github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-20 20:28:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,311 Commits 28 Branches 145 Tags
5e7caffc9e3c8aff714c1cebc59fffbf7193b29e
Commit Graph

1329 Commits

Author SHA1 Message Date
Alex Peattie
5e7caffc9e Extend params sanitizer, to make it easier to add/remove permitted params 
- Move the default permitted parameters into ParameterSanitizer::PermittedParameters
- Add devise_permitted_parameters helper
- devise_permitted_parameters.add to add permitted parameters
- devise_permitted_parameters.remove to remove Devise's defaults
- devise_permitted_parameters.for to access the parameters for a given action
- Update 'Strong Parameters' section of README

Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2013-08-11 22:20:59 +02:00
Gleb Mazovetskiy
e7de0d4c4c fix doc typo 2013-08-10 04:43:25 +02:00
José Valim
2a8d0f9bee Update CHANGELOG 2013-08-09 10:30:29 +02:00
José Valim
4681f81ce6 Document the :store option for sign in 2013-08-09 08:37:27 +02:00
José Valim
20cf73facf Merge pull request #2549 from joaomilho/master 
Using urlsafe_base64 cause it already handle url sensitive chars, keepin...
 2013-08-08 13:38:05 -07:00
José Valim
3dccf3c6ff Do not sign in after confirmation 2013-08-08 22:33:58 +02:00
José Valim
d56641f514 Move to SHA256 2013-08-06 12:14:51 +02:00
José Valim
354e5022bf Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00
José Valim
143794d701 Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
Juan Lulkin
4048545151 Using urlsafe_base64 cause it already handle url sensitive chars, keeping the replacement of the confusing chars, though 2013-08-05 14:54:56 +03:00
José Valim
32648027e2 Add Devise::KeyGenerator 2013-08-05 11:47:36 +02:00
José Valim
7e96bac6a4 Get rid of deprecated code 2013-08-05 11:24:04 +02:00
José Valim
f5a77ac598 Skip storage for cookies on unverified requests 2013-08-05 10:24:11 +02:00
José Valim
7c8c0f8dba Release 3.0.1 2013-08-02 23:25:11 +02:00
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
Paul Chobert
d88b3cedfb Remove trailing whitespaces 2013-07-28 23:15:42 +02:00
José Valim
11a77055f1 Merge pull request #2525 from jetthoughts/timeoutable-without-rememberable 
Fixed checking for rememberable in timeoutable
 2013-07-26 00:58:09 -07:00
José Valim
cd1bc53947 Do not generate attr_accessible for any Rails 4 app 2013-07-26 09:22:03 +02:00
Michael Nikitochkin
fffbeb5cc7 Fixed bug when user has field remember_created_at but the module rememberable is not enabled for the user 2013-07-26 10:20:29 +03:00
José Valim
78fedd6c10 Merge pull request #2523 from Neschur/add_method_after_confrimation 
Added method after_confrimation
 2013-07-25 23:59:50 -07:00
Justin Coyne
b7e67115fc When using rails 3.2, the generator adds 'attr_accessible' to the model. Fixes #2515 2013-07-23 22:49:05 -05:00
Siarhei Hanchuk
b7bc8dec12 Added method after_confrimation 2013-07-23 14:19:58 +03:00
José Valim
b46b7e3736 Release v3.0.0 2013-07-14 20:40:56 +02:00
Vasiliy Ermolovich
2c1ca126f4 add remember_me to the permitted sign_in params 2013-07-12 22:14:32 +03:00
José Valim
bc598b9da3 Merge pull request #2452 from latortuga/bad-strong-params-on-failed-login 
Add failing test case for bad parameter sanitizing when failing to login
 2013-07-08 23:53:41 -07:00
José Valim
da0323e591 Merge pull request #2419 from plataformatec/issue-2418 
set error to the field specified in unlock_keys config
 2013-07-08 23:52:19 -07:00
José Valim
061e9d7404 Merge pull request #2475 from tkhr/enable_skipping_reconfirmation_notification_but_regenerate_confirmation_token_2 
Enable to skip sending reconfirmation email when reconfirmable is on and skip_confirmation_notification! is invoked
 2013-07-08 23:51:42 -07:00
Drew Ulmer
e029ad7b0c Fix improper login param sanitization permit 
This includes a failing test case that hooks into ActiveSupport
Notifications to catch the param permit error.
 2013-06-25 13:44:39 -05:00
Martin Honermeyer
5926898cf4 Update code example for #update_without_password 2013-06-25 11:27:35 +02:00
Takehiro Adachi
df2995ce19 Enable to skip sending reconfirmation email when skip_confirmation_notification! is invoked 
We could always generate a confirmation token but not sending a
confirmation email by invoking the skip_confirmation_notification!
method when creating the account.
But there were no way to do that when we were turning on reconfirmable
and updating email.
 2013-06-20 08:21:54 +09:00
José Valim
5717c6f082 Splat args to be sanitized 2013-06-19 10:37:37 +02:00
José Valim
72cf2481b5 Rename ParamFilter to ParameterFilter for consistency 2013-06-19 09:17:54 +02:00
José Valim
5c39a0c6d1 Merge pull request #2458 from t-kot/fix_access_locked_return_value 
Fix access_locked? always return boolean
 2013-06-12 20:45:25 -07:00
Steve Slotnick
b194882b23 Renaming get_or_create_*_token to ensure_*_token to match API in token authenticatable 2013-06-12 15:10:14 -07:00
Steve Slotnick
b5909f9b93 changing name from *_token! to get_or_create_*_token 2013-06-11 14:14:17 -07:00
Steve Slotnick
3c9cfa50c0 Adding publicly available methods on Recoverable and Confirmable to retrieve tokens 2013-06-10 19:17:19 -07:00
t-kot
e632240aee Fix access_locked? always return boolean 2013-06-07 12:11:00 +09:00
José Valim
176158a309 Just for Rails 3.2 2013-06-06 00:45:02 +08:00
José Valim
fdd47d74db We are not duck typing here, so don't call the variable duck 2013-06-01 10:06:33 +09:00
julp
10aadee637 record is potentially unchanged here, if so, no needs to save it 2013-05-29 19:27:02 +02:00
julp
7670eb8e98 don't update failed_attempts attribute if already equal to 0 2013-05-29 19:24:51 +02:00
Kramer Campbell
17e85aa79d Avoid sending confirmations to blank emails. 
At times, validations may be skipped and no email address may be
provided. Such an instance comes when testing uniqueness validations of
specific attributes in a Devise model with confirmable, especially when
using Shoulda matchers.
 2013-05-22 19:48:06 -07:00
José Valim
10c9a492ab Merge pull request #2427 from plataformatec/issue-2421 
redirect user to the referrer if latest request was not GET after timeout
 2013-05-19 08:07:43 -07:00
Vasiliy Ermolovich
b7079c7cf2 redirect user to the referrer if latest request was not GET after timeout 
closes #2421
 2013-05-19 17:11:34 +03:00
Emil Soman
020341176c Update doc to mention http_authenticable is false by default 2013-05-18 01:50:06 +05:30
Vasiliy Ermolovich
dd7c3ee91f set error to the field specified in unlock_keys config 
closes #2418
 2013-05-14 17:41:47 +03:00
Carlos Antonio da Silva
39c1a2c7d0 Release 3.0.0.rc with Rails 4 support 2013-05-07 13:32:03 -03:00
Carlos Antonio da Silva
eb0ad1c21a Merge branch 'master' into rails4 2013-05-07 13:01:34 -03:00
Carlos Antonio da Silva
f5e33089a0 Release 2.2.4 2013-05-07 12:51:46 -03:00
José Valim
ef2a2280a3 Update examples to be compatible with Rails 4 2013-05-07 08:18:12 -06:00