Merge pull request #437 from paulsponagl/devise_2_1

Upgrade to devise 2.1

Gemfile.lock

@@ -10,7 +10,8 @@ PATH
       cells (~> 3.8.0)
       codemirror-rails (~> 2.21)
       custom_fields (~> 2.0.0.rc12)
-      devise (~> 1.5.3)
+      devise (~> 2.1.0)
+      devise-encryptable (~> 0.1.1)
       dragonfly (~> 0.9.8)
       flash_cookie_session (~> 1.1.1)
       fog (~> 1.3.1)
@@ -126,10 +127,13 @@ GEM
       carrierwave-mongoid (~> 0.2.1)
       mongoid (~> 2.4.9)
     database_cleaner (0.8.0)
-    devise (1.5.3)
+    devise (2.1.0)
       bcrypt-ruby (~> 3.0)
-      orm_adapter (~> 0.0.3)
+      orm_adapter (~> 0.0.7)
-      warden (~> 1.1)
+      railties (~> 3.1)
+      warden (~> 1.1.1)
+    devise-encryptable (0.1.1)
+      devise (>= 2.1.0.rc)
     diff-lcs (1.1.3)
     dragonfly (0.9.12)
       rack
@@ -311,7 +315,7 @@ GEM
       rack
       raindrops (~> 0.7)
     unidecoder (1.1.1)
-    warden (1.2.0)
+    warden (1.1.1)
       rack (>= 1.0)
     xpath (0.1.4)
       nokogiri (~> 1.3)

app/models/locomotive/account.rb

@@ -5,6 +5,20 @@ module Locomotive
 
     devise *Locomotive.config.devise_modules
 
+    ## devise fields (need to be declared since 2.x) ##
+    field :remember_created_at, :type => Time
+    field :email,              :type => String, :null => false
+    field :encrypted_password, :type => String, :null => false
+    field :authentication_token, :type => String
+    field :reset_password_token,   :type => String
+    field :reset_password_sent_at, :type => Time
+    field :password_salt, :type => String
+    field :sign_in_count,      :type => Integer
+    field :current_sign_in_at, :type => Time
+    field :last_sign_in_at,    :type => Time
+    field :current_sign_in_ip, :type => String
+    field :last_sign_in_ip,    :type => String
+
     ## attributes ##
     field :name
     field :locale, :default => Locomotive.config.default_locale.to_s or 'en'

config/routes.rb

@@ -1,12 +1,8 @@
 Locomotive::Engine.routes.draw do
 
   # authentication
-  devise_for :locomotive_account,
+  devise_for :locomotive_account, :class_name   => 'Locomotive::Account', :path => '', :path_prefix  => nil, :failure_app  => 'Locomotive::Devise::FailureApp',:controllers  => { :sessions => 'locomotive/sessions', :passwords => 'locomotive/passwords' }
-    :class_name   => 'Locomotive::Account',
+  devise_scope :locomotive_account do
-    :path         => '',
-    :path_prefix  => nil,
-    :failure_app  => 'Locomotive::Devise::FailureApp',
-    :controllers  => { :sessions => 'locomotive/sessions', :passwords => 'locomotive/passwords' } do
       match '/'         => 'sessions#new'
       delete 'signout'  => 'sessions#destroy', :as => :destroy_locomotive_session
   end

lib/locomotive.rb

@@ -1,6 +1,7 @@
 require 'locomotive/version'
 require 'locomotive/core_ext'
 require 'locomotive/configuration'
+require 'locomotive/devise'
 require 'locomotive/logger'
 require 'locomotive/haml'
 require 'locomotive/formtastic'

lib/locomotive/devise.rb

@@ -1 +1,2 @@
-# patches for devise here
+# patches for devise here
+require 'devise-encryptable'

locomotive_cms.gemspec

@@ -22,7 +22,8 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'rails',                           '~> 3.2.5'
 
-  s.add_dependency 'devise',                          '~> 1.5.3'
+  s.add_dependency 'devise-encryptable',              '~> 0.1.1'
+  s.add_dependency 'devise',                          '~> 2.1.0'
   s.add_dependency 'cancan',                          '~> 1.6.7'
 
   s.add_dependency 'mongo',                           '~> 1.5.2'

spec/dummy/config/initializers/devise.rb

@@ -59,11 +59,11 @@ Devise.setup do |config|
   # ==> Configuration for :confirmable
   # The time you want to give your user to confirm his account. During this time
   # he will be able to access your application without confirming. Default is 0.days
-  # When confirm_within is zero, the user won't be able to sign in without confirming.
+  # When allow_unconfirmed_access_for is zero, the user won't be able to sign in without confirming.
   # You can use this to let your user access some features of your application
   # without confirming the account, but blocking it after a certain period
   # (ie 2 days).
-  # config.confirm_within = 2.days
+  # config.allow_unconfirmed_access_for = 2.days
 
   # Defines which key will be used when confirming an account
   # config.confirmation_keys = [ :email ]
@@ -72,16 +72,9 @@ Devise.setup do |config|
   # The time the user will be remembered without asking for credentials again.
   config.remember_for = 2.weeks
 
-  # If true, a valid remember token can be re-used between multiple browsers.
-  # config.remember_across_browsers = true
-
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
-  # If true, uses the password salt as remember token. This should be turned
-  # to false if you are not using database authenticatable.
-  config.use_salt_as_remember_token = true
-
   # Options to be passed to the created cookie. For instance, you can set
   # :secure => true in order to force SSL only cookies.
   # config.cookie_options = {}
@@ -146,6 +139,9 @@ Devise.setup do |config|
   # If true, authentication through token does not store user in session and needs
   # to be supplied on each request. Useful if you are using the token as API token.
   # config.stateless_token = false
+  # Hint: Devise 2 
+  # Devise.stateless_token was removed. If you want to have stateless tokens, 
+  # simply do config.skip_session_storage << :auth_token in your initializer;
 
   # ==> Scopes configuration
   # Turn scoped views on. Before rendering "sessions/new", it will first check for