github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-02-19 02:44:31 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,954 Commits 32 Branches 148 Tags
bb2b4ecc1bcabc1c1797ecfe0dc0211c52cf3972
Commit Graph

1972 Commits

Author SHA1 Message Date
Steven Hsieh
12a265d1eb optimize earlier timeout_skip to avoid unecessary record lookup 2020-02-19 10:51:36 -08:00
Rafael Mendonça França
a17abad57a Remove all references to Plataformatec 2020-02-03 11:33:17 -05:00
Connor Shea
a3fcb3b682 Fix two deprecated usages of keyword arguments. 
This prevents us from using behavior that was deprecated in Ruby 2.7.
 2019-12-26 17:44:53 -07:00
Samuel Pordeus
fb18c6ca8d Fix typos 2019-11-28 18:13:47 -03:00
Colin Ross
14863ba4c9 Documentation: Details/Notes regarding Rails API-only applications (#5152) 
* doc: Add some additional details concerning using devise in an API-only Rails application

* Apply wording suggestions from code review

Co-Authored-By: Marcos Ferreira <mracos@users.noreply.github.com>

* Apply suggestions from code review

Co-Authored-By: Marcos Ferreira <mracos@users.noreply.github.com>
 2019-10-29 15:06:37 -03:00
Looi David
406915cb78 changed? behaviour has been updated (#5135) 
* `changed?` behaviour has been updated

Due to 16ae3db5a5 `changed?` has been updated to check for dirtiness after save. The new method that behaves like the old `changed` is `saved_changes?`.

* Add comment to explain which method to used based on which rails version it is
 2019-10-22 10:39:34 -03:00
Ryan Lue
5d73e1e3bb Explain layout of default config initializer [ci skip] 2019-09-27 06:21:27 +08:00
Marcos Ferreira
f48b6f1651 Merge pull request #5067 from shobhitic/master 
Using scoped errors for scoped views. Fixes #5066
 2019-09-17 14:49:57 -03:00
Marcos Ferreira
b52e642c01 Merge pull request #5074 from sergey-alekseev/increase-default-stretches-to-12 
Increase default stretches to 12
 2019-09-17 13:30:55 -03:00
Leonardo Tegon
098345aace Prepare for version 4.7.1 2019-09-06 10:20:20 -03:00
Leonardo Tegon
fee43f3c11 Always return an error when confirmation_token is blank (#5132) 
As reported in https://github.com/plataformatec/devise/issues/5071, if
for some reason, a user in the database had the `confirmation_token`
column as a blank string, Devise would confirm that user after receiving
a request with a blank `confirmation_token` parameter.
After this commit, a request sending a blank `confirmation_token`
parameter will receive a validation error.
For applications that have users with a blank `confirmation_token` in
the database, it's recommended to manually regenerate or to nullify
them.
 2019-09-04 15:42:48 -03:00
Leonardo Tegon
a79057070c Prepare for 4.7.0 release 2019-08-19 11:35:55 -03:00
Denis Krasulin
45cc668683 Update routes.rb 
Comment incorrectly states that default method is "get", while line 228 of /lib/devise.rb sets "delete": "The default method used while signing out: @@sign_out_via = :delete"
 2019-07-16 01:08:44 +03:00
Rafael Mendonça França
54fb582269 Officially support Rails 6.0 
Also remove upper bound on railties so people can try devise with new
versions without having to wait us to change the gem and report bugs.
 2019-06-12 16:10:13 -04:00
Rafael Mendonça França
44f7325a91 Remove unneeded require 
The code that was using that constant is not being used anymore.

Closes #5083
 2019-06-12 16:04:50 -04:00
Sergey Alekseev
63ea6533de increase default stretches to 12 
Test script
---

```ruby
require 'bcrypt'
require 'benchmark'
Benchmark.measure { BCrypt::Password.create('password', cost: 12) }
```

Test results
---

- [Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz](https://ark.intel.com/content/www/us/en/ark/products/97535/intel-core-i5-7360u-processor-4m-cache-up-to-3-60-ghz.html): `#<Benchmark::Tms:0x00007fdd00a4eb30 @label="", @real=0.21730700000080105, @cstime=0.0, @cutime=0.0, @stime=0.00020399999999999585, @utime=0.21685199999999996, @total=0.21705599999999997>`
- [Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz](https://ark.intel.com/content/www/us/en/ark/products/137979/intel-core-i7-8559u-processor-8m-cache-up-to-4-50-ghz.html): `#<Benchmark::Tms:0x00007fe91094fd30 @label="", @real=0.17964200000278652, @cstime=0.0, @cutime=0.0, @stime=7.399999999996298e-05, @utime=0.17950799999999845, @total=0.1795819999999984>`

