github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-02-19 02:44:31 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,954 Commits 32 Branches 148 Tags
bb2b4ecc1bcabc1c1797ecfe0dc0211c52cf3972
Commit Graph

373 Commits

Author SHA1 Message Date
Gareth Jones
e5ffdc4248 Update missed generator to use correct grammar for "send password reset" button (#5824) 
This mirrors #5515
 2026-02-17 13:28:20 -03:00
Taketo Takashima
8054ad55c3 Use :unprocessable_content in generated Devise config for Rack 3.1+, avoid Rack warnings (#5797) 
In Rack v3.1.0, the symbol for HTTP status code 422 was changed from `:unprocessable_entity` to `:unprocessable_content`.

As a result, when using rack 3.2 with the following configuration in `config/initializers/devise.rb`, a warning is shown on login failure:

```ruby
# config/initializers/devise.rb
Devise.setup do |config|
  ...
  config.responder.error_status = :unprocessable_entity
```

Warning message:

```sh
/path-to-app/vendor/bundle/ruby/3.4.0/gems/devise-4.9.4/lib/devise/failure_app.rb:80: warning: Status code :unprocessable_entity is deprecated and will be removed in a future version of Rack. Please use :unprocessable_content instead.
```

This warning can be resolved by updating the config as follows:
```diff
# config/initializers/devise.rb
Devise.setup do |config|
  ...
+  config.responder.error_status = :unprocessable_content
-  config.responder.error_status = :unprocessable_entity
```

This fixes the root cause of the warning for new apps by adjusting the generated config during `$ rails generate devise:install` depending on the rack version, so new apps using newer Rack versions generate `error_status = :unprocessable_content` instead of `:unprocessable_entity`.

Existing apps are handled by [latest versions of Rails, which will now transparently convert the code under the hood to avoid the Rack warning](https://github.com/rails/rails/pull/53383), and Devise will use that translation layer when available in the failure app to prevent the warning there as well (since that isn't covered by Rails automatic conversion).

Signed-off-by: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
 2025-12-31 10:45:09 -03:00
nkroker
cd9c21a067 Fix message in controllers generator 
Closes #5814

Signed-off-by: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
 2025-12-29 17:41:54 -03:00
soma-git-practice
fa4749dddc Expand reconfirmable comment on generator to match the module doc (#5748) 
Explain the combined usage of `reconfirmable` with `send_email_changed_notification`.
[ci skip]
 2025-10-17 13:41:42 -03:00
Christian Schmidt
46cae66baf Update argument name for config.warden 2024-12-17 13:31:17 +01:00
Rafael Mendonça França
c8207373ea Drop support to all EOL rails versions 2023-10-12 16:52:01 -03:00
Niccolò Maggioni
4484eddc52 Fix caret placement typo 2023-10-11 16:35:35 +02:00
santu essence
5b22538ae5 Inherit from only base. 2023-08-17 10:25:06 +05:30
Junichi Ito
49ed129c40 Replce p tag with div since p tags cannot contain other block elements 2023-02-14 08:34:26 +09:00
Carlos Antonio da Silva
f08e0ad24a Integrate with Hotwire/Turbo by configuring error and response statuses 
Treat `:turbo_stream` request format as a navigational format, much like
HTML, so Devise/responders can work properly.

Allow configuring the `error_status` and `redirect_status` using the
latest responders features, via a new custom Devise responder, so we can
customize the both responses to match Hotwire/Turbo behavior, for
example with `422 Unprocessable Entity` and `303 See Other`,
respectively. The defaults aren't changing in Devise itself (yet), so it
still responds on errors cases with `200 OK`, and redirects on non-GET
requests with `302 Found`, but new apps are generated with the new
statuses and existing apps can opt-in. Please note that these defaults
might change in a future release of Devise.

PRs/Issues references:

https://github.com/heartcombo/devise/pull/5545
https://github.com/heartcombo/devise/pull/5529
https://github.com/heartcombo/devise/pull/5516
https://github.com/heartcombo/devise/pull/5499
https://github.com/heartcombo/devise/pull/5487
https://github.com/heartcombo/devise/pull/5467
https://github.com/heartcombo/devise/pull/5440
https://github.com/heartcombo/devise/pull/5410
https://github.com/heartcombo/devise/pull/5340

https://github.com/heartcombo/devise/issues/5542
https://github.com/heartcombo/devise/issues/5530
https://github.com/heartcombo/devise/issues/5519
https://github.com/heartcombo/devise/issues/5513
https://github.com/heartcombo/devise/issues/5478
https://github.com/heartcombo/devise/issues/5468
https://github.com/heartcombo/devise/issues/5463
https://github.com/heartcombo/devise/issues/5458
https://github.com/heartcombo/devise/issues/5448
https://github.com/heartcombo/devise/issues/5446
https://github.com/heartcombo/devise/issues/5439
 2023-01-31 11:02:01 -03:00
Alex Ghiculescu
80423c8f01 Fix deprecation warning on Rails 6.1 2021-02-02 15:37:45 -07:00
Carlos Antonio da Silva
057afdc1e6 Fix another thor deprecation warning in the install generator 
This one has been showing up when running tests:

