github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-04-28 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,518 Commits 33 Branches 149 Tags
v3.2
Commit Graph

64 Commits

Author SHA1 Message Date
Anshul Sharma
dc1b399a8b Updated ruby 1.9 hash syntax 2014-02-25 22:12:55 +05:30
José Valim
f5a77ac598 Skip storage for cookies on unverified requests 2013-08-05 10:24:11 +02:00
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
Carlos Antonio da Silva
7998d6f878 Match full template name 2013-02-25 22:12:06 -03:00
Philipe Fatio
c22d755cf4 Make use of warden's scoped serialization 2013-02-25 07:38:42 +01:00
Drew Ulmer
c9c1e13743 Add test for Issue #2190 
Seems to be passing for me.
 2013-01-31 10:05:53 -06:00
José Valim
25296d8c6f Add tests for sign out with redirect, related to #2249 2013-01-30 08:28:51 -07:00
Carlos Antonio da Silva
86eecc6606 Change "ActionController::IntegrationTest" to "ActionDispatch::IntegrationTest" 2013-01-28 19:58:21 -02:00
Alan Larkin
84b8188db9 Added failing integration test for XHR invocation of SessionsController#destroy with */*' in the Accept' header. 2013-01-06 03:49:59 +00:00
Durran Jordan
d821275588 Fix spec failures for Mongoid 3. 
This has no actual changes to Devise itself, just fixes the failing
tests when running against Mongoid 3 instead of Mongoid 2.

Mocha has been locked at 0.10.0 since 0.12.0 raises an error when trying
to set an expectation on a frozen object.

Tests were updated to work with both AR and Mongoid, some cases the XML
serialization was slightly different but both were outputting correct
and valid XML, and the id/_id field mismatch is now handled.

An active field was missing from the test models for Mongoid, and the
invalid :null => true options in field were removed.
 2012-11-10 20:02:58 +01:00
Carlos Galdino
c179cef365 Change the minimum password length to 8 2012-07-06 11:46:46 -03:00
Chris Oliver
37c55eb192 Added tests for flexible routing constraints 2012-06-15 13:06:29 -05:00
José Valim
c4818a9fb2 Reorganize tests slightly 2012-06-15 11:15:03 +02:00
Julian Vargas
6664acd27f Use 'head :no_content' in sessions_controller#destroy 
Code cleanup for returning headers instead of an empty string
when destroying sessions.

