devise 2.1.2 → 3.5.10

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise might be problematic. Click here for more details.

Files changed (242) hide show
  1. checksums.yaml +7 -0
  2. data/.travis.yml +39 -10
  3. data/.yardopts +9 -0
  4. data/{CHANGELOG.rdoc → CHANGELOG.md} +445 -112
  5. data/CODE_OF_CONDUCT.md +22 -0
  6. data/CONTRIBUTING.md +16 -0
  7. data/Gemfile +10 -15
  8. data/Gemfile.lock +151 -129
  9. data/MIT-LICENSE +1 -1
  10. data/README.md +256 -96
  11. data/Rakefile +4 -2
  12. data/app/controllers/devise/confirmations_controller.rb +15 -7
  13. data/app/controllers/devise/omniauth_callbacks_controller.rb +6 -2
  14. data/app/controllers/devise/passwords_controller.rb +33 -9
  15. data/app/controllers/devise/registrations_controller.rb +66 -26
  16. data/app/controllers/devise/sessions_controller.rb +52 -21
  17. data/app/controllers/devise/unlocks_controller.rb +11 -6
  18. data/app/controllers/devise_controller.rb +65 -58
  19. data/app/helpers/devise_helper.rb +2 -2
  20. data/app/mailers/devise/mailer.rb +19 -10
  21. data/app/views/devise/confirmations/new.html.erb +8 -4
  22. data/app/views/devise/mailer/confirmation_instructions.html.erb +2 -2
  23. data/app/views/devise/mailer/password_change.html.erb +3 -0
  24. data/app/views/devise/mailer/reset_password_instructions.html.erb +2 -2
  25. data/app/views/devise/mailer/unlock_instructions.html.erb +2 -2
  26. data/app/views/devise/passwords/edit.html.erb +15 -6
  27. data/app/views/devise/passwords/new.html.erb +8 -4
  28. data/app/views/devise/registrations/edit.html.erb +29 -15
  29. data/app/views/devise/registrations/new.html.erb +19 -8
  30. data/app/views/devise/sessions/new.html.erb +17 -8
  31. data/app/views/devise/shared/{_links.erb → _links.html.erb} +4 -4
  32. data/app/views/devise/unlocks/new.html.erb +8 -4
  33. data/config/locales/en.yml +51 -47
  34. data/devise.gemspec +8 -6
  35. data/devise.png +0 -0
  36. data/gemfiles/Gemfile.rails-3.2-stable +29 -0
  37. data/gemfiles/Gemfile.rails-3.2-stable.lock +172 -0
  38. data/gemfiles/Gemfile.rails-4.0-stable +30 -0
  39. data/gemfiles/Gemfile.rails-4.0-stable.lock +166 -0
  40. data/gemfiles/Gemfile.rails-4.1-stable +30 -0
  41. data/gemfiles/Gemfile.rails-4.1-stable.lock +171 -0
  42. data/gemfiles/Gemfile.rails-4.2-stable +30 -0
  43. data/gemfiles/Gemfile.rails-4.2-stable.lock +193 -0
  44. data/lib/devise/controllers/helpers.rb +126 -108
  45. data/lib/devise/controllers/rememberable.rb +19 -17
  46. data/lib/devise/controllers/scoped_views.rb +1 -1
  47. data/lib/devise/controllers/sign_in_out.rb +96 -0
  48. data/lib/devise/controllers/store_location.rb +58 -0
  49. data/lib/devise/controllers/url_helpers.rb +7 -7
  50. data/lib/devise/encryptor.rb +22 -0
  51. data/lib/devise/failure_app.rb +85 -25
  52. data/lib/devise/hooks/activatable.rb +5 -6
  53. data/lib/devise/hooks/csrf_cleaner.rb +7 -0
  54. data/lib/devise/hooks/forgetable.rb +1 -1
  55. data/lib/devise/hooks/lockable.rb +2 -2
  56. data/lib/devise/hooks/proxy.rb +21 -0
  57. data/lib/devise/hooks/rememberable.rb +5 -4
  58. data/lib/devise/hooks/timeoutable.rb +16 -8
  59. data/lib/devise/hooks/trackable.rb +1 -1
  60. data/lib/devise/mailers/helpers.rb +27 -23
  61. data/lib/devise/mapping.rb +11 -7
  62. data/lib/devise/models/authenticatable.rb +82 -66
  63. data/lib/devise/models/confirmable.rb +142 -55
  64. data/lib/devise/models/database_authenticatable.rb +59 -15
  65. data/lib/devise/models/lockable.rb +41 -30
  66. data/lib/devise/models/omniauthable.rb +3 -3
  67. data/lib/devise/models/recoverable.rb +56 -41
  68. data/lib/devise/models/rememberable.rb +65 -27
  69. data/lib/devise/models/timeoutable.rb +2 -8
  70. data/lib/devise/models/trackable.rb +6 -4
  71. data/lib/devise/models/validatable.rb +9 -9
  72. data/lib/devise/models.rb +4 -13
  73. data/lib/devise/modules.rb +10 -11
  74. data/lib/devise/omniauth/url_helpers.rb +2 -2
  75. data/lib/devise/orm/active_record.rb +1 -1
  76. data/lib/devise/orm/mongoid.rb +1 -1
  77. data/lib/devise/{param_filter.rb → parameter_filter.rb} +10 -11
  78. data/lib/devise/parameter_sanitizer.rb +99 -0
  79. data/lib/devise/rails/routes.rb +173 -115
  80. data/lib/devise/rails/warden_compat.rb +10 -31
  81. data/lib/devise/rails.rb +14 -12
  82. data/lib/devise/strategies/authenticatable.rb +26 -26
  83. data/lib/devise/strategies/base.rb +1 -1
  84. data/lib/devise/strategies/database_authenticatable.rb +8 -4
  85. data/lib/devise/strategies/rememberable.rb +15 -5
  86. data/lib/devise/test_helpers.rb +7 -5
  87. data/lib/devise/time_inflector.rb +14 -0
  88. data/lib/devise/token_generator.rb +70 -0
  89. data/lib/devise/version.rb +1 -1
  90. data/lib/devise.rb +110 -52
  91. data/lib/generators/active_record/devise_generator.rb +34 -18
  92. data/lib/generators/active_record/templates/migration.rb +5 -6
  93. data/lib/generators/active_record/templates/migration_existing.rb +5 -6
  94. data/lib/generators/devise/controllers_generator.rb +44 -0
  95. data/lib/generators/devise/devise_generator.rb +5 -3
  96. data/lib/generators/devise/install_generator.rb +5 -0
  97. data/lib/generators/devise/orm_helpers.rb +25 -6
  98. data/lib/generators/devise/views_generator.rb +52 -22
  99. data/lib/generators/mongoid/devise_generator.rb +21 -26
  100. data/lib/generators/templates/README +9 -5
  101. data/lib/generators/templates/controllers/README +14 -0
  102. data/lib/generators/templates/controllers/confirmations_controller.rb +28 -0
  103. data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +28 -0
  104. data/lib/generators/templates/controllers/passwords_controller.rb +32 -0
  105. data/lib/generators/templates/controllers/registrations_controller.rb +60 -0
  106. data/lib/generators/templates/controllers/sessions_controller.rb +25 -0
  107. data/lib/generators/templates/controllers/unlocks_controller.rb +28 -0
  108. data/lib/generators/templates/devise.rb +80 -43
  109. data/lib/generators/templates/markerb/confirmation_instructions.markerb +2 -2
  110. data/lib/generators/templates/markerb/password_change.markerb +3 -0
  111. data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
  112. data/lib/generators/templates/markerb/unlock_instructions.markerb +2 -2
  113. data/lib/generators/templates/simple_form_for/confirmations/new.html.erb +3 -2
  114. data/lib/generators/templates/simple_form_for/passwords/edit.html.erb +4 -4
  115. data/lib/generators/templates/simple_form_for/passwords/new.html.erb +2 -2
  116. data/lib/generators/templates/simple_form_for/registrations/edit.html.erb +11 -6
  117. data/lib/generators/templates/simple_form_for/registrations/new.html.erb +4 -4
  118. data/lib/generators/templates/simple_form_for/sessions/new.html.erb +6 -6
  119. data/lib/generators/templates/simple_form_for/unlocks/new.html.erb +3 -2
  120. data/script/cached-bundle +49 -0
  121. data/script/s3-put +71 -0
  122. data/test/controllers/custom_registrations_controller_test.rb +40 -0
  123. data/test/controllers/helper_methods_test.rb +21 -0
  124. data/test/controllers/helpers_test.rb +95 -32
  125. data/test/controllers/inherited_controller_i18n_messages_test.rb +51 -0
  126. data/test/controllers/internal_helpers_test.rb +39 -14
  127. data/test/controllers/load_hooks_controller_test.rb +19 -0
  128. data/test/controllers/passwords_controller_test.rb +31 -0
  129. data/test/controllers/sessions_controller_test.rb +66 -6
  130. data/test/controllers/url_helpers_test.rb +10 -4
  131. data/test/delegator_test.rb +1 -1
  132. data/test/devise_test.rb +45 -10
  133. data/test/failure_app_test.rb +121 -27
  134. data/test/generators/active_record_generator_test.rb +48 -8
  135. data/test/generators/controllers_generator_test.rb +48 -0
  136. data/test/generators/devise_generator_test.rb +2 -2
  137. data/test/generators/mongoid_generator_test.rb +3 -3
  138. data/test/generators/views_generator_test.rb +54 -3
  139. data/test/helpers/devise_helper_test.rb +18 -20
