AtHeartEngineer/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-10 08:08:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: AtHeartEngineer:00a97782cb91104a72ea68d8f62ca8aa0e6eb101
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5
...
compare: AtHeartEngineer:v3.5.7
Branches Tags
AtHeartEngineer:main AtHeartEngineer:update-rack-unprocessable_content AtHeartEngineer:ca-devise-locale-throw AtHeartEngineer:password-length-dynamic AtHeartEngineer:4-stable AtHeartEngineer:mf-issue-5140 AtHeartEngineer:mf-check-for-devise-parent-mailer AtHeartEngineer:5-rc AtHeartEngineer:3-stable AtHeartEngineer:let-unsafe-redirect AtHeartEngineer:test-mongoid AtHeartEngineer:drv-improve-reset-token AtHeartEngineer:lm-jruby AtHeartEngineer:4-0-stable AtHeartEngineer:4-1-stable AtHeartEngineer:gh-pages AtHeartEngineer:v3.2 AtHeartEngineer:v2.2 AtHeartEngineer:v3.0 AtHeartEngineer:v3.1 AtHeartEngineer:v2.0 AtHeartEngineer:v2.1 AtHeartEngineer:v1.5 AtHeartEngineer:v1.0 AtHeartEngineer:v1.4 AtHeartEngineer:v1.3 AtHeartEngineer:v1.2 AtHeartEngineer:v1.1
AtHeartEngineer:v5.0.0.rc AtHeartEngineer:v4.9.4 AtHeartEngineer:v4.9.3 AtHeartEngineer:v4.9.2 AtHeartEngineer:v4.9.1 AtHeartEngineer:v4.9.0 AtHeartEngineer:v4.8.1 AtHeartEngineer:v4.8.0 AtHeartEngineer:v4.7.3 AtHeartEngineer:v4.7.2 AtHeartEngineer:v4.7.1 AtHeartEngineer:v4.7.0 AtHeartEngineer:v4.6.2 AtHeartEngineer:v4.6.1 AtHeartEngineer:v4.6.0 AtHeartEngineer:v4.5.0 AtHeartEngineer:v4.4.3 AtHeartEngineer:v4.4.2 AtHeartEngineer:v4.4.1 AtHeartEngineer:v4.4.0 AtHeartEngineer:v4.3.0 AtHeartEngineer:v4.2.1 AtHeartEngineer:v4.2.0 AtHeartEngineer:v3.5.10 AtHeartEngineer:v4.0.3 AtHeartEngineer:v4.1.1 AtHeartEngineer:v4.1.0 AtHeartEngineer:v3.5.9 AtHeartEngineer:v4.0.2 AtHeartEngineer:v4.0.1 AtHeartEngineer:v3.5.8 AtHeartEngineer:v3.5.7 AtHeartEngineer:v4.0.0 AtHeartEngineer:v4.0.0.rc2 AtHeartEngineer:v4.0.0.rc1 AtHeartEngineer:v3.5.6 AtHeartEngineer:v3.5.5 AtHeartEngineer:v3.5.4 AtHeartEngineer:v3.5.3 AtHeartEngineer:v3.5.2 AtHeartEngineer:v3.5.1 AtHeartEngineer:v3.5.0 AtHeartEngineer:v3.4.1 AtHeartEngineer:v3.4.0 AtHeartEngineer:v3.3.0 AtHeartEngineer:v3.2.4 AtHeartEngineer:v3.2.3 AtHeartEngineer:v3.2.2 AtHeartEngineer:v3.2.1 AtHeartEngineer:v2.2.8 