a/Gemfile b/Gemfile index ce2e6ba024..8dac85157c 100644 --- a/Gemfile +++ b/Gemfile @@ -4,9 +4,8 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 5.2" -gem "omniauth", "~> 1.3" -gem "oauth2" +gem "rails", "~> 6.0.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -14,7 +13,7 @@ gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" gem "rails-controller-testing" -gem "responders", "~> 2.4" +gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" @@ -24,16 +23,16 @@ group :test do gem "mocha", "~> 1.1", require: false end -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - platforms :ruby do - gem "sqlite3", "~> 1.3.6" + gem "sqlite3", "~> 1.4" end +# platforms :jruby do +# gem "activerecord-jdbc-adapter" +# gem "activerecord-jdbcsqlite3-adapter" +# gem "jruby-openssl" +# end + # TODO: # group :mongoid do # gem "mongoid", "~> 4.0.0" diff --git a/Gemfile.lock b/Gemfile.lock index 957127deea..0aa695de90 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,48 +20,61 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.4.3) - actionpack (= 5.2.4.3) + actioncable (6.0.3.1) + actionpack (= 6.0.3.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.4.3) - actionpack (= 5.2.4.3) - actionview (= 5.2.4.3) - activejob (= 5.2.4.3) + actionmailbox (6.0.3.1) + actionpack (= 6.0.3.1) + activejob (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) + mail (>= 2.7.1) + actionmailer (6.0.3.1) + actionpack (= 6.0.3.1) + actionview (= 6.0.3.1) + activejob (= 6.0.3.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.4.3) - actionview (= 5.2.4.3) - activesupport (= 5.2.4.3) + actionpack (6.0.3.1) + actionview (= 6.0.3.1) + activesupport (= 6.0.3.1) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.3) - activesupport (= 5.2.4.3) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.0.3.1) + actionpack (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) + nokogiri (>= 1.8.5) + actionview (6.0.3.1) + activesupport (= 6.0.3.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.4.3) - activesupport (= 5.2.4.3) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.0.3.1) + activesupport (= 6.0.3.1) globalid (>= 0.3.6) - activemodel (5.2.4.3) - activesupport (= 5.2.4.3) - activerecord (5.2.4.3) - activemodel (= 5.2.4.3) - activesupport (= 5.2.4.3) - arel (>= 9.0) - activestorage (5.2.4.3) - actionpack (= 5.2.4.3) - activerecord (= 5.2.4.3) + activemodel (6.0.3.1) + activesupport (= 6.0.3.1) + activerecord (6.0.3.1) + activemodel (= 6.0.3.1) + activesupport (= 6.0.3.1) + activestorage (6.0.3.1) + actionpack (= 6.0.3.1) + activejob (= 6.0.3.1) + activerecord (= 6.0.3.1) marcel (~> 0.3.1) - activesupport (5.2.4.3) + activesupport (6.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - arel (9.0.0) + zeitwerk (~> 2.2, >= 2.2.2) bcrypt (3.1.13) builder (3.2.4) concurrent-ruby (1.1.6) @@ -118,18 +131,20 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.4.3) - actioncable (= 5.2.4.3) - actionmailer (= 5.2.4.3) - actionpack (= 5.2.4.3) - actionview (= 5.2.4.3) - activejob (= 5.2.4.3) - activemodel (= 5.2.4.3) - activerecord (= 5.2.4.3) - activestorage (= 5.2.4.3) - activesupport (= 5.2.4.3) + rails (6.0.3.1) + actioncable (= 6.0.3.1) + actionmailbox (= 6.0.3.1) + actionmailer (= 6.0.3.1) + actionpack (= 6.0.3.1) + actiontext (= 6.0.3.1) + actionview (= 6.0.3.1) + activejob (= 6.0.3.1) + activemodel (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) bundler (>= 1.3.0) - railties (= 5.2.4.3) + railties (= 6.0.3.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -140,17 +155,17 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (5.2.4.3) - actionpack (= 5.2.4.3) - activesupport (= 5.2.4.3) + railties (6.0.3.1) + actionpack (= 6.0.3.1) + activesupport (= 6.0.3.1) method_source rake (>= 0.8.7) - thor (>= 0.19.0, < 2.0) + thor (>= 0.20.3, < 2.0) rake (13.0.1) rdoc (6.2.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) ruby-openid (2.9.2) sprockets (4.0.1) concurrent-ruby (~> 1.0) @@ -159,7 +174,7 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.13) + sqlite3 (1.4.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -174,27 +189,24 @@ GEM websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) + zeitwerk (2.3.0) PLATFORMS ruby DEPENDENCIES activemodel-serializers-xml! - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter devise! - jruby-openssl mocha (~> 1.1) - oauth2 - omniauth (~> 1.3) + omniauth omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.2) + rails (~> 6.0.0) rails-controller-testing rdoc - responders (~> 2.4) - sqlite3 (~> 1.3.6) + responders (~> 3.0) + sqlite3 (~> 1.4) timecop webrat (= 0.7.3) From 26c7dffe2a8e0e5e3e51265cc26dc5973b04a709 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 11:12:16 -0300 Subject: [PATCH 1249/1473] Remove `test_after_commit` from Rails 5+ Gemfiles It is not required anymore since Rails does the right thing since Rails 5.0. --- gemfiles/Gemfile.rails-5.0-stable | 1 - gemfiles/Gemfile.rails-5.0-stable.lock | 3 --- gemfiles/Gemfile.rails-5.1-stable | 1 - gemfiles/Gemfile.rails-5.1-stable.lock | 5 +---- gemfiles/Gemfile.rails-5.2-stable | 1 - gemfiles/Gemfile.rails-5.2-stable.lock | 3 --- gemfiles/Gemfile.rails-6.0-stable | 1 - gemfiles/Gemfile.rails-6.0-stable.lock | 3 --- 8 files changed, 1 insertion(+), 17 deletions(-) diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile.rails-5.0-stable index 902ef21a5a..dcd1ac14ef 100644 --- a/gemfiles/Gemfile.rails-5.0-stable +++ b/gemfiles/Gemfile.rails-5.0-stable @@ -21,7 +21,6 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :ruby do diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index be02fd054b..42e6ee41e6 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -152,8 +152,6 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -185,7 +183,6 @@ DEPENDENCIES rdoc responders (~> 2.1) sqlite3 (~> 1.3.6) - test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile.rails-5.1-stable index 70c21f0f03..c2b8f523f8 100644 --- a/gemfiles/Gemfile.rails-5.1-stable +++ b/gemfiles/Gemfile.rails-5.1-stable @@ -19,7 +19,6 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :ruby do diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index a992f85ddc..4a66718249 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -1,5 +1,5 @@ GIT - remote: https://github.com/rails/activemodel-serializers-xml.git + remote: git://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) @@ -152,8 +152,6 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -185,7 +183,6 @@ DEPENDENCIES rdoc responders (~> 2.1) sqlite3 (~> 1.3.6) - test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-5.2-stable b/gemfiles/Gemfile.rails-5.2-stable index 5f472c81ee..dbfbd5f6c0 100644 --- a/gemfiles/Gemfile.rails-5.2-stable +++ b/gemfiles/Gemfile.rails-5.2-stable @@ -19,7 +19,6 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :ruby do diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 4e46928a4a..e2e578abfc 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -160,8 +160,6 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -193,7 +191,6 @@ DEPENDENCIES rdoc responders (~> 2.1) sqlite3 (~> 1.3.6) - test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile.rails-6.0-stable index cdef68f66a..90f762d496 100644 --- a/gemfiles/Gemfile.rails-6.0-stable +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -19,7 +19,6 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :ruby do diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 8c7ee0eb8c..4c515a68c7 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -175,8 +175,6 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.4.2) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -209,7 +207,6 @@ DEPENDENCIES rdoc responders (~> 3.0) sqlite3 (~> 1.4) - test_after_commit timecop webrat (= 0.7.3) From e0b9915418ee71e6531c6b84ed3a1dad2eb981cf Mon Sep 17 00:00:00 2001 From: Vitalii Lazebnyi <> Date: Fri, 8 May 2020 03:53:12 +0300 Subject: [PATCH 1250/1473] #5234 fix. Deprecated warning at controller_helpers.rb --- lib/devise/test/controller_helpers.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index cd1a8be8e3..eeef694d28 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -37,6 +37,8 @@ def process(*) @response end + ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true) + # We need to set up the environment variables and the response in the controller. def setup_controller_for_warden #:nodoc: @request.env['action_controller.instance'] = @controller From cb8c72171f3941125f02faa41e6bfce458a64697 Mon Sep 17 00:00:00 2001 From: David Auza Date: Fri, 5 Jun 2020 15:43:56 -0500 Subject: [PATCH 1251/1473] Update README.md with current link to Railscast (#5221) Updated README.md with the latest link to Ryan Bates' Railscast --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ac2a1d7cce..850dd73f43 100644 --- a/README.md +++ b/README.md @@ -169,7 +169,7 @@ bin/test test/models/trackable_test.rb:16 If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users -* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch +* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch-revised * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From d85d45bcefdee5c9adde5cbd1273723abe35f5e2 Mon Sep 17 00:00:00 2001 From: David Kimura Date: Fri, 5 Jun 2020 16:44:37 -0400 Subject: [PATCH 1252/1473] Updated README with additional video resources for learning Devise (#5232) [ci skip] --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 850dd73f43..ce43aa06c3 100644 --- a/README.md +++ b/README.md @@ -166,11 +166,12 @@ bin/test test/models/trackable_test.rb:16 ## Starting with Rails? -If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started: +If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have four resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch-revised * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth +* Drifting Ruby's Crash Course: https://www.driftingruby.com/episodes/authentication-crash-course-with-devise Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From c3759be33e4f90d383d3c24cf0bf94658acee785 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 17:47:05 -0300 Subject: [PATCH 1253/1473] Link to both Ryan Bates Railscasts [ci skip] --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ce43aa06c3..3d075eeee8 100644 --- a/README.md +++ b/README.md @@ -166,10 +166,10 @@ bin/test test/models/trackable_test.rb:16 ## Starting with Rails? -If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have four resources that should help you get started: +If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Here's a few resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users -* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch-revised +* Ryan Bates' Railscasts: http://railscasts.com/episodes/250-authentication-from-scratch and http://railscasts.com/episodes/250-authentication-from-scratch-revised * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth * Drifting Ruby's Crash Course: https://www.driftingruby.com/episodes/authentication-crash-course-with-devise From a451b98cf2311b6bb73b3762083294db131a4603 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 17:49:32 -0300 Subject: [PATCH 1254/1473] Revert "Updated README with additional video resources for learning Devise (#5232)" This reverts commit d85d45bcefdee5c9adde5cbd1273723abe35f5e2. My mistake: this section is about *not* using Devise when starting with Rails and building authentication for the first time, therefore we should not be linking to Devise specific resources here. [ci skip] --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 3d075eeee8..e6df03cb25 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,6 @@ If you are building your first Rails application, we recommend you *do not* use * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscasts: http://railscasts.com/episodes/250-authentication-from-scratch and http://railscasts.com/episodes/250-authentication-from-scratch-revised * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth -* Drifting Ruby's Crash Course: https://www.driftingruby.com/episodes/authentication-crash-course-with-devise Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From bbbff3a3504bf4db7829b5495efd1bc830bc0a58 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:16:32 -0300 Subject: [PATCH 1255/1473] Add changelog entry for #5067 [ci skip] --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 233e9691d6..f61b631ef5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ * enhancements * Increase default stretches to 12 (by @sergey-alekseev) +* bug fixes + * Generate scoped views with proper scoped errors partial (by @shobhitic) + ### 4.7.1 - 2019-09-06 * bug fixes From 14a3084b5974e76980b475316fcea77f4b5e44f4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:12:40 -0300 Subject: [PATCH 1256/1473] Simplify the view generator with scoped views --- lib/generators/devise/views_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 3ceda56b52..bc271743cf 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -42,7 +42,7 @@ def copy_views def view_directory(name, _target_path = nil) directory name.to_s, _target_path || "#{target_path}/#{name}" do |content| if scope - content.gsub("devise/shared/links", "#{plural_scope}/shared/links").gsub("devise/shared/error_messages", "#{plural_scope}/shared/error_messages") + content.gsub("devise/shared", "#{plural_scope}/shared") else content end From 94be5fb6a1feef39411d025bcaf25393d621e870 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:49:51 -0300 Subject: [PATCH 1257/1473] Remove mocha deprecation warning Mocha deprecation warning at ...../active_support/dependencies.rb:324:in `require': Require 'mocha/test_unit', 'mocha/minitest' or 'mocha/api' instead of 'mocha/setup'. --- test/test_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index 378c9b110a..ad5a6db665 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -12,7 +12,7 @@ I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) -require 'mocha/setup' +require 'mocha/minitest' require 'timecop' require 'webrat' Webrat.configure do |config| From 34d9053819ab82ddf62f7fe84748fe5a7aebbb50 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:37:53 -0300 Subject: [PATCH 1258/1473] Remove unnecessary monkey-patch of test helpers with Rails 5+ This is warning on Ruby 2.7, and seems unnecessary since Rails 5+ adopted kwargs approach. We still need to handle the difference for Rails < 5 for now, while we support it (which I would like to remove soon.) --- test/support/http_method_compatibility.rb | 36 +++++++---------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/test/support/http_method_compatibility.rb b/test/support/http_method_compatibility.rb index de207087f2..f901ad858d 100644 --- a/test/support/http_method_compatibility.rb +++ b/test/support/http_method_compatibility.rb @@ -5,19 +5,11 @@ class IntegrationTest < ActionDispatch::IntegrationTest # %w( get post patch put head delete xml_http_request # xhr get_via_redirect post_via_redirect # ).each do |method| - %w( get post put ).each do |method| - if Devise::Test.rails5_and_up? - define_method(method) do |url, options={}| - if options.empty? - super url - else - super url, options - end - end - else - define_method(method) do |url, options={}| - if options[:xhr]==true - xml_http_request __method__, url, options[:params] || {}, options[:headers] + unless Devise::Test.rails5_and_up? + %w( get post put ).each do |method| + define_method(method) do |url, options = {}| + if options[:xhr] == true + xml_http_request __method__, url, options[:params] || {}, options[:headers] else super url, options[:params] || {}, options[:headers] end @@ -30,19 +22,11 @@ class ControllerTestCase < ActionController::TestCase # %w( get post patch put head delete xml_http_request # xhr get_via_redirect post_via_redirect # ).each do |method| - %w( get post put ).each do |method| - if Devise::Test.rails5_and_up? - define_method(method) do |action, options={}| - if options.empty? - super action - else - super action, options - end - end - else - define_method(method) do |action, options={}| - if options[:xhr]==true - xml_http_request __method__, action, options[:params] || {}, options[:headers] + unless Devise::Test.rails5_and_up? + %w( get post put ).each do |method| + define_method(method) do |action, options = {}| + if options[:xhr] == true + xml_http_request __method__, action, options[:params] || {}, options[:headers] else super action, options[:params] || {}, options[:headers] end From 50f820a6cf13d7a9525198cdab288b7526fe98ec Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:43:49 -0300 Subject: [PATCH 1259/1473] Use master of Rails controller testing gem to remove Ruby 2.7 warning --- Gemfile | 2 +- Gemfile.lock | 15 ++++++++++----- gemfiles/Gemfile.rails-6.0-stable | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 15 ++++++++++----- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/Gemfile b/Gemfile index 8dac85157c..37dc67d9c2 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ gem "rdoc" gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" -gem "rails-controller-testing" +gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/Gemfile.lock b/Gemfile.lock index 0aa695de90..4695619333 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -7,6 +7,15 @@ GIT activesupport (>= 5.0.0.a) builder (~> 3.1) +GIT + remote: git://github.com/rails/rails-controller-testing.git + revision: a60b3da1c1c77959b28606dd087c058c64b5a08f + specs: + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + PATH remote: . specs: @@ -146,10 +155,6 @@ GEM bundler (>= 1.3.0) railties (= 6.0.3.1) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) @@ -203,7 +208,7 @@ DEPENDENCIES omniauth-oauth2 omniauth-openid rails (~> 6.0.0) - rails-controller-testing + rails-controller-testing! rdoc responders (~> 3.0) sqlite3 (~> 1.4) diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile.rails-6.0-stable index 90f762d496..e43284853a 100644 --- a/gemfiles/Gemfile.rails-6.0-stable +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -9,7 +9,7 @@ gem "rdoc" gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" -gem "rails-controller-testing" +gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 4c515a68c7..51f0bf0bd1 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -7,6 +7,15 @@ GIT activesupport (>= 5.0.0.a) builder (~> 3.1) +GIT + remote: git://github.com/rails/rails-controller-testing.git + revision: a60b3da1c1c77959b28606dd087c058c64b5a08f + specs: + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + PATH remote: .. specs: @@ -146,10 +155,6 @@ GEM bundler (>= 1.3.0) railties (= 6.0.3.1) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) @@ -203,7 +208,7 @@ DEPENDENCIES omniauth-oauth2 omniauth-openid rails (~> 6.0.0) - rails-controller-testing + rails-controller-testing! rdoc responders (~> 3.0) sqlite3 (~> 1.4) From 2c1b5fb240611ba976c1d3917f271707e422f0bc Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 8 Jun 2020 18:40:50 -0300 Subject: [PATCH 1260/1473] Update changelog with latest [ci skip] --- CHANGELOG.md | 3 +++ lib/devise/models/authenticatable.rb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f61b631ef5..1d1e07ec3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,12 @@ ### Unreleased + * enhancements * Increase default stretches to 12 (by @sergey-alekseev) + * Ruby 2.7 support (kwarg warnings removed) * bug fixes * Generate scoped views with proper scoped errors partial (by @shobhitic) + * Allow to set scoped `already_authenticated` error messages (by @gurgelrenan) ### 4.7.1 - 2019-09-06 diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 430c9aac5a..93582e219d 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -152,7 +152,7 @@ def devise_mailer # # If the record is new or changed then delay the # # delivery until the after_commit callback otherwise # # send now because after_commit will not be called. - # # For Rails < 6 is `changed?` instead of `saved_changes?`. + # # For Rails < 6 use `changed?` instead of `saved_changes?`. # if new_record? || saved_changes? # pending_devise_notifications << [notification, args] # else From a3c0c652695ad180caa2f17f781753bef9bae330 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 8 Jun 2020 18:42:53 -0300 Subject: [PATCH 1261/1473] Devise no longer supports Rails 3.2 since version 4 [ci skip] And this `initialize_on_precompile` option is obsolete. --- README.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/README.md b/README.md index e6df03cb25..a632d97368 100644 --- a/README.md +++ b/README.md @@ -727,16 +727,6 @@ Additionally be mindful that without views supported, some email-based flows fro ## Additional information -### Heroku - -Using Devise on Heroku with Ruby on Rails 3.2 requires setting: - -```ruby -config.assets.initialize_on_precompile = false -``` - -Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html - ### Warden Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here: From 6d37e324377def3d9f52e5f815432fd47210e116 Mon Sep 17 00:00:00 2001 From: hyuraku <32809703+hyuraku@users.noreply.github.com> Date: Tue, 9 Jun 2020 21:50:30 +0900 Subject: [PATCH 1262/1473] remove useless rails51? method --- lib/devise.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index d4d54aeb28..0451876df9 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -297,10 +297,6 @@ module Test mattr_accessor :sign_in_after_change_password @@sign_in_after_change_password = true - def self.rails51? # :nodoc: - Rails.gem_version >= Gem::Version.new("5.1.x") - end - def self.activerecord51? # :nodoc: defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") end From 16f27b3074c544c868335898c207bf6d2152c929 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Jun 2020 15:23:40 -0300 Subject: [PATCH 1263/1473] Bump to v4.7.2 --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 2 +- gemfiles/Gemfile.rails-5.1-stable.lock | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 2 +- lib/devise/version.rb | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d1e07ec3d..2335d68fa4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 4.7.1 - 2020-06-10 * enhancements * Increase default stretches to 12 (by @sergey-alekseev) diff --git a/Gemfile.lock b/Gemfile.lock index 4695619333..e30f732f05 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,7 +19,7 @@ GIT PATH remote: . specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 081d634b50..8955016e65 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 7ad16cca50..e3013cf588 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 42e6ee41e6..79dfc25cf5 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index 4a66718249..0580233716 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index e2e578abfc..9da2d22706 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 51f0bf0bd1..314830740c 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -19,7 +19,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index f901c8c868..ec5924648d 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.7.1".freeze + VERSION = "4.7.2".freeze end From 6991ff4eb42bb8a197f8c83ed9bcf46d50392083 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Jun 2020 15:28:31 -0300 Subject: [PATCH 1264/1473] Oops, fix changelog [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2335d68fa4..2f70c10c42 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### 4.7.1 - 2020-06-10 +### 4.7.2 - 2020-06-10 * enhancements * Increase default stretches to 12 (by @sergey-alekseev) From 0e33f55b7d6fea66d0c73ebc73a597a16819a450 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D1=83=D1=81=D0=BB=D0=B0=D0=BD=20=D0=9A=D0=BE=D1=80?= =?UTF-8?q?=D0=BD=D0=B5=D0=B2?= Date: Sat, 13 Jun 2020 03:37:02 +0300 Subject: [PATCH 1265/1473] Fixes broken image (#5253) [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a632d97368..20a5856533 100644 --- a/README.md +++ b/README.md @@ -273,7 +273,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, ### Strong Parameters -![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204) +The Parameter Sanitizer API has changed for Devise 4 :warning: *For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters* From b25492ea0185bd1525e65f4c56d465b79ceff689 Mon Sep 17 00:00:00 2001 From: Pavel Timofeev Date: Mon, 15 Jun 2020 23:19:31 -0400 Subject: [PATCH 1266/1473] Remove Heroku anchor link and fix some typos --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 20a5856533..d1633776c9 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,6 @@ It's composed of 10 modules: - [Other ORMs](#other-orms) - [Rails API mode](#rails-api-mode) - [Additional information](#additional-information) - - [Heroku](#heroku) - [Warden](#warden) - [Contributors](#contributors) - [License](#license) @@ -120,7 +119,7 @@ Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ### DEVISE_ORM Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. -The default value of `DEVISE_ORM` is `active_record`. To run the tests for mongoid, you can pass `mongoid`: +The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`: ``` DEVISE_ORM=mongoid bin/test @@ -313,7 +312,7 @@ class ApplicationController < ActionController::Base end ``` -Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block: +Devise allows you to completely change Devise defaults or invoke custom behavior by passing a block: To permit simple scalar values for username and email, use this @@ -436,7 +435,7 @@ If the customization at the views level is not enough, you can customize each co end ``` - Or you can simply add new behaviour to it: + Or you can simply add new behavior to it: ```ruby class Users::SessionsController < Devise::SessionsController @@ -741,6 +740,6 @@ https://github.com/heartcombo/devise/graphs/contributors ## License -MIT License. Copyright 2020 Rafael França, Leaonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. +MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From 4f60544396824c516bdb5c165f9631d727b9560d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 17 Jun 2020 08:51:17 -0300 Subject: [PATCH 1267/1473] Improve deprecation message with example of how to remove it The deprecation of `devise_error_messages!` wasn't super clear on what was happening and how to get rid of the message, not it has a more detailed explanation with an example of what to look for and what to replace it with. Closes #5257. --- app/helpers/devise_helper.rb | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index 200a77464c..d997801190 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -1,14 +1,26 @@ # frozen_string_literal: true module DeviseHelper - # Retain this method for backwards compatibility, deprecated in favour of modifying the - # devise/shared/error_messages partial + # Retain this method for backwards compatibility, deprecated in favor of modifying the + # devise/shared/error_messages partial. def devise_error_messages! ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc - [Devise] `DeviseHelper.devise_error_messages!` - is deprecated and it will be removed in the next major version. - To customize the errors styles please run `rails g devise:views` and modify the - `devise/shared/error_messages` partial. + [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be + removed in the next major version. + + Devise now uses a partial under "devise/shared/error_messages" to display + error messages by default, and make them easier to customize. Update your + views changing calls from: + + <%= devise_error_messages! %> + + to: + + <%= render "devise/shared/error_messages", resource: resource %> + + To start customizing how errors are displayed, you can copy the partial + from devise to your `app/views` folder. Alternatively, you can run + `rails g devise:views` which will copy all of them again to your app. DEPRECATION return "" if resource.errors.empty? From ffa8a80f423ee1cad4b19bb61e8e3977edc92e5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Thu, 18 Jun 2020 16:20:22 +0200 Subject: [PATCH 1268/1473] Fix warning from `thor` The `:orm` option can also have string values. --- lib/generators/devise/devise_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index 625b6db76f..560d0da773 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -13,7 +13,7 @@ class DeviseGenerator < Rails::Generators::NamedBase desc "Generates a model with the given NAME (if one does not exist) with devise " \ "configuration plus a migration file and devise routes." - hook_for :orm, type: :boolean + hook_for :orm, required: true class_option :routes, desc: "Generate routes", type: :boolean, default: true From 057afdc1e6cadcb4102521edb604225da897965a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 18 Jun 2020 18:01:18 -0300 Subject: [PATCH 1269/1473] Fix another thor deprecation warning in the install generator This one has been showing up when running tests: Deprecation warning: Expected string default value for '--orm'; got false (boolean). This will be rejected in the future unless you explicitly pass the options `check_default_type: false` or call `allow_incompatible_default_type!` in your code You can silence deprecations warning by setting the environment variable THOR_SILENCE_DEPRECATION. --- lib/generators/devise/install_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index 5f091893dc..78f3303d6e 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -11,7 +11,7 @@ class InstallGenerator < Rails::Generators::Base source_root File.expand_path("../../templates", __FILE__) desc "Creates a Devise initializer and copy locale files to your application." - class_option :orm + class_option :orm, required: true def copy_initializer unless options[:orm] From b94b957490359a228ed5d4c76b8c1af69b290737 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 23 Jun 2020 08:49:13 -0300 Subject: [PATCH 1270/1473] Prefer american style english for code Nothing personal, just seems to be much more common usage across the code. --- lib/devise/controllers/helpers.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 7ef8507ffc..e0e6acc328 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -40,10 +40,10 @@ def devise_group(group_name, opts={}) mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]" class_eval <<-METHODS, __FILE__, __LINE__ + 1 - def authenticate_#{group_name}!(favourite=nil, opts={}) + def authenticate_#{group_name}!(favorite=nil, opts={}) unless #{group_name}_signed_in? mappings = #{mappings} - mappings.unshift mappings.delete(favourite.to_sym) if favourite + mappings.unshift mappings.delete(favorite.to_sym) if favorite mappings.each do |mapping| opts[:scope] = mapping warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) @@ -57,9 +57,9 @@ def #{group_name}_signed_in? end end - def current_#{group_name}(favourite=nil) + def current_#{group_name}(favorite=nil) mappings = #{mappings} - mappings.unshift mappings.delete(favourite.to_sym) if favourite + mappings.unshift mappings.delete(favorite.to_sym) if favorite mappings.each do |mapping| current = warden.authenticate(scope: mapping) return current if current @@ -252,7 +252,7 @@ def sign_out_and_redirect(resource_or_scope) # Overwrite Rails' handle unverified request to sign out all scopes, # clear run strategies and remove cached variables. def handle_unverified_request - super # call the default behaviour which resets/nullifies/raises + super # call the default behavior which resets/nullifies/raises request.env["devise.skip_storage"] = true sign_out_all_scopes(false) end From f5cc775a5feea51355036175994edbcb5e6af13c Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 23 Jun 2020 08:46:28 -0300 Subject: [PATCH 1271/1473] Remove commented out code --- lib/devise/failure_app.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 1a7e8e54e3..ee8219fff1 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -71,7 +71,6 @@ def recall end flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? - # self.response = recall_app(warden_options[:recall]).call(env) self.response = recall_app(warden_options[:recall]).call(request.env) end From f26e05c20079c9acded3c0ee16da0df435a28997 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 10 Aug 2020 22:47:15 -0300 Subject: [PATCH 1272/1473] Update bundle --- Gemfile.lock | 124 ++++++++++++------------- gemfiles/Gemfile.rails-6.0-stable.lock | 124 ++++++++++++------------- 2 files changed, 124 insertions(+), 124 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e30f732f05..8989135069 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -9,9 +9,9 @@ GIT GIT remote: git://github.com/rails/rails-controller-testing.git - revision: a60b3da1c1c77959b28606dd087c058c64b5a08f + revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: - rails-controller-testing (1.0.4) + rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) @@ -29,64 +29,64 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.1) - actionpack (= 6.0.3.1) + actioncable (6.0.3.2) + actionpack (= 6.0.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionmailbox (6.0.3.2) + actionpack (= 6.0.3.2) + activejob (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) mail (>= 2.7.1) - actionmailer (6.0.3.1) - actionpack (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) + actionmailer (6.0.3.2) + actionpack (= 6.0.3.2) + actionview (= 6.0.3.2) + activejob (= 6.0.3.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.1) - actionview (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionpack (6.0.3.2) + actionview (= 6.0.3.2) + activesupport (= 6.0.3.2) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.1) - actionpack (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actiontext (6.0.3.2) + actionpack (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) nokogiri (>= 1.8.5) - actionview (6.0.3.1) - activesupport (= 6.0.3.1) + actionview (6.0.3.2) + activesupport (= 6.0.3.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.1) - activesupport (= 6.0.3.1) + activejob (6.0.3.2) + activesupport (= 6.0.3.2) globalid (>= 0.3.6) - activemodel (6.0.3.1) - activesupport (= 6.0.3.1) - activerecord (6.0.3.1) - activemodel (= 6.0.3.1) - activesupport (= 6.0.3.1) - activestorage (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) + activemodel (6.0.3.2) + activesupport (= 6.0.3.2) + activerecord (6.0.3.2) + activemodel (= 6.0.3.2) + activesupport (= 6.0.3.2) + activestorage (6.0.3.2) + actionpack (= 6.0.3.2) + activejob (= 6.0.3.2) + activerecord (= 6.0.3.2) marcel (~> 0.3.1) - activesupport (6.0.3.1) + activesupport (6.0.3.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - bcrypt (3.1.13) + bcrypt (3.1.15) builder (3.2.4) - concurrent-ruby (1.1.6) + concurrent-ruby (1.1.7) crass (1.0.6) erubi (1.9.0) faraday (1.0.1) @@ -94,10 +94,10 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.3) + i18n (1.8.5) concurrent-ruby (~> 1.0) jwt (2.2.1) - loofah (2.5.0) + loofah (2.6.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -110,11 +110,11 @@ GEM mini_portile2 (2.4.0) minitest (5.14.1) mocha (1.11.2) - multi_json (1.14.1) + multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.2) - nokogiri (1.10.9) + nokogiri (1.10.10) mini_portile2 (~> 2.4.0) oauth2 (1.4.4) faraday (>= 0.8, < 2.0) @@ -134,35 +134,35 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.2.2) + rack (2.2.3) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.1) - actioncable (= 6.0.3.1) - actionmailbox (= 6.0.3.1) - actionmailer (= 6.0.3.1) - actionpack (= 6.0.3.1) - actiontext (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) - activemodel (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + rails (6.0.3.2) + actioncable (= 6.0.3.2) + actionmailbox (= 6.0.3.2) + actionmailer (= 6.0.3.2) + actionpack (= 6.0.3.2) + actiontext (= 6.0.3.2) + actionview (= 6.0.3.2) + activejob (= 6.0.3.2) + activemodel (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) bundler (>= 1.3.0) - railties (= 6.0.3.1) + railties (= 6.0.3.2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.1) - actionpack (= 6.0.3.1) - activesupport (= 6.0.3.1) + railties (6.0.3.2) + actionpack (= 6.0.3.2) + activesupport (= 6.0.3.2) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -172,7 +172,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) - sprockets (4.0.1) + sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -191,10 +191,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.2) + websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.3.0) + zeitwerk (2.4.0) PLATFORMS ruby diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 314830740c..bb9c6190e3 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -9,9 +9,9 @@ GIT GIT remote: git://github.com/rails/rails-controller-testing.git - revision: a60b3da1c1c77959b28606dd087c058c64b5a08f + revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: - rails-controller-testing (1.0.4) + rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) @@ -29,64 +29,64 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.1) - actionpack (= 6.0.3.1) + actioncable (6.0.3.2) + actionpack (= 6.0.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionmailbox (6.0.3.2) + actionpack (= 6.0.3.2) + activejob (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) mail (>= 2.7.1) - actionmailer (6.0.3.1) - actionpack (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) + actionmailer (6.0.3.2) + actionpack (= 6.0.3.2) + actionview (= 6.0.3.2) + activejob (= 6.0.3.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.1) - actionview (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionpack (6.0.3.2) + actionview (= 6.0.3.2) + activesupport (= 6.0.3.2) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.1) - actionpack (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actiontext (6.0.3.2) + actionpack (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) nokogiri (>= 1.8.5) - actionview (6.0.3.1) - activesupport (= 6.0.3.1) + actionview (6.0.3.2) + activesupport (= 6.0.3.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.1) - activesupport (= 6.0.3.1) + activejob (6.0.3.2) + activesupport (= 6.0.3.2) globalid (>= 0.3.6) - activemodel (6.0.3.1) - activesupport (= 6.0.3.1) - activerecord (6.0.3.1) - activemodel (= 6.0.3.1) - activesupport (= 6.0.3.1) - activestorage (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) + activemodel (6.0.3.2) + activesupport (= 6.0.3.2) + activerecord (6.0.3.2) + activemodel (= 6.0.3.2) + activesupport (= 6.0.3.2) + activestorage (6.0.3.2) + actionpack (= 6.0.3.2) + activejob (= 6.0.3.2) + activerecord (= 6.0.3.2) marcel (~> 0.3.1) - activesupport (6.0.3.1) + activesupport (6.0.3.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - bcrypt (3.1.13) + bcrypt (3.1.15) builder (3.2.4) - concurrent-ruby (1.1.6) + concurrent-ruby (1.1.7) crass (1.0.6) erubi (1.9.0) faraday (1.0.1) @@ -94,10 +94,10 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.3) + i18n (1.8.5) concurrent-ruby (~> 1.0) jwt (2.2.1) - loofah (2.5.0) + loofah (2.6.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -110,11 +110,11 @@ GEM mini_portile2 (2.4.0) minitest (5.14.1) mocha (1.11.2) - multi_json (1.14.1) + multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.2) - nokogiri (1.10.9) + nokogiri (1.10.10) mini_portile2 (~> 2.4.0) oauth2 (1.4.4) faraday (>= 0.8, < 2.0) @@ -134,35 +134,35 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.2.2) + rack (2.2.3) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.1) - actioncable (= 6.0.3.1) - actionmailbox (= 6.0.3.1) - actionmailer (= 6.0.3.1) - actionpack (= 6.0.3.1) - actiontext (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) - activemodel (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + rails (6.0.3.2) + actioncable (= 6.0.3.2) + actionmailbox (= 6.0.3.2) + actionmailer (= 6.0.3.2) + actionpack (= 6.0.3.2) + actiontext (= 6.0.3.2) + actionview (= 6.0.3.2) + activejob (= 6.0.3.2) + activemodel (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) bundler (>= 1.3.0) - railties (= 6.0.3.1) + railties (= 6.0.3.2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.1) - actionpack (= 6.0.3.1) - activesupport (= 6.0.3.1) + railties (6.0.3.2) + actionpack (= 6.0.3.2) + activesupport (= 6.0.3.2) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -172,7 +172,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) - sprockets (4.0.1) + sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -191,10 +191,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.2) + websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.3.0) + zeitwerk (2.4.0) PLATFORMS ruby From 507573994a5524e17729f5c8e340ec6678ff26a5 Mon Sep 17 00:00:00 2001 From: Daniel Pepper Date: Wed, 12 Aug 2020 13:19:50 -0700 Subject: [PATCH 1273/1473] Ensure `serializable_hash` doesn't raise with a frozen `:except` array I ran into an issue where options[:except] is a frozen array, which explodes when we try to concat values in `serializable_hash`. To fix this we dup the `:except` option before concatenating with the other options there. Closes #5278. --- CHANGELOG.md | 5 +++++ lib/devise/models/authenticatable.rb | 2 +- test/models/serializable_test.rb | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f70c10c42..975defb480 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### master + +* bug fixes + * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) + ### 4.7.2 - 2020-06-10 * enhancements diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 93582e219d..9d456fa3dd 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -104,7 +104,7 @@ def authenticatable_salt # given to :except will simply add names to exempt to Devise internal list. def serializable_hash(options = nil) options = options.try(:dup) || {} - options[:except] = Array(options[:except]) + options[:except] = Array(options[:except]).dup if options[:force_except] options[:except].concat Array(options[:force_except]) diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 0ec9e72069..245da05a8f 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -43,7 +43,7 @@ class SerializableTest < ActiveSupport::TestCase end test 'should accept frozen options' do - assert_key "username", @user.as_json({only: :username}.freeze)["user"] + assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"] end def assert_key(key, subject) From 2da46d8dd6c09446571eb3021b3c870cdd3ab9b8 Mon Sep 17 00:00:00 2001 From: Seiei Miyagi Date: Mon, 17 Aug 2020 22:17:06 +0900 Subject: [PATCH 1274/1473] Replace BLACKLIST_FOR_SERIALIZATION with DENYLIST_FOR_SERIALIZATION --- lib/devise/models/authenticatable.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 9d456fa3dd..047f7fbe90 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -55,11 +55,16 @@ module Models module Authenticatable extend ActiveSupport::Concern - BLACKLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, + DENYLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip, :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at, :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] + BLACKLIST_FOR_SERIALIZATION = DENYLIST_FOR_SERIALIZATION + if respond_to? :deprecate_constant + deprecate_constant :BLACKLIST_FOR_SERIALIZATION + end + included do class_attribute :devise_modules, instance_writer: false self.devise_modules ||= [] @@ -109,7 +114,7 @@ def serializable_hash(options = nil) if options[:force_except] options[:except].concat Array(options[:force_except]) else - options[:except].concat BLACKLIST_FOR_SERIALIZATION + options[:except].concat DENYLIST_FOR_SERIALIZATION end super(options) From 0c2cab7c946e0796c673a36aebba7c0352e5fec8 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 17 Aug 2020 08:59:40 -0300 Subject: [PATCH 1275/1473] Deprecate `BLACKLIST_FOR_SERIALIZATION` on all supported Rails versions Deprecate `BLACKLIST_FOR_SERIALIZATION` constant in favor of a more descriptive name `UNSAFE_ATTRIBUTES_FOR_SERIALIZATION`, removing unnecessary usage of the word `blacklist` from devise. The previous constant still works but will emit a warning if used, to allow anyone still depending on it to upgrade. This includes an internal backport of the Rails `deprecate_constant` implementation that exists on Rails 5.1+ to be able to deprecate it properly in prior versions, while we support those. (which I intend to drop soon.) --- CHANGELOG.md | 3 ++ lib/devise/models/authenticatable.rb | 11 +++--- .../rails/deprecated_constant_accessor.rb | 39 +++++++++++++++++++ test/models/serializable_test.rb | 4 ++ 4 files changed, 51 insertions(+), 6 deletions(-) create mode 100644 lib/devise/rails/deprecated_constant_accessor.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 975defb480..ca168f757e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ * bug fixes * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) +* deprecations + * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) + ### 4.7.2 - 2020-06-10 * enhancements diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 047f7fbe90..3df93112f3 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -2,6 +2,7 @@ require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' +require 'devise/rails/deprecated_constant_accessor' module Devise module Models @@ -55,15 +56,13 @@ module Models module Authenticatable extend ActiveSupport::Concern - DENYLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, + UNSAFE_ATTRIBUTES_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip, :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at, :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] - BLACKLIST_FOR_SERIALIZATION = DENYLIST_FOR_SERIALIZATION - if respond_to? :deprecate_constant - deprecate_constant :BLACKLIST_FOR_SERIALIZATION - end + include Devise::DeprecatedConstantAccessor + deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION" included do class_attribute :devise_modules, instance_writer: false @@ -114,7 +113,7 @@ def serializable_hash(options = nil) if options[:force_except] options[:except].concat Array(options[:force_except]) else - options[:except].concat DENYLIST_FOR_SERIALIZATION + options[:except].concat UNSAFE_ATTRIBUTES_FOR_SERIALIZATION end super(options) diff --git a/lib/devise/rails/deprecated_constant_accessor.rb b/lib/devise/rails/deprecated_constant_accessor.rb new file mode 100644 index 0000000000..d1eff92f2c --- /dev/null +++ b/lib/devise/rails/deprecated_constant_accessor.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +begin + require 'active_support/deprecation/constant_accessor' + + module Devise + DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc: + end +rescue LoadError + + # Copy of constant deprecation module from Rails / Active Support version 6, so we can use it + # with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater. + module Devise + module DeprecatedConstantAccessor #:nodoc: + def self.included(base) + require "active_support/inflector/methods" + + extension = Module.new do + def const_missing(missing_const_name) + if class_variable_defined?(:@@_deprecated_constants) + if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s]) + replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations) + return ActiveSupport::Inflector.constantize(replacement[:new].to_s) + end + end + super + end + + def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance) + class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants) + class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator } + end + end + base.singleton_class.prepend extension + end + end + end + +end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 245da05a8f..52a198136d 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -46,6 +46,10 @@ class SerializableTest < ActiveSupport::TestCase assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"] end + test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do + assert_deprecated { Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION } + end + def assert_key(key, subject) assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}" end From 23fbc35b2d3236d2025df99f2766c4d1f96187be Mon Sep 17 00:00:00 2001 From: Tony Novak Date: Tue, 25 Aug 2020 20:45:30 -0400 Subject: [PATCH 1276/1473] Fix hanging tests for streaming controllers using Devise Fixes #5285. --- lib/devise/test/controller_helpers.rb | 2 +- .../rails_app/app/controllers/streaming_controller.rb | 11 +++++++++++ test/rails_app/config/routes.rb | 2 ++ test/test/controller_helpers_test.rb | 10 ++++++++++ 4 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 test/rails_app/app/controllers/streaming_controller.rb diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index eeef694d28..30b45b3a6d 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -143,7 +143,7 @@ def _process_unauthenticated(env, options = {}) @controller.response.headers.merge!(headers) @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5 @controller.status = status - @controller.response.body = response.body + @controller.response_body = response.body nil # causes process return @response end diff --git a/test/rails_app/app/controllers/streaming_controller.rb b/test/rails_app/app/controllers/streaming_controller.rb new file mode 100644 index 0000000000..e64b771a64 --- /dev/null +++ b/test/rails_app/app/controllers/streaming_controller.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class StreamingController < ApplicationController + include ActionController::Live + + before_action :authenticate_user! + + def index + render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index' + end +end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 8687dae243..0b748f3fd7 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -17,6 +17,8 @@ resources :admins, only: [:index] + resources :streaming, only: [:index] + # Users scope devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" } diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index f285cbbfd6..588ca7915d 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -196,3 +196,13 @@ def respond assert_equal old_warden_proxy, new_warden_proxy end end + +class TestControllerHelpersForStreamingControllerTest < Devise::ControllerTestCase + tests StreamingController + include Devise::Test::ControllerHelpers + + test "doesn't hang when sending an authentication error response body" do + get :index + assert_equal "You are being redirected.", response.body + end +end From 3e588d2d256a9a61b35420d40e95a62c1dc12162 Mon Sep 17 00:00:00 2001 From: Tony Novak Date: Wed, 26 Aug 2020 12:02:11 -0400 Subject: [PATCH 1277/1473] Work around "uncaught throw :warden" issue in Rails 4 --- .../app/controllers/streaming_controller.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/rails_app/app/controllers/streaming_controller.rb b/test/rails_app/app/controllers/streaming_controller.rb index e64b771a64..6d3f02483d 100644 --- a/test/rails_app/app/controllers/streaming_controller.rb +++ b/test/rails_app/app/controllers/streaming_controller.rb @@ -8,4 +8,16 @@ class StreamingController < ApplicationController def index render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index' end + + # Work around https://github.com/heartcombo/devise/issues/2332, which affects + # tests in Rails 4.x (and affects production in Rails >= 5) + def process(name) + super(name) + rescue ArgumentError => e + if e.message == 'uncaught throw :warden' + throw :warden + else + raise e + end + end end From 4a5e7a9143fa630714c3a5476a3259cf703273a9 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 27 Aug 2020 08:54:08 -0300 Subject: [PATCH 1278/1473] Switch to https for git repos in the lock file --- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 2 +- gemfiles/Gemfile.rails-5.1-stable.lock | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 4 ++-- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8989135069..e6eeaae5db 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) @@ -8,7 +8,7 @@ GIT builder (~> 3.1) GIT - remote: git://github.com/rails/rails-controller-testing.git + remote: https://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: rails-controller-testing (1.0.5) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 8955016e65..94e8578723 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/rails.git + remote: https://github.com/rails/rails.git revision: 0cad778c2605a5204a05a9f1dbd3344e39f248d8 branch: 4-1-stable specs: diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index e3013cf588..310a258343 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/rails.git + remote: https://github.com/rails/rails.git revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997 branch: 4-2-stable specs: diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 79dfc25cf5..15c345abd5 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index 0580233716..12da7a0c48 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 9da2d22706..96064b38b1 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index bb9c6190e3..4d0b41e8d6 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) @@ -8,7 +8,7 @@ GIT builder (~> 3.1) GIT - remote: git://github.com/rails/rails-controller-testing.git + remote: https://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: rails-controller-testing (1.0.5) From e39b9b91340cc63d28897c10c83cf0af5820e4e9 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 27 Aug 2020 09:05:16 -0300 Subject: [PATCH 1279/1473] Fix order of arguments for `assert_equal` on tests Use `assert_equal expected, actual` for proper error messages in case of failures. --- test/controllers/custom_strategy_test.rb | 10 ++---- test/failure_app_test.rb | 6 ++-- test/integration/authenticatable_test.rb | 4 +-- test/integration/confirmable_test.rb | 4 +-- test/integration/lockable_test.rb | 6 ++-- test/integration/recoverable_test.rb | 6 ++-- test/integration/registerable_test.rb | 16 +++++----- .../mailers/confirmation_instructions_test.rb | 2 +- .../reset_password_instructions_test.rb | 2 +- test/mailers/unlock_instructions_test.rb | 2 +- test/models/authenticatable_test.rb | 8 ++--- test/models/confirmable_test.rb | 18 +++++------ test/models/database_authenticatable_test.rb | 10 +++--- test/models/lockable_test.rb | 32 +++++++++---------- test/models/omniauthable_test.rb | 2 +- test/models/recoverable_test.rb | 14 ++++---- test/models/registerable_test.rb | 2 +- test/models/rememberable_test.rb | 4 +-- test/models/timeoutable_test.rb | 2 +- test/models/trackable_test.rb | 4 +-- test/models/validatable_test.rb | 2 +- test/test/controller_helpers_test.rb | 2 +- 22 files changed, 76 insertions(+), 82 deletions(-) diff --git a/test/controllers/custom_strategy_test.rb b/test/controllers/custom_strategy_test.rb index c39ac3e619..d352a15bfa 100644 --- a/test/controllers/custom_strategy_test.rb +++ b/test/controllers/custom_strategy_test.rb @@ -42,9 +42,7 @@ class CustomStrategyTest < Devise::ControllerTestCase test "custom strategy can return its own status code" do ret = get :new - # check the returned rack array - # assert ret.is_a?(Array) - # assert_equal 400, ret.first + # check the returned response assert ret.is_a?(ActionDispatch::TestResponse) # check the saved response as well. This is purely so that the response is available to the testing framework @@ -55,12 +53,10 @@ class CustomStrategyTest < Devise::ControllerTestCase test "custom strategy can return custom headers" do ret = get :new - # check the returned rack array - # assert ret.is_a?(Array) - # assert_equal ret.third['X-FOO'], 'BAR' + # check the returned response assert ret.is_a?(ActionDispatch::TestResponse) # check the saved response headers as well. - assert_equal response.headers['X-FOO'], 'BAR' + assert_equal 'BAR', response.headers['X-FOO'] end end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index af622fff26..dc2a5bbc7b 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -363,8 +363,8 @@ def call_failure(env_params={}) call_failure(env) assert @response.third.body.include?('

