devise 3.1.2 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise might be problematic. Click here for more details.

Files changed (62) hide show
  1. data/CHANGELOG.md +111 -99
  2. data/Gemfile.lock +1 -1
  3. data/README.md +2 -2
  4. data/app/controllers/devise/confirmations_controller.rb +2 -9
  5. data/app/controllers/devise/passwords_controller.rb +1 -1
  6. data/app/controllers/devise/registrations_controller.rb +6 -6
  7. data/app/controllers/devise/sessions_controller.rb +3 -3
  8. data/app/controllers/devise/unlocks_controller.rb +1 -1
  9. data/app/controllers/devise_controller.rb +6 -2
  10. data/app/mailers/devise/mailer.rb +15 -13
  11. data/config/locales/en.yml +1 -2
  12. data/gemfiles/Gemfile.rails-3.2.x.lock +1 -1
  13. data/lib/devise.rb +23 -12
  14. data/lib/devise/controllers/helpers.rb +16 -84
  15. data/lib/devise/controllers/rememberable.rb +2 -12
  16. data/lib/devise/controllers/sign_in_out.rb +103 -0
  17. data/lib/devise/failure_app.rb +11 -2
  18. data/lib/devise/hooks/forgetable.rb +1 -1
  19. data/lib/devise/hooks/proxy.rb +21 -0
  20. data/lib/devise/hooks/rememberable.rb +1 -1
  21. data/lib/devise/hooks/timeoutable.rb +4 -1
  22. data/lib/devise/models.rb +0 -5
  23. data/lib/devise/models/authenticatable.rb +8 -9
  24. data/lib/devise/models/confirmable.rb +0 -4
  25. data/lib/devise/models/database_authenticatable.rb +17 -7
  26. data/lib/devise/models/lockable.rb +6 -4
  27. data/lib/devise/models/recoverable.rb +0 -8
  28. data/lib/devise/modules.rb +0 -1
  29. data/lib/devise/rails/routes.rb +29 -15
  30. data/lib/devise/strategies/database_authenticatable.rb +3 -6
  31. data/lib/devise/test_helpers.rb +1 -0
  32. data/lib/devise/version.rb +1 -1
  33. data/lib/generators/mongoid/devise_generator.rb +0 -3
  34. data/lib/generators/templates/devise.rb +6 -10
  35. data/lib/generators/templates/markerb/confirmation_instructions.markerb +1 -1
  36. data/lib/generators/templates/markerb/reset_password_instructions.markerb +1 -1
  37. data/lib/generators/templates/markerb/unlock_instructions.markerb +1 -1
  38. data/test/controllers/internal_helpers_test.rb +2 -2
  39. data/test/controllers/sessions_controller_test.rb +1 -1
  40. data/test/devise_test.rb +12 -1
  41. data/test/failure_app_test.rb +11 -0
  42. data/test/integration/confirmable_test.rb +0 -12
  43. data/test/integration/http_authenticatable_test.rb +0 -10
  44. data/test/integration/recoverable_test.rb +2 -2
  45. data/test/integration/rememberable_test.rb +3 -3
  46. data/test/integration/timeoutable_test.rb +28 -0
  47. data/test/mapping_test.rb +2 -2
  48. data/test/models/confirmable_test.rb +0 -9
  49. data/test/models/database_authenticatable_test.rb +19 -1
  50. data/test/models/lockable_test.rb +16 -10
  51. data/test/models/recoverable_test.rb +0 -10
  52. data/test/rails_app/app/mongoid/user.rb +0 -3
  53. data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -3
  54. data/test/rails_app/db/schema.rb +0 -1
  55. data/test/rails_app/lib/shared_user.rb +1 -1
  56. data/test/support/locale/en.yml +4 -0
  57. data/test/test_helpers_test.rb +22 -0
  58. metadata +4 -8
  59. data/lib/devise/models/token_authenticatable.rb +0 -92
  60. data/lib/devise/strategies/token_authenticatable.rb +0 -91
  61. data/test/integration/token_authenticatable_test.rb +0 -205
  62. data/test/models/token_authenticatable_test.rb +0 -55
@@ -1,22 +1,34 @@
1
- == 3.1.2
1
+ ### 3.2.0
2
2
 
3
- Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode
3
+ * enhancements
4
+ * Previously deprecated token authenticatable and insecure lookups have been removed
5
+ * Add a class method so you can encrypt passwords from fixtures (by @tenderlove)
6
+ * Send custom message when user enters invalid password and it has only one attempt
7
+ to enter correct password before his account will be locked (by @Lightpower)
8
+ * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery)
9
+ * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev)
4
10
 
5
11
  * bug fix
6
- * Avoid e-mail enumeration on sign in when in paranoid mode
12
+ * A GET to sign_in page shouldn't extend the session (by @drewish)
13
+ * Splat the arguments to `strong_parameters#permit` to work around a limitation in the `strong_parameters` gem (by @memberful)
14
+ * Omniauth now uses `mapping.fullpath` when generating routes. This means if you call `devise_for :users` inside a scope, like `scope "/api"`, the scope will now apply to the omniauth route (by @AlexanderZaytsev)
15
+ * Ensure timeoutable hook respects `Devise.sign_out_all_scopes` configuration
16
+
17
+ * deprecations
18
+ * `expire_session_data_after_sign_in!` has been deprecated in favor of `expire_data_after_sign_in!`
7
19
 
8
- == 3.1.1
20
+ ### 3.1.1
9
21
 
10
22
  * bug fix
11
23
  * Improve default message which asked users to sign in even when they were already signed (by @gregates)
12
- * Improve error message for when the `config.secret_key` is missing
24
+ * Improve error message for when the config.secret_key is missing
13
25
 
14
- == 3.1.0
26
+ ### 3.1.0
15
27
 
16
28
  Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/
17
29
 
18
30
  * backwards incompatible changes
19
- * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_tokens_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration
31
+ * Do not store confirmation, unlock and reset password tokens directly in the database. This means tokens previously stored in the database are no longer valid. You can reenable this temporarily by setting `config.allow_insecure_token_lookup = true` in your configuration file. It is recommended to keep this configuration set to true just temporarily in your production servers only to aid migration
20
32
  * The Devise mailer and its views were changed to explicitly receive a token argument as `@token`. You will need to update your mailers and re-copy the views to your application with `rails g devise:views`
21
33
  * Sanitization of parameters should be done by calling `devise_parameter_sanitizer.sanitize(:action)` instead of `devise_parameter_sanitizer.for(:action)`
22
34
 
@@ -34,12 +46,12 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-w
34
46
  * Do not compare directly against confirmation, unlock and reset password tokens
35
47
  * Skip storage for cookies on unverified requests
36
48
 
37
- == 3.0.2
49
+ ### 3.0.2
38
50
 
39
51
  * bug fix
40
52
  * Skip storage for cookies on unverified requests
41
53
 
42
- == 3.0.1
54
+ ### 3.0.1
43
55
 
44
56
  Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/
45
57
 
@@ -50,7 +62,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
50
62
  * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne)
51
63
  * Clean up CSRF token after authentication (by @homakov). Notice this change will clean up the CSRF Token after authentication (sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server.
52
64
 
53
- == 3.0.0
65
+ ### 3.0.0
54
66
 
55
67
  * enhancements
56
68
  * Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino)
@@ -61,9 +73,9 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
61
73
  * Errors on unlock are now properly reflected on the first `unlock_keys`
62
74
 
63
75
  * backwards incompatible changes
64
- * Changes on session storage will expire all existing sessions on upgrade
76
+ * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606
65
77
 
66
- == 2.2.4
78
+ ### 2.2.4
67
79
 
68
80
  * enhancements
69
81
  * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3)
@@ -79,25 +91,25 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
79
91
  * Fix inheriting mailer templates from `Devise::Mailer`
80
92
  * Fix a bug when procs are used as default mailer in Devise (by @tomasv)
81
93
 
