From f8792c8cf09ad1576538b20599a1a59c7706a6e4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 25 Jan 2013 17:16:40 -0200 Subject: [PATCH 01/37] Update to Rails 3-2-stable and fix failing tests --- Gemfile | 6 +- Gemfile.lock | 132 ++++++++++++++++--------------- gemfiles/Gemfile.rails-3.1.x | 4 +- test/models/rememberable_test.rb | 3 +- test/models_test.rb | 7 +- test/test_helper.rb | 2 +- 6 files changed, 83 insertions(+), 71 deletions(-) diff --git a/Gemfile b/Gemfile index 14ca2a0b..42404a16 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "http://rubygems.org" gemspec -gem "rails", "~> 3.2.6" +gem "rails", :github => "rails/rails", :branch => "3-2-stable" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.2", :require => false - gem "mocha", "0.10.0", :require => false + gem "mocha", "~> 0.13.1", :require => false end platforms :jruby do @@ -29,4 +29,4 @@ platforms :mri_19 do group :mongoid do gem "mongoid", "~> 3.0" end -end \ No newline at end of file +end diff --git a/Gemfile.lock b/Gemfile.lock index 4a44ca0c..aa52a17d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,51 @@ +GIT + remote: git://github.com/rails/rails.git + revision: 0761bb029886bb6920a404ecf409013f83a44f58 + branch: 3-2-stable + specs: + actionmailer (3.2.12) + actionpack (= 3.2.12) + mail (~> 2.5.3) + actionpack (3.2.12) + activemodel (= 3.2.12) + activesupport (= 3.2.12) + builder (~> 3.0.0) + erubis (~> 2.7.0) + journey (~> 1.0.4) + rack (~> 1.4.5) + rack-cache (~> 1.2) + rack-test (~> 0.6.1) + sprockets (~> 2.2.1) + activemodel (3.2.12) + activesupport (= 3.2.12) + builder (~> 3.0.0) + activerecord (3.2.12) + activemodel (= 3.2.12) + activesupport (= 3.2.12) + arel (~> 3.0.2) + tzinfo (~> 0.3.29) + activeresource (3.2.12) + activemodel (= 3.2.12) + activesupport (= 3.2.12) + activesupport (3.2.12) + i18n (~> 0.6) + multi_json (~> 1.0) + rails (3.2.12) + actionmailer (= 3.2.12) + actionpack (= 3.2.12) + activerecord (= 3.2.12) + activeresource (= 3.2.12) + activesupport (= 3.2.12) + bundler (~> 1.0) + railties (= 3.2.12) + railties (3.2.12) + actionpack (= 3.2.12) + activesupport (= 3.2.12) + rack-ssl (~> 1.3.2) + rake (>= 0.8.7) + rdoc (~> 3.4) + thor (>= 0.14.6, < 2.0) + PATH remote: . specs: @@ -10,65 +58,38 @@ PATH GEM remote: http://rubygems.org/ specs: - actionmailer (3.2.11) - actionpack (= 3.2.11) - mail (~> 2.4.4) - actionpack (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) - builder (~> 3.0.0) - erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.0) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.11) - activesupport (= 3.2.11) - builder (~> 3.0.0) - activerecord (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.11) - activemodel (= 3.2.11) - activesupport (= 3.2.11) - activesupport (3.2.11) - i18n (~> 0.6) - multi_json (~> 1.0) arel (3.0.2) bcrypt-ruby (3.0.1) builder (3.0.4) erubis (2.7.0) - faraday (0.8.4) + faraday (0.8.6) multipart-post (~> 1.1) hashie (1.2.0) hike (1.2.1) httpauth (0.2.0) - i18n (0.6.1) + i18n (0.6.2) journey (1.0.4) - json (1.7.6) + json (1.7.7) jwt (0.1.5) multi_json (>= 1.0) - mail (2.4.4) + mail (2.5.3) i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.19) - mocha (0.10.0) + mime-types (1.21) + mocha (0.13.2) metaclass (~> 0.0.1) - mongoid (3.0.16) - activemodel (~> 3.1) - moped (~> 1.1) + mongoid (3.1.2) + activemodel (~> 3.2) + moped (~> 1.4.2) origin (~> 1.0) tzinfo (~> 0.3.22) - moped (1.3.2) - multi_json (1.5.0) + moped (1.4.2) + multi_json (1.6.1) multipart-post (1.1.5) - nokogiri (1.5.5) - oauth2 (0.8.0) + nokogiri (1.5.6) + oauth2 (0.8.1) faraday (~> 0.8) httpauth (~> 0.1) jwt (~> 0.1.4) @@ -88,42 +109,27 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - rack (1.4.3) + rack (1.4.5) rack-cache (1.2) rack (>= 0.4) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-ssl (1.3.2) + rack-ssl (1.3.3) rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.11) - actionmailer (= 3.2.11) - actionpack (= 3.2.11) - activerecord (= 3.2.11) - activeresource (= 3.2.11) - activesupport (= 3.2.11) - bundler (~> 1.0) - railties (= 3.2.11) - railties (3.2.11) - actionpack (= 3.2.11) - activesupport (= 3.2.11) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) rake (10.0.3) - rdoc (3.12) + rdoc (3.12.2) json (~> 1.4) - ruby-openid (2.2.2) + ruby-openid (2.2.3) sprockets (2.2.2) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.6) - thor (0.16.0) + sqlite3 (1.3.7) + thor (0.17.0) tilt (1.3.3) treetop (1.4.12) polyglot @@ -144,13 +150,13 @@ DEPENDENCIES activerecord-jdbcsqlite3-adapter devise! jruby-openssl - mocha (= 0.10.0) + mocha (~> 0.13.1) mongoid (~> 3.0) omniauth (~> 1.0.0) omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - rails (~> 3.2.6) + rails! rdoc sqlite3 webrat (= 0.7.2) diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x index 7e6b1db6..c78e8970 100644 --- a/gemfiles/Gemfile.rails-3.1.x +++ b/gemfiles/Gemfile.rails-3.1.x @@ -11,7 +11,7 @@ group :test do gem "omniauth-facebook" gem "omniauth-openid", "~> 1.0.1" gem "webrat", "0.7.2", :require => false - gem "mocha", "0.10.0", :require => false + gem "mocha", "~> 0.13.1", :require => false platforms :mri_18 do gem "ruby-debug", ">= 0.10.3" @@ -32,4 +32,4 @@ platforms :mri_19 do group :mongoid do gem "mongoid", "~> 3.0" end -end \ No newline at end of file +end diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 1a185f6f..645f503e 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -57,9 +57,10 @@ class RememberableTest < ActiveSupport::TestCase test 'forget_me should not try to update resource if it has been destroyed' do resource = create_resource - resource.destroy resource.expects(:remember_created_at).never resource.expects(:save).never + + resource.destroy resource.forget_me! end diff --git a/test/models_test.rb b/test/models_test.rb index 705ad768..6a002598 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -83,7 +83,12 @@ class ActiveRecordTest < ActiveSupport::TestCase end test 'set null fields on migrations' do - Admin.create! + # Ignore email sending since no email exists. + klass = Class.new(Admin) do + def send_devise_notification(*); end + end + + klass.create! end end diff --git a/test/test_helper.rb b/test/test_helper.rb index f3659efa..60420446 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -10,7 +10,7 @@ require "orm/#{DEVISE_ORM}" I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) -require 'mocha' +require 'mocha/setup' require 'webrat' Webrat.configure do |config| config.mode = :rails From 1bae64d8c484c9ee59e97433a418133dc13df506 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 22 Jan 2013 22:46:45 -0200 Subject: [PATCH 02/37] Update dependencies for Rails 4 --- .travis.yml | 19 ---- Gemfile | 4 +- Gemfile.lock | 119 +++++++++++---------- devise.gemspec | 2 +- gemfiles/Gemfile.rails-3.1.x | 35 ------- gemfiles/Gemfile.rails-3.1.x.lock | 167 ------------------------------ 6 files changed, 65 insertions(+), 281 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-3.1.x delete mode 100644 gemfiles/Gemfile.rails-3.1.x.lock diff --git a/.travis.yml b/.travis.yml index d4cafbdd..c8fb10a6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,29 +1,10 @@ language: ruby script: "bundle exec rake test" rvm: - - 1.8.7 - - 1.9.2 - 1.9.3 env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record -matrix: - exclude: - - rvm: 1.8.7 - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - rvm: 1.8.7 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-3.1.x - - rvm: 1.9.2 - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - rvm: 1.9.2 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-3.1.x -gemfile: - - gemfiles/Gemfile.rails-3.1.x - - Gemfile services: - mongodb notifications: diff --git a/Gemfile b/Gemfile index 42404a16..542d0484 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "http://rubygems.org" gemspec -gem "rails", :github => "rails/rails", :branch => "3-2-stable" +gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" @@ -27,6 +27,6 @@ end platforms :mri_19 do group :mongoid do - gem "mongoid", "~> 3.0" + gem "mongoid", github: "mongoid/mongoid", branch: "master" end end diff --git a/Gemfile.lock b/Gemfile.lock index aa52a17d..fa8bbb74 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,50 +1,56 @@ +GIT + remote: git://github.com/mongoid/mongoid.git + revision: 124627a60020c081a50136dd49e6c6652e7226c5 + branch: master + specs: + mongoid (4.0.0) + activemodel (~> 4.0.0.beta) + moped (~> 1.4.2) + origin (~> 1.0) + tzinfo (~> 0.3.22) + GIT remote: git://github.com/rails/rails.git - revision: 0761bb029886bb6920a404ecf409013f83a44f58 - branch: 3-2-stable + revision: 202041e762a98cb433c3a24a0b03308d4e05a99d + branch: master specs: - actionmailer (3.2.12) - actionpack (= 3.2.12) + actionmailer (4.0.0.beta1) + actionpack (= 4.0.0.beta1) mail (~> 2.5.3) - actionpack (3.2.12) - activemodel (= 3.2.12) - activesupport (= 3.2.12) - builder (~> 3.0.0) + actionpack (4.0.0.beta1) + activesupport (= 4.0.0.beta1) + builder (~> 3.1.0) erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.12) - activesupport (= 3.2.12) - builder (~> 3.0.0) - activerecord (3.2.12) - activemodel (= 3.2.12) - activesupport (= 3.2.12) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.12) - activemodel (= 3.2.12) - activesupport (= 3.2.12) - activesupport (3.2.12) - i18n (~> 0.6) - multi_json (~> 1.0) - rails (3.2.12) - actionmailer (= 3.2.12) - actionpack (= 3.2.12) - activerecord (= 3.2.12) - activeresource (= 3.2.12) - activesupport (= 3.2.12) - bundler (~> 1.0) - railties (= 3.2.12) - railties (3.2.12) - actionpack (= 3.2.12) - activesupport (= 3.2.12) - rack-ssl (~> 1.3.2) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.0.beta1) + activesupport (= 4.0.0.beta1) + builder (~> 3.1.0) + activerecord (4.0.0.beta1) + activemodel (= 4.0.0.beta1) + activerecord-deprecated_finders (~> 0.0.3) + activesupport (= 4.0.0.beta1) + arel (~> 4.0.0.beta1) + activesupport (4.0.0.beta1) + i18n (~> 0.6.2) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.33) + rails (4.0.0.beta1) + actionmailer (= 4.0.0.beta1) + actionpack (= 4.0.0.beta1) + activerecord (= 4.0.0.beta1) + activesupport (= 4.0.0.beta1) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.0.beta1) + sprockets-rails (~> 2.0.0.rc3) + railties (4.0.0.beta1) + actionpack (= 4.0.0.beta1) + activesupport (= 4.0.0.beta1) rake (>= 0.8.7) rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) + thor (>= 0.17.0, < 2.0) PATH remote: . @@ -52,15 +58,17 @@ PATH devise (2.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) - railties (~> 3.1) + railties (~> 4.0.0.beta) warden (~> 1.2.1) GEM remote: http://rubygems.org/ specs: - arel (3.0.2) + activerecord-deprecated_finders (0.0.3) + arel (4.0.0.beta1) + atomic (1.0.1) bcrypt-ruby (3.0.1) - builder (3.0.4) + builder (3.1.4) erubis (2.7.0) faraday (0.8.6) multipart-post (~> 1.1) @@ -68,7 +76,6 @@ GEM hike (1.2.1) httpauth (0.2.0) i18n (0.6.2) - journey (1.0.4) json (1.7.7) jwt (0.1.5) multi_json (>= 1.0) @@ -78,13 +85,9 @@ GEM treetop (~> 1.4.8) metaclass (0.0.1) mime-types (1.21) + minitest (4.6.1) mocha (0.13.2) metaclass (~> 0.0.1) - mongoid (3.1.2) - activemodel (~> 3.2) - moped (~> 1.4.2) - origin (~> 1.0) - tzinfo (~> 0.3.22) moped (1.4.2) multi_json (1.6.1) multipart-post (1.1.5) @@ -109,27 +112,29 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - rack (1.4.5) - rack-cache (1.2) - rack (>= 0.4) + rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-ssl (1.3.3) - rack rack-test (0.6.2) rack (>= 1.0) rake (10.0.3) rdoc (3.12.2) json (~> 1.4) ruby-openid (2.2.3) - sprockets (2.2.2) + sprockets (2.9.0) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.0.0.rc3) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) sqlite3 (1.3.7) thor (0.17.0) + thread_safe (0.1.0) + atomic tilt (1.3.3) treetop (1.4.12) polyglot @@ -151,12 +156,12 @@ DEPENDENCIES devise! jruby-openssl mocha (~> 0.13.1) - mongoid (~> 3.0) + mongoid! omniauth (~> 1.0.0) omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - rails! + rails (~> 4.0.0.beta)! rdoc sqlite3 webrat (= 0.7.2) diff --git a/devise.gemspec b/devise.gemspec index 4df95625..f4595da9 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -21,5 +21,5 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.1") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") - s.add_dependency("railties", "~> 3.1") + s.add_dependency("railties", "~> 4.0.0.beta") end diff --git a/gemfiles/Gemfile.rails-3.1.x b/gemfiles/Gemfile.rails-3.1.x deleted file mode 100644 index c78e8970..00000000 --- a/gemfiles/Gemfile.rails-3.1.x +++ /dev/null @@ -1,35 +0,0 @@ -source "http://rubygems.org" - -gem "devise", :path => ".." - -gem "rails", "~> 3.1.0" -gem "omniauth", "~> 1.0.0" -gem "omniauth-oauth2", "~> 1.0.0" -gem "rdoc" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid", "~> 1.0.1" - gem "webrat", "0.7.2", :require => false - gem "mocha", "~> 0.13.1", :require => false - - platforms :mri_18 do - gem "ruby-debug", ">= 0.10.3" - end -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3" -end - -platforms :mri_19 do - group :mongoid do - gem "mongoid", "~> 3.0" - end -end diff --git a/gemfiles/Gemfile.rails-3.1.x.lock b/gemfiles/Gemfile.rails-3.1.x.lock deleted file mode 100644 index cd20f839..00000000 --- a/gemfiles/Gemfile.rails-3.1.x.lock +++ /dev/null @@ -1,167 +0,0 @@ -PATH - remote: .. - specs: - devise (2.2.0) - bcrypt-ruby (~> 3.0) - orm_adapter (~> 0.1) - railties (~> 3.1) - warden (~> 1.2.1) - -GEM - remote: http://rubygems.org/ - specs: - actionmailer (3.1.10) - actionpack (= 3.1.10) - mail (~> 2.3.3) - actionpack (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) - builder (~> 3.0.0) - erubis (~> 2.7.0) - i18n (~> 0.6) - rack (~> 1.3.6) - rack-cache (~> 1.2) - rack-mount (~> 0.8.2) - rack-test (~> 0.6.1) - sprockets (~> 2.0.4) - activemodel (3.1.10) - activesupport (= 3.1.10) - builder (~> 3.0.0) - i18n (~> 0.6) - activerecord (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) - arel (~> 2.2.3) - tzinfo (~> 0.3.29) - activeresource (3.1.10) - activemodel (= 3.1.10) - activesupport (= 3.1.10) - activesupport (3.1.10) - multi_json (>= 1.0, < 1.3) - arel (2.2.3) - bcrypt-ruby (3.0.1) - builder (3.0.4) - columnize (0.3.6) - erubis (2.7.0) - faraday (0.8.4) - multipart-post (~> 1.1) - hashie (1.2.0) - hike (1.2.1) - httpauth (0.2.0) - i18n (0.6.1) - json (1.7.6) - jwt (0.1.5) - multi_json (>= 1.0) - linecache (0.46) - rbx-require-relative (> 0.0.4) - mail (2.3.3) - i18n (>= 0.4.0) - mime-types (~> 1.16) - treetop (~> 1.4.8) - metaclass (0.0.1) - mime-types (1.19) - mocha (0.10.0) - metaclass (~> 0.0.1) - mongoid (3.0.16) - activemodel (~> 3.1) - moped (~> 1.1) - origin (~> 1.0) - tzinfo (~> 0.3.22) - moped (1.3.2) - multi_json (1.2.0) - multipart-post (1.1.5) - nokogiri (1.5.6) - oauth2 (0.8.0) - faraday (~> 0.8) - httpauth (~> 0.1) - jwt (~> 0.1.4) - multi_json (~> 1.0) - rack (~> 1.2) - omniauth (1.0.3) - hashie (~> 1.2) - rack - omniauth-facebook (1.4.0) - omniauth-oauth2 (~> 1.0.2) - omniauth-oauth2 (1.0.3) - oauth2 (~> 0.8.0) - omniauth (~> 1.0) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - origin (1.0.11) - orm_adapter (0.4.0) - polyglot (0.3.3) - rack (1.3.8) - rack-cache (1.2) - rack (>= 0.4) - rack-mount (0.8.3) - rack (>= 1.0.0) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-ssl (1.3.2) - rack - rack-test (0.6.2) - rack (>= 1.0) - rails (3.1.10) - actionmailer (= 3.1.10) - actionpack (= 3.1.10) - activerecord (= 3.1.10) - activeresource (= 3.1.10) - activesupport (= 3.1.10) - bundler (~> 1.0) - railties (= 3.1.10) - railties (3.1.10) - actionpack (= 3.1.10) - activesupport (= 3.1.10) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (~> 0.14.6) - rake (10.0.3) - rbx-require-relative (0.0.9) - rdoc (3.12) - json (~> 1.4) - ruby-debug (0.10.4) - columnize (>= 0.1) - ruby-debug-base (~> 0.10.4.0) - ruby-debug-base (0.10.4) - linecache (>= 0.3) - ruby-openid (2.2.2) - sprockets (2.0.4) - hike (~> 1.2) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.6) - thor (0.14.6) - tilt (1.3.3) - treetop (1.4.12) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.35) - warden (1.2.1) - rack (>= 1.0) - webrat (0.7.2) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (= 0.10.0) - mongoid (~> 3.0) - omniauth (~> 1.0.0) - omniauth-facebook - omniauth-oauth2 (~> 1.0.0) - omniauth-openid (~> 1.0.1) - rails (~> 3.1.0) - rdoc - ruby-debug (>= 0.10.3) - sqlite3 - webrat (= 0.7.2) From 9ae013ae3cc264b98964701507242fd19d2dcd96 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 22 Jan 2013 23:01:51 -0200 Subject: [PATCH 03/37] Updating test app running rake rails:update, tests running with failures --- Gemfile | 1 + Gemfile.lock | 3 + lib/devise/rails/routes.rb | 4 +- test/rails_app/Rakefile | 4 - test/rails_app/bin/bundle | 3 + test/rails_app/bin/rails | 4 + test/rails_app/bin/rake | 4 + test/rails_app/config/application.rb | 1 - test/rails_app/config/boot.rb | 6 +- test/rails_app/config/environment.rb | 4 +- .../config/environments/development.rb | 30 +++++-- .../config/environments/production.rb | 87 +++++++++++++++---- test/rails_app/config/environments/test.rb | 33 +++---- .../config/initializers/secret_token.rb | 3 +- .../config/initializers/session_store.rb | 1 + test/rails_app/script/rails | 10 --- 16 files changed, 134 insertions(+), 64 deletions(-) create mode 100755 test/rails_app/bin/bundle create mode 100755 test/rails_app/bin/rails create mode 100755 test/rails_app/bin/rake create mode 100644 test/rails_app/config/initializers/session_store.rb delete mode 100755 test/rails_app/script/rails diff --git a/Gemfile b/Gemfile index 542d0484..2bbcda50 100644 --- a/Gemfile +++ b/Gemfile @@ -3,6 +3,7 @@ source "http://rubygems.org" gemspec gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master" +gem "protected_attributes", "~> 1.0.0" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index fa8bbb74..209a593e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,6 +112,8 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) + protected_attributes (1.0.0) + activemodel (>= 4.0.0.beta, < 5.0) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) @@ -161,6 +163,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) + protected_attributes (~> 1.0.0) rails (~> 4.0.0.beta)! rdoc sqlite3 diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 605e2718..2d06cbf2 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -398,13 +398,13 @@ module ActionDispatch::Routing providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s)) - match "#{path_prefix}/:provider", + get "#{path_prefix}/:provider", :constraints => { :provider => providers }, :to => "#{controllers[:omniauth_callbacks]}#passthru", :as => :omniauth_authorize, :via => [:get, :post] - match "#{path_prefix}/:action/callback", + get "#{path_prefix}/:action/callback", :constraints => { :action => providers }, :to => controllers[:omniauth_callbacks], :as => :omniauth_callback, diff --git a/test/rails_app/Rakefile b/test/rails_app/Rakefile index f47ab4d5..ba6b733d 100644 --- a/test/rails_app/Rakefile +++ b/test/rails_app/Rakefile @@ -3,8 +3,4 @@ require File.expand_path('../config/application', __FILE__) -require 'rake' -require 'rake/testtask' -require 'rake/rdoctask' - Rails.application.load_tasks diff --git a/test/rails_app/bin/bundle b/test/rails_app/bin/bundle new file mode 100755 index 00000000..66e9889e --- /dev/null +++ b/test/rails_app/bin/bundle @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) +load Gem.bin_path('bundler', 'bundle') diff --git a/test/rails_app/bin/rails b/test/rails_app/bin/rails new file mode 100755 index 00000000..728cd85a --- /dev/null +++ b/test/rails_app/bin/rails @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby +APP_PATH = File.expand_path('../../config/application', __FILE__) +require_relative '../config/boot' +require 'rails/commands' diff --git a/test/rails_app/bin/rake b/test/rails_app/bin/rake new file mode 100755 index 00000000..17240489 --- /dev/null +++ b/test/rails_app/bin/rake @@ -0,0 +1,4 @@ +#!/usr/bin/env ruby +require_relative '../config/boot' +require 'rake' +Rake.application.run diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index ecafba8d..d1e30db8 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -2,7 +2,6 @@ require File.expand_path('../boot', __FILE__) require "action_controller/railtie" require "action_mailer/railtie" -require "active_resource/railtie" require "rails/test_unit/railtie" Bundler.require :default, DEVISE_ORM diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index ced57d00..d0ab1394 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -2,7 +2,7 @@ unless defined?(DEVISE_ORM) DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym end -require 'rubygems' -require 'bundler/setup' +# Set up gems listed in the Gemfile. +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__) -$:.unshift File.expand_path('../../../../lib', __FILE__) \ No newline at end of file +require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE']) diff --git a/test/rails_app/config/environment.rb b/test/rails_app/config/environment.rb index cb86aabf..1fe685fd 100644 --- a/test/rails_app/config/environment.rb +++ b/test/rails_app/config/environment.rb @@ -1,5 +1,5 @@ -# Load the rails application +# Load the rails application. require File.expand_path('../application', __FILE__) -# Initialize the rails application +# Initialize the rails application. RailsApp::Application.initialize! diff --git a/test/rails_app/config/environments/development.rb b/test/rails_app/config/environments/development.rb index bc251f75..f7cea6d5 100644 --- a/test/rails_app/config/environments/development.rb +++ b/test/rails_app/config/environments/development.rb @@ -1,18 +1,34 @@ RailsApp::Application.configure do - # Settings specified here will take precedence over those in config/environment.rb + # Settings specified here will take precedence over those in config/application.rb. # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development - # since you don't have to restart the webserver when you make code changes. + # every request. This slows down response time but is perfect for development + # since you don't have to restart the web server when you make code changes. config.cache_classes = false - # Log error messages when you accidentally call methods on nil. - config.whiny_nils = true + # Do not eager load code on boot. + config.eager_load = false - # Show full error reports and disable caching + # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - # Don't care if the mailer can't send + # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false + + # Print deprecation notices to the Rails logger. + config.active_support.deprecation = :log + + # Only use best-standards-support built into browsers. + config.action_dispatch.best_standards_support = :builtin + + # Log the query plan for queries taking more than this (works + # with SQLite, MySQL, and PostgreSQL). + config.active_record.auto_explain_threshold_in_seconds = 0.5 + + # Raise an error on page load if there are pending migrations + config.active_record.migration_error = :page_load + + # Debug mode disables concatenation and preprocessing of assets. + config.assets.debug = true end diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index fe0831be..79c54188 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -1,33 +1,84 @@ RailsApp::Application.configure do - # Settings specified here will take precedence over those in config/environment.rb + # Settings specified here will take precedence over those in config/application.rb. - # The production environment is meant for finished, "live" apps. - # Code is not reloaded between requests + # Code is not reloaded between requests. config.cache_classes = true - # Full error reports are disabled and caching is turned on + # Eager load code on boot. This eager loads most of Rails and + # your application in memory, allowing both thread web servers + # and those relying on copy on write to perform better. + # Rake tasks automatically ignore this option for performance. + config.eager_load = true + + # Full error reports are disabled and caching is turned on. config.consider_all_requests_local = false config.action_controller.perform_caching = true - # See everything in the log (default is :info) - # config.log_level = :debug + # Enable Rack::Cache to put a simple HTTP cache in front of your application + # Add `rack-cache` to your Gemfile before enabling this. + # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid. + # config.action_dispatch.rack_cache = true - # Use a different logger for distributed setups - # config.logger = SyslogLogger.new - - # Use a different cache store in production - # config.cache_store = :mem_cache_store - - # Disable Rails's static asset server - # In production, Apache or nginx will already do this + # Disable Rails's static asset server (Apache or nginx will already do this). config.serve_static_assets = false - # Enable serving of images, stylesheets, and javascripts from an asset server + # Compress JavaScripts and CSS. + config.assets.js_compressor = :uglifier + # config.assets.css_compressor = :sass + + # Whether to fallback to assets pipeline if a precompiled asset is missed. + config.assets.compile = false + + # Generate digests for assets URLs. + config.assets.digest = true + + # Version of your assets, change this if you want to expire all your assets. + config.assets.version = '1.0' + + # Specifies the header that your server uses for sending files. + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx + + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. + # config.force_ssl = true + + # Set to :debug to see everything in the log. + config.log_level = :info + + # Prepend all log lines with the following tags. + # config.log_tags = [ :subdomain, :uuid ] + + # Use a different logger for distributed setups. + # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + + # Use a different cache store in production. + # config.cache_store = :mem_cache_store + + # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.action_controller.asset_host = "http://assets.example.com" - # Disable delivery errors, bad email addresses will be ignored + # Precompile additional assets. + # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. + # config.assets.precompile += %w( search.js ) + + # Ignore bad email addresses and do not raise email delivery errors. + # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false - # Enable threaded mode - # config.threadsafe! + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation can not be found). + config.i18n.fallbacks = true + + # Send deprecation notices to registered listeners. + config.active_support.deprecation = :notify + + # Log the query plan for queries taking more than this (works + # with SQLite, MySQL, and PostgreSQL). + # config.active_record.auto_explain_threshold_in_seconds = 0.5 + + # Disable automatic flushing of the log to improve performance. + # config.autoflush_log = false + + # Use default logging formatter so that PID and timestamp are not suppressed. + config.log_formatter = ::Logger::Formatter.new end diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index 0dfc4389..b9feca88 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -1,33 +1,36 @@ RailsApp::Application.configure do - # Settings specified here will take precedence over those in config/environment.rb + # Settings specified here will take precedence over those in config/application.rb. # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that + # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! + # and recreated between test runs. Don't rely on the data there! config.cache_classes = true - # Log error messages when you accidentally call methods on nil. - config.whiny_nils = true + # Do not eager load code on