github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-04-28 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,080 Commits 33 Branches 149 Tags
v3.5.7
Commit Graph

1645 Commits

Author SHA1 Message Date
David Rodríguez
4064641967 Remove obsolete expire_auth_token_on_timeout 
This should have been removed in dff7891b97
when token authentication (and the reset_authentication_token! method)
were removed.
 2015-07-11 09:01:22 -03:00
Abe Voelker
aa675f7f66 Fix infinite redirect in Rails 4.2 authenticated routes. Closes #3643 2015-06-27 14:25:09 -05:00
Andrey Novikov
4d8bec435d Provided another solution in error message when using omniauth callbacks under a dynamic segment 
Previous solution was too complex and wasn't worked for everyone. See discussion at https://github.com/plataformatec/devise/pull/2227

Fixes #3651 [ci skip]
 2015-06-24 20:39:25 +03:00
Sean Marzug-McCarthy
d49533bedc Fix default email_regexp config to disallow trailing non-word characters 2015-06-22 15:41:49 +02:00
Niklas Andréasson
65dc208ad7 Rm require 'devise/encryptor' in database_authenticable.rb 2015-06-12 13:18:34 +02:00
Niklas Andréasson
e3244b2c31 Autoload Encryptor 2015-06-12 10:36:45 +02:00
yui-knk
3207c73d4b Refactoring expire_data_after_sign_out! 
This method is same to `expire_data_after_sign_in!`,
so alias it
 2015-06-03 13:14:18 +09:00
Danny Burt
29e257e8ba fixed typo referring to routes.rb file 2015-06-02 18:10:22 -07:00
José Valim
42c1ad3c78 Release v3.5.1 2015-05-26 15:10:29 +02:00
José Valim
e641b4b7b9 Also reset password token on email change 2015-05-26 15:09:07 +02:00
José Valim
fe49e625e8 Do not accept empty authentication_salt too 2015-05-26 15:04:27 +02:00
José Valim
31901bc862 Clear up reset password token whenever encrypted password changes 2015-05-26 15:00:12 +02:00
José Valim
4c137c4806 Release v3.5.0 2015-05-23 22:44:49 +02:00
José Valim
7952f1336d Merge pull request #3541 from cipater/fix-failureapp 
Use router_name from scope if available
 2015-05-23 22:23:40 +02:00
José Valim
4b41dab11b Merge pull request #3601 from Angelmmiguel/master 
Allow the user to set the length of friendly token
 2015-05-23 22:15:48 +02:00
José Valim
1f3638aaa5 Do not clean up CSRF on rememberable 2015-05-23 22:13:59 +02:00
Angel M de Miguel
db63df7a8f Calculate real characters based on SecureRandom.urlsafe_base64 method 2015-05-21 14:41:34 +02:00
Angel M de Miguel
b89537936b Allow the user to set the length of friendly token 2015-05-21 13:46:31 +02:00
Griffin Smith
741df732dc Use define_method, not class_eval, for url_helpers 
I'm not hugely familiar with ruby internals vis a vis sclass semantics,
but this *probably* serves as a workaround for the MRI thread-safety
bug mentioned in #3505.
Beyond that, and even if this doesn't fix the thread-safety issue, per
[this blog post][1], `define_method` is recommended over `class_eval`
for performance (and, fwiw, readability) reasons anyway.

[1]: http://tenderlovemaking.com/2013/03/03/dynamic_method_definitions.html
 2015-05-12 15:05:31 -04:00
Carlos Antonio da Silva
d701ed764f Fix wrong comment about http validation method [ci skip] 2015-05-12 14:34:56 -03:00
James Sanders
35de859e28 Change comments on registration and session controller configure methods 2015-05-11 12:12:10 -06:00
José Valim
280c247b2f Merge pull request #3594 from bonobos/feature/split-out-encryptor 
Split out BCrypt hashing to make it reusable
 2015-05-07 12:26:04 +02:00
Magnus von Koeller
a8769933d1 Split out BCrypt hashing to make it reusable 
This logic is generic and reusable -- hash a secret; and take an
unhashed secret and compare it to a hashed secret. This breaks this out
to make it reusable in other places. Specifically, we use this in our
own token auth at Bonobos that we plan to split out as a Devise
extension. This will make that possible without copy & pasting this
code.
 2015-05-06 12:11:09 -07:00
Alan Da Costa
26492b3c50 Add confirmable column documentation 2015-05-05 16:04:15 -07:00
Alessandro Tagliapietra
eac6c743fd Conditionally use flashes in failure_app 
Fixes #3574
 2015-04-21 16:27:44 +02:00
Victor Emanouilov
85d75702ed improve error message when using omniauth callbacks under a dynamic segment 2015-04-21 13:02:28 +03:00
Nicolas Viennot
c22e7133b6 Removes the bang in confirm! and reset_password! 
Closes #3412 and #3570.
 2015-04-19 11:47:44 -04:00
Carlos Antonio da Silva
2f0002a449 Simplify serializable_hash implementation 
Now that Rails 3.1 is not supported anymore, we don't need to implement
to_xml, since it does the right thing by calling serializable_hash.

This removes the class_eval need that existed to simplify the
implementation of both to_xml and serializable_hash.
 2015-03-31 14:11:13 -03:00
cipater
15d3fc497c Use router_name from scope if available 
Devise.available_router_name currently returns either
Devise.router_name or :main_app. As such, any redirecting is done
within either of those contexts. Which leads to undesirable redirects
for scopes that reside in an isolate_namespace mounted engine.

This commit makes it possible for FailureApp’s redirect behavior to be
performed in the context of the router_name given to devise_for.

Test case added to cover undesirable behavior. Without change to
lib/devise/failure_app.rb, test case throws exception.
 2015-03-30 16:18:05 -07:00
Ian Ker-Seymer
8743ce6cf8 Clearly comment on the functionality of valid_password? 2015-03-17 15:21:59 -06:00
Ian Ker-Seymer
70ab38839f Use password.present? in DatabaseAuthenticatable strategy 
In order to be more clear about the expectations of for authenticating, we use
`password.present?` so there is no confusion about the role of the `valid_password?`
method.

More info: https://github.com/plataformatec/devise/issues/3519
 2015-03-17 15:19:23 -06:00
Vasiliy Ermolovich
9aa72db365 Remove extra space. 
[ci skip]
 2015-03-15 02:09:46 +03:00
Carlos Antonio da Silva
868d3d82a0 Do a final pass removing spaces around square brackets 
Keep plataformatec guidelines and review tools happy.
Related to #3480.
 2015-03-13 13:59:19 -03:00
Kosmas Chatzimichalis
1ab2d51308 removed spaces inside square brackets 2015-03-13 13:59:19 -03:00
Carlos Antonio da Silva
d1d5996b6b Remove deprecated methods related to token authentication 
These methods have no effect since Devise 3.2.0, released in Nov 2013.
 2015-03-13 13:54:32 -03:00
Scott Jacobsen
4837bb0a4e Allow objects to specify their devise scope. 
Introspecting the scope of an object can make it difficult to use
wrapper patterns. See issue plataformatec/devise#3307 for an example.

Allow objects to specify their scope explicitly by implementing
`devise_scope`.
 2015-03-03 22:37:25 -07:00
Grzegorz Witek
8d5c2c4fd9 Remove redundant remember_created_at.nil? 
`remember_expired?` already calls this method
 2015-03-03 23:51:10 +08:00
Lauro Caetano
5802a57c76 Merge pull request #3478 from killthekitten/patch-1 
Update message after rails g devise:controllers
 2015-03-01 16:03:14 -03:00
Isaac Betesh
ac79f1e114 allow Devise::Models::Authenticatable to be loaded before Rails 2015-02-24 16:29:06 -05:00
José Valim
61ec44b76e Rollback mongoid fix as 4.0.2 will be out soon 2015-02-19 12:13:57 +01:00
Nikolay Shebanov
5e12508b96 Update message after rails g devise:controllers 2015-02-16 19:46:01 +03:00
José Valim
2992b411a2 Update authenticatable.rb 2015-02-14 11:02:13 +01:00
José Valim
d2658c6e35 Merge pull request #2882 from hauleth/fix-mongoid-10068 
Devise + Mongoid store wrong data in session
 2015-02-14 11:00:48 +01:00
Michael Borohovski
f0992e4a96 Added an option to not automatically sign in a user after a password reset. This is useful for cases where additional strategies might be needed (such as two-factor authentication, e.g.), or generally if it is considered a security risk to automatically log in a user after a password is reset. 2015-02-13 02:29:11 -08:00
José Valim
baef67cee7 Merge pull request #3452 from jaume-prat/master 
workaround for mountable Engines with Rails 4.2
 2015-02-13 09:50:30 +01:00
Ania Slimak
8461234483 Extracted route to separate method to be able to override in child class 2015-02-12 13:07:57 +01:00
Jaume Prat
af8d38e45b do not set :script_name option with nil 2015-02-05 14:33:09 +01:00
Gagan Awhad
90f1d4d37a Add helpful comments re: 'secret_key' in devise initializer template 
Adding a couple comments that explain that Devise will use
'secret_key_base' on Rails 4+ applications as its 'secret_key' by default.
 2015-02-04 14:48:25 -06:00
Luciano Sousa
9177bd70cf removing optional commas 2015-02-02 23:02:52 -03:00
Luciano Sousa
252a57d9b3 removing deprecation warning from rails 5 2015-02-02 22:54:46 -03:00