Hello community, here is the log from the commit of package rubygem-devise for openSUSE:Factory checked in at 2020-03-07 21:37:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-devise (Old) and /work/SRC/openSUSE:Factory/.rubygem-devise.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-devise" Sat Mar 7 21:37:49 2020 rev:7 rq:773753 version:4.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-devise/rubygem-devise.changes 2019-04-01 12:37:01.109875526 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-devise.new.26092/rubygem-devise.changes 2020-03-07 21:37:52.244257248 +0100 @@ -1,0 +2,24 @@ +Mon Feb 10 14:27:39 UTC 2020 - Stephan Kulow <co...@suse.com> + +- updated to version 4.7.1 + see installed CHANGELOG.md + + ### 4.7.1 - 2019-09-06 + + * bug fixes + * Fix an edge case where records with a blank `confirmation_token` could be confirmed (by @tegon) + * Fix typo inside `update_needs_confirmation` i18n key (by @lslm) + + ### 4.7.0 - 2019-08-19 + + * enhancements + * Support Rails 6.0 + * Update CI to rails 6.0.0.beta3 (by @tunnes) + * refactor method name to be more consistent (by @saiqulhaq) + * Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed) + + * bug fixes + * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) + * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) + +------------------------------------------------------------------- Old: ---- devise-4.6.2.gem New: ---- devise-4.7.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-devise.spec ++++++ --- /var/tmp/diff_new_pack.FF9HfR/_old 2020-03-07 21:37:53.648258196 +0100 +++ /var/tmp/diff_new_pack.FF9HfR/_new 2020-03-07 21:37:53.648258196 +0100 @@ -1,7 +1,7 @@ # # spec file for package rubygem-devise # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ # Name: rubygem-devise -Version: 4.6.2 +Version: 4.7.1 Release: 0 %define mod_name devise %define mod_full_name %{mod_name}-%{version} @@ -32,7 +32,7 @@ BuildRequires: %{ruby >= 2.1.0} BuildRequires: %{rubygem gem2rpm} BuildRequires: ruby-macros >= 5 -Url: https://github.com/plataformatec/devise +URL: https://github.com/plataformatec/devise Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1: gem2rpm.yml Summary: Flexible authentication solution for Rails with Warden ++++++ devise-4.6.2.gem -> devise-4.7.1.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2019-03-26 17:51:02.000000000 +0100 +++ new/CHANGELOG.md 2019-09-06 19:02:57.000000000 +0200 @@ -1,5 +1,23 @@ ### Unreleased +### 4.7.1 - 2019-09-06 + +* bug fixes + * Fix an edge case where records with a blank `confirmation_token` could be confirmed (by @tegon) + * Fix typo inside `update_needs_confirmation` i18n key (by @lslm) + +### 4.7.0 - 2019-08-19 + +* enhancements + * Support Rails 6.0 + * Update CI to rails 6.0.0.beta3 (by @tunnes) + * refactor method name to be more consistent (by @saiqulhaq) + * Fix rails 6.0.rc1 email uniqueness validation deprecation warning (by @Vasfed) + +* bug fixes + * Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl) + * Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk) + ### 4.6.2 - 2019-03-26 * bug fixes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2019-03-26 17:51:02.000000000 +0100 +++ new/README.md 2019-09-06 19:02:57.000000000 +0200 @@ -174,7 +174,7 @@ * Michael Hartl's online book: https://www.railstutorial.org/book/modeling_users * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch -* Codecademy's Ruby on Rails: Authentication and Authorization: http://www.codecademy.com/en/learn/rails-auth +* Codecademy's Ruby on Rails: Authentication and Authorization: https://www.codecademy.com/learn/rails-auth Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :smiley: @@ -732,6 +732,6 @@ ## License -MIT License. Copyright 2009-2018 Plataformatec. http://plataformatec.com.br +MIT License. Copyright 2009-2019 Plataformatec. http://plataformatec.com.br You are not granted rights or licenses to the trademarks of Plataformatec, including without limitation the Devise name or logo. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/app/views/devise/passwords/edit.html.erb new/app/views/devise/passwords/edit.html.erb --- old/app/views/devise/passwords/edit.html.erb 2019-03-26 17:51:02.000000000 +0100 +++ new/app/views/devise/passwords/edit.html.erb 2019-09-06 19:02:57.000000000 +0200 @@ -14,7 +14,7 @@ <div class="field"> <%= f.label :password_confirmation, "Confirm new password" %><br /> - <%= f.password_field :password_confirmation, autocomplete: "off" %> + <%= f.password_field :password_confirmation, autocomplete: "new-password" %> </div> <div class="actions"> Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/locales/en.yml new/config/locales/en.yml --- old/config/locales/en.yml 2019-03-26 17:51:02.000000000 +0100 +++ new/config/locales/en.yml 2019-09-06 19:02:57.000000000 +0200 @@ -42,7 +42,7 @@ signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." - update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address." updated: "Your account has been updated successfully." updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again" sessions: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/failure_app.rb new/lib/devise/failure_app.rb --- old/lib/devise/failure_app.rb 2019-03-26 17:51:02.000000000 +0100 +++ new/lib/devise/failure_app.rb 2019-09-06 19:02:57.000000000 +0200 @@ -153,7 +153,7 @@ # We need to add the rootpath to `script_name` manually for applications that use a Rails # version lower than 5.1. Otherwise, it is going to generate a wrong path for Engines # that use Devise. Remove it when the support of Rails 5.0 is droped. - elsif root_path_defined?(context) && rails_5_and_down? + elsif root_path_defined?(context) && !rails_51_and_up? rootpath = context.routes.url_helpers.root_path opts[:script_name] = rootpath.chomp('/') if rootpath.length > 1 end @@ -278,14 +278,8 @@ defined?