boot. This avoids loading your whole application + # just for the purpose of running a single test. If you are using a tool that + # preloads Rails for running tests, you may have to set it to true. + config.eager_load = false - # Show full error reports and disable caching + # Configure static asset server for tests with Cache-Control for performance. + config.serve_static_assets = true + config.static_cache_control = "public, max-age=3600" + + # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - # Disable request forgery protection in test environment - config.action_controller.allow_forgery_protection = false + # Raise exceptions instead of rendering exception templates. + config.action_dispatch.show_exceptions = false + + # Disable request forgery protection in test environment. + config.action_controller.allow_forgery_protection = false # Tell Action Mailer not to deliver emails to the real world. # The :test delivery method accumulates sent emails in the # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - # Use SQL instead of Active Record's schema dumper when creating the test database. - # This is necessary if your schema can't be completely dumped by the schema dumper, - # like if you have constraints or database-specific column types - # config.active_record.schema_format = :sql - - config.action_dispatch.show_exceptions = false - + # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr end diff --git a/test/rails_app/config/initializers/secret_token.rb b/test/rails_app/config/initializers/secret_token.rb index d27fc2d9..4089a38c 100644 --- a/test/rails_app/config/initializers/secret_token.rb +++ b/test/rails_app/config/initializers/secret_token.rb @@ -1,2 +1 @@ -Rails.application.config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571' -Rails.application.config.session_store :cookie_store, :key => "_my_app" \ No newline at end of file +RailsApp::Application.config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' diff --git a/test/rails_app/config/initializers/session_store.rb b/test/rails_app/config/initializers/session_store.rb new file mode 100644 index 00000000..d770aeb8 --- /dev/null +++ b/test/rails_app/config/initializers/session_store.rb @@ -0,0 +1 @@ +RailsApp::Application.config.session_store :encrypted_cookie_store, key: '_rails_app_session' diff --git a/test/rails_app/script/rails b/test/rails_app/script/rails deleted file mode 100755 index ec22bf97..00000000 --- a/test/rails_app/script/rails +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env ruby -# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. - -ENV_PATH = File.expand_path('../../config/environment', __FILE__) -BOOT_PATH = File.expand_path('../../config/boot', __FILE__) -APP_PATH = File.expand_path('../../config/application', __FILE__) -ROOT_PATH = File.expand_path('../..', __FILE__) - -require BOOT_PATH -require 'rails/commands' From 3c885e043db8ef7b620998cc188fdb1aa288d118 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 25 Jan 2013 23:40:35 -0200 Subject: [PATCH 04/37] Fix changed error messages from confirmation validation --- test/integration/recoverable_test.rb | 2 +- test/integration/registerable_test.rb | 4 ++-- test/models/validatable_test.rb | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 28781e5e..98acd056 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -153,7 +153,7 @@ class PasswordTest < ActionDispatch::IntegrationTest assert_response :success assert_current_url '/users/password' assert_have_selector '#error_explanation' - assert_contain 'Password doesn\'t match confirmation' + assert_contain 'Password confirmation doesn\'t match Password' assert_not user.reload.valid_password?('987654321') end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 9583097f..34703c69 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -100,7 +100,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_template 'registrations/new' assert_have_selector '#error_explanation' assert_contain "Email is invalid" - assert_contain "Password doesn't match confirmation" + assert_contain "Password confirmation doesn't match Password" assert_contain "2 errors prohibited" assert_nil User.first @@ -206,7 +206,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest fill_in 'current password', :with => '12345678' click_button 'Update' - assert_contain "Password doesn't match confirmation" + assert_contain "Password confirmation doesn't match Password" assert_not User.first.valid_password?('pas123') end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 10be9092..0008aed4 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -56,7 +56,7 @@ class ValidatableTest < ActiveSupport::TestCase test 'should require confirmation to be set when creating a new record' do user = new_user(:password => 'new_password', :password_confirmation => 'blabla') assert user.invalid? - assert_equal 'doesn\'t match confirmation', user.errors[:password].join + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join end test 'should require password when updating/reseting password' do @@ -73,7 +73,7 @@ class ValidatableTest < ActiveSupport::TestCase user = create_user user.password_confirmation = 'another_password' assert user.invalid? - assert_equal 'doesn\'t match confirmation', user.errors[:password].join + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join end test 'should require a password with minimum of 6 characters' do From d77a956276e0eff8a49d75195e278ba112dd5234 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 26 Jan 2013 15:26:31 -0200 Subject: [PATCH 05/37] Remove AR deprecated finder warnings --- test/integration/registerable_test.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 34703c69..7923ba9a 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -17,7 +17,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert warden.authenticated?(:admin) assert_current_url "/admin_area/home" - admin = Admin.last :order => "id" + admin = Admin.order(:id).last assert_equal admin.email, 'new_user@test.com' end @@ -56,7 +56,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_not warden.authenticated?(:user) - user = User.last :order => "id" + user = User.order(:id).last assert_equal user.email, 'new_user@test.com' assert_not user.confirmed? end @@ -251,7 +251,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_response :success assert response.body.include? %(\n) - admin = Admin.last :order => "id" + admin = Admin.order(:id).last assert_equal admin.email, 'new_user@test.com' end @@ -260,7 +260,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_response :success assert response.body.include? %(\n) - user = User.last :order => "id" + user = User.order(:id).last assert_equal user.email, 'new_user@test.com' end From 567fabbbc624c8dab135c1b104fbc148e2063758 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 26 Jan 2013 15:56:22 -0200 Subject: [PATCH 06/37] Disable forcing whitelist attributes from protected attributes This was the previous functionality since we didn't set anything in the application configuration. Now when using protected attributes gem, it sets whitelist to true, forcing us to always declare the accessible attributes, and this is not the case for the Admin model. --- test/rails_app/config/application.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index d1e30db8..a68120b7 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -32,6 +32,9 @@ module RailsApp config.action_mailer.default_url_options = { :host => "localhost:3000" } + # Disable forcing whitelist attributes from protected attributes. + config.active_record.whitelist_attributes = false + # This was used to break devise in some situations config.to_prepare do Devise::SessionsController.layout "application" From ed6e232756fb98d9a828319802cd5e34bfd25f49 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Mon, 28 Jan 2013 00:48:41 +0300 Subject: [PATCH 07/37] assert_recognizes rises `Assertion` instead of `RoutingError` --- test/routes_test.rb | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/test/routes_test.rb b/test/routes_test.rb index 25d0cc77..e80ccf6e 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -101,7 +101,7 @@ class DefaultRoutingTest < ActionController::TestCase assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'google'}, {:path => 'users/auth/google/callback', :method => :post}) assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'ysers/omniauth_callbacks', :action => 'twitter'}, {:path => 'users/auth/twitter/callback', :method => :get}) end end @@ -123,7 +123,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'does not map admin password' do - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'admin_area/password/new') end end @@ -133,7 +133,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'does only map reader password' do - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, 'reader/sessions/new') end assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'reader/password/new') @@ -161,14 +161,14 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map deletes with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :delete}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :get}) end end test 'map posts with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :post}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :get}) end end @@ -176,56 +176,56 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map delete_or_posts with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :post}) assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :delete}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :get}) end end - + test 'map with constraints defined in hash' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/headquarters/sign_up', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100/headquarters/sign_up', :method => :get}) end end - + test 'map with constraints defined in block' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/homebase/sign_up', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100//homebase/sign_up', :method => :get}) end end - + test 'map with format false for sessions' do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in.xml', :method => :get}) end end - + test 'map with format false for passwords' do assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password', :method => :post}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password.xml', :method => :post}) end end - + test 'map with format false for registrations' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up.xml', :method => :get}) end end - + test 'map with format false for confirmations' do assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation.xml', :method => :get}) end end - + test 'map with format false for unlocks' do assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock', :method => :get}) - assert_raise ActionController::RoutingError do + assert_raise Assertion do assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock.xml', :method => :get}) end end From 7998d6f878b4d5743ad3330a6006ae19da53b94b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 28 Jan 2013 10:29:34 -0200 Subject: [PATCH 08/37] Match full template name --- test/integration/authenticatable_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index ea26d74b..d9907535 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -191,7 +191,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest get dashboard_path assert_response :success - assert_template 'home/admin' + assert_template 'home/admin_dashboard' assert_contain 'Admin dashboard' end @@ -203,7 +203,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest get dashboard_path assert_response :success - assert_template 'home/user' + assert_template 'home/user_dashboard' assert_contain 'User dashboard' end From 02298117a09ed5a5878f30acc44e94d792bc36d2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 28 Jan 2013 22:17:39 -0200 Subject: [PATCH 09/37] Do not remove app/mailers from autoloaded paths --- test/rails_app/config/application.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index a68120b7..dc8f466e 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -16,7 +16,7 @@ require "devise" module RailsApp class Application < Rails::Application # Add additional load paths for your own custom dirs - config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers views).include?($1) } + config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) } config.autoload_paths += [ "#{config.root}/app/#{DEVISE_ORM}" ] # Configure generators values. Many other options are available, be sure to check the documentation. From aca7e5d1626f14f4e76e24b0f4b1340208216937 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 20 Feb 2013 22:13:46 -0300 Subject: [PATCH 10/37] Run tests with mongoid --- Gemfile | 1 - test/rails_app/app/mongoid/shim.rb | 1 + test/rails_app/config/application.rb | 6 ++++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 2bbcda50..308bb3e4 100644 --- a/Gemfile +++ b/Gemfile @@ -25,7 +25,6 @@ platforms :ruby do gem "sqlite3" end - platforms :mri_19 do group :mongoid do gem "mongoid", github: "mongoid/mongoid", branch: "master" diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index 14f2182b..9b413522 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -2,6 +2,7 @@ module Shim extend ::ActiveSupport::Concern included do + include ::ActiveModel::MassAssignmentSecurity include ::Mongoid::Timestamps field :created_at, :type => DateTime end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index dc8f466e..9f942f9b 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -32,8 +32,10 @@ module RailsApp config.action_mailer.default_url_options = { :host => "localhost:3000" } - # Disable forcing whitelist attributes from protected attributes. - config.active_record.whitelist_attributes = false + if DEVISE_ORM == :active_record + # Disable forcing whitelist attributes from protected attributes. + config.active_record.whitelist_attributes = false + end # This was used to break devise in some situations config.to_prepare do From 135c8da3908f5cccf5aa7bd6d0aaee277f8741b1 Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Wed, 20 Feb 2013 21:15:45 -0200 Subject: [PATCH 11/37] To be able to post to root via is now needed --- test/rails_app/config/routes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index aca42949..1363d2cd 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -96,5 +96,5 @@ Rails.application.routes.draw do get "/unauthenticated", :to => "home#unauthenticated" get "/custom_strategy/new" - root :to => "home#index" + root :to => "home#index", :via => [:get, :post] end From 04d9512f3019ceef251b6c119290071c9ed3bccf Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Wed, 20 Feb 2013 21:28:58 -0200 Subject: [PATCH 12/37] We need to do match via [get, post] --- lib/devise/rails/routes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 2d06cbf2..605e2718 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -398,13 +398,13 @@ module ActionDispatch::Routing providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s)) - get "#{path_prefix}/:provider", + match "#{path_prefix}/:provider", :constraints => { :provider => providers }, :to => "#{controllers[:omniauth_callbacks]}#passthru", :as => :omniauth_authorize, :via => [:get, :post] - get "#{path_prefix}/:action/callback", + match "#{path_prefix}/:action/callback", :constraints => { :action => providers }, :to => controllers[:omniauth_callbacks], :as => :omniauth_callback, From 10f93129c33edbc88fa7890473469ab9ff929856 Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Wed, 20 Feb 2013 22:02:54 -0200 Subject: [PATCH 13/37] Rails 4 now raises ActionController::UrlGenerationError This is the commit in Rails https://github.com/rails/rails/commit/db06d128 --- test/omniauth/url_helpers_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 67054b65..785ef25b 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -30,7 +30,7 @@ class OmniAuthRoutesTest < ActionController::TestCase test 'should generate authorization path' do assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook) - assert_raise ActionController::RoutingError do + assert_raise ActionController::UrlGenerationError do @controller.omniauth_authorize_path(:user, :github) end end From e79ebe8aeca9edb96c0cee850a6708f6bee2fe04 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 21 Feb 2013 14:38:47 -0300 Subject: [PATCH 14/37] Fix last mongoid tests since it does not have the order method --- test/rails_app/app/mongoid/shim.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index 9b413522..602d059c 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -8,9 +8,8 @@ module Shim end module ClassMethods - def last(options = {}) - options.delete(:order) if options[:order] == "id" - where(options).last + def order(attribute) + asc(attribute) end def find_by_email(email) From d29b744d92a380e61d0c62149cc60e91ec4ba0f2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 24 Feb 2013 20:00:28 -0300 Subject: [PATCH 15/37] Enable Ruby 2.0 in travis --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index c8fb10a6..fed6a2ba 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,7 @@ language: ruby script: "bundle exec rake test" rvm: - 1.9.3 + - 2.0.0 env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record From 9a8cb011d7c22726b59ab7c101d06dbf995ca222 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 28 Mar 2013 14:00:55 -0300 Subject: [PATCH 16/37] Use the latests Rails version --- Gemfile.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 209a593e..f02a2fa5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 124627a60020c081a50136dd49e6c6652e7226c5 + revision: 6c8b3f2501ad12dbd453a86d3fe2374a4d14378c branch: master specs: mongoid (4.0.0) @@ -11,7 +11,7 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 202041e762a98cb433c3a24a0b03308d4e05a99d + revision: 27d12bde1f2ef9bac24d24d576f23eee68544ca0 branch: master specs: actionmailer (4.0.0.beta1) @@ -30,13 +30,13 @@ GIT activemodel (= 4.0.0.beta1) activerecord-deprecated_finders (~> 0.0.3) activesupport (= 4.0.0.beta1) - arel (~> 4.0.0.beta1) + arel (~> 4.0.0.beta2) activesupport (4.0.0.beta1) - i18n (~> 0.6.2) + i18n (~> 0.6, >= 0.6.4) minitest (~> 4.2) multi_json (~> 1.3) thread_safe (~> 0.1) - tzinfo (~> 0.3.33) + tzinfo (~> 0.3.37) rails (4.0.0.beta1) actionmailer (= 4.0.0.beta1) actionpack (= 4.0.0.beta1) @@ -62,36 +62,36 @@ PATH warden (~> 1.2.1) GEM - remote: http://rubygems.org/ + remote: https://rubygems.org/ specs: activerecord-deprecated_finders (0.0.3) - arel (4.0.0.beta1) + arel (4.0.0.beta2) atomic (1.0.1) bcrypt-ruby (3.0.1) builder (3.1.4) erubis (2.7.0) - faraday (0.8.6) + faraday (0.8.7) multipart-post (~> 1.1) hashie (1.2.0) hike (1.2.1) httpauth (0.2.0) - i18n (0.6.2) + i18n (0.6.4) json (1.7.7) - jwt (0.1.5) - multi_json (>= 1.0) + jwt (0.1.8) + multi_json (>= 1.5) mail (2.5.3) i18n (>= 0.4.0) mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) mime-types (1.21) - minitest (4.6.1) - mocha (0.13.2) + minitest (4.7.0) + mocha (0.13.3) metaclass (~> 0.0.1) - moped (1.4.2) - multi_json (1.6.1) - multipart-post (1.1.5) - nokogiri (1.5.6) + moped (1.4.5) + multi_json (1.7.2) + multipart-post (1.2.0) + nokogiri (1.5.9) oauth2 (0.8.1) faraday (~> 0.8) httpauth (~> 0.1) @@ -120,7 +120,7 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) - rake (10.0.3) + rake (10.0.4) rdoc (3.12.2) json (~> 1.4) ruby-openid (2.2.3) @@ -134,14 +134,14 @@ GEM activesupport (>= 3.0) sprockets (~> 2.8) sqlite3 (1.3.7) - thor (0.17.0) + thor (0.18.0) thread_safe (0.1.0) atomic - tilt (1.3.3) + tilt (1.3.6) treetop (1.4.12) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.35) + tzinfo (0.3.37) warden (1.2.1) rack (>= 1.0) webrat (0.7.2) From c07bc69fadfbd57e8b393feae9e58a1a2434f32e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 31 Mar 2013 17:18:02 -0300 Subject: [PATCH 17/37] Install Mongoid in Ruby 2.0 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index d5e98520..1b064d32 100644 --- a/Gemfile +++ b/Gemfile @@ -25,7 +25,7 @@ platforms :ruby do gem "sqlite3" end -platforms :mri_19 do +platforms :mri_19, :mri_20 do group :mongoid do gem "mongoid", github: "mongoid/mongoid", branch: "master" end From bd14589fe4b2de7fc9182413eb6d29d867a2dd0e Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 31 Mar 2013 17:18:41 -0300 Subject: [PATCH 18/37] Ensure that `include_root_in_json` is true since our test suite depends on that. --- test/orm/active_record.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index d1bff6c2..023e3cb7 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -1,5 +1,6 @@ ActiveRecord::Migration.verbose = false ActiveRecord::Base.logger = Logger.new(nil) +ActiveRecord::Base.include_root_in_json = true ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__)) From ce37c301ff91f0d59ff91715f0c36e0ee285fb11 Mon Sep 17 00:00:00 2001 From: Lucas Mazza Date: Sun, 31 Mar 2013 17:19:10 -0300 Subject: [PATCH 19/37] Update Rails dependency --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index f02a2fa5..e2dab4b2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 27d12bde1f2ef9bac24d24d576f23eee68544ca0 + revision: 31216ec84b6988683c0c60e1ff08163a75d27680 branch: master specs: actionmailer (4.0.0.beta1) From 2f88f7c0ed18885ac6305344689e3fa43c1592bd Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 13 Mar 2013 11:15:27 -0500 Subject: [PATCH 20/37] Remove protected_attributes gem and all whitelisting --- Gemfile | 1 - Gemfile.lock | 3 --- lib/generators/active_record/devise_generator.rb | 5 +---- test/generators/active_record_generator_test.rb | 4 +--- test/rails_app/config/application.rb | 5 ----- test/rails_app/lib/shared_user.rb | 1 - test/test_models.rb | 1 - 7 files changed, 2 insertions(+), 18 deletions(-) diff --git a/Gemfile b/Gemfile index 1b064d32..b0889bc4 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,6 @@ source "https://rubygems.org" gemspec gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master" -gem "protected_attributes", "~> 1.0.0" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index e2dab4b2..ad794f5b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,8 +112,6 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - protected_attributes (1.0.0) - activemodel (>= 4.0.0.beta, < 5.0) rack (1.5.2) rack-openid (1.3.1) rack (>= 1.1.0) @@ -163,7 +161,6 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - protected_attributes (~> 1.0.0) rails (~> 4.0.0.beta)! rdoc sqlite3 diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 35541d91..f566cd15 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -22,10 +22,7 @@ module ActiveRecord end def inject_devise_content - content = model_contents + < "localhost:3000" } - if DEVISE_ORM == :active_record - # Disable forcing whitelist attributes from protected attributes. - config.active_record.whitelist_attributes = false - end - # This was used to break devise in some situations config.to_prepare do Devise::SessionsController.layout "application" diff --git a/test/rails_app/lib/shared_user.rb b/test/rails_app/lib/shared_user.rb index 29c26231..e4bd8712 100644 --- a/test/rails_app/lib/shared_user.rb +++ b/test/rails_app/lib/shared_user.rb @@ -7,7 +7,6 @@ module SharedUser :trackable, :validatable, :omniauthable attr_accessor :other_key - attr_accessible :username, :email, :password, :password_confirmation, :remember_me, :confirmation_sent_at # They need to be included after Devise is called. extend ExtendMethods diff --git a/test/test_models.rb b/test/test_models.rb index fb65d53c..cd7fbaa3 100644 --- a/test/test_models.rb +++ b/test/test_models.rb @@ -15,7 +15,6 @@ end class UserWithVirtualAttributes < User devise :case_insensitive_keys => [ :email, :email_confirmation ] validates :email, :presence => true, :confirmation => {:on => :create} - attr_accessible :email, :email_confirmation end class Several < Admin From af4a582300b79669682f7c656316b841cc3a0f82 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 27 Mar 2013 22:15:48 -0500 Subject: [PATCH 21/37] Remove mass-assignment role-based tests, no longer supported in Rails 4 Mass-assignment security roles are removed in Rails 4 so there's no need to test :as => :role behavior. --- test/models/database_authenticatable_test.rb | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 1439a51f..a8577c22 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -111,13 +111,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert user.reload.valid_password?('pass4321') end - test 'should update password with valid current password and :as option' do - user = create_user - assert user.update_with_password(:current_password => '12345678', - :password => 'pass4321', :password_confirmation => 'pass4321', :as => :admin) - assert user.reload.valid_password?('pass4321') - end - test 'should add an error to current password when it is invalid' do user = create_user assert_not user.update_with_password(:current_password => 'other', @@ -170,12 +163,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase assert_equal 'new@example.com', user.email end - test 'should update the user without password with :as option' do - user = create_user - user.update_without_password(:email => 'new@example.com', :as => :admin) - assert_equal 'new@example.com', user.email - end - test 'should not update password without password' do user = create_user user.update_without_password(:password => 'pass4321', :password_confirmation => 'pass4321') From 78f137368c04adceb4ffabf50c9f476bf757ba3d Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 13 Mar 2013 11:37:54 -0500 Subject: [PATCH 22/37] Add support for Rails 4 strong_parameters This brings support for Rails 4 StrongParameters changes. - Parameter sanitizing is setup for Devise controllers via resource_params except Omniauth Callbacks which doesn't use resource_params. - Change #build_resource to not call resource_params for get requests. Parameter sanitizing is only needed when params are posted to the server so there's no need to try to construct resource params on get requests (new, edit). --- .../devise/confirmations_controller.rb | 1 - .../devise/registrations_controller.rb | 6 +- app/controllers/devise/unlocks_controller.rb | 1 - app/controllers/devise_controller.rb | 29 +++++++-- lib/devise.rb | 13 ++-- lib/devise/parameter_sanitizer.rb | 65 +++++++++++++++++++ test/parameter_sanitizer_test.rb | 52 +++++++++++++++ 7 files changed, 153 insertions(+), 14 deletions(-) create mode 100644 lib/devise/parameter_sanitizer.rb create mode 100644 test/parameter_sanitizer_test.rb diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 68014c92..58802882 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -39,5 +39,4 @@ class Devise::ConfirmationsController < DeviseController def after_confirmation_path_for(resource_name, resource) after_sign_in_path_for(resource) end - end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 281979a7..c7cee32c 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -83,7 +83,11 @@ class Devise::RegistrationsController < DeviseController # Build a devise resource passing in the session. Useful to move # temporary session data to the newly created user. def build_resource(hash=nil) - hash ||= resource_params || {} + if request.get? + hash ||= {} + else + hash ||= resource_params || {} + end self.resource = resource_class.new_with_session(hash, session) end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 45f6b2c1..3b0d9f7f 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -40,5 +40,4 @@ class Devise::UnlocksController < DeviseController def after_unlock_path_for(resource) new_session_path(resource) end - end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 94359769..8c67eb2d 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -28,10 +28,6 @@ class DeviseController < Devise.parent_controller.constantize devise_mapping.to end - def resource_params - params[resource_name] - end - # Returns a signed in resource from session (if one exists) def signed_in_resource warden.authenticate(:scope => resource_name) @@ -96,7 +92,13 @@ MESSAGE # Build a devise resource. # Assignment bypasses attribute protection when :unsafe option is passed def build_resource(hash = nil, options = {}) - hash ||= resource_params || {} + # When building a resource, invoke strong_parameters require/permit + # steps if the params hash includes the resource name. + if params[resource_name] + hash ||= resource_params || {} + else + hash ||= {} + end if options[:unsafe] self.resource = resource_class.new.tap do |resource| @@ -181,4 +183,21 @@ MESSAGE format.any(*navigational_formats, &block) end end + + # Setup a param sanitizer to filter parameters using strong_parameters. See + # lib/devise/controllers/parameter_sanitizer.rb for more info. Override this + # method in your application controller to use your own parameter sanitizer. + def parameters_sanitizer + @parameters_sanitizer ||= Devise::ParameterSanitizer.new + end + + # Return the params to be used for mass assignment passed through the + # strong_parameters require/permit step. To customize the parameters + # permitted for a specific controller, simply prepend a before_filter and + # call #permit_devise_param or #remove_permitted_devise_param on + # parameters_sanitizer to update the default allowed lists of permitted + # parameters. + def resource_params + params.require(resource_name).permit(parameters_sanitizer.permitted_params_for(controller_name)) + end end diff --git a/lib/devise.rb b/lib/devise.rb index 87e1f307..75001585 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -6,12 +6,13 @@ require 'set' require 'securerandom' module Devise - autoload :Delegator, 'devise/delegator' - autoload :FailureApp, 'devise/failure_app' - autoload :OmniAuth, 'devise/omniauth' - autoload :ParamFilter, 'devise/param_filter' - autoload :TestHelpers, 'devise/test_helpers' - autoload :TimeInflector, 'devise/time_inflector' + autoload :Delegator, 'devise/delegator' + autoload :FailureApp, 'devise/failure_app' + autoload :OmniAuth, 'devise/omniauth' + autoload :ParamFilter, 'devise/param_filter' + autoload :ParameterSanitizer, 'devise/parameter_sanitizer' + autoload :TestHelpers, 'devise/test_helpers' + autoload :TimeInflector, 'devise/time_inflector' module Controllers autoload :Helpers, 'devise/controllers/helpers' diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb new file mode 100644 index 00000000..ce800e2d --- /dev/null +++ b/lib/devise/parameter_sanitizer.rb @@ -0,0 +1,65 @@ +module Devise + class ParameterSanitizer + attr_reader :allowed_params + + # Return a list of parameter names permitted to be mass-assigned for the + # passed controller. + def permitted_params_for(controller_name) + allowed_params.fetch(key_for_controller_name(controller_name), []) + end + + # Set up a new parameter sanitizer with a set of allowed parameters. This + # gets initialized on each request so that parameters may be augmented or + # changed as needed via before_filter. + def initialize + @allowed_params = { + :confirmations_controller => [:email], + :passwords_controller => authentication_keys + [:password, :password_confirmation, :reset_password_token], + :registrations_controller => authentication_keys + [:password, :password_confirmation, :current_password], + :sessions_controller => authentication_keys + [:password], + :unlocks_controller => [:email] + } + end + + # Allow additional parameters for a Devise controller. If the + # controller_name doesn't exist in allowed_params, it will be added to it + # as an empty array and param_name will be appended to that array. Note + # that when adding a new controller, use the full controller name + # (:confirmations_controller) and not the short names + # (:confirmation/:confirmations). + def permit_devise_param(controller_name, param_name) + @allowed_params[key_for_controller_name(controller_name)] << param_name + true + end + + # Remove specific allowed parameter for a Devise controller. If the + # controller_name doesn't exist in allowed_params, it will be added to it + # as an empty array. + def remove_permitted_devise_param(controller_name, param_name) + @allowed_params[key_for_controller_name(controller_name)].delete(param_name) + true + end + + protected + + def authentication_keys + Array(::Devise.authentication_keys) + end + + # Flexibly allow access to permitting/denying/checking parameters by + # controller name in the following key formats: :confirmations_controller, + # :confirmations, :confirmation + def key_for_controller_name(name) + if allowed_params.has_key?(name.to_sym) + name.to_sym + elsif allowed_params.has_key?(:"#{name}s_controller") + :"#{name}s_controller" + elsif allowed_params.has_key?(:"#{name}_controller") + :"#{name}_controller" + else + @allowed_params[name.to_sym] = [] + name.to_sym + end + end + end +end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb new file mode 100644 index 00000000..56c86193 --- /dev/null +++ b/test/parameter_sanitizer_test.rb @@ -0,0 +1,52 @@ +require 'test_helper' + +class ParameterSanitizerTest < ActiveSupport::TestCase + def sanitizer + Devise::ParameterSanitizer.new + end + + test '#permitted_params_for allows querying of allowed parameters by controller' do + assert_equal [:email], sanitizer.permitted_params_for(:confirmations_controller) + assert_equal [:email, :password, :password_confirmation, :reset_password_token], sanitizer.permitted_params_for(:password) + assert_equal [:email], sanitizer.permitted_params_for(:unlocks) + end + + test '#permitted_params_for returns an empty array for a bad key' do + assert_equal [], sanitizer.permitted_params_for(:bad_key) + end + + test '#permit_devise_param allows adding an allowed param for a specific controller' do + subject = sanitizer + + subject.permit_devise_param(:confirmations_controller, :other) + + assert_equal [:email, :other], subject.permitted_params_for(:confirmations_controller) + end + + test '#remove_permitted_devise_param allows disallowing a param for a specific controller' do + subject = sanitizer + + subject.remove_permitted_devise_param(:confirmations_controller, :email) + + assert_equal [], subject.permitted_params_for(:confirmations_controller) + end + + test '#permit_devise_param allows adding additional devise controllers' do + subject = sanitizer + + subject.permit_devise_param(:invitations_controller, :email) + + assert_equal [:email], subject.permitted_params_for(:invitations) + end + + test '#remove_permitted_devise_param fails gracefully when removing a missing param' do + subject = sanitizer + + # perform twice, just to be sure it handles it gracefully + subject.remove_permitted_devise_param(:invitations_controller, :email) + subject.remove_permitted_devise_param(:invitations_controller, :email) + + assert_equal [], subject.permitted_params_for(:invitations) + end +end + From e0ffe8f85fe6a2420d980d2c1d1061274d2c1a87 Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Thu, 28 Mar 2013 11:32:36 -0500 Subject: [PATCH 23/37] Fix internal helper test referencing resource_params --- test/controllers/internal_helpers_test.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 939549b6..daa338fe 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -34,10 +34,13 @@ class HelpersTest < ActionController::TestCase end test 'get resource params from request params using resource name as key' do - user_params = {'name' => 'Shirley Templar'} - @controller.stubs(:params).returns(HashWithIndifferentAccess.new({'user' => user_params})) + user_params = {'email' => 'shirley@templar.com'} + @controller.stubs(:params).returns(ActionController::Parameters.new({'user' => user_params})) + # Stub controller name so strong parameters can filter properly. + # DeviseController does not allow any parameters by default. + @controller.stubs(:controller_name).returns(:sessions_controller) - assert_equal user_params, @controller.resource_params + assert_equal user_params, @controller.send(:resource_params) end test 'resources methods are not controller actions' do From b151d2cfe20ea13348a4ab49a9176051d587a0ec Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Mon, 1 Apr 2013 09:00:36 -0500 Subject: [PATCH 24/37] Remove MassAssignment security from Mongoid test shim --- test/rails_app/app/mongoid/shim.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/test/rails_app/app/mongoid/shim.rb b/test/rails_app/app/mongoid/shim.rb index 602d059c..f74e8711 100644 --- a/test/rails_app/app/mongoid/shim.rb +++ b/test/rails_app/app/mongoid/shim.rb @@ -2,7 +2,6 @@ module Shim extend ::ActiveSupport::Concern included do - include ::ActiveModel::MassAssignmentSecurity include ::Mongoid::Timestamps field :created_at, :type => DateTime end From 77203e3d97346378806e35fc96a541403323deda Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Mon, 1 Apr 2013 09:46:46 -0500 Subject: [PATCH 25/37] Change parameter sanitizer instance method to scope to devise This way it's very explicit that this method is for devise and it won't run into any naming collisions with user code. --- app/controllers/devise_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 8c67eb2d..199bc48d 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -187,8 +187,8 @@ MESSAGE # Setup a param sanitizer to filter parameters using strong_parameters. See # lib/devise/controllers/parameter_sanitizer.rb for more info. Override this # method in your application controller to use your own parameter sanitizer. - def parameters_sanitizer - @parameters_sanitizer ||= Devise::ParameterSanitizer.new + def devise_parameters_sanitizer + @devise_parameters_sanitizer ||= Devise::ParameterSanitizer.new end # Return the params to be used for mass assignment passed through the @@ -198,6 +198,6 @@ MESSAGE # parameters_sanitizer to update the default allowed lists of permitted # parameters. def resource_params - params.require(resource_name).permit(parameters_sanitizer.permitted_params_for(controller_name)) + params.require(resource_name).permit(devise_parameters_sanitizer.permitted_params_for(controller_name)) end end From d20fdf87b6cc618306e92c66e11ef54e7eb1edce Mon Sep 17 00:00:00 2001 From: Drew Ulmer Date: Wed, 10 Apr 2013 10:33:50 -0500 Subject: [PATCH 26/37] Introduce BaseSanitizer null sanitizer and controller-specific callbacks This updates Devise's StrongParameter support to feature: - A Null base sanitizer to support existing Rails 3.x installations that don't want to use StrongParameters yet - A new, simpler API for ParameterSanitizer: #permit, #permit!, and #forbid - Overrideable callbacks on a controller-basis, e.g. #create_sessions_params for passing the current scope's parameters through StrongParameters and a helper method, whitelisted_params, for rolling your own implementations of #create_x_params in your own controllers. - Lots of tests! --- .../devise/confirmations_controller.rb | 6 +- .../devise/registrations_controller.rb | 18 ++- app/controllers/devise/unlocks_controller.rb | 6 +- app/controllers/devise_controller.rb | 23 ++- lib/devise.rb | 1 + lib/devise/parameter_sanitizer.rb | 74 ++++++--- test/parameter_sanitizer_test.rb | 148 ++++++++++++------ 7 files changed, 190 insertions(+), 86 deletions(-) diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 58802882..4da37d94 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -6,7 +6,7 @@ class Devise::ConfirmationsController < DeviseController # POST /resource/confirmation def create - self.resource = resource_class.send_confirmation_instructions(resource_params) + self.resource = resource_class.send_confirmation_instructions(create_confirmation_params) if successfully_sent?(resource) respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name)) @@ -39,4 +39,8 @@ class Devise::ConfirmationsController < DeviseController def after_confirmation_path_for(resource_name, resource) after_sign_in_path_for(resource) end + + def create_confirmation_params + whitelisted_params(:confirmations) + end end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index c7cee32c..4558e402 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -10,7 +10,7 @@ class Devise::RegistrationsController < DeviseController # POST /resource def create - build_resource + build_resource(create_registration_params) if resource.save if resource.active_for_authentication? @@ -40,7 +40,7 @@ class Devise::RegistrationsController < DeviseController self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) - if resource.update_with_password(resource_params) + if resource.update_with_password(update_resource_params) if is_navigational_format? flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ? :update_needs_confirmation : :updated @@ -83,11 +83,7 @@ class Devise::RegistrationsController < DeviseController # Build a devise resource passing in the session. Useful to move # temporary session data to the newly created user. def build_resource(hash=nil) - if request.get? - hash ||= {} - else - hash ||= resource_params || {} - end + hash ||= {} self.resource = resource_class.new_with_session(hash, session) end @@ -120,4 +116,12 @@ class Devise::RegistrationsController < DeviseController send(:"authenticate_#{resource_name}!", :force => true) self.resource = send(:"current_#{resource_name}") end + + def create_registration_params + whitelisted_params(:registrations) + end + + def update_resource_params + whitelisted_params(:registrations) + end end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 3b0d9f7f..6566fc09 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -8,7 +8,7 @@ class Devise::UnlocksController < DeviseController # POST /resource/unlock def create - self.resource = resource_class.send_unlock_instructions(resource_params) + self.resource = resource_class.send_unlock_instructions(create_unlock_params) if successfully_sent?(resource) respond_with({}, :location => after_sending_unlock_instructions_path_for(resource)) @@ -40,4 +40,8 @@ class Devise::UnlocksController < DeviseController def after_unlock_path_for(resource) new_session_path(resource) end + + def create_unlock_params + whitelisted_params(:unlocks) + end end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 199bc48d..9099d6ae 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -95,7 +95,7 @@ MESSAGE # When building a resource, invoke strong_parameters require/permit # steps if the params hash includes the resource name. if params[resource_name] - hash ||= resource_params || {} + hash ||= whitelisted_params(controller_name) || {} else hash ||= {} end @@ -187,17 +187,26 @@ MESSAGE # Setup a param sanitizer to filter parameters using strong_parameters. See # lib/devise/controllers/parameter_sanitizer.rb for more info. Override this # method in your application controller to use your own parameter sanitizer. - def devise_parameters_sanitizer - @devise_parameters_sanitizer ||= Devise::ParameterSanitizer.new + def devise_parameter_sanitizer + return super if defined?(super) + @devise_parameter_sanitizer ||= if defined?(ActionController::StrongParameters) + Devise::ParameterSanitizer.new(resource_name, params) + else + Devise::BaseSanitizer.new(resource_name, params) + end end # Return the params to be used for mass assignment passed through the # strong_parameters require/permit step. To customize the parameters # permitted for a specific controller, simply prepend a before_filter and - # call #permit_devise_param or #remove_permitted_devise_param on - # parameters_sanitizer to update the default allowed lists of permitted - # parameters. + # call #permit, #permit! or #forbid on devise_parameters_sanitizer to update + # the default allowed lists of permitted parameters for a specific + # controller/action combination. + def whitelisted_params(contr_name) + devise_parameter_sanitizer.sanitize_for(contr_name) + end + def resource_params - params.require(resource_name).permit(devise_parameters_sanitizer.permitted_params_for(controller_name)) + params.fetch(resource_name, {}) end end diff --git a/lib/devise.rb b/lib/devise.rb index 75001585..4e103436 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -10,6 +10,7 @@ module Devise autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' autoload :ParamFilter, 'devise/param_filter' + autoload :BaseSanitizer, 'devise/parameter_sanitizer' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index ce800e2d..e4638bc8 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -1,23 +1,42 @@ module Devise - class ParameterSanitizer - attr_reader :allowed_params + class BaseSanitizer + attr_reader :params, :resource_name, :allowed_params - # Return a list of parameter names permitted to be mass-assigned for the - # passed controller. - def permitted_params_for(controller_name) - allowed_params.fetch(key_for_controller_name(controller_name), []) + def initialize(resource_name, params) + @resource_name, @params = resource_name, params + @allowed_params = {} + end + + def default_params + params.fetch(resource_name, {}) + end + + def sanitize_for(controller) + default_params + end + end + + class ParameterSanitizer < BaseSanitizer + # Return the allowed parameters passed through the StrongParametesr + # require/permit step according to the allowed_params setup via + # #permit, #permit!, #forbid, and any defaults. + def sanitize_for(controller) + permitted_params = allowed_params.fetch(param_key(controller), []).to_a + + params.require(resource_name).permit(permitted_params) end # Set up a new parameter sanitizer with a set of allowed parameters. This # gets initialized on each request so that parameters may be augmented or # changed as needed via before_filter. - def initialize + def initialize(resource_name, params) + super @allowed_params = { - :confirmations_controller => [:email], - :passwords_controller => authentication_keys + [:password, :password_confirmation, :reset_password_token], - :registrations_controller => authentication_keys + [:password, :password_confirmation, :current_password], - :sessions_controller => authentication_keys + [:password], - :unlocks_controller => [:email] + :confirmations => [:email], + :passwords => auth_keys | [:password, :password_confirmation, :reset_password_token], + :registrations => auth_keys | [:password, :password_confirmation, :current_password], + :sessions => auth_keys | [:password], + :unlocks => [:email] } end @@ -27,38 +46,41 @@ module Devise # that when adding a new controller, use the full controller name # (:confirmations_controller) and not the short names # (:confirmation/:confirmations). - def permit_devise_param(controller_name, param_name) - @allowed_params[key_for_controller_name(controller_name)] << param_name + def permit(controller_name, *param_names) + @allowed_params[param_key(controller_name)] |= param_names + true + end + + def permit!(controller_name, *param_names) + @allowed_params[param_key(controller_name)] = param_names true end # Remove specific allowed parameter for a Devise controller. If the # controller_name doesn't exist in allowed_params, it will be added to it # as an empty array. - def remove_permitted_devise_param(controller_name, param_name) - @allowed_params[key_for_controller_name(controller_name)].delete(param_name) + def forbid(controller_name, *param_names) + @allowed_params[param_key(controller_name)] -= param_names true end protected - def authentication_keys + def auth_keys Array(::Devise.authentication_keys) end # Flexibly allow access to permitting/denying/checking parameters by # controller name in the following key formats: :confirmations_controller, # :confirmations, :confirmation - def key_for_controller_name(name) - if allowed_params.has_key?(name.to_sym) - name.to_sym - elsif allowed_params.has_key?(:"#{name}s_controller") - :"#{name}s_controller" - elsif allowed_params.has_key?(:"#{name}_controller") - :"#{name}_controller" + def param_key(controller_name) + k = controller_name.to_sym + + if allowed_params.has_key?(k) + k else - @allowed_params[name.to_sym] = [] - name.to_sym + @allowed_params[k] = [] + k end end end diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb index 56c86193..e8f9fc84 100644 --- a/test/parameter_sanitizer_test.rb +++ b/test/parameter_sanitizer_test.rb @@ -1,52 +1,112 @@ require 'test_helper' +require 'devise/parameter_sanitizer' -class ParameterSanitizerTest < ActiveSupport::TestCase +class BaseSanitizerTest < ActiveSupport::TestCase def sanitizer - Devise::ParameterSanitizer.new + @sanitizer ||= Devise::BaseSanitizer.new(:user, {}) end - test '#permitted_params_for allows querying of allowed parameters by controller' do - assert_equal [:email], sanitizer.permitted_params_for(:confirmations_controller) - assert_equal [:email, :password, :password_confirmation, :reset_password_token], sanitizer.permitted_params_for(:password) - assert_equal [:email], sanitizer.permitted_params_for(:unlocks) - end - - test '#permitted_params_for returns an empty array for a bad key' do - assert_equal [], sanitizer.permitted_params_for(:bad_key) - end - - test '#permit_devise_param allows adding an allowed param for a specific controller' do - subject = sanitizer - - subject.permit_devise_param(:confirmations_controller, :other) - - assert_equal [:email, :other], subject.permitted_params_for(:confirmations_controller) - end - - test '#remove_permitted_devise_param allows disallowing a param for a specific controller' do - subject = sanitizer - - subject.remove_permitted_devise_param(:confirmations_controller, :email) - - assert_equal [], subject.permitted_params_for(:confirmations_controller) - end - - test '#permit_devise_param allows adding additional devise controllers' do - subject = sanitizer - - subject.permit_devise_param(:invitations_controller, :email) - - assert_equal [:email], subject.permitted_params_for(:invitations) - end - - test '#remove_permitted_devise_param fails gracefully when removing a missing param' do - subject = sanitizer - - # perform twice, just to be sure it handles it gracefully - subject.remove_permitted_devise_param(:invitations_controller, :email) - subject.remove_permitted_devise_param(:invitations_controller, :email) - - assert_equal [], subject.permitted_params_for(:invitations) + test '#default_params returns the params passed in' do + assert_equal({}, sanitizer.default_params) + end +end + +if defined?(ActionController::StrongParameters) + + require 'active_model/forbidden_attributes_protection' + + class ParameterSanitizerTest < ActiveSupport::TestCase + def sanitizer(p={}) + @sanitizer ||= Devise::ParameterSanitizer.new(:user, p) + end + + test '#permit allows adding an allowed param for a specific controller' do + sanitizer.permit(:confirmations, :other) + + assert_equal [:email, :other], sanitizer.allowed_params[:confirmations] + end + + test '#permit allows adding multiple allowed params for a specific controller' do + sanitizer.permit(:confirmations, :other, :testing) + + assert_equal [:email, :other, :testing], sanitizer.allowed_params[:confirmations] + end + + test '#permit! overrides allowed params for a specific controller' do + sanitizer.permit!(:confirmations, :other, :testing) + + assert_equal [:other, :testing], sanitizer.allowed_params[:confirmations] + end + + test '#forbid allows disallowing a param for a specific controller' do + sanitizer.forbid(:confirmations, :email) + + assert_equal [], sanitizer.allowed_params[:confirmations] + end + + test '#forbid allows disallowing multiple params for a specific controller' do + sanitizer.forbid(:sessions, :email, :password) + + assert_equal [], sanitizer.allowed_params[:sessions] + end + + test '#permit allows adding additional devise controllers' do + sanitizer.permit(:invitations, :email) + + assert_equal [:email], sanitizer.allowed_params[:invitations] + end + + test '#permit allows adding additional devise controllers with multiple params' do + sanitizer.permit(:invitations, :email, :pin) + + assert_includes sanitizer.allowed_params[:invitations], :pin + assert_includes sanitizer.allowed_params[:invitations], :email + end + + test '#forbid fails gracefully when removing a missing param' do + # perform twice, just to be sure it handles it gracefully + sanitizer.forbid(:invitations, :email) + sanitizer.forbid(:invitations, :email) + + assert_equal [], sanitizer.allowed_params[:invitations] + end + + test '#forbid fails gracefully when removing multiple missing params' do + # perform twice, just to be sure it handles it gracefully + sanitizer.forbid(:invitations, :email, :badkey) + sanitizer.forbid(:invitations, :email, :badkey) + + assert_equal [], sanitizer.allowed_params[:invitations] + end + + test '#sanitize_for tries to require the resource name on params' do + params = ActionController::Parameters.new({:admin => {}}) + + assert_raises ActionController::ParameterMissing do + sanitizer(params).sanitize_for(:sessions) + end + end + + test '#sanitize_for performs the permit step of strong_parameters, restricting passed attributes' do + params = ActionController::Parameters.new({:user => {:admin => true}}) + + # removes the admin flag + assert_equal({}, sanitizer(params).sanitize_for(:sessions)) + end + + test '#sanitize_for respects any updates to allowed_params' do + params = ActionController::Parameters.new({:user => {:admin => true}}) + sanitizer(params).permit(:sessions, :admin) + + assert_equal({'admin' => true}, sanitizer(params).sanitize_for(:sessions)) + end + + test '#sanitize_for works with newly added controllers' do + params = ActionController::Parameters.new({:user => {:email => 'abc@example.com', :pin => '1234'}}) + sanitizer(params).permit(:invitations, :email, :pin) + + assert_equal({'email' => 'abc@example.com', 'pin' => '1234'}, sanitizer(params).sanitize_for(:invitations)) + end end end From ea94e199cec143d46dbc1500e22967c9e8dcb239 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 13 Apr 2013 11:14:13 -0300 Subject: [PATCH 27/37] Bundle update --- Gemfile.lock | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e2dab4b2..16c64625 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 6c8b3f2501ad12dbd453a86d3fe2374a4d14378c + revision: 4a931ca105fddf59cc2f8619e973233376cf4b67 branch: master specs: mongoid (4.0.0) @@ -11,7 +11,7 @@ GIT GIT remote: git://github.com/rails/rails.git - revision: 31216ec84b6988683c0c60e1ff08163a75d27680 + revision: 67bb49b69e1f10c2b35a53a645ed98a028375f1d branch: master specs: actionmailer (4.0.0.beta1) @@ -49,8 +49,7 @@ GIT actionpack (= 4.0.0.beta1) activesupport (= 4.0.0.beta1) rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.17.0, < 2.0) + thor (>= 0.18.1, < 2.0) PATH remote: . @@ -66,14 +65,14 @@ GEM specs: activerecord-deprecated_finders (0.0.3) arel (4.0.0.beta2) - atomic (1.0.1) + atomic (1.1.7) bcrypt-ruby (3.0.1) builder (3.1.4) erubis (2.7.0) faraday (0.8.7) multipart-post (~> 1.1) hashie (1.2.0) - hike (1.2.1) + hike (1.2.2) httpauth (0.2.0) i18n (0.6.4) json (1.7.7) @@ -84,8 +83,8 @@ GEM mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.21) - minitest (4.7.0) + mime-types (1.22) + minitest (4.7.1) mocha (0.13.3) metaclass (~> 0.0.1) moped (1.4.5) @@ -112,7 +111,7 @@ GEM origin (1.0.11) orm_adapter (0.4.0) polyglot (0.3.3) - protected_attributes (1.0.0) + protected_attributes (1.0.1) activemodel (>= 4.0.0.beta, < 5.0) rack (1.5.2) rack-openid (1.3.1) @@ -121,10 +120,10 @@ GEM rack-test (0.6.2) rack (>= 1.0) rake (10.0.4) - rdoc (3.12.2) + rdoc (4.0.1) json (~> 1.4) ruby-openid (2.2.3) - sprockets (2.9.0) + sprockets (2.9.2) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) @@ -134,10 +133,10 @@ GEM activesupport (>= 3.0) sprockets (~> 2.8) sqlite3 (1.3.7) - thor (0.18.0) + thor (0.18.1) thread_safe (0.1.0) atomic - tilt (1.3.6) + tilt (1.3.7) treetop (1.4.12) polyglot polyglot (>= 0.3.1) From ac2ebdfb11b2b4e79a68f98239c6905ad56f6f58 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 13 Apr 2013 11:16:10 -0300 Subject: [PATCH 28/37] Fix session store changed in Rails master There's no encrypted cookie store anymore, by default the cookie store will be encrypted. --- test/rails_app/config/initializers/session_store.