github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-21 04:38:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,367 Commits 28 Branches 145 Tags
5300bdabc8b7740a3a308e97065d2cc941eddffd
Commit Graph

1348 Commits

Author SHA1 Message Date
Aaron Patterson
5300bdabc8 add a class method so you can encrypt passwords from fixtures 2013-10-06 13:53:12 +03:00
Ivan Zhidkov
2351d0215a Fix expire_session_data_after_sign_in! 2013-10-03 18:34:39 +04:00
José Valim
eaad61b2da Make it clear a restart is required when setting the secret key 2013-10-01 17:12:08 +02:00
Vasiliy Ermolovich
d75fd56f15 remove unused reset_password_token method 
closes #2621
 2013-09-14 12:30:23 +03:00
José Valim
6b3b0c5e8c Remove deprecated token lookups 2013-09-02 19:23:15 -03:00
José Valim
dff7891b97 Get rid of token authentication 2013-09-02 19:15:47 -03:00
José Valim
08edcc10fe Release 3.1.0 2013-09-02 19:02:48 -03:00
Alexander Zubkov
095572b6fd Add nulls to migration generator 2013-09-02 15:00:12 +04:00
Alexander Zubkov
b9112d4308 Handle nil failed_attempts 2013-09-02 14:48:19 +04:00
Pavel Pravosud
91f2bce08e Consistent single quotes in devise.rb generator 2013-08-30 22:21:12 +07:00
José Valim
3232d14b20 token authenticatable mentions 2013-08-21 17:33:38 +02:00
José Valim
72c3472fe1 Generate remember token 2013-08-19 20:33:21 +02:00
José Valim
1437ae2ce3 Release v3.1.0.rc2 2013-08-18 10:13:53 +02:00
Andri Möll
052cbef205 Don't confirm email after password reset. 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2013-08-18 10:13:35 +02:00
José Valim
b1754074e5 Only raise on missing secret key after a route is defined 2013-08-18 09:55:05 +02:00
José Valim
e8b70bb04d Include registration on docs 2013-08-17 09:19:28 +02:00
José Valim
5ecbbdf260 Update version.rb 2013-08-13 18:22:19 +02:00
José Valim
efe34219a9 Fix the build on Rails 3.2 2013-08-12 15:36:41 +02:00
José Valim
4e318b5167 Simplify parameter sanitization proposal 2013-08-11 22:20:59 +02:00
Alex Peattie
5e7caffc9e Extend params sanitizer, to make it easier to add/remove permitted params 
- Move the default permitted parameters into ParameterSanitizer::PermittedParameters
- Add devise_permitted_parameters helper
- devise_permitted_parameters.add to add permitted parameters
- devise_permitted_parameters.remove to remove Devise's defaults
- devise_permitted_parameters.for to access the parameters for a given action
- Update 'Strong Parameters' section of README

Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2013-08-11 22:20:59 +02:00
Gleb Mazovetskiy
e7de0d4c4c fix doc typo 2013-08-10 04:43:25 +02:00
José Valim
2a8d0f9bee Update CHANGELOG 2013-08-09 10:30:29 +02:00
José Valim
4681f81ce6 Document the :store option for sign in 2013-08-09 08:37:27 +02:00
José Valim
20cf73facf Merge pull request #2549 from joaomilho/master 
Using urlsafe_base64 cause it already handle url sensitive chars, keepin...
 2013-08-08 13:38:05 -07:00
José Valim
3dccf3c6ff Do not sign in after confirmation 2013-08-08 22:33:58 +02:00
José Valim
d56641f514 Move to SHA256 2013-08-06 12:14:51 +02:00
José Valim
354e5022bf Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00
José Valim
143794d701 Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
Juan Lulkin
4048545151 Using urlsafe_base64 cause it already handle url sensitive chars, keeping the replacement of the confusing chars, though 2013-08-05 14:54:56 +03:00
José Valim
32648027e2 Add Devise::KeyGenerator 2013-08-05 11:47:36 +02:00
José Valim
7e96bac6a4 Get rid of deprecated code 2013-08-05 11:24:04 +02:00
José Valim
f5a77ac598 Skip storage for cookies on unverified requests 2013-08-05 10:24:11 +02:00
José Valim
7c8c0f8dba Release 3.0.1 2013-08-02 23:25:11 +02:00
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
Paul Chobert
d88b3cedfb Remove trailing whitespaces 2013-07-28 23:15:42 +02:00
José Valim
11a77055f1 Merge pull request #2525 from jetthoughts/timeoutable-without-rememberable 
Fixed checking for rememberable in timeoutable
 2013-07-26 00:58:09 -07:00
José Valim
cd1bc53947 Do not generate attr_accessible for any Rails 4 app 2013-07-26 09:22:03 +02:00
Michael Nikitochkin
fffbeb5cc7 Fixed bug when user has field remember_created_at but the module rememberable is not enabled for the user 2013-07-26 10:20:29 +03:00
José Valim
78fedd6c10 Merge pull request #2523 from Neschur/add_method_after_confrimation 
Added method after_confrimation
 2013-07-25 23:59:50 -07:00
Justin Coyne
b7e67115fc When using rails 3.2, the generator adds 'attr_accessible' to the model. Fixes #2515 2013-07-23 22:49:05 -05:00
Siarhei Hanchuk
b7bc8dec12 Added method after_confrimation 2013-07-23 14:19:58 +03:00
José Valim
b46b7e3736 Release v3.0.0 2013-07-14 20:40:56 +02:00
Vasiliy Ermolovich
2c1ca126f4 add remember_me to the permitted sign_in params 2013-07-12 22:14:32 +03:00
José Valim
bc598b9da3 Merge pull request #2452 from latortuga/bad-strong-params-on-failed-login 
Add failing test case for bad parameter sanitizing when failing to login
 2013-07-08 23:53:41 -07:00
José Valim
da0323e591 Merge pull request #2419 from plataformatec/issue-2418 
set error to the field specified in unlock_keys config
 2013-07-08 23:52:19 -07:00
José Valim
061e9d7404 Merge pull request #2475 from tkhr/enable_skipping_reconfirmation_notification_but_regenerate_confirmation_token_2 
Enable to skip sending reconfirmation email when reconfirmable is on and skip_confirmation_notification! is invoked
 2013-07-08 23:51:42 -07:00
Drew Ulmer
e029ad7b0c Fix improper login param sanitization permit 
This includes a failing test case that hooks into ActiveSupport
Notifications to catch the param permit error.
 2013-06-25 13:44:39 -05:00
Martin Honermeyer
5926898cf4 Update code example for #update_without_password 2013-06-25 11:27:35 +02:00
Takehiro Adachi
df2995ce19 Enable to skip sending reconfirmation email when skip_confirmation_notification! is invoked 
We could always generate a confirmation token but not sending a
confirmation email by invoking the skip_confirmation_notification!
method when creating the account.
But there were no way to do that when we were turning on reconfirmable
and updating email.
 2013-06-20 08:21:54 +09:00
José Valim
5717c6f082 Splat args to be sanitized 2013-06-19 10:37:37 +02:00