github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-08 22:37:57 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,948 Commits 28 Branches 145 Tags
main
Commit Graph

1298 Commits

Author SHA1 Message Date
Lucas Mazza
7b33a8ef57 Merge pull request #3931 from giantmonkey/fix-spelling-of-verb-set-up 
Spell verb *set up* with a space
 2016-02-10 17:06:38 -02:00
José Valim
7c75ebe672 Merge pull request #3936 from bogdanvlviv/patch-3 
Update confirmable_test.rb
 2016-02-06 20:11:11 +01:00
bogdanvlviv
d9481ff9b8 Update confirmable_test.rb 2016-02-06 20:37:31 +02:00
Bogdan
d3fa53151a change call deprecated method confirm! to confirm in test 2016-02-03 22:09:38 +02:00
Paul Menzel
f2d7b8f740 Spell verb *set up* with a space 
The verb *set up* is spelled with a space [1].

```
$ git grep -l 'to setup' | xargs sed -i 's/to setup/to set up/g'
$ git grep -l '# Setup' | xargs sed -i 's/# Setup/# Set up/g'
$ git grep -l "test 'setup" | xargs sed -i "s/test 'setup/test 'set up/g"
```

Revert the change for *setup block yields self*.

Change the rest manually.

[1] http://www.merriam-webster.com/dictionary/set%20up
 2016-02-02 19:09:19 +01:00
Lucas Mazza
beb8cc8e0b Test against Rails 5 beta 2. 2016-02-02 14:28:34 -02:00
Lucas Mazza
49cf804c62 Merge pull request #3859 from twalpole/unsafe_h 
Explicitly permit rather than using to_unsafe_h
 2016-01-31 16:56:10 -02:00
Lucas Mazza
7bff3be869 Attempt to coerce the generated_at cookie to a Time object. 
Time objects aren't properly coerced back when using the JSON cookie serialization,
so we need to do it ourselves.

To avoid any new JSON serialization issues, we now store the `generated_at` as
an String with the timestamp seconds + miliseconds in the cookie but still the
previous JSON encoded format.

Thanks to @boblail at https://github.com/plataformatec/devise/pull/3917 for the
initial patch.
 2016-01-29 18:04:16 -02:00
José Valim
d1d8c2f03d Ensure generated_at is a Time 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2016-01-25 11:17:18 +01:00
José Valim
b97b3e6e3b Do not timeout if remember me is enabled 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2016-01-22 16:19:10 +01:00
José Valim
4ec7dc0f27 Store creation timestamp on remember cookies 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2016-01-18 15:17:25 +01:00
Lucas Mazza
280d12b81c Merge pull request #3856 from plataformatec/lm-sanitizer-cleanup 
Remove `ParametersSanitizer` inheritance.
 2015-12-21 09:40:59 -02:00
Lucas Mazza
df8b48646b Remove ParametersSanitizer inheritance. 
We no longer need to support the `BaseSanitizer` implementation for apps without
the Strong Parameters API, and this section is lacking a minimal set of
docs to document the expected behavior besides the `README` section.
 2015-12-18 11:39:03 -02:00
djsegal
2006f87b58 Add #3732 helper logic to devise controller: #3864 2015-12-18 04:05:30 -05:00
Thomas Walpole
5d9f6d892f Explicitly permit rather than using to_unsafe_h 2015-12-16 14:14:15 -08:00
Thomas Walpole
302c4e43bd fix Rails 5 test 2015-12-15 10:32:24 -08:00
Lucas Mazza
dd5de829c9 Merge pull request #3714 from twalpole/rails5 
Rails 5 Support
 2015-12-15 11:44:01 -02:00
Lucas Mazza
2f7834245b Merge pull request #3835 from kv109/master 
test for save in after_create hook breaks devise confirmation [3787]
 2015-12-15 11:36:47 -02:00
Thomas Walpole
2024fca4df Rails 5 compatability. Remove rails < 4.1 and Ruby < 2.1 2015-12-11 09:47:30 -08:00
Stan Hu
f71d843f93 Only clear the reset token on an update 
This solves the issue where a package might do:

```
user = User.new
user.email = 'test@test.com'
token = user.generate_reset_token
user.save

send_reset_email(token)
```

Since the save clears the reset token, the user will receive a stale token that no longer works.

