From 2abd054b0c3c3f1116840cf51444fc63e49057f6 Mon Sep 17 00:00:00 2001
From: Nihad Abbasov <narkoz.2008@gmail.com>
Date: Thu, 5 Jul 2012 23:50:24 -0700
Subject: [PATCH 1/2] update devise

---
 Gemfile                                       |  2 +-
 Gemfile.lock                                  | 13 +++---
 app/controllers/application_controller.rb     |  2 +-
 ...vise.html.haml => devise_layout.html.haml} |  0
 config/initializers/devise.rb                 |  8 +---
 config/locales/devise.en.yml                  |  8 ++--
 .../20110913200833_devise_create_users.rb     | 46 +++++++++++++++----
 7 files changed, 51 insertions(+), 28 deletions(-)
 rename app/views/layouts/{devise.html.haml => devise_layout.html.haml} (100%)

diff --git a/Gemfile b/Gemfile
index bf2320a8..c89d2443 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,7 +7,7 @@ gem "sqlite3"
 gem "mysql2"
 
 # Auth
-gem "devise", "~> 1.5"
+gem "devise", "~> 2.1.0"
 
 # GITLAB patched libs
 gem "grit",          :git => "https://github.com/gitlabhq/grit.git",            :ref => "7f35cb98ff17d534a07e3ce6ec3d580f67402837"
diff --git a/Gemfile.lock b/Gemfile.lock
index e6a488f2..e4c06fed 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -148,10 +148,11 @@ GEM
       nokogiri (>= 1.5.0)
     daemons (1.1.8)
     database_cleaner (0.8.0)
-    devise (1.5.3)
+    devise (2.1.2)
       bcrypt-ruby (~> 3.0)
-      orm_adapter (~> 0.0.3)
-      warden (~> 1.1)
+      orm_adapter (~> 0.1)
+      railties (~> 3.1)
+      warden (~> 1.2.1)
     diff-lcs (1.1.3)
     drapper (0.8.4)
     email_spec (1.2.1)
@@ -225,7 +226,7 @@ GEM
     omniauth (1.1.0)
       hashie (~> 1.2)
       rack
-    orm_adapter (0.0.7)
+    orm_adapter (0.3.0)
     polyglot (0.3.3)
     posix-spawn (0.3.6)
     pry (0.9.9.6)
@@ -356,7 +357,7 @@ GEM
       raindrops (~> 0.7)
     vegas (0.1.11)
       rack (>= 1.0.0)
-    warden (1.2.0)
+    warden (1.2.1)
       rack (>= 1.0)
     webmock (1.8.7)
       addressable (>= 2.2.7)
@@ -383,7 +384,7 @@ DEPENDENCIES
   colored
   cucumber-rails
   database_cleaner
-  devise (~> 1.5)
+  devise (~> 2.1.0)
   drapper
   email_spec
   ffaker
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9a0f95bf..3265046d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -52,7 +52,7 @@ class ApplicationController < ActionController::Base
 
   def layout_by_resource
     if devise_controller?
-      "devise"
+      "devise_layout"
     else
       "application"
     end
diff --git a/app/views/layouts/devise.html.haml b/app/views/layouts/devise_layout.html.haml
similarity index 100%
rename from app/views/layouts/devise.html.haml
rename to app/views/layouts/devise_layout.html.haml
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index cb1ae0ac..a778be5f 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -93,10 +93,6 @@ Devise.setup do |config|
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
-  # If true, uses the password salt as remember token. This should be turned
-  # to false if you are not using database authenticatable.
-  config.use_salt_as_remember_token = true
-
   # Options to be passed to the created cookie. For instance, you can set
   # :secure => true in order to force SSL only cookies.
   # config.cookie_options = {}
@@ -160,9 +156,9 @@ Devise.setup do |config|
   # Defines name of the authentication token params key
   config.token_authentication_key = :private_token
 
-  # If true, authentication through token does not store user in session and needs
+  # Authentication through token does not store user in session and needs
   # to be supplied on each request. Useful if you are using the token as API token.
-  config.stateless_token = true
+  config.skip_session_storage << :token_auth
 
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for
diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml
index b1826351..a78cb6b6 100644
--- a/config/locales/devise.en.yml
+++ b/config/locales/devise.en.yml
@@ -35,13 +35,11 @@ en:
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
       signed_up: 'Welcome! You have signed up successfully.'
-      inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
-      reasons:
-        inactive: 'inactive'
-        unconfirmed: 'unconfirmed'
-        locked: 'locked'
+      signed_up_but_unconfirmed: 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
+      signed_up_but_inactive: 'You have signed up successfully. However, we could not sign you in because your account is not yet activated.'
+      signed_up_but_locked: 'You have signed up successfully. However, we could not sign you in because your account is locked.'
     unlocks:
       send_instructions: 'You will receive an email with instructions about how to unlock your account in a few minutes.'
       unlocked: 'Your account was successfully unlocked. You are now signed in.'
diff --git a/db/migrate/20110913200833_devise_create_users.rb b/db/migrate/20110913200833_devise_create_users.rb
index 01869a9e..b76edbee 100644
--- a/db/migrate/20110913200833_devise_create_users.rb
+++ b/db/migrate/20110913200833_devise_create_users.rb
@@ -1,15 +1,43 @@
 class DeviseCreateUsers < ActiveRecord::Migration
   def self.up
     create_table(:users) do |t|
-      t.database_authenticatable :null => false
-      t.recoverable
-      t.rememberable
-      t.trackable
+      ## Database authenticatable
+      t.string :email,              :null => false, :default => ""
+      t.string :encrypted_password, :null => false, :default => ""
 
-      # t.encryptable
-      # t.confirmable
-      # t.lockable :lock_strategy => :failed_attempts, :unlock_strategy => :both
-      # t.token_authenticatable
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer  :sign_in_count, :default => 0
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      ## Encryptable
+      # t.string :password_salt
+
+      ## Confirmable
+      # t.string   :confirmation_token
+      # t.datetime :confirmed_at
+      # t.datetime :confirmation_sent_at
+      # t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      # t.integer  :failed_attempts, :default => 0 # Only if lock strategy is :failed_attempts
+      # t.string   :unlock_token # Only if unlock strategy is :email or :both
+      # t.datetime :locked_at
+
+      # Token authenticatable
+      # t.string :authentication_token
+
+      ## Invitable
+      # t.string :invitation_token
 
       t.timestamps
     end
@@ -18,7 +46,7 @@ class DeviseCreateUsers < ActiveRecord::Migration
     add_index :users, :reset_password_token, :unique => true
     # add_index :users, :confirmation_token,   :unique => true
     # add_index :users, :unlock_token,         :unique => true
-    # add_index :users, :authentication_token, :unique => true
+    add_index :users, :authentication_token, :unique => true
   end
 
   def self.down

From 6533711825c3f197470be041b95e2885bae50bc5 Mon Sep 17 00:00:00 2001
From: Nihad Abbasov <narkoz.2008@gmail.com>
Date: Fri, 6 Jul 2012 00:05:31 -0700
Subject: [PATCH 2/2] enable lockable strategy for users

---
 app/models/user.rb                                 | 4 ++--
 config/initializers/devise.rb                      | 8 ++++----
 db/migrate/20120706065612_add_lockable_to_users.rb | 6 ++++++
 db/schema.rb                                       | 4 +++-
 4 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 db/migrate/20120706065612_add_lockable_to_users.rb

diff --git a/app/models/user.rb b/app/models/user.rb
index ccb1dddf..eaae6708 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,11 +1,11 @@
 class User < ActiveRecord::Base
   include Account
 
-  devise :database_authenticatable, :token_authenticatable,
+  devise :database_authenticatable, :token_authenticatable, :lockable,
          :recoverable, :rememberable, :trackable, :validatable, :omniauthable
 
   attr_accessible :email, :password, :password_confirmation, :remember_me, :bio,
-                  :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme, 
+                  :name, :projects_limit, :skype, :linkedin, :twitter, :dark_scheme,
                   :theme_id, :force_random_password
 
   attr_accessor :force_random_password
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index a778be5f..54011ba5 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -115,7 +115,7 @@ Devise.setup do |config|
   # Defines which strategy will be used to lock an account.
   # :failed_attempts = Locks an account after a number of failed attempts to sign in.
   # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
+  config.lock_strategy = :failed_attempts
 
   # Defines which key will be used when locking and unlocking an account
   # config.unlock_keys = [ :email ]
@@ -125,14 +125,14 @@ Devise.setup do |config|
   # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
   # :both  = Enables both strategies
   # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
+  config.unlock_strategy = :time
 
   # Number of authentication tries before locking an account if lock_strategy
   # is failed attempts.
-  # config.maximum_attempts = 20
+  config.maximum_attempts = 10
 
   # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
+  config.unlock_in = 10.minutes
 
   # ==> Configuration for :recoverable
   #
diff --git a/db/migrate/20120706065612_add_lockable_to_users.rb b/db/migrate/20120706065612_add_lockable_to_users.rb
new file mode 100644
index 00000000..cf86e660
--- /dev/null
+++ b/db/migrate/20120706065612_add_lockable_to_users.rb
@@ -0,0 +1,6 @@
+class AddLockableToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :failed_attempts, :integer, :default => 0
+    add_column :users, :locked_at, :datetime
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index f2bb1693..f40ee260 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20120627145613) do
+ActiveRecord::Schema.define(:version => 20120706065612) do
 
   create_table "events", :force => true do |t|
     t.string   "target_type"
@@ -169,6 +169,8 @@ ActiveRecord::Schema.define(:version => 20120627145613) do
     t.integer  "theme_id",                              :default => 1,     :null => false
     t.string   "bio"
     t.boolean  "blocked",                               :default => false, :null => false
+    t.integer  "failed_attempts",                       :default => 0
+    t.datetime "locked_at"
   end
 
   add_index "users", ["email"], :name => "index_users_on_email", :unique => true