github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-22 21:28:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
691 Commits 28 Branches 145 Tags
aefcd537653ec48df11da1f6e72ce291b1cb81bb
Commit Graph

113 Commits

Author SHA1 Message Date
Maxim Filatov
4db3ac820b sign_out_all_scopes is false by default 2010-06-25 02:29:52 +08:00
Denis Lifanov
819db39263 simplification (sign_out_everybody => sign_out_all_scopes) 2010-06-25 02:29:48 +08:00
Denis Lifanov
1a224c7486 move sign_out_scoped logic to the Devise::SessionsController#destroy 2010-06-25 02:29:45 +08:00
José Valim
5e1ef9319e Check if the user is already signing out before timing out his connection, closes #273. 2010-06-13 12:40:13 +02:00
José Valim
70a429d9ff Split tests files a bit. 2010-06-13 12:11:15 +02:00
José Valim
f16d01869a Rename apply_schema to apply_devise_schema and refactor Mongoid part a bit. 2010-06-13 11:48:45 +02:00
Alexander Uvarov
6ff77c9fdf Add merb-auth like router helper 2010-05-25 05:51:32 +08:00
Joseph DelCioppio
80977c6dee Added after_update_path to registrations controller. Users can now specify the path that their app should return to after updated a resource. If not specified it will return to the root, or the resource's root if specified. 2010-05-25 04:25:32 +08:00
José Valim
bff64a6291 Added navigational formats to specify when it should return a 302 and when a 401, closes #234 and #249. 2010-05-16 19:13:38 +02:00
José Valim
59bee679ca Add tests to cookie domain, closes #254. 2010-05-16 14:13:56 +02:00
José Valim
d38421dde8 Green tests on Rails master, closes #261 2010-05-15 10:39:11 +02:00
José Valim
708fe78d86 Ensure password confirmation is always required, closes #228 2010-04-25 09:38:56 +02:00
José Valim
4da63c5395 Ensure routes are loaded before application classes are eager loaded, closes #212. 2010-04-22 19:59:52 +02:00
José Valim
731f156f50 Do not show unlock link unless strategy is e-mail. Closes #204. 2010-04-15 08:40:15 +02:00
José Valim
8db559148c All tests green on latest Rails beta. 2010-04-13 23:28:13 +02:00
José Valim
1591294b7a Compatibility with Rails beta 3. 2010-04-05 11:46:26 +02:00
José Valim
b974b7bc78 Move failure messages from devise.sessions to devise.failure. 2010-04-03 13:11:45 +02:00
José Valim
23e608e27b No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3. 2010-04-03 11:43:31 +02:00
José Valim
f5d01c217d TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 19:09:33 +02:00
José Valim
13b8ddf54c Ensure customs pass through sessions_controller. 2010-04-01 14:00:21 +02:00
José Valim
015c74e734 Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database. 2010-03-31 13:31:45 +02:00
José Valim
597a930c74 We do not use t() helpers in views, so there is no reason why this particular one should use them. 2010-03-30 20:06:56 +02:00
José Valim
22e1fa0cb9 Small cleanup. 2010-03-30 00:29:57 +02:00
José Valim
7d14f0bbb9 Allow several authentications to share a common path. 2010-03-29 23:44:47 +02:00
José Valim
1c5d4771ff Initial work on making the authentication stack more flexible. 2010-03-29 16:13:19 +02:00
José Valim
604b7ef61c Move http authenticatable response to failure app. 2010-03-29 15:16:14 +02:00
José Valim
2a082f3e4c Fix some unlockable bugs. 2010-03-28 23:09:28 +02:00
José Valim
bd4b29c0fd sign_in_count shoud default to zero. 2010-03-26 12:56:24 +01:00
José Valim
ca4e09390e Compatibility with Ruby 1.9.1 and 1.9.2. 2010-03-26 11:27:19 +01:00
José Valim
12b64c691f Add support to multipart e-mails (just put them in your mailers folder) and headers customization by simply defining headers_for in your model. 2010-03-26 10:01:24 +01:00
José Valim
ac742e3271 Clean up lockable and class methods API. 2010-03-10 16:13:54 +01:00
José Valim
e03e137c35 Update warden which fixes a security issue. 2010-02-23 19:47:45 +01:00
Jacques Crocker
4a51394af5 MongoMapper test suite fixes 2010-02-19 20:32:31 +08:00
José Valim
3ac399f2ff Returns the proper response body based on the rquest for 401. 2010-02-18 19:38:13 +01:00
José Valim
968ebe1b15 Uses the same content type as request on http authenticatable 401 responses 2010-02-17 21:40:01 +01:00
José Valim
f6cc219210 Devise now allows you to have custom controlleers. Check the README for more information. 2010-02-17 13:15:19 +01:00
José Valim
02e8c04cde Update views generator and now have scoped views. 2010-02-17 12:26:54 +01:00
José Valim
b4bbd3b892 Get all tests passing for ActiveRecord and allow MongoMapper tests to run. 2010-02-17 10:11:43 +01:00
José Valim
33941d1f62 All tests passing (except two which are errors in Rails). Now generators and initialization process. 2010-02-16 21:23:58 +01:00
José Valim
d466849c57 More tests passing for Rails 3 compatibility. 369 tests, 788 assertions, 34 failures, 16 errors. 2010-02-16 16:11:30 +01:00
José Valim
1b6f1b9752 Add registerable integration tests. 2010-02-09 00:08:57 +01:00
José Valim
9798ad7455 Allow scoped views to be customized per controller/mailer class. 2010-02-08 17:33:22 +01:00
José Valim
54cd2cc0e8 Use _ instead of . 2010-02-08 17:15:12 +01:00
Carlos Antonio da Silva
445070f6ec Use sign_up instead of registration in routes. Fix issue with users being signed in while attempting to sign up with info from already existing user. Also fix signed up flash. 2010-02-08 11:03:15 -02:00
Carlos Antonio da Silva
9856646fac Merge with master 2010-02-06 09:24:00 -02:00
José Valim
1cf4dc798d Add Http Basic Authentication support. 2010-02-06 01:33:32 +01:00
José Valim
c146cad448 Ensure inactive user cannot sign in. 2010-02-05 21:36:19 +01:00
Carlos Antonio da Silva
6b837cb285 Introducing Registerable module, allowing users to sign up. 2010-02-04 20:08:38 -02:00
Carlos Antonio da Silva
4de1e43b7a Fix "return_to" to always save the request_uri, overwriting the return to url when the user types another forbidden url before sign in. 
This way the user will be redirected to the last attempted url and not the first one.
 2010-02-04 08:46:22 -02:00
José Valim
3781a0f47b Tidy up token authentication implementation. 2010-02-02 13:21:00 +01:00