github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 01:08:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
1,070 Commits 28 Branches 145 Tags
v1.2.0
Commit Graph

172 Commits

Author SHA1 Message Date
Vinicius Baggio
15d195d2f0 Fixing OmniAuth integration tests since now it has support for failure scenarios 2011-03-12 13:58:19 -03:00
José Valim
3f4fb1a769 Improve previous patch. 2011-03-11 20:46:08 +01:00
gilles
1982ad9f57 fix for possible injection with mongo 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-03-11 20:24:24 +01:00
Vinicius Baggio
9bff1cf658 Fixing assertion in integration test 2011-02-25 14:57:49 -03:00
Vinicius Baggio
305059f573 Consider SCRIPT_NAME on omniauth url helper. Closes #876 2011-02-25 14:20:12 -03:00
José Valim
43a3431c3e Add a test to ensure user.remember_me = true followed by a sign in sends the cookie, closes #776 2011-02-24 22:24:21 +01:00
José Valim
2e43944567 Move rememberable back to a hook. 2011-02-24 21:55:52 +01:00
Vinicius Baggio
352edc024b Cleaning up test helpers related to OmniAuth. 
Developers should rely on OmniAuth's new testing API. Check
https://github.com/intridea/omniauth/wiki/Integration-Testing
for more details.
 2011-02-24 16:50:22 -03:00
Vinicius Baggio
970457f2c2 Fixing test error when dealing with multiple time zones 2011-02-23 14:24:42 -03:00
José Valim
ca293d17ba Implement Rails' handle unverified request. 2011-02-15 10:58:38 +01:00
José Valim
6a6ed6702e Improve tests and update CHANGELOG. 2011-02-15 10:07:08 +01:00
Nate Todd
2d0f887ba7 Preventing timeoutable from interfering with stateless tokens. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-02-15 09:54:13 +01:00
José Valim
aac9c40cba Ensure after hooks are called on registrations controller, closes #852 2011-02-15 09:41:35 +01:00
José Valim
af1295284c rememberable cookie now is httponly by default 2010-12-25 12:04:04 +01:00
JamesFerguson
1b43cb5203 Added assertion testing that remember_user_token cookie is flagged as HttpOnly. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-12-25 11:49:40 +01:00
Prem Sichanugrist
e8e3df3891 Add support for non-navigational format response to SessionsController 
This will make Devise::SessionsController return the authenticated object in the requested format instead of redirect the client to another page upon success authentication.
 2010-12-25 17:57:15 +08:00
Carlos Antonio da Silva
268eae1013 Add update_attribute method to Mongoid Shim for devise tests, to fix failing test 
Mongoid does not have this method in the current beta version (2.0.0.beta.20).
 2010-11-26 01:14:27 -02:00
José Valim
71450998c5 Avoid session fixation attacks. 2010-11-20 23:18:41 +01:00
Andrew Dahl
8d1e23c67d add unit and integration tests for case insensitive keys 2010-11-20 15:54:01 +01:00
Denis Hennessy
19219cbe0f Fix for HTTP Basic Auth when base64 encoded string wraps 
When using a token longer than approximately 45 characters, the base64 encoded string passed in
the HTTP_AUTHORIZATION header will contain newline characters. The existing implementation used
a regex which didn't handle this case correctly.
 2010-11-15 16:40:39 +08:00
José Valim
c7efb68a77 Devise does not intercept 401 returned from applications anymore 2010-11-09 23:42:14 +01:00
José Valim
3e38043085 Properly handle failure. 2010-10-18 15:00:34 +02:00
José Valim
611261c64e More tests for Omniauth. 2010-10-18 15:00:34 +02:00
José Valim
cdbd03c45a Simplify I18n lookup. 2010-10-14 14:43:41 +02:00
takahashim
a1c80b6211 use I18n'ed header on error messages block 2010-10-04 15:38:07 +08:00
José Valim
db1ce8eeb2 Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message. This commit also moves after_update_path_for to inside RegistrationsController, not allowing it to be overriden inside ApplicationController anymore. 2010-09-30 09:12:00 +02:00
José Valim
e01dccaefb Fix recoverable tests. 2010-09-30 09:05:11 +02:00
Pat Allan
16c39a9f17 Making sure timeoutable respects rememberable if both are loaded. 2010-09-29 15:27:54 +08:00
José Valim
ef3480004c Ensure we are pointing to the proper sessions controller on failure. 2010-09-26 21:12:05 +02:00
José Valim
38f3f6318a cookie_domain is deprecated in favor of cookie_options which uses session_options by default. 2010-09-25 21:13:54 +02:00
José Valim
531f221be7 Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication 2010-09-25 20:28:14 +02:00
José Valim
617e142e34 Store the salt in session and expire the session if the user changes his password 2010-09-25 17:24:56 +02:00
José Valim
31d821c2e0 Allow to Rememberable to work without remember_token relying on salt if possible. 
This comes with the benefit that if you change your password, all remember tokens expires, and it also requires one field less in the database.

The downside is that if you want remember_me_across_browser to be false, it won't work unless you use the token. It also requires you to be using database_authenticable.

Using salt is now the default in Devise.
 2010-09-25 13:07:24 +02:00
José Valim
dd11f43014 All tests green on latest mongoid. 2010-09-24 11:30:08 +02:00
Martin Davidsson
ec0e105c52 Incorporate feedback from carlosantoniodasilva and update rememberable 
tests
 2010-09-24 11:08:59 +08:00
RStankov
850afec96e make User#send_reset_password_instructions to require all authentication_keys 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 11:47:07 +02:00
José Valim
b2066cc229 Add request_keys support. Closes #401. 2010-09-21 11:45:44 +02:00
takahashim
a9f7b3258a fix TypeError in test_sign_in_with_script_name(AuthenticationOthersTest) 2010-09-16 23:02:49 +08:00
Pelle Braendgaard
7b069e641b Improved test thanks to Jose Valim. 2010-09-14 03:55:10 +08:00
Pelle Braendgaard
2fdb71716f The http authentication code was not checking for the type of authentication in the Authentication header. 
This caused issues with OAuth header authentication.
Please note I have added a test but I'm not sure it works right as it doesn't fails without the change :-)
But it does fix failures in the oauth-plugin provider specs using devise.
 2010-09-14 03:55:09 +08:00
Martin Rehfeld
f3385e96ab use :sign_out_via to control the method(s) for the destroy_*_session_path route 2010-08-13 19:16:59 +08:00
José Valim
c31b1f2146 Remove skipped handling from OAuth in favor of exceptions and rescue_from syntax. 2010-07-28 21:51:26 +02:00
José Valim
4ac6b6e407 Unit tests for OAuth. 2010-07-26 20:33:23 +02:00
José Valim
4bfa98eb7c More and more tests to DeviseOauth. 2010-07-26 20:33:23 +02:00
José Valim
00c6f583e2 More OAuth tests. 2010-07-26 20:33:22 +02:00
José Valim
ac8221aca7 Add cancel to registrations controller as a way to delete information from session. 2010-07-26 20:33:22 +02:00
José Valim
bd8d11e291 More minor tweaks to README> 2010-07-26 20:33:22 +02:00
José Valim
0d6f303735 Add a small connection stubbing API. 2010-07-26 20:33:22 +02:00
José Valim
ef841ca17d Start to add helpers for OAuth tests. 2010-07-26 20:33:22 +02:00
José Valim
c5999c8f61 Tests green on mongoid as well. 2010-07-26 20:25:02 +02:00