github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-19 11:48:11 -05:00
Code Issues Packages Projects Releases Wiki Activity
495 Commits 28 Branches 145 Tags
v1.0.9
Commit Graph

85 Commits

Author SHA1 Message Date
José Valim
f72d7d85c7 Avoid session fixation attacks 2010-11-21 00:23:44 +01:00
Martin Rehfeld
0638a68704 use :sign_out_via to control the method(s) for the destroy_*_session_path route 2010-08-14 11:06:31 +08:00
José Valim
c38b2f69d0 Release devise 1.0.7 with small fixes. 2010-05-03 13:56:25 +02:00
José Valim
1a9092c61b Ensure password confirmation is always required, closes #228 2010-04-25 09:55:11 +02:00
José Valim
681f816074 Backport small updates done in master. 2010-04-11 08:05:21 +02:00
Nat Budin
0bc15286b4 Pass back the custom response, if the winning strategy uses the custom\! method 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-04-02 20:28:26 +02:00
José Valim
52f729e74f Bug fixes on unlockable. 2010-03-28 23:14:36 +02:00
José Valim
e2793fc69e sign_in_count shoud default to zero. 2010-03-26 12:57:36 +01:00
José Valim
1bee9fbef9 Clean up lockable and class methods API. 2010-03-10 16:18:28 +01:00
José Valim
fbe485f3df Update warden which fixes a security issue. 2010-02-23 19:52:53 +01:00
José Valim
c36cd84c31 Returns the proper response body based on the rquest for 401. 2010-02-18 19:52:37 +01:00
José Valim
ee7f5270fc Uses the same content type as request on http authenticatable 401 responses 2010-02-17 21:25:31 +01:00
José Valim
1b6f1b9752 Add registerable integration tests. 2010-02-09 00:08:57 +01:00
José Valim
9798ad7455 Allow scoped views to be customized per controller/mailer class. 2010-02-08 17:33:22 +01:00
José Valim
54cd2cc0e8 Use _ instead of . 2010-02-08 17:15:12 +01:00
Carlos Antonio da Silva
445070f6ec Use sign_up instead of registration in routes. Fix issue with users being signed in while attempting to sign up with info from already existing user. Also fix signed up flash. 2010-02-08 11:03:15 -02:00
Carlos Antonio da Silva
9856646fac Merge with master 2010-02-06 09:24:00 -02:00
José Valim
1cf4dc798d Add Http Basic Authentication support. 2010-02-06 01:33:32 +01:00
José Valim
c146cad448 Ensure inactive user cannot sign in. 2010-02-05 21:36:19 +01:00
Carlos Antonio da Silva
6b837cb285 Introducing Registerable module, allowing users to sign up. 2010-02-04 20:08:38 -02:00
Carlos Antonio da Silva
4de1e43b7a Fix "return_to" to always save the request_uri, overwriting the return to url when the user types another forbidden url before sign in. 
This way the user will be redirected to the last attempted url and not the first one.
 2010-02-04 08:46:22 -02:00
José Valim
3781a0f47b Tidy up token authentication implementation. 2010-02-02 13:21:00 +01:00
Jonas Grimfelt
4878bdb60b Second version of token_authenticatable reflecting feedback: Nuked all hook-stuff. Should be easy to custom-reset authentication tokens by inheritance. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:37:06 +01:00
Jonas Grimfelt
e1440fb430 Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:36:44 +01:00
José Valim
2afad49a96 Bring rememberable back. 2010-01-14 15:47:14 +01:00
José Valim
f46d1b1d81 Add support to Warden 0.9.0.pre 2010-01-14 13:38:02 +01:00
Marcelo Silveira
32991e13c4 Merge and fix conflicts. 2010-01-09 11:22:27 -02:00
José Valim
6517b358a1 sign_in_count should also be increased when user signs in via password change, confirmation, etc. 2010-01-07 22:41:14 +01:00
José Valim
4d8f5ea165 Add an easy way to configure an application to sign in users through "/sign_in". 
First, configure your routes:

  map.devise_for :users
  map.sign_in "/sign_in", :controller => "sessions", :action => "new"

Then, in config/initializers/devise.rb:

  config.use_default_scope = true

The default scope is always the first declaration in routes.rb, but if you need
to change it, you can also do it through the initializer:

  config.default_scope = :user
 2010-01-06 14:31:00 +01:00
José Valim
543fe077d8 Update to work with Warden 0.8.0. 2010-01-05 13:44:13 +01:00
Marcelo Silveira
d2fa737aa0 introducing lockable implementation 2010-01-01 17:57:35 -02:00
José Valim
35a8d13369 Tests passing for ActiveRecord and MongoMapper. 2009-12-21 21:10:23 +01:00
José Valim
c05b8cf2ce Rename :timeout to :timeout_in and release gem again. 2009-11-25 00:11:49 -02:00
José Valim
4c7081c2e3 More Datamapper compatibility. 2009-11-24 18:02:36 -02:00
José Valim
0434d72009 Update TODO, CHANGELOG and README. 2009-11-24 15:29:46 -02:00
José Valim
f9c5dd6a79 Added trackable for sign_in_count, sign_in_at and sign_in_ip. 2009-11-24 15:18:42 -02:00
José Valim
076ce9add8 Improve timeoutable tests a bit. 2009-11-24 11:52:13 -02:00
José Valim
691055cf06 Fix timeout tests. 2009-11-24 11:00:35 -02:00
Carlos Antonio da Silva
a88731bb93 Adding i18n flash message when session is expired. 2009-11-23 23:01:01 -02:00
Carlos Antonio da Silva
fc89db636a Refactoring tests with I18n. 2009-11-23 23:01:00 -02:00
Carlos Antonio da Silva
40aaa98de9 Refactoring timeoutable module and confirmable tests. 2009-11-23 23:01:00 -02:00
Carlos Antonio da Silva
099c77e867 Introducing timeoutable to timeout sessions without activity. 2009-11-23 23:01:00 -02:00
José Valim
415bcdc722 Added scoped views support. Just turn it on in your Devise.setup. 2009-11-21 20:07:37 -02:00
José Valim
ffbc9c604d Only redirect if needed. 2009-11-16 14:31:09 -02:00
José Valim
b70b293690 Add authentication_keys. 2009-11-15 03:31:13 -02:00
José Valim
7ffd0900c1 Rely on Warden new serializers. 2009-11-15 00:13:43 -02:00
José Valim
0be7426847 Use a Rack Middleware to sign in users. 2009-11-13 19:26:33 -02:00
José Valim
4894059828 Remember token is now properly stored and specified one for each user. 2009-11-13 17:23:32 -02:00
José Valim
e6901686c4 Authentication fail with user cannot be serialized from session [#29] 2009-11-10 00:00:40 -02:00
José Valim
1db50dee36 Skip authentication filters by default on Devise controllers and add devise_controller? to select/reject other filters. 2009-11-06 09:33:18 -02:00