Log in

') assert @response.third.body.include?('Invalid Email or password.') - assert_equal @request.env["SCRIPT_NAME"], '/sample' - assert_equal @request.env["PATH_INFO"], '/users/sign_in' + assert_equal '/sample', @request.env["SCRIPT_NAME"] + assert_equal '/users/sign_in', @request.env["PATH_INFO"] end end end @@ -372,7 +372,7 @@ def call_failure(env_params={}) context "Lazy loading" do test "loads" do - assert_equal Devise::FailureApp.new.lazy_loading_works?, "yes it does" + assert_equal "yes it does", Devise::FailureApp.new.lazy_loading_works? end end context "Without Flash Support" do diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 6ffd463792..40c79cca89 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -321,14 +321,14 @@ class AuthenticationRedirectTest < Devise::IntegrationTest test 'require_no_authentication should set the already_authenticated flash message' do sign_in_as_user visit new_user_session_path - assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated") + assert_equal I18n.t("devise.failure.already_authenticated"), flash[:alert] end test 'require_no_authentication should set the already_authenticated flash message as admin' do store_translations :en, devise: { failure: { admin: { already_authenticated: 'You are already signed in as admin.' } } } do sign_in_as_admin visit new_admin_session_path - assert_equal flash[:alert], "You are already signed in as admin." + assert_equal "You are already signed in as admin.", flash[:alert] end end end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 5cafacb430..4886a6b561 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -218,7 +218,7 @@ def resend_confirmation user = create_user(confirm: false) post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } } assert_response :success - assert_equal response.body, {}.to_xml + assert_equal({}.to_xml, response.body) end test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do @@ -247,7 +247,7 @@ def resend_confirmation post user_confirmation_path, params: { user: { email: user.email }, format: :json } assert_response :success - assert_equal response.body, {}.to_json + assert_equal({}.to_json, response.body) end test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 87e439ef1f..ca72befd9c 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -136,8 +136,7 @@ def send_unlock_request post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } assert_response :success - assert_equal response.body, {}.to_xml - + assert_equal({}.to_xml, response.body) assert_equal 1, ActionMailer::Base.deliveries.size end @@ -160,7 +159,6 @@ def send_unlock_request assert response.body.include? %(\n) end - test 'user with invalid unlock token should not be able to unlock the account via XML request' do get user_unlock_path(format: 'xml', unlock_token: 'invalid_token') assert_response :unprocessable_entity @@ -171,7 +169,7 @@ def send_unlock_request user = create_user(locked: true) post user_unlock_path(format: "json", user: {email: user.email}) assert_response :success - assert_equal response.body, {}.to_json + assert_equal({}.to_json, response.body) end test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index b1cdb6571f..c6f8c6cfc4 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -265,7 +265,7 @@ def reset_password(options={}, &block) create_user post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} } assert_response :success - assert_equal response.body, { }.to_xml + assert_equal({}.to_xml, response.body) end test 'reset password request with invalid E-Mail in XML format should return valid response' do @@ -280,7 +280,7 @@ def reset_password(options={}, &block) create_user post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} } assert_response :success - assert_equal response.body, { }.to_xml + assert_equal({}.to_xml, response.body) end end @@ -317,7 +317,7 @@ def reset_password(options={}, &block) post user_password_path(format: :json), params: { user: { email: user.email } } assert_response :success - assert_equal response.body, "{}" + assert_equal "{}", response.body end test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 46f09f37b8..dfe4b48eb5 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -20,7 +20,7 @@ class RegistrationTest < Devise::IntegrationTest assert_current_url "/admin_area/home" admin = Admin.to_adapter.find_first(order: [:id, :desc]) - assert_equal admin.email, 'new_user@test.com' + assert_equal 'new_user@test.com', admin.email end test 'a guest admin should be able to sign in and be redirected to a custom location' do @@ -69,7 +69,7 @@ def user_sign_up refute warden.authenticated?(:user) user = User.to_adapter.find_first(order: [:id, :desc]) - assert_equal user.email, 'new_user@test.com' + assert_equal 'new_user@test.com', user.email refute user.confirmed? end @@ -254,7 +254,7 @@ def user_sign_up assert_contain "Password confirmation doesn't match Password" refute User.to_adapter.find_first.valid_password?('pas123') end - + test 'a signed in user should see a warning about minimum password length' do sign_in_as_user get edit_user_registration_path @@ -303,7 +303,7 @@ def user_sign_up assert response.body.include? %(\n) admin = Admin.to_adapter.find_first(order: [:id, :desc]) - assert_equal admin.email, 'new_user@test.com' + assert_equal 'new_user@test.com', admin.email end test 'a user sign up with valid information in XML format should return valid response' do @@ -312,7 +312,7 @@ def user_sign_up assert response.body.include? %(\n) user = User.to_adapter.find_first(order: [:id, :desc]) - assert_equal user.email, 'new_user@test.com' + assert_equal 'new_user@test.com', user.email end test 'a user sign up with invalid information in XML format should return invalid response' do @@ -325,21 +325,21 @@ def user_sign_up user = sign_in_as_user put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } } assert_response :success - assert_equal user.reload.email, 'user.new@test.com' + assert_equal 'user.new@test.com', user.reload.email end test 'a user update information with invalid data in XML format should return invalid response' do user = sign_in_as_user put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } } assert_response :unprocessable_entity - assert_equal user.reload.email, 'user@test.com' + assert_equal 'user@test.com', user.reload.email end test 'a user cancel their account in XML format should return valid response' do sign_in_as_user delete user_registration_path(format: 'xml') assert_response :success - assert_equal User.to_adapter.find_all.size, 0 + assert_equal 0, User.to_adapter.find_all.size end end diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 358b092c19..8f9dbc151d 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -88,7 +88,7 @@ def mail host, port = ActionMailer::Base.default_url_options.values_at :host, :port if mail.body.encoded =~ %r{} - assert_equal $1, user.confirmation_token + assert_equal user.confirmation_token, $1 else flunk "expected confirmation url regex to match" end diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index f38829dd42..1a371b7214 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -84,7 +84,7 @@ def mail host, port = ActionMailer::Base.default_url_options.values_at :host, :port if mail.body.encoded =~ %r{} - assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token + assert_equal user.reset_password_token, Devise.token_generator.digest(user.class, :reset_password_token, $1) else flunk "expected reset password url regex to match" end diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 586799da52..3722cf9c62 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -85,7 +85,7 @@ def mail host, port = ActionMailer::Base.default_url_options.values_at :host, :port if mail.body.encoded =~ %r{} - assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token + assert_equal user.unlock_token, Devise.token_generator.digest(user.class, :unlock_token, $1) else flunk "expected unlock url regex to match" end diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 4fc30a8101..576ceaffec 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -4,12 +4,12 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'required_fields should be an empty array' do - assert_equal Devise::Models::Validatable.required_fields(User), [] + assert_equal [], Devise::Models::Validatable.required_fields(User) end test 'find_first_by_auth_conditions allows custom filtering parameters' do user = User.create!(email: "example@example.com", password: "1234567") - assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user + assert_equal user, User.find_first_by_auth_conditions({ email: "example@example.com" }) assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next) end @@ -18,14 +18,14 @@ class AuthenticatableTest < ActiveSupport::TestCase # config.strip_whitespace_keys = [:email] test 'find_or_initialize_with_errors uses parameter filter on find' do user = User.create!(email: "example@example.com", password: "1234567") - assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }), user + assert_equal user, User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }) end # assumes default configuration of # config.case_insensitive_keys = [:email] # config.strip_whitespace_keys = [:email] test 'find_or_initialize_with_errors uses parameter filter on initialize' do - assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email, "example@example.com" + assert_equal "example@example.com", User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email end test 'find_or_initialize_with_errors adds blank error' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 899c9caba2..d6f26c2ba2 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -61,7 +61,7 @@ def setup user = create_user raw = user.raw_confirmation_token confirmed_user = User.confirm_by_token(raw) - assert_equal confirmed_user, user + assert_equal user, confirmed_user assert user.reload.confirmed? end @@ -160,7 +160,7 @@ def setup test 'should find a user to send confirmation instructions' do user = create_user confirmation_user = User.send_confirmation_instructions(email: user.email) - assert_equal confirmation_user, user + assert_equal user, confirmation_user end test 'should return a new user if no email was found' do @@ -305,7 +305,7 @@ def setup swap Devise, authentication_keys: [:username, :email] do user = create_user confirm_user = User.send_confirmation_instructions(email: user.email, username: user.username) - assert_equal confirm_user, user + assert_equal user, confirm_user end end @@ -322,7 +322,7 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) user = create_user user.update_attribute(:confirmation_sent_at, confirmation_sent_at) confirmed_user = User.confirm_by_token(user.raw_confirmation_token) - assert_equal confirmed_user, user + assert_equal user, confirmed_user user.reload.confirmed? end @@ -497,7 +497,7 @@ class ReconfirmableTest < ActiveSupport::TestCase assert admin.confirm assert admin.update(email: 'new_test@example.com') confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email) - assert_equal confirmation_admin, admin + assert_equal admin, confirmation_admin end test 'should return a new admin if no email or unconfirmed_email was found' do @@ -520,20 +520,20 @@ class ReconfirmableTest < ActiveSupport::TestCase end test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Confirmable.required_fields(User), [ + assert_equal [ :confirmation_token, :confirmed_at, :confirmation_sent_at - ] + ], Devise::Models::Confirmable.required_fields(User) end test 'required_fields should also contain unconfirmable when reconfirmable_email is true' do - assert_equal Devise::Models::Confirmable.required_fields(Admin), [ + assert_equal [ :confirmation_token, :confirmed_at, :confirmation_sent_at, :unconfirmed_email - ] + ], Devise::Models::Confirmable.required_fields(Admin) end test 'should not require reconfirmation after creating a record' do diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 6eb6a0527a..676b44d2bb 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -108,7 +108,7 @@ def setup test 'should support custom hashing methods' do user = UserWithCustomHashing.new(password: '654321') - assert_equal user.encrypted_password, '123456' + assert_equal '123456', user.encrypted_password end test 'allow authenticatable_salt to work even with nil hashed password' do @@ -293,18 +293,18 @@ def setup end test 'required_fields should be encryptable_password and the email field by default' do - assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [ + assert_equal [ :encrypted_password, :email - ] + ], Devise::Models::DatabaseAuthenticatable.required_fields(User) end test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do swap Devise, authentication_keys: [:login] do - assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [ + assert_equal [ :encrypted_password, :login - ] + ], Devise::Models::DatabaseAuthenticatable.required_fields(User) end end end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 644156a4e8..c18441604e 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -174,7 +174,7 @@ def setup user = create_user raw = user.send_unlock_instructions locked_user = User.unlock_access_by_token(raw) - assert_equal locked_user, user + assert_equal user, locked_user refute user.reload.access_locked? end @@ -194,7 +194,7 @@ def setup user = create_user user.lock_access! unlock_user = User.send_unlock_instructions(email: user.email) - assert_equal unlock_user, user + assert_equal user, unlock_user end test 'should return a new user if no email was found' do @@ -211,7 +211,7 @@ def setup swap Devise, authentication_keys: [:username, :email] do user = create_user unlock_user = User.send_unlock_instructions(email: user.email, username: user.username) - assert_equal unlock_user, user + assert_equal user, unlock_user end end @@ -270,11 +270,11 @@ def setup test 'required_fields should contain the all the fields when all the strategies are enabled' do swap Devise, unlock_strategy: :both do swap Devise, lock_strategy: :failed_attempts do - assert_equal Devise::Models::Lockable.required_fields(User), [ - :failed_attempts, - :locked_at, - :unlock_token - ] + assert_equal [ + :failed_attempts, + :locked_at, + :unlock_token + ], Devise::Models::Lockable.required_fields(User) end end end @@ -282,10 +282,10 @@ def setup test 'required_fields should contain only failed_attempts and locked_at when the strategies are time and failed_attempts are enabled' do swap Devise, unlock_strategy: :time do swap Devise, lock_strategy: :failed_attempts do - assert_equal Devise::Models::Lockable.required_fields(User), [ - :failed_attempts, - :locked_at - ] + assert_equal [ + :failed_attempts, + :locked_at + ], Devise::Models::Lockable.required_fields(User) end end end @@ -293,10 +293,10 @@ def setup test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do swap Devise, unlock_strategy: :email do swap Devise, lock_strategy: :failed_attempts do - assert_equal Devise::Models::Lockable.required_fields(User), [ - :failed_attempts, - :unlock_token - ] + assert_equal [ + :failed_attempts, + :unlock_token + ], Devise::Models::Lockable.required_fields(User) end end end diff --git a/test/models/omniauthable_test.rb b/test/models/omniauthable_test.rb index c22bc43086..22cea976cf 100644 --- a/test/models/omniauthable_test.rb +++ b/test/models/omniauthable_test.rb @@ -4,6 +4,6 @@ class OmniauthableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Omniauthable.required_fields(User), [] + assert_equal [], Devise::Models::Omniauthable.required_fields(User) end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index ab47f95f13..69f14a9b99 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -116,7 +116,7 @@ def setup test 'should find a user to send instructions by email' do user = create_user reset_password_user = User.send_reset_password_instructions(email: user.email) - assert_equal reset_password_user, user + assert_equal user, reset_password_user end test 'should return a new record with errors if user was not found by e-mail' do @@ -129,7 +129,7 @@ def setup swap Devise, authentication_keys: [:username, :email] do user = create_user reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username) - assert_equal reset_password_user, user + assert_equal user, reset_password_user end end @@ -161,7 +161,7 @@ def setup raw = user.send_reset_password_instructions reset_password_user = User.reset_password_by_token(reset_password_token: raw) - assert_equal reset_password_user, user + assert_equal user, reset_password_user end test 'should return a new record with errors if no reset_password_token is found' do @@ -237,23 +237,23 @@ def setup end test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Recoverable.required_fields(User), [ + assert_equal [ :reset_password_sent_at, :reset_password_token - ] + ], Devise::Models::Recoverable.required_fields(User) end test 'should return a user based on the raw token' do user = create_user raw = user.send_reset_password_instructions - assert_equal User.with_reset_password_token(raw), user + assert_equal user, User.with_reset_password_token(raw) end test 'should return the same reset password token as generated' do user = create_user raw = user.send_reset_password_instructions - assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token + assert_equal user.reset_password_token, Devise.token_generator.digest(self.class, :reset_password_token, raw) end test 'should return nil if a user based on the raw token is not found' do diff --git a/test/models/registerable_test.rb b/test/models/registerable_test.rb index 2549341684..df5cf6fcf1 100644 --- a/test/models/registerable_test.rb +++ b/test/models/registerable_test.rb @@ -4,6 +4,6 @@ class RegisterableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Registerable.required_fields(User), [] + assert_equal [], Devise::Models::Registerable.required_fields(User) end end diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 24ebb3feb0..076a18a248 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -177,8 +177,8 @@ def user.authenticatable_salt; ""; end end test 'should have the required_fields array' do - assert_equal Devise::Models::Rememberable.required_fields(User), [ + assert_equal [ :remember_created_at - ] + ], Devise::Models::Rememberable.required_fields(User) end end diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index 205c8023be..6bbb29606a 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -43,7 +43,7 @@ class TimeoutableTest < ActiveSupport::TestCase end test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Timeoutable.required_fields(User), [] + assert_equal [], Devise::Models::Timeoutable.required_fields(User) end test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do diff --git a/test/models/trackable_test.rb b/test/models/trackable_test.rb index d89df42d43..250ca1d463 100644 --- a/test/models/trackable_test.rb +++ b/test/models/trackable_test.rb @@ -4,13 +4,13 @@ class TrackableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Trackable.required_fields(User), [ + assert_equal [ :current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count - ] + ], Devise::Models::Trackable.required_fields(User) end test 'update_tracked_fields should only set attributes but not save the record' do diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 6e02ad4455..f96cfa9182 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -116,6 +116,6 @@ class ValidatableTest < ActiveSupport::TestCase end test 'required_fields should be an empty array' do - assert_equal Devise::Models::Validatable.required_fields(User), [] + assert_equal [], Devise::Models::Validatable.required_fields(User) end end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 588ca7915d..9aad7341e8 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -97,7 +97,7 @@ def respond test "returns the body of a failure app" do get :index - assert_equal response.body, "You are being redirected." + assert_equal "You are being redirected.", response.body end test "returns the content type of a failure app" do From 15135f7dc61e3b109e62f1e9be826cb31dfd12d9 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 27 Aug 2020 18:38:26 -0300 Subject: [PATCH 1280/1473] User `assert_includes`/`refute_includes` minitest helpers --- test/controllers/load_hooks_controller_test.rb | 4 ++-- test/failure_app_test.rb | 16 ++++++++-------- test/integration/authenticatable_test.rb | 4 ++-- test/integration/confirmable_test.rb | 6 +++--- test/integration/lockable_test.rb | 6 +++--- test/integration/recoverable_test.rb | 6 +++--- test/integration/registerable_test.rb | 6 +++--- test/mailers/confirmation_instructions_test.rb | 2 +- test/mailers/email_changed_test.rb | 2 +- test/mailers/reset_password_instructions_test.rb | 2 +- test/mailers/unlock_instructions_test.rb | 2 +- test/models/confirmable_test.rb | 2 +- test/models/lockable_test.rb | 2 +- test/models/recoverable_test.rb | 2 +- test/support/integration.rb | 2 +- test/test/controller_helpers_test.rb | 4 ++-- 16 files changed, 34 insertions(+), 34 deletions(-) diff --git a/test/controllers/load_hooks_controller_test.rb b/test/controllers/load_hooks_controller_test.rb index 6387b309a8..63720c2e2b 100644 --- a/test/controllers/load_hooks_controller_test.rb +++ b/test/controllers/load_hooks_controller_test.rb @@ -16,6 +16,6 @@ class LoadHooksControllerTest < Devise::ControllerTestCase end test 'load hook called when controller is loaded' do - assert DeviseController.instance_methods.include? :defined_by_load_hook + assert_includes DeviseController.instance_methods, :defined_by_load_hook end -end \ No newline at end of file +end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index dc2a5bbc7b..920e47cb44 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -326,8 +326,8 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('Invalid Email or password.') + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'Invalid Email or password.' end test 'calls the original controller if not confirmed email' do @@ -337,8 +337,8 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('You have to confirm your email address before continuing.') + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'You have to confirm your email address before continuing.' end test 'calls the original controller if inactive account' do @@ -348,8 +348,8 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('Your account is not activated yet.') + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'Your account is not activated yet.' end if Rails.application.config.respond_to?(:relative_url_root) @@ -361,8 +361,8 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('Invalid Email or password.') + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'Invalid Email or password.' assert_equal '/sample', @request.env["SCRIPT_NAME"] assert_equal '/users/sign_in', @request.env["PATH_INFO"] end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 40c79cca89..fcc1d734b6 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -496,7 +496,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest create_user post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'sign in with xml format is idempotent' do @@ -512,7 +512,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'sign out with html redirects' do diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 4886a6b561..85b2f72344 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -225,21 +225,21 @@ def resend_confirmation create_user(confirm: false) post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'confirm account with valid confirmation token in XML format should return valid response' do user = create_user(confirm: false) get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml') assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'confirm account with invalid confirmation token in XML format should return invalid response' do create_user(confirm: false) get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml') assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'request an account confirmation account with JSON, should return an empty JSON' do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index ca72befd9c..01077f604e 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -146,7 +146,7 @@ def send_unlock_request post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) assert_equal 0, ActionMailer::Base.deliveries.size end @@ -156,13 +156,13 @@ def send_unlock_request assert user.access_locked? get user_unlock_path(format: 'xml', unlock_token: raw) assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'user with invalid unlock token should not be able to unlock the account via XML request' do get user_unlock_path(format: 'xml', unlock_token: 'invalid_token') assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test "when using json to ask a unlock request, should not return the user" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index c6f8c6cfc4..d3cbb96b94 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -272,7 +272,7 @@ def reset_password(options={}, &block) create_user post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do @@ -300,7 +300,7 @@ def reset_password(options={}, &block) request_forgot_password put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'change password with invalid new password in XML format should return invalid response' do @@ -308,7 +308,7 @@ def reset_password(options={}, &block) request_forgot_password put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test "when using json requests to ask a confirmable request, should not return the object" do diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index dfe4b48eb5..462b478f59 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -300,7 +300,7 @@ def user_sign_up test 'an admin sign up with valid information in XML format should return valid response' do post admin_registration_path(format: 'xml'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) admin = Admin.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', admin.email @@ -309,7 +309,7 @@ def user_sign_up test 'a user sign up with valid information in XML format should return valid response' do post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', user.email @@ -318,7 +318,7 @@ def user_sign_up test 'a user sign up with invalid information in XML format should return invalid response' do post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'a user update information with valid data in XML format should return valid response' do diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 8f9dbc151d..5b46331219 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -31,7 +31,7 @@ def mail end test 'content type should be set to html' do - assert mail.content_type.include?('text/html') + assert_includes mail.content_type, 'text/html' end test 'send confirmation instructions to the user email' do diff --git a/test/mailers/email_changed_test.rb b/test/mailers/email_changed_test.rb index c82517f504..f324165452 100644 --- a/test/mailers/email_changed_test.rb +++ b/test/mailers/email_changed_test.rb @@ -35,7 +35,7 @@ def mail end test 'content type should be set to html' do - assert mail.content_type.include?('text/html') + assert_includes mail.content_type, 'text/html' end test 'send email changed to the original user email' do diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 1a371b7214..5a344cbf09 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -34,7 +34,7 @@ def mail end test 'content type should be set to html' do - assert mail.content_type.include?('text/html') + assert_includes mail.content_type, 'text/html' end test 'send confirmation instructions to the user email' do diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 3722cf9c62..dff580e2eb 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -35,7 +35,7 @@ def mail end test 'content type should be set to html' do - assert mail.content_type.include?('text/html') + assert_includes mail.content_type, 'text/html' end test 'send unlock instructions to the user email' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index d6f26c2ba2..36acf54064 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -28,7 +28,7 @@ def setup confirmation_tokens = [] 3.times do token = create_user.confirmation_token - assert !confirmation_tokens.include?(token) + refute_includes confirmation_tokens, token confirmation_tokens << token end end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index c18441604e..8b12d55040 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -121,7 +121,7 @@ def setup user = create_user user.lock_access! token = user.unlock_token - assert !unlock_tokens.include?(token) + refute_includes unlock_tokens, token unlock_tokens << token end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 69f14a9b99..187c2dd1a5 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -18,7 +18,7 @@ def setup user = create_user user.send_reset_password_instructions token = user.reset_password_token - assert !reset_password_tokens.include?(token) + refute_includes reset_password_tokens, token reset_password_tokens << token end end diff --git a/test/support/integration.rb b/test/support/integration.rb index 2dccccf118..94554cba96 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -61,7 +61,7 @@ def sign_in_as_admin(options={}, &block) # account Middleware redirects. # def assert_redirected_to(url) - assert [301, 302].include?(@integration_session.status), + assert_includes [301, 302], @integration_session.status, "Expected status to be 301 or 302, got #{@integration_session.status}" assert_url url, @integration_session.headers["Location"] diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 9aad7341e8..73548e4a49 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -104,9 +104,9 @@ def respond get :index, params: { format: :xml } if Devise::Test.rails6? - assert response.media_type.include?('application/xml') + assert_includes response.media_type, 'application/xml' else - assert response.content_type.include?('application/xml') + assert_includes response.content_type, 'application/xml' end end From 97aa37bb50c0b7604e49fa3ce594bb85463e28dd Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 27 Aug 2020 18:40:03 -0300 Subject: [PATCH 1281/1473] Use `assert_empty` minitest helper --- test/controllers/internal_helpers_test.rb | 2 +- test/integration/lockable_test.rb | 2 +- test/integration/registerable_test.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 7710e0d7bd..9f1b3f5b42 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -51,7 +51,7 @@ def setup end test 'resources methods are not controller actions' do - assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty? + assert_empty @controller.class.action_methods.delete_if { |m| m.include? 'commenter' } end test 'require no authentication tests current mapping' do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 01077f604e..b0eaf02f57 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -99,7 +99,7 @@ def send_unlock_request sign_in_as_user(password: "invalid") assert_contain 'Your account is locked.' - assert ActionMailer::Base.deliveries.empty? + assert_empty ActionMailer::Base.deliveries end test 'error message is configurable by resource name' do diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 462b478f59..7cf5fa7cf0 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -268,7 +268,7 @@ def user_sign_up click_button "Cancel my account" assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon." - assert User.to_adapter.find_all.empty? + assert_empty User.to_adapter.find_all end test 'a user should be able to cancel sign up by deleting data in the session' do From eed641d2bea11839ab13e943660da41cad14314d Mon Sep 17 00:00:00 2001 From: mune Date: Mon, 31 Aug 2020 20:46:43 +0900 Subject: [PATCH 1282/1473] Add spaces around method arguments when setting default values Closes #5288 --- app/mailers/devise/mailer.rb | 10 +++++----- lib/devise/controllers/helpers.rb | 8 ++++---- lib/devise/controllers/sign_in_out.rb | 6 +++--- lib/devise/controllers/url_helpers.rb | 2 +- lib/devise/mapping.rb | 2 +- lib/devise/models/authenticatable.rb | 6 +++--- lib/devise/models/confirmable.rb | 4 ++-- lib/devise/models/lockable.rb | 2 +- lib/devise/models/recoverable.rb | 4 ++-- lib/devise/rails/routes.rb | 8 ++++---- test/controllers/url_helpers_test.rb | 2 +- test/failure_app_test.rb | 2 +- test/generators/views_generator_test.rb | 2 +- test/integration/confirmable_test.rb | 2 +- test/integration/http_authenticatable_test.rb | 2 +- test/integration/recoverable_test.rb | 2 +- test/integration/rememberable_test.rb | 2 +- test/mapping_test.rb | 2 +- test/models/serializable_test.rb | 2 +- test/omniauth/url_helpers_test.rb | 2 +- test/rails_app/lib/shared_user_without_email.rb | 2 +- test/support/helpers.rb | 12 ++++++------ test/support/integration.rb | 8 ++++---- 23 files changed, 47 insertions(+), 47 deletions(-) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index 11ef449cb0..e617edcd0b 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -4,26 +4,26 @@ class Devise::Mailer < Devise.parent_mailer.constantize include Devise::Mailers::Helpers - def confirmation_instructions(record, token, opts={}) + def confirmation_instructions(record, token, opts = {}) @token = token devise_mail(record, :confirmation_instructions, opts) end - def reset_password_instructions(record, token, opts={}) + def reset_password_instructions(record, token, opts = {}) @token = token devise_mail(record, :reset_password_instructions, opts) end - def unlock_instructions(record, token, opts={}) + def unlock_instructions(record, token, opts = {}) @token = token devise_mail(record, :unlock_instructions, opts) end - def email_changed(record, opts={}) + def email_changed(record, opts = {}) devise_mail(record, :email_changed, opts) end - def password_change(record, opts={}) + def password_change(record, opts = {}) devise_mail(record, :password_change, opts) end end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index e0e6acc328..bc6e9fd865 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -36,11 +36,11 @@ module ClassMethods # before_action ->{ authenticate_blogger! :admin } # Redirects to the admin login page # current_blogger :user # Preferably returns a User if one is signed in # - def devise_group(group_name, opts={}) + def devise_group(group_name, opts = {}) mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]" class_eval <<-METHODS, __FILE__, __LINE__ + 1 - def authenticate_#{group_name}!(favorite=nil, opts={}) + def authenticate_#{group_name}!(favorite = nil, opts = {}) unless #{group_name}_signed_in? mappings = #{mappings} mappings.unshift mappings.delete(favorite.to_sym) if favorite @@ -57,7 +57,7 @@ def #{group_name}_signed_in? end end - def current_#{group_name}(favorite=nil) + def current_#{group_name}(favorite = nil) mappings = #{mappings} mappings.unshift mappings.delete(favorite.to_sym) if favorite mappings.each do |mapping| @@ -113,7 +113,7 @@ def self.define_helpers(mapping) #:nodoc: mapping = mapping.name class_eval <<-METHODS, __FILE__, __LINE__ + 1 - def authenticate_#{mapping}!(opts={}) + def authenticate_#{mapping}!(opts = {}) opts[:scope] = :#{mapping} warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 19481b4d40..526b41ea4b 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -10,7 +10,7 @@ module SignInOut # cause exceptions to be thrown from this method; if you simply want to check # if a scope has already previously been authenticated without running # authentication hooks, you can directly call `warden.authenticated?(scope: scope)` - def signed_in?(scope=nil) + def signed_in?(scope = nil) [scope || Devise.mappings.keys].flatten.any? do |_scope| warden.authenticate?(scope: _scope) end @@ -77,7 +77,7 @@ def bypass_sign_in(resource, scope: nil) # sign_out :user # sign_out(scope) # sign_out @user # sign_out(resource) # - def sign_out(resource_or_scope=nil) + def sign_out(resource_or_scope = nil) return sign_out_all_scopes unless resource_or_scope scope = Devise::Mapping.find_scope!(resource_or_scope) user = warden.user(scope: scope, run_callbacks: false) # If there is no user @@ -92,7 +92,7 @@ def sign_out(resource_or_scope=nil) # Sign out all active users or scopes. This helper is useful for signing out all roles # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout # and false if there was no user logged in on all scopes. - def sign_out_all_scopes(lock=true) + def sign_out_all_scopes(lock = true) users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } warden.logout diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index 3da36423e0..2792a07c8b 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -34,7 +34,7 @@ def self.remove_helpers! end end - def self.generate_helpers!(routes=nil) + def self.generate_helpers!(routes = nil) routes ||= begin mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq Devise::URL_HELPERS.slice(*mappings) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 7692020ff4..7c7ea0085b 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -46,7 +46,7 @@ def self.find_scope!(obj) raise "Could not find a valid mapping for #{obj.inspect}" end - def self.find_by_path!(path, path_type=:fullpath) + def self.find_by_path!(path, path_type = :fullpath) Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) } raise "Could not find a valid mapping for path #{path.inspect}" end diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 3df93112f3..5b748ad2cf 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -276,17 +276,17 @@ def find_for_authentication(tainted_conditions) find_first_by_auth_conditions(tainted_conditions) end - def find_first_by_auth_conditions(tainted_conditions, opts={}) + def find_first_by_auth_conditions(tainted_conditions, opts = {}) to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts)) end # Find or initialize a record setting an error if it can't be found. - def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc: + def find_or_initialize_with_error_by(attribute, value, error = :invalid) #:nodoc: find_or_initialize_with_errors([attribute], { attribute => value }, error) end # Find or initialize a record with group of attributes based on a list of required attributes. - def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc: + def find_or_initialize_with_errors(required_attributes, attributes, error = :invalid) #:nodoc: attributes.try(:permit!) attributes = attributes.to_h.with_indifferent_access .slice(*required_attributes) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 91258f4c33..7faae516b6 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -76,7 +76,7 @@ def self.required_fields(klass) # Confirm a user by setting it's confirmed_at to actual time. If the user # is already confirmed, add an error to email field. If the user is invalid # add errors - def confirm(args={}) + def confirm(args = {}) pending_any_confirmation do if confirmation_period_expired? self.errors.add(:email, :confirmation_period_expired, @@ -334,7 +334,7 @@ module ClassMethods # confirmation instructions to it. If not, try searching for a user by unconfirmed_email # field. If no user is found, returns a new user with an email not found error. # Options must contain the user email - def send_confirmation_instructions(attributes={}) + def send_confirmation_instructions(attributes = {}) confirmable = find_by_unconfirmed_email_with_errors(attributes) if reconfirmable unless confirmable.try(:persisted?) confirmable = find_or_initialize_with_errors(confirmation_keys, attributes, :not_found) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index b8ec4dcaa9..578f52949d 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -168,7 +168,7 @@ module ClassMethods # unlock instructions to it. If not user is found, returns a new user # with an email not found error. # Options must contain the user's unlock keys - def send_unlock_instructions(attributes={}) + def send_unlock_instructions(attributes = {}) lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found) lockable.resend_unlock_instructions if lockable.persisted? lockable diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 75318d503e..0cca30f064 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -131,7 +131,7 @@ def with_reset_password_token(token) # password instructions to it. If user is not found, returns a new user # with an email not found error. # Attributes must contain the user's email - def send_reset_password_instructions(attributes={}) + def send_reset_password_instructions(attributes = {}) recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found) recoverable.send_reset_password_instructions if recoverable.persisted? recoverable @@ -142,7 +142,7 @@ def send_reset_password_instructions(attributes={}) # try saving the record. If not user is found, returns a new user # containing an error in reset_password_token attribute. # Attributes must contain reset_password_token, password and confirmation - def reset_password_by_token(attributes={}) + def reset_password_by_token(attributes = {}) original_token = attributes[:reset_password_token] reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 95a4ced795..004b985746 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -287,7 +287,7 @@ def devise_for(*resources) # root to: "admin/dashboard#show", as: :user_root # end # - def authenticate(scope=nil, block=nil) + def authenticate(scope = nil, block = nil) constraints_for(:authenticate!, scope, block) do yield end @@ -311,7 +311,7 @@ def authenticate(scope=nil, block=nil) # # root to: 'landing#show' # - def authenticated(scope=nil, block=nil) + def authenticated(scope = nil, block = nil) constraints_for(:authenticate?, scope, block) do yield end @@ -328,7 +328,7 @@ def authenticated(scope=nil, block=nil) # # root to: 'dashboard#show' # - def unauthenticated(scope=nil) + def unauthenticated(scope = nil) constraint = lambda do |request| not request.env["warden"].authenticate? scope: scope end @@ -474,7 +474,7 @@ def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: @scope = current_scope end - def constraints_for(method_to_apply, scope=nil, block=nil) + def constraints_for(method_to_apply, scope = nil, block = nil) constraint = lambda do |request| request.env['warden'].send(method_to_apply, scope: scope) && (block.nil? || block.call(request.env["warden"].user(scope))) diff --git a/test/controllers/url_helpers_test.rb b/test/controllers/url_helpers_test.rb index d5328a367f..e4b6a30933 100644 --- a/test/controllers/url_helpers_test.rb +++ b/test/controllers/url_helpers_test.rb @@ -5,7 +5,7 @@ class RoutesTest < Devise::ControllerTestCase tests ApplicationController - def assert_path_and_url(name, prepend_path=nil) + def assert_path_and_url(name, prepend_path = nil) @request.path = '/users/session' prepend_path = "#{prepend_path}_" if prepend_path diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 920e47cb44..1b0aeb04aa 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -73,7 +73,7 @@ def self.context(name, &block) instance_eval(&block) end - def call_failure(env_params={}) + def call_failure(env_params = {}) env = { 'REQUEST_URI' => 'http://test.host/', 'HTTP_HOST' => 'test.host', diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index 3b7349fa6e..1f8f90f3ca 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -77,7 +77,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase assert_file "app/views/devise/mailer/reset_password_instructions.markerb" end - def assert_files(scope = nil, options={}) + def assert_files(scope = nil, options = {}) scope = "devise" if scope.nil? mail_template_engine = options[:mail_template_engine] || "html.erb" diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 85b2f72344..165954617b 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -282,7 +282,7 @@ def resend_confirmation end class ConfirmationOnChangeTest < Devise::IntegrationTest - def create_second_admin(options={}) + def create_second_admin(options = {}) @admin = nil create_admin(options) end diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 3a52c571fb..619a3cd821 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -99,7 +99,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest end private - def sign_in_as_new_user_with_http(username="user@test.com", password="12345678") + def sign_in_as_new_user_with_http(username = "user@test.com", password = "12345678") user = create_user get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" } user diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index d3cbb96b94..2f1ca6e927 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -21,7 +21,7 @@ def request_forgot_password(&block) click_button 'Send me reset password instructions' end - def reset_password(options={}, &block) + def reset_password(options = {}, &block) unless options[:visit] == false visit edit_user_password_path(reset_password_token: options[:reset_password_token] || "abcdef") assert_response :success diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index cd6f2f10e2..62547e762b 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -3,7 +3,7 @@ require 'test_helper' class RememberMeTest < Devise::IntegrationTest - def create_user_and_remember(add_to_token='') + def create_user_and_remember(add_to_token = '') user = create_user user.remember_me! raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token } diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 0fc10c1a64..0c874570ca 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -6,7 +6,7 @@ class FakeRequest < Struct.new(:path_info, :params) end class MappingTest < ActiveSupport::TestCase - def fake_request(path, params={}) + def fake_request(path, params = {}) FakeRequest.new(path, params) end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 52a198136d..602cbe3714 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -58,7 +58,7 @@ def assert_no_key(key, subject) assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}" end - def from_json(options=nil) + def from_json(options = nil) ActiveSupport::JSON.decode(@user.to_json(options))["user"] end end diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 41d4f50162..a8098c741a 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -5,7 +5,7 @@ class OmniAuthRoutesTest < ActionController::TestCase tests ApplicationController - def assert_path(action, provider, with_param=true) + def assert_path(action, provider, with_param = true) # Resource param assert_equal @controller.send(action, :user, provider), @controller.send("user_#{provider}_#{action}") diff --git a/test/rails_app/lib/shared_user_without_email.rb b/test/rails_app/lib/shared_user_without_email.rb index f030c195de..5a86729ff9 100644 --- a/test/rails_app/lib/shared_user_without_email.rb +++ b/test/rails_app/lib/shared_user_without_email.rb @@ -21,7 +21,7 @@ def email_changed? raise NoMethodError end - def respond_to?(method_name, include_all=false) + def respond_to?(method_name, include_all = false) return false if method_name.to_sym == :email_changed? super(method_name, include_all) end diff --git a/test/support/helpers.rb b/test/support/helpers.rb index fe7cf1b572..11ac4486a7 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -27,32 +27,32 @@ def generate_unique_email "test#{@@email_count}@example.com" end - def valid_attributes(attributes={}) + def valid_attributes(attributes = {}) { username: "usertest", email: generate_unique_email, password: '12345678', password_confirmation: '12345678' }.update(attributes) end - def new_user(attributes={}) + def new_user(attributes = {}) User.new(valid_attributes(attributes)) end - def create_user(attributes={}) + def create_user(attributes = {}) User.create!(valid_attributes(attributes)) end - def create_admin(attributes={}) + def create_admin(attributes = {}) valid_attributes = valid_attributes(attributes) valid_attributes.delete(:username) Admin.create!(valid_attributes) end - def create_user_without_email(attributes={}) + def create_user_without_email(attributes = {}) UserWithoutEmail.create!(valid_attributes(attributes)) end - def create_user_with_validations(attributes={}) + def create_user_with_validations(attributes = {}) UserWithValidations.create!(valid_attributes(attributes)) end diff --git a/test/support/integration.rb b/test/support/integration.rb index 94554cba96..76d297a499 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -7,7 +7,7 @@ def warden request.env['warden'] end - def create_user(options={}) + def create_user(options = {}) @user ||= begin user = User.create!( username: 'usertest', @@ -24,7 +24,7 @@ def create_user(options={}) end end - def create_admin(options={}) + def create_admin(options = {}) @admin ||= begin admin = Admin.create!( email: options[:email] || 'admin@test.com', @@ -36,7 +36,7 @@ def create_admin(options={}) end end - def sign_in_as_user(options={}, &block) + def sign_in_as_user(options = {}, &block) user = create_user(options) visit_with_option options[:visit], new_user_session_path fill_in 'email', with: options[:email] || 'user@test.com' @@ -47,7 +47,7 @@ def sign_in_as_user(options={}, &block) user end - def sign_in_as_admin(options={}, &block) + def sign_in_as_admin(options = {}, &block) admin = create_admin(options) visit_with_option options[:visit], new_admin_session_path fill_in 'email', with: 'admin@test.com' From 4896a9b41aec7fe417714964847ab3c32c769def Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 20 Sep 2020 10:43:42 -0300 Subject: [PATCH 1283/1473] Update bundle --- Gemfile.lock | 124 +++++++++++++++++++++++++-------------------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e6eeaae5db..ff6ea8151b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 + revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 specs: activemodel-serializers-xml (1.0.2) activemodel (>= 5.0.0.a) @@ -29,62 +29,62 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.2) - actionpack (= 6.0.3.2) + actioncable (6.0.3.3) + actionpack (= 6.0.3.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.2) - actionpack (= 6.0.3.2) - activejob (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) + actionmailbox (6.0.3.3) + actionpack (= 6.0.3.3) + activejob (= 6.0.3.3) + activerecord (= 6.0.3.3) + activestorage (= 6.0.3.3) + activesupport (= 6.0.3.3) mail (>= 2.7.1) - actionmailer (6.0.3.2) - actionpack (= 6.0.3.2) - actionview (= 6.0.3.2) - activejob (= 6.0.3.2) + actionmailer (6.0.3.3) + actionpack (= 6.0.3.3) + actionview (= 6.0.3.3) + activejob (= 6.0.3.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.2) - actionview (= 6.0.3.2) - activesupport (= 6.0.3.2) + actionpack (6.0.3.3) + actionview (= 6.0.3.3) + activesupport (= 6.0.3.3) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.2) - actionpack (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) + actiontext (6.0.3.3) + actionpack (= 6.0.3.3) + activerecord (= 6.0.3.3) + activestorage (= 6.0.3.3) + activesupport (= 6.0.3.3) nokogiri (>= 1.8.5) - actionview (6.0.3.2) - activesupport (= 6.0.3.2) + actionview (6.0.3.3) + activesupport (= 6.0.3.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.2) - activesupport (= 6.0.3.2) + activejob (6.0.3.3) + activesupport (= 6.0.3.3) globalid (>= 0.3.6) - activemodel (6.0.3.2) - activesupport (= 6.0.3.2) - activerecord (6.0.3.2) - activemodel (= 6.0.3.2) - activesupport (= 6.0.3.2) - activestorage (6.0.3.2) - actionpack (= 6.0.3.2) - activejob (= 6.0.3.2) - activerecord (= 6.0.3.2) + activemodel (6.0.3.3) + activesupport (= 6.0.3.3) + activerecord (6.0.3.3) + activemodel (= 6.0.3.3) + activesupport (= 6.0.3.3) + activestorage (6.0.3.3) + actionpack (= 6.0.3.3) + activejob (= 6.0.3.3) + activerecord (= 6.0.3.3) marcel (~> 0.3.1) - activesupport (6.0.3.2) + activesupport (6.0.3.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - bcrypt (3.1.15) + bcrypt (3.1.16) builder (3.2.4) concurrent-ruby (1.1.7) crass (1.0.6) @@ -96,8 +96,8 @@ GEM hashie (4.1.0) i18n (1.8.5) concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.6.0) + jwt (2.2.2) + loofah (2.7.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -108,12 +108,12 @@ GEM mimemagic (0.3.5) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.14.1) + minitest (5.14.2) mocha (1.11.2) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.2) + nio4r (2.5.4) nokogiri (1.10.10) mini_portile2 (~> 2.4.0) oauth2 (1.4.4) @@ -125,10 +125,10 @@ GEM omniauth (1.9.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) + omniauth-facebook (7.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) + omniauth-oauth2 (1.7.0) + oauth2 (~> 1.4) omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) @@ -140,29 +140,29 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.2) - actioncable (= 6.0.3.2) - actionmailbox (= 6.0.3.2) - actionmailer (= 6.0.3.2) - actionpack (= 6.0.3.2) - actiontext (= 6.0.3.2) - actionview (= 6.0.3.2) - activejob (= 6.0.3.2) - activemodel (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) + rails (6.0.3.3) + actioncable (= 6.0.3.3) + actionmailbox (= 6.0.3.3) + actionmailer (= 6.0.3.3) + actionpack (= 6.0.3.3) + actiontext (= 6.0.3.3) + actionview (= 6.0.3.3) + activejob (= 6.0.3.3) + activemodel (= 6.0.3.3) + activerecord (= 6.0.3.3) + activestorage (= 6.0.3.3) + activesupport (= 6.0.3.3) bundler (>= 1.3.0) - railties (= 6.0.3.2) + railties (= 6.0.3.3) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.2) - actionpack (= 6.0.3.2) - activesupport (= 6.0.3.2) + railties (6.0.3.3) + actionpack (= 6.0.3.3) + activesupport (= 6.0.3.3) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -175,7 +175,7 @@ GEM sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.1) + sprockets-rails (3.2.2) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -185,8 +185,8 @@ GEM timecop (0.9.1) tzinfo (1.2.7) thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) + warden (1.2.9) + rack (>= 2.0.9) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) From f12be553cca66e5ed4f83fd387ffc189e06d5311 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 20 Sep 2020 10:45:10 -0300 Subject: [PATCH 1284/1473] Update changelog [ci skip] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca168f757e..b50e727abc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ * bug fixes * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) + * Fix thor deprecation when running the devise generator. (by @deivid-rodriguez) + * Fix hanging tests for streaming controllers using Devise. (by @afn) * deprecations * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) From 45b831c4ea5a35914037bd27fe88b76d7b3683a4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 20 Sep 2020 21:24:01 -0300 Subject: [PATCH 1285/1473] Release 4.7.3 --- CHANGELOG.md | 10 ++++++---- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 2 +- gemfiles/Gemfile.rails-5.1-stable.lock | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 2 +- lib/devise/version.rb | 2 +- 9 files changed, 14 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b50e727abc..3db58cac76 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,13 +1,15 @@ -### master +### unreleased + +* deprecations + * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) + +### 4.7.3 - 2020-09-20 * bug fixes * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) * Fix thor deprecation when running the devise generator. (by @deivid-rodriguez) * Fix hanging tests for streaming controllers using Devise. (by @afn) -* deprecations - * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) - ### 4.7.2 - 2020-06-10 * enhancements diff --git a/Gemfile.lock b/Gemfile.lock index ff6ea8151b..6696760e4d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,7 +19,7 @@ GIT PATH remote: . specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 94e8578723..9750efb822 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 310a258343..76ee65a401 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 15c345abd5..7db3a5d2b3 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index 12da7a0c48..83d2f55175 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 96064b38b1..7e381f7ad0 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 4d0b41e8d6..6a982d5a69 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -19,7 +19,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index ec5924648d..d30cd67dca 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.7.2".freeze + VERSION = "4.7.3".freeze end From b88af5d65e83d594ee287d395beccd70683b6339 Mon Sep 17 00:00:00 2001 From: Jan Zaydowicz Date: Mon, 2 Nov 2020 18:02:36 +0100 Subject: [PATCH 1286/1473] chore: add expiry note for old rack/rails session bug fix Seven year ago rails `session.keys` could be empty if the session was not loaded yet. To prevent an error the removed code was introduced https://github.com/heartcombo/devise/issues/2660 Since then rails changed the behaviour and makes sure that the session is loaded before someone wants to access any session keys https://github.com/rails/rails/commit/3498aacbbebb41e529b6755f4ccfdfbb84c28830 Which means the `session.empty?` is not needed anymore once Rails 5.2+ and upwards only supported. --- lib/devise/controllers/sign_in_out.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 526b41ea4b..6d72a21dca 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -106,10 +106,12 @@ def sign_out_all_scopes(lock = true) private def expire_data_after_sign_in! + # TODO: remove once Rails 5.2+ and forward are only supported. # session.keys will return an empty array if the session is not yet loaded. # This is a bug in both Rack and Rails. # A call to #empty? forces the session to be loaded. session.empty? + session.keys.grep(/^devise\./).each { |k| session.delete(k) } end From fd03f9e353b699c9a4d14cc13d580d103552145e Mon Sep 17 00:00:00 2001 From: Bibek Sharma Chapagain Date: Sat, 21 Nov 2020 20:23:25 +1100 Subject: [PATCH 1287/1473] Added missing full stop "." on registrations.updated_but_not_signed_in. --- config/locales/en.yml | 2 +- test/integration/registerable_test.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index ab1f07060d..260e1c4ba6 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -44,7 +44,7 @@ en: signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address." updated: "Your account has been updated successfully." - updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again" + updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again." sessions: signed_in: "Signed in successfully." signed_out: "Signed out successfully." diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 7cf5fa7cf0..fa2610edf8 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -189,7 +189,7 @@ def user_sign_up fill_in 'current password', with: '12345678' click_button 'Update' - assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again' + assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again.' assert_equal new_user_session_path, @request.path refute warden.authenticated?(:user) end From 98fc5e8e396b66b826528811287ea6680a6d0757 Mon Sep 17 00:00:00 2001 From: Ryunosuke Sato Date: Tue, 5 Jan 2021 08:17:58 +0900 Subject: [PATCH 1288/1473] Test on rails 6.1 (#5323) * Make test for validation to be Rails 6.1 compatible The `ActiveModel::Errors` has been changed in Rails 6.1. https://github.com/rails/rails/pull/32313 * Add gemfile for Rails 6.1 * Add CI matrix for Rails 6.1 --- .travis.yml | 11 ++ gemfiles/Gemfile.rails-6.1-stable | 26 +++ gemfiles/Gemfile.rails-6.1-stable.lock | 224 +++++++++++++++++++++++++ test/models/authenticatable_test.rb | 4 +- 4 files changed, 263 insertions(+), 2 deletions(-) create mode 100644 gemfiles/Gemfile.rails-6.1-stable create mode 100644 gemfiles/Gemfile.rails-6.1-stable.lock diff --git a/.travis.yml b/.travis.yml index 3d1b6451e6..b3dcf1d756 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,7 @@ rvm: gemfile: - Gemfile + - gemfiles/Gemfile.rails-6.1-stable - gemfiles/Gemfile.rails-6.0-stable - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.1-stable @@ -23,6 +24,8 @@ matrix: exclude: - rvm: 2.1.10 gemfile: Gemfile + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.1.10 @@ -33,16 +36,22 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.0-stable - rvm: 2.2.10 gemfile: Gemfile + - rvm: 2.2.10 + gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 gemfile: Gemfile + - rvm: 2.3.8 + gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.3.8 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 gemfile: Gemfile + - rvm: 2.4.10 + gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 @@ -79,6 +88,8 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-6.0-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-6.1-stable allow_failures: - rvm: ruby-head diff --git a/gemfiles/Gemfile.rails-6.1-stable b/gemfiles/Gemfile.rails-6.1-stable new file mode 100644 index 0000000000..00330580d0 --- /dev/null +++ b/gemfiles/Gemfile.rails-6.1-stable @@ -0,0 +1,26 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '~> 6.1.0' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.0" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.4" +end diff --git a/gemfiles/Gemfile.rails-6.1-stable.lock b/gemfiles/Gemfile.rails-6.1-stable.lock new file mode 100644 index 0000000000..f9131e1f46 --- /dev/null +++ b/gemfiles/Gemfile.rails-6.1-stable.lock @@ -0,0 +1,224 @@ +GIT + remote: git://github.com/rails/activemodel-serializers-xml.git + revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 + specs: + activemodel-serializers-xml (1.0.2) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) + builder (~> 3.1) + +GIT + remote: git://github.com/rails/rails-controller-testing.git + revision: 4b15c86e82ee380f2a7cc009e470368f7520560a + specs: + rails-controller-testing (1.0.5) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + +PATH + remote: .. + specs: + devise (4.7.3) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + actioncable (6.1.0) + actionpack (= 6.1.0) + activesupport (= 6.1.0) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailbox (6.1.0) + actionpack (= 6.1.0) + activejob (= 6.1.0) + activerecord (= 6.1.0) + activestorage (= 6.1.0) + activesupport (= 6.1.0) + mail (>= 2.7.1) + actionmailer (6.1.0) + actionpack (= 6.1.0) + actionview (= 6.1.0) + activejob (= 6.1.0) + activesupport (= 6.1.0) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (6.1.0) + actionview (= 6.1.0) + activesupport (= 6.1.0) + rack (~> 2.0, >= 2.0.9) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.1.0) + actionpack (= 6.1.0) + activerecord (= 6.1.0) + activestorage (= 6.1.0) + activesupport (= 6.1.0) + nokogiri (>= 1.8.5) + actionview (6.1.0) + activesupport (= 6.1.0) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.1.0) + activesupport (= 6.1.0) + globalid (>= 0.3.6) + activemodel (6.1.0) + activesupport (= 6.1.0) + activerecord (6.1.0) + activemodel (= 6.1.0) + activesupport (= 6.1.0) + activestorage (6.1.0) + actionpack (= 6.1.0) + activejob (= 6.1.0) + activerecord (= 6.1.0) + activesupport (= 6.1.0) + marcel (~> 0.3.1) + mimemagic (~> 0.3.2) + activesupport (6.1.0) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + bcrypt (3.1.16) + builder (3.2.4) + concurrent-ruby (1.1.7) + crass (1.0.6) + erubi (1.10.0) + faraday (1.2.0) + multipart-post (>= 1.2, < 3) + ruby2_keywords + globalid (0.4.2) + activesupport (>= 4.2.0) + hashie (4.1.0) + i18n (1.8.5) + concurrent-ruby (~> 1.0) + jwt (2.2.2) + loofah (2.8.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (0.3.3) + mimemagic (~> 0.3.2) + method_source (1.0.0) + mimemagic (0.3.5) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.2) + mocha (1.12.0) + multi_json (1.15.0) + multi_xml (0.6.0) + multipart-post (2.1.1) + nio4r (2.5.4) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.9.1) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + omniauth-facebook (8.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.7.0) + oauth2 (~> 1.4) + omniauth (~> 1.9) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack (2.2.3) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (6.1.0) + actioncable (= 6.1.0) + actionmailbox (= 6.1.0) + actionmailer (= 6.1.0) + actionpack (= 6.1.0) + actiontext (= 6.1.0) + actionview (= 6.1.0) + activejob (= 6.1.0) + activemodel (= 6.1.0) + activerecord (= 6.1.0) + activestorage (= 6.1.0) + activesupport (= 6.1.0) + bundler (>= 1.15.0) + railties (= 6.1.0) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (6.1.0) + actionpack (= 6.1.0) + activesupport (= 6.1.0) + method_source + rake (>= 0.8.7) + thor (~> 1.0) + rake (13.0.3) + rdoc (6.3.0) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) + ruby-openid (2.9.2) + ruby2_keywords (0.0.2) + sprockets (4.0.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.2) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.4.2) + thor (1.0.1) + timecop (0.9.2) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) + warden (1.2.9) + rack (>= 2.0.9) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + websocket-driver (0.7.3) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + zeitwerk (2.4.2) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + devise! + mocha (~> 1.1) + omniauth + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails (~> 6.1.0) + rails-controller-testing! + rdoc + responders (~> 3.0) + sqlite3 (~> 1.4) + timecop + webrat (= 0.7.3) + +BUNDLED WITH + 1.17.3 diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 576ceaffec..a3ddc52f57 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -30,12 +30,12 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'find_or_initialize_with_errors adds blank error' do user_with_error = User.find_or_initialize_with_errors([:email], { email: "" }) - assert_equal [:email, "can't be blank"], user_with_error.errors.first + assert_equal ["Email can't be blank"], user_with_error.errors.full_messages_for(:email) end test 'find_or_initialize_with_errors adds invalid error' do user_with_error = User.find_or_initialize_with_errors([:email], { email: "example@example.com" }) - assert_equal [:email, "is invalid"], user_with_error.errors.first + assert_equal ["Email is invalid"], user_with_error.errors.full_messages_for(:email) end if defined?(ActionController::Parameters) From 8bb358cf80a632d3232c3f548ce7b95fd94b6eb2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Jan 2021 09:21:14 -0300 Subject: [PATCH 1289/1473] Improve OmniAuth version check to allow anything from 1.0 forward This should enable people to try OmniAuth 2 currently in pre-release. --- lib/devise/omniauth.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/omniauth.rb b/lib/devise/omniauth.rb index 63ea6ca519..5076eb2e33 100644 --- a/lib/devise/omniauth.rb +++ b/lib/devise/omniauth.rb @@ -8,8 +8,8 @@ raise end -unless OmniAuth::VERSION =~ /^1\./ - raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed." +if Gem::Version.new(OmniAuth::VERSION) < Gem::Version.new('1.0.0') + raise "You are using an old OmniAuth version, please ensure you have 1.0.0 version or later installed." end # Clean up the default path_prefix. It will be automatically set by Devise. From f4462cd85e23e1a8fad933f26caaad1180cfb178 Mon Sep 17 00:00:00 2001 From: Alex Ghiculescu Date: Mon, 18 Jan 2021 16:51:23 -0600 Subject: [PATCH 1290/1473] Fix Rails default log level This changed in https://github.com/rails/rails/commit/229fd2a02fc694b4b7756445b6647777aa94e25d - the advice about changing your log level still stands though. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d1633776c9..531111590d 100644 --- a/README.md +++ b/README.md @@ -685,7 +685,7 @@ If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/mas 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. -Rails sets the production logger level to DEBUG by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`: +Rails sets the production logger level to INFO by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`: ```ruby config.log_level = :warn From fb17e2755f5f17041dddb059cd61a891646c3a68 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 16 Jan 2021 16:57:45 -0300 Subject: [PATCH 1291/1473] Move Rails 6.1 to the main Gemfile instead of an extra one We have the gemfiles/* to test other versions of Rails, but keep the most recent one in the main Gemfile. --- .travis.yml | 11 -- Gemfile | 2 +- Gemfile.lock | 163 +++++++++--------- gemfiles/Gemfile.rails-6.1-stable | 26 --- gemfiles/Gemfile.rails-6.1-stable.lock | 224 ------------------------- 5 files changed, 87 insertions(+), 339 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-6.1-stable delete mode 100644 gemfiles/Gemfile.rails-6.1-stable.lock diff --git a/.travis.yml b/.travis.yml index b3dcf1d756..3d1b6451e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,7 +12,6 @@ rvm: gemfile: - Gemfile - - gemfiles/Gemfile.rails-6.1-stable - gemfiles/Gemfile.rails-6.0-stable - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.1-stable @@ -24,8 +23,6 @@ matrix: exclude: - rvm: 2.1.10 gemfile: Gemfile - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.1.10 @@ -36,22 +33,16 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.0-stable - rvm: 2.2.10 gemfile: Gemfile - - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 gemfile: Gemfile - - rvm: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.3.8 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 gemfile: Gemfile - - rvm: 2.4.10 - gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 @@ -88,8 +79,6 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-6.0-stable - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.1-stable allow_failures: - rvm: ruby-head diff --git a/Gemfile b/Gemfile index 37dc67d9c2..f91123340b 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 6.0.0" +gem "rails", "~> 6.1.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 6696760e4d..7d8c5f94a7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -29,75 +29,82 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.3) - actionpack (= 6.0.3.3) + actioncable (6.1.1) + actionpack (= 6.1.1) + activesupport (= 6.1.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.3) - actionpack (= 6.0.3.3) - activejob (= 6.0.3.3) - activerecord (= 6.0.3.3) - activestorage (= 6.0.3.3) - activesupport (= 6.0.3.3) + actionmailbox (6.1.1) + actionpack (= 6.1.1) + activejob (= 6.1.1) + activerecord (= 6.1.1) + activestorage (= 6.1.1) + activesupport (= 6.1.1) mail (>= 2.7.1) - actionmailer (6.0.3.3) - actionpack (= 6.0.3.3) - actionview (= 6.0.3.3) - activejob (= 6.0.3.3) + actionmailer (6.1.1) + actionpack (= 6.1.1) + actionview (= 6.1.1) + activejob (= 6.1.1) + activesupport (= 6.1.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.3) - actionview (= 6.0.3.3) - activesupport (= 6.0.3.3) - rack (~> 2.0, >= 2.0.8) + actionpack (6.1.1) + actionview (= 6.1.1) + activesupport (= 6.1.1) + rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.3) - actionpack (= 6.0.3.3) - activerecord (= 6.0.3.3) - activestorage (= 6.0.3.3) - activesupport (= 6.0.3.3) + actiontext (6.1.1) + actionpack (= 6.1.1) + activerecord (= 6.1.1) + activestorage (= 6.1.1) + activesupport (= 6.1.1) nokogiri (>= 1.8.5) - actionview (6.0.3.3) - activesupport (= 6.0.3.3) + actionview (6.1.1) + activesupport (= 6.1.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.3) - activesupport (= 6.0.3.3) + activejob (6.1.1) + activesupport (= 6.1.1) globalid (>= 0.3.6) - activemodel (6.0.3.3) - activesupport (= 6.0.3.3) - activerecord (6.0.3.3) - activemodel (= 6.0.3.3) - activesupport (= 6.0.3.3) - activestorage (6.0.3.3) - actionpack (= 6.0.3.3) - activejob (= 6.0.3.3) - activerecord (= 6.0.3.3) + activemodel (6.1.1) + activesupport (= 6.1.1) + activerecord (6.1.1) + activemodel (= 6.1.1) + activesupport (= 6.1.1) + activestorage (6.1.1) + actionpack (= 6.1.1) + activejob (= 6.1.1) + activerecord (= 6.1.1) + activesupport (= 6.1.1) marcel (~> 0.3.1) - activesupport (6.0.3.3) + mimemagic (~> 0.3.2) + activesupport (6.1.1) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) bcrypt (3.1.16) builder (3.2.4) concurrent-ruby (1.1.7) crass (1.0.6) - erubi (1.9.0) - faraday (1.0.1) + erubi (1.10.0) + faraday (1.3.0) + faraday-net_http (~> 1.0) multipart-post (>= 1.2, < 3) + ruby2_keywords + faraday-net_http (1.0.1) globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.5) + i18n (1.8.7) concurrent-ruby (~> 1.0) jwt (2.2.2) - loofah (2.7.0) + loofah (2.9.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -107,15 +114,16 @@ GEM method_source (1.0.0) mimemagic (0.3.5) mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.2) - mocha (1.11.2) + mini_portile2 (2.5.0) + minitest (5.14.3) + mocha (1.12.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.4) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) + nokogiri (1.11.1) + mini_portile2 (~> 2.5.0) + racc (~> 1.4) oauth2 (1.4.4) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) @@ -125,53 +133,55 @@ GEM omniauth (1.9.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (7.0.0) + omniauth-facebook (8.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.0) + omniauth-oauth2 (1.7.1) oauth2 (~> 1.4) - omniauth (~> 1.9) + omniauth (>= 1.9, < 3) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) + racc (1.5.2) rack (2.2.3) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.3) - actioncable (= 6.0.3.3) - actionmailbox (= 6.0.3.3) - actionmailer (= 6.0.3.3) - actionpack (= 6.0.3.3) - actiontext (= 6.0.3.3) - actionview (= 6.0.3.3) - activejob (= 6.0.3.3) - activemodel (= 6.0.3.3) - activerecord (= 6.0.3.3) - activestorage (= 6.0.3.3) - activesupport (= 6.0.3.3) - bundler (>= 1.3.0) - railties (= 6.0.3.3) + rails (6.1.1) + actioncable (= 6.1.1) + actionmailbox (= 6.1.1) + actionmailer (= 6.1.1) + actionpack (= 6.1.1) + actiontext (= 6.1.1) + actionview (= 6.1.1) + activejob (= 6.1.1) + activemodel (= 6.1.1) + activerecord (= 6.1.1) + activestorage (= 6.1.1) + activesupport (= 6.1.1) + bundler (>= 1.15.0) + railties (= 6.1.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.3) - actionpack (= 6.0.3.3) - activesupport (= 6.0.3.3) + railties (6.1.1) + actionpack (= 6.1.1) + activesupport (= 6.1.1) method_source rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) - rake (13.0.1) - rdoc (6.2.1) + thor (~> 1.0) + rake (13.0.3) + rdoc (6.3.0) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) + ruby2_keywords (0.0.2) sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -181,10 +191,9 @@ GEM sprockets (>= 3.0.0) sqlite3 (1.4.2) thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) + timecop (0.9.2) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) @@ -194,7 +203,7 @@ GEM websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.4.0) + zeitwerk (2.4.2) PLATFORMS ruby @@ -207,7 +216,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 6.0.0) + rails (~> 6.1.0) rails-controller-testing! rdoc responders (~> 3.0) diff --git a/gemfiles/Gemfile.rails-6.1-stable b/gemfiles/Gemfile.rails-6.1-stable deleted file mode 100644 index 00330580d0..0000000000 --- a/gemfiles/Gemfile.rails-6.1-stable +++ /dev/null @@ -1,26 +0,0 @@ -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", '~> 6.1.0' -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc" - -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - -gem "rails-controller-testing", github: "rails/rails-controller-testing" - -gem "responders", "~> 3.0" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false -end - -platforms :ruby do - gem "sqlite3", "~> 1.4" -end diff --git a/gemfiles/Gemfile.rails-6.1-stable.lock b/gemfiles/Gemfile.rails-6.1-stable.lock deleted file mode 100644 index f9131e1f46..0000000000 --- a/gemfiles/Gemfile.rails-6.1-stable.lock +++ /dev/null @@ -1,224 +0,0 @@ -GIT - remote: git://github.com/rails/activemodel-serializers-xml.git - revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -GIT - remote: git://github.com/rails/rails-controller-testing.git - revision: 4b15c86e82ee380f2a7cc009e470368f7520560a - specs: - rails-controller-testing (1.0.5) - actionpack (>= 5.0.1.rc1) - actionview (>= 5.0.1.rc1) - activesupport (>= 5.0.1.rc1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (6.1.0) - actionpack (= 6.1.0) - activesupport (= 6.1.0) - nio4r (~> 2.0) - websocket-driver (>= 0.6.1) - actionmailbox (6.1.0) - actionpack (= 6.1.0) - activejob (= 6.1.0) - activerecord (= 6.1.0) - activestorage (= 6.1.0) - activesupport (= 6.1.0) - mail (>= 2.7.1) - actionmailer (6.1.0) - actionpack (= 6.1.0) - actionview (= 6.1.0) - activejob (= 6.1.0) - activesupport (= 6.1.0) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.1.0) - actionview (= 6.1.0) - activesupport (= 6.1.0) - rack (~> 2.0, >= 2.0.9) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.0) - actionpack (= 6.1.0) - activerecord (= 6.1.0) - activestorage (= 6.1.0) - activesupport (= 6.1.0) - nokogiri (>= 1.8.5) - actionview (6.1.0) - activesupport (= 6.1.0) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.0) - activesupport (= 6.1.0) - globalid (>= 0.3.6) - activemodel (6.1.0) - activesupport (= 6.1.0) - activerecord (6.1.0) - activemodel (= 6.1.0) - activesupport (= 6.1.0) - activestorage (6.1.0) - actionpack (= 6.1.0) - activejob (= 6.1.0) - activerecord (= 6.1.0) - activesupport (= 6.1.0) - marcel (~> 0.3.1) - mimemagic (~> 0.3.2) - activesupport (6.1.0) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 1.6, < 2) - minitest (>= 5.1) - tzinfo (~> 2.0) - zeitwerk (~> 2.3) - bcrypt (3.1.16) - builder (3.2.4) - concurrent-ruby (1.1.7) - crass (1.0.6) - erubi (1.10.0) - faraday (1.2.0) - multipart-post (>= 1.2, < 3) - ruby2_keywords - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.5) - concurrent-ruby (~> 1.0) - jwt (2.2.2) - loofah (2.8.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) - method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.2) - mocha (1.12.0) - multi_json (1.15.0) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.4) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (8.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.0) - oauth2 (~> 1.4) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.3) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (6.1.0) - actioncable (= 6.1.0) - actionmailbox (= 6.1.0) - actionmailer (= 6.1.0) - actionpack (= 6.1.0) - actiontext (= 6.1.0) - actionview (= 6.1.0) - activejob (= 6.1.0) - activemodel (= 6.1.0) - activerecord (= 6.1.0) - activestorage (= 6.1.0) - activesupport (= 6.1.0) - bundler (>= 1.15.0) - railties (= 6.1.0) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (6.1.0) - actionpack (= 6.1.0) - activesupport (= 6.1.0) - method_source - rake (>= 0.8.7) - thor (~> 1.0) - rake (13.0.3) - rdoc (6.3.0) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) - ruby-openid (2.9.2) - ruby2_keywords (0.0.2) - sprockets (4.0.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.4.2) - thor (1.0.1) - timecop (0.9.2) - tzinfo (2.0.4) - concurrent-ruby (~> 1.0) - warden (1.2.9) - rack (>= 2.0.9) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.7.3) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - zeitwerk (2.4.2) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 6.1.0) - rails-controller-testing! - rdoc - responders (~> 3.0) - sqlite3 (~> 1.4) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 From 837baaf2e1d951c3b26ad233f8ada09cf6ab5441 Mon Sep 17 00:00:00 2001 From: Jordan Owens Date: Tue, 19 Jan 2021 13:19:55 -0500 Subject: [PATCH 1292/1473] Update omniauthable tests for OmniAuth 2.0 (#5331) --- Gemfile | 2 +- Gemfile.lock | 35 +++++++++++++------- app/views/devise/shared/_links.html.erb | 2 +- test/integration/omniauthable_test.rb | 44 +++++++++++++++---------- 4 files changed, 52 insertions(+), 31 deletions(-) diff --git a/Gemfile b/Gemfile index 37dc67d9c2..3f122750c4 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,7 @@ gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" - gem "omniauth-openid" + gem "omniauth-openid", git: 'https://github.com/jkowens/omniauth-openid', branch: 'patch-1' gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false diff --git a/Gemfile.lock b/Gemfile.lock index 6696760e4d..13b7ccf02d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,5 @@ GIT - remote: https://github.com/rails/activemodel-serializers-xml.git + remote: git://github.com/rails/activemodel-serializers-xml.git revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 specs: activemodel-serializers-xml (1.0.2) @@ -8,7 +8,7 @@ GIT builder (~> 3.1) GIT - remote: https://github.com/rails/rails-controller-testing.git + remote: git://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: rails-controller-testing (1.0.5) @@ -16,6 +16,15 @@ GIT actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) +GIT + remote: https://github.com/jkowens/omniauth-openid + revision: c70d35f266a814340b01f6f5649bb664a78743f4 + branch: patch-1 + specs: + omniauth-openid (2.0.0) + omniauth (>= 1.0, < 3.0) + rack-openid (~> 1.4.0) + PATH remote: . specs: @@ -89,8 +98,11 @@ GEM concurrent-ruby (1.1.7) crass (1.0.6) erubi (1.9.0) - faraday (1.0.1) + faraday (1.3.0) + faraday-net_http (~> 1.0) multipart-post (>= 1.2, < 3) + ruby2_keywords + faraday-net_http (1.0.1) globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) @@ -122,22 +134,22 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.9.1) + omniauth (2.0.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) + rack-protection omniauth-facebook (7.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.0) + omniauth-oauth2 (1.7.1) oauth2 (~> 1.4) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) + omniauth (>= 1.9, < 3) orm_adapter (0.5.0) rack (2.2.3) - rack-openid (1.3.1) + rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) + rack-protection (2.1.0) + rack rack-test (1.1.0) rack (>= 1.0, < 3) rails (6.0.3.3) @@ -172,6 +184,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) + ruby2_keywords (0.0.2) sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -206,7 +219,7 @@ DEPENDENCIES omniauth omniauth-facebook omniauth-oauth2 - omniauth-openid + omniauth-openid! rails (~> 6.0.0) rails-controller-testing! rdoc diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index 084af701c6..96a9412417 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -20,6 +20,6 @@ <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> - <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %>
+ <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), method: :post %>
<% end %> <% end %> diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 6c989f0c1a..1b14911dab 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -23,6 +23,9 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest "extra" => {"user_hash" => FACEBOOK_INFO} } OmniAuth.config.add_camelization 'facebook', 'FaceBook' + if OmniAuth.config.respond_to?(:request_validation_phase) + OmniAuth.config.request_validation_phase = ->(env) {} + end end teardown do @@ -45,8 +48,8 @@ def stub_action!(name) test "omniauth sign in should not run model validations" do stub_action!(:sign_in_facebook) do create_user - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! assert warden.authenticated?(:user) refute User.validations_performed @@ -54,8 +57,8 @@ def stub_action!(name) end test "can access omniauth.auth in the env hash" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! json = ActiveSupport::JSON.decode(response.body) @@ -68,8 +71,8 @@ def stub_action!(name) test "cleans up session on sign up" do assert_no_difference "User.count" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! end assert session["devise.facebook_data"] @@ -89,8 +92,8 @@ def stub_action!(name) test "cleans up session on cancel" do assert_no_difference "User.count" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! end assert session["devise.facebook_data"] @@ -100,8 +103,8 @@ def stub_action!(name) test "cleans up session on sign in" do assert_no_difference "User.count" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! end assert session["devise.facebook_data"] @@ -110,23 +113,28 @@ def stub_action!(name) end test "sign in and send remember token if configured" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! assert_nil warden.cookies["remember_user_token"] stub_action!(:sign_in_facebook) do create_user - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! assert warden.authenticated?(:user) assert warden.cookies["remember_user_token"] end end + test "generates a link to authenticate with provider" do + visit "/users/sign_in" + assert_select "a[href=?][data-method='post']", "/users/auth/facebook", text: "Sign in with FaceBook" + end + test "generates a proper link when SCRIPT_NAME is set" do header 'SCRIPT_NAME', '/q' visit "/users/sign_in" - assert_select "a", href: "/q/users/auth/facebook" + assert_select "a[href=?][data-method='post']", "/q/users/auth/facebook", text: "Sign in with FaceBook" end test "handles callback error parameter according to the specification" do @@ -139,10 +147,10 @@ def stub_action!(name) test "handles other exceptions from OmniAuth" do OmniAuth.config.mock_auth[:facebook] = :invalid_credentials - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! + follow_redirect! - assert_current_url "/users/sign_in" assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".' end end From cd60c747cc5016b84628355e48dd357847824574 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 19 Jan 2021 15:21:25 -0300 Subject: [PATCH 1293/1473] Update to latest released omniauth* gems omniauth-openid v2.0.1 was just released opening support for omniauth v2, so we can bundle update everything from the released gems now. --- Gemfile | 2 +- Gemfile.lock | 22 ++++++++-------------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/Gemfile b/Gemfile index 3f122750c4..37dc67d9c2 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,7 @@ gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" - gem "omniauth-openid", git: 'https://github.com/jkowens/omniauth-openid', branch: 'patch-1' + gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false diff --git a/Gemfile.lock b/Gemfile.lock index 13b7ccf02d..c265903f0e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 specs: activemodel-serializers-xml (1.0.2) @@ -8,7 +8,7 @@ GIT builder (~> 3.1) GIT - remote: git://github.com/rails/rails-controller-testing.git + remote: https://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: rails-controller-testing (1.0.5) @@ -16,15 +16,6 @@ GIT actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) -GIT - remote: https://github.com/jkowens/omniauth-openid - revision: c70d35f266a814340b01f6f5649bb664a78743f4 - branch: patch-1 - specs: - omniauth-openid (2.0.0) - omniauth (>= 1.0, < 3.0) - rack-openid (~> 1.4.0) - PATH remote: . specs: @@ -138,11 +129,14 @@ GEM hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection - omniauth-facebook (7.0.0) + omniauth-facebook (8.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.7.1) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) + omniauth-openid (2.0.1) + omniauth (>= 1.0, < 3.0) + rack-openid (~> 1.4.0) orm_adapter (0.5.0) rack (2.2.3) rack-openid (1.4.2) @@ -184,7 +178,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) - ruby2_keywords (0.0.2) + ruby2_keywords (0.0.4) sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -219,7 +213,7 @@ DEPENDENCIES omniauth omniauth-facebook omniauth-oauth2 - omniauth-openid! + omniauth-openid rails (~> 6.0.0) rails-controller-testing! rdoc From 1d138dd40cdc291a427b89027d16a869818a5c19 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Jan 2021 09:16:58 -0300 Subject: [PATCH 1294/1473] Simplify OmniAuth version check by trying to load the gem with the necessary version --- lib/devise/omniauth.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/devise/omniauth.rb b/lib/devise/omniauth.rb index 5076eb2e33..f18df3053c 100644 --- a/lib/devise/omniauth.rb +++ b/lib/devise/omniauth.rb @@ -1,17 +1,14 @@ # frozen_string_literal: true begin + gem "omniauth", ">= 1.0.0" + require "omniauth" - require "omniauth/version" rescue LoadError warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile." raise end -if Gem::Version.new(OmniAuth::VERSION) < Gem::Version.new('1.0.0') - raise "You are using an old OmniAuth version, please ensure you have 1.0.0 version or later installed." -end - # Clean up the default path_prefix. It will be automatically set by Devise. OmniAuth.config.path_prefix = nil From 51c05a5b212f376180141fff9077075d0340c8ab Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Jan 2021 09:28:05 -0300 Subject: [PATCH 1295/1473] Add changelog entry for OmniAuth 2 support And a note/warning about how it might break apps that don't update their integration accordingly as OmniAuth now expects. --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3db58cac76..4411465893 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### unreleased +* enhancements + * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). + - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) + * deprecations * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) From 81bf3ad8c1e3812448ba4588598493c8e80ecf10 Mon Sep 17 00:00:00 2001 From: AsbahIshaq Date: Sun, 24 Jan 2021 16:51:09 +0500 Subject: [PATCH 1296/1473] changed support to supports (#5334) Co-authored-by: Asbah Ishaq --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 531111590d..3dd93d7752 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,7 @@ You will usually want to write tests for your changes. To run the test suite, g Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`. ### DEVISE_ORM -Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. +Since Devise supports both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`: ``` DEVISE_ORM=mongoid bin/test From 7e6da424e27485bf5d9c09d0d7f89f463cfcf05d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 29 Jan 2021 16:56:28 -0300 Subject: [PATCH 1297/1473] Move from Travis to GitHub Actions --- .github/workflows/test.yml | 98 +++++++++++++++++++++++++++++++++ .travis.yml | 110 ------------------------------------- README.md | 3 +- 3 files changed, 99 insertions(+), 112 deletions(-) create mode 100644 .github/workflows/test.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000000..4b3dcaa246 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,98 @@ +name: Test +on: [push, pull_request] +jobs: + test: + strategy: + fail-fast: false + matrix: + gemfile: + - Gemfile + - gemfiles/Gemfile.rails-6.0-stable + - gemfiles/Gemfile.rails-5.2-stable + - gemfiles/Gemfile.rails-5.1-stable + - gemfiles/Gemfile.rails-5.0-stable + - gemfiles/Gemfile.rails-4.2-stable + - gemfiles/Gemfile.rails-4.1-stable + ruby: + - 2.1.10 + - 2.2.10 + - 2.3.8 + - 2.4.10 + - 2.5.8 + - 2.6.6 + - 2.7.1 + - ruby-head + env: + - DEVISE_ORM=active_record + - DEVISE_ORM=mongoid + exclude: + - ruby: 2.1.10 + gemfile: Gemfile + - ruby: 2.1.10 + gemfile: gemfiles/Gemfile.rails-6.0-stable + - ruby: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.2-stable + - ruby: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.1-stable + - ruby: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.0-stable + - ruby: 2.2.10 + gemfile: Gemfile + - ruby: 2.2.10 + gemfile: gemfiles/Gemfile.rails-6.0-stable + - ruby: 2.2.10 + gemfile: gemfiles/Gemfile.rails-5.2-stable + - ruby: 2.3.8 + gemfile: Gemfile + - ruby: 2.3.8 + gemfile: gemfiles/Gemfile.rails-6.0-stable + - ruby: 2.4.10 + gemfile: Gemfile + - ruby: 2.4.10 + gemfile: gemfiles/Gemfile.rails-6.0-stable + - ruby: 2.4.10 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.5.8 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.6.6 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.6.6 + gemfile: gemfiles/Gemfile.rails-4.2-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.2-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.0-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.1-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.2-stable + - ruby: ruby-head + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: ruby-head + gemfile: gemfiles/Gemfile.rails-4.2-stable + - env: DEVISE_ORM=mongoid + gemfile: Gemfile + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.0-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.1-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.2-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-6.0-stable + runs-on: ubuntu-latest + env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ matrix.gemfile }} + steps: + - uses: actions/checkout@v2 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true # runs bundle install and caches installed gems automatically + - uses: supercharge/mongodb-github-action@1.3.0 + if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} + - run: bundle exec rake diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 3d1b6451e6..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,110 +0,0 @@ -language: ruby - -rvm: - - 2.1.10 - - 2.2.10 - - 2.3.8 - - 2.4.10 - - 2.5.8 - - 2.6.6 - - 2.7.1 - - ruby-head - -gemfile: - - Gemfile - - gemfiles/Gemfile.rails-6.0-stable - - gemfiles/Gemfile.rails-5.2-stable - - gemfiles/Gemfile.rails-5.1-stable - - gemfiles/Gemfile.rails-5.0-stable - - gemfiles/Gemfile.rails-4.2-stable - - gemfiles/Gemfile.rails-4.1-stable - -matrix: - exclude: - - rvm: 2.1.10 - gemfile: Gemfile - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.2-stable - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.1-stable - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.0-stable - - rvm: 2.2.10 - gemfile: Gemfile - - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-5.2-stable - - rvm: 2.3.8 - gemfile: Gemfile - - rvm: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.4.10 - gemfile: Gemfile - - rvm: 2.4.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.4.10 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.5.8 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.6.6 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.6.6 - gemfile: gemfiles/Gemfile.rails-4.2-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.2-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.0-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.1-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.2-stable - - rvm: ruby-head - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: ruby-head - gemfile: gemfiles/Gemfile.rails-4.2-stable - - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.0-stable - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.1-stable - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.2-stable - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.0-stable - allow_failures: - - rvm: ruby-head - -services: - - mongodb - -cache: bundler - -env: - matrix: - - DEVISE_ORM=active_record - - DEVISE_ORM=mongoid - -before_install: - - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true - - gem install bundler -v '< 2' - - "rm ${BUNDLE_GEMFILE}.lock" - -before_script: "bundle update" - -script: "bin/test" - -notifications: - email: false - slack: - on_pull_requests: false - on_success: change - on_failure: always - secure: Q3M+kmude3FjisibEeeGe0wSMXgvwLH+vL7Zrx9//q4QtkfnrQ/BBMvY9KXxPEsNF+eys4YopYjTkJ8uRmeboUATW/oQ4Jrv3+u3zkIHK2sFn/Q2cQWpK5w+CbgEnHPjKYnUu34b09njXTgDlr/mqtbPqrKeZ1dLlpKXCB/q4GY= diff --git a/README.md b/README.md index 3dd93d7752..bf87d38fca 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ ![Devise Logo](https://raw.github.com/heartcombo/devise/master/devise.png) -[![Build Status](https://api.travis-ci.org/heartcombo/devise.svg?branch=master)](http://travis-ci.org/heartcombo/devise) [![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise) Devise is a flexible authentication solution for Rails based on Warden. It: @@ -131,7 +130,7 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). -Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: ```bash rbenv shell 2.4.2 # or rvm use 2.4.2 From d0eafe70dc89745d002d81cdf7874439484748b7 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 09:51:19 -0300 Subject: [PATCH 1298/1473] Remove the lock gemfiles from the previous versions Keep only the lock for the main Gemfile to keep Devise consistent with the other heartcombo libs. --- .gitignore | 1 + gemfiles/Gemfile.rails-4.1-stable.lock | 171 ------------------- gemfiles/Gemfile.rails-4.2-stable.lock | 194 ---------------------- gemfiles/Gemfile.rails-5.0-stable.lock | 190 --------------------- gemfiles/Gemfile.rails-5.1-stable.lock | 190 --------------------- gemfiles/Gemfile.rails-5.2-stable.lock | 198 ---------------------- gemfiles/Gemfile.rails-6.0-stable.lock | 219 ------------------------- 7 files changed, 1 insertion(+), 1162 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-4.1-stable.lock delete mode 100644 gemfiles/Gemfile.rails-4.2-stable.lock delete mode 100644 gemfiles/Gemfile.rails-5.0-stable.lock delete mode 100644 gemfiles/Gemfile.rails-5.1-stable.lock delete mode 100644 gemfiles/Gemfile.rails-5.2-stable.lock delete mode 100644 gemfiles/Gemfile.rails-6.0-stable.lock diff --git a/.gitignore b/.gitignore index 0ff7742714..ac2a95781c 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ rdoc/* pkg log test/tmp/* +gemfiles/*.lock diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock deleted file mode 100644 index 9750efb822..0000000000 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ /dev/null @@ -1,171 +0,0 @@ -GIT - remote: https://github.com/rails/rails.git - revision: 0cad778c2605a5204a05a9f1dbd3344e39f248d8 - branch: 4-1-stable - specs: - actionmailer (4.1.16) - actionpack (= 4.1.16) - actionview (= 4.1.16) - mail (~> 2.5, >= 2.5.4) - actionpack (4.1.16) - actionview (= 4.1.16) - activesupport (= 4.1.16) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - actionview (4.1.16) - activesupport (= 4.1.16) - builder (~> 3.1) - erubis (~> 2.7.0) - activemodel (4.1.16) - activesupport (= 4.1.16) - builder (~> 3.1) - activerecord (4.1.16) - activemodel (= 4.1.16) - activesupport (= 4.1.16) - arel (~> 5.0.0) - activesupport (4.1.16) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.1) - tzinfo (~> 1.1) - rails (4.1.16) - actionmailer (= 4.1.16) - actionpack (= 4.1.16) - actionview (= 4.1.16) - activemodel (= 4.1.16) - activerecord (= 4.1.16) - activesupport (= 4.1.16) - bundler (>= 1.3.0, < 2.0) - railties (= 4.1.16) - sprockets-rails (~> 2.0) - railties (4.1.16) - actionpack (= 4.1.16) - activesupport (= 4.1.16) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - arel (5.0.1.20140414130214) - bcrypt (3.1.13) - bson (3.2.7) - builder (3.2.4) - concurrent-ruby (1.1.6) - connection_pool (2.2.3) - erubis (2.7.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - hashie (3.6.0) - i18n (0.9.5) - concurrent-ruby (~> 1.0) - json (1.8.6) - jwt (2.2.1) - mail (2.7.1) - mini_mime (>= 0.1.1) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - mongoid (4.0.2) - activemodel (~> 4.0) - moped (~> 2.0.0) - origin (~> 2.1) - tzinfo (>= 0.3.37) - moped (2.0.7) - bson (~> 3.0) - connection_pool (~> 2.0) - optionable (~> 0.2.0) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nokogiri (1.9.1) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.4.2) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.5.0) - oauth2 (~> 1.1) - omniauth (~> 1.2) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - optionable (0.2.0) - origin (2.3.1) - orm_adapter (0.5.0) - rack (1.5.5) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rake (13.0.1) - rdoc (5.1.0) - responders (1.1.2) - railties (>= 3.2, < 4.2) - ruby-openid (2.9.2) - sprockets (3.7.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (2.3.3) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.13) - test_after_commit (1.2.2) - activerecord (>= 3.2, < 5.0) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 1.1) - mongoid (~> 4.0) - nokogiri (= 1.9.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails! - rdoc (~> 5.1) - sqlite3 (~> 1.3.6) - test_after_commit - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock deleted file mode 100644 index 76ee65a401..0000000000 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ /dev/null @@ -1,194 +0,0 @@ -GIT - remote: https://github.com/rails/rails.git - revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997 - branch: 4-2-stable - specs: - actionmailer (4.2.11.3) - actionpack (= 4.2.11.3) - actionview (= 4.2.11.3) - activejob (= 4.2.11.3) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.11.3) - actionview (= 4.2.11.3) - activesupport (= 4.2.11.3) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.11.3) - activesupport (= 4.2.11.3) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (4.2.11.3) - activesupport (= 4.2.11.3) - globalid (>= 0.3.0) - activemodel (4.2.11.3) - activesupport (= 4.2.11.3) - builder (~> 3.1) - activerecord (4.2.11.3) - activemodel (= 4.2.11.3) - activesupport (= 4.2.11.3) - arel (~> 6.0) - activesupport (4.2.11.3) - i18n (~> 0.7) - minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) - tzinfo (~> 1.1) - rails (4.2.11.3) - actionmailer (= 4.2.11.3) - actionpack (= 4.2.11.3) - actionview (= 4.2.11.3) - activejob (= 4.2.11.3) - activemodel (= 4.2.11.3) - activerecord (= 4.2.11.3) - activesupport (= 4.2.11.3) - bundler (>= 1.3.0, < 2.0) - railties (= 4.2.11.3) - sprockets-rails - railties (4.2.11.3) - actionpack (= 4.2.11.3) - activesupport (= 4.2.11.3) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - arel (6.0.4) - bcrypt (3.1.13) - bson (3.2.7) - builder (3.2.4) - concurrent-ruby (1.1.6) - connection_pool (2.2.3) - crass (1.0.6) - erubis (2.7.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (0.9.5) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.5.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - mongoid (4.0.2) - activemodel (~> 4.0) - moped (~> 2.0.0) - origin (~> 2.1) - tzinfo (>= 0.3.37) - moped (2.0.7) - bson (~> 3.0) - connection_pool (~> 2.0) - optionable (~> 0.2.0) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nokogiri (1.9.1) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - optionable (0.2.0) - origin (2.3.1) - orm_adapter (0.5.0) - rack (1.6.13) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.9) - activesupport (>= 4.2.0, < 5.0) - nokogiri (~> 1.6) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - rake (13.0.1) - rdoc (5.1.0) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - ruby-openid (2.9.2) - sprockets (4.0.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.13) - test_after_commit (1.2.2) - activerecord (>= 3.2, < 5.0) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 1.1) - mongoid (~> 4.0) - nokogiri (= 1.9.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails! - rdoc (~> 5.1) - sqlite3 (~> 1.3.6) - test_after_commit - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock deleted file mode 100644 index 7db3a5d2b3..0000000000 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ /dev/null @@ -1,190 +0,0 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.0.7.2) - actionpack (= 5.0.7.2) - nio4r (>= 1.2, < 3.0) - websocket-driver (~> 0.6.1) - actionmailer (5.0.7.2) - actionpack (= 5.0.7.2) - actionview (= 5.0.7.2) - activejob (= 5.0.7.2) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.0.7.2) - actionview (= 5.0.7.2) - activesupport (= 5.0.7.2) - rack (~> 2.0) - rack-test (~> 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.7.2) - activesupport (= 5.0.7.2) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.0.7.2) - activesupport (= 5.0.7.2) - globalid (>= 0.3.6) - activemodel (5.0.7.2) - activesupport (= 5.0.7.2) - activerecord (5.0.7.2) - activemodel (= 5.0.7.2) - activesupport (= 5.0.7.2) - arel (~> 7.0) - activesupport (5.0.7.2) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (7.1.4) - bcrypt (3.1.13) - builder (3.2.4) - concurrent-ruby (1.1.6) - crass (1.0.6) - erubis (2.7.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.3) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.5.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - method_source (1.0.0) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.2) - nokogiri (1.10.9) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.2) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails (5.0.7.2) - actioncable (= 5.0.7.2) - actionmailer (= 5.0.7.2) - actionpack (= 5.0.7.2) - actionview (= 5.0.7.2) - activejob (= 5.0.7.2) - activemodel (= 5.0.7.2) - activerecord (= 5.0.7.2) - activesupport (= 5.0.7.2) - bundler (>= 1.3.0) - railties (= 5.0.7.2) - sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (5.0.7.2) - actionpack (= 5.0.7.2) - activesupport (= 5.0.7.2) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (13.0.1) - rdoc (6.2.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - ruby-openid (2.9.2) - sprockets (4.0.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.13) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.6.5) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 5.0.0) - rails-controller-testing - rdoc - responders (~> 2.1) - sqlite3 (~> 1.3.6) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock deleted file mode 100644 index 83d2f55175..0000000000 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ /dev/null @@ -1,190 +0,0 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.1.7) - actionpack (= 5.1.7) - nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.1.7) - actionview (= 5.1.7) - activesupport (= 5.1.7) - rack (~> 2.0) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.7) - activesupport (= 5.1.7) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.7) - activesupport (= 5.1.7) - globalid (>= 0.3.6) - activemodel (5.1.7) - activesupport (= 5.1.7) - activerecord (5.1.7) - activemodel (= 5.1.7) - activesupport (= 5.1.7) - arel (~> 8.0) - activesupport (5.1.7) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (8.0.0) - bcrypt (3.1.13) - builder (3.2.4) - concurrent-ruby (1.1.6) - crass (1.0.6) - erubi (1.9.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.3) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.5.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - method_source (1.0.0) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.2) - nokogiri (1.10.9) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.2) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (5.1.7) - actioncable (= 5.1.7) - actionmailer (= 5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) - activemodel (= 5.1.7) - activerecord (= 5.1.7) - activesupport (= 5.1.7) - bundler (>= 1.3.0) - railties (= 5.1.7) - sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (5.1.7) - actionpack (= 5.1.7) - activesupport (= 5.1.7) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (13.0.1) - rdoc (6.2.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - ruby-openid (2.9.2) - sprockets (4.0.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.13) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.6.5) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 5.1.0) - rails-controller-testing - rdoc - responders (~> 2.1) - sqlite3 (~> 1.3.6) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock deleted file mode 100644 index 7e381f7ad0..0000000000 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ /dev/null @@ -1,198 +0,0 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.2.4.3) - actionpack (= 5.2.4.3) - nio4r (~> 2.0) - websocket-driver (>= 0.6.1) - actionmailer (5.2.4.3) - actionpack (= 5.2.4.3) - actionview (= 5.2.4.3) - activejob (= 5.2.4.3) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.2.4.3) - actionview (= 5.2.4.3) - activesupport (= 5.2.4.3) - rack (~> 2.0, >= 2.0.8) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.3) - activesupport (= 5.2.4.3) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.4.3) - activesupport (= 5.2.4.3) - globalid (>= 0.3.6) - activemodel (5.2.4.3) - activesupport (= 5.2.4.3) - activerecord (5.2.4.3) - activemodel (= 5.2.4.3) - activesupport (= 5.2.4.3) - arel (>= 9.0) - activestorage (5.2.4.3) - actionpack (= 5.2.4.3) - activerecord (= 5.2.4.3) - marcel (~> 0.3.1) - activesupport (5.2.4.3) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (9.0.0) - bcrypt (3.1.13) - builder (3.2.4) - concurrent-ruby (1.1.6) - crass (1.0.6) - erubi (1.9.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.3) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.5.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) - method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.2) - nokogiri (1.10.9) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.2) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (5.2.4.3) - actioncable (= 5.2.4.3) - actionmailer (= 5.2.4.3) - actionpack (= 5.2.4.3) - actionview (= 5.2.4.3) - activejob (= 5.2.4.3) - activemodel (= 5.2.4.3) - activerecord (= 5.2.4.3) - activestorage (= 5.2.4.3) - activesupport (= 5.2.4.3) - bundler (>= 1.3.0) - railties (= 5.2.4.3) - sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (5.2.4.3) - actionpack (= 5.2.4.3) - activesupport (= 5.2.4.3) - method_source - rake (>= 0.8.7) - thor (>= 0.19.0, < 2.0) - rake (13.0.1) - rdoc (6.2.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - ruby-openid (2.9.2) - sprockets (4.0.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.13) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.7.2) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 5.2.0) - rails-controller-testing - rdoc - responders (~> 2.1) - sqlite3 (~> 1.3.6) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock deleted file mode 100644 index 6a982d5a69..0000000000 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ /dev/null @@ -1,219 +0,0 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -GIT - remote: https://github.com/rails/rails-controller-testing.git - revision: 4b15c86e82ee380f2a7cc009e470368f7520560a - specs: - rails-controller-testing (1.0.5) - actionpack (>= 5.0.1.rc1) - actionview (>= 5.0.1.rc1) - activesupport (>= 5.0.1.rc1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (6.0.3.2) - actionpack (= 6.0.3.2) - nio4r (~> 2.0) - websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.2) - actionpack (= 6.0.3.2) - activejob (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) - mail (>= 2.7.1) - actionmailer (6.0.3.2) - actionpack (= 6.0.3.2) - actionview (= 6.0.3.2) - activejob (= 6.0.3.2) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.0.3.2) - actionview (= 6.0.3.2) - activesupport (= 6.0.3.2) - rack (~> 2.0, >= 2.0.8) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.2) - actionpack (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) - nokogiri (>= 1.8.5) - actionview (6.0.3.2) - activesupport (= 6.0.3.2) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.2) - activesupport (= 6.0.3.2) - globalid (>= 0.3.6) - activemodel (6.0.3.2) - activesupport (= 6.0.3.2) - activerecord (6.0.3.2) - activemodel (= 6.0.3.2) - activesupport (= 6.0.3.2) - activestorage (6.0.3.2) - actionpack (= 6.0.3.2) - activejob (= 6.0.3.2) - activerecord (= 6.0.3.2) - marcel (~> 0.3.1) - activesupport (6.0.3.2) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) - bcrypt (3.1.15) - builder (3.2.4) - concurrent-ruby (1.1.7) - crass (1.0.6) - erubi (1.9.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.5) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.6.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) - method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - multi_json (1.15.0) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.2) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.3) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (6.0.3.2) - actioncable (= 6.0.3.2) - actionmailbox (= 6.0.3.2) - actionmailer (= 6.0.3.2) - actionpack (= 6.0.3.2) - actiontext (= 6.0.3.2) - actionview (= 6.0.3.2) - activejob (= 6.0.3.2) - activemodel (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) - bundler (>= 1.3.0) - railties (= 6.0.3.2) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (6.0.3.2) - actionpack (= 6.0.3.2) - activesupport (= 6.0.3.2) - method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) - rake (13.0.1) - rdoc (6.2.1) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) - ruby-openid (2.9.2) - sprockets (4.0.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.4.2) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.7.3) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - zeitwerk (2.4.0) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 6.0.0) - rails-controller-testing! - rdoc - responders (~> 3.0) - sqlite3 (~> 1.4) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 From e07932c18167bc394a0d292522b977d225ba98f2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 09:54:47 -0300 Subject: [PATCH 1299/1473] Rename gemfiles to keep consistency --- .github/workflows/test.yml | 60 +++++++++---------- ...ile.rails-4.1-stable => Gemfile-rails-4-1} | 0 ...ile.rails-4.2-stable => Gemfile-rails-4-2} | 0 ...ile.rails-5.0-stable => Gemfile-rails-5-0} | 0 ...ile.rails-5.1-stable => Gemfile-rails-5-1} | 0 ...ile.rails-5.2-stable => Gemfile-rails-5-2} | 0 ...ile.rails-6.0-stable => Gemfile-rails-6-0} | 0 7 files changed, 30 insertions(+), 30 deletions(-) rename gemfiles/{Gemfile.rails-4.1-stable => Gemfile-rails-4-1} (100%) rename gemfiles/{Gemfile.rails-4.2-stable => Gemfile-rails-4-2} (100%) rename gemfiles/{Gemfile.rails-5.0-stable => Gemfile-rails-5-0} (100%) rename gemfiles/{Gemfile.rails-5.1-stable => Gemfile-rails-5-1} (100%) rename gemfiles/{Gemfile.rails-5.2-stable => Gemfile-rails-5-2} (100%) rename gemfiles/{Gemfile.rails-6.0-stable => Gemfile-rails-6-0} (100%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4b3dcaa246..f528099ec6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,12 +7,12 @@ jobs: matrix: gemfile: - Gemfile - - gemfiles/Gemfile.rails-6.0-stable - - gemfiles/Gemfile.rails-5.2-stable - - gemfiles/Gemfile.rails-5.1-stable - - gemfiles/Gemfile.rails-5.0-stable - - gemfiles/Gemfile.rails-4.2-stable - - gemfiles/Gemfile.rails-4.1-stable + - gemfiles/Gemfile-rails-6-0 + - gemfiles/Gemfile-rails-5-2 + - gemfiles/Gemfile-rails-5-1 + - gemfiles/Gemfile-rails-5-0 + - gemfiles/Gemfile-rails-4-2 + - gemfiles/Gemfile-rails-4-1 ruby: - 2.1.10 - 2.2.10 @@ -29,61 +29,61 @@ jobs: - ruby: 2.1.10 gemfile: Gemfile - ruby: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 - ruby: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.2-stable + gemfile: gemfiles/Gemfile-rails-5-2 - ruby: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.1-stable + gemfile: gemfiles/Gemfile-rails-5-1 - ruby: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.0-stable + gemfile: gemfiles/Gemfile-rails-5-0 - ruby: 2.2.10 gemfile: Gemfile - ruby: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 - ruby: 2.2.10 - gemfile: gemfiles/Gemfile.rails-5.2-stable + gemfile: gemfiles/Gemfile-rails-5-2 - ruby: 2.3.8 gemfile: Gemfile - ruby: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 - ruby: 2.4.10 gemfile: Gemfile - ruby: 2.4.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 - ruby: 2.4.10 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.5.8 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.6.6 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.6.6 - gemfile: gemfiles/Gemfile.rails-4.2-stable + gemfile: gemfiles/Gemfile-rails-4-2 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.2-stable + gemfile: gemfiles/Gemfile-rails-4-2 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.0-stable + gemfile: gemfiles/Gemfile-rails-5-0 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.1-stable + gemfile: gemfiles/Gemfile-rails-5-1 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.2-stable + gemfile: gemfiles/Gemfile-rails-5-2 - ruby: ruby-head - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: ruby-head - gemfile: gemfiles/Gemfile.rails-4.2-stable + gemfile: gemfiles/Gemfile-rails-4-2 - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.0-stable + gemfile: gemfiles/Gemfile-rails-5-0 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.1-stable + gemfile: gemfiles/Gemfile-rails-5-1 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.2-stable + gemfile: gemfiles/Gemfile-rails-5-2 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile-rails-4-1 similarity index 100% rename from gemfiles/Gemfile.rails-4.1-stable rename to gemfiles/Gemfile-rails-4-1 diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile-rails-4-2 similarity index 100% rename from gemfiles/Gemfile.rails-4.2-stable rename to gemfiles/Gemfile-rails-4-2 diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile-rails-5-0 similarity index 100% rename from gemfiles/Gemfile.rails-5.0-stable rename to gemfiles/Gemfile-rails-5-0 diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile-rails-5-1 similarity index 100% rename from gemfiles/Gemfile.rails-5.1-stable rename to gemfiles/Gemfile-rails-5-1 diff --git a/gemfiles/Gemfile.rails-5.2-stable b/gemfiles/Gemfile-rails-5-2 similarity index 100% rename from gemfiles/Gemfile.rails-5.2-stable rename to gemfiles/Gemfile-rails-5-2 diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile-rails-6-0 similarity index 100% rename from gemfiles/Gemfile.rails-6.0-stable rename to gemfiles/Gemfile-rails-6-0 From 7386f419e3bcc3f47a1ca408a874f0a780fdd0ce Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 10:01:30 -0300 Subject: [PATCH 1300/1473] Use latest bundler on Gemfile.lock Bundler 1.x uses git instead of https by default and we don't have that github source setting in the Gemfile, but this should work. --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7d8c5f94a7..69e2b6c32d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -225,4 +225,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.3 + 2.2.7 From 13ba27497bbff866a4baa93cb6e558c63597e9c8 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 10:08:56 -0300 Subject: [PATCH 1301/1473] Use the latest 2.x patch version for each Ruby, remove ruby-head ruby-head was always in allowed failures with travis anyway, and we never really paid much attention to it, so let's just remove it entirely for now. --- .github/workflows/test.yml | 63 ++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f528099ec6..5dbd845de8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,66 +14,61 @@ jobs: - gemfiles/Gemfile-rails-4-2 - gemfiles/Gemfile-rails-4-1 ruby: - - 2.1.10 - - 2.2.10 - - 2.3.8 - - 2.4.10 - - 2.5.8 - - 2.6.6 - - 2.7.1 - - ruby-head + - 2.1 + - 2.2 + - 2.3 + - 2.4 + - 2.5 + - 2.6 + - 2.7 env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: - - ruby: 2.1.10 + - ruby: 2.1 gemfile: Gemfile - - ruby: 2.1.10 + - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.1.10 + - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 2.1.10 + - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 2.1.10 + - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 2.2.10 + - ruby: 2.2 gemfile: Gemfile - - ruby: 2.2.10 + - ruby: 2.2 gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.2.10 + - ruby: 2.2 gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 2.3.8 + - ruby: 2.3 gemfile: Gemfile - - ruby: 2.3.8 + - ruby: 2.3 gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.4.10 + - ruby: 2.4 gemfile: Gemfile - - ruby: 2.4.10 + - ruby: 2.4 gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.4.10 + - ruby: 2.4 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.5.8 + - ruby: 2.5 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.6.6 + - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.6.6 + - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: ruby-head - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: ruby-head - gemfile: gemfiles/Gemfile-rails-4-2 - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid From 628f2fb2beda319659008ba876d68916f1c8143b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 10:13:40 -0300 Subject: [PATCH 1302/1473] Explicitly set OmniAuth to 1.x in the Gemfiles for now The build is breaking with 2.x (which is expected), so this is a step to get it to green on GA. --- Gemfile | 2 +- Gemfile.lock | 2 +- gemfiles/Gemfile-rails-4-1 | 2 +- gemfiles/Gemfile-rails-4-2 | 2 +- gemfiles/Gemfile-rails-5-0 | 2 +- gemfiles/Gemfile-rails-5-1 | 2 +- gemfiles/Gemfile-rails-5-2 | 2 +- gemfiles/Gemfile-rails-6-0 | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index f91123340b..02f409fda6 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec gem "rails", "~> 6.1.0" -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 69e2b6c32d..29e75eca59 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -212,7 +212,7 @@ DEPENDENCIES activemodel-serializers-xml! devise! mocha (~> 1.1) - omniauth + omniauth (~> 1.0) omniauth-facebook omniauth-oauth2 omniauth-openid diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 44a1c98aac..503d5006eb 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-1-stable" -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" # Force this version because it's breaking on CI since a higher nokogiri version requires Ruby 2.3+. diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index bb35c5f2f3..ffb78bc195 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-2-stable" -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" gem "nokogiri", "1.9.1" diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index dcd1ac14ef..d737977c06 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.0.0' -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index c2b8f523f8..5f8d6ff836 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.1.0' -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index dbfbd5f6c0..8c061803cc 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.2.0' -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index e43284853a..c013f9aada 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 6.0.0' -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" From 3048fe0960bfb906b7fbb400af6b29d57f644e7a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 10:12:23 -0300 Subject: [PATCH 1303/1473] Prevent Bundler 2.x. with Rails 4.x versions --- .github/workflows/test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5dbd845de8..3937d5c438 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -84,10 +84,14 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - uses: actions/checkout@v2 + - name: Setup Bundler 1.x for Rails 4.x + if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }} + run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically + bundler: ${{ env.BUNDLER_VERSION || 'latest' }} - uses: supercharge/mongodb-github-action@1.3.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From 210c62af389bc7aa309297b5530114e97becc416 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 1 Feb 2021 11:44:42 -0300 Subject: [PATCH 1304/1473] Add changelog about moving to GitHub Actions --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3db58cac76..ad14e76c16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### unreleased +* enhancements + * Move CI to GitHub Actions. + * deprecations * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) From 9d16f33c7bdbb29265f45c9e2933a3131c1a73b5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 1 Feb 2021 11:51:23 -0300 Subject: [PATCH 1305/1473] Revert "Explicitly set OmniAuth to 1.x in the Gemfiles for now" This reverts commit 628f2fb2beda319659008ba876d68916f1c8143b. We should be run green on OmniAuth 2.x now. --- Gemfile | 2 +- Gemfile.lock | 2 +- gemfiles/Gemfile-rails-4-1 | 2 +- gemfiles/Gemfile-rails-4-2 | 2 +- gemfiles/Gemfile-rails-5-0 | 2 +- gemfiles/Gemfile-rails-5-1 | 2 +- gemfiles/Gemfile-rails-5-2 | 2 +- gemfiles/Gemfile-rails-6-0 | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index 02f409fda6..f91123340b 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec gem "rails", "~> 6.1.0" -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index b0579e8e68..c178bd18f8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -215,7 +215,7 @@ DEPENDENCIES activemodel-serializers-xml! devise! mocha (~> 1.1) - omniauth (~> 1.0) + omniauth omniauth-facebook omniauth-oauth2 omniauth-openid diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 503d5006eb..44a1c98aac 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-1-stable" -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" # Force this version because it's breaking on CI since a higher nokogiri version requires Ruby 2.3+. diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index ffb78bc195..bb35c5f2f3 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-2-stable" -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" gem "nokogiri", "1.9.1" diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index d737977c06..dcd1ac14ef 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.0.0' -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 5f8d6ff836..c2b8f523f8 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.1.0' -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index 8c061803cc..dbfbd5f6c0 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.2.0' -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index c013f9aada..e43284853a 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 6.0.0' -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From e16d60d0fedc5f5e6f541b2b9e901a2d53f8ceda Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 1 Feb 2021 12:00:44 -0300 Subject: [PATCH 1306/1473] Expand the release notes with more info about the OmniAuth v2 upgrade I'm sure more people will hit issues so I'm trying to add more guidance here about how to upgrade... maybe that should be in its own wiki but I'll keep it all in the changelog for now. --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87123e14b3..995f9f088c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,9 @@ ### unreleased * enhancements - * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). + * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) + - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. * Move CI to GitHub Actions. * deprecations From 80423c8f016c1512a910f542a341b9416130cf4b Mon Sep 17 00:00:00 2001 From: Alex Ghiculescu Date: Tue, 2 Feb 2021 15:21:44 -0700 Subject: [PATCH 1307/1473] Fix deprecation warning on Rails 6.1 --- .../active_record/devise_generator.rb | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 7319c47f21..2198310da7 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -86,9 +86,24 @@ def rails5_and_up? Rails::VERSION::MAJOR >= 5 end + def rails61_and_up? + Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1) + end + def postgresql? - config = ActiveRecord::Base.configurations[Rails.env] - config && config['adapter'] == 'postgresql' + ar_config && ar_config['adapter'] == 'postgresql' + end + + def ar_config + if ActiveRecord::Base.configurations.respond_to?(:configs_for) + if rails61_and_up? + ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: "primary").configuration_hash + else + ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, spec_name: "primary").config + end + else + ActiveRecord::Base.configurations[Rails.env] + end end def migration_version From ad91686b62c8a006044b230e7628f99fca994867 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 9 Feb 2021 10:03:34 -0300 Subject: [PATCH 1308/1473] Test on Ruby 3+ with Rails 6+ And remove dupe entry in the exclude matrix. In order to get Ruby 3 working we needed to install `rexml` as part of the test dependencies, only done on the main Gemfile (Rails 6.1) and the 6.0 versions. (which are the only ones supported by Ruby 3.) Devise itself doesn't require `rexml` as it does nothing with it, but a dependency we use during tests seem to require it. I was able to track it down to omniauth-openid -> rack-openid -> ruby-openid requiring it: https://github.com/openid/ruby-openid/blob/13a88ad6442133a613d2b7d6601991a84b34630d/lib/openid/yadis/xrds.rb#L1 So while we have tests using omniauth-openid, we'll need this require in place as well. Ideally that upstream version of ruby-openid should have it, but it seems that one isn't updated in a while. --- .github/workflows/test.yml | 13 +++++++++++-- CHANGELOG.md | 2 ++ Gemfile | 1 + Gemfile.lock | 2 ++ gemfiles/Gemfile-rails-6-0 | 1 + 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3937d5c438..0af48ddd53 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,6 +21,7 @@ jobs: - 2.5 - 2.6 - 2.7 + - 3.0 env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid @@ -59,8 +60,6 @@ jobs: gemfile: gemfiles/Gemfile-rails-4-2 - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-2 - ruby: 2.7 @@ -69,6 +68,16 @@ jobs: gemfile: gemfiles/Gemfile-rails-5-1 - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-2 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-4-1 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-4-2 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-5-0 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-5-1 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-5-2 - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid diff --git a/CHANGELOG.md b/CHANGELOG.md index 995f9f088c..7cdbdd6c22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. + * Add support for Ruby 3. + * Add support for Rails 6.1. * Move CI to GitHub Actions. * deprecations diff --git a/Gemfile b/Gemfile index f91123340b..22ca4afe93 100644 --- a/Gemfile +++ b/Gemfile @@ -18,6 +18,7 @@ gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false diff --git a/Gemfile.lock b/Gemfile.lock index c178bd18f8..e08446d7bf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -183,6 +183,7 @@ GEM responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) + rexml (3.2.4) ruby-openid (2.9.2) ruby2_keywords (0.0.4) sprockets (4.0.2) @@ -223,6 +224,7 @@ DEPENDENCIES rails-controller-testing! rdoc responders (~> 3.0) + rexml sqlite3 (~> 1.4) timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index e43284853a..d01a464fd7 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -16,6 +16,7 @@ gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false From a793472a3e28e8b0dec137531e3de64d91ff81ec Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Feb 2021 17:17:29 -0300 Subject: [PATCH 1309/1473] Replace XML with JSON serialization across the test suite This allows us to remove the dependency on the XML serializer provided by the external `activemodel-serializers-xml` gem, and eliminates the following deprecation warning: DEPRECATION WARNING: ActiveModel::Errors#to_xml is deprecated and will be removed in Rails 6.2. Please note: this does not mean Devise doesn't support XML, it simply means our test suite will use JSON to test non-navigatable formats instead of XML, for simplicity. Devise's job is not to test object serialization, so as long as your objects properly serialize to XML/JSON/any other format, it should work out of the box. --- Gemfile | 2 - Gemfile.lock | 10 ---- gemfiles/Gemfile-rails-5-0 | 2 - gemfiles/Gemfile-rails-5-1 | 2 - gemfiles/Gemfile-rails-5-2 | 2 - gemfiles/Gemfile-rails-6-0 | 2 - test/failure_app_test.rb | 10 ++-- test/integration/authenticatable_test.rb | 33 ++++--------- test/integration/confirmable_test.rb | 32 +++++-------- test/integration/http_authenticatable_test.rb | 23 +++++----- test/integration/lockable_test.rb | 31 +++++-------- test/integration/recoverable_test.rb | 46 ++++++++----------- test/integration/registerable_test.rb | 37 ++++++--------- test/models/serializable_test.rb | 15 ------ test/rails_app/app/active_record/user.rb | 1 - .../app/controllers/users_controller.rb | 3 +- test/routes_test.rb | 12 ++--- test/test/controller_helpers_test.rb | 6 +-- 18 files changed, 93 insertions(+), 176 deletions(-) diff --git a/Gemfile b/Gemfile index 22ca4afe93..2bca340602 100644 --- a/Gemfile +++ b/Gemfile @@ -9,8 +9,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/Gemfile.lock b/Gemfile.lock index e08446d7bf..e19528ac0c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,12 +1,3 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - GIT remote: https://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a @@ -213,7 +204,6 @@ PLATFORMS ruby DEPENDENCIES - activemodel-serializers-xml! devise! mocha (~> 1.1) omniauth diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index dcd1ac14ef..2f60c3a2b3 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -9,8 +9,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing" gem "responders", "~> 2.1" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index c2b8f523f8..c566e9c84f 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing" gem "responders", "~> 2.1" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index dbfbd5f6c0..5dc267def1 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing" gem "responders", "~> 2.1" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index d01a464fd7..f840fc8d7a 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 1b0aeb04aa..809f668de4 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -220,8 +220,8 @@ def call_failure(env_params = {}) end test 'works for any navigational format' do - swap Devise, navigational_formats: [:xml] do - call_failure('formats' => Mime[:xml]) + swap Devise, navigational_formats: [:json] do + call_failure('formats' => Mime[:json]) assert_equal 302, @response.first end end @@ -236,7 +236,7 @@ def call_failure(env_params = {}) context 'For HTTP request' do test 'return 401 status' do - call_failure('formats' => Mime[:xml]) + call_failure('formats' => Mime[:json]) assert_equal 401, @response.first end @@ -258,13 +258,13 @@ def call_failure(env_params = {}) end test 'return WWW-authenticate headers if model allows' do - call_failure('formats' => Mime[:xml]) + call_failure('formats' => Mime[:json]) assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"] end test 'does not return WWW-authenticate headers if model does not allow' do swap Devise, http_authenticatable: false do - call_failure('formats' => Mime[:xml]) + call_failure('formats' => Mime[:json]) assert_nil @response.second["WWW-Authenticate"] end end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index fcc1d734b6..fbe1da6cc0 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -462,14 +462,6 @@ class AuthenticationOthersTest < Devise::IntegrationTest end end - test 'sign in stub in xml format' do - get new_user_session_path(format: 'xml') - assert_match '', response.body - assert_match %r{.*}m, response.body - assert_match '', response.body - assert_match '\n) + assert_includes response.body, '{"user":{' end - test 'sign in with xml format is idempotent' do - get new_user_session_path(format: 'xml') + test 'sign in with json format is idempotent' do + get new_user_session_path(format: 'json') assert_response :success create_user - post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } + post user_session_path(format: 'json'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success - get new_user_session_path(format: 'xml') + get new_user_session_path(format: 'json') assert_response :success - post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } + post user_session_path(format: 'json'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success - assert_includes response.body, %(\n) + assert_includes response.body, '{"user":{' end test 'sign out with html redirects' do @@ -527,13 +519,6 @@ class AuthenticationOthersTest < Devise::IntegrationTest assert_current_url '/' end - test 'sign out with xml format returns no content' do - sign_in_as_user - delete destroy_user_session_path(format: 'xml') - assert_response :no_content - refute warden.authenticated?(:user) - end - test 'sign out with json format returns no content' do sign_in_as_user delete destroy_user_session_path(format: 'json') diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 165954617b..278f9488eb 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -214,40 +214,32 @@ def resend_confirmation end end - test 'resent confirmation token with valid E-Mail in XML format should return valid response' do + test 'resent confirmation token with valid e-mail in JSON format should return empty and valid response' do user = create_user(confirm: false) - post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } } + post user_confirmation_path(format: 'json'), params: { user: { email: user.email } } assert_response :success - assert_equal({}.to_xml, response.body) + assert_equal({}.to_json, response.body) end - test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do + test 'resent confirmation token with invalid e-mail in JSON format should return invalid response' do create_user(confirm: false) - post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } } + post user_confirmation_path(format: 'json'), params: { user: { email: 'invalid.test@test.com' } } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' end - test 'confirm account with valid confirmation token in XML format should return valid response' do + test 'confirm account with valid confirmation token in JSON format should return valid response' do user = create_user(confirm: false) - get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml') + get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'json') assert_response :success - assert_includes response.body, %(\n) + assert_includes response.body, '{"user":{' end - test 'confirm account with invalid confirmation token in XML format should return invalid response' do + test 'confirm account with invalid confirmation token in JSON format should return invalid response' do create_user(confirm: false) - get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml') + get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'json') assert_response :unprocessable_entity - assert_includes response.body, %(\n) - end - - test 'request an account confirmation account with JSON, should return an empty JSON' do - user = create_user(confirm: false) - - post user_confirmation_path, params: { user: { email: user.email }, format: :json } - assert_response :success - assert_equal({}.to_json, response.body) + assert_includes response.body, '{"confirmation_token":[' end test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 619a3cd821..6832159578 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -22,10 +22,10 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, skip_session_storage: [] do sign_in_as_new_user_with_http assert_response 200 - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) - get users_path(format: :xml) + get users_path(format: :json) assert_response 200 end end @@ -34,10 +34,10 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, skip_session_storage: [:http_auth] do sign_in_as_new_user_with_http assert_response 200 - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) - get users_path(format: :xml) + get users_path(format: :json) assert_response 401 end end @@ -51,8 +51,8 @@ class HttpAuthenticationTest < Devise::IntegrationTest test 'uses the request format as response content type' do sign_in_as_new_user_with_http("unknown") assert_equal 401, status - assert_equal "application/xml; charset=utf-8", headers["Content-Type"] - assert_match "Invalid Email or password.", response.body + assert_equal "application/json; charset=utf-8", headers["Content-Type"] + assert_match '"error":"Invalid Email or password."', response.body end test 'returns a custom response with www-authenticate and chosen realm' do @@ -67,7 +67,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, authentication_keys: [:username] do sign_in_as_new_user_with_http("usertest") assert_response :success - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) end end @@ -76,7 +76,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, authentication_keys: { username: false, email: false } do sign_in_as_new_user_with_http("usertest") assert_response :success - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) end end @@ -85,7 +85,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do sign_in_as_new_user_with_http("usertest") assert_response :success - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) end end @@ -101,14 +101,13 @@ class HttpAuthenticationTest < Devise::IntegrationTest private def sign_in_as_new_user_with_http(username = "user@test.com", password = "12345678") user = create_user - get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" } + get users_path(format: :json), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" } user end # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication def add_oauth2_header user = create_user - get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" } + get users_path(format: :json), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" } end - end diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index b0eaf02f57..437d8eec98 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -130,46 +130,39 @@ def send_unlock_request end end - test 'user should be able to request a new unlock token via XML request' do + test 'user should be able to request a new unlock token via JSON request and should return empty and valid response' do user = create_user(locked: true) ActionMailer::Base.deliveries.clear - post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } + post user_unlock_path(format: 'json'), params: { user: {email: user.email} } assert_response :success - assert_equal({}.to_xml, response.body) + assert_equal({}.to_json, response.body) assert_equal 1, ActionMailer::Base.deliveries.size end - test 'unlocked user should not be able to request a unlock token via XML request' do + test 'unlocked user should not be able to request a unlock token via JSON request' do user = create_user(locked: false) ActionMailer::Base.deliveries.clear - post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } + post user_unlock_path(format: 'json'), params: { user: {email: user.email} } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' assert_equal 0, ActionMailer::Base.deliveries.size end - test 'user with valid unlock token should be able to unlock account via XML request' do + test 'user with valid unlock token should be able to unlock account via JSON request' do user = create_user() raw = user.lock_access! assert user.access_locked? - get user_unlock_path(format: 'xml', unlock_token: raw) + get user_unlock_path(format: 'json', unlock_token: raw) assert_response :success - assert_includes response.body, %(\n) + assert_includes response.body, '{"user":{' end - test 'user with invalid unlock token should not be able to unlock the account via XML request' do - get user_unlock_path(format: 'xml', unlock_token: 'invalid_token') + test 'user with invalid unlock token should not be able to unlock the account via JSON request' do + get user_unlock_path(format: 'json', unlock_token: 'invalid_token') assert_response :unprocessable_entity - assert_includes response.body, %(\n) - end - - test "when using json to ask a unlock request, should not return the user" do - user = create_user(locked: true) - post user_unlock_path(format: "json", user: {email: user.email}) - assert_response :success - assert_equal({}.to_json, response.body) + assert_includes response.body, '{"unlock_token":[' end test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 2f1ca6e927..7626607816 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -261,63 +261,53 @@ def reset_password(options = {}, &block) end end - test 'reset password request with valid E-Mail in XML format should return valid response' do + test 'reset password request with valid e-mail in JSON format should return empty and valid response' do create_user - post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} } + post user_password_path(format: 'json'), params: { user: {email: "user@test.com"} } assert_response :success - assert_equal({}.to_xml, response.body) + assert_equal({}.to_json, response.body) end - test 'reset password request with invalid E-Mail in XML format should return valid response' do + test 'reset password request with invalid e-mail in JSON format should return valid response' do create_user - post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} } + post user_password_path(format: 'json'), params: { user: {email: "invalid.test@test.com"} } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' end - test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do + test 'reset password request with invalid e-mail in JSON format should return empty and valid response in paranoid mode' do swap Devise, paranoid: true do create_user - post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} } + post user_password_path(format: 'json'), params: { user: {email: "invalid@test.com"} } assert_response :success - assert_equal({}.to_xml, response.body) + assert_equal({}.to_json, response.body) end end - test 'change password with valid parameters in XML format should return valid response' do + test 'change password with valid parameters in JSON format should return valid response' do create_user request_forgot_password - put user_password_path(format: 'xml'), params: { user: { + put user_password_path(format: 'json'), params: { user: { reset_password_token: 'abcdef', password: '987654321', password_confirmation: '987654321' - } - } + } } assert_response :success assert warden.authenticated?(:user) end - test 'change password with invalid token in XML format should return invalid response' do + test 'change password with invalid token in JSON format should return invalid response' do create_user request_forgot_password - put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} } + put user_password_path(format: 'json'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' end - test 'change password with invalid new password in XML format should return invalid response' do + test 'change password with invalid new password in JSON format should return invalid response' do user = create_user request_forgot_password - put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} } + put user_password_path(format: 'json'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} } assert_response :unprocessable_entity - assert_includes response.body, %(\n) - end - - test "when using json requests to ask a confirmable request, should not return the object" do - user = create_user(confirm: false) - - post user_password_path(format: :json), params: { user: { email: user.email } } - - assert_response :success - assert_equal "{}", response.body + assert_includes response.body, '{"errors":{' end test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index fa2610edf8..b407223312 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -283,13 +283,6 @@ def user_sign_up assert_redirected_to new_user_registration_path end - test 'a user with XML sign up stub' do - get new_user_registration_path(format: 'xml') - assert_response :success - assert_match %(\n), response.body - assert_no_match(/\n) + assert_includes response.body, '{"admin":{' admin = Admin.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', admin.email end - test 'a user sign up with valid information in XML format should return valid response' do - post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } + test 'a user sign up with valid information in JSON format should return valid response' do + post user_registration_path(format: 'json'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } assert_response :success - assert_includes response.body, %(\n) + assert_includes response.body, '{"user":{' user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', user.email end - test 'a user sign up with invalid information in XML format should return invalid response' do - post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } } + test 'a user sign up with invalid information in JSON format should return invalid response' do + post user_registration_path(format: 'json'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' end - test 'a user update information with valid data in XML format should return valid response' do + test 'a user update information with valid data in JSON format should return valid response' do user = sign_in_as_user - put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } } + put user_registration_path(format: 'json'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } } assert_response :success assert_equal 'user.new@test.com', user.reload.email end - test 'a user update information with invalid data in XML format should return invalid response' do + test 'a user update information with invalid data in JSON format should return invalid response' do user = sign_in_as_user - put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } } + put user_registration_path(format: 'json'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } } assert_response :unprocessable_entity assert_equal 'user@test.com', user.reload.email end - test 'a user cancel their account in XML format should return valid response' do + test 'a user cancel their account in JSON format should return valid response' do sign_in_as_user - delete user_registration_path(format: 'xml') + delete user_registration_path(format: 'json') assert_response :success assert_equal 0, User.to_adapter.find_all.size end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 602cbe3714..53f0f59f43 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -7,21 +7,6 @@ class SerializableTest < ActiveSupport::TestCase @user = create_user end - test 'should not include unsafe keys on XML' do - assert_match(/email/, @user.to_xml) - assert_no_match(/confirmation-token/, @user.to_xml) - end - - test 'should not include unsafe keys on XML even if a new except is provided' do - assert_no_match(/email/, @user.to_xml(except: :email)) - assert_no_match(/confirmation-token/, @user.to_xml(except: :email)) - end - - test 'should include unsafe keys on XML if a force_except is provided' do - assert_no_match(/ Date: Mon, 15 Feb 2021 14:45:04 -0300 Subject: [PATCH 1310/1473] Bundle update --- Gemfile.lock | 118 +++++++++++++++++++++++++-------------------------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e19528ac0c..48b9a7b4e0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,60 +20,60 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.1) - actionpack (= 6.1.1) - activesupport (= 6.1.1) + actioncable (6.1.2.1) + actionpack (= 6.1.2.1) + activesupport (= 6.1.2.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.1) - actionpack (= 6.1.1) - activejob (= 6.1.1) - activerecord (= 6.1.1) - activestorage (= 6.1.1) - activesupport (= 6.1.1) + actionmailbox (6.1.2.1) + actionpack (= 6.1.2.1) + activejob (= 6.1.2.1) + activerecord (= 6.1.2.1) + activestorage (= 6.1.2.1) + activesupport (= 6.1.2.1) mail (>= 2.7.1) - actionmailer (6.1.1) - actionpack (= 6.1.1) - actionview (= 6.1.1) - activejob (= 6.1.1) - activesupport (= 6.1.1) + actionmailer (6.1.2.1) + actionpack (= 6.1.2.1) + actionview (= 6.1.2.1) + activejob (= 6.1.2.1) + activesupport (= 6.1.2.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.1) - actionview (= 6.1.1) - activesupport (= 6.1.1) + actionpack (6.1.2.1) + actionview (= 6.1.2.1) + activesupport (= 6.1.2.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.1) - actionpack (= 6.1.1) - activerecord (= 6.1.1) - activestorage (= 6.1.1) - activesupport (= 6.1.1) + actiontext (6.1.2.1) + actionpack (= 6.1.2.1) + activerecord (= 6.1.2.1) + activestorage (= 6.1.2.1) + activesupport (= 6.1.2.1) nokogiri (>= 1.8.5) - actionview (6.1.1) - activesupport (= 6.1.1) + actionview (6.1.2.1) + activesupport (= 6.1.2.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.1) - activesupport (= 6.1.1) + activejob (6.1.2.1) + activesupport (= 6.1.2.1) globalid (>= 0.3.6) - activemodel (6.1.1) - activesupport (= 6.1.1) - activerecord (6.1.1) - activemodel (= 6.1.1) - activesupport (= 6.1.1) - activestorage (6.1.1) - actionpack (= 6.1.1) - activejob (= 6.1.1) - activerecord (= 6.1.1) - activesupport (= 6.1.1) + activemodel (6.1.2.1) + activesupport (= 6.1.2.1) + activerecord (6.1.2.1) + activemodel (= 6.1.2.1) + activesupport (= 6.1.2.1) + activestorage (6.1.2.1) + actionpack (= 6.1.2.1) + activejob (= 6.1.2.1) + activerecord (= 6.1.2.1) + activesupport (= 6.1.2.1) marcel (~> 0.3.1) mimemagic (~> 0.3.2) - activesupport (6.1.1) + activesupport (6.1.2.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -81,7 +81,7 @@ GEM zeitwerk (~> 2.3) bcrypt (3.1.16) builder (3.2.4) - concurrent-ruby (1.1.7) + concurrent-ruby (1.1.8) crass (1.0.6) erubi (1.10.0) faraday (1.3.0) @@ -92,7 +92,7 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.7) + i18n (1.8.9) concurrent-ruby (~> 1.0) jwt (2.2.2) loofah (2.9.0) @@ -111,7 +111,7 @@ GEM multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.4) + nio4r (2.5.5) nokogiri (1.11.1) mini_portile2 (~> 2.5.0) racc (~> 1.4) @@ -121,7 +121,7 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.1) + omniauth (2.0.2) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection @@ -143,29 +143,29 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.1) - actioncable (= 6.1.1) - actionmailbox (= 6.1.1) - actionmailer (= 6.1.1) - actionpack (= 6.1.1) - actiontext (= 6.1.1) - actionview (= 6.1.1) - activejob (= 6.1.1) - activemodel (= 6.1.1) - activerecord (= 6.1.1) - activestorage (= 6.1.1) - activesupport (= 6.1.1) + rails (6.1.2.1) + actioncable (= 6.1.2.1) + actionmailbox (= 6.1.2.1) + actionmailer (= 6.1.2.1) + actionpack (= 6.1.2.1) + actiontext (= 6.1.2.1) + actionview (= 6.1.2.1) + activejob (= 6.1.2.1) + activemodel (= 6.1.2.1) + activerecord (= 6.1.2.1) + activestorage (= 6.1.2.1) + activesupport (= 6.1.2.1) bundler (>= 1.15.0) - railties (= 6.1.1) + railties (= 6.1.2.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.1.1) - actionpack (= 6.1.1) - activesupport (= 6.1.1) + railties (6.1.2.1) + actionpack (= 6.1.2.1) + activesupport (= 6.1.2.1) method_source rake (>= 0.8.7) thor (~> 1.0) @@ -185,8 +185,8 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.4.2) - thor (1.0.1) - timecop (0.9.2) + thor (1.1.0) + timecop (0.9.4) tzinfo (2.0.4) concurrent-ruby (~> 1.0) warden (1.2.9) From faef12cf2b620e7a454138aa7c2ec1e1719e4025 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 15 Feb 2021 16:07:38 -0300 Subject: [PATCH 1311/1473] Use the 6-0-stable version of Rails to fix issue with JSON responses The test suite was failing on Rails 6.0 + Ruby 3 with errors like: Expected "{\"errors\":\"#\"}" to include "{\"errors\":{". The ActiveModel::Errors object wasn't being serialized to JSON as expected, and this only happened with that combination of Ruby/Rails. Upon further investigation, this was caused by a change in Ruby and fixed in Rails in this PR: https://github.com/rails/rails/pull/39697 (which describes in more details the exact same problem and links to the Ruby bug tracker with more information). That fix was backported to 6-0-stable in June 2020, but hasn't been officially released in a stable version yet: (there have been only security fixes since then for 6.0) https://github.com/rails/rails/commit/75f6539d0e94c76d93d61feef06c3b0974fe62c1 Since the branch contains the fix, I'm pointing directly to it to get the tests passing. We can't tell if there'll be a new stable 6.0 release at this point, but hopefully yes, in which case we can go back at pointing to it. --- gemfiles/Gemfile-rails-6-0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index f840fc8d7a..bc9c83d008 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 6.0.0' +gem "rails", '~> 6.0.0', github: 'rails/rails', branch: '6-0-stable' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From 1ba53dc3695508da709de547af92831e09374090 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 15 Feb 2021 16:23:47 -0300 Subject: [PATCH 1312/1473] Lock bundler to 2.2.9 instead of latest 2.2.10 is causing the dependency resolution on Rails 6-0-stable to fail: ``` Bundler could not find compatible versions for gem "railties": In Gemfile-rails-6-0: devise was resolved to 4.7.3, which depends on railties (>= 4.1.0) rails was resolved to 6.0.3.5, which depends on railties (= 6.0.3.5) responders (~> 3.0) was resolved to 3.0.1, which depends on railties (>= 5.0) Took 27.49 seconds ``` https://github.com/heartcombo/devise/runs/1905780158?check_suite_focus=true#step:5:23 The `railties` version 6.0.3.5 should work, given the other two are using >= declarations, but it fails in 2.2.10. Downgrading to 2.2.9 works. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0af48ddd53..efe63d78dd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -100,7 +100,7 @@ jobs: with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - bundler: ${{ env.BUNDLER_VERSION || 'latest' }} + bundler: ${{ env.BUNDLER_VERSION || '2.2.9' }} - uses: supercharge/mongodb-github-action@1.3.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From ef9a2f410413b02b5234d80a73b42e296ebcc863 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 22 Mar 2021 18:43:18 -0300 Subject: [PATCH 1313/1473] Use minitest helpers to check if objects respond to certain methods --- test/models/database_authenticatable_test.rb | 6 +++--- test/models/rememberable_test.rb | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 676b44d2bb..c6fa527f8e 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -97,8 +97,8 @@ def setup test 'should respond to password and password confirmation' do user = new_user - assert user.respond_to?(:password) - assert user.respond_to?(:password_confirmation) + assert_respond_to user, :password + assert_respond_to user, :password_confirmation end test 'should generate a hashed password while setting password' do @@ -149,7 +149,7 @@ def setup end test 'should respond to current password' do - assert new_user.respond_to?(:current_password) + assert_respond_to new_user, :current_password end test 'should update password with valid current password' do diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 076a18a248..8b83172120 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -129,8 +129,8 @@ def user.authenticatable_salt; ""; end end test 'should respond to remember_me attribute' do - assert resource_class.new.respond_to?(:remember_me) - assert resource_class.new.respond_to?(:remember_me=) + assert_respond_to resource_class.new, :remember_me + assert_respond_to resource_class.new, :remember_me= end test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do From 429afcbe8aad8fa14f57a455d334ffa2ec117f9f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 30 Mar 2021 21:53:53 -0300 Subject: [PATCH 1314/1473] Bundle update --- Gemfile.lock | 130 +++++++++++++++++++++++++-------------------------- 1 file changed, 64 insertions(+), 66 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 48b9a7b4e0..a9812e16e8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/rails-controller-testing.git - revision: 4b15c86e82ee380f2a7cc009e470368f7520560a + revision: bc6f3356803d7c5d373f89a44625d59953dc0cef specs: rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -20,60 +20,60 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.2.1) - actionpack (= 6.1.2.1) - activesupport (= 6.1.2.1) + actioncable (6.1.3.1) + actionpack (= 6.1.3.1) + activesupport (= 6.1.3.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.2.1) - actionpack (= 6.1.2.1) - activejob (= 6.1.2.1) - activerecord (= 6.1.2.1) - activestorage (= 6.1.2.1) - activesupport (= 6.1.2.1) + actionmailbox (6.1.3.1) + actionpack (= 6.1.3.1) + activejob (= 6.1.3.1) + activerecord (= 6.1.3.1) + activestorage (= 6.1.3.1) + activesupport (= 6.1.3.1) mail (>= 2.7.1) - actionmailer (6.1.2.1) - actionpack (= 6.1.2.1) - actionview (= 6.1.2.1) - activejob (= 6.1.2.1) - activesupport (= 6.1.2.1) + actionmailer (6.1.3.1) + actionpack (= 6.1.3.1) + actionview (= 6.1.3.1) + activejob (= 6.1.3.1) + activesupport (= 6.1.3.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.2.1) - actionview (= 6.1.2.1) - activesupport (= 6.1.2.1) + actionpack (6.1.3.1) + actionview (= 6.1.3.1) + activesupport (= 6.1.3.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.2.1) - actionpack (= 6.1.2.1) - activerecord (= 6.1.2.1) - activestorage (= 6.1.2.1) - activesupport (= 6.1.2.1) + actiontext (6.1.3.1) + actionpack (= 6.1.3.1) + activerecord (= 6.1.3.1) + activestorage (= 6.1.3.1) + activesupport (= 6.1.3.1) nokogiri (>= 1.8.5) - actionview (6.1.2.1) - activesupport (= 6.1.2.1) + actionview (6.1.3.1) + activesupport (= 6.1.3.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.2.1) - activesupport (= 6.1.2.1) + activejob (6.1.3.1) + activesupport (= 6.1.3.1) globalid (>= 0.3.6) - activemodel (6.1.2.1) - activesupport (= 6.1.2.1) - activerecord (6.1.2.1) - activemodel (= 6.1.2.1) - activesupport (= 6.1.2.1) - activestorage (6.1.2.1) - actionpack (= 6.1.2.1) - activejob (= 6.1.2.1) - activerecord (= 6.1.2.1) - activesupport (= 6.1.2.1) - marcel (~> 0.3.1) - mimemagic (~> 0.3.2) - activesupport (6.1.2.1) + activemodel (6.1.3.1) + activesupport (= 6.1.3.1) + activerecord (6.1.3.1) + activemodel (= 6.1.3.1) + activesupport (= 6.1.3.1) + activestorage (6.1.3.1) + actionpack (= 6.1.3.1) + activejob (= 6.1.3.1) + activerecord (= 6.1.3.1) + activesupport (= 6.1.3.1) + marcel (~> 1.0.0) + mini_mime (~> 1.0.2) + activesupport (6.1.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -92,7 +92,7 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.9) + i18n (1.8.10) concurrent-ruby (~> 1.0) jwt (2.2.2) loofah (2.9.0) @@ -100,28 +100,26 @@ GEM nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) + marcel (1.0.0) method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) + mini_mime (1.0.3) mini_portile2 (2.5.0) - minitest (5.14.3) + minitest (5.14.4) mocha (1.12.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.5) - nokogiri (1.11.1) + nio4r (2.5.7) + nokogiri (1.11.2) mini_portile2 (~> 2.5.0) racc (~> 1.4) - oauth2 (1.4.4) + oauth2 (1.4.7) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.2) + omniauth (2.0.3) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection @@ -143,29 +141,29 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.2.1) - actioncable (= 6.1.2.1) - actionmailbox (= 6.1.2.1) - actionmailer (= 6.1.2.1) - actionpack (= 6.1.2.1) - actiontext (= 6.1.2.1) - actionview (= 6.1.2.1) - activejob (= 6.1.2.1) - activemodel (= 6.1.2.1) - activerecord (= 6.1.2.1) - activestorage (= 6.1.2.1) - activesupport (= 6.1.2.1) + rails (6.1.3.1) + actioncable (= 6.1.3.1) + actionmailbox (= 6.1.3.1) + actionmailer (= 6.1.3.1) + actionpack (= 6.1.3.1) + actiontext (= 6.1.3.1) + actionview (= 6.1.3.1) + activejob (= 6.1.3.1) + activemodel (= 6.1.3.1) + activerecord (= 6.1.3.1) + activestorage (= 6.1.3.1) + activesupport (= 6.1.3.1) bundler (>= 1.15.0) - railties (= 6.1.2.1) + railties (= 6.1.3.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.1.2.1) - actionpack (= 6.1.2.1) - activesupport (= 6.1.2.1) + railties (6.1.3.1) + actionpack (= 6.1.3.1) + activesupport (= 6.1.3.1) method_source rake (>= 0.8.7) thor (~> 1.0) From e8e0c275999dd98150197cab03acb5509cb16b6a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 30 Mar 2021 21:46:11 -0300 Subject: [PATCH 1315/1473] Revert "Lock bundler to 2.2.9 instead of latest" This reverts commit 1ba53dc3695508da709de547af92831e09374090. Let's give the latest bundler (2.2.15 as of today) a try again. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index efe63d78dd..0af48ddd53 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -100,7 +100,7 @@ jobs: with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - bundler: ${{ env.BUNDLER_VERSION || '2.2.9' }} + bundler: ${{ env.BUNDLER_VERSION || 'latest' }} - uses: supercharge/mongodb-github-action@1.3.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From a3ae35e9c951d1722af9a76fba7c1fa62c643019 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 22 Mar 2021 18:26:17 -0300 Subject: [PATCH 1316/1473] Create a model hook around the lockable warden hook to reset attempts Resetting failed attempts after sign in happened inside a warden hook specific for the lockable module, but that was hidden inside the hook implementation and didn't allow any user customization. One such customization needed for example is to direct these updates to a write DB when using a multi-DB setup. With the logic hidden in the warden hook this wasn't possible, now that it's exposed in a model method much like trackable, we can override the model method to wrap it in a connection switch block for example, point to a write DB, and simply call `super`. Closes #5310 Related to #5264 and #5133 --- CHANGELOG.md | 2 ++ lib/devise/hooks/lockable.rb | 7 ++----- lib/devise/models/lockable.rb | 10 +++++++++- test/models/lockable_test.rb | 26 ++++++++++++++++++++++++++ 4 files changed, 39 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7cdbdd6c22..5370462fa6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. + * Introduce `Lockable#reset_failed_attempts!` model method to reset failed attempts counter to 0 after the user signs in. + - This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with `Trackable#update_tracked_fields!`. * Add support for Ruby 3. * Add support for Rails 6.1. * Move CI to GitHub Actions. diff --git a/lib/devise/hooks/lockable.rb b/lib/devise/hooks/lockable.rb index a73a1752e2..b11db1e879 100644 --- a/lib/devise/hooks/lockable.rb +++ b/lib/devise/hooks/lockable.rb @@ -3,10 +3,7 @@ # After each sign in, if resource responds to failed_attempts, sets it to 0 # This is only triggered when the user is explicitly set (with set_user) Warden::Manager.after_set_user except: :fetch do |record, warden, options| - if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope]) - unless record.failed_attempts.to_i.zero? - record.failed_attempts = 0 - record.save(validate: false) - end + if record.respond_to?(:reset_failed_attempts!) && warden.authenticated?(options[:scope]) + record.reset_failed_attempts! end end diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 578f52949d..ce9e3e57af 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -57,6 +57,14 @@ def unlock_access! save(validate: false) end + # Resets failed attempts counter to 0. + def reset_failed_attempts! + if respond_to?(:failed_attempts) && !failed_attempts.to_i.zero? + self.failed_attempts = 0 + save(validate: false) + end + end + # Verifies whether a user is locked or not. def access_locked? !!locked_at && !lock_expired? @@ -110,7 +118,7 @@ def valid_for_authentication? false end end - + def increment_failed_attempts self.class.increment_counter(:failed_attempts, id) reload diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 8b12d55040..4190de929f 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -50,6 +50,32 @@ def setup assert_equal initial_failed_attempts + 2, user.reload.failed_attempts end + test "reset_failed_attempts! updates the failed attempts counter back to 0" do + user = create_user(failed_attempts: 3) + assert_equal 3, user.failed_attempts + + user.reset_failed_attempts! + assert_equal 0, user.failed_attempts + + user.reset_failed_attempts! + assert_equal 0, user.failed_attempts + end + + test "reset_failed_attempts! does not run model validations" do + user = create_user(failed_attempts: 1) + user.expects(:after_validation_callback).never + + assert user.reset_failed_attempts! + assert_equal 0, user.failed_attempts + end + + test "reset_failed_attempts! does not try to reset if not using failed attempts strategy" do + admin = create_admin + + refute_respond_to admin, :failed_attempts + refute admin.reset_failed_attempts! + end + test 'should be valid for authentication with a unlocked user' do user = create_user user.lock_access! From 57d1a1d3816901e9f2cc26e36c3ef70547a91034 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 29 Apr 2021 08:52:33 -0300 Subject: [PATCH 1317/1473] Release v4.8.0 --- CHANGELOG.md | 2 ++ Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5370462fa6..0fd505d347 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### unreleased +### 4.8.0 - 2021-04-29 + * enhancements * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) diff --git a/Gemfile.lock b/Gemfile.lock index a9812e16e8..6ff42a7e93 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.7.3) + devise (4.8.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index d30cd67dca..cecc83266f 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.7.3".freeze + VERSION = "4.8.0".freeze end From 2ee0068d778591ccc094e75433a4dc0a0c758d9a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 5 May 2021 18:20:38 -0300 Subject: [PATCH 1318/1473] Bundle update --- Gemfile.lock | 130 ++++++++++++++++++++++++++------------------------- 1 file changed, 67 insertions(+), 63 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 6ff42a7e93..06a2d687b1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,60 +20,60 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + actioncable (6.1.3.2) + actionpack (= 6.1.3.2) + activesupport (= 6.1.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailbox (6.1.3.2) + actionpack (= 6.1.3.2) + activejob (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) mail (>= 2.7.1) - actionmailer (6.1.3.1) - actionpack (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailer (6.1.3.2) + actionpack (= 6.1.3.2) + actionview (= 6.1.3.2) + activejob (= 6.1.3.2) + activesupport (= 6.1.3.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.3.1) - actionview (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionpack (6.1.3.2) + actionview (= 6.1.3.2) + activesupport (= 6.1.3.2) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.3.1) - actionpack (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actiontext (6.1.3.2) + actionpack (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) nokogiri (>= 1.8.5) - actionview (6.1.3.1) - activesupport (= 6.1.3.1) + actionview (6.1.3.2) + activesupport (= 6.1.3.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.3.1) - activesupport (= 6.1.3.1) + activejob (6.1.3.2) + activesupport (= 6.1.3.2) globalid (>= 0.3.6) - activemodel (6.1.3.1) - activesupport (= 6.1.3.1) - activerecord (6.1.3.1) - activemodel (= 6.1.3.1) - activesupport (= 6.1.3.1) - activestorage (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activesupport (= 6.1.3.1) + activemodel (6.1.3.2) + activesupport (= 6.1.3.2) + activerecord (6.1.3.2) + activemodel (= 6.1.3.2) + activesupport (= 6.1.3.2) + activestorage (6.1.3.2) + actionpack (= 6.1.3.2) + activejob (= 6.1.3.2) + activerecord (= 6.1.3.2) + activesupport (= 6.1.3.2) marcel (~> 1.0.0) mini_mime (~> 1.0.2) - activesupport (6.1.3.1) + activesupport (6.1.3.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -84,33 +84,37 @@ GEM concurrent-ruby (1.1.8) crass (1.0.6) erubi (1.10.0) - faraday (1.3.0) + faraday (1.4.1) + faraday-excon (~> 1.1) faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.1) multipart-post (>= 1.2, < 3) - ruby2_keywords + ruby2_keywords (>= 0.0.4) + faraday-excon (1.1.0) faraday-net_http (1.0.1) + faraday-net_http_persistent (1.1.0) globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) i18n (1.8.10) concurrent-ruby (~> 1.0) - jwt (2.2.2) - loofah (2.9.0) + jwt (2.2.3) + loofah (2.9.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.0) + marcel (1.0.1) method_source (1.0.0) mini_mime (1.0.3) - mini_portile2 (2.5.0) + mini_portile2 (2.5.1) minitest (5.14.4) mocha (1.12.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.7) - nokogiri (1.11.2) + nokogiri (1.11.3) mini_portile2 (~> 2.5.0) racc (~> 1.4) oauth2 (1.4.7) @@ -119,7 +123,7 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.3) + omniauth (2.0.4) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection @@ -141,38 +145,38 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.3.1) - actioncable (= 6.1.3.1) - actionmailbox (= 6.1.3.1) - actionmailer (= 6.1.3.1) - actionpack (= 6.1.3.1) - actiontext (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activemodel (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + rails (6.1.3.2) + actioncable (= 6.1.3.2) + actionmailbox (= 6.1.3.2) + actionmailer (= 6.1.3.2) + actionpack (= 6.1.3.2) + actiontext (= 6.1.3.2) + actionview (= 6.1.3.2) + activejob (= 6.1.3.2) + activemodel (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) bundler (>= 1.15.0) - railties (= 6.1.3.1) + railties (= 6.1.3.2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + railties (6.1.3.2) + actionpack (= 6.1.3.2) + activesupport (= 6.1.3.2) method_source rake (>= 0.8.7) thor (~> 1.0) rake (13.0.3) - rdoc (6.3.0) + rdoc (6.3.1) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) - rexml (3.2.4) + rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.4) sprockets (4.0.2) From 63ccdfb34a7bf7921a48e2c2a00421bc152ca8d4 Mon Sep 17 00:00:00 2001 From: Nick Hammond Date: Thu, 6 May 2021 15:24:04 -0700 Subject: [PATCH 1319/1473] Add metadata for RubyGems --- devise.gemspec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/devise.gemspec b/devise.gemspec index abbbd7f863..503a9a960d 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -14,6 +14,14 @@ Gem::Specification.new do |s| s.homepage = "https://github.com/heartcombo/devise" s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] + s.metadata = { + "homepage_uri" => "https://github.com/heartcombo/devise", + "documentation_uri" => "https://rubydoc.info/github/heartcombo/devise", + "changelog_uri" => "https://github.com/heartcombo/devise/blob/master/CHANGELOG.md", + "source_code_uri" => "https://github.com/heartcombo/devise", + "bug_tracker_uri" => "https://github.com/heartcombo/devise/issues", + "wiki_uri" => "https://github.com/heartcombo/devise/wiki" + } s.files = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"] s.require_paths = ["lib"] From bdd2e7e24f74fd1811ce1415cfa4a5eec7e62199 Mon Sep 17 00:00:00 2001 From: chihaso Date: Fri, 17 Sep 2021 14:37:28 +0900 Subject: [PATCH 1320/1473] Fix comment in some modules - It says that the option is added to devise_for, but it is actually added to the devise method in the model. --- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/database_authenticatable.rb | 2 +- lib/devise/models/omniauthable.rb | 4 ++-- lib/devise/models/timeoutable.rb | 2 +- lib/devise/models/validatable.rb | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 5b748ad2cf..44cda2b592 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -10,7 +10,7 @@ module Models # # == Options # - # Authenticatable adds the following options to devise_for: + # Authenticatable adds the following options to devise method in your model: # # * +authentication_keys+: parameters used for authentication. By default [:email]. # diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 58bac413ad..4d3a2c63ef 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -13,7 +13,7 @@ module Models # # == Options # - # DatabaseAuthenticatable adds the following options to devise_for: + # DatabaseAuthenticatable adds the following options to devise method in your model: # # * +pepper+: a random string used to provide a more secure hash. Use # `rails secret` to generate new keys. diff --git a/lib/devise/models/omniauthable.rb b/lib/devise/models/omniauthable.rb index c0fe1e5471..4619b9441c 100644 --- a/lib/devise/models/omniauthable.rb +++ b/lib/devise/models/omniauthable.rb @@ -8,11 +8,11 @@ module Models # # == Options # - # Oauthable adds the following options to devise_for: + # Oauthable adds the following options to devise method in your model: # # * +omniauth_providers+: Which providers are available to this model. It expects an array: # - # devise_for :database_authenticatable, :omniauthable, omniauth_providers: [:twitter] + # devise :database_authenticatable, :omniauthable, omniauth_providers: [:twitter] # module Omniauthable extend ActiveSupport::Concern diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index ee187dbfed..86870a2ae0 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -11,7 +11,7 @@ module Models # # == Options # - # Timeoutable adds the following options to devise_for: + # Timeoutable adds the following options to devise method in your model: # # * +timeout_in+: the interval to timeout the user session without activity. # diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 40c63de3c2..ed00c75599 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -9,7 +9,7 @@ module Models # # == Options # - # Validatable adds the following options to devise_for: + # Validatable adds the following options to devise method in your model: # # * +email_regexp+: the regular expression used to validate e-mails; # * +password_length+: a range expressing password length. Defaults to 6..128. From 366a428b2c6560842a52f9b044204a5f4aaa37cd Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 6 Oct 2021 19:20:03 -0300 Subject: [PATCH 1321/1473] Revise docs from #5405 Update a couple other modules that still referred to `devise_for` to point to `devise`, and make all of them more consistent. We can only mention `devise`, that should be clear enough about it being options for the model method. --- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/database_authenticatable.rb | 4 ++-- lib/devise/models/omniauthable.rb | 2 +- lib/devise/models/recoverable.rb | 2 +- lib/devise/models/rememberable.rb | 2 +- lib/devise/models/timeoutable.rb | 2 +- lib/devise/models/validatable.rb | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 44cda2b592..62590de57b 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -10,7 +10,7 @@ module Models # # == Options # - # Authenticatable adds the following options to devise method in your model: + # Authenticatable adds the following options to +devise+: # # * +authentication_keys+: parameters used for authentication. By default [:email]. # diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 4d3a2c63ef..8c0e22613d 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -13,7 +13,7 @@ module Models # # == Options # - # DatabaseAuthenticatable adds the following options to devise method in your model: + # DatabaseAuthenticatable adds the following options to +devise+: # # * +pepper+: a random string used to provide a more secure hash. Use # `rails secret` to generate new keys. @@ -42,7 +42,7 @@ module DatabaseAuthenticatable def initialize(*args, &block) @skip_email_changed_notification = false @skip_password_change_notification = false - super + super end # Skips sending the email changed notification after_update diff --git a/lib/devise/models/omniauthable.rb b/lib/devise/models/omniauthable.rb index 4619b9441c..6f4c8976d5 100644 --- a/lib/devise/models/omniauthable.rb +++ b/lib/devise/models/omniauthable.rb @@ -8,7 +8,7 @@ module Models # # == Options # - # Oauthable adds the following options to devise method in your model: + # Oauthable adds the following options to +devise+: # # * +omniauth_providers+: Which providers are available to this model. It expects an array: # diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 0cca30f064..59f3a613d6 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -7,7 +7,7 @@ module Models # # ==Options # - # Recoverable adds the following options to devise_for: + # Recoverable adds the following options to +devise+: # # * +reset_password_keys+: the keys you want to use when recovering the password for an account # * +reset_password_within+: the time period within which the password must be reset or the token expires. diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 76ac0b8139..a66979ad59 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -15,7 +15,7 @@ module Models # # == Options # - # Rememberable adds the following options in devise_for: + # Rememberable adds the following options to +devise+: # # * +remember_for+: the time you want the user will be remembered without # asking for credentials. After this time the user will be blocked and diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index 86870a2ae0..1d3ce2ae97 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -11,7 +11,7 @@ module Models # # == Options # - # Timeoutable adds the following options to devise method in your model: + # Timeoutable adds the following options to +devise+: # # * +timeout_in+: the interval to timeout the user session without activity. # diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index ed00c75599..8f600a8c01 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -9,7 +9,7 @@ module Models # # == Options # - # Validatable adds the following options to devise method in your model: + # Validatable adds the following options to +devise+: # # * +email_regexp+: the regular expression used to validate e-mails; # * +password_length+: a range expressing password length. Defaults to 6..128. From b39faffde42053e6c937ce9ce127f1823fbdc6c0 Mon Sep 17 00:00:00 2001 From: Alex Ghiculescu Date: Thu, 7 Oct 2021 22:18:37 +0200 Subject: [PATCH 1322/1473] Test against Rails main and remove `ActiveSupport::Dependencies.reference` (#5357) Remove `ActiveSupport::Dependencies.reference` This was deleted from Rails: https://github.com/rails/rails/commit/14d4edd7c3b06e82e1fcef54fa0b4453315c35fd As far as I can tell, it was meant to add a performance boost at some point in the past but doesn't seem to do anything useful these days. --- .github/workflows/test.yml | 26 ++++++++++++++++++++++++++ gemfiles/Gemfile-rails-6-1 | 27 +++++++++++++++++++++++++++ gemfiles/Gemfile-rails-main | 27 +++++++++++++++++++++++++++ lib/devise.rb | 4 +++- test/orm/active_record.rb | 2 +- test/rails_app/config/application.rb | 2 +- test/rails_app/config/boot.rb | 6 +++--- test/test/controller_helpers_test.rb | 2 +- 8 files changed, 89 insertions(+), 7 deletions(-) create mode 100644 gemfiles/Gemfile-rails-6-1 create mode 100644 gemfiles/Gemfile-rails-main diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0af48ddd53..7882708d10 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,6 +7,8 @@ jobs: matrix: gemfile: - Gemfile + - gemfiles/Gemfile-rails-main + - gemfiles/Gemfile-rails-6-1 - gemfiles/Gemfile-rails-6-0 - gemfiles/Gemfile-rails-5-2 - gemfiles/Gemfile-rails-5-1 @@ -30,6 +32,10 @@ jobs: gemfile: Gemfile - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-6-0 + - ruby: 2.1 + gemfile: gemfiles/Gemfile-rails-6-1 + - ruby: 2.1 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-5-2 - ruby: 2.1 @@ -40,24 +46,40 @@ jobs: gemfile: Gemfile - ruby: 2.2 gemfile: gemfiles/Gemfile-rails-6-0 + - ruby: 2.2 + gemfile: gemfiles/Gemfile-rails-6-1 + - ruby: 2.2 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.2 gemfile: gemfiles/Gemfile-rails-5-2 - ruby: 2.3 gemfile: Gemfile - ruby: 2.3 gemfile: gemfiles/Gemfile-rails-6-0 + - ruby: 2.3 + gemfile: gemfiles/Gemfile-rails-6-1 + - ruby: 2.3 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.4 gemfile: Gemfile - ruby: 2.4 gemfile: gemfiles/Gemfile-rails-6-0 + - ruby: 2.4 + gemfile: gemfiles/Gemfile-rails-6-1 + - ruby: 2.4 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.4 gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.5 gemfile: gemfiles/Gemfile-rails-4-1 + - ruby: 2.5 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-2 + - ruby: 2.6 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.7 @@ -88,6 +110,10 @@ jobs: gemfile: gemfiles/Gemfile-rails-5-2 - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile-rails-6-0 + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile-rails-6-1 + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile-rails-main runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 new file mode 100644 index 0000000000..0a96b0e354 --- /dev/null +++ b/gemfiles/Gemfile-rails-6-1 @@ -0,0 +1,27 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '~> 6.1.0' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.0" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "rexml" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.4" +end diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main new file mode 100644 index 0000000000..536c564c20 --- /dev/null +++ b/gemfiles/Gemfile-rails-main @@ -0,0 +1,27 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", github: "rails/rails", branch: "main" +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.0" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "rexml" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.4" +end diff --git a/lib/devise.rb b/lib/devise.rb index 0451876df9..4c96810ecf 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -318,7 +318,9 @@ def get end def self.ref(arg) - ActiveSupport::Dependencies.reference(arg) + if ActiveSupport::Dependencies.respond_to?(:reference) + ActiveSupport::Dependencies.reference(arg) + end Getter.new(arg) end diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index 001f99b993..cf500330ad 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,7 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails6? +if Devise::Test.rails6_and_up? ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate elsif Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 0c844878a0..d7ecc1606d 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -46,7 +46,7 @@ class Application < Rails::Application end # Remove the first check once Rails 5.0 support is removed. - if Devise::Test.rails52_and_up? && !Devise::Test.rails6? + if Devise::Test.rails52_and_up? && !Devise::Test.rails6_and_up? Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index bc3dfa62d9..3327e5e49e 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -7,9 +7,9 @@ module Devise module Test # Detection for minor differences between Rails versions in tests. - - def self.rails6? - Rails.version.start_with? '6' + + def self.rails6_and_up? + Rails::VERSION::MAJOR >= 6 end def self.rails52_and_up? diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 36f34e99d6..6c5d24ad17 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -103,7 +103,7 @@ def respond test "returns the content type of a failure app" do get :index, params: { format: :json } - if Devise::Test.rails6? + if Devise::Test.rails6_and_up? assert_includes response.media_type, 'application/json' else assert_includes response.content_type, 'application/json' From a0ccc1cf9649242436655fbc54fffff9e2df59d7 Mon Sep 17 00:00:00 2001 From: strobilomyces <68540841+strobilomyces@users.noreply.github.com> Date: Thu, 7 Oct 2021 22:27:37 +0200 Subject: [PATCH 1323/1473] Fix deprecated `ActiveSupport::Dependencies.constantize` (#5397) Changes deprecated `ActiveSupport::Dependencies.constantize(model_name)` to `model_name.constantize` Co-authored-by: Carlos Antonio da Silva --- lib/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 4c96810ecf..65c9621839 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -313,7 +313,7 @@ def initialize(name) end def get - ActiveSupport::Dependencies.constantize(@name) + @name.constantize end end From f3e8fd3baa3a81c0488bbfbee92557921f64a679 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Oct 2021 18:00:16 -0300 Subject: [PATCH 1324/1473] Move the Gemfile to test with Rails 7.0 alpha2, fix session test issue It appears setting the `rack.session` to a simple hash doesn't work anymore as it now has a few additional methods Rails is relying on to determine whether it's enabled or not: https://github.com/rails/rails/pull/42231 Failure: NoMethodError: undefined method `enabled?' for {}:Hash rails (f55cdafe4b82) actionpack/lib/action_dispatch/middleware/flash.rb:62:in `commit_flash' Turns we we don't seem to need to set `rack.session` for the tests here. --- .github/workflows/test.yml | 6 ++ Gemfile | 2 +- Gemfile.lock | 168 ++++++++++++++++++++----------------- test/failure_app_test.rb | 1 - 4 files changed, 96 insertions(+), 81 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7882708d10..017b5daf7b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -74,10 +74,14 @@ jobs: gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.5 gemfile: gemfiles/Gemfile-rails-main + - ruby: 2.5 + gemfile: Gemfile - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-2 + - ruby: 2.6 + gemfile: Gemfile - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-main - ruby: 2.7 @@ -112,6 +116,8 @@ jobs: gemfile: gemfiles/Gemfile-rails-6-0 - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile-rails-6-1 + - env: DEVISE_ORM=mongoid + gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile-rails-main runs-on: ubuntu-latest diff --git a/Gemfile b/Gemfile index 2bca340602..c10095af8d 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 6.1.0" +gem "rails", "~> 7.0.0.alpha2" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 06a2d687b1..112e364607 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,102 +20,111 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.3.2) - actionpack (= 6.1.3.2) - activesupport (= 6.1.3.2) + actioncable (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.3.2) - actionpack (= 6.1.3.2) - activejob (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + actionmailbox (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activejob (= 7.0.0.alpha2) + activerecord (= 7.0.0.alpha2) + activestorage (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) mail (>= 2.7.1) - actionmailer (6.1.3.2) - actionpack (= 6.1.3.2) - actionview (= 6.1.3.2) - activejob (= 6.1.3.2) - activesupport (= 6.1.3.2) + actionmailer (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + actionview (= 7.0.0.alpha2) + activejob (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.3.2) - actionview (= 6.1.3.2) - activesupport (= 6.1.3.2) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.0.alpha2) + actionview (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.3.2) - actionpack (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + actiontext (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activerecord (= 7.0.0.alpha2) + activestorage (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) nokogiri (>= 1.8.5) - actionview (6.1.3.2) - activesupport (= 6.1.3.2) + actionview (7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.3.2) - activesupport (= 6.1.3.2) + activejob (7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) globalid (>= 0.3.6) - activemodel (6.1.3.2) - activesupport (= 6.1.3.2) - activerecord (6.1.3.2) - activemodel (= 6.1.3.2) - activesupport (= 6.1.3.2) - activestorage (6.1.3.2) - actionpack (= 6.1.3.2) - activejob (= 6.1.3.2) - activerecord (= 6.1.3.2) - activesupport (= 6.1.3.2) + activemodel (7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) + activerecord (7.0.0.alpha2) + activemodel (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) + activestorage (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activejob (= 7.0.0.alpha2) + activerecord (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) marcel (~> 1.0.0) - mini_mime (~> 1.0.2) - activesupport (6.1.3.2) + mini_mime (>= 1.1.0) + activesupport (7.0.0.alpha2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) bcrypt (3.1.16) builder (3.2.4) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.9) crass (1.0.6) erubi (1.10.0) - faraday (1.4.1) + faraday (1.8.0) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0.1) faraday-net_http (~> 1.0) faraday-net_http_persistent (~> 1.1) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) multipart-post (>= 1.2, < 3) ruby2_keywords (>= 0.0.4) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) + faraday-httpclient (1.0.1) faraday-net_http (1.0.1) - faraday-net_http_persistent (1.1.0) - globalid (0.4.2) - activesupport (>= 4.2.0) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + globalid (0.5.2) + activesupport (>= 5.0) hashie (4.1.0) i18n (1.8.10) concurrent-ruby (~> 1.0) - jwt (2.2.3) - loofah (2.9.1) + jwt (2.3.0) + loofah (2.12.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.1) + marcel (1.0.2) method_source (1.0.0) - mini_mime (1.0.3) - mini_portile2 (2.5.1) + mini_mime (1.1.1) + mini_portile2 (2.6.1) minitest (5.14.4) - mocha (1.12.0) + mocha (1.13.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.7) - nokogiri (1.11.3) - mini_portile2 (~> 2.5.0) + nio4r (2.5.8) + nokogiri (1.12.5) + mini_portile2 (~> 2.6.1) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) @@ -145,40 +154,41 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.3.2) - actioncable (= 6.1.3.2) - actionmailbox (= 6.1.3.2) - actionmailer (= 6.1.3.2) - actionpack (= 6.1.3.2) - actiontext (= 6.1.3.2) - actionview (= 6.1.3.2) - activejob (= 6.1.3.2) - activemodel (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + rails (7.0.0.alpha2) + actioncable (= 7.0.0.alpha2) + actionmailbox (= 7.0.0.alpha2) + actionmailer (= 7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + actiontext (= 7.0.0.alpha2) + actionview (= 7.0.0.alpha2) + activejob (= 7.0.0.alpha2) + activemodel (= 7.0.0.alpha2) + activerecord (= 7.0.0.alpha2) + activestorage (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) bundler (>= 1.15.0) - railties (= 6.1.3.2) + railties (= 7.0.0.alpha2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.3.2) - actionpack (= 6.1.3.2) - activesupport (= 6.1.3.2) + railties (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) method_source - rake (>= 0.8.7) + rake (>= 0.13) thor (~> 1.0) - rake (13.0.3) - rdoc (6.3.1) + zeitwerk (~> 2.5.0.beta3) + rake (13.0.6) + rdoc (6.3.2) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) rexml (3.2.5) ruby-openid (2.9.2) - ruby2_keywords (0.0.4) + ruby2_keywords (0.0.5) sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -197,10 +207,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.4.2) + zeitwerk (2.5.0.beta5) PLATFORMS ruby @@ -212,7 +222,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 6.1.0) + rails (~> 7.0.0.alpha2) rails-controller-testing! rdoc responders (~> 3.0) @@ -222,4 +232,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.2.7 + 2.2.28 diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 809f668de4..df4107c00e 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -79,7 +79,6 @@ def call_failure(env_params = {}) 'HTTP_HOST' => 'test.host', 'REQUEST_METHOD' => 'GET', 'warden.options' => { scope: :user }, - 'rack.session' => {}, 'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime[:html]), 'rack.input' => "", 'warden' => OpenStruct.new(message: nil) From 14eb1362e3b8f492e243e1278db6ed47a2d455d3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Oct 2021 18:46:06 -0300 Subject: [PATCH 1325/1473] Eliminate Rails 7 warning about Active Record legacy connection handling DEPRECATION WARNING: Using legacy connection handling is deprecated. Please set `legacy_connection_handling` to `false` in your application. --- test/rails_app/config/application.rb | 4 ++++ test/rails_app/config/boot.rb | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index d7ecc1606d..7d717db87e 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -49,5 +49,9 @@ class Application < Rails::Application if Devise::Test.rails52_and_up? && !Devise::Test.rails6_and_up? Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true end + + if Devise::Test.rails7_and_up? + config.active_record.legacy_connection_handling = false + end end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 3327e5e49e..65acdfec49 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -8,6 +8,10 @@ module Devise module Test # Detection for minor differences between Rails versions in tests. + def self.rails7_and_up? + Rails::VERSION::MAJOR >= 7 + end + def self.rails6_and_up? Rails::VERSION::MAJOR >= 6 end From 51bf32701768fda1f24e5609d5c313a1479cc039 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Oct 2021 19:06:12 -0300 Subject: [PATCH 1326/1473] Refactor using helper to swap config --- test/integration/authenticatable_test.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index fbe1da6cc0..a1bf28dae4 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -344,16 +344,12 @@ class AuthenticationSessionTest < Devise::IntegrationTest end test 'refreshes _csrf_token' do - ApplicationController.allow_forgery_protection = true - - begin + swap ApplicationController, allow_forgery_protection: true do get new_user_session_path token = request.session[:_csrf_token] sign_in_as_user assert_not_equal request.session[:_csrf_token], token - ensure - ApplicationController.allow_forgery_protection = false end end From 772b74a657cfba80e386712965f01fd91c640a7f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Oct 2021 20:15:44 -0300 Subject: [PATCH 1327/1473] Update Changelog adding Rails 7 support --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fd505d347..dd5043ed9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### unreleased +* enhancements + * Add support for Rails 7.0 alpha 2. + ### 4.8.0 - 2021-04-29 * enhancements From 8593801130f2df94a50863b5db535c272b00efe1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 8 Oct 2021 08:31:13 -0300 Subject: [PATCH 1328/1473] Keep the constantize behavior consistent for versions prior to Rails 7 Use `AS::Dependencies` as before if we still can, otherwise use the new direct `constantize` call for Rails 7+. Leave a TODO to help remind us this can be removed once we drop support to Rails versions prior to 7 in the future. --- lib/devise.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 65c9621839..ede8038679 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -313,11 +313,17 @@ def initialize(name) end def get - @name.constantize + # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7. + if ActiveSupport::Dependencies.respond_to?(:constantize) + ActiveSupport::Dependencies.constantize(@name) + else + @name.constantize + end end end def self.ref(arg) + # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7. if ActiveSupport::Dependencies.respond_to?(:reference) ActiveSupport::Dependencies.reference(arg) end From 353d86e01c3bade1a893d11aa3e449b58085b8c4 Mon Sep 17 00:00:00 2001 From: Derek Crosson Date: Mon, 1 Nov 2021 02:44:35 +0200 Subject: [PATCH 1329/1473] chore: remove dollar symbol from some commands When you copy the commands that have the terminal beginning of line symbol in front of them you now no longer need to first delete this before running the command --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bf87d38fca..ef083c7c8d 100644 --- a/README.md +++ b/README.md @@ -185,7 +185,7 @@ Then run `bundle install` Next, you need to run the generator: ```console -$ rails generate devise:install +rails generate devise:install ``` At this point, a number of instructions will appear in the console. Among these instructions, you'll need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: @@ -200,7 +200,7 @@ The generator will install an initializer which describes ALL of Devise's config In the following command you will replace `MODEL` with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. ```console -$ rails generate devise MODEL +rails generate devise MODEL ``` Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. @@ -372,7 +372,7 @@ We built Devise to help you quickly develop an application that uses authenticat Since Devise is an engine, all its views are packaged inside the gem. These views will help you get started, but after some time you may want to change them. If this is the case, you just need to invoke the following generator, and it will copy all views to your application: ```console -$ rails generate devise:views +rails generate devise:views ``` If you have more than one Devise model in your application (such as `User` and `Admin`), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set `config.scoped_views = true` inside the `config/initializers/devise.rb` file. @@ -380,14 +380,14 @@ If you have more than one Devise model in your application (such as `User` and ` After doing so, you will be able to have views based on the role like `users/sessions/new` and `admins/sessions/new`. If no view is found within the scope, Devise will use the default view at `devise/sessions/new`. You can also use the generator to generate scoped views: ```console -$ rails generate devise:views users +rails generate devise:views users ``` If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module, you can pass a list of modules to the generator with the `-v` flag. ```console -$ rails generate devise:views -v registrations confirmations +rails generate devise:views -v registrations confirmations ``` ### Configuring controllers @@ -397,7 +397,7 @@ If the customization at the views level is not enough, you can customize each co 1. Create your custom controllers using the generator which requires a scope: ```console - $ rails generate devise:controllers [scope] + rails generate devise:controllers [scope] ``` If you specify `users` as the scope, controllers will be created in `app/controllers/users/`. From 9f5b83750eef89710b8f2f1e0969c308023e2f05 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 8 Dec 2021 08:26:05 -0300 Subject: [PATCH 1330/1473] Bundle update to Rails 7.0 rc1 --- CHANGELOG.md | 2 +- Gemfile | 2 +- Gemfile.lock | 141 ++++++++++++++++++++++++--------------------------- 3 files changed, 69 insertions(+), 76 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd5043ed9a..8e89a2bb54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ### unreleased * enhancements - * Add support for Rails 7.0 alpha 2. + * Add support for Rails 7.0 rc. ### 4.8.0 - 2021-04-29 diff --git a/Gemfile b/Gemfile index c10095af8d..3188bc667d 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 7.0.0.alpha2" +gem "rails", "~> 7.0.0.rc1" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 112e364607..47fbcbc72e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,60 +20,61 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actioncable (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activejob (= 7.0.0.alpha2) - activerecord (= 7.0.0.alpha2) - activestorage (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actionmailbox (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activejob (= 7.0.0.rc1) + activerecord (= 7.0.0.rc1) + activestorage (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) mail (>= 2.7.1) - actionmailer (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - actionview (= 7.0.0.alpha2) - activejob (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actionmailer (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + actionview (= 7.0.0.rc1) + activejob (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (7.0.0.alpha2) - actionview (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actionpack (7.0.0.rc1) + actionview (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activerecord (= 7.0.0.alpha2) - activestorage (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actiontext (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activerecord (= 7.0.0.rc1) + activestorage (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actionview (7.0.0.rc1) + activesupport (= 7.0.0.rc1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + activejob (7.0.0.rc1) + activesupport (= 7.0.0.rc1) globalid (>= 0.3.6) - activemodel (7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) - activerecord (7.0.0.alpha2) - activemodel (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) - activestorage (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activejob (= 7.0.0.alpha2) - activerecord (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) - marcel (~> 1.0.0) + activemodel (7.0.0.rc1) + activesupport (= 7.0.0.rc1) + activerecord (7.0.0.rc1) + activemodel (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) + activestorage (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activejob (= 7.0.0.rc1) + activerecord (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) + marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.0.alpha2) + activesupport (7.0.0.rc1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -102,10 +103,10 @@ GEM faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) - globalid (0.5.2) + globalid (1.0.0) activesupport (>= 5.0) - hashie (4.1.0) - i18n (1.8.10) + hashie (5.0.0) + i18n (1.8.11) concurrent-ruby (~> 1.0) jwt (2.3.0) loofah (2.12.0) @@ -115,7 +116,7 @@ GEM mini_mime (>= 0.1.1) marcel (1.0.2) method_source (1.0.0) - mini_mime (1.1.1) + mini_mime (1.1.2) mini_portile2 (2.6.1) minitest (5.14.4) mocha (1.13.0) @@ -136,16 +137,16 @@ GEM hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection - omniauth-facebook (8.0.0) + omniauth-facebook (9.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.1) + omniauth-oauth2 (1.7.2) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) omniauth-openid (2.0.1) omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) - racc (1.5.2) + racc (1.6.0) rack (2.2.3) rack-openid (1.4.2) rack (>= 1.1.0) @@ -154,48 +155,40 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (7.0.0.alpha2) - actioncable (= 7.0.0.alpha2) - actionmailbox (= 7.0.0.alpha2) - actionmailer (= 7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - actiontext (= 7.0.0.alpha2) - actionview (= 7.0.0.alpha2) - activejob (= 7.0.0.alpha2) - activemodel (= 7.0.0.alpha2) - activerecord (= 7.0.0.alpha2) - activestorage (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + rails (7.0.0.rc1) + actioncable (= 7.0.0.rc1) + actionmailbox (= 7.0.0.rc1) + actionmailer (= 7.0.0.rc1) + actionpack (= 7.0.0.rc1) + actiontext (= 7.0.0.rc1) + actionview (= 7.0.0.rc1) + activejob (= 7.0.0.rc1) + activemodel (= 7.0.0.rc1) + activerecord (= 7.0.0.rc1) + activestorage (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) bundler (>= 1.15.0) - railties (= 7.0.0.alpha2) - sprockets-rails (>= 2.0.0) + railties (= 7.0.0.rc1) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + railties (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) method_source - rake (>= 0.13) + rake (>= 12.2) thor (~> 1.0) - zeitwerk (~> 2.5.0.beta3) + zeitwerk (~> 2.5) rake (13.0.6) - rdoc (6.3.2) + rdoc (6.3.3) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.5) - sprockets (4.0.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) sqlite3 (1.4.2) thor (1.1.0) timecop (0.9.4) @@ -210,7 +203,7 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.5.0.beta5) + zeitwerk (2.5.1) PLATFORMS ruby @@ -222,7 +215,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 7.0.0.alpha2) + rails (~> 7.0.0.rc1) rails-controller-testing! rdoc responders (~> 3.0) From 289dd5f2219767044e91790cb1495aaa1d8c2593 Mon Sep 17 00:00:00 2001 From: Dino Maric Date: Thu, 16 Dec 2021 10:12:05 +0100 Subject: [PATCH 1331/1473] Add support for Rails 7 This commit adds support for latest Rails release. --- CHANGELOG.md | 2 +- Gemfile | 2 +- Gemfile.lock | 112 +++++++++++++++++++++++++-------------------------- 3 files changed, 58 insertions(+), 58 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e89a2bb54..335aa356f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ### unreleased * enhancements - * Add support for Rails 7.0 rc. + * Add support for Rails 7.0 ### 4.8.0 - 2021-04-29 diff --git a/Gemfile b/Gemfile index 3188bc667d..985e37f974 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 7.0.0.rc1" +gem "rails", "~> 7.0.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 47fbcbc72e..9270ac6d7b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,61 +20,61 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actioncable (7.0.0) + actionpack (= 7.0.0) + activesupport (= 7.0.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activejob (= 7.0.0.rc1) - activerecord (= 7.0.0.rc1) - activestorage (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actionmailbox (7.0.0) + actionpack (= 7.0.0) + activejob (= 7.0.0) + activerecord (= 7.0.0) + activestorage (= 7.0.0) + activesupport (= 7.0.0) mail (>= 2.7.1) - actionmailer (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - actionview (= 7.0.0.rc1) - activejob (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actionmailer (7.0.0) + actionpack (= 7.0.0) + actionview (= 7.0.0) + activejob (= 7.0.0) + activesupport (= 7.0.0) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (7.0.0.rc1) - actionview (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actionpack (7.0.0) + actionview (= 7.0.0) + activesupport (= 7.0.0) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activerecord (= 7.0.0.rc1) - activestorage (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actiontext (7.0.0) + actionpack (= 7.0.0) + activerecord (= 7.0.0) + activestorage (= 7.0.0) + activesupport (= 7.0.0) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actionview (7.0.0) + activesupport (= 7.0.0) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.0.rc1) - activesupport (= 7.0.0.rc1) + activejob (7.0.0) + activesupport (= 7.0.0) globalid (>= 0.3.6) - activemodel (7.0.0.rc1) - activesupport (= 7.0.0.rc1) - activerecord (7.0.0.rc1) - activemodel (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) - activestorage (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activejob (= 7.0.0.rc1) - activerecord (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + activemodel (7.0.0) + activesupport (= 7.0.0) + activerecord (7.0.0) + activemodel (= 7.0.0) + activesupport (= 7.0.0) + activestorage (7.0.0) + actionpack (= 7.0.0) + activejob (= 7.0.0) + activerecord (= 7.0.0) + activesupport (= 7.0.0) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.0.rc1) + activesupport (7.0.0) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -109,7 +109,7 @@ GEM i18n (1.8.11) concurrent-ruby (~> 1.0) jwt (2.3.0) - loofah (2.12.0) + loofah (2.13.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -118,7 +118,7 @@ GEM method_source (1.0.0) mini_mime (1.1.2) mini_portile2 (2.6.1) - minitest (5.14.4) + minitest (5.15.0) mocha (1.13.0) multi_json (1.15.0) multi_xml (0.6.0) @@ -155,28 +155,28 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (7.0.0.rc1) - actioncable (= 7.0.0.rc1) - actionmailbox (= 7.0.0.rc1) - actionmailer (= 7.0.0.rc1) - actionpack (= 7.0.0.rc1) - actiontext (= 7.0.0.rc1) - actionview (= 7.0.0.rc1) - activejob (= 7.0.0.rc1) - activemodel (= 7.0.0.rc1) - activerecord (= 7.0.0.rc1) - activestorage (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + rails (7.0.0) + actioncable (= 7.0.0) + actionmailbox (= 7.0.0) + actionmailer (= 7.0.0) + actionpack (= 7.0.0) + actiontext (= 7.0.0) + actionview (= 7.0.0) + activejob (= 7.0.0) + activemodel (= 7.0.0) + activerecord (= 7.0.0) + activestorage (= 7.0.0) + activesupport (= 7.0.0) bundler (>= 1.15.0) - railties (= 7.0.0.rc1) + railties (= 7.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + railties (7.0.0) + actionpack (= 7.0.0) + activesupport (= 7.0.0) method_source rake (>= 12.2) thor (~> 1.0) @@ -215,7 +215,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 7.0.0.rc1) + rails (~> 7.0.0) rails-controller-testing! rdoc responders (~> 3.0) From 43800b4b8550d1249ab049a94ee7c16e243551a1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 16 Dec 2021 08:04:20 -0300 Subject: [PATCH 1332/1473] Bump to 4.8.1 with Rails 7 support Also note in the Changelog that Turbo is not fully supported yet. --- CHANGELOG.md | 4 ++-- Gemfile.lock | 6 +++--- lib/devise/version.rb | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 335aa356f9..c4b518b237 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ -### unreleased +### 4.8.1 * enhancements - * Add support for Rails 7.0 + * Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet. ### 4.8.0 - 2021-04-29 diff --git a/Gemfile.lock b/Gemfile.lock index 9270ac6d7b..40c8ec588b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/rails-controller-testing.git - revision: bc6f3356803d7c5d373f89a44625d59953dc0cef + revision: 36e84822ee997d69c971f03f3f3759ee4f4bdc37 specs: rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.8.0) + devise (4.8.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -225,4 +225,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.2.28 + 2.2.33 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index cecc83266f..ad9c7326a3 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.8.0".freeze + VERSION = "4.8.1".freeze end From 025b1c873491908b346e4d394f54481ec18fb02c Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 16 Dec 2021 08:08:55 -0300 Subject: [PATCH 1333/1473] Add date to v4.8.1 changelog [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4b518b237..e91257a120 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### 4.8.1 +### 4.8.1 - 2021-12-16 * enhancements * Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet. From 3c5acaf53106db2d890988021caadd96a7f2a024 Mon Sep 17 00:00:00 2001 From: Peter Goldstein Date: Fri, 7 Jan 2022 12:36:56 -0800 Subject: [PATCH 1334/1473] Add Ruby 3.1 to CI matrix. Lock to Nokogiri < 1.13 for webrat compatibility --- .github/workflows/test.yml | 29 ++++-- Gemfile | 1 + Gemfile.lock | 178 +++++++++++++++++++----------------- gemfiles/Gemfile-rails-5-0 | 1 + gemfiles/Gemfile-rails-5-1 | 1 + gemfiles/Gemfile-rails-5-2 | 1 + gemfiles/Gemfile-rails-6-0 | 1 + gemfiles/Gemfile-rails-6-1 | 7 ++ gemfiles/Gemfile-rails-main | 1 + 9 files changed, 132 insertions(+), 88 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 017b5daf7b..e212d738f8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,8 @@ jobs: - 2.5 - 2.6 - 2.7 - - 3.0 + - '3.0' + - 3.1 env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid @@ -94,16 +95,32 @@ jobs: gemfile: gemfiles/Gemfile-rails-5-1 - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-5-2 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-1 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-2 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-4-1 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-4-2 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-0 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-1 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-2 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-6-0 - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid diff --git a/Gemfile b/Gemfile index 985e37f974..0b41fa0e1b 100644 --- a/Gemfile +++ b/Gemfile @@ -14,6 +14,7 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/Gemfile.lock b/Gemfile.lock index 40c8ec588b..21b998364c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/rails-controller-testing.git - revision: 36e84822ee997d69c971f03f3f3759ee4f4bdc37 + revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74 specs: rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -20,61 +20,67 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.0) - actionpack (= 7.0.0) - activesupport (= 7.0.0) + actioncable (7.0.2.2) + actionpack (= 7.0.2.2) + activesupport (= 7.0.2.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.0) - actionpack (= 7.0.0) - activejob (= 7.0.0) - activerecord (= 7.0.0) - activestorage (= 7.0.0) - activesupport (= 7.0.0) + actionmailbox (7.0.2.2) + actionpack (= 7.0.2.2) + activejob (= 7.0.2.2) + activerecord (= 7.0.2.2) + activestorage (= 7.0.2.2) + activesupport (= 7.0.2.2) mail (>= 2.7.1) - actionmailer (7.0.0) - actionpack (= 7.0.0) - actionview (= 7.0.0) - activejob (= 7.0.0) - activesupport (= 7.0.0) + net-imap + net-pop + net-smtp + actionmailer (7.0.2.2) + actionpack (= 7.0.2.2) + actionview (= 7.0.2.2) + activejob (= 7.0.2.2) + activesupport (= 7.0.2.2) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.0) - actionview (= 7.0.0) - activesupport (= 7.0.0) + actionpack (7.0.2.2) + actionview (= 7.0.2.2) + activesupport (= 7.0.2.2) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.0) - actionpack (= 7.0.0) - activerecord (= 7.0.0) - activestorage (= 7.0.0) - activesupport (= 7.0.0) + actiontext (7.0.2.2) + actionpack (= 7.0.2.2) + activerecord (= 7.0.2.2) + activestorage (= 7.0.2.2) + activesupport (= 7.0.2.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.0) - activesupport (= 7.0.0) + actionview (7.0.2.2) + activesupport (= 7.0.2.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.0) - activesupport (= 7.0.0) + activejob (7.0.2.2) + activesupport (= 7.0.2.2) globalid (>= 0.3.6) - activemodel (7.0.0) - activesupport (= 7.0.0) - activerecord (7.0.0) - activemodel (= 7.0.0) - activesupport (= 7.0.0) - activestorage (7.0.0) - actionpack (= 7.0.0) - activejob (= 7.0.0) - activerecord (= 7.0.0) - activesupport (= 7.0.0) + activemodel (7.0.2.2) + activesupport (= 7.0.2.2) + activerecord (7.0.2.2) + activemodel (= 7.0.2.2) + activesupport (= 7.0.2.2) + activestorage (7.0.2.2) + actionpack (= 7.0.2.2) + activejob (= 7.0.2.2) + activerecord (= 7.0.2.2) + activesupport (= 7.0.2.2) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.0) + activesupport (7.0.2.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -83,33 +89,20 @@ GEM builder (3.2.4) concurrent-ruby (1.1.9) crass (1.0.6) + digest (3.1.0) erubi (1.10.0) - faraday (1.8.0) - faraday-em_http (~> 1.0) - faraday-em_synchrony (~> 1.0) - faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) - faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) - faraday-patron (~> 1.0) - faraday-rack (~> 1.0) - multipart-post (>= 1.2, < 3) + faraday (2.2.0) + faraday-net_http (~> 2.0) ruby2_keywords (>= 0.0.4) - faraday-em_http (1.0.0) - faraday-em_synchrony (1.0.0) - faraday-excon (1.1.0) - faraday-httpclient (1.0.1) - faraday-net_http (1.0.1) - faraday-net_http_persistent (1.2.0) - faraday-patron (1.0.0) - faraday-rack (1.0.0) + faraday-net_http (2.0.1) globalid (1.0.0) activesupport (>= 5.0) hashie (5.0.0) - i18n (1.8.11) + i18n (1.10.0) concurrent-ruby (~> 1.0) + io-wait (0.2.1) jwt (2.3.0) - loofah (2.13.0) + loofah (2.14.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -122,13 +115,27 @@ GEM mocha (1.13.0) multi_json (1.15.0) multi_xml (0.6.0) - multipart-post (2.1.1) + net-imap (0.2.3) + digest + net-protocol + strscan + net-pop (0.1.1) + digest + net-protocol + timeout + net-protocol (0.1.2) + io-wait + timeout + net-smtp (0.3.1) + digest + net-protocol + timeout nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) - oauth2 (1.4.7) - faraday (>= 0.8, < 2.0) + oauth2 (1.4.9) + faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) @@ -146,43 +153,46 @@ GEM omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) + psych (4.0.3) + stringio racc (1.6.0) rack (2.2.3) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (2.1.0) + rack-protection (2.2.0) rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (7.0.0) - actioncable (= 7.0.0) - actionmailbox (= 7.0.0) - actionmailer (= 7.0.0) - actionpack (= 7.0.0) - actiontext (= 7.0.0) - actionview (= 7.0.0) - activejob (= 7.0.0) - activemodel (= 7.0.0) - activerecord (= 7.0.0) - activestorage (= 7.0.0) - activesupport (= 7.0.0) + rails (7.0.2.2) + actioncable (= 7.0.2.2) + actionmailbox (= 7.0.2.2) + actionmailer (= 7.0.2.2) + actionpack (= 7.0.2.2) + actiontext (= 7.0.2.2) + actionview (= 7.0.2.2) + activejob (= 7.0.2.2) + activemodel (= 7.0.2.2) + activerecord (= 7.0.2.2) + activestorage (= 7.0.2.2) + activesupport (= 7.0.2.2) bundler (>= 1.15.0) - railties (= 7.0.0) + railties (= 7.0.2.2) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (7.0.0) - actionpack (= 7.0.0) - activesupport (= 7.0.0) + railties (7.0.2.2) + actionpack (= 7.0.2.2) + activesupport (= 7.0.2.2) method_source rake (>= 12.2) thor (~> 1.0) zeitwerk (~> 2.5) rake (13.0.6) - rdoc (6.3.3) + rdoc (6.4.0) + psych (>= 4.0.0) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) @@ -190,8 +200,11 @@ GEM ruby-openid (2.9.2) ruby2_keywords (0.0.5) sqlite3 (1.4.2) - thor (1.1.0) + stringio (3.0.1) + strscan (3.0.1) + thor (1.2.1) timecop (0.9.4) + timeout (0.2.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) warden (1.2.9) @@ -203,7 +216,7 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.5.1) + zeitwerk (2.5.4) PLATFORMS ruby @@ -211,6 +224,7 @@ PLATFORMS DEPENDENCIES devise! mocha (~> 1.1) + nokogiri (< 1.13) omniauth omniauth-facebook omniauth-oauth2 @@ -225,4 +239,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.2.33 + 2.3.4 diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index 2f60c3a2b3..486f0132a8 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -14,6 +14,7 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index c566e9c84f..0d391aa545 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -12,6 +12,7 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index 5dc267def1..10bd39ba1e 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -12,6 +12,7 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index bc9c83d008..d8f7743151 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -12,6 +12,7 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 0a96b0e354..8a8991fe0e 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -13,7 +13,14 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" +if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.1") + gem "net-smtp", require: false + gem "net-imap", require: false + gem "net-pop", require: false +end + group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 536c564c20..513e0572cf 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -14,6 +14,7 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" From 451ff6d49c71e543962d2b29d77f2e744b2d47e1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 25 Feb 2022 14:44:26 -0300 Subject: [PATCH 1335/1473] Reorganize test matrix & use latest bundler * Rails and Ruby versions follow the most recent to oldest, except for Rails main, so we can keep the Gemfile the first one. * Excluding specific matrix combinations based on the Gemfile first, Ruby version next, and keep the same order (most recent -> oldest) * Quote all Ruby versions to keep things consistent. It's required for the '3.0' version to avoid the float issue where it'd use the latest 3.x instead. --- .github/workflows/test.yml | 226 ++++++++++++++++++------------------- Gemfile.lock | 2 +- gemfiles/Gemfile-rails-6-1 | 2 +- 3 files changed, 112 insertions(+), 118 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e212d738f8..7d5d080bb6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,127 +16,121 @@ jobs: - gemfiles/Gemfile-rails-4-2 - gemfiles/Gemfile-rails-4-1 ruby: - - 2.1 - - 2.2 - - 2.3 - - 2.4 - - 2.5 - - 2.6 - - 2.7 + - '3.1' - '3.0' - - 3.1 + - '2.7' + - '2.6' + - '2.5' + - '2.4' + - '2.3' + - '2.2' + - '2.1' env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: - - ruby: 2.1 - gemfile: Gemfile - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-6-1 - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 2.2 - gemfile: Gemfile - - ruby: 2.2 - gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.2 - gemfile: gemfiles/Gemfile-rails-6-1 - - ruby: 2.2 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.2 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 2.3 - gemfile: Gemfile - - ruby: 2.3 - gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.3 - gemfile: gemfiles/Gemfile-rails-6-1 - - ruby: 2.3 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.4 - gemfile: Gemfile - - ruby: 2.4 - gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.4 - gemfile: gemfiles/Gemfile-rails-6-1 - - ruby: 2.4 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.4 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.5 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.5 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.5 - gemfile: Gemfile - - ruby: 2.6 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.6 - gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 2.6 - gemfile: Gemfile - - ruby: 2.6 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-6-0 - - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-0 - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-1 - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-2 - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-0 - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-1 - - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main + - gemfile: Gemfile + ruby: '2.6' + - gemfile: Gemfile + ruby: '2.5' + - gemfile: Gemfile + ruby: '2.4' + - gemfile: Gemfile + ruby: '2.3' + - gemfile: Gemfile + ruby: '2.2' + - gemfile: Gemfile + ruby: '2.1' + - gemfile: Gemfile + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.5' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.4' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.3' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-main + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-6-1 + ruby: '2.4' + - gemfile: gemfiles/Gemfile-rails-6-1 + ruby: '2.3' + - gemfile: gemfiles/Gemfile-rails-6-1 + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-6-1 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-6-1 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '2.4' + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '2.3' + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-6-0 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-5-2 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-5-1 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-5-0 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '2.5' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '2.4' runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} diff --git a/Gemfile.lock b/Gemfile.lock index 21b998364c..82ddc2725d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -239,4 +239,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.3.4 + 2.3.8 diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 8a8991fe0e..baa4827c28 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -13,7 +13,7 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" -if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.1") +if RUBY_VERSION >= "3.1" gem "net-smtp", require: false gem "net-imap", require: false gem "net-pop", require: false From a78948f53ca8847413db294af22b0f784db37a58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Glauco=20Cust=C3=B3dio?= Date: Mon, 21 Mar 2022 12:10:43 +0000 Subject: [PATCH 1336/1473] Use bundle add instead As per https://github.com/rubygems/rubygems/pull/5337, we can simplify the steps of adding a gem. --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index bf87d38fca..a34023d0ab 100644 --- a/README.md +++ b/README.md @@ -174,14 +174,12 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 4.0 works with Rails 4.1 onwards. Add the following line to your Gemfile: +Devise 4.0 works with Rails 4.1 onwards. Run: -```ruby -gem 'devise' +```sh +bundle add devise ``` -Then run `bundle install` - Next, you need to run the generator: ```console From 1542b7da2937b9aaca1a520ee7089f7103133c43 Mon Sep 17 00:00:00 2001 From: yysaki Date: Thu, 21 Apr 2022 23:29:30 +0900 Subject: [PATCH 1337/1473] Update the urls which refer nonexistent master branch name in documentations --- README.md | 30 +++++++++++++-------------- devise.gemspec | 2 +- lib/devise/controllers/sign_in_out.rb | 2 +- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index bf87d38fca..8fa3f64b9d 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Devise Logo](https://raw.github.com/heartcombo/devise/master/devise.png) +![Devise Logo](https://raw.github.com/heartcombo/devise/main/devise.png) [![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise) @@ -11,16 +11,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: -* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. -* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. -* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. -* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. -* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. -* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. -* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. -* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. +* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. +* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable): resets the user password and sends reset instructions. +* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. +* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. +* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. +* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. +* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. +* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. ## Table of Contents @@ -91,7 +91,7 @@ https://groups.google.com/group/plataformatec-devise You can view the Devise documentation in RDoc format here: -http://rubydoc.info/github/heartcombo/devise/master/frames +http://rubydoc.info/github/heartcombo/devise/main/frames If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation. @@ -130,7 +130,7 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). -Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: ```bash rbenv shell 2.4.2 # or rvm use 2.4.2 @@ -458,7 +458,7 @@ Devise also ships with default routes. If you need to customize them, you should devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` -Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details. +Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/main/ActionDispatch/Routing/Mapper%3Adevise_for) for details. If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router: @@ -679,7 +679,7 @@ end ### Password reset tokens and Rails logs -If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: +If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. diff --git a/devise.gemspec b/devise.gemspec index 503a9a960d..78c0177aab 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -17,7 +17,7 @@ Gem::Specification.new do |s| s.metadata = { "homepage_uri" => "https://github.com/heartcombo/devise", "documentation_uri" => "https://rubydoc.info/github/heartcombo/devise", - "changelog_uri" => "https://github.com/heartcombo/devise/blob/master/CHANGELOG.md", + "changelog_uri" => "https://github.com/heartcombo/devise/blob/main/CHANGELOG.md", "source_code_uri" => "https://github.com/heartcombo/devise", "bug_tracker_uri" => "https://github.com/heartcombo/devise/issues", "wiki_uri" => "https://github.com/heartcombo/devise/wiki" diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 6d72a21dca..90c2a4367f 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -21,7 +21,7 @@ def signed_in?(scope = nil) # to the set_user method in warden. # If you are using a custom warden strategy and the timeoutable module, you have to # set `env["devise.skip_timeout"] = true` in the request to use this method, like we do - # in the sessions controller: https://github.com/heartcombo/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 + # in the sessions controller: https://github.com/heartcombo/devise/blob/main/app/controllers/devise/sessions_controller.rb#L7 # # Examples: # From 8d4c3647a774f9e47a05e2f364bc591ab1907600 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Apr 2022 09:17:40 -0300 Subject: [PATCH 1338/1473] Update bundle --- Gemfile.lock | 124 +++++++++++++++++++++++++-------------------------- 1 file changed, 61 insertions(+), 63 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 82ddc2725d..be03532d70 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,89 +20,88 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.2.2) - actionpack (= 7.0.2.2) - activesupport (= 7.0.2.2) + actioncable (7.0.2.3) + actionpack (= 7.0.2.3) + activesupport (= 7.0.2.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.2.2) - actionpack (= 7.0.2.2) - activejob (= 7.0.2.2) - activerecord (= 7.0.2.2) - activestorage (= 7.0.2.2) - activesupport (= 7.0.2.2) + actionmailbox (7.0.2.3) + actionpack (= 7.0.2.3) + activejob (= 7.0.2.3) + activerecord (= 7.0.2.3) + activestorage (= 7.0.2.3) + activesupport (= 7.0.2.3) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.2.2) - actionpack (= 7.0.2.2) - actionview (= 7.0.2.2) - activejob (= 7.0.2.2) - activesupport (= 7.0.2.2) + actionmailer (7.0.2.3) + actionpack (= 7.0.2.3) + actionview (= 7.0.2.3) + activejob (= 7.0.2.3) + activesupport (= 7.0.2.3) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.2.2) - actionview (= 7.0.2.2) - activesupport (= 7.0.2.2) + actionpack (7.0.2.3) + actionview (= 7.0.2.3) + activesupport (= 7.0.2.3) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.2.2) - actionpack (= 7.0.2.2) - activerecord (= 7.0.2.2) - activestorage (= 7.0.2.2) - activesupport (= 7.0.2.2) + actiontext (7.0.2.3) + actionpack (= 7.0.2.3) + activerecord (= 7.0.2.3) + activestorage (= 7.0.2.3) + activesupport (= 7.0.2.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.2.2) - activesupport (= 7.0.2.2) + actionview (7.0.2.3) + activesupport (= 7.0.2.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.2.2) - activesupport (= 7.0.2.2) + activejob (7.0.2.3) + activesupport (= 7.0.2.3) globalid (>= 0.3.6) - activemodel (7.0.2.2) - activesupport (= 7.0.2.2) - activerecord (7.0.2.2) - activemodel (= 7.0.2.2) - activesupport (= 7.0.2.2) - activestorage (7.0.2.2) - actionpack (= 7.0.2.2) - activejob (= 7.0.2.2) - activerecord (= 7.0.2.2) - activesupport (= 7.0.2.2) + activemodel (7.0.2.3) + activesupport (= 7.0.2.3) + activerecord (7.0.2.3) + activemodel (= 7.0.2.3) + activesupport (= 7.0.2.3) + activestorage (7.0.2.3) + actionpack (= 7.0.2.3) + activejob (= 7.0.2.3) + activerecord (= 7.0.2.3) + activesupport (= 7.0.2.3) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.2.2) + activesupport (7.0.2.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - bcrypt (3.1.16) + bcrypt (3.1.17) builder (3.2.4) - concurrent-ruby (1.1.9) + concurrent-ruby (1.1.10) crass (1.0.6) digest (3.1.0) erubi (1.10.0) faraday (2.2.0) faraday-net_http (~> 2.0) ruby2_keywords (>= 0.0.4) - faraday-net_http (2.0.1) + faraday-net_http (2.0.2) globalid (1.0.0) activesupport (>= 5.0) hashie (5.0.0) i18n (1.10.0) concurrent-ruby (~> 1.0) - io-wait (0.2.1) jwt (2.3.0) - loofah (2.14.0) + loofah (2.16.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -123,8 +122,7 @@ GEM digest net-protocol timeout - net-protocol (0.1.2) - io-wait + net-protocol (0.1.3) timeout net-smtp (0.3.1) digest @@ -140,9 +138,9 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.4) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) rack-protection omniauth-facebook (9.0.0) omniauth-oauth2 (~> 1.2) @@ -164,28 +162,28 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (7.0.2.2) - actioncable (= 7.0.2.2) - actionmailbox (= 7.0.2.2) - actionmailer (= 7.0.2.2) - actionpack (= 7.0.2.2) - actiontext (= 7.0.2.2) - actionview (= 7.0.2.2) - activejob (= 7.0.2.2) - activemodel (= 7.0.2.2) - activerecord (= 7.0.2.2) - activestorage (= 7.0.2.2) - activesupport (= 7.0.2.2) + rails (7.0.2.3) + actioncable (= 7.0.2.3) + actionmailbox (= 7.0.2.3) + actionmailer (= 7.0.2.3) + actionpack (= 7.0.2.3) + actiontext (= 7.0.2.3) + actionview (= 7.0.2.3) + activejob (= 7.0.2.3) + activemodel (= 7.0.2.3) + activerecord (= 7.0.2.3) + activestorage (= 7.0.2.3) + activesupport (= 7.0.2.3) bundler (>= 1.15.0) - railties (= 7.0.2.2) + railties (= 7.0.2.3) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (7.0.2.2) - actionpack (= 7.0.2.2) - activesupport (= 7.0.2.2) + railties (7.0.2.3) + actionpack (= 7.0.2.3) + activesupport (= 7.0.2.3) method_source rake (>= 12.2) thor (~> 1.0) @@ -203,7 +201,7 @@ GEM stringio (3.0.1) strscan (3.0.1) thor (1.2.1) - timecop (0.9.4) + timecop (0.9.5) timeout (0.2.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) From 55eabee800493cff526a2846bd6ce054058bde01 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 21 Apr 2022 19:07:04 -0300 Subject: [PATCH 1339/1473] Use https source for github repos with Bundler 1.x GitHub no longer supports the git:// protocol, which was the default in Bundler 1.x. From the build: The unauthenticated git protocol on port 9418 is no longer supported. Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information. --- gemfiles/Gemfile-rails-4-1 | 5 +++++ gemfiles/Gemfile-rails-4-2 | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 44a1c98aac..7bbabf9db0 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -2,6 +2,11 @@ source "https://rubygems.org" +git_source(:github) do |repo_name| + repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?('/') + "https://github.com/#{repo_name}.git" +end + gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-1-stable" diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index bb35c5f2f3..6e106b5e92 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -2,6 +2,11 @@ source "https://rubygems.org" +git_source(:github) do |repo_name| + repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?('/') + "https://github.com/#{repo_name}.git" +end + gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-2-stable" From 875217d8c195eb857f2529c4aa357c3ef5f45c14 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 21 Apr 2022 21:08:50 -0300 Subject: [PATCH 1340/1473] Only set property for Rails 7, it has been removed on master https://github.com/rails/rails/pull/44827 --- test/rails_app/config/application.rb | 2 +- test/rails_app/config/boot.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 7d717db87e..1f4fbddba1 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -50,7 +50,7 @@ class Application < Rails::Application Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true end - if Devise::Test.rails7_and_up? + if Devise::Test.rails70? config.active_record.legacy_connection_handling = false end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 65acdfec49..524b561824 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -8,8 +8,8 @@ module Devise module Test # Detection for minor differences between Rails versions in tests. - def self.rails7_and_up? - Rails::VERSION::MAJOR >= 7 + def self.rails70? + Rails.version.start_with? '7.0' end def self.rails6_and_up? From e1c53d6580b0f4e30e598d6d249320d506770701 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Apr 2022 09:16:19 -0300 Subject: [PATCH 1341/1473] Check for empty response body on redirect with Rails main (future 7.1) Rails is no longer returning a message with the response body on redirects, just an empty body. https://github.com/rails/rails/pull/44554 --- test/failure_app_test.rb | 10 +++++++--- test/rails_app/config/boot.rb | 4 ++++ test/test/controller_helpers_test.rb | 14 ++++++++++++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index df4107c00e..883cf8b9bd 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -213,9 +213,13 @@ def call_failure(env_params = {}) test 'set up a default message' do call_failure - assert_match(/You are being/, @response.last.body) - assert_match(/redirected/, @response.last.body) - assert_match(/users\/sign_in/, @response.last.body) + if Devise::Test.rails71_and_up? + assert_empty @response.last.body + else + assert_match(/You are being/, @response.last.body) + assert_match(/redirected/, @response.last.body) + assert_match(/users\/sign_in/, @response.last.body) + end end test 'works for any navigational format' do diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 524b561824..4c108cc8c3 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -8,6 +8,10 @@ module Devise module Test # Detection for minor differences between Rails versions in tests. + def self.rails71_and_up? + !rails70? && Rails::VERSION::MAJOR >= 7 + end + def self.rails70? Rails.version.start_with? '7.0' end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 6c5d24ad17..c93ecf2e3d 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -97,7 +97,12 @@ def respond test "returns the body of a failure app" do get :index - assert_equal "You are being redirected.", response.body + + if Devise::Test.rails71_and_up? + assert_empty response.body + else + assert_equal "You are being redirected.", response.body + end end test "returns the content type of a failure app" do @@ -203,6 +208,11 @@ class TestControllerHelpersForStreamingControllerTest < Devise::ControllerTestCa test "doesn't hang when sending an authentication error response body" do get :index - assert_equal "You are being redirected.", response.body + + if Devise::Test.rails71_and_up? + assert_empty response.body + else + assert_equal "You are being redirected.", response.body + end end end From b5172a0cdbc02686ae905d65ec2392ead41be139 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Apr 2022 10:41:01 -0300 Subject: [PATCH 1342/1473] Fix csrf cleanup for Rails 7.1 (main) Rails implemented a CSRF token storage strategy to allow storing the CSRF tokens outside of the sessios (for example, in an encrypted cookie), and changed how the value is kept around during the request cycle, by using a request.env value. We still want to ensure the final session value is cleaned correctly in the test, but the implementation needed to change since we can't simply delete from the session anymore, we need to make sure we call the Rails methods for resetting the current storage strategy so it works with all of them. https://github.com/rails/rails/pull/44283 --- lib/devise/hooks/csrf_cleaner.rb | 8 +++++++- test/integration/authenticatable_test.rb | 12 ++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/devise/hooks/csrf_cleaner.rb b/lib/devise/hooks/csrf_cleaner.rb index d725fbc42c..211bcab82f 100644 --- a/lib/devise/hooks/csrf_cleaner.rb +++ b/lib/devise/hooks/csrf_cleaner.rb @@ -4,6 +4,12 @@ clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) || warden.winning_strategy.clean_up_csrf? if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy - warden.request.session.try(:delete, :_csrf_token) + request = warden.request + if request.respond_to?(:controller_instance) && request.controller_instance.respond_to?(:reset_csrf_token) + # Rails 7.1+ + request.controller_instance.reset_csrf_token(request) + else + request.session.try(:delete, :_csrf_token) + end end end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index a1bf28dae4..6c3be3b57c 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -346,10 +346,18 @@ class AuthenticationSessionTest < Devise::IntegrationTest test 'refreshes _csrf_token' do swap ApplicationController, allow_forgery_protection: true do get new_user_session_path - token = request.session[:_csrf_token] + token_from_session = request.session[:_csrf_token] + + if Devise::Test.rails71_and_up? + token_from_env = request.env["action_controller.csrf_token"] + end sign_in_as_user - assert_not_equal request.session[:_csrf_token], token + assert_not_equal request.session[:_csrf_token], token_from_session + + if Devise::Test.rails71_and_up? + assert_not_equal request.env["action_controller.csrf_token"], token_from_env + end end end From 2fa9303ab35f159d7c3fb76392692994155b18f0 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Apr 2022 12:55:08 -0300 Subject: [PATCH 1343/1473] Use new method to reset CSRF exposed via the request object This simplifies the logic considerably, as we don't need to reach out to what seems more internal-ish implementation of Rails with the interaction between the request and controller objects. https://github.com/rails/rails/commit/b925880914fa3dca8c9cd0f8e88fb18fc8ec180b --- lib/devise/hooks/csrf_cleaner.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/devise/hooks/csrf_cleaner.rb b/lib/devise/hooks/csrf_cleaner.rb index 211bcab82f..4a64739551 100644 --- a/lib/devise/hooks/csrf_cleaner.rb +++ b/lib/devise/hooks/csrf_cleaner.rb @@ -4,12 +4,11 @@ clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) || warden.winning_strategy.clean_up_csrf? if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy - request = warden.request - if request.respond_to?(:controller_instance) && request.controller_instance.respond_to?(:reset_csrf_token) + if warden.request.respond_to?(:reset_csrf_token) # Rails 7.1+ - request.controller_instance.reset_csrf_token(request) + warden.request.reset_csrf_token else - request.session.try(:delete, :_csrf_token) + warden.request.session.try(:delete, :_csrf_token) end end end From d4bf52bdfd652cc1d87fa5800a04b288a81fd787 Mon Sep 17 00:00:00 2001 From: Atul Kanswal Date: Mon, 27 Jun 2022 16:23:13 +0530 Subject: [PATCH 1344/1473] Update lockable.rb Documentation Confusion --- lib/devise/models/lockable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index ce9e3e57af..65bb400d0e 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -18,7 +18,7 @@ module Models # * +maximum_attempts+: how many attempts should be accepted before blocking the user. # * +lock_strategy+: lock the user account by :failed_attempts or :none. # * +unlock_strategy+: unlock the user account by :time, :email, :both or :none. - # * +unlock_in+: the time you want to lock the user after to lock happens. Only available when unlock_strategy is :time or :both. + # * +unlock_in+: the time you want to unlock the user after lock happens. Only available when unlock_strategy is :time or :both. # * +unlock_keys+: the keys you want to use when locking and unlocking an account # module Lockable From 41003bf5deaf2c09073a3a3701e32aaf266e991c Mon Sep 17 00:00:00 2001 From: okyanusoz <46757266+okyanusoz@users.noreply.github.com> Date: Tue, 30 Aug 2022 17:06:16 +0300 Subject: [PATCH 1345/1473] Update new.html.erb --- app/views/devise/passwords/new.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 9b486b81b9..6a9f517f0e 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -9,7 +9,7 @@
- <%= f.submit "Send me reset password instructions" %> + <%= f.submit "Send me password reset instructions" %>
<% end %> From fc1ac76ddf0052c61e76f90b03d877b29913eac2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 17 Jan 2023 14:16:17 -0300 Subject: [PATCH 1346/1473] Add support to Ruby 3.2 (no changes needed) --- .github/workflows/test.yml | 15 ++- CHANGELOG.md | 5 + Gemfile.lock | 199 +++++++++++++++++++------------------ 3 files changed, 119 insertions(+), 100 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7d5d080bb6..a15b0cd7d2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,6 +16,7 @@ jobs: - gemfiles/Gemfile-rails-4-2 - gemfiles/Gemfile-rails-4-1 ruby: + - '3.2' - '3.1' - '3.0' - '2.7' @@ -67,6 +68,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-6-1 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-6-0 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-6-0 @@ -79,6 +82,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-6-0 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-5-2 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-2 @@ -91,6 +96,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-2 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-5-1 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-1 @@ -101,6 +108,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-1 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-5-0 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-0 @@ -111,6 +120,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-0 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-4-2 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-4-2 @@ -119,6 +130,8 @@ jobs: ruby: '2.7' - gemfile: gemfiles/Gemfile-rails-4-2 ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-4-1 @@ -135,7 +148,7 @@ jobs: env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup Bundler 1.x for Rails 4.x if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV diff --git a/CHANGELOG.md b/CHANGELOG.md index e91257a120..5d48a34551 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* enhancements + * Add support for Ruby 3.1/3.2. + ### 4.8.1 - 2021-12-16 * enhancements diff --git a/Gemfile.lock b/Gemfile.lock index be03532d70..7cb193d21b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,176 +20,174 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.2.3) - actionpack (= 7.0.2.3) - activesupport (= 7.0.2.3) + actioncable (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.2.3) - actionpack (= 7.0.2.3) - activejob (= 7.0.2.3) - activerecord (= 7.0.2.3) - activestorage (= 7.0.2.3) - activesupport (= 7.0.2.3) + actionmailbox (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.2.3) - actionpack (= 7.0.2.3) - actionview (= 7.0.2.3) - activejob (= 7.0.2.3) - activesupport (= 7.0.2.3) + actionmailer (7.0.4) + actionpack (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activesupport (= 7.0.4) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.2.3) - actionview (= 7.0.2.3) - activesupport (= 7.0.2.3) + actionpack (7.0.4) + actionview (= 7.0.4) + activesupport (= 7.0.4) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.2.3) - actionpack (= 7.0.2.3) - activerecord (= 7.0.2.3) - activestorage (= 7.0.2.3) - activesupport (= 7.0.2.3) + actiontext (7.0.4) + actionpack (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.2.3) - activesupport (= 7.0.2.3) + actionview (7.0.4) + activesupport (= 7.0.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.2.3) - activesupport (= 7.0.2.3) + activejob (7.0.4) + activesupport (= 7.0.4) globalid (>= 0.3.6) - activemodel (7.0.2.3) - activesupport (= 7.0.2.3) - activerecord (7.0.2.3) - activemodel (= 7.0.2.3) - activesupport (= 7.0.2.3) - activestorage (7.0.2.3) - actionpack (= 7.0.2.3) - activejob (= 7.0.2.3) - activerecord (= 7.0.2.3) - activesupport (= 7.0.2.3) + activemodel (7.0.4) + activesupport (= 7.0.4) + activerecord (7.0.4) + activemodel (= 7.0.4) + activesupport (= 7.0.4) + activestorage (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activesupport (= 7.0.4) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.2.3) + activesupport (7.0.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - bcrypt (3.1.17) + bcrypt (3.1.18) builder (3.2.4) concurrent-ruby (1.1.10) crass (1.0.6) - digest (3.1.0) - erubi (1.10.0) - faraday (2.2.0) - faraday-net_http (~> 2.0) + date (3.3.3) + erubi (1.12.0) + faraday (2.7.3) + faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) - faraday-net_http (2.0.2) + faraday-net_http (3.0.2) globalid (1.0.0) activesupport (>= 5.0) hashie (5.0.0) - i18n (1.10.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) - jwt (2.3.0) - loofah (2.16.0) + jwt (2.6.0) + loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.1) + mail (2.8.0.1) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp marcel (1.0.2) method_source (1.0.0) mini_mime (1.1.2) mini_portile2 (2.6.1) - minitest (5.15.0) - mocha (1.13.0) - multi_json (1.15.0) + minitest (5.17.0) + mocha (1.16.1) multi_xml (0.6.0) - net-imap (0.2.3) - digest + net-imap (0.3.4) + date net-protocol - strscan - net-pop (0.1.1) - digest + net-pop (0.1.2) net-protocol + net-protocol (0.2.1) timeout - net-protocol (0.1.3) - timeout - net-smtp (0.3.1) - digest + net-smtp (0.3.3) net-protocol - timeout nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) - oauth2 (1.4.9) + oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) multi_xml (~> 0.5) - rack (>= 1.2, < 3) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (~> 1.1) omniauth (2.1.0) hashie (>= 3.4.6) rack (>= 2.2.3) rack-protection omniauth-facebook (9.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.2) - oauth2 (~> 1.4) - omniauth (>= 1.9, < 3) + omniauth-oauth2 (1.8.0) + oauth2 (>= 1.4, < 3) + omniauth (~> 2.0) omniauth-openid (2.0.1) omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) - psych (4.0.3) + psych (5.0.1) stringio - racc (1.6.0) - rack (2.2.3) + racc (1.6.2) + rack (2.2.6) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (2.2.0) + rack-protection (3.0.5) rack - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (7.0.2.3) - actioncable (= 7.0.2.3) - actionmailbox (= 7.0.2.3) - actionmailer (= 7.0.2.3) - actionpack (= 7.0.2.3) - actiontext (= 7.0.2.3) - actionview (= 7.0.2.3) - activejob (= 7.0.2.3) - activemodel (= 7.0.2.3) - activerecord (= 7.0.2.3) - activestorage (= 7.0.2.3) - activesupport (= 7.0.2.3) + rack-test (2.0.2) + rack (>= 1.3) + rails (7.0.4) + actioncable (= 7.0.4) + actionmailbox (= 7.0.4) + actionmailer (= 7.0.4) + actionpack (= 7.0.4) + actiontext (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activemodel (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) bundler (>= 1.15.0) - railties (= 7.0.2.3) + railties (= 7.0.4) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) - loofah (~> 2.3) - railties (7.0.2.3) - actionpack (= 7.0.2.3) - activesupport (= 7.0.2.3) + rails-html-sanitizer (1.4.4) + loofah (~> 2.19, >= 2.19.1) + railties (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) method_source rake (>= 12.2) thor (~> 1.0) zeitwerk (~> 2.5) rake (13.0.6) - rdoc (6.4.0) + rdoc (6.5.0) psych (>= 4.0.0) responders (3.0.1) actionpack (>= 5.0) @@ -197,14 +195,17 @@ GEM rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.5) - sqlite3 (1.4.2) - stringio (3.0.1) - strscan (3.0.1) + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) + sqlite3 (1.4.4) + stringio (3.0.4) thor (1.2.1) - timecop (0.9.5) - timeout (0.2.0) - tzinfo (2.0.4) + timecop (0.9.6) + timeout (0.3.1) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) + version_gem (1.1.1) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) @@ -214,7 +215,7 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.5.4) + zeitwerk (2.6.6) PLATFORMS ruby @@ -237,4 +238,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.3.8 + 2.4.4 From 59bedaa1e711c145218c88351633e577da0804b3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 17 Jan 2023 14:47:26 -0300 Subject: [PATCH 1347/1473] Attempt to get the build running on Ruby 2.2 It appears we're getting a newer version of this multipart-post dependency, which doesn't work well with Ruby 2.2 by using `Object.deprecate_constant`, resulting in the following error: .../multipart-post-2.2.0/lib/multipart/post/parts.rb:152:in `': undefined method `deprecate_constant' for Object:Class (NoMethodError) Hopefully by locking on a previous version we can just get the build back to green for now. --- gemfiles/Gemfile-rails-4-1 | 6 ++++++ gemfiles/Gemfile-rails-4-2 | 6 ++++++ gemfiles/Gemfile-rails-5-0 | 6 ++++++ gemfiles/Gemfile-rails-5-1 | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 7bbabf9db0..6f0b77e83d 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -38,3 +38,9 @@ end group :mongoid do gem "mongoid", "~> 4.0" end + +if RUBY_VERSION < "2.3.0" + # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using + # `Object.deprecate_constant` which isn't available. + gem "multipart-post", "2.1.1" +end diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index 6e106b5e92..43367157fd 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -37,3 +37,9 @@ end group :mongoid do gem "mongoid", "~> 4.0" end + +if RUBY_VERSION < "2.3.0" + # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using + # `Object.deprecate_constant` which isn't available. + gem "multipart-post", "2.1.1" +end diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index 486f0132a8..76eb2aab25 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -30,3 +30,9 @@ end # group :mongoid do # gem "mongoid", "~> 4.0.0" # end + +if RUBY_VERSION < "2.3.0" + # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using + # `Object.deprecate_constant` which isn't available. + gem "multipart-post", "2.1.1" +end diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 0d391aa545..0d5f470150 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -23,3 +23,9 @@ end platforms :ruby do gem "sqlite3", "~> 1.3.6" end + +if RUBY_VERSION < "2.3.0" + # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using + # `Object.deprecate_constant` which isn't available. + gem "multipart-post", "2.1.1" +end From 319d9fa648f98a88bdeb93ac74d1c3384b4e839d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 18 Jan 2023 11:46:33 -0300 Subject: [PATCH 1348/1473] Run with the latest rubygems on newer Ruby versions Rails master on Ruby 2.7/3.0 is failing with the following error: Resolving dependencies... Could not find compatible versions Because every version of rails depends on RubyGems >= 3.3.13 and Gemfile-rails-main depends on rails >= 0, RubyGems >= 3.3.13 is required. So, because current RubyGems version is = 3.1.6, version solving has failed. Trying to run with the latest available rubygems to see if that can fix the problem, but sticking to the "default" rubygems version on older Ruby versions to avoid build issues there. --- .github/workflows/test.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a15b0cd7d2..207f5703fc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -152,11 +152,18 @@ jobs: - name: Setup Bundler 1.x for Rails 4.x if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV + - name: Setup Rubygems version as default for Ruby < 2.5 + if: ${{ matrix.ruby < '2.5' }} + run: echo "RUBYGEMS_VERSION=default" >> $GITHUB_ENV + - name: Setup Rubygems version as 3.2.3 for Ruby 2.5 + if: ${{ matrix.ruby == '2.5' }} + run: echo "RUBYGEMS_VERSION=3.2.3" >> $GITHUB_ENV - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - bundler: ${{ env.BUNDLER_VERSION || 'latest' }} + bundler: ${{ env.BUNDLER_VERSION || 'default' }} + rubygems: ${{ env.RUBYGEMS_VERSION || 'latest' }} - uses: supercharge/mongodb-github-action@1.3.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From cddba289459d922d40eabf6c8475008995a78783 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 27 Jan 2023 17:15:20 -0300 Subject: [PATCH 1349/1473] Bundle update --- Gemfile.lock | 122 +++++++++++++++++++++++++-------------------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7cb193d21b..704f50e976 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,82 +20,82 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.4) - actionpack (= 7.0.4) - activesupport (= 7.0.4) + actioncable (7.0.4.2) + actionpack (= 7.0.4.2) + activesupport (= 7.0.4.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4) - actionpack (= 7.0.4) - activejob (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + actionmailbox (7.0.4.2) + actionpack (= 7.0.4.2) + activejob (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.4) - actionpack (= 7.0.4) - actionview (= 7.0.4) - activejob (= 7.0.4) - activesupport (= 7.0.4) + actionmailer (7.0.4.2) + actionpack (= 7.0.4.2) + actionview (= 7.0.4.2) + activejob (= 7.0.4.2) + activesupport (= 7.0.4.2) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.4) - actionview (= 7.0.4) - activesupport (= 7.0.4) + actionpack (7.0.4.2) + actionview (= 7.0.4.2) + activesupport (= 7.0.4.2) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.4) - actionpack (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + actiontext (7.0.4.2) + actionpack (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.4) - activesupport (= 7.0.4) + actionview (7.0.4.2) + activesupport (= 7.0.4.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.4) - activesupport (= 7.0.4) + activejob (7.0.4.2) + activesupport (= 7.0.4.2) globalid (>= 0.3.6) - activemodel (7.0.4) - activesupport (= 7.0.4) - activerecord (7.0.4) - activemodel (= 7.0.4) - activesupport (= 7.0.4) - activestorage (7.0.4) - actionpack (= 7.0.4) - activejob (= 7.0.4) - activerecord (= 7.0.4) - activesupport (= 7.0.4) + activemodel (7.0.4.2) + activesupport (= 7.0.4.2) + activerecord (7.0.4.2) + activemodel (= 7.0.4.2) + activesupport (= 7.0.4.2) + activestorage (7.0.4.2) + actionpack (= 7.0.4.2) + activejob (= 7.0.4.2) + activerecord (= 7.0.4.2) + activesupport (= 7.0.4.2) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.4) + activesupport (7.0.4.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) bcrypt (3.1.18) builder (3.2.4) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.0) crass (1.0.6) date (3.3.3) erubi (1.12.0) - faraday (2.7.3) + faraday (2.7.4) faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - globalid (1.0.0) + globalid (1.1.0) activesupport (>= 5.0) hashie (5.0.0) i18n (1.12.0) @@ -136,7 +136,7 @@ GEM rack (>= 1.2, < 4) snaky_hash (~> 2.0) version_gem (~> 1.1) - omniauth (2.1.0) + omniauth (2.1.1) hashie (>= 3.4.6) rack (>= 2.2.3) rack-protection @@ -149,10 +149,10 @@ GEM omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) - psych (5.0.1) + psych (5.0.2) stringio racc (1.6.2) - rack (2.2.6) + rack (2.2.6.2) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -160,28 +160,28 @@ GEM rack rack-test (2.0.2) rack (>= 1.3) - rails (7.0.4) - actioncable (= 7.0.4) - actionmailbox (= 7.0.4) - actionmailer (= 7.0.4) - actionpack (= 7.0.4) - actiontext (= 7.0.4) - actionview (= 7.0.4) - activejob (= 7.0.4) - activemodel (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + rails (7.0.4.2) + actioncable (= 7.0.4.2) + actionmailbox (= 7.0.4.2) + actionmailer (= 7.0.4.2) + actionpack (= 7.0.4.2) + actiontext (= 7.0.4.2) + actionview (= 7.0.4.2) + activejob (= 7.0.4.2) + activemodel (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) bundler (>= 1.15.0) - railties (= 7.0.4) + railties (= 7.0.4.2) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.4) + rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (7.0.4) - actionpack (= 7.0.4) - activesupport (= 7.0.4) + railties (7.0.4.2) + actionpack (= 7.0.4.2) + activesupport (= 7.0.4.2) method_source rake (>= 12.2) thor (~> 1.0) @@ -238,4 +238,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.4.4 + 2.4.5 From 3632ddf67473880ed9583201ce13f108c620514f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 31 Jan 2023 10:04:11 -0300 Subject: [PATCH 1350/1473] Remove XML serializer from a couple gemfiles missed previously It looks like I missed removing it when XMl was replaced with JSON across our test suite in a793472a3e28e8b0dec137531e3de64d91ff81ec. --- gemfiles/Gemfile-rails-6-1 | 2 -- gemfiles/Gemfile-rails-main | 2 -- 2 files changed, 4 deletions(-) diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index baa4827c28..49b19f342d 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 513e0572cf..4104445e75 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" From f08e0ad24aa6fec6f585247c0465e0d46c6d8a94 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 31 Jan 2023 09:32:40 -0300 Subject: [PATCH 1351/1473] Integrate with Hotwire/Turbo by configuring error and response statuses Treat `:turbo_stream` request format as a navigational format, much like HTML, so Devise/responders can work properly. Allow configuring the `error_status` and `redirect_status` using the latest responders features, via a new custom Devise responder, so we can customize the both responses to match Hotwire/Turbo behavior, for example with `422 Unprocessable Entity` and `303 See Other`, respectively. The defaults aren't changing in Devise itself (yet), so it still responds on errors cases with `200 OK`, and redirects on non-GET requests with `302 Found`, but new apps are generated with the new statuses and existing apps can opt-in. Please note that these defaults might change in a future release of Devise. PRs/Issues references: https://github.com/heartcombo/devise/pull/5545 https://github.com/heartcombo/devise/pull/5529 https://github.com/heartcombo/devise/pull/5516 https://github.com/heartcombo/devise/pull/5499 https://github.com/heartcombo/devise/pull/5487 https://github.com/heartcombo/devise/pull/5467 https://github.com/heartcombo/devise/pull/5440 https://github.com/heartcombo/devise/pull/5410 https://github.com/heartcombo/devise/pull/5340 https://github.com/heartcombo/devise/issues/5542 https://github.com/heartcombo/devise/issues/5530 https://github.com/heartcombo/devise/issues/5519 https://github.com/heartcombo/devise/issues/5513 https://github.com/heartcombo/devise/issues/5478 https://github.com/heartcombo/devise/issues/5468 https://github.com/heartcombo/devise/issues/5463 https://github.com/heartcombo/devise/issues/5458 https://github.com/heartcombo/devise/issues/5448 https://github.com/heartcombo/devise/issues/5446 https://github.com/heartcombo/devise/issues/5439 --- CHANGELOG.md | 15 +++++++++++ Gemfile | 2 +- Gemfile.lock | 14 ++++++++--- README.md | 19 ++++++++++++++ .../devise/confirmations_controller.rb | 1 + .../devise/registrations_controller.rb | 2 +- app/controllers/devise/sessions_controller.rb | 2 +- app/controllers/devise/unlocks_controller.rb | 1 + app/controllers/devise_controller.rb | 1 + app/views/devise/registrations/edit.html.erb | 2 +- .../devise/shared/_error_messages.html.erb | 2 +- gemfiles/Gemfile-rails-6-0 | 2 +- gemfiles/Gemfile-rails-6-1 | 2 +- gemfiles/Gemfile-rails-main | 2 +- lib/devise.rb | 10 +++++++- lib/devise/controllers/responder.rb | 25 +++++++++++++++++++ lib/devise/failure_app.rb | 6 +++-- lib/generators/templates/devise.rb | 18 +++++++------ .../registrations/edit.html.erb | 2 +- test/support/integration.rb | 4 +-- 20 files changed, 106 insertions(+), 26 deletions(-) create mode 100644 lib/devise/controllers/responder.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d48a34551..95643aa619 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ * enhancements * Add support for Ruby 3.1/3.2. + * Add support for Hotwire + Turbo, default in Rails 7+. + * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. + * Devise requires the latest `responders` version, which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` to match the behavior expected by Hotwire/Turbo: + + ```ruby + # config/initializers/devise.rb + Devise.setup do |config| + # ... + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other + # ... + end + ``` + + These configs are already generated by default with new apps, and existing apps may opt-in as described above. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. ### 4.8.1 - 2021-12-16 diff --git a/Gemfile b/Gemfile index 0b41fa0e1b..aac13712ca 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", "~> 3.0" +gem "responders", github: "heartcombo/responders", branch: "main" group :test do gem "nokogiri", "< 1.13" diff --git a/Gemfile.lock b/Gemfile.lock index 704f50e976..a9a79c79a7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,12 @@ +GIT + remote: https://github.com/heartcombo/responders.git + revision: fb9f787055a7a842584ce351793b249676290090 + branch: main + specs: + responders (3.0.1) + actionpack (>= 5.2) + railties (>= 5.2) + GIT remote: https://github.com/rails/rails-controller-testing.git revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74 @@ -189,9 +198,6 @@ GEM rake (13.0.6) rdoc (6.5.0) psych (>= 4.0.0) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.5) @@ -231,7 +237,7 @@ DEPENDENCIES rails (~> 7.0.0) rails-controller-testing! rdoc - responders (~> 3.0) + responders! rexml sqlite3 (~> 1.4) timecop diff --git a/README.md b/README.md index 8fa3f64b9d..cd2e74a830 100644 --- a/README.md +++ b/README.md @@ -476,6 +476,25 @@ Please note: You will still need to add `devise_for` in your routes in order to devise_for :users, skip: :all ``` +### Hotwire/Turbo + +Devise integrates with Hotwire/Turbo by treating such requests as navigational, and configuring certain responses for errors and redirects to match the expected behavior. New apps are generated with the following response configuration by default, and existing apps may opt-in by adding the config to their Devise initializers: + +```ruby +Devise.setup do |config| + # ... + # When using Devise with Hotwire/Turbo, the http status for error responses + # and some redirects must match the following. The default in Devise for existing + # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # these new defaults that match Hotwire/Turbo behavior. + # Note: These might become the new default in future versions of Devise. + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other +end +``` + +_Note_: the above statuses configuration may become the default for Devise in a future release. + ### I18n Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file: diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 3069c6efbf..5e22079ec8 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -27,6 +27,7 @@ def show set_flash_message!(:notice, :confirmed) respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else + # TODO: use `error_status` when the default changes to `:unprocessable_entity`. respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 1b8a969f82..f1292b4d90 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -67,7 +67,7 @@ def destroy Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name) set_flash_message! :notice, :destroyed yield resource if block_given? - respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) } + respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } end # GET /resource/cancel diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 9090b002f3..7c4ee7d4eb 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -77,7 +77,7 @@ def respond_to_on_destroy # support returning empty response on GET request respond_to do |format| format.all { head :no_content } - format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) } + format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } end end end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 1d04d62274..b1487760b6 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -29,6 +29,7 @@ def show set_flash_message! :notice, :unlocked respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } else + # TODO: use `error_status` when the default changes to `:unprocessable_entity`. respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 9911fa0b85..4bf92a6887 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -15,6 +15,7 @@ class DeviseController < Devise.parent_controller.constantize end prepend_before_action :assert_is_devise_resource! + self.responder = Devise.responder respond_to :html if mimes_for_respond_to.empty? # Override prefixes to consider the scoped view. diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 38d95b85a8..2a666e9257 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -38,6 +38,6 @@

Cancel my account

-

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

+

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>

<%= link_to "Back", :back %> diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb index ba7ab88701..cabfe307ef 100644 --- a/app/views/devise/shared/_error_messages.html.erb +++ b/app/views/devise/shared/_error_messages.html.erb @@ -1,5 +1,5 @@ <% if resource.errors.any? %> -
+

<%= I18n.t("errors.messages.not_saved", count: resource.errors.count, diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index d8f7743151..b6cb38f8ce 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", "~> 3.0" +gem "responders", github: "heartcombo/responders", branch: "main" group :test do gem "nokogiri", "< 1.13" diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 49b19f342d..1dc626ed7f 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", "~> 3.0" +gem "responders", github: "heartcombo/responders", branch: "main" if RUBY_VERSION >= "3.1" gem "net-smtp", require: false diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 4104445e75..fe9eba5aff 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", "~> 3.0" +gem "responders", github: "heartcombo/responders", branch: "main" group :test do gem "nokogiri", "< 1.13" diff --git a/lib/devise.rb b/lib/devise.rb index ede8038679..55045a8c18 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -23,6 +23,7 @@ module Devise module Controllers autoload :Helpers, 'devise/controllers/helpers' autoload :Rememberable, 'devise/controllers/rememberable' + autoload :Responder, 'devise/controllers/responder' autoload :ScopedViews, 'devise/controllers/scoped_views' autoload :SignInOut, 'devise/controllers/sign_in_out' autoload :StoreLocation, 'devise/controllers/store_location' @@ -217,7 +218,14 @@ module Test # Which formats should be treated as navigational. mattr_accessor :navigational_formats - @@navigational_formats = ["*/*", :html] + @@navigational_formats = ["*/*", :html, :turbo_stream] + + # The default responder used by Devise, not meant to be changed directly, + # but you can customize status codes with: + # `config.responder.error_status` + # `config.responder.redirect_status` + mattr_accessor :responder + @@responder = Devise::Controllers::Responder # When set to true, signing out a user signs out all other scopes. mattr_accessor :sign_out_all_scopes diff --git a/lib/devise/controllers/responder.rb b/lib/devise/controllers/responder.rb new file mode 100644 index 0000000000..8b15205788 --- /dev/null +++ b/lib/devise/controllers/responder.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Devise + module Controllers + # Custom Responder to configure default statuses that only apply to Devise, + # and allow to integrate more easily with Hotwire/Turbo. + class Responder < ActionController::Responder + if respond_to?(:error_status=) && respond_to?(:redirect_status=) + self.error_status = :ok + self.redirect_status = :found + else + # TODO: remove this support for older Rails versions, which aren't supported by Turbo + # and/or responders. It won't allow configuring a custom response, but it allows Devise + # to use these methods and defaults across the implementation more easily. + def self.error_status + :ok + end + + def self.redirect_status + :found + end + end + end + end +end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index ee8219fff1..d8042ec318 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -71,7 +71,9 @@ def recall end flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? - self.response = recall_app(warden_options[:recall]).call(request.env) + self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response| + response[0] = Rack::Utils.status_code(Devise.responder.error_status) + } end def redirect @@ -167,7 +169,7 @@ def scope_url end def skip_format? - %w(html */*).include? request_format.to_s + %w(html */* turbo_stream).include? request_format.to_s end # Choose whether we should respond in an HTTP authentication fashion, diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 1dbaddaa6e..4503f33f81 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -256,14 +256,14 @@ # ==> Navigation configuration # Lists the formats that should be treated as navigational. Formats like - # :html, should redirect to the sign in page when the user does not have + # :html should redirect to the sign in page when the user does not have # access, but formats like :xml or :json, should return 401. # # If you have any extra navigational formats, like :iphone or :mobile, you # should add them to the navigational formats lists. # # The "*/*" below is required to match Internet Explorer requests. - # config.navigational_formats = ['*/*', :html] + # config.navigational_formats = ['*/*', :html, :turbo_stream] # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :delete @@ -296,12 +296,14 @@ # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' - # ==> Turbolinks configuration - # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly: - # - # ActiveSupport.on_load(:devise_failure_app) do - # include Turbolinks::Controller - # end + # ==> Hotwire/Turbo configuration + # When using Devise with Hotwire/Turbo, the http status for error responses + # and some redirects must match the following. The default in Devise for existing + # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # these new defaults that match Hotwire/Turbo behavior. + # Note: These might become the new default in future versions of Devise. + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other # ==> Configuration for :registerable diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index dfb7eb94ea..147c6a0efb 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -30,6 +30,6 @@

Cancel my account

-

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

+

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>

<%= link_to "Back", :back %> diff --git a/test/support/integration.rb b/test/support/integration.rb index 76d297a499..3ed0d85aaf 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -61,8 +61,8 @@ def sign_in_as_admin(options = {}, &block) # account Middleware redirects. # def assert_redirected_to(url) - assert_includes [301, 302], @integration_session.status, - "Expected status to be 301 or 302, got #{@integration_session.status}" + assert_includes [301, 302, 303], @integration_session.status, + "Expected status to be 301, 302, or 303, got #{@integration_session.status}" assert_url url, @integration_session.headers["Location"] end From 88625d488f43bfc804b3c63437b463e71e9211b5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Feb 2023 11:05:03 -0300 Subject: [PATCH 1352/1473] Use `button_to` to generate a POST form, disable turbo with OmniAuth This changes the OmniAuth "sign in" links to use buttons, which can be wrapped in an actual HTML form with a method POST, making them work better with and without Turbo in the app. It doesn't require rails/ujs anymore in case of a non-Turbo app, as it previously did with links + method=POST. Turbo is disabled for those OmniAuth buttons, as they simply don't work trying to follow the redirect to the OmniAuth provider via fetch, causing CORS issues/errors. --- CHANGELOG.md | 23 ++++++++++++----------- app/views/devise/shared/_links.html.erb | 2 +- test/integration/omniauthable_test.rb | 8 ++++++-- test/integration/timeoutable_test.rb | 2 +- 4 files changed, 20 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95643aa619..b62296744e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,17 +6,18 @@ * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. * Devise requires the latest `responders` version, which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` to match the behavior expected by Hotwire/Turbo: - ```ruby - # config/initializers/devise.rb - Devise.setup do |config| - # ... - config.responder.error_status = :unprocessable_entity - config.responder.redirect_status = :see_other - # ... - end - ``` - - These configs are already generated by default with new apps, and existing apps may opt-in as described above. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. + ```ruby + # config/initializers/devise.rb + Devise.setup do |config| + # ... + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other + # ... + end + ``` + + These configs are already generated by default with new apps, and existing apps may opt-in as described above. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. + * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails/ujs to work. Since rails/ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails/ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. ### 4.8.1 - 2021-12-16 diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index 96a9412417..7a75304bad 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -20,6 +20,6 @@ <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> - <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), method: :post %>
+ <%= button_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), data: { turbo: false } %>
<% end %> <% end %> diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 1b14911dab..d6a2508303 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -128,13 +128,17 @@ def stub_action!(name) test "generates a link to authenticate with provider" do visit "/users/sign_in" - assert_select "a[href=?][data-method='post']", "/users/auth/facebook", text: "Sign in with FaceBook" + assert_select "form[action=?][method=post]", "/users/auth/facebook" do + assert_select "input[type=submit][value=?]", "Sign in with FaceBook" + end end test "generates a proper link when SCRIPT_NAME is set" do header 'SCRIPT_NAME', '/q' visit "/users/sign_in" - assert_select "a[href=?][data-method='post']", "/q/users/auth/facebook", text: "Sign in with FaceBook" + assert_select "form[action=?][method=post]", "/q/users/auth/facebook" do + assert_select "input[type=submit][value=?]", "Sign in with FaceBook" + end end test "handles callback error parameter according to the specification" do diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index b6f2471480..502e49fb2a 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -109,7 +109,7 @@ def last_request_at follow_redirect! assert_response :success - assert_contain 'Sign in' + assert_contain 'Log in' refute warden.authenticated?(:user) end From d0f0853c75defb10d83f4b2576b8df9e4cbb3695 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 Feb 2023 11:50:42 -0300 Subject: [PATCH 1353/1473] Remove CodeClimate badge It's not working right now, and we haven't used it in like forever to drive anything. Closes #5549 [ci skip] --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 8fa3f64b9d..d0fa3b95a6 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ ![Devise Logo](https://raw.github.com/heartcombo/devise/main/devise.png) -[![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise) - Devise is a flexible authentication solution for Rails based on Warden. It: * Is Rack based; From 0d392fa49f619328b890d536d9ac838a6b888d4a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 Feb 2023 13:37:26 -0300 Subject: [PATCH 1354/1473] Use the released version of responders v3.1.0 Unfortunately we can't enforce the version in the gemspec because responders only supports Rails 5.2 now, and Devise still supports previous versions. We'll drop support for those in a future major release, so for now I'm not adding any version. This also adds a warning in case someone is using an older version of responders and tries to set the error/redirect statuses via Devise, so that they know what to do (upgrade responders) in that case. --- CHANGELOG.md | 8 +++++--- Gemfile | 2 +- Gemfile.lock | 14 ++++---------- README.md | 2 ++ gemfiles/Gemfile-rails-6-0 | 2 +- gemfiles/Gemfile-rails-6-1 | 2 +- gemfiles/Gemfile-rails-main | 2 +- lib/devise/controllers/responder.rb | 10 ++++++++++ 8 files changed, 25 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b62296744e..607e1d0470 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,7 @@ * enhancements * Add support for Ruby 3.1/3.2. * Add support for Hotwire + Turbo, default in Rails 7+. - * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. - * Devise requires the latest `responders` version, which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` to match the behavior expected by Hotwire/Turbo: + * Devise uses the latest `responders` version (v3.1.0 or higher), which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` respectively, to match the behavior expected by Hotwire/Turbo: ```ruby # config/initializers/devise.rb @@ -16,7 +15,10 @@ end ``` - These configs are already generated by default with new apps, and existing apps may opt-in as described above. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. + These configs are already generated by default with new apps, and existing apps may opt-in as described above. Trying to set these with an older version of `responders` will issue a warning and have no effect, so please upgrade the `responders` version if you're upgrading Devise for this integration. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. + * If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with `config.responder = MyApplicationResponder`, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the `responders` readme for more info on that. + * If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary. + * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails/ujs to work. Since rails/ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails/ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. ### 4.8.1 - 2021-12-16 diff --git a/Gemfile b/Gemfile index aac13712ca..d6e25ba69b 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", github: "heartcombo/responders", branch: "main" +gem "responders", "~> 3.1" group :test do gem "nokogiri", "< 1.13" diff --git a/Gemfile.lock b/Gemfile.lock index a9a79c79a7..02dfe88989 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,12 +1,3 @@ -GIT - remote: https://github.com/heartcombo/responders.git - revision: fb9f787055a7a842584ce351793b249676290090 - branch: main - specs: - responders (3.0.1) - actionpack (>= 5.2) - railties (>= 5.2) - GIT remote: https://github.com/rails/rails-controller-testing.git revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74 @@ -198,6 +189,9 @@ GEM rake (13.0.6) rdoc (6.5.0) psych (>= 4.0.0) + responders (3.1.0) + actionpack (>= 5.2) + railties (>= 5.2) rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.5) @@ -237,7 +231,7 @@ DEPENDENCIES rails (~> 7.0.0) rails-controller-testing! rdoc - responders! + responders (~> 3.1) rexml sqlite3 (~> 1.4) timecop diff --git a/README.md b/README.md index cd2e74a830..b5076cb909 100644 --- a/README.md +++ b/README.md @@ -493,6 +493,8 @@ Devise.setup do |config| end ``` +**Important**: these custom responses require the `responders` gem version to be `3.1.0` or higher, please make sure you update it if you're going to use this configuration. + _Note_: the above statuses configuration may become the default for Devise in a future release. ### I18n diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index b6cb38f8ce..a73c66f0a7 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", github: "heartcombo/responders", branch: "main" +gem "responders", "~> 3.1" group :test do gem "nokogiri", "< 1.13" diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 1dc626ed7f..2469980fed 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", github: "heartcombo/responders", branch: "main" +gem "responders", "~> 3.1" if RUBY_VERSION >= "3.1" gem "net-smtp", require: false diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index fe9eba5aff..1dfb38eb23 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", github: "heartcombo/responders", branch: "main" +gem "responders", "~> 3.1" group :test do gem "nokogiri", "< 1.13" diff --git a/lib/devise/controllers/responder.rb b/lib/devise/controllers/responder.rb index 8b15205788..8e3858a13c 100644 --- a/lib/devise/controllers/responder.rb +++ b/lib/devise/controllers/responder.rb @@ -19,6 +19,16 @@ def self.error_status def self.redirect_status :found end + + def self.error_status=(*) + warn "[DEVISE] Setting the error status on the Devise responder has no effect with this " \ + "version of `responders`, please make sure you're using a newer version. Check the changelog for more info." + end + + def self.redirect_status=(*) + warn "[DEVISE] Setting the redirect status on the Devise responder has no effect with this " \ + "version of `responders`, please make sure you're using a newer version. Check the changelog for more info." + end end end end From 43c349a2fca9a26d33fa4fa09340f7087f8a2638 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 Feb 2023 15:26:23 -0300 Subject: [PATCH 1355/1473] Point version to v4.9.0.alpha for now Just want to have something different than the currently released version to test out more easily. Plus, this is probably going to become v4.9.0 final soon anyway. --- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 02dfe88989..bdb17cd695 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.8.1) + devise (4.9.0.alpha) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index ad9c7326a3..fb8f5d116f 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.8.1".freeze + VERSION = "4.9.0.alpha".freeze end From 2df5efcece9d8d0e05ed0f8dab25165d96c977e2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 Feb 2023 15:27:04 -0300 Subject: [PATCH 1356/1473] Add post install message pointing to the changelog and new upgrade guide There's some additional information in the wiki upgrade guide for those interested, but most of it is covered in the changelog and should suffice. The post install message should help guide people upgrading to make sure they know what to do in this new version, since some may be using Turbo out there with custom responders and failure apps and those would have to be removed in order to use these new changes fully. Hopefully that's enough of a nudge for them. --- CHANGELOG.md | 1 + README.md | 2 +- devise.gemspec | 7 +++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 607e1d0470..4acddbcd9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ * If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary. * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails/ujs to work. Since rails/ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails/ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. + * Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more detailed information. ### 4.8.1 - 2021-12-16 diff --git a/README.md b/README.md index b5076cb909..35f80995fa 100644 --- a/README.md +++ b/README.md @@ -493,7 +493,7 @@ Devise.setup do |config| end ``` -**Important**: these custom responses require the `responders` gem version to be `3.1.0` or higher, please make sure you update it if you're going to use this configuration. +**Important**: these custom responses require the `responders` gem version to be `3.1.0` or higher, please make sure you update it if you're going to use this configuration. Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more info. _Note_: the above statuses configuration may become the default for Devise in a future release. diff --git a/devise.gemspec b/devise.gemspec index 78c0177aab..3efad0f4d6 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -32,4 +32,11 @@ Gem::Specification.new do |s| s.add_dependency("bcrypt", "~> 3.0") s.add_dependency("railties", ">= 4.1.0") s.add_dependency("responders") + + s.post_install_message = %q{ +[DEVISE] Please review the [changelog] and [upgrade guide] for more info on Hotwire / Turbo integration. + + [changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md + [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D + } end From 8606e1e67178d52f5c439d8f7c141bff6a122f32 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 Feb 2023 11:04:34 -0300 Subject: [PATCH 1357/1473] Expand changelog/readme with info about Turbo vs rails-ujs behavior Explain a bit more about how `data-confirm` and `data-method` need to be updated to the turbo versions `data-turbo-confirm` and `data-turbo-method`, respectively. (and depending on its usage.) [ci skip] --- CHANGELOG.md | 4 +++- README.md | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4acddbcd9f..a782c0b709 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,9 @@ * If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with `config.responder = MyApplicationResponder`, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the `responders` readme for more info on that. * If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary. * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. - * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails/ujs to work. Since rails/ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails/ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. + * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails-ujs to work. Since rails-ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails-ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. + * The "Cancel my account" button was changed to include the `data-turbo-confirm` option, so that it works with both rails-ujs and Turbo by default. + * Devise does not provide "sign out" links/buttons in its shared views, but if you're using `sign_out_via` with `:delete` (the default), and are using links with `method: :delete`, those need to be updated with `data: { turbo_method: :delete }` instead for Turbo. * Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more detailed information. ### 4.8.1 - 2021-12-16 diff --git a/README.md b/README.md index 35f80995fa..88c37f8841 100644 --- a/README.md +++ b/README.md @@ -497,6 +497,15 @@ end _Note_: the above statuses configuration may become the default for Devise in a future release. +There are a couple other changes you might need to make in your app to work with Hotwire/Turbo, if you're migrating from rails-ujs: + +* The `data-confirm` option that adds a confirmation modal to buttons/forms before submission needs to change to `data-turbo-confirm`, so that Turbo handles those appropriately. +* The `data-method` option that sets the request method for link submissions needs to change to `data-turbo-method`. This is not necessary for `button_to` or `form`s since Turbo can handle those. + +If you're setting up Devise to sign out via `:delete`, and you're using links (instead of buttons wrapped in a form) to sign out with the `method: :delete` option, they will need to be updated as described above. (Devise does not provide sign out links/buttons in its shared views.) + +Make sure to inspect your views looking for those, and change appropriately. + ### I18n Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file: From 31c4f31ef44f7849c1fb8dd4db282e7157ce2933 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 9 Feb 2023 08:51:03 -0300 Subject: [PATCH 1358/1473] Tweak comment about overriding Devise.responder Albeit it's not super recommended, it's possible and even mentioned in the changelog/wiki in case the app has some additional responder logic that needs to be applied to Devise across the board. --- lib/devise.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 55045a8c18..1d9370cc4f 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -220,10 +220,12 @@ module Test mattr_accessor :navigational_formats @@navigational_formats = ["*/*", :html, :turbo_stream] - # The default responder used by Devise, not meant to be changed directly, - # but you can customize status codes with: - # `config.responder.error_status` - # `config.responder.redirect_status` + # The default responder used by Devise, used to customize status codes with: + # + # `config.responder.error_status` + # `config.responder.redirect_status` + # + # Can be replaced by a custom application responder. mattr_accessor :responder @@responder = Devise::Controllers::Responder From 49ed129c4057569761278467ea2ab331223a1b80 Mon Sep 17 00:00:00 2001 From: Junichi Ito Date: Sat, 11 Feb 2023 16:22:53 +0900 Subject: [PATCH 1359/1473] Replce p tag with div since p tags cannot contain other block elements --- app/views/devise/registrations/edit.html.erb | 2 +- .../templates/simple_form_for/registrations/edit.html.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 2a666e9257..b82e3365a3 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -38,6 +38,6 @@

Cancel my account

-

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>

+
Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>
<%= link_to "Back", :back %> diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index 147c6a0efb..b3c0089adb 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -30,6 +30,6 @@

Cancel my account

-

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>

+
Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>
<%= link_to "Back", :back %> From 44f0fd741f51bb71e2dd4219200acc5c91aef449 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 16 Feb 2023 09:09:41 -0300 Subject: [PATCH 1360/1473] Update copyright year [ci skip] Closes #5556 --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 4896d6e61e..248265870d 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. +Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. Permission is hereby granted, free of charge, to any person obtaining diff --git a/README.md b/README.md index 7f735d6f75..558e19e366 100644 --- a/README.md +++ b/README.md @@ -767,6 +767,6 @@ https://github.com/heartcombo/devise/graphs/contributors ## License -MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. +MIT License. Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From 7f419bf99adb9463617be7ccb0852d5f8f7b0317 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 17 Feb 2023 11:14:03 -0300 Subject: [PATCH 1361/1473] Release Devise v4.9.0 --- CHANGELOG.md | 3 +++ Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a782c0b709..94fafa5f4b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### Unreleased + +### 4.9.0 - 2023-02-17 + * enhancements * Add support for Ruby 3.1/3.2. * Add support for Hotwire + Turbo, default in Rails 7+. diff --git a/Gemfile.lock b/Gemfile.lock index bdb17cd695..1f6b13b08a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.0.alpha) + devise (4.9.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index fb8f5d116f..73c38d4d95 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.0.alpha".freeze + VERSION = "4.9.0".freeze end From 41e2db212065f2a75a5d73e76d6eb8ecd53a6acf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 20 Feb 2023 10:26:59 -0300 Subject: [PATCH 1362/1473] It is not required to copy the views when customizing controllers It is indeed recommended for consistency, but Rails will be able to find the views under `devise/` due to inheritance still, so make that a bit clearer in the readme docs about customizing controllers, explaining that copying or moving the views is an optional step. Closes #5526 [ci skip] --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 558e19e366..0f2a7d64fe 100644 --- a/README.md +++ b/README.md @@ -382,7 +382,7 @@ $ rails generate devise:views users ``` If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module, -you can pass a list of modules to the generator with the `-v` flag. +you can pass a list of views to the generator with the `-v` flag. ```console $ rails generate devise:views -v registrations confirmations @@ -410,7 +410,7 @@ If the customization at the views level is not enough, you can customize each co ... end ``` - (Use the -c flag to specify a controller, for example: `rails generate devise:controllers users -c=sessions`) + Use the `-c` flag to specify one or more controllers, for example: `rails generate devise:controllers users -c sessions`) 2. Tell the router to use this controller: @@ -418,7 +418,7 @@ If the customization at the views level is not enough, you can customize each co devise_for :users, controllers: { sessions: 'users/sessions' } ``` -3. Copy the views from `devise/sessions` to `users/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`. +3. Recommended but not required: copy (or move) the views from `devise/sessions` to `users/sessions`. Rails will continue using the views from `devise/sessions` due to inheritance if you skip this step, but having the views matching the controller(s) keeps things consistent. 4. Finally, change or extend the desired controller actions. From ee8f0f8e8325cfbf94ae8502b9c182475818c498 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Mar 2023 19:56:25 -0300 Subject: [PATCH 1363/1473] Fix frozen string in validatable, use multiline string instead. (#5563) Expand tests to check for the actual validatable exception message This was raising a `FrozenError` on Ruby < 3 where interpolated strings were considered frozen. This [changed in Ruby 3], since such strings are dynamic there's no point in freezing them by default. The test wasn't catching this because `FrozenError` actually inherits from `RuntimeError`: >> FrozenError.ancestors => [FrozenError, RuntimeError, StandardError, Exception, Object ...] So the exception check passed. Now we're also checking for the error message to ensure it raised the exception we really expected there. Closes #5465 [changed in Ruby 3] https://bugs.ruby-lang.org/issues/17104 Co-authored-by: Martin --- CHANGELOG.md | 2 ++ lib/devise/models/validatable.rb | 2 +- test/models/validatable_test.rb | 5 ++++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 94fafa5f4b..f74ac67a70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +* bug fixes + * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) ### 4.9.0 - 2023-02-17 diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 8f600a8c01..5a190a7c36 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -47,7 +47,7 @@ def self.assert_validations_api!(base) #:nodoc: unavailable_validations = VALIDATIONS.select { |v| !base.respond_to?(v) } unless unavailable_validations.empty? - raise "Could not use :validatable module since #{base} does not respond " << + raise "Could not use :validatable module since #{base} does not respond " \ "to the following methods: #{unavailable_validations.to_sentence}." end end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index f96cfa9182..d3b5c9dc00 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -110,9 +110,12 @@ class ValidatableTest < ActiveSupport::TestCase end test 'should not be included in objects with invalid API' do - assert_raise RuntimeError do + exception = assert_raise RuntimeError do Class.new.send :include, Devise::Models::Validatable end + + expected_message = /Could not use :validatable module since .* does not respond to the following methods: validates_presence_of.*/ + assert_match expected_message, exception.message end test 'required_fields should be an empty array' do From 90f46bac373416d6ad4b3541e6ca144b1f7ee527 Mon Sep 17 00:00:00 2001 From: Peter Goldstein Date: Fri, 25 Feb 2022 11:30:57 -0800 Subject: [PATCH 1364/1473] Monkeypatch webrat for Nokogiri compatibility This is an attempt to address the Webrat / Nokogiri compatibility issue [discussed here]. It monkeypatches Webrat to explicitly add the old default arguments to the invocation of to_xpath. Move monkey patch to its own file under test/support/webrat. I really need to get rid of webrat. Closes #5475 [discussed here] https://github.com/sparklemotion/nokogiri/issues/2469 --- Gemfile | 1 - Gemfile.lock | 7 +++---- gemfiles/Gemfile-rails-5-0 | 1 - gemfiles/Gemfile-rails-5-1 | 1 - gemfiles/Gemfile-rails-5-2 | 1 - gemfiles/Gemfile-rails-6-0 | 1 - gemfiles/Gemfile-rails-6-1 | 1 - gemfiles/Gemfile-rails-main | 1 - test/support/webrat/matchers.rb | 12 ++++++++++++ 9 files changed, 15 insertions(+), 11 deletions(-) create mode 100644 test/support/webrat/matchers.rb diff --git a/Gemfile b/Gemfile index d6e25ba69b..1a4ec8235a 100644 --- a/Gemfile +++ b/Gemfile @@ -14,7 +14,6 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/Gemfile.lock b/Gemfile.lock index 1f6b13b08a..286b1a6c14 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,7 +112,7 @@ GEM marcel (1.0.2) method_source (1.0.0) mini_mime (1.1.2) - mini_portile2 (2.6.1) + mini_portile2 (2.8.1) minitest (5.17.0) mocha (1.16.1) multi_xml (0.6.0) @@ -126,8 +126,8 @@ GEM net-smtp (0.3.3) net-protocol nio4r (2.5.8) - nokogiri (1.12.5) - mini_portile2 (~> 2.6.1) + nokogiri (1.14.2) + mini_portile2 (~> 2.8.0) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -223,7 +223,6 @@ PLATFORMS DEPENDENCIES devise! mocha (~> 1.1) - nokogiri (< 1.13) omniauth omniauth-facebook omniauth-oauth2 diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index 76eb2aab25..382cf3c5d3 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -14,7 +14,6 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 0d5f470150..24fe1d5e98 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -12,7 +12,6 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index 10bd39ba1e..5dc267def1 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -12,7 +12,6 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index a73c66f0a7..b59c4d3d76 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -12,7 +12,6 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 2469980fed..a4a81e4149 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -18,7 +18,6 @@ if RUBY_VERSION >= "3.1" end group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 1dfb38eb23..c9bea6f2b8 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -12,7 +12,6 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/test/support/webrat/matchers.rb b/test/support/webrat/matchers.rb new file mode 100644 index 0000000000..31815d460f --- /dev/null +++ b/test/support/webrat/matchers.rb @@ -0,0 +1,12 @@ +# Monkey patch for Nokogiri changes - https://github.com/sparklemotion/nokogiri/issues/2469 +module Webrat + module Matchers + class HaveSelector + def query + Nokogiri::CSS.parse(@expected.to_s).map do |ast| + ast.to_xpath("//", Nokogiri::CSS::XPathVisitor.new) + end.first + end + end + end +end \ No newline at end of file From 60c5774ff42c6bb7c75d0bcae1132efd458675f7 Mon Sep 17 00:00:00 2001 From: Matt Redmond Date: Fri, 26 Nov 2021 16:38:24 +1030 Subject: [PATCH 1365/1473] Delegate sign_in_after_reset_password to resource class Allows resource class scopes to overrides the global configuration for sign in after reset password behaviour. --- .../devise/passwords_controller.rb | 4 +-- test/integration/recoverable_test.rb | 25 +++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 64c2e2f858..3af1f864b7 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -36,7 +36,7 @@ def update if resource.errors.empty? resource.unlock_access! if unlockable?(resource) - if Devise.sign_in_after_reset_password + if resource_class.sign_in_after_reset_password flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message!(:notice, flash_message) resource.after_database_authentication @@ -53,7 +53,7 @@ def update protected def after_resetting_password_path_for(resource) - Devise.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name) + resource_class.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name) end # The path used after sending reset password instructions diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 7626607816..6faab811b1 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -222,6 +222,31 @@ def reset_password(options = {}, &block) end end + test 'does not sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is false' do + swap User, sign_in_after_reset_password: false do + create_user + request_forgot_password + reset_password + + assert_contain 'Your password has been changed successfully' + assert_not_contain 'You are now signed in.' + assert_equal new_user_session_path, @request.path + assert !warden.authenticated?(:user) + end + end + + test 'sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is true' do + swap Devise, sign_in_after_reset_password: false do + swap User, sign_in_after_reset_password: true do + create_user + request_forgot_password + reset_password + + assert warden.authenticated?(:user) + end + end + end + test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do [:none, :time].each do |strategy| swap Devise, unlock_strategy: strategy do From c7a719a9791f843016dc615341b75ad80d7c730d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Mar 2023 22:20:36 -0300 Subject: [PATCH 1366/1473] Add changelog for #5429 [ci skip] --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f74ac67a70..22b1b76358 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### Unreleased +* enhancements + * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) + * bug fixes * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) From df8b79a53f5ed3f111bff0074427f4aad1346acf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Mar 2023 22:43:17 -0300 Subject: [PATCH 1367/1473] Fix added tests for `sign_in_after_reset_password` per resource class We can't just "swap" those model properties, as that sets instance vars on the classes that get reverted to their "previous" value, which ends up leaving the instance vars set as `nil`. However, our logic for those model/class properties actually checks for `defined?` as a way to override them, and delegates up to `Devise` global config if they are not defined, so leaving instance vars back with `nil` values isn't enough, we need to actually remove them. This introduces a new test helper specifically for overriding those model configs so that we can do proper cleanup. --- test/integration/recoverable_test.rb | 4 ++-- test/support/helpers.rb | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 6faab811b1..ed7f62fcb9 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -223,7 +223,7 @@ def reset_password(options = {}, &block) end test 'does not sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is false' do - swap User, sign_in_after_reset_password: false do + swap_model_config User, sign_in_after_reset_password: false do create_user request_forgot_password reset_password @@ -237,7 +237,7 @@ def reset_password(options = {}, &block) test 'sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is true' do swap Devise, sign_in_after_reset_password: false do - swap User, sign_in_after_reset_password: true do + swap_model_config User, sign_in_after_reset_password: true do create_user request_forgot_password reset_password diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 11ac4486a7..2351e5b655 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -73,6 +73,17 @@ def swap(object, new_values) end end + def swap_model_config(model, new_values) + new_values.each do |key, value| + model.send :"#{key}=", value + end + yield + ensure + new_values.each_key do |key| + model.remove_instance_variable :"@#{key}" + end + end + def clear_cached_variables(options) if options.key?(:case_insensitive_keys) || options.key?(:strip_whitespace_keys) Devise.mappings.each do |_, mapping| From 400eaf7fbe05f50b48c08dc7dbf23259cbdb8bdb Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Mar 2023 22:50:28 -0300 Subject: [PATCH 1368/1473] Remove not used constant It's only been almost ~10 years since we removed it's usage. :D dff7891b97d785d228a15dff5c1acdb0da34605f --- test/support/helpers.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 2351e5b655..01dc6aa562 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -3,8 +3,6 @@ require 'active_support/test_case' class ActiveSupport::TestCase - VALID_AUTHENTICATION_TOKEN = 'AbCdEfGhIjKlMnOpQrSt'.freeze - def setup_mailer ActionMailer::Base.deliveries = [] end From 8acbdd6d93310ee1def597704e8541992010118b Mon Sep 17 00:00:00 2001 From: tabakazu Date: Sat, 26 Oct 2019 10:44:02 +0900 Subject: [PATCH 1369/1473] Replace matcher `refute` to `assert_not` --- test/controllers/helpers_test.rb | 6 +- test/controllers/internal_helpers_test.rb | 2 +- test/devise_test.rb | 12 ++-- test/integration/authenticatable_test.rb | 72 +++++++++---------- test/integration/confirmable_test.rb | 14 ++-- .../database_authenticatable_test.rb | 10 +-- test/integration/http_authenticatable_test.rb | 2 +- test/integration/lockable_test.rb | 2 +- test/integration/omniauthable_test.rb | 4 +- test/integration/recoverable_test.rb | 8 +-- test/integration/registerable_test.rb | 14 ++-- test/integration/rememberable_test.rb | 22 +++--- test/integration/timeoutable_test.rb | 10 +-- test/integration/trackable_test.rb | 2 +- test/mapping_test.rb | 2 +- test/models/confirmable_test.rb | 46 ++++++------ test/models/database_authenticatable_test.rb | 18 ++--- test/models/lockable_test.rb | 26 +++---- test/models/recoverable_test.rb | 20 +++--- test/models/timeoutable_test.rb | 12 ++-- test/models/validatable_test.rb | 2 +- test/models_test.rb | 2 +- test/test/integration_helpers_test.rb | 4 +- 23 files changed, 156 insertions(+), 156 deletions(-) diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index b48502643e..abe0f648e8 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -98,7 +98,7 @@ def setup test 'proxy admin_signed_in? to authenticatewith admin scope' do @mock_warden.expects(:authenticate).with(scope: :admin) - refute @controller.admin_signed_in? + assert_not @controller.admin_signed_in? end test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do @@ -319,10 +319,10 @@ def setup test 'is_flashing_format? is guarded against flash (middleware) not being loaded' do @controller.request.expects(:respond_to?).with(:flash).returns(false) - refute @controller.is_flashing_format? + assert_not @controller.is_flashing_format? end test 'is not a devise controller' do - refute @controller.devise_controller? + assert_not @controller.devise_controller? end end diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 9f1b3f5b42..af49c13023 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -121,7 +121,7 @@ def setup MyController.send(:public, :navigational_formats) swap Devise, navigational_formats: ['*/*', :html] do - refute @controller.navigational_formats.include?("*/*") + assert_not @controller.navigational_formats.include?("*/*") end MyController.send(:protected, :navigational_formats) diff --git a/test/devise_test.rb b/test/devise_test.rb index 088527febb..423daf37ef 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -71,8 +71,8 @@ class DeviseTest < ActiveSupport::TestCase test 'add new module using the helper method' do Devise.add_module(:coconut) assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size - refute Devise::STRATEGIES.include?(:coconut) - refute defined?(Devise::Models::Coconut) + assert_not Devise::STRATEGIES.include?(:coconut) + assert_not defined?(Devise::Models::Coconut) Devise::ALL.delete(:coconut) Devise.add_module(:banana, strategy: :fruits) @@ -88,11 +88,11 @@ class DeviseTest < ActiveSupport::TestCase test 'should complain when comparing empty or different sized passes' do [nil, ""].each do |empty| - refute Devise.secure_compare(empty, "something") - refute Devise.secure_compare("something", empty) - refute Devise.secure_compare(empty, empty) + assert_not Devise.secure_compare(empty, "something") + assert_not Devise.secure_compare("something", empty) + assert_not Devise.secure_compare(empty, empty) end - refute Devise.secure_compare("size_1", "size_four") + assert_not Devise.secure_compare("size_1", "size_four") end test 'Devise.email_regexp should match valid email addresses' do diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 6c3be3b57c..a8592e14a5 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -6,7 +6,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest test 'sign in should not run model validations' do sign_in_as_user - refute User.validations_performed + assert_not User.validations_performed end test 'home should be accessible without sign in' do @@ -18,13 +18,13 @@ class AuthenticationSanityTest < Devise::IntegrationTest test 'sign in as user should not authenticate admin scope' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'sign in as admin should not authenticate user scope' do sign_in_as_admin assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'sign in as both user and admin at same time' do @@ -39,7 +39,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_user sign_in_as_admin delete destroy_user_session_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert warden.authenticated?(:admin) end end @@ -50,7 +50,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_admin_session_path - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) assert warden.authenticated?(:user) end end @@ -61,8 +61,8 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_user_session_path - refute warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:user) + assert_not warden.authenticated?(:admin) end end @@ -72,21 +72,21 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_admin_session_path - refute warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:admin) + assert_not warden.authenticated?(:user) end end test 'not signed in as admin should not be able to access admins actions' do get admins_path assert_redirected_to new_admin_session_path - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'signed in as user should not be able to access admins actions' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) get admins_path assert_redirected_to new_admin_session_path @@ -95,7 +95,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest test 'signed in as admin should be able to access admin actions' do sign_in_as_admin assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get admins_path @@ -123,7 +123,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest get root_path assert_contain 'Signed out successfully' - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'unauthenticated admin set message on sign out' do @@ -146,13 +146,13 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'not signed in should not be able to access private route (authenticate denied)' do get private_path assert_redirected_to new_admin_session_path - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'signed in as user should not be able to access private route restricted to admins (authenticate denied)' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) get private_path assert_redirected_to new_admin_session_path end @@ -160,7 +160,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as admin should be able to access private route restricted to admins (authenticate accepted)' do sign_in_as_admin assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get private_path @@ -172,7 +172,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do sign_in_as_admin(active: false) assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_raises ActionController::RoutingError do get "/private/active" @@ -182,7 +182,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do sign_in_as_admin(active: true) assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get private_active_path @@ -194,7 +194,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as admin should get admin dashboard (authenticated accepted)' do sign_in_as_admin assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get dashboard_path @@ -206,7 +206,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as user should get user dashboard (authenticated accepted)' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) get dashboard_path @@ -224,7 +224,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do sign_in_as_admin(active: false) assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_raises ActionController::RoutingError do get "/dashboard/active" @@ -234,7 +234,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do sign_in_as_admin(active: true) assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get dashboard_active_path @@ -246,7 +246,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in user should not see unauthenticated page (unauthenticated denied)' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) assert_raises ActionController::RoutingError do get join_path @@ -424,13 +424,13 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'handles unverified requests gets rid of caches' do swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) sign_in_as_user assert warden.authenticated?(:user) post exhibit_user_url(1) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_equal "User is not authenticated", response.body end end @@ -485,7 +485,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'uses the mapping from router' do sign_in_as_user visit: "/as/sign_in" assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'sign in with json format returns json response' do @@ -527,7 +527,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_user delete destroy_user_session_path(format: 'json') assert_response :no_content - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'sign out with non-navigational format via XHR does not redirect' do @@ -535,7 +535,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_admin get destroy_sign_out_via_get_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. assert_response :no_content - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -545,7 +545,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_user delete destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" } assert_response :redirect - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end end @@ -555,7 +555,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest swap Devise, authentication_keys: [:subdomain] do sign_in_as_user assert_contain "Invalid Subdomain or password." - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -584,7 +584,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest sign_in_as_user end - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -594,7 +594,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest swap Devise, request_keys: [:subdomain] do sign_in_as_user assert_contain "Invalid Email or password." - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -617,7 +617,7 @@ def sign_in!(scope) test 'allow sign out via delete when sign_out_via provides only delete' do sign_in!(:sign_out_via_delete) delete destroy_sign_out_via_delete_session_path - refute warden.authenticated?(:sign_out_via_delete) + assert_not warden.authenticated?(:sign_out_via_delete) end test 'do not allow sign out via get when sign_out_via provides only delete' do @@ -631,7 +631,7 @@ def sign_in!(scope) test 'allow sign out via post when sign_out_via provides only post' do sign_in!(:sign_out_via_post) post destroy_sign_out_via_post_session_path - refute warden.authenticated?(:sign_out_via_post) + assert_not warden.authenticated?(:sign_out_via_post) end test 'do not allow sign out via get when sign_out_via provides only post' do @@ -645,13 +645,13 @@ def sign_in!(scope) test 'allow sign out via delete when sign_out_via provides delete and post' do sign_in!(:sign_out_via_delete_or_post) delete destroy_sign_out_via_delete_or_post_session_path - refute warden.authenticated?(:sign_out_via_delete_or_post) + assert_not warden.authenticated?(:sign_out_via_delete_or_post) end test 'allow sign out via post when sign_out_via provides delete and post' do sign_in!(:sign_out_via_delete_or_post) post destroy_sign_out_via_delete_or_post_session_path - refute warden.authenticated?(:sign_out_via_delete_or_post) + assert_not warden.authenticated?(:sign_out_via_delete_or_post) end test 'do not allow sign out via get when sign_out_via provides delete and post' do diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 278f9488eb..e403077487 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -43,12 +43,12 @@ def resend_confirmation test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) - refute user.confirmed? + assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) assert_have_selector '#error_explanation' assert_contain %r{needs to be confirmed within 3 days} - refute user.reload.confirmed? + assert_not user.reload.confirmed? assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}" end end @@ -86,7 +86,7 @@ def resend_confirmation test 'user with valid confirmation token should be able to confirm an account before the token has expired' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 2.days.ago) - refute user.confirmed? + assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' @@ -132,7 +132,7 @@ def resend_confirmation sign_in_as_user(confirm: false) assert_contain 'You have to confirm your email address before continuing' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -143,7 +143,7 @@ def resend_confirmation end assert_contain 'Invalid Email or password' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -308,7 +308,7 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? - refute admin.reload.pending_reconfirmation? + assert_not admin.reload.pending_reconfirmation? end test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do @@ -330,7 +330,7 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? - refute admin.reload.pending_reconfirmation? + assert_not admin.reload.pending_reconfirmation? end test 'admin email should be unique also within unconfirmed_email' do diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index ed641ef297..20097a8718 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -21,7 +21,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'email', with: 'foo@bar.com' end - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -43,14 +43,14 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'email', with: ' foo@bar.com ' end - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end test 'sign in should not authenticate if not using proper authentication keys' do swap Devise, authentication_keys: [:username] do sign_in_as_user - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -61,7 +61,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end assert_contain 'Invalid email address' - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end end @@ -71,7 +71,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end assert_contain 'Invalid Email or password' - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'when in paranoid mode and without a valid e-mail' do diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 6832159578..707a070567 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -6,7 +6,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest test 'sign in with HTTP should not run model validations' do sign_in_as_new_user_with_http - refute User.validations_performed + assert_not User.validations_performed end test 'handles unverified requests gets rid of caches but continues signed in' do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 437d8eec98..e5dd5ee08b 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -87,7 +87,7 @@ def send_unlock_request assert_current_url "/users/sign_in" assert_contain 'Your account has been unlocked successfully. Please sign in to continue.' - refute user.reload.access_locked? + assert_not user.reload.access_locked? end test "user should not send a new e-mail if already locked" do diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index d6a2508303..61d6dab287 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -52,7 +52,7 @@ def stub_action!(name) follow_redirect! assert warden.authenticated?(:user) - refute User.validations_performed + assert_not User.validations_performed end end @@ -87,7 +87,7 @@ def stub_action!(name) assert_current_url "/" assert_contain "You have signed up successfully." assert_contain "Hello User user@example.com" - refute session["devise.facebook_data"] + assert_not session["devise.facebook_data"] end test "cleans up session on cancel" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index ed7f62fcb9..57bfb9f74c 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -12,7 +12,7 @@ def visit_new_password_path def request_forgot_password(&block) visit_new_password_path assert_response :success - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) fill_in 'email', with: 'user@test.com' yield if block_given? @@ -160,7 +160,7 @@ def reset_password(options = {}, &block) assert_current_url '/users/password' assert_have_selector '#error_explanation' assert_contain %r{Reset password token(.*)invalid} - refute user.reload.valid_password?('987654321') + assert_not user.reload.valid_password?('987654321') end test 'not authenticated user with valid reset password token but invalid password should not be able to change their password' do @@ -174,7 +174,7 @@ def reset_password(options = {}, &block) assert_current_url '/users/password' assert_have_selector '#error_explanation' assert_contain "Password confirmation doesn't match Password" - refute user.reload.valid_password?('987654321') + assert_not user.reload.valid_password?('987654321') end test 'not authenticated user with valid data should be able to change their password' do @@ -194,7 +194,7 @@ def reset_password(options = {}, &block) reset_password { fill_in 'Confirm new password', with: 'other_password' } assert_response :success assert_have_selector '#error_explanation' - refute user.reload.valid_password?('987654321') + assert_not user.reload.valid_password?('987654321') reset_password visit: false assert_contain 'Your password has been changed successfully.' diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index b407223312..e08933f8e6 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -66,11 +66,11 @@ def user_sign_up assert_not_contain 'You have to confirm your account before continuing' assert_current_url "/" - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', user.email - refute user.confirmed? + assert_not user.confirmed? end test 'a guest user should receive the confirmation instructions from the default mailer' do @@ -94,7 +94,7 @@ def user_sign_up click_button 'Sign up' assert_current_url "/?custom=1" - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'a guest user cannot sign up with invalid information' do @@ -116,7 +116,7 @@ def user_sign_up assert_contain "2 errors prohibited" assert_nil User.to_adapter.find_first - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'a guest should not sign up with email/password that already exists' do @@ -135,7 +135,7 @@ def user_sign_up assert_current_url '/users' assert_contain(/Email.*already.*taken/) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'a guest should not be able to change account' do @@ -191,7 +191,7 @@ def user_sign_up assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again.' assert_equal new_user_session_path, @request.path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -252,7 +252,7 @@ def user_sign_up click_button 'Update' assert_contain "Password confirmation doesn't match Password" - refute User.to_adapter.find_first.valid_password?('pas123') + assert_not User.to_adapter.find_first.valid_password?('pas123') end test 'a signed in user should see a warning about minimum password length' do diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 62547e762b..c9430f570b 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -41,12 +41,12 @@ def cookie_expires(key) test 'handle unverified requests gets rid of caches' do swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) create_user_and_remember post exhibit_user_url(1) assert_equal "User is not authenticated", response.body - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -59,8 +59,8 @@ def cookie_expires(key) authenticity_token: "oops", user: { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" } } - refute warden.authenticated?(:user) - refute request.cookies['remember_user_token'] + assert_not warden.authenticated?(:user) + assert_not request.cookies['remember_user_token'] end end @@ -140,7 +140,7 @@ def cookie_expires(key) get root_path current_remember_token = request.cookies['remember_user_token'] - refute_equal old_remember_token, current_remember_token + assert_not_equal old_remember_token, current_remember_token end end @@ -166,13 +166,13 @@ def cookie_expires(key) get root_path assert_response :success assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'do not remember with invalid token' do create_user_and_remember('add') get users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_redirected_to new_user_session_path end @@ -180,7 +180,7 @@ def cookie_expires(key) create_user_and_remember swap Devise, remember_for: 0.days do get users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_redirected_to new_user_session_path end end @@ -191,11 +191,11 @@ def cookie_expires(key) assert warden.authenticated?(:user) delete destroy_user_session_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_nil warden.cookies['remember_user_token'] get users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'changing user password expires remember me token' do @@ -205,7 +205,7 @@ def cookie_expires(key) user.save! get users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'valid sign in calls after_remembered callback' do diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 502e49fb2a..d11d59105c 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -58,7 +58,7 @@ def last_request_at get users_path assert_redirected_to users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert warden.authenticated?(:admin) end end @@ -72,8 +72,8 @@ def last_request_at assert_not_nil last_request_at get root_path - refute warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:user) + assert_not warden.authenticated?(:admin) end end @@ -110,7 +110,7 @@ def last_request_at assert_response :success assert_contain 'Log in' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'time out is not triggered on sign in' do @@ -136,7 +136,7 @@ def last_request_at get expire_user_path(user) get users_path assert_redirected_to users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index adfd0bd6f0..f5b6fcda82 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -6,7 +6,7 @@ class TrackableHooksTest < Devise::IntegrationTest test "trackable should not run model validations" do sign_in_as_user - refute User.validations_performed + assert_not User.validations_performed end test "current and last sign in timestamps are updated on each sign in" do diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 0c874570ca..9d60287cd4 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -117,7 +117,7 @@ def user.devise_scope; :special_scope; end assert mapping.authenticatable? assert mapping.recoverable? assert mapping.lockable? - refute mapping.omniauthable? + assert_not mapping.omniauthable? end test 'find mapping by path' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 36acf54064..a1002c89d8 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -41,9 +41,9 @@ def setup end test 'should verify whether a user is confirmed or not' do - refute new_user.confirmed? + assert_not new_user.confirmed? user = create_user - refute user.confirmed? + assert_not user.confirmed? user.confirm assert user.confirmed? end @@ -53,7 +53,7 @@ def setup assert user.confirm assert_blank user.errors[:email] - refute user.confirm + assert_not user.confirm assert_equal "was already confirmed, please try signing in", user.errors[:email].join end @@ -67,13 +67,13 @@ def setup test 'should return a new record with errors when a invalid token is given' do confirmed_user = User.confirm_by_token('invalid_confirmation_token') - refute confirmed_user.persisted? + assert_not confirmed_user.persisted? assert_equal "is invalid", confirmed_user.errors[:confirmation_token].join end test 'should return a new record with errors when a blank token is given' do confirmed_user = User.confirm_by_token('') - refute confirmed_user.persisted? + assert_not confirmed_user.persisted? assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end @@ -82,7 +82,7 @@ def setup confirmed_user = User.confirm_by_token('') - refute user.reload.confirmed? + assert_not user.reload.confirmed? assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end @@ -91,7 +91,7 @@ def setup confirmed_user = User.confirm_by_token(nil) - refute user.reload.confirmed? + assert_not user.reload.confirmed? assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end @@ -145,7 +145,7 @@ def setup assert_email_not_sent do user.save! - refute user.confirmed? + assert_not user.confirmed? end end @@ -165,7 +165,7 @@ def setup test 'should return a new user if no email was found' do confirmation_user = User.send_confirmation_instructions(email: "invalid@example.com") - refute confirmation_user.persisted? + assert_not confirmation_user.persisted? end test 'should add error to new user email if no email was found' do @@ -212,7 +212,7 @@ def setup test 'should not be able to send instructions if the user is already confirmed' do user = create_user user.confirm - refute user.resend_confirmation_instructions + assert_not user.resend_confirmation_instructions assert user.confirmed? assert_equal 'was already confirmed, please try signing in', user.errors[:email].join end @@ -221,7 +221,7 @@ def setup swap Devise, allow_unconfirmed_access_for: 1.day do user = create_user user.confirmation_sent_at = 2.days.ago - refute user.active_for_authentication? + assert_not user.active_for_authentication? Devise.allow_unconfirmed_access_for = 3.days assert user.active_for_authentication? @@ -237,14 +237,14 @@ def setup assert user.active_for_authentication? user.confirmation_sent_at = 5.days.ago - refute user.active_for_authentication? + assert_not user.active_for_authentication? end end test 'should be active when already confirmed' do user = create_user - refute user.confirmed? - refute user.active_for_authentication? + assert_not user.confirmed? + assert_not user.active_for_authentication? user.confirm assert user.confirmed? @@ -255,7 +255,7 @@ def setup Devise.allow_unconfirmed_access_for = 0.days user = create_user user.confirmation_sent_at = Time.zone.today - refute user.active_for_authentication? + assert_not user.active_for_authentication? end test 'should not be active when confirm period is set to 0 days' do @@ -264,7 +264,7 @@ def setup Timecop.freeze(Time.zone.today) do user.confirmation_sent_at = Time.zone.today - refute user.active_for_authentication? + assert_not user.active_for_authentication? end end @@ -280,7 +280,7 @@ def setup user = create_user user.confirmation_sent_at = nil user.save - refute user.reload.active_for_authentication? + assert_not user.reload.active_for_authentication? end test 'should be active without confirmation when confirmation is not required' do @@ -313,7 +313,7 @@ def setup swap Devise, confirmation_keys: [:username, :email] do user = create_user confirm_user = User.send_confirmation_instructions(email: user.email) - refute confirm_user.persisted? + assert_not confirm_user.persisted? assert_equal "can't be blank", confirm_user.errors[:username].join end end @@ -338,7 +338,7 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) test 'should not accept confirmation email token after 4 days when expiration is set to 3 days' do swap Devise, confirm_within: 3.days do - refute confirm_user_by_token_with_confirmation_sent_at(4.days.ago) + assert_not confirm_user_by_token_with_confirmation_sent_at(4.days.ago) end end @@ -378,14 +378,14 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) self.username = self.username.to_s + 'updated' end old = user.username - refute user.confirm + assert_not user.confirm assert_equal user.username, old end test 'should always perform validations upon confirm when ensure valid true' do admin = create_admin admin.stubs(:valid?).returns(false) - refute admin.confirm(ensure_valid: true) + assert_not admin.confirm(ensure_valid: true) end end @@ -411,7 +411,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin.skip_reconfirmation! assert admin.update(email: 'new_test@example.com') assert admin.confirmed? - refute admin.pending_reconfirmation? + assert_not admin.pending_reconfirmation? assert_equal original_token, admin.confirmation_token end @@ -502,7 +502,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should return a new admin if no email or unconfirmed_email was found' do confirmation_admin = Admin.send_confirmation_instructions(email: "invalid@email.com") - refute confirmation_admin.persisted? + assert_not confirmation_admin.persisted? end test 'should add error to new admin email if no email or unconfirmed_email was found' do diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index c6fa527f8e..a41659d631 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -133,7 +133,7 @@ def setup test 'should test for a valid password' do user = create_user assert user.valid_password?('12345678') - refute user.valid_password?('654321') + assert_not user.valid_password?('654321') end test 'should not raise error with an empty password' do @@ -145,7 +145,7 @@ def setup test 'should be an invalid password if the user has an empty password' do user = create_user user.encrypted_password = '' - refute user.valid_password?('654321') + assert_not user.valid_password?('654321') end test 'should respond to current password' do @@ -161,7 +161,7 @@ def setup test 'should add an error to current password when it is invalid' do user = create_user - refute user.update_with_password(current_password: 'other', + assert_not user.update_with_password(current_password: 'other', password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') assert_match "is invalid", user.errors[:current_password].join @@ -169,7 +169,7 @@ def setup test 'should add an error to current password when it is blank' do user = create_user - refute user.update_with_password(password: 'pass4321', + assert_not user.update_with_password(password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') assert_match "can't be blank", user.errors[:current_password].join @@ -179,7 +179,7 @@ def setup user = UserWithValidation.create!(valid_attributes) user.save assert user.persisted? - refute user.update_with_password(username: "") + assert_not user.update_with_password(username: "") assert_match "usertest", user.reload.username assert_match "can't be blank", user.errors[:username].join end @@ -192,14 +192,14 @@ def setup test 'should not update password with invalid confirmation' do user = create_user - refute user.update_with_password(current_password: '12345678', + assert_not user.update_with_password(current_password: '12345678', password: 'pass4321', password_confirmation: 'other') assert user.reload.valid_password?('12345678') end test 'should clean up password fields on failure' do user = create_user - refute user.update_with_password(current_password: '12345678', + assert_not user.update_with_password(current_password: '12345678', password: 'pass4321', password_confirmation: 'other') assert user.password.blank? assert user.password_confirmation.blank? @@ -226,14 +226,14 @@ def setup test 'should not destroy user with invalid password' do user = create_user - refute user.destroy_with_password('other') + assert_not user.destroy_with_password('other') assert user.persisted? assert_match "is invalid", user.errors[:current_password].join end test 'should not destroy user with blank password' do user = create_user - refute user.destroy_with_password(nil) + assert_not user.destroy_with_password(nil) assert user.persisted? assert_match "can't be blank", user.errors[:current_password].join end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 4190de929f..20a9d2a285 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -85,7 +85,7 @@ def setup test "should verify whether a user is locked or not" do user = create_user - refute user.access_locked? + assert_not user.access_locked? user.lock_access! assert user.access_locked? end @@ -95,7 +95,7 @@ def setup user.confirm assert user.active_for_authentication? user.lock_access! - refute user.active_for_authentication? + assert_not user.active_for_authentication? end test "should unlock a user by cleaning locked_at, failed_attempts and unlock_token" do @@ -111,7 +111,7 @@ def setup end test "new user should not be locked and should have zero failed_attempts" do - refute new_user.access_locked? + assert_not new_user.access_locked? assert_equal 0, create_user.failed_attempts end @@ -122,7 +122,7 @@ def setup assert user.access_locked? Devise.unlock_in = 1.hour - refute user.access_locked? + assert_not user.access_locked? end end @@ -201,18 +201,18 @@ def setup raw = user.send_unlock_instructions locked_user = User.unlock_access_by_token(raw) assert_equal user, locked_user - refute user.reload.access_locked? + assert_not user.reload.access_locked? end test 'should return a new record with errors when a invalid token is given' do locked_user = User.unlock_access_by_token('invalid_token') - refute locked_user.persisted? + assert_not locked_user.persisted? assert_equal "is invalid", locked_user.errors[:unlock_token].join end test 'should return a new record with errors when a blank token is given' do locked_user = User.unlock_access_by_token('') - refute locked_user.persisted? + assert_not locked_user.persisted? assert_equal "can't be blank", locked_user.errors[:unlock_token].join end @@ -225,7 +225,7 @@ def setup test 'should return a new user if no email was found' do unlock_user = User.send_unlock_instructions(email: "invalid@example.com") - refute unlock_user.persisted? + assert_not unlock_user.persisted? end test 'should add error to new user email if no email was found' do @@ -245,23 +245,23 @@ def setup swap Devise, unlock_keys: [:username, :email] do user = create_user unlock_user = User.send_unlock_instructions(email: user.email) - refute unlock_user.persisted? + assert_not unlock_user.persisted? assert_equal "can't be blank", unlock_user.errors[:username].join end end test 'should not be able to send instructions if the user is not locked' do user = create_user - refute user.resend_unlock_instructions - refute user.access_locked? + assert_not user.resend_unlock_instructions + assert_not user.access_locked? assert_equal 'was not locked', user.errors[:email].join end test 'should not be able to send instructions if the user if not locked and have username as unlock key' do swap Devise, unlock_keys: [:username] do user = create_user - refute user.resend_unlock_instructions - refute user.access_locked? + assert_not user.resend_unlock_instructions + assert_not user.access_locked? assert_equal 'was not locked', user.errors[:username].join end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 187c2dd1a5..ca2e80eb05 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -94,14 +94,14 @@ def setup user = create_user user.send_reset_password_instructions assert_present user.reset_password_token - refute user.reset_password('123456789', '987654321') + assert_not user.reset_password('123456789', '987654321') assert_present user.reset_password_token end test 'should not reset password with invalid data' do user = create_user user.stubs(:valid?).returns(false) - refute user.reset_password('123456789', '987654321') + assert_not user.reset_password('123456789', '987654321') end test 'should reset reset password token and send instructions by email' do @@ -121,7 +121,7 @@ def setup test 'should return a new record with errors if user was not found by e-mail' do reset_password_user = User.send_reset_password_instructions(email: "invalid@example.com") - refute reset_password_user.persisted? + assert_not reset_password_user.persisted? assert_equal "not found", reset_password_user.errors[:email].join end @@ -137,7 +137,7 @@ def setup swap Devise, reset_password_keys: [:username, :email] do user = create_user reset_password_user = User.send_reset_password_instructions(email: user.email) - refute reset_password_user.persisted? + assert_not reset_password_user.persisted? assert_equal "can't be blank", reset_password_user.errors[:username].join end end @@ -166,13 +166,13 @@ def setup test 'should return a new record with errors if no reset_password_token is found' do reset_password_user = User.reset_password_by_token(reset_password_token: 'invalid_token') - refute reset_password_user.persisted? + assert_not reset_password_user.persisted? assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join end test 'should return a new record with errors if reset_password_token is blank' do reset_password_user = User.reset_password_by_token(reset_password_token: '') - refute reset_password_user.persisted? + assert_not reset_password_user.persisted? assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join end @@ -181,7 +181,7 @@ def setup raw = user.send_reset_password_instructions reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '') - refute reset_password_user.errors.empty? + assert_not reset_password_user.errors.empty? assert_match "can't be blank", reset_password_user.errors[:password].join assert_equal raw, reset_password_user.reset_password_token end @@ -191,7 +191,7 @@ def setup raw = user.send_reset_password_instructions reset_password_user = User.reset_password_by_token(reset_password_token: raw) - refute reset_password_user.errors.empty? + assert_not reset_password_user.errors.empty? assert_match "can't be blank", reset_password_user.errors[:password].join assert_equal raw, reset_password_user.reset_password_token end @@ -209,7 +209,7 @@ def setup assert_nil reset_password_user.reset_password_token user.reload - refute user.valid_password?(old_password) + assert_not user.valid_password?(old_password) assert user.valid_password?('new_password') assert_nil user.reset_password_token end @@ -231,7 +231,7 @@ def setup user.reload assert user.valid_password?(old_password) - refute user.valid_password?('new_password') + assert_not user.valid_password?('new_password') assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join end end diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index 6bbb29606a..43926521db 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -9,11 +9,11 @@ class TimeoutableTest < ActiveSupport::TestCase end test 'should not be expired' do - refute new_user.timedout?(29.minutes.ago) + assert_not new_user.timedout?(29.minutes.ago) end test 'should not be expired when params is nil' do - refute new_user.timedout?(nil) + assert_not new_user.timedout?(nil) end test 'should use timeout_in method' do @@ -21,23 +21,23 @@ class TimeoutableTest < ActiveSupport::TestCase user.instance_eval { def timeout_in; 10.minutes end } assert user.timedout?(12.minutes.ago) - refute user.timedout?(8.minutes.ago) + assert_not user.timedout?(8.minutes.ago) end test 'should not be expired when timeout_in method returns nil' do user = new_user user.instance_eval { def timeout_in; nil end } - refute user.timedout?(10.hours.ago) + assert_not user.timedout?(10.hours.ago) end test 'fallback to Devise config option' do swap Devise, timeout_in: 1.minute do user = new_user assert user.timedout?(2.minutes.ago) - refute user.timedout?(30.seconds.ago) + assert_not user.timedout?(30.seconds.ago) Devise.timeout_in = 5.minutes - refute user.timedout?(2.minutes.ago) + assert_not user.timedout?(2.minutes.ago) assert user.timedout?(6.minutes.ago) end end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index d3b5c9dc00..af5961ef30 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -99,7 +99,7 @@ class ValidatableTest < ActiveSupport::TestCase user.password_confirmation = 'confirmation' assert user.invalid? - refute (user.errors[:password].join =~ /is too long/) + assert_not (user.errors[:password].join =~ /is too long/) end test 'should complain about length even if password is not required' do diff --git a/test/models_test.rb b/test/models_test.rb index f1e42799cb..c213d20470 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -15,7 +15,7 @@ def assert_include_modules(klass, *modules) end (Devise::ALL - modules).each do |mod| - refute include_module?(klass, mod) + assert_not include_module?(klass, mod) end end diff --git a/test/test/integration_helpers_test.rb b/test/test/integration_helpers_test.rb index 131593c1da..7f579a8da3 100644 --- a/test/test/integration_helpers_test.rb +++ b/test/test/integration_helpers_test.rb @@ -18,7 +18,7 @@ class TestIntegrationsHelpersTest < Devise::IntegrationTest sign_out user visit '/' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test '#sign_out does not signs out other scopes' do @@ -28,7 +28,7 @@ class TestIntegrationsHelpersTest < Devise::IntegrationTest visit '/' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert warden.authenticated?(:admin) end end From 1e63c640c05034e7c2a481b240757ad959c3ca13 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 2 Mar 2023 18:40:33 -0300 Subject: [PATCH 1370/1473] Update a few other instances that were using refute methods Prefer assert_not* in general. --- test/controllers/helper_methods_test.rb | 4 ++-- test/models/confirmable_test.rb | 2 +- test/models/lockable_test.rb | 6 +++--- test/models/recoverable_test.rb | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/test/controllers/helper_methods_test.rb b/test/controllers/helper_methods_test.rb index 5e20477ca6..998cab6fb4 100644 --- a/test/controllers/helper_methods_test.rb +++ b/test/controllers/helper_methods_test.rb @@ -14,8 +14,8 @@ class HelperMethodsTest < Devise::ControllerTestCase end test 'does not respond_to helper or helper_method' do - refute_respond_to @controller.class, :helper - refute_respond_to @controller.class, :helper_method + assert_not_respond_to @controller.class, :helper + assert_not_respond_to @controller.class, :helper_method end test 'defines methods like current_user' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index a1002c89d8..7343843acf 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -28,7 +28,7 @@ def setup confirmation_tokens = [] 3.times do token = create_user.confirmation_token - refute_includes confirmation_tokens, token + assert_not_includes confirmation_tokens, token confirmation_tokens << token end end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 20a9d2a285..d7d14b6a8b 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -72,8 +72,8 @@ def setup test "reset_failed_attempts! does not try to reset if not using failed attempts strategy" do admin = create_admin - refute_respond_to admin, :failed_attempts - refute admin.reset_failed_attempts! + assert_not_respond_to admin, :failed_attempts + assert_not admin.reset_failed_attempts! end test 'should be valid for authentication with a unlocked user' do @@ -147,7 +147,7 @@ def setup user = create_user user.lock_access! token = user.unlock_token - refute_includes unlock_tokens, token + assert_not_includes unlock_tokens, token unlock_tokens << token end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index ca2e80eb05..1c43aa2dcc 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -18,7 +18,7 @@ def setup user = create_user user.send_reset_password_instructions token = user.reset_password_token - refute_includes reset_password_tokens, token + assert_not_includes reset_password_tokens, token reset_password_tokens << token end end From 890bd9e3b58dd321eb4a2f3670eb2f54d8e996ed Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 2 Mar 2023 18:41:44 -0300 Subject: [PATCH 1371/1473] Replace usage of `assert !` with actual `assert_not` helper --- test/integration/authenticatable_test.rb | 2 +- test/integration/omniauthable_test.rb | 4 ++-- test/integration/recoverable_test.rb | 10 +++++----- test/models/confirmable_test.rb | 6 +++--- test/models/database_authenticatable_test.rb | 6 +++--- test/models/lockable_test.rb | 2 +- test/models/serializable_test.rb | 2 +- test/test/controller_helpers_test.rb | 4 ++-- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index a8592e14a5..b8d1be8ea9 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -397,7 +397,7 @@ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest end assert_match %r{Special user view}, response.body - assert !Devise::PasswordsController.scoped_views? + assert_not Devise::PasswordsController.scoped_views? ensure Devise::SessionsController.send :remove_instance_variable, :@scoped_views end diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 61d6dab287..db3d0871c1 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -98,7 +98,7 @@ def stub_action!(name) assert session["devise.facebook_data"] visit "/users/cancel" - assert !session["devise.facebook_data"] + assert_not session["devise.facebook_data"] end test "cleans up session on sign in" do @@ -109,7 +109,7 @@ def stub_action!(name) assert session["devise.facebook_data"] sign_in_as_user - assert !session["devise.facebook_data"] + assert_not session["devise.facebook_data"] end test "sign in and send remember token if configured" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 57bfb9f74c..9abf2b1ba7 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -218,7 +218,7 @@ def reset_password(options = {}, &block) assert_contain 'Your password has been changed successfully.' assert_not_contain 'You are now signed in.' assert_equal new_user_session_path, @request.path - assert !warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -231,7 +231,7 @@ def reset_password(options = {}, &block) assert_contain 'Your password has been changed successfully' assert_not_contain 'You are now signed in.' assert_equal new_user_session_path, @request.path - assert !warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -257,7 +257,7 @@ def reset_password(options = {}, &block) assert_contain 'Your password has been changed successfully.' assert_not_contain 'You are now signed in.' assert_equal new_user_session_path, @request.path - assert !warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end end @@ -269,7 +269,7 @@ def reset_password(options = {}, &block) reset_password assert_contain 'Your password has been changed successfully.' - assert !user.reload.access_locked? + assert_not user.reload.access_locked? assert warden.authenticated?(:user) end end @@ -281,7 +281,7 @@ def reset_password(options = {}, &block) reset_password assert_contain 'Your password has been changed successfully.' - assert !user.reload.access_locked? + assert_not user.reload.access_locked? assert warden.authenticated?(:user) end end diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 7343843acf..9c627e820f 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -538,7 +538,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should not require reconfirmation after creating a record' do admin = create_admin - assert !admin.pending_reconfirmation? + assert_not admin.pending_reconfirmation? end test 'should not require reconfirmation after creating a record with #save called in callback' do @@ -547,12 +547,12 @@ class Admin::WithSaveInCallback < Admin end admin = Admin::WithSaveInCallback.create(valid_attributes.except(:username)) - assert !admin.pending_reconfirmation? + assert_not admin.pending_reconfirmation? end test 'should require reconfirmation after creating a record and updating the email' do admin = create_admin - assert !admin.instance_variable_get(:@bypass_confirmation_postpone) + assert_not admin.instance_variable_get(:@bypass_confirmation_postpone) admin.email = "new_test@email.com" admin.save assert admin.pending_reconfirmation? diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index a41659d631..8cdf7228cb 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -214,14 +214,14 @@ def setup test 'should not update password without password' do user = create_user user.update_without_password(password: 'pass4321', password_confirmation: 'pass4321') - assert !user.reload.valid_password?('pass4321') + assert_not user.reload.valid_password?('pass4321') assert user.valid_password?('12345678') end test 'should destroy user if current password is valid' do user = create_user assert user.destroy_with_password('12345678') - assert !user.persisted? + assert_not user.persisted? end test 'should not destroy user with invalid password' do @@ -289,7 +289,7 @@ def setup test 'downcase_keys with validation' do User.create(email: "HEllO@example.com", password: "123456") user = User.create(email: "HEllO@example.com", password: "123456") - assert !user.valid? + assert_not user.valid? end test 'required_fields should be encryptable_password and the email field by default' do diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index d7d14b6a8b..d229ce57d2 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -34,7 +34,7 @@ def setup user.confirm swap Devise, lock_strategy: :none, maximum_attempts: 2 do 3.times { user.valid_for_authentication?{ false } } - assert !user.access_locked? + assert_not user.access_locked? assert_equal 0, user.failed_attempts end end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 53f0f59f43..225f7ae699 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -40,7 +40,7 @@ def assert_key(key, subject) end def assert_no_key(key, subject) - assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}" + assert_not subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}" end def from_json(options = nil) diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index c93ecf2e3d..d415a176cb 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -15,7 +15,7 @@ class TestControllerHelpersTest < Devise::ControllerTestCase test "redirects if attempting to access a page with an unconfirmed account" do swap Devise, allow_unconfirmed_access_for: 0.days do user = create_user - assert !user.active_for_authentication? + assert_not user.active_for_authentication? sign_in user get :index @@ -26,7 +26,7 @@ class TestControllerHelpersTest < Devise::ControllerTestCase test "returns nil if accessing current_user with an unconfirmed account" do swap Devise, allow_unconfirmed_access_for: 0.days do user = create_user - assert !user.active_for_authentication? + assert_not user.active_for_authentication? sign_in user get :accept, params: { id: user } From afec6655c7692a80b7412d42d2d5f2ba69ffdde1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 17 Mar 2023 10:59:51 -0300 Subject: [PATCH 1372/1473] Update bundle --- Gemfile.lock | 133 ++++++++++++++++++++++++++------------------------- 1 file changed, 67 insertions(+), 66 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 286b1a6c14..bffcb2cdc1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,74 +20,74 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.4.2) - actionpack (= 7.0.4.2) - activesupport (= 7.0.4.2) + actioncable (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4.2) - actionpack (= 7.0.4.2) - activejob (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionmailbox (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.4.2) - actionpack (= 7.0.4.2) - actionview (= 7.0.4.2) - activejob (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionmailer (7.0.4.3) + actionpack (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.4.2) - actionview (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionpack (7.0.4.3) + actionview (= 7.0.4.3) + activesupport (= 7.0.4.3) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.4.2) - actionpack (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + actiontext (7.0.4.3) + actionpack (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.4.2) - activesupport (= 7.0.4.2) + actionview (7.0.4.3) + activesupport (= 7.0.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.4.2) - activesupport (= 7.0.4.2) + activejob (7.0.4.3) + activesupport (= 7.0.4.3) globalid (>= 0.3.6) - activemodel (7.0.4.2) - activesupport (= 7.0.4.2) - activerecord (7.0.4.2) - activemodel (= 7.0.4.2) - activesupport (= 7.0.4.2) - activestorage (7.0.4.2) - actionpack (= 7.0.4.2) - activejob (= 7.0.4.2) - activerecord (= 7.0.4.2) - activesupport (= 7.0.4.2) + activemodel (7.0.4.3) + activesupport (= 7.0.4.3) + activerecord (7.0.4.3) + activemodel (= 7.0.4.3) + activesupport (= 7.0.4.3) + activestorage (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activesupport (= 7.0.4.3) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.4.2) + activesupport (7.0.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) bcrypt (3.1.18) builder (3.2.4) - concurrent-ruby (1.2.0) + concurrent-ruby (1.2.2) crass (1.0.6) date (3.3.3) erubi (1.12.0) @@ -100,11 +100,11 @@ GEM hashie (5.0.0) i18n (1.12.0) concurrent-ruby (~> 1.0) - jwt (2.6.0) + jwt (2.7.0) loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.8.0.1) + mail (2.8.1) mini_mime (>= 0.1.1) net-imap net-pop @@ -113,7 +113,7 @@ GEM method_source (1.0.0) mini_mime (1.1.2) mini_portile2 (2.8.1) - minitest (5.17.0) + minitest (5.18.0) mocha (1.16.1) multi_xml (0.6.0) net-imap (0.3.4) @@ -149,39 +149,39 @@ GEM omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) - psych (5.0.2) + psych (5.1.0) stringio racc (1.6.2) - rack (2.2.6.2) + rack (2.2.6.4) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-protection (3.0.5) rack - rack-test (2.0.2) + rack-test (2.1.0) rack (>= 1.3) - rails (7.0.4.2) - actioncable (= 7.0.4.2) - actionmailbox (= 7.0.4.2) - actionmailer (= 7.0.4.2) - actionpack (= 7.0.4.2) - actiontext (= 7.0.4.2) - actionview (= 7.0.4.2) - activejob (= 7.0.4.2) - activemodel (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + rails (7.0.4.3) + actioncable (= 7.0.4.3) + actionmailbox (= 7.0.4.3) + actionmailer (= 7.0.4.3) + actionpack (= 7.0.4.3) + actiontext (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activemodel (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) bundler (>= 1.15.0) - railties (= 7.0.4.2) + railties (= 7.0.4.3) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (7.0.4.2) - actionpack (= 7.0.4.2) - activesupport (= 7.0.4.2) + railties (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) method_source rake (>= 12.2) thor (~> 1.0) @@ -198,14 +198,15 @@ GEM snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - sqlite3 (1.4.4) - stringio (3.0.4) + sqlite3 (1.6.1) + mini_portile2 (~> 2.8.0) + stringio (3.0.5) thor (1.2.1) timecop (0.9.6) - timeout (0.3.1) - tzinfo (2.0.5) + timeout (0.3.2) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) - version_gem (1.1.1) + version_gem (1.1.2) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) @@ -215,7 +216,7 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.6) + zeitwerk (2.6.7) PLATFORMS ruby From 232c855c54cc3e471afbd48b6eda8ff164638c09 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 17 Mar 2023 10:42:29 -0300 Subject: [PATCH 1373/1473] Fix tests with Rails main Rails main / 7.1.0.alpha introduced a change to improve typography by default, by converting all apostrophes to be single quotation marks. https://github.com/rails/rails/pull/45463 The change caused all our text based matching to fail, this updates the tests to ensure compatibility. Model tests were changed to test against the error type & information rather than the translated string, which I think is an improvement overall that should make them a little less brittle. I thought of using [of_kind?] but that isn't available on all Rails versions we currently support, while `added?` is. The drawback is that `added?` require full details like the `:confirmation` example which requires the related attribute that is being confirmed, but that's a small price to pay. Integration tests were changed to match on a regexp that accepts both quotes. I could've used a simple `.` to match anything there, but thought I'd just keep it specific for clarity on what it is really expected to match there. Plus, since it's integration testing against a rendered response body, it's better to match the actual text rather than resort on other ways. (like using I18n directly, etc.) [of_kind?] https://api.rubyonrails.org/classes/ActiveModel/Errors.html#method-i-of_kind-3F --- test/integration/confirmable_test.rb | 8 ++++---- test/integration/recoverable_test.rb | 2 +- test/integration/registerable_test.rb | 4 ++-- test/models/authenticatable_test.rb | 4 ++-- test/models/confirmable_test.rb | 8 ++++---- test/models/database_authenticatable_test.rb | 6 +++--- test/models/lockable_test.rb | 4 ++-- test/models/recoverable_test.rb | 18 +++++++++--------- test/models/validatable_test.rb | 10 +++++----- 9 files changed, 32 insertions(+), 32 deletions(-) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index e403077487..c951eb0bbd 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -178,13 +178,13 @@ def resend_confirmation test "should not be able to confirm an email with a blank confirmation token" do visit_user_confirmation_with_token("") - assert_contain "Confirmation token can't be blank" + assert_contain %r{Confirmation token can['’]t be blank} end test "should not be able to confirm an email with a nil confirmation token" do visit_user_confirmation_with_token(nil) - assert_contain "Confirmation token can't be blank" + assert_contain %r{Confirmation token can['’]t be blank} end test "should not be able to confirm user with blank confirmation token" do @@ -193,7 +193,7 @@ def resend_confirmation visit_user_confirmation_with_token("") - assert_contain "Confirmation token can't be blank" + assert_contain %r{Confirmation token can['’]t be blank} end test "should not be able to confirm user with nil confirmation token" do @@ -202,7 +202,7 @@ def resend_confirmation visit_user_confirmation_with_token(nil) - assert_contain "Confirmation token can't be blank" + assert_contain %r{Confirmation token can['’]t be blank} end test 'error message is configurable by resource name' do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 9abf2b1ba7..44cb0b9e2d 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -173,7 +173,7 @@ def reset_password(options = {}, &block) assert_response :success assert_current_url '/users/password' assert_have_selector '#error_explanation' - assert_contain "Password confirmation doesn't match Password" + assert_contain %r{Password confirmation doesn['’]t match Password} assert_not user.reload.valid_password?('987654321') end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index e08933f8e6..038fcf7b91 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -112,7 +112,7 @@ def user_sign_up assert_template 'registrations/new' assert_have_selector '#error_explanation' assert_contain "Email is invalid" - assert_contain "Password confirmation doesn't match Password" + assert_contain %r{Password confirmation doesn['’]t match Password} assert_contain "2 errors prohibited" assert_nil User.to_adapter.find_first @@ -251,7 +251,7 @@ def user_sign_up fill_in 'current password', with: '12345678' click_button 'Update' - assert_contain "Password confirmation doesn't match Password" + assert_contain %r{Password confirmation doesn['’]t match Password} assert_not User.to_adapter.find_first.valid_password?('pas123') end diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index a3ddc52f57..fa31f6a88a 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -30,12 +30,12 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'find_or_initialize_with_errors adds blank error' do user_with_error = User.find_or_initialize_with_errors([:email], { email: "" }) - assert_equal ["Email can't be blank"], user_with_error.errors.full_messages_for(:email) + assert user_with_error.errors.added?(:email, :blank) end test 'find_or_initialize_with_errors adds invalid error' do user_with_error = User.find_or_initialize_with_errors([:email], { email: "example@example.com" }) - assert_equal ["Email is invalid"], user_with_error.errors.full_messages_for(:email) + assert user_with_error.errors.added?(:email, :invalid) end if defined?(ActionController::Parameters) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 9c627e820f..31a955e727 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -74,7 +74,7 @@ def setup test 'should return a new record with errors when a blank token is given' do confirmed_user = User.confirm_by_token('') assert_not confirmed_user.persisted? - assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + assert confirmed_user.errors.added?(:confirmation_token, :blank) end test 'should return a new record with errors when a blank token is given and a record exists on the database' do @@ -83,7 +83,7 @@ def setup confirmed_user = User.confirm_by_token('') assert_not user.reload.confirmed? - assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + assert confirmed_user.errors.added?(:confirmation_token, :blank) end test 'should return a new record with errors when a nil token is given and a record exists on the database' do @@ -92,7 +92,7 @@ def setup confirmed_user = User.confirm_by_token(nil) assert_not user.reload.confirmed? - assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + assert confirmed_user.errors.added?(:confirmation_token, :blank) end test 'should generate errors for a user email if user is already confirmed' do @@ -314,7 +314,7 @@ def setup user = create_user confirm_user = User.send_confirmation_instructions(email: user.email) assert_not confirm_user.persisted? - assert_equal "can't be blank", confirm_user.errors[:username].join + assert confirm_user.errors.added?(:username, :blank) end end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 8cdf7228cb..909e010458 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -172,7 +172,7 @@ def setup assert_not user.update_with_password(password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') - assert_match "can't be blank", user.errors[:current_password].join + assert user.errors.added?(:current_password, :blank) end test 'should run validations even when current password is invalid or blank' do @@ -181,7 +181,7 @@ def setup assert user.persisted? assert_not user.update_with_password(username: "") assert_match "usertest", user.reload.username - assert_match "can't be blank", user.errors[:username].join + assert user.errors.added?(:username, :blank) end test 'should ignore password and its confirmation if they are blank' do @@ -235,7 +235,7 @@ def setup user = create_user assert_not user.destroy_with_password(nil) assert user.persisted? - assert_match "can't be blank", user.errors[:current_password].join + assert user.errors.added?(:current_password, :blank) end test 'should not email on password change' do diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index d229ce57d2..b1d8cab0d4 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -213,7 +213,7 @@ def setup test 'should return a new record with errors when a blank token is given' do locked_user = User.unlock_access_by_token('') assert_not locked_user.persisted? - assert_equal "can't be blank", locked_user.errors[:unlock_token].join + assert locked_user.errors.added?(:unlock_token, :blank) end test 'should find a user to send unlock instructions' do @@ -246,7 +246,7 @@ def setup user = create_user unlock_user = User.send_unlock_instructions(email: user.email) assert_not unlock_user.persisted? - assert_equal "can't be blank", unlock_user.errors[:username].join + assert unlock_user.errors.added?(:username, :blank) end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 1c43aa2dcc..b2234ac6ac 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -134,12 +134,12 @@ def setup end test 'should require all reset_password_keys' do - swap Devise, reset_password_keys: [:username, :email] do - user = create_user - reset_password_user = User.send_reset_password_instructions(email: user.email) - assert_not reset_password_user.persisted? - assert_equal "can't be blank", reset_password_user.errors[:username].join - end + swap Devise, reset_password_keys: [:username, :email] do + user = create_user + reset_password_user = User.send_reset_password_instructions(email: user.email) + assert_not reset_password_user.persisted? + assert reset_password_user.errors.added?(:username, :blank) + end end test 'should reset reset_password_token before send the reset instructions email' do @@ -173,7 +173,7 @@ def setup test 'should return a new record with errors if reset_password_token is blank' do reset_password_user = User.reset_password_by_token(reset_password_token: '') assert_not reset_password_user.persisted? - assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join + assert reset_password_user.errors.added?(:reset_password_token, :blank) end test 'should return a new record with errors if password is blank' do @@ -182,7 +182,7 @@ def setup reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '') assert_not reset_password_user.errors.empty? - assert_match "can't be blank", reset_password_user.errors[:password].join + assert reset_password_user.errors.added?(:password, :blank) assert_equal raw, reset_password_user.reset_password_token end @@ -192,7 +192,7 @@ def setup reset_password_user = User.reset_password_by_token(reset_password_token: raw) assert_not reset_password_user.errors.empty? - assert_match "can't be blank", reset_password_user.errors[:password].join + assert reset_password_user.errors.added?(:password, :blank) assert_equal raw, reset_password_user.reset_password_token end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index af5961ef30..e8858de7e3 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -8,7 +8,7 @@ class ValidatableTest < ActiveSupport::TestCase user = new_user(email: nil) assert user.invalid? assert user.errors[:email] - assert_equal 'can\'t be blank', user.errors[:email].join + assert user.errors.added?(:email, :blank) end test 'should require uniqueness of email if email has changed, allowing blank' do @@ -52,14 +52,14 @@ class ValidatableTest < ActiveSupport::TestCase test 'should require password to be set when creating a new record' do user = new_user(password: '', password_confirmation: '') assert user.invalid? - assert_equal 'can\'t be blank', user.errors[:password].join + assert user.errors.added?(:password, :blank) end test 'should require confirmation to be set when creating a new record' do user = new_user(password: 'new_password', password_confirmation: 'blabla') assert user.invalid? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + assert user.errors.added?(:password_confirmation, :confirmation, attribute: "Password") end test 'should require password when updating/resetting password' do @@ -69,7 +69,7 @@ class ValidatableTest < ActiveSupport::TestCase user.password_confirmation = '' assert user.invalid? - assert_equal 'can\'t be blank', user.errors[:password].join + assert user.errors.added?(:password, :blank) end test 'should require confirmation when updating/resetting password' do @@ -77,7 +77,7 @@ class ValidatableTest < ActiveSupport::TestCase user.password_confirmation = 'another_password' assert user.invalid? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + assert user.errors.added?(:password_confirmation, :confirmation, attribute: "Password") end test 'should require a password with minimum of 7 characters' do From 11b6a99e88f7073d3de515be4b81e47541586091 Mon Sep 17 00:00:00 2001 From: Peter Goldstein Date: Mon, 27 Jun 2022 14:54:27 -0700 Subject: [PATCH 1374/1473] Add Dependabot for GitHub Actions --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..5ace4600a1 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From eed51179c7ac90d565f8a10847577cedd627d92b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 20 Mar 2023 17:42:59 -0300 Subject: [PATCH 1375/1473] Add explicit test for respecting the `error_status` responder config While introducing this on turbo, looks like no specific test was added, so this at least covers that a bit. It needs some conditional checks since not all supported Rails + Responders version work with the customization, so there's one test for the hardcoded status version too, which can be removed in the future. --- test/failure_app_test.rb | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 883cf8b9bd..1500c36af2 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -371,6 +371,35 @@ def call_failure(env_params = {}) end end end + + # TODO: remove conditional/else when supporting only responders 3.1+ + if ActionController::Responder.respond_to?(:error_status=) + test 'respects the configured responder `error_status` for the status code' do + swap Devise.responder, error_status: :unprocessable_entity do + env = { + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_equal 422, @response.first + assert_includes @response.third.body, 'Invalid Email or password.' + end + end + else + test 'uses default hardcoded responder `error_status` for the status code since responders version does not support configuring it' do + env = { + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_equal 200, @response.first + assert_includes @response.third.body, 'Invalid Email or password.' + end + end end context "Lazy loading" do From 89a08357d6e82ec907071f7714bf27358dbf868f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 20 Mar 2023 17:59:06 -0300 Subject: [PATCH 1376/1473] Uses the responder `redirect_status` when recall returns a redirect It appears some people use the recall functionality with a redirect response, and Devise starting on version 4.9 was overriding that status code to the configured `error_status` for better Turbo support, which broke the redirect functionality / expectation. While I don't think it's really great usage of the recall functionality, or at least it was unexpected usage, it's been working like that basically forever where recalling would use the status code of the recalled action, so this at least keeps it more consistent with that behavior by respecting redirects and keeping that response as a redirect based on the configured status, which should also work with Turbo I believe, and makes this less of a breaking change. Closes #5570 Closes #5561 (it was closed previously, but related / closes with an actual change now.) --- CHANGELOG.md | 1 + lib/devise/failure_app.rb | 4 +++- test/failure_app_test.rb | 24 ++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 22b1b76358..a3a9b2ebfa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) * bug fixes + * Failure app will respond with configured `redirect_status` instead of `error_status` if the recall app returns a redirect status (300..399) [#5573](https://github.com/heartcombo/devise/pull/5573) * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) ### 4.9.0 - 2023-02-17 diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index d8042ec318..8458aef327 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -72,7 +72,9 @@ def recall flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response| - response[0] = Rack::Utils.status_code(Devise.responder.error_status) + response[0] = Rack::Utils.status_code( + response[0].in?(300..399) ? Devise.responder.redirect_status : Devise.responder.error_status + ) } end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 1500c36af2..59f291e204 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -387,6 +387,19 @@ def call_failure(env_params = {}) assert_includes @response.third.body, 'Invalid Email or password.' end end + + test 'respects the configured responder `redirect_status` if the recall app returns a redirect status code' do + swap Devise.responder, redirect_status: :see_other do + env = { + "warden.options" => { recall: "devise/registrations#cancel", attempted_path: "/users/cancel" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_equal 303, @response.first + end + end else test 'uses default hardcoded responder `error_status` for the status code since responders version does not support configuring it' do env = { @@ -399,6 +412,17 @@ def call_failure(env_params = {}) assert_equal 200, @response.first assert_includes @response.third.body, 'Invalid Email or password.' end + + test 'users default hardcoded responder `redirect_status` for the status code since responders version does not support configuring it' do + env = { + "warden.options" => { recall: "devise/registrations#cancel", attempted_path: "/users/cancel" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_equal 302, @response.first + end end end From 367ea427626ea8d9a8315b296535a4d93f311fab Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 23 Mar 2023 19:11:11 -0300 Subject: [PATCH 1377/1473] Refactor dirty tracking conditionals for different versions (#5575) We have an number of conditions due to how dirty tracking changed around Rails 5.1, that implement methods using one or another method call. I might need more of this for mongo upgrades based on an initial investigation, plus this makes the code really hard to reason about sometimes with these many conditionals. While I want to drop support for older versions of Rails soon, this centralization of dirty methods that are used by devise conditionally simplifies the usage considerably across the board, moves the version condition to a single place, and will make it easier to refactor later once we drop older Rails version by simply removing the `devise_*` versions of the methods, alongside the prefix on the method calls for the most part, since those methods follow the naming of the newer Rails versions. --- CHANGELOG.md | 1 + lib/devise.rb | 5 +- lib/devise/models.rb | 1 + lib/devise/models/confirmable.rb | 51 +++++------------ lib/devise/models/database_authenticatable.rb | 33 +++-------- lib/devise/models/recoverable.rb | 21 ++----- lib/devise/models/validatable.rb | 9 +-- lib/devise/orm_dirty_tracking.rb | 57 +++++++++++++++++++ test/rails_app/lib/shared_admin.rb | 6 +- 9 files changed, 90 insertions(+), 94 deletions(-) create mode 100644 lib/devise/orm_dirty_tracking.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 22b1b76358..73b834bb65 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ * enhancements * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) + * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575) * bug fixes * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) diff --git a/lib/devise.rb b/lib/devise.rb index 1d9370cc4f..e0749eb824 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -13,6 +13,7 @@ module Devise autoload :Encryptor, 'devise/encryptor' autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' + autoload :OrmDirtyTracking, 'devise/orm_dirty_tracking' autoload :ParameterFilter, 'devise/parameter_filter' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' @@ -307,10 +308,6 @@ module Test mattr_accessor :sign_in_after_change_password @@sign_in_after_change_password = true - def self.activerecord51? # :nodoc: - defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") - end - # Default way to set up Devise. Run rails generate devise_install to create # a fresh initializer with all configuration values. def self.setup diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 4d50fa2453..1dc5753b04 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -84,6 +84,7 @@ def devise(*modules) end devise_modules_hook! do + include Devise::OrmDirtyTracking include Devise::Models::Authenticatable selected_modules.each do |m| diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 7faae516b6..0f74d07578 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -258,44 +258,23 @@ def generate_confirmation_token! generate_confirmation_token && save(validate: false) end - if Devise.activerecord51? - def postpone_email_change_until_confirmation_and_regenerate_confirmation_token - @reconfirmation_required = true - self.unconfirmed_email = self.email - self.email = self.email_in_database - self.confirmation_token = nil - generate_confirmation_token - end - else - def postpone_email_change_until_confirmation_and_regenerate_confirmation_token - @reconfirmation_required = true - self.unconfirmed_email = self.email - self.email = self.email_was - self.confirmation_token = nil - generate_confirmation_token - end + + def postpone_email_change_until_confirmation_and_regenerate_confirmation_token + @reconfirmation_required = true + self.unconfirmed_email = self.email + self.email = self.devise_email_in_database + self.confirmation_token = nil + generate_confirmation_token end - if Devise.activerecord51? - def postpone_email_change? - postpone = self.class.reconfirmable && - will_save_change_to_email? && - !@bypass_confirmation_postpone && - self.email.present? && - (!@skip_reconfirmation_in_callback || !self.email_in_database.nil?) - @bypass_confirmation_postpone = false - postpone - end - else - def postpone_email_change? - postpone = self.class.reconfirmable && - email_changed? && - !@bypass_confirmation_postpone && - self.email.present? && - (!@skip_reconfirmation_in_callback || !self.email_was.nil?) - @bypass_confirmation_postpone = false - postpone - end + def postpone_email_change? + postpone = self.class.reconfirmable && + devise_will_save_change_to_email? && + !@bypass_confirmation_postpone && + self.email.present? && + (!@skip_reconfirmation_in_callback || !self.devise_email_in_database.nil?) + @bypass_confirmation_postpone = false + postpone end def reconfirmation_required? diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 8c0e22613d..fc6ad714e6 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -177,16 +177,9 @@ def authenticatable_salt encrypted_password[0,29] if encrypted_password end - if Devise.activerecord51? - # Send notification to user when email changes. - def send_email_changed_notification - send_devise_notification(:email_changed, to: email_before_last_save) - end - else - # Send notification to user when email changes. - def send_email_changed_notification - send_devise_notification(:email_changed, to: email_was) - end + # Send notification to user when email changes. + def send_email_changed_notification + send_devise_notification(:email_changed, to: devise_email_before_last_save) end # Send notification to user when password changes. @@ -205,24 +198,12 @@ def password_digest(password) Devise::Encryptor.digest(self.class, password) end - if Devise.activerecord51? - def send_email_changed_notification? - self.class.send_email_changed_notification && saved_change_to_email? && !@skip_email_changed_notification - end - else - def send_email_changed_notification? - self.class.send_email_changed_notification && email_changed? && !@skip_email_changed_notification - end + def send_email_changed_notification? + self.class.send_email_changed_notification && devise_saved_change_to_email? && !@skip_email_changed_notification end - if Devise.activerecord51? - def send_password_change_notification? - self.class.send_password_change_notification && saved_change_to_encrypted_password? && !@skip_password_change_notification - end - else - def send_password_change_notification? - self.class.send_password_change_notification && encrypted_password_changed? && !@skip_password_change_notification - end + def send_password_change_notification? + self.class.send_password_change_notification && devise_saved_change_to_encrypted_password? && !@skip_password_change_notification end module ClassMethods diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 59f3a613d6..b17c42aae6 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -99,24 +99,13 @@ def send_reset_password_instructions_notification(token) send_devise_notification(:reset_password_instructions, token, {}) end - if Devise.activerecord51? - def clear_reset_password_token? - encrypted_password_changed = respond_to?(:will_save_change_to_encrypted_password?) && will_save_change_to_encrypted_password? - authentication_keys_changed = self.class.authentication_keys.any? do |attribute| - respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") - end - - authentication_keys_changed || encrypted_password_changed + def clear_reset_password_token? + encrypted_password_changed = devise_respond_to_and_will_save_change_to_attribute?(:encrypted_password) + authentication_keys_changed = self.class.authentication_keys.any? do |attribute| + devise_respond_to_and_will_save_change_to_attribute?(attribute) end - else - def clear_reset_password_token? - encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed? - authentication_keys_changed = self.class.authentication_keys.any? do |attribute| - respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") - end - authentication_keys_changed || encrypted_password_changed - end + authentication_keys_changed || encrypted_password_changed end module ClassMethods diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 5a190a7c36..1c22fb5fec 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -29,13 +29,8 @@ def self.included(base) base.class_eval do validates_presence_of :email, if: :email_required? - if Devise.activerecord51? - validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email? - validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email? - else - validates_uniqueness_of :email, allow_blank: true, if: :email_changed? - validates_format_of :email, with: email_regexp, allow_blank: true, if: :email_changed? - end + validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :devise_will_save_change_to_email? + validates_format_of :email, with: email_regexp, allow_blank: true, if: :devise_will_save_change_to_email? validates_presence_of :password, if: :password_required? validates_confirmation_of :password, if: :password_required? diff --git a/lib/devise/orm_dirty_tracking.rb b/lib/devise/orm_dirty_tracking.rb new file mode 100644 index 0000000000..07391108fb --- /dev/null +++ b/lib/devise/orm_dirty_tracking.rb @@ -0,0 +1,57 @@ +module Devise + module OrmDirtyTracking # :nodoc: + def self.activerecord51? + defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + end + + if activerecord51? + def devise_email_before_last_save + email_before_last_save + end + + def devise_email_in_database + email_in_database + end + + def devise_saved_change_to_email? + saved_change_to_email? + end + + def devise_saved_change_to_encrypted_password? + saved_change_to_encrypted_password? + end + + def devise_will_save_change_to_email? + will_save_change_to_email? + end + + def devise_respond_to_and_will_save_change_to_attribute?(attribute) + respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") + end + else + def devise_email_before_last_save + email_was + end + + def devise_email_in_database + email_was + end + + def devise_saved_change_to_email? + email_changed? + end + + def devise_saved_change_to_encrypted_password? + encrypted_password_changed? + end + + def devise_will_save_change_to_email? + email_changed? + end + + def devise_respond_to_and_will_save_change_to_attribute?(attribute) + respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") + end + end + end +end diff --git a/test/rails_app/lib/shared_admin.rb b/test/rails_app/lib/shared_admin.rb index 3e6362a78d..374666ff52 100644 --- a/test/rails_app/lib/shared_admin.rb +++ b/test/rails_app/lib/shared_admin.rb @@ -10,11 +10,7 @@ module SharedAdmin allow_unconfirmed_access_for: 2.weeks, reconfirmable: true validates_length_of :reset_password_token, minimum: 3, allow_blank: true - if Devise::Test.rails51? - validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email? - else - validates_uniqueness_of :email, allow_blank: true, if: :email_changed? - end + validates_uniqueness_of :email, allow_blank: true, if: :devise_will_save_change_to_email? end def raw_confirmation_token From 207ddc5127fcecbbcf5abcd8744775509e55b2e8 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 23 Mar 2023 19:03:35 -0300 Subject: [PATCH 1378/1473] Improve support for Devise in apps with multiple ORMs loaded Devise is able to work with a specific ORM, either Active Record or Mongoid, but nothing stops apps from using multiple ORMs within the same application -- they just need to pick one to use with Devise. That's generally determined by the require that is added to the Devise initializer, that will load up either ORM's extensions so you can call things like `devise` on your model to set it up. However, some conditional logic in Devise, more specifically around dirty tracking, was only considering having Active Record loaded up after a certain version, to determine which methods to call in parts of the implementation. In a previous change we refactored all that dirty tracking code into this `OrmDirtyTracking` module to make it easier to view all the methods that were being conditionally called, and now we're repurposing this into a more generic `Orm` module (that's nodoc'ed by default) so that upon including it, we can conditionally include the proper dirty tracking extensions but also check whether the including model is really Active Record or not, so we can trigger the correct dirty tracking behavior for Mongoid as well if both are loaded on the same app, whereas previously the Mongoid behavior would always use the new Active Record behavior, but support may differ. While we are also working to ensure the latest versions of Mongoid are fully running with Devise, this should improve the situation by giving apps with multiple ORMs loaded a chance to rely on some of these Devise bits of functionality better now that weren't working properly before without some monkey-patching on their end. Closes #5539 Closes #4542 --- CHANGELOG.md | 1 + lib/devise.rb | 2 +- lib/devise/models.rb | 2 +- lib/devise/models/confirmable.rb | 2 +- lib/devise/{orm_dirty_tracking.rb => orm.rb} | 24 ++++++++++++++++---- 5 files changed, 23 insertions(+), 8 deletions(-) rename lib/devise/{orm_dirty_tracking.rb => orm.rb} (69%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73b834bb65..e47658cec5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ * enhancements * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575) + * Improve support for Devise in apps with Active Record and Mongoid ORMs loaded, so it does not incorrectly uses new Active Record dirty tracking APIs with a Mongoid Devise model. [#5576](https://github.com/heartcombo/devise/pull/5576) * bug fixes * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) diff --git a/lib/devise.rb b/lib/devise.rb index e0749eb824..ca1130d9e9 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -13,7 +13,7 @@ module Devise autoload :Encryptor, 'devise/encryptor' autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' - autoload :OrmDirtyTracking, 'devise/orm_dirty_tracking' + autoload :Orm, 'devise/orm' autoload :ParameterFilter, 'devise/parameter_filter' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 1dc5753b04..fb7dd89b06 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -84,7 +84,7 @@ def devise(*modules) end devise_modules_hook! do - include Devise::OrmDirtyTracking + include Devise::Orm include Devise::Models::Authenticatable selected_modules.each do |m| diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 0f74d07578..6ce22c30f0 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -48,7 +48,7 @@ module Confirmable included do before_create :generate_confirmation_token, if: :confirmation_required? after_create :skip_reconfirmation_in_callback!, if: :send_confirmation_notification? - if defined?(ActiveRecord) && self < ActiveRecord::Base # ActiveRecord + if Devise::Orm.active_record?(self) # ActiveRecord after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification? after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required? else # Mongoid diff --git a/lib/devise/orm_dirty_tracking.rb b/lib/devise/orm.rb similarity index 69% rename from lib/devise/orm_dirty_tracking.rb rename to lib/devise/orm.rb index 07391108fb..75baf2be50 100644 --- a/lib/devise/orm_dirty_tracking.rb +++ b/lib/devise/orm.rb @@ -1,10 +1,22 @@ module Devise - module OrmDirtyTracking # :nodoc: - def self.activerecord51? - defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + module Orm # :nodoc: + def self.active_record?(model) + defined?(ActiveRecord) && model < ActiveRecord::Base end - if activerecord51? + def self.active_record_51?(model) + active_record?(model) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + end + + def self.included(model) + if Devise::Orm.active_record_51?(model) + model.include DirtyTrackingNewMethods + else + model.include DirtyTrackingOldMethods + end + end + + module DirtyTrackingNewMethods def devise_email_before_last_save email_before_last_save end @@ -28,7 +40,9 @@ def devise_will_save_change_to_email? def devise_respond_to_and_will_save_change_to_attribute?(attribute) respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") end - else + end + + module DirtyTrackingOldMethods def devise_email_before_last_save email_was end From 3926e6d9eb139cc839faec8ea6c8f8cefa2d95f6 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Mar 2023 09:39:17 -0300 Subject: [PATCH 1379/1473] Release v4.9.1 --- CHANGELOG.md | 4 ++++ Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f329f3df4..de772cd634 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased + + +### 4.9.1 - 2023-03-31 + * enhancements * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575) diff --git a/Gemfile.lock b/Gemfile.lock index bffcb2cdc1..55c6cbbbc5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.0) + devise (4.9.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 73c38d4d95..ff3e1df88f 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.0".freeze + VERSION = "4.9.1".freeze end From 4f849f4fa9a74608a9447806179c8cbb19bd7b38 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 3 Apr 2023 09:18:34 -0300 Subject: [PATCH 1380/1473] Bring back `Devise.activerecord51? and deprecate it Even though this is considered an internal / non-public / nodoc method, it seems some libraries relied on it internally, causing some breakage. Known libraries so far are `devise-security` and `devise-pwned_password`. Closes #5580 --- CHANGELOG.md | 3 ++- lib/devise.rb | 8 ++++++++ test/devise_test.rb | 4 ++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index de772cd634..8746e5e40c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### Unreleased - +* deprecations + * Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it. ### 4.9.1 - 2023-03-31 diff --git a/lib/devise.rb b/lib/devise.rb index ca1130d9e9..b8677e798e 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -520,6 +520,14 @@ def self.secure_compare(a, b) b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end + + def self.activerecord51? # :nodoc: + ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version. + It is a non-public method that's no longer used internally, but that other libraries have been relying on. + DEPRECATION + defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + end end require 'warden' diff --git a/test/devise_test.rb b/test/devise_test.rb index 423daf37ef..54ed986750 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -106,4 +106,8 @@ class DeviseTest < ActiveSupport::TestCase assert_no_match Devise.email_regexp, email end end + + test 'Devise.activerecord51? deprecation' do + assert_deprecated { Devise.activerecord51? } + end end From 8b0b849a67c46b10827743aa0ccb0679d69e5396 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 3 Apr 2023 09:23:02 -0300 Subject: [PATCH 1381/1473] Release v4.9.2 --- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 55c6cbbbc5..23005760dc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.1) + devise (4.9.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index ff3e1df88f..19df7b4496 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.1".freeze + VERSION = "4.9.2".freeze end From 4b72064bfcf076478c5c87818b9536b203f6584f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 3 Apr 2023 09:25:06 -0300 Subject: [PATCH 1382/1473] Add missing changelog version [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8746e5e40c..d96ad3f1c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased + + +### 4.9.2 - 2023-04-03 + * deprecations * Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it. From 882dd70a9f2c750e4703cace23792f415198e778 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Barri=C3=A9?= Date: Thu, 6 Apr 2023 21:57:49 +0200 Subject: [PATCH 1383/1473] Use a dedicated ActiveSupport::Deprecation Rails 7.1 will deprecate using the singleton ActiveSupport::Deprecation instance. This defines one for the gem and uses it. --- app/helpers/devise_helper.rb | 2 +- lib/devise.rb | 6 +++++- lib/devise/controllers/sign_in_out.rb | 2 +- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/database_authenticatable.rb | 4 ++-- lib/devise/test/controller_helpers.rb | 2 +- lib/devise/test_helpers.rb | 2 +- test/devise_test.rb | 4 +++- test/models/serializable_test.rb | 4 +++- test/test_helper.rb | 13 +++++++++++++ 10 files changed, 31 insertions(+), 10 deletions(-) diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index d997801190..b9101e04b0 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -4,7 +4,7 @@ module DeviseHelper # Retain this method for backwards compatibility, deprecated in favor of modifying the # devise/shared/error_messages partial. def devise_error_messages! - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be removed in the next major version. diff --git a/lib/devise.rb b/lib/devise.rb index b8677e798e..3847e190c6 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -521,8 +521,12 @@ def self.secure_compare(a, b) res == 0 end + def self.deprecator + @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise") + end + def self.activerecord51? # :nodoc: - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version. It is a non-public method that's no longer used internally, but that other libraries have been relying on. DEPRECATION diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 90c2a4367f..b12f05f759 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -38,7 +38,7 @@ def sign_in(resource_or_scope, *args) expire_data_after_sign_in! if options[:bypass] - ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller) + Devise.deprecator.warn(<<-DEPRECATION.strip_heredoc, caller) [Devise] bypass option is deprecated and it will be removed in future version of Devise. Please use bypass_sign_in method instead. Example: diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 62590de57b..30f2f463ab 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -62,7 +62,7 @@ module Authenticatable :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] include Devise::DeprecatedConstantAccessor - deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION" + deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", deprecator: Devise.deprecator included do class_attribute :devise_modules, instance_writer: false diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index fc6ad714e6..8903e6d06f 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -86,7 +86,7 @@ def clean_up_passwords # is also rejected as long as it is also blank. def update_with_password(params, *options) if options.present? - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_with_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it @@ -128,7 +128,7 @@ def update_with_password(params, *options) # def update_without_password(params, *options) if options.present? - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_without_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 30b45b3a6d..b6a7156ec0 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -69,7 +69,7 @@ def sign_in(resource, deprecated = nil, scope: nil) scope = resource resource = deprecated - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise. Please use sign_in(resource, scope: :#{scope}) instead. DEPRECATION diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index c5b52fade7..cc9ef4242f 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -4,7 +4,7 @@ module Devise module TestHelpers def self.included(base) base.class_eval do - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise. For controller tests, please include `Devise::Test::ControllerHelpers` instead. DEPRECATION diff --git a/test/devise_test.rb b/test/devise_test.rb index 54ed986750..532aa57dc6 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -108,6 +108,8 @@ class DeviseTest < ActiveSupport::TestCase end test 'Devise.activerecord51? deprecation' do - assert_deprecated { Devise.activerecord51? } + assert_deprecated("`Devise.activerecord51?` is deprecated", Devise.deprecator) do + Devise.activerecord51? + end end end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 225f7ae699..3a0322802b 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -32,7 +32,9 @@ class SerializableTest < ActiveSupport::TestCase end test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do - assert_deprecated { Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION } + assert_deprecated("Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", Devise.deprecator) do + Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION + end end def assert_key(key, subject) diff --git a/test/test_helper.rb b/test/test_helper.rb index ad5a6db665..aba66aa744 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,6 +23,19 @@ if ActiveSupport.respond_to?(:test_order) ActiveSupport.test_order = :random end +class ActiveSupport::TestCase + if ActiveSupport.version < Gem::Version.new("5.0") + def assert_deprecated(match, deprecator) + super(match) do + behavior = deprecator.behavior + deprecator.behavior = ActiveSupport::Deprecation.behavior + yield + ensure + deprecator.behavior = behavior + end + end + end +end OmniAuth.config.logger = Logger.new('/dev/null') From e1298c87d7f6c05ed5ba02a020e943c2c6bcd62e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Barri=C3=A9?= Date: Thu, 8 Jun 2023 11:21:34 +0200 Subject: [PATCH 1384/1473] Add deprecator to the application's deprecators --- lib/devise/rails.rb | 4 ++++ test/rails_test.rb | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 5cc5fa6d52..ab308e979d 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -17,6 +17,10 @@ class Engine < ::Rails::Engine app.reload_routes! if Devise.reload_routes end + initializer "devise.deprecator" do |app| + app.deprecators[:devise] = Devise.deprecator if app.respond_to?(:deprecators) + end + initializer "devise.url_helpers" do Devise.include_helpers(Devise::Controllers) end diff --git a/test/rails_test.rb b/test/rails_test.rb index fdc1612e8f..64ff82cda6 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -8,4 +8,10 @@ class RailsTest < ActiveSupport::TestCase assert_equal :load_config_initializers, initializer.after assert_equal :build_middleware_stack, initializer.before end + + if Devise::Test.rails71_and_up? + test 'deprecator is added to application deprecators' do + assert_not_nil Rails.application.deprecators[:devise] + end + end end From c809adeeed523c5f2dc70ff2143d9671529b1911 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Barri=C3=A9?= Date: Thu, 8 Jun 2023 11:35:45 +0200 Subject: [PATCH 1385/1473] Use show_exceptions = :none in Rails 7.1 DEPRECATION WARNING: Setting action_dispatch.show_exceptions to false is deprecated. Set to :none instead. --- test/rails_app/config/environments/test.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index c5d393c5e0..9153790ad2 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -32,7 +32,11 @@ config.action_controller.perform_caching = false # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + if Devise::Test.rails71_and_up? + config.action_dispatch.show_exceptions = :none + else + config.action_dispatch.show_exceptions = false + end # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false From 48e115334b72b0b07f0f3a2cbe97dc48c0795850 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Barri=C3=A9?= Date: Thu, 8 Jun 2023 11:46:18 +0200 Subject: [PATCH 1386/1473] Remove MigrationContext deprecation in 7.1 DEPRECATION WARNING: SchemaMigration no longer inherits from ActiveRecord::Base. If you want to use the default connection, remove this argument. If you want to use a specific connection, instantiate MigrationContext with the connection's schema migration, for example `MigrationContext.new(path, Dog.connection.schema_migration)`. --- test/orm/active_record.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index cf500330ad..97bf37c51f 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,9 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails6_and_up? +if Devise::Test.rails71_and_up? + ActiveRecord::MigrationContext.new(migrate_path).migrate +elsif Devise::Test.rails6_and_up? ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate elsif Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate From 6d058bfde8d5cdf5a4cba820dc542cbe5bdcf5c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 22:34:19 +0000 Subject: [PATCH 1387/1473] Fix tests after #5515 --- test/integration/recoverable_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 44cb0b9e2d..c391b0b2eb 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -18,7 +18,7 @@ def request_forgot_password(&block) yield if block_given? Devise.stubs(:friendly_token).returns("abcdef") - click_button 'Send me reset password instructions' + click_button 'Send me password reset instructions' end def reset_password(options = {}, &block) @@ -339,7 +339,7 @@ def reset_password(options = {}, &block) swap Devise, paranoid: true do visit_new_password_path fill_in "email", with: "arandomemail@test.com" - click_button 'Send me reset password instructions' + click_button 'Send me password reset instructions' assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "Email not found" @@ -353,7 +353,7 @@ def reset_password(options = {}, &block) user = create_user visit_new_password_path fill_in 'email', with: user.email - click_button 'Send me reset password instructions' + click_button 'Send me password reset instructions' assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." assert_current_url "/users/sign_in" From fc731a88bbf4d4d43da180043d612d0e926add29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 22:34:44 +0000 Subject: [PATCH 1388/1473] Add devcontainer configuration This will allow contributors to setup their environment using VS Code container or Codebases. --- .devcontainer/devcontainer.json | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000000..75ad21eca9 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,25 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the +// README at: https://github.com/devcontainers/templates/tree/main/src/ruby +{ + "name": "Ruby", + // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile + "image": "mcr.microsoft.com/devcontainers/ruby:0-3-bullseye", + "features": { + "ghcr.io/devcontainers/features/github-cli:1": {} + }, + + // Features to add to the dev container. More info: https://containers.dev/features. + // "features": {}, + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + "postCreateCommand": "bundle install", + + // Configure tool-specific properties. + // "customizations": {}, + + // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. + // "remoteUser": "root" +} From 1a3d1ae3502f2b214de326ebab1220c5ab275eaa Mon Sep 17 00:00:00 2001 From: Iain Beeston Date: Tue, 24 May 2022 10:07:05 +0100 Subject: [PATCH 1389/1473] Replaced `
` with paragraph tags In regular HTML `
` is a void element, so it Many of the shared templates used by devise use `
` to separate lines, which is invalid html because `
` doesn't need a closing tag or a closing slash. See the WhatWG spec here: https://html.spec.whatwg.org/multipage/text-level-semantics.html#the-br-element Also, the WhatWG spec uses `

` tags to separate `

- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>

diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 5fbb9ff0a7..3f1dbc72e0 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -5,16 +5,16 @@ <%= f.hidden_field :reset_password_token %>
- <%= f.label :password, "New password" %>
+

<%= f.label :password, "New password" %>

<% if @minimum_password_length %> - (<%= @minimum_password_length %> characters minimum)
+

(<%= @minimum_password_length %> characters minimum)

<% end %> - <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %> +

<%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>

- <%= f.label :password_confirmation, "Confirm new password" %>
- <%= f.password_field :password_confirmation, autocomplete: "new-password" %> +

<%= f.label :password_confirmation, "Confirm new password" %>

+

<%= f.password_field :password_confirmation, autocomplete: "new-password" %>

diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 6a9f517f0e..bea7ad1302 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -4,8 +4,8 @@ <%= render "devise/shared/error_messages", resource: resource %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index b82e3365a3..19bb019bc7 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -4,8 +4,8 @@ <%= render "devise/shared/error_messages", resource: resource %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> @@ -13,22 +13,21 @@ <% end %>
- <%= f.label :password %> (leave blank if you don't want to change it)
- <%= f.password_field :password, autocomplete: "new-password" %> +

<%= f.label :password %> (leave blank if you don't want to change it)

+

<%= f.password_field :password, autocomplete: "new-password" %>

<% if @minimum_password_length %> -
- <%= @minimum_password_length %> characters minimum +

<%= @minimum_password_length %> characters minimum

<% end %>
- <%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "new-password" %> +

<%= f.label :password_confirmation %>

+

<%= f.password_field :password_confirmation, autocomplete: "new-password" %>

- <%= f.label :current_password %> (we need your current password to confirm your changes)
- <%= f.password_field :current_password, autocomplete: "current-password" %> +

<%= f.label :current_password %> (we need your current password to confirm your changes)

+

<%= f.password_field :current_password, autocomplete: "current-password" %>

diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index d655b66f6f..03f48fbb60 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -4,21 +4,21 @@ <%= render "devise/shared/error_messages", resource: resource %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

- <%= f.label :password %> +

<%= f.label :password %>

<% if @minimum_password_length %> - (<%= @minimum_password_length %> characters minimum) - <% end %>
- <%= f.password_field :password, autocomplete: "new-password" %> +

(<%= @minimum_password_length %> characters minimum)

+ <% end %> +

<%= f.password_field :password, autocomplete: "new-password" %>

- <%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "new-password" %> +

<%= f.label :password_confirmation %>

+

<%= f.password_field :password_confirmation, autocomplete: "new-password" %>

diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 5ede96489d..6eeb9fc763 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -2,19 +2,19 @@ <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

- <%= f.label :password %>
- <%= f.password_field :password, autocomplete: "current-password" %> +

<%= f.label :password %>

+

<%= f.password_field :password, autocomplete: "current-password" %>

<% if devise_mapping.rememberable? %>
- <%= f.check_box :remember_me %> - <%= f.label :remember_me %> +

<%= f.check_box :remember_me %>

+

<%= f.label :remember_me %>

<% end %> diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index 7a75304bad..21cf422d51 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -1,25 +1,25 @@ <%- if controller_name != 'sessions' %> - <%= link_to "Log in", new_session_path(resource_name) %>
+

<%= link_to "Log in", new_session_path(resource_name) %>

<% end %> <%- if devise_mapping.registerable? && controller_name != 'registrations' %> - <%= link_to "Sign up", new_registration_path(resource_name) %>
+

<%= link_to "Sign up", new_registration_path(resource_name) %>

<% end %> <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> - <%= link_to "Forgot your password?", new_password_path(resource_name) %>
+

<%= link_to "Forgot your password?", new_password_path(resource_name) %>

<% end %> <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> - <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
+

<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>

<% end %> <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> - <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+

<%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>

<% end %> <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> - <%= button_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), data: { turbo: false } %>
+

<%= button_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), data: { turbo: false } %>

<% end %> <% end %> diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb index ffc34de8d1..6b68d724cb 100644 --- a/app/views/devise/unlocks/new.html.erb +++ b/app/views/devise/unlocks/new.html.erb @@ -4,8 +4,8 @@ <%= render "devise/shared/error_messages", resource: resource %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

From e524a3d22d5044e1a2acc18a206f8754e25be039 Mon Sep 17 00:00:00 2001 From: soartec-lab Date: Fri, 26 May 2023 16:43:47 +0900 Subject: [PATCH 1390/1473] Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` --- CHANGELOG.md | 3 ++- lib/devise/models/authenticatable.rb | 3 --- test/models/serializable_test.rb | 6 ------ 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d96ad3f1c6..5878f75eb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### Unreleased - +* enhancements + * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) ### 4.9.2 - 2023-04-03 diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 30f2f463ab..e3466ebaf8 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -61,9 +61,6 @@ module Authenticatable :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at, :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] - include Devise::DeprecatedConstantAccessor - deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", deprecator: Devise.deprecator - included do class_attribute :devise_modules, instance_writer: false self.devise_modules ||= [] diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 3a0322802b..024ccf4497 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -31,12 +31,6 @@ class SerializableTest < ActiveSupport::TestCase assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"] end - test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do - assert_deprecated("Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", Devise.deprecator) do - Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION - end - end - def assert_key(key, subject) assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}" end From 285dc5d2fcae1b2225c3f394957b16aca2719fa4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 23:23:28 +0000 Subject: [PATCH 1391/1473] Bump supercharge/mongodb-github-action from 1.3.0 to 1.9.0 Bumps [supercharge/mongodb-github-action](https://github.com/supercharge/mongodb-github-action) from 1.3.0 to 1.9.0. - [Release notes](https://github.com/supercharge/mongodb-github-action/releases) - [Changelog](https://github.com/supercharge/mongodb-github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/supercharge/mongodb-github-action/compare/1.3.0...1.9.0) --- updated-dependencies: - dependency-name: supercharge/mongodb-github-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 207f5703fc..e217e2297b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -164,6 +164,6 @@ jobs: bundler-cache: true # runs bundle install and caches installed gems automatically bundler: ${{ env.BUNDLER_VERSION || 'default' }} rubygems: ${{ env.RUBYGEMS_VERSION || 'latest' }} - - uses: supercharge/mongodb-github-action@1.3.0 + - uses: supercharge/mongodb-github-action@1.9.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From ed1c2a1adb18ef79004db03e00cc8c6394301e42 Mon Sep 17 00:00:00 2001 From: Louis-Michel Couture Date: Fri, 5 May 2023 10:20:13 -0400 Subject: [PATCH 1392/1473] Make sure Mailer defaults :from and :reply_to are handled correctly Rails allow procs and lambda with either zero or more argument. Devise however always tried to call instance_eval on those values, which does always pass one argument: self. There was a PR to fix this specific problem in Devise https://github.com/heartcombo/devise/pull/4627, before the arity check was fixed in rails itself: https://github.com/rails/rails/pull/30391. But even if the problem was fixed in Rails, Devise was still calling the proc/lambas with instance_eval. That meant the fix added to Rails did not apply to Devise. The fix is to let Rails handle the :from and :reply_to defaults. We do that by unsetting the headers instead of trying to replicate Rails handling in Devise. This lets Rails handle it when setting up the mailer. --- lib/devise/mailers/helpers.rb | 24 +++++++++--------------- test/mailers/mailer_test.rb | 26 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index f6997462d4..29a491970d 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -33,28 +33,22 @@ def headers_for(action, opts) subject: subject_for(action), to: resource.email, from: mailer_sender(devise_mapping), - reply_to: mailer_reply_to(devise_mapping), + reply_to: mailer_sender(devise_mapping), template_path: template_paths, template_name: action - }.merge(opts) + } + # Give priority to the mailer's default if they exists. + headers.delete(:from) if default_params[:from] + headers.delete(:reply_to) if default_params[:reply_to] + + headers.merge!(opts) @email = headers[:to] headers end - def mailer_reply_to(mapping) - mailer_sender(mapping, :reply_to) - end - - def mailer_from(mapping) - mailer_sender(mapping, :from) - end - - def mailer_sender(mapping, sender = :from) - default_sender = default_params[sender] - if default_sender.present? - default_sender.respond_to?(:to_proc) ? instance_eval(&default_sender) : default_sender - elsif Devise.mailer_sender.is_a?(Proc) + def mailer_sender(mapping) + if Devise.mailer_sender.is_a?(Proc) Devise.mailer_sender.call(mapping.name) else Devise.mailer_sender diff --git a/test/mailers/mailer_test.rb b/test/mailers/mailer_test.rb index f8369052a8..6f9f568e8a 100644 --- a/test/mailers/mailer_test.rb +++ b/test/mailers/mailer_test.rb @@ -17,4 +17,30 @@ def confirmation_instructions(record, token, opts = {}) assert mail.content_transfer_encoding, "7bit" end + + test "default values defined as proc with different arity are handled correctly" do + class TestMailerWithDefault < Devise::Mailer + default from: -> { computed_from } + default reply_to: ->(_) { computed_reply_to } + + def confirmation_instructions(record, token, opts = {}) + @token = token + devise_mail(record, :confirmation_instructions, opts) + end + + private + + def computed_from + "from@example.com" + end + + def computed_reply_to + "reply_to@example.com" + end + end + + mail = TestMailerWithDefault.confirmation_instructions(create_user, "confirmation-token") + assert mail.from, "from@example.com" + assert mail.reply_to, "reply_to@example.com" + end end From 4f822356307813fc5fc143dbf2cb9a022a891125 Mon Sep 17 00:00:00 2001 From: Edouard CHIN Date: Thu, 7 Jul 2022 11:24:19 +0200 Subject: [PATCH 1393/1473] Use Omniauth.allowed_methods' as routing verbs for the auth path: - ### Context Since version 2.0.0, Omniauth no longer recognizes `GET` request on the auth path (`/users/auth/`). `POST` is the only verb that is by default recognized in order to mitigate CSRF attack. https://github.com/omniauth/omniauth/blob/66110da85e3106d9c9b138d384267a9397c75fe7/lib/omniauth/strategy.rb#L205 Ultimatelly, when a user try to access `GET /users/auth/facebook`, Devise [passthru action](https://github.com/heartcombo/devise/blob/6d32d2447cc0f3739d9732246b5a5bde98d9e032/app/controllers/devise/omniauth_callbacks_controller.rb#L6) will be called which just return a raw 404 page. ### Problem There is no problem per se and everything work. However the advantage of not matching GET request at the router layer allows to get that same 404 page stylized for "free" (Rails ending up rendering the 404 page of the app). I believe it's also more consistent and less surprising for users if this passthru action don't get called. ### Drawback An application can no longer override the `passthru` to perform the logic it wants (i.e. redirect the user). If this is a dealbreaker, feel free to close this PR :). --- lib/devise/rails/routes.rb | 2 +- test/integration/omniauthable_test.rb | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 004b985746..f58c9fdc48 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -447,7 +447,7 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: match "#{path_prefix}/#{provider}", to: "#{controllers[:omniauth_callbacks]}#passthru", as: "#{provider}_omniauth_authorize", - via: [:get, :post] + via: OmniAuth.config.allowed_request_methods match "#{path_prefix}/#{provider}/callback", to: "#{controllers[:omniauth_callbacks]}##{provider}", diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index db3d0871c1..72a59dbfbf 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -126,6 +126,28 @@ def stub_action!(name) end end + test "authorization path via GET when Omniauth allowed_request_methods includes GET" do + original_allowed = OmniAuth.config.allowed_request_methods + OmniAuth.config.allowed_request_methods = [:get, :post] + + get "/users/auth/facebook" + + assert_response(:redirect) + ensure + OmniAuth.config.allowed_request_methods = original_allowed + end + + test "authorization path via GET when Omniauth allowed_request_methods doesn't include GET" do + original_allowed = OmniAuth.config.allowed_request_methods + OmniAuth.config.allowed_request_methods = [:post] + + assert_raises(ActionController::RoutingError) do + get "/users/auth/facebook" + end + ensure + OmniAuth.config.allowed_request_methods = original_allowed + end + test "generates a link to authenticate with provider" do visit "/users/sign_in" assert_select "form[action=?][method=post]", "/users/auth/facebook" do From 5b22538ae501f79e3e6e3691b3d2a430a5305427 Mon Sep 17 00:00:00 2001 From: santu essence Date: Thu, 17 Aug 2023 10:25:06 +0530 Subject: [PATCH 1394/1473] Inherit from only base. --- lib/generators/active_record/devise_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 2198310da7..6018c934de 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -5,7 +5,7 @@ module ActiveRecord module Generators - class DeviseGenerator < ActiveRecord::Generators::Base + class DeviseGenerator < Base argument :attributes, type: :array, default: [], banner: "field:type field:type" class_option :primary_key_type, type: :string, desc: "The type for primary key" From f8f035155b9e00e6c6f702f81955bf89dfdb4a60 Mon Sep 17 00:00:00 2001 From: soartec-lab Date: Tue, 12 Sep 2023 11:10:32 +0900 Subject: [PATCH 1395/1473] Fixed missing migration to dedicated deprecator --- CHANGELOG.md | 1 + lib/devise/rails/deprecated_constant_accessor.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5878f75eb9..dc212feae1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) + * Changed to use a separate deprecator inside the gem. because `rails` 7.1 will deprecate using the singleton `ActiveSupport::Deprecation.instance` (@soartec-lab, @etiennebarrie) ### 4.9.2 - 2023-04-03 diff --git a/lib/devise/rails/deprecated_constant_accessor.rb b/lib/devise/rails/deprecated_constant_accessor.rb index d1eff92f2c..f5cf01f89c 100644 --- a/lib/devise/rails/deprecated_constant_accessor.rb +++ b/lib/devise/rails/deprecated_constant_accessor.rb @@ -26,7 +26,7 @@ def const_missing(missing_const_name) super end - def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance) + def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator) class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants) class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator } end From c4c8fad66c1bace811fefa98008a95f972c0bb54 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 09:55:31 -0300 Subject: [PATCH 1396/1473] Use Rails 7.1 on main Gemfile and create a new one for 7.0 --- .github/workflows/test.yml | 15 +++ Gemfile | 2 +- Gemfile.lock | 229 +++++++++++++++++++++---------------- gemfiles/Gemfile-rails-7-0 | 38 ++++++ 4 files changed, 183 insertions(+), 101 deletions(-) create mode 100644 gemfiles/Gemfile-rails-7-0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 207f5703fc..851bc6a65c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,6 +8,7 @@ jobs: gemfile: - Gemfile - gemfiles/Gemfile-rails-main + - gemfiles/Gemfile-rails-7-0 - gemfiles/Gemfile-rails-6-1 - gemfiles/Gemfile-rails-6-0 - gemfiles/Gemfile-rails-5-2 @@ -58,6 +59,20 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-main env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.5' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.4' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.3' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-7-0 + env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-1 ruby: '2.4' - gemfile: gemfiles/Gemfile-rails-6-1 diff --git a/Gemfile b/Gemfile index 1a4ec8235a..b975b7de70 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 7.0.0" +gem "rails", "~> 7.1.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 23005760dc..12ea9b8035 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/rails-controller-testing.git - revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74 + revision: c203673f8011a7cdc2a8edf995ae6b3eec3417ca specs: rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -20,114 +20,132 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.4.3) - actionpack (= 7.0.4.3) - activesupport (= 7.0.4.3) + actioncable (7.1.0) + actionpack (= 7.1.0) + activesupport (= 7.1.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4.3) - actionpack (= 7.0.4.3) - activejob (= 7.0.4.3) - activerecord (= 7.0.4.3) - activestorage (= 7.0.4.3) - activesupport (= 7.0.4.3) + zeitwerk (~> 2.6) + actionmailbox (7.1.0) + actionpack (= 7.1.0) + activejob (= 7.1.0) + activerecord (= 7.1.0) + activestorage (= 7.1.0) + activesupport (= 7.1.0) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.4.3) - actionpack (= 7.0.4.3) - actionview (= 7.0.4.3) - activejob (= 7.0.4.3) - activesupport (= 7.0.4.3) + actionmailer (7.1.0) + actionpack (= 7.1.0) + actionview (= 7.1.0) + activejob (= 7.1.0) + activesupport (= 7.1.0) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp - rails-dom-testing (~> 2.0) - actionpack (7.0.4.3) - actionview (= 7.0.4.3) - activesupport (= 7.0.4.3) - rack (~> 2.0, >= 2.2.0) + rails-dom-testing (~> 2.2) + actionpack (7.1.0) + actionview (= 7.1.0) + activesupport (= 7.1.0) + nokogiri (>= 1.8.5) + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.4.3) - actionpack (= 7.0.4.3) - activerecord (= 7.0.4.3) - activestorage (= 7.0.4.3) - activesupport (= 7.0.4.3) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.0) + actionpack (= 7.1.0) + activerecord (= 7.1.0) + activestorage (= 7.1.0) + activesupport (= 7.1.0) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.4.3) - activesupport (= 7.0.4.3) + actionview (7.1.0) + activesupport (= 7.1.0) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.4.3) - activesupport (= 7.0.4.3) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.0) + activesupport (= 7.1.0) globalid (>= 0.3.6) - activemodel (7.0.4.3) - activesupport (= 7.0.4.3) - activerecord (7.0.4.3) - activemodel (= 7.0.4.3) - activesupport (= 7.0.4.3) - activestorage (7.0.4.3) - actionpack (= 7.0.4.3) - activejob (= 7.0.4.3) - activerecord (= 7.0.4.3) - activesupport (= 7.0.4.3) + activemodel (7.1.0) + activesupport (= 7.1.0) + activerecord (7.1.0) + activemodel (= 7.1.0) + activesupport (= 7.1.0) + timeout (>= 0.4.0) + activestorage (7.1.0) + actionpack (= 7.1.0) + activejob (= 7.1.0) + activerecord (= 7.1.0) + activesupport (= 7.1.0) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (7.0.4.3) + activesupport (7.1.0) + base64 + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) minitest (>= 5.1) + mutex_m tzinfo (~> 2.0) - bcrypt (3.1.18) + base64 (0.1.1) + bcrypt (3.1.19) + bigdecimal (3.1.4) builder (3.2.4) concurrent-ruby (1.2.2) + connection_pool (2.4.1) crass (1.0.6) date (3.3.3) + drb (2.1.1) + ruby2_keywords erubi (1.12.0) - faraday (2.7.4) + faraday (2.7.11) + base64 faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - globalid (1.1.0) - activesupport (>= 5.0) + globalid (1.2.1) + activesupport (>= 6.1) hashie (5.0.0) - i18n (1.12.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) - jwt (2.7.0) - loofah (2.19.1) + io-console (0.6.0) + irb (1.8.1) + rdoc + reline (>= 0.3.8) + jwt (2.7.1) + loofah (2.21.3) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) mail (2.8.1) mini_mime (>= 0.1.1) net-imap net-pop net-smtp marcel (1.0.2) - method_source (1.0.0) - mini_mime (1.1.2) - mini_portile2 (2.8.1) - minitest (5.18.0) + mini_mime (1.1.5) + mini_portile2 (2.8.4) + minitest (5.20.0) mocha (1.16.1) multi_xml (0.6.0) - net-imap (0.3.4) + mutex_m (0.1.2) + net-imap (0.4.1) date net-protocol net-pop (0.1.2) net-protocol net-protocol (0.2.1) timeout - net-smtp (0.3.3) + net-smtp (0.4.0) net-protocol - nio4r (2.5.8) - nokogiri (1.14.2) - mini_portile2 (~> 2.8.0) + nio4r (2.5.9) + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -151,72 +169,83 @@ GEM orm_adapter (0.5.0) psych (5.1.0) stringio - racc (1.6.2) - rack (2.2.6.4) + racc (1.7.1) + rack (2.2.8) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (3.0.5) - rack + rack-protection (3.1.0) + rack (~> 2.2, >= 2.2.4) + rack-session (1.0.1) + rack (< 3) rack-test (2.1.0) rack (>= 1.3) - rails (7.0.4.3) - actioncable (= 7.0.4.3) - actionmailbox (= 7.0.4.3) - actionmailer (= 7.0.4.3) - actionpack (= 7.0.4.3) - actiontext (= 7.0.4.3) - actionview (= 7.0.4.3) - activejob (= 7.0.4.3) - activemodel (= 7.0.4.3) - activerecord (= 7.0.4.3) - activestorage (= 7.0.4.3) - activesupport (= 7.0.4.3) + rackup (1.0.0) + rack (< 3) + webrick + rails (7.1.0) + actioncable (= 7.1.0) + actionmailbox (= 7.1.0) + actionmailer (= 7.1.0) + actionpack (= 7.1.0) + actiontext (= 7.1.0) + actionview (= 7.1.0) + activejob (= 7.1.0) + activemodel (= 7.1.0) + activerecord (= 7.1.0) + activestorage (= 7.1.0) + activesupport (= 7.1.0) bundler (>= 1.15.0) - railties (= 7.0.4.3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + railties (= 7.1.0) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) - railties (7.0.4.3) - actionpack (= 7.0.4.3) - activesupport (= 7.0.4.3) - method_source + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + railties (7.1.0) + actionpack (= 7.1.0) + activesupport (= 7.1.0) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) - zeitwerk (~> 2.5) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rake (13.0.6) rdoc (6.5.0) psych (>= 4.0.0) + reline (0.3.9) + io-console (~> 0.5) responders (3.1.0) actionpack (>= 5.2) railties (>= 5.2) - rexml (3.2.5) + rexml (3.2.6) ruby-openid (2.9.2) ruby2_keywords (0.0.5) snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - sqlite3 (1.6.1) + sqlite3 (1.6.6) mini_portile2 (~> 2.8.0) - stringio (3.0.5) - thor (1.2.1) - timecop (0.9.6) - timeout (0.3.2) + stringio (3.0.8) + thor (1.2.2) + timecop (0.9.8) + timeout (0.4.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - version_gem (1.1.2) + version_gem (1.1.3) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.5) + webrick (1.8.1) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.7) + zeitwerk (2.6.12) PLATFORMS ruby @@ -228,7 +257,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 7.0.0) + rails (~> 7.1.0) rails-controller-testing! rdoc responders (~> 3.1) diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 new file mode 100644 index 0000000000..91c8061cd8 --- /dev/null +++ b/gemfiles/Gemfile-rails-7-0 @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", "~> 7.0.0" +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.1" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "rexml" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.4" +end + +# platforms :jruby do +# gem "activerecord-jdbc-adapter" +# gem "activerecord-jdbcsqlite3-adapter" +# gem "jruby-openssl" +# end + +# TODO: +# group :mongoid do +# gem "mongoid", "~> 4.0.0" +# end From 14aa380d80f5003e147b06c376a2ace52d24f8db Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 17 Aug 2023 10:13:16 -0300 Subject: [PATCH 1397/1473] Update mocha to fix issue with Minitest compatibility layer There's a number of deprecation warnings to work through related to mocha updates in v2+, we'll get through those on a separate change. https://github.com/freerange/mocha/blob/main/RELEASE.md#200 The main issue is with Minitest, fixed in v2.1: https://github.com/freerange/mocha/blob/main/RELEASE.md#210 Also run `bundle update` on the main Gemfile to update all dependencies there to latest. --- Gemfile | 2 +- Gemfile.lock | 5 +++-- gemfiles/Gemfile-rails-4-1 | 2 +- gemfiles/Gemfile-rails-4-2 | 2 +- gemfiles/Gemfile-rails-5-0 | 2 +- gemfiles/Gemfile-rails-5-1 | 2 +- gemfiles/Gemfile-rails-5-2 | 2 +- gemfiles/Gemfile-rails-6-0 | 2 +- gemfiles/Gemfile-rails-6-1 | 2 +- gemfiles/Gemfile-rails-7-0 | 2 +- gemfiles/Gemfile-rails-main | 2 +- test/routes_test.rb | 2 +- 12 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Gemfile b/Gemfile index b975b7de70..722eb59a0d 100644 --- a/Gemfile +++ b/Gemfile @@ -19,7 +19,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/Gemfile.lock b/Gemfile.lock index 12ea9b8035..86faf08e2e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -131,7 +131,8 @@ GEM mini_mime (1.1.5) mini_portile2 (2.8.4) minitest (5.20.0) - mocha (1.16.1) + mocha (2.1.0) + ruby2_keywords (>= 0.0.5) multi_xml (0.6.0) mutex_m (0.1.2) net-imap (0.4.1) @@ -252,7 +253,7 @@ PLATFORMS DEPENDENCIES devise! - mocha (~> 1.1) + mocha (~> 2.1) omniauth omniauth-facebook omniauth-oauth2 diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 6f0b77e83d..33fb7b57a6 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -21,7 +21,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false gem 'test_after_commit', require: false end diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index 43367157fd..d99d368cdc 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -20,7 +20,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false gem 'test_after_commit', require: false end diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index 382cf3c5d3..ea23acf744 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -18,7 +18,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 24fe1d5e98..9921633ec6 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -16,7 +16,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index 5dc267def1..ef9f08fc14 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -16,7 +16,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index b59c4d3d76..b6afb67239 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -17,7 +17,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index a4a81e4149..bdebe1a761 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -23,7 +23,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index 91c8061cd8..ee474728ef 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -19,7 +19,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index c9bea6f2b8..12930653eb 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -17,7 +17,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/test/routes_test.rb b/test/routes_test.rb index 48d3f069f2..0cfd6fc0c1 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -2,7 +2,7 @@ require 'test_helper' -ExpectedRoutingError = MiniTest::Assertion +ExpectedRoutingError = Minitest::Assertion class DefaultRoutingTest < ActionController::TestCase test 'map new user session' do From 34cb23ed9c57471e61f57a2497832306171e9ca1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 11:29:27 -0300 Subject: [PATCH 1398/1473] Fix mocha warnings with hash vs kwargs --- test/controllers/helpers_test.rb | 20 ++++++++++---------- test/controllers/internal_helpers_test.rb | 4 ++-- test/integration/authenticatable_test.rb | 2 +- test/models/authenticatable_test.rb | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index abe0f648e8..655a1fb661 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -64,30 +64,30 @@ def setup end test 'proxy authenticate_user! to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with(scope: :user) + @mock_warden.expects(:authenticate!).with({ scope: :user }) @controller.authenticate_user! end test 'proxy authenticate_user! options to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with(scope: :user, recall: "foo") + @mock_warden.expects(:authenticate!).with({ scope: :user, recall: "foo" }) @controller.authenticate_user!(recall: "foo") end test 'proxy authenticate_admin! to authenticate with admin scope' do - @mock_warden.expects(:authenticate!).with(scope: :admin) + @mock_warden.expects(:authenticate!).with({ scope: :admin }) @controller.authenticate_admin! end test 'proxy authenticate_[group]! to authenticate!? with each scope' do [:user, :admin].each do |scope| - @mock_warden.expects(:authenticate!).with(scope: scope) + @mock_warden.expects(:authenticate!).with({ scope: scope }) @mock_warden.expects(:authenticate?).with(scope: scope).returns(false) end @controller.authenticate_commenter! end test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do - @mock_warden.expects(:authenticate!).with(scope: :publisher_account) + @mock_warden.expects(:authenticate!).with({ scope: :publisher_account }) @controller.authenticate_publisher_account! end @@ -127,14 +127,14 @@ def setup test 'sign in proxy to set_user on warden' do user = User.new @mock_warden.expects(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true) @controller.sign_in(:user, user) end test 'sign in accepts a resource as argument' do user = User.new @mock_warden.expects(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true) @controller.sign_in(user) end @@ -148,7 +148,7 @@ def setup test 'sign in again when the user is already in only if force is given' do user = User.new @mock_warden.expects(:user).returns(user) - @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true) @controller.sign_in(user, force: true) end @@ -269,7 +269,7 @@ def setup user = User.new @controller.session[:user_return_to] = "/foo.bar" @mock_warden.expects(:user).with(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true) @controller.expects(:redirect_to).with("/foo.bar") @controller.sign_in_and_redirect(user) end @@ -277,7 +277,7 @@ def setup test 'sign in and redirect uses the configured after sign in path' do admin = Admin.new @mock_warden.expects(:user).with(:admin).returns(nil) - @mock_warden.expects(:set_user).with(admin, scope: :admin).returns(true) + @mock_warden.expects(:set_user).with(admin, { scope: :admin }).returns(true) @controller.expects(:redirect_to).with(admin_root_path) @controller.sign_in_and_redirect(admin) end diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index af49c13023..124c8df06d 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -55,7 +55,7 @@ def setup end test 'require no authentication tests current mapping' do - @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true) + @mock_warden.expects(:authenticate?).with(:rememberable, { scope: :user }).returns(true) @mock_warden.expects(:user).with(:user).returns(User.new) @controller.expects(:redirect_to).with(root_path) @controller.send :require_no_authentication @@ -71,7 +71,7 @@ def setup end test 'require no authentication sets a flash message' do - @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true) + @mock_warden.expects(:authenticate?).with(:rememberable, { scope: :user }).returns(true) @mock_warden.expects(:user).with(:user).returns(User.new) @controller.expects(:redirect_to).with(root_path) @controller.send :require_no_authentication diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index b8d1be8ea9..5c56ca589f 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -572,7 +572,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest host! 'foo.bar.baz' swap Devise, request_keys: [:subdomain] do - User.expects(:find_for_authentication).with(subdomain: 'foo', email: 'user@test.com').returns(create_user) + User.expects(:find_for_authentication).with({ subdomain: 'foo', email: 'user@test.com' }).returns(create_user) sign_in_as_user assert warden.authenticated?(:user) end diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index fa31f6a88a..4d58b1e492 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -43,7 +43,7 @@ class AuthenticatableTest < ActiveSupport::TestCase user = create_user(email: 'example@example.com') attributes = ActionController::Parameters.new(email: 'example@example.com') - User.expects(:find_first_by_auth_conditions).with('email' => 'example@example.com').returns(user) + User.expects(:find_first_by_auth_conditions).with({ 'email' => 'example@example.com' }).returns(user) User.find_or_initialize_with_errors([:email], attributes) end end From a7d64ae313672488d8f689b3e48dc0601db8528f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 18:12:01 -0400 Subject: [PATCH 1399/1473] Merge pull request #5583 from etiennebarrie/deprecator Use a dedicated ActiveSupport::Deprecation --- app/helpers/devise_helper.rb | 2 +- lib/devise.rb | 6 +++++- lib/devise/controllers/sign_in_out.rb | 2 +- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/database_authenticatable.rb | 4 ++-- lib/devise/rails.rb | 4 ++++ lib/devise/test/controller_helpers.rb | 2 +- lib/devise/test_helpers.rb | 2 +- test/devise_test.rb | 4 +++- test/models/serializable_test.rb | 4 +++- test/rails_test.rb | 6 ++++++ test/test_helper.rb | 13 +++++++++++++ 12 files changed, 41 insertions(+), 10 deletions(-) diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index d997801190..b9101e04b0 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -4,7 +4,7 @@ module DeviseHelper # Retain this method for backwards compatibility, deprecated in favor of modifying the # devise/shared/error_messages partial. def devise_error_messages! - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be removed in the next major version. diff --git a/lib/devise.rb b/lib/devise.rb index b8677e798e..3847e190c6 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -521,8 +521,12 @@ def self.secure_compare(a, b) res == 0 end + def self.deprecator + @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise") + end + def self.activerecord51? # :nodoc: - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version. It is a non-public method that's no longer used internally, but that other libraries have been relying on. DEPRECATION diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 90c2a4367f..b12f05f759 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -38,7 +38,7 @@ def sign_in(resource_or_scope, *args) expire_data_after_sign_in! if options[:bypass] - ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller) + Devise.deprecator.warn(<<-DEPRECATION.strip_heredoc, caller) [Devise] bypass option is deprecated and it will be removed in future version of Devise. Please use bypass_sign_in method instead. Example: diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 62590de57b..30f2f463ab 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -62,7 +62,7 @@ module Authenticatable :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] include Devise::DeprecatedConstantAccessor - deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION" + deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", deprecator: Devise.deprecator included do class_attribute :devise_modules, instance_writer: false diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index fc6ad714e6..8903e6d06f 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -86,7 +86,7 @@ def clean_up_passwords # is also rejected as long as it is also blank. def update_with_password(params, *options) if options.present? - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_with_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it @@ -128,7 +128,7 @@ def update_with_password(params, *options) # def update_without_password(params, *options) if options.present? - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_without_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 5cc5fa6d52..ab308e979d 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -17,6 +17,10 @@ class Engine < ::Rails::Engine app.reload_routes! if Devise.reload_routes end + initializer "devise.deprecator" do |app| + app.deprecators[:devise] = Devise.deprecator if app.respond_to?(:deprecators) + end + initializer "devise.url_helpers" do Devise.include_helpers(Devise::Controllers) end diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 30b45b3a6d..b6a7156ec0 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -69,7 +69,7 @@ def sign_in(resource, deprecated = nil, scope: nil) scope = resource resource = deprecated - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise. Please use sign_in(resource, scope: :#{scope}) instead. DEPRECATION diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index c5b52fade7..cc9ef4242f 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -4,7 +4,7 @@ module Devise module TestHelpers def self.included(base) base.class_eval do - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise. For controller tests, please include `Devise::Test::ControllerHelpers` instead. DEPRECATION diff --git a/test/devise_test.rb b/test/devise_test.rb index 54ed986750..532aa57dc6 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -108,6 +108,8 @@ class DeviseTest < ActiveSupport::TestCase end test 'Devise.activerecord51? deprecation' do - assert_deprecated { Devise.activerecord51? } + assert_deprecated("`Devise.activerecord51?` is deprecated", Devise.deprecator) do + Devise.activerecord51? + end end end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 225f7ae699..3a0322802b 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -32,7 +32,9 @@ class SerializableTest < ActiveSupport::TestCase end test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do - assert_deprecated { Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION } + assert_deprecated("Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", Devise.deprecator) do + Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION + end end def assert_key(key, subject) diff --git a/test/rails_test.rb b/test/rails_test.rb index fdc1612e8f..64ff82cda6 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -8,4 +8,10 @@ class RailsTest < ActiveSupport::TestCase assert_equal :load_config_initializers, initializer.after assert_equal :build_middleware_stack, initializer.before end + + if Devise::Test.rails71_and_up? + test 'deprecator is added to application deprecators' do + assert_not_nil Rails.application.deprecators[:devise] + end + end end diff --git a/test/test_helper.rb b/test/test_helper.rb index ad5a6db665..aba66aa744 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,6 +23,19 @@ if ActiveSupport.respond_to?(:test_order) ActiveSupport.test_order = :random end +class ActiveSupport::TestCase + if ActiveSupport.version < Gem::Version.new("5.0") + def assert_deprecated(match, deprecator) + super(match) do + behavior = deprecator.behavior + deprecator.behavior = ActiveSupport::Deprecation.behavior + yield + ensure + deprecator.behavior = behavior + end + end + end +end OmniAuth.config.logger = Logger.new('/dev/null') From 13cb6e269d4bf1a4b67b579873ca4948814e273f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 18:16:49 -0400 Subject: [PATCH 1400/1473] Merge pull request #5599 from etiennebarrie/rails-edge-deprecations Fix Rails main deprecations --- test/orm/active_record.rb | 4 +++- test/rails_app/config/environments/test.rb | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index cf500330ad..97bf37c51f 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,9 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails6_and_up? +if Devise::Test.rails71_and_up? + ActiveRecord::MigrationContext.new(migrate_path).migrate +elsif Devise::Test.rails6_and_up? ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate elsif Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index c5d393c5e0..9153790ad2 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -32,7 +32,11 @@ config.action_controller.perform_caching = false # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + if Devise::Test.rails71_and_up? + config.action_dispatch.show_exceptions = :none + else + config.action_dispatch.show_exceptions = false + end # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false From 9784555304d4b5e476571aa78b8ee2f7a255a44a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 12 Sep 2023 21:39:56 -0300 Subject: [PATCH 1401/1473] Merge pull request #5628 from soartec-lab/fix/dedicated_active_support_deprecation Fixed missing migration to dedicated deprecator --- CHANGELOG.md | 3 ++- lib/devise/rails/deprecated_constant_accessor.rb | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d96ad3f1c6..1236363ab4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### Unreleased - +* enhancements + * Changed to use a separate deprecator inside the gem. because `rails` 7.1 will deprecate using the singleton `ActiveSupport::Deprecation.instance` (@soartec-lab, @etiennebarrie) ### 4.9.2 - 2023-04-03 diff --git a/lib/devise/rails/deprecated_constant_accessor.rb b/lib/devise/rails/deprecated_constant_accessor.rb index d1eff92f2c..f5cf01f89c 100644 --- a/lib/devise/rails/deprecated_constant_accessor.rb +++ b/lib/devise/rails/deprecated_constant_accessor.rb @@ -26,7 +26,7 @@ def const_missing(missing_const_name) super end - def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance) + def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator) class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants) class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator } end From fb7faf746676304aadc8185d0e17a05eb7bb5702 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 12 Sep 2023 21:52:54 -0300 Subject: [PATCH 1402/1473] Fix code to support older versions of Ruby We still support super old versions, yes, and it doesn't like `ensure` without a `begin..end` unfortunately. I plan to remove this support soon, but for now I don't want to stop supporting it yet. --- test/test_helper.rb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index aba66aa744..c0bb43f779 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -27,11 +27,14 @@ class ActiveSupport::TestCase if ActiveSupport.version < Gem::Version.new("5.0") def assert_deprecated(match, deprecator) super(match) do - behavior = deprecator.behavior - deprecator.behavior = ActiveSupport::Deprecation.behavior - yield - ensure - deprecator.behavior = behavior + # TODO: remove extra begin..end when dropping support for Ruby <= 2.4 + begin + behavior = deprecator.behavior + deprecator.behavior = ActiveSupport::Deprecation.behavior + yield + ensure + deprecator.behavior = behavior + end end end end From 373d83cc9d740a41b6fa9de6c3cce611d8740b8b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 13 Sep 2023 10:08:59 -0300 Subject: [PATCH 1403/1473] Use Bundler 1.x with Ruby <= 2.2 Here we go again. --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 851bc6a65c..8018e06a4e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -164,8 +164,8 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - uses: actions/checkout@v3 - - name: Setup Bundler 1.x for Rails 4.x - if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }} + - name: Setup Bundler 1.x for Rails 4.x and Ruby <= 2.2 + if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' || matrix.ruby <= '2.2' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV - name: Setup Rubygems version as default for Ruby < 2.5 if: ${{ matrix.ruby < '2.5' }} From 501ae58a2521cb549f2e2cefcbd6f9cf8ab91874 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 13 Sep 2023 10:15:15 -0300 Subject: [PATCH 1404/1473] Lock loofah on Rails <= 5.2 There's some incompatibility issue with loofah there since it uses an older version of nokogiri, so I'm locking it on those older versions to try to get a green build again there. --- gemfiles/Gemfile-rails-4-1 | 3 +++ gemfiles/Gemfile-rails-4-2 | 3 +++ gemfiles/Gemfile-rails-5-0 | 3 +++ gemfiles/Gemfile-rails-5-1 | 3 +++ gemfiles/Gemfile-rails-5-2 | 3 +++ 5 files changed, 15 insertions(+) diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 33fb7b57a6..f164f8a9f6 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -44,3 +44,6 @@ if RUBY_VERSION < "2.3.0" # `Object.deprecate_constant` which isn't available. gem "multipart-post", "2.1.1" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index d99d368cdc..31205659cf 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -43,3 +43,6 @@ if RUBY_VERSION < "2.3.0" # `Object.deprecate_constant` which isn't available. gem "multipart-post", "2.1.1" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index ea23acf744..7e3c3295db 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -35,3 +35,6 @@ if RUBY_VERSION < "2.3.0" # `Object.deprecate_constant` which isn't available. gem "multipart-post", "2.1.1" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 9921633ec6..bc85e0d427 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -28,3 +28,6 @@ if RUBY_VERSION < "2.3.0" # `Object.deprecate_constant` which isn't available. gem "multipart-post", "2.1.1" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index ef9f08fc14..0cfc29df86 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -22,3 +22,6 @@ end platforms :ruby do gem "sqlite3", "~> 1.3.6" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" From 218d14a2278bd5935b2e94315ae8a5308e3e96d2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 10:36:16 -0300 Subject: [PATCH 1405/1473] Lock ubuntu version to 20.04 to workaround older Ruby build issues Trying to get the build fully green for now. --- .github/workflows/test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8018e06a4e..ad9d58eb38 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -159,7 +159,9 @@ jobs: ruby: '2.5' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '2.4' - runs-on: ubuntu-latest + # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support. + # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740 + runs-on: ubuntu-20.04 env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: From f2a42abbf4b969b8e527f844275c96d0d9cdc4cf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 11:11:46 -0300 Subject: [PATCH 1406/1473] Ensure `_prefixes` is not available as an action method on controllers There was a change introduced in Rails 7.1 that causes all public actions of non-abstract controllers to become action methods, even if they happen to match the name of an internal method defined by abstract `ActionController::Base` and such, which is the case with `_prefixes`. This change was intentional, it allows for example to have an action called `status`, which is an internal method, and that is properly managed as an action method now. However, it broke Devise due to overriding `_prefixes`, which is a public method of Action Controller. To fix, we are simply ensuring we keep `_prefixes` as an internal method rather than action method, which matches previous behavior for this particular method/implementation in Devise. Ref: https://github.com/rails/rails/pull/48699 --- app/controllers/devise_controller.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 4bf92a6887..0bcd17a7c2 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -33,6 +33,17 @@ def _prefixes #:nodoc: end end + # Override internal methods to exclude `_prefixes` since we override it above. + # There was an intentional change in Rails 7.1 that will allow it to become + # an action method because it's a public method of a non-abstract controller, + # but we also can't make this abstract because it can affect potential actions + # defined in the parent controller, so instead we ensure `_prefixes` is going + # to be considered internal. (and thus, won't become an action method.) + # Ref: https://github.com/rails/rails/pull/48699 + def self.internal_methods #:nodoc: + super << :_prefixes + end + protected # Gets the actual resource stored in the instance variable From 407f223c65953e8dff905a70de1c461eb2b1c614 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 11:39:30 -0300 Subject: [PATCH 1407/1473] Fix test warning about deprecated cache format in Rails 7.1 --- test/rails_app/config/application.rb | 4 ++++ test/rails_app/config/boot.rb | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 1f4fbddba1..f23b897ac9 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -53,5 +53,9 @@ class Application < Rails::Application if Devise::Test.rails70? config.active_record.legacy_connection_handling = false end + + if Devise::Test.rails70_and_up? + config.active_support.cache_format_version = 7.0 + end end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 4c108cc8c3..80ebc818b6 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -12,6 +12,10 @@ def self.rails71_and_up? !rails70? && Rails::VERSION::MAJOR >= 7 end + def self.rails70_and_up? + Rails::VERSION::MAJOR >= 7 + end + def self.rails70? Rails.version.start_with? '7.0' end From 9a0862037875fdb753d9e1b540dadc483bf9d012 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 11:52:29 -0300 Subject: [PATCH 1408/1473] Update changelog with Rails 7.1 mention [ci skip] --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1236363ab4..be705e3ec8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,8 @@ ### Unreleased * enhancements - * Changed to use a separate deprecator inside the gem. because `rails` 7.1 will deprecate using the singleton `ActiveSupport::Deprecation.instance` (@soartec-lab, @etiennebarrie) + * Add support for Rails 7.1. + * Add `Devise.deprecator` to integrate with new application deprecators in Rails 7.1. (@soartec-lab, @etiennebarrie) ### 4.9.2 - 2023-04-03 From c146b25f31f81386c8ab71e0cb8ea2fc3723cad5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 17:24:07 -0300 Subject: [PATCH 1409/1473] Better clarify need to override `internal_methods` Co-authored-by: Eebs Kobeissi --- app/controllers/devise_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 0bcd17a7c2..1c3b41626d 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -33,7 +33,9 @@ def _prefixes #:nodoc: end end - # Override internal methods to exclude `_prefixes` since we override it above. + # Override internal methods to exclude `_prefixes` from action methods since + # we override it above. + # # There was an intentional change in Rails 7.1 that will allow it to become # an action method because it's a public method of a non-abstract controller, # but we also can't make this abstract because it can affect potential actions From 4484eddc5268e3f1e2d7fc989a7e17e119267c21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Maggioni?= Date: Wed, 11 Oct 2023 16:35:35 +0200 Subject: [PATCH 1410/1473] Fix caret placement typo --- README.md | 2 +- lib/generators/templates/devise.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9b6871f936..0cb8151d4d 100644 --- a/README.md +++ b/README.md @@ -481,7 +481,7 @@ Devise.setup do |config| # ... # When using Devise with Hotwire/Turbo, the http status for error responses # and some redirects must match the following. The default in Devise for existing - # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. config.responder.error_status = :unprocessable_entity diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 4503f33f81..9e6744bd7d 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -299,7 +299,7 @@ # ==> Hotwire/Turbo configuration # When using Devise with Hotwire/Turbo, the http status for error responses # and some redirects must match the following. The default in Devise for existing - # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. config.responder.error_status = :unprocessable_entity From dcbfb32e661861e540cb022b3f8605bfd97e799e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 11 Oct 2023 11:40:50 -0300 Subject: [PATCH 1411/1473] Merge pull request #5640 from nmaggioni/nm_config_template_typo Fix typo in config template --- README.md | 2 +- lib/generators/templates/devise.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0f2a7d64fe..a7e947f5c9 100644 --- a/README.md +++ b/README.md @@ -483,7 +483,7 @@ Devise.setup do |config| # ... # When using Devise with Hotwire/Turbo, the http status for error responses # and some redirects must match the following. The default in Devise for existing - # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. config.responder.error_status = :unprocessable_entity diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 4503f33f81..9e6744bd7d 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -299,7 +299,7 @@ # ==> Hotwire/Turbo configuration # When using Devise with Hotwire/Turbo, the http status for error responses # and some redirects must match the following. The default in Devise for existing - # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. config.responder.error_status = :unprocessable_entity From 1d6658097e364d45b5e059976f1e822eee7d67da Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 11 Oct 2023 19:08:36 -0300 Subject: [PATCH 1412/1473] Release v4.9.3 --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index be705e3ec8..26180e5dac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 4.9.3 - 2023-10-11 * enhancements * Add support for Rails 7.1. diff --git a/Gemfile.lock b/Gemfile.lock index 86faf08e2e..9b32ec4ade 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.2) + devise (4.9.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 19df7b4496..08f7e1447e 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.2".freeze + VERSION = "4.9.3".freeze end From c4701866ae8fe5fdee955e14174fd9714f3ffa64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 22:42:26 +0000 Subject: [PATCH 1413/1473] Drop support to EOL Rubies All Ruby 2.x are EOL now. --- .github/workflows/test.yml | 79 -------------------------------------- README.md | 4 +- devise.gemspec | 2 +- gemfiles/Gemfile-rails-4-1 | 49 ----------------------- gemfiles/Gemfile-rails-4-2 | 48 ----------------------- gemfiles/Gemfile-rails-5-0 | 40 ------------------- gemfiles/Gemfile-rails-5-1 | 33 ---------------- 7 files changed, 3 insertions(+), 252 deletions(-) delete mode 100644 gemfiles/Gemfile-rails-4-1 delete mode 100644 gemfiles/Gemfile-rails-4-2 delete mode 100644 gemfiles/Gemfile-rails-5-0 delete mode 100644 gemfiles/Gemfile-rails-5-1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1cd2c5076a..66dfc529de 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,43 +20,12 @@ jobs: - '3.2' - '3.1' - '3.0' - - '2.7' - - '2.6' - - '2.5' - - '2.4' - - '2.3' - - '2.2' - - '2.1' env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: - - gemfile: Gemfile - ruby: '2.6' - - gemfile: Gemfile - ruby: '2.5' - - gemfile: Gemfile - ruby: '2.4' - - gemfile: Gemfile - ruby: '2.3' - - gemfile: Gemfile - ruby: '2.2' - - gemfile: Gemfile - ruby: '2.1' - gemfile: Gemfile env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.6' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.5' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.4' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.3' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-main env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-7-0 @@ -73,28 +42,12 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-7-0 env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-6-1 - ruby: '2.4' - - gemfile: gemfiles/Gemfile-rails-6-1 - ruby: '2.3' - - gemfile: gemfiles/Gemfile-rails-6-1 - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-6-1 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-6-1 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-0 ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-6-0 ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '2.4' - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '2.3' - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-6-0 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-2 @@ -103,12 +56,6 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-2 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-2 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-1 @@ -117,10 +64,6 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-1 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-1 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-0 @@ -129,10 +72,6 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-0 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-0 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-4-2 @@ -141,24 +80,12 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-4-2 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '2.6' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '2.6' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '2.5' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '2.4' # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support. # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740 runs-on: ubuntu-20.04 @@ -169,12 +96,6 @@ jobs: - name: Setup Bundler 1.x for Rails 4.x and Ruby <= 2.2 if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' || matrix.ruby <= '2.2' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV - - name: Setup Rubygems version as default for Ruby < 2.5 - if: ${{ matrix.ruby < '2.5' }} - run: echo "RUBYGEMS_VERSION=default" >> $GITHUB_ENV - - name: Setup Rubygems version as 3.2.3 for Ruby 2.5 - if: ${{ matrix.ruby == '2.5' }} - run: echo "RUBYGEMS_VERSION=3.2.3" >> $GITHUB_ENV - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} diff --git a/README.md b/README.md index 0cb8151d4d..b1b778f1c8 100644 --- a/README.md +++ b/README.md @@ -129,9 +129,9 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. -For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: +For example, if the tests broke using Ruby 3.0.0 and Rails 4.1, you can do the following: ```bash -rbenv shell 2.4.2 # or rvm use 2.4.2 +rbenv shell 3.0.0 # or rvm use 3.0.0 BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bin/test ``` diff --git a/devise.gemspec b/devise.gemspec index 3efad0f4d6..bea117bb78 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -25,7 +25,7 @@ Gem::Specification.new do |s| s.files = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"] s.require_paths = ["lib"] - s.required_ruby_version = '>= 2.1.0' + s.required_ruby_version = '>= 3.0.0' s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 deleted file mode 100644 index f164f8a9f6..0000000000 --- a/gemfiles/Gemfile-rails-4-1 +++ /dev/null @@ -1,49 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -git_source(:github) do |repo_name| - repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?('/') - "https://github.com/#{repo_name}.git" -end - -gemspec path: ".." - -gem "rails", github: "rails/rails", branch: "4-1-stable" -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc", "~> 5.1" -# Force this version because it's breaking on CI since a higher nokogiri version requires Ruby 2.3+. -gem "nokogiri", "1.9.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false - gem 'test_after_commit', require: false -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -group :mongoid do - gem "mongoid", "~> 4.0" -end - -if RUBY_VERSION < "2.3.0" - # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using - # `Object.deprecate_constant` which isn't available. - gem "multipart-post", "2.1.1" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 deleted file mode 100644 index 31205659cf..0000000000 --- a/gemfiles/Gemfile-rails-4-2 +++ /dev/null @@ -1,48 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -git_source(:github) do |repo_name| - repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?('/') - "https://github.com/#{repo_name}.git" -end - -gemspec path: ".." - -gem "rails", github: "rails/rails", branch: "4-2-stable" -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc", "~> 5.1" -gem "nokogiri", "1.9.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false - gem 'test_after_commit', require: false -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -group :mongoid do - gem "mongoid", "~> 4.0" -end - -if RUBY_VERSION < "2.3.0" - # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using - # `Object.deprecate_constant` which isn't available. - gem "multipart-post", "2.1.1" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 deleted file mode 100644 index 7e3c3295db..0000000000 --- a/gemfiles/Gemfile-rails-5-0 +++ /dev/null @@ -1,40 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", '~> 5.0.0' -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc" - -gem "rails-controller-testing" - -gem "responders", "~> 2.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -# TODO: -# group :mongoid do -# gem "mongoid", "~> 4.0.0" -# end - -if RUBY_VERSION < "2.3.0" - # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using - # `Object.deprecate_constant` which isn't available. - gem "multipart-post", "2.1.1" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 deleted file mode 100644 index bc85e0d427..0000000000 --- a/gemfiles/Gemfile-rails-5-1 +++ /dev/null @@ -1,33 +0,0 @@ -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", '~> 5.1.0' -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc" - -gem "rails-controller-testing" - -gem "responders", "~> 2.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -if RUBY_VERSION < "2.3.0" - # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using - # `Object.deprecate_constant` which isn't available. - gem "multipart-post", "2.1.1" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" From c8207373ea9da4021a30d913b50c473fb8bcc396 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 22:56:53 +0000 Subject: [PATCH 1414/1473] Drop support to all EOL rails versions --- .github/workflows/test.yml | 56 ------------------- CHANGELOG.md | 3 + Gemfile.lock | 2 +- README.md | 16 +++--- devise.gemspec | 2 +- gemfiles/Gemfile-rails-5-2 | 27 --------- lib/devise/controllers/sign_in_out.rb | 6 -- lib/devise/failure_app.rb | 19 +------ lib/devise/models/authenticatable.rb | 13 +---- lib/devise/orm.rb | 38 +------------ lib/devise/parameter_sanitizer.rb | 3 +- .../rails/deprecated_constant_accessor.rb | 39 ------------- lib/devise/test/controller_helpers.rb | 1 - .../active_record/devise_generator.rb | 14 ++--- .../active_record_generator_test.rb | 18 +----- test/integration/rememberable_test.rb | 8 +-- test/orm/active_record.rb | 15 +---- .../app/controllers/home_controller.rb | 6 +- .../app/controllers/streaming_controller.rb | 2 +- .../users/omniauth_callbacks_controller.rb | 2 +- .../app/controllers/users_controller.rb | 6 +- test/rails_app/config/application.rb | 11 ---- test/rails_app/config/boot.rb | 24 -------- .../config/environments/production.rb | 8 +-- test/rails_app/config/environments/test.rb | 12 +--- .../migrate/20100401102949_create_tables.rb | 6 +- test/routes_test.rb | 10 ++-- test/support/http_method_compatibility.rb | 28 ---------- test/test/controller_helpers_test.rb | 14 +---- 29 files changed, 46 insertions(+), 363 deletions(-) delete mode 100644 gemfiles/Gemfile-rails-5-2 delete mode 100644 lib/devise/rails/deprecated_constant_accessor.rb diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 66dfc529de..9b89980817 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,11 +11,6 @@ jobs: - gemfiles/Gemfile-rails-7-0 - gemfiles/Gemfile-rails-6-1 - gemfiles/Gemfile-rails-6-0 - - gemfiles/Gemfile-rails-5-2 - - gemfiles/Gemfile-rails-5-1 - - gemfiles/Gemfile-rails-5-0 - - gemfiles/Gemfile-rails-4-2 - - gemfiles/Gemfile-rails-4-1 ruby: - '3.2' - '3.1' @@ -28,18 +23,6 @@ jobs: env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.6' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.5' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.4' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.3' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-7-0 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-1 @@ -50,42 +33,6 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-6-0 env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-2 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-1 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-0 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '3.0' # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support. # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740 runs-on: ubuntu-20.04 @@ -93,9 +40,6 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - uses: actions/checkout@v3 - - name: Setup Bundler 1.x for Rails 4.x and Ruby <= 2.2 - if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' || matrix.ruby <= '2.2' }} - run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f196a1e06..66c3810a00 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### Unreleased +* Drop support to Ruby < 3.0 +* Drop support to Rails < 6.0 + * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) diff --git a/Gemfile.lock b/Gemfile.lock index 9b32ec4ade..eaa82dd640 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,7 +13,7 @@ PATH devise (4.9.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0) + railties (>= 6.0.0) responders warden (~> 1.2.3) diff --git a/README.md b/README.md index b1b778f1c8..2dbe0230bc 100644 --- a/README.md +++ b/README.md @@ -129,17 +129,17 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. -For example, if the tests broke using Ruby 3.0.0 and Rails 4.1, you can do the following: +For example, if the tests broke using Ruby 3.0.0 and Rails 6.0, you can do the following: ```bash rbenv shell 3.0.0 # or rvm use 3.0.0 -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bin/test ``` You can also combine both of them if the tests broke for Mongoid: ```bash -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable DEVISE_ORM=mongoid bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable DEVISE_ORM=mongoid bin/test ``` ### Running tests @@ -172,7 +172,7 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 4.0 works with Rails 4.1 onwards. Run: +Devise 4.0 works with Rails 6.0 onwards. Run: ```sh bundle add devise @@ -691,9 +691,9 @@ Alternatively, you can simply run the Devise generator. Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend that you use a role-based approach, by either providing a role column or using a dedicated gem for authorization. -### ActiveJob Integration +### Active Job Integration -If you are using Rails 4.2 and ActiveJob to deliver ActionMailer messages in the +If you are using Active Job to deliver Action Mailer messages in the background through a queuing back-end, you can send Devise emails through your existing queue by overriding the `send_devise_notification` method in your model. diff --git a/devise.gemspec b/devise.gemspec index bea117bb78..b46dfcaea4 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -30,7 +30,7 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 4.1.0") + s.add_dependency("railties", ">= 6.0.0") s.add_dependency("responders") s.post_install_message = %q{ diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 deleted file mode 100644 index 0cfc29df86..0000000000 --- a/gemfiles/Gemfile-rails-5-2 +++ /dev/null @@ -1,27 +0,0 @@ -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", '~> 5.2.0' -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc" - -gem "rails-controller-testing" - -gem "responders", "~> 2.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index b12f05f759..fa29bbfca3 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -106,12 +106,6 @@ def sign_out_all_scopes(lock = true) private def expire_data_after_sign_in! - # TODO: remove once Rails 5.2+ and forward are only supported. - # session.keys will return an empty array if the session is not yet loaded. - # This is a bug in both Rack and Rails. - # A call to #empty? forces the session to be loaded. - session.empty? - session.keys.grep(/^devise\./).each { |k| session.delete(k) } end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 8458aef327..ed174133cb 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -140,7 +140,7 @@ def scope_url opts = {} # Initialize script_name with nil to prevent infinite loops in - # authenticated mounted engines in rails 4.2 and 5.0 + # authenticated mounted engines opts[:script_name] = nil route = route(scope) @@ -152,13 +152,6 @@ def scope_url if relative_url_root? opts[:script_name] = relative_url_root - - # We need to add the rootpath to `script_name` manually for applications that use a Rails - # version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines - # that use Devise. Remove it when the support of Rails 5.0 is dropped. - elsif root_path_defined?(context) && !rails_51_and_up? - rootpath = context.routes.url_helpers.root_path - opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1 end if context.respond_to?(route) @@ -274,15 +267,5 @@ def relative_url_root? end ActiveSupport.run_load_hooks(:devise_failure_app, self) - - private - - def root_path_defined?(context) - defined?(context.routes) && context.routes.url_helpers.respond_to?(:root_path) - end - - def rails_51_and_up? - Rails.gem_version >= Gem::Version.new("5.1") - end end end diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index e3466ebaf8..df964537ea 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -2,7 +2,6 @@ require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' -require 'devise/rails/deprecated_constant_accessor' module Devise module Models @@ -184,11 +183,8 @@ def devise_mailer # # Deliver later with Active Job's `deliver_later` # if message.respond_to?(:deliver_later) # message.deliver_later - # # Remove once we move to Rails 4.2+ only, as `deliver` is deprecated. - # elsif message.respond_to?(:deliver_now) - # message.deliver_now # else - # message.deliver + # message.deliver_now # end # end # @@ -196,12 +192,7 @@ def devise_mailer # def send_devise_notification(notification, *args) message = devise_mailer.send(notification, self, *args) - # Remove once we move to Rails 4.2+ only. - if message.respond_to?(:deliver_now) - message.deliver_now - else - message.deliver - end + message.deliver_now end def downcase_keys diff --git a/lib/devise/orm.rb b/lib/devise/orm.rb index 75baf2be50..3e9852cd3a 100644 --- a/lib/devise/orm.rb +++ b/lib/devise/orm.rb @@ -4,19 +4,11 @@ def self.active_record?(model) defined?(ActiveRecord) && model < ActiveRecord::Base end - def self.active_record_51?(model) - active_record?(model) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") - end - def self.included(model) - if Devise::Orm.active_record_51?(model) - model.include DirtyTrackingNewMethods - else - model.include DirtyTrackingOldMethods - end + model.include DirtyTrackingMethods end - module DirtyTrackingNewMethods + module DirtyTrackingMethods def devise_email_before_last_save email_before_last_save end @@ -41,31 +33,5 @@ def devise_respond_to_and_will_save_change_to_attribute?(attribute) respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") end end - - module DirtyTrackingOldMethods - def devise_email_before_last_save - email_was - end - - def devise_email_in_database - email_was - end - - def devise_saved_change_to_email? - email_changed? - end - - def devise_saved_change_to_encrypted_password? - encrypted_password_changed? - end - - def devise_will_save_change_to_email? - email_changed? - end - - def devise_respond_to_and_will_save_change_to_attribute?(attribute) - respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") - end - end end end diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index a2d721a1a3..6d9523a4f5 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -130,8 +130,7 @@ def permit(action, keys: nil, except: nil, &block) # # Returns an +ActiveSupport::HashWithIndifferentAccess+. def cast_to_hash(params) - # TODO: Remove the `with_indifferent_access` method call when we only support Rails 5+. - params && params.to_h.with_indifferent_access + params && params.to_h end def default_params diff --git a/lib/devise/rails/deprecated_constant_accessor.rb b/lib/devise/rails/deprecated_constant_accessor.rb deleted file mode 100644 index f5cf01f89c..0000000000 --- a/lib/devise/rails/deprecated_constant_accessor.rb +++ /dev/null @@ -1,39 +0,0 @@ -# frozen_string_literal: true - -begin - require 'active_support/deprecation/constant_accessor' - - module Devise - DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc: - end -rescue LoadError - - # Copy of constant deprecation module from Rails / Active Support version 6, so we can use it - # with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater. - module Devise - module DeprecatedConstantAccessor #:nodoc: - def self.included(base) - require "active_support/inflector/methods" - - extension = Module.new do - def const_missing(missing_const_name) - if class_variable_defined?(:@@_deprecated_constants) - if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s]) - replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations) - return ActiveSupport::Inflector.constantize(replacement[:new].to_s) - end - end - super - end - - def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator) - class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants) - class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator } - end - end - base.singleton_class.prepend extension - end - end - end - -end diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index b6a7156ec0..aba2bb448b 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -141,7 +141,6 @@ def _process_unauthenticated(env, options = {}) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a @controller.response.headers.merge!(headers) - @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5 @controller.status = status @controller.response_body = response.body nil # causes process return @response diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 6018c934de..89b2f94ddb 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -82,10 +82,6 @@ def inet? postgresql? end - def rails5_and_up? - Rails::VERSION::MAJOR >= 5 - end - def rails61_and_up? Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1) end @@ -106,14 +102,12 @@ def ar_config end end - def migration_version - if rails5_and_up? - "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" - end - end + def migration_version + "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" + end def primary_key_type - primary_key_string if rails5_and_up? + primary_key_string end def primary_key_string diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 757095edcf..1c7d8219f4 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -20,11 +20,7 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase Rails.application.config.paths.add "db/migrate", with: "db2/migrate" run_generator %w(monster) - if Rails.version >= '5.0.3' - assert_migration "db2/migrate/devise_create_monsters.rb", /def change/ - else - assert_migration "db/migrate/devise_create_monsters.rb", /def change/ - end + assert_migration "db2/migrate/devise_create_monsters.rb", /def change/ Rails.application.config.paths["db/migrate"] = old_paths end @@ -49,11 +45,7 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase assert_file "app/models/monster.rb" run_generator %w(monster) - if Rails.version >= '5.0.3' - assert_migration "db2/migrate/add_devise_to_monsters.rb" - else - assert_migration "db/migrate/add_devise_to_monsters.rb" - end + assert_migration "db2/migrate/add_devise_to_monsters.rb" Rails.application.config.paths["db/migrate"] = old_paths end @@ -84,11 +76,7 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase test "add primary key type with rails 5 when specified in rails generator" do run_generator ["monster", "--primary_key_type=uuid"] - if Devise::Test.rails5_and_up? - assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/ - else - assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters do/ - end + assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/ end end diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index c9430f570b..1fc4e4d584 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -12,13 +12,7 @@ def create_user_and_remember(add_to_token = '') end def generate_signed_cookie(raw_cookie) - request = if Devise::Test.rails51? || Devise::Test.rails52_and_up? - ActionController::TestRequest.create(Class.new) # needs a "controller class" - elsif Devise::Test.rails5? - ActionController::TestRequest.create - else - ActionController::TestRequest.new - end + request = ActionController::TestRequest.create(Class.new) # needs a "controller class" request.cookie_jar.signed['raw_cookie'] = raw_cookie request.cookie_jar['raw_cookie'] end diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index 97bf37c51f..e9b7ea5219 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -7,22 +7,11 @@ migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) if Devise::Test.rails71_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate -elsif Devise::Test.rails6_and_up? - ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate -elsif Devise::Test.rails52_and_up? - ActiveRecord::MigrationContext.new(migrate_path).migrate else - ActiveRecord::Migrator.migrate(migrate_path) + ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate end class ActiveSupport::TestCase - if Devise::Test.rails5_and_up? - self.use_transactional_tests = true - else - # Let `after_commit` work with transactional fixtures, however this is not needed for Rails 5. - require 'test_after_commit' - self.use_transactional_fixtures = true - end - + self.use_transactional_tests = true self.use_instantiated_fixtures = false end diff --git a/test/rails_app/app/controllers/home_controller.rb b/test/rails_app/app/controllers/home_controller.rb index 9eff82d53b..b8f3327ada 100644 --- a/test/rails_app/app/controllers/home_controller.rb +++ b/test/rails_app/app/controllers/home_controller.rb @@ -22,10 +22,6 @@ def set end def unauthenticated - if Devise::Test.rails5_and_up? - render body: "unauthenticated", status: :unauthorized - else - render text: "unauthenticated", status: :unauthorized - end + render body: "unauthenticated", status: :unauthorized end end diff --git a/test/rails_app/app/controllers/streaming_controller.rb b/test/rails_app/app/controllers/streaming_controller.rb index 6d3f02483d..5fd711c2e1 100644 --- a/test/rails_app/app/controllers/streaming_controller.rb +++ b/test/rails_app/app/controllers/streaming_controller.rb @@ -6,7 +6,7 @@ class StreamingController < ApplicationController before_action :authenticate_user! def index - render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index' + render body: 'Index' end # Work around https://github.com/heartcombo/devise/issues/2332, which affects diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index 5da3b94f97..f5327fbd7b 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -11,6 +11,6 @@ def sign_in_facebook user = User.to_adapter.find_first(email: 'user@test.com') user.remember_me = true sign_in user - render (Devise::Test.rails5_and_up? ? :body : :text) => "" + render body: "" end end diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index 1bc2765656..b3b49ee2a2 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -16,7 +16,7 @@ def edit_form end def update_form - render (Devise::Test.rails5_and_up? ? :body : :text) => 'Update' + render body: 'Update' end def accept @@ -24,11 +24,11 @@ def accept end def exhibit - render (Devise::Test.rails5_and_up? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated" + render body: current_user ? "User is authenticated" : "User is not authenticated" end def expire user_session['last_request_at'] = 31.minutes.ago.utc - render (Devise::Test.rails5_and_up? ? :body : :text) => 'User will be expired on next request' + render body: 'User will be expired on next request' end end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index f23b897ac9..cb333819c4 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -33,23 +33,12 @@ class Application < Rails::Application # config.assets.enabled = false config.action_mailer.default_url_options = { host: "localhost", port: 3000 } - rails_version = Gem::Version.new(Rails.version) - if DEVISE_ORM == :active_record && - rails_version >= Gem::Version.new('4.2.0') && - rails_version < Gem::Version.new('5.1.0') - config.active_record.raise_in_transactional_callbacks = true - end # This was used to break devise in some situations config.to_prepare do Devise::SessionsController.layout "application" end - # Remove the first check once Rails 5.0 support is removed. - if Devise::Test.rails52_and_up? && !Devise::Test.rails6_and_up? - Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true - end - if Devise::Test.rails70? config.active_record.legacy_connection_handling = false end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 80ebc818b6..e328fce492 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -19,30 +19,6 @@ def self.rails70_and_up? def self.rails70? Rails.version.start_with? '7.0' end - - def self.rails6_and_up? - Rails::VERSION::MAJOR >= 6 - end - - def self.rails52_and_up? - Rails::VERSION::MAJOR > 5 || rails52? - end - - def self.rails52? - Rails.version.start_with? '5.2' - end - - def self.rails51? - Rails.version.start_with? '5.1' - end - - def self.rails5_and_up? - Rails::VERSION::MAJOR >= 5 - end - - def self.rails5? - Rails.version.start_with? '5' - end end end diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index 3a3be4784e..17c5b266f5 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -22,13 +22,7 @@ # config.action_dispatch.rack_cache = true # Disable Rails's static asset server (Apache or nginx will already do this). - if Devise::Test.rails5_and_up? - config.public_file_server.enabled = false - elsif Rails.version >= "4.2.0" - config.serve_static_files = false - else - config.serve_static_assets = false - end + config.public_file_server.enabled = false # Compress JavaScripts and CSS. config.assets.js_compressor = :uglifier diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index 9153790ad2..acc06f31f4 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -16,16 +16,8 @@ # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - if Devise::Test.rails5_and_up? - config.public_file_server.enabled = true - config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'} - elsif Rails.version >= "4.2.0" - config.serve_static_files = true - config.static_cache_control = "public, max-age=3600" - else - config.serve_static_assets = true - config.static_cache_control = "public, max-age=3600" - end + config.public_file_server.enabled = true + config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'} # Show full error reports and disable caching. config.consider_all_requests_local = true diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb index 43c6d867b3..8d46b3e5c4 100644 --- a/test/rails_app/db/migrate/20100401102949_create_tables.rb +++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb @@ -1,10 +1,6 @@ # frozen_string_literal: true -superclass = ActiveRecord::Migration -# TODO: Inherit from the 5.0 Migration class directly when we drop support for Rails 4. -superclass = ActiveRecord::Migration[5.0] if superclass.respond_to?(:[]) - -class CreateTables < superclass +class CreateTables < ActiveRecord::Migration[5.0] def self.up create_table :users do |t| t.string :username diff --git a/test/routes_test.rb b/test/routes_test.rb index 0cfd6fc0c1..f18fb342c7 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -205,7 +205,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for sessions' do expected_params = {controller: 'devise/sessions', action: 'new'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do @@ -215,7 +215,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for passwords' do expected_params = {controller: 'devise/passwords', action: 'create'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post}) assert_raise ExpectedRoutingError do @@ -225,7 +225,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for registrations' do expected_params = {controller: 'devise/registrations', action: 'new'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get}) assert_raise ExpectedRoutingError do @@ -235,7 +235,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for confirmations' do expected_params = {controller: 'devise/confirmations', action: 'show'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get}) assert_raise ExpectedRoutingError do @@ -245,7 +245,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for unlocks' do expected_params = {controller: 'devise/unlocks', action: 'show'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get}) assert_raise ExpectedRoutingError do diff --git a/test/support/http_method_compatibility.rb b/test/support/http_method_compatibility.rb index f901ad858d..44d80dffd1 100644 --- a/test/support/http_method_compatibility.rb +++ b/test/support/http_method_compatibility.rb @@ -2,36 +2,8 @@ module Devise class IntegrationTest < ActionDispatch::IntegrationTest - # %w( get post patch put head delete xml_http_request - # xhr get_via_redirect post_via_redirect - # ).each do |method| - unless Devise::Test.rails5_and_up? - %w( get post put ).each do |method| - define_method(method) do |url, options = {}| - if options[:xhr] == true - xml_http_request __method__, url, options[:params] || {}, options[:headers] - else - super url, options[:params] || {}, options[:headers] - end - end - end - end end class ControllerTestCase < ActionController::TestCase - # %w( get post patch put head delete xml_http_request - # xhr get_via_redirect post_via_redirect - # ).each do |method| - unless Devise::Test.rails5_and_up? - %w( get post put ).each do |method| - define_method(method) do |action, options = {}| - if options[:xhr] == true - xml_http_request __method__, action, options[:params] || {}, options[:headers] - else - super action, options[:params] || {}, options[:headers] - end - end - end - end end end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index d415a176cb..7ba9f3c678 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -108,11 +108,7 @@ def respond test "returns the content type of a failure app" do get :index, params: { format: :json } - if Devise::Test.rails6_and_up? - assert_includes response.media_type, 'application/json' - else - assert_includes response.content_type, 'application/json' - end + assert_includes response.media_type, 'application/json' end test "defined Warden after_authentication callback should not be called when sign_in is called" do @@ -181,13 +177,7 @@ def respond test "creates a new warden proxy if the request object has changed" do old_warden_proxy = warden - @request = if Devise::Test.rails51? || Devise::Test.rails52_and_up? - ActionController::TestRequest.create(Class.new) # needs a "controller class" - elsif Devise::Test.rails5? - ActionController::TestRequest.create - else - ActionController::TestRequest.new - end + @request = ActionController::TestRequest.create(Class.new) # needs a "controller class" new_warden_proxy = warden From 23633b70f01067c25fea7bd0c00b5fc5348e452b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 12 Oct 2023 16:53:36 -0300 Subject: [PATCH 1415/1473] Bring back Ruby 2.7 support It's EOL but the current versions of Rails are still supporting it, so it makes sense for us to keep supporting it as well. And it doesn't give us any extra maintenance burden as older versions have been doing. --- .github/workflows/test.yml | 1 + CHANGELOG.md | 2 +- devise.gemspec | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9b89980817..3b40b29c83 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,6 +15,7 @@ jobs: - '3.2' - '3.1' - '3.0' + - '2.7' env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid diff --git a/CHANGELOG.md b/CHANGELOG.md index 66c3810a00..ba6ecaaf74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ ### Unreleased -* Drop support to Ruby < 3.0 +* Drop support to Ruby < 2.7 * Drop support to Rails < 6.0 * enhancements diff --git a/devise.gemspec b/devise.gemspec index b46dfcaea4..d53c959a70 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -25,7 +25,7 @@ Gem::Specification.new do |s| s.files = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"] s.require_paths = ["lib"] - s.required_ruby_version = '>= 3.0.0' + s.required_ruby_version = '>= 2.7.0' s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") From 72b421e571ac7e3316f51917b363f5525fea8fd7 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 12 Oct 2023 16:56:53 -0300 Subject: [PATCH 1416/1473] Update gemfile readme references --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2dbe0230bc..caecead2ff 100644 --- a/README.md +++ b/README.md @@ -132,14 +132,14 @@ Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) d For example, if the tests broke using Ruby 3.0.0 and Rails 6.0, you can do the following: ```bash rbenv shell 3.0.0 # or rvm use 3.0.0 -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bin/test ``` You can also combine both of them if the tests broke for Mongoid: ```bash -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable DEVISE_ORM=mongoid bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 DEVISE_ORM=mongoid bin/test ``` ### Running tests From 49e4a991cf34987c2abd378fe4ba2767ec5cb417 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Oct 2023 10:50:18 -0300 Subject: [PATCH 1417/1473] Remove some more code added to support older versions Also change back to run CI on ubuntu-latest which should work with all Ruby versions supported now. --- .github/workflows/test.yml | 6 +----- README.md | 2 +- bin/test | 19 +++++++------------ .../app/controllers/streaming_controller.rb | 12 ------------ test/test_helper.rb | 16 ---------------- 5 files changed, 9 insertions(+), 46 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3b40b29c83..f0e8468146 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,9 +34,7 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-6-0 env: DEVISE_ORM=mongoid - # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support. - # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740 - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: @@ -45,8 +43,6 @@ jobs: with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - bundler: ${{ env.BUNDLER_VERSION || 'default' }} - rubygems: ${{ env.RUBYGEMS_VERSION || 'latest' }} - uses: supercharge/mongodb-github-action@1.9.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake diff --git a/README.md b/README.md index caecead2ff..e76d8b3fcd 100644 --- a/README.md +++ b/README.md @@ -644,7 +644,7 @@ Unlike controller tests, integration tests do not need to supply the `devise.mapping` `env` value, as the mapping can be inferred by the routes that are executed in your tests. -You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki: +You can read more about testing your Rails controllers with RSpec in the wiki: * https://github.com/heartcombo/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec) diff --git a/bin/test b/bin/test index 3670b19da8..28141f2c77 100755 --- a/bin/test +++ b/bin/test @@ -1,17 +1,12 @@ #!/usr/bin/env ruby $: << File.expand_path(File.expand_path('../../test', __FILE__)) -# Remove this begin/rescue once Rails 4 support is removed. -begin - require 'bundler/setup' - require 'rails/test_unit/runner' - require 'rails/test_unit/reporter' - require 'rails/test_unit/line_filtering' +require 'bundler/setup' +require 'rails/test_unit/runner' +require 'rails/test_unit/reporter' +require 'rails/test_unit/line_filtering' - Rails::TestUnitReporter.executable = 'bin/test' +Rails::TestUnitReporter.executable = 'bin/test' - Rails::TestUnit::Runner.parse_options(ARGV) - Rails::TestUnit::Runner.run(ARGV) -rescue LoadError - exec 'rake' -end +Rails::TestUnit::Runner.parse_options(ARGV) +Rails::TestUnit::Runner.run(ARGV) diff --git a/test/rails_app/app/controllers/streaming_controller.rb b/test/rails_app/app/controllers/streaming_controller.rb index 5fd711c2e1..1045fea185 100644 --- a/test/rails_app/app/controllers/streaming_controller.rb +++ b/test/rails_app/app/controllers/streaming_controller.rb @@ -8,16 +8,4 @@ class StreamingController < ApplicationController def index render body: 'Index' end - - # Work around https://github.com/heartcombo/devise/issues/2332, which affects - # tests in Rails 4.x (and affects production in Rails >= 5) - def process(name) - super(name) - rescue ArgumentError => e - if e.message == 'uncaught throw :warden' - throw :warden - else - raise e - end - end end diff --git a/test/test_helper.rb b/test/test_helper.rb index c0bb43f779..ad5a6db665 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,22 +23,6 @@ if ActiveSupport.respond_to?(:test_order) ActiveSupport.test_order = :random end -class ActiveSupport::TestCase - if ActiveSupport.version < Gem::Version.new("5.0") - def assert_deprecated(match, deprecator) - super(match) do - # TODO: remove extra begin..end when dropping support for Ruby <= 2.4 - begin - behavior = deprecator.behavior - deprecator.behavior = ActiveSupport::Deprecation.behavior - yield - ensure - deprecator.behavior = behavior - end - end - end - end -end OmniAuth.config.logger = Logger.new('/dev/null') From 63939c121e656075296808fd2627cab5a0352ba3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Oct 2023 10:59:13 -0300 Subject: [PATCH 1418/1473] Remove deprecated options argument from update methods They were added to support an old/deprecated feature of Rails, as the message was saying, we can now remove them from the code as well. --- lib/devise/models/database_authenticatable.rb | 30 ++++--------------- 1 file changed, 6 insertions(+), 24 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 8903e6d06f..e16b7d8453 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -84,16 +84,7 @@ def clean_up_passwords # users to change relevant information like the e-mail without changing # their password). In case the password field is rejected, the confirmation # is also rejected as long as it is also blank. - def update_with_password(params, *options) - if options.present? - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] The second argument of `DatabaseAuthenticatable#update_with_password` - (`options`) is deprecated and it will be removed in the next major version. - It was added to support a feature deprecated in Rails 4, so you can safely remove it - from your code. - DEPRECATION - end - + def update_with_password(params) current_password = params.delete(:current_password) if params[:password].blank? @@ -102,9 +93,9 @@ def update_with_password(params, *options) end result = if valid_password?(current_password) - update(params, *options) + update(params) else - assign_attributes(params, *options) + assign_attributes(params) valid? errors.add(:current_password, current_password.blank? ? :blank : :invalid) false @@ -121,25 +112,16 @@ def update_with_password(params, *options) # # Example: # - # def update_without_password(params, *options) + # def update_without_password(params) # params.delete(:email) # super(params) # end # - def update_without_password(params, *options) - if options.present? - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] The second argument of `DatabaseAuthenticatable#update_without_password` - (`options`) is deprecated and it will be removed in the next major version. - It was added to support a feature deprecated in Rails 4, so you can safely remove it - from your code. - DEPRECATION - end - + def update_without_password(params) params.delete(:password) params.delete(:password_confirmation) - result = update(params, *options) + result = update(params) clean_up_passwords result end From 4d18d8131109c5fd9099e7f2168b2bf6f7f68b7d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Oct 2023 11:19:45 -0300 Subject: [PATCH 1419/1473] Respect locale set by controller in the failure app (#5567) A common usage of I18n with different locales is to create some around callback in the application controller that sets the locale for the entire action, via params/url/user/etc., which ensure the locale is respected for the duration of that action, and resets at the end. Devise was not respecting the locale when the authenticate failed and triggered the failure app, because that happens in a warden middleware right up in the change, by that time the controller around callback had already reset the locale back to its default, and the failure app would just translate flash messages using the default locale. Now we are passing the current locale down to the failure app via warden options, and wrapping it with an around callback, which makes the failure app respect the set I18n locale by the controller at the time the authentication failure is triggered, working as expected. (much more like a normal controller would.) I chose to introduce a callback in the failure app so we could wrap the whole `respond` action processing rather than adding individual `locale` options to the `I18n.t` calls, because that should ensure other possible `I18n.t` calls from overridden failure apps would respect the set locale as well, and makes it more like one would implement in a controller. I don't recommend people using callbacks in their own failure apps though, as this is not going to be documented as a "feature" of failures apps, it's considered "internal" and could be refactored at any point. It is possible to override the locale with the new `i18n_locale` method, which simply defaults to the passed locale from the controller. Closes #5247 Closes #5246 Related to: #3052, #4823, and possible others already closed. Related to warden: (may be closed there afterwards) https://github.com/wardencommunity/warden/issues/180 https://github.com/wardencommunity/warden/issues/170 --- CHANGELOG.md | 3 +++ app/controllers/devise/sessions_controller.rb | 2 +- lib/devise/controllers/helpers.rb | 2 ++ lib/devise/failure_app.rb | 11 +++++++- test/controllers/helpers_test.rb | 10 +++---- test/failure_app_test.rb | 26 +++++++++++++++++++ test/integration/authenticatable_test.rb | 9 +++++++ .../app/controllers/admins_controller.rb | 7 +++++ test/support/locale/pt-BR.yml | 5 ++++ test/test_helper.rb | 2 +- 10 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 test/support/locale/pt-BR.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f196a1e06..f374a7401a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) +* bug fixes + * Respect locale set by controller in failure app. Devise will carry over the current I18n.locale option when triggering authentication, and will wrap the failure app call with it. [#5567](https://github.com/heartcombo/devise/pull/5567) + ### 4.9.3 - 2023-10-11 * enhancements diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 7c4ee7d4eb..76b780209e 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -45,7 +45,7 @@ def serialize_options(resource) end def auth_options - { scope: resource_name, recall: "#{controller_path}#new" } + { scope: resource_name, recall: "#{controller_path}#new", locale: I18n.locale } end def translation_scope diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index bc6e9fd865..68e8e8d1d6 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -46,6 +46,7 @@ def authenticate_#{group_name}!(favorite = nil, opts = {}) mappings.unshift mappings.delete(favorite.to_sym) if favorite mappings.each do |mapping| opts[:scope] = mapping + opts[:locale] = I18n.locale warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end end @@ -115,6 +116,7 @@ def self.define_helpers(mapping) #:nodoc: class_eval <<-METHODS, __FILE__, __LINE__ + 1 def authenticate_#{mapping}!(opts = {}) opts[:scope] = :#{mapping} + opts[:locale] = I18n.locale warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 8458aef327..ff3363fbc0 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -18,6 +18,11 @@ class FailureApp < ActionController::Metal delegate :flash, to: :request + include AbstractController::Callbacks + around_action do |failure_app, action| + I18n.with_locale(failure_app.i18n_locale, &action) + end + def self.call(env) @respond ||= action(:respond) @respond.call(env) @@ -107,7 +112,7 @@ def i18n_message(default = nil) options[:default] = [message] auth_keys = scope_class.authentication_keys keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) } - options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector")) + options[:authentication_keys] = keys.join(I18n.t(:"support.array.words_connector")) options = i18n_options(options) I18n.t(:"#{scope}.#{message}", **options) @@ -116,6 +121,10 @@ def i18n_message(default = nil) end end + def i18n_locale + warden_options[:locale] + end + def redirect_url if warden_message == :timeout flash[:timedout] = true if is_flashing_format? diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 655a1fb661..57acdba9c3 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -64,30 +64,30 @@ def setup end test 'proxy authenticate_user! to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with({ scope: :user }) + @mock_warden.expects(:authenticate!).with({ scope: :user, locale: :en }) @controller.authenticate_user! end test 'proxy authenticate_user! options to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with({ scope: :user, recall: "foo" }) + @mock_warden.expects(:authenticate!).with({ scope: :user, recall: "foo", locale: :en }) @controller.authenticate_user!(recall: "foo") end test 'proxy authenticate_admin! to authenticate with admin scope' do - @mock_warden.expects(:authenticate!).with({ scope: :admin }) + @mock_warden.expects(:authenticate!).with({ scope: :admin, locale: :en }) @controller.authenticate_admin! end test 'proxy authenticate_[group]! to authenticate!? with each scope' do [:user, :admin].each do |scope| - @mock_warden.expects(:authenticate!).with({ scope: scope }) + @mock_warden.expects(:authenticate!).with({ scope: scope, locale: :en }) @mock_warden.expects(:authenticate?).with(scope: scope).returns(false) end @controller.authenticate_commenter! end test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do - @mock_warden.expects(:authenticate!).with({ scope: :publisher_account }) + @mock_warden.expects(:authenticate!).with({ scope: :publisher_account, locale: :en }) @controller.authenticate_publisher_account! end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 59f291e204..e8f316f0db 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -200,6 +200,13 @@ def call_failure(env_params = {}) assert_equal 'User Steve does not exist', @request.flash[:alert] end + test 'respects the i18n locale passed via warden options when redirecting' do + call_failure('warden' => OpenStruct.new(message: :invalid), 'warden.options' => { locale: :"pt-BR" }) + + assert_equal 'Email ou senha inválidos.', @request.flash[:alert] + assert_equal 'http://test.host/users/sign_in', @response.second["Location"] + end + test 'uses the proxy failure message as string' do call_failure('warden' => OpenStruct.new(message: 'Hello world')) assert_equal 'Hello world', @request.flash[:alert] @@ -284,6 +291,12 @@ def call_failure(env_params = {}) assert_match 'Invalid Email or password.', @response.third.body end + test 'respects the i18n locale passed via warden options when responding to HTTP request' do + call_failure('formats' => Mime[:json], 'warden' => OpenStruct.new(message: :invalid), 'warden.options' => { locale: :"pt-BR" }) + + assert_equal %({"error":"Email ou senha inválidos."}), @response.third.body + end + context 'on ajax call' do context 'when http_authenticatable_on_xhr is false' do test 'dont return 401 with navigational formats' do @@ -372,6 +385,18 @@ def call_failure(env_params = {}) end end + test 'respects the i18n locale passed via warden options when recalling original controller' do + env = { + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", locale: :"pt-BR" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'Email ou senha inválidos.' + end + # TODO: remove conditional/else when supporting only responders 3.1+ if ActionController::Responder.respond_to?(:error_status=) test 'respects the configured responder `error_status` for the status code' do @@ -431,6 +456,7 @@ def call_failure(env_params = {}) assert_equal "yes it does", Devise::FailureApp.new.lazy_loading_works? end end + context "Without Flash Support" do test "returns to the default redirect location without a flash message" do call_failure request_klass: RequestWithoutFlashSupport diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 5c56ca589f..ea338f6fc1 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -273,6 +273,15 @@ class AuthenticationRedirectTest < Devise::IntegrationTest assert_contain 'You need to sign in or sign up before continuing.' end + test 'redirect from warden respects i18n locale set at the controller' do + get admins_path(locale: "pt-BR") + + assert_redirected_to new_admin_session_path + follow_redirect! + + assert_contain 'Para continuar, faça login ou registre-se.' + end + test 'redirect to default url if no other was configured' do sign_in_as_user assert_template 'home/index' diff --git a/test/rails_app/app/controllers/admins_controller.rb b/test/rails_app/app/controllers/admins_controller.rb index c732f58908..957aa6f0b2 100644 --- a/test/rails_app/app/controllers/admins_controller.rb +++ b/test/rails_app/app/controllers/admins_controller.rb @@ -1,8 +1,15 @@ # frozen_string_literal: true class AdminsController < ApplicationController + around_action :set_locale before_action :authenticate_admin! def index end + + private + + def set_locale + I18n.with_locale(params[:locale] || I18n.default_locale) { yield } + end end diff --git a/test/support/locale/pt-BR.yml b/test/support/locale/pt-BR.yml new file mode 100644 index 0000000000..5c57e19096 --- /dev/null +++ b/test/support/locale/pt-BR.yml @@ -0,0 +1,5 @@ +pt-BR: + devise: + failure: + invalid: "%{authentication_keys} ou senha inválidos." + unauthenticated: "Para continuar, faça login ou registre-se." diff --git a/test/test_helper.rb b/test/test_helper.rb index c0bb43f779..199dad4043 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -10,7 +10,7 @@ require "rails/test_help" require "orm/#{DEVISE_ORM}" -I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) +I18n.load_path.concat Dir["#{File.dirname(__FILE__)}/support/locale/*.yml"] require 'mocha/minitest' require 'timecop' From c4578d3240a57c01f2dbdd0659c67e704bea623e Mon Sep 17 00:00:00 2001 From: Henry Stanley Date: Fri, 13 Oct 2023 15:54:36 +0100 Subject: [PATCH 1420/1473] Fix README anchor link Fixes link to Active Job Integration in README. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e76d8b3fcd..6f7025eee4 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ It's composed of 10 modules: - [Integration tests](#integration-tests) - [OmniAuth](#omniauth) - [Configuring multiple models](#configuring-multiple-models) - - [ActiveJob Integration](#activejob-integration) + - [Active Job Integration](#active-job-integration) - [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs) - [Other ORMs](#other-orms) - [Rails API mode](#rails-api-mode) From b6d64ba5252216d367d8c89f50492885d364f76c Mon Sep 17 00:00:00 2001 From: Stanislaw Klajn Date: Fri, 20 Oct 2023 11:05:16 +0100 Subject: [PATCH 1421/1473] Removed now obsolete SecretKeyFinder --- lib/devise.rb | 1 - lib/devise/rails.rb | 2 +- lib/devise/secret_key_finder.rb | 27 ------- test/secret_key_finder_test.rb | 121 -------------------------------- 4 files changed, 1 insertion(+), 150 deletions(-) delete mode 100644 lib/devise/secret_key_finder.rb delete mode 100644 test/secret_key_finder_test.rb diff --git a/lib/devise.rb b/lib/devise.rb index 3847e190c6..2b8ac66ef3 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -19,7 +19,6 @@ module Devise autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' autoload :TokenGenerator, 'devise/token_generator' - autoload :SecretKeyFinder, 'devise/secret_key_finder' module Controllers autoload :Helpers, 'devise/controllers/helpers' diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index ab308e979d..dad9e86dc9 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -38,7 +38,7 @@ class Engine < ::Rails::Engine end initializer "devise.secret_key" do |app| - Devise.secret_key ||= Devise::SecretKeyFinder.new(app).find + Devise.secret_key ||= app.secret_key_base Devise.token_generator ||= if secret_key = Devise.secret_key diff --git a/lib/devise/secret_key_finder.rb b/lib/devise/secret_key_finder.rb deleted file mode 100644 index d07106c44b..0000000000 --- a/lib/devise/secret_key_finder.rb +++ /dev/null @@ -1,27 +0,0 @@ -# frozen_string_literal: true - -module Devise - class SecretKeyFinder - def initialize(application) - @application = application - end - - def find - if @application.respond_to?(:credentials) && key_exists?(@application.credentials) - @application.credentials.secret_key_base - elsif @application.respond_to?(:secrets) && key_exists?(@application.secrets) - @application.secrets.secret_key_base - elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config) - @application.config.secret_key_base - elsif @application.respond_to?(:secret_key_base) && key_exists?(@application) - @application.secret_key_base - end - end - - private - - def key_exists?(object) - object.secret_key_base.present? - end - end -end diff --git a/test/secret_key_finder_test.rb b/test/secret_key_finder_test.rb deleted file mode 100644 index 434dbc8d12..0000000000 --- a/test/secret_key_finder_test.rb +++ /dev/null @@ -1,121 +0,0 @@ -# frozen_string_literal: true - -require 'test_helper' - -class Rails52Credentials - def credentials - OpenStruct.new(secret_key_base: 'credentials') - end -end - -class Rails52Secrets - def credentials - OpenStruct.new(secret_key_base: nil) - end - - def secrets - OpenStruct.new(secret_key_base: 'secrets') - end -end - -class Rails52Config - def credentials - OpenStruct.new(secret_key_base: nil) - end - - def secrets - OpenStruct.new(secret_key_base: nil) - end - - def config - OpenStruct.new(secret_key_base: 'config') - end -end - -class Rails52SecretKeyBase - def credentials - OpenStruct.new(secret_key_base: nil) - end - - def secrets - OpenStruct.new(secret_key_base: nil) - end - - def config - OpenStruct.new(secret_key_base: nil) - end - - def secret_key_base - 'secret_key_base' - end -end - -class Rails41Secrets - def secrets - OpenStruct.new(secret_key_base: 'secrets') - end - - def config - OpenStruct.new(secret_key_base: nil) - end -end - -class Rails41Config - def secrets - OpenStruct.new(secret_key_base: nil) - end - - def config - OpenStruct.new(secret_key_base: 'config') - end -end - -class Rails40Config - def config - OpenStruct.new(secret_key_base: 'config') - end -end - -class SecretKeyFinderTest < ActiveSupport::TestCase - test "rails 5.2 uses credentials when they're available" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails52Credentials.new) - - assert_equal 'credentials', secret_key_finder.find - end - - test "rails 5.2 uses secrets when credentials are empty" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails52Secrets.new) - - assert_equal 'secrets', secret_key_finder.find - end - - test "rails 5.2 uses config when secrets are empty" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails52Config.new) - - assert_equal 'config', secret_key_finder.find - end - - test "rails 5.2 uses secret_key_base when config is empty" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails52SecretKeyBase.new) - - assert_equal 'secret_key_base', secret_key_finder.find - end - - test "rails 4.1 uses secrets" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails41Secrets.new) - - assert_equal 'secrets', secret_key_finder.find - end - - test "rails 4.1 uses config when secrets are empty" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails41Config.new) - - assert_equal 'config', secret_key_finder.find - end - - test "rails 4.0 uses config" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails40Config.new) - - assert_equal 'config', secret_key_finder.find - end -end From bb18f4d3805be0bf5f45e21be39625c7cfd9c1d6 Mon Sep 17 00:00:00 2001 From: Artin Boghosian Date: Tue, 13 Feb 2024 04:22:46 -0800 Subject: [PATCH 1422/1473] Update mapping.rb (#5673) Fix grammar on comment for .find_scope! [ci skip] --- lib/devise/mapping.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 7c7ea0085b..8b1f94ced2 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -30,7 +30,7 @@ class Mapping #:nodoc: alias :name :singular - # Receives an object and find a scope for it. If a scope cannot be found, + # Receives an object and finds a scope for it. If a scope cannot be found, # raises an error. If a symbol is given, it's considered to be the scope. def self.find_scope!(obj) obj = obj.devise_scope if obj.respond_to?(:devise_scope) From c80026d95583401a78c07428e58e50b0cf0d933b Mon Sep 17 00:00:00 2001 From: Antonis Berkakis Date: Tue, 2 Jan 2024 12:19:00 +0000 Subject: [PATCH 1423/1473] Update CI to run to include Ruby 3.3 - Exclude Rubies >=3.1 from latest main Gemfile as it runs on 7.2 --- .github/workflows/test.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f0e8468146..1092fc61b3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,6 +12,7 @@ jobs: - gemfiles/Gemfile-rails-6-1 - gemfiles/Gemfile-rails-6-0 ruby: + - '3.3' - '3.2' - '3.1' - '3.0' @@ -20,6 +21,10 @@ jobs: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.7' # Rails > 7.1 supports Ruby >= 3.1 + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.0' # Rails > 7.1 supports Ruby >= 3.1 - gemfile: Gemfile env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main From 21deb5c14514e095cb0c496cd48f03888c51b880 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 9 Apr 2024 16:58:24 -0300 Subject: [PATCH 1424/1473] Bump year [ci skip] --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 248265870d..2cbc2b23cc 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. +Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. Permission is hereby granted, free of charge, to any person obtaining diff --git a/README.md b/README.md index 6f7025eee4..7a6a165b34 100644 --- a/README.md +++ b/README.md @@ -765,6 +765,6 @@ https://github.com/heartcombo/devise/graphs/contributors ## License -MIT License. Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. +MIT License. Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From 9a7176f727131423f95726ebcda64d498cddc3fc Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Apr 2024 09:43:27 -0300 Subject: [PATCH 1425/1473] Cleanup changelog, point to 4-stable branch for previous changes main is targetting a v5 with some possible breaking changes, for main it's mainly dropping support for older Ruby/Rails versions, but more might come. [ci skip] --- CHANGELOG.md | 410 +-------------------------------------------------- 1 file changed, 4 insertions(+), 406 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aeca4d4b61..b2c9b55e3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,413 +1,11 @@ ### Unreleased -* Drop support to Ruby < 2.7 -* Drop support to Rails < 6.0 +* breaking changes + * Drop support to Ruby < 2.7 + * Drop support to Rails < 6.0 * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) -* bug fixes - * Respect locale set by controller in failure app. Devise will carry over the current I18n.locale option when triggering authentication, and will wrap the failure app call with it. [#5567](https://github.com/heartcombo/devise/pull/5567) - -### 4.9.3 - 2023-10-11 - -* enhancements - * Add support for Rails 7.1. - * Add `Devise.deprecator` to integrate with new application deprecators in Rails 7.1. (@soartec-lab, @etiennebarrie) - -### 4.9.2 - 2023-04-03 - -* deprecations - * Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it. - -### 4.9.1 - 2023-03-31 - -* enhancements - * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) - * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575) - * Improve support for Devise in apps with Active Record and Mongoid ORMs loaded, so it does not incorrectly uses new Active Record dirty tracking APIs with a Mongoid Devise model. [#5576](https://github.com/heartcombo/devise/pull/5576) - -* bug fixes - * Failure app will respond with configured `redirect_status` instead of `error_status` if the recall app returns a redirect status (300..399) [#5573](https://github.com/heartcombo/devise/pull/5573) - * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) - -### 4.9.0 - 2023-02-17 - -* enhancements - * Add support for Ruby 3.1/3.2. - * Add support for Hotwire + Turbo, default in Rails 7+. - * Devise uses the latest `responders` version (v3.1.0 or higher), which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` respectively, to match the behavior expected by Hotwire/Turbo: - - ```ruby - # config/initializers/devise.rb - Devise.setup do |config| - # ... - config.responder.error_status = :unprocessable_entity - config.responder.redirect_status = :see_other - # ... - end - ``` - - These configs are already generated by default with new apps, and existing apps may opt-in as described above. Trying to set these with an older version of `responders` will issue a warning and have no effect, so please upgrade the `responders` version if you're upgrading Devise for this integration. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. - * If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with `config.responder = MyApplicationResponder`, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the `responders` readme for more info on that. - * If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary. - * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. - * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails-ujs to work. Since rails-ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails-ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. - * The "Cancel my account" button was changed to include the `data-turbo-confirm` option, so that it works with both rails-ujs and Turbo by default. - * Devise does not provide "sign out" links/buttons in its shared views, but if you're using `sign_out_via` with `:delete` (the default), and are using links with `method: :delete`, those need to be updated with `data: { turbo_method: :delete }` instead for Turbo. - * Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more detailed information. - -### 4.8.1 - 2021-12-16 - -* enhancements - * Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet. - -### 4.8.0 - 2021-04-29 - -* enhancements - * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) - - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. - * Introduce `Lockable#reset_failed_attempts!` model method to reset failed attempts counter to 0 after the user signs in. - - This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with `Trackable#update_tracked_fields!`. - * Add support for Ruby 3. - * Add support for Rails 6.1. - * Move CI to GitHub Actions. - -* deprecations - * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) - -### 4.7.3 - 2020-09-20 - -* bug fixes - * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) - * Fix thor deprecation when running the devise generator. (by @deivid-rodriguez) - * Fix hanging tests for streaming controllers using Devise. (by @afn) - -### 4.7.2 - 2020-06-10 - -* enhancements - * Increase default stretches to 12 (by @sergey-alekseev) - * Ruby 2.7 support (kwarg warnings removed) - -* bug fixes - * Generate scoped views with proper scoped errors partial (by @shobhitic) - * Allow to set scoped `already_authenticated` error messages (by @gurgelrenan) - -### 4.7.1 - 2019-09-06 - -* bug fixes - * Fix an edge case where records with a blank `confirmation_token` could be confirmed (by @tegon) - * Fix typo inside `update_needs_confirmation` i18n key (by @lslm) - -### 4.7.0 - 2019-08-19 - -* enhancements - * Support Rails 6.0 - * Update CI to rails 6.0.0.beta3 (by @tunnes) - * refactor method name to be more consistent (by @saiqulhaq) - * Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed) - -* bug fixes - * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) - * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) - -### 4.6.2 - 2019-03-26 - -* bug fixes - * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/heartcombo/devise/issues/5033#issuecomment-476386275 (by @mracos) - -### 4.6.1 - 2019-02-11 - -* bug fixes - * Check if `root_path` is defined with `#respond_to?` instead of `#present` (by @tegon) - -### 4.6.0 - 2019-02-07 - -* enhancements - * Allow to skip email and password change notifications (by @iorme1) - * Include the use of `nil` for `allow_unconfirmed_access_for` in the docs (by @joaumg) - * Ignore useless files into the `.gem` file (by @huacnlee) - * Explain the code that prevents enumeration attacks inside `Devise::Strategies::DatabaseAuthenticatable` (by @tegon) - * Refactor the `devise_error_messages!` helper to render a partial (by @prograhamer) - * Add an option (`Devise.sign_in_after_change_password`) to not automatically sign in a user after changing a password (by @knjko) - -* bug fixes - * Fix missing comma in Simple Form generator (by @colinross) - * Fix error with migration generator in Rails 6 (by @oystersauce8) - * Set `encrypted_password` to `nil` when `password` is set to `nil` (by @sivagollapalli) - * Consider whether the request supports flash messages inside `Devise::Controllers::Helpers#is_flashing_format?` (by @colinross) - * Fix typo inside `Devise::Generators::ControllersGenerator` (by @kopylovvlad) - * Sanitize parameters inside `Devise::Models::Authenticatable#find_or_initialize_with_errors` (by @rlue) - * `#after_database_authentication` callback was not called after authentication on password reset (by @kanmaniselvan) - * Fix corner case when `#confirmation_period_valid?` was called at the same second as `confirmation_sent_at` was set. Mostly true for date types that only have second precisions. (by @stanhu) - * Fix unclosed `li` tag in `error_messages` partial (by @mracos) - * Fix Routes issue when devise engine is mounted in another engine on Rails versions lower than 5.1 (by @a-barbieri) - * Make `#increment_failed_attempts` concurrency safe (by @tegon) - * Apply Test Helper fix to Rails 6.0 as well as 5.x (by @matthewrudy) - - -* deprecations - * The second argument of `DatabaseAuthenticatable`'s `#update_with_password` and `#update_without_password` is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08) - * The `DeviseHelper.devise_error_messages!` is deprecated and will be removed in the next major version. Use the `devise/shared/error_messages` partial instead. (by @mracos) - -### 4.5.0 - 2018-08-15 - -* enhancements - * Use `before_action` instead of `before_filter` (by @edenthecat) - * Allow people to extend devise failure app, through invoking `ActiveSupport.run_load_hooks` once `Devise::FailureApp` is loaded (by @wnm) - * Use `update` instead of `update_attributes` (by @koic) - * Split IP resolution from `update_tracked_fields` (by @mckramer) - * upgrade dependencies for rails and responders (by @lancecarlson) - * Add `autocomplete="new-password"` to new password fields (by @gssbzn) - * Add `autocomplete="current-password"` to current password fields (by @gssbzn) - * Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia) - * Update `simple_form` templates with changes from https://github.com/heartcombo/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/heartcombo/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) - * Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine) - -* bug fixes - * Use same string on failed login regardless of whether account exists when in paranoid mode (by @TonyMK9068) - * Fix error when params is not a hash inside `Devise::ParameterSanitizer` (by @b0nn1e) - * Look for `secret_key_base` inside `Rails.application` (by @gencer) - * Ensure `Devise::ParameterFilter` does not add missing keys when called with a hash that has a `default` / `default_proc` -configured (by @joshpencheon) - * Adds `is_navigational_format?` check to `after_sign_up_path_for` to keep consistency (by @iorme1) - -### 4.4.3 - 2018-03-17 - -* bug fixes - * Fix undefined method `rails5?` for Devise::Test:Module (by @tegon) - * Fix: secret key was being required to be set inside credentials on Rails 5.2 (by @tegon) - -### 4.4.2 - 2018-03-15 - -* enhancements - * Support for :credentials on Rails v5.2.x. (by @gencer) - * Improve documentation about the test suite. (by @tegon) - * Test with Rails 5.2.rc1 on Travis. (by @jcoyne) - * Allow test with Rails 6. (by @Fudoshiki) - * Creating a new section for controller configuration on `devise.rb` template (by @Danilo-Araujo-Silva) - -* bug fixes - * Preserve content_type for unauthenticated tests (by @gmcnaughton) - * Check if the resource is persisted in `update_tracked_fields!` instead of performing validations (by @tegon) - * Revert "Replace log_process_action to append_info_to_payload" (by @tegon) - -### 4.4.1 - 2018-01-23 - -* bug fixes - * Ensure Gemspec is loaded as utf-8. (by @segiddins) - * Fix `ActiveRecord` check on `Confirmable`. (by @tegon) - * Fix `signed_in?` docs without running auth hooks. by (@machty) - -### 4.4.0 - 2017-12-29 - -* enhancements - * Add `frozen_string_literal` pragma comment to all Ruby files. (by @pat) - * Use `set_flash_method!` instead of `set_flash_method` in `Devise::OmniauthCallbacksController#failure`. (by @saichander17) - * Clarify how `store_location_for` modifies URIs. (by @olivierlacan) - * Move `failed_attempts` increment into its own function. by (@mobilutz) - * Add `autocomplete="email"` to email fields. by (@MikeRogers0) - * Add the ability to change the default migrations path introduced in Rails 5.0.3. (by @alexhifer) - * Delete unnecessary condition for helper method. (by @davydovanton) - * Support `id: :uuid` option for migrations. (by @filip373) - -* bug fixes - * Fix syntax for MRI 2.5.0. (by @pat) - * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) - * Do not modify options for `#serializable_hash`. (by @guigs) - * Email confirmations were being sent on sign in/sign out for application using `mongoid` and `mongoid-paperclip` gems. This is because previously we were checking if a model is from Active Record by checking if the method `after_commit` was defined - since `mongoid` doesn' have one - but `mongoid-paperclip` gem does define one, which cause this issue. (by @fjg) - -### 4.3.0 - 2017-05-14 - -* Enhancements - * Dependency support added for Rails 5.1.x. - -### 4.2.1 - 2017-03-15 - -* removals - * `Devise::Mailer#scope_name` and `Devise::Mailer#resource` are now protected - methods instead of public. -* bug fixes - * Attempt to reset password without the password field in the request now results in a `:blank` validation error. - Before this change, Devise would accept the reset password request and log the user in, without validating/changing - the password. (by @victor-am) - * Confirmation links now expire based on UTC time, working properly when using different timezones. (by @jjuliano) -* enhancements - * Notify the original email when it is changed with a new `Devise.send_email_changed_notification` setting. - When using `reconfirmable`, the notification will be sent right away instead of when the unconfirmed email is confirmed. - (original change by @ethirajsrinivasan) - -### 4.2.0 - 2016-07-01 - -* removals - * Remove the deprecated `Devise::ParameterSanitizer` API from Devise 3. - Please use the `#permit` and `#sanitize` methods over `#for`. - * Remove the deprecated OmniAuth URL helpers. Use the fully qualified helpers - (`user_facebook_omniauth_authorize_path`) over the scope based helpers - ( `user_omniauth_authorize_path(:facebook)`). - * Remove the `Devise.bcrypt` method, use `Devise::Encryptor.digest` instead. - * Remove the `Devise::Models::Confirmable#confirm!` method, use `confirm` instead. - * Remove the `Devise::Models::Recoverable#reset_password!` method, use `reset_password` instead. - * Remove the `Devise::Models::Recoverable#after_password_reset` method. -* bug fixes - * Fix an `ActionDispatch::IllegalStateError` when testing controllers with Rails 5 rc 2(by @hamadata). - * Use `ActiveSupport.on_load` hooks to include Devise on `ActiveRecord` and `Mongoid`, - avoiding autoloading these constants too soon (by @lucasmazza, @rafaelfranca). -* enhancements - * Display the minimum password length on `registrations/edit` view (by @Yanchek99). - * You can disable Devise's routes reloading on boot by through the `reload_routes = false` config. - This can reduce the time taken to boot the application but it might trigger - some errors if you application (mostly your controllers) requires that - Devise mappings be loaded during boot time (by @sidonath). - * Added `Devise::Test::IntegrationHelpers` to bypass the sign in process using - Warden test API (by @lucasmazza). - * Define `inspect` in `Devise::Models::Authenticatable` to help ensure password hashes - aren't included in exceptions or otherwise accidentally serialized (by @tkrajcar). - * Add missing support of `Rails.application.config.action_controller.relative_url_root` (by @kosdiamantis). -* deprecations - * `Devise::TestHelpers` is deprecated in favor of `Devise::Test::ControllerHelpers` - (by @lucasmazza). - * The `sign_in` test helper has changed to use keyword arguments when passing - a scope. `sign_in :admin, users(:alice)` should be rewritten as - `sign_in users(:alice), scope: :admin` (by @lucasmazza). - * The option `bypass` of `Devise::Controllers::SignInOut#sign_in` method is - deprecated in favor of `Devise::Controllers::SignInOut#bypass_sign_in` - method (by @ulissesalmeida). - -### 4.1.1 - 2016-05-15 - -* bug fixes - * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev). - -### 4.1.0 - -* bug fixes - * Fix race condition of sending the confirmation instructions e-mail using background jobs. - Using the previous `after_create` callback, the e-mail can be sent before - the record be committed on database, generating a `ActiveRecord::NotFound` error. - Now the confirmation e-mail will be only sent after the database commit, - using the `after_commit` callback. - It may break your test suite on Rails 4 if you are testing the sent e-mails - or enqueued jobs using transactional fixtures enabled or `DatabaseCleaner` with `transaction` strategy. - You can easily fix your test suite using the gem - [test_after_commit](https://github.com/grosser/test_after_commit). For example, put in your Gemfile: - - ```ruby - gem 'test_after_commit', :group => :test - ``` - - On Rails 5 `after_commit` callbacks are triggered even using transactional - fixtures, then this fix will not break your test suite. If you are using `DatabaseCleaner` with the `deletion` or `truncation` strategies it may not break your tests. (by @allenwq) - * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` and - `:undefined` strategies. (by @f3ndot) -* features - * Humanize authentication keys in failure flash message (by @byzg) - When you are configuring the translations of `devise.failure.invalid`, the - `authentication_keys` is translated now. -* deprecations - * Remove code supporting old session serialization format (by @fphilipe). - * Now the `email_regexp` default uses a more permissive regex: - `/\A[^@\s]+@[^@\s]+\z/` (by @kimgb) - * Now the `strip_whitespace_keys` default is `[:email]` (by @ulissesalmeida) - * Now the `reconfirmable` default is `true` (by @ulissesalmeida) - * Now the `skip_session_storage` default is `[:http_auth]` (by @ulissesalmeida) - * Now the `sign_out_via` default is `:delete` (by @ulissesalmeida) -* improvements - * Avoids extra computation of friendly token for confirmation token (by @sbc100) - -### 4.0.3 - 2016-05-15 - - * bug fixes - * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev). - -### 4.0.2 - 2016-05-02 - -* bug fixes - * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` - and `:undefined` strategies. (by @f3ndot) - -### 4.0.1 - 2016-04-25 - -* bug fixes - * Fix the e-mail confirmation instructions send when a user updates the email - address from nil. (by @lmduc) - * Remove unnecessary `attribute_will_change!` call. (by @cadejscroggins) - * Consistent `permit!` check. (by @ulissesalmeida) - -### 4.0.0 - 2016-04-18 - -* bug fixes - * Fix the `extend_remember_period` configuration. When set to `false` it does - not update the cookie expiration anymore.(by @ulissesalmeida) - -* deprecations - * Added a warning of default value change in Devise 4.1 for users that uses - the the default configuration of the following configurations: (by @ulissesalmeida) - * `strip_whitespace_keys` - The default will be `[:email]`. - * `skip_session_storage` - The default will be `[:http_auth]`. - * `sign_out_via` - The default will be `:delete`. - * `reconfirmable` - The default will be `true`. - * `email_regexp` - The default will be `/\A[^@\s]+@[^@\s]+\z/`. - * Removed deprecated argument of `Devise::Models::Rememberable#remember_me!` (by @ulissesalmeida) - * Removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in! - (by @bogdanvlviv) - -### 4.0.0.rc2 - 2016-03-09 - -* enhancements - * Introduced `DeviseController#set_flash_message!` for conditional flash - messages setting to reduce complexity. - * `rails g devise:install` will fail if the app does not have a ORM configured - (by @arjunsharma) - * Support to Rails 5 versioned migrations added. - -* deprecations - * omniauth routes are no longer defined with a wildcard `:provider` parameter, - and provider specific routes are defined instead, so route helpers like `user_omniauth_authorize_path(:github)` are deprecated in favor of `user_github_omniauth_authorize_path`. - You can still use `omniauth_authorize_path(:user, :github)` if you need to - call the helpers dynamically. - -### 4.0.0.rc1 - 2016-02-01 - -* Support added to Rails 5 (by @twalpole). -* Devise no longer supports Rails 3.2 and 4.0. -* Devise no longer supports Ruby 1.9 and 2.0. - -* deprecations - * The `devise_parameter_sanitize` API has changed: - The `for` method was deprecated in favor of `permit`: - - ```ruby - def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_up) << :subscribe_newsletter - # Should become the following. - devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter]) - end - ``` - - The customization through instance methods on the sanitizer implementation - should be done through it's `initialize` method: - - ```ruby - class User::ParameterSanitizer < Devise::ParameterSanitizer - def sign_up - default_params.permit(:username, :email) - end - end - - # The `sign_up` method can be a `permit` call on the sanitizer `initialize`. - - class User::ParameterSanitizer < Devise::ParameterSanitizer - def initialize(*) - super - permit(:sign_up, keys: [:username, :email]) - end - end - ``` - - You can check more examples and explanations on the [README section](README.md#strong-parameters) - and on the [ParameterSanitizer docs](lib/devise/parameter_sanitizer.rb). - -Please check [3-stable](https://github.com/heartcombo/devise/blob/3-stable/CHANGELOG.md) +Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) for previous changes. From a259ff3c28912a27329727f4a3c2623d3f5cb6f2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Apr 2024 09:45:08 -0300 Subject: [PATCH 1426/1473] Make it clearer that we're targeting a v5 going forward Use a "beta" version to make that even more explicit. --- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index eaa82dd640..92779c4c3d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.3) + devise (5.0.0.beta) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 6.0.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 08f7e1447e..9843c4d05e 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.3".freeze + VERSION = "5.0.0.beta".freeze end From 1d859b5db0dd6cc80322cc9f48706ccf0076ceca Mon Sep 17 00:00:00 2001 From: Jerome Dalbert Date: Sat, 17 Aug 2024 01:24:22 -0700 Subject: [PATCH 1427/1473] Fix CI sqlite3 error for Gemfile-rails-main --- gemfiles/Gemfile-rails-main | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 12930653eb..1bec1066f9 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -21,5 +21,5 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 1.4" + gem "sqlite3", "~> 2.0" end From 54e4b267a5fb62f228843f4188080d0a83bae82c Mon Sep 17 00:00:00 2001 From: Alex Brook <90186562+abr-storm@users.noreply.github.com> Date: Fri, 16 Aug 2024 10:21:28 +0100 Subject: [PATCH 1428/1473] splat keyword arguments when registering routes --- lib/devise/rails/routes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index f58c9fdc48..474766f9d6 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -413,7 +413,7 @@ def devise_registration(mapping, controllers) #:nodoc: controller: controllers[:registrations] } - resource :registration, options do + resource :registration, **options do get :cancel end end From 25f806e2703a24602c9d910eedf4eaa9cb1bacc2 Mon Sep 17 00:00:00 2001 From: Kazuya INOUE Date: Sun, 6 Oct 2024 23:14:48 +0900 Subject: [PATCH 1429/1473] Remove unnecessary closing parenthesis in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7a6a165b34..e71da6e8e6 100644 --- a/README.md +++ b/README.md @@ -408,7 +408,7 @@ If the customization at the views level is not enough, you can customize each co ... end ``` - Use the `-c` flag to specify one or more controllers, for example: `rails generate devise:controllers users -c sessions`) + Use the `-c` flag to specify one or more controllers, for example: `rails generate devise:controllers users -c sessions` 2. Tell the router to use this controller: From baf0d8eff2a977208120b5b98bf319b781598ae9 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Tue, 22 Oct 2024 20:45:41 +0200 Subject: [PATCH 1430/1473] Update CHANGELOG.md --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2c9b55e3c..04328b7609 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,16 @@ * breaking changes * Drop support to Ruby < 2.7 * Drop support to Rails < 6.0 + * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. + + This is potentially a breaking change because Devise previously used the following order to find a secret key: + + ``` + app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base + ``` + + Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid. + https://github.com/heartcombo/devise/pull/5645 * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) From 12f0dd1608eb3ebe2963309249f9160574d0dc6f Mon Sep 17 00:00:00 2001 From: Itay Grudev Date: Fri, 8 Nov 2024 18:13:05 +0200 Subject: [PATCH 1431/1473] Bug Fix: Devise Checkbox TRUE VALUES not compatible with HTML specs (missing "on" value) See: * https://html.spec.whatwg.org/multipage/input.html#checkbox-state-(type%3Dcheckbox) * https://html.spec.whatwg.org/multipage/input.html#dom-input-value-default-on This issue causes the remember me functionality not to work correctly, especially when overriding the default styles as check boxes by default in all major browsers send the value `on` as required by the HTML specifications. See also: https://stackoverflow.com/questions/5987075/devise-remember-me-not-working-localhost-issue --- lib/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 2b8ac66ef3..3d9dc78867 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -60,7 +60,7 @@ module Test NO_INPUT = [] # True values used to check params - TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'] + TRUE_VALUES = [true, 1, '1', 'on', 'ON', 't', 'T', 'true', 'TRUE'] # Secret key used by the key generator mattr_accessor :secret_key From 24c47140e5d2e484b49796c934a8c1efb2a434b5 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Fri, 15 Nov 2024 20:16:25 +0100 Subject: [PATCH 1432/1473] Make Devise.mappings work with lazy loaded routes. Starting from Rails 8.0, routes are lazy-loaded by default in test and development environments. However, Devise's mappings are built during the routes loading phase. To ensure it works correctly, we need to load the routes first before accessing @@mappings. --- CHANGELOG.md | 6 ++++-- lib/devise.rb | 8 +++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 04328b7609..0adbeb67af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,16 +6,18 @@ * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: - + ``` app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base ``` - + Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid. https://github.com/heartcombo/devise/pull/5645 * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) + * Add Rails 8 support. + - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) for previous changes. diff --git a/lib/devise.rb b/lib/devise.rb index 3d9dc78867..5b7417ed6c 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -274,8 +274,14 @@ module Test # PRIVATE CONFIGURATION # Store scopes mappings. - mattr_reader :mappings @@mappings = {} + def self.mappings + # Starting from Rails 8.0, routes are lazy-loaded by default in test and development environments. + # However, Devise's mappings are built during the routes loading phase. + # To ensure it works correctly, we need to load the routes first before accessing @@mappings. + Rails.application.try(:reload_routes_unless_loaded) + @@mappings + end # OmniAuth configurations. mattr_reader :omniauth_configs From 950721d6de8ad19debb0eb0e87e3de4eff7e47c5 Mon Sep 17 00:00:00 2001 From: Jerome Dalbert Date: Sun, 24 Nov 2024 18:28:09 -0800 Subject: [PATCH 1433/1473] Fix Rails 8 CI --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1092fc61b3..f1c57f09f8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,6 +25,8 @@ jobs: ruby: '2.7' # Rails > 7.1 supports Ruby >= 3.1 - gemfile: gemfiles/Gemfile-rails-main ruby: '3.0' # Rails > 7.1 supports Ruby >= 3.1 + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.1' # Rails >= 8.0 supports Ruby >= 3.2 - gemfile: Gemfile env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main From af112a2f65f3835c3f983276e0d166897427c19a Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 17 Nov 2024 12:10:30 +0100 Subject: [PATCH 1434/1473] Fix Zeitwerk autoloading when ActionMailer is not present. When ActionMailer is not defined we have empty app/mailers/devise/mailer.rb file and Zeitwerk doesn't like that and errors with ``` expected file app/mailers/devise/mailer.rb to define constant Devise::Mailer ``` The fix is to tell Zeitwerk to ignore that file if ActionMailer constant if not defined. I tried to write a spec for it but since specs are run in the same process it's hard to have two Rails applications where one of them has ActionMailer define and the seconds one doesn't. --- CHANGELOG.md | 3 +++ lib/devise/rails.rb | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0adbeb67af..104b9057ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,5 +19,8 @@ * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. +* bug fixes + * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. + Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) for previous changes. diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index dad9e86dc9..b5738853fe 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -47,5 +47,11 @@ class Engine < ::Rails::Engine ) end end + + initializer "devise.configure_zeitwerk" do + if Rails.autoloaders.zeitwerk_enabled? && !defined?(ActionMailer) + Rails.autoloaders.main.ignore("#{root}/app/mailers/devise/mailer.rb") + end + end end end From 46c2c3913eac6acbb13c9916f011595d0d82691e Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Mon, 25 Nov 2024 15:38:47 +0100 Subject: [PATCH 1435/1473] Fix passing of `format` option to `devise_for` call. --- lib/devise/rails/routes.rb | 3 +-- test/routes_test.rb | 5 ----- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 474766f9d6..f43e62fea7 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -235,7 +235,6 @@ def devise_for(*resources) options[:constraints] = (@scope[:constraints] || {}).merge(options[:constraints] || {}) options[:defaults] = (@scope[:defaults] || {}).merge(options[:defaults] || {}) options[:options] = @scope[:options] || {} - options[:options][:format] = false if options[:format] == false resources.map!(&:to_sym) @@ -462,7 +461,7 @@ def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: current_scope = @scope.dup exclusive = { as: new_as, path: new_path, module: nil } - exclusive.merge!(options.slice(:constraints, :defaults, :options)) + exclusive.merge!(options.slice(:constraints, :format, :defaults, :options)) if @scope.respond_to? :new @scope = @scope.new exclusive diff --git a/test/routes_test.rb b/test/routes_test.rb index f18fb342c7..20ba311727 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -205,7 +205,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for sessions' do expected_params = {controller: 'devise/sessions', action: 'new'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do @@ -215,7 +214,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for passwords' do expected_params = {controller: 'devise/passwords', action: 'create'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post}) assert_raise ExpectedRoutingError do @@ -225,7 +223,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for registrations' do expected_params = {controller: 'devise/registrations', action: 'new'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get}) assert_raise ExpectedRoutingError do @@ -235,7 +232,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for confirmations' do expected_params = {controller: 'devise/confirmations', action: 'show'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get}) assert_raise ExpectedRoutingError do @@ -245,7 +241,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for unlocks' do expected_params = {controller: 'devise/unlocks', action: 'show'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get}) assert_raise ExpectedRoutingError do From 560a1cb16f695ce6381b1a2ef063b91b2eb915c4 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Fri, 29 Nov 2024 13:56:24 +0100 Subject: [PATCH 1436/1473] Use proc to set password length validation so it's possible to override it dynamically. Co-authored-by: Manoj M J --- CHANGELOG.md | 12 ++++++++++++ lib/devise/models/validatable.rb | 4 +++- test/models_test.rb | 4 ++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 104b9057ec..28c1240b96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,19 @@ * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. + * Password length validator is changed from + ``` + validates_length_of :password, within: password_length, allow_blank: true` + ``` + + to + + ``` + validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true + ``` + + so it's possible to override `password_length` at runtime. (@manojmj92) * bug fixes * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 1c22fb5fec..62486cfbe0 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -14,6 +14,8 @@ module Models # * +email_regexp+: the regular expression used to validate e-mails; # * +password_length+: a range expressing password length. Defaults to 6..128. # + # Since +password_length+ is applied in a proc within `validates_length_of` it can be overridden + # at runtime. module Validatable # All validations used by this module. VALIDATIONS = [:validates_presence_of, :validates_uniqueness_of, :validates_format_of, @@ -34,7 +36,7 @@ def self.included(base) validates_presence_of :password, if: :password_required? validates_confirmation_of :password, if: :password_required? - validates_length_of :password, within: password_length, allow_blank: true + validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true end end diff --git a/test/models_test.rb b/test/models_test.rb index c213d20470..16acb92c98 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -26,8 +26,8 @@ def assert_include_modules(klass, *modules) test 'validations options are not applied too late' do validators = WithValidation.validators_on :password length = validators.find { |v| v.kind == :length } - assert_equal 2, length.options[:minimum] - assert_equal 6, length.options[:maximum] + assert_equal 2, length.options[:minimum].call + assert_equal 6, length.options[:maximum].call end test 'validations are applied just once' do From a78ad3f20cc7746b41c53b2447e51005d16e7ac4 Mon Sep 17 00:00:00 2001 From: soma Date: Wed, 4 Dec 2024 23:04:03 +0900 Subject: [PATCH 1437/1473] Fix typo in comments --- lib/devise/models/lockable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 65bb400d0e..6ab0ce747e 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -84,7 +84,7 @@ def resend_unlock_instructions if_access_locked { send_unlock_instructions } end - # Overwrites active_for_authentication? from Devise::Models::Activatable for locking purposes + # Overwrites active_for_authentication? from Devise::Models::Authenticatable for locking purposes # by verifying whether a user is active to sign in or not based on locked? def active_for_authentication? super && !access_locked? From 46cae66baf9885d80ae25de180f9ab2166d82098 Mon Sep 17 00:00:00 2001 From: Christian Schmidt Date: Tue, 17 Dec 2024 13:31:17 +0100 Subject: [PATCH 1438/1473] Update argument name for config.warden --- lib/devise.rb | 4 ++-- lib/generators/templates/devise.rb | 6 +++--- test/rails_app/config/initializers/devise.rb | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 5b7417ed6c..4fec8a0e0b 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -446,9 +446,9 @@ def self.add_module(module_name, options = {}) # Devise.setup do |config| # config.allow_unconfirmed_access_for = 2.days # - # config.warden do |manager| + # config.warden do |warden_config| # # Configure warden to use other strategies, like oauth. - # manager.oauth(:twitter) + # warden_config.oauth(:twitter) # end # end def self.warden(&block) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 9e6744bd7d..95bda7cea9 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -277,9 +277,9 @@ # If you want to use other strategies, that are not supported by Devise, or # change the failure app, you can configure them inside the config.warden block. # - # config.warden do |manager| - # manager.intercept_401 = false - # manager.default_strategies(scope: :user).unshift :some_external_strategy + # config.warden do |warden_config| + # warden_config.intercept_401 = false + # warden_config.default_strategies(scope: :user).unshift :some_external_strategy # end # ==> Mountable engine configurations diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index a3a339edc1..85fdfe0ae7 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -181,9 +181,9 @@ # If you want to use other strategies, that are not supported by Devise, or # change the failure app, you can configure them inside the config.warden block. # - # config.warden do |manager| - # manager.failure_app = AnotherApp - # manager.default_strategies(scope: :user).unshift :some_external_strategy + # config.warden do |warden_config| + # warden_config.failure_app = AnotherApp + # warden_config.default_strategies(scope: :user).unshift :some_external_strategy # end # ==> Configuration for :registerable From cf93de390a29654620fdf7ac07b4794eb95171d0 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 28 May 2025 08:51:42 -0300 Subject: [PATCH 1439/1473] Fix links to RubyDoc Closes #5778 [ci skip] --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index e71da6e8e6..538bb2a77b 100644 --- a/README.md +++ b/README.md @@ -9,16 +9,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: -* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. -* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. -* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable): resets the user password and sends reset instructions. -* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. -* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. -* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. -* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. -* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +* [Database Authenticatable](https://www.rubydoc.info/gems/devise/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Omniauthable](https://www.rubydoc.info/gems/devise/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. +* [Confirmable](https://www.rubydoc.info/gems/devise/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. +* [Recoverable](https://www.rubydoc.info/gems/devise/Devise/Models/Recoverable): resets the user password and sends reset instructions. +* [Registerable](https://www.rubydoc.info/gems/devise/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. +* [Rememberable](https://www.rubydoc.info/gems/devise/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. +* [Trackable](https://www.rubydoc.info/gems/devise/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. +* [Timeoutable](https://www.rubydoc.info/gems/devise/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. +* [Validatable](https://www.rubydoc.info/gems/devise/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. +* [Lockable](https://www.rubydoc.info/gems/devise/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. ## Table of Contents @@ -454,7 +454,7 @@ Devise also ships with default routes. If you need to customize them, you should devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` -Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/main/ActionDispatch/Routing/Mapper%3Adevise_for) for details. +Be sure to check `devise_for` [documentation](https://www.rubydoc.info/gems/devise/ActionDispatch/Routing/Mapper#devise_for-instance_method) for details. If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router: @@ -705,7 +705,7 @@ end ### Password reset tokens and Rails logs -If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: +If you enable the [Recoverable](https://www.rubydoc.info/gems/devise/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. From fa4749dddc5bdafb8bf474ec972484cae256d891 Mon Sep 17 00:00:00 2001 From: soma-git-practice <92618416+soma-git-practice@users.noreply.github.com> Date: Sat, 18 Oct 2025 01:41:42 +0900 Subject: [PATCH 1440/1473] Expand reconfirmable comment on generator to match the module doc (#5748) Explain the combined usage of `reconfirmable` with `send_email_changed_notification`. [ci skip] --- lib/generators/templates/devise.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 95bda7cea9..9fe0ade819 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -157,6 +157,9 @@ # initial account confirmation) to be applied. Requires additional unconfirmed_email # db field (see migrations). Until confirmed, new email is stored in # unconfirmed_email column, and copied to email column on successful confirmation. + # Also, when used in conjunction with `send_email_changed_notification`, + # the notification is sent to the original email when the change is requested, + # not when the unconfirmed email is confirmed. config.reconfirmable = true # Defines which key will be used when confirming an account From 9c5e4d3c4e2ac4415f0d49cbeba6ea99c1dccf6b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 17 Oct 2025 14:09:36 -0300 Subject: [PATCH 1441/1473] Update to new email, copyright, supported Ruby/Rails versions Also remove contributors section and add supported ruby/rails versions to the readme. [ci skip] --- CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 2 +- ISSUE_TEMPLATE.md | 2 +- MIT-LICENSE | 4 ++-- README.md | 28 ++++++++++++++++------------ devise.gemspec | 2 +- 6 files changed, 22 insertions(+), 18 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index a947362010..5d594d2f52 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -17,6 +17,6 @@ Project maintainers have the right and responsibility to remove, edit, or reject This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [heartcombo@googlegroups.com](heartcombo@googlegroups.com) or contacting one or more of the project maintainers. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [heartcombo.oss@gmail.com](heartcombo.oss@gmail.com) or contacting one or more of the project maintainers. This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 51b94f9d4f..336d614f40 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -30,7 +30,7 @@ the project wiki, documentation and source code first, or try to ask your questi on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). **If you find a security bug, do not report it through GitHub. Please send an -e-mail to [heartcombo@googlegroups.com](mailto:heartcombo@googlegroups.com) +e-mail to [heartcombo.oss@gmail.com](mailto:heartcombo.oss@gmail.com) instead.** ## Sending Pull Requests diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 904d810734..445eedba53 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -2,7 +2,7 @@ - Do not use the issues tracker for help or support, try Stack Overflow. - For bugs, do a quick search and make sure the bug has not yet been reported -- If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo@googlegroups.com instead. +- If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo.oss@gmail.com instead. - Finally, be nice and have fun! ## Environment diff --git a/MIT-LICENSE b/MIT-LICENSE index 2cbc2b23cc..d54bbdc9b8 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,5 +1,5 @@ -Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. -Copyright 2009-2019 Plataformatec. +Copyright (c) 2020-2025 Rafael França, Carlos Antonio da Silva +Copyright (c) 2009-2019 Plataformatec Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index 538bb2a77b..6521e241e5 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ It's composed of 10 modules: - [RDocs](#rdocs) - [Example applications](#example-applications) - [Extensions](#extensions) + - [Supported Ruby / Rails versions](#supported-ruby--rails-versions) - [Contributing](#contributing) - [Starting with Rails?](#starting-with-rails) - [Getting started](#getting-started) @@ -52,7 +53,6 @@ It's composed of 10 modules: - [Rails API mode](#rails-api-mode) - [Additional information](#additional-information) - [Warden](#warden) - - [Contributors](#contributors) - [License](#license) @@ -73,7 +73,7 @@ If you discover a problem with Devise, we would like to know about it. However, https://github.com/heartcombo/devise/wiki/Bug-reports -If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to heartcombo@googlegroups.com. +If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to heartcombo.oss@gmail.com. ### StackOverflow and Mailing List @@ -81,9 +81,10 @@ If you have any questions, comments, or concerns, please use StackOverflow inste http://stackoverflow.com/questions/tagged/devise -The deprecated mailing list can still be read on +The deprecated mailing lists can still be read on: https://groups.google.com/group/plataformatec-devise +https://groups.google.com/group/heartcombo ### RDocs @@ -105,6 +106,13 @@ Our community has created a number of extensions that add functionality above an https://github.com/heartcombo/devise/wiki/Extensions +### Supported Ruby / Rails versions + +We intend to maintain support for all Ruby / Rails versions that haven't reached end-of-life. + +For more information about specific versions please check [Ruby](https://www.ruby-lang.org/en/downloads/branches/) +and [Rails](https://guides.rubyonrails.org/maintenance_policy.html) maintenance policies, and our test matrix. + ### Contributing We hope that you will consider contributing to Devise. Please read this short overview for some information about how to get started: @@ -114,7 +122,7 @@ https://github.com/heartcombo/devise/wiki/Contributing You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run `bundle install` and `bin/test`. Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`. -### DEVISE_ORM +#### DEVISE_ORM Since Devise supports both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`: ``` @@ -126,7 +134,7 @@ When running the tests for Mongoid, you will need to have a MongoDB server (vers Please note that the command output will show the variable value being used. -### BUNDLE_GEMFILE +#### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 3.0.0 and Rails 6.0, you can do the following: @@ -757,14 +765,10 @@ Devise is based on Warden, which is a general Rack authentication framework crea https://github.com/wardencommunity/warden -### Contributors - -We have a long list of valued contributors. Check them all at: - -https://github.com/heartcombo/devise/graphs/contributors - ## License -MIT License. Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. +MIT License. +Copyright 2020-2025 Rafael França, Carlos Antonio da Silva. +Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). diff --git a/devise.gemspec b/devise.gemspec index d53c959a70..c8f24cc209 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -10,7 +10,7 @@ Gem::Specification.new do |s| s.platform = Gem::Platform::RUBY s.licenses = ["MIT"] s.summary = "Flexible authentication solution for Rails with Warden" - s.email = "heartcombo@googlegroups.com" + s.email = "heartcombo.oss@gmail.com" s.homepage = "https://github.com/heartcombo/devise" s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] From dbc8e77ea0a6396dcaa4688d525004d6f9e555d7 Mon Sep 17 00:00:00 2001 From: Greg Molnar Date: Tue, 21 Oct 2025 19:52:04 +0000 Subject: [PATCH 1442/1473] Make test suite work (#5770) * Drop support for Rails < 7 and Ruby < 2.7 * Add tests to support to Rails 8+ * Fix test suite across all supported versions --- .github/workflows/test.yml | 41 ++-- Gemfile | 8 +- Gemfile.lock | 180 ++++++++++-------- gemfiles/Gemfile-rails-7-0 | 13 -- .../{Gemfile-rails-6-0 => Gemfile-rails-7-1} | 4 +- .../{Gemfile-rails-6-1 => Gemfile-rails-7-2} | 11 +- gemfiles/Gemfile-rails-8-0 | 25 +++ test/rails_app/config/application.rb | 1 + test/support/webrat/matchers.rb | 8 +- 9 files changed, 161 insertions(+), 130 deletions(-) rename gemfiles/{Gemfile-rails-6-0 => Gemfile-rails-7-1} (78%) rename gemfiles/{Gemfile-rails-6-1 => Gemfile-rails-7-2} (67%) create mode 100644 gemfiles/Gemfile-rails-8-0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f1c57f09f8..ec8aa990fc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,8 +9,9 @@ jobs: - Gemfile - gemfiles/Gemfile-rails-main - gemfiles/Gemfile-rails-7-0 - - gemfiles/Gemfile-rails-6-1 - - gemfiles/Gemfile-rails-6-0 + - gemfiles/Gemfile-rails-7-1 + - gemfiles/Gemfile-rails-7-2 + - gemfiles/Gemfile-rails-8-0 ruby: - '3.3' - '3.2' @@ -21,26 +22,32 @@ jobs: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.7' # Rails > 7.1 supports Ruby >= 3.1 - - gemfile: gemfiles/Gemfile-rails-main - ruby: '3.0' # Rails > 7.1 supports Ruby >= 3.1 - - gemfile: gemfiles/Gemfile-rails-main - ruby: '3.1' # Rails >= 8.0 supports Ruby >= 3.2 - gemfile: Gemfile env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-7-0 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-6-1 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-6-0 + - gemfile: Gemfile ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-6-0 - env: DEVISE_ORM=mongoid + - gemfile: Gemfile + ruby: '3.0' + - gemfile: Gemfile + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-8-0 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-8-0 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-8-0 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-7-2 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-7-2 + ruby: '2.7' runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} diff --git a/Gemfile b/Gemfile index 722eb59a0d..96f51cedb0 100644 --- a/Gemfile +++ b/Gemfile @@ -4,9 +4,9 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 7.1.0" gem "omniauth" gem "omniauth-oauth2" +gem "rails", "~> 8.1.0.rc1" gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" @@ -14,16 +14,16 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" group :test do + gem "mocha", "~> 2.1", require: false gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false + gem "webrat" end platforms :ruby do - gem "sqlite3", "~> 1.4" + gem "sqlite3", "~> 2.1" end # platforms :jruby do diff --git a/Gemfile.lock b/Gemfile.lock index 92779c4c3d..a39d4a215e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,87 +20,88 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.1.0) - actionpack (= 7.1.0) - activesupport (= 7.1.0) + action_text-trix (2.1.15) + railties + actioncable (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.0) - actionpack (= 7.1.0) - activejob (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) - mail (>= 2.7.1) - net-imap - net-pop - net-smtp - actionmailer (7.1.0) - actionpack (= 7.1.0) - actionview (= 7.1.0) - activejob (= 7.1.0) - activesupport (= 7.1.0) - mail (~> 2.5, >= 2.5.4) - net-imap - net-pop - net-smtp + actionmailbox (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + activejob (= 8.1.0.rc1) + activerecord (= 8.1.0.rc1) + activestorage (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) + mail (>= 2.8.0) + actionmailer (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + actionview (= 8.1.0.rc1) + activejob (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) + mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.1.0) - actionview (= 7.1.0) - activesupport (= 7.1.0) + actionpack (8.1.0.rc1) + actionview (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.0) - actionpack (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) + useragent (~> 0.16) + actiontext (8.1.0.rc1) + action_text-trix (~> 2.1.15) + actionpack (= 8.1.0.rc1) + activerecord (= 8.1.0.rc1) + activestorage (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.0) - activesupport (= 7.1.0) + actionview (8.1.0.rc1) + activesupport (= 8.1.0.rc1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.1.0) - activesupport (= 7.1.0) + activejob (8.1.0.rc1) + activesupport (= 8.1.0.rc1) globalid (>= 0.3.6) - activemodel (7.1.0) - activesupport (= 7.1.0) - activerecord (7.1.0) - activemodel (= 7.1.0) - activesupport (= 7.1.0) + activemodel (8.1.0.rc1) + activesupport (= 8.1.0.rc1) + activerecord (8.1.0.rc1) + activemodel (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) timeout (>= 0.4.0) - activestorage (7.1.0) - actionpack (= 7.1.0) - activejob (= 7.1.0) - activerecord (= 7.1.0) - activesupport (= 7.1.0) + activestorage (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + activejob (= 8.1.0.rc1) + activerecord (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) marcel (~> 1.0) - activesupport (7.1.0) + activesupport (8.1.0.rc1) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + json + logger (>= 1.4.2) minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) base64 (0.1.1) bcrypt (3.1.19) bigdecimal (3.1.4) builder (3.2.4) - concurrent-ruby (1.2.2) + concurrent-ruby (1.3.5) connection_pool (2.4.1) crass (1.0.6) - date (3.3.3) + date (3.4.1) drb (2.1.1) ruby2_keywords erubi (1.12.0) @@ -109,16 +110,19 @@ GEM faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - globalid (1.2.1) + globalid (1.3.0) activesupport (>= 6.1) hashie (5.0.0) i18n (1.14.1) concurrent-ruby (~> 1.0) io-console (0.6.0) - irb (1.8.1) - rdoc - reline (>= 0.3.8) + irb (1.15.1) + pp (>= 0.6.0) + rdoc (>= 4.0.0) + reline (>= 0.4.2) + json (2.15.1) jwt (2.7.1) + logger (1.6.6) loofah (2.21.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -127,24 +131,23 @@ GEM net-imap net-pop net-smtp - marcel (1.0.2) + marcel (1.1.0) mini_mime (1.1.5) mini_portile2 (2.8.4) minitest (5.20.0) mocha (2.1.0) ruby2_keywords (>= 0.0.5) multi_xml (0.6.0) - mutex_m (0.1.2) - net-imap (0.4.1) + net-imap (0.5.12) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout - net-smtp (0.4.0) + net-smtp (0.5.1) net-protocol - nio4r (2.5.9) + nio4r (2.7.4) nokogiri (1.15.4) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -168,6 +171,9 @@ GEM omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) + pp (0.6.2) + prettyprint + prettyprint (0.2.0) psych (5.1.0) stringio racc (1.7.1) @@ -184,20 +190,20 @@ GEM rackup (1.0.0) rack (< 3) webrick - rails (7.1.0) - actioncable (= 7.1.0) - actionmailbox (= 7.1.0) - actionmailer (= 7.1.0) - actionpack (= 7.1.0) - actiontext (= 7.1.0) - actionview (= 7.1.0) - activejob (= 7.1.0) - activemodel (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) + rails (8.1.0.rc1) + actioncable (= 8.1.0.rc1) + actionmailbox (= 8.1.0.rc1) + actionmailer (= 8.1.0.rc1) + actionpack (= 8.1.0.rc1) + actiontext (= 8.1.0.rc1) + actionview (= 8.1.0.rc1) + activejob (= 8.1.0.rc1) + activemodel (= 8.1.0.rc1) + activerecord (= 8.1.0.rc1) + activestorage (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) bundler (>= 1.15.0) - railties (= 7.1.0) + railties (= 8.1.0.rc1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -205,18 +211,19 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.1.0) - actionpack (= 7.1.0) - activesupport (= 7.1.0) - irb + railties (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) + irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) + tsort (>= 0.2) zeitwerk (~> 2.6) rake (13.0.6) rdoc (6.5.0) psych (>= 4.0.0) - reline (0.3.9) + reline (0.6.0) io-console (~> 0.5) responders (3.1.0) actionpack (>= 5.2) @@ -224,17 +231,21 @@ GEM rexml (3.2.6) ruby-openid (2.9.2) ruby2_keywords (0.0.5) + securerandom (0.4.1) snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - sqlite3 (1.6.6) + sqlite3 (2.6.0) mini_portile2 (~> 2.8.0) stringio (3.0.8) thor (1.2.2) timecop (0.9.8) - timeout (0.4.0) + timeout (0.4.3) + tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) + uri (1.0.3) + useragent (0.16.11) version_gem (1.1.3) warden (1.2.9) rack (>= 2.0.9) @@ -243,7 +254,8 @@ GEM rack (>= 1.0) rack-test (>= 0.5.3) webrick (1.8.1) - websocket-driver (0.7.6) + websocket-driver (0.8.0) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) zeitwerk (2.6.12) @@ -258,14 +270,14 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 7.1.0) + rails (~> 8.1.0.rc1) rails-controller-testing! rdoc responders (~> 3.1) rexml - sqlite3 (~> 1.4) + sqlite3 (~> 2.1) timecop - webrat (= 0.7.3) + webrat BUNDLED WITH 2.4.5 diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index ee474728ef..468b25e296 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -1,5 +1,3 @@ -# frozen_string_literal: true - source "https://rubygems.org" gemspec path: ".." @@ -25,14 +23,3 @@ end platforms :ruby do gem "sqlite3", "~> 1.4" end - -# platforms :jruby do -# gem "activerecord-jdbc-adapter" -# gem "activerecord-jdbcsqlite3-adapter" -# gem "jruby-openssl" -# end - -# TODO: -# group :mongoid do -# gem "mongoid", "~> 4.0.0" -# end diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-7-1 similarity index 78% rename from gemfiles/Gemfile-rails-6-0 rename to gemfiles/Gemfile-rails-7-1 index b6afb67239..b20df90431 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-7-1 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 6.0.0', github: 'rails/rails', branch: '6-0-stable' +gem "rails", "~> 7.1.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -16,7 +16,7 @@ group :test do gem "omniauth-openid" gem "rexml" gem "timecop" - gem "webrat", "0.7.3", require: false + gem "webrat" gem "mocha", "~> 2.1", require: false end diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-7-2 similarity index 67% rename from gemfiles/Gemfile-rails-6-1 rename to gemfiles/Gemfile-rails-7-2 index bdebe1a761..28aef1fbb9 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-7-2 @@ -2,7 +2,8 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 6.1.0' +gem "rails", "~> 7.1.0" + gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -11,18 +12,12 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" -if RUBY_VERSION >= "3.1" - gem "net-smtp", require: false - gem "net-imap", require: false - gem "net-pop", require: false -end - group :test do gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" gem "timecop" - gem "webrat", "0.7.3", require: false + gem "webrat", require: false gem "mocha", "~> 2.1", require: false end diff --git a/gemfiles/Gemfile-rails-8-0 b/gemfiles/Gemfile-rails-8-0 new file mode 100644 index 0000000000..e279a8ecf6 --- /dev/null +++ b/gemfiles/Gemfile-rails-8-0 @@ -0,0 +1,25 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", "~> 8.0.0" +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.1" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "rexml" + gem "timecop" + gem 'webrat' + gem "mocha", "~> 2.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 2.1" +end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index cb333819c4..2371eb08cf 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -2,6 +2,7 @@ require File.expand_path('../boot', __FILE__) +require "logger" require "action_controller/railtie" require "action_mailer/railtie" require "rails/test_unit/railtie" diff --git a/test/support/webrat/matchers.rb b/test/support/webrat/matchers.rb index 31815d460f..219ac2594d 100644 --- a/test/support/webrat/matchers.rb +++ b/test/support/webrat/matchers.rb @@ -4,9 +4,13 @@ module Matchers class HaveSelector def query Nokogiri::CSS.parse(@expected.to_s).map do |ast| - ast.to_xpath("//", Nokogiri::CSS::XPathVisitor.new) + if ::Gem::Version.new(Nokogiri::VERSION) < ::Gem::Version.new('1.17.2') + ast.to_xpath('//', Nokogiri::CSS::XPathVisitor.new) + else + ast.to_xpath(Nokogiri::CSS::XPathVisitor.new) + end end.first end end end -end \ No newline at end of file +end From 141ef373396a4c19a619a24647bc323dc853c6ac Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 21 Oct 2025 17:28:05 -0300 Subject: [PATCH 1443/1473] Add Ruby 3.4 & build updates (#5801) Update bundle to avoid 3.4 mutex_m require error. Test against Rails 7.0 branch which contains Ruby 3.4 fixes. Update changelog to mention Rails < 7.0 support being dropped. Builds on top of https://github.com/heartcombo/devise/pull/5770 Closes https://github.com/heartcombo/devise/pull/5776 Closes https://github.com/heartcombo/devise/pull/5761 --- .github/workflows/test.yml | 1 + CHANGELOG.md | 3 +- Gemfile.lock | 150 ++++++++++++++++++++----------------- gemfiles/Gemfile-rails-7-0 | 2 +- 4 files changed, 86 insertions(+), 70 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ec8aa990fc..961fc470d6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,6 +13,7 @@ jobs: - gemfiles/Gemfile-rails-7-2 - gemfiles/Gemfile-rails-8-0 ruby: + - '3.4' - '3.3' - '3.2' - '3.1' diff --git a/CHANGELOG.md b/CHANGELOG.md index 28c1240b96..95f92d3c9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ * breaking changes * Drop support to Ruby < 2.7 - * Drop support to Rails < 6.0 + * Drop support to Rails < 7.0 * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: @@ -18,6 +18,7 @@ * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. + * Add Ruby 3.4 support. * Password length validator is changed from ``` diff --git a/Gemfile.lock b/Gemfile.lock index a39d4a215e..3d866346a8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -94,36 +94,38 @@ GEM securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) - base64 (0.1.1) - bcrypt (3.1.19) - bigdecimal (3.1.4) - builder (3.2.4) + base64 (0.3.0) + bcrypt (3.1.20) + bigdecimal (3.3.1) + builder (3.3.0) concurrent-ruby (1.3.5) - connection_pool (2.4.1) + connection_pool (2.5.4) crass (1.0.6) date (3.4.1) - drb (2.1.1) - ruby2_keywords - erubi (1.12.0) - faraday (2.7.11) - base64 - faraday-net_http (>= 2.0, < 3.1) - ruby2_keywords (>= 0.0.4) - faraday-net_http (3.0.2) + drb (2.2.3) + erb (5.1.1) + erubi (1.13.1) + faraday (2.14.0) + faraday-net_http (>= 2.0, < 3.5) + json + logger + faraday-net_http (3.4.1) + net-http (>= 0.5.0) globalid (1.3.0) activesupport (>= 6.1) hashie (5.0.0) - i18n (1.14.1) + i18n (1.14.7) concurrent-ruby (~> 1.0) - io-console (0.6.0) - irb (1.15.1) + io-console (0.8.1) + irb (1.15.2) pp (>= 0.6.0) rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.15.1) - jwt (2.7.1) - logger (1.6.6) - loofah (2.21.3) + jwt (3.1.2) + base64 + logger (1.7.0) + loofah (2.24.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -133,11 +135,14 @@ GEM net-smtp marcel (1.1.0) mini_mime (1.1.5) - mini_portile2 (2.8.4) - minitest (5.20.0) - mocha (2.1.0) + mini_portile2 (2.8.9) + minitest (5.26.0) + mocha (2.7.1) ruby2_keywords (>= 0.0.5) - multi_xml (0.6.0) + multi_xml (0.7.2) + bigdecimal (~> 3.1) + net-http (0.6.0) + uri net-imap (0.5.12) date net-protocol @@ -148,48 +153,56 @@ GEM net-smtp (0.5.1) net-protocol nio4r (2.7.4) - nokogiri (1.15.4) + nokogiri (1.18.10) mini_portile2 (~> 2.8.2) racc (~> 1.4) - oauth2 (2.0.9) - faraday (>= 0.17.3, < 3.0) - jwt (>= 1.0, < 3.0) + oauth2 (2.0.17) + faraday (>= 0.17.3, < 4.0) + jwt (>= 1.0, < 4.0) + logger (~> 1.2) multi_xml (~> 0.5) rack (>= 1.2, < 4) - snaky_hash (~> 2.0) - version_gem (~> 1.1) - omniauth (2.1.1) + snaky_hash (~> 2.0, >= 2.0.3) + version_gem (~> 1.1, >= 1.1.9) + omniauth (2.1.4) hashie (>= 3.4.6) + logger rack (>= 2.2.3) rack-protection - omniauth-facebook (9.0.0) - omniauth-oauth2 (~> 1.2) + omniauth-facebook (10.0.0) + bigdecimal + omniauth-oauth2 (>= 1.2, < 3) omniauth-oauth2 (1.8.0) oauth2 (>= 1.4, < 3) omniauth (~> 2.0) - omniauth-openid (2.0.1) - omniauth (>= 1.0, < 3.0) - rack-openid (~> 1.4.0) + omniauth-openid (2.0.2) + omniauth (>= 1.1) + rack-openid (~> 1.4) + ruby-openid (~> 2.1, >= 2.1.8) + version_gem (~> 1.1, >= 1.1.8) orm_adapter (0.5.0) - pp (0.6.2) + pp (0.6.3) prettyprint prettyprint (0.2.0) - psych (5.1.0) + psych (5.2.6) + date stringio - racc (1.7.1) - rack (2.2.8) + racc (1.8.1) + rack (3.2.3) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (3.1.0) - rack (~> 2.2, >= 2.2.4) - rack-session (1.0.1) - rack (< 3) - rack-test (2.1.0) + rack-protection (4.2.1) + base64 (>= 0.1.0) + logger (>= 1.6.0) + rack (>= 3.0.0, < 4) + rack-session (2.1.1) + base64 (>= 0.1.0) + rack (>= 3.0.0) + rack-test (2.2.0) rack (>= 1.3) - rackup (1.0.0) - rack (< 3) - webrick + rackup (2.2.1) + rack (>= 3) rails (8.1.0.rc1) actioncable (= 8.1.0.rc1) actionmailbox (= 8.1.0.rc1) @@ -204,13 +217,13 @@ GEM activesupport (= 8.1.0.rc1) bundler (>= 1.15.0) railties (= 8.1.0.rc1) - rails-dom-testing (2.2.0) + rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) + rails-html-sanitizer (1.6.2) loofah (~> 2.21) - nokogiri (~> 1.14) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) railties (8.1.0.rc1) actionpack (= 8.1.0.rc1) activesupport (= 8.1.0.rc1) @@ -220,45 +233,46 @@ GEM thor (~> 1.0, >= 1.2.2) tsort (>= 0.2) zeitwerk (~> 2.6) - rake (13.0.6) - rdoc (6.5.0) + rake (13.3.0) + rdoc (6.15.0) + erb psych (>= 4.0.0) - reline (0.6.0) + tsort + reline (0.6.2) io-console (~> 0.5) - responders (3.1.0) - actionpack (>= 5.2) - railties (>= 5.2) - rexml (3.2.6) + responders (3.2.0) + actionpack (>= 7.0) + railties (>= 7.0) + rexml (3.4.4) ruby-openid (2.9.2) ruby2_keywords (0.0.5) securerandom (0.4.1) - snaky_hash (2.0.1) - hashie - version_gem (~> 1.1, >= 1.1.1) - sqlite3 (2.6.0) + snaky_hash (2.0.3) + hashie (>= 0.1.0, < 6) + version_gem (>= 1.1.8, < 3) + sqlite3 (2.7.4) mini_portile2 (~> 2.8.0) - stringio (3.0.8) - thor (1.2.2) - timecop (0.9.8) + stringio (3.1.7) + thor (1.4.0) + timecop (0.9.10) timeout (0.4.3) tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - uri (1.0.3) + uri (1.0.4) useragent (0.16.11) - version_gem (1.1.3) + version_gem (1.1.9) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - webrick (1.8.1) websocket-driver (0.8.0) base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.12) + zeitwerk (2.7.3) PLATFORMS ruby diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index 468b25e296..c155e8cbc8 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", "~> 7.0.0" +gem "rails", "~> 7.0.0", github: "rails/rails", branch: "7-0-stable" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From 1cf31d45ebe80656b3e830c977c0030fb8e93718 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 24 Oct 2025 11:23:10 -0300 Subject: [PATCH 1444/1473] Update to test with Rails v8.1.0 final --- Gemfile | 2 +- Gemfile.lock | 111 ++++++++++++++++++++++++++------------------------- 2 files changed, 57 insertions(+), 56 deletions(-) diff --git a/Gemfile b/Gemfile index 96f51cedb0..29945422d2 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ gemspec gem "omniauth" gem "omniauth-oauth2" -gem "rails", "~> 8.1.0.rc1" +gem "rails", "~> 8.1.0" gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" diff --git a/Gemfile.lock b/Gemfile.lock index 3d866346a8..d0e848a1a7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -22,29 +22,29 @@ GEM specs: action_text-trix (2.1.15) railties - actioncable (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actioncable (8.1.0) + actionpack (= 8.1.0) + activesupport (= 8.1.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - activejob (= 8.1.0.rc1) - activerecord (= 8.1.0.rc1) - activestorage (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionmailbox (8.1.0) + actionpack (= 8.1.0) + activejob (= 8.1.0) + activerecord (= 8.1.0) + activestorage (= 8.1.0) + activesupport (= 8.1.0) mail (>= 2.8.0) - actionmailer (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - actionview (= 8.1.0.rc1) - activejob (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionmailer (8.1.0) + actionpack (= 8.1.0) + actionview (= 8.1.0) + activejob (= 8.1.0) + activesupport (= 8.1.0) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.1.0.rc1) - actionview (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionpack (8.1.0) + actionview (= 8.1.0) + activesupport (= 8.1.0) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -52,36 +52,36 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.1.0.rc1) + actiontext (8.1.0) action_text-trix (~> 2.1.15) - actionpack (= 8.1.0.rc1) - activerecord (= 8.1.0.rc1) - activestorage (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionpack (= 8.1.0) + activerecord (= 8.1.0) + activestorage (= 8.1.0) + activesupport (= 8.1.0) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionview (8.1.0) + activesupport (= 8.1.0) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.1.0.rc1) - activesupport (= 8.1.0.rc1) + activejob (8.1.0) + activesupport (= 8.1.0) globalid (>= 0.3.6) - activemodel (8.1.0.rc1) - activesupport (= 8.1.0.rc1) - activerecord (8.1.0.rc1) - activemodel (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + activemodel (8.1.0) + activesupport (= 8.1.0) + activerecord (8.1.0) + activemodel (= 8.1.0) + activesupport (= 8.1.0) timeout (>= 0.4.0) - activestorage (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - activejob (= 8.1.0.rc1) - activerecord (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + activestorage (8.1.0) + actionpack (= 8.1.0) + activejob (= 8.1.0) + activerecord (= 8.1.0) + activesupport (= 8.1.0) marcel (~> 1.0) - activesupport (8.1.0.rc1) + activesupport (8.1.0) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) @@ -128,7 +128,8 @@ GEM loofah (2.24.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) - mail (2.8.1) + mail (2.9.0) + logger mini_mime (>= 0.1.1) net-imap net-pop @@ -203,20 +204,20 @@ GEM rack (>= 1.3) rackup (2.2.1) rack (>= 3) - rails (8.1.0.rc1) - actioncable (= 8.1.0.rc1) - actionmailbox (= 8.1.0.rc1) - actionmailer (= 8.1.0.rc1) - actionpack (= 8.1.0.rc1) - actiontext (= 8.1.0.rc1) - actionview (= 8.1.0.rc1) - activejob (= 8.1.0.rc1) - activemodel (= 8.1.0.rc1) - activerecord (= 8.1.0.rc1) - activestorage (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + rails (8.1.0) + actioncable (= 8.1.0) + actionmailbox (= 8.1.0) + actionmailer (= 8.1.0) + actionpack (= 8.1.0) + actiontext (= 8.1.0) + actionview (= 8.1.0) + activejob (= 8.1.0) + activemodel (= 8.1.0) + activerecord (= 8.1.0) + activestorage (= 8.1.0) + activesupport (= 8.1.0) bundler (>= 1.15.0) - railties (= 8.1.0.rc1) + railties (= 8.1.0) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -224,9 +225,9 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + railties (8.1.0) + actionpack (= 8.1.0) + activesupport (= 8.1.0) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -284,7 +285,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 8.1.0.rc1) + rails (~> 8.1.0) rails-controller-testing! rdoc responders (~> 3.1) From 5a82ad574064a97b7458c73694a2b407c46bcb14 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 24 Oct 2025 11:27:31 -0300 Subject: [PATCH 1445/1473] Fix nokogiri deprecation warning ./devise/test/support/webrat/matchers.rb:6: warning: Nokogiri::CSS.parse is deprecated and will be removed in a future version of Nokogiri. Use Nokogiri::CSS::Parser#parse instead. --- test/support/webrat/matchers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/support/webrat/matchers.rb b/test/support/webrat/matchers.rb index 219ac2594d..24d71df3d9 100644 --- a/test/support/webrat/matchers.rb +++ b/test/support/webrat/matchers.rb @@ -3,7 +3,7 @@ module Webrat module Matchers class HaveSelector def query - Nokogiri::CSS.parse(@expected.to_s).map do |ast| + Nokogiri::CSS::Parser.new.parse(@expected.to_s).map do |ast| if ::Gem::Version.new(Nokogiri::VERSION) < ::Gem::Version.new('1.17.2') ast.to_xpath('//', Nokogiri::CSS::XPathVisitor.new) else From d60f81008676edc6ae9c8e6e4b28a20a473185d3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 24 Oct 2025 11:32:33 -0300 Subject: [PATCH 1446/1473] Use currently released version of rails-controller-testing We pointed to github to fix issues with Ruby 2.7 and kwargs, but since then a version 1.0.5 was released which includes those fixes. There's a few more things in their main, but nothing we need if all is green. --- Gemfile | 2 +- Gemfile.lock | 15 +++++---------- gemfiles/Gemfile-rails-7-0 | 2 +- gemfiles/Gemfile-rails-7-1 | 2 +- gemfiles/Gemfile-rails-7-2 | 2 +- gemfiles/Gemfile-rails-8-0 | 2 +- gemfiles/Gemfile-rails-main | 2 +- 7 files changed, 11 insertions(+), 16 deletions(-) diff --git a/Gemfile b/Gemfile index 29945422d2..88da13e288 100644 --- a/Gemfile +++ b/Gemfile @@ -9,7 +9,7 @@ gem "omniauth-oauth2" gem "rails", "~> 8.1.0" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/Gemfile.lock b/Gemfile.lock index d0e848a1a7..004855060c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,12 +1,3 @@ -GIT - remote: https://github.com/rails/rails-controller-testing.git - revision: c203673f8011a7cdc2a8edf995ae6b3eec3417ca - specs: - rails-controller-testing (1.0.5) - actionpack (>= 5.0.1.rc1) - actionview (>= 5.0.1.rc1) - activesupport (>= 5.0.1.rc1) - PATH remote: . specs: @@ -218,6 +209,10 @@ GEM activesupport (= 8.1.0) bundler (>= 1.15.0) railties (= 8.1.0) + rails-controller-testing (1.0.5) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -286,7 +281,7 @@ DEPENDENCIES omniauth-oauth2 omniauth-openid rails (~> 8.1.0) - rails-controller-testing! + rails-controller-testing rdoc responders (~> 3.1) rexml diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index c155e8cbc8..bfab0fce8d 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -7,7 +7,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/gemfiles/Gemfile-rails-7-1 b/gemfiles/Gemfile-rails-7-1 index b20df90431..f455a30a68 100644 --- a/gemfiles/Gemfile-rails-7-1 +++ b/gemfiles/Gemfile-rails-7-1 @@ -7,7 +7,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/gemfiles/Gemfile-rails-7-2 b/gemfiles/Gemfile-rails-7-2 index 28aef1fbb9..85ff6ba868 100644 --- a/gemfiles/Gemfile-rails-7-2 +++ b/gemfiles/Gemfile-rails-7-2 @@ -8,7 +8,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/gemfiles/Gemfile-rails-8-0 b/gemfiles/Gemfile-rails-8-0 index e279a8ecf6..d5d545365e 100644 --- a/gemfiles/Gemfile-rails-8-0 +++ b/gemfiles/Gemfile-rails-8-0 @@ -7,7 +7,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 1bec1066f9..f361fad41a 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -7,7 +7,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" From f150357c1ce01a8eec740c3a6759bca1aae4d7d4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 29 Oct 2025 10:31:23 -0300 Subject: [PATCH 1447/1473] Test with the released version of v7.0 Rails just released v7.0.10 which contains the fixes for Ruby 3.4 we needed to get the build green, so no need to point to GH anymore. https://rubyonrails.org/2025/10/29/new-rails-releases-and-end-of-support-announcement Note that v7.0 has reached EOL for a while now. --- gemfiles/Gemfile-rails-7-0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index bfab0fce8d..cfd7bbe3b2 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", "~> 7.0.0", github: "rails/rails", branch: "7-0-stable" +gem "rails", "~> 7.0.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From b76d18d27783ad2079e1e75773ef9d1e30005fdd Mon Sep 17 00:00:00 2001 From: Fuyutsubaki Date: Fri, 31 Oct 2025 21:44:11 +0900 Subject: [PATCH 1448/1473] Fixed inconsistency between description and example in 'Running tests' section (#5802) Expand test run examples to show running a specific line number or a matching regex. [ci skip] --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6521e241e5..bb2dc6970a 100644 --- a/README.md +++ b/README.md @@ -163,9 +163,10 @@ bin/test bin/test test/models/trackable_test.rb ``` -* Running a specific test given a regex: +* Running a specific test given a line number or a regex: ```bash bin/test test/models/trackable_test.rb:16 +bin/test test/models/trackable_test.rb -n '/update.*record/' ``` ## Starting with Rails? From dd7ee27f74f919eacc48337c966cdcb648d9e2f0 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 11:16:02 -0300 Subject: [PATCH 1449/1473] Bring back Mongoid official support (#5568) Devise hasn't been tested with Mongoid since Rails version 5, only 4.x was still running those tests. This enables the tests again on all currently supported Rails versions, with their respective mongoid supported versions. There were a couple of minor tweaks to make it happen, namely: * The way we were dropping the session before doesn't work in later versions so I changed back to calling `purge!` which appears to work fine. We used to call `Mongoid.purge!` but that changed in #4686. * Some of the configs in the Rails test app were setting Active Record values when outside of the AR ORM tests, updated those to make sure they are not set when running mongoid ORM tests. * The validations added to the shared admin code in tests were only checking for Rails version 5.1, but we need to use the same check for AR 5.1 that is used in code, otherwise it will try to use methods not available in mongoid there. --- .github/workflows/test.yml | 15 +++++------- CHANGELOG.md | 1 + Gemfile | 15 ++++-------- Gemfile.lock | 19 ++++++++++++++-- gemfiles/Gemfile-rails-7-0 | 4 ++++ gemfiles/Gemfile-rails-7-1 | 4 ++++ gemfiles/Gemfile-rails-7-2 | 6 ++++- gemfiles/Gemfile-rails-8-0 | 6 ++++- gemfiles/Gemfile-rails-main | 6 ++++- lib/devise/orm.rb | 34 ++++++++++++++++++++++++++-- test/orm/mongoid.rb | 2 +- test/rails_app/config/application.rb | 6 +++-- 12 files changed, 88 insertions(+), 30 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 961fc470d6..c3f2e66638 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,14 +19,10 @@ jobs: - '3.1' - '3.0' - '2.7' - env: - - DEVISE_ORM=active_record - - DEVISE_ORM=mongoid + orm: + - active_record + - mongoid exclude: - - gemfile: Gemfile - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-main - env: DEVISE_ORM=mongoid - gemfile: Gemfile ruby: '3.1' - gemfile: Gemfile @@ -52,12 +48,13 @@ jobs: runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} + DEVISE_ORM: ${{ matrix.orm }} steps: - uses: actions/checkout@v3 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - - uses: supercharge/mongodb-github-action@1.9.0 - if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} + - uses: supercharge/mongodb-github-action@1.11.0 + if: ${{ matrix.orm == 'mongoid' }} - run: bundle exec rake diff --git a/CHANGELOG.md b/CHANGELOG.md index 95f92d3c9a..5272e3199b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,7 @@ ``` so it's possible to override `password_length` at runtime. (@manojmj92) + * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) * bug fixes * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. diff --git a/Gemfile b/Gemfile index 88da13e288..0f18834e95 100644 --- a/Gemfile +++ b/Gemfile @@ -23,16 +23,9 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 2.1" + gem "sqlite3" end -# platforms :jruby do -# gem "activerecord-jdbc-adapter" -# gem "activerecord-jdbcsqlite3-adapter" -# gem "jruby-openssl" -# end - -# TODO: -# group :mongoid do -# gem "mongoid", "~> 4.0.0" -# end +group :mongoid do + gem "mongoid", "~> 9.0", github: "mongodb/mongoid", branch: "9.0-stable" +end diff --git a/Gemfile.lock b/Gemfile.lock index 004855060c..1aec779ea8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,13 @@ +GIT + remote: https://github.com/mongodb/mongoid.git + revision: 1d3deaa9d028176988205f541ee588621030662a + branch: 9.0-stable + specs: + mongoid (9.0.8) + activemodel (>= 5.1, < 8.2, != 7.0.0) + concurrent-ruby (>= 1.0.5, < 2.0) + mongo (>= 2.18.0, < 3.0.0) + PATH remote: . specs: @@ -88,6 +98,7 @@ GEM base64 (0.3.0) bcrypt (3.1.20) bigdecimal (3.3.1) + bson (5.2.0) builder (3.3.0) concurrent-ruby (1.3.5) connection_pool (2.5.4) @@ -131,6 +142,9 @@ GEM minitest (5.26.0) mocha (2.7.1) ruby2_keywords (>= 0.0.5) + mongo (2.21.3) + base64 + bson (>= 4.14.1, < 6.0.0) multi_xml (0.7.2) bigdecimal (~> 3.1) net-http (0.6.0) @@ -276,6 +290,7 @@ PLATFORMS DEPENDENCIES devise! mocha (~> 2.1) + mongoid (~> 9.0)! omniauth omniauth-facebook omniauth-oauth2 @@ -285,9 +300,9 @@ DEPENDENCIES rdoc responders (~> 3.1) rexml - sqlite3 (~> 2.1) + sqlite3 timecop webrat BUNDLED WITH - 2.4.5 + 2.6.9 diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index cfd7bbe3b2..625664d0aa 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -23,3 +23,7 @@ end platforms :ruby do gem "sqlite3", "~> 1.4" end + +group :mongoid do + gem "mongoid", "~> 7.5" +end diff --git a/gemfiles/Gemfile-rails-7-1 b/gemfiles/Gemfile-rails-7-1 index f455a30a68..1eda668ae2 100644 --- a/gemfiles/Gemfile-rails-7-1 +++ b/gemfiles/Gemfile-rails-7-1 @@ -23,3 +23,7 @@ end platforms :ruby do gem "sqlite3", "~> 1.4" end + +group :mongoid do + gem "mongoid", "~> 8.1" +end diff --git a/gemfiles/Gemfile-rails-7-2 b/gemfiles/Gemfile-rails-7-2 index 85ff6ba868..ed06ba5ef5 100644 --- a/gemfiles/Gemfile-rails-7-2 +++ b/gemfiles/Gemfile-rails-7-2 @@ -22,5 +22,9 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 1.4" + gem "sqlite3" +end + +group :mongoid do + gem "mongoid", "~> 8.1" end diff --git a/gemfiles/Gemfile-rails-8-0 b/gemfiles/Gemfile-rails-8-0 index d5d545365e..8753baddfb 100644 --- a/gemfiles/Gemfile-rails-8-0 +++ b/gemfiles/Gemfile-rails-8-0 @@ -21,5 +21,9 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 2.1" + gem "sqlite3" +end + +group :mongoid do + gem "mongoid", "~> 8.1" end diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index f361fad41a..69d384ac53 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -21,5 +21,9 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 2.0" + gem "sqlite3" +end + +group :mongoid do + gem "mongoid", github: "mongodb/mongoid", branch: "master" end diff --git a/lib/devise/orm.rb b/lib/devise/orm.rb index 3e9852cd3a..4c3cd6f491 100644 --- a/lib/devise/orm.rb +++ b/lib/devise/orm.rb @@ -5,10 +5,14 @@ def self.active_record?(model) end def self.included(model) - model.include DirtyTrackingMethods + if Devise::Orm.active_record?(model) + model.include DirtyTrackingActiveRecordMethods + else + model.include DirtyTrackingMongoidMethods + end end - module DirtyTrackingMethods + module DirtyTrackingActiveRecordMethods def devise_email_before_last_save email_before_last_save end @@ -33,5 +37,31 @@ def devise_respond_to_and_will_save_change_to_attribute?(attribute) respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") end end + + module DirtyTrackingMongoidMethods + def devise_email_before_last_save + respond_to?(:email_previously_was) ? email_previously_was : email_was + end + + def devise_email_in_database + email_was + end + + def devise_saved_change_to_email? + respond_to?(:email_previously_changed?) ? email_previously_changed? : email_changed? + end + + def devise_saved_change_to_encrypted_password? + respond_to?(:encrypted_password_previously_changed?) ? encrypted_password_previously_changed? : encrypted_password_changed? + end + + def devise_will_save_change_to_email? + email_changed? + end + + def devise_respond_to_and_will_save_change_to_attribute?(attribute) + respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") + end + end end end diff --git a/test/orm/mongoid.rb b/test/orm/mongoid.rb index d31bc4d212..5b8807f1fb 100644 --- a/test/orm/mongoid.rb +++ b/test/orm/mongoid.rb @@ -10,6 +10,6 @@ class ActiveSupport::TestCase setup do - Mongoid.default_session.drop + Mongoid::Config.purge! end end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 2371eb08cf..fc3b171d07 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -40,8 +40,10 @@ class Application < Rails::Application Devise::SessionsController.layout "application" end - if Devise::Test.rails70? - config.active_record.legacy_connection_handling = false + if DEVISE_ORM == :active_record + if Devise::Test.rails70? + config.active_record.legacy_connection_handling = false + end end if Devise::Test.rails70_and_up? From fa052e5064f72381a193adc1df1bc7bee72a7801 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 11:26:18 -0300 Subject: [PATCH 1450/1473] Remove some mongoid version checks from test suite We no longer run against or support old Mongoid versions. --- test/helpers/devise_helper_test.rb | 4 ---- test/integration/registerable_test.rb | 8 -------- test/support/mongoid.yml | 2 +- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/test/helpers/devise_helper_test.rb b/test/helpers/devise_helper_test.rb index 754e82d819..b9fac7da37 100644 --- a/test/helpers/devise_helper_test.rb +++ b/test/helpers/devise_helper_test.rb @@ -34,10 +34,6 @@ class DeviseHelperTest < Devise::IntegrationTest end test 'test errors.messages.not_saved with multiple errors from i18n' do - # Dirty tracking behavior prevents email validations from being applied: - # https://github.com/mongoid/mongoid/issues/756 - (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1 - get new_user_registration_path fill_in 'email', with: 'invalid_email' diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 038fcf7b91..ad0f3bec05 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -98,10 +98,6 @@ def user_sign_up end test 'a guest user cannot sign up with invalid information' do - # Dirty tracking behavior prevents email validations from being applied: - # https://github.com/mongoid/mongoid/issues/756 - (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1 - get new_user_registration_path fill_in 'email', with: 'invalid_email' @@ -120,10 +116,6 @@ def user_sign_up end test 'a guest should not sign up with email/password that already exists' do - # Dirty tracking behavior prevents email validations from being applied: - # https://github.com/mongoid/mongoid/issues/756 - (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1 - create_user get new_user_registration_path diff --git a/test/support/mongoid.yml b/test/support/mongoid.yml index cfd0124e25..d55de92509 100644 --- a/test/support/mongoid.yml +++ b/test/support/mongoid.yml @@ -1,5 +1,5 @@ test: - <%= Mongoid::VERSION.to_i > 4 ? 'clients' : 'sessions' %>: + clients: default: database: devise-test-suite hosts: From b0867c998c56be90e94a8b44e4ccae283b3e3763 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 13:52:34 -0300 Subject: [PATCH 1451/1473] Remove deprecated stuff (#5803) All of these have been deprecated for years, if we're releasing a new major version, let's take the opportunity to do some cleanup. * Remove deprecated `:bypass` option from `sign_in` helper, use `bypass_sign_in` instead. * Remove deprecated `devise_error_messages!` helper, use `render "devise/shared/error_messages", resource: resource` instead. * Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. * Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. Closes #5739 --- CHANGELOG.md | 7 ++++-- app/helpers/devise_helper.rb | 27 +----------------------- lib/devise.rb | 1 - lib/devise/controllers/sign_in_out.rb | 11 +--------- lib/devise/test/controller_helpers.rb | 12 +---------- lib/devise/test_helpers.rb | 15 ------------- test/controllers/custom_strategy_test.rb | 2 +- 7 files changed, 9 insertions(+), 66 deletions(-) delete mode 100644 lib/devise/test_helpers.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 5272e3199b..17a587f681 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ * breaking changes * Drop support to Ruby < 2.7 * Drop support to Rails < 7.0 + * Remove deprecated `:bypass` option from `sign_in` helper, use `bypass_sign_in` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) + * Remove deprecated `devise_error_messages!` helper, use `render "devise/shared/error_messages", resource: resource` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) + * Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) + * Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: @@ -12,8 +16,7 @@ ``` Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid. - https://github.com/heartcombo/devise/pull/5645 - + [#5645](https://github.com/heartcombo/devise/pull/5645) * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) * Add Rails 8 support. diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index b9101e04b0..0bfcb06308 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -1,30 +1,5 @@ # frozen_string_literal: true +# Keeping the helper around for backward compatibility. module DeviseHelper - # Retain this method for backwards compatibility, deprecated in favor of modifying the - # devise/shared/error_messages partial. - def devise_error_messages! - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be - removed in the next major version. - - Devise now uses a partial under "devise/shared/error_messages" to display - error messages by default, and make them easier to customize. Update your - views changing calls from: - - <%= devise_error_messages! %> - - to: - - <%= render "devise/shared/error_messages", resource: resource %> - - To start customizing how errors are displayed, you can copy the partial - from devise to your `app/views` folder. Alternatively, you can run - `rails g devise:views` which will copy all of them again to your app. - DEPRECATION - - return "" if resource.errors.empty? - - render "devise/shared/error_messages", resource: resource - end end diff --git a/lib/devise.rb b/lib/devise.rb index 4fec8a0e0b..0336ed7063 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -16,7 +16,6 @@ module Devise autoload :Orm, 'devise/orm' autoload :ParameterFilter, 'devise/parameter_filter' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' - autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' autoload :TokenGenerator, 'devise/token_generator' diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index fa29bbfca3..7e053d1121 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -37,16 +37,7 @@ def sign_in(resource_or_scope, *args) expire_data_after_sign_in! - if options[:bypass] - Devise.deprecator.warn(<<-DEPRECATION.strip_heredoc, caller) - [Devise] bypass option is deprecated and it will be removed in future version of Devise. - Please use bypass_sign_in method instead. - Example: - - bypass_sign_in(user) - DEPRECATION - warden.session_serializer.store(resource, scope) - elsif warden.user(scope) == resource && !options.delete(:force) + if warden.user(scope) == resource && !options.delete(:force) # Do nothing. User already signed in and we are not forcing it. true else diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index aba2bb448b..d3522a3466 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -64,17 +64,7 @@ def warden #:nodoc: # # sign_in users(:alice) # sign_in users(:alice), scope: :admin - def sign_in(resource, deprecated = nil, scope: nil) - if deprecated.present? - scope = resource - resource = deprecated - - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise. - Please use sign_in(resource, scope: :#{scope}) instead. - DEPRECATION - end - + def sign_in(resource, scope: nil) scope ||= Devise::Mapping.find_scope!(resource) warden.instance_variable_get(:@users).delete(scope) diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb deleted file mode 100644 index cc9ef4242f..0000000000 --- a/lib/devise/test_helpers.rb +++ /dev/null @@ -1,15 +0,0 @@ -# frozen_string_literal: true - -module Devise - module TestHelpers - def self.included(base) - base.class_eval do - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise. - For controller tests, please include `Devise::Test::ControllerHelpers` instead. - DEPRECATION - include Devise::Test::ControllerHelpers - end - end - end -end diff --git a/test/controllers/custom_strategy_test.rb b/test/controllers/custom_strategy_test.rb index d352a15bfa..1c96812640 100644 --- a/test/controllers/custom_strategy_test.rb +++ b/test/controllers/custom_strategy_test.rb @@ -3,7 +3,7 @@ require 'test_helper' require 'ostruct' require 'warden/strategies/base' -require 'devise/test_helpers' +require 'devise/test/controller_helpers' class CustomStrategyController < ActionController::Base def new From 97cf37eb56cbeb8d2fe37c9707e936fa1e3adca1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 15:03:46 -0300 Subject: [PATCH 1452/1473] Expand changelog [ci skip] --- CHANGELOG.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 17a587f681..eb99ca5768 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * Remove deprecated `devise_error_messages!` helper, use `render "devise/shared/error_messages", resource: resource` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) + * Remove deprecated `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` [#5598](https://github.com/heartcombo/devise/pull/5598) * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: @@ -17,11 +18,14 @@ Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid. [#5645](https://github.com/heartcombo/devise/pull/5645) + * Change password instructions button label on devise view from `Send me reset password instructions` to `Send me password reset instructions` [#5515](https://github.com/heartcombo/devise/pull/5515) + * Change `
` tags separating form elements to wrapping them in `

` tags [#5494](https://github.com/heartcombo/devise/pull/5494) + * enhancements - * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) * Add Rails 8 support. - - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. + - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. [#5728](https://github.com/heartcombo/devise/pull/5728) * Add Ruby 3.4 support. + * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) * Password length validator is changed from ``` @@ -34,10 +38,15 @@ validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true ``` - so it's possible to override `password_length` at runtime. (@manojmj92) - * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) + so it's possible to override `password_length` at runtime. [#5734](https://github.com/heartcombo/devise/pull/5734) + * bug fixes - * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. + * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. [#5731](https://github.com/heartcombo/devise/pull/5731) + * Handle defaults `:from` and `:reply_to` as procs correctly by delegating to Rails [#5595](https://github.com/heartcombo/devise/pull/5595) + * Use `OmniAuth.config.allowed_request_methods` as routing verbs for the auth path [#5508](https://github.com/heartcombo/devise/pull/5508) + * Handle `on` and `ON` as true values to check params [#5514](https://github.com/heartcombo/devise/pull/5514) + * Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732) + Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) for previous changes. From ef2d4831ef4641571aabde28ccf54f73329dfbc5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 15:14:34 -0300 Subject: [PATCH 1453/1473] Add missing frozen string literal comment to file [ci skip] --- lib/devise/orm.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/devise/orm.rb b/lib/devise/orm.rb index 4c3cd6f491..3f3ac86db7 100644 --- a/lib/devise/orm.rb +++ b/lib/devise/orm.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Orm # :nodoc: def self.active_record?(model) From c6b08ae7e12d068e7fde62dda951316147300daf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 3 Nov 2025 18:52:57 -0300 Subject: [PATCH 1454/1473] Bump actions/checkout and mongodb-github-action Bump actions/checkout from 3 to 5 (#5805) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Bump supercharge/mongodb-github-action from 1.11.0 to 1.12.0 (#5804) Bumps [supercharge/mongodb-github-action](https://github.com/supercharge/mongodb-github-action) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/supercharge/mongodb-github-action/releases) - [Changelog](https://github.com/supercharge/mongodb-github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/supercharge/mongodb-github-action/compare/1.11.0...1.12.0) --- updated-dependencies: - dependency-name: supercharge/mongodb-github-action dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c3f2e66638..c3129cb77a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -50,11 +50,11 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} DEVISE_ORM: ${{ matrix.orm }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - - uses: supercharge/mongodb-github-action@1.11.0 + - uses: supercharge/mongodb-github-action@1.12.0 if: ${{ matrix.orm == 'mongoid' }} - run: bundle exec rake From 47e87164935ef4994dd66749a1a4aaae2e2a65ef Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 14 Nov 2025 10:37:31 -0300 Subject: [PATCH 1455/1473] Remove post-install message Hopefully by now everyone should've upgraded and figured this out. [ci skip] --- devise.gemspec | 7 ------- 1 file changed, 7 deletions(-) diff --git a/devise.gemspec b/devise.gemspec index c8f24cc209..a6bf83e7e6 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -32,11 +32,4 @@ Gem::Specification.new do |s| s.add_dependency("bcrypt", "~> 3.0") s.add_dependency("railties", ">= 6.0.0") s.add_dependency("responders") - - s.post_install_message = %q{ -[DEVISE] Please review the [changelog] and [upgrade guide] for more info on Hotwire / Turbo integration. - - [changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md - [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D - } end From 95618806c4c27de38296dd84bfa73bfe2b27bffe Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 14 Nov 2025 11:24:30 -0300 Subject: [PATCH 1456/1473] Remove no longer relevant test for mass assignment sanitization This is no longer in Rails since v5, it's been extracted to `protected_attributes`, and we're dropping support to older versions of Rails in main. https://github.com/rails/protected_attributes --- test/controllers/sessions_controller_test.rb | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index e88cf7e908..21b3c09f7d 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -87,22 +87,4 @@ class SessionsControllerTest < Devise::ControllerTestCase assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}" assert_equal 204, @response.status end - - if defined?(ActiveRecord) && ActiveRecord::Base.respond_to?(:mass_assignment_sanitizer) - test "#new doesn't raise mass-assignment exception even if sign-in key is attr_protected" do - request.env["devise.mapping"] = Devise.mappings[:user] - - ActiveRecord::Base.mass_assignment_sanitizer = :strict - User.class_eval { attr_protected :email } - - begin - assert_nothing_raised do - get :new, user: { email: "allez viens!" } - end - ensure - ActiveRecord::Base.mass_assignment_sanitizer = :logger - User.class_eval { attr_accessible :email } - end - end - end end From c8a64b549c8b37e494eaca7be2def136a7e1b236 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 15:39:11 -0300 Subject: [PATCH 1457/1473] Bump actions/checkout from 5 to 6 (#5809) * Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... * Bump supercharge/mongodb-github-action from 1.12.0 to 1.12.1 (#5808) Bumps [supercharge/mongodb-github-action](https://github.com/supercharge/mongodb-github-action) from 1.12.0 to 1.12.1. - [Release notes](https://github.com/supercharge/mongodb-github-action/releases) - [Changelog](https://github.com/supercharge/mongodb-github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/supercharge/mongodb-github-action/compare/1.12.0...1.12.1) --- updated-dependencies: - dependency-name: supercharge/mongodb-github-action dependency-version: 1.12.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c3129cb77a..faae9299e6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -50,11 +50,11 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} DEVISE_ORM: ${{ matrix.orm }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - - uses: supercharge/mongodb-github-action@1.12.0 + - uses: supercharge/mongodb-github-action@1.12.1 if: ${{ matrix.orm == 'mongoid' }} - run: bundle exec rake From 6f8f38d79567a099ea9114356d5b4d8bbb0fb61a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 29 Dec 2025 17:36:51 -0300 Subject: [PATCH 1458/1473] Update dependencies and test with Ruby 4.0 https://www.ruby-lang.org/en/news/2025/12/25/ruby-4-0-0-released/ We need to add `ostruct` as a dev dependency because it doesn't come as a default gem with Ruby 4.0 anymore. Lock minitest < 6 since v6 has some incompatibilities with released versions of Rails that will be fixed in future versions. This is something I didn't run into a few other gems, but SimpleForm did, presumabily because it touches additional areas like AV tests. --- .github/workflows/test.yml | 1 + CHANGELOG.md | 2 +- Gemfile | 2 + Gemfile.lock | 190 ++++++++++++++++++------------------ gemfiles/Gemfile-rails-7-0 | 2 + gemfiles/Gemfile-rails-7-1 | 2 + gemfiles/Gemfile-rails-7-2 | 2 + gemfiles/Gemfile-rails-8-0 | 2 + gemfiles/Gemfile-rails-main | 2 + 9 files changed, 111 insertions(+), 94 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index faae9299e6..fc4bedea36 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,6 +13,7 @@ jobs: - gemfiles/Gemfile-rails-7-2 - gemfiles/Gemfile-rails-8-0 ruby: + - '4.0' - '3.4' - '3.3' - '3.2' diff --git a/CHANGELOG.md b/CHANGELOG.md index eb99ca5768..f477421b32 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,7 @@ * enhancements * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. [#5728](https://github.com/heartcombo/devise/pull/5728) - * Add Ruby 3.4 support. + * Add Ruby 3.4 and 4.0 support. * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) * Password length validator is changed from diff --git a/Gemfile b/Gemfile index 0f18834e95..3fc8499f9c 100644 --- a/Gemfile +++ b/Gemfile @@ -14,12 +14,14 @@ gem "rails-controller-testing" gem "responders", "~> 3.1" group :test do + gem "minitest", "< 6" gem "mocha", "~> 2.1", require: false gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" gem "timecop" gem "webrat" + gem "ostruct" end platforms :ruby do diff --git a/Gemfile.lock b/Gemfile.lock index 1aec779ea8..2d6b0ccdac 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/mongodb/mongoid.git - revision: 1d3deaa9d028176988205f541ee588621030662a + revision: 4dcdaddea5d88a819c7c0d98ea0e994e13f515fe branch: 9.0-stable specs: - mongoid (9.0.8) + mongoid (9.0.9) activemodel (>= 5.1, < 8.2, != 7.0.0) concurrent-ruby (>= 1.0.5, < 2.0) mongo (>= 2.18.0, < 3.0.0) @@ -23,29 +23,29 @@ GEM specs: action_text-trix (2.1.15) railties - actioncable (8.1.0) - actionpack (= 8.1.0) - activesupport (= 8.1.0) + actioncable (8.1.1) + actionpack (= 8.1.1) + activesupport (= 8.1.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.1.0) - actionpack (= 8.1.0) - activejob (= 8.1.0) - activerecord (= 8.1.0) - activestorage (= 8.1.0) - activesupport (= 8.1.0) + actionmailbox (8.1.1) + actionpack (= 8.1.1) + activejob (= 8.1.1) + activerecord (= 8.1.1) + activestorage (= 8.1.1) + activesupport (= 8.1.1) mail (>= 2.8.0) - actionmailer (8.1.0) - actionpack (= 8.1.0) - actionview (= 8.1.0) - activejob (= 8.1.0) - activesupport (= 8.1.0) + actionmailer (8.1.1) + actionpack (= 8.1.1) + actionview (= 8.1.1) + activejob (= 8.1.1) + activesupport (= 8.1.1) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.1.0) - actionview (= 8.1.0) - activesupport (= 8.1.0) + actionpack (8.1.1) + actionview (= 8.1.1) + activesupport (= 8.1.1) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -53,36 +53,36 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.1.0) + actiontext (8.1.1) action_text-trix (~> 2.1.15) - actionpack (= 8.1.0) - activerecord (= 8.1.0) - activestorage (= 8.1.0) - activesupport (= 8.1.0) + actionpack (= 8.1.1) + activerecord (= 8.1.1) + activestorage (= 8.1.1) + activesupport (= 8.1.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.1.0) - activesupport (= 8.1.0) + actionview (8.1.1) + activesupport (= 8.1.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.1.0) - activesupport (= 8.1.0) + activejob (8.1.1) + activesupport (= 8.1.1) globalid (>= 0.3.6) - activemodel (8.1.0) - activesupport (= 8.1.0) - activerecord (8.1.0) - activemodel (= 8.1.0) - activesupport (= 8.1.0) + activemodel (8.1.1) + activesupport (= 8.1.1) + activerecord (8.1.1) + activemodel (= 8.1.1) + activesupport (= 8.1.1) timeout (>= 0.4.0) - activestorage (8.1.0) - actionpack (= 8.1.0) - activejob (= 8.1.0) - activerecord (= 8.1.0) - activesupport (= 8.1.0) + activestorage (8.1.1) + actionpack (= 8.1.1) + activejob (= 8.1.1) + activerecord (= 8.1.1) + activesupport (= 8.1.1) marcel (~> 1.0) - activesupport (8.1.0) + activesupport (8.1.1) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) @@ -97,37 +97,38 @@ GEM uri (>= 0.13.1) base64 (0.3.0) bcrypt (3.1.20) - bigdecimal (3.3.1) + bigdecimal (4.0.1) bson (5.2.0) builder (3.3.0) - concurrent-ruby (1.3.5) - connection_pool (2.5.4) + concurrent-ruby (1.3.6) + connection_pool (3.0.2) crass (1.0.6) - date (3.4.1) + date (3.5.1) drb (2.2.3) - erb (5.1.1) + erb (6.0.1) erubi (1.13.1) faraday (2.14.0) faraday-net_http (>= 2.0, < 3.5) json logger - faraday-net_http (3.4.1) - net-http (>= 0.5.0) + faraday-net_http (3.4.2) + net-http (~> 0.5) globalid (1.3.0) activesupport (>= 6.1) - hashie (5.0.0) - i18n (1.14.7) + hashie (5.1.0) + logger + i18n (1.14.8) concurrent-ruby (~> 1.0) - io-console (0.8.1) - irb (1.15.2) + io-console (0.8.2) + irb (1.16.0) pp (>= 0.6.0) rdoc (>= 4.0.0) reline (>= 0.4.2) - json (2.15.1) + json (2.18.0) jwt (3.1.2) base64 logger (1.7.0) - loofah (2.24.1) + loofah (2.25.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.9.0) @@ -139,17 +140,17 @@ GEM marcel (1.1.0) mini_mime (1.1.5) mini_portile2 (2.8.9) - minitest (5.26.0) - mocha (2.7.1) + minitest (5.27.0) + mocha (2.8.2) ruby2_keywords (>= 0.0.5) - mongo (2.21.3) + mongo (2.22.0) base64 bson (>= 4.14.1, < 6.0.0) - multi_xml (0.7.2) - bigdecimal (~> 3.1) - net-http (0.6.0) - uri - net-imap (0.5.12) + multi_xml (0.8.0) + bigdecimal (>= 3.1, < 5) + net-http (0.9.1) + uri (>= 0.11.1) + net-imap (0.6.2) date net-protocol net-pop (0.1.2) @@ -158,11 +159,11 @@ GEM timeout net-smtp (0.5.1) net-protocol - nio4r (2.7.4) - nokogiri (1.18.10) + nio4r (2.7.5) + nokogiri (1.19.0) mini_portile2 (~> 2.8.2) racc (~> 1.4) - oauth2 (2.0.17) + oauth2 (2.0.18) faraday (>= 0.17.3, < 4.0) jwt (>= 1.0, < 4.0) logger (~> 1.2) @@ -178,8 +179,8 @@ GEM omniauth-facebook (10.0.0) bigdecimal omniauth-oauth2 (>= 1.2, < 3) - omniauth-oauth2 (1.8.0) - oauth2 (>= 1.4, < 3) + omniauth-oauth2 (1.9.0) + oauth2 (>= 2.0.2, < 3) omniauth (~> 2.0) omniauth-openid (2.0.2) omniauth (>= 1.1) @@ -187,14 +188,15 @@ GEM ruby-openid (~> 2.1, >= 2.1.8) version_gem (~> 1.1, >= 1.1.8) orm_adapter (0.5.0) + ostruct (0.6.3) pp (0.6.3) prettyprint prettyprint (0.2.0) - psych (5.2.6) + psych (5.3.1) date stringio racc (1.8.1) - rack (3.2.3) + rack (3.2.4) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -207,22 +209,22 @@ GEM rack (>= 3.0.0) rack-test (2.2.0) rack (>= 1.3) - rackup (2.2.1) + rackup (2.3.1) rack (>= 3) - rails (8.1.0) - actioncable (= 8.1.0) - actionmailbox (= 8.1.0) - actionmailer (= 8.1.0) - actionpack (= 8.1.0) - actiontext (= 8.1.0) - actionview (= 8.1.0) - activejob (= 8.1.0) - activemodel (= 8.1.0) - activerecord (= 8.1.0) - activestorage (= 8.1.0) - activesupport (= 8.1.0) + rails (8.1.1) + actioncable (= 8.1.1) + actionmailbox (= 8.1.1) + actionmailer (= 8.1.1) + actionpack (= 8.1.1) + actiontext (= 8.1.1) + actionview (= 8.1.1) + activejob (= 8.1.1) + activemodel (= 8.1.1) + activerecord (= 8.1.1) + activestorage (= 8.1.1) + activesupport (= 8.1.1) bundler (>= 1.15.0) - railties (= 8.1.0) + railties (= 8.1.1) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -234,21 +236,21 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.1.0) - actionpack (= 8.1.0) - activesupport (= 8.1.0) + railties (8.1.1) + actionpack (= 8.1.1) + activesupport (= 8.1.1) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) tsort (>= 0.2) zeitwerk (~> 2.6) - rake (13.3.0) - rdoc (6.15.0) + rake (13.3.1) + rdoc (7.0.3) erb psych (>= 4.0.0) tsort - reline (0.6.2) + reline (0.6.3) io-console (~> 0.5) responders (3.2.0) actionpack (>= 7.0) @@ -260,16 +262,16 @@ GEM snaky_hash (2.0.3) hashie (>= 0.1.0, < 6) version_gem (>= 1.1.8, < 3) - sqlite3 (2.7.4) + sqlite3 (2.9.0) mini_portile2 (~> 2.8.0) - stringio (3.1.7) + stringio (3.2.0) thor (1.4.0) timecop (0.9.10) - timeout (0.4.3) + timeout (0.6.0) tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - uri (1.0.4) + uri (1.1.1) useragent (0.16.11) version_gem (1.1.9) warden (1.2.9) @@ -282,19 +284,21 @@ GEM base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.7.3) + zeitwerk (2.7.4) PLATFORMS ruby DEPENDENCIES devise! + minitest (< 6) mocha (~> 2.1) mongoid (~> 9.0)! omniauth omniauth-facebook omniauth-oauth2 omniauth-openid + ostruct rails (~> 8.1.0) rails-controller-testing rdoc @@ -305,4 +309,4 @@ DEPENDENCIES webrat BUNDLED WITH - 2.6.9 + 4.0.3 diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index 625664d0aa..a397d04fcf 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -18,6 +18,8 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-7-1 b/gemfiles/Gemfile-rails-7-1 index 1eda668ae2..41caefa805 100644 --- a/gemfiles/Gemfile-rails-7-1 +++ b/gemfiles/Gemfile-rails-7-1 @@ -18,6 +18,8 @@ group :test do gem "timecop" gem "webrat" gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-7-2 b/gemfiles/Gemfile-rails-7-2 index ed06ba5ef5..2fa2804d54 100644 --- a/gemfiles/Gemfile-rails-7-2 +++ b/gemfiles/Gemfile-rails-7-2 @@ -19,6 +19,8 @@ group :test do gem "timecop" gem "webrat", require: false gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-8-0 b/gemfiles/Gemfile-rails-8-0 index 8753baddfb..23954ff580 100644 --- a/gemfiles/Gemfile-rails-8-0 +++ b/gemfiles/Gemfile-rails-8-0 @@ -18,6 +18,8 @@ group :test do gem "timecop" gem 'webrat' gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 69d384ac53..57ed95a1ba 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -18,6 +18,8 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do From cd9c21a067d58b10601e4e5f42337ec42c38d5fb Mon Sep 17 00:00:00 2001 From: nkroker Date: Wed, 17 Dec 2025 09:45:06 +0530 Subject: [PATCH 1459/1473] Fix message in controllers generator Closes #5814 Signed-off-by: Carlos Antonio da Silva --- lib/generators/devise/controllers_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index caa04f1a56..d96d3d33ee 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -11,7 +11,7 @@ class ControllersGenerator < Rails::Generators::Base Create inherited Devise controllers in your app/controllers folder. Use -c to specify which controller you want to overwrite. - If you do no specify a controller, all controllers will be created. + If you do not specify a controller, all controllers will be created. For example: rails generate devise:controllers users -c=sessions From 051f94a49831d04cf7c9f034f82fe90d46a19f6d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 09:12:25 -0300 Subject: [PATCH 1460/1473] Pass locale with activatable / timeoutable hooks (#5815) We need to explicitly pass the `locale` around from the options (passed to `warden.authenticate!` for instance) or the `I18n.locale` when logging out and redirecting the user via `throw :warden`, otherwise in a multi-locale app we'd lose the locale previously set / passed around and fallback to the default for that flash message. This is a follow-up of the fixes in #5567 where we implemented the locale passing logic down to the failure app, but it missed these places where we were using `throw :warden`. Closes #5812 --- lib/devise/hooks/activatable.rb | 2 +- lib/devise/hooks/timeoutable.rb | 2 +- test/integration/confirmable_test.rb | 9 +++++++++ test/integration/timeoutable_test.rb | 11 +++++++++++ test/rails_app/app/controllers/admins_controller.rb | 7 ------- .../app/controllers/application_controller.rb | 11 +++++++++++ test/support/locale/pt-BR.yml | 2 ++ 7 files changed, 35 insertions(+), 9 deletions(-) diff --git a/lib/devise/hooks/activatable.rb b/lib/devise/hooks/activatable.rb index b2eaea199f..9feb963074 100644 --- a/lib/devise/hooks/activatable.rb +++ b/lib/devise/hooks/activatable.rb @@ -7,6 +7,6 @@ if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication? scope = options[:scope] warden.logout(scope) - throw :warden, scope: scope, message: record.inactive_message + throw :warden, scope: scope, message: record.inactive_message, locale: options.fetch(:locale, I18n.locale) end end diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index 772eb142b7..f1e7f6d577 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -25,7 +25,7 @@ record.timedout?(last_request_at) && !proxy.remember_me_is_active?(record) Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope) - throw :warden, scope: scope, message: :timeout + throw :warden, scope: scope, message: :timeout, locale: options.fetch(:locale, I18n.locale) end unless env['devise.skip_trackable'] diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index c951eb0bbd..c29d7aba0a 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -136,6 +136,15 @@ def resend_confirmation end end + test 'not confirmed user redirect respects i18n locale set' do + swap Devise, allow_unconfirmed_access_for: 0.days do + sign_in_as_user(confirm: false, visit: new_user_session_path(locale: "pt-BR")) + + assert_contain 'Você precisa confirmar seu email para continuar' + assert_not warden.authenticated?(:user) + end + end + test 'not confirmed user should not see confirmation message if invalid credentials are given' do swap Devise, allow_unconfirmed_access_for: 0.days do sign_in_as_user(confirm: false) do diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index d11d59105c..d7e31ba69d 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -167,6 +167,17 @@ def last_request_at end end + test 'error message redirect respects i18n locale set' do + user = sign_in_as_user + + get expire_user_path(user) + get root_path(locale: "pt-BR") + follow_redirect! + + assert_contain 'Sua sessão expirou. Por favor faça o login novamente para continuar.' + assert_not warden.authenticated?(:user) + end + test 'time out not triggered if remembered' do user = sign_in_as_user remember_me: true get expire_user_path(user) diff --git a/test/rails_app/app/controllers/admins_controller.rb b/test/rails_app/app/controllers/admins_controller.rb index 957aa6f0b2..c732f58908 100644 --- a/test/rails_app/app/controllers/admins_controller.rb +++ b/test/rails_app/app/controllers/admins_controller.rb @@ -1,15 +1,8 @@ # frozen_string_literal: true class AdminsController < ApplicationController - around_action :set_locale before_action :authenticate_admin! def index end - - private - - def set_locale - I18n.with_locale(params[:locale] || I18n.default_locale) { yield } - end end diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb index e60ba0c224..616845d760 100644 --- a/test/rails_app/app/controllers/application_controller.rb +++ b/test/rails_app/app/controllers/application_controller.rb @@ -5,9 +5,20 @@ class ApplicationController < ActionController::Base protect_from_forgery + around_action :set_locale before_action :current_user, unless: :devise_controller? before_action :authenticate_user!, if: :devise_controller? respond_to(*Mime::SET.map(&:to_sym)) devise_group :commenter, contains: [:user, :admin] + + private + + def set_locale + I18n.with_locale(params[:locale] || I18n.default_locale) { yield } + end + + def default_url_options + {locale: params[:locale]}.compact + end end diff --git a/test/support/locale/pt-BR.yml b/test/support/locale/pt-BR.yml index 5c57e19096..687cc87ae6 100644 --- a/test/support/locale/pt-BR.yml +++ b/test/support/locale/pt-BR.yml @@ -3,3 +3,5 @@ pt-BR: failure: invalid: "%{authentication_keys} ou senha inválidos." unauthenticated: "Para continuar, faça login ou registre-se." + timeout: "Sua sessão expirou. Por favor faça o login novamente para continuar." + unconfirmed: "Você precisa confirmar seu email para continuar." From d13ef89afb8b969046fc3e960e9b834ef2b4256e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 09:23:36 -0300 Subject: [PATCH 1461/1473] Replace `[data-turbo-cache=false]` with `[data-turbo-temporary]` The default `_error_messages.html.erb` partial uses a deprecated Turbo attribute `data-turbo-cache=false`, which was deprecated on Feb 15 2023 in [this pull request](https://github.com/hotwired/turbo/pull/871). Use more up-to-date attribute name called [data-turbo-temporary](https://github.com/hotwired/turbo/pull/871) to avoid deprecation issues and reduce developer confusion as `data-turbo-temporary` is the only attributed mentioned in [Turbo Drive's documentation](https://turbo.hotwired.dev/handbook/building#preparing-the-page-to-be-cached) Closes #5664 Closes #5662 Signed-off-by: Carlos Antonio da Silva --- CHANGELOG.md | 3 +++ app/views/devise/shared/_error_messages.html.erb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f477421b32..12abf2355f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,9 @@ [#5645](https://github.com/heartcombo/devise/pull/5645) * Change password instructions button label on devise view from `Send me reset password instructions` to `Send me password reset instructions` [#5515](https://github.com/heartcombo/devise/pull/5515) * Change `
` tags separating form elements to wrapping them in `

` tags [#5494](https://github.com/heartcombo/devise/pull/5494) + * Replace `[data-turbo-cache=false]` with `[data-turbo-temporary]` on `devise/shared/error_messages` partial. This has been [deprecated by Turbo since v7.3.0 (released on Mar 1, 2023)](https://github.com/hotwired/turbo/releases/tag/v7.3.0). + + If you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to `[data-turbo-cache=false]`. * enhancements * Add Rails 8 support. diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb index cabfe307ef..8c9c171147 100644 --- a/app/views/devise/shared/_error_messages.html.erb +++ b/app/views/devise/shared/_error_messages.html.erb @@ -1,5 +1,5 @@ <% if resource.errors.any? %> -

+

<%= I18n.t("errors.messages.not_saved", count: resource.errors.count, From 8054ad55c3d1b0602d3654cf0dfd065491f271b7 Mon Sep 17 00:00:00 2001 From: Taketo Takashima Date: Wed, 31 Dec 2025 22:45:09 +0900 Subject: [PATCH 1462/1473] Use `:unprocessable_content` in generated Devise config for Rack 3.1+, avoid Rack warnings (#5797) In Rack v3.1.0, the symbol for HTTP status code 422 was changed from `:unprocessable_entity` to `:unprocessable_content`. As a result, when using rack 3.2 with the following configuration in `config/initializers/devise.rb`, a warning is shown on login failure: ```ruby # config/initializers/devise.rb Devise.setup do |config| ... config.responder.error_status = :unprocessable_entity ``` Warning message: ```sh /path-to-app/vendor/bundle/ruby/3.4.0/gems/devise-4.9.4/lib/devise/failure_app.rb:80: warning: Status code :unprocessable_entity is deprecated and will be removed in a future version of Rack. Please use :unprocessable_content instead. ``` This warning can be resolved by updating the config as follows: ```diff # config/initializers/devise.rb Devise.setup do |config| ... + config.responder.error_status = :unprocessable_content - config.responder.error_status = :unprocessable_entity ``` This fixes the root cause of the warning for new apps by adjusting the generated config during `$ rails generate devise:install` depending on the rack version, so new apps using newer Rack versions generate `error_status = :unprocessable_content` instead of `:unprocessable_entity`. Existing apps are handled by [latest versions of Rails, which will now transparently convert the code under the hood to avoid the Rack warning](https://github.com/rails/rails/pull/53383), and Devise will use that translation layer when available in the failure app to prevent the warning there as well (since that isn't covered by Rails automatic conversion). Signed-off-by: Carlos Antonio da Silva --- CHANGELOG.md | 3 +++ README.md | 3 ++- app/controllers/devise/confirmations_controller.rb | 2 +- app/controllers/devise/unlocks_controller.rb | 2 +- lib/devise/failure_app.rb | 6 +++--- lib/generators/templates/devise.rb | 2 +- test/generators/devise_generator_test.rb | 1 - test/generators/install_generator_test.rb | 8 ++++++++ 8 files changed, 19 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12abf2355f..47bbcf1777 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,9 @@ * enhancements * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. [#5728](https://github.com/heartcombo/devise/pull/5728) + * New apps using Rack 3.1+ will be generated using `config.responder.error_status = :unprocessable_content`, since [`:unprocessable_entity` has been deprecated by Rack](https://github.com/rack/rack/pull/2137). + + Latest versions of [Rails transparently convert `:unprocessable_entity` -> `:unprocessable_content`](https://github.com/rails/rails/pull/53383), and Devise will use that in the failure app to avoid Rack deprecation warnings for apps that are configured with `:unprocessable_entity`. They can also simply change their `error_status` to `:unprocessable_content` in latest Rack versions to avoid the warning. * Add Ruby 3.4 and 4.0 support. * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) * Password length validator is changed from diff --git a/README.md b/README.md index bb2dc6970a..e2025965b6 100644 --- a/README.md +++ b/README.md @@ -493,7 +493,8 @@ Devise.setup do |config| # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. - config.responder.error_status = :unprocessable_entity + config.responder.error_status = :unprocessable_content # for Rack 3.1 or higher + # config.responder.error_status = :unprocessable_entity # for Rack 3.0 or lower config.responder.redirect_status = :see_other end ``` diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 5e22079ec8..39ff669be7 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -27,7 +27,7 @@ def show set_flash_message!(:notice, :confirmed) respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else - # TODO: use `error_status` when the default changes to `:unprocessable_entity`. + # TODO: use `error_status` when the default changes to `:unprocessable_entity` / `:unprocessable_content`. respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index b1487760b6..8cff126c96 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -29,7 +29,7 @@ def show set_flash_message! :notice, :unlocked respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } else - # TODO: use `error_status` when the default changes to `:unprocessable_entity`. + # TODO: use `error_status` when the default changes to `:unprocessable_entity` / `:unprocessable_content`. respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index e1e24be42e..d0b50f7dec 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -77,9 +77,9 @@ def recall flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response| - response[0] = Rack::Utils.status_code( - response[0].in?(300..399) ? Devise.responder.redirect_status : Devise.responder.error_status - ) + status = response[0].in?(300..399) ? Devise.responder.redirect_status : Devise.responder.error_status + # Avoid warnings translating status to code using Rails if available (e.g. `unprocessable_entity` => `unprocessable_content`) + response[0] = ActionDispatch::Response.try(:rack_status_code, status) || Rack::Utils.status_code(status) } end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 9fe0ade819..b36f281f25 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -305,7 +305,7 @@ # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. - config.responder.error_status = :unprocessable_entity + config.responder.error_status = <%= Rack::Utils::SYMBOL_TO_STATUS_CODE.key(422).inspect %> config.responder.redirect_status = :see_other # ==> Configuration for :registerable diff --git a/test/generators/devise_generator_test.rb b/test/generators/devise_generator_test.rb index 00118c22dd..22112c69c5 100644 --- a/test/generators/devise_generator_test.rb +++ b/test/generators/devise_generator_test.rb @@ -37,5 +37,4 @@ def copy_routes FileUtils.mkdir_p(destination) FileUtils.cp routes, destination end - end diff --git a/test/generators/install_generator_test.rb b/test/generators/install_generator_test.rb index 45aeddd07d..3bb1b00f5c 100644 --- a/test/generators/install_generator_test.rb +++ b/test/generators/install_generator_test.rb @@ -23,4 +23,12 @@ class InstallGeneratorTest < Rails::Generators::TestCase assert_no_file "config/initializers/devise.rb" assert_no_file "config/locales/devise.en.yml" end + + test "responder error_status based on rack version" do + run_generator(["--orm=active_record"]) + + error_status = Rack::RELEASE >= "3.1" ? :unprocessable_content : :unprocessable_entity + + assert_file "config/initializers/devise.rb", /config\.responder\.error_status = #{error_status.inspect}/ + end end From 05bbc71446bfd483308065b29b66f0f8a0445b92 Mon Sep 17 00:00:00 2001 From: Shriram Date: Tue, 3 Apr 2018 08:14:13 +0530 Subject: [PATCH 1463/1473] Make secure_compare handle empty strings comparison correctly Used Rails' secure_compare method inside the definition of secure_compare. This will handle the empty strings comparison and return true when both the parameters are empty strings. Fixes #4441, #4829 --- CHANGELOG.md | 1 + lib/devise.rb | 8 ++------ test/devise_test.rb | 9 +++++++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47bbcf1777..dc95bae43f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,7 @@ * Use `OmniAuth.config.allowed_request_methods` as routing verbs for the auth path [#5508](https://github.com/heartcombo/devise/pull/5508) * Handle `on` and `ON` as true values to check params [#5514](https://github.com/heartcombo/devise/pull/5514) * Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732) + * Use `ActiveRecord::SecurityUtils.secure_compare` in `Devise.secure_compare` to match two empty strings correctly. [#4829](https://github.com/heartcombo/devise/pull/4829) Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) diff --git a/lib/devise.rb b/lib/devise.rb index 0336ed7063..c42131926e 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -517,12 +517,8 @@ def self.friendly_token(length = 20) # constant-time comparison algorithm to prevent timing attacks def self.secure_compare(a, b) - return false if a.blank? || b.blank? || a.bytesize != b.bytesize - l = a.unpack "C#{a.bytesize}" - - res = 0 - b.each_byte { |byte| res |= byte ^ l.shift } - res == 0 + return false if a.nil? || b.nil? + ActiveSupport::SecurityUtils.secure_compare(a, b) end def self.deprecator diff --git a/test/devise_test.rb b/test/devise_test.rb index 532aa57dc6..2f98bb4ffa 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -86,15 +86,20 @@ class DeviseTest < ActiveSupport::TestCase Devise::CONTROLLERS.delete(:kivi) end - test 'should complain when comparing empty or different sized passes' do + test 'Devise.secure_compare fails when comparing different strings or nil' do [nil, ""].each do |empty| assert_not Devise.secure_compare(empty, "something") assert_not Devise.secure_compare("something", empty) - assert_not Devise.secure_compare(empty, empty) end + assert_not Devise.secure_compare(nil, nil) assert_not Devise.secure_compare("size_1", "size_four") end + test 'Devise.secure_compare passes when strings are the same, even two empty strings' do + assert Devise.secure_compare("", "") + assert Devise.secure_compare("something", "something") + end + test 'Devise.email_regexp should match valid email addresses' do valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua", "test@tt", "test@valid---domain.com"] non_valid_emails = ["rex", "test user@example.com", "test_user@example server.com"] From 9a149ff139303edf3b832129054c62066baea98f Mon Sep 17 00:00:00 2001 From: Adan Amarillas Date: Fri, 28 Dec 2018 05:18:07 -0800 Subject: [PATCH 1464/1473] Return 401 for sessions#destroy action with no user signed in (#4878) It's an unauthenticated request, so return 401 Unauthorized like most other similar requests. Signed-off-by: Carlos Antonio da Silva --- CHANGELOG.md | 1 + app/controllers/devise/sessions_controller.rb | 8 ++++---- test/controllers/sessions_controller_test.rb | 14 +++++++++++++- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dc95bae43f..0e6ba84460 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -53,6 +53,7 @@ * Handle `on` and `ON` as true values to check params [#5514](https://github.com/heartcombo/devise/pull/5514) * Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732) * Use `ActiveRecord::SecurityUtils.secure_compare` in `Devise.secure_compare` to match two empty strings correctly. [#4829](https://github.com/heartcombo/devise/pull/4829) + * Respond with `401 Unauthorized` for non-navigational requests to destroy the session when there is no authenticated resource. [#4878](https://github.com/heartcombo/devise/pull/4878) Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 76b780209e..41b74f39cb 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -28,7 +28,7 @@ def destroy signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) set_flash_message! :notice, :signed_out if signed_out yield if block_given? - respond_to_on_destroy + respond_to_on_destroy(non_navigational_status: :no_content) end protected @@ -62,7 +62,7 @@ def verify_signed_out_user if all_signed_out? set_flash_message! :notice, :already_signed_out - respond_to_on_destroy + respond_to_on_destroy(non_navigational_status: :unauthorized) end end @@ -72,11 +72,11 @@ def all_signed_out? users.all?(&:blank?) end - def respond_to_on_destroy + def respond_to_on_destroy(non_navigational_status: :no_content) # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request respond_to do |format| - format.all { head :no_content } + format.all { head non_navigational_status } format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } end end diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 21b3c09f7d..9c970ab5d4 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -74,7 +74,7 @@ class SessionsControllerTest < Devise::ControllerTestCase assert_template "devise/sessions/new" end - test "#destroy doesn't set the flash if the requested format is not navigational" do + test "#destroy doesn't set the flash and returns 204 status if the requested format is not navigational" do request.env["devise.mapping"] = Devise.mappings[:user] user = create_user user.confirm @@ -87,4 +87,16 @@ class SessionsControllerTest < Devise::ControllerTestCase assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}" assert_equal 204, @response.status end + + test "#destroy returns 401 status if user is not signed in and the requested format is not navigational" do + request.env["devise.mapping"] = Devise.mappings[:user] + delete :destroy, format: 'json' + assert_equal 401, @response.status + end + + test "#destroy returns 302 status if user is not signed in and the requested format is navigational" do + request.env["devise.mapping"] = Devise.mappings[:user] + delete :destroy + assert_equal 302, @response.status + end end From 356b09431274c2c97a02376655278ea7414ebc1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20Graakj=C3=A6r=20Grantzau?= Date: Wed, 2 Jan 2019 15:43:30 +0100 Subject: [PATCH 1465/1473] Downcase authentication keys and humanize error message (#4834) "Invalid Email or password." is grammatically incorrect, a change introduced a while ago by #4014. Signed-off-by: Carlos Antonio da Silva --- lib/devise/failure_app.rb | 8 ++++--- test/failure_app_test.rb | 24 +++++++++++++------ test/integration/authenticatable_test.rb | 4 ++-- test/integration/confirmable_test.rb | 2 +- .../database_authenticatable_test.rb | 4 ++-- test/integration/http_authenticatable_test.rb | 2 +- 6 files changed, 28 insertions(+), 16 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index d0b50f7dec..2f3e11e530 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -111,11 +111,13 @@ def i18n_message(default = nil) options[:scope] = "devise.failure" options[:default] = [message] auth_keys = scope_class.authentication_keys - keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) } + keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key).downcase } options[:authentication_keys] = keys.join(I18n.t(:"support.array.words_connector")) options = i18n_options(options) - - I18n.t(:"#{scope}.#{message}", **options) + translated_message = I18n.t(:"#{scope}.#{message}", **options) + # only call `#humanize` when the message is `:invalid` to ensure the original format + # of other messages - like `:does_not_exist` - is kept. + message == :invalid ? translated_message.humanize : translated_message else message.to_s end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index e8f316f0db..b57f4e4216 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -184,17 +184,27 @@ def call_failure(env_params = {}) test 'uses the proxy failure message as symbol' do call_failure('warden' => OpenStruct.new(message: :invalid)) - assert_equal 'Invalid Email or password.', @request.flash[:alert] + assert_equal 'Invalid email or password.', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'supports authentication_keys as a Hash for the flash message' do swap Devise, authentication_keys: { email: true, login: true } do call_failure('warden' => OpenStruct.new(message: :invalid)) - assert_equal 'Invalid Email, Login or password.', @request.flash[:alert] + assert_equal 'Invalid email, login or password.', @request.flash[:alert] end end + test 'downcases authentication_keys for the flash message' do + call_failure('warden' => OpenStruct.new(message: :invalid)) + assert_equal 'Invalid email or password.', @request.flash[:alert] + end + + test 'humanizes the flash message' do + call_failure('warden' => OpenStruct.new(message: :invalid)) + assert_equal @request.flash[:alert], @request.flash[:alert].humanize + end + test 'uses custom i18n options' do call_failure('warden' => OpenStruct.new(message: :does_not_exist), app: FailureWithI18nOptions) assert_equal 'User Steve does not exist', @request.flash[:alert] @@ -288,7 +298,7 @@ def call_failure(env_params = {}) test 'uses the failure message as response body' do call_failure('formats' => Mime[:xml], 'warden' => OpenStruct.new(message: :invalid)) - assert_match 'Invalid Email or password.', @response.third.body + assert_match 'Invalid email or password.', @response.third.body end test 'respects the i18n locale passed via warden options when responding to HTTP request' do @@ -343,7 +353,7 @@ def call_failure(env_params = {}) } call_failure(env) assert_includes @response.third.body, '

Log in

' - assert_includes @response.third.body, 'Invalid Email or password.' + assert_includes @response.third.body, 'Invalid email or password.' end test 'calls the original controller if not confirmed email' do @@ -378,7 +388,7 @@ def call_failure(env_params = {}) } call_failure(env) assert_includes @response.third.body, '

Log in

' - assert_includes @response.third.body, 'Invalid Email or password.' + assert_includes @response.third.body, 'Invalid email or password.' assert_equal '/sample', @request.env["SCRIPT_NAME"] assert_equal '/users/sign_in', @request.env["PATH_INFO"] end @@ -409,7 +419,7 @@ def call_failure(env_params = {}) call_failure(env) assert_equal 422, @response.first - assert_includes @response.third.body, 'Invalid Email or password.' + assert_includes @response.third.body, 'Invalid email or password.' end end @@ -435,7 +445,7 @@ def call_failure(env_params = {}) call_failure(env) assert_equal 200, @response.first - assert_includes @response.third.body, 'Invalid Email or password.' + assert_includes @response.third.body, 'Invalid email or password.' end test 'users default hardcoded responder `redirect_status` for the status code since responders version does not support configuring it' do diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index ea338f6fc1..28d00399bb 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -563,7 +563,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest test 'missing authentication keys cause authentication to abort' do swap Devise, authentication_keys: [:subdomain] do sign_in_as_user - assert_contain "Invalid Subdomain or password." + assert_contain "Invalid subdomain or password." assert_not warden.authenticated?(:user) end end @@ -602,7 +602,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest swap Devise, request_keys: [:subdomain] do sign_in_as_user - assert_contain "Invalid Email or password." + assert_contain "Invalid email or password." assert_not warden.authenticated?(:user) end end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index c29d7aba0a..8e6f68ef2d 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -151,7 +151,7 @@ def resend_confirmation fill_in 'password', with: 'invalid' end - assert_contain 'Invalid Email or password' + assert_contain 'Invalid email or password' assert_not warden.authenticated?(:user) end end diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 20097a8718..08011fe288 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -70,7 +70,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'password', with: 'abcdef' end - assert_contain 'Invalid Email or password' + assert_contain 'Invalid email or password' assert_not warden.authenticated?(:admin) end @@ -82,7 +82,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end assert_not_contain 'Not found in database' - assert_contain 'Invalid Email or password.' + assert_contain 'Invalid email or password.' end end end diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 707a070567..11e3733203 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -52,7 +52,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest sign_in_as_new_user_with_http("unknown") assert_equal 401, status assert_equal "application/json; charset=utf-8", headers["Content-Type"] - assert_match '"error":"Invalid Email or password."', response.body + assert_match '"error":"Invalid email or password."', response.body end test 'returns a custom response with www-authenticate and chosen realm' do From fc466316df51df4a8968a9ba35152de7a54cfa94 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 14:30:42 -0300 Subject: [PATCH 1466/1473] Ensure auth keys at the start of the i18n msg are properly cased Otherwise if we humanized the whole string, it could cause us to change the output of strings with periods and maybe other side-effects, since we're changing the whole string from i18n. This is safer as it only changes the first char of the translated message, and only if it is a match with the first translated auth key, so we can more safely humanize & downcase all auth keys to interpolate in the message whenever needed. Also add changelog for the change. --- CHANGELOG.md | 1 + lib/devise/failure_app.rb | 15 +++++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e6ba84460..2f1de46c90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,6 +54,7 @@ * Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732) * Use `ActiveRecord::SecurityUtils.secure_compare` in `Devise.secure_compare` to match two empty strings correctly. [#4829](https://github.com/heartcombo/devise/pull/4829) * Respond with `401 Unauthorized` for non-navigational requests to destroy the session when there is no authenticated resource. [#4878](https://github.com/heartcombo/devise/pull/4878) + * Fix incorrect grammar of invalid authentication message with capitalized attributes, e.g.: "Invalid Email or password" => "Invalid email or password". (originally introduced by [#4014](https://github.com/heartcombo/devise/pull/4014), released on v4.1.0) [#4834](https://github.com/heartcombo/devise/pull/4834) Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 2f3e11e530..8222780f08 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -111,13 +111,16 @@ def i18n_message(default = nil) options[:scope] = "devise.failure" options[:default] = [message] auth_keys = scope_class.authentication_keys - keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key).downcase } - options[:authentication_keys] = keys.join(I18n.t(:"support.array.words_connector")) + human_keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| + scope_class.human_attribute_name(key).downcase + } + options[:authentication_keys] = human_keys.join(I18n.t(:"support.array.words_connector")) options = i18n_options(options) - translated_message = I18n.t(:"#{scope}.#{message}", **options) - # only call `#humanize` when the message is `:invalid` to ensure the original format - # of other messages - like `:does_not_exist` - is kept. - message == :invalid ? translated_message.humanize : translated_message + + I18n.t(:"#{scope}.#{message}", **options).then { |msg| + # Ensure that auth keys at the start of the translated string are properly cased. + msg.start_with?(human_keys.first) ? msg.upcase_first : msg + } else message.to_s end From 1096b609677d77a31c2615054cd41502ffe51ffe Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 15:30:13 -0300 Subject: [PATCH 1467/1473] Remove deprecated `Devise.activerecord51?` method --- CHANGELOG.md | 1 + lib/devise.rb | 8 -------- test/devise_test.rb | 6 ------ 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f1de46c90..f53f7c1859 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove deprecated `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` [#5598](https://github.com/heartcombo/devise/pull/5598) + * Remove deprecated `Devise.activerecord51?` method. * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: diff --git a/lib/devise.rb b/lib/devise.rb index c42131926e..8e0c85e77d 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -524,14 +524,6 @@ def self.secure_compare(a, b) def self.deprecator @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise") end - - def self.activerecord51? # :nodoc: - deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version. - It is a non-public method that's no longer used internally, but that other libraries have been relying on. - DEPRECATION - defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") - end end require 'warden' diff --git a/test/devise_test.rb b/test/devise_test.rb index 2f98bb4ffa..a46be0d527 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -111,10 +111,4 @@ class DeviseTest < ActiveSupport::TestCase assert_no_match Devise.email_regexp, email end end - - test 'Devise.activerecord51? deprecation' do - assert_deprecated("`Devise.activerecord51?` is deprecated", Devise.deprecator) do - Devise.activerecord51? - end - end end From 119a40f9d38fba356cd29ac4e4957c6adc3f6c66 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 15:26:42 -0300 Subject: [PATCH 1468/1473] Fix gemspec and readme, Devise v5 will support Rails >= 7, not 6 As per our test matrix. --- Gemfile.lock | 4 ++-- README.md | 14 +++++++------- devise.gemspec | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2d6b0ccdac..b0e055c480 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -14,7 +14,7 @@ PATH devise (5.0.0.beta) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 6.0.0) + railties (>= 7.0) responders warden (~> 1.2.3) @@ -309,4 +309,4 @@ DEPENDENCIES webrat BUNDLED WITH - 4.0.3 + 4.0.3 diff --git a/README.md b/README.md index e2025965b6..ccf2c622e3 100644 --- a/README.md +++ b/README.md @@ -137,17 +137,17 @@ Please note that the command output will show the variable value being used. #### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. -For example, if the tests broke using Ruby 3.0.0 and Rails 6.0, you can do the following: +For example, if the tests broke using Ruby 3.4 and Rails 8.0, you can do the following: ```bash -rbenv shell 3.0.0 # or rvm use 3.0.0 -BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bin/test +chruby 3.4.0 # or rbenv shell 3.4.0, or rvm use 3.4.0, etc. +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bin/test ``` You can also combine both of them if the tests broke for Mongoid: ```bash -BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 DEVISE_ORM=mongoid bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 DEVISE_ORM=mongoid bin/test ``` ### Running tests @@ -181,7 +181,7 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 4.0 works with Rails 6.0 onwards. Run: +Devise 5 works with Rails 7 onwards. Run: ```sh bundle add devise diff --git a/devise.gemspec b/devise.gemspec index a6bf83e7e6..1caa6aeb39 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -30,6 +30,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 6.0.0") + s.add_dependency("railties", ">= 7.0") s.add_dependency("responders") end From 00a97782cb91104a72ea68d8f62ca8aa0e6eb101 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 15:42:22 -0300 Subject: [PATCH 1469/1473] Release v5.0.0.rc Given a lot of time has passed since the last v4.x release, and there's been many changes (including breaking ones) merged to main, let's go with an "RC" version before doing a final release. If we don't hear any major issues, I plan to release a final version in a couple of weeks. --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f53f7c1859..878c82d520 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 5.0.0.rc - 2025-12-31 * breaking changes * Drop support to Ruby < 2.7 diff --git a/Gemfile.lock b/Gemfile.lock index b0e055c480..ac1b3f8050 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (5.0.0.beta) + devise (5.0.0.rc) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 7.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 9843c4d05e..c8c4aa5e4a 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "5.0.0.beta".freeze + VERSION = "5.0.0.rc".freeze end From 35920d27e5e9508e14e2576e4226c368bd30b74f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 5 Jan 2026 09:55:48 -0300 Subject: [PATCH 1470/1473] Exclude Rails main + Ruby 3.2 It dropped support to Ruby 3.2 which is expected to be EOL by 2026-03-31. --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fc4bedea36..6881eda89a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,6 +30,8 @@ jobs: ruby: '3.0' - gemfile: Gemfile ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-main ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-main From 731074bf09c2a0cd498c1b8a2a01434e722f94d5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 5 Jan 2026 10:02:56 -0300 Subject: [PATCH 1471/1473] Stop updating copyright every year [ci skip] --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index d54bbdc9b8..ad599708f3 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2020-2025 Rafael França, Carlos Antonio da Silva +Copyright (c) 2020-CURRENT Rafael França, Carlos Antonio da Silva Copyright (c) 2009-2019 Plataformatec Permission is hereby granted, free of charge, to any person obtaining diff --git a/README.md b/README.md index ccf2c622e3..426185e6d9 100644 --- a/README.md +++ b/README.md @@ -770,7 +770,7 @@ https://github.com/wardencommunity/warden ## License MIT License. -Copyright 2020-2025 Rafael França, Carlos Antonio da Silva. +Copyright 2020-CURRENT Rafael França, Carlos Antonio da Silva. Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From e9c534d363cc9d552662049b38582eead87bedd6 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 5 Jan 2026 18:10:32 -0300 Subject: [PATCH 1472/1473] Fix "Test is missing assertions" warnings `test_set_null_fields_on_migrations` ./devise/test/models_test.rb:87 `test_does_not_crash_when_the_last_request_at_is_a_String` ./devise/test/integration/timeoutable_test.rb:191 `test_defined_Warden_after_authentication_callback_should_not_be_called_when_sign_in_is_called` ./devise/test/test/controller_helpers_test.rb:114 `test_defined_Warden_before_logout_callback_should_not_be_called_when_sign_out_is_called` ./devise/test/test/controller_helpers_test.rb:128 --- test/integration/timeoutable_test.rb | 6 ++++-- test/models_test.rb | 2 +- test/test/controller_helpers_test.rb | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index d7e31ba69d..73c716e660 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -191,7 +191,9 @@ def last_request_at test 'does not crash when the last_request_at is a String' do user = sign_in_as_user - get edit_form_user_path(user, last_request_at: Time.now.utc.to_s) - get users_path + assert_nothing_raised do + get edit_form_user_path(user, last_request_at: Time.now.utc.to_s) + get users_path + end end end diff --git a/test/models_test.rb b/test/models_test.rb index 16acb92c98..e2aced9ee5 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -90,7 +90,7 @@ def assert_include_modules(klass, *modules) def send_devise_notification(*); end end - klass.create! + assert_nothing_raised { klass.create! } end end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 7ba9f3c678..a158e87536 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -112,7 +112,7 @@ def respond end test "defined Warden after_authentication callback should not be called when sign_in is called" do - begin + assert_nothing_raised do Warden::Manager.after_authentication do |user, auth, opts| flunk "callback was called while it should not" end @@ -126,7 +126,7 @@ def respond end test "defined Warden before_logout callback should not be called when sign_out is called" do - begin + assert_nothing_raised do Warden::Manager.before_logout do |user, auth, opts| flunk "callback was called while it should not" end From c51da69d04caacfa2ef32240796b668bc134265f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 23 Jan 2026 13:30:19 -0300 Subject: [PATCH 1473/1473] Release v5, no changes since RC --- CHANGELOG.md | 4 ++ Gemfile.lock | 120 +++++++++++++++++++++--------------------- lib/devise/version.rb | 2 +- 3 files changed, 65 insertions(+), 61 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 878c82d520..38b434e193 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +### 5.0.0 - 2026-01-23 + +no changes + ### 5.0.0.rc - 2025-12-31 * breaking changes diff --git a/Gemfile.lock b/Gemfile.lock index ac1b3f8050..ddd309923f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/mongodb/mongoid.git - revision: 4dcdaddea5d88a819c7c0d98ea0e994e13f515fe + revision: dce2e0fa3c5f0dd2086b2c8341086ff05e1b37f9 branch: 9.0-stable specs: mongoid (9.0.9) @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (5.0.0.rc) + devise (5.0.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 7.0) @@ -21,31 +21,31 @@ PATH GEM remote: https://rubygems.org/ specs: - action_text-trix (2.1.15) + action_text-trix (2.1.16) railties - actioncable (8.1.1) - actionpack (= 8.1.1) - activesupport (= 8.1.1) + actioncable (8.1.2) + actionpack (= 8.1.2) + activesupport (= 8.1.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.1.1) - actionpack (= 8.1.1) - activejob (= 8.1.1) - activerecord (= 8.1.1) - activestorage (= 8.1.1) - activesupport (= 8.1.1) + actionmailbox (8.1.2) + actionpack (= 8.1.2) + activejob (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) mail (>= 2.8.0) - actionmailer (8.1.1) - actionpack (= 8.1.1) - actionview (= 8.1.1) - activejob (= 8.1.1) - activesupport (= 8.1.1) + actionmailer (8.1.2) + actionpack (= 8.1.2) + actionview (= 8.1.2) + activejob (= 8.1.2) + activesupport (= 8.1.2) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.1.1) - actionview (= 8.1.1) - activesupport (= 8.1.1) + actionpack (8.1.2) + actionview (= 8.1.2) + activesupport (= 8.1.2) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -53,36 +53,36 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.1.1) + actiontext (8.1.2) action_text-trix (~> 2.1.15) - actionpack (= 8.1.1) - activerecord (= 8.1.1) - activestorage (= 8.1.1) - activesupport (= 8.1.1) + actionpack (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.1.1) - activesupport (= 8.1.1) + actionview (8.1.2) + activesupport (= 8.1.2) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.1.1) - activesupport (= 8.1.1) + activejob (8.1.2) + activesupport (= 8.1.2) globalid (>= 0.3.6) - activemodel (8.1.1) - activesupport (= 8.1.1) - activerecord (8.1.1) - activemodel (= 8.1.1) - activesupport (= 8.1.1) + activemodel (8.1.2) + activesupport (= 8.1.2) + activerecord (8.1.2) + activemodel (= 8.1.2) + activesupport (= 8.1.2) timeout (>= 0.4.0) - activestorage (8.1.1) - actionpack (= 8.1.1) - activejob (= 8.1.1) - activerecord (= 8.1.1) - activesupport (= 8.1.1) + activestorage (8.1.2) + actionpack (= 8.1.2) + activejob (= 8.1.2) + activerecord (= 8.1.2) + activesupport (= 8.1.2) marcel (~> 1.0) - activesupport (8.1.1) + activesupport (8.1.2) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) @@ -96,7 +96,7 @@ GEM tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) base64 (0.3.0) - bcrypt (3.1.20) + bcrypt (3.1.21) bigdecimal (4.0.1) bson (5.2.0) builder (3.3.0) @@ -146,7 +146,7 @@ GEM mongo (2.22.0) base64 bson (>= 4.14.1, < 6.0.0) - multi_xml (0.8.0) + multi_xml (0.8.1) bigdecimal (>= 3.1, < 5) net-http (0.9.1) uri (>= 0.11.1) @@ -211,20 +211,20 @@ GEM rack (>= 1.3) rackup (2.3.1) rack (>= 3) - rails (8.1.1) - actioncable (= 8.1.1) - actionmailbox (= 8.1.1) - actionmailer (= 8.1.1) - actionpack (= 8.1.1) - actiontext (= 8.1.1) - actionview (= 8.1.1) - activejob (= 8.1.1) - activemodel (= 8.1.1) - activerecord (= 8.1.1) - activestorage (= 8.1.1) - activesupport (= 8.1.1) + rails (8.1.2) + actioncable (= 8.1.2) + actionmailbox (= 8.1.2) + actionmailer (= 8.1.2) + actionpack (= 8.1.2) + actiontext (= 8.1.2) + actionview (= 8.1.2) + activejob (= 8.1.2) + activemodel (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) bundler (>= 1.15.0) - railties (= 8.1.1) + railties (= 8.1.2) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -236,9 +236,9 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.1.1) - actionpack (= 8.1.1) - activesupport (= 8.1.1) + railties (8.1.2) + actionpack (= 8.1.2) + activesupport (= 8.1.2) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -246,7 +246,7 @@ GEM tsort (>= 0.2) zeitwerk (~> 2.6) rake (13.3.1) - rdoc (7.0.3) + rdoc (7.1.0) erb psych (>= 4.0.0) tsort @@ -265,7 +265,7 @@ GEM sqlite3 (2.9.0) mini_portile2 (~> 2.8.0) stringio (3.2.0) - thor (1.4.0) + thor (1.5.0) timecop (0.9.10) timeout (0.6.0) tsort (0.2.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index c8c4aa5e4a..d1c8e77f5d 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "5.0.0.rc".freeze + VERSION = "5.0.0".freeze end