Lines 464 and 471 on test/integration/autenticatable_test.rb
were adjusted to assert on :no_content
 2012-05-02 22:40:53 -05:00
José Valim
55be93d5c4 Deprecated support for nested devise_for blocks 2012-01-24 13:40:04 +01:00
Rafael Mendonça França
cf5fbb9d65 Fix order specific test 2012-01-10 11:59:20 -03:00
José Valim
22136a708b Fix failure_app failing test. 2011-11-07 21:38:31 -02:00
José Valim
bad6049d73 Allow :failure_app as configuration in devise_for. 2011-11-07 09:20:09 -02:00
José Valim
bc8fc2d4e4 Allow idempotent API requests, closes #1309. 2011-09-29 11:35:18 +02:00
James Cook
edcca8cd3f DatabaseAuthenticatable#clean_up_passwords should set accessors to nil, not empty string. 2011-09-02 13:14:15 -04:00
Ches Martin
3cedba1de8 Fix optional enforcement of particular authentication keys 
Documentation states that authentication_keys should accept a hash with
values indicating whether or not each key is required. This was added in
b2066cc2 but tests only covered request_keys, and 29afe2d2 later broke
it with a << array operator.
 2011-08-06 20:07:49 +07:00
José Valim
767a7a7c21 Ensure handle_unverified_request clean up any cached signed-in user 2011-06-29 20:18:10 -03:00
Samuel Cochran
e75354b3b0 Tests. 2011-06-23 10:44:46 +08:00
José Valim
e763f843c4 Tests pass on 3.0.7 2011-05-04 19:24:11 +02:00
José Valim
29afe2d21c Other minor improvements in the REST code. 2011-04-19 08:36:52 +02:00
José Valim
a722c6236c to_json does not guarantee the order. 2011-04-18 13:03:31 +02:00
José Valim
4a4dcb30ef sessions/new also responds to xml and json now 2011-04-18 09:56:24 +02:00
José Valim
0d74c1b4f0 Move it to the junk drawer. :) 2011-04-16 13:18:28 +02:00
Prem Sichanugrist
0487e9eafe Add support for destory_user_session_path in another non-navigational formats such as JSON and XML 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-03-30 13:36:50 +02:00
Prem Sichanugrist
e8e3df3891 Add support for non-navigational format response to SessionsController 
This will make Devise::SessionsController return the authenticated object in the requested format instead of redirect the client to another page upon success authentication.
 2010-12-25 17:57:15 +08:00
José Valim
71450998c5 Avoid session fixation attacks. 2010-11-20 23:18:41 +01:00
José Valim
c7efb68a77 Devise does not intercept 401 returned from applications anymore 2010-11-09 23:42:14 +01:00
José Valim
611261c64e More tests for Omniauth. 2010-10-18 15:00:34 +02:00
José Valim
ef3480004c Ensure we are pointing to the proper sessions controller on failure. 2010-09-26 21:12:05 +02:00
José Valim
b2066cc229 Add request_keys support. Closes #401. 2010-09-21 11:45:44 +02:00
takahashim
a9f7b3258a fix TypeError in test_sign_in_with_script_name(AuthenticationOthersTest) 2010-09-16 23:02:49 +08:00
Martin Rehfeld
f3385e96ab use :sign_out_via to control the method(s) for the destroy_*_session_path route 2010-08-13 19:16:59 +08:00
José Valim
ef841ca17d Start to add helpers for OAuth tests. 2010-07-26 20:33:22 +02:00
José Valim
e567c00dd8 Store classes as string in session, to avoid serialization and stale data issues, closes #356 2010-07-12 07:48:19 +02:00
José Valim
bd0e2a3180 devise_for now accepts a block. All routes inside the block uses the scope defined by devise_for. 
You are now allowed to do:

  devise_for :users do
    # Non conventional sign_in route
    get "/sign_in" => "devise/sessions#new"
  end

And it should work as expected.
 2010-07-07 10:51:14 +02:00
José Valim
ae6322efb5 No longer retrieve the user from paths, but use the env hash. This change deprecates use_default_scope. 
If you have non conventional routes and want to specify the scope for a controller, you can do that at the router level:

  as :user do
    get "/sign_in", :to => "devise/session#new"
  end

This is saying: when accessing "/sign_in", devise should use the user scope. Meaning that users signed through that form will be signed to the user scope.
 2010-07-06 01:33:32 +02:00
klacointe
e9fbb3d7ef fix AbstractController::ActionNotFound when use 
route with specific format (ie xml, json...)
 2010-07-02 13:25:33 +08:00
José Valim
421256d294 Devise should respect script_name and path_info contracts. This closes #331, a long standing bug with Passenger. 2010-07-01 13:50:05 +02:00
Maxim Filatov
4db3ac820b sign_out_all_scopes is false by default 2010-06-25 02:29:52 +08:00
Denis Lifanov
819db39263 simplification (sign_out_everybody => sign_out_all_scopes) 2010-06-25 02:29:48 +08:00
Denis Lifanov
1a224c7486 move sign_out_scoped logic to the Devise::SessionsController#destroy 2010-06-25 02:29:45 +08:00
José Valim
70a429d9ff Split tests files a bit. 2010-06-13 12:11:15 +02:00
José Valim
1c5d4771ff Initial work on making the authentication stack more flexible. 2010-03-29 16:13:19 +02:00
José Valim
ca4e09390e Compatibility with Ruby 1.9.1 and 1.9.2. 2010-03-26 11:27:19 +01:00
José Valim
12b64c691f Add support to multipart e-mails (just put them in your mailers folder) and headers customization by simply defining headers_for in your model. 2010-03-26 10:01:24 +01:00