diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-07-11 00:26:22 +0400 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-07-11 00:26:22 +0400 |
commit | 6bc32fe4fd157f2e84c12e7846feeac190fb8499 (patch) | |
tree | b3bd041f7e6e2165dab14d35736f2237b9b8a373 | |
parent | 7a914e5a8fb5af088afe598d1ceb38d145280700 (diff) | |
parent | 60cc1d8e92ad7d2be9f452cbbce8b583bc87056f (diff) |
Merge branch 'upgrade_devise' into 'master'
Upgrade devise from 3.0.4 to 3.2.4
See merge request !960
-rw-r--r-- | Gemfile | 4 | ||||
-rw-r--r-- | Gemfile.lock | 15 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 23 | ||||
-rw-r--r-- | app/controllers/registrations_controller.rb | 4 | ||||
-rw-r--r-- | app/models/concerns/token_authenticatable.rb | 31 | ||||
-rw-r--r-- | app/models/user.rb | 3 | ||||
-rw-r--r-- | app/views/devise/mailer/confirmation_instructions.html.erb | 2 | ||||
-rw-r--r-- | app/views/devise/mailer/reset_password_instructions.html.erb | 2 | ||||
-rw-r--r-- | app/views/devise/mailer/unlock_instructions.html.erb | 2 | ||||
-rw-r--r-- | config/initializers/devise.rb | 4 | ||||
-rw-r--r-- | config/locales/devise.en.yml | 3 |
11 files changed, 74 insertions, 19 deletions
@@ -21,8 +21,8 @@ gem "mysql2", group: :mysql gem "pg", group: :postgres # Auth -gem "devise", '3.0.4' -gem "devise-async", '0.8.0' +gem "devise", '3.2.4' +gem "devise-async", '0.9.0' gem 'omniauth', "~> 1.1.3" gem 'omniauth-google-oauth2' gem 'omniauth-twitter' diff --git a/Gemfile.lock b/Gemfile.lock index d5898dbdf6f..97d3d8bab64 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -40,7 +40,7 @@ GEM axiom-types (0.0.5) descendants_tracker (~> 0.0.1) ice_nine (~> 0.9) - bcrypt-ruby (3.1.2) + bcrypt (3.1.7) better_errors (1.0.1) coderay (>= 1.0.0) erubis (>= 2.6.6) @@ -94,13 +94,14 @@ GEM default_value_for (3.0.0) activerecord (>= 3.2.0, < 5.0) descendants_tracker (0.0.3) - devise (3.0.4) - bcrypt-ruby (~> 3.0) + devise (3.2.4) + bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) + thread_safe (~> 0.1) warden (~> 1.2.3) - devise-async (0.8.0) - devise (>= 2.2, < 3.2) + devise-async (0.9.0) + devise (~> 3.2) diff-lcs (1.2.5) diffy (3.0.3) docile (1.1.1) @@ -584,8 +585,8 @@ DEPENDENCIES d3_rails (~> 3.1.4) database_cleaner default_value_for (~> 3.0.0) - devise (= 3.0.4) - devise-async (= 0.8.0) + devise (= 3.2.4) + devise-async (= 0.9.0) diffy (~> 3.0.3) dropzonejs-rails email_spec diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d58890fa33b..1feeb601d36 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,7 @@ require 'gon' class ApplicationController < ActionController::Base + before_filter :authenticate_user_from_token! before_filter :authenticate_user! before_filter :reject_blocked! before_filter :check_password_expiration @@ -28,6 +29,25 @@ class ApplicationController < ActionController::Base protected + # From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example + # https://gist.github.com/josevalim/fb706b1e933ef01e4fb6 + def authenticate_user_from_token! + user_token = if params[:authenticity_token].presence + params[:authenticity_token].presence + elsif params[:private_token].presence + params[:private_token].presence + end + user = user_token && User.find_by_authentication_token(user_token.to_s) + + if user + # Notice we are passing store false, so the user is not + # actually stored in the session and a token is needed + # for every request. If you want the token to work as a + # sign in token, you can simply remove store: false. + sign_in user, store: false + end + end + def log_exception(exception) application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace application_trace.map!{ |t| " #{t}\n" } @@ -226,8 +246,7 @@ class ApplicationController < ActionController::Base end def configure_permitted_parameters - devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) } - devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :name, :password, :password_confirmation) } + devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) } end def hexdigest(string) diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index 8dd1642c1d9..9e70978992f 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -28,4 +28,8 @@ class RegistrationsController < Devise::RegistrationsController def signup_enabled? redirect_to new_user_session_path unless Gitlab.config.gitlab.signup_enabled end + + def sign_up_params + params.require(:user).permit(:username, :email, :name, :password, :password_confirmation) + end end diff --git a/app/models/concerns/token_authenticatable.rb b/app/models/concerns/token_authenticatable.rb new file mode 100644 index 00000000000..9b88ec1cc38 --- /dev/null +++ b/app/models/concerns/token_authenticatable.rb @@ -0,0 +1,31 @@ +module TokenAuthenticatable + extend ActiveSupport::Concern + + module ClassMethods + def find_by_authentication_token(authentication_token = nil) + if authentication_token + where(authentication_token: authentication_token).first + end + end + end + + def ensure_authentication_token + if authentication_token.blank? + self.authentication_token = generate_authentication_token + end + end + + def reset_authentication_token! + self.authentication_token = generate_authentication_token + save + end + + private + + def generate_authentication_token + loop do + token = Devise.friendly_token + break token unless self.class.unscoped.where(authentication_token: token).first + end + end +end diff --git a/app/models/user.rb b/app/models/user.rb index 6d7350881df..19104336598 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -52,6 +52,7 @@ require 'file_size_validator' class User < ActiveRecord::Base include Gitlab::ConfigHelper extend Gitlab::ConfigHelper + include TokenAuthenticatable default_value_for :admin, false default_value_for :can_create_group, gitlab_config.default_can_create_group @@ -60,7 +61,7 @@ class User < ActiveRecord::Base default_value_for :projects_limit, gitlab_config.default_projects_limit default_value_for :theme_id, gitlab_config.default_theme - devise :database_authenticatable, :token_authenticatable, :lockable, :async, + devise :database_authenticatable, :lockable, :async, :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable attr_accessor :force_random_password diff --git a/app/views/devise/mailer/confirmation_instructions.html.erb b/app/views/devise/mailer/confirmation_instructions.html.erb index 553d08369e9..cb1291cf3bf 100644 --- a/app/views/devise/mailer/confirmation_instructions.html.erb +++ b/app/views/devise/mailer/confirmation_instructions.html.erb @@ -6,4 +6,4 @@ <p>You can confirm your account through the link below:</p> <% end %> -<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @resource.confirmation_token) %></p> +<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p> diff --git a/app/views/devise/mailer/reset_password_instructions.html.erb b/app/views/devise/mailer/reset_password_instructions.html.erb index e1144e943b4..7913e88beb6 100644 --- a/app/views/devise/mailer/reset_password_instructions.html.erb +++ b/app/views/devise/mailer/reset_password_instructions.html.erb @@ -2,7 +2,7 @@ <p>Someone has requested a link to change your password, and you can do this through the link below.</p> -<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @resource.reset_password_token) %></p> +<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p> <p>If you didn't request this, please ignore this email.</p> <p>Your password won't change until you access the link above and create a new one.</p> diff --git a/app/views/devise/mailer/unlock_instructions.html.erb b/app/views/devise/mailer/unlock_instructions.html.erb index 0429883f05b..8c2a4f0c2d9 100644 --- a/app/views/devise/mailer/unlock_instructions.html.erb +++ b/app/views/devise/mailer/unlock_instructions.html.erb @@ -4,4 +4,4 @@ <p>Click the link below to unlock your account:</p> -<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @resource.unlock_token) %></p> +<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p> diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 50669ece7a8..34f4f386988 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -155,10 +155,6 @@ Devise.setup do |config| # REST_AUTH_SITE_KEY to pepper) # config.encryptor = :sha512 - # ==> Configuration for :token_authenticatable - # Defines name of the authentication token params key - config.token_authentication_key = :private_token - # Authentication through token does not store user in session and needs # to be supplied on each request. Useful if you are using the token as API token. config.skip_session_storage << :token_auth diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index 275273a0b12..1cbcde5b3da 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -25,6 +25,9 @@ en: sessions: signed_in: 'Signed in successfully.' signed_out: 'Signed out successfully.' + users_sessions: + user: + signed_in: 'Signed in successfully.' passwords: send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.' updated: 'Your password was changed successfully. You are now signed in.' |