github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 17:27:58 -05:00
Code Issues Packages Projects Releases Wiki Activity
1,070 Commits 28 Branches 145 Tags
v1.2.0
Commit Graph

192 Commits

Author SHA1 Message Date
Jack Dempsey
fbd35ec332 new cache api requires passing a key to get 2011-03-25 06:38:26 +08:00
José Valim
30b35e3727 Fix syntax error. 2011-03-24 20:25:54 +01:00
Jack Dempsey
330cafd3d2 use reference if available otherwise ref 2011-03-25 03:16:41 +08:00
Jack Dempsey
fe9024218c ref will be reference in 3.1 2011-03-25 03:16:40 +08:00
José Valim
74166e224b Faster uniqueness queries, closes #917 2011-03-15 12:53:17 +01:00
Guilherme Silveira
e4cae200f4 simplifying comparisons (avoind too much negatives) and adding unit test cases 2011-02-27 15:14:02 +08:00
José Valim
2e43944567 Move rememberable back to a hook. 2011-02-24 21:55:52 +01:00
José Valim
dd721f1857 Use secure compare as well. 2011-02-15 11:33:54 +01:00
José Valim
add8f8a203 Works on 3.0.4. 2011-02-15 10:27:34 +01:00
Jo Liss
bca43a7576 Require 'rails' in devise.rb. 
This way we can require 'devise' without requiring 'rails' beforehand.
 2011-02-10 23:00:13 +08:00
Jo Liss
8440ed0101 Make Devise::friendly_token 20 characters long. 
This makes the tokens better suited for URLs in plain-text emails, and
is still secure for all practical purposes.
 2011-02-10 21:42:58 +08:00
Carlos Antonio da Silva
c9fe8885f9 Spaces 2011-02-06 19:23:36 -02:00
Nico Ritsche
f06bed279a corrected 'an user' to 'a user' in comments and docs 2011-02-06 23:46:49 +08:00
John Plummer
7a1852e9f5 Allow send confirmation to change keys used 2011-02-05 16:19:01 +08:00
Carlos Antonio da Silva
1f8909458f Fix typo 2011-01-26 22:26:40 -02:00
José Valim
68f699bfd4 Do not change default behavior of previous apps. 2011-01-21 10:55:40 +01:00
José Valim
c78bb68c66 Revert "Fix an issue causing infinite redirects in production, closes #720" 
This reverts commit a156576ce9.

Conflicts:

	lib/devise/controllers/internal_helpers.rb
 2011-01-20 09:16:44 +01:00
Richard Aday
038eb321d4 Allowing reset_password_keys and unlock_keys to be set through the config 2010-12-30 03:10:56 +08:00
José Valim
a156576ce9 Fix an issue causing infinite redirects in production, closes #720 2010-12-18 09:38:41 +01:00
José Valim
b50fd1a72e Fix e-mail regexp. Closes #698 2010-12-01 17:19:45 +01:00
José Valim
71450998c5 Avoid session fixation attacks. 2010-11-20 23:18:41 +01:00
Andrew Dahl
e911abf13b changed case_insensitive_keys config setting to an array and added downcasing of keys as a before filter on database authentication module 2010-11-18 23:29:53 +01:00
Andrew Dahl
94c666e439 first attempt 2010-11-18 21:24:42 +01:00
José Valim
c7efb68a77 Devise does not intercept 401 returned from applications anymore 2010-11-09 23:42:14 +01:00
José Valim
835d1044ae Fix a problem with IE7 headers. 2010-11-08 22:45:42 +01:00
José Valim
2f360bf201 Remove OAuth2 in favor of OmniAuth. 2010-10-18 15:00:34 +02:00
José Valim
21d5e50054 Basic omniauth support. 2010-10-18 15:00:34 +02:00
José Valim
8a8ba6c70c Depend on ORM Adapter. 2010-10-10 17:51:32 +02:00
Carlos Antonio da Silva
0bc80cec35 Remove autoload for Bcrypt encryptor, it does not exist anymore 2010-09-25 23:14:31 -03:00
José Valim
38f3f6318a cookie_domain is deprecated in favor of cookie_options which uses session_options by default. 2010-09-25 21:13:54 +02:00
José Valim
531f221be7 Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication 2010-09-25 20:28:14 +02:00
José Valim
09088706bb Extract encryptors into their own module for better bcrypt support. 2010-09-25 16:08:46 +02:00
José Valim
31d821c2e0 Allow to Rememberable to work without remember_token relying on salt if possible. 
This comes with the benefit that if you change your password, all remember tokens expires, and it also requires one field less in the database.

The downside is that if you want remember_me_across_browser to be false, it won't work unless you use the token. It also requires you to be using database_authenticable.

Using salt is now the default in Devise.
 2010-09-25 13:07:24 +02:00
José Valim
2aa1d2f3b7 Increase the size of the friendly token. 
The chance of someone to successfully guess a random token in the website is:

(number_of_users / 2388636399360109977557402041718133080829429159844757507642063199359529632522467783435119230976)
 2010-09-25 11:51:57 +02:00
José Valim
b2066cc229 Add request_keys support. Closes #401. 2010-09-21 11:45:44 +02:00
José Valim
b8ab9a835b Disable HTTP Authentication by default. You can turn it on in the initializer. 2010-08-23 10:22:31 -03:00
José Valim
617b95fdcd sign_out_all_scopes is true by default. 2010-08-23 09:18:39 -03:00
José Valim
ab7f3bc175 Added Devise.sign_out_via. 2010-08-23 09:05:40 -03:00
José Valim
ef841ca17d Start to add helpers for OAuth tests. 2010-07-26 20:33:22 +02:00
José Valim
bd1006d321 Add the possibility to skip OAuth authentication by returning nil from the finder method. 2010-07-26 20:32:06 +02:00
José Valim
8bf6a66e05 Make Devise::Oauth follow the same conventions as Devise::controllers. 2010-07-26 20:32:05 +02:00
José Valim
3ba424774e Remove deprecated code. 2010-07-26 20:32:05 +02:00
José Valim
1a9db03b22 Do not rely on load time anymore. Instead, provide a helper that is called whenever a mapping is given. 2010-07-26 20:32:05 +02:00
José Valim
faf771c798 Add OAuth url helpers. 2010-07-26 20:32:04 +02:00
José Valim
bd8294aecf More OAuth setup. 2010-07-26 20:32:04 +02:00
José Valim
6c5be8dfd5 Initial routes and module setup. 2010-07-26 20:32:04 +02:00
Trevor Turk
2939a61a49 documentation tweaks for extend_remember_period 2010-07-24 01:06:10 +08:00
José Valim
058d433f28 Add extend_remember_period, closes #340. 2010-07-23 16:32:22 +02:00
James Pellow
9f29ca480b Add http_authenticatable_on_xhr option 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-07-07 21:26:29 +02:00
José Valim
ae6322efb5 No longer retrieve the user from paths, but use the env hash. This change deprecates use_default_scope. 
If you have non conventional routes and want to specify the scope for a controller, you can do that at the router level:

  as :user do
    get "/sign_in", :to => "devise/session#new"
  end

This is saying: when accessing "/sign_in", devise should use the user scope. Meaning that users signed through that form will be signed to the user scope.
 2010-07-06 01:33:32 +02:00