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rails_app/config/initializers/session_store.rb b/test/rails_app/config/initializers/session_store.rb index d770aeb8..5ac94e7e 100644 --- a/test/rails_app/config/initializers/session_store.rb +++ b/test/rails_app/config/initializers/session_store.rb @@ -1 +1 @@ -RailsApp::Application.config.session_store :encrypted_cookie_store, key: '_rails_app_session' +RailsApp::Application.config.session_store :cookie_store, key: '_rails_app_session' From 3ed0dc5d9fd56e60a46b9bea0de834d5901638fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 13 Apr 2013 23:34:07 -0700 Subject: [PATCH 29/37] Update README --- README.md | 80 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 50 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 5a4b4cc4..05a1963c 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ user_session After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use `user_root_path` if it exists, otherwise default `root_path` will be used. This means that you need to set the root inside your routes: ```ruby -root :to => "home#index" +root to: "home#index" ``` You can also overwrite `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks. @@ -174,34 +174,31 @@ devise :database_authenticatable, :registerable, :confirmable, :recoverable, :st Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the "devise:install" generator described above. -### Configuring multiple models +### Parameter sanitization -Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps: +Wehn you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. + +There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permited parameters by default are: + +* `sign_in` (`Devise::SessionsController#new`) - Permits only the authentication keys (like `email`) +* `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` +* `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password` + +In case you want to customize the permitted parameters (the lazy way™) you can do with a simple before filter in your `ApplicationController`: ```ruby -# Create a migration with the required fields -create_table :admins do |t| - t.string :email - t.string :encrypted_password - t.timestamps +class ApplicationController < ActionController::Base + before_filter :configure_permitted_parameters + + protected + + def configure_permitted_parameters + devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) } + end end - -# Inside your Admin model -devise :database_authenticatable, :timeoutable - -# Inside your routes -devise_for :admins - -# Inside your protected controller -before_filter :authenticate_admin! - -# Inside your controllers and views -admin_signed_in? -current_admin -admin_session ``` -On the other hand, you can simply run the generator! +The example above overrides the permitted parameters for the user to be both `:username` and `:email`. The non-lazy way to configure parameters would be by defining the before filter above in a custom controller. We detail how to configure and customize controllers in some sections below. ### Configuring views @@ -351,15 +348,40 @@ You can read more about Omniauth support in the wiki: * https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview +### Configuring multiple models + +Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps: + +```ruby +# Create a migration with the required fields +create_table :admins do |t| + t.string :email + t.string :encrypted_password + t.timestamps +end + +# Inside your Admin model +devise :database_authenticatable, :timeoutable + +# Inside your routes +devise_for :admins + +# Inside your protected controller +before_filter :authenticate_admin! + +# Inside your controllers and views +admin_signed_in? +current_admin +admin_session +``` + +On the other hand, you can simply run the generator! + ### Other ORMs Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file. -### Migrating from other solutions - -Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of these strategies, you need set the desired encryptor in the encryptor initializer config option and add :encryptable to your model. You might also need to rename your encrypted password and salt columns to match Devise's fields (encrypted_password and password_salt). - -## Troubleshooting +## Additional information ### Heroku @@ -371,8 +393,6 @@ config.assets.initialize_on_precompile = false Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html -## Additional information - ### Warden Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here: From 8ec89bf6598389a0a37cb50a45b4c4f3ade6b8ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sat, 13 Apr 2013 23:39:32 -0700 Subject: [PATCH 30/37] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 05a1963c..1a122b68 100644 --- a/README.md +++ b/README.md @@ -174,9 +174,9 @@ devise :database_authenticatable, :registerable, :confirmable, :recoverable, :st Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the "devise:install" generator described above. -### Parameter sanitization +### Strong Parameters -Wehn you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. +When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permited parameters by default are: From c6189696772925ae0c608fdd8d535f735e8e114e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Sun, 14 Apr 2013 08:49:30 -0700 Subject: [PATCH 31/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1a122b68..4548f1ea 100644 --- a/README.md +++ b/README.md @@ -188,7 +188,7 @@ In case you want to customize the permitted parameters (the lazy way™) you can ```ruby class ApplicationController < ActionController::Base - before_filter :configure_permitted_parameters + before_filter :configure_permitted_parameters, if: :devise_controller? protected From e8d1c9ca235f5593c66a01d6e55b65ecc1fcaa25 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 10:00:39 -0300 Subject: [PATCH 32/37] Bump rails version to 4.0.0.rc1, closes #2399 --- Gemfile | 2 +- Gemfile.lock | 102 ++++++++++++++++++++++++--------------------------- 2 files changed, 49 insertions(+), 55 deletions(-) diff --git a/Gemfile b/Gemfile index b0889bc4..3df2934f 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master" +gem "rails", "~> 4.0.0.rc1" gem "omniauth", "~> 1.0.0" gem "omniauth-oauth2", "~> 1.0.0" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 80b5b3d2..1ef1361c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,56 +1,14 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: 4a931ca105fddf59cc2f8619e973233376cf4b67 + revision: f703270f44021fb9e7411d8ed113159282e726c6 branch: master specs: mongoid (4.0.0) - activemodel (~> 4.0.0.beta) + activemodel (~> 4.0.0.rc1) moped (~> 1.4.2) origin (~> 1.0) tzinfo (~> 0.3.22) -GIT - remote: git://github.com/rails/rails.git - revision: 67bb49b69e1f10c2b35a53a645ed98a028375f1d - branch: master - specs: - actionmailer (4.0.0.beta1) - actionpack (= 4.0.0.beta1) - mail (~> 2.5.3) - actionpack (4.0.0.beta1) - activesupport (= 4.0.0.beta1) - builder (~> 3.1.0) - erubis (~> 2.7.0) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - activemodel (4.0.0.beta1) - activesupport (= 4.0.0.beta1) - builder (~> 3.1.0) - activerecord (4.0.0.beta1) - activemodel (= 4.0.0.beta1) - activerecord-deprecated_finders (~> 0.0.3) - activesupport (= 4.0.0.beta1) - arel (~> 4.0.0.beta2) - activesupport (4.0.0.beta1) - i18n (~> 0.6, >= 0.6.4) - minitest (~> 4.2) - multi_json (~> 1.3) - thread_safe (~> 0.1) - tzinfo (~> 0.3.37) - rails (4.0.0.beta1) - actionmailer (= 4.0.0.beta1) - actionpack (= 4.0.0.beta1) - activerecord (= 4.0.0.beta1) - activesupport (= 4.0.0.beta1) - bundler (>= 1.3.0, < 2.0) - railties (= 4.0.0.beta1) - sprockets-rails (~> 2.0.0.rc3) - railties (4.0.0.beta1) - actionpack (= 4.0.0.beta1) - activesupport (= 4.0.0.beta1) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - PATH remote: . specs: @@ -63,9 +21,32 @@ PATH GEM remote: https://rubygems.org/ specs: - activerecord-deprecated_finders (0.0.3) - arel (4.0.0.beta2) - atomic (1.1.7) + actionmailer (4.0.0.rc1) + actionpack (= 4.0.0.rc1) + mail (~> 2.5.3) + actionpack (4.0.0.rc1) + activesupport (= 4.0.0.rc1) + builder (~> 3.1.0) + erubis (~> 2.7.0) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.0.rc1) + activesupport (= 4.0.0.rc1) + builder (~> 3.1.0) + activerecord (4.0.0.rc1) + activemodel (= 4.0.0.rc1) + activerecord-deprecated_finders (~> 1.0.2) + activesupport (= 4.0.0.rc1) + arel (~> 4.0.0) + activerecord-deprecated_finders (1.0.2) + activesupport (4.0.0.rc1) + i18n (~> 0.6, >= 0.6.4) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + arel (4.0.0) + atomic (1.1.8) bcrypt-ruby (3.0.1) builder (3.1.4) erubis (2.7.0) @@ -83,8 +64,8 @@ GEM mime-types (~> 1.16) treetop (~> 1.4.8) metaclass (0.0.1) - mime-types (1.22) - minitest (4.7.1) + mime-types (1.23) + minitest (4.7.4) mocha (0.13.3) metaclass (~> 0.0.1) moped (1.4.5) @@ -108,7 +89,7 @@ GEM omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) - origin (1.0.11) + origin (1.1.0) orm_adapter (0.4.0) polyglot (0.3.3) rack (1.5.2) @@ -117,16 +98,29 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.2) rack (>= 1.0) + rails (4.0.0.rc1) + actionmailer (= 4.0.0.rc1) + actionpack (= 4.0.0.rc1) + activerecord (= 4.0.0.rc1) + activesupport (= 4.0.0.rc1) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.0.rc1) + sprockets-rails (~> 2.0.0.rc4) + railties (4.0.0.rc1) + actionpack (= 4.0.0.rc1) + activesupport (= 4.0.0.rc1) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) rake (10.0.4) rdoc (4.0.1) json (~> 1.4) ruby-openid (2.2.3) - sprockets (2.9.2) + sprockets (2.9.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.0.0.rc3) + sprockets-rails (2.0.0.rc4) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (~> 2.8) @@ -134,7 +128,7 @@ GEM thor (0.18.1) thread_safe (0.1.0) atomic - tilt (1.3.7) + tilt (1.4.0) treetop (1.4.12) polyglot polyglot (>= 0.3.1) @@ -160,7 +154,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 (~> 1.0.0) omniauth-openid (~> 1.0.1) - rails (~> 4.0.0.beta)! + rails (~> 4.0.0.rc1) rdoc sqlite3 webrat (= 0.7.2) From 1f9ebbd9f402deb3b548a07b4b737883a4ff1472 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 22:04:27 -0300 Subject: [PATCH 33/37] Update gemspec dependency to Rails 4 rc1 as well --- Gemfile.lock | 2 +- devise.gemspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1ef1361c..b2305a8f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -15,7 +15,7 @@ PATH devise (2.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) - railties (~> 4.0.0.beta) + railties (~> 4.0.0.rc1) warden (~> 1.2.1) GEM diff --git a/devise.gemspec b/devise.gemspec index 930762a4..082f5597 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -22,5 +22,5 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.1") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") - s.add_dependency("railties", "~> 4.0.0.beta") + s.add_dependency("railties", "~> 4.0.0.rc1") end From 0fe03731447a091a2fe51d9364b25b65b4640bac Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 22:52:26 -0300 Subject: [PATCH 34/37] Fix location of parameter sanitizer in docs [ci skip] --- lib/devise/controllers/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 991f7ab5..4fa64241 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -81,7 +81,7 @@ module Devise end # Setup a param sanitizer to filter parameters using strong_parameters. See - # lib/devise/controllers/parameter_sanitizer.rb for more info. Override this + # lib/devise/parameter_sanitizer.rb for more info. Override this # method in your application controller to use your own parameter sanitizer. def devise_parameter_sanitizer @devise_parameter_sanitizer ||= if defined?