    Deprecation warning: Expected string default value for '--orm'; got false (boolean).
    This will be rejected in the future unless you explicitly pass the options
    `check_default_type: false` or call `allow_incompatible_default_type!` in your code
    You can silence deprecations warning by setting the environment variable THOR_SILENCE_DEPRECATION.
 2020-06-18 18:02:43 -03:00
David Rodríguez
ffa8a80f42 Fix warning from thor 
The `:orm` option can also have string values.
 2020-06-18 16:21:58 +02:00
Carlos Antonio da Silva
14a3084b59 Simplify the view generator with scoped views 2020-06-07 19:16:36 -03:00
Hiroyuki Morita
1f30f6fa85 Remove unused method from Devise::Generators::InstallGenerator 
`rails_4?` is not called anymore since 2024fca4df.
 2020-04-23 08:19:21 +09:00
HLFH
d65bb156c1 type: :boolean for :orm 2020-03-28 09:13:35 +00:00
Gaspard d'Hautefeuille
6851f1d1c4 Deprecation warning: Expected string default value for '--orm' 2020-03-26 17:13:51 +00:00
Petrik
63fe1a843f Explain how changing stretches affects existing password hashes 2020-03-12 16:16:55 +01:00
Rafael Mendonça França
a17abad57a Remove all references to Plataformatec 2020-02-03 11:33:17 -05:00
Colin Ross
14863ba4c9 Documentation: Details/Notes regarding Rails API-only applications (#5152) 
* doc: Add some additional details concerning using devise in an API-only Rails application

* Apply wording suggestions from code review

Co-Authored-By: Marcos Ferreira <mracos@users.noreply.github.com>

* Apply suggestions from code review

Co-Authored-By: Marcos Ferreira <mracos@users.noreply.github.com>
 2019-10-29 15:06:37 -03:00
Ryan Lue
5d73e1e3bb Explain layout of default config initializer [ci skip] 2019-09-27 06:21:27 +08:00
Marcos Ferreira
f48b6f1651 Merge pull request #5067 from shobhitic/master 
Using scoped errors for scoped views. Fixes #5066
 2019-09-17 14:49:57 -03:00
Marcos Ferreira
b52e642c01 Merge pull request #5074 from sergey-alekseev/increase-default-stretches-to-12 
Increase default stretches to 12
 2019-09-17 13:30:55 -03:00
Rafael Mendonça França
54fb582269 Officially support Rails 6.0 
Also remove upper bound on railties so people can try devise with new
versions without having to wait us to change the gem and report bugs.
 2019-06-12 16:10:13 -04:00
Sergey Alekseev
63ea6533de increase default stretches to 12 
Test script
---

```ruby
require 'bcrypt'
require 'benchmark'
Benchmark.measure { BCrypt::Password.create('password', cost: 12) }
```

Test results
---

- [Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz](https://ark.intel.com/content/www/us/en/ark/products/97535/intel-core-i5-7360u-processor-4m-cache-up-to-3-60-ghz.html): `#<Benchmark::Tms:0x00007fdd00a4eb30 @label="", @real=0.21730700000080105, @cstime=0.0, @cutime=0.0, @stime=0.00020399999999999585, @utime=0.21685199999999996, @total=0.21705599999999997>`
- [Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz](https://ark.intel.com/content/www/us/en/ark/products/137979/intel-core-i7-8559u-processor-8m-cache-up-to-4-50-ghz.html): `#<Benchmark::Tms:0x00007fe91094fd30 @label="", @real=0.17964200000278652, @cstime=0.0, @cutime=0.0, @stime=7.399999999996298e-05, @utime=0.17950799999999845, @total=0.1795819999999984>`

Other gems
---

- bcrypt-ruby which is used by devise [updated](https://github.com/codahale/bcrypt-ruby/pull/181) their default cost to 12 (not released a gem version yet).
- rails has [a PR](https://github.com/rails/rails/pull/35321) from the Rails core team member to update their `ActiveModel::SecurePassword` which powers `has_secure_password` default cost to 13 (not merged yet).

