More changes in update_with_password.

app/controllers/registrations_controller.rb

@@ -41,6 +41,7 @@ class RegistrationsController < ApplicationController
   # DELETE /resource
   def destroy
     self.resource.destroy
+    set_flash_message :notice, :destroyed
     sign_out_and_redirect(self.resource)
   end
 

app/controllers/sessions_controller.rb

@@ -22,7 +22,7 @@ class SessionsController < ApplicationController
       sign_in_and_redirect(resource_name, resource, true)
     else
       set_now_flash_message :alert, (warden.message || :invalid)
-      clean_up_password_methods(build_resource)
+      clean_up_passwords(build_resource)
       render_with_scope :new
     end
   end
@@ -39,9 +39,7 @@ class SessionsController < ApplicationController
     flash[:"#{resource_name}_signed_up"]
   end
 
-  def clean_up_password_methods(object)
-    [:password=, :password_confirmation=].each do |method|
-      object.send(method, nil) if object.respond_to?(method)
-    end
+  def clean_up_passwords(object)
+    object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
   end
 end

app/views/registrations/edit.html.erb

@@ -1,24 +1,25 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 
-<% form_for resource_name, resource, :url => registration_path(resource_name) do |f| -%>
+<% form_for resource_name, resource, :url => registration_path(resource_name), :html => { :method => :put } do |f| -%>
   <%= f.error_messages %>
 
-  <h4>Change your settings<h4>
   <p><%= f.label :email %></p>
   <p><%= f.text_field :email %></p>
 
-  <h4>Change your password (leave blank if you don't want to)</h4>
-  <p><%= f.label :password %></p>
+  <p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
   <p><%= f.password_field :password %></p>
 
   <p><%= f.label :password_confirmation %></p>
   <p><%= f.password_field :password_confirmation %></p>
 
-  <h4>We need your current password to confirm your changes</h4>
-  <p><%= f.label :current_password %></p>
+  <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i></p>
   <p><%= f.password_field :current_password %></p>
 
   <p><%= f.submit "Update" %></p>
 <% end -%>
 
+<h3>Cancel your account</h3>
+
+<p>Unhappy? <%= link_to "Cancel your account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %></p>
+
 <%= render :partial => "shared/devise_links" %>

devise.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise}
-  s.version = "0.9.2"
+  s.version = "1.0.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jos\303\251 Valim", "Carlos Ant\303\264nio"]
-  s.date = %q{2010-02-05}
+  s.date = %q{2010-02-08}
   s.description = %q{Flexible authentication solution for Rails with Warden}
   s.email = %q{contact@plataformatec.com.br}
   s.extra_rdoc_files = [
@@ -24,6 +24,7 @@ Gem::Specification.new do |s|
      "TODO",
      "app/controllers/confirmations_controller.rb",
      "app/controllers/passwords_controller.rb",
+     "app/controllers/registrations_controller.rb",
      "app/controllers/sessions_controller.rb",
      "app/controllers/unlocks_controller.rb",
      "app/models/devise_mailer.rb",
@@ -33,6 +34,8 @@ Gem::Specification.new do |s|
      "app/views/devise_mailer/unlock_instructions.html.erb",
      "app/views/passwords/edit.html.erb",
      "app/views/passwords/new.html.erb",
+     "app/views/registrations/edit.html.erb",
+     "app/views/registrations/new.html.erb",
      "app/views/sessions/new.html.erb",
      "app/views/shared/_devise_links.erb",
      "app/views/unlocks/new.html.erb",
@@ -49,7 +52,6 @@ Gem::Specification.new do |s|
      "generators/devise_views/devise_views_generator.rb",
      "init.rb",
      "lib/devise.rb",
-     "lib/devise/controllers/common.rb",
      "lib/devise/controllers/helpers.rb",
      "lib/devise/controllers/internal_helpers.rb",
      "lib/devise/controllers/url_helpers.rb",
@@ -73,6 +75,7 @@ Gem::Specification.new do |s|
      "lib/devise/models/confirmable.rb",
      "lib/devise/models/lockable.rb",
      "lib/devise/models/recoverable.rb",
+     "lib/devise/models/registerable.rb",
      "lib/devise/models/rememberable.rb",
      "lib/devise/models/timeoutable.rb",
      "lib/devise/models/token_authenticatable.rb",
@@ -87,6 +90,7 @@ Gem::Specification.new do |s|
      "lib/devise/schema.rb",
      "lib/devise/strategies/authenticatable.rb",
      "lib/devise/strategies/base.rb",
+     "lib/devise/strategies/http_authenticatable.rb",
      "lib/devise/strategies/rememberable.rb",
      "lib/devise/strategies/token_authenticatable.rb",
      "lib/devise/test_helpers.rb",
@@ -106,8 +110,10 @@ Gem::Specification.new do |s|
      "test/failure_app_test.rb",
      "test/integration/authenticatable_test.rb",
      "test/integration/confirmable_test.rb",
+     "test/integration/http_authenticatable_test.rb",
      "test/integration/lockable_test.rb",
      "test/integration/recoverable_test.rb",
+     "test/integration/registerable_test.rb",
      "test/integration/rememberable_test.rb",
      "test/integration/timeoutable_test.rb",
      "test/integration/token_authenticatable_test.rb",
@@ -150,7 +156,6 @@ Gem::Specification.new do |s|
      "test/routes_test.rb",
      "test/support/assertions_helper.rb",
      "test/support/integration_tests_helper.rb",
-     "test/support/model_tests_helper.rb",
      "test/support/test_silencer.rb",
      "test/support/tests_helper.rb",
      "test/test_helper.rb",

lib/devise/locales/en.yml

@@ -22,6 +22,8 @@ en:
     registrations:
       link: 'Sign up'
       signed_up: 'You have signed up successfully.'
+      updated: 'You updated your account successfully.'
+      destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:
       link: "Didn't receive unlock instructions?"
       send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'

lib/devise/models/authenticatable.rb

@@ -37,6 +37,7 @@ module Devise
         end
       end
 
+      # TODO Remove me in next release
       def old_password
         ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller
         @old_password
@@ -69,17 +70,35 @@ module Devise
         valid_password?(attributes[:password])
       end
 
-      # Update record attributes when :old_password matches, otherwise returns
-      # error on :old_password.
-      def update_with_password(params={})
-        params[:current_password] ||= params[:old_password] if params[:old_password]
+      # Set password and password confirmation to nil
+      def clean_up_passwords
+        self.password = self.password_confirmation = nil
+      end
 
-        if valid_password?(params[:current_password])
+      # Update record attributes when :current_password matches, otherwise returns
+      # error on :current_password. It also automatically rejects :password and
+      # :password_confirmation if they are blank.
+      def update_with_password(params={})
+        # TODO Remove me in next release
+        if params[:old_password].present?
+          params[:current_password] ||= params[:old_password]
+          ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller
+        end
+
+        params.delete(:password) if params[:password].blank?
+        params.delete(:password_confirmation) if params[:password_confirmation].blank?
+
+        result = if valid_password?(params[:current_password])
           update_attributes(params)
         else
-          self.class.add_error_on(self, :current_password, :invalid, false)
+          message = params[:current_password].blank? ? :blank : :invalid
+          self.class.add_error_on(self, :current_password, message, false)
+          self.attributes = params
           false
         end
+
+        clean_up_passwords unless result
+        result
       end
 
       protected

test/models/authenticatable_test.rb

@@ -134,14 +134,14 @@ class AuthenticatableTest < ActiveSupport::TestCase
     assert new_user.respond_to?(:current_password)
   end
 
-  test 'should update password with valid old password' do
+  test 'should update password with valid current password' do
     user = create_user
     assert user.update_with_password(:current_password => '123456',
       :password => 'pass321', :password_confirmation => 'pass321')
     assert user.reload.valid_password?('pass321')
   end
 
-  test 'should add an error to old password when it is invalid' do
+  test 'should add an error to current password when it is invalid' do
     user = create_user
     assert_not user.update_with_password(:current_password => 'other',
       :password => 'pass321', :password_confirmation => 'pass321')
@@ -149,10 +149,32 @@ class AuthenticatableTest < ActiveSupport::TestCase
     assert_match /invalid/, user.errors[:current_password]
   end
 
+  test 'should add an error to current password when it is blank' do
+    user = create_user
+    assert_not user.update_with_password(:password => 'pass321',
+      :password_confirmation => 'pass321')
+    assert user.reload.valid_password?('123456')
+    assert_match /blank/, user.errors[:current_password]
+  end
+
+  test 'should ignore password and its confirmation if they are blank' do
+    user = create_user
+    assert user.update_with_password(:current_password => '123456', :email => "new@email.com")
+    assert_equal "new@email.com", user.email
+  end
+
   test 'should not update password with invalid confirmation' do
     user = create_user
     assert_not user.update_with_password(:current_password => '123456',
       :password => 'pass321', :password_confirmation => 'other')
     assert user.reload.valid_password?('123456')
   end
+
+  test 'should clean up password fields on failure' do
+    user = create_user
+    assert_not user.update_with_password(:current_password => '123456',
+      :password => 'pass321', :password_confirmation => 'other')
+    assert user.password.blank?
+    assert user.password_confirmation.blank?
+  end
 end