Download as
Browse Code »

Commit 1c6e944a8171f848a810a0a77a7fbe2f481712a9

Authored by Cyril Mougel
2 parents 4991842f c59f7539
Exists in master and in 1 other branch production

Merge branch 'features/update_devise'

Showing 7 changed files with 208 additions and 73 deletions   Show diff stats
Gemfile
  Diff comments   View file @1c6e944
... ... @@ -5,7 +5,7 @@ gem 'mongoid', '~> 2.7.1'
5 5  
6 6 # Mongoid rails migration > 0.0.14 is not compatible to Mongoid 2.x
7 7 gem 'mongoid_rails_migrations', '~> 0.0.14'
8   -gem 'devise', '~> 1.5.4'
  8 +gem 'devise'
9 9 gem 'haml'
10 10 gem 'htmlentities'
11 11 gem 'rack-ssl', :require => 'rack/ssl' # force SSL
... ...
Gemfile.lock
  Diff comments   View file @1c6e944
... ... @@ -50,7 +50,7 @@ GEM
50 50 better_errors (0.9.0)
51 51 coderay (>= 1.0.0)
52 52 erubis (>= 2.6.6)
53   - binding_of_caller (0.7.1)
  53 + binding_of_caller (0.7.2)
54 54 debug_inspector (>= 0.0.1)
55 55 bitbucket_rest_api (0.1.2)
56 56 faraday (~> 0.8.1)
... ... @@ -103,12 +103,13 @@ GEM
103 103 debugger-linecache (1.2.0)
104 104 debugger-ruby_core_source (1.2.2)
105 105 decent_exposure (2.2.0)
106   - devise (1.5.4)
  106 + devise (2.2.4)
107 107 bcrypt-ruby (~> 3.0)
108   - orm_adapter (~> 0.0.3)
109   - warden (~> 1.1)
  108 + orm_adapter (~> 0.1)
  109 + railties (~> 3.1)
  110 + warden (~> 1.2.1)
110 111 diff-lcs (1.2.4)
111   - dotenv (0.7.0)
  112 + dotenv (0.8.0)
112 113 email_spec (1.4.0)
113 114 launchy (~> 2.1)
114 115 mail (~> 2.2)
... ... @@ -121,7 +122,7 @@ GEM
121 122 multipart-post (~> 1.1)
122 123 faraday_middleware (0.8.8)
123 124 faraday (>= 0.7.4, < 0.9)
124   - ffi (1.8.1)
  125 + ffi (1.9.0)
125 126 foreman (0.63.0)
126 127 dotenv (>= 0.7)
127 128 thor (>= 0.13.6)
... ... @@ -191,8 +192,8 @@ GEM
191 192 bundler (>= 1.0.0)
192 193 rails (>= 3.0.0)
193 194 railties (>= 3.0.0)
194   - multi_json (1.7.6)
195   - multi_xml (0.5.3)
  195 + multi_json (1.7.7)
  196 + multi_xml (0.5.4)
196 197 multipart-post (1.2.0)
197 198 net-scp (1.1.1)
198 199 net-ssh (>= 2.6.5)
... ... @@ -201,7 +202,7 @@ GEM
201 202 net-ssh (2.6.7)
202 203 net-ssh-gateway (1.2.0)
203 204 net-ssh (>= 2.6.5)
204   - nokogiri (1.5.9)
  205 + nokogiri (1.5.10)
205 206 nokogiri-happymapper (0.5.7)
206 207 nokogiri (~> 1.5)
207 208 oauth2 (0.8.1)
... ... @@ -225,7 +226,7 @@ GEM
225 226 omniauth-oauth2 (1.1.1)
226 227 oauth2 (~> 0.8.0)
227 228 omniauth (~> 1.0)
228   - orm_adapter (0.0.7)
  229 + orm_adapter (0.4.0)
229 230 oruen_redmine_client (0.0.1)
230 231 activeresource (>= 2.3.0)
231 232 pivotal-tracker (0.5.10)
... ... @@ -347,7 +348,7 @@ GEM
347 348 thor (0.18.1)
348 349 tilt (1.4.1)
349 350 timecop (0.6.1)
350   - treetop (1.4.12)
  351 + treetop (1.4.14)
351 352 polyglot
352 353 polyglot (>= 0.3.1)
353 354 turbo-sprockets-rails3 (0.3.6)
... ... @@ -393,7 +394,7 @@ DEPENDENCIES
393 394 database_cleaner (~> 0.9.0)
394 395 debugger
395 396 decent_exposure
396   - devise (~> 1.5.4)
  397 + devise
397 398 email_spec
398 399 execjs
399 400 fabrication (~> 1.3.0)
... ...
app/models/user.rb
  Diff comments   View file @1c6e944
... ... @@ -13,6 +13,28 @@ class User
13 13 field :per_page, :type => Fixnum, :default => PER_PAGE
14 14 field :time_zone, :default => "UTC"
15 15  
  16 + ## Devise field
  17 + ### Database Authenticatable
  18 + field :encrypted_password, :type => String
  19 +
  20 + ### Recoverable
  21 + field :reset_password_token, :type => String
  22 + field :reset_password_sent_at, :type => Time
  23 +
  24 + ### Rememberable
  25 + field :remember_created_at, :type => Time
  26 +
  27 + ### Trackable
  28 + field :sign_in_count, :type => Integer
  29 + field :current_sign_in_at, :type => Time
  30 + field :last_sign_in_at, :type => Time
  31 + field :current_sign_in_ip, :type => String
  32 + field :last_sign_in_ip, :type => String
  33 +
  34 + ### Token_authenticatable
  35 + field :authentication_token, :type => String
  36 +
  37 +
16 38 before_save :ensure_authentication_token
17 39  
18 40 validates_presence_of :name
... ...
app/views/shared/_session.html.haml
  Diff comments   View file @1c6e944
1 1 - if current_user
2 2 %ul#session-links
3   - %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out'
4   - %li= link_to 'Edit profile', edit_user_path(current_user), :id => 'edit-profile'
5 3 \ No newline at end of file
  4 + %li= link_to 'Sign out', destroy_session_path(:user), :id => 'sign-out', :method => :delete
  5 + %li= link_to 'Edit profile', edit_user_path(current_user), :id => 'edit-profile'
... ...
config/initializers/devise.rb
  Diff comments   View file @1c6e944
1   -# Use this hook to configure devise mailer, warden hooks and so forth. The first
2   -# four configuration values can also be set straight in your models.
  1 +# Use this hook to configure devise mailer, warden hooks and so forth.
  2 +# Many of these configuration options can be set straight in your model.
3 3 Devise.setup do |config|
4 4 # ==> Mailer Configuration
5   - # Configure the e-mail address which will be shown in DeviseMailer.
  5 + # Configure the e-mail address which will be shown in Devise::Mailer,
  6 + # note that it will be overwritten if you use your own mailer class with default "from" parameter.
6 7 config.mailer_sender = Errbit::Config.email_from
7 8  
8 9 # Configure the class responsible to send e-mails.
... ... @@ -15,69 +16,131 @@ Devise.setup do |config|
15 16 require 'devise/orm/mongoid'
16 17  
17 18 # ==> Configuration for any authentication mechanism
18   - # Configure which keys are used when authenticating an user. By default is
  19 + # Configure which keys are used when authenticating a user. The default is
19 20 # just :email. You can configure it to use [:username, :subdomain], so for
20   - # authenticating an user, both parameters are required. Remember that those
  21 + # authenticating a user, both parameters are required. Remember that those
21 22 # parameters are used only when authenticating and not when retrieving from
22 23 # session. If you need permissions, you should implement that in a before filter.
  24 + # You can also supply a hash where the value is a boolean determining whether
  25 + # or not authentication should be aborted when the value is not present.
23 26 config.authentication_keys = [ Errbit::Config.user_has_username ? :username : :email ]
24 27  
  28 + # Configure parameters from the request object used for authentication. Each entry
  29 + # given should be a request method and it will automatically be passed to the
  30 + # find_for_authentication method and considered in your model lookup. For instance,
  31 + # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
  32 + # The same considerations mentioned for authentication_keys also apply to request_keys.
  33 + # config.request_keys = []
  34 +
  35 + # Configure which authentication keys should be case-insensitive.
  36 + # These keys will be downcased upon creating or modifying a user and when used
  37 + # to authenticate or find a user. Default is :email.
  38 + config.case_insensitive_keys = [ Errbit::Config.user_has_username ? :username : :email ]
  39 +
  40 + # Configure which authentication keys should have whitespace stripped.
  41 + # These keys will have whitespace before and after removed upon creating or
  42 + # modifying a user and when used to authenticate or find a user. Default is :email.
  43 + config.strip_whitespace_keys = [ Errbit::Config.user_has_username ? :username : :email ]
  44 +
25 45 # Tell if authentication through request.params is enabled. True by default.
  46 + # It can be set to an array that will enable params authentication only for the
  47 + # given strategies, for example, `config.params_authenticatable = [:database]` will
  48 + # enable it only for database (email + password) authentication.
26 49 # config.params_authenticatable = true
27 50  
28   - # Tell if authentication through HTTP Basic Auth is enabled. True by default.
29   - # config.http_authenticatable = true
30   -
31   - # Set this to true to use Basic Auth for AJAX requests. True by default.
  51 + # Tell if authentication through HTTP Auth is enabled. False by default.
  52 + # It can be set to an array that will enable http authentication only for the
  53 + # given strategies, for example, `config.http_authenticatable = [:token]` will
  54 + # enable it only for token authentication. The supported strategies are:
  55 + # :database = Support basic authentication with authentication key + password
  56 + # :token = Support basic authentication with token authentication key
  57 + # :token_options = Support token authentication with options as defined in
  58 + # http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html
  59 + # config.http_authenticatable = false
  60 +
  61 + # If http headers should be returned for AJAX requests. True by default.
32 62 # config.http_authenticatable_on_xhr = true
33 63  
34   - # The realm used in Http Basic Authentication
  64 + # The realm used in Http Basic Authentication. "Application" by default.
35 65 # config.http_authentication_realm = "Application"
36 66  
  67 + # It will change confirmation, password recovery and other workflows
  68 + # to behave the same regardless if the e-mail provided was right or wrong.
  69 + # Does not affect registerable.
  70 + # config.paranoid = true
  71 +
  72 + # By default Devise will store the user in session. You can skip storage for
  73 + # :http_auth and :token_auth by adding those symbols to the array below.
  74 + # Notice that if you are skipping storage for all authentication paths, you
  75 + # may want to disable generating routes to Devise's sessions controller by
  76 + # passing :skip => :sessions to `devise_for` in your config/routes.rb
  77 + config.skip_session_storage = [:http_auth]
  78 +
37 79 # ==> Configuration for :database_authenticatable
38 80 # For bcrypt, this is the cost for hashing the password and defaults to 10. If
39 81 # using other encryptors, it sets how many times you want the password re-encrypted.
40   - config.stretches = 10
41   -
42   - # Define which will be the encryption algorithm. Devise also supports encryptors
43   - # from others authentication tools as :clearance_sha1, :authlogic_sha512 (then
44   - # you should set stretches above to 20 for default behavior) and :restful_authentication_sha1
45   - # (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
46   - config.encryptor = :bcrypt
  82 + #
  83 + # Limiting the stretches to just one in testing will increase the performance of
  84 + # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
  85 + # a value less than 10 in other environments.
  86 + config.stretches = Rails.env.test? ? 1 : 10
47 87  
48 88 # Setup a pepper to generate the encrypted password.
49 89 config.pepper = "425f10f555c1a4718aff3370ef9dd2d97a21622beb0400fde6b52177375ddcbe37a2dac6af9bca835c988e00c32887ee940ba111a78eab48234d8799936d36b9"
50 90  
51 91 # ==> Configuration for :confirmable
52   - # The time you want to give your user to confirm his account. During this time
53   - # he will be able to access your application without confirming. Default is nil.
54   - # When confirm_within is zero, the user won't be able to sign in without confirming.
55   - # You can use this to let your user access some features of your application
56   - # without confirming the account, but blocking it after a certain period
57   - # (ie 2 days).
58   - # config.confirm_within = 2.days
  92 + # A period that the user is allowed to access the website even without
  93 + # confirming his account. For instance, if set to 2.days, the user will be
  94 + # able to access the website for two days without confirming his account,
  95 + # access will be blocked just in the third day. Default is 0.days, meaning
  96 + # the user cannot access the website without confirming his account.
  97 + # config.allow_unconfirmed_access_for = 2.days
  98 +
  99 + # A period that the user is allowed to confirm their account before their
  100 + # token becomes invalid. For example, if set to 3.days, the user can confirm
  101 + # their account within 3 days after the mail was sent, but on the fourth day
  102 + # their account can't be confirmed with the token any more.
  103 + # Default is nil, meaning there is no restriction on how long a user can take
  104 + # before confirming their account.