Other gems
---

- bcrypt-ruby which is used by devise [updated](https://github.com/codahale/bcrypt-ruby/pull/181) their default cost to 12 (not released a gem version yet).
- rails has [a PR](https://github.com/rails/rails/pull/35321) from the Rails core team member to update their `ActiveModel::SecurePassword` which powers `has_secure_password` default cost to 13 (not merged yet).

Previous changes
---

[Previous PR](https://github.com/plataformatec/devise/pull/3549) to increase the default stretches to 12 was created more than 4 years ago. That time the default stretches value [was increased](9efc601c73) from 10 to 11.
 2019-05-11 19:35:13 +03:00
Marcos Ferreira
28248e3167 Merge pull request #5069 from igorkasyanchuk/master 
Fix rails_51_and_up? method for Rails 6.rc1
 2019-05-06 21:03:16 -03:00
Igor Kasyanchuk
612e30258c Use better syntax to compare gem version 2019-05-05 03:44:44 -07:00
Igor Kasyanchuk
75e8555035 Fix rails_51_and_up? method for Rails 6.rc1 2019-05-03 13:11:34 -07:00
Shobhit Bakliwal
a823e510f3 Using scoped errors for scoped views. Fixes #5066 2019-05-02 13:24:01 +05:30
Vasily Fedoseyev
2d53cf4424 Fix rails 6.0.rc1 email uniqueness validation deprecation error 2019-04-26 14:20:30 +03:00
Felipe Renan
e91b8ee0ba Merge pull request #5055 from saiqulhaq/master 
refactor method name to be more consistent
 2019-04-05 10:03:37 -03:00
M. Saiqul Haq
0d56ae2705 refactor method name to be more consistent 2019-04-04 07:01:39 +07:00
Lucas Ferreira
964ae53e5b Update password confirmation autocomplete 2019-04-02 18:39:19 -03:00
Leonardo Tegon
2e5b5fcd70 Prepare for 4.6.2 release 2019-03-26 13:26:56 -03:00
Marcos Ferreira
f9d13f015a Revert "[#4245] Allowing password to nil (#4261)" 
This reverts commit 3aedbf0a4d.
 2019-03-26 10:29:46 -03:00
Marcos Ferreira
e704221842 Revert "Add more tests (#4970)" 
This reverts commit 05bf574799.
 2019-03-26 10:29:16 -03:00
Matheus Berkenbrock Nedel
a460d79b08 fix text redundancy 2019-03-17 21:20:06 -03:00
Leonardo Tegon
20e299bce0 Prepare for 4.6.1 release 2019-02-11 11:38:35 -02:00
Leonardo Tegon
fcb04f5302 Check if root_path is defined with #respond_to? instead of #present (#5022) 
When an application does not define a `root`, the method will be
undefined instead of returning a falsey value.
This commit also includes a new test with fake objects that mimic this
behavior.

Related resources:

* 1aab449933 (diff-c1be825bdb5f3160081e41432f83d0d7R278)
* https://github.com/plataformatec/devise/issues/5021
 2019-02-11 11:00:56 -02:00
Leonardo Tegon
45016829d6 Prepare for 4.6.0 release 
It was necessary to manually set the `sqlite3` Gem version after the
release of version `1.4.0`.
See https://github.com/rails/rails/issues/35153 for more info.
 2019-02-07 13:28:00 -02:00
Hyeonseok
369ba267ef removing white space in devise generator new.html.erb (#5010) 2019-01-24 10:20:03 -02:00
Felipe Renan
1aab449933 Refactor fix #4127 
* Adding to check if rootpath is present on url_helpers.
* Run this code only for Rails versions lower than 5.1.
 2019-01-23 15:42:17 -02:00
Alessandro
ee65cd60c9 FIX plataformatec/devise#4127 (#4700) 2019-01-23 15:32:29 -02:00
Matthew Rudy Jacobs
40e8812d75 Apply Test Helper fix to Rails 6.0 as well as 5.x (#5002) 2019-01-17 18:29:00 -02:00
Leonardo Tegon
62703943be Make #increment_failed_attempts concurrency safe (#4996) 
As reported in #4981, the method `#increment_failed_attempts` of `Devise::Models::Lockable` was
not concurrency safe. The increment operation was being done in two steps: first the value was read from the database, and then incremented by 1. This may result in wrong values if two requests try to update the value concurrently. For example:

```
Browser1 -------> Read `failed_attempts` from DB (1) -------> Increment `failed_attempts` to 2
    Browser2 -------> Read `failed_attempts` from DB (1) -------> Increment `failed_attempts` to 2
```

