From 52c4fc2a91e05eb0cc5a840ac7d00819e399c0bb Mon Sep 17 00:00:00 2001
From: Thomas von Deyen <thomas@vondeyen.com>
Date: Thu, 6 Jun 2024 21:49:45 +0200
Subject: [PATCH 1/4] Update Devise config to 4.9

Adds support for Turbo
---
 .../devise/install/templates/devise.rb.tt     | 36 +++++++++++++------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/lib/generators/alchemy/devise/install/templates/devise.rb.tt b/lib/generators/alchemy/devise/install/templates/devise.rb.tt
index 15c1660b..1129c17c 100644
--- a/lib/generators/alchemy/devise/install/templates/devise.rb.tt
+++ b/lib/generators/alchemy/devise/install/templates/devise.rb.tt
@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
+# Assuming you have not yet modified this file, each configuration option below
+# is set to its default value. Note that some are commented out while others
+# are not: uncommented lines are intended to protect your configuration from
+# breaking changes in upgrades (i.e., in the event that future versions of
+# Devise change the default values for those options).
+#
 # Use this hook to configure devise mailer, warden hooks and so forth.
 # Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
@@ -68,7 +74,10 @@ Devise.setup do |config|
   # Tell if authentication through HTTP Auth is enabled. False by default.
   # It can be set to an array that will enable http authentication only for the
   # given strategies, for example, `config.http_authenticatable = [:database]` will
-  # enable it only for database authentication. The supported strategies are:
+  # enable it only for database authentication.
+  # For API-only applications to support authentication "out-of-the-box", you will likely want to
+  # enable this with :database unless you are using a custom strategy.
+  # The supported strategies are:
   # :database      = Support basic authentication with authentication key + password
   config.http_authenticatable = true
 
@@ -103,15 +112,18 @@ Devise.setup do |config|
   # config.reload_routes = true
 
   # ==> Configuration for :database_authenticatable
-  # For bcrypt, this is the cost for hashing the password and defaults to 11. If
+  # For bcrypt, this is the cost for hashing the password and defaults to 12. If
   # using other algorithms, it sets how many times you want the password to be hashed.
+  # The number of stretches used for generating the hashed password are stored
+  # with the hashed password. This allows you to change the stretches without
+  # invalidating existing passwords.
   #
   # Limiting the stretches to just one in testing will increase the performance of
   # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
   # a value less than 10 in other environments. Note that, for bcrypt (the default
   # algorithm), the cost increases exponentially with the number of stretches (e.g.
   # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
-  config.stretches = Rails.env.test? ? 1 : 11
+  config.stretches = Rails.env.test? ? 1 : 12
 
   # Set up a pepper to generate the hashed password.
   # config.pepper = '<%= SecureRandom.hex(64) %>'
@@ -244,14 +256,14 @@ Devise.setup do |config|
 
   # ==> Navigation configuration
   # Lists the formats that should be treated as navigational. Formats like
-  # :html, should redirect to the sign in page when the user does not have
+  # :html should redirect to the sign in page when the user does not have
   # access, but formats like :xml or :json, should return 401.
   #
   # If you have any extra navigational formats, like :iphone or :mobile, you
   # should add them to the navigational formats lists.
   #
   # The "*/*" below is required to match Internet Explorer requests.
-  # config.navigational_formats = ['*/*', :html]
+  # config.navigational_formats = ['*/*', :html, :turbo_stream]
 
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
@@ -284,12 +296,14 @@ Devise.setup do |config|
   # so you need to do it manually. For the users scope, it would be:
   # config.omniauth_path_prefix = '/my_engine/users/auth'
 
-  # ==> Turbolinks configuration
-  # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly:
-  #
-  # ActiveSupport.on_load(:devise_failure_app) do
-  #   include Turbolinks::Controller
-  # end
+  # ==> Hotwire/Turbo configuration
+  # When using Devise with Hotwire/Turbo, the http status for error responses
+  # and some redirects must match the following. The default in Devise for existing
+  # apps is `200 OK` and `302 Found` respectively, but new apps are generated with
+  # these new defaults that match Hotwire/Turbo behavior.
+  # Note: These might become the new default in future versions of Devise.
+  config.responder.error_status = :unprocessable_entity
+  config.responder.redirect_status = :see_other
 
   # ==> Configuration for :registerable
 

From 6b17b3ce512aa5c268f56ae29880686f1cac83ba Mon Sep 17 00:00:00 2001
From: Thomas von Deyen <thomas@vondeyen.com>
Date: Thu, 6 Jun 2024 21:51:58 +0200
Subject: [PATCH 2/4] Use at least Devise 4.9

For Turbo support
---
 alchemy-devise.gemspec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/alchemy-devise.gemspec b/alchemy-devise.gemspec
index 5fe6692e..e388ed75 100644
--- a/alchemy-devise.gemspec
+++ b/alchemy-devise.gemspec
@@ -15,8 +15,8 @@ Gem::Specification.new do |s|
 
   s.files = Dir["{app,config,db,lib}/**/*", "LICENSE", "CHANGELOG.md", "README.md"]
 
-  s.add_dependency "alchemy_cms", [">= 7.0.0", "< 8"]
-  s.add_dependency "devise", [">= 4.7.1", "< 5"]
+  s.add_dependency "alchemy_cms", ["~> 7.0"]
+  s.add_dependency "devise", ["~> 4.9"]
 
   s.add_development_dependency "capybara"
   s.add_development_dependency "factory_bot_rails"

From 8e33400f5c1854b061e9d43e98441118e91590fd Mon Sep 17 00:00:00 2001
From: Thomas von Deyen <thomas@vondeyen.com>
Date: Fri, 7 Jun 2024 09:30:14 +0200
Subject: [PATCH 3/4] Stay below sprockets-rails 3.5.0

https://github.com/rails/sprockets-rails/issues/524

until https://github.com/rails/sprockets-rails/pull/525 got
merged
---
 Gemfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Gemfile b/Gemfile
index fac0d4af..522e4beb 100644
--- a/Gemfile
+++ b/Gemfile
@@ -8,6 +8,8 @@ gem "rails", "~> #{rails_version}.0"
 gem "listen", "~> 3.8"
 gem "puma", "~> 6.0"
 
+gem "sprockets-rails", "< 3.5.0"
+
 # Specify your gem's dependencies in alchemy-solidus.gemspec
 gemspec
 

From e68934f97b7d02ba45d636d9dcddcdaece79ec04 Mon Sep 17 00:00:00 2001
From: Thomas von Deyen <thomas@vondeyen.com>
Date: Fri, 7 Jun 2024 09:33:43 +0200
Subject: [PATCH 4/4] Do not install sqlite3 2.0

Because Rails does not support it yet
---
 Gemfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index 522e4beb..1b474e80 100644
--- a/Gemfile
+++ b/Gemfile
@@ -14,7 +14,9 @@ gem "sprockets-rails", "< 3.5.0"
 gemspec
 
 group :test do
-  gem "sqlite3" if ENV["DB"].nil? || ENV["DB"] == "sqlite"
+  if ENV["DB"].nil? || ENV["DB"] == "sqlite"
+    gem "sqlite3", "~> 1.4"
+  end
   gem "mysql2" if ENV["DB"] == "mysql"
   gem "pg", "~> 1.0" if ENV["DB"] == "postgresql"
 end