diff --git a/Gemfile b/Gemfile index bf2320a8..c89d2443 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ gem "sqlite3" gem "mysql2" # Auth -gem "devise", "~> 1.5" +gem "devise", "~> 2.1.0" # GITLAB patched libs gem "grit", :git => "https://github.com/gitlabhq/grit.git", :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837" diff --git a/Gemfile.lock b/Gemfile.lock index e6a488f2..e4c06fed 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -148,10 +148,11 @@ GEM nokogiri (>= 1.5.0) daemons (1.1.8) database_cleaner (0.8.0) - devise (1.5.3) + devise (2.1.2) bcrypt-ruby (~> 3.0) - orm_adapter (~> 0.0.3) - warden (~> 1.1) + orm_adapter (~> 0.1) + railties (~> 3.1) + warden (~> 1.2.1) diff-lcs (1.1.3) drapper (0.8.4) email_spec (1.2.1) @@ -225,7 +226,7 @@ GEM omniauth (1.1.0) hashie (~> 1.2) rack - orm_adapter (0.0.7) + orm_adapter (0.3.0) polyglot (0.3.3) posix-spawn (0.3.6) pry (0.9.9.6) @@ -356,7 +357,7 @@ GEM raindrops (~> 0.7) vegas (0.1.11) rack (>= 1.0.0) - warden (1.2.0) + warden (1.2.1) rack (>= 1.0) webmock (1.8.7) addressable (>= 2.2.7) @@ -383,7 +384,7 @@ DEPENDENCIES colored cucumber-rails database_cleaner - devise (~> 1.5) + devise (~> 2.1.0) drapper email_spec ffaker diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 9a0f95bf..3265046d 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -52,7 +52,7 @@ class ApplicationController < ActionController::Base def layout_by_resource if devise_controller? - "devise" + "devise_layout" else "application" end diff --git a/app/models/user.rb b/app/models/user.rb index 4ead60a9..b87e149c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,11 +1,11 @@ class User < ActiveRecord::Base include Account - devise :database_authenticatable, :token_authenticatable, + devise :database_authenticatable, :token_authenticatable, :lockable, :recoverable, :rememberable, :trackable, :validatable, :omniauthable attr_accessible :email, :password, :password_confirmation, :remember_me, :bio, - :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, + :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, :theme_id, :force_random_password attr_accessor :force_random_password diff --git a/app/views/layouts/devise.html.haml b/app/views/layouts/devise_layout.html.haml similarity index 100% rename from app/views/layouts/devise.html.haml rename to app/views/layouts/devise_layout.html.haml diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index cb1ae0ac..54011ba5 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -93,10 +93,6 @@ Devise.setup do |config| # If true, extends the user's remember period when remembered via cookie. # config.extend_remember_period = false - # If true, uses the password salt as remember token. This should be turned - # to false if you are not using database authenticatable. - config.use_salt_as_remember_token = true - # Options to be passed to the created cookie. For instance, you can set # :secure => true in order to force SSL only cookies. # config.cookie_options = {} @@ -119,7 +115,7 @@ Devise.setup do |config| # Defines which strategy will be used to lock an account. # :failed_attempts = Locks an account after a number of failed attempts to sign in. # :none = No lock strategy. You should handle locking by yourself. - # config.lock_strategy = :failed_attempts + config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account # config.unlock_keys = [ :email ] @@ -129,14 +125,14 @@ Devise.setup do |config| # :time = Re-enables login after a certain amount of time (see :unlock_in below) # :both = Enables both strategies # :none = No unlock strategy. You should handle unlocking by yourself. - # config.unlock_strategy = :both + config.unlock_strategy = :time # Number of authentication tries before locking an account if lock_strategy # is failed attempts. - # config.maximum_attempts = 20 + config.maximum_attempts = 10 # Time interval to unlock the account if :time is enabled as unlock_strategy. - # config.unlock_in = 1.hour + config.unlock_in = 10.minutes # ==> Configuration for :recoverable # @@ -160,9 +156,9 @@ Devise.setup do |config| # Defines name of the authentication token params key config.token_authentication_key = :private_token - # If true, authentication through token does not store user in session and needs + # Authentication through token does not store user in session and needs # to be supplied on each request. Useful if you are using the token as API token. - config.stateless_token = true + config.skip_session_storage << :token_auth # ==> Scopes configuration # Turn scoped views on. Before rendering "sessions/new", it will first check for diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index b1826351..a78cb6b6 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -35,13 +35,11 @@ en: confirmed: 'Your account was successfully confirmed. You are now signed in.' registrations: signed_up: 'Welcome! You have signed up successfully.' - inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.' updated: 'You updated your account successfully.' destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.' - reasons: - inactive: 'inactive' - unconfirmed: 'unconfirmed' - locked: 'locked' + signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.' + signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.' + signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.' unlocks: send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.' unlocked: 'Your account was successfully unlocked. You are now signed in.' diff --git a/db/migrate/20110913200833_devise_create_users.rb b/db/migrate/20110913200833_devise_create_users.rb index 01869a9e..b76edbee 100644 --- a/db/migrate/20110913200833_devise_create_users.rb +++ b/db/migrate/20110913200833_devise_create_users.rb @@ -1,15 +1,43 @@ class DeviseCreateUsers < ActiveRecord::Migration def self.up create_table(:users) do |t| - t.database_authenticatable :null => false - t.recoverable - t.rememberable - t.trackable + ## Database authenticatable + t.string :email, :null => false, :default => "" + t.string :encrypted_password, :null => false, :default => "" - # t.encryptable - # t.confirmable - # t.lockable :lock_strategy => :failed_attempts, :unlock_strategy => :both - # t.token_authenticatable + ## Recoverable + t.string :reset_password_token + t.datetime :reset_password_sent_at + + ## Rememberable + t.datetime :remember_created_at + + ## Trackable + t.integer :sign_in_count, :default => 0 + t.datetime :current_sign_in_at + t.datetime :last_sign_in_at + t.string :current_sign_in_ip + t.string :last_sign_in_ip + + ## Encryptable + # t.string :password_salt + + ## Confirmable + # t.string :confirmation_token + # t.datetime :confirmed_at + # t.datetime :confirmation_sent_at + # t.string :unconfirmed_email # Only if using reconfirmable + + ## Lockable + # t.integer :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts + # t.string :unlock_token # Only if unlock strategy is :email or :both + # t.datetime :locked_at + + # Token authenticatable + # t.string :authentication_token + + ## Invitable + # t.string :invitation_token t.timestamps end @@ -18,7 +46,7 @@ class DeviseCreateUsers < ActiveRecord::Migration add_index :users, :reset_password_token, :unique => true # add_index :users, :confirmation_token, :unique => true # add_index :users, :unlock_token, :unique => true - # add_index :users, :authentication_token, :unique => true + add_index :users, :authentication_token, :unique => true end def self.down diff --git a/db/migrate/20120706065612_add_lockable_to_users.rb b/db/migrate/20120706065612_add_lockable_to_users.rb new file mode 100644 index 00000000..cf86e660 --- /dev/null +++ b/db/migrate/20120706065612_add_lockable_to_users.rb @@ -0,0 +1,6 @@ +class AddLockableToUsers < ActiveRecord::Migration + def change + add_column :users, :failed_attempts, :integer, :default => 0 + add_column :users, :locked_at, :datetime + end +end diff --git a/db/schema.rb b/db/schema.rb index f2bb1693..f40ee260 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20120627145613) do +ActiveRecord::Schema.define(:version => 20120706065612) do create_table "events", :force => true do |t| t.string "target_type" @@ -169,6 +169,8 @@ ActiveRecord::Schema.define(:version => 20120627145613) do t.integer "theme_id", :default => 1, :null => false t.string "bio" t.boolean "blocked", :default => false, :null => false + t.integer "failed_attempts", :default => 0 + t.datetime "locked_at" end add_index "users", ["email"], :name => "index_users_on_email", :unique => true