cookie_domain is deprecated in favor of cookie_options which uses session_options by default.
This commit is contained in:
parent
1dfcbe3bd4
commit
38f3f6318a
|
@ -1,6 +1,7 @@
|
|||
* deprecations
|
||||
* sign_out_all_scopes defaults to true as security measure
|
||||
* http authenticatable is disabled by default
|
||||
* cookie_domain is deprecated in favor of cookie_options
|
||||
|
||||
* enhancements
|
||||
* Added OAuth 2 support
|
||||
|
@ -13,6 +14,7 @@
|
|||
* :rememberable is now able to use salt as token if no remember_token is provided
|
||||
* Store the salt in session and expire the session if the user changes his password
|
||||
* Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
|
||||
* cookie_options uses session_options values by default
|
||||
|
||||
* bugfix
|
||||
* after_sign_in_path_for always receives a resource
|
||||
|
|
|
@ -52,8 +52,8 @@ module Devise
|
|||
}
|
||||
|
||||
# Custom domain for cookies. Not set by default
|
||||
mattr_accessor :cookie_domain
|
||||
@@cookie_domain = false
|
||||
mattr_accessor :cookie_options
|
||||
@@cookie_options = {}
|
||||
|
||||
# The number of times to encrypt password.
|
||||
mattr_accessor :stretches
|
||||
|
@ -214,6 +214,12 @@ module Devise
|
|||
yield self
|
||||
end
|
||||
|
||||
def self.cookie_domain=(value)
|
||||
ActiveSupport::Deprecation.warn "Devise.cookie_domain=(value) is deprecated. "
|
||||
"Please use Devise.cookie_options = { :domain => value } instead."
|
||||
self.cookie_options[:domain] = value
|
||||
end
|
||||
|
||||
# Get the mailer class from the mailer reference object.
|
||||
def self.mailer
|
||||
@@mailer_ref.get
|
||||
|
|
|
@ -5,7 +5,8 @@
|
|||
Warden::Manager.before_logout do |record, warden, options|
|
||||
if record.respond_to?(:forget_me!)
|
||||
record.forget_me! unless record.frozen?
|
||||
cookie_options = record.cookie_domain? ? { :domain => record.cookie_domain } : {}
|
||||
cookie_options = Rails.configuration.session_options.slice(:path, :domain, :secure)
|
||||
cookie_options.merge!(record.cookie_options)
|
||||
warden.cookies.delete("remember_#{options[:scope]}_token", cookie_options)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -10,20 +10,22 @@ module Devise
|
|||
|
||||
if succeeded? && resource.respond_to?(:remember_me!) && remember_me?
|
||||
resource.remember_me!(extend_remember_period?)
|
||||
|
||||
configuration = {
|
||||
:value => resource.class.serialize_into_cookie(resource),
|
||||
:expires => resource.remember_expires_at,
|
||||
:path => "/"
|
||||
}
|
||||
|
||||
configuration[:domain] = resource.cookie_domain if resource.cookie_domain?
|
||||
cookies.signed["remember_#{scope}_token"] = configuration
|
||||
cookies.signed["remember_#{scope}_token"] = cookie_values(resource)
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def cookie_values(resource)
|
||||
options = Rails.configuration.session_options.slice(:path, :domain, :secure)
|
||||
options.merge!(resource.cookie_options)
|
||||
options.merge!(
|
||||
:value => resource.class.serialize_into_cookie(resource),
|
||||
:expires => resource.remember_expires_at
|
||||
)
|
||||
options
|
||||
end
|
||||
|
||||
def succeeded?
|
||||
@result == :success
|
||||
end
|
||||
|
|
|
@ -17,7 +17,7 @@ module Devise
|
|||
#
|
||||
# * +remember_for+: the time you want the user will be remembered without
|
||||
# asking for credentials. After this time the user will be blocked and
|
||||
# will have to enter his credentials again. This configuration is als
|
||||
# will have to enter his credentials again. This configuration is also
|
||||
# used to calculate the expires time for the cookie created to remember
|
||||
# the user. By default remember_for is 2.weeks.
|
||||
#
|
||||
|
@ -29,6 +29,8 @@ module Devise
|
|||
# * +extend_remember_period+: if true, extends the user's remember period
|
||||
# when remembered via cookie. False by default.
|
||||
#
|
||||
# * +cookie_options+: configuration options passed to the created cookie.
|
||||
#
|
||||
# == Examples
|
||||
#
|
||||
# User.find(1).remember_me! # regenerating the token
|
||||
|
@ -73,18 +75,14 @@ module Devise
|
|||
remember_created_at + self.class.remember_for
|
||||
end
|
||||
|
||||
def cookie_domain
|
||||
self.class.cookie_domain
|
||||
end
|
||||
|
||||
def cookie_domain?
|
||||
self.class.cookie_domain != false
|
||||
end
|
||||
|
||||
def rememberable_value
|
||||
respond_to?(:remember_token) ? self.remember_token : self.authenticatable_salt
|
||||
end
|
||||
|
||||
def cookie_options
|
||||
self.class.cookie_options
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
# Generate a token unless remember_across_browsers is true and there is
|
||||
|
@ -117,7 +115,7 @@ module Devise
|
|||
end
|
||||
|
||||
Devise::Models.config(self, :remember_for, :remember_across_browsers,
|
||||
:extend_remember_period, :cookie_domain)
|
||||
:extend_remember_period, :cookie_options)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -43,16 +43,26 @@ class RememberMeTest < ActionController::IntegrationTest
|
|||
assert request.cookies["remember_user_token"]
|
||||
end
|
||||
|
||||
test 'generate remember token after sign in setting cookie domain' do
|
||||
test 'generate remember token after sign in setting cookie options' do
|
||||
# We test this by asserting the cookie is not sent after the redirect
|
||||
# since we changed the domain. This is the only difference with the
|
||||
# previous test.
|
||||
swap User, :cookie_domain => "omg.somewhere.com" do
|
||||
swap Devise, :cookie_options => { :domain => "omg.somewhere.com" } do
|
||||
user = sign_in_as_user :remember_me => true
|
||||
assert_nil request.cookies["remember_user_token"]
|
||||
end
|
||||
end
|
||||
|
||||
test 'generate remember token after sign in setting session options' do
|
||||
begin
|
||||
Rails.configuration.session_options[:domain] = "omg.somewhere.com"
|
||||
user = sign_in_as_user :remember_me => true
|
||||
assert_nil request.cookies["remember_user_token"]
|
||||
ensure
|
||||
Rails.configuration.session_options.delete(:domain)
|
||||
end
|
||||
end
|
||||
|
||||
test 'remember the user before sign in' do
|
||||
user = create_user_and_remember
|
||||
get users_path
|
||||
|
|
Loading…
Reference in New Issue