Closes #3774
 2015-12-09 11:14:50 -08:00
José Valim
19b1e2a6bc Merge pull request #3846 from seddy/make_email_optional_on_recoverable 
Allow resources with no email field to be recoverable
 2015-12-09 14:39:32 +01:00
José Valim
901919f25f Revert "Merge pull request #3774 from stanhu/reset-token-only-if-not-persisted" 
This reverts commit 15c38d918f, reversing
changes made to 508c3418f9.
 2015-12-09 14:21:09 +01:00
Lucas Mazza
15c38d918f Merge pull request #3774 from stanhu/reset-token-only-if-not-persisted 
Only clear the reset password token if the model has already been persisted
 2015-12-09 10:54:36 -02:00
Lucas Mazza
508c3418f9 Merge pull request #3826 from andygeers/master 
Don't error if resource doesn't need confirming
 2015-12-09 10:52:35 -02:00
Ed Saunders
d98e98fe77 Add a test for when a recoverable resource has a non-AR email field 2015-12-08 16:01:39 +00:00
José Valim
45fc964470 Merge pull request #3739 from stanhu/support-relative-urls-in-failure-app 
Account for relative_url_root in FailureApp's recall method
 2015-11-25 20:03:28 +01:00
Kacper Walanus
a0cd4655ba test for save in after_create hook breaks devise confirmation [3787] 2015-11-24 01:54:03 +01:00
Andy Geers
d3f521925e Write unit test for bug fix 2015-11-18 22:21:03 +00:00
Błażej Pankowiak
9f32f421a5 Allow skipping the timeoutable hook 2015-11-02 23:53:09 +01:00
Stan Hu
619128cb9b Only clear the reset password token if the model has already been persisted 
If a new user is created with a reset password token, the previous behavior
would automatically clear the token even when it was desired for setting
the password for the first time.
 2015-10-02 12:30:57 -07:00
Adrian Mugnolo
c334179c95 Fix typo: successful 2015-09-30 19:31:49 -03:00
Stan Hu
7025f968c6 Account for relative_url_root in FailureApp's recall method 
Closes #3738
 2015-09-06 00:05:19 -07:00
Ryan Mitchell
04e01f49a9 Use builtin matchers in helper tests 2015-08-31 09:58:25 -04:00
Ryan Mitchell
a3da40a701 Wrap helper_method calls in respond_to?(:helper_method) 2015-08-29 05:29:05 -04:00
Lucas Mazza
40258bf100 Remove the custom OmniAuth camelization on teardown. 2015-08-28 11:26:41 -03:00
Timo Schilling
f5e984c151 use OmniAuth::Utils.camelize 
This will display the provider name with the original camelization:
facebook => Facebook
github => GitHub
linkedin => LinkedIn
 2015-08-28 07:51:37 +02:00
Jon Phenow
ab141a8779 move model stubs 2015-08-27 10:26:12 -05:00
Jon Phenow
e9c82472ff quick comment touch-ups 2015-08-27 10:26:12 -05:00
Jon Phenow
c744dcf07a tests 2015-08-27 10:26:12 -05:00
Lucas Mazza
eb091b867f Fix rails g devise:views -v mailer with the Simple Form generator. 
Our Simple Form generator shouldn't be responsible for generating the `mailer`
view directory, so we should skip it and let the Erb generator do the job.

Closes #3254.
 2015-08-27 12:12:13 -03:00
Vincent Woo
eb640ed344 Do not use digests for confirmation tokens 2015-07-30 01:55:50 -07:00
David Rodríguez
4064641967 Remove obsolete expire_auth_token_on_timeout 
This should have been removed in dff7891b97
when token authentication (and the reset_authentication_token! method)
were removed.
 2015-07-11 09:01:22 -03:00
Sean Marzug-McCarthy
d49533bedc Fix default email_regexp config to disallow trailing non-word characters 2015-06-22 15:41:49 +02:00
José Valim
e641b4b7b9 Also reset password token on email change 2015-05-26 15:09:07 +02:00
José Valim
fe49e625e8 Do not accept empty authentication_salt too 2015-05-26 15:04:27 +02:00
José Valim
31901bc862 Clear up reset password token whenever encrypted password changes 2015-05-26 15:00:12 +02:00
José Valim
7952f1336d Merge pull request #3541 from cipater/fix-failureapp 
Use router_name from scope if available
 2015-05-23 22:23:40 +02:00
Magnus von Koeller
a8769933d1 Split out BCrypt hashing to make it reusable 
This logic is generic and reusable -- hash a secret; and take an
unhashed secret and compare it to a hashed secret. This breaks this out
to make it reusable in other places. Specifically, we use this in our
own token auth at Bonobos that we plan to split out as a Devise
extension. This will make that possible without copy & pasting this
code.
 2015-05-06 12:11:09 -07:00
Nicolas Viennot
c22e7133b6 Removes the bang in confirm! and reset_password! 
Closes #3412 and #3570.
 2015-04-19 11:47:44 -04:00
cipater
15d3fc497c Use router_name from scope if available 
Devise.available_router_name currently returns either
Devise.router_name or :main_app. As such, any redirecting is done
within either of those contexts. Which leads to undesirable redirects
for scopes that reside in an isolate_namespace mounted engine.

This commit makes it possible for FailureApp’s redirect behavior to be
performed in the context of the router_name given to devise_for.

Test case added to cover undesirable behavior. Without change to
lib/devise/failure_app.rb, test case throws exception.
 2015-03-30 16:18:05 -07:00