82
- == 2.2.3
94
+ ### 2.2.3
83
95
 
84
96
  Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
85
97
 
86
98
  * bug fix
87
99
  * Require string conversion for all values
88
100
 
89
- == 2.2.2
101
+ ### 2.2.2
90
102
 
91
103
  * bug fix
92
104
  * Fix bug when checking for reconfirmable in templates
93
105
 
94
- == 2.2.1
106
+ ### 2.2.1
95
107
 
96
108
  * bug fix
97
109
  * Fix regression with case_insensitive_keys
98
110
  * Fix regression when password is blank when it is invalid
99
111
 
100
- == 2.2.0
112
+ ### 2.2.0
101
113
 
102
114
  * backwards incompatible changes
103
115
  * `headers_for` is deprecated, customize the mailer directly instead
@@ -128,7 +140,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
128
140
  * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby)
129
141
  * Properly handle namespaced models on Active Record generator (by @nashby)
130
142
 
131
- == 2.1.2
143
+ ### 2.1.2
132
144
 
133
145
  * enhancements
134
146
  * Handle backwards incompatibility between Rails 3.2.6 and Thor 0.15.x
@@ -136,7 +148,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
136
148
  * bug fix
137
149
  * Fix regression on strategy validation on previous release
138
150
 
139
- == 2.1.1 (yanked)
151
+ ### 2.1.1 (yanked)
140
152
 
141
153
  * enhancements
142
154
  * `sign_out_all_scopes` now locks warden and does not allow new logins in the same action
@@ -153,7 +165,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
153
165
  * deprecations
154
166
  * Strategy#validate() no longer validates nil resources
155
167
 
156
- == 2.1.0
168
+ ### 2.1.0
157
169
 
158
170
  * enhancements
159
171
  * Add `check_fields!(model_class)` method on Devise::Models to check if the model includes the fields that Devise uses
@@ -180,7 +192,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
180
192
  * Return `head :no_content` in SessionsController now that most JS libraries handle it (by @julianvargasalvarez)
181
193
  * Reverted moving devise/shared/_links.erb to devise/_links.erb
182
194
 
183
- == 2.0.4
195
+ ### 2.0.4
184
196
 
185
197
  Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
186
198
 
@@ -188,7 +200,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
188
200
  * Fix when :host is used with devise_for (by @mreinsch)
189
201
  * Fix a regression that caused Warden to be initialized too late
190
202
 
191
- == 2.0.3 (yanked)
203
+ ### 2.0.3 (yanked)
192
204
 
193
205
  * bug fix
194
206
  * Ensure warning is not shown by mistake on apps with mounted engines
@@ -196,7 +208,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
196
208
  * Ensure serializable_hash does not depend on accessible attributes
197
209
  * Ensure that timeout callback does not run on sign out action
198
210
 
199
- == 2.0.2
211
+ ### 2.0.2
200
212
 
201
213
  * enhancements
202
214
  * Add devise_i18n_options to customize I18n message
@@ -208,7 +220,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
208
220
  * Show a warning in case someone gives a pluralized name to devise generator
209
221
  * Fix test behavior for rspec subject requests (by @sj26)
210
222
 
211
- == 2.0.1
223
+ ### 2.0.1
212
224
 
213
225
  * enhancements
214
226
  * Improved error messages on deprecation warnings
@@ -217,7 +229,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
217
229
  * bug fix
218
230
  * Removed tmp and log files from gem
219
231
 
220
- == 2.0.0
232
+ ### 2.0.0
221
233
 
222
234
  * enhancements
223
235
  * Add support for e-mail reconfirmation on change (by @Mandaryn and @heimidal)
@@ -243,14 +255,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
243
255
  * Deprecated support to devise.registrations.reasons and devise.registrations.inactive_signed_up in favor of devise.registrations.signed_up_but_*
244
256
  * Protected method render_with_scope was removed.
245
257
 
246
- == 1.5.3
258
+ ### 1.5.3
247
259
 
248
260
  * bug fix
249
261
  * Ensure delegator converts scope to symbol (by @dmitriy-kiriyenko)
250
262
  * Ensure passing :format => false to devise_for is not permanent
251
263
  * Ensure path checker does not check invalid routes
252
264
 