AtHeartEngineer:v3.0.4 AtHeartEngineer:v3.1.2 AtHeartEngineer:v3.2.0 AtHeartEngineer:v3.1.1 AtHeartEngineer:v3.1.0 AtHeartEngineer:v2.0.6 AtHeartEngineer:v2.1.4 AtHeartEngineer:v2.2.7 AtHeartEngineer:v3.0.3 AtHeartEngineer:v3.1.0.rc2 AtHeartEngineer:v3.1.0.rc AtHeartEngineer:v2.2.6 AtHeartEngineer:v3.0.2 AtHeartEngineer:v3.0.1 AtHeartEngineer:v2.2.5 AtHeartEngineer:v3.0.0 AtHeartEngineer:v3.0.0.rc AtHeartEngineer:v2.2.4 AtHeartEngineer:v2.2.3 AtHeartEngineer:v2.2.2 AtHeartEngineer:v2.2.1 AtHeartEngineer:v2.2.0 AtHeartEngineer:v2.2.0.rc AtHeartEngineer:v2.1.2 AtHeartEngineer:v2.1.1 AtHeartEngineer:v2.1.0 AtHeartEngineer:v2.1.0.rc2 AtHeartEngineer:v2.1.0.rc AtHeartEngineer:v2.0.4 AtHeartEngineer:v2.0.3 AtHeartEngineer:v2.0.2 AtHeartEngineer:v2.0.1 AtHeartEngineer:v2.0.0 AtHeartEngineer:v2.0.0.rc2 AtHeartEngineer:v2.0.0.rc AtHeartEngineer:v1.5.3 AtHeartEngineer:v1.5.2 AtHeartEngineer:v1.5.1 AtHeartEngineer:v1.5.0 AtHeartEngineer:v1.5.0.rc1 AtHeartEngineer:v1.5.0.rc AtHeartEngineer:v1.4.9 AtHeartEngineer:v1.4.8 AtHeartEngineer:v1.4.7 AtHeartEngineer:v1.4.6 AtHeartEngineer:v1.4.5 AtHeartEngineer:v1.4.4 AtHeartEngineer:v1.4.3 AtHeartEngineer:v1.4.2 AtHeartEngineer:v1.4.1 AtHeartEngineer:v1.4.0 AtHeartEngineer:v1.3.4 AtHeartEngineer:v1.3.3 AtHeartEngineer:v1.3.2 AtHeartEngineer:v1.3.1 AtHeartEngineer:v1.3.0 AtHeartEngineer:v1.2.1 AtHeartEngineer:v1.2.0 AtHeartEngineer:v1.1.9 AtHeartEngineer:v1.0.11 AtHeartEngineer:v1.1.8 AtHeartEngineer:v1.2.rc2 AtHeartEngineer:v1.1.7 AtHeartEngineer:v1.1.6 AtHeartEngineer:v1.1.5 AtHeartEngineer:v1.0.9 AtHeartEngineer:v1.1.4 AtHeartEngineer:v1.2.rc AtHeartEngineer:v1.1.3 AtHeartEngineer:v1.1.2 AtHeartEngineer:v1.1.1 AtHeartEngineer:v1.1.0 AtHeartEngineer:v1.1.rc2 AtHeartEngineer:v1.0.8 AtHeartEngineer:v1.0.7 AtHeartEngineer:v1.1.rc1 AtHeartEngineer:v1.0.6 AtHeartEngineer:v1.1.rc0 AtHeartEngineer:v1.0.5 AtHeartEngineer:v1.0.4 AtHeartEngineer:v1.1.pre4 AtHeartEngineer:v1.1.pre3 AtHeartEngineer:v1.0.3 AtHeartEngineer:v1.1.pre2 AtHeartEngineer:v1.0.2 AtHeartEngineer:v1.1.pre AtHeartEngineer:v1.0.1 AtHeartEngineer:v1.0.0 AtHeartEngineer:v0.9.2 AtHeartEngineer:v0.9.1 AtHeartEngineer:v0.9.0 AtHeartEngineer:v0.8.2 AtHeartEngineer:v0.8.1 AtHeartEngineer:v0.8.0 AtHeartEngineer:v0.7.5

