kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Merge pull request #2376 from plataformatec/rails4

Browse source 
Support Rails 4

Keep compatibility with Rails 3.2. Drop support to Ruby 1.8.
This commit is contained in:
Carlos Antonio da Silva 2013-05-07 09:22:23 -07:00
commit 270e2ece19
47 changed files with 540 additions and 337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.travis.yml
View file

@ -1,28 +1,13 @@
language: ruby
script: "bundle exec rake test"
rvm:
- 1.8.7
- 1.9.2
- 1.9.3
- 2.0.0
env:
- DEVISE_ORM=mongoid
- DEVISE_ORM=active_record
matrix:
exclude:
- rvm: 1.8.7
env: DEVISE_ORM=mongoid
gemfile: Gemfile
- rvm: 1.8.7
env: DEVISE_ORM=mongoid
gemfile: gemfiles/Gemfile.rails-3.1.x
- rvm: 1.9.2
env: DEVISE_ORM=mongoid
gemfile: Gemfile
- rvm: 1.9.2
env: DEVISE_ORM=mongoid
gemfile: gemfiles/Gemfile.rails-3.1.x
gemfile:
- gemfiles/Gemfile.rails-3.1.x
- gemfiles/Gemfile.rails-3.2.x
- Gemfile
services:
- mongodb

6
CHANGELOG.rdoc
View file

@ -1,3 +1,9 @@
== master
* enhancements
* Rails 4 and Strong Parameters compatibility. (@carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino)
* Drop support for Rails < 3.2 and Ruby < 1.9.3.
== 2.2.4
* enhancements

7
Gemfile
View file

@ -2,7 +2,7 @@ source "https://rubygems.org"
gemspec
gem "rails", "~> 3.2.6"
gem "rails", "~> 4.0.0.rc1"
gem "omniauth", "~> 1.0.0"
gem "omniauth-oauth2", "~> 1.0.0"
gem "rdoc"
@ -24,9 +24,8 @@ platforms :ruby do
gem "sqlite3"
end
platforms :mri_19 do
platforms :mri_19, :mri_20 do
group :mongoid do
gem "mongoid", "~> 3.0"
gem "mongoid", github: "mongoid/mongoid", branch: "master"
end
end

126
Gemfile.lock
View file

@ -1,53 +1,61 @@
GIT
remote: git://github.com/mongoid/mongoid.git
revision: fe7f43430580860db6d1d89cea27eda24ab60ab1
branch: master
specs:
mongoid (4.0.0)
activemodel (~> 4.0.0.rc1)
moped (~> 1.4.2)
origin (~> 1.0)
tzinfo (~> 0.3.22)
PATH
remote: .
specs:
devise (2.2.4)
bcrypt-ruby (~> 3.0)
orm_adapter (~> 0.1)
railties (~> 3.1)
railties (>= 3.2.6, < 5)
warden (~> 1.2.1)
GEM
remote: https://rubygems.org/
specs:
actionmailer (3.2.13)
actionpack (= 3.2.13)
actionmailer (4.0.0.rc1)
actionpack (= 4.0.0.rc1)
mail (~> 2.5.3)
actionpack (3.2.13)
activemodel (= 3.2.13)
activesupport (= 3.2.13)
builder (~> 3.0.0)
actionpack (4.0.0.rc1)
activesupport (= 4.0.0.rc1)
builder (~> 3.1.0)
erubis (~> 2.7.0)
journey (~> 1.0.4)
rack (~> 1.4.5)
rack-cache (~> 1.2)
rack-test (~> 0.6.1)
sprockets (~> 2.2.1)
activemodel (3.2.13)
activesupport (= 3.2.13)
builder (~> 3.0.0)
activerecord (3.2.13)
activemodel (= 3.2.13)
activesupport (= 3.2.13)
arel (~> 3.0.2)
tzinfo (~> 0.3.29)
activeresource (3.2.13)
activemodel (= 3.2.13)
activesupport (= 3.2.13)
activesupport (3.2.13)
i18n (= 0.6.1)
multi_json (~> 1.0)
arel (3.0.2)
rack (~> 1.5.2)
rack-test (~> 0.6.2)
activemodel (4.0.0.rc1)
activesupport (= 4.0.0.rc1)
builder (~> 3.1.0)
activerecord (4.0.0.rc1)
activemodel (= 4.0.0.rc1)
activerecord-deprecated_finders (~> 1.0.2)
activesupport (= 4.0.0.rc1)
arel (~> 4.0.0)
activerecord-deprecated_finders (1.0.2)
activesupport (4.0.0.rc1)
i18n (~> 0.6, >= 0.6.4)
minitest (~> 4.2)
multi_json (~> 1.3)
thread_safe (~> 0.1)
tzinfo (~> 0.3.37)
arel (4.0.0)
atomic (1.1.8)
bcrypt-ruby (3.0.1)
builder (3.0.4)
builder (3.1.4)
erubis (2.7.0)
faraday (0.8.7)
multipart-post (~> 1.1)
hashie (1.2.0)
hike (1.2.2)
httpauth (0.2.0)
i18n (0.6.1)
journey (1.0.4)
i18n (0.6.4)
json (1.7.7)
jwt (0.1.8)
multi_json (>= 1.5)
@ -56,14 +64,10 @@ GEM
mime-types (~> 1.16)
treetop (~> 1.4.8)
metaclass (0.0.1)
mime-types (1.22)
mime-types (1.23)
minitest (4.7.4)
mocha (0.13.3)
metaclass (~> 0.0.1)
mongoid (3.1.2)
activemodel (~> 3.2)
moped (~> 1.4.2)
origin (~> 1.0)
tzinfo (~> 0.3.22)
moped (1.4.5)
multi_json (1.7.2)
multipart-post (1.2.0)
@ -85,46 +89,46 @@ GEM
omniauth-openid (1.0.1)
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
origin (1.0.11)
origin (1.1.0)
orm_adapter (0.4.0)
polyglot (0.3.3)
rack (1.4.5)
rack-cache (1.2)
rack (>= 0.4)
rack (1.5.2)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-ssl (1.3.3)
rack
rack-test (0.6.2)
rack (>= 1.0)
rails (3.2.13)
actionmailer (= 3.2.13)
actionpack (= 3.2.13)
activerecord (= 3.2.13)
activeresource (= 3.2.13)
activesupport (= 3.2.13)
bundler (~> 1.0)
railties (= 3.2.13)
railties (3.2.13)
actionpack (= 3.2.13)
activesupport (= 3.2.13)
rack-ssl (~> 1.3.2)
rails (4.0.0.rc1)
actionmailer (= 4.0.0.rc1)
actionpack (= 4.0.0.rc1)
activerecord (= 4.0.0.rc1)
activesupport (= 4.0.0.rc1)
bundler (>= 1.3.0, < 2.0)
railties (= 4.0.0.rc1)
sprockets-rails (~> 2.0.0.rc4)
railties (4.0.0.rc1)
actionpack (= 4.0.0.rc1)
activesupport (= 4.0.0.rc1)
rake (>= 0.8.7)
rdoc (~> 3.4)
thor (>= 0.14.6, < 2.0)
thor (>= 0.18.1, < 2.0)
rake (10.0.4)
rdoc (3.12.2)
rdoc (4.0.1)
json (~> 1.4)
ruby-openid (2.2.3)
sprockets (2.2.2)
sprockets (2.9.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.0.0.rc4)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (~> 2.8)
sqlite3 (1.3.7)
thor (0.18.1)
tilt (1.3.7)
thread_safe (0.1.0)
atomic
tilt (1.4.0)
treetop (1.4.12)
polyglot
polyglot (>= 0.3.1)
@ -145,12 +149,12 @@ DEPENDENCIES
devise!
jruby-openssl
mocha (~> 0.13.1)
mongoid (~> 3.0)
mongoid!
omniauth (~> 1.0.0)
omniauth-facebook
omniauth-oauth2 (~> 1.0.0)
omniauth-openid (~> 1.0.1)
rails (~> 3.2.6)
rails (~> 4.0.0.rc1)
rdoc
sqlite3
webrat (= 0.7.3)

80
README.md
View file

@ -143,7 +143,7 @@ user_session
After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use `user_root_path` if it exists, otherwise default `root_path` will be used. This means that you need to set the root inside your routes:
```ruby
root :to => "home#index"
root to: "home#index"
```
You can also overwrite `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks.
@ -176,34 +176,31 @@ devise :database_authenticatable, :registerable, :confirmable, :recoverable, :st
Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the "devise:install" generator described above.
### Configuring multiple models
### Strong Parameters
Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps:
When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permited parameters by default are:
* `sign_in` (`Devise::SessionsController#new`) - Permits only the authentication keys (like `email`)
* `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
* `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password`
In case you want to customize the permitted parameters (the lazy way™) you can do with a simple before filter in your `ApplicationController`:
```ruby
# Create a migration with the required fields
create_table :admins do |t|
t.string :email
t.string :encrypted_password
t.timestamps
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) }
end
end
# Inside your Admin model
devise :database_authenticatable, :timeoutable
# Inside your routes
devise_for :admins
# Inside your protected controller
before_filter :authenticate_admin!
# Inside your controllers and views
admin_signed_in?
current_admin
admin_session
```
On the other hand, you can simply run the generator!
The example above overrides the permitted parameters for the user to be both `:username` and `:email`. The non-lazy way to configure parameters would be by defining the before filter above in a custom controller. We detail how to configure and customize controllers in some sections below.
### Configuring views
@ -353,15 +350,40 @@ You can read more about Omniauth support in the wiki:
* https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
### Configuring multiple models
Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps:
```ruby
# Create a migration with the required fields
create_table :admins do |t|
t.string :email
t.string :encrypted_password
t.timestamps
end
# Inside your Admin model
devise :database_authenticatable, :timeoutable
# Inside your routes
devise_for :admins
# Inside your protected controller
before_filter :authenticate_admin!
# Inside your controllers and views
admin_signed_in?
current_admin
admin_session
```
On the other hand, you can simply run the generator!
### Other ORMs
Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file.
### Migrating from other solutions
Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of these strategies, you need set the desired encryptor in the encryptor initializer config option and add :encryptable to your model. You might also need to rename your encrypted password and salt columns to match Devise's fields (encrypted_password and password_salt).
## Troubleshooting
## Additional information
### Heroku
@ -373,8 +395,6 @@ config.assets.initialize_on_precompile = false
Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html
## Additional information
### Warden
Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here:

3
app/controllers/devise/confirmations_controller.rb
View file

@ -1,7 +1,7 @@
class Devise::ConfirmationsController < DeviseController
# GET /resource/confirmation/new
def new
build_resource({})
self.resource = resource_class.new
end
# POST /resource/confirmation
@ -39,5 +39,4 @@ class Devise::ConfirmationsController < DeviseController
def after_confirmation_path_for(resource_name, resource)
after_sign_in_path_for(resource)
end
end

2
app/controllers/devise/passwords_controller.rb
View file

@ -5,7 +5,7 @@ class Devise::PasswordsController < DeviseController
# GET /resource/password/new
def new
build_resource({})
self.resource = resource_class.new
end
# POST /resource/password

