Updated devise to 3.1.0.

Diego Camarinha · Rafael Manzo
1 parent 26b0fae5
Showing 8 changed files with 24 additions and 11 deletions Show diff stats
Gemfile
Gemfile.lock
app/views/devise/mailer/confirmation_instructions.html.erb
app/views/devise/mailer/reset_password_instructions.html.erb
app/views/devise/mailer/unlock_instructions.html.erb
app/views/devise/shared/_links.erb
config/initializers/devise.rb
config/locales/devise.en.yml
@@ -34,7 +34,7 @@ gem &#39;turbolinks&#39;
 gem 'jbuilder', '~> 1.2'
  
 # For user authentication and everything else
-gem 'devise', '~> 3.0.0'
+gem 'devise', '~> 3.1.0'
  
 # Kalibro integration
 gem 'kalibro_entities', git: 'https://github.com/mezuro/kalibro_entities.git' #When the first version of KalibroEntities come out, do not keep using the git repository
@@ -71,10 +71,11 @@ GEM
       nokogiri (>= 1.5.0)
       rails (>= 3.0.0)
     database_cleaner (1.1.1)
-    devise (3.0.3)
+    devise (3.1.0)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
+      thread_safe (~> 0.1)
       warden (~> 1.2.3)
     diff-lcs (1.2.4)
     erubis (2.7.0)
@@ -229,7 +230,7 @@ DEPENDENCIES
   cucumber (= 1.3.2)
   cucumber-rails (~> 1.4.0)
   database_cleaner
-  devise (~> 3.0.0)
+  devise (~> 3.1.0)
   factory_girl_rails
   jbuilder (~> 1.2)
   jquery-rails
@@ -2,4 +2,4 @@
  
 <p>You can confirm your account email through the link below:</p>
  
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %></p>
@@ -2,7 +2,7 @@
  
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
  
-<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
+<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p>
  
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>
@@ -4,4 +4,4 @@
  
 <p>Click the link below to unlock your account:</p>
  
-<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>
+<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %></p>
@@ -6,7 +6,7 @@
   <%= link_to "Sign up", new_registration_path(resource_name) %><br />
 <% end -%>
  
-<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
+<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
   <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
 <% end -%>
  
@@ -22,4 +22,4 @@
   <%- resource_class.omniauth_providers.each do |provider| %>
     <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
   <% end -%>
-<% end -%>
 \ No newline at end of file
+<% end -%>
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
+  # The secret key used by Devise. Devise uses this key to generate
+  # random tokens. Changing this key will render invalid all existing
+  # confirmation, reset password and unlock tokens in the database.
+  config.secret_key = '24dea7d0a57b542793cd6ed3a05fd51178530c893524ab49f4c095f3d7c77483b00d09200aed92a194d073bf785fcbc96e5e7953ab3550e2e4aea41d117c06d6'
+
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
   # note that it will be overwritten if you use your own mailer class with default "from" parameter.
@@ -76,6 +81,12 @@ Devise.setup do |config|
   # passing :skip => :sessions to `devise_for` in your config/routes.rb
   config.skip_session_storage = [:http_auth]
  
