diff --git a/CHANGELOG.md b/CHANGELOG.md index 284bdc96..71068723 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumerati * Previously deprecated token authenticatable and insecure lookups have been removed * Add a class method so you can encrypt passwords from fixtures (by @tenderlove) * Send custom message when user enters invalid password and it has only one attempt - to enter correct password before his account will be locked (by @Lightpower) + to enter correct password before their account will be locked (by @Lightpower) * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery) * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev) @@ -390,7 +390,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. ### 1.4.0 * enhancements - * Added authenticated and unauthenticated to the router to route the used based on his status (by @sj26) + * Added authenticated and unauthenticated to the router to route the used based on their status (by @sj26) * Improve e-mail regexp (by @rodrigoflores) * Add strip_whitespace_keys and default to e-mail (by @swrobel) * Do not run format and uniqueness validations on e-mail if it hasn't changed (by @Thibaut) @@ -399,7 +399,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * password_required? should not affect length validation - * User cannot access sign up and similar pages if he is already signed in through a cookie or token + * User cannot access sign up and similar pages if they are already signed in through a cookie or token * Do not convert booleans to strings on finders (by @xavier) * Run validations even if current_password fails (by @crx) * Devise now honors routes constraints (by @macmartine) @@ -507,10 +507,10 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by @rymai) * Extracted encryptors into :encryptable for better bcrypt support * :rememberable is now able to use salt as token if no remember_token is provided - * Store the salt in session and expire the session if the user changes his password + * Store the salt in session and expire the session if the user changes their password * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication * cookie_options uses session_options values by default - * Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message + * Sign up now checks if the user is active or not and redirect them accordingly, setting the inactive_signed_up message * Use ActiveModel#to_key instead of #id * sign_out_all_scopes now destroys the whole session * Added case_insensitive_keys that automatically downcases the given keys, by default downcases only e-mail (by @adahl) @@ -953,7 +953,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecations * Renamed confirm_in to confirm_within - * Do not send confirmation messages when user changes his e-mail + * Do not send confirmation messages when user changes their e-mail * Renamed authenticable to authenticatable and added deprecation warnings ### 0.2.3 diff --git a/lib/devise.rb b/lib/devise.rb index 289fa03a..379ca048 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -274,7 +274,7 @@ module Devise mattr_accessor :paranoid @@paranoid = false - # When true, warn user if he just used next-to-last attempt of authentication + # When true, warn user if they just used next-to-last attempt of authentication mattr_accessor :last_attempt_warning @@last_attempt_warning = false diff --git a/lib/devise/hooks/activatable.rb b/lib/devise/hooks/activatable.rb index e9b2d910..bca071ce 100644 --- a/lib/devise/hooks/activatable.rb +++ b/lib/devise/hooks/activatable.rb @@ -1,6 +1,6 @@ -# Deny user access whenever his account is not active yet. All strategies that inherits from +# Deny user access whenever their account is not active yet. All strategies that inherits from # Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication? -# before actively signing him in. However, we need this as hook to validate the user activity +# before actively signing them in. However, we need this as hook to validate the user activity # in each request and in case the user is using other strategies beside Devise ones. Warden::Manager.after_set_user do |record, warden, options| if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication? diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 9f1034d1..141cf35e 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -9,7 +9,7 @@ module Devise # # Confirmable adds the following options to +devise+: # - # * +allow_unconfirmed_access_for+: the time you want to allow the user to access his account + # * +allow_unconfirmed_access_for+: the time you want to allow the user to access their account # before confirming it. After this period, the user access is denied. You can # use this to let your user access some features of your application without # confirming the account, but blocking it after a certain period (ie 7 days). diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index e5963639..6c756e44 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -17,7 +17,7 @@ module Devise # # * +remember_for+: the time you want the user will be remembered without # asking for credentials. After this time the user will be blocked and - # will have to enter his credentials again. This configuration is also + # will have to enter their credentials again. This configuration is also # used to calculate the expires time for the cookie created to remember # the user. By default remember_for is 2.weeks. # diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb index e0a38a10..c3828279 100644 --- a/lib/devise/strategies/database_authenticatable.rb +++ b/lib/devise/strategies/database_authenticatable.rb @@ -2,7 +2,7 @@ require 'devise/strategies/authenticatable' module Devise module Strategies - # Default strategy for signing in a user, based on his email and password in the database. + # Default strategy for signing in a user, based on their email and password in the database. class DatabaseAuthenticatable < Authenticatable def authenticate! resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index ab0e8c0e..4e0b0b11 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -99,10 +99,10 @@ Devise.setup do |config| # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without - # confirming his account. For instance, if set to 2.days, the user will be - # able to access the website for two days without confirming his account, + # confirming their account. For instance, if set to 2.days, the user will be + # able to access the website for two days without confirming their account, # access will be blocked just in the third day. Default is 0.days, meaning - # the user cannot access the website without confirming his account. + # the user cannot access the website without confirming their account. # config.allow_unconfirmed_access_for = 2.days # A period that the user is allowed to confirm their account before their diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 10588ef9..7832b4e7 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -139,7 +139,7 @@ class PasswordTest < ActionDispatch::IntegrationTest assert_redirected_to "/users/sign_in" end - test 'not authenticated user with invalid reset password token should not be able to change his password' do + test 'not authenticated user with invalid reset password token should not be able to change their password' do user = create_user reset_password :reset_password_token => 'invalid_reset_password' @@ -150,7 +150,7 @@ class PasswordTest < ActionDispatch::IntegrationTest assert_not user.reload.valid_password?