github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-19 19:59:00 -05:00
Code Issues Packages Projects Releases Wiki Activity
1,259 Commits 28 Branches 145 Tags
v1.4.2
Commit Graph

149 Commits

Author SHA1 Message Date
José Valim
33d7644b4f Provide a more robust behavior to serializers and add :force_except option 2011-06-30 10:43:33 -03:00
José Valim
6a8ee475fd This was fixed in mongoid, closes #770. 2011-06-29 20:18:10 -03:00
Chase DuBois
c3432e57b1 Test for previous commit 2011-06-21 20:45:07 -04:00
José Valim
c0017ce76d Merge pull request #1138 from fschwahn/update_without_password 
added update_without_password method, closes #801
 2011-06-15 10:45:18 -07:00
Stefan Wrobel
8e87a2d80d Add strip_whitespace_keys which works like case_insensitive_keys but strips whitespace from emails 2011-06-10 01:37:43 -07:00
José Valim
4964f53a42 Merge pull request #1092 from xavier/filterwhitelist 
Conditional string conversion of auth params (Closes #1079)
 2011-06-08 08:39:53 -07:00
Paul Bellamy
0bcf71f8df Rails has removed SecureRandom from ActiveSupport in Rails 3.2, 
deprecated

* Changing references in generators and encryptable_test
 2011-05-28 14:44:54 +01:00
Xavier Defrang
ab3bb9cf4d Conditional string conversion of auth params (Closes #1079) 2011-05-26 15:45:03 +02:00
José Valim
69126a31db Merge pull request #1052 from Thibaut/email-validation 
Don't validate email format and uniqueness unless it's changed
 2011-05-26 05:24:45 -07:00
Josh Kalderimis
e10bc9e3c0 dup the conditions hash before calling filter_auth_params, this fixes an issue with reseting your password when using a custom auth field like login 2011-05-16 14:08:22 -04:00
Thibaut
92c9ed2d6c Don't validate email format and uniqueness unless it's changed. 2011-05-07 19:02:44 +02:00
fabian
8bdc4b544f added update_without_password method 2011-05-05 09:24:21 +02:00
José Valim
e763f843c4 Tests pass on 3.0.7 2011-05-04 19:24:11 +02:00
José Valim
a59410a254 password_required? should not affect length validation, closes #1037. 2011-04-29 08:33:33 +02:00
Chase DuBois
89e4ab8a45 Moved check against record deletion into forget_me! method in model; added unit test. 2011-04-25 15:49:59 +08:00
José Valim
ae976f60ca Mark the token as expired, because invalid gives no clue of what to do next. 2011-04-21 19:17:33 +02:00
José Valim
40153b7422 Add tests to previous commit. 2011-04-21 13:56:10 +02:00
Rodrigo Flores
a229627a54 Removed failing test cases on e-mail validations 2011-04-19 20:16:20 +08:00
SixArm
2a5669967f Change test email addresses to ues RFC 2606 reserved domain example.com 2011-04-18 15:59:13 +08:00
Steve Hodgkiss
60809719b8 Fix bug when the reset_password_sent_at field doesn't exist generate_password_token returns nil causing the token not to be saved. 2011-04-17 23:53:50 +08:00
José Valim
5e2ee5eb6a Downcase keys before validation. 2011-04-16 12:52:59 +02:00
Mikel Lindsaar
e329930a82 Update DatabaseAuthenticatable#valid_password? to not raise error on empty password 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-04-16 12:41:49 +02:00
Matias Korhonen
8db00eedea Bump the password maximum length to 128 characters. 2011-04-15 16:39:01 +08:00
Jean-Daniel Guyot
be2aeee70f Add reset_password_within configuration variable. 2011-03-30 21:11:33 +08:00
José Valim
edee511cd1 Rename active? to active_for_authentication? 2011-03-25 15:40:46 +01:00
José Valim
3f4fb1a769 Improve previous patch. 2011-03-11 20:46:08 +01:00
gilles
1982ad9f57 fix for possible injection with mongo 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-03-11 20:24:24 +01:00
Vinicius Baggio
aa81df261c Warn about an incompatibility between Devise and Mongoid 2011-02-25 18:17:14 -03:00
Vinicius Baggio
0cc900e7cf Reset lock attempts count when lock is expired. Closes #825 2011-02-25 17:59:27 -03:00
Jo Liss
f964ea526b Skip test that fails with Mongoid. 
The test suite passes now.
 2011-02-10 23:00:14 +08:00
Jo Liss
8440ed0101 Make Devise::friendly_token 20 characters long. 
This makes the tokens better suited for URLs in plain-text emails, and
is still secure for all practical purposes.
 2011-02-10 21:42:58 +08:00
José Valim
f332d7e932 Add a test to show recoverable works as expected if password is blank. 2011-02-09 10:11:48 +01:00
Carlos Antonio da Silva
c9fe8885f9 Spaces 2011-02-06 19:23:36 -02:00
Nico Ritsche
f06bed279a corrected 'an user' to 'a user' in comments and docs 2011-02-06 23:46:49 +08:00
John Plummer
7a1852e9f5 Allow send confirmation to change keys used 2011-02-05 16:19:01 +08:00
Richard Aday
88d4aca2c4 Adding tests for reset_password_keys and unlock_keys 2010-12-30 03:11:03 +08:00
José Valim
8f20b13f84 By default, just require e-mail on recover and lockable. 2010-12-28 23:00:23 +01:00
Andrew Dahl
8d1e23c67d add unit and integration tests for case insensitive keys 2010-11-20 15:54:01 +01:00
José Valim
67a49f3b75 Ensure authenticatable_salt can be nil. 2010-11-11 22:51:39 +01:00
José Valim
ad8d2d7d99 Be more helpful in the already confirmed message, closes #613 2010-11-06 08:54:03 +01:00
José Valim
611261c64e More tests for Omniauth. 2010-10-18 15:00:34 +02:00
Sean Cribbs
9f032350e3 Use ActiveModel's to_key instead of id. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-10-10 17:51:32 +02:00
José Valim
09088706bb Extract encryptors into their own module for better bcrypt support. 2010-09-25 16:08:46 +02:00
José Valim
31d821c2e0 Allow to Rememberable to work without remember_token relying on salt if possible. 
This comes with the benefit that if you change your password, all remember tokens expires, and it also requires one field less in the database.

The downside is that if you want remember_me_across_browser to be false, it won't work unless you use the token. It also requires you to be using database_authenticable.

Using salt is now the default in Devise.
 2010-09-25 13:07:24 +02:00
José Valim
1ed674afa8 Use Admin in old rememberable tests. 2010-09-25 12:04:38 +02:00
José Valim
2aa1d2f3b7 Increase the size of the friendly token. 
The chance of someone to successfully guess a random token in the website is:

(number_of_users / 2388636399360109977557402041718133080829429159844757507642063199359529632522467783435119230976)
 2010-09-25 11:51:57 +02:00
Thibaud Guillaume-Gentil
c121d8026e Avoid BCrypt::Errors::InvalidSalt: invalid salt 
when password_salt is nil.

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 12:09:07 +02:00
José Valim
5429f940e7 Refactor code related with authentication keys on password recovery and account unlocking, closes #396. 2010-09-21 12:05:17 +02:00
RStankov
850afec96e make User#send_reset_password_instructions to require all authentication_keys 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 11:47:07 +02:00
RStankov
fb86f772e7 make User#send_unlock_instructions to require all authentication_keys 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-09-21 11:46:57 +02:00