From db1ce8eeb23141165af1c7ac38d63aff0c4a5957 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Thu, 30 Sep 2010 09:12:00 +0200
Subject: [PATCH] Sign up now check if the user is active or not and redirect
 him accordingly setting the inactive_signed_up message. This commit also
 moves after_update_path_for to inside RegistrationsController, not allowing
 it to be overriden inside ApplicationController anymore.

---
 CHANGELOG.rdoc                                |  8 +++-
 .../devise/registrations_controller.rb        | 38 ++++++++++++++++++-
 config/locales/en.yml                         |  3 +-
 lib/devise/controllers/helpers.rb             | 30 ---------------
 lib/devise/failure_app.rb                     |  2 +-
 lib/devise/oauth/internal_helpers.rb          |  4 +-
 test/controllers/helpers_test.rb              |  8 ----
 test/integration/registerable_test.rb         |  4 +-
 8 files changed, 49 insertions(+), 48 deletions(-)

diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
index 3985c92b..53b47556 100644
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@@ -1,7 +1,6 @@
 * deprecations
-  * sign_out_all_scopes defaults to true as security measure
-  * http authenticatable is disabled by default
   * cookie_domain is deprecated in favor of cookie_options
+  * after_update_path_for can no longer be defined in ApplicationController
 
 * enhancements
   * Added OAuth 2 support
@@ -15,6 +14,11 @@
   * Store the salt in session and expire the session if the user changes his password
   * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
   * cookie_options uses session_options values by default
+  * Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message
+
+* default behavior changes
+  * sign_out_all_scopes defaults to true as security measure
+  * http authenticatable is disabled by default
 
 * bugfix
   * after_sign_in_path_for always receives a resource
diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb
index 57c82aee..7b0271e0 100644
--- a/app/controllers/devise/registrations_controller.rb
+++ b/app/controllers/devise/registrations_controller.rb
@@ -14,8 +14,13 @@ class Devise::RegistrationsController < ApplicationController
     build_resource
 
     if resource.save
-      set_flash_message :notice, :signed_up
-      sign_in_and_redirect(resource_name, resource)
+      if resource.active?
+        set_flash_message :notice, :signed_up
+        sign_in_and_redirect(resource_name, resource)
+      else
+        set_flash_message :notice, :inactive_signed_up, :reason => resource.inactive_message.to_s
+        redirect_to after_inactive_sign_up_path_for(resource)
+      end
     else
       clean_up_passwords(resource)
       render_with_scope :new
@@ -65,6 +70,35 @@ class Devise::RegistrationsController < ApplicationController
       self.resource = resource_class.new_with_session(hash, session)
     end
 
+    # The default hook used by oauth to specify the redirect url for success.
+    # You need to overwrite this method in your own RegistrationsController.
+    def after_sign_up_path_for(resource)
+      after_sign_in_path_for(resource)
+    end
+
+    # Overwrite redirect_for_sign_in so it takes uses after_sign_up_path_for.
+    def redirect_for_sign_in(scope, resource) #:nodoc:
+      redirect_to stored_location_for(scope) || after_sign_up_path_for(resource)
+    end
+
+    # The path used after sign up for inactive accounts. You need to overwrite
+    # this method in your own RegistrationsController.
+    def after_inactive_sign_up_path_for(resource)
+      root_path
+    end
+
+    # The default url to be used after updating a resource. You need to overwrite
+    # this method in your own RegistrationsController.
+    def after_update_path_for(resource)
+      if defined?(super)
+        ActiveSupport::Deprecation.warn "Defining after_update_path_for in ApplicationController " <<
+          "is deprecated. Please add a RegistrationsController to your application and define it there."
+        super
+      else
+        after_sign_in_path_for(resource)
+      end
+    end
+
     # Authenticates the current scope and gets a copy of the current resource.
     # We need to use a copy because we don't want actions like update changing
     # the current user in place.
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 352efa29..f528a18b 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -24,7 +24,8 @@ en:
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
-      signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.'
+      signed_up: 'Welcome! You have signed up successfully.'
+      inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:
diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb
index 525dcdb2..f687b7f8 100644
--- a/lib/devise/controllers/helpers.rb
+++ b/lib/devise/controllers/helpers.rb
@@ -181,36 +181,6 @@ module Devise
         respond_to?(home_path, true) ? send(home_path) : root_path
       end
 
