github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 01:08:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,293 Commits 28 Branches 145 Tags
v3.0
Commit Graph

271 Commits

Author SHA1 Message Date
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
José Valim
72cf2481b5 Rename ParamFilter to ParameterFilter for consistency 2013-06-19 09:17:54 +02:00
Carlos Antonio da Silva
eb0ad1c21a Merge branch 'master' into rails4 2013-05-07 13:01:34 -03:00
Vipul A M
2e6457006e Remove unused variables and fix typos 2013-04-18 10:24:38 +05:30
José Valim
5bf4f57fcf Tidy up devise configuration 2013-04-13 22:07:54 -07:00
José Valim
1b8fd7c2ff Merge pull request #2271 from robhurring/master 
Allowing http token auth to set the token_authentication_key if missing from params
 2013-04-13 21:39:36 -07:00
Drew Ulmer
d20fdf87b6 Introduce BaseSanitizer null sanitizer and controller-specific callbacks 
This updates Devise's StrongParameter support to feature:

- A Null base sanitizer to support existing Rails 3.x installations that
  don't want to use StrongParameters yet
- A new, simpler API for ParameterSanitizer: #permit, #permit!, and #forbid
- Overrideable callbacks on a controller-basis, e.g. #create_sessions_params
  for passing the current scope's parameters through StrongParameters and
  a helper method, whitelisted_params, for rolling your own implementations
  of #create_x_params in your own controllers.
- Lots of tests!
 2013-04-10 10:33:50 -05:00
Drew Ulmer
78f137368c Add support for Rails 4 strong_parameters 
This brings support for Rails 4 StrongParameters changes.

- Parameter sanitizing is setup for Devise controllers via
  resource_params except Omniauth Callbacks which doesn't use
  resource_params.

- Change #build_resource to not call resource_params for get requests.
  Parameter sanitizing is only needed when params are posted to the
  server so there's no need to try to construct resource params on get
  requests (new, edit).
 2013-03-31 21:31:48 -05:00
Matt Jones + Tony Schneider
f4ceecece4 Allow explicit configuration of http auth key 
- Fix basic auth case in which authorized_keys is configured as hash
- Duplicate existing functionality when http_auth_key is not explicitly
  set
 2013-03-04 12:23:05 -05:00
Philipe Fatio
c22d755cf4 Make use of warden's scoped serialization 2013-02-25 07:38:42 +01:00
Vasiliy Ermolovich
395a69b4ef allow_unconfirmed_access_for set to nil means unconfirmed access for unlimited time 
closes #2275
 2013-02-13 21:17:38 +03:00
Rob
547439d94c renaming devise option "allow_authorization_to_set_auth_token" to "allow_token_authenticatable_via_headers" 2013-02-10 12:50:52 -05:00
Rob
3025b7e2f7 Allow http token authorization to set token_authentication_key in place of passing it in via params 
It will not override existing token_authentication_key params if they are present.
 2013-02-09 15:12:36 -05:00
Vasiliy Ermolovich
d3f8bd6cae add key option to rememberable_options 
closes #2218
 2013-01-20 23:16:25 +03:00
Jay Shepherd
cc017b1f0d Allow parent_mailer to be customizable via Devise.parent_mailer, useful for engines 2013-01-18 02:26:41 -06:00
Anatoliy Kukul
adc9a45f05 Used other regxp 2012-11-19 13:58:19 +02:00
Anatoliy Kukul
50186474d4 Fix default email_regexp config to not allow spaces 
Default email_regexp config accepted emails with spaces. e.g.: "test user@test server.com" http://rubular.com/r/jXGS8pmumd
Changed regexp to not allow spaces in email. e.g.:  http://rubular.com/r/tTD9PytGEp
 2012-11-19 13:40:54 +02:00
José Valim
bdf0bc7b1e Revert "Revert "New password default minimum length is now 8"" 
This reverts commit b1f490a2f8.
Actually, the implementation was good!
 2012-07-24 23:41:17 +02:00
José Valim
b1f490a2f8 Revert "New password default minimum length is now 8" 
This reverts commit 2950434ed3.
It is backwards incompatible, we need a better migration plan.
 2012-07-24 22:41:13 +02:00
José Valim
f4db03d31c Do not add ActionView::Helpers::DateHelper to all models 2012-07-23 15:59:17 +02:00
Nils Landt
dcada8fe75 Refactor according to line notes from josevalim 
- rename reset_password_within to confirm_within
- confirmation_period_valid? is back and memoized
- fix hash syntax to hashrocket
 2012-07-22 14:02:27 +02:00
Nils Landt
87f2fa9767 Add options to expire confirmation tokens 
With this patch, functionality is added to expire the confirmation
tokens that are being sent by email.
For example, if a token is valid for 3 days only, it cannot be used for
confirmation on the 4th day.
 2012-07-09 14:43:12 +02:00
Rodrigo Flores
2950434ed3 New password default minimum length is now 8 2012-07-06 13:41:28 -03:00
Carlos Galdino
c179cef365 Change the minimum password length to 8 2012-07-06 11:46:46 -03:00
Zamith
512b52e23a Adding option to change omniauth path prefix 2012-06-08 17:50:33 +01:00
Nikita Pomyashchiy
b6abc4623b Remove autoload of deprecated devise/schema 2012-05-17 13:13:19 +04:00
Rodrigo Flores
bb6d7334d0 Fixing gem name 2012-05-09 18:04:40 -03:00
Rodrigo Flores
0d868b9ec1 Removed ENCRYPTORS_LENGTH 2012-05-09 08:42:37 -03:00
Rodrigo Flores
5f440dfe13 Removing encryptors and its autoloads 2012-05-07 16:50:35 -03:00
Rodrigo Flores
768f8832b9 Removing encryptable module 2012-05-07 16:37:16 -03:00
José Valim
32f20dddd6 Get rid of deprecated code 2012-05-06 13:13:53 +02:00
José Valim
b07dd76453 Remove faux bcrypt encryptor from Devise (it was never released and it wont be until we solve the encryptable issue 2012-05-06 12:49:53 +02:00
Andrey Voronkov
7ecbba089f Authentication token expiration on session timeout 2012-04-02 20:48:23 +04:00
Rodrigo Flores
9203651110 Moved BCrypt logic to a encryptor 2012-03-09 16:38:06 -03:00
Rodrigo Flores
1a41fff009 Bye PathChecker 2012-02-16 15:25:06 -02:00
José Valim
df8ac1cfe6 Clean up remember token related config. 2012-02-16 12:30:04 +01:00
José Valim
27a83f3dd3 Ensure Devise.available_router_name is never nil, closes #1648 2012-02-15 17:13:57 +01:00
José Valim
dc37b82298 Show a warning message in case routes are not mounted in the main app. 2012-02-07 10:56:30 +01:00
José Valim
897c1c684e Allow router_name to be customizable via Devise.router_name, useful for engines 2012-01-02 22:43:07 +01:00
José Valim
d9df632671 Get rid of InternalHelpers, refactor scoped views for more performant behavior. 2012-01-02 22:01:28 +01:00
José Valim
0b55ebb150 Remove 3.0 related code. 2012-01-02 21:04:54 +01:00
José Valim
7c11564613 Remove Rails 3.0 only code. 2012-01-02 20:43:39 +01:00
José Valim
c3f864f2b6 Allow parent controller to be customizable. 2012-01-02 20:39:22 +01:00
José Valim
fd0e929087 Generate session routes for token authentication, but mark it as no_input. 2012-01-02 19:38:02 +01:00
José Valim
273c5e99c1 Add space between messages. 2011-12-19 13:30:33 +01:00
José Valim
7ba37b5dc0 Improve messages. 2011-12-19 13:21:17 +01:00
José Valim
5a11c6597c Usage of Devise.stateless_token= is deprecated in favor of appending :token_auth to Devise.skip_session_storage 2011-12-11 20:39:41 +01:00
José Valim
930b324c15 Usage of confirm_within was deprecated in favor allow_unconfirmed_access_for 2011-12-11 20:18:02 +01:00
José Valim
bd27bf7677 Deprecate and disable old behavior accumulated with time. 2011-12-04 23:58:19 +01:00
José Valim
6d681c5b8a Merge remote-tracking branch 'heimidal/updates' into reconfirm 
Conflicts:
	lib/devise/models/confirmable.rb
	test/support/helpers.rb
 2011-12-04 20:58:41 +01:00