16 Commits
00a97782cb ... v3.5.7

Author SHA1 Message Date
Ulisses Almeida
812c1de8e8 Release 3.5.7 version. 2016-04-18 11:57:22 -03:00
Ulisses Almeida
a0f266c584 📝 Update CHANGELOG 2016-04-18 11:48:18 -03:00
Ulisses Almeida
ad99bfe6ef Fix remember me always extending the period 
Now the config `extend_remember_period` is used to:

`true` - Every time the user authentication is validated, the
cookie expiration is updated.
`false` - Does not updates the cookie expiration.

Closes #3994
 2016-04-18 11:47:56 -03:00
Lucas Mazza
89931ed533 Release 3.5.6. 2016-02-01 09:09:55 -02:00
Lucas Mazza
57fdae1e48 Attempt to coerce the generated_at cookie to a Time object. 
Time objects aren't properly coerced back when using the JSON cookie serialization,
so we need to do it ourselves.

To avoid any new JSON serialization issues, we now store the `generated_at` as
an String with the timestamp seconds + miliseconds in the cookie but still the
previous JSON encoded format.

Thanks to @boblail at https://github.com/plataformatec/devise/pull/3917 for the
initial patch.
 2016-01-31 16:25:10 -02:00
Lucas Mazza
30e494580c Refactor Rememberable.serialized_in_cookie? to split class/instance API. 
We now expose a `remember_me?` instance method as internal API for the controller
layer check if the remember me cookie is still valid.
 2016-01-27 14:45:14 -02:00
José Valim
048d05a553 Ensure generated_at is a Time 2016-01-25 11:17:05 +01:00
José Valim
8cbdeb54a5 Release v3.5.5 2016-01-22 20:22:34 +01:00
José Valim
14affc8a55 Do not timeout if remember me is enabled 2016-01-22 16:18:57 +01:00
José Valim
eb0f0b662f Readd remember_expired? 2016-01-22 15:57:57 +01:00
José Valim
1516a0ae6d Release v3.5.4 2016-01-18 15:12:07 +01:00
José Valim
c92996646a Store creation timestamp on remember cookies 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2016-01-18 14:47:31 +01:00
Kacper Walanus
ba5dd0a41a test for save in after_create hook breaks devise confirmation [3787] 2015-12-15 11:41:48 -02:00
Christian Macias
f63be5039a changed email_was !='' to email_was.present? 2015-12-15 11:41:33 -02:00
Christian Macias
f25562fd4b fix for #3787, save in after_create hook breaks devise confirmation 2015-12-15 11:41:33 -02:00
Siva Gollapalli
2a2fd806a8 FIX# Comparing times in UTC 2015-12-15 11:40:59 -02:00
18 changed files with 225 additions and 186 deletions
Expand all files Collapse all files

22
CHANGELOG.md
View File

@@ -1,5 +1,27 @@
### Unreleased
### 3.5.7 - 2016-04-18
* bug fixes
* Fix the `extend_remember_period` configuration. When set to `false` it does
not update the cookie expiration anymore.(by @ulissesalmeida)
### 3.5.6 - 2016-01-02
* bug fixes
* Fix type coercion of the rememberable timestamp stored on cookies.
### 3.5.5 - 2016-22-01
* bug fixes
* Bring back remember_expired? implementation
* Ensure timeouts are not triggered if remember me is being used
### 3.5.4 - 2016-18-01
* bug fixes
* Store creation timestamps on remember cookies
### 3.5.3 - 2015-12-10
* bug fixes

12
Gemfile.lock
View File

@@ -1,7 +1,7 @@
PATH
remote: .
specs:
devise (3.5.3)
devise (3.5.7)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
@@ -48,7 +48,7 @@ GEM
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
arel (6.0.0)
bcrypt (3.1.10)
bcrypt (3.1.11)
bson (3.1.2)
builder (3.2.2)
connection_pool (2.2.0)
@@ -139,8 +139,8 @@ GEM
thor (>= 0.18.1, < 2.0)
rake (10.4.2)
rdoc (4.2.0)
responders (2.1.0)
railties (>= 4.2.0, < 5)
responders (2.1.2)
railties (>= 4.2.0, < 5.1)
ruby-openid (2.7.0)
sprockets (3.2.0)
rack (~> 1.0)
@@ -153,7 +153,7 @@ GEM
thread_safe (0.3.5)
tzinfo (1.2.2)
thread_safe (~> 0.1)
warden (1.2.4)
warden (1.2.6)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
@@ -180,4 +180,4 @@ DEPENDENCIES
webrat (= 0.7.3)
BUNDLED WITH
1.10.6
1.11.2

