github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-24 14:18:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
943 Commits 28 Branches 146 Tags
v1.2.rc
Commit Graph

156 Commits

Author SHA1 Message Date
Carlos Antonio da Silva
268eae1013 Add update_attribute method to Mongoid Shim for devise tests, to fix failing test 
Mongoid does not have this method in the current beta version (2.0.0.beta.20).
 2010-11-26 01:14:27 -02:00
José Valim
71450998c5 Avoid session fixation attacks. 2010-11-20 23:18:41 +01:00
Andrew Dahl
8d1e23c67d add unit and integration tests for case insensitive keys 2010-11-20 15:54:01 +01:00
Denis Hennessy
19219cbe0f Fix for HTTP Basic Auth when base64 encoded string wraps 
When using a token longer than approximately 45 characters, the base64 encoded string passed in
the HTTP_AUTHORIZATION header will contain newline characters. The existing implementation used
a regex which didn't handle this case correctly.
 2010-11-15 16:40:39 +08:00
José Valim
c7efb68a77 Devise does not intercept 401 returned from applications anymore 2010-11-09 23:42:14 +01:00
José Valim
3e38043085 Properly handle failure. 2010-10-18 15:00:34 +02:00
José Valim
611261c64e More tests for Omniauth. 2010-10-18 15:00:34 +02:00
José Valim
cdbd03c45a Simplify I18n lookup. 2010-10-14 14:43:41 +02:00
takahashim
a1c80b6211 use I18n'ed header on error messages block 2010-10-04 15:38:07 +08:00
José Valim
db1ce8eeb2 Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message. This commit also moves after_update_path_for to inside RegistrationsController, not allowing it to be overriden inside ApplicationController anymore. 2010-09-30 09:12:00 +02:00
José Valim
e01dccaefb Fix recoverable tests. 2010-09-30 09:05:11 +02:00
Pat Allan
16c39a9f17 Making sure timeoutable respects rememberable if both are loaded. 2010-09-29 15:27:54 +08:00
José Valim
ef3480004c Ensure we are pointing to the proper sessions controller on failure. 2010-09-26 21:12:05 +02:00
José Valim
38f3f6318a cookie_domain is deprecated in favor of cookie_options which uses session_options by default. 2010-09-25 21:13:54 +02:00
José Valim
531f221be7 Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication 2010-09-25 20:28:14 +02:00
José Valim
617e142e34 Store the salt in session and expire the session if the user changes his password 2010-09-25 17:24:56 +02:00
José Valim
31d821c2e0 Allow to Rememberable to work without remember_token relying on salt if possible. 
This comes with the benefit that if you change your password, all remember tokens expires, and it also requires one field less in the database.

The downside is that if you want remember_me_across_browser to be false, it won't work unless you use the token. It also requires you to be using database_authenticable.