253
- == 1.5.2
265
+ ### 1.5.2
254
266
 
255
267
  * enhancements
256
268
  * Add support for Rails 3.1 new mass assignment conventions (by @kirs)
@@ -259,12 +271,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
259
271
  * bug fix
260
272
  * OmniAuth error message now shows the proper option (:strategy_class instead of :klass)
261
273
 
262
- == 1.5.1
274
+ ### 1.5.1
263
275
 
264
276
  * bug fix
265
277
  * Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise.
266
278
 
267
- == 1.5.0
279
+ ### 1.5.0
268
280
 
269
281
  * enhancements
270
282
  * Timeoutable also skips tracking if skip_trackable is given
@@ -285,12 +297,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
285
297
  * redirect_location is deprecated, please use after_sign_in_path_for
286
298
  * after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it
287
299
 
288
- == 1.4.9
300
+ ### 1.4.9
289
301
 
290
302
  * bug fix
291
303
  * url helpers were not being set under some circumstances
292
304
 
293
- == 1.4.8
305
+ ### 1.4.8
294
306
 
295
307
  * enhancements
296
308
  * Add docs for assets pipeline and Heroku
@@ -298,12 +310,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
298
310
  * bug fix
299
311
  * confirmation_url was not being set under some circumstances
300
312
 
301
- == 1.4.7
313
+ ### 1.4.7
302
314
 
303
315
  * bug fix
304
316
  * Fix backward incompatible change from 1.4.6 for those using custom controllers
305
317
 
306
- == 1.4.6 (yanked)
318
+ ### 1.4.6 (yanked)
307
319
 
308
320
  * enhancements
309
321
  * Allow devise_for :skip => :all
@@ -311,7 +323,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
311
323
  * Allow --skip-routes to devise generator
312
324
  * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller
313
325
 
314
- == 1.4.5
326
+ ### 1.4.5
315
327
 
316
328
  * bug fix
317
329
  * Failure app tries the root path if a session one does not exist
@@ -319,12 +331,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
319
331
  * Reset password shows proper message if user is not active
320
332
  * `clean_up_passwords` sets the accessors to nil to skip validations
321
333
 
322
- == 1.4.4
334
+ ### 1.4.4
323
335
 
324
336
  * bug fix
325
337
  * Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually
326
338
 
327
- == 1.4.3
339
+ ### 1.4.3
328
340
 
329
341
  * enhancements
330
342
  * Improve Rails 3.1 compatibility
@@ -340,12 +352,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
340
352
  * deprecations
341
353
  * Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation
342
354
 
343
- == 1.4.2
355
+ ### 1.4.2
344
356
 
345
357
  * bug fix
346
358
  * Provide a more robust behavior to serializers and add :force_except option
347
359
 
348
- == 1.4.1
360
+ ### 1.4.1
349
361
 
350
362
  * enhancements
351
363
  * Add :defaults and :format support on router
@@ -356,7 +368,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
356
368
  * Ensure to_xml is properly white listened
357
369
  * Ensure handle_unverified_request clean up any cached signed-in user
358
370
 
359
- == 1.4.0
371
+ ### 1.4.0
360
372
 
361
373
  * enhancements
362
374
  * Added authenticated and unauthenticated to the router to route the used based on his status (by @sj26)
@@ -374,22 +386,22 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
374
386
  * Devise now honors routes constraints (by @macmartine)
375
387
  * Do not return the user resource when requesting instructions (by @rodrigoflores)
376
388
 
377
- == 1.3.4
389
+ ### 1.3.4
378
390
 
379
391
  * bug fix
380
392
  * Do not add formats if html or "*/*"
381
393
 
382
- == 1.3.3
394
+ ### 1.3.3
383
395
 
384
396
  * bug fix
385
397
  * Explicitly mark the token as expired if so
386
398
 
