github/devise
1
1
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2026-01-14 09:17:55 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,707 Commits 28 Branches 145 Tags
v4.7.3
Commit Graph

1896 Commits

Author SHA1 Message Date
Carlos Antonio da Silva
f6e8d90b98 Release 4.7.3 2020-09-20 21:06:51 -03:00
Carlos Antonio da Silva
f6a6d4c34b Revert "Replace BLACKLIST_FOR_SERIALIZATION with DENYLIST_FOR_SERIALIZATION" 
This reverts commit 2da46d8dd6.
 2020-09-20 21:00:05 -03:00
Carlos Antonio da Silva
8f949ed391 Revert "Deprecate BLACKLIST_FOR_SERIALIZATION on all supported Rails versions" 
This reverts commit 0c2cab7c94.
 2020-09-20 21:00:03 -03:00
mune
eed641d2be Add spaces around method arguments when setting default values 
Closes #5288
 2020-08-31 18:15:45 -03:00
Tony Novak
23fbc35b2d Fix hanging tests for streaming controllers using Devise 
Fixes #5285.
 2020-08-26 12:02:09 -04:00
Carlos Antonio da Silva
0c2cab7c94 Deprecate BLACKLIST_FOR_SERIALIZATION on all supported Rails versions 
Deprecate `BLACKLIST_FOR_SERIALIZATION` constant in favor of a more
descriptive name `UNSAFE_ATTRIBUTES_FOR_SERIALIZATION`, removing
unnecessary usage of the word `blacklist` from devise.

The previous constant still works but will emit a warning if used, to
allow anyone still depending on it to upgrade.

This includes an internal backport of the Rails `deprecate_constant`
implementation that exists on Rails 5.1+ to be able to deprecate it
properly in prior versions, while we support those. (which I intend to
drop soon.)
 2020-08-19 19:36:25 -03:00
Seiei Miyagi
2da46d8dd6 Replace BLACKLIST_FOR_SERIALIZATION with DENYLIST_FOR_SERIALIZATION 2020-08-17 22:17:06 +09:00
Daniel Pepper
507573994a Ensure serializable_hash doesn't raise with a frozen :except array 
I ran into an issue where options[:except] is a frozen array, which
explodes when we try to concat values in `serializable_hash`. To fix this
we dup the `:except` option before concatenating with the other options
there.

Closes #5278.
 2020-08-13 18:38:23 -03:00
Carlos Antonio da Silva
f5cc775a5f Remove commented out code 2020-06-23 08:50:20 -03:00
Carlos Antonio da Silva
b94b957490 Prefer american style english for code 
Nothing personal, just seems to be much more common usage across the
code.
 2020-06-23 08:50:20 -03:00
Carlos Antonio da Silva
057afdc1e6 Fix another thor deprecation warning in the install generator 
This one has been showing up when running tests:

    Deprecation warning: Expected string default value for '--orm'; got false (boolean).
    This will be rejected in the future unless you explicitly pass the options
    `check_default_type: false` or call `allow_incompatible_default_type!` in your code
    You can silence deprecations warning by setting the environment variable THOR_SILENCE_DEPRECATION.
 2020-06-18 18:02:43 -03:00
David Rodríguez
ffa8a80f42 Fix warning from thor 
The `:orm` option can also have string values.
 2020-06-18 16:21:58 +02:00
Carlos Antonio da Silva
16f27b3074 Bump to v4.7.2 2020-06-10 15:23:45 -03:00
hyuraku
6d37e32437 remove useless rails51? method 2020-06-09 21:50:30 +09:00
Carlos Antonio da Silva
2c1b5fb240 Update changelog with latest [ci skip] 2020-06-08 18:40:50 -03:00
Carlos Antonio da Silva
14a3084b59 Simplify the view generator with scoped views 2020-06-07 19:16:36 -03:00
Vitalii Lazebnyi
e0b9915418 #5234 fix. Deprecated warning at controller_helpers.rb 2020-06-05 11:41:19 -03:00
Hiroyuki Morita
1f30f6fa85 Remove unused method from Devise::Generators::InstallGenerator 
`rails_4?` is not called anymore since 2024fca4df.
 2020-04-23 08:19:21 +09:00
HLFH
d65bb156c1 type: :boolean for :orm 2020-03-28 09:13:35 +00:00
Gaspard d'Hautefeuille
6851f1d1c4 Deprecation warning: Expected string default value for '--orm' 2020-03-26 17:13:51 +00:00
Rafael França
769506e96c Merge pull request #5204 from unleashy/patch-1 
Clarify DatabaseAuthenticable's behaviour for password fields
 2020-03-12 14:54:45 -04:00
unleashy
eefae83c92 Make a more accurate claim 2020-03-12 15:52:51 -03:00
Petrik
63fe1a843f Explain how changing stretches affects existing password hashes 2020-03-12 16:16:55 +01:00
unleashy
748803cd59 Clarify DatabaseAuthenticable's behaviour 
with regards to the `password` field
 2020-03-05 14:47:43 -03:00
Steven Hsieh
12a265d1eb optimize earlier timeout_skip to avoid unecessary record lookup 2020-02-19 10:51:36 -08:00
Rafael Mendonça França
a17abad57a Remove all references to Plataformatec 2020-02-03 11:33:17 -05:00
Connor Shea
a3fcb3b682 Fix two deprecated usages of keyword arguments. 
This prevents us from using behavior that was deprecated in Ruby 2.7.
 2019-12-26 17:44:53 -07:00
Samuel Pordeus
fb18c6ca8d Fix typos 2019-11-28 18:13:47 -03:00
Colin Ross
14863ba4c9 Documentation: Details/Notes regarding Rails API-only applications (#5152) 
* doc: Add some additional details concerning using devise in an API-only Rails application

* Apply wording suggestions from code review

Co-Authored-By: Marcos Ferreira <mracos@users.noreply.github.com>

* Apply suggestions from code review

Co-Authored-By: Marcos Ferreira <mracos@users.noreply.github.com>
 2019-10-29 15:06:37 -03:00
Looi David
406915cb78 changed? behaviour has been updated (#5135) 
* `changed?` behaviour has been updated

Due to 16ae3db5a5 `changed?` has been updated to check for dirtiness after save. The new method that behaves like the old `changed` is `saved_changes?`.

* Add comment to explain which method to used based on which rails version it is
 2019-10-22 10:39:34 -03:00
Ryan Lue
5d73e1e3bb Explain layout of default config initializer [ci skip] 2019-09-27 06:21:27 +08:00
Marcos Ferreira
f48b6f1651 Merge pull request #5067 from shobhitic/master 
Using scoped errors for scoped views. Fixes #5066
 2019-09-17 14:49:57 -03:00
Marcos Ferreira
b52e642c01 Merge pull request #5074 from sergey-alekseev/increase-default-stretches-to-12 
Increase default stretches to 12
 2019-09-17 13:30:55 -03:00
Leonardo Tegon
098345aace Prepare for version 4.7.1 2019-09-06 10:20:20 -03:00
Leonardo Tegon
fee43f3c11 Always return an error when confirmation_token is blank (#5132) 
As reported in https://github.com/plataformatec/devise/issues/5071, if
for some reason, a user in the database had the `confirmation_token`
column as a blank string, Devise would confirm that user after receiving
a request with a blank `confirmation_token` parameter.
After this commit, a request sending a blank `confirmation_token`
parameter will receive a validation error.
For applications that have users with a blank `confirmation_token` in
the database, it's recommended to manually regenerate or to nullify
them.
 2019-09-04 15:42:48 -03:00
Leonardo Tegon
a79057070c Prepare for 4.7.0 release 2019-08-19 11:35:55 -03:00
Denis Krasulin
45cc668683 Update routes.rb 
Comment incorrectly states that default method is "get", while line 228 of /lib/devise.rb sets "delete": "The default method used while signing out: @@sign_out_via = :delete"
 2019-07-16 01:08:44 +03:00
Rafael Mendonça França
54fb582269 Officially support Rails 6.0 
Also remove upper bound on railties so people can try devise with new
versions without having to wait us to change the gem and report bugs.
 2019-06-12 16:10:13 -04:00
Rafael Mendonça França
44f7325a91 Remove unneeded require 
The code that was using that constant is not being used anymore.

Closes #5083
 2019-06-12 16:04:50 -04:00
Sergey Alekseev
63ea6533de increase default stretches to 12 
Test script
---

```ruby
require 'bcrypt'
require 'benchmark'
Benchmark.measure { BCrypt::Password.create('password', cost: 12) }
```

Test results
---

- [Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz](https://ark.intel.com/content/www/us/en/ark/products/97535/intel-core-i5-7360u-processor-4m-cache-up-to-3-60-ghz.html): `#<Benchmark::Tms:0x00007fdd00a4eb30 @label="", @real=0.21730700000080105, @cstime=0.0, @cutime=0.0, @stime=0.00020399999999999585, @utime=0.21685199999999996, @total=0.21705599999999997>`
- [Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz](https://ark.intel.com/content/www/us/en/ark/products/137979/intel-core-i7-8559u-processor-8m-cache-up-to-4-50-ghz.html): `#<Benchmark::Tms:0x00007fe91094fd30 @label="", @real=0.17964200000278652, @cstime=0.0, @cutime=0.0, @stime=7.399999999996298e-05, @utime=0.17950799999999845, @total=0.1795819999999984>`

Other gems
---

- bcrypt-ruby which is used by devise [updated](https://github.com/codahale/bcrypt-ruby/pull/181) their default cost to 12 (not released a gem version yet).
- rails has [a PR](https://github.com/rails/rails/pull/35321) from the Rails core team member to update their `ActiveModel::SecurePassword` which powers `has_secure_password` default cost to 13 (not merged yet).

Previous changes
---

[Previous PR](https://github.com/plataformatec/devise/pull/3549) to increase the default stretches to 12 was created more than 4 years ago. That time the default stretches value [was increased](9efc601c73) from 10 to 11.
 2019-05-11 19:35:13 +03:00
Marcos Ferreira
28248e3167 Merge pull request #5069 from igorkasyanchuk/master 
Fix rails_51_and_up? method for Rails 6.rc1
 2019-05-06 21:03:16 -03:00
Igor Kasyanchuk
612e30258c Use better syntax to compare gem version 2019-05-05 03:44:44 -07:00
Igor Kasyanchuk
75e8555035 Fix rails_51_and_up? method for Rails 6.rc1 2019-05-03 13:11:34 -07:00
Shobhit Bakliwal
a823e510f3 Using scoped errors for scoped views. Fixes #5066 2019-05-02 13:24:01 +05:30
Vasily Fedoseyev
2d53cf4424 Fix rails 6.0.rc1 email uniqueness validation deprecation error 2019-04-26 14:20:30 +03:00
Felipe Renan
e91b8ee0ba Merge pull request #5055 from saiqulhaq/master 
refactor method name to be more consistent
 2019-04-05 10:03:37 -03:00
M. Saiqul Haq
0d56ae2705 refactor method name to be more consistent 2019-04-04 07:01:39 +07:00
Lucas Ferreira
964ae53e5b Update password confirmation autocomplete 2019-04-02 18:39:19 -03:00
Leonardo Tegon
2e5b5fcd70 Prepare for 4.6.2 release 2019-03-26 13:26:56 -03:00
Marcos Ferreira
f9d13f015a Revert "[#4245] Allowing password to nil (#4261)" 
This reverts commit 3aedbf0a4d.
 2019-03-26 10:29:46 -03:00