github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 09:17:55 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,490 Commits 28 Branches 145 Tags
v3.2.3
Commit Graph

284 Commits

Author SHA1 Message Date
Jake Worth
61e87be580 Fix typos 2014-01-09 10:00:27 -06:00
Erik Michaels-Ober
26e85c44e2 Removed use of gendered pronouns 2013-12-02 10:02:17 +01:00
Matthew Rudy Jacobs
268e486dbb Add store_location_for helper 
This is used as a complement to `stored_location_for`.

Example:

Before authorizing with Omniauth;

  store_location_for(:user, dashboard_path)
  redirect_to user_omniauth_authorize_path(:facebook)

In our Omniauth callback

  sign_in(user)
  redirect_to stored_location_for(:user) || root_path
 2013-11-09 00:59:00 +00:00
José Valim
4f1bf8f3f9 Split out sign_in/out functionality so it can be reused in hooks 2013-11-06 20:55:26 +01:00
Vitaly Bezkrovny
e20e446cf4 + last_attempt 
+ @@last_attempt_warning

+ last_attempt? method;
* send :last_attempt key if it is the last attempt

+ test for last attempt

* update test to make two asserts

* update message
 2013-10-15 01:53:56 +03:00
José Valim
6b3b0c5e8c Remove deprecated token lookups 2013-09-02 19:23:15 -03:00
José Valim
20cf73facf Merge pull request #2549 from joaomilho/master 
Using urlsafe_base64 cause it already handle url sensitive chars, keepin...
 2013-08-08 13:38:05 -07:00
José Valim
3dccf3c6ff Do not sign in after confirmation 2013-08-08 22:33:58 +02:00
José Valim
354e5022bf Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00
José Valim
143794d701 Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
Juan Lulkin
4048545151 Using urlsafe_base64 cause it already handle url sensitive chars, keeping the replacement of the confusing chars, though 2013-08-05 14:54:56 +03:00
José Valim
32648027e2 Add Devise::KeyGenerator 2013-08-05 11:47:36 +02:00
José Valim
7e96bac6a4 Get rid of deprecated code 2013-08-05 11:24:04 +02:00
José Valim
747751a20f Protect against CSRF token fixation attacks 2013-08-02 23:13:15 +02:00
José Valim
72cf2481b5 Rename ParamFilter to ParameterFilter for consistency 2013-06-19 09:17:54 +02:00
Carlos Antonio da Silva
eb0ad1c21a Merge branch 'master' into rails4 2013-05-07 13:01:34 -03:00
Vipul A M
2e6457006e Remove unused variables and fix typos 2013-04-18 10:24:38 +05:30
José Valim
5bf4f57fcf Tidy up devise configuration 2013-04-13 22:07:54 -07:00
José Valim
1b8fd7c2ff Merge pull request #2271 from robhurring/master 
Allowing http token auth to set the token_authentication_key if missing from params
 2013-04-13 21:39:36 -07:00
Drew Ulmer
d20fdf87b6 Introduce BaseSanitizer null sanitizer and controller-specific callbacks 
This updates Devise's StrongParameter support to feature:

- A Null base sanitizer to support existing Rails 3.x installations that
  don't want to use StrongParameters yet
- A new, simpler API for ParameterSanitizer: #permit, #permit!, and #forbid
- Overrideable callbacks on a controller-basis, e.g. #create_sessions_params
  for passing the current scope's parameters through StrongParameters and
  a helper method, whitelisted_params, for rolling your own implementations
  of #create_x_params in your own controllers.
- Lots of tests!
 2013-04-10 10:33:50 -05:00
Drew Ulmer
78f137368c Add support for Rails 4 strong_parameters 
This brings support for Rails 4 StrongParameters changes.

- Parameter sanitizing is setup for Devise controllers via
  resource_params except Omniauth Callbacks which doesn't use
  resource_params.

