github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-04-28 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,996 Commits 33 Branches 149 Tags
213aa51126d594a5a9f7d19a8bfc6f2db0ea7aa4
Commit Graph

302 Commits

Author SHA1 Message Date
David Rodríguez
4064641967 Remove obsolete expire_auth_token_on_timeout 
This should have been removed in dff7891b97
when token authentication (and the reset_authentication_token! method)
were removed.
 2015-07-11 09:01:22 -03:00
Sean Marzug-McCarthy
d49533bedc Fix default email_regexp config to disallow trailing non-word characters 2015-06-22 15:41:49 +02:00
Niklas Andréasson
e3244b2c31 Autoload Encryptor 2015-06-12 10:36:45 +02:00
Angel M de Miguel
db63df7a8f Calculate real characters based on SecureRandom.urlsafe_base64 method 2015-05-21 14:41:34 +02:00
Angel M de Miguel
b89537936b Allow the user to set the length of friendly token 2015-05-21 13:46:31 +02:00
Kosmas Chatzimichalis
1ab2d51308 removed spaces inside square brackets 2015-03-13 13:59:19 -03:00
Carlos Antonio da Silva
d1d5996b6b Remove deprecated methods related to token authentication 
These methods have no effect since Devise 3.2.0, released in Nov 2013.
 2015-03-13 13:54:32 -03:00
Michael Borohovski
f0992e4a96 Added an option to not automatically sign in a user after a password reset. This is useful for cases where additional strategies might be needed (such as two-factor authentication, e.g.), or generally if it is considered a security risk to automatically log in a user after a password is reset. 2015-02-13 02:29:11 -08:00
Stephen Baldwin
06e0f8adca Update devise.rb 2014-11-20 16:01:21 -05:00
Stephen Baldwin
a9e87f067a Ability to load modules in specific order 
Allow modules to be inserted at set positions
 2014-11-20 15:16:46 -05:00
Dave Powers
63ae9701b4 Update casing of 'OmniAuth' to match that of official OmniAuth documentation 2014-11-14 14:45:09 -05:00
Lucas Mazza
8e5c098e3a Merge pull request #3153 from plataformatec/lm-rails-4-2 
Rails 4.2 compatibility
 2014-10-03 14:07:59 -03:00
Lucas Mazza
6405c96213 last_attempt_warning should be true for now on. 2014-10-03 09:49:29 -03:00
Lucas Mazza
a638c21e76 Add responders as a Devise dependency. 2014-08-20 18:12:57 -03:00
Hao Wei
11c8875479 Update legacy comment 2014-05-01 19:49:37 +08:00
Ross Kaffenberger
5f32cd25fd support multiple warden configuration blocks 
Changes the behavior of `Devise.warden` such that calling it multiple
times with different blocks will result in a call to each block on
`Devise.configure_warden!` rather than "last block wins". This is
especially used for plugins that wish to extend warden functionality
without clobbering base app configuration or vice versa.
 2014-04-15 17:20:21 -04:00
Lauro Caetano
f7fdde1ab0 Add the invalidate_all_sessions_on_logout configuration to invalidate 
all the remember me tokens when the user signs out.
 2014-04-04 16:17:26 -03:00
Anshul Sharma
dc1b399a8b Updated ruby 1.9 hash syntax 2014-02-25 22:12:55 +05:30
Jake Worth
61e87be580 Fix typos 2014-01-09 10:00:27 -06:00
Erik Michaels-Ober
26e85c44e2 Removed use of gendered pronouns 2013-12-02 10:02:17 +01:00
Matthew Rudy Jacobs
268e486dbb Add store_location_for helper 
This is used as a complement to `stored_location_for`.

Example:

Before authorizing with Omniauth;

  store_location_for(:user, dashboard_path)
  redirect_to user_omniauth_authorize_path(:facebook)

In our Omniauth callback

  sign_in(user)
  redirect_to stored_location_for(:user) || root_path
 2013-11-09 00:59:00 +00:00
José Valim
4f1bf8f3f9 Split out sign_in/out functionality so it can be reused in hooks 2013-11-06 20:55:26 +01:00
Vitaly Bezkrovny
e20e446cf4 + last_attempt 
+ @@last_attempt_warning

+ last_attempt? method;
* send :last_attempt key if it is the last attempt

+ test for last attempt

* update test to make two asserts

* update message
 2013-10-15 01:53:56 +03:00
José Valim
6b3b0c5e8c Remove deprecated token lookups 2013-09-02 19:23:15 -03:00
José Valim
20cf73facf Merge pull request #2549 from joaomilho/master 
Using urlsafe_base64 cause it already handle url sensitive chars, keepin...
 2013-08-08 13:38:05 -07:00
José Valim
3dccf3c6ff Do not sign in after confirmation 2013-08-08 22:33:58 +02:00
José Valim
354e5022bf Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00
José Valim
143794d701 Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
Juan Lulkin
4048545151 Using urlsafe_base64 cause it already handle url sensitive chars, keeping the replacement of the confusing chars, though 2013-08-05 14:54:56 +03:00
José Valim
32648027e2 Add Devise::KeyGenerator 2013-08-05 11:47:36 +02:00
José Valim
7e96bac6a4 Get rid of deprecated code 2013-08-05 11:24:04 +02:00
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
José Valim
72cf2481b5 Rename ParamFilter to ParameterFilter for consistency 2013-06-19 09:17:54 +02:00
Carlos Antonio da Silva
eb0ad1c21a Merge branch 'master' into rails4 2013-05-07 13:01:34 -03:00
Vipul A M
2e6457006e Remove unused variables and fix typos 2013-04-18 10:24:38 +05:30
José Valim
5bf4f57fcf Tidy up devise configuration 2013-04-13 22:07:54 -07:00
José Valim
1b8fd7c2ff Merge pull request #2271 from robhurring/master 
Allowing http token auth to set the token_authentication_key if missing from params
 2013-04-13 21:39:36 -07:00
Drew Ulmer
d20fdf87b6 Introduce BaseSanitizer null sanitizer and controller-specific callbacks 
This updates Devise's StrongParameter support to feature:

- A Null base sanitizer to support existing Rails 3.x installations that
  don't want to use StrongParameters yet
- A new, simpler API for ParameterSanitizer: #permit, #permit!, and #forbid
- Overrideable callbacks on a controller-basis, e.g. #create_sessions_params
  for passing the current scope's parameters through StrongParameters and
  a helper method, whitelisted_params, for rolling your own implementations
  of #create_x_params in your own controllers.
- Lots of tests!
 2013-04-10 10:33:50 -05:00
Drew Ulmer
78f137368c Add support for Rails 4 strong_parameters 
This brings support for Rails 4 StrongParameters changes.

- Parameter sanitizing is setup for Devise controllers via
  resource_params except Omniauth Callbacks which doesn't use
  resource_params.

- Change #build_resource to not call resource_params for get requests.
  Parameter sanitizing is only needed when params are posted to the
  server so there's no need to try to construct resource params on get
  requests (new, edit).
 2013-03-31 21:31:48 -05:00
Matt Jones + Tony Schneider
f4ceecece4 Allow explicit configuration of http auth key 
- Fix basic auth case in which authorized_keys is configured as hash
- Duplicate existing functionality when http_auth_key is not explicitly
  set
 2013-03-04 12:23:05 -05:00
Philipe Fatio
c22d755cf4 Make use of warden's scoped serialization 2013-02-25 07:38:42 +01:00
Vasiliy Ermolovich
395a69b4ef allow_unconfirmed_access_for set to nil means unconfirmed access for unlimited time 
closes #2275
 2013-02-13 21:17:38 +03:00
Rob
547439d94c renaming devise option "allow_authorization_to_set_auth_token" to "allow_token_authenticatable_via_headers" 2013-02-10 12:50:52 -05:00
Rob
3025b7e2f7 Allow http token authorization to set token_authentication_key in place of passing it in via params 
It will not override existing token_authentication_key params if they are present.
 2013-02-09 15:12:36 -05:00
Vasiliy Ermolovich
d3f8bd6cae add key option to rememberable_options 
closes #2218
 2013-01-20 23:16:25 +03:00
Jay Shepherd
cc017b1f0d Allow parent_mailer to be customizable via Devise.parent_mailer, useful for engines 2013-01-18 02:26:41 -06:00
Anatoliy Kukul
adc9a45f05 Used other regxp 2012-11-19 13:58:19 +02:00
Anatoliy Kukul
50186474d4 Fix default email_regexp config to not allow spaces 
Default email_regexp config accepted emails with spaces. e.g.: "test user@test server.com" http://rubular.com/r/jXGS8pmumd
Changed regexp to not allow spaces in email. e.g.:  http://rubular.com/r/tTD9PytGEp
 2012-11-19 13:40:54 +02:00
José Valim
bdf0bc7b1e Revert "Revert "New password default minimum length is now 8"" 
This reverts commit b1f490a2f8.
Actually, the implementation was good!
 2012-07-24 23:41:17 +02:00
José Valim
b1f490a2f8 Revert "New password default minimum length is now 8" 
This reverts commit 2950434ed3.
It is backwards incompatible, we need a better migration plan.
 2012-07-24 22:41:13 +02:00