github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-21 20:58:11 -05:00
Code Issues Packages Projects Releases Wiki Activity
738 Commits 28 Branches 145 Tags
v1.1.1
Commit Graph

123 Commits

Author SHA1 Message Date
José Valim
c5999c8f61 Tests green on mongoid as well. 2010-07-26 20:25:02 +02:00
José Valim
81620fecab More about extend remember period feature. 2010-07-23 23:57:31 +02:00
José Valim
058d433f28 Add extend_remember_period, closes #340. 2010-07-23 16:32:22 +02:00
José Valim
e567c00dd8 Store classes as string in session, to avoid serialization and stale data issues, closes #356 2010-07-12 07:48:19 +02:00
José Valim
2602ef41cf Do not add unlock routes unless unlock strategy is email or both, closes #373 2010-07-12 07:24:21 +02:00
José Valim
bd0e2a3180 devise_for now accepts a block. All routes inside the block uses the scope defined by devise_for. 
You are now allowed to do:

  devise_for :users do
    # Non conventional sign_in route
    get "/sign_in" => "devise/sessions#new"
  end

And it should work as expected.
 2010-07-07 10:51:14 +02:00
José Valim
750560ae87 Ensure method is always POST on new.html.erb forms, closes #365. Also, start to remove usage of assert_template. 2010-07-06 16:01:22 +02:00
José Valim
ae6322efb5 No longer retrieve the user from paths, but use the env hash. This change deprecates use_default_scope. 
If you have non conventional routes and want to specify the scope for a controller, you can do that at the router level:

  as :user do
    get "/sign_in", :to => "devise/session#new"
  end

This is saying: when accessing "/sign_in", devise should use the user scope. Meaning that users signed through that form will be signed to the user scope.
 2010-07-06 01:33:32 +02:00
klacointe
e9fbb3d7ef fix AbstractController::ActionNotFound when use 
route with specific format (ie xml, json...)
 2010-07-02 13:25:33 +08:00
José Valim
421256d294 Devise should respect script_name and path_info contracts. This closes #331, a long standing bug with Passenger. 2010-07-01 13:50:05 +02:00
Maxim Filatov
4db3ac820b sign_out_all_scopes is false by default 2010-06-25 02:29:52 +08:00
Denis Lifanov
819db39263 simplification (sign_out_everybody => sign_out_all_scopes) 2010-06-25 02:29:48 +08:00
Denis Lifanov
1a224c7486 move sign_out_scoped logic to the Devise::SessionsController#destroy 2010-06-25 02:29:45 +08:00
José Valim
5e1ef9319e Check if the user is already signing out before timing out his connection, closes #273. 2010-06-13 12:40:13 +02:00
José Valim
70a429d9ff Split tests files a bit. 2010-06-13 12:11:15 +02:00
José Valim
f16d01869a Rename apply_schema to apply_devise_schema and refactor Mongoid part a bit. 2010-06-13 11:48:45 +02:00
Alexander Uvarov
6ff77c9fdf Add merb-auth like router helper 2010-05-25 05:51:32 +08:00
Joseph DelCioppio
80977c6dee Added after_update_path to registrations controller. Users can now specify the path that their app should return to after updated a resource. If not specified it will return to the root, or the resource's root if specified. 2010-05-25 04:25:32 +08:00
José Valim
bff64a6291 Added navigational formats to specify when it should return a 302 and when a 401, closes #234 and #249. 2010-05-16 19:13:38 +02:00
José Valim
59bee679ca Add tests to cookie domain, closes #254. 2010-05-16 14:13:56 +02:00
José Valim
d38421dde8 Green tests on Rails master, closes #261 2010-05-15 10:39:11 +02:00
José Valim
708fe78d86 Ensure password confirmation is always required, closes #228 2010-04-25 09:38:56 +02:00
José Valim
4da63c5395 Ensure routes are loaded before application classes are eager loaded, closes #212. 2010-04-22 19:59:52 +02:00
José Valim
731f156f50 Do not show unlock link unless strategy is e-mail. Closes #204. 2010-04-15 08:40:15 +02:00
José Valim
8db559148c All tests green on latest Rails beta. 2010-04-13 23:28:13 +02:00
José Valim
1591294b7a Compatibility with Rails beta 3. 2010-04-05 11:46:26 +02:00
José Valim
b974b7bc78 Move failure messages from devise.sessions to devise.failure. 2010-04-03 13:11:45 +02:00
José Valim
23e608e27b No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3. 2010-04-03 11:43:31 +02:00
José Valim
f5d01c217d TokenAuthenticatable now works with HTTP Basic Auth by default (take a look at Highrise API for a good example). This basically allows you to pass the authentication token as HTTP Basic Auth username. 2010-04-01 19:09:33 +02:00
José Valim
13b8ddf54c Ensure customs pass through sessions_controller. 2010-04-01 14:00:21 +02:00
José Valim
015c74e734 Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database. 2010-03-31 13:31:45 +02:00
José Valim
597a930c74 We do not use t() helpers in views, so there is no reason why this particular one should use them. 2010-03-30 20:06:56 +02:00
José Valim
22e1fa0cb9 Small cleanup. 2010-03-30 00:29:57 +02:00
José Valim
7d14f0bbb9 Allow several authentications to share a common path. 2010-03-29 23:44:47 +02:00
José Valim
1c5d4771ff Initial work on making the authentication stack more flexible. 2010-03-29 16:13:19 +02:00
José Valim
604b7ef61c Move http authenticatable response to failure app. 2010-03-29 15:16:14 +02:00
José Valim
2a082f3e4c Fix some unlockable bugs. 2010-03-28 23:09:28 +02:00
José Valim
bd4b29c0fd sign_in_count shoud default to zero. 2010-03-26 12:56:24 +01:00
José Valim
ca4e09390e Compatibility with Ruby 1.9.1 and 1.9.2. 2010-03-26 11:27:19 +01:00
José Valim
12b64c691f Add support to multipart e-mails (just put them in your mailers folder) and headers customization by simply defining headers_for in your model. 2010-03-26 10:01:24 +01:00
José Valim
ac742e3271 Clean up lockable and class methods API. 2010-03-10 16:13:54 +01:00
José Valim
e03e137c35 Update warden which fixes a security issue. 2010-02-23 19:47:45 +01:00
Jacques Crocker
4a51394af5 MongoMapper test suite fixes 2010-02-19 20:32:31 +08:00
José Valim
3ac399f2ff Returns the proper response body based on the rquest for 401. 2010-02-18 19:38:13 +01:00
José Valim
968ebe1b15 Uses the same content type as request on http authenticatable 401 responses 2010-02-17 21:40:01 +01:00
José Valim
f6cc219210 Devise now allows you to have custom controlleers. Check the README for more information. 2010-02-17 13:15:19 +01:00
José Valim
02e8c04cde Update views generator and now have scoped views. 2010-02-17 12:26:54 +01:00
José Valim
b4bbd3b892 Get all tests passing for ActiveRecord and allow MongoMapper tests to run. 2010-02-17 10:11:43 +01:00
José Valim
33941d1f62 All tests passing (except two which are errors in Rails). Now generators and initialization process. 2010-02-16 21:23:58 +01:00
José Valim
d466849c57 More tests passing for Rails 3 compatibility. 369 tests, 788 assertions, 34 failures, 16 errors. 2010-02-16 16:11:30 +01:00