  105 + # config.confirm_within = 3.days
  106 +
  107 + # If true, requires any email changes to be confirmed (exactly the same way as
  108 + # initial account confirmation) to be applied. Requires additional unconfirmed_email
  109 + # db field (see migrations). Until confirmed new email is stored in
  110 + # unconfirmed email column, and copied to email column on successful confirmation.
  111 + config.reconfirmable = true
  112 +
  113 + # Defines which key will be used when confirming an account
  114 + # config.confirmation_keys = [ :email ]
59 115  
60 116 # ==> Configuration for :rememberable
61 117 # The time the user will be remembered without asking for credentials again.
62 118 config.remember_for = 2.weeks
63 119  
64   - # If true, a valid remember token can be re-used between multiple browsers.
65   - # config.remember_across_browsers = true
66   -
67 120 # If true, extends the user's remember period when remembered via cookie.
68 121 # config.extend_remember_period = false
69 122  
  123 + # Options to be passed to the created cookie. For instance, you can set
  124 + # :secure => true in order to force SSL only cookies.
  125 + # config.rememberable_options = {}
  126 +
70 127 # ==> Configuration for :validatable
71   - # Range for password length
  128 + # Range for password length. Default is 8..128.
72 129 config.password_length = 6..1024
73 130  
74   - # Regex to use to validate the email address
  131 + # Email regex used to validate email formats. It simply asserts that
  132 + # one (and only one) @ exists in the given string. This is mainly
  133 + # to give user feedback and not to assert the e-mail validity.
  134 + # config.email_regexp = /\A[^@]+@[^@]+\z/
75 135 config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
76 136  
77 137 # ==> Configuration for :timeoutable
78 138 # The time you want to timeout the user session without activity. After this
79   - # time the user will be asked for credentials again.
80   - # config.timeout_in = 10.minutes
  139 + # time the user will be asked for credentials again. Default is 30 minutes.
  140 + # config.timeout_in = 30.minutes
  141 +
  142 + # If true, expires auth token on session timeout.
  143 + # config.expire_auth_token_on_timeout = false
81 144  
82 145 # ==> Configuration for :lockable
83 146 # Defines which strategy will be used to lock an account.
... ... @@ -85,6 +148,9 @@ Devise.setup do |config|
85 148 # :none = No lock strategy. You should handle locking by yourself.
86 149 # config.lock_strategy = :failed_attempts
87 150  
  151 + # Defines which key will be used when locking and unlocking an account
  152 + # config.unlock_keys = [ :email ]
  153 +
88 154 # Defines which strategy will be used to unlock an account.
89 155 # :email = Sends an unlock link to the user email
90 156 # :time = Re-enables login after a certain amount of time (see :unlock_in below)
... ... @@ -99,6 +165,26 @@ Devise.setup do |config|
99 165 # Time interval to unlock the account if :time is enabled as unlock_strategy.
100 166 # config.unlock_in = 1.hour
101 167  
  168 + # ==> Configuration for :recoverable
  169 + #
  170 + # Defines which key will be used when recovering the password for an account
  171 + # config.reset_password_keys = [ :email ]
  172 +
  173 + # Time interval you can reset your password with a reset password key.
  174 + # Don't put a too small interval or your users won't have the time to
  175 + # change their passwords.
  176 + config.reset_password_within = 6.hours
  177 +
  178 + # ==> Configuration for :encryptable
  179 + # Allow you to use another encryption algorithm besides bcrypt (default). You can use
  180 + # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
  181 + # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
  182 + # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
  183 + # REST_AUTH_SITE_KEY to pepper).
  184 + #
  185 + # Require the `devise-encryptable` gem when using anything other than bcrypt
  186 + # config.encryptor = :sha512
  187 +
102 188 # ==> Configuration for :token_authenticatable
103 189 # Defines name of the authentication token params key
104 190 config.token_authentication_key = :auth_token
... ... @@ -107,45 +193,63 @@ Devise.setup do |config|
107 193 # Turn scoped views on. Before rendering "sessions/new", it will first check for
108 194 # "users/sessions/new". It's turned off by default because it's slower if you
109 195 # are using only default views.
110   - # config.scoped_views = true
  196 + # config.scoped_views = false
111 197  
112 198 # Configure the default scope given to Warden. By default it's the first
113   - # devise role declared in your routes.
  199 + # devise role declared in your routes (usually :user).
114 200 # config.default_scope = :user
115 201  
116   - # Configure sign_out behavior.
117   - # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
118   - # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
119   - # config.sign_out_all_scopes = false
120   -
121   - if Errbit::Config.github_authentication || Rails.env.test?
