github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 01:08:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
1,070 Commits 28 Branches 145 Tags
v1.2.0
Commit Graph

125 Commits

Author SHA1 Message Date
José Valim
edee511cd1 Rename active? to active_for_authentication? 2011-03-25 15:40:46 +01:00
José Valim
3f4fb1a769 Improve previous patch. 2011-03-11 20:46:08 +01:00
gilles
1982ad9f57 fix for possible injection with mongo 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-03-11 20:24:24 +01:00
Vinicius Baggio
aa81df261c Warn about an incompatibility between Devise and Mongoid 2011-02-25 18:17:14 -03:00
Vinicius Baggio
0cc900e7cf Reset lock attempts count when lock is expired. Closes #825 2011-02-25 17:59:27 -03:00
Jo Liss
f964ea526b Skip test that fails with Mongoid. 
The test suite passes now.
 2011-02-10 23:00:14 +08:00
Jo Liss
8440ed0101 Make Devise::friendly_token 20 characters long. 
This makes the tokens better suited for URLs in plain-text emails, and
is still secure for all practical purposes.
 2011-02-10 21:42:58 +08:00
José Valim
f332d7e932 Add a test to show recoverable works as expected if password is blank. 2011-02-09 10:11:48 +01:00
Carlos Antonio da Silva
c9fe8885f9 Spaces 2011-02-06 19:23:36 -02:00
Nico Ritsche
f06bed279a corrected 'an user' to 'a user' in comments and docs 2011-02-06 23:46:49 +08:00
John Plummer
7a1852e9f5 Allow send confirmation to change keys used 2011-02-05 16:19:01 +08:00
Richard Aday
88d4aca2c4 Adding tests for reset_password_keys and unlock_keys 2010-12-30 03:11:03 +08:00
José Valim
8f20b13f84 By default, just require e-mail on recover and lockable. 2010-12-28 23:00:23 +01:00
Andrew Dahl
8d1e23c67d add unit and integration tests for case insensitive keys 2010-11-20 15:54:01 +01:00
José Valim
67a49f3b75 Ensure authenticatable_salt can be nil. 2010-11-11 22:51:39 +01:00
José Valim
ad8d2d7d99 Be more helpful in the already confirmed message, closes #613 2010-11-06 08:54:03 +01:00
José Valim
611261c64e More tests for Omniauth. 2010-10-18 15:00:34 +02:00
Sean Cribbs
9f032350e3 Use ActiveModel's to_key instead of id. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-10-10 17:51:32 +02:00
José Valim
09088706bb Extract encryptors into their own module for better bcrypt support. 2010-09-25 16:08:46 +02:00
José Valim
31d821c2e0 Allow to Rememberable to work without remember_token relying on salt if possible. 
This comes with the benefit that if you change your password, all remember tokens expires, and it also requires one field less in the database.

The downside is that if you want remember_me_across_browser to be false, it won't work unless you use the token. It also requires you to be using database_authenticable.

Using salt is now the default in Devise.
 2010-09-25 13:07:24 +02:00
José Valim
1ed674afa8 Use Admin in old rememberable tests. 2010-09-25 12:04:38 +02:00
José Valim
2aa1d2f3b7 Increase the size of the friendly token. 
The chance of someone to successfully guess a random token in the website is:

(number_of_users / 2388636399360109977557402041718133080829429159844757507642063199359529632522467783435119230976)
 2010-09-25 11:51:57 +02:00
Thibaud Guillaume-Gentil
c121d8026e Avoid BCrypt::Errors::InvalidSalt: invalid salt 
when password_salt is nil.

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 12:09:07 +02:00
José Valim
5429f940e7 Refactor code related with authentication keys on password recovery and account unlocking, closes #396. 2010-09-21 12:05:17 +02:00
RStankov
850afec96e make User#send_reset_password_instructions to require all authentication_keys 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 11:47:07 +02:00
RStankov
fb86f772e7 make User#send_unlock_instructions to require all authentication_keys 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 11:46:57 +02:00
José Valim
4ac6b6e407 Unit tests for OAuth. 2010-07-26 20:33:23 +02:00
José Valim
c5999c8f61 Tests green on mongoid as well. 2010-07-26 20:25:02 +02:00
José Valim
81620fecab More about extend remember period feature. 2010-07-23 23:57:31 +02:00
José Valim
058d433f28 Add extend_remember_period, closes #340. 2010-07-23 16:32:22 +02:00
José Valim
b4794e041b Save confirmation token to the database, if one does not exist but was requested, closes #377 2010-07-14 18:03:34 +02:00
José Valim
7774accb6c Remove data_mapper support. 
Devise 1.1.0 will be released soon. This new version will support activerecord and mongoid as default ORMs. From now on, Devise will prefer ORM extensions as gems since this is the best way to handle dependencies.

For example, to allow Devise to work with Datamapper, it requires at least activemodel, dm-rails and dm-timestamps. If the ORM support comes from Devise gem, we cannot add dm-rails and dm-timestamps as dependencies, relying on the developer and documentation to find these out and install them.

Other ORMs may still be added to Devise, as long as they are supported by the community, extend Devise test suite to have all tests passing and they necessarily use ActiveModel::Validations.
 2010-07-04 17:22:57 +02:00
Trevor Turk
aefcd53765 more tests for remember_across_browsers 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-30 12:42:59 +02:00
Trevor Turk
8824b767f3 remember_across_browsers option for rememberable module 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-30 12:42:42 +02:00
Postmodern
29ba790e07 Do not use ActiveRecord only methods in tests. 2010-06-19 17:30:10 -07:00
José Valim
0333caeb92 Make bcrypt the default encryptor and automatically add a pepper on generation. 2010-06-12 14:46:55 +02:00
José Valim
870912d458 beta 4 works, yay. 2010-06-09 01:27:38 +02:00
Paul Rosania
592fa59e88 Automatically create the confirmation_token when email is sent for optionally confirmable models 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-05-16 14:54:05 +02:00
Paul Rosania
02c2df65cd Mark confirmable roles as active when confirmation_required? is false 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-05-16 14:53:08 +02:00
José Valim
c07b5ae858 :activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00
José Valim
0d3c6b9d99 Small changes to token_authenticatable. 2010-04-06 13:26:56 +02:00
José Valim
015c74e734 Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database. 2010-03-31 13:31:45 +02:00
José Valim
6cc32db2dd Add lock_strategy. 2010-03-31 11:54:11 +02:00
José Valim
7d14f0bbb9 Allow several authentications to share a common path. 2010-03-29 23:44:47 +02:00
José Valim
65b8908960 Create authenticatable base model and strategy. 2010-03-29 20:52:48 +02:00
José Valim
1c5d4771ff Initial work on making the authentication stack more flexible. 2010-03-29 16:13:19 +02:00
Jacques Crocker
6d31e368bf Use persisted? instead of new_record? 
In order to be more ActiveModel compliant, lets use persisted? whereever we can. Particularly for datamapper, new_record? causes api warnings. Better to stick to the ActiveModel api I think.
 2010-03-28 20:53:13 -07:00
José Valim
2a082f3e4c Fix some unlockable bugs. 2010-03-28 23:09:28 +02:00
Jacques Crocker
e127463ac8 Adding Mongoid 2.0 Support, Removing MongoMapper for now 2010-03-26 13:37:38 -07:00
José Valim
ca4e09390e Compatibility with Ruby 1.9.1 and 1.9.2. 2010-03-26 11:27:19 +01:00