AtHeartEngineer/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-09 07:38:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,293 Commits 28 Branches 145 Tags
v3.0
Commit Graph

874 Commits

Author SHA1 Message Date
José Valim
d559a32646 Release 3.0.3 2013-08-18 10:26:26 +02:00
José Valim
df8e6cf225 Skip storage for cookies on unverified requests 2013-08-08 23:32:18 +02:00
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
José Valim
c4d5a3fdaa No need to assert for a message we won't receive 2013-07-26 10:00:09 +02:00
José Valim
11a77055f1 Merge pull request #2525 from jetthoughts/timeoutable-without-rememberable 
Fixed checking for rememberable in timeoutable
 2013-07-26 00:58:09 -07:00
José Valim
cd1bc53947 Do not generate attr_accessible for any Rails 4 app 2013-07-26 09:22:03 +02:00
Michael Nikitochkin
fffbeb5cc7 Fixed bug when user has field remember_created_at but the module rememberable is not enabled for the user 2013-07-26 10:20:29 +03:00
José Valim
78fedd6c10 Merge pull request #2523 from Neschur/add_method_after_confrimation 
Added method after_confrimation
 2013-07-25 23:59:50 -07:00
Justin Coyne
b7e67115fc When using rails 3.2, the generator adds 'attr_accessible' to the model. Fixes #2515 2013-07-23 22:49:05 -05:00
Siarhei Hanchuk
b7bc8dec12 Added method after_confrimation 2013-07-23 14:19:58 +03:00
Vasiliy Ermolovich
2c1ca126f4 add remember_me to the permitted sign_in params 2013-07-12 22:14:32 +03:00
José Valim
bc598b9da3 Merge pull request #2452 from latortuga/bad-strong-params-on-failed-login 
Add failing test case for bad parameter sanitizing when failing to login
 2013-07-08 23:53:41 -07:00
José Valim
da0323e591 Merge pull request #2419 from plataformatec/issue-2418 
set error to the field specified in unlock_keys config
 2013-07-08 23:52:19 -07:00
José Valim
061e9d7404 Merge pull request #2475 from tkhr/enable_skipping_reconfirmation_notification_but_regenerate_confirmation_token_2 
Enable to skip sending reconfirmation email when reconfirmable is on and skip_confirmation_notification! is invoked
 2013-07-08 23:51:42 -07:00
Drew Ulmer
e029ad7b0c Fix improper login param sanitization permit 
This includes a failing test case that hooks into ActiveSupport
Notifications to catch the param permit error.
 2013-06-25 13:44:39 -05:00
Takehiro Adachi
df2995ce19 Enable to skip sending reconfirmation email when skip_confirmation_notification! is invoked 
We could always generate a confirmation token but not sending a
confirmation email by invoking the skip_confirmation_notification!
method when creating the account.
But there were no way to do that when we were turning on reconfirmable
and updating email.
 2013-06-20 08:21:54 +09:00
José Valim
72cf2481b5 Rename ParamFilter to ParameterFilter for consistency 2013-06-19 09:17:54 +02:00
Steve Slotnick
b194882b23 Renaming get_or_create_*_token to ensure_*_token to match API in token authenticatable 2013-06-12 15:10:14 -07:00
Steve Slotnick
b5909f9b93 changing name from *_token! to get_or_create_*_token 2013-06-11 14:14:17 -07:00
Steve Slotnick
3c9cfa50c0 Adding publicly available methods on Recoverable and Confirmable to retrieve tokens 2013-06-10 19:17:19 -07:00
Kramer Campbell
17e85aa79d Avoid sending confirmations to blank emails. 
At times, validations may be skipped and no email address may be
provided. Such an instance comes when testing uniqueness validations of
specific attributes in a Devise model with confirmable, especially when
using Shoulda matchers.
 2013-05-22 19:48:06 -07:00
Vasiliy Ermolovich
b7079c7cf2 redirect user to the referrer if latest request was not GET after timeout 
closes #2421
 2013-05-19 17:11:34 +03:00
Vasiliy Ermolovich
dd7c3ee91f set error to the field specified in unlock_keys config 
