github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 17:27:58 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,082 Commits 28 Branches 145 Tags
v3.5.8
Commit Graph

364 Commits

Author SHA1 Message Date
Ulisses Almeida
ad99bfe6ef Fix remember me always extending the period 
Now the config `extend_remember_period` is used to:

`true` - Every time the user authentication is validated, the
cookie expiration is updated.
`false` - Does not updates the cookie expiration.

Closes #3994
 2016-04-18 11:47:56 -03:00
José Valim
14affc8a55 Do not timeout if remember me is enabled 2016-01-22 16:18:57 +01:00
José Valim
c92996646a Store creation timestamp on remember cookies 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2016-01-18 14:47:31 +01:00
Błażej Pankowiak
9f32f421a5 Allow skipping the timeoutable hook 2015-11-02 23:53:09 +01:00
Lucas Mazza
40258bf100 Remove the custom OmniAuth camelization on teardown. 2015-08-28 11:26:41 -03:00
Timo Schilling
f5e984c151 use OmniAuth::Utils.camelize 
This will display the provider name with the original camelization:
facebook => Facebook
github => GitHub
linkedin => LinkedIn
 2015-08-28 07:51:37 +02:00
David Rodríguez
4064641967 Remove obsolete expire_auth_token_on_timeout 
This should have been removed in dff7891b97
when token authentication (and the reset_authentication_token! method)
were removed.
 2015-07-11 09:01:22 -03:00
Michael Borohovski
f0992e4a96 Added an option to not automatically sign in a user after a password reset. This is useful for cases where additional strategies might be needed (such as two-factor authentication, e.g.), or generally if it is considered a security risk to automatically log in a user after a password is reset. 2015-02-13 02:29:11 -08:00
Dave Powers
63ae9701b4 Update casing of 'OmniAuth' to match that of official OmniAuth documentation 2014-11-14 14:45:09 -05:00
BM5k
b5713a8ddf add Rememerable#after_remembered callback 2014-11-08 16:39:24 -07:00
BM5k
6f88df3453 add test for after_database_authentication 2014-11-08 16:00:07 -07:00
Timo Schilling
6b0d11ed7a use authentication_keys in flash message, instead of static ‘username’ (fix #3201) 2014-09-23 18:42:11 +02:00
Paul A. Jungwirth
6e0c287391 All causes of failed login should have the same error message 2014-09-11 08:38:14 -07:00
Lucas Mazza
5d43d5f3bc ✂️ 2014-08-11 17:35:28 -03:00
Lucas Mazza
6207e03070 Merge pull request #3135 from alexsoble/master 
UX feature: heads-up for new users about minimum password length
 2014-08-11 17:34:41 -03:00
alexsoble
fe015f5a54 Revert "Update routes to match 'sign up'/'log in', incorporate feedback from @carlosantoniodasilva" 
This reverts commit de2a24b3d3.
 2014-08-10 12:13:35 -04:00
alexsoble
de2a24b3d3 Update routes to match 'sign up'/'log in', incorporate feedback from @carlosantoniodasilva 2014-08-07 11:33:03 -04:00
alexsoble
67d8dd1e94 Replace 'Sign in' with 'Log in' in views, update tests 2014-08-06 13:32:02 -04:00
alexsoble
039b75ba83 Incorporated edits from @lucasmazza, wrote integration tests for password reminder feature 2014-08-06 11:04:46 -04:00
Lucas Mazza
eb9db7ba3a Coerce time objects serialized as Strings before doing the timeoutable comparisons. 
The comparison only fails on Ruby 1.9.3, when we need to parse it properly back
to a Time instance.

