Commit 6bc32fe4 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'upgrade_devise' into 'master'

Upgrade devise from 3.0.4 to 3.2.4

See merge request !960
parents 7a914e5a 60cc1d8e
......@@ -21,8 +21,8 @@ gem "mysql2", group: :mysql
gem "pg", group: :postgres
# Auth
gem "devise", '3.0.4'
gem "devise-async", '0.8.0'
gem "devise", '3.2.4'
gem "devise-async", '0.9.0'
gem 'omniauth', "~> 1.1.3"
gem 'omniauth-google-oauth2'
gem 'omniauth-twitter'
......
......@@ -40,7 +40,7 @@ GEM
axiom-types (0.0.5)
descendants_tracker (~> 0.0.1)
ice_nine (~> 0.9)
bcrypt-ruby (3.1.2)
bcrypt (3.1.7)
better_errors (1.0.1)
coderay (>= 1.0.0)
erubis (>= 2.6.6)
......@@ -94,13 +94,14 @@ GEM
default_value_for (3.0.0)
activerecord (>= 3.2.0, < 5.0)
descendants_tracker (0.0.3)
devise (3.0.4)
bcrypt-ruby (~> 3.0)
devise (3.2.4)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
thread_safe (~> 0.1)
warden (~> 1.2.3)
devise-async (0.8.0)
devise (>= 2.2, < 3.2)
devise-async (0.9.0)
devise (~> 3.2)
diff-lcs (1.2.5)
diffy (3.0.3)
docile (1.1.1)
......@@ -584,8 +585,8 @@ DEPENDENCIES
d3_rails (~> 3.1.4)
database_cleaner
default_value_for (~> 3.0.0)
devise (= 3.0.4)
devise-async (= 0.8.0)
devise (= 3.2.4)
devise-async (= 0.9.0)
diffy (~> 3.0.3)
dropzonejs-rails
email_spec
......
require 'gon'
class ApplicationController < ActionController::Base
before_filter :authenticate_user_from_token!
before_filter :authenticate_user!
before_filter :reject_blocked!
before_filter :check_password_expiration
......@@ -28,6 +29,25 @@ class ApplicationController < ActionController::Base
protected
# From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
# https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
def authenticate_user_from_token!
user_token = if params[:authenticity_token].presence
params[:authenticity_token].presence
elsif params[:private_token].presence
params[:private_token].presence
end
user = user_token && User.find_by_authentication_token(user_token.to_s)
if user
# Notice we are passing store false, so the user is not
# actually stored in the session and a token is needed
# for every request. If you want the token to work as a
# sign in token, you can simply remove store: false.
sign_in user, store: false
end
end
def log_exception(exception)
application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace
application_trace.map!{ |t| " #{t}\n" }
......@@ -226,8 +246,7 @@ class ApplicationController < ActionController::Base
end
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :name, :password, :password_confirmation) }
devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
end
def hexdigest(string)
......
......@@ -28,4 +28,8 @@ class RegistrationsController < Devise::RegistrationsController
def signup_enabled?
redirect_to new_user_session_path unless Gitlab.config.gitlab.signup_enabled
end
def sign_up_params
params.require(:user).permit(:username, :email, :name, :password, :password_confirmation)
end
end
module TokenAuthenticatable
extend ActiveSupport::Concern
module ClassMethods
def find_by_authentication_token(authentication_token = nil)
if authentication_token
where(authentication_token: authentication_token).first
end
end
end
def ensure_authentication_token
if authentication_token.blank?
self.authentication_token = generate_authentication_token
end
end
def reset_authentication_token!
self.authentication_token = generate_authentication_token
save
end
private
def generate_authentication_token
loop do
token = Devise.friendly_token
break token unless self.class.unscoped.where(authentication_token: token).first
end
end
end
......@@ -52,6 +52,7 @@ require 'file_size_validator'
class User < ActiveRecord::Base
include Gitlab::ConfigHelper
extend Gitlab::ConfigHelper
include TokenAuthenticatable
default_value_for :admin, false
default_value_for :can_create_group, gitlab_config.default_can_create_group
......@@ -60,7 +61,7 @@ class User < ActiveRecord::Base
default_value_for :projects_limit, gitlab_config.default_projects_limit
default_value_for :theme_id, gitlab_config.default_theme
devise :database_authenticatable, :token_authenticatable, :lockable, :async,
devise :database_authenticatable, :lockable, :async,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
attr_accessor :force_random_password
......
......@@ -6,4 +6,4 @@
<p>You can confirm your account through the link below:</p>
<% end %>
<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @resource.confirmation_token) %></p>
<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
......@@ -2,7 +2,7 @@
<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @resource.reset_password_token) %></p>
<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
<p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p>
......@@ -4,4 +4,4 @@
<p>Click the link below to unlock your account:</p>
<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @resource.unlock_token) %></p>
<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>
......@@ -155,10 +155,6 @@ Devise.setup do |config|
# REST_AUTH_SITE_KEY to pepper)
# config.encryptor = :sha512
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
config.token_authentication_key = :private_token
# Authentication through token does not store user in session and needs
# to be supplied on each request. Useful if you are using the token as API token.
config.skip_session_storage << :token_auth
......
......@@ -25,6 +25,9 @@ en:
sessions:
signed_in: 'Signed in successfully.'
signed_out: 'Signed out successfully.'
users_sessions:
user:
signed_in: 'Signed in successfully.'
passwords:
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
updated: 'Your password was changed successfully. You are now signed in.'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment