Hello community, here is the log from the commit of package rubygem-devise for openSUSE:Factory checked in at 2018-10-25 08:20:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-devise (Old) and /work/SRC/openSUSE:Factory/.rubygem-devise.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-devise" Thu Oct 25 08:20:41 2018 rev:5 rq:643121 version:4.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-devise/rubygem-devise.changes 2018-07-18 22:49:11.175906622 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-devise.new/rubygem-devise.changes 2018-10-25 08:21:00.803947186 +0200 @@ -1,0 +2,28 @@ +Wed Sep 5 10:09:17 UTC 2018 - [email protected] + +- updated to version 4.5.0 + see installed CHANGELOG.md + + ### 4.5.0 - 2018-08-15 + + * enhancements + * Use `before_action` instead of `before_filter` (by @edenthecat) + * Allow people to extend devise failure app, through invoking `ActiveSupport.run_load_hooks` once `Devise::FailureApp` is loaded (by @wnm) + * Use `update` instead of `update_attributes` (by @koic) + * Split IP resolution from `update_tracked_fields` (by @mckramer) + * upgrade dependencies for rails and responders (by @lancecarlson) + * Add `autocomplete="new-password"` to new password fields (by @gssbzn) + * Add `autocomplete="current-password"` to current password fields (by @gssbzn) + * Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia) + * Update `simple_form` templates with changes from https://github.com/plataformatec/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/plataformatec/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) + * Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine) + + * bug fixes + * Use same string on failed login regardless of whether account exists when in paranoid mode (by @TonyMK9068) + * Fix error when params is not a hash inside `Devise::ParameterSanitizer` (by @b0nn1e) + * Look for `secret_key_base` inside `Rails.application` (by @gencer) + * Ensure `Devise::ParameterFilter` does not add missing keys when called with a hash that has a `default` / `default_proc` + configured (by @joshpencheon) + * Adds `is_navigational_format?` check to `after_sign_up_path_for` to keep consistency (by @iorme1) + +------------------------------------------------------------------- Old: ---- devise-4.4.3.gem New: ---- devise-4.5.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-devise.spec ++++++ --- /var/tmp/diff_new_pack.ZM4Byt/_old 2018-10-25 08:21:01.255946984 +0200 +++ /var/tmp/diff_new_pack.ZM4Byt/_new 2018-10-25 08:21:01.259946982 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-devise -Version: 4.4.3 +Version: 4.5.0 Release: 0 %define mod_name devise %define mod_full_name %{mod_name}-%{version} ++++++ devise-4.4.3.gem -> devise-4.5.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.travis.yml new/.travis.yml --- old/.travis.yml 2018-03-18 01:00:30.000000000 +0100 +++ new/.travis.yml 2018-08-16 01:29:38.000000000 +0200 @@ -2,10 +2,10 @@ rvm: - 2.1.10 - - 2.2.8 - - 2.3.5 - - 2.4.2 - - 2.5.0 + - 2.2.10 + - 2.3.7 + - 2.4.4 + - 2.5.1 - ruby-head gemfile: @@ -21,16 +21,16 @@ gemfile: Gemfile - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.2-rc1 - - rvm: 2.5.0 + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.0-stable + - rvm: 2.2.10 + gemfile: gemfiles/Gemfile.rails-5.2-rc1 + - rvm: 2.4.4 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.4.2 + - rvm: 2.5.1 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.0-stable - - rvm: 2.1.10 - gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid @@ -52,8 +52,9 @@ - DEVISE_ORM=mongoid before_install: - - "rm ${BUNDLE_GEMFILE}.lock" - gem update --system + - gem install bundler + - "rm ${BUNDLE_GEMFILE}.lock" before_script: "bundle update" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2018-03-18 01:00:30.000000000 +0100 +++ new/CHANGELOG.md 2018-08-16 01:29:38.000000000 +0200 @@ -1,5 +1,27 @@ ### Unreleased +### 4.5.0 - 2018-08-15 + +* enhancements + * Use `before_action` instead of `before_filter` (by @edenthecat) + * Allow people to extend devise failure app, through invoking `ActiveSupport.run_load_hooks` once `Devise::FailureApp` is loaded (by @wnm) + * Use `update` instead of `update_attributes` (by @koic) + * Split IP resolution from `update_tracked_fields` (by @mckramer) + * upgrade dependencies for rails and responders (by @lancecarlson) + * Add `autocomplete="new-password"` to new password fields (by @gssbzn) + * Add `autocomplete="current-password"` to current password fields (by @gssbzn) + * Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia) + * Update `simple_form` templates with changes from https://github.com/plataformatec/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/plataformatec/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) + * Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine) + +* bug fixes + * Use same string on failed login regardless of whether account exists when in paranoid mode (by @TonyMK9068) + * Fix error when params is not a hash inside `Devise::ParameterSanitizer` (by @b0nn1e) + * Look for `secret_key_base` inside `Rails.application` (by @gencer) + * Ensure `Devise::ParameterFilter` does not add missing keys when called with a hash that has a `default` / `default_proc` +configured (by @joshpencheon) + * Adds `is_navigational_format?` check to `after_sign_up_path_for` to keep consistency (by @iorme1) + ### 4.4.3 - 2018-03-17 * bug fixes @@ -44,7 +66,7 @@ * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) * Do not modify options for `#serializable_hash`. (by @guigs) * Email confirmations were being sent on sign in/sign out for application using `mongoid` and `mongoid-paperclip` gems. This is because previously we were checking if a model is from Active Record by checking if the method `after_commit` was defined - since `mongoid` doesn' have one - but `mongoid-paperclip` gem does define one, which cause this issue. (by @fjg) - + ### 4.3.0 - 2017-05-14 * Enhancements diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile --- old/Gemfile 2018-03-18 01:00:30.000000000 +0100 +++ new/Gemfile 2018-08-16 01:29:38.000000000 +0200 @@ -4,7 +4,7 @@ gemspec -gem "rails", "~> 5.1" +gem "rails", "~> 5.2" gem "omniauth", "~> 1.3" gem "oauth2" gem "omniauth-oauth2" @@ -14,7 +14,7 @@ gem "rails-controller-testing" -gem "responders", "~> 2.1" +gem "responders", "~> 2.4" group :test do gem "omniauth-facebook" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile.lock new/Gemfile.lock --- old/Gemfile.lock 2018-03-18 01:00:30.000000000 +0100 +++ new/Gemfile.lock 2018-08-16 01:29:38.000000000 +0200 @@ -10,7 +10,7 @@ PATH remote: . specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -20,81 +20,89 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.1.0) - actionpack (= 5.1.0) + actioncable (5.2.0) + actionpack (= 5.2.0) nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.0) - actionpack (= 5.1.0) - actionview (= 5.1.0) - activejob (= 5.1.0) + websocket-driver (>= 0.6.1) + actionmailer (5.2.0) + actionpack (= 5.2.0) + actionview (= 5.2.0) + activejob (= 5.2.0) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.0) - actionview (= 5.1.0) - activesupport (= 5.1.0) + actionpack (5.2.0) + actionview (= 5.2.0) + activesupport (= 5.2.0) rack (~> 2.0) - rack-test (~> 0.6.3) + rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.0) - activesupport (= 5.1.0) + actionview (5.2.0) + activesupport (= 5.2.0) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.0) - activesupport (= 5.1.0) + activejob (5.2.0) + activesupport (= 5.2.0) globalid (>= 0.3.6) - activemodel (5.1.0) - activesupport (= 5.1.0) - activerecord (5.1.0) - activemodel (= 5.1.0) - activesupport (= 5.1.0) - arel (~> 8.0) - activesupport (5.1.0) + activemodel (5.2.0) + activesupport (= 5.2.0) + activerecord (5.2.0) + activemodel (= 5.2.0) + activesupport (= 5.2.0) + arel (>= 9.0) + activestorage (5.2.0) + actionpack (= 5.2.0) + activerecord (= 5.2.0) + marcel (~> 0.3.1) + activesupport (5.2.0) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - arel (8.0.0) - bcrypt (3.1.11) + arel (9.0.0) + bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.0.5) - erubi (1.6.0) + crass (1.0.4) + erubi (1.7.1) faraday (0.11.0) multipart-post (>= 1.2, < 3) - globalid (0.4.0) + globalid (0.4.1) activesupport (>= 4.2.0) - hashie (3.5.5) - i18n (0.8.1) + hashie (3.5.7) + i18n (1.0.0) + concurrent-ruby (~> 1.0) jwt (1.5.6) - loofah (2.0.3) + loofah (2.2.2) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.5) - mime-types (>= 1.16, < 4) + mail (2.7.0) + mini_mime (>= 0.1.1) + marcel (0.3.2) + mimemagic (~> 0.3.2) metaclass (0.0.4) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) + method_source (0.9.0) + mimemagic (0.3.2) + mini_mime (1.0.0) + mini_portile2 (2.3.0) + minitest (5.11.3) mocha (1.2.1) metaclass (~> 0.0.1) multi_json (1.12.1) multi_xml (0.6.0) multipart-post (2.0.0) - nio4r (2.0.0) - nokogiri (1.7.1) - mini_portile2 (~> 2.1.0) + nio4r (2.3.0) + nokogiri (1.8.2) + mini_portile2 (~> 2.3.0) oauth2 (1.3.1) faraday (>= 0.8, < 0.12) jwt (~> 1.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.6.1) + omniauth (1.8.1) hashie (>= 3.4.6, < 3.6.0) rack (>= 1.6.2, < 3) omniauth-facebook (4.0.0) @@ -106,40 +114,41 @@ omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.1) + rack (2.0.4) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails (5.1.0) - actioncable (= 5.1.0) - actionmailer (= 5.1.0) - actionpack (= 5.1.0) - actionview (= 5.1.0) - activejob (= 5.1.0) - activemodel (= 5.1.0) - activerecord (= 5.1.0) - activesupport (= 5.1.0) - bundler (>= 1.3.0, < 2.0) - railties (= 5.1.0) + rack-test (1.0.0) + rack (>= 1.0, < 3) + rails (5.2.0) + actioncable (= 5.2.0) + actionmailer (= 5.2.0) + actionpack (= 5.2.0) + actionview (= 5.2.0) + activejob (= 5.2.0) + activemodel (= 5.2.0) + activerecord (= 5.2.0) + activestorage (= 5.2.0) + activesupport (= 5.2.0) + bundler (>= 1.3.0) + railties (= 5.2.0) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.1) actionpack (~> 5.x) actionview (~> 5.x) activesupport (~> 5.x) - rails-dom-testing (2.0.2) - activesupport (>= 4.2.0, < 6.0) - nokogiri (~> 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.1.0) - actionpack (= 5.1.0) - activesupport (= 5.1.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.0.4) + loofah (~> 2.2, >= 2.2.2) + railties (5.2.0) + actionpack (= 5.2.0) + activesupport (= 5.2.0) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (12.0.0) + rake (12.3.1) rdoc (5.1.0) responders (2.4.0) actionpack (>= 4.2.0, < 5.3) @@ -148,14 +157,14 @@ sprockets (3.7.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - thor (0.19.4) + thor (0.20.0) thread_safe (0.3.6) - tzinfo (1.2.3) + tzinfo (1.2.5) thread_safe (~> 0.1) warden (1.2.7) rack (>= 1.0) @@ -163,9 +172,9 @@ nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.6.5) + websocket-driver (0.7.0) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.3) PLATFORMS ruby @@ -182,10 +191,10 @@ omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.1) + rails (~> 5.2) rails-controller-testing rdoc - responders (~> 2.1) + responders (~> 2.4) sqlite3 webrat (= 0.7.3) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2018-03-18 01:00:30.000000000 +0100 +++ new/README.md 2018-08-16 01:29:38.000000000 +0200 @@ -16,16 +16,16 @@ It's composed of 10 modules: -* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. -* [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. -* [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. -* [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. -* [Rememberable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. -* [Trackable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. -* [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. -* [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +* [Database Authenticatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Omniauthable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. +* [Confirmable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. +* [Recoverable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. +* [Registerable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. +* [Rememberable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. +* [Trackable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. +* [Timeoutable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. +* [Validatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. +* [Lockable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. ## Table of Contents @@ -53,11 +53,6 @@ - [Integration tests](#integration-tests) - [OmniAuth](#omniauth) - [Configuring multiple models](#configuring-multiple-models) -- [Create a migration with the required fields](#create-a-migration-with-the-required-fields) -- [Inside your Admin model](#inside-your-admin-model) -- [Inside your routes](#inside-your-routes) -- [Inside your protected controller](#inside-your-protected-controller) -- [Inside your controllers and views](#inside-your-controllers-and-views) - [ActiveJob Integration](#activejob-integration) - [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs) - [Other ORMs](#other-orms) @@ -140,7 +135,7 @@ ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). -Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite brakes on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: ```bash rbenv shell 2.4.2 # or