6
gemfiles/Gemfile.rails-3.2-stable.lock
View File

@@ -49,7 +49,7 @@ GIT
PATH
remote: ..
specs:
devise (3.5.3)
devise (3.5.6)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
@@ -142,7 +142,7 @@ GEM
polyglot
polyglot (>= 0.3.1)
tzinfo (0.3.43)
warden (1.2.4)
warden (1.2.6)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
@@ -169,4 +169,4 @@ DEPENDENCIES
webrat (= 0.7.3)
BUNDLED WITH
1.10.6
1.11.2

59
gemfiles/Gemfile.rails-4.0-stable.lock
View File

@@ -1,6 +1,6 @@
GIT
remote: git://github.com/rails/rails.git
revision: 7ec9c9635bf4d57009135ed11e89d8bf32306d73
revision: 9be9597e510d185ca7964d0a05b4ea2a7f2d50d1
branch: 4-0-stable
specs:
actionmailer (4.0.13)
@@ -43,7 +43,7 @@ GIT
PATH
remote: ..
specs:
devise (3.5.3)
devise (3.5.6)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
@@ -54,24 +54,24 @@ PATH
GEM
remote: https://rubygems.org/
specs:
activerecord-deprecated_finders (1.0.3)
activerecord-deprecated_finders (1.0.4)
arel (4.0.2)
bcrypt (3.1.10)
bson (2.3.0)
bson (3.2.6)
builder (3.1.4)
connection_pool (2.1.3)
concurrent-ruby (1.0.0)
connection_pool (2.2.0)
erubis (2.7.0)
faraday (0.9.1)
faraday (0.9.2)
multipart-post (>= 1.2, < 3)
hashie (3.4.0)
hike (1.2.3)
hashie (3.4.3)
i18n (0.7.0)
jwt (1.4.1)
jwt (1.5.2)
mail (2.6.3)
mime-types (>= 1.16, < 3)
metaclass (0.0.4)
mime-types (2.4.3)
mini_portile (0.6.2)
mime-types (2.99)
mini_portile2 (2.0.0)
minitest (4.7.5)
mocha (1.1.0)
metaclass (~> 0.0.1)
@@ -80,15 +80,15 @@ GEM
moped (~> 2.0.0)
origin (~> 2.1)
tzinfo (>= 0.3.37)
moped (2.0.4)
bson (~> 2.2)
moped (2.0.7)
bson (~> 3.0)
connection_pool (~> 2.0)
optionable (~> 0.2.0)
multi_json (1.11.0)
multi_json (1.11.2)
multi_xml (0.5.5)
multipart-post (2.0.0)
nokogiri (1.6.6.2)
mini_portile (~> 0.6.0)
nokogiri (1.6.7.2)
mini_portile2 (~> 2.0.0.rc2)
oauth2 (0.9.4)
faraday (>= 0.8, < 0.10)
jwt (~> 1.0)
@@ -109,34 +109,31 @@ GEM
omniauth (~> 1.0)
rack-openid (~> 1.3.1)
optionable (0.2.0)
origin (2.1.1)
origin (2.2.0)
orm_adapter (0.5.0)
rack (1.5.2)
rack (1.5.5)
rack-openid (1.3.1)
rack (>= 1.1.0)
ruby-openid (>= 2.1.8)
rack-test (0.6.3)
rack (>= 1.0)
rake (10.4.2)
rdoc (4.2.0)
rake (10.5.0)
rdoc (4.2.1)
responders (1.1.2)
railties (>= 3.2, < 4.2)
ruby-openid (2.7.0)
sprockets (2.12.3)
hike (~> 1.2)
multi_json (~> 1.0)
rack (~> 1.0)
tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.2.4)
sprockets (3.5.2)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (2.3.3)
actionpack (>= 3.0)
activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0)
sqlite3 (1.3.10)
sqlite3 (1.3.11)
thor (0.19.1)
thread_safe (0.3.5)
tilt (1.4.1)
tzinfo (0.3.43)
warden (1.2.4)
tzinfo (0.3.46)
warden (1.2.6)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
@@ -163,4 +160,4 @@ DEPENDENCIES
webrat (= 0.7.3)
BUNDLED WITH
1.10.6
1.11.2

6
gemfiles/Gemfile.rails-4.1-stable.lock
View File

@@ -48,7 +48,7 @@ GIT
PATH
remote: ..
specs:
devise (3.5.3)
devise (3.5.6)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
@@ -142,7 +142,7 @@ GEM
tilt (1.4.1)
tzinfo (1.2.2)
thread_safe (~> 0.1)
warden (1.2.4)
warden (1.2.6)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
@@ -169,4 +169,4 @@ DEPENDENCIES
webrat (= 0.7.3)
BUNDLED WITH
1.10.6
1.11.2

10
gemfiles/Gemfile.rails-4.2-stable.lock
View File

@@ -58,7 +58,7 @@ GIT
PATH
remote: ..
specs:
devise (3.5.3)
devise (3.5.6)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
@@ -146,8 +146,8 @@ GEM
loofah (~> 2.0)
rake (10.4.2)
rdoc (4.2.0)
responders (2.1.0)
railties (>= 4.2.0, < 5)
responders (2.1.1)
railties (>= 4.2.0, < 5.1)
ruby-openid (2.7.0)
sprockets (2.12.3)
hike (~> 1.2)
@@ -164,7 +164,7 @@ GEM
tilt (1.4.1)
tzinfo (1.2.2)
thread_safe (~> 0.1)
warden (1.2.4)
warden (1.2.6)
rack (>= 1.0)
webrat (0.7.3)
nokogiri (>= 1.2.0)
@@ -191,4 +191,4 @@ DEPENDENCIES
webrat (= 0.7.3)
BUNDLED WITH
1.10.6
1.11.2

9
lib/devise/controllers/rememberable.rb
View File

@@ -9,11 +9,18 @@ module Devise
Rails.configuration.session_options.slice(:path, :domain, :secure)
end
def remember_me_is_active?(resource)
return false unless resource.respond_to?(:remember_me)
scope = Devise::Mapping.find_scope!(resource)
_, token, generated_at = cookies.signed[remember_key(resource, scope)]
resource.remember_me?(token, generated_at)
end
# Remembers the given resource by setting up a cookie
def remember_me(resource)
return if env["devise.skip_storage"]
scope = Devise::Mapping.find_scope!(resource)
resource.remember_me!(resource.extend_remember_period)
resource.remember_me!
cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
end

5
lib/devise/hooks/timeoutable.rb
View File

@@ -19,9 +19,10 @@ Warden::Manager.after_set_user do |record, warden, options|
proxy = Devise::Hooks::Proxy.new(warden)
if record.timedout?(last_request_at) && !env['devise.skip_timeout']
if record.timedout?(last_request_at) &&
!env['devise.skip_timeout'] &&
!proxy.remember_me_is_active?(record)
Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)
throw :warden, scope: scope, message: :timeout
end

2
lib/devise/models/confirmable.rb
View File

@@ -254,7 +254,7 @@ module Devise
end
def postpone_email_change?
postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present?
postpone = self.class.reconfirmable && email_changed? && email_was.present? && !@bypass_confirmation_postpone && self.email.present?
@bypass_confirmation_postpone = false
postpone
end