-      # The default url to be used after updating a resource. This is used by all Devise
-      # controllers and you can overwrite it in your ApplicationController to
-      # provide a custom hook for a custom resource.
-      #
-      # By default, it first tries to find a resource_root_path, otherwise it
-      # uses the root path. For a user scope, you can define the default url in
-      # the following way:
-      #
-      #   map.user_root '/users', :controller => 'users' # creates user_root_path
-      #
-      #   map.resources :users do |users|
-      #     users.root # creates user_root_path
-      #   end
-      #
-      #
-      # If none of these are defined, root_path is used. However, if this default
-      # is not enough, you can customize it, for example:
-      #
-      #   def after_update_path_for(resource)
-      #     if resource.is_a?(User) && resource.can_publish?
-      #       publisher_url
-      #     else
-      #       super
-      #     end
-      #   end
-      #
-      def after_update_path_for(resource_or_scope)
-        after_sign_in_path_for(resource_or_scope)
-      end
-
       # Method used by sessions controller to sign out an user. You can overwrite
       # it in your ApplicationController to provide a custom hook for a custom
       # scope. Notice that differently from +after_sign_in_path_for+ this method
diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb
index 4724b039..6ac7ff6b 100644
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -46,7 +46,7 @@ module Devise
 
     def redirect
       store_location!
-      flash[:alert] = i18n_message unless flash[:notice]
+      flash[:alert] = i18n_message
       redirect_to redirect_url
     end
 
diff --git a/lib/devise/oauth/internal_helpers.rb b/lib/devise/oauth/internal_helpers.rb
index e2746f34..cd549028 100644
--- a/lib/devise/oauth/internal_helpers.rb
+++ b/lib/devise/oauth/internal_helpers.rb
@@ -164,8 +164,8 @@ module Devise
       end
 
       # The default hook used by oauth to specify the redirect url for success.
-      def after_oauth_success_path_for(resource_or_scope)
-        after_sign_in_path_for(resource_or_scope)
+      def after_oauth_success_path_for(resource)
+        after_sign_in_path_for(resource)
       end
 
       # The default hook used by oauth to specify the redirect url for failure.
diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb
index ca50a831..e4582473 100644
--- a/test/controllers/helpers_test.rb
+++ b/test/controllers/helpers_test.rb
@@ -154,14 +154,6 @@ class ControllerAuthenticableTest < ActionController::TestCase
     assert_equal admin_root_path, @controller.after_sign_in_path_for(:admin)
   end
 
-  test 'after update path defaults to root path if none by was specified for the given scope' do
-    assert_equal root_path, @controller.after_update_path_for(:user)
-  end
-
-  test 'after update path defaults to the scoped root path' do
-    assert_equal admin_root_path, @controller.after_update_path_for(:admin)
-  end
-
   test 'after sign out path defaults to the root path' do
     assert_equal root_path, @controller.after_sign_out_path_for(:admin)
     assert_equal root_path, @controller.after_sign_out_path_for(:user)
diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb
index 7d084f60..526c58bf 100644
--- a/test/integration/registerable_test.rb
+++ b/test/integration/registerable_test.rb
@@ -13,7 +13,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_contain 'You have signed up successfully.'
+    assert_contain 'Welcome! You have signed up successfully.'
     assert warden.authenticated?(:admin)
 
     admin = Admin.last :order => "id"
@@ -28,7 +28,7 @@ class RegistrationTest < ActionController::IntegrationTest
     fill_in 'password confirmation', :with => 'new_user123'
     click_button 'Sign up'
 
-    assert_contain 'You have signed up successfully'
+    assert_contain 'You have signed up successfully. However, we could not sign you in because your account is unconfirmed.'
     assert_contain 'Sign in'
     assert_not_contain 'You have to confirm your account before continuing'