  140. data/test/integration/authenticatable_test.rb +161 -65
  141. data/test/integration/confirmable_test.rb +146 -77
  142. data/test/integration/database_authenticatable_test.rb +43 -30
  143. data/test/integration/http_authenticatable_test.rb +30 -22
  144. data/test/integration/lockable_test.rb +64 -49
  145. data/test/integration/omniauthable_test.rb +17 -15
  146. data/test/integration/recoverable_test.rb +111 -70
  147. data/test/integration/registerable_test.rb +114 -79
  148. data/test/integration/rememberable_test.rb +87 -31
  149. data/test/integration/timeoutable_test.rb +77 -33
  150. data/test/integration/trackable_test.rb +5 -5
  151. data/test/mailers/confirmation_instructions_test.rb +28 -8
  152. data/test/mailers/reset_password_instructions_test.rb +21 -8
  153. data/test/mailers/unlock_instructions_test.rb +20 -6
  154. data/test/mapping_test.rb +12 -5
  155. data/test/models/authenticatable_test.rb +17 -1
  156. data/test/models/confirmable_test.rb +216 -62
  157. data/test/models/database_authenticatable_test.rb +129 -49
  158. data/test/models/lockable_test.rb +132 -45
  159. data/test/models/recoverable_test.rb +100 -54
  160. data/test/models/rememberable_test.rb +89 -94
  161. data/test/models/serializable_test.rb +12 -11
  162. data/test/models/timeoutable_test.rb +6 -1
  163. data/test/models/trackable_test.rb +28 -0
  164. data/test/models/validatable_test.rb +31 -21
  165. data/test/models_test.rb +22 -48
  166. data/test/omniauth/config_test.rb +4 -4
  167. data/test/omniauth/url_helpers_test.rb +7 -4
  168. data/test/orm/active_record.rb +1 -0
  169. data/test/orm/mongoid.rb +2 -3
  170. data/test/parameter_sanitizer_test.rb +81 -0
  171. data/test/rails_app/Rakefile +0 -4
  172. data/test/rails_app/app/active_record/shim.rb +1 -1
  173. data/test/rails_app/app/active_record/user_on_engine.rb +7 -0
  174. data/test/rails_app/app/active_record/user_on_main_app.rb +7 -0
  175. data/test/rails_app/app/active_record/user_without_email.rb +8 -0
  176. data/test/rails_app/app/controllers/admins/sessions_controller.rb +1 -1
  177. data/test/rails_app/app/controllers/admins_controller.rb +0 -5
  178. data/test/rails_app/app/controllers/application_controller.rb +6 -2
  179. data/test/rails_app/app/controllers/application_with_fake_engine.rb +30 -0
  180. data/test/rails_app/app/controllers/custom/registrations_controller.rb +31 -0
  181. data/test/rails_app/app/controllers/home_controller.rb +1 -1
  182. data/test/rails_app/app/controllers/publisher/registrations_controller.rb +1 -1
  183. data/test/rails_app/app/controllers/publisher/sessions_controller.rb +1 -1
  184. data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +4 -4
  185. data/test/rails_app/app/controllers/users_controller.rb +12 -4
  186. data/test/rails_app/app/mailers/users/from_proc_mailer.rb +3 -0
  187. data/test/rails_app/app/mailers/users/mailer.rb +1 -1
  188. data/test/rails_app/app/mailers/users/reply_to_mailer.rb +4 -0
  189. data/test/rails_app/app/mongoid/admin.rb +12 -10
  190. data/test/rails_app/app/mongoid/shim.rb +4 -5
  191. data/test/rails_app/app/mongoid/user.rb +19 -22
  192. data/test/rails_app/app/mongoid/user_on_engine.rb +39 -0
  193. data/test/rails_app/app/mongoid/user_on_main_app.rb +39 -0
  194. data/test/rails_app/app/mongoid/user_without_email.rb +33 -0
  195. data/test/rails_app/app/views/admins/sessions/new.html.erb +1 -1
  196. data/test/rails_app/app/views/home/admin_dashboard.html.erb +1 -1
  197. data/test/rails_app/app/views/home/index.html.erb +1 -1
  198. data/test/rails_app/app/views/home/join.html.erb +1 -1
  199. data/test/rails_app/app/views/home/user_dashboard.html.erb +1 -1
  200. data/test/rails_app/app/views/layouts/application.html.erb +1 -1
  201. data/test/rails_app/app/views/users/edit_form.html.erb +1 -0
  202. data/test/rails_app/bin/bundle +3 -0
  203. data/test/rails_app/bin/rails +4 -0
  204. data/test/rails_app/bin/rake +4 -0
  205. data/test/rails_app/config/application.rb +4 -5
  206. data/test/rails_app/config/boot.rb +9 -3
  207. data/test/rails_app/config/environment.rb +2 -2
  208. data/test/rails_app/config/environments/development.rb +19 -7
  209. data/test/rails_app/config/environments/production.rb +68 -17
  210. data/test/rails_app/config/environments/test.rb +24 -16
  211. data/test/rails_app/config/initializers/devise.rb +22 -20
  212. data/test/rails_app/config/initializers/secret_token.rb +8 -2
  213. data/test/rails_app/config/initializers/session_store.rb +1 -0
  214. data/test/rails_app/config/routes.rb +71 -46
  215. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +9 -12
  216. data/test/rails_app/db/schema.rb +21 -18
  217. data/test/rails_app/lib/shared_admin.rb +7 -4
  218. data/test/rails_app/lib/shared_user.rb +6 -3
  219. data/test/rails_app/lib/shared_user_without_email.rb +26 -0
  220. data/test/rails_app/lib/shared_user_without_omniauth.rb +13 -0
  221. data/test/rails_test.rb +9 -0
  222. data/test/routes_test.rb +94 -78
  223. data/test/support/action_controller/record_identifier.rb +10 -0
  224. data/test/support/assertions.rb +2 -3
  225. data/test/support/helpers.rb +18 -32
  226. data/test/support/integration.rb +17 -16
  227. data/test/support/locale/en.yml +4 -0
  228. data/test/support/mongoid.yml +6 -0
  229. data/test/test_helper.rb +8 -1
  230. data/test/test_helpers_test.rb +64 -20
  231. data/test/test_models.rb +33 -0
  232. data/test/time_helpers.rb +137 -0
  233. metadata +172 -51
  234. data/app/views/devise/_links.erb +0 -3
  235. data/gemfiles/Gemfile.rails-3.1.x +0 -35
  236. data/gemfiles/Gemfile.rails-3.1.x.lock +0 -167
  237. data/lib/devise/models/token_authenticatable.rb +0 -77
  238. data/lib/devise/strategies/token_authenticatable.rb +0 -56
  239. data/test/indifferent_hash.rb +0 -33
  240. data/test/integration/token_authenticatable_test.rb +0 -161
  241. data/test/models/token_authenticatable_test.rb +0 -55
  242. data/test/rails_app/script/rails +0 -10
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 1c056db58a1f4a6a0a7732f2c856dde7e2ec4669
4
+ data.tar.gz: 0374256e647f923a10ef261ae405f55123bdfed8
5
+ SHA512:
6
+ metadata.gz: cbac30ebe59bcc1aea16a7a9981677d71c2a361b4ece716fca6c594d4888130f583f7c6cf4c959278d189fba00a30fa2101c069fcb046609b020e2ddb3a61590
7
+ data.tar.gz: 53c77b74f79ba50de083d8625f0b77578ca10d45e3037c7f7ce1a871412e8eb8f082d10f817ab83d297ca9f4247eb1f82d14f3ae77f2bf9ccf3483a1522fbfc0
data/.travis.yml CHANGED
@@ -1,15 +1,44 @@
1
- script: "bundle exec rake test"
1
+ language: ruby
2
+
2
3
  rvm:
3
- - 1.8.7
4
- - 1.9.2
5
4
  - 1.9.3
6
- - ree
5
+ - 2.0.0
6
+ - 2.1
7
+ - 2.2
8
+
7
9
  gemfile:
8
- - gemfiles/Gemfile.rails-3.1.x
10
+ - gemfiles/Gemfile.rails-4.2-stable
11
+ - gemfiles/Gemfile.rails-4.1-stable
12
+ - gemfiles/Gemfile.rails-4.0-stable
13
+ - gemfiles/Gemfile.rails-3.2-stable
9
14
  - Gemfile
15
+
16
+ matrix:
17
+ exclude:
18
+ - rvm: 2.2
19
+ gemfile: gemfiles/Gemfile.rails-3.2-stable
20
+
21
+ services:
22
+ - mongodb
23
+
24
+ sudo: false
25
+
26
+ cache: bundler
27
+
28
+ env:
29
+ matrix:
30
+ - DEVISE_ORM=mongoid
31
+ - DEVISE_ORM=active_record
32
+
33
+ before_install: "rm ${BUNDLE_GEMFILE}.lock"
34
+
35
+ before_script: "bundle update"
36
+
37
+ script: "bundle exec rake test"
38
+
10
39
  notifications:
11
- recipients:
12
- - jose.valim@plataformatec.com.br
13
- - carlos@plataformatec.com.br
14
- - rodrigo.flores@plataformatec.com.br
15
- - rafael.franca@plataformatec.com.br
40
+ email: false
41
+ slack:
42
+ on_success: change
43
+ on_failure: always
44
+ secure: Q3M+kmude3FjisibEeeGe0wSMXgvwLH+vL7Zrx9//q4QtkfnrQ/BBMvY9KXxPEsNF+eys4YopYjTkJ8uRmeboUATW/oQ4Jrv3+u3zkIHK2sFn/Q2cQWpK5w+CbgEnHPjKYnUu34b09njXTgDlr/mqtbPqrKeZ1dLlpKXCB/q4GY=
data/.yardopts ADDED
@@ -0,0 +1,9 @@
1
+ --protected
2
+ --no-private
3
+ --embed-mixin ClassMethods
4
+ -
5
+ README.md
6
+ CHANGELOG.rdoc
7
+ CONTRIBUTING.md
8
+ MIT-LICENSE
9
+
@@ -1,12 +1,344 @@
1
- == 2.1.2
1
+ ### 3.5.10 - 2016-05-15
2
2
 
