From a823e510f3988be53b74eae9ae28af1084a23005 Mon Sep 17 00:00:00 2001 From: Shobhit Bakliwal Date: Thu, 2 May 2019 13:24:01 +0530 Subject: [PATCH 001/299] Using scoped errors for scoped views. Fixes #5066 --- lib/generators/devise/views_generator.rb | 2 +- test/generators/views_generator_test.rb | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 29bf8feda..3ceda56b5 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -42,7 +42,7 @@ def copy_views def view_directory(name, _target_path = nil) directory name.to_s, _target_path || "#{target_path}/#{name}" do |content| if scope - content.gsub "devise/shared/links", "#{plural_scope}/shared/links" + content.gsub("devise/shared/links", "#{plural_scope}/shared/links").gsub("devise/shared/error_messages", "#{plural_scope}/shared/error_messages") else content end diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index bfb4a7f1b..3b7349fa6 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -11,16 +11,19 @@ class ViewsGeneratorTest < Rails::Generators::TestCase run_generator assert_files assert_shared_links + assert_error_messages end test "Assert all views are properly created with scope param" do run_generator %w(users) assert_files "users" assert_shared_links "users" + assert_error_messages "users" run_generator %w(admins) assert_files "admins" assert_shared_links "admins" + assert_error_messages "admins" end test "Assert views with simple form" do @@ -88,6 +91,7 @@ def assert_files(scope = nil, options={}) assert_file "app/views/#{scope}/registrations/edit.html.erb" assert_file "app/views/#{scope}/sessions/new.html.erb" assert_file "app/views/#{scope}/shared/_links.html.erb" + assert_file "app/views/#{scope}/shared/_error_messages.html.erb" assert_file "app/views/#{scope}/unlocks/new.html.erb" end @@ -102,4 +106,16 @@ def assert_shared_links(scope = nil) assert_file "app/views/#{scope}/sessions/new.html.erb", link assert_file "app/views/#{scope}/unlocks/new.html.erb", link end + + def assert_error_messages(scope = nil) + scope = "devise" if scope.nil? + link = /<%= render \"#{scope}\/shared\/error_messages\", resource: resource %>/ + + assert_file "app/views/#{scope}/passwords/edit.html.erb", link + assert_file "app/views/#{scope}/passwords/new.html.erb", link + assert_file "app/views/#{scope}/confirmations/new.html.erb", link + assert_file "app/views/#{scope}/registrations/new.html.erb", link + assert_file "app/views/#{scope}/registrations/edit.html.erb", link + assert_file "app/views/#{scope}/unlocks/new.html.erb", link + end end From 76c888268bd58b748f8f8bc1070d2809a5b3c3f6 Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Sat, 4 May 2019 15:09:44 -0300 Subject: [PATCH 002/299] Use rails 6.0.0.rc1 instead of the 6.0.0.beta-3 on CI Also bumped sqlite from 1.3.6 to 1.4 because besides conflicting with the version that the sqlite adapter was trying to load [0], it is supported officially since rails 6 [1]. Related: [0] rails/rails#35153 [1] rails/rails#35844 --- .travis.yml | 14 +-- ...e.rails-6.0-beta => Gemfile.rails-6.0-rc1} | 4 +- ...0-beta.lock => Gemfile.rails-6.0-rc1.lock} | 111 +++++++++--------- 3 files changed, 65 insertions(+), 64 deletions(-) rename gemfiles/{Gemfile.rails-6.0-beta => Gemfile.rails-6.0-rc1} (89%) rename gemfiles/{Gemfile.rails-6.0-beta.lock => Gemfile.rails-6.0-rc1.lock} (68%) diff --git a/.travis.yml b/.travis.yml index 2cb3aca8e..325b2d238 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ rvm: gemfile: - Gemfile - - gemfiles/Gemfile.rails-6.0-beta + - gemfiles/Gemfile.rails-6.0-rc1 - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable @@ -22,7 +22,7 @@ matrix: - rvm: 2.1.10 gemfile: Gemfile - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.1.10 @@ -30,15 +30,15 @@ matrix: - rvm: 2.2.10 gemfile: Gemfile - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 - rvm: 2.4.5 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.4.5 - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 - rvm: 2.5.3 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.6.0 @@ -56,10 +56,10 @@ matrix: - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.0-beta + gemfile: gemfiles/Gemfile.rails-6.0-rc1 allow_failures: - rvm: ruby-head - - gemfile: gemfiles/Gemfile.rails-6.0-beta + - gemfile: gemfiles/Gemfile.rails-6.0-rc1 services: - mongodb diff --git a/gemfiles/Gemfile.rails-6.0-beta b/gemfiles/Gemfile.rails-6.0-rc1 similarity index 89% rename from gemfiles/Gemfile.rails-6.0-beta rename to gemfiles/Gemfile.rails-6.0-rc1 index 6b11adb97..125818f68 100644 --- a/gemfiles/Gemfile.rails-6.0-beta +++ b/gemfiles/Gemfile.rails-6.0-rc1 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem 'rails', '~> 6.0.0.beta3' +gem 'rails', '~> 6.0.0.rc1' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -23,5 +23,5 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 1.3.6" + gem "sqlite3", "~> 1.4" end diff --git a/gemfiles/Gemfile.rails-6.0-beta.lock b/gemfiles/Gemfile.rails-6.0-rc1.lock similarity index 68% rename from gemfiles/Gemfile.rails-6.0-beta.lock rename to gemfiles/Gemfile.rails-6.0-rc1.lock index 1c4207e46..9d035bcf0 100644 --- a/gemfiles/Gemfile.rails-6.0-beta.lock +++ b/gemfiles/Gemfile.rails-6.0-rc1.lock @@ -20,60 +20,61 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0.beta3) - actionpack (= 6.0.0.beta3) + actioncable (6.0.0.rc1) + actionpack (= 6.0.0.rc1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - activejob (= 6.0.0.beta3) - activerecord (= 6.0.0.beta3) - activestorage (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + actionmailbox (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + activejob (= 6.0.0.rc1) + activerecord (= 6.0.0.rc1) + activestorage (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) mail (>= 2.7.1) - actionmailer (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - actionview (= 6.0.0.beta3) - activejob (= 6.0.0.beta3) + actionmailer (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + actionview (= 6.0.0.rc1) + activejob (= 6.0.0.rc1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0.beta3) - actionview (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + actionpack (6.0.0.rc1) + actionview (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actiontext (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - activerecord (= 6.0.0.beta3) - activestorage (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + actiontext (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + activerecord (= 6.0.0.rc1) + activestorage (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) nokogiri (>= 1.8.5) - actionview (6.0.0.beta3) - activesupport (= 6.0.0.beta3) + actionview (6.0.0.rc1) + activesupport (= 6.0.0.rc1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (6.0.0.beta3) - activesupport (= 6.0.0.beta3) + activejob (6.0.0.rc1) + activesupport (= 6.0.0.rc1) globalid (>= 0.3.6) - activemodel (6.0.0.beta3) - activesupport (= 6.0.0.beta3) - activerecord (6.0.0.beta3) - activemodel (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) - activestorage (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - activerecord (= 6.0.0.beta3) + activemodel (6.0.0.rc1) + activesupport (= 6.0.0.rc1) + activerecord (6.0.0.rc1) + activemodel (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) + activestorage (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + activejob (= 6.0.0.rc1) + activerecord (= 6.0.0.rc1) marcel (~> 0.3.1) - activesupport (6.0.0.beta3) + activesupport (6.0.0.rc1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - zeitwerk (~> 1.3, >= 1.3.1) + zeitwerk (~> 2.1, >= 2.1.4) bcrypt (3.1.12) builder (3.2.3) concurrent-ruby (1.1.5) @@ -106,7 +107,7 @@ GEM multi_xml (0.6.0) multipart-post (2.0.0) nio4r (2.3.1) - nokogiri (1.10.2) + nokogiri (1.10.3) mini_portile2 (~> 2.4.0) oauth2 (1.4.1) faraday (>= 0.8, < 0.16.0) @@ -132,20 +133,20 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0.beta3) - actioncable (= 6.0.0.beta3) - actionmailbox (= 6.0.0.beta3) - actionmailer (= 6.0.0.beta3) - actionpack (= 6.0.0.beta3) - actiontext (= 6.0.0.beta3) - actionview (= 6.0.0.beta3) - activejob (= 6.0.0.beta3) - activemodel (= 6.0.0.beta3) - activerecord (= 6.0.0.beta3) - activestorage (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + rails (6.0.0.rc1) + actioncable (= 6.0.0.rc1) + actionmailbox (= 6.0.0.rc1) + actionmailer (= 6.0.0.rc1) + actionpack (= 6.0.0.rc1) + actiontext (= 6.0.0.rc1) + actionview (= 6.0.0.rc1) + activejob (= 6.0.0.rc1) + activemodel (= 6.0.0.rc1) + activerecord (= 6.0.0.rc1) + activestorage (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) bundler (>= 1.3.0) - railties (= 6.0.0.beta3) + railties (= 6.0.0.rc1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -156,9 +157,9 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.0.4) loofah (~> 2.2, >= 2.2.2) - railties (6.0.0.beta3) - actionpack (= 6.0.0.beta3) - activesupport (= 6.0.0.beta3) + railties (6.0.0.rc1) + actionpack (= 6.0.0.rc1) + activesupport (= 6.0.0.rc1) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -175,7 +176,7 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.13) + sqlite3 (1.4.1) test_after_commit (1.1.0) activerecord (>= 3.2) thor (0.20.3) @@ -192,7 +193,7 @@ GEM websocket-driver (0.7.0) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.3) - zeitwerk (1.4.3) + zeitwerk (2.1.6) PLATFORMS ruby @@ -205,11 +206,11 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 6.0.0.beta3) + rails (~> 6.0.0.rc1) rails-controller-testing rdoc responders (~> 2.4) - sqlite3 (~> 1.3.6) + sqlite3 (~> 1.4) test_after_commit timecop webrat (= 0.7.3) From 63ea6533de34b6457b31d375fb30cd44d6403616 Mon Sep 17 00:00:00 2001 From: Sergey Alekseev Date: Sat, 11 May 2019 19:35:13 +0300 Subject: [PATCH 003/299] increase default stretches to 12 Test script --- ```ruby require 'bcrypt' require 'benchmark' Benchmark.measure { BCrypt::Password.create('password', cost: 12) } ``` Test results --- - [Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz](https://ark.intel.com/content/www/us/en/ark/products/97535/intel-core-i5-7360u-processor-4m-cache-up-to-3-60-ghz.html): `#` - [Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz](https://ark.intel.com/content/www/us/en/ark/products/137979/intel-core-i7-8559u-processor-8m-cache-up-to-4-50-ghz.html): `#` Other gems --- - bcrypt-ruby which is used by devise [updated](https://github.com/codahale/bcrypt-ruby/pull/181) their default cost to 12 (not released a gem version yet). - rails has [a PR](https://github.com/rails/rails/pull/35321) from the Rails core team member to update their `ActiveModel::SecurePassword` which powers `has_secure_password` default cost to 13 (not merged yet). Previous changes --- [Previous PR](https://github.com/plataformatec/devise/pull/3549) to increase the default stretches to 12 was created more than 4 years ago. That time the default stretches value [was increased](https://github.com/plataformatec/devise/commit/9efc601c73c147c207de15f1caea75de12ebef70) from 10 to 11. --- README.md | 2 +- lib/devise.rb | 2 +- lib/generators/templates/devise.rb | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2d58826e5..33a731ebb 100644 --- a/README.md +++ b/README.md @@ -270,7 +270,7 @@ member_session The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with: ```ruby -devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 12 +devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 13 ``` Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. This file is usually located at `/config/initializers/devise.rb`. diff --git a/lib/devise.rb b/lib/devise.rb index dceee0890..d4d54aeb2 100755 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -71,7 +71,7 @@ module Test # The number of times to hash the password. mattr_accessor :stretches - @@stretches = 11 + @@stretches = 12 # The default key used when authenticating over http auth. mattr_accessor :http_authentication_key diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 5bad7f9af..e136b3735 100755 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -103,7 +103,7 @@ # config.reload_routes = true # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # For bcrypt, this is the cost for hashing the password and defaults to 12. If # using other algorithms, it sets how many times you want the password to be hashed. # # Limiting the stretches to just one in testing will increase the performance of @@ -111,7 +111,7 @@ # a value less than 10 in other environments. Note that, for bcrypt (the default # algorithm), the cost increases exponentially with the number of stretches (e.g. # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 11 + config.stretches = Rails.env.test? ? 1 : 12 # Set up a pepper to generate the hashed password. # config.pepper = '<%= SecureRandom.hex(64) %>' From 45245df16a6d617d21194dfa398de9ceedfc56f8 Mon Sep 17 00:00:00 2001 From: Sergey Alekseev Date: Mon, 13 May 2019 14:15:14 +0300 Subject: [PATCH 004/299] update changelog [skip ci] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 491ae4322..b28a08c01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * refactor method name to be more consistent (by @saiqulhaq) * Fix rails 6.0.rc1 email uniqueness validation deprecation error (by @Vasfed) * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) + * Increase default stretches to 12 (by @sergey-alekseev) ### 4.6.2 - 2019-03-26 From 44f7325a9138aebf800ada92277505d65a6a9f9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Wed, 12 Jun 2019 16:04:50 -0400 Subject: [PATCH 005/299] Remove unneeded require The code that was using that constant is not being used anymore. Closes #5083 --- lib/devise/models/authenticatable.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index d4d72e909..8325623b2 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -1,6 +1,5 @@ # frozen_string_literal: true -require 'active_model/version' require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' From 54fb58226976984bf7b322a2136d25921093fa85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Wed, 12 Jun 2019 16:10:13 -0400 Subject: [PATCH 006/299] Officially support Rails 6.0 Also remove upper bound on railties so people can try devise with new versions without having to wait us to change the gem and report bugs. --- .travis.yml | 14 +++++++------- CHANGELOG.md | 1 + Gemfile.lock | 6 +++--- devise.gemspec | 2 +- ...file.rails-6.0-rc1 => Gemfile.rails-6.0-stable} | 2 +- ...-6.0-rc1.lock => Gemfile.rails-6.0-stable.lock} | 0 lib/devise.rb | 0 lib/generators/templates/devise.rb | 0 test/devise_test.rb | 0 9 files changed, 13 insertions(+), 12 deletions(-) rename gemfiles/{Gemfile.rails-6.0-rc1 => Gemfile.rails-6.0-stable} (93%) rename gemfiles/{Gemfile.rails-6.0-rc1.lock => Gemfile.rails-6.0-stable.lock} (100%) mode change 100755 => 100644 lib/devise.rb mode change 100755 => 100644 lib/generators/templates/devise.rb mode change 100755 => 100644 test/devise_test.rb diff --git a/.travis.yml b/.travis.yml index 325b2d238..edf881b3d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ rvm: gemfile: - Gemfile - - gemfiles/Gemfile.rails-6.0-rc1 + - gemfiles/Gemfile.rails-6.0-stable - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable @@ -22,7 +22,7 @@ matrix: - rvm: 2.1.10 gemfile: Gemfile - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.1.10 @@ -30,15 +30,15 @@ matrix: - rvm: 2.2.10 gemfile: Gemfile - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.5 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.4.5 - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.5.3 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.6.0 @@ -56,10 +56,10 @@ matrix: - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + gemfile: gemfiles/Gemfile.rails-6.0-stable allow_failures: - rvm: ruby-head - - gemfile: gemfiles/Gemfile.rails-6.0-rc1 + - gemfile: gemfiles/Gemfile.rails-6.0-stable services: - mongodb diff --git a/CHANGELOG.md b/CHANGELOG.md index 491ae4322..50b1512ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### Unreleased * enhancements + * Support Rails 6.0 * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) * Update CI to rails 6.0.0.beta3 (by @tunnes) * refactor method name to be more consistent (by @saiqulhaq) diff --git a/Gemfile.lock b/Gemfile.lock index 55cb8e15c..5c041167c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,7 +13,7 @@ PATH devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -62,7 +62,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) - bcrypt (3.1.12) + bcrypt (3.1.13) builder (3.2.3) concurrent-ruby (1.0.5) crass (1.0.4) @@ -201,4 +201,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.1 + 1.17.3 diff --git a/devise.gemspec b/devise.gemspec index 5df410bae..66d09ca40 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -22,6 +22,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 4.1.0", "< 6.0") + s.add_dependency("railties", ">= 4.1.0") s.add_dependency("responders") end diff --git a/gemfiles/Gemfile.rails-6.0-rc1 b/gemfiles/Gemfile.rails-6.0-stable similarity index 93% rename from gemfiles/Gemfile.rails-6.0-rc1 rename to gemfiles/Gemfile.rails-6.0-stable index 125818f68..2358639ad 100644 --- a/gemfiles/Gemfile.rails-6.0-rc1 +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem 'rails', '~> 6.0.0.rc1' +gem 'rails', '>= 6.0.0.rc1', '< 6.1' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-6.0-rc1.lock b/gemfiles/Gemfile.rails-6.0-stable.lock similarity index 100% rename from gemfiles/Gemfile.rails-6.0-rc1.lock rename to gemfiles/Gemfile.rails-6.0-stable.lock diff --git a/lib/devise.rb b/lib/devise.rb old mode 100755 new mode 100644 diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb old mode 100755 new mode 100644 diff --git a/test/devise_test.rb b/test/devise_test.rb old mode 100755 new mode 100644 From f618b88f91a3aec1ad8cbc9a0ff547583bc3ad56 Mon Sep 17 00:00:00 2001 From: Abhijeet Singh Date: Wed, 26 Jun 2019 15:22:40 +0530 Subject: [PATCH 007/299] Updated Codeacademy's Rails Auth link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2d58826e5..16d584596 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ If you are building your first Rails application, we recommend you *do not* use * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch -* Codecademy's Ruby on Rails: Authentication and Authorization: http://www.codecademy.com/en/learn/rails-auth +* Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From 45cc66868354f9f1293ae7004705314c88ba1525 Mon Sep 17 00:00:00 2001 From: Denis Krasulin Date: Tue, 16 Jul 2019 01:08:44 +0300 Subject: [PATCH 008/299] Update routes.rb Comment incorrectly states that default method is "get", while line 228 of /lib/devise.rb sets "delete": "The default method used while signing out: @@sign_out_via = :delete" --- lib/devise/rails/routes.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 2d177b252..95a4ced79 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -135,10 +135,10 @@ class Mapper # * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given # are also allowed as parameter. # - # * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get), + # * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :delete), # if you wish to restrict this to accept only :post or :delete requests you should do: # - # devise_for :users, sign_out_via: [:post, :delete] + # devise_for :users, sign_out_via: [:get, :post] # # You need to make sure that your sign_out controls trigger a request with a matching HTTP method. # From df43a3560a8aa44f052cb7deb7096413b5013a88 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 5 Aug 2019 14:28:54 -0300 Subject: [PATCH 009/299] Rails 6 release candidate 2 on CI --- gemfiles/Gemfile.rails-6.0-stable | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 122 ++++++++++++------------- 2 files changed, 62 insertions(+), 62 deletions(-) diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile.rails-6.0-stable index 2358639ad..ce541bf38 100644 --- a/gemfiles/Gemfile.rails-6.0-stable +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem 'rails', '>= 6.0.0.rc1', '< 6.1' +gem 'rails', '>= 6.0.0.rc2', '< 6.1' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 9d035bcf0..8f35d2c1a 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -13,69 +13,69 @@ PATH devise (4.6.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0.rc1) - actionpack (= 6.0.0.rc1) + actioncable (6.0.0.rc2) + actionpack (= 6.0.0.rc2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - activejob (= 6.0.0.rc1) - activerecord (= 6.0.0.rc1) - activestorage (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + actionmailbox (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + activejob (= 6.0.0.rc2) + activerecord (= 6.0.0.rc2) + activestorage (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) mail (>= 2.7.1) - actionmailer (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - actionview (= 6.0.0.rc1) - activejob (= 6.0.0.rc1) + actionmailer (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + actionview (= 6.0.0.rc2) + activejob (= 6.0.0.rc2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0.rc1) - actionview (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + actionpack (6.0.0.rc2) + actionview (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actiontext (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - activerecord (= 6.0.0.rc1) - activestorage (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + actiontext (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + activerecord (= 6.0.0.rc2) + activestorage (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) nokogiri (>= 1.8.5) - actionview (6.0.0.rc1) - activesupport (= 6.0.0.rc1) + actionview (6.0.0.rc2) + activesupport (= 6.0.0.rc2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (6.0.0.rc1) - activesupport (= 6.0.0.rc1) + activejob (6.0.0.rc2) + activesupport (= 6.0.0.rc2) globalid (>= 0.3.6) - activemodel (6.0.0.rc1) - activesupport (= 6.0.0.rc1) - activerecord (6.0.0.rc1) - activemodel (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) - activestorage (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - activejob (= 6.0.0.rc1) - activerecord (= 6.0.0.rc1) + activemodel (6.0.0.rc2) + activesupport (= 6.0.0.rc2) + activerecord (6.0.0.rc2) + activemodel (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) + activestorage (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + activejob (= 6.0.0.rc2) + activerecord (= 6.0.0.rc2) marcel (~> 0.3.1) - activesupport (6.0.0.rc1) + activesupport (6.0.0.rc2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - zeitwerk (~> 2.1, >= 2.1.4) - bcrypt (3.1.12) + zeitwerk (~> 2.1, >= 2.1.8) + bcrypt (3.1.13) builder (3.2.3) concurrent-ruby (1.1.5) crass (1.0.4) @@ -98,7 +98,7 @@ GEM metaclass (0.0.4) method_source (0.9.2) mimemagic (0.3.3) - mini_mime (1.0.1) + mini_mime (1.0.2) mini_portile2 (2.4.0) minitest (5.11.3) mocha (1.8.0) @@ -106,7 +106,7 @@ GEM multi_json (1.13.1) multi_xml (0.6.0) multipart-post (2.0.0) - nio4r (2.3.1) + nio4r (2.4.0) nokogiri (1.10.3) mini_portile2 (~> 2.4.0) oauth2 (1.4.1) @@ -133,20 +133,20 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0.rc1) - actioncable (= 6.0.0.rc1) - actionmailbox (= 6.0.0.rc1) - actionmailer (= 6.0.0.rc1) - actionpack (= 6.0.0.rc1) - actiontext (= 6.0.0.rc1) - actionview (= 6.0.0.rc1) - activejob (= 6.0.0.rc1) - activemodel (= 6.0.0.rc1) - activerecord (= 6.0.0.rc1) - activestorage (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + rails (6.0.0.rc2) + actioncable (= 6.0.0.rc2) + actionmailbox (= 6.0.0.rc2) + actionmailer (= 6.0.0.rc2) + actionpack (= 6.0.0.rc2) + actiontext (= 6.0.0.rc2) + actionview (= 6.0.0.rc2) + activejob (= 6.0.0.rc2) + activemodel (= 6.0.0.rc2) + activerecord (= 6.0.0.rc2) + activestorage (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) bundler (>= 1.3.0) - railties (= 6.0.0.rc1) + railties (= 6.0.0.rc2) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -155,15 +155,15 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) + rails-html-sanitizer (1.1.0) loofah (~> 2.2, >= 2.2.2) - railties (6.0.0.rc1) - actionpack (= 6.0.0.rc1) - activesupport (= 6.0.0.rc1) + railties (6.0.0.rc2) + actionpack (= 6.0.0.rc2) + activesupport (= 6.0.0.rc2) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) - rake (12.3.2) + rake (12.3.3) rdoc (6.1.1) responders (2.4.1) actionpack (>= 4.2.0, < 6.0) @@ -190,10 +190,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.0) + websocket-driver (0.7.1) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) - zeitwerk (2.1.6) + websocket-extensions (0.1.4) + zeitwerk (2.1.9) PLATFORMS ruby @@ -206,7 +206,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 6.0.0.rc1) + rails (>= 6.0.0.rc2, < 6.1) rails-controller-testing rdoc responders (~> 2.4) From ad5892391da99cafb462e8883a185b3a0e653f4f Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 7 Aug 2019 12:32:01 -0300 Subject: [PATCH 010/299] Fix specs on Rails 6 RC2 (#5109) * Fix specs on Rails 6 RC2 `ActiveRecord::MigrationContext` now has a `schema_migration` attribute. Ref: https://github.com/rails/rails/pull/36439/files#diff-8d3c44120f7b67ff79e2fbe6a40d0ad6R1018 * Use `media_type` instead of `content_type` Before Rails 6 RC2, the `ActionDispatch::Response#content_type` method would return only the media part of the `Content-Type` header, without any other parts. Now the `#content_type` method returns the entire header - as it is - and `#media_type` should be used instead to get the previous behavior. Ref: - https://github.com/rails/rails/pull/36034 - https://github.com/rails/rails/pull/36854 * Use render template instead of render file Render file will need the full path in order to avoid security breaches. In this particular case, there's no need to use render file, it's ok to use render template. Ref: https://github.com/rails/rails/pull/35688 * Don't set `represent_boolean_as_integer` on Rails 6 * Update comments [ci skip] --- test/orm/active_record.rb | 4 +++- test/rails_app/app/views/admins/sessions/new.html.erb | 2 +- test/rails_app/config/application.rb | 4 ++-- test/rails_app/config/boot.rb | 6 +++++- test/test/controller_helpers_test.rb | 7 ++++++- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index e258ca8af..001f99b99 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,9 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails52_and_up? +if Devise::Test.rails6? + ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate +elsif Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate else ActiveRecord::Migrator.migrate(migrate_path) diff --git a/test/rails_app/app/views/admins/sessions/new.html.erb b/test/rails_app/app/views/admins/sessions/new.html.erb index 75f3b860f..f3be6278e 100644 --- a/test/rails_app/app/views/admins/sessions/new.html.erb +++ b/test/rails_app/app/views/admins/sessions/new.html.erb @@ -1,2 +1,2 @@ Welcome to "sessions/new" view! -<%= render file: "devise/sessions/new" %> +<%= render template: "devise/sessions/new" %> diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index d39fa7dd6..0c844878a 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -45,8 +45,8 @@ class Application < Rails::Application Devise::SessionsController.layout "application" end - # Remove this check once Rails 5.0 support is removed. - if Devise::Test.rails52_and_up? + # Remove the first check once Rails 5.0 support is removed. + if Devise::Test.rails52_and_up? && !Devise::Test.rails6? Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 01621de75..bc3dfa62d 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -6,8 +6,12 @@ module Devise module Test - # Detection for minor differences between Rails 4 and 5, 5.1, and 5.2 in tests. + # Detection for minor differences between Rails versions in tests. + def self.rails6? + Rails.version.start_with? '6' + end + def self.rails52_and_up? Rails::VERSION::MAJOR > 5 || rails52? end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 7855621c1..f285cbbfd 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -102,7 +102,12 @@ def respond test "returns the content type of a failure app" do get :index, params: { format: :xml } - assert response.content_type.include?('application/xml') + + if Devise::Test.rails6? + assert response.media_type.include?('application/xml') + else + assert response.content_type.include?('application/xml') + end end test "defined Warden after_authentication callback should not be called when sign_in is called" do From 12fc5b76d89cf6e9c47289416fb24bf1a85f03da Mon Sep 17 00:00:00 2001 From: Ewerton Date: Thu, 15 Aug 2019 09:28:15 -0300 Subject: [PATCH 011/299] Update README.md (#5115) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 16d584596..73e7c6ffd 100644 --- a/README.md +++ b/README.md @@ -732,6 +732,6 @@ https://github.com/plataformatec/devise/graphs/contributors ## License -MIT License. Copyright 2009-2018 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2019 Plataformatec. http://plataformatec.com.br You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. From a79057070c60a274936b8421cd35846e03aa08bd Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 19 Aug 2019 11:35:55 -0300 Subject: [PATCH 012/299] Prepare for `4.7.0` release --- CHANGELOG.md | 6 +- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 6 +- gemfiles/Gemfile.rails-5.2-stable.lock | 6 +- gemfiles/Gemfile.rails-6.0-stable | 4 +- gemfiles/Gemfile.rails-6.0-stable.lock | 126 ++++++++++++------------- lib/devise/version.rb | 2 +- 7 files changed, 77 insertions(+), 75 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50b1512ec..1afe68ddb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,12 @@ * enhancements * Support Rails 6.0 - * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) * Update CI to rails 6.0.0.beta3 (by @tunnes) * refactor method name to be more consistent (by @saiqulhaq) - * Fix rails 6.0.rc1 email uniqueness validation deprecation error (by @Vasfed) + * Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed) + +* bug fixes + * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) ### 4.6.2 - 2019-03-26 diff --git a/Gemfile.lock b/Gemfile.lock index 5c041167c..e9632beed 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.6.2) + devise (4.7.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index f4a97f8e0..ad11e2cb4 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,10 +10,10 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -58,7 +58,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (7.1.4) - bcrypt (3.1.12) + bcrypt (3.1.13) builder (3.2.3) concurrent-ruby (1.0.5) erubis (2.7.0) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index c9541696b..5d33b726f 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,10 +10,10 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -62,7 +62,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) - bcrypt (3.1.12) + bcrypt (3.1.13) builder (3.2.3) concurrent-ruby (1.0.5) crass (1.0.4) diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile.rails-6.0-stable index ce541bf38..cdef68f66 100644 --- a/gemfiles/Gemfile.rails-6.0-stable +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem 'rails', '>= 6.0.0.rc2', '< 6.1' +gem "rails", '~> 6.0.0' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -11,7 +11,7 @@ gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" gem "rails-controller-testing" -gem "responders", "~> 2.4" +gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 8f35d2c1a..e8f1232be 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -20,56 +20,56 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0.rc2) - actionpack (= 6.0.0.rc2) + actioncable (6.0.0) + actionpack (= 6.0.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - activejob (= 6.0.0.rc2) - activerecord (= 6.0.0.rc2) - activestorage (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + actionmailbox (6.0.0) + actionpack (= 6.0.0) + activejob (= 6.0.0) + activerecord (= 6.0.0) + activestorage (= 6.0.0) + activesupport (= 6.0.0) mail (>= 2.7.1) - actionmailer (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - actionview (= 6.0.0.rc2) - activejob (= 6.0.0.rc2) + actionmailer (6.0.0) + actionpack (= 6.0.0) + actionview (= 6.0.0) + activejob (= 6.0.0) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0.rc2) - actionview (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + actionpack (6.0.0) + actionview (= 6.0.0) + activesupport (= 6.0.0) rack (~> 2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actiontext (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - activerecord (= 6.0.0.rc2) - activestorage (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.0.0) + actionpack (= 6.0.0) + activerecord (= 6.0.0) + activestorage (= 6.0.0) + activesupport (= 6.0.0) nokogiri (>= 1.8.5) - actionview (6.0.0.rc2) - activesupport (= 6.0.0.rc2) + actionview (6.0.0) + activesupport (= 6.0.0) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (6.0.0.rc2) - activesupport (= 6.0.0.rc2) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.0.0) + activesupport (= 6.0.0) globalid (>= 0.3.6) - activemodel (6.0.0.rc2) - activesupport (= 6.0.0.rc2) - activerecord (6.0.0.rc2) - activemodel (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) - activestorage (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - activejob (= 6.0.0.rc2) - activerecord (= 6.0.0.rc2) + activemodel (6.0.0) + activesupport (= 6.0.0) + activerecord (6.0.0) + activemodel (= 6.0.0) + activesupport (= 6.0.0) + activestorage (6.0.0) + actionpack (= 6.0.0) + activejob (= 6.0.0) + activerecord (= 6.0.0) marcel (~> 0.3.1) - activesupport (6.0.0.rc2) + activesupport (6.0.0) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -87,7 +87,7 @@ GEM hashie (3.6.0) i18n (1.6.0) concurrent-ruby (~> 1.0) - jwt (2.1.0) + jwt (2.2.1) loofah (2.2.3) crass (~> 1.0.2) nokogiri (>= 1.5.9) @@ -101,13 +101,13 @@ GEM mini_mime (1.0.2) mini_portile2 (2.4.0) minitest (5.11.3) - mocha (1.8.0) + mocha (1.9.0) metaclass (~> 0.0.1) multi_json (1.13.1) multi_xml (0.6.0) - multipart-post (2.0.0) + multipart-post (2.1.1) nio4r (2.4.0) - nokogiri (1.10.3) + nokogiri (1.10.4) mini_portile2 (~> 2.4.0) oauth2 (1.4.1) faraday (>= 0.8, < 0.16.0) @@ -133,20 +133,20 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0.rc2) - actioncable (= 6.0.0.rc2) - actionmailbox (= 6.0.0.rc2) - actionmailer (= 6.0.0.rc2) - actionpack (= 6.0.0.rc2) - actiontext (= 6.0.0.rc2) - actionview (= 6.0.0.rc2) - activejob (= 6.0.0.rc2) - activemodel (= 6.0.0.rc2) - activerecord (= 6.0.0.rc2) - activestorage (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + rails (6.0.0) + actioncable (= 6.0.0) + actionmailbox (= 6.0.0) + actionmailer (= 6.0.0) + actionpack (= 6.0.0) + actiontext (= 6.0.0) + actionview (= 6.0.0) + activejob (= 6.0.0) + activemodel (= 6.0.0) + activerecord (= 6.0.0) + activestorage (= 6.0.0) + activesupport (= 6.0.0) bundler (>= 1.3.0) - railties (= 6.0.0.rc2) + railties (= 6.0.0) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -155,19 +155,19 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.1.0) + rails-html-sanitizer (1.2.0) loofah (~> 2.2, >= 2.2.2) - railties (6.0.0.rc2) - actionpack (= 6.0.0.rc2) - activesupport (= 6.0.0.rc2) + railties (6.0.0) + actionpack (= 6.0.0) + activesupport (= 6.0.0) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) rake (12.3.3) rdoc (6.1.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) + responders (3.0.0) + actionpack (>= 5.0) + railties (>= 5.0) ruby-openid (2.7.0) sprockets (3.7.2) concurrent-ruby (~> 1.0) @@ -206,10 +206,10 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (>= 6.0.0.rc2, < 6.1) + rails (~> 6.0.0) rails-controller-testing rdoc - responders (~> 2.4) + responders (~> 3.0) sqlite3 (~> 1.4) test_after_commit timecop diff --git a/lib/devise/version.rb b/lib/devise/version.rb index e232ce182..d18e24e35 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.6.2".freeze + VERSION = "4.7.0".freeze end From 6bb74c5abff9f75e992560b308b1f8ae926da50e Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Mon, 19 Aug 2019 13:32:56 -0300 Subject: [PATCH 013/299] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1afe68ddb..6b0843d2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.7.0 - 2019-08-19 + * enhancements * Support Rails 6.0 * Update CI to rails 6.0.0.beta3 (by @tunnes) From e051360ea2035af4e033c0722eb51ac83ec13761 Mon Sep 17 00:00:00 2001 From: Olle Jonsson Date: Mon, 26 Aug 2019 13:36:34 +0200 Subject: [PATCH 014/299] CI: Drop unused Travis sudo: false directive --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index edf881b3d..a3cd864c2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -64,8 +64,6 @@ matrix: services: - mongodb -sudo: false - cache: bundler env: From 6635caf12ed0879cd369a239c20b02e16f90c944 Mon Sep 17 00:00:00 2001 From: Lucas Santos Date: Fri, 30 Aug 2019 14:35:19 -0300 Subject: [PATCH 015/299] Fix typo --- config/locales/en.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index 55617bdf3..ca3d61994 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -42,7 +42,7 @@ en: signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." - update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address." updated: "Your account has been updated successfully." updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again" sessions: From fee43f3c11e176c53c5c3bfda7fd2e97c4c912be Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Wed, 4 Sep 2019 15:42:48 -0300 Subject: [PATCH 016/299] Always return an error when `confirmation_token` is blank (#5132) As reported in https://github.com/plataformatec/devise/issues/5071, if for some reason, a user in the database had the `confirmation_token` column as a blank string, Devise would confirm that user after receiving a request with a blank `confirmation_token` parameter. After this commit, a request sending a blank `confirmation_token` parameter will receive a validation error. For applications that have users with a blank `confirmation_token` in the database, it's recommended to manually regenerate or to nullify them. --- lib/devise/models/confirmable.rb | 12 +++++++++++ test/integration/confirmable_test.rb | 30 ++++++++++++++++++++++++++++ test/models/confirmable_test.rb | 18 +++++++++++++++++ 3 files changed, 60 insertions(+) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index dbf6d0ffc..91258f4c3 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -348,7 +348,19 @@ def send_confirmation_instructions(attributes={}) # If the user is already confirmed, create an error for the user # Options must have the confirmation_token def confirm_by_token(confirmation_token) + # When the `confirmation_token` parameter is blank, if there are any users with a blank + # `confirmation_token` in the database, the first one would be confirmed here. + # The error is being manually added here to ensure no users are confirmed by mistake. + # This was done in the model for convenience, since validation errors are automatically + # displayed in the view. + if confirmation_token.blank? + confirmable = new + confirmable.errors.add(:confirmation_token, :blank) + return confirmable + end + confirmable = find_first_by_auth_conditions(confirmation_token: confirmation_token) + unless confirmable confirmation_digest = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_digest) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 73563f283..5cafacb43 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -175,6 +175,36 @@ def resend_confirmation assert_current_url '/users/sign_in' end + test "should not be able to confirm an email with a blank confirmation token" do + visit_user_confirmation_with_token("") + + assert_contain "Confirmation token can't be blank" + end + + test "should not be able to confirm an email with a nil confirmation token" do + visit_user_confirmation_with_token(nil) + + assert_contain "Confirmation token can't be blank" + end + + test "should not be able to confirm user with blank confirmation token" do + user = create_user(confirm: false) + user.update_attribute(:confirmation_token, "") + + visit_user_confirmation_with_token("") + + assert_contain "Confirmation token can't be blank" + end + + test "should not be able to confirm user with nil confirmation token" do + user = create_user(confirm: false) + user.update_attribute(:confirmation_token, nil) + + visit_user_confirmation_with_token(nil) + + assert_contain "Confirmation token can't be blank" + end + test 'error message is configurable by resource name' do store_translations :en, devise: { failure: { user: { unconfirmed: "Not confirmed user" } } diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index cab1d4f38..899c9caba 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -77,6 +77,24 @@ def setup assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end + test 'should return a new record with errors when a blank token is given and a record exists on the database' do + user = create_user(confirmation_token: '') + + confirmed_user = User.confirm_by_token('') + + refute user.reload.confirmed? + assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + end + + test 'should return a new record with errors when a nil token is given and a record exists on the database' do + user = create_user(confirmation_token: nil) + + confirmed_user = User.confirm_by_token(nil) + + refute user.reload.confirmed? + assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + end + test 'should generate errors for a user email if user is already confirmed' do user = create_user user.confirmed_at = Time.now From caa1a55d17f5139347be6808954c492b469d3da4 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Thu, 5 Sep 2019 09:55:12 -0300 Subject: [PATCH 017/299] Update CHANGELOG.md [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b0843d2e..8dbd3d5dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased +* bug fixes + * Fix an edge case where records with a blank `confirmation_token` could be confirmed (by @tegon) + * Fix typo inside `update_needs_confirmation` i18n key (by @lslm) + ### 4.7.0 - 2019-08-19 * enhancements From 098345aace53d4ddf88e04f1eb2680e2676e8c28 Mon Sep 17 00:00:00 2001 From: Leonardo Tegon Date: Fri, 6 Sep 2019 10:20:20 -0300 Subject: [PATCH 018/299] Prepare for version `4.7.1` --- CHANGELOG.md | 2 ++ Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 6 +++--- gemfiles/Gemfile.rails-4.2-stable.lock | 6 +++--- gemfiles/Gemfile.rails-5.0-stable.lock | 4 ++-- gemfiles/Gemfile.rails-5.2-stable.lock | 4 ++-- gemfiles/Gemfile.rails-6.0-stable.lock | 4 ++-- lib/devise/version.rb | 2 +- 8 files changed, 16 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8dbd3d5dd..929fad18a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +### 4.7.1 - 2019-09-06 + * bug fixes * Fix an edge case where records with a blank `confirmation_token` could be confirmed (by @tegon) * Fix typo inside `update_needs_confirmation` i18n key (by @lslm) diff --git a/Gemfile.lock b/Gemfile.lock index e9632beed..aaac95852 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.7.0) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index fbf188839..dbdfe0f87 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -21,10 +21,10 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -54,7 +54,7 @@ GEM thread_safe (~> 0.1) tzinfo (~> 1.1) arel (5.0.1.20140414130214) - bcrypt (3.1.12) + bcrypt (3.1.13) bson (3.2.6) builder (3.2.3) concurrent-ruby (1.0.5) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index de76d2106..f0aa86518 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,10 +57,10 @@ GIT PATH remote: .. specs: - devise (4.6.2) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0, < 6.0) + railties (>= 4.1.0) responders warden (~> 1.2.3) @@ -68,7 +68,7 @@ GEM remote: https://rubygems.org/ specs: arel (6.0.4) - bcrypt (3.1.12) + bcrypt (3.1.13) bson (3.2.6) builder (3.2.3) concurrent-ruby (1.0.5) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index ad11e2cb4..9d0b936c2 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.0) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -191,4 +191,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.1 + 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 5d33b726f..629971f41 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.0) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -200,4 +200,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.1 + 1.17.3 diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index e8f1232be..103d67800 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.0) + devise (4.7.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -216,4 +216,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.2 + 1.17.3 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index d18e24e35..f901c8c86 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.7.0".freeze + VERSION = "4.7.1".freeze end From 34ed98972518d035b28d359e774aa6e0608c0979 Mon Sep 17 00:00:00 2001 From: Marcos Ferreira Date: Tue, 17 Sep 2019 13:37:19 -0300 Subject: [PATCH 019/299] Move PR #5074 to unreleased in changelog [skip ci] --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7485da3d..5b0ad3c4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ### Unreleased +* enhancements + * Increase default stretches to 12 (by @sergey-alekseev) ### 4.7.1 - 2019-09-06 @@ -17,7 +19,6 @@ * bug fixes * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) - * Increase default stretches to 12 (by @sergey-alekseev) ### 4.6.2 - 2019-03-26 From 5d73e1e3bb4961e143ca3d6aa75ca13a7ef9a7cd Mon Sep 17 00:00:00 2001 From: Ryan Lue Date: Wed, 25 Sep 2019 11:02:20 +0800 Subject: [PATCH 020/299] Explain layout of default config initializer [ci skip] --- lib/generators/templates/devise.rb | 6 ++++++ test/rails_app/config/initializers/devise.rb | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index e136b3735..5f37f6960 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -1,5 +1,11 @@ # frozen_string_literal: true +# Assuming you have not yet modified this file, each configuration option below +# is set to its default value. Note that some are commented out while others +# are not: uncommented lines are intended to protect your configuration from +# breaking changes in upgrades (i.e., in the event that future versions of +# Devise change the default values for those options). +# # Use this hook to configure devise mailer, warden hooks and so forth. # Many of these configuration options can be set straight in your model. Devise.setup do |config| diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index 0ce41964b..a3a339edc 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -3,6 +3,12 @@ require "omniauth-facebook" require "omniauth-openid" +# Assuming you have not yet modified this file, each configuration option below +# is set to its default value. Note that some are commented out while others +# are not: uncommented lines are intended to protect your configuration from +# breaking changes in upgrades (i.e., in the event that future versions of +# Devise change the default values for those options). +# # Use this hook to configure devise mailer, warden hooks and so forth. The first # four configuration values can also be set straight in your models. Devise.setup do |config| From 0f134f7030edbca0366f2979e9fbe48abe02edd8 Mon Sep 17 00:00:00 2001 From: Renan Gurgel Date: Thu, 3 Oct 2019 00:15:15 -0300 Subject: [PATCH 021/299] Call set_flash_message helper instead of flash accessor --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index bfc34579f..1cd454f12 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -112,7 +112,7 @@ def require_no_authentication end if authenticated && resource = warden.user(resource_name) - flash[:alert] = I18n.t("devise.failure.already_authenticated") + set_flash_message(:alert, "already_authenticated", scope: "devise.failure") redirect_to after_sign_in_path_for(resource) end end From 421ffc479fa83720c23343978200ea6ad1b461f3 Mon Sep 17 00:00:00 2001 From: Renan Gurgel Date: Thu, 3 Oct 2019 14:15:47 -0300 Subject: [PATCH 022/299] Add test to admin error message --- test/integration/authenticatable_test.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 6b1d5799f..6ffd46379 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -323,6 +323,14 @@ class AuthenticationRedirectTest < Devise::IntegrationTest visit new_user_session_path assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated") end + + test 'require_no_authentication should set the already_authenticated flash message as admin' do + store_translations :en, devise: { failure: { admin: { already_authenticated: 'You are already signed in as admin.' } } } do + sign_in_as_admin + visit new_admin_session_path + assert_equal flash[:alert], "You are already signed in as admin." + end + end end class AuthenticationSessionTest < Devise::IntegrationTest From d022fb8cc4490479421c78b98586463e3978f511 Mon Sep 17 00:00:00 2001 From: Renan Gurgel Date: Thu, 3 Oct 2019 14:27:59 -0300 Subject: [PATCH 023/299] Update code with single-quotes --- app/controllers/devise_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 1cd454f12..a583d2b4a 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -112,7 +112,7 @@ def require_no_authentication end if authenticated && resource = warden.user(resource_name) - set_flash_message(:alert, "already_authenticated", scope: "devise.failure") + set_flash_message(:alert, 'already_authenticated', scope: 'devise.failure') redirect_to after_sign_in_path_for(resource) end end From 0a6cd99d030439ce7540b6e1565cd71541dab2dc Mon Sep 17 00:00:00 2001 From: Steven Torrence <36111610+storrence88@users.noreply.github.com> Date: Fri, 11 Oct 2019 09:27:46 -0500 Subject: [PATCH 024/299] Update README.md Change before filter to before action to match the code example given below. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8be4b44aa..ab4dffc74 100644 --- a/README.md +++ b/README.md @@ -289,7 +289,7 @@ There are just three actions in Devise that allow any set of parameters to be pa * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation` * `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password` -In case you want to permit additional parameters (the lazy way™), you can do so using a simple before filter in your `ApplicationController`: +In case you want to permit additional parameters (the lazy way™), you can do so using a simple before action in your `ApplicationController`: ```ruby class ApplicationController < ActionController::Base From 406915cb781e38255a30ad2a0609e33952b9ec50 Mon Sep 17 00:00:00 2001 From: Looi David Date: Wed, 23 Oct 2019 00:39:35 +1100 Subject: [PATCH 025/299] `changed?` behaviour has been updated (#5135) * `changed?` behaviour has been updated Due to https://github.com/rails/rails/commit/16ae3db5a5c6a08383b974ae6c96faac5b4a3c81 `changed?` has been updated to check for dirtiness after save. The new method that behaves like the old `changed` is `saved_changes?`. * Add comment to explain which method to used based on which rails version it is --- lib/devise/models/authenticatable.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 8325623b2..430c9aac5 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -152,7 +152,8 @@ def devise_mailer # # If the record is new or changed then delay the # # delivery until the after_commit callback otherwise # # send now because after_commit will not be called. - # if new_record? || changed? + # # For Rails < 6 is `changed?` instead of `saved_changes?`. + # if new_record? || saved_changes? # pending_devise_notifications << [notification, args] # else # render_and_send_devise_message(notification, *args) From 940b939791e77073dbaa6f869bd203037e638abc Mon Sep 17 00:00:00 2001 From: tabakazu Date: Thu, 24 Oct 2019 21:12:27 +0900 Subject: [PATCH 026/299] Add assert for check last_sign_in_ip value --- test/integration/trackable_test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index 6695ac52b..adfd0bd6f 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -44,7 +44,7 @@ class TrackableHooksTest < Devise::IntegrationTest assert_equal "127.0.0.1", user.last_sign_in_ip end - test "current remote ip returns original ip behind a non transparent proxy" do + test "current and last sign in remote ip returns original ip behind a non transparent proxy" do user = create_user arbitrary_ip = '200.121.1.69' @@ -53,6 +53,7 @@ class TrackableHooksTest < Devise::IntegrationTest end user.reload assert_equal arbitrary_ip, user.current_sign_in_ip + assert_equal arbitrary_ip, user.last_sign_in_ip end test "increase sign in count" do From 14863ba4c92cd9781a961be0486f0ea7dfe84144 Mon Sep 17 00:00:00 2001 From: Colin Ross Date: Tue, 29 Oct 2019 11:06:37 -0700 Subject: [PATCH 027/299] Documentation: Details/Notes regarding Rails API-only applications (#5152) * doc: Add some additional details concerning using devise in an API-only Rails application * Apply wording suggestions from code review Co-Authored-By: Marcos Ferreira * Apply suggestions from code review Co-Authored-By: Marcos Ferreira --- README.md | 19 ++++++++++++++++++- lib/generators/templates/README | 10 +++++++++- lib/generators/templates/devise.rb | 5 ++++- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ab4dffc74..575bd1218 100644 --- a/README.md +++ b/README.md @@ -697,7 +697,22 @@ Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simpl ### Rails API Mode -Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). One of the side effects is that it changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb: +Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). Devise is _somewhat_ able to handle applications that are built in this mode without additional modifications in the sense that it should not raise exceptions and the like. But some issues may still arise during `development`/`testing`, as we still don't know the full extent of this compatibility. (For more information, see [issue #4947](https://github.com/plataformatec/devise/issues/4947/)) + +#### Supported Authentication Strategies +API-only applications don't support browser-based authentication via cookies, which is devise's default. Yet, devise can still provide authentication out of the box in those cases with the `http_authenticatable` strategy, which uses HTTP Basic Auth and authenticates the user on each request. (For more info, see this wiki article for [How To: Use HTTP Basic Authentication](https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication)) + +The devise default for HTTP Auth is disabled, so it will need to be enabled in the devise initializer for the database strategy: + +```ruby +config.http_authenticatable = [:database] +``` + +This restriction does not limit you from implementing custom warden strategies, either in your application or via gem-based extensions for devise. +A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](http://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/). + +#### Testing +API Mode changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb: ```ruby Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Cookies @@ -706,6 +721,8 @@ Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatc For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696). +Additionally be mindful that without views supported, some email-based flows from Confirmable, Recoverable and Lockable are not supported directly at this time. + ## Additional information ### Heroku diff --git a/lib/generators/templates/README b/lib/generators/templates/README index b76482806..c89920b0c 100644 --- a/lib/generators/templates/README +++ b/lib/generators/templates/README @@ -1,6 +1,6 @@ =============================================================================== -Some setup you must do manually if you haven't yet: +Depending on your application's configuration some manual setup may be required: 1. Ensure you have defined default url options in your environments files. Here is an example of default_url_options appropriate for a development environment @@ -10,10 +10,14 @@ Some setup you must do manually if you haven't yet: In production, :host should be set to the actual host of your application. + * Required for all applications. * + 2. Ensure you have defined root_url to *something* in your config/routes.rb. For example: root to: "home#index" + + * Not required for API-only Applications * 3. Ensure you have flash messages in app/views/layouts/application.html.erb. For example: @@ -21,8 +25,12 @@ Some setup you must do manually if you haven't yet:

<%= notice %>

<%= alert %>

+ * Not required for API-only Applications * + 4. You can copy Devise views (for customization) to your app by running: rails g devise:views + + * Not required * =============================================================================== diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 5f37f6960..0c971902b 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -74,7 +74,10 @@ # Tell if authentication through HTTP Auth is enabled. False by default. # It can be set to an array that will enable http authentication only for the # given strategies, for example, `config.http_authenticatable = [:database]` will - # enable it only for database authentication. The supported strategies are: + # enable it only for database authentication. + # For API-only applications to support authentication "out-of-the-box", you will likely want to + # enable this with :database unless you are using a custom strategy. + # The supported strategies are: # :database = Support basic authentication with authentication key + password # config.http_authenticatable = false From fb18c6ca8da093c911ae44922b65334579ce8727 Mon Sep 17 00:00:00 2001 From: Samuel Pordeus Date: Thu, 28 Nov 2019 18:13:47 -0300 Subject: [PATCH 028/299] Fix typos --- lib/devise/failure_app.rb | 2 +- lib/devise/test/integration_helpers.rb | 2 +- test/integration/database_authenticatable_test.rb | 4 ++-- test/integration/timeoutable_test.rb | 2 +- test/mailers/reset_password_instructions_test.rb | 2 +- test/models/recoverable_test.rb | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 7f80733c8..522c60247 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -152,7 +152,7 @@ def scope_url # We need to add the rootpath to `script_name` manually for applications that use a Rails # version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines - # that use Devise. Remove it when the support of Rails 5.0 is droped. + # that use Devise. Remove it when the support of Rails 5.0 is dropped. elsif root_path_defined?(context) && !rails_51_and_up? rootpath = context.routes.url_helpers.root_path opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1 diff --git a/lib/devise/test/integration_helpers.rb b/lib/devise/test/integration_helpers.rb index 997313896..0c7c910a7 100644 --- a/lib/devise/test/integration_helpers.rb +++ b/lib/devise/test/integration_helpers.rb @@ -28,7 +28,7 @@ def self.included(base) end end - # Signs in a specific resource, mimicking a successfull sign in + # Signs in a specific resource, mimicking a successful sign in # operation through +Devise::SessionsController#create+. # # * +resource+ - The resource that should be authenticated diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 64a52b907..ed641ef29 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -65,7 +65,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end end - test 'sign in with invalid pasword should return to sign in form with error message' do + test 'sign in with invalid password should return to sign in form with error message' do sign_in_as_admin do fill_in 'password', with: 'abcdef' end @@ -80,7 +80,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest sign_in_as_user do fill_in 'email', with: 'wrongemail@test.com' end - + assert_not_contain 'Not found in database' assert_contain 'Invalid Email or password.' end diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index ceddd1086..b6f247148 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -77,7 +77,7 @@ def last_request_at end end - test 'time out user session after deault limit time and redirect to latest get request' do + test 'time out user session after default limit time and redirect to latest get request' do user = sign_in_as_user visit edit_form_user_path(user) diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index f0b458091..f38829dd4 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -29,7 +29,7 @@ def mail end end - test 'email sent after reseting the user password' do + test 'email sent after resetting the user password' do assert_not_nil mail end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 919e6e486..ab47f95f1 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -34,7 +34,7 @@ def setup assert create_user.reset_password('123456789', '123456789') end - test 'should clear reset password token while reseting the password' do + test 'should clear reset password token while resetting the password' do user = create_user assert_nil user.reset_password_token From 9fb079c09739b903ad48bade995c7c85d88d72f0 Mon Sep 17 00:00:00 2001 From: Luke Rollans Date: Tue, 17 Dec 2019 13:40:41 +0800 Subject: [PATCH 029/299] Add a test which checks for Case Mapping Collisions when resetting pw See here for more information https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/ --- test/integration/recoverable_test.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index c834f1d22..fde780596 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -33,6 +33,17 @@ def reset_password(options={}, &block) click_button 'Change my password' end + test 'reset password should send to user record email and avoid case mapping collisions' do + create_user(email: 'luke@github.com') + + request_forgot_password do + fill_in 'email', with: 'luke@gıthub.com' + end + + mail = ActionMailer::Base.deliveries.last + assert_equal ['luke@github.com'], mail.to + end + test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do create_user(email: 'Foo@Bar.com') From 0d95c5ae8bf75878e9315e9c5ab829db64e903c8 Mon Sep 17 00:00:00 2001 From: Luke Rollans Date: Tue, 17 Dec 2019 13:47:40 +0800 Subject: [PATCH 030/299] Generalise email address --- test/integration/recoverable_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index fde780596..b1cdb6571 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -34,14 +34,14 @@ def reset_password(options={}, &block) end test 'reset password should send to user record email and avoid case mapping collisions' do - create_user(email: 'luke@github.com') + create_user(email: 'user@github.com') request_forgot_password do - fill_in 'email', with: 'luke@gıthub.com' + fill_in 'email', with: 'user@gıthub.com' end mail = ActionMailer::Base.deliveries.last - assert_equal ['luke@github.com'], mail.to + assert_equal ['user@github.com'], mail.to end test 'reset password with email of different case should succeed when email is in the list of case insensitive keys' do From a3fcb3b682b1648a7ba96e532b6405a95c96ef88 Mon Sep 17 00:00:00 2001 From: Connor Shea Date: Thu, 26 Dec 2019 17:44:53 -0700 Subject: [PATCH 031/299] Fix two deprecated usages of keyword arguments. This prevents us from using behavior that was deprecated in Ruby 2.7. --- app/controllers/devise_controller.rb | 2 +- lib/devise/failure_app.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index a583d2b4a..9911fa0b8 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -184,7 +184,7 @@ def find_message(kind, options = {}) options[:default] = Array(options[:default]).unshift(kind.to_sym) options[:resource_name] = resource_name options = devise_i18n_options(options) - I18n.t("#{options[:resource_name]}.#{kind}", options) + I18n.t("#{options[:resource_name]}.#{kind}", **options) end # Controllers inheriting DeviseController are advised to override this diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 522c60247..1a7e8e54e 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -107,7 +107,7 @@ def i18n_message(default = nil) options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector")) options = i18n_options(options) - I18n.t(:"#{scope}.#{message}", options) + I18n.t(:"#{scope}.#{message}", **options) else message.to_s end From a17abad57a5d97594701cee7eac072170f739313 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 3 Feb 2020 11:33:17 -0500 Subject: [PATCH 032/299] Remove all references to Plataformatec --- CHANGELOG.md | 6 +- CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 10 +-- ISSUE_TEMPLATE.md | 2 +- MIT-LICENSE | 3 +- README.md | 70 +++++++++---------- config/locales/en.yml | 2 +- devise.gemspec | 4 +- lib/devise/controllers/sign_in_out.rb | 2 +- lib/devise/models/database_authenticatable.rb | 2 +- lib/devise/models/rememberable.rb | 2 +- lib/devise/models/trackable.rb | 2 +- .../omniauth_callbacks_controller.rb | 2 +- 13 files changed, 53 insertions(+), 56 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5b0ad3c4f..233e9691d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ ### 4.6.2 - 2019-03-26 * bug fixes - * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/plataformatec/devise/issues/5033#issuecomment-476386275 (by @mracos) + * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/heartcombo/devise/issues/5033#issuecomment-476386275 (by @mracos) ### 4.6.1 - 2019-02-11 @@ -70,7 +70,7 @@ * Add `autocomplete="new-password"` to new password fields (by @gssbzn) * Add `autocomplete="current-password"` to current password fields (by @gssbzn) * Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia) - * Update `simple_form` templates with changes from https://github.com/plataformatec/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/plataformatec/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) + * Update `simple_form` templates with changes from https://github.com/heartcombo/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/heartcombo/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) * Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine) * bug fixes @@ -317,5 +317,5 @@ configured (by @joshpencheon) You can check more examples and explanations on the [README section](README.md#strong-parameters) and on the [ParameterSanitizer docs](lib/devise/parameter_sanitizer.rb). -Please check [3-stable](https://github.com/plataformatec/devise/blob/3-stable/CHANGELOG.md) +Please check [3-stable](https://github.com/heartcombo/devise/blob/3-stable/CHANGELOG.md) for previous changes. diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index cae2742e1..a94736201 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -17,6 +17,6 @@ Project maintainers have the right and responsibility to remove, edit, or reject This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [conduct@plataformatec.com.br](conduct@plataformatec.com.br) or contacting one or more of the project maintainers. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [heartcombo@googlegroups.com](heartcombo@googlegroups.com) or contacting one or more of the project maintainers. This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d4a03e7a1..51b94f9d4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,7 +8,7 @@ expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md). ## Reporting Issues Before reporting a new issue, please be sure that the issue wasn't already -reported or fixed by searching on GitHub through our [issues](https://github.com/plataformatec/devise/issues). +reported or fixed by searching on GitHub through our [issues](https://github.com/heartcombo/devise/issues). When creating a new issue, be sure to include a **title and clear description**, as much relevant information as possible, and either a test case example or @@ -22,7 +22,7 @@ Please do not attempt to translate Devise built in views. The views are meant to be a starting point for fresh apps and not production material - eventually all applications will require custom views where you can write your own copy and translate it if the application requires it . For historical references, please look into closed -[Issues/Pull Requests](https://github.com/plataformatec/devise/issues?q=i18n) regarding +[Issues/Pull Requests](https://github.com/heartcombo/devise/issues?q=i18n) regarding internationalization. Avoid opening new issues to ask questions in our issues tracker. Please go through @@ -30,7 +30,7 @@ the project wiki, documentation and source code first, or try to ask your questi on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). **If you find a security bug, do not report it through GitHub. Please send an -e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) +e-mail to [heartcombo@googlegroups.com](mailto:heartcombo@googlegroups.com) instead.** ## Sending Pull Requests @@ -50,7 +50,7 @@ are beneficial to a wide range of use cases or it's an application specific chan that might not be so valuable to other applications. Some changes can be introduced as a new `devise-something` gem instead of belonging to the main codebase. -When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/plataformatec/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks +When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/heartcombo/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks to the new setting. We also welcome Pull Requests that improve our existing documentation (both our @@ -66,7 +66,7 @@ you can do: * Help ensure that existing issues follows the recommendations from the _[Reporting Issues](#reporting-issues)_ section, providing feedback to the issue's author on what might be missing. -* Review and update the existing content of our [Wiki](https://github.com/plataformatec/devise/wiki) +* Review and update the existing content of our [Wiki](https://github.com/heartcombo/devise/wiki) with up to date instructions and code samples - the wiki was grown with several different tutorials and references that we can't keep track of everything, so if there is a page that showcases an integration or customization that you are diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 6f03f6f93..904d81073 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -2,7 +2,7 @@ - Do not use the issues tracker for help or support, try Stack Overflow. - For bugs, do a quick search and make sure the bug has not yet been reported -- If you found a security bug, do not report it through GitHub. Please send an e-mail to opensource@plataformatec.com.br instead. +- If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo@googlegroups.com instead. - Finally, be nice and have fun! ## Environment diff --git a/MIT-LICENSE b/MIT-LICENSE index d452d3d49..4896d6e61 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,5 @@ -Copyright 2009-2019 Plataformatec. http://plataformatec.com.br +Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. +Copyright 2009-2019 Plataformatec. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index 575bd1218..21c69533c 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,7 @@ -![Devise Logo](https://raw.github.com/plataformatec/devise/master/devise.png) +![Devise Logo](https://raw.github.com/heartcombo/devise/master/devise.png) -By [Plataformatec](http://plataformatec.com.br/). - -[![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise) -[![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise) - -This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/). +[![Build Status](https://api.travis-ci.org/heartcombo/devise.svg?branch=master)](http://travis-ci.org/heartcombo/devise) +[![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise) Devise is a flexible authentication solution for Rails based on Warden. It: @@ -16,16 +12,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: -* [Database Authenticatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. -* [Confirmable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. -* [Recoverable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. -* [Registerable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. -* [Rememberable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. -* [Trackable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. -* [Validatable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. -* [Lockable](http://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. +* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. +* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. +* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. +* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. +* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. +* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. +* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. +* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. ## Table of Contents @@ -73,15 +69,15 @@ It's composed of 10 modules: The Devise Wiki has lots of additional information about Devise including many "how-to" articles and answers to the most frequently asked questions. Please browse the Wiki after finishing this README: -https://github.com/plataformatec/devise/wiki +https://github.com/heartcombo/devise/wiki ### Bug reports If you discover a problem with Devise, we would like to know about it. However, we ask that you please review these guidelines before submitting a bug report: -https://github.com/plataformatec/devise/wiki/Bug-reports +https://github.com/heartcombo/devise/wiki/Bug-reports -If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br. +If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to heartcombo@googlegroups.com. ### StackOverflow and Mailing List @@ -97,7 +93,7 @@ https://groups.google.com/group/plataformatec-devise You can view the Devise documentation in RDoc format here: -http://rubydoc.info/github/plataformatec/devise/master/frames +http://rubydoc.info/github/heartcombo/devise/master/frames If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation. @@ -105,19 +101,19 @@ If you need to use Devise with previous versions of Rails, you can always run "g There are a few example applications available on GitHub that demonstrate various features of Devise with different versions of Rails. You can view them here: -https://github.com/plataformatec/devise/wiki/Example-Applications +https://github.com/heartcombo/devise/wiki/Example-Applications ### Extensions Our community has created a number of extensions that add functionality above and beyond what is included with Devise. You can view a list of available extensions and add your own here: -https://github.com/plataformatec/devise/wiki/Extensions +https://github.com/heartcombo/devise/wiki/Extensions ### Contributing We hope that you will consider contributing to Devise. Please read this short overview for some information about how to get started: -https://github.com/plataformatec/devise/wiki/Contributing +https://github.com/heartcombo/devise/wiki/Contributing You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run `bundle install` and `bin/test`. Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`. @@ -136,7 +132,7 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). -Inside the [gemfiles](https://github.com/plataformatec/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: ```bash rbenv shell 2.4.2 # or rvm use 2.4.2 @@ -279,7 +275,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, ![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204) -*For previous Devise versions see https://github.com/plataformatec/devise/tree/3-stable#strong-parameters* +*For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters* When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well. @@ -464,7 +460,7 @@ Devise also ships with default routes. If you need to customize them, you should devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` -Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/plataformatec/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details. +Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details. If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router: @@ -520,7 +516,7 @@ en: Take a look at our locale file to check all available messages. You may also be interested in one of the many translations that are available on our wiki: -https://github.com/plataformatec/devise/wiki/I18n +https://github.com/heartcombo/devise/wiki/I18n Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController. @@ -620,7 +616,7 @@ are executed in your tests. You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki: -* https://github.com/plataformatec/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec) +* https://github.com/heartcombo/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec) ### OmniAuth @@ -632,7 +628,7 @@ config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' You can read more about OmniAuth support in the wiki: -* https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview +* https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview ### Configuring multiple models @@ -679,7 +675,7 @@ end ### Password reset tokens and Rails logs -If you enable the [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: +If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. @@ -697,10 +693,10 @@ Devise supports ActiveRecord (default) and Mongoid. To select another ORM, simpl ### Rails API Mode -Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). Devise is _somewhat_ able to handle applications that are built in this mode without additional modifications in the sense that it should not raise exceptions and the like. But some issues may still arise during `development`/`testing`, as we still don't know the full extent of this compatibility. (For more information, see [issue #4947](https://github.com/plataformatec/devise/issues/4947/)) +Rails 5+ has a built-in [API Mode](https://edgeguides.rubyonrails.org/api_app.html) which optimizes Rails for use as an API (only). Devise is _somewhat_ able to handle applications that are built in this mode without additional modifications in the sense that it should not raise exceptions and the like. But some issues may still arise during `development`/`testing`, as we still don't know the full extent of this compatibility. (For more information, see [issue #4947](https://github.com/heartcombo/devise/issues/4947/)) #### Supported Authentication Strategies -API-only applications don't support browser-based authentication via cookies, which is devise's default. Yet, devise can still provide authentication out of the box in those cases with the `http_authenticatable` strategy, which uses HTTP Basic Auth and authenticates the user on each request. (For more info, see this wiki article for [How To: Use HTTP Basic Authentication](https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication)) +API-only applications don't support browser-based authentication via cookies, which is devise's default. Yet, devise can still provide authentication out of the box in those cases with the `http_authenticatable` strategy, which uses HTTP Basic Auth and authenticates the user on each request. (For more info, see this wiki article for [How To: Use HTTP Basic Authentication](https://github.com/heartcombo/devise/wiki/How-To:-Use-HTTP-Basic-Authentication)) The devise default for HTTP Auth is disabled, so it will need to be enabled in the devise initializer for the database strategy: @@ -709,7 +705,7 @@ config.http_authenticatable = [:database] ``` This restriction does not limit you from implementing custom warden strategies, either in your application or via gem-based extensions for devise. -A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](http://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/). +A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/heartcombo/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](http://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/). #### Testing API Mode changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb: @@ -719,7 +715,7 @@ Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatc Rails.application.config.middleware.insert_before Warden::Manager, ActionDispatch::Session::CookieStore ``` -For a deeper understanding of this, review [this issue](https://github.com/plataformatec/devise/issues/4696). +For a deeper understanding of this, review [this issue](https://github.com/heartcombo/devise/issues/4696). Additionally be mindful that without views supported, some email-based flows from Confirmable, Recoverable and Lockable are not supported directly at this time. @@ -745,10 +741,10 @@ https://github.com/hassox/warden We have a long list of valued contributors. Check them all at: -https://github.com/plataformatec/devise/graphs/contributors +https://github.com/heartcombo/devise/graphs/contributors ## License -MIT License. Copyright 2009-2019 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2020 Rafael França, Leaonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. diff --git a/config/locales/en.yml b/config/locales/en.yml index ca3d61994..ab1f07060 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1,4 +1,4 @@ -# Additional translations at https://github.com/plataformatec/devise/wiki/I18n +# Additional translations at https://github.com/heartcombo/devise/wiki/I18n en: devise: diff --git a/devise.gemspec b/devise.gemspec index 66d09ca40..abbbd7f86 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -10,8 +10,8 @@ Gem::Specification.new do |s| s.platform = Gem::Platform::RUBY s.licenses = ["MIT"] s.summary = "Flexible authentication solution for Rails with Warden" - s.email = "contact@plataformatec.com.br" - s.homepage = "https://github.com/plataformatec/devise" + s.email = "heartcombo@googlegroups.com" + s.homepage = "https://github.com/heartcombo/devise" s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index e4d378939..19481b4d4 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -21,7 +21,7 @@ def signed_in?(scope=nil) # to the set_user method in warden. # If you are using a custom warden strategy and the timeoutable module, you have to # set `env["devise.skip_timeout"] = true` in the request to use this method, like we do - # in the sessions controller: https://github.com/plataformatec/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 + # in the sessions controller: https://github.com/heartcombo/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 # # Examples: # diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index ffb3ec606..7b1df7895 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -195,7 +195,7 @@ def send_password_change_notification # Hashes the password using bcrypt. Custom hash functions should override # this method to apply their own algorithm. # - # See https://github.com/plataformatec/devise-encryptable for examples + # See https://github.com/heartcombo/devise-encryptable for examples # of other hashing engines. def password_digest(password) Devise::Encryptor.digest(self.class, password) diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 5a175013c..76ac0b813 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -102,7 +102,7 @@ def after_remembered def remember_me?(token, generated_at) # TODO: Normalize the JSON type coercion along with the Timeoutable hook - # in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18 + # in a single place https://github.com/heartcombo/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18 if generated_at.is_a?(String) generated_at = time_from_json(generated_at) end diff --git a/lib/devise/models/trackable.rb b/lib/devise/models/trackable.rb index e450838d3..2328597c3 100644 --- a/lib/devise/models/trackable.rb +++ b/lib/devise/models/trackable.rb @@ -33,7 +33,7 @@ def update_tracked_fields(request) def update_tracked_fields!(request) # We have to check if the user is already persisted before running # `save` here because invalid users can be saved if we don't. - # See https://github.com/plataformatec/devise/issues/4673 for more details. + # See https://github.com/heartcombo/devise/issues/4673 for more details. return if new_record? update_tracked_fields(request) diff --git a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb index 5f95be2d2..29556cf6e 100644 --- a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb @@ -9,7 +9,7 @@ class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallback # end # More info at: - # https://github.com/plataformatec/devise#omniauth + # https://github.com/heartcombo/devise#omniauth # GET|POST /resource/auth/twitter # def passthru From f8daa52b9b99269ce24ddeb418fbd1652730d3c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 3 Feb 2020 12:01:11 -0500 Subject: [PATCH 033/299] Change license of the logo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 21c69533c..93c2d055e 100644 --- a/README.md +++ b/README.md @@ -747,4 +747,4 @@ https://github.com/heartcombo/devise/graphs/contributors MIT License. Copyright 2020 Rafael França, Leaonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. -You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. +The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From 249064d8f61f0abed0c7d14207f8a3f4ce0b6544 Mon Sep 17 00:00:00 2001 From: Felix Wolfsteller Date: Thu, 6 Feb 2020 18:13:30 +0100 Subject: [PATCH 034/299] update README to reflect current Rails version Paragraph defaults to description of how to test in Rails 5/6 now. --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 93c2d055e..35608bcbe 100644 --- a/README.md +++ b/README.md @@ -528,15 +528,21 @@ cases/specs. ### Controller tests -Controller tests require that you include `Devise::Test::ControllerHelpers` on +Controller tests require that you include `Devise::Test::IntegrationHelpers` on your test case or its parent `ActionController::TestCase` superclass. -For Rails 5, include `Devise::Test::IntegrationHelpers` instead, since the superclass -for controller tests has been changed to ActionDispatch::IntegrationTest +For Rails versions prior to 5, include `Devise::Test::ControllerHelpers` instead, since the superclass +for controller tests was changed to ActionDispatch::IntegrationTest (for more details, see the [Integration tests](#integration-tests) section). ```ruby class PostsControllerTest < ActionController::TestCase - include Devise::Test::ControllerHelpers + include Devise::Test::IntegrationHelpers # Rails >= 5 +end +``` + +```ruby +class PostsControllerTest < ActionController::TestCase + include Devise::Test::ControllerHelpers # Rails < 5 end ``` From 12a265d1eb97114b3ec5a6a9d826ba92c5287a09 Mon Sep 17 00:00:00 2001 From: Steven Hsieh Date: Wed, 19 Feb 2020 10:51:36 -0800 Subject: [PATCH 035/299] optimize earlier timeout_skip to avoid unecessary record lookup --- lib/devise/hooks/timeoutable.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index 41b1fde80..772eb142b 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -21,8 +21,8 @@ proxy = Devise::Hooks::Proxy.new(warden) - if record.timedout?(last_request_at) && - !env['devise.skip_timeout'] && + if !env['devise.skip_timeout'] && + record.timedout?(last_request_at) && !proxy.remember_me_is_active?(record) Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope) throw :warden, scope: scope, message: :timeout From 748803cd5931724680ec1f6906e64c42203bb7e8 Mon Sep 17 00:00:00 2001 From: unleashy Date: Thu, 5 Mar 2020 14:47:43 -0300 Subject: [PATCH 036/299] Clarify DatabaseAuthenticable's behaviour with regards to the `password` field --- lib/devise/models/database_authenticatable.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 7b1df7895..039cc977a 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -7,6 +7,10 @@ module Models # Authenticatable Module, responsible for hashing the password and # validating the authenticity of a user while signing in. # + # This module overrides the `password=` method and skips setting the password + # when Rails is setting attributes, instead it hashes the plaintext password + # and stores it in `encrypted_password` for legacy reasons. + # # == Options # # DatabaseAuthenticatable adds the following options to devise_for: From 63fe1a843f60c3cd1d89731ab82bcc44e1a653e5 Mon Sep 17 00:00:00 2001 From: Petrik Date: Thu, 12 Mar 2020 16:16:55 +0100 Subject: [PATCH 037/299] Explain how changing stretches affects existing password hashes --- lib/generators/templates/devise.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 0c971902b..1dbaddaa6 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -114,6 +114,9 @@ # ==> Configuration for :database_authenticatable # For bcrypt, this is the cost for hashing the password and defaults to 12. If # using other algorithms, it sets how many times you want the password to be hashed. + # The number of stretches used for generating the hashed password are stored + # with the hashed password. This allows you to change the stretches without + # invalidating existing passwords. # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use From eefae83c923454b2410d110fa678c238b630a0eb Mon Sep 17 00:00:00 2001 From: unleashy Date: Thu, 12 Mar 2020 15:52:51 -0300 Subject: [PATCH 038/299] Make a more accurate claim --- lib/devise/models/database_authenticatable.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 039cc977a..58bac413a 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -7,9 +7,9 @@ module Models # Authenticatable Module, responsible for hashing the password and # validating the authenticity of a user while signing in. # - # This module overrides the `password=` method and skips setting the password - # when Rails is setting attributes, instead it hashes the plaintext password - # and stores it in `encrypted_password` for legacy reasons. + # This module defines a `password=` method. This method will hash the argument + # and store it in the `encrypted_password` column, bypassing any pre-existing + # `password` column if it exists. # # == Options # From 6851f1d1c45ac9400d0610b64145f0b23195129d Mon Sep 17 00:00:00 2001 From: Gaspard d'Hautefeuille Date: Thu, 26 Mar 2020 16:56:45 +0000 Subject: [PATCH 039/299] Deprecation warning: Expected string default value for '--orm' --- lib/generators/devise/devise_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index 79f860ba9..55a7a7d48 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -13,7 +13,7 @@ class DeviseGenerator < Rails::Generators::NamedBase desc "Generates a model with the given NAME (if one does not exist) with devise " \ "configuration plus a migration file and devise routes." - hook_for :orm + hook_for :orm, required: true, desc: "ORM to be invoked" class_option :routes, desc: "Generate routes", type: :boolean, default: true From d65bb156c1f9f0256da313f5a6c52b23b08a255d Mon Sep 17 00:00:00 2001 From: HLFH Date: Sat, 28 Mar 2020 09:13:35 +0000 Subject: [PATCH 040/299] type: :boolean for :orm --- lib/generators/devise/devise_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index 55a7a7d48..625b6db76 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -13,7 +13,7 @@ class DeviseGenerator < Rails::Generators::NamedBase desc "Generates a model with the given NAME (if one does not exist) with devise " \ "configuration plus a migration file and devise routes." - hook_for :orm, required: true, desc: "ORM to be invoked" + hook_for :orm, type: :boolean class_option :routes, desc: "Generate routes", type: :boolean, default: true From 1f30f6fa8521aae0fca658208da8f55b47f39878 Mon Sep 17 00:00:00 2001 From: Hiroyuki Morita Date: Thu, 23 Apr 2020 08:19:21 +0900 Subject: [PATCH 041/299] Remove unused method from Devise::Generators::InstallGenerator `rails_4?` is not called anymore since 2024fca4dfa3323070c3477e262b8422cadf6a42. --- lib/generators/devise/install_generator.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index f81494d6b..5f091893d 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -37,10 +37,6 @@ def copy_locale def show_readme readme "README" if behavior == :invoke end - - def rails_4? - Rails::VERSION::MAJOR == 4 - end end end end From 64ea43f6ab80325a9fa6a585574e0f4b241b3a0a Mon Sep 17 00:00:00 2001 From: OKURA Masafumi Date: Fri, 1 May 2020 16:48:17 +0900 Subject: [PATCH 042/299] Correct warden URL in README [ci skip] Warden moved to its own organization so we should follow it. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 35608bcbe..ac2a1d7cc 100644 --- a/README.md +++ b/README.md @@ -741,7 +741,7 @@ Read more about the potential issues at http://guides.rubyonrails.org/asset_pipe Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here: -https://github.com/hassox/warden +https://github.com/wardencommunity/warden ### Contributors From 9437f2de57a05d35e007d4fbce2ddc40355bc918 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:25:08 -0300 Subject: [PATCH 043/299] Test with Ruby 2.7 --- .travis.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.travis.yml b/.travis.yml index a3cd864c2..f9e8d5474 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,7 @@ rvm: - 2.4.5 - 2.5.3 - 2.6.0 + - 2.7.1 - ruby-head gemfile: @@ -45,6 +46,16 @@ matrix: gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.6.0 gemfile: gemfiles/Gemfile.rails-4.2-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.2-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.0-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: ruby-head gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: ruby-head From e3f4beced4749832a071d0b5b75f61c3c1a85552 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:33:09 -0300 Subject: [PATCH 044/299] Add Rails 5.1 to the matrix Not sure how/when this one was removed, probably just mistakenly, so let's add it back for now, at least while we support multiple old Ruby / Rails versions. (which I plan to remove support in the near future.) --- .travis.yml | 7 + gemfiles/Gemfile.rails-5.1-stable | 27 ++++ gemfiles/Gemfile.rails-5.1-stable.lock | 193 +++++++++++++++++++++++++ 3 files changed, 227 insertions(+) create mode 100644 gemfiles/Gemfile.rails-5.1-stable create mode 100644 gemfiles/Gemfile.rails-5.1-stable.lock diff --git a/.travis.yml b/.travis.yml index f9e8d5474..06d922424 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,7 @@ gemfile: - Gemfile - gemfiles/Gemfile.rails-6.0-stable - gemfiles/Gemfile.rails-5.2-stable + - gemfiles/Gemfile.rails-5.1-stable - gemfiles/Gemfile.rails-5.0-stable - gemfiles/Gemfile.rails-4.2-stable - gemfiles/Gemfile.rails-4.1-stable @@ -26,6 +27,8 @@ matrix: gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.2-stable + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.1-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-5.0-stable - rvm: 2.2.10 @@ -54,6 +57,8 @@ matrix: gemfile: gemfiles/Gemfile.rails-4.2-stable - rvm: 2.7.1 gemfile: gemfiles/Gemfile.rails-5.0-stable + - rvm: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.1-stable - rvm: 2.7.1 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: ruby-head @@ -64,6 +69,8 @@ matrix: gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.0-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.1-stable - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile.rails-5.1-stable new file mode 100644 index 000000000..70c21f0f0 --- /dev/null +++ b/gemfiles/Gemfile.rails-5.1-stable @@ -0,0 +1,27 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '~> 5.1.0' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing" + +gem "responders", "~> 2.1" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false + gem 'test_after_commit', require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.3.6" +end diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock new file mode 100644 index 000000000..a992f85dd --- /dev/null +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -0,0 +1,193 @@ +GIT + remote: https://github.com/rails/activemodel-serializers-xml.git + revision: 93689638c28525acc65afb638fce866826532641 + specs: + activemodel-serializers-xml (1.0.2) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) + builder (~> 3.1) + +PATH + remote: .. + specs: + devise (4.7.1) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + actioncable (5.1.7) + actionpack (= 5.1.7) + nio4r (~> 2.0) + websocket-driver (~> 0.6.1) + actionmailer (5.1.7) + actionpack (= 5.1.7) + actionview (= 5.1.7) + activejob (= 5.1.7) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (5.1.7) + actionview (= 5.1.7) + activesupport (= 5.1.7) + rack (~> 2.0) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.2) + actionview (5.1.7) + activesupport (= 5.1.7) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.0.3) + activejob (5.1.7) + activesupport (= 5.1.7) + globalid (>= 0.3.6) + activemodel (5.1.7) + activesupport (= 5.1.7) + activerecord (5.1.7) + activemodel (= 5.1.7) + activesupport (= 5.1.7) + arel (~> 8.0) + activesupport (5.1.7) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + arel (8.0.0) + bcrypt (3.1.13) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) + faraday (1.0.1) + multipart-post (>= 1.2, < 3) + globalid (0.4.2) + activesupport (>= 4.2.0) + hashie (4.1.0) + i18n (1.8.3) + concurrent-ruby (~> 1.0) + jwt (2.2.1) + loofah (2.5.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + method_source (1.0.0) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) + multi_xml (0.6.0) + multipart-post (2.1.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.9.1) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + omniauth-facebook (6.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack (2.2.2) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (5.1.7) + actioncable (= 5.1.7) + actionmailer (= 5.1.7) + actionpack (= 5.1.7) + actionview (= 5.1.7) + activejob (= 5.1.7) + activemodel (= 5.1.7) + activerecord (= 5.1.7) + activesupport (= 5.1.7) + bundler (>= 1.3.0) + railties (= 5.1.7) + sprockets-rails (>= 2.0.0) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.1.7) + actionpack (= 5.1.7) + activesupport (= 5.1.7) + method_source + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + rake (13.0.1) + rdoc (6.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.9.2) + sprockets (4.0.1) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.3.13) + test_after_commit (1.1.0) + activerecord (>= 3.2) + thor (1.0.1) + thread_safe (0.3.6) + timecop (0.9.1) + tzinfo (1.2.7) + thread_safe (~> 0.1) + warden (1.2.8) + rack (>= 2.0.6) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + websocket-driver (0.6.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + devise! + mocha (~> 1.1) + omniauth + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails (~> 5.1.0) + rails-controller-testing + rdoc + responders (~> 2.1) + sqlite3 (~> 1.3.6) + test_after_commit + timecop + webrat (= 0.7.3) + +BUNDLED WITH + 1.17.3 From 1a83b58d7253906f2cebb58dff4c3327b5d8712e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:36:09 -0300 Subject: [PATCH 045/299] Remove Rails 6 from allow failures Rails 6 is officially supported, so tests must pass with it. --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 06d922424..5ab3b9a05 100644 --- a/.travis.yml +++ b/.travis.yml @@ -77,7 +77,6 @@ matrix: gemfile: gemfiles/Gemfile.rails-6.0-stable allow_failures: - rvm: ruby-head - - gemfile: gemfiles/Gemfile.rails-6.0-stable services: - mongodb From 2e3b70ca62ef23557643f827b864dc6fa00ec535 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:40:27 -0300 Subject: [PATCH 046/299] Update Ruby versions to test against --- .travis.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5ab3b9a05..3a420e339 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,9 +4,9 @@ rvm: - 2.1.10 - 2.2.10 - 2.3.8 - - 2.4.5 - - 2.5.3 - - 2.6.0 + - 2.4.10 + - 2.5.8 + - 2.6.6 - 2.7.1 - ruby-head @@ -39,15 +39,15 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.4.5 + - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.4.5 + - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.5.3 + - rvm: 2.5.8 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.6.0 + - rvm: 2.6.6 gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.6.0 + - rvm: 2.6.6 gemfile: gemfiles/Gemfile.rails-4.2-stable - rvm: 2.7.1 gemfile: gemfiles/Gemfile.rails-4.1-stable From a3d9161712dc27f5c0cea4e0f3c2602e9cc803af Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 10:45:24 -0300 Subject: [PATCH 047/299] Bundle update everything --- Gemfile.lock | 194 ++++++++++++------------- gemfiles/Gemfile.rails-4.1-stable.lock | 119 ++++++++------- gemfiles/Gemfile.rails-4.2-stable.lock | 151 ++++++++++--------- gemfiles/Gemfile.rails-5.0-stable.lock | 183 ++++++++++++----------- gemfiles/Gemfile.rails-5.2-stable | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 184 ++++++++++++----------- gemfiles/Gemfile.rails-6.0-stable.lock | 174 +++++++++++----------- 7 files changed, 498 insertions(+), 509 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index aaac95852..957127dee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,10 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531 + revision: 93689638c28525acc65afb638fce866826532641 specs: - activemodel-serializers-xml (1.0.1) - activemodel (> 5.x) - activesupport (> 5.x) + activemodel-serializers-xml (1.0.2) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) builder (~> 3.1) PATH @@ -20,141 +20,139 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.0) - actionpack (= 5.2.0) + actioncable (5.2.4.3) + actionpack (= 5.2.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.0) - actionpack (= 5.2.0) - actionview (= 5.2.0) - activejob (= 5.2.0) + actionmailer (5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.0) - actionview (= 5.2.0) - activesupport (= 5.2.0) - rack (~> 2.0) + actionpack (5.2.4.3) + actionview (= 5.2.4.3) + activesupport (= 5.2.4.3) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.0) - activesupport (= 5.2.0) + actionview (5.2.4.3) + activesupport (= 5.2.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.0) - activesupport (= 5.2.0) + activejob (5.2.4.3) + activesupport (= 5.2.4.3) globalid (>= 0.3.6) - activemodel (5.2.0) - activesupport (= 5.2.0) - activerecord (5.2.0) - activemodel (= 5.2.0) - activesupport (= 5.2.0) + activemodel (5.2.4.3) + activesupport (= 5.2.4.3) + activerecord (5.2.4.3) + activemodel (= 5.2.4.3) + activesupport (= 5.2.4.3) arel (>= 9.0) - activestorage (5.2.0) - actionpack (= 5.2.0) - activerecord (= 5.2.0) + activestorage (5.2.4.3) + actionpack (= 5.2.4.3) + activerecord (= 5.2.4.3) marcel (~> 0.3.1) - activesupport (5.2.0) + activesupport (5.2.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) bcrypt (3.1.13) - builder (3.2.3) - concurrent-ruby (1.0.5) - crass (1.0.4) - erubi (1.7.1) - faraday (0.11.0) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - globalid (0.4.1) + globalid (0.4.2) activesupport (>= 4.2.0) - hashie (3.5.7) - i18n (1.0.0) + hashie (4.1.0) + i18n (1.8.3) concurrent-ruby (~> 1.0) - jwt (1.5.6) - loofah (2.2.2) + jwt (2.2.1) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.0) + mail (2.7.1) mini_mime (>= 0.1.1) - marcel (0.3.2) + marcel (0.3.3) mimemagic (~> 0.3.2) - metaclass (0.0.4) - method_source (0.9.0) - mimemagic (0.3.2) - mini_mime (1.0.0) - mini_portile2 (2.3.0) - minitest (5.11.3) - mocha (1.2.1) - metaclass (~> 0.0.1) - multi_json (1.12.1) + method_source (1.0.0) + mimemagic (0.3.5) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) - nio4r (2.3.0) - nokogiri (1.8.2) - mini_portile2 (~> 2.3.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + multipart-post (2.1.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.8.1) - hashie (>= 3.4.6, < 3.6.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) - omniauth (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.4) + rack (2.2.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-test (1.0.0) + rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.0) - actioncable (= 5.2.0) - actionmailer (= 5.2.0) - actionpack (= 5.2.0) - actionview (= 5.2.0) - activejob (= 5.2.0) - activemodel (= 5.2.0) - activerecord (= 5.2.0) - activestorage (= 5.2.0) - activesupport (= 5.2.0) + rails (5.2.4.3) + actioncable (= 5.2.4.3) + actionmailer (= 5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) + activemodel (= 5.2.4.3) + activerecord (= 5.2.4.3) + activestorage (= 5.2.4.3) + activesupport (= 5.2.4.3) bundler (>= 1.3.0) - railties (= 5.2.0) + railties (= 5.2.4.3) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.1) - actionpack (~> 5.x) - actionview (~> 5.x) - activesupport (~> 5.x) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) - loofah (~> 2.2, >= 2.2.2) - railties (5.2.0) - actionpack (= 5.2.0) - activesupport (= 5.2.0) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.3) + actionpack (= 5.2.4.3) + activesupport (= 5.2.4.3) method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (12.3.1) - rdoc (5.1.0) - responders (2.4.0) - actionpack (>= 4.2.0, < 5.3) - railties (>= 4.2.0, < 5.3) - ruby-openid (2.7.0) - sprockets (3.7.1) + thor (>= 0.19.0, < 2.0) + rake (13.0.1) + rdoc (6.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -162,20 +160,20 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - thor (0.20.0) + thor (1.0.1) thread_safe (0.3.6) - timecop (0.8.1) - tzinfo (1.2.5) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) + warden (1.2.8) + rack (>= 2.0.6) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.0) + websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.5) PLATFORMS ruby diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index dbdfe0f87..081d634b5 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -7,6 +7,28 @@ GIT actionpack (= 4.1.16) actionview (= 4.1.16) mail (~> 2.5, >= 2.5.4) + actionpack (4.1.16) + actionview (= 4.1.16) + activesupport (= 4.1.16) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + actionview (4.1.16) + activesupport (= 4.1.16) + builder (~> 3.1) + erubis (~> 2.7.0) + activemodel (4.1.16) + activesupport (= 4.1.16) + builder (~> 3.1) + activerecord (4.1.16) + activemodel (= 4.1.16) + activesupport (= 4.1.16) + arel (~> 5.0.0) + activesupport (4.1.16) + i18n (~> 0.6, >= 0.6.9) + json (~> 1.7, >= 1.7.7) + minitest (~> 5.1) + thread_safe (~> 0.1) + tzinfo (~> 1.1) rails (4.1.16) actionmailer (= 4.1.16) actionpack (= 4.1.16) @@ -17,6 +39,11 @@ GIT bundler (>= 1.3.0, < 2.0) railties (= 4.1.16) sprockets-rails (~> 2.0) + railties (4.1.16) + actionpack (= 4.1.16) + activesupport (= 4.1.16) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) PATH remote: .. @@ -31,51 +58,26 @@ PATH GEM remote: https://rubygems.org/ specs: - actionpack (4.1.16) - actionview (= 4.1.16) - activesupport (= 4.1.16) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - actionview (4.1.16) - activesupport (= 4.1.16) - builder (~> 3.1) - erubis (~> 2.7.0) - activemodel (4.1.16) - activesupport (= 4.1.16) - builder (~> 3.1) - activerecord (4.1.16) - activemodel (= 4.1.16) - activesupport (= 4.1.16) - arel (~> 5.0.0) - activesupport (4.1.16) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.1) - tzinfo (~> 1.1) arel (5.0.1.20140414130214) bcrypt (3.1.13) - bson (3.2.6) - builder (3.2.3) - concurrent-ruby (1.0.5) - connection_pool (2.2.1) + bson (3.2.7) + builder (3.2.4) + concurrent-ruby (1.1.6) + connection_pool (2.2.3) erubis (2.7.0) - faraday (0.11.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - hashie (3.5.5) - i18n (0.8.1) + hashie (3.6.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) json (1.8.6) - jwt (1.5.6) - mail (2.6.4) - mime-types (>= 1.16, < 4) - metaclass (0.0.4) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) + jwt (2.2.1) + mail (2.7.1) + mini_mime (>= 0.1.1) + mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.10.1) - mocha (1.2.1) - metaclass (~> 0.0.1) + minitest (5.14.1) + mocha (1.11.2) mongoid (4.0.2) activemodel (~> 4.0) moped (~> 2.0.0) @@ -85,30 +87,30 @@ GEM bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.12.1) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) + multipart-post (2.1.1) nokogiri (1.9.1) mini_portile2 (~> 2.4.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) omniauth (1.4.2) hashie (>= 1.2, < 4) rack (>= 1.0, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) + omniauth-oauth2 (1.5.0) + oauth2 (~> 1.1) omniauth (~> 1.2) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.3.0) + origin (2.3.1) orm_adapter (0.5.0) rack (1.5.5) rack-openid (1.3.1) @@ -116,17 +118,12 @@ GEM ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - railties (4.1.16) - actionpack (= 4.1.16) - activesupport (= 4.1.16) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (12.0.0) + rake (13.0.1) rdoc (5.1.0) responders (1.1.2) railties (>= 3.2, < 4.2) - ruby-openid (2.7.0) - sprockets (3.7.1) + ruby-openid (2.9.2) + sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (2.3.3) @@ -134,12 +131,12 @@ GEM activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) - thor (0.19.4) + test_after_commit (1.2.2) + activerecord (>= 3.2, < 5.0) + thor (1.0.1) thread_safe (0.3.6) - timecop (0.8.1) - tzinfo (1.2.2) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) warden (1.2.7) rack (>= 1.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index f0aa86518..7ad16cca5 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,56 +1,56 @@ GIT remote: git://github.com/rails/rails.git - revision: dc3ae21802c316e1639239d28202db7aa7fb7cac + revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997 branch: 4-2-stable specs: - actionmailer (4.2.8) - actionpack (= 4.2.8) - actionview (= 4.2.8) - activejob (= 4.2.8) + actionmailer (4.2.11.3) + actionpack (= 4.2.11.3) + actionview (= 4.2.11.3) + activejob (= 4.2.11.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.8) - actionview (= 4.2.8) - activesupport (= 4.2.8) + actionpack (4.2.11.3) + actionview (= 4.2.11.3) + activesupport (= 4.2.11.3) rack (~> 1.6) rack-test (~> 0.6.2) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.8) - activesupport (= 4.2.8) + actionview (4.2.11.3) + activesupport (= 4.2.11.3) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 1.0, >= 1.0.5) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (4.2.8) - activesupport (= 4.2.8) + activejob (4.2.11.3) + activesupport (= 4.2.11.3) globalid (>= 0.3.0) - activemodel (4.2.8) - activesupport (= 4.2.8) + activemodel (4.2.11.3) + activesupport (= 4.2.11.3) builder (~> 3.1) - activerecord (4.2.8) - activemodel (= 4.2.8) - activesupport (= 4.2.8) + activerecord (4.2.11.3) + activemodel (= 4.2.11.3) + activesupport (= 4.2.11.3) arel (~> 6.0) - activesupport (4.2.8) + activesupport (4.2.11.3) i18n (~> 0.7) minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - rails (4.2.8) - actionmailer (= 4.2.8) - actionpack (= 4.2.8) - actionview (= 4.2.8) - activejob (= 4.2.8) - activemodel (= 4.2.8) - activerecord (= 4.2.8) - activesupport (= 4.2.8) + rails (4.2.11.3) + actionmailer (= 4.2.11.3) + actionpack (= 4.2.11.3) + actionview (= 4.2.11.3) + activejob (= 4.2.11.3) + activemodel (= 4.2.11.3) + activerecord (= 4.2.11.3) + activesupport (= 4.2.11.3) bundler (>= 1.3.0, < 2.0) - railties (= 4.2.8) + railties (= 4.2.11.3) sprockets-rails - railties (4.2.8) - actionpack (= 4.2.8) - activesupport (= 4.2.8) + railties (4.2.11.3) + actionpack (= 4.2.11.3) + activesupport (= 4.2.11.3) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) @@ -69,30 +69,29 @@ GEM specs: arel (6.0.4) bcrypt (3.1.13) - bson (3.2.6) - builder (3.2.3) - concurrent-ruby (1.0.5) - connection_pool (2.2.1) + bson (3.2.7) + builder (3.2.4) + concurrent-ruby (1.1.6) + connection_pool (2.2.3) + crass (1.0.6) erubis (2.7.0) - faraday (0.11.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - globalid (0.3.7) - activesupport (>= 4.1.0) - hashie (3.5.5) - i18n (0.8.1) - jwt (1.5.6) - loofah (2.0.3) + globalid (0.4.2) + activesupport (>= 4.2.0) + hashie (4.1.0) + i18n (0.9.5) + concurrent-ruby (~> 1.0) + jwt (2.2.1) + loofah (2.5.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.4) - mime-types (>= 1.16, < 4) - metaclass (0.0.4) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) + mail (2.7.1) + mini_mime (>= 0.1.1) + mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.10.1) - mocha (1.2.1) - metaclass (~> 0.0.1) + minitest (5.14.1) + mocha (1.11.2) mongoid (4.0.2) activemodel (~> 4.0) moped (~> 2.0.0) @@ -102,32 +101,32 @@ GEM bson (~> 3.0) connection_pool (~> 2.0) optionable (~> 0.2.0) - multi_json (1.12.1) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) + multipart-post (2.1.1) nokogiri (1.9.1) mini_portile2 (~> 2.4.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.6.1) - hashie (>= 3.4.6, < 3.6.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) - omniauth (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) optionable (0.2.0) - origin (2.3.0) + origin (2.3.1) orm_adapter (0.5.0) - rack (1.6.5) + rack (1.6.13) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -135,32 +134,32 @@ GEM rack (>= 1.0) rails-deprecated_sanitizer (1.0.3) activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.8) - activesupport (>= 4.2.0.beta, < 5.0) + rails-dom-testing (1.0.9) + activesupport (>= 4.2.0, < 5.0) nokogiri (~> 1.6) rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - rake (12.0.0) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + rake (13.0.1) rdoc (5.1.0) responders (2.4.1) actionpack (>= 4.2.0, < 6.0) railties (>= 4.2.0, < 6.0) - ruby-openid (2.7.0) - sprockets (3.7.1) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) - thor (0.19.4) + test_after_commit (1.2.2) + activerecord (>= 3.2, < 5.0) + thor (1.0.1) thread_safe (0.3.6) - timecop (0.8.1) - tzinfo (1.2.2) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) warden (1.2.7) rack (>= 1.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 9d0b936c2..be02fd054 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -1,10 +1,10 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: dd9c0acf26aab111ebc647cd8deb99ebc6946531 + revision: 93689638c28525acc65afb638fce866826532641 specs: - activemodel-serializers-xml (1.0.1) - activemodel (> 5.x) - activesupport (> 5.x) + activemodel-serializers-xml (1.0.2) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) builder (~> 3.1) PATH @@ -20,155 +20,154 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.0.2) - actionpack (= 5.0.2) + actioncable (5.0.7.2) + actionpack (= 5.0.7.2) nio4r (>= 1.2, < 3.0) websocket-driver (~> 0.6.1) - actionmailer (5.0.2) - actionpack (= 5.0.2) - actionview (= 5.0.2) - activejob (= 5.0.2) + actionmailer (5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.0.2) - actionview (= 5.0.2) - activesupport (= 5.0.2) + actionpack (5.0.7.2) + actionview (= 5.0.7.2) + activesupport (= 5.0.7.2) rack (~> 2.0) rack-test (~> 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.2) - activesupport (= 5.0.2) + actionview (5.0.7.2) + activesupport (= 5.0.7.2) builder (~> 3.1) erubis (~> 2.7.0) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.0.2) - activesupport (= 5.0.2) + activejob (5.0.7.2) + activesupport (= 5.0.7.2) globalid (>= 0.3.6) - activemodel (5.0.2) - activesupport (= 5.0.2) - activerecord (5.0.2) - activemodel (= 5.0.2) - activesupport (= 5.0.2) + activemodel (5.0.7.2) + activesupport (= 5.0.7.2) + activerecord (5.0.7.2) + activemodel (= 5.0.7.2) + activesupport (= 5.0.7.2) arel (~> 7.0) - activesupport (5.0.2) + activesupport (5.0.7.2) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) arel (7.1.4) bcrypt (3.1.13) - builder (3.2.3) - concurrent-ruby (1.0.5) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) erubis (2.7.0) - faraday (0.11.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - globalid (0.4.0) + globalid (0.4.2) activesupport (>= 4.2.0) - hashie (3.5.5) - i18n (0.8.1) - jwt (1.5.6) - loofah (2.0.3) + hashie (4.1.0) + i18n (1.8.3) + concurrent-ruby (~> 1.0) + jwt (2.2.1) + loofah (2.5.0) + crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.6.5) - mime-types (>= 1.16, < 4) - metaclass (0.0.4) - method_source (0.8.2) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_portile2 (2.1.0) - minitest (5.10.1) - mocha (1.2.1) - metaclass (~> 0.0.1) - multi_json (1.12.1) + mail (2.7.1) + mini_mime (>= 0.1.1) + method_source (1.0.0) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) - nio4r (2.0.0) - nokogiri (1.7.2) - mini_portile2 (~> 2.1.0) - oauth2 (1.3.1) - faraday (>= 0.8, < 0.12) - jwt (~> 1.0) + multipart-post (2.1.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.6.1) - hashie (>= 3.4.6, < 3.6.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (4.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.4.0) - oauth2 (~> 1.0) - omniauth (~> 1.2) + omniauth-oauth2 (1.6.0) + oauth2 (~> 1.1) + omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.2) + rack (2.2.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (0.6.3) rack (>= 1.0) - rails (5.0.2) - actioncable (= 5.0.2) - actionmailer (= 5.0.2) - actionpack (= 5.0.2) - actionview (= 5.0.2) - activejob (= 5.0.2) - activemodel (= 5.0.2) - activerecord (= 5.0.2) - activesupport (= 5.0.2) - bundler (>= 1.3.0, < 2.0) - railties (= 5.0.2) + rails (5.0.7.2) + actioncable (= 5.0.7.2) + actionmailer (= 5.0.7.2) + actionpack (= 5.0.7.2) + actionview (= 5.0.7.2) + activejob (= 5.0.7.2) + activemodel (= 5.0.7.2) + activerecord (= 5.0.7.2) + activesupport (= 5.0.7.2) + bundler (>= 1.3.0) + railties (= 5.0.7.2) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.1) - actionpack (~> 5.x) - actionview (~> 5.x) - activesupport (~> 5.x) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - railties (5.0.2) - actionpack (= 5.0.2) - activesupport (= 5.0.2) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.0.7.2) + actionpack (= 5.0.7.2) + activesupport (= 5.0.7.2) method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) - rake (12.0.0) - rdoc (5.1.0) - responders (2.4.0) - actionpack (>= 4.2.0, < 5.3) - railties (>= 4.2.0, < 5.3) - ruby-openid (2.7.0) - sprockets (3.7.1) + rake (13.0.1) + rdoc (6.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.0) + sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) test_after_commit (1.1.0) activerecord (>= 3.2) - thor (0.19.4) + thor (1.0.1) thread_safe (0.3.6) - timecop (0.8.1) - tzinfo (1.2.3) + timecop (0.9.1) + tzinfo (1.2.7) thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) + warden (1.2.8) + rack (>= 2.0.6) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) websocket-driver (0.6.5) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.2) + websocket-extensions (0.1.5) PLATFORMS ruby diff --git a/gemfiles/Gemfile.rails-5.2-stable b/gemfiles/Gemfile.rails-5.2-stable index 3fc1bb7ca..5f472c81e 100644 --- a/gemfiles/Gemfile.rails-5.2-stable +++ b/gemfiles/Gemfile.rails-5.2-stable @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 5.2' +gem "rails", '~> 5.2.0' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 629971f41..4e46928a4 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -1,10 +1,10 @@ GIT remote: git://github.com/rails/activemodel-serializers-xml.git - revision: f744aeca2747ed3134e492249c4ee39b548efdf6 + revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) - activemodel (> 5.x) - activesupport (> 5.x) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) builder (~> 3.1) PATH @@ -20,141 +20,139 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.1) - actionpack (= 5.2.1) + actioncable (5.2.4.3) + actionpack (= 5.2.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.1) - actionpack (= 5.2.1) - actionview (= 5.2.1) - activejob (= 5.2.1) + actionmailer (5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.1) - actionview (= 5.2.1) - activesupport (= 5.2.1) - rack (~> 2.0) + actionpack (5.2.4.3) + actionview (= 5.2.4.3) + activesupport (= 5.2.4.3) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.1) - activesupport (= 5.2.1) + actionview (5.2.4.3) + activesupport (= 5.2.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.1) - activesupport (= 5.2.1) + activejob (5.2.4.3) + activesupport (= 5.2.4.3) globalid (>= 0.3.6) - activemodel (5.2.1) - activesupport (= 5.2.1) - activerecord (5.2.1) - activemodel (= 5.2.1) - activesupport (= 5.2.1) + activemodel (5.2.4.3) + activesupport (= 5.2.4.3) + activerecord (5.2.4.3) + activemodel (= 5.2.4.3) + activesupport (= 5.2.4.3) arel (>= 9.0) - activestorage (5.2.1) - actionpack (= 5.2.1) - activerecord (= 5.2.1) + activestorage (5.2.4.3) + actionpack (= 5.2.4.3) + activerecord (= 5.2.4.3) marcel (~> 0.3.1) - activesupport (5.2.1) + activesupport (5.2.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) arel (9.0.0) bcrypt (3.1.13) - builder (3.2.3) - concurrent-ruby (1.0.5) - crass (1.0.4) - erubi (1.7.1) - faraday (0.12.2) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) - globalid (0.4.1) + globalid (0.4.2) activesupport (>= 4.2.0) - hashie (3.5.7) - i18n (1.1.0) + hashie (4.1.0) + i18n (1.8.3) concurrent-ruby (~> 1.0) - jwt (1.5.6) - loofah (2.2.2) + jwt (2.2.1) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.0) + mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) - metaclass (0.0.4) - method_source (0.9.0) - mimemagic (0.3.2) - mini_mime (1.0.1) - mini_portile2 (2.3.0) - minitest (5.11.3) - mocha (1.7.0) - metaclass (~> 0.0.1) - multi_json (1.13.1) + method_source (1.0.0) + mimemagic (0.3.5) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) multi_xml (0.6.0) - multipart-post (2.0.0) - nio4r (2.3.1) - nokogiri (1.8.5) - mini_portile2 (~> 2.3.0) - oauth2 (1.4.0) - faraday (>= 0.8, < 0.13) - jwt (~> 1.0) + multipart-post (2.1.1) + nio4r (2.5.2) + nokogiri (1.10.9) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.8.1) - hashie (>= 3.4.6, < 3.6.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (5.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.5.0) + omniauth-oauth2 (1.6.0) oauth2 (~> 1.1) - omniauth (~> 1.2) + omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.5) + rack (2.2.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.1) - actioncable (= 5.2.1) - actionmailer (= 5.2.1) - actionpack (= 5.2.1) - actionview (= 5.2.1) - activejob (= 5.2.1) - activemodel (= 5.2.1) - activerecord (= 5.2.1) - activestorage (= 5.2.1) - activesupport (= 5.2.1) + rails (5.2.4.3) + actioncable (= 5.2.4.3) + actionmailer (= 5.2.4.3) + actionpack (= 5.2.4.3) + actionview (= 5.2.4.3) + activejob (= 5.2.4.3) + activemodel (= 5.2.4.3) + activerecord (= 5.2.4.3) + activestorage (= 5.2.4.3) + activesupport (= 5.2.4.3) bundler (>= 1.3.0) - railties (= 5.2.1) + railties (= 5.2.4.3) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.2) - actionpack (~> 5.x, >= 5.0.1) - actionview (~> 5.x, >= 5.0.1) - activesupport (~> 5.x) + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.x) + actionview (>= 5.0.1.x) + activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.0.4) - loofah (~> 2.2, >= 2.2.2) - railties (5.2.1) - actionpack (= 5.2.1) - activesupport (= 5.2.1) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (5.2.4.3) + actionpack (= 5.2.4.3) + activesupport (= 5.2.4.3) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) - rake (12.3.1) - rdoc (6.0.4) - responders (2.4.0) - actionpack (>= 4.2.0, < 5.3) - railties (>= 4.2.0, < 5.3) - ruby-openid (2.7.0) - sprockets (3.7.2) + rake (13.0.1) + rdoc (6.2.1) + responders (2.4.1) + actionpack (>= 4.2.0, < 6.0) + railties (>= 4.2.0, < 6.0) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -164,20 +162,20 @@ GEM sqlite3 (1.3.13) test_after_commit (1.1.0) activerecord (>= 3.2) - thor (0.20.0) + thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) - tzinfo (1.2.5) + tzinfo (1.2.7) thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) + warden (1.2.8) + rack (>= 2.0.6) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.0) + websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.5) PLATFORMS ruby @@ -190,7 +188,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.2) + rails (~> 5.2.0) rails-controller-testing rdoc responders (~> 2.1) diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 103d67800..8c7ee0eb8 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -20,105 +20,103 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.0) - actionpack (= 6.0.0) + actioncable (6.0.3.1) + actionpack (= 6.0.3.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.0) - actionpack (= 6.0.0) - activejob (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) + actionmailbox (6.0.3.1) + actionpack (= 6.0.3.1) + activejob (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) mail (>= 2.7.1) - actionmailer (6.0.0) - actionpack (= 6.0.0) - actionview (= 6.0.0) - activejob (= 6.0.0) + actionmailer (6.0.3.1) + actionpack (= 6.0.3.1) + actionview (= 6.0.3.1) + activejob (= 6.0.3.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.0) - actionview (= 6.0.0) - activesupport (= 6.0.0) - rack (~> 2.0) + actionpack (6.0.3.1) + actionview (= 6.0.3.1) + activesupport (= 6.0.3.1) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.0) - actionpack (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) + actiontext (6.0.3.1) + actionpack (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) nokogiri (>= 1.8.5) - actionview (6.0.0) - activesupport (= 6.0.0) + actionview (6.0.3.1) + activesupport (= 6.0.3.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.0) - activesupport (= 6.0.0) + activejob (6.0.3.1) + activesupport (= 6.0.3.1) globalid (>= 0.3.6) - activemodel (6.0.0) - activesupport (= 6.0.0) - activerecord (6.0.0) - activemodel (= 6.0.0) - activesupport (= 6.0.0) - activestorage (6.0.0) - actionpack (= 6.0.0) - activejob (= 6.0.0) - activerecord (= 6.0.0) + activemodel (6.0.3.1) + activesupport (= 6.0.3.1) + activerecord (6.0.3.1) + activemodel (= 6.0.3.1) + activesupport (= 6.0.3.1) + activestorage (6.0.3.1) + actionpack (= 6.0.3.1) + activejob (= 6.0.3.1) + activerecord (= 6.0.3.1) marcel (~> 0.3.1) - activesupport (6.0.0) + activesupport (6.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - zeitwerk (~> 2.1, >= 2.1.8) + zeitwerk (~> 2.2, >= 2.2.2) bcrypt (3.1.13) - builder (3.2.3) - concurrent-ruby (1.1.5) - crass (1.0.4) - erubi (1.8.0) - faraday (0.15.4) + builder (3.2.4) + concurrent-ruby (1.1.6) + crass (1.0.6) + erubi (1.9.0) + faraday (1.0.1) multipart-post (>= 1.2, < 3) globalid (0.4.2) activesupport (>= 4.2.0) - hashie (3.6.0) - i18n (1.6.0) + hashie (4.1.0) + i18n (1.8.3) concurrent-ruby (~> 1.0) jwt (2.2.1) - loofah (2.2.3) + loofah (2.5.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) - metaclass (0.0.4) - method_source (0.9.2) - mimemagic (0.3.3) + method_source (1.0.0) + mimemagic (0.3.5) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.11.3) - mocha (1.9.0) - metaclass (~> 0.0.1) - multi_json (1.13.1) + minitest (5.14.1) + mocha (1.11.2) + multi_json (1.14.1) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.4.0) - nokogiri (1.10.4) + nio4r (2.5.2) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) - oauth2 (1.4.1) - faraday (>= 0.8, < 0.16.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.9.0) - hashie (>= 3.4.6, < 3.7.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (5.0.0) + omniauth-facebook (6.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.6.0) oauth2 (~> 1.1) @@ -127,26 +125,26 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.0.7) + rack (2.2.2) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.0) - actioncable (= 6.0.0) - actionmailbox (= 6.0.0) - actionmailer (= 6.0.0) - actionpack (= 6.0.0) - actiontext (= 6.0.0) - actionview (= 6.0.0) - activejob (= 6.0.0) - activemodel (= 6.0.0) - activerecord (= 6.0.0) - activestorage (= 6.0.0) - activesupport (= 6.0.0) + rails (6.0.3.1) + actioncable (= 6.0.3.1) + actionmailbox (= 6.0.3.1) + actionmailer (= 6.0.3.1) + actionpack (= 6.0.3.1) + actiontext (= 6.0.3.1) + actionview (= 6.0.3.1) + activejob (= 6.0.3.1) + activemodel (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) bundler (>= 1.3.0) - railties (= 6.0.0) + railties (= 6.0.3.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -155,34 +153,34 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.2.0) - loofah (~> 2.2, >= 2.2.2) - railties (6.0.0) - actionpack (= 6.0.0) - activesupport (= 6.0.0) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (6.0.3.1) + actionpack (= 6.0.3.1) + activesupport (= 6.0.3.1) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) - rake (12.3.3) - rdoc (6.1.1) - responders (3.0.0) + rake (13.0.1) + rdoc (6.2.1) + responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) - ruby-openid (2.7.0) - sprockets (3.7.2) + ruby-openid (2.9.2) + sprockets (4.0.1) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.4.1) + sqlite3 (1.4.2) test_after_commit (1.1.0) activerecord (>= 3.2) - thor (0.20.3) + thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) - tzinfo (1.2.5) + tzinfo (1.2.7) thread_safe (~> 0.1) warden (1.2.8) rack (>= 2.0.6) @@ -190,10 +188,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.1) + websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.4) - zeitwerk (2.1.9) + websocket-extensions (0.1.5) + zeitwerk (2.3.0) PLATFORMS ruby From 22e2ab4be397cb692ceeaf822652b63583303cfa Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 11:08:48 -0300 Subject: [PATCH 048/299] Update `Gemfile` to point to Rails 6.0.x This is essentially the same as `gemfiles/Gemfile.rails-6.0-stable`, but I'm keeping both for now since I want to change the main `Gemfile` later to point to Rails master (`6.1.0.alpha`), so then I won't need to recreate the `6.0-stable` Gemfile again. --- .travis.yml | 6 ++- Gemfile | 21 +++++---- Gemfile.lock | 118 ++++++++++++++++++++++++++++----------------------- 3 files changed, 80 insertions(+), 65 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3a420e339..3d1b6451e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,12 +37,16 @@ matrix: gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable + - rvm: 2.3.8 + gemfile: Gemfile - rvm: 2.3.8 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: Gemfile - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-6.0-stable + - rvm: 2.4.10 + gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.5.8 gemfile: gemfiles/Gemfile.rails-4.1-stable - rvm: 2.6.6 diff --git a/Gemfile b/Gemfile index ce2e6ba02..8dac85157 100644 --- a/Gemfile +++ b/Gemfile @@ -4,9 +4,8 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 5.2" -gem "omniauth", "~> 1.3" -gem "oauth2" +gem "rails", "~> 6.0.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -14,7 +13,7 @@ gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" gem "rails-controller-testing" -gem "responders", "~> 2.4" +gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" @@ -24,16 +23,16 @@ group :test do gem "mocha", "~> 1.1", require: false end -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - platforms :ruby do - gem "sqlite3", "~> 1.3.6" + gem "sqlite3", "~> 1.4" end +# platforms :jruby do +# gem "activerecord-jdbc-adapter" +# gem "activerecord-jdbcsqlite3-adapter" +# gem "jruby-openssl" +# end + # TODO: # group :mongoid do # gem "mongoid", "~> 4.0.0" diff --git a/Gemfile.lock b/Gemfile.lock index 957127dee..0aa695de9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,48 +20,61 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (5.2.4.3) - actionpack (= 5.2.4.3) + actioncable (6.0.3.1) + actionpack (= 6.0.3.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.4.3) - actionpack (= 5.2.4.3) - actionview (= 5.2.4.3) - activejob (= 5.2.4.3) + actionmailbox (6.0.3.1) + actionpack (= 6.0.3.1) + activejob (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) + mail (>= 2.7.1) + actionmailer (6.0.3.1) + actionpack (= 6.0.3.1) + actionview (= 6.0.3.1) + activejob (= 6.0.3.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.4.3) - actionview (= 5.2.4.3) - activesupport (= 5.2.4.3) + actionpack (6.0.3.1) + actionview (= 6.0.3.1) + activesupport (= 6.0.3.1) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.3) - activesupport (= 5.2.4.3) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.0.3.1) + actionpack (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) + nokogiri (>= 1.8.5) + actionview (6.0.3.1) + activesupport (= 6.0.3.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.4.3) - activesupport (= 5.2.4.3) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.0.3.1) + activesupport (= 6.0.3.1) globalid (>= 0.3.6) - activemodel (5.2.4.3) - activesupport (= 5.2.4.3) - activerecord (5.2.4.3) - activemodel (= 5.2.4.3) - activesupport (= 5.2.4.3) - arel (>= 9.0) - activestorage (5.2.4.3) - actionpack (= 5.2.4.3) - activerecord (= 5.2.4.3) + activemodel (6.0.3.1) + activesupport (= 6.0.3.1) + activerecord (6.0.3.1) + activemodel (= 6.0.3.1) + activesupport (= 6.0.3.1) + activestorage (6.0.3.1) + actionpack (= 6.0.3.1) + activejob (= 6.0.3.1) + activerecord (= 6.0.3.1) marcel (~> 0.3.1) - activesupport (5.2.4.3) + activesupport (6.0.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - arel (9.0.0) + zeitwerk (~> 2.2, >= 2.2.2) bcrypt (3.1.13) builder (3.2.4) concurrent-ruby (1.1.6) @@ -118,18 +131,20 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.4.3) - actioncable (= 5.2.4.3) - actionmailer (= 5.2.4.3) - actionpack (= 5.2.4.3) - actionview (= 5.2.4.3) - activejob (= 5.2.4.3) - activemodel (= 5.2.4.3) - activerecord (= 5.2.4.3) - activestorage (= 5.2.4.3) - activesupport (= 5.2.4.3) + rails (6.0.3.1) + actioncable (= 6.0.3.1) + actionmailbox (= 6.0.3.1) + actionmailer (= 6.0.3.1) + actionpack (= 6.0.3.1) + actiontext (= 6.0.3.1) + actionview (= 6.0.3.1) + activejob (= 6.0.3.1) + activemodel (= 6.0.3.1) + activerecord (= 6.0.3.1) + activestorage (= 6.0.3.1) + activesupport (= 6.0.3.1) bundler (>= 1.3.0) - railties (= 5.2.4.3) + railties (= 6.0.3.1) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -140,17 +155,17 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (5.2.4.3) - actionpack (= 5.2.4.3) - activesupport (= 5.2.4.3) + railties (6.0.3.1) + actionpack (= 6.0.3.1) + activesupport (= 6.0.3.1) method_source rake (>= 0.8.7) - thor (>= 0.19.0, < 2.0) + thor (>= 0.20.3, < 2.0) rake (13.0.1) rdoc (6.2.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) ruby-openid (2.9.2) sprockets (4.0.1) concurrent-ruby (~> 1.0) @@ -159,7 +174,7 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.13) + sqlite3 (1.4.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -174,27 +189,24 @@ GEM websocket-driver (0.7.2) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) + zeitwerk (2.3.0) PLATFORMS ruby DEPENDENCIES activemodel-serializers-xml! - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter devise! - jruby-openssl mocha (~> 1.1) - oauth2 - omniauth (~> 1.3) + omniauth omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 5.2) + rails (~> 6.0.0) rails-controller-testing rdoc - responders (~> 2.4) - sqlite3 (~> 1.3.6) + responders (~> 3.0) + sqlite3 (~> 1.4) timecop webrat (= 0.7.3) From 26c7dffe2a8e0e5e3e51265cc26dc5973b04a709 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 11:12:16 -0300 Subject: [PATCH 049/299] Remove `test_after_commit` from Rails 5+ Gemfiles It is not required anymore since Rails does the right thing since Rails 5.0. --- gemfiles/Gemfile.rails-5.0-stable | 1 - gemfiles/Gemfile.rails-5.0-stable.lock | 3 --- gemfiles/Gemfile.rails-5.1-stable | 1 - gemfiles/Gemfile.rails-5.1-stable.lock | 5 +---- gemfiles/Gemfile.rails-5.2-stable | 1 - gemfiles/Gemfile.rails-5.2-stable.lock | 3 --- gemfiles/Gemfile.rails-6.0-stable | 1 - gemfiles/Gemfile.rails-6.0-stable.lock | 3 --- 8 files changed, 1 insertion(+), 17 deletions(-) diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile.rails-5.0-stable index 902ef21a5..dcd1ac14e 100644 --- a/gemfiles/Gemfile.rails-5.0-stable +++ b/gemfiles/Gemfile.rails-5.0-stable @@ -21,7 +21,6 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :ruby do diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index be02fd054..42e6ee41e 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -152,8 +152,6 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -185,7 +183,6 @@ DEPENDENCIES rdoc responders (~> 2.1) sqlite3 (~> 1.3.6) - test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile.rails-5.1-stable index 70c21f0f0..c2b8f523f 100644 --- a/gemfiles/Gemfile.rails-5.1-stable +++ b/gemfiles/Gemfile.rails-5.1-stable @@ -19,7 +19,6 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :ruby do diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index a992f85dd..4a6671824 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -1,5 +1,5 @@ GIT - remote: https://github.com/rails/activemodel-serializers-xml.git + remote: git://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) @@ -152,8 +152,6 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -185,7 +183,6 @@ DEPENDENCIES rdoc responders (~> 2.1) sqlite3 (~> 1.3.6) - test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-5.2-stable b/gemfiles/Gemfile.rails-5.2-stable index 5f472c81e..dbfbd5f6c 100644 --- a/gemfiles/Gemfile.rails-5.2-stable +++ b/gemfiles/Gemfile.rails-5.2-stable @@ -19,7 +19,6 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :ruby do diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 4e46928a4..e2e578abf 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -160,8 +160,6 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.13) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -193,7 +191,6 @@ DEPENDENCIES rdoc responders (~> 2.1) sqlite3 (~> 1.3.6) - test_after_commit timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile.rails-6.0-stable index cdef68f66..90f762d49 100644 --- a/gemfiles/Gemfile.rails-6.0-stable +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -19,7 +19,6 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false - gem 'test_after_commit', require: false end platforms :ruby do diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 8c7ee0eb8..4c515a68c 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -175,8 +175,6 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.4.2) - test_after_commit (1.1.0) - activerecord (>= 3.2) thor (1.0.1) thread_safe (0.3.6) timecop (0.9.1) @@ -209,7 +207,6 @@ DEPENDENCIES rdoc responders (~> 3.0) sqlite3 (~> 1.4) - test_after_commit timecop webrat (= 0.7.3) From e0b9915418ee71e6531c6b84ed3a1dad2eb981cf Mon Sep 17 00:00:00 2001 From: Vitalii Lazebnyi <> Date: Fri, 8 May 2020 03:53:12 +0300 Subject: [PATCH 050/299] #5234 fix. Deprecated warning at controller_helpers.rb --- lib/devise/test/controller_helpers.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index cd1a8be8e..eeef694d2 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -37,6 +37,8 @@ def process(*) @response end + ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true) + # We need to set up the environment variables and the response in the controller. def setup_controller_for_warden #:nodoc: @request.env['action_controller.instance'] = @controller From cb8c72171f3941125f02faa41e6bfce458a64697 Mon Sep 17 00:00:00 2001 From: David Auza Date: Fri, 5 Jun 2020 15:43:56 -0500 Subject: [PATCH 051/299] Update README.md with current link to Railscast (#5221) Updated README.md with the latest link to Ryan Bates' Railscast --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ac2a1d7cc..850dd73f4 100644 --- a/README.md +++ b/README.md @@ -169,7 +169,7 @@ bin/test test/models/trackable_test.rb:16 If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users -* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch +* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch-revised * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From d85d45bcefdee5c9adde5cbd1273723abe35f5e2 Mon Sep 17 00:00:00 2001 From: David Kimura Date: Fri, 5 Jun 2020 16:44:37 -0400 Subject: [PATCH 052/299] Updated README with additional video resources for learning Devise (#5232) [ci skip] --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 850dd73f4..ce43aa06c 100644 --- a/README.md +++ b/README.md @@ -166,11 +166,12 @@ bin/test test/models/trackable_test.rb:16 ## Starting with Rails? -If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have three resources that should help you get started: +If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have four resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch-revised * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth +* Drifting Ruby's Crash Course: https://www.driftingruby.com/episodes/authentication-crash-course-with-devise Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From c3759be33e4f90d383d3c24cf0bf94658acee785 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 17:47:05 -0300 Subject: [PATCH 053/299] Link to both Ryan Bates Railscasts [ci skip] --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ce43aa06c..3d075eeee 100644 --- a/README.md +++ b/README.md @@ -166,10 +166,10 @@ bin/test test/models/trackable_test.rb:16 ## Starting with Rails? -If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Today, we have four resources that should help you get started: +If you are building your first Rails application, we recommend you *do not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch. Here's a few resources that should help you get started: * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users -* Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch-revised +* Ryan Bates' Railscasts: http://railscasts.com/episodes/250-authentication-from-scratch and http://railscasts.com/episodes/250-authentication-from-scratch-revised * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth * Drifting Ruby's Crash Course: https://www.driftingruby.com/episodes/authentication-crash-course-with-devise From a451b98cf2311b6bb73b3762083294db131a4603 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 5 Jun 2020 17:49:32 -0300 Subject: [PATCH 054/299] Revert "Updated README with additional video resources for learning Devise (#5232)" This reverts commit d85d45bcefdee5c9adde5cbd1273723abe35f5e2. My mistake: this section is about *not* using Devise when starting with Rails and building authentication for the first time, therefore we should not be linking to Devise specific resources here. [ci skip] --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 3d075eeee..e6df03cb2 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,6 @@ If you are building your first Rails application, we recommend you *do not* use * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscasts: http://railscasts.com/episodes/250-authentication-from-scratch and http://railscasts.com/episodes/250-authentication-from-scratch-revised * Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth -* Drifting Ruby's Crash Course: https://www.driftingruby.com/episodes/authentication-crash-course-with-devise Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: From bbbff3a3504bf4db7829b5495efd1bc830bc0a58 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:16:32 -0300 Subject: [PATCH 055/299] Add changelog entry for #5067 [ci skip] --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 233e9691d..f61b631ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ * enhancements * Increase default stretches to 12 (by @sergey-alekseev) +* bug fixes + * Generate scoped views with proper scoped errors partial (by @shobhitic) + ### 4.7.1 - 2019-09-06 * bug fixes From 14a3084b5974e76980b475316fcea77f4b5e44f4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:12:40 -0300 Subject: [PATCH 056/299] Simplify the view generator with scoped views --- lib/generators/devise/views_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/views_generator.rb b/lib/generators/devise/views_generator.rb index 3ceda56b5..bc271743c 100644 --- a/lib/generators/devise/views_generator.rb +++ b/lib/generators/devise/views_generator.rb @@ -42,7 +42,7 @@ def copy_views def view_directory(name, _target_path = nil) directory name.to_s, _target_path || "#{target_path}/#{name}" do |content| if scope - content.gsub("devise/shared/links", "#{plural_scope}/shared/links").gsub("devise/shared/error_messages", "#{plural_scope}/shared/error_messages") + content.gsub("devise/shared", "#{plural_scope}/shared") else content end From 94be5fb6a1feef39411d025bcaf25393d621e870 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:49:51 -0300 Subject: [PATCH 057/299] Remove mocha deprecation warning Mocha deprecation warning at ...../active_support/dependencies.rb:324:in `require': Require 'mocha/test_unit', 'mocha/minitest' or 'mocha/api' instead of 'mocha/setup'. --- test/test_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index 378c9b110..ad5a6db66 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -12,7 +12,7 @@ I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) -require 'mocha/setup' +require 'mocha/minitest' require 'timecop' require 'webrat' Webrat.configure do |config| From 34d9053819ab82ddf62f7fe84748fe5a7aebbb50 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:37:53 -0300 Subject: [PATCH 058/299] Remove unnecessary monkey-patch of test helpers with Rails 5+ This is warning on Ruby 2.7, and seems unnecessary since Rails 5+ adopted kwargs approach. We still need to handle the difference for Rails < 5 for now, while we support it (which I would like to remove soon.) --- test/support/http_method_compatibility.rb | 36 +++++++---------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/test/support/http_method_compatibility.rb b/test/support/http_method_compatibility.rb index de207087f..f901ad858 100644 --- a/test/support/http_method_compatibility.rb +++ b/test/support/http_method_compatibility.rb @@ -5,19 +5,11 @@ class IntegrationTest < ActionDispatch::IntegrationTest # %w( get post patch put head delete xml_http_request # xhr get_via_redirect post_via_redirect # ).each do |method| - %w( get post put ).each do |method| - if Devise::Test.rails5_and_up? - define_method(method) do |url, options={}| - if options.empty? - super url - else - super url, options - end - end - else - define_method(method) do |url, options={}| - if options[:xhr]==true - xml_http_request __method__, url, options[:params] || {}, options[:headers] + unless Devise::Test.rails5_and_up? + %w( get post put ).each do |method| + define_method(method) do |url, options = {}| + if options[:xhr] == true + xml_http_request __method__, url, options[:params] || {}, options[:headers] else super url, options[:params] || {}, options[:headers] end @@ -30,19 +22,11 @@ class ControllerTestCase < ActionController::TestCase # %w( get post patch put head delete xml_http_request # xhr get_via_redirect post_via_redirect # ).each do |method| - %w( get post put ).each do |method| - if Devise::Test.rails5_and_up? - define_method(method) do |action, options={}| - if options.empty? - super action - else - super action, options - end - end - else - define_method(method) do |action, options={}| - if options[:xhr]==true - xml_http_request __method__, action, options[:params] || {}, options[:headers] + unless Devise::Test.rails5_and_up? + %w( get post put ).each do |method| + define_method(method) do |action, options = {}| + if options[:xhr] == true + xml_http_request __method__, action, options[:params] || {}, options[:headers] else super action, options[:params] || {}, options[:headers] end From 50f820a6cf13d7a9525198cdab288b7526fe98ec Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 7 Jun 2020 19:43:49 -0300 Subject: [PATCH 059/299] Use master of Rails controller testing gem to remove Ruby 2.7 warning --- Gemfile | 2 +- Gemfile.lock | 15 ++++++++++----- gemfiles/Gemfile.rails-6.0-stable | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 15 ++++++++++----- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/Gemfile b/Gemfile index 8dac85157..37dc67d9c 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ gem "rdoc" gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" -gem "rails-controller-testing" +gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/Gemfile.lock b/Gemfile.lock index 0aa695de9..469561933 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -7,6 +7,15 @@ GIT activesupport (>= 5.0.0.a) builder (~> 3.1) +GIT + remote: git://github.com/rails/rails-controller-testing.git + revision: a60b3da1c1c77959b28606dd087c058c64b5a08f + specs: + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + PATH remote: . specs: @@ -146,10 +155,6 @@ GEM bundler (>= 1.3.0) railties (= 6.0.3.1) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) @@ -203,7 +208,7 @@ DEPENDENCIES omniauth-oauth2 omniauth-openid rails (~> 6.0.0) - rails-controller-testing + rails-controller-testing! rdoc responders (~> 3.0) sqlite3 (~> 1.4) diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile.rails-6.0-stable index 90f762d49..e43284853 100644 --- a/gemfiles/Gemfile.rails-6.0-stable +++ b/gemfiles/Gemfile.rails-6.0-stable @@ -9,7 +9,7 @@ gem "rdoc" gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" -gem "rails-controller-testing" +gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 4c515a68c..51f0bf0bd 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -7,6 +7,15 @@ GIT activesupport (>= 5.0.0.a) builder (~> 3.1) +GIT + remote: git://github.com/rails/rails-controller-testing.git + revision: a60b3da1c1c77959b28606dd087c058c64b5a08f + specs: + rails-controller-testing (1.0.4) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + PATH remote: .. specs: @@ -146,10 +155,6 @@ GEM bundler (>= 1.3.0) railties (= 6.0.3.1) sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) @@ -203,7 +208,7 @@ DEPENDENCIES omniauth-oauth2 omniauth-openid rails (~> 6.0.0) - rails-controller-testing + rails-controller-testing! rdoc responders (~> 3.0) sqlite3 (~> 1.4) From 2c1b5fb240611ba976c1d3917f271707e422f0bc Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 8 Jun 2020 18:40:50 -0300 Subject: [PATCH 060/299] Update changelog with latest [ci skip] --- CHANGELOG.md | 3 +++ lib/devise/models/authenticatable.rb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f61b631ef..1d1e07ec3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,12 @@ ### Unreleased + * enhancements * Increase default stretches to 12 (by @sergey-alekseev) + * Ruby 2.7 support (kwarg warnings removed) * bug fixes * Generate scoped views with proper scoped errors partial (by @shobhitic) + * Allow to set scoped `already_authenticated` error messages (by @gurgelrenan) ### 4.7.1 - 2019-09-06 diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 430c9aac5..93582e219 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -152,7 +152,7 @@ def devise_mailer # # If the record is new or changed then delay the # # delivery until the after_commit callback otherwise # # send now because after_commit will not be called. - # # For Rails < 6 is `changed?` instead of `saved_changes?`. + # # For Rails < 6 use `changed?` instead of `saved_changes?`. # if new_record? || saved_changes? # pending_devise_notifications << [notification, args] # else From a3c0c652695ad180caa2f17f781753bef9bae330 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 8 Jun 2020 18:42:53 -0300 Subject: [PATCH 061/299] Devise no longer supports Rails 3.2 since version 4 [ci skip] And this `initialize_on_precompile` option is obsolete. --- README.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/README.md b/README.md index e6df03cb2..a632d9736 100644 --- a/README.md +++ b/README.md @@ -727,16 +727,6 @@ Additionally be mindful that without views supported, some email-based flows fro ## Additional information -### Heroku - -Using Devise on Heroku with Ruby on Rails 3.2 requires setting: - -```ruby -config.assets.initialize_on_precompile = false -``` - -Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html - ### Warden Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here: From 6d37e324377def3d9f52e5f815432fd47210e116 Mon Sep 17 00:00:00 2001 From: hyuraku <32809703+hyuraku@users.noreply.github.com> Date: Tue, 9 Jun 2020 21:50:30 +0900 Subject: [PATCH 062/299] remove useless rails51? method --- lib/devise.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index d4d54aeb2..0451876df 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -297,10 +297,6 @@ module Test mattr_accessor :sign_in_after_change_password @@sign_in_after_change_password = true - def self.rails51? # :nodoc: - Rails.gem_version >= Gem::Version.new("5.1.x") - end - def self.activerecord51? # :nodoc: defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") end From 16f27b3074c544c868335898c207bf6d2152c929 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Jun 2020 15:23:40 -0300 Subject: [PATCH 063/299] Bump to v4.7.2 --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 2 +- gemfiles/Gemfile.rails-5.1-stable.lock | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 2 +- lib/devise/version.rb | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d1e07ec3..2335d68fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 4.7.1 - 2020-06-10 * enhancements * Increase default stretches to 12 (by @sergey-alekseev) diff --git a/Gemfile.lock b/Gemfile.lock index 469561933..e30f732f0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,7 +19,7 @@ GIT PATH remote: . specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 081d634b5..8955016e6 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 7ad16cca5..e3013cf58 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 42e6ee41e..79dfc25cf 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index 4a6671824..058023371 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index e2e578abf..9da2d2270 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 51f0bf0bd..314830740 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -19,7 +19,7 @@ GIT PATH remote: .. specs: - devise (4.7.1) + devise (4.7.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index f901c8c86..ec5924648 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.7.1".freeze + VERSION = "4.7.2".freeze end From 6991ff4eb42bb8a197f8c83ed9bcf46d50392083 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Jun 2020 15:28:31 -0300 Subject: [PATCH 064/299] Oops, fix changelog [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2335d68fa..2f70c10c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### 4.7.1 - 2020-06-10 +### 4.7.2 - 2020-06-10 * enhancements * Increase default stretches to 12 (by @sergey-alekseev) From 0e33f55b7d6fea66d0c73ebc73a597a16819a450 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D1=83=D1=81=D0=BB=D0=B0=D0=BD=20=D0=9A=D0=BE=D1=80?= =?UTF-8?q?=D0=BD=D0=B5=D0=B2?= Date: Sat, 13 Jun 2020 03:37:02 +0300 Subject: [PATCH 065/299] Fixes broken image (#5253) [ci skip] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a632d9736..20a585653 100644 --- a/README.md +++ b/README.md @@ -273,7 +273,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, ### Strong Parameters -![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204) +The Parameter Sanitizer API has changed for Devise 4 :warning: *For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters* From b25492ea0185bd1525e65f4c56d465b79ceff689 Mon Sep 17 00:00:00 2001 From: Pavel Timofeev Date: Mon, 15 Jun 2020 23:19:31 -0400 Subject: [PATCH 066/299] Remove Heroku anchor link and fix some typos --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 20a585653..d1633776c 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,6 @@ It's composed of 10 modules: - [Other ORMs](#other-orms) - [Rails API mode](#rails-api-mode) - [Additional information](#additional-information) - - [Heroku](#heroku) - [Warden](#warden) - [Contributors](#contributors) - [License](#license) @@ -120,7 +119,7 @@ Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ### DEVISE_ORM Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. -The default value of `DEVISE_ORM` is `active_record`. To run the tests for mongoid, you can pass `mongoid`: +The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`: ``` DEVISE_ORM=mongoid bin/test @@ -313,7 +312,7 @@ class ApplicationController < ActionController::Base end ``` -Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block: +Devise allows you to completely change Devise defaults or invoke custom behavior by passing a block: To permit simple scalar values for username and email, use this @@ -436,7 +435,7 @@ If the customization at the views level is not enough, you can customize each co end ``` - Or you can simply add new behaviour to it: + Or you can simply add new behavior to it: ```ruby class Users::SessionsController < Devise::SessionsController @@ -741,6 +740,6 @@ https://github.com/heartcombo/devise/graphs/contributors ## License -MIT License. Copyright 2020 Rafael França, Leaonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. +MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From 4f60544396824c516bdb5c165f9631d727b9560d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 17 Jun 2020 08:51:17 -0300 Subject: [PATCH 067/299] Improve deprecation message with example of how to remove it The deprecation of `devise_error_messages!` wasn't super clear on what was happening and how to get rid of the message, not it has a more detailed explanation with an example of what to look for and what to replace it with. Closes #5257. --- app/helpers/devise_helper.rb | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index 200a77464..d99780119 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -1,14 +1,26 @@ # frozen_string_literal: true module DeviseHelper - # Retain this method for backwards compatibility, deprecated in favour of modifying the - # devise/shared/error_messages partial + # Retain this method for backwards compatibility, deprecated in favor of modifying the + # devise/shared/error_messages partial. def devise_error_messages! ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc - [Devise] `DeviseHelper.devise_error_messages!` - is deprecated and it will be removed in the next major version. - To customize the errors styles please run `rails g devise:views` and modify the - `devise/shared/error_messages` partial. + [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be + removed in the next major version. + + Devise now uses a partial under "devise/shared/error_messages" to display + error messages by default, and make them easier to customize. Update your + views changing calls from: + + <%= devise_error_messages! %> + + to: + + <%= render "devise/shared/error_messages", resource: resource %> + + To start customizing how errors are displayed, you can copy the partial + from devise to your `app/views` folder. Alternatively, you can run + `rails g devise:views` which will copy all of them again to your app. DEPRECATION return "" if resource.errors.empty? From ffa8a80f423ee1cad4b19bb61e8e3977edc92e5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Thu, 18 Jun 2020 16:20:22 +0200 Subject: [PATCH 068/299] Fix warning from `thor` The `:orm` option can also have string values. --- lib/generators/devise/devise_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/devise_generator.rb b/lib/generators/devise/devise_generator.rb index 625b6db76..560d0da77 100644 --- a/lib/generators/devise/devise_generator.rb +++ b/lib/generators/devise/devise_generator.rb @@ -13,7 +13,7 @@ class DeviseGenerator < Rails::Generators::NamedBase desc "Generates a model with the given NAME (if one does not exist) with devise " \ "configuration plus a migration file and devise routes." - hook_for :orm, type: :boolean + hook_for :orm, required: true class_option :routes, desc: "Generate routes", type: :boolean, default: true From 057afdc1e6cadcb4102521edb604225da897965a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 18 Jun 2020 18:01:18 -0300 Subject: [PATCH 069/299] Fix another thor deprecation warning in the install generator This one has been showing up when running tests: Deprecation warning: Expected string default value for '--orm'; got false (boolean). This will be rejected in the future unless you explicitly pass the options `check_default_type: false` or call `allow_incompatible_default_type!` in your code You can silence deprecations warning by setting the environment variable THOR_SILENCE_DEPRECATION. --- lib/generators/devise/install_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/install_generator.rb b/lib/generators/devise/install_generator.rb index 5f091893d..78f3303d6 100644 --- a/lib/generators/devise/install_generator.rb +++ b/lib/generators/devise/install_generator.rb @@ -11,7 +11,7 @@ class InstallGenerator < Rails::Generators::Base source_root File.expand_path("../../templates", __FILE__) desc "Creates a Devise initializer and copy locale files to your application." - class_option :orm + class_option :orm, required: true def copy_initializer unless options[:orm] From b94b957490359a228ed5d4c76b8c1af69b290737 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 23 Jun 2020 08:49:13 -0300 Subject: [PATCH 070/299] Prefer american style english for code Nothing personal, just seems to be much more common usage across the code. --- lib/devise/controllers/helpers.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 7ef8507ff..e0e6acc32 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -40,10 +40,10 @@ def devise_group(group_name, opts={}) mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]" class_eval <<-METHODS, __FILE__, __LINE__ + 1 - def authenticate_#{group_name}!(favourite=nil, opts={}) + def authenticate_#{group_name}!(favorite=nil, opts={}) unless #{group_name}_signed_in? mappings = #{mappings} - mappings.unshift mappings.delete(favourite.to_sym) if favourite + mappings.unshift mappings.delete(favorite.to_sym) if favorite mappings.each do |mapping| opts[:scope] = mapping warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) @@ -57,9 +57,9 @@ def #{group_name}_signed_in? end end - def current_#{group_name}(favourite=nil) + def current_#{group_name}(favorite=nil) mappings = #{mappings} - mappings.unshift mappings.delete(favourite.to_sym) if favourite + mappings.unshift mappings.delete(favorite.to_sym) if favorite mappings.each do |mapping| current = warden.authenticate(scope: mapping) return current if current @@ -252,7 +252,7 @@ def sign_out_and_redirect(resource_or_scope) # Overwrite Rails' handle unverified request to sign out all scopes, # clear run strategies and remove cached variables. def handle_unverified_request - super # call the default behaviour which resets/nullifies/raises + super # call the default behavior which resets/nullifies/raises request.env["devise.skip_storage"] = true sign_out_all_scopes(false) end From f5cc775a5feea51355036175994edbcb5e6af13c Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 23 Jun 2020 08:46:28 -0300 Subject: [PATCH 071/299] Remove commented out code --- lib/devise/failure_app.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 1a7e8e54e..ee8219fff 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -71,7 +71,6 @@ def recall end flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? - # self.response = recall_app(warden_options[:recall]).call(env) self.response = recall_app(warden_options[:recall]).call(request.env) end From f26e05c20079c9acded3c0ee16da0df435a28997 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 10 Aug 2020 22:47:15 -0300 Subject: [PATCH 072/299] Update bundle --- Gemfile.lock | 124 ++++++++++++------------- gemfiles/Gemfile.rails-6.0-stable.lock | 124 ++++++++++++------------- 2 files changed, 124 insertions(+), 124 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e30f732f0..898913506 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -9,9 +9,9 @@ GIT GIT remote: git://github.com/rails/rails-controller-testing.git - revision: a60b3da1c1c77959b28606dd087c058c64b5a08f + revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: - rails-controller-testing (1.0.4) + rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) @@ -29,64 +29,64 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.1) - actionpack (= 6.0.3.1) + actioncable (6.0.3.2) + actionpack (= 6.0.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionmailbox (6.0.3.2) + actionpack (= 6.0.3.2) + activejob (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) mail (>= 2.7.1) - actionmailer (6.0.3.1) - actionpack (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) + actionmailer (6.0.3.2) + actionpack (= 6.0.3.2) + actionview (= 6.0.3.2) + activejob (= 6.0.3.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.1) - actionview (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionpack (6.0.3.2) + actionview (= 6.0.3.2) + activesupport (= 6.0.3.2) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.1) - actionpack (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actiontext (6.0.3.2) + actionpack (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) nokogiri (>= 1.8.5) - actionview (6.0.3.1) - activesupport (= 6.0.3.1) + actionview (6.0.3.2) + activesupport (= 6.0.3.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.1) - activesupport (= 6.0.3.1) + activejob (6.0.3.2) + activesupport (= 6.0.3.2) globalid (>= 0.3.6) - activemodel (6.0.3.1) - activesupport (= 6.0.3.1) - activerecord (6.0.3.1) - activemodel (= 6.0.3.1) - activesupport (= 6.0.3.1) - activestorage (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) + activemodel (6.0.3.2) + activesupport (= 6.0.3.2) + activerecord (6.0.3.2) + activemodel (= 6.0.3.2) + activesupport (= 6.0.3.2) + activestorage (6.0.3.2) + actionpack (= 6.0.3.2) + activejob (= 6.0.3.2) + activerecord (= 6.0.3.2) marcel (~> 0.3.1) - activesupport (6.0.3.1) + activesupport (6.0.3.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - bcrypt (3.1.13) + bcrypt (3.1.15) builder (3.2.4) - concurrent-ruby (1.1.6) + concurrent-ruby (1.1.7) crass (1.0.6) erubi (1.9.0) faraday (1.0.1) @@ -94,10 +94,10 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.3) + i18n (1.8.5) concurrent-ruby (~> 1.0) jwt (2.2.1) - loofah (2.5.0) + loofah (2.6.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -110,11 +110,11 @@ GEM mini_portile2 (2.4.0) minitest (5.14.1) mocha (1.11.2) - multi_json (1.14.1) + multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.2) - nokogiri (1.10.9) + nokogiri (1.10.10) mini_portile2 (~> 2.4.0) oauth2 (1.4.4) faraday (>= 0.8, < 2.0) @@ -134,35 +134,35 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.2.2) + rack (2.2.3) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.1) - actioncable (= 6.0.3.1) - actionmailbox (= 6.0.3.1) - actionmailer (= 6.0.3.1) - actionpack (= 6.0.3.1) - actiontext (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) - activemodel (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + rails (6.0.3.2) + actioncable (= 6.0.3.2) + actionmailbox (= 6.0.3.2) + actionmailer (= 6.0.3.2) + actionpack (= 6.0.3.2) + actiontext (= 6.0.3.2) + actionview (= 6.0.3.2) + activejob (= 6.0.3.2) + activemodel (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) bundler (>= 1.3.0) - railties (= 6.0.3.1) + railties (= 6.0.3.2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.1) - actionpack (= 6.0.3.1) - activesupport (= 6.0.3.1) + railties (6.0.3.2) + actionpack (= 6.0.3.2) + activesupport (= 6.0.3.2) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -172,7 +172,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) - sprockets (4.0.1) + sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -191,10 +191,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.2) + websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.3.0) + zeitwerk (2.4.0) PLATFORMS ruby diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 314830740..bb9c6190e 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -9,9 +9,9 @@ GIT GIT remote: git://github.com/rails/rails-controller-testing.git - revision: a60b3da1c1c77959b28606dd087c058c64b5a08f + revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: - rails-controller-testing (1.0.4) + rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) @@ -29,64 +29,64 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.1) - actionpack (= 6.0.3.1) + actioncable (6.0.3.2) + actionpack (= 6.0.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionmailbox (6.0.3.2) + actionpack (= 6.0.3.2) + activejob (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) mail (>= 2.7.1) - actionmailer (6.0.3.1) - actionpack (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) + actionmailer (6.0.3.2) + actionpack (= 6.0.3.2) + actionview (= 6.0.3.2) + activejob (= 6.0.3.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.1) - actionview (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionpack (6.0.3.2) + actionview (= 6.0.3.2) + activesupport (= 6.0.3.2) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.1) - actionpack (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actiontext (6.0.3.2) + actionpack (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) nokogiri (>= 1.8.5) - actionview (6.0.3.1) - activesupport (= 6.0.3.1) + actionview (6.0.3.2) + activesupport (= 6.0.3.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.1) - activesupport (= 6.0.3.1) + activejob (6.0.3.2) + activesupport (= 6.0.3.2) globalid (>= 0.3.6) - activemodel (6.0.3.1) - activesupport (= 6.0.3.1) - activerecord (6.0.3.1) - activemodel (= 6.0.3.1) - activesupport (= 6.0.3.1) - activestorage (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) + activemodel (6.0.3.2) + activesupport (= 6.0.3.2) + activerecord (6.0.3.2) + activemodel (= 6.0.3.2) + activesupport (= 6.0.3.2) + activestorage (6.0.3.2) + actionpack (= 6.0.3.2) + activejob (= 6.0.3.2) + activerecord (= 6.0.3.2) marcel (~> 0.3.1) - activesupport (6.0.3.1) + activesupport (6.0.3.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - bcrypt (3.1.13) + bcrypt (3.1.15) builder (3.2.4) - concurrent-ruby (1.1.6) + concurrent-ruby (1.1.7) crass (1.0.6) erubi (1.9.0) faraday (1.0.1) @@ -94,10 +94,10 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.3) + i18n (1.8.5) concurrent-ruby (~> 1.0) jwt (2.2.1) - loofah (2.5.0) + loofah (2.6.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -110,11 +110,11 @@ GEM mini_portile2 (2.4.0) minitest (5.14.1) mocha (1.11.2) - multi_json (1.14.1) + multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.2) - nokogiri (1.10.9) + nokogiri (1.10.10) mini_portile2 (~> 2.4.0) oauth2 (1.4.4) faraday (>= 0.8, < 2.0) @@ -134,35 +134,35 @@ GEM omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) - rack (2.2.2) + rack (2.2.3) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.1) - actioncable (= 6.0.3.1) - actionmailbox (= 6.0.3.1) - actionmailer (= 6.0.3.1) - actionpack (= 6.0.3.1) - actiontext (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) - activemodel (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + rails (6.0.3.2) + actioncable (= 6.0.3.2) + actionmailbox (= 6.0.3.2) + actionmailer (= 6.0.3.2) + actionpack (= 6.0.3.2) + actiontext (= 6.0.3.2) + actionview (= 6.0.3.2) + activejob (= 6.0.3.2) + activemodel (= 6.0.3.2) + activerecord (= 6.0.3.2) + activestorage (= 6.0.3.2) + activesupport (= 6.0.3.2) bundler (>= 1.3.0) - railties (= 6.0.3.1) + railties (= 6.0.3.2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.1) - actionpack (= 6.0.3.1) - activesupport (= 6.0.3.1) + railties (6.0.3.2) + actionpack (= 6.0.3.2) + activesupport (= 6.0.3.2) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -172,7 +172,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) - sprockets (4.0.1) + sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.1) @@ -191,10 +191,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.2) + websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.3.0) + zeitwerk (2.4.0) PLATFORMS ruby From 507573994a5524e17729f5c8e340ec6678ff26a5 Mon Sep 17 00:00:00 2001 From: Daniel Pepper Date: Wed, 12 Aug 2020 13:19:50 -0700 Subject: [PATCH 073/299] Ensure `serializable_hash` doesn't raise with a frozen `:except` array I ran into an issue where options[:except] is a frozen array, which explodes when we try to concat values in `serializable_hash`. To fix this we dup the `:except` option before concatenating with the other options there. Closes #5278. --- CHANGELOG.md | 5 +++++ lib/devise/models/authenticatable.rb | 2 +- test/models/serializable_test.rb | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f70c10c4..975defb48 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### master + +* bug fixes + * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) + ### 4.7.2 - 2020-06-10 * enhancements diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 93582e219..9d456fa3d 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -104,7 +104,7 @@ def authenticatable_salt # given to :except will simply add names to exempt to Devise internal list. def serializable_hash(options = nil) options = options.try(:dup) || {} - options[:except] = Array(options[:except]) + options[:except] = Array(options[:except]).dup if options[:force_except] options[:except].concat Array(options[:force_except]) diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 0ec9e7206..245da05a8 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -43,7 +43,7 @@ class SerializableTest < ActiveSupport::TestCase end test 'should accept frozen options' do - assert_key "username", @user.as_json({only: :username}.freeze)["user"] + assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"] end def assert_key(key, subject) From 2da46d8dd6c09446571eb3021b3c870cdd3ab9b8 Mon Sep 17 00:00:00 2001 From: Seiei Miyagi Date: Mon, 17 Aug 2020 22:17:06 +0900 Subject: [PATCH 074/299] Replace BLACKLIST_FOR_SERIALIZATION with DENYLIST_FOR_SERIALIZATION --- lib/devise/models/authenticatable.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 9d456fa3d..047f7fbe9 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -55,11 +55,16 @@ module Models module Authenticatable extend ActiveSupport::Concern - BLACKLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, + DENYLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip, :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at, :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] + BLACKLIST_FOR_SERIALIZATION = DENYLIST_FOR_SERIALIZATION + if respond_to? :deprecate_constant + deprecate_constant :BLACKLIST_FOR_SERIALIZATION + end + included do class_attribute :devise_modules, instance_writer: false self.devise_modules ||= [] @@ -109,7 +114,7 @@ def serializable_hash(options = nil) if options[:force_except] options[:except].concat Array(options[:force_except]) else - options[:except].concat BLACKLIST_FOR_SERIALIZATION + options[:except].concat DENYLIST_FOR_SERIALIZATION end super(options) From 0c2cab7c946e0796c673a36aebba7c0352e5fec8 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 17 Aug 2020 08:59:40 -0300 Subject: [PATCH 075/299] Deprecate `BLACKLIST_FOR_SERIALIZATION` on all supported Rails versions Deprecate `BLACKLIST_FOR_SERIALIZATION` constant in favor of a more descriptive name `UNSAFE_ATTRIBUTES_FOR_SERIALIZATION`, removing unnecessary usage of the word `blacklist` from devise. The previous constant still works but will emit a warning if used, to allow anyone still depending on it to upgrade. This includes an internal backport of the Rails `deprecate_constant` implementation that exists on Rails 5.1+ to be able to deprecate it properly in prior versions, while we support those. (which I intend to drop soon.) --- CHANGELOG.md | 3 ++ lib/devise/models/authenticatable.rb | 11 +++--- .../rails/deprecated_constant_accessor.rb | 39 +++++++++++++++++++ test/models/serializable_test.rb | 4 ++ 4 files changed, 51 insertions(+), 6 deletions(-) create mode 100644 lib/devise/rails/deprecated_constant_accessor.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 975defb48..ca168f757 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ * bug fixes * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) +* deprecations + * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) + ### 4.7.2 - 2020-06-10 * enhancements diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 047f7fbe9..3df93112f 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -2,6 +2,7 @@ require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' +require 'devise/rails/deprecated_constant_accessor' module Devise module Models @@ -55,15 +56,13 @@ module Models module Authenticatable extend ActiveSupport::Concern - DENYLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, + UNSAFE_ATTRIBUTES_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at, :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip, :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at, :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] - BLACKLIST_FOR_SERIALIZATION = DENYLIST_FOR_SERIALIZATION - if respond_to? :deprecate_constant - deprecate_constant :BLACKLIST_FOR_SERIALIZATION - end + include Devise::DeprecatedConstantAccessor + deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION" included do class_attribute :devise_modules, instance_writer: false @@ -114,7 +113,7 @@ def serializable_hash(options = nil) if options[:force_except] options[:except].concat Array(options[:force_except]) else - options[:except].concat DENYLIST_FOR_SERIALIZATION + options[:except].concat UNSAFE_ATTRIBUTES_FOR_SERIALIZATION end super(options) diff --git a/lib/devise/rails/deprecated_constant_accessor.rb b/lib/devise/rails/deprecated_constant_accessor.rb new file mode 100644 index 000000000..d1eff92f2 --- /dev/null +++ b/lib/devise/rails/deprecated_constant_accessor.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +begin + require 'active_support/deprecation/constant_accessor' + + module Devise + DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc: + end +rescue LoadError + + # Copy of constant deprecation module from Rails / Active Support version 6, so we can use it + # with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater. + module Devise + module DeprecatedConstantAccessor #:nodoc: + def self.included(base) + require "active_support/inflector/methods" + + extension = Module.new do + def const_missing(missing_const_name) + if class_variable_defined?(:@@_deprecated_constants) + if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s]) + replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations) + return ActiveSupport::Inflector.constantize(replacement[:new].to_s) + end + end + super + end + + def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance) + class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants) + class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator } + end + end + base.singleton_class.prepend extension + end + end + end + +end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 245da05a8..52a198136 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -46,6 +46,10 @@ class SerializableTest < ActiveSupport::TestCase assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"] end + test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do + assert_deprecated { Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION } + end + def assert_key(key, subject) assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}" end From 23fbc35b2d3236d2025df99f2766c4d1f96187be Mon Sep 17 00:00:00 2001 From: Tony Novak Date: Tue, 25 Aug 2020 20:45:30 -0400 Subject: [PATCH 076/299] Fix hanging tests for streaming controllers using Devise Fixes #5285. --- lib/devise/test/controller_helpers.rb | 2 +- .../rails_app/app/controllers/streaming_controller.rb | 11 +++++++++++ test/rails_app/config/routes.rb | 2 ++ test/test/controller_helpers_test.rb | 10 ++++++++++ 4 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 test/rails_app/app/controllers/streaming_controller.rb diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index eeef694d2..30b45b3a6 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -143,7 +143,7 @@ def _process_unauthenticated(env, options = {}) @controller.response.headers.merge!(headers) @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5 @controller.status = status - @controller.response.body = response.body + @controller.response_body = response.body nil # causes process return @response end diff --git a/test/rails_app/app/controllers/streaming_controller.rb b/test/rails_app/app/controllers/streaming_controller.rb new file mode 100644 index 000000000..e64b771a6 --- /dev/null +++ b/test/rails_app/app/controllers/streaming_controller.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class StreamingController < ApplicationController + include ActionController::Live + + before_action :authenticate_user! + + def index + render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index' + end +end diff --git a/test/rails_app/config/routes.rb b/test/rails_app/config/routes.rb index 8687dae24..0b748f3fd 100644 --- a/test/rails_app/config/routes.rb +++ b/test/rails_app/config/routes.rb @@ -17,6 +17,8 @@ resources :admins, only: [:index] + resources :streaming, only: [:index] + # Users scope devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" } diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index f285cbbfd..588ca7915 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -196,3 +196,13 @@ def respond assert_equal old_warden_proxy, new_warden_proxy end end + +class TestControllerHelpersForStreamingControllerTest < Devise::ControllerTestCase + tests StreamingController + include Devise::Test::ControllerHelpers + + test "doesn't hang when sending an authentication error response body" do + get :index + assert_equal "You are being redirected.", response.body + end +end From 3e588d2d256a9a61b35420d40e95a62c1dc12162 Mon Sep 17 00:00:00 2001 From: Tony Novak Date: Wed, 26 Aug 2020 12:02:11 -0400 Subject: [PATCH 077/299] Work around "uncaught throw :warden" issue in Rails 4 --- .../app/controllers/streaming_controller.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/rails_app/app/controllers/streaming_controller.rb b/test/rails_app/app/controllers/streaming_controller.rb index e64b771a6..6d3f02483 100644 --- a/test/rails_app/app/controllers/streaming_controller.rb +++ b/test/rails_app/app/controllers/streaming_controller.rb @@ -8,4 +8,16 @@ class StreamingController < ApplicationController def index render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index' end + + # Work around https://github.com/heartcombo/devise/issues/2332, which affects + # tests in Rails 4.x (and affects production in Rails >= 5) + def process(name) + super(name) + rescue ArgumentError => e + if e.message == 'uncaught throw :warden' + throw :warden + else + raise e + end + end end From 4a5e7a9143fa630714c3a5476a3259cf703273a9 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 27 Aug 2020 08:54:08 -0300 Subject: [PATCH 078/299] Switch to https for git repos in the lock file --- Gemfile.lock | 4 ++-- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 2 +- gemfiles/Gemfile.rails-5.1-stable.lock | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 4 ++-- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 898913506..e6eeaae5d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) @@ -8,7 +8,7 @@ GIT builder (~> 3.1) GIT - remote: git://github.com/rails/rails-controller-testing.git + remote: https://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: rails-controller-testing (1.0.5) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 8955016e6..94e857872 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/rails.git + remote: https://github.com/rails/rails.git revision: 0cad778c2605a5204a05a9f1dbd3344e39f248d8 branch: 4-1-stable specs: diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index e3013cf58..310a25834 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/rails.git + remote: https://github.com/rails/rails.git revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997 branch: 4-2-stable specs: diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 79dfc25cf..15c345abd 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index 058023371..12da7a0c4 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 9da2d2270..96064b38b 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index bb9c6190e..4d0b41e8d 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 93689638c28525acc65afb638fce866826532641 specs: activemodel-serializers-xml (1.0.2) @@ -8,7 +8,7 @@ GIT builder (~> 3.1) GIT - remote: git://github.com/rails/rails-controller-testing.git + remote: https://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: rails-controller-testing (1.0.5) From e39b9b91340cc63d28897c10c83cf0af5820e4e9 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 27 Aug 2020 09:05:16 -0300 Subject: [PATCH 079/299] Fix order of arguments for `assert_equal` on tests Use `assert_equal expected, actual` for proper error messages in case of failures. --- test/controllers/custom_strategy_test.rb | 10 ++---- test/failure_app_test.rb | 6 ++-- test/integration/authenticatable_test.rb | 4 +-- test/integration/confirmable_test.rb | 4 +-- test/integration/lockable_test.rb | 6 ++-- test/integration/recoverable_test.rb | 6 ++-- test/integration/registerable_test.rb | 16 +++++----- .../mailers/confirmation_instructions_test.rb | 2 +- .../reset_password_instructions_test.rb | 2 +- test/mailers/unlock_instructions_test.rb | 2 +- test/models/authenticatable_test.rb | 8 ++--- test/models/confirmable_test.rb | 18 +++++------ test/models/database_authenticatable_test.rb | 10 +++--- test/models/lockable_test.rb | 32 +++++++++---------- test/models/omniauthable_test.rb | 2 +- test/models/recoverable_test.rb | 14 ++++---- test/models/registerable_test.rb | 2 +- test/models/rememberable_test.rb | 4 +-- test/models/timeoutable_test.rb | 2 +- test/models/trackable_test.rb | 4 +-- test/models/validatable_test.rb | 2 +- test/test/controller_helpers_test.rb | 2 +- 22 files changed, 76 insertions(+), 82 deletions(-) diff --git a/test/controllers/custom_strategy_test.rb b/test/controllers/custom_strategy_test.rb index c39ac3e61..d352a15bf 100644 --- a/test/controllers/custom_strategy_test.rb +++ b/test/controllers/custom_strategy_test.rb @@ -42,9 +42,7 @@ class CustomStrategyTest < Devise::ControllerTestCase test "custom strategy can return its own status code" do ret = get :new - # check the returned rack array - # assert ret.is_a?(Array) - # assert_equal 400, ret.first + # check the returned response assert ret.is_a?(ActionDispatch::TestResponse) # check the saved response as well. This is purely so that the response is available to the testing framework @@ -55,12 +53,10 @@ class CustomStrategyTest < Devise::ControllerTestCase test "custom strategy can return custom headers" do ret = get :new - # check the returned rack array - # assert ret.is_a?(Array) - # assert_equal ret.third['X-FOO'], 'BAR' + # check the returned response assert ret.is_a?(ActionDispatch::TestResponse) # check the saved response headers as well. - assert_equal response.headers['X-FOO'], 'BAR' + assert_equal 'BAR', response.headers['X-FOO'] end end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index af622fff2..dc2a5bbc7 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -363,8 +363,8 @@ def call_failure(env_params={}) call_failure(env) assert @response.third.body.include?('