2
lib/devise/models/recoverable.rb
View File

@@ -83,7 +83,7 @@ module Devise
# reset_password_period_valid? # will always return false
#
def reset_password_period_valid?
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago.utc
end
protected

63
lib/devise/models/rememberable.rb
View File

@@ -39,17 +39,17 @@ module Devise
module Rememberable
extend ActiveSupport::Concern
attr_accessor :remember_me, :extend_remember_period
attr_accessor :remember_me
def self.required_fields(klass)
[:remember_created_at]
end
# Generate a new remember token and save the record without validations
# if remember expired (token is no longer valid) or extend_remember_period is true
def remember_me!(extend_period=false)
self.remember_token = self.class.remember_token if generate_remember_token?
self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
# TODO: We were used to receive a extend period argument but we no longer do.
# Remove this for Devise 4.0.
def remember_me!(*)
self.remember_token = self.class.remember_token if respond_to?(:remember_token)
self.remember_created_at ||= Time.now.utc
save(validate: false) if self.changed?
end
@@ -57,19 +57,22 @@ module Devise
# it exists), and save the record without validations.
def forget_me!
return unless persisted?
self.remember_token = nil if respond_to?(:remember_token=)
self.remember_token = nil if respond_to?(:remember_token)
self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
save(validate: false)
end
# Remember token should be expired if expiration time not overpass now.
def remember_expired?
remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
remember_created_at.nil?
end
# Remember token expires at created time + remember_for configuration
def remember_expires_at
remember_created_at + self.class.remember_for
self.class.remember_for.from_now
end
def extend_remember_period
self.class.extend_remember_period
end
def rememberable_value
@@ -102,29 +105,47 @@ module Devise
def after_remembered
end
protected
def remember_me?(token, generated_at)
# TODO: Normalize the JSON type coercion along with the Timeoutable hook
# in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
if generated_at.is_a?(String)
generated_at = time_from_json(generated_at)
end
def generate_remember_token? #:nodoc:
respond_to?(:remember_token) && remember_expired?
# The token is only valid if:
# 1. we have a date
# 2. the current time does not pass the expiry period
# 3. the record has a remember_created_at date
# 4. the token date is bigger than the remember_created_at
# 5. the token matches
generated_at.is_a?(Time) &&
(self.class.remember_for.ago < generated_at) &&
(generated_at > (remember_created_at || Time.now).utc) &&
Devise.secure_compare(rememberable_value, token)
end
# Generate a timestamp if extend_remember_period is true, if no remember_token
# exists, or if an existing remember token has expired.
def generate_remember_timestamp?(extend_period) #:nodoc:
extend_period || remember_expired?
private
def time_from_json(value)
if value =~ /\A\d+\.\d+\Z/
Time.at(value.to_f)
else
Time.parse(value) rescue nil
end
end
module ClassMethods
# Create the cookie key using the record id and remember_token
def serialize_into_cookie(record)
[record.to_key, record.rememberable_value]
[record.to_key, record.rememberable_value, Time.now.utc.to_f.to_s]
end
# Recreate the user based on the stored cookie
def serialize_from_cookie(id, remember_token)
def serialize_from_cookie(*args)
id, token, generated_at = *args
record = to_adapter.get(id)
record if record && !record.remember_expired? &&
Devise.secure_compare(record.rememberable_value, remember_token)
record if record && record.remember_me?(token, generated_at)
end
# Generate a token checking if one does not already exist in the database.