3
- * Enhancements
3
+ * bug fixes
4
+ * Fix overwriting the remember_token when a valid one already exists (by @ralinchimev).
5
+
6
+ ### 3.5.9 - 2016-05-02
7
+
8
+ * bug fixes
9
+ * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none`
10
+ and `:undefined` strategies. (by @f3ndot)
11
+
12
+ ### 3.5.8 - 2016-04-25
13
+
14
+ * bug fixes
15
+ * Fix the e-mail confirmation instructions send when a user updates the email address from nil
16
+
17
+ ### 3.5.7 - 2016-04-18
18
+
19
+ * bug fixes
20
+ * Fix the `extend_remember_period` configuration. When set to `false` it does
21
+ not update the cookie expiration anymore.(by @ulissesalmeida)
22
+
23
+ ### 3.5.6 - 2016-01-02
24
+
25
+ * bug fixes
26
+ * Fix type coercion of the rememberable timestamp stored on cookies.
27
+
28
+ ### 3.5.5 - 2016-22-01
29
+
30
+ * bug fixes
31
+ * Bring back remember_expired? implementation
32
+ * Ensure timeouts are not triggered if remember me is being used
33
+
34
+ ### 3.5.4 - 2016-18-01
35
+
36
+ * bug fixes
37
+ * Store creation timestamps on remember cookies
38
+
39
+ ### 3.5.3 - 2015-12-10
40
+
41
+ * bug fixes
42
+ * Fix password reset for records where `confirmation_required?` is disabled and
43
+ `confirmation_sent_at` is nil. (by @andygeers)
44
+ * Allow resources with no `email` field to be recoverable (and do not clear the
45
+ reset password token if the model was already persisted). (by @seddy, @stanhu)
46
+
47
+ * enhancements
48
+ * Upon setting `Devise.send_password_change_notification = true` a user will receive notification when their password has been changed.
49
+
50
+ ### 3.5.2 - 2015-08-10
51
+
52
+ * enhancements
53
+ * Perform case insensitive basic authorization matching
54
+
55
+ * bug fixes
56
+ * Do not use digests for password confirmation token
57
+ * Fix infinite redirect in Rails 4.2 authenticated routes
58
+ * Autoload Devise::Encryptor to avoid errors on thread-safe mode
59
+
60
+ * deprecations
61
+ * `config.expire_auth_token_on_timeout` was removed
62
+
63
+ ### 3.5.1 - 2015-05-24
64
+
65
+ Note: 3.5.0 has been yanked due to a regression
66
+
67
+ * security improvements
68
+ * Clean up reset password token whenever e-mail or password changes. thanks to George Deglin & Dennis Charles Hackethal for reporting this bug
69
+ * Ensure empty `authenticable_salt` cannot be used as remember token. This bug can only affect users who manually implement their own `authenticable_salt` and allow empty values as salt
70
+
71
+ * enhancements
72
+ * The hint about minimum password length required both `@validatable` and `@minimum_password_length` variables on the views, it now uses only the latter. If you have generated the views relying on the `@validatable` variable, replace it with `@minimum_password_length`.
73
+ * Added an ActiveSupport load hook for `:devise_controller`. (by @nakhli)
74
+ * Location fragments are now preserved between requests. (by @jbourassa)
75
+ * Added an `after_remembered` callback for the Rememerable module. (by @BM5k)
76
+ * `RegistrationsController#new` and `SessionsController#new` now yields the
77
+ current resource. (by @mtarnovan, @deivid-rodriguez)
78
+ * Password length validation is now limited to 72 characters for newer apps. (by @lleger)
79
+ * Controllers inheriting from any Devise core controller will now use appropriate translations. The i18n scope can be overridden in `translation_scope`.
80
+ * Allow the user to set the length of friendly token. (by @Angelmmiguel)
81
+
82
+ * bug fixes
83
+ * Use router_name from scope if one is available to support isolated engines. (by @cipater)
84
+ * Do not clean up CSRF on rememberable.
85
+ * Only use flash if it has been configured in failure app. (by @alex88)
86
+
87
+ * deprecations
88
+ * `confirm!` has been deprecated in favor of `confirm`.
89
+ * `reset_password!` has been deprecated in favor of `reset_password`.
90
+ * `Devise.bcrypt` has been deprecated in favor of `Devise::Encryptor.digest`".
91
+
92
+ ### 3.4.1 - 2014-10-29
93
+
94
+ * enhancements
95
+ * Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns)
96
+ * Passing `now: true` to the `set_flash_message` helper now sets the message into
97
+ the `flash.now` Hash. (by @hbriggs)
98
+ * bugfixes
99
+ * Fixed an regression with translation of flash messages for when the `authentication_keys`
100
+ config is a Hash. (by @lucasmazza)
101
+
102
+ ### 3.4.0 - 2014-10-03
103
+
104
+ * enhancements
105
+ * Support added for Rails 4.2. Devise now depends on the `responders` gem due
106
+ the extraction of the `respond_with` API from Rails. (by @lucasmazza)
107
+ * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding
108
+ a hint about the minimum password length when `validatable` is enabled. (by @aried3r)
109
+ * Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag
110
+ to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by @Chun-Yang)
111
+ * Removed the hardcoded references for "email" in the flash messages. If you are using
112
+ different attributes as the `authentication_keys` they will be interpolated in the
113
+ messages instead. (by @timoschilling)
114
+ * bug fix
115
+ * Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished`
116
+ exception when executed inside a mountable engine. (by @lucasmazza)
117
+ * Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by @micat)
118
+ * Ensure all causes of failed login have the same error message (by @pjungwir)
119
+ * The `last_attempt_warning` now takes effect when generating the unauthenticated
120
+ message for your users. To keep the current behavior, this flag is now `true`
121
+ by default. (by @lucasmazza)
122
+
123
+ ### 3.3.0 - 2014-08-13
124
+
125
+ * enhancements
126
+ * Support multiple warden configuration blocks on devise configuration. (by @rossta)
127
+ * Previously, when a user signed out, all remember me tokens for all sessions/browsers would be
128
+ invalidated, and this behavior could not be changed. This behavior is now configurable via
129
+ `expire_all_remember_me_on_sign_out`. The default continues to be true. (by @laurocaetano)
130
+ * Default email messages was updated with grammar fixes, check the diff on
131
+ #2906 for the updated copy (by @p-originate)
132
+ * Allow a resource to be found based on its encrypted password token (by @karlentwistle)
133
+ * Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz)
134
+ * The default views now use `Log in` instead of `Sign in` and have a hint about the minimum password length if
135
+ the current scope is using the `validatable` module (by @alexsoble)
136
+
137
+ * bug fix
138
+ * Check if there is a signed in user before executing the `SessionsController#destroy`.
139
+ * `SessionsController#destroy` no longer yields the `resource` to receiving block,
140
+ since the resource isn't loaded in the action. If you need access to the current
141
+ resource when overring the action use the scope helper (like `current_user`) before
142
+ calling `super`
143
+ * Serialize the `last_request_at` entry as an Integer
144
+ * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson)
145
+ * Only valid paths will be stored for redirections (by @parallel588)
146
+
147
+ ### 3.2.4 - 2014-03-17
148
+
149
+ * enhancements
150
+ * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
151
+ * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline)
152
+
153
+ ### 3.2.3 - 2014-02-20
154
+
155
+ * enhancements
156
+ * Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`.
157
+ You can change this and use your own secret by changing the `devise.rb` initializer.
158
+
159
+ * bug fix
160
+ * Migrations will be properly generated when using rails 4.1.0.
161
+
162
+ ### 3.2.2 - 2013-11-25
163
+
164
+ * bug fix
165
+ * Ensure timeoutable works when `sign_out_all_scopes` is false (by @louman)
166
+ * Keep the query string when storing location (by @csexton)
167
+ * Require rails generator base class in devise generators
168
+
169
+ ### 3.2.1 - 2013-11-13
170
+
171
+ Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode
172
+
173
+ * enhancements
174
+ * Add `store_location_for` helper and ensure it is safe (by @matthewrudy and @homakov)
175
+ * Add `yield` around resource methods in Devise controllers (by @edelpero)
176
+
177
+ * bug fix
178
+ * Bring `password_digest` back to fix compatibility with `devise-encryptable`
179
+ * Avoid e-mail enumeration on sign in when in paranoid mode
180
+
181
+ ### 3.2.0 - 2013-11-06
182
+
183
+ * enhancements
184
+ * Previously deprecated token authenticatable and insecure lookups have been removed
185
+ * Add a class method so you can encrypt passwords from fixtures (by @tenderlove)
186
+ * Send custom message when user enters invalid password and it has only one attempt
187
+ to enter correct password before their account will be locked (by @Lightpower)
188
+ * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery)
189
+ * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev)
190
+
191
+ * bug fix
192
+ * A GET to sign_in page shouldn't extend the session (by @drewish)
193
+ * Splat the arguments to `strong_parameters#permit` to work around a limitation in the `strong_parameters` gem (by @memberful)
194
+ * Omniauth now uses `mapping.fullpath` when generating routes. This means if you call `devise_for :users` inside a scope, like `scope "/api"`, the scope will now apply to the omniauth route (by @AlexanderZaytsev)
195
+ * Ensure timeoutable hook respects `Devise.sign_out_all_scopes` configuration
196
+
197
+ * deprecations
198
+ * `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!`
199
+
200
+ ### 3.1.1 - 2013-10-01
201
+
202
+ * bug fix
203
+ * Improve default message which asked users to sign in even when they were already signed (by @gregates)
204
+ * Improve error message for when the config.secret_key is missing
205
+
206
+ ### 3.1.0 - 2013-09-05
207
+
208
+ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/
209
+
210
+ * backwards incompatible changes
211
+ * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_token_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration
212
+ * The Devise mailer and its views were changed to explicitly receive a token argument as `@token`. You will need to update your mailers and re-copy the views to your application with `rails g devise:views`
213
+ * Sanitization of parameters should be done by calling `devise_parameter_sanitizer.sanitize(:action)` instead of `devise_parameter_sanitizer.for(:action)`
214
+
215
+ * deprecations
216
+ * Token authentication is deprecated
217
+
218
+ * enhancements
219
+ * Better security defaults
220
+ * Allow easier customization of parameter sanitizer (by @alexpeattie)
221
+
222
+ * bug fix
223
+ * Do not confirm e-mail after password reset (by @moll)
224
+ * Do not sign in after confirmation
225
+ * Do not store confirmation, unlock and reset password tokens directly in the database
226
+ * Do not compare directly against confirmation, unlock and reset password tokens
227
+ * Skip storage for cookies on unverified requests
228
+
229
+ ### 3.0.2 - 2013-08-09
230
+
231
+ * bug fix
232
+ * Skip storage for cookies on unverified requests
233
+
234
+ ### 3.0.1 - 2013-08-02
235
+
236
+ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/
237
+
238
+ * enhancements
239
+ * Add after_confirmation callback
240
+
241
+ * bug fix
242
+ * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne)
243
+ * Clean up CSRF token after authentication (by @homakov). Notice this change will clean up the CSRF Token after authentication (sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server.
244
+
245
+ ### 3.0.0 - 2013-07-14
246
+
247
+ * enhancements
248
+ * Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino)
249
+ * Drop support for Rails < 3.2 and Ruby < 1.9.3
250
+ * Enable to skip sending reconfirmation email when reconfirmable is on and `skip_confirmation_notification!` is invoked (by @tkhr)
251
+
252
+ * bug fix
253
+ * Errors on unlock are now properly reflected on the first `unlock_keys`
254
+
255
+ ### 2.2.4 - 2013-05-07
256
+
257
+ * enhancements
258
+ * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3)
259
+ * Allow to override path after password resetting (by @worker8)
260
+ * Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by @gregates)
261
+ * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby)
262
+ * Support Rails' token strategy on authentication (by @robhurring)
263
+ * Support explicitly setting the http authentication key via `config.http_authentication_key` (by @neo)
264
+
265
+ * bug fix
266
+ * Do not redirect when accessing devise API via JSON. (by @sebastianwr)
267
+ * Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by @nashby)
268
+ * Fix inheriting mailer templates from `Devise::Mailer`
269
+ * Fix a bug when procs are used as default mailer in Devise (by @tomasv)
270
+
271
+ * backwards incompatible changes
272
+ * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606
273
+
274
+ ### 2.2.3 - 2013-01-26
275
+
276
+ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
277
+
278
+ * bug fix
279
+ * Require string conversion for all values
280
+
281
+ ### 2.2.2 - 2013-01-15
282
+
283
+ * bug fix
284
+ * Fix bug when checking for reconfirmable in templates
285
+
286
+ ### 2.2.1 - 2013-01-11
287
+
288
+ * bug fix
289
+ * Fix regression with case_insensitive_keys
290
+ * Fix regression when password is blank when it is invalid
291
+
292
+ ### 2.2.0 - 2013-01-08
293
+
294
+ * backwards incompatible changes
295
+ * `headers_for` is deprecated, customize the mailer directly instead
296
+ * All mailer methods now expect a second argument with delivery options
297
+ * Default minimum password length is now 8 (by @carlosgaldino)
298
+ * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (by @gabetax)
299
+ * DeviseController responds only to HTML requests by default (call `DeviseController.respond_to` or `ApplicationController.respond_to` to add new formats)
300
+ * Support Mongoid 3 onwards (by @durran)
301
+
302
+ * enhancements
303
+ * Fix unlockable which could leak account existence on paranoid mode (by @latortuga)
304
+ * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt)
305
+ * Flash messages in controller now respects `resource_name` (by @latortuga)
306
+ * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast)
307
+ * Add autofocus to default views (by @Radagaisus)
308
+ * Unlock user on password reset (by @marcinb)
309
+ * Allow validation callbacks to apply to virtual attributes (by @latortuga)
310
+
311
+ * bug fix
312
+ * unconfirmed_email now uses the proper e-mail on salutation
313
+ * Fix default email_regexp config to not allow spaces (by @kukula)
314
+ * Fix a regression introduced on warden 1.2.1 (by @ejfinneran)
315
+ * Properly camelize omniauth strategies (by @saizai)
316
+ * Do not set flash messages for non navigational requests on session sign out (by @mathieul)
317
+ * Set the proper fields as required on the lockable module (by @nickhoffman)
318
+ * Respects Devise mailer default's reply_to (by @mrchrisadams)
319
+ * Properly assign resource on `sign_in` related action (by @adammcnamara)
320
+ * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby)
321
+ * Properly handle namespaced models on Active Record generator (by @nashby)
322
+
323
+ ### 2.1.4 - 2013-08-18
324
+
325
+ * bugfix
326
+ * Do not confirm account after reset password
327
+
328
+ ### 2.1.3 - 2013-01-26
329
+
330
+ * bugfix
331
+ * Require string conversion for all values
332
+
333
+ ### 2.1.2 - 2012-06-19
334
+
335
+ * enhancements
4
336
  * Handle backwards incompatibility between Rails 3.2.6 and Thor 0.15.x
5
337
 