19
app/controllers/devise/registrations_controller.rb
View file

@ -4,13 +4,13 @@ class Devise::RegistrationsController < DeviseController
# GET /resource/sign_up
def new
resource = build_resource({})
respond_with resource
build_resource({})
respond_with self.resource
end
# POST /resource
def create
build_resource
self.resource = build_resource(sign_up_params)
if resource.save
if resource.active_for_authentication?
@ -40,7 +40,7 @@ class Devise::RegistrationsController < DeviseController
self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)
if resource.update_with_password(resource_params)
if resource.update_with_password(account_update_params)
if is_navigational_format?
flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
:update_needs_confirmation : :updated
@ -83,8 +83,7 @@ class Devise::RegistrationsController < DeviseController
# Build a devise resource passing in the session. Useful to move
# temporary session data to the newly created user.
def build_resource(hash=nil)
hash ||= resource_params || {}
self.resource = resource_class.new_with_session(hash, session)
self.resource = resource_class.new_with_session(hash || {}, session)
end
# Signs in a user on sign up. You can overwrite this method in your own
@ -116,4 +115,12 @@ class Devise::RegistrationsController < DeviseController
send(:"authenticate_#{resource_name}!", :force => true)
self.resource = send(:"current_#{resource_name}")
end
def sign_up_params
devise_parameter_sanitizer.for(:sign_up)
end
def account_update_params
devise_parameter_sanitizer.for(:account_update)
end
end

6
app/controllers/devise/sessions_controller.rb
View file

@ -5,7 +5,7 @@ class Devise::SessionsController < DeviseController
# GET /resource/sign_in
def new
self.resource = build_resource(nil, :unsafe => true)
self.resource = resource_class.new(sign_in_params)
clean_up_passwords(resource)
respond_with(resource, serialize_options(resource))
end
@ -34,6 +34,10 @@ class Devise::SessionsController < DeviseController
protected
def sign_in_params
devise_parameter_sanitizer.for(:sign_in)
end
def serialize_options(resource)
methods = resource_class.authentication_keys.dup
methods = methods.keys if methods.is_a?(Hash)

2
app/controllers/devise/unlocks_controller.rb
View file

@ -3,7 +3,7 @@ class Devise::UnlocksController < DeviseController
# GET /resource/unlock/new
def new
build_resource({})
self.resource = resource_class.new
end
# POST /resource/unlock

25
app/controllers/devise_controller.rb
View file

@ -28,10 +28,6 @@ class DeviseController < Devise.parent_controller.constantize
devise_mapping.to
end
def resource_params
params[resource_name]
end
# Returns a signed in resource from session (if one exists)
def signed_in_resource
warden.authenticate(:scope => resource_name)
@ -93,23 +89,6 @@ MESSAGE
instance_variable_set(:"@#{resource_name}", new_resource)
end
# Build a devise resource.
# Assignment bypasses attribute protection when :unsafe option is passed
def build_resource(hash = nil, options = {})
hash ||= resource_params || {}
if options[:unsafe]
self.resource = resource_class.new.tap do |resource|
hash.each do |key, value|
setter = :"#{key}="
resource.send(setter, value) if resource.respond_to?(setter)
end
end
else
self.resource = resource_class.new(hash)
end
end
# Helper for use in before_filters where no authentication is required.
#
# Example:
@ -186,4 +165,8 @@ MESSAGE
format.any(*navigational_formats, &block)
end
end
def resource_params
params.fetch(resource_name, {})
end
end

2
devise.gemspec
View file

@ -22,5 +22,5 @@ Gem::Specification.new do |s|
s.add_dependency("warden", "~> 1.2.1")
s.add_dependency("orm_adapter", "~> 0.1")
s.add_dependency("bcrypt-ruby", "~> 3.0")
s.add_dependency("railties", "~> 3.1")
s.add_dependency("railties", ">= 3.2.6", "< 5")
end

10
gemfiles/Gemfile.rails-3.1.x → gemfiles/Gemfile.rails-3.2.x
View file

@ -1,8 +1,8 @@
source "https://rubygems.org"
gem "devise", :path => ".."
gemspec :path => '..'
gem "rails", "~> 3.1.0"
gem "rails", "~> 3.2.6"
gem "omniauth", "~> 1.0.0"
gem "omniauth-oauth2", "~> 1.0.0"
gem "rdoc"
@ -12,10 +12,6 @@ group :test do
gem "omniauth-openid", "~> 1.0.1"
gem "webrat", "0.7.3", :require => false
gem "mocha", "~> 0.13.1", :require => false
platforms :mri_18 do
gem "ruby-debug", ">= 0.10.3"
end
end
platforms :jruby do
@ -28,7 +24,7 @@ platforms :ruby do
gem "sqlite3"
end
platforms :mri_19 do
platforms :mri_19, :mri_20 do
group :mongoid do
gem "mongoid", "~> 3.0"
end

99
gemfiles/Gemfile.rails-3.1.x.lock → gemfiles/Gemfile.rails-3.2.x.lock
View file