+  # By default, Devise cleans up the CSRF token on authentication to
+  # avoid CSRF token fixation attacks. This means that, when using AJAX
+  # requests for sign in and sign up, you need to get a new CSRF token
+  # from the server. You can disable this option at your own risk.
+  # config.clean_up_csrf_token_on_authentication = true
+
   # ==> Configuration for :database_authenticatable
   # For bcrypt, this is the cost for hashing the password and defaults to 10. If
   # using other encryptors, it sets how many times you want the password re-encrypted.
@@ -3,17 +3,18 @@
 en:
   devise:
     confirmations:
-      confirmed: "Your account was successfully confirmed. You are now signed in."
+      confirmed: "Your account was successfully confirmed. Please sign in."
+      confirmed_and_signed_in: "Your account was successfully confirmed. You are now signed in."
       send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
       send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
     failure:
       already_authenticated: "You are already signed in."
-      inactive: "Your account was not activated yet."
+      inactive: "Your account is not activated yet."
       invalid: "Invalid email or password."
       invalid_token: "Invalid authentication token."
       locked: "Your account is locked."
       not_found_in_database: "Invalid email or password."
-      timeout: "Your session expired, please sign in again to continue."
+      timeout: "Your session expired. Please sign in again to continue."
       unauthenticated: "You need to sign in or sign up before continuing."
       unconfirmed: "You have to confirm your account before continuing."
     mailer:
...	...	@@ -34,7 +34,7 @@ gem 'turbolinks'
34	34	gem 'jbuilder', '~> 1.2'
35	35
36	36	# For user authentication and everything else
37		-gem 'devise', '~> 3.0.0'
	37	+gem 'devise', '~> 3.1.0'
38	38
39	39	# Kalibro integration
40	40	gem 'kalibro_entities', git: 'https://github.com/mezuro/kalibro_entities.git' #When the first version of KalibroEntities come out, do not keep using the git repository
...	...
...	...	@@ -71,10 +71,11 @@ GEM
71	71	nokogiri (>= 1.5.0)
72	72	rails (>= 3.0.0)
73	73	database_cleaner (1.1.1)
74		- devise (3.0.3)
	74	+ devise (3.1.0)
75	75	bcrypt-ruby (~> 3.0)
76	76	orm_adapter (~> 0.1)
77	77	railties (>= 3.2.6, < 5)
	78	+ thread_safe (~> 0.1)
78	79	warden (~> 1.2.3)
79	80	diff-lcs (1.2.4)
80	81	erubis (2.7.0)
...	...	@@ -229,7 +230,7 @@ DEPENDENCIES
229	230	cucumber (= 1.3.2)
230	231	cucumber-rails (~> 1.4.0)
231	232	database_cleaner
232		- devise (~> 3.0.0)
	233	+ devise (~> 3.1.0)
233	234	factory_girl_rails
234	235	jbuilder (~> 1.2)
235	236	jquery-rails
...	...
...	...	@@ -2,4 +2,4 @@
2	2
3	3	<p>You can confirm your account email through the link below:</p>
4	4
5		-<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>
	5	+<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %></p>
...	...
...	...	@@ -2,7 +2,7 @@
2	2
3	3	<p>Someone has requested a link to change your password. You can do this through the link below.</p>
4	4
5		-<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
	5	+<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p>
6	6
7	7	<p>If you didn't request this, please ignore this email.</p>
8	8	<p>Your password won't change until you access the link above and create a new one.</p>
...	...
...	...	@@ -4,4 +4,4 @@
4	4
5	5	<p>Click the link below to unlock your account:</p>
6	6
7		-<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>
	7	+<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %></p>
...	...
...	...	@@ -6,7 +6,7 @@
6	6	<%= link_to "Sign up", new_registration_path(resource_name) %><br />
7	7	<% end -%>
8	8
9		-<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
	9	+<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
10	10	<%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
11	11	<% end -%>
12	12
...	...	@@ -22,4 +22,4 @@
22	22	<%- resource_class.omniauth_providers.each do \|provider\| %>
23	23	<%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
24	24	<% end -%>
25		-<% end -%>
26	25	\ No newline at end of file
	26	+<% end -%>
...	...
1	1	# Use this hook to configure devise mailer, warden hooks and so forth.
2	2	# Many of these configuration options can be set straight in your model.
3	3	Devise.setup do \|config\|
	4	+ # The secret key used by Devise. Devise uses this key to generate
	5	+ # random tokens. Changing this key will render invalid all existing
	6	+ # confirmation, reset password and unlock tokens in the database.
	7	+ config.secret_key = '24dea7d0a57b542793cd6ed3a05fd51178530c893524ab49f4c095f3d7c77483b00d09200aed92a194d073bf785fcbc96e5e7953ab3550e2e4aea41d117c06d6'
	8	+
4	9	# ==> Mailer Configuration
5	10	# Configure the e-mail address which will be shown in Devise::Mailer,
6	11	# note that it will be overwritten if you use your own mailer class with default "from" parameter.
...	...	@@ -76,6 +81,12 @@ Devise.setup do \|config\|
76	81	# passing :skip => :sessions to `devise_for` in your config/routes.rb
77	82	config.skip_session_storage = [:http_auth]
78	83
	84	+ # By default, Devise cleans up the CSRF token on authentication to
	85	+ # avoid CSRF token fixation attacks. This means that, when using AJAX
	86	+ # requests for sign in and sign up, you need to get a new CSRF token
	87	+ # from the server. You can disable this option at your own risk.
	88	+ # config.clean_up_csrf_token_on_authentication = true
	89	+
79	90	# ==> Configuration for :database_authenticatable
80	91	# For bcrypt, this is the cost for hashing the password and defaults to 10. If
81	92	# using other encryptors, it sets how many times you want the password re-encrypted.
...	...
...	...	@@ -3,17 +3,18 @@
3	3	en:
4	4	devise:
5	5	confirmations:
6		- confirmed: "Your account was successfully confirmed. You are now signed in."
	6	+ confirmed: "Your account was successfully confirmed. Please sign in."
	7	+ confirmed_and_signed_in: "Your account was successfully confirmed. You are now signed in."
7	8	send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
8	9	send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
9	10	failure:
10	11	already_authenticated: "You are already signed in."
11		- inactive: "Your account was not activated yet."
	12	+ inactive: "Your account is not activated yet."
12	13	invalid: "Invalid email or password."
13	14	invalid_token: "Invalid authentication token."
14	15	locked: "Your account is locked."
15	16	not_found_in_database: "Invalid email or password."
16		- timeout: "Your session expired, please sign in again to continue."
	17	+ timeout: "Your session expired. Please sign in again to continue."
17	18	unauthenticated: "You need to sign in or sign up before continuing."
18	19	unconfirmed: "You have to confirm your account before continuing."
19	20	mailer:
...	...