6
338
  * bug fix
7
339
  * Fix regression on strategy validation on previous release
8
340
 
9
- == 2.1.1 (yanked)
341
+ ### 2.1.1 - 2012-06-15 (yanked)
10
342
 
11
343
  * enhancements
12
344
  * `sign_out_all_scopes` now locks warden and does not allow new logins in the same action
@@ -23,7 +355,7 @@
23
355
  * deprecations
24
356
  * Strategy#validate() no longer validates nil resources
25
357
 
26
- == 2.1.0
358
+ ### 2.1.0 - 2012-05-15
27
359
 
28
360
  * enhancements
29
361
  * Add `check_fields!(model_class)` method on Devise::Models to check if the model includes the fields that Devise uses
@@ -48,8 +380,9 @@
48
380
  * Do not accidentally mark `_prefixes` as private
49
381
  * Better support for custom strategies on test helpers (by @mattconnolly)
50
382
  * Return `head :no_content` in SessionsController now that most JS libraries handle it (by @julianvargasalvarez)
383
+ * Reverted moving devise/shared/_links.erb to devise/_links.erb
51
384
 
52
- == 2.0.4
385
+ ### 2.0.4 - 2012-02-17
53
386
 
54
387
  Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
55
388
 
@@ -57,7 +390,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
57
390
  * Fix when :host is used with devise_for (by @mreinsch)
58
391
  * Fix a regression that caused Warden to be initialized too late
59
392
 
60
- == 2.0.3 (yanked)
393
+ ### 2.0.3 - 2012-06-16 (yanked)
61
394
 
62
395
  * bug fix
63
396
  * Ensure warning is not shown by mistake on apps with mounted engines
@@ -65,7 +398,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
65
398
  * Ensure serializable_hash does not depend on accessible attributes
66
399
  * Ensure that timeout callback does not run on sign out action
67
400
 
68
- == 2.0.2
401
+ ### 2.0.2 - 2012-02-14
69
402
 
70
403
  * enhancements
71
404
  * Add devise_i18n_options to customize I18n message
@@ -77,7 +410,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
77
410
  * Show a warning in case someone gives a pluralized name to devise generator
78
411
  * Fix test behavior for rspec subject requests (by @sj26)
79
412
 
80
- == 2.0.1
413
+ ### 2.0.1 - 2012-02-09
81
414
 
82
415
  * enhancements
83
416
  * Improved error messages on deprecation warnings
@@ -86,7 +419,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
86
419
  * bug fix
87
420
  * Removed tmp and log files from gem
88
421
 
89
- == 2.0.0
422
+ ### 2.0.0 - 2012-01-26
90
423
 
91
424
  * enhancements
92
425
  * Add support for e-mail reconfirmation on change (by @Mandaryn and @heimidal)
@@ -112,14 +445,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
112
445
  * Deprecated support to devise.registrations.reasons and devise.registrations.inactive_signed_up in favor of devise.registrations.signed_up_but_*
113
446
  * Protected method render_with_scope was removed.
114
447
 
115
- == 1.5.3
448
+ ### 1.5.3 - 2011-12-19
116
449
 
117
450
  * bug fix
118
451
  * Ensure delegator converts scope to symbol (by @dmitriy-kiriyenko)
119
452
  * Ensure passing :format => false to devise_for is not permanent
120
453
  * Ensure path checker does not check invalid routes
121
454
 
122
- == 1.5.2
455
+ ### 1.5.2 - 2011-11-30
123
456
 
124
457
  * enhancements
125
458
  * Add support for Rails 3.1 new mass assignment conventions (by @kirs)
@@ -128,12 +461,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
128
461
  * bug fix
129
462
  * OmniAuth error message now shows the proper option (:strategy_class instead of :klass)
130
463
 
131
- == 1.5.1
464
+ ### 1.5.1 - 2011-11-22
132
465
 
133
466
  * bug fix
134
467
  * Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise.
135
468
 
136
- == 1.5.0
469
+ ### 1.5.0 - 2011-11-13
137
470
 
138
471
  * enhancements
139
472
  * Timeoutable also skips tracking if skip_trackable is given
@@ -154,12 +487,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
154
487
  * redirect_location is deprecated, please use after_sign_in_path_for
155
488
  * after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it
156
489
 
157
- == 1.4.9
490
+ ### 1.4.9 - 2011-10-19
158
491
 
159
492
  * bug fix
160
493
  * url helpers were not being set under some circumstances
161
494
 
162
- == 1.4.8
495
+ ### 1.4.8 - 2011-10-09
163
496
 
164
497
  * enhancements
165
498
  * Add docs for assets pipeline and Heroku
@@ -167,12 +500,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
167
500
  * bug fix
168
501
  * confirmation_url was not being set under some circumstances
169
502
 
170
- == 1.4.7
503
+ ### 1.4.7 - 2011-09-21
171
504
 
172
505
  * bug fix
173
506
  * Fix backward incompatible change from 1.4.6 for those using custom controllers
174
507
 
175
- == 1.4.6 (yanked)
508
+ ### 1.4.6 - 2011-09-19 (yanked)
176
509
 
177
510
  * enhancements
178
511
  * Allow devise_for :skip => :all
@@ -180,7 +513,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
180
513
  * Allow --skip-routes to devise generator
181
514
  * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller
182
515
 
