github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-22 05:08:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
943 Commits 28 Branches 145 Tags
v1.2.rc
Commit Graph

112 Commits

Author SHA1 Message Date
Andrew Dahl
8d1e23c67d add unit and integration tests for case insensitive keys 2010-11-20 15:54:01 +01:00
José Valim
67a49f3b75 Ensure authenticatable_salt can be nil. 2010-11-11 22:51:39 +01:00
José Valim
ad8d2d7d99 Be more helpful in the already confirmed message, closes #613 2010-11-06 08:54:03 +01:00
José Valim
611261c64e More tests for Omniauth. 2010-10-18 15:00:34 +02:00
Sean Cribbs
9f032350e3 Use ActiveModel's to_key instead of id. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-10-10 17:51:32 +02:00
José Valim
09088706bb Extract encryptors into their own module for better bcrypt support. 2010-09-25 16:08:46 +02:00
José Valim
31d821c2e0 Allow to Rememberable to work without remember_token relying on salt if possible. 
This comes with the benefit that if you change your password, all remember tokens expires, and it also requires one field less in the database.

The downside is that if you want remember_me_across_browser to be false, it won't work unless you use the token. It also requires you to be using database_authenticable.

Using salt is now the default in Devise.
 2010-09-25 13:07:24 +02:00
José Valim
1ed674afa8 Use Admin in old rememberable tests. 2010-09-25 12:04:38 +02:00
José Valim
2aa1d2f3b7 Increase the size of the friendly token. 
The chance of someone to successfully guess a random token in the website is:

(number_of_users / 2388636399360109977557402041718133080829429159844757507642063199359529632522467783435119230976)
 2010-09-25 11:51:57 +02:00
Thibaud Guillaume-Gentil
c121d8026e Avoid BCrypt::Errors::InvalidSalt: invalid salt 
when password_salt is nil.

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 12:09:07 +02:00
José Valim
5429f940e7 Refactor code related with authentication keys on password recovery and account unlocking, closes #396. 2010-09-21 12:05:17 +02:00
RStankov
850afec96e make User#send_reset_password_instructions to require all authentication_keys 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 11:47:07 +02:00
RStankov
fb86f772e7 make User#send_unlock_instructions to require all authentication_keys 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 11:46:57 +02:00
José Valim
4ac6b6e407 Unit tests for OAuth. 2010-07-26 20:33:23 +02:00
José Valim
c5999c8f61 Tests green on mongoid as well. 2010-07-26 20:25:02 +02:00
José Valim
81620fecab More about extend remember period feature. 2010-07-23 23:57:31 +02:00
José Valim
058d433f28 Add extend_remember_period, closes #340. 2010-07-23 16:32:22 +02:00
José Valim
b4794e041b Save confirmation token to the database, if one does not exist but was requested, closes #377 2010-07-14 18:03:34 +02:00
José Valim
7774accb6c Remove data_mapper support. 
Devise 1.1.0 will be released soon. This new version will support activerecord and mongoid as default ORMs. From now on, Devise will prefer ORM extensions as gems since this is the best way to handle dependencies.

For example, to allow Devise to work with Datamapper, it requires at least activemodel, dm-rails and dm-timestamps. If the ORM support comes from Devise gem, we cannot add dm-rails and dm-timestamps as dependencies, relying on the developer and documentation to find these out and install them.

