AtHeartEngineer/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-11 00:27:55 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,184 Commits 28 Branches 145 Tags
v2.2
Commit Graph

308 Commits

Author SHA1 Message Date
José Valim
cd982123a8 Release 2.2.7 2013-08-18 10:29:38 +02:00
José Valim
a44002c68b Fix the build 2013-08-09 10:21:22 +02:00
José Valim
60f3c678e6 Skip storage for cookies on unverified requests 2013-08-09 09:33:19 +02:00
José Valim
415fa2ad21 Protect against CSRF token fixation attacks 2013-08-02 23:16:32 +02:00
Carlos Antonio da Silva
d9d5ae3d58 Correct OrderedHash initialization to ensure keys order in 1.8.7 
This should hopefully fix the build with 1.8.7 🙏
 2013-05-01 21:35:03 -03:00
Vasiliy Ermolovich
dceb788c6b fix OrderedHash initialization 2013-04-23 10:37:10 +03:00
Vasiliy Ermolovich
fae8e977e8 use ordered hash to fix tests on ruby 1.8 2013-04-22 22:42:49 +03:00
Carlos Antonio da Silva
b8c5d76c5a Merge pull request #2380 from vipulnsward/fix_warnings 
fix some warnings
 2013-04-19 15:53:43 -07:00
Vipul A M
b871bd5036 fix some warning 2013-04-19 19:08:20 +05:30
Vipul A M
2e6457006e Remove unused variables and fix typos 2013-04-18 10:24:38 +05:30
José Valim
5bf4f57fcf Tidy up devise configuration 2013-04-13 22:07:54 -07:00
José Valim
1b8fd7c2ff Merge pull request #2271 from robhurring/master 
Allowing http token auth to set the token_authentication_key if missing from params
 2013-04-13 21:39:36 -07:00
Matt Jones + Tony Schneider
f4ceecece4 Allow explicit configuration of http auth key 
- Fix basic auth case in which authorized_keys is configured as hash
- Duplicate existing functionality when http_auth_key is not explicitly
  set
 2013-03-04 12:23:05 -05:00
Philipe Fatio
c22d755cf4 Make use of warden's scoped serialization 2013-02-25 07:38:42 +01:00
Rob
547439d94c renaming devise option "allow_authorization_to_set_auth_token" to "allow_token_authenticatable_via_headers" 2013-02-10 12:50:52 -05:00
Rob
84f743c4ef adding http token auth options to env[devise.token_options] 2013-02-10 12:48:02 -05:00
Rob
3025b7e2f7 Allow http token authorization to set token_authentication_key in place of passing it in via params 
It will not override existing token_authentication_key params if they are present.
 2013-02-09 15:12:36 -05:00
Drew Ulmer
c9c1e13743 Add test for Issue #2190 
Seems to be passing for me.
 2013-01-31 10:05:53 -06:00
José Valim
25296d8c6f Add tests for sign out with redirect, related to #2249 2013-01-30 08:28:51 -07:00
Carlos Antonio da Silva
86eecc6606 Change "ActionController::IntegrationTest" to "ActionDispatch::IntegrationTest" 2013-01-28 19:58:21 -02:00
Carlos Antonio da Silva
0061f113db Fix indent [ci skip] 2013-01-20 21:49:45 -02:00
Vasiliy Ermolovich
d3f8bd6cae add key option to rememberable_options 
closes #2218
 2013-01-20 23:16:25 +03:00
Vasiliy Ermolovich
9913fde749 use click_button for canceling account in integration specs 2013-01-12 14:12:05 +03:00
Alan Larkin
84b8188db9 Added failing integration test for XHR invocation of SessionsController#destroy with */*' in the Accept' header. 2013-01-06 03:49:59 +00:00
José Valim
839e8fc8ac Show if there is an e-mail waiting for confirmation, closes #2060 2012-12-13 09:13:33 +01:00
José Valim
e1fde192f2 Update CHANGELOG 2012-12-13 08:43:43 +01:00
Gabe Martin-Dempesy
130d684198 Change failure key for missing database resource to :invalid_email 2012-11-19 15:49:21 -08:00
Jared Morgan
f044916f94 Use correct current_password in RegistrationTest of invalid confirmation 
In DatabaseAuthenticatable#update_with_password, password is now deleted if
the current_password is invalid. dm-validations will not check the
confirmation in that case, so this test was failing in dm-devise.
 2012-11-15 12:21:11 -06:00
Durran Jordan
d821275588 Fix spec failures for Mongoid 3. 
This has no actual changes to Devise itself, just fixes the failing
tests when running against Mongoid 3 instead of Mongoid 2.

