Upgrade to devise 3.1 and unify the layouts for devise related views

.env.example

@@ -10,3 +10,4 @@ MAILGUN_PASSWORD=smtp_pass
 MAILGUN_USERNAME=[email protected]
 MAILGUN_API_KEY=key-mailgunapikey
 SECRET_TOKEN=secrettoken
+DEVISE_SECRET_KEY=secrettoken

Gemfile

@@ -8,7 +8,7 @@ gem 'unicorn'
 gem 'foreman'
 
 gem 'crowdtilt', github: 'Crowdtilt/crowdtilt-gem'
-gem 'devise', '~> 3.0.0'
+gem 'devise', '~> 3.1.0'
 gem 'nokogiri'
 gem 'friendly_id', '~> 4.0.9'
 gem 'iso_country_codes'

Gemfile.lock

@@ -45,6 +45,7 @@ GEM
     asset_sync (0.5.4)
       activemodel
       fog
+    atomic (1.1.14)
     aws-sdk (1.11.0)
       json (~> 1.4)
       nokogiri (>= 1.4.4)
@@ -73,10 +74,11 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.6.2)
-    devise (3.0.4)
+    devise (3.1.2)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
+      thread_safe (~> 0.1)
       warden (~> 1.2.3)
     diff-lcs (1.2.4)
     dotenv (0.7.0)
@@ -216,6 +218,8 @@ GEM
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
     thor (0.18.1)
+    thread_safe (0.1.3)
+      atomic
     tilt (1.4.1)
     treetop (1.4.14)
       polyglot
@@ -246,7 +250,7 @@ DEPENDENCIES
   ckeditor
   coffee-rails (~> 3.2.1)
   crowdtilt!
-  devise (~> 3.0.0)
+  devise (~> 3.1.0)
   email_spec
   factory_girl_rails
   faker

README.md

@@ -98,15 +98,15 @@ $ cp .env.example .env
 ```
 
 
-Then open up the .env file and fill in the variables with your app_name and credentials. Leave ```ENABLE_ASSET_SYNC``` set to 'true' if you plan to use AWS to host your assets (recommended). The bucket for asset syncing should be in the US Standard (us-east-1) zone.
+Then open up the .env file and fill in the variables with your app_name and credentials. Leave `ENABLE_ASSET_SYNC` set to 'true' if you plan to use AWS to host your assets (recommended). The bucket for asset syncing should be in the US Standard (us-east-1) zone.
 
-The ```SECRET_TOKEN``` variable should be at least 30 characters and all random, no regular words or you'll be exposed to dictionary attacks.  You can generate a new one by running this command from the root of your project directory:
+The `SECRET_TOKEN`  and `DEVISE_SECRET_KEY` variables should be at least 30 characters and all random, no regular words or you'll be exposed to dictionary attacks.  Do NOT reuse the same secret token - you'll need to generate it twice. You can generate a new one by running this command from the root of your project directory:
 
 ```
-$ rake secret
+$ foreman run rake secret
 ```
 
-Important: Your ```APP_NAME``` must not have a space in it. Underscores and hypens are accepted.
+Important: Your `APP_NAME` must not have a space in it. Underscores and hypens are accepted.
 
 ```
 APP_NAME=myawesomeapp
@@ -120,6 +120,7 @@ MAILGUN_DOMAIN=myawesomeapp.mailgun.org
 MAILGUN_PASSWORD=mailgunpassword
 [email protected]
 SECRET_TOKEN=secrettoken
+DEVISE_SECRET_KEY=secrettoken
 ```
 
 Install the gems

app/assets/stylesheets/devise.css.scss

@@ -1,4 +1,4 @@
-#signin {
+#devise-mini {
   padding: 50px 0;
 
   .well {
@@ -24,25 +24,6 @@
   }
 }
 
-#signup {
-  padding: 50px 0;
-
-  .well {
-    width: 400px;
-    margin: 0 auto;
-    padding: 35px;
-
-    form {
-      margin-bottom: 0px;
-
-      button {
-        display: inline-block;
-        margin: 10px 0px;
-      }
-    }
-  }
-}
-
 #error_explanation {
   h2 {
     margin-bottom: 0px;
@@ -58,4 +39,4 @@
 
 #password {
   padding: 50px 0;
-}
+}

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,4 @@
 
 <p>You can confirm your account email through the link below:</p>
 
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %></p>

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -2,7 +2,7 @@
 
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
 
-<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
+<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p>
 
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>

app/views/devise/mailer/unlock_instructions.html.erb

@@ -4,4 +4,4 @@
 
 <p>Click the link below to unlock your account:</p>
 
-<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>
+<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %></p>

app/views/devise/passwords/edit.html.erb

@@ -1,18 +1,22 @@
-<div id="password">
-  <div class="container content_box clearfix">
-  <h3>Change your password</h3>
+<div id="devise-mini">
+  <div class="container">
+    <div class="well">
 
-  <%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
-    <%= devise_error_messages! %>
-    <%= f.hidden_field :reset_password_token %>
+    <h3>Change your password</h3>
 
-    <div><%= f.label :password, "New password" %>
-    <%= f.password_field :password, :autofocus => true %></div>
+    <%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+      <%= devise_error_messages! %>
+      <%= f.hidden_field :reset_password_token %>
 
-    <div><%= f.label :password_confirmation, "Confirm new password" %>
-    <%= f.password_field :password_confirmation %></div>
+      <div><%= f.label :password, "New password" %>
+      <%= f.password_field :password, :autofocus => true %></div>
 
-    <div><%= f.submit "Change my password", class: "btn btn-primary" %></div>
-  <% end %>
+      <div><%= f.label :password_confirmation, "Confirm new password" %>
+      <%= f.password_field :password_confirmation %></div>
+
+      <div><%= f.submit "Change my password", class: "btn btn-primary" %></div>
+    <% end %>
+
+    </div>
   </div>
 </div>

app/views/devise/passwords/new.html.erb

@@ -1,14 +1,20 @@
-<div id="password">
-  <div class="container content_box clearfix">
-  <h3>Forgot your password?</h3>
+<div id="devise-mini">
+  <div class="container">
+    <div class="well">
 
-  <%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
-    <%= devise_error_messages! %>
+    <h3>Forgot your password?</h3>
 
-    <div><%= f.label :email, "Please enter your email:" %>
-    <%= f.email_field :email, :autofocus => true %></div>
+    <p>Please enter your email below.</p>
 
-    <div><%= f.submit "Send me reset password instructions", class: "btn btn-primary" %></div>
-  <% end %>
+    <%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+      <%= devise_error_messages! %>
+
+      <div><%= f.label :email %>
+      <%= f.email_field :email, :autofocus => true %></div>
+
+      <div><%= f.submit "Send password reset email", class: "btn btn-primary" %></div>
+    <% end %>
+
+    </div>
   </div>
-</div>
+</div>

app/views/devise/registrations/edit.html.erb

@@ -1,5 +1,7 @@
-<div id="user">
-  <div class="container content_box clearfix">
+<div id="devise-mini">
+  <div class="container">
+    <div class="well">
+
     <h3>
       Account: <%= current_user.fullname %>
       <span class="loader" data-loader="user_header" style="display:none"></span>
@@ -14,19 +16,25 @@
       <div><%= f.label :email %>
       <%= f.email_field :email, :autofocus => true %></div>
 
+      <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+        <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
+      <% end %>
+
+      <br />
       <div><p>Change your password:</p></div>
       <div><%= f.label :password, "Enter your new password" %>
       <%= f.password_field :password, :autocomplete => "off" %></div>
 
       <div><%= f.label :password_confirmation, "Re-enter your new password" %>
       <%= f.password_field :password_confirmation %></div>
-      <br/><br/>
+
+      <br/><br />
       <div><%= f.label :current_password, "Current Password (we need this to confirm your changes)" %>
       <%= f.password_field :current_password %></div>
 
-      <button class="btn btn-primary" type="submit">Update</button>
+      <div><%= f.submit "Update", class: "btn btn-primary" %></div>
     <% end %>
 
+    </div>
   </div>
 </div>
-

app/views/devise/registrations/new.html.erb

@@ -1,13 +1,12 @@
-<div id="signup">
+<div id="devise-mini">
   <div class="container">
-
     <div class="well">
 
     <% if @settings.initialized_flag %>
-      <h4>New User?</h4>
+      <h3>New User?</h3>
       <p>Please create an account to continue.</p>
     <% else %>
-      <h4>New Crowdhoster App</h4>
+      <h3>New Crowdhoster App</h3>
       <p>Looks like this is a new Crowdhoster App! Go ahead and create a user that will serve as your site admin:</p>
     <% end %>
 
@@ -32,6 +31,5 @@
      <br/><%= link_to "Already have an account?", new_session_path(resource_name) %><br />
 
     </div>
-
   </div>
-</div>
+</div>

app/views/devise/sessions/new.html.erb

@@ -1,8 +1,8 @@
-<div id="signin">
+<div id="devise-mini">
   <div class="container">
-
     <div class="well">
-    <h4>Sign In</h4>
+
+    <h3>Sign In</h3>
     <p>Please sign in to continue.</p>
 
       <%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
@@ -26,6 +26,5 @@
       Don't have an account? <%= link_to "Sign up", new_registration_path(resource_name) %>
 
     </div>
-
   </div>
-</div>
+</div>

app/views/devise/shared/_links.erb

@@ -6,7 +6,7 @@
   <%= link_to "Sign up", new_registration_path(resource_name) %><br />
 <% end -%>
 
-<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
+<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
   <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
 <% end -%>
 
@@ -22,4 +22,4 @@
   <%- resource_class.omniauth_providers.each do |provider| %>
     <%= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider) %><br />
   <% end -%>
-<% end -%>
+<% end -%>

config/initializers/check_env.rb

@@ -1,9 +1,9 @@
 ## Check for env file errors on startup
 
-# Only read the first 12 lines of the file into the array (in case the file has
+# Only read the first 13 lines of the file into the array (in case the file has
 # issues), then convert the array to a hash
 filename = File.join(Rails.root, ".env.example")
-env_array = File.open(filename) { |f| (1..12).map { |x| f.readline.strip.split('=') } }
+env_array = File.open(filename) { |f| (1..13).map { |x| f.readline.strip.split('=') } }
 # remove asset sync b/c checking against default value doesn't make sense here
 env_hash = Hash[*env_array.flatten].except('ENABLE_ASSET_SYNC')
 

config/initializers/devise.rb

@@ -1,13 +1,19 @@
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
+  # The secret key used by Devise. Devise uses this key to generate
+  # random tokens. Changing this key will render invalid all existing
+  # confirmation, reset password and unlock tokens in the database.
+  config.secret_key = ENV['DEVISE_SECRET_KEY']
+
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
-  # note that it will be overwritten if you use your own mailer class with default "from" parameter.
-  config.mailer_sender = "[email protected]"
+  # note that it will be overwritten if you use your own mailer class
+  # with default "from" parameter.
+  config.mailer_sender = '[email protected]'
 
   # Configure the class responsible to send e-mails.
-  # config.mailer = "Devise::Mailer"
+  # config.mailer = 'Devise::Mailer'
 
   # ==> ORM configuration
   # Load and configure the ORM. Supports :active_record (default) and
@@ -61,8 +67,8 @@
   # If http headers should be returned for AJAX requests. True by default.
   # config.http_authenticatable_on_xhr = true
 
-  # The realm used in Http Basic Authentication. "Application" by default.
-  # config.http_authentication_realm = "Application"
+  # The realm used in Http Basic Authentication. 'Application' by default.
+  # config.http_authentication_realm = 'Application'
 
   # It will change confirmation, password recovery and other workflows
   # to behave the same regardless if the e-mail provided was right or wrong.
@@ -92,7 +98,7 @@
   config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
-  # config.pepper = "bce28301f3fd7e1b6c3ddce3b95d432efa469df1e87d5ba56f8e2826e35bcdb58db429f355a6a7fe960503a2ca17b8ac70259c0b475db5e5dc6ef1317b407ebf"
+  # config.pepper = '0a405e37fcba59f73262e8812e48c8e854cf991d0a9ce1e6822e3db088202d6ccf7ce325e620df73cbe4eddd381f43afa2ed39a78c60299775c161d4bc5b5f57'
 
   # ==> Configuration for :confirmable
   # A period that the user is allowed to access the website even without
@@ -217,7 +223,7 @@
   # should add them to the navigational formats lists.
   #
   # The "*/*" below is required to match Internet Explorer requests.
-  # config.navigational_formats = ["*/*", :html]
+  # config.navigational_formats = ['*/*', :html]
 
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
@@ -241,12 +247,12 @@
   # is mountable, there are some extra configurations to be taken into account.
   # The following options are available, assuming the engine is mounted as:
   #
-  #     mount MyEngine, at: "/my_engine"
+  #     mount MyEngine, at: '/my_engine'
   #
   # The router that invoked `devise_for`, in the example above, would be:
   # config.router_name = :my_engine
   #
   # When using omniauth, Devise cannot automatically set Omniauth path,
   # so you need to do it manually. For the users scope, it would be:
-  # config.omniauth_path_prefix = "/my_engine/users/auth"
+  # config.omniauth_path_prefix = '/my_engine/users/auth'
 end