@ -4,57 +4,54 @@ PATH
devise (2.2.4)
bcrypt-ruby (~> 3.0)
orm_adapter (~> 0.1)
railties (~> 3.1)
railties (>= 3.2.6, < 5)
warden (~> 1.2.1)
GEM
remote: https://rubygems.org/
specs:
actionmailer (3.1.12)
actionpack (= 3.1.12)
mail (~> 2.4.4)
actionpack (3.1.12)
activemodel (= 3.1.12)
activesupport (= 3.1.12)
actionmailer (3.2.13)
actionpack (= 3.2.13)
mail (~> 2.5.3)
actionpack (3.2.13)
activemodel (= 3.2.13)
activesupport (= 3.2.13)
builder (~> 3.0.0)
erubis (~> 2.7.0)
i18n (~> 0.6)
rack (~> 1.3.6)
journey (~> 1.0.4)
rack (~> 1.4.5)
rack-cache (~> 1.2)
rack-mount (~> 0.8.2)
rack-test (~> 0.6.1)
sprockets (~> 2.0.4)
activemodel (3.1.12)
activesupport (= 3.1.12)
sprockets (~> 2.2.1)
activemodel (3.2.13)
activesupport (= 3.2.13)
builder (~> 3.0.0)
i18n (~> 0.6)
activerecord (3.1.12)
activemodel (= 3.1.12)
activesupport (= 3.1.12)
arel (~> 2.2.3)
activerecord (3.2.13)
activemodel (= 3.2.13)
activesupport (= 3.2.13)
arel (~> 3.0.2)
tzinfo (~> 0.3.29)
activeresource (3.1.12)
activemodel (= 3.1.12)
activesupport (= 3.1.12)
activesupport (3.1.12)
activeresource (3.2.13)
activemodel (= 3.2.13)
activesupport (= 3.2.13)
activesupport (3.2.13)
i18n (= 0.6.1)
multi_json (~> 1.0)
arel (2.2.3)
arel (3.0.2)
bcrypt-ruby (3.0.1)
builder (3.0.4)
columnize (0.3.6)
erubis (2.7.0)
faraday (0.8.7)
multipart-post (~> 1.1)
hashie (1.2.0)
hike (1.2.2)
httpauth (0.2.0)
i18n (0.6.4)
i18n (0.6.1)
journey (1.0.4)
json (1.7.7)
jwt (0.1.8)
multi_json (>= 1.5)
linecache (0.46)
rbx-require-relative (> 0.0.4)
mail (2.4.4)
mail (2.5.3)
i18n (>= 0.4.0)
mime-types (~> 1.16)
treetop (~> 1.4.8)
@ -62,9 +59,9 @@ GEM
mime-types (1.23)
mocha (0.13.3)
metaclass (~> 0.0.1)
mongoid (3.0.23)
activemodel (~> 3.1)
moped (~> 1.2)
mongoid (3.1.3)
activemodel (~> 3.2)
moped (~> 1.4.2)
origin (~> 1.0)
tzinfo (~> 0.3.22)
moped (1.4.5)
@ -91,11 +88,9 @@ GEM
origin (1.1.0)
orm_adapter (0.4.0)
polyglot (0.3.3)
rack (1.3.10)
rack (1.4.5)
rack-cache (1.2)
rack (>= 0.4)
rack-mount (0.8.3)
rack (>= 1.0.0)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
@ -103,37 +98,32 @@ GEM
rack
rack-test (0.6.2)
rack (>= 1.0)
rails (3.1.12)
actionmailer (= 3.1.12)
actionpack (= 3.1.12)
activerecord (= 3.1.12)
activeresource (= 3.1.12)
activesupport (= 3.1.12)
rails (3.2.13)
actionmailer (= 3.2.13)
actionpack (= 3.2.13)
activerecord (= 3.2.13)
activeresource (= 3.2.13)
activesupport (= 3.2.13)
bundler (~> 1.0)
railties (= 3.1.12)
railties (3.1.12)
actionpack (= 3.1.12)
activesupport (= 3.1.12)
railties (= 3.2.13)
railties (3.2.13)
actionpack (= 3.2.13)
activesupport (= 3.2.13)
rack-ssl (~> 1.3.2)
rake (>= 0.8.7)
rdoc (~> 3.4)
thor (~> 0.14.6)
thor (>= 0.14.6, < 2.0)
rake (10.0.4)
rbx-require-relative (0.0.9)
rdoc (3.12.2)
json (~> 1.4)
ruby-debug (0.10.4)
columnize (>= 0.1)
ruby-debug-base (~> 0.10.4.0)
ruby-debug-base (0.10.4)
linecache (>= 0.3)
ruby-openid (2.2.3)
sprockets (2.0.4)
sprockets (2.2.2)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sqlite3 (1.3.7)
thor (0.14.6)
thor (0.18.1)
tilt (1.4.0)
treetop (1.4.12)
polyglot
@ -160,8 +150,7 @@ DEPENDENCIES
omniauth-facebook
omniauth-oauth2 (~> 1.0.0)
omniauth-openid (~> 1.0.1)
rails (~> 3.1.0)
rails (~> 3.2.6)
rdoc
ruby-debug (>= 0.10.3)
sqlite3
webrat (= 0.7.3)

2
lib/devise.rb
View file

@ -10,6 +10,8 @@ module Devise
autoload :FailureApp, 'devise/failure_app'
autoload :OmniAuth, 'devise/omniauth'
autoload :ParamFilter, 'devise/param_filter'
autoload :BaseSanitizer, 'devise/parameter_sanitizer'
autoload :ParameterSanitizer, 'devise/parameter_sanitizer'
autoload :TestHelpers, 'devise/test_helpers'
autoload :TimeInflector, 'devise/time_inflector'

11
lib/devise/controllers/helpers.rb
View file

@ -80,6 +80,17 @@ module Devise
is_a?(DeviseController)
end
# Setup a param sanitizer to filter parameters using strong_parameters. See
# lib/devise/parameter_sanitizer.rb for more info. Override this
# method in your application controller to use your own parameter sanitizer.
def devise_parameter_sanitizer
@devise_parameter_sanitizer ||= if defined?(ActionController::StrongParameters)
Devise::ParameterSanitizer.new(resource_class, resource_name, params)
else
Devise::BaseSanitizer.new(resource_class, resource_name, params)
end
end
# Tell warden that params authentication is allowed for that specific page.
def allow_params_authentication!
request.env["devise.allow_params_authentication"] = true

59
lib/devise/parameter_sanitizer.rb Normal file
View file

@ -0,0 +1,59 @@
module Devise
class BaseSanitizer
attr_reader :params, :resource_name, :resource_class
def initialize(resource_class, resource_name, params)
@resource_class = resource_class
@resource_name = resource_name
@params = params
@blocks = Hash.new
end
def for(kind, &block)
if block_given?
@blocks[kind] = block
else
block = @blocks[kind]
block ? block.call(default_params) : fallback_for(kind)
end
end
private
def fallback_for(kind)
default_params
end
def default_params
params.fetch(resource_name, {})
end
end
class ParameterSanitizer < BaseSanitizer
private
def fallback_for(kind)
if respond_to?(kind, true)
send(kind)
else
raise NotImplementedError, "Devise Parameter Sanitizer doesn't know how to sanitize parameters for #{kind}"
end
end
def sign_in
default_params.permit(auth_keys)
end
def sign_up
default_params.permit(auth_keys + [:password, :password_confirmation])
end
def account_update
default_params.permit(auth_keys + [:password, :password_confirmation, :current_password])
end
def auth_keys
resource_class.authentication_keys
end
end
end

5
lib/generators/active_record/devise_generator.rb
View file

@ -22,10 +22,7 @@ module ActiveRecord
end
def inject_devise_content
content = model_contents + <<CONTENT
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me
CONTENT
content = model_contents
class_path = if namespaced?
class_name.to_s.split("::")

16
test/controllers/internal_helpers_test.rb
View file

@ -34,10 +34,20 @@ class HelpersTest < ActionController::TestCase
end
test 'get resource params from request params using resource name as key' do
user_params = {'name' => 'Shirley Templar'}
@controller.stubs(:params).returns(HashWithIndifferentAccess.new({'user' => user_params}))
user_params = {'email' => 'shirley@templar.com'}
assert_equal user_params, @controller.resource_params
params = if Devise.rails4?
# Stub controller name so strong parameters can filter properly.
# DeviseController does not allow any parameters by default.
@controller.stubs(:controller_name).returns(:sessions_controller)
ActionController::Parameters.new({'user' => user_params})
else
HashWithIndifferentAccess.new({'user' => user_params})
end
@controller.stubs(:params).returns(params)
assert_equal user_params, @controller.send(:resource_params)
end
test 'resources methods are not controller actions' do

4
test/generators/active_record_generator_test.rb
View file

@ -10,13 +10,11 @@ if DEVISE_ORM == :active_record
test "all files are properly created with rails31 migration syntax" do
run_generator %w(monster)
assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
assert_migration "db/migrate/devise_create_monsters.rb", /def change/
end
test "all files for namespaced model are properly created" do
run_generator %w(admin/monster)
assert_file "app/models/admin/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
assert_migration "db/migrate/devise_create_admin_monsters.rb", /def change/
end
@ -68,7 +66,7 @@ if DEVISE_ORM == :active_record
simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
run_generator ["monster"]
assert_file "app/models/rails_engine/monster.rb", /devise/,/attr_accessible (:[a-z_]+(, )?)+/
assert_file "app/models/rails_engine/monster.rb", /devise/
end
end
end

4
test/integration/authenticatable_test.rb
View file

@ -191,7 +191,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
get dashboard_path
assert_response :success
assert_template 'home/admin'
assert_template 'home/admin_dashboard'
assert_contain 'Admin dashboard'
end
@ -203,7 +203,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
get dashboard_path
assert_response :success
assert_template 'home/user'
assert_template 'home/user_dashboard'
assert_contain 'User dashboard'
end

3
test/integration/recoverable_test.rb
View file

@ -153,7 +153,8 @@ class PasswordTest < ActionDispatch::IntegrationTest
assert_response :success
assert_current_url '/users/password'
assert_have_selector '#error_explanation'
assert_contain 'Password doesn\'t match confirmation'
assert_contain Devise.rails4? ?
"Password confirmation doesn't match Password" : "Password doesn't match confirmation"
assert_not user.reload.valid_password?('987654321')
end

14
test/integration/registerable_test.rb
View file

@ -17,7 +17,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
assert warden.authenticated?(:admin)
assert_current_url "/admin_area/home"
admin = Admin.last :order => "id"
admin = Admin.order(:id).last
assert_equal admin.email, 'new_user@test.com'
end
@ -56,7 +56,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
assert_not warden.authenticated?(:user)
user = User.last :order => "id"
user = User.order(:id).last
assert_equal user.email, 'new_user@test.com'
assert_not user.confirmed?
end
@ -100,7 +100,8 @@ class RegistrationTest < ActionDispatch::IntegrationTest
assert_template 'registrations/new'
assert_have_selector '#error_explanation'
assert_contain "Email is invalid"
assert_contain "Password doesn't match confirmation"
assert_contain Devise.rails4? ?
"Password confirmation doesn't match Password" : "Password doesn't match confirmation"
assert_contain "2 errors prohibited"
assert_nil User.first
@ -206,7 +207,8 @@ class RegistrationTest < ActionDispatch::IntegrationTest
fill_in 'current password', :with => '12345678'
click_button 'Update'
assert_contain "Password doesn't match confirmation"
assert_contain Devise.rails4? ?
"Password confirmation doesn't match Password" : "Password doesn't match confirmation"
assert_not User.first.valid_password?('pas123')
end
@ -251,7 +253,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
assert_response :success
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
admin = Admin.last :order => "id"
admin = Admin.order(:id).last
assert_equal admin.email, 'new_user@test.com'
end
@ -260,7 +262,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
assert_response :success
assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
user = User.last :order => "id"
user = User.order(:id).last
assert_equal user.email, 'new_user@test.com'
end

13
test/models/database_authenticatable_test.rb
View file

@ -123,13 +123,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
assert user.reload.valid_password?('pass4321')
end
test 'should update password with valid current password and :as option' do
user = create_user
assert user.update_with_password(:current_password => '12345678',
:password => 'pass4321', :password_confirmation => 'pass4321', :as => :admin)
assert user.reload.valid_password?('pass4321')
end
test 'should add an error to current password when it is invalid' do
user = create_user
assert_not user.update_with_password(:current_password => 'other',
@ -182,12 +175,6 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
assert_equal 'new@example.com', user.email
end
test 'should update the user without password with :as option' do
user = create_user
user.update_without_password(:email => 'new@example.com', :as => :admin)
assert_equal 'new@example.com', user.email
end
test 'should not update password without password' do
user = create_user
user.update_without_password(:password => 'pass4321', :password_confirmation => 'pass4321')

10
test/models/validatable_test.rb
View file

@ -56,8 +56,13 @@ class ValidatableTest < ActiveSupport::TestCase
test 'should require confirmation to be set when creating a new record' do
user = new_user(:password => 'new_password', :password_confirmation => 'blabla')
assert user.invalid?
if Devise.rails4?
assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
else
assert_equal 'doesn\'t match confirmation', user.errors[:password].join
end
end
test 'should require password when updating/resetting password' do
user = create_user
@ -73,8 +78,13 @@ class ValidatableTest < ActiveSupport::TestCase
user = create_user
user.password_confirmation = 'another_password'
assert user.invalid?
if Devise.rails4?
assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join
else
assert_equal 'doesn\'t match confirmation', user.errors[:password].join
end
end
test 'should require a password with minimum of 6 characters' do
user = new_user(:password => '12345', :password_confirmation => '12345')

5
test/omniauth/url_helpers_test.rb
View file

@ -1,6 +1,9 @@
require 'test_helper'
class OmniAuthRoutesTest < ActionController::TestCase
ExpectedUrlGeneratiorError = Devise.rails4? ?
ActionController::UrlGenerationError : ActionController::RoutingError
tests ApplicationController
def assert_path(action, provider, with_param=true)
@ -30,7 +33,7 @@ class OmniAuthRoutesTest < ActionController::TestCase
test 'should generate authorization path' do
assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook)
assert_raise ActionController::RoutingError do
assert_raise ExpectedUrlGeneratiorError do
@controller.omniauth_authorize_path(:user, :github)
end
end

1
test/orm/active_record.rb
View file

@ -1,5 +1,6 @@
ActiveRecord::Migration.verbose = false
ActiveRecord::Base.logger = Logger.new(nil)
ActiveRecord::Base.include_root_in_json = true
ActiveRecord::Migrator.migrate(File.expand_path("../../rails_app/db/migrate/", __FILE__))

51
test/parameter_sanitizer_test.rb Normal file
View file

@ -0,0 +1,51 @@
require 'test_helper'
require 'devise/parameter_sanitizer'
class BaseSanitizerTest < ActiveSupport::TestCase
def sanitizer
Devise::BaseSanitizer.new(User, :user, { user: { "email" => "jose" } })
end
test 'returns chosen params' do
assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in))
end
end
if defined?(ActionController::StrongParameters)
require 'active_model/forbidden_attributes_protection'
class ParameterSanitizerTest < ActiveSupport::TestCase
def sanitizer(params)
params = ActionController::Parameters.new(params)
Devise::ParameterSanitizer.new(User, :user, params)
end
test 'filters some parameters on sign in by default' do
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
assert_equal({ "email" => "jose" }, sanitizer.for(:sign_in))
end
test 'filters some parameters on sign up by default' do
sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
assert_equal({ "email" => "jose" }, sanitizer.for(:sign_up))
end
test 'filters some parameters on account update by default' do
sanitizer = sanitizer(user: { "email" => "jose", "role" => "invalid" })
assert_equal({ "email" => "jose" }, sanitizer.for(:account_update))
end
test 'allows custom hooks' do
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
sanitizer.for(:sign_in) { |user| user.permit(:email, :password) }
assert_equal({ "email" => "jose", "password" => "invalid" }, sanitizer.for(:sign_in))
end
test 'raises on unknown hooks' do
sanitizer = sanitizer(user: { "email" => "jose", "password" => "invalid" })
assert_raise NotImplementedError do
sanitizer.for(:unknown)
end
end
end
end

4
test/rails_app/Rakefile
View file

@ -3,8 +3,4 @@
require File.expand_path('../config/application', __FILE__)
require 'rake'
require 'rake/testtask'
require 'rake/rdoctask'
Rails.application.load_tasks

5
test/rails_app/app/mongoid/shim.rb
View file

@ -7,9 +7,8 @@ module Shim
end
module ClassMethods
def last(options = {})
options.delete(:order) if options[:order] == "id"
where(options).last
def order(attribute)
asc(attribute)
end
def find_by_email(email)

3
test/rails_app/bin/bundle Executable file
View file

@ -0,0 +1,3 @@
#!/usr/bin/env ruby
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
load Gem.bin_path('bundler', 'bundle')

4
test/rails_app/bin/rails Executable file
View file

@ -0,0 +1,4 @@
#!/usr/bin/env ruby
APP_PATH = File.expand_path('../../config/application', __FILE__)
require_relative '../config/boot'
require 'rails/commands'

4
test/rails_app/bin/rake Executable file
View file

@ -0,0 +1,4 @@
#!/usr/bin/env ruby
require_relative '../config/boot'
require 'rake'
Rake.application.run

3
test/rails_app/config/application.rb
View file

@ -2,7 +2,6 @@ require File.expand_path('../boot', __FILE__)
require "action_controller/railtie"
require "action_mailer/railtie"
require "active_resource/railtie"
require "rails/test_unit/railtie"
Bundler.require :default, DEVISE_ORM
@ -17,7 +16,7 @@ require "devise"
module RailsApp
class Application < Rails::Application
# Add additional load paths for your own custom dirs
config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers views).include?($1) }
config.autoload_paths.reject!{ |p| p =~ /\/app\/(\w+)$/ && !%w(controllers helpers mailers views).include?($1) }
config.autoload_paths += [ "#{config.root}/app/#{DEVISE_ORM}" ]
# Configure generators values. Many other options are available, be sure to check the documentation.

6
test/rails_app/config/boot.rb
View file

@ -2,7 +2,7 @@ unless defined?(DEVISE_ORM)
DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym
end
require 'rubygems'
require 'bundler/setup'
# Set up gems listed in the Gemfile.
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
$:.unshift File.expand_path('../../../../lib', __FILE__)
require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])

4
test/rails_app/config/environment.rb
View file

@ -1,5 +1,5 @@
# Load the rails application
# Load the rails application.
require File.expand_path('../application', __FILE__)
# Initialize the rails application
# Initialize the rails application.
RailsApp::Application.initialize!

26
test/rails_app/config/environments/development.rb
View file

@ -1,18 +1,34 @@
RailsApp::Application.configure do
# Settings specified here will take precedence over those in config/environment.rb
# Settings specified here will take precedence over those in config/application.rb.
# In the development environment your application's code is reloaded on
# every request. This slows down response time but is perfect for development
# since you don't have to restart the web server when you make code changes.
config.cache_classes = false
# Log error messages when you accidentally call methods on nil.
config.whiny_nils = true
# Do not eager load code on boot.
config.eager_load = false
# Show full error reports and disable caching
# Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
# Don't care if the mailer can't send
# Don't care if the mailer can't send.
config.action_mailer.raise_delivery_errors = false
# Print deprecation notices to the Rails logger.
config.active_support.deprecation = :log
# Only use best-standards-support built into browsers.
config.action_dispatch.best_standards_support = :builtin
# Log the query plan for queries taking more than this (works
# with SQLite, MySQL, and PostgreSQL).
config.active_record.auto_explain_threshold_in_seconds = 0.5
# Raise an error on page load if there are pending migrations
config.active_record.migration_error = :page_load
# Debug mode disables concatenation and preprocessing of assets.
config.assets.debug = true
end

87
test/rails_app/config/environments/production.rb
View file

@ -1,33 +1,84 @@
RailsApp::Application.configure do
# Settings specified here will take precedence over those in config/environment.rb
# Settings specified here will take precedence over those in config/application.rb.
# The production environment is meant for finished, "live" apps.
# Code is not reloaded between requests
# Code is not reloaded between requests.
config.cache_classes = true
# Full error reports are disabled and caching is turned on
# Eager load code on boot. This eager loads most of Rails and
# your application in memory, allowing both thread web servers
# and those relying on copy on write to perform better.
# Rake tasks automatically ignore this option for performance.
config.eager_load = true
# Full error reports are disabled and caching is turned on.
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
# See everything in the log (default is :info)
# config.log_level = :debug
# Enable Rack::Cache to put a simple HTTP cache in front of your application
# Add `rack-cache` to your Gemfile before enabling this.
# For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
# config.action_dispatch.rack_cache = true
# Use a different logger for distributed setups
# config.logger = SyslogLogger.new
# Use a different cache store in production
# config.cache_store = :mem_cache_store
# Disable Rails's static asset server
# In production, Apache or nginx will already do this
# Disable Rails's static asset server (Apache or nginx will already do this).
config.serve_static_assets = false
# Enable serving of images, stylesheets, and javascripts from an asset server
# Compress JavaScripts and CSS.
config.assets.js_compressor = :uglifier
# config.assets.css_compressor = :sass
# Whether to fallback to assets pipeline if a precompiled asset is missed.
config.assets.compile = false
# Generate digests for assets URLs.
config.assets.digest = true
# Version of your assets, change this if you want to expire all your assets.
config.assets.version = '1.0'
# Specifies the header that your server uses for sending files.
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
# Set to :debug to see everything in the log.
config.log_level = :info
# Prepend all log lines with the following tags.
# config.log_tags = [ :subdomain, :uuid ]
# Use a different logger for distributed setups.
# config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
# Use a different cache store in production.
# config.cache_store = :mem_cache_store
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
# config.action_controller.asset_host = "http://assets.example.com"
# Disable delivery errors, bad email addresses will be ignored
# Precompile additional assets.
# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
# config.assets.precompile += %w( search.js )
# Ignore bad email addresses and do not raise email delivery errors.
# Set this to true and configure the email server for immediate delivery to raise delivery errors.
# config.action_mailer.raise_delivery_errors = false
# Enable threaded mode
# config.threadsafe!
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
# the I18n.default_locale when a translation can not be found).
config.i18n.fallbacks = true
# Send deprecation notices to registered listeners.
config.active_support.deprecation = :notify
# Log the query plan for queries taking more than this (works
# with SQLite, MySQL, and PostgreSQL).
# config.active_record.auto_explain_threshold_in_seconds = 0.5
# Disable automatic flushing of the log to improve performance.
# config.autoflush_log = false
# Use default logging formatter so that PID and timestamp are not suppressed.
config.log_formatter = ::Logger::Formatter.new
end

27
test/rails_app/config/environments/test.rb
View file

@ -1,5 +1,5 @@
RailsApp::Application.configure do
# Settings specified here will take precedence over those in config/environment.rb
# Settings specified here will take precedence over those in config/application.rb.
# The test environment is used exclusively to run your application's
# test suite. You never need to work with it otherwise. Remember that
@ -7,14 +7,23 @@ RailsApp::Application.configure do
# and recreated between test runs. Don't rely on the data there!
config.cache_classes = true
# Log error messages when you accidentally call methods on nil.
config.whiny_nils = true
# Do not eager load code on boot. This avoids loading your whole application
# just for the purpose of running a single test. If you are using a tool that
# preloads Rails for running tests, you may have to set it to true.
config.eager_load = false
# Show full error reports and disable caching
# Configure static asset server for tests with Cache-Control for performance.
config.serve_static_assets = true
config.static_cache_control = "public, max-age=3600"
# Show full error reports and disable caching.
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
# Disable request forgery protection in test environment
# Raise exceptions instead of rendering exception templates.
config.action_dispatch.show_exceptions = false
# Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false
# Tell Action Mailer not to deliver emails to the real world.
@ -22,12 +31,6 @@ RailsApp::Application.configure do
# ActionMailer::Base.deliveries array.
config.action_mailer.delivery_method = :test
# Use SQL instead of Active Record's schema dumper when creating the test database.
# This is necessary if your schema can't be completely dumped by the schema dumper,
# like if you have constraints or database-specific column types
# config.active_record.schema_format = :sql
config.action_dispatch.show_exceptions = false
# Print deprecation notices to the stderr.
config.active_support.deprecation = :stderr
end

