github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-16 02:07:55 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,429 Commits 28 Branches 145 Tags
v3.2.2
Commit Graph

911 Commits

Author SHA1 Message Date
Marcus Mansur
b16899f7bf fixes timeoutable specs to cover sign_out_all_scopes false 2013-11-21 14:02:45 -02:00
Christopher Sexton
7afc096fa4 Keep the query string and path in store_location_for 
Persist the URI's query when saving to the session.

Fixes #2742
 2013-11-20 15:47:20 -05:00
José Valim
f36efc0cc9 Ensure multiple leading / are also removed, thanks @homakov 2013-11-13 15:01:23 +01:00
José Valim
0582467032 Ensure we only store paths in store_location_for (thanks to @homakov for the tip) 2013-11-13 13:30:24 +01:00
José Valim
221be6d6ef Update bundled rails app 2013-11-13 13:29:25 +01:00
José Valim
e303de9756 Merge pull request #2729 from matthewrudy/store-location-helper 
Add store_location_for helper
 2013-11-08 23:22:39 -08:00
Matthew Rudy Jacobs
268e486dbb Add store_location_for helper 
This is used as a complement to `stored_location_for`.

Example:

Before authorizing with Omniauth;

  store_location_for(:user, dashboard_path)
  redirect_to user_omniauth_authorize_path(:facebook)

In our Omniauth callback

  sign_in(user)
  redirect_to stored_location_for(:user) || root_path
 2013-11-09 00:59:00 +00:00
Lucas Mazza
bf5bcd52cb Bring password_digest back. 
This method is part of the protected API and is used by custom
encryption engines (like `devise-encryptable`) to hook the custom
encryption logic in the models.

Fixes #2730
 2013-11-08 16:22:31 -02:00
José Valim
27bcefcf54 Ensure timeoutable hook respects Devise.sign_out_all_scopes configuration 
Closes #2606
 2013-11-06 21:07:38 +01:00
andrew morton
52a3768451 A GET to sign in shouldn't extend the session. 2013-11-06 20:20:22 +01:00
José Valim
13117f01be Merge pull request #2562 from devolute/master 
passes headers through test helpers' response
 2013-11-05 23:59:11 -08:00
José Valim
e445039716 Merge pull request #2717 from memberful/2716-splat-sanitize-params 
Splat the arguments to strong_parameters#permit, fixes #2716
 2013-10-31 14:40:28 +01:00
Benoit Bénézech
d5514bf916 Add options for FailureApp's i18n_message. Similar #1633 2013-10-24 16:49:13 +02:00
Vitaly Bezkrovny
bb810cfb8f * show message for last attempt, not for one-before-last one; 
* update test to check the message :invalid, :last_attempt, :locked
 2013-10-22 00:43:56 +03:00
Jay Hayes
4861436298 Prevent mutation of orig values during case and wspace sanitizations 2013-10-21 13:21:05 +02:00
Vitaly Bezkrovny
e20e446cf4 + last_attempt 
+ @@last_attempt_warning

+ last_attempt? method;
* send :last_attempt key if it is the last attempt

+ test for last attempt

* update test to make two asserts

* update message
 2013-10-15 01:53:56 +03:00
Vasiliy Ermolovich
0d6493a9a5 proper hash comparing in Devise.bcrypt test 2013-10-06 14:19:08 +03:00
Aaron Patterson
5300bdabc8 add a class method so you can encrypt passwords from fixtures 2013-10-06 13:53:12 +03:00
José Valim
c323065b57 Merge pull request #2634 from gregates/bug/confirmation_workflow 
Tweaks confirmation flow for signed_in users
 2013-09-16 07:17:46 -07:00
Greg Gates
989d7192fa Tweaks confirmation flow for signed_in users 
For #2627

When allow_unconfirmed_access_for > 0, users may
be already signed in at the time they confirm
their account. Consequently, the default
confirmation should be compatible with this
possibility. Additionally, they should not be
redirected to the sign in form after confirmation
in this case. So I've changed
ConfirmationsController#after_confirmation_path_for
to send the user to the root path when signed in,
or the sign in form otherwise.
 2013-09-16 10:12:15 -04:00
Vipul A M
ae6a37f796 Cleanup tests for unused variables 2013-09-15 01:52:53 +05:30
José Valim
9464416c3e Bring back test removed by accident 2013-09-02 19:25:05 -03:00
José Valim
6b3b0c5e8c Remove deprecated token lookups 2013-09-02 19:23:15 -03:00
José Valim
dff7891b97 Get rid of token authentication 2013-09-02 19:15:47 -03:00
Vasiliy Ermolovich
23c5517009 add test for fc251c306c 2013-08-31 15:25:49 +03:00
José Valim
605924a921 Add a test related to remember token generation 2013-08-19 20:48:36 +02:00
Andri Möll
052cbef205 Don't confirm email after password reset. 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2013-08-18 10:13:35 +02:00
José Valim
efe34219a9 Fix the build on Rails 3.2 2013-08-12 15:36:41 +02:00
José Valim
4e318b5167 Simplify parameter sanitization proposal 2013-08-11 22:20:59 +02:00
Alex Peattie
5e7caffc9e Extend params sanitizer, to make it easier to add/remove permitted params 
- Move the default permitted parameters into ParameterSanitizer::PermittedParameters
- Add devise_permitted_parameters helper
- devise_permitted_parameters.add to add permitted parameters
- devise_permitted_parameters.remove to remove Devise's defaults
- devise_permitted_parameters.for to access the parameters for a given action
- Update 'Strong Parameters' section of README

Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2013-08-11 22:20:59 +02:00
chris
a1d83d5d4e passes headers through test helpers' response 2013-08-09 09:51:05 +02:00
José Valim
86f2696b84 Merge pull request #2529 from papercavalier/lang-edit 
Grammar
 2013-08-08 13:39:50 -07:00
José Valim
3dccf3c6ff Do not sign in after confirmation 2013-08-08 22:33:58 +02:00
José Valim
354e5022bf Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00
José Valim
143794d701 Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
José Valim
32648027e2 Add Devise::KeyGenerator 2013-08-05 11:47:36 +02:00
José Valim
7e96bac6a4 Get rid of deprecated code 2013-08-05 11:24:04 +02:00
José Valim
f5a77ac598 Skip storage for cookies on unverified requests 2013-08-05 10:24:11 +02:00
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
hakanensari
9a60415e2e Fix assertion 2013-07-26 19:31:49 +01:00
José Valim
c4d5a3fdaa No need to assert for a message we won't receive 2013-07-26 10:00:09 +02:00
José Valim
11a77055f1 Merge pull request #2525 from jetthoughts/timeoutable-without-rememberable 
Fixed checking for rememberable in timeoutable
 2013-07-26 00:58:09 -07:00
José Valim
cd1bc53947 Do not generate attr_accessible for any Rails 4 app 2013-07-26 09:22:03 +02:00
Michael Nikitochkin
fffbeb5cc7 Fixed bug when user has field remember_created_at but the module rememberable is not enabled for the user 2013-07-26 10:20:29 +03:00
José Valim
78fedd6c10 Merge pull request #2523 from Neschur/add_method_after_confrimation 
Added method after_confrimation
 2013-07-25 23:59:50 -07:00
Justin Coyne
b7e67115fc When using rails 3.2, the generator adds 'attr_accessible' to the model. Fixes #2515 2013-07-23 22:49:05 -05:00
Siarhei Hanchuk
b7bc8dec12 Added method after_confrimation 2013-07-23 14:19:58 +03:00
Vasiliy Ermolovich
2c1ca126f4 add remember_me to the permitted sign_in params 2013-07-12 22:14:32 +03:00
José Valim
bc598b9da3 Merge pull request #2452 from latortuga/bad-strong-params-on-failed-login 
Add failing test case for bad parameter sanitizing when failing to login
 2013-07-08 23:53:41 -07:00
José Valim
da0323e591 Merge pull request #2419 from plataformatec/issue-2418 
set error to the field specified in unlock_keys config
 2013-07-08 23:52:19 -07:00