Release v3.1.2
This commit is contained in:
parent
96c456a72f
commit
0a0681c663
|
@ -1,3 +1,10 @@
|
|||
== 3.1.2
|
||||
|
||||
Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode
|
||||
|
||||
* bug fix
|
||||
* Avoid e-mail enumeration on sign in when in paranoid mode
|
||||
|
||||
== 3.1.1
|
||||
|
||||
* bug fix
|
||||
|
|
|
@ -12,7 +12,7 @@ GIT
|
|||
PATH
|
||||
remote: .
|
||||
specs:
|
||||
devise (3.1.1)
|
||||
devise (3.1.2)
|
||||
bcrypt-ruby (~> 3.0)
|
||||
orm_adapter (~> 0.1)
|
||||
railties (>= 3.2.6, < 5)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
PATH
|
||||
remote: ..
|
||||
specs:
|
||||
devise (3.1.1)
|
||||
devise (3.1.2)
|
||||
bcrypt-ruby (~> 3.0)
|
||||
orm_adapter (~> 0.1)
|
||||
railties (>= 3.2.6, < 5)
|
||||
|
@ -39,7 +39,7 @@ GEM
|
|||
i18n (~> 0.6, >= 0.6.4)
|
||||
multi_json (~> 1.0)
|
||||
arel (3.0.2)
|
||||
atomic (1.1.13)
|
||||
atomic (1.1.14)
|
||||
bcrypt-ruby (3.1.2)
|
||||
builder (3.0.4)
|
||||
erubis (2.7.0)
|
||||
|
@ -125,7 +125,7 @@ GEM
|
|||
tilt (~> 1.1, != 1.3.0)
|
||||
sqlite3 (1.3.7)
|
||||
thor (0.18.1)
|
||||
thread_safe (0.1.2)
|
||||
thread_safe (0.1.3)
|
||||
atomic
|
||||
tilt (1.4.1)
|
||||
treetop (1.4.14)
|
||||
|
|
|
@ -5,13 +5,16 @@ module Devise
|
|||
# Default strategy for signing in a user, based on his email and password in the database.
|
||||
class DatabaseAuthenticatable < Authenticatable
|
||||
def authenticate!
|
||||
resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
|
||||
return fail(:not_found_in_database) unless resource
|
||||
resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
|
||||
encrypted = false
|
||||
|
||||
if validate(resource){ resource.valid_password?(password) }
|
||||
if validate(resource){ encrypted = true; resource.valid_password?(password) }
|
||||
resource.after_database_authentication
|
||||
success!(resource)
|
||||
end
|
||||
|
||||
mapping.to.new.password = password if !encrypted && Devise.paranoid
|
||||
fail(:not_found_in_database) unless resource
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
module Devise
|
||||
VERSION = "3.1.1".freeze
|
||||
VERSION = "3.1.2".freeze
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue