Commit 6bc32fe4 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'upgrade_devise' into 'master'

Upgrade devise from 3.0.4 to 3.2.4

See merge request !960
parents 7a914e5a 60cc1d8e
...@@ -21,8 +21,8 @@ gem "mysql2", group: :mysql ...@@ -21,8 +21,8 @@ gem "mysql2", group: :mysql
gem "pg", group: :postgres gem "pg", group: :postgres
# Auth # Auth
gem "devise", '3.0.4' gem "devise", '3.2.4'
gem "devise-async", '0.8.0' gem "devise-async", '0.9.0'
gem 'omniauth', "~> 1.1.3" gem 'omniauth', "~> 1.1.3"
gem 'omniauth-google-oauth2' gem 'omniauth-google-oauth2'
gem 'omniauth-twitter' gem 'omniauth-twitter'
......
...@@ -40,7 +40,7 @@ GEM ...@@ -40,7 +40,7 @@ GEM
axiom-types (0.0.5) axiom-types (0.0.5)
descendants_tracker (~> 0.0.1) descendants_tracker (~> 0.0.1)
ice_nine (~> 0.9) ice_nine (~> 0.9)
bcrypt-ruby (3.1.2) bcrypt (3.1.7)
better_errors (1.0.1) better_errors (1.0.1)
coderay (>= 1.0.0) coderay (>= 1.0.0)
erubis (>= 2.6.6) erubis (>= 2.6.6)
...@@ -94,13 +94,14 @@ GEM ...@@ -94,13 +94,14 @@ GEM
default_value_for (3.0.0) default_value_for (3.0.0)
activerecord (>= 3.2.0, < 5.0) activerecord (>= 3.2.0, < 5.0)
descendants_tracker (0.0.3) descendants_tracker (0.0.3)
devise (3.0.4) devise (3.2.4)
bcrypt-ruby (~> 3.0) bcrypt (~> 3.0)
orm_adapter (~> 0.1) orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5) railties (>= 3.2.6, < 5)
thread_safe (~> 0.1)
warden (~> 1.2.3) warden (~> 1.2.3)
devise-async (0.8.0) devise-async (0.9.0)
devise (>= 2.2, < 3.2) devise (~> 3.2)
diff-lcs (1.2.5) diff-lcs (1.2.5)
diffy (3.0.3) diffy (3.0.3)
docile (1.1.1) docile (1.1.1)
...@@ -584,8 +585,8 @@ DEPENDENCIES ...@@ -584,8 +585,8 @@ DEPENDENCIES
d3_rails (~> 3.1.4) d3_rails (~> 3.1.4)
database_cleaner database_cleaner
default_value_for (~> 3.0.0) default_value_for (~> 3.0.0)
devise (= 3.0.4) devise (= 3.2.4)
devise-async (= 0.8.0) devise-async (= 0.9.0)
diffy (~> 3.0.3) diffy (~> 3.0.3)
dropzonejs-rails dropzonejs-rails
email_spec email_spec
......
require 'gon' require 'gon'
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
before_filter :authenticate_user_from_token!
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :reject_blocked! before_filter :reject_blocked!
before_filter :check_password_expiration before_filter :check_password_expiration
...@@ -28,6 +29,25 @@ class ApplicationController < ActionController::Base ...@@ -28,6 +29,25 @@ class ApplicationController < ActionController::Base
protected protected
# From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
# https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
def authenticate_user_from_token!
user_token = if params[:authenticity_token].presence
params[:authenticity_token].presence
elsif params[:private_token].presence
params[:private_token].presence
end
user = user_token && User.find_by_authentication_token(user_token.to_s)
if user
# Notice we are passing store false, so the user is not
# actually stored in the session and a token is needed
# for every request. If you want the token to work as a
# sign in token, you can simply remove store: false.
sign_in user, store: false
end
end
def log_exception(exception) def log_exception(exception)
application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace
application_trace.map!{ |t| " #{t}\n" } application_trace.map!{ |t| " #{t}\n" }
...@@ -226,8 +246,7 @@ class ApplicationController < ActionController::Base ...@@ -226,8 +246,7 @@ class ApplicationController < ActionController::Base
end end
def configure_permitted_parameters def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) } devise_parameter_sanitizer.sanitize(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me) }
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:username, :email, :name, :password, :password_confirmation) }
end end
def hexdigest(string) def hexdigest(string)
......
...@@ -28,4 +28,8 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -28,4 +28,8 @@ class RegistrationsController < Devise::RegistrationsController
def signup_enabled? def signup_enabled?
redirect_to new_user_session_path unless Gitlab.config.gitlab.signup_enabled redirect_to new_user_session_path unless Gitlab.config.gitlab.signup_enabled
end end
def sign_up_params
params.require(:user).permit(:username, :email, :name, :password, :password_confirmation)
end
end end
module TokenAuthenticatable
extend ActiveSupport::Concern
module ClassMethods
def find_by_authentication_token(authentication_token = nil)
if authentication_token
where(authentication_token: authentication_token).first
end
end
end
def ensure_authentication_token
if authentication_token.blank?
self.authentication_token = generate_authentication_token
end
end
def reset_authentication_token!
self.authentication_token = generate_authentication_token
save
end
private
def generate_authentication_token
loop do
token = Devise.friendly_token
break token unless self.class.unscoped.where(authentication_token: token).first
end
end
end
...@@ -52,6 +52,7 @@ require 'file_size_validator' ...@@ -52,6 +52,7 @@ require 'file_size_validator'
class User < ActiveRecord::Base class User < ActiveRecord::Base
include Gitlab::ConfigHelper include Gitlab::ConfigHelper
extend Gitlab::ConfigHelper extend Gitlab::ConfigHelper
include TokenAuthenticatable
default_value_for :admin, false default_value_for :admin, false
default_value_for :can_create_group, gitlab_config.default_can_create_group default_value_for :can_create_group, gitlab_config.default_can_create_group
...@@ -60,7 +61,7 @@ class User < ActiveRecord::Base ...@@ -60,7 +61,7 @@ class User < ActiveRecord::Base
default_value_for :projects_limit, gitlab_config.default_projects_limit default_value_for :projects_limit, gitlab_config.default_projects_limit
default_value_for :theme_id, gitlab_config.default_theme default_value_for :theme_id, gitlab_config.default_theme
devise :database_authenticatable, :token_authenticatable, :lockable, :async, devise :database_authenticatable, :lockable, :async,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable :recoverable, :rememberable, :trackable, :validatable, :omniauthable, :confirmable, :registerable
attr_accessor :force_random_password attr_accessor :force_random_password
......
...@@ -6,4 +6,4 @@ ...@@ -6,4 +6,4 @@
<p>You can confirm your account through the link below:</p> <p>You can confirm your account through the link below:</p>
<% end %> <% end %>
<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @resource.confirmation_token) %></p> <p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
<p>Someone has requested a link to change your password, and you can do this through the link below.</p> <p>Someone has requested a link to change your password, and you can do this through the link below.</p>
<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @resource.reset_password_token) %></p> <p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
<p>If you didn't request this, please ignore this email.</p> <p>If you didn't request this, please ignore this email.</p>
<p>Your password won't change until you access the link above and create a new one.</p> <p>Your password won't change until you access the link above and create a new one.</p>
...@@ -4,4 +4,4 @@ ...@@ -4,4 +4,4 @@
<p>Click the link below to unlock your account:</p> <p>Click the link below to unlock your account:</p>
<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @resource.unlock_token) %></p> <p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>
...@@ -155,10 +155,6 @@ Devise.setup do |config| ...@@ -155,10 +155,6 @@ Devise.setup do |config|
# REST_AUTH_SITE_KEY to pepper) # REST_AUTH_SITE_KEY to pepper)
# config.encryptor = :sha512 # config.encryptor = :sha512
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
config.token_authentication_key = :private_token
# Authentication through token does not store user in session and needs # Authentication through token does not store user in session and needs
# to be supplied on each request. Useful if you are using the token as API token. # to be supplied on each request. Useful if you are using the token as API token.
config.skip_session_storage << :token_auth config.skip_session_storage << :token_auth
......
...@@ -25,6 +25,9 @@ en: ...@@ -25,6 +25,9 @@ en:
sessions: sessions:
signed_in: 'Signed in successfully.' signed_in: 'Signed in successfully.'
signed_out: 'Signed out successfully.' signed_out: 'Signed out successfully.'
users_sessions:
user:
signed_in: 'Signed in successfully.'
passwords: passwords:
send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.' send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
updated: 'Your password was changed successfully. You are now signed in.' updated: 'Your password was changed successfully. You are now signed in.'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment