Devise 4.2.0: Updating from 3.x
Quick highlights of updating to Devise 4.2.0 from version 3.5.5
It was time to stop putting it off and unlock the Devise gem version in the Gemfile.
The following is working with a simple Rails 4.2 example app. (The idea is to make updates like this before tackling a Rails 5 update. Create a solid starting point.)
Thankfully, Devise has an easy to read CHANGELOG. Well worth taking the time to go through.
I suspect what’s going to catch a lot of people is this (as of version 4.0):
Devise no longer supports Rails 3.2 and 4.0.
Devise no longer supports Ruby 1.9 and 2.0.
(It’s the ‘no longer supporting Ruby 2.0’ that tripped me up initially …)
The code change that will make your Rails 4.2 app crash is:
The ‘devise_parameter_sanitize’ API has changed: The ‘for’ method was deprecated in favor of ‘permit’
In my example app this was a quick fix. Change
devise_parameter_sanitizer.permit(:sign_up) do |user|
user.permit(:username, :email, :role, :password, :password_confirmation)
devise_parameter_sanitizer.permit(:sign_in) do |user|
user.permit(:username, :password, :remember_me)
devise_parameter_sanitizer.permit(:account_update) do |user|
user.permit(:username, :email, :role, :current_password, :password, :password_confirmation)
There’s more of an explanation with some examples in the Devise README section.
A deprecation message appeared when I updated to Ruby 2.2.5 and Rails 4.2.7 along with Devise 4.2.0 and Rspec 3.5:
To handle this, in the rspec configuration, I needed to replace this (just as the message said):
config.include Devise::TestHelpers, type: :controller
config.include Devise::Test::ControllerHelpers, type: :controller
Have any of the files created by the generators changed?
Out of curiosity I was wondering if there are any changes to the default files created by the Devise generators on a new install. The following are from diffs between version 3.5.5 and 4.2.0.
Aside from clarifying updates to the wording in comments, there are a few differences in Devise 4.2.0:
- You can now easily set a parent mailer different from
12# Configure the parent class responsible to send e-mails.# config.parent_mailer = 'ActionMailer::Base'
- You can now tell Devise to skip reloading routes on an eager load.
12345# When false, Devise will not attempt to reload routes on eager load.# This can reduce the time taken to boot the app but if your application# requires the Devise mappings to be loaded during boot time the application# won't boot properly.# config.reload_routes = true
- The default
config.stretcheswas changed from 10 to 11.
1config.stretches = Rails.env.test? ? 1 : 11
- The default password length was changed from
1config.password_length = 6..128
config.email_regexpwas modified and is now uncommented by default:
Old: # config.email_regexp = /\A[^@]+@[^@]+\z/
New: config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
Diff didn’t find any differences in the default settings.
The only difference in the default views is a warning message added to the registration edit regarding the minimum password length.
< % if @minimum_password_length %>
<em>< %= @minimum_password_length %> characters minimum</em>
< % end %>