github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-24 14:18:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,325 Commits 28 Branches 146 Tags
v3.1.0.rc2
Commit Graph

884 Commits

Author SHA1 Message Date
Andri Möll
052cbef205 Don't confirm email after password reset. 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2013-08-18 10:13:35 +02:00
José Valim
efe34219a9 Fix the build on Rails 3.2 2013-08-12 15:36:41 +02:00
José Valim
4e318b5167 Simplify parameter sanitization proposal 2013-08-11 22:20:59 +02:00
Alex Peattie
5e7caffc9e Extend params sanitizer, to make it easier to add/remove permitted params 
- Move the default permitted parameters into ParameterSanitizer::PermittedParameters
- Add devise_permitted_parameters helper
- devise_permitted_parameters.add to add permitted parameters
- devise_permitted_parameters.remove to remove Devise's defaults
- devise_permitted_parameters.for to access the parameters for a given action
- Update 'Strong Parameters' section of README

Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2013-08-11 22:20:59 +02:00
José Valim
86f2696b84 Merge pull request #2529 from papercavalier/lang-edit 
Grammar
 2013-08-08 13:39:50 -07:00
José Valim
3dccf3c6ff Do not sign in after confirmation 2013-08-08 22:33:58 +02:00
José Valim
354e5022bf Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00
José Valim
143794d701 Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
José Valim
32648027e2 Add Devise::KeyGenerator 2013-08-05 11:47:36 +02:00
José Valim
7e96bac6a4 Get rid of deprecated code 2013-08-05 11:24:04 +02:00
José Valim
f5a77ac598 Skip storage for cookies on unverified requests 2013-08-05 10:24:11 +02:00
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
hakanensari
9a60415e2e Fix assertion 2013-07-26 19:31:49 +01:00
José Valim
c4d5a3fdaa No need to assert for a message we won't receive 2013-07-26 10:00:09 +02:00
José Valim
11a77055f1 Merge pull request #2525 from jetthoughts/timeoutable-without-rememberable 
Fixed checking for rememberable in timeoutable
 2013-07-26 00:58:09 -07:00
José Valim
cd1bc53947 Do not generate attr_accessible for any Rails 4 app 2013-07-26 09:22:03 +02:00
Michael Nikitochkin
fffbeb5cc7 Fixed bug when user has field remember_created_at but the module rememberable is not enabled for the user 2013-07-26 10:20:29 +03:00
José Valim
78fedd6c10 Merge pull request #2523 from Neschur/add_method_after_confrimation 
Added method after_confrimation
 2013-07-25 23:59:50 -07:00
Justin Coyne
b7e67115fc When using rails 3.2, the generator adds 'attr_accessible' to the model. Fixes #2515 2013-07-23 22:49:05 -05:00
Siarhei Hanchuk
b7bc8dec12 Added method after_confrimation 2013-07-23 14:19:58 +03:00
Vasiliy Ermolovich
2c1ca126f4 add remember_me to the permitted sign_in params 2013-07-12 22:14:32 +03:00
José Valim
bc598b9da3 Merge pull request #2452 from latortuga/bad-strong-params-on-failed-login 
Add failing test case for bad parameter sanitizing when failing to login
 2013-07-08 23:53:41 -07:00
José Valim
da0323e591 Merge pull request #2419 from plataformatec/issue-2418 
set error to the field specified in unlock_keys config
 2013-07-08 23:52:19 -07:00
José Valim
061e9d7404 Merge pull request #2475 from tkhr/enable_skipping_reconfirmation_notification_but_regenerate_confirmation_token_2 
Enable to skip sending reconfirmation email when reconfirmable is on and skip_confirmation_notification! is invoked
 2013-07-08 23:51:42 -07:00
Drew Ulmer
