github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-19 19:59:00 -05:00
Code Issues Packages Projects Releases Wiki Activity
772 Commits 28 Branches 145 Tags
v1.1.6
Commit Graph

336 Commits

Author SHA1 Message Date
José Valim
d868a7cbee Fix handle unverified request. 2011-02-15 11:11:08 +01:00
José Valim
1cb6b0ce0f Works on 3.0.4 2011-02-15 11:08:57 +01:00
José Valim
5fc2c2e6f5 Change http_authenticatable default to false to cause less confusion. 2010-11-27 19:50:26 +01:00
José Valim
3bba7edc4f Ensure to convert keys on indifferent hash. 2010-11-27 19:46:17 +01:00
Carlos Antonio da Silva
d6af3d7dc6 Make sure to load test gems only in Devise test env 2010-11-26 00:29:33 -02:00
Carlos Antonio da Silva
767331657b Use UTC for Mongoid timestamps, so it conforms with AR. 2010-11-26 00:02:50 -02:00
José Valim
fb1e9bc8a7 Avoid session fixation attacks. 2010-11-20 23:51:09 +01:00
Carlos Antonio da Silva
4310ad798c Bump webrat to 0.7.1 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-20 23:48:23 +01:00
Pelle Braendgaard
7c51ec0742 Improved test thanks to Jose Valim. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-24 09:30:18 +02:00
Pelle Braendgaard
ed05225dd5 The http authentication code was not checking for the type of authentication in the Authentication header. 
This caused issues with OAuth header authentication.
Please note I have added a test but I'm not sure it works right as it doesn't fails without the change :-)
But it does fix failures in the oauth-plugin provider specs using devise.

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-24 09:30:11 +02:00
Thibaud Guillaume-Gentil
c32cb3da6c Avoid BCrypt::Errors::InvalidSalt: invalid salt 
when password_salt is nil.

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-24 09:29:35 +02:00
Martin Davidsson
70c32e48fc Incorporate feedback from carlosantoniodasilva and update rememberable 
tests
 2010-09-24 00:15:25 -03:00
takahashim
a843b74c86 fix TypeError in test_sign_in_with_script_name(AuthenticationOthersTest) 2010-09-16 12:08:50 -03:00
Carlos Antonio da Silva
56834284bd Update Gemfile to use Rails 3.0 final, all tests green 2010-08-29 23:27:06 -03:00
Carlos Antonio da Silva
a59e20e3bb Add some tests to helper creation using namespaces, to better show how it works. 2010-08-02 08:50:48 -03:00
José Valim
c5999c8f61 Tests green on mongoid as well. 2010-07-26 20:25:02 +02:00
José Valim
81620fecab More about extend remember period feature. 2010-07-23 23:57:31 +02:00
Trevor Turk
2939a61a49 documentation tweaks for extend_remember_period 2010-07-24 01:06:10 +08:00
José Valim
058d433f28 Add extend_remember_period, closes #340. 2010-07-23 16:32:22 +02:00
Stefan Huber
5aeb8cf1cf small documentation fix 2010-07-23 01:33:08 +08:00
José Valim
b4794e041b Save confirmation token to the database, if one does not exist but was requested, closes #377 2010-07-14 18:03:34 +02:00
José Valim
e567c00dd8 Store classes as string in session, to avoid serialization and stale data issues, closes #356 2010-07-12 07:48:19 +02:00
José Valim
2602ef41cf Do not add unlock routes unless unlock strategy is email or both, closes #373 2010-07-12 07:24:21 +02:00
José Valim
a87bc4a861 Also pass stretches to salt generation. 2010-07-12 06:59:49 +02:00
José Valim
9c5ff02ff1 Update CHANGELOG and tidy up tests. 2010-07-07 21:32:13 +02:00
James Pellow
b9df42c350 Add tests for http_authenticatable_on_xhr option 2010-07-08 03:21:13 +08:00
José Valim
bd0e2a3180 devise_for now accepts a block. All routes inside the block uses the scope defined by devise_for. 
You are now allowed to do:

  devise_for :users do
    # Non conventional sign_in route
    get "/sign_in" => "devise/sessions#new"
  end

And it should work as expected.
 2010-07-07 10:51:14 +02:00
José Valim
750560ae87 Ensure method is always POST on new.html.erb forms, closes #365. Also, start to remove usage of assert_template. 2010-07-06 16:01:22 +02:00
Carlos Antonio da Silva
77b7692b57 Regenerate devise initializar and get rid of some deprecation warnings from Devise and Rails. 2010-07-06 08:40:32 -03:00
José Valim
ae6322efb5 No longer retrieve the user from paths, but use the env hash. This change deprecates use_default_scope. 
If you have non conventional routes and want to specify the scope for a controller, you can do that at the router level:

  as :user do
    get "/sign_in", :to => "devise/session#new"
  end

This is saying: when accessing "/sign_in", devise should use the user scope. Meaning that users signed through that form will be signed to the user scope.
 2010-07-06 01:33:32 +02:00
José Valim
7774accb6c Remove data_mapper support. 
Devise 1.1.0 will be released soon. This new version will support activerecord and mongoid as default ORMs. From now on, Devise will prefer ORM extensions as gems since this is the best way to handle dependencies.

For example, to allow Devise to work with Datamapper, it requires at least activemodel, dm-rails and dm-timestamps. If the ORM support comes from Devise gem, we cannot add dm-rails and dm-timestamps as dependencies, relying on the developer and documentation to find these out and install them.

Other ORMs may still be added to Devise, as long as they are supported by the community, extend Devise test suite to have all tests passing and they necessarily use ActiveModel::Validations.
 2010-07-04 17:22:57 +02:00
José Valim
7a1adbb61e Improve integration of devise with new router scope. 2010-07-04 11:53:12 +02:00
José Valim
18cccae82f Update bundler, Rails and improve tests for previous commit. 2010-07-02 08:12:00 +02:00
klacointe
e9fbb3d7ef fix AbstractController::ActionNotFound when use 
route with specific format (ie xml, json...)
 2010-07-02 13:25:33 +08:00
José Valim
421256d294 Devise should respect script_name and path_info contracts. This closes #331, a long standing bug with Passenger. 2010-07-01 13:50:05 +02:00
Trevor Turk
aefcd53765 more tests for remember_across_browsers 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-30 12:42:59 +02:00
Trevor Turk
8824b767f3 remember_across_browsers option for rememberable module 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-30 12:42:42 +02:00
José Valim
2103a673f0 Allow devise_for to be scoped with the scope method. This commit requires latest commits in Rails master. 2010-06-30 12:41:44 +02:00
José Valim
78e7642bd2 Tests green again. 2010-06-29 21:41:34 +02:00
José Valim
4b272767d6 Fix a bug in Devise::TestHelpers where current_user was returning a Response object for non active accounts, closes #341. 2010-06-29 11:52:10 +02:00
Maxim Filatov
4db3ac820b sign_out_all_scopes is false by default 2010-06-25 02:29:52 +08:00
Denis Lifanov
819db39263 simplification (sign_out_everybody => sign_out_all_scopes) 2010-06-25 02:29:48 +08:00
Denis Lifanov
1a224c7486 move sign_out_scoped logic to the Devise::SessionsController#destroy 2010-06-25 02:29:45 +08:00
Denis Lifanov
1924a915a8 sign_out_everybody helper (as a convenient proxy to warden) 2010-06-25 02:29:41 +08:00
José Valim
7a45043bc8 Be more friendly if the user goes ahead and adds devise_for :users before defining the model. 2010-06-24 16:51:30 +02:00
Rob Holland
ad63e25c89 config.load_paths is now config.autoload_paths 2010-06-24 19:28:34 +08:00
José Valim
a39312e26b Ensure flash messages work with Devise::TestHelper, closes #327 2010-06-23 12:39:04 +02:00
Jared Morgan
e90732c8c3 Remove #save! method from test DM User model 
DM has a #save! method, so it's no longer needed. Having it call #save
caused #valid? to be called where tests were expecting validations to be
skipped.
 2010-06-23 18:38:39 +08:00
Postmodern
29ba790e07 Do not use ActiveRecord only methods in tests. 2010-06-19 17:30:10 -07:00
snusnu
4e2cd157c1 Specs surely don't pass, but they run at least! 2010-06-19 17:30:10 -07:00