Merge branch 'master' of git@github.com:plataformatec/devise

lib/devise/models/authenticatable.rb

@@ -49,7 +49,7 @@ module Devise
       # Verifies whether an incoming_password (ie from login) is the user
       # password.
       def valid_password?(incoming_password)
-        password_digest(incoming_password) == encrypted_password
+        !incoming_password.blank? && password_digest(incoming_password) == encrypted_password
       end
 
       protected
@@ -104,17 +104,28 @@ module Devise
         end
 
         # Contains the logic used in authentication. Overwritten by other devise modules.
-        #
         def valid_for_authentication(resource, attributes)
           resource if resource.valid_password?(attributes[:password])
         end
 
-        # Attempt to find a user by it's email. If not user is found, returns a
-        # new user with an email not found error.
-        def find_or_initialize_with_error_by_email(email)
-          attributes = { :email => email }
-          record = find(:first, :conditions => attributes) || new(attributes)
-          record.errors.add(:email, :not_found, :default => 'not found') if record.new_record?
+        # Find an initialize a record setting an error if it can't be found
+        def find_or_initialize_with_error_by(attribute, value, error=:invalid)
+          if value
+            conditions = { attribute => value }
+            record = find(:first, :conditions => conditions)
+          end
+
+          unless record
+            record = new
+
+            if value
+              record.send(:"#{attribute}=", value)
+              record.errors.add(attribute, error, :default => error.to_s.gsub("_", " "))
+            else
+              record.errors.add(attribute, :blank)
+            end
+          end
+
           record
         end
 

lib/devise/models/confirmable.rb

@@ -128,7 +128,7 @@ module Devise
         # with an email not found error.
         # Options must contain the user email
         def send_confirmation_instructions(attributes={})
-          confirmable = find_or_initialize_with_error_by_email(attributes[:email])
+          confirmable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
           confirmable.reset_confirmation! unless confirmable.new_record?
           confirmable
         end
@@ -138,12 +138,8 @@ module Devise
         # If the user is already confirmed, create an error for the user
         # Options must have the confirmation_token
         def confirm!(attributes={})
-          confirmable = find_or_initialize_by_confirmation_token(attributes[:confirmation_token])
-          if confirmable.new_record?
-            confirmable.errors.add(:confirmation_token, :invalid)
-          else
-            confirmable.confirm!
-          end
+          confirmable = find_or_initialize_with_error_by(:confirmation_token, attributes[:confirmation_token])        
+          confirmable.confirm! unless confirmable.new_record?
           confirmable
         end
 

lib/devise/models/recoverable.rb

@@ -64,7 +64,7 @@ module Devise
         # with an email not found error.
         # Attributes must contain the user email
         def send_reset_password_instructions(attributes={})
-          recoverable = find_or_initialize_with_error_by_email(attributes[:email])
+          recoverable = find_or_initialize_with_error_by(:email, attributes[:email], :not_found)
           recoverable.send_reset_password_instructions unless recoverable.new_record?
           recoverable
         end
@@ -75,12 +75,8 @@ module Devise
         # containing an error in reset_password_token attribute.
         # Attributes must contain reset_password_token, password and confirmation
         def reset_password!(attributes={})
-          recoverable = find_or_initialize_by_reset_password_token(attributes[:reset_password_token])
-          if recoverable.new_record?
-            recoverable.errors.add(:reset_password_token, :invalid)
-          else
-            recoverable.reset_password!(attributes[:password], attributes[:password_confirmation])
-          end
+          recoverable = find_or_initialize_with_error_by(:reset_password_token, attributes[:reset_password_token])
+          recoverable.reset_password!(attributes[:password], attributes[:password_confirmation]) unless recoverable.new_record?
           recoverable
         end
       end

lib/devise/models/rememberable.rb

@@ -82,7 +82,7 @@ module Devise
         # Recreate the user based on the stored cookie
         def serialize_from_cookie(cookie)
           rememberable_id, remember_token = cookie.split('::')
-          rememberable = find_by_id(rememberable_id) if rememberable_id
+          rememberable = find(:first, :conditions => { :id => rememberable_id }) if rememberable_id
           rememberable if rememberable.try(:valid_remember_token?, remember_token)
         end
 

lib/devise/orm/data_mapper.rb

@@ -39,6 +39,15 @@ module Devise
         end
       end
 
+      # In Datamapper, we need to call save! if we don't want to execute callbacks.
+      def save(flag=nil)
+        if flag == false
+          save!
+        else
+          super()
+        end
+      end
+
       # Tell how to apply schema methods. This automatically maps :limit to
       # :length and :null to :nullable.
       def apply_schema(name, type, options={})

lib/devise/schema.rb

@@ -42,7 +42,7 @@ module Devise
     end
 
     # Creates sign_in_count, current_sign_in_at, last_sign_in_at,
-    # current_sign_in_ip, last_sign_in_in.
+    # current_sign_in_ip, last_sign_in_ip.
     def trackable
       apply_schema :sign_in_count,      Integer
       apply_schema :current_sign_in_at, DateTime

test/integration/confirmable_test.rb

@@ -43,7 +43,8 @@ class ConfirmationTest < ActionController::IntegrationTest
   end
 
   test 'user already confirmed user should not be able to confirm the account again' do
-    user = create_user
+    user = create_user(:confirm => false)
+    user.update_attribute(:confirmed_at, Time.now)
     visit_user_confirmation_with_token(user.confirmation_token)
 
     assert_template 'confirmations/new'

test/models/confirmable_test.rb

@@ -81,7 +81,7 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test 'should generate errors for a user email if user is already confirmed' do
     user = create_user
-    user.confirm!
+    user.update_attribute(:confirmed_at, Time.now)
     confirmed_user = User.confirm!(:confirmation_token => user.confirmation_token)
     assert confirmed_user.confirmed?
     assert confirmed_user.errors[:email]

test/models/recoverable_test.rb

@@ -109,6 +109,8 @@ class RecoverableTest < ActiveSupport::TestCase
 
   test 'should find a user to reset it\'s password based on reset_password_token' do
     user = create_user
+    user.send :generate_reset_password_token!
+
     reset_password_user = User.reset_password!(:reset_password_token => user.reset_password_token)
     assert_not_nil reset_password_user
     assert_equal reset_password_user, user
@@ -129,12 +131,15 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should reset successfully user password given the new password and confirmation' do
     user = create_user
     old_password = user.password
+    user.send :generate_reset_password_token!
+
     reset_password_user = User.reset_password!(
       :reset_password_token => user.reset_password_token,
       :password => 'new_password',
       :password_confirmation => 'new_password'
     )
     user.reload
+
     assert_not user.valid_password?(old_password)
     assert user.valid_password?('new_password')
   end

test/rails_app/app/models/user.rb

@@ -1,3 +1,4 @@
 class User < ActiveRecord::Base
   devise :all
+  attr_accessible :username, :email, :password, :password_confirmation
 end