122   - config.omniauth :github,
123   - Errbit::Config.github_client_id,
124   - Errbit::Config.github_secret,
125   - :scope => Errbit::Config.github_access_scope.join(","),
126   - :skip_info => true
127   - end
  202 + # Set this configuration to false if you want /users/sign_out to sign out
  203 + # only the current scope. By default, Devise signs out all scopes.
  204 + # config.sign_out_all_scopes = true
128 205  
129 206 # ==> Navigation configuration
130 207 # Lists the formats that should be treated as navigational. Formats like
131 208 # :html, should redirect to the sign in page when the user does not have
132 209 # access, but formats like :xml or :json, should return 401.
  210 + #
133 211 # If you have any extra navigational formats, like :iphone or :mobile, you
134   - # should add them to the navigational formats lists. Default is [:html]
135   - # config.navigational_formats = [:html, :iphone]
  212 + # should add them to the navigational formats lists.
  213 + #
  214 + # The "*/*" below is required to match Internet Explorer requests.
  215 + # config.navigational_formats = ["*/*", :html]
  216 +
  217 + # The default HTTP method used to sign out a resource. Default is :delete.
  218 + config.sign_out_via = :delete
  219 +
  220 + # ==> OmniAuth
  221 + # Add a new OmniAuth provider. Check the wiki for more information on setting
  222 + # up on your models and hooks.
  223 + # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
  224 +
  225 + if Errbit::Config.github_authentication || Rails.env.test?
  226 + config.omniauth :github,
  227 + Errbit::Config.github_client_id,
  228 + Errbit::Config.github_secret,
  229 + :scope => Errbit::Config.github_access_scope.join(','),
  230 + :skip_info => true
  231 + end
136 232  
137 233 # ==> Warden configuration
138   - # If you want to use other strategies, that are not (yet) supported by Devise,
139   - # you can configure them inside the config.warden block. The example below
140   - # allows you to setup OAuth, using http://github.com/roman/warden_oauth
  234 + # If you want to use other strategies, that are not supported by Devise, or
  235 + # change the failure app, you can configure them inside the config.warden block.
141 236 #
142 237 # config.warden do |manager|
143   - # manager.oauth(:twitter) do |twitter|
144   - # twitter.consumer_secret = <YOUR CONSUMER SECRET>
145   - # twitter.consumer_key = <YOUR CONSUMER KEY>
146   - # twitter.options :site => 'http://twitter.com'
147   - # end
148   - # manager.default_strategies(:scope => :user).unshift :twitter_oauth
  238 + # manager.intercept_401 = false
  239 + # manager.default_strategies(:scope => :user).unshift :some_external_strategy
149 240 # end
150   -end
151 241  
  242 + # ==> Mountable engine configurations
  243 + # When using Devise inside an engine, let's call it `MyEngine`, and this engine
  244 + # is mountable, there are some extra configurations to be taken into account.
  245 + # The following options are available, assuming the engine is mounted as:
  246 + #
  247 + # mount MyEngine, at: "/my_engine"
  248 + #
  249 + # The router that invoked `devise_for`, in the example above, would be:
  250 + # config.router_name = :my_engine
  251 + #
  252 + # When using omniauth, Devise cannot automatically set Omniauth path,
  253 + # so you need to do it manually. For the users scope, it would be:
  254 + # config.omniauth_path_prefix = "/my_engine/users/auth"
  255 +end
... ...
config/locales/en.yml
  Diff comments   View file @1c6e944
... ... @@ -24,3 +24,11 @@ en:
24 24 error: "You can't delete yourself"
25 25 update:
26 26 success: "%{name}'s information was successfully updated."
  27 + devise:
  28 + registrations:
  29 + signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
  30 + signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
  31 + signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
  32 + omniauth_callbacks:
  33 + failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
  34 + success: "Successfully authenticated from %{kind} account."
... ...
spec/acceptance/sign_in_with_github_spec.rb
  Diff comments   View file @1c6e944
... ... @@ -11,7 +11,7 @@ feature &#39;Sign in with GitHub&#39; do
11 11  
12 12 visit '/'
13 13 click_link 'Sign in with GitHub'
14   - page.should have_content 'Successfully authorized from GitHub account'
  14 + page.should have_content I18n.t("devise.omniauth_callbacks.success", :kind => 'GitHub')
15 15 end
16 16  
17 17 scenario 'reject unrecognized user if authenticating via GitHub' do
... ...