(context.routes) && context.routes.url_helpers.respond_to?(:root_path) end - def rails_5_and_down? - return false if rails_5_up? - - Rails::VERSION::MAJOR >= 4 - end - - def rails_5_up? - Rails::VERSION::MAJOR >= 5 && Rails::VERSION::MINOR > 0 + def rails_51_and_up? + Rails.gem_version >= Gem::Version.new("5.1") end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/models/authenticatable.rb new/lib/devise/models/authenticatable.rb --- old/lib/devise/models/authenticatable.rb 2019-03-26 17:51:02.000000000 +0100 +++ new/lib/devise/models/authenticatable.rb 2019-09-06 19:02:57.000000000 +0200 @@ -1,6 +1,5 @@ # frozen_string_literal: true -require 'active_model/version' require 'devise/hooks/activatable' require 'devise/hooks/csrf_cleaner' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/models/confirmable.rb new/lib/devise/models/confirmable.rb --- old/lib/devise/models/confirmable.rb 2019-03-26 17:51:02.000000000 +0100 +++ new/lib/devise/models/confirmable.rb 2019-09-06 19:02:57.000000000 +0200 @@ -348,7 +348,19 @@ # If the user is already confirmed, create an error for the user # Options must have the confirmation_token def confirm_by_token(confirmation_token) + # When the `confirmation_token` parameter is blank, if there are any users with a blank + # `confirmation_token` in the database, the first one would be confirmed here. + # The error is being manually added here to ensure no users are confirmed by mistake. + # This was done in the model for convenience, since validation errors are automatically + # displayed in the view. + if confirmation_token.blank? + confirmable = new + confirmable.errors.add(:confirmation_token, :blank) + return confirmable + end + confirmable = find_first_by_auth_conditions(confirmation_token: confirmation_token) + unless confirmable confirmation_digest = Devise.token_generator.digest(self, :confirmation_token, confirmation_token) confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_digest) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/models/validatable.rb new/lib/devise/models/validatable.rb --- old/lib/devise/models/validatable.rb 2019-03-26 17:51:02.000000000 +0100 +++ new/lib/devise/models/validatable.rb 2019-09-06 19:02:57.000000000 +0200 @@ -30,7 +30,7 @@ base.class_eval do validates_presence_of :email, if: :email_required? if Devise.activerecord51? - validates_uniqueness_of :email, allow_blank: true, if: :will_save_change_to_email? + validates_uniqueness_of :email, allow_blank: true, case_sensitive: true, if: :will_save_change_to_email? validates_format_of :email, with: email_regexp, allow_blank: true, if: :will_save_change_to_email? else validates_uniqueness_of :email, allow_blank: true, if: :email_changed? diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/rails/routes.rb new/lib/devise/rails/routes.rb --- old/lib/devise/rails/routes.rb 2019-03-26 17:51:02.000000000 +0100 +++ new/lib/devise/rails/routes.rb 2019-09-06 19:02:57.000000000 +0200 @@ -135,10 +135,10 @@ # * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given # are also allowed as parameter. # - # * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get), + # * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :delete), # if you wish to restrict this to accept only :post or :delete requests you should do: # - # devise_for :users, sign_out_via: [:post, :delete] + # devise_for :users, sign_out_via: [:get, :post] # # You need to make sure that your sign_out controls trigger a request with a matching HTTP method. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/devise/version.rb new/lib/devise/version.rb --- old/lib/devise/version.rb 2019-03-26 17:51:02.000000000 +0100 +++ new/lib/devise/version.rb 2019-09-06 19:02:57.000000000 +0200 @@ -1,5 +1,5 @@ # frozen_string_literal: true module Devise - VERSION = "4.6.2".freeze + VERSION = "4.7.1".freeze end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/generators/templates/simple_form_for/passwords/edit.html.erb new/lib/generators/templates/simple_form_for/passwords/edit.html.erb --- old/lib/generators/templates/simple_form_for/passwords/edit.html.erb 2019-03-26 17:51:02.000000000 +0100 +++ new/lib/generators/templates/simple_form_for/passwords/edit.html.erb 2019-09-06 19:02:57.000000000 +0200 @@ -13,7 +13,10 @@ autofocus: true, hint: ("#{@minimum_password_length} characters minimum" if @minimum_password_length), input_html: { autocomplete: "new-password" } %> - <%= f.input :password_confirmation, label: "Confirm your new password", required: true %> + <%= f.input :password_confirmation, + label: "Confirm your new password", + required: true, + input_html: { autocomplete: "new-password" } %> </div> <div class="form-actions"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2019-03-26 17:51:02.000000000 +0100 +++ new/metadata 2019-09-06 19:02:57.000000000 +0200 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: devise version: !ruby/object:Gem::Version - version: 4.6.2 + version: 4.7.1 platform: ruby authors: - José Valim @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2019-03-26 00:00:00.000000000 Z +date: 2019-09-06 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: warden @@ -60,9 +60,6 @@ - - ">=" - !ruby/object:Gem::Version version: 4.1.0 - - - "<" - - !ruby/object:Gem::Version - version: '6.0' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement @@ -70,9 +67,6 @@ - - ">=" - !ruby/object:Gem::Version version: 4.1.0 - - - "<" - - !ruby/object:Gem::Version - version: '6.0' - !ruby/object:Gem::Dependency name: responders requirement: !ruby/object:Gem::Requirement @@ -223,8 +217,7 @@ - !ruby/object:Gem::Version version: '0' requirements: [] -rubyforge_project: -rubygems_version: 2.7.6 +rubygems_version: 3.0.6 signing_key: specification_version: 4 summary: Flexible authentication solution for Rails with Warden