rvm use 2.4.2 @@ -166,7 +161,7 @@ ## Getting started -Devise 4.0 works with Rails 4.1 onwards. You can add it to your Gemfile with: +Devise 4.0 works with Rails 4.1 onwards. Add the following line to your Gemfile: ```ruby gem 'devise' @@ -195,7 +190,7 @@ $ rails generate devise MODEL ``` -Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. +Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rails db:migrate` @@ -404,6 +399,7 @@ ... end ``` + (Use the -c flag to specify a controller, for example: `rails generate devise:controllers users -c=sessions`) 2. Tell the router to use this controller: @@ -519,6 +515,9 @@ Controller tests require that you include `Devise::Test::ControllerHelpers` on your test case or its parent `ActionController::TestCase` superclass. +For Rails 5, include `Devise::Test::IntegrationHelpers` instead, since the superclass +for controller tests has been changed to ActionDispatch::IntegrationTest +(for more details, see the [Integration tests](#integration-tests) section). ```ruby class PostsControllerTest < ActionController::TestCase diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/app/controllers/devise/registrations_controller.rb new/app/controllers/devise/registrations_controller.rb --- old/app/controllers/devise/registrations_controller.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/app/controllers/devise/registrations_controller.rb 2018-08-16 01:29:38.000000000 +0200 @@ -112,7 +112,7 @@ # The path used after sign up. You need to overwrite this method # in your own RegistrationsController. def after_sign_up_path_for(resource) - after_sign_in_path_for(resource) + after_sign_in_path_for(resource) if is_navigational_format? end # The path used after sign up for inactive accounts. You need to overwrite diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/app/controllers/devise_controller.rb new/app/controllers/devise_controller.rb --- old/app/controllers/devise_controller.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/app/controllers/devise_controller.rb 2018-08-16 01:29:38.000000000 +0200 @@ -22,7 +22,7 @@ # Action Controller tests that forces _prefixes to be # loaded before even having a request object. # - # This method should be public as it is is in ActionPack + # This method should be public as it is in ActionPack # itself. Changing its visibility may break other gems. def _prefixes #:nodoc: @_prefixes ||= if self.class.scoped_views? && request && devise_mapping diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/app/views/devise/passwords/edit.html.erb new/app/views/devise/passwords/edit.html.erb --- old/app/views/devise/passwords/edit.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/app/views/devise/passwords/edit.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -9,7 +9,7 @@ <% if @minimum_password_length %> <em>(<%= @minimum_password_length %> characters minimum)</em><br /> <% end %> - <%= f.password_field :password, autofocus: true, autocomplete: "off" %> + <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %> </div> <div class="field"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/app/views/devise/registrations/edit.html.erb new/app/views/devise/registrations/edit.html.erb --- old/app/views/devise/registrations/edit.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/app/views/devise/registrations/edit.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -14,7 +14,7 @@ <div class="field"> <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br /> - <%= f.password_field :password, autocomplete: "off" %> + <%= f.password_field :password, autocomplete: "new-password" %> <% if @minimum_password_length %> <br /> <em><%= @minimum_password_length %> characters minimum</em> @@ -23,12 +23,12 @@ <div class="field"> <%= f.label :password_confirmation %><br /> - <%= f.password_field :password_confirmation, autocomplete: "off" %> + <%= f.password_field :password_confirmation, autocomplete: "new-password" %> </div> <div class="field"> <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br /> - <%= f.password_field :current_password, autocomplete: "off" %> + <%= f.password_field :current_password, autocomplete: "current-password" %> </div> <div class="actions"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/app/views/devise/registrations/new.html.erb new/app/views/devise/registrations/new.html.erb --- old/app/views/devise/registrations/new.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/app/views/devise/registrations/new.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -13,12 +13,12 @@ <% if @minimum_password_length %> <em>(<%= @minimum_password_length %> characters minimum)</em> <% end %><br /> - <%= f.password_field :password, autocomplete: "off" %> + <%= f.password_field :password, autocomplete: "new-password" %> </div> <div class="field"> <%= f.label :password_confirmation %><br /> - <%= f.password_field :password_confirmation, autocomplete: "off" %> + <%= f.password_field :password_confirmation, autocomplete: "new-password" %> </div> <div class="actions"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/app/views/devise/sessions/new.html.erb new/app/views/devise/sessions/new.html.erb --- old/app/views/devise/sessions/new.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/app/views/devise/sessions/new.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -8,7 +8,7 @@ <div class="field"> <%= f.label :password %><br /> - <%= f.password_field :password, autocomplete: "off" %> + <%= f.password_field :password, autocomplete: "current-password" %> </div> <% if devise_mapping.rememberable? -%> Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/Gemfile.rails-4.1-stable.lock new/gemfiles/Gemfile.rails-4.1-stable.lock --- old/gemfiles/Gemfile.rails-4.1-stable.lock 2018-03-18 01:00:30.000000000 +0100 +++ new/gemfiles/Gemfile.rails-4.1-stable.lock 2018-08-16 01:29:38.000000000 +0200 @@ -21,7 +21,7 @@ PATH remote: .. specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -54,7 +54,7 @@ thread_safe (~> 0.1) tzinfo (~> 1.1) arel (5.0.1.20140414130214) - bcrypt (3.1.11) + bcrypt (3.1.12) bson (3.2.6) builder (3.2.3) concurrent-ruby (1.0.5) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/Gemfile.rails-4.2-stable.lock new/gemfiles/Gemfile.rails-4.2-stable.lock --- old/gemfiles/Gemfile.rails-4.2-stable.lock 2018-03-18 01:00:30.000000000 +0100 +++ new/gemfiles/Gemfile.rails-4.2-stable.lock 2018-08-16 01:29:38.000000000 +0200 @@ -57,7 +57,7 @@ PATH remote: .. specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -68,7 +68,7 @@ remote: https://rubygems.org/ specs: arel (6.0.4) - bcrypt (3.1.11) + bcrypt (3.1.12) bson (3.2.6) builder (3.2.3) concurrent-ruby (1.0.5) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/Gemfile.rails-5.0-stable.lock new/gemfiles/Gemfile.rails-5.0-stable.lock --- old/gemfiles/Gemfile.rails-5.0-stable.lock 2018-03-18 01:00:30.000000000 +0100 +++ new/gemfiles/Gemfile.rails-5.0-stable.lock 2018-08-16 01:29:38.000000000 +0200 @@ -10,7 +10,7 @@ PATH remote: .. specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -58,7 +58,7 @@ minitest (~> 5.1) tzinfo (~> 1.1) arel (7.1.4) - bcrypt (3.1.11) + bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.0.5) erubis (2.7.0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/Gemfile.rails-5.2-rc1.lock new/gemfiles/Gemfile.rails-5.2-rc1.lock --- old/gemfiles/Gemfile.rails-5.2-rc1.lock 2018-03-18 01:00:30.000000000 +0100 +++ new/gemfiles/Gemfile.rails-5.2-rc1.lock 2018-08-16 01:29:38.000000000 +0200 @@ -10,7 +10,7 @@ PATH remote: .. specs: - devise (4.4.3) + devise (4.5.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0, < 6.0) @@ -62,7 +62,7 @@ minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) - bcrypt (3.1.11) + bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.0.5) crass (1.0.3) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/guides/bug_report_templates/integration_test.rb new/guides/bug_report_templates/integration_test.rb --- old/guides/bug_report_templates/integration_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/guides/bug_report_templates/integration_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -76,7 +76,7 @@ class TestController < ApplicationController include Rails.application.routes.url_helpers - before_filter :authenticate_user! + before_action :authenticate_user! def index render plain: 'Home' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/controllers/sign_in_out.rb new/lib/devise/controllers/sign_in_out.rb --- old/lib/devise/controllers/sign_in_out.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/controllers/sign_in_out.rb 2018-08-16 01:29:38.000000000 +0200 @@ -19,6 +19,9 @@ # Sign in a user that already was authenticated. This helper is useful for logging # users in after sign up. All options given to sign_in is passed forward # to the set_user method in warden. + # If you are using a custom warden strategy and the timeoutable module, you have to + # set `env["devise.skip_timeout"] = true` in the request to use this method, like we do + # in the sessions controller: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 # # Examples: # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/failure_app.rb new/lib/devise/failure_app.rb --- old/lib/devise/failure_app.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/failure_app.rb 2018-08-16 01:29:38.000000000 +0200 @@ -260,5 +260,7 @@ def relative_url_root? relative_url_root.present? end + + ActiveSupport.run_load_hooks(:devise_failure_app, self) end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/models/authenticatable.rb new/lib/devise/models/authenticatable.rb --- old/lib/devise/models/authenticatable.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/models/authenticatable.rb 2018-08-16 01:29:38.000000000 +0200 @@ -134,16 +134,18 @@ # This is an internal method called every time Devise needs # to send a notification/mail. This can be overridden if you # need to customize the e-mail delivery logic. For instance, - # if you are using a queue to deliver e-mails (delayed job, - # sidekiq, resque, etc), you must add the delivery to the queue + # if you are using a queue to deliver e-mails (active job, delayed + # job, sidekiq, resque, etc), you must add the delivery to the queue # just after the transaction was committed. To achieve this, # you can override send_devise_notification to store the - # deliveries until the after_commit callback is triggered: + # deliveries until the after_commit callback is triggered. + # + # The following example uses Active Job's `deliver_later` : # # class User # devise :database_authenticatable, :confirmable # - # after_commit :send_pending_notifications + # after_commit :send_pending_devise_notifications # # protected # @@ -152,38 +154,43 @@ # # delivery until the after_commit callback otherwise # # send now because after_commit will not be called. # if new_record? || changed? - # pending_notifications << [notification, args] + # pending_devise_notifications << [notification, args] # else - # message = devise_mailer.send(notification, self, *args) - # Remove once we move to Rails 4.2+ only. - # if message.respond_to?(:deliver_now) - # message.deliver_now - # else - # message.deliver - # end + # render_and_send_devise_message(notification, *args) # end # end # - # def send_pending_notifications - # pending_notifications.each do |notification, args| - # message = devise_mailer.send(notification, self, *args) - # Remove once we move to Rails 4.2+ only. - # if message.respond_to?(:deliver_now) - # message.deliver_now - # else - # message.deliver - # end + # private + # + # def send_pending_devise_notifications + # pending_devise_notifications.each do |notification, args| + # render_and_send_devise_message(notification, *args) # end # # # Empty the pending notifications array because the # # after_commit hook can be called multiple times which # # could cause multiple emails to be sent. - # pending_notifications.clear + # pending_devise_notifications.clear + # end + # + # def pending_devise_notifications + # @pending_devise_notifications ||= [] # end # - # def pending_notifications - # @pending_notifications ||= [] + # def render_and_send_devise_message(notification, *args) + # message = devise_mailer.send(notification, self, *args) + # + # # Deliver later with Active Job's `deliver_later` + # if message.respond_to?(:deliver_later) + # message.deliver_later + # # Remove once we move to Rails 4.2+ only, as `deliver` is deprecated. + # elsif message.respond_to?(:deliver_now) + # message.deliver_now + # else + # message.deliver + # end # end + # # end # def send_devise_notification(notification, *args) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/models/database_authenticatable.rb new/lib/devise/models/database_authenticatable.rb --- old/lib/devise/models/database_authenticatable.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/models/database_authenticatable.rb 2018-08-16 01:29:38.000000000 +0200 @@ -73,11 +73,11 @@ end result = if valid_password?(current_password) - update_attributes(params, *options) + update(params, *options) else - self.assign_attributes(params, *options) - self.valid? - self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) + assign_attributes(params, *options) + valid? + errors.add(:current_password, current_password.blank? ? :blank : :invalid) false end @@ -101,7 +101,7 @@ params.delete(:password) params.delete(:password_confirmation) - result = update_attributes(params, *options) + result = update(params, *options) clean_up_passwords result end @@ -113,8 +113,8 @@ result = if valid_password?(current_password) destroy else - self.valid? - self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) + valid? + errors.add(:current_password, current_password.blank? ? :blank : :invalid) false end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/models/trackable.rb new/lib/devise/models/trackable.rb --- old/lib/devise/models/trackable.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/models/trackable.rb 2018-08-16 01:29:38.000000000 +0200 @@ -22,7 +22,7 @@ self.last_sign_in_at = old_current || new_current self.current_sign_in_at = new_current - old_current, new_current = self.current_sign_in_ip, request.remote_ip + old_current, new_current = self.current_sign_in_ip, extract_ip_from(request) self.last_sign_in_ip = old_current || new_current self.current_sign_in_ip = new_current @@ -39,6 +39,13 @@ update_tracked_fields(request) save(validate: false) end + + protected + + def extract_ip_from(request) + request.remote_ip + end + end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/parameter_filter.rb new/lib/devise/parameter_filter.rb --- old/lib/devise/parameter_filter.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/parameter_filter.rb 2018-08-16 01:29:38.000000000 +0200 @@ -18,6 +18,8 @@ def filtered_hash_by_method_for_given_keys(conditions, method, condition_keys) condition_keys.each do |k| + next unless conditions.key?(k) + value = conditions[k] conditions[k] = value.send(method) if value.respond_to?(method) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/parameter_sanitizer.rb new/lib/devise/parameter_sanitizer.rb --- old/lib/devise/parameter_sanitizer.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/parameter_sanitizer.rb 2018-08-16 01:29:38.000000000 +0200 @@ -135,7 +135,19 @@ end def default_params - @params.fetch(@resource_name, {}) + if hashable_resource_params? + @params.fetch(@resource_name) + else + empty_params + end + end + + def hashable_resource_params? + @params[@resource_name].respond_to?(:permit) + end + + def empty_params + ActionController::Parameters.new({}) end def permit_keys(parameters, keys) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/secret_key_finder.rb new/lib/devise/secret_key_finder.rb --- old/lib/devise/secret_key_finder.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/secret_key_finder.rb 2018-08-16 01:29:38.000000000 +0200 @@ -13,6 +13,8 @@ @application.secrets.secret_key_base elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config) @application.config.secret_key_base + elsif @application.respond_to?(:secret_key_base) && key_exists?(@application) + @application.secret_key_base end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/strategies/database_authenticatable.rb new/lib/devise/strategies/database_authenticatable.rb --- old/lib/devise/strategies/database_authenticatable.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/strategies/database_authenticatable.rb 2018-08-16 01:29:38.000000000 +0200 @@ -17,7 +17,9 @@ end mapping.to.new.password = password if !hashed && Devise.paranoid - fail(:not_found_in_database) unless resource + unless resource + Devise.paranoid ? fail(:invalid) : fail(:not_found_in_database) + end end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/version.rb new/lib/devise/version.rb --- old/lib/devise/version.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/devise/version.rb 2018-08-16 01:29:38.000000000 +0200 @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.4.3".freeze + VERSION = "4.5.0".freeze end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/active_record/devise_generator.rb new/lib/generators/active_record/devise_generator.rb --- old/lib/generators/active_record/devise_generator.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/active_record/devise_generator.rb 2018-08-16 01:29:38.000000000 +0200 @@ -54,11 +54,11 @@ t.datetime :remember_created_at ## Trackable - t.integer :sign_in_count, default: 0, null: false - t.datetime :current_sign_in_at - t.datetime :last_sign_in_at - t.#{ip_column} :current_sign_in_ip - t.#{ip_column} :last_sign_in_ip + # t.integer :sign_in_count, default: 0, null: false + # t.datetime :current_sign_in_at + # t.datetime :last_sign_in_at + # t.#{ip_column} :current_sign_in_ip + # t.#{ip_column} :last_sign_in_ip ## Confirmable # t.string :confirmation_token diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/devise/orm_helpers.rb new/lib/generators/devise/orm_helpers.rb --- old/lib/generators/devise/orm_helpers.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/devise/orm_helpers.rb 2018-08-16 01:29:38.000000000 +0200 @@ -6,9 +6,9 @@ def model_contents buffer = <<-CONTENT # Include default devise modules. Others available are: - # :confirmable, :lockable, :timeoutable and :omniauthable + # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable devise :database_authenticatable, :registerable, - :recoverable, :rememberable, :trackable, :validatable + :recoverable, :rememberable, :validatable CONTENT buffer diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/mongoid/devise_generator.rb new/lib/generators/mongoid/devise_generator.rb --- old/lib/generators/mongoid/devise_generator.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/mongoid/devise_generator.rb 2018-08-16 01:29:38.000000000 +0200 @@ -34,11 +34,11 @@ field :remember_created_at, type: Time ## Trackable - field :sign_in_count, type: Integer, default: 0 - field :current_sign_in_at, type: Time - field :last_sign_in_at, type: Time - field :current_sign_in_ip, type: String - field :last_sign_in_ip, type: String + # field :sign_in_count, type: Integer, default: 0 + # field :current_sign_in_at, type: Time + # field :last_sign_in_at, type: Time + # field :current_sign_in_ip, type: String + # field :last_sign_in_ip, type: String ## Confirmable # field :confirmation_token, type: String diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/devise.rb new/lib/generators/templates/devise.rb --- old/lib/generators/templates/devise.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/templates/devise.rb 2018-08-16 01:29:38.000000000 +0200 @@ -280,4 +280,11 @@ # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' + + # ==> Turbolinks configuration + # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly: + # + # ActiveSupport.on_load(:devise_failure_app) do + # include Turbolinks::Controller + # end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/simple_form_for/confirmations/new.html.erb new/lib/generators/templates/simple_form_for/confirmations/new.html.erb --- old/lib/generators/templates/simple_form_for/confirmations/new.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/templates/simple_form_for/confirmations/new.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -5,7 +5,11 @@ <%= f.full_error :confirmation_token %> <div class="form-inputs"> - <%= f.input :email, required: true, autofocus: true %> + <%= f.input :email, + required: true, + autofocus: true, + value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email), + input_html: { autocomplete: "email" } %> </div> <div class="form-actions"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/simple_form_for/passwords/edit.html.erb new/lib/generators/templates/simple_form_for/passwords/edit.html.erb --- old/lib/generators/templates/simple_form_for/passwords/edit.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/templates/simple_form_for/passwords/edit.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -7,7 +7,12 @@ <%= f.full_error :reset_password_token %> <div class="form-inputs"> - <%= f.input :password, label: "New password", required: true, autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> + <%= f.input :password, + label: "New password", + required: true, + autofocus: true, + hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length), + input_html: { autocomplete: "new-password" } %> <%= f.input :password_confirmation, label: "Confirm your new password", required: true %> </div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/simple_form_for/passwords/new.html.erb new/lib/generators/templates/simple_form_for/passwords/new.html.erb --- old/lib/generators/templates/simple_form_for/passwords/new.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/templates/simple_form_for/passwords/new.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -4,7 +4,10 @@ <%= f.error_notification %> <div class="form-inputs"> - <%= f.input :email, required: true, autofocus: true %> + <%= f.input :email, + required: true, + autofocus: true, + input_html: { autocomplete: "email" } %> </div> <div class="form-actions"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/simple_form_for/registrations/edit.html.erb new/lib/generators/templates/simple_form_for/registrations/edit.html.erb --- old/lib/generators/templates/simple_form_for/registrations/edit.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/templates/simple_form_for/registrations/edit.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -10,9 +10,17 @@ <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p> <% end %> - <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %> - <%= f.input :password_confirmation, required: false %> - <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %> + <%= f.input :password, + hint: "leave it blank if you don't want to change it", + required: false + input_html: { autocomplete: "new-password" } %> + <%= f.input :password_confirmation, + required: false, + input_html: { autocomplete: "new-password" } %> + <%= f.input :current_password, + hint: "we need your current password to confirm your changes", + required: true, + input_html: { autocomplete: "current-password" } %> </div> <div class="form-actions"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/simple_form_for/registrations/new.html.erb new/lib/generators/templates/simple_form_for/registrations/new.html.erb --- old/lib/generators/templates/simple_form_for/registrations/new.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/templates/simple_form_for/registrations/new.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -4,9 +4,17 @@ <%= f.error_notification %> <div class="form-inputs"> - <%= f.input :email, required: true, autofocus: true %> - <%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length) %> - <%= f.input :password_confirmation, required: true %> + <%= f.input :email, + required: true, + autofocus: true , + input_html: { autocomplete: "email" }%> + <%= f.input :password, + required: true, + hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length), + input_html: { autocomplete: "new-password" } %> + <%= f.input :password_confirmation, + required: true, + input_html: { autocomplete: "new-password" } %> </div> <div class="form-actions"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/simple_form_for/sessions/new.html.erb new/lib/generators/templates/simple_form_for/sessions/new.html.erb --- old/lib/generators/templates/simple_form_for/sessions/new.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/templates/simple_form_for/sessions/new.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -2,8 +2,13 @@ <%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> <div class="form-inputs"> - <%= f.input :email, required: false, autofocus: true %> - <%= f.input :password, required: false %> + <%= f.input :email, + required: false, + autofocus: true, + input_html: { autocomplete: "email" } %> + <%= f.input :password, + required: false, + input_html: { autocomplete: "current-password" } %> <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %> </div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/simple_form_for/unlocks/new.html.erb new/lib/generators/templates/simple_form_for/unlocks/new.html.erb --- old/lib/generators/templates/simple_form_for/unlocks/new.html.erb 2018-03-18 01:00:30.000000000 +0100 +++ new/lib/generators/templates/simple_form_for/unlocks/new.html.erb 2018-08-16 01:29:38.000000000 +0200 @@ -5,7 +5,10 @@ <%= f.full_error :unlock_token %> <div class="form-inputs"> - <%= f.input :email, required: true, autofocus: true %> + <%= f.input :email, + required: true, + autofocus: true, + input_html: { autocomplete: "email" } %> </div> <div class="form-actions"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2018-03-18 01:00:30.000000000 +0100 +++ new/metadata 2018-08-16 01:29:38.000000000 +0200 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: devise version: !ruby/object:Gem::Version - version: 4.4.3 + version: 4.5.0 platform: ruby authors: - José Valim @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2018-03-18 00:00:00.000000000 Z +date: 2018-08-15 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: warden @@ -340,6 +340,7 @@ - test/rails_app/config/routes.rb - test/rails_app/db/migrate/20100401102949_create_tables.rb - test/rails_app/db/schema.rb +- test/rails_app/lib/lazy_load_test_module.rb - test/rails_app/lib/shared_admin.rb - test/rails_app/lib/shared_user.rb - test/rails_app/lib/shared_user_without_email.rb @@ -383,7 +384,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.7.3 +rubygems_version: 2.7.4 signing_key: specification_version: 4 summary: Flexible authentication solution for Rails with Warden @@ -504,6 +505,7 @@ - test/rails_app/config/routes.rb - test/rails_app/db/migrate/20100401102949_create_tables.rb - test/rails_app/db/schema.rb +- test/rails_app/lib/lazy_load_test_module.rb - test/rails_app/lib/shared_admin.rb - test/rails_app/lib/shared_user.rb - test/rails_app/lib/shared_user_without_email.rb diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/failure_app_test.rb new/test/failure_app_test.rb --- old/test/failure_app_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/failure_app_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -337,4 +337,10 @@ end end end + + context "Lazy loading" do + test "loads" do + assert_equal Devise::FailureApp.new.lazy_loading_works?, "yes it does" + end + end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/integration/confirmable_test.rb new/test/integration/confirmable_test.rb --- old/test/integration/confirmable_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/integration/confirmable_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -263,7 +263,7 @@ test 'admin should be able to request a new confirmation after email changed' do admin = create_admin - admin.update_attributes(email: '[email protected]') + admin.update(email: '[email protected]') visit new_admin_session_path click_link "Didn't receive confirmation instructions?" @@ -279,7 +279,7 @@ test 'admin with valid confirmation token should be able to confirm email after email changed' do admin = create_admin - admin.update_attributes(email: '[email protected]') + admin.update(email: '[email protected]') assert_equal '[email protected]', admin.unconfirmed_email visit_admin_confirmation_with_token(admin.raw_confirmation_token) @@ -291,13 +291,13 @@ test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do admin = create_admin - admin.update_attributes(email: '[email protected]') + admin.update(email: '[email protected]') assert_equal '[email protected]', admin.unconfirmed_email raw_confirmation_token = admin.raw_confirmation_token admin = Admin.find(admin.id) - admin.update_attributes(email: '[email protected]') + admin.update(email: '[email protected]') assert_equal '[email protected]', admin.unconfirmed_email visit_admin_confirmation_with_token(raw_confirmation_token) @@ -313,7 +313,7 @@ test 'admin email should be unique also within unconfirmed_email' do admin = create_admin - admin.update_attributes(email: '[email protected]') + admin.update(email: '[email protected]') assert_equal '[email protected]', admin.unconfirmed_email create_second_admin(email: "[email protected]") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/integration/database_authenticatable_test.rb new/test/integration/database_authenticatable_test.rb --- old/test/integration/database_authenticatable_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/integration/database_authenticatable_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -74,6 +74,19 @@ refute warden.authenticated?(:admin) end + test 'when in paranoid mode and without a valid e-mail' do + swap Devise, paranoid: true do + store_translations :en, devise: { failure: { not_found_in_database: 'Not found in database' } } do + sign_in_as_user do + fill_in 'email', with: '[email protected]' + end + + assert_not_contain 'Not found in database' + assert_contain 'Invalid Email or password.' + end + end + end + test 'error message is configurable by resource name' do store_translations :en, devise: { failure: { admin: { invalid: "Invalid credentials" } } } do sign_in_as_admin do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/mailers/email_changed_test.rb new/test/mailers/email_changed_test.rb --- old/test/mailers/email_changed_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/mailers/email_changed_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -19,7 +19,7 @@ def user @user ||= create_user.tap { |u| @original_user_email = u.email - u.update_attributes!(email: '[email protected]') + u.update!(email: '[email protected]') } end @@ -108,7 +108,7 @@ def admin @admin ||= create_admin.tap { |u| @original_admin_email = u.email - u.update_attributes!(email: '[email protected]') + u.update!(email: '[email protected]') } end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/models/confirmable_test.rb new/test/models/confirmable_test.rb --- old/test/models/confirmable_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/models/confirmable_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -372,7 +372,7 @@ admin = create_admin assert admin.confirm residual_token = admin.confirmation_token - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') assert_not_equal residual_token, admin.confirmation_token end @@ -381,7 +381,7 @@ original_token = admin.confirmation_token assert admin.confirm admin.skip_reconfirmation! - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') assert admin.confirmed? refute admin.pending_reconfirmation? assert_equal original_token, admin.confirmation_token @@ -392,16 +392,16 @@ admin.skip_confirmation_notification! assert_email_not_sent do - admin.update_attributes(email: '[email protected]') + admin.update(email: '[email protected]') end end test 'should regenerate confirmation token after changing email' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') token = admin.confirmation_token - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') assert_not_equal token, admin.confirmation_token end @@ -409,7 +409,7 @@ admin = create_admin assert admin.confirm assert_email_sent "[email protected]" do - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') end assert_match "[email protected]", ActionMailer::Base.deliveries.last.body.encoded end @@ -417,7 +417,7 @@ test 'should send confirmation instructions by email after changing email from nil' do admin = create_admin(email: nil) assert_email_sent "[email protected]" do - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') end assert_match "[email protected]", ActionMailer::Base.deliveries.last.body.encoded end @@ -426,7 +426,7 @@ admin = create_admin assert admin.confirm assert_email_not_sent do - assert admin.update_attributes(password: 'newpass', password_confirmation: 'newpass') + assert admin.update(password: 'newpass', password_confirmation: 'newpass') end end @@ -442,14 +442,14 @@ test 'should stay confirmed when email is changed' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') assert admin.confirmed? end test 'should update email only when it is confirmed' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') assert_not_equal '[email protected]', admin.email assert admin.confirm assert_equal '[email protected]', admin.email @@ -458,16 +458,16 @@ test 'should not