kotovalexarian-likes-github/heartcombo--devise

mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00

Author	SHA1	Message	Date
José Valim	767a7a7c21	Ensure handle_unverified_request clean up any cached signed-in user	2011-06-29 20:18:10 -03:00
José Valim	2e61e52520	Fix failing test.	2011-05-23 18:22:32 +02:00
José Valim	4fd866d113	User cannot access sign up and similar pages if he is already signed in through a cookie or token, closes #1036 .	2011-04-29 08:56:57 +02:00
José Valim	2e43944567	Move rememberable back to a hook.	2011-02-24 21:55:52 +01:00
Vinicius Baggio	970457f2c2	Fixing test error when dealing with multiple time zones	2011-02-23 14:24:42 -03:00
José Valim	ca293d17ba	Implement Rails' handle unverified request.	2011-02-15 10:58:38 +01:00
José Valim	af1295284c	rememberable cookie now is httponly by default	2010-12-25 12:04:04 +01:00
JamesFerguson	1b43cb5203	Added assertion testing that remember_user_token cookie is flagged as HttpOnly. Signed-off-by: José Valim <jose.valim@gmail.com>	2010-12-25 11:49:40 +01:00
José Valim	38f3f6318a	cookie_domain is deprecated in favor of cookie_options which uses session_options by default.	2010-09-25 21:13:54 +02:00
José Valim	31d821c2e0	Allow to Rememberable to work without remember_token relying on salt if possible. This comes with the benefit that if you change your password, all remember tokens expires, and it also requires one field less in the database. The downside is that if you want remember_me_across_browser to be false, it won't work unless you use the token. It also requires you to be using database_authenticable. Using salt is now the default in Devise.	2010-09-25 13:07:24 +02:00
Martin Davidsson	ec0e105c52	Incorporate feedback from carlosantoniodasilva and update rememberable tests	2010-09-24 11:08:59 +08:00
José Valim	c5999c8f61	Tests green on mongoid as well.	2010-07-26 20:25:02 +02:00
José Valim	81620fecab	More about extend remember period feature.	2010-07-23 23:57:31 +02:00
José Valim	058d433f28	Add extend_remember_period, closes #340 .	2010-07-23 16:32:22 +02:00
José Valim	59bee679ca	Add tests to cookie domain, closes #254 .	2010-05-16 14:13:56 +02:00
José Valim	1591294b7a	Compatibility with Rails beta 3.	2010-04-05 11:46:26 +02:00
José Valim	23e608e27b	No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3.	2010-04-03 11:43:31 +02:00
José Valim	015c74e734	Use message verifier in cookies. Previous implementation allowed brute force attacks by cookies. Even though it is impossible for the brute force attack to succeed, the current implementation blocks the attacker even before hitting the database.	2010-03-31 13:31:45 +02:00
José Valim	ca4e09390e	Compatibility with Ruby 1.9.1 and 1.9.2.	2010-03-26 11:27:19 +01:00
José Valim	e03e137c35	Update warden which fixes a security issue.	2010-02-23 19:47:45 +01:00
José Valim	33941d1f62	All tests passing (except two which are errors in Rails). Now generators and initialization process.	2010-02-16 21:23:58 +01:00
José Valim	2afad49a96	Bring rememberable back.	2010-01-14 15:47:14 +01:00
José Valim	f46d1b1d81	Add support to Warden 0.9.0.pre	2010-01-14 13:38:02 +01:00
José Valim	7ffd0900c1	Rely on Warden new serializers.	2009-11-15 00:13:43 -02:00
José Valim	0be7426847	Use a Rack Middleware to sign in users.	2009-11-13 19:26:33 -02:00
José Valim	4894059828	Remember token is now properly stored and specified one for each user.	2009-11-13 17:23:32 -02:00
José Valim	371a9bb0d0	Major refactoring. Allow Warden::Manager to be configured through Devise, undeprecate Devise.confirm_within, Devise.pepper and friends and move Rails hooks to their own file.	2009-11-03 09:35:11 -02:00
José Valim	e7f809de3c	Do not require ActiveRecord to be loaded to use Devise.	2009-10-30 21:51:50 -02:00
Carlos A. da Silva	5631b8dacd	Remember the user only if the remember token has not expired.	2009-10-22 20:18:16 -02:00
Carlos A. da Silva	28a7f78fba	Creating rememberable module.	2009-10-20 00:31:33 -02:00

30 commits