(ActionController::StrongParameters) From 69f79ad446101b45bf7ec29d290dc2be96142686 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 May 2013 22:56:46 -0300 Subject: [PATCH 35/37] Let Devise play with both Rails 3.2 and Rails 4 for now --- .travis.yml | 3 + Gemfile.lock | 2 +- devise.gemspec | 2 +- gemfiles/Gemfile.rails-3.2.x | 31 ++++ gemfiles/Gemfile.rails-3.2.x.lock | 156 ++++++++++++++++++ test/controllers/internal_helpers_test.rb | 15 +- test/integration/recoverable_test.rb | 3 +- test/integration/registerable_test.rb | 6 +- test/models/validatable_test.rb | 14 +- test/omniauth/url_helpers_test.rb | 5 +- .../config/initializers/secret_token.rb | 9 +- test/routes_test.rb | 28 ++-- test/test_helper.rb | 7 + 13 files changed, 255 insertions(+), 26 deletions(-) create mode 100644 gemfiles/Gemfile.rails-3.2.x create mode 100644 gemfiles/Gemfile.rails-3.2.x.lock diff --git a/.travis.yml b/.travis.yml index fed6a2ba..399c8cbc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,9 @@ rvm: env: - DEVISE_ORM=mongoid - DEVISE_ORM=active_record +gemfile: + - gemfiles/Gemfile.rails-3.2.x + - Gemfile services: - mongodb notifications: diff --git a/Gemfile.lock b/Gemfile.lock index b2305a8f..5bc39146 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -15,7 +15,7 @@ PATH devise (2.2.3) bcrypt-ruby (~> 3.0) orm_adapter (~> 0.1) - railties (~> 4.0.0.rc1) + railties (>= 3.2.6, < 5) warden (~> 1.2.1) GEM diff --git a/devise.gemspec b/devise.gemspec index 082f5597..a636d9ad 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -22,5 +22,5 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.1") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt-ruby", "~> 3.0") - s.add_dependency("railties", "~> 4.0.0.rc1") + s.add_dependency("railties", ">= 3.2.6", "< 5") end diff --git a/gemfiles/Gemfile.rails-3.2.x b/gemfiles/Gemfile.rails-3.2.x new file mode 100644 index 00000000..dfc936c5 --- /dev/null +++ b/gemfiles/Gemfile.rails-3.2.x @@ -0,0 +1,31 @@ +source "https://rubygems.org" + +gemspec :path => '..' + +gem "rails", "~> 3.2.6" +gem "omniauth", "~> 1.0.0" +gem "omniauth-oauth2", "~> 1.0.0" +gem "rdoc" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid", "~> 1.0.1" + gem "webrat", "0.7.3", :require => false + gem "mocha", "~> 0.13.1", :require => false +end + +platforms :jruby do + gem "activerecord-jdbc-adapter" + gem "activerecord-jdbcsqlite3-adapter" + gem "jruby-openssl" +end + +platforms :ruby do + gem "sqlite3" +end + +platforms :mri_19, :mri_20 do + group :mongoid do + gem "mongoid", "~> 3.0" + end +end diff --git a/gemfiles/Gemfile.rails-3.2.x.lock b/gemfiles/Gemfile.rails-3.2.x.lock new file mode 100644 index 00000000..9bac2910 --- /dev/null +++ b/gemfiles/Gemfile.rails-3.2.x.lock @@ -0,0 +1,156 @@ +PATH + remote: /Users/carlos/Projects/oss/devise + specs: + devise (2.2.3) + bcrypt-ruby (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 3.2.6, < 5) + warden (~> 1.2.1) + +GEM + remote: https://rubygems.org/ + specs: + actionmailer (3.2.13) + actionpack (= 3.2.13) + mail (~> 2.5.3) + actionpack (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) + builder (~> 3.0.0) + erubis (~> 2.7.0) + journey (~> 1.0.4) + rack (~> 1.4.5) + rack-cache (~> 1.2) + rack-test (~> 0.6.1) + sprockets (~> 2.2.1) + activemodel (3.2.13) + activesupport (= 3.2.13) + builder (~> 3.0.0) + activerecord (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) + arel (~> 3.0.2) + tzinfo (~> 0.3.29) + activeresource (3.2.13) + activemodel (= 3.2.13) + activesupport (= 3.2.13) + activesupport (3.2.13) + i18n (= 0.6.1) + multi_json (~> 1.0) + arel (3.0.2) + bcrypt-ruby (3.0.1) + builder (3.0.4) + erubis (2.7.0) + faraday (0.8.7) + multipart-post (~> 1.1) + hashie (1.2.0) + hike (1.2.2) + httpauth (0.2.0) + i18n (0.6.1) + journey (1.0.4) + json (1.7.7) + jwt (0.1.8) + multi_json (>= 1.5) + mail (2.5.3) + i18n (>= 0.4.0) + mime-types (~> 1.16) + treetop (~> 1.4.8) + metaclass (0.0.1) + mime-types (1.23) + mocha (0.13.3) + metaclass (~> 0.0.1) + mongoid (3.1.3) + activemodel (~> 3.2) + moped (~> 1.4.2) + origin (~> 1.0) + tzinfo (~> 0.3.22) + moped (1.4.5) + multi_json (1.7.2) + multipart-post (1.2.0) + nokogiri (1.5.9) + oauth2 (0.8.1) + faraday (~> 0.8) + httpauth (~> 0.1) + jwt (~> 0.1.4) + multi_json (~> 1.0) + rack (~> 1.2) + omniauth (1.0.3) + hashie (~> 1.2) + rack + omniauth-facebook (1.4.0) + omniauth-oauth2 (~> 1.0.2) + omniauth-oauth2 (1.0.3) + oauth2 (~> 0.8.0) + omniauth (~> 1.0) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + origin (1.1.0) + orm_adapter (0.4.0) + polyglot (0.3.3) + rack (1.4.5) + rack-cache (1.2) + rack (>= 0.4) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-ssl (1.3.3) + rack + rack-test (0.6.2) + rack (>= 1.0) + rails (3.2.13) + actionmailer (= 3.2.13) + actionpack (= 3.2.13) + activerecord (= 3.2.13) + activeresource (= 3.2.13) + activesupport (= 3.2.13) + bundler (~> 1.0) + railties (= 3.2.13) + railties (3.2.13) + actionpack (= 3.2.13) + activesupport (= 3.2.13) + rack-ssl (~> 1.3.2) + rake (>= 0.8.7) + rdoc (~> 3.4) + thor (>= 0.14.6, < 2.0) + rake (10.0.4) + rdoc (3.12.2) + json (~> 1.4) + ruby-openid (2.2.3) + sprockets (2.2.2) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sqlite3 (1.3.7) + thor (0.18.1) + tilt (1.4.0) + treetop (1.4.12) + polyglot + polyglot (>= 0.3.1) + tzinfo (0.3.37) + warden (1.2.1) + rack (>= 1.0) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + +PLATFORMS + ruby + +DEPENDENCIES + activerecord-jdbc-adapter + activerecord-jdbcsqlite3-adapter + devise! + jruby-openssl + mocha (~> 0.13.1) + mongoid (~> 3.0) + omniauth (~> 1.0.0) + omniauth-facebook + omniauth-oauth2 (~> 1.0.0) + omniauth-openid (~> 1.0.1) + rails (~> 3.2.6) + rdoc + sqlite3 + webrat (= 0.7.3) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index daa338fe..cf38d136 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -35,10 +35,17 @@ class HelpersTest < ActionController::TestCase test 'get resource params from request params using resource name as key' do user_params = {'email' => 'shirley@templar.com'} - @controller.stubs(:params).returns(ActionController::Parameters.new({'user' => user_params})) - # Stub controller name so strong parameters can filter properly. - # DeviseController does not allow any parameters by default. - @controller.stubs(:controller_name).returns(:sessions_controller) + + params = if Devise.rails4? + # Stub controller name so strong parameters can filter properly. + # DeviseController does not allow any parameters by default. + @controller.stubs(:controller_name).returns(:sessions_controller) + + ActionController::Parameters.new({'user' => user_params}) + else + HashWithIndifferentAccess.new({'user' => user_params}) + end + @controller.stubs(:params).returns(params) assert_equal user_params, @controller.send(:resource_params) end diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 98acd056..4fca0037 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -153,7 +153,8 @@ class PasswordTest < ActionDispatch::IntegrationTest assert_response :success assert_current_url '/users/password' assert_have_selector '#error_explanation' - assert_contain 'Password confirmation doesn\'t match Password' + assert_contain Devise.rails4? ? + "Password confirmation doesn't match Password" : "Password doesn't match confirmation" assert_not user.reload.valid_password?('987654321') end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 7923ba9a..0d2fb64f 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -100,7 +100,8 @@ class RegistrationTest < ActionDispatch::IntegrationTest assert_template 'registrations/new' assert_have_selector '#error_explanation' assert_contain "Email is invalid" - assert_contain "Password confirmation doesn't match Password" + assert_contain Devise.rails4? ? + "Password confirmation doesn't match Password" : "Password doesn't match confirmation" assert_contain "2 errors prohibited" assert_nil User.first @@ -206,7 +207,8 @@ class RegistrationTest < ActionDispatch::IntegrationTest fill_in 'current password', :with => '12345678' click_button 'Update' - assert_contain "Password confirmation doesn't match Password" + assert_contain Devise.rails4? ? + "Password confirmation doesn't match Password" : "Password doesn't match confirmation" assert_not User.first.valid_password?('pas123') end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 0008aed4..b291fedd 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -56,7 +56,12 @@ class ValidatableTest < ActiveSupport::TestCase test 'should require confirmation to be set when creating a new record' do user = new_user(:password => 'new_password', :password_confirmation => 'blabla') assert user.invalid? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + + if Devise.rails4? + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + else + assert_equal 'doesn\'t match confirmation', user.errors[:password].join + end end test 'should require password when updating/reseting password' do @@ -73,7 +78,12 @@ class ValidatableTest < ActiveSupport::TestCase user = create_user user.password_confirmation = 'another_password' assert user.invalid? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + + if Devise.rails4? + assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + else + assert_equal 'doesn\'t match confirmation', user.errors[:password].join + end end test 'should require a password with minimum of 6 characters' do diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 785ef25b..9a8b4653 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -1,6 +1,9 @@ require 'test_helper' class OmniAuthRoutesTest < ActionController::TestCase + ExpectedUrlGeneratiorError = Devise.rails4? ? + ActionController::UrlGenerationError : ActionController::RoutingError + tests ApplicationController def assert_path(action, provider, with_param=true) @@ -30,7 +33,7 @@ class OmniAuthRoutesTest < ActionController::TestCase test 'should generate authorization path' do assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook) - assert_raise ActionController::UrlGenerationError do + assert_raise ExpectedUrlGeneratiorError do @controller.omniauth_authorize_path(:user, :github) end end diff --git a/test/rails_app/config/initializers/secret_token.rb b/test/rails_app/config/initializers/secret_token.rb index 4089a38c..93864c62 100644 --- a/test/rails_app/config/initializers/secret_token.rb +++ b/test/rails_app/config/initializers/secret_token.rb @@ -1 +1,8 @@ -RailsApp::Application.config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' +config = Rails.application.config + +if Devise.rails4? + config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10' +else + config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571' + config.session_store :cookie_store, :key => "_my_app" +end diff --git a/test/routes_test.rb b/test/routes_test.rb index e80ccf6e..3abbfc04 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -1,5 +1,7 @@ require 'test_helper' +ExpectedRoutingError = Devise.rails4? ? MiniTest::Assertion : ActionController::RoutingError + class DefaultRoutingTest < ActionController::TestCase test 'map new user session' do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => 'users/sign_in', :method => :get}) @@ -101,7 +103,7 @@ class DefaultRoutingTest < ActionController::TestCase assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'google'}, {:path => 'users/auth/google/callback', :method => :post}) assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'ysers/omniauth_callbacks', :action => 'twitter'}, {:path => 'users/auth/twitter/callback', :method => :get}) end end @@ -123,7 +125,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'does not map admin password' do - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'admin_area/password/new') end end @@ -133,7 +135,7 @@ class CustomizedRoutingTest < ActionController::TestCase end test 'does only map reader password' do - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, 'reader/sessions/new') end assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'reader/password/new') @@ -161,14 +163,14 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map deletes with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :delete}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :get}) end end test 'map posts with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :post}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :get}) end end @@ -176,56 +178,56 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map delete_or_posts with :sign_out_via option' do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :post}) assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :delete}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :get}) end end test 'map with constraints defined in hash' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/headquarters/sign_up', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100/headquarters/sign_up', :method => :get}) end end test 'map with constraints defined in block' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/homebase/sign_up', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100//homebase/sign_up', :method => :get}) end end test 'map with format false for sessions' do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in.xml', :method => :get}) end end test 'map with format false for passwords' do assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password', :method => :post}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password.xml', :method => :post}) end end test 'map with format false for registrations' do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up.xml', :method => :get}) end end test 'map with format false for confirmations' do assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation.xml', :method => :get}) end end test 'map with format false for unlocks' do assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock', :method => :get}) - assert_raise Assertion do + assert_raise ExpectedRoutingError do assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock.xml', :method => :get}) end end diff --git a/test/test_helper.rb b/test/test_helper.rb index 60420446..1548e93a 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -4,6 +4,13 @@ DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym $:.unshift File.dirname(__FILE__) puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}" +module Devise + # Detection for minor differences between Rails 3.2 and 4 in tests. + def self.rails4? + Rails.version.start_with? '4' + end +end + require "rails_app/config/environment" require "rails/test_help" require "orm/#{DEVISE_ORM}" From a4efbb9ad692110856970fa09851aac07520d625 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 13:05:02 -0300 Subject: [PATCH 36/37] Update mongo revision --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8023bfef..d6c11a17 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: git://github.com/mongoid/mongoid.git - revision: f703270f44021fb9e7411d8ed113159282e726c6 + revision: fe7f43430580860db6d1d89cea27eda24ab60ab1 branch: master specs: mongoid (4.0.0) From 6b5988d756d780903bf8c9ccb3e2b3b724ccebe8 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 May 2013 13:12:21 -0300 Subject: [PATCH 37/37] Add changelog note about Rails 4 and Strong Params support Plus dropping support for Rails < 3.2 and Ruby < 1.9.3 [ci skip] --- CHANGELOG.rdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 48d1fae9..ff768d36 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,9 @@ +== master + +* enhancements + * Rails 4 and Strong Parameters compatibility. (@carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) + * Drop support for Rails < 3.2 and Ruby < 1.9.3. + == 2.2.4 * enhancements