merged with changes introduced in 0.4.3

CHANGELOG.rdoc

@@ -1,3 +1,13 @@
+* enhancements
+  * Moved encryption strategy into the Encryptors module to allow several algorithms
+  * Implemented encryptors for Clearance, Authlogic and Restful-Authentication
+
+== 0.4.3
+
+* bug fix
+  * [#29] Authentication fail if user cannot be serialized from session;
+  * Default configuration values should not overwrite user values;
+
 == 0.4.2
 
 * deprecations

Rakefile

@@ -36,7 +36,7 @@ begin
     s.description = "Flexible authentication solution for Rails with Warden"
     s.authors = ['José Valim', 'Carlos Antônio']
     s.files =  FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
-    s.add_dependency("warden", "~> 0.5.1")
+    s.add_dependency("warden", "~> 0.5.2")
   end
 
   Jeweler::GemcutterTasks.new

lib/devise.rb

@@ -12,17 +12,35 @@ module Devise
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'].freeze
 
   # Maps the messages types that comes from warden to a flash type.
+  # This hash is not frozen, so you can add your messages as well.
   FLASH_MESSAGES = {
     :unauthenticated => :success,
     :unconfirmed => :failure
   }
 
-  # Models configuration
-  mattr_accessor :pepper, :encryptor, :stretches, :remember_for, :confirm_within
+  # Used to encrypt password. Please generate one with rake secret
+  mattr_accessor :pepper
+  @@pepper = nil
   
-  # Mappings
+  # Used to define the password encryption algorithm
+  mattr_accessor :encryptor
+  @@encryptor = ::Devise::Encryptors::Sha1
+  
+  # The number of times to encrypt password.
+  mattr_accessor :stretches
+  @@stretches = 10
+  
+  # Time interval where the remember me token is valid.
+  mattr_accessor :remember_for
+  @@remember_for = 2.weeks
+  
+  # Time interval you can access your account before confirming your account.
+  mattr_accessor :confirm_within
+  @@confirm_within = 0.days
+
+  # Store scopes mappings.
   mattr_accessor :mappings
-  self.mappings = {}
+  @@mappings = {}
 
   class << self
     # Default way to setup Devise. Run script/generate devise_install to create

lib/devise/models.rb

@@ -16,9 +16,7 @@ module Devise
     # To add the class methods you need to have a module ClassMethods defined
     # inside the given class.
     #
-    def self.config(mod, accessor, default=nil) #:nodoc:
-      Devise.send :"#{accessor}=", default
-
+    def self.config(mod, accessor) #:nodoc:
       mod.class_eval <<-METHOD, __FILE__, __LINE__
         def #{accessor}
           self.class.#{accessor}

lib/devise/models/authenticatable.rb

@@ -80,8 +80,8 @@ module Devise
       end
 
       Devise::Models.config(self, :pepper)
-      Devise::Models.config(self, :stretches, 10)
-      Devise::Models.config(self, :encryptor, ::Devise::Encryptors::Sha1)
+      Devise::Models.config(self, :stretches)
+      Devise::Models.config(self, :encryptor)
     end
   end
 end

lib/devise/models/confirmable.rb

@@ -150,7 +150,7 @@ module Devise
         end
       end
 
-      Devise::Models.config(self, :confirm_within, 0.days)
+      Devise::Models.config(self, :confirm_within)
     end
   end
 end

lib/devise/models/rememberable.rb

@@ -89,7 +89,7 @@ module Devise
         end
       end
 
-      Devise::Models.config(self, :remember_for, 2.weeks)
+      Devise::Models.config(self, :remember_for)
     end
   end
 end

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "0.4.2".freeze
+  VERSION = "0.4.3".freeze
 end

lib/devise/warden.rb

@@ -13,7 +13,7 @@ Warden::Manager.serialize_into_session{ |user| [user.class, user.id] }
 # Session Serialization out. This block gets the user out of the session.
 # It should be the reverse of serializing the object into the session
 Warden::Manager.serialize_from_session do |klass, id|
-  klass.find(id)
+  klass.find_by_id(id)
 end
 
 # Setup devise strategies for Warden

test/integration/authenticatable_test.rb

@@ -184,4 +184,12 @@ class AuthenticationTest < ActionController::IntegrationTest
     visit 'users/index'
     assert_equal "Cart", @controller.user_session[:cart]
   end
+  
+  test 'destroyed account is logged out' do
+    sign_in_as_user
+    visit 'users/index'
+    User.destroy_all
+    visit 'users/index'
+    assert_redirected_to '/users/sign_in?unauthenticated=true'
+  end
 end