e029ad7b0c Fix improper login param sanitization permit 
This includes a failing test case that hooks into ActiveSupport
Notifications to catch the param permit error.
 2013-06-25 13:44:39 -05:00
Takehiro Adachi
df2995ce19 Enable to skip sending reconfirmation email when skip_confirmation_notification! is invoked 
We could always generate a confirmation token but not sending a
confirmation email by invoking the skip_confirmation_notification!
method when creating the account.
But there were no way to do that when we were turning on reconfirmable
and updating email.
 2013-06-20 08:21:54 +09:00
José Valim
72cf2481b5 Rename ParamFilter to ParameterFilter for consistency 2013-06-19 09:17:54 +02:00
Steve Slotnick
b194882b23 Renaming get_or_create_*_token to ensure_*_token to match API in token authenticatable 2013-06-12 15:10:14 -07:00
Steve Slotnick
b5909f9b93 changing name from *_token! to get_or_create_*_token 2013-06-11 14:14:17 -07:00
Steve Slotnick
3c9cfa50c0 Adding publicly available methods on Recoverable and Confirmable to retrieve tokens 2013-06-10 19:17:19 -07:00
Kramer Campbell
17e85aa79d Avoid sending confirmations to blank emails. 
At times, validations may be skipped and no email address may be
provided. Such an instance comes when testing uniqueness validations of
specific attributes in a Devise model with confirmable, especially when
using Shoulda matchers.
 2013-05-22 19:48:06 -07:00
Vasiliy Ermolovich
b7079c7cf2 redirect user to the referrer if latest request was not GET after timeout 
closes #2421
 2013-05-19 17:11:34 +03:00
Vasiliy Ermolovich
dd7c3ee91f set error to the field specified in unlock_keys config 
closes #2418
 2013-05-14 17:41:47 +03:00
Carlos Antonio da Silva
eb0ad1c21a Merge branch 'master' into rails4 2013-05-07 13:01:34 -03:00
José Valim
e499fadf52 Use persisted? in order to check if the record was destoryed or not 2013-05-07 08:55:30 -06:00
José Valim
5ad122b928 Fix build for mongoid 2013-05-07 08:47:18 -06:00
José Valim
03f2a6a5e4 Merge pull request #2392 from michiel3/master 
Add destroy_with_password method
 2013-05-07 07:11:47 -07:00
Carlos Antonio da Silva
69f79ad446 Let Devise play with both Rails 3.2 and Rails 4 for now 2013-05-05 19:55:06 -03:00
Victor Cruz Dueñas
d6d61fc5be Adding tests for case_insensitive_keys and strip_whitespace_keys to param filter 2013-05-05 01:02:48 +02:00
Carlos Antonio da Silva
a0058d5fbf Add some spaces, remove comment 2013-05-03 21:52:00 -03:00
Carlos Antonio da Silva
d9d5ae3d58 Correct OrderedHash initialization to ensure keys order in 1.8.7 
This should hopefully fix the build with 1.8.7 🙏
 2013-05-01 21:35:03 -03:00
Michiel Prins
60e933df73 Add destroy_with_password method 2013-04-29 15:06:13 +02:00
Vasiliy Ermolovich
dceb788c6b fix OrderedHash initialization 2013-04-23 10:37:10 +03:00
Vasiliy Ermolovich
fae8e977e8 use ordered hash to fix tests on ruby 1.8 2013-04-22 22:42:49 +03:00
Tan Jun Rong
804fbdf6d5 Fix spelling error, 'reseting' to 'resetting' 2013-04-22 22:25:40 +08:00
Tan Jun Rong
9d5a9c8a61 Add ability to override the redirect path after user has reset their password 2013-04-22 20:22:53 +08:00
Carlos Antonio da Silva
b8c5d76c5a Merge pull request #2380 from vipulnsward/fix_warnings 
fix some warnings
 2013-04-19 15:53:43 -07:00
Vipul A M
b871bd5036 fix some warning 2013-04-19 19:08:20 +05:30
Vipul A M
2e6457006e Remove unused variables and fix typos 2013-04-18 10:24:38 +05:30
José Valim
8a93c34080 Clean up Devise parameter sanitizer 2013-04-13 23:21:46 -07:00