kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Update CHANGELOG

Browse source
This commit is contained in:
José Valim 2013-08-09 10:30:29 +02:00
parent 4681f81ce6
commit 2a8d0f9bee
2 changed files with 22 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
CHANGELOG.rdoc
View file

@ -1,16 +1,27 @@
== 3.1.0
== 3.1.0.rc
* bug fix
* Do not sign in after confirmation (you can enable this temporarily by setting `config.allow_insecure_sign_in_after_confirmation` to true in your configuration file)
* Do not store confirmation, unlock and reset password tokens directly in the database (you can enable this temporarily by setting `config.allow_insecure_tokens_lookup` to true in your configuration file)
* Do not compare directly against confirmation, unlock and reset password tokens
* Skip storage for cookies on unverified requests
* backwards incompatible changes
* Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration
* The Devise mailer and its views were changed to explicitly receive a token as argument. You will need to update your mailers and re-copy the views to your application with `rails g devise:views`
* deprecations
* Token authentication is deprecated
* bug fix
* Do not sign in after confirmation
* Do not store confirmation, unlock and reset password tokens directly in the database
* Do not compare directly against confirmation, unlock and reset password tokens
* Skip storage for cookies on unverified requests
== 3.0.2
* bug fix
* Skip storage for cookies on unverified requests
== 3.0.1
Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/
* enhancements
* Add after_confirmation callback

5
lib/devise/models.rb
View file

@ -84,6 +84,11 @@ module Devise
devise_modules_hook! do
include Devise::Models::Authenticatable
if selected_modules.include?(:token_authenticatable)
ActiveSupport::Deprecation.warn "devise :token_authenticatable is deprecated. " \
"Please check Devise 3.1 release notes for more information on how to upgrade."
end
selected_modules.each do |m|
mod = Devise::Models.const_get(m.to_s.classify)