Related to #2930.
 2014-08-05 14:58:27 -03:00
alexsoble
e65c26e1e7 Only display password length warning if validatable module is included 2014-08-05 10:22:47 -04:00
alexsoble
c38accd648 Tell new signups about minimum password length in registrations/new.html.erb 2014-08-04 15:53:40 -04:00
José Valim
eeb6060d9d Merge pull request #3054 from cheerfulstoic/devise-neo4j 
Changes to support devise-neo4j
 2014-06-06 21:08:28 +02:00
Brian Underwood
74f4442319 User Model.to_adapter directly as suggested by @josevalim 2014-06-06 08:35:42 -07:00
Brian Underwood
2174e4675e Use User and Admin orm_adapter adapter in tests to support other ORMs (neo4j, in this case) 2014-06-04 21:59:30 -07:00
Brian Underwood
65d7d1ba55 Change test to use acts_like? so that we can have DateTime fields 2014-05-28 22:17:07 -07:00
David Henry
426560a4db Attempt without adding engine to application 2014-05-08 00:46:19 +01:00
David Henry
b5da4e82d0 Add full tests around confirmation when using devise_for with router_name 2014-05-06 23:07:24 +01:00
David Henry
ceafc710ef Start adding tests to the engine routing tests. 2014-05-06 00:56:58 +01:00
kento1218
d63b6b7b9d Fix Devise::ConfirmationsController#after_confirmation_path_for 
after_confirmation_path_for checks whether the user already signed in
by calling signed_in? after confirmation succeeded.
Since it was called without scope specification, the user treated as
signed in inappropriately when the user signed in as another resource
(such as 'admin').
 2014-04-28 20:44:00 +09:00
Lauro Caetano
571dead19b Check if there is a signed in user before sign out. 
Only execute the `SessionsController#destroy` if there is a signed in
user, otherwise it will raise
`ActionController::InvalidAuthenticityToken`.

Fixes #2934.
 2014-04-09 10:25:44 -03:00
Lucas Mazza
da0c27393f Serialize the last_request_at entry as an Integer 
Pushing the `Time` object inside the session has inconsistencies
across different serializers and we should use a more primitive type
so we don't need any specific parsing logic for the JSON serializer.
 2014-03-28 22:51:56 -03:00
Oleg Pudeyev
47845e44a2 Chase language changes in tests 2014-03-03 10:15:33 -05:00
Anshul Sharma
dc1b399a8b Updated ruby 1.9 hash syntax 2014-02-25 22:12:55 +05:30
Vasiliy Ermolovich
49086d0294 remove warnings regarding number extensions 2014-01-04 18:54:19 +03:00
José Valim
3adeba38f5 Merge pull request #2763 from paulanunda/master 
Fixed small grammatical error in en.yml
 2013-12-09 21:50:20 -08:00
Erik Michaels-Ober
26e85c44e2 Removed use of gendered pronouns 2013-12-02 10:02:17 +01:00
Paul Anunda
43282f738e Fixed small grammatical error in en.yml 2013-11-28 10:29:50 -06:00
Marcus Mansur
b16899f7bf fixes timeoutable specs to cover sign_out_all_scopes false 2013-11-21 14:02:45 -02:00
José Valim
27bcefcf54 Ensure timeoutable hook respects Devise.sign_out_all_scopes configuration 
Closes #2606
 2013-11-06 21:07:38 +01:00
andrew morton
52a3768451 A GET to sign in shouldn't extend the session. 2013-11-06 20:20:22 +01:00
José Valim
c323065b57 Merge pull request #2634 from gregates/bug/confirmation_workflow 
Tweaks confirmation flow for signed_in users
 2013-09-16 07:17:46 -07:00
Greg Gates
989d7192fa Tweaks confirmation flow for signed_in users 
For #2627

When allow_unconfirmed_access_for > 0, users may
be already signed in at the time they confirm
their account. Consequently, the default
confirmation should be compatible with this
possibility. Additionally, they should not be
redirected to the sign in form after confirmation
in this case. So I've changed
ConfirmationsController#after_confirmation_path_for
to send the user to the root path when signed in,
or the sign in form otherwise.
 2013-09-16 10:12:15 -04:00
Vipul A M
ae6a37f796 Cleanup tests for unused variables 2013-09-15 01:52:53 +05:30
José Valim
9464416c3e Bring back test removed by accident 2013-09-02 19:25:05 -03:00
José Valim
6b3b0c5e8c Remove deprecated token lookups 2013-09-02 19:23:15 -03:00
José Valim
dff7891b97 Get rid of token authentication 2013-09-02 19:15:47 -03:00
Vasiliy Ermolovich
23c5517009 add test for fc251c306c 2013-08-31 15:25:49 +03:00
Andri Möll
052cbef205 Don't confirm email after password reset. 
Signed-off-by: José Valim <jose.valim@plataformatec.com.br>
 2013-08-18 10:13:35 +02:00
José Valim
3dccf3c6ff Do not sign in after confirmation 2013-08-08 22:33:58 +02:00