('987654321') end - test 'not authenticated user with valid reset password token but invalid password should not be able to change his password' do + test 'not authenticated user with valid reset password token but invalid password should not be able to change their password' do user = create_user request_forgot_password reset_password do @@ -165,7 +165,7 @@ class PasswordTest < ActionDispatch::IntegrationTest assert_not user.reload.valid_password?('987654321') end - test 'not authenticated user with valid data should be able to change his password' do + test 'not authenticated user with valid data should be able to change their password' do user = create_user request_forgot_password reset_password @@ -175,7 +175,7 @@ class PasswordTest < ActionDispatch::IntegrationTest assert user.reload.valid_password?('987654321') end - test 'after entering invalid data user should still be able to change his password' do + test 'after entering invalid data user should still be able to change their password' do user = create_user request_forgot_password diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 6e8aba22..e5e15c3e 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -140,7 +140,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_redirected_to root_path end - test 'a signed in user should be able to edit his account' do + test 'a signed in user should be able to edit their account' do sign_in_as_user get edit_user_registration_path @@ -154,7 +154,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_equal "user.new@example.com", User.first.email end - test 'a signed in user should still be able to use the website after changing his password' do + test 'a signed in user should still be able to use the website after changing their password' do sign_in_as_user get edit_user_registration_path @@ -168,7 +168,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert warden.authenticated?(:user) end - test 'a signed in user should not change his current user with invalid password' do + test 'a signed in user should not change their current user with invalid password' do sign_in_as_user get edit_user_registration_path @@ -183,7 +183,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_equal "user@test.com", User.first.email end - test 'a signed in user should be able to edit his password' do + test 'a signed in user should be able to edit their password' do sign_in_as_user get edit_user_registration_path @@ -198,7 +198,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert User.first.valid_password?('pass1234') end - test 'a signed in user should not be able to edit his password with invalid confirmation' do + test 'a signed in user should not be able to edit their password with invalid confirmation' do sign_in_as_user get edit_user_registration_path @@ -212,7 +212,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_not User.first.valid_password?('pas123') end - test 'a signed in user should be able to cancel his account' do + test 'a signed in user should be able to cancel their account' do sign_in_as_user get edit_user_registration_path @@ -286,7 +286,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_equal user.reload.email, 'user@test.com' end - test 'a user cancel his account in XML format should return valid response' do + test 'a user cancel their account in XML format should return valid response' do sign_in_as_user delete user_registration_path(:format => 'xml') assert_response :success @@ -295,7 +295,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest end class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest - test 'a signed in admin should see a more appropriate flash message when editing his account if reconfirmable is enabled' do + test 'a signed in admin should see a more appropriate flash message when editing their account if reconfirmable is enabled' do sign_in_as_admin get edit_admin_registration_path @@ -326,7 +326,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest assert Admin.first.valid_password?('pas123') end - test 'a signed in admin should not see a reconfirmation message if he did not change his email, despite having an unconfirmed email' do + test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do sign_in_as_admin get edit_admin_registration_path diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index e7afd67a..8f04986d 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -25,7 +25,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest Time.parse(expires).utc end - test 'do not remember the user if he has not checked remember me option' do + test 'do not remember the user if they have not checked remember me option' do sign_in_as_user assert_nil request.cookies["remember_user_cookie"] end @@ -95,7 +95,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie." end - test 'remember the user before sign up and redirect him to his home' do + test 'remember the user before sign up and redirect them to their home' do create_user_and_remember get new_user_registration_path assert warden.authenticated?(:user) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 5d1221a5..8d0b30a5 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -155,7 +155,7 @@ class ConfirmableTest < ActiveSupport::TestCase assert_not_nil user.reload.confirmation_token end - test 'should not resend email instructions if the user change his email' do + test 'should not resend email instructions if the user change their email' do user = create_user user.email = 'new_test@example.com' assert_email_not_sent do diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 3c156499..fa3b1c63 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -101,14 +101,14 @@ class RecoverableTest < ActiveSupport::TestCase assert_not_equal token, user.reload.reset_password_token end - test 'should send email instructions to the user reset his password' do + test 'should send email instructions to the user reset their password' do user = create_user assert_email_sent do User.send_reset_password_instructions(:email => user.email) end end - test 'should find a user to reset his password based on the raw token' do + test 'should find a user to reset their password based on the raw token' do user = create_user raw = user.send_reset_password_instructions diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 84031881..3e2506d2 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -66,8 +66,8 @@ Devise.setup do |config| config.stretches = Rails.env.test? ? 1 : 10 # ==> Configuration for :confirmable - # The time you want to give your user to confirm his account. During this time - # he will be able to access your application without confirming. Default is nil. + # The time you want to give your user to confirm their account. During this time + # they will be able to access your application without confirming. Default is nil. # When allow_unconfirmed_access_for is zero, the user won't be able to sign in without confirming. # You can use this to let your user access some features of your application # without confirming the account, but blocking it after a certain period