github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 09:17:55 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,490 Commits 28 Branches 145 Tags
v3.2.3
Commit Graph

270 Commits

Author SHA1 Message Date
Tobin Juday
2ba8275dcc Fix off-by-one error in Lockable module 
When using the maximum_attempts config, Devise actually let you fail n
+ 1 times, not n times.

See https://github.com/plataformatec/devise/issues/2825 for details.
 2014-01-06 23:51:45 -05:00
Moises Vargas M
be236fa6dd lock_access! without sending email 2013-12-24 11:51:24 -05:00
Erik Michaels-Ober
3f03ec02ad Cleanup trailing whitespace 2013-12-05 09:03:32 +01:00
Erik Michaels-Ober
26e85c44e2 Removed use of gendered pronouns 2013-12-02 10:02:17 +01:00
Rodrigo Navarro
3e3a3ad102 Small typo. 2013-11-28 09:00:59 -02:00
Lucas Mazza
bf5bcd52cb Bring password_digest back. 
This method is part of the protected API and is used by custom
encryption engines (like `devise-encryptable`) to hook the custom
encryption logic in the models.

Fixes #2730
 2013-11-08 16:22:31 -02:00
Vitaly Bezkrovny
bb810cfb8f * show message for last attempt, not for one-before-last one; 
* update test to check the message :invalid, :last_attempt, :locked
 2013-10-22 00:43:56 +03:00
Jay Hayes
4861436298 Prevent mutation of orig values during case and wspace sanitizations 2013-10-21 13:21:05 +02:00
Vitaly Bezkrovny
e20e446cf4 + last_attempt 
+ @@last_attempt_warning

+ last_attempt? method;
* send :last_attempt key if it is the last attempt

+ test for last attempt

* update test to make two asserts

* update message
 2013-10-15 01:53:56 +03:00
Vipul A M
ae6a37f796 Cleanup tests for unused variables 2013-09-15 01:52:53 +05:30
José Valim
6b3b0c5e8c Remove deprecated token lookups 2013-09-02 19:23:15 -03:00
José Valim
dff7891b97 Get rid of token authentication 2013-09-02 19:15:47 -03:00
José Valim
605924a921 Add a test related to remember token generation 2013-08-19 20:48:36 +02:00
José Valim
354e5022bf Only allow insecure token lookup if a flag is given 2013-08-06 11:55:13 +02:00
José Valim
143794d701 Use HMAC on tokens stored in the DB 2013-08-05 18:56:07 +02:00
José Valim
c4d5a3fdaa No need to assert for a message we won't receive 2013-07-26 10:00:09 +02:00
José Valim
11a77055f1 Merge pull request #2525 from jetthoughts/timeoutable-without-rememberable 
Fixed checking for rememberable in timeoutable
 2013-07-26 00:58:09 -07:00
Michael Nikitochkin
fffbeb5cc7 Fixed bug when user has field remember_created_at but the module rememberable is not enabled for the user 2013-07-26 10:20:29 +03:00
Siarhei Hanchuk
b7bc8dec12 Added method after_confrimation 2013-07-23 14:19:58 +03:00
José Valim
da0323e591 Merge pull request #2419 from plataformatec/issue-2418 
set error to the field specified in unlock_keys config
 2013-07-08 23:52:19 -07:00
José Valim
061e9d7404 Merge pull request #2475 from tkhr/enable_skipping_reconfirmation_notification_but_regenerate_confirmation_token_2 
Enable to skip sending reconfirmation email when reconfirmable is on and skip_confirmation_notification! is invoked
 2013-07-08 23:51:42 -07:00
Takehiro Adachi
df2995ce19 Enable to skip sending reconfirmation email when skip_confirmation_notification! is invoked 
We could always generate a confirmation token but not sending a
confirmation email by invoking the skip_confirmation_notification!
method when creating the account.
But there were no way to do that when we were turning on reconfirmable
and updating email.
 2013-06-20 08:21:54 +09:00
José Valim
72cf2481b5 Rename ParamFilter to ParameterFilter for consistency 2013-06-19 09:17:54 +02:00
Steve Slotnick
b194882b23 Renaming get_or_create_*_token to ensure_*_token to match API in token authenticatable 2013-06-12 15:10:14 -07:00
Steve Slotnick
b5909f9b93 changing name from *_token! to get_or_create_*_token 2013-06-11 14:14:17 -07:00
Steve Slotnick
3c9cfa50c0 Adding publicly available methods on Recoverable and Confirmable to retrieve tokens 2013-06-10 19:17:19 -07:00
Kramer Campbell
17e85aa79d Avoid sending confirmations to blank emails. 
At times, validations may be skipped and no email address may be
provided. Such an instance comes when testing uniqueness validations of
specific attributes in a Devise model with confirmable, especially when
using Shoulda matchers.
 2013-05-22 19:48:06 -07:00
Vasiliy Ermolovich
dd7c3ee91f set error to the field specified in unlock_keys config 
closes #2418
 2013-05-14 17:41:47 +03:00
Carlos Antonio da Silva
eb0ad1c21a Merge branch 'master' into rails4 2013-05-07 13:01:34 -03:00
José Valim
e499fadf52 Use persisted? in order to check if the record was destoryed or not 2013-05-07 08:55:30 -06:00
José Valim
5ad122b928 Fix build for mongoid 2013-05-07 08:47:18 -06:00
José Valim
03f2a6a5e4 Merge pull request #2392 from michiel3/master 
Add destroy_with_password method
 2013-05-07 07:11:47 -07:00
Carlos Antonio da Silva
69f79ad446 Let Devise play with both Rails 3.2 and Rails 4 for now 2013-05-05 19:55:06 -03:00
Victor Cruz Dueñas
d6d61fc5be Adding tests for case_insensitive_keys and strip_whitespace_keys to param filter 2013-05-05 01:02:48 +02:00
Michiel Prins
60e933df73 Add destroy_with_password method 2013-04-29 15:06:13 +02:00
Carlos Antonio da Silva
b8c5d76c5a Merge pull request #2380 from vipulnsward/fix_warnings 
fix some warnings
 2013-04-19 15:53:43 -07:00
Vipul A M
b871bd5036 fix some warning 2013-04-19 19:08:20 +05:30
Vipul A M
2e6457006e Remove unused variables and fix typos 2013-04-18 10:24:38 +05:30
Carlos Antonio da Silva
d89dad5728 Bundle update for both Rails 3.1 and 3.2, update mocha, fix failing tests 2013-04-13 11:08:27 -03:00
Drew Ulmer
af4a582300 Remove mass-assignment role-based tests, no longer supported in Rails 4 
Mass-assignment security roles are removed in Rails 4 so there's no need
to test :as => :role behavior.
 2013-03-31 15:21:49 -05:00
Carlos Antonio da Silva
3c885e043d Fix changed error messages from confirmation validation 2013-02-25 22:12:06 -03:00
Carlos Antonio da Silva
f8792c8cf0 Update to Rails 3-2-stable and fix failing tests 2013-02-25 22:06:10 -03:00
Greg Gates
72cfaad618 Add #skip_confirmation_notification to Confirmable 2013-02-22 12:43:01 -05:00
Vasiliy Ermolovich
395a69b4ef allow_unconfirmed_access_for set to nil means unconfirmed access for unlimited time 
closes #2275
 2013-02-13 21:17:38 +03:00
Carlos Antonio da Silva
0285565322 Actually fix this test by forcing to_s on the id 2013-01-28 21:40:11 -02:00
Carlos Antonio da Silva
acc3adb2c1 Use #next instead of calculating id + 1 
The id attribute is not Integer in Mongo, so it fails with something like:

    NoMethodError: undefined method `+' for "5106fc06ee6da1ee44000002":Moped::BSON::ObjectId'`

With #next, it will work with both Integer and String ids, for both AR
and Mongo, returning a different id to test for filtered conditions.
 2013-01-28 20:46:21 -02:00
Rafael Mendonça França
bfa65dde70 Use the Ruby 1.8 hash syntax. 
Yes we still support Ruby 1.8 😢
 2013-01-28 13:21:44 -02:00
José Valim
5190f52857 Require string conversion for all values 2013-01-26 11:42:42 -07:00
José Valim
33fb89340a Revert "update_with_password doesn't change encrypted password when it is invalid" 
This reverts commit 10235f9d72.
 2013-01-11 19:12:53 +01:00
Drew Ulmer
c768366240 Add failing tests for Issue #2204 
For a point release upgrade, Devise should not throw an exception when trying
to downcase or strip globally configured keys. This would be a breaking
change in functionality and this test demonstrates the issue.
 2013-01-09 11:41:20 -06:00