387
- == 1.3.2
399
+ ### 1.3.2
388
400
 
389
401
  * bug fix
390
402
  * Fix another regression related to reset_password_sent_at (by @alexdreher)
391
403
 
392
- == 1.3.1
404
+ ### 1.3.1
393
405
 
394
406
  * enhancements
395
407
  * Improve failure_app responses (by @indirect)
@@ -398,7 +410,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
398
410
  * bug fix
399
411
  * Fix a regression that occurred if reset_password_sent_at is not present (by @stevehodgkiss)
400
412
 
401
- == 1.3.0
413
+ ### 1.3.0
402
414
 
403
415
  * enhancements
404
416
  * All controllers can now handle different mime types than html using Responders (by @sikachu)
@@ -418,19 +430,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
418
430
  * backward incompatible changes
419
431
  * authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior.
420
432
 
421
- == 1.2.1
433
+ ### 1.2.1
422
434
 
423
435
  * enhancements
424
436
  * Improve update path messages
425
437
 
426
- == 1.2.0
438
+ ### 1.2.0
427
439
 
428
440
  * bug fix
429
441
  * Properly ignore path prefix on omniauthable
430
442
  * Faster uniqueness queries
431
443
  * Rename active? to active_for_authentication? to avoid conflicts
432
444
 
433
- == 1.2.rc2
445
+ ### 1.2.rc2
434
446
 
435
447
  * enhancements
436
448
  * Make friendly_token 20 chars long
@@ -460,7 +472,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
460
472
  * Removed --haml and --slim view templates
461
473
  * Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode
462
474
 
463
- == 1.2.rc
475
+ ### 1.2.rc
464
476
 
465
477
  * deprecations
466
478
  * cookie_domain is deprecated in favor of cookie_options
@@ -498,13 +510,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
498
510
  * Ensure namespaces has proper scoped views
499
511
  * Ensure Devise does not set empty flash messages (by @sxross)
500
512
 
501
- == 1.1.6
513
+ ### 1.1.6
502
514
 
503
515
  * Use a more secure e-mail regexp
504
516
  * Implement Rails 3.0.4 handle unverified request
505
517
  * Use secure_compare to compare passwords
506
518
 
507
- == 1.1.5
519
+ ### 1.1.5
508
520
 
509
521
  * bugfix
510
522
  * Ensure to convert keys on indifferent hash
@@ -512,12 +524,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
512
524
  * defaults
513
525
  * Set config.http_authenticatable to false to avoid confusion
514
526
 
515
- == 1.1.4
527
+ ### 1.1.4
516
528
 
517
529
  * bugfix
518
530
  * Avoid session fixation attacks
519
531
 
520
- == 1.1.3
532
+ ### 1.1.3
521
533
 
522
534
  * bugfix
523
535
  * Add reply-to to e-mail headers by default
@@ -528,17 +540,17 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
528
540
  * Fix for failed first-ever logins on PostgreSQL where column default is nil (by @bensie)
529
541
  * :default options is now honored in migrations
530
542
 
531
- == 1.1.2
543
+ ### 1.1.2
532
544
 
533
545
  * bugfix
534
546
  * Compatibility with latest Rails routes schema
535
547
 
536
- == 1.1.1
548
+ ### 1.1.1
537
549
 
538
550
  * bugfix
539
551
  * Fix a small bug where generated locale file was empty on devise:install
540
552
 
541
- == 1.1.0
553
+ ### 1.1.0
542
554
 
543
555
  * enhancements
544
556
  * Rememberable module allows user to be remembered across browsers and is enabled by default (by @trevorturk)
@@ -558,7 +570,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
558
570
  * deprecations
559
571
  * use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead
560
572
 
561
- == 1.1.rc2
573
+ ### 1.1.rc2
562
574
 
563
575
  * enhancements
564
576
  * Allow to set cookie domain for the remember token. (by @mantas)
@@ -576,7 +588,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
576
588
  * devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject
577
589
  * Generators now use Rails 3 syntax (devise:install) instead of devise_install
578
590
 
579
- == 1.1.rc1
591
+ ### 1.1.rc1
580
592
 
581
593
  * enhancements
582
594
  * Rails 3 compatibility
@@ -608,7 +620,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
608
620
  * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure
609
621
  * :as and :scope in routes is deprecated. Use :path and :singular instead
610
622
 
611
- == 1.0.8
623
+ ### 1.0.8
612
624
 
613
625
  * enhancements
614
626
  * Support for latest MongoMapper
@@ -617,7 +629,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
617
629
  * bug fix
618
630
  * confirmation_required? is properly honored on active? calls. (by @paulrosania)
619
631
 
620
- == 1.0.7
632
+ ### 1.0.7
621
633
 
622
634
  * bug fix
623
635
  * Ensure password confirmation is always required
@@ -626,14 +638,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
626
638
  * authenticatable was deprecated and renamed to database_authenticatable
627
639
  * confirmable is not included by default on generation
628
640
 
629
- == 1.0.6
641
+ ### 1.0.6
630
642
 
631
643
  * bug fix
632
644
  * Do not allow unlockable strategies based on time to access a controller.
633
645
  * Do not send unlockable email several times.
634
646
  * Allow controller to upstram custom! failures to Warden.
635
647
 
636
- == 1.0.5
648
+ ### 1.0.5
637
649
 
638
650
  * bug fix
639
651
  * Use prepend_before_filter in require_no_authentication.
@@ -641,19 +653,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
641
653
  * Fix a bug when giving an association proxy to devise.
642
654
  * Do not use lock! on lockable since it's part of ActiveRecord API.
643
655
 
644
- == 1.0.4
656
+ ### 1.0.4
645
657
 
646
658
  * bug fix
647
659
  * Fixed a bug when deleting an account with rememberable
648
660
  * Fixed a bug with custom controllers
649
661
 
650
- == 1.0.3
662
+ ### 1.0.3
651
663
 
652
664
  * enhancements
653
665
  * HTML e-mails now have proper formatting
654
666
  * Do not remove MongoMapper options in find
655
667
 
656
- == 1.0.2
668
+ ### 1.0.2
657
669
 
658
670
  * enhancements
659
671
  * Allows you set mailer content type (by @glennr)
@@ -661,7 +673,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
661
673
  * bug fix
662
674
  * Uses the same content type as request on http authenticatable 401 responses
663
675
 
664
- == 1.0.1
676
+ ### 1.0.1
665
677
 
666
678
  * enhancements
667
679
  * HttpAuthenticatable is not added by default automatically.
@@ -670,7 +682,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
670
682
  * bug fix
671
683
  * Fixed encryptors autoload
672
684
 
673
- == 1.0.0
685
+ ### 1.0.0
674
686
 
675
687
  * deprecation
676
688
  * :old_password in update_with_password is deprecated, use :current_password instead
@@ -681,7 +693,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
681
693
  * Allow scoped_views to be customized per controller/mailer class
682
694
  * Allow authenticatable to used in change_table statements
683
695
 
684
- == 0.9.2
696
+ ### 0.9.2
685
697
 
686
698
  * bug fix
687
699
  * Ensure inactive user cannot sign in
@@ -691,13 +703,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
691
703
  * Added gemspec to repo
692
704
  * Added token authenticatable (by @grimen)
693
705
 
694
- == 0.9.1
706
+ ### 0.9.1
695
707
 
696
708
  * bug fix
697
709
  * Allow bigger salt size (by @jgeiger)
698
710
  * Fix relative url root
699
711
 
700
- == 0.9.0
712
+ ### 0.9.0
701
713
 
702
714
  * deprecation
703
715
  * devise :all is deprecated
@@ -714,7 +726,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
714
726
  * Accept path prefix not starting with slash
715
727
  * url helpers should rely on find_scope!
716
728
 
717
- == 0.8.2
729
+ ### 0.8.2
718
730
 
719
731
  * enhancements
720
732
  * Allow Devise.mailer_sender to be a proc (by @grimen)
@@ -722,7 +734,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
722
734
  * bug fix
723
735
  * Fix bug with passenger, update is required to anyone deploying on passenger (by @dvdpalm)
724
736
 
725
- == 0.8.1
737
+ ### 0.8.1
726
738
 
727
739
  * enhancements
728
740
  * Move salt to encryptors
@@ -732,7 +744,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
732
744
  * bug fix
733
745
  * Bcrypt generator was not being loaded neither setting the proper salt
734
746
 
735
- == 0.8.0
747
+ ### 0.8.0
736
748
 
737
749
  * enhancements
738
750
  * Warden 0.8.0 compatibility
@@ -746,19 +758,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
746
758
  * deprecation
747
759
  * Removed DeviseMailer.sender
748
760
 
749
- == 0.7.5
761
+ ### 0.7.5
750
762
 
751
763
  * enhancements
752
764
  * Set a default value for mailer to avoid find_template issues
753
765
  * Add models configuration to MongoMapper::EmbeddedDocument as well
754
766
 
755
- == 0.7.4
767
+ ### 0.7.4
756
768
 
757
769
  * enhancements
758
770
  * Extract Activatable from Confirmable
759
771
  * Decouple Serializers from Devise modules
760
772
 
761
- == 0.7.3
773
+ ### 0.7.3
762
774
 
763
775
  * bug fix
764
776
  * Give scope to the proper model validation
@@ -768,7 +780,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
768
780
  * Added update_with_password for authenticatable
769
781
  * Allow render_with_scope to accept :controller option
770
782
 
771
- == 0.7.2
783
+ ### 0.7.2
772
784
 
773
785
  * deprecation
774
786
  * Renamed reset_confirmation! to resend_confirmation!
@@ -778,12 +790,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
778
790
  * Fixed render_with_scope to work with all controllers
779
791
  * Allow sign in with two different users in Devise::TestHelpers
780
792
 
781
- == 0.7.1
793
+ ### 0.7.1
782
794
 
783
795
  * enhancements
784
796
  * Small enhancements for other plugins compatibility (by @grimen)
785
797
 
786
- == 0.7.0
798
+ ### 0.7.0
787
799
 
788
800
  * deprecations
789
801
  * :authenticatable is not included by default anymore
@@ -792,25 +804,25 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
792
804
  * Improve loading process
793
805
  * Extract SessionSerializer from Authenticatable
794
806
 
795
- == 0.6.3
807
+ ### 0.6.3
796
808
 
797
809
  * bug fix
798
810
  * Added trackable to migrations
799
811
  * Allow inflections to work
800
812
 
801
- == 0.6.2
813
+ ### 0.6.2
802
814
 
803
815
  * enhancements
804
816
  * More DataMapper compatibility
805
817
  * Devise::Trackable - track sign in count, timestamps and ips
806
818
 
807
- == 0.6.1
819
+ ### 0.6.1
808
820
 
809
821
  * enhancements
810
822
  * Devise::Timeoutable - timeout sessions without activity
811
823
  * DataMapper now accepts conditions
812
824
 
813
- == 0.6.0
825
+ ### 0.6.0
814
826
 
815
827
  * deprecations
816
828
  * :authenticatable is still included by default, but yields a deprecation warning
@@ -821,19 +833,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
821
833
  * Allow a strategy to be placed after authenticatable
822
834
  * Do not rely attribute? methods, since they are not added on Datamapper
823
835
 
824
- == 0.5.6
836
+ ### 0.5.6
825
837
 
826
838
  * enhancements
827
839
  * Do not send nil to build (DataMapper compatibility)
828
840
  * Allow to have scoped views
829
841
 
830
- == 0.5.5
842
+ ### 0.5.5
831
843
 
832
844
  * enhancements
833
845
  * Allow overwriting find for authentication method
834
846
  * Remove Ruby 1.8.7 dependency
835
847
 
836
- == 0.5.4
848
+ ### 0.5.4
837
849
 
838
850
  * deprecations
839
851
  * Deprecate :singular in devise_for and use :scope instead
@@ -844,7 +856,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
844
856
  * Create sign_in_and_redirect and sign_out_and_redirect helpers
845
857
  * Warden::Manager.default_scope is automatically configured to the first given scope
846
858
 
847
- == 0.5.3
859
+ ### 0.5.3
848
860
 
849
861
  * bug fix
850
862
  * MongoMapper now converts DateTime to Time
@@ -856,20 +868,20 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
856
868
  * Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper
857
869
  in cases you don't want it be handlded automatically
858
870
 
859
- == 0.5.2
871
+ ### 0.5.2
860
872
 
861
873
  * enhancements
862
874
  * Improved sign_in and sign_out helpers to accepts resources
863
875
  * Added stored_location_for as a helper
864
876
  * Added test helpers
865
877
 
866
- == 0.5.1
878
+ ### 0.5.1
867
879
 
868
880
  * enhancements
869
881
  * Added serializers based on Warden ones
870
882
  * Allow authentication keys to be set
871
883
 
872
- == 0.5.0
884
+ ### 0.5.0
873
885
 
874
886
  * bug fix
875
887
  * Fixed a bug where remember me module was not working properly
@@ -879,13 +891,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
879
891
  * Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by @mhfs)
880
892
  * Added support for MongoMapper (by @shingara)
881
893
 
882
- == 0.4.3
894
+ ### 0.4.3
883
895
 
884
896
  * bug fix
885
897
  * Authentication just fails if user cannot be serialized from session, without raising errors;
886
898
  * Default configuration values should not overwrite user values;
887
899
 
888
- == 0.4.2
900
+ ### 0.4.2
889
901
 
890
902
  * deprecations
891
903
  * Renamed mail_sender to mailer_sender
@@ -897,12 +909,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
897
909
  * Allow :path_prefix to be given to devise_for
898
910
  * Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported)
899
911
 
900
- == 0.4.1
912
+ ### 0.4.1
901
913
 
902
914
  * bug fix
903
915
  * Ensure options can be set even if models were not loaded
904
916
 
905
- == 0.4.0
917
+ ### 0.4.0
906
918
 
907
919
  * deprecations
908
920
  * Notifier is deprecated, use DeviseMailer instead. Remember to rename
@@ -915,7 +927,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
915
927
  * Allow Warden::Manager to be configured through Devise
916
928
  * Created a generator which creates an initializer
917
929
 
918
- == 0.3.0
930
+ ### 0.3.0
919
931
 
920
932
  * bug fix
921
933
  * Allow yml messages to be configured by not using engine locales
@@ -925,7 +937,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
925
937
  * Do not send confirmation messages when user changes his e-mail
926
938
  * Renamed authenticable to authenticatable and added deprecation warnings
927
939
 
928
- == 0.2.3
940
+ ### 0.2.3
929
941
 
930
942
  * enhancements
931
943
  * Ensure fail! works inside strategies
@@ -935,12 +947,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
935
947
  * Do not redirect on invalid authenticate
936
948
  * Allow model configuration to be set to nil
937
949
 
938
- == 0.2.2
950
+ ### 0.2.2
939
951
 
940
952
  * bug fix
941
953
  * Fix a bug when using customized resources
942
954
 
943
- == 0.2.1
955
+ ### 0.2.1
944
956
 
945
957
  * refactor
946
958
  * Clean devise_views generator to use devise existing views
@@ -952,7 +964,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
952
964
  * bug fix
953
965
  * Fix a bug with Mongrel and Ruby 1.8.6
954
966
 
955
- == 0.2.0
967
+ ### 0.2.0
956
968
 
957
969
  * enhancements
958
970
  * Allow option :null => true in authenticable migration
@@ -967,12 +979,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
967
979
  * bug fixes
968
980
  * Fixed requiring devise strategies
969
981
 
970
- == 0.1.1
982
+ ### 0.1.1
971
983
 
972
984
  * bug fixes
973
985
  * Fixed requiring devise mapping
974
986
 
975
- == 0.1.0
987
+ ### 0.1.0
976
988
 
977
989
  * Devise::Authenticable
978
990
  * Devise::Confirmable