Other ORMs may still be added to Devise, as long as they are supported by the community, extend Devise test suite to have all tests passing and they necessarily use ActiveModel::Validations.
 2010-07-04 17:22:57 +02:00
Trevor Turk
aefcd53765 more tests for remember_across_browsers 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-30 12:42:59 +02:00
Trevor Turk
8824b767f3 remember_across_browsers option for rememberable module 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-30 12:42:42 +02:00
Postmodern
29ba790e07 Do not use ActiveRecord only methods in tests. 2010-06-19 17:30:10 -07:00
José Valim
0333caeb92 Make bcrypt the default encryptor and automatically add a pepper on generation. 2010-06-12 14:46:55 +02:00
José Valim
870912d458 beta 4 works, yay. 2010-06-09 01:27:38 +02:00
Paul Rosania
592fa59e88 Automatically create the confirmation_token when email is sent for optionally confirmable models 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-05-16 14:54:05 +02:00
Paul Rosania
02c2df65cd Mark confirmable roles as active when confirmation_required? is false 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-05-16 14:53:08 +02:00
José Valim
c07b5ae858 :activatable is included by default in your models. If you are building a strategy for devise, you now need to call validate(resource), since Devise has now a default API to validate resources before and after signing them in. You can still use other Warden::Strategies with Devise, but they won't work with a few modules like unlockable (they never did, but now we have a single point to make it work). 2010-04-06 16:34:22 +02:00
José Valim
0d3c6b9d99 Small changes to token_authenticatable. 2010-04-06 13:26:56 +02:00
José Valim
015c74e734 Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database. 2010-03-31 13:31:45 +02:00
José Valim
6cc32db2dd Add lock_strategy. 2010-03-31 11:54:11 +02:00
José Valim
7d14f0bbb9 Allow several authentications to share a common path. 2010-03-29 23:44:47 +02:00
José Valim
65b8908960 Create authenticatable base model and strategy. 2010-03-29 20:52:48 +02:00
José Valim
1c5d4771ff Initial work on making the authentication stack more flexible. 2010-03-29 16:13:19 +02:00
Jacques Crocker
6d31e368bf Use persisted? instead of new_record? 
In order to be more ActiveModel compliant, lets use persisted? whereever we can. Particularly for datamapper, new_record? causes api warnings. Better to stick to the ActiveModel api I think.
 2010-03-28 20:53:13 -07:00
José Valim
2a082f3e4c Fix some unlockable bugs. 2010-03-28 23:09:28 +02:00
Jacques Crocker
e127463ac8 Adding Mongoid 2.0 Support, Removing MongoMapper for now 2010-03-26 13:37:38 -07:00
José Valim
ca4e09390e Compatibility with Ruby 1.9.1 and 1.9.2. 2010-03-26 11:27:19 +01:00
José Valim
ac742e3271 Clean up lockable and class methods API. 2010-03-10 16:13:54 +01:00
José Valim
33941d1f62 All tests passing (except two which are errors in Rails). Now generators and initialization process. 2010-02-16 21:23:58 +01:00
José Valim
e6e66481b8 Got all tests in test/models and failure app ones passing. 369 tests, 805 assertions, 13 failures, 2 errors. 2010-02-16 17:00:36 +01:00
José Valim
b3e11c5aca Got another bunch of tests passing on Rails 3. 369 tests, 731 assertions, 33 failures, 53 errors. 2010-02-16 14:57:10 +01:00
José Valim
732e31528e More changes in update_with_password. 2010-02-08 23:14:03 +01:00
José Valim
d7db5b1eea More work on edit. 2010-02-08 20:38:47 +01:00
Carlos Antonio da Silva
9856646fac Merge with master 2010-02-06 09:24:00 -02:00
José Valim
1cf4dc798d Add Http Basic Authentication support. 2010-02-06 01:33:32 +01:00
Carlos Antonio da Silva
21359fb433 Refactoring a bit models and lockable. Also remove devise :all deprecation. 2010-02-04 20:09:53 -02:00
José Valim
3781a0f47b Tidy up token authentication implementation. 2010-02-02 13:21:00 +01:00
Jonas Grimfelt
e1440fb430 Initial support for authorization using "authentication token" (a.k.a. "single access token") - new module. Corresponding changes to Devise core to hook events like "after_changed_password" (only one added now - only one that makes much sense for latest module) easily. Unit and integration tests included. NOTE: One failing test for hooking Warden::Manager.after_authentication - gets ignored for some reason. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-02-02 12:36:44 +01:00
Jonas Grimfelt
0c7c762c16 Fixed some Ruby 1.9 issues/bugs. 2010-01-21 16:06:19 +08:00
José Valim
2afad49a96 Bring rememberable back. 2010-01-14 15:47:14 +01:00