Using salt is now the default in Devise.
 2010-09-25 13:07:24 +02:00
José Valim
dd11f43014 All tests green on latest mongoid. 2010-09-24 11:30:08 +02:00
Martin Davidsson
ec0e105c52 Incorporate feedback from carlosantoniodasilva and update rememberable 
tests
 2010-09-24 11:08:59 +08:00
RStankov
850afec96e make User#send_reset_password_instructions to require all authentication_keys 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 11:47:07 +02:00
José Valim
b2066cc229 Add request_keys support. Closes #401. 2010-09-21 11:45:44 +02:00
takahashim
a9f7b3258a fix TypeError in test_sign_in_with_script_name(AuthenticationOthersTest) 2010-09-16 23:02:49 +08:00
Pelle Braendgaard
7b069e641b Improved test thanks to Jose Valim. 2010-09-14 03:55:10 +08:00
Pelle Braendgaard
2fdb71716f The http authentication code was not checking for the type of authentication in the Authentication header. 
This caused issues with OAuth header authentication.
Please note I have added a test but I'm not sure it works right as it doesn't fails without the change :-)
But it does fix failures in the oauth-plugin provider specs using devise.
 2010-09-14 03:55:09 +08:00
Martin Rehfeld
f3385e96ab use :sign_out_via to control the method(s) for the destroy_*_session_path route 2010-08-13 19:16:59 +08:00
José Valim
c31b1f2146 Remove skipped handling from OAuth in favor of exceptions and rescue_from syntax. 2010-07-28 21:51:26 +02:00
José Valim
4ac6b6e407 Unit tests for OAuth. 2010-07-26 20:33:23 +02:00
José Valim
4bfa98eb7c More and more tests to DeviseOauth. 2010-07-26 20:33:23 +02:00
José Valim
00c6f583e2 More OAuth tests. 2010-07-26 20:33:22 +02:00
José Valim
ac8221aca7 Add cancel to registrations controller as a way to delete information from session. 2010-07-26 20:33:22 +02:00
José Valim
bd8d11e291 More minor tweaks to README> 2010-07-26 20:33:22 +02:00
José Valim
0d6f303735 Add a small connection stubbing API. 2010-07-26 20:33:22 +02:00
José Valim
ef841ca17d Start to add helpers for OAuth tests. 2010-07-26 20:33:22 +02:00
José Valim
c5999c8f61 Tests green on mongoid as well. 2010-07-26 20:25:02 +02:00
José Valim
81620fecab More about extend remember period feature. 2010-07-23 23:57:31 +02:00
José Valim
058d433f28 Add extend_remember_period, closes #340. 2010-07-23 16:32:22 +02:00
José Valim
e567c00dd8 Store classes as string in session, to avoid serialization and stale data issues, closes #356 2010-07-12 07:48:19 +02:00
José Valim
2602ef41cf Do not add unlock routes unless unlock strategy is email or both, closes #373 2010-07-12 07:24:21 +02:00
José Valim
bd0e2a3180 devise_for now accepts a block. All routes inside the block uses the scope defined by devise_for. 
You are now allowed to do:

  devise_for :users do
    # Non conventional sign_in route
    get "/sign_in" => "devise/sessions#new"
  end

And it should work as expected.
 2010-07-07 10:51:14 +02:00
José Valim
750560ae87 Ensure method is always POST on new.html.erb forms, closes #365. Also, start to remove usage of assert_template. 2010-07-06 16:01:22 +02:00
José Valim
ae6322efb5 No longer retrieve the user from paths, but use the env hash. This change deprecates use_default_scope. 
If you have non conventional routes and want to specify the scope for a controller, you can do that at the router level:

  as :user do
    get "/sign_in", :to => "devise/session#new"
  end

This is saying: when accessing "/sign_in", devise should use the user scope. Meaning that users signed through that form will be signed to the user scope.
 2010-07-06 01:33:32 +02:00
klacointe
e9fbb3d7ef fix AbstractController::ActionNotFound when use 
route with specific format (ie xml, json...)
 2010-07-02 13:25:33 +08:00
José Valim
421256d294 Devise should respect script_name and path_info contracts. This closes #331, a long standing bug with Passenger. 2010-07-01 13:50:05 +02:00
Maxim Filatov
4db3ac820b sign_out_all_scopes is false by default 2010-06-25 02:29:52 +08:00
Denis Lifanov
819db39263 simplification (sign_out_everybody => sign_out_all_scopes) 2010-06-25 02:29:48 +08:00
Denis Lifanov
1a224c7486 move sign_out_scoped logic to the Devise::SessionsController#destroy 2010-06-25 02:29:45 +08:00
José Valim
5e1ef9319e Check if the user is already signing out before timing out his connection, closes #273. 2010-06-13 12:40:13 +02:00
José Valim
70a429d9ff Split tests files a bit. 2010-06-13 12:11:15 +02:00
José Valim
f16d01869a Rename apply_schema to apply_devise_schema and refactor Mongoid part a bit. 2010-06-13 11:48:45 +02:00
Alexander Uvarov
6ff77c9fdf Add merb-auth like router helper 2010-05-25 05:51:32 +08:00