10
test/rails_app/config/initializers/secret_token.rb
View file

@ -1,2 +1,8 @@
Rails.application.config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571'
Rails.application.config.session_store :cookie_store, :key => "_my_app"
config = Rails.application.config
if Devise.rails4?
config.secret_key_base = 'd588e99efff13a86461fd6ab82327823ad2f8feb5dc217ce652cdd9f0dfc5eb4b5a62a92d24d2574d7d51dfb1ea8dd453ea54e00cf672159a13104a135422a10'
else
config.secret_token = 'ea942c41850d502f2c8283e26bdc57829f471bb18224ddff0a192c4f32cdf6cb5aa0d82b3a7a7adbeb640c4b06f3aa1cd5f098162d8240f669b39d6b49680571'
config.session_store :cookie_store, :key => "_my_app"
end

1
test/rails_app/config/initializers/session_store.rb Normal file
View file

@ -0,0 +1 @@
RailsApp::Application.config.session_store :cookie_store, key: '_rails_app_session'

2
test/rails_app/config/routes.rb
View file

@ -96,5 +96,5 @@ Rails.application.routes.draw do
get "/unauthenticated", :to => "home#unauthenticated"
get "/custom_strategy/new"
root :to => "home#index"
root :to => "home#index", :via => [:get, :post]
end

1
test/rails_app/lib/shared_user.rb
View file

@ -7,7 +7,6 @@ module SharedUser
:trackable, :validatable, :omniauthable
attr_accessor :other_key
attr_accessible :username, :email, :password, :password_confirmation, :remember_me, :confirmation_sent_at
# They need to be included after Devise is called.
extend ExtendMethods

10
test/rails_app/script/rails
View file

@ -1,10 +0,0 @@
#!/usr/bin/env ruby
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
ENV_PATH = File.expand_path('../../config/environment', __FILE__)
BOOT_PATH = File.expand_path('../../config/boot', __FILE__)
APP_PATH = File.expand_path('../../config/application', __FILE__)
ROOT_PATH = File.expand_path('../..', __FILE__)
require BOOT_PATH
require 'rails/commands'

28
test/routes_test.rb
View file

@ -1,5 +1,7 @@
require 'test_helper'
ExpectedRoutingError = Devise.rails4? ? MiniTest::Assertion : ActionController::RoutingError
class DefaultRoutingTest < ActionController::TestCase
test 'map new user session' do
assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => 'users/sign_in', :method => :get})
@ -101,7 +103,7 @@ class DefaultRoutingTest < ActionController::TestCase
assert_recognizes({:controller => 'users/omniauth_callbacks', :action => 'google'}, {:path => 'users/auth/google/callback', :method => :post})
assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'ysers/omniauth_callbacks', :action => 'twitter'}, {:path => 'users/auth/twitter/callback', :method => :get})
end
end
@ -123,7 +125,7 @@ class CustomizedRoutingTest < ActionController::TestCase
end
test 'does not map admin password' do
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'admin_area/password/new')
end
end
@ -133,7 +135,7 @@ class CustomizedRoutingTest < ActionController::TestCase
end
test 'does only map reader password' do
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, 'reader/sessions/new')
end
assert_recognizes({:controller => 'devise/passwords', :action => 'new'}, 'reader/password/new')
@ -161,14 +163,14 @@ class CustomizedRoutingTest < ActionController::TestCase
test 'map deletes with :sign_out_via option' do
assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :delete})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/deletes/sign_out', :method => :get})
end
end
test 'map posts with :sign_out_via option' do
assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :post})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/posts/sign_out', :method => :get})
end
end
@ -176,56 +178,56 @@ class CustomizedRoutingTest < ActionController::TestCase
test 'map delete_or_posts with :sign_out_via option' do
assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :post})
assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :delete})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/sessions', :action => 'destroy'}, {:path => '/sign_out_via/delete_or_posts/sign_out', :method => :get})
end
end
test 'map with constraints defined in hash' do
assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/headquarters/sign_up', :method => :get})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100/headquarters/sign_up', :method => :get})
end
end
test 'map with constraints defined in block' do
assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://192.168.1.100/homebase/sign_up', :method => :get})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => 'http://10.0.0.100//homebase/sign_up', :method => :get})
end
end
test 'map with format false for sessions' do
assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in', :method => :get})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/sessions', :action => 'new'}, {:path => '/htmlonly_admin/sign_in.xml', :method => :get})
end
end
test 'map with format false for passwords' do
assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password', :method => :post})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/passwords', :action => 'create'}, {:path => '/htmlonly_admin/password.xml', :method => :post})
end
end
test 'map with format false for registrations' do
assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up', :method => :get})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/registrations', :action => 'new'}, {:path => '/htmlonly_admin/sign_up.xml', :method => :get})
end
end
test 'map with format false for confirmations' do
assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation', :method => :get})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/confirmations', :action => 'show'}, {:path => '/htmlonly_users/confirmation.xml', :method => :get})
end
end
test 'map with format false for unlocks' do
assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock', :method => :get})
assert_raise ActionController::RoutingError do
assert_raise ExpectedRoutingError do
assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock.xml', :method => :get})
end
end

7
test/test_helper.rb
View file

@ -4,6 +4,13 @@ DEVISE_ORM = (ENV["DEVISE_ORM"] || :active_record).to_sym
$:.unshift File.dirname(__FILE__)
puts "\n==> Devise.orm = #{DEVISE_ORM.inspect}"
module Devise
# Detection for minor differences between Rails 3.2 and 4 in tests.
def self.rails4?
Rails.version.start_with? '4'
end
end
require "rails_app/config/environment"
require "rails/test_help"
require "orm/#{DEVISE_ORM}"

1
test/test_models.rb
View file

@ -15,7 +15,6 @@ end
class UserWithVirtualAttributes < User
devise :case_insensitive_keys => [ :email, :email_confirmation ]
validates :email, :presence => true, :confirmation => {:on => :create}
attr_accessible :email, :email_confirmation
end
class Several < Admin