In the example above, `failed_attempts` should have been set to 3, but it will be set to 2. 

This commit handles this case by calling `ActiveRecord::CounterCache.increment_counter` method, which will do both steps at once, reading the value straight from the database.

This commit also adds a `ActiveRecord::AttributeMethods::Dirty#reload` call to ensure that the application gets the updated value - i.e. that other request might have updated. 
Although this does not ensure that the value is in fact the most recent one - other request could've updated it after the `reload` call - it seems good enough for this implementation. 
Even if a request does not locks the account because it has a stale value, the next one - that updated that value - will do it. That's why we decided not to use a pessimistic lock here.

Closes #4981.
 2018-12-28 17:00:50 -02:00
kenji kobayashi
e3a00b27d1 Add an option to not automatically sign in a user after changing a password (#4569) 2018-12-28 11:29:58 -02:00
Stan Hu
1192c76f62 Fix corner case when confirmation_sent_at is equal to 0.days.ago (#4529) 
If `Confirmable#confirmation_sent_at` is equal to `0.days.ago`, then
`confirmation_period_valid?` will be deemed valid even if the setting is
configured to disable this outright. To prevent this error, we explicitly
check the configuration setting to be `0.days.ago`.
 2018-12-04 14:34:32 -02:00
ihatov08
d1571627b7 Add deprication waring if use options argument at DatabaseAuthenticatable#update_with_password,#update_without_password (#4935) 2018-11-28 17:58:10 -02:00
Leonardo Tegon
52b24e41de Fix typo [ci skip] 2018-11-23 13:26:26 -02:00
Leonardo Tegon
5f62f28d6e Explain the code that prevents enumeration attacks 2018-11-22 20:38:02 -02:00
Ryan Lue
354df3bc65 [bugfix] [refactoring] Sanitize parameters in find_or_initialize_with_errors (#4797) 
* Use parameter sanitizer for new records in find_or_initialize_with_errors

* Add test for find_or_initialize_with_errors bugfix
 2018-11-22 15:10:50 -02:00
Kopylov Vladislav
6f140faf0d fixed description for Devise::Generators::ControllersGenerator (#4975) 2018-11-21 19:20:23 -02:00
Leonardo Tegon
05bf574799 Add more tests (#4970) 
After merging #4261, I realized that we could add a couple more
tests, to ensure the new behavior added to `#valid_password?` - which is
that it should return `false` when the password is either `nil` or blank
('').
I've also removed [this
condition](https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb#L68)
because it's already present at `Devise::Encryptor` module in the
`.compare`
[method](https://github.com/plataformatec/devise/blob/master/lib/devise/encryptor.rb#L15).
 2018-11-13 15:29:14 -02:00
Colin Ross
40f02ae69b Only flash if the request object that is loaded supports it (#4950) 2018-11-13 15:26:00 -02:00
sivagollapalli
3aedbf0a4d [#4245] Allowing password to nil (#4261) 
* [#4245] Allowing password to nil

* Set encrypted password to nil if password is nil

* [#4245] Fixing the build

* Removed unnecessary code
 2018-11-13 13:57:23 -02:00
John Gabriel
fa067b31c6 chore(docs): allow_unconfirmed_access_for = nil (#2275) (#4964) 2018-11-12 14:27:27 -02:00
Sam Weerasinghe
94adec3cee Issue #4941 , handle error 'Please specify the Rails release the migration was written for' (#4942) 2018-10-03 15:21:59 -03:00
Isaac Orme
25f908ad9c issue 4526 adds skip email and password change notifications methods (#4824) 2018-09-28 18:55:00 -03:00
Rafael França
4656e96d9e Merge pull request #4938 from colinross/issue-#4931-missing-comma 
Missing comma in form input
 2018-09-19 22:03:22 -04:00