closes #2418
 2013-05-14 17:41:47 +03:00
Carlos Antonio da Silva
eb0ad1c21a Merge branch 'master' into rails4 2013-05-07 13:01:34 -03:00
José Valim
e499fadf52 Use persisted? in order to check if the record was destoryed or not 2013-05-07 08:55:30 -06:00
José Valim
5ad122b928 Fix build for mongoid 2013-05-07 08:47:18 -06:00
José Valim
03f2a6a5e4 Merge pull request #2392 from michiel3/master 
Add destroy_with_password method
 2013-05-07 07:11:47 -07:00
Carlos Antonio da Silva
69f79ad446 Let Devise play with both Rails 3.2 and Rails 4 for now 2013-05-05 19:55:06 -03:00
Victor Cruz Dueñas
d6d61fc5be Adding tests for case_insensitive_keys and strip_whitespace_keys to param filter 2013-05-05 01:02:48 +02:00
Carlos Antonio da Silva
a0058d5fbf Add some spaces, remove comment 2013-05-03 21:52:00 -03:00
Carlos Antonio da Silva
d9d5ae3d58 Correct OrderedHash initialization to ensure keys order in 1.8.7 
This should hopefully fix the build with 1.8.7 🙏
 2013-05-01 21:35:03 -03:00
Michiel Prins
60e933df73 Add destroy_with_password method 2013-04-29 15:06:13 +02:00
Vasiliy Ermolovich
dceb788c6b fix OrderedHash initialization 2013-04-23 10:37:10 +03:00
Vasiliy Ermolovich
fae8e977e8 use ordered hash to fix tests on ruby 1.8 2013-04-22 22:42:49 +03:00
Tan Jun Rong
804fbdf6d5 Fix spelling error, 'reseting' to 'resetting' 2013-04-22 22:25:40 +08:00
Tan Jun Rong
9d5a9c8a61 Add ability to override the redirect path after user has reset their password 2013-04-22 20:22:53 +08:00
Carlos Antonio da Silva
b8c5d76c5a Merge pull request #2380 from vipulnsward/fix_warnings 
fix some warnings
 2013-04-19 15:53:43 -07:00
Vipul A M
b871bd5036 fix some warning 2013-04-19 19:08:20 +05:30
Vipul A M
2e6457006e Remove unused variables and fix typos 2013-04-18 10:24:38 +05:30
José Valim
8a93c34080 Clean up Devise parameter sanitizer 2013-04-13 23:21:46 -07:00
José Valim
5bf4f57fcf Tidy up devise configuration 2013-04-13 22:07:54 -07:00
José Valim
1b8fd7c2ff Merge pull request #2271 from robhurring/master 
Allowing http token auth to set the token_authentication_key if missing from params
 2013-04-13 21:39:36 -07:00
Carlos Antonio da Silva
f75352a373 Merge branch 'master' into rails4 2013-04-13 11:37:48 -03:00
Carlos Antonio da Silva
ac2ebdfb11 Fix session store changed in Rails master 
There's no encrypted cookie store anymore, by default the cookie store
will be encrypted.
 2013-04-13 11:16:11 -03:00
Carlos Antonio da Silva
d89dad5728 Bundle update for both Rails 3.1 and 3.2, update mocha, fix failing tests 2013-04-13 11:08:27 -03:00
Carlos Antonio da Silva
32a141d2a9 Fix typo in test descriptions 2013-04-13 10:54:52 -03:00
Tomas Varneckas
1acd3d1790 Fix devise sender bug with custom devise mailers. 
The devise sender detection must take into account that the default
sender set in the custom devise mailer can be a proc.
 2013-04-12 16:48:48 +03:00
Drew Ulmer
d20fdf87b6 Introduce BaseSanitizer null sanitizer and controller-specific callbacks 
This updates Devise's StrongParameter support to feature:

- A Null base sanitizer to support existing Rails 3.x installations that
  don't want to use StrongParameters yet
- A new, simpler API for ParameterSanitizer: #permit, #permit!, and #forbid
- Overrideable callbacks on a controller-basis, e.g. #create_sessions_params
  for passing the current scope's parameters through StrongParameters and
  a helper method, whitelisted_params, for rolling your own implementations
  of #create_x_params in your own controllers.
- Lots of tests!
 2013-04-10 10:33:50 -05:00
Drew Ulmer
b151d2cfe2 Remove MassAssignment security from Mongoid test shim 2013-04-01 09:00:36 -05:00
Drew Ulmer
e0ffe8f85f Fix internal helper test referencing resource_params 2013-03-31 21:31:54 -05:00