github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-23 05:38:04 -05:00
Code Issues Packages Projects Releases Wiki Activity
933 Commits 28 Branches 145 Tags
d8016ea3fd51ee552bc193afff4db2364efb8be1
Commit Graph

171 Commits

Author SHA1 Message Date
Andrew Dahl
e911abf13b changed case_insensitive_keys config setting to an array and added downcasing of keys as a before filter on database authentication module 2010-11-18 23:29:53 +01:00
Andrew Dahl
94c666e439 first attempt 2010-11-18 21:24:42 +01:00
José Valim
c7efb68a77 Devise does not intercept 401 returned from applications anymore 2010-11-09 23:42:14 +01:00
José Valim
835d1044ae Fix a problem with IE7 headers. 2010-11-08 22:45:42 +01:00
José Valim
2f360bf201 Remove OAuth2 in favor of OmniAuth. 2010-10-18 15:00:34 +02:00
José Valim
21d5e50054 Basic omniauth support. 2010-10-18 15:00:34 +02:00
José Valim
8a8ba6c70c Depend on ORM Adapter. 2010-10-10 17:51:32 +02:00
Carlos Antonio da Silva
0bc80cec35 Remove autoload for Bcrypt encryptor, it does not exist anymore 2010-09-25 23:14:31 -03:00
José Valim
38f3f6318a cookie_domain is deprecated in favor of cookie_options which uses session_options by default. 2010-09-25 21:13:54 +02:00
José Valim
531f221be7 Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication 2010-09-25 20:28:14 +02:00
José Valim
09088706bb Extract encryptors into their own module for better bcrypt support. 2010-09-25 16:08:46 +02:00
José Valim
31d821c2e0 Allow to Rememberable to work without remember_token relying on salt if possible. 
This comes with the benefit that if you change your password, all remember tokens expires, and it also requires one field less in the database.

The downside is that if you want remember_me_across_browser to be false, it won't work unless you use the token. It also requires you to be using database_authenticable.

Using salt is now the default in Devise.
 2010-09-25 13:07:24 +02:00
José Valim
2aa1d2f3b7 Increase the size of the friendly token. 
The chance of someone to successfully guess a random token in the website is:

(number_of_users / 2388636399360109977557402041718133080829429159844757507642063199359529632522467783435119230976)
 2010-09-25 11:51:57 +02:00
José Valim
b2066cc229 Add request_keys support. Closes #401. 2010-09-21 11:45:44 +02:00
José Valim
b8ab9a835b Disable HTTP Authentication by default. You can turn it on in the initializer. 2010-08-23 10:22:31 -03:00
José Valim
617b95fdcd sign_out_all_scopes is true by default. 2010-08-23 09:18:39 -03:00
José Valim
ab7f3bc175 Added Devise.sign_out_via. 2010-08-23 09:05:40 -03:00
José Valim
ef841ca17d Start to add helpers for OAuth tests. 2010-07-26 20:33:22 +02:00
José Valim
bd1006d321 Add the possibility to skip OAuth authentication by returning nil from the finder method. 2010-07-26 20:32:06 +02:00
José Valim
8bf6a66e05 Make Devise::Oauth follow the same conventions as Devise::controllers. 2010-07-26 20:32:05 +02:00
José Valim
3ba424774e Remove deprecated code. 2010-07-26 20:32:05 +02:00
José Valim
1a9db03b22 Do not rely on load time anymore. Instead, provide a helper that is called whenever a mapping is given. 2010-07-26 20:32:05 +02:00
José Valim
faf771c798 Add OAuth url helpers. 2010-07-26 20:32:04 +02:00
José Valim
bd8294aecf More OAuth setup. 2010-07-26 20:32:04 +02:00
José Valim
6c5be8dfd5 Initial routes and module setup. 2010-07-26 20:32:04 +02:00
Trevor Turk
2939a61a49 documentation tweaks for extend_remember_period 2010-07-24 01:06:10 +08:00
José Valim
058d433f28 Add extend_remember_period, closes #340. 2010-07-23 16:32:22 +02:00
James Pellow
9f29ca480b Add http_authenticatable_on_xhr option 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-07-07 21:26:29 +02:00
José Valim
ae6322efb5 No longer retrieve the user from paths, but use the env hash. This change deprecates use_default_scope. 
If you have non conventional routes and want to specify the scope for a controller, you can do that at the router level:

  as :user do
    get "/sign_in", :to => "devise/session#new"
  end

This is saying: when accessing "/sign_in", devise should use the user scope. Meaning that users signed through that form will be signed to the user scope.
 2010-07-06 01:33:32 +02:00
Trevor Turk
8824b767f3 remember_across_browsers option for rememberable module 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-30 12:42:42 +02:00
José Valim
2103a673f0 Allow devise_for to be scoped with the scope method. This commit requires latest commits in Rails master. 2010-06-30 12:41:44 +02:00
Maxim Filatov
4db3ac820b sign_out_all_scopes is false by default 2010-06-25 02:29:52 +08:00
Denis Lifanov
819db39263 simplification (sign_out_everybody => sign_out_all_scopes) 2010-06-25 02:29:48 +08:00
Denis Lifanov
f10b747f7f Devise.sign_out_scoped option added 2010-06-25 02:29:43 +08:00
José Valim
5e1ef9319e Check if the user is already signing out before timing out his connection, closes #273. 2010-06-13 12:40:13 +02:00
José Valim
a2f84852af Allow the mailer class to be configured. 2010-06-12 20:56:55 +02:00
José Valim
0333caeb92 Make bcrypt the default encryptor and automatically add a pepper on generation. 2010-06-12 14:46:55 +02:00
José Valim
bff64a6291 Added navigational formats to specify when it should return a 302 and when a 401, closes #234 and #249. 2010-05-16 19:13:38 +02:00
Mantas Masalskis
21129ae38c custom domain cookie support 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-05-16 12:30:00 +02:00
José Valim
e905762611 Clean up the whole loading mess and closes #247. This commit depends on latest Rails. 2010-05-16 00:38:40 +02:00
José Valim
4da63c5395 Ensure routes are loaded before application classes are eager loaded, closes #212. 2010-04-22 19:59:52 +02:00
José Valim
b974b7bc78 Move failure messages from devise.sessions to devise.failure. 2010-04-03 13:11:45 +02:00
José Valim
0f7b311171 Add lockable to migration. 2010-04-02 20:36:27 +02:00
José Valim
f5d01c217d TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 19:09:33 +02:00
José Valim
3d1a04fd83 Fix warden configuration. 2010-03-31 22:04:48 +02:00
José Valim
1d65a76cf3 Move remember_me hook inside strategies. 2010-03-31 21:43:19 +02:00
José Valim
6cc32db2dd Add lock_strategy. 2010-03-31 11:54:11 +02:00
José Valim
65b8908960 Create authenticatable base model and strategy. 2010-03-29 20:52:48 +02:00
José Valim
1c5d4771ff Initial work on making the authentication stack more flexible. 2010-03-29 16:13:19 +02:00
José Valim
033db1ca7c Do not depend on silence_missing_strategies! anymore. This speeds up strategies matching because we don't need to check if the model duck types to the strategy and it doesn't trigger uneeded strategies. 2010-03-28 14:55:05 +02:00