diff --git a/Gemfile b/Gemfile index 6ae43f25d..acb0928ce 100644 --- a/Gemfile +++ b/Gemfile @@ -10,7 +10,7 @@ gem 'railties', RAILS_VERSION gem 'actionmailer_inline_css' gem 'decent_exposure' -gem 'devise', '~> 3.5.5' +gem 'devise', '~> 4.4.0' gem 'dotenv-rails' gem 'draper' gem 'errbit_plugin' diff --git a/Gemfile.lock b/Gemfile.lock index 938f85a4b..b94ed0874 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -98,12 +98,11 @@ GEM debug_inspector (0.0.2) decent_exposure (3.0.2) activesupport (>= 4.0) - devise (3.5.10) + devise (4.4.0) bcrypt (~> 3.0) orm_adapter (~> 0.1) - railties (>= 3.2.6, < 5) + railties (>= 4.1.0, < 5.2) responders - thread_safe (~> 0.1) warden (~> 1.2.3) diff-lcs (1.3) docile (1.1.5) @@ -446,7 +445,7 @@ DEPENDENCIES capybara coveralls decent_exposure - devise (~> 3.5.5) + devise (~> 4.4.0) dotenv-rails draper email_spec diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml index 60d78149e..4de68247b 100644 --- a/app/views/devise/sessions/new.html.haml +++ b/app/views/devise/sessions/new.html.haml @@ -5,9 +5,9 @@ - content_for :action_bar do %div.action-bar - if Errbit::Config.github_authentication - %span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_omniauth_authorize_path(:github) + %span.github= link_to "Sign in with #{Errbit::Config.github_site_title}", user_github_omniauth_authorize_path - if Errbit::Config.google_authentication - %span.google= link_to "Sign in with #{Errbit::Config.google_site_title}", user_omniauth_authorize_path(:google_oauth2) + %span.google= link_to "Sign in with #{Errbit::Config.google_site_title}", user_google_oauth2_omniauth_authorize_path = form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| .required diff --git a/app/views/shared/_link_github_account.html.haml b/app/views/shared/_link_github_account.html.haml index c689cf374..fd8bb38b2 100644 --- a/app/views/shared/_link_github_account.html.haml +++ b/app/views/shared/_link_github_account.html.haml @@ -2,4 +2,4 @@ - if user.github_account? %span.github= link_to "Unlink #{Errbit::Config.github_site_title} account", unlink_github_user_path(user), :method => :delete, :data => { :confirm => "Are you sure?" } - else - %span.github= link_to "Link #{Errbit::Config.github_site_title} account", user_omniauth_authorize_path(:github) + %span.github= link_to "Link #{Errbit::Config.github_site_title} account", user_github_omniauth_authorize_path diff --git a/app/views/shared/_link_google_account.html.haml b/app/views/shared/_link_google_account.html.haml index 24415a7d4..971d4525f 100644 --- a/app/views/shared/_link_google_account.html.haml +++ b/app/views/shared/_link_google_account.html.haml @@ -2,4 +2,4 @@ - if user.google_account? %span.google= link_to "Unlink #{Errbit::Config.google_site_title} account", unlink_google_user_path, method: :delete, data: { confirm: 'Are you sure?' } - else - %span.google= link_to "Link #{Errbit::Config.google_site_title} account", user_omniauth_authorize_path(:google_oauth2) + %span.google= link_to "Link #{Errbit::Config.google_site_title} account", user_google_oauth2_omniauth_authorize_path diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 7af8103ce..004816601 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -1,10 +1,14 @@ +# frozen_string_literal: true + # Use this hook to configure devise mailer, warden hooks and so forth. # Many of these configuration options can be set straight in your model. Devise.setup do |config| # The secret key used by Devise. Devise uses this key to generate # random tokens. Changing this key will render invalid all existing # confirmation, reset password and unlock tokens in the database. - # config.secret_key = '2970917daf24e79762e7f370c2121b17417d729bdc587874c769b298a580824ff79b4cfd8ad6f3da94c6bbd1d5e12b483dbd2fd78b343777adc1fd15692dbcb2' + # Devise will use the `secret_key_base` as its `secret_key` + # by default. You can change it below and use your own secret key. + # config.secret_key = 'af6696b9c6d6e06a49eaf5aa9bee53425587a825c4bda9cae0fd1b494daf52dc75dff57e0dbed67fe99a87684d87f87cc0ab75b93ee9308f4ad08a425ddb3cd7' # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, @@ -15,6 +19,9 @@ # Configure the class responsible to send e-mails. # config.mailer = 'Devise::Mailer' + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + # ==> ORM configuration # Load and configure the ORM. Supports :active_record (default) and # :mongoid (bson_ext recommended) by default. Other ORMs may be @@ -85,19 +92,31 @@ # from the server. You can disable this option at your own risk. # config.clean_up_csrf_token_on_authentication = true + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. + # config.reload_routes = true + # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 10. If - # using other encryptors, it sets how many times you want the password re-encrypted. + # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # using other algorithms, it sets how many times you want the password to be hashed. # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use # a value less than 10 in other environments. Note that, for bcrypt (the default - # encryptor), the cost increases exponentially with the number of stretches (e.g. + # algorithm), the cost increases exponentially with the number of stretches (e.g. # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 10 + config.stretches = Rails.env.test? ? 1 : 11 + + # Set up a pepper to generate the hashed password. + # config.pepper = 'b4ea5c51c5d1b3dfd9601cdfc6ef6f281744d90fac9e68a8247fc732bad2113b8074fd45da01dbc910392a66fcf9d2bb3374c2ae3f8192108496392b94fdfeb7' - # Setup a pepper to generate the encrypted password. - config.pepper = '425f10f555c1a4718aff3370ef9dd2d97a21622beb0400fde6b52177375ddcbe37a2dac6af9bca835c988e00c32887ee940ba111a78eab48234d8799936d36b9' + # Send a notification to the original email when the user's email is changed. + # config.send_email_changed_notification = false + + # Send a notification email when the user's password is changed. + # config.send_password_change_notification = false # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without @@ -122,7 +141,7 @@ config.reconfirmable = true # Defines which key will be used when confirming an account - # config.confirmation_keys = [ :email ] + # config.confirmation_keys = [:email] # ==> Configuration for :rememberable # The time the user will be remembered without asking for credentials again. @@ -140,7 +159,7 @@ # ==> Configuration for :validatable # Range for password length. - config.password_length = 6..1024 + config.password_length = 6..128 # Email regex used to validate email formats. It simply asserts that # one (and only one) @ exists in the given string. This is mainly @@ -153,9 +172,6 @@ # time the user will be asked for credentials again. Default is 30 minutes. # config.timeout_in = 30.minutes - # If true, expires auth token on session timeout. - # config.expire_auth_token_on_timeout = false - # ==> Configuration for :lockable # Defines which strategy will be used to lock an account. # :failed_attempts = Locks an account after a number of failed attempts to sign in. @@ -163,7 +179,7 @@ # config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account - # config.unlock_keys = [ :email ] + # config.unlock_keys = [:email] # Defines which strategy will be used to unlock an account. # :email = Sends an unlock link to the user email @@ -185,19 +201,23 @@ # ==> Configuration for :recoverable # # Defines which key will be used when recovering the password for an account - # config.reset_password_keys = [ :email ] + # config.reset_password_keys = [:email] # Time interval you can reset your password with a reset password key. # Don't put a too small interval or your users won't have the time to # change their passwords. config.reset_password_within = 6.hours + # When set to false, does not sign a user in automatically after their password is + # reset. Defaults to true, so a user is signed in automatically after a reset. + # config.sign_in_after_reset_password = true + # ==> Configuration for :encryptable - # Allow you to use another encryption algorithm besides bcrypt (default). You can use - # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, - # :authlogic_sha512 (then you should set stretches above to 20 for default behavior) - # and :restful_authentication_sha1 (then you should set stretches to 10, and copy - # REST_AUTH_SITE_KEY to pepper). + # Allow you to use another hashing or encryption algorithm besides bcrypt (default). + # You can use :sha1, :sha512 or algorithms from others authentication tools as + # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20 + # for default behavior) and :restful_authentication_sha1 (then you should set + # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). # # Require the `devise-encryptable` gem when using anything other than bcrypt # config.encryptor = :sha512 @@ -282,7 +302,7 @@ # The router that invoked `devise_for`, in the example above, would be: # config.router_name = :my_engine # - # When using omniauth, Devise cannot automatically set Omniauth path, + # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index 523d48778..84abe77d1 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -1,43 +1,67 @@ -en: - errors: - messages: - not_found: "not found" - already_confirmed: "was already confirmed" - not_locked: "was not locked" +# Additional translations at https://github.com/plataformatec/devise/wiki/I18n +en: devise: + confirmations: + confirmed: "Your email address has been successfully confirmed." + send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." failure: - unauthenticated: 'You need to sign in before continuing.' - unconfirmed: 'You have to confirm your account before continuing.' - locked: 'Your account is locked.' - invalid: 'Invalid login details.' + already_authenticated: "You are already signed in." + inactive: "Your account is not activated yet." + invalid: "Invalid %{authentication_keys} or password." + locked: "Your account is locked." + last_attempt: "You have one more attempt before your account is locked." + not_found_in_database: "Invalid %{authentication_keys} or password." + timeout: "Your session expired. Please sign in again to continue." + unauthenticated: "You need to sign in or sign up before continuing." + unconfirmed: "You have to confirm your email address before continuing." user: - email_invalid: 'Invalid email or password.' + email_invalid: "Invalid Email or password." username_invalid: 'Invalid username or password.' - invalid_token: 'Invalid authentication token.' - timeout: 'Your session expired, please sign in again to continue.' - inactive: 'Your account was not activated yet.' - sessions: - signed_in: 'Signed in successfully.' - signed_out: 'Signed out successfully.' - passwords: - send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.' - updated: 'Your password was changed successfully. You are now signed in.' - confirmations: - send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.' - confirmed: 'Your account was successfully confirmed. You are now signed in.' - registrations: - signed_up: 'You have signed up successfully. If enabled, a confirmation was sent to your e-mail.' - updated: 'You updated your account successfully.' - destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.' - unlocks: - send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.' - unlocked: 'Your account was successfully unlocked. You are now signed in.' mailer: confirmation_instructions: - subject: 'Confirmation instructions' + subject: "Confirmation instructions" reset_password_instructions: - subject: 'Reset password instructions' + subject: "Reset password instructions" unlock_instructions: - subject: 'Unlock Instructions' - + subject: "Unlock instructions" + email_changed: + subject: "Email Changed" + password_change: + subject: "Password Changed" + omniauth_callbacks: + failure: "Could not authenticate you from %{kind} because \"%{reason}\"." + success: "Successfully authenticated from %{kind} account." + passwords: + no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." + updated: "Your password has been changed successfully. You are now signed in." + updated_not_active: "Your password has been changed successfully." + registrations: + destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." + signed_up: "Welcome! You have signed up successfully." + signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." + signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + updated: "Your account has been updated successfully." + sessions: + signed_in: "Signed in successfully." + signed_out: "Signed out successfully." + already_signed_out: "Signed out successfully." + unlocks: + send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." + unlocked: "Your account has been unlocked successfully. Please sign in to continue." + errors: + messages: + already_confirmed: "was already confirmed, please try signing in" + confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" + expired: "has expired, please request a new one" + not_found: "not found" + not_locked: "was not locked" + not_saved: + one: "1 error prohibited this %{resource} from being saved:" + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 0653eaa4d..551d455db 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -38,7 +38,7 @@ ActionMailer::Base.delivery_method = :test RSpec.configure do |config| - config.include Devise::TestHelpers, type: :controller + config.include Devise::Test::ControllerHelpers, type: :controller config.include Mongoid::Matchers, type: :model config.alias_example_to :fit, focused: true