Log in

') assert @response.third.body.include?('Invalid Email or password.') - assert_equal @request.env["SCRIPT_NAME"], '/sample' - assert_equal @request.env["PATH_INFO"], '/users/sign_in' + assert_equal '/sample', @request.env["SCRIPT_NAME"] + assert_equal '/users/sign_in', @request.env["PATH_INFO"] end end end @@ -372,7 +372,7 @@ def call_failure(env_params={}) context "Lazy loading" do test "loads" do - assert_equal Devise::FailureApp.new.lazy_loading_works?, "yes it does" + assert_equal "yes it does", Devise::FailureApp.new.lazy_loading_works? end end context "Without Flash Support" do diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 6ffd46379..40c79cca8 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -321,14 +321,14 @@ class AuthenticationRedirectTest < Devise::IntegrationTest test 'require_no_authentication should set the already_authenticated flash message' do sign_in_as_user visit new_user_session_path - assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated") + assert_equal I18n.t("devise.failure.already_authenticated"), flash[:alert] end test 'require_no_authentication should set the already_authenticated flash message as admin' do store_translations :en, devise: { failure: { admin: { already_authenticated: 'You are already signed in as admin.' } } } do sign_in_as_admin visit new_admin_session_path - assert_equal flash[:alert], "You are already signed in as admin." + assert_equal "You are already signed in as admin.", flash[:alert] end end end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 5cafacb43..4886a6b56 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -218,7 +218,7 @@ def resend_confirmation user = create_user(confirm: false) post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } } assert_response :success - assert_equal response.body, {}.to_xml + assert_equal({}.to_xml, response.body) end test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do @@ -247,7 +247,7 @@ def resend_confirmation post user_confirmation_path, params: { user: { email: user.email }, format: :json } assert_response :success - assert_equal response.body, {}.to_json + assert_equal({}.to_json, response.body) end test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 87e439ef1..ca72befd9 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -136,8 +136,7 @@ def send_unlock_request post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } assert_response :success - assert_equal response.body, {}.to_xml - + assert_equal({}.to_xml, response.body) assert_equal 1, ActionMailer::Base.deliveries.size end @@ -160,7 +159,6 @@ def send_unlock_request assert response.body.include? %(\n) end - test 'user with invalid unlock token should not be able to unlock the account via XML request' do get user_unlock_path(format: 'xml', unlock_token: 'invalid_token') assert_response :unprocessable_entity @@ -171,7 +169,7 @@ def send_unlock_request user = create_user(locked: true) post user_unlock_path(format: "json", user: {email: user.email}) assert_response :success - assert_equal response.body, {}.to_json + assert_equal({}.to_json, response.body) end test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index b1cdb6571..c6f8c6cfc 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -265,7 +265,7 @@ def reset_password(options={}, &block) create_user post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} } assert_response :success - assert_equal response.body, { }.to_xml + assert_equal({}.to_xml, response.body) end test 'reset password request with invalid E-Mail in XML format should return valid response' do @@ -280,7 +280,7 @@ def reset_password(options={}, &block) create_user post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} } assert_response :success - assert_equal response.body, { }.to_xml + assert_equal({}.to_xml, response.body) end end @@ -317,7 +317,7 @@ def reset_password(options={}, &block) post user_password_path(format: :json), params: { user: { email: user.email } } assert_response :success - assert_equal response.body, "{}" + assert_equal "{}", response.body end test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 46f09f37b..dfe4b48eb 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -20,7 +20,7 @@ class RegistrationTest < Devise::IntegrationTest assert_current_url "/admin_area/home" admin = Admin.to_adapter.find_first(order: [:id, :desc]) - assert_equal admin.email, 'new_user@test.com' + assert_equal 'new_user@test.com', admin.email end test 'a guest admin should be able to sign in and be redirected to a custom location' do @@ -69,7 +69,7 @@ def user_sign_up refute warden.authenticated?(:user) user = User.to_adapter.find_first(order: [:id, :desc]) - assert_equal user.email, 'new_user@test.com' + assert_equal 'new_user@test.com', user.email refute user.confirmed? end @@ -254,7 +254,7 @@ def user_sign_up assert_contain "Password confirmation doesn't match Password" refute User.to_adapter.find_first.valid_password?('pas123') end - + test 'a signed in user should see a warning about minimum password length' do sign_in_as_user get edit_user_registration_path @@ -303,7 +303,7 @@ def user_sign_up assert response.body.include? %(\n) admin = Admin.to_adapter.find_first(order: [:id, :desc]) - assert_equal admin.email, 'new_user@test.com' + assert_equal 'new_user@test.com', admin.email end test 'a user sign up with valid information in XML format should return valid response' do @@ -312,7 +312,7 @@ def user_sign_up assert response.body.include? %(\n) user = User.to_adapter.find_first(order: [:id, :desc]) - assert_equal user.email, 'new_user@test.com' + assert_equal 'new_user@test.com', user.email end test 'a user sign up with invalid information in XML format should return invalid response' do @@ -325,21 +325,21 @@ def user_sign_up user = sign_in_as_user put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } } assert_response :success - assert_equal user.reload.email, 'user.new@test.com' + assert_equal 'user.new@test.com', user.reload.email end test 'a user update information with invalid data in XML format should return invalid response' do user = sign_in_as_user put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } } assert_response :unprocessable_entity - assert_equal user.reload.email, 'user@test.com' + assert_equal 'user@test.com', user.reload.email end test 'a user cancel their account in XML format should return valid response' do sign_in_as_user delete user_registration_path(format: 'xml') assert_response :success - assert_equal User.to_adapter.find_all.size, 0 + assert_equal 0, User.to_adapter.find_all.size end end diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 358b092c1..8f9dbc151 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -88,7 +88,7 @@ def mail host, port = ActionMailer::Base.default_url_options.values_at :host, :port if mail.body.encoded =~ %r{} - assert_equal $1, user.confirmation_token + assert_equal user.confirmation_token, $1 else flunk "expected confirmation url regex to match" end diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index f38829dd4..1a371b721 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -84,7 +84,7 @@ def mail host, port = ActionMailer::Base.default_url_options.values_at :host, :port if mail.body.encoded =~ %r{} - assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token + assert_equal user.reset_password_token, Devise.token_generator.digest(user.class, :reset_password_token, $1) else flunk "expected reset password url regex to match" end diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 586799da5..3722cf9c6 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -85,7 +85,7 @@ def mail host, port = ActionMailer::Base.default_url_options.values_at :host, :port if mail.body.encoded =~ %r{} - assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token + assert_equal user.unlock_token, Devise.token_generator.digest(user.class, :unlock_token, $1) else flunk "expected unlock url regex to match" end diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 4fc30a810..576ceaffe 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -4,12 +4,12 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'required_fields should be an empty array' do - assert_equal Devise::Models::Validatable.required_fields(User), [] + assert_equal [], Devise::Models::Validatable.required_fields(User) end test 'find_first_by_auth_conditions allows custom filtering parameters' do user = User.create!(email: "example@example.com", password: "1234567") - assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user + assert_equal user, User.find_first_by_auth_conditions({ email: "example@example.com" }) assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next) end @@ -18,14 +18,14 @@ class AuthenticatableTest < ActiveSupport::TestCase # config.strip_whitespace_keys = [:email] test 'find_or_initialize_with_errors uses parameter filter on find' do user = User.create!(email: "example@example.com", password: "1234567") - assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }), user + assert_equal user, User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }) end # assumes default configuration of # config.case_insensitive_keys = [:email] # config.strip_whitespace_keys = [:email] test 'find_or_initialize_with_errors uses parameter filter on initialize' do - assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email, "example@example.com" + assert_equal "example@example.com", User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email end test 'find_or_initialize_with_errors adds blank error' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 899c9caba..d6f26c2ba 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -61,7 +61,7 @@ def setup user = create_user raw = user.raw_confirmation_token confirmed_user = User.confirm_by_token(raw) - assert_equal confirmed_user, user + assert_equal user, confirmed_user assert user.reload.confirmed? end @@ -160,7 +160,7 @@ def setup test 'should find a user to send confirmation instructions' do user = create_user confirmation_user = User.send_confirmation_instructions(email: user.email) - assert_equal confirmation_user, user + assert_equal user, confirmation_user end test 'should return a new user if no email was found' do @@ -305,7 +305,7 @@ def setup swap Devise, authentication_keys: [:username, :email] do user = create_user confirm_user = User.send_confirmation_instructions(email: user.email, username: user.username) - assert_equal confirm_user, user + assert_equal user, confirm_user end end @@ -322,7 +322,7 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) user = create_user user.update_attribute(:confirmation_sent_at, confirmation_sent_at) confirmed_user = User.confirm_by_token(user.raw_confirmation_token) - assert_equal confirmed_user, user + assert_equal user, confirmed_user user.reload.confirmed? end @@ -497,7 +497,7 @@ class ReconfirmableTest < ActiveSupport::TestCase assert admin.confirm assert admin.update(email: 'new_test@example.com') confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email) - assert_equal confirmation_admin, admin + assert_equal admin, confirmation_admin end test 'should return a new admin if no email or unconfirmed_email was found' do @@ -520,20 +520,20 @@ class ReconfirmableTest < ActiveSupport::TestCase end test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Confirmable.required_fields(User), [ + assert_equal [ :confirmation_token, :confirmed_at, :confirmation_sent_at - ] + ], Devise::Models::Confirmable.required_fields(User) end test 'required_fields should also contain unconfirmable when reconfirmable_email is true' do - assert_equal Devise::Models::Confirmable.required_fields(Admin), [ + assert_equal [ :confirmation_token, :confirmed_at, :confirmation_sent_at, :unconfirmed_email - ] + ], Devise::Models::Confirmable.required_fields(Admin) end test 'should not require reconfirmation after creating a record' do diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 6eb6a0527..676b44d2b 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -108,7 +108,7 @@ def setup test 'should support custom hashing methods' do user = UserWithCustomHashing.new(password: '654321') - assert_equal user.encrypted_password, '123456' + assert_equal '123456', user.encrypted_password end test 'allow authenticatable_salt to work even with nil hashed password' do @@ -293,18 +293,18 @@ def setup end test 'required_fields should be encryptable_password and the email field by default' do - assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [ + assert_equal [ :encrypted_password, :email - ] + ], Devise::Models::DatabaseAuthenticatable.required_fields(User) end test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do swap Devise, authentication_keys: [:login] do - assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [ + assert_equal [ :encrypted_password, :login - ] + ], Devise::Models::DatabaseAuthenticatable.required_fields(User) end end end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 644156a4e..c18441604 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -174,7 +174,7 @@ def setup user = create_user raw = user.send_unlock_instructions locked_user = User.unlock_access_by_token(raw) - assert_equal locked_user, user + assert_equal user, locked_user refute user.reload.access_locked? end @@ -194,7 +194,7 @@ def setup user = create_user user.lock_access! unlock_user = User.send_unlock_instructions(email: user.email) - assert_equal unlock_user, user + assert_equal user, unlock_user end test 'should return a new user if no email was found' do @@ -211,7 +211,7 @@ def setup swap Devise, authentication_keys: [:username, :email] do user = create_user unlock_user = User.send_unlock_instructions(email: user.email, username: user.username) - assert_equal unlock_user, user + assert_equal user, unlock_user end end @@ -270,11 +270,11 @@ def setup test 'required_fields should contain the all the fields when all the strategies are enabled' do swap Devise, unlock_strategy: :both do swap Devise, lock_strategy: :failed_attempts do - assert_equal Devise::Models::Lockable.required_fields(User), [ - :failed_attempts, - :locked_at, - :unlock_token - ] + assert_equal [ + :failed_attempts, + :locked_at, + :unlock_token + ], Devise::Models::Lockable.required_fields(User) end end end @@ -282,10 +282,10 @@ def setup test 'required_fields should contain only failed_attempts and locked_at when the strategies are time and failed_attempts are enabled' do swap Devise, unlock_strategy: :time do swap Devise, lock_strategy: :failed_attempts do - assert_equal Devise::Models::Lockable.required_fields(User), [ - :failed_attempts, - :locked_at - ] + assert_equal [ + :failed_attempts, + :locked_at + ], Devise::Models::Lockable.required_fields(User) end end end @@ -293,10 +293,10 @@ def setup test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do swap Devise, unlock_strategy: :email do swap Devise, lock_strategy: :failed_attempts do - assert_equal Devise::Models::Lockable.required_fields(User), [ - :failed_attempts, - :unlock_token - ] + assert_equal [ + :failed_attempts, + :unlock_token + ], Devise::Models::Lockable.required_fields(User) end end end diff --git a/test/models/omniauthable_test.rb b/test/models/omniauthable_test.rb index c22bc4308..22cea976c 100644 --- a/test/models/omniauthable_test.rb +++ b/test/models/omniauthable_test.rb @@ -4,6 +4,6 @@ class OmniauthableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Omniauthable.required_fields(User), [] + assert_equal [], Devise::Models::Omniauthable.required_fields(User) end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index ab47f95f1..69f14a9b9 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -116,7 +116,7 @@ def setup test 'should find a user to send instructions by email' do user = create_user reset_password_user = User.send_reset_password_instructions(email: user.email) - assert_equal reset_password_user, user + assert_equal user, reset_password_user end test 'should return a new record with errors if user was not found by e-mail' do @@ -129,7 +129,7 @@ def setup swap Devise, authentication_keys: [:username, :email] do user = create_user reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username) - assert_equal reset_password_user, user + assert_equal user, reset_password_user end end @@ -161,7 +161,7 @@ def setup raw = user.send_reset_password_instructions reset_password_user = User.reset_password_by_token(reset_password_token: raw) - assert_equal reset_password_user, user + assert_equal user, reset_password_user end test 'should return a new record with errors if no reset_password_token is found' do @@ -237,23 +237,23 @@ def setup end test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Recoverable.required_fields(User), [ + assert_equal [ :reset_password_sent_at, :reset_password_token - ] + ], Devise::Models::Recoverable.required_fields(User) end test 'should return a user based on the raw token' do user = create_user raw = user.send_reset_password_instructions - assert_equal User.with_reset_password_token(raw), user + assert_equal user, User.with_reset_password_token(raw) end test 'should return the same reset password token as generated' do user = create_user raw = user.send_reset_password_instructions - assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token + assert_equal user.reset_password_token, Devise.token_generator.digest(self.class, :reset_password_token, raw) end test 'should return nil if a user based on the raw token is not found' do diff --git a/test/models/registerable_test.rb b/test/models/registerable_test.rb index 254934168..df5cf6fcf 100644 --- a/test/models/registerable_test.rb +++ b/test/models/registerable_test.rb @@ -4,6 +4,6 @@ class RegisterableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Registerable.required_fields(User), [] + assert_equal [], Devise::Models::Registerable.required_fields(User) end end diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 24ebb3feb..076a18a24 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -177,8 +177,8 @@ def user.authenticatable_salt; ""; end end test 'should have the required_fields array' do - assert_equal Devise::Models::Rememberable.required_fields(User), [ + assert_equal [ :remember_created_at - ] + ], Devise::Models::Rememberable.required_fields(User) end end diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index 205c8023b..6bbb29606 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -43,7 +43,7 @@ class TimeoutableTest < ActiveSupport::TestCase end test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Timeoutable.required_fields(User), [] + assert_equal [], Devise::Models::Timeoutable.required_fields(User) end test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do diff --git a/test/models/trackable_test.rb b/test/models/trackable_test.rb index d89df42d4..250ca1d46 100644 --- a/test/models/trackable_test.rb +++ b/test/models/trackable_test.rb @@ -4,13 +4,13 @@ class TrackableTest < ActiveSupport::TestCase test 'required_fields should contain the fields that Devise uses' do - assert_equal Devise::Models::Trackable.required_fields(User), [ + assert_equal [ :current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count - ] + ], Devise::Models::Trackable.required_fields(User) end test 'update_tracked_fields should only set attributes but not save the record' do diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index 6e02ad445..f96cfa918 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -116,6 +116,6 @@ class ValidatableTest < ActiveSupport::TestCase end test 'required_fields should be an empty array' do - assert_equal Devise::Models::Validatable.required_fields(User), [] + assert_equal [], Devise::Models::Validatable.required_fields(User) end end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 588ca7915..9aad7341e 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -97,7 +97,7 @@ def respond test "returns the body of a failure app" do get :index - assert_equal response.body, "You are being redirected." + assert_equal "You are being redirected.", response.body end test "returns the content type of a failure app" do From 15135f7dc61e3b109e62f1e9be826cb31dfd12d9 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 27 Aug 2020 18:38:26 -0300 Subject: [PATCH 080/299] User `assert_includes`/`refute_includes` minitest helpers --- test/controllers/load_hooks_controller_test.rb | 4 ++-- test/failure_app_test.rb | 16 ++++++++-------- test/integration/authenticatable_test.rb | 4 ++-- test/integration/confirmable_test.rb | 6 +++--- test/integration/lockable_test.rb | 6 +++--- test/integration/recoverable_test.rb | 6 +++--- test/integration/registerable_test.rb | 6 +++--- test/mailers/confirmation_instructions_test.rb | 2 +- test/mailers/email_changed_test.rb | 2 +- test/mailers/reset_password_instructions_test.rb | 2 +- test/mailers/unlock_instructions_test.rb | 2 +- test/models/confirmable_test.rb | 2 +- test/models/lockable_test.rb | 2 +- test/models/recoverable_test.rb | 2 +- test/support/integration.rb | 2 +- test/test/controller_helpers_test.rb | 4 ++-- 16 files changed, 34 insertions(+), 34 deletions(-) diff --git a/test/controllers/load_hooks_controller_test.rb b/test/controllers/load_hooks_controller_test.rb index 6387b309a..63720c2e2 100644 --- a/test/controllers/load_hooks_controller_test.rb +++ b/test/controllers/load_hooks_controller_test.rb @@ -16,6 +16,6 @@ class LoadHooksControllerTest < Devise::ControllerTestCase end test 'load hook called when controller is loaded' do - assert DeviseController.instance_methods.include? :defined_by_load_hook + assert_includes DeviseController.instance_methods, :defined_by_load_hook end -end \ No newline at end of file +end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index dc2a5bbc7..920e47cb4 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -326,8 +326,8 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('Invalid Email or password.') + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'Invalid Email or password.' end test 'calls the original controller if not confirmed email' do @@ -337,8 +337,8 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('You have to confirm your email address before continuing.') + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'You have to confirm your email address before continuing.' end test 'calls the original controller if inactive account' do @@ -348,8 +348,8 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('Your account is not activated yet.') + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'Your account is not activated yet.' end if Rails.application.config.respond_to?(:relative_url_root) @@ -361,8 +361,8 @@ def call_failure(env_params={}) "warden" => stub_everything } call_failure(env) - assert @response.third.body.include?('

Log in

') - assert @response.third.body.include?('Invalid Email or password.') + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'Invalid Email or password.' assert_equal '/sample', @request.env["SCRIPT_NAME"] assert_equal '/users/sign_in', @request.env["PATH_INFO"] end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 40c79cca8..fcc1d734b 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -496,7 +496,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest create_user post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'sign in with xml format is idempotent' do @@ -512,7 +512,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'sign out with html redirects' do diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 4886a6b56..85b2f7234 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -225,21 +225,21 @@ def resend_confirmation create_user(confirm: false) post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'confirm account with valid confirmation token in XML format should return valid response' do user = create_user(confirm: false) get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml') assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'confirm account with invalid confirmation token in XML format should return invalid response' do create_user(confirm: false) get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml') assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'request an account confirmation account with JSON, should return an empty JSON' do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index ca72befd9..01077f604 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -146,7 +146,7 @@ def send_unlock_request post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) assert_equal 0, ActionMailer::Base.deliveries.size end @@ -156,13 +156,13 @@ def send_unlock_request assert user.access_locked? get user_unlock_path(format: 'xml', unlock_token: raw) assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'user with invalid unlock token should not be able to unlock the account via XML request' do get user_unlock_path(format: 'xml', unlock_token: 'invalid_token') assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test "when using json to ask a unlock request, should not return the user" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index c6f8c6cfc..d3cbb96b9 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -272,7 +272,7 @@ def reset_password(options={}, &block) create_user post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do @@ -300,7 +300,7 @@ def reset_password(options={}, &block) request_forgot_password put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'change password with invalid new password in XML format should return invalid response' do @@ -308,7 +308,7 @@ def reset_password(options={}, &block) request_forgot_password put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test "when using json requests to ask a confirmable request, should not return the object" do diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index dfe4b48eb..462b478f5 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -300,7 +300,7 @@ def user_sign_up test 'an admin sign up with valid information in XML format should return valid response' do post admin_registration_path(format: 'xml'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) admin = Admin.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', admin.email @@ -309,7 +309,7 @@ def user_sign_up test 'a user sign up with valid information in XML format should return valid response' do post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } assert_response :success - assert response.body.include? %(\n) + assert_includes response.body, %(\n) user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', user.email @@ -318,7 +318,7 @@ def user_sign_up test 'a user sign up with invalid information in XML format should return invalid response' do post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } } assert_response :unprocessable_entity - assert response.body.include? %(\n) + assert_includes response.body, %(\n) end test 'a user update information with valid data in XML format should return valid response' do diff --git a/test/mailers/confirmation_instructions_test.rb b/test/mailers/confirmation_instructions_test.rb index 8f9dbc151..5b4633121 100644 --- a/test/mailers/confirmation_instructions_test.rb +++ b/test/mailers/confirmation_instructions_test.rb @@ -31,7 +31,7 @@ def mail end test 'content type should be set to html' do - assert mail.content_type.include?('text/html') + assert_includes mail.content_type, 'text/html' end test 'send confirmation instructions to the user email' do diff --git a/test/mailers/email_changed_test.rb b/test/mailers/email_changed_test.rb index c82517f50..f32416545 100644 --- a/test/mailers/email_changed_test.rb +++ b/test/mailers/email_changed_test.rb @@ -35,7 +35,7 @@ def mail end test 'content type should be set to html' do - assert mail.content_type.include?('text/html') + assert_includes mail.content_type, 'text/html' end test 'send email changed to the original user email' do diff --git a/test/mailers/reset_password_instructions_test.rb b/test/mailers/reset_password_instructions_test.rb index 1a371b721..5a344cbf0 100644 --- a/test/mailers/reset_password_instructions_test.rb +++ b/test/mailers/reset_password_instructions_test.rb @@ -34,7 +34,7 @@ def mail end test 'content type should be set to html' do - assert mail.content_type.include?('text/html') + assert_includes mail.content_type, 'text/html' end test 'send confirmation instructions to the user email' do diff --git a/test/mailers/unlock_instructions_test.rb b/test/mailers/unlock_instructions_test.rb index 3722cf9c6..dff580e2e 100644 --- a/test/mailers/unlock_instructions_test.rb +++ b/test/mailers/unlock_instructions_test.rb @@ -35,7 +35,7 @@ def mail end test 'content type should be set to html' do - assert mail.content_type.include?('text/html') + assert_includes mail.content_type, 'text/html' end test 'send unlock instructions to the user email' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index d6f26c2ba..36acf5406 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -28,7 +28,7 @@ def setup confirmation_tokens = [] 3.times do token = create_user.confirmation_token - assert !confirmation_tokens.include?(token) + refute_includes confirmation_tokens, token confirmation_tokens << token end end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index c18441604..8b12d5504 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -121,7 +121,7 @@ def setup user = create_user user.lock_access! token = user.unlock_token - assert !unlock_tokens.include?(token) + refute_includes unlock_tokens, token unlock_tokens << token end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 69f14a9b9..187c2dd1a 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -18,7 +18,7 @@ def setup user = create_user user.send_reset_password_instructions token = user.reset_password_token - assert !reset_password_tokens.include?(token) + refute_includes reset_password_tokens, token reset_password_tokens << token end end diff --git a/test/support/integration.rb b/test/support/integration.rb index 2dccccf11..94554cba9 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -61,7 +61,7 @@ def sign_in_as_admin(options={}, &block) # account Middleware redirects. # def assert_redirected_to(url) - assert [301, 302].include?(@integration_session.status), + assert_includes [301, 302], @integration_session.status, "Expected status to be 301 or 302, got #{@integration_session.status}" assert_url url, @integration_session.headers["Location"] diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 9aad7341e..73548e4a4 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -104,9 +104,9 @@ def respond get :index, params: { format: :xml } if Devise::Test.rails6? - assert response.media_type.include?('application/xml') + assert_includes response.media_type, 'application/xml' else - assert response.content_type.include?('application/xml') + assert_includes response.content_type, 'application/xml' end end From 97aa37bb50c0b7604e49fa3ce594bb85463e28dd Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 27 Aug 2020 18:40:03 -0300 Subject: [PATCH 081/299] Use `assert_empty` minitest helper --- test/controllers/internal_helpers_test.rb | 2 +- test/integration/lockable_test.rb | 2 +- test/integration/registerable_test.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 7710e0d7b..9f1b3f5b4 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -51,7 +51,7 @@ def setup end test 'resources methods are not controller actions' do - assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty? + assert_empty @controller.class.action_methods.delete_if { |m| m.include? 'commenter' } end test 'require no authentication tests current mapping' do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 01077f604..b0eaf02f5 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -99,7 +99,7 @@ def send_unlock_request sign_in_as_user(password: "invalid") assert_contain 'Your account is locked.' - assert ActionMailer::Base.deliveries.empty? + assert_empty ActionMailer::Base.deliveries end test 'error message is configurable by resource name' do diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 462b478f5..7cf5fa7cf 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -268,7 +268,7 @@ def user_sign_up click_button "Cancel my account" assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon." - assert User.to_adapter.find_all.empty? + assert_empty User.to_adapter.find_all end test 'a user should be able to cancel sign up by deleting data in the session' do From eed641d2bea11839ab13e943660da41cad14314d Mon Sep 17 00:00:00 2001 From: mune Date: Mon, 31 Aug 2020 20:46:43 +0900 Subject: [PATCH 082/299] Add spaces around method arguments when setting default values Closes #5288 --- app/mailers/devise/mailer.rb | 10 +++++----- lib/devise/controllers/helpers.rb | 8 ++++---- lib/devise/controllers/sign_in_out.rb | 6 +++--- lib/devise/controllers/url_helpers.rb | 2 +- lib/devise/mapping.rb | 2 +- lib/devise/models/authenticatable.rb | 6 +++--- lib/devise/models/confirmable.rb | 4 ++-- lib/devise/models/lockable.rb | 2 +- lib/devise/models/recoverable.rb | 4 ++-- lib/devise/rails/routes.rb | 8 ++++---- test/controllers/url_helpers_test.rb | 2 +- test/failure_app_test.rb | 2 +- test/generators/views_generator_test.rb | 2 +- test/integration/confirmable_test.rb | 2 +- test/integration/http_authenticatable_test.rb | 2 +- test/integration/recoverable_test.rb | 2 +- test/integration/rememberable_test.rb | 2 +- test/mapping_test.rb | 2 +- test/models/serializable_test.rb | 2 +- test/omniauth/url_helpers_test.rb | 2 +- test/rails_app/lib/shared_user_without_email.rb | 2 +- test/support/helpers.rb | 12 ++++++------ test/support/integration.rb | 8 ++++---- 23 files changed, 47 insertions(+), 47 deletions(-) diff --git a/app/mailers/devise/mailer.rb b/app/mailers/devise/mailer.rb index 11ef449cb..e617edcd0 100644 --- a/app/mailers/devise/mailer.rb +++ b/app/mailers/devise/mailer.rb @@ -4,26 +4,26 @@ class Devise::Mailer < Devise.parent_mailer.constantize include Devise::Mailers::Helpers - def confirmation_instructions(record, token, opts={}) + def confirmation_instructions(record, token, opts = {}) @token = token devise_mail(record, :confirmation_instructions, opts) end - def reset_password_instructions(record, token, opts={}) + def reset_password_instructions(record, token, opts = {}) @token = token devise_mail(record, :reset_password_instructions, opts) end - def unlock_instructions(record, token, opts={}) + def unlock_instructions(record, token, opts = {}) @token = token devise_mail(record, :unlock_instructions, opts) end - def email_changed(record, opts={}) + def email_changed(record, opts = {}) devise_mail(record, :email_changed, opts) end - def password_change(record, opts={}) + def password_change(record, opts = {}) devise_mail(record, :password_change, opts) end end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index e0e6acc32..bc6e9fd86 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -36,11 +36,11 @@ module ClassMethods # before_action ->{ authenticate_blogger! :admin } # Redirects to the admin login page # current_blogger :user # Preferably returns a User if one is signed in # - def devise_group(group_name, opts={}) + def devise_group(group_name, opts = {}) mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]" class_eval <<-METHODS, __FILE__, __LINE__ + 1 - def authenticate_#{group_name}!(favorite=nil, opts={}) + def authenticate_#{group_name}!(favorite = nil, opts = {}) unless #{group_name}_signed_in? mappings = #{mappings} mappings.unshift mappings.delete(favorite.to_sym) if favorite @@ -57,7 +57,7 @@ def #{group_name}_signed_in? end end - def current_#{group_name}(favorite=nil) + def current_#{group_name}(favorite = nil) mappings = #{mappings} mappings.unshift mappings.delete(favorite.to_sym) if favorite mappings.each do |mapping| @@ -113,7 +113,7 @@ def self.define_helpers(mapping) #:nodoc: mapping = mapping.name class_eval <<-METHODS, __FILE__, __LINE__ + 1 - def authenticate_#{mapping}!(opts={}) + def authenticate_#{mapping}!(opts = {}) opts[:scope] = :#{mapping} warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 19481b4d4..526b41ea4 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -10,7 +10,7 @@ module SignInOut # cause exceptions to be thrown from this method; if you simply want to check # if a scope has already previously been authenticated without running # authentication hooks, you can directly call `warden.authenticated?(scope: scope)` - def signed_in?(scope=nil) + def signed_in?(scope = nil) [scope || Devise.mappings.keys].flatten.any? do |_scope| warden.authenticate?(scope: _scope) end @@ -77,7 +77,7 @@ def bypass_sign_in(resource, scope: nil) # sign_out :user # sign_out(scope) # sign_out @user # sign_out(resource) # - def sign_out(resource_or_scope=nil) + def sign_out(resource_or_scope = nil) return sign_out_all_scopes unless resource_or_scope scope = Devise::Mapping.find_scope!(resource_or_scope) user = warden.user(scope: scope, run_callbacks: false) # If there is no user @@ -92,7 +92,7 @@ def sign_out(resource_or_scope=nil) # Sign out all active users or scopes. This helper is useful for signing out all roles # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout # and false if there was no user logged in on all scopes. - def sign_out_all_scopes(lock=true) + def sign_out_all_scopes(lock = true) users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } warden.logout diff --git a/lib/devise/controllers/url_helpers.rb b/lib/devise/controllers/url_helpers.rb index 3da36423e..2792a07c8 100644 --- a/lib/devise/controllers/url_helpers.rb +++ b/lib/devise/controllers/url_helpers.rb @@ -34,7 +34,7 @@ def self.remove_helpers! end end - def self.generate_helpers!(routes=nil) + def self.generate_helpers!(routes = nil) routes ||= begin mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq Devise::URL_HELPERS.slice(*mappings) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 7692020ff..7c7ea0085 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -46,7 +46,7 @@ def self.find_scope!(obj) raise "Could not find a valid mapping for #{obj.inspect}" end - def self.find_by_path!(path, path_type=:fullpath) + def self.find_by_path!(path, path_type = :fullpath) Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) } raise "Could not find a valid mapping for path #{path.inspect}" end diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 3df93112f..5b748ad2c 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -276,17 +276,17 @@ def find_for_authentication(tainted_conditions) find_first_by_auth_conditions(tainted_conditions) end - def find_first_by_auth_conditions(tainted_conditions, opts={}) + def find_first_by_auth_conditions(tainted_conditions, opts = {}) to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts)) end # Find or initialize a record setting an error if it can't be found. - def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc: + def find_or_initialize_with_error_by(attribute, value, error = :invalid) #:nodoc: find_or_initialize_with_errors([attribute], { attribute => value }, error) end # Find or initialize a record with group of attributes based on a list of required attributes. - def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc: + def find_or_initialize_with_errors(required_attributes, attributes, error = :invalid) #:nodoc: attributes.try(:permit!) attributes = attributes.to_h.with_indifferent_access .slice(*required_attributes) diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 91258f4c3..7faae516b 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -76,7 +76,7 @@ def self.required_fields(klass) # Confirm a user by setting it's confirmed_at to actual time. If the user # is already confirmed, add an error to email field. If the user is invalid # add errors - def confirm(args={}) + def confirm(args = {}) pending_any_confirmation do if confirmation_period_expired? self.errors.add(:email, :confirmation_period_expired, @@ -334,7 +334,7 @@ module ClassMethods # confirmation instructions to it. If not, try searching for a user by unconfirmed_email # field. If no user is found, returns a new user with an email not found error. # Options must contain the user email - def send_confirmation_instructions(attributes={}) + def send_confirmation_instructions(attributes = {}) confirmable = find_by_unconfirmed_email_with_errors(attributes) if reconfirmable unless confirmable.try(:persisted?) confirmable = find_or_initialize_with_errors(confirmation_keys, attributes, :not_found) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index b8ec4dcaa..578f52949 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -168,7 +168,7 @@ module ClassMethods # unlock instructions to it. If not user is found, returns a new user # with an email not found error. # Options must contain the user's unlock keys - def send_unlock_instructions(attributes={}) + def send_unlock_instructions(attributes = {}) lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found) lockable.resend_unlock_instructions if lockable.persisted? lockable diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 75318d503..0cca30f06 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -131,7 +131,7 @@ def with_reset_password_token(token) # password instructions to it. If user is not found, returns a new user # with an email not found error. # Attributes must contain the user's email - def send_reset_password_instructions(attributes={}) + def send_reset_password_instructions(attributes = {}) recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found) recoverable.send_reset_password_instructions if recoverable.persisted? recoverable @@ -142,7 +142,7 @@ def send_reset_password_instructions(attributes={}) # try saving the record. If not user is found, returns a new user # containing an error in reset_password_token attribute. # Attributes must contain reset_password_token, password and confirmation - def reset_password_by_token(attributes={}) + def reset_password_by_token(attributes = {}) original_token = attributes[:reset_password_token] reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 95a4ced79..004b98574 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -287,7 +287,7 @@ def devise_for(*resources) # root to: "admin/dashboard#show", as: :user_root # end # - def authenticate(scope=nil, block=nil) + def authenticate(scope = nil, block = nil) constraints_for(:authenticate!, scope, block) do yield end @@ -311,7 +311,7 @@ def authenticate(scope=nil, block=nil) # # root to: 'landing#show' # - def authenticated(scope=nil, block=nil) + def authenticated(scope = nil, block = nil) constraints_for(:authenticate?, scope, block) do yield end @@ -328,7 +328,7 @@ def authenticated(scope=nil, block=nil) # # root to: 'dashboard#show' # - def unauthenticated(scope=nil) + def unauthenticated(scope = nil) constraint = lambda do |request| not request.env["warden"].authenticate? scope: scope end @@ -474,7 +474,7 @@ def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: @scope = current_scope end - def constraints_for(method_to_apply, scope=nil, block=nil) + def constraints_for(method_to_apply, scope = nil, block = nil) constraint = lambda do |request| request.env['warden'].send(method_to_apply, scope: scope) && (block.nil? || block.call(request.env["warden"].user(scope))) diff --git a/test/controllers/url_helpers_test.rb b/test/controllers/url_helpers_test.rb index d5328a367..e4b6a3093 100644 --- a/test/controllers/url_helpers_test.rb +++ b/test/controllers/url_helpers_test.rb @@ -5,7 +5,7 @@ class RoutesTest < Devise::ControllerTestCase tests ApplicationController - def assert_path_and_url(name, prepend_path=nil) + def assert_path_and_url(name, prepend_path = nil) @request.path = '/users/session' prepend_path = "#{prepend_path}_" if prepend_path diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 920e47cb4..1b0aeb04a 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -73,7 +73,7 @@ def self.context(name, &block) instance_eval(&block) end - def call_failure(env_params={}) + def call_failure(env_params = {}) env = { 'REQUEST_URI' => 'http://test.host/', 'HTTP_HOST' => 'test.host', diff --git a/test/generators/views_generator_test.rb b/test/generators/views_generator_test.rb index 3b7349fa6..1f8f90f3c 100644 --- a/test/generators/views_generator_test.rb +++ b/test/generators/views_generator_test.rb @@ -77,7 +77,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase assert_file "app/views/devise/mailer/reset_password_instructions.markerb" end - def assert_files(scope = nil, options={}) + def assert_files(scope = nil, options = {}) scope = "devise" if scope.nil? mail_template_engine = options[:mail_template_engine] || "html.erb" diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 85b2f7234..165954617 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -282,7 +282,7 @@ def resend_confirmation end class ConfirmationOnChangeTest < Devise::IntegrationTest - def create_second_admin(options={}) + def create_second_admin(options = {}) @admin = nil create_admin(options) end diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 3a52c571f..619a3cd82 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -99,7 +99,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest end private - def sign_in_as_new_user_with_http(username="user@test.com", password="12345678") + def sign_in_as_new_user_with_http(username = "user@test.com", password = "12345678") user = create_user get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" } user diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index d3cbb96b9..2f1ca6e92 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -21,7 +21,7 @@ def request_forgot_password(&block) click_button 'Send me reset password instructions' end - def reset_password(options={}, &block) + def reset_password(options = {}, &block) unless options[:visit] == false visit edit_user_password_path(reset_password_token: options[:reset_password_token] || "abcdef") assert_response :success diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index cd6f2f10e..62547e762 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -3,7 +3,7 @@ require 'test_helper' class RememberMeTest < Devise::IntegrationTest - def create_user_and_remember(add_to_token='') + def create_user_and_remember(add_to_token = '') user = create_user user.remember_me! raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token } diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 0fc10c1a6..0c874570c 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -6,7 +6,7 @@ class FakeRequest < Struct.new(:path_info, :params) end class MappingTest < ActiveSupport::TestCase - def fake_request(path, params={}) + def fake_request(path, params = {}) FakeRequest.new(path, params) end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 52a198136..602cbe371 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -58,7 +58,7 @@ def assert_no_key(key, subject) assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}" end - def from_json(options=nil) + def from_json(options = nil) ActiveSupport::JSON.decode(@user.to_json(options))["user"] end end diff --git a/test/omniauth/url_helpers_test.rb b/test/omniauth/url_helpers_test.rb index 41d4f5016..a8098c741 100644 --- a/test/omniauth/url_helpers_test.rb +++ b/test/omniauth/url_helpers_test.rb @@ -5,7 +5,7 @@ class OmniAuthRoutesTest < ActionController::TestCase tests ApplicationController - def assert_path(action, provider, with_param=true) + def assert_path(action, provider, with_param = true) # Resource param assert_equal @controller.send(action, :user, provider), @controller.send("user_#{provider}_#{action}") diff --git a/test/rails_app/lib/shared_user_without_email.rb b/test/rails_app/lib/shared_user_without_email.rb index f030c195d..5a86729ff 100644 --- a/test/rails_app/lib/shared_user_without_email.rb +++ b/test/rails_app/lib/shared_user_without_email.rb @@ -21,7 +21,7 @@ def email_changed? raise NoMethodError end - def respond_to?(method_name, include_all=false) + def respond_to?(method_name, include_all = false) return false if method_name.to_sym == :email_changed? super(method_name, include_all) end diff --git a/test/support/helpers.rb b/test/support/helpers.rb index fe7cf1b57..11ac4486a 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -27,32 +27,32 @@ def generate_unique_email "test#{@@email_count}@example.com" end - def valid_attributes(attributes={}) + def valid_attributes(attributes = {}) { username: "usertest", email: generate_unique_email, password: '12345678', password_confirmation: '12345678' }.update(attributes) end - def new_user(attributes={}) + def new_user(attributes = {}) User.new(valid_attributes(attributes)) end - def create_user(attributes={}) + def create_user(attributes = {}) User.create!(valid_attributes(attributes)) end - def create_admin(attributes={}) + def create_admin(attributes = {}) valid_attributes = valid_attributes(attributes) valid_attributes.delete(:username) Admin.create!(valid_attributes) end - def create_user_without_email(attributes={}) + def create_user_without_email(attributes = {}) UserWithoutEmail.create!(valid_attributes(attributes)) end - def create_user_with_validations(attributes={}) + def create_user_with_validations(attributes = {}) UserWithValidations.create!(valid_attributes(attributes)) end diff --git a/test/support/integration.rb b/test/support/integration.rb index 94554cba9..76d297a49 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -7,7 +7,7 @@ def warden request.env['warden'] end - def create_user(options={}) + def create_user(options = {}) @user ||= begin user = User.create!( username: 'usertest', @@ -24,7 +24,7 @@ def create_user(options={}) end end - def create_admin(options={}) + def create_admin(options = {}) @admin ||= begin admin = Admin.create!( email: options[:email] || 'admin@test.com', @@ -36,7 +36,7 @@ def create_admin(options={}) end end - def sign_in_as_user(options={}, &block) + def sign_in_as_user(options = {}, &block) user = create_user(options) visit_with_option options[:visit], new_user_session_path fill_in 'email', with: options[:email] || 'user@test.com' @@ -47,7 +47,7 @@ def sign_in_as_user(options={}, &block) user end - def sign_in_as_admin(options={}, &block) + def sign_in_as_admin(options = {}, &block) admin = create_admin(options) visit_with_option options[:visit], new_admin_session_path fill_in 'email', with: 'admin@test.com' From 4896a9b41aec7fe417714964847ab3c32c769def Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 20 Sep 2020 10:43:42 -0300 Subject: [PATCH 083/299] Update bundle --- Gemfile.lock | 124 +++++++++++++++++++++++++-------------------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e6eeaae5d..ff6ea8151 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 + revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 specs: activemodel-serializers-xml (1.0.2) activemodel (>= 5.0.0.a) @@ -29,62 +29,62 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.2) - actionpack (= 6.0.3.2) + actioncable (6.0.3.3) + actionpack (= 6.0.3.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.2) - actionpack (= 6.0.3.2) - activejob (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) + actionmailbox (6.0.3.3) + actionpack (= 6.0.3.3) + activejob (= 6.0.3.3) + activerecord (= 6.0.3.3) + activestorage (= 6.0.3.3) + activesupport (= 6.0.3.3) mail (>= 2.7.1) - actionmailer (6.0.3.2) - actionpack (= 6.0.3.2) - actionview (= 6.0.3.2) - activejob (= 6.0.3.2) + actionmailer (6.0.3.3) + actionpack (= 6.0.3.3) + actionview (= 6.0.3.3) + activejob (= 6.0.3.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.2) - actionview (= 6.0.3.2) - activesupport (= 6.0.3.2) + actionpack (6.0.3.3) + actionview (= 6.0.3.3) + activesupport (= 6.0.3.3) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.2) - actionpack (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) + actiontext (6.0.3.3) + actionpack (= 6.0.3.3) + activerecord (= 6.0.3.3) + activestorage (= 6.0.3.3) + activesupport (= 6.0.3.3) nokogiri (>= 1.8.5) - actionview (6.0.3.2) - activesupport (= 6.0.3.2) + actionview (6.0.3.3) + activesupport (= 6.0.3.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.2) - activesupport (= 6.0.3.2) + activejob (6.0.3.3) + activesupport (= 6.0.3.3) globalid (>= 0.3.6) - activemodel (6.0.3.2) - activesupport (= 6.0.3.2) - activerecord (6.0.3.2) - activemodel (= 6.0.3.2) - activesupport (= 6.0.3.2) - activestorage (6.0.3.2) - actionpack (= 6.0.3.2) - activejob (= 6.0.3.2) - activerecord (= 6.0.3.2) + activemodel (6.0.3.3) + activesupport (= 6.0.3.3) + activerecord (6.0.3.3) + activemodel (= 6.0.3.3) + activesupport (= 6.0.3.3) + activestorage (6.0.3.3) + actionpack (= 6.0.3.3) + activejob (= 6.0.3.3) + activerecord (= 6.0.3.3) marcel (~> 0.3.1) - activesupport (6.0.3.2) + activesupport (6.0.3.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - bcrypt (3.1.15) + bcrypt (3.1.16) builder (3.2.4) concurrent-ruby (1.1.7) crass (1.0.6) @@ -96,8 +96,8 @@ GEM hashie (4.1.0) i18n (1.8.5) concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.6.0) + jwt (2.2.2) + loofah (2.7.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -108,12 +108,12 @@ GEM mimemagic (0.3.5) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.14.1) + minitest (5.14.2) mocha (1.11.2) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.2) + nio4r (2.5.4) nokogiri (1.10.10) mini_portile2 (~> 2.4.0) oauth2 (1.4.4) @@ -125,10 +125,10 @@ GEM omniauth (1.9.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) + omniauth-facebook (7.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) + omniauth-oauth2 (1.7.0) + oauth2 (~> 1.4) omniauth (~> 1.9) omniauth-openid (1.0.1) omniauth (~> 1.0) @@ -140,29 +140,29 @@ GEM ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.2) - actioncable (= 6.0.3.2) - actionmailbox (= 6.0.3.2) - actionmailer (= 6.0.3.2) - actionpack (= 6.0.3.2) - actiontext (= 6.0.3.2) - actionview (= 6.0.3.2) - activejob (= 6.0.3.2) - activemodel (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) + rails (6.0.3.3) + actioncable (= 6.0.3.3) + actionmailbox (= 6.0.3.3) + actionmailer (= 6.0.3.3) + actionpack (= 6.0.3.3) + actiontext (= 6.0.3.3) + actionview (= 6.0.3.3) + activejob (= 6.0.3.3) + activemodel (= 6.0.3.3) + activerecord (= 6.0.3.3) + activestorage (= 6.0.3.3) + activesupport (= 6.0.3.3) bundler (>= 1.3.0) - railties (= 6.0.3.2) + railties (= 6.0.3.3) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.2) - actionpack (= 6.0.3.2) - activesupport (= 6.0.3.2) + railties (6.0.3.3) + actionpack (= 6.0.3.3) + activesupport (= 6.0.3.3) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -175,7 +175,7 @@ GEM sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.1) + sprockets-rails (3.2.2) actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) @@ -185,8 +185,8 @@ GEM timecop (0.9.1) tzinfo (1.2.7) thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) + warden (1.2.9) + rack (>= 2.0.9) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) From f12be553cca66e5ed4f83fd387ffc189e06d5311 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 20 Sep 2020 10:45:10 -0300 Subject: [PATCH 084/299] Update changelog [ci skip] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca168f757..b50e727ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ * bug fixes * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) + * Fix thor deprecation when running the devise generator. (by @deivid-rodriguez) + * Fix hanging tests for streaming controllers using Devise. (by @afn) * deprecations * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) From 45b831c4ea5a35914037bd27fe88b76d7b3683a4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 20 Sep 2020 21:24:01 -0300 Subject: [PATCH 085/299] Release 4.7.3 --- CHANGELOG.md | 10 ++++++---- Gemfile.lock | 2 +- gemfiles/Gemfile.rails-4.1-stable.lock | 2 +- gemfiles/Gemfile.rails-4.2-stable.lock | 2 +- gemfiles/Gemfile.rails-5.0-stable.lock | 2 +- gemfiles/Gemfile.rails-5.1-stable.lock | 2 +- gemfiles/Gemfile.rails-5.2-stable.lock | 2 +- gemfiles/Gemfile.rails-6.0-stable.lock | 2 +- lib/devise/version.rb | 2 +- 9 files changed, 14 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b50e727ab..3db58cac7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,13 +1,15 @@ -### master +### unreleased + +* deprecations + * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) + +### 4.7.3 - 2020-09-20 * bug fixes * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) * Fix thor deprecation when running the devise generator. (by @deivid-rodriguez) * Fix hanging tests for streaming controllers using Devise. (by @afn) -* deprecations - * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) - ### 4.7.2 - 2020-06-10 * enhancements diff --git a/Gemfile.lock b/Gemfile.lock index ff6ea8151..6696760e4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -19,7 +19,7 @@ GIT PATH remote: . specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock index 94e857872..9750efb82 100644 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ b/gemfiles/Gemfile.rails-4.1-stable.lock @@ -48,7 +48,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock index 310a25834..76ee65a40 100644 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ b/gemfiles/Gemfile.rails-4.2-stable.lock @@ -57,7 +57,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock index 15c345abd..7db3a5d2b 100644 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ b/gemfiles/Gemfile.rails-5.0-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock index 12da7a0c4..83d2f5517 100644 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ b/gemfiles/Gemfile.rails-5.1-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock index 96064b38b..7e381f7ad 100644 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ b/gemfiles/Gemfile.rails-5.2-stable.lock @@ -10,7 +10,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock index 4d0b41e8d..6a982d5a6 100644 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ b/gemfiles/Gemfile.rails-6.0-stable.lock @@ -19,7 +19,7 @@ GIT PATH remote: .. specs: - devise (4.7.2) + devise (4.7.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index ec5924648..d30cd67dc 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.7.2".freeze + VERSION = "4.7.3".freeze end From b88af5d65e83d594ee287d395beccd70683b6339 Mon Sep 17 00:00:00 2001 From: Jan Zaydowicz Date: Mon, 2 Nov 2020 18:02:36 +0100 Subject: [PATCH 086/299] chore: add expiry note for old rack/rails session bug fix Seven year ago rails `session.keys` could be empty if the session was not loaded yet. To prevent an error the removed code was introduced https://github.com/heartcombo/devise/issues/2660 Since then rails changed the behaviour and makes sure that the session is loaded before someone wants to access any session keys https://github.com/rails/rails/commit/3498aacbbebb41e529b6755f4ccfdfbb84c28830 Which means the `session.empty?` is not needed anymore once Rails 5.2+ and upwards only supported. --- lib/devise/controllers/sign_in_out.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 526b41ea4..6d72a21dc 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -106,10 +106,12 @@ def sign_out_all_scopes(lock = true) private def expire_data_after_sign_in! + # TODO: remove once Rails 5.2+ and forward are only supported. # session.keys will return an empty array if the session is not yet loaded. # This is a bug in both Rack and Rails. # A call to #empty? forces the session to be loaded. session.empty? + session.keys.grep(/^devise\./).each { |k| session.delete(k) } end From fd03f9e353b699c9a4d14cc13d580d103552145e Mon Sep 17 00:00:00 2001 From: Bibek Sharma Chapagain Date: Sat, 21 Nov 2020 20:23:25 +1100 Subject: [PATCH 087/299] Added missing full stop "." on registrations.updated_but_not_signed_in. --- config/locales/en.yml | 2 +- test/integration/registerable_test.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/locales/en.yml b/config/locales/en.yml index ab1f07060..260e1c4ba 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -44,7 +44,7 @@ en: signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address." updated: "Your account has been updated successfully." - updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again" + updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again." sessions: signed_in: "Signed in successfully." signed_out: "Signed out successfully." diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 7cf5fa7cf..fa2610edf 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -189,7 +189,7 @@ def user_sign_up fill_in 'current password', with: '12345678' click_button 'Update' - assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again' + assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again.' assert_equal new_user_session_path, @request.path refute warden.authenticated?(:user) end From 98fc5e8e396b66b826528811287ea6680a6d0757 Mon Sep 17 00:00:00 2001 From: Ryunosuke Sato Date: Tue, 5 Jan 2021 08:17:58 +0900 Subject: [PATCH 088/299] Test on rails 6.1 (#5323) * Make test for validation to be Rails 6.1 compatible The `ActiveModel::Errors` has been changed in Rails 6.1. https://github.com/rails/rails/pull/32313 * Add gemfile for Rails 6.1 * Add CI matrix for Rails 6.1 --- .travis.yml | 11 ++ gemfiles/Gemfile.rails-6.1-stable | 26 +++ gemfiles/Gemfile.rails-6.1-stable.lock | 224 +++++++++++++++++++++++++ test/models/authenticatable_test.rb | 4 +- 4 files changed, 263 insertions(+), 2 deletions(-) create mode 100644 gemfiles/Gemfile.rails-6.1-stable create mode 100644 gemfiles/Gemfile.rails-6.1-stable.lock diff --git a/.travis.yml b/.travis.yml index 3d1b6451e..b3dcf1d75 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,7 @@ rvm: gemfile: - Gemfile + - gemfiles/Gemfile.rails-6.1-stable - gemfiles/Gemfile.rails-6.0-stable - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.1-stable @@ -23,6 +24,8 @@ matrix: exclude: - rvm: 2.1.10 gemfile: Gemfile + - rvm: 2.1.10 + gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.1.10 @@ -33,16 +36,22 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.0-stable - rvm: 2.2.10 gemfile: Gemfile + - rvm: 2.2.10 + gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 gemfile: Gemfile + - rvm: 2.3.8 + gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.3.8 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 gemfile: Gemfile + - rvm: 2.4.10 + gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 @@ -79,6 +88,8 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-6.0-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-6.1-stable allow_failures: - rvm: ruby-head diff --git a/gemfiles/Gemfile.rails-6.1-stable b/gemfiles/Gemfile.rails-6.1-stable new file mode 100644 index 000000000..00330580d --- /dev/null +++ b/gemfiles/Gemfile.rails-6.1-stable @@ -0,0 +1,26 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '~> 6.1.0' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.0" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.4" +end diff --git a/gemfiles/Gemfile.rails-6.1-stable.lock b/gemfiles/Gemfile.rails-6.1-stable.lock new file mode 100644 index 000000000..f9131e1f4 --- /dev/null +++ b/gemfiles/Gemfile.rails-6.1-stable.lock @@ -0,0 +1,224 @@ +GIT + remote: git://github.com/rails/activemodel-serializers-xml.git + revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 + specs: + activemodel-serializers-xml (1.0.2) + activemodel (>= 5.0.0.a) + activesupport (>= 5.0.0.a) + builder (~> 3.1) + +GIT + remote: git://github.com/rails/rails-controller-testing.git + revision: 4b15c86e82ee380f2a7cc009e470368f7520560a + specs: + rails-controller-testing (1.0.5) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) + +PATH + remote: .. + specs: + devise (4.7.3) + bcrypt (~> 3.0) + orm_adapter (~> 0.1) + railties (>= 4.1.0) + responders + warden (~> 1.2.3) + +GEM + remote: https://rubygems.org/ + specs: + actioncable (6.1.0) + actionpack (= 6.1.0) + activesupport (= 6.1.0) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailbox (6.1.0) + actionpack (= 6.1.0) + activejob (= 6.1.0) + activerecord (= 6.1.0) + activestorage (= 6.1.0) + activesupport (= 6.1.0) + mail (>= 2.7.1) + actionmailer (6.1.0) + actionpack (= 6.1.0) + actionview (= 6.1.0) + activejob (= 6.1.0) + activesupport (= 6.1.0) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (6.1.0) + actionview (= 6.1.0) + activesupport (= 6.1.0) + rack (~> 2.0, >= 2.0.9) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.1.0) + actionpack (= 6.1.0) + activerecord (= 6.1.0) + activestorage (= 6.1.0) + activesupport (= 6.1.0) + nokogiri (>= 1.8.5) + actionview (6.1.0) + activesupport (= 6.1.0) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.1.0) + activesupport (= 6.1.0) + globalid (>= 0.3.6) + activemodel (6.1.0) + activesupport (= 6.1.0) + activerecord (6.1.0) + activemodel (= 6.1.0) + activesupport (= 6.1.0) + activestorage (6.1.0) + actionpack (= 6.1.0) + activejob (= 6.1.0) + activerecord (= 6.1.0) + activesupport (= 6.1.0) + marcel (~> 0.3.1) + mimemagic (~> 0.3.2) + activesupport (6.1.0) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + bcrypt (3.1.16) + builder (3.2.4) + concurrent-ruby (1.1.7) + crass (1.0.6) + erubi (1.10.0) + faraday (1.2.0) + multipart-post (>= 1.2, < 3) + ruby2_keywords + globalid (0.4.2) + activesupport (>= 4.2.0) + hashie (4.1.0) + i18n (1.8.5) + concurrent-ruby (~> 1.0) + jwt (2.2.2) + loofah (2.8.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (0.3.3) + mimemagic (~> 0.3.2) + method_source (1.0.0) + mimemagic (0.3.5) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + minitest (5.14.2) + mocha (1.12.0) + multi_json (1.15.0) + multi_xml (0.6.0) + multipart-post (2.1.1) + nio4r (2.5.4) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) + jwt (>= 1.0, < 3.0) + multi_json (~> 1.3) + multi_xml (~> 0.5) + rack (>= 1.2, < 3) + omniauth (1.9.1) + hashie (>= 3.4.6) + rack (>= 1.6.2, < 3) + omniauth-facebook (8.0.0) + omniauth-oauth2 (~> 1.2) + omniauth-oauth2 (1.7.0) + oauth2 (~> 1.4) + omniauth (~> 1.9) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + orm_adapter (0.5.0) + rack (2.2.3) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (6.1.0) + actioncable (= 6.1.0) + actionmailbox (= 6.1.0) + actionmailer (= 6.1.0) + actionpack (= 6.1.0) + actiontext (= 6.1.0) + actionview (= 6.1.0) + activejob (= 6.1.0) + activemodel (= 6.1.0) + activerecord (= 6.1.0) + activestorage (= 6.1.0) + activesupport (= 6.1.0) + bundler (>= 1.15.0) + railties (= 6.1.0) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.3.0) + loofah (~> 2.3) + railties (6.1.0) + actionpack (= 6.1.0) + activesupport (= 6.1.0) + method_source + rake (>= 0.8.7) + thor (~> 1.0) + rake (13.0.3) + rdoc (6.3.0) + responders (3.0.1) + actionpack (>= 5.0) + railties (>= 5.0) + ruby-openid (2.9.2) + ruby2_keywords (0.0.2) + sprockets (4.0.2) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.2.2) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sqlite3 (1.4.2) + thor (1.0.1) + timecop (0.9.2) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) + warden (1.2.9) + rack (>= 2.0.9) + webrat (0.7.3) + nokogiri (>= 1.2.0) + rack (>= 1.0) + rack-test (>= 0.5.3) + websocket-driver (0.7.3) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + zeitwerk (2.4.2) + +PLATFORMS + ruby + +DEPENDENCIES + activemodel-serializers-xml! + devise! + mocha (~> 1.1) + omniauth + omniauth-facebook + omniauth-oauth2 + omniauth-openid + rails (~> 6.1.0) + rails-controller-testing! + rdoc + responders (~> 3.0) + sqlite3 (~> 1.4) + timecop + webrat (= 0.7.3) + +BUNDLED WITH + 1.17.3 diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index 576ceaffe..a3ddc52f5 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -30,12 +30,12 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'find_or_initialize_with_errors adds blank error' do user_with_error = User.find_or_initialize_with_errors([:email], { email: "" }) - assert_equal [:email, "can't be blank"], user_with_error.errors.first + assert_equal ["Email can't be blank"], user_with_error.errors.full_messages_for(:email) end test 'find_or_initialize_with_errors adds invalid error' do user_with_error = User.find_or_initialize_with_errors([:email], { email: "example@example.com" }) - assert_equal [:email, "is invalid"], user_with_error.errors.first + assert_equal ["Email is invalid"], user_with_error.errors.full_messages_for(:email) end if defined?(ActionController::Parameters) From 8bb358cf80a632d3232c3f548ce7b95fd94b6eb2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Jan 2021 09:21:14 -0300 Subject: [PATCH 089/299] Improve OmniAuth version check to allow anything from 1.0 forward This should enable people to try OmniAuth 2 currently in pre-release. --- lib/devise/omniauth.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/devise/omniauth.rb b/lib/devise/omniauth.rb index 63ea6ca51..5076eb2e3 100644 --- a/lib/devise/omniauth.rb +++ b/lib/devise/omniauth.rb @@ -8,8 +8,8 @@ raise end -unless OmniAuth::VERSION =~ /^1\./ - raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed." +if Gem::Version.new(OmniAuth::VERSION) < Gem::Version.new('1.0.0') + raise "You are using an old OmniAuth version, please ensure you have 1.0.0 version or later installed." end # Clean up the default path_prefix. It will be automatically set by Devise. From f4462cd85e23e1a8fad933f26caaad1180cfb178 Mon Sep 17 00:00:00 2001 From: Alex Ghiculescu Date: Mon, 18 Jan 2021 16:51:23 -0600 Subject: [PATCH 090/299] Fix Rails default log level This changed in https://github.com/rails/rails/commit/229fd2a02fc694b4b7756445b6647777aa94e25d - the advice about changing your log level still stands though. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d1633776c..531111590 100644 --- a/README.md +++ b/README.md @@ -685,7 +685,7 @@ If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/mas 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. -Rails sets the production logger level to DEBUG by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`: +Rails sets the production logger level to INFO by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`: ```ruby config.log_level = :warn From fb17e2755f5f17041dddb059cd61a891646c3a68 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sat, 16 Jan 2021 16:57:45 -0300 Subject: [PATCH 091/299] Move Rails 6.1 to the main Gemfile instead of an extra one We have the gemfiles/* to test other versions of Rails, but keep the most recent one in the main Gemfile. --- .travis.yml | 11 -- Gemfile | 2 +- Gemfile.lock | 163 +++++++++--------- gemfiles/Gemfile.rails-6.1-stable | 26 --- gemfiles/Gemfile.rails-6.1-stable.lock | 224 ------------------------- 5 files changed, 87 insertions(+), 339 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-6.1-stable delete mode 100644 gemfiles/Gemfile.rails-6.1-stable.lock diff --git a/.travis.yml b/.travis.yml index b3dcf1d75..3d1b6451e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,7 +12,6 @@ rvm: gemfile: - Gemfile - - gemfiles/Gemfile.rails-6.1-stable - gemfiles/Gemfile.rails-6.0-stable - gemfiles/Gemfile.rails-5.2-stable - gemfiles/Gemfile.rails-5.1-stable @@ -24,8 +23,6 @@ matrix: exclude: - rvm: 2.1.10 gemfile: Gemfile - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.1.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.1.10 @@ -36,22 +33,16 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.0-stable - rvm: 2.2.10 gemfile: Gemfile - - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.2.10 gemfile: gemfiles/Gemfile.rails-5.2-stable - rvm: 2.3.8 gemfile: Gemfile - - rvm: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.3.8 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 gemfile: Gemfile - - rvm: 2.4.10 - gemfile: gemfiles/Gemfile.rails-6.1-stable - rvm: 2.4.10 gemfile: gemfiles/Gemfile.rails-6.0-stable - rvm: 2.4.10 @@ -88,8 +79,6 @@ matrix: gemfile: gemfiles/Gemfile.rails-5.2-stable - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile.rails-6.0-stable - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.1-stable allow_failures: - rvm: ruby-head diff --git a/Gemfile b/Gemfile index 37dc67d9c..f91123340 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 6.0.0" +gem "rails", "~> 6.1.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 6696760e4..7d8c5f94a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -29,75 +29,82 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.0.3.3) - actionpack (= 6.0.3.3) + actioncable (6.1.1) + actionpack (= 6.1.1) + activesupport (= 6.1.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.3) - actionpack (= 6.0.3.3) - activejob (= 6.0.3.3) - activerecord (= 6.0.3.3) - activestorage (= 6.0.3.3) - activesupport (= 6.0.3.3) + actionmailbox (6.1.1) + actionpack (= 6.1.1) + activejob (= 6.1.1) + activerecord (= 6.1.1) + activestorage (= 6.1.1) + activesupport (= 6.1.1) mail (>= 2.7.1) - actionmailer (6.0.3.3) - actionpack (= 6.0.3.3) - actionview (= 6.0.3.3) - activejob (= 6.0.3.3) + actionmailer (6.1.1) + actionpack (= 6.1.1) + actionview (= 6.1.1) + activejob (= 6.1.1) + activesupport (= 6.1.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.3) - actionview (= 6.0.3.3) - activesupport (= 6.0.3.3) - rack (~> 2.0, >= 2.0.8) + actionpack (6.1.1) + actionview (= 6.1.1) + activesupport (= 6.1.1) + rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.3) - actionpack (= 6.0.3.3) - activerecord (= 6.0.3.3) - activestorage (= 6.0.3.3) - activesupport (= 6.0.3.3) + actiontext (6.1.1) + actionpack (= 6.1.1) + activerecord (= 6.1.1) + activestorage (= 6.1.1) + activesupport (= 6.1.1) nokogiri (>= 1.8.5) - actionview (6.0.3.3) - activesupport (= 6.0.3.3) + actionview (6.1.1) + activesupport (= 6.1.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.3) - activesupport (= 6.0.3.3) + activejob (6.1.1) + activesupport (= 6.1.1) globalid (>= 0.3.6) - activemodel (6.0.3.3) - activesupport (= 6.0.3.3) - activerecord (6.0.3.3) - activemodel (= 6.0.3.3) - activesupport (= 6.0.3.3) - activestorage (6.0.3.3) - actionpack (= 6.0.3.3) - activejob (= 6.0.3.3) - activerecord (= 6.0.3.3) + activemodel (6.1.1) + activesupport (= 6.1.1) + activerecord (6.1.1) + activemodel (= 6.1.1) + activesupport (= 6.1.1) + activestorage (6.1.1) + actionpack (= 6.1.1) + activejob (= 6.1.1) + activerecord (= 6.1.1) + activesupport (= 6.1.1) marcel (~> 0.3.1) - activesupport (6.0.3.3) + mimemagic (~> 0.3.2) + activesupport (6.1.1) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) bcrypt (3.1.16) builder (3.2.4) concurrent-ruby (1.1.7) crass (1.0.6) - erubi (1.9.0) - faraday (1.0.1) + erubi (1.10.0) + faraday (1.3.0) + faraday-net_http (~> 1.0) multipart-post (>= 1.2, < 3) + ruby2_keywords + faraday-net_http (1.0.1) globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.5) + i18n (1.8.7) concurrent-ruby (~> 1.0) jwt (2.2.2) - loofah (2.7.0) + loofah (2.9.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -107,15 +114,16 @@ GEM method_source (1.0.0) mimemagic (0.3.5) mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.2) - mocha (1.11.2) + mini_portile2 (2.5.0) + minitest (5.14.3) + mocha (1.12.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.4) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) + nokogiri (1.11.1) + mini_portile2 (~> 2.5.0) + racc (~> 1.4) oauth2 (1.4.4) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) @@ -125,53 +133,55 @@ GEM omniauth (1.9.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-facebook (7.0.0) + omniauth-facebook (8.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.0) + omniauth-oauth2 (1.7.1) oauth2 (~> 1.4) - omniauth (~> 1.9) + omniauth (>= 1.9, < 3) omniauth-openid (1.0.1) omniauth (~> 1.0) rack-openid (~> 1.3.1) orm_adapter (0.5.0) + racc (1.5.2) rack (2.2.3) rack-openid (1.3.1) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.3.3) - actioncable (= 6.0.3.3) - actionmailbox (= 6.0.3.3) - actionmailer (= 6.0.3.3) - actionpack (= 6.0.3.3) - actiontext (= 6.0.3.3) - actionview (= 6.0.3.3) - activejob (= 6.0.3.3) - activemodel (= 6.0.3.3) - activerecord (= 6.0.3.3) - activestorage (= 6.0.3.3) - activesupport (= 6.0.3.3) - bundler (>= 1.3.0) - railties (= 6.0.3.3) + rails (6.1.1) + actioncable (= 6.1.1) + actionmailbox (= 6.1.1) + actionmailer (= 6.1.1) + actionpack (= 6.1.1) + actiontext (= 6.1.1) + actionview (= 6.1.1) + activejob (= 6.1.1) + activemodel (= 6.1.1) + activerecord (= 6.1.1) + activestorage (= 6.1.1) + activesupport (= 6.1.1) + bundler (>= 1.15.0) + railties (= 6.1.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.0.3.3) - actionpack (= 6.0.3.3) - activesupport (= 6.0.3.3) + railties (6.1.1) + actionpack (= 6.1.1) + activesupport (= 6.1.1) method_source rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) - rake (13.0.1) - rdoc (6.2.1) + thor (~> 1.0) + rake (13.0.3) + rdoc (6.3.0) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) + ruby2_keywords (0.0.2) sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -181,10 +191,9 @@ GEM sprockets (>= 3.0.0) sqlite3 (1.4.2) thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) + timecop (0.9.2) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) @@ -194,7 +203,7 @@ GEM websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.4.0) + zeitwerk (2.4.2) PLATFORMS ruby @@ -207,7 +216,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 6.0.0) + rails (~> 6.1.0) rails-controller-testing! rdoc responders (~> 3.0) diff --git a/gemfiles/Gemfile.rails-6.1-stable b/gemfiles/Gemfile.rails-6.1-stable deleted file mode 100644 index 00330580d..000000000 --- a/gemfiles/Gemfile.rails-6.1-stable +++ /dev/null @@ -1,26 +0,0 @@ -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", '~> 6.1.0' -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc" - -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - -gem "rails-controller-testing", github: "rails/rails-controller-testing" - -gem "responders", "~> 3.0" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false -end - -platforms :ruby do - gem "sqlite3", "~> 1.4" -end diff --git a/gemfiles/Gemfile.rails-6.1-stable.lock b/gemfiles/Gemfile.rails-6.1-stable.lock deleted file mode 100644 index f9131e1f4..000000000 --- a/gemfiles/Gemfile.rails-6.1-stable.lock +++ /dev/null @@ -1,224 +0,0 @@ -GIT - remote: git://github.com/rails/activemodel-serializers-xml.git - revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -GIT - remote: git://github.com/rails/rails-controller-testing.git - revision: 4b15c86e82ee380f2a7cc009e470368f7520560a - specs: - rails-controller-testing (1.0.5) - actionpack (>= 5.0.1.rc1) - actionview (>= 5.0.1.rc1) - activesupport (>= 5.0.1.rc1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (6.1.0) - actionpack (= 6.1.0) - activesupport (= 6.1.0) - nio4r (~> 2.0) - websocket-driver (>= 0.6.1) - actionmailbox (6.1.0) - actionpack (= 6.1.0) - activejob (= 6.1.0) - activerecord (= 6.1.0) - activestorage (= 6.1.0) - activesupport (= 6.1.0) - mail (>= 2.7.1) - actionmailer (6.1.0) - actionpack (= 6.1.0) - actionview (= 6.1.0) - activejob (= 6.1.0) - activesupport (= 6.1.0) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.1.0) - actionview (= 6.1.0) - activesupport (= 6.1.0) - rack (~> 2.0, >= 2.0.9) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.0) - actionpack (= 6.1.0) - activerecord (= 6.1.0) - activestorage (= 6.1.0) - activesupport (= 6.1.0) - nokogiri (>= 1.8.5) - actionview (6.1.0) - activesupport (= 6.1.0) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.0) - activesupport (= 6.1.0) - globalid (>= 0.3.6) - activemodel (6.1.0) - activesupport (= 6.1.0) - activerecord (6.1.0) - activemodel (= 6.1.0) - activesupport (= 6.1.0) - activestorage (6.1.0) - actionpack (= 6.1.0) - activejob (= 6.1.0) - activerecord (= 6.1.0) - activesupport (= 6.1.0) - marcel (~> 0.3.1) - mimemagic (~> 0.3.2) - activesupport (6.1.0) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 1.6, < 2) - minitest (>= 5.1) - tzinfo (~> 2.0) - zeitwerk (~> 2.3) - bcrypt (3.1.16) - builder (3.2.4) - concurrent-ruby (1.1.7) - crass (1.0.6) - erubi (1.10.0) - faraday (1.2.0) - multipart-post (>= 1.2, < 3) - ruby2_keywords - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.5) - concurrent-ruby (~> 1.0) - jwt (2.2.2) - loofah (2.8.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) - method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.2) - mocha (1.12.0) - multi_json (1.15.0) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.4) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (8.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.0) - oauth2 (~> 1.4) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.3) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (6.1.0) - actioncable (= 6.1.0) - actionmailbox (= 6.1.0) - actionmailer (= 6.1.0) - actionpack (= 6.1.0) - actiontext (= 6.1.0) - actionview (= 6.1.0) - activejob (= 6.1.0) - activemodel (= 6.1.0) - activerecord (= 6.1.0) - activestorage (= 6.1.0) - activesupport (= 6.1.0) - bundler (>= 1.15.0) - railties (= 6.1.0) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (6.1.0) - actionpack (= 6.1.0) - activesupport (= 6.1.0) - method_source - rake (>= 0.8.7) - thor (~> 1.0) - rake (13.0.3) - rdoc (6.3.0) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) - ruby-openid (2.9.2) - ruby2_keywords (0.0.2) - sprockets (4.0.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.4.2) - thor (1.0.1) - timecop (0.9.2) - tzinfo (2.0.4) - concurrent-ruby (~> 1.0) - warden (1.2.9) - rack (>= 2.0.9) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.7.3) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - zeitwerk (2.4.2) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 6.1.0) - rails-controller-testing! - rdoc - responders (~> 3.0) - sqlite3 (~> 1.4) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 From 837baaf2e1d951c3b26ad233f8ada09cf6ab5441 Mon Sep 17 00:00:00 2001 From: Jordan Owens Date: Tue, 19 Jan 2021 13:19:55 -0500 Subject: [PATCH 092/299] Update omniauthable tests for OmniAuth 2.0 (#5331) --- Gemfile | 2 +- Gemfile.lock | 35 +++++++++++++------- app/views/devise/shared/_links.html.erb | 2 +- test/integration/omniauthable_test.rb | 44 +++++++++++++++---------- 4 files changed, 52 insertions(+), 31 deletions(-) diff --git a/Gemfile b/Gemfile index 37dc67d9c..3f122750c 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,7 @@ gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" - gem "omniauth-openid" + gem "omniauth-openid", git: 'https://github.com/jkowens/omniauth-openid', branch: 'patch-1' gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false diff --git a/Gemfile.lock b/Gemfile.lock index 6696760e4..13b7ccf02 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,5 @@ GIT - remote: https://github.com/rails/activemodel-serializers-xml.git + remote: git://github.com/rails/activemodel-serializers-xml.git revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 specs: activemodel-serializers-xml (1.0.2) @@ -8,7 +8,7 @@ GIT builder (~> 3.1) GIT - remote: https://github.com/rails/rails-controller-testing.git + remote: git://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: rails-controller-testing (1.0.5) @@ -16,6 +16,15 @@ GIT actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) +GIT + remote: https://github.com/jkowens/omniauth-openid + revision: c70d35f266a814340b01f6f5649bb664a78743f4 + branch: patch-1 + specs: + omniauth-openid (2.0.0) + omniauth (>= 1.0, < 3.0) + rack-openid (~> 1.4.0) + PATH remote: . specs: @@ -89,8 +98,11 @@ GEM concurrent-ruby (1.1.7) crass (1.0.6) erubi (1.9.0) - faraday (1.0.1) + faraday (1.3.0) + faraday-net_http (~> 1.0) multipart-post (>= 1.2, < 3) + ruby2_keywords + faraday-net_http (1.0.1) globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) @@ -122,22 +134,22 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.9.1) + omniauth (2.0.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) + rack-protection omniauth-facebook (7.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.0) + omniauth-oauth2 (1.7.1) oauth2 (~> 1.4) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) + omniauth (>= 1.9, < 3) orm_adapter (0.5.0) rack (2.2.3) - rack-openid (1.3.1) + rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) + rack-protection (2.1.0) + rack rack-test (1.1.0) rack (>= 1.0, < 3) rails (6.0.3.3) @@ -172,6 +184,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) + ruby2_keywords (0.0.2) sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -206,7 +219,7 @@ DEPENDENCIES omniauth omniauth-facebook omniauth-oauth2 - omniauth-openid + omniauth-openid! rails (~> 6.0.0) rails-controller-testing! rdoc diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index 084af701c..96a941241 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -20,6 +20,6 @@ <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> - <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %>
+ <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), method: :post %>
<% end %> <% end %> diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 6c989f0c1..1b14911da 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -23,6 +23,9 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest "extra" => {"user_hash" => FACEBOOK_INFO} } OmniAuth.config.add_camelization 'facebook', 'FaceBook' + if OmniAuth.config.respond_to?(:request_validation_phase) + OmniAuth.config.request_validation_phase = ->(env) {} + end end teardown do @@ -45,8 +48,8 @@ def stub_action!(name) test "omniauth sign in should not run model validations" do stub_action!(:sign_in_facebook) do create_user - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! assert warden.authenticated?(:user) refute User.validations_performed @@ -54,8 +57,8 @@ def stub_action!(name) end test "can access omniauth.auth in the env hash" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! json = ActiveSupport::JSON.decode(response.body) @@ -68,8 +71,8 @@ def stub_action!(name) test "cleans up session on sign up" do assert_no_difference "User.count" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! end assert session["devise.facebook_data"] @@ -89,8 +92,8 @@ def stub_action!(name) test "cleans up session on cancel" do assert_no_difference "User.count" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! end assert session["devise.facebook_data"] @@ -100,8 +103,8 @@ def stub_action!(name) test "cleans up session on sign in" do assert_no_difference "User.count" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! end assert session["devise.facebook_data"] @@ -110,23 +113,28 @@ def stub_action!(name) end test "sign in and send remember token if configured" do - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! assert_nil warden.cookies["remember_user_token"] stub_action!(:sign_in_facebook) do create_user - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! assert warden.authenticated?(:user) assert warden.cookies["remember_user_token"] end end + test "generates a link to authenticate with provider" do + visit "/users/sign_in" + assert_select "a[href=?][data-method='post']", "/users/auth/facebook", text: "Sign in with FaceBook" + end + test "generates a proper link when SCRIPT_NAME is set" do header 'SCRIPT_NAME', '/q' visit "/users/sign_in" - assert_select "a", href: "/q/users/auth/facebook" + assert_select "a[href=?][data-method='post']", "/q/users/auth/facebook", text: "Sign in with FaceBook" end test "handles callback error parameter according to the specification" do @@ -139,10 +147,10 @@ def stub_action!(name) test "handles other exceptions from OmniAuth" do OmniAuth.config.mock_auth[:facebook] = :invalid_credentials - visit "/users/sign_in" - click_link "Sign in with FaceBook" + post "/users/auth/facebook" + follow_redirect! + follow_redirect! - assert_current_url "/users/sign_in" assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".' end end From cd60c747cc5016b84628355e48dd357847824574 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 19 Jan 2021 15:21:25 -0300 Subject: [PATCH 093/299] Update to latest released omniauth* gems omniauth-openid v2.0.1 was just released opening support for omniauth v2, so we can bundle update everything from the released gems now. --- Gemfile | 2 +- Gemfile.lock | 22 ++++++++-------------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/Gemfile b/Gemfile index 3f122750c..37dc67d9c 100644 --- a/Gemfile +++ b/Gemfile @@ -17,7 +17,7 @@ gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" - gem "omniauth-openid", git: 'https://github.com/jkowens/omniauth-openid', branch: 'patch-1' + gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false diff --git a/Gemfile.lock b/Gemfile.lock index 13b7ccf02..c265903f0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,5 +1,5 @@ GIT - remote: git://github.com/rails/activemodel-serializers-xml.git + remote: https://github.com/rails/activemodel-serializers-xml.git revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 specs: activemodel-serializers-xml (1.0.2) @@ -8,7 +8,7 @@ GIT builder (~> 3.1) GIT - remote: git://github.com/rails/rails-controller-testing.git + remote: https://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a specs: rails-controller-testing (1.0.5) @@ -16,15 +16,6 @@ GIT actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) -GIT - remote: https://github.com/jkowens/omniauth-openid - revision: c70d35f266a814340b01f6f5649bb664a78743f4 - branch: patch-1 - specs: - omniauth-openid (2.0.0) - omniauth (>= 1.0, < 3.0) - rack-openid (~> 1.4.0) - PATH remote: . specs: @@ -138,11 +129,14 @@ GEM hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection - omniauth-facebook (7.0.0) + omniauth-facebook (8.0.0) omniauth-oauth2 (~> 1.2) omniauth-oauth2 (1.7.1) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) + omniauth-openid (2.0.1) + omniauth (>= 1.0, < 3.0) + rack-openid (~> 1.4.0) orm_adapter (0.5.0) rack (2.2.3) rack-openid (1.4.2) @@ -184,7 +178,7 @@ GEM actionpack (>= 5.0) railties (>= 5.0) ruby-openid (2.9.2) - ruby2_keywords (0.0.2) + ruby2_keywords (0.0.4) sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -219,7 +213,7 @@ DEPENDENCIES omniauth omniauth-facebook omniauth-oauth2 - omniauth-openid! + omniauth-openid rails (~> 6.0.0) rails-controller-testing! rdoc From 1d138dd40cdc291a427b89027d16a869818a5c19 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Jan 2021 09:16:58 -0300 Subject: [PATCH 094/299] Simplify OmniAuth version check by trying to load the gem with the necessary version --- lib/devise/omniauth.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/devise/omniauth.rb b/lib/devise/omniauth.rb index 5076eb2e3..f18df3053 100644 --- a/lib/devise/omniauth.rb +++ b/lib/devise/omniauth.rb @@ -1,17 +1,14 @@ # frozen_string_literal: true begin + gem "omniauth", ">= 1.0.0" + require "omniauth" - require "omniauth/version" rescue LoadError warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile." raise end -if Gem::Version.new(OmniAuth::VERSION) < Gem::Version.new('1.0.0') - raise "You are using an old OmniAuth version, please ensure you have 1.0.0 version or later installed." -end - # Clean up the default path_prefix. It will be automatically set by Devise. OmniAuth.config.path_prefix = nil From 51c05a5b212f376180141fff9077075d0340c8ab Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Jan 2021 09:28:05 -0300 Subject: [PATCH 095/299] Add changelog entry for OmniAuth 2 support And a note/warning about how it might break apps that don't update their integration accordingly as OmniAuth now expects. --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3db58cac7..441146589 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### unreleased +* enhancements + * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). + - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) + * deprecations * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) From 81bf3ad8c1e3812448ba4588598493c8e80ecf10 Mon Sep 17 00:00:00 2001 From: AsbahIshaq Date: Sun, 24 Jan 2021 16:51:09 +0500 Subject: [PATCH 096/299] changed support to supports (#5334) Co-authored-by: Asbah Ishaq --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 531111590..3dd93d775 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,7 @@ You will usually want to write tests for your changes. To run the test suite, g Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`. ### DEVISE_ORM -Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. +Since Devise supports both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`: ``` DEVISE_ORM=mongoid bin/test From 7e6da424e27485bf5d9c09d0d7f89f463cfcf05d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 29 Jan 2021 16:56:28 -0300 Subject: [PATCH 097/299] Move from Travis to GitHub Actions --- .github/workflows/test.yml | 98 +++++++++++++++++++++++++++++++++ .travis.yml | 110 ------------------------------------- README.md | 3 +- 3 files changed, 99 insertions(+), 112 deletions(-) create mode 100644 .github/workflows/test.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..4b3dcaa24 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,98 @@ +name: Test +on: [push, pull_request] +jobs: + test: + strategy: + fail-fast: false + matrix: + gemfile: + - Gemfile + - gemfiles/Gemfile.rails-6.0-stable + - gemfiles/Gemfile.rails-5.2-stable + - gemfiles/Gemfile.rails-5.1-stable + - gemfiles/Gemfile.rails-5.0-stable + - gemfiles/Gemfile.rails-4.2-stable + - gemfiles/Gemfile.rails-4.1-stable + ruby: + - 2.1.10 + - 2.2.10 + - 2.3.8 + - 2.4.10 + - 2.5.8 + - 2.6.6 + - 2.7.1 + - ruby-head + env: + - DEVISE_ORM=active_record + - DEVISE_ORM=mongoid + exclude: + - ruby: 2.1.10 + gemfile: Gemfile + - ruby: 2.1.10 + gemfile: gemfiles/Gemfile.rails-6.0-stable + - ruby: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.2-stable + - ruby: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.1-stable + - ruby: 2.1.10 + gemfile: gemfiles/Gemfile.rails-5.0-stable + - ruby: 2.2.10 + gemfile: Gemfile + - ruby: 2.2.10 + gemfile: gemfiles/Gemfile.rails-6.0-stable + - ruby: 2.2.10 + gemfile: gemfiles/Gemfile.rails-5.2-stable + - ruby: 2.3.8 + gemfile: Gemfile + - ruby: 2.3.8 + gemfile: gemfiles/Gemfile.rails-6.0-stable + - ruby: 2.4.10 + gemfile: Gemfile + - ruby: 2.4.10 + gemfile: gemfiles/Gemfile.rails-6.0-stable + - ruby: 2.4.10 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.5.8 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.6.6 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.6.6 + gemfile: gemfiles/Gemfile.rails-4.2-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-4.2-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.0-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.1-stable + - ruby: 2.7.1 + gemfile: gemfiles/Gemfile.rails-5.2-stable + - ruby: ruby-head + gemfile: gemfiles/Gemfile.rails-4.1-stable + - ruby: ruby-head + gemfile: gemfiles/Gemfile.rails-4.2-stable + - env: DEVISE_ORM=mongoid + gemfile: Gemfile + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.0-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.1-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-5.2-stable + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile.rails-6.0-stable + runs-on: ubuntu-latest + env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps + BUNDLE_GEMFILE: ${{ matrix.gemfile }} + steps: + - uses: actions/checkout@v2 + - uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true # runs bundle install and caches installed gems automatically + - uses: supercharge/mongodb-github-action@1.3.0 + if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} + - run: bundle exec rake diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 3d1b6451e..000000000 --- a/.travis.yml +++ /dev/null @@ -1,110 +0,0 @@ -language: ruby - -rvm: - - 2.1.10 - - 2.2.10 - - 2.3.8 - - 2.4.10 - - 2.5.8 - - 2.6.6 - - 2.7.1 - - ruby-head - -gemfile: - - Gemfile - - gemfiles/Gemfile.rails-6.0-stable - - gemfiles/Gemfile.rails-5.2-stable - - gemfiles/Gemfile.rails-5.1-stable - - gemfiles/Gemfile.rails-5.0-stable - - gemfiles/Gemfile.rails-4.2-stable - - gemfiles/Gemfile.rails-4.1-stable - -matrix: - exclude: - - rvm: 2.1.10 - gemfile: Gemfile - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.2-stable - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.1-stable - - rvm: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.0-stable - - rvm: 2.2.10 - gemfile: Gemfile - - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.2.10 - gemfile: gemfiles/Gemfile.rails-5.2-stable - - rvm: 2.3.8 - gemfile: Gemfile - - rvm: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.4.10 - gemfile: Gemfile - - rvm: 2.4.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable - - rvm: 2.4.10 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.5.8 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.6.6 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.6.6 - gemfile: gemfiles/Gemfile.rails-4.2-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.2-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.0-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.1-stable - - rvm: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.2-stable - - rvm: ruby-head - gemfile: gemfiles/Gemfile.rails-4.1-stable - - rvm: ruby-head - gemfile: gemfiles/Gemfile.rails-4.2-stable - - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.0-stable - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.1-stable - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.2-stable - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.0-stable - allow_failures: - - rvm: ruby-head - -services: - - mongodb - -cache: bundler - -env: - matrix: - - DEVISE_ORM=active_record - - DEVISE_ORM=mongoid - -before_install: - - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true - - gem install bundler -v '< 2' - - "rm ${BUNDLE_GEMFILE}.lock" - -before_script: "bundle update" - -script: "bin/test" - -notifications: - email: false - slack: - on_pull_requests: false - on_success: change - on_failure: always - secure: Q3M+kmude3FjisibEeeGe0wSMXgvwLH+vL7Zrx9//q4QtkfnrQ/BBMvY9KXxPEsNF+eys4YopYjTkJ8uRmeboUATW/oQ4Jrv3+u3zkIHK2sFn/Q2cQWpK5w+CbgEnHPjKYnUu34b09njXTgDlr/mqtbPqrKeZ1dLlpKXCB/q4GY= diff --git a/README.md b/README.md index 3dd93d775..bf87d38fc 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ ![Devise Logo](https://raw.github.com/heartcombo/devise/master/devise.png) -[![Build Status](https://api.travis-ci.org/heartcombo/devise.svg?branch=master)](http://travis-ci.org/heartcombo/devise) [![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise) Devise is a flexible authentication solution for Rails based on Warden. It: @@ -131,7 +130,7 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). -Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: ```bash rbenv shell 2.4.2 # or rvm use 2.4.2 From d0eafe70dc89745d002d81cdf7874439484748b7 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 09:51:19 -0300 Subject: [PATCH 098/299] Remove the lock gemfiles from the previous versions Keep only the lock for the main Gemfile to keep Devise consistent with the other heartcombo libs. --- .gitignore | 1 + gemfiles/Gemfile.rails-4.1-stable.lock | 171 ------------------- gemfiles/Gemfile.rails-4.2-stable.lock | 194 ---------------------- gemfiles/Gemfile.rails-5.0-stable.lock | 190 --------------------- gemfiles/Gemfile.rails-5.1-stable.lock | 190 --------------------- gemfiles/Gemfile.rails-5.2-stable.lock | 198 ---------------------- gemfiles/Gemfile.rails-6.0-stable.lock | 219 ------------------------- 7 files changed, 1 insertion(+), 1162 deletions(-) delete mode 100644 gemfiles/Gemfile.rails-4.1-stable.lock delete mode 100644 gemfiles/Gemfile.rails-4.2-stable.lock delete mode 100644 gemfiles/Gemfile.rails-5.0-stable.lock delete mode 100644 gemfiles/Gemfile.rails-5.1-stable.lock delete mode 100644 gemfiles/Gemfile.rails-5.2-stable.lock delete mode 100644 gemfiles/Gemfile.rails-6.0-stable.lock diff --git a/.gitignore b/.gitignore index 0ff774271..ac2a95781 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ rdoc/* pkg log test/tmp/* +gemfiles/*.lock diff --git a/gemfiles/Gemfile.rails-4.1-stable.lock b/gemfiles/Gemfile.rails-4.1-stable.lock deleted file mode 100644 index 9750efb82..000000000 --- a/gemfiles/Gemfile.rails-4.1-stable.lock +++ /dev/null @@ -1,171 +0,0 @@ -GIT - remote: https://github.com/rails/rails.git - revision: 0cad778c2605a5204a05a9f1dbd3344e39f248d8 - branch: 4-1-stable - specs: - actionmailer (4.1.16) - actionpack (= 4.1.16) - actionview (= 4.1.16) - mail (~> 2.5, >= 2.5.4) - actionpack (4.1.16) - actionview (= 4.1.16) - activesupport (= 4.1.16) - rack (~> 1.5.2) - rack-test (~> 0.6.2) - actionview (4.1.16) - activesupport (= 4.1.16) - builder (~> 3.1) - erubis (~> 2.7.0) - activemodel (4.1.16) - activesupport (= 4.1.16) - builder (~> 3.1) - activerecord (4.1.16) - activemodel (= 4.1.16) - activesupport (= 4.1.16) - arel (~> 5.0.0) - activesupport (4.1.16) - i18n (~> 0.6, >= 0.6.9) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.1) - tzinfo (~> 1.1) - rails (4.1.16) - actionmailer (= 4.1.16) - actionpack (= 4.1.16) - actionview (= 4.1.16) - activemodel (= 4.1.16) - activerecord (= 4.1.16) - activesupport (= 4.1.16) - bundler (>= 1.3.0, < 2.0) - railties (= 4.1.16) - sprockets-rails (~> 2.0) - railties (4.1.16) - actionpack (= 4.1.16) - activesupport (= 4.1.16) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - arel (5.0.1.20140414130214) - bcrypt (3.1.13) - bson (3.2.7) - builder (3.2.4) - concurrent-ruby (1.1.6) - connection_pool (2.2.3) - erubis (2.7.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - hashie (3.6.0) - i18n (0.9.5) - concurrent-ruby (~> 1.0) - json (1.8.6) - jwt (2.2.1) - mail (2.7.1) - mini_mime (>= 0.1.1) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - mongoid (4.0.2) - activemodel (~> 4.0) - moped (~> 2.0.0) - origin (~> 2.1) - tzinfo (>= 0.3.37) - moped (2.0.7) - bson (~> 3.0) - connection_pool (~> 2.0) - optionable (~> 0.2.0) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nokogiri (1.9.1) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.4.2) - hashie (>= 1.2, < 4) - rack (>= 1.0, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.5.0) - oauth2 (~> 1.1) - omniauth (~> 1.2) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - optionable (0.2.0) - origin (2.3.1) - orm_adapter (0.5.0) - rack (1.5.5) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rake (13.0.1) - rdoc (5.1.0) - responders (1.1.2) - railties (>= 3.2, < 4.2) - ruby-openid (2.9.2) - sprockets (3.7.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (2.3.3) - actionpack (>= 3.0) - activesupport (>= 3.0) - sprockets (>= 2.8, < 4.0) - sqlite3 (1.3.13) - test_after_commit (1.2.2) - activerecord (>= 3.2, < 5.0) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 1.1) - mongoid (~> 4.0) - nokogiri (= 1.9.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails! - rdoc (~> 5.1) - sqlite3 (~> 1.3.6) - test_after_commit - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-4.2-stable.lock b/gemfiles/Gemfile.rails-4.2-stable.lock deleted file mode 100644 index 76ee65a40..000000000 --- a/gemfiles/Gemfile.rails-4.2-stable.lock +++ /dev/null @@ -1,194 +0,0 @@ -GIT - remote: https://github.com/rails/rails.git - revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997 - branch: 4-2-stable - specs: - actionmailer (4.2.11.3) - actionpack (= 4.2.11.3) - actionview (= 4.2.11.3) - activejob (= 4.2.11.3) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 1.0, >= 1.0.5) - actionpack (4.2.11.3) - actionview (= 4.2.11.3) - activesupport (= 4.2.11.3) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.11.3) - activesupport (= 4.2.11.3) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (4.2.11.3) - activesupport (= 4.2.11.3) - globalid (>= 0.3.0) - activemodel (4.2.11.3) - activesupport (= 4.2.11.3) - builder (~> 3.1) - activerecord (4.2.11.3) - activemodel (= 4.2.11.3) - activesupport (= 4.2.11.3) - arel (~> 6.0) - activesupport (4.2.11.3) - i18n (~> 0.7) - minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) - tzinfo (~> 1.1) - rails (4.2.11.3) - actionmailer (= 4.2.11.3) - actionpack (= 4.2.11.3) - actionview (= 4.2.11.3) - activejob (= 4.2.11.3) - activemodel (= 4.2.11.3) - activerecord (= 4.2.11.3) - activesupport (= 4.2.11.3) - bundler (>= 1.3.0, < 2.0) - railties (= 4.2.11.3) - sprockets-rails - railties (4.2.11.3) - actionpack (= 4.2.11.3) - activesupport (= 4.2.11.3) - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - arel (6.0.4) - bcrypt (3.1.13) - bson (3.2.7) - builder (3.2.4) - concurrent-ruby (1.1.6) - connection_pool (2.2.3) - crass (1.0.6) - erubis (2.7.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (0.9.5) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.5.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - mongoid (4.0.2) - activemodel (~> 4.0) - moped (~> 2.0.0) - origin (~> 2.1) - tzinfo (>= 0.3.37) - moped (2.0.7) - bson (~> 3.0) - connection_pool (~> 2.0) - optionable (~> 0.2.0) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nokogiri (1.9.1) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - optionable (0.2.0) - origin (2.3.1) - orm_adapter (0.5.0) - rack (1.6.13) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.9) - activesupport (>= 4.2.0, < 5.0) - nokogiri (~> 1.6) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - rake (13.0.1) - rdoc (5.1.0) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - ruby-openid (2.9.2) - sprockets (4.0.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.13) - test_after_commit (1.2.2) - activerecord (>= 3.2, < 5.0) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.7) - rack (>= 1.0) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - -PLATFORMS - ruby - -DEPENDENCIES - activerecord-jdbc-adapter - activerecord-jdbcsqlite3-adapter - devise! - jruby-openssl - mocha (~> 1.1) - mongoid (~> 4.0) - nokogiri (= 1.9.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails! - rdoc (~> 5.1) - sqlite3 (~> 1.3.6) - test_after_commit - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.0-stable.lock b/gemfiles/Gemfile.rails-5.0-stable.lock deleted file mode 100644 index 7db3a5d2b..000000000 --- a/gemfiles/Gemfile.rails-5.0-stable.lock +++ /dev/null @@ -1,190 +0,0 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.0.7.2) - actionpack (= 5.0.7.2) - nio4r (>= 1.2, < 3.0) - websocket-driver (~> 0.6.1) - actionmailer (5.0.7.2) - actionpack (= 5.0.7.2) - actionview (= 5.0.7.2) - activejob (= 5.0.7.2) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.0.7.2) - actionview (= 5.0.7.2) - activesupport (= 5.0.7.2) - rack (~> 2.0) - rack-test (~> 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.0.7.2) - activesupport (= 5.0.7.2) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.0.7.2) - activesupport (= 5.0.7.2) - globalid (>= 0.3.6) - activemodel (5.0.7.2) - activesupport (= 5.0.7.2) - activerecord (5.0.7.2) - activemodel (= 5.0.7.2) - activesupport (= 5.0.7.2) - arel (~> 7.0) - activesupport (5.0.7.2) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (7.1.4) - bcrypt (3.1.13) - builder (3.2.4) - concurrent-ruby (1.1.6) - crass (1.0.6) - erubis (2.7.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.3) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.5.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - method_source (1.0.0) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.2) - nokogiri (1.10.9) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.2) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (0.6.3) - rack (>= 1.0) - rails (5.0.7.2) - actioncable (= 5.0.7.2) - actionmailer (= 5.0.7.2) - actionpack (= 5.0.7.2) - actionview (= 5.0.7.2) - activejob (= 5.0.7.2) - activemodel (= 5.0.7.2) - activerecord (= 5.0.7.2) - activesupport (= 5.0.7.2) - bundler (>= 1.3.0) - railties (= 5.0.7.2) - sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (5.0.7.2) - actionpack (= 5.0.7.2) - activesupport (= 5.0.7.2) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (13.0.1) - rdoc (6.2.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - ruby-openid (2.9.2) - sprockets (4.0.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.13) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.6.5) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 5.0.0) - rails-controller-testing - rdoc - responders (~> 2.1) - sqlite3 (~> 1.3.6) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.1-stable.lock b/gemfiles/Gemfile.rails-5.1-stable.lock deleted file mode 100644 index 83d2f5517..000000000 --- a/gemfiles/Gemfile.rails-5.1-stable.lock +++ /dev/null @@ -1,190 +0,0 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.1.7) - actionpack (= 5.1.7) - nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.1.7) - actionview (= 5.1.7) - activesupport (= 5.1.7) - rack (~> 2.0) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.7) - activesupport (= 5.1.7) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.7) - activesupport (= 5.1.7) - globalid (>= 0.3.6) - activemodel (5.1.7) - activesupport (= 5.1.7) - activerecord (5.1.7) - activemodel (= 5.1.7) - activesupport (= 5.1.7) - arel (~> 8.0) - activesupport (5.1.7) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (8.0.0) - bcrypt (3.1.13) - builder (3.2.4) - concurrent-ruby (1.1.6) - crass (1.0.6) - erubi (1.9.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.3) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.5.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - method_source (1.0.0) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.2) - nokogiri (1.10.9) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.2) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (5.1.7) - actioncable (= 5.1.7) - actionmailer (= 5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) - activemodel (= 5.1.7) - activerecord (= 5.1.7) - activesupport (= 5.1.7) - bundler (>= 1.3.0) - railties (= 5.1.7) - sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (5.1.7) - actionpack (= 5.1.7) - activesupport (= 5.1.7) - method_source - rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) - rake (13.0.1) - rdoc (6.2.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - ruby-openid (2.9.2) - sprockets (4.0.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.13) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.6.5) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 5.1.0) - rails-controller-testing - rdoc - responders (~> 2.1) - sqlite3 (~> 1.3.6) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-5.2-stable.lock b/gemfiles/Gemfile.rails-5.2-stable.lock deleted file mode 100644 index 7e381f7ad..000000000 --- a/gemfiles/Gemfile.rails-5.2-stable.lock +++ /dev/null @@ -1,198 +0,0 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (5.2.4.3) - actionpack (= 5.2.4.3) - nio4r (~> 2.0) - websocket-driver (>= 0.6.1) - actionmailer (5.2.4.3) - actionpack (= 5.2.4.3) - actionview (= 5.2.4.3) - activejob (= 5.2.4.3) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (5.2.4.3) - actionview (= 5.2.4.3) - activesupport (= 5.2.4.3) - rack (~> 2.0, >= 2.0.8) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.3) - activesupport (= 5.2.4.3) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.4.3) - activesupport (= 5.2.4.3) - globalid (>= 0.3.6) - activemodel (5.2.4.3) - activesupport (= 5.2.4.3) - activerecord (5.2.4.3) - activemodel (= 5.2.4.3) - activesupport (= 5.2.4.3) - arel (>= 9.0) - activestorage (5.2.4.3) - actionpack (= 5.2.4.3) - activerecord (= 5.2.4.3) - marcel (~> 0.3.1) - activesupport (5.2.4.3) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - arel (9.0.0) - bcrypt (3.1.13) - builder (3.2.4) - concurrent-ruby (1.1.6) - crass (1.0.6) - erubi (1.9.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.3) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.5.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) - method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - multi_json (1.14.1) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.2) - nokogiri (1.10.9) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.2) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (5.2.4.3) - actioncable (= 5.2.4.3) - actionmailer (= 5.2.4.3) - actionpack (= 5.2.4.3) - actionview (= 5.2.4.3) - activejob (= 5.2.4.3) - activemodel (= 5.2.4.3) - activerecord (= 5.2.4.3) - activestorage (= 5.2.4.3) - activesupport (= 5.2.4.3) - bundler (>= 1.3.0) - railties (= 5.2.4.3) - sprockets-rails (>= 2.0.0) - rails-controller-testing (1.0.4) - actionpack (>= 5.0.1.x) - actionview (>= 5.0.1.x) - activesupport (>= 5.0.1.x) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (5.2.4.3) - actionpack (= 5.2.4.3) - activesupport (= 5.2.4.3) - method_source - rake (>= 0.8.7) - thor (>= 0.19.0, < 2.0) - rake (13.0.1) - rdoc (6.2.1) - responders (2.4.1) - actionpack (>= 4.2.0, < 6.0) - railties (>= 4.2.0, < 6.0) - ruby-openid (2.9.2) - sprockets (4.0.1) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.3.13) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.7.2) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 5.2.0) - rails-controller-testing - rdoc - responders (~> 2.1) - sqlite3 (~> 1.3.6) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 diff --git a/gemfiles/Gemfile.rails-6.0-stable.lock b/gemfiles/Gemfile.rails-6.0-stable.lock deleted file mode 100644 index 6a982d5a6..000000000 --- a/gemfiles/Gemfile.rails-6.0-stable.lock +++ /dev/null @@ -1,219 +0,0 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 93689638c28525acc65afb638fce866826532641 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - -GIT - remote: https://github.com/rails/rails-controller-testing.git - revision: 4b15c86e82ee380f2a7cc009e470368f7520560a - specs: - rails-controller-testing (1.0.5) - actionpack (>= 5.0.1.rc1) - actionview (>= 5.0.1.rc1) - activesupport (>= 5.0.1.rc1) - -PATH - remote: .. - specs: - devise (4.7.3) - bcrypt (~> 3.0) - orm_adapter (~> 0.1) - railties (>= 4.1.0) - responders - warden (~> 1.2.3) - -GEM - remote: https://rubygems.org/ - specs: - actioncable (6.0.3.2) - actionpack (= 6.0.3.2) - nio4r (~> 2.0) - websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.2) - actionpack (= 6.0.3.2) - activejob (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) - mail (>= 2.7.1) - actionmailer (6.0.3.2) - actionpack (= 6.0.3.2) - actionview (= 6.0.3.2) - activejob (= 6.0.3.2) - mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.0.3.2) - actionview (= 6.0.3.2) - activesupport (= 6.0.3.2) - rack (~> 2.0, >= 2.0.8) - rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.2) - actionpack (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) - nokogiri (>= 1.8.5) - actionview (6.0.3.2) - activesupport (= 6.0.3.2) - builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.2) - activesupport (= 6.0.3.2) - globalid (>= 0.3.6) - activemodel (6.0.3.2) - activesupport (= 6.0.3.2) - activerecord (6.0.3.2) - activemodel (= 6.0.3.2) - activesupport (= 6.0.3.2) - activestorage (6.0.3.2) - actionpack (= 6.0.3.2) - activejob (= 6.0.3.2) - activerecord (= 6.0.3.2) - marcel (~> 0.3.1) - activesupport (6.0.3.2) - concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) - bcrypt (3.1.15) - builder (3.2.4) - concurrent-ruby (1.1.7) - crass (1.0.6) - erubi (1.9.0) - faraday (1.0.1) - multipart-post (>= 1.2, < 3) - globalid (0.4.2) - activesupport (>= 4.2.0) - hashie (4.1.0) - i18n (1.8.5) - concurrent-ruby (~> 1.0) - jwt (2.2.1) - loofah (2.6.0) - crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) - mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) - method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) - mini_portile2 (2.4.0) - minitest (5.14.1) - mocha (1.11.2) - multi_json (1.15.0) - multi_xml (0.6.0) - multipart-post (2.1.1) - nio4r (2.5.2) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) - oauth2 (1.4.4) - faraday (>= 0.8, < 2.0) - jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) - multi_xml (~> 0.5) - rack (>= 1.2, < 3) - omniauth (1.9.1) - hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - omniauth-facebook (6.0.0) - omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.6.0) - oauth2 (~> 1.1) - omniauth (~> 1.9) - omniauth-openid (1.0.1) - omniauth (~> 1.0) - rack-openid (~> 1.3.1) - orm_adapter (0.5.0) - rack (2.2.3) - rack-openid (1.3.1) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (6.0.3.2) - actioncable (= 6.0.3.2) - actionmailbox (= 6.0.3.2) - actionmailer (= 6.0.3.2) - actionpack (= 6.0.3.2) - actiontext (= 6.0.3.2) - actionview (= 6.0.3.2) - activejob (= 6.0.3.2) - activemodel (= 6.0.3.2) - activerecord (= 6.0.3.2) - activestorage (= 6.0.3.2) - activesupport (= 6.0.3.2) - bundler (>= 1.3.0) - railties (= 6.0.3.2) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) - nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (6.0.3.2) - actionpack (= 6.0.3.2) - activesupport (= 6.0.3.2) - method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) - rake (13.0.1) - rdoc (6.2.1) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) - ruby-openid (2.9.2) - sprockets (4.0.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.1) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) - sqlite3 (1.4.2) - thor (1.0.1) - thread_safe (0.3.6) - timecop (0.9.1) - tzinfo (1.2.7) - thread_safe (~> 0.1) - warden (1.2.8) - rack (>= 2.0.6) - webrat (0.7.3) - nokogiri (>= 1.2.0) - rack (>= 1.0) - rack-test (>= 0.5.3) - websocket-driver (0.7.3) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.5) - zeitwerk (2.4.0) - -PLATFORMS - ruby - -DEPENDENCIES - activemodel-serializers-xml! - devise! - mocha (~> 1.1) - omniauth - omniauth-facebook - omniauth-oauth2 - omniauth-openid - rails (~> 6.0.0) - rails-controller-testing! - rdoc - responders (~> 3.0) - sqlite3 (~> 1.4) - timecop - webrat (= 0.7.3) - -BUNDLED WITH - 1.17.3 From e07932c18167bc394a0d292522b977d225ba98f2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 09:54:47 -0300 Subject: [PATCH 099/299] Rename gemfiles to keep consistency --- .github/workflows/test.yml | 60 +++++++++---------- ...ile.rails-4.1-stable => Gemfile-rails-4-1} | 0 ...ile.rails-4.2-stable => Gemfile-rails-4-2} | 0 ...ile.rails-5.0-stable => Gemfile-rails-5-0} | 0 ...ile.rails-5.1-stable => Gemfile-rails-5-1} | 0 ...ile.rails-5.2-stable => Gemfile-rails-5-2} | 0 ...ile.rails-6.0-stable => Gemfile-rails-6-0} | 0 7 files changed, 30 insertions(+), 30 deletions(-) rename gemfiles/{Gemfile.rails-4.1-stable => Gemfile-rails-4-1} (100%) rename gemfiles/{Gemfile.rails-4.2-stable => Gemfile-rails-4-2} (100%) rename gemfiles/{Gemfile.rails-5.0-stable => Gemfile-rails-5-0} (100%) rename gemfiles/{Gemfile.rails-5.1-stable => Gemfile-rails-5-1} (100%) rename gemfiles/{Gemfile.rails-5.2-stable => Gemfile-rails-5-2} (100%) rename gemfiles/{Gemfile.rails-6.0-stable => Gemfile-rails-6-0} (100%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4b3dcaa24..f528099ec 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,12 +7,12 @@ jobs: matrix: gemfile: - Gemfile - - gemfiles/Gemfile.rails-6.0-stable - - gemfiles/Gemfile.rails-5.2-stable - - gemfiles/Gemfile.rails-5.1-stable - - gemfiles/Gemfile.rails-5.0-stable - - gemfiles/Gemfile.rails-4.2-stable - - gemfiles/Gemfile.rails-4.1-stable + - gemfiles/Gemfile-rails-6-0 + - gemfiles/Gemfile-rails-5-2 + - gemfiles/Gemfile-rails-5-1 + - gemfiles/Gemfile-rails-5-0 + - gemfiles/Gemfile-rails-4-2 + - gemfiles/Gemfile-rails-4-1 ruby: - 2.1.10 - 2.2.10 @@ -29,61 +29,61 @@ jobs: - ruby: 2.1.10 gemfile: Gemfile - ruby: 2.1.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 - ruby: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.2-stable + gemfile: gemfiles/Gemfile-rails-5-2 - ruby: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.1-stable + gemfile: gemfiles/Gemfile-rails-5-1 - ruby: 2.1.10 - gemfile: gemfiles/Gemfile.rails-5.0-stable + gemfile: gemfiles/Gemfile-rails-5-0 - ruby: 2.2.10 gemfile: Gemfile - ruby: 2.2.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 - ruby: 2.2.10 - gemfile: gemfiles/Gemfile.rails-5.2-stable + gemfile: gemfiles/Gemfile-rails-5-2 - ruby: 2.3.8 gemfile: Gemfile - ruby: 2.3.8 - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 - ruby: 2.4.10 gemfile: Gemfile - ruby: 2.4.10 - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 - ruby: 2.4.10 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.5.8 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.6.6 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.6.6 - gemfile: gemfiles/Gemfile.rails-4.2-stable + gemfile: gemfiles/Gemfile-rails-4-2 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-4.2-stable + gemfile: gemfiles/Gemfile-rails-4-2 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.0-stable + gemfile: gemfiles/Gemfile-rails-5-0 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.1-stable + gemfile: gemfiles/Gemfile-rails-5-1 - ruby: 2.7.1 - gemfile: gemfiles/Gemfile.rails-5.2-stable + gemfile: gemfiles/Gemfile-rails-5-2 - ruby: ruby-head - gemfile: gemfiles/Gemfile.rails-4.1-stable + gemfile: gemfiles/Gemfile-rails-4-1 - ruby: ruby-head - gemfile: gemfiles/Gemfile.rails-4.2-stable + gemfile: gemfiles/Gemfile-rails-4-2 - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.0-stable + gemfile: gemfiles/Gemfile-rails-5-0 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.1-stable + gemfile: gemfiles/Gemfile-rails-5-1 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-5.2-stable + gemfile: gemfiles/Gemfile-rails-5-2 - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile.rails-6.0-stable + gemfile: gemfiles/Gemfile-rails-6-0 runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} diff --git a/gemfiles/Gemfile.rails-4.1-stable b/gemfiles/Gemfile-rails-4-1 similarity index 100% rename from gemfiles/Gemfile.rails-4.1-stable rename to gemfiles/Gemfile-rails-4-1 diff --git a/gemfiles/Gemfile.rails-4.2-stable b/gemfiles/Gemfile-rails-4-2 similarity index 100% rename from gemfiles/Gemfile.rails-4.2-stable rename to gemfiles/Gemfile-rails-4-2 diff --git a/gemfiles/Gemfile.rails-5.0-stable b/gemfiles/Gemfile-rails-5-0 similarity index 100% rename from gemfiles/Gemfile.rails-5.0-stable rename to gemfiles/Gemfile-rails-5-0 diff --git a/gemfiles/Gemfile.rails-5.1-stable b/gemfiles/Gemfile-rails-5-1 similarity index 100% rename from gemfiles/Gemfile.rails-5.1-stable rename to gemfiles/Gemfile-rails-5-1 diff --git a/gemfiles/Gemfile.rails-5.2-stable b/gemfiles/Gemfile-rails-5-2 similarity index 100% rename from gemfiles/Gemfile.rails-5.2-stable rename to gemfiles/Gemfile-rails-5-2 diff --git a/gemfiles/Gemfile.rails-6.0-stable b/gemfiles/Gemfile-rails-6-0 similarity index 100% rename from gemfiles/Gemfile.rails-6.0-stable rename to gemfiles/Gemfile-rails-6-0 From 7386f419e3bcc3f47a1ca408a874f0a780fdd0ce Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 10:01:30 -0300 Subject: [PATCH 100/299] Use latest bundler on Gemfile.lock Bundler 1.x uses git instead of https by default and we don't have that github source setting in the Gemfile, but this should work. --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7d8c5f94a..69e2b6c32 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -225,4 +225,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 1.17.3 + 2.2.7 From 13ba27497bbff866a4baa93cb6e558c63597e9c8 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 10:08:56 -0300 Subject: [PATCH 101/299] Use the latest 2.x patch version for each Ruby, remove ruby-head ruby-head was always in allowed failures with travis anyway, and we never really paid much attention to it, so let's just remove it entirely for now. --- .github/workflows/test.yml | 63 ++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f528099ec..5dbd845de 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,66 +14,61 @@ jobs: - gemfiles/Gemfile-rails-4-2 - gemfiles/Gemfile-rails-4-1 ruby: - - 2.1.10 - - 2.2.10 - - 2.3.8 - - 2.4.10 - - 2.5.8 - - 2.6.6 - - 2.7.1 - - ruby-head + - 2.1 + - 2.2 + - 2.3 + - 2.4 + - 2.5 + - 2.6 + - 2.7 env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: - - ruby: 2.1.10 + - ruby: 2.1 gemfile: Gemfile - - ruby: 2.1.10 + - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.1.10 + - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 2.1.10 + - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 2.1.10 + - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 2.2.10 + - ruby: 2.2 gemfile: Gemfile - - ruby: 2.2.10 + - ruby: 2.2 gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.2.10 + - ruby: 2.2 gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 2.3.8 + - ruby: 2.3 gemfile: Gemfile - - ruby: 2.3.8 + - ruby: 2.3 gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.4.10 + - ruby: 2.4 gemfile: Gemfile - - ruby: 2.4.10 + - ruby: 2.4 gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.4.10 + - ruby: 2.4 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.5.8 + - ruby: 2.5 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.6.6 + - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.6.6 + - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 2.7.1 + - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: ruby-head - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: ruby-head - gemfile: gemfiles/Gemfile-rails-4-2 - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid From 628f2fb2beda319659008ba876d68916f1c8143b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 10:13:40 -0300 Subject: [PATCH 102/299] Explicitly set OmniAuth to 1.x in the Gemfiles for now The build is breaking with 2.x (which is expected), so this is a step to get it to green on GA. --- Gemfile | 2 +- Gemfile.lock | 2 +- gemfiles/Gemfile-rails-4-1 | 2 +- gemfiles/Gemfile-rails-4-2 | 2 +- gemfiles/Gemfile-rails-5-0 | 2 +- gemfiles/Gemfile-rails-5-1 | 2 +- gemfiles/Gemfile-rails-5-2 | 2 +- gemfiles/Gemfile-rails-6-0 | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index f91123340..02f409fda 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec gem "rails", "~> 6.1.0" -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 69e2b6c32..29e75eca5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -212,7 +212,7 @@ DEPENDENCIES activemodel-serializers-xml! devise! mocha (~> 1.1) - omniauth + omniauth (~> 1.0) omniauth-facebook omniauth-oauth2 omniauth-openid diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 44a1c98aa..503d5006e 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-1-stable" -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" # Force this version because it's breaking on CI since a higher nokogiri version requires Ruby 2.3+. diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index bb35c5f2f..ffb78bc19 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-2-stable" -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" gem "nokogiri", "1.9.1" diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index dcd1ac14e..d737977c0 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.0.0' -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index c2b8f523f..5f8d6ff83 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.1.0' -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index dbfbd5f6c..8c061803c 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.2.0' -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index e43284853..c013f9aad 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 6.0.0' -gem "omniauth" +gem "omniauth", "~> 1.0" gem "omniauth-oauth2" gem "rdoc" From 3048fe0960bfb906b7fbb400af6b29d57f644e7a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Sun, 31 Jan 2021 10:12:23 -0300 Subject: [PATCH 103/299] Prevent Bundler 2.x. with Rails 4.x versions --- .github/workflows/test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5dbd845de..3937d5c43 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -84,10 +84,14 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - uses: actions/checkout@v2 + - name: Setup Bundler 1.x for Rails 4.x + if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }} + run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically + bundler: ${{ env.BUNDLER_VERSION || 'latest' }} - uses: supercharge/mongodb-github-action@1.3.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From 210c62af389bc7aa309297b5530114e97becc416 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 1 Feb 2021 11:44:42 -0300 Subject: [PATCH 104/299] Add changelog about moving to GitHub Actions --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3db58cac7..ad14e76c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### unreleased +* enhancements + * Move CI to GitHub Actions. + * deprecations * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) From 9d16f33c7bdbb29265f45c9e2933a3131c1a73b5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 1 Feb 2021 11:51:23 -0300 Subject: [PATCH 105/299] Revert "Explicitly set OmniAuth to 1.x in the Gemfiles for now" This reverts commit 628f2fb2beda319659008ba876d68916f1c8143b. We should be run green on OmniAuth 2.x now. --- Gemfile | 2 +- Gemfile.lock | 2 +- gemfiles/Gemfile-rails-4-1 | 2 +- gemfiles/Gemfile-rails-4-2 | 2 +- gemfiles/Gemfile-rails-5-0 | 2 +- gemfiles/Gemfile-rails-5-1 | 2 +- gemfiles/Gemfile-rails-5-2 | 2 +- gemfiles/Gemfile-rails-6-0 | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index 02f409fda..f91123340 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec gem "rails", "~> 6.1.0" -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index b0579e8e6..c178bd18f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -215,7 +215,7 @@ DEPENDENCIES activemodel-serializers-xml! devise! mocha (~> 1.1) - omniauth (~> 1.0) + omniauth omniauth-facebook omniauth-oauth2 omniauth-openid diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 503d5006e..44a1c98aa 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-1-stable" -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" # Force this version because it's breaking on CI since a higher nokogiri version requires Ruby 2.3+. diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index ffb78bc19..bb35c5f2f 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-2-stable" -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc", "~> 5.1" gem "nokogiri", "1.9.1" diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index d737977c0..dcd1ac14e 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -5,7 +5,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.0.0' -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 5f8d6ff83..c2b8f523f 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.1.0' -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index 8c061803c..dbfbd5f6c 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 5.2.0' -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index c013f9aad..e43284853 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -3,7 +3,7 @@ source "https://rubygems.org" gemspec path: ".." gem "rails", '~> 6.0.0' -gem "omniauth", "~> 1.0" +gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From e16d60d0fedc5f5e6f541b2b9e901a2d53f8ceda Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 1 Feb 2021 12:00:44 -0300 Subject: [PATCH 106/299] Expand the release notes with more info about the OmniAuth v2 upgrade I'm sure more people will hit issues so I'm trying to add more guidance here about how to upgrade... maybe that should be in its own wiki but I'll keep it all in the changelog for now. --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 87123e14b..995f9f088 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,9 @@ ### unreleased * enhancements - * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). + * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) + - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. * Move CI to GitHub Actions. * deprecations From 80423c8f016c1512a910f542a341b9416130cf4b Mon Sep 17 00:00:00 2001 From: Alex Ghiculescu Date: Tue, 2 Feb 2021 15:21:44 -0700 Subject: [PATCH 107/299] Fix deprecation warning on Rails 6.1 --- .../active_record/devise_generator.rb | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 7319c47f2..2198310da 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -86,9 +86,24 @@ def rails5_and_up? Rails::VERSION::MAJOR >= 5 end + def rails61_and_up? + Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1) + end + def postgresql? - config = ActiveRecord::Base.configurations[Rails.env] - config && config['adapter'] == 'postgresql' + ar_config && ar_config['adapter'] == 'postgresql' + end + + def ar_config + if ActiveRecord::Base.configurations.respond_to?(:configs_for) + if rails61_and_up? + ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: "primary").configuration_hash + else + ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, spec_name: "primary").config + end + else + ActiveRecord::Base.configurations[Rails.env] + end end def migration_version From ad91686b62c8a006044b230e7628f99fca994867 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 9 Feb 2021 10:03:34 -0300 Subject: [PATCH 108/299] Test on Ruby 3+ with Rails 6+ And remove dupe entry in the exclude matrix. In order to get Ruby 3 working we needed to install `rexml` as part of the test dependencies, only done on the main Gemfile (Rails 6.1) and the 6.0 versions. (which are the only ones supported by Ruby 3.) Devise itself doesn't require `rexml` as it does nothing with it, but a dependency we use during tests seem to require it. I was able to track it down to omniauth-openid -> rack-openid -> ruby-openid requiring it: https://github.com/openid/ruby-openid/blob/13a88ad6442133a613d2b7d6601991a84b34630d/lib/openid/yadis/xrds.rb#L1 So while we have tests using omniauth-openid, we'll need this require in place as well. Ideally that upstream version of ruby-openid should have it, but it seems that one isn't updated in a while. --- .github/workflows/test.yml | 13 +++++++++++-- CHANGELOG.md | 2 ++ Gemfile | 1 + Gemfile.lock | 2 ++ gemfiles/Gemfile-rails-6-0 | 1 + 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3937d5c43..0af48ddd5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,6 +21,7 @@ jobs: - 2.5 - 2.6 - 2.7 + - 3.0 env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid @@ -59,8 +60,6 @@ jobs: gemfile: gemfiles/Gemfile-rails-4-2 - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-2 - ruby: 2.7 @@ -69,6 +68,16 @@ jobs: gemfile: gemfiles/Gemfile-rails-5-1 - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-2 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-4-1 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-4-2 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-5-0 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-5-1 + - ruby: 3.0 + gemfile: gemfiles/Gemfile-rails-5-2 - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid diff --git a/CHANGELOG.md b/CHANGELOG.md index 995f9f088..7cdbdd6c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. + * Add support for Ruby 3. + * Add support for Rails 6.1. * Move CI to GitHub Actions. * deprecations diff --git a/Gemfile b/Gemfile index f91123340..22ca4afe9 100644 --- a/Gemfile +++ b/Gemfile @@ -18,6 +18,7 @@ gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false diff --git a/Gemfile.lock b/Gemfile.lock index c178bd18f..e08446d7b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -183,6 +183,7 @@ GEM responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) + rexml (3.2.4) ruby-openid (2.9.2) ruby2_keywords (0.0.4) sprockets (4.0.2) @@ -223,6 +224,7 @@ DEPENDENCIES rails-controller-testing! rdoc responders (~> 3.0) + rexml sqlite3 (~> 1.4) timecop webrat (= 0.7.3) diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index e43284853..d01a464fd 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -16,6 +16,7 @@ gem "responders", "~> 3.0" group :test do gem "omniauth-facebook" gem "omniauth-openid" + gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 1.1", require: false From a793472a3e28e8b0dec137531e3de64d91ff81ec Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Feb 2021 17:17:29 -0300 Subject: [PATCH 109/299] Replace XML with JSON serialization across the test suite This allows us to remove the dependency on the XML serializer provided by the external `activemodel-serializers-xml` gem, and eliminates the following deprecation warning: DEPRECATION WARNING: ActiveModel::Errors#to_xml is deprecated and will be removed in Rails 6.2. Please note: this does not mean Devise doesn't support XML, it simply means our test suite will use JSON to test non-navigatable formats instead of XML, for simplicity. Devise's job is not to test object serialization, so as long as your objects properly serialize to XML/JSON/any other format, it should work out of the box. --- Gemfile | 2 - Gemfile.lock | 10 ---- gemfiles/Gemfile-rails-5-0 | 2 - gemfiles/Gemfile-rails-5-1 | 2 - gemfiles/Gemfile-rails-5-2 | 2 - gemfiles/Gemfile-rails-6-0 | 2 - test/failure_app_test.rb | 10 ++-- test/integration/authenticatable_test.rb | 33 ++++--------- test/integration/confirmable_test.rb | 32 +++++-------- test/integration/http_authenticatable_test.rb | 23 +++++----- test/integration/lockable_test.rb | 31 +++++-------- test/integration/recoverable_test.rb | 46 ++++++++----------- test/integration/registerable_test.rb | 37 ++++++--------- test/models/serializable_test.rb | 15 ------ test/rails_app/app/active_record/user.rb | 1 - .../app/controllers/users_controller.rb | 3 +- test/routes_test.rb | 12 ++--- test/test/controller_helpers_test.rb | 6 +-- 18 files changed, 93 insertions(+), 176 deletions(-) diff --git a/Gemfile b/Gemfile index 22ca4afe9..2bca34060 100644 --- a/Gemfile +++ b/Gemfile @@ -9,8 +9,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/Gemfile.lock b/Gemfile.lock index e08446d7b..e19528ac0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,12 +1,3 @@ -GIT - remote: https://github.com/rails/activemodel-serializers-xml.git - revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8 - specs: - activemodel-serializers-xml (1.0.2) - activemodel (>= 5.0.0.a) - activesupport (>= 5.0.0.a) - builder (~> 3.1) - GIT remote: https://github.com/rails/rails-controller-testing.git revision: 4b15c86e82ee380f2a7cc009e470368f7520560a @@ -213,7 +204,6 @@ PLATFORMS ruby DEPENDENCIES - activemodel-serializers-xml! devise! mocha (~> 1.1) omniauth diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index dcd1ac14e..2f60c3a2b 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -9,8 +9,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing" gem "responders", "~> 2.1" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index c2b8f523f..c566e9c84 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing" gem "responders", "~> 2.1" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index dbfbd5f6c..5dc267def 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing" gem "responders", "~> 2.1" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index d01a464fd..f840fc8d7 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 1b0aeb04a..809f668de 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -220,8 +220,8 @@ def call_failure(env_params = {}) end test 'works for any navigational format' do - swap Devise, navigational_formats: [:xml] do - call_failure('formats' => Mime[:xml]) + swap Devise, navigational_formats: [:json] do + call_failure('formats' => Mime[:json]) assert_equal 302, @response.first end end @@ -236,7 +236,7 @@ def call_failure(env_params = {}) context 'For HTTP request' do test 'return 401 status' do - call_failure('formats' => Mime[:xml]) + call_failure('formats' => Mime[:json]) assert_equal 401, @response.first end @@ -258,13 +258,13 @@ def call_failure(env_params = {}) end test 'return WWW-authenticate headers if model allows' do - call_failure('formats' => Mime[:xml]) + call_failure('formats' => Mime[:json]) assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"] end test 'does not return WWW-authenticate headers if model does not allow' do swap Devise, http_authenticatable: false do - call_failure('formats' => Mime[:xml]) + call_failure('formats' => Mime[:json]) assert_nil @response.second["WWW-Authenticate"] end end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index fcc1d734b..fbe1da6cc 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -462,14 +462,6 @@ class AuthenticationOthersTest < Devise::IntegrationTest end end - test 'sign in stub in xml format' do - get new_user_session_path(format: 'xml') - assert_match '', response.body - assert_match %r{.*}m, response.body - assert_match '', response.body - assert_match '\n) + assert_includes response.body, '{"user":{' end - test 'sign in with xml format is idempotent' do - get new_user_session_path(format: 'xml') + test 'sign in with json format is idempotent' do + get new_user_session_path(format: 'json') assert_response :success create_user - post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } + post user_session_path(format: 'json'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success - get new_user_session_path(format: 'xml') + get new_user_session_path(format: 'json') assert_response :success - post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} } + post user_session_path(format: 'json'), params: { user: {email: "user@test.com", password: '12345678'} } assert_response :success - assert_includes response.body, %(\n) + assert_includes response.body, '{"user":{' end test 'sign out with html redirects' do @@ -527,13 +519,6 @@ class AuthenticationOthersTest < Devise::IntegrationTest assert_current_url '/' end - test 'sign out with xml format returns no content' do - sign_in_as_user - delete destroy_user_session_path(format: 'xml') - assert_response :no_content - refute warden.authenticated?(:user) - end - test 'sign out with json format returns no content' do sign_in_as_user delete destroy_user_session_path(format: 'json') diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 165954617..278f9488e 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -214,40 +214,32 @@ def resend_confirmation end end - test 'resent confirmation token with valid E-Mail in XML format should return valid response' do + test 'resent confirmation token with valid e-mail in JSON format should return empty and valid response' do user = create_user(confirm: false) - post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } } + post user_confirmation_path(format: 'json'), params: { user: { email: user.email } } assert_response :success - assert_equal({}.to_xml, response.body) + assert_equal({}.to_json, response.body) end - test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do + test 'resent confirmation token with invalid e-mail in JSON format should return invalid response' do create_user(confirm: false) - post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } } + post user_confirmation_path(format: 'json'), params: { user: { email: 'invalid.test@test.com' } } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' end - test 'confirm account with valid confirmation token in XML format should return valid response' do + test 'confirm account with valid confirmation token in JSON format should return valid response' do user = create_user(confirm: false) - get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml') + get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'json') assert_response :success - assert_includes response.body, %(\n) + assert_includes response.body, '{"user":{' end - test 'confirm account with invalid confirmation token in XML format should return invalid response' do + test 'confirm account with invalid confirmation token in JSON format should return invalid response' do create_user(confirm: false) - get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml') + get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'json') assert_response :unprocessable_entity - assert_includes response.body, %(\n) - end - - test 'request an account confirmation account with JSON, should return an empty JSON' do - user = create_user(confirm: false) - - post user_confirmation_path, params: { user: { email: user.email }, format: :json } - assert_response :success - assert_equal({}.to_json, response.body) + assert_includes response.body, '{"confirmation_token":[' end test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 619a3cd82..683215957 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -22,10 +22,10 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, skip_session_storage: [] do sign_in_as_new_user_with_http assert_response 200 - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) - get users_path(format: :xml) + get users_path(format: :json) assert_response 200 end end @@ -34,10 +34,10 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, skip_session_storage: [:http_auth] do sign_in_as_new_user_with_http assert_response 200 - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) - get users_path(format: :xml) + get users_path(format: :json) assert_response 401 end end @@ -51,8 +51,8 @@ class HttpAuthenticationTest < Devise::IntegrationTest test 'uses the request format as response content type' do sign_in_as_new_user_with_http("unknown") assert_equal 401, status - assert_equal "application/xml; charset=utf-8", headers["Content-Type"] - assert_match "Invalid Email or password.", response.body + assert_equal "application/json; charset=utf-8", headers["Content-Type"] + assert_match '"error":"Invalid Email or password."', response.body end test 'returns a custom response with www-authenticate and chosen realm' do @@ -67,7 +67,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, authentication_keys: [:username] do sign_in_as_new_user_with_http("usertest") assert_response :success - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) end end @@ -76,7 +76,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, authentication_keys: { username: false, email: false } do sign_in_as_new_user_with_http("usertest") assert_response :success - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) end end @@ -85,7 +85,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do sign_in_as_new_user_with_http("usertest") assert_response :success - assert_match 'user@test.com', response.body + assert_match '"email":"user@test.com"', response.body assert warden.authenticated?(:user) end end @@ -101,14 +101,13 @@ class HttpAuthenticationTest < Devise::IntegrationTest private def sign_in_as_new_user_with_http(username = "user@test.com", password = "12345678") user = create_user - get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" } + get users_path(format: :json), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" } user end # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication def add_oauth2_header user = create_user - get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" } + get users_path(format: :json), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" } end - end diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index b0eaf02f5..437d8eec9 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -130,46 +130,39 @@ def send_unlock_request end end - test 'user should be able to request a new unlock token via XML request' do + test 'user should be able to request a new unlock token via JSON request and should return empty and valid response' do user = create_user(locked: true) ActionMailer::Base.deliveries.clear - post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } + post user_unlock_path(format: 'json'), params: { user: {email: user.email} } assert_response :success - assert_equal({}.to_xml, response.body) + assert_equal({}.to_json, response.body) assert_equal 1, ActionMailer::Base.deliveries.size end - test 'unlocked user should not be able to request a unlock token via XML request' do + test 'unlocked user should not be able to request a unlock token via JSON request' do user = create_user(locked: false) ActionMailer::Base.deliveries.clear - post user_unlock_path(format: 'xml'), params: { user: {email: user.email} } + post user_unlock_path(format: 'json'), params: { user: {email: user.email} } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' assert_equal 0, ActionMailer::Base.deliveries.size end - test 'user with valid unlock token should be able to unlock account via XML request' do + test 'user with valid unlock token should be able to unlock account via JSON request' do user = create_user() raw = user.lock_access! assert user.access_locked? - get user_unlock_path(format: 'xml', unlock_token: raw) + get user_unlock_path(format: 'json', unlock_token: raw) assert_response :success - assert_includes response.body, %(\n) + assert_includes response.body, '{"user":{' end - test 'user with invalid unlock token should not be able to unlock the account via XML request' do - get user_unlock_path(format: 'xml', unlock_token: 'invalid_token') + test 'user with invalid unlock token should not be able to unlock the account via JSON request' do + get user_unlock_path(format: 'json', unlock_token: 'invalid_token') assert_response :unprocessable_entity - assert_includes response.body, %(\n) - end - - test "when using json to ask a unlock request, should not return the user" do - user = create_user(locked: true) - post user_unlock_path(format: "json", user: {email: user.email}) - assert_response :success - assert_equal({}.to_json, response.body) + assert_includes response.body, '{"unlock_token":[' end test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 2f1ca6e92..762660781 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -261,63 +261,53 @@ def reset_password(options = {}, &block) end end - test 'reset password request with valid E-Mail in XML format should return valid response' do + test 'reset password request with valid e-mail in JSON format should return empty and valid response' do create_user - post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} } + post user_password_path(format: 'json'), params: { user: {email: "user@test.com"} } assert_response :success - assert_equal({}.to_xml, response.body) + assert_equal({}.to_json, response.body) end - test 'reset password request with invalid E-Mail in XML format should return valid response' do + test 'reset password request with invalid e-mail in JSON format should return valid response' do create_user - post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} } + post user_password_path(format: 'json'), params: { user: {email: "invalid.test@test.com"} } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' end - test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do + test 'reset password request with invalid e-mail in JSON format should return empty and valid response in paranoid mode' do swap Devise, paranoid: true do create_user - post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} } + post user_password_path(format: 'json'), params: { user: {email: "invalid@test.com"} } assert_response :success - assert_equal({}.to_xml, response.body) + assert_equal({}.to_json, response.body) end end - test 'change password with valid parameters in XML format should return valid response' do + test 'change password with valid parameters in JSON format should return valid response' do create_user request_forgot_password - put user_password_path(format: 'xml'), params: { user: { + put user_password_path(format: 'json'), params: { user: { reset_password_token: 'abcdef', password: '987654321', password_confirmation: '987654321' - } - } + } } assert_response :success assert warden.authenticated?(:user) end - test 'change password with invalid token in XML format should return invalid response' do + test 'change password with invalid token in JSON format should return invalid response' do create_user request_forgot_password - put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} } + put user_password_path(format: 'json'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' end - test 'change password with invalid new password in XML format should return invalid response' do + test 'change password with invalid new password in JSON format should return invalid response' do user = create_user request_forgot_password - put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} } + put user_password_path(format: 'json'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} } assert_response :unprocessable_entity - assert_includes response.body, %(\n) - end - - test "when using json requests to ask a confirmable request, should not return the object" do - user = create_user(confirm: false) - - post user_password_path(format: :json), params: { user: { email: user.email } } - - assert_response :success - assert_equal "{}", response.body + assert_includes response.body, '{"errors":{' end test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index fa2610edf..b40722331 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -283,13 +283,6 @@ def user_sign_up assert_redirected_to new_user_registration_path end - test 'a user with XML sign up stub' do - get new_user_registration_path(format: 'xml') - assert_response :success - assert_match %(\n), response.body - assert_no_match(/\n) + assert_includes response.body, '{"admin":{' admin = Admin.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', admin.email end - test 'a user sign up with valid information in XML format should return valid response' do - post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } + test 'a user sign up with valid information in JSON format should return valid response' do + post user_registration_path(format: 'json'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } } assert_response :success - assert_includes response.body, %(\n) + assert_includes response.body, '{"user":{' user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', user.email end - test 'a user sign up with invalid information in XML format should return invalid response' do - post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } } + test 'a user sign up with invalid information in JSON format should return invalid response' do + post user_registration_path(format: 'json'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } } assert_response :unprocessable_entity - assert_includes response.body, %(\n) + assert_includes response.body, '{"errors":{' end - test 'a user update information with valid data in XML format should return valid response' do + test 'a user update information with valid data in JSON format should return valid response' do user = sign_in_as_user - put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } } + put user_registration_path(format: 'json'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } } assert_response :success assert_equal 'user.new@test.com', user.reload.email end - test 'a user update information with invalid data in XML format should return invalid response' do + test 'a user update information with invalid data in JSON format should return invalid response' do user = sign_in_as_user - put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } } + put user_registration_path(format: 'json'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } } assert_response :unprocessable_entity assert_equal 'user@test.com', user.reload.email end - test 'a user cancel their account in XML format should return valid response' do + test 'a user cancel their account in JSON format should return valid response' do sign_in_as_user - delete user_registration_path(format: 'xml') + delete user_registration_path(format: 'json') assert_response :success assert_equal 0, User.to_adapter.find_all.size end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 602cbe371..53f0f59f4 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -7,21 +7,6 @@ class SerializableTest < ActiveSupport::TestCase @user = create_user end - test 'should not include unsafe keys on XML' do - assert_match(/email/, @user.to_xml) - assert_no_match(/confirmation-token/, @user.to_xml) - end - - test 'should not include unsafe keys on XML even if a new except is provided' do - assert_no_match(/email/, @user.to_xml(except: :email)) - assert_no_match(/confirmation-token/, @user.to_xml(except: :email)) - end - - test 'should include unsafe keys on XML if a force_except is provided' do - assert_no_match(/ Date: Mon, 15 Feb 2021 14:45:04 -0300 Subject: [PATCH 110/299] Bundle update --- Gemfile.lock | 118 +++++++++++++++++++++++++-------------------------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e19528ac0..48b9a7b4e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,60 +20,60 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.1) - actionpack (= 6.1.1) - activesupport (= 6.1.1) + actioncable (6.1.2.1) + actionpack (= 6.1.2.1) + activesupport (= 6.1.2.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.1) - actionpack (= 6.1.1) - activejob (= 6.1.1) - activerecord (= 6.1.1) - activestorage (= 6.1.1) - activesupport (= 6.1.1) + actionmailbox (6.1.2.1) + actionpack (= 6.1.2.1) + activejob (= 6.1.2.1) + activerecord (= 6.1.2.1) + activestorage (= 6.1.2.1) + activesupport (= 6.1.2.1) mail (>= 2.7.1) - actionmailer (6.1.1) - actionpack (= 6.1.1) - actionview (= 6.1.1) - activejob (= 6.1.1) - activesupport (= 6.1.1) + actionmailer (6.1.2.1) + actionpack (= 6.1.2.1) + actionview (= 6.1.2.1) + activejob (= 6.1.2.1) + activesupport (= 6.1.2.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.1) - actionview (= 6.1.1) - activesupport (= 6.1.1) + actionpack (6.1.2.1) + actionview (= 6.1.2.1) + activesupport (= 6.1.2.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.1) - actionpack (= 6.1.1) - activerecord (= 6.1.1) - activestorage (= 6.1.1) - activesupport (= 6.1.1) + actiontext (6.1.2.1) + actionpack (= 6.1.2.1) + activerecord (= 6.1.2.1) + activestorage (= 6.1.2.1) + activesupport (= 6.1.2.1) nokogiri (>= 1.8.5) - actionview (6.1.1) - activesupport (= 6.1.1) + actionview (6.1.2.1) + activesupport (= 6.1.2.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.1) - activesupport (= 6.1.1) + activejob (6.1.2.1) + activesupport (= 6.1.2.1) globalid (>= 0.3.6) - activemodel (6.1.1) - activesupport (= 6.1.1) - activerecord (6.1.1) - activemodel (= 6.1.1) - activesupport (= 6.1.1) - activestorage (6.1.1) - actionpack (= 6.1.1) - activejob (= 6.1.1) - activerecord (= 6.1.1) - activesupport (= 6.1.1) + activemodel (6.1.2.1) + activesupport (= 6.1.2.1) + activerecord (6.1.2.1) + activemodel (= 6.1.2.1) + activesupport (= 6.1.2.1) + activestorage (6.1.2.1) + actionpack (= 6.1.2.1) + activejob (= 6.1.2.1) + activerecord (= 6.1.2.1) + activesupport (= 6.1.2.1) marcel (~> 0.3.1) mimemagic (~> 0.3.2) - activesupport (6.1.1) + activesupport (6.1.2.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -81,7 +81,7 @@ GEM zeitwerk (~> 2.3) bcrypt (3.1.16) builder (3.2.4) - concurrent-ruby (1.1.7) + concurrent-ruby (1.1.8) crass (1.0.6) erubi (1.10.0) faraday (1.3.0) @@ -92,7 +92,7 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.7) + i18n (1.8.9) concurrent-ruby (~> 1.0) jwt (2.2.2) loofah (2.9.0) @@ -111,7 +111,7 @@ GEM multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.4) + nio4r (2.5.5) nokogiri (1.11.1) mini_portile2 (~> 2.5.0) racc (~> 1.4) @@ -121,7 +121,7 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.1) + omniauth (2.0.2) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection @@ -143,29 +143,29 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.1) - actioncable (= 6.1.1) - actionmailbox (= 6.1.1) - actionmailer (= 6.1.1) - actionpack (= 6.1.1) - actiontext (= 6.1.1) - actionview (= 6.1.1) - activejob (= 6.1.1) - activemodel (= 6.1.1) - activerecord (= 6.1.1) - activestorage (= 6.1.1) - activesupport (= 6.1.1) + rails (6.1.2.1) + actioncable (= 6.1.2.1) + actionmailbox (= 6.1.2.1) + actionmailer (= 6.1.2.1) + actionpack (= 6.1.2.1) + actiontext (= 6.1.2.1) + actionview (= 6.1.2.1) + activejob (= 6.1.2.1) + activemodel (= 6.1.2.1) + activerecord (= 6.1.2.1) + activestorage (= 6.1.2.1) + activesupport (= 6.1.2.1) bundler (>= 1.15.0) - railties (= 6.1.1) + railties (= 6.1.2.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.1.1) - actionpack (= 6.1.1) - activesupport (= 6.1.1) + railties (6.1.2.1) + actionpack (= 6.1.2.1) + activesupport (= 6.1.2.1) method_source rake (>= 0.8.7) thor (~> 1.0) @@ -185,8 +185,8 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.4.2) - thor (1.0.1) - timecop (0.9.2) + thor (1.1.0) + timecop (0.9.4) tzinfo (2.0.4) concurrent-ruby (~> 1.0) warden (1.2.9) From faef12cf2b620e7a454138aa7c2ec1e1719e4025 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 15 Feb 2021 16:07:38 -0300 Subject: [PATCH 111/299] Use the 6-0-stable version of Rails to fix issue with JSON responses The test suite was failing on Rails 6.0 + Ruby 3 with errors like: Expected "{\"errors\":\"#\"}" to include "{\"errors\":{". The ActiveModel::Errors object wasn't being serialized to JSON as expected, and this only happened with that combination of Ruby/Rails. Upon further investigation, this was caused by a change in Ruby and fixed in Rails in this PR: https://github.com/rails/rails/pull/39697 (which describes in more details the exact same problem and links to the Ruby bug tracker with more information). That fix was backported to 6-0-stable in June 2020, but hasn't been officially released in a stable version yet: (there have been only security fixes since then for 6.0) https://github.com/rails/rails/commit/75f6539d0e94c76d93d61feef06c3b0974fe62c1 Since the branch contains the fix, I'm pointing directly to it to get the tests passing. We can't tell if there'll be a new stable 6.0 release at this point, but hopefully yes, in which case we can go back at pointing to it. --- gemfiles/Gemfile-rails-6-0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index f840fc8d7..bc9c83d00 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 6.0.0' +gem "rails", '~> 6.0.0', github: 'rails/rails', branch: '6-0-stable' gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From 1ba53dc3695508da709de547af92831e09374090 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 15 Feb 2021 16:23:47 -0300 Subject: [PATCH 112/299] Lock bundler to 2.2.9 instead of latest 2.2.10 is causing the dependency resolution on Rails 6-0-stable to fail: ``` Bundler could not find compatible versions for gem "railties": In Gemfile-rails-6-0: devise was resolved to 4.7.3, which depends on railties (>= 4.1.0) rails was resolved to 6.0.3.5, which depends on railties (= 6.0.3.5) responders (~> 3.0) was resolved to 3.0.1, which depends on railties (>= 5.0) Took 27.49 seconds ``` https://github.com/heartcombo/devise/runs/1905780158?check_suite_focus=true#step:5:23 The `railties` version 6.0.3.5 should work, given the other two are using >= declarations, but it fails in 2.2.10. Downgrading to 2.2.9 works. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0af48ddd5..efe63d78d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -100,7 +100,7 @@ jobs: with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - bundler: ${{ env.BUNDLER_VERSION || 'latest' }} + bundler: ${{ env.BUNDLER_VERSION || '2.2.9' }} - uses: supercharge/mongodb-github-action@1.3.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From ef9a2f410413b02b5234d80a73b42e296ebcc863 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 22 Mar 2021 18:43:18 -0300 Subject: [PATCH 113/299] Use minitest helpers to check if objects respond to certain methods --- test/models/database_authenticatable_test.rb | 6 +++--- test/models/rememberable_test.rb | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 676b44d2b..c6fa527f8 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -97,8 +97,8 @@ def setup test 'should respond to password and password confirmation' do user = new_user - assert user.respond_to?(:password) - assert user.respond_to?(:password_confirmation) + assert_respond_to user, :password + assert_respond_to user, :password_confirmation end test 'should generate a hashed password while setting password' do @@ -149,7 +149,7 @@ def setup end test 'should respond to current password' do - assert new_user.respond_to?(:current_password) + assert_respond_to new_user, :current_password end test 'should update password with valid current password' do diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb index 076a18a24..8b8317212 100644 --- a/test/models/rememberable_test.rb +++ b/test/models/rememberable_test.rb @@ -129,8 +129,8 @@ def user.authenticatable_salt; ""; end end test 'should respond to remember_me attribute' do - assert resource_class.new.respond_to?(:remember_me) - assert resource_class.new.respond_to?(:remember_me=) + assert_respond_to resource_class.new, :remember_me + assert_respond_to resource_class.new, :remember_me= end test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do From 429afcbe8aad8fa14f57a455d334ffa2ec117f9f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 30 Mar 2021 21:53:53 -0300 Subject: [PATCH 114/299] Bundle update --- Gemfile.lock | 130 +++++++++++++++++++++++++-------------------------- 1 file changed, 64 insertions(+), 66 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 48b9a7b4e..a9812e16e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/rails-controller-testing.git - revision: 4b15c86e82ee380f2a7cc009e470368f7520560a + revision: bc6f3356803d7c5d373f89a44625d59953dc0cef specs: rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -20,60 +20,60 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.2.1) - actionpack (= 6.1.2.1) - activesupport (= 6.1.2.1) + actioncable (6.1.3.1) + actionpack (= 6.1.3.1) + activesupport (= 6.1.3.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.2.1) - actionpack (= 6.1.2.1) - activejob (= 6.1.2.1) - activerecord (= 6.1.2.1) - activestorage (= 6.1.2.1) - activesupport (= 6.1.2.1) + actionmailbox (6.1.3.1) + actionpack (= 6.1.3.1) + activejob (= 6.1.3.1) + activerecord (= 6.1.3.1) + activestorage (= 6.1.3.1) + activesupport (= 6.1.3.1) mail (>= 2.7.1) - actionmailer (6.1.2.1) - actionpack (= 6.1.2.1) - actionview (= 6.1.2.1) - activejob (= 6.1.2.1) - activesupport (= 6.1.2.1) + actionmailer (6.1.3.1) + actionpack (= 6.1.3.1) + actionview (= 6.1.3.1) + activejob (= 6.1.3.1) + activesupport (= 6.1.3.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.2.1) - actionview (= 6.1.2.1) - activesupport (= 6.1.2.1) + actionpack (6.1.3.1) + actionview (= 6.1.3.1) + activesupport (= 6.1.3.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.2.1) - actionpack (= 6.1.2.1) - activerecord (= 6.1.2.1) - activestorage (= 6.1.2.1) - activesupport (= 6.1.2.1) + actiontext (6.1.3.1) + actionpack (= 6.1.3.1) + activerecord (= 6.1.3.1) + activestorage (= 6.1.3.1) + activesupport (= 6.1.3.1) nokogiri (>= 1.8.5) - actionview (6.1.2.1) - activesupport (= 6.1.2.1) + actionview (6.1.3.1) + activesupport (= 6.1.3.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.2.1) - activesupport (= 6.1.2.1) + activejob (6.1.3.1) + activesupport (= 6.1.3.1) globalid (>= 0.3.6) - activemodel (6.1.2.1) - activesupport (= 6.1.2.1) - activerecord (6.1.2.1) - activemodel (= 6.1.2.1) - activesupport (= 6.1.2.1) - activestorage (6.1.2.1) - actionpack (= 6.1.2.1) - activejob (= 6.1.2.1) - activerecord (= 6.1.2.1) - activesupport (= 6.1.2.1) - marcel (~> 0.3.1) - mimemagic (~> 0.3.2) - activesupport (6.1.2.1) + activemodel (6.1.3.1) + activesupport (= 6.1.3.1) + activerecord (6.1.3.1) + activemodel (= 6.1.3.1) + activesupport (= 6.1.3.1) + activestorage (6.1.3.1) + actionpack (= 6.1.3.1) + activejob (= 6.1.3.1) + activerecord (= 6.1.3.1) + activesupport (= 6.1.3.1) + marcel (~> 1.0.0) + mini_mime (~> 1.0.2) + activesupport (6.1.3.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -92,7 +92,7 @@ GEM globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) - i18n (1.8.9) + i18n (1.8.10) concurrent-ruby (~> 1.0) jwt (2.2.2) loofah (2.9.0) @@ -100,28 +100,26 @@ GEM nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (0.3.3) - mimemagic (~> 0.3.2) + marcel (1.0.0) method_source (1.0.0) - mimemagic (0.3.5) - mini_mime (1.0.2) + mini_mime (1.0.3) mini_portile2 (2.5.0) - minitest (5.14.3) + minitest (5.14.4) mocha (1.12.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.5) - nokogiri (1.11.1) + nio4r (2.5.7) + nokogiri (1.11.2) mini_portile2 (~> 2.5.0) racc (~> 1.4) - oauth2 (1.4.4) + oauth2 (1.4.7) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.2) + omniauth (2.0.3) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection @@ -143,29 +141,29 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.2.1) - actioncable (= 6.1.2.1) - actionmailbox (= 6.1.2.1) - actionmailer (= 6.1.2.1) - actionpack (= 6.1.2.1) - actiontext (= 6.1.2.1) - actionview (= 6.1.2.1) - activejob (= 6.1.2.1) - activemodel (= 6.1.2.1) - activerecord (= 6.1.2.1) - activestorage (= 6.1.2.1) - activesupport (= 6.1.2.1) + rails (6.1.3.1) + actioncable (= 6.1.3.1) + actionmailbox (= 6.1.3.1) + actionmailer (= 6.1.3.1) + actionpack (= 6.1.3.1) + actiontext (= 6.1.3.1) + actionview (= 6.1.3.1) + activejob (= 6.1.3.1) + activemodel (= 6.1.3.1) + activerecord (= 6.1.3.1) + activestorage (= 6.1.3.1) + activesupport (= 6.1.3.1) bundler (>= 1.15.0) - railties (= 6.1.2.1) + railties (= 6.1.3.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.1.2.1) - actionpack (= 6.1.2.1) - activesupport (= 6.1.2.1) + railties (6.1.3.1) + actionpack (= 6.1.3.1) + activesupport (= 6.1.3.1) method_source rake (>= 0.8.7) thor (~> 1.0) From e8e0c275999dd98150197cab03acb5509cb16b6a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 30 Mar 2021 21:46:11 -0300 Subject: [PATCH 115/299] Revert "Lock bundler to 2.2.9 instead of latest" This reverts commit 1ba53dc3695508da709de547af92831e09374090. Let's give the latest bundler (2.2.15 as of today) a try again. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index efe63d78d..0af48ddd5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -100,7 +100,7 @@ jobs: with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - bundler: ${{ env.BUNDLER_VERSION || '2.2.9' }} + bundler: ${{ env.BUNDLER_VERSION || 'latest' }} - uses: supercharge/mongodb-github-action@1.3.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From a3ae35e9c951d1722af9a76fba7c1fa62c643019 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 22 Mar 2021 18:26:17 -0300 Subject: [PATCH 116/299] Create a model hook around the lockable warden hook to reset attempts Resetting failed attempts after sign in happened inside a warden hook specific for the lockable module, but that was hidden inside the hook implementation and didn't allow any user customization. One such customization needed for example is to direct these updates to a write DB when using a multi-DB setup. With the logic hidden in the warden hook this wasn't possible, now that it's exposed in a model method much like trackable, we can override the model method to wrap it in a connection switch block for example, point to a write DB, and simply call `super`. Closes #5310 Related to #5264 and #5133 --- CHANGELOG.md | 2 ++ lib/devise/hooks/lockable.rb | 7 ++----- lib/devise/models/lockable.rb | 10 +++++++++- test/models/lockable_test.rb | 26 ++++++++++++++++++++++++++ 4 files changed, 39 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7cdbdd6c2..5370462fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. + * Introduce `Lockable#reset_failed_attempts!` model method to reset failed attempts counter to 0 after the user signs in. + - This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with `Trackable#update_tracked_fields!`. * Add support for Ruby 3. * Add support for Rails 6.1. * Move CI to GitHub Actions. diff --git a/lib/devise/hooks/lockable.rb b/lib/devise/hooks/lockable.rb index a73a1752e..b11db1e87 100644 --- a/lib/devise/hooks/lockable.rb +++ b/lib/devise/hooks/lockable.rb @@ -3,10 +3,7 @@ # After each sign in, if resource responds to failed_attempts, sets it to 0 # This is only triggered when the user is explicitly set (with set_user) Warden::Manager.after_set_user except: :fetch do |record, warden, options| - if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope]) - unless record.failed_attempts.to_i.zero? - record.failed_attempts = 0 - record.save(validate: false) - end + if record.respond_to?(:reset_failed_attempts!) && warden.authenticated?(options[:scope]) + record.reset_failed_attempts! end end diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 578f52949..ce9e3e57a 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -57,6 +57,14 @@ def unlock_access! save(validate: false) end + # Resets failed attempts counter to 0. + def reset_failed_attempts! + if respond_to?(:failed_attempts) && !failed_attempts.to_i.zero? + self.failed_attempts = 0 + save(validate: false) + end + end + # Verifies whether a user is locked or not. def access_locked? !!locked_at && !lock_expired? @@ -110,7 +118,7 @@ def valid_for_authentication? false end end - + def increment_failed_attempts self.class.increment_counter(:failed_attempts, id) reload diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 8b12d5504..4190de929 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -50,6 +50,32 @@ def setup assert_equal initial_failed_attempts + 2, user.reload.failed_attempts end + test "reset_failed_attempts! updates the failed attempts counter back to 0" do + user = create_user(failed_attempts: 3) + assert_equal 3, user.failed_attempts + + user.reset_failed_attempts! + assert_equal 0, user.failed_attempts + + user.reset_failed_attempts! + assert_equal 0, user.failed_attempts + end + + test "reset_failed_attempts! does not run model validations" do + user = create_user(failed_attempts: 1) + user.expects(:after_validation_callback).never + + assert user.reset_failed_attempts! + assert_equal 0, user.failed_attempts + end + + test "reset_failed_attempts! does not try to reset if not using failed attempts strategy" do + admin = create_admin + + refute_respond_to admin, :failed_attempts + refute admin.reset_failed_attempts! + end + test 'should be valid for authentication with a unlocked user' do user = create_user user.lock_access! From 57d1a1d3816901e9f2cc26e36c3ef70547a91034 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 29 Apr 2021 08:52:33 -0300 Subject: [PATCH 117/299] Release v4.8.0 --- CHANGELOG.md | 2 ++ Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5370462fa..0fd505d34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### unreleased +### 4.8.0 - 2021-04-29 + * enhancements * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) diff --git a/Gemfile.lock b/Gemfile.lock index a9812e16e..6ff42a7e9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.7.3) + devise (4.8.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index d30cd67dc..cecc83266 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.7.3".freeze + VERSION = "4.8.0".freeze end From 2ee0068d778591ccc094e75433a4dc0a0c758d9a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 5 May 2021 18:20:38 -0300 Subject: [PATCH 118/299] Bundle update --- Gemfile.lock | 130 ++++++++++++++++++++++++++------------------------- 1 file changed, 67 insertions(+), 63 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 6ff42a7e9..06a2d687b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,60 +20,60 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + actioncable (6.1.3.2) + actionpack (= 6.1.3.2) + activesupport (= 6.1.3.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailbox (6.1.3.2) + actionpack (= 6.1.3.2) + activejob (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) mail (>= 2.7.1) - actionmailer (6.1.3.1) - actionpack (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionmailer (6.1.3.2) + actionpack (= 6.1.3.2) + actionview (= 6.1.3.2) + activejob (= 6.1.3.2) + activesupport (= 6.1.3.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.3.1) - actionview (= 6.1.3.1) - activesupport (= 6.1.3.1) + actionpack (6.1.3.2) + actionview (= 6.1.3.2) + activesupport (= 6.1.3.2) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.3.1) - actionpack (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + actiontext (6.1.3.2) + actionpack (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) nokogiri (>= 1.8.5) - actionview (6.1.3.1) - activesupport (= 6.1.3.1) + actionview (6.1.3.2) + activesupport (= 6.1.3.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.3.1) - activesupport (= 6.1.3.1) + activejob (6.1.3.2) + activesupport (= 6.1.3.2) globalid (>= 0.3.6) - activemodel (6.1.3.1) - activesupport (= 6.1.3.1) - activerecord (6.1.3.1) - activemodel (= 6.1.3.1) - activesupport (= 6.1.3.1) - activestorage (6.1.3.1) - actionpack (= 6.1.3.1) - activejob (= 6.1.3.1) - activerecord (= 6.1.3.1) - activesupport (= 6.1.3.1) + activemodel (6.1.3.2) + activesupport (= 6.1.3.2) + activerecord (6.1.3.2) + activemodel (= 6.1.3.2) + activesupport (= 6.1.3.2) + activestorage (6.1.3.2) + actionpack (= 6.1.3.2) + activejob (= 6.1.3.2) + activerecord (= 6.1.3.2) + activesupport (= 6.1.3.2) marcel (~> 1.0.0) mini_mime (~> 1.0.2) - activesupport (6.1.3.1) + activesupport (6.1.3.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -84,33 +84,37 @@ GEM concurrent-ruby (1.1.8) crass (1.0.6) erubi (1.10.0) - faraday (1.3.0) + faraday (1.4.1) + faraday-excon (~> 1.1) faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.1) multipart-post (>= 1.2, < 3) - ruby2_keywords + ruby2_keywords (>= 0.0.4) + faraday-excon (1.1.0) faraday-net_http (1.0.1) + faraday-net_http_persistent (1.1.0) globalid (0.4.2) activesupport (>= 4.2.0) hashie (4.1.0) i18n (1.8.10) concurrent-ruby (~> 1.0) - jwt (2.2.2) - loofah (2.9.0) + jwt (2.2.3) + loofah (2.9.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.0) + marcel (1.0.1) method_source (1.0.0) mini_mime (1.0.3) - mini_portile2 (2.5.0) + mini_portile2 (2.5.1) minitest (5.14.4) mocha (1.12.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) nio4r (2.5.7) - nokogiri (1.11.2) + nokogiri (1.11.3) mini_portile2 (~> 2.5.0) racc (~> 1.4) oauth2 (1.4.7) @@ -119,7 +123,7 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.3) + omniauth (2.0.4) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection @@ -141,38 +145,38 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.3.1) - actioncable (= 6.1.3.1) - actionmailbox (= 6.1.3.1) - actionmailer (= 6.1.3.1) - actionpack (= 6.1.3.1) - actiontext (= 6.1.3.1) - actionview (= 6.1.3.1) - activejob (= 6.1.3.1) - activemodel (= 6.1.3.1) - activerecord (= 6.1.3.1) - activestorage (= 6.1.3.1) - activesupport (= 6.1.3.1) + rails (6.1.3.2) + actioncable (= 6.1.3.2) + actionmailbox (= 6.1.3.2) + actionmailer (= 6.1.3.2) + actionpack (= 6.1.3.2) + actiontext (= 6.1.3.2) + actionview (= 6.1.3.2) + activejob (= 6.1.3.2) + activemodel (= 6.1.3.2) + activerecord (= 6.1.3.2) + activestorage (= 6.1.3.2) + activesupport (= 6.1.3.2) bundler (>= 1.15.0) - railties (= 6.1.3.1) + railties (= 6.1.3.2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (6.1.3.1) - actionpack (= 6.1.3.1) - activesupport (= 6.1.3.1) + railties (6.1.3.2) + actionpack (= 6.1.3.2) + activesupport (= 6.1.3.2) method_source rake (>= 0.8.7) thor (~> 1.0) rake (13.0.3) - rdoc (6.3.0) + rdoc (6.3.1) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) - rexml (3.2.4) + rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.4) sprockets (4.0.2) From 63ccdfb34a7bf7921a48e2c2a00421bc152ca8d4 Mon Sep 17 00:00:00 2001 From: Nick Hammond Date: Thu, 6 May 2021 15:24:04 -0700 Subject: [PATCH 119/299] Add metadata for RubyGems --- devise.gemspec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/devise.gemspec b/devise.gemspec index abbbd7f86..503a9a960 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -14,6 +14,14 @@ Gem::Specification.new do |s| s.homepage = "https://github.com/heartcombo/devise" s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] + s.metadata = { + "homepage_uri" => "https://github.com/heartcombo/devise", + "documentation_uri" => "https://rubydoc.info/github/heartcombo/devise", + "changelog_uri" => "https://github.com/heartcombo/devise/blob/master/CHANGELOG.md", + "source_code_uri" => "https://github.com/heartcombo/devise", + "bug_tracker_uri" => "https://github.com/heartcombo/devise/issues", + "wiki_uri" => "https://github.com/heartcombo/devise/wiki" + } s.files = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"] s.require_paths = ["lib"] From bdd2e7e24f74fd1811ce1415cfa4a5eec7e62199 Mon Sep 17 00:00:00 2001 From: chihaso Date: Fri, 17 Sep 2021 14:37:28 +0900 Subject: [PATCH 120/299] Fix comment in some modules - It says that the option is added to devise_for, but it is actually added to the devise method in the model. --- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/database_authenticatable.rb | 2 +- lib/devise/models/omniauthable.rb | 4 ++-- lib/devise/models/timeoutable.rb | 2 +- lib/devise/models/validatable.rb | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 5b748ad2c..44cda2b59 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -10,7 +10,7 @@ module Models # # == Options # - # Authenticatable adds the following options to devise_for: + # Authenticatable adds the following options to devise method in your model: # # * +authentication_keys+: parameters used for authentication. By default [:email]. # diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 58bac413a..4d3a2c63e 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -13,7 +13,7 @@ module Models # # == Options # - # DatabaseAuthenticatable adds the following options to devise_for: + # DatabaseAuthenticatable adds the following options to devise method in your model: # # * +pepper+: a random string used to provide a more secure hash. Use # `rails secret` to generate new keys. diff --git a/lib/devise/models/omniauthable.rb b/lib/devise/models/omniauthable.rb index c0fe1e547..4619b9441 100644 --- a/lib/devise/models/omniauthable.rb +++ b/lib/devise/models/omniauthable.rb @@ -8,11 +8,11 @@ module Models # # == Options # - # Oauthable adds the following options to devise_for: + # Oauthable adds the following options to devise method in your model: # # * +omniauth_providers+: Which providers are available to this model. It expects an array: # - # devise_for :database_authenticatable, :omniauthable, omniauth_providers: [:twitter] + # devise :database_authenticatable, :omniauthable, omniauth_providers: [:twitter] # module Omniauthable extend ActiveSupport::Concern diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index ee187dbfe..86870a2ae 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -11,7 +11,7 @@ module Models # # == Options # - # Timeoutable adds the following options to devise_for: + # Timeoutable adds the following options to devise method in your model: # # * +timeout_in+: the interval to timeout the user session without activity. # diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 40c63de3c..ed00c7559 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -9,7 +9,7 @@ module Models # # == Options # - # Validatable adds the following options to devise_for: + # Validatable adds the following options to devise method in your model: # # * +email_regexp+: the regular expression used to validate e-mails; # * +password_length+: a range expressing password length. Defaults to 6..128. From 366a428b2c6560842a52f9b044204a5f4aaa37cd Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 6 Oct 2021 19:20:03 -0300 Subject: [PATCH 121/299] Revise docs from #5405 Update a couple other modules that still referred to `devise_for` to point to `devise`, and make all of them more consistent. We can only mention `devise`, that should be clear enough about it being options for the model method. --- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/database_authenticatable.rb | 4 ++-- lib/devise/models/omniauthable.rb | 2 +- lib/devise/models/recoverable.rb | 2 +- lib/devise/models/rememberable.rb | 2 +- lib/devise/models/timeoutable.rb | 2 +- lib/devise/models/validatable.rb | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 44cda2b59..62590de57 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -10,7 +10,7 @@ module Models # # == Options # - # Authenticatable adds the following options to devise method in your model: + # Authenticatable adds the following options to +devise+: # # * +authentication_keys+: parameters used for authentication. By default [:email]. # diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 4d3a2c63e..8c0e22613 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -13,7 +13,7 @@ module Models # # == Options # - # DatabaseAuthenticatable adds the following options to devise method in your model: + # DatabaseAuthenticatable adds the following options to +devise+: # # * +pepper+: a random string used to provide a more secure hash. Use # `rails secret` to generate new keys. @@ -42,7 +42,7 @@ module DatabaseAuthenticatable def initialize(*args, &block) @skip_email_changed_notification = false @skip_password_change_notification = false - super + super end # Skips sending the email changed notification after_update diff --git a/lib/devise/models/omniauthable.rb b/lib/devise/models/omniauthable.rb index 4619b9441..6f4c8976d 100644 --- a/lib/devise/models/omniauthable.rb +++ b/lib/devise/models/omniauthable.rb @@ -8,7 +8,7 @@ module Models # # == Options # - # Oauthable adds the following options to devise method in your model: + # Oauthable adds the following options to +devise+: # # * +omniauth_providers+: Which providers are available to this model. It expects an array: # diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 0cca30f06..59f3a613d 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -7,7 +7,7 @@ module Models # # ==Options # - # Recoverable adds the following options to devise_for: + # Recoverable adds the following options to +devise+: # # * +reset_password_keys+: the keys you want to use when recovering the password for an account # * +reset_password_within+: the time period within which the password must be reset or the token expires. diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb index 76ac0b813..a66979ad5 100644 --- a/lib/devise/models/rememberable.rb +++ b/lib/devise/models/rememberable.rb @@ -15,7 +15,7 @@ module Models # # == Options # - # Rememberable adds the following options in devise_for: + # Rememberable adds the following options to +devise+: # # * +remember_for+: the time you want the user will be remembered without # asking for credentials. After this time the user will be blocked and diff --git a/lib/devise/models/timeoutable.rb b/lib/devise/models/timeoutable.rb index 86870a2ae..1d3ce2ae9 100644 --- a/lib/devise/models/timeoutable.rb +++ b/lib/devise/models/timeoutable.rb @@ -11,7 +11,7 @@ module Models # # == Options # - # Timeoutable adds the following options to devise method in your model: + # Timeoutable adds the following options to +devise+: # # * +timeout_in+: the interval to timeout the user session without activity. # diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index ed00c7559..8f600a8c0 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -9,7 +9,7 @@ module Models # # == Options # - # Validatable adds the following options to devise method in your model: + # Validatable adds the following options to +devise+: # # * +email_regexp+: the regular expression used to validate e-mails; # * +password_length+: a range expressing password length. Defaults to 6..128. From b39faffde42053e6c937ce9ce127f1823fbdc6c0 Mon Sep 17 00:00:00 2001 From: Alex Ghiculescu Date: Thu, 7 Oct 2021 22:18:37 +0200 Subject: [PATCH 122/299] Test against Rails main and remove `ActiveSupport::Dependencies.reference` (#5357) Remove `ActiveSupport::Dependencies.reference` This was deleted from Rails: https://github.com/rails/rails/commit/14d4edd7c3b06e82e1fcef54fa0b4453315c35fd As far as I can tell, it was meant to add a performance boost at some point in the past but doesn't seem to do anything useful these days. --- .github/workflows/test.yml | 26 ++++++++++++++++++++++++++ gemfiles/Gemfile-rails-6-1 | 27 +++++++++++++++++++++++++++ gemfiles/Gemfile-rails-main | 27 +++++++++++++++++++++++++++ lib/devise.rb | 4 +++- test/orm/active_record.rb | 2 +- test/rails_app/config/application.rb | 2 +- test/rails_app/config/boot.rb | 6 +++--- test/test/controller_helpers_test.rb | 2 +- 8 files changed, 89 insertions(+), 7 deletions(-) create mode 100644 gemfiles/Gemfile-rails-6-1 create mode 100644 gemfiles/Gemfile-rails-main diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0af48ddd5..7882708d1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,6 +7,8 @@ jobs: matrix: gemfile: - Gemfile + - gemfiles/Gemfile-rails-main + - gemfiles/Gemfile-rails-6-1 - gemfiles/Gemfile-rails-6-0 - gemfiles/Gemfile-rails-5-2 - gemfiles/Gemfile-rails-5-1 @@ -30,6 +32,10 @@ jobs: gemfile: Gemfile - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-6-0 + - ruby: 2.1 + gemfile: gemfiles/Gemfile-rails-6-1 + - ruby: 2.1 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.1 gemfile: gemfiles/Gemfile-rails-5-2 - ruby: 2.1 @@ -40,24 +46,40 @@ jobs: gemfile: Gemfile - ruby: 2.2 gemfile: gemfiles/Gemfile-rails-6-0 + - ruby: 2.2 + gemfile: gemfiles/Gemfile-rails-6-1 + - ruby: 2.2 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.2 gemfile: gemfiles/Gemfile-rails-5-2 - ruby: 2.3 gemfile: Gemfile - ruby: 2.3 gemfile: gemfiles/Gemfile-rails-6-0 + - ruby: 2.3 + gemfile: gemfiles/Gemfile-rails-6-1 + - ruby: 2.3 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.4 gemfile: Gemfile - ruby: 2.4 gemfile: gemfiles/Gemfile-rails-6-0 + - ruby: 2.4 + gemfile: gemfiles/Gemfile-rails-6-1 + - ruby: 2.4 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.4 gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.5 gemfile: gemfiles/Gemfile-rails-4-1 + - ruby: 2.5 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-2 + - ruby: 2.6 + gemfile: gemfiles/Gemfile-rails-main - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.7 @@ -88,6 +110,10 @@ jobs: gemfile: gemfiles/Gemfile-rails-5-2 - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile-rails-6-0 + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile-rails-6-1 + - env: DEVISE_ORM=mongoid + gemfile: gemfiles/Gemfile-rails-main runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 new file mode 100644 index 000000000..0a96b0e35 --- /dev/null +++ b/gemfiles/Gemfile-rails-6-1 @@ -0,0 +1,27 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", '~> 6.1.0' +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.0" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "rexml" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.4" +end diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main new file mode 100644 index 000000000..536c564c2 --- /dev/null +++ b/gemfiles/Gemfile-rails-main @@ -0,0 +1,27 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", github: "rails/rails", branch: "main" +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.0" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "rexml" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.4" +end diff --git a/lib/devise.rb b/lib/devise.rb index 0451876df..4c96810ec 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -318,7 +318,9 @@ def get end def self.ref(arg) - ActiveSupport::Dependencies.reference(arg) + if ActiveSupport::Dependencies.respond_to?(:reference) + ActiveSupport::Dependencies.reference(arg) + end Getter.new(arg) end diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index 001f99b99..cf500330a 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,7 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails6? +if Devise::Test.rails6_and_up? ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate elsif Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 0c844878a..d7ecc1606 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -46,7 +46,7 @@ class Application < Rails::Application end # Remove the first check once Rails 5.0 support is removed. - if Devise::Test.rails52_and_up? && !Devise::Test.rails6? + if Devise::Test.rails52_and_up? && !Devise::Test.rails6_and_up? Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index bc3dfa62d..3327e5e49 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -7,9 +7,9 @@ module Devise module Test # Detection for minor differences between Rails versions in tests. - - def self.rails6? - Rails.version.start_with? '6' + + def self.rails6_and_up? + Rails::VERSION::MAJOR >= 6 end def self.rails52_and_up? diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 36f34e99d..6c5d24ad1 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -103,7 +103,7 @@ def respond test "returns the content type of a failure app" do get :index, params: { format: :json } - if Devise::Test.rails6? + if Devise::Test.rails6_and_up? assert_includes response.media_type, 'application/json' else assert_includes response.content_type, 'application/json' From a0ccc1cf9649242436655fbc54fffff9e2df59d7 Mon Sep 17 00:00:00 2001 From: strobilomyces <68540841+strobilomyces@users.noreply.github.com> Date: Thu, 7 Oct 2021 22:27:37 +0200 Subject: [PATCH 123/299] Fix deprecated `ActiveSupport::Dependencies.constantize` (#5397) Changes deprecated `ActiveSupport::Dependencies.constantize(model_name)` to `model_name.constantize` Co-authored-by: Carlos Antonio da Silva --- lib/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 4c96810ec..65c962183 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -313,7 +313,7 @@ def initialize(name) end def get - ActiveSupport::Dependencies.constantize(@name) + @name.constantize end end From f3e8fd3baa3a81c0488bbfbee92557921f64a679 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Oct 2021 18:00:16 -0300 Subject: [PATCH 124/299] Move the Gemfile to test with Rails 7.0 alpha2, fix session test issue It appears setting the `rack.session` to a simple hash doesn't work anymore as it now has a few additional methods Rails is relying on to determine whether it's enabled or not: https://github.com/rails/rails/pull/42231 Failure: NoMethodError: undefined method `enabled?' for {}:Hash rails (f55cdafe4b82) actionpack/lib/action_dispatch/middleware/flash.rb:62:in `commit_flash' Turns we we don't seem to need to set `rack.session` for the tests here. --- .github/workflows/test.yml | 6 ++ Gemfile | 2 +- Gemfile.lock | 168 ++++++++++++++++++++----------------- test/failure_app_test.rb | 1 - 4 files changed, 96 insertions(+), 81 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7882708d1..017b5daf7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -74,10 +74,14 @@ jobs: gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.5 gemfile: gemfiles/Gemfile-rails-main + - ruby: 2.5 + gemfile: Gemfile - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-1 - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-4-2 + - ruby: 2.6 + gemfile: Gemfile - ruby: 2.6 gemfile: gemfiles/Gemfile-rails-main - ruby: 2.7 @@ -112,6 +116,8 @@ jobs: gemfile: gemfiles/Gemfile-rails-6-0 - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile-rails-6-1 + - env: DEVISE_ORM=mongoid + gemfile: Gemfile - env: DEVISE_ORM=mongoid gemfile: gemfiles/Gemfile-rails-main runs-on: ubuntu-latest diff --git a/Gemfile b/Gemfile index 2bca34060..c10095af8 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 6.1.0" +gem "rails", "~> 7.0.0.alpha2" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 06a2d687b..112e36460 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,102 +20,111 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (6.1.3.2) - actionpack (= 6.1.3.2) - activesupport (= 6.1.3.2) + actioncable (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.3.2) - actionpack (= 6.1.3.2) - activejob (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + actionmailbox (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activejob (= 7.0.0.alpha2) + activerecord (= 7.0.0.alpha2) + activestorage (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) mail (>= 2.7.1) - actionmailer (6.1.3.2) - actionpack (= 6.1.3.2) - actionview (= 6.1.3.2) - activejob (= 6.1.3.2) - activesupport (= 6.1.3.2) + actionmailer (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + actionview (= 7.0.0.alpha2) + activejob (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.1.3.2) - actionview (= 6.1.3.2) - activesupport (= 6.1.3.2) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.0.alpha2) + actionview (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.3.2) - actionpack (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + actiontext (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activerecord (= 7.0.0.alpha2) + activestorage (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) nokogiri (>= 1.8.5) - actionview (6.1.3.2) - activesupport (= 6.1.3.2) + actionview (7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.3.2) - activesupport (= 6.1.3.2) + activejob (7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) globalid (>= 0.3.6) - activemodel (6.1.3.2) - activesupport (= 6.1.3.2) - activerecord (6.1.3.2) - activemodel (= 6.1.3.2) - activesupport (= 6.1.3.2) - activestorage (6.1.3.2) - actionpack (= 6.1.3.2) - activejob (= 6.1.3.2) - activerecord (= 6.1.3.2) - activesupport (= 6.1.3.2) + activemodel (7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) + activerecord (7.0.0.alpha2) + activemodel (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) + activestorage (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activejob (= 7.0.0.alpha2) + activerecord (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) marcel (~> 1.0.0) - mini_mime (~> 1.0.2) - activesupport (6.1.3.2) + mini_mime (>= 1.1.0) + activesupport (7.0.0.alpha2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) bcrypt (3.1.16) builder (3.2.4) - concurrent-ruby (1.1.8) + concurrent-ruby (1.1.9) crass (1.0.6) erubi (1.10.0) - faraday (1.4.1) + faraday (1.8.0) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0.1) faraday-net_http (~> 1.0) faraday-net_http_persistent (~> 1.1) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) multipart-post (>= 1.2, < 3) ruby2_keywords (>= 0.0.4) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) + faraday-httpclient (1.0.1) faraday-net_http (1.0.1) - faraday-net_http_persistent (1.1.0) - globalid (0.4.2) - activesupport (>= 4.2.0) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + globalid (0.5.2) + activesupport (>= 5.0) hashie (4.1.0) i18n (1.8.10) concurrent-ruby (~> 1.0) - jwt (2.2.3) - loofah (2.9.1) + jwt (2.3.0) + loofah (2.12.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) - marcel (1.0.1) + marcel (1.0.2) method_source (1.0.0) - mini_mime (1.0.3) - mini_portile2 (2.5.1) + mini_mime (1.1.1) + mini_portile2 (2.6.1) minitest (5.14.4) - mocha (1.12.0) + mocha (1.13.0) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.7) - nokogiri (1.11.3) - mini_portile2 (~> 2.5.0) + nio4r (2.5.8) + nokogiri (1.12.5) + mini_portile2 (~> 2.6.1) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) @@ -145,40 +154,41 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.1.3.2) - actioncable (= 6.1.3.2) - actionmailbox (= 6.1.3.2) - actionmailer (= 6.1.3.2) - actionpack (= 6.1.3.2) - actiontext (= 6.1.3.2) - actionview (= 6.1.3.2) - activejob (= 6.1.3.2) - activemodel (= 6.1.3.2) - activerecord (= 6.1.3.2) - activestorage (= 6.1.3.2) - activesupport (= 6.1.3.2) + rails (7.0.0.alpha2) + actioncable (= 7.0.0.alpha2) + actionmailbox (= 7.0.0.alpha2) + actionmailer (= 7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + actiontext (= 7.0.0.alpha2) + actionview (= 7.0.0.alpha2) + activejob (= 7.0.0.alpha2) + activemodel (= 7.0.0.alpha2) + activerecord (= 7.0.0.alpha2) + activestorage (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) bundler (>= 1.15.0) - railties (= 6.1.3.2) + railties (= 7.0.0.alpha2) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) + rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (6.1.3.2) - actionpack (= 6.1.3.2) - activesupport (= 6.1.3.2) + railties (7.0.0.alpha2) + actionpack (= 7.0.0.alpha2) + activesupport (= 7.0.0.alpha2) method_source - rake (>= 0.8.7) + rake (>= 0.13) thor (~> 1.0) - rake (13.0.3) - rdoc (6.3.1) + zeitwerk (~> 2.5.0.beta3) + rake (13.0.6) + rdoc (6.3.2) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) rexml (3.2.5) ruby-openid (2.9.2) - ruby2_keywords (0.0.4) + ruby2_keywords (0.0.5) sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) @@ -197,10 +207,10 @@ GEM nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.3) + websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.4.2) + zeitwerk (2.5.0.beta5) PLATFORMS ruby @@ -212,7 +222,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 6.1.0) + rails (~> 7.0.0.alpha2) rails-controller-testing! rdoc responders (~> 3.0) @@ -222,4 +232,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.2.7 + 2.2.28 diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 809f668de..df4107c00 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -79,7 +79,6 @@ def call_failure(env_params = {}) 'HTTP_HOST' => 'test.host', 'REQUEST_METHOD' => 'GET', 'warden.options' => { scope: :user }, - 'rack.session' => {}, 'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime[:html]), 'rack.input' => "", 'warden' => OpenStruct.new(message: nil) From 14eb1362e3b8f492e243e1278db6ed47a2d455d3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Oct 2021 18:46:06 -0300 Subject: [PATCH 125/299] Eliminate Rails 7 warning about Active Record legacy connection handling DEPRECATION WARNING: Using legacy connection handling is deprecated. Please set `legacy_connection_handling` to `false` in your application. --- test/rails_app/config/application.rb | 4 ++++ test/rails_app/config/boot.rb | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index d7ecc1606..7d717db87 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -49,5 +49,9 @@ class Application < Rails::Application if Devise::Test.rails52_and_up? && !Devise::Test.rails6_and_up? Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true end + + if Devise::Test.rails7_and_up? + config.active_record.legacy_connection_handling = false + end end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 3327e5e49..65acdfec4 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -8,6 +8,10 @@ module Devise module Test # Detection for minor differences between Rails versions in tests. + def self.rails7_and_up? + Rails::VERSION::MAJOR >= 7 + end + def self.rails6_and_up? Rails::VERSION::MAJOR >= 6 end From 51bf32701768fda1f24e5609d5c313a1479cc039 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Oct 2021 19:06:12 -0300 Subject: [PATCH 126/299] Refactor using helper to swap config --- test/integration/authenticatable_test.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index fbe1da6cc..a1bf28dae 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -344,16 +344,12 @@ class AuthenticationSessionTest < Devise::IntegrationTest end test 'refreshes _csrf_token' do - ApplicationController.allow_forgery_protection = true - - begin + swap ApplicationController, allow_forgery_protection: true do get new_user_session_path token = request.session[:_csrf_token] sign_in_as_user assert_not_equal request.session[:_csrf_token], token - ensure - ApplicationController.allow_forgery_protection = false end end From 772b74a657cfba80e386712965f01fd91c640a7f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 7 Oct 2021 20:15:44 -0300 Subject: [PATCH 127/299] Update Changelog adding Rails 7 support --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fd505d34..dd5043ed9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### unreleased +* enhancements + * Add support for Rails 7.0 alpha 2. + ### 4.8.0 - 2021-04-29 * enhancements From 8593801130f2df94a50863b5db535c272b00efe1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 8 Oct 2021 08:31:13 -0300 Subject: [PATCH 128/299] Keep the constantize behavior consistent for versions prior to Rails 7 Use `AS::Dependencies` as before if we still can, otherwise use the new direct `constantize` call for Rails 7+. Leave a TODO to help remind us this can be removed once we drop support to Rails versions prior to 7 in the future. --- lib/devise.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 65c962183..ede803867 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -313,11 +313,17 @@ def initialize(name) end def get - @name.constantize + # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7. + if ActiveSupport::Dependencies.respond_to?(:constantize) + ActiveSupport::Dependencies.constantize(@name) + else + @name.constantize + end end end def self.ref(arg) + # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7. if ActiveSupport::Dependencies.respond_to?(:reference) ActiveSupport::Dependencies.reference(arg) end From 353d86e01c3bade1a893d11aa3e449b58085b8c4 Mon Sep 17 00:00:00 2001 From: Derek Crosson Date: Mon, 1 Nov 2021 02:44:35 +0200 Subject: [PATCH 129/299] chore: remove dollar symbol from some commands When you copy the commands that have the terminal beginning of line symbol in front of them you now no longer need to first delete this before running the command --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bf87d38fc..ef083c7c8 100644 --- a/README.md +++ b/README.md @@ -185,7 +185,7 @@ Then run `bundle install` Next, you need to run the generator: ```console -$ rails generate devise:install +rails generate devise:install ``` At this point, a number of instructions will appear in the console. Among these instructions, you'll need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`: @@ -200,7 +200,7 @@ The generator will install an initializer which describes ALL of Devise's config In the following command you will replace `MODEL` with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller. ```console -$ rails generate devise MODEL +rails generate devise MODEL ``` Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section. For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. @@ -372,7 +372,7 @@ We built Devise to help you quickly develop an application that uses authenticat Since Devise is an engine, all its views are packaged inside the gem. These views will help you get started, but after some time you may want to change them. If this is the case, you just need to invoke the following generator, and it will copy all views to your application: ```console -$ rails generate devise:views +rails generate devise:views ``` If you have more than one Devise model in your application (such as `User` and `Admin`), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set `config.scoped_views = true` inside the `config/initializers/devise.rb` file. @@ -380,14 +380,14 @@ If you have more than one Devise model in your application (such as `User` and ` After doing so, you will be able to have views based on the role like `users/sessions/new` and `admins/sessions/new`. If no view is found within the scope, Devise will use the default view at `devise/sessions/new`. You can also use the generator to generate scoped views: ```console -$ rails generate devise:views users +rails generate devise:views users ``` If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module, you can pass a list of modules to the generator with the `-v` flag. ```console -$ rails generate devise:views -v registrations confirmations +rails generate devise:views -v registrations confirmations ``` ### Configuring controllers @@ -397,7 +397,7 @@ If the customization at the views level is not enough, you can customize each co 1. Create your custom controllers using the generator which requires a scope: ```console - $ rails generate devise:controllers [scope] + rails generate devise:controllers [scope] ``` If you specify `users` as the scope, controllers will be created in `app/controllers/users/`. From 9f5b83750eef89710b8f2f1e0969c308023e2f05 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 8 Dec 2021 08:26:05 -0300 Subject: [PATCH 130/299] Bundle update to Rails 7.0 rc1 --- CHANGELOG.md | 2 +- Gemfile | 2 +- Gemfile.lock | 141 ++++++++++++++++++++++++--------------------------- 3 files changed, 69 insertions(+), 76 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd5043ed9..8e89a2bb5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ### unreleased * enhancements - * Add support for Rails 7.0 alpha 2. + * Add support for Rails 7.0 rc. ### 4.8.0 - 2021-04-29 diff --git a/Gemfile b/Gemfile index c10095af8..3188bc667 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 7.0.0.alpha2" +gem "rails", "~> 7.0.0.rc1" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 112e36460..47fbcbc72 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,60 +20,61 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actioncable (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activejob (= 7.0.0.alpha2) - activerecord (= 7.0.0.alpha2) - activestorage (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actionmailbox (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activejob (= 7.0.0.rc1) + activerecord (= 7.0.0.rc1) + activestorage (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) mail (>= 2.7.1) - actionmailer (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - actionview (= 7.0.0.alpha2) - activejob (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actionmailer (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + actionview (= 7.0.0.rc1) + activejob (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (7.0.0.alpha2) - actionview (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actionpack (7.0.0.rc1) + actionview (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activerecord (= 7.0.0.alpha2) - activestorage (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actiontext (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activerecord (= 7.0.0.rc1) + activestorage (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + actionview (7.0.0.rc1) + activesupport (= 7.0.0.rc1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + activejob (7.0.0.rc1) + activesupport (= 7.0.0.rc1) globalid (>= 0.3.6) - activemodel (7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) - activerecord (7.0.0.alpha2) - activemodel (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) - activestorage (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activejob (= 7.0.0.alpha2) - activerecord (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) - marcel (~> 1.0.0) + activemodel (7.0.0.rc1) + activesupport (= 7.0.0.rc1) + activerecord (7.0.0.rc1) + activemodel (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) + activestorage (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activejob (= 7.0.0.rc1) + activerecord (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) + marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.0.alpha2) + activesupport (7.0.0.rc1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -102,10 +103,10 @@ GEM faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) - globalid (0.5.2) + globalid (1.0.0) activesupport (>= 5.0) - hashie (4.1.0) - i18n (1.8.10) + hashie (5.0.0) + i18n (1.8.11) concurrent-ruby (~> 1.0) jwt (2.3.0) loofah (2.12.0) @@ -115,7 +116,7 @@ GEM mini_mime (>= 0.1.1) marcel (1.0.2) method_source (1.0.0) - mini_mime (1.1.1) + mini_mime (1.1.2) mini_portile2 (2.6.1) minitest (5.14.4) mocha (1.13.0) @@ -136,16 +137,16 @@ GEM hashie (>= 3.4.6) rack (>= 1.6.2, < 3) rack-protection - omniauth-facebook (8.0.0) + omniauth-facebook (9.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.1) + omniauth-oauth2 (1.7.2) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) omniauth-openid (2.0.1) omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) - racc (1.5.2) + racc (1.6.0) rack (2.2.3) rack-openid (1.4.2) rack (>= 1.1.0) @@ -154,48 +155,40 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (7.0.0.alpha2) - actioncable (= 7.0.0.alpha2) - actionmailbox (= 7.0.0.alpha2) - actionmailer (= 7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - actiontext (= 7.0.0.alpha2) - actionview (= 7.0.0.alpha2) - activejob (= 7.0.0.alpha2) - activemodel (= 7.0.0.alpha2) - activerecord (= 7.0.0.alpha2) - activestorage (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + rails (7.0.0.rc1) + actioncable (= 7.0.0.rc1) + actionmailbox (= 7.0.0.rc1) + actionmailer (= 7.0.0.rc1) + actionpack (= 7.0.0.rc1) + actiontext (= 7.0.0.rc1) + actionview (= 7.0.0.rc1) + activejob (= 7.0.0.rc1) + activemodel (= 7.0.0.rc1) + activerecord (= 7.0.0.rc1) + activestorage (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) bundler (>= 1.15.0) - railties (= 7.0.0.alpha2) - sprockets-rails (>= 2.0.0) + railties (= 7.0.0.rc1) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (7.0.0.alpha2) - actionpack (= 7.0.0.alpha2) - activesupport (= 7.0.0.alpha2) + railties (7.0.0.rc1) + actionpack (= 7.0.0.rc1) + activesupport (= 7.0.0.rc1) method_source - rake (>= 0.13) + rake (>= 12.2) thor (~> 1.0) - zeitwerk (~> 2.5.0.beta3) + zeitwerk (~> 2.5) rake (13.0.6) - rdoc (6.3.2) + rdoc (6.3.3) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.5) - sprockets (4.0.2) - concurrent-ruby (~> 1.0) - rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) - sprockets (>= 3.0.0) sqlite3 (1.4.2) thor (1.1.0) timecop (0.9.4) @@ -210,7 +203,7 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.5.0.beta5) + zeitwerk (2.5.1) PLATFORMS ruby @@ -222,7 +215,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 7.0.0.alpha2) + rails (~> 7.0.0.rc1) rails-controller-testing! rdoc responders (~> 3.0) From 289dd5f2219767044e91790cb1495aaa1d8c2593 Mon Sep 17 00:00:00 2001 From: Dino Maric Date: Thu, 16 Dec 2021 10:12:05 +0100 Subject: [PATCH 131/299] Add support for Rails 7 This commit adds support for latest Rails release. --- CHANGELOG.md | 2 +- Gemfile | 2 +- Gemfile.lock | 112 +++++++++++++++++++++++++-------------------------- 3 files changed, 58 insertions(+), 58 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e89a2bb5..335aa356f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ### unreleased * enhancements - * Add support for Rails 7.0 rc. + * Add support for Rails 7.0 ### 4.8.0 - 2021-04-29 diff --git a/Gemfile b/Gemfile index 3188bc667..985e37f97 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 7.0.0.rc1" +gem "rails", "~> 7.0.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 47fbcbc72..9270ac6d7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,61 +20,61 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actioncable (7.0.0) + actionpack (= 7.0.0) + activesupport (= 7.0.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activejob (= 7.0.0.rc1) - activerecord (= 7.0.0.rc1) - activestorage (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actionmailbox (7.0.0) + actionpack (= 7.0.0) + activejob (= 7.0.0) + activerecord (= 7.0.0) + activestorage (= 7.0.0) + activesupport (= 7.0.0) mail (>= 2.7.1) - actionmailer (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - actionview (= 7.0.0.rc1) - activejob (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actionmailer (7.0.0) + actionpack (= 7.0.0) + actionview (= 7.0.0) + activejob (= 7.0.0) + activesupport (= 7.0.0) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (7.0.0.rc1) - actionview (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actionpack (7.0.0) + actionview (= 7.0.0) + activesupport (= 7.0.0) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activerecord (= 7.0.0.rc1) - activestorage (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actiontext (7.0.0) + actionpack (= 7.0.0) + activerecord (= 7.0.0) + activestorage (= 7.0.0) + activesupport (= 7.0.0) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.0.rc1) - activesupport (= 7.0.0.rc1) + actionview (7.0.0) + activesupport (= 7.0.0) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.0.rc1) - activesupport (= 7.0.0.rc1) + activejob (7.0.0) + activesupport (= 7.0.0) globalid (>= 0.3.6) - activemodel (7.0.0.rc1) - activesupport (= 7.0.0.rc1) - activerecord (7.0.0.rc1) - activemodel (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) - activestorage (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activejob (= 7.0.0.rc1) - activerecord (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + activemodel (7.0.0) + activesupport (= 7.0.0) + activerecord (7.0.0) + activemodel (= 7.0.0) + activesupport (= 7.0.0) + activestorage (7.0.0) + actionpack (= 7.0.0) + activejob (= 7.0.0) + activerecord (= 7.0.0) + activesupport (= 7.0.0) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.0.rc1) + activesupport (7.0.0) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -109,7 +109,7 @@ GEM i18n (1.8.11) concurrent-ruby (~> 1.0) jwt (2.3.0) - loofah (2.12.0) + loofah (2.13.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -118,7 +118,7 @@ GEM method_source (1.0.0) mini_mime (1.1.2) mini_portile2 (2.6.1) - minitest (5.14.4) + minitest (5.15.0) mocha (1.13.0) multi_json (1.15.0) multi_xml (0.6.0) @@ -155,28 +155,28 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (7.0.0.rc1) - actioncable (= 7.0.0.rc1) - actionmailbox (= 7.0.0.rc1) - actionmailer (= 7.0.0.rc1) - actionpack (= 7.0.0.rc1) - actiontext (= 7.0.0.rc1) - actionview (= 7.0.0.rc1) - activejob (= 7.0.0.rc1) - activemodel (= 7.0.0.rc1) - activerecord (= 7.0.0.rc1) - activestorage (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + rails (7.0.0) + actioncable (= 7.0.0) + actionmailbox (= 7.0.0) + actionmailer (= 7.0.0) + actionpack (= 7.0.0) + actiontext (= 7.0.0) + actionview (= 7.0.0) + activejob (= 7.0.0) + activemodel (= 7.0.0) + activerecord (= 7.0.0) + activestorage (= 7.0.0) + activesupport (= 7.0.0) bundler (>= 1.15.0) - railties (= 7.0.0.rc1) + railties (= 7.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (7.0.0.rc1) - actionpack (= 7.0.0.rc1) - activesupport (= 7.0.0.rc1) + railties (7.0.0) + actionpack (= 7.0.0) + activesupport (= 7.0.0) method_source rake (>= 12.2) thor (~> 1.0) @@ -215,7 +215,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 7.0.0.rc1) + rails (~> 7.0.0) rails-controller-testing! rdoc responders (~> 3.0) From 43800b4b8550d1249ab049a94ee7c16e243551a1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 16 Dec 2021 08:04:20 -0300 Subject: [PATCH 132/299] Bump to 4.8.1 with Rails 7 support Also note in the Changelog that Turbo is not fully supported yet. --- CHANGELOG.md | 4 ++-- Gemfile.lock | 6 +++--- lib/devise/version.rb | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 335aa356f..c4b518b23 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ -### unreleased +### 4.8.1 * enhancements - * Add support for Rails 7.0 + * Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet. ### 4.8.0 - 2021-04-29 diff --git a/Gemfile.lock b/Gemfile.lock index 9270ac6d7..40c8ec588 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/rails-controller-testing.git - revision: bc6f3356803d7c5d373f89a44625d59953dc0cef + revision: 36e84822ee997d69c971f03f3f3759ee4f4bdc37 specs: rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.8.0) + devise (4.8.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) @@ -225,4 +225,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.2.28 + 2.2.33 diff --git a/lib/devise/version.rb b/lib/devise/version.rb index cecc83266..ad9c7326a 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.8.0".freeze + VERSION = "4.8.1".freeze end From 025b1c873491908b346e4d394f54481ec18fb02c Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 16 Dec 2021 08:08:55 -0300 Subject: [PATCH 133/299] Add date to v4.8.1 changelog [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4b518b23..e91257a12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### 4.8.1 +### 4.8.1 - 2021-12-16 * enhancements * Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet. From 3c5acaf53106db2d890988021caadd96a7f2a024 Mon Sep 17 00:00:00 2001 From: Peter Goldstein Date: Fri, 7 Jan 2022 12:36:56 -0800 Subject: [PATCH 134/299] Add Ruby 3.1 to CI matrix. Lock to Nokogiri < 1.13 for webrat compatibility --- .github/workflows/test.yml | 29 ++++-- Gemfile | 1 + Gemfile.lock | 178 +++++++++++++++++++----------------- gemfiles/Gemfile-rails-5-0 | 1 + gemfiles/Gemfile-rails-5-1 | 1 + gemfiles/Gemfile-rails-5-2 | 1 + gemfiles/Gemfile-rails-6-0 | 1 + gemfiles/Gemfile-rails-6-1 | 7 ++ gemfiles/Gemfile-rails-main | 1 + 9 files changed, 132 insertions(+), 88 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 017b5daf7..e212d738f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,8 @@ jobs: - 2.5 - 2.6 - 2.7 - - 3.0 + - '3.0' + - 3.1 env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid @@ -94,16 +95,32 @@ jobs: gemfile: gemfiles/Gemfile-rails-5-1 - ruby: 2.7 gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 3.0 + - ruby: '3.0' gemfile: gemfiles/Gemfile-rails-5-2 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-1 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-2 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-4-1 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-4-2 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-0 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-1 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-5-2 + - ruby: 3.1 + gemfile: gemfiles/Gemfile-rails-6-0 - env: DEVISE_ORM=mongoid gemfile: Gemfile - env: DEVISE_ORM=mongoid diff --git a/Gemfile b/Gemfile index 985e37f97..0b41fa0e1 100644 --- a/Gemfile +++ b/Gemfile @@ -14,6 +14,7 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/Gemfile.lock b/Gemfile.lock index 40c8ec588..21b998364 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/rails-controller-testing.git - revision: 36e84822ee997d69c971f03f3f3759ee4f4bdc37 + revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74 specs: rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -20,61 +20,67 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.0) - actionpack (= 7.0.0) - activesupport (= 7.0.0) + actioncable (7.0.2.2) + actionpack (= 7.0.2.2) + activesupport (= 7.0.2.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.0) - actionpack (= 7.0.0) - activejob (= 7.0.0) - activerecord (= 7.0.0) - activestorage (= 7.0.0) - activesupport (= 7.0.0) + actionmailbox (7.0.2.2) + actionpack (= 7.0.2.2) + activejob (= 7.0.2.2) + activerecord (= 7.0.2.2) + activestorage (= 7.0.2.2) + activesupport (= 7.0.2.2) mail (>= 2.7.1) - actionmailer (7.0.0) - actionpack (= 7.0.0) - actionview (= 7.0.0) - activejob (= 7.0.0) - activesupport (= 7.0.0) + net-imap + net-pop + net-smtp + actionmailer (7.0.2.2) + actionpack (= 7.0.2.2) + actionview (= 7.0.2.2) + activejob (= 7.0.2.2) + activesupport (= 7.0.2.2) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.0) - actionview (= 7.0.0) - activesupport (= 7.0.0) + actionpack (7.0.2.2) + actionview (= 7.0.2.2) + activesupport (= 7.0.2.2) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.0) - actionpack (= 7.0.0) - activerecord (= 7.0.0) - activestorage (= 7.0.0) - activesupport (= 7.0.0) + actiontext (7.0.2.2) + actionpack (= 7.0.2.2) + activerecord (= 7.0.2.2) + activestorage (= 7.0.2.2) + activesupport (= 7.0.2.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.0) - activesupport (= 7.0.0) + actionview (7.0.2.2) + activesupport (= 7.0.2.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.0) - activesupport (= 7.0.0) + activejob (7.0.2.2) + activesupport (= 7.0.2.2) globalid (>= 0.3.6) - activemodel (7.0.0) - activesupport (= 7.0.0) - activerecord (7.0.0) - activemodel (= 7.0.0) - activesupport (= 7.0.0) - activestorage (7.0.0) - actionpack (= 7.0.0) - activejob (= 7.0.0) - activerecord (= 7.0.0) - activesupport (= 7.0.0) + activemodel (7.0.2.2) + activesupport (= 7.0.2.2) + activerecord (7.0.2.2) + activemodel (= 7.0.2.2) + activesupport (= 7.0.2.2) + activestorage (7.0.2.2) + actionpack (= 7.0.2.2) + activejob (= 7.0.2.2) + activerecord (= 7.0.2.2) + activesupport (= 7.0.2.2) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.0) + activesupport (7.0.2.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -83,33 +89,20 @@ GEM builder (3.2.4) concurrent-ruby (1.1.9) crass (1.0.6) + digest (3.1.0) erubi (1.10.0) - faraday (1.8.0) - faraday-em_http (~> 1.0) - faraday-em_synchrony (~> 1.0) - faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) - faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) - faraday-patron (~> 1.0) - faraday-rack (~> 1.0) - multipart-post (>= 1.2, < 3) + faraday (2.2.0) + faraday-net_http (~> 2.0) ruby2_keywords (>= 0.0.4) - faraday-em_http (1.0.0) - faraday-em_synchrony (1.0.0) - faraday-excon (1.1.0) - faraday-httpclient (1.0.1) - faraday-net_http (1.0.1) - faraday-net_http_persistent (1.2.0) - faraday-patron (1.0.0) - faraday-rack (1.0.0) + faraday-net_http (2.0.1) globalid (1.0.0) activesupport (>= 5.0) hashie (5.0.0) - i18n (1.8.11) + i18n (1.10.0) concurrent-ruby (~> 1.0) + io-wait (0.2.1) jwt (2.3.0) - loofah (2.13.0) + loofah (2.14.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -122,13 +115,27 @@ GEM mocha (1.13.0) multi_json (1.15.0) multi_xml (0.6.0) - multipart-post (2.1.1) + net-imap (0.2.3) + digest + net-protocol + strscan + net-pop (0.1.1) + digest + net-protocol + timeout + net-protocol (0.1.2) + io-wait + timeout + net-smtp (0.3.1) + digest + net-protocol + timeout nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) - oauth2 (1.4.7) - faraday (>= 0.8, < 2.0) + oauth2 (1.4.9) + faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) @@ -146,43 +153,46 @@ GEM omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) + psych (4.0.3) + stringio racc (1.6.0) rack (2.2.3) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (2.1.0) + rack-protection (2.2.0) rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (7.0.0) - actioncable (= 7.0.0) - actionmailbox (= 7.0.0) - actionmailer (= 7.0.0) - actionpack (= 7.0.0) - actiontext (= 7.0.0) - actionview (= 7.0.0) - activejob (= 7.0.0) - activemodel (= 7.0.0) - activerecord (= 7.0.0) - activestorage (= 7.0.0) - activesupport (= 7.0.0) + rails (7.0.2.2) + actioncable (= 7.0.2.2) + actionmailbox (= 7.0.2.2) + actionmailer (= 7.0.2.2) + actionpack (= 7.0.2.2) + actiontext (= 7.0.2.2) + actionview (= 7.0.2.2) + activejob (= 7.0.2.2) + activemodel (= 7.0.2.2) + activerecord (= 7.0.2.2) + activestorage (= 7.0.2.2) + activesupport (= 7.0.2.2) bundler (>= 1.15.0) - railties (= 7.0.0) + railties (= 7.0.2.2) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (7.0.0) - actionpack (= 7.0.0) - activesupport (= 7.0.0) + railties (7.0.2.2) + actionpack (= 7.0.2.2) + activesupport (= 7.0.2.2) method_source rake (>= 12.2) thor (~> 1.0) zeitwerk (~> 2.5) rake (13.0.6) - rdoc (6.3.3) + rdoc (6.4.0) + psych (>= 4.0.0) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) @@ -190,8 +200,11 @@ GEM ruby-openid (2.9.2) ruby2_keywords (0.0.5) sqlite3 (1.4.2) - thor (1.1.0) + stringio (3.0.1) + strscan (3.0.1) + thor (1.2.1) timecop (0.9.4) + timeout (0.2.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) warden (1.2.9) @@ -203,7 +216,7 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.5.1) + zeitwerk (2.5.4) PLATFORMS ruby @@ -211,6 +224,7 @@ PLATFORMS DEPENDENCIES devise! mocha (~> 1.1) + nokogiri (< 1.13) omniauth omniauth-facebook omniauth-oauth2 @@ -225,4 +239,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.2.33 + 2.3.4 diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index 2f60c3a2b..486f0132a 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -14,6 +14,7 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index c566e9c84..0d391aa54 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -12,6 +12,7 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index 5dc267def..10bd39ba1 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -12,6 +12,7 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index bc9c83d00..d8f774315 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -12,6 +12,7 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 0a96b0e35..8a8991fe0 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -13,7 +13,14 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" +if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.1") + gem "net-smtp", require: false + gem "net-imap", require: false + gem "net-pop", require: false +end + group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 536c564c2..513e0572c 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -14,6 +14,7 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" group :test do + gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" From 451ff6d49c71e543962d2b29d77f2e744b2d47e1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 25 Feb 2022 14:44:26 -0300 Subject: [PATCH 135/299] Reorganize test matrix & use latest bundler * Rails and Ruby versions follow the most recent to oldest, except for Rails main, so we can keep the Gemfile the first one. * Excluding specific matrix combinations based on the Gemfile first, Ruby version next, and keep the same order (most recent -> oldest) * Quote all Ruby versions to keep things consistent. It's required for the '3.0' version to avoid the float issue where it'd use the latest 3.x instead. --- .github/workflows/test.yml | 226 ++++++++++++++++++------------------- Gemfile.lock | 2 +- gemfiles/Gemfile-rails-6-1 | 2 +- 3 files changed, 112 insertions(+), 118 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e212d738f..7d5d080bb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,127 +16,121 @@ jobs: - gemfiles/Gemfile-rails-4-2 - gemfiles/Gemfile-rails-4-1 ruby: - - 2.1 - - 2.2 - - 2.3 - - 2.4 - - 2.5 - - 2.6 - - 2.7 + - '3.1' - '3.0' - - 3.1 + - '2.7' + - '2.6' + - '2.5' + - '2.4' + - '2.3' + - '2.2' + - '2.1' env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: - - ruby: 2.1 - gemfile: Gemfile - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-6-1 - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 2.1 - gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 2.2 - gemfile: Gemfile - - ruby: 2.2 - gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.2 - gemfile: gemfiles/Gemfile-rails-6-1 - - ruby: 2.2 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.2 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 2.3 - gemfile: Gemfile - - ruby: 2.3 - gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.3 - gemfile: gemfiles/Gemfile-rails-6-1 - - ruby: 2.3 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.4 - gemfile: Gemfile - - ruby: 2.4 - gemfile: gemfiles/Gemfile-rails-6-0 - - ruby: 2.4 - gemfile: gemfiles/Gemfile-rails-6-1 - - ruby: 2.4 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.4 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.5 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.5 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.5 - gemfile: Gemfile - - ruby: 2.6 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.6 - gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 2.6 - gemfile: Gemfile - - ruby: 2.6 - gemfile: gemfiles/Gemfile-rails-main - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 2.7 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: '3.0' - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-4-1 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-4-2 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-0 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-1 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-5-2 - - ruby: 3.1 - gemfile: gemfiles/Gemfile-rails-6-0 - - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-0 - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-1 - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-2 - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-0 - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-1 - - env: DEVISE_ORM=mongoid - gemfile: Gemfile - - env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main + - gemfile: Gemfile + ruby: '2.6' + - gemfile: Gemfile + ruby: '2.5' + - gemfile: Gemfile + ruby: '2.4' + - gemfile: Gemfile + ruby: '2.3' + - gemfile: Gemfile + ruby: '2.2' + - gemfile: Gemfile + ruby: '2.1' + - gemfile: Gemfile + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.5' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.4' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.3' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-main + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-6-1 + ruby: '2.4' + - gemfile: gemfiles/Gemfile-rails-6-1 + ruby: '2.3' + - gemfile: gemfiles/Gemfile-rails-6-1 + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-6-1 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-6-1 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '2.4' + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '2.3' + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-6-0 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-5-2 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-5-1 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-5-0 + env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '2.5' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '2.4' runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} diff --git a/Gemfile.lock b/Gemfile.lock index 21b998364..82ddc2725 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -239,4 +239,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.3.4 + 2.3.8 diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 8a8991fe0..baa4827c2 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -13,7 +13,7 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" -if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.1") +if RUBY_VERSION >= "3.1" gem "net-smtp", require: false gem "net-imap", require: false gem "net-pop", require: false From a78948f53ca8847413db294af22b0f784db37a58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Glauco=20Cust=C3=B3dio?= Date: Mon, 21 Mar 2022 12:10:43 +0000 Subject: [PATCH 136/299] Use bundle add instead As per https://github.com/rubygems/rubygems/pull/5337, we can simplify the steps of adding a gem. --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index bf87d38fc..a34023d0a 100644 --- a/README.md +++ b/README.md @@ -174,14 +174,12 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 4.0 works with Rails 4.1 onwards. Add the following line to your Gemfile: +Devise 4.0 works with Rails 4.1 onwards. Run: -```ruby -gem 'devise' +```sh +bundle add devise ``` -Then run `bundle install` - Next, you need to run the generator: ```console From 1542b7da2937b9aaca1a520ee7089f7103133c43 Mon Sep 17 00:00:00 2001 From: yysaki Date: Thu, 21 Apr 2022 23:29:30 +0900 Subject: [PATCH 137/299] Update the urls which refer nonexistent master branch name in documentations --- README.md | 30 +++++++++++++-------------- devise.gemspec | 2 +- lib/devise/controllers/sign_in_out.rb | 2 +- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index bf87d38fc..8fa3f64b9 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Devise Logo](https://raw.github.com/heartcombo/devise/master/devise.png) +![Devise Logo](https://raw.github.com/heartcombo/devise/main/devise.png) [![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise) @@ -11,16 +11,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: -* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. -* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. -* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions. -* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. -* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. -* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. -* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. -* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. +* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. +* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable): resets the user password and sends reset instructions. +* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. +* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. +* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. +* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. +* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. +* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. ## Table of Contents @@ -91,7 +91,7 @@ https://groups.google.com/group/plataformatec-devise You can view the Devise documentation in RDoc format here: -http://rubydoc.info/github/heartcombo/devise/master/frames +http://rubydoc.info/github/heartcombo/devise/main/frames If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation. @@ -130,7 +130,7 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). -Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. +Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: ```bash rbenv shell 2.4.2 # or rvm use 2.4.2 @@ -458,7 +458,7 @@ Devise also ships with default routes. If you need to customize them, you should devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` -Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/master/ActionDispatch/Routing/Mapper%3Adevise_for) for details. +Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/main/ActionDispatch/Routing/Mapper%3Adevise_for) for details. If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router: @@ -679,7 +679,7 @@ end ### Password reset tokens and Rails logs -If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/master/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: +If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. diff --git a/devise.gemspec b/devise.gemspec index 503a9a960..78c0177aa 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -17,7 +17,7 @@ Gem::Specification.new do |s| s.metadata = { "homepage_uri" => "https://github.com/heartcombo/devise", "documentation_uri" => "https://rubydoc.info/github/heartcombo/devise", - "changelog_uri" => "https://github.com/heartcombo/devise/blob/master/CHANGELOG.md", + "changelog_uri" => "https://github.com/heartcombo/devise/blob/main/CHANGELOG.md", "source_code_uri" => "https://github.com/heartcombo/devise", "bug_tracker_uri" => "https://github.com/heartcombo/devise/issues", "wiki_uri" => "https://github.com/heartcombo/devise/wiki" diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 6d72a21dc..90c2a4367 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -21,7 +21,7 @@ def signed_in?(scope = nil) # to the set_user method in warden. # If you are using a custom warden strategy and the timeoutable module, you have to # set `env["devise.skip_timeout"] = true` in the request to use this method, like we do - # in the sessions controller: https://github.com/heartcombo/devise/blob/master/app/controllers/devise/sessions_controller.rb#L7 + # in the sessions controller: https://github.com/heartcombo/devise/blob/main/app/controllers/devise/sessions_controller.rb#L7 # # Examples: # From 8d4c3647a774f9e47a05e2f364bc591ab1907600 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Apr 2022 09:17:40 -0300 Subject: [PATCH 138/299] Update bundle --- Gemfile.lock | 124 +++++++++++++++++++++++++-------------------------- 1 file changed, 61 insertions(+), 63 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 82ddc2725..be03532d7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,89 +20,88 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.2.2) - actionpack (= 7.0.2.2) - activesupport (= 7.0.2.2) + actioncable (7.0.2.3) + actionpack (= 7.0.2.3) + activesupport (= 7.0.2.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.2.2) - actionpack (= 7.0.2.2) - activejob (= 7.0.2.2) - activerecord (= 7.0.2.2) - activestorage (= 7.0.2.2) - activesupport (= 7.0.2.2) + actionmailbox (7.0.2.3) + actionpack (= 7.0.2.3) + activejob (= 7.0.2.3) + activerecord (= 7.0.2.3) + activestorage (= 7.0.2.3) + activesupport (= 7.0.2.3) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.2.2) - actionpack (= 7.0.2.2) - actionview (= 7.0.2.2) - activejob (= 7.0.2.2) - activesupport (= 7.0.2.2) + actionmailer (7.0.2.3) + actionpack (= 7.0.2.3) + actionview (= 7.0.2.3) + activejob (= 7.0.2.3) + activesupport (= 7.0.2.3) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.2.2) - actionview (= 7.0.2.2) - activesupport (= 7.0.2.2) + actionpack (7.0.2.3) + actionview (= 7.0.2.3) + activesupport (= 7.0.2.3) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.2.2) - actionpack (= 7.0.2.2) - activerecord (= 7.0.2.2) - activestorage (= 7.0.2.2) - activesupport (= 7.0.2.2) + actiontext (7.0.2.3) + actionpack (= 7.0.2.3) + activerecord (= 7.0.2.3) + activestorage (= 7.0.2.3) + activesupport (= 7.0.2.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.2.2) - activesupport (= 7.0.2.2) + actionview (7.0.2.3) + activesupport (= 7.0.2.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.2.2) - activesupport (= 7.0.2.2) + activejob (7.0.2.3) + activesupport (= 7.0.2.3) globalid (>= 0.3.6) - activemodel (7.0.2.2) - activesupport (= 7.0.2.2) - activerecord (7.0.2.2) - activemodel (= 7.0.2.2) - activesupport (= 7.0.2.2) - activestorage (7.0.2.2) - actionpack (= 7.0.2.2) - activejob (= 7.0.2.2) - activerecord (= 7.0.2.2) - activesupport (= 7.0.2.2) + activemodel (7.0.2.3) + activesupport (= 7.0.2.3) + activerecord (7.0.2.3) + activemodel (= 7.0.2.3) + activesupport (= 7.0.2.3) + activestorage (7.0.2.3) + actionpack (= 7.0.2.3) + activejob (= 7.0.2.3) + activerecord (= 7.0.2.3) + activesupport (= 7.0.2.3) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.2.2) + activesupport (7.0.2.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - bcrypt (3.1.16) + bcrypt (3.1.17) builder (3.2.4) - concurrent-ruby (1.1.9) + concurrent-ruby (1.1.10) crass (1.0.6) digest (3.1.0) erubi (1.10.0) faraday (2.2.0) faraday-net_http (~> 2.0) ruby2_keywords (>= 0.0.4) - faraday-net_http (2.0.1) + faraday-net_http (2.0.2) globalid (1.0.0) activesupport (>= 5.0) hashie (5.0.0) i18n (1.10.0) concurrent-ruby (~> 1.0) - io-wait (0.2.1) jwt (2.3.0) - loofah (2.14.0) + loofah (2.16.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -123,8 +122,7 @@ GEM digest net-protocol timeout - net-protocol (0.1.2) - io-wait + net-protocol (0.1.3) timeout net-smtp (0.3.1) digest @@ -140,9 +138,9 @@ GEM multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (2.0.4) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) rack-protection omniauth-facebook (9.0.0) omniauth-oauth2 (~> 1.2) @@ -164,28 +162,28 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (7.0.2.2) - actioncable (= 7.0.2.2) - actionmailbox (= 7.0.2.2) - actionmailer (= 7.0.2.2) - actionpack (= 7.0.2.2) - actiontext (= 7.0.2.2) - actionview (= 7.0.2.2) - activejob (= 7.0.2.2) - activemodel (= 7.0.2.2) - activerecord (= 7.0.2.2) - activestorage (= 7.0.2.2) - activesupport (= 7.0.2.2) + rails (7.0.2.3) + actioncable (= 7.0.2.3) + actionmailbox (= 7.0.2.3) + actionmailer (= 7.0.2.3) + actionpack (= 7.0.2.3) + actiontext (= 7.0.2.3) + actionview (= 7.0.2.3) + activejob (= 7.0.2.3) + activemodel (= 7.0.2.3) + activerecord (= 7.0.2.3) + activestorage (= 7.0.2.3) + activesupport (= 7.0.2.3) bundler (>= 1.15.0) - railties (= 7.0.2.2) + railties (= 7.0.2.3) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.2) loofah (~> 2.3) - railties (7.0.2.2) - actionpack (= 7.0.2.2) - activesupport (= 7.0.2.2) + railties (7.0.2.3) + actionpack (= 7.0.2.3) + activesupport (= 7.0.2.3) method_source rake (>= 12.2) thor (~> 1.0) @@ -203,7 +201,7 @@ GEM stringio (3.0.1) strscan (3.0.1) thor (1.2.1) - timecop (0.9.4) + timecop (0.9.5) timeout (0.2.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) From 55eabee800493cff526a2846bd6ce054058bde01 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 21 Apr 2022 19:07:04 -0300 Subject: [PATCH 139/299] Use https source for github repos with Bundler 1.x GitHub no longer supports the git:// protocol, which was the default in Bundler 1.x. From the build: The unauthenticated git protocol on port 9418 is no longer supported. Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information. --- gemfiles/Gemfile-rails-4-1 | 5 +++++ gemfiles/Gemfile-rails-4-2 | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 44a1c98aa..7bbabf9db 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -2,6 +2,11 @@ source "https://rubygems.org" +git_source(:github) do |repo_name| + repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?('/') + "https://github.com/#{repo_name}.git" +end + gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-1-stable" diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index bb35c5f2f..6e106b5e9 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -2,6 +2,11 @@ source "https://rubygems.org" +git_source(:github) do |repo_name| + repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?('/') + "https://github.com/#{repo_name}.git" +end + gemspec path: ".." gem "rails", github: "rails/rails", branch: "4-2-stable" From 875217d8c195eb857f2529c4aa357c3ef5f45c14 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 21 Apr 2022 21:08:50 -0300 Subject: [PATCH 140/299] Only set property for Rails 7, it has been removed on master https://github.com/rails/rails/pull/44827 --- test/rails_app/config/application.rb | 2 +- test/rails_app/config/boot.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 7d717db87..1f4fbddba 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -50,7 +50,7 @@ class Application < Rails::Application Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true end - if Devise::Test.rails7_and_up? + if Devise::Test.rails70? config.active_record.legacy_connection_handling = false end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 65acdfec4..524b56182 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -8,8 +8,8 @@ module Devise module Test # Detection for minor differences between Rails versions in tests. - def self.rails7_and_up? - Rails::VERSION::MAJOR >= 7 + def self.rails70? + Rails.version.start_with? '7.0' end def self.rails6_and_up? From e1c53d6580b0f4e30e598d6d249320d506770701 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Apr 2022 09:16:19 -0300 Subject: [PATCH 141/299] Check for empty response body on redirect with Rails main (future 7.1) Rails is no longer returning a message with the response body on redirects, just an empty body. https://github.com/rails/rails/pull/44554 --- test/failure_app_test.rb | 10 +++++++--- test/rails_app/config/boot.rb | 4 ++++ test/test/controller_helpers_test.rb | 14 ++++++++++++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index df4107c00..883cf8b9b 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -213,9 +213,13 @@ def call_failure(env_params = {}) test 'set up a default message' do call_failure - assert_match(/You are being/, @response.last.body) - assert_match(/redirected/, @response.last.body) - assert_match(/users\/sign_in/, @response.last.body) + if Devise::Test.rails71_and_up? + assert_empty @response.last.body + else + assert_match(/You are being/, @response.last.body) + assert_match(/redirected/, @response.last.body) + assert_match(/users\/sign_in/, @response.last.body) + end end test 'works for any navigational format' do diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 524b56182..4c108cc8c 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -8,6 +8,10 @@ module Devise module Test # Detection for minor differences between Rails versions in tests. + def self.rails71_and_up? + !rails70? && Rails::VERSION::MAJOR >= 7 + end + def self.rails70? Rails.version.start_with? '7.0' end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 6c5d24ad1..c93ecf2e3 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -97,7 +97,12 @@ def respond test "returns the body of a failure app" do get :index - assert_equal "You are being redirected.", response.body + + if Devise::Test.rails71_and_up? + assert_empty response.body + else + assert_equal "You are being redirected.", response.body + end end test "returns the content type of a failure app" do @@ -203,6 +208,11 @@ class TestControllerHelpersForStreamingControllerTest < Devise::ControllerTestCa test "doesn't hang when sending an authentication error response body" do get :index - assert_equal "You are being redirected.", response.body + + if Devise::Test.rails71_and_up? + assert_empty response.body + else + assert_equal "You are being redirected.", response.body + end end end From b5172a0cdbc02686ae905d65ec2392ead41be139 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Apr 2022 10:41:01 -0300 Subject: [PATCH 142/299] Fix csrf cleanup for Rails 7.1 (main) Rails implemented a CSRF token storage strategy to allow storing the CSRF tokens outside of the sessios (for example, in an encrypted cookie), and changed how the value is kept around during the request cycle, by using a request.env value. We still want to ensure the final session value is cleaned correctly in the test, but the implementation needed to change since we can't simply delete from the session anymore, we need to make sure we call the Rails methods for resetting the current storage strategy so it works with all of them. https://github.com/rails/rails/pull/44283 --- lib/devise/hooks/csrf_cleaner.rb | 8 +++++++- test/integration/authenticatable_test.rb | 12 ++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/devise/hooks/csrf_cleaner.rb b/lib/devise/hooks/csrf_cleaner.rb index d725fbc42..211bcab82 100644 --- a/lib/devise/hooks/csrf_cleaner.rb +++ b/lib/devise/hooks/csrf_cleaner.rb @@ -4,6 +4,12 @@ clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) || warden.winning_strategy.clean_up_csrf? if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy - warden.request.session.try(:delete, :_csrf_token) + request = warden.request + if request.respond_to?(:controller_instance) && request.controller_instance.respond_to?(:reset_csrf_token) + # Rails 7.1+ + request.controller_instance.reset_csrf_token(request) + else + request.session.try(:delete, :_csrf_token) + end end end diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index a1bf28dae..6c3be3b57 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -346,10 +346,18 @@ class AuthenticationSessionTest < Devise::IntegrationTest test 'refreshes _csrf_token' do swap ApplicationController, allow_forgery_protection: true do get new_user_session_path - token = request.session[:_csrf_token] + token_from_session = request.session[:_csrf_token] + + if Devise::Test.rails71_and_up? + token_from_env = request.env["action_controller.csrf_token"] + end sign_in_as_user - assert_not_equal request.session[:_csrf_token], token + assert_not_equal request.session[:_csrf_token], token_from_session + + if Devise::Test.rails71_and_up? + assert_not_equal request.env["action_controller.csrf_token"], token_from_env + end end end From 2fa9303ab35f159d7c3fb76392692994155b18f0 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 22 Apr 2022 12:55:08 -0300 Subject: [PATCH 143/299] Use new method to reset CSRF exposed via the request object This simplifies the logic considerably, as we don't need to reach out to what seems more internal-ish implementation of Rails with the interaction between the request and controller objects. https://github.com/rails/rails/commit/b925880914fa3dca8c9cd0f8e88fb18fc8ec180b --- lib/devise/hooks/csrf_cleaner.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/devise/hooks/csrf_cleaner.rb b/lib/devise/hooks/csrf_cleaner.rb index 211bcab82..4a6473955 100644 --- a/lib/devise/hooks/csrf_cleaner.rb +++ b/lib/devise/hooks/csrf_cleaner.rb @@ -4,12 +4,11 @@ clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) || warden.winning_strategy.clean_up_csrf? if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy - request = warden.request - if request.respond_to?(:controller_instance) && request.controller_instance.respond_to?(:reset_csrf_token) + if warden.request.respond_to?(:reset_csrf_token) # Rails 7.1+ - request.controller_instance.reset_csrf_token(request) + warden.request.reset_csrf_token else - request.session.try(:delete, :_csrf_token) + warden.request.session.try(:delete, :_csrf_token) end end end From d4bf52bdfd652cc1d87fa5800a04b288a81fd787 Mon Sep 17 00:00:00 2001 From: Atul Kanswal Date: Mon, 27 Jun 2022 16:23:13 +0530 Subject: [PATCH 144/299] Update lockable.rb Documentation Confusion --- lib/devise/models/lockable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index ce9e3e57a..65bb400d0 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -18,7 +18,7 @@ module Models # * +maximum_attempts+: how many attempts should be accepted before blocking the user. # * +lock_strategy+: lock the user account by :failed_attempts or :none. # * +unlock_strategy+: unlock the user account by :time, :email, :both or :none. - # * +unlock_in+: the time you want to lock the user after to lock happens. Only available when unlock_strategy is :time or :both. + # * +unlock_in+: the time you want to unlock the user after lock happens. Only available when unlock_strategy is :time or :both. # * +unlock_keys+: the keys you want to use when locking and unlocking an account # module Lockable From 41003bf5deaf2c09073a3a3701e32aaf266e991c Mon Sep 17 00:00:00 2001 From: okyanusoz <46757266+okyanusoz@users.noreply.github.com> Date: Tue, 30 Aug 2022 17:06:16 +0300 Subject: [PATCH 145/299] Update new.html.erb --- app/views/devise/passwords/new.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 9b486b81b..6a9f517f0 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -9,7 +9,7 @@
- <%= f.submit "Send me reset password instructions" %> + <%= f.submit "Send me password reset instructions" %>
<% end %> From fc1ac76ddf0052c61e76f90b03d877b29913eac2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 17 Jan 2023 14:16:17 -0300 Subject: [PATCH 146/299] Add support to Ruby 3.2 (no changes needed) --- .github/workflows/test.yml | 15 ++- CHANGELOG.md | 5 + Gemfile.lock | 199 +++++++++++++++++++------------------ 3 files changed, 119 insertions(+), 100 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7d5d080bb..a15b0cd7d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,6 +16,7 @@ jobs: - gemfiles/Gemfile-rails-4-2 - gemfiles/Gemfile-rails-4-1 ruby: + - '3.2' - '3.1' - '3.0' - '2.7' @@ -67,6 +68,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-6-1 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-6-0 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-6-0 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-6-0 @@ -79,6 +82,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-6-0 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-2 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-5-2 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-2 @@ -91,6 +96,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-2 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-1 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-5-1 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-1 @@ -101,6 +108,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-1 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-5-0 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-5-0 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-0 @@ -111,6 +120,8 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-0 env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-4-2 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-4-2 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-4-2 @@ -119,6 +130,8 @@ jobs: ruby: '2.7' - gemfile: gemfiles/Gemfile-rails-4-2 ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-4-1 + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-4-1 @@ -135,7 +148,7 @@ jobs: env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup Bundler 1.x for Rails 4.x if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV diff --git a/CHANGELOG.md b/CHANGELOG.md index e91257a12..5d48a3455 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* enhancements + * Add support for Ruby 3.1/3.2. + ### 4.8.1 - 2021-12-16 * enhancements diff --git a/Gemfile.lock b/Gemfile.lock index be03532d7..7cb193d21 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,176 +20,174 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.2.3) - actionpack (= 7.0.2.3) - activesupport (= 7.0.2.3) + actioncable (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.2.3) - actionpack (= 7.0.2.3) - activejob (= 7.0.2.3) - activerecord (= 7.0.2.3) - activestorage (= 7.0.2.3) - activesupport (= 7.0.2.3) + actionmailbox (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.2.3) - actionpack (= 7.0.2.3) - actionview (= 7.0.2.3) - activejob (= 7.0.2.3) - activesupport (= 7.0.2.3) + actionmailer (7.0.4) + actionpack (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activesupport (= 7.0.4) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.2.3) - actionview (= 7.0.2.3) - activesupport (= 7.0.2.3) + actionpack (7.0.4) + actionview (= 7.0.4) + activesupport (= 7.0.4) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.2.3) - actionpack (= 7.0.2.3) - activerecord (= 7.0.2.3) - activestorage (= 7.0.2.3) - activesupport (= 7.0.2.3) + actiontext (7.0.4) + actionpack (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.2.3) - activesupport (= 7.0.2.3) + actionview (7.0.4) + activesupport (= 7.0.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.2.3) - activesupport (= 7.0.2.3) + activejob (7.0.4) + activesupport (= 7.0.4) globalid (>= 0.3.6) - activemodel (7.0.2.3) - activesupport (= 7.0.2.3) - activerecord (7.0.2.3) - activemodel (= 7.0.2.3) - activesupport (= 7.0.2.3) - activestorage (7.0.2.3) - actionpack (= 7.0.2.3) - activejob (= 7.0.2.3) - activerecord (= 7.0.2.3) - activesupport (= 7.0.2.3) + activemodel (7.0.4) + activesupport (= 7.0.4) + activerecord (7.0.4) + activemodel (= 7.0.4) + activesupport (= 7.0.4) + activestorage (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activesupport (= 7.0.4) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.2.3) + activesupport (7.0.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - bcrypt (3.1.17) + bcrypt (3.1.18) builder (3.2.4) concurrent-ruby (1.1.10) crass (1.0.6) - digest (3.1.0) - erubi (1.10.0) - faraday (2.2.0) - faraday-net_http (~> 2.0) + date (3.3.3) + erubi (1.12.0) + faraday (2.7.3) + faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) - faraday-net_http (2.0.2) + faraday-net_http (3.0.2) globalid (1.0.0) activesupport (>= 5.0) hashie (5.0.0) - i18n (1.10.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) - jwt (2.3.0) - loofah (2.16.0) + jwt (2.6.0) + loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.7.1) + mail (2.8.0.1) mini_mime (>= 0.1.1) + net-imap + net-pop + net-smtp marcel (1.0.2) method_source (1.0.0) mini_mime (1.1.2) mini_portile2 (2.6.1) - minitest (5.15.0) - mocha (1.13.0) - multi_json (1.15.0) + minitest (5.17.0) + mocha (1.16.1) multi_xml (0.6.0) - net-imap (0.2.3) - digest + net-imap (0.3.4) + date net-protocol - strscan - net-pop (0.1.1) - digest + net-pop (0.1.2) net-protocol + net-protocol (0.2.1) timeout - net-protocol (0.1.3) - timeout - net-smtp (0.3.1) - digest + net-smtp (0.3.3) net-protocol - timeout nio4r (2.5.8) nokogiri (1.12.5) mini_portile2 (~> 2.6.1) racc (~> 1.4) - oauth2 (1.4.9) + oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) - multi_json (~> 1.3) multi_xml (~> 0.5) - rack (>= 1.2, < 3) + rack (>= 1.2, < 4) + snaky_hash (~> 2.0) + version_gem (~> 1.1) omniauth (2.1.0) hashie (>= 3.4.6) rack (>= 2.2.3) rack-protection omniauth-facebook (9.0.0) omniauth-oauth2 (~> 1.2) - omniauth-oauth2 (1.7.2) - oauth2 (~> 1.4) - omniauth (>= 1.9, < 3) + omniauth-oauth2 (1.8.0) + oauth2 (>= 1.4, < 3) + omniauth (~> 2.0) omniauth-openid (2.0.1) omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) - psych (4.0.3) + psych (5.0.1) stringio - racc (1.6.0) - rack (2.2.3) + racc (1.6.2) + rack (2.2.6) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (2.2.0) + rack-protection (3.0.5) rack - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (7.0.2.3) - actioncable (= 7.0.2.3) - actionmailbox (= 7.0.2.3) - actionmailer (= 7.0.2.3) - actionpack (= 7.0.2.3) - actiontext (= 7.0.2.3) - actionview (= 7.0.2.3) - activejob (= 7.0.2.3) - activemodel (= 7.0.2.3) - activerecord (= 7.0.2.3) - activestorage (= 7.0.2.3) - activesupport (= 7.0.2.3) + rack-test (2.0.2) + rack (>= 1.3) + rails (7.0.4) + actioncable (= 7.0.4) + actionmailbox (= 7.0.4) + actionmailer (= 7.0.4) + actionpack (= 7.0.4) + actiontext (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activemodel (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) bundler (>= 1.15.0) - railties (= 7.0.2.3) + railties (= 7.0.4) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) - loofah (~> 2.3) - railties (7.0.2.3) - actionpack (= 7.0.2.3) - activesupport (= 7.0.2.3) + rails-html-sanitizer (1.4.4) + loofah (~> 2.19, >= 2.19.1) + railties (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) method_source rake (>= 12.2) thor (~> 1.0) zeitwerk (~> 2.5) rake (13.0.6) - rdoc (6.4.0) + rdoc (6.5.0) psych (>= 4.0.0) responders (3.0.1) actionpack (>= 5.0) @@ -197,14 +195,17 @@ GEM rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.5) - sqlite3 (1.4.2) - stringio (3.0.1) - strscan (3.0.1) + snaky_hash (2.0.1) + hashie + version_gem (~> 1.1, >= 1.1.1) + sqlite3 (1.4.4) + stringio (3.0.4) thor (1.2.1) - timecop (0.9.5) - timeout (0.2.0) - tzinfo (2.0.4) + timecop (0.9.6) + timeout (0.3.1) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) + version_gem (1.1.1) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) @@ -214,7 +215,7 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.5.4) + zeitwerk (2.6.6) PLATFORMS ruby @@ -237,4 +238,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.3.8 + 2.4.4 From 59bedaa1e711c145218c88351633e577da0804b3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 17 Jan 2023 14:47:26 -0300 Subject: [PATCH 147/299] Attempt to get the build running on Ruby 2.2 It appears we're getting a newer version of this multipart-post dependency, which doesn't work well with Ruby 2.2 by using `Object.deprecate_constant`, resulting in the following error: .../multipart-post-2.2.0/lib/multipart/post/parts.rb:152:in `': undefined method `deprecate_constant' for Object:Class (NoMethodError) Hopefully by locking on a previous version we can just get the build back to green for now. --- gemfiles/Gemfile-rails-4-1 | 6 ++++++ gemfiles/Gemfile-rails-4-2 | 6 ++++++ gemfiles/Gemfile-rails-5-0 | 6 ++++++ gemfiles/Gemfile-rails-5-1 | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 7bbabf9db..6f0b77e83 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -38,3 +38,9 @@ end group :mongoid do gem "mongoid", "~> 4.0" end + +if RUBY_VERSION < "2.3.0" + # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using + # `Object.deprecate_constant` which isn't available. + gem "multipart-post", "2.1.1" +end diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index 6e106b5e9..43367157f 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -37,3 +37,9 @@ end group :mongoid do gem "mongoid", "~> 4.0" end + +if RUBY_VERSION < "2.3.0" + # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using + # `Object.deprecate_constant` which isn't available. + gem "multipart-post", "2.1.1" +end diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index 486f0132a..76eb2aab2 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -30,3 +30,9 @@ end # group :mongoid do # gem "mongoid", "~> 4.0.0" # end + +if RUBY_VERSION < "2.3.0" + # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using + # `Object.deprecate_constant` which isn't available. + gem "multipart-post", "2.1.1" +end diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 0d391aa54..0d5f47015 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -23,3 +23,9 @@ end platforms :ruby do gem "sqlite3", "~> 1.3.6" end + +if RUBY_VERSION < "2.3.0" + # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using + # `Object.deprecate_constant` which isn't available. + gem "multipart-post", "2.1.1" +end From 319d9fa648f98a88bdeb93ac74d1c3384b4e839d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 18 Jan 2023 11:46:33 -0300 Subject: [PATCH 148/299] Run with the latest rubygems on newer Ruby versions Rails master on Ruby 2.7/3.0 is failing with the following error: Resolving dependencies... Could not find compatible versions Because every version of rails depends on RubyGems >= 3.3.13 and Gemfile-rails-main depends on rails >= 0, RubyGems >= 3.3.13 is required. So, because current RubyGems version is = 3.1.6, version solving has failed. Trying to run with the latest available rubygems to see if that can fix the problem, but sticking to the "default" rubygems version on older Ruby versions to avoid build issues there. --- .github/workflows/test.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a15b0cd7d..207f5703f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -152,11 +152,18 @@ jobs: - name: Setup Bundler 1.x for Rails 4.x if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV + - name: Setup Rubygems version as default for Ruby < 2.5 + if: ${{ matrix.ruby < '2.5' }} + run: echo "RUBYGEMS_VERSION=default" >> $GITHUB_ENV + - name: Setup Rubygems version as 3.2.3 for Ruby 2.5 + if: ${{ matrix.ruby == '2.5' }} + run: echo "RUBYGEMS_VERSION=3.2.3" >> $GITHUB_ENV - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - bundler: ${{ env.BUNDLER_VERSION || 'latest' }} + bundler: ${{ env.BUNDLER_VERSION || 'default' }} + rubygems: ${{ env.RUBYGEMS_VERSION || 'latest' }} - uses: supercharge/mongodb-github-action@1.3.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From cddba289459d922d40eabf6c8475008995a78783 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 27 Jan 2023 17:15:20 -0300 Subject: [PATCH 149/299] Bundle update --- Gemfile.lock | 122 +++++++++++++++++++++++++-------------------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7cb193d21..704f50e97 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,82 +20,82 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.4) - actionpack (= 7.0.4) - activesupport (= 7.0.4) + actioncable (7.0.4.2) + actionpack (= 7.0.4.2) + activesupport (= 7.0.4.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4) - actionpack (= 7.0.4) - activejob (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + actionmailbox (7.0.4.2) + actionpack (= 7.0.4.2) + activejob (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.4) - actionpack (= 7.0.4) - actionview (= 7.0.4) - activejob (= 7.0.4) - activesupport (= 7.0.4) + actionmailer (7.0.4.2) + actionpack (= 7.0.4.2) + actionview (= 7.0.4.2) + activejob (= 7.0.4.2) + activesupport (= 7.0.4.2) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.4) - actionview (= 7.0.4) - activesupport (= 7.0.4) + actionpack (7.0.4.2) + actionview (= 7.0.4.2) + activesupport (= 7.0.4.2) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.4) - actionpack (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + actiontext (7.0.4.2) + actionpack (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.4) - activesupport (= 7.0.4) + actionview (7.0.4.2) + activesupport (= 7.0.4.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.4) - activesupport (= 7.0.4) + activejob (7.0.4.2) + activesupport (= 7.0.4.2) globalid (>= 0.3.6) - activemodel (7.0.4) - activesupport (= 7.0.4) - activerecord (7.0.4) - activemodel (= 7.0.4) - activesupport (= 7.0.4) - activestorage (7.0.4) - actionpack (= 7.0.4) - activejob (= 7.0.4) - activerecord (= 7.0.4) - activesupport (= 7.0.4) + activemodel (7.0.4.2) + activesupport (= 7.0.4.2) + activerecord (7.0.4.2) + activemodel (= 7.0.4.2) + activesupport (= 7.0.4.2) + activestorage (7.0.4.2) + actionpack (= 7.0.4.2) + activejob (= 7.0.4.2) + activerecord (= 7.0.4.2) + activesupport (= 7.0.4.2) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.4) + activesupport (7.0.4.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) bcrypt (3.1.18) builder (3.2.4) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.0) crass (1.0.6) date (3.3.3) erubi (1.12.0) - faraday (2.7.3) + faraday (2.7.4) faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - globalid (1.0.0) + globalid (1.1.0) activesupport (>= 5.0) hashie (5.0.0) i18n (1.12.0) @@ -136,7 +136,7 @@ GEM rack (>= 1.2, < 4) snaky_hash (~> 2.0) version_gem (~> 1.1) - omniauth (2.1.0) + omniauth (2.1.1) hashie (>= 3.4.6) rack (>= 2.2.3) rack-protection @@ -149,10 +149,10 @@ GEM omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) - psych (5.0.1) + psych (5.0.2) stringio racc (1.6.2) - rack (2.2.6) + rack (2.2.6.2) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -160,28 +160,28 @@ GEM rack rack-test (2.0.2) rack (>= 1.3) - rails (7.0.4) - actioncable (= 7.0.4) - actionmailbox (= 7.0.4) - actionmailer (= 7.0.4) - actionpack (= 7.0.4) - actiontext (= 7.0.4) - actionview (= 7.0.4) - activejob (= 7.0.4) - activemodel (= 7.0.4) - activerecord (= 7.0.4) - activestorage (= 7.0.4) - activesupport (= 7.0.4) + rails (7.0.4.2) + actioncable (= 7.0.4.2) + actionmailbox (= 7.0.4.2) + actionmailer (= 7.0.4.2) + actionpack (= 7.0.4.2) + actiontext (= 7.0.4.2) + actionview (= 7.0.4.2) + activejob (= 7.0.4.2) + activemodel (= 7.0.4.2) + activerecord (= 7.0.4.2) + activestorage (= 7.0.4.2) + activesupport (= 7.0.4.2) bundler (>= 1.15.0) - railties (= 7.0.4) + railties (= 7.0.4.2) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.4) + rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (7.0.4) - actionpack (= 7.0.4) - activesupport (= 7.0.4) + railties (7.0.4.2) + actionpack (= 7.0.4.2) + activesupport (= 7.0.4.2) method_source rake (>= 12.2) thor (~> 1.0) @@ -238,4 +238,4 @@ DEPENDENCIES webrat (= 0.7.3) BUNDLED WITH - 2.4.4 + 2.4.5 From 3632ddf67473880ed9583201ce13f108c620514f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 31 Jan 2023 10:04:11 -0300 Subject: [PATCH 150/299] Remove XML serializer from a couple gemfiles missed previously It looks like I missed removing it when XMl was replaced with JSON across our test suite in a793472a3e28e8b0dec137531e3de64d91ff81ec. --- gemfiles/Gemfile-rails-6-1 | 2 -- gemfiles/Gemfile-rails-main | 2 -- 2 files changed, 4 deletions(-) diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index baa4827c2..49b19f342 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 513e0572c..4104445e7 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -7,8 +7,6 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml" - gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.0" From f08e0ad24aa6fec6f585247c0465e0d46c6d8a94 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 31 Jan 2023 09:32:40 -0300 Subject: [PATCH 151/299] Integrate with Hotwire/Turbo by configuring error and response statuses Treat `:turbo_stream` request format as a navigational format, much like HTML, so Devise/responders can work properly. Allow configuring the `error_status` and `redirect_status` using the latest responders features, via a new custom Devise responder, so we can customize the both responses to match Hotwire/Turbo behavior, for example with `422 Unprocessable Entity` and `303 See Other`, respectively. The defaults aren't changing in Devise itself (yet), so it still responds on errors cases with `200 OK`, and redirects on non-GET requests with `302 Found`, but new apps are generated with the new statuses and existing apps can opt-in. Please note that these defaults might change in a future release of Devise. PRs/Issues references: https://github.com/heartcombo/devise/pull/5545 https://github.com/heartcombo/devise/pull/5529 https://github.com/heartcombo/devise/pull/5516 https://github.com/heartcombo/devise/pull/5499 https://github.com/heartcombo/devise/pull/5487 https://github.com/heartcombo/devise/pull/5467 https://github.com/heartcombo/devise/pull/5440 https://github.com/heartcombo/devise/pull/5410 https://github.com/heartcombo/devise/pull/5340 https://github.com/heartcombo/devise/issues/5542 https://github.com/heartcombo/devise/issues/5530 https://github.com/heartcombo/devise/issues/5519 https://github.com/heartcombo/devise/issues/5513 https://github.com/heartcombo/devise/issues/5478 https://github.com/heartcombo/devise/issues/5468 https://github.com/heartcombo/devise/issues/5463 https://github.com/heartcombo/devise/issues/5458 https://github.com/heartcombo/devise/issues/5448 https://github.com/heartcombo/devise/issues/5446 https://github.com/heartcombo/devise/issues/5439 --- CHANGELOG.md | 15 +++++++++++ Gemfile | 2 +- Gemfile.lock | 14 ++++++++--- README.md | 19 ++++++++++++++ .../devise/confirmations_controller.rb | 1 + .../devise/registrations_controller.rb | 2 +- app/controllers/devise/sessions_controller.rb | 2 +- app/controllers/devise/unlocks_controller.rb | 1 + app/controllers/devise_controller.rb | 1 + app/views/devise/registrations/edit.html.erb | 2 +- .../devise/shared/_error_messages.html.erb | 2 +- gemfiles/Gemfile-rails-6-0 | 2 +- gemfiles/Gemfile-rails-6-1 | 2 +- gemfiles/Gemfile-rails-main | 2 +- lib/devise.rb | 10 +++++++- lib/devise/controllers/responder.rb | 25 +++++++++++++++++++ lib/devise/failure_app.rb | 6 +++-- lib/generators/templates/devise.rb | 18 +++++++------ .../registrations/edit.html.erb | 2 +- test/support/integration.rb | 4 +-- 20 files changed, 106 insertions(+), 26 deletions(-) create mode 100644 lib/devise/controllers/responder.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d48a3455..95643aa61 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ * enhancements * Add support for Ruby 3.1/3.2. + * Add support for Hotwire + Turbo, default in Rails 7+. + * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. + * Devise requires the latest `responders` version, which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` to match the behavior expected by Hotwire/Turbo: + + ```ruby + # config/initializers/devise.rb + Devise.setup do |config| + # ... + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other + # ... + end + ``` + + These configs are already generated by default with new apps, and existing apps may opt-in as described above. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. ### 4.8.1 - 2021-12-16 diff --git a/Gemfile b/Gemfile index 0b41fa0e1..aac13712c 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", "~> 3.0" +gem "responders", github: "heartcombo/responders", branch: "main" group :test do gem "nokogiri", "< 1.13" diff --git a/Gemfile.lock b/Gemfile.lock index 704f50e97..a9a79c79a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,12 @@ +GIT + remote: https://github.com/heartcombo/responders.git + revision: fb9f787055a7a842584ce351793b249676290090 + branch: main + specs: + responders (3.0.1) + actionpack (>= 5.2) + railties (>= 5.2) + GIT remote: https://github.com/rails/rails-controller-testing.git revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74 @@ -189,9 +198,6 @@ GEM rake (13.0.6) rdoc (6.5.0) psych (>= 4.0.0) - responders (3.0.1) - actionpack (>= 5.0) - railties (>= 5.0) rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.5) @@ -231,7 +237,7 @@ DEPENDENCIES rails (~> 7.0.0) rails-controller-testing! rdoc - responders (~> 3.0) + responders! rexml sqlite3 (~> 1.4) timecop diff --git a/README.md b/README.md index 8fa3f64b9..cd2e74a83 100644 --- a/README.md +++ b/README.md @@ -476,6 +476,25 @@ Please note: You will still need to add `devise_for` in your routes in order to devise_for :users, skip: :all ``` +### Hotwire/Turbo + +Devise integrates with Hotwire/Turbo by treating such requests as navigational, and configuring certain responses for errors and redirects to match the expected behavior. New apps are generated with the following response configuration by default, and existing apps may opt-in by adding the config to their Devise initializers: + +```ruby +Devise.setup do |config| + # ... + # When using Devise with Hotwire/Turbo, the http status for error responses + # and some redirects must match the following. The default in Devise for existing + # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # these new defaults that match Hotwire/Turbo behavior. + # Note: These might become the new default in future versions of Devise. + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other +end +``` + +_Note_: the above statuses configuration may become the default for Devise in a future release. + ### I18n Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file: diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 3069c6efb..5e22079ec 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -27,6 +27,7 @@ def show set_flash_message!(:notice, :confirmed) respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else + # TODO: use `error_status` when the default changes to `:unprocessable_entity`. respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 1b8a969f8..f1292b4d9 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -67,7 +67,7 @@ def destroy Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name) set_flash_message! :notice, :destroyed yield resource if block_given? - respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) } + respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } end # GET /resource/cancel diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 9090b002f..7c4ee7d4e 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -77,7 +77,7 @@ def respond_to_on_destroy # support returning empty response on GET request respond_to do |format| format.all { head :no_content } - format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) } + format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } end end end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 1d04d6227..b1487760b 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -29,6 +29,7 @@ def show set_flash_message! :notice, :unlocked respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } else + # TODO: use `error_status` when the default changes to `:unprocessable_entity`. respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 9911fa0b8..4bf92a688 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -15,6 +15,7 @@ class DeviseController < Devise.parent_controller.constantize end prepend_before_action :assert_is_devise_resource! + self.responder = Devise.responder respond_to :html if mimes_for_respond_to.empty? # Override prefixes to consider the scoped view. diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 38d95b85a..2a666e925 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -38,6 +38,6 @@

Cancel my account

-

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

+

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>

<%= link_to "Back", :back %> diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb index ba7ab8870..cabfe307e 100644 --- a/app/views/devise/shared/_error_messages.html.erb +++ b/app/views/devise/shared/_error_messages.html.erb @@ -1,5 +1,5 @@ <% if resource.errors.any? %> -
+

<%= I18n.t("errors.messages.not_saved", count: resource.errors.count, diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index d8f774315..b6cb38f8c 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", "~> 3.0" +gem "responders", github: "heartcombo/responders", branch: "main" group :test do gem "nokogiri", "< 1.13" diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 49b19f342..1dc626ed7 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", "~> 3.0" +gem "responders", github: "heartcombo/responders", branch: "main" if RUBY_VERSION >= "3.1" gem "net-smtp", require: false diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 4104445e7..fe9eba5af 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", "~> 3.0" +gem "responders", github: "heartcombo/responders", branch: "main" group :test do gem "nokogiri", "< 1.13" diff --git a/lib/devise.rb b/lib/devise.rb index ede803867..55045a8c1 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -23,6 +23,7 @@ module Devise module Controllers autoload :Helpers, 'devise/controllers/helpers' autoload :Rememberable, 'devise/controllers/rememberable' + autoload :Responder, 'devise/controllers/responder' autoload :ScopedViews, 'devise/controllers/scoped_views' autoload :SignInOut, 'devise/controllers/sign_in_out' autoload :StoreLocation, 'devise/controllers/store_location' @@ -217,7 +218,14 @@ module Test # Which formats should be treated as navigational. mattr_accessor :navigational_formats - @@navigational_formats = ["*/*", :html] + @@navigational_formats = ["*/*", :html, :turbo_stream] + + # The default responder used by Devise, not meant to be changed directly, + # but you can customize status codes with: + # `config.responder.error_status` + # `config.responder.redirect_status` + mattr_accessor :responder + @@responder = Devise::Controllers::Responder # When set to true, signing out a user signs out all other scopes. mattr_accessor :sign_out_all_scopes diff --git a/lib/devise/controllers/responder.rb b/lib/devise/controllers/responder.rb new file mode 100644 index 000000000..8b1520578 --- /dev/null +++ b/lib/devise/controllers/responder.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Devise + module Controllers + # Custom Responder to configure default statuses that only apply to Devise, + # and allow to integrate more easily with Hotwire/Turbo. + class Responder < ActionController::Responder + if respond_to?(:error_status=) && respond_to?(:redirect_status=) + self.error_status = :ok + self.redirect_status = :found + else + # TODO: remove this support for older Rails versions, which aren't supported by Turbo + # and/or responders. It won't allow configuring a custom response, but it allows Devise + # to use these methods and defaults across the implementation more easily. + def self.error_status + :ok + end + + def self.redirect_status + :found + end + end + end + end +end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index ee8219fff..d8042ec31 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -71,7 +71,9 @@ def recall end flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? - self.response = recall_app(warden_options[:recall]).call(request.env) + self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response| + response[0] = Rack::Utils.status_code(Devise.responder.error_status) + } end def redirect @@ -167,7 +169,7 @@ def scope_url end def skip_format? - %w(html */*).include? request_format.to_s + %w(html */* turbo_stream).include? request_format.to_s end # Choose whether we should respond in an HTTP authentication fashion, diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 1dbaddaa6..4503f33f8 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -256,14 +256,14 @@ # ==> Navigation configuration # Lists the formats that should be treated as navigational. Formats like - # :html, should redirect to the sign in page when the user does not have + # :html should redirect to the sign in page when the user does not have # access, but formats like :xml or :json, should return 401. # # If you have any extra navigational formats, like :iphone or :mobile, you # should add them to the navigational formats lists. # # The "*/*" below is required to match Internet Explorer requests. - # config.navigational_formats = ['*/*', :html] + # config.navigational_formats = ['*/*', :html, :turbo_stream] # The default HTTP method used to sign out a resource. Default is :delete. config.sign_out_via = :delete @@ -296,12 +296,14 @@ # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' - # ==> Turbolinks configuration - # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly: - # - # ActiveSupport.on_load(:devise_failure_app) do - # include Turbolinks::Controller - # end + # ==> Hotwire/Turbo configuration + # When using Devise with Hotwire/Turbo, the http status for error responses + # and some redirects must match the following. The default in Devise for existing + # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # these new defaults that match Hotwire/Turbo behavior. + # Note: These might become the new default in future versions of Devise. + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other # ==> Configuration for :registerable diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index dfb7eb94e..147c6a0ef 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -30,6 +30,6 @@

Cancel my account

-

Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %>

+

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>

<%= link_to "Back", :back %> diff --git a/test/support/integration.rb b/test/support/integration.rb index 76d297a49..3ed0d85aa 100644 --- a/test/support/integration.rb +++ b/test/support/integration.rb @@ -61,8 +61,8 @@ def sign_in_as_admin(options = {}, &block) # account Middleware redirects. # def assert_redirected_to(url) - assert_includes [301, 302], @integration_session.status, - "Expected status to be 301 or 302, got #{@integration_session.status}" + assert_includes [301, 302, 303], @integration_session.status, + "Expected status to be 301, 302, or 303, got #{@integration_session.status}" assert_url url, @integration_session.headers["Location"] end From 88625d488f43bfc804b3c63437b463e71e9211b5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Feb 2023 11:05:03 -0300 Subject: [PATCH 152/299] Use `button_to` to generate a POST form, disable turbo with OmniAuth This changes the OmniAuth "sign in" links to use buttons, which can be wrapped in an actual HTML form with a method POST, making them work better with and without Turbo in the app. It doesn't require rails/ujs anymore in case of a non-Turbo app, as it previously did with links + method=POST. Turbo is disabled for those OmniAuth buttons, as they simply don't work trying to follow the redirect to the OmniAuth provider via fetch, causing CORS issues/errors. --- CHANGELOG.md | 23 ++++++++++++----------- app/views/devise/shared/_links.html.erb | 2 +- test/integration/omniauthable_test.rb | 8 ++++++-- test/integration/timeoutable_test.rb | 2 +- 4 files changed, 20 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95643aa61..b62296744 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,17 +6,18 @@ * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. * Devise requires the latest `responders` version, which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` to match the behavior expected by Hotwire/Turbo: - ```ruby - # config/initializers/devise.rb - Devise.setup do |config| - # ... - config.responder.error_status = :unprocessable_entity - config.responder.redirect_status = :see_other - # ... - end - ``` - - These configs are already generated by default with new apps, and existing apps may opt-in as described above. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. + ```ruby + # config/initializers/devise.rb + Devise.setup do |config| + # ... + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other + # ... + end + ``` + + These configs are already generated by default with new apps, and existing apps may opt-in as described above. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. + * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails/ujs to work. Since rails/ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails/ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. ### 4.8.1 - 2021-12-16 diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index 96a941241..7a75304ba 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -20,6 +20,6 @@ <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> - <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), method: :post %>
+ <%= button_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), data: { turbo: false } %>
<% end %> <% end %> diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 1b14911da..d6a250830 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -128,13 +128,17 @@ def stub_action!(name) test "generates a link to authenticate with provider" do visit "/users/sign_in" - assert_select "a[href=?][data-method='post']", "/users/auth/facebook", text: "Sign in with FaceBook" + assert_select "form[action=?][method=post]", "/users/auth/facebook" do + assert_select "input[type=submit][value=?]", "Sign in with FaceBook" + end end test "generates a proper link when SCRIPT_NAME is set" do header 'SCRIPT_NAME', '/q' visit "/users/sign_in" - assert_select "a[href=?][data-method='post']", "/q/users/auth/facebook", text: "Sign in with FaceBook" + assert_select "form[action=?][method=post]", "/q/users/auth/facebook" do + assert_select "input[type=submit][value=?]", "Sign in with FaceBook" + end end test "handles callback error parameter according to the specification" do diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index b6f247148..502e49fb2 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -109,7 +109,7 @@ def last_request_at follow_redirect! assert_response :success - assert_contain 'Sign in' + assert_contain 'Log in' refute warden.authenticated?(:user) end From d0f0853c75defb10d83f4b2576b8df9e4cbb3695 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 Feb 2023 11:50:42 -0300 Subject: [PATCH 153/299] Remove CodeClimate badge It's not working right now, and we haven't used it in like forever to drive anything. Closes #5549 [ci skip] --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 8fa3f64b9..d0fa3b95a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ ![Devise Logo](https://raw.github.com/heartcombo/devise/main/devise.png) -[![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise) - Devise is a flexible authentication solution for Rails based on Warden. It: * Is Rack based; From 0d392fa49f619328b890d536d9ac838a6b888d4a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 Feb 2023 13:37:26 -0300 Subject: [PATCH 154/299] Use the released version of responders v3.1.0 Unfortunately we can't enforce the version in the gemspec because responders only supports Rails 5.2 now, and Devise still supports previous versions. We'll drop support for those in a future major release, so for now I'm not adding any version. This also adds a warning in case someone is using an older version of responders and tries to set the error/redirect statuses via Devise, so that they know what to do (upgrade responders) in that case. --- CHANGELOG.md | 8 +++++--- Gemfile | 2 +- Gemfile.lock | 14 ++++---------- README.md | 2 ++ gemfiles/Gemfile-rails-6-0 | 2 +- gemfiles/Gemfile-rails-6-1 | 2 +- gemfiles/Gemfile-rails-main | 2 +- lib/devise/controllers/responder.rb | 10 ++++++++++ 8 files changed, 25 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b62296744..607e1d047 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,7 @@ * enhancements * Add support for Ruby 3.1/3.2. * Add support for Hotwire + Turbo, default in Rails 7+. - * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. - * Devise requires the latest `responders` version, which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` to match the behavior expected by Hotwire/Turbo: + * Devise uses the latest `responders` version (v3.1.0 or higher), which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` respectively, to match the behavior expected by Hotwire/Turbo: ```ruby # config/initializers/devise.rb @@ -16,7 +15,10 @@ end ``` - These configs are already generated by default with new apps, and existing apps may opt-in as described above. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. + These configs are already generated by default with new apps, and existing apps may opt-in as described above. Trying to set these with an older version of `responders` will issue a warning and have no effect, so please upgrade the `responders` version if you're upgrading Devise for this integration. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. + * If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with `config.responder = MyApplicationResponder`, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the `responders` readme for more info on that. + * If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary. + * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails/ujs to work. Since rails/ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails/ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. ### 4.8.1 - 2021-12-16 diff --git a/Gemfile b/Gemfile index aac13712c..d6e25ba69 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", github: "heartcombo/responders", branch: "main" +gem "responders", "~> 3.1" group :test do gem "nokogiri", "< 1.13" diff --git a/Gemfile.lock b/Gemfile.lock index a9a79c79a..02dfe8898 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,12 +1,3 @@ -GIT - remote: https://github.com/heartcombo/responders.git - revision: fb9f787055a7a842584ce351793b249676290090 - branch: main - specs: - responders (3.0.1) - actionpack (>= 5.2) - railties (>= 5.2) - GIT remote: https://github.com/rails/rails-controller-testing.git revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74 @@ -198,6 +189,9 @@ GEM rake (13.0.6) rdoc (6.5.0) psych (>= 4.0.0) + responders (3.1.0) + actionpack (>= 5.2) + railties (>= 5.2) rexml (3.2.5) ruby-openid (2.9.2) ruby2_keywords (0.0.5) @@ -237,7 +231,7 @@ DEPENDENCIES rails (~> 7.0.0) rails-controller-testing! rdoc - responders! + responders (~> 3.1) rexml sqlite3 (~> 1.4) timecop diff --git a/README.md b/README.md index cd2e74a83..b5076cb90 100644 --- a/README.md +++ b/README.md @@ -493,6 +493,8 @@ Devise.setup do |config| end ``` +**Important**: these custom responses require the `responders` gem version to be `3.1.0` or higher, please make sure you update it if you're going to use this configuration. + _Note_: the above statuses configuration may become the default for Devise in a future release. ### I18n diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index b6cb38f8c..a73c66f0a 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", github: "heartcombo/responders", branch: "main" +gem "responders", "~> 3.1" group :test do gem "nokogiri", "< 1.13" diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 1dc626ed7..2469980fe 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", github: "heartcombo/responders", branch: "main" +gem "responders", "~> 3.1" if RUBY_VERSION >= "3.1" gem "net-smtp", require: false diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index fe9eba5af..1dfb38eb2 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -9,7 +9,7 @@ gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" -gem "responders", github: "heartcombo/responders", branch: "main" +gem "responders", "~> 3.1" group :test do gem "nokogiri", "< 1.13" diff --git a/lib/devise/controllers/responder.rb b/lib/devise/controllers/responder.rb index 8b1520578..8e3858a13 100644 --- a/lib/devise/controllers/responder.rb +++ b/lib/devise/controllers/responder.rb @@ -19,6 +19,16 @@ def self.error_status def self.redirect_status :found end + + def self.error_status=(*) + warn "[DEVISE] Setting the error status on the Devise responder has no effect with this " \ + "version of `responders`, please make sure you're using a newer version. Check the changelog for more info." + end + + def self.redirect_status=(*) + warn "[DEVISE] Setting the redirect status on the Devise responder has no effect with this " \ + "version of `responders`, please make sure you're using a newer version. Check the changelog for more info." + end end end end From 43c349a2fca9a26d33fa4fa09340f7087f8a2638 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 Feb 2023 15:26:23 -0300 Subject: [PATCH 155/299] Point version to v4.9.0.alpha for now Just want to have something different than the currently released version to test out more easily. Plus, this is probably going to become v4.9.0 final soon anyway. --- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 02dfe8898..bdb17cd69 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.8.1) + devise (4.9.0.alpha) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index ad9c7326a..fb8f5d116 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.8.1".freeze + VERSION = "4.9.0.alpha".freeze end From 2df5efcece9d8d0e05ed0f8dab25165d96c977e2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 3 Feb 2023 15:27:04 -0300 Subject: [PATCH 156/299] Add post install message pointing to the changelog and new upgrade guide There's some additional information in the wiki upgrade guide for those interested, but most of it is covered in the changelog and should suffice. The post install message should help guide people upgrading to make sure they know what to do in this new version, since some may be using Turbo out there with custom responders and failure apps and those would have to be removed in order to use these new changes fully. Hopefully that's enough of a nudge for them. --- CHANGELOG.md | 1 + README.md | 2 +- devise.gemspec | 7 +++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 607e1d047..4acddbcd9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ * If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary. * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails/ujs to work. Since rails/ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails/ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. + * Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more detailed information. ### 4.8.1 - 2021-12-16 diff --git a/README.md b/README.md index b5076cb90..35f80995f 100644 --- a/README.md +++ b/README.md @@ -493,7 +493,7 @@ Devise.setup do |config| end ``` -**Important**: these custom responses require the `responders` gem version to be `3.1.0` or higher, please make sure you update it if you're going to use this configuration. +**Important**: these custom responses require the `responders` gem version to be `3.1.0` or higher, please make sure you update it if you're going to use this configuration. Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more info. _Note_: the above statuses configuration may become the default for Devise in a future release. diff --git a/devise.gemspec b/devise.gemspec index 78c0177aa..3efad0f4d 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -32,4 +32,11 @@ Gem::Specification.new do |s| s.add_dependency("bcrypt", "~> 3.0") s.add_dependency("railties", ">= 4.1.0") s.add_dependency("responders") + + s.post_install_message = %q{ +[DEVISE] Please review the [changelog] and [upgrade guide] for more info on Hotwire / Turbo integration. + + [changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md + [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D + } end From 8606e1e67178d52f5c439d8f7c141bff6a122f32 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 7 Feb 2023 11:04:34 -0300 Subject: [PATCH 157/299] Expand changelog/readme with info about Turbo vs rails-ujs behavior Explain a bit more about how `data-confirm` and `data-method` need to be updated to the turbo versions `data-turbo-confirm` and `data-turbo-method`, respectively. (and depending on its usage.) [ci skip] --- CHANGELOG.md | 4 +++- README.md | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4acddbcd9..a782c0b70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,9 @@ * If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with `config.responder = MyApplicationResponder`, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the `responders` readme for more info on that. * If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary. * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. - * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails/ujs to work. Since rails/ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails/ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. + * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails-ujs to work. Since rails-ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails-ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. + * The "Cancel my account" button was changed to include the `data-turbo-confirm` option, so that it works with both rails-ujs and Turbo by default. + * Devise does not provide "sign out" links/buttons in its shared views, but if you're using `sign_out_via` with `:delete` (the default), and are using links with `method: :delete`, those need to be updated with `data: { turbo_method: :delete }` instead for Turbo. * Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more detailed information. ### 4.8.1 - 2021-12-16 diff --git a/README.md b/README.md index 35f80995f..88c37f884 100644 --- a/README.md +++ b/README.md @@ -497,6 +497,15 @@ end _Note_: the above statuses configuration may become the default for Devise in a future release. +There are a couple other changes you might need to make in your app to work with Hotwire/Turbo, if you're migrating from rails-ujs: + +* The `data-confirm` option that adds a confirmation modal to buttons/forms before submission needs to change to `data-turbo-confirm`, so that Turbo handles those appropriately. +* The `data-method` option that sets the request method for link submissions needs to change to `data-turbo-method`. This is not necessary for `button_to` or `form`s since Turbo can handle those. + +If you're setting up Devise to sign out via `:delete`, and you're using links (instead of buttons wrapped in a form) to sign out with the `method: :delete` option, they will need to be updated as described above. (Devise does not provide sign out links/buttons in its shared views.) + +Make sure to inspect your views looking for those, and change appropriately. + ### I18n Devise uses flash messages with I18n, in conjunction with the flash keys :notice and :alert. To customize your app, you can set up your locale file: From 31c4f31ef44f7849c1fb8dd4db282e7157ce2933 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 9 Feb 2023 08:51:03 -0300 Subject: [PATCH 158/299] Tweak comment about overriding Devise.responder Albeit it's not super recommended, it's possible and even mentioned in the changelog/wiki in case the app has some additional responder logic that needs to be applied to Devise across the board. --- lib/devise.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 55045a8c1..1d9370cc4 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -220,10 +220,12 @@ module Test mattr_accessor :navigational_formats @@navigational_formats = ["*/*", :html, :turbo_stream] - # The default responder used by Devise, not meant to be changed directly, - # but you can customize status codes with: - # `config.responder.error_status` - # `config.responder.redirect_status` + # The default responder used by Devise, used to customize status codes with: + # + # `config.responder.error_status` + # `config.responder.redirect_status` + # + # Can be replaced by a custom application responder. mattr_accessor :responder @@responder = Devise::Controllers::Responder From 49ed129c4057569761278467ea2ab331223a1b80 Mon Sep 17 00:00:00 2001 From: Junichi Ito Date: Sat, 11 Feb 2023 16:22:53 +0900 Subject: [PATCH 159/299] Replce p tag with div since p tags cannot contain other block elements --- app/views/devise/registrations/edit.html.erb | 2 +- .../templates/simple_form_for/registrations/edit.html.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index 2a666e925..b82e3365a 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -38,6 +38,6 @@

Cancel my account

-

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>

+
Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>
<%= link_to "Back", :back %> diff --git a/lib/generators/templates/simple_form_for/registrations/edit.html.erb b/lib/generators/templates/simple_form_for/registrations/edit.html.erb index 147c6a0ef..b3c0089ad 100644 --- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb +++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb @@ -30,6 +30,6 @@

Cancel my account

-

Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>

+
Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?", turbo_confirm: "Are you sure?" }, method: :delete %>
<%= link_to "Back", :back %> From 44f0fd741f51bb71e2dd4219200acc5c91aef449 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 16 Feb 2023 09:09:41 -0300 Subject: [PATCH 160/299] Update copyright year [ci skip] Closes #5556 --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 4896d6e61..248265870 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. +Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. Permission is hereby granted, free of charge, to any person obtaining diff --git a/README.md b/README.md index 7f735d6f7..558e19e36 100644 --- a/README.md +++ b/README.md @@ -767,6 +767,6 @@ https://github.com/heartcombo/devise/graphs/contributors ## License -MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. +MIT License. Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From 7f419bf99adb9463617be7ccb0852d5f8f7b0317 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 17 Feb 2023 11:14:03 -0300 Subject: [PATCH 161/299] Release Devise v4.9.0 --- CHANGELOG.md | 3 +++ Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a782c0b70..94fafa5f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### Unreleased + +### 4.9.0 - 2023-02-17 + * enhancements * Add support for Ruby 3.1/3.2. * Add support for Hotwire + Turbo, default in Rails 7+. diff --git a/Gemfile.lock b/Gemfile.lock index bdb17cd69..1f6b13b08 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.0.alpha) + devise (4.9.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index fb8f5d116..73c38d4d9 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.0.alpha".freeze + VERSION = "4.9.0".freeze end From 41e2db212065f2a75a5d73e76d6eb8ecd53a6acf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 20 Feb 2023 10:26:59 -0300 Subject: [PATCH 162/299] It is not required to copy the views when customizing controllers It is indeed recommended for consistency, but Rails will be able to find the views under `devise/` due to inheritance still, so make that a bit clearer in the readme docs about customizing controllers, explaining that copying or moving the views is an optional step. Closes #5526 [ci skip] --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 558e19e36..0f2a7d64f 100644 --- a/README.md +++ b/README.md @@ -382,7 +382,7 @@ $ rails generate devise:views users ``` If you would like to generate only a few sets of views, like the ones for the `registerable` and `confirmable` module, -you can pass a list of modules to the generator with the `-v` flag. +you can pass a list of views to the generator with the `-v` flag. ```console $ rails generate devise:views -v registrations confirmations @@ -410,7 +410,7 @@ If the customization at the views level is not enough, you can customize each co ... end ``` - (Use the -c flag to specify a controller, for example: `rails generate devise:controllers users -c=sessions`) + Use the `-c` flag to specify one or more controllers, for example: `rails generate devise:controllers users -c sessions`) 2. Tell the router to use this controller: @@ -418,7 +418,7 @@ If the customization at the views level is not enough, you can customize each co devise_for :users, controllers: { sessions: 'users/sessions' } ``` -3. Copy the views from `devise/sessions` to `users/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`. +3. Recommended but not required: copy (or move) the views from `devise/sessions` to `users/sessions`. Rails will continue using the views from `devise/sessions` due to inheritance if you skip this step, but having the views matching the controller(s) keeps things consistent. 4. Finally, change or extend the desired controller actions. From ee8f0f8e8325cfbf94ae8502b9c182475818c498 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Mar 2023 19:56:25 -0300 Subject: [PATCH 163/299] Fix frozen string in validatable, use multiline string instead. (#5563) Expand tests to check for the actual validatable exception message This was raising a `FrozenError` on Ruby < 3 where interpolated strings were considered frozen. This [changed in Ruby 3], since such strings are dynamic there's no point in freezing them by default. The test wasn't catching this because `FrozenError` actually inherits from `RuntimeError`: >> FrozenError.ancestors => [FrozenError, RuntimeError, StandardError, Exception, Object ...] So the exception check passed. Now we're also checking for the error message to ensure it raised the exception we really expected there. Closes #5465 [changed in Ruby 3] https://bugs.ruby-lang.org/issues/17104 Co-authored-by: Martin --- CHANGELOG.md | 2 ++ lib/devise/models/validatable.rb | 2 +- test/models/validatable_test.rb | 5 ++++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 94fafa5f4..f74ac67a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### Unreleased +* bug fixes + * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) ### 4.9.0 - 2023-02-17 diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 8f600a8c0..5a190a7c3 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -47,7 +47,7 @@ def self.assert_validations_api!(base) #:nodoc: unavailable_validations = VALIDATIONS.select { |v| !base.respond_to?(v) } unless unavailable_validations.empty? - raise "Could not use :validatable module since #{base} does not respond " << + raise "Could not use :validatable module since #{base} does not respond " \ "to the following methods: #{unavailable_validations.to_sentence}." end end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index f96cfa918..d3b5c9dc0 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -110,9 +110,12 @@ class ValidatableTest < ActiveSupport::TestCase end test 'should not be included in objects with invalid API' do - assert_raise RuntimeError do + exception = assert_raise RuntimeError do Class.new.send :include, Devise::Models::Validatable end + + expected_message = /Could not use :validatable module since .* does not respond to the following methods: validates_presence_of.*/ + assert_match expected_message, exception.message end test 'required_fields should be an empty array' do From 90f46bac373416d6ad4b3541e6ca144b1f7ee527 Mon Sep 17 00:00:00 2001 From: Peter Goldstein Date: Fri, 25 Feb 2022 11:30:57 -0800 Subject: [PATCH 164/299] Monkeypatch webrat for Nokogiri compatibility This is an attempt to address the Webrat / Nokogiri compatibility issue [discussed here]. It monkeypatches Webrat to explicitly add the old default arguments to the invocation of to_xpath. Move monkey patch to its own file under test/support/webrat. I really need to get rid of webrat. Closes #5475 [discussed here] https://github.com/sparklemotion/nokogiri/issues/2469 --- Gemfile | 1 - Gemfile.lock | 7 +++---- gemfiles/Gemfile-rails-5-0 | 1 - gemfiles/Gemfile-rails-5-1 | 1 - gemfiles/Gemfile-rails-5-2 | 1 - gemfiles/Gemfile-rails-6-0 | 1 - gemfiles/Gemfile-rails-6-1 | 1 - gemfiles/Gemfile-rails-main | 1 - test/support/webrat/matchers.rb | 12 ++++++++++++ 9 files changed, 15 insertions(+), 11 deletions(-) create mode 100644 test/support/webrat/matchers.rb diff --git a/Gemfile b/Gemfile index d6e25ba69..1a4ec8235 100644 --- a/Gemfile +++ b/Gemfile @@ -14,7 +14,6 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/Gemfile.lock b/Gemfile.lock index 1f6b13b08..286b1a6c1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -112,7 +112,7 @@ GEM marcel (1.0.2) method_source (1.0.0) mini_mime (1.1.2) - mini_portile2 (2.6.1) + mini_portile2 (2.8.1) minitest (5.17.0) mocha (1.16.1) multi_xml (0.6.0) @@ -126,8 +126,8 @@ GEM net-smtp (0.3.3) net-protocol nio4r (2.5.8) - nokogiri (1.12.5) - mini_portile2 (~> 2.6.1) + nokogiri (1.14.2) + mini_portile2 (~> 2.8.0) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -223,7 +223,6 @@ PLATFORMS DEPENDENCIES devise! mocha (~> 1.1) - nokogiri (< 1.13) omniauth omniauth-facebook omniauth-oauth2 diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index 76eb2aab2..382cf3c5d 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -14,7 +14,6 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 0d5f47015..24fe1d5e9 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -12,7 +12,6 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index 10bd39ba1..5dc267def 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -12,7 +12,6 @@ gem "rails-controller-testing" gem "responders", "~> 2.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "timecop" diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index a73c66f0a..b59c4d3d7 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -12,7 +12,6 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index 2469980fe..a4a81e414 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -18,7 +18,6 @@ if RUBY_VERSION >= "3.1" end group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 1dfb38eb2..c9bea6f2b 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -12,7 +12,6 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" group :test do - gem "nokogiri", "< 1.13" gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" diff --git a/test/support/webrat/matchers.rb b/test/support/webrat/matchers.rb new file mode 100644 index 000000000..31815d460 --- /dev/null +++ b/test/support/webrat/matchers.rb @@ -0,0 +1,12 @@ +# Monkey patch for Nokogiri changes - https://github.com/sparklemotion/nokogiri/issues/2469 +module Webrat + module Matchers + class HaveSelector + def query + Nokogiri::CSS.parse(@expected.to_s).map do |ast| + ast.to_xpath("//", Nokogiri::CSS::XPathVisitor.new) + end.first + end + end + end +end \ No newline at end of file From 60c5774ff42c6bb7c75d0bcae1132efd458675f7 Mon Sep 17 00:00:00 2001 From: Matt Redmond Date: Fri, 26 Nov 2021 16:38:24 +1030 Subject: [PATCH 165/299] Delegate sign_in_after_reset_password to resource class Allows resource class scopes to overrides the global configuration for sign in after reset password behaviour. --- .../devise/passwords_controller.rb | 4 +-- test/integration/recoverable_test.rb | 25 +++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 64c2e2f85..3af1f864b 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -36,7 +36,7 @@ def update if resource.errors.empty? resource.unlock_access! if unlockable?(resource) - if Devise.sign_in_after_reset_password + if resource_class.sign_in_after_reset_password flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message!(:notice, flash_message) resource.after_database_authentication @@ -53,7 +53,7 @@ def update protected def after_resetting_password_path_for(resource) - Devise.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name) + resource_class.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name) end # The path used after sending reset password instructions diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 762660781..6faab811b 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -222,6 +222,31 @@ def reset_password(options = {}, &block) end end + test 'does not sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is false' do + swap User, sign_in_after_reset_password: false do + create_user + request_forgot_password + reset_password + + assert_contain 'Your password has been changed successfully' + assert_not_contain 'You are now signed in.' + assert_equal new_user_session_path, @request.path + assert !warden.authenticated?(:user) + end + end + + test 'sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is true' do + swap Devise, sign_in_after_reset_password: false do + swap User, sign_in_after_reset_password: true do + create_user + request_forgot_password + reset_password + + assert warden.authenticated?(:user) + end + end + end + test 'does not sign in user automatically after changing its password if it\'s locked and unlock strategy is :none or :time' do [:none, :time].each do |strategy| swap Devise, unlock_strategy: strategy do From c7a719a9791f843016dc615341b75ad80d7c730d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Mar 2023 22:20:36 -0300 Subject: [PATCH 166/299] Add changelog for #5429 [ci skip] --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f74ac67a7..22b1b7635 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### Unreleased +* enhancements + * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) + * bug fixes * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) From df8b79a53f5ed3f111bff0074427f4aad1346acf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Mar 2023 22:43:17 -0300 Subject: [PATCH 167/299] Fix added tests for `sign_in_after_reset_password` per resource class We can't just "swap" those model properties, as that sets instance vars on the classes that get reverted to their "previous" value, which ends up leaving the instance vars set as `nil`. However, our logic for those model/class properties actually checks for `defined?` as a way to override them, and delegates up to `Devise` global config if they are not defined, so leaving instance vars back with `nil` values isn't enough, we need to actually remove them. This introduces a new test helper specifically for overriding those model configs so that we can do proper cleanup. --- test/integration/recoverable_test.rb | 4 ++-- test/support/helpers.rb | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 6faab811b..ed7f62fcb 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -223,7 +223,7 @@ def reset_password(options = {}, &block) end test 'does not sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is false' do - swap User, sign_in_after_reset_password: false do + swap_model_config User, sign_in_after_reset_password: false do create_user request_forgot_password reset_password @@ -237,7 +237,7 @@ def reset_password(options = {}, &block) test 'sign in user automatically after changing its password if resource_class.sign_in_after_reset_password is true' do swap Devise, sign_in_after_reset_password: false do - swap User, sign_in_after_reset_password: true do + swap_model_config User, sign_in_after_reset_password: true do create_user request_forgot_password reset_password diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 11ac4486a..2351e5b65 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -73,6 +73,17 @@ def swap(object, new_values) end end + def swap_model_config(model, new_values) + new_values.each do |key, value| + model.send :"#{key}=", value + end + yield + ensure + new_values.each_key do |key| + model.remove_instance_variable :"@#{key}" + end + end + def clear_cached_variables(options) if options.key?(:case_insensitive_keys) || options.key?(:strip_whitespace_keys) Devise.mappings.each do |_, mapping| From 400eaf7fbe05f50b48c08dc7dbf23259cbdb8bdb Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Mar 2023 22:50:28 -0300 Subject: [PATCH 168/299] Remove not used constant It's only been almost ~10 years since we removed it's usage. :D dff7891b97d785d228a15dff5c1acdb0da34605f --- test/support/helpers.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/support/helpers.rb b/test/support/helpers.rb index 2351e5b65..01dc6aa56 100644 --- a/test/support/helpers.rb +++ b/test/support/helpers.rb @@ -3,8 +3,6 @@ require 'active_support/test_case' class ActiveSupport::TestCase - VALID_AUTHENTICATION_TOKEN = 'AbCdEfGhIjKlMnOpQrSt'.freeze - def setup_mailer ActionMailer::Base.deliveries = [] end From 8acbdd6d93310ee1def597704e8541992010118b Mon Sep 17 00:00:00 2001 From: tabakazu Date: Sat, 26 Oct 2019 10:44:02 +0900 Subject: [PATCH 169/299] Replace matcher `refute` to `assert_not` --- test/controllers/helpers_test.rb | 6 +- test/controllers/internal_helpers_test.rb | 2 +- test/devise_test.rb | 12 ++-- test/integration/authenticatable_test.rb | 72 +++++++++---------- test/integration/confirmable_test.rb | 14 ++-- .../database_authenticatable_test.rb | 10 +-- test/integration/http_authenticatable_test.rb | 2 +- test/integration/lockable_test.rb | 2 +- test/integration/omniauthable_test.rb | 4 +- test/integration/recoverable_test.rb | 8 +-- test/integration/registerable_test.rb | 14 ++-- test/integration/rememberable_test.rb | 22 +++--- test/integration/timeoutable_test.rb | 10 +-- test/integration/trackable_test.rb | 2 +- test/mapping_test.rb | 2 +- test/models/confirmable_test.rb | 46 ++++++------ test/models/database_authenticatable_test.rb | 18 ++--- test/models/lockable_test.rb | 26 +++---- test/models/recoverable_test.rb | 20 +++--- test/models/timeoutable_test.rb | 12 ++-- test/models/validatable_test.rb | 2 +- test/models_test.rb | 2 +- test/test/integration_helpers_test.rb | 4 +- 23 files changed, 156 insertions(+), 156 deletions(-) diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index b48502643..abe0f648e 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -98,7 +98,7 @@ def setup test 'proxy admin_signed_in? to authenticatewith admin scope' do @mock_warden.expects(:authenticate).with(scope: :admin) - refute @controller.admin_signed_in? + assert_not @controller.admin_signed_in? end test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do @@ -319,10 +319,10 @@ def setup test 'is_flashing_format? is guarded against flash (middleware) not being loaded' do @controller.request.expects(:respond_to?).with(:flash).returns(false) - refute @controller.is_flashing_format? + assert_not @controller.is_flashing_format? end test 'is not a devise controller' do - refute @controller.devise_controller? + assert_not @controller.devise_controller? end end diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index 9f1b3f5b4..af49c1302 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -121,7 +121,7 @@ def setup MyController.send(:public, :navigational_formats) swap Devise, navigational_formats: ['*/*', :html] do - refute @controller.navigational_formats.include?("*/*") + assert_not @controller.navigational_formats.include?("*/*") end MyController.send(:protected, :navigational_formats) diff --git a/test/devise_test.rb b/test/devise_test.rb index 088527feb..423daf37e 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -71,8 +71,8 @@ class DeviseTest < ActiveSupport::TestCase test 'add new module using the helper method' do Devise.add_module(:coconut) assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size - refute Devise::STRATEGIES.include?(:coconut) - refute defined?(Devise::Models::Coconut) + assert_not Devise::STRATEGIES.include?(:coconut) + assert_not defined?(Devise::Models::Coconut) Devise::ALL.delete(:coconut) Devise.add_module(:banana, strategy: :fruits) @@ -88,11 +88,11 @@ class DeviseTest < ActiveSupport::TestCase test 'should complain when comparing empty or different sized passes' do [nil, ""].each do |empty| - refute Devise.secure_compare(empty, "something") - refute Devise.secure_compare("something", empty) - refute Devise.secure_compare(empty, empty) + assert_not Devise.secure_compare(empty, "something") + assert_not Devise.secure_compare("something", empty) + assert_not Devise.secure_compare(empty, empty) end - refute Devise.secure_compare("size_1", "size_four") + assert_not Devise.secure_compare("size_1", "size_four") end test 'Devise.email_regexp should match valid email addresses' do diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 6c3be3b57..a8592e14a 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -6,7 +6,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest test 'sign in should not run model validations' do sign_in_as_user - refute User.validations_performed + assert_not User.validations_performed end test 'home should be accessible without sign in' do @@ -18,13 +18,13 @@ class AuthenticationSanityTest < Devise::IntegrationTest test 'sign in as user should not authenticate admin scope' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'sign in as admin should not authenticate user scope' do sign_in_as_admin assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'sign in as both user and admin at same time' do @@ -39,7 +39,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_user sign_in_as_admin delete destroy_user_session_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert warden.authenticated?(:admin) end end @@ -50,7 +50,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_admin_session_path - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) assert warden.authenticated?(:user) end end @@ -61,8 +61,8 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_user_session_path - refute warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:user) + assert_not warden.authenticated?(:admin) end end @@ -72,21 +72,21 @@ class AuthenticationSanityTest < Devise::IntegrationTest sign_in_as_admin delete destroy_admin_session_path - refute warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:admin) + assert_not warden.authenticated?(:user) end end test 'not signed in as admin should not be able to access admins actions' do get admins_path assert_redirected_to new_admin_session_path - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'signed in as user should not be able to access admins actions' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) get admins_path assert_redirected_to new_admin_session_path @@ -95,7 +95,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest test 'signed in as admin should be able to access admin actions' do sign_in_as_admin assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get admins_path @@ -123,7 +123,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest get root_path assert_contain 'Signed out successfully' - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'unauthenticated admin set message on sign out' do @@ -146,13 +146,13 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'not signed in should not be able to access private route (authenticate denied)' do get private_path assert_redirected_to new_admin_session_path - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'signed in as user should not be able to access private route restricted to admins (authenticate denied)' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) get private_path assert_redirected_to new_admin_session_path end @@ -160,7 +160,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as admin should be able to access private route restricted to admins (authenticate accepted)' do sign_in_as_admin assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get private_path @@ -172,7 +172,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do sign_in_as_admin(active: false) assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_raises ActionController::RoutingError do get "/private/active" @@ -182,7 +182,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do sign_in_as_admin(active: true) assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get private_active_path @@ -194,7 +194,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as admin should get admin dashboard (authenticated accepted)' do sign_in_as_admin assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get dashboard_path @@ -206,7 +206,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as user should get user dashboard (authenticated accepted)' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) get dashboard_path @@ -224,7 +224,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do sign_in_as_admin(active: false) assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_raises ActionController::RoutingError do get "/dashboard/active" @@ -234,7 +234,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do sign_in_as_admin(active: true) assert warden.authenticated?(:admin) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) get dashboard_active_path @@ -246,7 +246,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest test 'signed in user should not see unauthenticated page (unauthenticated denied)' do sign_in_as_user assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) assert_raises ActionController::RoutingError do get join_path @@ -424,13 +424,13 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'handles unverified requests gets rid of caches' do swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) sign_in_as_user assert warden.authenticated?(:user) post exhibit_user_url(1) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_equal "User is not authenticated", response.body end end @@ -485,7 +485,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest test 'uses the mapping from router' do sign_in_as_user visit: "/as/sign_in" assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'sign in with json format returns json response' do @@ -527,7 +527,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_user delete destroy_user_session_path(format: 'json') assert_response :no_content - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'sign out with non-navigational format via XHR does not redirect' do @@ -535,7 +535,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_admin get destroy_sign_out_via_get_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*. assert_response :no_content - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -545,7 +545,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest sign_in_as_user delete destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" } assert_response :redirect - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end end @@ -555,7 +555,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest swap Devise, authentication_keys: [:subdomain] do sign_in_as_user assert_contain "Invalid Subdomain or password." - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -584,7 +584,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest sign_in_as_user end - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -594,7 +594,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest swap Devise, request_keys: [:subdomain] do sign_in_as_user assert_contain "Invalid Email or password." - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -617,7 +617,7 @@ def sign_in!(scope) test 'allow sign out via delete when sign_out_via provides only delete' do sign_in!(:sign_out_via_delete) delete destroy_sign_out_via_delete_session_path - refute warden.authenticated?(:sign_out_via_delete) + assert_not warden.authenticated?(:sign_out_via_delete) end test 'do not allow sign out via get when sign_out_via provides only delete' do @@ -631,7 +631,7 @@ def sign_in!(scope) test 'allow sign out via post when sign_out_via provides only post' do sign_in!(:sign_out_via_post) post destroy_sign_out_via_post_session_path - refute warden.authenticated?(:sign_out_via_post) + assert_not warden.authenticated?(:sign_out_via_post) end test 'do not allow sign out via get when sign_out_via provides only post' do @@ -645,13 +645,13 @@ def sign_in!(scope) test 'allow sign out via delete when sign_out_via provides delete and post' do sign_in!(:sign_out_via_delete_or_post) delete destroy_sign_out_via_delete_or_post_session_path - refute warden.authenticated?(:sign_out_via_delete_or_post) + assert_not warden.authenticated?(:sign_out_via_delete_or_post) end test 'allow sign out via post when sign_out_via provides delete and post' do sign_in!(:sign_out_via_delete_or_post) post destroy_sign_out_via_delete_or_post_session_path - refute warden.authenticated?(:sign_out_via_delete_or_post) + assert_not warden.authenticated?(:sign_out_via_delete_or_post) end test 'do not allow sign out via get when sign_out_via provides delete and post' do diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 278f9488e..e40307748 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -43,12 +43,12 @@ def resend_confirmation test 'user with valid confirmation token should not be able to confirm an account after the token has expired' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 4.days.ago) - refute user.confirmed? + assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) assert_have_selector '#error_explanation' assert_contain %r{needs to be confirmed within 3 days} - refute user.reload.confirmed? + assert_not user.reload.confirmed? assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}" end end @@ -86,7 +86,7 @@ def resend_confirmation test 'user with valid confirmation token should be able to confirm an account before the token has expired' do swap Devise, confirm_within: 3.days do user = create_user(confirm: false, confirmation_sent_at: 2.days.ago) - refute user.confirmed? + assert_not user.confirmed? visit_user_confirmation_with_token(user.raw_confirmation_token) assert_contain 'Your email address has been successfully confirmed.' @@ -132,7 +132,7 @@ def resend_confirmation sign_in_as_user(confirm: false) assert_contain 'You have to confirm your email address before continuing' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -143,7 +143,7 @@ def resend_confirmation end assert_contain 'Invalid Email or password' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -308,7 +308,7 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? - refute admin.reload.pending_reconfirmation? + assert_not admin.reload.pending_reconfirmation? end test 'admin with previously valid confirmation token should not be able to confirm email after email changed again' do @@ -330,7 +330,7 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_contain 'Your email address has been successfully confirmed.' assert_current_url '/admin_area/sign_in' assert admin.reload.confirmed? - refute admin.reload.pending_reconfirmation? + assert_not admin.reload.pending_reconfirmation? end test 'admin email should be unique also within unconfirmed_email' do diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index ed641ef29..20097a871 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -21,7 +21,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'email', with: 'foo@bar.com' end - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -43,14 +43,14 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'email', with: ' foo@bar.com ' end - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end test 'sign in should not authenticate if not using proper authentication keys' do swap Devise, authentication_keys: [:username] do sign_in_as_user - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -61,7 +61,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end assert_contain 'Invalid email address' - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end end @@ -71,7 +71,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end assert_contain 'Invalid Email or password' - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'when in paranoid mode and without a valid e-mail' do diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 683215957..707a07056 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -6,7 +6,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest test 'sign in with HTTP should not run model validations' do sign_in_as_new_user_with_http - refute User.validations_performed + assert_not User.validations_performed end test 'handles unverified requests gets rid of caches but continues signed in' do diff --git a/test/integration/lockable_test.rb b/test/integration/lockable_test.rb index 437d8eec9..e5dd5ee08 100644 --- a/test/integration/lockable_test.rb +++ b/test/integration/lockable_test.rb @@ -87,7 +87,7 @@ def send_unlock_request assert_current_url "/users/sign_in" assert_contain 'Your account has been unlocked successfully. Please sign in to continue.' - refute user.reload.access_locked? + assert_not user.reload.access_locked? end test "user should not send a new e-mail if already locked" do diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index d6a250830..61d6dab28 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -52,7 +52,7 @@ def stub_action!(name) follow_redirect! assert warden.authenticated?(:user) - refute User.validations_performed + assert_not User.validations_performed end end @@ -87,7 +87,7 @@ def stub_action!(name) assert_current_url "/" assert_contain "You have signed up successfully." assert_contain "Hello User user@example.com" - refute session["devise.facebook_data"] + assert_not session["devise.facebook_data"] end test "cleans up session on cancel" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index ed7f62fcb..57bfb9f74 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -12,7 +12,7 @@ def visit_new_password_path def request_forgot_password(&block) visit_new_password_path assert_response :success - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) fill_in 'email', with: 'user@test.com' yield if block_given? @@ -160,7 +160,7 @@ def reset_password(options = {}, &block) assert_current_url '/users/password' assert_have_selector '#error_explanation' assert_contain %r{Reset password token(.*)invalid} - refute user.reload.valid_password?('987654321') + assert_not user.reload.valid_password?('987654321') end test 'not authenticated user with valid reset password token but invalid password should not be able to change their password' do @@ -174,7 +174,7 @@ def reset_password(options = {}, &block) assert_current_url '/users/password' assert_have_selector '#error_explanation' assert_contain "Password confirmation doesn't match Password" - refute user.reload.valid_password?('987654321') + assert_not user.reload.valid_password?('987654321') end test 'not authenticated user with valid data should be able to change their password' do @@ -194,7 +194,7 @@ def reset_password(options = {}, &block) reset_password { fill_in 'Confirm new password', with: 'other_password' } assert_response :success assert_have_selector '#error_explanation' - refute user.reload.valid_password?('987654321') + assert_not user.reload.valid_password?('987654321') reset_password visit: false assert_contain 'Your password has been changed successfully.' diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index b40722331..e08933f8e 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -66,11 +66,11 @@ def user_sign_up assert_not_contain 'You have to confirm your account before continuing' assert_current_url "/" - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) user = User.to_adapter.find_first(order: [:id, :desc]) assert_equal 'new_user@test.com', user.email - refute user.confirmed? + assert_not user.confirmed? end test 'a guest user should receive the confirmation instructions from the default mailer' do @@ -94,7 +94,7 @@ def user_sign_up click_button 'Sign up' assert_current_url "/?custom=1" - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'a guest user cannot sign up with invalid information' do @@ -116,7 +116,7 @@ def user_sign_up assert_contain "2 errors prohibited" assert_nil User.to_adapter.find_first - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'a guest should not sign up with email/password that already exists' do @@ -135,7 +135,7 @@ def user_sign_up assert_current_url '/users' assert_contain(/Email.*already.*taken/) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'a guest should not be able to change account' do @@ -191,7 +191,7 @@ def user_sign_up assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again.' assert_equal new_user_session_path, @request.path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -252,7 +252,7 @@ def user_sign_up click_button 'Update' assert_contain "Password confirmation doesn't match Password" - refute User.to_adapter.find_first.valid_password?('pas123') + assert_not User.to_adapter.find_first.valid_password?('pas123') end test 'a signed in user should see a warning about minimum password length' do diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index 62547e762..c9430f570 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -41,12 +41,12 @@ def cookie_expires(key) test 'handle unverified requests gets rid of caches' do swap ApplicationController, allow_forgery_protection: true do post exhibit_user_url(1) - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) create_user_and_remember post exhibit_user_url(1) assert_equal "User is not authenticated", response.body - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -59,8 +59,8 @@ def cookie_expires(key) authenticity_token: "oops", user: { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" } } - refute warden.authenticated?(:user) - refute request.cookies['remember_user_token'] + assert_not warden.authenticated?(:user) + assert_not request.cookies['remember_user_token'] end end @@ -140,7 +140,7 @@ def cookie_expires(key) get root_path current_remember_token = request.cookies['remember_user_token'] - refute_equal old_remember_token, current_remember_token + assert_not_equal old_remember_token, current_remember_token end end @@ -166,13 +166,13 @@ def cookie_expires(key) get root_path assert_response :success assert warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:admin) end test 'do not remember with invalid token' do create_user_and_remember('add') get users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_redirected_to new_user_session_path end @@ -180,7 +180,7 @@ def cookie_expires(key) create_user_and_remember swap Devise, remember_for: 0.days do get users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_redirected_to new_user_session_path end end @@ -191,11 +191,11 @@ def cookie_expires(key) assert warden.authenticated?(:user) delete destroy_user_session_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert_nil warden.cookies['remember_user_token'] get users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'changing user password expires remember me token' do @@ -205,7 +205,7 @@ def cookie_expires(key) user.save! get users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'valid sign in calls after_remembered callback' do diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 502e49fb2..d11d59105 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -58,7 +58,7 @@ def last_request_at get users_path assert_redirected_to users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert warden.authenticated?(:admin) end end @@ -72,8 +72,8 @@ def last_request_at assert_not_nil last_request_at get root_path - refute warden.authenticated?(:user) - refute warden.authenticated?(:admin) + assert_not warden.authenticated?(:user) + assert_not warden.authenticated?(:admin) end end @@ -110,7 +110,7 @@ def last_request_at assert_response :success assert_contain 'Log in' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test 'time out is not triggered on sign in' do @@ -136,7 +136,7 @@ def last_request_at get expire_user_path(user) get users_path assert_redirected_to users_path - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end diff --git a/test/integration/trackable_test.rb b/test/integration/trackable_test.rb index adfd0bd6f..f5b6fcda8 100644 --- a/test/integration/trackable_test.rb +++ b/test/integration/trackable_test.rb @@ -6,7 +6,7 @@ class TrackableHooksTest < Devise::IntegrationTest test "trackable should not run model validations" do sign_in_as_user - refute User.validations_performed + assert_not User.validations_performed end test "current and last sign in timestamps are updated on each sign in" do diff --git a/test/mapping_test.rb b/test/mapping_test.rb index 0c874570c..9d60287cd 100644 --- a/test/mapping_test.rb +++ b/test/mapping_test.rb @@ -117,7 +117,7 @@ def user.devise_scope; :special_scope; end assert mapping.authenticatable? assert mapping.recoverable? assert mapping.lockable? - refute mapping.omniauthable? + assert_not mapping.omniauthable? end test 'find mapping by path' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 36acf5406..a1002c89d 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -41,9 +41,9 @@ def setup end test 'should verify whether a user is confirmed or not' do - refute new_user.confirmed? + assert_not new_user.confirmed? user = create_user - refute user.confirmed? + assert_not user.confirmed? user.confirm assert user.confirmed? end @@ -53,7 +53,7 @@ def setup assert user.confirm assert_blank user.errors[:email] - refute user.confirm + assert_not user.confirm assert_equal "was already confirmed, please try signing in", user.errors[:email].join end @@ -67,13 +67,13 @@ def setup test 'should return a new record with errors when a invalid token is given' do confirmed_user = User.confirm_by_token('invalid_confirmation_token') - refute confirmed_user.persisted? + assert_not confirmed_user.persisted? assert_equal "is invalid", confirmed_user.errors[:confirmation_token].join end test 'should return a new record with errors when a blank token is given' do confirmed_user = User.confirm_by_token('') - refute confirmed_user.persisted? + assert_not confirmed_user.persisted? assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end @@ -82,7 +82,7 @@ def setup confirmed_user = User.confirm_by_token('') - refute user.reload.confirmed? + assert_not user.reload.confirmed? assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end @@ -91,7 +91,7 @@ def setup confirmed_user = User.confirm_by_token(nil) - refute user.reload.confirmed? + assert_not user.reload.confirmed? assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join end @@ -145,7 +145,7 @@ def setup assert_email_not_sent do user.save! - refute user.confirmed? + assert_not user.confirmed? end end @@ -165,7 +165,7 @@ def setup test 'should return a new user if no email was found' do confirmation_user = User.send_confirmation_instructions(email: "invalid@example.com") - refute confirmation_user.persisted? + assert_not confirmation_user.persisted? end test 'should add error to new user email if no email was found' do @@ -212,7 +212,7 @@ def setup test 'should not be able to send instructions if the user is already confirmed' do user = create_user user.confirm - refute user.resend_confirmation_instructions + assert_not user.resend_confirmation_instructions assert user.confirmed? assert_equal 'was already confirmed, please try signing in', user.errors[:email].join end @@ -221,7 +221,7 @@ def setup swap Devise, allow_unconfirmed_access_for: 1.day do user = create_user user.confirmation_sent_at = 2.days.ago - refute user.active_for_authentication? + assert_not user.active_for_authentication? Devise.allow_unconfirmed_access_for = 3.days assert user.active_for_authentication? @@ -237,14 +237,14 @@ def setup assert user.active_for_authentication? user.confirmation_sent_at = 5.days.ago - refute user.active_for_authentication? + assert_not user.active_for_authentication? end end test 'should be active when already confirmed' do user = create_user - refute user.confirmed? - refute user.active_for_authentication? + assert_not user.confirmed? + assert_not user.active_for_authentication? user.confirm assert user.confirmed? @@ -255,7 +255,7 @@ def setup Devise.allow_unconfirmed_access_for = 0.days user = create_user user.confirmation_sent_at = Time.zone.today - refute user.active_for_authentication? + assert_not user.active_for_authentication? end test 'should not be active when confirm period is set to 0 days' do @@ -264,7 +264,7 @@ def setup Timecop.freeze(Time.zone.today) do user.confirmation_sent_at = Time.zone.today - refute user.active_for_authentication? + assert_not user.active_for_authentication? end end @@ -280,7 +280,7 @@ def setup user = create_user user.confirmation_sent_at = nil user.save - refute user.reload.active_for_authentication? + assert_not user.reload.active_for_authentication? end test 'should be active without confirmation when confirmation is not required' do @@ -313,7 +313,7 @@ def setup swap Devise, confirmation_keys: [:username, :email] do user = create_user confirm_user = User.send_confirmation_instructions(email: user.email) - refute confirm_user.persisted? + assert_not confirm_user.persisted? assert_equal "can't be blank", confirm_user.errors[:username].join end end @@ -338,7 +338,7 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) test 'should not accept confirmation email token after 4 days when expiration is set to 3 days' do swap Devise, confirm_within: 3.days do - refute confirm_user_by_token_with_confirmation_sent_at(4.days.ago) + assert_not confirm_user_by_token_with_confirmation_sent_at(4.days.ago) end end @@ -378,14 +378,14 @@ def confirm_user_by_token_with_confirmation_sent_at(confirmation_sent_at) self.username = self.username.to_s + 'updated' end old = user.username - refute user.confirm + assert_not user.confirm assert_equal user.username, old end test 'should always perform validations upon confirm when ensure valid true' do admin = create_admin admin.stubs(:valid?).returns(false) - refute admin.confirm(ensure_valid: true) + assert_not admin.confirm(ensure_valid: true) end end @@ -411,7 +411,7 @@ class ReconfirmableTest < ActiveSupport::TestCase admin.skip_reconfirmation! assert admin.update(email: 'new_test@example.com') assert admin.confirmed? - refute admin.pending_reconfirmation? + assert_not admin.pending_reconfirmation? assert_equal original_token, admin.confirmation_token end @@ -502,7 +502,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should return a new admin if no email or unconfirmed_email was found' do confirmation_admin = Admin.send_confirmation_instructions(email: "invalid@email.com") - refute confirmation_admin.persisted? + assert_not confirmation_admin.persisted? end test 'should add error to new admin email if no email or unconfirmed_email was found' do diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index c6fa527f8..a41659d63 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -133,7 +133,7 @@ def setup test 'should test for a valid password' do user = create_user assert user.valid_password?('12345678') - refute user.valid_password?('654321') + assert_not user.valid_password?('654321') end test 'should not raise error with an empty password' do @@ -145,7 +145,7 @@ def setup test 'should be an invalid password if the user has an empty password' do user = create_user user.encrypted_password = '' - refute user.valid_password?('654321') + assert_not user.valid_password?('654321') end test 'should respond to current password' do @@ -161,7 +161,7 @@ def setup test 'should add an error to current password when it is invalid' do user = create_user - refute user.update_with_password(current_password: 'other', + assert_not user.update_with_password(current_password: 'other', password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') assert_match "is invalid", user.errors[:current_password].join @@ -169,7 +169,7 @@ def setup test 'should add an error to current password when it is blank' do user = create_user - refute user.update_with_password(password: 'pass4321', + assert_not user.update_with_password(password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') assert_match "can't be blank", user.errors[:current_password].join @@ -179,7 +179,7 @@ def setup user = UserWithValidation.create!(valid_attributes) user.save assert user.persisted? - refute user.update_with_password(username: "") + assert_not user.update_with_password(username: "") assert_match "usertest", user.reload.username assert_match "can't be blank", user.errors[:username].join end @@ -192,14 +192,14 @@ def setup test 'should not update password with invalid confirmation' do user = create_user - refute user.update_with_password(current_password: '12345678', + assert_not user.update_with_password(current_password: '12345678', password: 'pass4321', password_confirmation: 'other') assert user.reload.valid_password?('12345678') end test 'should clean up password fields on failure' do user = create_user - refute user.update_with_password(current_password: '12345678', + assert_not user.update_with_password(current_password: '12345678', password: 'pass4321', password_confirmation: 'other') assert user.password.blank? assert user.password_confirmation.blank? @@ -226,14 +226,14 @@ def setup test 'should not destroy user with invalid password' do user = create_user - refute user.destroy_with_password('other') + assert_not user.destroy_with_password('other') assert user.persisted? assert_match "is invalid", user.errors[:current_password].join end test 'should not destroy user with blank password' do user = create_user - refute user.destroy_with_password(nil) + assert_not user.destroy_with_password(nil) assert user.persisted? assert_match "can't be blank", user.errors[:current_password].join end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 4190de929..20a9d2a28 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -85,7 +85,7 @@ def setup test "should verify whether a user is locked or not" do user = create_user - refute user.access_locked? + assert_not user.access_locked? user.lock_access! assert user.access_locked? end @@ -95,7 +95,7 @@ def setup user.confirm assert user.active_for_authentication? user.lock_access! - refute user.active_for_authentication? + assert_not user.active_for_authentication? end test "should unlock a user by cleaning locked_at, failed_attempts and unlock_token" do @@ -111,7 +111,7 @@ def setup end test "new user should not be locked and should have zero failed_attempts" do - refute new_user.access_locked? + assert_not new_user.access_locked? assert_equal 0, create_user.failed_attempts end @@ -122,7 +122,7 @@ def setup assert user.access_locked? Devise.unlock_in = 1.hour - refute user.access_locked? + assert_not user.access_locked? end end @@ -201,18 +201,18 @@ def setup raw = user.send_unlock_instructions locked_user = User.unlock_access_by_token(raw) assert_equal user, locked_user - refute user.reload.access_locked? + assert_not user.reload.access_locked? end test 'should return a new record with errors when a invalid token is given' do locked_user = User.unlock_access_by_token('invalid_token') - refute locked_user.persisted? + assert_not locked_user.persisted? assert_equal "is invalid", locked_user.errors[:unlock_token].join end test 'should return a new record with errors when a blank token is given' do locked_user = User.unlock_access_by_token('') - refute locked_user.persisted? + assert_not locked_user.persisted? assert_equal "can't be blank", locked_user.errors[:unlock_token].join end @@ -225,7 +225,7 @@ def setup test 'should return a new user if no email was found' do unlock_user = User.send_unlock_instructions(email: "invalid@example.com") - refute unlock_user.persisted? + assert_not unlock_user.persisted? end test 'should add error to new user email if no email was found' do @@ -245,23 +245,23 @@ def setup swap Devise, unlock_keys: [:username, :email] do user = create_user unlock_user = User.send_unlock_instructions(email: user.email) - refute unlock_user.persisted? + assert_not unlock_user.persisted? assert_equal "can't be blank", unlock_user.errors[:username].join end end test 'should not be able to send instructions if the user is not locked' do user = create_user - refute user.resend_unlock_instructions - refute user.access_locked? + assert_not user.resend_unlock_instructions + assert_not user.access_locked? assert_equal 'was not locked', user.errors[:email].join end test 'should not be able to send instructions if the user if not locked and have username as unlock key' do swap Devise, unlock_keys: [:username] do user = create_user - refute user.resend_unlock_instructions - refute user.access_locked? + assert_not user.resend_unlock_instructions + assert_not user.access_locked? assert_equal 'was not locked', user.errors[:username].join end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 187c2dd1a..ca2e80eb0 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -94,14 +94,14 @@ def setup user = create_user user.send_reset_password_instructions assert_present user.reset_password_token - refute user.reset_password('123456789', '987654321') + assert_not user.reset_password('123456789', '987654321') assert_present user.reset_password_token end test 'should not reset password with invalid data' do user = create_user user.stubs(:valid?).returns(false) - refute user.reset_password('123456789', '987654321') + assert_not user.reset_password('123456789', '987654321') end test 'should reset reset password token and send instructions by email' do @@ -121,7 +121,7 @@ def setup test 'should return a new record with errors if user was not found by e-mail' do reset_password_user = User.send_reset_password_instructions(email: "invalid@example.com") - refute reset_password_user.persisted? + assert_not reset_password_user.persisted? assert_equal "not found", reset_password_user.errors[:email].join end @@ -137,7 +137,7 @@ def setup swap Devise, reset_password_keys: [:username, :email] do user = create_user reset_password_user = User.send_reset_password_instructions(email: user.email) - refute reset_password_user.persisted? + assert_not reset_password_user.persisted? assert_equal "can't be blank", reset_password_user.errors[:username].join end end @@ -166,13 +166,13 @@ def setup test 'should return a new record with errors if no reset_password_token is found' do reset_password_user = User.reset_password_by_token(reset_password_token: 'invalid_token') - refute reset_password_user.persisted? + assert_not reset_password_user.persisted? assert_equal "is invalid", reset_password_user.errors[:reset_password_token].join end test 'should return a new record with errors if reset_password_token is blank' do reset_password_user = User.reset_password_by_token(reset_password_token: '') - refute reset_password_user.persisted? + assert_not reset_password_user.persisted? assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join end @@ -181,7 +181,7 @@ def setup raw = user.send_reset_password_instructions reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '') - refute reset_password_user.errors.empty? + assert_not reset_password_user.errors.empty? assert_match "can't be blank", reset_password_user.errors[:password].join assert_equal raw, reset_password_user.reset_password_token end @@ -191,7 +191,7 @@ def setup raw = user.send_reset_password_instructions reset_password_user = User.reset_password_by_token(reset_password_token: raw) - refute reset_password_user.errors.empty? + assert_not reset_password_user.errors.empty? assert_match "can't be blank", reset_password_user.errors[:password].join assert_equal raw, reset_password_user.reset_password_token end @@ -209,7 +209,7 @@ def setup assert_nil reset_password_user.reset_password_token user.reload - refute user.valid_password?(old_password) + assert_not user.valid_password?(old_password) assert user.valid_password?('new_password') assert_nil user.reset_password_token end @@ -231,7 +231,7 @@ def setup user.reload assert user.valid_password?(old_password) - refute user.valid_password?('new_password') + assert_not user.valid_password?('new_password') assert_equal "has expired, please request a new one", reset_password_user.errors[:reset_password_token].join end end diff --git a/test/models/timeoutable_test.rb b/test/models/timeoutable_test.rb index 6bbb29606..43926521d 100644 --- a/test/models/timeoutable_test.rb +++ b/test/models/timeoutable_test.rb @@ -9,11 +9,11 @@ class TimeoutableTest < ActiveSupport::TestCase end test 'should not be expired' do - refute new_user.timedout?(29.minutes.ago) + assert_not new_user.timedout?(29.minutes.ago) end test 'should not be expired when params is nil' do - refute new_user.timedout?(nil) + assert_not new_user.timedout?(nil) end test 'should use timeout_in method' do @@ -21,23 +21,23 @@ class TimeoutableTest < ActiveSupport::TestCase user.instance_eval { def timeout_in; 10.minutes end } assert user.timedout?(12.minutes.ago) - refute user.timedout?(8.minutes.ago) + assert_not user.timedout?(8.minutes.ago) end test 'should not be expired when timeout_in method returns nil' do user = new_user user.instance_eval { def timeout_in; nil end } - refute user.timedout?(10.hours.ago) + assert_not user.timedout?(10.hours.ago) end test 'fallback to Devise config option' do swap Devise, timeout_in: 1.minute do user = new_user assert user.timedout?(2.minutes.ago) - refute user.timedout?(30.seconds.ago) + assert_not user.timedout?(30.seconds.ago) Devise.timeout_in = 5.minutes - refute user.timedout?(2.minutes.ago) + assert_not user.timedout?(2.minutes.ago) assert user.timedout?(6.minutes.ago) end end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index d3b5c9dc0..af5961ef3 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -99,7 +99,7 @@ class ValidatableTest < ActiveSupport::TestCase user.password_confirmation = 'confirmation' assert user.invalid? - refute (user.errors[:password].join =~ /is too long/) + assert_not (user.errors[:password].join =~ /is too long/) end test 'should complain about length even if password is not required' do diff --git a/test/models_test.rb b/test/models_test.rb index f1e42799c..c213d2047 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -15,7 +15,7 @@ def assert_include_modules(klass, *modules) end (Devise::ALL - modules).each do |mod| - refute include_module?(klass, mod) + assert_not include_module?(klass, mod) end end diff --git a/test/test/integration_helpers_test.rb b/test/test/integration_helpers_test.rb index 131593c1d..7f579a8da 100644 --- a/test/test/integration_helpers_test.rb +++ b/test/test/integration_helpers_test.rb @@ -18,7 +18,7 @@ class TestIntegrationsHelpersTest < Devise::IntegrationTest sign_out user visit '/' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end test '#sign_out does not signs out other scopes' do @@ -28,7 +28,7 @@ class TestIntegrationsHelpersTest < Devise::IntegrationTest visit '/' - refute warden.authenticated?(:user) + assert_not warden.authenticated?(:user) assert warden.authenticated?(:admin) end end From 1e63c640c05034e7c2a481b240757ad959c3ca13 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 2 Mar 2023 18:40:33 -0300 Subject: [PATCH 170/299] Update a few other instances that were using refute methods Prefer assert_not* in general. --- test/controllers/helper_methods_test.rb | 4 ++-- test/models/confirmable_test.rb | 2 +- test/models/lockable_test.rb | 6 +++--- test/models/recoverable_test.rb | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/test/controllers/helper_methods_test.rb b/test/controllers/helper_methods_test.rb index 5e20477ca..998cab6fb 100644 --- a/test/controllers/helper_methods_test.rb +++ b/test/controllers/helper_methods_test.rb @@ -14,8 +14,8 @@ class HelperMethodsTest < Devise::ControllerTestCase end test 'does not respond_to helper or helper_method' do - refute_respond_to @controller.class, :helper - refute_respond_to @controller.class, :helper_method + assert_not_respond_to @controller.class, :helper + assert_not_respond_to @controller.class, :helper_method end test 'defines methods like current_user' do diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index a1002c89d..7343843ac 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -28,7 +28,7 @@ def setup confirmation_tokens = [] 3.times do token = create_user.confirmation_token - refute_includes confirmation_tokens, token + assert_not_includes confirmation_tokens, token confirmation_tokens << token end end diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index 20a9d2a28..d7d14b6a8 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -72,8 +72,8 @@ def setup test "reset_failed_attempts! does not try to reset if not using failed attempts strategy" do admin = create_admin - refute_respond_to admin, :failed_attempts - refute admin.reset_failed_attempts! + assert_not_respond_to admin, :failed_attempts + assert_not admin.reset_failed_attempts! end test 'should be valid for authentication with a unlocked user' do @@ -147,7 +147,7 @@ def setup user = create_user user.lock_access! token = user.unlock_token - refute_includes unlock_tokens, token + assert_not_includes unlock_tokens, token unlock_tokens << token end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index ca2e80eb0..1c43aa2dc 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -18,7 +18,7 @@ def setup user = create_user user.send_reset_password_instructions token = user.reset_password_token - refute_includes reset_password_tokens, token + assert_not_includes reset_password_tokens, token reset_password_tokens << token end end From 890bd9e3b58dd321eb4a2f3670eb2f54d8e996ed Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 2 Mar 2023 18:41:44 -0300 Subject: [PATCH 171/299] Replace usage of `assert !` with actual `assert_not` helper --- test/integration/authenticatable_test.rb | 2 +- test/integration/omniauthable_test.rb | 4 ++-- test/integration/recoverable_test.rb | 10 +++++----- test/models/confirmable_test.rb | 6 +++--- test/models/database_authenticatable_test.rb | 6 +++--- test/models/lockable_test.rb | 2 +- test/models/serializable_test.rb | 2 +- test/test/controller_helpers_test.rb | 4 ++-- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index a8592e14a..b8d1be8ea 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -397,7 +397,7 @@ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest end assert_match %r{Special user view}, response.body - assert !Devise::PasswordsController.scoped_views? + assert_not Devise::PasswordsController.scoped_views? ensure Devise::SessionsController.send :remove_instance_variable, :@scoped_views end diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index 61d6dab28..db3d0871c 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -98,7 +98,7 @@ def stub_action!(name) assert session["devise.facebook_data"] visit "/users/cancel" - assert !session["devise.facebook_data"] + assert_not session["devise.facebook_data"] end test "cleans up session on sign in" do @@ -109,7 +109,7 @@ def stub_action!(name) assert session["devise.facebook_data"] sign_in_as_user - assert !session["devise.facebook_data"] + assert_not session["devise.facebook_data"] end test "sign in and send remember token if configured" do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 57bfb9f74..9abf2b1ba 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -218,7 +218,7 @@ def reset_password(options = {}, &block) assert_contain 'Your password has been changed successfully.' assert_not_contain 'You are now signed in.' assert_equal new_user_session_path, @request.path - assert !warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -231,7 +231,7 @@ def reset_password(options = {}, &block) assert_contain 'Your password has been changed successfully' assert_not_contain 'You are now signed in.' assert_equal new_user_session_path, @request.path - assert !warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end @@ -257,7 +257,7 @@ def reset_password(options = {}, &block) assert_contain 'Your password has been changed successfully.' assert_not_contain 'You are now signed in.' assert_equal new_user_session_path, @request.path - assert !warden.authenticated?(:user) + assert_not warden.authenticated?(:user) end end end @@ -269,7 +269,7 @@ def reset_password(options = {}, &block) reset_password assert_contain 'Your password has been changed successfully.' - assert !user.reload.access_locked? + assert_not user.reload.access_locked? assert warden.authenticated?(:user) end end @@ -281,7 +281,7 @@ def reset_password(options = {}, &block) reset_password assert_contain 'Your password has been changed successfully.' - assert !user.reload.access_locked? + assert_not user.reload.access_locked? assert warden.authenticated?(:user) end end diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 7343843ac..9c627e820 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -538,7 +538,7 @@ class ReconfirmableTest < ActiveSupport::TestCase test 'should not require reconfirmation after creating a record' do admin = create_admin - assert !admin.pending_reconfirmation? + assert_not admin.pending_reconfirmation? end test 'should not require reconfirmation after creating a record with #save called in callback' do @@ -547,12 +547,12 @@ class Admin::WithSaveInCallback < Admin end admin = Admin::WithSaveInCallback.create(valid_attributes.except(:username)) - assert !admin.pending_reconfirmation? + assert_not admin.pending_reconfirmation? end test 'should require reconfirmation after creating a record and updating the email' do admin = create_admin - assert !admin.instance_variable_get(:@bypass_confirmation_postpone) + assert_not admin.instance_variable_get(:@bypass_confirmation_postpone) admin.email = "new_test@email.com" admin.save assert admin.pending_reconfirmation? diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index a41659d63..8cdf7228c 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -214,14 +214,14 @@ def setup test 'should not update password without password' do user = create_user user.update_without_password(password: 'pass4321', password_confirmation: 'pass4321') - assert !user.reload.valid_password?('pass4321') + assert_not user.reload.valid_password?('pass4321') assert user.valid_password?('12345678') end test 'should destroy user if current password is valid' do user = create_user assert user.destroy_with_password('12345678') - assert !user.persisted? + assert_not user.persisted? end test 'should not destroy user with invalid password' do @@ -289,7 +289,7 @@ def setup test 'downcase_keys with validation' do User.create(email: "HEllO@example.com", password: "123456") user = User.create(email: "HEllO@example.com", password: "123456") - assert !user.valid? + assert_not user.valid? end test 'required_fields should be encryptable_password and the email field by default' do diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index d7d14b6a8..d229ce57d 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -34,7 +34,7 @@ def setup user.confirm swap Devise, lock_strategy: :none, maximum_attempts: 2 do 3.times { user.valid_for_authentication?{ false } } - assert !user.access_locked? + assert_not user.access_locked? assert_equal 0, user.failed_attempts end end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 53f0f59f4..225f7ae69 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -40,7 +40,7 @@ def assert_key(key, subject) end def assert_no_key(key, subject) - assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}" + assert_not subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}" end def from_json(options = nil) diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index c93ecf2e3..d415a176c 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -15,7 +15,7 @@ class TestControllerHelpersTest < Devise::ControllerTestCase test "redirects if attempting to access a page with an unconfirmed account" do swap Devise, allow_unconfirmed_access_for: 0.days do user = create_user - assert !user.active_for_authentication? + assert_not user.active_for_authentication? sign_in user get :index @@ -26,7 +26,7 @@ class TestControllerHelpersTest < Devise::ControllerTestCase test "returns nil if accessing current_user with an unconfirmed account" do swap Devise, allow_unconfirmed_access_for: 0.days do user = create_user - assert !user.active_for_authentication? + assert_not user.active_for_authentication? sign_in user get :accept, params: { id: user } From afec6655c7692a80b7412d42d2d5f2ba69ffdde1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 17 Mar 2023 10:59:51 -0300 Subject: [PATCH 172/299] Update bundle --- Gemfile.lock | 133 ++++++++++++++++++++++++++------------------------- 1 file changed, 67 insertions(+), 66 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 286b1a6c1..bffcb2cdc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,74 +20,74 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.4.2) - actionpack (= 7.0.4.2) - activesupport (= 7.0.4.2) + actioncable (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4.2) - actionpack (= 7.0.4.2) - activejob (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionmailbox (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.4.2) - actionpack (= 7.0.4.2) - actionview (= 7.0.4.2) - activejob (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionmailer (7.0.4.3) + actionpack (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.4.2) - actionview (= 7.0.4.2) - activesupport (= 7.0.4.2) + actionpack (7.0.4.3) + actionview (= 7.0.4.3) + activesupport (= 7.0.4.3) rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.4.2) - actionpack (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + actiontext (7.0.4.3) + actionpack (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.4.2) - activesupport (= 7.0.4.2) + actionview (7.0.4.3) + activesupport (= 7.0.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.4.2) - activesupport (= 7.0.4.2) + activejob (7.0.4.3) + activesupport (= 7.0.4.3) globalid (>= 0.3.6) - activemodel (7.0.4.2) - activesupport (= 7.0.4.2) - activerecord (7.0.4.2) - activemodel (= 7.0.4.2) - activesupport (= 7.0.4.2) - activestorage (7.0.4.2) - actionpack (= 7.0.4.2) - activejob (= 7.0.4.2) - activerecord (= 7.0.4.2) - activesupport (= 7.0.4.2) + activemodel (7.0.4.3) + activesupport (= 7.0.4.3) + activerecord (7.0.4.3) + activemodel (= 7.0.4.3) + activesupport (= 7.0.4.3) + activestorage (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activesupport (= 7.0.4.3) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.4.2) + activesupport (7.0.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) bcrypt (3.1.18) builder (3.2.4) - concurrent-ruby (1.2.0) + concurrent-ruby (1.2.2) crass (1.0.6) date (3.3.3) erubi (1.12.0) @@ -100,11 +100,11 @@ GEM hashie (5.0.0) i18n (1.12.0) concurrent-ruby (~> 1.0) - jwt (2.6.0) + jwt (2.7.0) loofah (2.19.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.8.0.1) + mail (2.8.1) mini_mime (>= 0.1.1) net-imap net-pop @@ -113,7 +113,7 @@ GEM method_source (1.0.0) mini_mime (1.1.2) mini_portile2 (2.8.1) - minitest (5.17.0) + minitest (5.18.0) mocha (1.16.1) multi_xml (0.6.0) net-imap (0.3.4) @@ -149,39 +149,39 @@ GEM omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) - psych (5.0.2) + psych (5.1.0) stringio racc (1.6.2) - rack (2.2.6.2) + rack (2.2.6.4) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) rack-protection (3.0.5) rack - rack-test (2.0.2) + rack-test (2.1.0) rack (>= 1.3) - rails (7.0.4.2) - actioncable (= 7.0.4.2) - actionmailbox (= 7.0.4.2) - actionmailer (= 7.0.4.2) - actionpack (= 7.0.4.2) - actiontext (= 7.0.4.2) - actionview (= 7.0.4.2) - activejob (= 7.0.4.2) - activemodel (= 7.0.4.2) - activerecord (= 7.0.4.2) - activestorage (= 7.0.4.2) - activesupport (= 7.0.4.2) + rails (7.0.4.3) + actioncable (= 7.0.4.3) + actionmailbox (= 7.0.4.3) + actionmailer (= 7.0.4.3) + actionpack (= 7.0.4.3) + actiontext (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activemodel (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) bundler (>= 1.15.0) - railties (= 7.0.4.2) + railties (= 7.0.4.3) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (7.0.4.2) - actionpack (= 7.0.4.2) - activesupport (= 7.0.4.2) + railties (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) method_source rake (>= 12.2) thor (~> 1.0) @@ -198,14 +198,15 @@ GEM snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - sqlite3 (1.4.4) - stringio (3.0.4) + sqlite3 (1.6.1) + mini_portile2 (~> 2.8.0) + stringio (3.0.5) thor (1.2.1) timecop (0.9.6) - timeout (0.3.1) - tzinfo (2.0.5) + timeout (0.3.2) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) - version_gem (1.1.1) + version_gem (1.1.2) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) @@ -215,7 +216,7 @@ GEM websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.6) + zeitwerk (2.6.7) PLATFORMS ruby From 232c855c54cc3e471afbd48b6eda8ff164638c09 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 17 Mar 2023 10:42:29 -0300 Subject: [PATCH 173/299] Fix tests with Rails main Rails main / 7.1.0.alpha introduced a change to improve typography by default, by converting all apostrophes to be single quotation marks. https://github.com/rails/rails/pull/45463 The change caused all our text based matching to fail, this updates the tests to ensure compatibility. Model tests were changed to test against the error type & information rather than the translated string, which I think is an improvement overall that should make them a little less brittle. I thought of using [of_kind?] but that isn't available on all Rails versions we currently support, while `added?` is. The drawback is that `added?` require full details like the `:confirmation` example which requires the related attribute that is being confirmed, but that's a small price to pay. Integration tests were changed to match on a regexp that accepts both quotes. I could've used a simple `.` to match anything there, but thought I'd just keep it specific for clarity on what it is really expected to match there. Plus, since it's integration testing against a rendered response body, it's better to match the actual text rather than resort on other ways. (like using I18n directly, etc.) [of_kind?] https://api.rubyonrails.org/classes/ActiveModel/Errors.html#method-i-of_kind-3F --- test/integration/confirmable_test.rb | 8 ++++---- test/integration/recoverable_test.rb | 2 +- test/integration/registerable_test.rb | 4 ++-- test/models/authenticatable_test.rb | 4 ++-- test/models/confirmable_test.rb | 8 ++++---- test/models/database_authenticatable_test.rb | 6 +++--- test/models/lockable_test.rb | 4 ++-- test/models/recoverable_test.rb | 18 +++++++++--------- test/models/validatable_test.rb | 10 +++++----- 9 files changed, 32 insertions(+), 32 deletions(-) diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index e40307748..c951eb0bb 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -178,13 +178,13 @@ def resend_confirmation test "should not be able to confirm an email with a blank confirmation token" do visit_user_confirmation_with_token("") - assert_contain "Confirmation token can't be blank" + assert_contain %r{Confirmation token can['’]t be blank} end test "should not be able to confirm an email with a nil confirmation token" do visit_user_confirmation_with_token(nil) - assert_contain "Confirmation token can't be blank" + assert_contain %r{Confirmation token can['’]t be blank} end test "should not be able to confirm user with blank confirmation token" do @@ -193,7 +193,7 @@ def resend_confirmation visit_user_confirmation_with_token("") - assert_contain "Confirmation token can't be blank" + assert_contain %r{Confirmation token can['’]t be blank} end test "should not be able to confirm user with nil confirmation token" do @@ -202,7 +202,7 @@ def resend_confirmation visit_user_confirmation_with_token(nil) - assert_contain "Confirmation token can't be blank" + assert_contain %r{Confirmation token can['’]t be blank} end test 'error message is configurable by resource name' do diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 9abf2b1ba..44cb0b9e2 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -173,7 +173,7 @@ def reset_password(options = {}, &block) assert_response :success assert_current_url '/users/password' assert_have_selector '#error_explanation' - assert_contain "Password confirmation doesn't match Password" + assert_contain %r{Password confirmation doesn['’]t match Password} assert_not user.reload.valid_password?('987654321') end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index e08933f8e..038fcf7b9 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -112,7 +112,7 @@ def user_sign_up assert_template 'registrations/new' assert_have_selector '#error_explanation' assert_contain "Email is invalid" - assert_contain "Password confirmation doesn't match Password" + assert_contain %r{Password confirmation doesn['’]t match Password} assert_contain "2 errors prohibited" assert_nil User.to_adapter.find_first @@ -251,7 +251,7 @@ def user_sign_up fill_in 'current password', with: '12345678' click_button 'Update' - assert_contain "Password confirmation doesn't match Password" + assert_contain %r{Password confirmation doesn['’]t match Password} assert_not User.to_adapter.find_first.valid_password?('pas123') end diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index a3ddc52f5..fa31f6a88 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -30,12 +30,12 @@ class AuthenticatableTest < ActiveSupport::TestCase test 'find_or_initialize_with_errors adds blank error' do user_with_error = User.find_or_initialize_with_errors([:email], { email: "" }) - assert_equal ["Email can't be blank"], user_with_error.errors.full_messages_for(:email) + assert user_with_error.errors.added?(:email, :blank) end test 'find_or_initialize_with_errors adds invalid error' do user_with_error = User.find_or_initialize_with_errors([:email], { email: "example@example.com" }) - assert_equal ["Email is invalid"], user_with_error.errors.full_messages_for(:email) + assert user_with_error.errors.added?(:email, :invalid) end if defined?(ActionController::Parameters) diff --git a/test/models/confirmable_test.rb b/test/models/confirmable_test.rb index 9c627e820..31a955e72 100644 --- a/test/models/confirmable_test.rb +++ b/test/models/confirmable_test.rb @@ -74,7 +74,7 @@ def setup test 'should return a new record with errors when a blank token is given' do confirmed_user = User.confirm_by_token('') assert_not confirmed_user.persisted? - assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + assert confirmed_user.errors.added?(:confirmation_token, :blank) end test 'should return a new record with errors when a blank token is given and a record exists on the database' do @@ -83,7 +83,7 @@ def setup confirmed_user = User.confirm_by_token('') assert_not user.reload.confirmed? - assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + assert confirmed_user.errors.added?(:confirmation_token, :blank) end test 'should return a new record with errors when a nil token is given and a record exists on the database' do @@ -92,7 +92,7 @@ def setup confirmed_user = User.confirm_by_token(nil) assert_not user.reload.confirmed? - assert_equal "can't be blank", confirmed_user.errors[:confirmation_token].join + assert confirmed_user.errors.added?(:confirmation_token, :blank) end test 'should generate errors for a user email if user is already confirmed' do @@ -314,7 +314,7 @@ def setup user = create_user confirm_user = User.send_confirmation_instructions(email: user.email) assert_not confirm_user.persisted? - assert_equal "can't be blank", confirm_user.errors[:username].join + assert confirm_user.errors.added?(:username, :blank) end end diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb index 8cdf7228c..909e01045 100644 --- a/test/models/database_authenticatable_test.rb +++ b/test/models/database_authenticatable_test.rb @@ -172,7 +172,7 @@ def setup assert_not user.update_with_password(password: 'pass4321', password_confirmation: 'pass4321') assert user.reload.valid_password?('12345678') - assert_match "can't be blank", user.errors[:current_password].join + assert user.errors.added?(:current_password, :blank) end test 'should run validations even when current password is invalid or blank' do @@ -181,7 +181,7 @@ def setup assert user.persisted? assert_not user.update_with_password(username: "") assert_match "usertest", user.reload.username - assert_match "can't be blank", user.errors[:username].join + assert user.errors.added?(:username, :blank) end test 'should ignore password and its confirmation if they are blank' do @@ -235,7 +235,7 @@ def setup user = create_user assert_not user.destroy_with_password(nil) assert user.persisted? - assert_match "can't be blank", user.errors[:current_password].join + assert user.errors.added?(:current_password, :blank) end test 'should not email on password change' do diff --git a/test/models/lockable_test.rb b/test/models/lockable_test.rb index d229ce57d..b1d8cab0d 100644 --- a/test/models/lockable_test.rb +++ b/test/models/lockable_test.rb @@ -213,7 +213,7 @@ def setup test 'should return a new record with errors when a blank token is given' do locked_user = User.unlock_access_by_token('') assert_not locked_user.persisted? - assert_equal "can't be blank", locked_user.errors[:unlock_token].join + assert locked_user.errors.added?(:unlock_token, :blank) end test 'should find a user to send unlock instructions' do @@ -246,7 +246,7 @@ def setup user = create_user unlock_user = User.send_unlock_instructions(email: user.email) assert_not unlock_user.persisted? - assert_equal "can't be blank", unlock_user.errors[:username].join + assert unlock_user.errors.added?(:username, :blank) end end diff --git a/test/models/recoverable_test.rb b/test/models/recoverable_test.rb index 1c43aa2dc..b2234ac6a 100644 --- a/test/models/recoverable_test.rb +++ b/test/models/recoverable_test.rb @@ -134,12 +134,12 @@ def setup end test 'should require all reset_password_keys' do - swap Devise, reset_password_keys: [:username, :email] do - user = create_user - reset_password_user = User.send_reset_password_instructions(email: user.email) - assert_not reset_password_user.persisted? - assert_equal "can't be blank", reset_password_user.errors[:username].join - end + swap Devise, reset_password_keys: [:username, :email] do + user = create_user + reset_password_user = User.send_reset_password_instructions(email: user.email) + assert_not reset_password_user.persisted? + assert reset_password_user.errors.added?(:username, :blank) + end end test 'should reset reset_password_token before send the reset instructions email' do @@ -173,7 +173,7 @@ def setup test 'should return a new record with errors if reset_password_token is blank' do reset_password_user = User.reset_password_by_token(reset_password_token: '') assert_not reset_password_user.persisted? - assert_match "can't be blank", reset_password_user.errors[:reset_password_token].join + assert reset_password_user.errors.added?(:reset_password_token, :blank) end test 'should return a new record with errors if password is blank' do @@ -182,7 +182,7 @@ def setup reset_password_user = User.reset_password_by_token(reset_password_token: raw, password: '') assert_not reset_password_user.errors.empty? - assert_match "can't be blank", reset_password_user.errors[:password].join + assert reset_password_user.errors.added?(:password, :blank) assert_equal raw, reset_password_user.reset_password_token end @@ -192,7 +192,7 @@ def setup reset_password_user = User.reset_password_by_token(reset_password_token: raw) assert_not reset_password_user.errors.empty? - assert_match "can't be blank", reset_password_user.errors[:password].join + assert reset_password_user.errors.added?(:password, :blank) assert_equal raw, reset_password_user.reset_password_token end diff --git a/test/models/validatable_test.rb b/test/models/validatable_test.rb index af5961ef3..e8858de7e 100644 --- a/test/models/validatable_test.rb +++ b/test/models/validatable_test.rb @@ -8,7 +8,7 @@ class ValidatableTest < ActiveSupport::TestCase user = new_user(email: nil) assert user.invalid? assert user.errors[:email] - assert_equal 'can\'t be blank', user.errors[:email].join + assert user.errors.added?(:email, :blank) end test 'should require uniqueness of email if email has changed, allowing blank' do @@ -52,14 +52,14 @@ class ValidatableTest < ActiveSupport::TestCase test 'should require password to be set when creating a new record' do user = new_user(password: '', password_confirmation: '') assert user.invalid? - assert_equal 'can\'t be blank', user.errors[:password].join + assert user.errors.added?(:password, :blank) end test 'should require confirmation to be set when creating a new record' do user = new_user(password: 'new_password', password_confirmation: 'blabla') assert user.invalid? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + assert user.errors.added?(:password_confirmation, :confirmation, attribute: "Password") end test 'should require password when updating/resetting password' do @@ -69,7 +69,7 @@ class ValidatableTest < ActiveSupport::TestCase user.password_confirmation = '' assert user.invalid? - assert_equal 'can\'t be blank', user.errors[:password].join + assert user.errors.added?(:password, :blank) end test 'should require confirmation when updating/resetting password' do @@ -77,7 +77,7 @@ class ValidatableTest < ActiveSupport::TestCase user.password_confirmation = 'another_password' assert user.invalid? - assert_equal 'doesn\'t match Password', user.errors[:password_confirmation].join + assert user.errors.added?(:password_confirmation, :confirmation, attribute: "Password") end test 'should require a password with minimum of 7 characters' do From 11b6a99e88f7073d3de515be4b81e47541586091 Mon Sep 17 00:00:00 2001 From: Peter Goldstein Date: Mon, 27 Jun 2022 14:54:27 -0700 Subject: [PATCH 174/299] Add Dependabot for GitHub Actions --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..5ace4600a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From eed51179c7ac90d565f8a10847577cedd627d92b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 20 Mar 2023 17:42:59 -0300 Subject: [PATCH 175/299] Add explicit test for respecting the `error_status` responder config While introducing this on turbo, looks like no specific test was added, so this at least covers that a bit. It needs some conditional checks since not all supported Rails + Responders version work with the customization, so there's one test for the hardcoded status version too, which can be removed in the future. --- test/failure_app_test.rb | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 883cf8b9b..1500c36af 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -371,6 +371,35 @@ def call_failure(env_params = {}) end end end + + # TODO: remove conditional/else when supporting only responders 3.1+ + if ActionController::Responder.respond_to?(:error_status=) + test 'respects the configured responder `error_status` for the status code' do + swap Devise.responder, error_status: :unprocessable_entity do + env = { + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_equal 422, @response.first + assert_includes @response.third.body, 'Invalid Email or password.' + end + end + else + test 'uses default hardcoded responder `error_status` for the status code since responders version does not support configuring it' do + env = { + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_equal 200, @response.first + assert_includes @response.third.body, 'Invalid Email or password.' + end + end end context "Lazy loading" do From 89a08357d6e82ec907071f7714bf27358dbf868f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 20 Mar 2023 17:59:06 -0300 Subject: [PATCH 176/299] Uses the responder `redirect_status` when recall returns a redirect It appears some people use the recall functionality with a redirect response, and Devise starting on version 4.9 was overriding that status code to the configured `error_status` for better Turbo support, which broke the redirect functionality / expectation. While I don't think it's really great usage of the recall functionality, or at least it was unexpected usage, it's been working like that basically forever where recalling would use the status code of the recalled action, so this at least keeps it more consistent with that behavior by respecting redirects and keeping that response as a redirect based on the configured status, which should also work with Turbo I believe, and makes this less of a breaking change. Closes #5570 Closes #5561 (it was closed previously, but related / closes with an actual change now.) --- CHANGELOG.md | 1 + lib/devise/failure_app.rb | 4 +++- test/failure_app_test.rb | 24 ++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 22b1b7635..a3a9b2ebf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) * bug fixes + * Failure app will respond with configured `redirect_status` instead of `error_status` if the recall app returns a redirect status (300..399) [#5573](https://github.com/heartcombo/devise/pull/5573) * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) ### 4.9.0 - 2023-02-17 diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index d8042ec31..8458aef32 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -72,7 +72,9 @@ def recall flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response| - response[0] = Rack::Utils.status_code(Devise.responder.error_status) + response[0] = Rack::Utils.status_code( + response[0].in?(300..399) ? Devise.responder.redirect_status : Devise.responder.error_status + ) } end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 1500c36af..59f291e20 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -387,6 +387,19 @@ def call_failure(env_params = {}) assert_includes @response.third.body, 'Invalid Email or password.' end end + + test 'respects the configured responder `redirect_status` if the recall app returns a redirect status code' do + swap Devise.responder, redirect_status: :see_other do + env = { + "warden.options" => { recall: "devise/registrations#cancel", attempted_path: "/users/cancel" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_equal 303, @response.first + end + end else test 'uses default hardcoded responder `error_status` for the status code since responders version does not support configuring it' do env = { @@ -399,6 +412,17 @@ def call_failure(env_params = {}) assert_equal 200, @response.first assert_includes @response.third.body, 'Invalid Email or password.' end + + test 'users default hardcoded responder `redirect_status` for the status code since responders version does not support configuring it' do + env = { + "warden.options" => { recall: "devise/registrations#cancel", attempted_path: "/users/cancel" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_equal 302, @response.first + end end end From 367ea427626ea8d9a8315b296535a4d93f311fab Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 23 Mar 2023 19:11:11 -0300 Subject: [PATCH 177/299] Refactor dirty tracking conditionals for different versions (#5575) We have an number of conditions due to how dirty tracking changed around Rails 5.1, that implement methods using one or another method call. I might need more of this for mongo upgrades based on an initial investigation, plus this makes the code really hard to reason about sometimes with these many conditionals. While I want to drop support for older versions of Rails soon, this centralization of dirty methods that are used by devise conditionally simplifies the usage considerably across the board, moves the version condition to a single place, and will make it easier to refactor later once we drop older Rails version by simply removing the `devise_*` versions of the methods, alongside the prefix on the method calls for the most part, since those methods follow the naming of the newer Rails versions. --- CHANGELOG.md | 1 + lib/devise.rb | 5 +- lib/devise/models.rb | 1 + lib/devise/models/confirmable.rb | 51 +++++------------ lib/devise/models/database_authenticatable.rb | 33 +++-------- lib/devise/models/recoverable.rb | 21 ++----- lib/devise/models/validatable.rb | 9 +-- lib/devise/orm_dirty_tracking.rb | 57 +++++++++++++++++++ test/rails_app/lib/shared_admin.rb | 6 +- 9 files changed, 90 insertions(+), 94 deletions(-) create mode 100644 lib/devise/orm_dirty_tracking.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 22b1b7635..73b834bb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ * enhancements * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) + * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575) * bug fixes * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) diff --git a/lib/devise.rb b/lib/devise.rb index 1d9370cc4..e0749eb82 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -13,6 +13,7 @@ module Devise autoload :Encryptor, 'devise/encryptor' autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' + autoload :OrmDirtyTracking, 'devise/orm_dirty_tracking' autoload :ParameterFilter, 'devise/parameter_filter' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' @@ -307,10 +308,6 @@ module Test mattr_accessor :sign_in_after_change_password @@sign_in_after_change_password = true - def self.activerecord51? # :nodoc: - defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") - end - # Default way to set up Devise. Run rails generate devise_install to create # a fresh initializer with all configuration values. def self.setup diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 4d50fa245..1dc5753b0 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -84,6 +84,7 @@ def devise(*modules) end devise_modules_hook! do + include Devise::OrmDirtyTracking include Devise::Models::Authenticatable selected_modules.each do |m| diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 7faae516b..0f74d0757 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -258,44 +258,23 @@ def generate_confirmation_token! generate_confirmation_token && save(validate: false) end - if Devise.activerecord51? - def postpone_email_change_until_confirmation_and_regenerate_confirmation_token - @reconfirmation_required = true - self.unconfirmed_email = self.email - self.email = self.email_in_database - self.confirmation_token = nil - generate_confirmation_token - end - else - def postpone_email_change_until_confirmation_and_regenerate_confirmation_token - @reconfirmation_required = true - self.unconfirmed_email = self.email - self.email = self.email_was - self.confirmation_token = nil - generate_confirmation_token - end + + def postpone_email_change_until_confirmation_and_regenerate_confirmation_token + @reconfirmation_required = true + self.unconfirmed_email = self.email + self.email = self.devise_email_in_database + self.confirmation_token = nil + generate_confirmation_token end - if Devise.activerecord51? - def postpone_email_change? - postpone = self.class.reconfirmable && - will_save_change_to_email? && - !@bypass_confirmation_postpone && - self.email.present? && - (!@skip_reconfirmation_in_callback || !self.email_in_database.nil?) - @bypass_confirmation_postpone = false - postpone - end - else - def postpone_email_change? - postpone = self.class.reconfirmable && - email_changed? && - !@bypass_confirmation_postpone && - self.email.present? && - (!@skip_reconfirmation_in_callback || !self.email_was.nil?) - @bypass_confirmation_postpone = false - postpone - end + def postpone_email_change? + postpone = self.class.reconfirmable && + devise_will_save_change_to_email? && + !@bypass_confirmation_postpone && + self.email.present? && + (!@skip_reconfirmation_in_callback || !self.devise_email_in_database.nil?) + @bypass_confirmation_postpone = false + postpone end def reconfirmation_required? diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 8c0e22613..fc6ad714e 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -177,16 +177,9 @@ def authenticatable_salt encrypted_password[0,29] if encrypted_password end - if Devise.activerecord51? - # Send notification to user when email changes. - def send_email_changed_notification - send_devise_notification(:email_changed, to: email_before_last_save) - end - else - # Send notification to user when email changes. - def send_email_changed_notification - send_devise_notification(:email_changed, to: email_was) - end + # Send notification to user when email changes. + def send_email_changed_notification + send_devise_notification(:email_changed, to: devise_email_before_last_save) end # Send notification to user when password changes. @@ -205,24 +198,12 @@ def password_digest(password) Devise::Encryptor.digest(self.class, password) end - if Devise.activerecord51? - def send_email_changed_notification? - self.class.send_email_changed_notification && saved_change_to_email? && !@skip_email_changed_notification - end - else - def send_email_changed_notification? - self.class.send_email_changed_notification && email_changed? && !@skip_email_changed_notification - end + def send_email_changed_notification? + self.class.send_email_changed_notification && devise_saved_change_to_email? && !@skip_email_changed_notification end - if Devise.activerecord51? - def send_password_change_notification? - self.class.send_password_change_notification && saved_change_to_encrypted_password? && !@skip_password_change_notification - end - else - def send_password_change_notification? - self.class.send_password_change_notification && encrypted_password_changed? && !@skip_password_change_notification - end + def send_password_change_notification? + self.class.send_password_change_notification && devise_saved_change_to_encrypted_password? && !@skip_password_change_notification end module ClassMethods diff --git a/lib/devise/models/recoverable.rb b/lib/devise/models/recoverable.rb index 59f3a613d..b17c42aae 100644 --- a/lib/devise/models/recoverable.rb +++ b/lib/devise/models/recoverable.rb @@ -99,24 +99,13 @@ def send_reset_password_instructions_notification(token) send_devise_notification(:reset_password_instructions, token, {}) end - if Devise.activerecord51? - def clear_reset_password_token? - encrypted_password_changed = respond_to?(:will_save_change_to_encrypted_password?) && will_save_change_to_encrypted_password? - authentication_keys_changed = self.class.authentication_keys.any? do |attribute| - respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") - end - - authentication_keys_changed || encrypted_password_changed + def clear_reset_password_token? + encrypted_password_changed = devise_respond_to_and_will_save_change_to_attribute?(:encrypted_password) + authentication_keys_changed = self.class.authentication_keys.any? do |attribute| + devise_respond_to_and_will_save_change_to_attribute?(attribute) end - else - def clear_reset_password_token? - encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed? - authentication_keys_changed = self.class.authentication_keys.any? do |attribute| - respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") - end - authentication_keys_changed || encrypted_password_changed - end + authentication_keys_changed || encrypted_password_changed end module ClassMethods diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 5a190a7c3..1c22fb5fe 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -29,13 +29,8 @@ def self.included(base) base.class_eval do validates_presence_of :email, if: :email_required? - if Devise.activerecord51? - validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email? - validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email? - else - validates_uniqueness_of :email, allow_blank: true, if: :email_changed? - validates_format_of :email, with: email_regexp, allow_blank: true, if: :email_changed? - end + validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :devise_will_save_change_to_email? + validates_format_of :email, with: email_regexp, allow_blank: true, if: :devise_will_save_change_to_email? validates_presence_of :password, if: :password_required? validates_confirmation_of :password, if: :password_required? diff --git a/lib/devise/orm_dirty_tracking.rb b/lib/devise/orm_dirty_tracking.rb new file mode 100644 index 000000000..07391108f --- /dev/null +++ b/lib/devise/orm_dirty_tracking.rb @@ -0,0 +1,57 @@ +module Devise + module OrmDirtyTracking # :nodoc: + def self.activerecord51? + defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + end + + if activerecord51? + def devise_email_before_last_save + email_before_last_save + end + + def devise_email_in_database + email_in_database + end + + def devise_saved_change_to_email? + saved_change_to_email? + end + + def devise_saved_change_to_encrypted_password? + saved_change_to_encrypted_password? + end + + def devise_will_save_change_to_email? + will_save_change_to_email? + end + + def devise_respond_to_and_will_save_change_to_attribute?(attribute) + respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") + end + else + def devise_email_before_last_save + email_was + end + + def devise_email_in_database + email_was + end + + def devise_saved_change_to_email? + email_changed? + end + + def devise_saved_change_to_encrypted_password? + encrypted_password_changed? + end + + def devise_will_save_change_to_email? + email_changed? + end + + def devise_respond_to_and_will_save_change_to_attribute?(attribute) + respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") + end + end + end +end diff --git a/test/rails_app/lib/shared_admin.rb b/test/rails_app/lib/shared_admin.rb index 3e6362a78..374666ff5 100644 --- a/test/rails_app/lib/shared_admin.rb +++ b/test/rails_app/lib/shared_admin.rb @@ -10,11 +10,7 @@ module SharedAdmin allow_unconfirmed_access_for: 2.weeks, reconfirmable: true validates_length_of :reset_password_token, minimum: 3, allow_blank: true - if Devise::Test.rails51? - validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email? - else - validates_uniqueness_of :email, allow_blank: true, if: :email_changed? - end + validates_uniqueness_of :email, allow_blank: true, if: :devise_will_save_change_to_email? end def raw_confirmation_token From 207ddc5127fcecbbcf5abcd8744775509e55b2e8 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 23 Mar 2023 19:03:35 -0300 Subject: [PATCH 178/299] Improve support for Devise in apps with multiple ORMs loaded Devise is able to work with a specific ORM, either Active Record or Mongoid, but nothing stops apps from using multiple ORMs within the same application -- they just need to pick one to use with Devise. That's generally determined by the require that is added to the Devise initializer, that will load up either ORM's extensions so you can call things like `devise` on your model to set it up. However, some conditional logic in Devise, more specifically around dirty tracking, was only considering having Active Record loaded up after a certain version, to determine which methods to call in parts of the implementation. In a previous change we refactored all that dirty tracking code into this `OrmDirtyTracking` module to make it easier to view all the methods that were being conditionally called, and now we're repurposing this into a more generic `Orm` module (that's nodoc'ed by default) so that upon including it, we can conditionally include the proper dirty tracking extensions but also check whether the including model is really Active Record or not, so we can trigger the correct dirty tracking behavior for Mongoid as well if both are loaded on the same app, whereas previously the Mongoid behavior would always use the new Active Record behavior, but support may differ. While we are also working to ensure the latest versions of Mongoid are fully running with Devise, this should improve the situation by giving apps with multiple ORMs loaded a chance to rely on some of these Devise bits of functionality better now that weren't working properly before without some monkey-patching on their end. Closes #5539 Closes #4542 --- CHANGELOG.md | 1 + lib/devise.rb | 2 +- lib/devise/models.rb | 2 +- lib/devise/models/confirmable.rb | 2 +- lib/devise/{orm_dirty_tracking.rb => orm.rb} | 24 ++++++++++++++++---- 5 files changed, 23 insertions(+), 8 deletions(-) rename lib/devise/{orm_dirty_tracking.rb => orm.rb} (69%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73b834bb6..e47658cec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ * enhancements * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575) + * Improve support for Devise in apps with Active Record and Mongoid ORMs loaded, so it does not incorrectly uses new Active Record dirty tracking APIs with a Mongoid Devise model. [#5576](https://github.com/heartcombo/devise/pull/5576) * bug fixes * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) diff --git a/lib/devise.rb b/lib/devise.rb index e0749eb82..ca1130d9e 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -13,7 +13,7 @@ module Devise autoload :Encryptor, 'devise/encryptor' autoload :FailureApp, 'devise/failure_app' autoload :OmniAuth, 'devise/omniauth' - autoload :OrmDirtyTracking, 'devise/orm_dirty_tracking' + autoload :Orm, 'devise/orm' autoload :ParameterFilter, 'devise/parameter_filter' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' autoload :TestHelpers, 'devise/test_helpers' diff --git a/lib/devise/models.rb b/lib/devise/models.rb index 1dc5753b0..fb7dd89b0 100644 --- a/lib/devise/models.rb +++ b/lib/devise/models.rb @@ -84,7 +84,7 @@ def devise(*modules) end devise_modules_hook! do - include Devise::OrmDirtyTracking + include Devise::Orm include Devise::Models::Authenticatable selected_modules.each do |m| diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 0f74d0757..6ce22c30f 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -48,7 +48,7 @@ module Confirmable included do before_create :generate_confirmation_token, if: :confirmation_required? after_create :skip_reconfirmation_in_callback!, if: :send_confirmation_notification? - if defined?(ActiveRecord) && self < ActiveRecord::Base # ActiveRecord + if Devise::Orm.active_record?(self) # ActiveRecord after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification? after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required? else # Mongoid diff --git a/lib/devise/orm_dirty_tracking.rb b/lib/devise/orm.rb similarity index 69% rename from lib/devise/orm_dirty_tracking.rb rename to lib/devise/orm.rb index 07391108f..75baf2be5 100644 --- a/lib/devise/orm_dirty_tracking.rb +++ b/lib/devise/orm.rb @@ -1,10 +1,22 @@ module Devise - module OrmDirtyTracking # :nodoc: - def self.activerecord51? - defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + module Orm # :nodoc: + def self.active_record?(model) + defined?(ActiveRecord) && model < ActiveRecord::Base end - if activerecord51? + def self.active_record_51?(model) + active_record?(model) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + end + + def self.included(model) + if Devise::Orm.active_record_51?(model) + model.include DirtyTrackingNewMethods + else + model.include DirtyTrackingOldMethods + end + end + + module DirtyTrackingNewMethods def devise_email_before_last_save email_before_last_save end @@ -28,7 +40,9 @@ def devise_will_save_change_to_email? def devise_respond_to_and_will_save_change_to_attribute?(attribute) respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") end - else + end + + module DirtyTrackingOldMethods def devise_email_before_last_save email_was end From 3926e6d9eb139cc839faec8ea6c8f8cefa2d95f6 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Mar 2023 09:39:17 -0300 Subject: [PATCH 179/299] Release v4.9.1 --- CHANGELOG.md | 4 ++++ Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f329f3df..de772cd63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased + + +### 4.9.1 - 2023-03-31 + * enhancements * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575) diff --git a/Gemfile.lock b/Gemfile.lock index bffcb2cdc..55c6cbbbc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.0) + devise (4.9.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 73c38d4d9..ff3e1df88 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.0".freeze + VERSION = "4.9.1".freeze end From 4f849f4fa9a74608a9447806179c8cbb19bd7b38 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 3 Apr 2023 09:18:34 -0300 Subject: [PATCH 180/299] Bring back `Devise.activerecord51? and deprecate it Even though this is considered an internal / non-public / nodoc method, it seems some libraries relied on it internally, causing some breakage. Known libraries so far are `devise-security` and `devise-pwned_password`. Closes #5580 --- CHANGELOG.md | 3 ++- lib/devise.rb | 8 ++++++++ test/devise_test.rb | 4 ++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index de772cd63..8746e5e40 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### Unreleased - +* deprecations + * Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it. ### 4.9.1 - 2023-03-31 diff --git a/lib/devise.rb b/lib/devise.rb index ca1130d9e..b8677e798 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -520,6 +520,14 @@ def self.secure_compare(a, b) b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end + + def self.activerecord51? # :nodoc: + ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version. + It is a non-public method that's no longer used internally, but that other libraries have been relying on. + DEPRECATION + defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") + end end require 'warden' diff --git a/test/devise_test.rb b/test/devise_test.rb index 423daf37e..54ed98675 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -106,4 +106,8 @@ class DeviseTest < ActiveSupport::TestCase assert_no_match Devise.email_regexp, email end end + + test 'Devise.activerecord51? deprecation' do + assert_deprecated { Devise.activerecord51? } + end end From 8b0b849a67c46b10827743aa0ccb0679d69e5396 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 3 Apr 2023 09:23:02 -0300 Subject: [PATCH 181/299] Release v4.9.2 --- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 55c6cbbbc..23005760d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.1) + devise (4.9.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index ff3e1df88..19df7b449 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.1".freeze + VERSION = "4.9.2".freeze end From 4b72064bfcf076478c5c87818b9536b203f6584f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 3 Apr 2023 09:25:06 -0300 Subject: [PATCH 182/299] Add missing changelog version [ci skip] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8746e5e40..d96ad3f1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ### Unreleased + + +### 4.9.2 - 2023-04-03 + * deprecations * Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it. From 882dd70a9f2c750e4703cace23792f415198e778 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Barri=C3=A9?= Date: Thu, 6 Apr 2023 21:57:49 +0200 Subject: [PATCH 183/299] Use a dedicated ActiveSupport::Deprecation Rails 7.1 will deprecate using the singleton ActiveSupport::Deprecation instance. This defines one for the gem and uses it. --- app/helpers/devise_helper.rb | 2 +- lib/devise.rb | 6 +++++- lib/devise/controllers/sign_in_out.rb | 2 +- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/database_authenticatable.rb | 4 ++-- lib/devise/test/controller_helpers.rb | 2 +- lib/devise/test_helpers.rb | 2 +- test/devise_test.rb | 4 +++- test/models/serializable_test.rb | 4 +++- test/test_helper.rb | 13 +++++++++++++ 10 files changed, 31 insertions(+), 10 deletions(-) diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index d99780119..b9101e04b 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -4,7 +4,7 @@ module DeviseHelper # Retain this method for backwards compatibility, deprecated in favor of modifying the # devise/shared/error_messages partial. def devise_error_messages! - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be removed in the next major version. diff --git a/lib/devise.rb b/lib/devise.rb index b8677e798..3847e190c 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -521,8 +521,12 @@ def self.secure_compare(a, b) res == 0 end + def self.deprecator + @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise") + end + def self.activerecord51? # :nodoc: - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version. It is a non-public method that's no longer used internally, but that other libraries have been relying on. DEPRECATION diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 90c2a4367..b12f05f75 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -38,7 +38,7 @@ def sign_in(resource_or_scope, *args) expire_data_after_sign_in! if options[:bypass] - ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller) + Devise.deprecator.warn(<<-DEPRECATION.strip_heredoc, caller) [Devise] bypass option is deprecated and it will be removed in future version of Devise. Please use bypass_sign_in method instead. Example: diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 62590de57..30f2f463a 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -62,7 +62,7 @@ module Authenticatable :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] include Devise::DeprecatedConstantAccessor - deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION" + deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", deprecator: Devise.deprecator included do class_attribute :devise_modules, instance_writer: false diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index fc6ad714e..8903e6d06 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -86,7 +86,7 @@ def clean_up_passwords # is also rejected as long as it is also blank. def update_with_password(params, *options) if options.present? - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_with_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it @@ -128,7 +128,7 @@ def update_with_password(params, *options) # def update_without_password(params, *options) if options.present? - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_without_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 30b45b3a6..b6a7156ec 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -69,7 +69,7 @@ def sign_in(resource, deprecated = nil, scope: nil) scope = resource resource = deprecated - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise. Please use sign_in(resource, scope: :#{scope}) instead. DEPRECATION diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index c5b52fade..cc9ef4242 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -4,7 +4,7 @@ module Devise module TestHelpers def self.included(base) base.class_eval do - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise. For controller tests, please include `Devise::Test::ControllerHelpers` instead. DEPRECATION diff --git a/test/devise_test.rb b/test/devise_test.rb index 54ed98675..532aa57dc 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -108,6 +108,8 @@ class DeviseTest < ActiveSupport::TestCase end test 'Devise.activerecord51? deprecation' do - assert_deprecated { Devise.activerecord51? } + assert_deprecated("`Devise.activerecord51?` is deprecated", Devise.deprecator) do + Devise.activerecord51? + end end end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 225f7ae69..3a0322802 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -32,7 +32,9 @@ class SerializableTest < ActiveSupport::TestCase end test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do - assert_deprecated { Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION } + assert_deprecated("Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", Devise.deprecator) do + Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION + end end def assert_key(key, subject) diff --git a/test/test_helper.rb b/test/test_helper.rb index ad5a6db66..aba66aa74 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,6 +23,19 @@ if ActiveSupport.respond_to?(:test_order) ActiveSupport.test_order = :random end +class ActiveSupport::TestCase + if ActiveSupport.version < Gem::Version.new("5.0") + def assert_deprecated(match, deprecator) + super(match) do + behavior = deprecator.behavior + deprecator.behavior = ActiveSupport::Deprecation.behavior + yield + ensure + deprecator.behavior = behavior + end + end + end +end OmniAuth.config.logger = Logger.new('/dev/null') From e1298c87d7f6c05ed5ba02a020e943c2c6bcd62e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Barri=C3=A9?= Date: Thu, 8 Jun 2023 11:21:34 +0200 Subject: [PATCH 184/299] Add deprecator to the application's deprecators --- lib/devise/rails.rb | 4 ++++ test/rails_test.rb | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 5cc5fa6d5..ab308e979 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -17,6 +17,10 @@ class Engine < ::Rails::Engine app.reload_routes! if Devise.reload_routes end + initializer "devise.deprecator" do |app| + app.deprecators[:devise] = Devise.deprecator if app.respond_to?(:deprecators) + end + initializer "devise.url_helpers" do Devise.include_helpers(Devise::Controllers) end diff --git a/test/rails_test.rb b/test/rails_test.rb index fdc1612e8..64ff82cda 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -8,4 +8,10 @@ class RailsTest < ActiveSupport::TestCase assert_equal :load_config_initializers, initializer.after assert_equal :build_middleware_stack, initializer.before end + + if Devise::Test.rails71_and_up? + test 'deprecator is added to application deprecators' do + assert_not_nil Rails.application.deprecators[:devise] + end + end end From c809adeeed523c5f2dc70ff2143d9671529b1911 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Barri=C3=A9?= Date: Thu, 8 Jun 2023 11:35:45 +0200 Subject: [PATCH 185/299] Use show_exceptions = :none in Rails 7.1 DEPRECATION WARNING: Setting action_dispatch.show_exceptions to false is deprecated. Set to :none instead. --- test/rails_app/config/environments/test.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index c5d393c5e..9153790ad 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -32,7 +32,11 @@ config.action_controller.perform_caching = false # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + if Devise::Test.rails71_and_up? + config.action_dispatch.show_exceptions = :none + else + config.action_dispatch.show_exceptions = false + end # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false From 48e115334b72b0b07f0f3a2cbe97dc48c0795850 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20Barri=C3=A9?= Date: Thu, 8 Jun 2023 11:46:18 +0200 Subject: [PATCH 186/299] Remove MigrationContext deprecation in 7.1 DEPRECATION WARNING: SchemaMigration no longer inherits from ActiveRecord::Base. If you want to use the default connection, remove this argument. If you want to use a specific connection, instantiate MigrationContext with the connection's schema migration, for example `MigrationContext.new(path, Dog.connection.schema_migration)`. --- test/orm/active_record.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index cf500330a..97bf37c51 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,9 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails6_and_up? +if Devise::Test.rails71_and_up? + ActiveRecord::MigrationContext.new(migrate_path).migrate +elsif Devise::Test.rails6_and_up? ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate elsif Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate From 6d058bfde8d5cdf5a4cba820dc542cbe5bdcf5c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 22:34:19 +0000 Subject: [PATCH 187/299] Fix tests after #5515 --- test/integration/recoverable_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/integration/recoverable_test.rb b/test/integration/recoverable_test.rb index 44cb0b9e2..c391b0b2e 100644 --- a/test/integration/recoverable_test.rb +++ b/test/integration/recoverable_test.rb @@ -18,7 +18,7 @@ def request_forgot_password(&block) yield if block_given? Devise.stubs(:friendly_token).returns("abcdef") - click_button 'Send me reset password instructions' + click_button 'Send me password reset instructions' end def reset_password(options = {}, &block) @@ -339,7 +339,7 @@ def reset_password(options = {}, &block) swap Devise, paranoid: true do visit_new_password_path fill_in "email", with: "arandomemail@test.com" - click_button 'Send me reset password instructions' + click_button 'Send me password reset instructions' assert_not_contain "1 error prohibited this user from being saved:" assert_not_contain "Email not found" @@ -353,7 +353,7 @@ def reset_password(options = {}, &block) user = create_user visit_new_password_path fill_in 'email', with: user.email - click_button 'Send me reset password instructions' + click_button 'Send me password reset instructions' assert_contain "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." assert_current_url "/users/sign_in" From fc731a88bbf4d4d43da180043d612d0e926add29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 22:34:44 +0000 Subject: [PATCH 188/299] Add devcontainer configuration This will allow contributors to setup their environment using VS Code container or Codebases. --- .devcontainer/devcontainer.json | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 000000000..75ad21eca --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,25 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the +// README at: https://github.com/devcontainers/templates/tree/main/src/ruby +{ + "name": "Ruby", + // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile + "image": "mcr.microsoft.com/devcontainers/ruby:0-3-bullseye", + "features": { + "ghcr.io/devcontainers/features/github-cli:1": {} + }, + + // Features to add to the dev container. More info: https://containers.dev/features. + // "features": {}, + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + "postCreateCommand": "bundle install", + + // Configure tool-specific properties. + // "customizations": {}, + + // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. + // "remoteUser": "root" +} From 1a3d1ae3502f2b214de326ebab1220c5ab275eaa Mon Sep 17 00:00:00 2001 From: Iain Beeston Date: Tue, 24 May 2022 10:07:05 +0100 Subject: [PATCH 189/299] Replaced `
` with paragraph tags In regular HTML `
` is a void element, so it Many of the shared templates used by devise use `
` to separate lines, which is invalid html because `
` doesn't need a closing tag or a closing slash. See the WhatWG spec here: https://html.spec.whatwg.org/multipage/text-level-semantics.html#the-br-element Also, the WhatWG spec uses `

` tags to separate `

- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>

diff --git a/app/views/devise/passwords/edit.html.erb b/app/views/devise/passwords/edit.html.erb index 5fbb9ff0a..3f1dbc72e 100644 --- a/app/views/devise/passwords/edit.html.erb +++ b/app/views/devise/passwords/edit.html.erb @@ -5,16 +5,16 @@ <%= f.hidden_field :reset_password_token %>
- <%= f.label :password, "New password" %>
+

<%= f.label :password, "New password" %>

<% if @minimum_password_length %> - (<%= @minimum_password_length %> characters minimum)
+

(<%= @minimum_password_length %> characters minimum)

<% end %> - <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %> +

<%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>

- <%= f.label :password_confirmation, "Confirm new password" %>
- <%= f.password_field :password_confirmation, autocomplete: "new-password" %> +

<%= f.label :password_confirmation, "Confirm new password" %>

+

<%= f.password_field :password_confirmation, autocomplete: "new-password" %>

diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb index 6a9f517f0..bea7ad130 100644 --- a/app/views/devise/passwords/new.html.erb +++ b/app/views/devise/passwords/new.html.erb @@ -4,8 +4,8 @@ <%= render "devise/shared/error_messages", resource: resource %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb index b82e3365a..19bb019bc 100644 --- a/app/views/devise/registrations/edit.html.erb +++ b/app/views/devise/registrations/edit.html.erb @@ -4,8 +4,8 @@ <%= render "devise/shared/error_messages", resource: resource %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

<% if devise_mapping.confirmable? && resource.pending_reconfirmation? %> @@ -13,22 +13,21 @@ <% end %>
- <%= f.label :password %> (leave blank if you don't want to change it)
- <%= f.password_field :password, autocomplete: "new-password" %> +

<%= f.label :password %> (leave blank if you don't want to change it)

+

<%= f.password_field :password, autocomplete: "new-password" %>

<% if @minimum_password_length %> -
- <%= @minimum_password_length %> characters minimum +

<%= @minimum_password_length %> characters minimum

<% end %>
- <%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "new-password" %> +

<%= f.label :password_confirmation %>

+

<%= f.password_field :password_confirmation, autocomplete: "new-password" %>

- <%= f.label :current_password %> (we need your current password to confirm your changes)
- <%= f.password_field :current_password, autocomplete: "current-password" %> +

<%= f.label :current_password %> (we need your current password to confirm your changes)

+

<%= f.password_field :current_password, autocomplete: "current-password" %>

diff --git a/app/views/devise/registrations/new.html.erb b/app/views/devise/registrations/new.html.erb index d655b66f6..03f48fbb6 100644 --- a/app/views/devise/registrations/new.html.erb +++ b/app/views/devise/registrations/new.html.erb @@ -4,21 +4,21 @@ <%= render "devise/shared/error_messages", resource: resource %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

- <%= f.label :password %> +

<%= f.label :password %>

<% if @minimum_password_length %> - (<%= @minimum_password_length %> characters minimum) - <% end %>
- <%= f.password_field :password, autocomplete: "new-password" %> +

(<%= @minimum_password_length %> characters minimum)

+ <% end %> +

<%= f.password_field :password, autocomplete: "new-password" %>

- <%= f.label :password_confirmation %>
- <%= f.password_field :password_confirmation, autocomplete: "new-password" %> +

<%= f.label :password_confirmation %>

+

<%= f.password_field :password_confirmation, autocomplete: "new-password" %>

diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 5ede96489..6eeb9fc76 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -2,19 +2,19 @@ <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

- <%= f.label :password %>
- <%= f.password_field :password, autocomplete: "current-password" %> +

<%= f.label :password %>

+

<%= f.password_field :password, autocomplete: "current-password" %>

<% if devise_mapping.rememberable? %>
- <%= f.check_box :remember_me %> - <%= f.label :remember_me %> +

<%= f.check_box :remember_me %>

+

<%= f.label :remember_me %>

<% end %> diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb index 7a75304ba..21cf422d5 100644 --- a/app/views/devise/shared/_links.html.erb +++ b/app/views/devise/shared/_links.html.erb @@ -1,25 +1,25 @@ <%- if controller_name != 'sessions' %> - <%= link_to "Log in", new_session_path(resource_name) %>
+

<%= link_to "Log in", new_session_path(resource_name) %>

<% end %> <%- if devise_mapping.registerable? && controller_name != 'registrations' %> - <%= link_to "Sign up", new_registration_path(resource_name) %>
+

<%= link_to "Sign up", new_registration_path(resource_name) %>

<% end %> <%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> - <%= link_to "Forgot your password?", new_password_path(resource_name) %>
+

<%= link_to "Forgot your password?", new_password_path(resource_name) %>

<% end %> <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> - <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
+

<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>

<% end %> <%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> - <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+

<%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>

<% end %> <%- if devise_mapping.omniauthable? %> <%- resource_class.omniauth_providers.each do |provider| %> - <%= button_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), data: { turbo: false } %>
+

<%= button_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), data: { turbo: false } %>

<% end %> <% end %> diff --git a/app/views/devise/unlocks/new.html.erb b/app/views/devise/unlocks/new.html.erb index ffc34de8d..6b68d724c 100644 --- a/app/views/devise/unlocks/new.html.erb +++ b/app/views/devise/unlocks/new.html.erb @@ -4,8 +4,8 @@ <%= render "devise/shared/error_messages", resource: resource %>
- <%= f.label :email %>
- <%= f.email_field :email, autofocus: true, autocomplete: "email" %> +

<%= f.label :email %>

+

<%= f.email_field :email, autofocus: true, autocomplete: "email" %>

From e524a3d22d5044e1a2acc18a206f8754e25be039 Mon Sep 17 00:00:00 2001 From: soartec-lab Date: Fri, 26 May 2023 16:43:47 +0900 Subject: [PATCH 190/299] Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` --- CHANGELOG.md | 3 ++- lib/devise/models/authenticatable.rb | 3 --- test/models/serializable_test.rb | 6 ------ 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d96ad3f1c..5878f75eb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### Unreleased - +* enhancements + * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) ### 4.9.2 - 2023-04-03 diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 30f2f463a..e3466ebaf 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -61,9 +61,6 @@ module Authenticatable :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at, :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] - include Devise::DeprecatedConstantAccessor - deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", deprecator: Devise.deprecator - included do class_attribute :devise_modules, instance_writer: false self.devise_modules ||= [] diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 3a0322802..024ccf449 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -31,12 +31,6 @@ class SerializableTest < ActiveSupport::TestCase assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"] end - test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do - assert_deprecated("Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", Devise.deprecator) do - Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION - end - end - def assert_key(key, subject) assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}" end From 285dc5d2fcae1b2225c3f394957b16aca2719fa4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 23:23:28 +0000 Subject: [PATCH 191/299] Bump supercharge/mongodb-github-action from 1.3.0 to 1.9.0 Bumps [supercharge/mongodb-github-action](https://github.com/supercharge/mongodb-github-action) from 1.3.0 to 1.9.0. - [Release notes](https://github.com/supercharge/mongodb-github-action/releases) - [Changelog](https://github.com/supercharge/mongodb-github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/supercharge/mongodb-github-action/compare/1.3.0...1.9.0) --- updated-dependencies: - dependency-name: supercharge/mongodb-github-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 207f5703f..e217e2297 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -164,6 +164,6 @@ jobs: bundler-cache: true # runs bundle install and caches installed gems automatically bundler: ${{ env.BUNDLER_VERSION || 'default' }} rubygems: ${{ env.RUBYGEMS_VERSION || 'latest' }} - - uses: supercharge/mongodb-github-action@1.3.0 + - uses: supercharge/mongodb-github-action@1.9.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake From ed1c2a1adb18ef79004db03e00cc8c6394301e42 Mon Sep 17 00:00:00 2001 From: Louis-Michel Couture Date: Fri, 5 May 2023 10:20:13 -0400 Subject: [PATCH 192/299] Make sure Mailer defaults :from and :reply_to are handled correctly Rails allow procs and lambda with either zero or more argument. Devise however always tried to call instance_eval on those values, which does always pass one argument: self. There was a PR to fix this specific problem in Devise https://github.com/heartcombo/devise/pull/4627, before the arity check was fixed in rails itself: https://github.com/rails/rails/pull/30391. But even if the problem was fixed in Rails, Devise was still calling the proc/lambas with instance_eval. That meant the fix added to Rails did not apply to Devise. The fix is to let Rails handle the :from and :reply_to defaults. We do that by unsetting the headers instead of trying to replicate Rails handling in Devise. This lets Rails handle it when setting up the mailer. --- lib/devise/mailers/helpers.rb | 24 +++++++++--------------- test/mailers/mailer_test.rb | 26 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index f6997462d..29a491970 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -33,28 +33,22 @@ def headers_for(action, opts) subject: subject_for(action), to: resource.email, from: mailer_sender(devise_mapping), - reply_to: mailer_reply_to(devise_mapping), + reply_to: mailer_sender(devise_mapping), template_path: template_paths, template_name: action - }.merge(opts) + } + # Give priority to the mailer's default if they exists. + headers.delete(:from) if default_params[:from] + headers.delete(:reply_to) if default_params[:reply_to] + + headers.merge!(opts) @email = headers[:to] headers end - def mailer_reply_to(mapping) - mailer_sender(mapping, :reply_to) - end - - def mailer_from(mapping) - mailer_sender(mapping, :from) - end - - def mailer_sender(mapping, sender = :from) - default_sender = default_params[sender] - if default_sender.present? - default_sender.respond_to?(:to_proc) ? instance_eval(&default_sender) : default_sender - elsif Devise.mailer_sender.is_a?(Proc) + def mailer_sender(mapping) + if Devise.mailer_sender.is_a?(Proc) Devise.mailer_sender.call(mapping.name) else Devise.mailer_sender diff --git a/test/mailers/mailer_test.rb b/test/mailers/mailer_test.rb index f8369052a..6f9f568e8 100644 --- a/test/mailers/mailer_test.rb +++ b/test/mailers/mailer_test.rb @@ -17,4 +17,30 @@ def confirmation_instructions(record, token, opts = {}) assert mail.content_transfer_encoding, "7bit" end + + test "default values defined as proc with different arity are handled correctly" do + class TestMailerWithDefault < Devise::Mailer + default from: -> { computed_from } + default reply_to: ->(_) { computed_reply_to } + + def confirmation_instructions(record, token, opts = {}) + @token = token + devise_mail(record, :confirmation_instructions, opts) + end + + private + + def computed_from + "from@example.com" + end + + def computed_reply_to + "reply_to@example.com" + end + end + + mail = TestMailerWithDefault.confirmation_instructions(create_user, "confirmation-token") + assert mail.from, "from@example.com" + assert mail.reply_to, "reply_to@example.com" + end end From 4f822356307813fc5fc143dbf2cb9a022a891125 Mon Sep 17 00:00:00 2001 From: Edouard CHIN Date: Thu, 7 Jul 2022 11:24:19 +0200 Subject: [PATCH 193/299] Use Omniauth.allowed_methods' as routing verbs for the auth path: - ### Context Since version 2.0.0, Omniauth no longer recognizes `GET` request on the auth path (`/users/auth/`). `POST` is the only verb that is by default recognized in order to mitigate CSRF attack. https://github.com/omniauth/omniauth/blob/66110da85e3106d9c9b138d384267a9397c75fe7/lib/omniauth/strategy.rb#L205 Ultimatelly, when a user try to access `GET /users/auth/facebook`, Devise [passthru action](https://github.com/heartcombo/devise/blob/6d32d2447cc0f3739d9732246b5a5bde98d9e032/app/controllers/devise/omniauth_callbacks_controller.rb#L6) will be called which just return a raw 404 page. ### Problem There is no problem per se and everything work. However the advantage of not matching GET request at the router layer allows to get that same 404 page stylized for "free" (Rails ending up rendering the 404 page of the app). I believe it's also more consistent and less surprising for users if this passthru action don't get called. ### Drawback An application can no longer override the `passthru` to perform the logic it wants (i.e. redirect the user). If this is a dealbreaker, feel free to close this PR :). --- lib/devise/rails/routes.rb | 2 +- test/integration/omniauthable_test.rb | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 004b98574..f58c9fdc4 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -447,7 +447,7 @@ def devise_omniauth_callback(mapping, controllers) #:nodoc: match "#{path_prefix}/#{provider}", to: "#{controllers[:omniauth_callbacks]}#passthru", as: "#{provider}_omniauth_authorize", - via: [:get, :post] + via: OmniAuth.config.allowed_request_methods match "#{path_prefix}/#{provider}/callback", to: "#{controllers[:omniauth_callbacks]}##{provider}", diff --git a/test/integration/omniauthable_test.rb b/test/integration/omniauthable_test.rb index db3d0871c..72a59dbfb 100644 --- a/test/integration/omniauthable_test.rb +++ b/test/integration/omniauthable_test.rb @@ -126,6 +126,28 @@ def stub_action!(name) end end + test "authorization path via GET when Omniauth allowed_request_methods includes GET" do + original_allowed = OmniAuth.config.allowed_request_methods + OmniAuth.config.allowed_request_methods = [:get, :post] + + get "/users/auth/facebook" + + assert_response(:redirect) + ensure + OmniAuth.config.allowed_request_methods = original_allowed + end + + test "authorization path via GET when Omniauth allowed_request_methods doesn't include GET" do + original_allowed = OmniAuth.config.allowed_request_methods + OmniAuth.config.allowed_request_methods = [:post] + + assert_raises(ActionController::RoutingError) do + get "/users/auth/facebook" + end + ensure + OmniAuth.config.allowed_request_methods = original_allowed + end + test "generates a link to authenticate with provider" do visit "/users/sign_in" assert_select "form[action=?][method=post]", "/users/auth/facebook" do From 5b22538ae501f79e3e6e3691b3d2a430a5305427 Mon Sep 17 00:00:00 2001 From: santu essence Date: Thu, 17 Aug 2023 10:25:06 +0530 Subject: [PATCH 194/299] Inherit from only base. --- lib/generators/active_record/devise_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 2198310da..6018c934d 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -5,7 +5,7 @@ module ActiveRecord module Generators - class DeviseGenerator < ActiveRecord::Generators::Base + class DeviseGenerator < Base argument :attributes, type: :array, default: [], banner: "field:type field:type" class_option :primary_key_type, type: :string, desc: "The type for primary key" From f8f035155b9e00e6c6f702f81955bf89dfdb4a60 Mon Sep 17 00:00:00 2001 From: soartec-lab Date: Tue, 12 Sep 2023 11:10:32 +0900 Subject: [PATCH 195/299] Fixed missing migration to dedicated deprecator --- CHANGELOG.md | 1 + lib/devise/rails/deprecated_constant_accessor.rb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5878f75eb..dc212feae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) + * Changed to use a separate deprecator inside the gem. because `rails` 7.1 will deprecate using the singleton `ActiveSupport::Deprecation.instance` (@soartec-lab, @etiennebarrie) ### 4.9.2 - 2023-04-03 diff --git a/lib/devise/rails/deprecated_constant_accessor.rb b/lib/devise/rails/deprecated_constant_accessor.rb index d1eff92f2..f5cf01f89 100644 --- a/lib/devise/rails/deprecated_constant_accessor.rb +++ b/lib/devise/rails/deprecated_constant_accessor.rb @@ -26,7 +26,7 @@ def const_missing(missing_const_name) super end - def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance) + def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator) class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants) class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator } end From c4c8fad66c1bace811fefa98008a95f972c0bb54 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 09:55:31 -0300 Subject: [PATCH 196/299] Use Rails 7.1 on main Gemfile and create a new one for 7.0 --- .github/workflows/test.yml | 15 +++ Gemfile | 2 +- Gemfile.lock | 229 +++++++++++++++++++++---------------- gemfiles/Gemfile-rails-7-0 | 38 ++++++ 4 files changed, 183 insertions(+), 101 deletions(-) create mode 100644 gemfiles/Gemfile-rails-7-0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 207f5703f..851bc6a65 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,6 +8,7 @@ jobs: gemfile: - Gemfile - gemfiles/Gemfile-rails-main + - gemfiles/Gemfile-rails-7-0 - gemfiles/Gemfile-rails-6-1 - gemfiles/Gemfile-rails-6-0 - gemfiles/Gemfile-rails-5-2 @@ -58,6 +59,20 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-main env: DEVISE_ORM=mongoid + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.6' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.5' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.4' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.3' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.2' + - gemfile: gemfiles/Gemfile-rails-7-0 + ruby: '2.1' + - gemfile: gemfiles/Gemfile-rails-7-0 + env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-1 ruby: '2.4' - gemfile: gemfiles/Gemfile-rails-6-1 diff --git a/Gemfile b/Gemfile index 1a4ec8235..b975b7de7 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 7.0.0" +gem "rails", "~> 7.1.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" diff --git a/Gemfile.lock b/Gemfile.lock index 23005760d..12ea9b803 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/rails/rails-controller-testing.git - revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74 + revision: c203673f8011a7cdc2a8edf995ae6b3eec3417ca specs: rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) @@ -20,114 +20,132 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.0.4.3) - actionpack (= 7.0.4.3) - activesupport (= 7.0.4.3) + actioncable (7.1.0) + actionpack (= 7.1.0) + activesupport (= 7.1.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.4.3) - actionpack (= 7.0.4.3) - activejob (= 7.0.4.3) - activerecord (= 7.0.4.3) - activestorage (= 7.0.4.3) - activesupport (= 7.0.4.3) + zeitwerk (~> 2.6) + actionmailbox (7.1.0) + actionpack (= 7.1.0) + activejob (= 7.1.0) + activerecord (= 7.1.0) + activestorage (= 7.1.0) + activesupport (= 7.1.0) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.4.3) - actionpack (= 7.0.4.3) - actionview (= 7.0.4.3) - activejob (= 7.0.4.3) - activesupport (= 7.0.4.3) + actionmailer (7.1.0) + actionpack (= 7.1.0) + actionview (= 7.1.0) + activejob (= 7.1.0) + activesupport (= 7.1.0) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp - rails-dom-testing (~> 2.0) - actionpack (7.0.4.3) - actionview (= 7.0.4.3) - activesupport (= 7.0.4.3) - rack (~> 2.0, >= 2.2.0) + rails-dom-testing (~> 2.2) + actionpack (7.1.0) + actionview (= 7.1.0) + activesupport (= 7.1.0) + nokogiri (>= 1.8.5) + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.4.3) - actionpack (= 7.0.4.3) - activerecord (= 7.0.4.3) - activestorage (= 7.0.4.3) - activesupport (= 7.0.4.3) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.0) + actionpack (= 7.1.0) + activerecord (= 7.1.0) + activestorage (= 7.1.0) + activesupport (= 7.1.0) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.4.3) - activesupport (= 7.0.4.3) + actionview (7.1.0) + activesupport (= 7.1.0) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.4.3) - activesupport (= 7.0.4.3) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.0) + activesupport (= 7.1.0) globalid (>= 0.3.6) - activemodel (7.0.4.3) - activesupport (= 7.0.4.3) - activerecord (7.0.4.3) - activemodel (= 7.0.4.3) - activesupport (= 7.0.4.3) - activestorage (7.0.4.3) - actionpack (= 7.0.4.3) - activejob (= 7.0.4.3) - activerecord (= 7.0.4.3) - activesupport (= 7.0.4.3) + activemodel (7.1.0) + activesupport (= 7.1.0) + activerecord (7.1.0) + activemodel (= 7.1.0) + activesupport (= 7.1.0) + timeout (>= 0.4.0) + activestorage (7.1.0) + actionpack (= 7.1.0) + activejob (= 7.1.0) + activerecord (= 7.1.0) + activesupport (= 7.1.0) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (7.0.4.3) + activesupport (7.1.0) + base64 + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) minitest (>= 5.1) + mutex_m tzinfo (~> 2.0) - bcrypt (3.1.18) + base64 (0.1.1) + bcrypt (3.1.19) + bigdecimal (3.1.4) builder (3.2.4) concurrent-ruby (1.2.2) + connection_pool (2.4.1) crass (1.0.6) date (3.3.3) + drb (2.1.1) + ruby2_keywords erubi (1.12.0) - faraday (2.7.4) + faraday (2.7.11) + base64 faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - globalid (1.1.0) - activesupport (>= 5.0) + globalid (1.2.1) + activesupport (>= 6.1) hashie (5.0.0) - i18n (1.12.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) - jwt (2.7.0) - loofah (2.19.1) + io-console (0.6.0) + irb (1.8.1) + rdoc + reline (>= 0.3.8) + jwt (2.7.1) + loofah (2.21.3) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) mail (2.8.1) mini_mime (>= 0.1.1) net-imap net-pop net-smtp marcel (1.0.2) - method_source (1.0.0) - mini_mime (1.1.2) - mini_portile2 (2.8.1) - minitest (5.18.0) + mini_mime (1.1.5) + mini_portile2 (2.8.4) + minitest (5.20.0) mocha (1.16.1) multi_xml (0.6.0) - net-imap (0.3.4) + mutex_m (0.1.2) + net-imap (0.4.1) date net-protocol net-pop (0.1.2) net-protocol net-protocol (0.2.1) timeout - net-smtp (0.3.3) + net-smtp (0.4.0) net-protocol - nio4r (2.5.8) - nokogiri (1.14.2) - mini_portile2 (~> 2.8.0) + nio4r (2.5.9) + nokogiri (1.15.4) + mini_portile2 (~> 2.8.2) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -151,72 +169,83 @@ GEM orm_adapter (0.5.0) psych (5.1.0) stringio - racc (1.6.2) - rack (2.2.6.4) + racc (1.7.1) + rack (2.2.8) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (3.0.5) - rack + rack-protection (3.1.0) + rack (~> 2.2, >= 2.2.4) + rack-session (1.0.1) + rack (< 3) rack-test (2.1.0) rack (>= 1.3) - rails (7.0.4.3) - actioncable (= 7.0.4.3) - actionmailbox (= 7.0.4.3) - actionmailer (= 7.0.4.3) - actionpack (= 7.0.4.3) - actiontext (= 7.0.4.3) - actionview (= 7.0.4.3) - activejob (= 7.0.4.3) - activemodel (= 7.0.4.3) - activerecord (= 7.0.4.3) - activestorage (= 7.0.4.3) - activesupport (= 7.0.4.3) + rackup (1.0.0) + rack (< 3) + webrick + rails (7.1.0) + actioncable (= 7.1.0) + actionmailbox (= 7.1.0) + actionmailer (= 7.1.0) + actionpack (= 7.1.0) + actiontext (= 7.1.0) + actionview (= 7.1.0) + activejob (= 7.1.0) + activemodel (= 7.1.0) + activerecord (= 7.1.0) + activestorage (= 7.1.0) + activesupport (= 7.1.0) bundler (>= 1.15.0) - railties (= 7.0.4.3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + railties (= 7.1.0) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) - railties (7.0.4.3) - actionpack (= 7.0.4.3) - activesupport (= 7.0.4.3) - method_source + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) + railties (7.1.0) + actionpack (= 7.1.0) + activesupport (= 7.1.0) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) - zeitwerk (~> 2.5) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rake (13.0.6) rdoc (6.5.0) psych (>= 4.0.0) + reline (0.3.9) + io-console (~> 0.5) responders (3.1.0) actionpack (>= 5.2) railties (>= 5.2) - rexml (3.2.5) + rexml (3.2.6) ruby-openid (2.9.2) ruby2_keywords (0.0.5) snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - sqlite3 (1.6.1) + sqlite3 (1.6.6) mini_portile2 (~> 2.8.0) - stringio (3.0.5) - thor (1.2.1) - timecop (0.9.6) - timeout (0.3.2) + stringio (3.0.8) + thor (1.2.2) + timecop (0.9.8) + timeout (0.4.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - version_gem (1.1.2) + version_gem (1.1.3) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - websocket-driver (0.7.5) + webrick (1.8.1) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.7) + zeitwerk (2.6.12) PLATFORMS ruby @@ -228,7 +257,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 7.0.0) + rails (~> 7.1.0) rails-controller-testing! rdoc responders (~> 3.1) diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 new file mode 100644 index 000000000..91c8061cd --- /dev/null +++ b/gemfiles/Gemfile-rails-7-0 @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", "~> 7.0.0" +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.1" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "rexml" + gem "timecop" + gem "webrat", "0.7.3", require: false + gem "mocha", "~> 1.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 1.4" +end + +# platforms :jruby do +# gem "activerecord-jdbc-adapter" +# gem "activerecord-jdbcsqlite3-adapter" +# gem "jruby-openssl" +# end + +# TODO: +# group :mongoid do +# gem "mongoid", "~> 4.0.0" +# end From 14aa380d80f5003e147b06c376a2ace52d24f8db Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 17 Aug 2023 10:13:16 -0300 Subject: [PATCH 197/299] Update mocha to fix issue with Minitest compatibility layer There's a number of deprecation warnings to work through related to mocha updates in v2+, we'll get through those on a separate change. https://github.com/freerange/mocha/blob/main/RELEASE.md#200 The main issue is with Minitest, fixed in v2.1: https://github.com/freerange/mocha/blob/main/RELEASE.md#210 Also run `bundle update` on the main Gemfile to update all dependencies there to latest. --- Gemfile | 2 +- Gemfile.lock | 5 +++-- gemfiles/Gemfile-rails-4-1 | 2 +- gemfiles/Gemfile-rails-4-2 | 2 +- gemfiles/Gemfile-rails-5-0 | 2 +- gemfiles/Gemfile-rails-5-1 | 2 +- gemfiles/Gemfile-rails-5-2 | 2 +- gemfiles/Gemfile-rails-6-0 | 2 +- gemfiles/Gemfile-rails-6-1 | 2 +- gemfiles/Gemfile-rails-7-0 | 2 +- gemfiles/Gemfile-rails-main | 2 +- test/routes_test.rb | 2 +- 12 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Gemfile b/Gemfile index b975b7de7..722eb59a0 100644 --- a/Gemfile +++ b/Gemfile @@ -19,7 +19,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/Gemfile.lock b/Gemfile.lock index 12ea9b803..86faf08e2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -131,7 +131,8 @@ GEM mini_mime (1.1.5) mini_portile2 (2.8.4) minitest (5.20.0) - mocha (1.16.1) + mocha (2.1.0) + ruby2_keywords (>= 0.0.5) multi_xml (0.6.0) mutex_m (0.1.2) net-imap (0.4.1) @@ -252,7 +253,7 @@ PLATFORMS DEPENDENCIES devise! - mocha (~> 1.1) + mocha (~> 2.1) omniauth omniauth-facebook omniauth-oauth2 diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 6f0b77e83..33fb7b57a 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -21,7 +21,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false gem 'test_after_commit', require: false end diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index 43367157f..d99d368cd 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -20,7 +20,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false gem 'test_after_commit', require: false end diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index 382cf3c5d..ea23acf74 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -18,7 +18,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 24fe1d5e9..9921633ec 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -16,7 +16,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index 5dc267def..ef9f08fc1 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -16,7 +16,7 @@ group :test do gem "omniauth-openid" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-6-0 index b59c4d3d7..b6afb6723 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-6-0 @@ -17,7 +17,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-6-1 index a4a81e414..bdebe1a76 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-6-1 @@ -23,7 +23,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index 91c8061cd..ee474728e 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -19,7 +19,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index c9bea6f2b..12930653e 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -17,7 +17,7 @@ group :test do gem "rexml" gem "timecop" gem "webrat", "0.7.3", require: false - gem "mocha", "~> 1.1", require: false + gem "mocha", "~> 2.1", require: false end platforms :ruby do diff --git a/test/routes_test.rb b/test/routes_test.rb index 48d3f069f..0cfd6fc0c 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -2,7 +2,7 @@ require 'test_helper' -ExpectedRoutingError = MiniTest::Assertion +ExpectedRoutingError = Minitest::Assertion class DefaultRoutingTest < ActionController::TestCase test 'map new user session' do From 34cb23ed9c57471e61f57a2497832306171e9ca1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 11:29:27 -0300 Subject: [PATCH 198/299] Fix mocha warnings with hash vs kwargs --- test/controllers/helpers_test.rb | 20 ++++++++++---------- test/controllers/internal_helpers_test.rb | 4 ++-- test/integration/authenticatable_test.rb | 2 +- test/models/authenticatable_test.rb | 2 +- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index abe0f648e..655a1fb66 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -64,30 +64,30 @@ def setup end test 'proxy authenticate_user! to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with(scope: :user) + @mock_warden.expects(:authenticate!).with({ scope: :user }) @controller.authenticate_user! end test 'proxy authenticate_user! options to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with(scope: :user, recall: "foo") + @mock_warden.expects(:authenticate!).with({ scope: :user, recall: "foo" }) @controller.authenticate_user!(recall: "foo") end test 'proxy authenticate_admin! to authenticate with admin scope' do - @mock_warden.expects(:authenticate!).with(scope: :admin) + @mock_warden.expects(:authenticate!).with({ scope: :admin }) @controller.authenticate_admin! end test 'proxy authenticate_[group]! to authenticate!? with each scope' do [:user, :admin].each do |scope| - @mock_warden.expects(:authenticate!).with(scope: scope) + @mock_warden.expects(:authenticate!).with({ scope: scope }) @mock_warden.expects(:authenticate?).with(scope: scope).returns(false) end @controller.authenticate_commenter! end test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do - @mock_warden.expects(:authenticate!).with(scope: :publisher_account) + @mock_warden.expects(:authenticate!).with({ scope: :publisher_account }) @controller.authenticate_publisher_account! end @@ -127,14 +127,14 @@ def setup test 'sign in proxy to set_user on warden' do user = User.new @mock_warden.expects(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true) @controller.sign_in(:user, user) end test 'sign in accepts a resource as argument' do user = User.new @mock_warden.expects(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true) @controller.sign_in(user) end @@ -148,7 +148,7 @@ def setup test 'sign in again when the user is already in only if force is given' do user = User.new @mock_warden.expects(:user).returns(user) - @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true) @controller.sign_in(user, force: true) end @@ -269,7 +269,7 @@ def setup user = User.new @controller.session[:user_return_to] = "/foo.bar" @mock_warden.expects(:user).with(:user).returns(nil) - @mock_warden.expects(:set_user).with(user, scope: :user).returns(true) + @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true) @controller.expects(:redirect_to).with("/foo.bar") @controller.sign_in_and_redirect(user) end @@ -277,7 +277,7 @@ def setup test 'sign in and redirect uses the configured after sign in path' do admin = Admin.new @mock_warden.expects(:user).with(:admin).returns(nil) - @mock_warden.expects(:set_user).with(admin, scope: :admin).returns(true) + @mock_warden.expects(:set_user).with(admin, { scope: :admin }).returns(true) @controller.expects(:redirect_to).with(admin_root_path) @controller.sign_in_and_redirect(admin) end diff --git a/test/controllers/internal_helpers_test.rb b/test/controllers/internal_helpers_test.rb index af49c1302..124c8df06 100644 --- a/test/controllers/internal_helpers_test.rb +++ b/test/controllers/internal_helpers_test.rb @@ -55,7 +55,7 @@ def setup end test 'require no authentication tests current mapping' do - @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true) + @mock_warden.expects(:authenticate?).with(:rememberable, { scope: :user }).returns(true) @mock_warden.expects(:user).with(:user).returns(User.new) @controller.expects(:redirect_to).with(root_path) @controller.send :require_no_authentication @@ -71,7 +71,7 @@ def setup end test 'require no authentication sets a flash message' do - @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true) + @mock_warden.expects(:authenticate?).with(:rememberable, { scope: :user }).returns(true) @mock_warden.expects(:user).with(:user).returns(User.new) @controller.expects(:redirect_to).with(root_path) @controller.send :require_no_authentication diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index b8d1be8ea..5c56ca589 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -572,7 +572,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest host! 'foo.bar.baz' swap Devise, request_keys: [:subdomain] do - User.expects(:find_for_authentication).with(subdomain: 'foo', email: 'user@test.com').returns(create_user) + User.expects(:find_for_authentication).with({ subdomain: 'foo', email: 'user@test.com' }).returns(create_user) sign_in_as_user assert warden.authenticated?(:user) end diff --git a/test/models/authenticatable_test.rb b/test/models/authenticatable_test.rb index fa31f6a88..4d58b1e49 100644 --- a/test/models/authenticatable_test.rb +++ b/test/models/authenticatable_test.rb @@ -43,7 +43,7 @@ class AuthenticatableTest < ActiveSupport::TestCase user = create_user(email: 'example@example.com') attributes = ActionController::Parameters.new(email: 'example@example.com') - User.expects(:find_first_by_auth_conditions).with('email' => 'example@example.com').returns(user) + User.expects(:find_first_by_auth_conditions).with({ 'email' => 'example@example.com' }).returns(user) User.find_or_initialize_with_errors([:email], attributes) end end From a7d64ae313672488d8f689b3e48dc0601db8528f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 18:12:01 -0400 Subject: [PATCH 199/299] Merge pull request #5583 from etiennebarrie/deprecator Use a dedicated ActiveSupport::Deprecation --- app/helpers/devise_helper.rb | 2 +- lib/devise.rb | 6 +++++- lib/devise/controllers/sign_in_out.rb | 2 +- lib/devise/models/authenticatable.rb | 2 +- lib/devise/models/database_authenticatable.rb | 4 ++-- lib/devise/rails.rb | 4 ++++ lib/devise/test/controller_helpers.rb | 2 +- lib/devise/test_helpers.rb | 2 +- test/devise_test.rb | 4 +++- test/models/serializable_test.rb | 4 +++- test/rails_test.rb | 6 ++++++ test/test_helper.rb | 13 +++++++++++++ 12 files changed, 41 insertions(+), 10 deletions(-) diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index d99780119..b9101e04b 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -4,7 +4,7 @@ module DeviseHelper # Retain this method for backwards compatibility, deprecated in favor of modifying the # devise/shared/error_messages partial. def devise_error_messages! - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be removed in the next major version. diff --git a/lib/devise.rb b/lib/devise.rb index b8677e798..3847e190c 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -521,8 +521,12 @@ def self.secure_compare(a, b) res == 0 end + def self.deprecator + @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise") + end + def self.activerecord51? # :nodoc: - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version. It is a non-public method that's no longer used internally, but that other libraries have been relying on. DEPRECATION diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index 90c2a4367..b12f05f75 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -38,7 +38,7 @@ def sign_in(resource_or_scope, *args) expire_data_after_sign_in! if options[:bypass] - ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller) + Devise.deprecator.warn(<<-DEPRECATION.strip_heredoc, caller) [Devise] bypass option is deprecated and it will be removed in future version of Devise. Please use bypass_sign_in method instead. Example: diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index 62590de57..30f2f463a 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -62,7 +62,7 @@ module Authenticatable :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at] include Devise::DeprecatedConstantAccessor - deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION" + deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", deprecator: Devise.deprecator included do class_attribute :devise_modules, instance_writer: false diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index fc6ad714e..8903e6d06 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -86,7 +86,7 @@ def clean_up_passwords # is also rejected as long as it is also blank. def update_with_password(params, *options) if options.present? - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_with_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it @@ -128,7 +128,7 @@ def update_with_password(params, *options) # def update_without_password(params, *options) if options.present? - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_without_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index 5cc5fa6d5..ab308e979 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -17,6 +17,10 @@ class Engine < ::Rails::Engine app.reload_routes! if Devise.reload_routes end + initializer "devise.deprecator" do |app| + app.deprecators[:devise] = Devise.deprecator if app.respond_to?(:deprecators) + end + initializer "devise.url_helpers" do Devise.include_helpers(Devise::Controllers) end diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index 30b45b3a6..b6a7156ec 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -69,7 +69,7 @@ def sign_in(resource, deprecated = nil, scope: nil) scope = resource resource = deprecated - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise. Please use sign_in(resource, scope: :#{scope}) instead. DEPRECATION diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb index c5b52fade..cc9ef4242 100644 --- a/lib/devise/test_helpers.rb +++ b/lib/devise/test_helpers.rb @@ -4,7 +4,7 @@ module Devise module TestHelpers def self.included(base) base.class_eval do - ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc + Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise. For controller tests, please include `Devise::Test::ControllerHelpers` instead. DEPRECATION diff --git a/test/devise_test.rb b/test/devise_test.rb index 54ed98675..532aa57dc 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -108,6 +108,8 @@ class DeviseTest < ActiveSupport::TestCase end test 'Devise.activerecord51? deprecation' do - assert_deprecated { Devise.activerecord51? } + assert_deprecated("`Devise.activerecord51?` is deprecated", Devise.deprecator) do + Devise.activerecord51? + end end end diff --git a/test/models/serializable_test.rb b/test/models/serializable_test.rb index 225f7ae69..3a0322802 100644 --- a/test/models/serializable_test.rb +++ b/test/models/serializable_test.rb @@ -32,7 +32,9 @@ class SerializableTest < ActiveSupport::TestCase end test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do - assert_deprecated { Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION } + assert_deprecated("Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", Devise.deprecator) do + Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION + end end def assert_key(key, subject) diff --git a/test/rails_test.rb b/test/rails_test.rb index fdc1612e8..64ff82cda 100644 --- a/test/rails_test.rb +++ b/test/rails_test.rb @@ -8,4 +8,10 @@ class RailsTest < ActiveSupport::TestCase assert_equal :load_config_initializers, initializer.after assert_equal :build_middleware_stack, initializer.before end + + if Devise::Test.rails71_and_up? + test 'deprecator is added to application deprecators' do + assert_not_nil Rails.application.deprecators[:devise] + end + end end diff --git a/test/test_helper.rb b/test/test_helper.rb index ad5a6db66..aba66aa74 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,6 +23,19 @@ if ActiveSupport.respond_to?(:test_order) ActiveSupport.test_order = :random end +class ActiveSupport::TestCase + if ActiveSupport.version < Gem::Version.new("5.0") + def assert_deprecated(match, deprecator) + super(match) do + behavior = deprecator.behavior + deprecator.behavior = ActiveSupport::Deprecation.behavior + yield + ensure + deprecator.behavior = behavior + end + end + end +end OmniAuth.config.logger = Logger.new('/dev/null') From 13cb6e269d4bf1a4b67b579873ca4948814e273f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 18:16:49 -0400 Subject: [PATCH 200/299] Merge pull request #5599 from etiennebarrie/rails-edge-deprecations Fix Rails main deprecations --- test/orm/active_record.rb | 4 +++- test/rails_app/config/environments/test.rb | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index cf500330a..97bf37c51 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -5,7 +5,9 @@ ActiveRecord::Base.include_root_in_json = true migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) -if Devise::Test.rails6_and_up? +if Devise::Test.rails71_and_up? + ActiveRecord::MigrationContext.new(migrate_path).migrate +elsif Devise::Test.rails6_and_up? ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate elsif Devise::Test.rails52_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index c5d393c5e..9153790ad 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -32,7 +32,11 @@ config.action_controller.perform_caching = false # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + if Devise::Test.rails71_and_up? + config.action_dispatch.show_exceptions = :none + else + config.action_dispatch.show_exceptions = false + end # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false From 9784555304d4b5e476571aa78b8ee2f7a255a44a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 12 Sep 2023 21:39:56 -0300 Subject: [PATCH 201/299] Merge pull request #5628 from soartec-lab/fix/dedicated_active_support_deprecation Fixed missing migration to dedicated deprecator --- CHANGELOG.md | 3 ++- lib/devise/rails/deprecated_constant_accessor.rb | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d96ad3f1c..1236363ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### Unreleased - +* enhancements + * Changed to use a separate deprecator inside the gem. because `rails` 7.1 will deprecate using the singleton `ActiveSupport::Deprecation.instance` (@soartec-lab, @etiennebarrie) ### 4.9.2 - 2023-04-03 diff --git a/lib/devise/rails/deprecated_constant_accessor.rb b/lib/devise/rails/deprecated_constant_accessor.rb index d1eff92f2..f5cf01f89 100644 --- a/lib/devise/rails/deprecated_constant_accessor.rb +++ b/lib/devise/rails/deprecated_constant_accessor.rb @@ -26,7 +26,7 @@ def const_missing(missing_const_name) super end - def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance) + def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator) class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants) class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator } end From fb7faf746676304aadc8185d0e17a05eb7bb5702 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 12 Sep 2023 21:52:54 -0300 Subject: [PATCH 202/299] Fix code to support older versions of Ruby We still support super old versions, yes, and it doesn't like `ensure` without a `begin..end` unfortunately. I plan to remove this support soon, but for now I don't want to stop supporting it yet. --- test/test_helper.rb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index aba66aa74..c0bb43f77 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -27,11 +27,14 @@ class ActiveSupport::TestCase if ActiveSupport.version < Gem::Version.new("5.0") def assert_deprecated(match, deprecator) super(match) do - behavior = deprecator.behavior - deprecator.behavior = ActiveSupport::Deprecation.behavior - yield - ensure - deprecator.behavior = behavior + # TODO: remove extra begin..end when dropping support for Ruby <= 2.4 + begin + behavior = deprecator.behavior + deprecator.behavior = ActiveSupport::Deprecation.behavior + yield + ensure + deprecator.behavior = behavior + end end end end From 373d83cc9d740a41b6fa9de6c3cce611d8740b8b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 13 Sep 2023 10:08:59 -0300 Subject: [PATCH 203/299] Use Bundler 1.x with Ruby <= 2.2 Here we go again. --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 851bc6a65..8018e06a4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -164,8 +164,8 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - uses: actions/checkout@v3 - - name: Setup Bundler 1.x for Rails 4.x - if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }} + - name: Setup Bundler 1.x for Rails 4.x and Ruby <= 2.2 + if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' || matrix.ruby <= '2.2' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV - name: Setup Rubygems version as default for Ruby < 2.5 if: ${{ matrix.ruby < '2.5' }} From 501ae58a2521cb549f2e2cefcbd6f9cf8ab91874 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 13 Sep 2023 10:15:15 -0300 Subject: [PATCH 204/299] Lock loofah on Rails <= 5.2 There's some incompatibility issue with loofah there since it uses an older version of nokogiri, so I'm locking it on those older versions to try to get a green build again there. --- gemfiles/Gemfile-rails-4-1 | 3 +++ gemfiles/Gemfile-rails-4-2 | 3 +++ gemfiles/Gemfile-rails-5-0 | 3 +++ gemfiles/Gemfile-rails-5-1 | 3 +++ gemfiles/Gemfile-rails-5-2 | 3 +++ 5 files changed, 15 insertions(+) diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 index 33fb7b57a..f164f8a9f 100644 --- a/gemfiles/Gemfile-rails-4-1 +++ b/gemfiles/Gemfile-rails-4-1 @@ -44,3 +44,6 @@ if RUBY_VERSION < "2.3.0" # `Object.deprecate_constant` which isn't available. gem "multipart-post", "2.1.1" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 index d99d368cd..31205659c 100644 --- a/gemfiles/Gemfile-rails-4-2 +++ b/gemfiles/Gemfile-rails-4-2 @@ -43,3 +43,6 @@ if RUBY_VERSION < "2.3.0" # `Object.deprecate_constant` which isn't available. gem "multipart-post", "2.1.1" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 index ea23acf74..7e3c3295d 100644 --- a/gemfiles/Gemfile-rails-5-0 +++ b/gemfiles/Gemfile-rails-5-0 @@ -35,3 +35,6 @@ if RUBY_VERSION < "2.3.0" # `Object.deprecate_constant` which isn't available. gem "multipart-post", "2.1.1" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 index 9921633ec..bc85e0d42 100644 --- a/gemfiles/Gemfile-rails-5-1 +++ b/gemfiles/Gemfile-rails-5-1 @@ -28,3 +28,6 @@ if RUBY_VERSION < "2.3.0" # `Object.deprecate_constant` which isn't available. gem "multipart-post", "2.1.1" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 index ef9f08fc1..0cfc29df8 100644 --- a/gemfiles/Gemfile-rails-5-2 +++ b/gemfiles/Gemfile-rails-5-2 @@ -22,3 +22,6 @@ end platforms :ruby do gem "sqlite3", "~> 1.3.6" end + +# There's a build incompatibility issue with nokogiri and loofah +gem "loofah", "~> 2.20.0" From 218d14a2278bd5935b2e94315ae8a5308e3e96d2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 10:36:16 -0300 Subject: [PATCH 205/299] Lock ubuntu version to 20.04 to workaround older Ruby build issues Trying to get the build fully green for now. --- .github/workflows/test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8018e06a4..ad9d58eb3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -159,7 +159,9 @@ jobs: ruby: '2.5' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '2.4' - runs-on: ubuntu-latest + # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support. + # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740 + runs-on: ubuntu-20.04 env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: From f2a42abbf4b969b8e527f844275c96d0d9cdc4cf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 11:11:46 -0300 Subject: [PATCH 206/299] Ensure `_prefixes` is not available as an action method on controllers There was a change introduced in Rails 7.1 that causes all public actions of non-abstract controllers to become action methods, even if they happen to match the name of an internal method defined by abstract `ActionController::Base` and such, which is the case with `_prefixes`. This change was intentional, it allows for example to have an action called `status`, which is an internal method, and that is properly managed as an action method now. However, it broke Devise due to overriding `_prefixes`, which is a public method of Action Controller. To fix, we are simply ensuring we keep `_prefixes` as an internal method rather than action method, which matches previous behavior for this particular method/implementation in Devise. Ref: https://github.com/rails/rails/pull/48699 --- app/controllers/devise_controller.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 4bf92a688..0bcd17a7c 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -33,6 +33,17 @@ def _prefixes #:nodoc: end end + # Override internal methods to exclude `_prefixes` since we override it above. + # There was an intentional change in Rails 7.1 that will allow it to become + # an action method because it's a public method of a non-abstract controller, + # but we also can't make this abstract because it can affect potential actions + # defined in the parent controller, so instead we ensure `_prefixes` is going + # to be considered internal. (and thus, won't become an action method.) + # Ref: https://github.com/rails/rails/pull/48699 + def self.internal_methods #:nodoc: + super << :_prefixes + end + protected # Gets the actual resource stored in the instance variable From 407f223c65953e8dff905a70de1c461eb2b1c614 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 11:39:30 -0300 Subject: [PATCH 207/299] Fix test warning about deprecated cache format in Rails 7.1 --- test/rails_app/config/application.rb | 4 ++++ test/rails_app/config/boot.rb | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 1f4fbddba..f23b897ac 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -53,5 +53,9 @@ class Application < Rails::Application if Devise::Test.rails70? config.active_record.legacy_connection_handling = false end + + if Devise::Test.rails70_and_up? + config.active_support.cache_format_version = 7.0 + end end end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 4c108cc8c..80ebc818b 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -12,6 +12,10 @@ def self.rails71_and_up? !rails70? && Rails::VERSION::MAJOR >= 7 end + def self.rails70_and_up? + Rails::VERSION::MAJOR >= 7 + end + def self.rails70? Rails.version.start_with? '7.0' end From 9a0862037875fdb753d9e1b540dadc483bf9d012 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 11:52:29 -0300 Subject: [PATCH 208/299] Update changelog with Rails 7.1 mention [ci skip] --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1236363ab..be705e3ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,8 @@ ### Unreleased * enhancements - * Changed to use a separate deprecator inside the gem. because `rails` 7.1 will deprecate using the singleton `ActiveSupport::Deprecation.instance` (@soartec-lab, @etiennebarrie) + * Add support for Rails 7.1. + * Add `Devise.deprecator` to integrate with new application deprecators in Rails 7.1. (@soartec-lab, @etiennebarrie) ### 4.9.2 - 2023-04-03 From c146b25f31f81386c8ab71e0cb8ea2fc3723cad5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 10 Oct 2023 17:24:07 -0300 Subject: [PATCH 209/299] Better clarify need to override `internal_methods` Co-authored-by: Eebs Kobeissi --- app/controllers/devise_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/devise_controller.rb b/app/controllers/devise_controller.rb index 0bcd17a7c..1c3b41626 100644 --- a/app/controllers/devise_controller.rb +++ b/app/controllers/devise_controller.rb @@ -33,7 +33,9 @@ def _prefixes #:nodoc: end end - # Override internal methods to exclude `_prefixes` since we override it above. + # Override internal methods to exclude `_prefixes` from action methods since + # we override it above. + # # There was an intentional change in Rails 7.1 that will allow it to become # an action method because it's a public method of a non-abstract controller, # but we also can't make this abstract because it can affect potential actions From 4484eddc5268e3f1e2d7fc989a7e17e119267c21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Maggioni?= Date: Wed, 11 Oct 2023 16:35:35 +0200 Subject: [PATCH 210/299] Fix caret placement typo --- README.md | 2 +- lib/generators/templates/devise.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9b6871f93..0cb8151d4 100644 --- a/README.md +++ b/README.md @@ -481,7 +481,7 @@ Devise.setup do |config| # ... # When using Devise with Hotwire/Turbo, the http status for error responses # and some redirects must match the following. The default in Devise for existing - # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. config.responder.error_status = :unprocessable_entity diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 4503f33f8..9e6744bd7 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -299,7 +299,7 @@ # ==> Hotwire/Turbo configuration # When using Devise with Hotwire/Turbo, the http status for error responses # and some redirects must match the following. The default in Devise for existing - # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. config.responder.error_status = :unprocessable_entity From dcbfb32e661861e540cb022b3f8605bfd97e799e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 11 Oct 2023 11:40:50 -0300 Subject: [PATCH 211/299] Merge pull request #5640 from nmaggioni/nm_config_template_typo Fix typo in config template --- README.md | 2 +- lib/generators/templates/devise.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0f2a7d64f..a7e947f5c 100644 --- a/README.md +++ b/README.md @@ -483,7 +483,7 @@ Devise.setup do |config| # ... # When using Devise with Hotwire/Turbo, the http status for error responses # and some redirects must match the following. The default in Devise for existing - # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. config.responder.error_status = :unprocessable_entity diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 4503f33f8..9e6744bd7 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -299,7 +299,7 @@ # ==> Hotwire/Turbo configuration # When using Devise with Hotwire/Turbo, the http status for error responses # and some redirects must match the following. The default in Devise for existing - # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. config.responder.error_status = :unprocessable_entity From 1d6658097e364d45b5e059976f1e822eee7d67da Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 11 Oct 2023 19:08:36 -0300 Subject: [PATCH 212/299] Release v4.9.3 --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index be705e3ec..26180e5da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 4.9.3 - 2023-10-11 * enhancements * Add support for Rails 7.1. diff --git a/Gemfile.lock b/Gemfile.lock index 86faf08e2..9b32ec4ad 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.2) + devise (4.9.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 19df7b449..08f7e1447 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.2".freeze + VERSION = "4.9.3".freeze end From c4701866ae8fe5fdee955e14174fd9714f3ffa64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 22:42:26 +0000 Subject: [PATCH 213/299] Drop support to EOL Rubies All Ruby 2.x are EOL now. --- .github/workflows/test.yml | 79 -------------------------------------- README.md | 4 +- devise.gemspec | 2 +- gemfiles/Gemfile-rails-4-1 | 49 ----------------------- gemfiles/Gemfile-rails-4-2 | 48 ----------------------- gemfiles/Gemfile-rails-5-0 | 40 ------------------- gemfiles/Gemfile-rails-5-1 | 33 ---------------- 7 files changed, 3 insertions(+), 252 deletions(-) delete mode 100644 gemfiles/Gemfile-rails-4-1 delete mode 100644 gemfiles/Gemfile-rails-4-2 delete mode 100644 gemfiles/Gemfile-rails-5-0 delete mode 100644 gemfiles/Gemfile-rails-5-1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1cd2c5076..66dfc529d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,43 +20,12 @@ jobs: - '3.2' - '3.1' - '3.0' - - '2.7' - - '2.6' - - '2.5' - - '2.4' - - '2.3' - - '2.2' - - '2.1' env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: - - gemfile: Gemfile - ruby: '2.6' - - gemfile: Gemfile - ruby: '2.5' - - gemfile: Gemfile - ruby: '2.4' - - gemfile: Gemfile - ruby: '2.3' - - gemfile: Gemfile - ruby: '2.2' - - gemfile: Gemfile - ruby: '2.1' - gemfile: Gemfile env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.6' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.5' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.4' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.3' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-main env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-7-0 @@ -73,28 +42,12 @@ jobs: ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-7-0 env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-6-1 - ruby: '2.4' - - gemfile: gemfiles/Gemfile-rails-6-1 - ruby: '2.3' - - gemfile: gemfiles/Gemfile-rails-6-1 - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-6-1 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-6-1 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-0 ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-6-0 ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '2.4' - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '2.3' - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-6-0 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-2 @@ -103,12 +56,6 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-2 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-2 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-1 @@ -117,10 +64,6 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-1 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-1 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-5-0 @@ -129,10 +72,6 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-5-0 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-5-0 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-4-2 @@ -141,24 +80,12 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-4-2 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '2.6' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-4-1 ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '2.7' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '2.6' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '2.5' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '2.4' # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support. # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740 runs-on: ubuntu-20.04 @@ -169,12 +96,6 @@ jobs: - name: Setup Bundler 1.x for Rails 4.x and Ruby <= 2.2 if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' || matrix.ruby <= '2.2' }} run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV - - name: Setup Rubygems version as default for Ruby < 2.5 - if: ${{ matrix.ruby < '2.5' }} - run: echo "RUBYGEMS_VERSION=default" >> $GITHUB_ENV - - name: Setup Rubygems version as 3.2.3 for Ruby 2.5 - if: ${{ matrix.ruby == '2.5' }} - run: echo "RUBYGEMS_VERSION=3.2.3" >> $GITHUB_ENV - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} diff --git a/README.md b/README.md index 0cb8151d4..b1b778f1c 100644 --- a/README.md +++ b/README.md @@ -129,9 +129,9 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. -For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following: +For example, if the tests broke using Ruby 3.0.0 and Rails 4.1, you can do the following: ```bash -rbenv shell 2.4.2 # or rvm use 2.4.2 +rbenv shell 3.0.0 # or rvm use 3.0.0 BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bin/test ``` diff --git a/devise.gemspec b/devise.gemspec index 3efad0f4d..bea117bb7 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -25,7 +25,7 @@ Gem::Specification.new do |s| s.files = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"] s.require_paths = ["lib"] - s.required_ruby_version = '>= 2.1.0' + s.required_ruby_version = '>= 3.0.0' s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") diff --git a/gemfiles/Gemfile-rails-4-1 b/gemfiles/Gemfile-rails-4-1 deleted file mode 100644 index f164f8a9f..000000000 --- a/gemfiles/Gemfile-rails-4-1 +++ /dev/null @@ -1,49 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -git_source(:github) do |repo_name| - repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?('/') - "https://github.com/#{repo_name}.git" -end - -gemspec path: ".." - -gem "rails", github: "rails/rails", branch: "4-1-stable" -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc", "~> 5.1" -# Force this version because it's breaking on CI since a higher nokogiri version requires Ruby 2.3+. -gem "nokogiri", "1.9.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false - gem 'test_after_commit', require: false -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -group :mongoid do - gem "mongoid", "~> 4.0" -end - -if RUBY_VERSION < "2.3.0" - # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using - # `Object.deprecate_constant` which isn't available. - gem "multipart-post", "2.1.1" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-4-2 b/gemfiles/Gemfile-rails-4-2 deleted file mode 100644 index 31205659c..000000000 --- a/gemfiles/Gemfile-rails-4-2 +++ /dev/null @@ -1,48 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -git_source(:github) do |repo_name| - repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?('/') - "https://github.com/#{repo_name}.git" -end - -gemspec path: ".." - -gem "rails", github: "rails/rails", branch: "4-2-stable" -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc", "~> 5.1" -gem "nokogiri", "1.9.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false - gem 'test_after_commit', require: false -end - -platforms :jruby do - gem "activerecord-jdbc-adapter" - gem "activerecord-jdbcsqlite3-adapter" - gem "jruby-openssl" -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -group :mongoid do - gem "mongoid", "~> 4.0" -end - -if RUBY_VERSION < "2.3.0" - # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using - # `Object.deprecate_constant` which isn't available. - gem "multipart-post", "2.1.1" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-0 b/gemfiles/Gemfile-rails-5-0 deleted file mode 100644 index 7e3c3295d..000000000 --- a/gemfiles/Gemfile-rails-5-0 +++ /dev/null @@ -1,40 +0,0 @@ -# frozen_string_literal: true - -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", '~> 5.0.0' -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc" - -gem "rails-controller-testing" - -gem "responders", "~> 2.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -# TODO: -# group :mongoid do -# gem "mongoid", "~> 4.0.0" -# end - -if RUBY_VERSION < "2.3.0" - # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using - # `Object.deprecate_constant` which isn't available. - gem "multipart-post", "2.1.1" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" diff --git a/gemfiles/Gemfile-rails-5-1 b/gemfiles/Gemfile-rails-5-1 deleted file mode 100644 index bc85e0d42..000000000 --- a/gemfiles/Gemfile-rails-5-1 +++ /dev/null @@ -1,33 +0,0 @@ -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", '~> 5.1.0' -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc" - -gem "rails-controller-testing" - -gem "responders", "~> 2.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -if RUBY_VERSION < "2.3.0" - # We're getting version 2.2.0 which doesn't play nice with Ruby 2.2, using - # `Object.deprecate_constant` which isn't available. - gem "multipart-post", "2.1.1" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" From c8207373ea9da4021a30d913b50c473fb8bcc396 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 9 Jun 2023 22:56:53 +0000 Subject: [PATCH 214/299] Drop support to all EOL rails versions --- .github/workflows/test.yml | 56 ------------------- CHANGELOG.md | 3 + Gemfile.lock | 2 +- README.md | 16 +++--- devise.gemspec | 2 +- gemfiles/Gemfile-rails-5-2 | 27 --------- lib/devise/controllers/sign_in_out.rb | 6 -- lib/devise/failure_app.rb | 19 +------ lib/devise/models/authenticatable.rb | 13 +---- lib/devise/orm.rb | 38 +------------ lib/devise/parameter_sanitizer.rb | 3 +- .../rails/deprecated_constant_accessor.rb | 39 ------------- lib/devise/test/controller_helpers.rb | 1 - .../active_record/devise_generator.rb | 14 ++--- .../active_record_generator_test.rb | 18 +----- test/integration/rememberable_test.rb | 8 +-- test/orm/active_record.rb | 15 +---- .../app/controllers/home_controller.rb | 6 +- .../app/controllers/streaming_controller.rb | 2 +- .../users/omniauth_callbacks_controller.rb | 2 +- .../app/controllers/users_controller.rb | 6 +- test/rails_app/config/application.rb | 11 ---- test/rails_app/config/boot.rb | 24 -------- .../config/environments/production.rb | 8 +-- test/rails_app/config/environments/test.rb | 12 +--- .../migrate/20100401102949_create_tables.rb | 6 +- test/routes_test.rb | 10 ++-- test/support/http_method_compatibility.rb | 28 ---------- test/test/controller_helpers_test.rb | 14 +---- 29 files changed, 46 insertions(+), 363 deletions(-) delete mode 100644 gemfiles/Gemfile-rails-5-2 delete mode 100644 lib/devise/rails/deprecated_constant_accessor.rb diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 66dfc529d..9b8998081 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,11 +11,6 @@ jobs: - gemfiles/Gemfile-rails-7-0 - gemfiles/Gemfile-rails-6-1 - gemfiles/Gemfile-rails-6-0 - - gemfiles/Gemfile-rails-5-2 - - gemfiles/Gemfile-rails-5-1 - - gemfiles/Gemfile-rails-5-0 - - gemfiles/Gemfile-rails-4-2 - - gemfiles/Gemfile-rails-4-1 ruby: - '3.2' - '3.1' @@ -28,18 +23,6 @@ jobs: env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.6' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.5' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.4' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.3' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.2' - - gemfile: gemfiles/Gemfile-rails-7-0 - ruby: '2.1' - gemfile: gemfiles/Gemfile-rails-7-0 env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-6-1 @@ -50,42 +33,6 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-6-0 env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-5-2 - ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-2 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-5-1 - ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-1 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-5-0 - ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-5-0 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-4-2 - ruby: '3.0' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-4-1 - ruby: '3.0' # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support. # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740 runs-on: ubuntu-20.04 @@ -93,9 +40,6 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: - uses: actions/checkout@v3 - - name: Setup Bundler 1.x for Rails 4.x and Ruby <= 2.2 - if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' || matrix.ruby <= '2.2' }} - run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f196a1e0..66c3810a0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ### Unreleased +* Drop support to Ruby < 3.0 +* Drop support to Rails < 6.0 + * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) diff --git a/Gemfile.lock b/Gemfile.lock index 9b32ec4ad..eaa82dd64 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,7 +13,7 @@ PATH devise (4.9.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 4.1.0) + railties (>= 6.0.0) responders warden (~> 1.2.3) diff --git a/README.md b/README.md index b1b778f1c..2dbe0230b 100644 --- a/README.md +++ b/README.md @@ -129,17 +129,17 @@ Please note that the command output will show the variable value being used. ### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. -For example, if the tests broke using Ruby 3.0.0 and Rails 4.1, you can do the following: +For example, if the tests broke using Ruby 3.0.0 and Rails 6.0, you can do the following: ```bash rbenv shell 3.0.0 # or rvm use 3.0.0 -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bin/test ``` You can also combine both of them if the tests broke for Mongoid: ```bash -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.1-stable DEVISE_ORM=mongoid bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable DEVISE_ORM=mongoid bin/test ``` ### Running tests @@ -172,7 +172,7 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 4.0 works with Rails 4.1 onwards. Run: +Devise 4.0 works with Rails 6.0 onwards. Run: ```sh bundle add devise @@ -691,9 +691,9 @@ Alternatively, you can simply run the Devise generator. Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend that you use a role-based approach, by either providing a role column or using a dedicated gem for authorization. -### ActiveJob Integration +### Active Job Integration -If you are using Rails 4.2 and ActiveJob to deliver ActionMailer messages in the +If you are using Active Job to deliver Action Mailer messages in the background through a queuing back-end, you can send Devise emails through your existing queue by overriding the `send_devise_notification` method in your model. diff --git a/devise.gemspec b/devise.gemspec index bea117bb7..b46dfcaea 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -30,7 +30,7 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 4.1.0") + s.add_dependency("railties", ">= 6.0.0") s.add_dependency("responders") s.post_install_message = %q{ diff --git a/gemfiles/Gemfile-rails-5-2 b/gemfiles/Gemfile-rails-5-2 deleted file mode 100644 index 0cfc29df8..000000000 --- a/gemfiles/Gemfile-rails-5-2 +++ /dev/null @@ -1,27 +0,0 @@ -source "https://rubygems.org" - -gemspec path: ".." - -gem "rails", '~> 5.2.0' -gem "omniauth" -gem "omniauth-oauth2" -gem "rdoc" - -gem "rails-controller-testing" - -gem "responders", "~> 2.1" - -group :test do - gem "omniauth-facebook" - gem "omniauth-openid" - gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false -end - -platforms :ruby do - gem "sqlite3", "~> 1.3.6" -end - -# There's a build incompatibility issue with nokogiri and loofah -gem "loofah", "~> 2.20.0" diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index b12f05f75..fa29bbfca 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -106,12 +106,6 @@ def sign_out_all_scopes(lock = true) private def expire_data_after_sign_in! - # TODO: remove once Rails 5.2+ and forward are only supported. - # session.keys will return an empty array if the session is not yet loaded. - # This is a bug in both Rack and Rails. - # A call to #empty? forces the session to be loaded. - session.empty? - session.keys.grep(/^devise\./).each { |k| session.delete(k) } end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 8458aef32..ed174133c 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -140,7 +140,7 @@ def scope_url opts = {} # Initialize script_name with nil to prevent infinite loops in - # authenticated mounted engines in rails 4.2 and 5.0 + # authenticated mounted engines opts[:script_name] = nil route = route(scope) @@ -152,13 +152,6 @@ def scope_url if relative_url_root? opts[:script_name] = relative_url_root - - # We need to add the rootpath to `script_name` manually for applications that use a Rails - # version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines - # that use Devise. Remove it when the support of Rails 5.0 is dropped. - elsif root_path_defined?(context) && !rails_51_and_up? - rootpath = context.routes.url_helpers.root_path - opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1 end if context.respond_to?(route) @@ -274,15 +267,5 @@ def relative_url_root? end ActiveSupport.run_load_hooks(:devise_failure_app, self) - - private - - def root_path_defined?(context) - defined?(context.routes) && context.routes.url_helpers.respond_to?(:root_path) - end - - def rails_51_and_up? - Rails.gem_version >= Gem::Version.new("5.1") - end end end diff --git a/lib/devise/models/authenticatable.rb b/lib/devise/models/authenticatable.rb index e3466ebaf..df964537e 100644 --- a/lib/devise/models/authenticatable.rb +++ b/lib/devise/models/authenticatable.rb @@ -2,7 +2,6 @@ require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' -require 'devise/rails/deprecated_constant_accessor' module Devise module Models @@ -184,11 +183,8 @@ def devise_mailer # # Deliver later with Active Job's `deliver_later` # if message.respond_to?(:deliver_later) # message.deliver_later - # # Remove once we move to Rails 4.2+ only, as `deliver` is deprecated. - # elsif message.respond_to?(:deliver_now) - # message.deliver_now # else - # message.deliver + # message.deliver_now # end # end # @@ -196,12 +192,7 @@ def devise_mailer # def send_devise_notification(notification, *args) message = devise_mailer.send(notification, self, *args) - # Remove once we move to Rails 4.2+ only. - if message.respond_to?(:deliver_now) - message.deliver_now - else - message.deliver - end + message.deliver_now end def downcase_keys diff --git a/lib/devise/orm.rb b/lib/devise/orm.rb index 75baf2be5..3e9852cd3 100644 --- a/lib/devise/orm.rb +++ b/lib/devise/orm.rb @@ -4,19 +4,11 @@ def self.active_record?(model) defined?(ActiveRecord) && model < ActiveRecord::Base end - def self.active_record_51?(model) - active_record?(model) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") - end - def self.included(model) - if Devise::Orm.active_record_51?(model) - model.include DirtyTrackingNewMethods - else - model.include DirtyTrackingOldMethods - end + model.include DirtyTrackingMethods end - module DirtyTrackingNewMethods + module DirtyTrackingMethods def devise_email_before_last_save email_before_last_save end @@ -41,31 +33,5 @@ def devise_respond_to_and_will_save_change_to_attribute?(attribute) respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") end end - - module DirtyTrackingOldMethods - def devise_email_before_last_save - email_was - end - - def devise_email_in_database - email_was - end - - def devise_saved_change_to_email? - email_changed? - end - - def devise_saved_change_to_encrypted_password? - encrypted_password_changed? - end - - def devise_will_save_change_to_email? - email_changed? - end - - def devise_respond_to_and_will_save_change_to_attribute?(attribute) - respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") - end - end end end diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb index a2d721a1a..6d9523a4f 100644 --- a/lib/devise/parameter_sanitizer.rb +++ b/lib/devise/parameter_sanitizer.rb @@ -130,8 +130,7 @@ def permit(action, keys: nil, except: nil, &block) # # Returns an +ActiveSupport::HashWithIndifferentAccess+. def cast_to_hash(params) - # TODO: Remove the `with_indifferent_access` method call when we only support Rails 5+. - params && params.to_h.with_indifferent_access + params && params.to_h end def default_params diff --git a/lib/devise/rails/deprecated_constant_accessor.rb b/lib/devise/rails/deprecated_constant_accessor.rb deleted file mode 100644 index f5cf01f89..000000000 --- a/lib/devise/rails/deprecated_constant_accessor.rb +++ /dev/null @@ -1,39 +0,0 @@ -# frozen_string_literal: true - -begin - require 'active_support/deprecation/constant_accessor' - - module Devise - DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc: - end -rescue LoadError - - # Copy of constant deprecation module from Rails / Active Support version 6, so we can use it - # with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater. - module Devise - module DeprecatedConstantAccessor #:nodoc: - def self.included(base) - require "active_support/inflector/methods" - - extension = Module.new do - def const_missing(missing_const_name) - if class_variable_defined?(:@@_deprecated_constants) - if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s]) - replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations) - return ActiveSupport::Inflector.constantize(replacement[:new].to_s) - end - end - super - end - - def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator) - class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants) - class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator } - end - end - base.singleton_class.prepend extension - end - end - end - -end diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index b6a7156ec..aba2bb448 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -141,7 +141,6 @@ def _process_unauthenticated(env, options = {}) status, headers, response = Devise.warden_config[:failure_app].call(env).to_a @controller.response.headers.merge!(headers) - @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5 @controller.status = status @controller.response_body = response.body nil # causes process return @response diff --git a/lib/generators/active_record/devise_generator.rb b/lib/generators/active_record/devise_generator.rb index 6018c934d..89b2f94dd 100644 --- a/lib/generators/active_record/devise_generator.rb +++ b/lib/generators/active_record/devise_generator.rb @@ -82,10 +82,6 @@ def inet? postgresql? end - def rails5_and_up? - Rails::VERSION::MAJOR >= 5 - end - def rails61_and_up? Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1) end @@ -106,14 +102,12 @@ def ar_config end end - def migration_version - if rails5_and_up? - "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" - end - end + def migration_version + "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" + end def primary_key_type - primary_key_string if rails5_and_up? + primary_key_string end def primary_key_string diff --git a/test/generators/active_record_generator_test.rb b/test/generators/active_record_generator_test.rb index 757095edc..1c7d8219f 100644 --- a/test/generators/active_record_generator_test.rb +++ b/test/generators/active_record_generator_test.rb @@ -20,11 +20,7 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase Rails.application.config.paths.add "db/migrate", with: "db2/migrate" run_generator %w(monster) - if Rails.version >= '5.0.3' - assert_migration "db2/migrate/devise_create_monsters.rb", /def change/ - else - assert_migration "db/migrate/devise_create_monsters.rb", /def change/ - end + assert_migration "db2/migrate/devise_create_monsters.rb", /def change/ Rails.application.config.paths["db/migrate"] = old_paths end @@ -49,11 +45,7 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase assert_file "app/models/monster.rb" run_generator %w(monster) - if Rails.version >= '5.0.3' - assert_migration "db2/migrate/add_devise_to_monsters.rb" - else - assert_migration "db/migrate/add_devise_to_monsters.rb" - end + assert_migration "db2/migrate/add_devise_to_monsters.rb" Rails.application.config.paths["db/migrate"] = old_paths end @@ -84,11 +76,7 @@ class ActiveRecordGeneratorTest < Rails::Generators::TestCase test "add primary key type with rails 5 when specified in rails generator" do run_generator ["monster", "--primary_key_type=uuid"] - if Devise::Test.rails5_and_up? - assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/ - else - assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters do/ - end + assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/ end end diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb index c9430f570..1fc4e4d58 100644 --- a/test/integration/rememberable_test.rb +++ b/test/integration/rememberable_test.rb @@ -12,13 +12,7 @@ def create_user_and_remember(add_to_token = '') end def generate_signed_cookie(raw_cookie) - request = if Devise::Test.rails51? || Devise::Test.rails52_and_up? - ActionController::TestRequest.create(Class.new) # needs a "controller class" - elsif Devise::Test.rails5? - ActionController::TestRequest.create - else - ActionController::TestRequest.new - end + request = ActionController::TestRequest.create(Class.new) # needs a "controller class" request.cookie_jar.signed['raw_cookie'] = raw_cookie request.cookie_jar['raw_cookie'] end diff --git a/test/orm/active_record.rb b/test/orm/active_record.rb index 97bf37c51..e9b7ea521 100644 --- a/test/orm/active_record.rb +++ b/test/orm/active_record.rb @@ -7,22 +7,11 @@ migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__) if Devise::Test.rails71_and_up? ActiveRecord::MigrationContext.new(migrate_path).migrate -elsif Devise::Test.rails6_and_up? - ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate -elsif Devise::Test.rails52_and_up? - ActiveRecord::MigrationContext.new(migrate_path).migrate else - ActiveRecord::Migrator.migrate(migrate_path) + ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate end class ActiveSupport::TestCase - if Devise::Test.rails5_and_up? - self.use_transactional_tests = true - else - # Let `after_commit` work with transactional fixtures, however this is not needed for Rails 5. - require 'test_after_commit' - self.use_transactional_fixtures = true - end - + self.use_transactional_tests = true self.use_instantiated_fixtures = false end diff --git a/test/rails_app/app/controllers/home_controller.rb b/test/rails_app/app/controllers/home_controller.rb index 9eff82d53..b8f3327ad 100644 --- a/test/rails_app/app/controllers/home_controller.rb +++ b/test/rails_app/app/controllers/home_controller.rb @@ -22,10 +22,6 @@ def set end def unauthenticated - if Devise::Test.rails5_and_up? - render body: "unauthenticated", status: :unauthorized - else - render text: "unauthenticated", status: :unauthorized - end + render body: "unauthenticated", status: :unauthorized end end diff --git a/test/rails_app/app/controllers/streaming_controller.rb b/test/rails_app/app/controllers/streaming_controller.rb index 6d3f02483..5fd711c2e 100644 --- a/test/rails_app/app/controllers/streaming_controller.rb +++ b/test/rails_app/app/controllers/streaming_controller.rb @@ -6,7 +6,7 @@ class StreamingController < ApplicationController before_action :authenticate_user! def index - render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index' + render body: 'Index' end # Work around https://github.com/heartcombo/devise/issues/2332, which affects diff --git a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb index 5da3b94f9..f5327fbd7 100644 --- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb @@ -11,6 +11,6 @@ def sign_in_facebook user = User.to_adapter.find_first(email: 'user@test.com') user.remember_me = true sign_in user - render (Devise::Test.rails5_and_up? ? :body : :text) => "" + render body: "" end end diff --git a/test/rails_app/app/controllers/users_controller.rb b/test/rails_app/app/controllers/users_controller.rb index 1bc276565..b3b49ee2a 100644 --- a/test/rails_app/app/controllers/users_controller.rb +++ b/test/rails_app/app/controllers/users_controller.rb @@ -16,7 +16,7 @@ def edit_form end def update_form - render (Devise::Test.rails5_and_up? ? :body : :text) => 'Update' + render body: 'Update' end def accept @@ -24,11 +24,11 @@ def accept end def exhibit - render (Devise::Test.rails5_and_up? ? :body : :text) => current_user ? "User is authenticated" : "User is not authenticated" + render body: current_user ? "User is authenticated" : "User is not authenticated" end def expire user_session['last_request_at'] = 31.minutes.ago.utc - render (Devise::Test.rails5_and_up? ? :body : :text) => 'User will be expired on next request' + render body: 'User will be expired on next request' end end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index f23b897ac..cb333819c 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -33,23 +33,12 @@ class Application < Rails::Application # config.assets.enabled = false config.action_mailer.default_url_options = { host: "localhost", port: 3000 } - rails_version = Gem::Version.new(Rails.version) - if DEVISE_ORM == :active_record && - rails_version >= Gem::Version.new('4.2.0') && - rails_version < Gem::Version.new('5.1.0') - config.active_record.raise_in_transactional_callbacks = true - end # This was used to break devise in some situations config.to_prepare do Devise::SessionsController.layout "application" end - # Remove the first check once Rails 5.0 support is removed. - if Devise::Test.rails52_and_up? && !Devise::Test.rails6_and_up? - Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true - end - if Devise::Test.rails70? config.active_record.legacy_connection_handling = false end diff --git a/test/rails_app/config/boot.rb b/test/rails_app/config/boot.rb index 80ebc818b..e328fce49 100644 --- a/test/rails_app/config/boot.rb +++ b/test/rails_app/config/boot.rb @@ -19,30 +19,6 @@ def self.rails70_and_up? def self.rails70? Rails.version.start_with? '7.0' end - - def self.rails6_and_up? - Rails::VERSION::MAJOR >= 6 - end - - def self.rails52_and_up? - Rails::VERSION::MAJOR > 5 || rails52? - end - - def self.rails52? - Rails.version.start_with? '5.2' - end - - def self.rails51? - Rails.version.start_with? '5.1' - end - - def self.rails5_and_up? - Rails::VERSION::MAJOR >= 5 - end - - def self.rails5? - Rails.version.start_with? '5' - end end end diff --git a/test/rails_app/config/environments/production.rb b/test/rails_app/config/environments/production.rb index 3a3be4784..17c5b266f 100644 --- a/test/rails_app/config/environments/production.rb +++ b/test/rails_app/config/environments/production.rb @@ -22,13 +22,7 @@ # config.action_dispatch.rack_cache = true # Disable Rails's static asset server (Apache or nginx will already do this). - if Devise::Test.rails5_and_up? - config.public_file_server.enabled = false - elsif Rails.version >= "4.2.0" - config.serve_static_files = false - else - config.serve_static_assets = false - end + config.public_file_server.enabled = false # Compress JavaScripts and CSS. config.assets.js_compressor = :uglifier diff --git a/test/rails_app/config/environments/test.rb b/test/rails_app/config/environments/test.rb index 9153790ad..acc06f31f 100644 --- a/test/rails_app/config/environments/test.rb +++ b/test/rails_app/config/environments/test.rb @@ -16,16 +16,8 @@ # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - if Devise::Test.rails5_and_up? - config.public_file_server.enabled = true - config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'} - elsif Rails.version >= "4.2.0" - config.serve_static_files = true - config.static_cache_control = "public, max-age=3600" - else - config.serve_static_assets = true - config.static_cache_control = "public, max-age=3600" - end + config.public_file_server.enabled = true + config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'} # Show full error reports and disable caching. config.consider_all_requests_local = true diff --git a/test/rails_app/db/migrate/20100401102949_create_tables.rb b/test/rails_app/db/migrate/20100401102949_create_tables.rb index 43c6d867b..8d46b3e5c 100644 --- a/test/rails_app/db/migrate/20100401102949_create_tables.rb +++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb @@ -1,10 +1,6 @@ # frozen_string_literal: true -superclass = ActiveRecord::Migration -# TODO: Inherit from the 5.0 Migration class directly when we drop support for Rails 4. -superclass = ActiveRecord::Migration[5.0] if superclass.respond_to?(:[]) - -class CreateTables < superclass +class CreateTables < ActiveRecord::Migration[5.0] def self.up create_table :users do |t| t.string :username diff --git a/test/routes_test.rb b/test/routes_test.rb index 0cfd6fc0c..f18fb342c 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -205,7 +205,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for sessions' do expected_params = {controller: 'devise/sessions', action: 'new'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do @@ -215,7 +215,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for passwords' do expected_params = {controller: 'devise/passwords', action: 'create'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post}) assert_raise ExpectedRoutingError do @@ -225,7 +225,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for registrations' do expected_params = {controller: 'devise/registrations', action: 'new'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get}) assert_raise ExpectedRoutingError do @@ -235,7 +235,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for confirmations' do expected_params = {controller: 'devise/confirmations', action: 'show'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get}) assert_raise ExpectedRoutingError do @@ -245,7 +245,7 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for unlocks' do expected_params = {controller: 'devise/unlocks', action: 'show'} - expected_params[:format] = false if Devise::Test.rails5_and_up? + expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get}) assert_raise ExpectedRoutingError do diff --git a/test/support/http_method_compatibility.rb b/test/support/http_method_compatibility.rb index f901ad858..44d80dffd 100644 --- a/test/support/http_method_compatibility.rb +++ b/test/support/http_method_compatibility.rb @@ -2,36 +2,8 @@ module Devise class IntegrationTest < ActionDispatch::IntegrationTest - # %w( get post patch put head delete xml_http_request - # xhr get_via_redirect post_via_redirect - # ).each do |method| - unless Devise::Test.rails5_and_up? - %w( get post put ).each do |method| - define_method(method) do |url, options = {}| - if options[:xhr] == true - xml_http_request __method__, url, options[:params] || {}, options[:headers] - else - super url, options[:params] || {}, options[:headers] - end - end - end - end end class ControllerTestCase < ActionController::TestCase - # %w( get post patch put head delete xml_http_request - # xhr get_via_redirect post_via_redirect - # ).each do |method| - unless Devise::Test.rails5_and_up? - %w( get post put ).each do |method| - define_method(method) do |action, options = {}| - if options[:xhr] == true - xml_http_request __method__, action, options[:params] || {}, options[:headers] - else - super action, options[:params] || {}, options[:headers] - end - end - end - end end end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index d415a176c..7ba9f3c67 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -108,11 +108,7 @@ def respond test "returns the content type of a failure app" do get :index, params: { format: :json } - if Devise::Test.rails6_and_up? - assert_includes response.media_type, 'application/json' - else - assert_includes response.content_type, 'application/json' - end + assert_includes response.media_type, 'application/json' end test "defined Warden after_authentication callback should not be called when sign_in is called" do @@ -181,13 +177,7 @@ def respond test "creates a new warden proxy if the request object has changed" do old_warden_proxy = warden - @request = if Devise::Test.rails51? || Devise::Test.rails52_and_up? - ActionController::TestRequest.create(Class.new) # needs a "controller class" - elsif Devise::Test.rails5? - ActionController::TestRequest.create - else - ActionController::TestRequest.new - end + @request = ActionController::TestRequest.create(Class.new) # needs a "controller class" new_warden_proxy = warden From 23633b70f01067c25fea7bd0c00b5fc5348e452b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 12 Oct 2023 16:53:36 -0300 Subject: [PATCH 215/299] Bring back Ruby 2.7 support It's EOL but the current versions of Rails are still supporting it, so it makes sense for us to keep supporting it as well. And it doesn't give us any extra maintenance burden as older versions have been doing. --- .github/workflows/test.yml | 1 + CHANGELOG.md | 2 +- devise.gemspec | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9b8998081..3b40b29c8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,6 +15,7 @@ jobs: - '3.2' - '3.1' - '3.0' + - '2.7' env: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid diff --git a/CHANGELOG.md b/CHANGELOG.md index 66c3810a0..ba6ecaaf7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ ### Unreleased -* Drop support to Ruby < 3.0 +* Drop support to Ruby < 2.7 * Drop support to Rails < 6.0 * enhancements diff --git a/devise.gemspec b/devise.gemspec index b46dfcaea..d53c959a7 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -25,7 +25,7 @@ Gem::Specification.new do |s| s.files = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"] s.require_paths = ["lib"] - s.required_ruby_version = '>= 3.0.0' + s.required_ruby_version = '>= 2.7.0' s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") From 72b421e571ac7e3316f51917b363f5525fea8fd7 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 12 Oct 2023 16:56:53 -0300 Subject: [PATCH 216/299] Update gemfile readme references --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2dbe0230b..caecead2f 100644 --- a/README.md +++ b/README.md @@ -132,14 +132,14 @@ Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) d For example, if the tests broke using Ruby 3.0.0 and Rails 6.0, you can do the following: ```bash rbenv shell 3.0.0 # or rvm use 3.0.0 -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bin/test ``` You can also combine both of them if the tests broke for Mongoid: ```bash -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile.rails-6.0-stable DEVISE_ORM=mongoid bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 DEVISE_ORM=mongoid bin/test ``` ### Running tests From 49e4a991cf34987c2abd378fe4ba2767ec5cb417 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Oct 2023 10:50:18 -0300 Subject: [PATCH 217/299] Remove some more code added to support older versions Also change back to run CI on ubuntu-latest which should work with all Ruby versions supported now. --- .github/workflows/test.yml | 6 +----- README.md | 2 +- bin/test | 19 +++++++------------ .../app/controllers/streaming_controller.rb | 12 ------------ test/test_helper.rb | 16 ---------------- 5 files changed, 9 insertions(+), 46 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3b40b29c8..f0e846814 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,9 +34,7 @@ jobs: ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-6-0 env: DEVISE_ORM=mongoid - # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support. - # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740 - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} steps: @@ -45,8 +43,6 @@ jobs: with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - bundler: ${{ env.BUNDLER_VERSION || 'default' }} - rubygems: ${{ env.RUBYGEMS_VERSION || 'latest' }} - uses: supercharge/mongodb-github-action@1.9.0 if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} - run: bundle exec rake diff --git a/README.md b/README.md index caecead2f..e76d8b3fc 100644 --- a/README.md +++ b/README.md @@ -644,7 +644,7 @@ Unlike controller tests, integration tests do not need to supply the `devise.mapping` `env` value, as the mapping can be inferred by the routes that are executed in your tests. -You can read more about testing your Rails 3 - Rails 4 controllers with RSpec in the wiki: +You can read more about testing your Rails controllers with RSpec in the wiki: * https://github.com/heartcombo/devise/wiki/How-To:-Test-controllers-with-Rails-(and-RSpec) diff --git a/bin/test b/bin/test index 3670b19da..28141f2c7 100755 --- a/bin/test +++ b/bin/test @@ -1,17 +1,12 @@ #!/usr/bin/env ruby $: << File.expand_path(File.expand_path('../../test', __FILE__)) -# Remove this begin/rescue once Rails 4 support is removed. -begin - require 'bundler/setup' - require 'rails/test_unit/runner' - require 'rails/test_unit/reporter' - require 'rails/test_unit/line_filtering' +require 'bundler/setup' +require 'rails/test_unit/runner' +require 'rails/test_unit/reporter' +require 'rails/test_unit/line_filtering' - Rails::TestUnitReporter.executable = 'bin/test' +Rails::TestUnitReporter.executable = 'bin/test' - Rails::TestUnit::Runner.parse_options(ARGV) - Rails::TestUnit::Runner.run(ARGV) -rescue LoadError - exec 'rake' -end +Rails::TestUnit::Runner.parse_options(ARGV) +Rails::TestUnit::Runner.run(ARGV) diff --git a/test/rails_app/app/controllers/streaming_controller.rb b/test/rails_app/app/controllers/streaming_controller.rb index 5fd711c2e..1045fea18 100644 --- a/test/rails_app/app/controllers/streaming_controller.rb +++ b/test/rails_app/app/controllers/streaming_controller.rb @@ -8,16 +8,4 @@ class StreamingController < ApplicationController def index render body: 'Index' end - - # Work around https://github.com/heartcombo/devise/issues/2332, which affects - # tests in Rails 4.x (and affects production in Rails >= 5) - def process(name) - super(name) - rescue ArgumentError => e - if e.message == 'uncaught throw :warden' - throw :warden - else - raise e - end - end end diff --git a/test/test_helper.rb b/test/test_helper.rb index c0bb43f77..ad5a6db66 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -23,22 +23,6 @@ if ActiveSupport.respond_to?(:test_order) ActiveSupport.test_order = :random end -class ActiveSupport::TestCase - if ActiveSupport.version < Gem::Version.new("5.0") - def assert_deprecated(match, deprecator) - super(match) do - # TODO: remove extra begin..end when dropping support for Ruby <= 2.4 - begin - behavior = deprecator.behavior - deprecator.behavior = ActiveSupport::Deprecation.behavior - yield - ensure - deprecator.behavior = behavior - end - end - end - end -end OmniAuth.config.logger = Logger.new('/dev/null') From 63939c121e656075296808fd2627cab5a0352ba3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Oct 2023 10:59:13 -0300 Subject: [PATCH 218/299] Remove deprecated options argument from update methods They were added to support an old/deprecated feature of Rails, as the message was saying, we can now remove them from the code as well. --- lib/devise/models/database_authenticatable.rb | 30 ++++--------------- 1 file changed, 6 insertions(+), 24 deletions(-) diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 8903e6d06..e16b7d845 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -84,16 +84,7 @@ def clean_up_passwords # users to change relevant information like the e-mail without changing # their password). In case the password field is rejected, the confirmation # is also rejected as long as it is also blank. - def update_with_password(params, *options) - if options.present? - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] The second argument of `DatabaseAuthenticatable#update_with_password` - (`options`) is deprecated and it will be removed in the next major version. - It was added to support a feature deprecated in Rails 4, so you can safely remove it - from your code. - DEPRECATION - end - + def update_with_password(params) current_password = params.delete(:current_password) if params[:password].blank? @@ -102,9 +93,9 @@ def update_with_password(params, *options) end result = if valid_password?(current_password) - update(params, *options) + update(params) else - assign_attributes(params, *options) + assign_attributes(params) valid? errors.add(:current_password, current_password.blank? ? :blank : :invalid) false @@ -121,25 +112,16 @@ def update_with_password(params, *options) # # Example: # - # def update_without_password(params, *options) + # def update_without_password(params) # params.delete(:email) # super(params) # end # - def update_without_password(params, *options) - if options.present? - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] The second argument of `DatabaseAuthenticatable#update_without_password` - (`options`) is deprecated and it will be removed in the next major version. - It was added to support a feature deprecated in Rails 4, so you can safely remove it - from your code. - DEPRECATION - end - + def update_without_password(params) params.delete(:password) params.delete(:password_confirmation) - result = update(params, *options) + result = update(params) clean_up_passwords result end From 4d18d8131109c5fd9099e7f2168b2bf6f7f68b7d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Oct 2023 11:19:45 -0300 Subject: [PATCH 219/299] Respect locale set by controller in the failure app (#5567) A common usage of I18n with different locales is to create some around callback in the application controller that sets the locale for the entire action, via params/url/user/etc., which ensure the locale is respected for the duration of that action, and resets at the end. Devise was not respecting the locale when the authenticate failed and triggered the failure app, because that happens in a warden middleware right up in the change, by that time the controller around callback had already reset the locale back to its default, and the failure app would just translate flash messages using the default locale. Now we are passing the current locale down to the failure app via warden options, and wrapping it with an around callback, which makes the failure app respect the set I18n locale by the controller at the time the authentication failure is triggered, working as expected. (much more like a normal controller would.) I chose to introduce a callback in the failure app so we could wrap the whole `respond` action processing rather than adding individual `locale` options to the `I18n.t` calls, because that should ensure other possible `I18n.t` calls from overridden failure apps would respect the set locale as well, and makes it more like one would implement in a controller. I don't recommend people using callbacks in their own failure apps though, as this is not going to be documented as a "feature" of failures apps, it's considered "internal" and could be refactored at any point. It is possible to override the locale with the new `i18n_locale` method, which simply defaults to the passed locale from the controller. Closes #5247 Closes #5246 Related to: #3052, #4823, and possible others already closed. Related to warden: (may be closed there afterwards) https://github.com/wardencommunity/warden/issues/180 https://github.com/wardencommunity/warden/issues/170 --- CHANGELOG.md | 3 +++ app/controllers/devise/sessions_controller.rb | 2 +- lib/devise/controllers/helpers.rb | 2 ++ lib/devise/failure_app.rb | 11 +++++++- test/controllers/helpers_test.rb | 10 +++---- test/failure_app_test.rb | 26 +++++++++++++++++++ test/integration/authenticatable_test.rb | 9 +++++++ .../app/controllers/admins_controller.rb | 7 +++++ test/support/locale/pt-BR.yml | 5 ++++ test/test_helper.rb | 2 +- 10 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 test/support/locale/pt-BR.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f196a1e0..f374a7401 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) +* bug fixes + * Respect locale set by controller in failure app. Devise will carry over the current I18n.locale option when triggering authentication, and will wrap the failure app call with it. [#5567](https://github.com/heartcombo/devise/pull/5567) + ### 4.9.3 - 2023-10-11 * enhancements diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 7c4ee7d4e..76b780209 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -45,7 +45,7 @@ def serialize_options(resource) end def auth_options - { scope: resource_name, recall: "#{controller_path}#new" } + { scope: resource_name, recall: "#{controller_path}#new", locale: I18n.locale } end def translation_scope diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index bc6e9fd86..68e8e8d1d 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -46,6 +46,7 @@ def authenticate_#{group_name}!(favorite = nil, opts = {}) mappings.unshift mappings.delete(favorite.to_sym) if favorite mappings.each do |mapping| opts[:scope] = mapping + opts[:locale] = I18n.locale warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end end @@ -115,6 +116,7 @@ def self.define_helpers(mapping) #:nodoc: class_eval <<-METHODS, __FILE__, __LINE__ + 1 def authenticate_#{mapping}!(opts = {}) opts[:scope] = :#{mapping} + opts[:locale] = I18n.locale warden.authenticate!(opts) if !devise_controller? || opts.delete(:force) end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 8458aef32..ff3363fbc 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -18,6 +18,11 @@ class FailureApp < ActionController::Metal delegate :flash, to: :request + include AbstractController::Callbacks + around_action do |failure_app, action| + I18n.with_locale(failure_app.i18n_locale, &action) + end + def self.call(env) @respond ||= action(:respond) @respond.call(env) @@ -107,7 +112,7 @@ def i18n_message(default = nil) options[:default] = [message] auth_keys = scope_class.authentication_keys keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) } - options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector")) + options[:authentication_keys] = keys.join(I18n.t(:"support.array.words_connector")) options = i18n_options(options) I18n.t(:"#{scope}.#{message}", **options) @@ -116,6 +121,10 @@ def i18n_message(default = nil) end end + def i18n_locale + warden_options[:locale] + end + def redirect_url if warden_message == :timeout flash[:timedout] = true if is_flashing_format? diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 655a1fb66..57acdba9c 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -64,30 +64,30 @@ def setup end test 'proxy authenticate_user! to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with({ scope: :user }) + @mock_warden.expects(:authenticate!).with({ scope: :user, locale: :en }) @controller.authenticate_user! end test 'proxy authenticate_user! options to authenticate with user scope' do - @mock_warden.expects(:authenticate!).with({ scope: :user, recall: "foo" }) + @mock_warden.expects(:authenticate!).with({ scope: :user, recall: "foo", locale: :en }) @controller.authenticate_user!(recall: "foo") end test 'proxy authenticate_admin! to authenticate with admin scope' do - @mock_warden.expects(:authenticate!).with({ scope: :admin }) + @mock_warden.expects(:authenticate!).with({ scope: :admin, locale: :en }) @controller.authenticate_admin! end test 'proxy authenticate_[group]! to authenticate!? with each scope' do [:user, :admin].each do |scope| - @mock_warden.expects(:authenticate!).with({ scope: scope }) + @mock_warden.expects(:authenticate!).with({ scope: scope, locale: :en }) @mock_warden.expects(:authenticate?).with(scope: scope).returns(false) end @controller.authenticate_commenter! end test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do - @mock_warden.expects(:authenticate!).with({ scope: :publisher_account }) + @mock_warden.expects(:authenticate!).with({ scope: :publisher_account, locale: :en }) @controller.authenticate_publisher_account! end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index 59f291e20..e8f316f0d 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -200,6 +200,13 @@ def call_failure(env_params = {}) assert_equal 'User Steve does not exist', @request.flash[:alert] end + test 'respects the i18n locale passed via warden options when redirecting' do + call_failure('warden' => OpenStruct.new(message: :invalid), 'warden.options' => { locale: :"pt-BR" }) + + assert_equal 'Email ou senha inválidos.', @request.flash[:alert] + assert_equal 'http://test.host/users/sign_in', @response.second["Location"] + end + test 'uses the proxy failure message as string' do call_failure('warden' => OpenStruct.new(message: 'Hello world')) assert_equal 'Hello world', @request.flash[:alert] @@ -284,6 +291,12 @@ def call_failure(env_params = {}) assert_match 'Invalid Email or password.', @response.third.body end + test 'respects the i18n locale passed via warden options when responding to HTTP request' do + call_failure('formats' => Mime[:json], 'warden' => OpenStruct.new(message: :invalid), 'warden.options' => { locale: :"pt-BR" }) + + assert_equal %({"error":"Email ou senha inválidos."}), @response.third.body + end + context 'on ajax call' do context 'when http_authenticatable_on_xhr is false' do test 'dont return 401 with navigational formats' do @@ -372,6 +385,18 @@ def call_failure(env_params = {}) end end + test 'respects the i18n locale passed via warden options when recalling original controller' do + env = { + "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", locale: :"pt-BR" }, + "devise.mapping" => Devise.mappings[:user], + "warden" => stub_everything + } + call_failure(env) + + assert_includes @response.third.body, '

Log in

' + assert_includes @response.third.body, 'Email ou senha inválidos.' + end + # TODO: remove conditional/else when supporting only responders 3.1+ if ActionController::Responder.respond_to?(:error_status=) test 'respects the configured responder `error_status` for the status code' do @@ -431,6 +456,7 @@ def call_failure(env_params = {}) assert_equal "yes it does", Devise::FailureApp.new.lazy_loading_works? end end + context "Without Flash Support" do test "returns to the default redirect location without a flash message" do call_failure request_klass: RequestWithoutFlashSupport diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index 5c56ca589..ea338f6fc 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -273,6 +273,15 @@ class AuthenticationRedirectTest < Devise::IntegrationTest assert_contain 'You need to sign in or sign up before continuing.' end + test 'redirect from warden respects i18n locale set at the controller' do + get admins_path(locale: "pt-BR") + + assert_redirected_to new_admin_session_path + follow_redirect! + + assert_contain 'Para continuar, faça login ou registre-se.' + end + test 'redirect to default url if no other was configured' do sign_in_as_user assert_template 'home/index' diff --git a/test/rails_app/app/controllers/admins_controller.rb b/test/rails_app/app/controllers/admins_controller.rb index c732f5890..957aa6f0b 100644 --- a/test/rails_app/app/controllers/admins_controller.rb +++ b/test/rails_app/app/controllers/admins_controller.rb @@ -1,8 +1,15 @@ # frozen_string_literal: true class AdminsController < ApplicationController + around_action :set_locale before_action :authenticate_admin! def index end + + private + + def set_locale + I18n.with_locale(params[:locale] || I18n.default_locale) { yield } + end end diff --git a/test/support/locale/pt-BR.yml b/test/support/locale/pt-BR.yml new file mode 100644 index 000000000..5c57e1909 --- /dev/null +++ b/test/support/locale/pt-BR.yml @@ -0,0 +1,5 @@ +pt-BR: + devise: + failure: + invalid: "%{authentication_keys} ou senha inválidos." + unauthenticated: "Para continuar, faça login ou registre-se." diff --git a/test/test_helper.rb b/test/test_helper.rb index c0bb43f77..199dad404 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -10,7 +10,7 @@ require "rails/test_help" require "orm/#{DEVISE_ORM}" -I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__) +I18n.load_path.concat Dir["#{File.dirname(__FILE__)}/support/locale/*.yml"] require 'mocha/minitest' require 'timecop' From c4578d3240a57c01f2dbdd0659c67e704bea623e Mon Sep 17 00:00:00 2001 From: Henry Stanley Date: Fri, 13 Oct 2023 15:54:36 +0100 Subject: [PATCH 220/299] Fix README anchor link Fixes link to Active Job Integration in README. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e76d8b3fc..6f7025eee 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ It's composed of 10 modules: - [Integration tests](#integration-tests) - [OmniAuth](#omniauth) - [Configuring multiple models](#configuring-multiple-models) - - [ActiveJob Integration](#activejob-integration) + - [Active Job Integration](#active-job-integration) - [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs) - [Other ORMs](#other-orms) - [Rails API mode](#rails-api-mode) From b6d64ba5252216d367d8c89f50492885d364f76c Mon Sep 17 00:00:00 2001 From: Stanislaw Klajn Date: Fri, 20 Oct 2023 11:05:16 +0100 Subject: [PATCH 221/299] Removed now obsolete SecretKeyFinder --- lib/devise.rb | 1 - lib/devise/rails.rb | 2 +- lib/devise/secret_key_finder.rb | 27 ------- test/secret_key_finder_test.rb | 121 -------------------------------- 4 files changed, 1 insertion(+), 150 deletions(-) delete mode 100644 lib/devise/secret_key_finder.rb delete mode 100644 test/secret_key_finder_test.rb diff --git a/lib/devise.rb b/lib/devise.rb index 3847e190c..2b8ac66ef 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -19,7 +19,6 @@ module Devise autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' autoload :TokenGenerator, 'devise/token_generator' - autoload :SecretKeyFinder, 'devise/secret_key_finder' module Controllers autoload :Helpers, 'devise/controllers/helpers' diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index ab308e979..dad9e86dc 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -38,7 +38,7 @@ class Engine < ::Rails::Engine end initializer "devise.secret_key" do |app| - Devise.secret_key ||= Devise::SecretKeyFinder.new(app).find + Devise.secret_key ||= app.secret_key_base Devise.token_generator ||= if secret_key = Devise.secret_key diff --git a/lib/devise/secret_key_finder.rb b/lib/devise/secret_key_finder.rb deleted file mode 100644 index d07106c44..000000000 --- a/lib/devise/secret_key_finder.rb +++ /dev/null @@ -1,27 +0,0 @@ -# frozen_string_literal: true - -module Devise - class SecretKeyFinder - def initialize(application) - @application = application - end - - def find - if @application.respond_to?(:credentials) && key_exists?(@application.credentials) - @application.credentials.secret_key_base - elsif @application.respond_to?(:secrets) && key_exists?(@application.secrets) - @application.secrets.secret_key_base - elsif @application.config.respond_to?(:secret_key_base) && key_exists?(@application.config) - @application.config.secret_key_base - elsif @application.respond_to?(:secret_key_base) && key_exists?(@application) - @application.secret_key_base - end - end - - private - - def key_exists?(object) - object.secret_key_base.present? - end - end -end diff --git a/test/secret_key_finder_test.rb b/test/secret_key_finder_test.rb deleted file mode 100644 index 434dbc8d1..000000000 --- a/test/secret_key_finder_test.rb +++ /dev/null @@ -1,121 +0,0 @@ -# frozen_string_literal: true - -require 'test_helper' - -class Rails52Credentials - def credentials - OpenStruct.new(secret_key_base: 'credentials') - end -end - -class Rails52Secrets - def credentials - OpenStruct.new(secret_key_base: nil) - end - - def secrets - OpenStruct.new(secret_key_base: 'secrets') - end -end - -class Rails52Config - def credentials - OpenStruct.new(secret_key_base: nil) - end - - def secrets - OpenStruct.new(secret_key_base: nil) - end - - def config - OpenStruct.new(secret_key_base: 'config') - end -end - -class Rails52SecretKeyBase - def credentials - OpenStruct.new(secret_key_base: nil) - end - - def secrets - OpenStruct.new(secret_key_base: nil) - end - - def config - OpenStruct.new(secret_key_base: nil) - end - - def secret_key_base - 'secret_key_base' - end -end - -class Rails41Secrets - def secrets - OpenStruct.new(secret_key_base: 'secrets') - end - - def config - OpenStruct.new(secret_key_base: nil) - end -end - -class Rails41Config - def secrets - OpenStruct.new(secret_key_base: nil) - end - - def config - OpenStruct.new(secret_key_base: 'config') - end -end - -class Rails40Config - def config - OpenStruct.new(secret_key_base: 'config') - end -end - -class SecretKeyFinderTest < ActiveSupport::TestCase - test "rails 5.2 uses credentials when they're available" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails52Credentials.new) - - assert_equal 'credentials', secret_key_finder.find - end - - test "rails 5.2 uses secrets when credentials are empty" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails52Secrets.new) - - assert_equal 'secrets', secret_key_finder.find - end - - test "rails 5.2 uses config when secrets are empty" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails52Config.new) - - assert_equal 'config', secret_key_finder.find - end - - test "rails 5.2 uses secret_key_base when config is empty" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails52SecretKeyBase.new) - - assert_equal 'secret_key_base', secret_key_finder.find - end - - test "rails 4.1 uses secrets" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails41Secrets.new) - - assert_equal 'secrets', secret_key_finder.find - end - - test "rails 4.1 uses config when secrets are empty" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails41Config.new) - - assert_equal 'config', secret_key_finder.find - end - - test "rails 4.0 uses config" do - secret_key_finder = Devise::SecretKeyFinder.new(Rails40Config.new) - - assert_equal 'config', secret_key_finder.find - end -end From bb18f4d3805be0bf5f45e21be39625c7cfd9c1d6 Mon Sep 17 00:00:00 2001 From: Artin Boghosian Date: Tue, 13 Feb 2024 04:22:46 -0800 Subject: [PATCH 222/299] Update mapping.rb (#5673) Fix grammar on comment for .find_scope! [ci skip] --- lib/devise/mapping.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 7c7ea0085..8b1f94ced 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -30,7 +30,7 @@ class Mapping #:nodoc: alias :name :singular - # Receives an object and find a scope for it. If a scope cannot be found, + # Receives an object and finds a scope for it. If a scope cannot be found, # raises an error. If a symbol is given, it's considered to be the scope. def self.find_scope!(obj) obj = obj.devise_scope if obj.respond_to?(:devise_scope) From c80026d95583401a78c07428e58e50b0cf0d933b Mon Sep 17 00:00:00 2001 From: Antonis Berkakis Date: Tue, 2 Jan 2024 12:19:00 +0000 Subject: [PATCH 223/299] Update CI to run to include Ruby 3.3 - Exclude Rubies >=3.1 from latest main Gemfile as it runs on 7.2 --- .github/workflows/test.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f0e846814..1092fc61b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,6 +12,7 @@ jobs: - gemfiles/Gemfile-rails-6-1 - gemfiles/Gemfile-rails-6-0 ruby: + - '3.3' - '3.2' - '3.1' - '3.0' @@ -20,6 +21,10 @@ jobs: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.7' # Rails > 7.1 supports Ruby >= 3.1 + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.0' # Rails > 7.1 supports Ruby >= 3.1 - gemfile: Gemfile env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main From 21deb5c14514e095cb0c496cd48f03888c51b880 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 9 Apr 2024 16:58:24 -0300 Subject: [PATCH 224/299] Bump year [ci skip] --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index 248265870..2cbc2b23c 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. +Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. Permission is hereby granted, free of charge, to any person obtaining diff --git a/README.md b/README.md index 6f7025eee..7a6a165b3 100644 --- a/README.md +++ b/README.md @@ -765,6 +765,6 @@ https://github.com/heartcombo/devise/graphs/contributors ## License -MIT License. Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. +MIT License. Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From 9a7176f727131423f95726ebcda64d498cddc3fc Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Apr 2024 09:43:27 -0300 Subject: [PATCH 225/299] Cleanup changelog, point to 4-stable branch for previous changes main is targetting a v5 with some possible breaking changes, for main it's mainly dropping support for older Ruby/Rails versions, but more might come. [ci skip] --- CHANGELOG.md | 410 +-------------------------------------------------- 1 file changed, 4 insertions(+), 406 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aeca4d4b6..b2c9b55e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,413 +1,11 @@ ### Unreleased -* Drop support to Ruby < 2.7 -* Drop support to Rails < 6.0 +* breaking changes + * Drop support to Ruby < 2.7 + * Drop support to Rails < 6.0 * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) -* bug fixes - * Respect locale set by controller in failure app. Devise will carry over the current I18n.locale option when triggering authentication, and will wrap the failure app call with it. [#5567](https://github.com/heartcombo/devise/pull/5567) - -### 4.9.3 - 2023-10-11 - -* enhancements - * Add support for Rails 7.1. - * Add `Devise.deprecator` to integrate with new application deprecators in Rails 7.1. (@soartec-lab, @etiennebarrie) - -### 4.9.2 - 2023-04-03 - -* deprecations - * Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it. - -### 4.9.1 - 2023-03-31 - -* enhancements - * Allow resource class scopes to override the global configuration for `sign_in_after_reset_password` behaviour. [#5429](https://github.com/heartcombo/devise/pull/5429) [@mattr](https://github.com/mattr) - * Refactor conditional dirty tracking logic to a centralized module to simplify usage throughout the codebase. [#5575](https://github.com/heartcombo/devise/pull/5575) - * Improve support for Devise in apps with Active Record and Mongoid ORMs loaded, so it does not incorrectly uses new Active Record dirty tracking APIs with a Mongoid Devise model. [#5576](https://github.com/heartcombo/devise/pull/5576) - -* bug fixes - * Failure app will respond with configured `redirect_status` instead of `error_status` if the recall app returns a redirect status (300..399) [#5573](https://github.com/heartcombo/devise/pull/5573) - * Fix frozen string exception in validatable. [#5563](https://github.com/heartcombo/devise/pull/5563) [#5465](https://github.com/heartcombo/devise/pull/5465) [@mameier](https://github.com/mameier) - -### 4.9.0 - 2023-02-17 - -* enhancements - * Add support for Ruby 3.1/3.2. - * Add support for Hotwire + Turbo, default in Rails 7+. - * Devise uses the latest `responders` version (v3.1.0 or higher), which allows configuring the status used for validation error responses (`error_status`) and for redirects after POST/PUT/PATCH/DELETE requests (`redirect_status`). For backwards compatibility, Devise keeps `error_status` as `:ok` which returns a `200 OK` response, and `redirect_status` to `:found` which returns a `302 Found` response, but you can configure it to return `422 Unprocessable Entity` and `303 See Other` respectively, to match the behavior expected by Hotwire/Turbo: - - ```ruby - # config/initializers/devise.rb - Devise.setup do |config| - # ... - config.responder.error_status = :unprocessable_entity - config.responder.redirect_status = :see_other - # ... - end - ``` - - These configs are already generated by default with new apps, and existing apps may opt-in as described above. Trying to set these with an older version of `responders` will issue a warning and have no effect, so please upgrade the `responders` version if you're upgrading Devise for this integration. Note that these defaults may change in future versions of Devise, to better match the Rails + Hotwire/Turbo defaults across the board. - * If you have a custom responder set on your application and expect it to affect Devise as well, you may need to override the Devise responder entirely with `config.responder = MyApplicationResponder`, so that it uses your custom one. The main reason Devise uses a custom responder is to be able to configure the statuses as described above, but you can also change that config on your own responder if you want. Check the `responders` readme for more info on that. - * If you have created a custom responder and/or failure app just to customize responses for better Hotwire/Turbo integration, they should no longer be necessary. - * `:turbo_stream` is now treated as a navigational format, so it works like HTML navigation when using Turbo. Note: if you relied on `:turbo_stream` to be treated as a non-navigational format before, you can reconfigure your `navigational_formats` in the Devise initializer file to exclude it. - * OmniAuth "Sign in with" links were changed to buttons that generate HTML forms with method=POST, instead of using link + method=POST that required rails-ujs to work. Since rails-ujs is no longer the default for new Rails apps, this allows the OmniAuth buttons to work in any scenario, with or without rails-ujs and/or Turbo. This only affects apps that are using the default `devise/shared/_links.html.erb` partial from Devise with OmniAuth enabled. - * The "Cancel my account" button was changed to include the `data-turbo-confirm` option, so that it works with both rails-ujs and Turbo by default. - * Devise does not provide "sign out" links/buttons in its shared views, but if you're using `sign_out_via` with `:delete` (the default), and are using links with `method: :delete`, those need to be updated with `data: { turbo_method: :delete }` instead for Turbo. - * Check [this upgrade guide](https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-[Hotwire-Turbo-integration]) for more detailed information. - -### 4.8.1 - 2021-12-16 - -* enhancements - * Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet. - -### 4.8.0 - 2021-04-29 - -* enhancements - * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) - - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. - * Introduce `Lockable#reset_failed_attempts!` model method to reset failed attempts counter to 0 after the user signs in. - - This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with `Trackable#update_tracked_fields!`. - * Add support for Ruby 3. - * Add support for Rails 6.1. - * Move CI to GitHub Actions. - -* deprecations - * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) - -### 4.7.3 - 2020-09-20 - -* bug fixes - * Do not modify `:except` option given to `#serializable_hash`. (by @dpep) - * Fix thor deprecation when running the devise generator. (by @deivid-rodriguez) - * Fix hanging tests for streaming controllers using Devise. (by @afn) - -### 4.7.2 - 2020-06-10 - -* enhancements - * Increase default stretches to 12 (by @sergey-alekseev) - * Ruby 2.7 support (kwarg warnings removed) - -* bug fixes - * Generate scoped views with proper scoped errors partial (by @shobhitic) - * Allow to set scoped `already_authenticated` error messages (by @gurgelrenan) - -### 4.7.1 - 2019-09-06 - -* bug fixes - * Fix an edge case where records with a blank `confirmation_token` could be confirmed (by @tegon) - * Fix typo inside `update_needs_confirmation` i18n key (by @lslm) - -### 4.7.0 - 2019-08-19 - -* enhancements - * Support Rails 6.0 - * Update CI to rails 6.0.0.beta3 (by @tunnes) - * refactor method name to be more consistent (by @saiqulhaq) - * Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed) - -* bug fixes - * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) - * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) - -### 4.6.2 - 2019-03-26 - -* bug fixes - * Revert "Set `encrypted_password` to `nil` when `password` is set to `nil`" since it broke backward compatibility with existing applications. See more on https://github.com/heartcombo/devise/issues/5033#issuecomment-476386275 (by @mracos) - -### 4.6.1 - 2019-02-11 - -* bug fixes - * Check if `root_path` is defined with `#respond_to?` instead of `#present` (by @tegon) - -### 4.6.0 - 2019-02-07 - -* enhancements - * Allow to skip email and password change notifications (by @iorme1) - * Include the use of `nil` for `allow_unconfirmed_access_for` in the docs (by @joaumg) - * Ignore useless files into the `.gem` file (by @huacnlee) - * Explain the code that prevents enumeration attacks inside `Devise::Strategies::DatabaseAuthenticatable` (by @tegon) - * Refactor the `devise_error_messages!` helper to render a partial (by @prograhamer) - * Add an option (`Devise.sign_in_after_change_password`) to not automatically sign in a user after changing a password (by @knjko) - -* bug fixes - * Fix missing comma in Simple Form generator (by @colinross) - * Fix error with migration generator in Rails 6 (by @oystersauce8) - * Set `encrypted_password` to `nil` when `password` is set to `nil` (by @sivagollapalli) - * Consider whether the request supports flash messages inside `Devise::Controllers::Helpers#is_flashing_format?` (by @colinross) - * Fix typo inside `Devise::Generators::ControllersGenerator` (by @kopylovvlad) - * Sanitize parameters inside `Devise::Models::Authenticatable#find_or_initialize_with_errors` (by @rlue) - * `#after_database_authentication` callback was not called after authentication on password reset (by @kanmaniselvan) - * Fix corner case when `#confirmation_period_valid?` was called at the same second as `confirmation_sent_at` was set. Mostly true for date types that only have second precisions. (by @stanhu) - * Fix unclosed `li` tag in `error_messages` partial (by @mracos) - * Fix Routes issue when devise engine is mounted in another engine on Rails versions lower than 5.1 (by @a-barbieri) - * Make `#increment_failed_attempts` concurrency safe (by @tegon) - * Apply Test Helper fix to Rails 6.0 as well as 5.x (by @matthewrudy) - - -* deprecations - * The second argument of `DatabaseAuthenticatable`'s `#update_with_password` and `#update_without_password` is deprecated and will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. (by @ihatov08) - * The `DeviseHelper.devise_error_messages!` is deprecated and will be removed in the next major version. Use the `devise/shared/error_messages` partial instead. (by @mracos) - -### 4.5.0 - 2018-08-15 - -* enhancements - * Use `before_action` instead of `before_filter` (by @edenthecat) - * Allow people to extend devise failure app, through invoking `ActiveSupport.run_load_hooks` once `Devise::FailureApp` is loaded (by @wnm) - * Use `update` instead of `update_attributes` (by @koic) - * Split IP resolution from `update_tracked_fields` (by @mckramer) - * upgrade dependencies for rails and responders (by @lancecarlson) - * Add `autocomplete="new-password"` to new password fields (by @gssbzn) - * Add `autocomplete="current-password"` to current password fields (by @gssbzn) - * Remove redundant `self` from `database_authenticatable` module (by @abhishekkanojia) - * Update `simple_form` templates with changes from https://github.com/heartcombo/devise/commit/16b3d6d67c7e017d461ea17ed29ea9738dc77e83 and https://github.com/heartcombo/devise/commit/6260c29a867b9a656f1e1557abe347a523178fab (by @gssbzn) - * Remove `:trackable` from the default modules in the generators, to be more GDPR-friendly (by @fakenine) - -* bug fixes - * Use same string on failed login regardless of whether account exists when in paranoid mode (by @TonyMK9068) - * Fix error when params is not a hash inside `Devise::ParameterSanitizer` (by @b0nn1e) - * Look for `secret_key_base` inside `Rails.application` (by @gencer) - * Ensure `Devise::ParameterFilter` does not add missing keys when called with a hash that has a `default` / `default_proc` -configured (by @joshpencheon) - * Adds `is_navigational_format?` check to `after_sign_up_path_for` to keep consistency (by @iorme1) - -### 4.4.3 - 2018-03-17 - -* bug fixes - * Fix undefined method `rails5?` for Devise::Test:Module (by @tegon) - * Fix: secret key was being required to be set inside credentials on Rails 5.2 (by @tegon) - -### 4.4.2 - 2018-03-15 - -* enhancements - * Support for :credentials on Rails v5.2.x. (by @gencer) - * Improve documentation about the test suite. (by @tegon) - * Test with Rails 5.2.rc1 on Travis. (by @jcoyne) - * Allow test with Rails 6. (by @Fudoshiki) - * Creating a new section for controller configuration on `devise.rb` template (by @Danilo-Araujo-Silva) - -* bug fixes - * Preserve content_type for unauthenticated tests (by @gmcnaughton) - * Check if the resource is persisted in `update_tracked_fields!` instead of performing validations (by @tegon) - * Revert "Replace log_process_action to append_info_to_payload" (by @tegon) - -### 4.4.1 - 2018-01-23 - -* bug fixes - * Ensure Gemspec is loaded as utf-8. (by @segiddins) - * Fix `ActiveRecord` check on `Confirmable`. (by @tegon) - * Fix `signed_in?` docs without running auth hooks. by (@machty) - -### 4.4.0 - 2017-12-29 - -* enhancements - * Add `frozen_string_literal` pragma comment to all Ruby files. (by @pat) - * Use `set_flash_method!` instead of `set_flash_method` in `Devise::OmniauthCallbacksController#failure`. (by @saichander17) - * Clarify how `store_location_for` modifies URIs. (by @olivierlacan) - * Move `failed_attempts` increment into its own function. by (@mobilutz) - * Add `autocomplete="email"` to email fields. by (@MikeRogers0) - * Add the ability to change the default migrations path introduced in Rails 5.0.3. (by @alexhifer) - * Delete unnecessary condition for helper method. (by @davydovanton) - * Support `id: :uuid` option for migrations. (by @filip373) - -* bug fixes - * Fix syntax for MRI 2.5.0. (by @pat) - * Validations were being ignored on singup in the `Trackable#update_tracked_fields!` method. (by @AshleyFoster) - * Do not modify options for `#serializable_hash`. (by @guigs) - * Email confirmations were being sent on sign in/sign out for application using `mongoid` and `mongoid-paperclip` gems. This is because previously we were checking if a model is from Active Record by checking if the method `after_commit` was defined - since `mongoid` doesn' have one - but `mongoid-paperclip` gem does define one, which cause this issue. (by @fjg) - -### 4.3.0 - 2017-05-14 - -* Enhancements - * Dependency support added for Rails 5.1.x. - -### 4.2.1 - 2017-03-15 - -* removals - * `Devise::Mailer#scope_name` and `Devise::Mailer#resource` are now protected - methods instead of public. -* bug fixes - * Attempt to reset password without the password field in the request now results in a `:blank` validation error. - Before this change, Devise would accept the reset password request and log the user in, without validating/changing - the password. (by @victor-am) - * Confirmation links now expire based on UTC time, working properly when using different timezones. (by @jjuliano) -* enhancements - * Notify the original email when it is changed with a new `Devise.send_email_changed_notification` setting. - When using `reconfirmable`, the notification will be sent right away instead of when the unconfirmed email is confirmed. - (original change by @ethirajsrinivasan) - -### 4.2.0 - 2016-07-01 - -* removals - * Remove the deprecated `Devise::ParameterSanitizer` API from Devise 3. - Please use the `#permit` and `#sanitize` methods over `#for`. - * Remove the deprecated OmniAuth URL helpers. Use the fully qualified helpers - (`user_facebook_omniauth_authorize_path`) over the scope based helpers - ( `user_omniauth_authorize_path(:facebook)`). - * Remove the `Devise.bcrypt` method, use `Devise::Encryptor.digest` instead. - * Remove the `Devise::Models::Confirmable#confirm!` method, use `confirm` instead. - * Remove the `Devise::Models::Recoverable#reset_password!` method, use `reset_password` instead. - * Remove the `Devise::Models::Recoverable#after_password_reset` method. -* bug fixes - * Fix an `ActionDispatch::IllegalStateError` when testing controllers with Rails 5 rc 2(by @hamadata). - * Use `ActiveSupport.on_load` hooks to include Devise on `ActiveRecord` and `Mongoid`, - avoiding autoloading these constants too soon (by @lucasmazza, @rafaelfranca). -* enhancements - * Display the minimum password length on `registrations/edit` view (by @Yanchek99). - * You can disable Devise's routes reloading on boot by through the `reload_routes = false` config. - This can reduce the time taken to boot the application but it might trigger - some errors if you application (mostly your controllers) requires that - Devise mappings be loaded during boot time (by @sidonath). - * Added `Devise::Test::IntegrationHelpers` to bypass the sign in process using - Warden test API (by @lucasmazza). - * Define `inspect` in `Devise::Models::Authenticatable` to help ensure password hashes - aren't included in exceptions or otherwise accidentally serialized (by @tkrajcar). - * Add missing support of `Rails.application.config.action_controller.relative_url_root` (by @kosdiamantis). -* deprecations - * `Devise::TestHelpers` is deprecated in favor of `Devise::Test::ControllerHelpers` - (by @lucasmazza). - * The `sign_in` test helper has changed to use keyword arguments when passing - a scope. `sign_in :admin, users(:alice)` should be rewritten as - `sign_in users(:alice), scope: :admin` (by @lucasmazza). - * The option `bypass` of `Devise::Controllers::SignInOut#sign_in` method is - deprecated in favor of `Devise::Controllers::SignInOut#bypass_sign_in` - method (by @ulissesalmeida). - -### 4.1.1 - 2016-05-15 - -* bug fixes - * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev). - -### 4.1.0 - -* bug fixes - * Fix race condition of sending the confirmation instructions e-mail using background jobs. - Using the previous `after_create` callback, the e-mail can be sent before - the record be committed on database, generating a `ActiveRecord::NotFound` error. - Now the confirmation e-mail will be only sent after the database commit, - using the `after_commit` callback. - It may break your test suite on Rails 4 if you are testing the sent e-mails - or enqueued jobs using transactional fixtures enabled or `DatabaseCleaner` with `transaction` strategy. - You can easily fix your test suite using the gem - [test_after_commit](https://github.com/grosser/test_after_commit). For example, put in your Gemfile: - - ```ruby - gem 'test_after_commit', :group => :test - ``` - - On Rails 5 `after_commit` callbacks are triggered even using transactional - fixtures, then this fix will not break your test suite. If you are using `DatabaseCleaner` with the `deletion` or `truncation` strategies it may not break your tests. (by @allenwq) - * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` and - `:undefined` strategies. (by @f3ndot) -* features - * Humanize authentication keys in failure flash message (by @byzg) - When you are configuring the translations of `devise.failure.invalid`, the - `authentication_keys` is translated now. -* deprecations - * Remove code supporting old session serialization format (by @fphilipe). - * Now the `email_regexp` default uses a more permissive regex: - `/\A[^@\s]+@[^@\s]+\z/` (by @kimgb) - * Now the `strip_whitespace_keys` default is `[:email]` (by @ulissesalmeida) - * Now the `reconfirmable` default is `true` (by @ulissesalmeida) - * Now the `skip_session_storage` default is `[:http_auth]` (by @ulissesalmeida) - * Now the `sign_out_via` default is `:delete` (by @ulissesalmeida) -* improvements - * Avoids extra computation of friendly token for confirmation token (by @sbc100) - -### 4.0.3 - 2016-05-15 - - * bug fixes - * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev). - -### 4.0.2 - 2016-05-02 - -* bug fixes - * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` - and `:undefined` strategies. (by @f3ndot) - -### 4.0.1 - 2016-04-25 - -* bug fixes - * Fix the e-mail confirmation instructions send when a user updates the email - address from nil. (by @lmduc) - * Remove unnecessary `attribute_will_change!` call. (by @cadejscroggins) - * Consistent `permit!` check. (by @ulissesalmeida) - -### 4.0.0 - 2016-04-18 - -* bug fixes - * Fix the `extend_remember_period` configuration. When set to `false` it does - not update the cookie expiration anymore.(by @ulissesalmeida) - -* deprecations - * Added a warning of default value change in Devise 4.1 for users that uses - the the default configuration of the following configurations: (by @ulissesalmeida) - * `strip_whitespace_keys` - The default will be `[:email]`. - * `skip_session_storage` - The default will be `[:http_auth]`. - * `sign_out_via` - The default will be `:delete`. - * `reconfirmable` - The default will be `true`. - * `email_regexp` - The default will be `/\A[^@\s]+@[^@\s]+\z/`. - * Removed deprecated argument of `Devise::Models::Rememberable#remember_me!` (by @ulissesalmeida) - * Removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in! - (by @bogdanvlviv) - -### 4.0.0.rc2 - 2016-03-09 - -* enhancements - * Introduced `DeviseController#set_flash_message!` for conditional flash - messages setting to reduce complexity. - * `rails g devise:install` will fail if the app does not have a ORM configured - (by @arjunsharma) - * Support to Rails 5 versioned migrations added. - -* deprecations - * omniauth routes are no longer defined with a wildcard `:provider` parameter, - and provider specific routes are defined instead, so route helpers like `user_omniauth_authorize_path(:github)` are deprecated in favor of `user_github_omniauth_authorize_path`. - You can still use `omniauth_authorize_path(:user, :github)` if you need to - call the helpers dynamically. - -### 4.0.0.rc1 - 2016-02-01 - -* Support added to Rails 5 (by @twalpole). -* Devise no longer supports Rails 3.2 and 4.0. -* Devise no longer supports Ruby 1.9 and 2.0. - -* deprecations - * The `devise_parameter_sanitize` API has changed: - The `for` method was deprecated in favor of `permit`: - - ```ruby - def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_up) << :subscribe_newsletter - # Should become the following. - devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter]) - end - ``` - - The customization through instance methods on the sanitizer implementation - should be done through it's `initialize` method: - - ```ruby - class User::ParameterSanitizer < Devise::ParameterSanitizer - def sign_up - default_params.permit(:username, :email) - end - end - - # The `sign_up` method can be a `permit` call on the sanitizer `initialize`. - - class User::ParameterSanitizer < Devise::ParameterSanitizer - def initialize(*) - super - permit(:sign_up, keys: [:username, :email]) - end - end - ``` - - You can check more examples and explanations on the [README section](README.md#strong-parameters) - and on the [ParameterSanitizer docs](lib/devise/parameter_sanitizer.rb). - -Please check [3-stable](https://github.com/heartcombo/devise/blob/3-stable/CHANGELOG.md) +Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) for previous changes. From a259ff3c28912a27329727f4a3c2623d3f5cb6f2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 10 Apr 2024 09:45:08 -0300 Subject: [PATCH 226/299] Make it clearer that we're targeting a v5 going forward Use a "beta" version to make that even more explicit. --- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index eaa82dd64..92779c4c3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - devise (4.9.3) + devise (5.0.0.beta) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 6.0.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 08f7e1447..9843c4d05 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.9.3".freeze + VERSION = "5.0.0.beta".freeze end From 1d859b5db0dd6cc80322cc9f48706ccf0076ceca Mon Sep 17 00:00:00 2001 From: Jerome Dalbert Date: Sat, 17 Aug 2024 01:24:22 -0700 Subject: [PATCH 227/299] Fix CI sqlite3 error for Gemfile-rails-main --- gemfiles/Gemfile-rails-main | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 12930653e..1bec1066f 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -21,5 +21,5 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 1.4" + gem "sqlite3", "~> 2.0" end From 54e4b267a5fb62f228843f4188080d0a83bae82c Mon Sep 17 00:00:00 2001 From: Alex Brook <90186562+abr-storm@users.noreply.github.com> Date: Fri, 16 Aug 2024 10:21:28 +0100 Subject: [PATCH 228/299] splat keyword arguments when registering routes --- lib/devise/rails/routes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index f58c9fdc4..474766f9d 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -413,7 +413,7 @@ def devise_registration(mapping, controllers) #:nodoc: controller: controllers[:registrations] } - resource :registration, options do + resource :registration, **options do get :cancel end end From 25f806e2703a24602c9d910eedf4eaa9cb1bacc2 Mon Sep 17 00:00:00 2001 From: Kazuya INOUE Date: Sun, 6 Oct 2024 23:14:48 +0900 Subject: [PATCH 229/299] Remove unnecessary closing parenthesis in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7a6a165b3..e71da6e8e 100644 --- a/README.md +++ b/README.md @@ -408,7 +408,7 @@ If the customization at the views level is not enough, you can customize each co ... end ``` - Use the `-c` flag to specify one or more controllers, for example: `rails generate devise:controllers users -c sessions`) + Use the `-c` flag to specify one or more controllers, for example: `rails generate devise:controllers users -c sessions` 2. Tell the router to use this controller: From baf0d8eff2a977208120b5b98bf319b781598ae9 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Tue, 22 Oct 2024 20:45:41 +0200 Subject: [PATCH 230/299] Update CHANGELOG.md --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2c9b55e3..04328b760 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,16 @@ * breaking changes * Drop support to Ruby < 2.7 * Drop support to Rails < 6.0 + * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. + + This is potentially a breaking change because Devise previously used the following order to find a secret key: + + ``` + app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base + ``` + + Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid. + https://github.com/heartcombo/devise/pull/5645 * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) From 12f0dd1608eb3ebe2963309249f9160574d0dc6f Mon Sep 17 00:00:00 2001 From: Itay Grudev Date: Fri, 8 Nov 2024 18:13:05 +0200 Subject: [PATCH 231/299] Bug Fix: Devise Checkbox TRUE VALUES not compatible with HTML specs (missing "on" value) See: * https://html.spec.whatwg.org/multipage/input.html#checkbox-state-(type%3Dcheckbox) * https://html.spec.whatwg.org/multipage/input.html#dom-input-value-default-on This issue causes the remember me functionality not to work correctly, especially when overriding the default styles as check boxes by default in all major browsers send the value `on` as required by the HTML specifications. See also: https://stackoverflow.com/questions/5987075/devise-remember-me-not-working-localhost-issue --- lib/devise.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise.rb b/lib/devise.rb index 2b8ac66ef..3d9dc7886 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -60,7 +60,7 @@ module Test NO_INPUT = [] # True values used to check params - TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE'] + TRUE_VALUES = [true, 1, '1', 'on', 'ON', 't', 'T', 'true', 'TRUE'] # Secret key used by the key generator mattr_accessor :secret_key From 24c47140e5d2e484b49796c934a8c1efb2a434b5 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Fri, 15 Nov 2024 20:16:25 +0100 Subject: [PATCH 232/299] Make Devise.mappings work with lazy loaded routes. Starting from Rails 8.0, routes are lazy-loaded by default in test and development environments. However, Devise's mappings are built during the routes loading phase. To ensure it works correctly, we need to load the routes first before accessing @@mappings. --- CHANGELOG.md | 6 ++++-- lib/devise.rb | 8 +++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 04328b760..0adbeb67a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,16 +6,18 @@ * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: - + ``` app.credentials.secret_key_base > app.secrets.secret_key_base > application.config.secret_key_base > application.secret_key_base ``` - + Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid. https://github.com/heartcombo/devise/pull/5645 * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) + * Add Rails 8 support. + - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) for previous changes. diff --git a/lib/devise.rb b/lib/devise.rb index 3d9dc7886..5b7417ed6 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -274,8 +274,14 @@ module Test # PRIVATE CONFIGURATION # Store scopes mappings. - mattr_reader :mappings @@mappings = {} + def self.mappings + # Starting from Rails 8.0, routes are lazy-loaded by default in test and development environments. + # However, Devise's mappings are built during the routes loading phase. + # To ensure it works correctly, we need to load the routes first before accessing @@mappings. + Rails.application.try(:reload_routes_unless_loaded) + @@mappings + end # OmniAuth configurations. mattr_reader :omniauth_configs From 950721d6de8ad19debb0eb0e87e3de4eff7e47c5 Mon Sep 17 00:00:00 2001 From: Jerome Dalbert Date: Sun, 24 Nov 2024 18:28:09 -0800 Subject: [PATCH 233/299] Fix Rails 8 CI --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1092fc61b..f1c57f09f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,6 +25,8 @@ jobs: ruby: '2.7' # Rails > 7.1 supports Ruby >= 3.1 - gemfile: gemfiles/Gemfile-rails-main ruby: '3.0' # Rails > 7.1 supports Ruby >= 3.1 + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.1' # Rails >= 8.0 supports Ruby >= 3.2 - gemfile: Gemfile env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main From af112a2f65f3835c3f983276e0d166897427c19a Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sun, 17 Nov 2024 12:10:30 +0100 Subject: [PATCH 234/299] Fix Zeitwerk autoloading when ActionMailer is not present. When ActionMailer is not defined we have empty app/mailers/devise/mailer.rb file and Zeitwerk doesn't like that and errors with ``` expected file app/mailers/devise/mailer.rb to define constant Devise::Mailer ``` The fix is to tell Zeitwerk to ignore that file if ActionMailer constant if not defined. I tried to write a spec for it but since specs are run in the same process it's hard to have two Rails applications where one of them has ActionMailer define and the seconds one doesn't. --- CHANGELOG.md | 3 +++ lib/devise/rails.rb | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0adbeb67a..104b9057e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,5 +19,8 @@ * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. +* bug fixes + * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. + Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) for previous changes. diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index dad9e86dc..b5738853f 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -47,5 +47,11 @@ class Engine < ::Rails::Engine ) end end + + initializer "devise.configure_zeitwerk" do + if Rails.autoloaders.zeitwerk_enabled? && !defined?(ActionMailer) + Rails.autoloaders.main.ignore("#{root}/app/mailers/devise/mailer.rb") + end + end end end From 46c2c3913eac6acbb13c9916f011595d0d82691e Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Mon, 25 Nov 2024 15:38:47 +0100 Subject: [PATCH 235/299] Fix passing of `format` option to `devise_for` call. --- lib/devise/rails/routes.rb | 3 +-- test/routes_test.rb | 5 ----- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/lib/devise/rails/routes.rb b/lib/devise/rails/routes.rb index 474766f9d..f43e62fea 100644 --- a/lib/devise/rails/routes.rb +++ b/lib/devise/rails/routes.rb @@ -235,7 +235,6 @@ def devise_for(*resources) options[:constraints] = (@scope[:constraints] || {}).merge(options[:constraints] || {}) options[:defaults] = (@scope[:defaults] || {}).merge(options[:defaults] || {}) options[:options] = @scope[:options] || {} - options[:options][:format] = false if options[:format] == false resources.map!(&:to_sym) @@ -462,7 +461,7 @@ def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc: current_scope = @scope.dup exclusive = { as: new_as, path: new_path, module: nil } - exclusive.merge!(options.slice(:constraints, :defaults, :options)) + exclusive.merge!(options.slice(:constraints, :format, :defaults, :options)) if @scope.respond_to? :new @scope = @scope.new exclusive diff --git a/test/routes_test.rb b/test/routes_test.rb index f18fb342c..20ba31172 100644 --- a/test/routes_test.rb +++ b/test/routes_test.rb @@ -205,7 +205,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for sessions' do expected_params = {controller: 'devise/sessions', action: 'new'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get}) assert_raise ExpectedRoutingError do @@ -215,7 +214,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for passwords' do expected_params = {controller: 'devise/passwords', action: 'create'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post}) assert_raise ExpectedRoutingError do @@ -225,7 +223,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for registrations' do expected_params = {controller: 'devise/registrations', action: 'new'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get}) assert_raise ExpectedRoutingError do @@ -235,7 +232,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for confirmations' do expected_params = {controller: 'devise/confirmations', action: 'show'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get}) assert_raise ExpectedRoutingError do @@ -245,7 +241,6 @@ class CustomizedRoutingTest < ActionController::TestCase test 'map with format false for unlocks' do expected_params = {controller: 'devise/unlocks', action: 'show'} - expected_params[:format] = false assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get}) assert_raise ExpectedRoutingError do From 560a1cb16f695ce6381b1a2ef063b91b2eb915c4 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Fri, 29 Nov 2024 13:56:24 +0100 Subject: [PATCH 236/299] Use proc to set password length validation so it's possible to override it dynamically. Co-authored-by: Manoj M J --- CHANGELOG.md | 12 ++++++++++++ lib/devise/models/validatable.rb | 4 +++- test/models_test.rb | 4 ++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 104b9057e..28c1240b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,19 @@ * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. + * Password length validator is changed from + ``` + validates_length_of :password, within: password_length, allow_blank: true` + ``` + + to + + ``` + validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true + ``` + + so it's possible to override `password_length` at runtime. (@manojmj92) * bug fixes * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. diff --git a/lib/devise/models/validatable.rb b/lib/devise/models/validatable.rb index 1c22fb5fe..62486cfbe 100644 --- a/lib/devise/models/validatable.rb +++ b/lib/devise/models/validatable.rb @@ -14,6 +14,8 @@ module Models # * +email_regexp+: the regular expression used to validate e-mails; # * +password_length+: a range expressing password length. Defaults to 6..128. # + # Since +password_length+ is applied in a proc within `validates_length_of` it can be overridden + # at runtime. module Validatable # All validations used by this module. VALIDATIONS = [:validates_presence_of, :validates_uniqueness_of, :validates_format_of, @@ -34,7 +36,7 @@ def self.included(base) validates_presence_of :password, if: :password_required? validates_confirmation_of :password, if: :password_required? - validates_length_of :password, within: password_length, allow_blank: true + validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true end end diff --git a/test/models_test.rb b/test/models_test.rb index c213d2047..16acb92c9 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -26,8 +26,8 @@ def assert_include_modules(klass, *modules) test 'validations options are not applied too late' do validators = WithValidation.validators_on :password length = validators.find { |v| v.kind == :length } - assert_equal 2, length.options[:minimum] - assert_equal 6, length.options[:maximum] + assert_equal 2, length.options[:minimum].call + assert_equal 6, length.options[:maximum].call end test 'validations are applied just once' do From a78ad3f20cc7746b41c53b2447e51005d16e7ac4 Mon Sep 17 00:00:00 2001 From: soma Date: Wed, 4 Dec 2024 23:04:03 +0900 Subject: [PATCH 237/299] Fix typo in comments --- lib/devise/models/lockable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/devise/models/lockable.rb b/lib/devise/models/lockable.rb index 65bb400d0..6ab0ce747 100644 --- a/lib/devise/models/lockable.rb +++ b/lib/devise/models/lockable.rb @@ -84,7 +84,7 @@ def resend_unlock_instructions if_access_locked { send_unlock_instructions } end - # Overwrites active_for_authentication? from Devise::Models::Activatable for locking purposes + # Overwrites active_for_authentication? from Devise::Models::Authenticatable for locking purposes # by verifying whether a user is active to sign in or not based on locked? def active_for_authentication? super && !access_locked? From 46cae66baf9885d80ae25de180f9ab2166d82098 Mon Sep 17 00:00:00 2001 From: Christian Schmidt Date: Tue, 17 Dec 2024 13:31:17 +0100 Subject: [PATCH 238/299] Update argument name for config.warden --- lib/devise.rb | 4 ++-- lib/generators/templates/devise.rb | 6 +++--- test/rails_app/config/initializers/devise.rb | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/devise.rb b/lib/devise.rb index 5b7417ed6..4fec8a0e0 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -446,9 +446,9 @@ def self.add_module(module_name, options = {}) # Devise.setup do |config| # config.allow_unconfirmed_access_for = 2.days # - # config.warden do |manager| + # config.warden do |warden_config| # # Configure warden to use other strategies, like oauth. - # manager.oauth(:twitter) + # warden_config.oauth(:twitter) # end # end def self.warden(&block) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 9e6744bd7..95bda7cea 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -277,9 +277,9 @@ # If you want to use other strategies, that are not supported by Devise, or # change the failure app, you can configure them inside the config.warden block. # - # config.warden do |manager| - # manager.intercept_401 = false - # manager.default_strategies(scope: :user).unshift :some_external_strategy + # config.warden do |warden_config| + # warden_config.intercept_401 = false + # warden_config.default_strategies(scope: :user).unshift :some_external_strategy # end # ==> Mountable engine configurations diff --git a/test/rails_app/config/initializers/devise.rb b/test/rails_app/config/initializers/devise.rb index a3a339edc..85fdfe0ae 100644 --- a/test/rails_app/config/initializers/devise.rb +++ b/test/rails_app/config/initializers/devise.rb @@ -181,9 +181,9 @@ # If you want to use other strategies, that are not supported by Devise, or # change the failure app, you can configure them inside the config.warden block. # - # config.warden do |manager| - # manager.failure_app = AnotherApp - # manager.default_strategies(scope: :user).unshift :some_external_strategy + # config.warden do |warden_config| + # warden_config.failure_app = AnotherApp + # warden_config.default_strategies(scope: :user).unshift :some_external_strategy # end # ==> Configuration for :registerable From cf93de390a29654620fdf7ac07b4794eb95171d0 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 28 May 2025 08:51:42 -0300 Subject: [PATCH 239/299] Fix links to RubyDoc Closes #5778 [ci skip] --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index e71da6e8e..538bb2a77 100644 --- a/README.md +++ b/README.md @@ -9,16 +9,16 @@ Devise is a flexible authentication solution for Rails based on Warden. It: It's composed of 10 modules: -* [Database Authenticatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. -* [Omniauthable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. -* [Confirmable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. -* [Recoverable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable): resets the user password and sends reset instructions. -* [Registerable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. -* [Rememberable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. -* [Trackable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. -* [Timeoutable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. -* [Validatable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. -* [Lockable](http://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. +* [Database Authenticatable](https://www.rubydoc.info/gems/devise/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication. +* [Omniauthable](https://www.rubydoc.info/gems/devise/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support. +* [Confirmable](https://www.rubydoc.info/gems/devise/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in. +* [Recoverable](https://www.rubydoc.info/gems/devise/Devise/Models/Recoverable): resets the user password and sends reset instructions. +* [Registerable](https://www.rubydoc.info/gems/devise/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account. +* [Rememberable](https://www.rubydoc.info/gems/devise/Devise/Models/Rememberable): manages generating and clearing a token for remembering the user from a saved cookie. +* [Trackable](https://www.rubydoc.info/gems/devise/Devise/Models/Trackable): tracks sign in count, timestamps and IP address. +* [Timeoutable](https://www.rubydoc.info/gems/devise/Devise/Models/Timeoutable): expires sessions that have not been active in a specified period of time. +* [Validatable](https://www.rubydoc.info/gems/devise/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations. +* [Lockable](https://www.rubydoc.info/gems/devise/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period. ## Table of Contents @@ -454,7 +454,7 @@ Devise also ships with default routes. If you need to customize them, you should devise_for :users, path: 'auth', path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' } ``` -Be sure to check `devise_for` [documentation](http://www.rubydoc.info/github/heartcombo/devise/main/ActionDispatch/Routing/Mapper%3Adevise_for) for details. +Be sure to check `devise_for` [documentation](https://www.rubydoc.info/gems/devise/ActionDispatch/Routing/Mapper#devise_for-instance_method) for details. If you have the need for more deep customization, for instance to also allow "/sign_in" besides "/users/sign_in", all you need to do is create your routes normally and wrap them in a `devise_scope` block in the router: @@ -705,7 +705,7 @@ end ### Password reset tokens and Rails logs -If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/main/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: +If you enable the [Recoverable](https://www.rubydoc.info/gems/devise/Devise/Models/Recoverable) module, note that a stolen password reset token could give an attacker access to your application. Devise takes effort to generate random, secure tokens, and stores only token digests in the database, never plaintext. However the default logging behavior in Rails can cause plaintext tokens to leak into log files: 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked. 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked. From fa4749dddc5bdafb8bf474ec972484cae256d891 Mon Sep 17 00:00:00 2001 From: soma-git-practice <92618416+soma-git-practice@users.noreply.github.com> Date: Sat, 18 Oct 2025 01:41:42 +0900 Subject: [PATCH 240/299] Expand reconfirmable comment on generator to match the module doc (#5748) Explain the combined usage of `reconfirmable` with `send_email_changed_notification`. [ci skip] --- lib/generators/templates/devise.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 95bda7cea..9fe0ade81 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -157,6 +157,9 @@ # initial account confirmation) to be applied. Requires additional unconfirmed_email # db field (see migrations). Until confirmed, new email is stored in # unconfirmed_email column, and copied to email column on successful confirmation. + # Also, when used in conjunction with `send_email_changed_notification`, + # the notification is sent to the original email when the change is requested, + # not when the unconfirmed email is confirmed. config.reconfirmable = true # Defines which key will be used when confirming an account From 9c5e4d3c4e2ac4415f0d49cbeba6ea99c1dccf6b Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 17 Oct 2025 14:09:36 -0300 Subject: [PATCH 241/299] Update to new email, copyright, supported Ruby/Rails versions Also remove contributors section and add supported ruby/rails versions to the readme. [ci skip] --- CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 2 +- ISSUE_TEMPLATE.md | 2 +- MIT-LICENSE | 4 ++-- README.md | 28 ++++++++++++++++------------ devise.gemspec | 2 +- 6 files changed, 22 insertions(+), 18 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index a94736201..5d594d2f5 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -17,6 +17,6 @@ Project maintainers have the right and responsibility to remove, edit, or reject This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [heartcombo@googlegroups.com](heartcombo@googlegroups.com) or contacting one or more of the project maintainers. +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [heartcombo.oss@gmail.com](heartcombo.oss@gmail.com) or contacting one or more of the project maintainers. This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 51b94f9d4..336d614f4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -30,7 +30,7 @@ the project wiki, documentation and source code first, or try to ask your questi on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). **If you find a security bug, do not report it through GitHub. Please send an -e-mail to [heartcombo@googlegroups.com](mailto:heartcombo@googlegroups.com) +e-mail to [heartcombo.oss@gmail.com](mailto:heartcombo.oss@gmail.com) instead.** ## Sending Pull Requests diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 904d81073..445eedba5 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -2,7 +2,7 @@ - Do not use the issues tracker for help or support, try Stack Overflow. - For bugs, do a quick search and make sure the bug has not yet been reported -- If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo@googlegroups.com instead. +- If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo.oss@gmail.com instead. - Finally, be nice and have fun! ## Environment diff --git a/MIT-LICENSE b/MIT-LICENSE index 2cbc2b23c..d54bbdc9b 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,5 +1,5 @@ -Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. -Copyright 2009-2019 Plataformatec. +Copyright (c) 2020-2025 Rafael França, Carlos Antonio da Silva +Copyright (c) 2009-2019 Plataformatec Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index 538bb2a77..6521e241e 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ It's composed of 10 modules: - [RDocs](#rdocs) - [Example applications](#example-applications) - [Extensions](#extensions) + - [Supported Ruby / Rails versions](#supported-ruby--rails-versions) - [Contributing](#contributing) - [Starting with Rails?](#starting-with-rails) - [Getting started](#getting-started) @@ -52,7 +53,6 @@ It's composed of 10 modules: - [Rails API mode](#rails-api-mode) - [Additional information](#additional-information) - [Warden](#warden) - - [Contributors](#contributors) - [License](#license) @@ -73,7 +73,7 @@ If you discover a problem with Devise, we would like to know about it. However, https://github.com/heartcombo/devise/wiki/Bug-reports -If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to heartcombo@googlegroups.com. +If you have discovered a security related bug, please do *NOT* use the GitHub issue tracker. Send an email to heartcombo.oss@gmail.com. ### StackOverflow and Mailing List @@ -81,9 +81,10 @@ If you have any questions, comments, or concerns, please use StackOverflow inste http://stackoverflow.com/questions/tagged/devise -The deprecated mailing list can still be read on +The deprecated mailing lists can still be read on: https://groups.google.com/group/plataformatec-devise +https://groups.google.com/group/heartcombo ### RDocs @@ -105,6 +106,13 @@ Our community has created a number of extensions that add functionality above an https://github.com/heartcombo/devise/wiki/Extensions +### Supported Ruby / Rails versions + +We intend to maintain support for all Ruby / Rails versions that haven't reached end-of-life. + +For more information about specific versions please check [Ruby](https://www.ruby-lang.org/en/downloads/branches/) +and [Rails](https://guides.rubyonrails.org/maintenance_policy.html) maintenance policies, and our test matrix. + ### Contributing We hope that you will consider contributing to Devise. Please read this short overview for some information about how to get started: @@ -114,7 +122,7 @@ https://github.com/heartcombo/devise/wiki/Contributing You will usually want to write tests for your changes. To run the test suite, go into Devise's top-level directory and run `bundle install` and `bin/test`. Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`. -### DEVISE_ORM +#### DEVISE_ORM Since Devise supports both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM. The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`: ``` @@ -126,7 +134,7 @@ When running the tests for Mongoid, you will need to have a MongoDB server (vers Please note that the command output will show the variable value being used. -### BUNDLE_GEMFILE +#### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. For example, if the tests broke using Ruby 3.0.0 and Rails 6.0, you can do the following: @@ -757,14 +765,10 @@ Devise is based on Warden, which is a general Rack authentication framework crea https://github.com/wardencommunity/warden -### Contributors - -We have a long list of valued contributors. Check them all at: - -https://github.com/heartcombo/devise/graphs/contributors - ## License -MIT License. Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec. +MIT License. +Copyright 2020-2025 Rafael França, Carlos Antonio da Silva. +Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). diff --git a/devise.gemspec b/devise.gemspec index d53c959a7..c8f24cc20 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -10,7 +10,7 @@ Gem::Specification.new do |s| s.platform = Gem::Platform::RUBY s.licenses = ["MIT"] s.summary = "Flexible authentication solution for Rails with Warden" - s.email = "heartcombo@googlegroups.com" + s.email = "heartcombo.oss@gmail.com" s.homepage = "https://github.com/heartcombo/devise" s.description = "Flexible authentication solution for Rails with Warden" s.authors = ['José Valim', 'Carlos Antônio'] From dbc8e77ea0a6396dcaa4688d525004d6f9e555d7 Mon Sep 17 00:00:00 2001 From: Greg Molnar Date: Tue, 21 Oct 2025 19:52:04 +0000 Subject: [PATCH 242/299] Make test suite work (#5770) * Drop support for Rails < 7 and Ruby < 2.7 * Add tests to support to Rails 8+ * Fix test suite across all supported versions --- .github/workflows/test.yml | 41 ++-- Gemfile | 8 +- Gemfile.lock | 180 ++++++++++-------- gemfiles/Gemfile-rails-7-0 | 13 -- .../{Gemfile-rails-6-0 => Gemfile-rails-7-1} | 4 +- .../{Gemfile-rails-6-1 => Gemfile-rails-7-2} | 11 +- gemfiles/Gemfile-rails-8-0 | 25 +++ test/rails_app/config/application.rb | 1 + test/support/webrat/matchers.rb | 8 +- 9 files changed, 161 insertions(+), 130 deletions(-) rename gemfiles/{Gemfile-rails-6-0 => Gemfile-rails-7-1} (78%) rename gemfiles/{Gemfile-rails-6-1 => Gemfile-rails-7-2} (67%) create mode 100644 gemfiles/Gemfile-rails-8-0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f1c57f09f..ec8aa990f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,8 +9,9 @@ jobs: - Gemfile - gemfiles/Gemfile-rails-main - gemfiles/Gemfile-rails-7-0 - - gemfiles/Gemfile-rails-6-1 - - gemfiles/Gemfile-rails-6-0 + - gemfiles/Gemfile-rails-7-1 + - gemfiles/Gemfile-rails-7-2 + - gemfiles/Gemfile-rails-8-0 ruby: - '3.3' - '3.2' @@ -21,26 +22,32 @@ jobs: - DEVISE_ORM=active_record - DEVISE_ORM=mongoid exclude: - - gemfile: gemfiles/Gemfile-rails-main - ruby: '2.7' # Rails > 7.1 supports Ruby >= 3.1 - - gemfile: gemfiles/Gemfile-rails-main - ruby: '3.0' # Rails > 7.1 supports Ruby >= 3.1 - - gemfile: gemfiles/Gemfile-rails-main - ruby: '3.1' # Rails >= 8.0 supports Ruby >= 3.2 - gemfile: Gemfile env: DEVISE_ORM=mongoid - gemfile: gemfiles/Gemfile-rails-main env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-7-0 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-6-1 - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-6-0 - ruby: '3.2' - - gemfile: gemfiles/Gemfile-rails-6-0 + - gemfile: Gemfile ruby: '3.1' - - gemfile: gemfiles/Gemfile-rails-6-0 - env: DEVISE_ORM=mongoid + - gemfile: Gemfile + ruby: '3.0' + - gemfile: Gemfile + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-8-0 + ruby: '3.1' + - gemfile: gemfiles/Gemfile-rails-8-0 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-8-0 + ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-7-2 + ruby: '3.0' + - gemfile: gemfiles/Gemfile-rails-7-2 + ruby: '2.7' runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} diff --git a/Gemfile b/Gemfile index 722eb59a0..96f51cedb 100644 --- a/Gemfile +++ b/Gemfile @@ -4,9 +4,9 @@ source "https://rubygems.org" gemspec -gem "rails", "~> 7.1.0" gem "omniauth" gem "omniauth-oauth2" +gem "rails", "~> 8.1.0.rc1" gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" @@ -14,16 +14,16 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" group :test do + gem "mocha", "~> 2.1", require: false gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" gem "timecop" - gem "webrat", "0.7.3", require: false - gem "mocha", "~> 2.1", require: false + gem "webrat" end platforms :ruby do - gem "sqlite3", "~> 1.4" + gem "sqlite3", "~> 2.1" end # platforms :jruby do diff --git a/Gemfile.lock b/Gemfile.lock index 92779c4c3..a39d4a215 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,87 +20,88 @@ PATH GEM remote: https://rubygems.org/ specs: - actioncable (7.1.0) - actionpack (= 7.1.0) - activesupport (= 7.1.0) + action_text-trix (2.1.15) + railties + actioncable (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.0) - actionpack (= 7.1.0) - activejob (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) - mail (>= 2.7.1) - net-imap - net-pop - net-smtp - actionmailer (7.1.0) - actionpack (= 7.1.0) - actionview (= 7.1.0) - activejob (= 7.1.0) - activesupport (= 7.1.0) - mail (~> 2.5, >= 2.5.4) - net-imap - net-pop - net-smtp + actionmailbox (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + activejob (= 8.1.0.rc1) + activerecord (= 8.1.0.rc1) + activestorage (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) + mail (>= 2.8.0) + actionmailer (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + actionview (= 8.1.0.rc1) + activejob (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) + mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.1.0) - actionview (= 7.1.0) - activesupport (= 7.1.0) + actionpack (8.1.0.rc1) + actionview (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.0) - actionpack (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) + useragent (~> 0.16) + actiontext (8.1.0.rc1) + action_text-trix (~> 2.1.15) + actionpack (= 8.1.0.rc1) + activerecord (= 8.1.0.rc1) + activestorage (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.0) - activesupport (= 7.1.0) + actionview (8.1.0.rc1) + activesupport (= 8.1.0.rc1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.1.0) - activesupport (= 7.1.0) + activejob (8.1.0.rc1) + activesupport (= 8.1.0.rc1) globalid (>= 0.3.6) - activemodel (7.1.0) - activesupport (= 7.1.0) - activerecord (7.1.0) - activemodel (= 7.1.0) - activesupport (= 7.1.0) + activemodel (8.1.0.rc1) + activesupport (= 8.1.0.rc1) + activerecord (8.1.0.rc1) + activemodel (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) timeout (>= 0.4.0) - activestorage (7.1.0) - actionpack (= 7.1.0) - activejob (= 7.1.0) - activerecord (= 7.1.0) - activesupport (= 7.1.0) + activestorage (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + activejob (= 8.1.0.rc1) + activerecord (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) marcel (~> 1.0) - activesupport (7.1.0) + activesupport (8.1.0.rc1) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + json + logger (>= 1.4.2) minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) base64 (0.1.1) bcrypt (3.1.19) bigdecimal (3.1.4) builder (3.2.4) - concurrent-ruby (1.2.2) + concurrent-ruby (1.3.5) connection_pool (2.4.1) crass (1.0.6) - date (3.3.3) + date (3.4.1) drb (2.1.1) ruby2_keywords erubi (1.12.0) @@ -109,16 +110,19 @@ GEM faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - globalid (1.2.1) + globalid (1.3.0) activesupport (>= 6.1) hashie (5.0.0) i18n (1.14.1) concurrent-ruby (~> 1.0) io-console (0.6.0) - irb (1.8.1) - rdoc - reline (>= 0.3.8) + irb (1.15.1) + pp (>= 0.6.0) + rdoc (>= 4.0.0) + reline (>= 0.4.2) + json (2.15.1) jwt (2.7.1) + logger (1.6.6) loofah (2.21.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -127,24 +131,23 @@ GEM net-imap net-pop net-smtp - marcel (1.0.2) + marcel (1.1.0) mini_mime (1.1.5) mini_portile2 (2.8.4) minitest (5.20.0) mocha (2.1.0) ruby2_keywords (>= 0.0.5) multi_xml (0.6.0) - mutex_m (0.1.2) - net-imap (0.4.1) + net-imap (0.5.12) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout - net-smtp (0.4.0) + net-smtp (0.5.1) net-protocol - nio4r (2.5.9) + nio4r (2.7.4) nokogiri (1.15.4) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -168,6 +171,9 @@ GEM omniauth (>= 1.0, < 3.0) rack-openid (~> 1.4.0) orm_adapter (0.5.0) + pp (0.6.2) + prettyprint + prettyprint (0.2.0) psych (5.1.0) stringio racc (1.7.1) @@ -184,20 +190,20 @@ GEM rackup (1.0.0) rack (< 3) webrick - rails (7.1.0) - actioncable (= 7.1.0) - actionmailbox (= 7.1.0) - actionmailer (= 7.1.0) - actionpack (= 7.1.0) - actiontext (= 7.1.0) - actionview (= 7.1.0) - activejob (= 7.1.0) - activemodel (= 7.1.0) - activerecord (= 7.1.0) - activestorage (= 7.1.0) - activesupport (= 7.1.0) + rails (8.1.0.rc1) + actioncable (= 8.1.0.rc1) + actionmailbox (= 8.1.0.rc1) + actionmailer (= 8.1.0.rc1) + actionpack (= 8.1.0.rc1) + actiontext (= 8.1.0.rc1) + actionview (= 8.1.0.rc1) + activejob (= 8.1.0.rc1) + activemodel (= 8.1.0.rc1) + activerecord (= 8.1.0.rc1) + activestorage (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) bundler (>= 1.15.0) - railties (= 7.1.0) + railties (= 8.1.0.rc1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -205,18 +211,19 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.1.0) - actionpack (= 7.1.0) - activesupport (= 7.1.0) - irb + railties (8.1.0.rc1) + actionpack (= 8.1.0.rc1) + activesupport (= 8.1.0.rc1) + irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) + tsort (>= 0.2) zeitwerk (~> 2.6) rake (13.0.6) rdoc (6.5.0) psych (>= 4.0.0) - reline (0.3.9) + reline (0.6.0) io-console (~> 0.5) responders (3.1.0) actionpack (>= 5.2) @@ -224,17 +231,21 @@ GEM rexml (3.2.6) ruby-openid (2.9.2) ruby2_keywords (0.0.5) + securerandom (0.4.1) snaky_hash (2.0.1) hashie version_gem (~> 1.1, >= 1.1.1) - sqlite3 (1.6.6) + sqlite3 (2.6.0) mini_portile2 (~> 2.8.0) stringio (3.0.8) thor (1.2.2) timecop (0.9.8) - timeout (0.4.0) + timeout (0.4.3) + tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) + uri (1.0.3) + useragent (0.16.11) version_gem (1.1.3) warden (1.2.9) rack (>= 2.0.9) @@ -243,7 +254,8 @@ GEM rack (>= 1.0) rack-test (>= 0.5.3) webrick (1.8.1) - websocket-driver (0.7.6) + websocket-driver (0.8.0) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) zeitwerk (2.6.12) @@ -258,14 +270,14 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 7.1.0) + rails (~> 8.1.0.rc1) rails-controller-testing! rdoc responders (~> 3.1) rexml - sqlite3 (~> 1.4) + sqlite3 (~> 2.1) timecop - webrat (= 0.7.3) + webrat BUNDLED WITH 2.4.5 diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index ee474728e..468b25e29 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -1,5 +1,3 @@ -# frozen_string_literal: true - source "https://rubygems.org" gemspec path: ".." @@ -25,14 +23,3 @@ end platforms :ruby do gem "sqlite3", "~> 1.4" end - -# platforms :jruby do -# gem "activerecord-jdbc-adapter" -# gem "activerecord-jdbcsqlite3-adapter" -# gem "jruby-openssl" -# end - -# TODO: -# group :mongoid do -# gem "mongoid", "~> 4.0.0" -# end diff --git a/gemfiles/Gemfile-rails-6-0 b/gemfiles/Gemfile-rails-7-1 similarity index 78% rename from gemfiles/Gemfile-rails-6-0 rename to gemfiles/Gemfile-rails-7-1 index b6afb6723..b20df9043 100644 --- a/gemfiles/Gemfile-rails-6-0 +++ b/gemfiles/Gemfile-rails-7-1 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 6.0.0', github: 'rails/rails', branch: '6-0-stable' +gem "rails", "~> 7.1.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -16,7 +16,7 @@ group :test do gem "omniauth-openid" gem "rexml" gem "timecop" - gem "webrat", "0.7.3", require: false + gem "webrat" gem "mocha", "~> 2.1", require: false end diff --git a/gemfiles/Gemfile-rails-6-1 b/gemfiles/Gemfile-rails-7-2 similarity index 67% rename from gemfiles/Gemfile-rails-6-1 rename to gemfiles/Gemfile-rails-7-2 index bdebe1a76..28aef1fbb 100644 --- a/gemfiles/Gemfile-rails-6-1 +++ b/gemfiles/Gemfile-rails-7-2 @@ -2,7 +2,8 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", '~> 6.1.0' +gem "rails", "~> 7.1.0" + gem "omniauth" gem "omniauth-oauth2" gem "rdoc" @@ -11,18 +12,12 @@ gem "rails-controller-testing", github: "rails/rails-controller-testing" gem "responders", "~> 3.1" -if RUBY_VERSION >= "3.1" - gem "net-smtp", require: false - gem "net-imap", require: false - gem "net-pop", require: false -end - group :test do gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" gem "timecop" - gem "webrat", "0.7.3", require: false + gem "webrat", require: false gem "mocha", "~> 2.1", require: false end diff --git a/gemfiles/Gemfile-rails-8-0 b/gemfiles/Gemfile-rails-8-0 new file mode 100644 index 000000000..e279a8ecf --- /dev/null +++ b/gemfiles/Gemfile-rails-8-0 @@ -0,0 +1,25 @@ +source "https://rubygems.org" + +gemspec path: ".." + +gem "rails", "~> 8.0.0" +gem "omniauth" +gem "omniauth-oauth2" +gem "rdoc" + +gem "rails-controller-testing", github: "rails/rails-controller-testing" + +gem "responders", "~> 3.1" + +group :test do + gem "omniauth-facebook" + gem "omniauth-openid" + gem "rexml" + gem "timecop" + gem 'webrat' + gem "mocha", "~> 2.1", require: false +end + +platforms :ruby do + gem "sqlite3", "~> 2.1" +end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index cb333819c..2371eb08c 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -2,6 +2,7 @@ require File.expand_path('../boot', __FILE__) +require "logger" require "action_controller/railtie" require "action_mailer/railtie" require "rails/test_unit/railtie" diff --git a/test/support/webrat/matchers.rb b/test/support/webrat/matchers.rb index 31815d460..219ac2594 100644 --- a/test/support/webrat/matchers.rb +++ b/test/support/webrat/matchers.rb @@ -4,9 +4,13 @@ module Matchers class HaveSelector def query Nokogiri::CSS.parse(@expected.to_s).map do |ast| - ast.to_xpath("//", Nokogiri::CSS::XPathVisitor.new) + if ::Gem::Version.new(Nokogiri::VERSION) < ::Gem::Version.new('1.17.2') + ast.to_xpath('//', Nokogiri::CSS::XPathVisitor.new) + else + ast.to_xpath(Nokogiri::CSS::XPathVisitor.new) + end end.first end end end -end \ No newline at end of file +end From 141ef373396a4c19a619a24647bc323dc853c6ac Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Tue, 21 Oct 2025 17:28:05 -0300 Subject: [PATCH 243/299] Add Ruby 3.4 & build updates (#5801) Update bundle to avoid 3.4 mutex_m require error. Test against Rails 7.0 branch which contains Ruby 3.4 fixes. Update changelog to mention Rails < 7.0 support being dropped. Builds on top of https://github.com/heartcombo/devise/pull/5770 Closes https://github.com/heartcombo/devise/pull/5776 Closes https://github.com/heartcombo/devise/pull/5761 --- .github/workflows/test.yml | 1 + CHANGELOG.md | 3 +- Gemfile.lock | 150 ++++++++++++++++++++----------------- gemfiles/Gemfile-rails-7-0 | 2 +- 4 files changed, 86 insertions(+), 70 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ec8aa990f..961fc470d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,6 +13,7 @@ jobs: - gemfiles/Gemfile-rails-7-2 - gemfiles/Gemfile-rails-8-0 ruby: + - '3.4' - '3.3' - '3.2' - '3.1' diff --git a/CHANGELOG.md b/CHANGELOG.md index 28c1240b9..95f92d3c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ * breaking changes * Drop support to Ruby < 2.7 - * Drop support to Rails < 6.0 + * Drop support to Rails < 7.0 * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: @@ -18,6 +18,7 @@ * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. + * Add Ruby 3.4 support. * Password length validator is changed from ``` diff --git a/Gemfile.lock b/Gemfile.lock index a39d4a215..3d866346a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -94,36 +94,38 @@ GEM securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) - base64 (0.1.1) - bcrypt (3.1.19) - bigdecimal (3.1.4) - builder (3.2.4) + base64 (0.3.0) + bcrypt (3.1.20) + bigdecimal (3.3.1) + builder (3.3.0) concurrent-ruby (1.3.5) - connection_pool (2.4.1) + connection_pool (2.5.4) crass (1.0.6) date (3.4.1) - drb (2.1.1) - ruby2_keywords - erubi (1.12.0) - faraday (2.7.11) - base64 - faraday-net_http (>= 2.0, < 3.1) - ruby2_keywords (>= 0.0.4) - faraday-net_http (3.0.2) + drb (2.2.3) + erb (5.1.1) + erubi (1.13.1) + faraday (2.14.0) + faraday-net_http (>= 2.0, < 3.5) + json + logger + faraday-net_http (3.4.1) + net-http (>= 0.5.0) globalid (1.3.0) activesupport (>= 6.1) hashie (5.0.0) - i18n (1.14.1) + i18n (1.14.7) concurrent-ruby (~> 1.0) - io-console (0.6.0) - irb (1.15.1) + io-console (0.8.1) + irb (1.15.2) pp (>= 0.6.0) rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.15.1) - jwt (2.7.1) - logger (1.6.6) - loofah (2.21.3) + jwt (3.1.2) + base64 + logger (1.7.0) + loofah (2.24.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -133,11 +135,14 @@ GEM net-smtp marcel (1.1.0) mini_mime (1.1.5) - mini_portile2 (2.8.4) - minitest (5.20.0) - mocha (2.1.0) + mini_portile2 (2.8.9) + minitest (5.26.0) + mocha (2.7.1) ruby2_keywords (>= 0.0.5) - multi_xml (0.6.0) + multi_xml (0.7.2) + bigdecimal (~> 3.1) + net-http (0.6.0) + uri net-imap (0.5.12) date net-protocol @@ -148,48 +153,56 @@ GEM net-smtp (0.5.1) net-protocol nio4r (2.7.4) - nokogiri (1.15.4) + nokogiri (1.18.10) mini_portile2 (~> 2.8.2) racc (~> 1.4) - oauth2 (2.0.9) - faraday (>= 0.17.3, < 3.0) - jwt (>= 1.0, < 3.0) + oauth2 (2.0.17) + faraday (>= 0.17.3, < 4.0) + jwt (>= 1.0, < 4.0) + logger (~> 1.2) multi_xml (~> 0.5) rack (>= 1.2, < 4) - snaky_hash (~> 2.0) - version_gem (~> 1.1) - omniauth (2.1.1) + snaky_hash (~> 2.0, >= 2.0.3) + version_gem (~> 1.1, >= 1.1.9) + omniauth (2.1.4) hashie (>= 3.4.6) + logger rack (>= 2.2.3) rack-protection - omniauth-facebook (9.0.0) - omniauth-oauth2 (~> 1.2) + omniauth-facebook (10.0.0) + bigdecimal + omniauth-oauth2 (>= 1.2, < 3) omniauth-oauth2 (1.8.0) oauth2 (>= 1.4, < 3) omniauth (~> 2.0) - omniauth-openid (2.0.1) - omniauth (>= 1.0, < 3.0) - rack-openid (~> 1.4.0) + omniauth-openid (2.0.2) + omniauth (>= 1.1) + rack-openid (~> 1.4) + ruby-openid (~> 2.1, >= 2.1.8) + version_gem (~> 1.1, >= 1.1.8) orm_adapter (0.5.0) - pp (0.6.2) + pp (0.6.3) prettyprint prettyprint (0.2.0) - psych (5.1.0) + psych (5.2.6) + date stringio - racc (1.7.1) - rack (2.2.8) + racc (1.8.1) + rack (3.2.3) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) - rack-protection (3.1.0) - rack (~> 2.2, >= 2.2.4) - rack-session (1.0.1) - rack (< 3) - rack-test (2.1.0) + rack-protection (4.2.1) + base64 (>= 0.1.0) + logger (>= 1.6.0) + rack (>= 3.0.0, < 4) + rack-session (2.1.1) + base64 (>= 0.1.0) + rack (>= 3.0.0) + rack-test (2.2.0) rack (>= 1.3) - rackup (1.0.0) - rack (< 3) - webrick + rackup (2.2.1) + rack (>= 3) rails (8.1.0.rc1) actioncable (= 8.1.0.rc1) actionmailbox (= 8.1.0.rc1) @@ -204,13 +217,13 @@ GEM activesupport (= 8.1.0.rc1) bundler (>= 1.15.0) railties (= 8.1.0.rc1) - rails-dom-testing (2.2.0) + rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) + rails-html-sanitizer (1.6.2) loofah (~> 2.21) - nokogiri (~> 1.14) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) railties (8.1.0.rc1) actionpack (= 8.1.0.rc1) activesupport (= 8.1.0.rc1) @@ -220,45 +233,46 @@ GEM thor (~> 1.0, >= 1.2.2) tsort (>= 0.2) zeitwerk (~> 2.6) - rake (13.0.6) - rdoc (6.5.0) + rake (13.3.0) + rdoc (6.15.0) + erb psych (>= 4.0.0) - reline (0.6.0) + tsort + reline (0.6.2) io-console (~> 0.5) - responders (3.1.0) - actionpack (>= 5.2) - railties (>= 5.2) - rexml (3.2.6) + responders (3.2.0) + actionpack (>= 7.0) + railties (>= 7.0) + rexml (3.4.4) ruby-openid (2.9.2) ruby2_keywords (0.0.5) securerandom (0.4.1) - snaky_hash (2.0.1) - hashie - version_gem (~> 1.1, >= 1.1.1) - sqlite3 (2.6.0) + snaky_hash (2.0.3) + hashie (>= 0.1.0, < 6) + version_gem (>= 1.1.8, < 3) + sqlite3 (2.7.4) mini_portile2 (~> 2.8.0) - stringio (3.0.8) - thor (1.2.2) - timecop (0.9.8) + stringio (3.1.7) + thor (1.4.0) + timecop (0.9.10) timeout (0.4.3) tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - uri (1.0.3) + uri (1.0.4) useragent (0.16.11) - version_gem (1.1.3) + version_gem (1.1.9) warden (1.2.9) rack (>= 2.0.9) webrat (0.7.3) nokogiri (>= 1.2.0) rack (>= 1.0) rack-test (>= 0.5.3) - webrick (1.8.1) websocket-driver (0.8.0) base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.6.12) + zeitwerk (2.7.3) PLATFORMS ruby diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index 468b25e29..c155e8cbc 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", "~> 7.0.0" +gem "rails", "~> 7.0.0", github: "rails/rails", branch: "7-0-stable" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From 1cf31d45ebe80656b3e830c977c0030fb8e93718 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 24 Oct 2025 11:23:10 -0300 Subject: [PATCH 244/299] Update to test with Rails v8.1.0 final --- Gemfile | 2 +- Gemfile.lock | 111 ++++++++++++++++++++++++++------------------------- 2 files changed, 57 insertions(+), 56 deletions(-) diff --git a/Gemfile b/Gemfile index 96f51cedb..29945422d 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ gemspec gem "omniauth" gem "omniauth-oauth2" -gem "rails", "~> 8.1.0.rc1" +gem "rails", "~> 8.1.0" gem "rdoc" gem "rails-controller-testing", github: "rails/rails-controller-testing" diff --git a/Gemfile.lock b/Gemfile.lock index 3d866346a..d0e848a1a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -22,29 +22,29 @@ GEM specs: action_text-trix (2.1.15) railties - actioncable (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actioncable (8.1.0) + actionpack (= 8.1.0) + activesupport (= 8.1.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - activejob (= 8.1.0.rc1) - activerecord (= 8.1.0.rc1) - activestorage (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionmailbox (8.1.0) + actionpack (= 8.1.0) + activejob (= 8.1.0) + activerecord (= 8.1.0) + activestorage (= 8.1.0) + activesupport (= 8.1.0) mail (>= 2.8.0) - actionmailer (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - actionview (= 8.1.0.rc1) - activejob (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionmailer (8.1.0) + actionpack (= 8.1.0) + actionview (= 8.1.0) + activejob (= 8.1.0) + activesupport (= 8.1.0) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.1.0.rc1) - actionview (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionpack (8.1.0) + actionview (= 8.1.0) + activesupport (= 8.1.0) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -52,36 +52,36 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.1.0.rc1) + actiontext (8.1.0) action_text-trix (~> 2.1.15) - actionpack (= 8.1.0.rc1) - activerecord (= 8.1.0.rc1) - activestorage (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionpack (= 8.1.0) + activerecord (= 8.1.0) + activestorage (= 8.1.0) + activesupport (= 8.1.0) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.1.0.rc1) - activesupport (= 8.1.0.rc1) + actionview (8.1.0) + activesupport (= 8.1.0) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.1.0.rc1) - activesupport (= 8.1.0.rc1) + activejob (8.1.0) + activesupport (= 8.1.0) globalid (>= 0.3.6) - activemodel (8.1.0.rc1) - activesupport (= 8.1.0.rc1) - activerecord (8.1.0.rc1) - activemodel (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + activemodel (8.1.0) + activesupport (= 8.1.0) + activerecord (8.1.0) + activemodel (= 8.1.0) + activesupport (= 8.1.0) timeout (>= 0.4.0) - activestorage (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - activejob (= 8.1.0.rc1) - activerecord (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + activestorage (8.1.0) + actionpack (= 8.1.0) + activejob (= 8.1.0) + activerecord (= 8.1.0) + activesupport (= 8.1.0) marcel (~> 1.0) - activesupport (8.1.0.rc1) + activesupport (8.1.0) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) @@ -128,7 +128,8 @@ GEM loofah (2.24.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) - mail (2.8.1) + mail (2.9.0) + logger mini_mime (>= 0.1.1) net-imap net-pop @@ -203,20 +204,20 @@ GEM rack (>= 1.3) rackup (2.2.1) rack (>= 3) - rails (8.1.0.rc1) - actioncable (= 8.1.0.rc1) - actionmailbox (= 8.1.0.rc1) - actionmailer (= 8.1.0.rc1) - actionpack (= 8.1.0.rc1) - actiontext (= 8.1.0.rc1) - actionview (= 8.1.0.rc1) - activejob (= 8.1.0.rc1) - activemodel (= 8.1.0.rc1) - activerecord (= 8.1.0.rc1) - activestorage (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + rails (8.1.0) + actioncable (= 8.1.0) + actionmailbox (= 8.1.0) + actionmailer (= 8.1.0) + actionpack (= 8.1.0) + actiontext (= 8.1.0) + actionview (= 8.1.0) + activejob (= 8.1.0) + activemodel (= 8.1.0) + activerecord (= 8.1.0) + activestorage (= 8.1.0) + activesupport (= 8.1.0) bundler (>= 1.15.0) - railties (= 8.1.0.rc1) + railties (= 8.1.0) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -224,9 +225,9 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.1.0.rc1) - actionpack (= 8.1.0.rc1) - activesupport (= 8.1.0.rc1) + railties (8.1.0) + actionpack (= 8.1.0) + activesupport (= 8.1.0) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -284,7 +285,7 @@ DEPENDENCIES omniauth-facebook omniauth-oauth2 omniauth-openid - rails (~> 8.1.0.rc1) + rails (~> 8.1.0) rails-controller-testing! rdoc responders (~> 3.1) From 5a82ad574064a97b7458c73694a2b407c46bcb14 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 24 Oct 2025 11:27:31 -0300 Subject: [PATCH 245/299] Fix nokogiri deprecation warning ./devise/test/support/webrat/matchers.rb:6: warning: Nokogiri::CSS.parse is deprecated and will be removed in a future version of Nokogiri. Use Nokogiri::CSS::Parser#parse instead. --- test/support/webrat/matchers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/support/webrat/matchers.rb b/test/support/webrat/matchers.rb index 219ac2594..24d71df3d 100644 --- a/test/support/webrat/matchers.rb +++ b/test/support/webrat/matchers.rb @@ -3,7 +3,7 @@ module Webrat module Matchers class HaveSelector def query - Nokogiri::CSS.parse(@expected.to_s).map do |ast| + Nokogiri::CSS::Parser.new.parse(@expected.to_s).map do |ast| if ::Gem::Version.new(Nokogiri::VERSION) < ::Gem::Version.new('1.17.2') ast.to_xpath('//', Nokogiri::CSS::XPathVisitor.new) else From d60f81008676edc6ae9c8e6e4b28a20a473185d3 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 24 Oct 2025 11:32:33 -0300 Subject: [PATCH 246/299] Use currently released version of rails-controller-testing We pointed to github to fix issues with Ruby 2.7 and kwargs, but since then a version 1.0.5 was released which includes those fixes. There's a few more things in their main, but nothing we need if all is green. --- Gemfile | 2 +- Gemfile.lock | 15 +++++---------- gemfiles/Gemfile-rails-7-0 | 2 +- gemfiles/Gemfile-rails-7-1 | 2 +- gemfiles/Gemfile-rails-7-2 | 2 +- gemfiles/Gemfile-rails-8-0 | 2 +- gemfiles/Gemfile-rails-main | 2 +- 7 files changed, 11 insertions(+), 16 deletions(-) diff --git a/Gemfile b/Gemfile index 29945422d..88da13e28 100644 --- a/Gemfile +++ b/Gemfile @@ -9,7 +9,7 @@ gem "omniauth-oauth2" gem "rails", "~> 8.1.0" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/Gemfile.lock b/Gemfile.lock index d0e848a1a..004855060 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,12 +1,3 @@ -GIT - remote: https://github.com/rails/rails-controller-testing.git - revision: c203673f8011a7cdc2a8edf995ae6b3eec3417ca - specs: - rails-controller-testing (1.0.5) - actionpack (>= 5.0.1.rc1) - actionview (>= 5.0.1.rc1) - activesupport (>= 5.0.1.rc1) - PATH remote: . specs: @@ -218,6 +209,10 @@ GEM activesupport (= 8.1.0) bundler (>= 1.15.0) railties (= 8.1.0) + rails-controller-testing (1.0.5) + actionpack (>= 5.0.1.rc1) + actionview (>= 5.0.1.rc1) + activesupport (>= 5.0.1.rc1) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -286,7 +281,7 @@ DEPENDENCIES omniauth-oauth2 omniauth-openid rails (~> 8.1.0) - rails-controller-testing! + rails-controller-testing rdoc responders (~> 3.1) rexml diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index c155e8cbc..bfab0fce8 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -7,7 +7,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/gemfiles/Gemfile-rails-7-1 b/gemfiles/Gemfile-rails-7-1 index b20df9043..f455a30a6 100644 --- a/gemfiles/Gemfile-rails-7-1 +++ b/gemfiles/Gemfile-rails-7-1 @@ -7,7 +7,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/gemfiles/Gemfile-rails-7-2 b/gemfiles/Gemfile-rails-7-2 index 28aef1fbb..85ff6ba86 100644 --- a/gemfiles/Gemfile-rails-7-2 +++ b/gemfiles/Gemfile-rails-7-2 @@ -8,7 +8,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/gemfiles/Gemfile-rails-8-0 b/gemfiles/Gemfile-rails-8-0 index e279a8ecf..d5d545365 100644 --- a/gemfiles/Gemfile-rails-8-0 +++ b/gemfiles/Gemfile-rails-8-0 @@ -7,7 +7,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 1bec1066f..f361fad41 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -7,7 +7,7 @@ gem "omniauth" gem "omniauth-oauth2" gem "rdoc" -gem "rails-controller-testing", github: "rails/rails-controller-testing" +gem "rails-controller-testing" gem "responders", "~> 3.1" From f150357c1ce01a8eec740c3a6759bca1aae4d7d4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 29 Oct 2025 10:31:23 -0300 Subject: [PATCH 247/299] Test with the released version of v7.0 Rails just released v7.0.10 which contains the fixes for Ruby 3.4 we needed to get the build green, so no need to point to GH anymore. https://rubyonrails.org/2025/10/29/new-rails-releases-and-end-of-support-announcement Note that v7.0 has reached EOL for a while now. --- gemfiles/Gemfile-rails-7-0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index bfab0fce8..cfd7bbe3b 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -2,7 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", "~> 7.0.0", github: "rails/rails", branch: "7-0-stable" +gem "rails", "~> 7.0.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From b76d18d27783ad2079e1e75773ef9d1e30005fdd Mon Sep 17 00:00:00 2001 From: Fuyutsubaki Date: Fri, 31 Oct 2025 21:44:11 +0900 Subject: [PATCH 248/299] Fixed inconsistency between description and example in 'Running tests' section (#5802) Expand test run examples to show running a specific line number or a matching regex. [ci skip] --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6521e241e..bb2dc6970 100644 --- a/README.md +++ b/README.md @@ -163,9 +163,10 @@ bin/test bin/test test/models/trackable_test.rb ``` -* Running a specific test given a regex: +* Running a specific test given a line number or a regex: ```bash bin/test test/models/trackable_test.rb:16 +bin/test test/models/trackable_test.rb -n '/update.*record/' ``` ## Starting with Rails? From dd7ee27f74f919eacc48337c966cdcb648d9e2f0 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 11:16:02 -0300 Subject: [PATCH 249/299] Bring back Mongoid official support (#5568) Devise hasn't been tested with Mongoid since Rails version 5, only 4.x was still running those tests. This enables the tests again on all currently supported Rails versions, with their respective mongoid supported versions. There were a couple of minor tweaks to make it happen, namely: * The way we were dropping the session before doesn't work in later versions so I changed back to calling `purge!` which appears to work fine. We used to call `Mongoid.purge!` but that changed in #4686. * Some of the configs in the Rails test app were setting Active Record values when outside of the AR ORM tests, updated those to make sure they are not set when running mongoid ORM tests. * The validations added to the shared admin code in tests were only checking for Rails version 5.1, but we need to use the same check for AR 5.1 that is used in code, otherwise it will try to use methods not available in mongoid there. --- .github/workflows/test.yml | 15 +++++------- CHANGELOG.md | 1 + Gemfile | 15 ++++-------- Gemfile.lock | 19 ++++++++++++++-- gemfiles/Gemfile-rails-7-0 | 4 ++++ gemfiles/Gemfile-rails-7-1 | 4 ++++ gemfiles/Gemfile-rails-7-2 | 6 ++++- gemfiles/Gemfile-rails-8-0 | 6 ++++- gemfiles/Gemfile-rails-main | 6 ++++- lib/devise/orm.rb | 34 ++++++++++++++++++++++++++-- test/orm/mongoid.rb | 2 +- test/rails_app/config/application.rb | 6 +++-- 12 files changed, 88 insertions(+), 30 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 961fc470d..c3f2e6663 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,14 +19,10 @@ jobs: - '3.1' - '3.0' - '2.7' - env: - - DEVISE_ORM=active_record - - DEVISE_ORM=mongoid + orm: + - active_record + - mongoid exclude: - - gemfile: Gemfile - env: DEVISE_ORM=mongoid - - gemfile: gemfiles/Gemfile-rails-main - env: DEVISE_ORM=mongoid - gemfile: Gemfile ruby: '3.1' - gemfile: Gemfile @@ -52,12 +48,13 @@ jobs: runs-on: ubuntu-latest env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps BUNDLE_GEMFILE: ${{ matrix.gemfile }} + DEVISE_ORM: ${{ matrix.orm }} steps: - uses: actions/checkout@v3 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - - uses: supercharge/mongodb-github-action@1.9.0 - if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }} + - uses: supercharge/mongodb-github-action@1.11.0 + if: ${{ matrix.orm == 'mongoid' }} - run: bundle exec rake diff --git a/CHANGELOG.md b/CHANGELOG.md index 95f92d3c9..5272e3199 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,7 @@ ``` so it's possible to override `password_length` at runtime. (@manojmj92) + * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) * bug fixes * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. diff --git a/Gemfile b/Gemfile index 88da13e28..0f18834e9 100644 --- a/Gemfile +++ b/Gemfile @@ -23,16 +23,9 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 2.1" + gem "sqlite3" end -# platforms :jruby do -# gem "activerecord-jdbc-adapter" -# gem "activerecord-jdbcsqlite3-adapter" -# gem "jruby-openssl" -# end - -# TODO: -# group :mongoid do -# gem "mongoid", "~> 4.0.0" -# end +group :mongoid do + gem "mongoid", "~> 9.0", github: "mongodb/mongoid", branch: "9.0-stable" +end diff --git a/Gemfile.lock b/Gemfile.lock index 004855060..1aec779ea 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,13 @@ +GIT + remote: https://github.com/mongodb/mongoid.git + revision: 1d3deaa9d028176988205f541ee588621030662a + branch: 9.0-stable + specs: + mongoid (9.0.8) + activemodel (>= 5.1, < 8.2, != 7.0.0) + concurrent-ruby (>= 1.0.5, < 2.0) + mongo (>= 2.18.0, < 3.0.0) + PATH remote: . specs: @@ -88,6 +98,7 @@ GEM base64 (0.3.0) bcrypt (3.1.20) bigdecimal (3.3.1) + bson (5.2.0) builder (3.3.0) concurrent-ruby (1.3.5) connection_pool (2.5.4) @@ -131,6 +142,9 @@ GEM minitest (5.26.0) mocha (2.7.1) ruby2_keywords (>= 0.0.5) + mongo (2.21.3) + base64 + bson (>= 4.14.1, < 6.0.0) multi_xml (0.7.2) bigdecimal (~> 3.1) net-http (0.6.0) @@ -276,6 +290,7 @@ PLATFORMS DEPENDENCIES devise! mocha (~> 2.1) + mongoid (~> 9.0)! omniauth omniauth-facebook omniauth-oauth2 @@ -285,9 +300,9 @@ DEPENDENCIES rdoc responders (~> 3.1) rexml - sqlite3 (~> 2.1) + sqlite3 timecop webrat BUNDLED WITH - 2.4.5 + 2.6.9 diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index cfd7bbe3b..625664d0a 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -23,3 +23,7 @@ end platforms :ruby do gem "sqlite3", "~> 1.4" end + +group :mongoid do + gem "mongoid", "~> 7.5" +end diff --git a/gemfiles/Gemfile-rails-7-1 b/gemfiles/Gemfile-rails-7-1 index f455a30a6..1eda668ae 100644 --- a/gemfiles/Gemfile-rails-7-1 +++ b/gemfiles/Gemfile-rails-7-1 @@ -23,3 +23,7 @@ end platforms :ruby do gem "sqlite3", "~> 1.4" end + +group :mongoid do + gem "mongoid", "~> 8.1" +end diff --git a/gemfiles/Gemfile-rails-7-2 b/gemfiles/Gemfile-rails-7-2 index 85ff6ba86..ed06ba5ef 100644 --- a/gemfiles/Gemfile-rails-7-2 +++ b/gemfiles/Gemfile-rails-7-2 @@ -22,5 +22,9 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 1.4" + gem "sqlite3" +end + +group :mongoid do + gem "mongoid", "~> 8.1" end diff --git a/gemfiles/Gemfile-rails-8-0 b/gemfiles/Gemfile-rails-8-0 index d5d545365..8753baddf 100644 --- a/gemfiles/Gemfile-rails-8-0 +++ b/gemfiles/Gemfile-rails-8-0 @@ -21,5 +21,9 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 2.1" + gem "sqlite3" +end + +group :mongoid do + gem "mongoid", "~> 8.1" end diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index f361fad41..69d384ac5 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -21,5 +21,9 @@ group :test do end platforms :ruby do - gem "sqlite3", "~> 2.0" + gem "sqlite3" +end + +group :mongoid do + gem "mongoid", github: "mongodb/mongoid", branch: "master" end diff --git a/lib/devise/orm.rb b/lib/devise/orm.rb index 3e9852cd3..4c3cd6f49 100644 --- a/lib/devise/orm.rb +++ b/lib/devise/orm.rb @@ -5,10 +5,14 @@ def self.active_record?(model) end def self.included(model) - model.include DirtyTrackingMethods + if Devise::Orm.active_record?(model) + model.include DirtyTrackingActiveRecordMethods + else + model.include DirtyTrackingMongoidMethods + end end - module DirtyTrackingMethods + module DirtyTrackingActiveRecordMethods def devise_email_before_last_save email_before_last_save end @@ -33,5 +37,31 @@ def devise_respond_to_and_will_save_change_to_attribute?(attribute) respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") end end + + module DirtyTrackingMongoidMethods + def devise_email_before_last_save + respond_to?(:email_previously_was) ? email_previously_was : email_was + end + + def devise_email_in_database + email_was + end + + def devise_saved_change_to_email? + respond_to?(:email_previously_changed?) ? email_previously_changed? : email_changed? + end + + def devise_saved_change_to_encrypted_password? + respond_to?(:encrypted_password_previously_changed?) ? encrypted_password_previously_changed? : encrypted_password_changed? + end + + def devise_will_save_change_to_email? + email_changed? + end + + def devise_respond_to_and_will_save_change_to_attribute?(attribute) + respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") + end + end end end diff --git a/test/orm/mongoid.rb b/test/orm/mongoid.rb index d31bc4d21..5b8807f1f 100644 --- a/test/orm/mongoid.rb +++ b/test/orm/mongoid.rb @@ -10,6 +10,6 @@ class ActiveSupport::TestCase setup do - Mongoid.default_session.drop + Mongoid::Config.purge! end end diff --git a/test/rails_app/config/application.rb b/test/rails_app/config/application.rb index 2371eb08c..fc3b171d0 100644 --- a/test/rails_app/config/application.rb +++ b/test/rails_app/config/application.rb @@ -40,8 +40,10 @@ class Application < Rails::Application Devise::SessionsController.layout "application" end - if Devise::Test.rails70? - config.active_record.legacy_connection_handling = false + if DEVISE_ORM == :active_record + if Devise::Test.rails70? + config.active_record.legacy_connection_handling = false + end end if Devise::Test.rails70_and_up? From fa052e5064f72381a193adc1df1bc7bee72a7801 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 11:26:18 -0300 Subject: [PATCH 250/299] Remove some mongoid version checks from test suite We no longer run against or support old Mongoid versions. --- test/helpers/devise_helper_test.rb | 4 ---- test/integration/registerable_test.rb | 8 -------- test/support/mongoid.yml | 2 +- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/test/helpers/devise_helper_test.rb b/test/helpers/devise_helper_test.rb index 754e82d81..b9fac7da3 100644 --- a/test/helpers/devise_helper_test.rb +++ b/test/helpers/devise_helper_test.rb @@ -34,10 +34,6 @@ class DeviseHelperTest < Devise::IntegrationTest end test 'test errors.messages.not_saved with multiple errors from i18n' do - # Dirty tracking behavior prevents email validations from being applied: - # https://github.com/mongoid/mongoid/issues/756 - (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1 - get new_user_registration_path fill_in 'email', with: 'invalid_email' diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index 038fcf7b9..ad0f3bec0 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -98,10 +98,6 @@ def user_sign_up end test 'a guest user cannot sign up with invalid information' do - # Dirty tracking behavior prevents email validations from being applied: - # https://github.com/mongoid/mongoid/issues/756 - (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1 - get new_user_registration_path fill_in 'email', with: 'invalid_email' @@ -120,10 +116,6 @@ def user_sign_up end test 'a guest should not sign up with email/password that already exists' do - # Dirty tracking behavior prevents email validations from being applied: - # https://github.com/mongoid/mongoid/issues/756 - (pending "Fails on Mongoid < 2.1"; break) if defined?(Mongoid) && Mongoid::VERSION.to_f < 2.1 - create_user get new_user_registration_path diff --git a/test/support/mongoid.yml b/test/support/mongoid.yml index cfd0124e2..d55de9250 100644 --- a/test/support/mongoid.yml +++ b/test/support/mongoid.yml @@ -1,5 +1,5 @@ test: - <%= Mongoid::VERSION.to_i > 4 ? 'clients' : 'sessions' %>: + clients: default: database: devise-test-suite hosts: From b0867c998c56be90e94a8b44e4ccae283b3e3763 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 13:52:34 -0300 Subject: [PATCH 251/299] Remove deprecated stuff (#5803) All of these have been deprecated for years, if we're releasing a new major version, let's take the opportunity to do some cleanup. * Remove deprecated `:bypass` option from `sign_in` helper, use `bypass_sign_in` instead. * Remove deprecated `devise_error_messages!` helper, use `render "devise/shared/error_messages", resource: resource` instead. * Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. * Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. Closes #5739 --- CHANGELOG.md | 7 ++++-- app/helpers/devise_helper.rb | 27 +----------------------- lib/devise.rb | 1 - lib/devise/controllers/sign_in_out.rb | 11 +--------- lib/devise/test/controller_helpers.rb | 12 +---------- lib/devise/test_helpers.rb | 15 ------------- test/controllers/custom_strategy_test.rb | 2 +- 7 files changed, 9 insertions(+), 66 deletions(-) delete mode 100644 lib/devise/test_helpers.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 5272e3199..17a587f68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ * breaking changes * Drop support to Ruby < 2.7 * Drop support to Rails < 7.0 + * Remove deprecated `:bypass` option from `sign_in` helper, use `bypass_sign_in` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) + * Remove deprecated `devise_error_messages!` helper, use `render "devise/shared/error_messages", resource: resource` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) + * Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) + * Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: @@ -12,8 +16,7 @@ ``` Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid. - https://github.com/heartcombo/devise/pull/5645 - + [#5645](https://github.com/heartcombo/devise/pull/5645) * enhancements * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) * Add Rails 8 support. diff --git a/app/helpers/devise_helper.rb b/app/helpers/devise_helper.rb index b9101e04b..0bfcb0630 100644 --- a/app/helpers/devise_helper.rb +++ b/app/helpers/devise_helper.rb @@ -1,30 +1,5 @@ # frozen_string_literal: true +# Keeping the helper around for backward compatibility. module DeviseHelper - # Retain this method for backwards compatibility, deprecated in favor of modifying the - # devise/shared/error_messages partial. - def devise_error_messages! - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be - removed in the next major version. - - Devise now uses a partial under "devise/shared/error_messages" to display - error messages by default, and make them easier to customize. Update your - views changing calls from: - - <%= devise_error_messages! %> - - to: - - <%= render "devise/shared/error_messages", resource: resource %> - - To start customizing how errors are displayed, you can copy the partial - from devise to your `app/views` folder. Alternatively, you can run - `rails g devise:views` which will copy all of them again to your app. - DEPRECATION - - return "" if resource.errors.empty? - - render "devise/shared/error_messages", resource: resource - end end diff --git a/lib/devise.rb b/lib/devise.rb index 4fec8a0e0..0336ed706 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -16,7 +16,6 @@ module Devise autoload :Orm, 'devise/orm' autoload :ParameterFilter, 'devise/parameter_filter' autoload :ParameterSanitizer, 'devise/parameter_sanitizer' - autoload :TestHelpers, 'devise/test_helpers' autoload :TimeInflector, 'devise/time_inflector' autoload :TokenGenerator, 'devise/token_generator' diff --git a/lib/devise/controllers/sign_in_out.rb b/lib/devise/controllers/sign_in_out.rb index fa29bbfca..7e053d112 100644 --- a/lib/devise/controllers/sign_in_out.rb +++ b/lib/devise/controllers/sign_in_out.rb @@ -37,16 +37,7 @@ def sign_in(resource_or_scope, *args) expire_data_after_sign_in! - if options[:bypass] - Devise.deprecator.warn(<<-DEPRECATION.strip_heredoc, caller) - [Devise] bypass option is deprecated and it will be removed in future version of Devise. - Please use bypass_sign_in method instead. - Example: - - bypass_sign_in(user) - DEPRECATION - warden.session_serializer.store(resource, scope) - elsif warden.user(scope) == resource && !options.delete(:force) + if warden.user(scope) == resource && !options.delete(:force) # Do nothing. User already signed in and we are not forcing it. true else diff --git a/lib/devise/test/controller_helpers.rb b/lib/devise/test/controller_helpers.rb index aba2bb448..d3522a346 100644 --- a/lib/devise/test/controller_helpers.rb +++ b/lib/devise/test/controller_helpers.rb @@ -64,17 +64,7 @@ def warden #:nodoc: # # sign_in users(:alice) # sign_in users(:alice), scope: :admin - def sign_in(resource, deprecated = nil, scope: nil) - if deprecated.present? - scope = resource - resource = deprecated - - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise. - Please use sign_in(resource, scope: :#{scope}) instead. - DEPRECATION - end - + def sign_in(resource, scope: nil) scope ||= Devise::Mapping.find_scope!(resource) warden.instance_variable_get(:@users).delete(scope) diff --git a/lib/devise/test_helpers.rb b/lib/devise/test_helpers.rb deleted file mode 100644 index cc9ef4242..000000000 --- a/lib/devise/test_helpers.rb +++ /dev/null @@ -1,15 +0,0 @@ -# frozen_string_literal: true - -module Devise - module TestHelpers - def self.included(base) - base.class_eval do - Devise.deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise. - For controller tests, please include `Devise::Test::ControllerHelpers` instead. - DEPRECATION - include Devise::Test::ControllerHelpers - end - end - end -end diff --git a/test/controllers/custom_strategy_test.rb b/test/controllers/custom_strategy_test.rb index d352a15bf..1c9681264 100644 --- a/test/controllers/custom_strategy_test.rb +++ b/test/controllers/custom_strategy_test.rb @@ -3,7 +3,7 @@ require 'test_helper' require 'ostruct' require 'warden/strategies/base' -require 'devise/test_helpers' +require 'devise/test/controller_helpers' class CustomStrategyController < ActionController::Base def new From 97cf37eb56cbeb8d2fe37c9707e936fa1e3adca1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 15:03:46 -0300 Subject: [PATCH 252/299] Expand changelog [ci skip] --- CHANGELOG.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 17a587f68..eb99ca576 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * Remove deprecated `devise_error_messages!` helper, use `render "devise/shared/error_messages", resource: resource` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) + * Remove deprecated `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` [#5598](https://github.com/heartcombo/devise/pull/5598) * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: @@ -17,11 +18,14 @@ Now, it always uses `application.secret_key_base`. Make sure you're using the same secret key after the upgrade; otherwise, previously generated tokens for `recoverable`, `lockable`, and `confirmable` will be invalid. [#5645](https://github.com/heartcombo/devise/pull/5645) + * Change password instructions button label on devise view from `Send me reset password instructions` to `Send me password reset instructions` [#5515](https://github.com/heartcombo/devise/pull/5515) + * Change `
` tags separating form elements to wrapping them in `

` tags [#5494](https://github.com/heartcombo/devise/pull/5494) + * enhancements - * Removed deprecations warning output for `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` (@soartec-lab) * Add Rails 8 support. - - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. + - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. [#5728](https://github.com/heartcombo/devise/pull/5728) * Add Ruby 3.4 support. + * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) * Password length validator is changed from ``` @@ -34,10 +38,15 @@ validates_length_of :password, minimum: proc { password_length.min }, maximum: proc { password_length.max }, allow_blank: true ``` - so it's possible to override `password_length` at runtime. (@manojmj92) - * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) + so it's possible to override `password_length` at runtime. [#5734](https://github.com/heartcombo/devise/pull/5734) + * bug fixes - * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. + * Make `Devise` work without `ActionMailer` when `Zeitwerk` autoloader is used. [#5731](https://github.com/heartcombo/devise/pull/5731) + * Handle defaults `:from` and `:reply_to` as procs correctly by delegating to Rails [#5595](https://github.com/heartcombo/devise/pull/5595) + * Use `OmniAuth.config.allowed_request_methods` as routing verbs for the auth path [#5508](https://github.com/heartcombo/devise/pull/5508) + * Handle `on` and `ON` as true values to check params [#5514](https://github.com/heartcombo/devise/pull/5514) + * Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732) + Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) for previous changes. From ef2d4831ef4641571aabde28ccf54f73329dfbc5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 31 Oct 2025 15:14:34 -0300 Subject: [PATCH 253/299] Add missing frozen string literal comment to file [ci skip] --- lib/devise/orm.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/devise/orm.rb b/lib/devise/orm.rb index 4c3cd6f49..3f3ac86db 100644 --- a/lib/devise/orm.rb +++ b/lib/devise/orm.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Devise module Orm # :nodoc: def self.active_record?(model) From c6b08ae7e12d068e7fde62dda951316147300daf Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 3 Nov 2025 18:52:57 -0300 Subject: [PATCH 254/299] Bump actions/checkout and mongodb-github-action Bump actions/checkout from 3 to 5 (#5805) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Bump supercharge/mongodb-github-action from 1.11.0 to 1.12.0 (#5804) Bumps [supercharge/mongodb-github-action](https://github.com/supercharge/mongodb-github-action) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/supercharge/mongodb-github-action/releases) - [Changelog](https://github.com/supercharge/mongodb-github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/supercharge/mongodb-github-action/compare/1.11.0...1.12.0) --- updated-dependencies: - dependency-name: supercharge/mongodb-github-action dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c3f2e6663..c3129cb77 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -50,11 +50,11 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} DEVISE_ORM: ${{ matrix.orm }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - - uses: supercharge/mongodb-github-action@1.11.0 + - uses: supercharge/mongodb-github-action@1.12.0 if: ${{ matrix.orm == 'mongoid' }} - run: bundle exec rake From 47e87164935ef4994dd66749a1a4aaae2e2a65ef Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 14 Nov 2025 10:37:31 -0300 Subject: [PATCH 255/299] Remove post-install message Hopefully by now everyone should've upgraded and figured this out. [ci skip] --- devise.gemspec | 7 ------- 1 file changed, 7 deletions(-) diff --git a/devise.gemspec b/devise.gemspec index c8f24cc20..a6bf83e7e 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -32,11 +32,4 @@ Gem::Specification.new do |s| s.add_dependency("bcrypt", "~> 3.0") s.add_dependency("railties", ">= 6.0.0") s.add_dependency("responders") - - s.post_install_message = %q{ -[DEVISE] Please review the [changelog] and [upgrade guide] for more info on Hotwire / Turbo integration. - - [changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md - [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D - } end From 95618806c4c27de38296dd84bfa73bfe2b27bffe Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 14 Nov 2025 11:24:30 -0300 Subject: [PATCH 256/299] Remove no longer relevant test for mass assignment sanitization This is no longer in Rails since v5, it's been extracted to `protected_attributes`, and we're dropping support to older versions of Rails in main. https://github.com/rails/protected_attributes --- test/controllers/sessions_controller_test.rb | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index e88cf7e90..21b3c09f7 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -87,22 +87,4 @@ class SessionsControllerTest < Devise::ControllerTestCase assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}" assert_equal 204, @response.status end - - if defined?(ActiveRecord) && ActiveRecord::Base.respond_to?(:mass_assignment_sanitizer) - test "#new doesn't raise mass-assignment exception even if sign-in key is attr_protected" do - request.env["devise.mapping"] = Devise.mappings[:user] - - ActiveRecord::Base.mass_assignment_sanitizer = :strict - User.class_eval { attr_protected :email } - - begin - assert_nothing_raised do - get :new, user: { email: "allez viens!" } - end - ensure - ActiveRecord::Base.mass_assignment_sanitizer = :logger - User.class_eval { attr_accessible :email } - end - end - end end From c8a64b549c8b37e494eaca7be2def136a7e1b236 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 15:39:11 -0300 Subject: [PATCH 257/299] Bump actions/checkout from 5 to 6 (#5809) * Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... * Bump supercharge/mongodb-github-action from 1.12.0 to 1.12.1 (#5808) Bumps [supercharge/mongodb-github-action](https://github.com/supercharge/mongodb-github-action) from 1.12.0 to 1.12.1. - [Release notes](https://github.com/supercharge/mongodb-github-action/releases) - [Changelog](https://github.com/supercharge/mongodb-github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/supercharge/mongodb-github-action/compare/1.12.0...1.12.1) --- updated-dependencies: - dependency-name: supercharge/mongodb-github-action dependency-version: 1.12.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c3129cb77..faae9299e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -50,11 +50,11 @@ jobs: BUNDLE_GEMFILE: ${{ matrix.gemfile }} DEVISE_ORM: ${{ matrix.orm }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true # runs bundle install and caches installed gems automatically - - uses: supercharge/mongodb-github-action@1.12.0 + - uses: supercharge/mongodb-github-action@1.12.1 if: ${{ matrix.orm == 'mongoid' }} - run: bundle exec rake From 6f8f38d79567a099ea9114356d5b4d8bbb0fb61a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 29 Dec 2025 17:36:51 -0300 Subject: [PATCH 258/299] Update dependencies and test with Ruby 4.0 https://www.ruby-lang.org/en/news/2025/12/25/ruby-4-0-0-released/ We need to add `ostruct` as a dev dependency because it doesn't come as a default gem with Ruby 4.0 anymore. Lock minitest < 6 since v6 has some incompatibilities with released versions of Rails that will be fixed in future versions. This is something I didn't run into a few other gems, but SimpleForm did, presumabily because it touches additional areas like AV tests. --- .github/workflows/test.yml | 1 + CHANGELOG.md | 2 +- Gemfile | 2 + Gemfile.lock | 190 ++++++++++++++++++------------------ gemfiles/Gemfile-rails-7-0 | 2 + gemfiles/Gemfile-rails-7-1 | 2 + gemfiles/Gemfile-rails-7-2 | 2 + gemfiles/Gemfile-rails-8-0 | 2 + gemfiles/Gemfile-rails-main | 2 + 9 files changed, 111 insertions(+), 94 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index faae9299e..fc4bedea3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,6 +13,7 @@ jobs: - gemfiles/Gemfile-rails-7-2 - gemfiles/Gemfile-rails-8-0 ruby: + - '4.0' - '3.4' - '3.3' - '3.2' diff --git a/CHANGELOG.md b/CHANGELOG.md index eb99ca576..f477421b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,7 @@ * enhancements * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. [#5728](https://github.com/heartcombo/devise/pull/5728) - * Add Ruby 3.4 support. + * Add Ruby 3.4 and 4.0 support. * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) * Password length validator is changed from diff --git a/Gemfile b/Gemfile index 0f18834e9..3fc8499f9 100644 --- a/Gemfile +++ b/Gemfile @@ -14,12 +14,14 @@ gem "rails-controller-testing" gem "responders", "~> 3.1" group :test do + gem "minitest", "< 6" gem "mocha", "~> 2.1", require: false gem "omniauth-facebook" gem "omniauth-openid" gem "rexml" gem "timecop" gem "webrat" + gem "ostruct" end platforms :ruby do diff --git a/Gemfile.lock b/Gemfile.lock index 1aec779ea..2d6b0ccda 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/mongodb/mongoid.git - revision: 1d3deaa9d028176988205f541ee588621030662a + revision: 4dcdaddea5d88a819c7c0d98ea0e994e13f515fe branch: 9.0-stable specs: - mongoid (9.0.8) + mongoid (9.0.9) activemodel (>= 5.1, < 8.2, != 7.0.0) concurrent-ruby (>= 1.0.5, < 2.0) mongo (>= 2.18.0, < 3.0.0) @@ -23,29 +23,29 @@ GEM specs: action_text-trix (2.1.15) railties - actioncable (8.1.0) - actionpack (= 8.1.0) - activesupport (= 8.1.0) + actioncable (8.1.1) + actionpack (= 8.1.1) + activesupport (= 8.1.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.1.0) - actionpack (= 8.1.0) - activejob (= 8.1.0) - activerecord (= 8.1.0) - activestorage (= 8.1.0) - activesupport (= 8.1.0) + actionmailbox (8.1.1) + actionpack (= 8.1.1) + activejob (= 8.1.1) + activerecord (= 8.1.1) + activestorage (= 8.1.1) + activesupport (= 8.1.1) mail (>= 2.8.0) - actionmailer (8.1.0) - actionpack (= 8.1.0) - actionview (= 8.1.0) - activejob (= 8.1.0) - activesupport (= 8.1.0) + actionmailer (8.1.1) + actionpack (= 8.1.1) + actionview (= 8.1.1) + activejob (= 8.1.1) + activesupport (= 8.1.1) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.1.0) - actionview (= 8.1.0) - activesupport (= 8.1.0) + actionpack (8.1.1) + actionview (= 8.1.1) + activesupport (= 8.1.1) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -53,36 +53,36 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.1.0) + actiontext (8.1.1) action_text-trix (~> 2.1.15) - actionpack (= 8.1.0) - activerecord (= 8.1.0) - activestorage (= 8.1.0) - activesupport (= 8.1.0) + actionpack (= 8.1.1) + activerecord (= 8.1.1) + activestorage (= 8.1.1) + activesupport (= 8.1.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.1.0) - activesupport (= 8.1.0) + actionview (8.1.1) + activesupport (= 8.1.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.1.0) - activesupport (= 8.1.0) + activejob (8.1.1) + activesupport (= 8.1.1) globalid (>= 0.3.6) - activemodel (8.1.0) - activesupport (= 8.1.0) - activerecord (8.1.0) - activemodel (= 8.1.0) - activesupport (= 8.1.0) + activemodel (8.1.1) + activesupport (= 8.1.1) + activerecord (8.1.1) + activemodel (= 8.1.1) + activesupport (= 8.1.1) timeout (>= 0.4.0) - activestorage (8.1.0) - actionpack (= 8.1.0) - activejob (= 8.1.0) - activerecord (= 8.1.0) - activesupport (= 8.1.0) + activestorage (8.1.1) + actionpack (= 8.1.1) + activejob (= 8.1.1) + activerecord (= 8.1.1) + activesupport (= 8.1.1) marcel (~> 1.0) - activesupport (8.1.0) + activesupport (8.1.1) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) @@ -97,37 +97,38 @@ GEM uri (>= 0.13.1) base64 (0.3.0) bcrypt (3.1.20) - bigdecimal (3.3.1) + bigdecimal (4.0.1) bson (5.2.0) builder (3.3.0) - concurrent-ruby (1.3.5) - connection_pool (2.5.4) + concurrent-ruby (1.3.6) + connection_pool (3.0.2) crass (1.0.6) - date (3.4.1) + date (3.5.1) drb (2.2.3) - erb (5.1.1) + erb (6.0.1) erubi (1.13.1) faraday (2.14.0) faraday-net_http (>= 2.0, < 3.5) json logger - faraday-net_http (3.4.1) - net-http (>= 0.5.0) + faraday-net_http (3.4.2) + net-http (~> 0.5) globalid (1.3.0) activesupport (>= 6.1) - hashie (5.0.0) - i18n (1.14.7) + hashie (5.1.0) + logger + i18n (1.14.8) concurrent-ruby (~> 1.0) - io-console (0.8.1) - irb (1.15.2) + io-console (0.8.2) + irb (1.16.0) pp (>= 0.6.0) rdoc (>= 4.0.0) reline (>= 0.4.2) - json (2.15.1) + json (2.18.0) jwt (3.1.2) base64 logger (1.7.0) - loofah (2.24.1) + loofah (2.25.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.9.0) @@ -139,17 +140,17 @@ GEM marcel (1.1.0) mini_mime (1.1.5) mini_portile2 (2.8.9) - minitest (5.26.0) - mocha (2.7.1) + minitest (5.27.0) + mocha (2.8.2) ruby2_keywords (>= 0.0.5) - mongo (2.21.3) + mongo (2.22.0) base64 bson (>= 4.14.1, < 6.0.0) - multi_xml (0.7.2) - bigdecimal (~> 3.1) - net-http (0.6.0) - uri - net-imap (0.5.12) + multi_xml (0.8.0) + bigdecimal (>= 3.1, < 5) + net-http (0.9.1) + uri (>= 0.11.1) + net-imap (0.6.2) date net-protocol net-pop (0.1.2) @@ -158,11 +159,11 @@ GEM timeout net-smtp (0.5.1) net-protocol - nio4r (2.7.4) - nokogiri (1.18.10) + nio4r (2.7.5) + nokogiri (1.19.0) mini_portile2 (~> 2.8.2) racc (~> 1.4) - oauth2 (2.0.17) + oauth2 (2.0.18) faraday (>= 0.17.3, < 4.0) jwt (>= 1.0, < 4.0) logger (~> 1.2) @@ -178,8 +179,8 @@ GEM omniauth-facebook (10.0.0) bigdecimal omniauth-oauth2 (>= 1.2, < 3) - omniauth-oauth2 (1.8.0) - oauth2 (>= 1.4, < 3) + omniauth-oauth2 (1.9.0) + oauth2 (>= 2.0.2, < 3) omniauth (~> 2.0) omniauth-openid (2.0.2) omniauth (>= 1.1) @@ -187,14 +188,15 @@ GEM ruby-openid (~> 2.1, >= 2.1.8) version_gem (~> 1.1, >= 1.1.8) orm_adapter (0.5.0) + ostruct (0.6.3) pp (0.6.3) prettyprint prettyprint (0.2.0) - psych (5.2.6) + psych (5.3.1) date stringio racc (1.8.1) - rack (3.2.3) + rack (3.2.4) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -207,22 +209,22 @@ GEM rack (>= 3.0.0) rack-test (2.2.0) rack (>= 1.3) - rackup (2.2.1) + rackup (2.3.1) rack (>= 3) - rails (8.1.0) - actioncable (= 8.1.0) - actionmailbox (= 8.1.0) - actionmailer (= 8.1.0) - actionpack (= 8.1.0) - actiontext (= 8.1.0) - actionview (= 8.1.0) - activejob (= 8.1.0) - activemodel (= 8.1.0) - activerecord (= 8.1.0) - activestorage (= 8.1.0) - activesupport (= 8.1.0) + rails (8.1.1) + actioncable (= 8.1.1) + actionmailbox (= 8.1.1) + actionmailer (= 8.1.1) + actionpack (= 8.1.1) + actiontext (= 8.1.1) + actionview (= 8.1.1) + activejob (= 8.1.1) + activemodel (= 8.1.1) + activerecord (= 8.1.1) + activestorage (= 8.1.1) + activesupport (= 8.1.1) bundler (>= 1.15.0) - railties (= 8.1.0) + railties (= 8.1.1) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -234,21 +236,21 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.1.0) - actionpack (= 8.1.0) - activesupport (= 8.1.0) + railties (8.1.1) + actionpack (= 8.1.1) + activesupport (= 8.1.1) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) tsort (>= 0.2) zeitwerk (~> 2.6) - rake (13.3.0) - rdoc (6.15.0) + rake (13.3.1) + rdoc (7.0.3) erb psych (>= 4.0.0) tsort - reline (0.6.2) + reline (0.6.3) io-console (~> 0.5) responders (3.2.0) actionpack (>= 7.0) @@ -260,16 +262,16 @@ GEM snaky_hash (2.0.3) hashie (>= 0.1.0, < 6) version_gem (>= 1.1.8, < 3) - sqlite3 (2.7.4) + sqlite3 (2.9.0) mini_portile2 (~> 2.8.0) - stringio (3.1.7) + stringio (3.2.0) thor (1.4.0) timecop (0.9.10) - timeout (0.4.3) + timeout (0.6.0) tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - uri (1.0.4) + uri (1.1.1) useragent (0.16.11) version_gem (1.1.9) warden (1.2.9) @@ -282,19 +284,21 @@ GEM base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.7.3) + zeitwerk (2.7.4) PLATFORMS ruby DEPENDENCIES devise! + minitest (< 6) mocha (~> 2.1) mongoid (~> 9.0)! omniauth omniauth-facebook omniauth-oauth2 omniauth-openid + ostruct rails (~> 8.1.0) rails-controller-testing rdoc @@ -305,4 +309,4 @@ DEPENDENCIES webrat BUNDLED WITH - 2.6.9 + 4.0.3 diff --git a/gemfiles/Gemfile-rails-7-0 b/gemfiles/Gemfile-rails-7-0 index 625664d0a..a397d04fc 100644 --- a/gemfiles/Gemfile-rails-7-0 +++ b/gemfiles/Gemfile-rails-7-0 @@ -18,6 +18,8 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-7-1 b/gemfiles/Gemfile-rails-7-1 index 1eda668ae..41caefa80 100644 --- a/gemfiles/Gemfile-rails-7-1 +++ b/gemfiles/Gemfile-rails-7-1 @@ -18,6 +18,8 @@ group :test do gem "timecop" gem "webrat" gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-7-2 b/gemfiles/Gemfile-rails-7-2 index ed06ba5ef..2fa2804d5 100644 --- a/gemfiles/Gemfile-rails-7-2 +++ b/gemfiles/Gemfile-rails-7-2 @@ -19,6 +19,8 @@ group :test do gem "timecop" gem "webrat", require: false gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-8-0 b/gemfiles/Gemfile-rails-8-0 index 8753baddf..23954ff58 100644 --- a/gemfiles/Gemfile-rails-8-0 +++ b/gemfiles/Gemfile-rails-8-0 @@ -18,6 +18,8 @@ group :test do gem "timecop" gem 'webrat' gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do diff --git a/gemfiles/Gemfile-rails-main b/gemfiles/Gemfile-rails-main index 69d384ac5..57ed95a1b 100644 --- a/gemfiles/Gemfile-rails-main +++ b/gemfiles/Gemfile-rails-main @@ -18,6 +18,8 @@ group :test do gem "timecop" gem "webrat", "0.7.3", require: false gem "mocha", "~> 2.1", require: false + gem "minitest", "< 6" + gem "ostruct" end platforms :ruby do From cd9c21a067d58b10601e4e5f42337ec42c38d5fb Mon Sep 17 00:00:00 2001 From: nkroker Date: Wed, 17 Dec 2025 09:45:06 +0530 Subject: [PATCH 259/299] Fix message in controllers generator Closes #5814 Signed-off-by: Carlos Antonio da Silva --- lib/generators/devise/controllers_generator.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/devise/controllers_generator.rb b/lib/generators/devise/controllers_generator.rb index caa04f1a5..d96d3d33e 100644 --- a/lib/generators/devise/controllers_generator.rb +++ b/lib/generators/devise/controllers_generator.rb @@ -11,7 +11,7 @@ class ControllersGenerator < Rails::Generators::Base Create inherited Devise controllers in your app/controllers folder. Use -c to specify which controller you want to overwrite. - If you do no specify a controller, all controllers will be created. + If you do not specify a controller, all controllers will be created. For example: rails generate devise:controllers users -c=sessions From 051f94a49831d04cf7c9f034f82fe90d46a19f6d Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 09:12:25 -0300 Subject: [PATCH 260/299] Pass locale with activatable / timeoutable hooks (#5815) We need to explicitly pass the `locale` around from the options (passed to `warden.authenticate!` for instance) or the `I18n.locale` when logging out and redirecting the user via `throw :warden`, otherwise in a multi-locale app we'd lose the locale previously set / passed around and fallback to the default for that flash message. This is a follow-up of the fixes in #5567 where we implemented the locale passing logic down to the failure app, but it missed these places where we were using `throw :warden`. Closes #5812 --- lib/devise/hooks/activatable.rb | 2 +- lib/devise/hooks/timeoutable.rb | 2 +- test/integration/confirmable_test.rb | 9 +++++++++ test/integration/timeoutable_test.rb | 11 +++++++++++ test/rails_app/app/controllers/admins_controller.rb | 7 ------- .../app/controllers/application_controller.rb | 11 +++++++++++ test/support/locale/pt-BR.yml | 2 ++ 7 files changed, 35 insertions(+), 9 deletions(-) diff --git a/lib/devise/hooks/activatable.rb b/lib/devise/hooks/activatable.rb index b2eaea199..9feb96307 100644 --- a/lib/devise/hooks/activatable.rb +++ b/lib/devise/hooks/activatable.rb @@ -7,6 +7,6 @@ if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication? scope = options[:scope] warden.logout(scope) - throw :warden, scope: scope, message: record.inactive_message + throw :warden, scope: scope, message: record.inactive_message, locale: options.fetch(:locale, I18n.locale) end end diff --git a/lib/devise/hooks/timeoutable.rb b/lib/devise/hooks/timeoutable.rb index 772eb142b..f1e7f6d57 100644 --- a/lib/devise/hooks/timeoutable.rb +++ b/lib/devise/hooks/timeoutable.rb @@ -25,7 +25,7 @@ record.timedout?(last_request_at) && !proxy.remember_me_is_active?(record) Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope) - throw :warden, scope: scope, message: :timeout + throw :warden, scope: scope, message: :timeout, locale: options.fetch(:locale, I18n.locale) end unless env['devise.skip_trackable'] diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index c951eb0bb..c29d7aba0 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -136,6 +136,15 @@ def resend_confirmation end end + test 'not confirmed user redirect respects i18n locale set' do + swap Devise, allow_unconfirmed_access_for: 0.days do + sign_in_as_user(confirm: false, visit: new_user_session_path(locale: "pt-BR")) + + assert_contain 'Você precisa confirmar seu email para continuar' + assert_not warden.authenticated?(:user) + end + end + test 'not confirmed user should not see confirmation message if invalid credentials are given' do swap Devise, allow_unconfirmed_access_for: 0.days do sign_in_as_user(confirm: false) do diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index d11d59105..d7e31ba69 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -167,6 +167,17 @@ def last_request_at end end + test 'error message redirect respects i18n locale set' do + user = sign_in_as_user + + get expire_user_path(user) + get root_path(locale: "pt-BR") + follow_redirect! + + assert_contain 'Sua sessão expirou. Por favor faça o login novamente para continuar.' + assert_not warden.authenticated?(:user) + end + test 'time out not triggered if remembered' do user = sign_in_as_user remember_me: true get expire_user_path(user) diff --git a/test/rails_app/app/controllers/admins_controller.rb b/test/rails_app/app/controllers/admins_controller.rb index 957aa6f0b..c732f5890 100644 --- a/test/rails_app/app/controllers/admins_controller.rb +++ b/test/rails_app/app/controllers/admins_controller.rb @@ -1,15 +1,8 @@ # frozen_string_literal: true class AdminsController < ApplicationController - around_action :set_locale before_action :authenticate_admin! def index end - - private - - def set_locale - I18n.with_locale(params[:locale] || I18n.default_locale) { yield } - end end diff --git a/test/rails_app/app/controllers/application_controller.rb b/test/rails_app/app/controllers/application_controller.rb index e60ba0c22..616845d76 100644 --- a/test/rails_app/app/controllers/application_controller.rb +++ b/test/rails_app/app/controllers/application_controller.rb @@ -5,9 +5,20 @@ class ApplicationController < ActionController::Base protect_from_forgery + around_action :set_locale before_action :current_user, unless: :devise_controller? before_action :authenticate_user!, if: :devise_controller? respond_to(*Mime::SET.map(&:to_sym)) devise_group :commenter, contains: [:user, :admin] + + private + + def set_locale + I18n.with_locale(params[:locale] || I18n.default_locale) { yield } + end + + def default_url_options + {locale: params[:locale]}.compact + end end diff --git a/test/support/locale/pt-BR.yml b/test/support/locale/pt-BR.yml index 5c57e1909..687cc87ae 100644 --- a/test/support/locale/pt-BR.yml +++ b/test/support/locale/pt-BR.yml @@ -3,3 +3,5 @@ pt-BR: failure: invalid: "%{authentication_keys} ou senha inválidos." unauthenticated: "Para continuar, faça login ou registre-se." + timeout: "Sua sessão expirou. Por favor faça o login novamente para continuar." + unconfirmed: "Você precisa confirmar seu email para continuar." From d13ef89afb8b969046fc3e960e9b834ef2b4256e Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 09:23:36 -0300 Subject: [PATCH 261/299] Replace `[data-turbo-cache=false]` with `[data-turbo-temporary]` The default `_error_messages.html.erb` partial uses a deprecated Turbo attribute `data-turbo-cache=false`, which was deprecated on Feb 15 2023 in [this pull request](https://github.com/hotwired/turbo/pull/871). Use more up-to-date attribute name called [data-turbo-temporary](https://github.com/hotwired/turbo/pull/871) to avoid deprecation issues and reduce developer confusion as `data-turbo-temporary` is the only attributed mentioned in [Turbo Drive's documentation](https://turbo.hotwired.dev/handbook/building#preparing-the-page-to-be-cached) Closes #5664 Closes #5662 Signed-off-by: Carlos Antonio da Silva --- CHANGELOG.md | 3 +++ app/views/devise/shared/_error_messages.html.erb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f477421b3..12abf2355 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,9 @@ [#5645](https://github.com/heartcombo/devise/pull/5645) * Change password instructions button label on devise view from `Send me reset password instructions` to `Send me password reset instructions` [#5515](https://github.com/heartcombo/devise/pull/5515) * Change `
` tags separating form elements to wrapping them in `

` tags [#5494](https://github.com/heartcombo/devise/pull/5494) + * Replace `[data-turbo-cache=false]` with `[data-turbo-temporary]` on `devise/shared/error_messages` partial. This has been [deprecated by Turbo since v7.3.0 (released on Mar 1, 2023)](https://github.com/hotwired/turbo/releases/tag/v7.3.0). + + If you are using an older version of Turbo and the default devise template, you'll need to copy it over to your app and change that back to `[data-turbo-cache=false]`. * enhancements * Add Rails 8 support. diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb index cabfe307e..8c9c17114 100644 --- a/app/views/devise/shared/_error_messages.html.erb +++ b/app/views/devise/shared/_error_messages.html.erb @@ -1,5 +1,5 @@ <% if resource.errors.any? %> -

+

<%= I18n.t("errors.messages.not_saved", count: resource.errors.count, From 8054ad55c3d1b0602d3654cf0dfd065491f271b7 Mon Sep 17 00:00:00 2001 From: Taketo Takashima Date: Wed, 31 Dec 2025 22:45:09 +0900 Subject: [PATCH 262/299] Use `:unprocessable_content` in generated Devise config for Rack 3.1+, avoid Rack warnings (#5797) In Rack v3.1.0, the symbol for HTTP status code 422 was changed from `:unprocessable_entity` to `:unprocessable_content`. As a result, when using rack 3.2 with the following configuration in `config/initializers/devise.rb`, a warning is shown on login failure: ```ruby # config/initializers/devise.rb Devise.setup do |config| ... config.responder.error_status = :unprocessable_entity ``` Warning message: ```sh /path-to-app/vendor/bundle/ruby/3.4.0/gems/devise-4.9.4/lib/devise/failure_app.rb:80: warning: Status code :unprocessable_entity is deprecated and will be removed in a future version of Rack. Please use :unprocessable_content instead. ``` This warning can be resolved by updating the config as follows: ```diff # config/initializers/devise.rb Devise.setup do |config| ... + config.responder.error_status = :unprocessable_content - config.responder.error_status = :unprocessable_entity ``` This fixes the root cause of the warning for new apps by adjusting the generated config during `$ rails generate devise:install` depending on the rack version, so new apps using newer Rack versions generate `error_status = :unprocessable_content` instead of `:unprocessable_entity`. Existing apps are handled by [latest versions of Rails, which will now transparently convert the code under the hood to avoid the Rack warning](https://github.com/rails/rails/pull/53383), and Devise will use that translation layer when available in the failure app to prevent the warning there as well (since that isn't covered by Rails automatic conversion). Signed-off-by: Carlos Antonio da Silva --- CHANGELOG.md | 3 +++ README.md | 3 ++- app/controllers/devise/confirmations_controller.rb | 2 +- app/controllers/devise/unlocks_controller.rb | 2 +- lib/devise/failure_app.rb | 6 +++--- lib/generators/templates/devise.rb | 2 +- test/generators/devise_generator_test.rb | 1 - test/generators/install_generator_test.rb | 8 ++++++++ 8 files changed, 19 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12abf2355..47bbcf177 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,9 @@ * enhancements * Add Rails 8 support. - Routes are lazy-loaded by default in test and development environments now so Devise loads them before `Devise.mappings` call. [#5728](https://github.com/heartcombo/devise/pull/5728) + * New apps using Rack 3.1+ will be generated using `config.responder.error_status = :unprocessable_content`, since [`:unprocessable_entity` has been deprecated by Rack](https://github.com/rack/rack/pull/2137). + + Latest versions of [Rails transparently convert `:unprocessable_entity` -> `:unprocessable_content`](https://github.com/rails/rails/pull/53383), and Devise will use that in the failure app to avoid Rack deprecation warnings for apps that are configured with `:unprocessable_entity`. They can also simply change their `error_status` to `:unprocessable_content` in latest Rack versions to avoid the warning. * Add Ruby 3.4 and 4.0 support. * Reenable Mongoid test suite across all Rails 7+ versions, to ensure we continue supporting it. Changes to dirty tracking to support Mongoid 8.0+. [#5568](https://github.com/heartcombo/devise/pull/5568) * Password length validator is changed from diff --git a/README.md b/README.md index bb2dc6970..e2025965b 100644 --- a/README.md +++ b/README.md @@ -493,7 +493,8 @@ Devise.setup do |config| # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. - config.responder.error_status = :unprocessable_entity + config.responder.error_status = :unprocessable_content # for Rack 3.1 or higher + # config.responder.error_status = :unprocessable_entity # for Rack 3.0 or lower config.responder.redirect_status = :see_other end ``` diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 5e22079ec..39ff669be 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -27,7 +27,7 @@ def show set_flash_message!(:notice, :confirmed) respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } else - # TODO: use `error_status` when the default changes to `:unprocessable_entity`. + # TODO: use `error_status` when the default changes to `:unprocessable_entity` / `:unprocessable_content`. respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index b1487760b..8cff126c9 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -29,7 +29,7 @@ def show set_flash_message! :notice, :unlocked respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } else - # TODO: use `error_status` when the default changes to `:unprocessable_entity`. + # TODO: use `error_status` when the default changes to `:unprocessable_entity` / `:unprocessable_content`. respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } end end diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index e1e24be42..d0b50f7de 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -77,9 +77,9 @@ def recall flash.now[:alert] = i18n_message(:invalid) if is_flashing_format? self.response = recall_app(warden_options[:recall]).call(request.env).tap { |response| - response[0] = Rack::Utils.status_code( - response[0].in?(300..399) ? Devise.responder.redirect_status : Devise.responder.error_status - ) + status = response[0].in?(300..399) ? Devise.responder.redirect_status : Devise.responder.error_status + # Avoid warnings translating status to code using Rails if available (e.g. `unprocessable_entity` => `unprocessable_content`) + response[0] = ActionDispatch::Response.try(:rack_status_code, status) || Rack::Utils.status_code(status) } end diff --git a/lib/generators/templates/devise.rb b/lib/generators/templates/devise.rb index 9fe0ade81..b36f281f2 100644 --- a/lib/generators/templates/devise.rb +++ b/lib/generators/templates/devise.rb @@ -305,7 +305,7 @@ # apps is `200 OK` and `302 Found` respectively, but new apps are generated with # these new defaults that match Hotwire/Turbo behavior. # Note: These might become the new default in future versions of Devise. - config.responder.error_status = :unprocessable_entity + config.responder.error_status = <%= Rack::Utils::SYMBOL_TO_STATUS_CODE.key(422).inspect %> config.responder.redirect_status = :see_other # ==> Configuration for :registerable diff --git a/test/generators/devise_generator_test.rb b/test/generators/devise_generator_test.rb index 00118c22d..22112c69c 100644 --- a/test/generators/devise_generator_test.rb +++ b/test/generators/devise_generator_test.rb @@ -37,5 +37,4 @@ def copy_routes FileUtils.mkdir_p(destination) FileUtils.cp routes, destination end - end diff --git a/test/generators/install_generator_test.rb b/test/generators/install_generator_test.rb index 45aeddd07..3bb1b00f5 100644 --- a/test/generators/install_generator_test.rb +++ b/test/generators/install_generator_test.rb @@ -23,4 +23,12 @@ class InstallGeneratorTest < Rails::Generators::TestCase assert_no_file "config/initializers/devise.rb" assert_no_file "config/locales/devise.en.yml" end + + test "responder error_status based on rack version" do + run_generator(["--orm=active_record"]) + + error_status = Rack::RELEASE >= "3.1" ? :unprocessable_content : :unprocessable_entity + + assert_file "config/initializers/devise.rb", /config\.responder\.error_status = #{error_status.inspect}/ + end end From 05bbc71446bfd483308065b29b66f0f8a0445b92 Mon Sep 17 00:00:00 2001 From: Shriram Date: Tue, 3 Apr 2018 08:14:13 +0530 Subject: [PATCH 263/299] Make secure_compare handle empty strings comparison correctly Used Rails' secure_compare method inside the definition of secure_compare. This will handle the empty strings comparison and return true when both the parameters are empty strings. Fixes #4441, #4829 --- CHANGELOG.md | 1 + lib/devise.rb | 8 ++------ test/devise_test.rb | 9 +++++++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47bbcf177..dc95bae43 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,7 @@ * Use `OmniAuth.config.allowed_request_methods` as routing verbs for the auth path [#5508](https://github.com/heartcombo/devise/pull/5508) * Handle `on` and `ON` as true values to check params [#5514](https://github.com/heartcombo/devise/pull/5514) * Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732) + * Use `ActiveRecord::SecurityUtils.secure_compare` in `Devise.secure_compare` to match two empty strings correctly. [#4829](https://github.com/heartcombo/devise/pull/4829) Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) diff --git a/lib/devise.rb b/lib/devise.rb index 0336ed706..c42131926 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -517,12 +517,8 @@ def self.friendly_token(length = 20) # constant-time comparison algorithm to prevent timing attacks def self.secure_compare(a, b) - return false if a.blank? || b.blank? || a.bytesize != b.bytesize - l = a.unpack "C#{a.bytesize}" - - res = 0 - b.each_byte { |byte| res |= byte ^ l.shift } - res == 0 + return false if a.nil? || b.nil? + ActiveSupport::SecurityUtils.secure_compare(a, b) end def self.deprecator diff --git a/test/devise_test.rb b/test/devise_test.rb index 532aa57dc..2f98bb4ff 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -86,15 +86,20 @@ class DeviseTest < ActiveSupport::TestCase Devise::CONTROLLERS.delete(:kivi) end - test 'should complain when comparing empty or different sized passes' do + test 'Devise.secure_compare fails when comparing different strings or nil' do [nil, ""].each do |empty| assert_not Devise.secure_compare(empty, "something") assert_not Devise.secure_compare("something", empty) - assert_not Devise.secure_compare(empty, empty) end + assert_not Devise.secure_compare(nil, nil) assert_not Devise.secure_compare("size_1", "size_four") end + test 'Devise.secure_compare passes when strings are the same, even two empty strings' do + assert Devise.secure_compare("", "") + assert Devise.secure_compare("something", "something") + end + test 'Devise.email_regexp should match valid email addresses' do valid_emails = ["test@example.com", "jo@jo.co", "f4$_m@you.com", "testing.example@example.com.ua", "test@tt", "test@valid---domain.com"] non_valid_emails = ["rex", "test user@example.com", "test_user@example server.com"] From 9a149ff139303edf3b832129054c62066baea98f Mon Sep 17 00:00:00 2001 From: Adan Amarillas Date: Fri, 28 Dec 2018 05:18:07 -0800 Subject: [PATCH 264/299] Return 401 for sessions#destroy action with no user signed in (#4878) It's an unauthenticated request, so return 401 Unauthorized like most other similar requests. Signed-off-by: Carlos Antonio da Silva --- CHANGELOG.md | 1 + app/controllers/devise/sessions_controller.rb | 8 ++++---- test/controllers/sessions_controller_test.rb | 14 +++++++++++++- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dc95bae43..0e6ba8446 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -53,6 +53,7 @@ * Handle `on` and `ON` as true values to check params [#5514](https://github.com/heartcombo/devise/pull/5514) * Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732) * Use `ActiveRecord::SecurityUtils.secure_compare` in `Devise.secure_compare` to match two empty strings correctly. [#4829](https://github.com/heartcombo/devise/pull/4829) + * Respond with `401 Unauthorized` for non-navigational requests to destroy the session when there is no authenticated resource. [#4878](https://github.com/heartcombo/devise/pull/4878) Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 76b780209..41b74f39c 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -28,7 +28,7 @@ def destroy signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) set_flash_message! :notice, :signed_out if signed_out yield if block_given? - respond_to_on_destroy + respond_to_on_destroy(non_navigational_status: :no_content) end protected @@ -62,7 +62,7 @@ def verify_signed_out_user if all_signed_out? set_flash_message! :notice, :already_signed_out - respond_to_on_destroy + respond_to_on_destroy(non_navigational_status: :unauthorized) end end @@ -72,11 +72,11 @@ def all_signed_out? users.all?(&:blank?) end - def respond_to_on_destroy + def respond_to_on_destroy(non_navigational_status: :no_content) # We actually need to hardcode this as Rails default responder doesn't # support returning empty response on GET request respond_to do |format| - format.all { head :no_content } + format.all { head non_navigational_status } format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } end end diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb index 21b3c09f7..9c970ab5d 100644 --- a/test/controllers/sessions_controller_test.rb +++ b/test/controllers/sessions_controller_test.rb @@ -74,7 +74,7 @@ class SessionsControllerTest < Devise::ControllerTestCase assert_template "devise/sessions/new" end - test "#destroy doesn't set the flash if the requested format is not navigational" do + test "#destroy doesn't set the flash and returns 204 status if the requested format is not navigational" do request.env["devise.mapping"] = Devise.mappings[:user] user = create_user user.confirm @@ -87,4 +87,16 @@ class SessionsControllerTest < Devise::ControllerTestCase assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}" assert_equal 204, @response.status end + + test "#destroy returns 401 status if user is not signed in and the requested format is not navigational" do + request.env["devise.mapping"] = Devise.mappings[:user] + delete :destroy, format: 'json' + assert_equal 401, @response.status + end + + test "#destroy returns 302 status if user is not signed in and the requested format is navigational" do + request.env["devise.mapping"] = Devise.mappings[:user] + delete :destroy + assert_equal 302, @response.status + end end From 356b09431274c2c97a02376655278ea7414ebc1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20Graakj=C3=A6r=20Grantzau?= Date: Wed, 2 Jan 2019 15:43:30 +0100 Subject: [PATCH 265/299] Downcase authentication keys and humanize error message (#4834) "Invalid Email or password." is grammatically incorrect, a change introduced a while ago by #4014. Signed-off-by: Carlos Antonio da Silva --- lib/devise/failure_app.rb | 8 ++++--- test/failure_app_test.rb | 24 +++++++++++++------ test/integration/authenticatable_test.rb | 4 ++-- test/integration/confirmable_test.rb | 2 +- .../database_authenticatable_test.rb | 4 ++-- test/integration/http_authenticatable_test.rb | 2 +- 6 files changed, 28 insertions(+), 16 deletions(-) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index d0b50f7de..2f3e11e53 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -111,11 +111,13 @@ def i18n_message(default = nil) options[:scope] = "devise.failure" options[:default] = [message] auth_keys = scope_class.authentication_keys - keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) } + keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key).downcase } options[:authentication_keys] = keys.join(I18n.t(:"support.array.words_connector")) options = i18n_options(options) - - I18n.t(:"#{scope}.#{message}", **options) + translated_message = I18n.t(:"#{scope}.#{message}", **options) + # only call `#humanize` when the message is `:invalid` to ensure the original format + # of other messages - like `:does_not_exist` - is kept. + message == :invalid ? translated_message.humanize : translated_message else message.to_s end diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index e8f316f0d..b57f4e421 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -184,17 +184,27 @@ def call_failure(env_params = {}) test 'uses the proxy failure message as symbol' do call_failure('warden' => OpenStruct.new(message: :invalid)) - assert_equal 'Invalid Email or password.', @request.flash[:alert] + assert_equal 'Invalid email or password.', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'supports authentication_keys as a Hash for the flash message' do swap Devise, authentication_keys: { email: true, login: true } do call_failure('warden' => OpenStruct.new(message: :invalid)) - assert_equal 'Invalid Email, Login or password.', @request.flash[:alert] + assert_equal 'Invalid email, login or password.', @request.flash[:alert] end end + test 'downcases authentication_keys for the flash message' do + call_failure('warden' => OpenStruct.new(message: :invalid)) + assert_equal 'Invalid email or password.', @request.flash[:alert] + end + + test 'humanizes the flash message' do + call_failure('warden' => OpenStruct.new(message: :invalid)) + assert_equal @request.flash[:alert], @request.flash[:alert].humanize + end + test 'uses custom i18n options' do call_failure('warden' => OpenStruct.new(message: :does_not_exist), app: FailureWithI18nOptions) assert_equal 'User Steve does not exist', @request.flash[:alert] @@ -288,7 +298,7 @@ def call_failure(env_params = {}) test 'uses the failure message as response body' do call_failure('formats' => Mime[:xml], 'warden' => OpenStruct.new(message: :invalid)) - assert_match 'Invalid Email or password.', @response.third.body + assert_match 'Invalid email or password.', @response.third.body end test 'respects the i18n locale passed via warden options when responding to HTTP request' do @@ -343,7 +353,7 @@ def call_failure(env_params = {}) } call_failure(env) assert_includes @response.third.body, '