6
lib/devise/models/timeoutable.rb
View File

@@ -26,7 +26,6 @@ module Devise
# Checks whether the user session has expired based on configured time.
def timedout?(last_access)
return false if remember_exists_and_not_expired?
!timeout_in.nil? && last_access && last_access <= timeout_in.ago
end
@@ -36,11 +35,6 @@ module Devise
private
def remember_exists_and_not_expired?
return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?)
remember_created_at && !remember_expired?
end
module ClassMethods
Devise::Models.config(self, :timeout_in)
end

9
lib/devise/strategies/rememberable.rb
View File

@@ -25,8 +25,7 @@ module Devise
end
if validate(resource)
remember_me(resource)
extend_remember_me_period(resource)
remember_me(resource) if extend_remember_me?(resource)
resource.after_remembered
success!(resource)
end
@@ -43,10 +42,8 @@ module Devise
private
def extend_remember_me_period(resource)
if resource.respond_to?(:extend_remember_period=)
resource.extend_remember_period = mapping.to.extend_remember_period
end
def extend_remember_me?(resource)
resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
end
def remember_me?

2
lib/devise/version.rb
View File

@@ -1,3 +1,3 @@
module Devise
VERSION = "3.5.3".freeze
VERSION = "3.5.7".freeze
end

39
test/integration/rememberable_test.rb
View File

@@ -4,7 +4,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
def create_user_and_remember(add_to_token='')
user = create_user
user.remember_me!
raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token }
raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token }
cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
user
end
@@ -92,7 +92,6 @@ class RememberMeTest < ActionDispatch::IntegrationTest
assert_response :success
assert warden.authenticated?(:user)
assert warden.user(:user) == user
assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
end
test 'remember the user before sign up and redirect them to their home' do
@@ -118,6 +117,40 @@ class RememberMeTest < ActionDispatch::IntegrationTest
end
end
test 'extends remember period when extend remember period config is true' do
swap Devise, extend_remember_period: true, remember_for: 1.year do
user = create_user_and_remember
old_remember_token = nil
travel_to 1.day.ago do
get root_path
old_remember_token = request.cookies['remember_user_token']
end
get root_path
current_remember_token = request.cookies['remember_user_token']
refute_equal old_remember_token, current_remember_token
end
end
test 'does not extend remember period when extend period config is false' do
swap Devise, extend_remember_period: false, remember_for: 1.year do
user = create_user_and_remember
old_remember_token = nil
travel_to 1.day.ago do
get root_path
old_remember_token = request.cookies['remember_user_token']
end
get root_path
current_remember_token = request.cookies['remember_user_token']
assert_equal old_remember_token, current_remember_token
end
end
test 'do not remember other scopes' do
create_user_and_remember
get root_path
@@ -135,7 +168,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
test 'do not remember with expired token' do
create_user_and_remember
swap Devise, remember_for: 0 do
swap Devise, remember_for: 0.days do
get users_path
assert_not warden.authenticated?(:user)
assert_redirected_to new_user_session_path

2
test/integration/timeoutable_test.rb
View File

@@ -175,7 +175,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
assert warden.authenticated?(:user)
end
test 'does not crashes when the last_request_at is a String' do
test 'does not crash when the last_request_at is a String' do
user = sign_in_as_user
get edit_form_user_path(user, last_request_at: Time.now.utc.to_s)

14
test/models/confirmable_test.rb
View File

@@ -486,4 +486,18 @@ class ReconfirmableTest < ActiveSupport::TestCase
:unconfirmed_email
]
end
test 'should not require reconfirmation after creating a record' do
user = create_admin
assert !user.pending_reconfirmation?
end
test 'should not require reconfirmation after creating a record with #save called in callback' do
class Admin::WithSaveInCallback < Admin
after_create :save
end
user = Admin::WithSaveInCallback.create(valid_attributes.except(:username))
assert !user.pending_reconfirmation?
end
end

143
test/models/rememberable_test.rb
View File

@@ -13,6 +13,7 @@ class RememberableTest < ActiveSupport::TestCase
user = create_user
user.expects(:valid?).never
user.remember_me!
assert user.remember_created_at
end
test 'forget_me should not clear remember token if using salt' do
@@ -33,13 +34,57 @@ class RememberableTest < ActiveSupport::TestCase
test 'serialize into cookie' do
user = create_user
user.remember_me!
assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
id, token, date = User.serialize_into_cookie(user)
assert_equal id, user.to_key
assert_equal token, user.authenticatable_salt
assert date.is_a?(String)
end
test 'serialize from cookie' do
user = create_user
user.remember_me!
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc)
end
test 'serialize from cookie should accept a String with the datetime seconds and microseconds' do
user = create_user
user.remember_me!
assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc.to_f.to_json)
end
test 'serialize from cookie should return nil with invalid datetime' do
user = create_user
user.remember_me!
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, "2013")
end
test 'serialize from cookie should return nil if no resource is found' do
assert_nil resource_class.serialize_from_cookie([0], "123", Time.now.utc)
end
test 'serialize from cookie should return nil if no timestamp' do
user = create_user
user.remember_me!
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
end
test 'serialize from cookie should return nil if timestamp is earlier than token creation' do
user = create_user
user.remember_me!
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 1.day.ago)
end
test 'serialize from cookie should return nil if timestamp is older than remember_for' do
user = create_user
user.remember_created_at = 1.month.ago
user.remember_me!
assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 3.weeks.ago)
end
test 'serialize from cookie me return nil if is a valid resource with invalid token' do
user = create_user
user.remember_me!
assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc)
end
test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
@@ -93,28 +138,7 @@ class RememberableTest < ActiveSupport::TestCase
resource.forget_me!
end
test 'remember is expired if not created at timestamp is set' do
assert create_resource.remember_expired?
end
test 'serialize should return nil if no resource is found' do
assert_nil resource_class.serialize_from_cookie([0], "123")
end
test 'remember me return nil if is a valid resource with invalid token' do
resource = create_resource
assert_nil resource_class.serialize_from_cookie([resource.id], "123")
end
test 'remember for should fallback to devise remember for default configuration' do
swap Devise, remember_for: 1.day do
resource = create_resource
resource.remember_me!
assert_not resource.remember_expired?
end
end
test 'remember expires at should sum date of creation with remember for configuration' do
test 'remember expires at uses remember for configuration' do
swap Devise, remember_for: 3.days do
resource = create_resource
resource.remember_me!
@@ -125,77 +149,6 @@ class RememberableTest < ActiveSupport::TestCase
end
end
test 'remember should be expired if remember_for is zero' do
swap Devise, remember_for: 0.days do
Devise.remember_for = 0.days
resource = create_resource
resource.remember_me!
assert resource.remember_expired?
end
end
test 'remember should be expired if it was created before limit time' do
swap Devise, remember_for: 1.day do
resource = create_resource
resource.remember_me!
resource.remember_created_at = 2.days.ago
resource.save
assert resource.remember_expired?
end
end
test 'remember should not be expired if it was created within the limit time' do
swap Devise, remember_for: 30.days do
resource = create_resource
resource.remember_me!
resource.remember_created_at = (30.days.ago + 2.minutes)
resource.save
assert_not resource.remember_expired?
end
end
test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do
swap Devise, remember_for: 5.minutes do
resource = create_resource
resource.remember_me!(false)
assert resource.remember_created_at
resource.remember_created_at = old = 10.minutes.ago
resource.save
resource.remember_me!(false)
assert_not_equal old.to_i, resource.remember_created_at.to_i
end
end
test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do
swap Devise, remember_for: 1.year do
resource = create_resource
resource.remember_me!(false)
assert resource.remember_created_at
resource.remember_created_at = old = 10.minutes.ago.utc
resource.save
resource.remember_me!(false)
assert_equal old.to_i, resource.remember_created_at.to_i
end
end
test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do
swap Devise, remember_for: 1.year do
resource = create_resource
resource.remember_me!(true)
assert resource.remember_created_at
resource.remember_created_at = old = 10.minutes.ago
resource.save
resource.remember_me!(true)
assert_not_equal old, resource.remember_created_at
end
end
test 'should have the required_fields array' do
assert_same_content Devise::Models::Rememberable.required_fields(User), [
:remember_created_at