devise

mirror of https://github.com/heartcombo/devise.git synced 2026-01-09 23:58:06 -05:00

Files

Leonardo Tegon fee43f3c11 Always return an error when confirmation_token is blank (#5132 )

As reported in https://github.com/plataformatec/devise/issues/5071, if
for some reason, a user in the database had the `confirmation_token`
column as a blank string, Devise would confirm that user after receiving
a request with a blank `confirmation_token` parameter.
After this commit, a request sending a blank `confirmation_token`
parameter will receive a validation error.
For applications that have users with a blank `confirmation_token` in
the database, it's recommended to manually regenerate or to nullify
them.

2019-09-04 15:42:48 -03:00

authenticatable_test.rb

Add missing specs for #find_or_initialize_with_errors

2018-11-22 18:44:09 -02:00

confirmable_test.rb

Always return an error when confirmation_token is blank (#5132 )

2019-09-04 15:42:48 -03:00

database_authenticatable_test.rb

Revert "[#4245 ] Allowing password to nil (#4261 )"

2019-03-26 10:29:46 -03:00

lockable_test.rb

Make #increment_failed_attempts concurrency safe (#4996 )