- Change #build_resource to not call resource_params for get requests.
  Parameter sanitizing is only needed when params are posted to the
  server so there's no need to try to construct resource params on get
  requests (new, edit).
 2013-03-31 21:31:48 -05:00
Matt Jones + Tony Schneider
f4ceecece4 Allow explicit configuration of http auth key 
- Fix basic auth case in which authorized_keys is configured as hash
- Duplicate existing functionality when http_auth_key is not explicitly
  set
 2013-03-04 12:23:05 -05:00
Philipe Fatio
c22d755cf4 Make use of warden's scoped serialization 2013-02-25 07:38:42 +01:00
Vasiliy Ermolovich
395a69b4ef allow_unconfirmed_access_for set to nil means unconfirmed access for unlimited time 
closes #2275
 2013-02-13 21:17:38 +03:00
Rob
547439d94c renaming devise option "allow_authorization_to_set_auth_token" to "allow_token_authenticatable_via_headers" 2013-02-10 12:50:52 -05:00
Rob
3025b7e2f7 Allow http token authorization to set token_authentication_key in place of passing it in via params 
It will not override existing token_authentication_key params if they are present.
 2013-02-09 15:12:36 -05:00
Vasiliy Ermolovich
d3f8bd6cae add key option to rememberable_options 
closes #2218
 2013-01-20 23:16:25 +03:00
Jay Shepherd
cc017b1f0d Allow parent_mailer to be customizable via Devise.parent_mailer, useful for engines 2013-01-18 02:26:41 -06:00
Anatoliy Kukul
adc9a45f05 Used other regxp 2012-11-19 13:58:19 +02:00
Anatoliy Kukul
50186474d4 Fix default email_regexp config to not allow spaces 
Default email_regexp config accepted emails with spaces. e.g.: "test user@test server.com" http://rubular.com/r/jXGS8pmumd
Changed regexp to not allow spaces in email. e.g.:  http://rubular.com/r/tTD9PytGEp
 2012-11-19 13:40:54 +02:00
José Valim
bdf0bc7b1e Revert "Revert "New password default minimum length is now 8"" 
This reverts commit b1f490a2f8.
Actually, the implementation was good!
 2012-07-24 23:41:17 +02:00
José Valim
b1f490a2f8 Revert "New password default minimum length is now 8" 
This reverts commit 2950434ed3.
It is backwards incompatible, we need a better migration plan.
 2012-07-24 22:41:13 +02:00
José Valim
f4db03d31c Do not add ActionView::Helpers::DateHelper to all models 2012-07-23 15:59:17 +02:00
Nils Landt
dcada8fe75 Refactor according to line notes from josevalim 
- rename reset_password_within to confirm_within
- confirmation_period_valid? is back and memoized
- fix hash syntax to hashrocket
 2012-07-22 14:02:27 +02:00
Nils Landt
87f2fa9767 Add options to expire confirmation tokens 
With this patch, functionality is added to expire the confirmation
tokens that are being sent by email.
For example, if a token is valid for 3 days only, it cannot be used for
confirmation on the 4th day.
 2012-07-09 14:43:12 +02:00
Rodrigo Flores
2950434ed3 New password default minimum length is now 8 2012-07-06 13:41:28 -03:00
Carlos Galdino
c179cef365 Change the minimum password length to 8 2012-07-06 11:46:46 -03:00
Zamith
512b52e23a Adding option to change omniauth path prefix 2012-06-08 17:50:33 +01:00
Nikita Pomyashchiy
b6abc4623b Remove autoload of deprecated devise/schema 2012-05-17 13:13:19 +04:00
Rodrigo Flores
bb6d7334d0 Fixing gem name 2012-05-09 18:04:40 -03:00
Rodrigo Flores
0d868b9ec1 Removed ENCRYPTORS_LENGTH 2012-05-09 08:42:37 -03:00
Rodrigo Flores
5f440dfe13 Removing encryptors and its autoloads 2012-05-07 16:50:35 -03:00
Rodrigo Flores
768f8832b9 Removing encryptable module 2012-05-07 16:37:16 -03:00
José Valim
32f20dddd6 Get rid of deprecated code 2012-05-06 13:13:53 +02:00
José Valim
b07dd76453 Remove faux bcrypt encryptor from Devise (it was never released and it wont be until we solve the encryptable issue 2012-05-06 12:49:53 +02:00
Andrey Voronkov
7ecbba089f Authentication token expiration on session timeout 2012-04-02 20:48:23 +04:00
Rodrigo Flores
9203651110 Moved BCrypt logic to a encryptor 2012-03-09 16:38:06 -03:00
Rodrigo Flores
1a41fff009 Bye PathChecker 2012-02-16 15:25:06 -02:00
José Valim
df8ac1cfe6 Clean up remember token related config. 2012-02-16 12:30:04 +01:00
José Valim
27a83f3dd3 Ensure Devise.available_router_name is never nil, closes #1648 2012-02-15 17:13:57 +01:00