183
- == 1.4.5
516
+ ### 1.4.5 - 2011-09-07
184
517
 
185
518
  * bug fix
186
519
  * Failure app tries the root path if a session one does not exist
@@ -188,12 +521,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
188
521
  * Reset password shows proper message if user is not active
189
522
  * `clean_up_passwords` sets the accessors to nil to skip validations
190
523
 
191
- == 1.4.4
524
+ ### 1.4.4 - 2011-08-30
192
525
 
193
526
  * bug fix
194
527
  * Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually
195
528
 
196
- == 1.4.3
529
+ ### 1.4.3 - 2011-08-29
197
530
 
198
531
  * enhancements
199
532
  * Improve Rails 3.1 compatibility
@@ -209,12 +542,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
209
542
  * deprecations
210
543
  * Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation
211
544
 
212
- == 1.4.2
545
+ ### 1.4.2 - 2011-06-30
213
546
 
214
547
  * bug fix
215
548
  * Provide a more robust behavior to serializers and add :force_except option
216
549
 
217
- == 1.4.1
550
+ ### 1.4.1 - 2011-06-29
218
551
 
219
552
  * enhancements
220
553
  * Add :defaults and :format support on router
@@ -225,10 +558,10 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
225
558
  * Ensure to_xml is properly white listened
226
559
  * Ensure handle_unverified_request clean up any cached signed-in user
227
560
 
228
- == 1.4.0
561
+ ### 1.4.0 - 2011-06-23
229
562
 
230
563
  * enhancements
231
- * Added authenticated and unauthenticated to the router to route the used based on his status (by @sj26)
564
+ * Added authenticated and unauthenticated to the router to route the used based on their status (by @sj26)
232
565
  * Improve e-mail regexp (by @rodrigoflores)
233
566
  * Add strip_whitespace_keys and default to e-mail (by @swrobel)
234
567
  * Do not run format and uniqueness validations on e-mail if it hasn't changed (by @Thibaut)
@@ -237,28 +570,28 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
237
570
 
238
571
  * bug fix
239
572
  * password_required? should not affect length validation
240
- * User cannot access sign up and similar pages if he is already signed in through a cookie or token
573
+ * User cannot access sign up and similar pages if they are already signed in through a cookie or token
241
574
  * Do not convert booleans to strings on finders (by @xavier)
242
575
  * Run validations even if current_password fails (by @crx)
243
576
  * Devise now honors routes constraints (by @macmartine)
244
577
  * Do not return the user resource when requesting instructions (by @rodrigoflores)
245
578
 
246
- == 1.3.4
579
+ ### 1.3.4 - 2011-04-28
247
580
 
248
581
  * bug fix
249
582
  * Do not add formats if html or "*/*"
250
583
 
251
- == 1.3.3
584
+ ### 1.3.3 - 2011-04-20
252
585
 
253
586
  * bug fix
254
587
  * Explicitly mark the token as expired if so
255
588
 
256
- == 1.3.2
589
+ ### 1.3.2 - 2011-04-20
257
590
 
258
591
  * bug fix
259
592
  * Fix another regression related to reset_password_sent_at (by @alexdreher)
260
593
 
261
- == 1.3.1
594
+ ### 1.3.1 - 2011-04-18
262
595
 
263
596
  * enhancements
264
597
  * Improve failure_app responses (by @indirect)
@@ -267,7 +600,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
267
600
  * bug fix
268
601
  * Fix a regression that occurred if reset_password_sent_at is not present (by @stevehodgkiss)
269
602
 
270
- == 1.3.0
603
+ ### 1.3.0 - 2011-04-15
271
604
 
272
605
  * enhancements
273
606
  * All controllers can now handle different mime types than html using Responders (by @sikachu)
@@ -287,19 +620,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
287
620
  * backward incompatible changes
288
621
  * authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior.
289
622
 
290
- == 1.2.1
623
+ ### 1.2.1 - 2011-03-27
291
624
 
292
625
  * enhancements
293
626
  * Improve update path messages
294
627
 
295
- == 1.2.0
628
+ ### 1.2.0 - 2011-03-24
296
629
 
297
630
  * bug fix
298
631
  * Properly ignore path prefix on omniauthable
299
632
  * Faster uniqueness queries
300
633
  * Rename active? to active_for_authentication? to avoid conflicts
301
634
 
302
- == 1.2.rc2
635
+ ### 1.2.rc2 - 2011-03-10
303
636
 
304
637
  * enhancements
305
638
  * Make friendly_token 20 chars long
@@ -329,7 +662,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
329
662
  * Removed --haml and --slim view templates
330
663
  * Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode
331
664
 
332
- == 1.2.rc
665
+ ### 1.2.rc - 2010-10-25
333
666
 
334
667
  * deprecations
335
668
  * cookie_domain is deprecated in favor of cookie_options
@@ -345,10 +678,10 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
345
678
  * Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by @rymai)
346
679
  * Extracted encryptors into :encryptable for better bcrypt support
347
680
  * :rememberable is now able to use salt as token if no remember_token is provided
348
- * Store the salt in session and expire the session if the user changes his password
681
+ * Store the salt in session and expire the session if the user changes their password
349
682
  * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
350
683
  * cookie_options uses session_options values by default
351
- * Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message
684
+ * Sign up now checks if the user is active or not and redirect them accordingly, setting the inactive_signed_up message
352
685
  * Use ActiveModel#to_key instead of #id
353
686
  * sign_out_all_scopes now destroys the whole session
354
687
  * Added case_insensitive_keys that automatically downcases the given keys, by default downcases only e-mail (by @adahl)
@@ -367,13 +700,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
367
700
  * Ensure namespaces has proper scoped views
368
701
  * Ensure Devise does not set empty flash messages (by @sxross)
369
702
 
370
- == 1.1.6
703
+ ### 1.1.6 - 2011-02-14
371
704
 
372
705
  * Use a more secure e-mail regexp
373
706
  * Implement Rails 3.0.4 handle unverified request
374
707
  * Use secure_compare to compare passwords
375
708
 
376
- == 1.1.5
709
+ ### 1.1.5 - 2010-11-26
377
710
 
378
711
  * bugfix
379
712
  * Ensure to convert keys on indifferent hash
@@ -381,12 +714,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
381
714
  * defaults
382
715
  * Set config.http_authenticatable to false to avoid confusion
383
716
 
384
- == 1.1.4
717
+ ### 1.1.4 - 2010-11-25
385
718
 
386
719
  * bugfix
387
720
  * Avoid session fixation attacks
388
721
 
389
- == 1.1.3
722
+ ### 1.1.3 - 2010-09-23
390
723
 
391
724
  * bugfix
392
725
  * Add reply-to to e-mail headers by default
@@ -397,17 +730,17 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
397
730
  * Fix for failed first-ever logins on PostgreSQL where column default is nil (by @bensie)
398
731
  * :default options is now honored in migrations
399
732
 
400
- == 1.1.2
733
+ ### 1.1.2 - 2010-08-25
401
734
 
402
735
  * bugfix
403
736
  * Compatibility with latest Rails routes schema
404
737
 
405
- == 1.1.1
738
+ ### 1.1.1 - 2010-07-26
406
739
 
407
740
  * bugfix
408
741
  * Fix a small bug where generated locale file was empty on devise:install
409
742
 
410
- == 1.1.0
743
+ ### 1.1.0 - 2010-07-25
411
744
 
412
745
  * enhancements
413
746
  * Rememberable module allows user to be remembered across browsers and is enabled by default (by @trevorturk)
@@ -427,7 +760,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
427
760
  * deprecations
428
761
  * use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead
429
762
 
430
- == 1.1.rc2
763
+ ### 1.1.rc2 - 2010-06-22
431
764
 
432
765
  * enhancements
433
766
  * Allow to set cookie domain for the remember token. (by @mantas)
@@ -445,7 +778,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
445
778
  * devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject
446
779
  * Generators now use Rails 3 syntax (devise:install) instead of devise_install
447
780
 
448
- == 1.1.rc1
781
+ ### 1.1.rc1 - 2010-04-14
449
782
 
450
783
  * enhancements
451
784
  * Rails 3 compatibility
@@ -477,7 +810,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
477
810
  * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure
478
811
  * :as and :scope in routes is deprecated. Use :path and :singular instead
479
812
 
480
- == 1.0.8
813
+ ### 1.0.8 - 2010-06-22
481
814
 
482
815
  * enhancements
483
816
  * Support for latest MongoMapper
@@ -486,7 +819,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
486
819
  * bug fix
487
820
  * confirmation_required? is properly honored on active? calls. (by @paulrosania)
488
821
 
489
- == 1.0.7
822
+ ### 1.0.7 - 2010-05-02
490
823
 
491
824
  * bug fix
492
825
  * Ensure password confirmation is always required
@@ -495,14 +828,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
495
828
  * authenticatable was deprecated and renamed to database_authenticatable
496
829
  * confirmable is not included by default on generation
497
830
 
498
- == 1.0.6
831
+ ### 1.0.6 - 2010-04-02
499
832
 
500
833
  * bug fix
501
834
  * Do not allow unlockable strategies based on time to access a controller.
502
835
  * Do not send unlockable email several times.
503
836
  * Allow controller to upstram custom! failures to Warden.
504
837
 
505
- == 1.0.5
838
+ ### 1.0.5 - 2010-03-25
506
839
 
507
840
  * bug fix
508
841
  * Use prepend_before_filter in require_no_authentication.
@@ -510,19 +843,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
510
843
  * Fix a bug when giving an association proxy to devise.
511
844
  * Do not use lock! on lockable since it's part of ActiveRecord API.
512
845
 
513
- == 1.0.4
846
+ ### 1.0.4 - 2010-03-02
514
847
 
515
848
  * bug fix
516
849
  * Fixed a bug when deleting an account with rememberable
517
850
  * Fixed a bug with custom controllers
518
851
 
519
- == 1.0.3
852
+ ### 1.0.3 - 2010-02-22
520
853
 
521
854
  * enhancements
522
855
  * HTML e-mails now have proper formatting
523
856
  * Do not remove MongoMapper options in find
524
857
 
525
- == 1.0.2
858
+ ### 1.0.2 - 2010-02-17
526
859
 
527
860
  * enhancements
528
861
  * Allows you set mailer content type (by @glennr)
@@ -530,7 +863,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
530
863
  * bug fix
531
864
  * Uses the same content type as request on http authenticatable 401 responses
532
865
 
533
- == 1.0.1
866
+ ### 1.0.1 - 2010-02-16
534
867
 
535
868
  * enhancements
536
869
  * HttpAuthenticatable is not added by default automatically.
@@ -539,7 +872,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
539
872
  * bug fix
540
873
  * Fixed encryptors autoload
541
874
 
542
- == 1.0.0
875
+ ### 1.0.0 - 2010-02-08
543
876
 
544
877
  * deprecation
545
878
  * :old_password in update_with_password is deprecated, use :current_password instead
@@ -548,9 +881,9 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
548
881
  * Added Registerable
549
882
  * Added Http Basic Authentication support
550
883
  * Allow scoped_views to be customized per controller/mailer class
551
- * [#99] Allow authenticatable to used in change_table statements
884
+ * Allow authenticatable to used in change_table statements
552
885
 
553
- == 0.9.2
886
+ ### 0.9.2 - 2010-02-04
554
887
 
555
888
  * bug fix
556
889
  * Ensure inactive user cannot sign in
@@ -560,13 +893,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
560
893
  * Added gemspec to repo
561
894
  * Added token authenticatable (by @grimen)
562
895
 
563
- == 0.9.1
896
+ ### 0.9.1 - 2010-01-24
564
897
 
565
898
  * bug fix
566
899
  * Allow bigger salt size (by @jgeiger)
567
900
  * Fix relative url root
568
901
 
569
- == 0.9.0
902
+ ### 0.9.0 - 2010-01-20
570
903
 
571
904
  * deprecation
572
905
  * devise :all is deprecated
@@ -583,7 +916,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
583
916
  * Accept path prefix not starting with slash
584
917
  * url helpers should rely on find_scope!
585
918
 
586
- == 0.8.2
919
+ ### 0.8.2 - 2010-01-12
587
920
 
588
921
  * enhancements
589
922
  * Allow Devise.mailer_sender to be a proc (by @grimen)
@@ -591,7 +924,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
591
924
  * bug fix
592
925
  * Fix bug with passenger, update is required to anyone deploying on passenger (by @dvdpalm)
593
926
 
594
- == 0.8.1
927
+ ### 0.8.1 - 2010-01-07
595
928
 
596
929
  * enhancements
597
930
  * Move salt to encryptors
@@ -601,7 +934,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
601
934
  * bug fix
602
935
  * Bcrypt generator was not being loaded neither setting the proper salt
603
936
 
604
- == 0.8.0
937
+ ### 0.8.0 - 2010-01-06
605
938
 
606
939
  * enhancements
607
940
  * Warden 0.8.0 compatibility
@@ -615,19 +948,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
615
948
  * deprecation
616
949
  * Removed DeviseMailer.sender
617
950
 
618
- == 0.7.5
951
+ ### 0.7.5 - 2010-01-01
619
952
 
620
953
  * enhancements
621
954
  * Set a default value for mailer to avoid find_template issues
622
955
  * Add models configuration to MongoMapper::EmbeddedDocument as well
623
956
 
624
- == 0.7.4
957
+ ### 0.7.4 - 2009-12-21
625
958
 
626
959
  * enhancements
627
960
  * Extract Activatable from Confirmable
628
961
  * Decouple Serializers from Devise modules
629
962
 
630
- == 0.7.3
963
+ ### 0.7.3 - 2009-12-15
631
964
 
632
965
  * bug fix
633
966
  * Give scope to the proper model validation
@@ -637,7 +970,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
637
970
  * Added update_with_password for authenticatable
638
971
  * Allow render_with_scope to accept :controller option
639
972
 
640
- == 0.7.2
973
+ ### 0.7.2 - 2009-12-14
641
974
 
642
975
  * deprecation
643
976
  * Renamed reset_confirmation! to resend_confirmation!
@@ -647,12 +980,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
647
980
  * Fixed render_with_scope to work with all controllers
648
981
  * Allow sign in with two different users in Devise::TestHelpers
649
982
 
650
- == 0.7.1
983
+ ### 0.7.1 - 2009-12-09
651
984
 
652
985
  * enhancements
653
986
  * Small enhancements for other plugins compatibility (by @grimen)
654
987
 
655
- == 0.7.0
988
+ ### 0.7.0 - 2009-12-08
656
989
 
657
990
  * deprecations
658
991
  * :authenticatable is not included by default anymore
@@ -661,25 +994,25 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
661
994
  * Improve loading process
662
995
  * Extract SessionSerializer from Authenticatable
663
996
 
664
- == 0.6.3
997
+ ### 0.6.3 - 2009-12-02
665
998
 
666
999
  * bug fix
667
1000
  * Added trackable to migrations
668
1001
  * Allow inflections to work
669
1002
 
670
- == 0.6.2
1003
+ ### 0.6.2 - 2009-11-25
671
1004
 
672
1005
  * enhancements
673
1006
  * More DataMapper compatibility
674
1007
  * Devise::Trackable - track sign in count, timestamps and ips
675
1008
 
676
- == 0.6.1
1009
+ ### 0.6.1 - 2009-11-24
677
1010
 
678
1011
  * enhancements
679
1012
  * Devise::Timeoutable - timeout sessions without activity
680
1013
  * DataMapper now accepts conditions
681
1014
 
682
- == 0.6.0
1015
+ ### 0.6.0 - 2009-11-22
683
1016
 
684
1017
  * deprecations
685
1018
  * :authenticatable is still included by default, but yields a deprecation warning
@@ -688,57 +1021,57 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
688
1021
  * Added DataMapper support
689
1022
  * Remove store_location from authenticatable strategy and add it to failure app
690
1023
  * Allow a strategy to be placed after authenticatable
691
- * [#45] Do not rely attribute? methods, since they are not added on Datamapper
1024
+ * Do not rely attribute? methods, since they are not added on Datamapper
692
1025
 
693
- == 0.5.6
1026
+ ### 0.5.6 - 2009-11-21
694
1027
 
695
1028
  * enhancements
696
- * [#42] Do not send nil to build (DataMapper compatibility)
697
- * [#44] Allow to have scoped views
1029
+ * Do not send nil to build (DataMapper compatibility)
1030
+ * Allow to have scoped views
698
1031
 
699
- == 0.5.5
1032
+ ### 0.5.5 - 2009-11-20
700
1033
 
701
1034
  * enhancements
702
1035
  * Allow overwriting find for authentication method
703
- * [#38] Remove Ruby 1.8.7 dependency
1036
+ * Remove Ruby 1.8.7 dependency
704
1037
 
705
- == 0.5.4
1038
+ ### 0.5.4 - 2009-11-19
706
1039
 
707
1040
  * deprecations
708
1041
  * Deprecate :singular in devise_for and use :scope instead
709
1042
 
710
1043
  * enhancements
711
- * [#37] Create after_sign_in_path_for and after_sign_out_path_for hooks to be
1044
+ * Create after_sign_in_path_for and after_sign_out_path_for hooks to be
712
1045
  overwriten in ApplicationController
713
1046
  * Create sign_in_and_redirect and sign_out_and_redirect helpers
714
1047
  * Warden::Manager.default_scope is automatically configured to the first given scope
715
1048
 
716
- == 0.5.3
1049
+ ### 0.5.3 - 2009-11-18
717
1050
 
718
1051
  * bug fix
719
1052
  * MongoMapper now converts DateTime to Time
720
1053
  * Ensure all controllers are unloadable
721
1054
 
722
1055
  * enhancements
723
- * [#35] Moved friendly_token to Devise
1056
+ * Moved friendly_token to Devise
724
1057
  * Added Devise.all, so you can freeze your app strategies
725
1058
  * Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper
726
1059
  in cases you don't want it be handlded automatically
727
1060
 
728
- == 0.5.2
1061
+ ### 0.5.2 - 2009-11-17
729
1062
 
730
1063
  * enhancements
731
- * [#28] Improved sign_in and sign_out helpers to accepts resources
732
- * [#28] Added stored_location_for as a helper
733
- * [#20] Added test helpers
1064
+ * Improved sign_in and sign_out helpers to accepts resources
1065
+ * Added stored_location_for as a helper
1066
+ * Added test helpers
734
1067
 
735
- == 0.5.1
1068
+ ### 0.5.1 - 2009-11-15
736
1069
 
737
1070
  * enhancements
738
1071
  * Added serializers based on Warden ones
739
1072
  * Allow authentication keys to be set
740
1073
 
741
- == 0.5.0
1074
+ ### 0.5.0 - 2009-11-13
742
1075
 
743
1076
  * bug fix
744
1077
  * Fixed a bug where remember me module was not working properly
@@ -748,13 +1081,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
748
1081
  * Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by @mhfs)
749
1082
  * Added support for MongoMapper (by @shingara)
750
1083
 
751
- == 0.4.3
1084
+ ### 0.4.3 - 2009-11-10
752
1085
 
753
1086
  * bug fix
754
- * [#29] Authentication just fails if user cannot be serialized from session, without raising errors;
1087
+ * Authentication just fails if user cannot be serialized from session, without raising errors;
755
1088
  * Default configuration values should not overwrite user values;
756
1089
 
757
- == 0.4.2
1090
+ ### 0.4.2 - 2009-11-06
758
1091
 
759
1092
  * deprecations
760
1093
  * Renamed mail_sender to mailer_sender
@@ -766,12 +1099,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
766
1099
  * Allow :path_prefix to be given to devise_for
767
1100
  * Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported)
768
1101
 
769
- == 0.4.1
1102
+ ### 0.4.1 - 2009-11-04
770
1103
 
771
1104
  * bug fix
772
- * [#21] Ensure options can be set even if models were not loaded
1105
+ * Ensure options can be set even if models were not loaded
773
1106
 
774
- == 0.4.0
1107
+ ### 0.4.0 - 2009-11-03
775
1108
 
776
1109
  * deprecations
777
1110
  * Notifier is deprecated, use DeviseMailer instead. Remember to rename
@@ -780,52 +1113,52 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
780
1113
  * :authenticable calls are deprecated, use :authenticatable instead
781
1114
 
782
1115
  * enhancements
783
- * [#16] Allow devise to be more agnostic and do not require ActiveRecord to be loaded
1116
+ * Allow devise to be more agnostic and do not require ActiveRecord to be loaded
784
1117
  * Allow Warden::Manager to be configured through Devise
785
1118
  * Created a generator which creates an initializer
786
1119
 
787
- == 0.3.0
1120
+ ### 0.3.0 - 2009-10-30
788
1121
 
789
1122
  * bug fix
790
- * [#15] Allow yml messages to be configured by not using engine locales
1123
+ * Allow yml messages to be configured by not using engine locales
791
1124
 
792
1125
  * deprecations
793
1126
  * Renamed confirm_in to confirm_within
794
- * [#14] Do not send confirmation messages when user changes his e-mail
795
- * [#13] Renamed authenticable to authenticatable and added deprecation warnings
1127
+ * Do not send confirmation messages when user changes their e-mail
1128
+ * Renamed authenticable to authenticatable and added deprecation warnings
796
1129
 
797
- == 0.2.3
1130
+ ### 0.2.3 - 2009-10-29
798
1131
 
799
1132
  * enhancements
800
1133
  * Ensure fail! works inside strategies
801
- * [#12] Make unauthenticated message (when you haven't signed in) different from invalid message
1134
+ * Make unauthenticated message (when you haven't signed in) different from invalid message
802
1135
 
803
1136
  * bug fix
804
1137
  * Do not redirect on invalid authenticate
805
1138
  * Allow model configuration to be set to nil
806
1139
 
807
- == 0.2.2
1140
+ ### 0.2.2 - 2009-10-28
808
1141
 
809
1142
  * bug fix
810
- * [#9] Fix a bug when using customized resources
1143
+ * Fix a bug when using customized resources
811
1144
 
812
- == 0.2.1
1145
+ ### 0.2.1 - 2009-10-27
813
1146
 
814
1147
  * refactor
815
1148
  * Clean devise_views generator to use devise existing views
816
1149
 
817
1150
  * enhancements
818
- * [#7] Create instance variables (like @user) for each devise controller
1151
+ * Create instance variables (like @user) for each devise controller
819
1152
  * Use Devise::Controller::Helpers only internally
820
1153
 
821
1154
  * bug fix
822
- * [#6] Fix a bug with Mongrel and Ruby 1.8.6
1155
+ * Fix a bug with Mongrel and Ruby 1.8.6
823
1156
 
824
- == 0.2.0
1157
+ ### 0.2.0 - 2009-10-24
825
1158
 
826
1159
  * enhancements
827
- * [#4] Allow option :null => true in authenticable migration
828
- * [#3] Remove attr_accessible calls from devise modules
1160
+ * Allow option :null => true in authenticable migration
1161
+ * Remove attr_accessible calls from devise modules
829
1162
  * Customizable time frame for rememberable with :remember_for config
830
1163
  * Customizable time frame for confirmable with :confirm_in config
831
1164
  * Generators for creating a resource and copy views
@@ -834,14 +1167,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
834
1167
  * Do not load hooks or strategies if they are not used
835
1168
 
836
1169
  * bug fixes
837
- * [#2] Fixed requiring devise strategies
1170
+ * Fixed requiring devise strategies
838
1171
 
839
- == 0.1.1
1172
+ ### 0.1.1 - 2009-10-21
840
1173
 
841
1174
  * bug fixes
842
- * [#1] Fixed requiring devise mapping
1175
+ * Fixed requiring devise mapping
843
1176
 
844
- == 0.1.0
1177
+ ### 0.1.0 - 2009-10-21
845
1178
 
846
1179
  * Devise::Authenticable
847
1180
  * Devise::Confirmable