Mocha has been locked at 0.10.0 since 0.12.0 raises an error when trying
to set an expectation on a frozen object.

Tests were updated to work with both AR and Mongoid, some cases the XML
serialization was slightly different but both were outputting correct
and valid XML, and the id/_id field mismatch is now handled.

An active field was missing from the test models for Mongoid, and the
invalid :null => true options in field were removed.
 2012-11-10 20:02:58 +01:00
Marcin Balinski
ac58c28617 Unlock user when re-setting password and unlock strategy is :email or :both 2012-11-07 10:45:46 +01:00
Drew Ulmer
f79bb31ee6 Add failing test for Issue #1994 
Lockable should not leak information about account existence if paranoid
mode is on.
 2012-10-25 16:20:21 -05:00
José Valim
4a24667e80 Revert "Rails 3.2.7 deprecates update_attribute in favor of update_column" 
Rails 3.2.8 is rolling back the deprecations.

This reverts commit 7d41072c0e.
 2012-08-05 09:24:10 -03:00
Fabio Kreusch
7d41072c0e Rails 3.2.7 deprecates update_attribute in favor of update_column. Updated projects using Devise output lots of warnings because Devise uses the deprecated version in some places. This commit replaces update_attribute with update_column to fix that. 2012-07-27 17:25:21 -03:00
Víctor Manuel Cruz Dueñas
73f617db7b Checking if unconfirmed_email has changed before to set update_needs_confirmation flash message. 
Conflicts:

	test/integration/registerable_test.rb

Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2012-07-23 16:20:51 +02:00
Nils Landt
dcada8fe75 Refactor according to line notes from josevalim 
- rename reset_password_within to confirm_within
- confirmation_period_valid? is back and memoized
- fix hash syntax to hashrocket
 2012-07-22 14:02:27 +02:00
Nils Landt
f80cecc864 Remove unnecessary include 2012-07-16 11:50:46 +02:00
Nils Landt
1d6ee13aae Refactor according to rodrigoflores 
- Favor using update_attribute instead of constructor parameters in user
  factory for tests
- Test for accurate error message when confirmation token is expired
- Don't check twice whether the confirmation period is expired
 2012-07-16 11:20:01 +02:00
Nils Landt
6e48fcee76 Fix tests for email token expiration 
The tests work now, but are a bit wonky because User.create does things
I don't understand.
 2012-07-11 18:30:36 +02:00
Nils Landt
87f2fa9767 Add options to expire confirmation tokens 
With this patch, functionality is added to expire the confirmation
tokens that are being sent by email.
For example, if a token is valid for 3 days only, it cannot be used for
confirmation on the 4th day.
 2012-07-09 14:43:12 +02:00
Carlos Galdino
c179cef365 Change the minimum password length to 8 2012-07-06 11:46:46 -03:00
dblock
619826fbc8 Test that confirms that #1948 is not an issue. 2012-06-25 18:33:48 -04:00
José Valim
4bc2ff997a Timeout does not explode when reset_authentication_token! is accidentally defined by Active Model 2012-06-16 14:04:34 +02:00
José Valim
41a91188f5 Do not trigger timeout on sign in related actions 2012-06-16 13:24:07 +02:00
Chris Oliver
37c55eb192 Added tests for flexible routing constraints 2012-06-15 13:06:29 -05:00
José Valim
c4818a9fb2 Reorganize tests slightly 2012-06-15 11:15:03 +02:00
Gregory Bataille
ff75341c75 Redirect to sign in page when trying to access password#edit without a 
reset_password_token (i.e. not coming from a reset password email)
 2012-06-08 10:08:35 +02:00
Rodrigo Flores
8baacecdcf Fixing tests 2012-05-14 17:53:34 -03:00
Julian Vargas
6664acd27f Use 'head :no_content' in sessions_controller#destroy 
Code cleanup for returning headers instead of an empty string
when destroying sessions.

Lines 464 and 471 on test/integration/autenticatable_test.rb
were adjusted to assert on :no_content
 2012-05-02 22:40:53 -05:00
Rodrigo Flores
07ef99a8f0 Changelog and a minor change on the test title 2012-04-04 17:27:41 -03:00
Rodrigo Flores
857af600f7 Merge pull request #1722 from Antiarchitect/master 
Token regeneration on session timeout.
 2012-04-04 13:23:27 -07:00