allow admin to get past confirmation email by resubmitting their new address' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') assert_not_equal '[email protected]', admin.email - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') assert_not_equal '[email protected]', admin.email end test 'should find a admin by send confirmation instructions with unconfirmed_email' do admin = create_admin assert admin.confirm - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email) assert_equal confirmation_admin, admin end @@ -536,7 +536,7 @@ original_email = admin.email assert_difference 'ActionMailer::Base.deliveries.size', 2 do - assert admin.update_attributes(email: '[email protected]') + assert admin.update(email: '[email protected]') end assert_equal original_email, ActionMailer::Base.deliveries[-2]['to'].to_s assert_equal '[email protected]', ActionMailer::Base.deliveries[-1]['to'].to_s diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/models/database_authenticatable_test.rb new/test/models/database_authenticatable_test.rb --- old/test/models/database_authenticatable_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/models/database_authenticatable_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -88,6 +88,13 @@ assert_equal( {'strip_whitespace' => 'strip_whitespace_val', 'do_not_strip_whitespace' => ' do_not_strip_whitespace_val '}, conditions ) end + test 'param filter should not add keys to filtered hash' do + conditions = { 'present' => 'present_val' } + conditions.default = '' + conditions = Devise::ParameterFilter.new(['not_present'], []).filter(conditions) + assert_equal({ 'present' => 'present_val' }, conditions) + end + test 'should respond to password and password confirmation' do user = new_user assert user.respond_to?(:password) @@ -234,7 +241,7 @@ test 'should not email on password change' do user = create_user assert_email_not_sent do - assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + assert user.update(password: 'newpass', password_confirmation: 'newpass') end end @@ -243,7 +250,7 @@ user = create_user original_email = user.email assert_email_sent original_email do - assert user.update_attributes(email: '[email protected]') + assert user.update(email: '[email protected]') end assert_match original_email, ActionMailer::Base.deliveries.last.body.encoded end @@ -253,7 +260,7 @@ swap Devise, send_password_change_notification: true do user = create_user assert_email_sent user.email do - assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass') + assert user.update(password: 'newpass', password_confirmation: 'newpass') end assert_match user.email, ActionMailer::Base.deliveries.last.body.encoded end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/models/trackable_test.rb new/test/models/trackable_test.rb --- old/test/models/trackable_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/models/trackable_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -59,4 +59,22 @@ assert_not user.update_tracked_fields!(request) end + + test 'extract_ip_from should be overridable' do + class UserWithOverride < User + protected + def extract_ip_from(request) + "127.0.0.2" + end + end + + request = mock + request.stubs(:remote_ip).returns("127.0.0.1") + user = UserWithOverride.new + + user.update_tracked_fields(request) + + assert_equal "127.0.0.2", user.current_sign_in_ip + assert_equal "127.0.0.2", user.last_sign_in_ip + end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/parameter_sanitizer_test.rb new/test/parameter_sanitizer_test.rb --- old/test/parameter_sanitizer_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/parameter_sanitizer_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -16,6 +16,34 @@ assert_equal({ 'email' => 'jose' }, sanitized) end + test 'permits empty params when received not a hash' do + sanitizer = sanitizer({ 'user' => 'string' }) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({}, sanitized) + end + + test 'does not rise error when received string instead of hash' do + sanitizer = sanitizer('user' => 'string') + assert_nothing_raised do + sanitizer.sanitize(:sign_in) + end + end + + test 'does not rise error when received nil instead of hash' do + sanitizer = sanitizer('user' => nil) + assert_nothing_raised do + sanitizer.sanitize(:sign_in) + end + end + + test 'permits empty params when received nil instead of hash' do + sanitizer = sanitizer({ 'user' => nil }) + sanitized = sanitizer.sanitize(:sign_in) + + assert_equal({}, sanitized) + end + test 'permits the default parameters for sign up' do sanitizer = sanitizer('user' => { 'email' => 'jose', 'role' => 'invalid' }) sanitized = sanitizer.sanitize(:sign_up) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/rails_app/config/initializers/devise.rb new/test/rails_app/config/initializers/devise.rb --- old/test/rails_app/config/initializers/devise.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/rails_app/config/initializers/devise.rb 2018-08-16 01:29:38.000000000 +0200 @@ -179,4 +179,9 @@ # manager.failure_app = AnotherApp # manager.default_strategies(scope: :user).unshift :some_external_strategy # end + + ActiveSupport.on_load(:devise_failure_app) do + require "lazy_load_test_module" + include LazyLoadTestModule + end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/rails_app/lib/lazy_load_test_module.rb new/test/rails_app/lib/lazy_load_test_module.rb --- old/test/rails_app/lib/lazy_load_test_module.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/test/rails_app/lib/lazy_load_test_module.rb 2018-08-16 01:29:38.000000000 +0200 @@ -0,0 +1,5 @@ +module LazyLoadTestModule + def lazy_loading_works? + "yes it does" + end +end \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/secret_key_finder_test.rb new/test/secret_key_finder_test.rb --- old/test/secret_key_finder_test.rb 2018-03-18 01:00:30.000000000 +0100 +++ new/test/secret_key_finder_test.rb 2018-08-16 01:29:38.000000000 +0200 @@ -32,6 +32,24 @@ end end +class Rails52SecretKeyBase + def credentials + OpenStruct.new(secret_key_base: nil) + end + + def secrets + OpenStruct.new(secret_key_base: nil) + end + + def config + OpenStruct.new(secret_key_base: nil) + end + + def secret_key_base + 'secret_key_base' + end +end + class Rails41Secrets def secrets OpenStruct.new(secret_key_base: 'secrets') @@ -77,6 +95,12 @@ assert_equal 'config', secret_key_finder.find end + test "rails 5.2 uses secret_key_base when config is empty" do + secret_key_finder = Devise::SecretKeyFinder.new(Rails52SecretKeyBase.new) + + assert_equal 'secret_key_base', secret_key_finder.find + end + test "rails 4.1 uses secrets" do secret_key_finder = Devise::SecretKeyFinder.new(Rails41Secrets.new)