Previous changes
---

[Previous PR](https://github.com/plataformatec/devise/pull/3549) to increase the default stretches to 12 was created more than 4 years ago. That time the default stretches value [was increased](9efc601c73) from 10 to 11.
 2019-05-11 19:35:13 +03:00
Shobhit Bakliwal
a823e510f3 Using scoped errors for scoped views. Fixes #5066 2019-05-02 13:24:01 +05:30
Lucas Ferreira
964ae53e5b Update password confirmation autocomplete 2019-04-02 18:39:19 -03:00
Hyeonseok
369ba267ef removing white space in devise generator new.html.erb (#5010) 2019-01-24 10:20:03 -02:00
kenji kobayashi
e3a00b27d1 Add an option to not automatically sign in a user after changing a password (#4569) 2018-12-28 11:29:58 -02:00
Kopylov Vladislav
6f140faf0d fixed description for Devise::Generators::ControllersGenerator (#4975) 2018-11-21 19:20:23 -02:00
John Gabriel
fa067b31c6 chore(docs): allow_unconfirmed_access_for = nil (#2275) (#4964) 2018-11-12 14:27:27 -02:00
Sam Weerasinghe
94adec3cee Issue #4941 , handle error 'Please specify the Rails release the migration was written for' (#4942) 2018-10-03 15:21:59 -03:00
Colin Ross
389cd85d47 Missing comma in form input 2018-09-19 18:19:56 -07:00
Samy Kacimi
af8f7e9797 remove :trackable from the default modules (#4857) 
This removes :trackable from the default modules in the generators,
to be more GDPR-friendly.
 2018-05-14 18:11:15 -03:00
Gustavo Bazan
cd9ad848fb Update simple form templates 
Update `simple_form` templates with changes from 16b3d6d67c and 6260c29a86
 2018-05-08 15:42:26 -03:00
Wolfram Nikolas Müller
2bb8e1c236 Fix missing do block in config 2018-03-29 15:32:46 -03:00
Wolfram Nikolas Müller
e44a8b2d43 Include configuration for Turbolinks in devise initializer template 2018-03-29 15:32:46 -03:00
Danilo Araújo Silva
8ab7963e50 Creating a new section for controller configuration on devise.rb template 
Creating a new section called `Controller configuration`.

An optional devise configuration is set `config.parent_controller` but this configuration is missing in the `devise.rb` template file.
 2018-03-14 15:09:04 -03:00
Filip Soszyński
b01ae718b3 Primary key type in migration template (#4426) 
* Tests

* Add primary key type to migration template

* Change Rails version-detecting method in test
 2017-12-23 17:20:45 -02:00
Rafael França
0720bc72c3 Merge pull request #4731 from alexhifer/master 
Added the ability to change the default migrations path
 2017-12-21 18:33:07 -05:00
Pat Allan
f39c6fd927 Add the frozen_string_literal pragma comment to all Ruby files. (#4725) 2017-12-21 15:36:29 -02:00
Alexey Degtyarev
12298ef968 Added the ability to change the default migrations path (introduced in Rails 5.0.3) 2017-12-21 17:12:19 +02:00
masatooba
a24f98f315 Delete unnecessary hide! method 
This method has already been added to Rails.
 2017-10-28 01:26:26 +09:00
Pat Allan
4e9860d268 Ensure string literals can be frozen. 2017-06-21 09:22:49 +10:00
Rafael França
ad8547dede Merge pull request #4381 from slbug/master 
remove warnings about default value with new thor
 2017-06-13 15:51:20 -04:00
Carlos Antonio da Silva
ce071502ee Display unconfirmed email when using reconfirmable and email changed notification 
Otherwise we'd be mistakenly displaying the original email in the
message (which is the same we're sending the message to).

Also tweak the messaging a bit in this case, to show that the email "is
being changed" (the change hasn't taken effect yet).

Related to #4455.
 2017-03-15 11:47:47 -03:00
Carlos Antonio da Silva
2135ae5e5e Change email_change => email_changed notification 
This better indicates what the setting is for, and when it's supposed to
be triggered.

We might eventually deprecate the existing password_change on in favor
of password_changed.
 2017-03-10 08:56:34 -03:00
Carlos Antonio da Silva
70eb18d766 Notify original user email when the email changes 
This adds a new setting `send_email_change_notification` which will
send an email to the original user email when their email is updated to
a new one.

It doesn't take into account the reconfirmable setting yet, it will be
added next, so that if confirmable is included and reconfirmable is
being used, the email will be triggered when the email change is
requested, not when confirmed (e.g when we store the email in
`unconfirmed_email`, not when it's later copied to `email` when that is
confirmed).
 2017-03-06 17:04:26 -03:00
Alexander Grebennik
47077bf810 fix warnings about default value with new thor 2016-12-20 02:14:41 +03:00
amingilani
83b88353b5 Fix indentation in generators 2016-07-15 13:22:51 +05:00