github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 01:08:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,215 Commits 28 Branches 145 Tags
4-0-stable
Commit Graph

322 Commits

Author SHA1 Message Date
Ralin Chimev
a96b920277 Fix overwriting the remember_token when a valid one already exists (#4101) 
The remember_token should not get overwritten when a user is
signing in and a valid token already exists.

Fixes #3950.
 2016-05-15 12:05:49 -03:00
Justin Bull
d7d9b9e258 🪲 Fix strategy checking in #unlock_strategy_enabled? for :none and undefined strategies 
A bug that if the unlock strategy was set to `:both`, it would return true for all & any inputs

See #4072
 2016-05-02 23:38:39 -03:00
MatBi
274f8f2f87 Should send confirmation instructions after changing email from nil 2016-04-18 19:35:56 +08:00
MatBi
6f9561e64f Refactor a test 2016-04-18 18:30:20 +08:00
MatBi
016b216d95 Change the name of variables to keep the tests consistent 2016-04-18 18:15:32 +08:00
George Guimarães
c4b4411513 Change encryption for hashing in the documentation. 
Throughout the documentations, we are using 'encrypt' incorrectly.
Encrypt means that someone will eventually decrypt the message,
which is obviously not the case for Devise.

I'm changing the docs to use 'hashing' instead.

However, I left the database field as `encrypted_password` for now.
I'll update the db field in an upcoming PR.
 2016-02-10 17:10:52 -02:00
José Valim
7c75ebe672 Merge pull request #3936 from bogdanvlviv/patch-3 
Update confirmable_test.rb
 2016-02-06 20:11:11 +01:00
bogdanvlviv
d9481ff9b8 Update confirmable_test.rb 2016-02-06 20:37:31 +02:00
Bogdan
d3fa53151a change call deprecated method confirm! to confirm in test 2016-02-03 22:09:38 +02:00
Lucas Mazza
7bff3be869 Attempt to coerce the generated_at cookie to a Time object. 
Time objects aren't properly coerced back when using the JSON cookie serialization,
so we need to do it ourselves.

To avoid any new JSON serialization issues, we now store the `generated_at` as
an String with the timestamp seconds + miliseconds in the cookie but still the
previous JSON encoded format.

Thanks to @boblail at https://github.com/plataformatec/devise/pull/3917 for the
initial patch.
 2016-01-29 18:04:16 -02:00
José Valim
d1d8c2f03d Ensure generated_at is a Time 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2016-01-25 11:17:18 +01:00
José Valim
4ec7dc0f27 Store creation timestamp on remember cookies 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2016-01-18 15:17:25 +01:00
Lucas Mazza
dd5de829c9 Merge pull request #3714 from twalpole/rails5 
Rails 5 Support
 2015-12-15 11:44:01 -02:00
Lucas Mazza
2f7834245b Merge pull request #3835 from kv109/master 
test for save in after_create hook breaks devise confirmation [3787]
 2015-12-15 11:36:47 -02:00
Thomas Walpole
2024fca4df Rails 5 compatability. Remove rails < 4.1 and Ruby < 2.1 2015-12-11 09:47:30 -08:00
Stan Hu
f71d843f93 Only clear the reset token on an update 
This solves the issue where a package might do:

```
user = User.new
user.email = 'test@test.com'
token = user.generate_reset_token
user.save

send_reset_email(token)
```

Since the save clears the reset token, the user will receive a stale token that no longer works.

Closes #3774
 2015-12-09 11:14:50 -08:00
José Valim
19b1e2a6bc Merge pull request #3846 from seddy/make_email_optional_on_recoverable 
Allow resources with no email field to be recoverable
 2015-12-09 14:39:32 +01:00
José Valim
901919f25f Revert "Merge pull request #3774 from stanhu/reset-token-only-if-not-persisted" 
This reverts commit 15c38d918f, reversing
changes made to 508c3418f9.
 2015-12-09 14:21:09 +01:00
Lucas Mazza
15c38d918f Merge pull request #3774 from stanhu/reset-token-only-if-not-persisted 
Only clear the reset password token if the model has already been persisted
 2015-12-09 10:54:36 -02:00
Ed Saunders
d98e98fe77 Add a test for when a recoverable resource has a non-AR email field 2015-12-08 16:01:39 +00:00
Kacper Walanus
a0cd4655ba test for save in after_create hook breaks devise confirmation [3787] 2015-11-24 01:54:03 +01:00
Andy Geers
d3f521925e Write unit test for bug fix 2015-11-18 22:21:03 +00:00
Stan Hu
619128cb9b Only clear the reset password token if the model has already been persisted 
If a new user is created with a reset password token, the previous behavior
would automatically clear the token even when it was desired for setting
the password for the first time.
 2015-10-02 12:30:57 -07:00
Adrian Mugnolo
c334179c95 Fix typo: successful 2015-09-30 19:31:49 -03:00
Jon Phenow
e9c82472ff quick comment touch-ups 2015-08-27 10:26:12 -05:00
Jon Phenow
c744dcf07a tests 2015-08-27 10:26:12 -05:00
Vincent Woo
eb640ed344 Do not use digests for confirmation tokens 2015-07-30 01:55:50 -07:00
José Valim
e641b4b7b9 Also reset password token on email change 2015-05-26 15:09:07 +02:00
José Valim
fe49e625e8 Do not accept empty authentication_salt too 2015-05-26 15:04:27 +02:00
José Valim
31901bc862 Clear up reset password token whenever encrypted password changes 2015-05-26 15:00:12 +02:00
Nicolas Viennot
c22e7133b6 Removes the bang in confirm! and reset_password! 
Closes #3412 and #3570.
 2015-04-19 11:47:44 -04:00
Ronald Chan
3f95ac8fec Keep used confirmation tokens for more user friendly error message (fixes #3429) 2015-01-19 22:30:13 +13:00
Brent Wheeldon
cb89e4435c Only set token back if password reset fails. 
This prevents the digested version of the token being saved when a reset
is successful.
 2014-12-01 17:58:18 -05:00
Irfan Ahmed
0e218d8a01 ensuse digested token for reset password token is valid 2014-11-25 18:32:58 +06:00
Tim Scott
3b882dadac Made ensure valid a named param for confirm!, and added a test. 2014-11-19 16:48:35 -06:00
Logan Leger
c7cc91cb65 Update password length validation to 72 characters max 
BCrypt has a limit of 72 characters for the password. Anything beyond 72
characters is truncated. This commit updates the validation to limit
passwords to less than 72 characters, keeping within the limitation.
 2014-11-18 23:10:01 -06:00
James Kiesel
c1864663aa Localize confirmable tests 2014-10-21 02:28:58 +13:00
Lucas Mazza
8e5c098e3a Merge pull request #3153 from plataformatec/lm-rails-4-2 
Rails 4.2 compatibility
 2014-10-03 14:07:59 -03:00
Lucas Mazza
1d8890b773 Merge branch 'master' into lm-rails-4-2 2014-10-03 09:41:23 -03:00
Lucas Mazza
8b15184a25 Use the last_attempt_warning configuration with the lockable unauthenticated_message message. 
This configuration was added in #2687 but it was never used in the real code that
defines what message should be used by the app.
 2014-10-02 18:50:48 -03:00
Lucas Mazza
ed109ac3d5 Merge swap usage into a single method call. 2014-10-02 18:42:46 -03:00
Lucas Mazza
7eeaac9db1 Merge branch 'master' into lm-rails-4-2 2014-09-29 17:30:30 -03:00
Lucas Mazza
39ed332299 Ensure that we sanitize any AC::Parameters in find_or_initialize_with_errors. 
As we are already slicing the Hash, we must be sure that this method will send
 a "safe" object down to the other finder methods that will use the Hash entries
 to do the querying.
 2014-09-18 18:21:05 -03:00
Lucas Mazza
716d128e27 Restore global allow_unconfirmed_access_for after test 2014-09-08 17:38:06 -03:00
alexsoble
039b75ba83 Incorporated edits from @lucasmazza, wrote integration tests for password reminder feature 2014-08-06 11:04:46 -04:00
Lucas Mazza
08d8591dfd Merge pull request #3038 from kushkella/non-bang-method-trackable 
added non-bang version of update_tracked_fields
 2014-05-24 00:58:06 -03:00
Kush Kella
dd56dc7da6 added test for update_tracked_fields method 2014-05-22 11:11:13 -07:00
randoum
4ee2402cd7 lock_access! better failure message 2014-05-16 06:02:11 +08:00
randoum
d8ee3e49cb lock_access! better failure message 2014-05-16 05:57:18 +08:00
Lauro Caetano
f7fdde1ab0 Add the invalidate_all_sessions_on_logout configuration to invalidate 
all the remember me tokens when the user signs out.
 2014-04-04 16:17:26 -03:00