Log in

' - assert_includes @response.third.body, 'Invalid Email or password.' + assert_includes @response.third.body, 'Invalid email or password.' end test 'calls the original controller if not confirmed email' do @@ -378,7 +388,7 @@ def call_failure(env_params = {}) } call_failure(env) assert_includes @response.third.body, '

Log in

' - assert_includes @response.third.body, 'Invalid Email or password.' + assert_includes @response.third.body, 'Invalid email or password.' assert_equal '/sample', @request.env["SCRIPT_NAME"] assert_equal '/users/sign_in', @request.env["PATH_INFO"] end @@ -409,7 +419,7 @@ def call_failure(env_params = {}) call_failure(env) assert_equal 422, @response.first - assert_includes @response.third.body, 'Invalid Email or password.' + assert_includes @response.third.body, 'Invalid email or password.' end end @@ -435,7 +445,7 @@ def call_failure(env_params = {}) call_failure(env) assert_equal 200, @response.first - assert_includes @response.third.body, 'Invalid Email or password.' + assert_includes @response.third.body, 'Invalid email or password.' end test 'users default hardcoded responder `redirect_status` for the status code since responders version does not support configuring it' do diff --git a/test/integration/authenticatable_test.rb b/test/integration/authenticatable_test.rb index ea338f6fc..28d00399b 100644 --- a/test/integration/authenticatable_test.rb +++ b/test/integration/authenticatable_test.rb @@ -563,7 +563,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest test 'missing authentication keys cause authentication to abort' do swap Devise, authentication_keys: [:subdomain] do sign_in_as_user - assert_contain "Invalid Subdomain or password." + assert_contain "Invalid subdomain or password." assert_not warden.authenticated?(:user) end end @@ -602,7 +602,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest swap Devise, request_keys: [:subdomain] do sign_in_as_user - assert_contain "Invalid Email or password." + assert_contain "Invalid email or password." assert_not warden.authenticated?(:user) end end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index c29d7aba0..8e6f68ef2 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -151,7 +151,7 @@ def resend_confirmation fill_in 'password', with: 'invalid' end - assert_contain 'Invalid Email or password' + assert_contain 'Invalid email or password' assert_not warden.authenticated?(:user) end end diff --git a/test/integration/database_authenticatable_test.rb b/test/integration/database_authenticatable_test.rb index 20097a871..08011fe28 100644 --- a/test/integration/database_authenticatable_test.rb +++ b/test/integration/database_authenticatable_test.rb @@ -70,7 +70,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest fill_in 'password', with: 'abcdef' end - assert_contain 'Invalid Email or password' + assert_contain 'Invalid email or password' assert_not warden.authenticated?(:admin) end @@ -82,7 +82,7 @@ class DatabaseAuthenticationTest < Devise::IntegrationTest end assert_not_contain 'Not found in database' - assert_contain 'Invalid Email or password.' + assert_contain 'Invalid email or password.' end end end diff --git a/test/integration/http_authenticatable_test.rb b/test/integration/http_authenticatable_test.rb index 707a07056..11e373320 100644 --- a/test/integration/http_authenticatable_test.rb +++ b/test/integration/http_authenticatable_test.rb @@ -52,7 +52,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest sign_in_as_new_user_with_http("unknown") assert_equal 401, status assert_equal "application/json; charset=utf-8", headers["Content-Type"] - assert_match '"error":"Invalid Email or password."', response.body + assert_match '"error":"Invalid email or password."', response.body end test 'returns a custom response with www-authenticate and chosen realm' do From fc466316df51df4a8968a9ba35152de7a54cfa94 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 14:30:42 -0300 Subject: [PATCH 266/299] Ensure auth keys at the start of the i18n msg are properly cased Otherwise if we humanized the whole string, it could cause us to change the output of strings with periods and maybe other side-effects, since we're changing the whole string from i18n. This is safer as it only changes the first char of the translated message, and only if it is a match with the first translated auth key, so we can more safely humanize & downcase all auth keys to interpolate in the message whenever needed. Also add changelog for the change. --- CHANGELOG.md | 1 + lib/devise/failure_app.rb | 15 +++++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e6ba8446..2f1de46c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,6 +54,7 @@ * Fix passing `format` option to `devise_for` [#5732](https://github.com/heartcombo/devise/pull/5732) * Use `ActiveRecord::SecurityUtils.secure_compare` in `Devise.secure_compare` to match two empty strings correctly. [#4829](https://github.com/heartcombo/devise/pull/4829) * Respond with `401 Unauthorized` for non-navigational requests to destroy the session when there is no authenticated resource. [#4878](https://github.com/heartcombo/devise/pull/4878) + * Fix incorrect grammar of invalid authentication message with capitalized attributes, e.g.: "Invalid Email or password" => "Invalid email or password". (originally introduced by [#4014](https://github.com/heartcombo/devise/pull/4014), released on v4.1.0) [#4834](https://github.com/heartcombo/devise/pull/4834) Please check [4-stable](https://github.com/heartcombo/devise/blob/4-stable/CHANGELOG.md) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 2f3e11e53..8222780f0 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -111,13 +111,16 @@ def i18n_message(default = nil) options[:scope] = "devise.failure" options[:default] = [message] auth_keys = scope_class.authentication_keys - keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key).downcase } - options[:authentication_keys] = keys.join(I18n.t(:"support.array.words_connector")) + human_keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| + scope_class.human_attribute_name(key).downcase + } + options[:authentication_keys] = human_keys.join(I18n.t(:"support.array.words_connector")) options = i18n_options(options) - translated_message = I18n.t(:"#{scope}.#{message}", **options) - # only call `#humanize` when the message is `:invalid` to ensure the original format - # of other messages - like `:does_not_exist` - is kept. - message == :invalid ? translated_message.humanize : translated_message + + I18n.t(:"#{scope}.#{message}", **options).then { |msg| + # Ensure that auth keys at the start of the translated string are properly cased. + msg.start_with?(human_keys.first) ? msg.upcase_first : msg + } else message.to_s end From 1096b609677d77a31c2615054cd41502ffe51ffe Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 15:30:13 -0300 Subject: [PATCH 267/299] Remove deprecated `Devise.activerecord51?` method --- CHANGELOG.md | 1 + lib/devise.rb | 8 -------- test/devise_test.rb | 6 ------ 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f1de46c9..f53f7c185 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ * Remove deprecated `scope` second argument from `sign_in(resource, :admin)` controller test helper, use `sign_in(resource, scope: :admin)` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove deprecated `Devise::TestHelpers`, use `Devise::Test::ControllerHelpers` instead. [#5803](https://github.com/heartcombo/devise/pull/5803) * Remove deprecated `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` [#5598](https://github.com/heartcombo/devise/pull/5598) + * Remove deprecated `Devise.activerecord51?` method. * Remove `SecretKeyFinder` and use `app.secret_key_base` as the default secret key for `Devise.secret_key` if a custom `Devise.secret_key` is not provided. This is potentially a breaking change because Devise previously used the following order to find a secret key: diff --git a/lib/devise.rb b/lib/devise.rb index c42131926..8e0c85e77 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -524,14 +524,6 @@ def self.secure_compare(a, b) def self.deprecator @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise") end - - def self.activerecord51? # :nodoc: - deprecator.warn <<-DEPRECATION.strip_heredoc - [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version. - It is a non-public method that's no longer used internally, but that other libraries have been relying on. - DEPRECATION - defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x") - end end require 'warden' diff --git a/test/devise_test.rb b/test/devise_test.rb index 2f98bb4ff..a46be0d52 100644 --- a/test/devise_test.rb +++ b/test/devise_test.rb @@ -111,10 +111,4 @@ class DeviseTest < ActiveSupport::TestCase assert_no_match Devise.email_regexp, email end end - - test 'Devise.activerecord51? deprecation' do - assert_deprecated("`Devise.activerecord51?` is deprecated", Devise.deprecator) do - Devise.activerecord51? - end - end end From 119a40f9d38fba356cd29ac4e4957c6adc3f6c66 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 15:26:42 -0300 Subject: [PATCH 268/299] Fix gemspec and readme, Devise v5 will support Rails >= 7, not 6 As per our test matrix. --- Gemfile.lock | 4 ++-- README.md | 14 +++++++------- devise.gemspec | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2d6b0ccda..b0e055c48 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -14,7 +14,7 @@ PATH devise (5.0.0.beta) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 6.0.0) + railties (>= 7.0) responders warden (~> 1.2.3) @@ -309,4 +309,4 @@ DEPENDENCIES webrat BUNDLED WITH - 4.0.3 + 4.0.3 diff --git a/README.md b/README.md index e2025965b..ccf2c622e 100644 --- a/README.md +++ b/README.md @@ -137,17 +137,17 @@ Please note that the command output will show the variable value being used. #### BUNDLE_GEMFILE We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory). Inside the [gemfiles](https://github.com/heartcombo/devise/tree/main/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable. -For example, if the tests broke using Ruby 3.0.0 and Rails 6.0, you can do the following: +For example, if the tests broke using Ruby 3.4 and Rails 8.0, you can do the following: ```bash -rbenv shell 3.0.0 # or rvm use 3.0.0 -BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bin/test +chruby 3.4.0 # or rbenv shell 3.4.0, or rvm use 3.4.0, etc. +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bin/test ``` You can also combine both of them if the tests broke for Mongoid: ```bash -BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 bundle install -BUNDLE_GEMFILE=gemfiles/Gemfile-rails-6-0 DEVISE_ORM=mongoid bin/test +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 bundle install +BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 DEVISE_ORM=mongoid bin/test ``` ### Running tests @@ -181,7 +181,7 @@ Once you have solidified your understanding of Rails and authentication mechanis ## Getting started -Devise 4.0 works with Rails 6.0 onwards. Run: +Devise 5 works with Rails 7 onwards. Run: ```sh bundle add devise diff --git a/devise.gemspec b/devise.gemspec index a6bf83e7e..1caa6aeb3 100644 --- a/devise.gemspec +++ b/devise.gemspec @@ -30,6 +30,6 @@ Gem::Specification.new do |s| s.add_dependency("warden", "~> 1.2.3") s.add_dependency("orm_adapter", "~> 0.1") s.add_dependency("bcrypt", "~> 3.0") - s.add_dependency("railties", ">= 6.0.0") + s.add_dependency("railties", ">= 7.0") s.add_dependency("responders") end From 00a97782cb91104a72ea68d8f62ca8aa0e6eb101 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 31 Dec 2025 15:42:22 -0300 Subject: [PATCH 269/299] Release v5.0.0.rc Given a lot of time has passed since the last v4.x release, and there's been many changes (including breaking ones) merged to main, let's go with an "RC" version before doing a final release. If we don't hear any major issues, I plan to release a final version in a couple of weeks. --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f53f7c185..878c82d52 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 5.0.0.rc - 2025-12-31 * breaking changes * Drop support to Ruby < 2.7 diff --git a/Gemfile.lock b/Gemfile.lock index b0e055c48..ac1b3f805 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (5.0.0.beta) + devise (5.0.0.rc) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 7.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 9843c4d05..c8c4aa5e4 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "5.0.0.beta".freeze + VERSION = "5.0.0.rc".freeze end From 35920d27e5e9508e14e2576e4226c368bd30b74f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 5 Jan 2026 09:55:48 -0300 Subject: [PATCH 270/299] Exclude Rails main + Ruby 3.2 It dropped support to Ruby 3.2 which is expected to be EOL by 2026-03-31. --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fc4bedea3..6881eda89 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,6 +30,8 @@ jobs: ruby: '3.0' - gemfile: Gemfile ruby: '2.7' + - gemfile: gemfiles/Gemfile-rails-main + ruby: '3.2' - gemfile: gemfiles/Gemfile-rails-main ruby: '3.1' - gemfile: gemfiles/Gemfile-rails-main From 731074bf09c2a0cd498c1b8a2a01434e722f94d5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 5 Jan 2026 10:02:56 -0300 Subject: [PATCH 271/299] Stop updating copyright every year [ci skip] --- MIT-LICENSE | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/MIT-LICENSE b/MIT-LICENSE index d54bbdc9b..ad599708f 100644 --- a/MIT-LICENSE +++ b/MIT-LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2020-2025 Rafael França, Carlos Antonio da Silva +Copyright (c) 2020-CURRENT Rafael França, Carlos Antonio da Silva Copyright (c) 2009-2019 Plataformatec Permission is hereby granted, free of charge, to any person obtaining diff --git a/README.md b/README.md index ccf2c622e..426185e6d 100644 --- a/README.md +++ b/README.md @@ -770,7 +770,7 @@ https://github.com/wardencommunity/warden ## License MIT License. -Copyright 2020-2025 Rafael França, Carlos Antonio da Silva. +Copyright 2020-CURRENT Rafael França, Carlos Antonio da Silva. Copyright 2009-2019 Plataformatec. The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/). From e9c534d363cc9d552662049b38582eead87bedd6 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 5 Jan 2026 18:10:32 -0300 Subject: [PATCH 272/299] Fix "Test is missing assertions" warnings `test_set_null_fields_on_migrations` ./devise/test/models_test.rb:87 `test_does_not_crash_when_the_last_request_at_is_a_String` ./devise/test/integration/timeoutable_test.rb:191 `test_defined_Warden_after_authentication_callback_should_not_be_called_when_sign_in_is_called` ./devise/test/test/controller_helpers_test.rb:114 `test_defined_Warden_before_logout_callback_should_not_be_called_when_sign_out_is_called` ./devise/test/test/controller_helpers_test.rb:128 --- test/integration/timeoutable_test.rb | 6 ++++-- test/models_test.rb | 2 +- test/test/controller_helpers_test.rb | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index d7e31ba69..73c716e66 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -191,7 +191,9 @@ def last_request_at test 'does not crash when the last_request_at is a String' do user = sign_in_as_user - get edit_form_user_path(user, last_request_at: Time.now.utc.to_s) - get users_path + assert_nothing_raised do + get edit_form_user_path(user, last_request_at: Time.now.utc.to_s) + get users_path + end end end diff --git a/test/models_test.rb b/test/models_test.rb index 16acb92c9..e2aced9ee 100644 --- a/test/models_test.rb +++ b/test/models_test.rb @@ -90,7 +90,7 @@ def assert_include_modules(klass, *modules) def send_devise_notification(*); end end - klass.create! + assert_nothing_raised { klass.create! } end end diff --git a/test/test/controller_helpers_test.rb b/test/test/controller_helpers_test.rb index 7ba9f3c67..a158e8753 100644 --- a/test/test/controller_helpers_test.rb +++ b/test/test/controller_helpers_test.rb @@ -112,7 +112,7 @@ def respond end test "defined Warden after_authentication callback should not be called when sign_in is called" do - begin + assert_nothing_raised do Warden::Manager.after_authentication do |user, auth, opts| flunk "callback was called while it should not" end @@ -126,7 +126,7 @@ def respond end test "defined Warden before_logout callback should not be called when sign_out is called" do - begin + assert_nothing_raised do Warden::Manager.before_logout do |user, auth, opts| flunk "callback was called while it should not" end From c51da69d04caacfa2ef32240796b668bc134265f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 23 Jan 2026 13:30:19 -0300 Subject: [PATCH 273/299] Release v5, no changes since RC --- CHANGELOG.md | 4 ++ Gemfile.lock | 120 +++++++++++++++++++++--------------------- lib/devise/version.rb | 2 +- 3 files changed, 65 insertions(+), 61 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 878c82d52..38b434e19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +### 5.0.0 - 2026-01-23 + +no changes + ### 5.0.0.rc - 2025-12-31 * breaking changes diff --git a/Gemfile.lock b/Gemfile.lock index ac1b3f805..ddd309923 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/mongodb/mongoid.git - revision: 4dcdaddea5d88a819c7c0d98ea0e994e13f515fe + revision: dce2e0fa3c5f0dd2086b2c8341086ff05e1b37f9 branch: 9.0-stable specs: mongoid (9.0.9) @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (5.0.0.rc) + devise (5.0.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 7.0) @@ -21,31 +21,31 @@ PATH GEM remote: https://rubygems.org/ specs: - action_text-trix (2.1.15) + action_text-trix (2.1.16) railties - actioncable (8.1.1) - actionpack (= 8.1.1) - activesupport (= 8.1.1) + actioncable (8.1.2) + actionpack (= 8.1.2) + activesupport (= 8.1.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.1.1) - actionpack (= 8.1.1) - activejob (= 8.1.1) - activerecord (= 8.1.1) - activestorage (= 8.1.1) - activesupport (= 8.1.1) + actionmailbox (8.1.2) + actionpack (= 8.1.2) + activejob (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) mail (>= 2.8.0) - actionmailer (8.1.1) - actionpack (= 8.1.1) - actionview (= 8.1.1) - activejob (= 8.1.1) - activesupport (= 8.1.1) + actionmailer (8.1.2) + actionpack (= 8.1.2) + actionview (= 8.1.2) + activejob (= 8.1.2) + activesupport (= 8.1.2) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.1.1) - actionview (= 8.1.1) - activesupport (= 8.1.1) + actionpack (8.1.2) + actionview (= 8.1.2) + activesupport (= 8.1.2) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -53,36 +53,36 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.1.1) + actiontext (8.1.2) action_text-trix (~> 2.1.15) - actionpack (= 8.1.1) - activerecord (= 8.1.1) - activestorage (= 8.1.1) - activesupport (= 8.1.1) + actionpack (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.1.1) - activesupport (= 8.1.1) + actionview (8.1.2) + activesupport (= 8.1.2) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.1.1) - activesupport (= 8.1.1) + activejob (8.1.2) + activesupport (= 8.1.2) globalid (>= 0.3.6) - activemodel (8.1.1) - activesupport (= 8.1.1) - activerecord (8.1.1) - activemodel (= 8.1.1) - activesupport (= 8.1.1) + activemodel (8.1.2) + activesupport (= 8.1.2) + activerecord (8.1.2) + activemodel (= 8.1.2) + activesupport (= 8.1.2) timeout (>= 0.4.0) - activestorage (8.1.1) - actionpack (= 8.1.1) - activejob (= 8.1.1) - activerecord (= 8.1.1) - activesupport (= 8.1.1) + activestorage (8.1.2) + actionpack (= 8.1.2) + activejob (= 8.1.2) + activerecord (= 8.1.2) + activesupport (= 8.1.2) marcel (~> 1.0) - activesupport (8.1.1) + activesupport (8.1.2) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) @@ -96,7 +96,7 @@ GEM tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) base64 (0.3.0) - bcrypt (3.1.20) + bcrypt (3.1.21) bigdecimal (4.0.1) bson (5.2.0) builder (3.3.0) @@ -146,7 +146,7 @@ GEM mongo (2.22.0) base64 bson (>= 4.14.1, < 6.0.0) - multi_xml (0.8.0) + multi_xml (0.8.1) bigdecimal (>= 3.1, < 5) net-http (0.9.1) uri (>= 0.11.1) @@ -211,20 +211,20 @@ GEM rack (>= 1.3) rackup (2.3.1) rack (>= 3) - rails (8.1.1) - actioncable (= 8.1.1) - actionmailbox (= 8.1.1) - actionmailer (= 8.1.1) - actionpack (= 8.1.1) - actiontext (= 8.1.1) - actionview (= 8.1.1) - activejob (= 8.1.1) - activemodel (= 8.1.1) - activerecord (= 8.1.1) - activestorage (= 8.1.1) - activesupport (= 8.1.1) + rails (8.1.2) + actioncable (= 8.1.2) + actionmailbox (= 8.1.2) + actionmailer (= 8.1.2) + actionpack (= 8.1.2) + actiontext (= 8.1.2) + actionview (= 8.1.2) + activejob (= 8.1.2) + activemodel (= 8.1.2) + activerecord (= 8.1.2) + activestorage (= 8.1.2) + activesupport (= 8.1.2) bundler (>= 1.15.0) - railties (= 8.1.1) + railties (= 8.1.2) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -236,9 +236,9 @@ GEM rails-html-sanitizer (1.6.2) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.1.1) - actionpack (= 8.1.1) - activesupport (= 8.1.1) + railties (8.1.2) + actionpack (= 8.1.2) + activesupport (= 8.1.2) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -246,7 +246,7 @@ GEM tsort (>= 0.2) zeitwerk (~> 2.6) rake (13.3.1) - rdoc (7.0.3) + rdoc (7.1.0) erb psych (>= 4.0.0) tsort @@ -265,7 +265,7 @@ GEM sqlite3 (2.9.0) mini_portile2 (~> 2.8.0) stringio (3.2.0) - thor (1.4.0) + thor (1.5.0) timecop (0.9.10) timeout (0.6.0) tsort (0.2.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index c8c4aa5e4..d1c8e77f5 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "5.0.0.rc".freeze + VERSION = "5.0.0".freeze end From dbc1bb22541ca337c6d2b8a95222161f2922dca6 Mon Sep 17 00:00:00 2001 From: Yuma Takeda Date: Fri, 13 Feb 2026 20:47:12 +0900 Subject: [PATCH 274/299] Fix minitest name (#5821) "Mini Test" was used in heartcombo/devise#5012 but "minitest" is the correct product name. See also: https://github.com/minitest/minitest/blob/master/README.rdoc#description > minitest provides a complete suite of testing facilities > supporting TDD, BDD, and benchmarking. In this description, "minitest" is used. [ci skip] Signed-off-by: Carlos Antonio da Silva --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 426185e6d..0c4278de3 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ BUNDLE_GEMFILE=gemfiles/Gemfile-rails-8-0 DEVISE_ORM=mongoid bin/test ``` ### Running tests -Devise uses [Mini Test](https://github.com/seattlerb/minitest) as test framework. +Devise uses [minitest](https://github.com/seattlerb/minitest) as test framework. * Running all tests: ```bash From 03c419e70ce8985b2668ae5a96c08ee23965f63f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Feb 2026 10:11:07 -0300 Subject: [PATCH 275/299] Only downcase first letter of each auth key, not the entire string (#5822) A previous change #4834 introduced a downcase call to each attribute, so that it'd fix an invalid grammar issue on some languages like English that were showing `Email` in the middle of flash message sentences. However, it caused a bug with German which uses the word `E-Mail` and at the beginning of the sentence, causing it to be converted to `E-mail` incorrectly. The fix here will only downcase the first char of each word, and convert it back to upcase at the beginning of the sentence, which should work for both the original fix (English message), and for the new bug (German message) If we end up running into any more of these edge cases with the message, we might roll it all back and provide a different set of interpolation values for the original vs downcased translations, so people can use what makes the most sense for each language without us having to manually massage these strings. Fixes #5820 --- CHANGELOG.md | 5 +++++ lib/devise/failure_app.rb | 4 +++- test/failure_app_test.rb | 5 +++++ test/support/locale/de.yml | 12 ++++++++++++ 4 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 test/support/locale/de.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 38b434e19..e4e2fade6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* bug fixes + * Fix translation issue with German `E-Mail` on invalid authentication messages caused by previous fix for incorrect grammar [#5822](https://github.com/heartcombo/devise/pull/5822) + ### 5.0.0 - 2026-01-23 no changes diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 8222780f0..1c9b58653 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -112,7 +112,9 @@ def i18n_message(default = nil) options[:default] = [message] auth_keys = scope_class.authentication_keys human_keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| - scope_class.human_attribute_name(key).downcase + # TODO: Remove the fallback and just use `downcase_first` once we drop support for Rails 7.0. + human_key = scope_class.human_attribute_name(key) + human_key.respond_to?(:downcase_first) ? human_key.downcase_first : human_key[0].downcase + human_key[1..] } options[:authentication_keys] = human_keys.join(I18n.t(:"support.array.words_connector")) options = i18n_options(options) diff --git a/test/failure_app_test.rb b/test/failure_app_test.rb index b57f4e421..c9e4a56ce 100644 --- a/test/failure_app_test.rb +++ b/test/failure_app_test.rb @@ -215,6 +215,11 @@ def call_failure(env_params = {}) assert_equal 'Email ou senha inválidos.', @request.flash[:alert] assert_equal 'http://test.host/users/sign_in', @response.second["Location"] + + call_failure('warden' => OpenStruct.new(message: :invalid), 'warden.options' => { locale: :de }) + + assert_equal 'E-Mail oder Passwort ist ungültig.', @request.flash[:alert] + assert_equal 'http://test.host/users/sign_in', @response.second["Location"] end test 'uses the proxy failure message as string' do diff --git a/test/support/locale/de.yml b/test/support/locale/de.yml new file mode 100644 index 000000000..b60457162 --- /dev/null +++ b/test/support/locale/de.yml @@ -0,0 +1,12 @@ +de: + activerecord: + attributes: + user: + email: E-Mail + mongoid: + attributes: + user: + email: E-Mail + devise: + failure: + invalid: "%{authentication_keys} oder Passwort ist ungültig." From 1054ef82e7ed65264bc65e539e035ec51a5f2aff Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Feb 2026 14:52:01 -0300 Subject: [PATCH 276/299] Release v5.0.1 --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e4e2fade6..6119a3e9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 5.0.1 - 2026-02-13 * bug fixes * Fix translation issue with German `E-Mail` on invalid authentication messages caused by previous fix for incorrect grammar [#5822](https://github.com/heartcombo/devise/pull/5822) diff --git a/Gemfile.lock b/Gemfile.lock index ddd309923..bdf09fccc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (5.0.0) + devise (5.0.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 7.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index d1c8e77f5..716e0ff15 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "5.0.0".freeze + VERSION = "5.0.1".freeze end From e5ffdc42483e447bb248045940bac76fd517cfc5 Mon Sep 17 00:00:00 2001 From: Gareth Jones <3151613+G-Rath@users.noreply.github.com> Date: Wed, 18 Feb 2026 05:28:20 +1300 Subject: [PATCH 277/299] Update missed generator to use correct grammar for "send password reset" button (#5824) This mirrors #5515 --- lib/generators/templates/simple_form_for/passwords/new.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/generators/templates/simple_form_for/passwords/new.html.erb b/lib/generators/templates/simple_form_for/passwords/new.html.erb index 01ce0b8b9..9a2c7d39f 100644 --- a/lib/generators/templates/simple_form_for/passwords/new.html.erb +++ b/lib/generators/templates/simple_form_for/passwords/new.html.erb @@ -11,7 +11,7 @@

- <%= f.button :submit, "Send me reset password instructions" %> + <%= f.button :submit, "Send me password reset instructions" %>
<% end %> From bb2b4ecc1bcabc1c1797ecfe0dc0211c52cf3972 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 18 Feb 2026 09:43:10 -0300 Subject: [PATCH 278/299] Allow model config to override `sign_in_after_change_password` (#5825) The config exists at the model/resource class from the registerable module, but it was not being honored, instead we were directly relying on the main Devise config. Now this can be configured and honored per-model/resource class, as expected. This is similar to #5429 and `sign_in_after_reset_password` fix. --- CHANGELOG.md | 5 +++++ .../devise/registrations_controller.rb | 2 +- test/integration/registerable_test.rb | 16 ++++++++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6119a3e9e..fbb7fe42d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* enhancements + * Allow resource class scopes to override the global configuration for `sign_in_after_change_password` behaviour. [#5824](https://github.com/heartcombo/devise/pull/5824) + ### 5.0.1 - 2026-02-13 * bug fixes diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index f1292b4d9..33def66db 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -163,6 +163,6 @@ def set_flash_message_for_update(resource, prev_unconfirmed_email) def sign_in_after_change_password? return true if account_update_params[:password].blank? - Devise.sign_in_after_change_password + resource_class.sign_in_after_change_password end end diff --git a/test/integration/registerable_test.rb b/test/integration/registerable_test.rb index ad0f3bec0..9289ac6af 100644 --- a/test/integration/registerable_test.rb +++ b/test/integration/registerable_test.rb @@ -187,6 +187,22 @@ def user_sign_up end end + test 'a signed in user should not be able to use the website after changing their password if resource_class.sign_in_after_change_password is false' do + swap_model_config User, sign_in_after_change_password: false do + sign_in_as_user + get edit_user_registration_path + + fill_in 'password', with: '1234567890' + fill_in 'password confirmation', with: '1234567890' + fill_in 'current password', with: '12345678' + click_button 'Update' + + assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again.' + assert_equal new_user_session_path, @request.path + assert_not warden.authenticated?(:user) + end + end + test 'a signed in user should be able to use the website after changing its email with config.sign_in_after_change_password is false' do swap Devise, sign_in_after_change_password: false do sign_in_as_user From 1befcb58828b0df46aba985be20e88fc3c46c0db Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 18 Feb 2026 10:10:02 -0300 Subject: [PATCH 279/299] Stop building both branch & PR with pushes Build pushes to the main branch and open PRs, but not pushes to other branches. Allow workflow_dispatch to build them manually if we want to. --- .github/workflows/test.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6881eda89..e745d5ec5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,5 +1,10 @@ name: Test -on: [push, pull_request] +on: + push: + branches: + - main + pull_request: + workflow_dispatch: jobs: test: strategy: From 916f94ed4b4bb8e7881d5cf8c6535b7ccb368f7a Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 18 Feb 2026 10:21:26 -0300 Subject: [PATCH 280/299] Add `sign_in_after_reset_password?` check hook to passwords controller (#5826) Extract a couple small duplicate checks into a method, enabling it as a hook that can be overridden if necessary. It's going to be particularly useful on a flow I'm working on / testing out, to avoid having to copy over the whole block of code from the controller to customize it. We have a similar hook on the registration controller for `sign_in_after_change_password?`, which was also moved to protected. While not much practical change, it hopefully shows better the intention that it's a method users can override if they need, similar to a few other methods in controllers. Also move `update_needs_confirmation?` down to private, as this one in particular I don't think we intended to allow overriding, as it has no practical behavior change other than the flash message. --- CHANGELOG.md | 3 ++- .../devise/passwords_controller.rb | 9 ++++++-- .../devise/registrations_controller.rb | 21 ++++++++++--------- 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fbb7fe42d..a84d5a219 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,8 @@ ### Unreleased * enhancements - * Allow resource class scopes to override the global configuration for `sign_in_after_change_password` behaviour. [#5824](https://github.com/heartcombo/devise/pull/5824) + * Allow resource class scopes to override the global configuration for `sign_in_after_change_password` behaviour. [#5825](https://github.com/heartcombo/devise/pull/5825) + * Add `sign_in_after_reset_password?` check hook to passwords controller, to allow it to be customized by users. [#5826](https://github.com/heartcombo/devise/pull/5826) ### 5.0.1 - 2026-02-13 diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 3af1f864b..68b8dc877 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -36,7 +36,7 @@ def update if resource.errors.empty? resource.unlock_access! if unlockable?(resource) - if resource_class.sign_in_after_reset_password + if sign_in_after_reset_password? flash_message = resource.active_for_authentication? ? :updated : :updated_not_active set_flash_message!(:notice, flash_message) resource.after_database_authentication @@ -53,7 +53,7 @@ def update protected def after_resetting_password_path_for(resource) - resource_class.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name) + sign_in_after_reset_password? ? after_sign_in_path_for(resource) : new_session_path(resource_name) end # The path used after sending reset password instructions @@ -69,6 +69,11 @@ def assert_reset_token_passed end end + # Check if the user should be signed in automatically after resetting the password. + def sign_in_after_reset_password? + resource_class.sign_in_after_reset_password + end + # Check if proper Lockable module methods are present & unlock strategy # allows to unlock resource on password reset def unlockable?(resource) diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 33def66db..79e2b0e81 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -82,12 +82,6 @@ def cancel protected - def update_needs_confirmation?(resource, previous) - resource.respond_to?(:pending_reconfirmation?) && - resource.pending_reconfirmation? && - previous != resource.unconfirmed_email - end - # By default we want to require a password checks on update. # You can overwrite this method in your own RegistrationsController. def update_resource(resource, params) @@ -133,6 +127,13 @@ def authenticate_scope! self.resource = send(:"current_#{resource_name}") end + # Check if the user should be signed in automatically after updating the password. + def sign_in_after_change_password? + return true if account_update_params[:password].blank? + + resource_class.sign_in_after_change_password + end + def sign_up_params devise_parameter_sanitizer.sanitize(:sign_up) end @@ -160,9 +161,9 @@ def set_flash_message_for_update(resource, prev_unconfirmed_email) set_flash_message :notice, flash_key end - def sign_in_after_change_password? - return true if account_update_params[:password].blank? - - resource_class.sign_in_after_change_password + def update_needs_confirmation?(resource, previous) + resource.respond_to?(:pending_reconfirmation?) && + resource.pending_reconfirmation? && + previous != resource.unconfirmed_email end end From 5b008ed51c0df3223cf727e7ad07378d6329b12f Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 18 Feb 2026 11:06:29 -0300 Subject: [PATCH 281/299] Release v5.0.2 --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a84d5a219..1f786c4ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 5.0.2 - 2026-02-18 * enhancements * Allow resource class scopes to override the global configuration for `sign_in_after_change_password` behaviour. [#5825](https://github.com/heartcombo/devise/pull/5825) diff --git a/Gemfile.lock b/Gemfile.lock index bdf09fccc..a759a6dc1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (5.0.1) + devise (5.0.2) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 7.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 716e0ff15..65b9d61de 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "5.0.1".freeze + VERSION = "5.0.2".freeze end From 3fd061095084d8f9d3f8c995c46caabcd15640fd Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 6 Mar 2026 10:42:35 -0300 Subject: [PATCH 282/299] Add a note to the changelog about an edge case issue some users ran into Check the related issue for more info and explanation: https://github.com/heartcombo/devise/pull/5828#issuecomment-3926822788 [ci skip] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1f786c4ee..14fc8bbd4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ * enhancements * Allow resource class scopes to override the global configuration for `sign_in_after_change_password` behaviour. [#5825](https://github.com/heartcombo/devise/pull/5825) + * _Note_: some users ran into an issue with this change because `RegistrationsController` now relies on a setting from the `:registerable` module. These users were configuring their own routes pointing to the `RegistrationsController` for resource edit/update actions mostly, without relying on the other registration actions (e.g. user sign up.), so they omitted `:registerable` from the model declaration. While using just a portion of the controller functionality is a valid use for `:registerable` (or any module really), the module must still be declared in the model, much like the other modules must be declared if you plan on using just a portion of their behavior. Please check [this issue](https://github.com/heartcombo/devise/pull/5828#issuecomment-3926822788) for more info. * Add `sign_in_after_reset_password?` check hook to passwords controller, to allow it to be customized by users. [#5826](https://github.com/heartcombo/devise/pull/5826) ### 5.0.1 - 2026-02-13 From c9e655e13253dc53e3c0981a8345f134bcda1fc5 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 6 Mar 2026 10:49:00 -0300 Subject: [PATCH 283/299] Bundle update, clear dependabot security issues --- Gemfile.lock | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a759a6dc1..9a21c3aaa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/mongodb/mongoid.git - revision: dce2e0fa3c5f0dd2086b2c8341086ff05e1b37f9 + revision: 0623af687a234392ed4b8872f474a9208b908500 branch: 9.0-stable specs: - mongoid (9.0.9) + mongoid (9.0.10) activemodel (>= 5.1, < 8.2, != 7.0.0) concurrent-ruby (>= 1.0.5, < 2.0) mongo (>= 2.18.0, < 3.0.0) @@ -105,9 +105,9 @@ GEM crass (1.0.6) date (3.5.1) drb (2.2.3) - erb (6.0.1) + erb (6.0.2) erubi (1.13.1) - faraday (2.14.0) + faraday (2.14.1) faraday-net_http (>= 2.0, < 3.5) json logger @@ -120,11 +120,12 @@ GEM i18n (1.14.8) concurrent-ruby (~> 1.0) io-console (0.8.2) - irb (1.16.0) + irb (1.17.0) pp (>= 0.6.0) + prism (>= 1.3.0) rdoc (>= 4.0.0) reline (>= 0.4.2) - json (2.18.0) + json (2.19.0) jwt (3.1.2) base64 logger (1.7.0) @@ -143,14 +144,14 @@ GEM minitest (5.27.0) mocha (2.8.2) ruby2_keywords (>= 0.0.5) - mongo (2.22.0) + mongo (2.23.0) base64 bson (>= 4.14.1, < 6.0.0) multi_xml (0.8.1) bigdecimal (>= 3.1, < 5) net-http (0.9.1) uri (>= 0.11.1) - net-imap (0.6.2) + net-imap (0.6.3) date net-protocol net-pop (0.1.2) @@ -160,7 +161,7 @@ GEM net-smtp (0.5.1) net-protocol nio4r (2.7.5) - nokogiri (1.19.0) + nokogiri (1.19.1) mini_portile2 (~> 2.8.2) racc (~> 1.4) oauth2 (2.0.18) @@ -192,11 +193,12 @@ GEM pp (0.6.3) prettyprint prettyprint (0.2.0) + prism (1.9.0) psych (5.3.1) date stringio racc (1.8.1) - rack (3.2.4) + rack (3.2.5) rack-openid (1.4.2) rack (>= 1.1.0) ruby-openid (>= 2.1.8) @@ -233,8 +235,8 @@ GEM activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.2) - loofah (~> 2.21) + rails-html-sanitizer (1.7.0) + loofah (~> 2.25) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) railties (8.1.2) actionpack (= 8.1.2) @@ -246,7 +248,7 @@ GEM tsort (>= 0.2) zeitwerk (~> 2.6) rake (13.3.1) - rdoc (7.1.0) + rdoc (7.2.0) erb psych (>= 4.0.0) tsort @@ -262,7 +264,7 @@ GEM snaky_hash (2.0.3) hashie (>= 0.1.0, < 6) version_gem (>= 1.1.8, < 3) - sqlite3 (2.9.0) + sqlite3 (2.9.1) mini_portile2 (~> 2.8.0) stringio (3.2.0) thor (1.5.0) @@ -284,7 +286,7 @@ GEM base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.7.4) + zeitwerk (2.7.5) PLATFORMS ruby From 8c785761bd3c717793f0da4146dd630865568567 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Mar 2026 09:59:51 -0300 Subject: [PATCH 284/299] Ignore test/** folder for GH default code scanning --- .github/code-scanning.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .github/code-scanning.yml diff --git a/.github/code-scanning.yml b/.github/code-scanning.yml new file mode 100644 index 000000000..0245ae21d --- /dev/null +++ b/.github/code-scanning.yml @@ -0,0 +1,2 @@ +paths-ignore: + - test/** From 0f4493bd0302f85d1662b71c4f2145268fecc200 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Mar 2026 09:59:58 -0300 Subject: [PATCH 285/299] Configure default permissions as read-only for the workflow --- .github/workflows/test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e745d5ec5..d3a7488b9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,4 +1,7 @@ name: Test + +permissions: + contents: read on: push: branches: From 879f79fceaf2ec6525219ee7bb4057ce4db65729 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 13 Mar 2026 10:00:13 -0300 Subject: [PATCH 286/299] Bundle update --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 9a21c3aaa..464707c72 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -21,7 +21,7 @@ PATH GEM remote: https://rubygems.org/ specs: - action_text-trix (2.1.16) + action_text-trix (2.1.17) railties actioncable (8.1.2) actionpack (= 8.1.2) @@ -125,7 +125,7 @@ GEM prism (>= 1.3.0) rdoc (>= 4.0.0) reline (>= 0.4.2) - json (2.19.0) + json (2.19.1) jwt (3.1.2) base64 logger (1.7.0) @@ -269,7 +269,7 @@ GEM stringio (3.2.0) thor (1.5.0) timecop (0.9.10) - timeout (0.6.0) + timeout (0.6.1) tsort (0.2.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) From 02527772bd9adbc3357d9c62fbc16e73e438121d Mon Sep 17 00:00:00 2001 From: Grant Cox Date: Tue, 17 Mar 2026 07:40:45 +1100 Subject: [PATCH 287/299] Fix race condition vulnerability, by ensuring the `unconfirmed_email` is always saved (#5784) Fix security issue in the `Confirmable` "change email" flow, where a user can end up confirming an email address that they have no access to. The flow for this is: 1. Attacker registers `attacker1@email.com` 2. Attacker changes their email to `attacker2@email.com`, but does not yet confirm this 3. Attacker submits two concurrent "change email" requests a. one changing to `attacker2@email.com` b. one changing to `victim@email.com` When request 3.a is run, the `Confirmable.postpone_email_change_until_confirmation_and_regenerate_confirmation_token` method sets both the `unconfirmed_email` and `confirmation_token` properties. But as the `unconfirmed_email` value is the same as the model already had from step 2, this attribute is not included in the SQL `UPDATE` statement. The SQL `UPDATE` statement only updates the `confirmation_token`. This token is emailed to the `attacker2@email.com` address. If the "victim" race request (3.b) completes first, it will update both the `unconfirmed_email` and the `confirmation_token`. But then request 3.a will replace just the token. The model's end state is having the confirmation token that was sent to the attacker, but with the `unconfirmed_email` of the victim. When the attacker follows the confirmation link, they will have confirmed the victim's email address, on an account that the attacker controls. Co-authored-by: Carlos Antonio da Silva --- CHANGELOG.md | 5 +++++ lib/devise/models/confirmable.rb | 4 +++- lib/devise/orm.rb | 11 +++++++++++ test/integration/confirmable_test.rb | 28 ++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 14fc8bbd4..4f8ea035f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### Unreleased + +* security fixes + * Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own [#5783](https://github.com/heartcombo/devise/pull/5783) [#5784](https://github.com/heartcombo/devise/pull/5784) + ### 5.0.2 - 2026-02-18 * enhancements diff --git a/lib/devise/models/confirmable.rb b/lib/devise/models/confirmable.rb index 6ce22c30f..1930086aa 100644 --- a/lib/devise/models/confirmable.rb +++ b/lib/devise/models/confirmable.rb @@ -258,9 +258,11 @@ def generate_confirmation_token! generate_confirmation_token && save(validate: false) end - def postpone_email_change_until_confirmation_and_regenerate_confirmation_token @reconfirmation_required = true + # Force unconfirmed_email to be updated, even if the value hasn't changed, to prevent a + # race condition which could allow an attacker to confirm an email they don't own. See #5783. + devise_unconfirmed_email_will_change! self.unconfirmed_email = self.email self.email = self.devise_email_in_database self.confirmation_token = nil diff --git a/lib/devise/orm.rb b/lib/devise/orm.rb index 3f3ac86db..f00f397f0 100644 --- a/lib/devise/orm.rb +++ b/lib/devise/orm.rb @@ -35,6 +35,10 @@ def devise_will_save_change_to_email? will_save_change_to_email? end + def devise_unconfirmed_email_will_change! + unconfirmed_email_will_change! + end + def devise_respond_to_and_will_save_change_to_attribute?(attribute) respond_to?("will_save_change_to_#{attribute}?") && send("will_save_change_to_#{attribute}?") end @@ -61,6 +65,13 @@ def devise_will_save_change_to_email? email_changed? end + def devise_unconfirmed_email_will_change! + # Mongoid's will_change! doesn't force unchanged attributes into updates, + # so we override changed_attributes to make it see a difference. + unconfirmed_email_will_change! + changed_attributes["unconfirmed_email"] = nil + end + def devise_respond_to_and_will_save_change_to_attribute?(attribute) respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?") end diff --git a/test/integration/confirmable_test.rb b/test/integration/confirmable_test.rb index 8e6f68ef2..f9185e87f 100644 --- a/test/integration/confirmable_test.rb +++ b/test/integration/confirmable_test.rb @@ -354,4 +354,32 @@ def visit_admin_confirmation_with_token(confirmation_token) assert_contain(/Email.*already.*taken/) assert admin.reload.pending_reconfirmation? end + + test 'concurrent "update email" requests should not allow confirming a victim email address' do + attacker_email = "attacker@example.com" + victim_email = "victim@example.com" + + attacker = create_admin + # update the email address of the attacker, but do not confirm it yet + attacker.update!(email: attacker_email) + + # A new request starts, to update the unconfirmed email again. + attacker = Admin.find_by(id: attacker.id) + + # A concurrent request also updates the email address to the victim, while the `attacker` request's model is in memory + Admin.where(id: attacker.id).update_all( + unconfirmed_email: victim_email, + confirmation_token: "different token" + ) + + # Now the attacker updates to the same prior unconfirmed email address, and confirm. + # This should update the `unconfirmed_email` in the database, even though it is unchanged from the models point of view. + attacker.update!(email: attacker_email) + attacker_token = attacker.raw_confirmation_token + visit_admin_confirmation_with_token(attacker_token) + + attacker.reload + assert attacker.confirmed? + assert_equal attacker_email, attacker.email + end end From 53347074021b38590653b95523f9b7113e5dcfdc Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 16 Mar 2026 17:41:25 -0300 Subject: [PATCH 288/299] Add CVE to changelog [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f8ea035f..29d70ccac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ### Unreleased * security fixes - * Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own [#5783](https://github.com/heartcombo/devise/pull/5783) [#5784](https://github.com/heartcombo/devise/pull/5784) + * Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own CVE-2026-32700 [#5783](https://github.com/heartcombo/devise/pull/5783) [#5784](https://github.com/heartcombo/devise/pull/5784) ### 5.0.2 - 2026-02-18 From 2f809205b2a9112767e68e1a5666c649a42609c6 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 16 Mar 2026 17:44:04 -0300 Subject: [PATCH 289/299] Release v5.0.3 --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 29d70ccac..11f069f84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### Unreleased +### 5.0.3 - 2026-03-16 * security fixes * Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own CVE-2026-32700 [#5783](https://github.com/heartcombo/devise/pull/5783) [#5784](https://github.com/heartcombo/devise/pull/5784) diff --git a/Gemfile.lock b/Gemfile.lock index 464707c72..8b339d7ad 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (5.0.2) + devise (5.0.3) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 7.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 65b9d61de..6e2b6f02d 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "5.0.2".freeze + VERSION = "5.0.3".freeze end From 4ffb0b7e88b627ac0575e475b279e0cc474b4ded Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 16 Mar 2026 18:35:54 -0300 Subject: [PATCH 290/299] Fix Gemfile for Rails 7.2, incorrectly testing against 7.1 --- gemfiles/Gemfile-rails-7-2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gemfiles/Gemfile-rails-7-2 b/gemfiles/Gemfile-rails-7-2 index 2fa2804d5..deecdfe9c 100644 --- a/gemfiles/Gemfile-rails-7-2 +++ b/gemfiles/Gemfile-rails-7-2 @@ -2,8 +2,7 @@ source "https://rubygems.org" gemspec path: ".." -gem "rails", "~> 7.1.0" - +gem "rails", "~> 7.2.0" gem "omniauth" gem "omniauth-oauth2" gem "rdoc" From 5d202775d75ccee8c36a9ed72062f627202e29e2 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Mon, 16 Mar 2026 18:41:15 -0300 Subject: [PATCH 291/299] Cleanup old Rails.version check for db migration path --- lib/generators/devise/orm_helpers.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/generators/devise/orm_helpers.rb b/lib/generators/devise/orm_helpers.rb index 067eb36f5..18c8526a5 100644 --- a/lib/generators/devise/orm_helpers.rb +++ b/lib/generators/devise/orm_helpers.rb @@ -25,11 +25,7 @@ def migration_exists?(table_name) end def migration_path - if Rails.version >= '5.0.3' - db_migrate_path - else - @migration_path ||= File.join("db", "migrate") - end + db_migrate_path end def model_path From 5e3a8bf3a01cc556185dbde47ecf3bb20c41b150 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 27 Mar 2026 09:49:28 -0300 Subject: [PATCH 292/299] Bundle update --- Gemfile.lock | 118 +++++++++++++++++++++++++-------------------------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8b339d7ad..305f561c1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -21,31 +21,31 @@ PATH GEM remote: https://rubygems.org/ specs: - action_text-trix (2.1.17) + action_text-trix (2.1.18) railties - actioncable (8.1.2) - actionpack (= 8.1.2) - activesupport (= 8.1.2) + actioncable (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (8.1.2) - actionpack (= 8.1.2) - activejob (= 8.1.2) - activerecord (= 8.1.2) - activestorage (= 8.1.2) - activesupport (= 8.1.2) + actionmailbox (8.1.3) + actionpack (= 8.1.3) + activejob (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) mail (>= 2.8.0) - actionmailer (8.1.2) - actionpack (= 8.1.2) - actionview (= 8.1.2) - activejob (= 8.1.2) - activesupport (= 8.1.2) + actionmailer (8.1.3) + actionpack (= 8.1.3) + actionview (= 8.1.3) + activejob (= 8.1.3) + activesupport (= 8.1.3) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (8.1.2) - actionview (= 8.1.2) - activesupport (= 8.1.2) + actionpack (8.1.3) + actionview (= 8.1.3) + activesupport (= 8.1.3) nokogiri (>= 1.8.5) rack (>= 2.2.4) rack-session (>= 1.0.1) @@ -53,36 +53,36 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (8.1.2) + actiontext (8.1.3) action_text-trix (~> 2.1.15) - actionpack (= 8.1.2) - activerecord (= 8.1.2) - activestorage (= 8.1.2) - activesupport (= 8.1.2) + actionpack (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (8.1.2) - activesupport (= 8.1.2) + actionview (8.1.3) + activesupport (= 8.1.3) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (8.1.2) - activesupport (= 8.1.2) + activejob (8.1.3) + activesupport (= 8.1.3) globalid (>= 0.3.6) - activemodel (8.1.2) - activesupport (= 8.1.2) - activerecord (8.1.2) - activemodel (= 8.1.2) - activesupport (= 8.1.2) + activemodel (8.1.3) + activesupport (= 8.1.3) + activerecord (8.1.3) + activemodel (= 8.1.3) + activesupport (= 8.1.3) timeout (>= 0.4.0) - activestorage (8.1.2) - actionpack (= 8.1.2) - activejob (= 8.1.2) - activerecord (= 8.1.2) - activesupport (= 8.1.2) + activestorage (8.1.3) + actionpack (= 8.1.3) + activejob (= 8.1.3) + activerecord (= 8.1.3) + activesupport (= 8.1.3) marcel (~> 1.0) - activesupport (8.1.2) + activesupport (8.1.3) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) @@ -96,7 +96,7 @@ GEM tzinfo (~> 2.0, >= 2.0.5) uri (>= 0.13.1) base64 (0.3.0) - bcrypt (3.1.21) + bcrypt (3.1.22) bigdecimal (4.0.1) bson (5.2.0) builder (3.3.0) @@ -125,11 +125,11 @@ GEM prism (>= 1.3.0) rdoc (>= 4.0.0) reline (>= 0.4.2) - json (2.19.1) + json (2.19.3) jwt (3.1.2) base64 logger (1.7.0) - loofah (2.25.0) + loofah (2.25.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.9.0) @@ -161,7 +161,7 @@ GEM net-smtp (0.5.1) net-protocol nio4r (2.7.5) - nokogiri (1.19.1) + nokogiri (1.19.2) mini_portile2 (~> 2.8.2) racc (~> 1.4) oauth2 (2.0.18) @@ -213,20 +213,20 @@ GEM rack (>= 1.3) rackup (2.3.1) rack (>= 3) - rails (8.1.2) - actioncable (= 8.1.2) - actionmailbox (= 8.1.2) - actionmailer (= 8.1.2) - actionpack (= 8.1.2) - actiontext (= 8.1.2) - actionview (= 8.1.2) - activejob (= 8.1.2) - activemodel (= 8.1.2) - activerecord (= 8.1.2) - activestorage (= 8.1.2) - activesupport (= 8.1.2) + rails (8.1.3) + actioncable (= 8.1.3) + actionmailbox (= 8.1.3) + actionmailer (= 8.1.3) + actionpack (= 8.1.3) + actiontext (= 8.1.3) + actionview (= 8.1.3) + activejob (= 8.1.3) + activemodel (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) bundler (>= 1.15.0) - railties (= 8.1.2) + railties (= 8.1.3) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -238,9 +238,9 @@ GEM rails-html-sanitizer (1.7.0) loofah (~> 2.25) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (8.1.2) - actionpack (= 8.1.2) - activesupport (= 8.1.2) + railties (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -264,7 +264,7 @@ GEM snaky_hash (2.0.3) hashie (>= 0.1.0, < 6) version_gem (>= 1.1.8, < 3) - sqlite3 (2.9.1) + sqlite3 (2.9.2) mini_portile2 (~> 2.8.0) stringio (3.2.0) thor (1.5.0) From 605de86174c26b9f5b2618470249db2c225327d4 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Wed, 1 Apr 2026 17:31:30 -0300 Subject: [PATCH 293/299] Update links to https [ci skip] Ref. #5833 --- CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 2 +- README.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 5d594d2f5..3fc1d0982 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -19,4 +19,4 @@ This code of conduct applies both within project spaces and in public spaces whe Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by sending an email to [heartcombo.oss@gmail.com](heartcombo.oss@gmail.com) or contacting one or more of the project maintainers. -This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/) +This Code of Conduct is adapted from the [Contributor Covenant](https://contributor-covenant.org), version 1.2.0, available at [https://contributor-covenant.org/version/1/2/0/](https://contributor-covenant.org/version/1/2/0/) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 336d614f4..6327e4ddb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -27,7 +27,7 @@ internationalization. Avoid opening new issues to ask questions in our issues tracker. Please go through the project wiki, documentation and source code first, or try to ask your question -on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). +on [Stack Overflow](https://stackoverflow.com/questions/tagged/devise). **If you find a security bug, do not report it through GitHub. Please send an e-mail to [heartcombo.oss@gmail.com](mailto:heartcombo.oss@gmail.com) diff --git a/README.md b/README.md index 0c4278de3..37e2d3160 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ If you have discovered a security related bug, please do *NOT* use the GitHub is If you have any questions, comments, or concerns, please use StackOverflow instead of the GitHub issue tracker: -http://stackoverflow.com/questions/tagged/devise +https://stackoverflow.com/questions/tagged/devise The deprecated mailing lists can still be read on: @@ -90,7 +90,7 @@ https://groups.google.com/group/heartcombo You can view the Devise documentation in RDoc format here: -http://rubydoc.info/github/heartcombo/devise/main/frames +https://rubydoc.info/github/heartcombo/devise/main/frames If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation. @@ -745,7 +745,7 @@ config.http_authenticatable = [:database] ``` This restriction does not limit you from implementing custom warden strategies, either in your application or via gem-based extensions for devise. -A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/heartcombo/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](http://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/). +A common authentication strategy for APIs is token-based authentication. For more information on extending devise to support this type of authentication and others, see the wiki article for [Simple Token Authentication Examples and alternatives](https://github.com/heartcombo/devise/wiki/How-To:-Simple-Token-Authentication-Example#alternatives) or this blog post on [Custom authentication methods with Devise](https://blog.plataformatec.com.br/2019/01/custom-authentication-methods-with-devise/). #### Testing API Mode changes the order of the middleware stack, and this can cause problems for `Devise::Test::IntegrationHelpers`. This problem usually surfaces as an ```undefined method `[]=' for nil:NilClass``` error when using integration test helpers, such as `#sign_in`. The solution is simply to reorder the middlewares by adding the following to test.rb: From 7ca7ed9c174525a4d36167441b35af4a0991b6af Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 10 Apr 2026 11:43:17 -0300 Subject: [PATCH 294/299] Add GHSA link to the v5.0.3 sec fix changelog entry [ci skip] --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11f069f84..0fd56f8bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ### 5.0.3 - 2026-03-16 * security fixes - * Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own CVE-2026-32700 [#5783](https://github.com/heartcombo/devise/pull/5783) [#5784](https://github.com/heartcombo/devise/pull/5784) + * Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own CVE-2026-32700 [GHSA-57hq-95w6-v4fc](https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc) [#5783](https://github.com/heartcombo/devise/pull/5783) [#5784](https://github.com/heartcombo/devise/pull/5784) ### 5.0.2 - 2026-02-18 From 025fe2124f9928766fc46520e999633b598d0360 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 8 May 2026 11:29:59 -0300 Subject: [PATCH 295/299] Merge commit from fork When the Timeoutable module is enabled in Devise, the `FailureApp#redirect_url` method returns request.referrer, which is attacker-controllable, without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an auto-submitting cross-origin form can cause a victim with an expired Devise session to be redirected to an arbitrary external URL. This contrasts with the GET timeout path (which uses server-side `attempted_path`) and Devise's own `store_location_for` mechanism (which strips external hosts via `extract_path_from_location`), both of which are protected; only the non-GET timeout redirect path is unprotected. The fix is to apply the same handling logic from `store_location_for` an extract only the path from the request referer, stripping out the host entirely, to prevent the external redirect. GHSA-jp94-3292-c3xv --- CHANGELOG.md | 5 +++++ lib/devise/controllers/store_location.rb | 2 +- lib/devise/failure_app.rb | 2 +- test/controllers/helpers_test.rb | 18 ++++++++++++++---- test/integration/timeoutable_test.rb | 20 ++++++++++++++++++++ 5 files changed, 41 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fd56f8bf..d18649ce4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +### 5.0.4 - YYYY-MM-DD + +* security fixes + * Fix open redirect in `FailureApp` via unvalidated `Referer` header on non-GET session timeout. CVE-2026-40295 [GHSA-jp94-3292-c3xv](https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv) + ### 5.0.3 - 2026-03-16 * security fixes diff --git a/lib/devise/controllers/store_location.rb b/lib/devise/controllers/store_location.rb index d2e431e80..1ae46f734 100644 --- a/lib/devise/controllers/store_location.rb +++ b/lib/devise/controllers/store_location.rb @@ -56,7 +56,7 @@ def stored_location_key_for(resource_or_scope) def extract_path_from_location(location) uri = parse_uri(location) - if uri + if uri && uri.path path = remove_domain_from_uri(uri) path = add_fragment_back_to_path(uri, path) diff --git a/lib/devise/failure_app.rb b/lib/devise/failure_app.rb index 1c9b58653..70cf6d2f3 100644 --- a/lib/devise/failure_app.rb +++ b/lib/devise/failure_app.rb @@ -139,7 +139,7 @@ def redirect_url path = if request.get? attempted_path else - request.referrer + extract_path_from_location(request.referrer) end path || scope_url diff --git a/test/controllers/helpers_test.rb b/test/controllers/helpers_test.rb index 57acdba9c..536b282c2 100644 --- a/test/controllers/helpers_test.rb +++ b/test/controllers/helpers_test.rb @@ -224,10 +224,20 @@ def setup assert_equal "/foo.bar", @controller.stored_location_for(:user) end - test 'store bad location for stores a location to redirect back to' do - assert_nil @controller.stored_location_for(:user) - @controller.store_location_for(:user, "/foo.bar\">Carry") - assert_nil @controller.stored_location_for(:user) + test 'store bad location for does not store a location to redirect back to' do + bad_locations = [ + "/foo.bar\">Carry", # unparseable + "http://[invalid", # unparseable + "javascript:alert(1)", # opaque URI, no path + "mailto:foo@example.com", # opaque URI, no path + nil, + ] + + bad_locations.each do |location| + @controller.store_location_for(:user, location) + assert_nil @controller.stored_location_for(:user), + "expected bad location #{location.inspect} to not be stored" + end end test 'store location for accepts a resource as argument' do diff --git a/test/integration/timeoutable_test.rb b/test/integration/timeoutable_test.rb index 73c716e66..670ddbbe8 100644 --- a/test/integration/timeoutable_test.rb +++ b/test/integration/timeoutable_test.rb @@ -87,6 +87,26 @@ def last_request_at assert_equal edit_form_user_url(user), current_url end + test 'time out on non-GET request does not redirect to an external host supplied via the referer' do + user = sign_in_as_user + get expire_user_path(user) + + put update_form_user_path(user), headers: { 'HTTP_REFERER' => 'http://evil.example/phishing' } + + assert_response :redirect + assert_redirected_to '/phishing' + end + + test 'time out on non-GET request with an opaque referer falls back to the sign in page' do + user = sign_in_as_user + get expire_user_path(user) + + put update_form_user_path(user), headers: { 'HTTP_REFERER' => 'javascript:alert(1)' } + + assert_response :redirect + assert_redirected_to new_user_session_path + end + test 'time out is not triggered on sign out' do user = sign_in_as_user get expire_user_path(user) From 9ea459de9aec5f1217ad738c58e0d23fb9f5beaa Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Fri, 8 May 2026 11:32:37 -0300 Subject: [PATCH 296/299] Release v5.0.4 with sec fix for timeoutable --- CHANGELOG.md | 2 +- Gemfile.lock | 2 +- lib/devise/version.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d18649ce4..7ccb0882a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -### 5.0.4 - YYYY-MM-DD +### 5.0.4 - 2026-05-08 * security fixes * Fix open redirect in `FailureApp` via unvalidated `Referer` header on non-GET session timeout. CVE-2026-40295 [GHSA-jp94-3292-c3xv](https://github.com/heartcombo/devise/security/advisories/GHSA-jp94-3292-c3xv) diff --git a/Gemfile.lock b/Gemfile.lock index 305f561c1..a6fdb5a71 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ GIT PATH remote: . specs: - devise (5.0.3) + devise (5.0.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 7.0) diff --git a/lib/devise/version.rb b/lib/devise/version.rb index 6e2b6f02d..6576edddf 100644 --- a/lib/devise/version.rb +++ b/lib/devise/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "5.0.3".freeze + VERSION = "5.0.4".freeze end From 8213e2b6199b41af1071d7a857f0067169620a90 Mon Sep 17 00:00:00 2001 From: Adam Kirkland Date: Wed, 20 May 2026 15:54:11 +0900 Subject: [PATCH 297/299] Add controller_scopes mechanism for per-engine Devise sub-controllers Allows Devise to mount on multiple Rails engines within the same application by generating scope-specific controller sets (`::Devise::*Controller`) that inherit from each engine's own ApplicationController. This lets engine-specific helpers, callbacks, and concerns be available inside Devise actions. Usage: # config/initializers/devise.rb config.controller_scopes = [:table_solution, :table_check, :tc_server] For each scope listed, a controller set is generated at boot/reload: ::Devise::BaseController < ::ApplicationController ::Devise::SessionsController < ::Devise::BaseController ::Devise::PasswordsController < ::Devise::BaseController ::Devise::RegistrationsController < ::Devise::BaseController ::Devise::ConfirmationsController < ::Devise::BaseController ::Devise::UnlocksController < ::Devise::BaseController ::Devise::OmniauthCallbacksController < ::Devise::BaseController Action code is provided by `Devise::Mixins::*` modules included into both the generated subclasses and the original upstream controllers. The upstream `Devise::*Controller` classes are kept intact (now thin shims that include the mixin) so default callers that don't set `controller_scopes` continue to work unchanged and upstream releases merge with minimal conflict surface. Changes: - New: lib/devise/controllers/generator.rb - New: lib/devise/mixins/{base,session,password,registration, confirmation,unlock,omniauth_callback}.rb - lib/devise.rb: autoload Mixins, add `controller_scopes` mattr - lib/devise/controllers/helpers.rb: devise_controller? also recognises classes that include Devise::Mixins::Base - lib/devise/mailers/helpers.rb: prepend router_name into template path so engine-mounted scopes find their views - lib/devise/mapping.rb: default router_name to Devise.available_router_name - lib/devise/rails.rb: to_prepare hook drives the generator - app/controllers/devise/*_controller.rb: thinned to `include Devise::Mixins::*` (no behavior change for the default :devise scope) --- .../devise/confirmations_controller.rb | 51 +--- .../devise/omniauth_callbacks_controller.rb | 33 +-- .../devise/passwords_controller.rb | 85 +------ .../devise/registrations_controller.rb | 166 +------------- app/controllers/devise/sessions_controller.rb | 80 +------ app/controllers/devise/unlocks_controller.rb | 49 +--- lib/devise.rb | 18 ++ lib/devise/controllers/generator.rb | 98 ++++++++ lib/devise/controllers/helpers.rb | 2 +- lib/devise/mailers/helpers.rb | 1 + lib/devise/mapping.rb | 2 +- lib/devise/mixins/base.rb | 217 ++++++++++++++++++ lib/devise/mixins/confirmation.rb | 60 +++++ lib/devise/mixins/omniauth_callback.rb | 42 ++++ lib/devise/mixins/password.rb | 95 ++++++++ lib/devise/mixins/registration.rb | 175 ++++++++++++++ lib/devise/mixins/session.rb | 89 +++++++ lib/devise/mixins/unlock.rb | 57 +++++ lib/devise/rails.rb | 7 + 19 files changed, 867 insertions(+), 460 deletions(-) create mode 100644 lib/devise/controllers/generator.rb create mode 100644 lib/devise/mixins/base.rb create mode 100644 lib/devise/mixins/confirmation.rb create mode 100644 lib/devise/mixins/omniauth_callback.rb create mode 100644 lib/devise/mixins/password.rb create mode 100644 lib/devise/mixins/registration.rb create mode 100644 lib/devise/mixins/session.rb create mode 100644 lib/devise/mixins/unlock.rb diff --git a/app/controllers/devise/confirmations_controller.rb b/app/controllers/devise/confirmations_controller.rb index 39ff669be..df2321c62 100644 --- a/app/controllers/devise/confirmations_controller.rb +++ b/app/controllers/devise/confirmations_controller.rb @@ -1,54 +1,5 @@ # frozen_string_literal: true class Devise::ConfirmationsController < DeviseController - # GET /resource/confirmation/new - def new - self.resource = resource_class.new - end - - # POST /resource/confirmation - def create - self.resource = resource_class.send_confirmation_instructions(resource_params) - yield resource if block_given? - - if successfully_sent?(resource) - respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name)) - else - respond_with(resource) - end - end - - # GET /resource/confirmation?confirmation_token=abcdef - def show - self.resource = resource_class.confirm_by_token(params[:confirmation_token]) - yield resource if block_given? - - if resource.errors.empty? - set_flash_message!(:notice, :confirmed) - respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } - else - # TODO: use `error_status` when the default changes to `:unprocessable_entity` / `:unprocessable_content`. - respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } - end - end - - protected - - # The path used after resending confirmation instructions. - def after_resending_confirmation_instructions_path_for(resource_name) - is_navigational_format? ? new_session_path(resource_name) : '/' - end - - # The path used after confirmation. - def after_confirmation_path_for(resource_name, resource) - if signed_in?(resource_name) - signed_in_root_path(resource) - else - new_session_path(resource_name) - end - end - - def translation_scope - 'devise.confirmations' - end + include Devise::Mixins::Confirmation end diff --git a/app/controllers/devise/omniauth_callbacks_controller.rb b/app/controllers/devise/omniauth_callbacks_controller.rb index a9a2c30ea..0d768a98e 100644 --- a/app/controllers/devise/omniauth_callbacks_controller.rb +++ b/app/controllers/devise/omniauth_callbacks_controller.rb @@ -1,36 +1,5 @@ # frozen_string_literal: true class Devise::OmniauthCallbacksController < DeviseController - prepend_before_action { request.env["devise.skip_timeout"] = true } - - def passthru - render status: 404, plain: "Not found. Authentication passthru." - end - - def failure - set_flash_message! :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message - redirect_to after_omniauth_failure_path_for(resource_name) - end - - protected - - def failed_strategy - request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : request.env["omniauth.error.strategy"] - end - - def failure_message - exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : request.env["omniauth.error"] - error = exception.error_reason if exception.respond_to?(:error_reason) - error ||= exception.error if exception.respond_to?(:error) - error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : request.env["omniauth.error.type"]).to_s - error.to_s.humanize if error - end - - def after_omniauth_failure_path_for(scope) - new_session_path(scope) - end - - def translation_scope - 'devise.omniauth_callbacks' - end + include Devise::Mixins::OmniauthCallback end diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb index 68b8dc877..491a34a89 100644 --- a/app/controllers/devise/passwords_controller.rb +++ b/app/controllers/devise/passwords_controller.rb @@ -1,88 +1,5 @@ # frozen_string_literal: true class Devise::PasswordsController < DeviseController - prepend_before_action :require_no_authentication - # Render the #edit only if coming from a reset password email link - append_before_action :assert_reset_token_passed, only: :edit - - # GET /resource/password/new - def new - self.resource = resource_class.new - end - - # POST /resource/password - def create - self.resource = resource_class.send_reset_password_instructions(resource_params) - yield resource if block_given? - - if successfully_sent?(resource) - respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) - else - respond_with(resource) - end - end - - # GET /resource/password/edit?reset_password_token=abcdef - def edit - self.resource = resource_class.new - set_minimum_password_length - resource.reset_password_token = params[:reset_password_token] - end - - # PUT /resource/password - def update - self.resource = resource_class.reset_password_by_token(resource_params) - yield resource if block_given? - - if resource.errors.empty? - resource.unlock_access! if unlockable?(resource) - if sign_in_after_reset_password? - flash_message = resource.active_for_authentication? ? :updated : :updated_not_active - set_flash_message!(:notice, flash_message) - resource.after_database_authentication - sign_in(resource_name, resource) - else - set_flash_message!(:notice, :updated_not_active) - end - respond_with resource, location: after_resetting_password_path_for(resource) - else - set_minimum_password_length - respond_with resource - end - end - - protected - def after_resetting_password_path_for(resource) - sign_in_after_reset_password? ? after_sign_in_path_for(resource) : new_session_path(resource_name) - end - - # The path used after sending reset password instructions - def after_sending_reset_password_instructions_path_for(resource_name) - new_session_path(resource_name) if is_navigational_format? - end - - # Check if a reset_password_token is provided in the request - def assert_reset_token_passed - if params[:reset_password_token].blank? - set_flash_message(:alert, :no_token) - redirect_to new_session_path(resource_name) - end - end - - # Check if the user should be signed in automatically after resetting the password. - def sign_in_after_reset_password? - resource_class.sign_in_after_reset_password - end - - # Check if proper Lockable module methods are present & unlock strategy - # allows to unlock resource on password reset - def unlockable?(resource) - resource.respond_to?(:unlock_access!) && - resource.respond_to?(:unlock_strategy_enabled?) && - resource.unlock_strategy_enabled?(:email) - end - - def translation_scope - 'devise.passwords' - end + include Devise::Mixins::Password end diff --git a/app/controllers/devise/registrations_controller.rb b/app/controllers/devise/registrations_controller.rb index 79e2b0e81..aaf4308c2 100644 --- a/app/controllers/devise/registrations_controller.rb +++ b/app/controllers/devise/registrations_controller.rb @@ -1,169 +1,5 @@ # frozen_string_literal: true class Devise::RegistrationsController < DeviseController - prepend_before_action :require_no_authentication, only: [:new, :create, :cancel] - prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy] - prepend_before_action :set_minimum_password_length, only: [:new, :edit] - - # GET /resource/sign_up - def new - build_resource - yield resource if block_given? - respond_with resource - end - - # POST /resource - def create - build_resource(sign_up_params) - - resource.save - yield resource if block_given? - if resource.persisted? - if resource.active_for_authentication? - set_flash_message! :notice, :signed_up - sign_up(resource_name, resource) - respond_with resource, location: after_sign_up_path_for(resource) - else - set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}" - expire_data_after_sign_in! - respond_with resource, location: after_inactive_sign_up_path_for(resource) - end - else - clean_up_passwords resource - set_minimum_password_length - respond_with resource - end - end - - # GET /resource/edit - def edit - render :edit - end - - # PUT /resource - # We need to use a copy of the resource because we don't want to change - # the current user in place. - def update - self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) - prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) - - resource_updated = update_resource(resource, account_update_params) - yield resource if block_given? - if resource_updated - set_flash_message_for_update(resource, prev_unconfirmed_email) - bypass_sign_in resource, scope: resource_name if sign_in_after_change_password? - - respond_with resource, location: after_update_path_for(resource) - else - clean_up_passwords resource - set_minimum_password_length - respond_with resource - end - end - - # DELETE /resource - def destroy - resource.destroy - Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name) - set_flash_message! :notice, :destroyed - yield resource if block_given? - respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } - end - - # GET /resource/cancel - # Forces the session data which is usually expired after sign - # in to be expired now. This is useful if the user wants to - # cancel oauth signing in/up in the middle of the process, - # removing all OAuth session data. - def cancel - expire_data_after_sign_in! - redirect_to new_registration_path(resource_name) - end - - protected - - # By default we want to require a password checks on update. - # You can overwrite this method in your own RegistrationsController. - def update_resource(resource, params) - resource.update_with_password(params) - end - - # Build a devise resource passing in the session. Useful to move - # temporary session data to the newly created user. - def build_resource(hash = {}) - self.resource = resource_class.new_with_session(hash, session) - end - - # Signs in a user on sign up. You can overwrite this method in your own - # RegistrationsController. - def sign_up(resource_name, resource) - sign_in(resource_name, resource) - end - - # The path used after sign up. You need to overwrite this method - # in your own RegistrationsController. - def after_sign_up_path_for(resource) - after_sign_in_path_for(resource) if is_navigational_format? - end - - # The path used after sign up for inactive accounts. You need to overwrite - # this method in your own RegistrationsController. - def after_inactive_sign_up_path_for(resource) - scope = Devise::Mapping.find_scope!(resource) - router_name = Devise.mappings[scope].router_name - context = router_name ? send(router_name) : self - context.respond_to?(:root_path) ? context.root_path : "/" - end - - # The default url to be used after updating a resource. You need to overwrite - # this method in your own RegistrationsController. - def after_update_path_for(resource) - sign_in_after_change_password? ? signed_in_root_path(resource) : new_session_path(resource_name) - end - - # Authenticates the current scope and gets the current resource from the session. - def authenticate_scope! - send(:"authenticate_#{resource_name}!", force: true) - self.resource = send(:"current_#{resource_name}") - end - - # Check if the user should be signed in automatically after updating the password. - def sign_in_after_change_password? - return true if account_update_params[:password].blank? - - resource_class.sign_in_after_change_password - end - - def sign_up_params - devise_parameter_sanitizer.sanitize(:sign_up) - end - - def account_update_params - devise_parameter_sanitizer.sanitize(:account_update) - end - - def translation_scope - 'devise.registrations' - end - - private - - def set_flash_message_for_update(resource, prev_unconfirmed_email) - return unless is_flashing_format? - - flash_key = if update_needs_confirmation?(resource, prev_unconfirmed_email) - :update_needs_confirmation - elsif sign_in_after_change_password? - :updated - else - :updated_but_not_signed_in - end - set_flash_message :notice, flash_key - end - - def update_needs_confirmation?(resource, previous) - resource.respond_to?(:pending_reconfirmation?) && - resource.pending_reconfirmation? && - previous != resource.unconfirmed_email - end + include Devise::Mixins::Registration end diff --git a/app/controllers/devise/sessions_controller.rb b/app/controllers/devise/sessions_controller.rb index 41b74f39c..d197145cc 100644 --- a/app/controllers/devise/sessions_controller.rb +++ b/app/controllers/devise/sessions_controller.rb @@ -1,83 +1,5 @@ # frozen_string_literal: true class Devise::SessionsController < DeviseController - prepend_before_action :require_no_authentication, only: [:new, :create] - prepend_before_action :allow_params_authentication!, only: :create - prepend_before_action :verify_signed_out_user, only: :destroy - prepend_before_action(only: [:create, :destroy]) { request.env["devise.skip_timeout"] = true } - - # GET /resource/sign_in - def new - self.resource = resource_class.new(sign_in_params) - clean_up_passwords(resource) - yield resource if block_given? - respond_with(resource, serialize_options(resource)) - end - - # POST /resource/sign_in - def create - self.resource = warden.authenticate!(auth_options) - set_flash_message!(:notice, :signed_in) - sign_in(resource_name, resource) - yield resource if block_given? - respond_with resource, location: after_sign_in_path_for(resource) - end - - # DELETE /resource/sign_out - def destroy - signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) - set_flash_message! :notice, :signed_out if signed_out - yield if block_given? - respond_to_on_destroy(non_navigational_status: :no_content) - end - - protected - - def sign_in_params - devise_parameter_sanitizer.sanitize(:sign_in) - end - - def serialize_options(resource) - methods = resource_class.authentication_keys.dup - methods = methods.keys if methods.is_a?(Hash) - methods << :password if resource.respond_to?(:password) - { methods: methods, only: [:password] } - end - - def auth_options - { scope: resource_name, recall: "#{controller_path}#new", locale: I18n.locale } - end - - def translation_scope - 'devise.sessions' - end - - private - - # Check if there is no signed in user before doing the sign out. - # - # If there is no signed in user, it will set the flash message and redirect - # to the after_sign_out path. - def verify_signed_out_user - if all_signed_out? - set_flash_message! :notice, :already_signed_out - - respond_to_on_destroy(non_navigational_status: :unauthorized) - end - end - - def all_signed_out? - users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } - - users.all?(&:blank?) - end - - def respond_to_on_destroy(non_navigational_status: :no_content) - # We actually need to hardcode this as Rails default responder doesn't - # support returning empty response on GET request - respond_to do |format| - format.all { head non_navigational_status } - format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } - end - end + include Devise::Mixins::Session end diff --git a/app/controllers/devise/unlocks_controller.rb b/app/controllers/devise/unlocks_controller.rb index 8cff126c9..9e142ecc9 100644 --- a/app/controllers/devise/unlocks_controller.rb +++ b/app/controllers/devise/unlocks_controller.rb @@ -1,52 +1,5 @@ # frozen_string_literal: true class Devise::UnlocksController < DeviseController - prepend_before_action :require_no_authentication - - # GET /resource/unlock/new - def new - self.resource = resource_class.new - end - - # POST /resource/unlock - def create - self.resource = resource_class.send_unlock_instructions(resource_params) - yield resource if block_given? - - if successfully_sent?(resource) - respond_with({}, location: after_sending_unlock_instructions_path_for(resource)) - else - respond_with(resource) - end - end - - # GET /resource/unlock?unlock_token=abcdef - def show - self.resource = resource_class.unlock_access_by_token(params[:unlock_token]) - yield resource if block_given? - - if resource.errors.empty? - set_flash_message! :notice, :unlocked - respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } - else - # TODO: use `error_status` when the default changes to `:unprocessable_entity` / `:unprocessable_content`. - respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } - end - end - - protected - - # The path used after sending unlock password instructions - def after_sending_unlock_instructions_path_for(resource) - new_session_path(resource) if is_navigational_format? - end - - # The path used after unlocking the resource - def after_unlock_path_for(resource) - new_session_path(resource) if is_navigational_format? - end - - def translation_scope - 'devise.unlocks' - end + include Devise::Mixins::Unlock end diff --git a/lib/devise.rb b/lib/devise.rb index 8e0c85e77..0904778fd 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -20,6 +20,7 @@ module Devise autoload :TokenGenerator, 'devise/token_generator' module Controllers + autoload :Generator, 'devise/controllers/generator' autoload :Helpers, 'devise/controllers/helpers' autoload :Rememberable, 'devise/controllers/rememberable' autoload :Responder, 'devise/controllers/responder' @@ -37,6 +38,16 @@ module Mailers autoload :Helpers, 'devise/mailers/helpers' end + module Mixins + autoload :Base, 'devise/mixins/base' + autoload :Confirmation, 'devise/mixins/confirmation' + autoload :OmniauthCallback, 'devise/mixins/omniauth_callback' + autoload :Password, 'devise/mixins/password' + autoload :Registration, 'devise/mixins/registration' + autoload :Session, 'devise/mixins/session' + autoload :Unlock, 'devise/mixins/unlock' + end + module Strategies autoload :Base, 'devise/strategies/base' autoload :Authenticatable, 'devise/strategies/authenticatable' @@ -308,6 +319,13 @@ def self.mappings mattr_accessor :token_generator @@token_generator = nil + # If within the same application, Devise is to be mounted on different engines. + # Each scope listed here will get a generated `::Devise::*Controller` + # set inheriting from `::ApplicationController`, allowing per-engine + # helpers/callbacks/concerns to be available to Devise actions. + mattr_accessor :controller_scopes + @@controller_scopes = [:devise] + # When set to false, changing a password does not automatically sign in a user mattr_accessor :sign_in_after_change_password @@sign_in_after_change_password = true diff --git a/lib/devise/controllers/generator.rb b/lib/devise/controllers/generator.rb new file mode 100644 index 000000000..4f08698eb --- /dev/null +++ b/lib/devise/controllers/generator.rb @@ -0,0 +1,98 @@ +module Devise + module Controllers + class Generator + + AVAILABLE_CONTROLLERS = [:confirmation, :omniauth_callback, :password, :registration, :session, :unlock] + + attr_reader :scope, :controllers + + def initialize(scope = :devise, *controllers) + @scope = scope.to_sym + @parent = parent_controller + @controllers = only_available(controllers) + end + + def generate + base_controller + controllers.each do |controller| + devise_module_controller(controller) + end + end + + class << self + def generate(scope = :devise, *controllers) + new(scope, *controllers).generate + end + end + + private + + def only_available(args) + return AVAILABLE_CONTROLLERS if args.blank? or args == [:all] + AVAILABLE_CONTROLLERS & Array(args) + end + + def base_controller_name + if scope == :devise + "Devise::BaseController" + else + "#{scope.to_s.classify}::Devise::BaseController" + end + end + + def parent_controller + if scope == :devise + Devise.parent_controller.to_s + else + "#{scope.to_s.classify}::ApplicationController" + end.constantize + end + + def controller_name(option) + "#{option.to_s.classify.pluralize}Controller" + end + + def root_module + scope.to_s.classify.constantize + rescue StandardError + Object.const_set(scope.to_s.classify, Module.new) + end + + def scoped_module + (scope == :devise) ? root_module : "#{root_module}::Devise".constantize + rescue StandardError + root_module.const_set(:Devise, Module.new) + end + + def set_devise_router + @parent.class_variable_set('@@devise_controller_scope', scope) + @parent.class_eval do + before_action ->{ Devise.router_name = self.class.class_variable_get('@@devise_controller_scope') } + end + end + + def base_controller + set_devise_router + klass = find_or_create_class(:BaseController) + klass.send(:include, Devise::Mixins::Base) + end + + def devise_module_controller(controller) + name = controller_name(controller).to_sym + mixin = Devise::Mixins.const_get(controller.to_s.classify) + klass = find_or_create_class(name, base_controller_name) + klass.send(:include, mixin) + end + + def find_or_create_class(name, parent_name = nil) + parent = (parent_name || @parent).to_s.constantize + + if scoped_module.constants.include?(name) + scoped_module.const_get(name) + else + scoped_module.const_set(name, Class.new(parent)) + end + end + end + end +end diff --git a/lib/devise/controllers/helpers.rb b/lib/devise/controllers/helpers.rb index 68e8e8d1d..62d2631d1 100644 --- a/lib/devise/controllers/helpers.rb +++ b/lib/devise/controllers/helpers.rb @@ -151,7 +151,7 @@ def warden # # before_action :my_filter, unless: :devise_controller? def devise_controller? - is_a?(::DeviseController) + is_a?(::DeviseController) || self.class.included_modules.include?(::Devise::Mixins::Base) end # Set up a param sanitizer to filter parameters using strong_parameters. See diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 29a491970..85fc59716 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -57,6 +57,7 @@ def mailer_sender(mapping) def template_paths template_path = _prefixes.dup + template_path.unshift "#{@devise_mapping.router_name}/devise/mailer" if @devise_mapping.router_name template_path.unshift "#{@devise_mapping.scoped_path}/mailer" if self.class.scoped_views? template_path end diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 8b1f94ced..07d525b5d 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -64,7 +64,7 @@ def initialize(name, options) #:nodoc: @sign_out_via = options[:sign_out_via] || Devise.sign_out_via @format = options[:format] - @router_name = options[:router_name] + @router_name = options[:router_name] || Devise.available_router_name default_failure_app(options) default_controllers(options) diff --git a/lib/devise/mixins/base.rb b/lib/devise/mixins/base.rb new file mode 100644 index 000000000..7eb39dcbc --- /dev/null +++ b/lib/devise/mixins/base.rb @@ -0,0 +1,217 @@ +module Devise + module Mixins + module Base + extend ActiveSupport::Concern + + included do + include Devise::Controllers::ScopedViews + + if respond_to?(:helper) + helper DeviseHelper + end + + if respond_to?(:helper_method) + helpers = %w(resource scope_name resource_name signed_in_resource + resource_class resource_params devise_mapping) + helper_method(*helpers) + end + + prepend_before_action :assert_is_devise_resource! + respond_to :html if mimes_for_respond_to.empty? + + # Override prefixes to consider the scoped view. + # Notice we need to check for the request due to a bug in + # Action Controller tests that forces _prefixes to be + # loaded before even having a request object. + # + # This method should be public as it is in ActionPack + # itself. Changing its visibility may break other gems. + def _prefixes #:nodoc: + @_prefixes ||= if self.class.scoped_views? && request && devise_mapping + ["#{devise_mapping.scoped_path}/#{controller_name}"] + super + else + super + end + end + + protected + + # Gets the actual resource stored in the instance variable + def resource + instance_variable_get(:"@#{resource_name}") + end + + # Proxy to devise map name + def resource_name + devise_mapping.name + end + alias :scope_name :resource_name + + # Proxy to devise map class + def resource_class + devise_mapping.to + end + + # Returns a signed in resource from session (if one exists) + def signed_in_resource + warden.authenticate(scope: resource_name) + end + + # Attempt to find the mapped route for devise based on request path + def devise_mapping + @devise_mapping ||= request.env["devise.mapping"] + end + + # Checks whether it's a devise mapped resource or not. + def assert_is_devise_resource! #:nodoc: + unknown_action! <<-MESSAGE unless devise_mapping + Could not find devise mapping for path #{request.fullpath.inspect}. + This may happen for two reasons: + + 1) You forgot to wrap your route inside the scope block. For example: + + devise_scope :user do + get "/some/route" => "some_devise_controller" + end + + 2) You are testing a Devise controller bypassing the router. + If so, you can explicitly tell Devise which mapping to use: + + @request.env["devise.mapping"] = Devise.mappings[:user] + + MESSAGE + end + + # Returns real navigational formats which are supported by Rails + def navigational_formats + @navigational_formats ||= Devise.navigational_formats.select { |format| Mime::EXTENSION_LOOKUP[format.to_s] } + end + + def unknown_action!(msg) + logger.debug "[Devise] #{msg}" if logger + raise AbstractController::ActionNotFound, msg + end + + # Sets the resource creating an instance variable + def resource=(new_resource) + instance_variable_set(:"@#{resource_name}", new_resource) + end + + # Helper for use in before_actions where no authentication is required. + # + # Example: + # before_action :require_no_authentication, only: :new + def require_no_authentication + assert_is_devise_resource! + return unless is_navigational_format? + no_input = devise_mapping.no_input_strategies + + authenticated = if no_input.present? + args = no_input.dup.push scope: resource_name + warden.authenticate?(*args) + else + warden.authenticated?(resource_name) + end + + if authenticated && resource = warden.user(resource_name) + flash[:alert] = I18n.t("devise.failure.already_authenticated") + redirect_to after_sign_in_path_for(resource) + end + end + + # Helper for use after calling send_*_instructions methods on a resource. + # If we are in paranoid mode, we always act as if the resource was valid + # and instructions were sent. + def successfully_sent?(resource) + notice = if Devise.paranoid + resource.errors.clear + :send_paranoid_instructions + elsif resource.errors.empty? + :send_instructions + end + + if notice + set_flash_message! :notice, notice + true + end + end + + # Sets the flash message with :key, using I18n. By default you are able + # to set up your messages using specific resource scope, and if no message is + # found we look to the default scope. Set the "now" options key to a true + # value to populate the flash.now hash in lieu of the default flash hash (so + # the flash message will be available to the current action instead of the + # next action). + # Example (i18n locale file): + # + # en: + # devise: + # passwords: + # #default_scope_messages - only if resource_scope is not found + # user: + # #resource_scope_messages + # + # Please refer to README or en.yml locale file to check what messages are + # available. + def set_flash_message(key, kind, options = {}) + message = find_message(kind, options) + if options[:now] + flash.now[key] = message if message.present? + else + flash[key] = message if message.present? + end + end + + # Sets flash message if is_flashing_format? equals true + def set_flash_message!(key, kind, options = {}) + if is_flashing_format? + set_flash_message(key, kind, options) + end + end + + # Sets minimum password length to show to user + def set_minimum_password_length + if devise_mapping.validatable? + @minimum_password_length = resource_class.password_length.min + end + end + + def devise_i18n_options(options) + options + end + + # Get message for given + def find_message(kind, options = {}) + options[:scope] ||= translation_scope + options[:default] = Array(options[:default]).unshift(kind.to_sym) + options[:resource_name] = resource_name + options = devise_i18n_options(options) + I18n.t("#{options[:resource_name]}.#{kind}", **options) + end + + # Controllers inheriting DeviseController are advised to override this + # method so that other controllers inheriting from them would use + # existing translations. + def translation_scope + "devise.#{controller_name}" + end + + def clean_up_passwords(object) + object.clean_up_passwords if object.respond_to?(:clean_up_passwords) + end + + def respond_with_navigational(*args, &block) + respond_with(*args) do |format| + format.any(*navigational_formats, &block) + end + end + + def resource_params + params.fetch(resource_name, {}) + end + + ActiveSupport.run_load_hooks(:devise_controller, self) + end + end + end +end diff --git a/lib/devise/mixins/confirmation.rb b/lib/devise/mixins/confirmation.rb new file mode 100644 index 000000000..b7959ace7 --- /dev/null +++ b/lib/devise/mixins/confirmation.rb @@ -0,0 +1,60 @@ +module Devise + module Mixins + module Confirmation + extend ActiveSupport::Concern + + included do + # GET /resource/confirmation/new + def new + self.resource = resource_class.new + end + + # POST /resource/confirmation + def create + self.resource = resource_class.send_confirmation_instructions(resource_params) + yield resource if block_given? + + if successfully_sent?(resource) + respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name)) + else + respond_with(resource) + end + end + + # GET /resource/confirmation?confirmation_token=abcdef + def show + self.resource = resource_class.confirm_by_token(params[:confirmation_token]) + yield resource if block_given? + + if resource.errors.empty? + set_flash_message!(:notice, :confirmed) + respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) } + else + # TODO: use `error_status` when the default changes to `:unprocessable_entity`. + respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } + end + end + + protected + + # The path used after resending confirmation instructions. + def after_resending_confirmation_instructions_path_for(resource_name) + is_navigational_format? ? new_session_path(resource_name) : '/' + end + + # The path used after confirmation. + def after_confirmation_path_for(resource_name, resource) + if signed_in?(resource_name) + signed_in_root_path(resource) + else + new_session_path(resource_name) + end + end + + def translation_scope + 'devise.confirmations' + end + end + end + end +end diff --git a/lib/devise/mixins/omniauth_callback.rb b/lib/devise/mixins/omniauth_callback.rb new file mode 100644 index 000000000..087922d46 --- /dev/null +++ b/lib/devise/mixins/omniauth_callback.rb @@ -0,0 +1,42 @@ +module Devise + module Mixins + module OmniauthCallback + extend ActiveSupport::Concern + + included do + prepend_before_action { request.env["devise.skip_timeout"] = true } + + def passthru + render status: 404, plain: "Not found. Authentication passthru." + end + + def failure + set_flash_message! :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message + redirect_to after_omniauth_failure_path_for(resource_name) + end + + protected + + def failed_strategy + request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : request.env["omniauth.error.strategy"] + end + + def failure_message + exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : request.env["omniauth.error"] + error = exception.error_reason if exception.respond_to?(:error_reason) + error ||= exception.error if exception.respond_to?(:error) + error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : request.env["omniauth.error.type"]).to_s + error.to_s.humanize if error + end + + def after_omniauth_failure_path_for(scope) + new_session_path(scope) + end + + def translation_scope + 'devise.omniauth_callbacks' + end + end + end + end +end diff --git a/lib/devise/mixins/password.rb b/lib/devise/mixins/password.rb new file mode 100644 index 000000000..34972a0e3 --- /dev/null +++ b/lib/devise/mixins/password.rb @@ -0,0 +1,95 @@ +module Devise + module Mixins + module Password + extend ActiveSupport::Concern + + included do + prepend_before_action :require_no_authentication + # Render the #edit only if coming from a reset password email link + append_before_action :assert_reset_token_passed, only: :edit + + # GET /resource/password/new + def new + self.resource = resource_class.new + end + + # POST /resource/password + def create + self.resource = resource_class.send_reset_password_instructions(resource_params) + yield resource if block_given? + + if successfully_sent?(resource) + respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name)) + else + respond_with(resource) + end + end + + # GET /resource/password/edit?reset_password_token=abcdef + def edit + self.resource = resource_class.new + set_minimum_password_length + resource.reset_password_token = params[:reset_password_token] + end + + # PUT /resource/password + def update + self.resource = resource_class.reset_password_by_token(resource_params) + yield resource if block_given? + + if resource.errors.empty? + resource.unlock_access! if unlockable?(resource) + if sign_in_after_reset_password? + flash_message = resource.active_for_authentication? ? :updated : :updated_not_active + set_flash_message!(:notice, flash_message) + resource.after_database_authentication + sign_in(resource_name, resource) + else + set_flash_message!(:notice, :updated_not_active) + end + respond_with resource, location: after_resetting_password_path_for(resource) + else + set_minimum_password_length + respond_with resource + end + end + + protected + + def after_resetting_password_path_for(resource) + sign_in_after_reset_password? ? after_sign_in_path_for(resource) : new_session_path(resource_name) + end + + # The path used after sending reset password instructions + def after_sending_reset_password_instructions_path_for(resource_name) + new_session_path(resource_name) if is_navigational_format? + end + + # Check if a reset_password_token is provided in the request + def assert_reset_token_passed + if params[:reset_password_token].blank? + set_flash_message(:alert, :no_token) + redirect_to new_session_path(resource_name) + end + end + + # Check if the user should be signed in automatically after resetting the password. + def sign_in_after_reset_password? + resource_class.sign_in_after_reset_password + end + + # Check if proper Lockable module methods are present & unlock strategy + # allows to unlock resource on password reset + def unlockable?(resource) + resource.respond_to?(:unlock_access!) && + resource.respond_to?(:unlock_strategy_enabled?) && + resource.unlock_strategy_enabled?(:email) + end + + def translation_scope + 'devise.passwords' + end + end + end + end +end diff --git a/lib/devise/mixins/registration.rb b/lib/devise/mixins/registration.rb new file mode 100644 index 000000000..2accbfd56 --- /dev/null +++ b/lib/devise/mixins/registration.rb @@ -0,0 +1,175 @@ +module Devise + module Mixins + module Registration + extend ActiveSupport::Concern + + included do + prepend_before_action :require_no_authentication, only: [:new, :create, :cancel] + prepend_before_action :authenticate_scope!, only: [:edit, :update, :destroy] + prepend_before_action :set_minimum_password_length, only: [:new, :edit] + + # GET /resource/sign_up + def new + build_resource + yield resource if block_given? + respond_with resource + end + + # POST /resource + def create + build_resource(sign_up_params) + + resource.save + yield resource if block_given? + if resource.persisted? + if resource.active_for_authentication? + set_flash_message! :notice, :signed_up + sign_up(resource_name, resource) + respond_with resource, location: after_sign_up_path_for(resource) + else + set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}" + expire_data_after_sign_in! + respond_with resource, location: after_inactive_sign_up_path_for(resource) + end + else + clean_up_passwords resource + set_minimum_password_length + respond_with resource + end + end + + # GET /resource/edit + def edit + render :edit + end + + # PUT /resource + # We need to use a copy of the resource because we don't want to change + # the current user in place. + def update + self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key) + prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email) + + resource_updated = update_resource(resource, account_update_params) + yield resource if block_given? + if resource_updated + set_flash_message_for_update(resource, prev_unconfirmed_email) + bypass_sign_in resource, scope: resource_name if sign_in_after_change_password? + + respond_with resource, location: after_update_path_for(resource) + else + clean_up_passwords resource + set_minimum_password_length + respond_with resource + end + end + + # DELETE /resource + def destroy + resource.destroy + Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name) + set_flash_message! :notice, :destroyed + yield resource if block_given? + respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } + end + + # GET /resource/cancel + # Forces the session data which is usually expired after sign + # in to be expired now. This is useful if the user wants to + # cancel oauth signing in/up in the middle of the process, + # removing all OAuth session data. + def cancel + expire_data_after_sign_in! + redirect_to new_registration_path(resource_name) + end + + protected + + def update_needs_confirmation?(resource, previous) + resource.respond_to?(:pending_reconfirmation?) && + resource.pending_reconfirmation? && + previous != resource.unconfirmed_email + end + + # By default we want to require a password checks on update. + # You can overwrite this method in your own RegistrationsController. + def update_resource(resource, params) + resource.update_with_password(params) + end + + # Build a devise resource passing in the session. Useful to move + # temporary session data to the newly created user. + def build_resource(hash = {}) + self.resource = resource_class.new_with_session(hash, session) + end + + # Signs in a user on sign up. You can overwrite this method in your own + # RegistrationsController. + def sign_up(resource_name, resource) + sign_in(resource_name, resource) + end + + # The path used after sign up. You need to overwrite this method + # in your own RegistrationsController. + def after_sign_up_path_for(resource) + after_sign_in_path_for(resource) if is_navigational_format? + end + + # The path used after sign up for inactive accounts. You need to overwrite + # this method in your own RegistrationsController. + def after_inactive_sign_up_path_for(resource) + scope = Devise::Mapping.find_scope!(resource) + router_name = Devise.mappings[scope].router_name + context = router_name ? send(router_name) : self + context.respond_to?(:root_path) ? context.root_path : "/" + end + + # The default url to be used after updating a resource. You need to overwrite + # this method in your own RegistrationsController. + def after_update_path_for(resource) + sign_in_after_change_password? ? signed_in_root_path(resource) : new_session_path(resource_name) + end + + # Authenticates the current scope and gets the current resource from the session. + def authenticate_scope! + send(:"authenticate_#{resource_name}!", force: true) + self.resource = send(:"current_#{resource_name}") + end + + def sign_up_params + devise_parameter_sanitizer.sanitize(:sign_up) + end + + def account_update_params + devise_parameter_sanitizer.sanitize(:account_update) + end + + def translation_scope + 'devise.registrations' + end + + private + + def set_flash_message_for_update(resource, prev_unconfirmed_email) + return unless is_flashing_format? + + flash_key = if update_needs_confirmation?(resource, prev_unconfirmed_email) + :update_needs_confirmation + elsif sign_in_after_change_password? + :updated + else + :updated_but_not_signed_in + end + set_flash_message :notice, flash_key + end + + # Check if the user should be signed in automatically after updating the password. + def sign_in_after_change_password? + return true if account_update_params[:password].blank? + + resource_class.sign_in_after_change_password + end + end + end + end +end diff --git a/lib/devise/mixins/session.rb b/lib/devise/mixins/session.rb new file mode 100644 index 000000000..48a9d9faa --- /dev/null +++ b/lib/devise/mixins/session.rb @@ -0,0 +1,89 @@ +module Devise + module Mixins + module Session + extend ActiveSupport::Concern + + included do + prepend_before_action :require_no_authentication, only: [:new, :create] + prepend_before_action :allow_params_authentication!, only: :create + prepend_before_action :verify_signed_out_user, only: :destroy + prepend_before_action(only: [:create, :destroy]) { request.env["devise.skip_timeout"] = true } + + # GET /resource/sign_in + def new + self.resource = resource_class.new(sign_in_params) + clean_up_passwords(resource) + yield resource if block_given? + respond_with(resource, serialize_options(resource)) + end + + # POST /resource/sign_in + def create + self.resource = warden.authenticate!(auth_options) + set_flash_message!(:notice, :signed_in) + sign_in(resource_name, resource) + yield resource if block_given? + respond_with resource, location: after_sign_in_path_for(resource) + end + + # DELETE /resource/sign_out + def destroy + signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)) + set_flash_message! :notice, :signed_out if signed_out + yield if block_given? + respond_to_on_destroy(non_navigational_status: :no_content) + end + + protected + + def sign_in_params + devise_parameter_sanitizer.sanitize(:sign_in) + end + + def serialize_options(resource) + methods = resource_class.authentication_keys.dup + methods = methods.keys if methods.is_a?(Hash) + methods << :password if resource.respond_to?(:password) + { methods: methods, only: [:password] } + end + + def auth_options + { scope: resource_name, recall: "#{controller_path}#new", locale: I18n.locale } + end + + def translation_scope + 'devise.sessions' + end + + private + + # Check if there is no signed in user before doing the sign out. + # + # If there is no signed in user, it will set the flash message and redirect + # to the after_sign_out path. + def verify_signed_out_user + if all_signed_out? + set_flash_message! :notice, :already_signed_out + + respond_to_on_destroy(non_navigational_status: :unauthorized) + end + end + + def all_signed_out? + users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) } + + users.all?(&:blank?) + end + + def respond_to_on_destroy(non_navigational_status: :no_content) + # We actually need to hardcode this as Rails default responder doesn't + # support returning empty response on GET request + respond_to do |format| + format.all { head non_navigational_status } + format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name), status: Devise.responder.redirect_status } + end + end + end + end + end +end diff --git a/lib/devise/mixins/unlock.rb b/lib/devise/mixins/unlock.rb new file mode 100644 index 000000000..7449b406b --- /dev/null +++ b/lib/devise/mixins/unlock.rb @@ -0,0 +1,57 @@ +module Devise + module Mixins + module Unlock + extend ActiveSupport::Concern + + included do + prepend_before_action :require_no_authentication + + # GET /resource/unlock/new + def new + self.resource = resource_class.new + end + + # POST /resource/unlock + def create + self.resource = resource_class.send_unlock_instructions(resource_params) + yield resource if block_given? + + if successfully_sent?(resource) + respond_with({}, location: after_sending_unlock_instructions_path_for(resource)) + else + respond_with(resource) + end + end + + # GET /resource/unlock?unlock_token=abcdef + def show + self.resource = resource_class.unlock_access_by_token(params[:unlock_token]) + yield resource if block_given? + + if resource.errors.empty? + set_flash_message! :notice, :unlocked + respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) } + else + respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new } + end + end + + protected + + # The path used after sending unlock password instructions + def after_sending_unlock_instructions_path_for(resource) + new_session_path(resource) if is_navigational_format? + end + + # The path used after unlocking the resource + def after_unlock_path_for(resource) + new_session_path(resource) if is_navigational_format? + end + + def translation_scope + 'devise.unlocks' + end + end + end + end +end diff --git a/lib/devise/rails.rb b/lib/devise/rails.rb index b5738853f..be28938a3 100644 --- a/lib/devise/rails.rb +++ b/lib/devise/rails.rb @@ -21,6 +21,13 @@ class Engine < ::Rails::Engine app.deprecators[:devise] = Devise.deprecator if app.respond_to?(:deprecators) end + # Generate the Devise's Controllers (per request for development & once for production) for all the specified controller_scopes. + config.to_prepare do + Devise.controller_scopes.each do |scope| + Devise::Controllers::Generator.generate scope + end + end + initializer "devise.url_helpers" do Devise.include_helpers(Devise::Controllers) end From 2fb8dccd94054921f3e6136e4ba72a2ca0e4f870 Mon Sep 17 00:00:00 2001 From: Adam Kirkland Date: Wed, 20 May 2026 16:39:11 +0900 Subject: [PATCH 298/299] Drop unused mailer/mapping patches; document generator invariant. --- lib/devise/controllers/generator.rb | 31 +++++++++++++++++++++++++++++ lib/devise/mailers/helpers.rb | 1 - lib/devise/mapping.rb | 2 +- 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/lib/devise/controllers/generator.rb b/lib/devise/controllers/generator.rb index 4f08698eb..9358b23a5 100644 --- a/lib/devise/controllers/generator.rb +++ b/lib/devise/controllers/generator.rb @@ -1,5 +1,36 @@ module Devise module Controllers + # Generates per-scope Devise controllers at boot for each scope in + # `Devise.controller_scopes` (configured per application). + # + # For a scope `:my_scope`, this creates the constants + # MyScope::Devise::BaseController < MyScope::ApplicationController + # MyScope::Devise::SessionsController < MyScope::Devise::BaseController + # ... (and Passwords/Registrations/Confirmations/Unlocks/OmniauthCallbacks) + # + # Devise behavior is injected by including the corresponding `Devise::Mixins::*` + # module into each generated class. The mixin pattern exists because Ruby has + # single inheritance: each generated controller must inherit from the host + # engine's `ApplicationController` (so it picks up the engine's layout, helpers, + # before_actions, etc.), so Devise's per-controller logic cannot also live in + # the parent class — it has to be a module. + # + # IMPORTANT — lexical constant resolution: + # Engine controllers in the host app write + # module MyScope + # class SessionsController < Devise::SessionsController + # ... + # end + # end + # Ruby's lexical lookup finds `Devise` in the enclosing `MyScope` module + # first, so the bare reference `Devise::SessionsController` resolves to + # `MyScope::Devise::SessionsController` (this generator's output), NOT + # to the gem's top-level `Devise::SessionsController`. That is what makes the + # engine controller inherit from the engine's `ApplicationController` chain. + # + # Do not "simplify" by dropping the mixin pattern or this generator — the + # engine controllers depend on the lexical-resolution trick to inherit from + # `::ApplicationController` instead of the gem's `DeviseController`. class Generator AVAILABLE_CONTROLLERS = [:confirmation, :omniauth_callback, :password, :registration, :session, :unlock] diff --git a/lib/devise/mailers/helpers.rb b/lib/devise/mailers/helpers.rb index 85fc59716..29a491970 100644 --- a/lib/devise/mailers/helpers.rb +++ b/lib/devise/mailers/helpers.rb @@ -57,7 +57,6 @@ def mailer_sender(mapping) def template_paths template_path = _prefixes.dup - template_path.unshift "#{@devise_mapping.router_name}/devise/mailer" if @devise_mapping.router_name template_path.unshift "#{@devise_mapping.scoped_path}/mailer" if self.class.scoped_views? template_path end diff --git a/lib/devise/mapping.rb b/lib/devise/mapping.rb index 07d525b5d..8b1f94ced 100644 --- a/lib/devise/mapping.rb +++ b/lib/devise/mapping.rb @@ -64,7 +64,7 @@ def initialize(name, options) #:nodoc: @sign_out_via = options[:sign_out_via] || Devise.sign_out_via @format = options[:format] - @router_name = options[:router_name] || Devise.available_router_name + @router_name = options[:router_name] default_failure_app(options) default_controllers(options) From f4b052a42d157507c0a47fdf0b92b0ac38eaffdd Mon Sep 17 00:00:00 2001 From: Adam Kirkland Date: Wed, 20 May 2026 18:57:05 +0900 Subject: [PATCH 299/299] Fix Rails 8.1 lazy-routes regression and OmniAuth constant resolution. --- lib/devise/controllers/generator.rb | 6 ++++++ lib/devise/mixins/omniauth_callback.rb | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/devise/controllers/generator.rb b/lib/devise/controllers/generator.rb index 9358b23a5..ccae6f6af 100644 --- a/lib/devise/controllers/generator.rb +++ b/lib/devise/controllers/generator.rb @@ -96,6 +96,12 @@ def scoped_module end def set_devise_router + # The default :devise scope's routes live in the host app's main router, + # so Devise.router_name must stay nil (→ Devise.available_router_name == :main_app). + # Setting it to :devise would route URL helpers through `view.devise`, which + # only exists if something is literally `mount`ed `as: :devise`. + return if scope == :devise + @parent.class_variable_set('@@devise_controller_scope', scope) @parent.class_eval do before_action ->{ Devise.router_name = self.class.class_variable_get('@@devise_controller_scope') } diff --git a/lib/devise/mixins/omniauth_callback.rb b/lib/devise/mixins/omniauth_callback.rb index 087922d46..94b5a375c 100644 --- a/lib/devise/mixins/omniauth_callback.rb +++ b/lib/devise/mixins/omniauth_callback.rb @@ -11,7 +11,7 @@ def passthru end def failure - set_flash_message! :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message + set_flash_message! :alert, :failure, kind: ::OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message redirect_to after_omniauth_failure_path_for(resource_name) end