55 Commits

Author	SHA1	Message	Date
Diego Rossini Vieira	ab79083696	Prevent password reset token leak via HTTP referer	2016-09-27 19:34:01 -03:00
Lucas Mazza	536279b05b	Replace homemade assert_not matcher in favor of refute.	2016-05-03 13:57:10 -03:00
Lucas Mazza	13285d7ef3	Remove a few Ruby syntax warnings from the test suite.	2016-05-02 10:47:05 -03:00
Thomas Walpole	2024fca4df	Rails 5 compatability. Remove rails < 4.1 and Ruby < 2.1	2015-12-11 09:47:30 -08:00
Michael Borohovski	f0992e4a96	Added an option to not automatically sign in a user after a password reset. This is useful for cases where additional strategies might be needed (such as two-factor authentication, e.g.), or generally if it is considered a security risk to automatically log in a user after a password is reset.	2015-02-13 02:29:11 -08:00
Oleg Pudeyev	47845e44a2	Chase language changes in tests	2014-03-03 10:15:33 -05:00
Anshul Sharma	dc1b399a8b	Updated ruby 1.9 hash syntax	2014-02-25 22:12:55 +05:30
José Valim	3adeba38f5	Merge pull request #2763 from paulanunda/master ... Fixed small grammatical error in en.yml	2013-12-09 21:50:20 -08:00
Erik Michaels-Ober	26e85c44e2	Removed use of gendered pronouns	2013-12-02 10:02:17 +01:00
Paul Anunda	43282f738e	Fixed small grammatical error in en.yml	2013-11-28 10:29:50 -06:00
Vipul A M	ae6a37f796	Cleanup tests for unused variables	2013-09-15 01:52:53 +05:30
Andri Möll	052cbef205	Don't confirm email after password reset. ... Signed-off-by: José Valim <jose.valim@plataformatec.com.br>	2013-08-18 10:13:35 +02:00
José Valim	354e5022bf	Only allow insecure token lookup if a flag is given	2013-08-06 11:55:13 +02:00
Carlos Antonio da Silva	eb0ad1c21a	Merge branch 'master' into rails4	2013-05-07 13:01:34 -03:00
Carlos Antonio da Silva	69f79ad446	Let Devise play with both Rails 3.2 and Rails 4 for now	2013-05-05 19:55:06 -03:00
Vipul A M	2e6457006e	Remove unused variables and fix typos	2013-04-18 10:24:38 +05:30
Carlos Antonio da Silva	3c885e043d	Fix changed error messages from confirmation validation	2013-02-25 22:12:06 -03:00
Carlos Antonio da Silva	86eecc6606	Change "ActionController::IntegrationTest" to "ActionDispatch::IntegrationTest"	2013-01-28 19:58:21 -02:00
Marcin Balinski	ac58c28617	Unlock user when re-setting password and unlock strategy is :email or :both	2012-11-07 10:45:46 +01:00
José Valim	4a24667e80	Revert "Rails 3.2.7 deprecates update_attribute in favor of update_column" ... Rails 3.2.8 is rolling back the deprecations. This reverts commit 7d41072c0e.	2012-08-05 09:24:10 -03:00
Fabio Kreusch	7d41072c0e	Rails 3.2.7 deprecates update_attribute in favor of update_column. Updated projects using Devise output lots of warnings because Devise uses the deprecated version in some places. This commit replaces update_attribute with update_column to fix that.	2012-07-27 17:25:21 -03:00
Gregory Bataille	ff75341c75	Redirect to sign in page when trying to access password#edit without a ... reset_password_token (i.e. not coming from a reset password email)	2012-06-08 10:08:35 +02:00
Rodrigo Flores	8baacecdcf	Fixing tests	2012-05-14 17:53:34 -03:00
Rodrigo Flores	3623215b8c	failed_attempts is set to 0 on sign in	2012-03-19 17:09:22 -03:00
did	bbd117bd92	implementation of a much simpler solution	2011-11-05 16:53:27 +01:00
Jim Herzberg	b98720d324	jh - reworking paranoid mode in passwords controller ... Signed-off-by: José Valim <jose.valim@gmail.com>	2011-10-15 10:45:33 +02:00
Rémy Coutable	ebbabaea5b	After a password reset, don't show "You are now signed in." if the user can't be signed-in anyway.	2011-09-01 00:24:10 +02:00
Benjamin Quorning	a3bff7d6a2	Fix usage of "its" / "it's" in documentation	2011-08-16 22:15:25 +02:00
Gabe da Silveira	ed6dfed67f	Resetting password should confirm implicitly	2011-07-29 14:26:19 -07:00
Gabe da Silveira	3488066031	Spelling correction	2011-07-29 14:17:31 -07:00
Rodrigo Flores	8ef5534d92	Moved the test to after the XML tests	2011-06-22 21:04:50 -03:00
Rodrigo Flores	b37055fa47	Added a test to return empty json	2011-06-22 19:38:21 -03:00
Rodrigo Flores	7d160650b8	Using the same url in success and failure	2011-06-22 12:52:10 -03:00
Rodrigo Flores	09baf2091e	Refactored the tests to use swap	2011-06-22 12:50:34 -03:00
Rodrigo Flores	135a94b4f7	Added a test for the paranoid mode on recoverable	2011-06-22 12:50:34 -03:00
José Valim	e242ca0937	Fix failing tests.	2011-06-10 11:10:56 +02:00
Stefan Wrobel	8e87a2d80d	Add strip_whitespace_keys which works like case_insensitive_keys but strips whitespace from emails	2011-06-10 01:37:43 -07:00
Prem Sichanugrist	97f0bacfa0	Add support for non-navigational formats in PasswordsController ... Signed-off-by: José Valim <jose.valim@gmail.com>	2011-03-30 13:39:08 +02:00
Andrew Dahl	8d1e23c67d	add unit and integration tests for case insensitive keys	2010-11-20 15:54:01 +01:00
José Valim	e01dccaefb	Fix recoverable tests.	2010-09-30 09:05:11 +02:00
RStankov	850afec96e	make User#send_reset_password_instructions to require all authentication_keys ... Signed-off-by: José Valim <jose.valim@gmail.com>	2010-09-21 11:47:07 +02:00
José Valim	8db559148c	All tests green on latest Rails beta.	2010-04-13 23:28:13 +02:00
José Valim	23e608e27b	No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3.	2010-04-03 11:43:31 +02:00
José Valim	597a930c74	We do not use t() helpers in views, so there is no reason why this particular one should use them.	2010-03-30 20:06:56 +02:00
José Valim	ca4e09390e	Compatibility with Ruby 1.9.1 and 1.9.2.	2010-03-26 11:27:19 +01:00
José Valim	33941d1f62	All tests passing (except two which are errors in Rails). Now generators and initialization process.	2010-02-16 21:23:58 +01:00
José Valim	c146cad448	Ensure inactive user cannot sign in.	2010-02-05 21:36:19 +01:00
José Valim	35a8d13369	Tests passing for ActiveRecord and MongoMapper.	2009-12-21 21:10:23 +01:00
Carlos A. da Silva	8d85db3b57	Sign user in automatically after confirming or changing it's password	2009-10-18 10:36:20 -02:00
Carlos A. da Silva	29ea916e9f	Fix clearing reset password token while reseting password.	2009-10-18 09:54:53 -02:00